diff options
Diffstat (limited to 'qvisqve_secrets/secrets_tests.py')
-rw-r--r-- | qvisqve_secrets/secrets_tests.py | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/qvisqve_secrets/secrets_tests.py b/qvisqve_secrets/secrets_tests.py new file mode 100644 index 0000000..e7cce87 --- /dev/null +++ b/qvisqve_secrets/secrets_tests.py @@ -0,0 +1,89 @@ +# Copyright (C) 2018 Lars Wirzenius +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + + +import unittest + + +import qvisqve_secrets + + +class SecretHasherTests(unittest.TestCase): + + def test_byte_string_survives_hex_roundtrip(self): + byte_string = b'\x00\x02\x03' + sh = qvisqve_secrets.SecretHasher() + encoded = sh.hex_encode(byte_string) + self.assertEqual(byte_string, sh.hex_decode(encoded)) + + def test_returns_sufficiently_long_salt(self): + sh = qvisqve_secrets.SecretHasher() + salt = sh.get_salt() + self.assertTrue(len(salt) >= 8) + + def test_produces_a_hash(self): + cleartext = 'hunter2' + salt = b'nacl' + sh = qvisqve_secrets.SecretHasher() + hashed = sh.hash(cleartext, salt) + self.assertTrue(isinstance(hashed, dict)) + + def test_produces_a_hash_with_salt(self): + cleartext = 'hunter2' + sh = qvisqve_secrets.SecretHasher() + hashed = sh.hash(cleartext) + self.assertTrue(isinstance(hashed, dict)) + + def test_produces_same_hash_for_same_input(self): + cleartext = 'hunter2' + salt = b'nacl' + sh = qvisqve_secrets.SecretHasher() + hashed1 = sh.hash(cleartext, salt) + hashed2 = sh.hash(cleartext, salt) + self.assertEqual(hashed1, hashed2) + + def test_produces_different_hashes_for_different_cleartext(self): + sh = qvisqve_secrets.SecretHasher() + salt = b'nacl' + hashed1 = sh.hash('hunter2', salt) + hashed2 = sh.hash('swordfish', salt) + self.assertNotEqual(hashed1, hashed2) + + def test_produces_different_hashes_for_same_cleartext(self): + sh = qvisqve_secrets.SecretHasher() + hashed1 = sh.hash('hunter2', b'nacl') + hashed2 = sh.hash('hunter2', b'nh4cl') + self.assertNotEqual(hashed1, hashed2) + + def test_accepts_correct_password(self): + cleartext = 'hunter2' + sh = qvisqve_secrets.SecretHasher() + hashed = sh.hash(cleartext, b'nacl') + self.assertTrue(sh.is_correct(hashed, cleartext)) + + def test_rejects_incorrect_password(self): + cleartext = 'swordfish' + sh = qvisqve_secrets.SecretHasher() + hashed = sh.hash(cleartext, b'nacl') + self.assertTrue(sh.is_correct(hashed, cleartext)) + + def test_handles_parameter_changes(self): + cleartext = 'hunter2' + salt = b'nacl' + sh = qvisqve_secrets.SecretHasher() + hashed = sh.hash(cleartext, salt) + sh.set_n(2**1) + self.assertTrue(sh.is_correct(hashed, cleartext)) + self.assertNotEqual(sh.hash(cleartext, salt), hashed) |