#21022 Switch to using bcrypt for hashing passwords

src/wp-includes/class-wp-application-passwords.php

@@ -60,6 +60,7 @@ public static function is_in_use() {
 	 *
 	 * @since 5.6.0
 	 * @since 5.7.0 Returns WP_Error if application name already exists.
+	 * @since x.y.z The hashed password value now uses wp_fast_hash() instead of phpass.
 	 *
 	 * @param int   $user_id  User ID.
 	 * @param array $args     {
@@ -95,7 +96,7 @@ public static function create_new_application_password( $user_id, $args = array(
 		}
 
 		$new_password    = wp_generate_password( static::PW_LENGTH, false );
-		$hashed_password = wp_hash_password( $new_password );
+		$hashed_password = self::hash_password( $new_password );
 
 		$new_item = array(
 			'uuid'      => wp_generate_uuid4(),
@@ -124,6 +125,7 @@ public static function create_new_application_password( $user_id, $args = array(
 		 * Fires when an application password is created.
 		 *
 		 * @since 5.6.0
+		 * @since x.y.z @since x.y.z The hashed password value now uses wp_fast_hash() instead of phpass.
 		 *
 		 * @param int    $user_id      The user ID.
 		 * @param array  $new_item     {
@@ -249,7 +251,7 @@ public static function application_name_exists_for_user( $user_id, $name ) {
 	 * Updates an application password.
 	 *
 	 * @since 5.6.0
-	 * @since x.y.z The actual password should now be hashed using bcrypt instead of phpass. See wp_hash_password().
+	 * @since x.y.z The actual password should now be hashed using wp_fast_hash().
 	 *
 	 * @param int    $user_id User ID.
 	 * @param string $uuid    The password's UUID.
@@ -302,7 +304,7 @@ public static function update_application_password( $user_id, $uuid, $update = a
 			 * Fires when an application password is updated.
 			 *
 			 * @since 5.6.0
-			 * @since x.y.z The password is now hashed using bcrypt instead of phpass.
+			 * @since x.y.z The password is now hashed using wp_fast_hash() instead of phpass.
 			 *              Existing passwords may still be hashed using phpass.
 			 *
 			 * @param int   $user_id The user ID.
@@ -472,4 +474,45 @@ public static function chunk_password( $raw_password ) {
 
 		return trim( chunk_split( $raw_password, 4, ' ' ) );
 	}
+
+	/**
+	 * Hashes a plaintext application password.
+	 *
+	 * @since x.y.z
+	 *
+	 * @param string $password Plaintext password.
+	 * @return string Hashed password.
+	 */
+	public static function hash_password( string $password ): string {
+		return wp_fast_hash( $password );
+	}
+
+	/**
+	 * Checks a plaintext application password against a hashed password.
+	 *
+	 * @since x.y.z
+	 *
+	 * @param string     $password Plaintext password.
+	 * @param string     $hash     Hash of the password to check against.
+	 * @return bool Whether the password matches the hashed password.
+	 */
+	public static function check_password( string $password, string $hash ): bool {
+		return wp_verify_fast_hash( $password, $hash );
+	}
+
+	/**
+	 * Checks whether a password hash needs to be rehashed.
+	 *
+	 * A password hashed in a prior version of WordPress may still be hashed with phpass and will
+	 * need to be rehashed. If the algorithm is changed in WordPress then a password hashed in a
+	 * previous version will need to be rehashed.
+	 *
+	 * @since x.y.z
+	 *
+	 * @param string $hash Hash of a password to check.
+	 * @return bool Whether the hash needs to be rehashed.
+	 */
+	public static function password_needs_rehash( string $hash ): bool {
+		return ! str_starts_with( $hash, '$generic$' );
+	}
 }

src/wp-includes/class-wp-recovery-mode-key-service.php

@@ -37,22 +37,18 @@ public function generate_recovery_mode_token() {
 	 * Creates a recovery mode key.
 	 *
 	 * @since 5.2.0
-	 * @since x.y.z The stored key is now hashed using SHA-256 instead of phpass.
+	 * @since x.y.z The stored key is now hashed using wp_fast_hash() instead of phpass.
 	 *
 	 * @param string $token A token generated by {@see generate_recovery_mode_token()}.
 	 * @return string Recovery mode key.
 	 */
 	public function generate_and_store_recovery_mode_key( $token ) {
 		$key = wp_generate_password( 22, false );
 
-		// If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
-		$algo   = function_exists( 'hash' ) ? 'sha256' : 'sha1';
-		$hashed = wp_hash( $key, 'auth', $algo );
-
 		$records = $this->get_keys();
 
 		$records[ $token ] = array(
-			'hashed_key' => $hashed,
+			'hashed_key' => wp_fast_hash( $key ),
 			'created_at' => time(),
 		);
 
@@ -98,11 +94,7 @@ public function validate_recovery_mode_key( $token, $key, $ttl ) {
 			return new WP_Error( 'invalid_recovery_key_format', __( 'Invalid recovery key format.' ) );
 		}
 
-		// If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
-		$algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
-
-		// @TODO check `wp_hash()` is always available when this is called
-		if ( ! hash_equals( $record['hashed_key'], wp_hash( $key, 'auth', $algo ) ) ) {
+		if ( ! wp_verify_fast_hash( $key, $record['hashed_key'] ) ) {
 			return new WP_Error( 'hash_mismatch', __( 'Invalid recovery key.' ) );
 		}
 
@@ -157,7 +149,7 @@ private function remove_key( $token ) {
 	 * Gets the recovery key records.
 	 *
 	 * @since 5.2.0
-	 * @since x.y.z Each key is now hashed using SHA-256 instead of phpass.
+	 * @since x.y.z Each key is now hashed using wp_fast_hash() instead of phpass.
 	 *              Existing keys may still be hashed using phpass.
 	 *
 	 * @return array {
@@ -180,7 +172,7 @@ private function get_keys() {
 	 * Updates the recovery key records.
 	 *
 	 * @since 5.2.0
-	 * @since x.y.z Each key should now be hashed using SHA-256 instead of phpass.
+	 * @since x.y.z Each key should now be hashed using wp_fast_hash() instead of phpass.
 	 *
 	 * @param array $keys {
 	 *     Associative array of token => data pairs, where the data is an associative

src/wp-includes/class-wp-user-request.php

@@ -92,7 +92,7 @@ final class WP_User_Request {
 	 * Key used to confirm this request.
 	 *
 	 * @since 4.9.6
-	 * @since x.y.z The key is now hashed using SHA-256 instead of phpass.
+	 * @since x.y.z The key is now hashed using wp_fast_hash() instead of phpass.
 	 *
 	 * @var string
 	 */

src/wp-includes/functions.php

@@ -9085,3 +9085,52 @@ function wp_is_heic_image_mime_type( $mime_type ) {
 
 	return in_array( $mime_type, $heic_mime_types, true );
 }
+
+/**
+ * Returns a cryptographically secure hash of a message using a fast generic hash function.
+ *
+ * This function does not salt the value prior to being hashed, therefore input to this function should be generated
+ * with sufficiently high entropy if the data is sensitive, preferably greater than 128 bits. This function is used
+ * internally in WordPress to hash security keys and application passwords which are generated with high entropy.
+ *
+ * This function must not be used for hashing user-generated passwords. Use wp_hash_password() for that.
+ *
+ * Use the wp_verify_fast_hash() function to verify the hash.
+ *
+ * The BLAKE2b algorithm is used by Sodium to hash the message.
+ *
+ * @since x.y.z
+ *
+ * @throws TypeError Thrown by Sodium if the message is not a string.
+ *
+ * @param string $message The message to hash.
+ * @return string The hash of the message.
+ */
+function wp_fast_hash( string $message ): string {
+	return '$generic$' . sodium_bin2hex( sodium_crypto_generichash( $message ) );
+}
+
+/**
+ * Checks whether a plaintext message matches the hashed value. Used to verify values hashed via wp_fast_hash().
+ *
+ * The function uses Sodium to hash the message and compare it to the hashed value. If the hash is not a generic hash,
+ * the hash is treated as a phpass portable hash in order to provide backward compatibility for application passwords
+ * which were hashed using phpass prior to WordPress x.y.z.
+ *
+ * @since x.y.z
+ *
+ * @throws TypeError Thrown by Sodium if the message is not a string.
+ *
+ * @param string $message The plaintext message.
+ * @param string $hash    Hash of the message to check against.
+ * @return bool Whether the message matches the hashed message.
+ */
+function wp_verify_fast_hash( string $message, string $hash ): bool {
+	if ( ! str_starts_with( $hash, '$generic$' ) ) {
+		// Back-compat for old phpass hashes.
+		require_once ABSPATH . WPINC . '/class-phpass.php';
+		return ( new PasswordHash( 8, true ) )->CheckPassword( $message, $hash );
+	}
+
+	return hash_equals( substr( $hash, 9 ), wp_fast_hash( $message ) );
+}

src/wp-includes/pluggable.php

@@ -2698,9 +2698,9 @@ function wp_hash_password( $password ) {
 	/**
 	 * Checks a plaintext password against a hashed password.
 	 *
-	 * Note that this function is used to check more than just user passwords, for
-	 * example it's also used to check application passwords and post passwords.
-	 * There is not always a user ID associated with the password.
+	 * Note that this function is used to check more than just user passwords, for example
+	 * it's also used to check post passwords and may be used by plugins to check other
+	 * types of password. There is not always a user ID associated with the password.
 	 *
 	 * For integration with other applications, this function can be overwritten to
 	 * instead use the other package password hashing algorithm.
@@ -2753,8 +2753,7 @@ function wp_check_password( $password, $hash, $user_id = '' ) {
 		} elseif ( str_starts_with( $hash, '$P$' ) ) {
 			// Check the password using phpass.
 			require_once ABSPATH . WPINC . '/class-phpass.php';
-			$hasher = new PasswordHash( 8, true );
-			$check  = $hasher->CheckPassword( $password, $hash );
+			$check = ( new PasswordHash( 8, true ) )->CheckPassword( $password, $hash );
 		} else {
 			// Check the password using compat support for any non-prefixed hash.
 			$check = password_verify( $password, $hash );

src/wp-includes/user.php

@@ -437,17 +437,10 @@ function wp_authenticate_application_password( $input_user, $username, $password
 	$hashed_passwords = WP_Application_Passwords::get_user_application_passwords( $user->ID );
 
 	foreach ( $hashed_passwords as $key => $item ) {
-		$valid = wp_check_password( $password, $item['password'], $user->ID );
-
-		if ( ! $valid ) {
+		if ( ! WP_Application_Passwords::check_password( $password, $item['password'] ) ) {
 			continue;
 		}
 
-		if ( wp_password_needs_rehash( $item['password'] ) ) {
-			$item['password'] = wp_hash_password( $password );
-			WP_Application_Passwords::update_application_password( $user->ID, $item['uuid'], $item );
-		}
-
 		$error = new WP_Error();
 
 		/**
@@ -2996,8 +2989,7 @@ function get_password_reset_key( $user ) {
 	 */
 	do_action( 'retrieve_password_key', $user->user_login, $key );
 
-	$algo   = function_exists( 'hash' ) ? 'sha256' : 'sha1';
-	$hashed = time() . ':' . wp_hash( $key, 'auth', $algo );
+	$hashed = time() . ':' . wp_fast_hash( $key );
 
 	$key_saved = wp_update_user(
 		array(
@@ -3065,16 +3057,7 @@ function check_password_reset_key( $key, $login ) {
 		return new WP_Error( 'invalid_key', __( 'Invalid key.' ) );
 	}
 
-	if ( str_starts_with( $pass_key, '$P$B' ) ) {
-		// Back-compat for old phpass hashes.
-		require_once ABSPATH . WPINC . '/class-phpass.php';
-
-		$hash_is_correct = ( new PasswordHash( 8, true ) )->CheckPassword( $key, $pass_key );
-	} else {
-		$algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
-
-		$hash_is_correct = hash_equals( $pass_key, wp_hash( $key, 'auth', $algo ) );
-	}
+	$hash_is_correct = wp_verify_fast_hash( $key, $pass_key );
 
 	if ( $hash_is_correct && $expiration_time && time() < $expiration_time ) {
 		return $user;
@@ -4894,14 +4877,12 @@ function wp_generate_user_request_key( $request_id ) {
 	// Generate something random for a confirmation key.
 	$key = wp_generate_password( 20, false );
 
-	$algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
-
 	// Save the key, hashed.
 	wp_update_post(
 		array(
 			'ID'            => $request_id,
 			'post_status'   => 'request-pending',
-			'post_password' => wp_hash( $key, 'auth', $algo ),
+			'post_password' => wp_fast_hash( $key ),
 		)
 	);
 
@@ -4945,16 +4926,7 @@ function wp_validate_user_request_key( $request_id, $key ) {
 	$expiration_duration = (int) apply_filters( 'user_request_key_expiration', DAY_IN_SECONDS );
 	$expiration_time     = $key_request_time + $expiration_duration;
 
-	$algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
-
-	if ( str_starts_with( $saved_key, '$P$B' ) ) {
-		// Back-compat for old phpass hashes.
-		require_once ABSPATH . WPINC . '/class-phpass.php';
-
-		if ( ! ( new PasswordHash( 8, true ) )->CheckPassword( $key, $saved_key ) ) {
-			return new WP_Error( 'invalid_key', __( 'The confirmation key is invalid for this personal data request.' ) );
-		}
-	} elseif ( ! hash_equals( $saved_key, wp_hash( $key, 'auth', $algo ) ) ) {
+	if ( ! wp_verify_fast_hash( $key, $saved_key ) ) {
 		return new WP_Error( 'invalid_key', __( 'The confirmation key is invalid for this personal data request.' ) );
 	}
 

tests/phpunit/tests/auth.php

@@ -718,7 +718,7 @@ public function test_user_activation_key_is_checked() {
 		$wpdb->update(
 			$wpdb->users,
 			array(
-				'user_activation_key' => strtotime( '-1 hour' ) . ':' . wp_hash( $key, 'auth', 'sha256' ),
+				'user_activation_key' => strtotime( '-1 hour' ) . ':' . wp_fast_hash( $key ),
 			),
 			array(
 				'ID' => $this->user->ID,
@@ -756,7 +756,7 @@ public function test_expired_user_activation_key_is_rejected() {
 		$wpdb->update(
 			$wpdb->users,
 			array(
-				'user_activation_key' => strtotime( '-48 hours' ) . ':' . wp_hash( $key, 'auth', 'sha256' ),
+				'user_activation_key' => strtotime( '-48 hours' ) . ':' . wp_fast_hash( $key ),
 			),
 			array(
 				'ID' => $this->user->ID,
@@ -1027,42 +1027,22 @@ public function test_user_activation_key_after_successful_login() {
 	 * @ticket 21022
 	 * @ticket 50027
 	 */
-	public function test_phpass_password_is_rehashed_after_successful_application_password_authentication() {
+	public function test_phpass_application_password_is_accepted() {
 		add_filter( 'application_password_is_api_request', '__return_true' );
 		add_filter( 'wp_is_application_passwords_available', '__return_true' );
 
-		$password  = 'password';
-		$user_pass = get_userdata( self::$user_id )->user_pass;
+		$password = 'password';
 
 		// Set an application password with the old phpass algorithm.
 		$uuid = self::set_application_password_with_phpass( $password, self::$user_id );
 
-		// Verify that the application password needs rehashing.
-		$hash = WP_Application_Passwords::get_user_application_password( self::$user_id, $uuid )['password'];
-		$this->assertTrue( wp_password_needs_rehash( $hash ) );
-
 		// Authenticate.
 		$user = wp_authenticate_application_password( null, self::USER_LOGIN, $password );
 
 		// Verify that the phpass hash for the application password was valid.
 		$this->assertNotWPError( $user );
 		$this->assertInstanceOf( 'WP_User', $user );
 		$this->assertSame( self::$user_id, $user->ID );
-
-		// Verify that the application password no longer needs rehashing.
-		$hash = WP_Application_Passwords::get_user_application_password( self::$user_id, $uuid )['password'];
-		$this->assertFalse( wp_password_needs_rehash( $hash ) );
-
-		// Verify that the user's password has not been touched.
-		$this->assertSame( $user_pass, get_userdata( self::$user_id )->user_pass );
-
-		// Authenticate a second time to ensure the new hash is valid.
-		$user = wp_authenticate_application_password( null, self::USER_LOGIN, $password );
-
-		// Verify that the bcrypt hashed application password is valid.
-		$this->assertNotWPError( $user );
-		$this->assertInstanceOf( 'WP_User', $user );
-		$this->assertSame( self::$user_id, $user->ID );
 	}
 
 	/**