diff options
author | Matthew Wild <mwild1@gmail.com> | 2022-09-29 23:17:42 +0100 |
---|---|---|
committer | Matthew Wild <mwild1@gmail.com> | 2022-09-29 23:17:42 +0100 |
commit | 5ca81b0e3bcef02ebf6e518e10a855c6ed3efd7f (patch) | |
tree | d4bb945532b4b7f8f4d48baaf5f2c4b2e80c0cea | |
parent | 8695a72a668fa38f1df64653508c360534e5e3db (diff) | |
download | prosody-5ca81b0e3bcef02ebf6e518e10a855c6ed3efd7f.tar.gz prosody-5ca81b0e3bcef02ebf6e518e10a855c6ed3efd7f.zip |
util.jwt: Add support for ES512 (+ tests)
-rw-r--r-- | spec/inputs/test_keys.lua | 43 | ||||
-rw-r--r-- | spec/util_jwt_spec.lua | 25 | ||||
-rw-r--r-- | util/jwt.lua | 1 |
3 files changed, 66 insertions, 3 deletions
diff --git a/spec/inputs/test_keys.lua b/spec/inputs/test_keys.lua index 088332c4..e0e9ff8c 100644 --- a/spec/inputs/test_keys.lua +++ b/spec/inputs/test_keys.lua @@ -31,6 +31,49 @@ FbjsHyKAmEi8pQIIcsTtJ9qH/Co4vg/uAtc8TSpmSEGuLPJ3miCM15zGNQ== -----END PUBLIC KEY----- ]]; + -- JWT reference keys for ES512 + + ecdsa_521_public_pem = [[ +-----BEGIN PUBLIC KEY----- +MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBgc4HZz+/fBbC7lmEww0AO3NK9wVZ +PDZ0VEnsaUFLEYpTzb90nITtJUcPUbvOsdZIZ1Q8fnbquAYgxXL5UgHMoywAib47 +6MkyyYgPk0BXZq3mq4zImTRNuaU9slj9TVJ3ScT3L1bXwVuPJDzpr5GOFpaj+WwM +Al8G7CqwoJOsW7Kddns= +-----END PUBLIC KEY----- +]]; + + ecdsa_521_private_pem = [[ +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBiyAa7aRHFDCh2qga +9sTUGINE5jHAFnmM8xWeT/uni5I4tNqhV5Xx0pDrmCV9mbroFtfEa0XVfKuMAxxf +Z6LM/yKhgYkDgYYABAGBzgdnP798FsLuWYTDDQA7c0r3BVk8NnRUSexpQUsRilPN +v3SchO0lRw9Ru86x1khnVDx+duq4BiDFcvlSAcyjLACJvjvoyTLJiA+TQFdmrear +jMiZNE25pT2yWP1NUndJxPcvVtfBW48kPOmvkY4WlqP5bAwCXwbsKrCgk6xbsp12 +ew== +-----END PRIVATE KEY----- +]]; + + -- Self-generated keys for ES512 + + alt_ecdsa_521_public_pem = [[ +-----BEGIN PUBLIC KEY----- +MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBIxV0ecG/+qFc/kVPKs8Z6tjJEuRe +dzrEaqABY6THu7BhCjEoxPr6iRYdiFPzNruFORsCAKf/NFLSoCqyrw9S0YMA1xc+ +uW01145oxT7Sp8BOH1MyOh7xNh+LFLi6X4lV6j5GQrM1sKSa3O5m0+VJmLy5b7cy +oxNCzXrnEByz+EO2nYI= +-----END PUBLIC KEY----- +]]; + + alt_ecdsa_521_private_pem = [[ +-----BEGIN EC PRIVATE KEY----- +MIHcAgEBBEIAV2XJQ4/5Pa5m43/AJdL4XzrRV/l7eQ1JObqmI95YDs3zxM5Mfygz +DivhvuPdZCZUR+TdZQEdYN4LpllCzrDwmTCgBwYFK4EEACOhgYkDgYYABAEjFXR5 +wb/6oVz+RU8qzxnq2MkS5F53OsRqoAFjpMe7sGEKMSjE+vqJFh2IU/M2u4U5GwIA +p/80UtKgKrKvD1LRgwDXFz65bTXXjmjFPtKnwE4fUzI6HvE2H4sUuLpfiVXqPkZC +szWwpJrc7mbT5UmYvLlvtzKjE0LNeucQHLP4Q7adgg== +-----END EC PRIVATE KEY----- +]]; + -- Self-generated EdDSA (Ed25519) keypair eddsa_private_pem = [[ -----BEGIN PRIVATE KEY----- diff --git a/spec/util_jwt_spec.lua b/spec/util_jwt_spec.lua index 2a2ee76b..6946bdd3 100644 --- a/spec/util_jwt_spec.lua +++ b/spec/util_jwt_spec.lua @@ -89,6 +89,23 @@ describe("util.jwt", function () }; }; { + algorithm = "ES512"; + keys = { + { test_keys.ecdsa_521_private_pem, test_keys.ecdsa_521_public_pem }; + { test_keys.alt_ecdsa_521_private_pem, test_keys.alt_ecdsa_521_public_pem }; + }; + { + name = "jwt.io reference"; + [[eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.AbVUinMiT3J_03je8WTOIl-VdggzvoFgnOsdouAs-DLOtQzau9valrq-S6pETyi9Q18HH-EuwX49Q7m3KC0GuNBJAc9Tksulgsdq8GqwIqZqDKmG7hNmDzaQG1Dpdezn2qzv-otf3ZZe-qNOXUMRImGekfQFIuH_MjD2e8RZyww6lbZk]]; + { -- payload + sub = "1234567890"; + name = "John Doe"; + admin = true; + iat = 1516239022; + }; + }; + }; + { algorithm = "RS256"; keys = { { test_keys.rsa_private_pem, test_keys.rsa_public_pem }; @@ -197,10 +214,12 @@ describe("util.jwt", function () untested_algorithms:remove(algorithm); describe(algorithm, function () - it("can do basic sign and verify", function () - for _, keypair in ipairs(keypairs) do + describe("can do basic sign and verify", function () + for keypair_n, keypair in ipairs(keypairs) do local signing_key, verifying_key = keypair[1], keypair[2]; - do_sign_verify_test(algorithm, signing_key, verifying_key, true); + it(("(test key pair %d)"):format(keypair_n), function () + do_sign_verify_test(algorithm, signing_key, verifying_key, true); + end); end end); diff --git a/util/jwt.lua b/util/jwt.lua index 1c7daf12..0c878efb 100644 --- a/util/jwt.lua +++ b/util/jwt.lua @@ -150,6 +150,7 @@ end local algorithms = { HS256 = new_hmac_algorithm("HS256"), HS384 = new_hmac_algorithm("HS384"), HS512 = new_hmac_algorithm("HS512"); ES256 = new_ecdsa_algorithm("ES256", crypto.ecdsa_sha256_sign, crypto.ecdsa_sha256_verify, 32); + ES512 = new_ecdsa_algorithm("ES512", crypto.ecdsa_sha512_sign, crypto.ecdsa_sha512_verify, 66); RS256 = new_rsa_algorithm("RS256"), RS384 = new_rsa_algorithm("RS384"), RS512 = new_rsa_algorithm("RS512"); PS256 = new_rsa_algorithm("PS256"), PS384 = new_rsa_algorithm("PS384"), PS512 = new_rsa_algorithm("PS512"); }; |