mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #19023 from nextcloud/enh+fix/17131/hasher-config 

expose Argon2 options (as we did for bcrypt)
This commit is contained in:
blizzz 2020-01-23 11:47:43 +01:00 committed by GitHub
parent 8eefb58646 51d168019f
commit 2f27f122e1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
config/config.sample.php
View File

@ -1433,6 +1433,37 @@ $CONFIG = array(
*/ */
'tempdirectory' => '/tmp/nextcloudtemp', 'tempdirectory' => '/tmp/nextcloudtemp',
/**
* Hashing
*
* Nextcloud uses the Argon2 algorithm (with PHP >= 7.2) to create hashes by its
* own and exposes its configuration options as following. More information can
* be found at: https://www.php.net/manual/en/function.password-hash.php
*/
/**
* The allowed maximum memory in KiB to be used by the algorithm for computing a
* hash. The smallest possible value is 8. Values that undershoot the minimum
* will be ignored in favor of the default.
*/
'hashingMemoryCost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
/**
* The allowed maximum time in seconds that can be used by the algorithm for
* computing a hash. The value must be an integer, and the minimum value is 1.
* Values that undershoot the minimum will be ignored in favor of the default.
*/
'hashingTimeCost' => PASSWORD_ARGON2_DEFAULT_TIME_COST,
/**
* The allowed number of CPU threads that can be used by the algorithm for
* computing a hash. The value must be an integer, and the minimum value is 1.
* Rationally it does not help to provide a number higher than the available
* threads on the machine. Values that undershoot the minimum will be ignored
* in favor of the default.
*/
'hashingThreads' => PASSWORD_ARGON2_DEFAULT_THREADS,
/** /**
* The hashing cost used by hashes generated by Nextcloud * The hashing cost used by hashes generated by Nextcloud
* Using a higher value requires more time and CPU power to calculate the hashes * Using a higher value requires more time and CPU power to calculate the hashes

14
lib/private/Security/Hasher.php
View File

@ -63,6 +63,20 @@ class Hasher implements IHasher {
public function __construct(IConfig $config) { public function __construct(IConfig $config) {
$this->config = $config; $this->config = $config;
if (\defined('PASSWORD_ARGON2I')) {
// password_hash fails, when the minimum values are undershot.
// In this case, ignore and revert to default
if ($this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 8) {
$this->options['memory_cost'] = $this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST);
}
if ($this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 1) {
$this->options['time_cost'] = $this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST);
}
if ($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 1) {
$this->options['threads'] = $this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS);
}
}
$hashingCost = $this->config->getSystemValue('hashingCost', null); $hashingCost = $this->config->getSystemValue('hashingCost', null);
if(!\is_null($hashingCost)) { if(!\is_null($hashingCost)) {
$this->options['cost'] = $hashingCost; $this->options['cost'] = $hashingCost;