#!perl
use strict;
my $passphrase = Crypt::Passphrase->new(
encoder => {
module => 'Argon2::AES',
peppers => {
1 => scalar('A' x 16),
2 => scalar('B' x 16),
},
memory_cost => '16M',
time_cost => 2,
},
);
my $password = 'password';
my $salt = "\0" x 16;
my $hash1 = $passphrase->hash_password($password);
ok($passphrase->verify_password($password, $hash1), 'Self-generated password validates');
ok(!$passphrase->needs_rehash($hash1), 'Self-generated password doesn\'t need to be regenerated');
like($hash1, qr/ \A \$ argon2id-encrypted-aes-cbc \$ /x, 'Hash header looks like what we expect');
my $hash2 = '$argon2id$v=19$m=16384,t=2,p=1$AAAAAAAAAAAAAAAAAAAAAA$AcpOEUs9E88hQnLWQYw/ow';
ok($passphrase->verify_password($password, $hash2), 'Unencrypted hash validates');
ok($passphrase->needs_rehash($hash2), 'Unencrypted hash needs rehash');
my $hash3 = '$argon2id-encrypted-aes-cbc$v=19$m=16384,t=2,p=1,keyid=1$JhkFTZgrHPE6F173oNYTGQ$iODwNT6xOu+LEB0bAw/hlXV9eHG6q/uHqOg1NXzibnQ';
ok($passphrase->verify_password($password, $hash3), 'Hash encrypted with old pepper still validates');
ok($passphrase->needs_rehash($hash3), 'Hash encrypted with old pepper needs rehash');
my $hash3b = $passphrase->recode_hash($hash3);
isnt($hash3b, $hash3, 'Recoded hash has changed');
ok(!$passphrase->needs_rehash($hash3b), 'Recoded hash doesn\'t need rehash');
my $hash4 = '$argon2id-encrypted-aes-cbc$v=1,id=1$v=19$m=16384,t=2,p=1$tOZt95qn9CHuFQzrx8346Q$VnInu6mq2';
ok(!$passphrase->verify_password($password, $hash4), 'Incomplete hash doesn\'t validate');
done_testing;