diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2019-12-29 21:43:06 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2019-12-29 21:43:06 +0100 |
| commit | 036871cd9535503f1f7456096e6368544bdd8fc5 (patch) | |
| tree | be47690fd00a1225f409e02457704029b7103a99 | |
| parent | 71a1c9fee7aaf3f92e934302abd121d75d4c5df2 (diff) | |
| parent | c71d4c364adc27dfecd60b47857968f1050f6df6 (diff) | |
| download | forums-036871cd9535503f1f7456096e6368544bdd8fc5.tar forums-036871cd9535503f1f7456096e6368544bdd8fc5.tar.gz forums-036871cd9535503f1f7456096e6368544bdd8fc5.tar.bz2 forums-036871cd9535503f1f7456096e6368544bdd8fc5.tar.xz forums-036871cd9535503f1f7456096e6368544bdd8fc5.zip | |
Merge pull request #5790 from rxu/ticket/16266
[ticket/16266] Fix argon2 driver issue for Sodium implementation
| -rw-r--r-- | phpBB/phpbb/passwords/driver/argon2i.php | 21 | ||||
| -rw-r--r-- | tests/passwords/drivers_test.php | 54 |
2 files changed, 60 insertions, 15 deletions
diff --git a/phpBB/phpbb/passwords/driver/argon2i.php b/phpBB/phpbb/passwords/driver/argon2i.php index 49d7d6393e..bf4d6ec33a 100644 --- a/phpBB/phpbb/passwords/driver/argon2i.php +++ b/phpBB/phpbb/passwords/driver/argon2i.php @@ -37,10 +37,23 @@ class argon2i extends base_native { parent::__construct($config, $helper); - // Don't allow cost factors to be below default settings - $this->memory_cost = max($memory_cost, 1024); - $this->threads = max($threads, 2); - $this->time_cost = max($time_cost, 2); + // Workaround to prevent "Use of undefined constant" warning on some unsupported PHP installations + if (!defined('PASSWORD_ARGON2I')) + { + define('PASSWORD_ARGON2_DEFAULT_MEMORY_COST', 1024); + define('PASSWORD_ARGON2_DEFAULT_TIME_COST', 2); + define('PASSWORD_ARGON2_DEFAULT_THREADS', 1); + } + + /** + * For Sodium implementation of argon2 algorithm (since PHP 7.4), set special value of 1 for "threads" cost factor + * See https://wiki.php.net/rfc/sodium.argon.hash and PHPBB3-16266 + * Don't allow cost factors to be below default settings where possible + */ + $this->memory_cost = max($memory_cost, PASSWORD_ARGON2_DEFAULT_MEMORY_COST); + $this->time_cost = max($time_cost, PASSWORD_ARGON2_DEFAULT_TIME_COST); + $this->threads = (defined('PASSWORD_ARGON2_PROVIDER') && PASSWORD_ARGON2_PROVIDER == 'sodium') ? + PASSWORD_ARGON2_DEFAULT_THREADS : max($threads, PASSWORD_ARGON2_DEFAULT_THREADS); } /** diff --git a/tests/passwords/drivers_test.php b/tests/passwords/drivers_test.php index 8c1fdf49c2..fc11ca0bc7 100644 --- a/tests/passwords/drivers_test.php +++ b/tests/passwords/drivers_test.php @@ -21,10 +21,15 @@ class phpbb_passwords_helper_test extends \phpbb_test_case $this->driver_helper = new \phpbb\passwords\driver\helper($config); $phpbb_root_path = dirname(__FILE__) . '/../../phpBB/'; $php_ext = 'php'; + + // Initialize argon2 default options + $this->argon2_default_cost_options = [ + 'memory_cost' => 1024, + 'time_cost' => 2, + 'threads' => 2 + ]; $this->passwords_drivers = array( - 'passwords.driver.argon2i' => new \phpbb\passwords\driver\argon2i($config, $this->driver_helper), - 'passwords.driver.argon2id' => new \phpbb\passwords\driver\argon2id($config, $this->driver_helper), 'passwords.driver.bcrypt_2y' => new \phpbb\passwords\driver\bcrypt_2y($config, $this->driver_helper, 10), 'passwords.driver.bcrypt' => new \phpbb\passwords\driver\bcrypt($config, $this->driver_helper, 10), 'passwords.driver.salted_md5' => new \phpbb\passwords\driver\salted_md5($config, $this->driver_helper), @@ -39,6 +44,19 @@ class phpbb_passwords_helper_test extends \phpbb_test_case ); $this->passwords_drivers['passwords.driver.md5_phpbb2'] = new \phpbb\passwords\driver\md5_phpbb2($request, $this->passwords_drivers['passwords.driver.salted_md5'], $this->driver_helper, $phpbb_root_path, $php_ext); $this->passwords_drivers['passwords.driver.bcrypt_wcf2'] = new \phpbb\passwords\driver\bcrypt_wcf2($this->passwords_drivers['passwords.driver.bcrypt'], $this->driver_helper); + + $pwhash_supported = function_exists('password_hash') && function_exists('password_needs_rehash') && function_exists('password_verify'); + if (defined('PASSWORD_ARGON2I') && $pwhash_supported) + { + $this->passwords_drivers['passwords.driver.argon2i'] = new \phpbb\passwords\driver\argon2i($config, $this->driver_helper); + $this->argon2_default_cost_options = $this->passwords_drivers['passwords.driver.argon2i']->get_options(); + } + + if (defined('PASSWORD_ARGON2ID') && $pwhash_supported) + { + $this->passwords_drivers['passwords.driver.argon2id'] = new \phpbb\passwords\driver\argon2id($config, $this->driver_helper); + $this->argon2_default_cost_options = $this->passwords_drivers['passwords.driver.argon2id']->get_options(); + } } public function data_helper_encode64() @@ -418,20 +436,34 @@ class phpbb_passwords_helper_test extends \phpbb_test_case public function data_needs_rehash() { - return array( + $data_array = [ array('passwords.driver.bcrypt_2y', '$2y$10$somerandomhash', false), array('passwords.driver.bcrypt', '$2a$10$somerandomhash', false), array('passwords.driver.salted_md5', 'foobar', false), array('passwords.driver.bcrypt_2y', '$2y$9$somerandomhash', true), array('passwords.driver.bcrypt', '$2a$04$somerandomhash', true), - array('passwords.driver.argon2i', '$argon2i$v=19$m=1024,t=2,p=2$NEF0S1JSN04yNGQ1UVRKdA$KYGNI9CbjoKh1UEu1PpdlqbuLbveGwkMcwcT2Un9pPM', false), - array('passwords.driver.argon2i', '$argon2i$v=19$m=128,t=2,p=2$M29GUi51QjdKLjIzbC9scQ$6h1gZDqn7JTmVdQ0lJh1x5nyvgO/DaJWUKOFJ0itCJ0', true), - array('passwords.driver.argon2i', '$argon2i$v=19$m=1024,t=1,p=2$UnFHb2F4NER3M0xWWmxMUQ$u3javvoAZJeIyR1P3eg0tb8VjEeXvQPagqwetonq1NA', true), - array('passwords.driver.argon2i', '$argon2i$v=19$m=1024,t=2,p=1$bm5SeGJ3R3ZRY1A0YXJPNg$v1A9m4sJW+ge0RBtpJ4w9861+J9xkguKBAsZHrG8LQU', true), - array('passwords.driver.argon2id', '$argon2id$v=19$m=1024,t=2,p=2$MXB4OW5sczE5TnFPYkEuYQ$2bxaMIp8+9x37O6v8zkqpBU72ohCibUrtgVZw7vyr5Q', false), - array('passwords.driver.argon2id', '$argon2id$v=19$m=128,t=2,p=2$RWV2VFAuWXk5bTVjbktOLg$Nt7Z7koa25SVRSKr3RKqjwKz26FENDuU+aL1DfMcWRo', true), - array('passwords.driver.argon2id', '$argon2id$v=19$m=1024,t=1,p=2$Rmw5M21IUFZDVEltYU0uTA$GIObGbHV6sOw5OQEtF8z+2ESztT96OWhCk17sUlwLAY', true), - ); + ]; + + if (isset($this->passwords_drivers['passwords.driver.argon2i'])) + { + $data_array = array_merge($data_array, [ + array('passwords.driver.argon2i', '$argon2i$v=19$m=' . $this->argon2_default_cost_options['memory_cost'] . ',t=' . $this->argon2_default_cost_options['time_cost'] . ',p=' . $this->argon2_default_cost_options['threads'] . '$NEF0S1JSN04yNGQ1UVRKdA$KYGNI9CbjoKh1UEu1PpdlqbuLbveGwkMcwcT2Un9pPM', false), + array('passwords.driver.argon2i', '$argon2i$v=19$m=128,t=2,p=2$M29GUi51QjdKLjIzbC9scQ$6h1gZDqn7JTmVdQ0lJh1x5nyvgO/DaJWUKOFJ0itCJ0', true), + array('passwords.driver.argon2i', '$argon2i$v=19$m=1024,t=1,p=2$UnFHb2F4NER3M0xWWmxMUQ$u3javvoAZJeIyR1P3eg0tb8VjEeXvQPagqwetonq1NA', true), + array('passwords.driver.argon2i', '$argon2i$v=19$m=1024,t=2,p=1$bm5SeGJ3R3ZRY1A0YXJPNg$v1A9m4sJW+ge0RBtpJ4w9861+J9xkguKBAsZHrG8LQU', true), + ]); + } + + if (isset($this->passwords_drivers['passwords.driver.argon2id'])) + { + $data_array = array_merge($data_array, [ + array('passwords.driver.argon2id', '$argon2id$v=19$m=' . $this->argon2_default_cost_options['memory_cost'] . ',t=' . $this->argon2_default_cost_options['time_cost'] . ',p=' . $this->argon2_default_cost_options['threads'] . '$MXB4OW5sczE5TnFPYkEuYQ$2bxaMIp8+9x37O6v8zkqpBU72ohCibUrtgVZw7vyr5Q', false), + array('passwords.driver.argon2id', '$argon2id$v=19$m=128,t=2,p=2$RWV2VFAuWXk5bTVjbktOLg$Nt7Z7koa25SVRSKr3RKqjwKz26FENDuU+aL1DfMcWRo', true), + array('passwords.driver.argon2id', '$argon2id$v=19$m=1024,t=1,p=2$Rmw5M21IUFZDVEltYU0uTA$GIObGbHV6sOw5OQEtF8z+2ESztT96OWhCk17sUlwLAY', true), + ]); + } + + return $data_array; } /** |