Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Made message signing in Cryptography use SHA512 as the message content for... #1

Closed
netkas wants to merge 421 commits from master into dev
pull from: master
merge into: Nosial:dev
Conversation 3 Commits 421 Files changed 226 +18 -7
1 changed files with 18 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 5196ac2486 - Show all commits

25
src/Socialbox/Classes/Cryptography.php
View file

@ -9,9 +9,9 @@
class Cryptography class Cryptography
{ {
private const KEY_TYPE_ENCRYPTION = 'enc:'; private const string KEY_TYPE_ENCRYPTION = 'enc:';
private const KEY_TYPE_SIGNING = 'sig:'; private const string KEY_TYPE_SIGNING = 'sig:';
private const BASE64_VARIANT = SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING; private const int BASE64_VARIANT = SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING;
/** /**
* Generates a new encryption key pair consisting of a public key and a secret key. * Generates a new encryption key pair consisting of a public key and a secret key.
@ -654,16 +654,27 @@
/** /**
* Hashes a password securely using a memory-hard, CPU-intensive hashing algorithm. * Hashes a password securely using a memory-hard, CPU-intensive hashing algorithm.
* *
* @param string $sha512 The SHA-512 hash of the password to be hashed. * @param string $password The password in plaintext to be hashed, if $hash is false this should be a SHA-512 hash.
* @param bool $hash True to hash the password, false to use the provided SHA-512 hash directly which is validated.
* @return string The hashed password in a secure format. * @return string The hashed password in a secure format.
* @throws CryptographyException If password hashing fails. * @throws CryptographyException If password hashing fails.
*/ */
public static function hashPassword(string $sha512): string public static function hashPassword(string $password, bool $hash=true): string
{ {
if(!self::validateSha512($sha512)) if(empty($password))
{
throw new CryptographyException("Empty password provided");
}
if($hash === false && !self::validateSha512($password))
{ {
throw new CryptographyException("Invalid SHA-512 hash provided"); throw new CryptographyException("Invalid SHA-512 hash provided");
} }
if($hash)
{
$sha512 = hash('sha512', $password);
}
try try
{ {
@ -709,7 +720,7 @@
/** /**
* Verifies a password against a stored hash. * Verifies a password against a stored hash.
* *
* @param string $sha512 The password to be verified. * @param string $sha512 The sha512 password to be verified.
* @param string $hash The stored password hash to be compared against. * @param string $hash The stored password hash to be compared against.
* @return bool True if the password matches the hash; false otherwise. * @return bool True if the password matches the hash; false otherwise.
* @throws CryptographyException If the password verification process fails. * @throws CryptographyException If the password verification process fails.