Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 2711d14

Browse filesBrowse files
fabpotfabpot
committed
feature #26175 [Security] Add configuration for Argon2i encryption (CoalaJoe)
This PR was merged into the 4.1-dev branch. Discussion ---------- [Security] Add configuration for Argon2i encryption | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #26174 | License | MIT | Doc PR | [#9300](symfony/symfony-docs#9300) Feedback? Current situation: Configuration only applies if argon2i is natively supported. Commits ------- 1300fec [Security] Add configuration for Argon2i encryption
2 parents a347f46 + 1300fec commit 2711d14
Copy full SHA for 2711d14

File tree

Expand file treeCollapse file tree

10 files changed

+118
-39
lines changed
Filter options
Expand file treeCollapse file tree

10 files changed

+118
-39
lines changed

‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
+3Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -385,6 +385,9 @@ private function addEncodersSection(ArrayNodeDefinition $rootNode)
385385
->max(31)
386386
->defaultValue(13)
387387
->end()
388+
->scalarNode('memory_cost')->defaultNull()->end()
389+
->scalarNode('time_cost')->defaultNull()->end()
390+
->scalarNode('threads')->defaultNull()->end()
388391
->scalarNode('id')->end()
389392
->end()
390393
->end()

‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
+5-1Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -523,7 +523,11 @@ private function createEncoder($config, ContainerBuilder $container)
523523

524524
return array(
525525
'class' => 'Symfony\Component\Security\Core\Encoder\Argon2iPasswordEncoder',
526-
'arguments' => array(),
526+
'arguments' => array(
527+
$config['memory_cost'],
528+
$config['time_cost'],
529+
$config['threads'],
530+
),
527531
);
528532
}
529533

‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
+52-5Lines changed: 52 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -285,6 +285,9 @@ public function testEncoders()
285285
'key_length' => 40,
286286
'ignore_case' => false,
287287
'cost' => 13,
288+
'memory_cost' => null,
289+
'time_cost' => null,
290+
'threads' => null,
288291
),
289292
'JMS\FooBundle\Entity\User3' => array(
290293
'algorithm' => 'md5',
@@ -294,6 +297,9 @@ public function testEncoders()
294297
'encode_as_base64' => true,
295298
'iterations' => 5000,
296299
'cost' => 13,
300+
'memory_cost' => null,
301+
'time_cost' => null,
302+
'threads' => null,
297303
),
298304
'JMS\FooBundle\Entity\User4' => new Reference('security.encoder.foo'),
299305
'JMS\FooBundle\Entity\User5' => array(
@@ -307,16 +313,57 @@ public function testEncoders()
307313
)), $container->getDefinition('security.encoder_factory.generic')->getArguments());
308314
}
309315

310-
public function testArgon2iEncoder()
316+
public function testEncodersWithLibsodium()
311317
{
312318
if (!Argon2iPasswordEncoder::isSupported()) {
313319
$this->markTestSkipped('Argon2i algorithm is not supported.');
314320
}
315321

316-
$this->assertSame(array(array('JMS\FooBundle\Entity\User7' => array(
317-
'class' => 'Symfony\Component\Security\Core\Encoder\Argon2iPasswordEncoder',
318-
'arguments' => array(),
319-
))), $this->getContainer('argon2i_encoder')->getDefinition('security.encoder_factory.generic')->getArguments());
322+
$container = $this->getContainer('argon2i_encoder');
323+
324+
$this->assertEquals(array(array(
325+
'JMS\FooBundle\Entity\User1' => array(
326+
'class' => 'Symfony\Component\Security\Core\Encoder\PlaintextPasswordEncoder',
327+
'arguments' => array(false),
328+
),
329+
'JMS\FooBundle\Entity\User2' => array(
330+
'algorithm' => 'sha1',
331+
'encode_as_base64' => false,
332+
'iterations' => 5,
333+
'hash_algorithm' => 'sha512',
334+
'key_length' => 40,
335+
'ignore_case' => false,
336+
'cost' => 13,
337+
'memory_cost' => null,
338+
'time_cost' => null,
339+
'threads' => null,
340+
),
341+
'JMS\FooBundle\Entity\User3' => array(
342+
'algorithm' => 'md5',
343+
'hash_algorithm' => 'sha512',
344+
'key_length' => 40,
345+
'ignore_case' => false,
346+
'encode_as_base64' => true,
347+
'iterations' => 5000,
348+
'cost' => 13,
349+
'memory_cost' => null,
350+
'time_cost' => null,
351+
'threads' => null,
352+
),
353+
'JMS\FooBundle\Entity\User4' => new Reference('security.encoder.foo'),
354+
'JMS\FooBundle\Entity\User5' => array(
355+
'class' => 'Symfony\Component\Security\Core\Encoder\Pbkdf2PasswordEncoder',
356+
'arguments' => array('sha1', false, 5, 30),
357+
),
358+
'JMS\FooBundle\Entity\User6' => array(
359+
'class' => 'Symfony\Component\Security\Core\Encoder\BCryptPasswordEncoder',
360+
'arguments' => array(15),
361+
),
362+
'JMS\FooBundle\Entity\User7' => array(
363+
'class' => 'Symfony\Component\Security\Core\Encoder\Argon2iPasswordEncoder',
364+
'arguments' => array(256, 1, 2),
365+
),
366+
)), $container->getDefinition('security.encoder_factory.generic')->getArguments());
320367
}
321368

322369
public function testRememberMeThrowExceptionsDefault()

‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/argon2i_encoder.php

Copy file name to clipboard
+5-9Lines changed: 5 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,14 @@
11
<?php
22

3+
$this->load('container1.php', $container);
4+
35
$container->loadFromExtension('security', array(
46
'encoders' => array(
57
'JMS\FooBundle\Entity\User7' => array(
68
'algorithm' => 'argon2i',
7-
),
8-
),
9-
'providers' => array(
10-
'default' => array('id' => 'foo'),
11-
),
12-
'firewalls' => array(
13-
'main' => array(
14-
'form_login' => false,
15-
'http_basic' => null,
9+
'memory_cost' => 256,
10+
'time_cost' => 1,
11+
'threads' => 2,
1612
),
1713
),
1814
));

‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/argon2i_encoder.xml

Copy file name to clipboard
+11-13Lines changed: 11 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,16 @@
11
<?xml version="1.0" encoding="UTF-8"?>
22

3-
<srv:container xmlns="http://symfony.com/schema/dic/security"
4-
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5-
xmlns:srv="http://symfony.com/schema/dic/services"
6-
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
3+
<container xmlns="http://symfony.com/schema/dic/services"
4+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5+
xmlns:sec="http://symfony.com/schema/dic/security"
6+
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
77

8-
<config>
9-
<encoder class="JMS\FooBundle\Entity\User7" algorithm="argon2i" />
8+
<imports>
9+
<import resource="container1.xml"/>
10+
</imports>
1011

11-
<provider name="default" id="foo" />
12+
<sec:config>
13+
<sec:encoder class="JMS\FooBundle\Entity\User7" algorithm="argon2i" memory_cost="256" time_cost="1" threads="2" />
14+
</sec:config>
1215

13-
<firewall name="main">
14-
<form-login login-path="/login" />
15-
</firewall>
16-
</config>
17-
18-
</srv:container>
16+
</container>

‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/argon2i_encoder.yml

Copy file name to clipboard
+6-8Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,10 @@
1+
imports:
2+
- { resource: container1.yml }
3+
14
security:
25
encoders:
36
JMS\FooBundle\Entity\User7:
47
algorithm: argon2i
5-
6-
providers:
7-
default: { id: foo }
8-
9-
firewalls:
10-
main:
11-
form_login: false
12-
http_basic: ~
8+
memory_cost: 256
9+
time_cost: 1
10+
threads: 2

‎src/Symfony/Bundle/SecurityBundle/composer.json

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/composer.json
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
"require": {
1919
"php": "^7.1.3",
2020
"ext-xml": "*",
21-
"symfony/security": "~3.4|~4.0",
21+
"symfony/security": "~4.1",
2222
"symfony/dependency-injection": "^3.4.3|^4.0.3",
2323
"symfony/http-kernel": "~3.4|~4.0"
2424
},

‎src/Symfony/Component/Security/Core/Encoder/Argon2iPasswordEncoder.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Encoder/Argon2iPasswordEncoder.php
+22-1Lines changed: 22 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,9 +17,30 @@
1717
* Argon2iPasswordEncoder uses the Argon2i hashing algorithm.
1818
*
1919
* @author Zan Baldwin <hello@zanbaldwin.com>
20+
* @author Dominik Müller <dominik.mueller@jkweb.ch>
2021
*/
2122
class Argon2iPasswordEncoder extends BasePasswordEncoder implements SelfSaltingEncoderInterface
2223
{
24+
private $config = array();
25+
26+
/**
27+
* Argon2iPasswordEncoder constructor.
28+
*
29+
* @param int|null $memoryCost memory usage of the algorithm
30+
* @param int|null $timeCost number of iterations
31+
* @param int|null $threads number of parallel threads
32+
*/
33+
public function __construct(int $memoryCost = null, int $timeCost = null, int $threads = null)
34+
{
35+
if (\defined('PASSWORD_ARGON2I')) {
36+
$this->config = array(
37+
'memory_cost' => $memoryCost ?? \PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
38+
'time_cost' => $timeCost ?? \PASSWORD_ARGON2_DEFAULT_TIME_COST,
39+
'threads' => $threads ?? \PASSWORD_ARGON2_DEFAULT_THREADS,
40+
);
41+
}
42+
}
43+
2344
public static function isSupported()
2445
{
2546
if (\defined('PASSWORD_ARGON2I')) {
@@ -81,7 +102,7 @@ public function isPasswordValid($encoded, $raw, $salt)
81102

82103
private function encodePasswordNative($raw)
83104
{
84-
return password_hash($raw, \PASSWORD_ARGON2I);
105+
return password_hash($raw, \PASSWORD_ARGON2I, $this->config);
85106
}
86107

87108
private function encodePasswordSodiumFunction($raw)

‎src/Symfony/Component/Security/Core/Encoder/EncoderFactory.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Encoder/EncoderFactory.php
+5-1Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -111,7 +111,11 @@ private function getEncoderConfigFromAlgorithm($config)
111111
case 'argon2i':
112112
return array(
113113
'class' => Argon2iPasswordEncoder::class,
114-
'arguments' => array(),
114+
'arguments' => array(
115+
$config['memory_cost'],
116+
$config['time_cost'],
117+
$config['threads'],
118+
),
115119
);
116120
}
117121

‎src/Symfony/Component/Security/Core/Tests/Encoder/Argon2iPasswordEncoderTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Encoder/Argon2iPasswordEncoderTest.php
+8Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,14 @@ protected function setUp()
2828
}
2929
}
3030

31+
public function testValidationWithConfig()
32+
{
33+
$encoder = new Argon2iPasswordEncoder(4, 4, 1);
34+
$result = $encoder->encodePassword(self::PASSWORD, null);
35+
$this->assertTrue($encoder->isPasswordValid($result, self::PASSWORD, null));
36+
$this->assertFalse($encoder->isPasswordValid($result, 'anotherPassword', null));
37+
}
38+
3139
public function testValidation()
3240
{
3341
$encoder = new Argon2iPasswordEncoder();

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.