[Security/Core] cleanup Argon2-related code

nicolas-grekas · nicolas-grekas · commit 6eaec4fad37b · 2019-06-25T14:18:37.000+02:00
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
@@ -410,8 +410,14 @@ private function addEncodersSection(ArrayNodeDefinition $rootNode)
                                 ->max(31)
                                 ->defaultNull()
                             ->end()
-                            ->scalarNode('memory_cost')->defaultNull()->end()
-                            ->scalarNode('time_cost')->defaultNull()->end()
+                            ->integerNode('memory_cost')
+                                ->min(10 * 1024)
+                                ->defaultNull()
+                            ->end()
+                            ->integerNode('time_cost')
+                                ->min(3)
+                                ->defaultNull()
+                            ->end()
                             ->scalarNode('threads')
                                 ->defaultNull()
                                 ->setDeprecated('The "%path%.%node%" configuration key has no effect since Symfony 4.3 and will be removed in 5.0.')
diff --git a/src/Symfony/Component/Security/Core/Encoder/NativePasswordEncoder.php b/src/Symfony/Component/Security/Core/Encoder/NativePasswordEncoder.php
@@ -33,8 +33,8 @@ public function __construct(int $opsLimit = null, int $memLimit = null, int $cos
         $opsLimit = $opsLimit ?? max(6, \defined('SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE') ? \SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE : 6);
         $memLimit = $memLimit ?? max(64 * 1024 * 1024, \defined('SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE') ? \SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE : 64 * 1024 * 1024);
 
-        if (2 > $opsLimit) {
-            throw new \InvalidArgumentException('$opsLimit must be 2 or greater.');
+        if (3 > $opsLimit) {
+            throw new \InvalidArgumentException('$opsLimit must be 3 or greater.');
         }
 
         if (10 * 1024 > $memLimit) {
diff --git a/src/Symfony/Component/Security/Core/Encoder/SodiumPasswordEncoder.php b/src/Symfony/Component/Security/Core/Encoder/SodiumPasswordEncoder.php
@@ -37,8 +37,8 @@ public function __construct(int $opsLimit = null, int $memLimit = null)
         $this->opsLimit = $opsLimit ?? max(6, \defined('SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE') ? \SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE : 6);
         $this->memLimit = $memLimit ?? max(64 * 1024 * 1024, \defined('SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE') ? \SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE : 64 * 1024 * 2014);
 
-        if (2 > $this->opsLimit) {
-            throw new \InvalidArgumentException('$opsLimit must be 2 or greater.');
+        if (3 > $this->opsLimit) {
+            throw new \InvalidArgumentException('$opsLimit must be 3 or greater.');
         }
 
         if (10 * 1024 > $this->memLimit) {
@@ -48,10 +48,6 @@ public function __construct(int $opsLimit = null, int $memLimit = null)
 
     public static function isSupported(): bool
     {
-        if (class_exists('ParagonIE_Sodium_Compat') && method_exists('ParagonIE_Sodium_Compat', 'crypto_pwhash_is_available')) {
-            return \ParagonIE_Sodium_Compat::crypto_pwhash_is_available();
-        }
-
         return \function_exists('sodium_crypto_pwhash_str') || \extension_loaded('libsodium');
     }
 

Original file line number	Diff line number	Diff line change
`@@ -33,8 +33,8 @@ public function __construct(int $opsLimit = null, int $memLimit = null, int $cos`
`33`	`33`	`$opsLimit = $opsLimit ?? max(6, \defined('SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE') ? \SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE : 6);`
`34`	`34`	`$memLimit = $memLimit ?? max(64 * 1024 * 1024, \defined('SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE') ? \SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE : 64 * 1024 * 1024);`
`35`	`35`
`36`		`- if (2 > $opsLimit) {`
`37`		`- throw new \InvalidArgumentException('$opsLimit must be 2 or greater.');`
	`36`	`+ if (3 > $opsLimit) {`
	`37`	`+ throw new \InvalidArgumentException('$opsLimit must be 3 or greater.');`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`if (10 * 1024 > $memLimit) {`
Original file line number	Diff line number	Diff line change
`@@ -37,8 +37,8 @@ public function __construct(int $opsLimit = null, int $memLimit = null)`
`37`	`37`	`$this->opsLimit = $opsLimit ?? max(6, \defined('SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE') ? \SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE : 6);`
`38`	`38`	`$this->memLimit = $memLimit ?? max(64 * 1024 * 1024, \defined('SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE') ? \SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE : 64 * 1024 * 2014);`
`39`	`39`
`40`		`- if (2 > $this->opsLimit) {`
`41`		`- throw new \InvalidArgumentException('$opsLimit must be 2 or greater.');`
	`40`	`+ if (3 > $this->opsLimit) {`
	`41`	`+ throw new \InvalidArgumentException('$opsLimit must be 3 or greater.');`
`42`	`42`	`}`
`43`	`43`
`44`	`44`	`if (10 * 1024 > $this->memLimit) {`
`@@ -48,10 +48,6 @@ public function __construct(int $opsLimit = null, int $memLimit = null)`
`48`	`48`
`49`	`49`	`public static function isSupported(): bool`
`50`	`50`	`{`
`51`		`- if (class_exists('ParagonIE_Sodium_Compat') && method_exists('ParagonIE_Sodium_Compat', 'crypto_pwhash_is_available')) {`
`52`		`- return \ParagonIE_Sodium_Compat::crypto_pwhash_is_available();`
`53`		`- }`
`54`		`-`
`55`	`51`	`return \function_exists('sodium_crypto_pwhash_str') \|\| \extension_loaded('libsodium');`
`56`	`52`	`}`
`57`	`53`