diff options
author | TheFirstGoodmaN <marco1989@gmx.ch> | 2022-03-20 12:52:15 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-20 12:52:15 +0300 |
commit | d9ec5be68dbe9d18b24f244aacd158018326fbe3 (patch) | |
tree | a20dd1e0321a4997260afcba64afc213060bbee8 | |
parent | 9077da1dffafaa7f7b393bd6bf8666a3d2a2bfd9 (diff) |
Add ssha256 password algo (#8479)
-rw-r--r-- | plugins/password/config.inc.php.dist | 2 | ||||
-rw-r--r-- | plugins/password/password.php | 20 | ||||
-rw-r--r-- | plugins/password/tests/Password.php | 3 |
3 files changed, 24 insertions, 1 deletions
diff --git a/plugins/password/config.inc.php.dist b/plugins/password/config.inc.php.dist index 9b78a44ec..f63d4ba5d 100644 --- a/plugins/password/config.inc.php.dist +++ b/plugins/password/config.inc.php.dist @@ -44,7 +44,7 @@ $config['password_force_new_user'] = false; // Password hashing/crypting algorithm. // Possible options: des-crypt, ext-des-crypt, md5-crypt, blowfish-crypt, -// sha256-crypt, sha512-crypt, md5, sha, smd5, ssha, ssha512, samba, ad, dovecot, clear. +// sha256-crypt, sha512-crypt, md5, sha, smd5, ssha, ssha256, ssha512, samba, ad, dovecot, clear. // Also supported are password_hash() algoriths: hash-bcrypt, hash-argon2i, hash-argon2id. // Default: 'clear' (no hashing) // For details see password::hash_password() method. diff --git a/plugins/password/password.php b/plugins/password/password.php index 9a75d7639..ebde3ecbd 100644 --- a/plugins/password/password.php +++ b/plugins/password/password.php @@ -636,6 +636,26 @@ class password extends rcube_plugin $prefix = '{SSHA}'; break; + // base64 encoded ssha256 for mailcow + case 'ssha256': + $salt = rcube_utils::random_bytes(8); + + if (function_exists('hash')) { + $salt = substr(pack("H*", hash('sha256', $salt . $password)), 0, 4); + $crypted = hash('sha256', $password . $salt, true); + } + else { + rcube::raise_error([ + 'code' => 600, 'file' => __FILE__, 'line' => __LINE__, + 'message' => "Password plugin: Your PHP installation does not have the hash() function" + ], true, true + ); + } + + $crypted = base64_encode($crypted . $salt); + $prefix = '{SSHA256}'; + break; + case 'ssha512': $salt = rcube_utils::random_bytes(8); diff --git a/plugins/password/tests/Password.php b/plugins/password/tests/Password.php index ba5fe6552..48b55027e 100644 --- a/plugins/password/tests/Password.php +++ b/plugins/password/tests/Password.php @@ -102,6 +102,9 @@ class Password_Plugin extends PHPUnit\Framework\TestCase $pass = password::hash_password('test', 'ssha'); $this->assertMatchesRegularExpression('/^\{SSHA\}[a-zA-Z0-9+\/]{32}$/', $pass); + $pass = password::hash_password('test', 'ssha256'); + $this->assertMatchesRegularExpression('/^\{SSHA256\}[a-zA-Z0-9+\/=]{48}$/', $pass); + $pass = password::hash_password('test', 'sha256-crypt'); $this->assertMatchesRegularExpression('/^\{SHA256-CRYPT\}\$5\$[a-zA-Z0-9]{16}\$[a-zA-Z0-9.\/]{43}$/', $pass); |