mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix Argon2 options checks 

The minimum for memory cost is 8 KiB per thread. Threads must be checked and set first to allow checking against the correct memory cost mimimum.
Options are now applied the following way:
- If config.php contains the setting with an integer higher or equal to the minimum, it is applied.
- If config.php contains the setting with an integer lower than the minimum, the minimum is applied.
- If config.php does not contain the setting or with no integer value, the PHP default is applied.

Signed-off-by: MichaIng <micha@dietpi.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
MichaIng 2020-04-28 21:04:34 +02:00 committed by Roeland Jago Douma
parent a1c1b354fc
commit ad60619655
No known key found for this signature in database
GPG Key ID: F941078878347C0C
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/private/Security/Hasher.php
View File

@ -67,16 +67,11 @@ class Hasher implements IHasher {
if (\defined('PASSWORD_ARGON2I')) { if (\defined('PASSWORD_ARGON2I')) {
// password_hash fails, when the minimum values are undershot. // password_hash fails, when the minimum values are undershot.
// In this case, ignore and revert to default // In this case, apply minimum.
if ($this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 8) { $this->options['threads'] = max($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS), 1);
$this->options['memory_cost'] = $this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST); // The minimum memory cost is 8 KiB per thread.
} $this->options['memory_cost'] = max($this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST), $this->options['threads'] * 8);
if ($this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 1) { $this->options['time_cost'] = max($this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST), 1);
$this->options['time_cost'] = $this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST);
}
if ($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 1) {
$this->options['threads'] = $this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS);
}
} }
$hashingCost = $this->config->getSystemValue('hashingCost', null); $hashingCost = $this->config->getSystemValue('hashingCost', null);

5
tests/lib/Security/HasherTest.php
View File

@ -113,6 +113,11 @@ class HasherTest extends \Test\TestCase {
$this->config = $this->createMock(IConfig::class); $this->config = $this->createMock(IConfig::class);
$this->config->method('getSystemValueInt')
->willReturnCallback(function ($name, $default) {
return $default;
});
$this->hasher = new Hasher($this->config); $this->hasher = new Hasher($this->config);
} }