diff --git a/lib/password_compat/lib/password.php b/lib/password_compat/lib/password.php index 6732e9fe629..e8ec028858c 100644 --- a/lib/password_compat/lib/password.php +++ b/lib/password_compat/lib/password.php @@ -7,214 +7,273 @@ * @copyright 2012 The Authors */ -if (!defined('PASSWORD_BCRYPT')) { +namespace { - define('PASSWORD_BCRYPT', 1); - define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); +if (!defined('PASSWORD_DEFAULT')) { - /** - * Hash the password using the specified algorithm - * - * @param string $password The password to hash - * @param int $algo The algorithm to use (Defined by PASSWORD_* constants) - * @param array $options The options for the algorithm to use - * - * @return string|false The hashed password, or false on error. - */ - function password_hash($password, $algo, array $options = array()) { - if (!function_exists('crypt')) { - trigger_error("Crypt must be loaded for password_hash to function", E_USER_WARNING); - return null; - } - if (!is_string($password)) { - trigger_error("password_hash(): Password must be a string", E_USER_WARNING); - return null; - } - if (!is_int($algo)) { - trigger_error("password_hash() expects parameter 2 to be long, " . gettype($algo) . " given", E_USER_WARNING); - return null; - } - switch ($algo) { - case PASSWORD_BCRYPT: - // Note that this is a C constant, but not exposed to PHP, so we don't define it here. - $cost = 10; - if (isset($options['cost'])) { - $cost = $options['cost']; - if ($cost < 4 || $cost > 31) { - trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING); - return null; - } - } - $required_salt_len = 22; - $hash_format = sprintf("$2y$%02d$", $cost); - break; - default: - trigger_error(sprintf("password_hash(): Unknown password hashing algorithm: %s", $algo), E_USER_WARNING); - return null; - } - if (isset($options['salt'])) { - switch (gettype($options['salt'])) { - case 'NULL': - case 'boolean': - case 'integer': - case 'double': - case 'string': - $salt = (string) $options['salt']; - break; - case 'object': - if (method_exists($options['salt'], '__tostring')) { - $salt = (string) $options['salt']; - break; - } - case 'array': - case 'resource': - default: - trigger_error('password_hash(): Non-string salt parameter supplied', E_USER_WARNING); - return null; - } - if (strlen($salt) < $required_salt_len) { - trigger_error(sprintf("password_hash(): Provided salt is too short: %d expecting %d", strlen($salt), $required_salt_len), E_USER_WARNING); - return null; - } elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) { - $salt = str_replace('+', '.', base64_encode($salt)); - } - } else { - $buffer = ''; - $raw_length = (int) ($required_salt_len * 3 / 4 + 1); - $buffer_valid = false; - if (function_exists('mcrypt_create_iv')) { - $buffer = mcrypt_create_iv($raw_length, MCRYPT_DEV_URANDOM); - if ($buffer) { - $buffer_valid = true; - } - } - if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) { - $buffer = openssl_random_pseudo_bytes($raw_length); - if ($buffer) { - $buffer_valid = true; - } - } - if (!$buffer_valid && file_exists('/dev/urandom')) { - $f = @fopen('/dev/urandom', 'r'); - if ($f) { - $read = strlen($buffer); - while ($read < $raw_length) { - $buffer .= fread($f, $raw_length - $read); - $read = strlen($buffer); - } - fclose($f); - if ($read >= $raw_length) { - $buffer_valid = true; - } - } - } - if (!$buffer_valid || strlen($buffer) < $raw_length) { - $bl = strlen($buffer); - for ($i = 0; $i < $raw_length; $i++) { - if ($i < $bl) { - $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255)); - } else { - $buffer .= chr(mt_rand(0, 255)); - } - } - } - $salt = str_replace('+', '.', base64_encode($buffer)); + define('PASSWORD_BCRYPT', 1); + define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); - } - $salt = substr($salt, 0, $required_salt_len); + /** + * Hash the password using the specified algorithm + * + * @param string $password The password to hash + * @param int $algo The algorithm to use (Defined by PASSWORD_* constants) + * @param array $options The options for the algorithm to use + * + * @return string|false The hashed password, or false on error. + */ + function password_hash($password, $algo, array $options = array()) { + if (!function_exists('crypt')) { + trigger_error("Crypt must be loaded for password_hash to function", E_USER_WARNING); + return null; + } + if (!is_string($password)) { + trigger_error("password_hash(): Password must be a string", E_USER_WARNING); + return null; + } + if (!is_int($algo)) { + trigger_error("password_hash() expects parameter 2 to be long, " . gettype($algo) . " given", E_USER_WARNING); + return null; + } + $resultLength = 0; + switch ($algo) { + case PASSWORD_BCRYPT: + // Note that this is a C constant, but not exposed to PHP, so we don't define it here. + $cost = 10; + if (isset($options['cost'])) { + $cost = $options['cost']; + if ($cost < 4 || $cost > 31) { + trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING); + return null; + } + } + // The length of salt to generate + $raw_salt_len = 16; + // The length required in the final serialization + $required_salt_len = 22; + $hash_format = sprintf("$2y$%02d$", $cost); + // The expected length of the final crypt() output + $resultLength = 60; + break; + default: + trigger_error(sprintf("password_hash(): Unknown password hashing algorithm: %s", $algo), E_USER_WARNING); + return null; + } + $salt_requires_encoding = false; + if (isset($options['salt'])) { + switch (gettype($options['salt'])) { + case 'NULL': + case 'boolean': + case 'integer': + case 'double': + case 'string': + $salt = (string) $options['salt']; + break; + case 'object': + if (method_exists($options['salt'], '__tostring')) { + $salt = (string) $options['salt']; + break; + } + case 'array': + case 'resource': + default: + trigger_error('password_hash(): Non-string salt parameter supplied', E_USER_WARNING); + return null; + } + if (PasswordCompat\binary\_strlen($salt) < $required_salt_len) { + trigger_error(sprintf("password_hash(): Provided salt is too short: %d expecting %d", PasswordCompat\binary\_strlen($salt), $required_salt_len), E_USER_WARNING); + return null; + } elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) { + $salt_requires_encoding = true; + } + } else { + $buffer = ''; + $buffer_valid = false; + if (function_exists('mcrypt_create_iv') && !defined('PHALANGER')) { + $buffer = mcrypt_create_iv($raw_salt_len, MCRYPT_DEV_URANDOM); + if ($buffer) { + $buffer_valid = true; + } + } + if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) { + $buffer = openssl_random_pseudo_bytes($raw_salt_len); + if ($buffer) { + $buffer_valid = true; + } + } + if (!$buffer_valid && @is_readable('/dev/urandom')) { + $f = fopen('/dev/urandom', 'r'); + $read = PasswordCompat\binary\_strlen($buffer); + while ($read < $raw_salt_len) { + $buffer .= fread($f, $raw_salt_len - $read); + $read = PasswordCompat\binary\_strlen($buffer); + } + fclose($f); + if ($read >= $raw_salt_len) { + $buffer_valid = true; + } + } + if (!$buffer_valid || PasswordCompat\binary\_strlen($buffer) < $raw_salt_len) { + $bl = PasswordCompat\binary\_strlen($buffer); + for ($i = 0; $i < $raw_salt_len; $i++) { + if ($i < $bl) { + $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255)); + } else { + $buffer .= chr(mt_rand(0, 255)); + } + } + } + $salt = $buffer; + $salt_requires_encoding = true; + } + if ($salt_requires_encoding) { + // encode string with the Base64 variant used by crypt + $base64_digits = + 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; + $bcrypt64_digits = + './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; - $hash = $hash_format . $salt; + $base64_string = base64_encode($salt); + $salt = strtr(rtrim($base64_string, '='), $base64_digits, $bcrypt64_digits); + } + $salt = PasswordCompat\binary\_substr($salt, 0, $required_salt_len); - $ret = crypt($password, $hash); + $hash = $hash_format . $salt; - if (!is_string($ret) || strlen($ret) <= 13) { - return false; - } + $ret = crypt($password, $hash); - return $ret; - } + if (!is_string($ret) || PasswordCompat\binary\_strlen($ret) != $resultLength) { + return false; + } - /** - * Get information about the password hash. Returns an array of the information - * that was used to generate the password hash. - * - * array( - * 'algo' => 1, - * 'algoName' => 'bcrypt', - * 'options' => array( - * 'cost' => 10, - * ), - * ) - * - * @param string $hash The password hash to extract info from - * - * @return array The array of information about the hash. - */ - function password_get_info($hash) { - $return = array( - 'algo' => 0, - 'algoName' => 'unknown', - 'options' => array(), - ); - if (substr($hash, 0, 4) == '$2y$' && strlen($hash) == 60) { - $return['algo'] = PASSWORD_BCRYPT; - $return['algoName'] = 'bcrypt'; - list($cost) = sscanf($hash, "$2y$%d$"); - $return['options']['cost'] = $cost; - } - return $return; - } + return $ret; + } - /** - * Determine if the password hash needs to be rehashed according to the options provided - * - * If the answer is true, after validating the password using password_verify, rehash it. - * - * @param string $hash The hash to test - * @param int $algo The algorithm used for new password hashes - * @param array $options The options array passed to password_hash - * - * @return boolean True if the password needs to be rehashed. - */ - function password_needs_rehash($hash, $algo, array $options = array()) { - $info = password_get_info($hash); - if ($info['algo'] != $algo) { - return true; - } - switch ($algo) { - case PASSWORD_BCRYPT: - $cost = isset($options['cost']) ? $options['cost'] : 10; - if ($cost != $info['options']['cost']) { - return true; - } - break; - } - return false; - } + /** + * Get information about the password hash. Returns an array of the information + * that was used to generate the password hash. + * + * array( + * 'algo' => 1, + * 'algoName' => 'bcrypt', + * 'options' => array( + * 'cost' => 10, + * ), + * ) + * + * @param string $hash The password hash to extract info from + * + * @return array The array of information about the hash. + */ + function password_get_info($hash) { + $return = array( + 'algo' => 0, + 'algoName' => 'unknown', + 'options' => array(), + ); + if (PasswordCompat\binary\_substr($hash, 0, 4) == '$2y$' && PasswordCompat\binary\_strlen($hash) == 60) { + $return['algo'] = PASSWORD_BCRYPT; + $return['algoName'] = 'bcrypt'; + list($cost) = sscanf($hash, "$2y$%d$"); + $return['options']['cost'] = $cost; + } + return $return; + } - /** - * Verify a password against a hash using a timing attack resistant approach - * - * @param string $password The password to verify - * @param string $hash The hash to verify against - * - * @return boolean If the password matches the hash - */ + /** + * Determine if the password hash needs to be rehashed according to the options provided + * + * If the answer is true, after validating the password using password_verify, rehash it. + * + * @param string $hash The hash to test + * @param int $algo The algorithm used for new password hashes + * @param array $options The options array passed to password_hash + * + * @return boolean True if the password needs to be rehashed. + */ + function password_needs_rehash($hash, $algo, array $options = array()) { + $info = password_get_info($hash); + if ($info['algo'] != $algo) { + return true; + } + switch ($algo) { + case PASSWORD_BCRYPT: + $cost = isset($options['cost']) ? $options['cost'] : 10; + if ($cost != $info['options']['cost']) { + return true; + } + break; + } + return false; + } + + /** + * Verify a password against a hash using a timing attack resistant approach + * + * @param string $password The password to verify + * @param string $hash The hash to verify against + * + * @return boolean If the password matches the hash + */ function password_verify($password, $hash) { - if (!function_exists('crypt')) { - trigger_error("Crypt must be loaded for password_verify to function", E_USER_WARNING); - return false; - } - $ret = crypt($password, $hash); - if (!is_string($ret) || strlen($ret) != strlen($hash) || strlen($ret) <= 13) { - return false; - } + if (!function_exists('crypt')) { + trigger_error("Crypt must be loaded for password_verify to function", E_USER_WARNING); + return false; + } + $ret = crypt($password, $hash); + if (!is_string($ret) || PasswordCompat\binary\_strlen($ret) != PasswordCompat\binary\_strlen($hash) || PasswordCompat\binary\_strlen($ret) <= 13) { + return false; + } - $status = 0; - for ($i = 0; $i < strlen($ret); $i++) { - $status |= (ord($ret[$i]) ^ ord($hash[$i])); - } + $status = 0; + for ($i = 0; $i < PasswordCompat\binary\_strlen($ret); $i++) { + $status |= (ord($ret[$i]) ^ ord($hash[$i])); + } + + return $status === 0; + } +} + +} + +namespace PasswordCompat\binary { + /** + * Count the number of bytes in a string + * + * We cannot simply use strlen() for this, because it might be overwritten by the mbstring extension. + * In this case, strlen() will count the number of *characters* based on the internal encoding. A + * sequence of bytes might be regarded as a single multibyte character. + * + * @param string $binary_string The input string + * + * @internal + * @return int The number of bytes + */ + function _strlen($binary_string) { + if (function_exists('mb_strlen')) { + return mb_strlen($binary_string, '8bit'); + } + return strlen($binary_string); + } + + /** + * Get a substring based on byte limits + * + * @see _strlen() + * + * @param string $binary_string The input string + * @param int $start + * @param int $length + * + * @internal + * @return string The substring + */ + function _substr($binary_string, $start, $length) { + if (function_exists('mb_substr')) { + return mb_substr($binary_string, $start, $length, '8bit'); + } + return substr($binary_string, $start, $length); + } - return $status === 0; - } } diff --git a/lib/password_compat/readme_moodle.txt b/lib/password_compat/readme_moodle.txt index 9740c2eb890..e6e4bed05a6 100644 --- a/lib/password_compat/readme_moodle.txt +++ b/lib/password_compat/readme_moodle.txt @@ -1,27 +1,21 @@ Description of password_compat import into Moodle: ================================================== -Imported from: https://github.com/ircmaxell/password_compat/commit/2a7b6355d27c65f7e0de1fbbc0016b5b6cd8226b +Imported from: https://github.com/ircmaxell/password_compat/commit/c91b1168bc53c26f56fc65f16958b5be45ca5dc9 Copyright: (c) 2012 Anthony Ferrara License: MIT License -Removed: -* README.md, LICENSE.md and composer.json files. -* bootstrap.php and phpunit.xml.dist files from test directory. +Files used from the library: +* lib/password.php > lib/password.php +* test/Unit/* > tests/ Added: * None. Our changes: -* Moved tests from test/Unit/ to tests/ directory. -* Removed tabs and trailing whitespace from test files. -* Added markTestSkipped() check to tests so they only run if password_compat is supported - -Moodle commit history: -====================== - -MDL-35332 Initial commit - +* Added the following require_once() to the test files: + global $CFG; + require_once($CFG->dirroot . '/lib/password_compat/lib/password.php'); Library description: ==================== diff --git a/lib/password_compat/tests/PasswordGetInfoTest.php b/lib/password_compat/tests/PasswordGetInfoTest.php index 633549d4799..7da3b614e1f 100644 --- a/lib/password_compat/tests/PasswordGetInfoTest.php +++ b/lib/password_compat/tests/PasswordGetInfoTest.php @@ -4,7 +4,7 @@ global $CFG; require_once($CFG->dirroot . '/lib/password_compat/lib/password.php'); class PasswordGetInfoTest extends PHPUnit_Framework_TestCase { - + public static function provideInfo() { return array( array('foo', array('algo' => 0, 'algoName' => 'unknown', 'options' => array())), @@ -26,4 +26,4 @@ class PasswordGetInfoTest extends PHPUnit_Framework_TestCase { $this->assertEquals($info, password_get_info($hash)); } -} +} \ No newline at end of file diff --git a/lib/password_compat/tests/PasswordHashTest.php b/lib/password_compat/tests/PasswordHashTest.php index a19191c8df1..72068bb8fe8 100644 --- a/lib/password_compat/tests/PasswordHashTest.php +++ b/lib/password_compat/tests/PasswordHashTest.php @@ -4,7 +4,7 @@ global $CFG; require_once($CFG->dirroot . '/lib/password_compat/lib/password.php'); class PasswordHashTest extends PHPUnit_Framework_TestCase { - + public function testFuncExists() { $this->assertTrue(function_exists('password_hash')); } @@ -25,7 +25,11 @@ class PasswordHashTest extends PHPUnit_Framework_TestCase { public function testRawSalt() { $hash = password_hash("test", PASSWORD_BCRYPT, array("salt" => "123456789012345678901" . chr(0))); - $this->assertEquals('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', $hash); + if (version_compare(PHP_VERSION, '5.5.0', '<')) { + $this->assertEquals('$2y$10$KRGxLBS0Lxe3KBCwKxOzLexLDeu0ZfqJAKTubOfy7O/yL2hjimw3u', $hash); + } else { + $this->assertEquals('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', $hash); + } } /** @@ -62,7 +66,7 @@ class PasswordHashTest extends PHPUnit_Framework_TestCase { public function testInvalidBcryptCostLow() { password_hash('foo', PASSWORD_BCRYPT, array('cost' => 3)); } - + /** * @expectedException PHPUnit_Framework_Error */ @@ -84,4 +88,4 @@ class PasswordHashTest extends PHPUnit_Framework_TestCase { password_hash('foo', PASSWORD_BCRYPT, array('salt' => 'abc')); } -} +} \ No newline at end of file diff --git a/lib/password_compat/tests/PasswordNeedsRehashTest.php b/lib/password_compat/tests/PasswordNeedsRehashTest.php index e947d4d8c21..ea2ff0b0716 100644 --- a/lib/password_compat/tests/PasswordNeedsRehashTest.php +++ b/lib/password_compat/tests/PasswordNeedsRehashTest.php @@ -4,7 +4,7 @@ global $CFG; require_once($CFG->dirroot . '/lib/password_compat/lib/password.php'); class PasswordNeedsRehashTest extends PHPUnit_Framework_TestCase { - + public static function provideCases() { return array( array('foo', 0, array(), false), @@ -26,4 +26,4 @@ class PasswordNeedsRehashTest extends PHPUnit_Framework_TestCase { $this->assertEquals($valid, password_needs_rehash($hash, $algo, $options)); } -} +} \ No newline at end of file diff --git a/lib/password_compat/tests/PasswordVerifyTest.php b/lib/password_compat/tests/PasswordVerifyTest.php index 0e865a5c4fd..3465848ca19 100644 --- a/lib/password_compat/tests/PasswordVerifyTest.php +++ b/lib/password_compat/tests/PasswordVerifyTest.php @@ -4,7 +4,7 @@ global $CFG; require_once($CFG->dirroot . '/lib/password_compat/lib/password.php'); class PasswordVerifyTest extends PHPUnit_Framework_TestCase { - + public function testFuncExists() { $this->assertTrue(function_exists('password_verify')); } @@ -29,4 +29,4 @@ class PasswordVerifyTest extends PHPUnit_Framework_TestCase { $this->assertFalse(password_verify('rasmuslerdorf', '$2a$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hj')); } -} +} \ No newline at end of file