test_api_auth.rb

#!/usr/bin/env ruby

# api-auth (1.2.6)
# require 'api_auth'

# leishman/api_auth 2fe4df2319
#require_relative "api_auth/lib/api_auth.rb"
require 'api_auth'

require 'net/http'
require 'benchmark'

uri = URI.parse("http://github.com/")

http = Net::HTTP.new(uri.host, uri.port)
request = Net::HTTP::Get.new(uri.request_uri)

secret_1 = "MVkg7f9VvH4eo1dD74jZX7egmTsLFoWbHeRxBWLpiiSr0UhuuCraEIAM/9k4wk9mcuijPvwTsWlfvBRqHoS78Q=="
secret_2 = "ZNExKT/H/cHsLLQknAIrXslgFddBhp9T4cPpUCa4061/6Cbyv5mvXBE2ix0Qx3FO600R0oXx532FuhTpEh0jIg=="

signed_request_secret_1 = ApiAuth.sign!(request, 1, secret_1)

#puts "Gem api-auth (1.2.6)"
#puts "Candidate: leishman/api_auth (2fe4df2319)"
puts "Candidate: mgomes/api_auth (master)"
puts ''

n = 50000
puts "ApiAuth#signatures_match? (#{n} iterations) timing attack against:"
puts "Secret 1: #{secret_1}"
puts "          Signatures match? #{ApiAuth.send(:signatures_match?, signed_request_secret_1, secret_1)}"
puts "Secret 2: #{secret_2}"
puts "          Signatures match? #{ApiAuth.send(:signatures_match?, signed_request_secret_1, secret_2)}"

puts ''

Benchmark.bmbm(7) do |x|
  x.report("Match:") { n.times { ApiAuth.send(:signatures_match?, signed_request_secret_1, secret_1) } }
  x.report("Differ:") { n.times { ApiAuth.send(:signatures_match?, signed_request_secret_1, secret_2) } }
end