feature #30968 [Security] Add Argon2idPasswordEncoder (chalasr)

fabpot · fabpot · commit 11304b0f92db · 2019-04-08T08:14:55.000+02:00
This PR was merged into the 4.3-dev branch.

Discussion
----------

[Security] Add Argon2idPasswordEncoder

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | yes
| Tests pass?   | yes
| Fixed tickets | #28093
| License       | MIT
| Doc PR        | TODO

Currently we have a `Argon2iPasswordEncoder` that may hash passwords using `argon2id` instead of `argon2i` (platform-dependent) which is not good.
This deprecates producing/validating `argon2id` hashed passwords using the `Argon2iPasswordEncoder`, and adds a `Argon2idPasswordEncoder` able to produce/validate `argon2id` hashed passwords only.

#EUFOSSA

Commits
-------

0c82173b24 [Security] Add Argon2idPasswordEncoder
diff --git a/Encoder/Argon2Trait.php b/Encoder/Argon2Trait.php
@@ -0,0 +1,52 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Encoder;
+
+/**
+ * @internal
+ *
+ * @author Robin Chalas <robin.chalas@gmail.com>
+ */
+trait Argon2Trait
+{
+    private $memoryCost;
+    private $timeCost;
+    private $threads;
+
+    public function __construct(int $memoryCost = null, int $timeCost = null, int $threads = null)
+    {
+        $this->memoryCost = $memoryCost;
+        $this->timeCost = $timeCost;
+        $this->threads = $threads;
+    }
+
+    private function encodePasswordNative(string $raw, int $algorithm)
+    {
+        return password_hash($raw, $algorithm, [
+            'memory_cost' => $this->memoryCost ?? \PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
+            'time_cost' => $this->timeCost ?? \PASSWORD_ARGON2_DEFAULT_TIME_COST,
+            'threads' => $this->threads ?? \PASSWORD_ARGON2_DEFAULT_THREADS,
+        ]);
+    }
+
+    private function encodePasswordSodiumFunction(string $raw)
+    {
+        $hash = \sodium_crypto_pwhash_str(
+            $raw,
+            \SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
+            \SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
+        );
+        \sodium_memzero($raw);
+
+        return $hash;
+    }
+}
diff --git a/Encoder/Argon2iPasswordEncoder.php b/Encoder/Argon2iPasswordEncoder.php
@@ -21,25 +21,7 @@
  */
 class Argon2iPasswordEncoder extends BasePasswordEncoder implements SelfSaltingEncoderInterface
 {
-    private $config = [];
-
-    /**
-     * Argon2iPasswordEncoder constructor.
-     *
-     * @param int|null $memoryCost memory usage of the algorithm
-     * @param int|null $timeCost   number of iterations
-     * @param int|null $threads    number of parallel threads
-     */
-    public function __construct(int $memoryCost = null, int $timeCost = null, int $threads = null)
-    {
-        if (\defined('PASSWORD_ARGON2I')) {
-            $this->config = [
-                'memory_cost' => $memoryCost ?? \PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
-                'time_cost' => $timeCost ?? \PASSWORD_ARGON2_DEFAULT_TIME_COST,
-                'threads' => $threads ?? \PASSWORD_ARGON2_DEFAULT_THREADS,
-            ];
-        }
-    }
+    use Argon2Trait;
 
     public static function isSupported()
     {
@@ -64,10 +46,13 @@ public function encodePassword($raw, $salt)
         }
 
         if (\PHP_VERSION_ID >= 70200 && \defined('PASSWORD_ARGON2I')) {
-            return $this->encodePasswordNative($raw);
-        }
-        if (\function_exists('sodium_crypto_pwhash_str')) {
-            return $this->encodePasswordSodiumFunction($raw);
+            return $this->encodePasswordNative($raw, \PASSWORD_ARGON2I);
+        } elseif (\function_exists('sodium_crypto_pwhash_str')) {
+            if (0 === strpos($hash = $this->encodePasswordSodiumFunction($raw), Argon2idPasswordEncoder::HASH_PREFIX)) {
+                @trigger_error(sprintf('Using "%s" while only the "argon2id" algorithm is supported is deprecated since Symfony 4.3, use "%s" instead.', __CLASS__, Argon2idPasswordEncoder::class), E_USER_DEPRECATED);
+            }
+
+            return $hash;
         }
         if (\extension_loaded('libsodium')) {
             return $this->encodePasswordSodiumExtension($raw);
@@ -81,10 +66,20 @@ public function encodePassword($raw, $salt)
      */
     public function isPasswordValid($encoded, $raw, $salt)
     {
-        // If $encoded was created via "sodium_crypto_pwhash_str()", the hashing algorithm may be "argon2id" instead of "argon2i".
-        // In this case, "password_verify()" cannot be used.
-        if (\PHP_VERSION_ID >= 70200 && \defined('PASSWORD_ARGON2I') && (false === strpos($encoded, '$argon2id$'))) {
-            return !$this->isPasswordTooLong($raw) && password_verify($raw, $encoded);
+        if ($this->isPasswordTooLong($raw)) {
+            return false;
+        }
+
+        if (\PHP_VERSION_ID >= 70200 && \defined('PASSWORD_ARGON2I')) {
+            // If $encoded was created via "sodium_crypto_pwhash_str()", the hashing algorithm may be "argon2id" instead of "argon2i"
+            if ($isArgon2id = (0 === strpos($encoded, Argon2idPasswordEncoder::HASH_PREFIX))) {
+                @trigger_error(sprintf('Calling "%s()" with a password hashed using argon2id is deprecated since Symfony 4.3, use "%s" instead.', __METHOD__, Argon2idPasswordEncoder::class), E_USER_DEPRECATED);
+            }
+
+            // Remove the right part of the OR in 5.0
+            if (\defined('PASSWORD_ARGON2I') || $isArgon2id && \defined('PASSWORD_ARGON2ID')) {
+                return password_verify($raw, $encoded);
+            }
         }
         if (\function_exists('sodium_crypto_pwhash_str_verify')) {
             $valid = !$this->isPasswordTooLong($raw) && \sodium_crypto_pwhash_str_verify($encoded, $raw);
@@ -102,23 +97,6 @@ public function isPasswordValid($encoded, $raw, $salt)
         throw new \LogicException('Argon2i algorithm is not supported. Please install the libsodium extension or upgrade to PHP 7.2+.');
     }
 
-    private function encodePasswordNative($raw)
-    {
-        return password_hash($raw, \PASSWORD_ARGON2I, $this->config);
-    }
-
-    private function encodePasswordSodiumFunction($raw)
-    {
-        $hash = \sodium_crypto_pwhash_str(
-            $raw,
-            \SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
-            \SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
-        );
-        \sodium_memzero($raw);
-
-        return $hash;
-    }
-
     private function encodePasswordSodiumExtension($raw)
     {
         $hash = \Sodium\crypto_pwhash_str(
diff --git a/Encoder/Argon2idPasswordEncoder.php b/Encoder/Argon2idPasswordEncoder.php
@@ -0,0 +1,85 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Encoder;
+
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
+use Symfony\Component\Security\Core\Exception\LogicException;
+
+/**
+ * Hashes passwords using the Argon2id algorithm.
+ *
+ * @author Robin Chalas <robin.chalas@gmail.com>
+ *
+ * @final
+ */
+class Argon2idPasswordEncoder extends BasePasswordEncoder implements SelfSaltingEncoderInterface
+{
+    use Argon2Trait;
+
+    /**
+     * @internal
+     */
+    public const HASH_PREFIX = '$argon2id';
+
+    public static function isSupported()
+    {
+        return \defined('PASSWORD_ARGON2ID') || \defined('SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13');
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function encodePassword($raw, $salt)
+    {
+        if ($this->isPasswordTooLong($raw)) {
+            throw new BadCredentialsException('Invalid password.');
+        }
+        if (\defined('PASSWORD_ARGON2ID')) {
+            return $this->encodePasswordNative($raw, \PASSWORD_ARGON2ID);
+        }
+        if (\defined('SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13')) {
+            $hash = \sodium_crypto_pwhash_str(
+                $raw,
+                \SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
+                \SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
+            );
+            \sodium_memzero($raw);
+
+            return $hash;
+        }
+
+        throw new LogicException('Algorithm "argon2id" is not supported. Please install the libsodium extension or upgrade to PHP 7.3+.');
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function isPasswordValid($encoded, $raw, $salt)
+    {
+        if (0 !== strpos($encoded, self::HASH_PREFIX)) {
+            return false;
+        }
+
+        if (\defined('PASSWORD_ARGON2ID')) {
+            return !$this->isPasswordTooLong($raw) && password_verify($raw, $encoded);
+        }
+
+        if (\function_exists('sodium_crypto_pwhash_str_verify')) {
+            $valid = !$this->isPasswordTooLong($raw) && \sodium_crypto_pwhash_str_verify($encoded, $raw);
+            \sodium_memzero($raw);
+
+            return $valid;
+        }
+
+        throw new LogicException('Algorithm "argon2id" is not supported. Please install the libsodium extension or upgrade to PHP 7.3+.');
+    }
+}
diff --git a/Encoder/EncoderFactory.php b/Encoder/EncoderFactory.php
@@ -117,6 +117,15 @@ private function getEncoderConfigFromAlgorithm($config)
                         $config['threads'],
                     ],
                 ];
+            case 'argon2id':
+                return [
+                    'class' => Argon2idPasswordEncoder::class,
+                    'arguments' => [
+                        $config['memory_cost'],
+                        $config['time_cost'],
+                        $config['threads'],
+                    ],
+                ];
         }
 
         return [
diff --git a/Tests/Encoder/Argon2iPasswordEncoderTest.php b/Tests/Encoder/Argon2iPasswordEncoderTest.php
@@ -23,7 +23,7 @@ class Argon2iPasswordEncoderTest extends TestCase
 
     protected function setUp()
     {
-        if (!Argon2iPasswordEncoder::isSupported()) {
+        if (!Argon2iPasswordEncoder::isSupported() || \defined('SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13')) {
             $this->markTestSkipped('Argon2i algorithm is not supported.');
         }
     }
diff --git a/Tests/Encoder/Argon2idPasswordEncoderTest.php b/Tests/Encoder/Argon2idPasswordEncoderTest.php
@@ -0,0 +1,65 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Tests\Encoder;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\Security\Core\Encoder\Argon2idPasswordEncoder;
+
+class Argon2idPasswordEncoderTest extends TestCase
+{
+    protected function setUp()
+    {
+        if (!Argon2idPasswordEncoder::isSupported()) {
+            $this->markTestSkipped('Argon2i algorithm is not supported.');
+        }
+    }
+
+    public function testValidationWithConfig()
+    {
+        $encoder = new Argon2idPasswordEncoder(8, 4, 1);
+        $result = $encoder->encodePassword('password', null);
+        $this->assertTrue($encoder->isPasswordValid($result, 'password', null));
+        $this->assertFalse($encoder->isPasswordValid($result, 'anotherPassword', null));
+    }
+
+    public function testValidation()
+    {
+        $encoder = new Argon2idPasswordEncoder();
+        $result = $encoder->encodePassword('password', null);
+        $this->assertTrue($encoder->isPasswordValid($result, 'password', null));
+        $this->assertFalse($encoder->isPasswordValid($result, 'anotherPassword', null));
+    }
+
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
+     */
+    public function testEncodePasswordLength()
+    {
+        $encoder = new Argon2idPasswordEncoder();
+        $encoder->encodePassword(str_repeat('a', 4097), 'salt');
+    }
+
+    public function testCheckPasswordLength()
+    {
+        $encoder = new Argon2idPasswordEncoder();
+        $result = $encoder->encodePassword(str_repeat('a', 4096), null);
+        $this->assertFalse($encoder->isPasswordValid($result, str_repeat('a', 4097), null));
+        $this->assertTrue($encoder->isPasswordValid($result, str_repeat('a', 4096), null));
+    }
+
+    public function testUserProvidedSaltIsNotUsed()
+    {
+        $encoder = new Argon2idPasswordEncoder();
+        $result = $encoder->encodePassword('password', 'salt');
+        $this->assertTrue($encoder->isPasswordValid($result, 'password', 'anotherSalt'));
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ class Argon2iPasswordEncoderTest extends TestCase`
`23`	`23`
`24`	`24`	`protected function setUp()`
`25`	`25`	`{`
`26`		`- if (!Argon2iPasswordEncoder::isSupported()) {`
	`26`	`+ if (!Argon2iPasswordEncoder::isSupported() \|\| \defined('SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13')) {`
`27`	`27`	`$this->markTestSkipped('Argon2i algorithm is not supported.');`
`28`	`28`	`}`
`29`	`29`	`}`