diff options
| author | Bond_009 <bond.009@outlook.com> | 2021-11-10 22:34:54 +0100 |
|---|---|---|
| committer | Bond_009 <bond.009@outlook.com> | 2021-11-10 22:34:54 +0100 |
| commit | 5265b3eee794762b4de39a68b5bfbf767faaac36 (patch) | |
| tree | 2668225a1747b4c4f50e9dc8f79f50a35334871b /tests/Jellyfin.Common.Tests | |
| parent | 4c88bf3fe3ef2e02632655acfcb8db18fd9f7d82 (diff) | |
Replace PBKDF2-SHA1 with PBKDF2-SHA512
This also migrates already created passwords on login
Source for the number of iterations:
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2
Diffstat (limited to 'tests/Jellyfin.Common.Tests')
| -rw-r--r-- | tests/Jellyfin.Common.Tests/Cryptography/PasswordHashTests.cs | 169 |
1 files changed, 0 insertions, 169 deletions
diff --git a/tests/Jellyfin.Common.Tests/Cryptography/PasswordHashTests.cs b/tests/Jellyfin.Common.Tests/Cryptography/PasswordHashTests.cs deleted file mode 100644 index bfece97b6..000000000 --- a/tests/Jellyfin.Common.Tests/Cryptography/PasswordHashTests.cs +++ /dev/null @@ -1,169 +0,0 @@ -using System; -using System.Collections.Generic; -using MediaBrowser.Common.Cryptography; -using Xunit; - -namespace Jellyfin.Common.Tests.Cryptography -{ - public static class PasswordHashTests - { - [Fact] - public static void Ctor_Null_ThrowsArgumentNullException() - { - Assert.Throws<ArgumentNullException>(() => new PasswordHash(null!, Array.Empty<byte>())); - } - - [Fact] - public static void Ctor_Empty_ThrowsArgumentException() - { - Assert.Throws<ArgumentException>(() => new PasswordHash(string.Empty, Array.Empty<byte>())); - } - - public static TheoryData<string, PasswordHash> Parse_Valid_TestData() - { - var data = new TheoryData<string, PasswordHash>(); - // Id - data.Add( - "$PBKDF2", - new PasswordHash("PBKDF2", Array.Empty<byte>())); - - // Id + parameter - data.Add( - "$PBKDF2$iterations=1000", - new PasswordHash( - "PBKDF2", - Array.Empty<byte>(), - Array.Empty<byte>(), - new Dictionary<string, string>() - { - { "iterations", "1000" }, - })); - - // Id + parameters - data.Add( - "$PBKDF2$iterations=1000,m=120", - new PasswordHash( - "PBKDF2", - Array.Empty<byte>(), - Array.Empty<byte>(), - new Dictionary<string, string>() - { - { "iterations", "1000" }, - { "m", "120" } - })); - - // Id + hash - data.Add( - "$PBKDF2$62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D", - new PasswordHash( - "PBKDF2", - Convert.FromHexString("62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D"), - Array.Empty<byte>(), - new Dictionary<string, string>())); - - // Id + salt + hash - data.Add( - "$PBKDF2$69F420$62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D", - new PasswordHash( - "PBKDF2", - Convert.FromHexString("62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D"), - Convert.FromHexString("69F420"), - new Dictionary<string, string>())); - - // Id + parameter + hash - data.Add( - "$PBKDF2$iterations=1000$62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D", - new PasswordHash( - "PBKDF2", - Convert.FromHexString("62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D"), - Array.Empty<byte>(), - new Dictionary<string, string>() - { - { "iterations", "1000" } - })); - // Id + parameters + hash - data.Add( - "$PBKDF2$iterations=1000,m=120$62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D", - new PasswordHash( - "PBKDF2", - Convert.FromHexString("62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D"), - Array.Empty<byte>(), - new Dictionary<string, string>() - { - { "iterations", "1000" }, - { "m", "120" } - })); - // Id + parameters + salt + hash - data.Add( - "$PBKDF2$iterations=1000,m=120$69F420$62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D", - new PasswordHash( - "PBKDF2", - Convert.FromHexString("62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D"), - Convert.FromHexString("69F420"), - new Dictionary<string, string>() - { - { "iterations", "1000" }, - { "m", "120" } - })); - return data; - } - - [Theory] - [MemberData(nameof(Parse_Valid_TestData))] - public static void Parse_Valid_Success(string passwordHashString, PasswordHash expected) - { - var passwordHash = PasswordHash.Parse(passwordHashString); - Assert.Equal(expected.Id, passwordHash.Id); - Assert.Equal(expected.Parameters, passwordHash.Parameters); - Assert.Equal(expected.Salt.ToArray(), passwordHash.Salt.ToArray()); - Assert.Equal(expected.Hash.ToArray(), passwordHash.Hash.ToArray()); - Assert.Equal(expected.ToString(), passwordHash.ToString()); - } - - [Theory] - [InlineData("$PBKDF2")] - [InlineData("$PBKDF2$62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D")] - [InlineData("$PBKDF2$69F420$62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D")] - [InlineData("$PBKDF2$iterations=1000$62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D")] - [InlineData("$PBKDF2$iterations=1000,m=120$62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D")] - [InlineData("$PBKDF2$iterations=1000,m=120$69F420$62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D")] - [InlineData("$PBKDF2$iterations=1000,m=120")] - public static void ToString_Roundtrip_Success(string passwordHash) - { - Assert.Equal(passwordHash, PasswordHash.Parse(passwordHash).ToString()); - } - - [Fact] - public static void Parse_Null_ThrowsArgumentException() - { - Assert.Throws<ArgumentException>(() => PasswordHash.Parse(null)); - } - - [Fact] - public static void Parse_Empty_ThrowsArgumentException() - { - Assert.Throws<ArgumentException>(() => PasswordHash.Parse(string.Empty)); - } - - [Theory] - [InlineData("$")] // No id - [InlineData("$$")] // Empty segments - [InlineData("PBKDF2$")] // Doesn't start with $ - [InlineData("$PBKDF2$$62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D")] // Empty segment - [InlineData("$PBKDF2$iterations=1000$$62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D")] // Empty salt segment - [InlineData("$PBKDF2$iterations=1000$69F420$")] // Empty hash segment - [InlineData("$PBKDF2$=$62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D")] // Invalid parmeter - [InlineData("$PBKDF2$=1000$62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D")] // Invalid parmeter - [InlineData("$PBKDF2$iterations=$62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D")] // Invalid parmeter - [InlineData("$PBKDF2$iterations=1000$62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D$")] // Ends on $ - [InlineData("$PBKDF2$iterations=1000$69F420$62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D$")] // Extra segment - [InlineData("$PBKDF2$iterations=1000$69F420$62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D$anotherone")] // Extra segment - [InlineData("$PBKDF2$iterations=1000$invalidstalt$62FBA410AFCA5B4475F35137AB2E8596B127E4D927BA23F6CC05C067E897042D")] // Invalid salt - [InlineData("$PBKDF2$iterations=1000$69F420$invalid hash")] // Invalid hash - [InlineData("$PBKDF2$69F420$")] // Empty hash - public static void Parse_InvalidFormat_ThrowsFormatException(string passwordHash) - { - Assert.Throws<FormatException>(() => PasswordHash.Parse(passwordHash)); - } - } -} |