module Main where import Data.ByteString (isPrefixOf) import Botan.Low.Hash import Botan.Low.MAC import Botan.Low.PwdHash import Test.Prelude -- NOTE: Needs more exhaustive tests, and to validate parameter order for -- Scrypt and the Argons. We've got tests that pass, but that doesn't -- mean that they're being used properly. Need to investigate C++ source. -- NOTE: Values generated by "pwdhashTimed pbkdf 200 64 passphrase salt" pbkdfs :: [(PBKDFName, Int, Int, Int)] pbkdfs = [ ("PBKDF2(HMAC(SHA-512))",138000,0,0) -- NOTE: These results indicate that the parameter result order is inconsistent -- for pwdhashTimed compared to pwdhash -- Eg, Scrypt should be n, r, p but n=8192 is clearly last -- Same for the argons -- This causes both tests to fail (original generated values) -- , ("Scrypt",1,81,8192) -- , ("Argon2d",1,1,262144) -- , ("Argon2i",1,1,262144) -- , ("Argon2id",1,1,262144) -- Note that this still causes four pwdhashTimed tests to still fail because -- the pwdhashTimed function itself needs to be fixed for these algorithms -- Fixed values, assuming only x/z are flipped a la (x,y,z) -> (z,y,x) -- But , ("Scrypt",8192,81,1) , ("Argon2d",262144,1,1) , ("Argon2i",262144,1,1) , ("Argon2id",262144,1,1) , ("Bcrypt-PBKDF",26,0,0) , ("OpenPGP-S2K(SHA-512)",65011712,0,0) ] passphrase :: ByteString passphrase = "Fee fi fo fum!" salt :: ByteString salt = "salt" main :: IO () main = hspec $ testSuite pbkdfs (\(n,_,_,_) -> chars n) $ \ (pbkdf, i, j, k) -> do it "pwdhash" $ do _ <- pwdhash pbkdf i j k 64 passphrase salt pass it "pwdhashTimed" $ do timed@(i',j',k',pwd) <- pwdhashTimed pbkdf 200 64 passphrase salt -- NOTE: Fails parity for Scrypt and the Argons due to parameter order -- pwd' <- pwdhash pbkdf i' j' k' 64 passphrase salt --NOTE: Scrypt still fails parity and flipping j and k doesn't matter. pwd' <- case pbkdf of "Scrypt" -> pwdhash pbkdf j' k' i' 64 passphrase salt _ | "Argon" `isPrefixOf` pbkdf -> pwdhash pbkdf k' j' i' 64 passphrase salt _ -> pwdhash pbkdf i' j' k' 64 passphrase salt pwd `shouldBe` pwd' pass