Software / code / prosody
Annotate
spec/util_crypto_spec.lua @ 13537:fb970df95374
util.crypto: Add more ECC methods
pkey_meth_derive: to derive a shared symmetric key from two ECC keys
pkey_meth_public_raw: to get the raw form of the public key
import_public_ec_raw: to import the raw form of the public key
generate_p256_keypair: key generation for the P-256 curve
| author | Stephen Paul Weber <singpolyma@singpolyma.net> |
|---|---|
| date | Tue, 29 Oct 2024 09:15:50 -0500 |
| parent | 12837:d3ae47d8a7a7 |
| rev | line source |
|---|---|
|
12700
899c057781cd
spec: Move test crypto keys to a shared file for clarity and easy maintenance
Matthew Wild <mwild1@gmail.com>
parents:
12693
diff
changeset
|
1 local test_keys = require "spec.inputs.test_keys"; |
|
12693
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 describe("util.crypto", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 local crypto = require "util.crypto"; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 local random = require "util.random"; |
|
13537
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
6 local encodings = require "util.encodings"; |
|
12693
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 describe("generate_ed25519_keypair", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 local keypair = crypto.generate_ed25519_keypair(); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 assert.is_not_nil(keypair); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 assert.equal("ED25519", keypair:get_type()); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 end) |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 |
|
13537
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
14 describe("generate_p256_keypair", function () |
|
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
15 local keypair = crypto.generate_p256_keypair(); |
|
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
16 assert.is_not_nil(keypair); |
|
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
17 assert.equal("id-ecPublicKey", keypair:get_type()); |
|
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
18 end) |
|
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
19 |
|
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
20 describe("export/import raw", function () |
|
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
21 local keypair = crypto.generate_p256_keypair(); |
|
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
22 assert.is_not_nil(keypair); |
|
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
23 local raw = keypair:public_raw() |
|
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
24 local imported = crypto.import_public_ec_raw(raw, "P-256") |
|
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
25 assert.equal(keypair:public_pem(), imported:public_pem()); |
|
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
26 end) |
|
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
27 |
|
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
28 describe("derive", function () |
|
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
29 local key = crypto.import_private_pem(test_keys.ecdsa_private_pem); |
|
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
30 local peer_key = crypto.import_public_pem(test_keys.ecdsa_public_pem); |
|
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
31 assert.equal("n1v4KeKmOVwjC67fiKtjJnqcEaasbpZa2fLPNHW51co=", encodings.base64.encode(key:derive(peer_key))) |
|
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
32 end) |
|
fb970df95374
util.crypto: Add more ECC methods
Stephen Paul Weber <singpolyma@singpolyma.net>
parents:
12837
diff
changeset
|
33 |
|
12693
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 describe("import_private_pem", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 it("can import ECDSA keys", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 local ecdsa_key = crypto.import_private_pem(test_keys.ecdsa_private_pem); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 assert.equal("id-ecPublicKey", ecdsa_key:get_type()); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 it("can import EdDSA (Ed25519) keys", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 local ed25519_key = crypto.import_private_pem(crypto.generate_ed25519_keypair():private_pem()); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 assert.equal("ED25519", ed25519_key:get_type()); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 it("can import RSA keys", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 -- TODO |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 it("rejects invalid keys", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 assert.is_nil(crypto.import_private_pem(test_keys.eddsa_public_pem)); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 assert.is_nil(crypto.import_private_pem(test_keys.ecdsa_public_pem)); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 assert.is_nil(crypto.import_private_pem("foo")); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 assert.is_nil(crypto.import_private_pem("")); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
57 describe("import_public_pem", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
58 it("can import ECDSA public keys", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 local ecdsa_key = crypto.import_public_pem(test_keys.ecdsa_public_pem); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 assert.equal("id-ecPublicKey", ecdsa_key:get_type()); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 it("can import EdDSA (Ed25519) public keys", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 local ed25519_key = crypto.import_public_pem(test_keys.eddsa_public_pem); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 assert.equal("ED25519", ed25519_key:get_type()); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
68 it("can import RSA public keys", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 -- TODO |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 describe("PEM export", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 it("works", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 local ecdsa_key = crypto.import_public_pem(test_keys.ecdsa_public_pem); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 assert.equal("id-ecPublicKey", ecdsa_key:get_type()); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 assert.equal(test_keys.ecdsa_public_pem, ecdsa_key:public_pem()); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 assert.has_error(function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 -- Fails because private key is not available |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 ecdsa_key:private_pem(); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
82 end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
83 |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 local ecdsa_private_key = crypto.import_private_pem(test_keys.ecdsa_private_pem); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
85 assert.equal(test_keys.ecdsa_private_pem, ecdsa_private_key:private_pem()); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
86 end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
87 end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
88 |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
89 describe("sign/verify with", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
90 local test_cases = { |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 ed25519 = { |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 crypto.ed25519_sign, crypto.ed25519_verify; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
93 key = crypto.import_private_pem(test_keys.eddsa_private_pem); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
94 sig_length = 64; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
95 }; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
96 ecdsa = { |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
97 crypto.ecdsa_sha256_sign, crypto.ecdsa_sha256_verify; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
98 key = crypto.import_private_pem(test_keys.ecdsa_private_pem); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
99 }; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
100 }; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
101 for test_name, test in pairs(test_cases) do |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
102 local key = test.key; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
103 describe(test_name, function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
104 it("works", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
105 local sign, verify = test[1], test[2]; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 local sig = assert(sign(key, "Hello world")); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
107 assert.is_string(sig); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
108 if test.sig_length then |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
109 assert.equal(test.sig_length, #sig); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
110 end |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
111 |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
112 do |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
113 local ok = verify(key, "Hello world", sig); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
114 assert.is_truthy(ok); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
115 end |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
116 do -- Incorrect signature |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
117 local ok = verify(key, "Hello world", sig:sub(1, -2)..string.char((sig:byte(-1)+1)%255)); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
118 assert.is_falsy(ok); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
119 end |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
120 do -- Incorrect message |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
121 local ok = verify(key, "Hello earth", sig); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
122 assert.is_falsy(ok); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
123 end |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
124 do -- Incorrect message (embedded NUL) |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
125 local ok = verify(key, "Hello world\0foo", sig); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
126 assert.is_falsy(ok); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
127 end |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
128 end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
129 end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
130 end |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
131 end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
132 |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
133 describe("ECDSA signatures", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
134 local hex = require "util.hex"; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
135 local sig = hex.decode((([[ |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
136 304402203e936e7b0bc62887e0e9d675afd08531a930384cfcf301 |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
137 f25d13053a2ebf141d02205a5a7c7b7ac5878d004cb79b17b39346 |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
138 6b0cd1043718ffc31c153b971d213a8e |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
139 ]]):gsub("%s+", ""))); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
140 it("can be parsed", function () |
| 12737 | 141 local r, s = crypto.parse_ecdsa_signature(sig, 32); |
|
12693
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
142 assert.is_string(r); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
143 assert.is_string(s); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
144 assert.equal(32, #r); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
145 assert.equal(32, #s); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
146 end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
147 it("fails to parse invalid signatures", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
148 local invalid_sigs = { |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
149 ""; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
150 "\000"; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
151 string.rep("\000", 64); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
152 string.rep("\000", 72); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
153 string.rep("\000", 256); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
154 string.rep("\255", 72); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
155 string.rep("\255", 3); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
156 }; |
|
12703
5bda8598a2af
util.crypto: tests: fix some tests that didn't do much (thanks luacheck!)
Matthew Wild <mwild1@gmail.com>
parents:
12700
diff
changeset
|
157 for _, invalid_sig in ipairs(invalid_sigs) do |
| 12737 | 158 local r, s = crypto.parse_ecdsa_signature(invalid_sig, 32); |
|
12693
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
159 assert.is_nil(r); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
160 assert.is_nil(s); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
161 end |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
162 end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
163 it("can be built", function () |
| 12737 | 164 local r, s = crypto.parse_ecdsa_signature(sig, 32); |
|
12693
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
165 local rebuilt_sig = crypto.build_ecdsa_signature(r, s); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
166 assert.equal(sig, rebuilt_sig); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
167 end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
168 end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
169 |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
170 describe("AES-GCM encryption", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
171 it("works", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
172 local message = "foo\0bar"; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
173 local key_128_bit = random.bytes(16); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
174 local key_256_bit = random.bytes(32); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
175 local test_cases = { |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
176 { crypto.aes_128_gcm_encrypt, crypto.aes_128_gcm_decrypt, key = key_128_bit }; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
177 { crypto.aes_256_gcm_encrypt, crypto.aes_256_gcm_decrypt, key = key_256_bit }; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
178 }; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
179 for _, params in pairs(test_cases) do |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
180 local iv = params.iv or random.bytes(12); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
181 local encrypted = params[1](params.key, iv, message); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
182 assert.not_equal(message, encrypted); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
183 local decrypted = params[2](params.key, iv, encrypted); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
184 assert.equal(message, decrypted); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
185 end |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
186 end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
187 end); |
|
12837
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12737
diff
changeset
|
188 |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12737
diff
changeset
|
189 describe("AES-CTR encryption", function () |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12737
diff
changeset
|
190 it("works", function () |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12737
diff
changeset
|
191 local message = "foo\0bar hello world"; |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12737
diff
changeset
|
192 local key_256_bit = random.bytes(32); |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12737
diff
changeset
|
193 local test_cases = { |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12737
diff
changeset
|
194 { crypto.aes_256_ctr_decrypt, crypto.aes_256_ctr_decrypt, key = key_256_bit }; |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12737
diff
changeset
|
195 }; |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12737
diff
changeset
|
196 for _, params in pairs(test_cases) do |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12737
diff
changeset
|
197 local iv = params.iv or random.bytes(16); |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12737
diff
changeset
|
198 local encrypted = params[1](params.key, iv, message); |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12737
diff
changeset
|
199 assert.not_equal(message, encrypted); |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12737
diff
changeset
|
200 local decrypted = params[2](params.key, iv, encrypted); |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12737
diff
changeset
|
201 assert.equal(message, decrypted); |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12737
diff
changeset
|
202 end |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12737
diff
changeset
|
203 end); |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12737
diff
changeset
|
204 end); |
|
12693
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
205 end); |
