From 7e7fa77a2ec084c6720d0ce7e8fef5868786899a Mon Sep 17 00:00:00 2001
From: Sara Golemon <pollita@php.net>
Date: Wed, 27 Mar 2019 00:07:34 -0400
Subject: [PATCH] Validate interoperability between libsodium and libargon for
 argon2i(d) hashing

---
 .../tests/php_password_hash_argon2i.phpt      | 112 ++++++++++++++++++
 .../tests/php_password_hash_argon2id.phpt     | 112 ++++++++++++++++++
 ext/sodium/tests/php_password_verify.phpt     |  67 +++++++++++
 3 files changed, 291 insertions(+)
 create mode 100644 ext/sodium/tests/php_password_hash_argon2i.phpt
 create mode 100644 ext/sodium/tests/php_password_hash_argon2id.phpt
 create mode 100644 ext/sodium/tests/php_password_verify.phpt

diff --git a/ext/sodium/tests/php_password_hash_argon2i.phpt b/ext/sodium/tests/php_password_hash_argon2i.phpt
new file mode 100644
index 0000000000..b20b6de440
--- /dev/null
+++ b/ext/sodium/tests/php_password_hash_argon2i.phpt
@@ -0,0 +1,112 @@
+--TEST--
+Test interoperability of password_hash('argon2i')
+--SKIPIF--
+<?php
+if (!function_exits('sodium_crypto_pwhash_str_verify')) {
+  echo "skip - No crypto_pwhash_str_verify";
+}
+if (!in_array('argon2i', password_algos(), true /* strict */)) {
+  echo "skip - No argon2i support in password_hash()";
+}
+--FILE--
+<?php
+
+foreach([1, 2, 4] as $mem) {
+  foreach([1, 2, 4] as $time) {
+    foreach([1, 2, 4] as $threads) {
+      $opts = [
+        'memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST * $mem,
+        'time_cost'   => PASSWORD_ARGON2_DEFAULT_TIME_COST * $time,
+        'threads'     => PASSWORD_ARGON2_DEFAULT_THREADS * $threads,
+      ];
+      $password = random_bytes(32);
+      echo "Using password: ";
+      var_dump(base64_encode($password));
+      $hash = password_hash($password, 'argon2i', $opts);
+      echo "Hash: "; var_dump($hash);
+      var_dump(sodium_crypto_pwhash_str_verify($hash, $password));
+    }
+  }
+}
+--EXPECTF--
+Using password: string(44) "%s"
+Hash: string(95) "$argon2i$v=19$m=1024,t=3,p=2$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(95) "$argon2i$v=19$m=1024,t=3,p=4$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(95) "$argon2i$v=19$m=1024,t=3,p=8$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(95) "$argon2i$v=19$m=1024,t=6,p=2$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(95) "$argon2i$v=19$m=1024,t=6,p=4$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(95) "$argon2i$v=19$m=1024,t=6,p=8$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2i$v=19$m=1024,t=12,p=2$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2i$v=19$m=1024,t=12,p=4$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2i$v=19$m=1024,t=12,p=8$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(95) "$argon2i$v=19$m=2048,t=3,p=2$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(95) "$argon2i$v=19$m=2048,t=3,p=4$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(95) "$argon2i$v=19$m=2048,t=3,p=8$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(95) "$argon2i$v=19$m=2048,t=6,p=2$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(95) "$argon2i$v=19$m=2048,t=6,p=4$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(95) "$argon2i$v=19$m=2048,t=6,p=8$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2i$v=19$m=2048,t=12,p=2$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2i$v=19$m=2048,t=12,p=4$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2i$v=19$m=2048,t=12,p=8$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(95) "$argon2i$v=19$m=4096,t=3,p=2$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(95) "$argon2i$v=19$m=4096,t=3,p=4$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(95) "$argon2i$v=19$m=4096,t=3,p=8$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(95) "$argon2i$v=19$m=4096,t=6,p=2$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(95) "$argon2i$v=19$m=4096,t=6,p=4$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(95) "$argon2i$v=19$m=4096,t=6,p=8$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2i$v=19$m=4096,t=12,p=2$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2i$v=19$m=4096,t=12,p=4$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2i$v=19$m=4096,t=12,p=8$%s"
+bool(true)
diff --git a/ext/sodium/tests/php_password_hash_argon2id.phpt b/ext/sodium/tests/php_password_hash_argon2id.phpt
new file mode 100644
index 0000000000..17f23e96b9
--- /dev/null
+++ b/ext/sodium/tests/php_password_hash_argon2id.phpt
@@ -0,0 +1,112 @@
+--TEST--
+Test interoperability of password_hash('argon2id')
+--SKIPIF--
+<?php
+if (!function_exits('sodium_crypto_pwhash_str_verify')) {
+  echo "skip - No crypto_pwhash_str_verify";
+}
+if (!in_array('argon2id', password_algos(), true /* strict */)) {
+  echo "skip - No argon2id support in password_hash()";
+}
+--FILE--
+<?php
+
+foreach([1, 2, 4] as $mem) {
+  foreach([1, 2, 4] as $time) {
+    foreach([1, 2, 4] as $threads) {
+      $opts = [
+        'memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST * $mem,
+        'time_cost'   => PASSWORD_ARGON2_DEFAULT_TIME_COST * $time,
+        'threads'     => PASSWORD_ARGON2_DEFAULT_THREADS * $threads,
+      ];
+      $password = random_bytes(32);
+      echo "Using password: ";
+      var_dump(base64_encode($password));
+      $hash = password_hash($password, 'argon2id', $opts);
+      echo "Hash: "; var_dump($hash);
+      var_dump(sodium_crypto_pwhash_str_verify($hash, $password));
+    }
+  }
+}
+--EXPECTF--
+Using password: string(44) "%s"
+Hash: string(96) "$argon2id$v=19$m=1024,t=3,p=2$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2id$v=19$m=1024,t=3,p=4$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2id$v=19$m=1024,t=3,p=8$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2id$v=19$m=1024,t=6,p=2$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2id$v=19$m=1024,t=6,p=4$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2id$v=19$m=1024,t=6,p=8$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(97) "$argon2id$v=19$m=1024,t=12,p=2$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(97) "$argon2id$v=19$m=1024,t=12,p=4$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(97) "$argon2id$v=19$m=1024,t=12,p=8$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2id$v=19$m=2048,t=3,p=2$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2id$v=19$m=2048,t=3,p=4$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2id$v=19$m=2048,t=3,p=8$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2id$v=19$m=2048,t=6,p=2$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2id$v=19$m=2048,t=6,p=4$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2id$v=19$m=2048,t=6,p=8$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(97) "$argon2id$v=19$m=2048,t=12,p=2$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(97) "$argon2id$v=19$m=2048,t=12,p=4$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(97) "$argon2id$v=19$m=2048,t=12,p=8$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2id$v=19$m=4096,t=3,p=2$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2id$v=19$m=4096,t=3,p=4$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2id$v=19$m=4096,t=3,p=8$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2id$v=19$m=4096,t=6,p=2$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2id$v=19$m=4096,t=6,p=4$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(96) "$argon2id$v=19$m=4096,t=6,p=8$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(97) "$argon2id$v=19$m=4096,t=12,p=2$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(97) "$argon2id$v=19$m=4096,t=12,p=4$%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(97) "$argon2id$v=19$m=4096,t=12,p=8$%s"
+bool(true)
diff --git a/ext/sodium/tests/php_password_verify.phpt b/ext/sodium/tests/php_password_verify.phpt
new file mode 100644
index 0000000000..791db664f5
--- /dev/null
+++ b/ext/sodium/tests/php_password_verify.phpt
@@ -0,0 +1,67 @@
+--TEST--
+Test interoperability of password_verify()
+--SKIPIF--
+<?php
+if (!function_exits('sodium_crypto_pwhash_str')) {
+  echo "skip - No crypto_pwhash_str_verify";
+}
+
+// Depending on library version, libsodium may provide argon2i or argon2id hashes.
+$hash = sodium_crypto_pwhash_str("test", SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE);
+list(, $algo) = explode('$', $hash, 3);
+
+if (!in_array($algo, password_algos(), true /* strict */)) {
+ echo "skip - No $algo support in password_verify()";
+}
+--FILE--
+<?php
+
+$opsSet = [
+  SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
+  SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE,
+  SODIUM_CRYPTO_PWHASH_OPSLIMIT_SENSITIVE,
+];
+$memSet = [
+  SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE,
+  SODIUM_CRYPTO_PWHASH_MEMLIMIT_MODERATE,
+  SODIUM_CRYPTO_PWHASH_MEMLIMIT_SENSITIVE,
+];
+
+foreach($opsSet as $ops) {
+  foreach($memSet as $mem) {
+    $password = random_bytes(32);
+    echo "Using password: ";
+    var_dump(base64_encode($password));
+    $hash = sodium_crypto_pwhash_str($password, $ops, $mem);
+    echo "Hash: "; var_dump($hash);
+    var_dump(password_verify($password, $hash));
+  }
+}
+--EXPECTF--
+Using password: string(44) "%s"
+Hash: string(%d) "$argon2i%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(%d) "$argon2i%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(%d) "$argon2i%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(%d) "$argon2i%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(%d) "$argon2i%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(%d) "$argon2i%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(%d) "$argon2i%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(%d) "$argon2i%s"
+bool(true)
+Using password: string(44) "%s"
+Hash: string(%d) "$argon2i%s"
+bool(true)
-- 
2.40.0