sodium.cr/spec/sodium/pwhash_spec.cr

require "../spec_helper"

private def pw_min
  pwhash = Sodium::Pwhash.new

  # set to minimum to speed up tests
  pwhash.memlimit = Sodium::Pwhash::MEMLIMIT_MIN
  pwhash.opslimit = Sodium::Pwhash::OPSLIMIT_MIN
  pwhash
end

describe Sodium::Pwhash do
  it "hashes and verifies a password" do
    pwhash = pw_min

    pass = "1234"
    hash = pwhash.store pass
    pwhash.verify hash, pass
    expect_raises(Sodium::Pwhash::PasswordVerifyError) do
      pwhash.verify hash, "5678"
    end

    pwhash.needs_rehash?(hash).should be_false
    pwhash.opslimit = Sodium::Pwhash::OPSLIMIT_MAX
    pwhash.needs_rehash?(hash).should be_true
  end

  it "key_derive fails without an algorithm" do
    pwhash = pw_min
    expect_raises(ArgumentError) do
      pwhash.key_derive pwhash.salt, "foo", 16
    end
  end

  it "derives a key from a password" do
    pwhash = pw_min
    pwhash.algorithm = Sodium::Pwhash::Algorithm::Argon2id13
    salt = pwhash.salt
    key1 = pwhash.key_derive salt, "foo", 16
    key2 = pwhash.key_derive salt, "foo", 16
    key3 = pwhash.key_derive salt, "bar", 16
    key4 = pwhash.key_derive pwhash.salt, "foo", 16

    key1.bytesize.should eq 16
    key1.should eq key2
    key1.should_not eq key3
    key1.should_not eq key4
    # BUG: validate against known passwords
  end
end
Add libsodium password hashing 2019-05-29 01:15:13 +02:00			`require "../spec_helper"`

PWhash add key derivation. 2019-06-27 17:03:33 +02:00			`private def pw_min`
Rename project from "cox" to "sodium.cr". 2019-06-29 01:17:09 +02:00			`pwhash = Sodium::Pwhash.new`
Add libsodium password hashing 2019-05-29 01:15:13 +02:00
Formatting 2019-06-28 02:20:02 +02:00			`# set to minimum to speed up tests`
Rename project from "cox" to "sodium.cr". 2019-06-29 01:17:09 +02:00			`pwhash.memlimit = Sodium::Pwhash::MEMLIMIT_MIN`
			`pwhash.opslimit = Sodium::Pwhash::OPSLIMIT_MIN`
Formatting 2019-06-28 02:20:02 +02:00			`pwhash`
PWhash add key derivation. 2019-06-27 17:03:33 +02:00			`end`

Rename project from "cox" to "sodium.cr". 2019-06-29 01:17:09 +02:00			`describe Sodium::Pwhash do`
PWhash add key derivation. 2019-06-27 17:03:33 +02:00			`it "hashes and verifies a password" do`
			`pwhash = pw_min`
Add libsodium password hashing 2019-05-29 01:15:13 +02:00
			`pass = "1234"`
PWhash add key derivation. 2019-06-27 17:03:33 +02:00			`hash = pwhash.store pass`
Add libsodium password hashing 2019-05-29 01:15:13 +02:00			`pwhash.verify hash, pass`
Rename project from "cox" to "sodium.cr". 2019-06-29 01:17:09 +02:00			`expect_raises(Sodium::Pwhash::PasswordVerifyError) do`
Add libsodium password hashing 2019-05-29 01:15:13 +02:00			`pwhash.verify hash, "5678"`
			`end`

			`pwhash.needs_rehash?(hash).should be_false`
Rename project from "cox" to "sodium.cr". 2019-06-29 01:17:09 +02:00			`pwhash.opslimit = Sodium::Pwhash::OPSLIMIT_MAX`
Add libsodium password hashing 2019-05-29 01:15:13 +02:00			`pwhash.needs_rehash?(hash).should be_true`
			`end`
PWhash add key derivation. 2019-06-27 17:03:33 +02:00
			`it "key_derive fails without an algorithm" do`
			`pwhash = pw_min`
			`expect_raises(ArgumentError) do`
			`pwhash.key_derive pwhash.salt, "foo", 16`
			`end`
			`end`

			`it "derives a key from a password" do`
			`pwhash = pw_min`
Rename project from "cox" to "sodium.cr". 2019-06-29 01:17:09 +02:00			`pwhash.algorithm = Sodium::Pwhash::Algorithm::Argon2id13`
PWhash add key derivation. 2019-06-27 17:03:33 +02:00			`salt = pwhash.salt`
			`key1 = pwhash.key_derive salt, "foo", 16`
			`key2 = pwhash.key_derive salt, "foo", 16`
			`key3 = pwhash.key_derive salt, "bar", 16`
			`key4 = pwhash.key_derive pwhash.salt, "foo", 16`

			`key1.bytesize.should eq 16`
			`key1.should eq key2`
			`key1.should_not eq key3`
			`key1.should_not eq key4`
Formatting 2019-06-28 02:20:02 +02:00			`# BUG: validate against known passwords`
PWhash add key derivation. 2019-06-27 17:03:33 +02:00			`end`
Add libsodium password hashing 2019-05-29 01:15:13 +02:00			`end`