| public static getSecurityLevels ( string $level = self::INTERACTIVE ) : array | ||
| $level | string | |
| return | array | |
public static function getSecurityLevels(string $level = self::INTERACTIVE) : array
{
switch ($level) {
case self::INTERACTIVE:
return [\Sodium\CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, \Sodium\CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE];
case self::MODERATE:
return [\Sodium\CRYPTO_PWHASH_OPSLIMIT_MODERATE, \Sodium\CRYPTO_PWHASH_MEMLIMIT_MODERATE];
case self::SENSITIVE:
return [\Sodium\CRYPTO_PWHASH_OPSLIMIT_SENSITIVE, \Sodium\CRYPTO_PWHASH_MEMLIMIT_SENSITIVE];
default:
throw new CryptoException\InvalidType('Invalid security level for Argon2i');
}
} /**
* Hash then encrypt a password
*
* @param HiddenString $password The user's password
* @param EncryptionKey $secretKey The master key for all passwords
* @param string $level The security level for this password
* @return string An encrypted hash to store
*/
public static function hash(HiddenString $password, EncryptionKey $secretKey, string $level = KeyFactory::INTERACTIVE) : string
{
$kdfLimits = KeyFactory::getSecurityLevels($level);
// First, let's calculate the hash
$hashed = \Sodium\crypto_pwhash_str($password->getString(), $kdfLimits[0], $kdfLimits[1]);
// Now let's encrypt the result
return Crypto::encrypt(new HiddenString($hashed), $secretKey);
}
