issue#79 Password error on sha512 with salt

mlojewski-me · mlojewski-me · commit fb029b8b2740 · 2018-12-16T12:32:49.000+01:00
Added SHA-256, SHA-512
diff --git a/README.md b/README.md
@@ -195,8 +195,10 @@ Drupal 7 | See [phpass](http://www.openwall.com/phpass/). | $S$DC7eCpJQ3SUQtW4Bp
 Joomla MD5 Encryption | Generates 32 chars salt. | 14d21b49b0f13e2acba962b6b0039edd:haJK0yTvBXTNMh76xwEw5RYEVpJsN8us
 MD5 | No salt supported. | 5f4dcc3b5aa765d61d8327deb882cf99
 Portable PHP password | See [phpass](http://www.openwall.com/phpass/). | $P$BxrwraqNTi4as0EI.IpiA/K.muk9ke/
-SHA1 | No salt supported. | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
-SHA512 Whirlpool | No salt supported. | a96b16ebb691dbe968b0d66d0d924cff5cf5de5e0885181d00761d87f295b2bf3d3c66187c050fc01c196ff3acaa48d3561ffd170413346e934a32280d632f2e
+SHA-1 | No salt supported. | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
+SHA-256 | No salt supported. | 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
+SHA-512 | No salt supported. | b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86
+SHA-512 Whirlpool | No salt supported. | a96b16ebb691dbe968b0d66d0d924cff5cf5de5e0885181d00761d87f295b2bf3d3c66187c050fc01c196ff3acaa48d3561ffd170413346e934a32280d632f2e
 SSHA256 | Generates 32 chars salt. | {SSHA256}+WxTB3JxprNteeovsuSYtgI+UkVPA9lfwGoYkz3Ff7hjd1FSdmlTMkNsSExyR21KM3NvNTZ5V0p4WXJMUjFzUg==
 SSHA512 | Generates 32 chars salt. | {SSHA512}It+v1kAEUBbhMJYJ2swAtz+RLE6ispv/FB6G/ALhK/YWwEmrloY+0jzrWIfmu+rWUXp8u0Tg4jLXypC5oXAW00IyYnRVdEZJbE9wak96bkNRVWFCYmlJNWxrdTA0QmhL
 WoltLab Community Framework 2.x | Double salted bcrypt. | $2a$08$XEQDKNU/Vbootwxv5Gp7gujxFX/RUFsZLvQPYM435Dd3/p17fto02
diff --git a/lib/Crypto/SHA1.php b/lib/Crypto/SHA1.php
@@ -24,7 +24,7 @@
 use OCP\IL10N;
 
 /**
- * SHA1 hash implementation.
+ * SHA-1 hash implementation.
  *
  * @author Marcin Łojewski <dev@mlojewski.me>
  */
@@ -53,6 +53,6 @@ public function getPasswordHash($password)
      */
     protected function getAlgorithmName()
     {
-        return "SHA1";
+        return "SHA-1";
     }
 }
diff --git a/lib/Crypto/SHA256.php b/lib/Crypto/SHA256.php
@@ -0,0 +1,58 @@
+<?php
+/**
+ * Nextcloud - user_sql
+ *
+ * @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
+ * @author    Marcin Łojewski <dev@mlojewski.me>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace OCA\UserSQL\Crypto;
+
+use OCP\IL10N;
+
+/**
+ * SHA-256 hash implementation.
+ *
+ * @author Marcin Łojewski <dev@mlojewski.me>
+ */
+class SHA256 extends AbstractAlgorithm
+{
+    /**
+     * The class constructor.
+     *
+     * @param IL10N $localization The localization service.
+     */
+    public function __construct(IL10N $localization)
+    {
+        parent::__construct($localization);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getPasswordHash($password)
+    {
+        return hash('sha256', $password);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function getAlgorithmName()
+    {
+        return "SHA-256";
+    }
+}
diff --git a/lib/Crypto/SHA512.php b/lib/Crypto/SHA512.php
@@ -0,0 +1,58 @@
+<?php
+/**
+ * Nextcloud - user_sql
+ *
+ * @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
+ * @author    Marcin Łojewski <dev@mlojewski.me>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace OCA\UserSQL\Crypto;
+
+use OCP\IL10N;
+
+/**
+ * SHA-512 hash implementation.
+ *
+ * @author Marcin Łojewski <dev@mlojewski.me>
+ */
+class SHA512 extends AbstractAlgorithm
+{
+    /**
+     * The class constructor.
+     *
+     * @param IL10N $localization The localization service.
+     */
+    public function __construct(IL10N $localization)
+    {
+        parent::__construct($localization);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getPasswordHash($password)
+    {
+        return hash('sha512', $password);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function getAlgorithmName()
+    {
+        return "SHA-512";
+    }
+}
diff --git a/lib/Crypto/SHA512Whirlpool.php b/lib/Crypto/SHA512Whirlpool.php
@@ -24,7 +24,7 @@
 use OCP\IL10N;
 
 /**
- * SHA512 Whirlpool hash implementation.
+ * SHA-512 Whirlpool hash implementation.
  *
  * @author Marcin Łojewski <dev@mlojewski.me>
  */
@@ -53,6 +53,6 @@ public function getPasswordHash($password)
      */
     protected function getAlgorithmName()
     {
-        return "SHA512 Whirlpool";
+        return "SHA-512 Whirlpool";
     }
 }
diff --git a/tests/Crypto/SHA256Test.php b/tests/Crypto/SHA256Test.php
@@ -0,0 +1,61 @@
+<?php
+/**
+ * Nextcloud - user_sql
+ *
+ * @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
+ * @author    Marcin Łojewski <dev@mlojewski.me>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace Tests\UserSQL\Crypto;
+
+use OCA\UserSQL\Crypto\IPasswordAlgorithm;
+use OCA\UserSQL\Crypto\SHA256;
+use OCP\IL10N;
+use Test\TestCase;
+
+/**
+ * Unit tests for class <code>SHA256</code>.
+ *
+ * @author Marcin Łojewski <dev@mlojewski.me>
+ */
+class SHA512Test extends TestCase
+{
+    /**
+     * @var IPasswordAlgorithm
+     */
+    private $crypto;
+
+    public function testCheckPassword()
+    {
+        $this->assertTrue(
+            $this->crypto->checkPassword(
+                "password", "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8"
+            )
+        );
+    }
+
+    public function testPasswordHash()
+    {
+        $hash = $this->crypto->getPasswordHash("password");
+        $this->assertTrue($this->crypto->checkPassword("password", $hash));
+    }
+
+    protected function setUp()
+    {
+        parent::setUp();
+        $this->crypto = new SHA256($this->createMock(IL10N::class));
+    }
+}
diff --git a/tests/Crypto/SHA512Test.php b/tests/Crypto/SHA512Test.php
@@ -0,0 +1,62 @@
+<?php
+/**
+ * Nextcloud - user_sql
+ *
+ * @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
+ * @author    Marcin Łojewski <dev@mlojewski.me>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace Tests\UserSQL\Crypto;
+
+use OCA\UserSQL\Crypto\IPasswordAlgorithm;
+use OCA\UserSQL\Crypto\SHA512;
+use OCP\IL10N;
+use Test\TestCase;
+
+/**
+ * Unit tests for class <code>SHA512</code>.
+ *
+ * @author Marcin Łojewski <dev@mlojewski.me>
+ */
+class SHA512Test extends TestCase
+{
+    /**
+     * @var IPasswordAlgorithm
+     */
+    private $crypto;
+
+    public function testCheckPassword()
+    {
+        $this->assertTrue(
+            $this->crypto->checkPassword(
+                "password",
+                "b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86"
+            )
+        );
+    }
+
+    public function testPasswordHash()
+    {
+        $hash = $this->crypto->getPasswordHash("password");
+        $this->assertTrue($this->crypto->checkPassword("password", $hash));
+    }
+
+    protected function setUp()
+    {
+        parent::setUp();
+        $this->crypto = new SHA512($this->createMock(IL10N::class));
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@`
`24`	`24`	`use OCP\IL10N;`
`25`	`25`
`26`	`26`	`/**`
`27`		`- * SHA1 hash implementation.`
	`27`	`+ * SHA-1 hash implementation.`
`28`	`28`	`*`
`29`	`29`	`* @author Marcin Łojewski <dev@mlojewski.me>`
`30`	`30`	`*/`
`@@ -53,6 +53,6 @@ public function getPasswordHash($password)`
`53`	`53`	`*/`
`54`	`54`	`protected function getAlgorithmName()`
`55`	`55`	`{`
`56`		`- return "SHA1";`
	`56`	`+ return "SHA-1";`
`57`	`57`	`}`
`58`	`58`	`}`