From 43bb3d5756a77f7d67a470ca1c69c979a2dba612 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 19 Apr 2019 14:12:28 +0200 Subject: util.hashes: Add test vectors from RFC 6070 for PBKDF2 (aka SCRAM Hi()) Number 4 is disabled by default beacuse of how long time it takes --- spec/util_hashes_spec.lua | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 spec/util_hashes_spec.lua (limited to 'spec/util_hashes_spec.lua') diff --git a/spec/util_hashes_spec.lua b/spec/util_hashes_spec.lua new file mode 100644 index 00000000..1e6187bb --- /dev/null +++ b/spec/util_hashes_spec.lua @@ -0,0 +1,37 @@ +-- Test vectors from RFC 6070 +local hashes = require "util.hashes"; +local hex = require "util.hex"; + +-- Also see spec for util.hmac where HMAC test cases reside + +describe("PBKDF2-SHA1", function () + it("test vector 1", function () + local P = "password" + local S = "salt" + local c = 1 + local DK = "0c60c80f961f0e71f3a9b524af6012062fe037a6"; + assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c))); + end); + it("test vector 2", function () + local P = "password" + local S = "salt" + local c = 2 + local DK = "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957"; + assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c))); + end); + it("test vector 3", function () + local P = "password" + local S = "salt" + local c = 4096 + local DK = "4b007901b765489abead49d926f721d065a429c1"; + assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c))); + end); + it("test vector 4 #SLOW", function () + local P = "password" + local S = "salt" + local c = 16777216 + local DK = "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984"; + assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c))); + end); +end); + -- cgit v1.2.3 From 165ee3a5ef1247468e98d0d4cba6fc43e15f92d7 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 20 Apr 2019 15:11:04 +0200 Subject: util.hashes: Allow specifying output key length This is not needed for SCRAM but PBKDF2 takes this argument. --- spec/util_hashes_spec.lua | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'spec/util_hashes_spec.lua') diff --git a/spec/util_hashes_spec.lua b/spec/util_hashes_spec.lua index 1e6187bb..9099145a 100644 --- a/spec/util_hashes_spec.lua +++ b/spec/util_hashes_spec.lua @@ -33,5 +33,21 @@ describe("PBKDF2-SHA1", function () local DK = "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984"; assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c))); end); + it("test vector 5", function () + local P = "passwordPASSWORDpassword" + local S = "saltSALTsaltSALTsaltSALTsaltSALTsalt" + local c = 4096 + local dkLen = 25 + local DK = "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038" + assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c, dkLen))); + end); + it("works", function () + local P = "pass\0word" + local S = "sa\0lt" + local c = 4096 + local dkLen = 16 + local DK = "56fa6aa75548099dcc37d7f03425e0c3" + assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c, dkLen))); + end); end); -- cgit v1.2.3 From 90d4d6bda8161d7fdc730f822db13a1a8639aee4 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 21 Apr 2019 00:59:36 +0200 Subject: Backed out changeset 61bc5c52c941 luaL_buffinitsize is only available in Lua 5.2+ --- spec/util_hashes_spec.lua | 16 ---------------- 1 file changed, 16 deletions(-) (limited to 'spec/util_hashes_spec.lua') diff --git a/spec/util_hashes_spec.lua b/spec/util_hashes_spec.lua index 9099145a..1e6187bb 100644 --- a/spec/util_hashes_spec.lua +++ b/spec/util_hashes_spec.lua @@ -33,21 +33,5 @@ describe("PBKDF2-SHA1", function () local DK = "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984"; assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c))); end); - it("test vector 5", function () - local P = "passwordPASSWORDpassword" - local S = "saltSALTsaltSALTsaltSALTsaltSALTsalt" - local c = 4096 - local dkLen = 25 - local DK = "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038" - assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c, dkLen))); - end); - it("works", function () - local P = "pass\0word" - local S = "sa\0lt" - local c = 4096 - local dkLen = 16 - local DK = "56fa6aa75548099dcc37d7f03425e0c3" - assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c, dkLen))); - end); end); -- cgit v1.2.3 From 16c54b170580328dd57bb35a68281d5e385b82dc Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 22 Apr 2020 21:35:33 +0200 Subject: util.hashes: Use generic name of PBKDF2-HMAC-SHA1 function in tests --- spec/util_hashes_spec.lua | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'spec/util_hashes_spec.lua') diff --git a/spec/util_hashes_spec.lua b/spec/util_hashes_spec.lua index 1e6187bb..5c616a8d 100644 --- a/spec/util_hashes_spec.lua +++ b/spec/util_hashes_spec.lua @@ -4,34 +4,34 @@ local hex = require "util.hex"; -- Also see spec for util.hmac where HMAC test cases reside -describe("PBKDF2-SHA1", function () +describe("PBKDF2-HMAC-SHA1", function () it("test vector 1", function () local P = "password" local S = "salt" local c = 1 local DK = "0c60c80f961f0e71f3a9b524af6012062fe037a6"; - assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c))); + assert.equal(DK, hex.to(hashes.pbkdf2_hmac_sha1(P, S, c))); end); it("test vector 2", function () local P = "password" local S = "salt" local c = 2 local DK = "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957"; - assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c))); + assert.equal(DK, hex.to(hashes.pbkdf2_hmac_sha1(P, S, c))); end); it("test vector 3", function () local P = "password" local S = "salt" local c = 4096 local DK = "4b007901b765489abead49d926f721d065a429c1"; - assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c))); + assert.equal(DK, hex.to(hashes.pbkdf2_hmac_sha1(P, S, c))); end); it("test vector 4 #SLOW", function () local P = "password" local S = "salt" local c = 16777216 local DK = "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984"; - assert.equal(DK, hex.to(hashes.scram_Hi_sha1(P, S, c))); + assert.equal(DK, hex.to(hashes.pbkdf2_hmac_sha1(P, S, c))); end); end); -- cgit v1.2.3 From 701c5f48110cb004925ba659b7221b18713ad2c7 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 22 Apr 2020 21:38:36 +0200 Subject: util.hashes: Fix output length of PBKDF2-HMAC-SHA256 Somehow it got SHA1's 20 byte output instead of the proper 32 = 256/8 --- spec/util_hashes_spec.lua | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'spec/util_hashes_spec.lua') diff --git a/spec/util_hashes_spec.lua b/spec/util_hashes_spec.lua index 5c616a8d..3639dd4e 100644 --- a/spec/util_hashes_spec.lua +++ b/spec/util_hashes_spec.lua @@ -35,3 +35,21 @@ describe("PBKDF2-HMAC-SHA1", function () end); end); +describe("PBKDF2-HMAC-SHA256", function () + it("test vector 1", function () + local P = "password"; + local S = "salt"; + local c = 1 + local DK = "120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b"; + assert.equal(DK, hex.to(hashes.pbkdf2_hmac_sha256(P, S, c))); + end); + it("test vector 2", function () + local P = "password"; + local S = "salt"; + local c = 2 + local DK = "ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43"; + assert.equal(DK, hex.to(hashes.pbkdf2_hmac_sha256(P, S, c))); + end); +end); + + -- cgit v1.2.3