public void Enscrypt_should_not_throw_if_salt_is_null()
{
var hasher = new PasswordHasher("password");
int iterations;
hasher.Enscrypt(null, 1);
hasher.Enscrypt(null, TimeSpan.FromSeconds(5), out iterations);
}
public void Enscrypt_should_not_throw_if_password_is_empty()
{
var salt = new byte[] { };
var hasher = new PasswordHasher("");
int iterations;
hasher.Enscrypt(salt, 1);
hasher.Enscrypt(salt, TimeSpan.FromSeconds(5), out iterations);
}
public void Enscrypt_should_throw_if_iterations_is_negative_or_zero()
{
var hasher = new PasswordHasher("password");
var salt = new byte[] { };
Assert.ThrowsException <ArgumentOutOfRangeException>(() => hasher.Enscrypt(salt, -1),
"did not throw on negative value for iteration");
Assert.ThrowsException <ArgumentOutOfRangeException>(() => hasher.Enscrypt(salt, 0),
"did not throw on zero value for iteration");
}
public void Enscrypt_should_throw_if_duration_is_negative()
{
var hasher = new PasswordHasher("password");
var salt = new byte[] { };
int iterations;
Assert.ThrowsException <ArgumentOutOfRangeException>(() => hasher.Enscrypt(salt, TimeSpan.FromSeconds(-1), out iterations),
"did not throw on negative timespan for duration");
Assert.ThrowsException <ArgumentOutOfRangeException>(() => hasher.Enscrypt(salt, TimeSpan.FromSeconds(0), out iterations),
"did not throw on zero timespan for duratrion");
}
public void Enscrypt_should_return_a_number_of_iterations_that_produces_hash(string password, string saltText, int seconds)
{
var hasher = new PasswordHasher(password);
int iterations;
var salt = saltText == "" ? new byte[0] : CryptographicBuffer.DecodeFromHexString(saltText).ToArray();
var hash = hasher.Enscrypt(salt, TimeSpan.FromSeconds(seconds), out iterations);
var expected = hasher.Enscrypt(salt, iterations);
var hashText = CryptographicBuffer.EncodeToHexString(hash.AsBuffer());
var expectedText = CryptographicBuffer.EncodeToHexString(expected.AsBuffer());
Assert.AreEqual(expectedText, hashText);
}
public void Enscrypt_should_use_a_number_of_iterations_that_takes_the_specified_duration_to_hash(string password, string saltText, int seconds)
{
// This test may sometimes give a false positive and report the method as failing. This is due to the inaccurate way we are measuring the duration.
var hasher = new PasswordHasher(password);
int iterations;
var salt = saltText == "" ? new byte[0] : CryptographicBuffer.DecodeFromHexString(saltText).ToArray();
var hash = hasher.Enscrypt(salt, TimeSpan.FromSeconds(seconds), out iterations);
var expected = DateTime.Now.AddSeconds(seconds);
var result = hasher.Enscrypt(salt, iterations);
var actual = DateTime.Now;
var difference = expected - actual;
Assert.IsTrue(difference < TimeSpan.FromSeconds(1), "hashing by iteration took {0}s less time than the specified duration of {1}s", difference.TotalSeconds, seconds);
Assert.IsTrue(difference >= TimeSpan.FromSeconds(-1), "hashing by iteration took {0}s more time than the specified duration of {1}s", difference.TotalSeconds, seconds);
}
public void Enscrypt_should_compute_the_correct_hash(string password, string saltText, int iterations, string expected)
{
var hasher = new PasswordHasher(password);
var salt = saltText == "" ? new byte[0] : CryptographicBuffer.DecodeFromHexString(saltText).ToArray();
var key = hasher.Enscrypt(salt, iterations);
var keyHex = CryptographicBuffer.EncodeToHexString(CryptographicBuffer.CreateFromByteArray(key));
Assert.AreEqual(expected, keyHex, ignoreCase: true);
}