diff options
| author | Charles R. Portwood II <charlesportwoodii@erianna.com> | 2016-08-05 13:26:21 -0500 |
|---|---|---|
| committer | Charles R. Portwood II <charlesportwoodii@erianna.com> | 2016-08-17 13:45:06 -0500 |
| commit | 0e3b3b031fde75f660b57d3af685c0e7f1ac1f02 (patch) | |
| tree | 30fba7661aa9473998f24d4000abae4d58532296 | |
| parent | d883f65d318374ea63db16de2ed92dccb5097356 (diff) | |
| download | php-git-0e3b3b031fde75f660b57d3af685c0e7f1ac1f02.tar.gz | |
Changing m_cost and t_cost to memory_cost and time_cost
- Updating tests
- Adjusting cost factors:
- memory_cost = 1 MiB
- time_cost = 2
- threads = 2
| -rw-r--r-- | ext/standard/password.c | 55 | ||||
| -rw-r--r-- | ext/standard/php_password.h | 7 | ||||
| -rw-r--r-- | ext/standard/tests/password/password_get_info_argon2.phpt | 6 | ||||
| -rw-r--r-- | ext/standard/tests/password/password_hash_argon2.phpt | 6 | ||||
| -rw-r--r-- | ext/standard/tests/password/password_hash_error_argon2.phpt | 8 | ||||
| -rw-r--r-- | ext/standard/tests/password/password_needs_rehash_argon2.phpt | 10 | ||||
| -rw-r--r-- | ext/standard/tests/password/password_verify_argon2.phpt | 2 |
7 files changed, 44 insertions, 50 deletions
diff --git a/ext/standard/password.c b/ext/standard/password.c index ca5c3000f4..117db2bf16 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -45,7 +45,6 @@ PHP_MINIT_FUNCTION(password) /* {{{ */ REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT", PHP_PASSWORD_BCRYPT, CONST_CS | CONST_PERSISTENT); #if HAVE_ARGON2LIB REGISTER_LONG_CONSTANT("PASSWORD_ARGON2I", PHP_PASSWORD_ARGON2I, CONST_CS | CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("PASSWORD_ARGON2", PHP_PASSWORD_ARGON2, CONST_CS | CONST_PERSISTENT); #endif REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT_DEFAULT_COST", PHP_PASSWORD_BCRYPT_COST, CONST_CS | CONST_PERSISTENT); @@ -195,13 +194,13 @@ PHP_FUNCTION(password_get_info) case PHP_PASSWORD_ARGON2I: { zend_long v = 0; - zend_long m_cost = PHP_PASSWORD_ARGON2_MEMORY_COST; - zend_long t_cost = PHP_PASSWORD_ARGON2_TIME_COST; + zend_long memory_cost = PHP_PASSWORD_ARGON2_MEMORY_COST; + zend_long time_cost = PHP_PASSWORD_ARGON2_TIME_COST; zend_long threads = PHP_PASSWORD_ARGON2_THREADS; - sscanf(hash, "$%*[argon2i]$v=" ZEND_LONG_FMT "$m=" ZEND_LONG_FMT ",t=" ZEND_LONG_FMT ",p=" ZEND_LONG_FMT, &v, &m_cost, &t_cost, &threads); - add_assoc_long(&options, "m_cost", m_cost); - add_assoc_long(&options, "t_cost", t_cost); + sscanf(hash, "$%*[argon2i]$v=" ZEND_LONG_FMT "$m=" ZEND_LONG_FMT ",t=" ZEND_LONG_FMT ",p=" ZEND_LONG_FMT, &v, &memory_cost, &time_cost, &threads); + add_assoc_long(&options, "memory_cost", memory_cost); + add_assoc_long(&options, "time_cost", time_cost); add_assoc_long(&options, "threads", threads); } break; @@ -259,25 +258,25 @@ PHP_FUNCTION(password_needs_rehash) case PHP_PASSWORD_ARGON2I: { zend_long v = 0; - zend_long new_m_cost = PHP_PASSWORD_ARGON2_MEMORY_COST, m_cost = 0; - zend_long new_t_cost = PHP_PASSWORD_ARGON2_TIME_COST, t_cost = 0; + zend_long new_memory_cost = PHP_PASSWORD_ARGON2_MEMORY_COST, memory_cost = 0; + zend_long new_time_cost = PHP_PASSWORD_ARGON2_TIME_COST, time_cost = 0; zend_long new_threads = PHP_PASSWORD_ARGON2_THREADS, threads = 0; - if (options && (option_buffer = zend_hash_str_find(options, "m_cost", sizeof("m_cost")-1)) != NULL) { - new_m_cost = zval_get_long(option_buffer); + if (options && (option_buffer = zend_hash_str_find(options, "memory_cost", sizeof("memory_cost")-1)) != NULL) { + new_memory_cost = zval_get_long(option_buffer); } - if (options && (option_buffer = zend_hash_str_find(options, "t_cost", sizeof("t_cost")-1)) != NULL) { - new_t_cost = zval_get_long(option_buffer); + if (options && (option_buffer = zend_hash_str_find(options, "time_cost", sizeof("time_cost")-1)) != NULL) { + new_time_cost = zval_get_long(option_buffer); } if (options && (option_buffer = zend_hash_str_find(options, "threads", sizeof("threads")-1)) != NULL) { new_threads = zval_get_long(option_buffer); } - sscanf(hash, "$%*[argon2i]$v=" ZEND_LONG_FMT "$m=" ZEND_LONG_FMT ",t=" ZEND_LONG_FMT ",p=" ZEND_LONG_FMT, &v, &m_cost, &t_cost, &threads); + sscanf(hash, "$%*[argon2i]$v=" ZEND_LONG_FMT "$m=" ZEND_LONG_FMT ",t=" ZEND_LONG_FMT ",p=" ZEND_LONG_FMT, &v, &memory_cost, &time_cost, &threads); - if (new_t_cost != t_cost || new_m_cost != m_cost || new_threads != threads) { + if (new_time_cost != time_cost || new_memory_cost != memory_cost || new_threads != threads) { RETURN_TRUE; } } @@ -367,8 +366,8 @@ PHP_FUNCTION(password_hash) zval *option_buffer; #if HAVE_ARGON2LIB - size_t t_cost = PHP_PASSWORD_ARGON2_TIME_COST; - size_t m_cost = PHP_PASSWORD_ARGON2_MEMORY_COST; + size_t time_cost = PHP_PASSWORD_ARGON2_TIME_COST; + size_t memory_cost = PHP_PASSWORD_ARGON2_MEMORY_COST; size_t threads = PHP_PASSWORD_ARGON2_THREADS; argon2_type type = Argon2_i; #endif @@ -399,21 +398,21 @@ PHP_FUNCTION(password_hash) #if HAVE_ARGON2LIB case PHP_PASSWORD_ARGON2I: { - if (options && (option_buffer = zend_hash_str_find(options, "m_cost", sizeof("m_cost")-1)) != NULL) { - m_cost = zval_get_long(option_buffer); + if (options && (option_buffer = zend_hash_str_find(options, "memory_cost", sizeof("memory_cost")-1)) != NULL) { + memory_cost = zval_get_long(option_buffer); } - if (m_cost > ARGON2_MAX_MEMORY || m_cost < ARGON2_MIN_MEMORY) { - php_error_docref(NULL, E_WARNING, "Memory cost is outside of allowed memory range", m_cost); + if (memory_cost > ARGON2_MAX_MEMORY || memory_cost < ARGON2_MIN_MEMORY) { + php_error_docref(NULL, E_WARNING, "Memory cost is outside of allowed memory range", memory_cost); RETURN_NULL(); } - if (options && (option_buffer = zend_hash_str_find(options, "t_cost", sizeof("t_cost")-1)) != NULL) { - t_cost = zval_get_long(option_buffer); + if (options && (option_buffer = zend_hash_str_find(options, "time_cost", sizeof("time_cost")-1)) != NULL) { + time_cost = zval_get_long(option_buffer); } - if (t_cost > ARGON2_MAX_TIME || t_cost < ARGON2_MIN_TIME) { - php_error_docref(NULL, E_WARNING, "Time cost is outside of allowed time range", t_cost); + if (time_cost > ARGON2_MAX_TIME || time_cost < ARGON2_MIN_TIME) { + php_error_docref(NULL, E_WARNING, "Time cost is outside of allowed time range", time_cost); RETURN_NULL(); } @@ -532,8 +531,8 @@ PHP_FUNCTION(password_hash) int status = 0; encoded_len = argon2_encodedlen( - t_cost, - m_cost, + time_cost, + memory_cost, threads, (uint32_t)salt_len, out_len @@ -543,8 +542,8 @@ PHP_FUNCTION(password_hash) zend_string *encoded = zend_string_alloc(encoded_len, 0); status = argon2_hash( - t_cost, - m_cost, + time_cost, + memory_cost, threads, password, password_len, diff --git a/ext/standard/php_password.h b/ext/standard/php_password.h index e2d6b4a73e..4bc2e5660f 100644 --- a/ext/standard/php_password.h +++ b/ext/standard/php_password.h @@ -33,10 +33,9 @@ PHP_MINIT_FUNCTION(password); #define PHP_PASSWORD_BCRYPT_COST 10 #if HAVE_ARGON2LIB -#define PHP_PASSWORD_ARGON2 PHP_PASSWORD_ARGON2I -#define PHP_PASSWORD_ARGON2_MEMORY_COST 1<<16 -#define PHP_PASSWORD_ARGON2_TIME_COST 3 -#define PHP_PASSWORD_ARGON2_THREADS 1 +#define PHP_PASSWORD_ARGON2_MEMORY_COST 1<<10 +#define PHP_PASSWORD_ARGON2_TIME_COST 2 +#define PHP_PASSWORD_ARGON2_THREADS 2 #endif typedef enum { diff --git a/ext/standard/tests/password/password_get_info_argon2.phpt b/ext/standard/tests/password/password_get_info_argon2.phpt index 67ac8520a7..903f9faca5 100644 --- a/ext/standard/tests/password/password_get_info_argon2.phpt +++ b/ext/standard/tests/password/password_get_info_argon2.phpt @@ -2,7 +2,7 @@ Test normal operation of password_get_info() with Argon2 --SKIPIF-- <?php -if (!defined('PASSWORD_ARGON2')) die('Skipped: password_get_info not built with Argon2'); +if (!defined('PASSWORD_ARGON2I')) die('Skipped: password_get_info not built with Argon2'); ?> --FILE-- <?php @@ -18,9 +18,9 @@ array(3) { string(7) "argon2i" ["options"]=> array(3) { - ["m_cost"]=> + ["memory_cost"]=> int(65536) - ["t_cost"]=> + ["time_cost"]=> int(3) ["threads"]=> int(1) diff --git a/ext/standard/tests/password/password_hash_argon2.phpt b/ext/standard/tests/password/password_hash_argon2.phpt index 02d239c0cd..229d26fcae 100644 --- a/ext/standard/tests/password/password_hash_argon2.phpt +++ b/ext/standard/tests/password/password_hash_argon2.phpt @@ -2,15 +2,12 @@ Test normal operation of password_hash() with argon2 --SKIPIF-- <?php -if (!defined('PASSWORD_ARGON2')) die('Skipped: password_get_info not built with Argon2'); +if (!defined('PASSWORD_ARGON2I')) die('Skipped: password_get_info not built with Argon2'); --FILE-- <?php $password = "the password for testing 12345!"; -$hash = password_hash($password, PASSWORD_ARGON2); -var_dump(password_verify($password, $hash)); - $hash = password_hash($password, PASSWORD_ARGON2I); var_dump(password_verify($password, $hash)); @@ -18,5 +15,4 @@ echo "OK!"; ?> --EXPECT-- bool(true) -bool(true) OK!
\ No newline at end of file diff --git a/ext/standard/tests/password/password_hash_error_argon2.phpt b/ext/standard/tests/password/password_hash_error_argon2.phpt index 60496447a2..cce3c61c12 100644 --- a/ext/standard/tests/password/password_hash_error_argon2.phpt +++ b/ext/standard/tests/password/password_hash_error_argon2.phpt @@ -2,13 +2,13 @@ Test error operation of password_hash() with argon2 --SKIPIF-- <?php -if (!defined('PASSWORD_ARGON2')) die('Skipped: password_get_info not built with Argon2'); +if (!defined('PASSWORD_ARGON2I')) die('Skipped: password_get_info not built with Argon2'); ?> --FILE-- <?php -var_dump(password_hash('test', PASSWORD_ARGON2, ['m_cost' => 0])); -var_dump(password_hash('test', PASSWORD_ARGON2, ['t_cost' => 0])); -var_dump(password_hash('test', PASSWORD_ARGON2, ['threads' => 0])); +var_dump(password_hash('test', PASSWORD_ARGON2I, ['memory_cost' => 0])); +var_dump(password_hash('test', PASSWORD_ARGON2I, ['time_cost' => 0])); +var_dump(password_hash('test', PASSWORD_ARGON2I, ['threads' => 0])); ?> --EXPECTF-- Warning: password_hash(): Memory cost is outside of allowed memory range in %s on line %d diff --git a/ext/standard/tests/password/password_needs_rehash_argon2.phpt b/ext/standard/tests/password/password_needs_rehash_argon2.phpt index 315fe1f6a1..28592eb80b 100644 --- a/ext/standard/tests/password/password_needs_rehash_argon2.phpt +++ b/ext/standard/tests/password/password_needs_rehash_argon2.phpt @@ -2,16 +2,16 @@ Test normal operation of password_needs_rehash() with argon2 --SKIPIF-- <?php -if (!defined('PASSWORD_ARGON2')) die('Skipped: password_get_info not built with Argon2'); +if (!defined('PASSWORD_ARGON2I')) die('Skipped: password_get_info not built with Argon2'); ?> --FILE-- <?php $hash = '$argon2i$v=19$m=65536,t=3,p=1$YkprUktYN0lHQTd2bWRFeA$79aA+6IvgclpDAJVoezProlqzIPy7do/P0sBDXS9Nn0'; -var_dump(password_needs_rehash($hash, PASSWORD_ARGON2)); -var_dump(password_needs_rehash($hash, PASSWORD_ARGON2, ['m_cost' => 1<<17])); -var_dump(password_needs_rehash($hash, PASSWORD_ARGON2, ['t_cost' => 2])); -var_dump(password_needs_rehash($hash, PASSWORD_ARGON2, ['threads' => 2])); +var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I)); +var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['memory_cost' => 1<<17])); +var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['time_cost' => 2])); +var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['threads' => 2])); echo "OK!"; ?> --EXPECT-- diff --git a/ext/standard/tests/password/password_verify_argon2.phpt b/ext/standard/tests/password/password_verify_argon2.phpt index 557e7372f8..a3caefb09c 100644 --- a/ext/standard/tests/password/password_verify_argon2.phpt +++ b/ext/standard/tests/password/password_verify_argon2.phpt @@ -2,7 +2,7 @@ Test normal operation of password_verify() with argon2 --SKIPIF-- <?php -if (!defined('PASSWORD_ARGON2')) die('Skipped: password_get_info not built with Argon2'); +if (!defined('PASSWORD_ARGON2I')) die('Skipped: password_get_info not built with Argon2'); ?> --FILE-- <?php |