Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Yescrypt support to crypt() and password API #16452

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Add Yescrypt support to crypt() and password API #16452

wants to merge 1 commit into from

Conversation

nielsdos
Copy link
Member

@nielsdos nielsdos commented Oct 15, 2024
edited
Loading

Implements #12911
Might need an RFC to decide on some non-trivial details

@nielsdos nielsdos linked an issue Oct 15, 2024 that may be closed by this pull request
password_hash()/password_verify() functions should support yescrypt #12911
Open
TimWolla
TimWolla reviewed Oct 16, 2024
View reviewed changes
Copy link
Member

@TimWolla TimWolla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some remarks, didn't look at everything and especially not in detail.

ext/standard/yescrypt/sha256.c Outdated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We probably want to reuse the existing SHA-256 implementation (for SHA-NI support).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll try; it has some extra stuff here like PBKDF2 etc, but the main loop can invoke the existing code probably.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on the license comment, this is the SHA-256 implementation from libcperciva, thus it's the same author as the SHA-NI implementation. The API should be compatible.

As for PBKDF2, PHP necessarily also contains an existing implementation of that, but I didn't check if the API matches.

TimWolla
TimWolla reviewed Oct 16, 2024
View reviewed changes
Copy link
Member

@TimWolla TimWolla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did another pass, looking a bit more in detail. It might make sense to loop in Solar Designer for him to verify if this integration is any good. From what I have seen he was somewhat involved in PHP before.

ext/standard/tests/password/password_verify_yescrypt.phpt
--FILE--
<?php

// TODO: what to do with \0 ???
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For visibility: TODO.

ext/standard/yescrypt/yescrypt-config.c
return NULL;
}

/* PHP change: code to parse the settings extracted from yescrypt_r */
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this something that would make sense to upstream?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The question is if the split will be kept.

There is the weird limitation now that you can't pass NUL bytes into the yescrypt password_hash() implementation. This happens because under the hood this uses crypt(), and when system crypt() is used instead of PHP crypt() it cannot deal with the NUL byte. To be consistent with system crypt I implemented rejecting NUL bytes. However, if we always make use of bundled yescrypt instead of relaying to system crypt's yescrypt, then we no longer have the NUL byte limitation; and then we also don't need to split the yescrypt code in a common and config part.
This would need to be discussed on the ML though.

@nielsdos nielsdos force-pushed the yescrypt branch 2 times, most recently from 5ca25c2 to 1584a36 Compare November 9, 2024 11:02
@rjd22
Copy link

rjd22 commented Mar 24, 2025

@nielsdos thank you for your work! This would be incredibly useful for control panel projects like HestiaCP and ISPConfig that for now have to hack their way around this.

Is there any way I can help out get this in php-src?

@remicollet
Copy link
Member

remicollet commented Mar 25, 2025
edited
Loading

@rjd22 notice that yescript hash is available when using system libxcrypt

$ php -n -r 'var_dump(crypt("test", "\$y\$j9T\$salt"));'
string(55) "$y$j9T$salt$a9CZafQyDF042zUCgPAhoF7Zd5phBweZqIIw6SMCTh."

And for password_hashing, using the xpass extension (libxcrypt bindings) without having to bundle new algo in PHP.

@bukka
Copy link
Member

bukka commented Mar 29, 2025

I really don't like more deps for standard extension. I think the whole crypt stuff should move to the separate extension. See #17093 for more context.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TimWolla TimWolla TimWolla left review comments

@kocsismate kocsismate Awaiting requested review from kocsismate kocsismate will be requested when the pull request is marked ready for review kocsismate is a code owner

@bukka bukka Awaiting requested review from bukka bukka will be requested when the pull request is marked ready for review bukka is a code owner

Assignees
No one assigned
Labels
ABI break Category: Build System Extension: standard
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

password_hash()/password_verify() functions should support yescrypt
5 participants
@nielsdos @rjd22 @remicollet @bukka @TimWolla