def test_wrong_arg_type(self):
"""
Passing an argument of wrong type raises TypeError.
"""
with pytest.raises(TypeError) as e:
verify_secret(TEST_HASH_I, TEST_PASSWORD.decode("ascii"), Type.I)
assert e.value.args[0].startswith(
"initializer for ctype 'uint8_t[]' must be a")
def test_wrong_arg_type(self):
"""
Passing an argument of wrong type raises TypeError.
"""
with pytest.raises(TypeError) as e:
verify_secret(TEST_HASH_I, TEST_PASSWORD.decode("ascii"), Type.I)
assert e.value.args[0].startswith(
"initializer for ctype 'uint8_t[]' must be a"
)
def test_fail_wrong_argon2_type(self):
"""
Given a valid hash and secret and wrong type, we fail.
"""
verify_secret(TEST_HASH_D, TEST_PASSWORD, Type.D)
verify_secret(TEST_HASH_I, TEST_PASSWORD, Type.I)
with pytest.raises(VerificationError):
verify_secret(TEST_HASH_I, TEST_PASSWORD, Type.D)
def test_fail_wrong_argon2_type(self):
"""
Given a valid hash and secret and wrong type, we fail.
"""
verify_secret(TEST_HASH_D, TEST_PASSWORD, Type.D)
verify_secret(TEST_HASH_I, TEST_PASSWORD, Type.I)
with pytest.raises(VerificationError):
verify_secret(TEST_HASH_I, TEST_PASSWORD, Type.D)
def test_argument_ranges(password, time_cost, parallelism, memory_cost,
hash_len, salt_len):
"""
Ensure that both hashing and verifying works for most combinations of legal
values.
Limits are intentionally chosen to be *not* on 2^x boundaries.
This test is rather slow.
"""
assume(parallelism * 8 <= memory_cost)
hash = hash_secret(
secret=password, salt=os.urandom(salt_len),
time_cost=time_cost, parallelism=parallelism,
memory_cost=memory_cost,
hash_len=hash_len,
type=Type.I,
)
assert verify_secret(hash, password, Type.I)
def verify(self, hash, actual_string):
"""Verify hash against the plaintext string
Arguments:
hash {str} -- hash string
actual_string {str} -- string you want to check
Returns:
bool -- true, if given hash corresponds to the string
"""
try:
return verify_secret(
hash.encode(self.hash_encoding),
actual_string.encode(self.string_encoding),
Type.ID,
)
except argon2.exceptions.VerifyMismatchError:
# if mismatch error occured, return False
return False
def test_argument_ranges(password, time_cost, parallelism, memory_cost,
hash_len, salt_len):
"""
Ensure that both hashing and verifying works for most combinations of legal
values.
Limits are intentionally chosen to be *not* on 2^x boundaries.
This test is rather slow.
"""
assume(parallelism * 8 <= memory_cost)
hash = hash_secret(
secret=password,
salt=os.urandom(salt_len),
time_cost=time_cost,
parallelism=parallelism,
memory_cost=memory_cost,
hash_len=hash_len,
type=Type.I,
)
assert verify_secret(hash, password, Type.I)
def test_old_hash(self):
"""
Hashes without a version tag are recognized and verified correctly.
"""
assert True is verify_secret(TEST_HASH_I_OLD, TEST_PASSWORD, Type.I)
def test_fail(self, type, hash):
"""
Wrong password fails.
"""
with pytest.raises(VerifyMismatchError):
verify_secret(hash, bytes(reversed(TEST_PASSWORD)), type)
def test_success(self, type, hash):
"""
Given a valid hash and secret and correct type, we succeed.
"""
assert True is verify_secret(hash, TEST_PASSWORD, type)
def test_old_hash(self):
"""
Hashes without a version tag are recognized and verified correctly.
"""
assert True is verify_secret(TEST_HASH_I_OLD, TEST_PASSWORD, Type.I)
def test_fail(self, type, hash):
"""
Wrong password fails.
"""
with pytest.raises(VerifyMismatchError):
verify_secret(hash, bytes(reversed(TEST_PASSWORD)), type)
def test_success(self, type, hash):
"""
Given a valid hash and secret and correct type, we succeed.
"""
assert True is verify_secret(hash, TEST_PASSWORD, type)
