Draft support for bcrypt password hashes

b3102f13 · Mic Kaczmarczik · 629d527d · b3102f13 · b3102f13 · b3102f13
Commit b3102f13 authored Mar 06, 2018 by Mic Kaczmarczik
--- a/src/bin/upgrade_sympa_password.pl.in
+++ b/src/bin/upgrade_sympa_password.pl.in
@@ -42,7 +42,9 @@ die 'Error in configuration'
 my $sdm = Sympa::DatabaseManager->instance
    or die 'Can\'t connect to database';

-print "Recoding password using MD5 fingerprint.\n";
+my $password_hash = Conf::get_robot_conf('*', 'password_hash');
+
+print "Recoding password using $password_hash fingerprint.\n";

 my $sth = $sdm->do_query(q{SELECT email_user, password_user from user_table});
 unless ($sth) {
@@ -51,6 +53,7 @@ unless ($sth) {

 my $total     = 0;
 my $total_md5 = 0;
+my $total_bcrypt = 0;

 while (my $user = $sth->fetchrow_hashref('NAME_lc')) {
    my $clear_password;
@@ -67,6 +70,13 @@ while (my $user = $sth->fetchrow_hashref('NAME_lc')) {
        next;
    }

+    if ($user->{'password_user'} =~ /^\$2a\$/) {
+        printf "Password from %s already encoded as bcrypt fingerprint\n",
+            $user->{'email_user'};
+        $total_bcrypt++;
+        next;
+    }
+
    if ($user->{'password_user'} =~ /^crypt.(.*)$/) {
        $clear_password = Sympa::Tools::Password::decrypt_password(
            $user->{'password_user'});
@@ -82,7 +92,7 @@ while (my $user = $sth->fetchrow_hashref('NAME_lc')) {
            q{UPDATE user_table
              SET password_user = ?
              WHERE email_user = ?},
-            Sympa::User::password_fingerprint($clear_password),
+            Sympa::User::password_fingerprint($clear_password, ''),
            $user->{'email_user'}
        )
        ) {
@@ -92,15 +102,15 @@ while (my $user = $sth->fetchrow_hashref('NAME_lc')) {
 $sth->finish();

 printf
-    "Updating password storage in table user_table using md5 for %d users.\n",
+    "Updating password storage in table user_table using $password_hash hashes for %d users.\n",
    $total;
-if ($total_md5) {
+if ($total_md5 || $total_bcrypt) {
    printf
-        "Found in table user %d password stored using md5, did you run Sympa before upgrading ?\n",
-        $total_md5;
+        "Found in table user %d password stored using md5, %d using bcrypt. Did you run Sympa before upgrading ?\n",
+        $total_md5, $total_bcrypt;
 }

-printf "Total password re-encoded using md5: %d\n", $total;
+printf "Total passwords re-encoded using $password_hash: %d\n", $total;

 exit 0;

@@ -115,11 +125,13 @@ Upgrading password in database

 =head1 DESCRIPTION

-Version later than 5.4 uses MD5 hash instead of
+Versions later than 5.4 uses MD5 hash instead of
 symmetric encryption to store password.

-This require to rewrite password in database. This upgrade IS NOT
-REVERSIBLE.
+Versions later than 6.2.26 support bcrypt.
+
+This upgrade requires to rewriting user password entries in the database.
+This upgrade IS NOT REVERSIBLE.

 =head1 HISTORY

@@ -128,4 +140,6 @@ form by reversible RC4.

 Sympa 5.4 or later uses MD5 one-way hash function to encode user passwords.

+Sympa 6.2.26 or later has optional support for bcrypt.
+
 =cut
--- a/src/lib/Sympa/Auth.pm
+++ b/src/lib/Sympa/Auth.pm
@@ -147,7 +147,9 @@ sub authentication {
        ## the user passwords
        ## Other backends are Single Sign-On solutions
        if ($auth_service->{'auth_type'} eq 'user_table') {
-            my $fingerprint = Sympa::User::password_fingerprint($pwd);
+            # supply old password hash in case the hash uses a salt
+            my $fingerprint =
+                Sympa::User::password_fingerprint($pwd, $user->{'password'});

            if ($fingerprint eq $user->{'password'}) {
                Sympa::User::update_global_user($email,

--- a/src/lib/Sympa/ConfDef.pm
+++ b/src/lib/Sympa/ConfDef.pm
@@ -1639,6 +1639,22 @@ our @params = (
        'gettext_comment' =>
            "\"insensitive\" or \"sensitive\".\nIf set to \"insensitive\", WWSympa's password check will be insensitive. This only concerns passwords stored in the Sympa database, not the ones in LDAP.\nShould not be changed! May invalid all user password.",
    },
+    {   'name'       => 'password_hash',
+        'default'    => 'md5',
+        'gettext_id' => 'Password hashing algorithm',
+        'file'       => 'wwsympa.conf',
+        #vhost      => '1', # per-robot config is impossible.
+        'gettext_comment' =>
+            "\"md5\" or \"bcrypt\".\nIf set to \"md5\", Sympa will use MD5 password hashes. If set to \"bcrypt\", bcrypt hashes will be used instead. This only concerns passwords stored in the Sympa database, not the ones in LDAP.\nShould not be changed! May invalid all user passwords.",
+    },
+    {   'name'       => 'bcrypt_cost',
+        'default'    => '12',
+        'gettext_id' => 'Bcrypt hash cost',
+        'file'       => 'wwsympa.conf',
+        #vhost      => '1', # per-robot config is impossible.
+        'gettext_comment' =>
+            "When \"password_hash\" is set to \"bcrypt\", this sets the \"cost\" parameter of the bcrypt hash function. The default of 12 is expected to require approximately 250ms to calculate the password hash on a 3.2GHz CPU. This only concerns passwords stored in the Sympa database, not the ones in LDAP.\nCan be changed but any new cost setting will only apply to new passwords.",
+    },

    # One time ticket


--- a/src/lib/Sympa/DatabaseDescription.pm
+++ b/src/lib/Sympa/DatabaseDescription.pm
@@ -177,7 +177,7 @@ my %full_db_struct = (
                'order'  => 3,
            },
            'password_user' => {
-                'struct' => 'varchar(40)',
+                'struct' => 'varchar(64)',
                'doc'    => 'password are stored as finger print',
                'order'  => 2,
            },

--- a/src/lib/Sympa/User.pm
+++ b/src/lib/Sympa/User.pm
@@ -28,6 +28,7 @@ use strict;
 use warnings;
 use Carp qw();
 use Digest::MD5;
+BEGIN { eval 'use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64)'; }

 use Conf;
 use Sympa::DatabaseDescription;
@@ -292,17 +293,69 @@ Returns the password finger print.
 =cut

 # Old name: Sympa::Auth::password_fingerprint().
-# Note: This proc may allow future replacement of md5 by sha1 or ...
+#
+# Password fingerprint functions are stored in a table. Currently supported
+# algorithms are the default 'md5', and 'bcrypt'.
+#
+# If the algorithm uses a salt (e.g. bcrypt) and the second parameter $salt
+# is not provided, a random one will be generated.
+#
+
+my %fingerprint_hashes = (
+    # default is to use MD5, which does not use a salt
+    'md5' => sub {
+        my ($pwd, $salt) = @_;
+
+        # salt parameter is not used for MD5 hashes
+        return Digest::MD5::md5_hex($pwd);
+    },
+    # bcrypt uses a salt and has a configurable "cost" parameter
+    'bcrypt' => sub {
+        my ($pwd, $salt) = @_;
+
+        die "bcrypt support unavailable: install Crypt::Eksblowfish::Bcrypt"
+            unless $Crypt::Eksblowfish::Bcrypt::VERSION;
+
+        # A bcrypt-encrypted password contains the settings at the front.
+        # If this not look like a settings string, create one.
+        unless ($salt =~ m#\A\$2(a?)\$([0-9]{2})\$([./A-Za-z0-9]{22})#x) {
+            my $bcrypt_cost = Conf::get_robot_conf('*', 'bcrypt_cost');
+            my $cost = sprintf("%02d", 0 + $bcrypt_cost);
+	    my $newsalt = "";
+
+            for my $i (0..15) {
+                $newsalt .= chr(rand(256));
+            }
+            $newsalt = '$2a$' . $cost . '$' . en_base64($newsalt);
+            $log->syslog('debug', "bcrypt: create new salt: cost $cost salt \"$salt\" salt \"$newsalt\"");
+
+	    $salt = $newsalt;
+        }
+
+        my $fingerprint = bcrypt($pwd, $salt);
+        my $match = ($fingerprint eq $salt) ? "yes" : "no";
+
+        $log->syslog('debug', "bcrypt: match $match salt $salt fingerprint $fingerprint");
+
+        return $fingerprint;
+    }
+);
+
 sub password_fingerprint {

-    $log->syslog('debug', '');
+    my ($pwd, $salt) = @_;
+
+    $log->syslog('debug', "password_fingerprint: salt $salt");

-    my $pwd = shift;
    if (Conf::get_robot_conf('*', 'password_case') eq 'insensitive') {
-        return Digest::MD5::md5_hex(lc $pwd);
-    } else {
-        return Digest::MD5::md5_hex($pwd);
+        $pwd = lc($pwd);
    }
+
+    my $password_hash = Conf::get_robot_conf('*', 'password_hash');
+    die "password_fingerprint: unknown password_hash \"$password_hash\""
+        unless defined($fingerprint_hashes{$password_hash});
+
+    return $fingerprint_hashes{$password_hash}->($pwd, $salt);
 }

 ############################################################################
@@ -508,9 +561,10 @@ sub update_global_user {

    $who = Sympa::Tools::Text::canonic_email($who);

-    ## use md5 fingerprint to store password
+    ## use hash fingerprint to store password
+    ## hashes that use salts will randomly generate one
    $values->{'password'} =
-        Sympa::User::password_fingerprint($values->{'password'})
+        Sympa::User::password_fingerprint($values->{'password'},'')
        if ($values->{'password'});

    ## Canonicalize lang if possible.
@@ -587,9 +641,10 @@ sub add_global_user {

    my ($field, $value);

-    ## encrypt password
+    ## encrypt password with the configured password hash algorithm
+    ## an empty salt means generate a new random one
    $values->{'password'} =
-        Sympa::User::password_fingerprint($values->{'password'})
+        Sympa::User::password_fingerprint($values->{'password'},'')
        if ($values->{'password'});

    ## Canonicalize lang if possible