jwa 0.1.0

data/spec/jwa/algorithms/content_encryption/a256_cbc_hs512_spec.rb

@@ -0,0 +1,35 @@
+require_relative './aes_cbc_hs_shared'
+
+describe JWA::Algorithms::ContentEncryption::A256CbcHs512 do
+  include_examples 'AES-CBC-HS' do
+    let(:key) do
+      '00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
+       10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
+       20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f
+       30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f'
+    end
+
+    let(:ciphertext) do
+      '4a ff aa ad b7 8c 31 c5 da 4b 1b 59 0d 10 ff bd
+       3d d8 d5 d3 02 42 35 26 91 2d a0 37 ec bc c7 bd
+       82 2c 30 1d d6 7c 37 3b cc b5 84 ad 3e 92 79 c2
+       e6 d1 2a 13 74 b7 7f 07 75 53 df 82 94 10 44 6b
+       36 eb d9 70 66 29 6a e6 42 7e a7 5c 2e 08 46 a1
+       1a 09 cc f5 37 0d c8 0b fe cb ad 28 c7 3f 09 b3
+       a3 b7 5e 66 2a 25 94 41 0a e4 96 b2 e2 e6 60 9e
+       31 e6 e0 2c c8 37 f0 53 d2 1f 37 ff 4f 51 95 0b
+       be 26 38 d0 9d d7 a4 93 09 30 80 6d 07 03 b1 f6'
+    end
+
+    let(:tag) do
+      '4d d3 b4 c0 88 a7 f4 5c 21 68 39 64 5b 20 12 bf
+       2e 62 69 a8 c5 6a 81 6d bc 1b 26 77 61 95 5b c5'
+    end
+  end
+
+  describe '.enc_name' do
+    it 'equals A256CBC-HS512' do
+      expect(described_class.enc_name).to eq 'A256CBC-HS512'
+    end
+  end
+end

data/spec/jwa/algorithms/content_encryption/a256_gcm_spec.rb

@@ -0,0 +1,61 @@
+require_relative './aes_gcm_shared'
+
+# Test vector from JWE spec
+describe JWA::Algorithms::ContentEncryption::A256Gcm do
+  include_examples 'AES-GCM' do
+    let(:plaintext) do
+      int_byte_array_to_bytes(
+        [84, 104, 101, 32, 116, 114, 117, 101, 32, 115, 105, 103, 110, 32,
+         111, 102, 32, 105, 110, 116, 101, 108, 108, 105, 103, 101, 110, 99,
+         101, 32, 105, 115, 32, 110, 111, 116, 32, 107, 110, 111, 119, 108,
+         101, 100, 103, 101, 32, 98, 117, 116, 32, 105, 109, 97, 103, 105,
+         110, 97, 116, 105, 111, 110, 46]
+      )
+    end
+
+    let(:authenticated_data) do
+      int_byte_array_to_bytes(
+        [101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 83, 85, 48, 69,
+         116, 84, 48, 70, 70, 85, 67, 73, 115, 73, 109, 86, 117, 89, 121, 73,
+         54, 73, 107, 69, 121, 78, 84, 90, 72, 81, 48, 48, 105, 102, 81]
+      )
+    end
+
+    let(:key) do
+      int_byte_array_to_bytes(
+        [177, 161, 244, 128, 84, 143, 225, 115, 63, 180, 3, 255, 107, 154,
+         212, 246, 138, 7, 110, 91, 112, 46, 34, 105, 47, 130, 203, 46, 122,
+         234, 64, 252]
+      )
+    end
+
+    let(:iv) do
+      int_byte_array_to_bytes(
+        [227, 197, 117, 252, 2, 219, 233, 68, 180, 225, 77, 219]
+      )
+    end
+
+    let(:ciphertext) do
+      int_byte_array_to_bytes(
+        [229, 236, 166, 241, 53, 191, 115, 196, 174, 43, 73, 109, 39, 122,
+         233, 96, 140, 206, 120, 52, 51, 237, 48, 11, 190, 219, 186, 80, 111,
+         104, 50, 142, 47, 167, 59, 61, 181, 127, 196, 21, 40, 82, 242, 32,
+         123, 143, 168, 226, 73, 216, 176, 144, 138, 247, 106, 60, 16, 205,
+         160, 109, 64, 63, 192]
+      )
+    end
+
+    let(:tag) do
+      int_byte_array_to_bytes(
+        [92, 80, 104, 49, 133, 25, 161, 215, 173, 101, 219, 211, 136, 91,
+         210, 145]
+      )
+    end
+  end
+
+  describe '.enc_name' do
+    it 'equals A256GCM' do
+      expect(described_class.enc_name).to eq 'A256GCM'
+    end
+  end
+end

data/spec/jwa/algorithms/content_encryption/aes_cbc_hs_shared.rb

@@ -0,0 +1,96 @@
+shared_examples 'AES-CBC-HS' do
+  let(:plaintext) do
+    '41 20 63 69 70 68 65 72 20 73 79 73 74 65 6d 20
+     6d 75 73 74 20 6e 6f 74 20 62 65 20 72 65 71 75
+     69 72 65 64 20 74 6f 20 62 65 20 73 65 63 72 65
+     74 2c 20 61 6e 64 20 69 74 20 6d 75 73 74 20 62
+     65 20 61 62 6c 65 20 74 6f 20 66 61 6c 6c 20 69
+     6e 74 6f 20 74 68 65 20 68 61 6e 64 73 20 6f 66
+     20 74 68 65 20 65 6e 65 6d 79 20 77 69 74 68 6f
+     75 74 20 69 6e 63 6f 6e 76 65 6e 69 65 6e 63 65'
+  end
+
+  let(:authenticated_data) do
+    '54 68 65 20 73 65 63 6f 6e 64 20 70 72 69 6e 63
+     69 70 6c 65 20 6f 66 20 41 75 67 75 73 74 65 20
+     4b 65 72 63 6b 68 6f 66 66 73'
+  end
+
+  let(:iv) { '1a f3 8c 2d c2 b9 6f fd d8 66 94 09 23 41 bc 04' }
+
+  let(:b_plaintext) { hex_string_to_bytes(plaintext) }
+  let(:b_authenticated_data) { hex_string_to_bytes(authenticated_data) }
+  let(:b_key) { hex_string_to_bytes(key) }
+  let(:b_iv) { hex_string_to_bytes(iv) }
+  let(:b_ciphertext) { hex_string_to_bytes(ciphertext) }
+  let(:b_tag) { hex_string_to_bytes(tag) }
+
+  subject { described_class.new(b_key, b_iv) }
+
+  it 'encrypts according to RFC7518' do
+    ciphertext, tag = subject.encrypt(b_plaintext, b_authenticated_data)
+
+    expect(ciphertext).to eq(b_ciphertext)
+    expect(tag).to eq(b_tag)
+  end
+
+  it 'decrypt according to RFC7518' do
+    plaintext = subject.decrypt(b_ciphertext, b_authenticated_data, b_tag)
+
+    expect(plaintext).to eq(b_plaintext)
+  end
+
+  it 'raises when provided a wrong key size' do
+    expect do
+      described_class.new(b_key + "\x00", b_iv)
+    end.to raise_error(ArgumentError)
+  end
+
+  it 'raises when provided a wrong iv size' do
+    expect do
+      described_class.new(b_key, b_iv + "\x00")
+    end.to raise_error(ArgumentError)
+  end
+
+  it 'exposes the used key' do
+    expect(subject.key).to eq b_key
+  end
+
+  it 'exposes the used iv' do
+    ins = described_class.new(b_key)
+    expect(ins.iv).to_not be_nil
+  end
+
+  describe '#available?' do
+    context 'when the cipher is not available' do
+      it 'is false' do
+        allow(JWA::Cipher).to receive(:for) { raise NotImplementedError }
+        expect(described_class.available?).to be_falsey
+      end
+    end
+
+    context 'when the cipher is available' do
+      it 'is true' do
+        allow(JWA::Cipher).to receive(:for)
+        expect(described_class.available?).to be_truthy
+      end
+    end
+  end
+
+  it 'raises an error if the tag is corrupt' do
+    expect do
+      subject.decrypt(b_ciphertext, b_authenticated_data, 'random data')
+    end.to raise_error(JWA::BadDecrypt)
+  end
+
+  it 'raises an error if the signature pass, but decryption fails' do
+    # The second half of the key influcences only decryption, but not signature checking
+    key = b_key.dup
+    key[-1] = "\x00"
+
+    ins = described_class.new(key, b_iv)
+    expect do
+      ins.decrypt(b_ciphertext, b_authenticated_data, b_tag)
+    end.to raise_error(JWA::BadDecrypt)
+  end
+end

data/spec/jwa/algorithms/content_encryption/aes_gcm_shared.rb

@@ -0,0 +1,60 @@
+shared_examples 'AES-GCM' do
+  subject { described_class.new(key, iv) }
+
+  it 'encrypts according to the Test Case' do
+    r_ciphertext, r_tag = subject.encrypt(plaintext, authenticated_data)
+
+    expect(r_ciphertext).to eq(ciphertext)
+    expect(r_tag).to eq(tag)
+  end
+
+  it 'decrypt according to the Test Case' do
+    r_plaintext = subject.decrypt(ciphertext, authenticated_data, tag)
+
+    expect(r_plaintext).to eq(plaintext)
+  end
+
+  it 'raises when provided a wrong key size' do
+    expect do
+      described_class.new(key + "\x00", iv)
+    end.to raise_error(ArgumentError)
+  end
+
+  it 'raises when provided a wrong iv size' do
+    expect do
+      described_class.new(key, iv + "\x00")
+    end.to raise_error(ArgumentError)
+  end
+
+  it 'exposes the used key' do
+    expect(subject.key).to eq key
+  end
+
+  it 'exposes the used iv' do
+    ins = described_class.new(key)
+    expect(ins.iv).to_not be_nil
+  end
+
+  describe '#available?' do
+    context 'when the cipher is not available' do
+      it 'is false' do
+        allow(JWA::Cipher).to receive(:for) { raise NotImplementedError }
+        expect(described_class.available?).to be_falsey
+      end
+    end
+
+    context 'when the cipher is available' do
+      it 'is true' do
+        allow(JWA::Cipher).to receive(:for)
+        expect(described_class.available?).to be_truthy
+      end
+    end
+  end
+
+  it 'raises an error if decryption fails' do
+    ins = described_class.new("\x00" * described_class.key_length, iv)
+    expect do
+      ins.decrypt(ciphertext, authenticated_data, tag)
+    end.to raise_error(JWA::BadDecrypt)
+  end
+end

data/spec/jwa/algorithms/content_encryption_spec.rb

@@ -0,0 +1,7 @@
+describe JWA::Algorithms::ContentEncryption do
+  describe '.for' do
+    it 'returns a class for a given encryption method name' do
+      expect(described_class.for('A128GCM')).to be JWA::Algorithms::ContentEncryption::A128Gcm
+    end
+  end
+end

data/spec/jwa/algorithms/key_management/a128_kw_spec.rb

@@ -0,0 +1,43 @@
+describe JWA::Algorithms::KeyManagement::A128Kw do
+  let(:jwk) { JWK::Key.from_json(File.read('spec/support/oct16.json')) }
+
+  let(:plaintext) do
+    int_byte_array_to_bytes([4, 211, 31, 197, 84, 157, 252, 254, 11, 100, 157, 250, 63, 170, 106,
+                             206, 107, 124, 212, 45, 111, 107, 9, 219, 200, 177, 0, 240, 143, 156,
+                             44, 207])
+  end
+
+  let(:ciphertext) do
+    int_byte_array_to_bytes([232, 160, 123, 211, 183, 76, 245, 132, 200, 128, 123, 75, 190, 216,
+                             22, 67, 201, 138, 193, 186, 9, 91, 122, 31, 246, 90, 28, 139, 57, 3,
+                             76, 124, 193, 11, 98, 37, 173, 61, 104, 57])
+  end
+
+  it 'decrypts according to the Test Case (RFC 7516 - Section A.3)' do
+    key = jwk.to_s
+
+    alg = described_class.new(key)
+    expect(alg.decrypt(ciphertext)).to eq plaintext
+  end
+
+  it 'encrypts according to the Test Case' do
+    key = jwk.to_s
+
+    alg = described_class.new(key)
+    expect(alg.encrypt(plaintext)).to eq ciphertext
+  end
+
+  it 'raises when the iv doesn\'t match' do
+    key = jwk.to_s
+
+    alg = described_class.new(key)
+    ciph = alg.encrypt(plaintext)
+
+    alg2 = described_class.new(key, "\xA5\xA5\xA5\xA5\xA5\xA5\xA5\xA5")
+    expect { alg2.decrypt(ciph) }.to raise_error(StandardError)
+  end
+
+  it 'raises for wrong key sizes' do
+    expect { described_class.new("\x00" * 12) }.to raise_error(ArgumentError)
+  end
+end

data/spec/jwa/algorithms/key_management/a192_kw_spec.rb

@@ -0,0 +1,29 @@
+describe JWA::Algorithms::KeyManagement::A192Kw do
+  let(:jwk) { JWK::Key.from_json(File.read('spec/support/oct24.json')) }
+
+  let(:plaintext) do
+    int_byte_array_to_bytes([4, 211, 31, 197, 84, 157, 252, 254, 11, 100, 157, 250, 63, 170, 106,
+                             206, 107, 124, 212, 45, 111, 107, 9, 219, 200, 177, 0, 240, 143, 156,
+                             44, 207])
+  end
+
+  let(:ciphertext) do
+    int_byte_array_to_bytes([143, 218, 154, 233, 170, 149, 194, 128, 166, 3, 246, 159, 78, 90, 167,
+                             0, 22, 179, 29, 231, 11, 77, 104, 42, 102, 115, 158, 61, 247, 117,
+                             234, 19, 241, 102, 103, 177, 218, 215, 160, 151])
+  end
+
+  it 'decrypts according to the Test Case (RFC 7516 - Section A.3)' do
+    key = jwk.to_s
+
+    alg = described_class.new(key)
+    expect(alg.decrypt(ciphertext)).to eq plaintext
+  end
+
+  it 'encrypts according to the Test Case' do
+    key = jwk.to_s
+
+    alg = described_class.new(key)
+    expect(alg.encrypt(plaintext)).to eq ciphertext
+  end
+end

data/spec/jwa/algorithms/key_management/a256_kw_spec.rb

@@ -0,0 +1,29 @@
+describe JWA::Algorithms::KeyManagement::A256Kw do
+  let(:jwk) { JWK::Key.from_json(File.read('spec/support/oct32.json')) }
+
+  let(:plaintext) do
+    int_byte_array_to_bytes([4, 211, 31, 197, 84, 157, 252, 254, 11, 100, 157, 250, 63, 170, 106,
+                             206, 107, 124, 212, 45, 111, 107, 9, 219, 200, 177, 0, 240, 143, 156,
+                             44, 207])
+  end
+
+  let(:ciphertext) do
+    int_byte_array_to_bytes([198, 158, 179, 0, 33, 254, 44, 72, 227, 132, 72, 122, 1, 139, 110, 8,
+                             55, 39, 196, 203, 65, 90, 255, 20, 27, 211, 159, 146, 66, 122, 239, 238,
+                             145, 174, 248, 60, 215, 107, 251, 14])
+  end
+
+  it 'decrypts according to the Test Case (RFC 7516 - Section A.3)' do
+    key = jwk.to_s
+
+    alg = described_class.new(key)
+    expect(alg.decrypt(ciphertext)).to eq plaintext
+  end
+
+  it 'encrypts according to the Test Case' do
+    key = jwk.to_s
+
+    alg = described_class.new(key)
+    expect(alg.encrypt(plaintext)).to eq ciphertext
+  end
+end

data/spec/jwa/algorithms/key_management/ecdh_es_spec.rb

@@ -0,0 +1,36 @@
+describe JWA::Algorithms::KeyManagement::EcdhEs do
+  let(:alice) { JWK::Key.from_json(File.read('spec/support/ec1.json')) }
+  let(:bob) { JWK::Key.from_json(File.read('spec/support/ec2.json')) }
+
+  let(:expected) do
+    int_byte_array_to_bytes([86, 170, 141, 234, 248, 35, 109, 32, 92, 34, 40, 205, 113, 167, 16, 26])
+  end
+
+  it 'resolves alice\'s key according to the spec' do
+    alg = described_class.new(alice.to_openssl_key, JWA::Algorithms::ContentEncryption::A128Gcm, 'Alice', 'Bob')
+
+    begin
+      actual = alg.encrypt(bob.to_openssl_key.public_key)
+      expect(actual).to eq expected
+    rescue Exception => e
+      raise e unless defined?(JRUBY_VERSION)
+
+      $stderr.puts('WARNING: This test fails on jRuby due to incorrect EC Keys implementation. It would still work ' \
+                   'if the OpenSSL keys were generated instead of loaded.')
+    end
+  end
+
+  it 'resolves bob\'s key according to the spec' do
+    alg = described_class.new(bob.to_openssl_key, JWA::Algorithms::ContentEncryption::A128Gcm, 'Alice', 'Bob')
+
+    begin
+      actual = alg.encrypt(alice.to_openssl_key.public_key)
+      expect(actual).to eq expected
+    rescue Exception => e
+      raise e unless defined?(JRUBY_VERSION)
+
+      $stderr.puts('WARNING: This test fails on jRuby due to incorrect EC Keys implementation. It would still work ' \
+                   'if the OpenSSL keys were generated instead of loaded.')
+    end
+  end
+end

data/spec/jwa/algorithms/key_management/pbes2_hs256_a128_kw_spec.rb

@@ -0,0 +1,27 @@
+describe JWA::Algorithms::KeyManagement::Pbes2Hs256A128Kw do
+  let(:password) { 'Thus from my lips, by yours, my sin is purged.' }
+  let(:salt) { int_byte_array_to_bytes([217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 155, 137, 174, 42, 80, 215]) }
+  let(:iterations) { 4096 }
+
+  let(:plaintext) do
+    int_byte_array_to_bytes([111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 112,
+                             161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 48,
+                             253, 182])
+  end
+
+  let(:ciphertext) do
+    int_byte_array_to_bytes([78, 186, 151, 59, 11, 141, 81, 240, 213, 245, 83, 211, 53, 188, 134,
+                             188, 66, 125, 36, 200, 222, 124, 5, 103, 249, 52, 117, 184, 140, 81,
+                             246, 158, 161, 177, 20, 33, 245, 57, 59, 4])
+  end
+
+  it 'decrypts according to the Test Case (RFC 7517 - Appendix C)' do
+    alg = described_class.new(password, salt, iterations)
+    expect(alg.decrypt(ciphertext)).to eq plaintext
+  end
+
+  it 'encrypts according to the Test Case' do
+    alg = described_class.new(password, salt, iterations)
+    expect(alg.encrypt(plaintext)).to eq ciphertext
+  end
+end

data/spec/jwa/algorithms/key_management/pbes2_hs384_a192_kw_spec.rb

@@ -0,0 +1,32 @@
+# WARNING:
+#   No public test case was found, so this was artificially generated.
+#   The ciphertext here is what I expect it to be, not what is known to be correct.
+#   Hopefully it's still correct
+
+describe JWA::Algorithms::KeyManagement::Pbes2Hs384A192Kw do
+  let(:password) { 'Thus from my lips, by yours, my sin is purged.' }
+  let(:salt) { int_byte_array_to_bytes([217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 155, 137, 174, 42, 80, 215]) }
+  let(:iterations) { 4096 }
+
+  let(:plaintext) do
+    int_byte_array_to_bytes([111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 112,
+                             161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 48,
+                             253, 182])
+  end
+
+  let(:ciphertext) do
+    int_byte_array_to_bytes([215, 56, 252, 107, 109, 188, 15, 220, 217, 9, 142, 195, 65, 53, 139,
+                             56, 180, 25, 68, 130, 147, 127, 238, 100, 239, 217, 250, 240, 70, 8,
+                             35, 18, 242, 142, 239, 238, 250, 130, 221, 180])
+  end
+
+  it 'decrypts predictably' do
+    alg = described_class.new(password, salt, iterations)
+    expect(alg.decrypt(ciphertext)).to eq plaintext
+  end
+
+  it 'encrypts predictably' do
+    alg = described_class.new(password, salt, iterations)
+    expect(alg.encrypt(plaintext)).to eq ciphertext
+  end
+end