diff --git a/test/crypto_pwhash.js b/test/crypto_pwhash.js
new file mode 100644
index 0000000..a9b56bf
--- /dev/null
+++ b/test/crypto_pwhash.js
@@ -0,0 +1,226 @@
+const test = require('brittle')
+const sodium = require('..')
+
+test('constants', function (t) {
+  t.ok(sodium.crypto_pwhash_ALG_ARGON2I13 != null, 'crypto_pwhash_ALG_ARGON2I13 is defined')
+  t.ok(sodium.crypto_pwhash_ALG_ARGON2ID13 != null, 'crypto_pwhash_ALG_ARGON2ID13 is defined')
+  t.ok(sodium.crypto_pwhash_ALG_DEFAULT === sodium.crypto_pwhash_ALG_ARGON2ID13, 'crypto_pwhash_ALG_DEFAULT is crypto_pwhash_ALG_ARGON2ID13')
+  t.ok(sodium.crypto_pwhash_BYTES_MIN != null, 'crypto_pwhash_BYTES_MIN is defined')
+  t.ok(sodium.crypto_pwhash_BYTES_MAX != null, 'crypto_pwhash_BYTES_MAX is defined')
+  t.ok(sodium.crypto_pwhash_PASSWD_MIN != null, 'crypto_pwhash_PASSWD_MIN is defined')
+  t.ok(sodium.crypto_pwhash_PASSWD_MAX != null, 'crypto_pwhash_PASSWD_MAX is defined')
+  t.ok(sodium.crypto_pwhash_SALTBYTES != null, 'crypto_pwhash_SALTBYTES is defined')
+  t.ok(sodium.crypto_pwhash_STRBYTES != null, 'crypto_pwhash_STRBYTES is defined')
+
+  t.ok(sodium.crypto_pwhash_OPSLIMIT_MIN != null, 'crypto_pwhash_OPSLIMIT_MIN is defined')
+  t.ok(sodium.crypto_pwhash_OPSLIMIT_MAX != null, 'crypto_pwhash_OPSLIMIT_MAX is defined')
+  t.ok(sodium.crypto_pwhash_MEMLIMIT_MIN != null, 'crypto_pwhash_MEMLIMIT_MIN is defined')
+  t.ok(sodium.crypto_pwhash_MEMLIMIT_MAX != null, 'crypto_pwhash_MEMLIMIT_MAX is defined')
+  t.ok(sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE != null, 'crypto_pwhash_OPSLIMIT_INTERACTIVE is defined')
+  t.ok(sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE != null, 'crypto_pwhash_MEMLIMIT_INTERACTIVE is defined')
+  t.ok(sodium.crypto_pwhash_OPSLIMIT_MODERATE != null, 'crypto_pwhash_OPSLIMIT_MODERATE is defined')
+  t.ok(sodium.crypto_pwhash_MEMLIMIT_MODERATE != null, 'crypto_pwhash_MEMLIMIT_MODERATE is defined')
+  t.ok(sodium.crypto_pwhash_OPSLIMIT_SENSITIVE != null, 'crypto_pwhash_OPSLIMIT_SENSITIVE is defined')
+  t.ok(sodium.crypto_pwhash_MEMLIMIT_SENSITIVE != null, 'crypto_pwhash_MEMLIMIT_SENSITIVE is defined')
+})
+
+test('crypto_pwhash', function (t) {
+  const output = Buffer.alloc(32) // can be any size
+  const passwd = Buffer.from('Hej, Verden!')
+  const salt = Buffer.alloc(sodium.crypto_pwhash_SALTBYTES, 'lo')
+  const opslimit = sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE
+  const memlimit = sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE
+  const algo = sodium.crypto_pwhash_ALG_DEFAULT
+
+  sodium.crypto_pwhash(output, passwd, salt, opslimit, memlimit, algo)
+
+  t.alike(output.toString('hex'), 'f0236e17ec70050fc989f19d8ce640301e8f912154b4f0afc1552cdf246e659f', 'hashes password')
+
+  salt[0] = 0
+  sodium.crypto_pwhash(output, passwd, salt, opslimit, memlimit, algo)
+
+  t.alike(output.toString('hex'), 'df73f15d217196311d4b1aa6fba339905ffe581dee4bd3a95ec2bb7c52991d65', 'diff salt -> diff hash')
+})
+
+test('crypto_pwhash_str', function (t) {
+  const output = Buffer.alloc(sodium.crypto_pwhash_STRBYTES)
+  const passwd = Buffer.from('Hej, Verden!')
+  const opslimit = sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE
+  const memlimit = sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE
+
+  t.exception.all(function () {
+    sodium.crypto_pwhash_str(output, passwd)
+  }, 'should throw on missing args')
+
+  sodium.crypto_pwhash_str(output, passwd, opslimit, memlimit)
+
+  t.not(output, Buffer.alloc(output.length), 'not blank')
+  t.absent(sodium.crypto_pwhash_str_verify(Buffer.alloc(output.length), passwd), 'does not verify')
+  t.ok(sodium.crypto_pwhash_str_verify(output, passwd), 'verifies')
+})
+
+test('crypto_pwhash_str_needs_rehash', function (t) {
+  const passwd = Buffer.from('secret')
+  const weakMem = Buffer.alloc(sodium.crypto_pwhash_STRBYTES)
+  const weakOps = Buffer.alloc(sodium.crypto_pwhash_STRBYTES)
+  const malformed = Buffer.alloc(sodium.crypto_pwhash_STRBYTES)
+  const good = Buffer.alloc(sodium.crypto_pwhash_STRBYTES)
+  const weakAlg = Buffer.alloc(sodium.crypto_pwhash_STRBYTES)
+  weakAlg.set(Buffer.from('$argon2id$v=19$m=8,t=1,p=1$DF4Tce8BK5di0gKeMBb2Fw$uNE4oyvyA0z68RPUom2NXu/KyGvpFppyUoN6pwFBtRU'))
+
+  sodium.crypto_pwhash_str(weakMem, passwd, sodium.crypto_pwhash_OPSLIMIT_MODERATE, sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE)
+  sodium.crypto_pwhash_str(weakOps, passwd, sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE, sodium.crypto_pwhash_MEMLIMIT_MODERATE)
+  sodium.crypto_pwhash_str(malformed, passwd, sodium.crypto_pwhash_OPSLIMIT_MODERATE, sodium.crypto_pwhash_MEMLIMIT_MODERATE)
+  sodium.crypto_pwhash_str(good, passwd, sodium.crypto_pwhash_OPSLIMIT_MODERATE, sodium.crypto_pwhash_MEMLIMIT_MODERATE)
+
+  const first$ = malformed.indexOf('$')
+  const second$ = malformed.indexOf('$', first$ + 1)
+  malformed.fill('p=,m=,', first$, second$, 'ascii')
+
+  t.ok(sodium.crypto_pwhash_str_needs_rehash(weakMem, sodium.crypto_pwhash_OPSLIMIT_MODERATE, sodium.crypto_pwhash_MEMLIMIT_MODERATE))
+  t.ok(sodium.crypto_pwhash_str_needs_rehash(weakOps, sodium.crypto_pwhash_OPSLIMIT_MODERATE, sodium.crypto_pwhash_MEMLIMIT_MODERATE))
+  t.ok(sodium.crypto_pwhash_str_needs_rehash(weakAlg, sodium.crypto_pwhash_OPSLIMIT_MODERATE, sodium.crypto_pwhash_MEMLIMIT_MODERATE))
+  t.absent(sodium.crypto_pwhash_str_needs_rehash(good, sodium.crypto_pwhash_OPSLIMIT_MODERATE, sodium.crypto_pwhash_MEMLIMIT_MODERATE))
+  t.ok(sodium.crypto_pwhash_str_needs_rehash(
+    , sodium.crypto_pwhash_OPSLIMIT_MODERATE, sodium.crypto_pwhash_MEMLIMIT_MODERATE))
+})
+
+test('crypto_pwhash_async', function (t) {
+  t.plan(4)
+
+  const output = Buffer.alloc(32) // can be any size
+  const passwd = Buffer.from('Hej, Verden!')
+  const salt = Buffer.alloc(sodium.crypto_pwhash_SALTBYTES, 'lo')
+  const opslimit = sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE
+  const memlimit = sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE
+  const algo = sodium.crypto_pwhash_ALG_DEFAULT
+
+  sodium.crypto_pwhash_async(output, passwd, salt, opslimit, memlimit, algo, function (err) {
+    t.absent(err)
+    t.alike(output.toString('hex'), 'f0236e17ec70050fc989f19d8ce640301e8f912154b4f0afc1552cdf246e659f', 'hashes password')
+
+    salt[0] = 0
+
+    sodium.crypto_pwhash_async(output, passwd, salt, opslimit, memlimit, algo, function (err) {
+      t.absent(err)
+      t.alike(output.toString('hex'), 'df73f15d217196311d4b1aa6fba339905ffe581dee4bd3a95ec2bb7c52991d65', 'diff salt -> diff hash')
+    })
+  })
+})
+
+test('crypto_pwhash_str_async', function (t) {
+  t.plan(7)
+
+  const output = Buffer.alloc(sodium.crypto_pwhash_STRBYTES)
+  const passwd = Buffer.from('Hej, Verden!')
+  const opslimit = sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE
+  const memlimit = sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE
+
+  t.exception.all(function () {
+    sodium.crypto_pwhash_str_async(output, passwd)
+  }, 'should throw on missing args')
+
+  sodium.crypto_pwhash_str_async(output, passwd, opslimit, memlimit, function (err) {
+    t.absent(err)
+    t.not(output, Buffer.alloc(output.length), 'not blank')
+
+    sodium.crypto_pwhash_str_verify_async(Buffer.alloc(output.length), passwd, function (err, bool) {
+      t.absent(err)
+      t.ok(bool === false, 'does not verify')
+
+      sodium.crypto_pwhash_str_verify_async(output, passwd, function (err, bool) {
+        t.absent(err)
+        t.ok(bool === true, 'verifies')
+      })
+    })
+  })
+})
+
+test('crypto_pwhash limits', function (t) {
+  const output = Buffer.alloc(sodium.crypto_pwhash_STRBYTES)
+  const passwd = Buffer.from('Hej, Verden!')
+  const opslimit = Number.MAX_SAFE_INTEGER
+  const memlimit = Number.MAX_SAFE_INTEGER
+
+  t.exception.all(function () {
+    sodium.crypto_pwhash_str(output, passwd, opslimit, memlimit)
+  }, 'should throw on large limits')
+  t.exception.all(function () {
+    sodium.crypto_pwhash_str(output, passwd, -1, -1)
+  }, 'should throw on negative limits')
+})
+
+test('crypto_pwhash_async uncaughtException', function (t) {
+  t.plan(1)
+
+  const output = Buffer.alloc(32) // can be any size
+  const passwd = Buffer.from('Hej, Verden!')
+  const salt = Buffer.alloc(sodium.crypto_pwhash_SALTBYTES, 'lo')
+  const opslimit = sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE
+  const memlimit = sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE
+  const algo = sodium.crypto_pwhash_ALG_DEFAULT
+
+  process.once('uncaughtException', listener)
+
+  sodium.crypto_pwhash_async(output, passwd, salt, opslimit, memlimit, algo, exception)
+
+  function exception () {
+    throw new Error('caught')
+  }
+
+  function listener (err) {
+    if (err.message !== 'caught') {
+      t.fail()
+    } else {
+      t.pass()
+    }
+  }
+})
+
+test('crypto_pwhash_str_async uncaughtException', function (t) {
+  t.plan(1)
+
+  const output = Buffer.alloc(sodium.crypto_pwhash_STRBYTES) // can be any size
+  const passwd = Buffer.from('Hej, Verden!')
+  const opslimit = sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE
+  const memlimit = sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE
+
+  process.once('uncaughtException', listener)
+
+  sodium.crypto_pwhash_str_async(output, passwd, opslimit, memlimit, exception)
+
+  function exception () {
+    throw new Error('caught')
+  }
+
+  function listener (err) {
+    if (err.message === 'caught') {
+      t.pass()
+    } else {
+      t.fail()
+    }
+  }
+})
+
+test('crypto_pwhash_str_verify_async uncaughtException', function (t) {
+  t.plan(1)
+
+  const output = Buffer.alloc(sodium.crypto_pwhash_STRBYTES) // can be any size
+  const passwd = Buffer.from('Hej, Verden!')
+
+  process.once('uncaughtException', listener)
+
+  sodium.crypto_pwhash_str_verify_async(output, passwd, exception)
+
+  function exception () {
+    throw new Error('caught')
+  }
+
+  function listener (err) {
+    if (err.message === 'caught') {
+      t.pass()
+    } else {
+      t.fail()
+    }
+  }
+})