1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
declare(strict_types=1); |
4
|
|
|
|
5
|
|
|
namespace SimpleSAML\XMLSecurity\Test\Alg\Signature; |
6
|
|
|
|
7
|
|
|
use PHPUnit\Framework\TestCase; |
8
|
|
|
use SimpleSAML\XMLSecurity\Alg\Signature\SignatureAlgorithmFactory; |
9
|
|
|
use SimpleSAML\XMLSecurity\Constants as C; |
10
|
|
|
use SimpleSAML\XMLSecurity\Key\SymmetricKey; |
11
|
|
|
|
12
|
|
|
use function bin2hex; |
13
|
|
|
use function hex2bin; |
14
|
|
|
|
15
|
|
|
/** |
16
|
|
|
* Tests for SimpleSAML\XMLSecurity\Alg\Signature\HMAC. |
17
|
|
|
* |
18
|
|
|
* @package SimpleSAML\Signature |
19
|
|
|
*/ |
20
|
|
|
final class HMACSignatureTest extends TestCase |
21
|
|
|
{ |
22
|
|
|
/** @var string */ |
23
|
|
|
protected const PLAINTEXT = 'plaintext'; |
24
|
|
|
|
25
|
|
|
/** @var string */ |
26
|
|
|
protected const SECRET = 'de54fbd0f10c34df6e800b11043024fa'; |
27
|
|
|
|
28
|
|
|
/** @var \SimpleSAML\XMLSecurity\Alg\Signature\SignatureAlgorithmFactory */ |
29
|
|
|
protected static SignatureAlgorithmFactory $factory; |
30
|
|
|
|
31
|
|
|
/** @var \SimpleSAML\XMLSecurity\Key\SymmetricKey */ |
32
|
|
|
protected static SymmetricKey $key; |
33
|
|
|
|
34
|
|
|
|
35
|
|
|
public static function setUpBeforeClass(): void |
36
|
|
|
{ |
37
|
|
|
self::$factory = new SignatureAlgorithmFactory([]); |
38
|
|
|
self::$key = new SymmetricKey(self::SECRET); |
39
|
|
|
} |
40
|
|
|
|
41
|
|
|
|
42
|
|
|
/** |
43
|
|
|
* Test that signing works. |
44
|
|
|
*/ |
45
|
|
|
public function testSign(): void |
46
|
|
|
{ |
47
|
|
|
// test HMAC-SHA1 |
48
|
|
|
$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA1, self::$key); |
49
|
|
|
$this->assertEquals('655c3b4277b39f31dedf5adc7f4cc9f07da7102c', bin2hex($hmac->sign(self::PLAINTEXT))); |
50
|
|
|
|
51
|
|
|
// test HMAC-SHA224 |
52
|
|
|
$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA224, self::$key); |
53
|
|
|
$this->assertEquals( |
54
|
|
|
'645405ccc725e10022e5a89e98cc33db07c0cd89ba78c21caf931f40', |
55
|
|
|
bin2hex($hmac->sign(self::PLAINTEXT)), |
56
|
|
|
); |
57
|
|
|
|
58
|
|
|
// test HMAC-SHA256 |
59
|
|
|
$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA256, self::$key); |
60
|
|
|
$this->assertEquals( |
61
|
|
|
'721d8385785a3d4c8d16c7b4a96b343728a11e221656e6dd9502d540d4e87ef2', |
62
|
|
|
bin2hex($hmac->sign(self::PLAINTEXT)), |
63
|
|
|
); |
64
|
|
|
|
65
|
|
|
// test HMAC-SHA384 |
66
|
|
|
$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA384, self::$key); |
67
|
|
|
$this->assertEquals( |
68
|
|
|
'b3ad2e39a057fd7a952cffd503d30eca295c6698dc23ddf0bebf98631a0162da0db0105db156a220dec78cebaf2c202c', |
69
|
|
|
bin2hex($hmac->sign(self::PLAINTEXT)), |
70
|
|
|
); |
71
|
|
|
|
72
|
|
|
// test HMAC-SHA512 |
73
|
|
|
$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA512, self::$key); |
74
|
|
|
$this->assertEquals( |
75
|
|
|
'9cc73c95f564a142b28340cf6e1d6b509a9e97dab6577e5d0199760a858105185252e203b6b096ad24708a2b7e34a0f506776d8' . |
76
|
|
|
'8e2f47fff055fc51342b69cdc', |
77
|
|
|
bin2hex($hmac->sign(self::PLAINTEXT)), |
78
|
|
|
); |
79
|
|
|
|
80
|
|
|
// test HMAC-RIPEMD160 |
81
|
|
|
$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_RIPEMD160, self::$key); |
82
|
|
|
$this->assertEquals('a9fd77b68644464d08be0ba2cd998eab3e2a7b1d', bin2hex($hmac->sign(self::PLAINTEXT))); |
83
|
|
|
} |
84
|
|
|
|
85
|
|
|
|
86
|
|
|
/** |
87
|
|
|
* Test that signature verification works. |
88
|
|
|
*/ |
89
|
|
|
public function testVerify(): void |
90
|
|
|
{ |
91
|
|
|
// test HMAC-SHA1 |
92
|
|
|
$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA1, self::$key); |
93
|
|
|
$this->assertTrue($hmac->verify(self::PLAINTEXT, hex2bin('655c3b4277b39f31dedf5adc7f4cc9f07da7102c'))); |
94
|
|
|
|
95
|
|
|
// test HMAC-SHA224 |
96
|
|
|
$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA224, self::$key); |
97
|
|
|
$this->assertTrue($hmac->verify( |
98
|
|
|
self::PLAINTEXT, |
99
|
|
|
hex2bin('645405ccc725e10022e5a89e98cc33db07c0cd89ba78c21caf931f40'), |
100
|
|
|
)); |
101
|
|
|
|
102
|
|
|
// test HMAC-SHA256 |
103
|
|
|
$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA256, self::$key); |
104
|
|
|
$this->assertTrue($hmac->verify( |
105
|
|
|
self::PLAINTEXT, |
106
|
|
|
hex2bin('721d8385785a3d4c8d16c7b4a96b343728a11e221656e6dd9502d540d4e87ef2'), |
107
|
|
|
)); |
108
|
|
|
|
109
|
|
|
// test HMAC-SHA384 |
110
|
|
|
$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA384, self::$key); |
111
|
|
|
$this->assertTrue($hmac->verify( |
112
|
|
|
self::PLAINTEXT, |
113
|
|
|
hex2bin('b3ad2e39a057fd7a952cffd503d30eca295c6698dc23ddf0bebf98631a0162da0db0105db156a220dec78cebaf2c202c'), |
114
|
|
|
)); |
115
|
|
|
|
116
|
|
|
// test HMAC-SHA512 |
117
|
|
|
$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA512, self::$key); |
118
|
|
|
$this->assertTrue($hmac->verify( |
119
|
|
|
self::PLAINTEXT, |
120
|
|
|
hex2bin( |
121
|
|
|
'9cc73c95f564a142b28340cf6e1d6b509a9e97dab6577e5d0199760a858105185252e203b6b096ad24708a2b7e34a0f5067' . |
122
|
|
|
'76d88e2f47fff055fc51342b69cdc', |
123
|
|
|
), |
124
|
|
|
)); |
125
|
|
|
|
126
|
|
|
// test HMAC-RIPEMD160 |
127
|
|
|
$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_RIPEMD160, self::$key); |
128
|
|
|
$this->assertTrue($hmac->verify(self::PLAINTEXT, hex2bin('a9fd77b68644464d08be0ba2cd998eab3e2a7b1d'))); |
129
|
|
|
} |
130
|
|
|
|
131
|
|
|
|
132
|
|
|
/** |
133
|
|
|
* Test that signature verification fails properly. |
134
|
|
|
*/ |
135
|
|
|
public function testVerificationFailure(): void |
136
|
|
|
{ |
137
|
|
|
// test wrong plaintext |
138
|
|
|
$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA1, self::$key); |
139
|
|
|
$this->assertFalse($hmac->verify(self::PLAINTEXT . '.', hex2bin('655c3b4277b39f31dedf5adc7f4cc9f07da7102c'))); |
140
|
|
|
|
141
|
|
|
// test wrong signature |
142
|
|
|
$this->assertFalse($hmac->verify(self::PLAINTEXT, hex2bin('655c3b4277b39f31dedf5adc7f4cc9f07da7102d'))); |
143
|
|
|
|
144
|
|
|
// test wrong key |
145
|
|
|
$wrongKey = new SymmetricKey('de54fbd0f10c34df6e800b11043024fb'); |
146
|
|
|
$hmac = self::$factory->getAlgorithm(C::SIG_HMAC_SHA1, $wrongKey); |
147
|
|
|
$this->assertFalse($hmac->verify(self::PLAINTEXT, hex2bin('655c3b4277b39f31dedf5adc7f4cc9f07da7102c'))); |
148
|
|
|
} |
149
|
|
|
} |
150
|
|
|
|