1<?php 2 3declare(strict_types=1); 4 5/* 6 * This file is part of the TYPO3 CMS project. 7 * 8 * It is free software; you can redistribute it and/or modify it under 9 * the terms of the GNU General Public License, either version 2 10 * of the License, or any later version. 11 * 12 * For the full copyright and license information, please read the 13 * LICENSE.txt file that was distributed with this source code. 14 * 15 * The TYPO3 project - inspiring people to share! 16 */ 17 18namespace TYPO3\CMS\Extbase\Security\Cryptography; 19 20use TYPO3\CMS\Core\SingletonInterface; 21use TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException; 22use TYPO3\CMS\Extbase\Security\Exception\InvalidHashException; 23 24/** 25 * A hash service which should be used to generate and validate hashes. 26 * 27 * It will use some salt / encryption key in the future. 28 * @internal only to be used within Extbase, not part of TYPO3 Core API. 29 */ 30class HashService implements SingletonInterface 31{ 32 /** 33 * Generate a hash (HMAC) for a given string 34 * 35 * @param string $string The string for which a hash should be generated 36 * @return string The hash of the string 37 * @throws \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException if something else than a string was given as parameter 38 */ 39 public function generateHmac(string $string): string 40 { 41 $encryptionKey = $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']; 42 if (!$encryptionKey) { 43 throw new InvalidArgumentForHashGenerationException('Encryption Key was empty!', 1255069597); 44 } 45 return hash_hmac('sha1', $string, $encryptionKey); 46 } 47 48 /** 49 * Appends a hash (HMAC) to a given string and returns the result 50 * 51 * @param string $string The string for which a hash should be generated 52 * @return string The original string with HMAC of the string appended 53 * @see generateHmac() 54 * @todo Mark as API once it is more stable 55 */ 56 public function appendHmac(string $string): string 57 { 58 $hmac = $this->generateHmac($string); 59 return $string . $hmac; 60 } 61 62 /** 63 * Tests if a string $string matches the HMAC given by $hash. 64 * 65 * @param string $string The string which should be validated 66 * @param string $hmac The hash of the string 67 * @return bool TRUE if string and hash fit together, FALSE otherwise. 68 */ 69 public function validateHmac(string $string, string $hmac): bool 70 { 71 return hash_equals($this->generateHmac($string), $hmac); 72 } 73 74 /** 75 * Tests if the last 40 characters of a given string $string 76 * matches the HMAC of the rest of the string and, if true, 77 * returns the string without the HMAC. In case of a HMAC 78 * validation error, an exception is thrown. 79 * 80 * @param string $string The string with the HMAC appended (in the format 'string<HMAC>') 81 * @return string the original string without the HMAC, if validation was successful 82 * @see validateHmac() 83 * @throws \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException if the given string is not well-formatted 84 * @throws \TYPO3\CMS\Extbase\Security\Exception\InvalidHashException if the hash did not fit to the data. 85 * @todo Mark as API once it is more stable 86 */ 87 public function validateAndStripHmac(string $string): string 88 { 89 if (strlen($string) < 40) { 90 throw new InvalidArgumentForHashGenerationException('A hashed string must contain at least 40 characters, the given string was only ' . strlen($string) . ' characters long.', 1320830276); 91 } 92 $stringWithoutHmac = substr($string, 0, -40); 93 if ($this->validateHmac($stringWithoutHmac, substr($string, -40)) !== true) { 94 throw new InvalidHashException('The given string was not appended with a valid HMAC.', 1320830018); 95 } 96 return $stringWithoutHmac; 97 } 98} 99