fluencelabs/tendermint
1
0
Fork 0
mirror of https://github.com/fluencelabs/tendermint synced 2025-06-29 12:41:44 +00:00
Code Issues Projects Releases Wiki Activity

Upgrade keys to use bcrypt with salts (#38)

Browse Source 
This commit adds salts to the library using bcrypt.
This commit is contained in:
Adrian Brink
2017-10-12 14:26:59 +02:00
committed by GitHub
parent 0418d32276
commit 8e7f0e7701
12 changed files with 197 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
keys/cryptostore/encoder_test.go
View File

@ -18,22 +18,22 @@ func TestNoopEncoder(t *testing.T) {
key := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
key2 := cryptostore.GenSecp256k1.Generate(cmn.RandBytes(16))
b, err := noop.Encrypt(key, "encode")
_, b, err := noop.Encrypt(key, "encode")
require.Nil(err)
assert.NotEmpty(b)
b2, err := noop.Encrypt(key2, "encode")
_, b2, err := noop.Encrypt(key2, "encode")
require.Nil(err)
assert.NotEmpty(b2)
assert.NotEqual(b, b2)
// note the decode with a different password works - not secure!
pk, err := noop.Decrypt(b, "decode")
pk, err := noop.Decrypt(nil, b, "decode")
require.Nil(err)
require.NotNil(pk)
assert.Equal(key, pk)
pk2, err := noop.Decrypt(b2, "kggugougp")
pk2, err := noop.Decrypt(nil, b2, "kggugougp")
require.Nil(err)
require.NotNil(pk2)
assert.Equal(key2, pk2)
@ -46,17 +46,17 @@ func TestSecretBox(t *testing.T) {
key := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
pass := "some-special-secret"
b, err := enc.Encrypt(key, pass)
s, b, err := enc.Encrypt(key, pass)
require.Nil(err)
assert.NotEmpty(b)
// decoding with a different pass is an error
pk, err := enc.Decrypt(b, "decode")
pk, err := enc.Decrypt(s, b, "decode")
require.NotNil(err)
require.True(pk.Empty())
// but decoding with the same passphrase gets us our key
pk, err = enc.Decrypt(b, pass)
pk, err = enc.Decrypt(s, b, pass)
require.Nil(err)
assert.Equal(key, pk)
}
@ -80,11 +80,11 @@ func TestSecretBoxNoPass(t *testing.T) {
}
for i, tc := range cases {
b, err := enc.Encrypt(key, tc.encode)
s, b, err := enc.Encrypt(key, tc.encode)
require.Nil(err, "%d: %+v", i, err)
assert.NotEmpty(b, "%d", i)
pk, err := enc.Decrypt(b, tc.decode)
pk, err := enc.Decrypt(s, b, tc.decode)
if tc.valid {
require.Nil(err, "%d: %+v", i, err)
assert.Equal(key, pk, "%d", i)
@ -95,7 +95,7 @@ func TestSecretBoxNoPass(t *testing.T) {
// now let's make sure raw bytes also work...
b := key.Bytes()
pk, err := enc.Decrypt(b, "")
pk, err := enc.Decrypt(nil, b, "")
require.Nil(err, "%+v", err)
assert.Equal(key, pk)
}