tst_qpassworddigestor.cpp source code [qtbase/tests/auto/network/ssl/qpassworddigestor/tst_qpassworddigestor.cpp]

1	/****************************************************************************
2	**
3	** Copyright (C) 2018 The Qt Company Ltd.
4	** Contact: https://www.qt.io/licensing/
5	**
6	** This file is part of the test suite of the Qt Toolkit.
7	**
8	** $QT_BEGIN_LICENSE:GPL-EXCEPT$
9	** Commercial License Usage
10	** Licensees holding valid commercial Qt licenses may use this file in
11	** accordance with the commercial license agreement provided with the
12	** Software or, alternatively, in accordance with the terms contained in
13	** a written agreement between you and The Qt Company. For licensing terms
14	** and conditions see https://www.qt.io/terms-conditions. For further
15	** information use the contact form at https://www.qt.io/contact-us.
16	**
17	** GNU General Public License Usage
18	** Alternatively, this file may be used under the terms of the GNU
19	** General Public License version 3 as published by the Free Software
20	** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT
21	** included in the packaging of this file. Please review the following
22	** information to ensure the GNU General Public License requirements will
23	** be met: https://www.gnu.org/licenses/gpl-3.0.html.
24	**
25	** $QT_END_LICENSE$
26	**
27	****************************************************************************/
28
29	#include <QtTest/QtTest>
30	#include <QtNetwork/qpassworddigestor.h>
31	#include <QtCore/qcryptographichash.h>
32	#include <QtCore/QByteArray>
33
34	#include <limits>
35
36	class tst_QPasswordDigestor : public QObject
37	{
38	Q_OBJECT
39	private Q_SLOTS:
40	void inputSanityChecks();
41	void pbkdf1Vectors_data();
42	void pbkdf1Vectors();
43	void pbkdf2Vectors_data();
44	void pbkdf2Vectors();
45	};
46
47	void tst_QPasswordDigestor::inputSanityChecks()
48	{
49	const QByteArray pass("password");
50	const QByteArray salt("saltsalt");
51	#ifndef QT_CRYPTOGRAPHICHASH_ONLY_SHA1
52	//1. PBKDF1 supports only SHA1 and (if not disabled in Qt) MD5 algorithms.
53	QTest::ignoreMessage(type: QtWarningMsg, message: "The only supported algorithms for pbkdf1 are SHA-1 and MD5!");
54	auto derivedKey = QPasswordDigestor::deriveKeyPbkdf1(algorithm: QCryptographicHash::Sha224, password: pass, salt, iterations: `2`, dkLen: `48`);
55	QCOMPARE(derivedKey, QByteArray ());
56	#endif // QT_CRYPTOGRAPHICHASH_ONLY_SHA1
57
58	// 2. Salt size must be == 8:
59	QTest::ignoreMessage(type: QtWarningMsg, message: "The salt must be 8 bytes long!");
60	derivedKey = QPasswordDigestor::deriveKeyPbkdf1(algorithm: QCryptographicHash::Sha1, password: pass, salt: "salt", iterations: `2`, dkLen: `48`);
61	QCOMPARE(derivedKey, QByteArray ());
62
63	// 3. An illegal number of iterations (0):
64	derivedKey = QPasswordDigestor::deriveKeyPbkdf1(algorithm: QCryptographicHash::Sha1, password: pass, salt, iterations: `0`, dkLen: `48`);
65	QCOMPARE(derivedKey, QByteArray ());
66
67	// 4. An illegal number of iterations (-10):
68	derivedKey = QPasswordDigestor::deriveKeyPbkdf1(algorithm: QCryptographicHash::Sha1, password: pass, salt, iterations: -`10`, dkLen: `48`);
69	QCOMPARE(derivedKey, QByteArray ());
70
71	// 5. An invalid key size (0):
72	derivedKey = QPasswordDigestor::deriveKeyPbkdf1(algorithm: QCryptographicHash::Sha1,
73	password: "password", salt: "saltsalt", iterations: `1`, dkLen: `0`);
74	QCOMPARE(derivedKey, QByteArray ());
75
76	// 6. Requested key is too large:
77	QTest::ignoreMessage(type: QtWarningMsg, message: "Derived key too long:\n"
78	" QCryptographicHash::Sha1 was chosen which"
79	" produces output of length 20 but 120 was requested.");
80	derivedKey = QPasswordDigestor::deriveKeyPbkdf1(algorithm: QCryptographicHash::Sha1, password: pass, salt, iterations: `1`,
81	dkLen: quint64(QCryptographicHash::hashLength(method: QCryptographicHash::Sha1) + `100`));
82	QCOMPARE(derivedKey, QByteArray ());
83
84	// 7. Key size is too large, max is quint64(std::numeric_limits<quint32>::max() - 1) hashLen*
85	const auto invalidDkLen = quint64(QCryptographicHash::hashLength(method: QCryptographicHash::Sha1))
86	* (std::numeric_limits<quint32>::max() - `1`) + `1`;
87	QTest::ignoreMessage(type: QtWarningMsg, message: "Derived key too long:\n"
88	"QCryptographicHash::Sha1 was chosen which produces output"
89	" of length 85899345880 but 85899345881 was requested.");
90	derivedKey = QPasswordDigestor::deriveKeyPbkdf2(algorithm: QCryptographicHash::Sha1, password: pass, salt, iterations: `1`, dkLen: invalidDkLen);
91	QCOMPARE(derivedKey, QByteArray ());
92
93	// 8. Invalid number of iterations.
94	derivedKey = QPasswordDigestor::deriveKeyPbkdf2(algorithm: QCryptographicHash::Sha1, password: pass, salt, iterations: `0`, dkLen: `100`);
95	QCOMPARE(derivedKey, QByteArray ());
96
97	// 9. Invalid (negative) number of iterations.
98	derivedKey = QPasswordDigestor::deriveKeyPbkdf2(algorithm: QCryptographicHash::Sha1, password: pass, salt, iterations: -`100`, dkLen: `100`);
99	QCOMPARE(derivedKey, QByteArray ());
100	}
101
102	void tst_QPasswordDigestor::pbkdf1Vectors_data()
103	{
104	QTest::addColumn<QCryptographicHash::Algorithm>(name: "algorithm");
105	QTest::addColumn<QByteArray>(name: "password");
106	QTest::addColumn<QByteArray>(name: "salt");
107	QTest::addColumn<int>(name: "iterations");
108	QTest::addColumn<int>(name: "dkLen");
109	QTest::addColumn<QByteArray>(name: "result");
110
111	// data from
112	// https://web.archive.org/web/20160912052752/https://www.di-mgt.com.au/cryptoKDFs.html#examplespbkdf
113	// (Note: this is not official, but at least it's something to compare with.)
114	QTest::newRow(dataTag: "di-mgt") << QCryptographicHash::Sha1 << QByteArray::fromHex(hexEncoded: "70617373776F7264")
115	<< QByteArray::fromHex(hexEncoded: "78578E5A5D63CB06") << `1000` << `16`
116	<< QByteArray::fromHex(hexEncoded: "DC19847E05C64D2FAF10EBFB4A3D2A20");
117	}
118
119	void tst_QPasswordDigestor::pbkdf1Vectors()
120	{
121	QFETCH(QCryptographicHash::Algorithm, algorithm);
122	QFETCH(QByteArray, password);
123	QFETCH(QByteArray, salt);
124	QFETCH(int, iterations);
125	QFETCH(int, dkLen);
126	QFETCH(QByteArray, result);
127
128	QCOMPARE(QPasswordDigestor::deriveKeyPbkdf1(algorithm, password, salt, iterations, dkLen), result);
129	}
130
131	void tst_QPasswordDigestor::pbkdf2Vectors_data()
132	{
133	QTest::addColumn<QCryptographicHash::Algorithm>(name: "algorithm");
134	QTest::addColumn<QByteArray>(name: "password");
135	QTest::addColumn<QByteArray>(name: "salt");
136	QTest::addColumn<int>(name: "iterations");
137	QTest::addColumn<int>(name: "dkLen");
138	QTest::addColumn<QByteArray>(name: "result");
139
140	// data from https://tools.ietf.org/html/rfc6070
141	auto hash = QCryptographicHash::Sha1;
142	QTest::newRow(dataTag: "rfc6070-1") << hash << QByteArrayLiteral("password") << QByteArrayLiteral("salt")
143	<< `1` << `20`
144	<< QByteArray::fromHex(hexEncoded: "0c60c80f961f0e71f3a9b524af6012062fe037a6");
145	QTest::newRow(dataTag: "rfc6070-2") << hash << QByteArrayLiteral("password") << QByteArrayLiteral("salt")
146	<< `2` << `20`
147	<< QByteArray::fromHex(hexEncoded: "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957");
148	QTest::newRow(dataTag: "rfc6070-3") << hash << QByteArrayLiteral("password") << QByteArrayLiteral("salt")
149	<< `4096` << `20`
150	<< QByteArray::fromHex(hexEncoded: "4b007901b765489abead49d926f721d065a429c1");
151	#if 0
152	// Excluding: takes about 3 minutes to run
153	QTest::newRow("rfc6070-4") << hash << QByteArrayLiteral("password") << QByteArrayLiteral("salt")
154	<< `16777216` << `20`
155	<< QByteArray::fromHex("eefe3d61cd4da4e4e9945b3d6ba2158c2634e984");
156	#endif
157	QTest::newRow(dataTag: "rfc6070-5") << hash << QByteArrayLiteral("passwordPASSWORDpassword")
158	<< QByteArrayLiteral("saltSALTsaltSALTsaltSALTsaltSALTsalt") << `4096`
159	<< `25`
160	<< QByteArray::fromHex(
161	hexEncoded: "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038");
162	QTest::newRow(dataTag: "rfc6070-6") << hash << QByteArrayLiteral("pass\0word")
163	<< QByteArrayLiteral("sa\0lt") << `4096` << `16`
164	<< QByteArray::fromHex(hexEncoded: "56fa6aa75548099dcc37d7f03425e0c3");
165
166	// the next few bits of data are from https://tools.ietf.org/html/rfc3962#appendix-B
167	QByteArray password = QByteArrayLiteral("password");
168	QByteArray salt = QByteArrayLiteral("ATHENA.MIT.EDUraeburn");
169	QTest::newRow(dataTag: "rfc3962-1") << hash << password << salt << `1` << `16`
170	<< QByteArray::fromHex(hexEncoded: "cdedb5281bb2f801565a1122b2563515");
171	QTest::newRow(dataTag: "rfc3962-2")
172	<< hash << password << salt << `1` << `32`
173	<< QByteArray::fromHex(hexEncoded: "cdedb5281bb2f801565a1122b25635150ad1f7a04bb9f3a333ecc0e2e1f70837");
174	QTest::newRow(dataTag: "rfc3962-3") << hash << password << salt << `2` << `16`
175	<< QByteArray::fromHex(hexEncoded: "01dbee7f4a9e243e988b62c73cda935d");
176	QTest::newRow(dataTag: "rfc3962-4")
177	<< hash << QByteArrayLiteral("password") << salt << `2` << `32`
178	<< QByteArray::fromHex(hexEncoded: "01dbee7f4a9e243e988b62c73cda935da05378b93244ec8f48a99e61ad799d86");
179	QTest::newRow(dataTag: "rfc3962-5") << hash << password << salt << `1200` << `16`
180	<< QByteArray::fromHex(hexEncoded: "5c08eb61fdf71e4e4ec3cf6ba1f5512b");
181	QTest::newRow(dataTag: "rfc3962-6")
182	<< hash << password << salt << `1200` << `32`
183	<< QByteArray::fromHex(hexEncoded: "5c08eb61fdf71e4e4ec3cf6ba1f5512ba7e52ddbc5e5142f708a31e2e62b1e13");
184
185	salt = QByteArray::fromHex(hexEncoded: "1234567878563412"); // 0x1234567878563412
186	QTest::newRow(dataTag: "rfc3962-7") << hash << password << salt << `5` << `16`
187	<< QByteArray::fromHex(hexEncoded: "d1daa78615f287e6a1c8b120d7062a49");
188	QTest::newRow(dataTag: "rfc3962-8")
189	<< hash << password << salt << `5` << `32`
190	<< QByteArray::fromHex(hexEncoded: "d1daa78615f287e6a1c8b120d7062a493f98d203e6be49a6adf4fa574b6e64ee");
191
192	password = QByteArray (`64`, `'X'`);
193	salt = "pass phrase equals block size";
194	QTest::newRow(dataTag: "rfc3962-9") << hash << password << salt << `1200` << `16`
195	<< QByteArray::fromHex(hexEncoded: "139c30c0966bc32ba55fdbf212530ac9");
196	QTest::newRow(dataTag: "rfc3962-10")
197	<< hash << password << salt << `1200` << `32`
198	<< QByteArray::fromHex(hexEncoded: "139c30c0966bc32ba55fdbf212530ac9c5ec59f1a452f5cc9ad940fea0598ed1");
199
200	password.append(c: `'X'`);
201	salt = "pass phrase exceeds block size";
202	QTest::newRow(dataTag: "rfc3962-11") << hash << password << salt << `1200` << `16`
203	<< QByteArray::fromHex(hexEncoded: "9ccad6d468770cd51b10e6a68721be61");
204	QTest::newRow(dataTag: "rfc3962-12")
205	<< hash << password << salt << `1200` << `32`
206	<< QByteArray::fromHex(hexEncoded: "9ccad6d468770cd51b10e6a68721be611a8b4d282601db3b36be9246915ec82a");
207
208	password = QByteArray::fromHex(hexEncoded: "f09d849e"); // 0xf09d849e
209	salt = "EXAMPLE.COMpianist";
210	QTest::newRow(dataTag: "rfc3962-13") << hash << password << salt << `50` << `16`
211	<< QByteArray::fromHex(hexEncoded: "6b9cf26d45455a43a5b8bb276a403b39");
212	QTest::newRow(dataTag: "rfc3962-14")
213	<< hash << password << salt << `50` << `32`
214	<< QByteArray::fromHex(hexEncoded: "6b9cf26d45455a43a5b8bb276a403b39e7fe37a0c41e02c281ff3069e1e94f52");
215	}
216
217	void tst_QPasswordDigestor::pbkdf2Vectors()
218	{
219	QFETCH(QCryptographicHash::Algorithm, algorithm);
220	QFETCH(QByteArray, password);
221	QFETCH(QByteArray, salt);
222	QFETCH(int, iterations);
223	QFETCH(int, dkLen);
224	QFETCH(QByteArray, result);
225
226	QCOMPARE(QPasswordDigestor::deriveKeyPbkdf2(algorithm, password, salt, iterations, dkLen), result);
227	}
228
229	QTEST_MAIN(tst_QPasswordDigestor)
230	#include "tst_qpassworddigestor.moc"
231

source code of qtbase/tests/auto/network/ssl/qpassworddigestor/tst_qpassworddigestor.cpp