TestBCrypt.java 6.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194
  1. // Copyright (c) 2006 Damien Miller <djm@mindrot.org>
  2. //
  3. // Permission to use, copy, modify, and distribute this software for any
  4. // purpose with or without fee is hereby granted, provided that the above
  5. // copyright notice and this permission notice appear in all copies.
  6. //
  7. // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  8. // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  9. // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  10. // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  11. // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  12. // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  13. // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  14. import junit.framework.TestCase;
  15. /**
  16. * JUnit unit tests for BCrypt routines
  17. * @author Damien Miller
  18. * @version 0.2
  19. */
  20. public class TestBCrypt extends TestCase {
  21. String test_vectors[][] = {
  22. { "",
  23. "$2a$06$DCq7YPn5Rq63x1Lad4cll.",
  24. "$2a$06$DCq7YPn5Rq63x1Lad4cll.TV4S6ytwfsfvkgY8jIucDrjc8deX1s." },
  25. { "",
  26. "$2a$08$HqWuK6/Ng6sg9gQzbLrgb.",
  27. "$2a$08$HqWuK6/Ng6sg9gQzbLrgb.Tl.ZHfXLhvt/SgVyWhQqgqcZ7ZuUtye" },
  28. { "",
  29. "$2a$10$k1wbIrmNyFAPwPVPSVa/ze",
  30. "$2a$10$k1wbIrmNyFAPwPVPSVa/zecw2BCEnBwVS2GbrmgzxFUOqW9dk4TCW" },
  31. { "",
  32. "$2a$12$k42ZFHFWqBp3vWli.nIn8u",
  33. "$2a$12$k42ZFHFWqBp3vWli.nIn8uYyIkbvYRvodzbfbK18SSsY.CsIQPlxO" },
  34. { "a",
  35. "$2a$06$m0CrhHm10qJ3lXRY.5zDGO",
  36. "$2a$06$m0CrhHm10qJ3lXRY.5zDGO3rS2KdeeWLuGmsfGlMfOxih58VYVfxe" },
  37. { "a",
  38. "$2a$08$cfcvVd2aQ8CMvoMpP2EBfe",
  39. "$2a$08$cfcvVd2aQ8CMvoMpP2EBfeodLEkkFJ9umNEfPD18.hUF62qqlC/V." },
  40. { "a",
  41. "$2a$10$k87L/MF28Q673VKh8/cPi.",
  42. "$2a$10$k87L/MF28Q673VKh8/cPi.SUl7MU/rWuSiIDDFayrKk/1tBsSQu4u" },
  43. { "a",
  44. "$2a$12$8NJH3LsPrANStV6XtBakCe",
  45. "$2a$12$8NJH3LsPrANStV6XtBakCez0cKHXVxmvxIlcz785vxAIZrihHZpeS" },
  46. { "abc",
  47. "$2a$06$If6bvum7DFjUnE9p2uDeDu",
  48. "$2a$06$If6bvum7DFjUnE9p2uDeDu0YHzrHM6tf.iqN8.yx.jNN1ILEf7h0i" },
  49. { "abc",
  50. "$2a$08$Ro0CUfOqk6cXEKf3dyaM7O",
  51. "$2a$08$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm" },
  52. { "abc",
  53. "$2a$10$WvvTPHKwdBJ3uk0Z37EMR.",
  54. "$2a$10$WvvTPHKwdBJ3uk0Z37EMR.hLA2W6N9AEBhEgrAOljy2Ae5MtaSIUi" },
  55. { "abc",
  56. "$2a$12$EXRkfkdmXn2gzds2SSitu.",
  57. "$2a$12$EXRkfkdmXn2gzds2SSitu.MW9.gAVqa9eLS1//RYtYCmB1eLHg.9q" },
  58. { "abcdefghijklmnopqrstuvwxyz",
  59. "$2a$06$.rCVZVOThsIa97pEDOxvGu",
  60. "$2a$06$.rCVZVOThsIa97pEDOxvGuRRgzG64bvtJ0938xuqzv18d3ZpQhstC" },
  61. { "abcdefghijklmnopqrstuvwxyz",
  62. "$2a$08$aTsUwsyowQuzRrDqFflhge",
  63. "$2a$08$aTsUwsyowQuzRrDqFflhgekJ8d9/7Z3GV3UcgvzQW3J5zMyrTvlz." },
  64. { "abcdefghijklmnopqrstuvwxyz",
  65. "$2a$10$fVH8e28OQRj9tqiDXs1e1u",
  66. "$2a$10$fVH8e28OQRj9tqiDXs1e1uxpsjN0c7II7YPKXua2NAKYvM6iQk7dq" },
  67. { "abcdefghijklmnopqrstuvwxyz",
  68. "$2a$12$D4G5f18o7aMMfwasBL7Gpu",
  69. "$2a$12$D4G5f18o7aMMfwasBL7GpuQWuP3pkrZrOAnqP.bmezbMng.QwJ/pG" },
  70. { "~!@#$%^&*() ~!@#$%^&*()PNBFRD",
  71. "$2a$06$fPIsBO8qRqkjj273rfaOI.",
  72. "$2a$06$fPIsBO8qRqkjj273rfaOI.HtSV9jLDpTbZn782DC6/t7qT67P6FfO" },
  73. { "~!@#$%^&*() ~!@#$%^&*()PNBFRD",
  74. "$2a$08$Eq2r4G/76Wv39MzSX262hu",
  75. "$2a$08$Eq2r4G/76Wv39MzSX262huzPz612MZiYHVUJe/OcOql2jo4.9UxTW" },
  76. { "~!@#$%^&*() ~!@#$%^&*()PNBFRD",
  77. "$2a$10$LgfYWkbzEvQ4JakH7rOvHe",
  78. "$2a$10$LgfYWkbzEvQ4JakH7rOvHe0y8pHKF9OaFgwUZ2q7W2FFZmZzJYlfS" },
  79. { "~!@#$%^&*() ~!@#$%^&*()PNBFRD",
  80. "$2a$12$WApznUOJfkEGSmYRfnkrPO",
  81. "$2a$12$WApznUOJfkEGSmYRfnkrPOr466oFDCaj4b6HY3EXGvfxm43seyhgC" },
  82. };
  83. /**
  84. * Entry point for unit tests
  85. * @param args unused
  86. */
  87. public static void main(String[] args) {
  88. junit.textui.TestRunner.run(TestBCrypt.class);
  89. }
  90. /**
  91. * Test method for 'BCrypt.hashpw(String, String)'
  92. */
  93. public void testHashpw() {
  94. System.out.print("BCrypt.hashpw(): ");
  95. for (int i = 0; i < test_vectors.length; i++) {
  96. String plain = test_vectors[i][0];
  97. String salt = test_vectors[i][1];
  98. String expected = test_vectors[i][2];
  99. String hashed = BCrypt.hashpw(plain, salt);
  100. assertEquals(hashed, expected);
  101. System.out.print(".");
  102. }
  103. System.out.println("");
  104. }
  105. /**
  106. * Test method for 'BCrypt.gensalt(int)'
  107. */
  108. public void testGensaltInt() {
  109. System.out.print("BCrypt.gensalt(log_rounds):");
  110. for (int i = 4; i <= 12; i++) {
  111. System.out.print(" " + Integer.toString(i) + ":");
  112. for (int j = 0; j < test_vectors.length; j += 4) {
  113. String plain = test_vectors[j][0];
  114. String salt = BCrypt.gensalt(i);
  115. String hashed1 = BCrypt.hashpw(plain, salt);
  116. String hashed2 = BCrypt.hashpw(plain, hashed1);
  117. assertEquals(hashed1, hashed2);
  118. System.out.print(".");
  119. }
  120. }
  121. System.out.println("");
  122. }
  123. /**
  124. * Test method for 'BCrypt.gensalt()'
  125. */
  126. public void testGensalt() {
  127. System.out.print("BCrypt.gensalt(): ");
  128. for (int i = 0; i < test_vectors.length; i += 4) {
  129. String plain = test_vectors[i][0];
  130. String salt = BCrypt.gensalt();
  131. String hashed1 = BCrypt.hashpw(plain, salt);
  132. String hashed2 = BCrypt.hashpw(plain, hashed1);
  133. assertEquals(hashed1, hashed2);
  134. System.out.print(".");
  135. }
  136. System.out.println("");
  137. }
  138. /**
  139. * Test method for 'BCrypt.checkpw(String, String)'
  140. * expecting success
  141. */
  142. public void testCheckpw_success() {
  143. System.out.print("BCrypt.checkpw w/ good passwords: ");
  144. for (int i = 0; i < test_vectors.length; i++) {
  145. String plain = test_vectors[i][0];
  146. String expected = test_vectors[i][2];
  147. assertTrue(BCrypt.checkpw(plain, expected));
  148. System.out.print(".");
  149. }
  150. System.out.println("");
  151. }
  152. /**
  153. * Test method for 'BCrypt.checkpw(String, String)'
  154. * expecting failure
  155. */
  156. public void testCheckpw_failure() {
  157. System.out.print("BCrypt.checkpw w/ bad passwords: ");
  158. for (int i = 0; i < test_vectors.length; i++) {
  159. int broken_index = (i + 4) % test_vectors.length;
  160. String plain = test_vectors[i][0];
  161. String expected = test_vectors[broken_index][2];
  162. assertFalse(BCrypt.checkpw(plain, expected));
  163. System.out.print(".");
  164. }
  165. System.out.println("");
  166. }
  167. /**
  168. * Test for correct hashing of non-US-ASCII passwords
  169. */
  170. public void testInternationalChars() {
  171. System.out.print("BCrypt.hashpw w/ international chars: ");
  172. String pw1 = "ππππππππ";
  173. String pw2 = "????????";
  174. String h1 = BCrypt.hashpw(pw1, BCrypt.gensalt());
  175. assertFalse(BCrypt.checkpw(pw2, h1));
  176. System.out.print(".");
  177. String h2 = BCrypt.hashpw(pw2, BCrypt.gensalt());
  178. assertFalse(BCrypt.checkpw(pw1, h2));
  179. System.out.print(".");
  180. System.out.println("");
  181. }
  182. }