25,16 → 25,29 |
|
class OIDplusAuthPluginArgon2 extends OIDplusAuthPlugin { |
|
public function init($html=true) { |
/** |
* @param bool $html |
* @return void |
*/ |
public function init(bool $html=true) { |
// TODO: Let the admin decide about the memory, iterations, and parallelism options |
} |
|
private function supportedCryptAlgo($authKey) { |
/** |
* @param string $authKey |
* @return bool |
*/ |
private function supportedCryptAlgo(string $authKey): bool { |
return str_starts_with($authKey, '$argon2i$') || |
str_starts_with($authKey, '$argon2id$'); |
} |
|
public function verify(OIDplusRAAuthInfo $authInfo, $check_password) { |
/** |
* @param OIDplusRAAuthInfo $authInfo |
* @param string $check_password |
* @return bool |
*/ |
public function verify(OIDplusRAAuthInfo $authInfo, string $check_password): bool { |
$authKey = $authInfo->getAuthKey(); |
|
if (!$this->supportedCryptAlgo($authKey)) { |
49,7 → 62,10 |
return password_verify($check_password, $authKey); |
} |
|
private function getBestHashAlgo() { |
/** |
* @return string|int|false |
*/ |
private function getBestHashAlgo() { /* @phpstan-ignore-line */ |
if ($this->supportsArgon2id()) { |
$hashalgo = PASSWORD_ARGON2ID; |
} else if ($this->supportsArgon2i()) { |
60,7 → 76,12 |
return $hashalgo; |
} |
|
public function generate($password): OIDplusRAAuthInfo { |
/** |
* @param string $password |
* @return OIDplusRAAuthInfo |
* @throws OIDplusException |
*/ |
public function generate(string $password): OIDplusRAAuthInfo { |
$hashalgo = $this->getBestHashAlgo(); |
assert($hashalgo !== false); // Should not happen if we called available() before! |
$calc_authkey = password_hash($password, $hashalgo); |
69,6 → 90,9 |
return new OIDplusRAAuthInfo($calc_authkey); |
} |
|
/** |
* @return bool |
*/ |
private function supportsArgon2i(): bool { |
if (version_compare(PHP_VERSION, '7.4.0') >= 0) { |
return in_array('argon2i', password_algos()); |
77,6 → 101,9 |
} |
} |
|
/** |
* @return bool |
*/ |
private function supportsArgon2id(): bool { |
if (version_compare(PHP_VERSION, '7.4.0') >= 0) { |
return in_array('argon2id', password_algos()); |
85,7 → 112,11 |
} |
} |
|
public function availableForHash(&$reason): bool { |
/** |
* @param string $reason |
* @return bool |
*/ |
public function availableForHash(string &$reason): bool { |
if (!$this->supportsArgon2i() && !$this->supportsArgon2id()) { |
$reason = _L('No fitting hash algorithm found'); |
return false; |
94,7 → 125,11 |
} |
} |
|
public function availableForVerify(&$reason): bool { |
/** |
* @param string $reason |
* @return bool |
*/ |
public function availableForVerify(string &$reason): bool { |
return $this->availableForHash($reason); |
} |
|