23981747673

Committed 04 Apr 2026 03:21PM UTC coverage: 89.456% (+0.002%) from 89.454%

Build # 23981747673

Build Type

Pull #5478

github

Committed by

web-flow

Commit Message

Merge d3e86fe9e into 417709dd7

Pull Request Pull Request #5478: Add PKCS#12 KDF

Run Details

105700 of 118158 relevant lines covered (89.46%)

11669478.03 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

92.11

/src/tests/test_passhash.cpp

/*
* (C) 2014,2015 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "tests.h"

#if defined(BOTAN_HAS_BCRYPT)
   #include <botan/bcrypt.h>
#endif

#if defined(BOTAN_HAS_PASSHASH9)
   #include <botan/passhash9.h>
#endif

#if defined(BOTAN_HAS_ARGON2_FMT)
   #include "test_rng.h"
   #include <botan/argon2fmt.h>
#endif

#if defined(BOTAN_HAS_PKCS12_KDF)
   #include <botan/pwdhash.h>
#endif

namespace Botan_Tests {

namespace {

#if defined(BOTAN_HAS_BCRYPT)
class Bcrypt_Tests final : public Text_Based_Test {
   public:
      Bcrypt_Tests() : Text_Based_Test("passhash/bcrypt.vec", "Password,Passhash") {}

      Test::Result run_one_test(const std::string& /*header*/, const VarMap& vars) override {
         // Encoded as binary so we can test binary inputs
         const std::vector<uint8_t> password_vec = vars.get_req_bin("Password");
         const std::string password(reinterpret_cast<const char*>(password_vec.data()), password_vec.size());

         const std::string passhash = vars.get_req_str("Passhash");

         Test::Result result("bcrypt");
         result.test_is_true("correct hash accepted", Botan::check_bcrypt(password, passhash));

         // self-test low levels for each test password
         for(uint16_t level = 4; level <= 6; ++level) {
            const std::string gen_hash = Botan::generate_bcrypt(password, this->rng(), level);
            result.test_is_true("generated hash accepted", Botan::check_bcrypt(password, gen_hash));
         }

         return result;
      }

      std::vector<Test::Result> run_final_tests() override {
         Test::Result result("bcrypt");

         const uint64_t start = Test::timestamp();

         const std::string password = "ag00d1_2BE5ur3";

         const uint16_t max_level = (Test::run_long_tests() ? 15 : 10);

         auto& rng = this->rng();

         for(uint16_t level = 4; level <= max_level; ++level) {
            const std::string gen_hash = Botan::generate_bcrypt(password, rng, level);
            result.test_is_true("generated hash accepted", Botan::check_bcrypt(password, gen_hash));
         }

         result.test_throws("Invalid bcrypt version rejected", "Unknown bcrypt version 'q'", [&rng]() {
            Botan::generate_bcrypt("pass", rng, 4, 'q');
         });

         result.set_ns_consumed(Test::timestamp() - start);

         return {result};
      }
};

BOTAN_REGISTER_TEST("pbkdf", "bcrypt", Bcrypt_Tests);

#endif

#if defined(BOTAN_HAS_ARGON2_FMT)
class Argon2_Tests final : public Text_Based_Test {
   public:
      Argon2_Tests() : Text_Based_Test("passhash/argon2.vec", "Password,Passhash", "Mode,M,T,P,Salt,OutLen") {}

      Test::Result run_one_test(const std::string& header, const VarMap& vars) override {
         const std::string password = vars.get_req_str("Password");
         const std::string passhash = vars.get_req_str("Passhash");

         Test::Result result("Argon2 password hash");

         if(header == "Verify") {
            const bool accepted = Botan::argon2_check_pwhash(password.data(), password.size(), passhash);
            result.test_is_true("correct hash accepted", accepted);
         } else if(header == "Generate") {
            const std::vector<uint8_t> salt = vars.get_req_bin("Salt");
            const uint8_t y = vars.get_req_u8("Mode");
            const size_t M = vars.get_req_sz("M");
            const size_t t = vars.get_req_sz("T");
            const size_t p = vars.get_req_sz("P");
            const size_t out_len = vars.get_req_sz("OutLen");

            Fixed_Output_RNG rng(salt);

            const std::string generated =
               Botan::argon2_generate_pwhash(password.data(), password.size(), rng, p, M, t, y, salt.size(), out_len);

            result.test_str_eq("expected hash generated", generated, passhash);
            const bool accepted = Botan::argon2_check_pwhash(password.data(), password.size(), generated);
            result.test_is_true("generated hash accepted", accepted);
         } else {
            throw Test_Error("Unexpected header in Argon2 password hash test file");
         }

         return result;
      }
};

BOTAN_REGISTER_TEST("pbkdf", "argon2_pass", Argon2_Tests);

#endif

#if defined(BOTAN_HAS_PASSHASH9)
class Passhash9_Tests final : public Text_Based_Test {
   public:
      Passhash9_Tests() : Text_Based_Test("passhash/passhash9.vec", "Password,Passhash,PRF") {}

      Test::Result run_one_test(const std::string& /*header*/, const VarMap& vars) override {
         // Encoded as binary so we can test binary inputs
         const std::vector<uint8_t> password_vec = vars.get_req_bin("Password");
         const std::string password(reinterpret_cast<const char*>(password_vec.data()), password_vec.size());

         const std::string passhash = vars.get_req_str("Passhash");
         const std::size_t prf = vars.get_req_sz("PRF");

         Test::Result result("passhash9");

         if(Botan::is_passhash9_alg_supported(uint8_t(prf))) {
            result.test_is_true("correct hash accepted", Botan::check_passhash9(password, passhash));
         }

         for(uint8_t alg_id = 0; alg_id <= 4; ++alg_id) {
            if(Botan::is_passhash9_alg_supported(alg_id)) {
               const std::string gen_hash = Botan::generate_passhash9(password, this->rng(), 2, alg_id);

               if(!result.test_is_true("generated hash accepted", Botan::check_passhash9(password, gen_hash))) {
                  result.test_note("rejected hash", gen_hash);
               }
            }
         }

         const uint16_t max_level = (Test::run_long_tests() ? 14 : 8);

         for(uint16_t level = 1; level <= max_level; ++level) {
            const uint8_t alg_id = 1;  // default used by generate_passhash9()
            if(Botan::is_passhash9_alg_supported(alg_id)) {
               const std::string gen_hash = Botan::generate_passhash9(password, this->rng(), level, alg_id);
               if(!result.test_is_true("generated hash accepted", Botan::check_passhash9(password, gen_hash))) {
                  result.test_note("rejected hash", gen_hash);
               }
            }
         }

         return result;
      }

      std::vector<Test::Result> run_final_tests() override {
         Test::Result result("passhash9");

         result.test_is_false("Unknown algorithm is unknown", Botan::is_passhash9_alg_supported(255));

         auto& rng = this->rng();

         result.test_throws("Throws if algorithm not supported",
                            "Passhash9: Algorithm id 255 is not defined",
                            [&rng]() { Botan::generate_passhash9("pass", rng, 3, 255); });

         result.test_throws(
            "Throws if iterations is too high", "Requested passhash9 work factor 513 is too large", []() {
               Botan::check_passhash9("floof", "$9$AgIB3c5J3kvAuML84sZ5hWT9WzJtiYRPLCEARaujS7I6IKbNCwp0");
            });
         return {result};
      }
};

BOTAN_REGISTER_TEST("pbkdf", "passhash9", Passhash9_Tests);

#endif

#if defined(BOTAN_HAS_PKCS12_KDF)

class PKCS12_KDF_Tests final : public Text_Based_Test {
   public:
      PKCS12_KDF_Tests() : Text_Based_Test("pbkdf/pkcs12_kdf.vec", "Passphrase,Salt,Iterations,Output") {}

      Test::Result run_one_test(const std::string& algo_spec, const VarMap& vars) override {
         const std::string passphrase = vars.get_req_str("Passphrase");
         const std::vector<uint8_t> salt = vars.get_req_bin("Salt");
         const size_t iterations = vars.get_req_sz("Iterations");
         const std::vector<uint8_t> expected = vars.get_req_bin("Output");

         Test::Result result(algo_spec);

         auto pwdhash_fam = Botan::PasswordHashFamily::create(algo_spec);
         if(!pwdhash_fam) {
            result.note_missing(algo_spec);
            return result;
         }

         auto pwdhash = pwdhash_fam->from_iterations(iterations);

         Botan::secure_vector<uint8_t> derived(expected.size());
         pwdhash->hash(derived, passphrase, salt);
         result.test_bin_eq("derived key", derived, expected);

         // Verify from_params(iterations) produces the same result
         auto pwdhash2 = pwdhash_fam->from_params(iterations);
         std::vector<uint8_t> derived2(expected.size());
         pwdhash2->hash(derived2, passphrase, salt);
         result.test_bin_eq("from_params matches from_iterations", derived2, expected);

         return result;
      }
};

BOTAN_REGISTER_TEST("pbkdf", "pkcs12_kdf", PKCS12_KDF_Tests);

#endif

}  // namespace

}  // namespace Botan_Tests

1	/*
2	* (C) 2014,2015 Jack Lloyd
3	*
4	* Botan is released under the Simplified BSD License (see license.txt)
5	*/
6
7	#include "tests.h"
8
9	#if defined(BOTAN_HAS_BCRYPT)
10	#include <botan/bcrypt.h>
11	#endif
12
13	#if defined(BOTAN_HAS_PASSHASH9)
14	#include <botan/passhash9.h>
15	#endif
16
17	#if defined(BOTAN_HAS_ARGON2_FMT)
18	#include "test_rng.h"
19	#include <botan/argon2fmt.h>
20	#endif
21
22	#if defined(BOTAN_HAS_PKCS12_KDF)
23	#include <botan/pwdhash.h>
24	#endif
25
26	namespace Botan_Tests {
27
28	namespace {
29
30	#if defined(BOTAN_HAS_BCRYPT)
31	class Bcrypt_Tests final : public Text_Based_Test {	×
32	public:
33	Bcrypt_Tests() : Text_Based_Test("passhash/bcrypt.vec", "Password,Passhash") {}	2✔
34
35	Test::Result run_one_test(const std::string& /header/, const VarMap& vars) override {	93✔
36	// Encoded as binary so we can test binary inputs
37	const std::vector<uint8_t> password_vec = vars.get_req_bin("Password");	93✔
38	const std::string password(reinterpret_cast<const char*>(password_vec.data()), password_vec.size());	93✔
39
40	const std::string passhash = vars.get_req_str("Passhash");	93✔
41
42	Test::Result result("bcrypt");	93✔
43	result.test_is_true("correct hash accepted", Botan::check_bcrypt(password, passhash));	93✔
44
45	// self-test low levels for each test password
46	for(uint16_t level = 4; level <= 6; ++level) {	372✔
47	const std::string gen_hash = Botan::generate_bcrypt(password, this->rng(), level);	279✔
48	result.test_is_true("generated hash accepted", Botan::check_bcrypt(password, gen_hash));	279✔
49	}	279✔
50
51	return result;	186✔
52	}	93✔
53
54	std::vector<Test::Result> run_final_tests() override {	1✔
55	Test::Result result("bcrypt");	1✔
56
57	const uint64_t start = Test::timestamp();	1✔
58
59	const std::string password = "ag00d1_2BE5ur3";	1✔
60
61	const uint16_t max_level = (Test::run_long_tests() ? 15 : 10);	1✔
62
63	auto& rng = this->rng();	1✔
64
65	for(uint16_t level = 4; level <= max_level; ++level) {	13✔
66	const std::string gen_hash = Botan::generate_bcrypt(password, rng, level);	12✔
67	result.test_is_true("generated hash accepted", Botan::check_bcrypt(password, gen_hash));	12✔
68	}	12✔
69
70	result.test_throws("Invalid bcrypt version rejected", "Unknown bcrypt version 'q'", [&rng]() {	1✔
71	Botan::generate_bcrypt("pass", rng, 4, 'q');	1✔
72	});	×
73
74	result.set_ns_consumed(Test::timestamp() - start);	1✔
75
76	return {result};	3✔
77	}	2✔
78	};
79
80	BOTAN_REGISTER_TEST("pbkdf", "bcrypt", Bcrypt_Tests);
81
82	#endif
83
84	#if defined(BOTAN_HAS_ARGON2_FMT)
85	class Argon2_Tests final : public Text_Based_Test {	×
86	public:
87	Argon2_Tests() : Text_Based_Test("passhash/argon2.vec", "Password,Passhash", "Mode,M,T,P,Salt,OutLen") {}	2✔
88
89	Test::Result run_one_test(const std::string& header, const VarMap& vars) override {	6✔
90	const std::string password = vars.get_req_str("Password");	6✔
91	const std::string passhash = vars.get_req_str("Passhash");	6✔
92
93	Test::Result result("Argon2 password hash");	6✔
94
95	if(header == "Verify") {	6✔
96	const bool accepted = Botan::argon2_check_pwhash(password.data(), password.size(), passhash);	3✔
97	result.test_is_true("correct hash accepted", accepted);	3✔
98	} else if(header == "Generate") {	3✔
99	const std::vector<uint8_t> salt = vars.get_req_bin("Salt");	3✔
100	const uint8_t y = vars.get_req_u8("Mode");	3✔
101	const size_t M = vars.get_req_sz("M");	3✔
102	const size_t t = vars.get_req_sz("T");	3✔
103	const size_t p = vars.get_req_sz("P");	3✔
104	const size_t out_len = vars.get_req_sz("OutLen");	3✔
105
106	Fixed_Output_RNG rng(salt);	3✔
107
108	const std::string generated =	3✔
109	Botan::argon2_generate_pwhash(password.data(), password.size(), rng, p, M, t, y, salt.size(), out_len);	3✔
110
111	result.test_str_eq("expected hash generated", generated, passhash);	3✔
112	const bool accepted = Botan::argon2_check_pwhash(password.data(), password.size(), generated);	3✔
113	result.test_is_true("generated hash accepted", accepted);	3✔
114	} else {	3✔
115	throw Test_Error("Unexpected header in Argon2 password hash test file");	×
116	}
117
118	return result;	6✔
119	}	6✔
120	};
121
122	BOTAN_REGISTER_TEST("pbkdf", "argon2_pass", Argon2_Tests);
123
124	#endif
125
126	#if defined(BOTAN_HAS_PASSHASH9)
127	class Passhash9_Tests final : public Text_Based_Test {	×
128	public:
129	Passhash9_Tests() : Text_Based_Test("passhash/passhash9.vec", "Password,Passhash,PRF") {}	2✔
130
131	Test::Result run_one_test(const std::string& /header/, const VarMap& vars) override {	1✔
132	// Encoded as binary so we can test binary inputs
133	const std::vector<uint8_t> password_vec = vars.get_req_bin("Password");	1✔
134	const std::string password(reinterpret_cast<const char*>(password_vec.data()), password_vec.size());	1✔
135
136	const std::string passhash = vars.get_req_str("Passhash");	1✔
137	const std::size_t prf = vars.get_req_sz("PRF");	1✔
138
139	Test::Result result("passhash9");	1✔
140
141	if(Botan::is_passhash9_alg_supported(uint8_t(prf))) {	1✔
142	result.test_is_true("correct hash accepted", Botan::check_passhash9(password, passhash));	1✔
143	}
144
145	for(uint8_t alg_id = 0; alg_id <= 4; ++alg_id) {	6✔
146	if(Botan::is_passhash9_alg_supported(alg_id)) {	5✔
147	const std::string gen_hash = Botan::generate_passhash9(password, this->rng(), 2, alg_id);	5✔
148
149	if(!result.test_is_true("generated hash accepted", Botan::check_passhash9(password, gen_hash))) {	5✔
150	result.test_note("rejected hash", gen_hash);	×
151	}
152	}	5✔
153	}
154
155	const uint16_t max_level = (Test::run_long_tests() ? 14 : 8);	1✔
156
157	for(uint16_t level = 1; level <= max_level; ++level) {	15✔
158	const uint8_t alg_id = 1; // default used by generate_passhash9()	14✔
159	if(Botan::is_passhash9_alg_supported(alg_id)) {	14✔
160	const std::string gen_hash = Botan::generate_passhash9(password, this->rng(), level, alg_id);	14✔
161	if(!result.test_is_true("generated hash accepted", Botan::check_passhash9(password, gen_hash))) {	14✔
162	result.test_note("rejected hash", gen_hash);	×
163	}
164	}	14✔
165	}
166
167	return result;	2✔
168	}	1✔
169
170	std::vector<Test::Result> run_final_tests() override {	1✔
171	Test::Result result("passhash9");	1✔
172
173	result.test_is_false("Unknown algorithm is unknown", Botan::is_passhash9_alg_supported(255));	1✔
174
175	auto& rng = this->rng();	1✔
176
177	result.test_throws("Throws if algorithm not supported",	1✔
178	"Passhash9: Algorithm id 255 is not defined",
179	[&rng]() { Botan::generate_passhash9("pass", rng, 3, 255); });	2✔
180
181	result.test_throws(	1✔
182	"Throws if iterations is too high", "Requested passhash9 work factor 513 is too large", []() {	1✔
183	Botan::check_passhash9("floof", "$9$AgIB3c5J3kvAuML84sZ5hWT9WzJtiYRPLCEARaujS7I6IKbNCwp0");	1✔
184	});
185	return {result};	3✔
186	}	2✔
187	};
188
189	BOTAN_REGISTER_TEST("pbkdf", "passhash9", Passhash9_Tests);
190
191	#endif
192
193	#if defined(BOTAN_HAS_PKCS12_KDF)
194
195	class PKCS12_KDF_Tests final : public Text_Based_Test {	×
196	public:
197	PKCS12_KDF_Tests() : Text_Based_Test("pbkdf/pkcs12_kdf.vec", "Passphrase,Salt,Iterations,Output") {}	2✔
198
199	Test::Result run_one_test(const std::string& algo_spec, const VarMap& vars) override {	10✔
200	const std::string passphrase = vars.get_req_str("Passphrase");	10✔
201	const std::vector<uint8_t> salt = vars.get_req_bin("Salt");	10✔
202	const size_t iterations = vars.get_req_sz("Iterations");	10✔
203	const std::vector<uint8_t> expected = vars.get_req_bin("Output");	10✔
204
205	Test::Result result(algo_spec);	10✔
206
207	auto pwdhash_fam = Botan::PasswordHashFamily::create(algo_spec);	10✔
208	if(!pwdhash_fam) {	10✔
209	result.note_missing(algo_spec);	×
210	return result;
211	}
212
213	auto pwdhash = pwdhash_fam->from_iterations(iterations);	10✔
214
215	Botan::secure_vector<uint8_t> derived(expected.size());	10✔
216	pwdhash->hash(derived, passphrase, salt);	10✔
217	result.test_bin_eq("derived key", derived, expected);	10✔
218
219	// Verify from_params(iterations) produces the same result
220	auto pwdhash2 = pwdhash_fam->from_params(iterations);	10✔
221	std::vector<uint8_t> derived2(expected.size());	10✔
222	pwdhash2->hash(derived2, passphrase, salt);	10✔
223	result.test_bin_eq("from_params matches from_iterations", derived2, expected);	10✔
224
225	return result;	10✔
226	}	50✔
227	};
228
229	BOTAN_REGISTER_TEST("pbkdf", "pkcs12_kdf", PKCS12_KDF_Tests);
230
231	#endif
232
233	} // namespace
234
235	} // namespace Botan_Tests

randombit / botan / 23981747673

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous