78 lines
2 KiB
Go
78 lines
2 KiB
Go
package hasher
|
|
|
|
import (
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
func TestArgon2idHashVerifyRoundtrip(t *testing.T) {
|
|
h := NewArgon2id(DefaultArgon2idParams(), nil)
|
|
encoded, err := h.Hash("hunter2hunter2")
|
|
if err != nil {
|
|
t.Fatalf("Hash: %v", err)
|
|
}
|
|
if !strings.HasPrefix(encoded, "$argon2id$") {
|
|
t.Fatalf("encoded hash not in PHC form: %s", encoded)
|
|
}
|
|
ok, needsRehash, err := h.Verify("hunter2hunter2", encoded)
|
|
if err != nil {
|
|
t.Fatalf("Verify: %v", err)
|
|
}
|
|
if !ok {
|
|
t.Fatalf("Verify rejected the original password")
|
|
}
|
|
if needsRehash {
|
|
t.Fatalf("Verify with default params should not signal rehash")
|
|
}
|
|
}
|
|
|
|
func TestArgon2idVerifyWrongPassword(t *testing.T) {
|
|
h := NewArgon2id(DefaultArgon2idParams(), nil)
|
|
encoded, err := h.Hash("correct horse battery staple")
|
|
if err != nil {
|
|
t.Fatalf("Hash: %v", err)
|
|
}
|
|
ok, _, err := h.Verify("nope", encoded)
|
|
if err != nil {
|
|
t.Fatalf("Verify: %v", err)
|
|
}
|
|
if ok {
|
|
t.Fatalf("Verify should reject wrong password")
|
|
}
|
|
}
|
|
|
|
func TestArgon2idNeedsRehashOnParamChange(t *testing.T) {
|
|
// Hash with light params...
|
|
light := Argon2idParams{Memory: 8 * 1024, Iterations: 1, Parallelism: 1, SaltLen: 16, KeyLen: 32}
|
|
encoded, err := NewArgon2id(light, nil).Hash("hello world")
|
|
if err != nil {
|
|
t.Fatalf("Hash: %v", err)
|
|
}
|
|
// ...verify with stronger params should still match but flag rehash.
|
|
heavier := DefaultArgon2idParams()
|
|
ok, needsRehash, err := NewArgon2id(heavier, nil).Verify("hello world", encoded)
|
|
if err != nil {
|
|
t.Fatalf("Verify: %v", err)
|
|
}
|
|
if !ok {
|
|
t.Fatalf("Verify rejected legitimate password across params")
|
|
}
|
|
if !needsRehash {
|
|
t.Fatalf("Verify should flag rehash when stored params differ from current")
|
|
}
|
|
}
|
|
|
|
func TestArgon2idRejectsMalformed(t *testing.T) {
|
|
h := NewArgon2id(DefaultArgon2idParams(), nil)
|
|
cases := []string{
|
|
"",
|
|
"not-a-phc",
|
|
"$argon2i$v=19$m=64,t=1,p=1$abc$def",
|
|
"$argon2id$v=99$m=64,t=1,p=1$YWJj$ZGVm",
|
|
}
|
|
for _, c := range cases {
|
|
if _, _, err := h.Verify("x", c); err == nil {
|
|
t.Fatalf("Verify should reject malformed encoding: %q", c)
|
|
}
|
|
}
|
|
}
|