opaque_test.go

Documentation: gopkg.in/square/go-jose.v2

     1  /*-
     2   * Copyright 2018 Square Inc.
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   */
    16  
    17  package jose
    18  
    19  import (
    20  	"fmt"
    21  	"testing"
    22  )
    23  
    24  type signWrapper struct {
    25  	pk      *JSONWebKey
    26  	wrapped payloadSigner
    27  	algs    []SignatureAlgorithm
    28  }
    29  
    30  var _ = OpaqueSigner(&signWrapper{})
    31  
    32  func (sw *signWrapper) Algs() []SignatureAlgorithm {
    33  	return sw.algs
    34  }
    35  
    36  func (sw *signWrapper) Public() *JSONWebKey {
    37  	return sw.pk
    38  }
    39  
    40  func (sw *signWrapper) SignPayload(payload []byte, alg SignatureAlgorithm) ([]byte, error) {
    41  	sig, err := sw.wrapped.signPayload(payload, alg)
    42  	if err != nil {
    43  		return nil, err
    44  	}
    45  	return sig.Signature, nil
    46  }
    47  
    48  type verifyWrapper struct {
    49  	wrapped []payloadVerifier
    50  }
    51  
    52  var _ = OpaqueVerifier(&verifyWrapper{})
    53  
    54  func (vw *verifyWrapper) VerifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error {
    55  	if len(vw.wrapped) == 0 {
    56  		return fmt.Errorf("error: verifier had no keys")
    57  	}
    58  	var err error
    59  	for _, v := range vw.wrapped {
    60  		err = v.verifyPayload(payload, signature, alg)
    61  		if err == nil {
    62  			return nil
    63  		}
    64  	}
    65  	return err
    66  }
    67  
    68  type keyEncryptWrapper struct {
    69  	kid     string
    70  	wrapped keyEncrypter
    71  	algs    []KeyAlgorithm
    72  }
    73  
    74  var _ = OpaqueKeyEncrypter(&keyEncryptWrapper{})
    75  
    76  func (kew *keyEncryptWrapper) KeyID() string {
    77  	return kew.kid
    78  }
    79  
    80  func (kew *keyEncryptWrapper) Algs() []KeyAlgorithm {
    81  	return kew.algs
    82  }
    83  
    84  func (kew *keyEncryptWrapper) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) {
    85  	info, err := kew.wrapped.encryptKey(cek, alg)
    86  	if err != nil {
    87  		return recipientInfo{}, err
    88  	}
    89  
    90  	return info, nil
    91  }
    92  
    93  type keyDecryptWrapper struct {
    94  	wrapped keyDecrypter
    95  }
    96  
    97  var _ = OpaqueKeyDecrypter(&keyDecryptWrapper{})
    98  
    99  func (kdw *keyDecryptWrapper) DecryptKey(encryptedKey []byte, header Header) ([]byte, error) {
   100  	rawHeader := rawHeader{}
   101  
   102  	err := rawHeader.set(headerKeyID, header.KeyID)
   103  	if err != nil {
   104  		return nil, err
   105  	}
   106  	err = rawHeader.set(headerAlgorithm, header.Algorithm)
   107  	if err != nil {
   108  		return nil, err
   109  	}
   110  	err = rawHeader.set(headerNonce, header.Nonce)
   111  	if err != nil {
   112  		return nil, err
   113  	}
   114  	err = rawHeader.set(headerJWK, header.JSONWebKey)
   115  	if err != nil {
   116  		return nil, err
   117  	}
   118  	for k, v := range header.ExtraHeaders {
   119  		err = rawHeader.set(k, v)
   120  		if err != nil {
   121  			return nil, err
   122  		}
   123  	}
   124  
   125  	recipient := &recipientInfo{
   126  		encryptedKey: encryptedKey,
   127  	}
   128  
   129  	var generator randomKeyGenerator
   130  	cipher := getContentCipher(rawHeader.getEncryption())
   131  	if cipher != nil {
   132  		generator = randomKeyGenerator{
   133  			size: cipher.keySize(),
   134  		}
   135  	}
   136  
   137  	return kdw.wrapped.decryptKey(rawHeader, recipient, generator)
   138  }
   139  
   140  func TestRoundtripsJWSOpaque(t *testing.T) {
   141  	sigAlgs := []SignatureAlgorithm{RS256, RS384, RS512, PS256, PS384, PS512, ES256, ES384, ES512, EdDSA}
   142  
   143  	serializers := []func(*JSONWebSignature) (string, error){
   144  		func(obj *JSONWebSignature) (string, error) { return obj.CompactSerialize() },
   145  		func(obj *JSONWebSignature) (string, error) { return obj.FullSerialize(), nil },
   146  	}
   147  
   148  	corrupter := func(obj *JSONWebSignature) {}
   149  
   150  	for _, alg := range sigAlgs {
   151  		signingKey, verificationKey := GenerateSigningTestKey(alg)
   152  
   153  		for i, serializer := range serializers {
   154  			sw := makeOpaqueSigner(t, signingKey, alg)
   155  			vw := makeOpaqueVerifier(t, []interface{}{verificationKey}, alg)
   156  
   157  			err := RoundtripJWS(alg, serializer, corrupter, sw, verificationKey, "test_nonce")
   158  			if err != nil {
   159  				t.Error(err, alg, i)
   160  			}
   161  
   162  			err = RoundtripJWS(alg, serializer, corrupter, signingKey, vw, "test_nonce")
   163  			if err != nil {
   164  				t.Error(err, alg, i)
   165  			}
   166  
   167  			err = RoundtripJWS(alg, serializer, corrupter, sw, vw, "test_nonce")
   168  			if err != nil {
   169  				t.Error(err, alg, i)
   170  			}
   171  		}
   172  	}
   173  }
   174  
   175  func makeOpaqueSigner(t *testing.T, signingKey interface{}, alg SignatureAlgorithm) *signWrapper {
   176  	ri, err := makeJWSRecipient(alg, signingKey)
   177  	if err != nil {
   178  		t.Fatal(err)
   179  	}
   180  	return &signWrapper{
   181  		wrapped: ri.signer,
   182  		algs:    []SignatureAlgorithm{alg},
   183  		pk:      &JSONWebKey{Key: ri.publicKey()},
   184  	}
   185  }
   186  
   187  func makeOpaqueVerifier(t *testing.T, verificationKey []interface{}, alg SignatureAlgorithm) *verifyWrapper {
   188  	var verifiers []payloadVerifier
   189  	for _, vk := range verificationKey {
   190  		verifier, err := newVerifier(vk)
   191  		if err != nil {
   192  			t.Fatal(err)
   193  		}
   194  		verifiers = append(verifiers, verifier)
   195  	}
   196  	return &verifyWrapper{wrapped: verifiers}
   197  }
   198  
   199  func makeOpaqueKeyEncrypter(t *testing.T, signingKey interface{}, alg KeyAlgorithm, kid string) *keyEncryptWrapper {
   200  	rki, err := makeJWERecipient(alg, signingKey)
   201  	if err != nil {
   202  		t.Fatal(err, alg)
   203  	}
   204  	return &keyEncryptWrapper{
   205  		wrapped: rki.keyEncrypter,
   206  		algs:    []KeyAlgorithm{alg},
   207  		kid:     kid,
   208  	}
   209  }
   210  
   211  func makeOpaqueKeyDecrypter(t *testing.T, decryptionKey interface{}, alg KeyAlgorithm) *keyDecryptWrapper {
   212  	kd, err := newDecrypter(decryptionKey)
   213  	if err != nil {
   214  		t.Fatal(err)
   215  	}
   216  
   217  	return &keyDecryptWrapper{
   218  		wrapped: kd,
   219  	}
   220  }
   221  
   222  func TestOpaqueSignerKeyRotation(t *testing.T) {
   223  
   224  	sigAlgs := []SignatureAlgorithm{RS256, RS384, RS512, PS256, PS384, PS512, ES256, ES384, ES512, EdDSA}
   225  
   226  	serializers := []func(*JSONWebSignature) (string, error){
   227  		func(obj *JSONWebSignature) (string, error) { return obj.CompactSerialize() },
   228  		func(obj *JSONWebSignature) (string, error) { return obj.FullSerialize(), nil },
   229  	}
   230  
   231  	for _, alg := range sigAlgs {
   232  		for i, serializer := range serializers {
   233  			sk1, pk1 := GenerateSigningTestKey(alg)
   234  			sk2, pk2 := GenerateSigningTestKey(alg)
   235  
   236  			sw := makeOpaqueSigner(t, sk1, alg)
   237  			sw.pk.KeyID = "first"
   238  			vw := makeOpaqueVerifier(t, []interface{}{pk1, pk2}, alg)
   239  
   240  			signer, err := NewSigner(
   241  				SigningKey{Algorithm: alg, Key: sw},
   242  				&SignerOptions{NonceSource: staticNonceSource("test_nonce")},
   243  			)
   244  			if err != nil {
   245  				t.Fatal(err, alg, i)
   246  			}
   247  
   248  			jws1, err := signer.Sign([]byte("foo bar baz"))
   249  			if err != nil {
   250  				t.Fatal(err, alg, i)
   251  			}
   252  			jws1 = rtSerialize(t, serializer, jws1, vw)
   253  			if kid := jws1.Signatures[0].Protected.KeyID; kid != "first" {
   254  				t.Errorf("expected kid %q but got %q", "first", kid)
   255  			}
   256  
   257  			swNext := makeOpaqueSigner(t, sk2, alg)
   258  			swNext.pk.KeyID = "next"
   259  			sw.wrapped = swNext.wrapped
   260  			sw.pk = swNext.pk
   261  
   262  			jws2, err := signer.Sign([]byte("foo bar baz next"))
   263  			if err != nil {
   264  				t.Error(err, alg, i)
   265  			}
   266  			jws2 = rtSerialize(t, serializer, jws2, vw)
   267  			if kid := jws2.Signatures[0].Protected.KeyID; kid != "next" {
   268  				t.Errorf("expected kid %q but got %q", "next", kid)
   269  			}
   270  		}
   271  	}
   272  }
   273  
   274  func rtSerialize(t *testing.T, serializer func(*JSONWebSignature) (string, error), sig *JSONWebSignature, vk interface{}) *JSONWebSignature {
   275  	b, err := serializer(sig)
   276  	if err != nil {
   277  		t.Fatal(err)
   278  	}
   279  	sig, err = ParseSigned(b)
   280  	if err != nil {
   281  		t.Fatal(err)
   282  	}
   283  	if _, err := sig.Verify(vk); err != nil {
   284  		t.Fatal(err)
   285  	}
   286  	return sig
   287  }
   288  
   289  func TestOpaqueKeyRoundtripJWE(t *testing.T) {
   290  	keyAlgs := []KeyAlgorithm{
   291  		ECDH_ES_A128KW, ECDH_ES_A192KW, ECDH_ES_A256KW, A128KW, A192KW, A256KW,
   292  		RSA1_5, RSA_OAEP, RSA_OAEP_256, A128GCMKW, A192GCMKW, A256GCMKW,
   293  		PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW,
   294  	}
   295  	encAlgs := []ContentEncryption{A128GCM, A192GCM, A256GCM, A128CBC_HS256, A192CBC_HS384, A256CBC_HS512}
   296  	kid := "test-kid"
   297  
   298  	serializers := []func(*JSONWebEncryption) (string, error){
   299  		func(obj *JSONWebEncryption) (string, error) { return obj.CompactSerialize() },
   300  		func(obj *JSONWebEncryption) (string, error) { return obj.FullSerialize(), nil },
   301  	}
   302  
   303  	for _, alg := range keyAlgs {
   304  		for _, enc := range encAlgs {
   305  			for _, testKey := range generateTestKeys(alg, enc) {
   306  				for _, serializer := range serializers {
   307  					kew := makeOpaqueKeyEncrypter(t, testKey.enc, alg, kid)
   308  					encrypter, err := NewEncrypter(
   309  						enc,
   310  						Recipient{
   311  							Algorithm: alg,
   312  							Key:       kew,
   313  						},
   314  						&EncrypterOptions{},
   315  					)
   316  					if err != nil {
   317  						t.Fatal(err, alg)
   318  					}
   319  
   320  					jwe, err := encrypter.Encrypt([]byte("foo bar"))
   321  					if err != nil {
   322  						t.Fatal(err, alg)
   323  					}
   324  
   325  					dw := makeOpaqueKeyDecrypter(t, testKey.dec, alg)
   326  					jwe = jweSerialize(t, serializer, jwe, dw)
   327  					if jwe.Header.KeyID != kid {
   328  						t.Errorf("expected jwe kid to equal %s but got %s", kid, jwe.Header.KeyID)
   329  					}
   330  
   331  					out, err := jwe.Decrypt(dw)
   332  					if err != nil {
   333  						t.Fatal(err, out)
   334  					}
   335  					if string(out) != "foo bar" {
   336  						t.Errorf("expected decrypted jwe to equal %s but got %s", "foo bar", string(out))
   337  					}
   338  				}
   339  			}
   340  		}
   341  	}
   342  }
   343  
   344  func jweSerialize(t *testing.T, serializer func(*JSONWebEncryption) (string, error), jwe *JSONWebEncryption, d OpaqueKeyDecrypter) *JSONWebEncryption {
   345  	b, err := serializer(jwe)
   346  	if err != nil {
   347  		t.Fatal(err)
   348  	}
   349  	jwe, err = ParseEncrypted(b)
   350  	if err != nil {
   351  		t.Fatal(err)
   352  	}
   353  	if _, err := jwe.Decrypt(d); err != nil {
   354  		t.Fatal(err)
   355  	}
   356  	return jwe
   357  }
   358
View as plain text