Add support of argon2i & argon2id password hash types

Closes pull-request #158
This commit is contained in:
Benjamin Renard 2022-04-27 14:43:14 +02:00 committed by Deon George
parent 9488fe2ed7
commit 43bac58990
3 changed files with 36 additions and 0 deletions

View File

@ -93,6 +93,8 @@
'ssha512'=>'ssha512', 'ssha512'=>'ssha512',
'sha256crypt'=>'sha256crypt', 'sha256crypt'=>'sha256crypt',
'sha512crypt'=>'sha512crypt', 'sha512crypt'=>'sha512crypt',
'argon2i'=>'argon2i',
'argon2id'=>'argon2id',
)*/ )*/
# $config->custom->password['available_types'] = array(''=>'clear','md5'=>'md5'); # $config->custom->password['available_types'] = array(''=>'clear','md5'=>'md5');

View File

@ -576,6 +576,8 @@ class Config {
'ssha512'=>'ssha512', 'ssha512'=>'ssha512',
'sha256crypt'=>'sha256crypt', 'sha256crypt'=>'sha256crypt',
'sha512crypt'=>'sha512crypt', 'sha512crypt'=>'sha512crypt',
'argon2i'=>'argon2i',
'argon2id'=>'argon2id',
)); ));
/** Search display /** Search display

View File

@ -2299,6 +2299,20 @@ function pla_password_hash($password_clear,$enc_type) {
break; break;
case 'argon2i':
if (! defined('PASSWORD_ARGON2I'))
error(_('Your system does not support argon2i encryption (PHP 7.2 or upper is required).'),'error','index.php');
$new_value = sprintf('{ARGON2}%s',password_hash($password_clear,PASSWORD_ARGON2I));
break;
case 'argon2id':
if (! defined('PASSWORD_ARGON2ID'))
error(_('Your system does not support argon2id encryption (PHP 7.3 or upper is required).'),'error','index.php');
$new_value = sprintf('{ARGON2}%s',password_hash($password_clear,PASSWORD_ARGON2ID));
break;
case 'clear': case 'clear':
default: default:
$new_value = $password_clear; $new_value = $password_clear;
@ -2534,6 +2548,14 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword
break; break;
# Argon2 crypted passwords
case 'argon2':
if (password_verify($plainpassword, $cryptedpassword))
return true;
else
return false;
break;
# No crypt is given assume plaintext passwords are used # No crypt is given assume plaintext passwords are used
default: default:
if ($plainpassword == $cryptedpassword) if ($plainpassword == $cryptedpassword)
@ -2577,6 +2599,16 @@ function get_enc_type($user_password) {
elseif (preg_match('/{[^}]+}_+/',$user_password)) elseif (preg_match('/{[^}]+}_+/',$user_password))
$enc_type = 'ext_des'; $enc_type = 'ext_des';
}
elseif (strcasecmp($enc_type,'argon2') == 0) {
if (preg_match('/{ARGON2}\$argon2i\$/',$user_password))
$enc_type = 'argon2i';
elseif (preg_match('/{ARGON2}\$argon2id\$/',$user_password))
$enc_type = 'argon2id';
} }
return $enc_type; return $enc_type;