Hash HMAC algo

mlojewski-me · mlojewski-me · commit d7735280a0c0 · 2020-04-13T15:28:50.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Allow email login option
 - UID user table column
 - GID user table column
+- HMAC hash implementation
 
 ## [4.4.1] - 2020-02-02
 ### Fixed
diff --git a/README.md b/README.md
@@ -199,6 +199,7 @@ Argon2i (Crypt) | Requires PHP >= 7.2. See [password_hash](http://php.net/manual
 Argon2id (Crypt) | Requires PHP >= 7.2. See [password_hash](http://php.net/manual/en/function.password-hash.php). | $argon2id$v=19$m=65536,t=4,p=1$eWhTd3huemlhNGFkWTVSSQ$BjSh9PINc9df9WU1zppBsYJKvkwUEYHYNUUMTj+QGPw
 Blowfish (Crypt) | See [password_hash](http://php.net/manual/en/function.password-hash.php). | $2y$10$5rsN1fmoSkaRy9bqhozAXOr0mn0QiVIfd2L04Bbk1Go9MjdvotwBq
 Extended DES (Crypt) | | cDRpdxPmHpzS.
+Hash HMAC | See [hash_hmac](https://www.php.net/manual/en/function.hash-hmac.php). | ba4f8624f0a4d1f2a3991f4d88cd9afb604dac20
 MD5 (Crypt) | | $1$RzaFbNcU$u9adfTY/Q6za6nu0Ogrl1/
 SHA256 (Crypt) | | $5$rounds=5000$VIYD0iHkg7uY9SRc$v2XLS/9dvfFN84mzGvW9wxnVt9Xd/urXaaTkpW8EwD1
 SHA512 (Crypt) | | $6$rounds=5000$yH.Q0OL4qbCOUJ3q$Xry5EVFva3wKnfo8/ktrugmBd8tcl34NK6rXInv1HhmdSUNLEm0La9JnA57rqwQ.9/Bz513MD4tvmmISLUIHs/
diff --git a/js/settings.js b/js/settings.js
@@ -76,15 +76,41 @@ user_sql.adminSettingsUI = function () {
                                 var param = $("<div></div>");
                                 var label = $("<label></label>").attr({for: "opt-crypto_param_" + index});
                                 var title = $("<span></span>").text(data.data[index]["name"]);
-                                var input = $("<input/>").attr({
-                                    type: "number",
-                                    id: "opt-crypto_param_" + index,
-                                    name: "opt-crypto_param_" + index,
-                                    step: 1,
-                                    min: data.data[index]["min"],
-                                    max: data.data[index]["max"],
-                                    value: data.data[index]["value"]
-                                });
+
+                                var input = null;
+                                switch (data.data[index]["type"]) {
+                                    case "choice":
+                                        input = $("<select/>").attr({
+                                            id: "opt-crypto_param_" + index,
+                                            name: "opt-crypto_param_" + index,
+                                        });
+                                        data.data[index]["choices"].forEach(
+                                            function (item) {
+                                                if (data.data[index]["value"] === item) {
+                                                    input.append($("<option/>").attr({
+                                                        value: item,
+                                                        selected: "selected"
+                                                    }).text(item));
+                                                } else {
+                                                    input.append($("<option/>").attr({value: item}).text(item));
+                                                }
+                                            }
+                                        );
+                                        break;
+                                    case "int":
+                                        input = $("<input/>").attr({
+                                            type: "number",
+                                            id: "opt-crypto_param_" + index,
+                                            name: "opt-crypto_param_" + index,
+                                            step: 1,
+                                            min: data.data[index]["min"],
+                                            max: data.data[index]["max"],
+                                            value: data.data[index]["value"]
+                                        });
+                                        break;
+                                    default:
+                                        break;
+                                }
 
                                 label.append(title);
                                 param.append(label);
diff --git a/lib/Controller/SettingsController.php b/lib/Controller/SettingsController.php
@@ -31,6 +31,8 @@
 use OCA\UserSQL\Constant\DB;
 use OCA\UserSQL\Constant\Opt;
 use OCA\UserSQL\Crypto\IPasswordAlgorithm;
+use OCA\UserSQL\Crypto\Param\ChoiceParam;
+use OCA\UserSQL\Crypto\Param\IntParam;
 use OCA\UserSQL\Platform\PlatformFactory;
 use OCA\UserSQL\Properties;
 use OCP\AppFramework\Controller;
@@ -77,8 +79,7 @@ class SettingsController extends Controller
     public function __construct(
         $appName, IRequest $request, ILogger $logger, IL10N $localization,
         Properties $properties, Cache $cache
-    )
-    {
+    ) {
         parent::__construct($appName, $request);
         $this->appName = $appName;
         $this->logger = $logger;
@@ -267,13 +268,23 @@ private function validateCryptoParams()
             $reqParam = $this->request->getParam(
                 "opt-crypto_param_" . $i, null
             );
-            $cryptoParam = $configuration[$i];
-
-            if (is_null($reqParam) || $reqParam < $cryptoParam->min
-                || $reqParam > $cryptoParam->max
-            ) {
+            if (is_null($reqParam)) {
                 return false;
             }
+
+            $cryptoParam = $configuration[$i];
+            switch ($cryptoParam->type) {
+            case ChoiceParam::TYPE:
+                if (!in_array($reqParam, $cryptoParam->choices)) {
+                    return false;
+                }
+                break;
+            case IntParam::TYPE:
+                if ($reqParam < $cryptoParam->min || $reqParam > $cryptoParam->max) {
+                    return false;
+                }
+                break;
+            }
         }
 
         return true;
diff --git a/lib/Crypto/CryptArgon2.php b/lib/Crypto/CryptArgon2.php
@@ -21,6 +21,7 @@
 
 namespace OCA\UserSQL\Crypto;
 
+use OCA\UserSQL\Crypto\Param\IntParam;
 use OCP\IL10N;
 
 /**
@@ -106,14 +107,14 @@ public function getPasswordHash($password, $salt = null)
     public function configuration()
     {
         return [
-            new CryptoParam(
+            new IntParam(
                 "Memory cost (KiB)", PASSWORD_ARGON2_DEFAULT_MEMORY_COST, 1,
                 1048576
             ),
-            new CryptoParam(
+            new IntParam(
                 "Time cost", PASSWORD_ARGON2_DEFAULT_TIME_COST, 1, 1024
             ),
-            new CryptoParam("Threads", PASSWORD_ARGON2_DEFAULT_THREADS, 1, 1024)
+            new IntParam("Threads", PASSWORD_ARGON2_DEFAULT_THREADS, 1, 1024)
         ];
     }
 
diff --git a/lib/Crypto/CryptArgon2id.php b/lib/Crypto/CryptArgon2id.php
@@ -21,6 +21,7 @@
 
 namespace OCA\UserSQL\Crypto;
 
+use OCA\UserSQL\Crypto\Param\IntParam;
 use OCP\IL10N;
 
 /**
@@ -92,7 +93,7 @@ public function checkPassword($password, $dbHash, $salt = null)
     public function getPasswordHash($password, $salt = null)
     {
         return password_hash(
-            $password,  PASSWORD_ARGON2ID, [
+            $password, PASSWORD_ARGON2ID, [
                 "memory_cost" => $this->memoryCost,
                 "time_cost" => $this->timeCost,
                 "threads" => $this->threads
@@ -106,14 +107,14 @@ public function getPasswordHash($password, $salt = null)
     public function configuration()
     {
         return [
-            new CryptoParam(
+            new IntParam(
                 "Memory cost (KiB)", PASSWORD_ARGON2_DEFAULT_MEMORY_COST, 1,
                 1048576
             ),
-            new CryptoParam(
+            new IntParam(
                 "Time cost", PASSWORD_ARGON2_DEFAULT_TIME_COST, 1, 1024
             ),
-            new CryptoParam("Threads", PASSWORD_ARGON2_DEFAULT_THREADS, 1, 1024)
+            new IntParam("Threads", PASSWORD_ARGON2_DEFAULT_THREADS, 1, 1024)
         ];
     }
 
diff --git a/lib/Crypto/CryptBlowfish.php b/lib/Crypto/CryptBlowfish.php
@@ -21,6 +21,7 @@
 
 namespace OCA\UserSQL\Crypto;
 
+use OCA\UserSQL\Crypto\Param\IntParam;
 use OCP\IL10N;
 
 /**
@@ -72,7 +73,7 @@ public function getPasswordHash($password, $salt = null)
      */
     public function configuration()
     {
-        return [new CryptoParam("Cost", 10, 4, 31)];
+        return [new IntParam("Cost", 10, 4, 31)];
     }
 
     /**
diff --git a/lib/Crypto/CryptExtendedDES.php b/lib/Crypto/CryptExtendedDES.php
@@ -21,6 +21,7 @@
 
 namespace OCA\UserSQL\Crypto;
 
+use OCA\UserSQL\Crypto\Param\IntParam;
 use OCP\IL10N;
 
 /**
@@ -53,7 +54,7 @@ public function __construct(IL10N $localization, $iterationCount = 1000)
      */
     public function configuration()
     {
-        return [new CryptoParam("Iterations", 1000, 0, 16777215)];
+        return [new IntParam("Iterations", 1000, 0, 16777215)];
     }
 
     /**
diff --git a/lib/Crypto/CryptSHA256.php b/lib/Crypto/CryptSHA256.php
@@ -21,6 +21,7 @@
 
 namespace OCA\UserSQL\Crypto;
 
+use OCA\UserSQL\Crypto\Param\IntParam;
 use OCP\IL10N;
 
 /**
@@ -40,7 +41,7 @@ class CryptSHA256 extends AbstractCrypt
      * The class constructor.
      *
      * @param IL10N $localization The localization service.
-     * @param   int $rounds       The number of rounds.
+     * @param int   $rounds       The number of rounds.
      *                            This value must be between 1000 and 999999999.
      */
     public function __construct(IL10N $localization, $rounds = 5000)
@@ -54,7 +55,7 @@ public function __construct(IL10N $localization, $rounds = 5000)
      */
     public function configuration()
     {
-        return [new CryptoParam("Rounds", 5000, 1000, 999999999)];
+        return [new IntParam("Rounds", 5000, 1000, 999999999)];
     }
 
     /**
diff --git a/lib/Crypto/CryptSHA512.php b/lib/Crypto/CryptSHA512.php
@@ -21,6 +21,7 @@
 
 namespace OCA\UserSQL\Crypto;
 
+use OCA\UserSQL\Crypto\Param\IntParam;
 use OCP\IL10N;
 
 /**
@@ -40,7 +41,7 @@ class CryptSHA512 extends AbstractCrypt
      * The class constructor.
      *
      * @param IL10N $localization The localization service.
-     * @param   int $rounds       The number of rounds.
+     * @param int   $rounds       The number of rounds.
      *                            This value must be between 1000 and 999999999.
      */
     public function __construct(IL10N $localization, $rounds = 5000)
@@ -54,7 +55,7 @@ public function __construct(IL10N $localization, $rounds = 5000)
      */
     public function configuration()
     {
-        return [new CryptoParam("Rounds", 5000, 1000, 999999999)];
+        return [new IntParam("Rounds", 5000, 1000, 999999999)];
     }
 
     /**
diff --git a/lib/Crypto/HashHmac.php b/lib/Crypto/HashHmac.php
@@ -0,0 +1,79 @@
+<?php
+/**
+ * Nextcloud - user_sql
+ *
+ * @copyright 2020 Marcin Łojewski <dev@mlojewski.me>
+ * @author    Marcin Łojewski <dev@mlojewski.me>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace OCA\UserSQL\Crypto;
+
+use OCA\UserSQL\Crypto\Param\ChoiceParam;
+use OCP\IL10N;
+
+/**
+ * HMAC hash implementation.
+ *
+ * @see    hash_hmac()
+ * @author Marcin Łojewski <dev@mlojewski.me>
+ */
+class HashHmac extends AbstractAlgorithm
+{
+    const DEFAULT_ALGORITHM = "ripemd160";
+
+    /**
+     * @var string Hashing algorithm name.
+     */
+    private $hashingAlgorithm;
+
+    /**
+     * The class constructor.
+     *
+     * @param IL10N  $localization     The localization service.
+     * @param string $hashingAlgorithm Hashing algorithm name.
+     */
+    public function __construct(IL10N $localization, $hashingAlgorithm = self::DEFAULT_ALGORITHM)
+    {
+        parent::__construct($localization);
+        $this->hashingAlgorithm = $hashingAlgorithm;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getPasswordHash($password, $salt = null)
+    {
+        return hash_hmac($this->hashingAlgorithm, $password, $salt);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function configuration()
+    {
+        return [
+            new ChoiceParam("Hashing algorithm", self::DEFAULT_ALGORITHM, hash_hmac_algos())
+        ];
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function getAlgorithmName()
+    {
+        return "Hash HMAC";
+    }
+}
diff --git a/lib/Crypto/Param/ChoiceParam.php b/lib/Crypto/Param/ChoiceParam.php
@@ -0,0 +1,50 @@
+<?php
+/**
+ * Nextcloud - user_sql
+ *
+ * @copyright 2020 Marcin Łojewski <dev@mlojewski.me>
+ * @author    Marcin Łojewski <dev@mlojewski.me>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace OCA\UserSQL\Crypto\Param;
+
+/**
+ * A choice parameter of a hash algorithm.
+ *
+ * @author Marcin Łojewski <dev@mlojewski.me>
+ */
+class ChoiceParam extends CryptoParam
+{
+    const TYPE = "choice";
+
+    /**
+     * @var array Available choices.
+     */
+    public $choices;
+
+    /**
+     * Class constructor.
+     *
+     * @param $name      string Parameter name.
+     * @param $value     mixed Parameter default value.
+     * @param $choices   array Available choices.
+     */
+    public function __construct($name, $value = null, $choices = [])
+    {
+        parent::__construct(self::TYPE, $name, $value);
+        $this->choices = $choices;
+    }
+}
diff --git a/lib/Crypto/Param/CryptoParam.php b/lib/Crypto/Param/CryptoParam.php
diff --git a/lib/Crypto/Param/IntParam.php b/lib/Crypto/Param/IntParam.php
diff --git a/lib/Crypto/Phpass.php b/lib/Crypto/Phpass.php
diff --git a/templates/admin.php b/templates/admin.php
diff --git a/tests/Crypto/HashHmacTest.php b/tests/Crypto/HashHmacTest.php
diff --git a/tests/Crypto/SHA256Test.php b/tests/Crypto/SHA256Test.php

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,7 @@`
`21`	`21`
`22`	`22`	`namespace OCA\UserSQL\Crypto;`
`23`	`23`
	`24`	`+use OCA\UserSQL\Crypto\Param\IntParam;`
`24`	`25`	`use OCP\IL10N;`
`25`	`26`
`26`	`27`	`/**`
`@@ -72,7 +73,7 @@ public function getPasswordHash($password, $salt = null)`
`72`	`73`	`*/`
`73`	`74`	`public function configuration()`
`74`	`75`	`{`
`75`		`- return [new CryptoParam("Cost", 10, 4, 31)];`
	`76`	`+ return [new IntParam("Cost", 10, 4, 31)];`
`76`	`77`	`}`
`77`	`78`
`78`	`79`	`/**`