php-src/ext/standard/php_password.h

/*
   +----------------------------------------------------------------------+
   | Copyright (c) The PHP Group                                          |
   +----------------------------------------------------------------------+
   | This source file is subject to version 3.01 of the PHP license,      |
   | that is bundled with this package in the file LICENSE, and is        |
   | available through the world-wide-web at the following url:           |
   | https://www.php.net/license/3_01.txt                                 |
   | If you did not receive a copy of the PHP license and are unable to   |
   | obtain it through the world-wide-web, please send a note to          |
   | license@php.net so we can mail you a copy immediately.               |
   +----------------------------------------------------------------------+
   | Authors: Anthony Ferrara <ircmaxell@php.net>                         |
   |          Charles R. Portwood II <charlesportwoodii@erianna.com>      |
   +----------------------------------------------------------------------+
*/

#ifndef PHP_PASSWORD_H
#define PHP_PASSWORD_H

PHP_MINIT_FUNCTION(password);
PHP_MSHUTDOWN_FUNCTION(password);

#define PHP_PASSWORD_DEFAULT    PHP_PASSWORD_BCRYPT
#define PHP_PASSWORD_BCRYPT_COST 10

#ifdef HAVE_ARGON2LIB
/**
 * When updating these values, synchronize ext/sodium/sodium_pwhash.c values.
 * Note that libargon expresses memlimit in KB, while libsoidum uses bytes.
 */
#define PHP_PASSWORD_ARGON2_MEMORY_COST (64 << 10)
#define PHP_PASSWORD_ARGON2_TIME_COST 4
#define PHP_PASSWORD_ARGON2_THREADS 1
#endif

typedef struct _php_password_algo {
	const char *name;
	zend_string *(*hash)(const zend_string *password, zend_array *options);
	bool (*verify)(const zend_string *password, const zend_string *hash);
	bool (*needs_rehash)(const zend_string *password, zend_array *options);
	int (*get_info)(zval *return_value, const zend_string *hash);
	bool (*valid)(const zend_string *hash);
} php_password_algo;

extern const php_password_algo php_password_algo_bcrypt;
#ifdef HAVE_ARGON2LIB
extern const php_password_algo php_password_algo_argon2i;
extern const php_password_algo php_password_algo_argon2id;
#endif

PHPAPI int php_password_algo_register(const char*, const php_password_algo*);
PHPAPI void php_password_algo_unregister(const char*);
PHPAPI const php_password_algo* php_password_algo_default(void);
PHPAPI zend_string *php_password_algo_extract_ident(const zend_string*);
PHPAPI const php_password_algo* php_password_algo_find(const zend_string*);

PHPAPI const php_password_algo* php_password_algo_identify_ex(const zend_string*, const php_password_algo*);
static inline const php_password_algo* php_password_algo_identify(const zend_string *hash) {
	return php_password_algo_identify_ex(hash, php_password_algo_default());
}


#endif
Base structure for passsword_create and password_make_salt 2012-06-25 02:44:43 +00:00			`/*`
			`+----------------------------------------------------------------------+`
Remove yearly range from copyright notice 2019-01-30 09:03:12 +00:00			`\| Copyright (c) The PHP Group \|`
Base structure for passsword_create and password_make_salt 2012-06-25 02:44:43 +00:00			`+----------------------------------------------------------------------+`
			`\| This source file is subject to version 3.01 of the PHP license, \|`
			`\| that is bundled with this package in the file LICENSE, and is \|`
			`\| available through the world-wide-web at the following url: \|`
Update http->https in license (#6945) 1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https. 2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier". 3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted. 4. fixed indentation in some files before \| 2021-05-06 10:16:35 +00:00			`\| https://www.php.net/license/3_01.txt \|`
Base structure for passsword_create and password_make_salt 2012-06-25 02:44:43 +00:00			`\| If you did not receive a copy of the PHP license and are unable to \|`
			`\| obtain it through the world-wide-web, please send a note to \|`
			`\| license@php.net so we can mail you a copy immediately. \|`
			`+----------------------------------------------------------------------+`
			`\| Authors: Anthony Ferrara <ircmaxell@php.net> \|`
Working implementation with password_hash, password_verify 2016-07-09 04:45:19 +00:00			`\| Charles R. Portwood II <charlesportwoodii@erianna.com> \|`
Base structure for passsword_create and password_make_salt 2012-06-25 02:44:43 +00:00			`+----------------------------------------------------------------------+`
			`*/`

			`#ifndef PHP_PASSWORD_H`
			`#define PHP_PASSWORD_H`

			`PHP_MINIT_FUNCTION(password);`
Fixed memory leaks 2018-12-13 13:21:08 +00:00			`PHP_MSHUTDOWN_FUNCTION(password);`
Base structure for passsword_create and password_make_salt 2012-06-25 02:44:43 +00:00
Reverting PASSWORD_DEFAULT to PASSWORD_BCRYPT Indicating constants as defaults Minor coding standards change 2016-07-10 13:16:55 +00:00			`#define PHP_PASSWORD_DEFAULT PHP_PASSWORD_BCRYPT`
Remove php.ini setting for default bcrypt cost 2012-07-03 11:33:55 +00:00			`#define PHP_PASSWORD_BCRYPT_COST 10`
Removing argon2 library files in favor of --with-argon2[=DIR] - Configure flag now accepts --with-argon2 for dynamic linking with libargon2. Argon2 will be enabled in password_* only if this flag is passed. - --with-argon2 config flag allows user passed directory for linking - Added Argon2 specific tests to ensure existing tests do not fail when argon2 is disable 2016-07-11 21:31:31 +00:00
Fix [-Wundef] warnings in standard extension 2020-05-20 16:34:20 +00:00			`#ifdef HAVE_ARGON2LIB`
Provide argon2i(d) password hashing from sodium when needed 2019-04-05 21:33:10 +00:00			`/**`
			`* When updating these values, synchronize ext/sodium/sodium_pwhash.c values.`
			`* Note that libargon expresses memlimit in KB, while libsoidum uses bytes.`
			`*/`
Relax argon2 mem_cost down to 64k, bump time_cost to 4 2019-07-09 15:18:13 +00:00			`#define PHP_PASSWORD_ARGON2_MEMORY_COST (64 << 10)`
			`#define PHP_PASSWORD_ARGON2_TIME_COST 4`
Provide argon2i(d) password hashing from sodium when needed 2019-04-05 21:33:10 +00:00			`#define PHP_PASSWORD_ARGON2_THREADS 1`
Removing argon2 library files in favor of --with-argon2[=DIR] - Configure flag now accepts --with-argon2 for dynamic linking with libargon2. Argon2 will be enabled in password_* only if this flag is passed. - --with-argon2 config flag allows user passed directory for linking - Added Argon2 specific tests to ensure existing tests do not fail when argon2 is disable 2016-07-11 21:31:31 +00:00			`#endif`
Remove php.ini setting for default bcrypt cost 2012-07-03 11:33:55 +00:00
Implement password mechanism registry RFC: https://wiki.php.net/rfc/password_registry 2018-10-15 18:58:34 +00:00			`typedef struct _php_password_algo {`
			`const char *name;`
			`zend_string (hash)(const zend_string password, zend_array options);`
Replace zend_bool uses with bool We're starting to see a mix between uses of zend_bool and bool. Replace all usages with the standard bool type everywhere. Of course, zend_bool is retained as an alias. 2021-01-15 11:30:54 +00:00			`bool (verify)(const zend_string password, const zend_string *hash);`
			`bool (needs_rehash)(const zend_string password, zend_array *options);`
Implement password mechanism registry RFC: https://wiki.php.net/rfc/password_registry 2018-10-15 18:58:34 +00:00			`int (get_info)(zval return_value, const zend_string *hash);`
Replace zend_bool uses with bool We're starting to see a mix between uses of zend_bool and bool. Replace all usages with the standard bool type everywhere. Of course, zend_bool is retained as an alias. 2021-01-15 11:30:54 +00:00			`bool (valid)(const zend_string hash);`
Implement password mechanism registry RFC: https://wiki.php.net/rfc/password_registry 2018-10-15 18:58:34 +00:00			`} php_password_algo;`

			`extern const php_password_algo php_password_algo_bcrypt;`
Fix [-Wundef] warnings in standard extension 2020-05-20 16:34:20 +00:00			`#ifdef HAVE_ARGON2LIB`
Implement password mechanism registry RFC: https://wiki.php.net/rfc/password_registry 2018-10-15 18:58:34 +00:00			`extern const php_password_algo php_password_algo_argon2i;`
			`extern const php_password_algo php_password_algo_argon2id;`
Removing argon2 library files in favor of --with-argon2[=DIR] - Configure flag now accepts --with-argon2 for dynamic linking with libargon2. Argon2 will be enabled in password_* only if this flag is passed. - --with-argon2 config flag allows user passed directory for linking - Added Argon2 specific tests to ensure existing tests do not fail when argon2 is disable 2016-07-11 21:31:31 +00:00			`#endif`
Implement password mechanism registry RFC: https://wiki.php.net/rfc/password_registry 2018-10-15 18:58:34 +00:00
			`PHPAPI int php_password_algo_register(const char, const php_password_algo);`
			`PHPAPI void php_password_algo_unregister(const char*);`
Fix warning of strict-prototypes Closes GH-5673. 2020-06-06 12:13:38 +00:00			`PHPAPI const php_password_algo* php_password_algo_default(void);`
Implement password mechanism registry RFC: https://wiki.php.net/rfc/password_registry 2018-10-15 18:58:34 +00:00			`PHPAPI zend_string php_password_algo_extract_ident(const zend_string);`
			`PHPAPI const php_password_algo* php_password_algo_find(const zend_string*);`

			`PHPAPI const php_password_algo* php_password_algo_identify_ex(const zend_string, const php_password_algo);`
			`static inline const php_password_algo* php_password_algo_identify(const zend_string *hash) {`
			`return php_password_algo_identify_ex(hash, php_password_algo_default());`
			`}`

Switch to using an ENUM for algorithms instead of a constant 2012-09-13 14:32:54 +00:00
Base structure for passsword_create and password_make_salt 2012-06-25 02:44:43 +00:00			`#endif`