Argon2iPasswordHash.php

Go to the documentation of this file.

<?php
declare(strict_types = 1);
namespace ‪TYPO3\CMS\Core\Crypto\PasswordHashing;
 
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */
 
class ‪Argon2iPasswordHash implements ‪PasswordHashInterface
{
    protected const ‪PREFIX = '$argon2i$';
 
    protected ‪$options = [
        'memory_cost' => 65536,
        'time_cost' => 16
    ];
 
    public function ‪__construct(array ‪$options = [])
    {
        $newOptions = ‪$this->options;
        if (isset(‪$options['memory_cost'])) {
            if ((int)‪$options['memory_cost'] < PASSWORD_ARGON2_DEFAULT_MEMORY_COST) {
                throw new \InvalidArgumentException(
                    'memory_cost must not be lower than ' . PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
                    1533899612
                );
            }
            $newOptions['memory_cost'] = (int)‪$options['memory_cost'];
        }
        if (isset(‪$options['time_cost'])) {
            if ((int)‪$options['time_cost'] < PASSWORD_ARGON2_DEFAULT_TIME_COST) {
                throw new \InvalidArgumentException(
                    'time_cost must not be lower than ' . PASSWORD_ARGON2_DEFAULT_TIME_COST,
                    1533899613
                );
            }
            $newOptions['time_cost'] = (int)‪$options['time_cost'];
        }
        if (isset(‪$options['threads'])) {
            if ((int)‪$options['threads'] < PASSWORD_ARGON2_DEFAULT_THREADS) {
                throw new \InvalidArgumentException(
                    'threads must not be lower than ' . PASSWORD_ARGON2_DEFAULT_THREADS,
                    1533899614
                );
            }
            $newOptions['threads'] = (int)‪$options['threads'];
        }
        $this->options = $newOptions;
    }
 
    public function ‪checkPassword(string $plainPW, string $saltedHashPW): bool
    {
        return password_verify($plainPW, $saltedHashPW);
    }
 
    public function ‪isAvailable(): bool
    {
        return defined('PASSWORD_ARGON2I') && PASSWORD_ARGON2I;
    }
 
    public function ‪getHashedPassword(string $password, string $salt = null)
    {
        if ($salt !== null) {
            trigger_error(static::class . ': using a custom salt is deprecated in PHP password api and ignored.', E_USER_DEPRECATED);
        }
        $hashedPassword = null;
        if ($password !== '') {
            $hashedPassword = password_hash($password, PASSWORD_ARGON2I, $this->options);
            if (!is_string($hashedPassword) || empty($hashedPassword)) {
                throw new InvalidPasswordHashException('Cannot generate password, probably invalid options', 1526052118);
            }
        }
        return $hashedPassword;
    }
 
    public function ‪isHashUpdateNeeded(string $passString): bool
    {
        return password_needs_rehash($passString, PASSWORD_ARGON2I, $this->options);
    }
 
    public function ‪isValidSaltedPW(string $saltedPW): bool
    {
        $result = false;
        $passwordInfo = password_get_info($saltedPW);
        if (isset($passwordInfo['algo'])
            && $passwordInfo['algo'] === PASSWORD_ARGON2I
            && strncmp($saltedPW, static::PREFIX, strlen(static::PREFIX)) === 0
        ) {
            $result = true;
        }
        return $result;
    }
 
    public function ‪getOptions(): array
    {
        trigger_error('This method will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);
        return ‪$this->options;
    }
 
    public function ‪setOptions(array ‪$options): void
    {
        trigger_error('This method will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);
        $newOptions = [];
 
        // Check options for validity, else use hard coded defaults
        if (isset(‪$options['memory_cost'])) {
            if ((int)‪$options['memory_cost'] < PASSWORD_ARGON2_DEFAULT_MEMORY_COST) {
                throw new \InvalidArgumentException(
                    'memory_cost must not be lower than ' . PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
                    1526042080
                );
            }
            $newOptions['memory_cost'] = (int)‪$options['memory_cost'];
        } else {
            $newOptions['memory_cost'] = 16384;
        }
 
        if (isset(‪$options['time_cost'])) {
            if ((int)‪$options['time_cost'] < PASSWORD_ARGON2_DEFAULT_TIME_COST) {
                throw new \InvalidArgumentException(
                    'time_cost must not be lower than ' . PASSWORD_ARGON2_DEFAULT_TIME_COST,
                    1526042081
                );
            }
            $newOptions['time_cost'] = (int)‪$options['time_cost'];
        } else {
            $newOptions['time_cost'] = 16;
        }
 
        if (isset(‪$options['threads'])) {
            if ((int)‪$options['threads'] < PASSWORD_ARGON2_DEFAULT_THREADS) {
                throw new \InvalidArgumentException(
                    'threads must not be lower than ' . PASSWORD_ARGON2_DEFAULT_THREADS,
                    1526042082
                );
            }
            $newOptions['threads'] = (int)‪$options['threads'];
        } else {
            $newOptions['threads'] = 2;
        }
 
        $this->options = $newOptions;
    }
}