From 8eb99e66bb046fd6093c6f160efde6dc309a90af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcin=20=C5=81ojewski?= <marcin.lojewski@mlojewski.me>
Date: Sun, 16 Dec 2018 16:51:40 +0100
Subject: [PATCH] Handle salt in Crypto classes

---
 lib/Crypto/AbstractAlgorithm.php  | 6 +++---
 lib/Crypto/AbstractCrypt.php      | 4 ++--
 lib/Crypto/Cleartext.php          | 2 +-
 lib/Crypto/CourierMD5.php         | 2 +-
 lib/Crypto/CourierMD5Raw.php      | 2 +-
 lib/Crypto/CourierSHA1.php        | 2 +-
 lib/Crypto/CourierSHA256.php      | 2 +-
 lib/Crypto/Crypt.php              | 2 +-
 lib/Crypto/CryptArgon2.php        | 4 ++--
 lib/Crypto/CryptBlowfish.php      | 4 ++--
 lib/Crypto/IPasswordAlgorithm.php | 6 ++++--
 lib/Crypto/Joomla.php             | 4 ++--
 lib/Crypto/MD5.php                | 2 +-
 lib/Crypto/Phpass.php             | 4 ++--
 lib/Crypto/SHA1.php               | 2 +-
 lib/Crypto/SHA256.php             | 2 +-
 lib/Crypto/SHA512.php             | 2 +-
 lib/Crypto/SHA512Whirlpool.php    | 2 +-
 lib/Crypto/SSHA.php               | 4 ++--
 lib/Crypto/WCF2.php               | 4 ++--
 lib/Crypto/Whirlpool.php          | 2 +-
 21 files changed, 33 insertions(+), 31 deletions(-)

diff --git a/lib/Crypto/AbstractAlgorithm.php b/lib/Crypto/AbstractAlgorithm.php
index 9556d78..99f344e 100644
--- a/lib/Crypto/AbstractAlgorithm.php
+++ b/lib/Crypto/AbstractAlgorithm.php
@@ -65,13 +65,13 @@ abstract class AbstractAlgorithm implements IPasswordAlgorithm
     /**
      * @inheritdoc
      */
-    public function checkPassword($password, $dbHash)
+    public function checkPassword($password, $dbHash, $salt = null)
     {
-        return hash_equals($dbHash, $this->getPasswordHash($password));
+        return hash_equals($dbHash, $this->getPasswordHash($password, $salt));
     }
 
     /**
      * @inheritdoc
      */
-    public abstract function getPasswordHash($password);
+    public abstract function getPasswordHash($password, $salt = null);
 }
diff --git a/lib/Crypto/AbstractCrypt.php b/lib/Crypto/AbstractCrypt.php
index e27e957..4bf3f43 100644
--- a/lib/Crypto/AbstractCrypt.php
+++ b/lib/Crypto/AbstractCrypt.php
@@ -38,7 +38,7 @@ abstract class AbstractCrypt extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function checkPassword($password, $dbHash)
+    public function checkPassword($password, $dbHash, $salt = null)
     {
         return hash_equals($dbHash, crypt($password, $dbHash));
     }
@@ -46,7 +46,7 @@ abstract class AbstractCrypt extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return crypt($password, $this->getSalt());
     }
diff --git a/lib/Crypto/Cleartext.php b/lib/Crypto/Cleartext.php
index e33d919..b1dd98c 100644
--- a/lib/Crypto/Cleartext.php
+++ b/lib/Crypto/Cleartext.php
@@ -43,7 +43,7 @@ class Cleartext extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return $password;
     }
diff --git a/lib/Crypto/CourierMD5.php b/lib/Crypto/CourierMD5.php
index c2463e3..95d8799 100644
--- a/lib/Crypto/CourierMD5.php
+++ b/lib/Crypto/CourierMD5.php
@@ -43,7 +43,7 @@ class CourierMD5 extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return '{MD5}' . Utils::hexToBase64(md5($password));
     }
diff --git a/lib/Crypto/CourierMD5Raw.php b/lib/Crypto/CourierMD5Raw.php
index 094eab3..491be5c 100644
--- a/lib/Crypto/CourierMD5Raw.php
+++ b/lib/Crypto/CourierMD5Raw.php
@@ -43,7 +43,7 @@ class CourierMD5Raw extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return '{MD5RAW}' . md5($password);
     }
diff --git a/lib/Crypto/CourierSHA1.php b/lib/Crypto/CourierSHA1.php
index 6a96a44..f66b7c6 100644
--- a/lib/Crypto/CourierSHA1.php
+++ b/lib/Crypto/CourierSHA1.php
@@ -43,7 +43,7 @@ class CourierSHA1 extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return '{SHA}' . Utils::hexToBase64(sha1($password));
     }
diff --git a/lib/Crypto/CourierSHA256.php b/lib/Crypto/CourierSHA256.php
index 081cd9d..bbf8c72 100644
--- a/lib/Crypto/CourierSHA256.php
+++ b/lib/Crypto/CourierSHA256.php
@@ -43,7 +43,7 @@ class CourierSHA256 extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return '{SHA256}' . Utils::hexToBase64(hash('sha256', $password));
     }
diff --git a/lib/Crypto/Crypt.php b/lib/Crypto/Crypt.php
index c28763a..3c8227d 100644
--- a/lib/Crypto/Crypt.php
+++ b/lib/Crypto/Crypt.php
@@ -44,7 +44,7 @@ class Crypt extends AbstractCrypt
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return password_hash($password, PASSWORD_DEFAULT);
     }
diff --git a/lib/Crypto/CryptArgon2.php b/lib/Crypto/CryptArgon2.php
index ed4aafb..6e086cc 100644
--- a/lib/Crypto/CryptArgon2.php
+++ b/lib/Crypto/CryptArgon2.php
@@ -81,7 +81,7 @@ class CryptArgon2 extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function checkPassword($password, $dbHash)
+    public function checkPassword($password, $dbHash, $salt = null)
     {
         return password_verify($password, $dbHash);
     }
@@ -89,7 +89,7 @@ class CryptArgon2 extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return password_hash(
             $password, PASSWORD_ARGON2I, [
diff --git a/lib/Crypto/CryptBlowfish.php b/lib/Crypto/CryptBlowfish.php
index 6e1b8a5..73a27b1 100644
--- a/lib/Crypto/CryptBlowfish.php
+++ b/lib/Crypto/CryptBlowfish.php
@@ -52,7 +52,7 @@ class CryptBlowfish extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function checkPassword($password, $dbHash)
+    public function checkPassword($password, $dbHash, $salt = null)
     {
         return password_verify($password, $dbHash);
     }
@@ -60,7 +60,7 @@ class CryptBlowfish extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return password_hash(
             $password, PASSWORD_BCRYPT, ["cost" => $this->cost]
diff --git a/lib/Crypto/IPasswordAlgorithm.php b/lib/Crypto/IPasswordAlgorithm.php
index 47ba961..4c5a160 100644
--- a/lib/Crypto/IPasswordAlgorithm.php
+++ b/lib/Crypto/IPasswordAlgorithm.php
@@ -42,18 +42,20 @@ interface IPasswordAlgorithm
      * This value is stored in the database, when the password is changed.
      *
      * @param String $password The new password.
+     * @param String $salt     Optional. Salt value.
      *
      * @return boolean True if the password was hashed successfully, false otherwise.
      */
-    public function getPasswordHash($password);
+    public function getPasswordHash($password, $salt = null);
 
     /**
      * Check password given by the user against hash stored in the database.
      *
      * @param String $password Password given by the user.
      * @param String $dbHash   Password hash stored in the database.
+     * @param String $salt     Optional. Salt value.
      *
      * @return boolean True if the password is correct, false otherwise.
      */
-    public function checkPassword($password, $dbHash);
+    public function checkPassword($password, $dbHash, $salt = null);
 }
diff --git a/lib/Crypto/Joomla.php b/lib/Crypto/Joomla.php
index 46af41c..ddec9ae 100644
--- a/lib/Crypto/Joomla.php
+++ b/lib/Crypto/Joomla.php
@@ -43,7 +43,7 @@ class Joomla extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         $salt = Utils::randomString(
             32, "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
@@ -55,7 +55,7 @@ class Joomla extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function checkPassword($password, $dbHash)
+    public function checkPassword($password, $dbHash, $salt = null)
     {
         return hash_equals($dbHash, self::generateHash($password, $dbHash));
     }
diff --git a/lib/Crypto/MD5.php b/lib/Crypto/MD5.php
index b995b9c..72ea2ce 100644
--- a/lib/Crypto/MD5.php
+++ b/lib/Crypto/MD5.php
@@ -43,7 +43,7 @@ class MD5 extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return md5($password);
     }
diff --git a/lib/Crypto/Phpass.php b/lib/Crypto/Phpass.php
index a430ae3..bea911d 100644
--- a/lib/Crypto/Phpass.php
+++ b/lib/Crypto/Phpass.php
@@ -50,7 +50,7 @@ class Phpass extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function checkPassword($password, $dbHash)
+    public function checkPassword($password, $dbHash, $salt = null)
     {
         return hash_equals($dbHash, $this->crypt($password, $dbHash));
     }
@@ -136,7 +136,7 @@ class Phpass extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return $this->crypt($password, $this->genSalt());
     }
diff --git a/lib/Crypto/SHA1.php b/lib/Crypto/SHA1.php
index 3557f00..9c0c92f 100644
--- a/lib/Crypto/SHA1.php
+++ b/lib/Crypto/SHA1.php
@@ -43,7 +43,7 @@ class SHA1 extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return sha1($password);
     }
diff --git a/lib/Crypto/SHA256.php b/lib/Crypto/SHA256.php
index 7cdf0db..a71bb29 100644
--- a/lib/Crypto/SHA256.php
+++ b/lib/Crypto/SHA256.php
@@ -43,7 +43,7 @@ class SHA256 extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return hash('sha256', $password);
     }
diff --git a/lib/Crypto/SHA512.php b/lib/Crypto/SHA512.php
index ab34ba6..efc655f 100644
--- a/lib/Crypto/SHA512.php
+++ b/lib/Crypto/SHA512.php
@@ -43,7 +43,7 @@ class SHA512 extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return hash('sha512', $password);
     }
diff --git a/lib/Crypto/SHA512Whirlpool.php b/lib/Crypto/SHA512Whirlpool.php
index 666502b..b58bf96 100644
--- a/lib/Crypto/SHA512Whirlpool.php
+++ b/lib/Crypto/SHA512Whirlpool.php
@@ -43,7 +43,7 @@ class SHA512Whirlpool extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return hash('sha512', hash('whirlpool', $password));
     }
diff --git a/lib/Crypto/SSHA.php b/lib/Crypto/SSHA.php
index ddae4b2..ff29f0f 100644
--- a/lib/Crypto/SSHA.php
+++ b/lib/Crypto/SSHA.php
@@ -43,7 +43,7 @@ abstract class SSHA extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function checkPassword($password, $dbHash)
+    public function checkPassword($password, $dbHash, $salt = null)
     {
         $saltedPassword = base64_decode(
             preg_replace("/" . $this->getPrefix() . "/i", "", $dbHash)
@@ -94,7 +94,7 @@ abstract class SSHA extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return self::ssha(
             $password, Utils::randomString(
diff --git a/lib/Crypto/WCF2.php b/lib/Crypto/WCF2.php
index 498818a..6a8eeef 100644
--- a/lib/Crypto/WCF2.php
+++ b/lib/Crypto/WCF2.php
@@ -31,7 +31,7 @@ class WCF2 extends AbstractCrypt
     /**
      * @inheritdoc
      */
-    public function checkPassword($password, $dbHash)
+    public function checkPassword($password, $dbHash, $salt = null)
     {
         return hash_equals($dbHash, crypt(crypt($password, $dbHash), $dbHash));
     }
@@ -39,7 +39,7 @@ class WCF2 extends AbstractCrypt
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         $salt = $this->getSalt();
         return crypt(crypt($password, $salt), $salt);
diff --git a/lib/Crypto/Whirlpool.php b/lib/Crypto/Whirlpool.php
index 7ae6360..97e3b2b 100644
--- a/lib/Crypto/Whirlpool.php
+++ b/lib/Crypto/Whirlpool.php
@@ -43,7 +43,7 @@ class Whirlpool extends AbstractAlgorithm
     /**
      * @inheritdoc
      */
-    public function getPasswordHash($password)
+    public function getPasswordHash($password, $salt = null)
     {
         return hash('whirlpool', $password);
     }