Test HMAC function with RFC vectors and update tests

cursoragent · lovasoa · cursoragent · commit 8bd0795e43e4 · 2025-09-30T19:44:06.000Z
Co-authored-by: contact &lt;contact@ophir.dev&gt;
diff --git a/src/webserver/database/sqlpage_functions/functions.rs b/src/webserver/database/sqlpage_functions/functions.rs
@@ -792,15 +792,19 @@ async fn client_ip(request: &RequestInfo) -> Option<String> {
 
 #[tokio::test]
 async fn test_hmac() {
+    // Test vector from RFC 4231 - HMAC-SHA256
     let result = hmac(
-        Some(Cow::Borrowed("test")),
+        Some(Cow::Borrowed("The quick brown fox jumps over the lazy dog")),
         Some(Cow::Borrowed("key")),
         Some(Cow::Borrowed("sha256")),
     )
     .await
     .unwrap()
     .unwrap();
-    assert_eq!(result.len(), 64); // SHA-256 produces 32 bytes = 64 hex chars
+    assert_eq!(
+        result,
+        "f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8"
+    );
 }
 
 /// Returns the ID token claims as a JSON object.
diff --git a/tests/sql_test_files/it_works_hmac_default.sql b/tests/sql_test_files/it_works_hmac_default.sql
@@ -1 +1,6 @@
-SELECT 'text' as component, 'It works ! HMAC (default sha256): ' || sqlpage.hmac('Hello, World!', 'secret-key') as contents;
+SELECT 'text' as component,
+    CASE 
+        WHEN sqlpage.hmac('test data', 'test key') = sqlpage.hmac('test data', 'test key', 'sha256')
+        THEN 'It works ! HMAC default algorithm is SHA-256'
+        ELSE 'Default algorithm mismatch'
+    END as contents;
diff --git a/tests/sql_test_files/it_works_hmac_sha256.sql b/tests/sql_test_files/it_works_hmac_sha256.sql
@@ -1 +1,6 @@
-SELECT 'text' as component, 'It works ! HMAC SHA-256: ' || sqlpage.hmac('Hello, World!', 'secret-key', 'sha256') as contents;
+SELECT 'text' as component,
+    CASE 
+        WHEN sqlpage.hmac('The quick brown fox jumps over the lazy dog', 'key', 'sha256') = 'f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8'
+        THEN 'It works ! HMAC SHA-256 hash is correct'
+        ELSE 'Hash mismatch: ' || sqlpage.hmac('The quick brown fox jumps over the lazy dog', 'key', 'sha256')
+    END as contents;
diff --git a/tests/sql_test_files/it_works_hmac_sha512.sql b/tests/sql_test_files/it_works_hmac_sha512.sql
@@ -1 +1,6 @@
-SELECT 'text' as component, 'It works ! HMAC SHA-512: ' || sqlpage.hmac('Hello, World!', 'secret-key', 'sha512') as contents;
+SELECT 'text' as component,
+    CASE 
+        WHEN sqlpage.hmac('The quick brown fox jumps over the lazy dog', 'key', 'sha512') = 'b42af09057bac1e2d41708e48a902e09b5ff7f12ab428a4fe86653c73dd248fb82f948a549f7b791a5b41915ee4d1ec3935357e4e2317250d0372afa2ebeeb3a'
+        THEN 'It works ! HMAC SHA-512 hash is correct'
+        ELSE 'Hash mismatch: ' || sqlpage.hmac('The quick brown fox jumps over the lazy dog', 'key', 'sha512')
+    END as contents;
