test_utils_pbkdf2.py 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323
  1. """
  2. passlib.tests -- tests for passlib.utils.pbkdf2
  3. .. warning::
  4. This module & it's functions have been deprecated, and superceded
  5. by the functions in passlib.crypto. This file is being maintained
  6. until the deprecated functions are removed, and is only present prevent
  7. historical regressions up to that point. New and more thorough testing
  8. is being done by the replacement tests in ``test_utils_crypto.py``.
  9. """
  10. #=============================================================================
  11. # imports
  12. #=============================================================================
  13. from __future__ import with_statement
  14. # core
  15. import hashlib
  16. import warnings
  17. # site
  18. # pkg
  19. # module
  20. from passlib.utils.compat import u, JYTHON
  21. from passlib.tests.utils import TestCase, hb
  22. #=============================================================================
  23. # test assorted crypto helpers
  24. #=============================================================================
  25. class UtilsTest(TestCase):
  26. """test various utils functions"""
  27. descriptionPrefix = "passlib.utils.pbkdf2"
  28. ndn_formats = ["hashlib", "iana"]
  29. ndn_values = [
  30. # (iana name, hashlib name, ... other unnormalized names)
  31. ("md5", "md5", "SCRAM-MD5-PLUS", "MD-5"),
  32. ("sha1", "sha-1", "SCRAM-SHA-1", "SHA1"),
  33. ("sha256", "sha-256", "SHA_256", "sha2-256"),
  34. ("ripemd160", "ripemd-160", "SCRAM-RIPEMD-160", "RIPEmd160",
  35. # NOTE: there was an older "RIPEMD" & "RIPEMD-128", but python treates "RIPEMD"
  36. # as alias for "RIPEMD-160"
  37. "ripemd", "SCRAM-RIPEMD"),
  38. ("test128", "test-128", "TEST128"),
  39. ("test2", "test2", "TEST-2"),
  40. ("test3_128", "test3-128", "TEST-3-128"),
  41. ]
  42. def setUp(self):
  43. super(UtilsTest, self).setUp()
  44. warnings.filterwarnings("ignore", ".*passlib.utils.pbkdf2.*deprecated", DeprecationWarning)
  45. def test_norm_hash_name(self):
  46. """norm_hash_name()"""
  47. from itertools import chain
  48. from passlib.utils.pbkdf2 import norm_hash_name
  49. from passlib.crypto.digest import _known_hash_names
  50. # test formats
  51. for format in self.ndn_formats:
  52. norm_hash_name("md4", format)
  53. self.assertRaises(ValueError, norm_hash_name, "md4", None)
  54. self.assertRaises(ValueError, norm_hash_name, "md4", "fake")
  55. # test types
  56. self.assertEqual(norm_hash_name(u("MD4")), "md4")
  57. self.assertEqual(norm_hash_name(b"MD4"), "md4")
  58. self.assertRaises(TypeError, norm_hash_name, None)
  59. # test selected results
  60. with warnings.catch_warnings():
  61. warnings.filterwarnings("ignore", '.*unknown hash')
  62. for row in chain(_known_hash_names, self.ndn_values):
  63. for idx, format in enumerate(self.ndn_formats):
  64. correct = row[idx]
  65. for value in row:
  66. result = norm_hash_name(value, format)
  67. self.assertEqual(result, correct,
  68. "name=%r, format=%r:" % (value,
  69. format))
  70. #=============================================================================
  71. # test PBKDF1 support
  72. #=============================================================================
  73. class Pbkdf1_Test(TestCase):
  74. """test kdf helpers"""
  75. descriptionPrefix = "passlib.utils.pbkdf2.pbkdf1()"
  76. pbkdf1_tests = [
  77. # (password, salt, rounds, keylen, hash, result)
  78. #
  79. # from http://www.di-mgt.com.au/cryptoKDFs.html
  80. #
  81. (b'password', hb('78578E5A5D63CB06'), 1000, 16, 'sha1', hb('dc19847e05c64d2faf10ebfb4a3d2a20')),
  82. #
  83. # custom
  84. #
  85. (b'password', b'salt', 1000, 0, 'md5', b''),
  86. (b'password', b'salt', 1000, 1, 'md5', hb('84')),
  87. (b'password', b'salt', 1000, 8, 'md5', hb('8475c6a8531a5d27')),
  88. (b'password', b'salt', 1000, 16, 'md5', hb('8475c6a8531a5d27e386cd496457812c')),
  89. (b'password', b'salt', 1000, None, 'md5', hb('8475c6a8531a5d27e386cd496457812c')),
  90. (b'password', b'salt', 1000, None, 'sha1', hb('4a8fd48e426ed081b535be5769892fa396293efb')),
  91. ]
  92. if not JYTHON:
  93. pbkdf1_tests.append(
  94. (b'password', b'salt', 1000, None, 'md4', hb('f7f2e91100a8f96190f2dd177cb26453'))
  95. )
  96. def setUp(self):
  97. super(Pbkdf1_Test, self).setUp()
  98. warnings.filterwarnings("ignore", ".*passlib.utils.pbkdf2.*deprecated", DeprecationWarning)
  99. def test_known(self):
  100. """test reference vectors"""
  101. from passlib.utils.pbkdf2 import pbkdf1
  102. for secret, salt, rounds, keylen, digest, correct in self.pbkdf1_tests:
  103. result = pbkdf1(secret, salt, rounds, keylen, digest)
  104. self.assertEqual(result, correct)
  105. def test_border(self):
  106. """test border cases"""
  107. from passlib.utils.pbkdf2 import pbkdf1
  108. def helper(secret=b'secret', salt=b'salt', rounds=1, keylen=1, hash='md5'):
  109. return pbkdf1(secret, salt, rounds, keylen, hash)
  110. helper()
  111. # salt/secret wrong type
  112. self.assertRaises(TypeError, helper, secret=1)
  113. self.assertRaises(TypeError, helper, salt=1)
  114. # non-existent hashes
  115. self.assertRaises(ValueError, helper, hash='missing')
  116. # rounds < 1 and wrong type
  117. self.assertRaises(ValueError, helper, rounds=0)
  118. self.assertRaises(TypeError, helper, rounds='1')
  119. # keylen < 0, keylen > block_size, and wrong type
  120. self.assertRaises(ValueError, helper, keylen=-1)
  121. self.assertRaises(ValueError, helper, keylen=17, hash='md5')
  122. self.assertRaises(TypeError, helper, keylen='1')
  123. #=============================================================================
  124. # test PBKDF2 support
  125. #=============================================================================
  126. class Pbkdf2_Test(TestCase):
  127. """test pbkdf2() support"""
  128. descriptionPrefix = "passlib.utils.pbkdf2.pbkdf2()"
  129. pbkdf2_test_vectors = [
  130. # (result, secret, salt, rounds, keylen, prf="sha1")
  131. #
  132. # from rfc 3962
  133. #
  134. # test case 1 / 128 bit
  135. (
  136. hb("cdedb5281bb2f801565a1122b2563515"),
  137. b"password", b"ATHENA.MIT.EDUraeburn", 1, 16
  138. ),
  139. # test case 2 / 128 bit
  140. (
  141. hb("01dbee7f4a9e243e988b62c73cda935d"),
  142. b"password", b"ATHENA.MIT.EDUraeburn", 2, 16
  143. ),
  144. # test case 2 / 256 bit
  145. (
  146. hb("01dbee7f4a9e243e988b62c73cda935da05378b93244ec8f48a99e61ad799d86"),
  147. b"password", b"ATHENA.MIT.EDUraeburn", 2, 32
  148. ),
  149. # test case 3 / 256 bit
  150. (
  151. hb("5c08eb61fdf71e4e4ec3cf6ba1f5512ba7e52ddbc5e5142f708a31e2e62b1e13"),
  152. b"password", b"ATHENA.MIT.EDUraeburn", 1200, 32
  153. ),
  154. # test case 4 / 256 bit
  155. (
  156. hb("d1daa78615f287e6a1c8b120d7062a493f98d203e6be49a6adf4fa574b6e64ee"),
  157. b"password", b'\x12\x34\x56\x78\x78\x56\x34\x12', 5, 32
  158. ),
  159. # test case 5 / 256 bit
  160. (
  161. hb("139c30c0966bc32ba55fdbf212530ac9c5ec59f1a452f5cc9ad940fea0598ed1"),
  162. b"X"*64, b"pass phrase equals block size", 1200, 32
  163. ),
  164. # test case 6 / 256 bit
  165. (
  166. hb("9ccad6d468770cd51b10e6a68721be611a8b4d282601db3b36be9246915ec82a"),
  167. b"X"*65, b"pass phrase exceeds block size", 1200, 32
  168. ),
  169. #
  170. # from rfc 6070
  171. #
  172. (
  173. hb("0c60c80f961f0e71f3a9b524af6012062fe037a6"),
  174. b"password", b"salt", 1, 20,
  175. ),
  176. (
  177. hb("ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957"),
  178. b"password", b"salt", 2, 20,
  179. ),
  180. (
  181. hb("4b007901b765489abead49d926f721d065a429c1"),
  182. b"password", b"salt", 4096, 20,
  183. ),
  184. # just runs too long - could enable if ALL option is set
  185. ##(
  186. ##
  187. ## unhexlify("eefe3d61cd4da4e4e9945b3d6ba2158c2634e984"),
  188. ## "password", "salt", 16777216, 20,
  189. ##),
  190. (
  191. hb("3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038"),
  192. b"passwordPASSWORDpassword",
  193. b"saltSALTsaltSALTsaltSALTsaltSALTsalt",
  194. 4096, 25,
  195. ),
  196. (
  197. hb("56fa6aa75548099dcc37d7f03425e0c3"),
  198. b"pass\00word", b"sa\00lt", 4096, 16,
  199. ),
  200. #
  201. # from example in http://grub.enbug.org/Authentication
  202. #
  203. (
  204. hb("887CFF169EA8335235D8004242AA7D6187A41E3187DF0CE14E256D85ED"
  205. "97A97357AAA8FF0A3871AB9EEFF458392F462F495487387F685B7472FC"
  206. "6C29E293F0A0"),
  207. b"hello",
  208. hb("9290F727ED06C38BA4549EF7DE25CF5642659211B7FC076F2D28FEFD71"
  209. "784BB8D8F6FB244A8CC5C06240631B97008565A120764C0EE9C2CB0073"
  210. "994D79080136"),
  211. 10000, 64, "hmac-sha512"
  212. ),
  213. #
  214. # custom
  215. #
  216. (
  217. hb('e248fb6b13365146f8ac6307cc222812'),
  218. b"secret", b"salt", 10, 16, "hmac-sha1",
  219. ),
  220. (
  221. hb('e248fb6b13365146f8ac6307cc2228127872da6d'),
  222. b"secret", b"salt", 10, None, "hmac-sha1",
  223. ),
  224. ]
  225. def setUp(self):
  226. super(Pbkdf2_Test, self).setUp()
  227. warnings.filterwarnings("ignore", ".*passlib.utils.pbkdf2.*deprecated", DeprecationWarning)
  228. def test_known(self):
  229. """test reference vectors"""
  230. from passlib.utils.pbkdf2 import pbkdf2
  231. for row in self.pbkdf2_test_vectors:
  232. correct, secret, salt, rounds, keylen = row[:5]
  233. prf = row[5] if len(row) == 6 else "hmac-sha1"
  234. result = pbkdf2(secret, salt, rounds, keylen, prf)
  235. self.assertEqual(result, correct)
  236. def test_border(self):
  237. """test border cases"""
  238. from passlib.utils.pbkdf2 import pbkdf2
  239. def helper(secret=b'password', salt=b'salt', rounds=1, keylen=None, prf="hmac-sha1"):
  240. return pbkdf2(secret, salt, rounds, keylen, prf)
  241. helper()
  242. # invalid rounds
  243. self.assertRaises(ValueError, helper, rounds=-1)
  244. self.assertRaises(ValueError, helper, rounds=0)
  245. self.assertRaises(TypeError, helper, rounds='x')
  246. # invalid keylen
  247. self.assertRaises(ValueError, helper, keylen=-1)
  248. self.assertRaises(ValueError, helper, keylen=0)
  249. helper(keylen=1)
  250. self.assertRaises(OverflowError, helper, keylen=20*(2**32-1)+1)
  251. self.assertRaises(TypeError, helper, keylen='x')
  252. # invalid secret/salt type
  253. self.assertRaises(TypeError, helper, salt=5)
  254. self.assertRaises(TypeError, helper, secret=5)
  255. # invalid hash
  256. self.assertRaises(ValueError, helper, prf='hmac-foo')
  257. self.assertRaises(NotImplementedError, helper, prf='foo')
  258. self.assertRaises(TypeError, helper, prf=5)
  259. def test_default_keylen(self):
  260. """test keylen==None"""
  261. from passlib.utils.pbkdf2 import pbkdf2
  262. def helper(secret=b'password', salt=b'salt', rounds=1, keylen=None, prf="hmac-sha1"):
  263. return pbkdf2(secret, salt, rounds, keylen, prf)
  264. self.assertEqual(len(helper(prf='hmac-sha1')), 20)
  265. self.assertEqual(len(helper(prf='hmac-sha256')), 32)
  266. def test_custom_prf(self):
  267. """test custom prf function"""
  268. from passlib.utils.pbkdf2 import pbkdf2
  269. def prf(key, msg):
  270. return hashlib.md5(key+msg+b'fooey').digest()
  271. self.assertRaises(NotImplementedError, pbkdf2, b'secret', b'salt', 1000, 20, prf)
  272. #=============================================================================
  273. # eof
  274. #=============================================================================