1
0

jose-jwe-enc 2.6 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586
  1. #!/bin/sh -ex
  2. WRAP=`jose alg -k wrap`
  3. ENCR=`jose alg -k encr`
  4. tmpdir=`mktemp -d 2>/dev/null || mktemp -d -t jose`
  5. onexit() {
  6. rm -rf $tmpdir
  7. }
  8. trap onexit EXIT
  9. jwk=$tmpdir/jwk
  10. jwe=$tmpdir/jwe
  11. jqopt() {
  12. if ! command -v jq >/dev/null 2>&1; then
  13. echo "$3"
  14. else
  15. jq -r "if $2 | type | . = \"string\" then $2 else error(\"\") end" < $1
  16. fi
  17. }
  18. jqbopt() {
  19. if ! command -v jq >/dev/null 2>&1; then
  20. echo "$4"
  21. else
  22. jq -r "if $2 | type | . = \"string\" then $2 else error(\"\") end" < $1 \
  23. | jose b64 dec -i- \
  24. | jq -r "if $3 | type | . = \"string\" then $3 else error(\"\") end"
  25. fi
  26. }
  27. for msg in "hi" "this is a longer message that is more than one block"; do
  28. for w in $WRAP; do
  29. [ $w = "dir" ] && continue
  30. jose jwk gen -i "{\"alg\":\"$w\"}" -o $jwk
  31. printf '%s' "$msg" | jose jwe enc -I- -k $jwk -o $jwe
  32. [ "`jqopt $jwe .header.alg $w`" = "$w" ]
  33. [ "`jose jwe dec -i $jwe -k $jwk -O-`" = "$msg" ]
  34. for e in $ENCR; do
  35. printf '%s' "$msg" | jose jwe enc \
  36. -i "{\"protected\":{\"enc\":\"$e\"}}" -I- \
  37. -k $jwk -o $jwe
  38. [ "`jqopt $jwe .header.alg $w`" = "$w" ]
  39. [ "`jqbopt $jwe .protected .enc $e`" = "$e" ]
  40. [ "`jose jwe dec -i $jwe -k $jwk -O-`" = "$msg" ]
  41. done
  42. done
  43. for e in $ENCR; do
  44. jose jwk gen -i "{\"alg\":\"$e\"}" -o $jwk
  45. printf '%s' "$msg" | jose jwe enc \
  46. -i "{\"protected\":{\"alg\":\"dir\"}}" -I- \
  47. -k $jwk -o $jwe
  48. [ "`jqbopt $jwe .protected .alg dir`" = "dir" ]
  49. [ "`jqbopt $jwe .protected .enc $e`" = "$e" ]
  50. [ "`jose jwe dec -i $jwe -k $jwk -O-`" = "$msg" ]
  51. printf '%s' "$msg" | jose jwe enc -I- -k $jwk -o $jwe
  52. [ "`jqopt $jwe .header.alg dir`" = "dir" ]
  53. [ "`jqbopt $jwe .protected .enc $e`" = "$e" ]
  54. [ "`jose jwe dec -i $jwe -k $jwk -O-`" = "$msg" ]
  55. done
  56. for tmpl in '{"kty":"oct","bytes":32}' '{"kty":"RSA","bits":2048}' '{"kty":"EC","crv":"P-256"}'; do
  57. jose jwk gen -i "$tmpl" -o $jwk
  58. printf '%s' "$msg" | jose jwe enc -I- -k $jwk -o $jwe
  59. [ "`jose jwe dec -i $jwe -k $jwk -O-`" = "$msg" ]
  60. done
  61. # "zip": "DEF"
  62. tmpl='{"kty":"oct","bytes":32}'
  63. for enc in A128CBC-HS256 A192CBC-HS384 A256CBC-HS512 A128GCM A192GCM A256GCM; do
  64. jose jwk gen -i "${tmpl}" -o "${jwk}"
  65. zip="$(printf '{"alg":"A128KW","enc":"%s","zip":"DEF"}' "${enc}")"
  66. printf '%s' "${msg}" | jose jwe enc -i "${zip}" -I- -k "${jwk}" -o "${jwe}"
  67. [ "$(jose jwe dec -i "${jwe}" -k "${jwk}" -O-)" = "${msg}" ]
  68. done
  69. done