Add SSHA512 for dovecot auth

postfixadmin · Jan 21, 2022 · ac547e9 · ac547e9
1 parent e4c8581
commit ac547e9
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -15,6 +15,7 @@ Currently:
 
  * SHA1, SHA1.HEX, SHA1.B64
  * SSHA
+ * SSHA512
  * BLF-CRYPT, BLF-CRYPT.B64
  * SHA512-CRYPT, SHA512-CRYPT.B64
  * ARGON2I, ARGON2I.B64

diff --git a/src/Crypt.php b/src/Crypt.php
@@ -16,6 +16,7 @@ class Crypt
         'COURIER:SHA256', // same as SHA256
         'SHA1', 'SHA1.HEX', 'SHA1.B64',
         'SSHA',
+        'SSHA512',
         'BLF-CRYPT', 'BLF-CRYPT.B64',
         'SHA512-CRYPT', 'SHA512-CRYPT.B64',
         'ARGON2I',
@@ -82,6 +83,9 @@ public function crypt(string $clearText, string $passwordHash = null): string
             case 'COURIER:SSHA':
                 return $this->hashSha1Salted($clearText, $passwordHash);
 
+            case 'SSHA512':
+                return $this->hashSha512Salted($clearText, $passwordHash);
+
             case 'SHA256':
             case 'COURIER:SHA256':
                 return $this->hashSha256($clearText);
@@ -165,6 +169,16 @@ public function hashSha1Salted(string $clearText, string $hash = null): string
         return '{SSHA}' . base64_encode(sha1($clearText . $salt, true) . $salt);
     }
 
+    public function hashSha512Salted(string $clearText, string $hash = null): string
+    {
+        if (empty($hash)) {
+            $salt = base64_encode(random_bytes(16));
+        } else {
+            $salt = substr(base64_decode(substr($hash, 9)), 64);
+        }
+        return '{SSHA512}' . base64_encode(hash('sha512', $clearText . $salt, true) . $salt);
+    }
+
     public function hashSha512(string $clearText, string $algorithm = 'SHA512')
     {
         $prefix = '{SHA512}';