Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Made message signing in Cryptography use SHA512 as the message content for... #1

Closed
netkas wants to merge 421 commits from master into dev
pull from: master
merge into: Nosial:dev
Conversation 3 Commits 421 Files changed 226 +18 -7
1 changed files with 18 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 5196ac2486 - Show all commits

25
src/Socialbox/Classes/Cryptography.php
View file

@ -9,9 +9,9 @@
class Cryptography
{
private const KEY_TYPE_ENCRYPTION = 'enc:';
private const KEY_TYPE_SIGNING = 'sig:';
private const BASE64_VARIANT = SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING;
private const string KEY_TYPE_ENCRYPTION = 'enc:';
private const string KEY_TYPE_SIGNING = 'sig:';
private const int BASE64_VARIANT = SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING;
/**
* Generates a new encryption key pair consisting of a public key and a secret key.
@ -654,16 +654,27 @@
/**
* Hashes a password securely using a memory-hard, CPU-intensive hashing algorithm.
*
* @param string $sha512 The SHA-512 hash of the password to be hashed.
* @param string $password The password in plaintext to be hashed, if $hash is false this should be a SHA-512 hash.
* @param bool $hash True to hash the password, false to use the provided SHA-512 hash directly which is validated.
* @return string The hashed password in a secure format.
* @throws CryptographyException If password hashing fails.
*/
public static function hashPassword(string $sha512): string
public static function hashPassword(string $password, bool $hash=true): string
{
if(!self::validateSha512($sha512))
if(empty($password))
{
throw new CryptographyException("Empty password provided");
}
if($hash === false && !self::validateSha512($password))
{
throw new CryptographyException("Invalid SHA-512 hash provided");
}
if($hash)
{
$sha512 = hash('sha512', $password);
}
try
{
@ -709,7 +720,7 @@
/**
* Verifies a password against a stored hash.
*
* @param string $sha512 The password to be verified.
* @param string $sha512 The sha512 password to be verified.
* @param string $hash The stored password hash to be compared against.
* @return bool True if the password matches the hash; false otherwise.
* @throws CryptographyException If the password verification process fails.