public function testEncrypt()
{
$key = new EncryptionKey(\str_repeat('A', 32));
$hash = Password::hash('test password', $key);
$this->assertTrue(is_string($hash));
$this->assertTrue(Password::verify('test password', $hash, $key));
$this->assertFalse(Password::verify('wrong password', $hash, $key));
}
public function testRehash()
{
$key = new EncryptionKey(new HiddenString(\str_repeat('A', 32)));
try {
// Sorry version 1, you get no love from us anymore.
$legacyHash = '3142010064c0c42347b248372d9605621bd6e56e6ace8d2c6f6a3cf3d1a37a40' . '3f031b5be025f00763a92ffb47281065419663e972b1a8faa08ae34bd9fdb35b2ca7727f41' . 'ca8edc75293d8f3bf12604ff4188d71473b605d48d1e378388465c6e4c733cae5f89802ebb' . '79ec6532b430a4799e545956113f116fa705e3ed2d7b17bb6dbf435f36a0f50dcb541adb82' . 'a83f6d01ae66b2f4d46540161ba6cc37dbd0e870aed8334cb71f8162a9e7e7974396bdb1bc' . '4da5099423820b870e39a3ffe5';
Password::needsRehash($legacyHash, $key);
} catch (\ParagonIE\Halite\Alerts\InvalidMessage $ex) {
$this->assertSame('Invalid version tag', $ex->getMessage());
}
try {
$legacyHash = '3142020164c0c42347b248372d9605621bd6e56e6ace8d2c6f6a3cf3d1a37a40' . '3f031b5be025f00763a92ffb47281065419663e972b1a8faa08ae34bd9fdb35b2ca7727f41' . 'ca8edc75293d8f3bf12604ff4188d71473b605d48d1e378388465c6e4c733cae5f89802ebb' . '79ec6532b430a4799e545956113f116fa705e3ed2d7b17bb6dbf435f36a0f50dcb541adb82' . 'a83f6d01ae66b2f4d46540161ba6cc37dbd0e870aed8334cb71f8162a9e7e7974396bdb1bc' . '4da5099423820b870e39a3ffe5';
Password::needsRehash($legacyHash, $key);
} catch (\ParagonIE\Halite\Alerts\InvalidMessage $ex) {
$this->assertSame('Invalid message authentication code', $ex->getMessage());
}
$hash = Password::hash(new HiddenString('test password'), $key);
$this->assertFalse(Password::needsRehash($hash, $key));
}
public function testRehash()
{
$key = new EncryptionKey(new HiddenString(\str_repeat('A', 32)));
try {
// Sorry version 1, you get no love from us anymore.
$legacyHash = '3142010064c0c42347b248372d9605621bd6e56e6ace8d2c6f6a3cf3d1a37a40' . '3f031b5be025f00763a92ffb47281065419663e972b1a8faa08ae34bd9fdb35b2ca7727f41' . 'ca8edc75293d8f3bf12604ff4188d71473b605d48d1e378388465c6e4c733cae5f89802ebb' . '79ec6532b430a4799e545956113f116fa705e3ed2d7b17bb6dbf435f36a0f50dcb541adb82' . 'a83f6d01ae66b2f4d46540161ba6cc37dbd0e870aed8334cb71f8162a9e7e7974396bdb1bc' . '4da5099423820b870e39a3ffe5';
Password::needsRehash($legacyHash, $key);
} catch (\ParagonIE\Halite\Alerts\InvalidMessage $ex) {
$this->assertSame('Invalid version tag', $ex->getMessage());
}
try {
$legacyHash = '3142020164c0c42347b248372d9605621bd6e56e6ace8d2c6f6a3cf3d1a37a40' . '3f031b5be025f00763a92ffb47281065419663e972b1a8faa08ae34bd9fdb35b2ca7727f41' . 'ca8edc75293d8f3bf12604ff4188d71473b605d48d1e378388465c6e4c733cae5f89802ebb' . '79ec6532b430a4799e545956113f116fa705e3ed2d7b17bb6dbf435f36a0f50dcb541adb82' . 'a83f6d01ae66b2f4d46540161ba6cc37dbd0e870aed8334cb71f8162a9e7e7974396bdb1bc' . '4da5099423820b870e39a3ffe5';
Password::needsRehash($legacyHash, $key);
} catch (\ParagonIE\Halite\Alerts\InvalidMessage $ex) {
$this->assertSame('Invalid message authentication code', $ex->getMessage());
}
$legacyHash = '31420201016257a21cbfbf16b0ec55cc1269a9da4654bbe343b828d27a571ea7c466' . '80c5c16a43e2451b7323b9b57b38577526329e5062527124aebd4818ca3cb34e14dcd40fd3aa21' . 'dec98fcd7ce6d1ab1118f00db09725a7c97b1e88c4e2c91923a1ba5b7677d64174a3323dd3f080' . '04126167ebf2117a35a05d796bc26698b13b2a3e5fa3b52201692987cf2cd0487c3f3c8ac0cdd7' . 'daa5703748ef94310671512e0254f5bbbdfe2482de1b8289d12232488fbd96a50d36673ba5633a' . '8efb3d35dd0721b3a64d857424dc03e6cb2922c09710fa05cf8aa496b9ea';
$this->assertTrue(Password::verify(new HiddenString('test password'), $legacyHash, $key), 'Legacy password hash calculation.');
$hash = Password::hash(new HiddenString('test password'), $key);
$this->assertFalse(Password::needsRehash($hash, $key));
}
<?php
declare (strict_types=1);
use ParagonIE\Halite\Password;
use Airship\Engine\State;
/**
* This script saves a password hash to the
*/
require_once \dirname(__DIR__) . '/bootstrap.php';
if ($argc > 1) {
$state = State::instance();
$save = Password::hash($argv[1], $state->keyring['auth.password_key']);
} else {
$save = (new \DateTime('now'))->format(\AIRSHIP_DATE_FORMAT);
}
\file_put_contents(ROOT . '/config/install.lock', $save);
<?php
declare (strict_types=1);
use Airship\Engine\State;
use ParagonIE\Halite\Password;
require_once \dirname(__DIR__) . '/src/bootstrap.php';
/**
* Generate an encrypted password hash from the command line.
*/
$state = State::instance();
$hash = Password::hash($argv[1], $state->keyring['auth.password_key']);
if (Password::verify($argv[1], $hash, $state->keyring['auth.password_key'])) {
echo $hash, "\n";
exit(0);
} else {
echo 'Unexpected ciphertext corruption. Is the password key correct?', "\n";
exit(255);
}
<?php
declare (strict_types=1);
use ParagonIE\Halite\HiddenString;
use ParagonIE\Halite\Password;
use ParagonIE\Halite\KeyFactory;
// First, manage the keys
if (!\file_exists('01-secret-key.txt')) {
$secretKey = KeyFactory::generateEncryptionKey();
KeyFactory::save($secretKey, '01-secret-key.txt');
} else {
$secretKey = KeyFactory::loadEncryptionKey('01-secret-key.txt');
}
$password = new HiddenString('correct horse battery staple');
$hash = Password::hash($password, $secretKey);
if (Password::verify($password, $hash, $secretKey)) {
echo 'Access granted', "\n";
} else {
echo 'Access DENIED!', "\n";
exit(255);
}
