| author | Kim Alvefur <zash@zash.se> |
| Thu, 28 Mar 2024 15:26:57 +0100 | |
| changeset 13472 | 98806cac64c3 |
| parent 12841 | d3ae47d8a7a7 |
| permissions | -rw-r--r-- |
|
12704
899c057781cd
spec: Move test crypto keys to a shared file for clarity and easy maintenance
Matthew Wild <mwild1@gmail.com>
parents:
12697
diff
changeset
|
1 |
local test_keys = require "spec.inputs.test_keys"; |
|
12697
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
|
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 |
describe("util.crypto", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 |
local crypto = require "util.crypto"; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 |
local random = require "util.random"; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 |
|
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
describe("generate_ed25519_keypair", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 |
local keypair = crypto.generate_ed25519_keypair(); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 |
assert.is_not_nil(keypair); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 |
assert.equal("ED25519", keypair:get_type()); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
end) |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 |
|
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 |
describe("import_private_pem", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 |
it("can import ECDSA keys", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 |
local ecdsa_key = crypto.import_private_pem(test_keys.ecdsa_private_pem); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 |
assert.equal("id-ecPublicKey", ecdsa_key:get_type()); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 |
end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 |
|
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 |
it("can import EdDSA (Ed25519) keys", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 |
local ed25519_key = crypto.import_private_pem(crypto.generate_ed25519_keypair():private_pem()); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 |
assert.equal("ED25519", ed25519_key:get_type()); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 |
end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 |
|
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 |
it("can import RSA keys", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 |
-- TODO |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 |
end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 |
|
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 |
it("rejects invalid keys", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 |
assert.is_nil(crypto.import_private_pem(test_keys.eddsa_public_pem)); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 |
assert.is_nil(crypto.import_private_pem(test_keys.ecdsa_public_pem)); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 |
assert.is_nil(crypto.import_private_pem("foo")); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 |
assert.is_nil(crypto.import_private_pem("")); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 |
end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 |
end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 |
|
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 |
describe("import_public_pem", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 |
it("can import ECDSA public keys", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 |
local ecdsa_key = crypto.import_public_pem(test_keys.ecdsa_public_pem); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 |
assert.equal("id-ecPublicKey", ecdsa_key:get_type()); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 |
end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 |
|
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 |
it("can import EdDSA (Ed25519) public keys", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 |
local ed25519_key = crypto.import_public_pem(test_keys.eddsa_public_pem); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 |
assert.equal("ED25519", ed25519_key:get_type()); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 |
end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 |
|
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 |
it("can import RSA public keys", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 |
-- TODO |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 |
end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 |
end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 |
|
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 |
describe("PEM export", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 |
it("works", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 |
local ecdsa_key = crypto.import_public_pem(test_keys.ecdsa_public_pem); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 |
assert.equal("id-ecPublicKey", ecdsa_key:get_type()); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 |
assert.equal(test_keys.ecdsa_public_pem, ecdsa_key:public_pem()); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
57 |
|
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
58 |
assert.has_error(function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 |
-- Fails because private key is not available |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 |
ecdsa_key:private_pem(); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 |
end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 |
|
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 |
local ecdsa_private_key = crypto.import_private_pem(test_keys.ecdsa_private_pem); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 |
assert.equal(test_keys.ecdsa_private_pem, ecdsa_private_key:private_pem()); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 |
end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 |
end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 |
|
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
68 |
describe("sign/verify with", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 |
local test_cases = { |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 |
ed25519 = { |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 |
crypto.ed25519_sign, crypto.ed25519_verify; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 |
key = crypto.import_private_pem(test_keys.eddsa_private_pem); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 |
sig_length = 64; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 |
}; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 |
ecdsa = { |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 |
crypto.ecdsa_sha256_sign, crypto.ecdsa_sha256_verify; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 |
key = crypto.import_private_pem(test_keys.ecdsa_private_pem); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 |
}; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 |
}; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 |
for test_name, test in pairs(test_cases) do |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 |
local key = test.key; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
82 |
describe(test_name, function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
83 |
it("works", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 |
local sign, verify = test[1], test[2]; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
85 |
local sig = assert(sign(key, "Hello world")); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
86 |
assert.is_string(sig); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
87 |
if test.sig_length then |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
88 |
assert.equal(test.sig_length, #sig); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
89 |
end |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
90 |
|
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 |
do |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 |
local ok = verify(key, "Hello world", sig); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
93 |
assert.is_truthy(ok); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
94 |
end |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
95 |
do -- Incorrect signature |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
96 |
local ok = verify(key, "Hello world", sig:sub(1, -2)..string.char((sig:byte(-1)+1)%255)); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
97 |
assert.is_falsy(ok); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
98 |
end |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
99 |
do -- Incorrect message |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
100 |
local ok = verify(key, "Hello earth", sig); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
101 |
assert.is_falsy(ok); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
102 |
end |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
103 |
do -- Incorrect message (embedded NUL) |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
104 |
local ok = verify(key, "Hello world\0foo", sig); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
105 |
assert.is_falsy(ok); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 |
end |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
107 |
end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
108 |
end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
109 |
end |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
110 |
end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
111 |
|
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
112 |
describe("ECDSA signatures", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
113 |
local hex = require "util.hex"; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
114 |
local sig = hex.decode((([[ |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
115 |
304402203e936e7b0bc62887e0e9d675afd08531a930384cfcf301 |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
116 |
f25d13053a2ebf141d02205a5a7c7b7ac5878d004cb79b17b39346 |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
117 |
6b0cd1043718ffc31c153b971d213a8e |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
118 |
]]):gsub("%s+", ""))); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
119 |
it("can be parsed", function () |
| 12741 | 120 |
local r, s = crypto.parse_ecdsa_signature(sig, 32); |
|
12697
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
121 |
assert.is_string(r); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
122 |
assert.is_string(s); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
123 |
assert.equal(32, #r); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
124 |
assert.equal(32, #s); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
125 |
end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
126 |
it("fails to parse invalid signatures", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
127 |
local invalid_sigs = { |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
128 |
""; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
129 |
"\000"; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
130 |
string.rep("\000", 64); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
131 |
string.rep("\000", 72); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
132 |
string.rep("\000", 256); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
133 |
string.rep("\255", 72); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
134 |
string.rep("\255", 3); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
135 |
}; |
|
12707
5bda8598a2af
util.crypto: tests: fix some tests that didn't do much (thanks luacheck!)
Matthew Wild <mwild1@gmail.com>
parents:
12704
diff
changeset
|
136 |
for _, invalid_sig in ipairs(invalid_sigs) do |
| 12741 | 137 |
local r, s = crypto.parse_ecdsa_signature(invalid_sig, 32); |
|
12697
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
138 |
assert.is_nil(r); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
139 |
assert.is_nil(s); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
140 |
end |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
141 |
end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
142 |
it("can be built", function () |
| 12741 | 143 |
local r, s = crypto.parse_ecdsa_signature(sig, 32); |
|
12697
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
144 |
local rebuilt_sig = crypto.build_ecdsa_signature(r, s); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
145 |
assert.equal(sig, rebuilt_sig); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
146 |
end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
147 |
end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
148 |
|
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
149 |
describe("AES-GCM encryption", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
150 |
it("works", function () |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
151 |
local message = "foo\0bar"; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
152 |
local key_128_bit = random.bytes(16); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
153 |
local key_256_bit = random.bytes(32); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
154 |
local test_cases = { |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
155 |
{ crypto.aes_128_gcm_encrypt, crypto.aes_128_gcm_decrypt, key = key_128_bit }; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
156 |
{ crypto.aes_256_gcm_encrypt, crypto.aes_256_gcm_decrypt, key = key_256_bit }; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
157 |
}; |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
158 |
for _, params in pairs(test_cases) do |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
159 |
local iv = params.iv or random.bytes(12); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
160 |
local encrypted = params[1](params.key, iv, message); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
161 |
assert.not_equal(message, encrypted); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
162 |
local decrypted = params[2](params.key, iv, encrypted); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
163 |
assert.equal(message, decrypted); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
164 |
end |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
165 |
end); |
|
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
166 |
end); |
|
12841
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12741
diff
changeset
|
167 |
|
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12741
diff
changeset
|
168 |
describe("AES-CTR encryption", function () |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12741
diff
changeset
|
169 |
it("works", function () |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12741
diff
changeset
|
170 |
local message = "foo\0bar hello world"; |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12741
diff
changeset
|
171 |
local key_256_bit = random.bytes(32); |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12741
diff
changeset
|
172 |
local test_cases = { |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12741
diff
changeset
|
173 |
{ crypto.aes_256_ctr_decrypt, crypto.aes_256_ctr_decrypt, key = key_256_bit }; |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12741
diff
changeset
|
174 |
}; |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12741
diff
changeset
|
175 |
for _, params in pairs(test_cases) do |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12741
diff
changeset
|
176 |
local iv = params.iv or random.bytes(16); |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12741
diff
changeset
|
177 |
local encrypted = params[1](params.key, iv, message); |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12741
diff
changeset
|
178 |
assert.not_equal(message, encrypted); |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12741
diff
changeset
|
179 |
local decrypted = params[2](params.key, iv, encrypted); |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12741
diff
changeset
|
180 |
assert.equal(message, decrypted); |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12741
diff
changeset
|
181 |
end |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12741
diff
changeset
|
182 |
end); |
|
d3ae47d8a7a7
util.crypto: Add support for AES-256-CTR
Matthew Wild <mwild1@gmail.com>
parents:
12741
diff
changeset
|
183 |
end); |
|
12697
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
184 |
end); |