‪TYPO3CMS  9.5
BlowfishPasswordHashTest.php
Go to the documentation of this file.
1 <?php
2 declare(strict_types = 1);
3 namespace ‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing;
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 use ‪TYPO3\CMS\Core\Crypto\Random;
19 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
20 
24 class ‪BlowfishPasswordHashTest extends UnitTestCase
25 {
31  protected ‪$objectInstance;
32 
36  protected function ‪setUp()
37  {
38  if (!CRYPT_BLOWFISH) {
39  $this->markTestSkipped('Blowfish is not supported on your platform.');
40  }
41  $this->objectInstance = $this->getMockBuilder(\‪TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash::class)
42  ->setMethods(['dummy'])
43  ->getMock();
44  }
45 
49  public function ‪nonZeroSaltLength()
50  {
51  $this->assertTrue($this->objectInstance->getSaltLength() > 0);
52  }
53 
57  public function ‪createdSaltedHashOfProperStructureForCustomSaltWithoutSetting()
58  {
59  $password = 'password';
60  // custom salt without setting
61  $randomBytes = (new ‪Random())->generateRandomBytes($this->objectInstance->getSaltLength());
62  $salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
63  $this->assertTrue($this->objectInstance->isValidSalt($salt));
64  $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
65  $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
66  }
67 
71  public function ‪createdSaltedHashOfProperStructureForMinimumHashCount()
72  {
73  $password = 'password';
74  $minHashCount = $this->objectInstance->getMinHashCount();
75  $this->objectInstance->setHashCount($minHashCount);
76  $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
77  $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
78  // reset hashcount
79  $this->objectInstance->setHashCount(null);
80  }
81 
85  public function ‪passwordVariationsResultInDifferentHashes()
86  {
87  $pad = 'a';
88  $criticalPwLength = 0;
89  // We're using a constant salt.
90  $saltedHashPasswordCurrent = $salt = $this->objectInstance->getHashedPassword($pad);
91  for ($i = 0; $i <= 128; $i += 8) {
92  $password = str_repeat($pad, max($i, 1));
93  $saltedHashPasswordPrevious = $saltedHashPasswordCurrent;
94  $saltedHashPasswordCurrent = $this->objectInstance->getHashedPassword($password, $salt);
95  if ($i > 0 && $saltedHashPasswordPrevious === $saltedHashPasswordCurrent) {
96  $criticalPwLength = $i;
97  break;
98  }
99  }
100  $this->assertTrue($criticalPwLength == 0 || $criticalPwLength > 32, 'Duplicates of hashed passwords with plaintext password of length ' . $criticalPwLength . '+.');
101  }
102 
106  public function ‪modifiedHashCount()
107  {
108  $hashCount = $this->objectInstance->getHashCount();
109  $this->objectInstance->setMaxHashCount($hashCount + 1);
110  $this->objectInstance->setHashCount($hashCount + 1);
111  $this->assertTrue($this->objectInstance->getHashCount() > $hashCount);
112  $this->objectInstance->setMinHashCount($hashCount - 1);
113  $this->objectInstance->setHashCount($hashCount - 1);
114  $this->assertTrue($this->objectInstance->getHashCount() < $hashCount);
115  // reset hashcount
116  $this->objectInstance->setHashCount(null);
117  }
118 
122  public function ‪updateNecessityForIncreasedHashcount()
123  {
124  $password = 'password';
125  $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
126  $increasedHashCount = $this->objectInstance->getHashCount() + 1;
127  $this->objectInstance->setMaxHashCount($increasedHashCount);
128  $this->objectInstance->setHashCount($increasedHashCount);
129  $this->assertTrue($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
130  // reset hashcount
131  $this->objectInstance->setHashCount(null);
132  }
133 
137  public function ‪updateNecessityForDecreasedHashcount()
138  {
139  $password = 'password';
140  $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
141  $decreasedHashCount = $this->objectInstance->getHashCount() - 1;
142  $this->objectInstance->setMinHashCount($decreasedHashCount);
143  $this->objectInstance->setHashCount($decreasedHashCount);
144  $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
145  // reset hashcount
146  $this->objectInstance->setHashCount(null);
147  }
148 }
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\BlowfishPasswordHashTest\updateNecessityForDecreasedHashcount
‪updateNecessityForDecreasedHashcount()
Definition: BlowfishPasswordHashTest.php:136
‪TYPO3
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\BlowfishPasswordHashTest\createdSaltedHashOfProperStructureForCustomSaltWithoutSetting
‪createdSaltedHashOfProperStructureForCustomSaltWithoutSetting()
Definition: BlowfishPasswordHashTest.php:56
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\BlowfishPasswordHashTest\updateNecessityForIncreasedHashcount
‪updateNecessityForIncreasedHashcount()
Definition: BlowfishPasswordHashTest.php:121
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing
Definition: Argon2iPasswordHashTest.php:3
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\BlowfishPasswordHashTest\$objectInstance
‪TYPO3 CMS Core Crypto PasswordHashing BlowfishPasswordHash $objectInstance
Definition: BlowfishPasswordHashTest.php:30
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\BlowfishPasswordHashTest\createdSaltedHashOfProperStructureForMinimumHashCount
‪createdSaltedHashOfProperStructureForMinimumHashCount()
Definition: BlowfishPasswordHashTest.php:70
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\BlowfishPasswordHashTest\setUp
‪setUp()
Definition: BlowfishPasswordHashTest.php:35
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\BlowfishPasswordHashTest
Definition: BlowfishPasswordHashTest.php:25
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\BlowfishPasswordHashTest\passwordVariationsResultInDifferentHashes
‪passwordVariationsResultInDifferentHashes()
Definition: BlowfishPasswordHashTest.php:84
‪TYPO3\CMS\Core\Crypto\Random
Definition: Random.php:22
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\BlowfishPasswordHashTest\modifiedHashCount
‪modifiedHashCount()
Definition: BlowfishPasswordHashTest.php:105
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\BlowfishPasswordHashTest\nonZeroSaltLength
‪nonZeroSaltLength()
Definition: BlowfishPasswordHashTest.php:48