コード例 #1
0
ファイル: Key.php プロジェクト: CodyCodeman/halite
 /**
  * Derive an encryption key from a password and a salt
  * 
  * @param string $password
  * @param string $salt
  * @param int $type
  * @return array|\ParagonIE\Halite\Key
  * @throws CryptoException\InvalidFlags
  */
 public static function deriveFromPassword($password, $salt, $type = self::CRYPTO_SECRETBOX)
 {
     // Set this to true to flag a key as a signing key
     $signing = false;
     /**
      * Are we doing public key cryptography?
      */
     if (($type & self::ASYMMETRIC) !== 0) {
         /**
          * Are we doing encryption or digital signing?
          */
         if (($type & self::ENCRYPTION) !== 0) {
             $secret_key = \Sodium\crypto_pwhash_scryptsalsa208sha256(\Sodium\CRYPTO_BOX_SECRETKEYBYTES, $password, $salt, \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE, \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE);
             $public_key = \Sodium\crypto_box_publickey_from_secretkey($secret_key);
         } elseif (($type & self::SIGNATURE) !== 0) {
             // Digital signature keypair
             $signing = true;
             $seed = \Sodium\crypto_pwhash_scryptsalsa208sha256(\Sodium\CRYPTO_SIGN_SEEDBYTES, $password, $salt, \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE, \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE);
             $keypair = \Sodium\crypto_sign_seed_keypair($seed);
             $secret_key = \Sodium\crypto_sign_secretkey($keypair);
             $public_key = \Sodium\crypto_sign_publickey($keypair);
             \Sodium\memzero($keypair);
             \Sodium\memzero($seed);
         } else {
             throw new CryptoException\InvalidFlags('Must specify encryption or authentication');
         }
         // Let's return an array with two keys
         return [new ASecretKey($secret_key, $signing), new APublicKey($public_key, $signing)];
     } elseif ($type & self::SECRET_KEY !== 0) {
         /**
          * Are we doing encryption or authentication?
          */
         if ($type & self::SIGNATURE !== 0) {
             $signing = true;
             $secret_key = \Sodium\crypto_pwhash_scryptsalsa208sha256(\Sodium\CRYPTO_AUTH_KEYBYTES, $password, $salt, \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE, \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE);
         } else {
             $secret_key = \Sodium\crypto_pwhash_scryptsalsa208sha256(\Sodium\CRYPTO_SECRETBOX_KEYBYTES, $password, $salt, \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE, \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE);
         }
         return new SecretKey($secret_key, $signing);
     } else {
         throw new CryptoException\InvalidFlags('Must specify symmetric-key or asymmetric-key');
     }
 }
コード例 #2
0
ファイル: KeyFactory.php プロジェクト: TheFrozenFire/halite
 /**
  * Derive a key pair for public key signatures from a password and salt
  * 
  * @param type $secret_key
  * @return \ParagonIE\Halite\EncryptionKeyPair
  */
 public static function deriveSignatureKeyPair($password, $salt)
 {
     // Digital signature keypair
     $seed = \Sodium\crypto_pwhash_scryptsalsa208sha256(\Sodium\CRYPTO_SIGN_SEEDBYTES, $password, $salt, \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE, \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE);
     $keypair = \Sodium\crypto_sign_seed_keypair($seed);
     $secret_key = \Sodium\crypto_sign_secretkey($keypair);
     // Let's wipe our $kp variable
     \Sodium\memzero($keypair);
     return new SignatureKeyPair(new SignatureSecretKey($secret_key));
 }
コード例 #3
0
ファイル: KeyFactory.php プロジェクト: AndrewCarterUK/halite
 /**
  * Derive a key pair for public key signatures from a password and salt
  * 
  * @param string $password
  * @param string $salt
  * @param bool $legacy Use scrypt?
  *
  * @return SignatureKeyPair
  * @throws CryptoException\InvalidSalt
  */
 public static function deriveSignatureKeyPair(string $password, string $salt, bool $legacy = false) : SignatureKeyPair
 {
     if ($legacy) {
         if (CryptoUtil::safeStrlen($salt) !== \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES) {
             throw new CryptoException\InvalidSalt('Expected ' . \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES . ' bytes, got ' . CryptoUtil::safeStrlen($salt));
         }
         // Digital signature keypair
         $seed = \Sodium\crypto_pwhash_scryptsalsa208sha256(\Sodium\CRYPTO_SIGN_SEEDBYTES, $password, $salt, \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE, \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE);
     } else {
         if (CryptoUtil::safeStrlen($salt) !== \Sodium\CRYPTO_PWHASH_SALTBYTES) {
             throw new CryptoException\InvalidSalt('Expected ' . \Sodium\CRYPTO_PWHASH_SALTBYTES . ' bytes, got ' . CryptoUtil::safeStrlen($salt));
         }
         // Digital signature keypair
         $seed = \Sodium\crypto_pwhash(\Sodium\CRYPTO_SIGN_SEEDBYTES, $password, $salt, \Sodium\CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, \Sodium\CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE);
     }
     $keypair = \Sodium\crypto_sign_seed_keypair($seed);
     $secret_key = \Sodium\crypto_sign_secretkey($keypair);
     // Let's wipe our $kp variable
     \Sodium\memzero($keypair);
     return new SignatureKeyPair(new SignatureSecretKey($secret_key));
 }
コード例 #4
0
ファイル: KeyFactory.php プロジェクト: paragonie/halite
 /**
  * Derive a key pair for public key signatures from a password and salt
  * 
  * @param HiddenString $password
  * @param string $salt
  * @param string $level Security level for KDF
  *
  * @return SignatureKeyPair
  * @throws CryptoException\InvalidSalt
  */
 public static function deriveSignatureKeyPair(HiddenString $password, string $salt, string $level = self::INTERACTIVE) : SignatureKeyPair
 {
     $kdfLimits = self::getSecurityLevels($level);
     // VERSION 2+ (argon2)
     if (Util::safeStrlen($salt) !== \Sodium\CRYPTO_PWHASH_SALTBYTES) {
         throw new CryptoException\InvalidSalt('Expected ' . \Sodium\CRYPTO_PWHASH_SALTBYTES . ' bytes, got ' . Util::safeStrlen($salt));
     }
     // Digital signature keypair
     $seed = \Sodium\crypto_pwhash(\Sodium\CRYPTO_SIGN_SEEDBYTES, $password->getString(), $salt, $kdfLimits[0], $kdfLimits[1]);
     $keyPair = \Sodium\crypto_sign_seed_keypair($seed);
     $secretKey = \Sodium\crypto_sign_secretkey($keyPair);
     // Let's wipe our $kp variable
     \Sodium\memzero($keyPair);
     return new SignatureKeyPair(new SignatureSecretKey(new HiddenString($secretKey)));
 }