|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
|
4
|
|
|
|
|
5
|
|
|
/* |
|
6
|
|
|
* The MIT License (MIT) |
|
7
|
|
|
* |
|
8
|
|
|
* Copyright (c) 2014-2017 Spomky-Labs |
|
9
|
|
|
* |
|
10
|
|
|
* This software may be modified and distributed under the terms |
|
11
|
|
|
* of the MIT license. See the LICENSE file for details. |
|
12
|
|
|
*/ |
|
13
|
|
|
|
|
14
|
|
|
namespace Jose\Component\Encryption\Tests\RFC7520; |
|
15
|
|
|
|
|
16
|
|
|
use Base64Url\Base64Url; |
|
17
|
|
|
use Jose\Component\Core\JWAManager; |
|
18
|
|
|
use Jose\Component\Core\JWK; |
|
19
|
|
|
use Jose\Component\Encryption\Algorithm\ContentEncryption\A128GCM; |
|
20
|
|
|
use Jose\Component\Encryption\Algorithm\KeyEncryption\A128KW; |
|
21
|
|
|
use Jose\Component\Encryption\Compression\CompressionManager; |
|
22
|
|
|
use Jose\Component\Encryption\Compression\Deflate; |
|
23
|
|
|
use Jose\Component\Encryption\Decrypter; |
|
24
|
|
|
use Jose\Component\Encryption\JWEBuilder; |
|
25
|
|
|
use Jose\Component\Encryption\JWELoader; |
|
26
|
|
|
use PHPUnit\Framework\TestCase; |
|
27
|
|
|
|
|
28
|
|
|
/** |
|
29
|
|
|
* @see https://tools.ietf.org/html/rfc7520#section-5.12 |
|
30
|
|
|
* |
|
31
|
|
|
* @group RFC7520 |
|
32
|
|
|
*/ |
|
33
|
|
|
final class A128KWAndA128GCMEncryptionProtectedContentOnlyTest extends TestCase |
|
34
|
|
|
{ |
|
35
|
|
|
/** |
|
36
|
|
|
* Please note that we cannot the encryption and get the same result as the example (IV, TAG and other data are always different). |
|
37
|
|
|
* The output given in the RFC is used and only decrypted. |
|
38
|
|
|
*/ |
|
39
|
|
|
public function testA128KWAndA128GCMEncryptionProtectedContentOnly() |
|
40
|
|
|
{ |
|
41
|
|
|
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo."; |
|
42
|
|
|
|
|
43
|
|
|
$private_key = JWK::create([ |
|
44
|
|
|
'kty' => 'oct', |
|
45
|
|
|
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8', |
|
46
|
|
|
'use' => 'enc', |
|
47
|
|
|
'alg' => 'A128KW', |
|
48
|
|
|
'k' => 'GZy6sIZ6wl9NJOKB-jnmVQ', |
|
49
|
|
|
]); |
|
50
|
|
|
|
|
51
|
|
|
$protected_headers = [ |
|
52
|
|
|
]; |
|
53
|
|
|
|
|
54
|
|
|
$headers = [ |
|
55
|
|
|
'enc' => 'A128GCM', |
|
56
|
|
|
'alg' => 'A128KW', |
|
57
|
|
|
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8', |
|
58
|
|
|
]; |
|
59
|
|
|
|
|
60
|
|
|
$expected_flattened_json = '{"unprotected":{"alg":"A128KW","kid":"81b20965-8332-43d9-a468-82160ad91ac8","enc":"A128GCM"},"encrypted_key":"244YHfO_W7RMpQW81UjQrZcq5LSyqiPv","iv":"YihBoVOGsR1l7jCD","ciphertext":"qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHFSP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDsRPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDfrb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4-8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF","tag":"e2m0Vm7JvjK2VpCKXS-kyg"}'; |
|
61
|
|
|
$expected_json = '{"recipients":[{"encrypted_key":"244YHfO_W7RMpQW81UjQrZcq5LSyqiPv"}],"unprotected":{"alg":"A128KW","kid":"81b20965-8332-43d9-a468-82160ad91ac8","enc":"A128GCM"},"iv":"YihBoVOGsR1l7jCD","ciphertext":"qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHFSP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDsRPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDfrb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4-8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF","tag":"e2m0Vm7JvjK2VpCKXS-kyg"}'; |
|
62
|
|
|
$expected_iv = 'YihBoVOGsR1l7jCD'; |
|
63
|
|
|
$expected_encrypted_key = '244YHfO_W7RMpQW81UjQrZcq5LSyqiPv'; |
|
64
|
|
|
$expected_ciphertext = 'qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHFSP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDsRPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDfrb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4-8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF'; |
|
65
|
|
|
$expected_tag = 'e2m0Vm7JvjK2VpCKXS-kyg'; |
|
66
|
|
|
|
|
67
|
|
|
$keyEncryptionAlgorithmManager = JWAManager::create([new A128KW()]); |
|
68
|
|
|
$contentEncryptionAlgorithmManager = JWAManager::create([new A128GCM()]); |
|
69
|
|
|
$compressionManager = CompressionManager::create([new Deflate()]); |
|
70
|
|
|
$decrypter = new Decrypter($keyEncryptionAlgorithmManager, $contentEncryptionAlgorithmManager, $compressionManager); |
|
71
|
|
|
|
|
72
|
|
|
$loaded_flattened_json = JWELoader::load($expected_flattened_json); |
|
73
|
|
|
$loaded_flattened_json = $decrypter->decryptUsingKey($loaded_flattened_json, $private_key); |
|
74
|
|
|
|
|
75
|
|
|
$loaded_json = JWELoader::load($expected_json); |
|
76
|
|
|
$loaded_json = $decrypter->decryptUsingKey($loaded_json, $private_key); |
|
77
|
|
|
|
|
78
|
|
|
$this->assertEquals($expected_ciphertext, Base64Url::encode($loaded_flattened_json->getCiphertext())); |
|
79
|
|
|
$this->assertEquals($protected_headers, $loaded_flattened_json->getSharedProtectedHeaders()); |
|
80
|
|
|
$this->assertEquals($expected_iv, Base64Url::encode($loaded_flattened_json->getIV())); |
|
81
|
|
|
$this->assertEquals($expected_encrypted_key, Base64Url::encode($loaded_flattened_json->getRecipient(0)->getEncryptedKey())); |
|
82
|
|
|
$this->assertEquals($headers, $loaded_flattened_json->getSharedHeaders()); |
|
83
|
|
|
$this->assertEquals($expected_tag, Base64Url::encode($loaded_flattened_json->getTag())); |
|
84
|
|
|
|
|
85
|
|
|
$this->assertEquals($expected_ciphertext, Base64Url::encode($loaded_json->getCiphertext())); |
|
86
|
|
|
$this->assertEquals($protected_headers, $loaded_json->getSharedProtectedHeaders()); |
|
87
|
|
|
$this->assertEquals($expected_iv, Base64Url::encode($loaded_json->getIV())); |
|
88
|
|
|
$this->assertEquals($expected_encrypted_key, Base64Url::encode($loaded_json->getRecipient(0)->getEncryptedKey())); |
|
89
|
|
|
$this->assertEquals($headers, $loaded_json->getSharedHeaders()); |
|
90
|
|
|
$this->assertEquals($expected_tag, Base64Url::encode($loaded_json->getTag())); |
|
91
|
|
|
|
|
92
|
|
|
$this->assertEquals($expected_payload, $loaded_flattened_json->getPayload()); |
|
93
|
|
|
$this->assertEquals($expected_payload, $loaded_json->getPayload()); |
|
94
|
|
|
} |
|
95
|
|
|
|
|
96
|
|
|
/** |
|
97
|
|
|
* Same input as before, but we perform the encryption first. |
|
98
|
|
|
*/ |
|
99
|
|
|
public function testA128KWAndA128GCMEncryptionProtectedContentOnlyBis() |
|
100
|
|
|
{ |
|
101
|
|
|
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo."; |
|
102
|
|
|
|
|
103
|
|
|
$private_key = JWK::create([ |
|
104
|
|
|
'kty' => 'oct', |
|
105
|
|
|
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8', |
|
106
|
|
|
'use' => 'enc', |
|
107
|
|
|
'alg' => 'A128KW', |
|
108
|
|
|
'k' => 'GZy6sIZ6wl9NJOKB-jnmVQ', |
|
109
|
|
|
]); |
|
110
|
|
|
|
|
111
|
|
|
$protected_headers = [ |
|
112
|
|
|
]; |
|
113
|
|
|
|
|
114
|
|
|
$headers = [ |
|
115
|
|
|
'enc' => 'A128GCM', |
|
116
|
|
|
'alg' => 'A128KW', |
|
117
|
|
|
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8', |
|
118
|
|
|
]; |
|
119
|
|
|
|
|
120
|
|
|
$keyEncryptionAlgorithmManager = JWAManager::create([new A128KW()]); |
|
121
|
|
|
$contentEncryptionAlgorithmManager = JWAManager::create([new A128GCM()]); |
|
122
|
|
|
$compressionManager = CompressionManager::create([new Deflate()]); |
|
123
|
|
|
$jweBuilder = new JWEBuilder($keyEncryptionAlgorithmManager, $contentEncryptionAlgorithmManager, $compressionManager); |
|
124
|
|
|
$decrypter = new Decrypter($keyEncryptionAlgorithmManager, $contentEncryptionAlgorithmManager, $compressionManager); |
|
125
|
|
|
|
|
126
|
|
|
$jwe = $jweBuilder |
|
127
|
|
|
->withPayload($expected_payload) |
|
128
|
|
|
->withSharedProtectedHeaders($protected_headers) |
|
129
|
|
|
->withSharedHeaders($headers) |
|
130
|
|
|
->addRecipient($private_key) |
|
131
|
|
|
->build(); |
|
132
|
|
|
|
|
133
|
|
|
$loaded_flattened_json = JWELoader::load($jwe->toFlattenedJSON(0)); |
|
134
|
|
|
$loaded_flattened_json = $decrypter->decryptUsingKey($loaded_flattened_json, $private_key); |
|
135
|
|
|
|
|
136
|
|
|
$loaded_json = JWELoader::load($jwe->toJSON()); |
|
137
|
|
|
$loaded_json = $decrypter->decryptUsingKey($loaded_json, $private_key); |
|
138
|
|
|
|
|
139
|
|
|
$this->assertEquals($protected_headers, $loaded_flattened_json->getSharedProtectedHeaders()); |
|
140
|
|
|
$this->assertEquals($headers, $loaded_flattened_json->getSharedHeaders()); |
|
141
|
|
|
|
|
142
|
|
|
$this->assertEquals($protected_headers, $loaded_json->getSharedProtectedHeaders()); |
|
143
|
|
|
$this->assertEquals($headers, $loaded_json->getSharedHeaders()); |
|
144
|
|
|
|
|
145
|
|
|
$this->assertEquals($expected_payload, $loaded_flattened_json->getPayload()); |
|
146
|
|
|
$this->assertEquals($expected_payload, $loaded_json->getPayload()); |
|
147
|
|
|
} |
|
148
|
|
|
} |
|
149
|
|
|
|
Spomky-Labs /
jose
