]>
Commit | Line | Data |
---|---|---|
3a338f79 | 1 | |
1c2d079d | 2 | #ifndef BOOST_TEST_DYN_LINK |
3a338f79 | 3 | #define BOOST_TEST_DYN_LINK |
1c2d079d FM |
4 | #endif |
5 | ||
3a338f79 RG |
6 | #define BOOST_TEST_NO_MAIN |
7 | ||
4ec3ff03 | 8 | #include <boost/algorithm/string.hpp> |
3a338f79 RG |
9 | #include <boost/test/unit_test.hpp> |
10 | ||
11 | #include "config.h" | |
12 | #include "credentials.hh" | |
13 | ||
14 | BOOST_AUTO_TEST_SUITE(credentials_cc) | |
15 | ||
2f32819a RG |
16 | #if defined(DISABLE_HASHED_CREDENTIALS) |
17 | #undef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT | |
18 | #endif | |
19 | ||
8a6030b6 | 20 | #ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT |
3a338f79 RG |
21 | BOOST_AUTO_TEST_CASE(test_CredentialsUtils) |
22 | { | |
23 | const std::string plaintext("test"); | |
24 | /* generated with hashPassword("test") */ | |
8a6030b6 | 25 | const std::string sampleHash("$scrypt$ln=10,p=1,r=8$1GZ10YdmSGtTmKK9jTH85Q==$JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJdrPhI="); |
3a338f79 RG |
26 | |
27 | auto hashed = hashPassword(plaintext); | |
28 | BOOST_CHECK(!hashed.empty()); | |
29 | ||
30 | BOOST_CHECK(verifyPassword(hashed, plaintext)); | |
31 | BOOST_CHECK(verifyPassword(sampleHash, plaintext)); | |
32 | ||
33 | BOOST_CHECK(!verifyPassword(hashed, "not test")); | |
34 | BOOST_CHECK(!verifyPassword(sampleHash, "not test")); | |
47c4ed83 | 35 | BOOST_CHECK(!verifyPassword("test", "test")); |
3a338f79 RG |
36 | |
37 | BOOST_CHECK(isPasswordHashed(hashed)); | |
38 | BOOST_CHECK(isPasswordHashed(sampleHash)); | |
39 | BOOST_CHECK(!isPasswordHashed(plaintext)); | |
4ec3ff03 RG |
40 | |
41 | { | |
42 | // hash password with custom parameters | |
43 | auto customParams = hashPassword(plaintext, 512, 2, 16); | |
44 | // check that the output is OK | |
45 | BOOST_CHECK(boost::starts_with(customParams, "$scrypt$ln=9,p=2,r=16$")); | |
46 | // check that we can verify the password | |
47 | BOOST_CHECK(verifyPassword(customParams, plaintext)); | |
48 | } | |
49 | ||
71f6572a RG |
50 | { |
51 | // hash password with invalid parameters | |
52 | BOOST_CHECK_THROW(hashPassword(plaintext, 0, 2, 16), std::runtime_error); | |
53 | BOOST_CHECK_THROW(hashPassword(plaintext, 512, 0, 16), std::runtime_error); | |
54 | BOOST_CHECK_THROW(hashPassword(plaintext, 512, 2, 0), std::runtime_error); | |
55 | } | |
56 | ||
4ec3ff03 RG |
57 | // empty |
58 | BOOST_CHECK(!isPasswordHashed("")); | |
59 | // missing leading $ | |
60 | BOOST_CHECK(!isPasswordHashed("scrypt$ln=10,p=1,r=8$1GZ10YdmSGtTmKK9jTH85Q==$JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJdrPhI=")); | |
47c4ed83 RG |
61 | // prefix-only |
62 | BOOST_CHECK(!isPasswordHashed("$scrypt$")); | |
4ec3ff03 RG |
63 | // unknown algo |
64 | BOOST_CHECK(!isPasswordHashed("$tcrypt$ln=10,p=1,r=8$1GZ10YdmSGtTmKK9jTH85Q==$JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJdrPhI=")); | |
65 | // missing parameters | |
66 | BOOST_CHECK(!isPasswordHashed("$scrypt$1GZ10YdmSGtTmKK9jTH85Q==$JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJdrPhI=")); | |
67 | // empty parameters | |
68 | BOOST_CHECK(!isPasswordHashed("$scrypt$$1GZ10YdmSGtTmKK9jTH85Q==$JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJdrPhI=")); | |
69 | // missing r | |
70 | BOOST_CHECK(!isPasswordHashed("$scrypt$ln=10,p=1$1GZ10YdmSGtTmKK9jTH85Q==$JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJdrPhI=")); | |
71 | // salt is too short | |
72 | BOOST_CHECK(!isPasswordHashed("$scrypt$ln=10,p=1,r=8$dGVzdA==$JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJdrPhI=")); | |
73 | // hash is too short | |
74 | BOOST_CHECK(!isPasswordHashed("$scrypt$ln=10,p=1,r=8$1GZ10YdmSGtTmKK9jTH85Q==$c2hvcnQ=")); | |
75 | // missing salt | |
76 | BOOST_CHECK(!isPasswordHashed("$scrypt$ln=10,p=1,r=8$JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJdrPhI=")); | |
77 | // missing $ between the salt and hash | |
78 | BOOST_CHECK(!isPasswordHashed("$scrypt$ln=10,p=1,r=8$1GZ10YdmSGtTmKK9jTH85Q==JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJdrPhI=")); | |
79 | // no hash | |
80 | BOOST_CHECK(!isPasswordHashed("$scrypt$ln=10,p=1,r=8$1GZ10YdmSGtTmKK9jTH85Q==$")); | |
81 | // hash is too long | |
82 | BOOST_CHECK(!isPasswordHashed("$scrypt$ln=10,p=1,r=8$1GZ10YdmSGtTmKK9jTH85Q==$dGhpcyBpcyBhIHZlcnkgbG9uZyBoYXNoLCBtdWNoIG11Y2ggbG9uZ2VyIHRoYW4gdGhlIG9uZXMgd2UgYXJlIGdlbmVyYXRpbmc=")); | |
83 | ||
84 | // empty r | |
85 | BOOST_CHECK_THROW(verifyPassword("$scrypt$ln=10,p=1,r=$1GZ10YdmSGtTmKK9jTH85Q==$JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJdrPhI=", plaintext), std::runtime_error); | |
86 | // too many parameters | |
87 | BOOST_CHECK_THROW(verifyPassword("$scrypt$ln=10,p=1,r=8,t=1$1GZ10YdmSGtTmKK9jTH85Q==$JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJdrPhI=", plaintext), std::runtime_error); | |
88 | // invalid ln | |
89 | BOOST_CHECK_THROW(verifyPassword("$scrypt$ln=A,p=1,r=8$1GZ10YdmSGtTmKK9jTH85Q==$JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJdrPhI=", plaintext), std::runtime_error); | |
90 | // invalid p | |
91 | BOOST_CHECK_THROW(verifyPassword("$scrypt$ln=10,p=p,r=8$1GZ10YdmSGtTmKK9jTH85Q==$JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJdrPhI=", plaintext), std::runtime_error); | |
71f6572a RG |
92 | // missing ln |
93 | BOOST_CHECK_THROW(verifyPassword("$scrypt$la=10,p=1,r=8$1GZ10YdmSGtTmKK9jTH85Q==$JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJdrPhI=", plaintext), std::runtime_error); | |
94 | // missing p | |
95 | BOOST_CHECK_THROW(verifyPassword("$scrypt$ln=10,q=1,r=8$1GZ10YdmSGtTmKK9jTH85Q==$JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJdrPhI=", plaintext), std::runtime_error); | |
96 | // missing r | |
97 | BOOST_CHECK_THROW(verifyPassword("$scrypt$l,ln=10,q=1,s=8$1GZ10YdmSGtTmKK9jTH85Q==$JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJdrPhI=", plaintext), std::runtime_error); | |
4ec3ff03 RG |
98 | // work factor is too large |
99 | BOOST_CHECK_THROW(verifyPassword("$scrypt$ln=16,p=1,r=8$1GZ10YdmSGtTmKK9jTH85Q==$JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJdrPhI=", plaintext), std::runtime_error); | |
100 | // salt is too long | |
101 | BOOST_CHECK_THROW(verifyPassword("$scrypt$ln=10,p=1,r=8$dGhpcyBpcyBhIHZlcnkgbG9uZyBzYWx0$JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJdrPhI=", plaintext), std::runtime_error); | |
102 | // invalid b64 salt | |
103 | BOOST_CHECK_THROW(verifyPassword("$scrypt$ln=10,p=1,r=8$1GZ10YdmSGtTmKK9jTH85$JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJdrPhI=", plaintext), std::runtime_error); | |
104 | // invalid b64 hash | |
105 | BOOST_CHECK_THROW(verifyPassword("$scrypt$ln=10,p=1,r=8$1GZ10YdmSGtTmKK9jTH85Q==$JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJd", plaintext), std::runtime_error); | |
3a338f79 RG |
106 | } |
107 | #endif | |
108 | ||
109 | BOOST_AUTO_TEST_CASE(test_CredentialsHolder) | |
110 | { | |
111 | const std::string plaintext("test"); | |
112 | ||
64c4f83c | 113 | auto holder = CredentialsHolder(std::string(plaintext), false); |
3a338f79 RG |
114 | |
115 | BOOST_CHECK(holder.matches(plaintext)); | |
116 | BOOST_CHECK(!holder.matches("not test")); | |
117 | BOOST_CHECK(!holder.wasHashed()); | |
64c4f83c | 118 | BOOST_CHECK(!holder.isHashed()); |
3a338f79 | 119 | |
8a6030b6 | 120 | #ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT |
3a338f79 | 121 | BOOST_CHECK(CredentialsHolder::isHashingAvailable()); |
8a6030b6 | 122 | const std::string sampleHash("$scrypt$ln=10,p=1,r=8$1GZ10YdmSGtTmKK9jTH85Q==$JHeICW1mUCnTC+nnULDr7QFQ3kRrZ7u12djruJdrPhI="); |
3a338f79 | 123 | |
64c4f83c | 124 | auto fromHashedHolder = CredentialsHolder(std::string(sampleHash), true); |
3a338f79 | 125 | BOOST_CHECK(fromHashedHolder.wasHashed()); |
64c4f83c | 126 | BOOST_CHECK(fromHashedHolder.isHashed()); |
3a338f79 RG |
127 | BOOST_CHECK(fromHashedHolder.matches(plaintext)); |
128 | BOOST_CHECK(!fromHashedHolder.matches("not test")); | |
64c4f83c RG |
129 | |
130 | auto fromPlaintextHolder = CredentialsHolder(std::string(plaintext), true); | |
131 | BOOST_CHECK(!fromPlaintextHolder.wasHashed()); | |
132 | BOOST_CHECK(fromPlaintextHolder.isHashed()); | |
133 | BOOST_CHECK(fromPlaintextHolder.matches(plaintext)); | |
134 | BOOST_CHECK(!fromPlaintextHolder.matches("not test")); | |
3a338f79 RG |
135 | #else |
136 | BOOST_CHECK(!CredentialsHolder::isHashingAvailable()); | |
137 | #endif | |
138 | } | |
139 | ||
71f6572a RG |
140 | BOOST_AUTO_TEST_CASE(test_SensitiveData) |
141 | { | |
142 | size_t bytes = 16; | |
143 | SensitiveData data(bytes); | |
144 | BOOST_CHECK_EQUAL(data.getString().size(), bytes); | |
145 | ||
146 | SensitiveData data2("test"); | |
147 | data2 = std::move(data); | |
148 | BOOST_CHECK_EQUAL(data2.getString().size(), bytes); | |
149 | BOOST_CHECK_EQUAL(data.getString().size(), 0U); | |
150 | ||
151 | data2.clear(); | |
152 | BOOST_CHECK_EQUAL(data2.getString().size(), 0U); | |
153 | } | |
154 | ||
3a338f79 | 155 | BOOST_AUTO_TEST_SUITE_END() |