155 lines
4.5 KiB
Go
155 lines
4.5 KiB
Go
package hashing
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestNewHasher(t *testing.T) {
|
|
authOpts := make(map[string]string)
|
|
|
|
hasher := NewHasher(authOpts, "")
|
|
|
|
_, ok := hasher.(pbkdf2Hasher)
|
|
assert.True(t, ok)
|
|
|
|
authOpts = make(map[string]string)
|
|
authOpts["hasher"] = Pbkdf2Opt
|
|
hasher = NewHasher(authOpts, "")
|
|
|
|
pHasher, ok := hasher.(pbkdf2Hasher)
|
|
|
|
assert.True(t, ok)
|
|
assert.Equal(t, defaultPBKDF2Algorithm, pHasher.algorithm)
|
|
assert.Equal(t, defaultPBKDF2KeyLen, pHasher.keyLen)
|
|
assert.Equal(t, defaultPBKDF2Iterations, pHasher.iterations)
|
|
assert.Equal(t, defaultPBKDF2SaltSize, pHasher.saltSize)
|
|
assert.Equal(t, Base64, pHasher.saltEncoding)
|
|
|
|
// Check that options are set correctly.
|
|
authOpts = make(map[string]string)
|
|
authOpts = map[string]string{
|
|
"hasher": Pbkdf2Opt,
|
|
"hasher_algorithm": SHA256,
|
|
"hasher_keylen": "24",
|
|
"hasher_iterations": "100",
|
|
"hasher_salt_size": "30",
|
|
"hasher_salt_encoding": UTF8,
|
|
}
|
|
hasher = NewHasher(authOpts, "")
|
|
|
|
pHasher, ok = hasher.(pbkdf2Hasher)
|
|
assert.True(t, ok)
|
|
assert.Equal(t, SHA256, pHasher.algorithm)
|
|
assert.Equal(t, 24, pHasher.keyLen)
|
|
assert.Equal(t, 100, pHasher.iterations)
|
|
assert.Equal(t, 30, pHasher.saltSize)
|
|
assert.Equal(t, UTF8, pHasher.saltEncoding)
|
|
|
|
authOpts = make(map[string]string)
|
|
authOpts["hasher"] = Argon2IDOpt
|
|
hasher = NewHasher(authOpts, "")
|
|
|
|
aHasher, ok := hasher.(argon2IDHasher)
|
|
|
|
assert.True(t, ok)
|
|
assert.Equal(t, defaultArgon2IDIterations, aHasher.iterations)
|
|
assert.Equal(t, defaultArgon2IDKeyLen, aHasher.keyLen)
|
|
assert.Equal(t, defaultArgon2IDMemory, aHasher.memory)
|
|
assert.Equal(t, defaultArgon2IDParallelism, aHasher.parallelism)
|
|
assert.Equal(t, defaultArgon2IDSaltSize, aHasher.saltSize)
|
|
|
|
authOpts = make(map[string]string)
|
|
authOpts = map[string]string{
|
|
"hasher": Argon2IDOpt,
|
|
"hasher_iterations": "100",
|
|
"hasher_keylen": "24",
|
|
"hasher_memory": "1024",
|
|
"hasher_parallelism": "4",
|
|
"hasher_salt_size": "24",
|
|
}
|
|
hasher = NewHasher(authOpts, "")
|
|
|
|
aHasher, ok = hasher.(argon2IDHasher)
|
|
|
|
assert.True(t, ok)
|
|
assert.Equal(t, 100, aHasher.iterations)
|
|
assert.Equal(t, 24, aHasher.keyLen)
|
|
assert.Equal(t, uint32(1024), aHasher.memory)
|
|
assert.Equal(t, uint8(4), aHasher.parallelism)
|
|
assert.Equal(t, 24, aHasher.saltSize)
|
|
|
|
authOpts = make(map[string]string)
|
|
authOpts["hasher"] = BcryptOpt
|
|
hasher = NewHasher(authOpts, "")
|
|
|
|
bHasher, ok := hasher.(bcryptHasher)
|
|
assert.True(t, ok)
|
|
assert.Equal(t, bHasher.cost, defaultBcryptCost)
|
|
|
|
// Check that options are set correctly.
|
|
authOpts = make(map[string]string)
|
|
authOpts = map[string]string{
|
|
"hasher": BcryptOpt,
|
|
"hasher_cost": "15",
|
|
}
|
|
hasher = NewHasher(authOpts, "")
|
|
|
|
bHasher, ok = hasher.(bcryptHasher)
|
|
assert.True(t, ok)
|
|
assert.Equal(t, 15, bHasher.cost)
|
|
}
|
|
|
|
func TestBcrypt(t *testing.T) {
|
|
|
|
password := "test-password"
|
|
hasher := NewBcryptHashComparer(10)
|
|
|
|
passwordHash, err := hasher.Hash(password)
|
|
|
|
assert.Nil(t, err)
|
|
assert.True(t, hasher.Compare(password, passwordHash))
|
|
assert.False(t, hasher.Compare("other", passwordHash))
|
|
}
|
|
|
|
func TestArgon2ID(t *testing.T) {
|
|
password := "test-password"
|
|
hasher := NewArgon2IDHasher(defaultArgon2IDSaltSize, defaultArgon2IDIterations, defaultArgon2IDKeyLen, defaultArgon2IDMemory, defaultArgon2IDParallelism)
|
|
|
|
passwordHash, err := hasher.Hash(password)
|
|
|
|
assert.Nil(t, err)
|
|
assert.True(t, hasher.Compare(password, passwordHash))
|
|
assert.False(t, hasher.Compare("other", passwordHash))
|
|
}
|
|
|
|
func TestPBKDF2(t *testing.T) {
|
|
password := "test-password"
|
|
b64Hasher := NewPBKDF2Hasher(defaultPBKDF2SaltSize, defaultPBKDF2Iterations, defaultPBKDF2Algorithm, Base64, defaultPBKDF2KeyLen)
|
|
utf8Hasher := NewPBKDF2Hasher(defaultPBKDF2SaltSize, defaultPBKDF2Iterations, defaultPBKDF2Algorithm, UTF8, defaultPBKDF2KeyLen)
|
|
|
|
t.Run("OlderFormat", func(t *testing.T) {
|
|
t.Run("Base64", func(t *testing.T) {
|
|
passwordHash, err := b64Hasher.Hash(password)
|
|
|
|
assert.Nil(t, err)
|
|
assert.True(t, b64Hasher.Compare(password, passwordHash))
|
|
assert.False(t, b64Hasher.Compare("other", passwordHash))
|
|
})
|
|
t.Run("UTF8", func(t *testing.T) {
|
|
passwordHash, err := utf8Hasher.Hash(password)
|
|
|
|
assert.Nil(t, err)
|
|
assert.True(t, utf8Hasher.Compare(password, passwordHash))
|
|
assert.False(t, utf8Hasher.Compare("other", passwordHash))
|
|
})
|
|
})
|
|
|
|
t.Run("PHC-SF-Spec", func(t *testing.T) {
|
|
passwordHash := "$pbkdf2-sha512$i=10000,l=32$/DsNR8DBuoF/MxzLY+QVaw$YNfYNfT+6yT2blLrXKKR8Ll+aesgHYqSOtFTBsyscRM"
|
|
assert.True(t, b64Hasher.Compare(password, passwordHash))
|
|
assert.False(t, b64Hasher.Compare("other", passwordHash))
|
|
})
|
|
}
|