authkit initial
This commit is contained in:
juancwu
parent
5173b0a43d
commit
134393fbca
43 changed files with 5188 additions and 1 deletions
78
hasher/argon2id_test.go
Normal file
78
hasher/argon2id_test.go
Normal file
|
|
@ -0,0 +1,78 @@
|
|||
package hasher
|
||||
|
||||
import (
|
||||
"strings"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestArgon2idHashVerifyRoundtrip(t *testing.T) {
|
||||
h := NewArgon2id(DefaultArgon2idParams(), nil)
|
||||
encoded, err := h.Hash("hunter2hunter2")
|
||||
if err != nil {
|
||||
t.Fatalf("Hash: %v", err)
|
||||
}
|
||||
if !strings.HasPrefix(encoded, "$argon2id$") {
|
||||
t.Fatalf("encoded hash not in PHC form: %s", encoded)
|
||||
}
|
||||
ok, needsRehash, err := h.Verify("hunter2hunter2", encoded)
|
||||
if err != nil {
|
||||
t.Fatalf("Verify: %v", err)
|
||||
}
|
||||
if !ok {
|
||||
t.Fatalf("Verify rejected the original password")
|
||||
}
|
||||
if needsRehash {
|
||||
t.Fatalf("Verify with default params should not signal rehash")
|
||||
}
|
||||
}
|
||||
|
||||
func TestArgon2idVerifyWrongPassword(t *testing.T) {
|
||||
h := NewArgon2id(DefaultArgon2idParams(), nil)
|
||||
encoded, err := h.Hash("correct horse battery staple")
|
||||
if err != nil {
|
||||
t.Fatalf("Hash: %v", err)
|
||||
}
|
||||
ok, _, err := h.Verify("nope", encoded)
|
||||
if err != nil {
|
||||
t.Fatalf("Verify: %v", err)
|
||||
}
|
||||
if ok {
|
||||
t.Fatalf("Verify should reject wrong password")
|
||||
}
|
||||
}
|
||||
|
||||
func TestArgon2idNeedsRehashOnParamChange(t *testing.T) {
|
||||
// Hash with light params...
|
||||
light := Argon2idParams{Memory: 8 * 1024, Iterations: 1, Parallelism: 1, SaltLen: 16, KeyLen: 32}
|
||||
encoded, err := NewArgon2id(light, nil).Hash("hello world")
|
||||
if err != nil {
|
||||
t.Fatalf("Hash: %v", err)
|
||||
}
|
||||
// ...verify with stronger params should still match but flag rehash.
|
||||
heavier := DefaultArgon2idParams()
|
||||
ok, needsRehash, err := NewArgon2id(heavier, nil).Verify("hello world", encoded)
|
||||
if err != nil {
|
||||
t.Fatalf("Verify: %v", err)
|
||||
}
|
||||
if !ok {
|
||||
t.Fatalf("Verify rejected legitimate password across params")
|
||||
}
|
||||
if !needsRehash {
|
||||
t.Fatalf("Verify should flag rehash when stored params differ from current")
|
||||
}
|
||||
}
|
||||
|
||||
func TestArgon2idRejectsMalformed(t *testing.T) {
|
||||
h := NewArgon2id(DefaultArgon2idParams(), nil)
|
||||
cases := []string{
|
||||
"",
|
||||
"not-a-phc",
|
||||
"$argon2i$v=19$m=64,t=1,p=1$abc$def",
|
||||
"$argon2id$v=99$m=64,t=1,p=1$YWJj$ZGVm",
|
||||
}
|
||||
for _, c := range cases {
|
||||
if _, _, err := h.Verify("x", c); err == nil {
|
||||
t.Fatalf("Verify should reject malformed encoding: %q", c)
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue