Beispiel #1
0
func TestEncoderInteraction(t *testing.T) {

	var list []string

	// Test that SetDefault works
	for i, r := range encodings {
		err := mcf.SetDefault(r.encoding)
		if err != nil {
			t.Errorf("%d-1: SetDefault %s: unexpected error: %s", i, r.encoding, err)
			continue
		}

		encoded, err := mcf.Create(plain)
		if err != nil {
			t.Errorf("%d-1: Create: unexpected error: %s", i, err)
			continue
		}

		isValid, err := mcf.Verify(plain, encoded)
		if err != nil {
			t.Errorf("%d-1: Verify: unexpected error: %s", i, err)
			continue
		}

		if !isValid {
			t.Errorf("%d-1: Verify: unexpected failure on plain=%q encoded=%q, encoding=%q", i, plain, encoded, r.encoding)
			continue
		}

		if s := encoded; !strings.HasPrefix(s, r.id) {
			t.Errorf("%d-1: Create: encoding prefix mismatch: s=%s, prefix=%s", i, s, r.id)
			continue
		}

		list = append(list, encoded)
	}

	// Verification is independent of default setting
	// and should work as long as the encoder exists.
	for i, r := range encodings {
		err := mcf.SetDefault(r.encoding)
		if err != nil {
			t.Errorf("%d-2: SetDefault %s: unexpected error: %s", i, r.encoding, err)
			continue
		}

		for _, encoded := range list {
			isValid, err := mcf.Verify(plain, encoded)
			if err != nil {
				t.Errorf("%d-2: Verify: unexpected error: %s", i, err)
				continue
			}

			if !isValid {
				t.Errorf("%d-2: Verify: unexpected failure on plain=%q encoded=%q, encoding=%q", i, plain, encoded, r.encoding)
				continue
			}
		}
	}
}
Beispiel #2
0
func TestKey(t *testing.T) {
	for i, v := range good {

		err := setConfig(len(v.output), len(v.salt), v.N, v.r, v.p)
		if err != nil {
			t.Errorf("%d: unexpected error setting config: %s", i, err)
		}

		setSalt(v.salt)

		encoded, err := mcf.Create(v.password)
		if err != nil {
			t.Errorf("%d: got unexpected error: %s", i, err)
		}

		passwd := password.New([]byte("scrypt"))
		err = passwd.Parse([]byte(encoded))
		if err != nil {
			t.Errorf("%d: unexpected error creating password instance: %s", err)
		}

		if !bytes.Equal(passwd.Salt, []byte(v.salt)) {
			t.Errorf("%d: salt: expected %s, got %s", i, v.salt, string(passwd.Salt))
		}

		if !bytes.Equal(passwd.Key, v.output) {
			t.Errorf("%d: expected %x, got %x", i, v.output, passwd.Key)
		}
	}

	for i, v := range bad {
		err := setConfig(32, len(v.salt), v.N, v.r, v.p)
		if err == nil {
			t.Errorf("%d: expected error, got nil", i)
		}

		setSalt(v.salt)

		_, err = mcf.Create(v.password)
		if err == nil {
			t.Errorf("%d: expected error, got nil", i)
		}
	}
}
Beispiel #3
0
func roundTrip(t *testing.T, plaintext string) {
	encoded, err := mcf.Create(plaintext)
	if err != nil {
		t.Fatal(err)
	}

	ok, err := mcf.Verify(plaintext, encoded)
	if err != nil {
		t.Fatal(err)
	}

	if !ok {
		t.Fatalf("Verify(%q, %q) failed", plaintext, encoded)
	}
}
Beispiel #4
0
func TestVectors(t *testing.T) {
	for i, v := range testVectors {

		x := strings.Split(v.salt[1:], "$")
		if len(x) != 3 {
			t.Fatalf("%d: invalid field structure: %s", i, v.salt)
		}
		costIn, saltIn := x[1], x[2] //index 0 is not interesting.

		salt, err := base64Decode([]byte(saltIn))

		if err != nil {
			t.Fatalf("%d: error decoding salt: %s", i, err)
		}
		var cost int
		if _, err := fmt.Sscanf(costIn, "%02d", &cost); err != nil {
			t.Fatalf("%d: error decoding param [%+v]: %s", i, costIn, err)
		}

		// Hijack rand.Reader to feed salt to crypto/bcrypt.
		// Need extra salt because SetCost generates a digest
		// to test the new cost, and each of the 3 calls to it uses
		// up one portion of salt.
		rand.Reader = bytes.NewReader(bytes.Repeat(salt, 4))

		err = SetCost(cost)
		if err != nil {
			t.Errorf("%d: SetCost: unexpected error: %s", i, err)
		}

		encoded, err := mcf.Create(v.plain)
		if err != nil {
			// password must be at least 2 bytes otherwise crypto/blowfish complains.
			// This really should be handled in crypto/bcrypt
			if len(v.plain) < 3 {
				continue
			}
			t.Errorf("%d: unexpected error: %s", i, err)
			continue
		}

		if want, got := v.passwd, encoded; want != got {
			t.Errorf("%d: output mismatch. want: %s, got %s", i, want, got)
			continue
		}

		isValid, err := mcf.Verify(v.plain, encoded)
		if err != nil {
			t.Errorf("%d: verify: unexpected failure on %q: %s", i, encoded, err)
			continue
		}
		if !isValid {
			t.Errorf("%d: IsValid: expecting true got false", i)
			continue
		}

		for j, pair := range []struct {
			cost   int
			answer bool
		}{{cost, true}, {cost + 1, false}} {

			err := SetCost(pair.cost)
			if err != nil {
				t.Errorf("%d-%d: SetCost: unexpected error: %s", i, j, err)
			}

			isCurrent, err := mcf.IsCurrent(encoded)
			if err != nil {
				t.Errorf("%d-%d: IsCurrent: unexpected failure: %", i, j, err)
				continue
			}
			if isCurrent != pair.answer {
				t.Errorf("%d-%d: IsCurrent: expecting %t got %t", i, j, pair.answer, isCurrent)
				continue
			}
		}
	}
}
Beispiel #5
0
func TestVectors(t *testing.T) {
	for i, v := range testVectors {

		key, err := hex.DecodeString(v.key)
		if err != nil {
			t.Errorf("%d: could not decode key: %s: %s", i, v.key, err)
			continue
		}

		config, err := setConfig(len(key), v.iterations, len(v.salt))
		if err != nil {
			t.Errorf("%d: unexpected error setting config: %s", i, err)
		}

		setSalt(v.salt)

		encoded, err := mcf.Create(v.plain)
		if err != nil {
			t.Errorf("%d: got unexpected error: %s", i, err)
		}

		passwd := password.New([]byte("pbkdf2"))
		err = passwd.Parse([]byte(encoded))
		if err != nil {
			t.Errorf("%d: unexpected error creating password instance: %s", i, err)
		}

		if p, q := []byte(config.Params()), passwd.Params; !bytes.Equal(p, q) {
			t.Errorf("%d: params: expected %s, got %s", i, string(p), string(q))
		}

		if p, q := []byte(v.salt), passwd.Salt; !bytes.Equal(p, q) {
			t.Errorf("%d: salt: expected %s, got %s", i, string(p), string(q))
		}

		if p, q := key, passwd.Key; !bytes.Equal(p, q) {
			t.Errorf("%d: key: expected %x, got %x", i, p, q)
		}

		isValid, err := mcf.Verify(v.plain, encoded)
		if err != nil {
			t.Errorf("%d: verify: unexpected failure on %q: %s", i, encoded, err)
			continue
		}
		if !isValid {
			t.Errorf("%d: verify - unexpectedly returned false", i)
			continue
		}

		// perturb configuration...
		newConfig := *config
		newConfig.KeyLen += 1

		for j, c := range []*Config{config, &newConfig} {
			setConfig(c.KeyLen, c.Iterations, c.SaltLen)
			isCurrent, err := mcf.IsCurrent(encoded)
			if err != nil {
				t.Errorf("%d-%d: IsCurrent: unexpected failure: %", i, j, err)
				continue
			}
			//old configuration says yes, new configuration says no
			if answer := c == config; isCurrent != answer {
				t.Errorf("%d-%d: IsCurrent: expecting %t got %t", i, j, answer, isCurrent)
				continue
			}
		}
	}
}