1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
|
# SPDX-License-Identifier: MIT
import pytest
from hypothesis import given
from hypothesis import strategies as st
from argon2 import (
DEFAULT_RANDOM_SALT_LENGTH,
Type,
hash_password,
hash_password_raw,
verify_password,
)
from argon2.exceptions import HashingError, VerificationError
from .test_low_level import (
TEST_HASH_I,
TEST_HASH_LEN,
TEST_MEMORY,
TEST_PARALLELISM,
TEST_PASSWORD,
TEST_SALT,
TEST_TIME,
i_and_d_encoded,
i_and_d_raw,
)
class TestHash:
def test_hash_defaults(self):
"""
Calling without arguments works.
"""
with pytest.deprecated_call(
match="argon2.hash_password is deprecated"
) as dc:
hash_password(b"secret")
assert dc.pop().filename.endswith("test_legacy.py")
def test_raw_defaults(self):
"""
Calling without arguments works.
"""
with pytest.deprecated_call(
match="argon2.hash_password_raw is deprecated"
) as dc:
hash_password_raw(b"secret")
assert dc.pop().filename.endswith("test_legacy.py")
@i_and_d_encoded
def test_hash_password(self, type, hash):
"""
Creates the same encoded hash as the Argon2 CLI client.
"""
with pytest.deprecated_call(
match="argon2.hash_password is deprecated"
):
rv = hash_password(
TEST_PASSWORD,
TEST_SALT,
TEST_TIME,
TEST_MEMORY,
TEST_PARALLELISM,
TEST_HASH_LEN,
type,
)
assert hash == rv
assert isinstance(rv, bytes)
@i_and_d_raw
def test_hash_password_raw(self, type, hash):
"""
Creates the same raw hash as the Argon2 CLI client.
"""
with pytest.deprecated_call(
match="argon2.hash_password_raw is deprecated"
):
rv = hash_password_raw(
TEST_PASSWORD,
TEST_SALT,
TEST_TIME,
TEST_MEMORY,
TEST_PARALLELISM,
TEST_HASH_LEN,
type,
)
assert hash == rv
assert isinstance(rv, bytes)
def test_hash_nul_bytes(self):
"""
Hashing passwords with NUL bytes works as expected.
"""
with pytest.deprecated_call(
match="argon2.hash_password_raw is deprecated"
):
rv = hash_password_raw(b"abc\x00", TEST_SALT)
with pytest.deprecated_call(
match="argon2.hash_password_raw is deprecated"
):
assert rv != hash_password_raw(b"abc", TEST_SALT)
def test_random_salt(self):
"""
Omitting a salt, creates a random one.
"""
with pytest.deprecated_call(
match="argon2.hash_password is deprecated"
):
rv = hash_password(b"secret")
salt = rv.split(b",")[-1].split(b"$")[1]
assert (
# -1 for not NUL byte
int((DEFAULT_RANDOM_SALT_LENGTH << 2) / 3 + 2) - 1 == len(salt)
)
def test_hash_wrong_arg_type(self):
"""
Passing an argument of wrong type raises TypeError.
"""
with pytest.deprecated_call(
match="argon2.hash_password is deprecated"
), pytest.raises(TypeError):
hash_password("oh no, unicode!")
def test_illegal_argon2_parameter(self):
"""
Raises HashingError if hashing fails.
"""
with pytest.deprecated_call(
match="argon2.hash_password is deprecated"
), pytest.raises(HashingError):
hash_password(TEST_PASSWORD, memory_cost=1)
@given(st.binary(max_size=128))
def test_hash_fast(self, password):
"""
Hash various passwords as cheaply as possible.
"""
with pytest.deprecated_call(
match="argon2.hash_password is deprecated"
):
hash_password(
password,
salt=b"12345678",
time_cost=1,
memory_cost=8,
parallelism=1,
hash_len=8,
)
class TestVerify:
@i_and_d_encoded
def test_success(self, type, hash):
"""
Given a valid hash and password and correct type, we succeed.
"""
with pytest.deprecated_call(
match="argon2.verify_password is deprecated"
) as dc:
assert True is verify_password(hash, TEST_PASSWORD, type)
assert dc.pop().filename.endswith("test_legacy.py")
def test_fail_wrong_argon2_type(self):
"""
Given a valid hash and password and wrong type, we fail.
"""
with pytest.deprecated_call(
match="argon2.verify_password is deprecated"
), pytest.raises(VerificationError):
verify_password(TEST_HASH_I, TEST_PASSWORD, Type.D)
def test_wrong_arg_type(self):
"""
Passing an argument of wrong type raises TypeError.
"""
with pytest.deprecated_call(
match="argon2.verify_password is deprecated"
), pytest.raises(TypeError):
verify_password(TEST_HASH_I, TEST_PASSWORD.decode("ascii"))
|
