GehirnInc
Bug in Verify code when rounds is specified
When using https://pkg.go.dev/bytes#SplitN as part of the Decode step for Verify call, the $<id>[$<param>=<value>(,<param>=<value>)*][$<salt>[$<hash>]] formatted string is not properly split, leading into incorrect results for Verify
See: https://play.golang.org/p/Pk8URcLJxmx
For a hash string like this, the results in a tokens array that has incorrectly combined the hash with the salt. $6$rounds=10000$mysalt$9XTP7570fxVN/uTspSrH6kRPdR4KKGzGz7.TmJjDYGrKSwZuavW/3YaLur8JX6WP75Czcxa.megIO0lKreY0R.
Thus, call at https://github.com/GehirnInc/crypt/blob/master/common/salt.go#L125 incorrectly parses the salt, leading to error in the Verification.
It works for me, see here.
func TestVerifyWithRounds(t *testing.T) {
data := []struct {
key []byte
hash string
}{
{
[]byte("Hello world!"),
"$6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh" +
"0sbHbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v.",
},
{
[]byte("Hello world!"),
"$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjn" +
"QJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1",
},
}
for i, d := range data {
if err := sha512Crypt.Verify(d.hash, d.key); err != nil {
t.Errorf("Test %d failed: %s", i, d)
}
}
}
Please provide a valid hashed string (and its plaintext equivalent) that doesn't work for you
