⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.23
Server IP:
178.33.27.10
Server:
Linux cpanel.dev-unit.com 3.10.0-1160.108.1.el7.x86_64 #1 SMP Thu Jan 25 16:17:31 UTC 2024 x86_64
Server Software:
Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips
PHP Version:
8.2.11
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
local
/
src
/
libsodium-2.0.23
/
tests
/
View File Name :
crypto_auth.phpt
--TEST-- Check for libsodium auth --SKIPIF-- <?php if (!extension_loaded("sodium")) print "skip"; ?> --FILE-- <?php $msg = random_bytes(1000); $key = sodium_crypto_auth_keygen(); $mac = sodium_crypto_auth($msg, $key); // This should validate var_dump(sodium_crypto_auth_verify($mac, $msg, $key)); $bad_key = random_bytes(SODIUM_CRYPTO_AUTH_KEYBYTES - 1); try { $mac = sodium_crypto_auth($msg, $bad_key); echo 'Fail!', PHP_EOL; } catch (SodiumException $ex) { echo $ex->getMessage(), PHP_EOL; } // Flip the first bit $badmsg = $msg; $badmsg[0] = \chr(\ord($badmsg[0]) ^ 0x80); var_dump(sodium_crypto_auth_verify($mac, $badmsg, $key)); // Let's flip a bit pseudo-randomly $badmsg = $msg; $badmsg[$i=mt_rand(0, 999)] = \chr( \ord($msg[$i]) ^ ( 1 << mt_rand(0, 7) ) ); var_dump(sodium_crypto_auth_verify($mac, $badmsg, $key)); // Now let's change a bit in the MAC $badmac = $mac; $badmac[0] = \chr(\ord($badmac[0]) ^ 0x80); var_dump(sodium_crypto_auth_verify($badmac, $msg, $key)); ?> --EXPECT-- bool(true) key must be SODIUM_CRYPTO_AUTH_KEYBYTES bytes bool(false) bool(false) bool(false)