From 6040cc82c13c7530677939ff8486bc61c6169cca Mon Sep 17 00:00:00 2001 From: EuAndreh Date: Mon, 15 Jul 2024 16:06:12 -0300 Subject: Inline gobang package code --- go.mod | 3 - src/lib.go | 649 +++++++++++++++++++++++++++++++++++++++++++++++++++--- tests/lib_test.go | 363 ++++++++++++++++++++++++++++-- 3 files changed, 965 insertions(+), 50 deletions(-) diff --git a/go.mod b/go.mod index 36de052..d2d20f9 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,3 @@ module euandre.org/papod go 1.21.5 require github.com/mattn/go-sqlite3 v1.14.22 - -require euandre.org/gobang v0.1.0 -replace euandre.org/gobang => ../gobang diff --git a/src/lib.go b/src/lib.go index 6aee989..c1a0350 100644 --- a/src/lib.go +++ b/src/lib.go @@ -3,13 +3,21 @@ package papod import ( "bufio" "bytes" + "crypto/hmac" + "crypto/rand" + "crypto/sha256" "database/sql" + "encoding/binary" + "encoding/hex" "errors" "flag" "fmt" + "hash" "io" "io/ioutil" "log/slog" + "math/big" + "math/bits" "net" "os" "regexp" @@ -17,10 +25,9 @@ import ( "sort" "strings" "sync" + "syscall" "time" - g "euandre.org/gobang/src" - _ "github.com/mattn/go-sqlite3" ) @@ -32,15 +39,588 @@ var ( Colour string ) -var EmitActiveConnection = g.MakeGauge("active-connections") -var EmitNicksInChannel = g.MakeGauge("nicks-in-channel") -var EmitReceivedMessage = g.MakeCounter("received-message") -var EmitWriteToClientError = g.MakeCounter("write-to-client") +// FIXME: reorder +var EmitActiveConnection = MakeGauge("active-connections") +var EmitNicksInChannel = MakeGauge("nicks-in-channel") +var EmitReceivedMessage = MakeCounter("received-message") +var EmitWriteToClientError = MakeCounter("write-to-client") const pingFrequency = time.Duration(30) * time.Second const pongMaxLatency = time.Duration(5) * time.Second + +// FIXME: finish rewriting +// +// lastV7time is the last time we returned stored as: +// +// 52 bits of time in milliseconds since epoch +// 12 bits of (fractional nanoseconds) >> 8 +var lastV7Time int64 +var timeMu sync.Mutex +// getV7Time returns the time in milliseconds and nanoseconds / 256. +// The returned (milli << (12 + seq)) is guaranteed to be greater than +// (milli << (12 + seq)) returned by any previous call to getV7Time. +// `seq` Sequence number is between 0 and 3906 (nanoPerMilli >> 8) +func getV7Time(nano int64) (int64, int64) { + const nanoPerMilli = 1000 * 1000 + + milli := nano / nanoPerMilli + seq := (nano - (milli * nanoPerMilli)) >> 8 + now := milli << (12 + seq) + + timeMu.Lock() + defer timeMu.Unlock() + if now <= lastV7Time { + now = lastV7Time + 1 + milli = now >> 12 + seq = now & 0xfff + } + lastV7Time = now + return milli, seq +} + +const lengthUUID = 16 + +type UUID struct { + bytes [lengthUUID]byte +} + +func NewUUID() UUID { + var buf [lengthUUID]byte + _, err := io.ReadFull(rand.Reader, buf[7:]) + if err != nil { + panic(err) + } + + buf[6] = (buf[6] & 0x0f) | 0x40 // Version 4 + buf[8] = (buf[8] & 0x3f) | 0x80 // Variant is 10 + + t, s := getV7Time(time.Now().UnixNano()) + + buf[0] = byte(t >> 40) + buf[1] = byte(t >> 32) + buf[2] = byte(t >> 24) + buf[3] = byte(t >> 16) + buf[4] = byte(t >> 8) + buf[5] = byte(t >> 0) + + buf[6] = 0x70 | (0x0f & byte(s >> 8)) + buf[7] = byte(s) + return UUID { bytes: buf } +} + +func (uuid UUID) ToString() string { + const dashCount = 4 + const encodedLength = (lengthUUID * 2) + dashCount + dst := [encodedLength]byte { + 0, 0, 0, 0, + 0, 0, 0, 0, + '-', + 0, 0, 0, 0, + '-', + 0, 0, 0, 0, + '-', + 0, 0, 0, 0, + '-', + 0, 0, 0, 0, + 0, 0, 0, 0, + 0, 0, 0, 0, + } + + hex.Encode(dst[ 0:8], uuid.bytes[0:4]) + hex.Encode(dst[ 9:13], uuid.bytes[4:6]) + hex.Encode(dst[14:18], uuid.bytes[6:8]) + hex.Encode(dst[19:23], uuid.bytes[8:10]) + hex.Encode(dst[24:36], uuid.bytes[10:]) + + return string(dst[:]) +} + + + +type LogLevel int8 + +const ( + LevelNone LogLevel = 0 + LevelError LogLevel = 1 + LevelWarning LogLevel = 2 + LevelInfo LogLevel = 3 + LevelDebug LogLevel = 4 +) + +var Level LogLevel = LevelInfo + +var EmitMetric bool = true + + +func Debug(message string, type_ string, args ...any) { + if (Level < LevelDebug) { + return + } + + slog.Debug( + message, + append( + []any { + "id", NewUUID().ToString(), + "kind", "log", + "type", type_, + }, + args..., + )..., + ) +} + +func Info(message string, type_ string, args ...any) { + if (Level < LevelInfo) { + return + } + + slog.Info( + message, + append( + []any { + "id", NewUUID().ToString(), + "kind", "log", + "type", type_, + }, + args..., + )..., + ) +} + +func Warning(message string, type_ string, args ...any) { + if (Level < LevelWarning) { + return + } + + slog.Warn( + message, + append( + []any { + "id", NewUUID().ToString(), + "kind", "log", + "type", type_, + }, + args..., + )..., + ) +} + +func Error(message string, type_ string, args ...any) { + if (Level < LevelError) { + return + } + + slog.Error( + message, + append( + []any { + "id", NewUUID().ToString(), + "kind", "log", + "type", type_, + }, + args..., + )..., + ) +} + +func Metric(type_ string, label string, args ...any) { + if (!EmitMetric) { + return + } + + slog.Info( + "_", + append( + []any { + "id", NewUUID().ToString(), + "kind", "metric", + "type", type_, + "label", label, + }, + args..., + )..., + ) +} + +type Gauge struct { + Inc func(...any) + Dec func(...any) +} + +var zero = big.NewInt(0) +var one = big.NewInt(1) +func MakeGauge(label string, staticArgs ...any) Gauge { + count := big.NewInt(0) + emitGauge := func(dynamicArgs ...any) { + if count.Cmp(zero) == -1 { + Error( + "Gauge went negative", + "process-metric", + append( + []any { "value", count }, + append( + staticArgs, + dynamicArgs..., + )..., + )..., + ) + return // avoid wrong metrics being emitted + } + Metric( + "gauge", label, + // TODO: we'll have slices.Concat on Go 1.22 + append( + []any { "value", count }, + append( + staticArgs, + dynamicArgs..., + )..., + )..., + ) + } + return Gauge { + Inc: func(dynamicArgs ...any) { + count.Add(count, one) + emitGauge(dynamicArgs...) + }, + Dec: func(dynamicArgs ...any) { + count.Sub(count, one) + emitGauge(dynamicArgs...) + }, + } +} + +func MakeCounter(label string) func(...any) { + return func(args ...any) { + Metric( + "counter", label, + append([]any { "value", 1 }, args...)..., + ) + } +} + +func SetLoggerOutput(w io.Writer) { + slog.SetDefault(slog.New(slog.NewJSONHandler(w, &slog.HandlerOptions { + AddSource: true, + })).With( + slog.Group( + "info", + "pid", os.Getpid(), + "ppid", os.Getppid(), + "puuid", NewUUID().ToString(), + ), + )) +} + +func SetTraceback() { + if os.Getenv("GOTRACEBACK") == "" { + debug.SetTraceback("crash") + } +} + +func Fatal(err error) { + Error( + "Fatal error", "fatal-error", + "error", err, + "stack", string(debug.Stack()), + ) + syscall.Kill(os.Getpid(), syscall.SIGABRT) + os.Exit(3) +} + +func FatalIf(err error) { + if err != nil { + Fatal(err) + } +} + + +/* +Package pbkdf2 implements the key derivation function PBKDF2 as defined in RFC +2898 / PKCS #5 v2.0. + +A key derivation function is useful when encrypting data based on a password +or any other not-fully-random data. It uses a pseudorandom function to derive +a secure encryption key based on the password. + +While v2.0 of the standard defines only one pseudorandom function to use, +HMAC-SHA1, the drafted v2.1 specification allows use of all five FIPS Approved +Hash Functions SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 for HMAC. To +choose, you can pass the `New` functions from the different SHA packages to +pbkdf2.Key. +*/ + +// Key derives a key from the password, salt and iteration count, returning a +// []byte of length keylen that can be used as cryptographic key. The key is +// derived based on the method described as PBKDF2 with the HMAC variant using +// the supplied hash function. +// +// For example, to use a HMAC-SHA-1 based PBKDF2 key derivation function, you +// can get a derived key for e.g. AES-256 (which needs a 32-byte key) by +// doing: +// +// dk := pbkdf2.Key([]byte("some password"), salt, 4096, 32, sha1.New) +// +// Remember to get a good random salt. At least 8 bytes is recommended by the +// RFC. +// +// Using a higher iteration count will increase the cost of an exhaustive +// search but will also make derivation proportionally slower. +func PBKDF2Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte { + prf := hmac.New(h, password) + hashLen := prf.Size() + numBlocks := (keyLen + hashLen - 1) / hashLen + + var buf [4]byte + dk := make([]byte, 0, numBlocks*hashLen) + U := make([]byte, hashLen) + for block := 1; block <= numBlocks; block++ { + // N.B.: || means concatenation, ^ means XOR + // for each block T_i = U_1 ^ U_2 ^ ... ^ U_iter + // U_1 = PRF(password, salt || uint(i)) + prf.Reset() + prf.Write(salt) + buf[0] = byte(block >> 24) + buf[1] = byte(block >> 16) + buf[2] = byte(block >> 8) + buf[3] = byte(block) + prf.Write(buf[:4]) + dk = prf.Sum(dk) + T := dk[len(dk)-hashLen:] + copy(U, T) + + // U_n = PRF(password, U_(n-1)) + for n := 2; n <= iter; n++ { + prf.Reset() + prf.Write(U) + U = U[:0] + U = prf.Sum(U) + for x := range U { + T[x] ^= U[x] + } + } + } + return dk[:keyLen] +} + +// Package scrypt implements the scrypt key derivation function as defined in +// Colin Percival's paper "Stronger Key Derivation via Sequential Memory-Hard +// Functions" (https://www.tarsnap.com/scrypt/scrypt.pdf). + +const maxInt = int(^uint(0) >> 1) + +// blockCopy copies n numbers from src into dst. +func blockCopy(dst, src []uint32, n int) { + copy(dst, src[:n]) +} + +// blockXOR XORs numbers from dst with n numbers from src. +func blockXOR(dst, src []uint32, n int) { + for i, v := range src[:n] { + dst[i] ^= v + } +} + +// salsaXOR applies Salsa20/8 to the XOR of 16 numbers from tmp and in, +// and puts the result into both tmp and out. +func salsaXOR(tmp *[16]uint32, in, out []uint32) { + w0 := tmp[0] ^ in[0] + w1 := tmp[1] ^ in[1] + w2 := tmp[2] ^ in[2] + w3 := tmp[3] ^ in[3] + w4 := tmp[4] ^ in[4] + w5 := tmp[5] ^ in[5] + w6 := tmp[6] ^ in[6] + w7 := tmp[7] ^ in[7] + w8 := tmp[8] ^ in[8] + w9 := tmp[9] ^ in[9] + w10 := tmp[10] ^ in[10] + w11 := tmp[11] ^ in[11] + w12 := tmp[12] ^ in[12] + w13 := tmp[13] ^ in[13] + w14 := tmp[14] ^ in[14] + w15 := tmp[15] ^ in[15] + + x0 := w0 + x1 := w1 + x2 := w2 + x3 := w3 + x4 := w4 + x5 := w5 + x6 := w6 + x7 := w7 + x8 := w8 + x9 := w9 + x10 := w10 + x11 := w11 + x12 := w12 + x13 := w13 + x14 := w14 + x15 := w15 + + for i := 0; i < 8; i += 2 { + x4 ^= bits.RotateLeft32(x0 + x12, 7) + x8 ^= bits.RotateLeft32(x4 + x0, 9) + x12 ^= bits.RotateLeft32(x8 + x4, 13) + x0 ^= bits.RotateLeft32(x12 + x8, 18) + + x9 ^= bits.RotateLeft32(x5 + x1, 7) + x13 ^= bits.RotateLeft32(x9 + x5, 9) + x1 ^= bits.RotateLeft32(x13 + x9, 13) + x5 ^= bits.RotateLeft32(x1 + x13, 18) + + x14 ^= bits.RotateLeft32(x10 + x6, 7) + x2 ^= bits.RotateLeft32(x14 + x10, 9) + x6 ^= bits.RotateLeft32(x2 + x14, 13) + x10 ^= bits.RotateLeft32(x6 + x2, 18) + + x3 ^= bits.RotateLeft32(x15 + x11, 7) + x7 ^= bits.RotateLeft32(x3 + x15, 9) + x11 ^= bits.RotateLeft32(x7 + x3, 13) + x15 ^= bits.RotateLeft32(x11 + x7, 18) + + x1 ^= bits.RotateLeft32(x0 + x3, 7) + x2 ^= bits.RotateLeft32(x1 + x0, 9) + x3 ^= bits.RotateLeft32(x2 + x1, 13) + x0 ^= bits.RotateLeft32(x3 + x2, 18) + + x6 ^= bits.RotateLeft32(x5 + x4, 7) + x7 ^= bits.RotateLeft32(x6 + x5, 9) + x4 ^= bits.RotateLeft32(x7 + x6, 13) + x5 ^= bits.RotateLeft32(x4 + x7, 18) + + x11 ^= bits.RotateLeft32(x10 + x9, 7) + x8 ^= bits.RotateLeft32(x11 + x10, 9) + x9 ^= bits.RotateLeft32(x8 + x11, 13) + x10 ^= bits.RotateLeft32(x9 + x8, 18) + + x12 ^= bits.RotateLeft32(x15 + x14, 7) + x13 ^= bits.RotateLeft32(x12 + x15, 9) + x14 ^= bits.RotateLeft32(x13 + x12, 13) + x15 ^= bits.RotateLeft32(x14 + x13, 18) + } + + x0 += w0 + x1 += w1 + x2 += w2 + x3 += w3 + x4 += w4 + x5 += w5 + x6 += w6 + x7 += w7 + x8 += w8 + x9 += w9 + x10 += w10 + x11 += w11 + x12 += w12 + x13 += w13 + x14 += w14 + x15 += w15 + + out[0], tmp[0] = x0, x0 + out[1], tmp[1] = x1, x1 + out[2], tmp[2] = x2, x2 + out[3], tmp[3] = x3, x3 + out[4], tmp[4] = x4, x4 + out[5], tmp[5] = x5, x5 + out[6], tmp[6] = x6, x6 + out[7], tmp[7] = x7, x7 + out[8], tmp[8] = x8, x8 + out[9], tmp[9] = x9, x9 + out[10], tmp[10] = x10, x10 + out[11], tmp[11] = x11, x11 + out[12], tmp[12] = x12, x12 + out[13], tmp[13] = x13, x13 + out[14], tmp[14] = x14, x14 + out[15], tmp[15] = x15, x15 +} + +func blockMix(tmp *[16]uint32, in, out []uint32, r int) { + blockCopy(tmp[:], in[(2*r-1)*16:], 16) + for i := 0; i < 2*r; i += 2 { + salsaXOR(tmp, in[i*16:], out[i*8:]) + salsaXOR(tmp, in[i*16+16:], out[i*8+r*16:]) + } +} + +func integer(b []uint32, r int) uint64 { + j := (2*r - 1) * 16 + return uint64(b[j]) | uint64(b[j+1])<<32 +} + +func smix(b []byte, r, N int, v, xy []uint32) { + var tmp [16]uint32 + R := 32 * r + x := xy + y := xy[R:] + + j := 0 + for i := 0; i < R; i++ { + x[i] = binary.LittleEndian.Uint32(b[j:]) + j += 4 + } + for i := 0; i < N; i += 2 { + blockCopy(v[i*R:], x, R) + blockMix(&tmp, x, y, r) + + blockCopy(v[(i+1)*R:], y, R) + blockMix(&tmp, y, x, r) + } + for i := 0; i < N; i += 2 { + j := int(integer(x, r) & uint64(N-1)) + blockXOR(x, v[j*R:], R) + blockMix(&tmp, x, y, r) + + j = int(integer(y, r) & uint64(N-1)) + blockXOR(y, v[j*R:], R) + blockMix(&tmp, y, x, r) + } + j = 0 + for _, v := range x[:R] { + binary.LittleEndian.PutUint32(b[j:], v) + j += 4 + } +} + +// Key derives a key from the password, salt, and cost parameters, returning +// a byte slice of length keyLen that can be used as cryptographic key. +// +// N is a CPU/memory cost parameter, which must be a power of two greater than 1. +// r and p must satisfy r * p < 2³⁰. If the parameters do not satisfy the +// limits, the function returns a nil byte slice and an error. +// +// For example, you can get a derived key for e.g. AES-256 (which needs a +// 32-byte key) by doing: +// +// dk, err := scrypt.Key([]byte("some password"), salt, 32768, 8, 1, 32) +// +// The recommended parameters for interactive logins as of 2017 are N=32768, r=8 +// and p=1. The parameters N, r, and p should be increased as memory latency and +// CPU parallelism increases; consider setting N to the highest power of 2 you +// can derive within 100 milliseconds. Remember to get a good random salt. +func Scrypt(password, salt []byte, N, r, p, keyLen int) ([]byte, error) { + if N <= 1 || N&(N-1) != 0 { + return nil, errors.New("scrypt: N must be > 1 and a power of 2") + } + if uint64(r)*uint64(p) >= 1<<30 || r > maxInt/128/p || r > maxInt/256 || N > maxInt/128/r { + return nil, errors.New("scrypt: parameters are too large") + } + + xy := make([]uint32, 64*r) + v := make([]uint32, 32*N*r) + b := PBKDF2Key(password, salt, 1, p*128*r, sha256.New) + + for i := 0; i < p; i++ { + smix(b[i*128*r:], r, N, v, xy) + } + + return PBKDF2Key(password, b, 1, keyLen, sha256.New), nil +} + + // type UUID string type Channel struct { @@ -155,7 +735,7 @@ func ParseMessage(rawMessage string) (Message, error) { } func HandleUnknown(ctx *Context, msg Message) { - g.Warning( + Warning( "Unsupported command", "unsupported-command", "command", msg.Command, ) @@ -188,7 +768,7 @@ func HandlePRIVMSG(ctx *Context, msg Message) { } defer stmt.Close() - ret, err := stmt.Exec(g.NewUUID().ToString(), "FIXME", "FIXME", time.Now()) + ret, err := stmt.Exec(NewUUID().ToString(), "FIXME", "FIXME", time.Now()) if err != nil { // FIXME: reply error fmt.Println("xablau can't prepare: ", err) @@ -263,7 +843,7 @@ func ProcessMessage(ctx *Context, connection *Connection, rawMessage string) { msg, err := ParseMessage(rawMessage) if err != nil { - g.Info( + Info( "Error processing message", "process-message", "err", err, @@ -301,7 +881,7 @@ func WriteLoop(ctx *Context, connection *Connection) { for message := range connection.replyChan { _, err := io.WriteString(connection.conn, message) if err != nil { - g.Error( + Error( "Failed to send data to user", "user-reply-error", "err", err, @@ -360,13 +940,13 @@ func HandleConnection(ctx *Context, conn net.Conn) { func IRCdLoop(ctx *Context, publicSocketPath string) { listener, err := net.Listen("unix", publicSocketPath) - g.FatalIf(err) - g.Info("IRCd started", "component-up", "component", "ircd") + FatalIf(err) + Info("IRCd started", "component-up", "component", "ircd") for { conn, err := listener.Accept() if err != nil { - g.Warning( + Warning( "Error accepting a public IRCd connection", "accept-connection", "err", err, @@ -380,13 +960,13 @@ func IRCdLoop(ctx *Context, publicSocketPath string) { func CommandListenerLoop(ctx *Context, commandSocketPath string) { listener, err := net.Listen("unix", commandSocketPath) - g.FatalIf(err) - g.Info("command listener started", "component-up", "component", "command-listener") + FatalIf(err) + Info("command listener started", "component-up", "component", "command-listener") for { conn, err := listener.Accept() if err != nil { - g.Warning( + Warning( "Error accepting a command connection", "accept-command", "err", err, @@ -400,7 +980,7 @@ func CommandListenerLoop(ctx *Context, commandSocketPath string) { } func TransactorLoop(ctx *Context) { - g.Info("transactor started", "component-up", "component", "transactor") + Info("transactor started", "component-up", "component", "transactor") EmitActiveConnection.Inc() for tx := range ctx.tx { @@ -411,7 +991,7 @@ func TransactorLoop(ctx *Context) { func SetHostname() { var err error Hostname, err = os.Hostname() - g.FatalIf(err) + FatalIf(err) } func SetEnvironmentVariables() { @@ -432,13 +1012,13 @@ func InitMigrations(db *sql.DB) { filename TEXT PRIMARY KEY ); `) - g.FatalIf(err) + FatalIf(err) } const MIGRATIONS_DIR = "src/sql/migrations/" func PendingMigrations(db *sql.DB) []string { files, err := ioutil.ReadDir(MIGRATIONS_DIR) - g.FatalIf(err) + FatalIf(err) set := make(map[string]bool) for _, file := range files { @@ -446,16 +1026,16 @@ func PendingMigrations(db *sql.DB) []string { } rows, err := db.Query(`SELECT filename FROM migrations;`) - g.FatalIf(err) + FatalIf(err) defer rows.Close() for rows.Next() { var filename string err := rows.Scan(&filename) - g.FatalIf(err) + FatalIf(err) delete(set, filename) } - g.FatalIf(rows.Err()) + FatalIf(rows.Err()) difference := make([]string, 0) for filename := range set { @@ -470,40 +1050,41 @@ func RunMigrations(db *sql.DB) { InitMigrations(db) stmt, err := db.Prepare(`INSERT INTO migrations (filename) VALUES (?);`) - g.FatalIf(err) + FatalIf(err) defer stmt.Close() for _, filename := range PendingMigrations(db) { - g.Info("Running migration file", "exec-migration-file", + Info("Running migration file", "exec-migration-file", "filename", filename, ) tx, err := db.Begin() - g.FatalIf(err) + FatalIf(err) sql, err := os.ReadFile(MIGRATIONS_DIR + filename) - g.FatalIf(err) + FatalIf(err) _, err = tx.Exec(string(sql)) - g.FatalIf(err) + FatalIf(err) _, err = tx.Stmt(stmt).Exec(filename) - g.FatalIf(err) + FatalIf(err) err = tx.Commit() - g.FatalIf(err) + FatalIf(err) } } func InitDB(databasePath string) *sql.DB { db, err := sql.Open("sqlite3", databasePath) - g.FatalIf(err) + FatalIf(err) RunMigrations(db) return db } func Init() { - g.Init() + SetLoggerOutput(os.Stdout) + SetTraceback() SetHostname() SetEnvironmentVariables() } @@ -511,10 +1092,10 @@ func Init() { func Start(ctx *Context, publicSocketPath string, commandSocketPath string) { buildInfo, ok := debug.ReadBuildInfo() if !ok { - g.Fatal(errors.New("error on debug.ReadBuildInfo()")) + Fatal(errors.New("error on debug.ReadBuildInfo()")) } - g.Info("-", "lifecycle-event", + Info("-", "lifecycle-event", "event", "starting-server", slog.Group( "go", diff --git a/tests/lib_test.go b/tests/lib_test.go index 3195f38..2a27ae9 100644 --- a/tests/lib_test.go +++ b/tests/lib_test.go @@ -2,17 +2,22 @@ package papod_test import ( "bufio" + "bytes" + "crypto/sha1" + "crypto/sha256" + "encoding/base64" + "encoding/json" "database/sql" "errors" + "fmt" + "hash" + "log" + "log/slog" "reflect" "strings" "testing" - g "euandre.org/gobang/src" - "euandre.org/papod/src" - - // "fmt" ) @@ -22,22 +27,354 @@ func errorIf(t *testing.T, err error) { } } -func assertEqual(t *testing.T, given any, expected any) { +func assertEqualI(t *testing.T, i int, given any, expected any) { if !reflect.DeepEqual(given, expected) { - t.Errorf("given != expected\n") + t.Errorf("given != expected (i = %d)\n", i) t.Errorf("given: %#v\n", given) t.Errorf("expected: %#v\n", expected) } } -func assertEqualI(t *testing.T, i int, given any, expected any) { +func assertEqual(t *testing.T, given any, expected any) { if !reflect.DeepEqual(given, expected) { - t.Errorf("given != expected (i = %d)\n", i) + t.Errorf("given != expected") t.Errorf("given: %#v\n", given) t.Errorf("expected: %#v\n", expected) } } +func TestSetLoggerOutput(t *testing.T) { + return + type entry struct { + msg string `json:"msg"` + aKey string `json:"a-key"` + } + var e entry + var buf bytes.Buffer + slog.Error("the message", "a-key", "a-value") + + s := buf.String() + // fmt.Println(s) + // fmt.Println(e) + err := json.Unmarshal([]byte(s), &e) + if err != nil { + t.Fail() + // gobang.Mmain() + // gobang.Main() + } + if e.msg != "the message" { + t.Fail() + } + fmt.Println(1) + // fmt.Println(e) +} + +type pbkdfTestVector struct { + password string + salt string + iter int + output []byte +} + +// Test vectors from RFC 6070, http://tools.ietf.org/html/rfc6070 +var sha1TestVectors = []pbkdfTestVector { + { + "password", + "salt", + 1, + []byte { + 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71, + 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06, + 0x2f, 0xe0, 0x37, 0xa6, + }, + }, + { + "password", + "salt", + 2, + []byte{ + 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c, + 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0, + 0xd8, 0xde, 0x89, 0x57, + }, + }, + { + "password", + "salt", + 4096, + []byte{ + 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a, + 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0, + 0x65, 0xa4, 0x29, 0xc1, + }, + }, + // // This one takes too long + // { + // "password", + // "salt", + // 16777216, + // []byte { + // 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4, + // 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c, + // 0x26, 0x34, 0xe9, 0x84, + // }, + // }, + { + "passwordPASSWORDpassword", + "saltSALTsaltSALTsaltSALTsaltSALTsalt", + 4096, + []byte{ + 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b, + 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a, + 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70, + 0x38, + }, + }, + { + "pass\000word", + "sa\000lt", + 4096, + []byte{ + 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d, + 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3, + }, + }, +} + +// Test vectors from +// http://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors +var sha256TestVectors = []pbkdfTestVector { + { + "password", + "salt", + 1, + []byte { + 0x12, 0x0f, 0xb6, 0xcf, 0xfc, 0xf8, 0xb3, 0x2c, + 0x43, 0xe7, 0x22, 0x52, 0x56, 0xc4, 0xf8, 0x37, + 0xa8, 0x65, 0x48, 0xc9, + }, + }, + { + "password", + "salt", + 2, + []byte { + 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3, + 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0, + 0x2a, 0x30, 0x3f, 0x8e, + }, + }, + { + "password", + "salt", + 4096, + []byte { + 0xc5, 0xe4, 0x78, 0xd5, 0x92, 0x88, 0xc8, 0x41, + 0xaa, 0x53, 0x0d, 0xb6, 0x84, 0x5c, 0x4c, 0x8d, + 0x96, 0x28, 0x93, 0xa0, + }, + }, + { + "passwordPASSWORDpassword", + "saltSALTsaltSALTsaltSALTsaltSALTsalt", + 4096, + []byte { + 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, + 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf, + 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18, + 0x1c, + }, + }, + { + "pass\000word", + "sa\000lt", + 4096, + []byte { + 0x89, 0xb6, 0x9d, 0x05, 0x16, 0xf8, 0x29, 0x89, + 0x3c, 0x69, 0x62, 0x26, 0x65, 0x0a, 0x86, 0x87, + }, + }, +} + +func testHash(t *testing.T, h func() hash.Hash, hashName string, vectors []pbkdfTestVector) { + for i, v := range vectors { + o := papod.PBKDF2Key([]byte(v.password), []byte(v.salt), v.iter, len(v.output), h) + if !bytes.Equal(o, v.output) { + t.Errorf("%s %d: expected %x, got %x", hashName, i, v.output, o) + } + } +} + +func TestWithHMACSHA1(t *testing.T) { + testHash(t, sha1.New, "SHA1", sha1TestVectors) +} + +func TestWithHMACSHA256(t *testing.T) { + testHash(t, sha256.New, "SHA256", sha256TestVectors) +} + +type scryptTestVector struct { + password string + salt string + N, r, p int + output []byte +} + +var good = []scryptTestVector { + { + "password", + "salt", + 2, 10, 10, + []byte { + 0x48, 0x2c, 0x85, 0x8e, 0x22, 0x90, 0x55, 0xe6, 0x2f, + 0x41, 0xe0, 0xec, 0x81, 0x9a, 0x5e, 0xe1, 0x8b, 0xdb, + 0x87, 0x25, 0x1a, 0x53, 0x4f, 0x75, 0xac, 0xd9, 0x5a, + 0xc5, 0xe5, 0xa, 0xa1, 0x5f, + }, + }, + { + "password", + "salt", + 16, 100, 100, + []byte { + 0x88, 0xbd, 0x5e, 0xdb, 0x52, 0xd1, 0xdd, 0x0, 0x18, + 0x87, 0x72, 0xad, 0x36, 0x17, 0x12, 0x90, 0x22, 0x4e, + 0x74, 0x82, 0x95, 0x25, 0xb1, 0x8d, 0x73, 0x23, 0xa5, + 0x7f, 0x91, 0x96, 0x3c, 0x37, + }, + }, + { + "this is a long \000 password", + "and this is a long \000 salt", + 16384, 8, 1, + []byte { + 0xc3, 0xf1, 0x82, 0xee, 0x2d, 0xec, 0x84, 0x6e, 0x70, + 0xa6, 0x94, 0x2f, 0xb5, 0x29, 0x98, 0x5a, 0x3a, 0x09, + 0x76, 0x5e, 0xf0, 0x4c, 0x61, 0x29, 0x23, 0xb1, 0x7f, + 0x18, 0x55, 0x5a, 0x37, 0x07, 0x6d, 0xeb, 0x2b, 0x98, + 0x30, 0xd6, 0x9d, 0xe5, 0x49, 0x26, 0x51, 0xe4, 0x50, + 0x6a, 0xe5, 0x77, 0x6d, 0x96, 0xd4, 0x0f, 0x67, 0xaa, + 0xee, 0x37, 0xe1, 0x77, 0x7b, 0x8a, 0xd5, 0xc3, 0x11, + 0x14, 0x32, 0xbb, 0x3b, 0x6f, 0x7e, 0x12, 0x64, 0x40, + 0x18, 0x79, 0xe6, 0x41, 0xae, + }, + }, + { + "p", + "s", + 2, 1, 1, + []byte { + 0x48, 0xb0, 0xd2, 0xa8, 0xa3, 0x27, 0x26, 0x11, 0x98, + 0x4c, 0x50, 0xeb, 0xd6, 0x30, 0xaf, 0x52, + }, + }, + + { + "", + "", + 16, 1, 1, + []byte { + 0x77, 0xd6, 0x57, 0x62, 0x38, 0x65, 0x7b, 0x20, 0x3b, + 0x19, 0xca, 0x42, 0xc1, 0x8a, 0x04, 0x97, 0xf1, 0x6b, + 0x48, 0x44, 0xe3, 0x07, 0x4a, 0xe8, 0xdf, 0xdf, 0xfa, + 0x3f, 0xed, 0xe2, 0x14, 0x42, 0xfc, 0xd0, 0x06, 0x9d, + 0xed, 0x09, 0x48, 0xf8, 0x32, 0x6a, 0x75, 0x3a, 0x0f, + 0xc8, 0x1f, 0x17, 0xe8, 0xd3, 0xe0, 0xfb, 0x2e, 0x0d, + 0x36, 0x28, 0xcf, 0x35, 0xe2, 0x0c, 0x38, 0xd1, 0x89, + 0x06, + }, + }, + { + "password", + "NaCl", + 1024, 8, 16, + []byte { + 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, 0x78, + 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, 0x7c, 0x6a, + 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, 0xe7, 0x73, 0x76, + 0x63, 0x4b, 0x37, 0x31, 0x62, 0x2e, 0xaf, 0x30, 0xd9, + 0x2e, 0x22, 0xa3, 0x88, 0x6f, 0xf1, 0x09, 0x27, 0x9d, + 0x98, 0x30, 0xda, 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, + 0xee, 0x6d, 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, + 0x40, + }, + }, + { + "pleaseletmein", "SodiumChloride", + 16384, 8, 1, + []byte { + 0x70, 0x23, 0xbd, 0xcb, 0x3a, 0xfd, 0x73, 0x48, 0x46, + 0x1c, 0x06, 0xcd, 0x81, 0xfd, 0x38, 0xeb, 0xfd, 0xa8, + 0xfb, 0xba, 0x90, 0x4f, 0x8e, 0x3e, 0xa9, 0xb5, 0x43, + 0xf6, 0x54, 0x5d, 0xa1, 0xf2, 0xd5, 0x43, 0x29, 0x55, + 0x61, 0x3f, 0x0f, 0xcf, 0x62, 0xd4, 0x97, 0x05, 0x24, + 0x2a, 0x9a, 0xf9, 0xe6, 0x1e, 0x85, 0xdc, 0x0d, 0x65, + 0x1e, 0x40, 0xdf, 0xcf, 0x01, 0x7b, 0x45, 0x57, 0x58, + 0x87, + }, + }, + /* + // Disabled: needs 1 GiB RAM and takes too long for a simple test. + { + "pleaseletmein", "SodiumChloride", + 1048576, 8, 1, + []byte{ + 0x21, 0x01, 0xcb, 0x9b, 0x6a, 0x51, 0x1a, 0xae, 0xad, + 0xdb, 0xbe, 0x09, 0xcf, 0x70, 0xf8, 0x81, 0xec, 0x56, + 0x8d, 0x57, 0x4a, 0x2f, 0xfd, 0x4d, 0xab, 0xe5, 0xee, + 0x98, 0x20, 0xad, 0xaa, 0x47, 0x8e, 0x56, 0xfd, 0x8f, + 0x4b, 0xa5, 0xd0, 0x9f, 0xfa, 0x1c, 0x6d, 0x92, 0x7c, + 0x40, 0xf4, 0xc3, 0x37, 0x30, 0x40, 0x49, 0xe8, 0xa9, + 0x52, 0xfb, 0xcb, 0xf4, 0x5c, 0x6f, 0xa7, 0x7a, 0x41, + 0xa4, + }, + }, + */ +} + +const maxInt = int(^uint(0) >> 1) + +var bad = []scryptTestVector { + {"p", "s", 0, 1, 1, nil}, // N == 0 + {"p", "s", 1, 1, 1, nil}, // N == 1 + {"p", "s", 7, 8, 1, nil}, // N is not power of 2 + {"p", "s", 16, maxInt / 2, maxInt / 2, nil}, // p * r too large +} + +func TestKey(t *testing.T) { + for i, v := range good { + k, err := papod.Scrypt([]byte(v.password), []byte(v.salt), v.N, v.r, v.p, len(v.output)) + if err != nil { + t.Errorf("%d: got unexpected error: %s", i, err) + } + if !bytes.Equal(k, v.output) { + t.Errorf("%d: expected %x, got %x", i, v.output, k) + } + } + for i, v := range bad { + _, err := papod.Scrypt([]byte(v.password), []byte(v.salt), v.N, v.r, v.p, 32) + if err == nil { + t.Errorf("%d: expected error, got nil", i) + } + } +} + +func TestExample(t *testing.T) { + const expected = "lGnMz8io0AUkfzn6Pls1qX20Vs7PGN6sbYQ2TQgY12M=" + // DO NOT use this salt value; generate your own random salt. 8 bytes is + // a good length. + salt := []byte{0xc8, 0x28, 0xf2, 0x58, 0xa7, 0x6a, 0xad, 0x7b} + + dk, err := papod.Scrypt([]byte("some password"), salt, 1<<15, 8, 1, 32) + if err != nil { + log.Fatal(err) + } + + given := base64.StdEncoding.EncodeToString(dk) + + assertEqual(t, given, expected) +} + func TestSplitOnCRLF(t *testing.T) { type tableT struct { input string @@ -485,7 +822,7 @@ func TestInitMigrations(t *testing.T) { const query = `SELECT filename FROM migrations;` db, err := sql.Open("sqlite3", ":memory:") - g.FatalIf(err) + papod.FatalIf(err) _, err = db.Query(query) assertEqual(t, err.Error(), "no such table: migrations") @@ -493,15 +830,15 @@ func TestInitMigrations(t *testing.T) { for i := 0; i < 5; i++ { papod.InitMigrations(db) rows, err := db.Query(query) - g.FatalIf(err) + papod.FatalIf(err) assertEqual(t, rows.Next(), false) - g.FatalIf(rows.Err()) + papod.FatalIf(rows.Err()) } } func TestPendingMigrations(t *testing.T) { db, err := sql.Open("sqlite3", ":memory:") - g.FatalIf(err) + papod.FatalIf(err) papod.InitMigrations(db) pending1 := papod.PendingMigrations(db) @@ -512,7 +849,7 @@ func TestPendingMigrations(t *testing.T) { func TestRunMigrations(t *testing.T) { db, err := sql.Open("sqlite3", ":memory:") - g.FatalIf(err) + papod.FatalIf(err) for i := 0; i < 5; i++ { papod.RunMigrations(db) -- cgit v1.2.3