8075159324

Committed 16 Jan 2024 08:05PM UTC coverage: 100.0%. Remained the same

Build # 8075159324

Build Type

push

github

Committed by

natanfelles

Commit Message

Update issues link

Run Details

136 of 136 relevant lines covered (100.0%)

1.99 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

100.0

/src/Password.php

<?php declare(strict_types=1);
/*
 * This file is part of Aplus Framework Crypto Library.
 *
 * (c) Natan Felles <natanfelles@gmail.com>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */
namespace Framework\Crypto;

use InvalidArgumentException;
use SensitiveParameter;
use SodiumException;

/**
 * Class Password.
 *
 * @package crypto
 */
class Password
{
    /**
     * Used to set operations or memory limit as interactive.
     * It enables the use of 2 CPU operations or 64 MB RAM.
     *
     * @var int
     */
    public const LIMIT_INTERACTIVE = 0;
    /**
     * Used to set operations or memory limit as moderate.
     * It enables the use of 3 CPU operations or 256 MB RAM.
     *
     * @var int
     */
    public const LIMIT_MODERATE = 1;
    /**
     * Used to set operations or memory limit as sensitive.
     * It enables the use of 4 CPU operations or 1 GB RAM.
     *
     * @var int
     */
    public const LIMIT_SENSITIVE = 2;
    protected static int $opsLimit = Password::LIMIT_INTERACTIVE;
    protected static int $memLimit = Password::LIMIT_INTERACTIVE;

    /**
     * Makes a password hash.
     *
     * @param string $password
     * @param int|null $opslimit A Password constant or null to use the default
     * set for opslimit
     * @param int|null $memlimit A Password constant or null to use the default
     * set for memlimit. Typically, it should be paired with the opslimit value
     *
     * @see Password::LIMIT_INTERACTIVE
     * @see Password::LIMIT_MODERATE
     * @see Password::LIMIT_SENSITIVE
     *
     * @throws SodiumException
     *
     * @return string
     */
    public static function hash(
        #[SensitiveParameter]
        string $password,
        int $opslimit = null,
        int $memlimit = null
    ) : string {
        $opslimit ??= static::getOpsLimit();
        $memlimit ??= static::getMemLimit();
        return \sodium_crypto_pwhash_str(
            $password,
            static::getSodiumOpsLimit($opslimit),
            static::getSodiumMemLimit($memlimit)
        );
    }

    /**
     * Checks if a hash needs to be rehashed based on the ops and mem limits.
     *
     * @param string $hash
     * @param int|null $opslimit A Password constant or null to use the default
     * set for opslimit
     * @param int|null $memlimit A Password constant or null to use the default
     * set for memlimit
     *
     * @return bool
     */
    public static function needsRehash(
        #[SensitiveParameter]
        string $hash,
        int $opslimit = null,
        int $memlimit = null
    ) : bool {
        $opslimit ??= static::getOpsLimit();
        $memlimit ??= static::getMemLimit();
        return \sodium_crypto_pwhash_str_needs_rehash(
            $hash,
            static::getSodiumOpsLimit($opslimit),
            static::getSodiumMemLimit($memlimit)
        );
    }

    /**
     * Verifies a password against a hash.
     *
     * @param string $password
     * @param string $hash
     *
     * @throws SodiumException
     *
     * @return bool
     */
    public static function verify(
        #[SensitiveParameter]
        string $password,
        #[SensitiveParameter]
        string $hash
    ) : bool {
        return \sodium_crypto_pwhash_str_verify($hash, $password);
    }

    /**
     * Sets the default Password operations limit.
     *
     * @param int $opsLimit A Password constant value
     *
     * @see Password::LIMIT_INTERACTIVE
     * @see Password::LIMIT_MODERATE
     * @see Password::LIMIT_SENSITIVE
     */
    public static function setOpsLimit(int $opsLimit) : void
    {
        static::$opsLimit = $opsLimit;
    }

    /**
     * Gets the default Password operations limit constant value.
     *
     * @return int
     */
    public static function getOpsLimit() : int
    {
        return static::$opsLimit;
    }

    /**
     * Sets the default Password memory limit.
     *
     * @param int $memLimit A Password constant value. Typically, it should be
     * paired with the opslimit value
     *
     * @see Password::LIMIT_INTERACTIVE
     * @see Password::LIMIT_MODERATE
     * @see Password::LIMIT_SENSITIVE
     */
    public static function setMemLimit(int $memLimit) : void
    {
        static::$memLimit = $memLimit;
    }

    /**
     * Gets the default Password memory limit constant value.
     *
     * @return int
     */
    public static function getMemLimit() : int
    {
        return static::$memLimit;
    }

    /**
     * Gets an appropriate sodium operations limit value from a Password constant.
     *
     * @param int $constant
     *
     * @throws InvalidArgumentException if constant value is invalid
     *
     * @return int
     */
    protected static function getSodiumOpsLimit(int $constant) : int
    {
        return match ($constant) {
            static::LIMIT_INTERACTIVE => \SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
            static::LIMIT_MODERATE => \SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE,
            static::LIMIT_SENSITIVE => \SODIUM_CRYPTO_PWHASH_OPSLIMIT_SENSITIVE,
            default => throw new InvalidArgumentException(
                'Invalid opslimit value: ' . $constant
            )
        };
    }

    /**
     * Gets an appropriate sodium memory limit value from a Password constant.
     *
     * @param int $constant
     *
     * @throws InvalidArgumentException if constant value is invalid
     *
     * @return int
     */
    protected static function getSodiumMemLimit(int $constant) : int
    {
        return match ($constant) {
            static::LIMIT_INTERACTIVE => \SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE,
            static::LIMIT_MODERATE => \SODIUM_CRYPTO_PWHASH_MEMLIMIT_MODERATE,
            static::LIMIT_SENSITIVE => \SODIUM_CRYPTO_PWHASH_MEMLIMIT_SENSITIVE,
            default => throw new InvalidArgumentException(
                'Invalid memlimit value: ' . $constant
            )
        };
    }
}

1	<?php declare(strict_types=1);
2	/*
3	* This file is part of Aplus Framework Crypto Library.
4	*
5	* (c) Natan Felles <natanfelles@gmail.com>
6	*
7	* For the full copyright and license information, please view the LICENSE
8	* file that was distributed with this source code.
9	*/
10	namespace Framework\Crypto;
11
12	use InvalidArgumentException;
13	use SensitiveParameter;
14	use SodiumException;
15
16	/**
17	* Class Password.
18	*
19	* @package crypto
20	*/
21	class Password
22	{
23	/**
24	* Used to set operations or memory limit as interactive.
25	* It enables the use of 2 CPU operations or 64 MB RAM.
26	*
27	* @var int
28	*/
29	public const LIMIT_INTERACTIVE = 0;
30	/**
31	* Used to set operations or memory limit as moderate.
32	* It enables the use of 3 CPU operations or 256 MB RAM.
33	*
34	* @var int
35	*/
36	public const LIMIT_MODERATE = 1;
37	/**
38	* Used to set operations or memory limit as sensitive.
39	* It enables the use of 4 CPU operations or 1 GB RAM.
40	*
41	* @var int
42	*/
43	public const LIMIT_SENSITIVE = 2;
44	protected static int $opsLimit = Password::LIMIT_INTERACTIVE;
45	protected static int $memLimit = Password::LIMIT_INTERACTIVE;
46
47	/**
48	* Makes a password hash.
49	*
50	* @param string $password
51	* @param int\|null $opslimit A Password constant or null to use the default
52	* set for opslimit
53	* @param int\|null $memlimit A Password constant or null to use the default
54	* set for memlimit. Typically, it should be paired with the opslimit value
55	*
56	* @see Password::LIMIT_INTERACTIVE
57	* @see Password::LIMIT_MODERATE
58	* @see Password::LIMIT_SENSITIVE
59	*
60	* @throws SodiumException
61	*
62	* @return string
63	*/
64	public static function hash(
65	#[SensitiveParameter]
66	string $password,
67	int $opslimit = null,
68	int $memlimit = null
69	) : string {
70	$opslimit ??= static::getOpsLimit();	3✔
71	$memlimit ??= static::getMemLimit();	3✔
72	return \sodium_crypto_pwhash_str(	3✔
73	$password,	3✔
74	static::getSodiumOpsLimit($opslimit),	3✔
75	static::getSodiumMemLimit($memlimit)	3✔
76	);	3✔
77	}
78
79	/**
80	* Checks if a hash needs to be rehashed based on the ops and mem limits.
81	*
82	* @param string $hash
83	* @param int\|null $opslimit A Password constant or null to use the default
84	* set for opslimit
85	* @param int\|null $memlimit A Password constant or null to use the default
86	* set for memlimit
87	*
88	* @return bool
89	*/
90	public static function needsRehash(
91	#[SensitiveParameter]
92	string $hash,
93	int $opslimit = null,
94	int $memlimit = null
95	) : bool {
96	$opslimit ??= static::getOpsLimit();	1✔
97	$memlimit ??= static::getMemLimit();	1✔
98	return \sodium_crypto_pwhash_str_needs_rehash(	1✔
99	$hash,	1✔
100	static::getSodiumOpsLimit($opslimit),	1✔
101	static::getSodiumMemLimit($memlimit)	1✔
102	);	1✔
103	}
104
105	/**
106	* Verifies a password against a hash.
107	*
108	* @param string $password
109	* @param string $hash
110	*
111	* @throws SodiumException
112	*
113	* @return bool
114	*/
115	public static function verify(
116	#[SensitiveParameter]
117	string $password,
118	#[SensitiveParameter]
119	string $hash
120	) : bool {
121	return \sodium_crypto_pwhash_str_verify($hash, $password);	1✔
122	}
123
124	/**
125	* Sets the default Password operations limit.
126	*
127	* @param int $opsLimit A Password constant value
128	*
129	* @see Password::LIMIT_INTERACTIVE
130	* @see Password::LIMIT_MODERATE
131	* @see Password::LIMIT_SENSITIVE
132	*/
133	public static function setOpsLimit(int $opsLimit) : void
134	{
135	static::$opsLimit = $opsLimit;	1✔
136	}
137
138	/**
139	* Gets the default Password operations limit constant value.
140	*
141	* @return int
142	*/
143	public static function getOpsLimit() : int
144	{
145	return static::$opsLimit;	4✔
146	}
147
148	/**
149	* Sets the default Password memory limit.
150	*
151	* @param int $memLimit A Password constant value. Typically, it should be
152	* paired with the opslimit value
153	*
154	* @see Password::LIMIT_INTERACTIVE
155	* @see Password::LIMIT_MODERATE
156	* @see Password::LIMIT_SENSITIVE
157	*/
158	public static function setMemLimit(int $memLimit) : void
159	{
160	static::$memLimit = $memLimit;	1✔
161	}
162
163	/**
164	* Gets the default Password memory limit constant value.
165	*
166	* @return int
167	*/
168	public static function getMemLimit() : int
169	{
170	return static::$memLimit;	4✔
171	}
172
173	/**
174	* Gets an appropriate sodium operations limit value from a Password constant.
175	*
176	* @param int $constant
177	*
178	* @throws InvalidArgumentException if constant value is invalid
179	*
180	* @return int
181	*/
182	protected static function getSodiumOpsLimit(int $constant) : int
183	{
184	return match ($constant) {	4✔
185	static::LIMIT_INTERACTIVE => \SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,	4✔
186	static::LIMIT_MODERATE => \SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE,	4✔
187	static::LIMIT_SENSITIVE => \SODIUM_CRYPTO_PWHASH_OPSLIMIT_SENSITIVE,	4✔
188	default => throw new InvalidArgumentException(	4✔
189	'Invalid opslimit value: ' . $constant	4✔
190	)	4✔
191	};	4✔
192	}
193
194	/**
195	* Gets an appropriate sodium memory limit value from a Password constant.
196	*
197	* @param int $constant
198	*
199	* @throws InvalidArgumentException if constant value is invalid
200	*
201	* @return int
202	*/
203	protected static function getSodiumMemLimit(int $constant) : int
204	{
205	return match ($constant) {	4✔
206	static::LIMIT_INTERACTIVE => \SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE,	4✔
207	static::LIMIT_MODERATE => \SODIUM_CRYPTO_PWHASH_MEMLIMIT_MODERATE,	4✔
208	static::LIMIT_SENSITIVE => \SODIUM_CRYPTO_PWHASH_MEMLIMIT_SENSITIVE,	4✔
209	default => throw new InvalidArgumentException(	4✔
210	'Invalid memlimit value: ' . $constant	4✔
211	)	4✔
212	};	4✔
213	}
214	}

aplus-framework / crypto / 8075159324

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous