From 43bb3d5756a77f7d67a470ca1c69c979a2dba612 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 19 Apr 2019 14:12:28 +0200 Subject: util.hashes: Add test vectors from RFC 6070 for PBKDF2 (aka SCRAM Hi()) Number 4 is disabled by default beacuse of how long time it takes --- spec/util_hashes_spec.lua | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 spec/util_hashes_spec.lua (limited to 'spec/util_hashes_spec.lua') diff --git a/spec/util_hashes_spec.lua b/spec/util_hashes_spec.lua new file mode 100644 index 00000000..1e6187bb --- /dev/null +++ b/spec/util_hashes_spec.lua @@ -0,0 +1,37 @@ +-- Test vectors from RFC 6070 +local hashes = require "util.hashes"; +local hex = require "util.hex"; + +-- Also see spec for util.hmac where HMAC test cases reside + +describe("PBKDF2-SHA1", function () + it("test vector 1", function () + local P = "password" + local S = "salt" + local c = 1 + local DK = "0c60c80f961f0e71f3a9b524af6012062fe037a6"; + assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c))); + end); + it("test vector 2", function () + local P = "password" + local S = "salt" + local c = 2 + local DK = "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957"; + assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c))); + end); + it("test vector 3", function () + local P = "password" + local S = "salt" + local c = 4096 + local DK = "4b007901b765489abead49d926f721d065a429c1"; + assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c))); + end); + it("test vector 4 #SLOW", function () + local P = "password" + local S = "salt" + local c = 16777216 + local DK = "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984"; + assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c))); + end); +end); + -- cgit v1.2.3 From 165ee3a5ef1247468e98d0d4cba6fc43e15f92d7 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 20 Apr 2019 15:11:04 +0200 Subject: util.hashes: Allow specifying output key length This is not needed for SCRAM but PBKDF2 takes this argument. --- spec/util_hashes_spec.lua | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'spec/util_hashes_spec.lua') diff --git a/spec/util_hashes_spec.lua b/spec/util_hashes_spec.lua index 1e6187bb..9099145a 100644 --- a/spec/util_hashes_spec.lua +++ b/spec/util_hashes_spec.lua @@ -33,5 +33,21 @@ describe("PBKDF2-SHA1", function () local DK = "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984"; assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c))); end); + it("test vector 5", function () + local P = "passwordPASSWORDpassword" + local S = "saltSALTsaltSALTsaltSALTsaltSALTsalt" + local c = 4096 + local dkLen = 25 + local DK = "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038" + assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c, dkLen))); + end); + it("works", function () + local P = "pass\0word" + local S = "sa\0lt" + local c = 4096 + local dkLen = 16 + local DK = "56fa6aa75548099dcc37d7f03425e0c3" + assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c, dkLen))); + end); end); -- cgit v1.2.3 From 90d4d6bda8161d7fdc730f822db13a1a8639aee4 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 21 Apr 2019 00:59:36 +0200 Subject: Backed out changeset 61bc5c52c941 luaL_buffinitsize is only available in Lua 5.2+ --- spec/util_hashes_spec.lua | 16 ---------------- 1 file changed, 16 deletions(-) (limited to 'spec/util_hashes_spec.lua') diff --git a/spec/util_hashes_spec.lua b/spec/util_hashes_spec.lua index 9099145a..1e6187bb 100644 --- a/spec/util_hashes_spec.lua +++ b/spec/util_hashes_spec.lua @@ -33,21 +33,5 @@ describe("PBKDF2-SHA1", function () local DK = "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984"; assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c))); end); - it("test vector 5", function () - local P = "passwordPASSWORDpassword" - local S = "saltSALTsaltSALTsaltSALTsaltSALTsalt" - local c = 4096 - local dkLen = 25 - local DK = "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038" - assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c, dkLen))); - end); - it("works", function () - local P = "pass\0word" - local S = "sa\0lt" - local c = 4096 - local dkLen = 16 - local DK = "56fa6aa75548099dcc37d7f03425e0c3" - assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c, dkLen))); - end); end); -- cgit v1.2.3