MediaWiki  1.34.0
Argon2Password.php
Go to the documentation of this file.
1 <?php
2 
3 use Wikimedia\Assert\Assert;
4 
30 class Argon2Password extends Password {
34  private static $knownOptions = [
35  'memory_cost' => null,
36  'time_cost' => null,
37  'threads' => null,
38  ];
39 
43  protected function isSupported() {
44  // It is actually possible to have a PHP build with Argon2i but not Argon2id
45  return defined( 'PASSWORD_ARGON2I' ) || defined( 'PASSWORD_ARGON2ID' );
46  }
47 
51  private function prepareParams() {
52  switch ( $this->config['algo'] ) {
53  case 'argon2i':
54  $algo = PASSWORD_ARGON2I;
55  break;
56  case 'argon2id':
57  $algo = PASSWORD_ARGON2ID;
58  break;
59  case 'auto':
60  $algo = defined( 'PASSWORD_ARGON2ID' ) ? PASSWORD_ARGON2ID : PASSWORD_ARGON2I;
61  break;
62  default:
63  throw new LogicException( "Unexpected algo: {$this->config['algo']}" );
64 
65  }
66 
67  $params = array_intersect_key( $this->config, self::$knownOptions );
68 
69  return [ $algo, $params ];
70  }
71 
75  public function crypt( $password ) {
76  list( $algo, $params ) = $this->prepareParams();
77  $this->hash = password_hash( $password, $algo, $params );
78  }
79 
83  public function equals( $other ) {
84  wfDeprecated( __METHOD__, '1.33' );
85 
86  if ( is_string( $other ) ) {
87  return $this->verify( $other );
88  }
89 
90  // Argon2 key derivation is not deterministic, can't pass objects to equals()
91  return false;
92  }
93 
97  public function verify( $password ) {
98  Assert::parameterType( 'string', $password, '$password' );
99 
100  return password_verify( $password, $this->hash );
101  }
102 
106  public function toString() {
107  $res = ":argon2:{$this->hash}";
108  $this->assertIsSafeSize( $res );
109  return $res;
110  }
111 
115  public function needsUpdate() {
116  list( $algo, $params ) = $this->prepareParams();
117  return password_needs_rehash( $this->hash, $algo, $params );
118  }
119 }
Argon2Password
Implements Argon2, a modern key derivation algorithm designed to resist GPU cracking and side-channel...
Definition: Argon2Password.php:30
Argon2Password\equals
equals( $other)
Compare one Password object to this object.By default, do a timing-safe string comparison on the resu...
Definition: Argon2Password.php:83
$res
$res
Definition: testCompression.php:52
Argon2Password\isSupported
isSupported()
Whether current password type is supported on this system.bool
Definition: Argon2Password.php:43
Password\assertIsSafeSize
assertIsSafeSize( $hash)
Assert that hash will fit in a tinyblob field.
Definition: Password.php:218
wfDeprecated
wfDeprecated( $function, $version=false, $component=false, $callerOffset=2)
Throws a warning that $function is deprecated.
Definition: GlobalFunctions.php:1044
Argon2Password\toString
toString()
Convert this hash to a string that can be stored in the database.The resulting string should be consi...
Definition: Argon2Password.php:106
Argon2Password\prepareParams
prepareParams()
Definition: Argon2Password.php:51
Argon2Password\verify
verify( $password)
Checks whether the given password matches the hash stored in this object.Password to check bool
Definition: Argon2Password.php:97
Argon2Password\needsUpdate
needsUpdate()
Determine if the hash needs to be updated.bool True if needs update, false otherwise
Definition: Argon2Password.php:115
Argon2Password\$knownOptions
static null[] $knownOptions
Array with known password_hash() option names as keys.
Definition: Argon2Password.php:34
Password
Represents a password hash for use in authentication.
Definition: Password.php:61
Argon2Password\crypt
crypt( $password)
Hash a password and store the result in this object.The result of the password hash should be put int...
Definition: Argon2Password.php:75