3v4l.org

run code in 300+ PHP versions simultaneously
<?php class SafeBcryptWrapperPoC { private $staticKey; private $cost = 12; public function __construct( #[\SensitiveParameter] string $staticKey, int $cost = 12 ) { $this->staticKey = $staticKey; $this->cost = $cost; } /** * Generate password hashes here */ public function hash( #[\SensitiveParameter] string $password ): string { return \password_hash( $this->prehash($password), PASSWORD_BCRYPT, ['cost' => $this->cost] ); } /** * Verify password here */ public function verify( #[\SensitiveParameter] string $password, #[\SensitiveParameter] string $hash ): bool { return \password_verify( $this->prehash($password), $hash ); } /** * Pre-hashing with HMAC-SHA-512 here * * Note that this demo doesn't use libsodium, due to 3v4l limitations */ private function prehash( #[\SensitiveParameter] string $password ): string { return \base64_encode( \hash_hmac('sha512', $password, $this->staticKey, true) ); } } $staticKey = random_bytes(32); $hasher = new SafeBcryptWrapperPoC($staticKey); $example1 = str_repeat('A', 72); $example2 = $example1 . 'B'; $hash1 = password_hash($example1, PASSWORD_BCRYPT); $hash2 = $hasher->hash($example1); var_dump(password_verify($example2, $hash1)); var_dump($hasher->verify($example2, $hash2));
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/WLB7q
function name:  (null)
number of ops:  39
compiled vars:  !0 = $staticKey, !1 = $hasher, !2 = $example1, !3 = $example2, !4 = $hash1, !5 = $hash2
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   61     0  E >   INIT_FCALL                                               'random_bytes'
          1        SEND_VAL                                                 32
          2        DO_ICALL                                         $6      
          3        ASSIGN                                                   !0, $6
   63     4        NEW                                              $8      'SafeBcryptWrapperPoC'
          5        SEND_VAR_EX                                              !0
          6        DO_FCALL                                      0          
          7        ASSIGN                                                   !1, $8
   65     8        INIT_FCALL                                               'str_repeat'
          9        SEND_VAL                                                 'A'
         10        SEND_VAL                                                 72
         11        DO_ICALL                                         $11     
         12        ASSIGN                                                   !2, $11
   66    13        CONCAT                                           ~13     !2, 'B'
         14        ASSIGN                                                   !3, ~13
   68    15        INIT_FCALL                                               'password_hash'
         16        SEND_VAR                                                 !2
         17        SEND_VAL                                                 '2y'
         18        DO_ICALL                                         $15     
         19        ASSIGN                                                   !4, $15
   69    20        INIT_METHOD_CALL                                         !1, 'hash'
         21        SEND_VAR_EX                                              !2
         22        DO_FCALL                                      0  $17     
         23        ASSIGN                                                   !5, $17
   70    24        INIT_FCALL                                               'var_dump'
         25        INIT_FCALL                                               'password_verify'
         26        SEND_VAR                                                 !3
         27        SEND_VAR                                                 !4
         28        DO_ICALL                                         $19     
         29        SEND_VAR                                                 $19
         30        DO_ICALL                                                 
   71    31        INIT_FCALL                                               'var_dump'
         32        INIT_METHOD_CALL                                         !1, 'verify'
         33        SEND_VAR_EX                                              !3
         34        SEND_VAR_EX                                              !5
         35        DO_FCALL                                      0  $21     
         36        SEND_VAR                                                 $21
         37        DO_ICALL                                                 
         38      > RETURN                                                   1

Class SafeBcryptWrapperPoC:
Function __construct:
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/WLB7q
function name:  __construct
number of ops:  7
compiled vars:  !0 = $staticKey, !1 = $cost
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    8     0  E >   RECV                                             !0      
          1        RECV_INIT                                        !1      12
   13     2        ASSIGN_OBJ                                               'staticKey'
          3        OP_DATA                                                  !0
   14     4        ASSIGN_OBJ                                               'cost'
          5        OP_DATA                                                  !1
   15     6      > RETURN                                                   null

End of function __construct

Function hash:
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/WLB7q
function name:  hash
number of ops:  15
compiled vars:  !0 = $password
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   20     0  E >   RECV                                             !0      
   24     1        INIT_FCALL                                               'password_hash'
   25     2        INIT_METHOD_CALL                                         'prehash'
          3        SEND_VAR_EX                                              !0
          4        DO_FCALL                                      0  $1      
          5        SEND_VAR                                                 $1
   26     6        SEND_VAL                                                 '2y'
   27     7        FETCH_OBJ_R                                      ~2      'cost'
          8        INIT_ARRAY                                       ~3      ~2, 'cost'
          9        SEND_VAL                                                 ~3
   24    10        DO_ICALL                                         $4      
   27    11        VERIFY_RETURN_TYPE                                       $4
         12      > RETURN                                                   $4
   29    13*       VERIFY_RETURN_TYPE                                       
         14*     > RETURN                                                   null

End of function hash

Function verify:
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/WLB7q
function name:  verify
number of ops:  13
compiled vars:  !0 = $password, !1 = $hash
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   34     0  E >   RECV                                             !0      
          1        RECV                                             !1      
   40     2        INIT_FCALL                                               'password_verify'
   41     3        INIT_METHOD_CALL                                         'prehash'
          4        SEND_VAR_EX                                              !0
          5        DO_FCALL                                      0  $2      
          6        SEND_VAR                                                 $2
   42     7        SEND_VAR                                                 !1
   40     8        DO_ICALL                                         $3      
   42     9        VERIFY_RETURN_TYPE                                       $3
         10      > RETURN                                                   $3
   44    11*       VERIFY_RETURN_TYPE                                       
         12*     > RETURN                                                   null

End of function verify

Function prehash:
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/WLB7q
function name:  prehash
number of ops:  15
compiled vars:  !0 = $password
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   51     0  E >   RECV                                             !0      
   55     1        INIT_FCALL                                               'base64_encode'
   56     2        INIT_FCALL                                               'hash_hmac'
          3        SEND_VAL                                                 'sha512'
          4        SEND_VAR                                                 !0
          5        FETCH_OBJ_R                                      ~1      'staticKey'
          6        SEND_VAL                                                 ~1
          7        SEND_VAL                                                 <true>
          8        DO_ICALL                                         $2      
          9        SEND_VAR                                                 $2
   55    10        DO_ICALL                                         $3      
   56    11        VERIFY_RETURN_TYPE                                       $3
         12      > RETURN                                                   $3
   58    13*       VERIFY_RETURN_TYPE                                       
         14*     > RETURN                                                   null

End of function prehash

End of class SafeBcryptWrapperPoC.

Generated using Vulcan Logic Dumper, using php 8.0.0


preferences:
143.24 ms | 1469 KiB | 20 Q