CryptUtil.php 3.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123
  1. <?php
  2. /**
  3. * CryptUtil: A suite of wrapper utility functions for the OpenID
  4. * library.
  5. *
  6. * PHP versions 4 and 5
  7. *
  8. * LICENSE: See the COPYING file included in this distribution.
  9. *
  10. * @access private
  11. * @package OpenID
  12. * @author JanRain, Inc. <openid@janrain.com>
  13. * @copyright 2005-2008 Janrain, Inc.
  14. * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
  15. */
  16. if (!defined('Auth_OpenID_RAND_SOURCE')) {
  17. /**
  18. * The filename for a source of random bytes. Define this yourself
  19. * if you have a different source of randomness.
  20. */
  21. define('Auth_OpenID_RAND_SOURCE', '/dev/urandom');
  22. }
  23. class Auth_OpenID_CryptUtil {
  24. /**
  25. * Get the specified number of random bytes.
  26. *
  27. * Attempts to use a cryptographically secure (not predictable)
  28. * source of randomness if available. If there is no high-entropy
  29. * randomness source available, it will fail. As a last resort,
  30. * for non-critical systems, define
  31. * <code>Auth_OpenID_RAND_SOURCE</code> as <code>null</code>, and
  32. * the code will fall back on a pseudo-random number generator.
  33. *
  34. * @param int $num_bytes The length of the return value
  35. * @return string $bytes random bytes
  36. */
  37. static function getBytes($num_bytes)
  38. {
  39. static $f = null;
  40. $bytes = '';
  41. if ($f === null) {
  42. if (Auth_OpenID_RAND_SOURCE === null) {
  43. $f = false;
  44. } else {
  45. $f = @fopen(Auth_OpenID_RAND_SOURCE, "r");
  46. if ($f === false) {
  47. $msg = 'Define Auth_OpenID_RAND_SOURCE as null to ' .
  48. ' continue with an insecure random number generator.';
  49. trigger_error($msg, E_USER_ERROR);
  50. }
  51. }
  52. }
  53. if ($f === false) {
  54. // pseudorandom used
  55. $bytes = '';
  56. for ($i = 0; $i < $num_bytes; $i += 4) {
  57. $bytes .= pack('L', mt_rand());
  58. }
  59. $bytes = substr($bytes, 0, $num_bytes);
  60. } else {
  61. $bytes = fread($f, $num_bytes);
  62. }
  63. return $bytes;
  64. }
  65. /**
  66. * Produce a string of length random bytes, chosen from chrs. If
  67. * $chrs is null, the resulting string may contain any characters.
  68. *
  69. * @param integer $length The length of the resulting
  70. * randomly-generated string
  71. * @param string $chrs A string of characters from which to choose
  72. * to build the new string
  73. * @return string $result A string of randomly-chosen characters
  74. * from $chrs
  75. */
  76. static function randomString($length, $population = null)
  77. {
  78. if ($population === null) {
  79. return Auth_OpenID_CryptUtil::getBytes($length);
  80. }
  81. $popsize = strlen($population);
  82. if ($popsize > 256) {
  83. $msg = 'More than 256 characters supplied to ' . __FUNCTION__;
  84. trigger_error($msg, E_USER_ERROR);
  85. }
  86. $duplicate = 256 % $popsize;
  87. $str = "";
  88. for ($i = 0; $i < $length; $i++) {
  89. do {
  90. $n = ord(Auth_OpenID_CryptUtil::getBytes(1));
  91. } while ($n < $duplicate);
  92. $n %= $popsize;
  93. $str .= $population[$n];
  94. }
  95. return $str;
  96. }
  97. static function constEq($s1, $s2)
  98. {
  99. if (strlen($s1) != strlen($s2)) {
  100. return false;
  101. }
  102. $result = true;
  103. $length = strlen($s1);
  104. for ($i = 0; $i < $length; $i++) {
  105. $result &= ($s1[$i] == $s2[$i]);
  106. }
  107. return $result;
  108. }
  109. }