|
public static deriveEncryptionKeyPair ( |
||
| $password | ||
| $salt | string | |
| $level | string | Security level for KDF |
| return | ||
public static function deriveEncryptionKeyPair(HiddenString $password, string $salt, string $level = self::INTERACTIVE) : EncryptionKeyPair
{
$kdfLimits = self::getSecurityLevels($level);
// VERSION 2+ (argon2)
if (Util::safeStrlen($salt) !== \Sodium\CRYPTO_PWHASH_SALTBYTES) {
throw new CryptoException\InvalidSalt('Expected ' . \Sodium\CRYPTO_PWHASH_SALTBYTES . ' bytes, got ' . Util::safeStrlen($salt));
}
// Diffie Hellman key exchange key pair
$seed = \Sodium\crypto_pwhash(\Sodium\CRYPTO_BOX_SEEDBYTES, $password->getString(), $salt, $kdfLimits[0], $kdfLimits[1]);
$keyPair = \Sodium\crypto_box_seed_keypair($seed);
$secretKey = \Sodium\crypto_box_secretkey($keyPair);
// Let's wipe our $kp variable
\Sodium\memzero($keyPair);
return new EncryptionKeyPair(new EncryptionSecretKey(new HiddenString($secretKey)));
} public function testLegacyEncKeyStorage()
{
$enc_keypair = KeyFactory::deriveEncryptionKeyPair('apple', "\t\n\v\f\r" . "
", true);
$enc_secret = $enc_keypair->getSecretKey();
$enc_public = $enc_keypair->getPublicKey();
$file_secret = \tempnam(__DIR__ . '/tmp', 'key');
$file_public = \tempnam(__DIR__ . '/tmp', 'key');
$this->assertTrue(KeyFactory::save($enc_secret, $file_secret) !== false);
$this->assertTrue(KeyFactory::save($enc_public, $file_public) !== false);
$load_public = KeyFactory::loadEncryptionPublicKey($file_public);
$this->assertTrue($load_public instanceof EncryptionPublicKey);
$this->assertTrue(\hash_equals($enc_public->getRawKeyMaterial(), $load_public->getRawKeyMaterial()));
\unlink($file_secret);
\unlink($file_public);
}
