PageRenderTime 40ms CodeModel.GetById 19ms RepoModel.GetById 1ms app.codeStats 0ms

/fuel/core/vendor/phpseclib/Crypt/Random.php

https://bitbucket.org/arkross/venus
PHP | 137 lines | 55 code | 13 blank | 69 comment | 9 complexity | 2668e66b45534e4405606cfd1548d2e5 MD5 | raw file
Possible License(s): MIT, BSD-3-Clause
  1. <?php
  2. /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
  3. namespace PHPSecLib;
  4. /**
  5. * Random Number Generator
  6. *
  7. * PHP versions 4 and 5
  8. *
  9. * Here's a short example of how to use this library:
  10. * <code>
  11. * <?php
  12. * include('Crypt/Random.php');
  13. *
  14. * $random = new crypt_random();
  15. * $salt = $random->get();
  16. * ?>
  17. * </code>
  18. *
  19. * LICENSE: This library is free software; you can redistribute it and/or
  20. * modify it under the terms of the GNU Lesser General Public
  21. * License as published by the Free Software Foundation; either
  22. * version 2.1 of the License, or (at your option) any later version.
  23. *
  24. * This library is distributed in the hope that it will be useful,
  25. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  26. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  27. * Lesser General Public License for more details.
  28. *
  29. * You should have received a copy of the GNU Lesser General Public
  30. * License along with this library; if not, write to the Free Software
  31. * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
  32. * MA 02111-1307 USA
  33. *
  34. * @category Crypt
  35. * @package Crypt_Random
  36. * @author Jim Wigginton <terrafrost@php.net>
  37. * @copyright MMVII Jim Wigginton
  38. * @license http://www.gnu.org/licenses/lgpl.txt
  39. * @version $Id: Random.php,v 1.9 2010/04/24 06:40:48 terrafrost Exp $
  40. * @link http://phpseclib.sourceforge.net
  41. */
  42. /**
  43. * Generate a random value.
  44. *
  45. * On 32-bit machines, the largest distance that can exist between $min and $max is 2**31.
  46. * If $min and $max are farther apart than that then the last ($max - range) numbers.
  47. *
  48. * Depending on how this is being used, it may be worth while to write a replacement. For example,
  49. * a PHP-based web app that stores its data in an SQL database can collect more entropy than this function
  50. * can.
  51. *
  52. * @param optional Integer $min
  53. * @param optional Integer $max
  54. * @return Integer
  55. * @access public
  56. */
  57. class Crypt_Random {
  58. public function get($min = 0, $max = 0x7FFFFFFF)
  59. {
  60. if ($min == $max) {
  61. return $min;
  62. }
  63. // see http://en.wikipedia.org/wiki//dev/random
  64. // if open_basedir is enabled file_exists() will ouput an "open_basedir restriction in effect" warning,
  65. // so we suppress it.
  66. if (@file_exists('/dev/urandom')) {
  67. static $fp;
  68. if (!$fp) {
  69. $fp = fopen('/dev/urandom', 'rb');
  70. }
  71. extract(unpack('Nrandom', fread($fp, 4)));
  72. // say $min = 0 and $max = 3. if we didn't do abs() then we could have stuff like this:
  73. // -4 % 3 + 0 = -1, even though -1 < $min
  74. return abs($random) % ($max - $min) + $min;
  75. }
  76. /* Prior to PHP 4.2.0, mt_srand() had to be called before mt_rand() could be called.
  77. Prior to PHP 5.2.6, mt_rand()'s automatic seeding was subpar, as elaborated here:
  78. http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/
  79. The seeding routine is pretty much ripped from PHP's own internal GENERATE_SEED() macro:
  80. http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3_2/ext/standard/php_rand.h?view=markup */
  81. if (version_compare(PHP_VERSION, '5.2.5', '<=')) {
  82. static $seeded;
  83. if (!isset($seeded)) {
  84. $seeded = true;
  85. mt_srand(fmod(time() * getmypid(), 0x7FFFFFFF) ^ fmod(1000000 * lcg_value(), 0x7FFFFFFF));
  86. }
  87. }
  88. static $crypto;
  89. // The CSPRNG's Yarrow and Fortuna periodically reseed. This function can be reseeded by hitting F5
  90. // in the browser and reloading the page.
  91. if (!isset($crypto)) {
  92. $key = $iv = '';
  93. for ($i = 0; $i < 8; $i++) {
  94. $key.= pack('n', mt_rand(0, 0xFFFF));
  95. $iv .= pack('n', mt_rand(0, 0xFFFF));
  96. }
  97. switch (true) {
  98. case class_exists('Crypt_AES'):
  99. $crypto = new Crypt_AES(CRYPT_AES_MODE_CTR);
  100. break;
  101. case class_exists('Crypt_TripleDES'):
  102. $crypto = new Crypt_TripleDES(CRYPT_DES_MODE_CTR);
  103. break;
  104. case class_exists('Crypt_DES'):
  105. $crypto = new Crypt_DES(CRYPT_DES_MODE_CTR);
  106. break;
  107. case class_exists('Crypt_RC4'):
  108. $crypto = new Crypt_RC4();
  109. break;
  110. default:
  111. extract(unpack('Nrandom', pack('H*', sha1(mt_rand(0, 0x7FFFFFFF)))));
  112. return abs($random) % ($max - $min) + $min;
  113. }
  114. $crypto->setKey($key);
  115. $crypto->setIV($iv);
  116. $crypto->enableContinuousBuffer();
  117. }
  118. extract(unpack('Nrandom', $crypto->encrypt("\0\0\0\0")));
  119. return abs($random) % ($max - $min) + $min;
  120. }
  121. }