<?php
/**
* This file contains a modHash implementation of RSA PDKDF2.
* @package modx
* @subpackage hashing
*/
/**
* A PBKDF2 implementation of modHash.
*
* {@inheritdoc}
*
* @package modx
* @subpackage hashing
*/
class modPBKDF2 extends modHash {
/**
* Generate a hash of a string using the RSA PBKDFA2 specification.
*
* The following options are available:
* - salt (required): a valid, non-empty string to salt the hashes
* - iterations: the number of iterations per block, default is 1000 (< 1000 not recommended)
* - derived_key_length: the size of the derived key to generate, default is 32
* - algorithm: the hash algorithm to use, default is sha256
* - raw_output: if true, returns binary output, otherwise derived key is base64_encode()'d; default is false
*
* @param string $string A string to generate a secure hash from.
* @param array $options An array of options to be passed to the hash implementation.
* @return mixed The hash result or false on failure.
*/
public function hash($string, array $options = array()) {
$derivedKey = false;
$salt = $this->getOption('salt', $options, false);
if (is_string($salt) && strlen($salt) > 0) {
$iterations = (integer) $this->getOption('iterations', $options, 1000);
$derivedKeyLength = (integer) $this->getOption('derived_key_length', $options, 32);
$algorithm = $this->getOption('algorithm', $options, 'sha256');
$hashLength = strlen(hash($algorithm, null, true));
$keyBlocks = ceil($derivedKeyLength / $hashLength);
$derivedKey = '';
for ($block = 1; $block <= $keyBlocks; $block++) {
$hashBlock = $hb = hash_hmac($algorithm, $salt . pack('N', $block), $string, true);
for ($blockIteration = 1; $blockIteration < $iterations; $blockIteration++) {
$hashBlock ^= ($hb = hash_hmac($algorithm, $hb, $string, true));
}
$derivedKey .= $hashBlock;
}
$derivedKey = substr($derivedKey, 0, $derivedKeyLength);
if (!$this->getOption('raw_output', $options, false)) {
$derivedKey = base64_encode($derivedKey);
}
} else {
$this->host->modx->log(modX::LOG_LEVEL_ERROR, "PBKDF2 requires a valid salt string.", '', __METHOD__, __FILE__, __LINE__);
}
return $derivedKey;
}
}