includes/password/Pbkdf2PasswordUsingOpenSSL.php

   1 <?php
   2 /**
   3  * Implements the Pbkdf2PasswordUsingOpenSSL class for the MediaWiki software.
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  * http://www.gnu.org/copyleft/gpl.html
  19  *
  20  * @file
  21  */
  22
  23 declare( strict_types = 1 );
  24
  25 namespace MediaWiki\Password;
  26
  27 /**
  28  * A PBKDF2-hashed password, using OpenSSL
  29  *
  30  * @since 1.40
  31  */
  32 class Pbkdf2PasswordUsingOpenSSL extends AbstractPbkdf2Password {
  33         /**
  34          * @var array<string,string>|null
  35          */
  36         private static $digestAlgos;
  37
  38         /**
  39          * List of hash algorithms we support and OpenSSL's names for them.
  40          *
  41          * We include only the algorithms that make sense to support, rather than
  42          * all potentially available algorithms. In particular, we do not include:
  43          *
  44          * - Broken algorithms, such as "md5" and "sha1"
  45          * - Algorithms no longer available by default, such as "whirlpool"
  46          * - Algorithms that perform especially poorly on server CPUs relative
  47          *   to other available hardware (as of 2022, this includes "sha3-512";
  48          *   see <https://keccak.team/2017/is_sha3_slow.html>)
  49          * - Variants for which there is no reason for use, such as "sha384"
  50          *   (a truncated "sha512" that starts with a different initial state)
  51          *
  52          * The array keys should match the algorithm names known to hash_pbkdf2().
  53          */
  54         private const DIGEST_ALGOS = [
  55                 'sha256' => 'sha256',
  56                 'sha512' => 'sha512',
  57         ];
  58
  59         protected function getDigestAlgo( string $algo ): ?string {
  60                 if ( self::$digestAlgos === null ) {
  61                         self::$digestAlgos = array_intersect( self::DIGEST_ALGOS, openssl_get_md_methods() );
  62                 }
  63                 return self::$digestAlgos[$algo] ?? null;
  64         }
  65
  66         protected function pbkdf2(
  67                 string $digestAlgo,
  68                 string $password,
  69                 string $salt,
  70                 int $rounds,
  71                 int $length
  72         ): string {
  73                 // Clear error string
  74                 while ( openssl_error_string() !== false );
  75                 $hash = openssl_pbkdf2( $password, $salt, $length, $rounds, $digestAlgo );
  76                 if ( !is_string( $hash ) ) {
  77                         throw new PasswordError( 'Error when hashing password: ' . openssl_error_string() );
  78                 }
  79                 return $hash;
  80         }
  81 }
  82
  83 /** @deprecated since 1.43 use MediaWiki\\Password\\Pbkdf2PasswordUsingOpenSSL */
  84 class_alias( Pbkdf2PasswordUsingOpenSSL::class, 'Pbkdf2PasswordUsingOpenSSL' );