RubyGems - jwe - Versions diffs - 0.2.0 → 0.3.0 - Mend

jwe 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fa8fe82eeb7d259a610ce7e6a89374a8d5cd7ff2
-  data.tar.gz: 0a1a8862400049ee407852f0e21cbb0cb6a8210b
+  metadata.gz: 05c87a9be4e5864d4f31495bd609ff3d4abf1a68
+  data.tar.gz: dc5edbbac44a91be23673da3f5d0b2beb91a8245
 SHA512:
-  metadata.gz: 40e851c53020b8c790080090ba7ca53e9e4264a5bcb990dd78598d2b0109ca5fe83e77fe2a3ae40c2ee5fcf75265e6074985f1038ef5ebd4003df8fa23fc5b59
-  data.tar.gz: f01772b4e6dc52ccded47081617c2890d21faf017b00ee285e525138e7d65765d9b2e38889b391159cf876e20328e81423afdf0123bcdd9497cc6581d4ad5478
+  metadata.gz: a26d929b4124949bbac9137855a32b42a9ab9165c0025e405e924937e99c9222e88096a1d5e40c93360f4e491df4f43ebe80a4f6d9fe0bba8bc34b9d10a94d99
+  data.tar.gz: b3e9575add99b0ad449c083a3981d419aaeaf17748591f00e293fcb61e556257b2b371af2c13c7ce8f294cfe72ec39d0f5cac7d6f2b46dd2c2864045410962dc

data/README.md CHANGED

@@ -84,9 +84,9 @@ Key management:
 * RSA1_5
 * RSA-OAEP (default)
 * ~~RSA-OAEP-256~~
-* ~~A128KW~~
-* ~~A192KW~~
-* ~~A256KW~~
+* A128KW
+* A192KW
+* A256KW
 * dir
 * ~~ECDH-ES~~
 * ~~ECDH-ES+A128KW~~

data/lib/jwe/alg.rb CHANGED

@@ -1,3 +1,4 @@
+require 'jwe/alg/a128_kw'
 require 'jwe/alg/dir'
 require 'jwe/alg/rsa_oaep'
 require 'jwe/alg/rsa15'

data/lib/jwe/alg/a128_kw.rb ADDED

@@ -0,0 +1,13 @@
+require 'jwe/alg/aes_kw'
+module JWE
+  module Alg
+    class A128Kw
+      include AesKw
+      def cipher_name
+        'AES-128-ECB'
+      end
+    end
+  end
+end

data/lib/jwe/alg/a192_kw.rb ADDED

@@ -0,0 +1,13 @@
+require 'jwe/alg/aes_kw'
+module JWE
+  module Alg
+    class A192Kw
+      include AesKw
+      def cipher_name
+        'AES-192-ECB'
+      end
+    end
+  end
+end

data/lib/jwe/alg/a256_kw.rb ADDED

@@ -0,0 +1,13 @@
+require 'jwe/alg/aes_kw'
+module JWE
+  module Alg
+    class A256Kw
+      include AesKw
+      def cipher_name
+        'AES-256-ECB'
+      end
+    end
+  end
+end

data/lib/jwe/alg/aes_kw.rb ADDED

@@ -0,0 +1,84 @@
+module JWE
+  module Alg
+    module AesKw
+      attr_accessor :key
+      attr_accessor :iv
+      def initialize(key = nil, iv = "\xA6\xA6\xA6\xA6\xA6\xA6\xA6\xA6")
+        self.iv = iv.force_encoding('ASCII-8BIT')
+        self.key = key.force_encoding('ASCII-8BIT')
+      end
+      def encrypt(cek)
+        a = iv
+        r = cek.scan(/.{8}/m)
+        6.times do |j|
+          r.length.times do |i|
+            b = encrypt_round(a + r[i])
+            a = b.chars.first(8).join
+            r[i] = b.chars.last(8).join
+            t = (r.length * j) + i + 1
+            a = xor(a, t)
+          end
+        end
+        ([a] + r).join
+      end
+      def decrypt(encrypted_cek)
+        c = encrypted_cek.scan(/.{8}/m)
+        a = c[0]
+        r = c[1..c.length]
+        5.downto(0) do |j|
+          r.length.downto(1) do |i|
+            t = (r.length * j) + i
+            a = xor(a, t)
+            b = decrypt_round(a + r[i - 1])
+            a = b.chars.first(8).join
+            r[i - 1] = b.chars.last(8).join
+          end
+        end
+        if a != iv
+          raise StandardError.new('The encrypted key has been tampered. Do not use this key.')
+        end
+        r.join
+      end
+      def cipher
+        @cipher ||= OpenSSL::Cipher.new(cipher_name)
+      rescue RuntimeError
+        raise JWE::NotImplementedError.new("The version of OpenSSL linked to your Ruby does not support the cipher #{cipher_name}.")
+      end
+      def encrypt_round(data)
+        cipher.encrypt
+        cipher.key = key
+        cipher.padding = 0
+        cipher.update(data) + cipher.final
+      end
+      def decrypt_round(data)
+        cipher.decrypt
+        cipher.key = key
+        cipher.padding = 0
+        cipher.update(data) + cipher.final
+      end
+      def xor(data, t)
+        t = ([0] * (data.length - 1)) + [t]
+        data = data.chars.map(&:ord)
+        data.zip(t).map { |a, b| (a ^ b).chr }.join
+      end
+    end
+  end
+end

data/lib/jwe/version.rb CHANGED

@@ -1,3 +1,3 @@
 module JWE
-  VERSION = '0.2.0'.freeze
+  VERSION = '0.3.0'.freeze
 end

data/lib/jwe/zip/def.rb CHANGED

@@ -4,11 +4,19 @@ module JWE
   module Zip
     class Def
       def compress(payload)
-        Zlib::Deflate.deflate(payload)
+        zlib = Zlib::Deflate.new(Zlib::DEFAULT_COMPRESSION, -Zlib::MAX_WBITS)
+        zlib.deflate(payload)
+        zlib.finish
       end
+      # Was using RFC 1950 instead of 1951.
       def decompress(payload)
         Zlib::Inflate.inflate(payload)
+      # Keeping compatibility for old encoded tokens
+      rescue Zlib::DataError
+        inflate = Zlib::Inflate.new(-Zlib::MAX_WBITS)
+        inflate.inflate(payload)
       end
     end
   end

data/spec/jwe/alg_spec.rb CHANGED

@@ -1,6 +1,9 @@
 require 'jwe/alg/dir'
 require 'jwe/alg/rsa_oaep'
 require 'jwe/alg/rsa15'
+require 'jwe/alg/a128_kw'
+require 'jwe/alg/a192_kw'
+require 'jwe/alg/a256_kw'
 require 'openssl'
 describe JWE::Alg do
@@ -64,3 +67,34 @@ describe JWE::Alg::Rsa15 do
     expect(alg.decrypt(ciphertext)).to eq 'random key'
   end
 end
+[
+  JWE::Alg::A128Kw,
+  JWE::Alg::A192Kw,
+  JWE::Alg::A256Kw
+].each_with_index do |klass, i|
+  describe klass do
+    let(:kek) { SecureRandom.random_bytes(16 + i * 8) }
+    let(:cek) { SecureRandom.random_bytes(32) }
+    let(:alg) { klass.new(kek) }
+    describe '#encrypt' do
+      it 'returns an encrypted string' do
+        expect(alg.encrypt(cek)).to_not eq cek
+      end
+    end
+    it 'decrypts the encrypted key to the original key' do
+      ciphertext = alg.encrypt(cek)
+      expect(alg.decrypt(ciphertext)).to eq cek
+    end
+    it 'raises when trying to decrypt tampered keys' do
+      alg = klass.new(kek, "\xA7\xA7\xA7\xA7\xA6\xA6\xA6\xA6")
+      ciphertext = alg.encrypt(cek)
+      bad_alg = klass.new(kek, "\xA7\xA7\xA7\xA7\xA7\xA7\xA7\xA7")
+      expect { bad_alg.decrypt(ciphertext) }.to raise_error(StandardError)
+    end
+  end
+end

data/spec/jwe/zip_spec.rb CHANGED

@@ -18,4 +18,10 @@ describe JWE::Zip::Def do
     deflated = deflate.compress('hello world')
     expect(deflate.decompress(deflated)).to eq 'hello world'
   end
+  it 'can deflate an RFC 1950 compressed message' do
+    deflated = Zlib::Deflate.deflate('hello world')
+    deflate = JWE::Zip::Def.new
+    expect(deflate.decompress(deflated)).to eq 'hello world'
+  end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jwe
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Francesco Boffa
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-04-02 00:00:00.000000000 Z
+date: 2017-05-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -70,6 +70,10 @@ files:
 - jwe.gemspec
 - lib/jwe.rb
 - lib/jwe/alg.rb
+- lib/jwe/alg/a128_kw.rb
+- lib/jwe/alg/a192_kw.rb
+- lib/jwe/alg/a256_kw.rb
+- lib/jwe/alg/aes_kw.rb
 - lib/jwe/alg/dir.rb
 - lib/jwe/alg/rsa15.rb
 - lib/jwe/alg/rsa_oaep.rb