1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
import hashlib
import binascii
import json
from cork import Cork
import base64
from base64 import b64encode
import pytest
from beaker import crypto
def test_hash_basic_sha1():
dk = hashlib.pbkdf2_hmac('sha1', b'password', b'salt', 100000)
assert binascii.hexlify(dk) == b'f5496bb1328184f5228eff393ab4be9ae8fe69e7'
def test_hash_basic_sha1_b():
dk = hashlib.pbkdf2_hmac('sha1', b'password', b'salt', 10)
assert binascii.hexlify(dk) == b'ae3fe5f5707e07f3e7c117fb885cd052a6fcd77a'
def test_hash_basic_sha1_c():
cleartext = b'x' * 32
salt = b'y' * 32
dk = hashlib.pbkdf2_hmac('sha1', b'password', salt, 10)
h_old = crypto.generateCryptoKeys(cleartext, salt, 10)
assert binascii.hexlify(dk) == b'b10d37a81afb93afa5db8b522dc5cf8d8164f469'
assert binascii.hexlify(h_old) == b'b10d37a81afb93afa5db8b522dc5cf8d8164f469'
def test_hash():
cleartext = b'x' * 32
salt = b'y' * 32
print(repr(cleartext))
h = hashlib.pbkdf2_hmac('sha1', cleartext, salt, 10)
h = binascii.hexlify(h)
assert h == b'916c7f92b887a3eace655172bc3ed21fcecd82ef'
def test_hash_32():
cleartext = b'x' * 32
salt = b'y' * 32
h = hashlib.pbkdf2_hmac('sha1', cleartext, salt, 10, dklen=32)
h = binascii.hexlify(h)
assert h == b'916c7f92b887a3eace655172bc3ed21fcecd82ef4b28c12826cd5cada361013f'
def test_compare_pbkdf2():
cleartext = b'x' * 32
salt = b'y' * 32
old_h = crypto.generateCryptoKeys(cleartext, salt, 10)
h = hashlib.pbkdf2_hmac('sha1', cleartext, salt, 10, dklen=32)
assert len(h) == len(old_h)
assert h == old_h
# Test PBKDF2-based password hashing
_hash = Cork._hash_pbkdf2
def _oldhash(username, pwd, salt=None):
username = username.encode('utf-8')
pwd = pwd.encode('utf-8')
cleartext = username + b'\0' + pwd
h = crypto.generateCryptoKeys(cleartext, salt, 10)
hashed = b'p' + salt + h
return b64encode(hashed)
def test_password_hashing_PBKDF2():
shash = _hash(u'user_foo', u'bogus_pwd')
shash_old = _oldhash(u'user_foo', u'bogus_pwd')
assert isinstance(shash, bytes)
assert len(shash) == 88, "hash length should be 88 and is %d" % len(shash)
assert shash.endswith(b'='), "hash should end with '='"
assert shash == shash_old
def test_password_hashing_PBKDF2_known_hash():
salt = b's' * 32
shash = _hash(u'user_foo', u'bogus_pwd', salt=salt)
shash_old = _oldhash(u'user_foo', u'bogus_pwd', salt=salt)
assert shash == 'cHNzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzax44AxQgK6uD9q1YWxLos1ispCe1Z7T7pOFK1PwdWEs='
assert shash == shash_old
def test_password_hashing_PBKDF2_known_hash_2():
salt = b'\0' * 32
shash = _hash(u'user_foo', u'bogus_pwd', salt=salt)
shash_old = _oldhash(u'user_foo', u'bogus_pwd', salt=salt)
assert shash == 'cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/8Uh4pyEOHoRz4j0lDzAmqb7Dvmo8GpeXwiKTDsuYFw='
assert shash == shash_old
def test_password_hashing_PBKDF2_known_hash_3():
salt = b'x' * 32
shash = _hash(u'user_foo', u'bogus_pwd', salt=salt)
shash_old = _oldhash(u'user_foo', u'bogus_pwd', salt=salt)
assert shash == b'cHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4MEaIU5Op97lmvwX5NpVSTBP8jg8OlrN7c2K8K8tnNks='
assert shash == shash_old
def test_password_hashing_PBKDF2_incorrect_hash_len():
salt = b'x' * 31 # Incorrect length
with pytest.raises(AssertionError):
shash = _hash(u'user_foo', u'bogus_pwd', salt=salt)
def test_password_hashing_PBKDF2_incorrect_hash_value():
shash = _hash(u'user_foo', u'bogus_pwd')
assert len(shash) == 88, "hash length should be 88 and is %d" % len(shash)
assert shash.endswith(b'='), "hash should end with '='"
def test_password_hashing_PBKDF2_collision():
salt = b'S' * 32
hash1 = _hash(u'user_foo', u'bogus_pwd', salt=salt)
hash2 = _hash(u'user_foobogus', u'_pwd', salt=salt)
assert hash1 != hash2, "Hash collision"
|
