227 lines
9.2 KiB
JavaScript
227 lines
9.2 KiB
JavaScript
|
const test = require('brittle')
|
||
|
const sodium = require('..')
|
||
|
|
||
|
test('constants', function (t) {
|
||
|
t.ok(sodium.crypto_pwhash_ALG_ARGON2I13 != null, 'crypto_pwhash_ALG_ARGON2I13 is defined')
|
||
|
t.ok(sodium.crypto_pwhash_ALG_ARGON2ID13 != null, 'crypto_pwhash_ALG_ARGON2ID13 is defined')
|
||
|
t.ok(sodium.crypto_pwhash_ALG_DEFAULT === sodium.crypto_pwhash_ALG_ARGON2ID13, 'crypto_pwhash_ALG_DEFAULT is crypto_pwhash_ALG_ARGON2ID13')
|
||
|
t.ok(sodium.crypto_pwhash_BYTES_MIN != null, 'crypto_pwhash_BYTES_MIN is defined')
|
||
|
t.ok(sodium.crypto_pwhash_BYTES_MAX != null, 'crypto_pwhash_BYTES_MAX is defined')
|
||
|
t.ok(sodium.crypto_pwhash_PASSWD_MIN != null, 'crypto_pwhash_PASSWD_MIN is defined')
|
||
|
t.ok(sodium.crypto_pwhash_PASSWD_MAX != null, 'crypto_pwhash_PASSWD_MAX is defined')
|
||
|
t.ok(sodium.crypto_pwhash_SALTBYTES != null, 'crypto_pwhash_SALTBYTES is defined')
|
||
|
t.ok(sodium.crypto_pwhash_STRBYTES != null, 'crypto_pwhash_STRBYTES is defined')
|
||
|
|
||
|
t.ok(sodium.crypto_pwhash_OPSLIMIT_MIN != null, 'crypto_pwhash_OPSLIMIT_MIN is defined')
|
||
|
t.ok(sodium.crypto_pwhash_OPSLIMIT_MAX != null, 'crypto_pwhash_OPSLIMIT_MAX is defined')
|
||
|
t.ok(sodium.crypto_pwhash_MEMLIMIT_MIN != null, 'crypto_pwhash_MEMLIMIT_MIN is defined')
|
||
|
t.ok(sodium.crypto_pwhash_MEMLIMIT_MAX != null, 'crypto_pwhash_MEMLIMIT_MAX is defined')
|
||
|
t.ok(sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE != null, 'crypto_pwhash_OPSLIMIT_INTERACTIVE is defined')
|
||
|
t.ok(sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE != null, 'crypto_pwhash_MEMLIMIT_INTERACTIVE is defined')
|
||
|
t.ok(sodium.crypto_pwhash_OPSLIMIT_MODERATE != null, 'crypto_pwhash_OPSLIMIT_MODERATE is defined')
|
||
|
t.ok(sodium.crypto_pwhash_MEMLIMIT_MODERATE != null, 'crypto_pwhash_MEMLIMIT_MODERATE is defined')
|
||
|
t.ok(sodium.crypto_pwhash_OPSLIMIT_SENSITIVE != null, 'crypto_pwhash_OPSLIMIT_SENSITIVE is defined')
|
||
|
t.ok(sodium.crypto_pwhash_MEMLIMIT_SENSITIVE != null, 'crypto_pwhash_MEMLIMIT_SENSITIVE is defined')
|
||
|
})
|
||
|
|
||
|
test('crypto_pwhash', function (t) {
|
||
|
const output = Buffer.alloc(32) // can be any size
|
||
|
const passwd = Buffer.from('Hej, Verden!')
|
||
|
const salt = Buffer.alloc(sodium.crypto_pwhash_SALTBYTES, 'lo')
|
||
|
const opslimit = sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE
|
||
|
const memlimit = sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE
|
||
|
const algo = sodium.crypto_pwhash_ALG_DEFAULT
|
||
|
|
||
|
sodium.crypto_pwhash(output, passwd, salt, opslimit, memlimit, algo)
|
||
|
|
||
|
t.alike(output.toString('hex'), 'f0236e17ec70050fc989f19d8ce640301e8f912154b4f0afc1552cdf246e659f', 'hashes password')
|
||
|
|
||
|
salt[0] = 0
|
||
|
sodium.crypto_pwhash(output, passwd, salt, opslimit, memlimit, algo)
|
||
|
|
||
|
t.alike(output.toString('hex'), 'df73f15d217196311d4b1aa6fba339905ffe581dee4bd3a95ec2bb7c52991d65', 'diff salt -> diff hash')
|
||
|
})
|
||
|
|
||
|
test('crypto_pwhash_str', function (t) {
|
||
|
const output = Buffer.alloc(sodium.crypto_pwhash_STRBYTES)
|
||
|
const passwd = Buffer.from('Hej, Verden!')
|
||
|
const opslimit = sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE
|
||
|
const memlimit = sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE
|
||
|
|
||
|
t.exception.all(function () {
|
||
|
sodium.crypto_pwhash_str(output, passwd)
|
||
|
}, 'should throw on missing args')
|
||
|
|
||
|
sodium.crypto_pwhash_str(output, passwd, opslimit, memlimit)
|
||
|
|
||
|
t.not(output, Buffer.alloc(output.length), 'not blank')
|
||
|
t.absent(sodium.crypto_pwhash_str_verify(Buffer.alloc(output.length), passwd), 'does not verify')
|
||
|
t.ok(sodium.crypto_pwhash_str_verify(output, passwd), 'verifies')
|
||
|
})
|
||
|
|
||
|
test('crypto_pwhash_str_needs_rehash', function (t) {
|
||
|
const passwd = Buffer.from('secret')
|
||
|
const weakMem = Buffer.alloc(sodium.crypto_pwhash_STRBYTES)
|
||
|
const weakOps = Buffer.alloc(sodium.crypto_pwhash_STRBYTES)
|
||
|
const malformed = Buffer.alloc(sodium.crypto_pwhash_STRBYTES)
|
||
|
const good = Buffer.alloc(sodium.crypto_pwhash_STRBYTES)
|
||
|
const weakAlg = Buffer.alloc(sodium.crypto_pwhash_STRBYTES)
|
||
|
weakAlg.set(Buffer.from('$argon2id$v=19$m=8,t=1,p=1$DF4Tce8BK5di0gKeMBb2Fw$uNE4oyvyA0z68RPUom2NXu/KyGvpFppyUoN6pwFBtRU'))
|
||
|
|
||
|
sodium.crypto_pwhash_str(weakMem, passwd, sodium.crypto_pwhash_OPSLIMIT_MODERATE, sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE)
|
||
|
sodium.crypto_pwhash_str(weakOps, passwd, sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE, sodium.crypto_pwhash_MEMLIMIT_MODERATE)
|
||
|
sodium.crypto_pwhash_str(malformed, passwd, sodium.crypto_pwhash_OPSLIMIT_MODERATE, sodium.crypto_pwhash_MEMLIMIT_MODERATE)
|
||
|
sodium.crypto_pwhash_str(good, passwd, sodium.crypto_pwhash_OPSLIMIT_MODERATE, sodium.crypto_pwhash_MEMLIMIT_MODERATE)
|
||
|
|
||
|
const first$ = malformed.indexOf('$')
|
||
|
const second$ = malformed.indexOf('$', first$ + 1)
|
||
|
malformed.fill('p=,m=,', first$, second$, 'ascii')
|
||
|
|
||
|
t.ok(sodium.crypto_pwhash_str_needs_rehash(weakMem, sodium.crypto_pwhash_OPSLIMIT_MODERATE, sodium.crypto_pwhash_MEMLIMIT_MODERATE))
|
||
|
t.ok(sodium.crypto_pwhash_str_needs_rehash(weakOps, sodium.crypto_pwhash_OPSLIMIT_MODERATE, sodium.crypto_pwhash_MEMLIMIT_MODERATE))
|
||
|
t.ok(sodium.crypto_pwhash_str_needs_rehash(weakAlg, sodium.crypto_pwhash_OPSLIMIT_MODERATE, sodium.crypto_pwhash_MEMLIMIT_MODERATE))
|
||
|
t.absent(sodium.crypto_pwhash_str_needs_rehash(good, sodium.crypto_pwhash_OPSLIMIT_MODERATE, sodium.crypto_pwhash_MEMLIMIT_MODERATE))
|
||
|
t.ok(sodium.crypto_pwhash_str_needs_rehash(
|
||
|
, sodium.crypto_pwhash_OPSLIMIT_MODERATE, sodium.crypto_pwhash_MEMLIMIT_MODERATE))
|
||
|
})
|
||
|
|
||
|
test('crypto_pwhash_async', function (t) {
|
||
|
t.plan(4)
|
||
|
|
||
|
const output = Buffer.alloc(32) // can be any size
|
||
|
const passwd = Buffer.from('Hej, Verden!')
|
||
|
const salt = Buffer.alloc(sodium.crypto_pwhash_SALTBYTES, 'lo')
|
||
|
const opslimit = sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE
|
||
|
const memlimit = sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE
|
||
|
const algo = sodium.crypto_pwhash_ALG_DEFAULT
|
||
|
|
||
|
sodium.crypto_pwhash_async(output, passwd, salt, opslimit, memlimit, algo, function (err) {
|
||
|
t.absent(err)
|
||
|
t.alike(output.toString('hex'), 'f0236e17ec70050fc989f19d8ce640301e8f912154b4f0afc1552cdf246e659f', 'hashes password')
|
||
|
|
||
|
salt[0] = 0
|
||
|
|
||
|
sodium.crypto_pwhash_async(output, passwd, salt, opslimit, memlimit, algo, function (err) {
|
||
|
t.absent(err)
|
||
|
t.alike(output.toString('hex'), 'df73f15d217196311d4b1aa6fba339905ffe581dee4bd3a95ec2bb7c52991d65', 'diff salt -> diff hash')
|
||
|
})
|
||
|
})
|
||
|
})
|
||
|
|
||
|
test('crypto_pwhash_str_async', function (t) {
|
||
|
t.plan(7)
|
||
|
|
||
|
const output = Buffer.alloc(sodium.crypto_pwhash_STRBYTES)
|
||
|
const passwd = Buffer.from('Hej, Verden!')
|
||
|
const opslimit = sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE
|
||
|
const memlimit = sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE
|
||
|
|
||
|
t.exception.all(function () {
|
||
|
sodium.crypto_pwhash_str_async(output, passwd)
|
||
|
}, 'should throw on missing args')
|
||
|
|
||
|
sodium.crypto_pwhash_str_async(output, passwd, opslimit, memlimit, function (err) {
|
||
|
t.absent(err)
|
||
|
t.not(output, Buffer.alloc(output.length), 'not blank')
|
||
|
|
||
|
sodium.crypto_pwhash_str_verify_async(Buffer.alloc(output.length), passwd, function (err, bool) {
|
||
|
t.absent(err)
|
||
|
t.ok(bool === false, 'does not verify')
|
||
|
|
||
|
sodium.crypto_pwhash_str_verify_async(output, passwd, function (err, bool) {
|
||
|
t.absent(err)
|
||
|
t.ok(bool === true, 'verifies')
|
||
|
})
|
||
|
})
|
||
|
})
|
||
|
})
|
||
|
|
||
|
test('crypto_pwhash limits', function (t) {
|
||
|
const output = Buffer.alloc(sodium.crypto_pwhash_STRBYTES)
|
||
|
const passwd = Buffer.from('Hej, Verden!')
|
||
|
const opslimit = Number.MAX_SAFE_INTEGER
|
||
|
const memlimit = Number.MAX_SAFE_INTEGER
|
||
|
|
||
|
t.exception.all(function () {
|
||
|
sodium.crypto_pwhash_str(output, passwd, opslimit, memlimit)
|
||
|
}, 'should throw on large limits')
|
||
|
t.exception.all(function () {
|
||
|
sodium.crypto_pwhash_str(output, passwd, -1, -1)
|
||
|
}, 'should throw on negative limits')
|
||
|
})
|
||
|
|
||
|
test('crypto_pwhash_async uncaughtException', function (t) {
|
||
|
t.plan(1)
|
||
|
|
||
|
const output = Buffer.alloc(32) // can be any size
|
||
|
const passwd = Buffer.from('Hej, Verden!')
|
||
|
const salt = Buffer.alloc(sodium.crypto_pwhash_SALTBYTES, 'lo')
|
||
|
const opslimit = sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE
|
||
|
const memlimit = sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE
|
||
|
const algo = sodium.crypto_pwhash_ALG_DEFAULT
|
||
|
|
||
|
process.once('uncaughtException', listener)
|
||
|
|
||
|
sodium.crypto_pwhash_async(output, passwd, salt, opslimit, memlimit, algo, exception)
|
||
|
|
||
|
function exception () {
|
||
|
throw new Error('caught')
|
||
|
}
|
||
|
|
||
|
function listener (err) {
|
||
|
if (err.message !== 'caught') {
|
||
|
t.fail()
|
||
|
} else {
|
||
|
t.pass()
|
||
|
}
|
||
|
}
|
||
|
})
|
||
|
|
||
|
test('crypto_pwhash_str_async uncaughtException', function (t) {
|
||
|
t.plan(1)
|
||
|
|
||
|
const output = Buffer.alloc(sodium.crypto_pwhash_STRBYTES) // can be any size
|
||
|
const passwd = Buffer.from('Hej, Verden!')
|
||
|
const opslimit = sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE
|
||
|
const memlimit = sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE
|
||
|
|
||
|
process.once('uncaughtException', listener)
|
||
|
|
||
|
sodium.crypto_pwhash_str_async(output, passwd, opslimit, memlimit, exception)
|
||
|
|
||
|
function exception () {
|
||
|
throw new Error('caught')
|
||
|
}
|
||
|
|
||
|
function listener (err) {
|
||
|
if (err.message === 'caught') {
|
||
|
t.pass()
|
||
|
} else {
|
||
|
t.fail()
|
||
|
}
|
||
|
}
|
||
|
})
|
||
|
|
||
|
test('crypto_pwhash_str_verify_async uncaughtException', function (t) {
|
||
|
t.plan(1)
|
||
|
|
||
|
const output = Buffer.alloc(sodium.crypto_pwhash_STRBYTES) // can be any size
|
||
|
const passwd = Buffer.from('Hej, Verden!')
|
||
|
|
||
|
process.once('uncaughtException', listener)
|
||
|
|
||
|
sodium.crypto_pwhash_str_verify_async(output, passwd, exception)
|
||
|
|
||
|
function exception () {
|
||
|
throw new Error('caught')
|
||
|
}
|
||
|
|
||
|
function listener (err) {
|
||
|
if (err.message === 'caught') {
|
||
|
t.pass()
|
||
|
} else {
|
||
|
t.fail()
|
||
|
}
|
||
|
}
|
||
|
})
|