spec/cipherstring_spec.rb at master

jcs.org / rubywarden

fork atom

An unofficial, mostly Bitwarden-compatible API server written in Ruby (Sinatra and ActiveRecord)

fork atom

rubywarden / spec / cipherstring_spec.rb

at master 72 lines 2.7 kB view raw

wrap content

jcs.org Implement HKDF key stretching for Bitwarden.{en,de}crypt 7y ago

d6f13b8b

 1require_relative "spec_helper.rb"
 2
 3describe "bitwarden encryption stuff" do
 4  it "should make a key from a password and salt" do
 5    b64 = "2K4YP5Om9r5NpA7FCS4vQX5t+IC4hKYdTJN/C20cz9c="
 6
 7    k = Bitwarden.makeKey("this is a password", "nobody@example.com",
 8      Bitwarden::KDF::PBKDF2, 5000)
 9    Base64.strict_encode64(k).encode("utf-8").must_equal b64
10
11    # make sure key and salt affect it
12    k = Bitwarden.makeKey("this is a password", "nobody2@example.com",
13      Bitwarden::KDF::PBKDF2, 5000)
14    Base64.strict_encode64(k).encode("utf-8").wont_equal b64
15
16    k = Bitwarden.makeKey("this is A password", "nobody@example.com",
17      Bitwarden::KDF::PBKDF2, 5000)
18    Base64.strict_encode64(k).encode("utf-8").wont_equal b64
19  end
20
21  it "should make a cipher string from a key" do
22    cs = Bitwarden.makeEncKey(Bitwarden.makeKey("this is a password",
23      "nobody@example.com", Bitwarden::KDF::PBKDF2, 5000),
24      Bitwarden::CipherString::TYPE_AESCBC256_B64)
25
26    cs.must_match(/^0\.[^|]+|[^|]+$/)
27
28    cs = Bitwarden.makeEncKey(Bitwarden.makeKey("this is a password",
29      "nobody@example.com", Bitwarden::KDF::PBKDF2, 5000),
30      Bitwarden::CipherString::TYPE_AESCBC256_HMACSHA256_B64)
31
32    cs.must_match(/^2\.[^|]+|[^|]+$/)
33  end
34
35  it "should hash a password" do
36    Bitwarden.hashPassword("secret password", "user@example.com",
37      Bitwarden::KDF::PBKDF2, 5000).must_equal "VRlYxg0x41v40mvDNHljqpHcqlIFwQSzegeq+POW1ww="
38  end
39
40  it "should parse a cipher string" do
41    cs = Bitwarden::CipherString.parse(
42      "0.u7ZhBVHP33j7cud6ImWFcw==|WGcrq5rTEMeyYkWywLmxxxSgHTLBOWThuWRD/6gVKj77+Vd09DiZ83oshVS9+gxyJbQmzXWilZnZRD/52tah1X0MWDRTdI5bTnTf8KfvRCQ="
43    )
44
45    cs.type.must_equal Bitwarden::CipherString::TYPE_AESCBC256_B64
46    cs.iv.must_equal "u7ZhBVHP33j7cud6ImWFcw=="
47    cs.ct.must_equal "WGcrq5rTEMeyYkWywLmxxxSgHTLBOWThuWRD/6gVKj77+Vd09DiZ83oshVS9+gxyJbQmzXWilZnZRD/52tah1X0MWDRTdI5bTnTf8KfvRCQ="
48    cs.mac.must_be_nil
49  end
50
51  it "should parse a type-2 cipher string" do
52    cs = Bitwarden::CipherString.parse("2.ftF0nH3fGtuqVckLZuHGjg==|u0VRhH24uUlVlTZd/uD1lA==|XhBhBGe7or/bXzJRFWLUkFYqauUgxksCrRzNmJyigfw=")
53    cs.type.must_equal 2
54  end
55
56  it "should encrypt and decrypt properly" do
57    mk = Bitwarden.makeKey("password", "user@example.com",
58      Bitwarden::KDF::PBKDF2, 5000)
59    ek = Bitwarden.makeEncKey(mk)
60    k = Bitwarden.decrypt(ek, mk)
61    j = Bitwarden.encrypt("hi there", k)
62
63    mk = Bitwarden.makeKey("password", "user@example.com",
64      Bitwarden::KDF::PBKDF2, 5000)
65    k = Bitwarden.decrypt(ek, mk)
66    Bitwarden.decrypt(j, k).must_equal "hi there"
67  end
68
69  it "should test mac equality" do
70    Bitwarden.macsEqual("asdfasdfasdf", "hi", "hi").must_equal true
71  end
72end