mirror of
https://github.com/danbulant/jose
synced 2026-05-25 04:51:47 +00:00
test: add RSA-OAEP-256 test vectors from the jose mailing list
This commit is contained in:
Filip Skokan
parent
f2967bfe46
commit
af31c079ad
3 changed files with 150 additions and 1 deletions
|
|
@ -0,0 +1,102 @@
|
|||
const test = require('ava')
|
||||
|
||||
const { oaepHashSupported } = require('../../lib/help/runtime_support')
|
||||
|
||||
if (!oaepHashSupported) return
|
||||
|
||||
const recipe = require('./recipes').get('ml-oeap-256')
|
||||
const { enc: verifiers } = require('./verifiers')
|
||||
|
||||
const { JWE, JWK: { asKey, generateSync }, JWKS: { KeyStore }, errors } = require('../..')
|
||||
|
||||
const {
|
||||
input: { plaintext, key: jwk },
|
||||
encrypting_content: { protected: prot }
|
||||
} = recipe
|
||||
|
||||
const key = asKey(jwk)
|
||||
|
||||
const keystoreEmpty = new KeyStore()
|
||||
const keystoreMatchOne = new KeyStore(generateSync(key.kty, key.length, { alg: key.alg, use: key.use }), key)
|
||||
const keystoreMatchMore = new KeyStore(generateSync(key.kty, key.length, { alg: key.alg, use: key.use, kid: key.kid }), key, asKey(key))
|
||||
const keystoreMatchNone = new KeyStore(generateSync(key.kty), generateSync(key.kty))
|
||||
|
||||
test(`${recipe.title} - compact encrypt`, t => {
|
||||
const res = JWE.encrypt(plaintext, key, prot)
|
||||
verifiers.compact(t, res, recipe.output.compact)
|
||||
t.deepEqual(JWE.decrypt(res, key), Buffer.from(plaintext))
|
||||
})
|
||||
|
||||
test(`${recipe.title} - flattened encrypt`, t => {
|
||||
const res = JWE.encrypt.flattened(plaintext, key, prot)
|
||||
verifiers.flattened(t, res, recipe.output.json_flat)
|
||||
t.deepEqual(JWE.decrypt(res, key), Buffer.from(plaintext))
|
||||
})
|
||||
|
||||
test(`${recipe.title} - general encrypt`, t => {
|
||||
const res = JWE.encrypt.general(plaintext, key, prot)
|
||||
verifiers.general(t, res, recipe.output.json)
|
||||
t.deepEqual(JWE.decrypt(res, key), Buffer.from(plaintext))
|
||||
})
|
||||
|
||||
test(`${recipe.title} - compact decrypt`, t => {
|
||||
t.deepEqual(JWE.decrypt(recipe.output.compact, key), Buffer.from(plaintext))
|
||||
})
|
||||
|
||||
test(`${recipe.title} - flattened decrypt`, t => {
|
||||
t.deepEqual(JWE.decrypt(recipe.output.json_flat, key), Buffer.from(plaintext))
|
||||
})
|
||||
|
||||
test(`${recipe.title} - general decrypt`, t => {
|
||||
t.deepEqual(JWE.decrypt(recipe.output.json, key), Buffer.from(plaintext))
|
||||
})
|
||||
|
||||
;[keystoreMatchOne, keystoreMatchMore].forEach((keystore, i) => {
|
||||
test(`${recipe.title} - compact decrypt (using keystore ${i + 1}/2)`, t => {
|
||||
t.deepEqual(JWE.decrypt(recipe.output.compact, keystore), Buffer.from(plaintext))
|
||||
})
|
||||
|
||||
test(`${recipe.title} - flattened decrypt (using keystore ${i + 1}/2)`, t => {
|
||||
t.deepEqual(JWE.decrypt(recipe.output.json_flat, keystore), Buffer.from(plaintext))
|
||||
})
|
||||
|
||||
test(`${recipe.title} - general decrypt (using keystore ${i + 1}/2)`, t => {
|
||||
t.deepEqual(JWE.decrypt(recipe.output.json, keystore), Buffer.from(plaintext))
|
||||
})
|
||||
})
|
||||
|
||||
test(`${recipe.title} - compact decrypt (failing)`, t => {
|
||||
t.throws(() => {
|
||||
JWE.decrypt(recipe.output.compact, keystoreMatchNone)
|
||||
}, { instanceOf: errors.JWEDecryptionFailed, code: 'ERR_JWE_DECRYPTION_FAILED', message: 'decryption operation failed' })
|
||||
})
|
||||
|
||||
test(`${recipe.title} - flattened decrypt (failing)`, t => {
|
||||
t.throws(() => {
|
||||
JWE.decrypt(recipe.output.json_flat, keystoreMatchNone)
|
||||
}, { instanceOf: errors.JWEDecryptionFailed, code: 'ERR_JWE_DECRYPTION_FAILED', message: 'decryption operation failed' })
|
||||
})
|
||||
|
||||
test(`${recipe.title} - general decrypt (failing)`, t => {
|
||||
t.throws(() => {
|
||||
JWE.decrypt(recipe.output.json, keystoreMatchNone)
|
||||
}, { instanceOf: errors.JWEDecryptionFailed, code: 'ERR_JWE_DECRYPTION_FAILED', message: 'decryption operation failed' })
|
||||
})
|
||||
|
||||
test(`${recipe.title} - compact decrypt (using empty keystore)`, t => {
|
||||
t.throws(() => {
|
||||
JWE.decrypt(recipe.output.compact, keystoreEmpty)
|
||||
}, { instanceOf: errors.JWKSNoMatchingKey, code: 'ERR_JWKS_NO_MATCHING_KEY', message: 'no matching key found in the KeyStore' })
|
||||
})
|
||||
|
||||
test(`${recipe.title} - flattened decrypt (using empty keystore)`, t => {
|
||||
t.throws(() => {
|
||||
JWE.decrypt(recipe.output.json_flat, keystoreEmpty)
|
||||
}, { instanceOf: errors.JWKSNoMatchingKey, code: 'ERR_JWKS_NO_MATCHING_KEY', message: 'no matching key found in the KeyStore' })
|
||||
})
|
||||
|
||||
test(`${recipe.title} - general decrypt (using empty keystore)`, t => {
|
||||
t.throws(() => {
|
||||
JWE.decrypt(recipe.output.json, keystoreEmpty)
|
||||
}, { instanceOf: errors.JWKSNoMatchingKey, code: 'ERR_JWKS_NO_MATCHING_KEY', message: 'no matching key found in the KeyStore' })
|
||||
})
|
||||
|
|
@ -27,5 +27,6 @@ module.exports = new Map([
|
|||
['5.13', require('./5_13.encrypting_to_multiple_recipients')],
|
||||
['4.1 rfc7797', require('./rfc7797.4_1.hmac-sha2_b64_false')],
|
||||
['4.2 rfc7797', require('./rfc7797.4_2.hmac-sha2_b64_false')],
|
||||
['A.4 rfc8037', require('./rfc8037.a4.ed25519')]
|
||||
['A.4 rfc8037', require('./rfc8037.a4.ed25519')],
|
||||
['ml-oeap-256', require('./ml.key_encryption_using_rsa-oaep-256_with_a128cbc-hs256')]
|
||||
])
|
||||
|
|
|
|||
|
|
@ -0,0 +1,46 @@
|
|||
module.exports = {
|
||||
title: 'Key Encryption using RSA-OAEP with AES_CBC_HMAC_SHA2',
|
||||
input: {
|
||||
plaintext: "Well, as of this moment, they're on DOUBLE SECRET PROBATION!",
|
||||
key: {
|
||||
e: 'AQAB',
|
||||
n: '2cQJH1f6yF9DcGa8Cmbnhn4LHLs5L6kNb2rxkrNFZArJLRaKvaC3tMCKZ8ZgIpO9bVMPx5UMjJoaf7p9O5BSApVqA2J10fUbdSIomCcDwvGo0eyhty0DILLWTMXzGEVM3BXzuJQoeDkuUCXXcCwA4Msyyd2OHVu-pB2OrGv6fcjHwjINty3UoKm08lCvAevBKHsuA-FFwQII9bycvRx5wRqFUjdMAyiOmLYBHBaJSi11g3HVexMcb29v14PSlVzdGUMN8oboa-zcIyaPrIiczLqAkSXQNdEFHrjsJHfFeNMfOblLM7icKN_tyWujYeItt4kqUIimPn5dHjwgcQYE7w',
|
||||
d: 'dyUz3ItVceX1Tv1WqtZMnKA_0jN5gWMcL7ayf5JISAlCssGfnUre2C10TH0UQjbVMIh-nLMnD5KNJw9Qz5MR28oGG932Gq7hm__ZeA34l-OCe4DdpgwhpvVSHOU9MS1RdSUpmPavAcA_X6ikrAHXZSaoHhxzUgrNTpvBYQMfJUv_492fStIseQ9rwAMOpCWOiWMZOQm3KJVTLLunXdKf_UxmzmKXYKYZWke3AWIzUqnOfqIjfDTMunF4UWU0zKlhcsaQNmYMVrJGajD1bJdy_dbUU3LE8sx-bdkUI6oBk-sFtTTVyVdQcetG9kChJ5EnY5R6tt_4_xFG5kxzTo6qaQ',
|
||||
p: '7yQmgE60SL7QrXpAJhChLgKnXWi6C8tVx1lA8FTpphpLaCtK-HbgBVHCprC2CfaM1mxFJZahxgFjC9ehuV8OzMNyFs8kekS82EsQGksi8HJPxyR1fU6ATa36ogPG0nNaqm3EDmYyjowhntgBz2OkbFAsTMHTdna-pZBRJa9lm5U',
|
||||
q: '6R4dzo9LwHLO73EMQPQsmwXjVOvAS5W6rgQ-BCtMhec_QosAXIVE3AGyfweqZm6rurXCVFykDLwJ30GepLQ8nTlzeV6clx0x70saGGKKVmCsHuVYWwgIRyJTrt4SX29NQDZ_FE52NlO3OhPkj1ExSk_pGMqGRFd26K8g0jJsXXM',
|
||||
dp: 'VByn-hs0qB2Ncmb8ZycUOgWu7ljmjz1up1ZKU_3ZzJWVDkej7-6H7vcJ-u1OqgRxFv4v9_-aWPWl68VlWbkIkJbx6vniv6qrrXwBZu4klOPwEYBOXsucrzXRYOjpJp5yNl2zRslFYQQC00bwpAxNCdfNLRZDlXhAqCUxlYqyt10',
|
||||
dq: 'MJFbuGtWZvQEdRJicS3uFSY25LxxRc4eJJ8xpIC44rT5Ew4Otzf0zrlzzM92Cv1HvhCcOiNK8nRCwkbTnJEIh-EuU70IdttYSfilqSruk2x0r8Msk1qrDtbyBF60CToRKC2ycDKgolTyuaDnX4yU7lyTvdyD-L0YQwYpmmFy_k0',
|
||||
qi: 'vy7XCwZ3jyMGik81TIZDAOQKC8FVUc0TG5KVYfti4tgwzUqFwtuB8Oc1ctCKRbE7uZUPwZh4OsCTLqIvqBQda_kaxOxo5EF7iXj6yHmZ2s8P_Z_u3JLuh-oAT_6kmbLx6CAO0DbtKtxp24Ivc1hDfqSwWORgN1AOrSRCmE3nwxg',
|
||||
kty: 'RSA'
|
||||
},
|
||||
alg: 'RSA-OAEP-256',
|
||||
enc: 'A128CBC-HS256'
|
||||
},
|
||||
encrypting_content: {
|
||||
protected: {
|
||||
alg: 'RSA-OAEP-256',
|
||||
enc: 'A128CBC-HS256'
|
||||
}
|
||||
},
|
||||
output: {
|
||||
compact: 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.fL5IL5cMCjjU9G9_ZjsD2XO0HIwTOwbVwulcZVw31_rx2qTcHzbYhIvrvbcVLTfJzn8xbQ3UEL442ZgZ1PcFYKENYePXiEyvYxPN8dmvj_OfLSJDEqR6kvwOb6nghGtxfzdB_VRvFt2eehbCA3gWpiOYHHvSTFdBPGx2KZHQisLz3oZR8EWiZ1woEpHy8a7FoQ2zzuDlZEJQOUrh09b_EJxmcE2jL6wmEtgabyxy3VgWg3GqSPUISlJZV9HThuVJezzktJdpntRDnAPUqjc8IwByGpMleIQcPuBUseRRPr_OsroOJ6eTl5DuFCmBOKb-eNNw5v-GEcVYr1w7X9oXoA.0frdIwx8P8UAzh1s9_PgOA.RAzILH0xfs0yxzML1CzzGExCfE2_wzWKs0FVuXfM8R5H68yTqTbqIqRCp2feAH5GSvluzmztk2_CkGNSjAyoaw.4nMUXOgmgWvM-08tIZ-h5w',
|
||||
json: {
|
||||
recipients: [
|
||||
{
|
||||
encrypted_key: 'fL5IL5cMCjjU9G9_ZjsD2XO0HIwTOwbVwulcZVw31_rx2qTcHzbYhIvrvbcVLTfJzn8xbQ3UEL442ZgZ1PcFYKENYePXiEyvYxPN8dmvj_OfLSJDEqR6kvwOb6nghGtxfzdB_VRvFt2eehbCA3gWpiOYHHvSTFdBPGx2KZHQisLz3oZR8EWiZ1woEpHy8a7FoQ2zzuDlZEJQOUrh09b_EJxmcE2jL6wmEtgabyxy3VgWg3GqSPUISlJZV9HThuVJezzktJdpntRDnAPUqjc8IwByGpMleIQcPuBUseRRPr_OsroOJ6eTl5DuFCmBOKb-eNNw5v-GEcVYr1w7X9oXoA'
|
||||
}
|
||||
],
|
||||
protected: 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0',
|
||||
iv: '0frdIwx8P8UAzh1s9_PgOA',
|
||||
ciphertext: 'RAzILH0xfs0yxzML1CzzGExCfE2_wzWKs0FVuXfM8R5H68yTqTbqIqRCp2feAH5GSvluzmztk2_CkGNSjAyoaw',
|
||||
tag: '4nMUXOgmgWvM-08tIZ-h5w'
|
||||
},
|
||||
json_flat: {
|
||||
protected: 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0',
|
||||
encrypted_key: 'fL5IL5cMCjjU9G9_ZjsD2XO0HIwTOwbVwulcZVw31_rx2qTcHzbYhIvrvbcVLTfJzn8xbQ3UEL442ZgZ1PcFYKENYePXiEyvYxPN8dmvj_OfLSJDEqR6kvwOb6nghGtxfzdB_VRvFt2eehbCA3gWpiOYHHvSTFdBPGx2KZHQisLz3oZR8EWiZ1woEpHy8a7FoQ2zzuDlZEJQOUrh09b_EJxmcE2jL6wmEtgabyxy3VgWg3GqSPUISlJZV9HThuVJezzktJdpntRDnAPUqjc8IwByGpMleIQcPuBUseRRPr_OsroOJ6eTl5DuFCmBOKb-eNNw5v-GEcVYr1w7X9oXoA',
|
||||
iv: '0frdIwx8P8UAzh1s9_PgOA',
|
||||
ciphertext: 'RAzILH0xfs0yxzML1CzzGExCfE2_wzWKs0FVuXfM8R5H68yTqTbqIqRCp2feAH5GSvluzmztk2_CkGNSjAyoaw',
|
||||
tag: '4nMUXOgmgWvM-08tIZ-h5w'
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Reference in a new issue