int
main(int argc, char *argv[])
{
json_auto_t *jwke = json_pack("{s:s}", "alg", "ECDH-ES+A128KW");
json_auto_t *jwkr = json_pack("{s:s}", "alg", "RSA1_5");
json_auto_t *jwko = json_pack("{s:s}", "alg", "A128KW");
json_auto_t *set0 = json_pack("{s:[O,O]}", "keys", jwke, jwko);
json_auto_t *set1 = json_pack("{s:[O,O]}", "keys", jwkr, jwko);
json_auto_t *set2 = json_pack("{s:[O,O]}", "keys", jwke, jwkr);
json_auto_t *jwe = NULL;
assert(jose_jwk_gen(NULL, jwke));
assert(jose_jwk_gen(NULL, jwkr));
assert(jose_jwk_gen(NULL, jwko));
json_decref(jwe);
assert((jwe = json_object()));
assert(jose_jwe_enc(NULL, jwe, NULL, jwke, "foo", 4));
assert(dec(jwe, jwke));
assert(!dec(jwe, jwkr));
assert(!dec(jwe, jwko));
assert(dec(jwe, set0));
assert(!dec(jwe, set1));
assert(dec(jwe, set2));
json_decref(jwe);
assert((jwe = json_object()));
assert(jose_jwe_enc(NULL, jwe, NULL, jwkr, "foo", 4));
assert(!dec(jwe, jwke));
assert(dec(jwe, jwkr));
assert(!dec(jwe, jwko));
assert(!dec(jwe, set0));
assert(dec(jwe, set1));
assert(dec(jwe, set2));
json_decref(jwe);
assert((jwe = json_object()));
assert(jose_jwe_enc(NULL, jwe, NULL, jwko, "foo", 4));
assert(!dec(jwe, jwke));
assert(!dec(jwe, jwkr));
assert(dec(jwe, jwko));
assert(dec(jwe, set0));
assert(dec(jwe, set1));
assert(!dec(jwe, set2));
json_decref(jwe);
assert((jwe = json_object()));
assert(jose_jwe_enc(NULL, jwe, NULL, set0, "foo", 4));
assert(dec(jwe, jwke));
assert(!dec(jwe, jwkr));
assert(dec(jwe, jwko));
assert(dec(jwe, set0));
assert(dec(jwe, set1));
assert(dec(jwe, set2));
return EXIT_SUCCESS;
}
static bool
alg_wrap_wrp(const jose_hook_alg_t *alg, jose_cfg_t *cfg, json_t *jwe,
json_t *rcp, const json_t *jwk, json_t *cek)
{
const jose_hook_alg_t *ecdh = NULL;
json_auto_t *exc = NULL;
json_auto_t *hdr = NULL;
json_auto_t *epk = NULL;
json_auto_t *der = NULL;
const char *wrap = NULL;
json_t *h = NULL;
if (json_object_get(cek, "k")) {
if (strcmp(alg->name, "ECDH-ES") == 0)
return false;
} else if (!jose_jwk_gen(cfg, cek)) {
return false;
}
hdr = jose_jwe_hdr(jwe, rcp);
if (!hdr)
return false;
h = json_object_get(rcp, "header");
if (!h && json_object_set_new(rcp, "header", h = json_object()) == -1)
return false;
epk = json_pack("{s:s,s:O}", "kty", "EC", "crv",
json_object_get(jwk, "crv"));
if (!epk)
return false;
if (!jose_jwk_gen(cfg, epk))
return false;
ecdh = jose_hook_alg_find(JOSE_HOOK_ALG_KIND_EXCH, "ECDH");
if (!ecdh)
return false;
exc = ecdh->exch.exc(ecdh, cfg, epk, jwk);
if (!exc)
return false;
if (!jose_jwk_pub(cfg, epk))
return false;
if (json_object_set(h, "epk", epk) == -1)
return false;
der = derive(alg, cfg, hdr, cek, exc);
if (!der)
return false;
wrap = strchr(alg->name, '+');
if (wrap) {
const jose_hook_alg_t *kw = NULL;
kw = jose_hook_alg_find(JOSE_HOOK_ALG_KIND_WRAP, &wrap[1]);
if (!kw)
return false;
return kw->wrap.wrp(kw, cfg, jwe, rcp, der, cek);
}
if (json_object_update(cek, der) < 0)
return false;
return add_entity(jwe, rcp, "recipients", "header", "encrypted_key", NULL);
}
static bool
alg_wrap_wrp(const jose_hook_alg_t *alg, jose_cfg_t *cfg, json_t *jwe,
json_t *rcp, const json_t *jwk, json_t *cek)
{
openssl_auto(EVP_PKEY_CTX) *epc = NULL;
openssl_auto(EVP_PKEY) *key = NULL;
const EVP_MD *md = NULL;
const RSA *rsa = NULL;
uint8_t *pt = NULL;
uint8_t *ct = NULL;
bool ret = false;
size_t ptl = 0;
size_t ctl = 0;
int tmp = 0;
int pad = 0;
if (!json_object_get(cek, "k") && !jose_jwk_gen(cfg, cek))
return false;
switch (str2enum(alg->name, NAMES, NULL)) {
case 0: pad = RSA_PKCS1_PADDING; tmp = 11; md = EVP_sha1(); break;
case 1: pad = RSA_PKCS1_OAEP_PADDING; tmp = 41; md = EVP_sha1(); break;
case 2: pad = RSA_PKCS1_OAEP_PADDING; tmp = 41; md = EVP_sha256(); break;
default: return false;
}
key = jose_openssl_jwk_to_EVP_PKEY(cfg, jwk);
if (!key || EVP_PKEY_base_id(key) != EVP_PKEY_RSA)
return false;
ptl = jose_b64_dec(json_object_get(cek, "k"), NULL, 0);
if (ptl == SIZE_MAX)
return false;
rsa = EVP_PKEY_get0_RSA(key);
if (!rsa)
return false;
if ((int) ptl >= RSA_size(rsa) - tmp)
return false;
epc = EVP_PKEY_CTX_new(key, NULL);
if (!epc)
return false;
if (EVP_PKEY_encrypt_init(epc) <= 0)
return false;
if (EVP_PKEY_CTX_set_rsa_padding(epc, pad) <= 0)
return false;
if (pad == RSA_PKCS1_OAEP_PADDING) {
if (EVP_PKEY_CTX_set_rsa_oaep_md(epc, md) <= 0)
return false;
if (EVP_PKEY_CTX_set_rsa_mgf1_md(epc, md) <= 0)
return false;
}
pt = malloc(ptl);
if (!pt)
return false;
if (jose_b64_dec(json_object_get(cek, "k"), pt, ptl) != ptl)
goto egress;
if (EVP_PKEY_encrypt(epc, NULL, &ctl, pt, ptl) <= 0)
goto egress;
ct = malloc(ctl);
if (!ct)
goto egress;
if (EVP_PKEY_encrypt(epc, ct, &ctl, pt, ptl) <= 0)
goto egress;
if (json_object_set_new(rcp, "encrypted_key", jose_b64_enc(ct, ctl)) < 0)
goto egress;
ret = add_entity(jwe, rcp, "recipients", "header", "encrypted_key", NULL);
egress:
if (pt) {
OPENSSL_cleanse(pt, ptl);
free(pt);
}
free(ct);
return ret;
}
static bool
alg_wrap_wrp(const jose_hook_alg_t *alg, jose_cfg_t *cfg, json_t *jwe,
json_t *rcp, const json_t *jwk, json_t *cek)
{
const EVP_CIPHER *cph = NULL;
EVP_CIPHER_CTX *ecc = NULL;
bool ret = false;
size_t ptl = 0;
size_t ctl = 0;
int len = 0;
if (!json_object_get(cek, "k") && !jose_jwk_gen(cfg, cek))
return false;
switch (str2enum(alg->name, NAMES, NULL)) {
case 0: cph = EVP_aes_128_wrap(); break;
case 1: cph = EVP_aes_192_wrap(); break;
case 2: cph = EVP_aes_256_wrap(); break;
default: return false;
}
uint8_t ky[EVP_CIPHER_key_length(cph)];
uint8_t iv[EVP_CIPHER_iv_length(cph)];
uint8_t pt[KEYMAX];
uint8_t ct[sizeof(pt) + EVP_CIPHER_block_size(cph) * 2];
memset(iv, 0xA6, EVP_CIPHER_iv_length(cph));
if (jose_b64_dec(json_object_get(jwk, "k"), NULL, 0) != sizeof(ky))
goto egress;
if (jose_b64_dec(json_object_get(jwk, "k"), ky, sizeof(ky)) != sizeof(ky))
goto egress;
ptl = jose_b64_dec(json_object_get(cek, "k"), NULL, 0);
if (ptl > sizeof(pt))
goto egress;
if (jose_b64_dec(json_object_get(cek, "k"), pt, ptl) != ptl)
goto egress;
ecc = EVP_CIPHER_CTX_new();
if (!ecc)
goto egress;
EVP_CIPHER_CTX_set_flags(ecc, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
if (EVP_EncryptInit_ex(ecc, cph, NULL, ky, iv) <= 0)
goto egress;
if (EVP_EncryptUpdate(ecc, ct, &len, pt, ptl) <= 0)
goto egress;
ctl = len;
if (EVP_EncryptFinal(ecc, &ct[len], &len) <= 0)
goto egress;
ctl += len;
if (json_object_set_new(rcp, "encrypted_key", jose_b64_enc(ct, ctl)) < 0)
goto egress;
ret = add_entity(jwe, rcp, "recipients", "header", "encrypted_key", NULL);
egress:
OPENSSL_cleanse(ky, sizeof(ky));
OPENSSL_cleanse(pt, sizeof(pt));
EVP_CIPHER_CTX_free(ecc);
return ret;
}
