MediaWiki REL1_34
Argon2Password.php
Go to the documentation of this file.
1<?php
2
3use Wikimedia\Assert\Assert;
4
30class Argon2Password extends Password {
34 private static $knownOptions = [
35 'memory_cost' => null,
36 'time_cost' => null,
37 'threads' => null,
38 ];
39
43 protected function isSupported() {
44 // It is actually possible to have a PHP build with Argon2i but not Argon2id
45 return defined( 'PASSWORD_ARGON2I' ) || defined( 'PASSWORD_ARGON2ID' );
46 }
47
51 private function prepareParams() {
52 switch ( $this->config['algo'] ) {
53 case 'argon2i':
54 $algo = PASSWORD_ARGON2I;
55 break;
56 case 'argon2id':
57 $algo = PASSWORD_ARGON2ID;
58 break;
59 case 'auto':
60 $algo = defined( 'PASSWORD_ARGON2ID' ) ? PASSWORD_ARGON2ID : PASSWORD_ARGON2I;
61 break;
62 default:
63 throw new LogicException( "Unexpected algo: {$this->config['algo']}" );
64
65 }
66
67 $params = array_intersect_key( $this->config, self::$knownOptions );
68
69 return [ $algo, $params ];
70 }
71
75 public function crypt( $password ) {
76 list( $algo, $params ) = $this->prepareParams();
77 $this->hash = password_hash( $password, $algo, $params );
78 }
79
83 public function equals( $other ) {
84 wfDeprecated( __METHOD__, '1.33' );
85
86 if ( is_string( $other ) ) {
87 return $this->verify( $other );
88 }
89
90 // Argon2 key derivation is not deterministic, can't pass objects to equals()
91 return false;
92 }
93
97 public function verify( $password ) {
98 Assert::parameterType( 'string', $password, '$password' );
99
100 return password_verify( $password, $this->hash );
101 }
102
106 public function toString() {
107 $res = ":argon2:{$this->hash}";
108 $this->assertIsSafeSize( $res );
109 return $res;
110 }
111
115 public function needsUpdate() {
116 list( $algo, $params ) = $this->prepareParams();
117 return password_needs_rehash( $this->hash, $algo, $params );
118 }
119}
wfDeprecated
wfDeprecated( $function, $version=false, $component=false, $callerOffset=2)
Throws a warning that $function is deprecated.
Definition GlobalFunctions.php:1044
Argon2Password
Implements Argon2, a modern key derivation algorithm designed to resist GPU cracking and side-channel...
Definition Argon2Password.php:30
Argon2Password\toString
toString()
Convert this hash to a string that can be stored in the database.The resulting string should be consi...
Definition Argon2Password.php:106
Argon2Password\equals
equals( $other)
Compare one Password object to this object.By default, do a timing-safe string comparison on the resu...
Definition Argon2Password.php:83
Argon2Password\needsUpdate
needsUpdate()
Determine if the hash needs to be updated.bool True if needs update, false otherwise
Definition Argon2Password.php:115
Argon2Password\crypt
crypt( $password)
Hash a password and store the result in this object.The result of the password hash should be put int...
Definition Argon2Password.php:75
Argon2Password\isSupported
isSupported()
Whether current password type is supported on this system.bool
Definition Argon2Password.php:43
Argon2Password\verify
verify( $password)
Checks whether the given password matches the hash stored in this object.bool
Definition Argon2Password.php:97
Argon2Password\$knownOptions
static null[] $knownOptions
Array with known password_hash() option names as keys.
Definition Argon2Password.php:34
Password
Represents a password hash for use in authentication.
Definition Password.php:61
Password\assertIsSafeSize
assertIsSafeSize( $hash)
Assert that hash will fit in a tinyblob field.
Definition Password.php:218