Renovated password hashing, including the forgotten files in r17253.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17254 bcc190cf-cafb-0310-a4f2-bffc1f526a37

tests/regressiontests/utils/crypto.py

@@ -0,0 +1,133 @@
+
+import math
+import timeit
+import hashlib
+
+from django.utils import unittest
+from django.utils.crypto import pbkdf2
+
+
+class TestUtilsCryptoPBKDF2(unittest.TestCase):
+
+    # http://tools.ietf.org/html/draft-josefsson-pbkdf2-test-vectors-06
+    rfc_vectors = [
+        {
+            "args": {
+                "password": "password",
+                "salt": "salt",
+                "iterations": 1,
+                "dklen": 20,
+                "digest": hashlib.sha1,
+            },
+            "result": "0c60c80f961f0e71f3a9b524af6012062fe037a6",
+        },
+        {
+            "args": {
+                "password": "password",
+                "salt": "salt",
+                "iterations": 2,
+                "dklen": 20,
+                "digest": hashlib.sha1,
+            },
+            "result": "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957",
+        },
+        {
+            "args": {
+                "password": "password",
+                "salt": "salt",
+                "iterations": 4096,
+                "dklen": 20,
+                "digest": hashlib.sha1,
+            },
+            "result": "4b007901b765489abead49d926f721d065a429c1",
+        },
+        # # this takes way too long :(
+        # {
+        #     "args": {
+        #         "password": "password",
+        #         "salt": "salt",
+        #         "iterations": 16777216,
+        #         "dklen": 20,
+        #         "digest": hashlib.sha1,
+        #     },
+        #     "result": "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984",
+        # },
+        {
+            "args": {
+                "password": "passwordPASSWORDpassword",
+                "salt": "saltSALTsaltSALTsaltSALTsaltSALTsalt",
+                "iterations": 4096,
+                "dklen": 25,
+                "digest": hashlib.sha1,
+            },
+            "result": "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038",
+        },
+        {
+            "args": {
+                "password": "pass\0word",
+                "salt": "sa\0lt",
+                "iterations": 4096,
+                "dklen": 16,
+                "digest": hashlib.sha1,
+            },
+            "result": "56fa6aa75548099dcc37d7f03425e0c3",
+        },
+    ]
+
+    regression_vectors = [
+        {
+            "args": {
+                "password": "password",
+                "salt": "salt",
+                "iterations": 1,
+                "dklen": 20,
+                "digest": hashlib.sha256,
+            },
+            "result": "120fb6cffcf8b32c43e7225256c4f837a86548c9",
+        },
+        {
+            "args": {
+                "password": "password",
+                "salt": "salt",
+                "iterations": 1,
+                "dklen": 20,
+                "digest": hashlib.sha512,
+            },
+            "result": "867f70cf1ade02cff3752599a3a53dc4af34c7a6",
+        },
+        {
+            "args": {
+                "password": "password",
+                "salt": "salt",
+                "iterations": 1000,
+                "dklen": 0,
+                "digest": hashlib.sha512,
+            },
+            "result": ("afe6c5530785b6cc6b1c6453384731bd5ee432ee"
+                       "549fd42fb6695779ad8a1c5bf59de69c48f774ef"
+                       "c4007d5298f9033c0241d5ab69305e7b64eceeb8d"
+                       "834cfec"),
+        },
+    ]
+
+    def test_public_vectors(self):
+        for vector in self.rfc_vectors:
+            result = pbkdf2(**vector['args'])
+            self.assertEqual(result.encode('hex'), vector['result'])
+
+    def test_regression_vectors(self):
+        for vector in self.regression_vectors:
+            result = pbkdf2(**vector['args'])
+            self.assertEqual(result.encode('hex'), vector['result'])
+
+    def test_performance_scalability(self):
+        """
+        Theory: If you run with 100 iterations, it should take 100
+        times as long as running with 1 iteration.
+        """
+        n1, n2 = 100, 10000
+        elapsed = lambda f: timeit.timeit(f, number=1)
+        t1 = elapsed(lambda: pbkdf2("password", "salt", iterations=n1))
+        t2 = elapsed(lambda: pbkdf2("password", "salt", iterations=n2))
+        measured_scale_exponent = math.log(t2 / t1, n2 / n1)
+        self.assertLess(measured_scale_exponent, 1.1)