Skip to content

Implement GH-13514 PASSWORD_ARGON2 from OpenSSL 3.2 #13635

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Sep 2, 2024
Merged

Implement GH-13514 PASSWORD_ARGON2 from OpenSSL 3.2 #13635

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
3c04dfc
Implement GH-13514 PASSWORD_ARGON2 from OpenSSL 3.2
remicollet Mar 8, 2024
7893c82
simplify init/shutdown
remicollet Mar 12, 2024
2ac0b04
use php_base64_encode_ex
remicollet Mar 26, 2024
0460a1e
- rename macros - use openssl RAND_bytes - CS
remicollet Apr 2, 2024
668b3f0
add --with-openssl-argon2 build option
remicollet Jul 19, 2024
3b67b4e
check OSSL_KDF_PARAM_ARGON2_LANES instead of OSSL_set_max_threads
remicollet Aug 19, 2024
ddcc40f
Cleanup and CS
remicollet Aug 19, 2024
74880be
save/restore old threads config + CS
remicollet Aug 25, 2024
0dd9cc7
remove unneeded check
remicollet Sep 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
- rename macros - use openssl RAND_bytes - CS
  • Loading branch information
@remicollet
remicollet committed Aug 19, 2024
commit 0460a1e1d055565acf70d0bc28de135bb2d43f68
105 changes: 55 additions & 50 deletions ext/openssl/openssl_pwhash.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,51 +31,52 @@
#include <openssl/core_names.h>
#include <openssl/kdf.h>
#include <openssl/thread.h>
#include <openssl/rand.h>

#define MEMLIMIT_MIN 8u
#define MEMLIMIT_MAX UINT32_MAX
#define OPSLIMIT_MIN 1u
#define OPSLIMIT_MAX UINT32_MAX
#define THREADS_MIN 1u
#define THREADS_MAX UINT32_MAX
#define PHP_OPENSSL_MEMLIMIT_MIN 8u
#define PHP_OPENSSL_MEMLIMIT_MAX UINT32_MAX
#define PHP_OPENSSL_ITERLIMIT_MIN 1u
#define PHP_OPENSSL_ITERLIMIT_MAX UINT32_MAX
#define PHP_OPENSSL_THREADS_MIN 1u
#define PHP_OPENSSL_THREADS_MAX UINT32_MAX

#define ARGON_VERSION 0x13
#define PHP_OPENSSL_ARGON_VERSION 0x13

#define SALT_SIZE 16
#define HASH_SIZE 32
#define DIGEST_SIZE 128
#define PHP_OPENSSL_SALT_SIZE 16
#define PHP_OPENSSL_HASH_SIZE 32
#define PHP_OPENSSL_DIGEST_SIZE 128

static inline int get_options(zend_array *options, uint32_t *memlimit, uint32_t *opslimit, uint32_t *threads)
static inline zend_result get_options(zend_array *options, uint32_t *memlimit, uint32_t *iterlimit, uint32_t *threads)
{
zval *opt;

*opslimit = PHP_OPENSSL_PWHASH_OPSLIMIT;
*memlimit = PHP_OPENSSL_PWHASH_MEMLIMIT;
*threads = PHP_OPENSSL_PWHASH_THREADS;
*iterlimit = PHP_OPENSSL_PWHASH_ITERLIMIT;
*memlimit = PHP_OPENSSL_PWHASH_MEMLIMIT;
*threads = PHP_OPENSSL_PWHASH_THREADS;

if (!options) {
return SUCCESS;
}
if ((opt = zend_hash_str_find(options, "memory_cost", strlen("memory_cost")))) {
zend_long smemlimit = zval_get_long(opt);

if ((smemlimit < 0) || (smemlimit < MEMLIMIT_MIN) || (smemlimit > (MEMLIMIT_MAX))) {
if ((smemlimit < 0) || (smemlimit < PHP_OPENSSL_MEMLIMIT_MIN) || (smemlimit > (PHP_OPENSSL_MEMLIMIT_MAX))) {
zend_value_error("Memory cost is outside of allowed memory range");
return FAILURE;
}
*memlimit = smemlimit;
}
if ((opt = zend_hash_str_find(options, "time_cost", strlen("time_cost")))) {
zend_long sopslimit = zval_get_long(opt);
if ((sopslimit < OPSLIMIT_MIN) || (sopslimit > OPSLIMIT_MAX)) {
zend_long siterlimit = zval_get_long(opt);
if ((siterlimit < PHP_OPENSSL_ITERLIMIT_MIN) || (siterlimit > PHP_OPENSSL_ITERLIMIT_MAX)) {
zend_value_error("Time cost is outside of allowed time range");
return FAILURE;
}
*opslimit = sopslimit;
*iterlimit = siterlimit;
}
if ((opt = zend_hash_str_find(options, "threads", strlen("threads"))) && (zval_get_long(opt) != 1)) {
zend_long sthreads = zval_get_long(opt);
if ((sthreads < THREADS_MIN) || (sthreads > THREADS_MAX)) {
if ((sthreads < PHP_OPENSSL_THREADS_MIN) || (sthreads > PHP_OPENSSL_THREADS_MAX)) {
zend_value_error("Invalid number of threads");
return FAILURE;
}
Expand All @@ -86,19 +87,22 @@ static inline int get_options(zend_array *options, uint32_t *memlimit, uint32_t

static bool php_openssl_argon2_compute_hash(
const char *algo,
uint32_t version, uint32_t memlimit, uint32_t opslimit, uint32_t threads,
uint32_t version, uint32_t memlimit, uint32_t iterlimit, uint32_t threads,
const char *pass, size_t pass_len,
const unsigned char *salt, size_t salt_len,
unsigned char *hash, size_t hash_len)
{
OSSL_PARAM params[7], *p = params;
OSSL_LIB_CTX *ctx = NULL;
EVP_KDF *kdf = NULL;
EVP_KDF_CTX *kctx = NULL;
bool ret = false;


if (threads > 1) {
if (OSSL_set_max_threads(NULL, threads) != 1) {
if ((ctx = OSSL_LIB_CTX_new()) == NULL) {
goto fail;
}
if (OSSL_set_max_threads(ctx, threads) != 1) {
goto fail;
}
}
Expand All @@ -108,76 +112,77 @@ static bool php_openssl_argon2_compute_hash(
*p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_ARGON2_LANES,
&threads);
*p++= OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_ITER,
&opslimit);
&iterlimit);
*p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_ARGON2_MEMCOST,
&memlimit);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
(void *)salt, salt_len);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
(void *)pass, pass_len);
*p++ = OSSL_PARAM_construct_end();
*p++ = OSSL_PARAM_construct_end();

if ((kdf = EVP_KDF_fetch(NULL, algo, NULL)) == NULL) {
if ((kdf = EVP_KDF_fetch(ctx, algo, NULL)) == NULL) {
goto fail;
}
if ((kctx = EVP_KDF_CTX_new(kdf)) == NULL) {
goto fail;
}
if (EVP_KDF_derive(kctx, hash, hash_len, params) != 1) {
if (EVP_KDF_derive(kctx, hash, hash_len, params) != 1) {
zend_value_error("Unexpected failure hashing password");
goto fail;
}

ret = true;

fail:
EVP_KDF_free(kdf);
EVP_KDF_CTX_free(kctx);
EVP_KDF_free(kdf);
EVP_KDF_CTX_free(kctx);

if (threads > 1) {
OSSL_set_max_threads(NULL, 0);
OSSL_set_max_threads(ctx, 0);
OSSL_LIB_CTX_free(ctx);
}
return ret;
}

static zend_string *php_openssl_argon2_hash(const zend_string *password, zend_array *options, const char *algo)
{
uint32_t opslimit, memlimit, threads, version = ARGON_VERSION;
uint32_t iterlimit, memlimit, threads, version = PHP_OPENSSL_ARGON_VERSION;
zend_string *digest = NULL, *salt64 = NULL, *hash64 = NULL;
unsigned char hash[HASH_SIZE+1], salt[SALT_SIZE+1];
unsigned char hash[PHP_OPENSSL_HASH_SIZE+1], salt[PHP_OPENSSL_SALT_SIZE+1];

if ((ZSTR_LEN(password) >= UINT32_MAX)) {
zend_value_error("Password is too long");
return NULL;
}
if (get_options(options, &memlimit, &opslimit, &threads) == FAILURE) {
if (get_options(options, &memlimit, &iterlimit, &threads) == FAILURE) {
return NULL;
}
if (FAILURE == php_random_bytes_throw(salt, SALT_SIZE)) {
if (RAND_bytes(salt, PHP_OPENSSL_SALT_SIZE) <= 0) {
return NULL;
}

if (!php_openssl_argon2_compute_hash(algo, version, memlimit, opslimit, threads,
ZSTR_VAL(password), ZSTR_LEN(password), salt, SALT_SIZE, hash, HASH_SIZE)) {
if (!php_openssl_argon2_compute_hash(algo, version, memlimit, iterlimit, threads,
ZSTR_VAL(password), ZSTR_LEN(password), salt, PHP_OPENSSL_SALT_SIZE, hash, PHP_OPENSSL_HASH_SIZE)) {
return NULL;
}

hash64 = php_base64_encode_ex(hash, HASH_SIZE, PHP_BASE64_NO_PADDING);
hash64 = php_base64_encode_ex(hash, PHP_OPENSSL_HASH_SIZE, PHP_BASE64_NO_PADDING);

salt64 = php_base64_encode_ex(salt, SALT_SIZE, PHP_BASE64_NO_PADDING);
salt64 = php_base64_encode_ex(salt, PHP_OPENSSL_SALT_SIZE, PHP_BASE64_NO_PADDING);

digest = zend_string_alloc(DIGEST_SIZE, 0);
digest = zend_string_alloc(PHP_OPENSSL_DIGEST_SIZE, 0);
ZSTR_LEN(digest) = snprintf(ZSTR_VAL(digest), ZSTR_LEN(digest), "$%s$v=%d$m=%u,t=%u,p=%u$%s$%s",
algo, version, memlimit, opslimit, threads, ZSTR_VAL(salt64), ZSTR_VAL(hash64));
algo, version, memlimit, iterlimit, threads, ZSTR_VAL(salt64), ZSTR_VAL(hash64));

zend_string_release(salt64);
zend_string_release(hash64);

return digest;
return digest;
}

static int php_openssl_argon2_extract(
const zend_string *digest, uint32_t *version, uint32_t *memlimit, uint32_t *opslimit,
const zend_string *digest, uint32_t *version, uint32_t *memlimit, uint32_t *iterlimit,
uint32_t *threads, zend_string **salt, zend_string **hash)
{
const char *p;
Expand All @@ -195,7 +200,7 @@ static int php_openssl_argon2_extract(
return FAILURE;
}
if (sscanf(p, "v=%" PRIu32 "$m=%" PRIu32 ",t=%" PRIu32 ",p=%" PRIu32,
version, memlimit, opslimit, threads) != 4) {
version, memlimit, iterlimit, threads) != 4) {
return FAILURE;
}
if (salt && hash) {
Expand Down Expand Up @@ -226,19 +231,19 @@ static int php_openssl_argon2_extract(

static bool php_openssl_argon2_verify(const zend_string *password, const zend_string *digest, const char *algo)
{
uint32_t version, opslimit, memlimit, threads;
uint32_t version, iterlimit, memlimit, threads;
zend_string *salt, *hash, *new;
bool ret = false;

if ((ZSTR_LEN(password) >= UINT32_MAX) || (ZSTR_LEN(digest) >= UINT32_MAX)) {
return false;
}
if (FAILURE == php_openssl_argon2_extract(digest, &version, &memlimit, &opslimit, &threads, &salt, &hash)) {
if (FAILURE == php_openssl_argon2_extract(digest, &version, &memlimit, &iterlimit, &threads, &salt, &hash)) {
return false;
}

new = zend_string_alloc(ZSTR_LEN(hash), 0);
if (php_openssl_argon2_compute_hash(algo, version, memlimit, opslimit, threads,
if (php_openssl_argon2_compute_hash(algo, version, memlimit, iterlimit, threads,
ZSTR_VAL(password), ZSTR_LEN(password), (unsigned char *)ZSTR_VAL(salt),
ZSTR_LEN(salt), (unsigned char *)ZSTR_VAL(new), ZSTR_LEN(new))) {
ret = (php_safe_bcmp(hash, new) == 0);
Expand All @@ -263,19 +268,19 @@ static bool php_openssl_argon2id_verify(const zend_string *password, const zend_

static bool php_openssl_argon2_needs_rehash(const zend_string *hash, zend_array *options)
{
uint32_t version, opslimit, memlimit, threads;
uint32_t new_version = ARGON_VERSION, new_opslimit, new_memlimit, new_threads;
uint32_t version, iterlimit, memlimit, threads;
uint32_t new_version = PHP_OPENSSL_ARGON_VERSION, new_iterlimit, new_memlimit, new_threads;

if (FAILURE == get_options(options, &new_memlimit, &new_opslimit, &new_threads)) {
if (FAILURE == get_options(options, &new_memlimit, &new_iterlimit, &new_threads)) {
return true;
}
if (FAILURE == php_openssl_argon2_extract(hash, &version, &memlimit, &opslimit, &threads, NULL, NULL)) {
if (FAILURE == php_openssl_argon2_extract(hash, &version, &memlimit, &iterlimit, &threads, NULL, NULL)) {
return true;
}

// Algo already checked in pasword_needs_rehash implementation
return (version != new_version) ||
(opslimit != new_opslimit) ||
(iterlimit != new_iterlimit) ||
(memlimit != new_memlimit) ||
(threads != new_threads);
}
Expand Down
2 changes: 1 addition & 1 deletion ext/openssl/openssl_pwhash.stub.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
const PASSWORD_ARGON2_DEFAULT_MEMORY_COST = UNKNOWN;
/**
* @var int
* @cvalue PHP_OPENSSL_PWHASH_OPSLIMIT
* @cvalue PHP_OPENSSL_PWHASH_ITERLIMIT
*/
const PASSWORD_ARGON2_DEFAULT_TIME_COST = UNKNOWN;
/**
Expand Down
4 changes: 2 additions & 2 deletions ext/openssl/openssl_pwhash_arginfo.h
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions ext/openssl/php_openssl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,9 +172,9 @@ static inline php_openssl_certificate_object *php_openssl_certificate_from_obj(z
#define PHP_OPENSSL_PWHASH_MEMLIMIT (64 << 10)
#endif
#if defined(PHP_PASSWORD_ARGON2_TIME_COST)
#define PHP_OPENSSL_PWHASH_OPSLIMIT PHP_PASSWORD_ARGON2_TIME_COST
#define PHP_OPENSSL_PWHASH_ITERLIMIT PHP_PASSWORD_ARGON2_TIME_COST
#else
#define PHP_OPENSSL_PWHASH_OPSLIMIT 4
#define PHP_OPENSSL_PWHASH_ITERLIMIT 4
#endif
#if defined(PHP_PASSWORD_ARGON2_THREADS)
#define PHP_OPENSSL_PWHASH_THREADS PHP_PASSWORD_ARGON2_THREADS
Expand Down