issue#94 XenForo bcrypt

CHANGELOG.md

@@ -5,6 +5,9 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Added
+- Support for Nextcloud 19
+- Argon2id support
 
 ## [4.4.1] - 2020-02-02
 ### Fixed

README.md

@@ -191,7 +191,8 @@ Courier hexadecimal MD5 | No salt supported. | {MD5}X03MO1qnZdYdgyfeuILPmQ==
 Courier base64-encoded SHA1 | No salt supported. | {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
 Courier base64-encoded SHA256 | No salt supported. | {SHA256}XohImNooBHFR0OVvjcYpJ3NgPQ1qq73WKhHvch0VQtg=
 Unix (Crypt) | See [crypt](http://php.net/manual/en/function.crypt.php). | $2y$10$5rsN1fmoSkaRy9bqhozAXOr0mn0QiVIfd2L04Bbk1Go9MjdvotwBq
-Argon2 (Crypt) | Requires PHP >= 7.2. See [password_hash](http://php.net/manual/en/function.password-hash.php). | $argon2i$v=19$m=1024,t=2,p=2$NnpSNlRNLlZobnJHUDh0Sw$oW5E1cfdPzLWfkTvQFUyzTR00R0aLwEdYwldcqW6Pmo
+Argon2i (Crypt) | Requires PHP >= 7.2. See [password_hash](http://php.net/manual/en/function.password-hash.php). | $argon2i$v=19$m=1024,t=2,p=2$NnpSNlRNLlZobnJHUDh0Sw$oW5E1cfdPzLWfkTvQFUyzTR00R0aLwEdYwldcqW6Pmo
+Argon2id (Crypt) | Requires PHP >= 7.2. See [password_hash](http://php.net/manual/en/function.password-hash.php). | $argon2id$v=19$m=65536,t=4,p=1$eWhTd3huemlhNGFkWTVSSQ$BjSh9PINc9df9WU1zppBsYJKvkwUEYHYNUUMTj+QGPw
 Blowfish (Crypt) | See [password_hash](http://php.net/manual/en/function.password-hash.php). | $2y$10$5rsN1fmoSkaRy9bqhozAXOr0mn0QiVIfd2L04Bbk1Go9MjdvotwBq
 Extended DES (Crypt) | | cDRpdxPmHpzS.
 MD5 (Crypt) | | $1$RzaFbNcU$u9adfTY/Q6za6nu0Ogrl1/

appinfo/info.xml

@@ -21,7 +21,7 @@
     </types>
     <category>auth</category>
     <dependencies>
-        <php min-version="7.0"/>
+        <php min-version="7.1"/>
         <nextcloud min-version="14" max-version="19"/>
     </dependencies>
     <settings>

lib/Crypto/CryptArgon2.php

@@ -122,6 +122,6 @@ class CryptArgon2 extends AbstractAlgorithm
      */
     protected function getAlgorithmName()
     {
-        return "Argon2 (Crypt)";
+        return "Argon2i (Crypt)";
     }
 }

lib/Crypto/CryptArgon2id.php

@@ -0,0 +1,127 @@
+<?php
+/**
+ * Nextcloud - user_sql
+ *
+ * @copyright 2020 Marcin Łojewski <dev@mlojewski.me>
+ * @author    Marcin Łojewski <dev@mlojewski.me>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace OCA\UserSQL\Crypto;
+
+use OCP\IL10N;
+
+/**
+ * Argon2id Crypt hash implementation.
+ *
+ * @see    crypt()
+ * @author Marcin Łojewski <dev@mlojewski.me>
+ */
+class CryptArgon2id extends AbstractAlgorithm
+{
+    /**
+     * @var int Maximum memory (in bytes) that may be used to compute.
+     */
+    private $memoryCost;
+    /**
+     * @var int Maximum amount of time it may take to compute.
+     */
+    private $timeCost;
+    /**
+     * @var int Number of threads to use for computing.
+     */
+    private $threads;
+
+    /**
+     * The class constructor.
+     *
+     * @param IL10N $localization The localization service.
+     * @param int   $memoryCost   Maximum memory (in bytes) that may be used
+     *                            to compute.
+     * @param int   $timeCost     Maximum amount of time it may take to compute.
+     * @param int   $threads      Number of threads to use for computing.
+     */
+    public function __construct(
+        IL10N $localization, $memoryCost = -1, $timeCost = -1, $threads = -1
+    ) {
+        if (version_compare(PHP_VERSION, "7.2.0") === -1) {
+            throw new \RuntimeException(
+                " PASSWORD_ARGON2ID requires PHP 7.2.0 or above."
+            );
+        } else {
+            if ($memoryCost === -1) {
+                $memoryCost = PASSWORD_ARGON2_DEFAULT_MEMORY_COST;
+            }
+            if ($timeCost === -1) {
+                $timeCost = PASSWORD_ARGON2_DEFAULT_TIME_COST;
+            }
+            if ($threads === -1) {
+                $threads = PASSWORD_ARGON2_DEFAULT_THREADS;
+            }
+        }
+
+        parent::__construct($localization);
+        $this->memoryCost = $memoryCost;
+        $this->timeCost = $timeCost;
+        $this->threads = $threads;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function checkPassword($password, $dbHash, $salt = null)
+    {
+        return password_verify($password, $dbHash);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getPasswordHash($password, $salt = null)
+    {
+        return password_hash(
+            $password,  PASSWORD_ARGON2ID, [
+                "memory_cost" => $this->memoryCost,
+                "time_cost" => $this->timeCost,
+                "threads" => $this->threads
+            ]
+        );
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function configuration()
+    {
+        return [
+            new CryptoParam(
+                "Memory cost (KiB)", PASSWORD_ARGON2_DEFAULT_MEMORY_COST, 1,
+                1048576
+            ),
+            new CryptoParam(
+                "Time cost", PASSWORD_ARGON2_DEFAULT_TIME_COST, 1, 1024
+            ),
+            new CryptoParam("Threads", PASSWORD_ARGON2_DEFAULT_THREADS, 1, 1024)
+        ];
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function getAlgorithmName()
+    {
+        return "Argon2id (Crypt)";
+    }
+}

tests/Crypto/CleartextTest.php

@@ -49,7 +49,7 @@ class CleartextTest extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new Cleartext($this->createMock(IL10N::class));

tests/Crypto/CourierMD5RawTest.php

@@ -53,7 +53,7 @@ class CourierMD5RawTest extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new CourierMD5Raw($this->createMock(IL10N::class));

tests/Crypto/CourierMD5Test.php

@@ -53,7 +53,7 @@ class CourierMD5Test extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new CourierMD5($this->createMock(IL10N::class));

tests/Crypto/CourierSHA1Test.php

@@ -53,7 +53,7 @@ class CourierSHA1Test extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new CourierSHA1($this->createMock(IL10N::class));

tests/Crypto/CourierSHA256Test.php

@@ -54,7 +54,7 @@ class CourierSHA256Test extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new CourierSHA256($this->createMock(IL10N::class));

tests/Crypto/CryptArgon2Test.php

@@ -54,7 +54,7 @@ class CryptArgon2Test extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new CryptArgon2($this->createMock(IL10N::class));

tests/Crypto/CryptArgon2idTest.php

@@ -0,0 +1,62 @@
+<?php
+/**
+ * Nextcloud - user_sql
+ *
+ * @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
+ * @author    Marcin Łojewski <dev@mlojewski.me>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace Tests\UserSQL\Crypto;
+
+use OCA\UserSQL\Crypto\CryptArgon2id;
+use OCA\UserSQL\Crypto\IPasswordAlgorithm;
+use OCP\IL10N;
+use Test\TestCase;
+
+/**
+ * Unit tests for class <code>CryptArgon2id</code>.
+ *
+ * @author Marcin Łojewski <dev@mlojewski.me>
+ */
+class CryptArgon2idTest extends TestCase
+{
+    /**
+     * @var IPasswordAlgorithm
+     */
+    private $crypto;
+
+    public function testCheckPassword()
+    {
+        $this->assertTrue(
+            $this->crypto->checkPassword(
+                "password",
+                "\$argon2id\$v=19\$m=65536,t=4,p=1\$eWhTd3huemlhNGFkWTVSSQ\$BjSh9PINc9df9WU1zppBsYJKvkwUEYHYNUUMTj+QGPw"
+            )
+        );
+    }
+
+    public function testPasswordHash()
+    {
+        $hash = $this->crypto->getPasswordHash("password");
+        $this->assertTrue($this->crypto->checkPassword("password", $hash));
+    }
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+        $this->crypto = new CryptArgon2id($this->createMock(IL10N::class));
+    }
+}

tests/Crypto/CryptBlowfishTest.php

@@ -54,7 +54,7 @@ class CryptBlowfishTest extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new CryptBlowfish($this->createMock(IL10N::class));

tests/Crypto/CryptExtendedDESTest.php

@@ -51,7 +51,7 @@ class CryptExtendedDESTest extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new CryptExtendedDES($this->createMock(IL10N::class));

tests/Crypto/CryptMD5Test.php

@@ -53,7 +53,7 @@ class CryptMD5Test extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new CryptMD5($this->createMock(IL10N::class));

tests/Crypto/CryptSHA256Test.php

@@ -54,7 +54,7 @@ class CryptSHA256Test extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new CryptSHA256($this->createMock(IL10N::class));

tests/Crypto/CryptSHA512Test.php

@@ -54,7 +54,7 @@ class CryptSHA512Test extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new CryptSHA512($this->createMock(IL10N::class));

tests/Crypto/CryptStandardDESTest.php

@@ -51,7 +51,7 @@ class CryptStandardDESTest extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new CryptStandardDES($this->createMock(IL10N::class));

tests/Crypto/CryptTest.php

@@ -54,7 +54,7 @@ class CryptTest extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new Crypt($this->createMock(IL10N::class));

tests/Crypto/Drupal7Test.php

@@ -53,7 +53,7 @@ class Drupal7Test extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new Drupal7($this->createMock(IL10N::class));

tests/Crypto/JoomlaTest.php

@@ -54,7 +54,7 @@ class JoomlaTest extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new Joomla($this->createMock(IL10N::class));

tests/Crypto/MD5Test.php

@@ -53,7 +53,7 @@ class MD5Test extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new MD5($this->createMock(IL10N::class));

tests/Crypto/PhpassTest.php

@@ -53,7 +53,7 @@ class PhpassTest extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new Phpass($this->createMock(IL10N::class));

tests/Crypto/RedmineTest.php

@@ -53,7 +53,7 @@ class RedmineTest extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash, "salt"));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new Redmine($this->createMock(IL10N::class));

tests/Crypto/SHA1Test.php

@@ -53,7 +53,7 @@ class SHA1Test extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new SHA1($this->createMock(IL10N::class));

tests/Crypto/SHA256Test.php

@@ -53,7 +53,7 @@ class SHA512Test extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new SHA256($this->createMock(IL10N::class));

tests/Crypto/SHA512Test.php

@@ -54,7 +54,7 @@ class SHA512Test extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new SHA512($this->createMock(IL10N::class));

tests/Crypto/SHA512WhirlpoolTest.php

@@ -54,7 +54,7 @@ class SHA512WhirlpoolTest extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new SHA512Whirlpool($this->createMock(IL10N::class));

tests/Crypto/SSHA256Test.php

@@ -54,7 +54,7 @@ class SSHA256Test extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new SSHA256($this->createMock(IL10N::class));

tests/Crypto/SSHA512Test.php

@@ -54,7 +54,7 @@ class SSHA512Test extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new SSHA512($this->createMock(IL10N::class));

tests/Crypto/WCF2Test.php

@@ -54,7 +54,7 @@ class WCF2Test extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new WCF2($this->createMock(IL10N::class));

tests/Crypto/WhirlpoolTest.php

@@ -54,7 +54,7 @@ class WhirlpoolTest extends TestCase
         $this->assertTrue($this->crypto->checkPassword("password", $hash));
     }
 
-    protected function setUp()
+    protected function setUp(): void
     {
         parent::setUp();
         $this->crypto = new Whirlpool($this->createMock(IL10N::class));