public static deriveEncryptionKey ( |
||
$password | ||
$salt | string | |
$level | string | Security level for KDF |
return | EncryptionKey |
public static function deriveEncryptionKey(HiddenString $password, string $salt, string $level = self::INTERACTIVE) : EncryptionKey
{
$kdfLimits = self::getSecurityLevels($level);
// VERSION 2+ (argon2)
if (Util::safeStrlen($salt) !== \Sodium\CRYPTO_PWHASH_SALTBYTES) {
throw new CryptoException\InvalidSalt('Expected ' . \Sodium\CRYPTO_PWHASH_SALTBYTES . ' bytes, got ' . Util::safeStrlen($salt));
}
$secretKey = \Sodium\crypto_pwhash(\Sodium\CRYPTO_STREAM_KEYBYTES, $password->getString(), $salt, $kdfLimits[0], $kdfLimits[1]);
return new EncryptionKey(new HiddenString($secretKey));
}
public function testLegacyDerive() { $key = KeyFactory::deriveEncryptionKey('apple', "\t\n\v\f\r" . "", true); $this->assertEquals($key->getRawKeyMaterial(), "6�¹je\r��~^X��" . "63�u��7�B�TX-", true); $salt = \Sodium\hex2bin('762ce4cabd543065172236de1027536ad52ec4c9133ced3766ff319f10301888'); // Issue #10 $enc_secret = KeyFactory::deriveEncryptionKey('correct horse battery staple', $salt, Key::ENCRYPTION | Key::SECRET_KEY); $this->assertTrue($enc_secret->isEncryptionKey()); }