1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
require "spec"
require "crypto/bcrypt"
require "random/secure"
describe "Crypto::Bcrypt" do
latin1_pound_sign = String.new(Bytes.new(1, 0xa3_u8))
utf8_pound_sign = String.new(Bytes.new(2) { |i| i == 0 ? 0xc2_u8 : 0xa3_u8 })
bit8_unicode_pound_sign = "\u00A3"
vectors = [
{6, "a", "m0CrhHm10qJ3lXRY.5zDGO", "3rS2KdeeWLuGmsfGlMfOxih58VYVfxe"},
{6, "abc", "If6bvum7DFjUnE9p2uDeDu", "0YHzrHM6tf.iqN8.yx.jNN1ILEf7h0i"},
{6, "abcdefghijklmnopqrstuvwxyz", ".rCVZVOThsIa97pEDOxvGu", "RRgzG64bvtJ0938xuqzv18d3ZpQhstC"},
{6, "~!@#$%^&*() ~!@#$%^&*()PNBFRD", "fPIsBO8qRqkjj273rfaOI.", "HtSV9jLDpTbZn782DC6/t7qT67P6FfO"},
{8, "~!@#$%^&*() ~!@#$%^&*()PNBFRD", "Eq2r4G/76Wv39MzSX262hu", "zPz612MZiYHVUJe/OcOql2jo4.9UxTW"},
{10, "~!@#$%^&*() ~!@#$%^&*()PNBFRD", "LgfYWkbzEvQ4JakH7rOvHe", "0y8pHKF9OaFgwUZ2q7W2FFZmZzJYlfS"},
{5, latin1_pound_sign, "CCCCCCCCCCCCCCCCCCCCC.", "BvtRGGx3p8o0C5C36uS442Qqnrwofrq"},
{5, utf8_pound_sign, "CCCCCCCCCCCCCCCCCCCCC.", "CAzSxlf0FLW7g1A5q7W/ZCj1xsN6A.e"},
{5, bit8_unicode_pound_sign, "CCCCCCCCCCCCCCCCCCCCC.", "CAzSxlf0FLW7g1A5q7W/ZCj1xsN6A.e"},
{5, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789012345678", "VU6N0LbtX7trKLCg4Uf8qe", "5WYPzqIUUIrkveFjCbMg/hXc592OQLK"},
]
it "computes digest vectors" do
vectors.each_with_index do |vector, index|
cost, password, salt, digest = vector
bc = Crypto::Bcrypt.new(password, salt, cost)
Crypto::Bcrypt::Base64.encode(bc.digest, 23).should eq(digest)
end
end
it "validates salt size" do
expect_raises(Crypto::Bcrypt::Error, /Invalid salt size/) do
Crypto::Bcrypt.new("abcd", Random::Secure.hex(7))
end
expect_raises(Crypto::Bcrypt::Error, /Invalid salt size/) do
Crypto::Bcrypt.new("abcd", Random::Secure.hex(9))
end
end
it "validates cost" do
salt = Random::Secure.hex(8)
expect_raises(Crypto::Bcrypt::Error, /Invalid cost/) do
Crypto::Bcrypt.new("abcd", salt, 3)
end
expect_raises(Crypto::Bcrypt::Error, /Invalid cost/) do
Crypto::Bcrypt.new("abcd", salt, 32)
end
end
it "validates password size" do
salt = Random::Secure.random_bytes(16)
expect_raises(Crypto::Bcrypt::Error, /Invalid password size/) do
Crypto::Bcrypt.new("".to_slice, salt)
end
expect_raises(Crypto::Bcrypt::Error, /Invalid password size/) do
Crypto::Bcrypt.new("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 invalid".to_slice, salt)
end
end
# Read http://lwn.net/Articles/448699/
it "doesn't have the sign expansion (high 8bit) security flaw" do
salt = "OK.fbVrR/bpIqNJ5ianF.C"
hash1 = Crypto::Bcrypt.new("ab#{latin1_pound_sign}", salt, 5)
hash2 = Crypto::Bcrypt.new(latin1_pound_sign, salt, 5)
hash2.should_not eq(hash1)
end
end
|
