This repository has been archived by the owner on Jan 29, 2020. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
334 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,197 @@ | ||
<?php | ||
/** | ||
* @see https://github.com/zendframework/zend-crypt for the canonical source repository | ||
* @copyright Copyright (c) 2005-2018 Zend Technologies USA Inc. (https://www.zend.com) | ||
* @license https://github.com/zendframework/zend-crypt/blob/master/LICENSE.md New BSD License | ||
*/ | ||
|
||
namespace Zend\Crypt\Password; | ||
|
||
use Traversable; | ||
use Zend\Stdlib\ArrayUtils; | ||
|
||
use const PASSWORD_ARGON2I; | ||
use const PHP_VERSION_ID; | ||
|
||
use function is_array; | ||
use function password_hash; | ||
use function password_verify; | ||
use function strtolower; | ||
|
||
/** | ||
* Argon2i algorithm using password_hash() function of PHP | ||
*/ | ||
class Argon2i implements PasswordInterface | ||
{ | ||
/** | ||
* Maximum memory (in kibibytes) that may be used to compute the Argon2 hash | ||
* | ||
* @var int|null | ||
*/ | ||
protected $memoryCost; | ||
|
||
/** | ||
* Maximum amount of time it may take to compute the Argon2 hash | ||
* | ||
* @var int|null | ||
*/ | ||
protected $timeCost; | ||
|
||
/** | ||
* Number of threads to use for computing the Argon2 hash | ||
* | ||
* @var int|null | ||
*/ | ||
protected $threads; | ||
|
||
/** | ||
* @var string | ||
*/ | ||
protected $salt; | ||
|
||
/** | ||
* Constructor | ||
* | ||
* @param array|Traversable $options | ||
* @throws Exception\InvalidArgumentException | ||
*/ | ||
public function __construct($options = []) | ||
{ | ||
if (PHP_VERSION_ID < 70200) { | ||
throw new Exception\InvalidArgumentException( | ||
'The Argon2i password hash is only nativly available on PHP7.2+' | ||
); | ||
} | ||
|
||
if (! empty($options)) { | ||
if ($options instanceof Traversable) { | ||
$options = ArrayUtils::iteratorToArray($options); | ||
} | ||
|
||
if (! is_array($options)) { | ||
throw new Exception\InvalidArgumentException( | ||
'The options parameter must be an array or a Traversable' | ||
); | ||
} | ||
|
||
foreach ($options as $key => $value) { | ||
switch (strtolower($key)) { | ||
case 'memory_cost': | ||
$this->setMemoryCost($value); | ||
break; | ||
case 'time_cost': | ||
$this->setTimeCost($value); | ||
break; | ||
case 'threads': | ||
$this->setThreads($value); | ||
break; | ||
} | ||
} | ||
} | ||
} | ||
|
||
/** | ||
* Returns the maximum memory (in kibibytes) that may be used to compute the Argon2 hash | ||
* | ||
* @return int | ||
*/ | ||
public function getMemoryCost() | ||
{ | ||
return $this->memoryCost; | ||
} | ||
|
||
/** | ||
* Sets the maximum memory (in kibibytes) that may be used to compute the Argon2 hash | ||
* | ||
* @param int $memoryCost | ||
* | ||
* @return Argon2i | ||
*/ | ||
public function setMemoryCost($memoryCost) | ||
{ | ||
$this->memoryCost = $memoryCost; | ||
return $this; | ||
} | ||
|
||
/** | ||
* Returns the maximum amount of time it may take to compute the Argon2 hash | ||
* | ||
* @return int | ||
*/ | ||
public function getTimeCost() | ||
{ | ||
return $this->timeCost; | ||
} | ||
|
||
/** | ||
* Sets the maximum amount of time it may take to compute the Argon2 hash | ||
* | ||
* @param int $timeCost | ||
* | ||
* @return Argon2i | ||
*/ | ||
public function setTimeCost($timeCost) | ||
{ | ||
$this->timeCost = $timeCost; | ||
return $this; | ||
} | ||
|
||
/** | ||
* Returns the number of threads to use for computing the Argon2 hash | ||
* | ||
* @return int | ||
*/ | ||
public function getThreads() | ||
{ | ||
return $this->threads; | ||
} | ||
|
||
/** | ||
* Sets the number of threads to use for computing the Argon2 hash | ||
* | ||
* @param int $threads | ||
* | ||
* @return Argon2i | ||
*/ | ||
public function setThreads($threads) | ||
{ | ||
$this->threads = $threads; | ||
return $this; | ||
} | ||
|
||
/** | ||
* @param string $password | ||
* @throws Exception\RuntimeException | ||
* @return string | ||
*/ | ||
public function create($password) | ||
{ | ||
$options = []; | ||
|
||
if ($this->memoryCost !== null) { | ||
$options['memory_cost'] = (int) $this->memoryCost; | ||
} | ||
|
||
if ($this->timeCost !== null) { | ||
$options['time_cost'] = (int) $this->timeCost; | ||
} | ||
|
||
if ($this->threads !== null) { | ||
$options['threads'] = (int) $this->threads; | ||
} | ||
|
||
return password_hash($password, PASSWORD_ARGON2I, $options); | ||
} | ||
|
||
/** | ||
* Verify if a password is correct against a hash value | ||
* | ||
* @param string $password | ||
* @param string $hash | ||
* @return bool | ||
*/ | ||
public function verify($password, $hash) | ||
{ | ||
return password_verify($password, $hash); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,137 @@ | ||
<?php | ||
/** | ||
* Zend Framework (http://framework.zend.com/) | ||
* | ||
* @link http://github.com/zendframework/zf2 for the canonical source repository | ||
* @copyright Copyright (c) 2005-2016 Zend Technologies USA Inc. (http://www.zend.com) | ||
* @license http://framework.zend.com/license/new-bsd New BSD License | ||
*/ | ||
|
||
namespace ZendTest\Crypt\Password; | ||
|
||
use ArrayObject; | ||
use PHPUnit\Framework\TestCase; | ||
use Zend\Crypt\Password\Argon2i; | ||
use Zend\Crypt\Password\Exception; | ||
|
||
/** | ||
* @group Zend_Crypt | ||
*/ | ||
class Argon2iTest extends TestCase | ||
{ | ||
public function testConstruct() | ||
{ | ||
if (PHP_VERSION_ID < 70200) { | ||
$this->expectException(Exception\InvalidArgumentException::class); | ||
$this->expectExceptionMessage('The Argon2i password hash is only nativly available on PHP7.2+'); | ||
} | ||
|
||
$argon2i = new Argon2i(); | ||
|
||
// This will only be executed on PHP7.2+ | ||
$this->assertEquals(PASSWORD_ARGON2_DEFAULT_MEMORY_COST, $argon2i->getMemoryCost()); | ||
$this->assertEquals(PASSWORD_ARGON2_DEFAULT_TIME_COST, $argon2i->getTimeCost()); | ||
$this->assertEquals(PASSWORD_ARGON2_DEFAULT_THREADS, $argon2i->getThreads()); | ||
} | ||
|
||
/** | ||
* @requires PHP 7.2 | ||
*/ | ||
public function testConstructByOptions() | ||
{ | ||
$options = [ | ||
'memory_cost' => 512, | ||
'time_cost' => 5, | ||
'threads' => 1, | ||
]; | ||
$argon2i = new Argon2i($options); | ||
$this->assertEquals(512, $argon2i->getMemoryCost()); | ||
$this->assertEquals(5, $argon2i->getTimeCost()); | ||
$this->assertEquals(1, $argon2i->getThreads()); | ||
} | ||
|
||
/** | ||
* This test uses ArrayObject to simulate a Zend\Config\Config instance; | ||
* the class itself only tests for Traversable. | ||
* | ||
* @requires PHP 7.2 | ||
*/ | ||
public function testConstructByConfig() | ||
{ | ||
$options = [ | ||
'memory_cost' => 512, | ||
'time_cost' => 5, | ||
'threads' => 1, | ||
]; | ||
$config = new ArrayObject($options); | ||
$argon2i = new Argon2i($config); | ||
$this->assertEquals(512, $argon2i->getMemoryCost()); | ||
$this->assertEquals(5, $argon2i->getTimeCost()); | ||
$this->assertEquals(1, $argon2i->getThreads()); | ||
} | ||
|
||
/** | ||
* @requires PHP 7.2 | ||
*/ | ||
public function testWrongConstruct() | ||
{ | ||
$this->expectException(Exception\InvalidArgumentException::class); | ||
$this->expectExceptionMessage('The options parameter must be an array or a Traversable'); | ||
new Argon2i('test'); | ||
} | ||
|
||
/** | ||
* @requires PHP 7.2 | ||
*/ | ||
public function testSetMemoryCost() | ||
{ | ||
$argon2i = new Argon2i(); | ||
$argon2i->setMemoryCost(512); | ||
$this->assertEquals(512, $argon2i->getMemoryCost()); | ||
} | ||
|
||
/** | ||
* @requires PHP 7.2 | ||
*/ | ||
public function testSetTimeCost() | ||
{ | ||
$argon2i = new Argon2i(); | ||
$argon2i->setTimeCost(10); | ||
$this->assertEquals(10, $argon2i->getTimeCost()); | ||
} | ||
|
||
/** | ||
* @requires PHP 7.2 | ||
*/ | ||
public function testCreate() | ||
{ | ||
$argon2i = new Argon2i(); | ||
$password = $argon2i->create('test'); | ||
$this->assertNotEmpty($password); | ||
$this->assertGreaterThanOrEqual(95, strlen($password)); | ||
} | ||
|
||
/** | ||
* @requires PHP 7.2 | ||
*/ | ||
public function testVerify() | ||
{ | ||
$argon2i = new Argon2i(); | ||
$hash = '$argon2i$v=19$m=1024,t=2,p=2$eFlUWVhOMWRjY2swVW1neQ$QASXjIL0nEMfep30FGefpWPdh0wISQpljW3FYPy5m0U'; | ||
$this->assertTrue($argon2i->verify('test', $hash)); | ||
$this->assertFalse($argon2i->verify('other', $hash)); | ||
} | ||
|
||
/** | ||
* The class should also positivly verify bcrypt hashes | ||
* | ||
* @requires PHP 7.2 | ||
*/ | ||
public function testVerifyBcryptHashes() | ||
{ | ||
$argon2i = new Argon2i(); | ||
$hash = '$2y$10$123456789012345678901uIcehzOq0s9RvVtyXJFIsuuxuE2XZRMq'; | ||
$this->assertTrue($argon2i->verify('test', $hash)); | ||
$this->assertFalse($argon2i->verify('other', $hash)); | ||
} | ||
} |