2930c7f7c26c4b73f2e02e3ed376802b0f8b9b8b
[Packages/TYPO3.CMS.git] / typo3 / sysext / saltedpasswords / Tests / Unit / Salt / BlowfishSaltTest.php
1 <?php
2 namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Salt;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 * A copy is found in the textfile GPL.txt and important notices to the license
19 * from the author is found in LICENSE.txt distributed with these scripts.
20 *
21 *
22 * This script is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
26 *
27 * This copyright notice MUST APPEAR in all copies of the script!
28 ***************************************************************/
29
30 /**
31 * Testcase for BlowfishSalt
32 *
33 * @author Marcus Krause <marcus#exp2009@t3sec.info>
34 * @package TYPO3
35 * @subpackage tx_saltedpasswords
36 */
37 class BlowfishSaltTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
38
39 /**
40 * Keeps instance of object to test.
41 *
42 * @var \TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt
43 */
44 protected $objectInstance = NULL;
45
46 /**
47 * Sets up the fixtures for this testcase.
48 *
49 * @return void
50 */
51 public function setUp() {
52 $this->objectInstance = $this->getMock('TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt', array('dummy'));
53 }
54
55 /**
56 * Tears down objects and settings created in this testcase.
57 *
58 * @return void
59 */
60 public function tearDown() {
61 unset($this->objectInstance);
62 }
63
64 /**
65 * Marks tests as skipped if the blowfish method is not available.
66 *
67 * @return void
68 */
69 protected function skipTestIfBlowfishIsNotAvailable() {
70 if (!CRYPT_BLOWFISH) {
71 $this->markTestSkipped('Blowfish is not supported on your platform.');
72 }
73 }
74
75 /**
76 * @test
77 */
78 public function hasCorrectBaseClass() {
79 $hasCorrectBaseClass = 0 === strcmp('TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt', get_class($this->objectInstance)) ? TRUE : FALSE;
80 // XCLASS ?
81 if (!$hasCorrectBaseClass && FALSE != get_parent_class($this->objectInstance)) {
82 $hasCorrectBaseClass = is_subclass_of($this->objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt');
83 }
84 $this->assertTrue($hasCorrectBaseClass);
85 }
86
87 /**
88 * @test
89 */
90 public function nonZeroSaltLength() {
91 $this->assertTrue($this->objectInstance->getSaltLength() > 0);
92 }
93
94 /**
95 * @test
96 */
97 public function emptyPasswordResultsInNullSaltedPassword() {
98 $password = '';
99 $this->assertNull($this->objectInstance->getHashedPassword($password));
100 }
101
102 /**
103 * @test
104 */
105 public function nonEmptyPasswordResultsInNonNullSaltedPassword() {
106 $this->skipTestIfBlowfishIsNotAvailable();
107 $password = 'a';
108 $this->assertNotNull($this->objectInstance->getHashedPassword($password));
109 }
110
111 /**
112 * @test
113 */
114 public function createdSaltedHashOfProperStructure() {
115 $this->skipTestIfBlowfishIsNotAvailable();
116 $password = 'password';
117 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
118 $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
119 }
120
121 /**
122 * @test
123 */
124 public function createdSaltedHashOfProperStructureForCustomSaltWithoutSetting() {
125 $this->skipTestIfBlowfishIsNotAvailable();
126 $password = 'password';
127 // custom salt without setting
128 $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->objectInstance->getSaltLength());
129 $salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
130 $this->assertTrue($this->objectInstance->isValidSalt($salt));
131 $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
132 $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
133 }
134
135 /**
136 * @test
137 */
138 public function createdSaltedHashOfProperStructureForMaximumHashCount() {
139 $this->skipTestIfBlowfishIsNotAvailable();
140 $password = 'password';
141 $maxHashCount = $this->objectInstance->getMaxHashCount();
142 $this->objectInstance->setHashCount($maxHashCount);
143 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
144 $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
145 // reset hashcount
146 $this->objectInstance->setHashCount(NULL);
147 }
148
149 /**
150 * @test
151 */
152 public function createdSaltedHashOfProperStructureForMinimumHashCount() {
153 $this->skipTestIfBlowfishIsNotAvailable();
154 $password = 'password';
155 $minHashCount = $this->objectInstance->getMinHashCount();
156 $this->objectInstance->setHashCount($minHashCount);
157 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
158 $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
159 // reset hashcount
160 $this->objectInstance->setHashCount(NULL);
161 }
162
163 /**
164 * Tests authentication procedure with alphabet characters.
165 *
166 * Checks if a "plain-text password" is everytime mapped to the
167 * same "salted password hash" when using the same salt.
168 *
169 * @test
170 */
171 public function authenticationWithValidAlphaCharClassPassword() {
172 $this->skipTestIfBlowfishIsNotAvailable();
173 $password = 'aEjOtY';
174 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
175 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
176 }
177
178 /**
179 * Tests authentication procedure with numeric characters.
180 *
181 * Checks if a "plain-text password" is everytime mapped to the
182 * same "salted password hash" when using the same salt.
183 *
184 * @test
185 */
186 public function authenticationWithValidNumericCharClassPassword() {
187 $this->skipTestIfBlowfishIsNotAvailable();
188 $password = '01369';
189 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
190 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
191 }
192
193 /**
194 * Tests authentication procedure with US-ASCII special characters.
195 *
196 * Checks if a "plain-text password" is everytime mapped to the
197 * same "salted password hash" when using the same salt.
198 *
199 * @test
200 */
201 public function authenticationWithValidAsciiSpecialCharClassPassword() {
202 $this->skipTestIfBlowfishIsNotAvailable();
203 $password = ' !"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~';
204 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
205 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
206 }
207
208 /**
209 * Tests authentication procedure with latin1 special characters.
210 *
211 * Checks if a "plain-text password" is everytime mapped to the
212 * same "salted password hash" when using the same salt.
213 *
214 * @test
215 */
216 public function authenticationWithValidLatin1SpecialCharClassPassword() {
217 $this->skipTestIfBlowfishIsNotAvailable();
218 $password = '';
219 for ($i = 160; $i <= 191; $i++) {
220 $password .= chr($i);
221 }
222 $password .= chr(215) . chr(247);
223 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
224 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
225 }
226
227 /**
228 * Tests authentication procedure with latin1 umlauts.
229 *
230 * Checks if a "plain-text password" is everytime mapped to the
231 * same "salted password hash" when using the same salt.
232 *
233 * @test
234 */
235 public function authenticationWithValidLatin1UmlautCharClassPassword() {
236 $this->skipTestIfBlowfishIsNotAvailable();
237 $password = '';
238 for ($i = 192; $i <= 214; $i++) {
239 $password .= chr($i);
240 }
241 for ($i = 216; $i <= 246; $i++) {
242 $password .= chr($i);
243 }
244 for ($i = 248; $i <= 255; $i++) {
245 $password .= chr($i);
246 }
247 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
248 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
249 }
250
251 /**
252 * @test
253 */
254 public function authenticationWithNonValidPassword() {
255 $this->skipTestIfBlowfishIsNotAvailable();
256 $password = 'password';
257 $password1 = $password . 'INVALID';
258 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
259 $this->assertFalse($this->objectInstance->checkPassword($password1, $saltedHashPassword));
260 }
261
262 /**
263 * @test
264 */
265 public function passwordVariationsResultInDifferentHashes() {
266 $this->skipTestIfBlowfishIsNotAvailable();
267 $pad = 'a';
268 $password = '';
269 $criticalPwLength = 0;
270 // We're using a constant salt.
271 $saltedHashPasswordCurrent = $salt = $this->objectInstance->getHashedPassword($pad);
272 for ($i = 0; $i <= 128; $i += 8) {
273 $password = str_repeat($pad, max($i, 1));
274 $saltedHashPasswordPrevious = $saltedHashPasswordCurrent;
275 $saltedHashPasswordCurrent = $this->objectInstance->getHashedPassword($password, $salt);
276 if ($i > 0 && 0 == strcmp($saltedHashPasswordPrevious, $saltedHashPasswordCurrent)) {
277 $criticalPwLength = $i;
278 break;
279 }
280 }
281 $this->assertTrue($criticalPwLength == 0 || $criticalPwLength > 32, 'Duplicates of hashed passwords with plaintext password of length ' . $criticalPwLength . '+.');
282 }
283
284 /**
285 * @test
286 */
287 public function modifiedMinHashCount() {
288 $minHashCount = $this->objectInstance->getMinHashCount();
289 $this->objectInstance->setMinHashCount($minHashCount - 1);
290 $this->assertTrue($this->objectInstance->getMinHashCount() < $minHashCount);
291 $this->objectInstance->setMinHashCount($minHashCount + 1);
292 $this->assertTrue($this->objectInstance->getMinHashCount() > $minHashCount);
293 }
294
295 /**
296 * @test
297 */
298 public function modifiedMaxHashCount() {
299 $maxHashCount = $this->objectInstance->getMaxHashCount();
300 $this->objectInstance->setMaxHashCount($maxHashCount + 1);
301 $this->assertTrue($this->objectInstance->getMaxHashCount() > $maxHashCount);
302 $this->objectInstance->setMaxHashCount($maxHashCount - 1);
303 $this->assertTrue($this->objectInstance->getMaxHashCount() < $maxHashCount);
304 }
305
306 /**
307 * @test
308 */
309 public function modifiedHashCount() {
310 $hashCount = $this->objectInstance->getHashCount();
311 $this->objectInstance->setMaxHashCount($hashCount + 1);
312 $this->objectInstance->setHashCount($hashCount + 1);
313 $this->assertTrue($this->objectInstance->getHashCount() > $hashCount);
314 $this->objectInstance->setMinHashCount($hashCount - 1);
315 $this->objectInstance->setHashCount($hashCount - 1);
316 $this->assertTrue($this->objectInstance->getHashCount() < $hashCount);
317 // reset hashcount
318 $this->objectInstance->setHashCount(NULL);
319 }
320
321 /**
322 * @test
323 */
324 public function updateNecessityForValidSaltedPassword() {
325 $this->skipTestIfBlowfishIsNotAvailable();
326 $password = 'password';
327 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
328 $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
329 }
330
331 /**
332 * @test
333 */
334 public function updateNecessityForIncreasedHashcount() {
335 $password = 'password';
336 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
337 $increasedHashCount = $this->objectInstance->getHashCount() + 1;
338 $this->objectInstance->setMaxHashCount($increasedHashCount);
339 $this->objectInstance->setHashCount($increasedHashCount);
340 $this->assertTrue($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
341 // reset hashcount
342 $this->objectInstance->setHashCount(NULL);
343 }
344
345 /**
346 * @test
347 */
348 public function updateNecessityForDecreasedHashcount() {
349 $this->skipTestIfBlowfishIsNotAvailable();
350 $password = 'password';
351 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
352 $decreasedHashCount = $this->objectInstance->getHashCount() - 1;
353 $this->objectInstance->setMinHashCount($decreasedHashCount);
354 $this->objectInstance->setHashCount($decreasedHashCount);
355 $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
356 // reset hashcount
357 $this->objectInstance->setHashCount(NULL);
358 }
359
360 }
361
362
363 ?>