spacefreak/user_sql
1
0
Fork 0
Code Pull Requests Activity

New hashing algorithms.

Browse Source
This commit is contained in:
Marcin Łojewski
2018-03-02 09:09:09 +01:00
parent 3d901e3fc2
commit ed5ec82479
23 changed files with 806 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
lib/HashAlgorithm/Base/BaseCrypt.php Normal file
View File

@@ -0,0 +1,60 @@
<?php
/**
* Nextcloud - user_sql
* Copyright (C) 2018 Marcin Łojewski <dev@mlojewski.me>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace OCA\UserSQL\HashAlgorithm\Base;
/**
* Implements standard Unix DES-based algorithm or
* alternative algorithms that may be available on the system.
* @see crypt()
* @author Marcin Łojewski <dev@mlojewski.me>
*/
abstract class BaseCrypt implements HashAlgorithm
{
use Singleton;
const SALT_ALPHABET = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
/**
* @inheritdoc
*/
abstract public function getVisibleName();
/**
* @inheritdoc
*/
public function checkPassword($password, $dbHash)
{
return hash_equals($dbHash, crypt($password, $dbHash));
}
/**
* @inheritdoc
*/
public function getPasswordHash($password)
{
return crypt($password, self::getSalt());
}
/**
* Generate salt for hashing algorithm.
* @return string
*/
protected abstract function getSalt();
}

57
lib/HashAlgorithm/Base/HashAlgorithm.php Normal file
View File

@@ -0,0 +1,57 @@
<?php
/**
* Nextcloud - user_sql
* Copyright (C) 2018 Marcin Łojewski <dev@mlojewski.me>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace OCA\UserSQL\HashAlgorithm\Base;
/**
* Interface which defines all function required by a hash algorithm.
* Please note that this interface must be implemented by every hash function supported in this app.
* @author Marcin Łojewski <dev@mlojewski.me>
*/
interface HashAlgorithm
{
/**
* Used by reflection to get the class instance.
* @return HashAlgorithm
*/
public static function getInstance();
/**
* Get the hash algorithm name.
* This name is visible in the admin panel.
* @return string
*/
public function getVisibleName();
/**
* Hash given password.
* This value is stored in the database, when the password is changed.
* @param String $password The new password.
* @return boolean True if the password was hashed successfully, false otherwise.
*/
public function getPasswordHash($password);
/**
* Check password given by the user against hash stored in the database.
* @param String $password Password given by the user.
* @param String $dbHash Password hash stored in the database.
* @return boolean True if the password is correct, false otherwise.
*/
public function checkPassword($password, $dbHash);
}

75
lib/HashAlgorithm/Base/SSHA.php Normal file
View File

@@ -0,0 +1,75 @@
<?php
/**
* Nextcloud - user_sql
* Copyright (C) 2018 Marcin Łojewski <dev@mlojewski.me>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace OCA\UserSQL\HashAlgorithm\Base;
/**
* SSHA* hashing implementation.
* @author Marcin Łojewski <dev@mlojewski.me>
*/
abstract class SSHA implements HashAlgorithm
{
use Singleton;
use Utils;
/**
* @inheritdoc
*/
public function checkPassword($password, $dbHash)
{
$saltedPassword = base64_decode(preg_replace("/" . $this->getPrefix() . "/i", "", $dbHash));
$salt = substr($saltedPassword, -(strlen($saltedPassword) - 32));
$hash = self::ssha($password, $salt);
return hash_equals($dbHash, $hash);
}
/**
* Get hash prefix eg. {SSHA256}.
* @return string
*/
public abstract function getPrefix();
/**
* Encrypt using SSHA256 algorithm
* @param string $password The password.
* @param string $salt The salt to use.
* @return string The hashed password, prefixed by {SSHA256}.
*/
private function ssha($password, $salt)
{
return $this->getPrefix() . base64_encode(hash($this->getAlgorithm(), $password . $salt, true) . $salt);
}
/**
* Get algorithm used by the hash() function.
* @see hash()
* @return string
*/
public abstract function getAlgorithm();
/**
* @inheritdoc
*/
public function getPasswordHash($password)
{
return self::ssha($password,
self::randomString(32, "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"));
}
}

4
lib/HashAlgorithm/Base/Singleton.php
View File

@@ -1,7 +1,7 @@
<?php
/**
* Nextcloud - user_sql
* Copyright (C) 2012-2018 Andreas Böhler <dev (at) aboehler (dot) at>
* Copyright (C) 2018 Marcin Łojewski <dev@mlojewski.me>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@@ -17,7 +17,7 @@
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace OCA\user_sql\HashAlgorithm\Base;
namespace OCA\UserSQL\HashAlgorithm\Base;
/**
* Singleton pattern trait.

23
lib/HashAlgorithm/Base/Base64.php → lib/HashAlgorithm/Base/Utils.php
View File

@@ -1,7 +1,7 @@
<?php
/**
* Nextcloud - user_sql
* Copyright (C) 2012-2018 Andreas Böhler <dev (at) aboehler (dot) at>
* Copyright (C) 2018 Marcin Łojewski <dev@mlojewski.me>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@@ -17,13 +17,13 @@
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace OCA\user_sql\HashAlgorithm\Base;
namespace OCA\UserSQL\HashAlgorithm\Base;
/**
* Base64 utilities trait.
* Cryptographic utilities trait.
* @author Marcin Łojewski <dev@mlojewski.me>
*/
trait Base64
trait Utils
{
/**
* Convert hexadecimal message to its base64 form.
@@ -38,4 +38,19 @@ trait Base64
}
return base64_encode($hexChr);
}
/**
* Generate random string from given alphabet.
* @param $length int Output string length.
* @param $alphabet string Output string alphabet.
* @return string Random string from given alphabet.
*/
private static function randomString($length, $alphabet)
{
$string = "";
for ($i = 0; $i != $length; ++$i) {
$string .= $alphabet[mt_rand(0, strlen($alphabet) - 1)];
}
return $string;
}
}