Software / code / prosody
Annotate
spec/util_hmac_spec.lua @ 10224:94e341dee51c
core.certmanager: Move EECDH ciphers before EDH in default cipherstring
The original intent of having kEDH before kEECDH was that if a `dhparam`
file was specified, this would be interpreted as a preference by the
admin for old and well-tested Diffie-Hellman key agreement over newer
elliptic curve ones. Otherwise the faster elliptic curve ciphersuites
would be preferred. This didn't really work as intended since this
affects the ClientHello on outgoing s2s connections, leading to some
servers using poorly configured kEDH.
With Debian shipping OpenSSL settings that enforce a higher security
level, this caused interoperability problems with servers that use DH
params smaller than 2048 bits. E.g. jabber.org at the time of this
writing has 1024 bit DH params.
MattJ says
> Curves have won, and OpenSSL is less weird about them now
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 25 Aug 2019 20:22:35 +0200 |
| parent | 9961:d7c99694fc94 |
| child | 12355:a0ff5c438e9d |
| rev | line source |
|---|---|
|
9960
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 -- Test cases from RFC 4231 |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
|
9961
d7c99694fc94
util.hmac: Ignore long hex lines in tests
Kim Alvefur <zash@zash.se>
parents:
9960
diff
changeset
|
3 -- Yes, the lines are long, it's annoying to split the long hex things. |
|
d7c99694fc94
util.hmac: Ignore long hex lines in tests
Kim Alvefur <zash@zash.se>
parents:
9960
diff
changeset
|
4 -- luacheck: ignore 631 |
|
d7c99694fc94
util.hmac: Ignore long hex lines in tests
Kim Alvefur <zash@zash.se>
parents:
9960
diff
changeset
|
5 |
|
9960
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 local hmac = require "util.hmac"; |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 local hex = require "util.hex"; |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 describe("Test case 1", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 local Key = hex.from("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 local Data = hex.from("4869205468657265"); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 describe("HMAC-SHA-256", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 it("works", function() |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 assert.equal("b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7", hmac.sha256(Key, Data, true)) |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 describe("HMAC-SHA-512", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 it("works", function() |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 assert.equal("87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854", hmac.sha512(Key, Data, true)) |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 describe("Test case 2", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 local Key = hex.from("4a656665"); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 local Data = hex.from("7768617420646f2079612077616e7420666f72206e6f7468696e673f"); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 describe("HMAC-SHA-256", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 it("works", function() |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 assert.equal("5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843", hmac.sha256(Key, Data, true)) |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 describe("HMAC-SHA-512", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 it("works", function() |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 assert.equal("164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737", hmac.sha512(Key, Data, true)) |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 describe("Test case 3", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 local Key = hex.from("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 local Data = hex.from("dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd"); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 describe("HMAC-SHA-256", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
41 it("works", function() |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
42 assert.equal("773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe", hmac.sha256(Key, Data, true)) |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
43 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 describe("HMAC-SHA-512", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 it("works", function() |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 assert.equal("fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39bf3e848279a722c806b485a47e67c807b946a337bee8942674278859e13292fb", hmac.sha512(Key, Data, true)) |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 describe("Test case 4", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
52 local Key = hex.from("0102030405060708090a0b0c0d0e0f10111213141516171819"); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 local Data = hex.from("cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 describe("HMAC-SHA-256", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 it("works", function() |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 assert.equal("82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b", hmac.sha256(Key, Data, true)) |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 describe("HMAC-SHA-512", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 it("works", function() |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
61 assert.equal("b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3dba91ca5c11aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd", hmac.sha512(Key, Data, true)) |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
64 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
65 describe("Test case 5", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
66 local Key = hex.from("0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c"); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 local Data = hex.from("546573742057697468205472756e636174696f6e"); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
68 describe("HMAC-SHA-256", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 it("works", function() |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
70 assert.equal("a3b6167473100ee06e0c796c2955552b", hmac.sha256(Key, Data, true):sub(1,128/4)) |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
72 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
73 describe("HMAC-SHA-512", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
74 it("works", function() |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
75 assert.equal("415fad6271580a531d4179bc891d87a6", hmac.sha512(Key, Data, true):sub(1,128/4)) |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
76 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
77 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
78 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 describe("Test case 6", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 local Key = hex.from("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
81 local Data = hex.from("54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374"); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
82 describe("HMAC-SHA-256", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
83 it("works", function() |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
84 assert.equal("60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54", hmac.sha256(Key, Data, true)) |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
85 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
86 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
87 describe("HMAC-SHA-512", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
88 it("works", function() |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
89 assert.equal("80b24263c7c1a3ebb71493c1dd7be8b49b46d1f41b4aeec1121b013783f8f3526b56d037e05f2598bd0fd2215d6a1e5295e64f73f63f0aec8b915a985d786598", hmac.sha512(Key, Data, true)) |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
90 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
91 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
92 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
93 describe("Test case 7", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
94 local Key = hex.from("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
95 local Data = hex.from("5468697320697320612074657374207573696e672061206c6172676572207468616e20626c6f636b2d73697a65206b657920616e642061206c6172676572207468616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565647320746f20626520686173686564206265666f7265206265696e6720757365642062792074686520484d414320616c676f726974686d2e"); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
96 describe("HMAC-SHA-256", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
97 it("works", function() |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
98 assert.equal("9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2", hmac.sha256(Key, Data, true)) |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
99 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
100 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
101 describe("HMAC-SHA-512", function () |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
102 it("works", function() |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
103 assert.equal("e37b6a775dc87dbaa4dfa9f96e5e3ffddebd71f8867289865df5a32d20cdc944b6022cac3c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58", hmac.sha512(Key, Data, true)) |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
104 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
105 end); |
|
cedc1f646925
util.hmac: Generate test cases from RFC 4231
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
106 end); |
