ext/sodium/tests/php_password_verify.phpt


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

--TEST--
Test interoperability of password_verify()
--SKIPIF--
<?php
if (!function_exists('sodium_crypto_pwhash_str')) {
  echo "skip - No crypto_pwhash_str_verify";
}

// Depending on library version, libsodium may provide argon2i or argon2id hashes.
$hash = sodium_crypto_pwhash_str("test", SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE);
list(, $algo) = explode('$', $hash, 3);

if (!in_array($algo, password_algos(), true /* strict */)) {
 echo "skip - No $algo support in password_verify()";
}
--FILE--
<?php

$opsSet = [
  SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
  SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE,
  SODIUM_CRYPTO_PWHASH_OPSLIMIT_SENSITIVE,
];
$memSet = [
  SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE,
  SODIUM_CRYPTO_PWHASH_MEMLIMIT_MODERATE,
  SODIUM_CRYPTO_PWHASH_MEMLIMIT_SENSITIVE,
];

echo 'Argon2 provider: ';
var_dump(PASSWORD_ARGON2_PROVIDER);

foreach($opsSet as $ops) {
  foreach($memSet as $mem) {
    $password = random_bytes(32);
    echo "Using password: ";
    var_dump(base64_encode($password));
    $hash = sodium_crypto_pwhash_str($password, $ops, $mem);
    echo "Hash: "; var_dump($hash);
    var_dump(password_verify($password, $hash));

    // And verify that incorrect passwords fail.
    $password[0] = chr(ord($password[0]) ^ 1);
    var_dump(password_verify($password, $hash));
  }
}
--EXPECTF--
Argon2 provider: string(%d) "%s"
Using password: string(44) "%s"
Hash: string(97) "$argon2id$v=19$m=65536,t=2,p=1$%s$%s"
bool(true)
bool(false)
Using password: string(44) "%s"
Hash: string(98) "$argon2id$v=19$m=262144,t=2,p=1$%s$%s"
bool(true)
bool(false)
Using password: string(44) "%s"
Hash: string(99) "$argon2id$v=19$m=1048576,t=2,p=1$%s$%s"
bool(true)
bool(false)
Using password: string(44) "%s"
Hash: string(97) "$argon2id$v=19$m=65536,t=3,p=1$%s$%s"
bool(true)
bool(false)
Using password: string(44) "%s"
Hash: string(98) "$argon2id$v=19$m=262144,t=3,p=1$%s$%s"
bool(true)
bool(false)
Using password: string(44) "%s"
Hash: string(99) "$argon2id$v=19$m=1048576,t=3,p=1$%s$%s"
bool(true)
bool(false)
Using password: string(44) "%s"
Hash: string(97) "$argon2id$v=19$m=65536,t=4,p=1$%s$%s"
bool(true)
bool(false)
Using password: string(44) "%s"
Hash: string(98) "$argon2id$v=19$m=262144,t=4,p=1$%s$%s"
bool(true)
bool(false)
Using password: string(44) "%s"
Hash: string(99) "$argon2id$v=19$m=1048576,t=4,p=1$%s$%s"
bool(true)
bool(false)