From: Max Semenik Date: Sat, 1 Dec 2018 02:21:03 +0000 (-0800) Subject: PasswordPbkdf2: remove the 'use-hash-extension' option X-Git-Tag: 1.34.0-rc.0~3342^2 X-Git-Url: http://git.cyclocoop.org/?a=commitdiff_plain;h=9c4ce7e1cfc60509bc1ab7e723180b86c3aec22b;p=lhc%2Fweb%2Fwiklou.git PasswordPbkdf2: remove the 'use-hash-extension' option It's misleading because even with this option the Hash extension is still required due to usage of hash_hmac(), it's just to allow this class to work on pre-5.5 PHP that had hash_hmac() but not hash_pbkdf(). Since we require 7.0, this option doesn't do anything anymore. Change-Id: Ib60ab9377b44d78b7147c6139b07dc5467da007c --- diff --git a/includes/password/Pbkdf2Password.php b/includes/password/Pbkdf2Password.php index 60650452fc..ce684ded40 100644 --- a/includes/password/Pbkdf2Password.php +++ b/includes/password/Pbkdf2Password.php @@ -41,54 +41,21 @@ class Pbkdf2Password extends ParameterizedPassword { return ':'; } - protected function shouldUseHashExtension() { - return $this->config['use-hash-extension'] ?? function_exists( 'hash_pbkdf2' ); - } - public function crypt( $password ) { if ( count( $this->args ) == 0 ) { $this->args[] = base64_encode( random_bytes( 16 ) ); } - if ( $this->shouldUseHashExtension() ) { - $hash = hash_pbkdf2( - $this->params['algo'], - $password, - base64_decode( $this->args[0] ), - (int)$this->params['rounds'], - (int)$this->params['length'], - true - ); - if ( !is_string( $hash ) ) { - throw new PasswordError( 'Error when hashing password.' ); - } - } else { - $hashLenHash = hash( $this->params['algo'], '', true ); - if ( !is_string( $hashLenHash ) ) { - throw new PasswordError( 'Error when hashing password.' ); - } - $hashLen = strlen( $hashLenHash ); - $blockCount = ceil( $this->params['length'] / $hashLen ); - - $hash = ''; - $salt = base64_decode( $this->args[0] ); - for ( $i = 1; $i <= $blockCount; ++$i ) { - $roundTotal = $lastRound = hash_hmac( - $this->params['algo'], - $salt . pack( 'N', $i ), - $password, - true - ); - - for ( $j = 1; $j < $this->params['rounds']; ++$j ) { - $lastRound = hash_hmac( $this->params['algo'], $lastRound, $password, true ); - $roundTotal ^= $lastRound; - } - - $hash .= $roundTotal; - } - - $hash = substr( $hash, 0, $this->params['length'] ); + $hash = hash_pbkdf2( + $this->params['algo'], + $password, + base64_decode( $this->args[0] ), + (int)$this->params['rounds'], + (int)$this->params['length'], + true + ); + if ( !is_string( $hash ) ) { + throw new PasswordError( 'Error when hashing password.' ); } $this->hash = base64_encode( $hash ); diff --git a/tests/phpunit/includes/password/Pbkdf2PasswordFallbackTest.php b/tests/phpunit/includes/password/Pbkdf2PasswordFallbackTest.php index cf851c8113..7a47f4c7d6 100644 --- a/tests/phpunit/includes/password/Pbkdf2PasswordFallbackTest.php +++ b/tests/phpunit/includes/password/Pbkdf2PasswordFallbackTest.php @@ -13,7 +13,6 @@ class Pbkdf2PasswordFallbackTest extends PasswordTestCase { 'algo' => 'sha256', 'cost' => '10000', 'length' => '128', - 'use-hash-extension' => false, ], ]; } diff --git a/tests/phpunit/includes/password/Pbkdf2PasswordTest.php b/tests/phpunit/includes/password/Pbkdf2PasswordTest.php index 7e97ab1af9..9e8b830ff3 100644 --- a/tests/phpunit/includes/password/Pbkdf2PasswordTest.php +++ b/tests/phpunit/includes/password/Pbkdf2PasswordTest.php @@ -14,7 +14,6 @@ class Pbkdf2PasswordTest extends PasswordTestCase { 'algo' => 'sha256', 'cost' => '10000', 'length' => '128', - 'use-hash-extension' => true, ] ]; }