wiki.techinc.nl/tests/phpunit/includes/password/Argon2PasswordTest.php

<?php

/**
 * @group large
 * @covers Argon2Password
 * @covers Password
 * @covers ParameterizedPassword
 *
 * @phpcs:disable Generic.Files.LineLength
 */
class Argon2PasswordTest extends PasswordTestCase {

	public function setUp() {
		parent::setUp();
		if ( !defined( 'PASSWORD_ARGON2I' ) ) {
			$this->markTestSkipped( 'Argon2 support not found' );
		}
	}

	/**
	 * Return an array of configs to be used for this class's password type.
	 *
	 * @return array[]
	 */
	protected function getTypeConfigs() {
		return [
			'argon2' => [
				'class' => Argon2Password::class,
				'algo' => 'argon2i',
				'memory_cost' => 1024,
				'time_cost' => 2,
				'threads' => 2,
			]
		];
	}

	/**
	 * @return array
	 */
	public static function providePasswordTests() {
		$result = [
			[
				true,
				':argon2:$argon2i$v=19$m=1024,t=2,p=2$RHpGTXJPeFlSV2NDTEswNA$VeW7rumZY4pL8XO4KeQkKD43r5uX3eazVJRtrFN7lNc',
				'password',
			],
			[
				true,
				':argon2:$argon2i$v=19$m=2048,t=5,p=3$MHFKSnh6WWZEWkpKa09SUQ$vU92h/8hkByL5VKW1P9amCj054pZILGKznAvKWAivZE',
				'password',
			],
			[
				true,
				':argon2:$argon2i$v=19$m=1024,t=2,p=2$bFJ4TzM5RWh2T0VmeFhDTA$AHFUFZRh69aZYBqyxn6tpujpEcf2JP8wgRCPU3nw3W4',
				"pass\x00word",
			],
			[
				false,
				':argon2:$argon2i$v=19$m=1024,t=2,p=2$UGZqTWJRUkI1alVNTGRUbA$RcASw9XUWjCDO9WNnuVkGkEylURUW/CcNwSffdFwN74',
				'password',
			]
		];

		if ( defined( 'PASSWORD_ARGON2ID' ) ) {
			// @todo: Argon2id cases
			$result = array_merge( $result, [] );
		}

		return $result;
	}

	/**
	 * @dataProvider provideNeedsUpdate
	 */
	public function testNeedsUpdate( $updateExpected, $hash ) {
		$password = $this->passwordFactory->newFromCiphertext( $hash );
		$this->assertSame( $updateExpected, $password->needsUpdate() );
	}

	public function provideNeedsUpdate() {
		return [
			[ false, ':argon2:$argon2i$v=19$m=1024,t=2,p=2$bFJ4TzM5RWh2T0VmeFhDTA$AHFUFZRh69aZYBqyxn6tpujpEcf2JP8wgRCPU3nw3W4' ],
			[ false, ':argon2:$argon2i$v=19$m=1024,t=2,p=2$<whatever>' ],
			[ true, ':argon2:$argon2i$v=19$m=666,t=2,p=2$<whatever>' ],
			[ true, ':argon2:$argon2i$v=19$m=1024,t=666,p=2$<whatever>' ],
			[ true, ':argon2:$argon2i$v=19$m=1024,t=2,p=666$<whatever>' ],
		];
	}

	public function testPartialConfig() {
		$factory = new PasswordFactory();
		$factory->register( 'argon2', [
			'class' => Argon2Password::class,
			'algo' => 'argon2i',
		] );

		$partialPassword = $factory->newFromType( 'argon2' );
		$partialPassword->crypt( 'password' );
		$fullPassword = $this->passwordFactory->newFromCiphertext( $partialPassword->toString() );

		$this->assertFalse( $fullPassword->needsUpdate(),
			'Options not set for a password should fall back to defaults'
		);
	}
}
Add support for Argon2 password hashing So far, everything we had was vulnerable to newest advances in GPU cracking and timing side-channel attacks. Argon2 was designed specifically to address these problems. Unfortunately, PHP support is lagging, with some builds missing Argon2id or even Argon2i. Change-Id: Ifdf648f5d8a734a663e630286724a6d0a87c7510 2018-12-04 07:46:38 +00:00			`<?php`

			`/**`
			`* @group large`
			`* @covers Argon2Password`
			`* @covers Password`
			`* @covers ParameterizedPassword`
			`*`
			`* @phpcs:disable Generic.Files.LineLength`
			`*/`
			`class Argon2PasswordTest extends PasswordTestCase {`

			`public function setUp() {`
			`parent::setUp();`
			`if ( !defined( 'PASSWORD_ARGON2I' ) ) {`
			`$this->markTestSkipped( 'Argon2 support not found' );`
			`}`
			`}`

			`/**`
			`* Return an array of configs to be used for this class's password type.`
			`*`
			`* @return array[]`
			`*/`
			`protected function getTypeConfigs() {`
			`return [`
			`'argon2' => [`
			`'class' => Argon2Password::class,`
			`'algo' => 'argon2i',`
			`'memory_cost' => 1024,`
			`'time_cost' => 2,`
			`'threads' => 2,`
			`]`
			`];`
			`}`

			`/**`
			`* @return array`
			`*/`
			`public static function providePasswordTests() {`
			`$result = [`
			`[`
			`true,`
			`':argon2:$argon2i$v=19$m=1024,t=2,p=2$RHpGTXJPeFlSV2NDTEswNA$VeW7rumZY4pL8XO4KeQkKD43r5uX3eazVJRtrFN7lNc',`
			`'password',`
			`],`
			`[`
			`true,`
			`':argon2:$argon2i$v=19$m=2048,t=5,p=3$MHFKSnh6WWZEWkpKa09SUQ$vU92h/8hkByL5VKW1P9amCj054pZILGKznAvKWAivZE',`
			`'password',`
			`],`
			`[`
			`true,`
			`':argon2:$argon2i$v=19$m=1024,t=2,p=2$bFJ4TzM5RWh2T0VmeFhDTA$AHFUFZRh69aZYBqyxn6tpujpEcf2JP8wgRCPU3nw3W4',`
			`"pass\x00word",`
			`],`
			`[`
			`false,`
			`':argon2:$argon2i$v=19$m=1024,t=2,p=2$UGZqTWJRUkI1alVNTGRUbA$RcASw9XUWjCDO9WNnuVkGkEylURUW/CcNwSffdFwN74',`
			`'password',`
			`]`
			`];`

			`if ( defined( 'PASSWORD_ARGON2ID' ) ) {`
			`// @todo: Argon2id cases`
			`$result = array_merge( $result, [] );`
			`}`

			`return $result;`
			`}`

			`/**`
			`* @dataProvider provideNeedsUpdate`
			`*/`
			`public function testNeedsUpdate( $updateExpected, $hash ) {`
			`$password = $this->passwordFactory->newFromCiphertext( $hash );`
			`$this->assertSame( $updateExpected, $password->needsUpdate() );`
			`}`

			`public function provideNeedsUpdate() {`
			`return [`
			`[ false, ':argon2:$argon2i$v=19$m=1024,t=2,p=2$bFJ4TzM5RWh2T0VmeFhDTA$AHFUFZRh69aZYBqyxn6tpujpEcf2JP8wgRCPU3nw3W4' ],`
			`[ false, ':argon2:$argon2i$v=19$m=1024,t=2,p=2$<whatever>' ],`
			`[ true, ':argon2:$argon2i$v=19$m=666,t=2,p=2$<whatever>' ],`
			`[ true, ':argon2:$argon2i$v=19$m=1024,t=666,p=2$<whatever>' ],`
			`[ true, ':argon2:$argon2i$v=19$m=1024,t=2,p=666$<whatever>' ],`
			`];`
			`}`

			`public function testPartialConfig() {`
			`$factory = new PasswordFactory();`
			`$factory->register( 'argon2', [`
			`'class' => Argon2Password::class,`
			`'algo' => 'argon2i',`
			`] );`

			`$partialPassword = $factory->newFromType( 'argon2' );`
			`$partialPassword->crypt( 'password' );`
			`$fullPassword = $this->passwordFactory->newFromCiphertext( $partialPassword->toString() );`

			`$this->assertFalse( $fullPassword->needsUpdate(),`
			`'Options not set for a password should fall back to defaults'`
			`);`
			`}`
			`}`