From: Frank Denis Date: Mon, 2 Oct 2017 20:19:55 +0000 (+0200) Subject: ext/sodium: move pwhash_scrypt() after pwhash() X-Git-Tag: php-7.2.0RC4~22 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7fc396c15d33c50599a593ee8be5c40290f864b8;p=php ext/sodium: move pwhash_scrypt() after pwhash() --- diff --git a/ext/sodium/libsodium.c b/ext/sodium/libsodium.c index 8ad365c298..b5610520d9 100644 --- a/ext/sodium/libsodium.c +++ b/ext/sodium/libsodium.c @@ -1785,8 +1785,8 @@ PHP_FUNCTION(sodium_crypto_stream_xor) RETURN_STR(ciphertext); } -#ifdef crypto_pwhash_scryptsalsa208sha256_SALTBYTES -PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256) +#ifdef crypto_pwhash_SALTBYTES +PHP_FUNCTION(sodium_crypto_pwhash) { zend_string *hash; unsigned char *salt; @@ -1794,21 +1794,28 @@ PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256) zend_long hash_len; zend_long memlimit; zend_long opslimit; + zend_long alg; size_t passwd_len; size_t salt_len; + int ret; - if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "lssll", + alg = (zend_long) crypto_pwhash_ALG_DEFAULT; + if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "lssll|l", &hash_len, &passwd, &passwd_len, &salt, &salt_len, - &opslimit, &memlimit) == FAILURE) { + &opslimit, &memlimit, &alg) == FAILURE) { sodium_remove_param_values_from_backtrace(EG(exception)); return; } - if (hash_len <= 0 || hash_len >= SIZE_MAX || hash_len > 0x1fffffffe0ULL) { + if (hash_len <= 0 || hash_len >= 0xffffffff) { zend_throw_exception(sodium_exception_ce, "hash length must be greater than 0", 0); return; } + if (passwd_len >= 0xffffffff) { + zend_throw_exception(sodium_exception_ce, "unsupported password length", 0); + return; + } if (opslimit <= 0) { zend_throw_exception(sodium_exception_ce, "ops limit must be greater than 0", 0); return; @@ -1817,28 +1824,45 @@ PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256) zend_throw_exception(sodium_exception_ce, "memory limit must be greater than 0", 0); return; } + if (alg != crypto_pwhash_ALG_ARGON2I13 +# ifdef crypto_pwhash_ALG_ARGON2ID13 + && alg != crypto_pwhash_ALG_ARGON2ID13 +# endif + && alg != crypto_pwhash_ALG_DEFAULT) { + zend_throw_exception(sodium_exception_ce, "unsupported password hashing algorithm", 0); + return; + } if (passwd_len <= 0) { zend_error(E_WARNING, "empty password"); } - if (salt_len != crypto_pwhash_scryptsalsa208sha256_SALTBYTES) { - zend_throw_exception(sodium_exception_ce, - "salt should be SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES bytes", - 0); + if (salt_len != crypto_pwhash_SALTBYTES) { + zend_throw_exception(sodium_exception_ce, "salt should be SODIUM_CRYPTO_PWHASH_SALTBYTES bytes", 0); return; } - if (opslimit < crypto_pwhash_scryptsalsa208sha256_opslimit_interactive()) { + if (opslimit < crypto_pwhash_OPSLIMIT_INTERACTIVE) { zend_error(E_WARNING, - "number of operations for the scrypt function is low"); + "number of operations for the password hashing function is low"); } - if (memlimit < crypto_pwhash_scryptsalsa208sha256_memlimit_interactive()) { - zend_error(E_WARNING, - "maximum memory for the scrypt function is low"); + if (memlimit < crypto_pwhash_MEMLIMIT_INTERACTIVE) { + zend_error(E_WARNING, "maximum memory for the password hashing function is low"); } hash = zend_string_alloc((size_t) hash_len, 0); - if (crypto_pwhash_scryptsalsa208sha256 - ((unsigned char *) ZSTR_VAL(hash), (unsigned long long) hash_len, - passwd, (unsigned long long) passwd_len, salt, - (unsigned long long) opslimit, (size_t) memlimit) != 0) { + ret = -1; +# ifdef crypto_pwhash_ALG_ARGON2ID13 + if (alg == crypto_pwhash_ALG_ARGON2ID13) { + ret = crypto_pwhash_argon2id + ((unsigned char *) ZSTR_VAL(hash), (unsigned long long) hash_len, + passwd, (unsigned long long) passwd_len, salt, + (unsigned long long) opslimit, (size_t) memlimit, (int) alg); + } +# endif + if (ret == -1) { + ret = crypto_pwhash + ((unsigned char *) ZSTR_VAL(hash), (unsigned long long) hash_len, + passwd, (unsigned long long) passwd_len, salt, + (unsigned long long) opslimit, (size_t) memlimit, (int) alg); + } + if (ret != 0) { zend_string_free(hash); zend_throw_exception(sodium_exception_ce, "internal error", 0); return; @@ -1848,13 +1872,14 @@ PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256) RETURN_STR(hash); } -PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str) +PHP_FUNCTION(sodium_crypto_pwhash_str) { zend_string *hash_str; char *passwd; zend_long memlimit; zend_long opslimit; size_t passwd_len; + size_t len; if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "sll", &passwd, &passwd_len, @@ -1870,32 +1895,58 @@ PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str) zend_throw_exception(sodium_exception_ce, "memory limit must be greater than 0", 0); return; } + if (passwd_len >= 0xffffffff) { + zend_throw_exception(sodium_exception_ce, "unsupported password length", 0); + return; + } if (passwd_len <= 0) { zend_error(E_WARNING, "empty password"); } - if (opslimit < crypto_pwhash_scryptsalsa208sha256_opslimit_interactive()) { + if (opslimit < crypto_pwhash_OPSLIMIT_INTERACTIVE) { zend_error(E_WARNING, - "number of operations for the scrypt function is low"); + "number of operations for the password hashing function is low"); } - if (memlimit < crypto_pwhash_scryptsalsa208sha256_memlimit_interactive()) { + if (memlimit < crypto_pwhash_MEMLIMIT_INTERACTIVE) { zend_error(E_WARNING, - "maximum memory for the scrypt function is low"); + "maximum memory for the password hashing function is low"); } - hash_str = zend_string_alloc - (crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1, 0); - if (crypto_pwhash_scryptsalsa208sha256_str + hash_str = zend_string_alloc(crypto_pwhash_STRBYTES - 1, 0); + if (crypto_pwhash_str (ZSTR_VAL(hash_str), passwd, (unsigned long long) passwd_len, (unsigned long long) opslimit, (size_t) memlimit) != 0) { zend_string_free(hash_str); zend_throw_exception(sodium_exception_ce, "internal error", 0); return; } - ZSTR_VAL(hash_str)[crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1] = 0; + ZSTR_VAL(hash_str)[crypto_pwhash_STRBYTES - 1] = 0; + + len = strlen(ZSTR_VAL(hash_str)); + PHP_SODIUM_ZSTR_TRUNCATE(hash_str, len); RETURN_STR(hash_str); } -PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str_verify) +#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6) +PHP_FUNCTION(sodium_crypto_pwhash_str_needs_rehash) +{ + char *hash_str; + zend_long memlimit; + zend_long opslimit; + size_t hash_str_len; + + if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "sll", + &hash_str, &hash_str_len) == FAILURE) { + zend_throw_exception(sodium_exception_ce, "a PHP string is required", 0); + return; + } + if (crypto_pwhash_str_needs_rehash(hash_str, opslimit, memlimit) == 0) { + RETURN_FALSE; + } + RETURN_TRUE; +} +#endif + +PHP_FUNCTION(sodium_crypto_pwhash_str_verify) { char *hash_str; char *passwd; @@ -1908,14 +1959,15 @@ PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str_verify) sodium_remove_param_values_from_backtrace(EG(exception)); return; } + if (passwd_len >= 0xffffffff) { + zend_throw_exception(sodium_exception_ce, + "unsupported password length", 0); + return; + } if (passwd_len <= 0) { zend_error(E_WARNING, "empty password"); } - if (hash_str_len != crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1) { - zend_error(E_WARNING, "wrong size for the hashed password"); - RETURN_FALSE; - } - if (crypto_pwhash_scryptsalsa208sha256_str_verify + if (crypto_pwhash_str_verify (hash_str, passwd, (unsigned long long) passwd_len) == 0) { RETURN_TRUE; } @@ -1923,8 +1975,8 @@ PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str_verify) } #endif -#ifdef crypto_pwhash_SALTBYTES -PHP_FUNCTION(sodium_crypto_pwhash) +#ifdef crypto_pwhash_scryptsalsa208sha256_SALTBYTES +PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256) { zend_string *hash; unsigned char *salt; @@ -1932,28 +1984,21 @@ PHP_FUNCTION(sodium_crypto_pwhash) zend_long hash_len; zend_long memlimit; zend_long opslimit; - zend_long alg; size_t passwd_len; size_t salt_len; - int ret; - alg = (zend_long) crypto_pwhash_ALG_DEFAULT; - if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "lssll|l", + if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "lssll", &hash_len, &passwd, &passwd_len, &salt, &salt_len, - &opslimit, &memlimit, &alg) == FAILURE) { + &opslimit, &memlimit) == FAILURE) { sodium_remove_param_values_from_backtrace(EG(exception)); return; } - if (hash_len <= 0 || hash_len >= 0xffffffff) { + if (hash_len <= 0 || hash_len >= SIZE_MAX || hash_len > 0x1fffffffe0ULL) { zend_throw_exception(sodium_exception_ce, "hash length must be greater than 0", 0); return; } - if (passwd_len >= 0xffffffff) { - zend_throw_exception(sodium_exception_ce, "unsupported password length", 0); - return; - } if (opslimit <= 0) { zend_throw_exception(sodium_exception_ce, "ops limit must be greater than 0", 0); return; @@ -1962,45 +2007,28 @@ PHP_FUNCTION(sodium_crypto_pwhash) zend_throw_exception(sodium_exception_ce, "memory limit must be greater than 0", 0); return; } - if (alg != crypto_pwhash_ALG_ARGON2I13 -# ifdef crypto_pwhash_ALG_ARGON2ID13 - && alg != crypto_pwhash_ALG_ARGON2ID13 -# endif - && alg != crypto_pwhash_ALG_DEFAULT) { - zend_throw_exception(sodium_exception_ce, "unsupported password hashing algorithm", 0); - return; - } if (passwd_len <= 0) { zend_error(E_WARNING, "empty password"); } - if (salt_len != crypto_pwhash_SALTBYTES) { - zend_throw_exception(sodium_exception_ce, "salt should be SODIUM_CRYPTO_PWHASH_SALTBYTES bytes", 0); + if (salt_len != crypto_pwhash_scryptsalsa208sha256_SALTBYTES) { + zend_throw_exception(sodium_exception_ce, + "salt should be SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES bytes", + 0); return; } - if (opslimit < crypto_pwhash_OPSLIMIT_INTERACTIVE) { + if (opslimit < crypto_pwhash_scryptsalsa208sha256_opslimit_interactive()) { zend_error(E_WARNING, - "number of operations for the password hashing function is low"); + "number of operations for the scrypt function is low"); } - if (memlimit < crypto_pwhash_MEMLIMIT_INTERACTIVE) { - zend_error(E_WARNING, "maximum memory for the password hashing function is low"); + if (memlimit < crypto_pwhash_scryptsalsa208sha256_memlimit_interactive()) { + zend_error(E_WARNING, + "maximum memory for the scrypt function is low"); } hash = zend_string_alloc((size_t) hash_len, 0); - ret = -1; -# ifdef crypto_pwhash_ALG_ARGON2ID13 - if (alg == crypto_pwhash_ALG_ARGON2ID13) { - ret = crypto_pwhash_argon2id - ((unsigned char *) ZSTR_VAL(hash), (unsigned long long) hash_len, - passwd, (unsigned long long) passwd_len, salt, - (unsigned long long) opslimit, (size_t) memlimit, (int) alg); - } -# endif - if (ret == -1) { - ret = crypto_pwhash - ((unsigned char *) ZSTR_VAL(hash), (unsigned long long) hash_len, - passwd, (unsigned long long) passwd_len, salt, - (unsigned long long) opslimit, (size_t) memlimit, (int) alg); - } - if (ret != 0) { + if (crypto_pwhash_scryptsalsa208sha256 + ((unsigned char *) ZSTR_VAL(hash), (unsigned long long) hash_len, + passwd, (unsigned long long) passwd_len, salt, + (unsigned long long) opslimit, (size_t) memlimit) != 0) { zend_string_free(hash); zend_throw_exception(sodium_exception_ce, "internal error", 0); return; @@ -2010,14 +2038,13 @@ PHP_FUNCTION(sodium_crypto_pwhash) RETURN_STR(hash); } -PHP_FUNCTION(sodium_crypto_pwhash_str) +PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str) { zend_string *hash_str; char *passwd; zend_long memlimit; zend_long opslimit; size_t passwd_len; - size_t len; if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "sll", &passwd, &passwd_len, @@ -2033,58 +2060,32 @@ PHP_FUNCTION(sodium_crypto_pwhash_str) zend_throw_exception(sodium_exception_ce, "memory limit must be greater than 0", 0); return; } - if (passwd_len >= 0xffffffff) { - zend_throw_exception(sodium_exception_ce, "unsupported password length", 0); - return; - } if (passwd_len <= 0) { zend_error(E_WARNING, "empty password"); } - if (opslimit < crypto_pwhash_OPSLIMIT_INTERACTIVE) { + if (opslimit < crypto_pwhash_scryptsalsa208sha256_opslimit_interactive()) { zend_error(E_WARNING, - "number of operations for the password hashing function is low"); + "number of operations for the scrypt function is low"); } - if (memlimit < crypto_pwhash_MEMLIMIT_INTERACTIVE) { + if (memlimit < crypto_pwhash_scryptsalsa208sha256_memlimit_interactive()) { zend_error(E_WARNING, - "maximum memory for the password hashing function is low"); + "maximum memory for the scrypt function is low"); } - hash_str = zend_string_alloc(crypto_pwhash_STRBYTES - 1, 0); - if (crypto_pwhash_str + hash_str = zend_string_alloc + (crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1, 0); + if (crypto_pwhash_scryptsalsa208sha256_str (ZSTR_VAL(hash_str), passwd, (unsigned long long) passwd_len, (unsigned long long) opslimit, (size_t) memlimit) != 0) { zend_string_free(hash_str); zend_throw_exception(sodium_exception_ce, "internal error", 0); return; } - ZSTR_VAL(hash_str)[crypto_pwhash_STRBYTES - 1] = 0; - - len = strlen(ZSTR_VAL(hash_str)); - PHP_SODIUM_ZSTR_TRUNCATE(hash_str, len); + ZSTR_VAL(hash_str)[crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1] = 0; RETURN_STR(hash_str); } -#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6) -PHP_FUNCTION(sodium_crypto_pwhash_str_needs_rehash) -{ - char *hash_str; - zend_long memlimit; - zend_long opslimit; - size_t hash_str_len; - - if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "sll", - &hash_str, &hash_str_len) == FAILURE) { - zend_throw_exception(sodium_exception_ce, "a PHP string is required", 0); - return; - } - if (crypto_pwhash_str_needs_rehash(hash_str, opslimit, memlimit) == 0) { - RETURN_FALSE; - } - RETURN_TRUE; -} -#endif - -PHP_FUNCTION(sodium_crypto_pwhash_str_verify) +PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str_verify) { char *hash_str; char *passwd; @@ -2097,15 +2098,14 @@ PHP_FUNCTION(sodium_crypto_pwhash_str_verify) sodium_remove_param_values_from_backtrace(EG(exception)); return; } - if (passwd_len >= 0xffffffff) { - zend_throw_exception(sodium_exception_ce, - "unsupported password length", 0); - return; - } if (passwd_len <= 0) { zend_error(E_WARNING, "empty password"); } - if (crypto_pwhash_str_verify + if (hash_str_len != crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1) { + zend_error(E_WARNING, "wrong size for the hashed password"); + RETURN_FALSE; + } + if (crypto_pwhash_scryptsalsa208sha256_str_verify (hash_str, passwd, (unsigned long long) passwd_len) == 0) { RETURN_TRUE; }