Merge pull request #2957 from rztuc/issue2956-add-argon2i-pw-hash-sup…

…port Added support for argon2i and argon2id password hashes to PassHash.ph…
dokuwiki · Jan 15, 2020 · 114c60d · 114c60d
2 parents f19d0ef + b9b08db
commit 114c60d
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 1 deletion.
diff --git a/inc/PassHash.php b/inc/PassHash.php
@@ -77,6 +77,11 @@ public function verify_hash($clear, $hash) {
             $method = 'sha512';
             $salt   = $m[2];
             $magic  = $m[1];
+        } elseif(preg_match('/^\$(argon2id?)/', $hash, $m)) {
+            if(!defined('PASSWORD_'.strtoupper($m[1]))) {
+                throw new \Exception('This PHP installation has no '.strtoupper($m[1]).' support');
+            }
+            return password_verify($clear,$hash);
         } elseif($len == 32) {
             $method = 'md5';
         } elseif($len == 40) {
@@ -591,6 +596,43 @@ public function hash_mediawiki($clear, $salt = null) {
         return ':B:'.$salt.':'.md5($salt.'-'.md5($clear));
     }
 
+
+    /**
+     * Password hashing method 'argon2i'
+     *
+     * Uses php's own password_hash function to create argon2i password hash
+     * Default Cost and thread options are used for now.
+     *
+     * @link  https://www.php.net/manual/de/function.password-hash.php
+     *
+     * @param string $clear The clear text to hash
+     * @return string Hashed password
+     */
+    public function hash_argon2i($clear) {
+        if(!defined('PASSWORD_ARGON2I')) {
+            throw new \Exception('This PHP installation has no ARGON2I support');
+        }
+        return password_hash($clear,PASSWORD_ARGON2I);   
+    }
+
+    /**
+     * Password hashing method 'argon2id'
+     *
+     * Uses php's own password_hash function to create argon2id password hash
+     * Default Cost and thread options are used for now.
+     *
+     * @link  https://www.php.net/manual/de/function.password-hash.php
+     *
+     * @param string $clear The clear text to hash
+     * @return string Hashed password
+     */
+    public function hash_argon2id($clear) {
+        if(!defined('PASSWORD_ARGON2ID')) {
+            throw new \Exception('This PHP installation has no ARGON2ID support');
+        }
+        return password_hash($clear,PASSWORD_ARGON2ID);   
+    }
+
     /**
      * Wraps around native hash_hmac() or reimplents it
      *

diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php
@@ -125,7 +125,7 @@
 $meta['authtype']    = array('authtype','_caution' => 'danger');
 $meta['passcrypt']   = array('multichoice','_choices' => array(
     'smd5','md5','apr1','sha1','ssha','lsmd5','crypt','mysql','my411','kmd5','pmd5','hmd5',
-    'mediawiki','bcrypt','djangomd5','djangosha1','djangopbkdf2_sha1','djangopbkdf2_sha256','sha512'
+    'mediawiki','bcrypt','djangomd5','djangosha1','djangopbkdf2_sha1','djangopbkdf2_sha256','sha512','argon2i','argon2id'
 ));
 $meta['defaultgroup']= array('string');
 $meta['superuser']   = array('string','_caution' => 'danger');