Home Verkennen Help
Inloggen
metalhurlant364
/
Liberations
Volgen 1
Ster 0
Vork 0
Bestanden Kwesties 0 Pull-aanvragen 0 Wiki
Boom: e80eb871f4
Aftakkingen Labels
Liberations
/
lib
/
PasswordGenerator.php

PasswordGenerator.php 7.5 KB
Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193 
  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4.  * Unbiased random password generator.
    5. 

  5.  * Copyright (c) 2015, Taylor Hornby
    6. 

  6.  * All rights reserved.
    7. 

  7.  *
    8. 

  8.  * Redistribution and use in source and binary forms, with or without 
    9. 

  9.  * modification, are permitted provided that the following conditions are met:
    10. 

  10.  *
    11. 

  11.  * 1. Redistributions of source code must retain the above copyright notice, 
    12. 

  12.  * this list of conditions and the following disclaimer.
    13. 

  13.  *
    14. 

  14.  * 2. Redistributions in binary form must reproduce the above copyright notice,
    15. 

  15.  * this list of conditions and the following disclaimer in the documentation 
    16. 

  16.  * and/or other materials provided with the distribution.
    17. 

  17.  *
    18. 

  18.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
    19. 

  19.  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
    20. 

  20.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
    21. 

  21.  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 
    22. 

  22.  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
    23. 

  23.  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
    24. 

  24.  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
    25. 

  25.  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
    26. 

  26.  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
    27. 

  27.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
    28. 

  28.  * POSSIBILITY OF SUCH DAMAGE.
    29. 

  29.  */
    30. 

  30. 

  31. class ExtremelyUnlikelyRandomnessException extends Exception {
    32. 

  32.     
    33. 

  33. }
    34. 

  34. 

  35. class PasswordGenerator {
    36. 

  36. 

  37.     public static function getASCIIPassword($length) {
    38. 

  38.         $printable = "!\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~";
    39. 

  39.         return self::getCustomPassword(str_split($printable), $length);
    40. 

  40.     }
    41. 

  41. 

  42.     public static function getAlphaNumericPassword($length) {
    43. 

  43.         $alphanum = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
    44. 

  44.         return self::getCustomPassword(str_split($alphanum), $length);
    45. 

  45.     }
    46. 

  46. 

  47.     public static function getHexPassword($length) {
    48. 

  48.         $hex = "0123456789ABCDEF";
    49. 

  49.         return self::getCustomPassword(str_split($hex), $length);
    50. 

  50.     }
    51. 

  51. 

  52.     /*
    53. 

  53.      * Create a random password composed of a custom character set.
    54. 

  54.      * $characterSet - An *array* of strings the password can be composed of.
    55. 

  55.      * $length - The number of random strings (in $characterSet) to include in the password.
    56. 

  56.      * Returns false on error (always check!).
    57. 

  57.      */
    58. 

  58.     public static function getCustomPassword($characterSet, $length) {
    59. 

  59.         if ($length < 1 || !is_array($characterSet))
    60. 

  60.             return false;
    61. 

  61. 

  62.         $charSetLen = count($characterSet);
    63. 

  63.         if ($charSetLen == 0)
    64. 

  64.             return false;
    65. 

  65. 

  66.         $random = self::getRandomInts($length * 2);
    67. 

  67.         $mask = self::getMinimalBitMask($charSetLen - 1);
    68. 

  68. 

  69.         $password = "";
    70. 

  70. 

  71.         // To generate the password, we repeatedly try random integers and use the ones within the range
    72. 

  72.         // 0 to $charSetLen - 1 to select an index into the character set. This is the only known way to
    73. 

  73.         // make a truly unbiased random selection from a set using random binary data.
    74. 

  74.         // A poorly implemented or malicious RNG could cause an infinite loop, leading to a denial of service.
    75. 

  75.         // We need to guarantee termination, so $iterLimit holds the number of further iterations we will allow.
    76. 

  76.         // It is extremely unlikely (about 2^-64) that more than $length*64 random ints are needed.
    77. 

  77.         $iterLimit = max($length, $length * 64);   // If length is close to PHP_INT_MAX we don't want to overflow.
    78. 

  78.         $randIdx = 0;
    79. 

  79.         while (self::safeStrlen($password) < $length) {
    80. 

  80.             if ($randIdx >= count($random)) {
    81. 

  81.                 $random = self::getRandomInts(2 * ($length - strlen($password)));
    82. 

  82.                 $randIdx = 0;
    83. 

  83.             }
    84. 

  84. 

  85.             // This is wasteful, but RNGs are fast and doing otherwise adds complexity and bias.
    86. 

  86.             $c = $random[$randIdx++] & $mask;
    87. 

  87.             // Only use the random number if it is in range, otherwise try another (next iteration).
    88. 

  88.             if ($c < $charSetLen)
    89. 

  89.                 $password .= self::sidechannel_safe_array_index($characterSet, $c);
    90. 

  90.             // FIXME: check the return value
    91. 

  91.             // Guarantee termination
    92. 

  92.             $iterLimit--;
    93. 

  93.             if ($iterLimit <= 0) {
    94. 

  94.                 throw new ExtremelyUnlikelyRandomnessException("Hit iteration limit when generating password.");
    95. 

  95.             }
    96. 

  96.         }
    97. 

  97. 

  98.         return $password;
    99. 

  99.     }
    100. 

  100. 

  101.     // FIXME: This function needs unit tests!
    102. 

  102.     public static function getRandomInt($min_inclusive, $max_inclusive) {
    103. 

  103.         if ($min_inclusive > $max_inclusive) {
    104. 

  104.             throw new InvalidArgumentException("min is greater than max.");
    105. 

  105.         }
    106. 

  106. 

  107.         if ($min_inclusive == $max_inclusive) {
    108. 

  108.             return $min_inclusive;
    109. 

  109.         }
    110. 

  110. 

  111.         $range = $max_inclusive - $min_inclusive;
    112. 

  112.         $mask = self::getMinimalBitMask($range);
    113. 

  113. 

  114.         $random = self::getRandomInts(10);
    115. 

  115.         $randIdx = 0;
    116. 

  116. 

  117.         $iterLimit = 100;
    118. 

  118.         while (1) {
    119. 

  119.             /* Replenish the random integers if we ran out. */
    120. 

  120.             if ($randIdx >= count($random)) {
    121. 

  121.                 $random = self::getRandomInts(10);
    122. 

  122.                 $randIdx = 0;
    123. 

  123.             }
    124. 

  124. 

  125.             $offset = $random[$randIdx++] & $mask;
    126. 

  126.             if ($offset <= $range) {
    127. 

  127.                 return $min_inclusive + $offset;
    128. 

  128.             }
    129. 

  129. 

  130.             $iterLimit--;
    131. 

  131.             if ($iterLimit <= 0) {
    132. 

  132.                 throw new ExtremelyUnlikelyRandomnessException("Hit iteration limit when generating random integer.");
    133. 

  133.             }
    134. 

  134.         }
    135. 

  135.     }
    136. 

  136. 

  137.     // Returns the character at index $index in $string in constant time.
    138. 

  138.     private static function sidechannel_safe_array_index($string, $index) {
    139. 

  139.         // FIXME: Make the const-time hack below work for all integer sizes, or
    140. 

  140.         // check it properly.
    141. 

  141.         if (count($string) > 65535 || $index > count($string)) {
    142. 

  142.             return false;
    143. 

  143.         }
    144. 

  144.         $character = 0;
    145. 

  145.         for ($i = 0; $i < count($string); $i++) {
    146. 

  146.             $x = $i ^ $index;
    147. 

  147.             $mask = (((($x | ($x >> 16)) & 0xFFFF) + 0xFFFF) >> 16) - 1;
    148. 

  148.             $character |= ord($string[$i]) & $mask;
    149. 

  149.         }
    150. 

  150.         return chr($character);
    151. 

  151.     }
    152. 

  152. 

  153.     // Returns the smallest bit mask of all 1s such that ($toRepresent & mask) = $toRepresent.
    154. 

  154.     // $toRepresent must be an integer greater than or equal to 1.
    155. 

  155.     private static function getMinimalBitMask($toRepresent) {
    156. 

  156.         if ($toRepresent < 1) {
    157. 

  157.             throw new InvalidArgumentException("Non-positive integer passed to getMinimalBitMask.");
    158. 

  158.         }
    159. 

  159.         $mask = 0x1;
    160. 

  160.         while ($mask < $toRepresent) {
    161. 

  161.             $mask = ($mask << 1) | 1;
    162. 

  162.         }
    163. 

  163.         return $mask;
    164. 

  164.     }
    165. 

  165. 

  166.     // Returns an array of $numInts random integers between 0 and PHP_INT_MAX
    167. 

  167.     public static function getRandomInts($numInts) {
    168. 

  168.         $ints = array();
    169. 

  169.         if ($numInts <= 0) {
    170. 

  170.             return $ints;
    171. 

  171.         }
    172. 

  172.         $rawBinary = mcrypt_create_iv($numInts * PHP_INT_SIZE, MCRYPT_DEV_URANDOM);
    173. 

  173.         for ($i = 0; $i < $numInts; ++$i) {
    174. 

  174.             $thisInt = 0;
    175. 

  175.             for ($j = 0; $j < PHP_INT_SIZE; ++$j) {
    176. 

  176.                 $thisInt = ($thisInt << 8) | (ord($rawBinary[$i * PHP_INT_SIZE + $j]) & 0xFF);
    177. 

  177.             }
    178. 

  178.             // Absolute value in two's compliment (with min int going to zero)
    179. 

  179.             $thisInt = $thisInt & PHP_INT_MAX;
    180. 

  180.             $ints[] = $thisInt;
    181. 

  181.         }
    182. 

  182.         return $ints;
    183. 

  183.     }
    184. 

  184. 

  185.     public static function safeStrlen($str) {
    186. 

  186.         if (function_exists('mb_strlen')) {
    187. 

  187.             return mb_strlen($str, '8bit');
    188. 

  188.         }
    189. 

  189.         return strlen($str);
    190. 

  190.     }
    191. 

  191. 

  192. }
    193. 

  193.