jwe 1.0.0 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -4
- data/README.md +2 -2
- data/lib/jwe/alg/rsa_oaep_256.rb +22 -0
- data/lib/jwe/alg.rb +1 -0
- data/lib/jwe/enc/aes_cbc_hs.rb +2 -2
- data/lib/jwe/enc/aes_gcm.rb +5 -1
- data/lib/jwe/version.rb +1 -1
- data/spec/jwe/alg_spec.rb +23 -0
- data/spec/jwe/enc_spec.rb +8 -0
- metadata +5 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 932d7aac27c18e27353fbe02c694c9aca3c87a4c76ede9d663f462760d6c5ada
|
|
4
|
+
data.tar.gz: 1d1d72e8b5ba18424afaf70932fd08b6d9cbeb5a6ba55356e15a82f1a94695ef
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 261a2c1920567bac989577ca58d498c61bf7d4912c4d66a9232448ef357e997bbc9d8b7ce9fd0828bbf7e3e14f93e49bb7ad4ecb54ea071574247389f27d4992
|
|
7
|
+
data.tar.gz: 51f82c565e51404d7fced2d27e65f39586e56026cf8fcd77c5fb99c8e08cc8363e2bd3c37dec13b4b5cfefb701edb45f3ad61591307c68b194bd7151f80bb48d
|
data/CHANGELOG.md
CHANGED
|
@@ -1,14 +1,30 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
-
## [v1.
|
|
3
|
+
## [v1.1.1](https://github.com/jwt/ruby-jwe/tree/v1.1.1) (2025-08-07)
|
|
4
|
+
|
|
5
|
+
[Full Changelog](https://github.com/jwt/ruby-jwe/compare/v1.1.0...v1.1.1)
|
|
6
|
+
|
|
7
|
+
**Fixes and enhancements:**
|
|
8
|
+
|
|
9
|
+
- Fix tag length checking for AES-GCM (CVE-2025-54887)
|
|
10
|
+
|
|
11
|
+
## [v1.1.0](https://github.com/jwt/ruby-jwe/tree/v1.1.0) (2025-07-22)
|
|
12
|
+
|
|
13
|
+
[Full Changelog](https://github.com/jwt/ruby-jwe/compare/v1.0.0...v1.1.0)
|
|
14
|
+
|
|
15
|
+
**Features:**
|
|
16
|
+
|
|
17
|
+
- Add RsaOaep256 algorithm (https://github.com/jwt/ruby-jwe/pull/31)
|
|
18
|
+
|
|
19
|
+
## [v1.0.0](https://github.com/jwt/ruby-jwe/tree/v1.0.0) (2025-02-16)
|
|
4
20
|
|
|
5
21
|
[Full Changelog](https://github.com/jwt/ruby-jwe/compare/v0.4.0...v1.0.0)
|
|
6
22
|
|
|
7
23
|
**Features:**
|
|
8
24
|
|
|
9
|
-
- Support Ruby 3.4 (
|
|
10
|
-
- Drop support for Ruby versions prior to 2.5 (
|
|
25
|
+
- Support Ruby 3.4 (https://github.com/jwt/ruby-jwe/pull/26)
|
|
26
|
+
- Drop support for Ruby versions prior to 2.5 (https://github.com/jwt/ruby-jwe/pull/27)
|
|
11
27
|
|
|
12
28
|
**Fixes and enhancements:**
|
|
13
29
|
|
|
14
|
-
- Refreshed codebase (CI and linter fixes) (
|
|
30
|
+
- Refreshed codebase (CI and linter fixes) (https://github.com/jwt/ruby-jwe/pull/27, https://github.com/jwt/ruby-jwe/pull/28)
|
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# JWE
|
|
2
2
|
|
|
3
|
-
[](https://github.com/jwt/ruby-jwe/actions/workflows/test.yml)
|
|
4
4
|
[](https://badge.fury.io/rb/jwe)
|
|
5
5
|
|
|
6
6
|
A ruby implementation of the [RFC 7516 JSON Web Encryption (JWE)](https://tools.ietf.org/html/rfc7516) standard.
|
|
@@ -96,7 +96,7 @@ Only a subset of these algorithms is implemented in this gem. Striked elements a
|
|
|
96
96
|
Key management:
|
|
97
97
|
* RSA1_5
|
|
98
98
|
* RSA-OAEP (default)
|
|
99
|
-
*
|
|
99
|
+
* RSA-OAEP-256 (if OpenSSL::VERSION >= '3.0')
|
|
100
100
|
* A128KW
|
|
101
101
|
* A192KW
|
|
102
102
|
* A256KW
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module JWE
|
|
4
|
+
module Alg
|
|
5
|
+
# RSA-OAEP-256 key encryption algorithm.
|
|
6
|
+
class RsaOaep256
|
|
7
|
+
attr_accessor :key
|
|
8
|
+
|
|
9
|
+
def initialize(key)
|
|
10
|
+
self.key = key
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def encrypt(cek)
|
|
14
|
+
key.encrypt(cek, { rsa_padding_mode: 'oaep', rsa_oaep_md: 'sha256' })
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def decrypt(encrypted_cek)
|
|
18
|
+
key.decrypt(encrypted_cek, { rsa_padding_mode: 'oaep', rsa_oaep_md: 'sha256' })
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
data/lib/jwe/alg.rb
CHANGED
data/lib/jwe/enc/aes_cbc_hs.rb
CHANGED
data/lib/jwe/enc/aes_gcm.rb
CHANGED
|
@@ -38,7 +38,11 @@ module JWE
|
|
|
38
38
|
cipher.send(direction)
|
|
39
39
|
cipher.key = cek
|
|
40
40
|
cipher.iv = iv
|
|
41
|
-
|
|
41
|
+
if direction == :decrypt
|
|
42
|
+
raise JWE::InvalidData, 'Invalid ciphertext or authentication tag' unless tag.bytesize == 16
|
|
43
|
+
|
|
44
|
+
cipher.auth_tag = tag
|
|
45
|
+
end
|
|
42
46
|
cipher.auth_data = auth_data
|
|
43
47
|
end
|
|
44
48
|
|
data/lib/jwe/version.rb
CHANGED
data/spec/jwe/alg_spec.rb
CHANGED
|
@@ -55,6 +55,29 @@ describe JWE::Alg::RsaOaep do
|
|
|
55
55
|
end
|
|
56
56
|
end
|
|
57
57
|
|
|
58
|
+
if OpenSSL::VERSION >= '3.0'
|
|
59
|
+
describe JWE::Alg::RsaOaep256 do
|
|
60
|
+
let(:alg) { JWE::Alg::RsaOaep256.new(key) }
|
|
61
|
+
|
|
62
|
+
describe '#encrypt' do
|
|
63
|
+
it 'returns an encrypted string' do
|
|
64
|
+
expect(alg.encrypt('random key')).to_not eq 'random key'
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
it 'decrypts the encrypted key to the original key' do
|
|
69
|
+
ciphertext = alg.encrypt('random key')
|
|
70
|
+
expect(alg.decrypt(ciphertext)).to eq 'random key'
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
else
|
|
74
|
+
describe JWE::Alg do
|
|
75
|
+
it 'raises an error for rsa-oaep-256 if openssl < 3.0' do
|
|
76
|
+
expect { JWE::Alg.for('rsa-oaep-256') }.to raise_error(JWE::NotImplementedError)
|
|
77
|
+
end
|
|
78
|
+
end
|
|
79
|
+
end
|
|
80
|
+
|
|
58
81
|
describe JWE::Alg::Rsa15 do
|
|
59
82
|
let(:alg) { JWE::Alg::Rsa15.new(key) }
|
|
60
83
|
|
data/spec/jwe/enc_spec.rb
CHANGED
|
@@ -130,6 +130,14 @@ gcm.each do |group|
|
|
|
130
130
|
end
|
|
131
131
|
end
|
|
132
132
|
|
|
133
|
+
context 'when the tag is not 16 bytes' do
|
|
134
|
+
it 'raises an error' do
|
|
135
|
+
enc = klass.new(key, group[:iv])
|
|
136
|
+
enc.tag = group[:tag][0...-1]
|
|
137
|
+
expect { enc.decrypt(group[:helloworld], '') }.to raise_error(JWE::InvalidData)
|
|
138
|
+
end
|
|
139
|
+
end
|
|
140
|
+
|
|
133
141
|
context 'when the ciphertext is not valid' do
|
|
134
142
|
it 'raises an error' do
|
|
135
143
|
enc = klass.new(key, group[:iv])
|
metadata
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jwe
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Francesco Boffa
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: bin
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date:
|
|
10
|
+
date: 1980-01-02 00:00:00.000000000 Z
|
|
12
11
|
dependencies:
|
|
13
12
|
- !ruby/object:Gem::Dependency
|
|
14
13
|
name: base64
|
|
@@ -50,6 +49,7 @@ files:
|
|
|
50
49
|
- lib/jwe/alg/dir.rb
|
|
51
50
|
- lib/jwe/alg/rsa15.rb
|
|
52
51
|
- lib/jwe/alg/rsa_oaep.rb
|
|
52
|
+
- lib/jwe/alg/rsa_oaep_256.rb
|
|
53
53
|
- lib/jwe/base64.rb
|
|
54
54
|
- lib/jwe/enc.rb
|
|
55
55
|
- lib/jwe/enc/a128cbc_hs256.rb
|
|
@@ -78,9 +78,8 @@ licenses:
|
|
|
78
78
|
- MIT
|
|
79
79
|
metadata:
|
|
80
80
|
bug_tracker_uri: https://github.com/jwt/ruby-jwe/issues
|
|
81
|
-
changelog_uri: https://github.com/jwt/ruby-jwe/blob/v1.
|
|
81
|
+
changelog_uri: https://github.com/jwt/ruby-jwe/blob/v1.1.1/CHANGELOG.md
|
|
82
82
|
rubygems_mfa_required: 'true'
|
|
83
|
-
post_install_message:
|
|
84
83
|
rdoc_options: []
|
|
85
84
|
require_paths:
|
|
86
85
|
- lib
|
|
@@ -95,8 +94,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
95
94
|
- !ruby/object:Gem::Version
|
|
96
95
|
version: '0'
|
|
97
96
|
requirements: []
|
|
98
|
-
rubygems_version: 3.
|
|
99
|
-
signing_key:
|
|
97
|
+
rubygems_version: 3.6.7
|
|
100
98
|
specification_version: 4
|
|
101
99
|
summary: JSON Web Encryption implementation in Ruby
|
|
102
100
|
test_files: []
|