ext/sodium: move pwhash_scrypt() after pwhash()

author Frank Denis <github@pureftpd.org>

Mon, 2 Oct 2017 20:19:55 +0000 (22:19 +0200)

committer Frank Denis <github@pureftpd.org>

Mon, 2 Oct 2017 20:19:55 +0000 (22:19 +0200)
author Frank Denis <github@pureftpd.org>
Mon, 2 Oct 2017 20:19:55 +0000 (22:19 +0200)
committer Frank Denis <github@pureftpd.org>
Mon, 2 Oct 2017 20:19:55 +0000 (22:19 +0200)
diff --git a/ext/sodium/libsodium.c b/ext/sodium/libsodium.c

index 8ad365c29895e0224ed243e065399c9e0a4f82aa..b5610520d9af663eb11202bb8f5599ccdb7dea62 100644 (file)
--- a/ext/sodium/libsodium.c
+++ b/ext/sodium/libsodium.c
@@ -1785,8 +1785,8 @@ PHP_FUNCTION(sodium_crypto_stream_xor)
         RETURN_STR(ciphertext);
  }
  
-#ifdef crypto_pwhash_scryptsalsa208sha256_SALTBYTES
-PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256)
+#ifdef crypto_pwhash_SALTBYTES
+PHP_FUNCTION(sodium_crypto_pwhash)
  {
         zend_string   *hash;
         unsigned char *salt;
@@ -1794,21 +1794,28 @@ PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256)
         zend_long      hash_len;
         zend_long      memlimit;
         zend_long      opslimit;
+       zend_long      alg;
         size_t         passwd_len;
         size_t         salt_len;
+       int            ret;
  
-       if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "lssll",
+       alg = (zend_long) crypto_pwhash_ALG_DEFAULT;
+       if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "lssll|l",
                                                                         &hash_len,
                                                                         &passwd, &passwd_len,
                                                                         &salt, &salt_len,
-                                                                       &opslimit, &memlimit) == FAILURE) {
+                                                                       &opslimit, &memlimit, &alg) == FAILURE) {
                 sodium_remove_param_values_from_backtrace(EG(exception));
                 return;
         }
-       if (hash_len <= 0 || hash_len >= SIZE_MAX || hash_len > 0x1fffffffe0ULL) {
+       if (hash_len <= 0 || hash_len >= 0xffffffff) {
                 zend_throw_exception(sodium_exception_ce, "hash length must be greater than 0", 0);
                 return;
         }
+       if (passwd_len >= 0xffffffff) {
+               zend_throw_exception(sodium_exception_ce, "unsupported password length", 0);
+               return;
+       }
         if (opslimit <= 0) {
                 zend_throw_exception(sodium_exception_ce, "ops limit must be greater than 0", 0);
                 return;
@@ -1817,28 +1824,45 @@ PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256)
                 zend_throw_exception(sodium_exception_ce, "memory limit must be greater than 0", 0);
                 return;
         }
+       if (alg != crypto_pwhash_ALG_ARGON2I13
+# ifdef crypto_pwhash_ALG_ARGON2ID13
+               && alg != crypto_pwhash_ALG_ARGON2ID13
+# endif
+               && alg != crypto_pwhash_ALG_DEFAULT) {
+               zend_throw_exception(sodium_exception_ce, "unsupported password hashing algorithm", 0);
+               return;
+       }
         if (passwd_len <= 0) {
                 zend_error(E_WARNING, "empty password");
         }
-       if (salt_len != crypto_pwhash_scryptsalsa208sha256_SALTBYTES) {
-               zend_throw_exception(sodium_exception_ce,
-                                  "salt should be SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES bytes",
-                                  0);
+       if (salt_len != crypto_pwhash_SALTBYTES) {
+               zend_throw_exception(sodium_exception_ce, "salt should be SODIUM_CRYPTO_PWHASH_SALTBYTES bytes", 0);
                 return;
         }
-       if (opslimit < crypto_pwhash_scryptsalsa208sha256_opslimit_interactive()) {
+       if (opslimit < crypto_pwhash_OPSLIMIT_INTERACTIVE) {
                 zend_error(E_WARNING,
-                                  "number of operations for the scrypt function is low");
+                                  "number of operations for the password hashing function is low");
         }
-       if (memlimit < crypto_pwhash_scryptsalsa208sha256_memlimit_interactive()) {
-               zend_error(E_WARNING,
-                                  "maximum memory for the scrypt function is low");
+       if (memlimit < crypto_pwhash_MEMLIMIT_INTERACTIVE) {
+               zend_error(E_WARNING, "maximum memory for the password hashing function is low");
         }
         hash = zend_string_alloc((size_t) hash_len, 0);
-       if (crypto_pwhash_scryptsalsa208sha256
-               ((unsigned char *) ZSTR_VAL(hash), (unsigned long long) hash_len,
-                passwd, (unsigned long long) passwd_len, salt,
-                (unsigned long long) opslimit, (size_t) memlimit) != 0) {
+       ret = -1;
+# ifdef crypto_pwhash_ALG_ARGON2ID13
+       if (alg == crypto_pwhash_ALG_ARGON2ID13) {
+               ret = crypto_pwhash_argon2id
+                       ((unsigned char *) ZSTR_VAL(hash), (unsigned long long) hash_len,
+                         passwd, (unsigned long long) passwd_len, salt,
+                         (unsigned long long) opslimit, (size_t) memlimit, (int) alg);
+       }
+# endif
+       if (ret == -1) {
+               ret = crypto_pwhash
+                       ((unsigned char *) ZSTR_VAL(hash), (unsigned long long) hash_len,
+                         passwd, (unsigned long long) passwd_len, salt,
+                         (unsigned long long) opslimit, (size_t) memlimit, (int) alg);
+       }
+       if (ret != 0) {
                 zend_string_free(hash);
                 zend_throw_exception(sodium_exception_ce, "internal error", 0);
                 return;
@@ -1848,13 +1872,14 @@ PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256)
         RETURN_STR(hash);
  }
  
-PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str)
+PHP_FUNCTION(sodium_crypto_pwhash_str)
  {
         zend_string *hash_str;
         char        *passwd;
         zend_long    memlimit;
         zend_long    opslimit;
         size_t       passwd_len;
+       size_t       len;
  
         if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "sll",
                                                                         &passwd, &passwd_len,
@@ -1870,32 +1895,58 @@ PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str)
                 zend_throw_exception(sodium_exception_ce, "memory limit must be greater than 0", 0);
                 return;
         }
+       if (passwd_len >= 0xffffffff) {
+               zend_throw_exception(sodium_exception_ce, "unsupported password length", 0);
+               return;
+       }
         if (passwd_len <= 0) {
                 zend_error(E_WARNING, "empty password");
         }
-       if (opslimit < crypto_pwhash_scryptsalsa208sha256_opslimit_interactive()) {
+       if (opslimit < crypto_pwhash_OPSLIMIT_INTERACTIVE) {
                 zend_error(E_WARNING,
-                                  "number of operations for the scrypt function is low");
+                                  "number of operations for the password hashing function is low");
         }
-       if (memlimit < crypto_pwhash_scryptsalsa208sha256_memlimit_interactive()) {
+       if (memlimit < crypto_pwhash_MEMLIMIT_INTERACTIVE) {
                 zend_error(E_WARNING,
-                                  "maximum memory for the scrypt function is low");
+                                  "maximum memory for the password hashing function is low");
         }
-       hash_str = zend_string_alloc
-               (crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1, 0);
-       if (crypto_pwhash_scryptsalsa208sha256_str
+       hash_str = zend_string_alloc(crypto_pwhash_STRBYTES - 1, 0);
+       if (crypto_pwhash_str
                 (ZSTR_VAL(hash_str), passwd, (unsigned long long) passwd_len,
                  (unsigned long long) opslimit, (size_t) memlimit) != 0) {
                 zend_string_free(hash_str);
                 zend_throw_exception(sodium_exception_ce, "internal error", 0);
                 return;
         }
-       ZSTR_VAL(hash_str)[crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1] = 0;
+       ZSTR_VAL(hash_str)[crypto_pwhash_STRBYTES - 1] = 0;
+
+       len = strlen(ZSTR_VAL(hash_str));
+       PHP_SODIUM_ZSTR_TRUNCATE(hash_str, len);
  
         RETURN_STR(hash_str);
  }
  
-PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str_verify)
+#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)
+PHP_FUNCTION(sodium_crypto_pwhash_str_needs_rehash)
+{
+       char      *hash_str;
+       zend_long  memlimit;
+       zend_long  opslimit;
+       size_t     hash_str_len;
+
+       if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "sll",
+                                                                       &hash_str, &hash_str_len) == FAILURE) {
+               zend_throw_exception(sodium_exception_ce, "a PHP string is required", 0);
+               return;
+       }
+       if (crypto_pwhash_str_needs_rehash(hash_str, opslimit, memlimit) == 0) {
+               RETURN_FALSE;
+       }
+       RETURN_TRUE;
+}
+#endif
+
+PHP_FUNCTION(sodium_crypto_pwhash_str_verify)
  {
         char      *hash_str;
         char      *passwd;
@@ -1908,14 +1959,15 @@ PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str_verify)
                 sodium_remove_param_values_from_backtrace(EG(exception));
                 return;
         }
+       if (passwd_len >= 0xffffffff) {
+               zend_throw_exception(sodium_exception_ce,
+                                  "unsupported password length", 0);
+               return;
+       }
         if (passwd_len <= 0) {
                 zend_error(E_WARNING, "empty password");
         }
-       if (hash_str_len != crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1) {
-               zend_error(E_WARNING, "wrong size for the hashed password");
-               RETURN_FALSE;
-       }
-       if (crypto_pwhash_scryptsalsa208sha256_str_verify
+       if (crypto_pwhash_str_verify
                 (hash_str, passwd, (unsigned long long) passwd_len) == 0) {
                 RETURN_TRUE;
         }
@@ -1923,8 +1975,8 @@ PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str_verify)
  }
  #endif
  
-#ifdef crypto_pwhash_SALTBYTES
-PHP_FUNCTION(sodium_crypto_pwhash)
+#ifdef crypto_pwhash_scryptsalsa208sha256_SALTBYTES
+PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256)
  {
         zend_string   *hash;
         unsigned char *salt;
@@ -1932,28 +1984,21 @@ PHP_FUNCTION(sodium_crypto_pwhash)
         zend_long      hash_len;
         zend_long      memlimit;
         zend_long      opslimit;
-       zend_long      alg;
         size_t         passwd_len;
         size_t         salt_len;
-       int            ret;
  
-       alg = (zend_long) crypto_pwhash_ALG_DEFAULT;
-       if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "lssll|l",
+       if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "lssll",
                                                                         &hash_len,
                                                                         &passwd, &passwd_len,
                                                                         &salt, &salt_len,
-                                                                       &opslimit, &memlimit, &alg) == FAILURE) {
+                                                                       &opslimit, &memlimit) == FAILURE) {
                 sodium_remove_param_values_from_backtrace(EG(exception));
                 return;
         }
-       if (hash_len <= 0 || hash_len >= 0xffffffff) {
+       if (hash_len <= 0 || hash_len >= SIZE_MAX || hash_len > 0x1fffffffe0ULL) {
                 zend_throw_exception(sodium_exception_ce, "hash length must be greater than 0", 0);
                 return;
         }
-       if (passwd_len >= 0xffffffff) {
-               zend_throw_exception(sodium_exception_ce, "unsupported password length", 0);
-               return;
-       }
         if (opslimit <= 0) {
                 zend_throw_exception(sodium_exception_ce, "ops limit must be greater than 0", 0);
                 return;
@@ -1962,45 +2007,28 @@ PHP_FUNCTION(sodium_crypto_pwhash)
                 zend_throw_exception(sodium_exception_ce, "memory limit must be greater than 0", 0);
                 return;
         }
-       if (alg != crypto_pwhash_ALG_ARGON2I13
-# ifdef crypto_pwhash_ALG_ARGON2ID13
-               && alg != crypto_pwhash_ALG_ARGON2ID13
-# endif
-               && alg != crypto_pwhash_ALG_DEFAULT) {
-               zend_throw_exception(sodium_exception_ce, "unsupported password hashing algorithm", 0);
-               return;
-       }
         if (passwd_len <= 0) {
                 zend_error(E_WARNING, "empty password");
         }
-       if (salt_len != crypto_pwhash_SALTBYTES) {
-               zend_throw_exception(sodium_exception_ce, "salt should be SODIUM_CRYPTO_PWHASH_SALTBYTES bytes", 0);
+       if (salt_len != crypto_pwhash_scryptsalsa208sha256_SALTBYTES) {
+               zend_throw_exception(sodium_exception_ce,
+                                  "salt should be SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES bytes",
+                                  0);
                 return;
         }
-       if (opslimit < crypto_pwhash_OPSLIMIT_INTERACTIVE) {
+       if (opslimit < crypto_pwhash_scryptsalsa208sha256_opslimit_interactive()) {
                 zend_error(E_WARNING,
-                                  "number of operations for the password hashing function is low");
+                                  "number of operations for the scrypt function is low");
         }
-       if (memlimit < crypto_pwhash_MEMLIMIT_INTERACTIVE) {
-               zend_error(E_WARNING, "maximum memory for the password hashing function is low");
+       if (memlimit < crypto_pwhash_scryptsalsa208sha256_memlimit_interactive()) {
+               zend_error(E_WARNING,
+                                  "maximum memory for the scrypt function is low");
         }
         hash = zend_string_alloc((size_t) hash_len, 0);
-       ret = -1;
-# ifdef crypto_pwhash_ALG_ARGON2ID13
-       if (alg == crypto_pwhash_ALG_ARGON2ID13) {
-               ret = crypto_pwhash_argon2id
-                       ((unsigned char *) ZSTR_VAL(hash), (unsigned long long) hash_len,
-                         passwd, (unsigned long long) passwd_len, salt,
-                         (unsigned long long) opslimit, (size_t) memlimit, (int) alg);
-       }
-# endif
-       if (ret == -1) {
-               ret = crypto_pwhash
-                       ((unsigned char *) ZSTR_VAL(hash), (unsigned long long) hash_len,
-                         passwd, (unsigned long long) passwd_len, salt,
-                         (unsigned long long) opslimit, (size_t) memlimit, (int) alg);
-       }
-       if (ret != 0) {
+       if (crypto_pwhash_scryptsalsa208sha256
+               ((unsigned char *) ZSTR_VAL(hash), (unsigned long long) hash_len,
+                passwd, (unsigned long long) passwd_len, salt,
+                (unsigned long long) opslimit, (size_t) memlimit) != 0) {
                 zend_string_free(hash);
                 zend_throw_exception(sodium_exception_ce, "internal error", 0);
                 return;
@@ -2010,14 +2038,13 @@ PHP_FUNCTION(sodium_crypto_pwhash)
         RETURN_STR(hash);
  }
  
-PHP_FUNCTION(sodium_crypto_pwhash_str)
+PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str)
  {
         zend_string *hash_str;
         char        *passwd;
         zend_long    memlimit;
         zend_long    opslimit;
         size_t       passwd_len;
-       size_t       len;
  
         if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "sll",
                                                                         &passwd, &passwd_len,
@@ -2033,58 +2060,32 @@ PHP_FUNCTION(sodium_crypto_pwhash_str)
                 zend_throw_exception(sodium_exception_ce, "memory limit must be greater than 0", 0);
                 return;
         }
-       if (passwd_len >= 0xffffffff) {
-               zend_throw_exception(sodium_exception_ce, "unsupported password length", 0);
-               return;
-       }
         if (passwd_len <= 0) {
                 zend_error(E_WARNING, "empty password");
         }
-       if (opslimit < crypto_pwhash_OPSLIMIT_INTERACTIVE) {
+       if (opslimit < crypto_pwhash_scryptsalsa208sha256_opslimit_interactive()) {
                 zend_error(E_WARNING,
-                                  "number of operations for the password hashing function is low");
+                                  "number of operations for the scrypt function is low");
         }
-       if (memlimit < crypto_pwhash_MEMLIMIT_INTERACTIVE) {
+       if (memlimit < crypto_pwhash_scryptsalsa208sha256_memlimit_interactive()) {
                 zend_error(E_WARNING,
-                                  "maximum memory for the password hashing function is low");
+                                  "maximum memory for the scrypt function is low");
         }
-       hash_str = zend_string_alloc(crypto_pwhash_STRBYTES - 1, 0);
-       if (crypto_pwhash_str
+       hash_str = zend_string_alloc
+               (crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1, 0);
+       if (crypto_pwhash_scryptsalsa208sha256_str
                 (ZSTR_VAL(hash_str), passwd, (unsigned long long) passwd_len,
                  (unsigned long long) opslimit, (size_t) memlimit) != 0) {
                 zend_string_free(hash_str);
                 zend_throw_exception(sodium_exception_ce, "internal error", 0);
                 return;
         }
-       ZSTR_VAL(hash_str)[crypto_pwhash_STRBYTES - 1] = 0;
-
-       len = strlen(ZSTR_VAL(hash_str));
-       PHP_SODIUM_ZSTR_TRUNCATE(hash_str, len);
+       ZSTR_VAL(hash_str)[crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1] = 0;
  
         RETURN_STR(hash_str);
  }
  
-#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)
-PHP_FUNCTION(sodium_crypto_pwhash_str_needs_rehash)
-{
-       char      *hash_str;
-       zend_long  memlimit;
-       zend_long  opslimit;
-       size_t     hash_str_len;
-
-       if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "sll",
-                                                                       &hash_str, &hash_str_len) == FAILURE) {
-               zend_throw_exception(sodium_exception_ce, "a PHP string is required", 0);
-               return;
-       }
-       if (crypto_pwhash_str_needs_rehash(hash_str, opslimit, memlimit) == 0) {
-               RETURN_FALSE;
-       }
-       RETURN_TRUE;
-}
-#endif
-
-PHP_FUNCTION(sodium_crypto_pwhash_str_verify)
+PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str_verify)
  {
         char      *hash_str;
         char      *passwd;
@@ -2097,15 +2098,14 @@ PHP_FUNCTION(sodium_crypto_pwhash_str_verify)
                 sodium_remove_param_values_from_backtrace(EG(exception));
                 return;
         }
-       if (passwd_len >= 0xffffffff) {
-               zend_throw_exception(sodium_exception_ce,
-                                  "unsupported password length", 0);
-               return;
-       }
         if (passwd_len <= 0) {
                 zend_error(E_WARNING, "empty password");
         }
-       if (crypto_pwhash_str_verify
+       if (hash_str_len != crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1) {
+               zend_error(E_WARNING, "wrong size for the hashed password");
+               RETURN_FALSE;
+       }
+       if (crypto_pwhash_scryptsalsa208sha256_str_verify
                 (hash_str, passwd, (unsigned long long) passwd_len) == 0) {
                 RETURN_TRUE;
         }
author	Frank Denis <github@pureftpd.org>
	Mon, 2 Oct 2017 20:19:55 +0000 (22:19 +0200)
committer	Frank Denis <github@pureftpd.org>
	Mon, 2 Oct 2017 20:19:55 +0000 (22:19 +0200)