1--TEST-- 2Check for libsodium auth 3--SKIPIF-- 4<?php if (!extension_loaded("sodium")) print "skip"; ?> 5--FILE-- 6<?php 7$msg = random_bytes(1000); 8$key = sodium_crypto_auth_keygen(); 9$mac = sodium_crypto_auth($msg, $key); 10 11// This should validate 12var_dump(sodium_crypto_auth_verify($mac, $msg, $key)); 13 14$bad_key = random_bytes(SODIUM_CRYPTO_AUTH_KEYBYTES - 1); 15try { 16 $mac = sodium_crypto_auth($msg, $bad_key); 17 echo 'Fail!', PHP_EOL; 18} catch (SodiumException $ex) { 19 echo $ex->getMessage(), PHP_EOL; 20} 21 22// Flip the first bit 23$badmsg = $msg; 24$badmsg[0] = \chr(\ord($badmsg[0]) ^ 0x80); 25var_dump(sodium_crypto_auth_verify($mac, $badmsg, $key)); 26 27// Let's flip a bit pseudo-randomly 28$badmsg = $msg; 29$badmsg[$i=mt_rand(0, 999)] = \chr( 30 \ord($msg[$i]) ^ ( 31 1 << mt_rand(0, 7) 32 ) 33); 34 35var_dump(sodium_crypto_auth_verify($mac, $badmsg, $key)); 36 37// Now let's change a bit in the MAC 38$badmac = $mac; 39$badmac[0] = \chr(\ord($badmac[0]) ^ 0x80); 40var_dump(sodium_crypto_auth_verify($badmac, $msg, $key)); 41?> 42--EXPECT-- 43bool(true) 44sodium_crypto_auth(): Argument #2 ($key) must be SODIUM_CRYPTO_AUTH_KEYBYTES bytes long 45bool(false) 46bool(false) 47bool(false) 48