public static function decryptAndVerify(string $password, string $ciphertext, Key $aesKey) : bool
{
if (!\is_string($password)) {
throw new \InvalidArgumentException('Password must be a string.');
}
if (!\is_string($ciphertext)) {
throw new \InvalidArgumentException('Ciphertext must be a string.');
}
$hash = Crypto::decrypt($ciphertext, $aesKey);
return \password_verify(Base64::encode(\hash('sha384', $password, true)), $hash);
}
/** * @expectedException \Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException */ public function testBitflip() { $key = Key::createNewRandomKey(); $password = PasswordLock::hashAndEncrypt('YELLOW SUBMARINE', $key); $password[0] = \ord($password[0]) === 0 ? 255 : 0; PasswordLock::decryptAndVerify('YELLOW SUBMARINE', $password, $key); }