diff --git a/ext/standard/password.c b/ext/standard/password.c index ca5c3000f48ad..117db2bf1648f 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -45,7 +45,6 @@ PHP_MINIT_FUNCTION(password) /* {{{ */ REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT", PHP_PASSWORD_BCRYPT, CONST_CS | CONST_PERSISTENT); #if HAVE_ARGON2LIB REGISTER_LONG_CONSTANT("PASSWORD_ARGON2I", PHP_PASSWORD_ARGON2I, CONST_CS | CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("PASSWORD_ARGON2", PHP_PASSWORD_ARGON2, CONST_CS | CONST_PERSISTENT); #endif REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT_DEFAULT_COST", PHP_PASSWORD_BCRYPT_COST, CONST_CS | CONST_PERSISTENT); @@ -195,13 +194,13 @@ PHP_FUNCTION(password_get_info) case PHP_PASSWORD_ARGON2I: { zend_long v = 0; - zend_long m_cost = PHP_PASSWORD_ARGON2_MEMORY_COST; - zend_long t_cost = PHP_PASSWORD_ARGON2_TIME_COST; + zend_long memory_cost = PHP_PASSWORD_ARGON2_MEMORY_COST; + zend_long time_cost = PHP_PASSWORD_ARGON2_TIME_COST; zend_long threads = PHP_PASSWORD_ARGON2_THREADS; - sscanf(hash, "$%*[argon2i]$v=" ZEND_LONG_FMT "$m=" ZEND_LONG_FMT ",t=" ZEND_LONG_FMT ",p=" ZEND_LONG_FMT, &v, &m_cost, &t_cost, &threads); - add_assoc_long(&options, "m_cost", m_cost); - add_assoc_long(&options, "t_cost", t_cost); + sscanf(hash, "$%*[argon2i]$v=" ZEND_LONG_FMT "$m=" ZEND_LONG_FMT ",t=" ZEND_LONG_FMT ",p=" ZEND_LONG_FMT, &v, &memory_cost, &time_cost, &threads); + add_assoc_long(&options, "memory_cost", memory_cost); + add_assoc_long(&options, "time_cost", time_cost); add_assoc_long(&options, "threads", threads); } break; @@ -259,25 +258,25 @@ PHP_FUNCTION(password_needs_rehash) case PHP_PASSWORD_ARGON2I: { zend_long v = 0; - zend_long new_m_cost = PHP_PASSWORD_ARGON2_MEMORY_COST, m_cost = 0; - zend_long new_t_cost = PHP_PASSWORD_ARGON2_TIME_COST, t_cost = 0; + zend_long new_memory_cost = PHP_PASSWORD_ARGON2_MEMORY_COST, memory_cost = 0; + zend_long new_time_cost = PHP_PASSWORD_ARGON2_TIME_COST, time_cost = 0; zend_long new_threads = PHP_PASSWORD_ARGON2_THREADS, threads = 0; - if (options && (option_buffer = zend_hash_str_find(options, "m_cost", sizeof("m_cost")-1)) != NULL) { - new_m_cost = zval_get_long(option_buffer); + if (options && (option_buffer = zend_hash_str_find(options, "memory_cost", sizeof("memory_cost")-1)) != NULL) { + new_memory_cost = zval_get_long(option_buffer); } - if (options && (option_buffer = zend_hash_str_find(options, "t_cost", sizeof("t_cost")-1)) != NULL) { - new_t_cost = zval_get_long(option_buffer); + if (options && (option_buffer = zend_hash_str_find(options, "time_cost", sizeof("time_cost")-1)) != NULL) { + new_time_cost = zval_get_long(option_buffer); } if (options && (option_buffer = zend_hash_str_find(options, "threads", sizeof("threads")-1)) != NULL) { new_threads = zval_get_long(option_buffer); } - sscanf(hash, "$%*[argon2i]$v=" ZEND_LONG_FMT "$m=" ZEND_LONG_FMT ",t=" ZEND_LONG_FMT ",p=" ZEND_LONG_FMT, &v, &m_cost, &t_cost, &threads); + sscanf(hash, "$%*[argon2i]$v=" ZEND_LONG_FMT "$m=" ZEND_LONG_FMT ",t=" ZEND_LONG_FMT ",p=" ZEND_LONG_FMT, &v, &memory_cost, &time_cost, &threads); - if (new_t_cost != t_cost || new_m_cost != m_cost || new_threads != threads) { + if (new_time_cost != time_cost || new_memory_cost != memory_cost || new_threads != threads) { RETURN_TRUE; } } @@ -367,8 +366,8 @@ PHP_FUNCTION(password_hash) zval *option_buffer; #if HAVE_ARGON2LIB - size_t t_cost = PHP_PASSWORD_ARGON2_TIME_COST; - size_t m_cost = PHP_PASSWORD_ARGON2_MEMORY_COST; + size_t time_cost = PHP_PASSWORD_ARGON2_TIME_COST; + size_t memory_cost = PHP_PASSWORD_ARGON2_MEMORY_COST; size_t threads = PHP_PASSWORD_ARGON2_THREADS; argon2_type type = Argon2_i; #endif @@ -399,21 +398,21 @@ PHP_FUNCTION(password_hash) #if HAVE_ARGON2LIB case PHP_PASSWORD_ARGON2I: { - if (options && (option_buffer = zend_hash_str_find(options, "m_cost", sizeof("m_cost")-1)) != NULL) { - m_cost = zval_get_long(option_buffer); + if (options && (option_buffer = zend_hash_str_find(options, "memory_cost", sizeof("memory_cost")-1)) != NULL) { + memory_cost = zval_get_long(option_buffer); } - if (m_cost > ARGON2_MAX_MEMORY || m_cost < ARGON2_MIN_MEMORY) { - php_error_docref(NULL, E_WARNING, "Memory cost is outside of allowed memory range", m_cost); + if (memory_cost > ARGON2_MAX_MEMORY || memory_cost < ARGON2_MIN_MEMORY) { + php_error_docref(NULL, E_WARNING, "Memory cost is outside of allowed memory range", memory_cost); RETURN_NULL(); } - if (options && (option_buffer = zend_hash_str_find(options, "t_cost", sizeof("t_cost")-1)) != NULL) { - t_cost = zval_get_long(option_buffer); + if (options && (option_buffer = zend_hash_str_find(options, "time_cost", sizeof("time_cost")-1)) != NULL) { + time_cost = zval_get_long(option_buffer); } - if (t_cost > ARGON2_MAX_TIME || t_cost < ARGON2_MIN_TIME) { - php_error_docref(NULL, E_WARNING, "Time cost is outside of allowed time range", t_cost); + if (time_cost > ARGON2_MAX_TIME || time_cost < ARGON2_MIN_TIME) { + php_error_docref(NULL, E_WARNING, "Time cost is outside of allowed time range", time_cost); RETURN_NULL(); } @@ -532,8 +531,8 @@ PHP_FUNCTION(password_hash) int status = 0; encoded_len = argon2_encodedlen( - t_cost, - m_cost, + time_cost, + memory_cost, threads, (uint32_t)salt_len, out_len @@ -543,8 +542,8 @@ PHP_FUNCTION(password_hash) zend_string *encoded = zend_string_alloc(encoded_len, 0); status = argon2_hash( - t_cost, - m_cost, + time_cost, + memory_cost, threads, password, password_len, diff --git a/ext/standard/php_password.h b/ext/standard/php_password.h index e2d6b4a73e30d..4bc2e5660f290 100644 --- a/ext/standard/php_password.h +++ b/ext/standard/php_password.h @@ -33,10 +33,9 @@ PHP_MINIT_FUNCTION(password); #define PHP_PASSWORD_BCRYPT_COST 10 #if HAVE_ARGON2LIB -#define PHP_PASSWORD_ARGON2 PHP_PASSWORD_ARGON2I -#define PHP_PASSWORD_ARGON2_MEMORY_COST 1<<16 -#define PHP_PASSWORD_ARGON2_TIME_COST 3 -#define PHP_PASSWORD_ARGON2_THREADS 1 +#define PHP_PASSWORD_ARGON2_MEMORY_COST 1<<10 +#define PHP_PASSWORD_ARGON2_TIME_COST 2 +#define PHP_PASSWORD_ARGON2_THREADS 2 #endif typedef enum { diff --git a/ext/standard/tests/password/password_get_info_argon2.phpt b/ext/standard/tests/password/password_get_info_argon2.phpt index 67ac8520a7d50..903f9faca5287 100644 --- a/ext/standard/tests/password/password_get_info_argon2.phpt +++ b/ext/standard/tests/password/password_get_info_argon2.phpt @@ -2,7 +2,7 @@ Test normal operation of password_get_info() with Argon2 --SKIPIF-- --FILE-- array(3) { - ["m_cost"]=> + ["memory_cost"]=> int(65536) - ["t_cost"]=> + ["time_cost"]=> int(3) ["threads"]=> int(1) diff --git a/ext/standard/tests/password/password_hash_argon2.phpt b/ext/standard/tests/password/password_hash_argon2.phpt index 02d239c0cd054..229d26fcae434 100644 --- a/ext/standard/tests/password/password_hash_argon2.phpt +++ b/ext/standard/tests/password/password_hash_argon2.phpt @@ -2,15 +2,12 @@ Test normal operation of password_hash() with argon2 --SKIPIF-- --EXPECT-- bool(true) -bool(true) OK! \ No newline at end of file diff --git a/ext/standard/tests/password/password_hash_error_argon2.phpt b/ext/standard/tests/password/password_hash_error_argon2.phpt index 60496447a26c0..cce3c61c12294 100644 --- a/ext/standard/tests/password/password_hash_error_argon2.phpt +++ b/ext/standard/tests/password/password_hash_error_argon2.phpt @@ -2,13 +2,13 @@ Test error operation of password_hash() with argon2 --SKIPIF-- --FILE-- 0])); -var_dump(password_hash('test', PASSWORD_ARGON2, ['t_cost' => 0])); -var_dump(password_hash('test', PASSWORD_ARGON2, ['threads' => 0])); +var_dump(password_hash('test', PASSWORD_ARGON2I, ['memory_cost' => 0])); +var_dump(password_hash('test', PASSWORD_ARGON2I, ['time_cost' => 0])); +var_dump(password_hash('test', PASSWORD_ARGON2I, ['threads' => 0])); ?> --EXPECTF-- Warning: password_hash(): Memory cost is outside of allowed memory range in %s on line %d diff --git a/ext/standard/tests/password/password_needs_rehash_argon2.phpt b/ext/standard/tests/password/password_needs_rehash_argon2.phpt index 315fe1f6a1dda..28592eb80b2be 100644 --- a/ext/standard/tests/password/password_needs_rehash_argon2.phpt +++ b/ext/standard/tests/password/password_needs_rehash_argon2.phpt @@ -2,16 +2,16 @@ Test normal operation of password_needs_rehash() with argon2 --SKIPIF-- --FILE-- 1<<17])); -var_dump(password_needs_rehash($hash, PASSWORD_ARGON2, ['t_cost' => 2])); -var_dump(password_needs_rehash($hash, PASSWORD_ARGON2, ['threads' => 2])); +var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I)); +var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['memory_cost' => 1<<17])); +var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['time_cost' => 2])); +var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['threads' => 2])); echo "OK!"; ?> --EXPECT-- diff --git a/ext/standard/tests/password/password_verify_argon2.phpt b/ext/standard/tests/password/password_verify_argon2.phpt index 557e7372f8a04..a3caefb09cf33 100644 --- a/ext/standard/tests/password/password_verify_argon2.phpt +++ b/ext/standard/tests/password/password_verify_argon2.phpt @@ -2,7 +2,7 @@ Test normal operation of password_verify() with argon2 --SKIPIF-- --FILE--