lixen/auth
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v0.2.1 argon2 and scram imporoved

Browse Source
This commit is contained in:
Lixen Wraith
2025-11-04 08:10:16 -05:00
parent 3471030edd
commit aafa680a35
4 changed files with 371 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
argon2_test.go
View File

@ -2,6 +2,7 @@
package auth
import (
"encoding/base64"
"strings"
"sync"
"testing"
@ -112,4 +113,63 @@ func TestPHCMigration(t *testing.T) {
// Test with invalid PHC format
_, err = MigrateFromPHC(username, password, "$invalid$format")
assert.Error(t, err)
}
func TestValidatePHCHashFormat(t *testing.T) {
// Generate valid hash for testing
validHash, err := HashPassword("testPassword123")
require.NoError(t, err)
// Test valid hash
err = ValidatePHCHashFormat(validHash)
assert.NoError(t, err, "Valid hash should pass validation")
// Test malformed formats
testCases := []struct {
name string
hash string
wantErr error
}{
{"empty", "", ErrPHCInvalidFormat},
{"not PHC format", "plaintext", ErrPHCInvalidFormat},
{"wrong prefix", "argon2id$v=19$m=65536,t=3,p=4$salt$hash", ErrPHCInvalidFormat},
{"wrong algorithm", "$bcrypt$v=19$m=65536,t=3,p=4$salt$hash", ErrPHCInvalidFormat},
{"missing version", "$argon2id$$m=65536,t=3,p=4$salt$hash", ErrPHCInvalidFormat},
{"wrong version", "$argon2id$v=1$m=65536,t=3,p=4$salt$hash", ErrPHCInvalidFormat},
{"missing params", "$argon2id$v=19$$salt$hash", ErrPHCInvalidFormat},
{"invalid params format", "$argon2id$v=19$invalid$salt$hash", ErrPHCInvalidFormat},
{"zero time", "$argon2id$v=19$m=65536,t=0,p=4$salt$hash", ErrPHCInvalidFormat},
{"zero memory", "$argon2id$v=19$m=0,t=3,p=4$salt$hash", ErrPHCInvalidFormat},
{"zero threads", "$argon2id$v=19$m=65536,t=3,p=0$salt$hash", ErrPHCInvalidFormat},
{"excessive memory", "$argon2id$v=19$m=5000000,t=3,p=4$salt$hash", ErrPHCInvalidFormat},
{"excessive time", "$argon2id$v=19$m=65536,t=2000,p=4$salt$hash", ErrPHCInvalidFormat},
{"invalid salt encoding", "$argon2id$v=19$m=65536,t=3,p=4$!!!invalid!!!$hash", ErrPHCInvalidSalt},
{"invalid hash encoding", "$argon2id$v=19$m=65536,t=3,p=4$" +
base64.RawStdEncoding.EncodeToString([]byte("salt12345678")) + "$!!!invalid!!!", ErrPHCInvalidHash},
{"short salt", "$argon2id$v=19$m=65536,t=3,p=4$" +
base64.RawStdEncoding.EncodeToString([]byte("short")) + "$" +
base64.RawStdEncoding.EncodeToString([]byte("hash1234567890123456")), ErrPHCInvalidSalt},
{"short hash", "$argon2id$v=19$m=65536,t=3,p=4$" +
base64.RawStdEncoding.EncodeToString([]byte("salt12345678")) + "$" +
base64.RawStdEncoding.EncodeToString([]byte("short")), ErrPHCInvalidHash},
{"too few parts", "$argon2id$v=19$m=65536,t=3,p=4", ErrPHCInvalidFormat},
{"too many parts", "$argon2id$v=19$m=65536,t=3,p=4$salt$hash$extra", ErrPHCInvalidFormat},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
err := ValidatePHCHashFormat(tc.hash)
assert.ErrorIs(t, err, tc.wantErr, "Test case: %s", tc.name)
})
}
// Test that validation doesn't require password
err = ValidatePHCHashFormat(validHash)
assert.NoError(t, err, "Should validate format without password")
// Verify that a validated hash can still be used for verification
err = ValidatePHCHashFormat(validHash)
require.NoError(t, err)
err = VerifyPassword("testPassword123", validHash)
assert.NoError(t, err, "Validated hash should still work for password verification")
}