12003099846

Committed 23 Aug 2024 08:22PM UTC coverage: 100.0%. Remained the same

Build # 12003099846

Build Type

push

github

Committed by

natanfelles

Commit Message

Upgrade coding standard

Run Details

132 of 132 relevant lines covered (100.0%)

1.85 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

100.0

/src/Password.php

<?php declare(strict_types=1);
/*
 * This file is part of Aplus Framework Crypto Library.
 *
 * (c) Natan Felles <natanfelles@gmail.com>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */
namespace Framework\Crypto;

use InvalidArgumentException;
use SensitiveParameter;
use SodiumException;

/**
 * Class Password.
 *
 * @package crypto
 */
class Password
{
    /**
     * Used to set operations or memory limit as interactive.
     * It enables the use of 2 CPU operations or 64 MB RAM.
     */
    public const int LIMIT_INTERACTIVE = 0;
    /**
     * Used to set operations or memory limit as moderate.
     * It enables the use of 3 CPU operations or 256 MB RAM.
     */
    public const int LIMIT_MODERATE = 1;
    /**
     * Used to set operations or memory limit as sensitive.
     * It enables the use of 4 CPU operations or 1 GB RAM.
     */
    public const int LIMIT_SENSITIVE = 2;
    protected static int $opsLimit = Password::LIMIT_INTERACTIVE;
    protected static int $memLimit = Password::LIMIT_INTERACTIVE;

    /**
     * Makes a password hash.
     *
     * @param string $password
     * @param int|null $opslimit A Password constant or null to use the default
     * set for opslimit
     * @param int|null $memlimit A Password constant or null to use the default
     * set for memlimit. Typically, it should be paired with the opslimit value
     *
     * @see Password::LIMIT_INTERACTIVE
     * @see Password::LIMIT_MODERATE
     * @see Password::LIMIT_SENSITIVE
     *
     * @throws SodiumException
     *
     * @return string
     */
    public static function hash(
        #[SensitiveParameter]
        string $password,
        ?int $opslimit = null,
        ?int $memlimit = null
    ) : string {
        $opslimit ??= static::getOpsLimit();
        $memlimit ??= static::getMemLimit();
        return \sodium_crypto_pwhash_str(
            $password,
            static::getSodiumOpsLimit($opslimit),
            static::getSodiumMemLimit($memlimit)
        );
    }

    /**
     * Checks if a hash needs to be rehashed based on the ops and mem limits.
     *
     * @param string $hash
     * @param int|null $opslimit A Password constant or null to use the default
     * set for opslimit
     * @param int|null $memlimit A Password constant or null to use the default
     * set for memlimit
     *
     * @return bool
     */
    public static function needsRehash(
        #[SensitiveParameter]
        string $hash,
        ?int $opslimit = null,
        ?int $memlimit = null
    ) : bool {
        $opslimit ??= static::getOpsLimit();
        $memlimit ??= static::getMemLimit();
        return \sodium_crypto_pwhash_str_needs_rehash(
            $hash,
            static::getSodiumOpsLimit($opslimit),
            static::getSodiumMemLimit($memlimit)
        );
    }

    /**
     * Verifies a password against a hash.
     *
     * @param string $password
     * @param string $hash
     *
     * @throws SodiumException
     *
     * @return bool
     */
    public static function verify(
        #[SensitiveParameter]
        string $password,
        #[SensitiveParameter]
        string $hash
    ) : bool {
        return \sodium_crypto_pwhash_str_verify($hash, $password);
    }

    /**
     * Sets the default Password operations limit.
     *
     * @param int $opsLimit A Password constant value
     *
     * @see Password::LIMIT_INTERACTIVE
     * @see Password::LIMIT_MODERATE
     * @see Password::LIMIT_SENSITIVE
     */
    public static function setOpsLimit(int $opsLimit) : void
    {
        static::$opsLimit = $opsLimit;
    }

    /**
     * Gets the default Password operations limit constant value.
     *
     * @return int
     */
    public static function getOpsLimit() : int
    {
        return static::$opsLimit;
    }

    /**
     * Sets the default Password memory limit.
     *
     * @param int $memLimit A Password constant value. Typically, it should be
     * paired with the opslimit value
     *
     * @see Password::LIMIT_INTERACTIVE
     * @see Password::LIMIT_MODERATE
     * @see Password::LIMIT_SENSITIVE
     */
    public static function setMemLimit(int $memLimit) : void
    {
        static::$memLimit = $memLimit;
    }

    /**
     * Gets the default Password memory limit constant value.
     *
     * @return int
     */
    public static function getMemLimit() : int
    {
        return static::$memLimit;
    }

    /**
     * Gets an appropriate sodium operations limit value from a Password constant.
     *
     * @param int $constant
     *
     * @throws InvalidArgumentException if constant value is invalid
     *
     * @return int
     */
    protected static function getSodiumOpsLimit(int $constant) : int
    {
        return match ($constant) {
            static::LIMIT_INTERACTIVE => \SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
            static::LIMIT_MODERATE => \SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE,
            static::LIMIT_SENSITIVE => \SODIUM_CRYPTO_PWHASH_OPSLIMIT_SENSITIVE,
            default => throw new InvalidArgumentException(
                'Invalid opslimit value: ' . $constant
            )
        };
    }

    /**
     * Gets an appropriate sodium memory limit value from a Password constant.
     *
     * @param int $constant
     *
     * @throws InvalidArgumentException if constant value is invalid
     *
     * @return int
     */
    protected static function getSodiumMemLimit(int $constant) : int
    {
        return match ($constant) {
            static::LIMIT_INTERACTIVE => \SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE,
            static::LIMIT_MODERATE => \SODIUM_CRYPTO_PWHASH_MEMLIMIT_MODERATE,
            static::LIMIT_SENSITIVE => \SODIUM_CRYPTO_PWHASH_MEMLIMIT_SENSITIVE,
            default => throw new InvalidArgumentException(
                'Invalid memlimit value: ' . $constant
            )
        };
    }
}

1	<?php declare(strict_types=1);
2	/*
3	* This file is part of Aplus Framework Crypto Library.
4	*
5	* (c) Natan Felles <natanfelles@gmail.com>
6	*
7	* For the full copyright and license information, please view the LICENSE
8	* file that was distributed with this source code.
9	*/
10	namespace Framework\Crypto;
11
12	use InvalidArgumentException;
13	use SensitiveParameter;
14	use SodiumException;
15
16	/**
17	* Class Password.
18	*
19	* @package crypto
20	*/
21	class Password
22	{
23	/**
24	* Used to set operations or memory limit as interactive.
25	* It enables the use of 2 CPU operations or 64 MB RAM.
26	*/
27	public const int LIMIT_INTERACTIVE = 0;
28	/**
29	* Used to set operations or memory limit as moderate.
30	* It enables the use of 3 CPU operations or 256 MB RAM.
31	*/
32	public const int LIMIT_MODERATE = 1;
33	/**
34	* Used to set operations or memory limit as sensitive.
35	* It enables the use of 4 CPU operations or 1 GB RAM.
36	*/
37	public const int LIMIT_SENSITIVE = 2;
38	protected static int $opsLimit = Password::LIMIT_INTERACTIVE;
39	protected static int $memLimit = Password::LIMIT_INTERACTIVE;
40
41	/**
42	* Makes a password hash.
43	*
44	* @param string $password
45	* @param int\|null $opslimit A Password constant or null to use the default
46	* set for opslimit
47	* @param int\|null $memlimit A Password constant or null to use the default
48	* set for memlimit. Typically, it should be paired with the opslimit value
49	*
50	* @see Password::LIMIT_INTERACTIVE
51	* @see Password::LIMIT_MODERATE
52	* @see Password::LIMIT_SENSITIVE
53	*
54	* @throws SodiumException
55	*
56	* @return string
57	*/
58	public static function hash(
59	#[SensitiveParameter]
60	string $password,
61	?int $opslimit = null,
62	?int $memlimit = null
63	) : string {
64	$opslimit ??= static::getOpsLimit();	3✔
65	$memlimit ??= static::getMemLimit();	3✔
66	return \sodium_crypto_pwhash_str(	3✔
67	$password,	3✔
68	static::getSodiumOpsLimit($opslimit),	3✔
69	static::getSodiumMemLimit($memlimit)	3✔
70	);	3✔
71	}
72
73	/**
74	* Checks if a hash needs to be rehashed based on the ops and mem limits.
75	*
76	* @param string $hash
77	* @param int\|null $opslimit A Password constant or null to use the default
78	* set for opslimit
79	* @param int\|null $memlimit A Password constant or null to use the default
80	* set for memlimit
81	*
82	* @return bool
83	*/
84	public static function needsRehash(
85	#[SensitiveParameter]
86	string $hash,
87	?int $opslimit = null,
88	?int $memlimit = null
89	) : bool {
90	$opslimit ??= static::getOpsLimit();	1✔
91	$memlimit ??= static::getMemLimit();	1✔
92	return \sodium_crypto_pwhash_str_needs_rehash(	1✔
93	$hash,	1✔
94	static::getSodiumOpsLimit($opslimit),	1✔
95	static::getSodiumMemLimit($memlimit)	1✔
96	);	1✔
97	}
98
99	/**
100	* Verifies a password against a hash.
101	*
102	* @param string $password
103	* @param string $hash
104	*
105	* @throws SodiumException
106	*
107	* @return bool
108	*/
109	public static function verify(
110	#[SensitiveParameter]
111	string $password,
112	#[SensitiveParameter]
113	string $hash
114	) : bool {
115	return \sodium_crypto_pwhash_str_verify($hash, $password);	1✔
116	}
117
118	/**
119	* Sets the default Password operations limit.
120	*
121	* @param int $opsLimit A Password constant value
122	*
123	* @see Password::LIMIT_INTERACTIVE
124	* @see Password::LIMIT_MODERATE
125	* @see Password::LIMIT_SENSITIVE
126	*/
127	public static function setOpsLimit(int $opsLimit) : void
128	{
129	static::$opsLimit = $opsLimit;	1✔
130	}
131
132	/**
133	* Gets the default Password operations limit constant value.
134	*
135	* @return int
136	*/
137	public static function getOpsLimit() : int
138	{
139	return static::$opsLimit;	4✔
140	}
141
142	/**
143	* Sets the default Password memory limit.
144	*
145	* @param int $memLimit A Password constant value. Typically, it should be
146	* paired with the opslimit value
147	*
148	* @see Password::LIMIT_INTERACTIVE
149	* @see Password::LIMIT_MODERATE
150	* @see Password::LIMIT_SENSITIVE
151	*/
152	public static function setMemLimit(int $memLimit) : void
153	{
154	static::$memLimit = $memLimit;	1✔
155	}
156
157	/**
158	* Gets the default Password memory limit constant value.
159	*
160	* @return int
161	*/
162	public static function getMemLimit() : int
163	{
164	return static::$memLimit;	4✔
165	}
166
167	/**
168	* Gets an appropriate sodium operations limit value from a Password constant.
169	*
170	* @param int $constant
171	*
172	* @throws InvalidArgumentException if constant value is invalid
173	*
174	* @return int
175	*/
176	protected static function getSodiumOpsLimit(int $constant) : int
177	{
178	return match ($constant) {
179	static::LIMIT_INTERACTIVE => \SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,	4✔
180	static::LIMIT_MODERATE => \SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE,	2✔
181	static::LIMIT_SENSITIVE => \SODIUM_CRYPTO_PWHASH_OPSLIMIT_SENSITIVE,	1✔
182	default => throw new InvalidArgumentException(	4✔
183	'Invalid opslimit value: ' . $constant	4✔
184	)	4✔
185	};
186	}
187
188	/**
189	* Gets an appropriate sodium memory limit value from a Password constant.
190	*
191	* @param int $constant
192	*
193	* @throws InvalidArgumentException if constant value is invalid
194	*
195	* @return int
196	*/
197	protected static function getSodiumMemLimit(int $constant) : int
198	{
199	return match ($constant) {
200	static::LIMIT_INTERACTIVE => \SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE,	4✔
201	static::LIMIT_MODERATE => \SODIUM_CRYPTO_PWHASH_MEMLIMIT_MODERATE,	1✔
202	static::LIMIT_SENSITIVE => \SODIUM_CRYPTO_PWHASH_MEMLIMIT_SENSITIVE,	1✔
203	default => throw new InvalidArgumentException(	4✔
204	'Invalid memlimit value: ' . $constant	4✔
205	)	4✔
206	};
207	}
208	}

aplus-framework / crypto / 12003099846

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous