aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2022-09-29 23:17:42 +0100
committerMatthew Wild <mwild1@gmail.com>2022-09-29 23:17:42 +0100
commit5ca81b0e3bcef02ebf6e518e10a855c6ed3efd7f (patch)
treed4bb945532b4b7f8f4d48baaf5f2c4b2e80c0cea
parent8695a72a668fa38f1df64653508c360534e5e3db (diff)
downloadprosody-5ca81b0e3bcef02ebf6e518e10a855c6ed3efd7f.tar.gz
prosody-5ca81b0e3bcef02ebf6e518e10a855c6ed3efd7f.zip
util.jwt: Add support for ES512 (+ tests)
-rw-r--r--spec/inputs/test_keys.lua43
-rw-r--r--spec/util_jwt_spec.lua25
-rw-r--r--util/jwt.lua1
3 files changed, 66 insertions, 3 deletions
diff --git a/spec/inputs/test_keys.lua b/spec/inputs/test_keys.lua
index 088332c4..e0e9ff8c 100644
--- a/spec/inputs/test_keys.lua
+++ b/spec/inputs/test_keys.lua
@@ -31,6 +31,49 @@ FbjsHyKAmEi8pQIIcsTtJ9qH/Co4vg/uAtc8TSpmSEGuLPJ3miCM15zGNQ==
-----END PUBLIC KEY-----
]];
+ -- JWT reference keys for ES512
+
+ ecdsa_521_public_pem = [[
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBgc4HZz+/fBbC7lmEww0AO3NK9wVZ
+PDZ0VEnsaUFLEYpTzb90nITtJUcPUbvOsdZIZ1Q8fnbquAYgxXL5UgHMoywAib47
+6MkyyYgPk0BXZq3mq4zImTRNuaU9slj9TVJ3ScT3L1bXwVuPJDzpr5GOFpaj+WwM
+Al8G7CqwoJOsW7Kddns=
+-----END PUBLIC KEY-----
+]];
+
+ ecdsa_521_private_pem = [[
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBiyAa7aRHFDCh2qga
+9sTUGINE5jHAFnmM8xWeT/uni5I4tNqhV5Xx0pDrmCV9mbroFtfEa0XVfKuMAxxf
+Z6LM/yKhgYkDgYYABAGBzgdnP798FsLuWYTDDQA7c0r3BVk8NnRUSexpQUsRilPN
+v3SchO0lRw9Ru86x1khnVDx+duq4BiDFcvlSAcyjLACJvjvoyTLJiA+TQFdmrear
+jMiZNE25pT2yWP1NUndJxPcvVtfBW48kPOmvkY4WlqP5bAwCXwbsKrCgk6xbsp12
+ew==
+-----END PRIVATE KEY-----
+]];
+
+ -- Self-generated keys for ES512
+
+ alt_ecdsa_521_public_pem = [[
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBIxV0ecG/+qFc/kVPKs8Z6tjJEuRe
+dzrEaqABY6THu7BhCjEoxPr6iRYdiFPzNruFORsCAKf/NFLSoCqyrw9S0YMA1xc+
+uW01145oxT7Sp8BOH1MyOh7xNh+LFLi6X4lV6j5GQrM1sKSa3O5m0+VJmLy5b7cy
+oxNCzXrnEByz+EO2nYI=
+-----END PUBLIC KEY-----
+]];
+
+ alt_ecdsa_521_private_pem = [[
+-----BEGIN EC PRIVATE KEY-----
+MIHcAgEBBEIAV2XJQ4/5Pa5m43/AJdL4XzrRV/l7eQ1JObqmI95YDs3zxM5Mfygz
+DivhvuPdZCZUR+TdZQEdYN4LpllCzrDwmTCgBwYFK4EEACOhgYkDgYYABAEjFXR5
+wb/6oVz+RU8qzxnq2MkS5F53OsRqoAFjpMe7sGEKMSjE+vqJFh2IU/M2u4U5GwIA
+p/80UtKgKrKvD1LRgwDXFz65bTXXjmjFPtKnwE4fUzI6HvE2H4sUuLpfiVXqPkZC
+szWwpJrc7mbT5UmYvLlvtzKjE0LNeucQHLP4Q7adgg==
+-----END EC PRIVATE KEY-----
+]];
+
-- Self-generated EdDSA (Ed25519) keypair
eddsa_private_pem = [[
-----BEGIN PRIVATE KEY-----
diff --git a/spec/util_jwt_spec.lua b/spec/util_jwt_spec.lua
index 2a2ee76b..6946bdd3 100644
--- a/spec/util_jwt_spec.lua
+++ b/spec/util_jwt_spec.lua
@@ -89,6 +89,23 @@ describe("util.jwt", function ()
};
};
{
+ algorithm = "ES512";
+ keys = {
+ { test_keys.ecdsa_521_private_pem, test_keys.ecdsa_521_public_pem };
+ { test_keys.alt_ecdsa_521_private_pem, test_keys.alt_ecdsa_521_public_pem };
+ };
+ {
+ name = "jwt.io reference";
+ [[eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.AbVUinMiT3J_03je8WTOIl-VdggzvoFgnOsdouAs-DLOtQzau9valrq-S6pETyi9Q18HH-EuwX49Q7m3KC0GuNBJAc9Tksulgsdq8GqwIqZqDKmG7hNmDzaQG1Dpdezn2qzv-otf3ZZe-qNOXUMRImGekfQFIuH_MjD2e8RZyww6lbZk]];
+ { -- payload
+ sub = "1234567890";
+ name = "John Doe";
+ admin = true;
+ iat = 1516239022;
+ };
+ };
+ };
+ {
algorithm = "RS256";
keys = {
{ test_keys.rsa_private_pem, test_keys.rsa_public_pem };
@@ -197,10 +214,12 @@ describe("util.jwt", function ()
untested_algorithms:remove(algorithm);
describe(algorithm, function ()
- it("can do basic sign and verify", function ()
- for _, keypair in ipairs(keypairs) do
+ describe("can do basic sign and verify", function ()
+ for keypair_n, keypair in ipairs(keypairs) do
local signing_key, verifying_key = keypair[1], keypair[2];
- do_sign_verify_test(algorithm, signing_key, verifying_key, true);
+ it(("(test key pair %d)"):format(keypair_n), function ()
+ do_sign_verify_test(algorithm, signing_key, verifying_key, true);
+ end);
end
end);
diff --git a/util/jwt.lua b/util/jwt.lua
index 1c7daf12..0c878efb 100644
--- a/util/jwt.lua
+++ b/util/jwt.lua
@@ -150,6 +150,7 @@ end
local algorithms = {
HS256 = new_hmac_algorithm("HS256"), HS384 = new_hmac_algorithm("HS384"), HS512 = new_hmac_algorithm("HS512");
ES256 = new_ecdsa_algorithm("ES256", crypto.ecdsa_sha256_sign, crypto.ecdsa_sha256_verify, 32);
+ ES512 = new_ecdsa_algorithm("ES512", crypto.ecdsa_sha512_sign, crypto.ecdsa_sha512_verify, 66);
RS256 = new_rsa_algorithm("RS256"), RS384 = new_rsa_algorithm("RS384"), RS512 = new_rsa_algorithm("RS512");
PS256 = new_rsa_algorithm("PS256"), PS384 = new_rsa_algorithm("PS384"), PS512 = new_rsa_algorithm("PS512");
};