[ Index ]

PHP Cross Reference of DokuWiki

title

Body

[close]

/inc/ -> PassHash.php (source)

   1  <?php
   2  // phpcs:disable PSR1.Methods.CamelCapsMethodName.NotCamelCaps
   3  
   4  namespace dokuwiki;
   5  
   6  /**
   7   * Password Hashing Class
   8   *
   9   * This class implements various mechanisms used to hash passwords
  10   *
  11   * @author  Andreas Gohr <andi@splitbrain.org>
  12   * @license LGPL2
  13   */
  14  class PassHash {
  15      /**
  16       * Verifies a cleartext password against a crypted hash
  17       *
  18       * The method and salt used for the crypted hash is determined automatically,
  19       * then the clear text password is crypted using the same method. If both hashs
  20       * match true is is returned else false
  21       *
  22       * @author  Andreas Gohr <andi@splitbrain.org>
  23       *
  24       * @param string $clear Clear-Text password
  25       * @param string $hash  Hash to compare against
  26       * @return  bool
  27       */
  28      public function verify_hash($clear, $hash) {
  29          $method = '';
  30          $salt   = '';
  31          $magic  = '';
  32  
  33          //determine the used method and salt
  34          $len = strlen($hash);
  35          if(preg_match('/^\$1\$([^\$]{0,8})\$/', $hash, $m)) {
  36              $method = 'smd5';
  37              $salt   = $m[1];
  38              $magic  = '1';
  39          } elseif(preg_match('/^\$apr1\$([^\$]{0,8})\$/', $hash, $m)) {
  40              $method = 'apr1';
  41              $salt   = $m[1];
  42              $magic  = 'apr1';
  43          } elseif(preg_match('/^\$P\$(.{31})$/', $hash, $m)) {
  44              $method = 'pmd5';
  45              $salt   = $m[1];
  46              $magic  = 'P';
  47          } elseif(preg_match('/^\$H\$(.{31})$/', $hash, $m)) {
  48              $method = 'pmd5';
  49              $salt = $m[1];
  50              $magic = 'H';
  51          } elseif(preg_match('/^pbkdf2_(\w+?)\$(\d+)\$(.{12})\$/', $hash, $m)) {
  52              $method = 'djangopbkdf2';
  53              $magic = array(
  54                  'algo' => $m[1],
  55                  'iter' => $m[2],
  56              );
  57              $salt = $m[3];
  58          } elseif(preg_match('/^sha1\$(.{5})\$/', $hash, $m)) {
  59              $method = 'djangosha1';
  60              $salt   = $m[1];
  61          } elseif(preg_match('/^md5\$(.{5})\$/', $hash, $m)) {
  62              $method = 'djangomd5';
  63              $salt   = $m[1];
  64          } elseif(preg_match('/^\$2(a|y)\$(.{2})\$/', $hash, $m)) {
  65              $method = 'bcrypt';
  66              $salt   = $hash;
  67          } elseif(substr($hash, 0, 6) == '{SSHA}') {
  68              $method = 'ssha';
  69              $salt   = substr(base64_decode(substr($hash, 6)), 20);
  70          } elseif(substr($hash, 0, 6) == '{SMD5}') {
  71              $method = 'lsmd5';
  72              $salt   = substr(base64_decode(substr($hash, 6)), 16);
  73          } elseif(preg_match('/^:B:(.+?):.{32}$/', $hash, $m)) {
  74              $method = 'mediawiki';
  75              $salt   = $m[1];
  76          } elseif(preg_match('/^\$6\$(rounds=\d+)?\$?(.+?)\$/', $hash, $m)) {
  77              $method = 'sha512';
  78              $salt   = $m[2];
  79              $magic  = $m[1];
  80          } elseif(preg_match('/^\$(argon2id?)/', $hash, $m)) {
  81              if(!defined('PASSWORD_'.strtoupper($m[1]))) {
  82                  throw new \Exception('This PHP installation has no '.strtoupper($m[1]).' support');
  83              }
  84              return password_verify($clear,$hash);
  85          } elseif($len == 32) {
  86              $method = 'md5';
  87          } elseif($len == 40) {
  88              $method = 'sha1';
  89          } elseif($len == 16) {
  90              $method = 'mysql';
  91          } elseif($len == 41 && $hash[0] == '*') {
  92              $method = 'my411';
  93          } elseif($len == 34) {
  94              $method = 'kmd5';
  95              $salt   = $hash;
  96          } else {
  97              $method = 'crypt';
  98              $salt   = substr($hash, 0, 2);
  99          }
 100  
 101          //crypt and compare
 102          $call = 'hash_'.$method;
 103          $newhash = $this->$call($clear, $salt, $magic);
 104          if(\hash_equals($newhash, $hash)) {
 105              return true;
 106          }
 107          return false;
 108      }
 109  
 110      /**
 111       * Create a random salt
 112       *
 113       * @param int $len The length of the salt
 114       * @return string
 115       */
 116      public function gen_salt($len = 32) {
 117          $salt  = '';
 118          $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
 119          for($i = 0; $i < $len; $i++) {
 120              $salt .= $chars[$this->random(0, 61)];
 121          }
 122          return $salt;
 123      }
 124  
 125      /**
 126       * Initialize the passed variable with a salt if needed.
 127       *
 128       * If $salt is not null, the value is kept, but the lenght restriction is
 129       * applied (unless, $cut is false).
 130       *
 131       * @param string|null &$salt  The salt, pass null if you want one generated
 132       * @param int          $len   The length of the salt
 133       * @param bool         $cut   Apply length restriction to existing salt?
 134       */
 135      public function init_salt(&$salt, $len = 32, $cut = true) {
 136          if(is_null($salt)) {
 137              $salt = $this->gen_salt($len);
 138              $cut  = true; // for new hashes we alway apply length restriction
 139          }
 140          if(strlen($salt) > $len && $cut) $salt = substr($salt, 0, $len);
 141      }
 142  
 143      // Password hashing methods follow below
 144  
 145      /**
 146       * Password hashing method 'smd5'
 147       *
 148       * Uses salted MD5 hashs. Salt is 8 bytes long.
 149       *
 150       * The same mechanism is used by Apache's 'apr1' method. This will
 151       * fallback to a implementation in pure PHP if MD5 support is not
 152       * available in crypt()
 153       *
 154       * @author Andreas Gohr <andi@splitbrain.org>
 155       * @author <mikey_nich at hotmail dot com>
 156       * @link   http://php.net/manual/en/function.crypt.php#73619
 157       *
 158       * @param string $clear The clear text to hash
 159       * @param string $salt  The salt to use, null for random
 160       * @return string Hashed password
 161       */
 162      public function hash_smd5($clear, $salt = null) {
 163          $this->init_salt($salt, 8);
 164  
 165          if(defined('CRYPT_MD5') && CRYPT_MD5 && $salt !== '') {
 166              return crypt($clear, '$1$'.$salt.'$');
 167          } else {
 168              // Fall back to PHP-only implementation
 169              return $this->hash_apr1($clear, $salt, '1');
 170          }
 171      }
 172  
 173      /**
 174       * Password hashing method 'lsmd5'
 175       *
 176       * Uses salted MD5 hashs. Salt is 8 bytes long.
 177       *
 178       * This is the format used by LDAP.
 179       *
 180       * @param string $clear The clear text to hash
 181       * @param string $salt  The salt to use, null for random
 182       * @return string Hashed password
 183       */
 184      public function hash_lsmd5($clear, $salt = null) {
 185          $this->init_salt($salt, 8);
 186          return "{SMD5}".base64_encode(md5($clear.$salt, true).$salt);
 187      }
 188  
 189      /**
 190       * Password hashing method 'apr1'
 191       *
 192       * Uses salted MD5 hashs. Salt is 8 bytes long.
 193       *
 194       * This is basically the same as smd1 above, but as used by Apache.
 195       *
 196       * @author <mikey_nich at hotmail dot com>
 197       * @link   http://php.net/manual/en/function.crypt.php#73619
 198       *
 199       * @param string $clear The clear text to hash
 200       * @param string $salt  The salt to use, null for random
 201       * @param string $magic The hash identifier (apr1 or 1)
 202       * @return string Hashed password
 203       */
 204      public function hash_apr1($clear, $salt = null, $magic = 'apr1') {
 205          $this->init_salt($salt, 8);
 206  
 207          $len  = strlen($clear);
 208          $text = $clear.'$'.$magic.'$'.$salt;
 209          $bin  = pack("H32", md5($clear.$salt.$clear));
 210          for($i = $len; $i > 0; $i -= 16) {
 211              $text .= substr($bin, 0, min(16, $i));
 212          }
 213          for($i = $len; $i > 0; $i >>= 1) {
 214              $text .= ($i & 1) ? chr(0) : $clear[0];
 215          }
 216          $bin = pack("H32", md5($text));
 217          for($i = 0; $i < 1000; $i++) {
 218              $new = ($i & 1) ? $clear : $bin;
 219              if($i % 3) $new .= $salt;
 220              if($i % 7) $new .= $clear;
 221              $new .= ($i & 1) ? $bin : $clear;
 222              $bin = pack("H32", md5($new));
 223          }
 224          $tmp = '';
 225          for($i = 0; $i < 5; $i++) {
 226              $k = $i + 6;
 227              $j = $i + 12;
 228              if($j == 16) $j = 5;
 229              $tmp = $bin[$i].$bin[$k].$bin[$j].$tmp;
 230          }
 231          $tmp = chr(0).chr(0).$bin[11].$tmp;
 232          $tmp = strtr(
 233              strrev(substr(base64_encode($tmp), 2)),
 234              "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",
 235              "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
 236          );
 237          return '$'.$magic.'$'.$salt.'$'.$tmp;
 238      }
 239  
 240      /**
 241       * Password hashing method 'md5'
 242       *
 243       * Uses MD5 hashs.
 244       *
 245       * @param string $clear The clear text to hash
 246       * @return string Hashed password
 247       */
 248      public function hash_md5($clear) {
 249          return md5($clear);
 250      }
 251  
 252      /**
 253       * Password hashing method 'sha1'
 254       *
 255       * Uses SHA1 hashs.
 256       *
 257       * @param string $clear The clear text to hash
 258       * @return string Hashed password
 259       */
 260      public function hash_sha1($clear) {
 261          return sha1($clear);
 262      }
 263  
 264      /**
 265       * Password hashing method 'ssha' as used by LDAP
 266       *
 267       * Uses salted SHA1 hashs. Salt is 4 bytes long.
 268       *
 269       * @param string $clear The clear text to hash
 270       * @param string $salt  The salt to use, null for random
 271       * @return string Hashed password
 272       */
 273      public function hash_ssha($clear, $salt = null) {
 274          $this->init_salt($salt, 4);
 275          return '{SSHA}'.base64_encode(pack("H*", sha1($clear.$salt)).$salt);
 276      }
 277  
 278      /**
 279       * Password hashing method 'crypt'
 280       *
 281       * Uses salted crypt hashs. Salt is 2 bytes long.
 282       *
 283       * @param string $clear The clear text to hash
 284       * @param string $salt  The salt to use, null for random
 285       * @return string Hashed password
 286       */
 287      public function hash_crypt($clear, $salt = null) {
 288          $this->init_salt($salt, 2);
 289          return crypt($clear, $salt);
 290      }
 291  
 292      /**
 293       * Password hashing method 'mysql'
 294       *
 295       * This method was used by old MySQL systems
 296       *
 297       * @link   http://php.net/mysql
 298       * @author <soren at byu dot edu>
 299       * @param string $clear The clear text to hash
 300       * @return string Hashed password
 301       */
 302      public function hash_mysql($clear) {
 303          $nr      = 0x50305735;
 304          $nr2     = 0x12345671;
 305          $add     = 7;
 306          $charArr = preg_split("//", $clear);
 307          foreach($charArr as $char) {
 308              if(($char == '') || ($char == ' ') || ($char == '\t')) continue;
 309              $charVal = ord($char);
 310              $nr ^= ((($nr & 63) + $add) * $charVal) + ($nr << 8);
 311              $nr2 += ($nr2 << 8) ^ $nr;
 312              $add += $charVal;
 313          }
 314          return sprintf("%08x%08x", ($nr & 0x7fffffff), ($nr2 & 0x7fffffff));
 315      }
 316  
 317      /**
 318       * Password hashing method 'my411'
 319       *
 320       * Uses SHA1 hashs. This method is used by MySQL 4.11 and above
 321       *
 322       * @param string $clear The clear text to hash
 323       * @return string Hashed password
 324       */
 325      public function hash_my411($clear) {
 326          return '*'.strtoupper(sha1(pack("H*", sha1($clear))));
 327      }
 328  
 329      /**
 330       * Password hashing method 'kmd5'
 331       *
 332       * Uses salted MD5 hashs.
 333       *
 334       * Salt is 2 bytes long, but stored at position 16, so you need to pass at
 335       * least 18 bytes. You can pass the crypted hash as salt.
 336       *
 337       * @param string $clear The clear text to hash
 338       * @param string $salt  The salt to use, null for random
 339       * @return string Hashed password
 340       */
 341      public function hash_kmd5($clear, $salt = null) {
 342          $this->init_salt($salt);
 343  
 344          $key   = substr($salt, 16, 2);
 345          $hash1 = strtolower(md5($key.md5($clear)));
 346          $hash2 = substr($hash1, 0, 16).$key.substr($hash1, 16);
 347          return $hash2;
 348      }
 349  
 350      /**
 351       * Password hashing method 'pmd5'
 352       *
 353       * Uses salted MD5 hashs. Salt is 1+8 bytes long, 1st byte is the
 354       * iteration count when given, for null salts $compute is used.
 355       *
 356       * The actual iteration count is the given count squared, maximum is
 357       * 30 (-> 1073741824). If a higher one is given, the function throws
 358       * an exception.
 359       *
 360       * @link  http://www.openwall.com/phpass/
 361       *
 362       * @param string $clear   The clear text to hash
 363       * @param string $salt    The salt to use, null for random
 364       * @param string $magic   The hash identifier (P or H)
 365       * @param int    $compute The iteration count for new passwords
 366       * @throws \Exception
 367       * @return string Hashed password
 368       */
 369      public function hash_pmd5($clear, $salt = null, $magic = 'P', $compute = 8) {
 370          $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
 371          if(is_null($salt)) {
 372              $this->init_salt($salt);
 373              $salt = $itoa64[$compute].$salt; // prefix iteration count
 374          }
 375          $iterc = $salt[0]; // pos 0 of salt is iteration count
 376          $iter  = strpos($itoa64, $iterc);
 377  
 378          if($iter > 30) {
 379              throw new \Exception("Too high iteration count ($iter) in ".
 380                                      __CLASS__.'::'.__FUNCTION__);
 381          }
 382  
 383          $iter = 1 << $iter;
 384          $salt = substr($salt, 1, 8);
 385  
 386          // iterate
 387          $hash = md5($salt.$clear, true);
 388          do {
 389              $hash = md5($hash.$clear, true);
 390          } while(--$iter);
 391  
 392          // encode
 393          $output = '';
 394          $count  = 16;
 395          $i      = 0;
 396          do {
 397              $value = ord($hash[$i++]);
 398              $output .= $itoa64[$value & 0x3f];
 399              if($i < $count)
 400                  $value |= ord($hash[$i]) << 8;
 401              $output .= $itoa64[($value >> 6) & 0x3f];
 402              if($i++ >= $count)
 403                  break;
 404              if($i < $count)
 405                  $value |= ord($hash[$i]) << 16;
 406              $output .= $itoa64[($value >> 12) & 0x3f];
 407              if($i++ >= $count)
 408                  break;
 409              $output .= $itoa64[($value >> 18) & 0x3f];
 410          } while($i < $count);
 411  
 412          return '$'.$magic.'$'.$iterc.$salt.$output;
 413      }
 414  
 415      /**
 416       * Alias for hash_pmd5
 417       *
 418       * @param string $clear
 419       * @param null|string $salt
 420       * @param string $magic
 421       * @param int $compute
 422       *
 423       * @return string
 424       * @throws \Exception
 425       */
 426      public function hash_hmd5($clear, $salt = null, $magic = 'H', $compute = 8) {
 427          return $this->hash_pmd5($clear, $salt, $magic, $compute);
 428      }
 429  
 430      /**
 431       * Password hashing method 'djangosha1'
 432       *
 433       * Uses salted SHA1 hashs. Salt is 5 bytes long.
 434       * This is used by the Django Python framework
 435       *
 436       * @link http://docs.djangoproject.com/en/dev/topics/auth/#passwords
 437       *
 438       * @param string $clear The clear text to hash
 439       * @param string $salt  The salt to use, null for random
 440       * @return string Hashed password
 441       */
 442      public function hash_djangosha1($clear, $salt = null) {
 443          $this->init_salt($salt, 5);
 444          return 'sha1$'.$salt.'$'.sha1($salt.$clear);
 445      }
 446  
 447      /**
 448       * Password hashing method 'djangomd5'
 449       *
 450       * Uses salted MD5 hashs. Salt is 5 bytes long.
 451       * This is used by the Django Python framework
 452       *
 453       * @link http://docs.djangoproject.com/en/dev/topics/auth/#passwords
 454       *
 455       * @param string $clear The clear text to hash
 456       * @param string $salt  The salt to use, null for random
 457       * @return string Hashed password
 458       */
 459      public function hash_djangomd5($clear, $salt = null) {
 460          $this->init_salt($salt, 5);
 461          return 'md5$'.$salt.'$'.md5($salt.$clear);
 462      }
 463  
 464      /**
 465       * Password hashing method 'djangopbkdf2'
 466       *
 467       * An algorithm and iteration count should be given in the opts array.
 468       * Defaults to sha256 and 24000 iterations
 469       *
 470       * @param string $clear The clear text to hash
 471       * @param string $salt  The salt to use, null for random
 472       * @param array $opts ('algo' => hash algorithm, 'iter' => iterations)
 473       * @return string Hashed password
 474       * @throws \Exception when PHP is missing support for the method/algo
 475       */
 476      public function hash_djangopbkdf2($clear, $salt=null, $opts=array()) {
 477          $this->init_salt($salt, 12);
 478          if(empty($opts['algo'])) {
 479              $algo = 'sha256';
 480          } else {
 481              $algo = $opts['algo'];
 482          }
 483          if(empty($opts['iter'])) {
 484              $iter = 24000;
 485          } else {
 486              $iter = (int) $opts['iter'];
 487          }
 488          if(!function_exists('hash_pbkdf2')) {
 489              throw new \Exception('This PHP installation has no PBKDF2 support');
 490          }
 491          if(!in_array($algo, hash_algos())) {
 492              throw new \Exception("This PHP installation has no $algo support");
 493          }
 494  
 495          $hash = base64_encode(hash_pbkdf2($algo, $clear, $salt, $iter, 0, true));
 496          return "pbkdf2_$algo\$$iter\$$salt\$$hash";
 497      }
 498  
 499      /**
 500       * Alias for djangopbkdf2 defaulting to sha256 as hash algorithm
 501       *
 502       * @param string $clear The clear text to hash
 503       * @param string $salt  The salt to use, null for random
 504       * @param array $opts ('iter' => iterations)
 505       * @return string Hashed password
 506       * @throws \Exception when PHP is missing support for the method/algo
 507       */
 508      public function hash_djangopbkdf2_sha256($clear, $salt=null, $opts=array()) {
 509          $opts['algo'] = 'sha256';
 510          return $this->hash_djangopbkdf2($clear, $salt, $opts);
 511      }
 512  
 513      /**
 514       * Alias for djangopbkdf2 defaulting to sha1 as hash algorithm
 515       *
 516       * @param string $clear The clear text to hash
 517       * @param string $salt  The salt to use, null for random
 518       * @param array $opts ('iter' => iterations)
 519       * @return string Hashed password
 520       * @throws \Exception when PHP is missing support for the method/algo
 521       */
 522      public function hash_djangopbkdf2_sha1($clear, $salt=null, $opts=array()) {
 523          $opts['algo'] = 'sha1';
 524          return $this->hash_djangopbkdf2($clear, $salt, $opts);
 525      }
 526  
 527      /**
 528       * Passwordhashing method 'bcrypt'
 529       *
 530       * Uses a modified blowfish algorithm called eksblowfish
 531       * This method works on PHP 5.3+ only and will throw an exception
 532       * if the needed crypt support isn't available
 533       *
 534       * A full hash should be given as salt (starting with $a2$) or this
 535       * will break. When no salt is given, the iteration count can be set
 536       * through the $compute variable.
 537       *
 538       * @param string $clear   The clear text to hash
 539       * @param string $salt    The salt to use, null for random
 540       * @param int    $compute The iteration count (between 4 and 31)
 541       * @throws \Exception
 542       * @return string Hashed password
 543       */
 544      public function hash_bcrypt($clear, $salt = null, $compute = 10) {
 545          if(!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH != 1) {
 546              throw new \Exception('This PHP installation has no bcrypt support');
 547          }
 548  
 549          if(is_null($salt)) {
 550              if($compute < 4 || $compute > 31) $compute = 8;
 551              $salt = '$2y$'.str_pad($compute, 2, '0', STR_PAD_LEFT).'$'.
 552                  $this->gen_salt(22);
 553          }
 554  
 555          return crypt($clear, $salt);
 556      }
 557  
 558      /**
 559       * Password hashing method SHA512
 560       *
 561       * This is only supported on PHP 5.3.2 or higher and will throw an exception if
 562       * the needed crypt support is not available
 563       *
 564       * @param string $clear The clear text to hash
 565       * @param string $salt  The salt to use, null for random
 566       * @param string $magic The rounds for sha512 (for example "rounds=3000"), null for default value
 567       * @return string Hashed password
 568       * @throws \Exception
 569       */
 570      public function hash_sha512($clear, $salt = null, $magic = null) {
 571          if(!defined('CRYPT_SHA512') || CRYPT_SHA512 != 1) {
 572              throw new \Exception('This PHP installation has no SHA512 support');
 573          }
 574          $this->init_salt($salt, 8, false);
 575          if(empty($magic)) {
 576              return crypt($clear, '$6$'.$salt.'$');
 577          }else{
 578              return crypt($clear, '$6$'.$magic.'$'.$salt.'$');
 579          }
 580      }
 581  
 582      /**
 583       * Password hashing method 'mediawiki'
 584       *
 585       * Uses salted MD5, this is referred to as Method B in MediaWiki docs. Unsalted md5
 586       * method 'A' is not supported.
 587       *
 588       * @link  http://www.mediawiki.org/wiki/Manual_talk:User_table#user_password_column
 589       *
 590       * @param string $clear The clear text to hash
 591       * @param string $salt  The salt to use, null for random
 592       * @return string Hashed password
 593       */
 594      public function hash_mediawiki($clear, $salt = null) {
 595          $this->init_salt($salt, 8, false);
 596          return ':B:'.$salt.':'.md5($salt.'-'.md5($clear));
 597      }
 598  
 599  
 600      /**
 601       * Password hashing method 'argon2i'
 602       *
 603       * Uses php's own password_hash function to create argon2i password hash
 604       * Default Cost and thread options are used for now.
 605       *
 606       * @link  https://www.php.net/manual/de/function.password-hash.php
 607       *
 608       * @param string $clear The clear text to hash
 609       * @return string Hashed password
 610       */
 611      public function hash_argon2i($clear) {
 612          if(!defined('PASSWORD_ARGON2I')) {
 613              throw new \Exception('This PHP installation has no ARGON2I support');
 614          }
 615          return password_hash($clear,PASSWORD_ARGON2I);   
 616      }
 617  
 618      /**
 619       * Password hashing method 'argon2id'
 620       *
 621       * Uses php's own password_hash function to create argon2id password hash
 622       * Default Cost and thread options are used for now.
 623       *
 624       * @link  https://www.php.net/manual/de/function.password-hash.php
 625       *
 626       * @param string $clear The clear text to hash
 627       * @return string Hashed password
 628       */
 629      public function hash_argon2id($clear) {
 630          if(!defined('PASSWORD_ARGON2ID')) {
 631              throw new \Exception('This PHP installation has no ARGON2ID support');
 632          }
 633          return password_hash($clear,PASSWORD_ARGON2ID);   
 634      }
 635  
 636      /**
 637       * Wraps around native hash_hmac() or reimplents it
 638       *
 639       * This is not directly used as password hashing method, and thus isn't callable via the
 640       * verify_hash() method. It should be used to create signatures and might be used in other
 641       * password hashing methods.
 642       *
 643       * @see hash_hmac()
 644       * @author KC Cloyd
 645       * @link http://php.net/manual/en/function.hash-hmac.php#93440
 646       *
 647       * @param string $algo Name of selected hashing algorithm (i.e. "md5", "sha256", "haval160,4",
 648       *                     etc..) See hash_algos() for a list of supported algorithms.
 649       * @param string $data Message to be hashed.
 650       * @param string $key  Shared secret key used for generating the HMAC variant of the message digest.
 651       * @param bool $raw_output When set to TRUE, outputs raw binary data. FALSE outputs lowercase hexits.
 652       * @return string
 653       */
 654      public static function hmac($algo, $data, $key, $raw_output = false) {
 655          // use native function if available and not in unit test
 656          if(function_exists('hash_hmac') && !defined('SIMPLE_TEST')){
 657              return hash_hmac($algo, $data, $key, $raw_output);
 658          }
 659  
 660          $algo = strtolower($algo);
 661          $pack = 'H' . strlen($algo('test'));
 662          $size = 64;
 663          $opad = str_repeat(chr(0x5C), $size);
 664          $ipad = str_repeat(chr(0x36), $size);
 665  
 666          if(strlen($key) > $size) {
 667              $key = str_pad(pack($pack, $algo($key)), $size, chr(0x00));
 668          } else {
 669              $key = str_pad($key, $size, chr(0x00));
 670          }
 671  
 672          for($i = 0; $i < strlen($key) - 1; $i++) {
 673              $opad[$i] = $opad[$i] ^ $key[$i];
 674              $ipad[$i] = $ipad[$i] ^ $key[$i];
 675          }
 676  
 677          $output = $algo($opad . pack($pack, $algo($ipad . $data)));
 678  
 679          return ($raw_output) ? pack($pack, $output) : $output;
 680      }
 681  
 682      /**
 683       * Use a secure random generator
 684       *
 685       * @param int $min
 686       * @param int $max
 687       * @return int
 688       */
 689      protected function random($min, $max){
 690          try {
 691              return random_int($min, $max);
 692          } catch (\Exception $e) {
 693              // availability of random source is checked elsewhere in DokuWiki
 694              // we demote this to an unchecked runtime exception here
 695              throw new \RuntimeException($e->getMessage(), $e->getCode(), $e);
 696          }
 697      }
 698  }