Skip to content

Commit a07710c

Browse files
bamthomasbamthomas
committed
adds a SSHA256 type and uses strict_encode64
Base64.encode64 adds \n every 60 encoded chars. This was originally an encoding mechanism for sending binary content in e-mail, where the line length is limited. For passwords we dont want this. cf https://stackoverflow.com/questions/2620975/strange-n-in-base64-encoded-string-in-ruby
1 parent 1bc1256 commit a07710c

File tree

2 files changed

+12
-3
lines changed

2 files changed

+12
-3
lines changed

lib/net/ldap/password.rb

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
# -*- ruby encoding: utf-8 -*-
22
require 'digest/sha1'
3+
require 'digest/sha2'
34
require 'digest/md5'
45
require 'base64'
56
require 'securerandom'
@@ -23,12 +24,15 @@ class << self
2324
def generate(type, str)
2425
case type
2526
when :md5
26-
attribute_value = '{MD5}' + Base64.encode64(Digest::MD5.digest(str)).chomp!
27+
attribute_value = '{MD5}' + Base64.strict_encode64(Digest::MD5.digest(str))
2728
when :sha
28-
attribute_value = '{SHA}' + Base64.encode64(Digest::SHA1.digest(str)).chomp!
29+
attribute_value = '{SHA}' + Base64.strict_encode64(Digest::SHA1.digest(str))
2930
when :ssha
3031
salt = SecureRandom.random_bytes(16)
31-
attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp!
32+
attribute_value = '{SSHA}' + Base64.strict_encode64(Digest::SHA1.digest(str + salt) + salt)
33+
when :ssha256
34+
salt = SecureRandom.random_bytes(16)
35+
attribute_value = '{SSHA256}' + Base64.strict_encode64(Digest::SHA256.digest(str + salt) + salt)
3236
else
3337
raise Net::LDAP::HashTypeUnsupportedError, "Unsupported password-hash type (#{type})"
3438
end

test/test_password.rb

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,4 +7,9 @@ def test_psw
77
assert_equal("{MD5}xq8jwrcfibi0sZdZYNkSng==", Net::LDAP::Password.generate( :md5, "cashflow" ))
88
assert_equal("{SHA}YE4eGkN4BvwNN1f5R7CZz0kFn14=", Net::LDAP::Password.generate( :sha, "cashflow" ))
99
end
10+
11+
def test_psw_with_ssha256_should_not_contain_linefeed
12+
flexmock(SecureRandom).should_receive(:random_bytes).and_return('\xE5\x8A\x99\xF8\xCB\x15GW\xE8\xEA\xAD\x0F\xBF\x95\xB0\xDC')
13+
assert_equal("{SSHA256}Cc7MXboTyUP5PnPAeJeCrgMy8+7Gus0sw7kBJuTrmf1ceEU1XHg4QVx4OTlceEY4XHhDQlx4MTVHV1x4RThceEVBXHhBRFx4MEZceEJGXHg5NVx4QjBceERD", Net::LDAP::Password.generate( :ssha256, "cashflow" ))
14+
end
1015
end

0 commit comments

Comments
 (0)