diff options
| author | Klap-in <klapinklapin@gmail.com> | 2013-06-09 22:21:37 +0200 |
|---|---|---|
| committer | Klap-in <klapinklapin@gmail.com> | 2013-06-09 22:21:37 +0200 |
| commit | 3faed524fdb5c7c51a60a92e9715dd5425389c35 (patch) | |
| tree | b37b25628bdf2fde079c4f2800d2fc118d726d0e /inc/PassHash.class.php | |
| parent | 3e7e6067571e660cd835164c22d0973aa6343408 (diff) | |
| parent | 62765857f84626449d6c53b1a46c462a37e5083a (diff) | |
| download | rpg-3faed524fdb5c7c51a60a92e9715dd5425389c35.tar.gz rpg-3faed524fdb5c7c51a60a92e9715dd5425389c35.tar.bz2 | |
Merge remote-tracking branch 'origin/master' into fetchftp
Diffstat (limited to 'inc/PassHash.class.php')
| -rw-r--r-- | inc/PassHash.class.php | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/inc/PassHash.class.php b/inc/PassHash.class.php index 080fb4778..61bd74939 100644 --- a/inc/PassHash.class.php +++ b/inc/PassHash.class.php @@ -494,4 +494,51 @@ class PassHash { $this->init_salt($salt, 8, false); return ':B:'.$salt.':'.md5($salt.'-'.md5($clear)); } + + /** + * Wraps around native hash_hmac() or reimplents it + * + * This is not directly used as password hashing method, and thus isn't callable via the + * verify_hash() method. It should be used to create signatures and might be used in other + * password hashing methods. + * + * @see hash_hmac() + * @author KC Cloyd + * @link http://www.php.net/manual/en/function.hash-hmac.php#93440 + * + * @param string $algo Name of selected hashing algorithm (i.e. "md5", "sha256", "haval160,4", + * etc..) See hash_algos() for a list of supported algorithms. + * @param string $data Message to be hashed. + * @param string $key Shared secret key used for generating the HMAC variant of the message digest. + * @param bool $raw_output When set to TRUE, outputs raw binary data. FALSE outputs lowercase hexits. + * + * @return string + */ + public static function hmac($algo, $data, $key, $raw_output = false) { + // use native function if available and not in unit test + if(function_exists('hash_hmac') && !defined('SIMPLE_TEST')){ + return hash_hmac($algo, $data, $key, $raw_output); + } + + $algo = strtolower($algo); + $pack = 'H' . strlen($algo('test')); + $size = 64; + $opad = str_repeat(chr(0x5C), $size); + $ipad = str_repeat(chr(0x36), $size); + + if(strlen($key) > $size) { + $key = str_pad(pack($pack, $algo($key)), $size, chr(0x00)); + } else { + $key = str_pad($key, $size, chr(0x00)); + } + + for($i = 0; $i < strlen($key) - 1; $i++) { + $opad[$i] = $opad[$i] ^ $key[$i]; + $ipad[$i] = $ipad[$i] ^ $key[$i]; + } + + $output = $algo($opad . pack($pack, $algo($ipad . $data))); + + return ($raw_output) ? pack($pack, $output) : $output; + } } |