From 5e8c327896f49082a14ebb087a0cd8683669e695 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E3=83=86=E3=82=AF=E3=83=8B=E3=82=AB=E3=83=AB=E8=AB=8F?=
 =?UTF-8?q?=E8=A8=AA=E5=AD=90?= <renraku@076.ne.jp>
Date: Wed, 30 Mar 2022 19:13:22 +0900
Subject: [PATCH] =?UTF-8?q?=E3=83=91=E3=82=B9=E3=83=AF=E3=83=BC=E3=83=89?=
 =?UTF-8?q?=E3=83=8F=E3=83=83=E3=82=B7=E3=83=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config.sample.php  |  3 +++
 helper/hash.php    | 29 +++++++++++++++++++++++++++++
 src/hash/index.php |  9 +++++++++
 ui/hash/index.php  | 13 +++++++++++++
 4 files changed, 54 insertions(+)
 create mode 100644 src/hash/index.php
 create mode 100644 ui/hash/index.php

diff --git a/config.sample.php b/config.sample.php
index c97c004..807b803 100644
--- a/config.sample.php
+++ b/config.sample.php
@@ -13,4 +13,7 @@
   // CURL
   define('API_URI', '');
   define('API_AUTH', null);
+
+  // ハッシュ
+  define('PASSWD_PEPPER', ''); // オススメ：pwgen -ycnB1 40
 ?>
diff --git a/helper/hash.php b/helper/hash.php
index acb6c35..1a80d93 100644
--- a/helper/hash.php
+++ b/helper/hash.php
@@ -1,2 +1,31 @@
 <?php
+  require_once('../config.php');
+
+  function tokengen (int $bytes=24): string {
+    return bin2hex(random_bytes($bytes));
+  }
+
+  function setpasswd (string $password): string {
+    $millisec = 0.05;
+    $cost = 8;
+
+    do {
+      $cost++;
+      $start = microtime(true);
+      password_hash('kero', PASSWORD_ARGON2ID, ['cost' => $cost]);
+      $end = microtime(true);
+    } while (($end - $start) < $millisec);
+
+    $addpepper = hash_hmac('sha256', $password, PASSWD_PEPPER);
+    $addmd5 = md5($addpepper);
+
+    return password_hash($addmd5, PASSWORD_ARGON2ID, ['cost' => $cost]);
+  }
+
+  function verifypasswd (string $raw, string $crypt): bool {
+    $addpepper = hash_hmac('sha256', $raw, PASSWD_PEPPER);
+    $addmd5 = md5($addpepper);
+
+    return password_verify($addmd5, $crypt);
+  }
 ?>
diff --git a/src/hash/index.php b/src/hash/index.php
new file mode 100644
index 0000000..d78daa2
--- /dev/null
+++ b/src/hash/index.php
@@ -0,0 +1,9 @@
+<?php
+  $title = 'パスワード創作';
+  $siteurl  .= '/hash';
+  $childview = '../ui/hash/index.php';
+
+  if (isset($_POST['password'])) {
+    $setpasswd = setpasswd($_POST['password']);
+  }
+?>
diff --git a/ui/hash/index.php b/ui/hash/index.php
new file mode 100644
index 0000000..1ce488d
--- /dev/null
+++ b/ui/hash/index.php
@@ -0,0 +1,13 @@
+「mysecurepassword」をお入り下さい。<br />
+Please enter "mysecurepassword".<br />
+<form method="POST" action="/hash">
+  <input type="password" name="password" />
+  <input type="submit" value="送信" />
+</form>
+
+<?php
+  if (isset($_POST['password'])) {
+    echo '創作したパスワード（plaintext→sha256+pepper→md5→Argon2id）： '.$setpasswd.'<br />';
+    echo 'ポスワードは「mysecurepassword」ですか？：'.(verifypasswd('mysecurepassword', $setpasswd) ? 'はい' : 'いいえ');
+  }
+?>