mirror of
https://github.com/pmmp/PocketMine-MP.git
synced 2025-09-06 09:56:06 +00:00
Use built-in random_bytes functionality
This commit is contained in:
Tux
Dylan K. Taylor
@ -335,6 +335,7 @@ class Utils{
|
||||
/**
|
||||
* This function tries to get all the entropy available in PHP, and distills it to get a good RNG.
|
||||
*
|
||||
* This function simply forwards to the PHP random_bytes function.
|
||||
*
|
||||
* @param int $length default 16, Number of bytes to generate
|
||||
* @param bool $secure default true, Generate secure distilled bytes, slower
|
||||
@ -343,109 +344,16 @@ class Utils{
|
||||
* @param int &$rounds Will be set to the number of rounds taken
|
||||
* @param int &$drop Will be set to the amount of dropped bytes
|
||||
*
|
||||
* @deprecated prefer PHP 7 random_bytes()
|
||||
* @return string
|
||||
*/
|
||||
public static function getRandomBytes($length = 16, $secure = true, $raw = true, $startEntropy = "", &$rounds = 0, &$drop = 0){
|
||||
static $lastRandom = "";
|
||||
$output = "";
|
||||
$length = abs((int) $length);
|
||||
$secureValue = "";
|
||||
$rounds = 0;
|
||||
$drop = 0;
|
||||
while(!isset($output{$length - 1})){
|
||||
//some entropy, but works ^^
|
||||
$weakEntropy = [
|
||||
is_array($startEntropy) ? implode($startEntropy) : $startEntropy,
|
||||
__DIR__,
|
||||
PHP_OS,
|
||||
microtime(),
|
||||
(string) lcg_value(),
|
||||
(string) PHP_MAXPATHLEN,
|
||||
PHP_SAPI,
|
||||
(string) PHP_INT_MAX . "." . PHP_INT_SIZE,
|
||||
serialize($_SERVER),
|
||||
get_current_user(),
|
||||
(string) memory_get_usage() . "." . memory_get_peak_usage(),
|
||||
php_uname(),
|
||||
phpversion(),
|
||||
zend_version(),
|
||||
(string) getmypid(),
|
||||
(string) getmyuid(),
|
||||
(string) mt_rand(),
|
||||
(string) getmyinode(),
|
||||
(string) getmygid(),
|
||||
(string) rand(),
|
||||
function_exists("zend_thread_id") ? ((string) zend_thread_id()) : microtime(),
|
||||
function_exists("getrusage") ? implode(getrusage()) : microtime(),
|
||||
function_exists("sys_getloadavg") ? implode(sys_getloadavg()) : microtime(),
|
||||
serialize(get_loaded_extensions()),
|
||||
sys_get_temp_dir(),
|
||||
(string) disk_free_space("."),
|
||||
(string) disk_total_space("."),
|
||||
uniqid(microtime(), true),
|
||||
file_exists("/proc/cpuinfo") ? file_get_contents("/proc/cpuinfo") : microtime(),
|
||||
];
|
||||
|
||||
shuffle($weakEntropy);
|
||||
$value = hash("sha512", implode($weakEntropy), true);
|
||||
$lastRandom .= $value;
|
||||
foreach($weakEntropy as $k => $c){ //mixing entropy values with XOR and hash randomness extractor
|
||||
$value ^= hash("sha256", $c . microtime() . $k, true) . hash("sha256", mt_rand() . microtime() . $k . $c, true);
|
||||
$value ^= hash("sha512", ((string) lcg_value()) . $c . microtime() . $k, true);
|
||||
}
|
||||
unset($weakEntropy);
|
||||
|
||||
if($secure === true){
|
||||
|
||||
if(file_exists("/dev/urandom")){
|
||||
$fp = fopen("/dev/urandom", "rb");
|
||||
$systemRandom = fread($fp, 64);
|
||||
fclose($fp);
|
||||
}else{
|
||||
$systemRandom = str_repeat("\x00", 64);
|
||||
}
|
||||
|
||||
$strongEntropyValues = [
|
||||
is_array($startEntropy) ? hash("sha512", $startEntropy[($rounds + $drop) % count($startEntropy)], true) : hash("sha512", $startEntropy, true), //Get a random index of the startEntropy, or just read it
|
||||
$systemRandom,
|
||||
function_exists("openssl_random_pseudo_bytes") ? openssl_random_pseudo_bytes(64) : str_repeat("\x00", 64),
|
||||
function_exists("mcrypt_create_iv") ? mcrypt_create_iv(64, MCRYPT_DEV_URANDOM) : str_repeat("\x00", 64),
|
||||
$value,
|
||||
];
|
||||
$strongEntropy = array_pop($strongEntropyValues);
|
||||
foreach($strongEntropyValues as $value){
|
||||
$strongEntropy = $strongEntropy ^ $value;
|
||||
}
|
||||
$value = "";
|
||||
//Von Neumann randomness extractor, increases entropy
|
||||
$bitcnt = 0;
|
||||
for($j = 0; $j < 64; ++$j){
|
||||
$a = ord($strongEntropy{$j});
|
||||
for($i = 0; $i < 8; $i += 2){
|
||||
$b = ($a & (1 << $i)) > 0 ? 1 : 0;
|
||||
if($b != (($a & (1 << ($i + 1))) > 0 ? 1 : 0)){
|
||||
$secureValue |= $b << $bitcnt;
|
||||
if($bitcnt == 7){
|
||||
$value .= chr($secureValue);
|
||||
$secureValue = 0;
|
||||
$bitcnt = 0;
|
||||
}else{
|
||||
++$bitcnt;
|
||||
}
|
||||
++$drop;
|
||||
}else{
|
||||
$drop += 2;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
$output .= substr($value, 0, min($length - strlen($output), $length));
|
||||
unset($value);
|
||||
++$rounds;
|
||||
$raw_output = random_bytes($length);
|
||||
if($raw){
|
||||
return $raw_output;
|
||||
}else{
|
||||
return bin2hex($raw_output);
|
||||
}
|
||||
$lastRandom = hash("sha512", $lastRandom, true);
|
||||
|
||||
return $raw === false ? bin2hex($output) : $output;
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
Reference in New Issue
Block a user