From ea7fee03f78dfeac44b3a80f6fd61bf314b5a369 Mon Sep 17 00:00:00 2001
From: Matthew Draper <matthew@trebex.net>
Date: Fri, 1 Jul 2016 01:01:45 +0930
Subject: Partially revert #25192

KeyGenerator is used in other contexts, and we cannot change its
output... even if it does accidentally default to generating excess key
material for our primary internal usage.
---
 activesupport/test/key_generator_test.rb | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'activesupport/test')

diff --git a/activesupport/test/key_generator_test.rb b/activesupport/test/key_generator_test.rb
index 6cf72f1fec..b60077460e 100644
--- a/activesupport/test/key_generator_test.rb
+++ b/activesupport/test/key_generator_test.rb
@@ -19,7 +19,7 @@ class KeyGeneratorTest < ActiveSupport::TestCase
   test "Generating a key of the default length" do
     derived_key = @generator.generate_key("some_salt")
     assert_kind_of String, derived_key
-    assert_equal OpenSSL::Cipher.new('aes-256-cbc').key_len, derived_key.length, "Should have generated a key of the default size"
+    assert_equal 64, derived_key.length, "Should have generated a key of the default size"
   end
 
   test "Generating a key of an alternative length" do
@@ -27,6 +27,21 @@ class KeyGeneratorTest < ActiveSupport::TestCase
     assert_kind_of String, derived_key
     assert_equal 32, derived_key.length, "Should have generated a key of the right size"
   end
+
+  test "Expected results" do
+    # For any given set of inputs, this method must continue to return
+    # the same output: if it changes, any existing values relying on a
+    # key would break.
+
+    expected = "b129376f68f1ecae788d7433310249d65ceec090ecacd4c872a3a9e9ec78e055739be5cc6956345d5ae38e7e1daa66f1de587dc8da2bf9e8b965af4b3918a122"
+    assert_equal expected, ActiveSupport::KeyGenerator.new("0" * 64).generate_key("some_salt").unpack('H*').first
+
+    expected = "b129376f68f1ecae788d7433310249d65ceec090ecacd4c872a3a9e9ec78e055"
+    assert_equal expected, ActiveSupport::KeyGenerator.new("0" * 64).generate_key("some_salt", 32).unpack('H*').first
+
+    expected = "cbea7f7f47df705967dc508f4e446fd99e7797b1d70011c6899cd39bbe62907b8508337d678505a7dc8184e037f1003ba3d19fc5d829454668e91d2518692eae"
+    assert_equal expected, ActiveSupport::KeyGenerator.new("0" * 64, iterations: 2).generate_key("some_salt").unpack('H*').first
+  end
 end
 
 class CachingKeyGeneratorTest < ActiveSupport::TestCase
-- 
cgit v1.2.3