mirror of
https://github.com/php/php-src.git
synced 2024-09-22 10:27:25 +00:00
Changing m_cost and t_cost to memory_cost and time_cost
- Updating tests - Adjusting cost factors: - memory_cost = 1 MiB - time_cost = 2 - threads = 2
This commit is contained in:
parent
d883f65d31
commit
0e3b3b031f
@ -45,7 +45,6 @@ PHP_MINIT_FUNCTION(password) /* {{{ */
|
||||
REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT", PHP_PASSWORD_BCRYPT, CONST_CS | CONST_PERSISTENT);
|
||||
#if HAVE_ARGON2LIB
|
||||
REGISTER_LONG_CONSTANT("PASSWORD_ARGON2I", PHP_PASSWORD_ARGON2I, CONST_CS | CONST_PERSISTENT);
|
||||
REGISTER_LONG_CONSTANT("PASSWORD_ARGON2", PHP_PASSWORD_ARGON2, CONST_CS | CONST_PERSISTENT);
|
||||
#endif
|
||||
|
||||
REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT_DEFAULT_COST", PHP_PASSWORD_BCRYPT_COST, CONST_CS | CONST_PERSISTENT);
|
||||
@ -195,13 +194,13 @@ PHP_FUNCTION(password_get_info)
|
||||
case PHP_PASSWORD_ARGON2I:
|
||||
{
|
||||
zend_long v = 0;
|
||||
zend_long m_cost = PHP_PASSWORD_ARGON2_MEMORY_COST;
|
||||
zend_long t_cost = PHP_PASSWORD_ARGON2_TIME_COST;
|
||||
zend_long memory_cost = PHP_PASSWORD_ARGON2_MEMORY_COST;
|
||||
zend_long time_cost = PHP_PASSWORD_ARGON2_TIME_COST;
|
||||
zend_long threads = PHP_PASSWORD_ARGON2_THREADS;
|
||||
|
||||
sscanf(hash, "$%*[argon2i]$v=" ZEND_LONG_FMT "$m=" ZEND_LONG_FMT ",t=" ZEND_LONG_FMT ",p=" ZEND_LONG_FMT, &v, &m_cost, &t_cost, &threads);
|
||||
add_assoc_long(&options, "m_cost", m_cost);
|
||||
add_assoc_long(&options, "t_cost", t_cost);
|
||||
sscanf(hash, "$%*[argon2i]$v=" ZEND_LONG_FMT "$m=" ZEND_LONG_FMT ",t=" ZEND_LONG_FMT ",p=" ZEND_LONG_FMT, &v, &memory_cost, &time_cost, &threads);
|
||||
add_assoc_long(&options, "memory_cost", memory_cost);
|
||||
add_assoc_long(&options, "time_cost", time_cost);
|
||||
add_assoc_long(&options, "threads", threads);
|
||||
}
|
||||
break;
|
||||
@ -259,25 +258,25 @@ PHP_FUNCTION(password_needs_rehash)
|
||||
case PHP_PASSWORD_ARGON2I:
|
||||
{
|
||||
zend_long v = 0;
|
||||
zend_long new_m_cost = PHP_PASSWORD_ARGON2_MEMORY_COST, m_cost = 0;
|
||||
zend_long new_t_cost = PHP_PASSWORD_ARGON2_TIME_COST, t_cost = 0;
|
||||
zend_long new_memory_cost = PHP_PASSWORD_ARGON2_MEMORY_COST, memory_cost = 0;
|
||||
zend_long new_time_cost = PHP_PASSWORD_ARGON2_TIME_COST, time_cost = 0;
|
||||
zend_long new_threads = PHP_PASSWORD_ARGON2_THREADS, threads = 0;
|
||||
|
||||
if (options && (option_buffer = zend_hash_str_find(options, "m_cost", sizeof("m_cost")-1)) != NULL) {
|
||||
new_m_cost = zval_get_long(option_buffer);
|
||||
if (options && (option_buffer = zend_hash_str_find(options, "memory_cost", sizeof("memory_cost")-1)) != NULL) {
|
||||
new_memory_cost = zval_get_long(option_buffer);
|
||||
}
|
||||
|
||||
if (options && (option_buffer = zend_hash_str_find(options, "t_cost", sizeof("t_cost")-1)) != NULL) {
|
||||
new_t_cost = zval_get_long(option_buffer);
|
||||
if (options && (option_buffer = zend_hash_str_find(options, "time_cost", sizeof("time_cost")-1)) != NULL) {
|
||||
new_time_cost = zval_get_long(option_buffer);
|
||||
}
|
||||
|
||||
if (options && (option_buffer = zend_hash_str_find(options, "threads", sizeof("threads")-1)) != NULL) {
|
||||
new_threads = zval_get_long(option_buffer);
|
||||
}
|
||||
|
||||
sscanf(hash, "$%*[argon2i]$v=" ZEND_LONG_FMT "$m=" ZEND_LONG_FMT ",t=" ZEND_LONG_FMT ",p=" ZEND_LONG_FMT, &v, &m_cost, &t_cost, &threads);
|
||||
sscanf(hash, "$%*[argon2i]$v=" ZEND_LONG_FMT "$m=" ZEND_LONG_FMT ",t=" ZEND_LONG_FMT ",p=" ZEND_LONG_FMT, &v, &memory_cost, &time_cost, &threads);
|
||||
|
||||
if (new_t_cost != t_cost || new_m_cost != m_cost || new_threads != threads) {
|
||||
if (new_time_cost != time_cost || new_memory_cost != memory_cost || new_threads != threads) {
|
||||
RETURN_TRUE;
|
||||
}
|
||||
}
|
||||
@ -367,8 +366,8 @@ PHP_FUNCTION(password_hash)
|
||||
zval *option_buffer;
|
||||
|
||||
#if HAVE_ARGON2LIB
|
||||
size_t t_cost = PHP_PASSWORD_ARGON2_TIME_COST;
|
||||
size_t m_cost = PHP_PASSWORD_ARGON2_MEMORY_COST;
|
||||
size_t time_cost = PHP_PASSWORD_ARGON2_TIME_COST;
|
||||
size_t memory_cost = PHP_PASSWORD_ARGON2_MEMORY_COST;
|
||||
size_t threads = PHP_PASSWORD_ARGON2_THREADS;
|
||||
argon2_type type = Argon2_i;
|
||||
#endif
|
||||
@ -399,21 +398,21 @@ PHP_FUNCTION(password_hash)
|
||||
#if HAVE_ARGON2LIB
|
||||
case PHP_PASSWORD_ARGON2I:
|
||||
{
|
||||
if (options && (option_buffer = zend_hash_str_find(options, "m_cost", sizeof("m_cost")-1)) != NULL) {
|
||||
m_cost = zval_get_long(option_buffer);
|
||||
if (options && (option_buffer = zend_hash_str_find(options, "memory_cost", sizeof("memory_cost")-1)) != NULL) {
|
||||
memory_cost = zval_get_long(option_buffer);
|
||||
}
|
||||
|
||||
if (m_cost > ARGON2_MAX_MEMORY || m_cost < ARGON2_MIN_MEMORY) {
|
||||
php_error_docref(NULL, E_WARNING, "Memory cost is outside of allowed memory range", m_cost);
|
||||
if (memory_cost > ARGON2_MAX_MEMORY || memory_cost < ARGON2_MIN_MEMORY) {
|
||||
php_error_docref(NULL, E_WARNING, "Memory cost is outside of allowed memory range", memory_cost);
|
||||
RETURN_NULL();
|
||||
}
|
||||
|
||||
if (options && (option_buffer = zend_hash_str_find(options, "t_cost", sizeof("t_cost")-1)) != NULL) {
|
||||
t_cost = zval_get_long(option_buffer);
|
||||
if (options && (option_buffer = zend_hash_str_find(options, "time_cost", sizeof("time_cost")-1)) != NULL) {
|
||||
time_cost = zval_get_long(option_buffer);
|
||||
}
|
||||
|
||||
if (t_cost > ARGON2_MAX_TIME || t_cost < ARGON2_MIN_TIME) {
|
||||
php_error_docref(NULL, E_WARNING, "Time cost is outside of allowed time range", t_cost);
|
||||
if (time_cost > ARGON2_MAX_TIME || time_cost < ARGON2_MIN_TIME) {
|
||||
php_error_docref(NULL, E_WARNING, "Time cost is outside of allowed time range", time_cost);
|
||||
RETURN_NULL();
|
||||
}
|
||||
|
||||
@ -532,8 +531,8 @@ PHP_FUNCTION(password_hash)
|
||||
int status = 0;
|
||||
|
||||
encoded_len = argon2_encodedlen(
|
||||
t_cost,
|
||||
m_cost,
|
||||
time_cost,
|
||||
memory_cost,
|
||||
threads,
|
||||
(uint32_t)salt_len,
|
||||
out_len
|
||||
@ -543,8 +542,8 @@ PHP_FUNCTION(password_hash)
|
||||
zend_string *encoded = zend_string_alloc(encoded_len, 0);
|
||||
|
||||
status = argon2_hash(
|
||||
t_cost,
|
||||
m_cost,
|
||||
time_cost,
|
||||
memory_cost,
|
||||
threads,
|
||||
password,
|
||||
password_len,
|
||||
|
@ -33,10 +33,9 @@ PHP_MINIT_FUNCTION(password);
|
||||
#define PHP_PASSWORD_BCRYPT_COST 10
|
||||
|
||||
#if HAVE_ARGON2LIB
|
||||
#define PHP_PASSWORD_ARGON2 PHP_PASSWORD_ARGON2I
|
||||
#define PHP_PASSWORD_ARGON2_MEMORY_COST 1<<16
|
||||
#define PHP_PASSWORD_ARGON2_TIME_COST 3
|
||||
#define PHP_PASSWORD_ARGON2_THREADS 1
|
||||
#define PHP_PASSWORD_ARGON2_MEMORY_COST 1<<10
|
||||
#define PHP_PASSWORD_ARGON2_TIME_COST 2
|
||||
#define PHP_PASSWORD_ARGON2_THREADS 2
|
||||
#endif
|
||||
|
||||
typedef enum {
|
||||
|
@ -2,7 +2,7 @@
|
||||
Test normal operation of password_get_info() with Argon2
|
||||
--SKIPIF--
|
||||
<?php
|
||||
if (!defined('PASSWORD_ARGON2')) die('Skipped: password_get_info not built with Argon2');
|
||||
if (!defined('PASSWORD_ARGON2I')) die('Skipped: password_get_info not built with Argon2');
|
||||
?>
|
||||
--FILE--
|
||||
<?php
|
||||
@ -18,9 +18,9 @@ array(3) {
|
||||
string(7) "argon2i"
|
||||
["options"]=>
|
||||
array(3) {
|
||||
["m_cost"]=>
|
||||
["memory_cost"]=>
|
||||
int(65536)
|
||||
["t_cost"]=>
|
||||
["time_cost"]=>
|
||||
int(3)
|
||||
["threads"]=>
|
||||
int(1)
|
||||
|
@ -2,15 +2,12 @@
|
||||
Test normal operation of password_hash() with argon2
|
||||
--SKIPIF--
|
||||
<?php
|
||||
if (!defined('PASSWORD_ARGON2')) die('Skipped: password_get_info not built with Argon2');
|
||||
if (!defined('PASSWORD_ARGON2I')) die('Skipped: password_get_info not built with Argon2');
|
||||
--FILE--
|
||||
<?php
|
||||
|
||||
$password = "the password for testing 12345!";
|
||||
|
||||
$hash = password_hash($password, PASSWORD_ARGON2);
|
||||
var_dump(password_verify($password, $hash));
|
||||
|
||||
$hash = password_hash($password, PASSWORD_ARGON2I);
|
||||
var_dump(password_verify($password, $hash));
|
||||
|
||||
@ -18,5 +15,4 @@ echo "OK!";
|
||||
?>
|
||||
--EXPECT--
|
||||
bool(true)
|
||||
bool(true)
|
||||
OK!
|
@ -2,13 +2,13 @@
|
||||
Test error operation of password_hash() with argon2
|
||||
--SKIPIF--
|
||||
<?php
|
||||
if (!defined('PASSWORD_ARGON2')) die('Skipped: password_get_info not built with Argon2');
|
||||
if (!defined('PASSWORD_ARGON2I')) die('Skipped: password_get_info not built with Argon2');
|
||||
?>
|
||||
--FILE--
|
||||
<?php
|
||||
var_dump(password_hash('test', PASSWORD_ARGON2, ['m_cost' => 0]));
|
||||
var_dump(password_hash('test', PASSWORD_ARGON2, ['t_cost' => 0]));
|
||||
var_dump(password_hash('test', PASSWORD_ARGON2, ['threads' => 0]));
|
||||
var_dump(password_hash('test', PASSWORD_ARGON2I, ['memory_cost' => 0]));
|
||||
var_dump(password_hash('test', PASSWORD_ARGON2I, ['time_cost' => 0]));
|
||||
var_dump(password_hash('test', PASSWORD_ARGON2I, ['threads' => 0]));
|
||||
?>
|
||||
--EXPECTF--
|
||||
Warning: password_hash(): Memory cost is outside of allowed memory range in %s on line %d
|
||||
|
@ -2,16 +2,16 @@
|
||||
Test normal operation of password_needs_rehash() with argon2
|
||||
--SKIPIF--
|
||||
<?php
|
||||
if (!defined('PASSWORD_ARGON2')) die('Skipped: password_get_info not built with Argon2');
|
||||
if (!defined('PASSWORD_ARGON2I')) die('Skipped: password_get_info not built with Argon2');
|
||||
?>
|
||||
--FILE--
|
||||
<?php
|
||||
|
||||
$hash = '$argon2i$v=19$m=65536,t=3,p=1$YkprUktYN0lHQTd2bWRFeA$79aA+6IvgclpDAJVoezProlqzIPy7do/P0sBDXS9Nn0';
|
||||
var_dump(password_needs_rehash($hash, PASSWORD_ARGON2));
|
||||
var_dump(password_needs_rehash($hash, PASSWORD_ARGON2, ['m_cost' => 1<<17]));
|
||||
var_dump(password_needs_rehash($hash, PASSWORD_ARGON2, ['t_cost' => 2]));
|
||||
var_dump(password_needs_rehash($hash, PASSWORD_ARGON2, ['threads' => 2]));
|
||||
var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I));
|
||||
var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['memory_cost' => 1<<17]));
|
||||
var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['time_cost' => 2]));
|
||||
var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['threads' => 2]));
|
||||
echo "OK!";
|
||||
?>
|
||||
--EXPECT--
|
||||
|
@ -2,7 +2,7 @@
|
||||
Test normal operation of password_verify() with argon2
|
||||
--SKIPIF--
|
||||
<?php
|
||||
if (!defined('PASSWORD_ARGON2')) die('Skipped: password_get_info not built with Argon2');
|
||||
if (!defined('PASSWORD_ARGON2I')) die('Skipped: password_get_info not built with Argon2');
|
||||
?>
|
||||
--FILE--
|
||||
<?php
|
||||
|
Loading…
Reference in New Issue
Block a user