Merge remote-tracking branch 'upstream/pull/4720'

[rails.git] / lib / password_hash.rb

diff --git a/lib/password_hash.rb b/lib/password_hash.rb
index c65df2c4fd7fc070496cf8dac2c5851e3e12f25a..325955cf114f1a207bf93a9dbf8f58a11d16fed0 100644 (file)
--- a/lib/password_hash.rb
+++ b/lib/password_hash.rb
@@ -1,51 +1,44 @@
-require "securerandom"
-require "openssl"
+require "argon2"
 require "base64"
 require "digest/md5"
+require "openssl"
+require "securerandom"
 
 module PasswordHash
-  SALT_BYTE_SIZE = 32
-  HASH_BYTE_SIZE = 32
-  PBKDF2_ITERATIONS = 10000
-  DIGEST_ALGORITHM = "sha512".freeze
+  FORMAT = Argon2::HashFormat.new(Argon2::Password.create(""))
 
   def self.create(password)
-    salt = SecureRandom.base64(SALT_BYTE_SIZE)
-    hash = self.hash(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE, DIGEST_ALGORITHM)
-    [hash, [DIGEST_ALGORITHM, PBKDF2_ITERATIONS, salt].join("!")]
+    hash = Argon2::Password.create(password)
+    [hash, nil]
   end
 
   def self.check(hash, salt, candidate)
-    if salt.nil?
-      candidate = Digest::MD5.hexdigest(candidate)
-    elsif salt =~ /!/
+    if Argon2::HashFormat.valid_hash?(hash)
+      Argon2::Password.verify_password(candidate, hash)
+    elsif salt.nil?
+      ActiveSupport::SecurityUtils.secure_compare(hash, Digest::MD5.hexdigest(candidate))
+    elsif salt.include?("!")
       algorithm, iterations, salt = salt.split("!")
       size = Base64.strict_decode64(hash).length
-      candidate = self.hash(candidate, salt, iterations.to_i, size, algorithm)
+      ActiveSupport::SecurityUtils.secure_compare(hash, pbkdf2(candidate, salt, iterations.to_i, size, algorithm))
     else
-      candidate = Digest::MD5.hexdigest(salt + candidate)
+      ActiveSupport::SecurityUtils.secure_compare(hash, Digest::MD5.hexdigest(salt + candidate))
     end
-
-    hash == candidate
   end
 
-  def self.upgrade?(hash, salt)
-    if salt.nil?
-      return true
-    elsif salt =~ /!/
-      algorithm, iterations, salt = salt.split("!")
-      return true if Base64.strict_decode64(salt).length != SALT_BYTE_SIZE
-      return true if Base64.strict_decode64(hash).length != HASH_BYTE_SIZE
-      return true if iterations.to_i != PBKDF2_ITERATIONS
-      return true if algorithm != DIGEST_ALGORITHM
-    else
-      return true
-    end
+  def self.upgrade?(hash, _salt)
+    format = Argon2::HashFormat.new(hash)
 
-    false
+    format.variant != FORMAT.variant ||
+      format.version != FORMAT.version ||
+      format.t_cost != FORMAT.t_cost ||
+      format.m_cost != FORMAT.m_cost ||
+      format.p_cost != FORMAT.p_cost
+  rescue Argon2::ArgonHashFail
+    true
   end
 
-  def self.hash(password, salt, iterations, size, algorithm)
+  def self.pbkdf2(password, salt, iterations, size, algorithm)
     digest = OpenSSL::Digest.new(algorithm)
     pbkdf2 = OpenSSL::PKCS5.pbkdf2_hmac(password, salt, iterations, size, digest)
     Base64.strict_encode64(pbkdf2)