sandal 0.3.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0f0ff3d982eff5453f5a1db3592b96e6f8a75884
-  data.tar.gz: b2ea7fad0f11051f2470f1a90bec6803ee10bb09
+  metadata.gz: 03610644805fbd043ba5d03d61a1d5926b45d37f
+  data.tar.gz: 9622863e1097e93f74740cd112ae2dd4d98a8fd7
 SHA512:
-  metadata.gz: b10f36c1a03b93e428533b0df5eb3f4ba9ab18cfdd911ec3e1733f431b3b89c9babcd7cc2c4915787c6fbe9904427b4702ac5062db1f12439644e08be46c8fc0
-  data.tar.gz: 27de343a94a824e353b1118003c752596b408ab7b2a8381c15af1e079ec407b797518ae7e1b885845fe0a191f658ad0718fa8538265b80db038e19140bb3b807
+  metadata.gz: ff2c734b2f07a064bad1701e26d976db390d9ebe2e666c41f066d80948486f7b16dca0ff189ba6772826dae589da2390195695fe3fa187e03b11cfc398325094
+  data.tar.gz: 77ea15a46b9170678cc34382f690e283ee0b1ec448b7e1caa29edfdfe053e5b41ee9615278687dd711c90bfd4828b0922714a6acd1ecce5e98ee27dd518c41a8

data/CHANGELOG.md

@@ -1,3 +1,20 @@
+## 0.4.0 (30 April 2013)
+
+Features:
+
+- The decode_token method now recursively decodes/decrypts nested tokens rather than requiring multiple calls.
+
+Breaking changes:
+
+- The decode_token method is now used for both signed and encrypted tokens; the decrypt_token method has been removed.
+
+Bug fixes:
+
+- The 'none' algorithm value is now always set in plaintext tokens.
+- The zip parameter is now used when encrypting/decrypting JWE tokens.
+- The Concat KDF function now works correctly when inputs have different string encodings by treating them all as binary.
+- Errors related to jwt_base64_encode not being found when running under rack (although they worked fine under rspec) are resolved.
+
 ## 0.3.0 (20 April 2013)
 
 Features:

data/README.md

@@ -83,7 +83,7 @@ jwe_token = Sandal.encrypt_token(jws_token, encrypter, {
 Decrypting example:
 
 ```ruby
-jws_token = Sandal.decrypt_token(jwe_token) do |header|
+jws_token = Sandal.decode_token(jwe_token) do |header|
   if header['kid'] == 'your rsa key'
     alg = Sandal::Enc::Alg::RSA_OAEP.new(File.Read('/path/to/rsa_private_key.pem'))
     Sandal::Enc::A128GCM.new(alg)

data/lib/sandal.rb

@@ -1,5 +1,6 @@
 require 'multi_json'
 require 'openssl'
+require 'zlib'
 require 'sandal/version'
 require 'sandal/claims'
 require 'sandal/enc'
@@ -48,7 +49,7 @@ module Sandal
     ignore_signature: false,
     max_clock_skew: 0,
     valid_iss: [],
-    valid_aud: [],
+    valid_aud: []
   }
 
   # Overrides the default options.
@@ -60,6 +61,30 @@ module Sandal
     DEFAULT_OPTIONS.merge!(defaults)
   end
 
+  # Checks whether a token is encrypted.
+  #
+  # @param token [String or Array] The token, or token parts.
+  # @return [Boolean] true if the token is encrypted; otherwise false.
+  def self.is_encrypted?(token)
+    if token.is_a?(String)
+      token.count('.') == 4
+    else
+      token.count == 5
+    end
+  end
+
+  # Checks whether a token is signed.
+  #
+  # @param token [String or Array] The token, or token parts.
+  # @return [Boolean] true if the token is signed; otherwise false.
+  def self.is_signed?(token)
+    if token.is_a?(String)
+      !token.end_with?('.') && token.count('.') == 2
+    else
+      token.count == 3 && !token[2].nil? && !token[2].empty?
+    end
+  end
+
   # Creates a signed JSON Web Token.
   #
   # @param payload [String or Hash] The payload of the token. Hashes will be 
@@ -73,7 +98,7 @@ module Sandal
     signer ||= Sandal::Sig::NONE
 
     header = {}
-    header['alg'] = signer.name if signer.name != Sandal::Sig::NONE.name
+    header['alg'] = signer.name
     header = header_fields.merge(header) if header_fields
     header = MultiJson.dump(header)
 
@@ -84,41 +109,6 @@ module Sandal
     [sec_input, jwt_base64_encode(signature)].join('.')
   end
 
-  # Decodes and validates a signed JSON Web Token.
-  #
-  # The block is called with the token header as the first parameter, and should
-  # return the appropriate signature method to validate the signature. It can
-  # optionally have a second options parameter which can be used to override the
-  # {DEFAULT_OPTIONS} on a per-token basis.
-  #
-  # @param token [String] The encoded JSON Web Token.
-  # @yieldparam header [Hash] The JWT header values.
-  # @yieldparam options [Hash] (Optional) A hash that can be used to override 
-  #   the default options.
-  # @yieldreturn [#valid?] The signature validator.
-  # @return [Hash or String] The payload of the token as a Hash if it was JSON, 
-  #   otherwise as a String.
-  # @raise [Sandal::ClaimError] One or more claims in the token is invalid.
-  # @raise [Sandal::TokenError] The token format is invalid, or validation of 
-  #   the token failed.
-  def self.decode_token(token)
-    parts = token.split('.')
-    header, payload, signature = decode_jws_token_parts(parts)
-
-    options = DEFAULT_OPTIONS.clone
-    validator = yield header, options if block_given?
-    validator ||= Sandal::Sig::NONE
-
-    unless options[:ignore_signature]
-      secured_input = parts.take(2).join('.')
-      unless validator.valid?(signature, secured_input)
-        raise TokenError, 'Invalid signature.'
-      end
-    end
-
-    parse_and_validate(payload, header['cty'], options)
-  end
-
   # Creates an encrypted JSON Web Token.
   #
   # @param payload [String] The payload of the token.
@@ -132,53 +122,85 @@ module Sandal
     header['alg'] = encrypter.alg.name
     header = header_fields.merge(header) if header_fields
 
+    if header.has_key?('zip')
+      unless header['zip'] == 'DEF'
+        raise ArgumentError, 'Invalid zip algorithm.'
+      end
+      payload = Zlib::Deflate.deflate(payload, Zlib::BEST_COMPRESSION)
+    end 
+
     encrypter.encrypt(header, payload)
   end
 
-  # Decrypts and validates an encrypted JSON Web Token.
+  # Decodes and validates a signed and/or encrypted JSON Web Token, recursing
+  # into any nested tokens, and returns the payload.
   #
   # The block is called with the token header as the first parameter, and should
-  # return the appropriate encryption method to decrypt the token. It can
-  # optionally have a second options parameter which can be used to override the
-  # {DEFAULT_OPTIONS} on a per-token basis.
+  # return the appropriate signature or decryption method to either validate the
+  # signature or decrypt the token as applicable. When the tokens are nested, 
+  # this block will be called once per token. It can optionally have a second 
+  # options parameter which can be used to override the {DEFAULT_OPTIONS} on a 
+  # per-token basis; options are not persisted between yields.
   #
-  # @param token [String] The encrypted JSON Web Token.
+  # @param token [String] The encoded JSON Web Token.
+  # @param depth [Integer] The maximum depth of token nesting to decode to.
   # @yieldparam header [Hash] The JWT header values.
-  # @yieldparam options [Hash] (Optional) A hash that can be used to override
+  # @yieldparam options [Hash] (Optional) A hash that can be used to override 
   #   the default options.
-  # @yieldreturn [#decrypt] The token decrypter.
-  # @return [Hash or String] The payload of the token as a Hash if it was JSON,
+  # @yieldreturn [#valid? or #decrypt] The signature validator if the token is
+  #   signed, or the token decrypter if the token is encrypted.
+  # @return [Hash or String] The payload of the token as a Hash if it was JSON, 
   #   otherwise as a String.
   # @raise [Sandal::ClaimError] One or more claims in the token is invalid.
-  # @raise [Sandal::TokenError] The token format is invalid, or decryption or
-  #   validation of the token failed.
-  def self.decrypt_token(token)
+  # @raise [Sandal::TokenError] The token format is invalid, or validation of 
+  #   the token failed.
+  def self.decode_token(token, depth = 16)
     parts = token.split('.')
-    decoded_parts = decode_jwe_token_parts(parts)
+    decoded_parts = decode_token_parts(parts)
     header = decoded_parts[0]
 
     options = DEFAULT_OPTIONS.clone
-    decrypter = yield header, options if block_given?
+    decoder = yield header, options if block_given?
+
+    if is_encrypted?(parts)
+      payload = decoder.decrypt(parts, decoded_parts)
+      if header.has_key?('zip')
+        unless header['zip'] == 'DEF'
+          raise Sandal::TokenError, 'Invalid zip algorithm.'
+        end
+        payload = Zlib::Inflate.inflate(payload)
+      end
+    else
+      payload = decoded_parts[1]
+      unless options[:ignore_signature]
+        validate_signature(parts, decoded_parts[2], decoder) 
+      end
+    end
 
-    payload = decrypter.decrypt(parts, decoded_parts)
-    parse_and_validate(payload, header['cty'], options)
+    if header['cty'] == 'JWT'
+      if depth > 0
+        if block_given?
+          decode_token(payload, depth - 1, &Proc.new)
+        else 
+          decode_token(payload, depth - 1)
+        end
+      else
+        payload
+      end
+    else
+      parse_and_validate(payload, options)
+    end
   end
 
-private
+  private
 
-  # Decodes the parts of a JWS token.
-  def self.decode_jws_token_parts(parts)
-    parts = decode_token_parts(parts)
-    parts << '' if parts.length == 2
-    raise TokenError, 'Invalid token format.' unless parts.length == 3
-    parts
-  end
-
-  # Decodes the parts of a JWE token.
-  def self.decode_jwe_token_parts(parts)
-    parts = decode_token_parts(parts)
-    raise TokenError, 'Invalid token format.' unless parts.length == 5
-    parts
+  # Decodes and validates a signed JSON Web Token.
+  def self.validate_signature(parts, signature, validator)
+    validator ||= Sandal::Sig::NONE
+    secured_input = parts.take(2).join('.')
+    unless validator.valid?(signature, secured_input)
+      raise TokenError, 'Invalid signature.'
+    end
   end
 
   # Decodes the parts of a token.
@@ -191,9 +213,7 @@ private
   end
 
   # Parses the content of a token and validates the claims if is JSON claims.
-  def self.parse_and_validate(payload, content_type, options)
-    return payload if content_type == 'JWT'
-
+  def self.parse_and_validate(payload, options)
     claims = MultiJson.load(payload) rescue nil
     if claims
       claims.extend(Sandal::Claims).validate_claims(options)

data/lib/sandal/enc.rb

@@ -1,6 +1,57 @@
+require 'openssl'
+
 module Sandal
   # Contains encryption (JWE) functionality.
   module Enc
+
+    # The Concat Key Derivation Function.
+    #
+    # @param digest [OpenSSL::Digest or String] The digest for the algorithm.
+    # @param key [String] The key or shared secret.
+    # @param keydatalen [Integer] The desired output size in bits.
+    # @param algorithm_id [String] The name of the algorithm.
+    # @param party_u_info [String or 0] The partyUInfo.
+    # @param party_v_info [String or 0] The partyVInfo.
+    # @param supp_pub_info [String] Supplementary public info.
+    # @param supp_priv_info [String] Supplementary private info.
+    # @return [String] The derived keying material.
+    def self.concat_kdf(digest, key, keydatalen, algorithm_id, 
+                        party_u_info, party_v_info, 
+                        supp_pub_info = nil, supp_priv_info = nil)
+      digest = OpenSSL::Digest.new(digest) if digest.is_a?(String)
+      rounds = (keydatalen / (digest.digest_length * 8.0)).ceil
+
+      round_input = concat_kdf_round_input(key, keydatalen, algorithm_id,
+                                           party_u_info, party_v_info,
+                                           supp_pub_info, supp_priv_info)
+
+      (1..rounds).reduce('') do |output, round|
+        hash = digest.digest([round].pack('N') + round_input)
+        if round == rounds
+          round_bits = keydatalen % (digest.digest_length * 8)
+          hash = hash[0...(round_bits / 8)] unless round_bits == 0
+        end
+        output << hash
+      end
+    end
+
+    private
+
+    # The round input for the Concat KDF function (excluding round number).
+    def self.concat_kdf_round_input(key, keydatalen, algorithm_id, 
+                                    party_u_info, party_v_info, 
+                                    supp_pub_info, supp_priv_info)
+      input = ''.force_encoding('binary')
+      input << key.force_encoding('binary')
+      input << [keydatalen].pack('N')
+      input << algorithm_id.force_encoding('binary')
+      input << (party_u_info == 0 ? [0].pack('N') : party_u_info.force_encoding('binary'))
+      input << (party_v_info == 0 ? [0].pack('N') : party_v_info.force_encoding('binary'))
+      input << supp_pub_info.force_encoding('binary') if supp_pub_info
+      input << supp_priv_info.force_encoding('binary') if supp_priv_info
+      input
+    end
+
   end
 end
 

data/lib/sandal/enc/acbc_hs.rb

@@ -7,7 +7,7 @@ module Sandal
     # Base implementation of the AES/CBC+HMAC-SHA family of encryption 
     # algorithms.
     class ACBC_HS
-      extend Sandal::Util
+      include Sandal::Util
 
       # The JWA name of the encryption.
       attr_reader :name
@@ -76,25 +76,12 @@ module Sandal
 
       # Derives the content encryption key from the content master key.
       def derive_encryption_key(cmk)
-        derive_content_key('Encryption', cmk, @aes_size)
+        Sandal::Enc.concat_kdf(@digest, cmk, @aes_size, @name, 0, 0, 'Encryption')
       end
 
       # Derives the content integrity key from the content master key.
       def derive_integrity_key(cmk)
-        derive_content_key('Integrity', cmk, @sha_size)
-      end
-
-      # Derives content keys using the Concat KDF.
-      def derive_content_key(label, cmk, size)
-        hash_input = [1].pack('N')
-        hash_input << cmk
-        hash_input << [size].pack('N')
-        hash_input << @name.encode('utf-8')
-        hash_input << [0].pack('N')
-        hash_input << [0].pack('N')
-        hash_input << label.encode('us-ascii')
-        hash = @digest.digest(hash_input)
-        hash[0..((size / 8) - 1)]
+        Sandal::Enc.concat_kdf(@digest, cmk, @sha_size, @name, 0, 0, 'Integrity')
       end
 
     end

data/lib/sandal/enc/agcm.rb

@@ -6,7 +6,7 @@ module Sandal
 
     # Base implementation of the AES/GCM family of encryption algorithms.
     class AGCM
-      extend Sandal::Util
+      include Sandal::Util
 
       # The JWA name of the encryption.
       attr_reader :name

data/lib/sandal/sig/hs.rb

@@ -5,7 +5,7 @@ module Sandal
 
     # Base implementation of the HMAC-SHA family of signature algorithms.
     class HS
-      extend Sandal::Util
+      include Sandal::Util
 
       # @return [String] The JWA name of the algorithm.
       attr_reader :name

data/lib/sandal/util.rb

@@ -22,7 +22,7 @@ module Sandal
     def jwt_strings_equal?(a, b)
       return true if a.object_id == b.object_id
       return false if a.nil? || b.nil? || a.length != b.length
-      a.codepoints.zip(b.codepoints).reduce(0) { |r, (a, b)| r |= a ^ b } == 0
+      a.codepoints.zip(b.codepoints).reduce(0) { |r, (x, y)| r |= x ^ y } == 0
     end
 
     # Base64 encodes a string, in compliance with the JWT specification.

data/lib/sandal/version.rb

@@ -1,4 +1,4 @@
 module Sandal
   # The semantic version of the library.
-  VERSION = '0.3.0'
+  VERSION = '0.4.0'
 end

data/spec/sandal/enc/a128cbc_hs256_spec.rb

@@ -19,7 +19,7 @@ describe Sandal::Enc::A128CBC_HS256 do
 
     it 'can decrypt the example token' do
       token = 'eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDK0hTMjU2In0.ZmnlqWgjXyqwjr7cXHys8F79anIUI6J2UWdAyRQEcGBU-KPHsePM910_RoTDGu1IW40Dn0dvcdVEjpJcPPNIbzWcMxDi131Ejeg-b8ViW5YX5oRdYdiR4gMSDDB3mbkInMNUFT-PK5CuZRnHB2rUK5fhPuF6XFqLLZCG5Q_rJm6Evex-XLcNQAJNa1-6CIU12Wj3mPExxw9vbnsQDU7B4BfmhdyiflLA7Ae5ZGoVRl3A__yLPXxRjHFhpOeDp_adx8NyejF5cz9yDKULugNsDMdlHeJQOMGVLYaSZt3KP6aWNSqFA1PHDg-10ceuTEtq_vPE4-Gtev4N4K4Eudlj4Q.AxY8DCtDaGlsbGljb3RoZQ.Rxsjg6PIExcmGSF7LnSEkDqWIKfAw1wZz2XpabV5PwQsolKwEauWYZNE9Q1hZJEZ.8LXqMd0JLGsxMaB5uoNaMpg7uUW_p40RlaZHCwMIyzk'
-      payload = Sandal.decrypt_token(token) do |header|
+      payload = Sandal.decode_token(token) do |header|
         alg = Sandal::Enc::Alg::RSA1_5.new(@rsa)
         Sandal::Enc::A128CBC_HS256.new(alg)
       end
@@ -28,7 +28,7 @@ describe Sandal::Enc::A128CBC_HS256 do
 
     it 'raises a token error when the integrity value is changed' do
       token = 'eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDK0hTMjU2In0.ZmnlqWgjXyqwjr7cXHys8F79anIUI6J2UWdAyRQEcGBU-KPHsePM910_RoTDGu1IW40Dn0dvcdVEjpJcPPNIbzWcMxDi131Ejeg-b8ViW5YX5oRdYdiR4gMSDDB3mbkInMNUFT-PK5CuZRnHB2rUK5fhPuF6XFqLLZCG5Q_rJm6Evex-XLcNQAJNa1-6CIU12Wj3mPExxw9vbnsQDU7B4BfmhdyiflLA7Ae5ZGoVRl3A__yLPXxRjHFhpOeDp_adx8NyejF5cz9yDKULugNsDMdlHeJQOMGVLYaSZt3KP6aWNSqFA1PHDg-10ceuTEtq_vPE4-Gtev4N4K4Eudlj4Q.AxY8DCtDaGlsbGljb3RoZQ.Rxsjg6PIExcmGSF7LnSEkDqWIKfAw1wZz2XpabV5PwQsolKwEauWYZNE9Q1hZJEZ.7V5ZDko0v_mf2PAc4JMiUg'
-      expect { Sandal.decrypt_token(token) do |header|
+      expect { Sandal.decode_token(token) do |header|
         alg = Sandal::Enc::Alg::RSA1_5.new(@rsa)
         Sandal::Enc::A128CBC_HS256.new(alg)
       end }.to raise_error Sandal::TokenError, 'Invalid integrity value.'
@@ -38,7 +38,7 @@ describe Sandal::Enc::A128CBC_HS256 do
 
   it 'raises a token error when the RSA keys JWE section A.2 are changed' do
     token = 'eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDK0hTMjU2In0.ZmnlqWgjXyqwjr7cXHys8F79anIUI6J2UWdAyRQEcGBU-KPHsePM910_RoTDGu1IW40Dn0dvcdVEjpJcPPNIbzWcMxDi131Ejeg-b8ViW5YX5oRdYdiR4gMSDDB3mbkInMNUFT-PK5CuZRnHB2rUK5fhPuF6XFqLLZCG5Q_rJm6Evex-XLcNQAJNa1-6CIU12Wj3mPExxw9vbnsQDU7B4BfmhdyiflLA7Ae5ZGoVRl3A__yLPXxRjHFhpOeDp_adx8NyejF5cz9yDKULugNsDMdlHeJQOMGVLYaSZt3KP6aWNSqFA1PHDg-10ceuTEtq_vPE4-Gtev4N4K4Eudlj4Q.AxY8DCtDaGlsbGljb3RoZQ.Rxsjg6PIExcmGSF7LnSEkDqWIKfAw1wZz2XpabV5PwQsolKwEauWYZNE9Q1hZJEZ.8LXqMd0JLGsxMaB5uoNaMpg7uUW_p40RlaZHCwMIyzk'
-    expect { Sandal.decrypt_token(token) do |header|
+    expect { Sandal.decode_token(token) do |header|
       rsa = OpenSSL::PKey::RSA.new(2048)
       alg = Sandal::Enc::Alg::RSA1_5.new(rsa)
       Sandal::Enc::A128CBC_HS256.new(alg)

data/spec/sandal/enc/a256gcm_spec.rb

@@ -21,7 +21,7 @@ describe Sandal::Enc::A256GCM do
 
     it 'can decrypt the example token' do
       token = 'eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.M2XxpbORKezKSzzQL_95-GjiudRBTqn_omS8z9xgoRb7L0Jw5UsEbxmtyHn2T71mrZLkjg4Mp8gbhYoltPkEOHvAopz25-vZ8C2e1cOaAo5WPcbSIuFcB4DjBOM3t0UAO6JHkWLuAEYoe58lcxIQneyKdaYSLbV9cKqoUoFQpvKWYRHZbfszIyfsa18rmgTjzrtLDTPnc09DSJE24aQ8w3i8RXEDthW9T1J6LsTH_vwHdwUgkI-tC2PNeGrnM-dNSfzF3Y7-lwcGy0FsdXkPXytvDV7y4pZeeUiQ-0VdibIN2AjjfW60nfrPuOjepMFG6BBBbR37pHcyzext9epOAQ.48V1_ALb6US04U3b._e21tGGhac_peEFkLXr2dMPUZiUkrw.7V5ZDko0v_mf2PAc4JMiUg'
-      payload = Sandal.decrypt_token(token) do |header|
+      payload = Sandal.decode_token(token) do |header|
         alg = Sandal::Enc::Alg::RSA_OAEP.new(@rsa)
         Sandal::Enc::A256GCM.new(alg)
       end
@@ -30,7 +30,7 @@ describe Sandal::Enc::A256GCM do
 
     it 'raises a token error when the integrity value is changed' do
       token = 'eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.M2XxpbORKezKSzzQL_95-GjiudRBTqn_omS8z9xgoRb7L0Jw5UsEbxmtyHn2T71mrZLkjg4Mp8gbhYoltPkEOHvAopz25-vZ8C2e1cOaAo5WPcbSIuFcB4DjBOM3t0UAO6JHkWLuAEYoe58lcxIQneyKdaYSLbV9cKqoUoFQpvKWYRHZbfszIyfsa18rmgTjzrtLDTPnc09DSJE24aQ8w3i8RXEDthW9T1J6LsTH_vwHdwUgkI-tC2PNeGrnM-dNSfzF3Y7-lwcGy0FsdXkPXytvDV7y4pZeeUiQ-0VdibIN2AjjfW60nfrPuOjepMFG6BBBbR37pHcyzext9epOAQ.48V1_ALb6US04U3b._e21tGGhac_peEFkLXr2dMPUZiUkrw.8LXqMd0JLGsxMaB5uoNaMpg7uUW_p40RlaZHCwMIyzk'
-      expect { Sandal.decrypt_token(token) do |header|
+      expect { Sandal.decode_token(token) do |header|
         alg = Sandal::Enc::Alg::RSA_OAEP.new(@rsa)
         Sandal::Enc::A256GCM.new(alg)
       end }.to raise_error Sandal::TokenError, 'Invalid token.'
@@ -40,7 +40,7 @@ describe Sandal::Enc::A256GCM do
 
   it 'raises a token error when the RSA keys JWE section A.1 are changed' do
     token = 'eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.M2XxpbORKezKSzzQL_95-GjiudRBTqn_omS8z9xgoRb7L0Jw5UsEbxmtyHn2T71mrZLkjg4Mp8gbhYoltPkEOHvAopz25-vZ8C2e1cOaAo5WPcbSIuFcB4DjBOM3t0UAO6JHkWLuAEYoe58lcxIQneyKdaYSLbV9cKqoUoFQpvKWYRHZbfszIyfsa18rmgTjzrtLDTPnc09DSJE24aQ8w3i8RXEDthW9T1J6LsTH_vwHdwUgkI-tC2PNeGrnM-dNSfzF3Y7-lwcGy0FsdXkPXytvDV7y4pZeeUiQ-0VdibIN2AjjfW60nfrPuOjepMFG6BBBbR37pHcyzext9epOAQ.48V1_ALb6US04U3b._e21tGGhac_peEFkLXr2dMPUZiUkrw.8LXqMd0JLGsxMaB5uoNaMpg7uUW_p40RlaZHCwMIyzk'
-    expect { Sandal.decrypt_token(token) do |header|
+    expect { Sandal.decode_token(token) do |header|
       rsa = OpenSSL::PKey::RSA.new(2048)
       alg = Sandal::Enc::Alg::RSA_OAEP.new(rsa)
       Sandal::Enc::A256GCM.new(alg)

data/spec/sandal/enc/alg/rsa1_5_spec.rb

@@ -0,0 +1,40 @@
+require 'helper'
+require 'openssl'
+
+include Sandal::Util
+
+describe Sandal::Enc::Alg::RSA1_5 do
+
+  context '#name' do
+
+    it 'is "RSA1_5"' do
+      alg = Sandal::Enc::Alg::RSA1_5.new(OpenSSL::PKey::RSA.new(2048))
+      alg.name.should == 'RSA1_5'
+    end
+
+  end
+
+  context '#decrypt_cmk' do
+
+    it 'can decrypt the encypted content master key from JWE section A.2', :jruby_incompatible do
+      key = OpenSSL::PKey::RSA.new(2048)
+      key.n = make_bn([177, 119, 33, 13, 164, 30, 108, 121, 207, 136, 107, 242, 12, 224, 19, 226, 198, 134, 17, 71, 173, 75, 42, 61, 48, 162, 206, 161, 97, 108, 185, 234, 226, 219, 118, 206, 118, 5, 169, 224, 60, 181, 90, 85, 51, 123, 6, 224, 4, 122, 29, 230, 151, 12, 244, 127, 121, 25, 4, 85, 220, 144, 215, 110, 130, 17, 68, 228, 129, 138, 7, 130, 231, 40, 212, 214, 17, 179, 28, 124, 151, 178, 207, 20, 14, 154, 222, 113, 176, 24, 198, 73, 211, 113, 9, 33, 178, 80, 13, 25, 21, 25, 153, 212, 206, 67, 154, 147, 70, 194, 192, 183, 160, 83, 98, 236, 175, 85, 23, 97, 75, 199, 177, 73, 145, 50, 253, 206, 32, 179, 254, 236, 190, 82, 73, 67, 129, 253, 252, 220, 108, 136, 138, 11, 192, 1, 36, 239, 228, 55, 81, 113, 17, 25, 140, 63, 239, 146, 3, 172, 96, 60, 227, 233, 64, 255, 224, 173, 225, 228, 229, 92, 112, 72, 99, 97, 26, 87, 187, 123, 46, 50, 90, 202, 117, 73, 10, 153, 47, 224, 178, 163, 77, 48, 46, 154, 33, 148, 34, 228, 33, 172, 216, 89, 46, 225, 127, 68, 146, 234, 30, 147, 54, 146, 5, 133, 45, 78, 254, 85, 55, 75, 213, 86, 194, 218, 215, 163, 189, 194, 54, 6, 83, 36, 18, 153, 53, 7, 48, 89, 35, 66, 144, 7, 65, 154, 13, 97, 75, 55, 230, 132, 3, 13, 239, 71]) 
+      key.e = make_bn([1, 0, 1])
+      key.d = make_bn([84, 80, 150, 58, 165, 235, 242, 123, 217, 55, 38, 154, 36, 181, 221, 156, 211, 215, 100, 164, 90, 88, 40, 228, 83, 148, 54, 122, 4, 16, 165, 48, 76, 194, 26, 107, 51, 53, 179, 165, 31, 18, 198, 173, 78, 61, 56, 97, 252, 158, 140, 80, 63, 25, 223, 156, 36, 203, 214, 252, 120, 67, 180, 167, 3, 82, 243, 25, 97, 214, 83, 133, 69, 16, 104, 54, 160, 200, 41, 83, 164, 187, 70, 153, 111, 234, 242, 158, 175, 28, 198, 48, 211, 45, 148, 58, 23, 62, 227, 74, 52, 117, 42, 90, 41, 249, 130, 154, 80, 119, 61, 26, 193, 40, 125, 10, 152, 174, 227, 225, 205, 32, 62, 66, 6, 163, 100, 99, 219, 19, 253, 25, 105, 80, 201, 29, 252, 157, 237, 69, 1, 80, 171, 167, 20, 196, 156, 109, 249, 88, 0, 3, 152, 38, 165, 72, 87, 6, 152, 71, 156, 214, 16, 71, 30, 82, 51, 103, 76, 218, 63, 9, 84, 163, 249, 91, 215, 44, 238, 85, 101, 240, 148, 1, 82, 224, 91, 135, 105, 127, 84, 171, 181, 152, 210, 183, 126, 24, 46, 196, 90, 173, 38, 245, 219, 186, 222, 27, 240, 212, 194, 15, 66, 135, 226, 178, 190, 52, 245, 74, 65, 224, 81, 100, 85, 25, 204, 165, 203, 187, 175, 84, 100, 82, 15, 11, 23, 202, 151, 107, 54, 41, 207, 3, 136, 229, 134, 131, 93, 139, 50, 182, 204, 93, 130, 89])
+      cmk = [4, 211, 31, 197, 84, 157, 252, 254, 11, 100, 157, 250, 63, 170, 106, 206, 107, 124, 212, 45, 111, 107, 9, 219, 200, 177, 0, 240, 143, 156, 44, 207].pack('C*')
+      encrypted_cmk = jwt_base64_decode('ZmnlqWgjXyqwjr7cXHys8F79anIUI6J2UWdAyRQEcGBU-KPHsePM910_RoTDGu1IW40Dn0dvcdVEjpJcPPNIbzWcMxDi131Ejeg-b8ViW5YX5oRdYdiR4gMSDDB3mbkInMNUFT-PK5CuZRnHB2rUK5fhPuF6XFqLLZCG5Q_rJm6Evex-XLcNQAJNa1-6CIU12Wj3mPExxw9vbnsQDU7B4BfmhdyiflLA7Ae5ZGoVRl3A__yLPXxRjHFhpOeDp_adx8NyejF5cz9yDKULugNsDMdlHeJQOMGVLYaSZt3KP6aWNSqFA1PHDg-10ceuTEtq_vPE4-Gtev4N4K4Eudlj4Q')
+      alg = Sandal::Enc::Alg::RSA1_5.new(key)
+      alg.decrypt_cmk(encrypted_cmk).should == cmk
+    end
+
+    it 'raises a TokenError when the wrong key is used for decryption' do
+      key = OpenSSL::PKey::RSA.new(2048)
+      cmk = [4, 211, 31, 197, 84, 157, 252, 254, 11, 100, 157, 250, 63, 170, 106, 206, 107, 124, 212, 45, 111, 107, 9, 219, 200, 177, 0, 240, 143, 156, 44, 207].pack('C*')
+      encrypted_cmk = jwt_base64_decode('ZmnlqWgjXyqwjr7cXHys8F79anIUI6J2UWdAyRQEcGBU-KPHsePM910_RoTDGu1IW40Dn0dvcdVEjpJcPPNIbzWcMxDi131Ejeg-b8ViW5YX5oRdYdiR4gMSDDB3mbkInMNUFT-PK5CuZRnHB2rUK5fhPuF6XFqLLZCG5Q_rJm6Evex-XLcNQAJNa1-6CIU12Wj3mPExxw9vbnsQDU7B4BfmhdyiflLA7Ae5ZGoVRl3A__yLPXxRjHFhpOeDp_adx8NyejF5cz9yDKULugNsDMdlHeJQOMGVLYaSZt3KP6aWNSqFA1PHDg-10ceuTEtq_vPE4-Gtev4N4K4Eudlj4Q')
+      alg = Sandal::Enc::Alg::RSA1_5.new(key)
+      expect { alg.decrypt_cmk(encrypted_cmk) }.to raise_error Sandal::TokenError, 'Cannot decrypt content master key.'
+    end
+
+  end
+
+end

data/spec/sandal/enc/shared_examples.rb

@@ -8,7 +8,7 @@ shared_examples 'algorithm compatibility' do |enc_class|
     content_master_key = SecureRandom.random_bytes(32)
     encrypter = enc_class.new(Sandal::Enc::Alg::Direct.new(content_master_key))
     token = Sandal.encrypt_token(payload, encrypter)
-    output = Sandal.decrypt_token(token) { encrypter }
+    output = Sandal.decode_token(token) { encrypter }
     output.should == payload
   end
 
@@ -17,7 +17,7 @@ shared_examples 'algorithm compatibility' do |enc_class|
     rsa = OpenSSL::PKey::RSA.new(2048)
     encrypter = enc_class.new(Sandal::Enc::Alg::RSA1_5.new(rsa.public_key))
     token = Sandal.encrypt_token(payload, encrypter)
-    output = Sandal.decrypt_token(token) do 
+    output = Sandal.decode_token(token) do 
       enc_class.new(Sandal::Enc::Alg::RSA1_5.new(rsa))
     end
     output.should == payload
@@ -28,7 +28,7 @@ shared_examples 'algorithm compatibility' do |enc_class|
     rsa = OpenSSL::PKey::RSA.new(2048)
     encrypter = enc_class.new(Sandal::Enc::Alg::RSA_OAEP.new(rsa.public_key))
     token = Sandal.encrypt_token(payload, encrypter)
-    output = Sandal.decrypt_token(token) do 
+    output = Sandal.decode_token(token) do 
       enc_class.new(Sandal::Enc::Alg::RSA_OAEP.new(rsa))
     end
     output.should == payload

data/spec/sandal_spec.rb

@@ -1,8 +1,38 @@
 require 'helper'
 require 'openssl'
+require 'multi_json'
 
 describe Sandal do
 
+  context '#encrypt_token' do
+
+    it 'supports zip using the DEFLATE algorithm' do
+      payload = 'some payload to be zipped'
+      private_key = OpenSSL::PKey::RSA.new(2048)
+      encrypter = Sandal::Enc::A128CBC_HS256.new(Sandal::Enc::Alg::RSA1_5.new(private_key.public_key))
+      token = Sandal.encrypt_token(payload, encrypter, { 'zip' => 'DEF' })
+      decoded_payload = Sandal.decode_token(token) do |header| 
+        Sandal::Enc::A128CBC_HS256.new(Sandal::Enc::Alg::RSA1_5.new(private_key))
+      end
+      decoded_payload.should == payload
+    end
+
+    it 'raises an ArgumentError if the zip parameter is present and nil' do
+      encrypter = Sandal::Enc::A128CBC_HS256.new(Sandal::Enc::Alg::RSA1_5.new(OpenSSL::PKey::RSA.new(2048)))
+      expect { 
+        Sandal.encrypt_token('any payload', encrypter, { 'zip' => nil }) 
+      }.to raise_error ArgumentError, 'Invalid zip algorithm.'
+    end
+
+    it 'raises an ArgumentError if the zip parameter is present and not "DEF"' do
+      encrypter = Sandal::Enc::A128CBC_HS256.new(Sandal::Enc::Alg::RSA1_5.new(OpenSSL::PKey::RSA.new(2048)))
+      expect { 
+        Sandal.encrypt_token('any payload', encrypter, { 'zip' => 'INVALID' }) 
+      }.to raise_error ArgumentError, 'Invalid zip algorithm.'
+    end
+
+  end
+
   it 'raises a token error when the token format is invalid' do
     expect { Sandal.decode_token('not a valid token') }.to raise_error Sandal::TokenError
   end  

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sandal
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Greg Beech
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-04-20 00:00:00.000000000 Z
+date: 2013-04-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json
@@ -164,6 +164,7 @@ files:
 - spec/sandal/enc/a256cbc_hs512_spec.rb
 - spec/sandal/enc/a256gcm_spec.rb
 - spec/sandal/enc/alg/direct_spec.rb
+- spec/sandal/enc/alg/rsa1_5_spec.rb
 - spec/sandal/enc/shared_examples.rb
 - spec/sandal/sig/es_spec.rb
 - spec/sandal/sig/hs_spec.rb
@@ -203,6 +204,7 @@ test_files:
 - spec/sandal/enc/a256cbc_hs512_spec.rb
 - spec/sandal/enc/a256gcm_spec.rb
 - spec/sandal/enc/alg/direct_spec.rb
+- spec/sandal/enc/alg/rsa1_5_spec.rb
 - spec/sandal/enc/shared_examples.rb
 - spec/sandal/sig/es_spec.rb
 - spec/sandal/sig/hs_spec.rb