diff options
| author | EuAndreh <eu@euandre.org> | 2024-10-18 13:45:15 -0300 |
|---|---|---|
| committer | EuAndreh <eu@euandre.org> | 2024-10-18 18:04:41 -0300 |
| commit | 804ca010dd354ff30e12dbf2c40dcb83e9820918 (patch) | |
| tree | 434bd43a59308089c1de4e38fb6980fc61a3f9c4 /tests/scrypt.go | |
| parent | Add baseline functional test, fuzz target and benchmark (diff) | |
| download | scrypt-804ca010dd354ff30e12dbf2c40dcb83e9820918.tar.gz scrypt-804ca010dd354ff30e12dbf2c40dcb83e9820918.tar.xz | |
Remove Go code in favor of upstream libscrypt-kdf
Adapt build to handle cgo shenanigans.
Diffstat (limited to '')
| -rw-r--r-- | tests/scrypt.go | 267 |
1 files changed, 71 insertions, 196 deletions
diff --git a/tests/scrypt.go b/tests/scrypt.go index cb97b08..f499f84 100644 --- a/tests/scrypt.go +++ b/tests/scrypt.go @@ -1,175 +1,19 @@ package scrypt import ( - "crypto/sha1" - "crypto/sha256" "encoding/base64" - // "encoding/hex" - "hash" + "strings" g "gobang" ) -type pbkdfTestVector struct { - password string - salt string - iter int - output []byte -} - -// Test vectors from RFC 6070, http://tools.ietf.org/html/rfc6070 -var sha1TestVectors = []pbkdfTestVector { - { - "password", - "salt", - 1, - []byte { - 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71, - 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06, - 0x2f, 0xe0, 0x37, 0xa6, - }, - }, - { - "password", - "salt", - 2, - []byte{ - 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c, - 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0, - 0xd8, 0xde, 0x89, 0x57, - }, - }, - { - "password", - "salt", - 4096, - []byte{ - 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a, - 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0, - 0x65, 0xa4, 0x29, 0xc1, - }, - }, - // // This one takes too long - // { - // "password", - // "salt", - // 16777216, - // []byte { - // 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4, - // 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c, - // 0x26, 0x34, 0xe9, 0x84, - // }, - // }, - { - "passwordPASSWORDpassword", - "saltSALTsaltSALTsaltSALTsaltSALTsalt", - 4096, - []byte{ - 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b, - 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a, - 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70, - 0x38, - }, - }, - { - "pass\000word", - "sa\000lt", - 4096, - []byte{ - 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d, - 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3, - }, - }, -} - -// Test vectors from -// http://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors -var sha256TestVectors = []pbkdfTestVector { - { - "password", - "salt", - 1, - []byte { - 0x12, 0x0f, 0xb6, 0xcf, 0xfc, 0xf8, 0xb3, 0x2c, - 0x43, 0xe7, 0x22, 0x52, 0x56, 0xc4, 0xf8, 0x37, - 0xa8, 0x65, 0x48, 0xc9, - }, - }, - { - "password", - "salt", - 2, - []byte { - 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3, - 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0, - 0x2a, 0x30, 0x3f, 0x8e, - }, - }, - { - "password", - "salt", - 4096, - []byte { - 0xc5, 0xe4, 0x78, 0xd5, 0x92, 0x88, 0xc8, 0x41, - 0xaa, 0x53, 0x0d, 0xb6, 0x84, 0x5c, 0x4c, 0x8d, - 0x96, 0x28, 0x93, 0xa0, - }, - }, - { - "passwordPASSWORDpassword", - "saltSALTsaltSALTsaltSALTsaltSALTsalt", - 4096, - []byte { - 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, - 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf, - 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18, - 0x1c, - }, - }, - { - "pass\000word", - "sa\000lt", - 4096, - []byte { - 0x89, 0xb6, 0x9d, 0x05, 0x16, 0xf8, 0x29, 0x89, - 0x3c, 0x69, 0x62, 0x26, 0x65, 0x0a, 0x86, 0x87, - }, - }, -} - -func testHash(h func() hash.Hash, hashName string, vectors []pbkdfTestVector) { - for _, v := range vectors { - out := _PBKDF2Key( - []byte(v.password), - []byte(v.salt), - v.iter, - len(v.output), - h, - ) - g.TAssertEqual(out, v.output) - } -} - -func test__PBKDF() { - g.TestStart("_PBKDF()") - - g.Testing("HMAC with SHA1", func() { - testHash(sha1.New, "SHA1", sha1TestVectors) - }) - - g.Testing("HMAC with SHA256", func() { - testHash(sha256.New, "SHA256", sha256TestVectors) - }) -} - type scryptTestVector struct { password string salt string N, r, p int output []byte - err error } var good = []scryptTestVector { @@ -183,7 +27,6 @@ var good = []scryptTestVector { 0x87, 0x25, 0x1a, 0x53, 0x4f, 0x75, 0xac, 0xd9, 0x5a, 0xc5, 0xe5, 0xa, 0xa1, 0x5f, }, - nil, }, { "password", @@ -195,7 +38,6 @@ var good = []scryptTestVector { 0x74, 0x82, 0x95, 0x25, 0xb1, 0x8d, 0x73, 0x23, 0xa5, 0x7f, 0x91, 0x96, 0x3c, 0x37, }, - nil, }, { "this is a long \000 password", @@ -212,7 +54,6 @@ var good = []scryptTestVector { 0x14, 0x32, 0xbb, 0x3b, 0x6f, 0x7e, 0x12, 0x64, 0x40, 0x18, 0x79, 0xe6, 0x41, 0xae, }, - nil, }, { "p", @@ -222,9 +63,7 @@ var good = []scryptTestVector { 0x48, 0xb0, 0xd2, 0xa8, 0xa3, 0x27, 0x26, 0x11, 0x98, 0x4c, 0x50, 0xeb, 0xd6, 0x30, 0xaf, 0x52, }, - nil, }, - { "", "", @@ -239,7 +78,6 @@ var good = []scryptTestVector { 0x36, 0x28, 0xcf, 0x35, 0xe2, 0x0c, 0x38, 0xd1, 0x89, 0x06, }, - nil, }, { "password", @@ -255,7 +93,6 @@ var good = []scryptTestVector { 0xee, 0x6d, 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40, }, - nil, }, { "pleaseletmein", "SodiumChloride", @@ -270,7 +107,6 @@ var good = []scryptTestVector { 0x1e, 0x40, 0xdf, 0xcf, 0x01, 0x7b, 0x45, 0x57, 0x58, 0x87, }, - nil, }, // // Disabled: needs 1 GiB RAM and takes too long for a simple test. // { @@ -286,16 +122,15 @@ var good = []scryptTestVector { // 0x52, 0xfb, 0xcb, 0xf4, 0x5c, 0x6f, 0xa7, 0x7a, 0x41, // 0xa4, // }, - // nil, // }, } -const halfMax = maxInt / 2 +const halfMax = (int((^uint(0)) >> 1)) / 2 var bad = []scryptTestVector { - {"p", "s", 0, 1, 1, nil, ErrBadN}, // N == 0 - {"p", "s", 1, 1, 1, nil, ErrBadN}, // N == 1 - {"p", "s", 7, 8, 1, nil, ErrBadN}, // N is not power of 2 - {"p", "s", 16, halfMax, halfMax, nil, ErrParamsTooLarge}, // p * r too large + {"p", "s", 0, 1, 1, nil}, // N == 0 + {"p", "s", 1, 1, 1, nil}, // N == 1 + {"p", "s", 7, 8, 1, nil}, // N is not power of 2 + {"p", "s", 16, halfMax, halfMax, nil}, // p * r too large } func test_scrypt() { @@ -326,7 +161,7 @@ func test_scrypt() { v.p, 32, ) - g.TAssertEqual(err, v.err) + g.TErrorNil(err) } }) @@ -354,34 +189,22 @@ func test_scrypt() { func test_SaltFrom() { g.TestStart("SaltFrom()") - g.Testing("error when reader errors", func() { + g.Testing("reader error is propagated", func() { + r := strings.NewReader("input") + payload, err := SaltFrom(r) + g.TAssertEqual(err.Error(), "unexpected EOF") + g.TAssertEqual(payload, []byte(nil)) }) - // FIXME -} - -func test_HashFrom() { - g.TestStart("HashFrom()") - // FIXME -} - -func test_CheckFrom() { - g.TestStart("CheckFrom()") - // FIXME } func test_Salt() { g.TestStart("Salt()") - /* g.Testing("we generate a random salt of a fixed size", func() { - salt := Salt() - g.TAssertEqual(len(salt), saltMinLength) - - var buffer [saltMinLength * 2]byte - hex.Encode(buffer[:], salt) - // FIXME + salt, err := Salt() + g.TErrorIf(err) + g.TAssertEqual(len(salt), _SALT_MIN_LENGTH) }) - */ } func test_Hash() { @@ -406,17 +229,69 @@ func test_Hash() { func test_Check() { g.TestStart("Check()") - // FIXME + + h := func(password []byte, salt []byte) []byte { + hash, err := Hash(password, salt) + g.TErrorIf(err) + return hash + } + + chk := func(password []byte, salt []byte, hash []byte) bool { + ok, err := Check(password, salt, hash) + g.TErrorIf(err) + return ok + } + + + g.Testing("true for equal inputs", func() { + password1 := []byte("password") + password2 := []byte("passw0rd") + salt1 := []byte("salt0000111111112222222233333333") + salt2 := []byte("salt0000l11111112222222233333333") + + hash1 := h(password1, salt1) + hash2 := h(password1, salt2) + hash3 := h(password2, salt1) + hash4 := h(password2, salt2) + + given1 := []bool{ + chk(password1, salt1, hash1), + chk(password1, salt2, hash2), + chk(password2, salt1, hash3), + chk(password2, salt2, hash4), + } + + expected1 := []bool{ + true, + true, + true, + true, + } + + given2 := []bool{ + chk(password1, salt1, hash4), + chk(password1, salt2, hash3), + chk(password2, salt1, hash2), + chk(password2, salt2, hash1), + } + + expected2 := []bool{ + false, + false, + false, + false, + } + + g.TAssertEqual(given1, expected1) + g.TAssertEqual(given2, expected2) + }) } func MainTest() { - test__PBKDF() test_scrypt() test_SaltFrom() - test_HashFrom() - test_CheckFrom() test_Salt() test_Hash() test_Check() |