sandal 0.1.1 → 0.2.0

checksums.yaml

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    N2E4NjhhOTY5Y2JkNGU1MmU1YjE2MmIzYTY4NzUwMTg5ZTc3NTk0OA==
-  data.tar.gz: !binary |-
-    YjA1YTA1MzExMDg2YmMwNDllNWQyYTgxZjNmMmQ0MjJhNWNiNTM0Mw==
-!binary "U0hBNTEy":
-  metadata.gz: !binary |-
-    YTBlODVkNGFiNWQwNGQzZWE2YjFkY2JmNTg4MDliMDlkN2YyYjA0NzBmYWYw
-    OTk5MjMzMjViYjNiODBjOGU0YmQ5MjlmMzUxODI2MzU4NzU5ZTI3ODQ1ZTk5
-    YmI1OThiMDFkZDNjNzRlMmViZTUxYjU5MWU0M2MwMGE4NDcxMDg=
-  data.tar.gz: !binary |-
-    ZWFhNjNlNzc4NDgwNmI5OTAwMmNhNTFlNDE1NjhjY2ViM2E2N2FlMjQ5NjM3
-    MDkxZDk5MmFiMzY2NGM4YTlkMjY0MzI5NDI1YTRlYWIzOWY1ZTA2MzE2NzMw
-    NTIwMjA1ZjQxMTQ1ZWU3Y2I2YjA3YmI5NDA3OTgxODZhMGRkMjA=
+SHA1:
+  metadata.gz: be263e03b58c9fb37944f44b22935361d7ad7b3d
+  data.tar.gz: f46dd2129ffe4870f9596aae4a19592a354f4aa4
+SHA512:
+  metadata.gz: 59be234975d305a39bb25e7a1c508ac272d2bb10e5af132d9afe132c8c4419c555c8ec4e30b9cadc12c3a1e8eabbae57fb7f3d9bcb8309af322ea4df43d79457
+  data.tar.gz: b680f42d362ae72b6c124efd7a06bedf1d2a38b7c214f7e587aef617c20c2ead8006f12b45150826d2fc2a1624206bf748a63a107d55465459169ef1c3423d90

data/CHANGELOG.md

@@ -1,3 +1,14 @@
+## 0.2.0
+
+Features:
+
+- Added support for AES/CBC and AES/GCM encryption methods.
+- Added RSA1_5, RSA-OAEP and direct key protection algorithms.
+
+Bug fixes:
+
+- Sandal::Sig::ES class is now not included in jruby as ECDSA isn't supported.
+
 ## 0.1.1 (01 April 2013)
 
 Features:

data/README.md

@@ -1,8 +1,8 @@
-**NOTE: This library is pretty new and still has a lot of things that aren't finished or could be improved. Expect bugs and interface changes. Pull requests or feedback very much appreciated.**
+**NOTE: This library is pretty new and still has a lot of things that aren't finished or could be improved. It also needs much more testing against the specs. Expect bugs and interface changes. Pull requests or feedback very much appreciated.**
 
 # Sandal [![Build Status](https://travis-ci.org/gregbeech/sandal.png?branch=master)](https://travis-ci.org/gregbeech/sandal) [![Coverage Status](https://coveralls.io/repos/gregbeech/sandal/badge.png?branch=master)](https://coveralls.io/r/gregbeech/sandal) [![Code Climate](https://codeclimate.com/github/gregbeech/sandal.png)](https://codeclimate.com/github/gregbeech/sandal)
 
-A Ruby library for creating and reading [JSON Web Tokens (JWT) drfat-06](http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06), supporting [JSON Web Signatures (JWS) draft-08](http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-08) and [JSON Web Encryption (JWE) draft-08](http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-08). See the [CHANGELOG](CHANGELOG.md) for version history.
+A Ruby library for creating and reading [JSON Web Tokens (JWT) draft-06](http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06), supporting [JSON Web Signatures (JWS) draft-08](http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-08) and [JSON Web Encryption (JWE) draft-08](http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-08). See the [CHANGELOG](CHANGELOG.md) for version history.
 
 ## Installation
 
@@ -20,7 +20,7 @@ Or install it yourself as:
 
 ## Signed Tokens
 
-The signing part of the library is a lot smaller and easier to implement than the encryption part, so I focused on that first. All the JWA signature methods are supported:
+All the JWA signature methods are supported:
 
 - ES256, ES384, ES512 (note: not supported on jruby)
 - HS256, HS384, HS512
@@ -38,10 +38,10 @@ claims = {
   'sub' => 'user@example.org',
   'exp' => (Time.now + 3600).to_i
 }
-key = OpenSSL::PKey::EC.new(File.read('/path/to/private_key.pem'))
+key = OpenSSL::PKey::EC.new(File.read('/path/to/ec_private_key.pem'))
 signer = Sandal::Sig::ES256.new(key)
-token = Sandal.encode_token(claims, signer, { 
-  'kid' => 'my key identifier' 
+jws_token = Sandal.encode_token(claims, signer, { 
+  'kid' => 'my ec key'
 })
 ```
 
@@ -51,9 +51,9 @@ Decoding and validating example:
 require 'openssl'
 require 'sandal'
 
-claims = Sandal.decode_token(token) do |header|
-  if header['kid'] == 'my key identifier'
-    key = OpenSSL::PKey::EC.new(File.read('/path/to/public_key.pem'))
+claims = Sandal.decode_token(jws_token) do |header|
+  if header['kid'] == 'my ec key'
+    key = OpenSSL::PKey::EC.new(File.read('/path/to/ec_public_key.pem'))
     Sandal::Sig::ES256.new(key)
   end
 end
@@ -61,12 +61,55 @@ end
 
 Keys for these examples can be generated by executing:
 
-    $ openssl ecparam -out private_key.pem -name prime256v1 -genkey
-    $ openssl ec -out public_key.pem -in private_key.pem -pubout
+    $ openssl ecparam -out ec_private_key.pem -name prime256v1 -genkey
+    $ openssl ec -out ec_public_key.pem -in ec_private_key.pem -pubout
 
 ## Encrypted Tokens
 
-This part of the library still needs a lot of work. The current version supports the AES/CBC algorithms and RSA1_5 key protection, but expect a lot of changes here. I'd avoid it for now.
+**NOTE: Encryption is still somewhat experimental and likely to be incorrect and/or buggy. Please let me know if you have any issues.**
+
+All the JWA encryption methods are supported:
+
+- A128CBC+HS256, A256CBC+HS512
+- A128GCM, A256GCM (note: requires ruby 2.0.0 or later)
+
+Some of the JWA key encryption algorithms are supported at the moment; others will follow. Feel free to submit a pull request if you want to add one before I get around to it:
+
+- RSA1_5
+- RSA-OAEP
+- direct
+
+Encrypting example (assumes use of the jws_token from the signing examples, as typically JWE tokens will be used to wrap JWS tokens):
+
+```ruby
+key = OpenSSL::PKey::RSA.new(File.Read('/path/to/rsa_public_key.pem'))
+alg = Sandal::Enc::Alg::RSA_OAEP.new(key.public_key)
+encrypter = Sandal::Enc::A128GCM.new(alg)
+jwe_token = Sandal.encrypt_token(jws_token, encrypter, {
+  'kid': 'your rsa key',
+  'cty': 'JWT'
+})
+```
+
+Decrypting example:
+
+```ruby
+require 'openssl'
+require 'sandal'
+
+jws_token = Sandal.decrypt_token(jwe_token) do |header|
+  if header['kid'] == 'your rsa key'
+    key = OpenSSL::PKey::RSA.new(File.Read('/path/to/rsa_private_key.pem'))
+    alg = Sandal::Enc::Alg::RSA_OAEP.new(key)
+    Sandal::Enc::A128GCM.new(alg)
+  end
+end
+```
+
+Keys for these examples can be generated by executing:
+
+    $ openssl genrsa -out rsa_private_key.pem 2048
+    $ openssl rsa -out rsa_public_key.pem -in rsa_private_key.pem -pubout
 
 ## Validation Options
 

data/lib/sandal/enc/acbc_hs.rb

@@ -0,0 +1,107 @@
+require 'openssl'
+require 'sandal/util'
+
+module Sandal
+  module Enc
+
+    # Base implementation of the AES/CBC+HMAC-SHA family of encryption algorithms.
+    class ACBC_HS
+
+      # The JWA name of the encryption.
+      attr_reader :name
+
+      # The JWA algorithm used to encrypt the content master key.
+      attr_reader :alg
+
+      # Creates a new instance; it's probably easier to use one of the subclass constructors.
+      #
+      # @param aes_size [Integer] The size of the AES algorithm.
+      # @param sha_size [Integer] The size of the SHA algorithm.
+      # @param key [#name, #encrypt_cmk, #decrypt_cmk] The algorithm to use to encrypt and/or decrypt the AES key.
+      def initialize(aes_size, sha_size, alg)
+        @aes_size = aes_size
+        @sha_size = sha_size
+        @name = "A#{aes_size}CBC+HS#{@sha_size}"
+        @cipher_name = "aes-#{aes_size}-cbc"
+        @alg = alg
+        @digest = OpenSSL::Digest.new("sha#{@sha_size}")
+      end
+
+      def encrypt(header, payload)
+        cipher = OpenSSL::Cipher.new(@cipher_name).encrypt
+        content_master_key = @alg.respond_to?(:cmk) ? @alg.cmk : cipher.random_key
+        encrypted_key = @alg.encrypt_cmk(content_master_key)
+
+        cipher.key = derive_encryption_key(content_master_key) 
+        iv = cipher.random_iv
+        ciphertext = cipher.update(payload) + cipher.final
+
+        secured_parts = [MultiJson.dump(header), encrypted_key, iv, ciphertext]
+        secured_input = secured_parts.map { |part| Sandal::Util.base64_encode(part) }.join('.')
+        content_integrity_key = derive_integrity_key(content_master_key)
+        integrity_value = compute_integrity_value(content_integrity_key, secured_input)
+
+        secured_input << '.' << Sandal::Util.base64_encode(integrity_value)
+      end
+
+      def decrypt(parts, decoded_parts)
+        content_master_key = @alg.decrypt_cmk(decoded_parts[1])
+        
+        content_integrity_key = derive_integrity_key(content_master_key)
+        computed_integrity_value = compute_integrity_value(content_integrity_key, parts.take(4).join('.'))
+        raise Sandal::TokenError, 'Invalid integrity value.' unless decoded_parts[4] == computed_integrity_value
+
+        cipher = OpenSSL::Cipher.new(@cipher_name).decrypt
+        cipher.key = derive_encryption_key(content_master_key)
+        cipher.iv = decoded_parts[2]
+        cipher.update(decoded_parts[3]) + cipher.final
+      end
+
+    private
+
+      # Computes the integrity value.
+      def compute_integrity_value(content_integrity_key, secured_input)
+        OpenSSL::HMAC.digest(@digest, content_integrity_key, secured_input)
+      end
+
+      # Derives the content encryption key from the content master key.
+      def derive_encryption_key(content_master_key)
+        derive_content_key('Encryption', content_master_key, @aes_size)
+      end
+
+      # Derives the content integrity key from the content master key.
+      def derive_integrity_key(content_master_key)
+        derive_content_key('Integrity', content_master_key, @sha_size)
+      end
+
+      # Derives content keys using the Concat KDF.
+      def derive_content_key(label, content_master_key, size)
+        hash_input = [1].pack('N')
+        hash_input << content_master_key
+        hash_input << [size].pack('N')
+        hash_input << @name.encode('utf-8')
+        hash_input << [0].pack('N')
+        hash_input << [0].pack('N')
+        hash_input << label.encode('us-ascii')
+        hash = @digest.digest(hash_input)
+        hash[0..((size / 8) - 1)]
+      end
+
+    end
+
+    # The AES-128-CBC+HMAC-SHA256 encryption algorithm.
+    class A128CBC_HS256 < Sandal::Enc::ACBC_HS
+      def initialize(key)
+        super(128, 256, key)
+      end
+    end
+
+    # The AES-256-CBC+HMAC-SHA512 encryption algorithm.
+    class A256CBC_HS512 < Sandal::Enc::ACBC_HS
+      def initialize(key)
+        super(256, 512, key)
+      end
+    end
+
+  end
+end

data/lib/sandal/enc/agcm.rb

@@ -0,0 +1,66 @@
+require 'openssl'
+require 'sandal/util'
+
+module Sandal
+  module Enc
+
+    # Base implementation of the AES/GCM family of encryption algorithms.
+    class AGCM
+
+      # The JWA name of the encryption.
+      attr_reader :name
+
+      # The JWA algorithm used to encrypt the content master key.
+      attr_reader :alg
+
+      def initialize(aes_size, alg)
+        @aes_size = aes_size
+        @name = "A#{aes_size}GCM"
+        @cipher_name = "aes-#{aes_size}-gcm"
+        @alg = alg
+      end
+
+      def encrypt(header, payload)
+        cipher = OpenSSL::Cipher.new(@cipher_name).encrypt
+        content_master_key = @alg.respond_to?(:cmk) ? @alg.cmk : cipher.random_key
+        encrypted_key = @alg.encrypt_cmk(content_master_key)
+
+        cipher.key = content_master_key
+        iv = cipher.random_iv
+
+        auth_parts = [MultiJson.dump(header), encrypted_key, iv]
+        auth_data = auth_parts.map { |part| Sandal::Util.base64_encode(part) }.join('.')
+        cipher.auth_data  = auth_data
+
+        ciphertext = cipher.update(payload) + cipher.final
+        remainder = [ciphertext, cipher.auth_tag].map { |part| Sandal::Util.base64_encode(part) }.join('.')
+        [auth_data, remainder].join('.')
+      end
+
+      def decrypt(parts, decoded_parts)
+        cipher = OpenSSL::Cipher.new(@cipher_name).decrypt
+        cipher.key = @alg.decrypt_cmk(decoded_parts[1])
+        cipher.iv = decoded_parts[2]
+        cipher.auth_tag = decoded_parts[4]
+        cipher.auth_data = parts.take(3).join('.')
+        cipher.update(decoded_parts[3]) + cipher.final
+      end
+
+    end
+
+    # The AES-128-GCM encryption algorithm.
+    class A128GCM < Sandal::Enc::AGCM
+      def initialize(key)
+        super(128, key)
+      end
+    end
+
+    # The AES-256-GCM encryption algorithm.
+    class A256GCM < Sandal::Enc::AGCM
+      def initialize(key)
+        super(256, key)
+      end
+    end
+
+  end
+end

data/lib/sandal/enc/alg/direct.rb

@@ -0,0 +1,48 @@
+require 'openssl'
+
+module Sandal
+  module Enc
+    module Alg
+
+      # The direct ("dir") key encryption mechanism, which uses a pre-shared content master key.
+      class Direct
+
+        # @return [String] The JWA name of the algorithm.
+        attr_reader :name
+
+        # @return [String] The pre-shared content master key key.
+        attr_reader :cmk
+
+        # Creates a new instance.
+        #
+        # @param cmk [String] The pre-shared content master key.
+        def initialize(cmk)
+          @name = 'dir'
+          @cmk = cmk
+        end
+
+        # Returns an empty string as the content master key is not included in the JWE token.
+        #
+        # @param cmk [String] This parameter is ignored.
+        # @return [String] An empty string.
+        def encrypt_cmk(cmk)
+          ''
+        end
+
+        # Returns the pre-shared content master key.
+        #
+        # @param encrypted_cmk [String] The encrypted content master key.
+        # @return [String] The pre-shared content master key.
+        # @raise [Sandal::TokenError] encrypted_cmk is not nil or empty.
+        def decrypt_cmk(encrypted_cmk)
+          unless encrypted_cmk.nil? || encrypted_cmk.empty?
+            raise Sandal::TokenError, 'The token should not include an encrypted content master key.' 
+          end
+          @cmk
+        end
+
+      end
+
+    end
+  end
+end

data/lib/sandal/enc/alg/rsa1_5.rb

@@ -0,0 +1,44 @@
+require 'openssl'
+
+module Sandal
+  module Enc
+    module Alg
+
+      # The RSAES-PKCS1-V1_5 key encryption mechanism.
+      class RSA1_5
+
+        # @return [String] The JWA name of the algorithm.
+        attr_reader :name
+
+        # Creates a new instance.
+        #
+        # @param key [OpenSSL::PKey::RSA] The RSA public key used to protect the content master key.
+        def initialize(key)
+          @name = 'RSA1_5'
+          @key = key
+        end
+
+        # Encrypts the content master key.
+        #
+        # @param cmk [String] The content master key.
+        # @return [String] The encrypted content master key.
+        def encrypt_cmk(cmk)
+          @key.public_encrypt(cmk)
+        end
+
+        # Decrypts the content master key.
+        #
+        # @param encrypted_cmk [String] The encrypted content master key.
+        # @return [String] The pre-shared content master key.
+        # @raise [Sandal::TokenError] The content master key cannot be decrypted.
+        def decrypt_cmk(encrypted_cmk)
+          @key.private_decrypt(encrypted_cmk)
+        rescue
+          raise Sandal::TokenError, 'Failed to decrypt the content master key.'
+        end
+
+      end
+
+    end
+  end
+end

data/lib/sandal/enc/alg/rsa_oaep.rb

@@ -0,0 +1,45 @@
+require 'openssl'
+
+module Sandal
+  module Enc
+    module Alg
+
+      # The RSAES with OAEP key encryption mechanism.
+      class RSA_OAEP
+
+        # @return [String] The JWA name of the algorithm.
+        attr_reader :name
+
+        # Creates a new instance.
+        #
+        # @param key [OpenSSL::PKey::RSA] The RSA public key used to protect the content master key.
+        def initialize(key)
+          @name = 'RSA-OAEP'
+          @key = key
+          @padding = OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING
+        end
+
+        # Encrypts the content master key.
+        #
+        # @param cmk [String] The content master key.
+        # @return [String] The encrypted content master key.
+        def encrypt_cmk(cmk)
+          @key.public_encrypt(cmk, @padding)
+        end
+
+        # Decrypts the content master key.
+        #
+        # @param encrypted_cmk [String] The encrypted content master key.
+        # @return [String] The pre-shared content master key.
+        # @raise [Sandal::TokenError] The content master key cannot be decrypted.
+        def decrypt_cmk(encrypted_cmk)
+          @key.private_decrypt(encrypted_cmk, @padding)
+        rescue
+          raise Sandal::TokenError, 'Failed to decrypt the content master key.'
+        end
+
+      end
+      
+    end
+  end
+end

data/lib/sandal/enc/alg.rb

@@ -0,0 +1,11 @@
+module Sandal
+  module Enc
+    # Contains key encryption algorithms for JWE.
+    module Alg
+    end
+  end
+end
+
+require 'sandal/enc/alg/direct'
+require 'sandal/enc/alg/rsa1_5'
+require 'sandal/enc/alg/rsa_oaep'

data/lib/sandal/enc.rb

@@ -1,25 +1,9 @@
 module Sandal
-  # Common encryption traits.
+  # Contains encryption (JWE) functionality.
   module Enc
-
-    # The JWA name of the encryption.
-    attr_reader :name
-
-    # The JWA name of the algorithm.
-    attr_reader :alg_name
-
-    # Encrypts a header and payload, and returns an encrypted token.
-    def encrypt(header, payload)
-      raise NotImplementedError, "#{@name}.encrypt is not implemented."
-    end
-
-    # Decrypts a token.
-    def decrypt(encrypted_key, iv, ciphertext, secured_input, integrity_value)
-      raise NotImplementedError, "#{@name}.decrypt is not implemented."
-    end
-
   end
 end
 
-require 'sandal/enc/aescbc'
-require 'sandal/enc/aesgcm'
+require 'sandal/enc/acbc_hs'
+require 'sandal/enc/agcm' unless RUBY_VERSION < '2.0.0'
+require 'sandal/enc/alg'

data/lib/sandal/sig.rb

@@ -38,6 +38,6 @@ module Sandal
   end
 end
 
-require 'sandal/sig/es'
+require 'sandal/sig/es' unless RUBY_PLATFORM == 'java'
 require 'sandal/sig/hs'
 require 'sandal/sig/rs'

data/lib/sandal/version.rb

@@ -1,4 +1,4 @@
 module Sandal
   # The semantic version of the library.
-  VERSION = '0.1.1'
+  VERSION = '0.2.0'
 end

data/lib/sandal.rb

@@ -1,11 +1,11 @@
-$:.unshift('.')
-
-require 'base64'
 require 'multi_json'
 require 'openssl'
+require 'sandal/version'
 require 'sandal/claims'
+require 'sandal/enc'
+require 'sandal/sig'
 require 'sandal/util'
-require 'sandal/version'
+
 
 # A library for creating and reading JSON Web Tokens (JWT).
 module Sandal
@@ -23,7 +23,6 @@ module Sandal
   # valid_aud:: A list of valid audiences, if audience validation is required.
   # validate_exp:: Whether the expiry date of the token is validated.
   # validate_nbf:: Whether the not-before date of the token is validated.
-  # validate_integrity:: Whether the integrity value of encrypted (JWE) tokens is validated.
   # validate_signature:: Whether the signature of signed (JWS) tokens is validated.
   DEFAULT_OPTIONS = {
     max_clock_skew: 300,
@@ -31,7 +30,6 @@ module Sandal
     valid_aud: [],
     validate_exp: true,
     validate_nbf: true,
-    validate_integrity: true,
     validate_signature: true
   }
 
@@ -43,7 +41,7 @@ module Sandal
     DEFAULT_OPTIONS.merge!(defaults)
   end
 
-  # Creates a signed JSON Web Token.
+  # Creates a signed JSON Web Token (JWS).
   #
   # @param payload [String/Hash] The payload of the token. Hashes will be encoded as JSON.
   # @param signer [#name,#sign] The token signer, which may be nil for an unsigned token.
@@ -55,34 +53,16 @@ module Sandal
     header = {}
     header['alg'] = signer.name if signer.name != Sandal::Sig::None.instance.name
     header = header_fields.merge(header) if header_fields
+    header = MultiJson.dump(header)
 
     payload = MultiJson.dump(payload) unless payload.is_a?(String)
 
-    encoded_header = Sandal::Util.base64_encode(MultiJson.dump(header))
-    encoded_payload = Sandal::Util.base64_encode(payload)
-    secured_input = [encoded_header, encoded_payload].join('.')
-
+    secured_input = [header, payload].map { |part| Sandal::Util.base64_encode(part) }.join('.')
     signature = signer.sign(secured_input)
-    encoded_signature = Sandal::Util.base64_encode(signature)
-    [secured_input, encoded_signature].join('.')
-  end
-
-  # Creates an encrypted JSON Web Token.
-  #
-  # @param payload [String] The payload of the token.
-  # @param encrypter [Sandal::Enc] The token encrypter.
-  # @param header_fields [Hash] Header fields for the token (note: do not include 'alg' or 'enc').
-  # @return [String] An encrypted JSON Web Token.
-  def self.encrypt_token(payload, encrypter, header_fields = nil)
-    header = {}
-    header['enc'] = encrypter.name
-    header['alg'] = encrypter.alg_name
-    header = header_fields.merge(header) if header_fields
-
-    encrypter.encrypt(header, payload)
+    [secured_input, Sandal::Util.base64_encode(signature)].join('.')
   end
 
-  # Decodes and validates a JSON Web Token.
+  # Decodes and validates a signed JSON Web Token (JWS).
   #
   # The block is called with the token header as the first parameter, and should return the appropriate
   # {Sandal::Sig} to validate the signature. It can optionally have a second options parameter which can
@@ -96,7 +76,7 @@ module Sandal
   # @raise [Sandal::TokenError] The token format is invalid, or validation of the token failed.
   def self.decode_token(token)
     parts = token.split('.')
-    header, payload, signature = decode_jws_parts(parts)
+    header, payload, signature = decode_jws_token_parts(parts)
 
     options = DEFAULT_OPTIONS.clone
     validator = yield header, options if block_given?
@@ -110,45 +90,72 @@ module Sandal
     parse_and_validate(payload, header['cty'], options)
   end
 
-  # Decrypts an encrypted JSON Web Token.
+  # Creates an encrypted JSON Web Token (JWE).
   #
-  # **NOTE: This method is likely to change, to allow more validation options**
-  def self.decrypt_token(encrypted_token, &enc_finder)
-    parts = encrypted_token.split('.')
-    raise ArgumentError, 'Invalid token format.' unless parts.length == 5
-    begin
-      header = MultiJson.load(Sandal::Util.base64_decode(parts[0]))
-      encrypted_key = Sandal::Util.base64_decode(parts[1])
-      iv = Sandal::Util.base64_decode(parts[2])
-      ciphertext = Sandal::Util.base64_decode(parts[3])
-      integrity_value = Sandal::Util.base64_decode(parts[4])
-    rescue
-      raise ArgumentError, 'Invalid token encoding.'
-    end
+  # @param payload [String] The payload of the token.
+  # @param encrypter [Sandal::Enc] The token encrypter.
+  # @param header_fields [Hash] Header fields for the token (note: do not include 'alg' or 'enc').
+  # @return [String] An encrypted JSON Web Token.
+  def self.encrypt_token(payload, encrypter, header_fields = nil)
+    header = {}
+    header['enc'] = encrypter.name
+    header['alg'] = encrypter.alg.name
+    header = header_fields.merge(header) if header_fields
+
+    encrypter.encrypt(header, payload)
+  end
+
+  # Decrypts and validates an encrypted JSON Web Token (JWE).
+  #
+  # @param token [String] The encrypted JSON Web Token.
+  # @yieldparam header [Hash] The JWT header values.
+  # @yieldparam options [Hash] (Optional) A hash that can be used to override the default options.
+  # @yieldreturn [#decrypt] The token decrypter.
+  # @return [Hash/String] The payload of the token as a Hash if it was JSON, otherwise as a String.
+  # @raise [Sandal::TokenError] The token format is invalid, or decryption/validation of the token failed.
+  def self.decrypt_token(token)
+    parts = token.split('.')
+    decoded_parts = decode_jwe_token_parts(parts)
+    header = decoded_parts[0]
+
+    options = DEFAULT_OPTIONS.clone
+    decrypter = yield header, options if block_given?
 
-    enc = enc_finder.call(header)
-    raise TokenError, 'No decryptor was found.' unless enc
-    enc.decrypt(encrypted_key, iv, ciphertext, parts.take(4).join('.'), integrity_value)
+    payload = decrypter.decrypt(parts, decoded_parts)
+    parse_and_validate(payload, header['cty'], options)
   end
 
-  private
+private
 
   # Decodes the parts of a JWS token.
-  def self.decode_jws_parts(parts)
-    raise TokenError, 'Invalid token format.' unless [2, 3].include?(parts.length)
-    begin
-      header = MultiJson.load(Sandal::Util.base64_decode(parts[0]))
-      payload = Sandal::Util.base64_decode(parts[1])
-      signature = if parts.length > 2 then Sandal::Util.base64_decode(parts[2]) else '' end
-    rescue
-      raise TokenError, 'Invalid token encoding.'
-    end
-    return header, payload, signature
+  def self.decode_jws_token_parts(parts)
+    parts = decode_token_parts(parts)
+    parts << '' if parts.length == 2
+    raise TokenError, 'Invalid token format.' unless parts.length == 3
+    parts
+  end
+
+  # Decodes the parts of a JWE token.
+  def self.decode_jwe_token_parts(parts)
+    parts = decode_token_parts(parts)
+    raise TokenError, 'Invalid token format.' unless parts.length == 5
+    parts
+  end
+
+  # Decodes the parts of a token.
+  def self.decode_token_parts(parts)
+    parts = parts.map { |part| Sandal::Util.base64_decode(part) }
+    parts[0] = MultiJson.load(parts[0])
+    parts
+  rescue
+    raise TokenError, 'Invalid token encoding.'
   end
 
   # Parses the content of a token and validates the claims if is a JSON claim set.
   def self.parse_and_validate(payload, content_type, options)
-    claims = MultiJson.load(payload) rescue nil unless content_type == 'JWT'
+    return payload if content_type == 'JWT'
+
+    claims = MultiJson.load(payload) rescue nil
     if claims
       claims.extend(Sandal::Claims).validate_claims(options)
     else
@@ -156,7 +163,4 @@ module Sandal
     end
   end
 
-end
-
-require 'sandal/enc'
-require 'sandal/sig'
+end

data/spec/helper.rb

@@ -2,7 +2,14 @@ require 'coveralls'
 Coveralls.wear!
 
 require 'rspec'
-require "#{File.dirname(__FILE__)}/../lib/sandal.rb"
-
 RSpec.configure do |c|
-end
+  c.treat_symbols_as_metadata_keys_with_true_values = true
+  c.filter_run_excluding :jruby_incompatible if RUBY_PLATFORM == 'java'
+end
+
+def make_bn(arr)
+  hex_str = arr.pack('C*').unpack('H*')[0]
+  OpenSSL::BN.new(hex_str, 16)
+end
+
+require "#{File.dirname(__FILE__)}/../lib/sandal.rb"

data/spec/sandal/enc/a128cbc_hs256_spec.rb

@@ -0,0 +1,85 @@
+require 'helper'
+require 'openssl'
+require 'securerandom'
+
+# TODO: These tests are really for the Sandal module rather than just the algorithm -- move them!
+
+describe Sandal::Enc::A128CBC_HS256 do
+
+  # these tests don't run with jruby as it errors when you try and set rsa.d parameter directly
+  context 'using the example RSA key from JWE section A.2', :jruby_incompatible do
+
+    before :all do
+      @rsa = OpenSSL::PKey::RSA.new(2048)
+      @rsa.n = make_bn([177, 119, 33, 13, 164, 30, 108, 121, 207, 136, 107, 242, 12, 224, 19, 226, 198, 134, 17, 71, 173, 75, 42, 61, 48, 162, 206, 161, 97, 108, 185, 234, 226, 219, 118, 206, 118, 5, 169, 224, 60, 181, 90, 85, 51, 123, 6, 224, 4, 122, 29, 230, 151, 12, 244, 127, 121, 25, 4, 85, 220, 144, 215, 110, 130, 17, 68, 228, 129, 138, 7, 130, 231, 40, 212, 214, 17, 179, 28, 124, 151, 178, 207, 20, 14, 154, 222, 113, 176, 24, 198, 73, 211, 113, 9, 33, 178, 80, 13, 25, 21, 25, 153, 212, 206, 67, 154, 147, 70, 194, 192, 183, 160, 83, 98, 236, 175, 85, 23, 97, 75, 199, 177, 73, 145, 50, 253, 206, 32, 179, 254, 236, 190, 82, 73, 67, 129, 253, 252, 220, 108, 136, 138, 11, 192, 1, 36, 239, 228, 55, 81, 113, 17, 25, 140, 63, 239, 146, 3, 172, 96, 60, 227, 233, 64, 255, 224, 173, 225, 228, 229, 92, 112, 72, 99, 97, 26, 87, 187, 123, 46, 50, 90, 202, 117, 73, 10, 153, 47, 224, 178, 163, 77, 48, 46, 154, 33, 148, 34, 228, 33, 172, 216, 89, 46, 225, 127, 68, 146, 234, 30, 147, 54, 146, 5, 133, 45, 78, 254, 85, 55, 75, 213, 86, 194, 218, 215, 163, 189, 194, 54, 6, 83, 36, 18, 153, 53, 7, 48, 89, 35, 66, 144, 7, 65, 154, 13, 97, 75, 55, 230, 132, 3, 13, 239, 71]) 
+      @rsa.e = make_bn([1, 0, 1])
+      @rsa.d = make_bn([84, 80, 150, 58, 165, 235, 242, 123, 217, 55, 38, 154, 36, 181, 221, 156, 211, 215, 100, 164, 90, 88, 40, 228, 83, 148, 54, 122, 4, 16, 165, 48, 76, 194, 26, 107, 51, 53, 179, 165, 31, 18, 198, 173, 78, 61, 56, 97, 252, 158, 140, 80, 63, 25, 223, 156, 36, 203, 214, 252, 120, 67, 180, 167, 3, 82, 243, 25, 97, 214, 83, 133, 69, 16, 104, 54, 160, 200, 41, 83, 164, 187, 70, 153, 111, 234, 242, 158, 175, 28, 198, 48, 211, 45, 148, 58, 23, 62, 227, 74, 52, 117, 42, 90, 41, 249, 130, 154, 80, 119, 61, 26, 193, 40, 125, 10, 152, 174, 227, 225, 205, 32, 62, 66, 6, 163, 100, 99, 219, 19, 253, 25, 105, 80, 201, 29, 252, 157, 237, 69, 1, 80, 171, 167, 20, 196, 156, 109, 249, 88, 0, 3, 152, 38, 165, 72, 87, 6, 152, 71, 156, 214, 16, 71, 30, 82, 51, 103, 76, 218, 63, 9, 84, 163, 249, 91, 215, 44, 238, 85, 101, 240, 148, 1, 82, 224, 91, 135, 105, 127, 84, 171, 181, 152, 210, 183, 126, 24, 46, 196, 90, 173, 38, 245, 219, 186, 222, 27, 240, 212, 194, 15, 66, 135, 226, 178, 190, 52, 245, 74, 65, 224, 81, 100, 85, 25, 204, 165, 203, 187, 175, 84, 100, 82, 15, 11, 23, 202, 151, 107, 54, 41, 207, 3, 136, 229, 134, 131, 93, 139, 50, 182, 204, 93, 130, 89])
+    end
+
+    it 'can decrypt the example token' do
+      token = 'eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDK0hTMjU2In0.ZmnlqWgjXyqwjr7cXHys8F79anIUI6J2UWdAyRQEcGBU-KPHsePM910_RoTDGu1IW40Dn0dvcdVEjpJcPPNIbzWcMxDi131Ejeg-b8ViW5YX5oRdYdiR4gMSDDB3mbkInMNUFT-PK5CuZRnHB2rUK5fhPuF6XFqLLZCG5Q_rJm6Evex-XLcNQAJNa1-6CIU12Wj3mPExxw9vbnsQDU7B4BfmhdyiflLA7Ae5ZGoVRl3A__yLPXxRjHFhpOeDp_adx8NyejF5cz9yDKULugNsDMdlHeJQOMGVLYaSZt3KP6aWNSqFA1PHDg-10ceuTEtq_vPE4-Gtev4N4K4Eudlj4Q.AxY8DCtDaGlsbGljb3RoZQ.Rxsjg6PIExcmGSF7LnSEkDqWIKfAw1wZz2XpabV5PwQsolKwEauWYZNE9Q1hZJEZ.8LXqMd0JLGsxMaB5uoNaMpg7uUW_p40RlaZHCwMIyzk'
+      payload = Sandal.decrypt_token(token) do |header|
+        alg = Sandal::Enc::Alg::RSA1_5.new(@rsa)
+        encrypter = Sandal::Enc::A128CBC_HS256.new(alg)
+      end
+      payload.should == 'No matter where you go, there you are.'
+    end
+
+    it 'raises a token error when the integrity value is changed' do
+      token = 'eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDK0hTMjU2In0.ZmnlqWgjXyqwjr7cXHys8F79anIUI6J2UWdAyRQEcGBU-KPHsePM910_RoTDGu1IW40Dn0dvcdVEjpJcPPNIbzWcMxDi131Ejeg-b8ViW5YX5oRdYdiR4gMSDDB3mbkInMNUFT-PK5CuZRnHB2rUK5fhPuF6XFqLLZCG5Q_rJm6Evex-XLcNQAJNa1-6CIU12Wj3mPExxw9vbnsQDU7B4BfmhdyiflLA7Ae5ZGoVRl3A__yLPXxRjHFhpOeDp_adx8NyejF5cz9yDKULugNsDMdlHeJQOMGVLYaSZt3KP6aWNSqFA1PHDg-10ceuTEtq_vPE4-Gtev4N4K4Eudlj4Q.AxY8DCtDaGlsbGljb3RoZQ.Rxsjg6PIExcmGSF7LnSEkDqWIKfAw1wZz2XpabV5PwQsolKwEauWYZNE9Q1hZJEZ.7V5ZDko0v_mf2PAc4JMiUg'
+      expect { Sandal.decrypt_token(token) do |header|
+        alg = Sandal::Enc::Alg::RSA1_5.new(@rsa)
+        encrypter = Sandal::Enc::A128CBC_HS256.new(alg)
+      end }.to raise_error Sandal::TokenError, 'Invalid integrity value.'
+    end
+
+  end
+
+  it 'raises a token error when the RSA keys JWE section A.2 are changed' do
+    token = 'eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDK0hTMjU2In0.ZmnlqWgjXyqwjr7cXHys8F79anIUI6J2UWdAyRQEcGBU-KPHsePM910_RoTDGu1IW40Dn0dvcdVEjpJcPPNIbzWcMxDi131Ejeg-b8ViW5YX5oRdYdiR4gMSDDB3mbkInMNUFT-PK5CuZRnHB2rUK5fhPuF6XFqLLZCG5Q_rJm6Evex-XLcNQAJNa1-6CIU12Wj3mPExxw9vbnsQDU7B4BfmhdyiflLA7Ae5ZGoVRl3A__yLPXxRjHFhpOeDp_adx8NyejF5cz9yDKULugNsDMdlHeJQOMGVLYaSZt3KP6aWNSqFA1PHDg-10ceuTEtq_vPE4-Gtev4N4K4Eudlj4Q.AxY8DCtDaGlsbGljb3RoZQ.Rxsjg6PIExcmGSF7LnSEkDqWIKfAw1wZz2XpabV5PwQsolKwEauWYZNE9Q1hZJEZ.8LXqMd0JLGsxMaB5uoNaMpg7uUW_p40RlaZHCwMIyzk'
+    expect { Sandal.decrypt_token(token) do |header|
+      rsa = OpenSSL::PKey::RSA.new(2048)
+      alg = Sandal::Enc::Alg::RSA1_5.new(rsa)
+      encrypter = Sandal::Enc::A128CBC_HS256.new(alg)
+    end }.to raise_error Sandal::TokenError, 'Failed to decrypt the content master key.'
+  end
+
+  it 'can encrypt and decrypt tokens with the "dir" algorithm' do
+    payload = 'Some text to encrypt'
+    content_master_key = SecureRandom.random_bytes(16)
+
+    encrypter = Sandal::Enc::A128CBC_HS256.new(Sandal::Enc::Alg::Direct.new(content_master_key))
+    token = Sandal.encrypt_token(payload, encrypter)
+
+    output = Sandal.decrypt_token(token) { encrypter }
+    output.should == payload
+  end
+
+  it 'can encrypt and decrypt tokens with the RSA1_5 algorithm' do
+    payload = 'Some other text to encrypt'
+    rsa = OpenSSL::PKey::RSA.new(2048)
+
+    encrypter = Sandal::Enc::A128CBC_HS256.new(Sandal::Enc::Alg::RSA1_5.new(rsa.public_key))
+    token = Sandal.encrypt_token(payload, encrypter)
+
+    output = Sandal.decrypt_token(token) do 
+      Sandal::Enc::A128CBC_HS256.new(Sandal::Enc::Alg::RSA1_5.new(rsa))
+    end
+    output.should == payload
+  end
+
+  it 'can encrypt and decrypt tokens with the RSA-OAEP algorithm' do
+    payload = 'Some more text to encrypt'
+    rsa = OpenSSL::PKey::RSA.new(2048)
+
+    encrypter = Sandal::Enc::A128CBC_HS256.new(Sandal::Enc::Alg::RSA_OAEP.new(rsa.public_key))
+    token = Sandal.encrypt_token(payload, encrypter)
+
+    output = Sandal.decrypt_token(token) do 
+      Sandal::Enc::A128CBC_HS256.new(Sandal::Enc::Alg::RSA_OAEP.new(rsa))
+    end
+    output.should == payload
+  end
+
+end
+

data/spec/sandal/enc/a128gcm_spec.rb

@@ -0,0 +1,26 @@
+require 'helper'
+require 'openssl'
+require 'securerandom'
+
+# TODO: These tests are really for the Sandal module rather than just the algorithm -- move them!
+
+if defined? Sandal::Enc::A128GCM
+
+describe Sandal::Enc::A128GCM do
+
+  it 'can encrypt and decrypt tokens with the RSA-OAEP algorithm' do
+    payload = 'Some more text to encrypt'
+    rsa = OpenSSL::PKey::RSA.new(2048)
+
+    encrypter = Sandal::Enc::A128GCM.new(Sandal::Enc::Alg::RSA_OAEP.new(rsa.public_key))
+    token = Sandal.encrypt_token(payload, encrypter)
+
+    output = Sandal.decrypt_token(token) do 
+      Sandal::Enc::A128GCM.new(Sandal::Enc::Alg::RSA_OAEP.new(rsa))
+    end
+    output.should == payload
+  end
+
+end
+
+end

data/spec/sandal/sig/es_spec.rb

@@ -2,12 +2,7 @@ require 'helper'
 require 'openssl'
 
 # EC isn't implemented in jruby-openssl at the moment
-if defined? OpenSSL::PKey::EC
-
-def make_bn(arr)
-  hex_str = arr.pack('C*').unpack('H*')[0]
-  OpenSSL::BN.new(hex_str, 16)
-end
+if defined? Sandal::Sig::ES
 
 def make_point(group, x, y)
   def pad(c)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sandal
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Greg Beech
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-04-01 00:00:00.000000000 Z
+date: 2013-04-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json
@@ -28,84 +28,84 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '10.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '10.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '2.13'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '2.13'
 - !ruby/object:Gem::Dependency
   name: coveralls
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0.6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0.6'
 - !ruby/object:Gem::Dependency
   name: yard
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0.8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0.8'
 - !ruby/object:Gem::Dependency
   name: redcarpet
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '2.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '2.2'
 description: A ruby library for creating and reading JSON Web Tokens (JWT), supporting
@@ -130,8 +130,12 @@ files:
 - lib/sandal.rb
 - lib/sandal/claims.rb
 - lib/sandal/enc.rb
-- lib/sandal/enc/aescbc.rb
-- lib/sandal/enc/aesgcm.rb
+- lib/sandal/enc/acbc_hs.rb
+- lib/sandal/enc/agcm.rb
+- lib/sandal/enc/alg.rb
+- lib/sandal/enc/alg/direct.rb
+- lib/sandal/enc/alg/rsa1_5.rb
+- lib/sandal/enc/alg/rsa_oaep.rb
 - lib/sandal/sig.rb
 - lib/sandal/sig/es.rb
 - lib/sandal/sig/hs.rb
@@ -140,6 +144,8 @@ files:
 - lib/sandal/version.rb
 - sandal.gemspec
 - spec/helper.rb
+- spec/sandal/enc/a128cbc_hs256_spec.rb
+- spec/sandal/enc/a128gcm_spec.rb
 - spec/sandal/sig/es_spec.rb
 - spec/sandal/sig/hs_spec.rb
 - spec/sandal/sig/rs_spec.rb
@@ -155,12 +161,12 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements:
@@ -172,6 +178,8 @@ specification_version: 4
 summary: A JSON Web Token (JWT) library.
 test_files:
 - spec/helper.rb
+- spec/sandal/enc/a128cbc_hs256_spec.rb
+- spec/sandal/enc/a128gcm_spec.rb
 - spec/sandal/sig/es_spec.rb
 - spec/sandal/sig/hs_spec.rb
 - spec/sandal/sig/rs_spec.rb

data/lib/sandal/enc/aescbc.rb

@@ -1,91 +0,0 @@
-require 'openssl'
-require 'sandal/util'
-
-module Sandal
-  module Enc
-
-    # Base implementation of the AES/CBC family of encryption algorithms.
-    class AESCBC
-      include Sandal::Enc
-
-      def initialize(aes_size, key)
-        raise ArgumentError, 'A key is required.' unless key
-        @aes_size = aes_size
-        @sha_size = aes_size * 2 # TODO: Any smarter way to do this?
-        @name = "A#{aes_size}CBC+HS#{@sha_size}"
-        @alg_name = "RSA1_5" # TODO: From key?
-        @cipher_name = "aes-#{aes_size}-cbc"
-        @key = key
-        @digest = OpenSSL::Digest.new("sha#{@sha_size}")
-      end
-
-      def encrypt(header, payload)
-        cipher = OpenSSL::Cipher.new(@cipher_name).encrypt
-        content_master_key = cipher.random_key # TODO: Check with the spec if this is long enough
-        iv = cipher.random_iv
-
-        # TODO: Need to think about how this works with pre-shared symmetric keys - I'd originally thought
-        # this wouldn't be a common use case, but in cases where the recipient is also the issuer (e.g.
-        # an OAuth refresh token) then it would make a lot of sense.
-        encrypted_key = @key.public_encrypt(content_master_key)
-        encoded_encrypted_key = Sandal::Util.base64_encode(encrypted_key)
-        encoded_iv = Sandal::Util.base64_encode(iv)
-
-        cipher.key = derive_content_key('Encryption', content_master_key, @aes_size)
-        ciphertext = cipher.update(payload) + cipher.final
-        encoded_ciphertext = Sandal::Util.base64_encode(ciphertext)
-
-        encoded_header = Sandal::Util.base64_encode(MultiJson.dump(header))
-        secured_input = [encoded_header, encoded_encrypted_key, encoded_iv, encoded_ciphertext].join('.')
-        content_integrity_key = derive_content_key('Integrity', content_master_key, @sha_size)
-        integrity_value = OpenSSL::HMAC.digest(@digest, content_integrity_key, secured_input)
-        encoded_integrity_value = Sandal::Util.base64_encode(integrity_value)
-
-        [secured_input, encoded_integrity_value].join('.')
-      end
-
-      def decrypt(encrypted_key, iv, ciphertext, secured_input, integrity_value)
-        content_master_key = @key.private_decrypt(encrypted_key)
-
-        content_integrity_key = derive_content_key('Integrity', content_master_key, @sha_size)
-        computed_integrity_value = OpenSSL::HMAC.digest(@digest, content_integrity_key, secured_input)
-        raise ArgumentError, 'Invalid signature.' unless integrity_value == computed_integrity_value
-
-        cipher = OpenSSL::Cipher.new(@cipher_name).decrypt
-        cipher.key = derive_content_key('Encryption', content_master_key, @aes_size)
-        cipher.iv = iv
-        cipher.update(ciphertext) + cipher.final
-      end
-
-      private
-
-      # Derives content keys using the Concat KDF.
-      def derive_content_key(label, content_master_key, size)
-        round_number = [1].pack('N')
-        output_size = [size].pack('N')
-        enc_bytes = @name.encode('utf-8').bytes.to_a.pack('C*')
-        epu = epv = [0].pack('N')
-        label_bytes = label.encode('us-ascii').bytes.to_a.pack('C*')
-        hash_input = round_number + content_master_key + output_size + enc_bytes + epu + epv + label_bytes
-        hash = @digest.digest(hash_input)
-        hash[0..((size / 8) - 1)]
-      end
-
-    end
-
-    # The AES-128-CBC encryption algorithm.
-    class AES128CBC < Sandal::Enc::AESCBC
-      def initialize(key)
-        super(128, key)
-      end
-    end
-
-    # The AES-256-CBC encryption algorithm.
-    class AES256CBC < Sandal::Enc::AESCBC
-      def initialize(key)
-        super(256, key)
-      end
-    end
-
-  end
-end

data/lib/sandal/enc/aesgcm.rb

@@ -1,40 +0,0 @@
-require 'openssl'
-require 'sandal/util'
-
-module Sandal
-  module Enc
-
-    # Base implementation of the AES/GCM family of encryption algorithms.
-    class AESGCM
-      include Sandal::Enc
-
-      def initialize(aes_size, key)
-        raise NotImplementedException, 'AES-CGM is not yet implemented.'
-      end
-
-      def encrypt(header, payload)
-        raise NotImplementedException, 'AES-CGM is not yet implemented.'
-      end
-
-      def decrypt(encrypted_key, iv, ciphertext, secured_input, integrity_value)
-        raise NotImplementedException, 'AES-CGM is not yet implemented.'
-      end
-
-    end
-
-    # The AES-128-GCM encryption algorithm.
-    class AES128GCM < Sandal::Enc::AESGCM
-      def initialize(key)
-        super(128, key)
-      end
-    end
-
-    # The AES-256-GCM encryption algorithm.
-    class AES256GCM < Sandal::Enc::AESGCM
-      def initialize(key)
-        super(256, key)
-      end
-    end
-
-  end
-end