RubyGems - sandal - Versions diffs - 0.4.0 → 0.5.0 - Mend

sandal 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

checksums.yaml +4 -4
data/.travis.yml +0 -1
data/CHANGELOG.md +14 -0
data/README.md +1 -1
data/lib/sandal.rb +77 -76
data/lib/sandal/claims.rb +13 -13
data/lib/sandal/enc.rb +15 -49
data/lib/sandal/enc/acbc_hs.rb +97 -52
data/lib/sandal/enc/agcm.rb +64 -26
data/lib/sandal/enc/alg.rb +2 -3
data/lib/sandal/enc/alg/direct.rb +27 -25
data/lib/sandal/enc/alg/rsa.rb +82 -0
data/lib/sandal/sig.rb +12 -12
data/lib/sandal/sig/es.rb +43 -25
data/lib/sandal/sig/hs.rb +21 -8
data/lib/sandal/sig/rs.rb +34 -23
data/lib/sandal/util.rb +7 -7
data/lib/sandal/version.rb +1 -1
data/spec/helper.rb +1 -0
data/spec/sample_keys.rb +28 -0
data/spec/sandal/claims_spec.rb +4 -4
data/spec/sandal/enc/a128cbc_hs256_spec.rb +15 -39
data/spec/sandal/enc/a128gcm_spec.rb +13 -6
data/spec/sandal/enc/a256cbc_hs512_spec.rb +13 -4
data/spec/sandal/enc/a256gcm_spec.rb +15 -37
data/spec/sandal/enc/alg/direct_spec.rb +27 -33
data/spec/sandal/enc/alg/rsa_spec.rb +100 -0
data/spec/sandal/enc/shared_examples.rb +93 -21
data/spec/sandal/sig/es_spec.rb +145 -188
data/spec/sandal/sig/hs_spec.rb +73 -18
data/spec/sandal/sig/rs_spec.rb +81 -78
metadata +7 -6
data/lib/sandal/enc/alg/rsa1_5.rb +0 -47
data/lib/sandal/enc/alg/rsa_oaep.rb +0 -48
data/spec/sandal/enc/alg/rsa1_5_spec.rb +0 -40

data/spec/sandal/sig/es_spec.rb CHANGED

@@ -1,5 +1,5 @@
-require 'helper'
-require 'openssl'
+require "helper"
+require "openssl"
 include Sandal::Util
@@ -7,237 +7,194 @@ include Sandal::Util
 if defined? Sandal::Sig::ES
 def make_point(group, x, y)
-  def pad(c)
-    if c.length <= 64
-      padding_length = 64 - c.length
-    elsif c.length <= 96
-      padding_length = 96 - c.length
-    elsif c.length <= 132
-      padding_length = 132 - c.length
-    end
-    ('0' * padding_length) + c
-  end
-  str = '04' + pad(x.to_s(16)) + pad(y.to_s(16))
+  group_size = group.curve_name.match(/(\d+)/)[0].to_i
+  bn_size = ((group_size + 7) / 8) * 2
+  str = "04" + x.to_s(16).rjust(bn_size, "0") + y.to_s(16).rjust(bn_size, "0")
   bn = OpenSSL::BN.new(str, 16)
   OpenSSL::PKey::EC::Point.new(group, bn)
 end
-describe Sandal::Sig::ES do
-  it 'can encode the signature in JWS section A3.1' do
-    r = make_bn([14, 209, 33, 83, 121, 99, 108, 72, 60, 47, 127, 21, 88, 7, 212, 2, 163, 178, 40, 3, 58, 249, 124, 126, 23, 129, 154, 195, 22, 158, 166, 101]  )
-    s = make_bn([197, 10, 7, 211, 140, 60, 112, 229, 216, 241, 45, 175, 8, 74, 84, 128, 166, 101, 144, 197, 242, 147, 80, 154, 143, 63, 127, 138, 131, 163, 84, 213])
-    signature = Sandal::Sig::ES.encode_jws_signature(r, s, 256)
-    base64_signature = jwt_base64_encode(signature)
-    base64_signature.should == 'DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSApmWQxfKTUJqPP3-Kg6NU1Q'
-  end
-  it 'can encode the signature in JWS section A4.1' do
-    r = make_bn([1, 220, 12, 129, 231, 171, 194, 209, 232, 135, 233, 117, 247, 105, 122, 210, 26, 125, 192, 1, 217, 21, 82, 91, 45, 240, 255, 83, 19, 34, 239, 71, 48, 157, 147, 152, 105, 18, 53, 108, 163, 214, 68, 231, 62, 153, 150, 106, 194, 164, 246, 72, 143, 138, 24, 50, 129, 223, 133, 206, 209, 172, 63, 237, 119, 109]    )
-    s = make_bn([0, 111, 6, 105, 44, 5, 41, 208, 128, 61, 152, 40, 92, 61, 152, 4, 150, 66, 60, 69, 247, 196, 170, 81, 193, 199, 78, 59, 194, 169, 16, 124, 9, 143, 42, 142, 131, 48, 206, 238, 34, 175, 83, 203, 220, 159, 3, 107, 155, 22, 27, 73, 111, 68, 68, 21, 238, 144, 229, 232, 148, 188, 222, 59, 242, 103] )
-    signature = Sandal::Sig::ES.encode_jws_signature(r, s, 521)
-    base64_signature = jwt_base64_encode(signature)
-    base64_signature.should == 'AdwMgeerwtHoh-l192l60hp9wAHZFVJbLfD_UxMi70cwnZOYaRI1bKPWROc-mZZqwqT2SI-KGDKB34XO0aw_7XdtAG8GaSwFKdCAPZgoXD2YBJZCPEX3xKpRwcdOO8KpEHwJjyqOgzDO7iKvU8vcnwNrmxYbSW9ERBXukOXolLzeO_Jn'
-  end
+shared_examples "signing and validation" do |enc_class|
-end
-describe Sandal::Sig::ES256 do
-  it 'can sign data and verify signatures' do
-    group = OpenSSL::PKey::EC::Group.new('prime256v1')
+  it "can sign data and validate signatures" do
+    data = "some data to sign"
+    group = OpenSSL::PKey::EC::Group.new(enc_class::CURVE_NAME)
     private_key = OpenSSL::PKey::EC.new(group).generate_key
-    data = 'Hello ES256'
-    signer = Sandal::Sig::ES256.new(private_key)
+    signer = enc_class.new(private_key)
     signature = signer.sign(data)
     public_key = OpenSSL::PKey::EC.new(group)
     public_key.public_key = private_key.public_key
-    validator = Sandal::Sig::ES256.new(public_key)
+    validator = enc_class.new(public_key)
     validator.valid?(signature, data).should == true
   end
-  it 'can use string keys to sign data and verify signatures' do
-    private_key = <<KEY_END
------BEGIN EC PARAMETERS-----
-BggqhkjOPQMBBw==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEII1Ar4w2EVK6wNL84EpVTVY7XXXVmVqyvjZ4EW9kBGhSoAoGCCqGSM49
-AwEHoUQDQgAEVnYRY+AEiU+UNdYzl+KtuWvdAfKBoAmEekv4icfZQCbLew/eXIlv
-32E8+j0bFYwYi3XjxCJXRE3S2iWPEEygcA==
------END EC PRIVATE KEY-----
-KEY_END
-    public_key = <<KEY_END
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVnYRY+AEiU+UNdYzl+KtuWvdAfKB
-oAmEekv4icfZQCbLew/eXIlv32E8+j0bFYwYi3XjxCJXRE3S2iWPEEygcA==
------END PUBLIC KEY-----
-KEY_END
-    data = 'Hello ES256'
-    signer = Sandal::Sig::ES256.new(private_key)
+  it "can use DER-encoded keys to sign data and validate signatures" do
+    data = "some data to sign"
+    group = OpenSSL::PKey::EC::Group.new(enc_class::CURVE_NAME)
+    private_key = OpenSSL::PKey::EC.new(group).generate_key
+    signer = enc_class.new(private_key.to_der)
     signature = signer.sign(data)
-    validator = Sandal::Sig::ES256.new(public_key)
+    public_key = OpenSSL::PKey::EC.new(group)
+    public_key.public_key = private_key.public_key
+    validator = enc_class.new(public_key.to_der)
     validator.valid?(signature, data).should == true
   end
-  it 'can verify the signature in JWS section A3.1' do
-    x = make_bn([127, 205, 206, 39, 112, 246, 196, 93, 65, 131, 203, 238, 111, 219, 75, 123, 88, 7, 51, 53, 123, 233, 239, 19, 186, 207, 110, 60, 123, 209, 84, 69])
-    y = make_bn([199, 241, 68, 205, 27, 189, 155, 126, 135, 44, 223, 237, 185, 238, 185, 244, 179, 105, 93, 110, 169, 11, 36, 173, 138, 70, 35, 40, 133, 136, 229, 173])
-    d = make_bn([142, 155, 16, 158, 113, 144, 152, 191, 152, 4, 135, 223, 31, 93, 119, 233, 203, 41, 96, 110, 190, 210, 38, 59, 95, 87, 194, 19, 223, 132, 244, 178])
-    data = 'eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ'
-    signature = jwt_base64_decode('DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSApmWQxfKTUJqPP3-Kg6NU1Q')
-    group = OpenSSL::PKey::EC::Group.new('prime256v1')
+  it "can use PEM-encoded keys to sign data and validate signatures" do
+    data = "some data to sign"
+    group = OpenSSL::PKey::EC::Group.new(enc_class::CURVE_NAME)
+    private_key = OpenSSL::PKey::EC.new(group).generate_key
+    signer = enc_class.new(private_key.to_pem)
+    signature = signer.sign(data)
     public_key = OpenSSL::PKey::EC.new(group)
-    public_key.public_key = make_point(group, x, y)
-    validator = Sandal::Sig::ES256.new(public_key)
+    public_key.public_key = private_key.public_key
+    validator = enc_class.new(public_key.to_pem)
     validator.valid?(signature, data).should == true
   end
-  it 'fails to verify the signature in JWS section A3.1 when the data is changed' do
-    x = make_bn([127, 205, 206, 39, 112, 246, 196, 93, 65, 131, 203, 238, 111, 219, 75, 123, 88, 7, 51, 53, 123, 233, 239, 19, 186, 207, 110, 60, 123, 209, 84, 69])
-    y = make_bn([199, 241, 68, 205, 27, 189, 155, 126, 135, 44, 223, 237, 185, 238, 185, 244, 179, 105, 93, 110, 169, 11, 36, 173, 138, 70, 35, 40, 133, 136, 229, 173])
-    d = make_bn([142, 155, 16, 158, 113, 144, 152, 191, 152, 4, 135, 223, 31, 93, 119, 233, 203, 41, 96, 110, 190, 210, 38, 59, 95, 87, 194, 19, 223, 132, 244, 178])
-    data = 'not the data that was signed'
-    signature = jwt_base64_decode('DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSApmWQxfKTUJqPP3-Kg6NU1Q')
+  context "#initialize" do
+    it "raises an argument error if the key has the wrong curve" do
+      group = OpenSSL::PKey::EC::Group.new("secp224k1")
+      private_key = OpenSSL::PKey::EC.new(group).generate_key
+      expect { enc_class.new(private_key) }.to raise_error ArgumentError
+    end
-    group = OpenSSL::PKey::EC::Group.new('prime256v1')
-    public_key = OpenSSL::PKey::EC.new(group)
-    public_key.public_key = make_point(group, x, y)
-    validator = Sandal::Sig::ES256.new(public_key)
-    validator.valid?(signature, data).should == false
   end
-  it 'raises an argument error if the key has the wrong curve' do
-    group = OpenSSL::PKey::EC::Group.new('secp384r1')
-    private_key = OpenSSL::PKey::EC.new(group).generate_key
-    expect { Sandal::Sig::ES256.new(private_key) }.to raise_error ArgumentError
+  context "#valid?" do
+    it "fails to validate the signature when the key is changed" do
+      data = "some data to sign"
+      group = OpenSSL::PKey::EC::Group.new(enc_class::CURVE_NAME)
+      private_key = OpenSSL::PKey::EC.new(group).generate_key
+      signer = enc_class.new(private_key)
+      signature = signer.sign(data)
+      public_key = OpenSSL::PKey::EC.new(group).generate_key
+      validator = enc_class.new(public_key)
+      validator.valid?(signature, data).should == false
+    end
+    it "fails to validate the signature when the signature is changed" do
+      data = "some data to sign"
+      group = OpenSSL::PKey::EC::Group.new(enc_class::CURVE_NAME)
+      private_key = OpenSSL::PKey::EC.new(group).generate_key
+      signer = enc_class.new(private_key)
+      signature = signer.sign(data)
+      public_key = OpenSSL::PKey::EC.new(group)
+      public_key.public_key = private_key.public_key
+      validator = enc_class.new(public_key)
+      validator.valid?(signature + "x", data).should == false
+    end
+    it "fails to validate the signature when the data is changed" do
+      data = "some data to sign"
+      group = OpenSSL::PKey::EC::Group.new(enc_class::CURVE_NAME)
+      private_key = OpenSSL::PKey::EC.new(group).generate_key
+      signer = enc_class.new(private_key)
+      signature = signer.sign(data)
+      public_key = OpenSSL::PKey::EC.new(group)
+      public_key.public_key = private_key.public_key
+      validator = enc_class.new(public_key)
+      validator.valid?(signature, data + "x").should == false
+    end
   end
 end
-describe Sandal::Sig::ES384 do
+describe Sandal::Sig::ES do
-  it 'can sign data and verify signatures' do
-    group = OpenSSL::PKey::EC::Group.new('secp384r1')
-    private_key = OpenSSL::PKey::EC.new(group).generate_key
-    data = 'Hello ES384'
-    signer = Sandal::Sig::ES384.new(private_key)
-    signature = signer.sign(data)
-    public_key = OpenSSL::PKey::EC.new(group)
-    public_key.public_key = private_key.public_key
-    validator = Sandal::Sig::ES384.new(public_key)
-    validator.valid?(signature, data).should == true
-  end
+  context "#encode_jws_signature" do
-  it 'can use string keys to sign data and verify signatures' do
-    private_key = <<KEY_END
------BEGIN EC PARAMETERS-----
-BgUrgQQAIg==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MIGkAgEBBDDHWNCqR7V8EQS1aeCWXJ6arxaj31tvfBozSVDhbgzvFsFM9tbgbhTb
-1PGWXJEP91SgBwYFK4EEACKhZANiAASSjX9LH/BrmGp6WoHN/gBYN3Su/nIAApwM
-iuFPbUFcWamxo8hUUTxLpdwvrrEHIVV2urXaVc0KHdSo93bVEHMOvLYjpXFXu+8f
-6Fu17ofcECDNIaI9A+uydWY3E/cJUDM=
------END EC PRIVATE KEY-----
-KEY_END
-    public_key = <<KEY_END
------BEGIN PUBLIC KEY-----
-MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEko1/Sx/wa5hqelqBzf4AWDd0rv5yAAKc
-DIrhT21BXFmpsaPIVFE8S6XcL66xByFVdrq12lXNCh3UqPd21RBzDry2I6VxV7vv
-H+hbte6H3BAgzSGiPQPrsnVmNxP3CVAz
------END PUBLIC KEY-----
-KEY_END
-    data = 'Hello ES384'
-    signer = Sandal::Sig::ES384.new(private_key)
-    signature = signer.sign(data)
-    validator = Sandal::Sig::ES384.new(public_key)
-    validator.valid?(signature, data).should == true
-  end
+    it "can encode the signature in JWS draft-11 appendix 3" do
+      r = make_bn([14, 209, 33, 83, 121, 99, 108, 72, 60, 47, 127, 21, 88, 7, 212, 2, 163, 178, 40, 3, 58, 249, 124, 126, 23, 129, 154, 195, 22, 158, 166, 101])
+      s = make_bn([197, 10, 7, 211, 140, 60, 112, 229, 216, 241, 45, 175, 8, 74, 84, 128, 166, 101, 144, 197, 242, 147, 80, 154, 143, 63, 127, 138, 131, 163, 84, 213])
+      signature = Sandal::Sig::ES.encode_jws_signature(r, s, 256)
+      base64_signature = jwt_base64_encode(signature)
+      base64_signature.should == "DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSApmWQxfKTUJqPP3-Kg6NU1Q"
+    end
+    it "can encode the signature in JWS draft-11 appendix 4" do
+      r = make_bn([1, 220, 12, 129, 231, 171, 194, 209, 232, 135, 233, 117, 247, 105, 122, 210, 26, 125, 192, 1, 217, 21, 82, 91, 45, 240, 255, 83, 19, 34, 239, 71, 48, 157, 147, 152, 105, 18, 53, 108, 163, 214, 68, 231, 62, 153, 150, 106, 194, 164, 246, 72, 143, 138, 24, 50, 129, 223, 133, 206, 209, 172, 63, 237, 119, 109])
+      s = make_bn([0, 111, 6, 105, 44, 5, 41, 208, 128, 61, 152, 40, 92, 61, 152, 4, 150, 66, 60, 69, 247, 196, 170, 81, 193, 199, 78, 59, 194, 169, 16, 124, 9, 143, 42, 142, 131, 48, 206, 238, 34, 175, 83, 203, 220, 159, 3, 107, 155, 22, 27, 73, 111, 68, 68, 21, 238, 144, 229, 232, 148, 188, 222, 59, 242, 103])
+      signature = Sandal::Sig::ES.encode_jws_signature(r, s, 521)
+      base64_signature = jwt_base64_encode(signature)
+      base64_signature.should == "AdwMgeerwtHoh-l192l60hp9wAHZFVJbLfD_UxMi70cwnZOYaRI1bKPWROc-mZZqwqT2SI-KGDKB34XO0aw_7XdtAG8GaSwFKdCAPZgoXD2YBJZCPEX3xKpRwcdOO8KpEHwJjyqOgzDO7iKvU8vcnwNrmxYbSW9ERBXukOXolLzeO_Jn"
+    end
-  it 'raises an argument error if the key has the wrong curve' do
-    group = OpenSSL::PKey::EC::Group.new('secp521r1')
-    private_key = OpenSSL::PKey::EC.new(group).generate_key
-    expect { Sandal::Sig::ES384.new(private_key) }.to raise_error ArgumentError
   end
 end
-describe Sandal::Sig::ES512 do
+describe Sandal::Sig::ES256 do
+  include_examples "signing and validation", Sandal::Sig::ES256, "prime256v1"
-  it 'can sign data and verify signatures' do
-    group = OpenSSL::PKey::EC::Group.new('secp521r1')
-    private_key = OpenSSL::PKey::EC.new(group).generate_key
-    data = 'Hello ES512'
-    signer = Sandal::Sig::ES512.new(private_key)
-    signature = signer.sign(data)
-    public_key = OpenSSL::PKey::EC.new(group)
-    public_key.public_key = private_key.public_key
-    validator = Sandal::Sig::ES512.new(public_key)
-    validator.valid?(signature, data).should == true
+  context "#name" do
+    it "is 'ES256'" do
+      enc = Sandal::Sig::ES256.new(OpenSSL::PKey::EC.new("prime256v1").generate_key)
+      enc.name.should == "ES256"
+    end
   end
-  it 'can use string keys to sign data and verify signatures' do
-    private_key = <<KEY_END
------BEGIN EC PARAMETERS-----
-BgUrgQQAIw==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MIHcAgEBBEIBQokOnEjac/cnqtuEPrS+ekzObqwN4wcsh4MgW1M9D/lC+cfHcgso
-QhdmC1fZEYV9G3eiVYRO818XBrgzX8sOqQGgBwYFK4EEACOhgYkDgYYABADWDbxx
-FZHDy5nzP+tL1AcDgbVtZbin6jOz3E0EPzjDJS8267XROdSLxh/FdM54HaZ5ak2D
-q0VThSOquJdkiy6jyAEOlXLeznDrV9ZP9ddFFFA8OMM2aImU+HdGq6rlWrAs7qMU
-tu6lP9k3+WHD7Z1+YkCafox+lpraE4NrnlkVqO2RVg==
------END EC PRIVATE KEY-----
-KEY_END
-    public_key = <<KEY_END
------BEGIN PUBLIC KEY-----
-MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA1g28cRWRw8uZ8z/rS9QHA4G1bWW4
-p+ozs9xNBD84wyUvNuu10TnUi8YfxXTOeB2meWpNg6tFU4UjqriXZIsuo8gBDpVy
-3s5w61fWT/XXRRRQPDjDNmiJlPh3Rquq5VqwLO6jFLbupT/ZN/lhw+2dfmJAmn6M
-fpaa2hODa55ZFajtkVY=
------END PUBLIC KEY-----
-KEY_END
-    data = 'Hello ES512'
-    signer = Sandal::Sig::ES512.new(private_key)
-    signature = signer.sign(data)
-    validator = Sandal::Sig::ES512.new(public_key)
-    validator.valid?(signature, data).should == true
+  context "#valid?" do
+    it "can validate the signature in JWS draft-11 appendix 3" do
+      x = make_bn([127, 205, 206, 39, 112, 246, 196, 93, 65, 131, 203, 238, 111, 219, 75, 123, 88, 7, 51, 53, 123, 233, 239, 19, 186, 207, 110, 60, 123, 209, 84, 69])
+      y = make_bn([199, 241, 68, 205, 27, 189, 155, 126, 135, 44, 223, 237, 185, 238, 185, 244, 179, 105, 93, 110, 169, 11, 36, 173, 138, 70, 35, 40, 133, 136, 229, 173])
+      d = make_bn([142, 155, 16, 158, 113, 144, 152, 191, 152, 4, 135, 223, 31, 93, 119, 233, 203, 41, 96, 110, 190, 210, 38, 59, 95, 87, 194, 19, 223, 132, 244, 178])
+      data = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
+      signature = jwt_base64_decode("DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSApmWQxfKTUJqPP3-Kg6NU1Q")
+      group = OpenSSL::PKey::EC::Group.new("prime256v1")
+      public_key = OpenSSL::PKey::EC.new(group)
+      public_key.public_key = make_point(group, x, y)
+      validator = Sandal::Sig::ES256.new(public_key)
+      validator.valid?(signature, data).should == true
+    end
   end
-  it 'can verify the signature in JWS section A4.1' do
-    x = make_bn([1, 233, 41, 5, 15, 18, 79, 198, 188, 85, 199, 213, 57, 51, 101, 223, 157, 239, 74, 176, 194, 44, 178, 87, 152, 249, 52, 235, 4, 227, 198, 186, 227, 112, 26, 87, 167, 145, 14, 157, 129, 191, 54, 49, 89, 232, 235, 203, 21, 93, 99, 73, 244, 189, 182, 204, 248, 169, 76, 92, 89, 199, 170, 193, 1, 164])
-    y = make_bn([0, 52, 166, 68, 14, 55, 103, 80, 210, 55, 31, 209, 189, 194, 200, 243, 183, 29, 47, 78, 229, 234, 52, 50, 200, 21, 204, 163, 21, 96, 254, 93, 147, 135, 236, 119, 75, 85, 131, 134, 48, 229, 203, 191, 90, 140, 190, 10, 145, 221, 0, 100, 198, 153, 154, 31, 110, 110, 103, 250, 221, 237, 228, 200, 200, 246])
-    d = make_bn([1, 142, 105, 111, 176, 52, 80, 88, 129, 221, 17, 11, 72, 62, 184, 125, 50, 206, 73, 95, 227, 107, 55, 69, 237, 242, 216, 202, 228, 240, 242, 83, 159, 70, 21, 160, 233, 142, 171, 82, 179, 192, 197, 234, 196, 206, 7, 81, 133, 168, 231, 187, 71, 222, 172, 29, 29, 231, 123, 204, 246, 97, 53, 230, 61, 130]  )
-    data = 'eyJhbGciOiJFUzUxMiJ9.UGF5bG9hZA'
-    signature = jwt_base64_decode('AdwMgeerwtHoh-l192l60hp9wAHZFVJbLfD_UxMi70cwnZOYaRI1bKPWROc-mZZqwqT2SI-KGDKB34XO0aw_7XdtAG8GaSwFKdCAPZgoXD2YBJZCPEX3xKpRwcdOO8KpEHwJjyqOgzDO7iKvU8vcnwNrmxYbSW9ERBXukOXolLzeO_Jn')
+end
-    group = OpenSSL::PKey::EC::Group.new('secp521r1')
-    public_key = OpenSSL::PKey::EC.new(group)
-    public_key.public_key = make_point(group, x, y)
-    validator = Sandal::Sig::ES512.new(public_key)
-    validator.valid?(signature, data).should == true
+describe Sandal::Sig::ES384 do
+  include_examples "signing and validation", Sandal::Sig::ES384, "secp384r1"
+  context "#name" do
+    it "is 'ES384'" do
+      enc = Sandal::Sig::ES384.new(OpenSSL::PKey::EC.new("secp384r1").generate_key)
+      enc.name.should == "ES384"
+    end
   end
-  it 'fails to verify the signature in JWS section A4.1 when the data is changed' do
-    x = make_bn([1, 233, 41, 5, 15, 18, 79, 198, 188, 85, 199, 213, 57, 51, 101, 223, 157, 239, 74, 176, 194, 44, 178, 87, 152, 249, 52, 235, 4, 227, 198, 186, 227, 112, 26, 87, 167, 145, 14, 157, 129, 191, 54, 49, 89, 232, 235, 203, 21, 93, 99, 73, 244, 189, 182, 204, 248, 169, 76, 92, 89, 199, 170, 193, 1, 164])
-    y = make_bn([0, 52, 166, 68, 14, 55, 103, 80, 210, 55, 31, 209, 189, 194, 200, 243, 183, 29, 47, 78, 229, 234, 52, 50, 200, 21, 204, 163, 21, 96, 254, 93, 147, 135, 236, 119, 75, 85, 131, 134, 48, 229, 203, 191, 90, 140, 190, 10, 145, 221, 0, 100, 198, 153, 154, 31, 110, 110, 103, 250, 221, 237, 228, 200, 200, 246])
-    d = make_bn([1, 142, 105, 111, 176, 52, 80, 88, 129, 221, 17, 11, 72, 62, 184, 125, 50, 206, 73, 95, 227, 107, 55, 69, 237, 242, 216, 202, 228, 240, 242, 83, 159, 70, 21, 160, 233, 142, 171, 82, 179, 192, 197, 234, 196, 206, 7, 81, 133, 168, 231, 187, 71, 222, 172, 29, 29, 231, 123, 204, 246, 97, 53, 230, 61, 130]  )
-    data = 'not the data that was signed'
-    signature = jwt_base64_decode('AdwMgeerwtHoh-l192l60hp9wAHZFVJbLfD_UxMi70cwnZOYaRI1bKPWROc-mZZqwqT2SI-KGDKB34XO0aw_7XdtAG8GaSwFKdCAPZgoXD2YBJZCPEX3xKpRwcdOO8KpEHwJjyqOgzDO7iKvU8vcnwNrmxYbSW9ERBXukOXolLzeO_Jn')
+end
+describe Sandal::Sig::ES512 do
+  include_examples "signing and validation", Sandal::Sig::ES512, "secp521r1"
-    group = OpenSSL::PKey::EC::Group.new('secp521r1')
-    public_key = OpenSSL::PKey::EC.new(group)
-    public_key.public_key = make_point(group, x, y)
-    validator = Sandal::Sig::ES512.new(public_key)
-    validator.valid?(signature, data).should == false
+  context "#name" do
+    it "is 'ES512'" do
+      enc = Sandal::Sig::ES512.new(OpenSSL::PKey::EC.new("secp521r1").generate_key)
+      enc.name.should == "ES512"
+    end
   end
-  it 'raises an argument error if the key has the wrong curve' do
-    group = OpenSSL::PKey::EC::Group.new('prime256v1')
-    private_key = OpenSSL::PKey::EC.new(group).generate_key
-    expect { Sandal::Sig::ES512.new(private_key) }.to raise_error ArgumentError
+  context "#validate?" do
+    it "can validate the signature in JWS draft-11 appendix 4" do
+      x = make_bn([1, 233, 41, 5, 15, 18, 79, 198, 188, 85, 199, 213, 57, 51, 101, 223, 157, 239, 74, 176, 194, 44, 178, 87, 152, 249, 52, 235, 4, 227, 198, 186, 227, 112, 26, 87, 167, 145, 14, 157, 129, 191, 54, 49, 89, 232, 235, 203, 21, 93, 99, 73, 244, 189, 182, 204, 248, 169, 76, 92, 89, 199, 170, 193, 1, 164])
+      y = make_bn([0, 52, 166, 68, 14, 55, 103, 80, 210, 55, 31, 209, 189, 194, 200, 243, 183, 29, 47, 78, 229, 234, 52, 50, 200, 21, 204, 163, 21, 96, 254, 93, 147, 135, 236, 119, 75, 85, 131, 134, 48, 229, 203, 191, 90, 140, 190, 10, 145, 221, 0, 100, 198, 153, 154, 31, 110, 110, 103, 250, 221, 237, 228, 200, 200, 246])
+      d = make_bn([1, 142, 105, 111, 176, 52, 80, 88, 129, 221, 17, 11, 72, 62, 184, 125, 50, 206, 73, 95, 227, 107, 55, 69, 237, 242, 216, 202, 228, 240, 242, 83, 159, 70, 21, 160, 233, 142, 171, 82, 179, 192, 197, 234, 196, 206, 7, 81, 133, 168, 231, 187, 71, 222, 172, 29, 29, 231, 123, 204, 246, 97, 53, 230, 61, 130]  )
+      data = "eyJhbGciOiJFUzUxMiJ9.UGF5bG9hZA"
+      signature = jwt_base64_decode("AdwMgeerwtHoh-l192l60hp9wAHZFVJbLfD_UxMi70cwnZOYaRI1bKPWROc-mZZqwqT2SI-KGDKB34XO0aw_7XdtAG8GaSwFKdCAPZgoXD2YBJZCPEX3xKpRwcdOO8KpEHwJjyqOgzDO7iKvU8vcnwNrmxYbSW9ERBXukOXolLzeO_Jn")
+      group = OpenSSL::PKey::EC::Group.new("secp521r1")
+      public_key = OpenSSL::PKey::EC.new(group)
+      public_key.public_key = make_point(group, x, y)
+      validator = Sandal::Sig::ES512.new(public_key)
+      validator.valid?(signature, data).should == true
+    end
   end
 end

data/spec/sandal/sig/hs_spec.rb CHANGED

@@ -1,32 +1,87 @@
-require 'helper'
-require 'openssl'
+require "helper"
+require "openssl"
+shared_examples "signing and validation" do |enc_class|
+  it "can sign data and validate signatures" do
+    data = "some data to sign"
+    key = "A secret key"
+    signer = enc_class.new(key)
+    signature = signer.sign(data)
+    signer.valid?(signature, data).should == true
+  end
+  context "#valid?" do
+    it "fails to validate the signature when the key is changed" do
+      data = "some other data to sign"
+      key = "Another secret key"
+      signer = enc_class.new(key)
+      signature = signer.sign(data)
+      verifier = enc_class.new(key + "x")
+      verifier.valid?(signature, data).should == false
+    end
+    it "fails to validate the signature when the signature is changed" do
+      data = "some other data to sign"
+      key = "Another secret key"
+      signer = enc_class.new(key)
+      signature = signer.sign(data)
+      signer.valid?(signature + "x", data).should == false
+    end
+    it "fails to validate the signature when the data is changed" do
+      data = "some other data to sign"
+      key = "Another secret key"
+      signer = enc_class.new(key)
+      signature = signer.sign(data)
+      signer.valid?(signature, data + "x").should == false
+    end
+  end
+end
 describe Sandal::Sig::HS256 do
-  it 'can sign data and verify signatures' do
-    data = 'Hello HS256'
-    key = 'A secret key'
+  include_examples "signing and validation", Sandal::Sig::HS256
+  context "#name" do
+    it "is 'HS256'" do
+      enc = Sandal::Sig::HS256.new("any old key")
+      enc.name.should == "HS256"
+    end
+  end
+  it "can validate the signature from JWS dratf-11 appendix 1" do
+    data = "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
+    key = [3, 35, 53, 75, 43, 15, 165, 188, 131, 126, 6, 101, 119, 123, 166, 143, 90, 179, 40, 230, 240, 84, 201, 40, 169, 15, 132, 178, 210, 80, 46, 191, 211, 251, 90, 146, 210, 6, 71, 239, 150, 138, 180, 195, 119, 98, 61, 34, 61, 46, 33, 114, 5, 46, 79, 8, 192, 205, 154, 245, 103, 208, 128, 163].pack("C*")
     signer = Sandal::Sig::HS256.new(key)
-    signature = signer.sign(data)
+    signature = [116, 24, 223, 180, 151, 153, 224, 37, 79, 250, 96, 125, 216, 173, 187, 186, 22, 212, 37, 77, 105, 214, 191, 240, 91, 88, 5, 88, 83, 132, 141, 121].pack("C*")
     signer.valid?(signature, data).should == true
   end
 end
 describe Sandal::Sig::HS384 do
-  it 'can sign data and verify signatures' do
-    data = 'Hello HS384'
-    key = 'Another secret key'
-    signer = Sandal::Sig::HS384.new(key)
-    signature = signer.sign(data)
-    signer.valid?(signature, data).should == true
+  include_examples "signing and validation", Sandal::Sig::HS384
+  context "#name" do
+    it "is 'HS384'" do
+      enc = Sandal::Sig::HS384.new("any old key")
+      enc.name.should == "HS384"
+    end
   end
 end
 describe Sandal::Sig::HS512 do
-  it 'can sign data and verify signatures' do
-    data = 'Hello HS512'
-    key = 'Yet another secret key'
-    signer = Sandal::Sig::HS512.new(key)
-    signature = signer.sign(data)
-    signer.valid?(signature, data).should == true
+  include_examples "signing and validation", Sandal::Sig::HS512
+  context "#name" do
+    it "is 'HS512'" do
+      enc = Sandal::Sig::HS512.new("any old key")
+      enc.name.should == "HS512"
+    end
   end
 end