1
0

Hasher.php 6.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2016, ownCloud, Inc.
  5. *
  6. * @author Lukas Reschke <lukas@statuscode.ch>
  7. * @author Morris Jobke <hey@morrisjobke.de>
  8. * @author Roeland Jago Douma <roeland@famdouma.nl>
  9. *
  10. * @license AGPL-3.0
  11. *
  12. * This code is free software: you can redistribute it and/or modify
  13. * it under the terms of the GNU Affero General Public License, version 3,
  14. * as published by the Free Software Foundation.
  15. *
  16. * This program is distributed in the hope that it will be useful,
  17. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  19. * GNU Affero General Public License for more details.
  20. *
  21. * You should have received a copy of the GNU Affero General Public License, version 3,
  22. * along with this program. If not, see <http://www.gnu.org/licenses/>
  23. *
  24. */
  25. namespace OC\Security;
  26. use OCP\IConfig;
  27. use OCP\Security\IHasher;
  28. /**
  29. * Class Hasher provides some basic hashing functions. Furthermore, it supports legacy hashes
  30. * used by previous versions of ownCloud and helps migrating those hashes to newer ones.
  31. *
  32. * The hashes generated by this class are prefixed (version|hash) with a version parameter to allow possible
  33. * updates in the future.
  34. * Possible versions:
  35. * - 1 (Initial version)
  36. *
  37. * Usage:
  38. * // Hashing a message
  39. * $hash = \OC::$server->getHasher()->hash('MessageToHash');
  40. * // Verifying a message - $newHash will contain the newly calculated hash
  41. * $newHash = null;
  42. * var_dump(\OC::$server->getHasher()->verify('a', '86f7e437faa5a7fce15d1ddcb9eaeaea377667b8', $newHash));
  43. * var_dump($newHash);
  44. *
  45. * @package OC\Security
  46. */
  47. class Hasher implements IHasher {
  48. /** @var IConfig */
  49. private $config;
  50. /** @var array Options passed to password_hash and password_needs_rehash */
  51. private $options = [];
  52. /** @var string Salt used for legacy passwords */
  53. private $legacySalt = null;
  54. /**
  55. * @param IConfig $config
  56. */
  57. public function __construct(IConfig $config) {
  58. $this->config = $config;
  59. if (\defined('PASSWORD_ARGON2I')) {
  60. // password_hash fails, when the minimum values are undershot.
  61. // In this case, apply minimum.
  62. $this->options['threads'] = max($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS), 1);
  63. // The minimum memory cost is 8 KiB per thread.
  64. $this->options['memory_cost'] = max($this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST), $this->options['threads'] * 8);
  65. $this->options['time_cost'] = max($this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST), 1);
  66. }
  67. $hashingCost = $this->config->getSystemValue('hashingCost', null);
  68. if(!\is_null($hashingCost)) {
  69. $this->options['cost'] = $hashingCost;
  70. }
  71. }
  72. /**
  73. * Hashes a message using PHP's `password_hash` functionality.
  74. * Please note that the size of the returned string is not guaranteed
  75. * and can be up to 255 characters.
  76. *
  77. * @param string $message Message to generate hash from
  78. * @return string Hash of the message with appended version parameter
  79. */
  80. public function hash(string $message): string {
  81. if (\defined('PASSWORD_ARGON2I')) {
  82. return 2 . '|' . password_hash($message, PASSWORD_ARGON2I, $this->options);
  83. } else {
  84. return 1 . '|' . password_hash($message, PASSWORD_BCRYPT, $this->options);
  85. }
  86. }
  87. /**
  88. * Get the version and hash from a prefixedHash
  89. * @param string $prefixedHash
  90. * @return null|array Null if the hash is not prefixed, otherwise array('version' => 1, 'hash' => 'foo')
  91. */
  92. protected function splitHash(string $prefixedHash) {
  93. $explodedString = explode('|', $prefixedHash, 2);
  94. if(\count($explodedString) === 2) {
  95. if((int)$explodedString[0] > 0) {
  96. return ['version' => (int)$explodedString[0], 'hash' => $explodedString[1]];
  97. }
  98. }
  99. return null;
  100. }
  101. /**
  102. * Verify legacy hashes
  103. * @param string $message Message to verify
  104. * @param string $hash Assumed hash of the message
  105. * @param null|string &$newHash Reference will contain the updated hash
  106. * @return bool Whether $hash is a valid hash of $message
  107. */
  108. protected function legacyHashVerify($message, $hash, &$newHash = null): bool {
  109. if(empty($this->legacySalt)) {
  110. $this->legacySalt = $this->config->getSystemValue('passwordsalt', '');
  111. }
  112. // Verify whether it matches a legacy PHPass or SHA1 string
  113. $hashLength = \strlen($hash);
  114. if(($hashLength === 60 && password_verify($message.$this->legacySalt, $hash)) ||
  115. ($hashLength === 40 && hash_equals($hash, sha1($message)))) {
  116. $newHash = $this->hash($message);
  117. return true;
  118. }
  119. return false;
  120. }
  121. /**
  122. * Verify V1 (blowfish) hashes
  123. * @param string $message Message to verify
  124. * @param string $hash Assumed hash of the message
  125. * @param null|string &$newHash Reference will contain the updated hash if necessary. Update the existing hash with this one.
  126. * @return bool Whether $hash is a valid hash of $message
  127. */
  128. protected function verifyHashV1(string $message, string $hash, &$newHash = null): bool {
  129. if(password_verify($message, $hash)) {
  130. $algo = PASSWORD_BCRYPT;
  131. if (\defined('PASSWORD_ARGON2I')) {
  132. $algo = PASSWORD_ARGON2I;
  133. }
  134. if(password_needs_rehash($hash, $algo, $this->options)) {
  135. $newHash = $this->hash($message);
  136. }
  137. return true;
  138. }
  139. return false;
  140. }
  141. /**
  142. * Verify V2 (argon2i) hashes
  143. * @param string $message Message to verify
  144. * @param string $hash Assumed hash of the message
  145. * @param null|string &$newHash Reference will contain the updated hash if necessary. Update the existing hash with this one.
  146. * @return bool Whether $hash is a valid hash of $message
  147. */
  148. protected function verifyHashV2(string $message, string $hash, &$newHash = null) : bool {
  149. if(password_verify($message, $hash)) {
  150. if(password_needs_rehash($hash, PASSWORD_ARGON2I, $this->options)) {
  151. $newHash = $this->hash($message);
  152. }
  153. return true;
  154. }
  155. return false;
  156. }
  157. /**
  158. * @param string $message Message to verify
  159. * @param string $hash Assumed hash of the message
  160. * @param null|string &$newHash Reference will contain the updated hash if necessary. Update the existing hash with this one.
  161. * @return bool Whether $hash is a valid hash of $message
  162. */
  163. public function verify(string $message, string $hash, &$newHash = null): bool {
  164. $splittedHash = $this->splitHash($hash);
  165. if(isset($splittedHash['version'])) {
  166. switch ($splittedHash['version']) {
  167. case 2:
  168. return $this->verifyHashV2($message, $splittedHash['hash'], $newHash);
  169. case 1:
  170. return $this->verifyHashV1($message, $splittedHash['hash'], $newHash);
  171. }
  172. } else {
  173. return $this->legacyHashVerify($message, $hash, $newHash);
  174. }
  175. return false;
  176. }
  177. }