‪TYPO3CMS  9.5
Pbkdf2PasswordHashTest.php
Go to the documentation of this file.
1 <?php
2 declare(strict_types = 1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
20 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
21 
25 class ‪Pbkdf2PasswordHashTest extends UnitTestCase
26 {
32  protected ‪$subject;
33 
37  protected function ‪setUp()
38  {
39  $this->subject = new ‪Pbkdf2PasswordHash(['hash_count' => 1001]);
40  }
41 
45  public function ‪nonZeroSaltLength()
46  {
47  $this->assertTrue($this->subject->getSaltLength() > 0);
48  }
49 
54  {
55  $password = 'password';
56  // custom salt without setting
57  $randomBytes = (new ‪Random())->generateRandomBytes($this->subject->getSaltLength());
58  $salt = $this->subject->base64Encode($randomBytes, $this->subject->getSaltLength());
59  $this->assertTrue($this->subject->isValidSalt($salt));
60  $saltedHashPassword = $this->subject->getHashedPassword($password, '6400$' . $salt);
61  $this->assertTrue($this->subject->isValidSaltedPW($saltedHashPassword));
62  }
63 
68  {
69  $password = 'password';
70  $minHashCount = $this->subject->getMinHashCount();
71  $this->subject->setHashCount($minHashCount);
72  $saltedHashPassword = $this->subject->getHashedPassword($password);
73  $this->assertTrue($this->subject->isValidSaltedPW($saltedHashPassword));
74  // reset hashcount
75  $this->subject->setHashCount(null);
76  }
77 
82  {
83  $pad = 'a';
84  $criticalPwLength = 0;
85  // We're using a constant salt.
86  $saltedHashPasswordCurrent = $salt = $this->subject->getHashedPassword($pad);
87  for ($i = 0; $i <= 128; $i += 8) {
88  $password = str_repeat($pad, max($i, 1));
89  $saltedHashPasswordPrevious = $saltedHashPasswordCurrent;
90  $saltedHashPasswordCurrent = $this->subject->getHashedPassword($password, $salt);
91  if ($i > 0 && $saltedHashPasswordPrevious === $saltedHashPasswordCurrent) {
92  $criticalPwLength = $i;
93  break;
94  }
95  }
96  $this->assertTrue($criticalPwLength == 0 || $criticalPwLength > 32, 'Duplicates of hashed passwords with plaintext password of length ' . $criticalPwLength . '+.');
97  }
98 
102  public function ‪modifiedHashCount()
103  {
104  $hashCount = $this->subject->getHashCount();
105  $this->subject->setMaxHashCount($hashCount + 1);
106  $this->subject->setHashCount($hashCount + 1);
107  $this->assertTrue($this->subject->getHashCount() > $hashCount);
108  $this->subject->setMinHashCount($hashCount - 1);
109  $this->subject->setHashCount($hashCount - 1);
110  $this->assertTrue($this->subject->getHashCount() < $hashCount);
111  }
112 
117  {
118  $password = 'password';
119  $saltedHashPassword = $this->subject->getHashedPassword($password);
120  $increasedHashCount = $this->subject->getHashCount() + 1;
121  $this->subject->setMaxHashCount($increasedHashCount);
122  $this->subject->setHashCount($increasedHashCount);
123  $this->assertTrue($this->subject->isHashUpdateNeeded($saltedHashPassword));
124  }
125 
130  {
131  $password = 'password';
132  $saltedHashPassword = $this->subject->getHashedPassword($password);
133  $decreasedHashCount = $this->subject->getHashCount() - 1;
134  $this->subject->setMinHashCount($decreasedHashCount);
135  $this->subject->setHashCount($decreasedHashCount);
136  $this->assertFalse($this->subject->isHashUpdateNeeded($saltedHashPassword));
137  }
138 }
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\Pbkdf2PasswordHashTest\createdSaltedHashOfProperStructureForCustomSaltWithoutSetting
‪createdSaltedHashOfProperStructureForCustomSaltWithoutSetting()
Definition: Pbkdf2PasswordHashTest.php:52
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\Pbkdf2PasswordHashTest\createdSaltedHashOfProperStructureForMinimumHashCount
‪createdSaltedHashOfProperStructureForMinimumHashCount()
Definition: Pbkdf2PasswordHashTest.php:66
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\Pbkdf2PasswordHashTest\updateNecessityForIncreasedHashcount
‪updateNecessityForIncreasedHashcount()
Definition: Pbkdf2PasswordHashTest.php:115
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\Pbkdf2PasswordHashTest\nonZeroSaltLength
‪nonZeroSaltLength()
Definition: Pbkdf2PasswordHashTest.php:44
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\Pbkdf2PasswordHashTest\modifiedHashCount
‪modifiedHashCount()
Definition: Pbkdf2PasswordHashTest.php:101
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\Pbkdf2PasswordHashTest\updateNecessityForDecreasedHashcount
‪updateNecessityForDecreasedHashcount()
Definition: Pbkdf2PasswordHashTest.php:128
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing
Definition: Argon2iPasswordHashTest.php:3
‪TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash
Definition: Pbkdf2PasswordHash.php:27
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\Pbkdf2PasswordHashTest
Definition: Pbkdf2PasswordHashTest.php:26
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\Pbkdf2PasswordHashTest\$subject
‪Pbkdf2PasswordHash $subject
Definition: Pbkdf2PasswordHashTest.php:31
‪TYPO3\CMS\Core\Crypto\Random
Definition: Random.php:22
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\Pbkdf2PasswordHashTest\setUp
‪setUp()
Definition: Pbkdf2PasswordHashTest.php:36
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\Pbkdf2PasswordHashTest\passwordVariationsResultInDifferentHashes
‪passwordVariationsResultInDifferentHashes()
Definition: Pbkdf2PasswordHashTest.php:80