Welcome to Centmin Mod Community
Register Now

Beta Branch update PHP 7.2 libzip, libsodium & argon2 route

Discussion in 'Centmin Mod Github Commits' started by eva2000, Mar 17, 2018.

  1. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    8:41 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    update PHP 7.2 libzip, libsodium & argon2 route

    - For Centmin Mod 123.09beta01 and newer branches, fix PHP 7.2 compiles for libzip + libsodium + argon2 support Beta Branch - Update PHP 7.2. add argon2 password & libsodium support
    - Support is disabled by default as PHP uses embedded libzip zip version. To enable libsodium and argon2 you need to use a newer version of libzip zip library. So to enable set in persistent config file /etc/centminmod/custom_config.inc the variable PHP_LIBZIP='y' and then recompile PHP 7.2 version i.e. 7.2.3 or newer via centmin.sh menu option 5

    Continue reading...

    123.09beta01 branch
     
    • Like Like x 2
  2. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    8:41 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    argon2i support in PHP 7.2.3 with libsodium support for argon2i and argon2id. PHP argon2id native support comes in PHP 7.3+
    Code (Text):
    php -r 'print_r(get_defined_constants());' | grep -i argon
        [PASSWORD_ARGON2I] => 2
        [PASSWORD_ARGON2_DEFAULT_MEMORY_COST] => 1024
        [PASSWORD_ARGON2_DEFAULT_TIME_COST] => 2
        [PASSWORD_ARGON2_DEFAULT_THREADS] => 2
        [SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13] => 1
        [SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13] => 2
        [SODIUM_CRYPTO_PWHASH_STRPREFIX] => $argon2id$
    


    Code (Text):
    checking for Argon2 support... yes
    checking for Argon2 library... found in /usr/local
    checking for argon2_hash in -largon2... yes
    checking for argon2id_hash_raw in -largon2... yes
    

    Code (Text):
    php --ri sodium
    sodium
    
    sodium support => enabled
    libsodium headers version => 1.0.16
    libsodium library version => 1.0.16

    Code (Text):
    php --ri zip
    zip
    
    Zip => enabled
    Zip version => 1.15.2
    Libzip headers version => 1.5.0
    Libzip library version => 1.5.0
    

    Code (Text):
    ldd $(which php) | grep zip
            libzip.so.5 => /usr/local/lib64/libzip.so.5 (0x00007f586526e000)
    
     
  3. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    8:41 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    quick test of argon2i password hashes
    PHP:
    <?php
    $password 
    'test';
    $hash password_hash($passwordPASSWORD_ARGON2I);
    var_dump($hash);
    Code (Text):
    php -f test.php
    string(95) "$argon2i$v=19$m=1024,t=2,p=2$b0d2clhJNUJnWlMvNFg2Sg$U1oy5Kb2vQFAGvIg4bIBS3Eg16OZl9heMfMP4vXnbd0"

    outputted hash string contains 5 sub-string parts, separated by dollar $ sign
    Code (Text):
    php -f test.php 2>&1 | sed -e 's|\$|\n\$|g' -e 's|"$||' | sed -e '/string/d'
    $argon2i
    $v=19
    $m=1024,t=2,p=2
    $QUdRYlRvNm0uRGpxOG8vdA
    $kM5qScosnKsXePWpV8F0XcirKHhFj56WBtyjoGCe0RE
    

    1. first part is the algorithm name (argon2i)
    2. second is the Argon2i version
    3. third part is a list of algorithm parameters related to memory cost (in Kb), time cost, and threads to be used (parallelism).
    4. fourth parameter is the random salt value, encoded in Base64. This value is generated with bypassword_hash() using a random value for each execution. This is why there's different hash outputs for the same input string. The default size of the salt is 16 bytes.
    5. fifth and last parameter of the string contains the hash value, encoded in Base64. The hash size is 32 bytes.
     
  4. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    8:41 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    On June 8, 2018 updated 123.09beta01's PHP 7.2+ routine to fix up optional argon2 and libsodium PHP support when PHP_LIBZIP='y' is set (default is disabled for PHP 7.2) and also prep for PHP 7.3 alpha install support which natively assumes/requires/enables argon2/libsodium. So with PHP 7.3 detected, PHP_LIBZIP='y' is automatically enabled by Centmin Mod centmin.sh menu option 5 php update/compile routine.

    Code (Text):
    PHP 7.2.6 (cli) (built: Jun  7 2018 21:39:14) ( NTS )
    Copyright (c) 1997-2018 The PHP Group
    Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
        with Zend OPcache v7.2.6, Copyright (c) 1999-2018, by Zend Technologies

    Code (Text):
    php -r 'print_r(get_defined_constants());' | grep -i argon
        [PASSWORD_ARGON2I] => 2
        [PASSWORD_ARGON2_DEFAULT_MEMORY_COST] => 1024
        [PASSWORD_ARGON2_DEFAULT_TIME_COST] => 2
        [PASSWORD_ARGON2_DEFAULT_THREADS] => 2
        [SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13] => 1
        [SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13] => 2
        [SODIUM_CRYPTO_PWHASH_STRPREFIX] => $argon2id$
    

    Code (Text):
    php --ri sodium
    
    sodium
    
    sodium support => enabled
    libsodium headers version => 1.0.16
    libsodium library version => 1.0.16
    

    Code (Text):
    php -m
    [PHP Modules]
    bcmath
    bz2
    calendar
    Core
    ctype
    curl
    date
    dom
    enchant
    exif
    filter
    ftp
    gd
    geoip
    gettext
    gmp
    hash
    iconv
    igbinary
    imagick
    imap
    intl
    json
    ldap
    libxml
    mailparse
    mbstring
    mcrypt
    mysqli
    mysqlnd
    openssl
    pcntl
    pcre
    PDO
    pdo_mysql
    pdo_sqlite
    Phar
    posix
    pspell
    readline
    redis
    Reflection
    session
    shmop
    SimpleXML
    snmp
    soap
    sockets
    sodium
    SPL
    sqlite3
    standard
    sysvmsg
    sysvsem
    sysvshm
    tidy
    tokenizer
    xml
    xmlreader
    xmlrpc
    xmlwriter
    xsl
    Zend OPcache
    zip
    zlib
    
    [Zend Modules]
    Zend OPcache
    
     
..