diff --git a/Makefile b/Makefile index a5c1bc7..e573621 100644 --- a/Makefile +++ b/Makefile @@ -21,6 +21,9 @@ run_test_file = env \ all: test +clean: + rm -rf target/* + test: test-env ${run_test_file} ${ROOT_DIR}/test/aes.utest.lua ${run_test_file} ${ROOT_DIR}/test/random.utest.lua @@ -52,7 +55,7 @@ test: test-env ${run_test_file} ${ROOT_DIR}/test/portal4.ctest.lua ${run_test_file} ${ROOT_DIR}/test/portal5.ctest.lua -test-env: run-env target/dist/etc/nginx/ssso ${lua_cmods}/bit32.so ${lua_cmods}/cjson.so ${lua_mods}/resty/easy-crypto.lua ${lua_mods}/luaunit.lua +test-env: run-env target/dist/etc/nginx/ssso ${lua_mods}/base64.lua ${lua_cmods}/bit32.so ${lua_cmods}/cjson.so ${lua_cmods}/luagcrypt.so ${lua_mods}/luaunit.lua target/dist/etc/nginx/ssso: src test/global.json test/login test/portal test/sites rm -rf target/dist/etc/nginx/ssso; \ @@ -82,14 +85,17 @@ ${lua_root}/bin/luarocks: target/src/luarocks/luarocks-${luarocks_version}.tar.g make install \ ) +${lua_mods}/base64.lua: ${lua_root}/bin/luarocks + ${lua_root}/bin/luarocks install base64 + ${lua_cmods}/bit32.so: ${lua_root}/bin/luarocks ${lua_root}/bin/luarocks install bit32 ${lua_cmods}/cjson.so: ${lua_root}/bin/luarocks ${lua_root}/bin/luarocks install lua-cjson -${lua_mods}/resty/easy-crypto.lua: ${lua_root}/bin/luarocks - ${lua_root}/bin/luarocks install lua-easy-crypto +${lua_cmods}/luagcrypt.so: ${lua_root}/bin/luarocks + ${lua_root}/bin/luarocks install luagcrypt ${lua_mods}/luaunit.lua: ${lua_root}/bin/luarocks ${lua_root}/bin/luarocks install luaunit @@ -102,4 +108,4 @@ target/src/luarocks/luarocks-${luarocks_version}.tar.gz: mkdir -p target/src/luarocks; \ curl -so target/src/luarocks/luarocks-${luarocks_version}.tar.gz "${luarocks_src}" -.PHONY: all run-env test-env test +.PHONY: all clean run-env test-env test diff --git a/test/aes.utest.lua b/test/aes.utest.lua index dc968ba..3477c3c 100644 --- a/test/aes.utest.lua +++ b/test/aes.utest.lua @@ -2,10 +2,12 @@ local lu = require("luaunit") local aes = require("resty.openssl.cipher") function test_aes() + local key1 = "0a123456789a123456789a1234567890" + local key2 = "0b123456789b123456789b1234567890" local aes1 = aes.new(nil) local aes2 = aes.new(nil) - local enc1 = assert(aes1:encrypt("a", nil, "test", nil, nil)) - local enc2 = assert(aes2:encrypt("b", nil, "other", nil, nil)) + local enc1 = assert(aes1:encrypt(key1, "iv", "test", nil, "test")) + local enc2 = assert(aes2:encrypt(key2, "iv", "other", nil, "test")) local tag1 = aes1:get_aead_tag() local tag2 = aes2:get_aead_tag() local aes3 = aes.new(nil) @@ -16,8 +18,8 @@ function test_aes() lu.assertNotEquals(enc2, "other") lu.assertNotEquals(enc1 .. tag1, "test") lu.assertNotEquals(enc2 .. tag2, "other") - lu.assertEquals(aes3:decrypt("a", nil, enc1, nil, nil, tag1), "test") - lu.assertEquals(aes4:decrypt("b", nil, enc2, nil, nil, tag2), "other") + lu.assertEquals(aes3:decrypt(key1, "iv", enc1, nil, "test", tag1), "test") + lu.assertEquals(aes4:decrypt(key2, "iv", enc2, nil, "test", tag2), "other") end os.exit(lu.LuaUnit.run()) diff --git a/test/alt/resty/openssl/cipher.lua b/test/alt/resty/openssl/cipher.lua index 6200328..02d9a9e 100644 --- a/test/alt/resty/openssl/cipher.lua +++ b/test/alt/resty/openssl/cipher.lua @@ -1,30 +1,30 @@ -local real_aes = require("resty.easy-crypto") +local gcrypt = require("luagcrypt") local function new(_) local fake_instance = {} - function fake_instance:encrypt(key, _, data, _, _) - local aes = real_aes:new({ - saltSize = 16, - ivSize = 12, - iterationCount = 2, - }) - local encrypted = assert(aes:encrypt(key, data)) - self.tag = encrypted:sub(-16) - return encrypted:sub(1, -17), nil + function fake_instance:encrypt(key, iv, data, _, auth) + local cipher = gcrypt.Cipher(gcrypt.CIPHER_AES256, gcrypt.CIPHER_MODE_GCM) + cipher:setkey(key) + cipher:setiv(iv) + cipher:authenticate(auth) + local encrypted = assert(cipher:encrypt(data)) + self.tag = cipher:gettag() + return encrypted, nil end function fake_instance:get_aead_tag() return self.tag end - function fake_instance:decrypt(key, _, data, _, _, tag) - local aes = real_aes:new({ - saltSize = 16, - ivSize = 12, - iterationCount = 2, - }) - return aes:decrypt(key, data .. tag) + function fake_instance:decrypt(key, iv, data, _, auth, tag) + local cipher = gcrypt.Cipher(gcrypt.CIPHER_AES256, gcrypt.CIPHER_MODE_GCM) + cipher:setkey(key) + cipher:setiv(iv) + cipher:authenticate(auth) + local decrypted = assert(cipher:decrypt(data)) + cipher:checktag(tag) + return decrypted end return fake_instance diff --git a/test/alt/resty/random.lua b/test/alt/resty/random.lua index 86434b8..07aea35 100644 --- a/test/alt/resty/random.lua +++ b/test/alt/resty/random.lua @@ -1,7 +1,9 @@ -local ssl_rand = require("openssl.rand") - local function bytes(count, _) - return ssl_rand.bytes(count) + local b = "" + for i = 1, count do + b = b .. string.char(math.random(0, 255)) + end + return b end return { diff --git a/test/alt/resty/sha256.lua b/test/alt/resty/sha256.lua index 03b7ba4..509a4d0 100644 --- a/test/alt/resty/sha256.lua +++ b/test/alt/resty/sha256.lua @@ -1,17 +1,18 @@ -local real_sha = require("bgcrypto.sha256") +local gcrypt = require("luagcrypt") local sha_proxy = {} function sha_proxy:new() local fake_instance = { - data = "", + sha = gcrypt.Hash(gcrypt.MD_SHA256), } function fake_instance:update(data) - self.data = self.data .. data + self.sha:write(data) end function fake_instance:final() - return real_sha.digest(self.data, true) + local str = self.sha:read(gcrypt.MD_SHA256) + return (str:gsub(".", function(char) return string.format("%02x", char:byte()) end)) end return fake_instance