From 7d0f5566dff5258f4babb1e843715fcec3b03cbe Mon Sep 17 00:00:00 2001 From: Phil Sorber Date: Mon, 14 Nov 2016 14:50:58 +0900 Subject: [PATCH] Build: Add clang-format support (#37) * Add .clang-format * Run clang-format * Adds a basic clang-format target * Add CONTIBUTING.md and update README.md and AUTHORS. --- .clang-format | 90 ++++ AUTHORS | 2 + CONTRIBUTING.md | 8 + Makefile.am | 3 + Makefile.in | 3 + README.md | 8 + include/cjose/base64.h | 4 +- include/cjose/cjose.h | 2 +- include/cjose/error.h | 57 ++- include/cjose/header.h | 31 +- include/cjose/jwe.h | 40 +- include/cjose/jwk.h | 107 ++--- include/cjose/jws.h | 49 +-- include/cjose/util.h | 33 +- src/base64.c | 120 +++--- src/error.c | 10 +- src/header.c | 27 +- src/include/jwe_int.h | 56 +-- src/include/jwk_int.h | 37 +- src/include/jws_int.h | 47 +-- src/jwe.c | 501 ++++++++--------------- src/jwk.c | 584 ++++++++++++-------------- src/jws.c | 364 ++++++----------- src/util.c | 128 ++---- src/version.c | 17 +- test/check_cjose.c | 4 +- test/check_cjose.h | 16 +- test/check_header.c | 10 +- test/check_jwe.c | 901 ++++++++++++++++++++--------------------- test/check_jwk.c | 513 ++++++++++++----------- test/check_jws.c | 795 ++++++++++++++++++------------------ test/check_util.c | 24 +- test/check_version.c | 8 +- 33 files changed, 2056 insertions(+), 2543 deletions(-) create mode 100644 .clang-format create mode 100644 CONTRIBUTING.md diff --git a/.clang-format b/.clang-format new file mode 100644 index 0000000..53dfb72 --- /dev/null +++ b/.clang-format @@ -0,0 +1,90 @@ +--- +Language: Cpp +# BasedOnStyle: GNU +AccessModifierOffset: -2 +AlignAfterOpenBracket: Align +AlignConsecutiveAssignments: false +AlignConsecutiveDeclarations: false +AlignEscapedNewlinesLeft: true +AlignOperands: true +AlignTrailingComments: true +AllowAllParametersOfDeclarationOnNextLine: true +AllowShortBlocksOnASingleLine: false +AllowShortCaseLabelsOnASingleLine: false +AllowShortFunctionsOnASingleLine: All +AllowShortIfStatementsOnASingleLine: false +AllowShortLoopsOnASingleLine: false +AlwaysBreakAfterDefinitionReturnType: None +AlwaysBreakAfterReturnType: None +AlwaysBreakBeforeMultilineStrings: false +AlwaysBreakTemplateDeclarations: false +BinPackArguments: true +BinPackParameters: false +BraceWrapping: + AfterClass: true + AfterControlStatement: true + AfterEnum: true + AfterFunction: true + AfterNamespace: true + AfterObjCDeclaration: true + AfterStruct: true + AfterUnion: true + BeforeCatch: true + BeforeElse: true + IndentBraces: false +BreakBeforeBinaryOperators: All +BreakBeforeBraces: Custom +BreakBeforeTernaryOperators: true +BreakConstructorInitializersBeforeComma: false +ColumnLimit: 132 +CommentPragmas: '^ IWYU pragma:' +ConstructorInitializerAllOnOneLineOrOnePerLine: false +ConstructorInitializerIndentWidth: 4 +ContinuationIndentWidth: 4 +Cpp11BracedListStyle: false +DerivePointerAlignment: false +DisableFormat: false +ExperimentalAutoDetectBinPacking: false +ForEachMacros: [ foreach, Q_FOREACH, BOOST_FOREACH ] +IncludeCategories: + - Regex: '^"(llvm|llvm-c|clang|clang-c)/' + Priority: 2 + - Regex: '^(<|"(gtest|isl|json)/)' + Priority: 3 + - Regex: '.*' + Priority: 1 +IndentCaseLabels: false +IndentWidth: 4 +IndentWrappedFunctionNames: false +KeepEmptyLinesAtTheStartOfBlocks: true +MacroBlockBegin: '' +MacroBlockEnd: '' +MaxEmptyLinesToKeep: 1 +NamespaceIndentation: None +ObjCBlockIndentWidth: 2 +ObjCSpaceAfterProperty: false +ObjCSpaceBeforeProtocolList: true +PenaltyBreakBeforeFirstCallParameter: 19 +PenaltyBreakComment: 300 +PenaltyBreakFirstLessLess: 120 +PenaltyBreakString: 1000 +PenaltyExcessCharacter: 1000000 +PenaltyReturnTypeOnItsOwnLine: 60 +PointerAlignment: Right +ReflowComments: true +SortIncludes: false +SpaceAfterCStyleCast: false +SpaceBeforeAssignmentOperators: true +SpaceBeforeParens: ControlStatements +SpaceInEmptyParentheses: false +SpacesBeforeTrailingComments: 1 +SpacesInAngles: false +SpacesInContainerLiterals: true +SpacesInCStyleCastParentheses: false +SpacesInParentheses: false +SpacesInSquareBrackets: false +Standard: Cpp03 +TabWidth: 8 +UseTab: Never +... + diff --git a/AUTHORS b/AUTHORS index c352cd3..1b8f5af 100644 --- a/AUTHORS +++ b/AUTHORS @@ -2,6 +2,8 @@ # Listed alphabetically by surname Andrew Biggs +Leif Hedström Matthew A. Miller +Phil Sorber Andy Wang Hans Zandbelt diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..bbcf9cc --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,8 @@ +# Contributing # + +## Before Submitting PR ## + +* Run `make clang-format` +* Run `make test` + +*NOTE* You must use clang-format 3.9.0. You can download binaries from [here](https://bintray.com/apache/trafficserver/clang-format-tools). diff --git a/Makefile.am b/Makefile.am index 2a4a562..e32f3d5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -23,3 +23,6 @@ package-prepare : dist package-local : package-prepare @echo packages built + +clang-format: + clang-format -i `find . -name *.[ch]` diff --git a/Makefile.in b/Makefile.in index 94da5b9..0fa1a79 100644 --- a/Makefile.in +++ b/Makefile.in @@ -903,6 +903,9 @@ package-prepare : dist package-local : package-prepare @echo packages built +clang-format: + clang-format -i `find . -name *.[ch]` + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/README.md b/README.md index 05af220..d452c38 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ Implementation of JOSE for C/C++ * libtool (>= 2.4) * Check (>= 0.9.4) - unit testing (e.g. check-devel) * Doxygen (>= 1.8) - documentation +* clang-format (= 3.9.0) ### Libraries ### @@ -86,3 +87,10 @@ This has been seen on Mac OSX 10.9 when openssl 1.0.1h or newer has been install This has been seen on Mac OSX 10.9 when Jansson has been installed via brew. A solution is to explicitly include the jansson directory in the configure command: ./configure --with-jansson=/usr/local/opt/jansson + +## Contributing ## + +### Before Submitting PR ### + +* Run `make clang-format` +* Run `make test` diff --git a/include/cjose/base64.h b/include/cjose/base64.h index 879a091..179e125 100644 --- a/include/cjose/base64.h +++ b/include/cjose/base64.h @@ -22,8 +22,7 @@ #include "cjose/error.h" #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif /** @@ -80,7 +79,6 @@ bool cjose_base64_decode(const char *input, const size_t inlen, uint8_t **output */ bool cjose_base64url_decode(const char *input, const size_t inlen, uint8_t **output, size_t *outlen, cjose_err *err); - #ifdef __cplusplus } #endif diff --git a/include/cjose/cjose.h b/include/cjose/cjose.h index 2744c44..79bcd53 100644 --- a/include/cjose/cjose.h +++ b/include/cjose/cjose.h @@ -28,4 +28,4 @@ #include "jws.h" #include "util.h" -#endif // CJOSE_CJOSE_H +#endif // CJOSE_CJOSE_H diff --git a/include/cjose/error.h b/include/cjose/error.h index 0c35290..0efd7f3 100644 --- a/include/cjose/error.h +++ b/include/cjose/error.h @@ -12,11 +12,9 @@ #define CJOSE_ERROR_H #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif - /** * Temporarily disable compiler warnings, if possible (>=gcc-4.6). * @@ -26,23 +24,21 @@ extern "C" * specific points in the compilation. */ #if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) -# define GCC_END_IGNORED_WARNING _Pragma("GCC diagnostic pop") +#define GCC_END_IGNORED_WARNING _Pragma("GCC diagnostic pop") -# define GCC_BEGIN_IGNORED_WARNING_ADDRESS \ - _Pragma("GCC diagnostic push"); \ +#define GCC_BEGIN_IGNORED_WARNING_ADDRESS \ + _Pragma("GCC diagnostic push"); \ _Pragma("GCC diagnostic ignored \"-Waddress\"") -# define GCC_END_IGNORED_WARNING_ADDRESS GCC_END_IGNORED_WARNING +#define GCC_END_IGNORED_WARNING_ADDRESS GCC_END_IGNORED_WARNING #else -# define GCC_BEGIN_IGNORED_WARNING_ADDRESS -# define GCC_END_IGNORED_WARNING_ADDRESS +#define GCC_BEGIN_IGNORED_WARNING_ADDRESS +#define GCC_END_IGNORED_WARNING_ADDRESS #endif /* defined(__GNUC__) && (__GNUC__ > 3) && (__GNUC_MINOR__ > 5) */ - /** * Enumeration of defined error codes. */ -typedef enum -{ +typedef enum { /** No error */ CJOSE_ERR_NONE = 0, @@ -60,7 +56,6 @@ typedef enum } cjose_errcode; - /** * An instance of an error context. Unlike other structures, it * is the API user's responsibility to allocate the structure; however @@ -70,32 +65,30 @@ typedef enum typedef struct { /** The error code */ - cjose_errcode code; + cjose_errcode code; /** The human readable message for the error code */ - const char * message; + const char *message; /** The function where the error occured, or "" if it cannot be determined */ - const char * function; + const char *function; /** The file where the error occured */ - const char * file; + const char *file; /** The line number in the file where the error occured */ - unsigned long line; + unsigned long line; } cjose_err; - /** * Retrieves the error message for the given error code. * * \param code The error code to lookup * \retval const char * The message for {code} */ -const char * cjose_err_message(cjose_errcode code); - +const char *cjose_err_message(cjose_errcode code); /** * \def CJOSE_ERROR(err, code) @@ -105,20 +98,20 @@ const char * cjose_err_message(cjose_errcode code); * \param err The pointer to the error context, or NULL if none * \param errcode The error code */ -#define CJOSE_ERROR(err, errcode) \ - GCC_BEGIN_IGNORED_WARNING_ADDRESS \ - if ((err) != NULL && (errcode) != CJOSE_ERR_NONE) \ - { \ - (err)->code = (errcode); \ - (err)->message = cjose_err_message((errcode)); \ - (err)->function = __func__; \ - (err)->file = __FILE__; \ - (err)->line = __LINE__; \ - } \ +#define CJOSE_ERROR(err, errcode) \ + GCC_BEGIN_IGNORED_WARNING_ADDRESS \ + if ((err) != NULL && (errcode) != CJOSE_ERR_NONE) \ + { \ + (err)->code = (errcode); \ + (err)->message = cjose_err_message((errcode)); \ + (err)->function = __func__; \ + (err)->file = __FILE__; \ + (err)->line = __LINE__; \ + } \ GCC_END_IGNORED_WARNING_ADDRESS #ifdef __cplusplus } #endif -#endif /* CJOSE_ERROR_H */ +#endif /* CJOSE_ERROR_H */ diff --git a/include/cjose/header.h b/include/cjose/header.h index 5552d79..41ecc23 100644 --- a/include/cjose/header.h +++ b/include/cjose/header.h @@ -20,11 +20,9 @@ #include "cjose/error.h" #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif - /** The JWE algorithm header attribute name. */ extern const char *CJOSE_HDR_ALG; @@ -82,13 +80,11 @@ extern const char *CJOSE_HDR_ENC_A128CBC_HS256; extern const char *CJOSE_HDR_ENC_A192CBC_HS384; extern const char *CJOSE_HDR_ENC_A256CBC_HS512; - /** * An instance of a header object (used when creating JWE/JWS objects). */ typedef struct json_t cjose_header_t; - /** * Instsantiates a new header object. Caller is responsible for * subsequently releasing the object through cjose_header_release(). @@ -97,9 +93,7 @@ typedef struct json_t cjose_header_t; * information in the event of an error. * \returns a newly allocated header object, or NULL if an error occurs. */ -cjose_header_t *cjose_header_new( - cjose_err *err); - +cjose_header_t *cjose_header_new(cjose_err *err); /** * Retains an existing header object. Callers must use this method if the @@ -109,8 +103,7 @@ cjose_header_t *cjose_header_new( * \param header[in] the header object to be retained. * \returns the retained header object */ -cjose_header_t *cjose_header_retain( - cjose_header_t *header); +cjose_header_t *cjose_header_retain(cjose_header_t *header); /** * Releases an existing header object. Callers must use this method @@ -119,9 +112,7 @@ cjose_header_t *cjose_header_retain( * * \param header[in] the header object to be released. */ -void cjose_header_release( - cjose_header_t *header); - +void cjose_header_release(cjose_header_t *header); /** * Sets a header attribute on a header object. If that header was @@ -134,11 +125,7 @@ void cjose_header_release( * information in the event of an error. * \returns true if header is successfully set. */ -bool cjose_header_set( - cjose_header_t *header, - const char *attr, - const char *value, - cjose_err *err); +bool cjose_header_set(cjose_header_t *header, const char *attr, const char *value, cjose_err *err); /** * Retrieves the value of the requested header attribute from the header @@ -150,14 +137,10 @@ bool cjose_header_set( * information in the event of an error. * \returns a string containing the current value for the requested attribute. */ -const char *cjose_header_get( - cjose_header_t *header, - const char *attr, - cjose_err *err); - +const char *cjose_header_get(cjose_header_t *header, const char *attr, cjose_err *err); #ifdef __cplusplus } #endif -#endif // CJOSE_HEADER_H +#endif // CJOSE_HEADER_H diff --git a/include/cjose/jwe.h b/include/cjose/jwe.h index 45060a5..2bfcd2f 100644 --- a/include/cjose/jwe.h +++ b/include/cjose/jwe.h @@ -7,7 +7,7 @@ /** * \file jwe.h - * \brief Functions and data structures for interacting with + * \brief Functions and data structures for interacting with * JSON Web Encryption (JWE) objects. * */ @@ -23,21 +23,18 @@ #include "jwk.h" #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif - -/** - * An instance of a JWE object. +/** + * An instance of a JWE object. */ typedef struct _cjose_jwe_int cjose_jwe_t; - /** * Creates a new JWE by encrypting the given plaintext within the given header * and JWK. - * + * * If the header provided indicates an algorithm requiring an asymmetric key * (e.g. RSA-OAEP), the provided JWK must be asymmetric (e.g. RSA or EC). * @@ -53,12 +50,7 @@ typedef struct _cjose_jwe_int cjose_jwe_t; * \returns a newly generated JWE with the given plaintext as the payload. */ cjose_jwe_t *cjose_jwe_encrypt( - const cjose_jwk_t *jwk, - cjose_header_t *protected_header, - const uint8_t *plaintext, - size_t plaintext_len, - cjose_err *err); - + const cjose_jwk_t *jwk, cjose_header_t *protected_header, const uint8_t *plaintext, size_t plaintext_len, cjose_err *err); /** * Creates a serialization of the given JWE object. @@ -74,9 +66,7 @@ cjose_jwe_t *cjose_jwe_encrypt( * must free it directly when no longer needed, or the memory will be * leaked. */ -char *cjose_jwe_export( - cjose_jwe_t *jwe, - cjose_err *err); +char *cjose_jwe_export(cjose_jwe_t *jwe, cjose_err *err); /** * Creates a new JWE object from the given JWE compact serialization. @@ -90,13 +80,10 @@ char *cjose_jwe_export( * information in the event of an error. * \returns a newly generated JWE object from the given JWE serialization. */ -cjose_jwe_t *cjose_jwe_import( - const char *compact, - size_t compact_len, - cjose_err *err); +cjose_jwe_t *cjose_jwe_import(const char *compact, size_t compact_len, cjose_err *err); /** - * Decrypts the JWE object using the given JWK. Returns the plaintext data of + * Decrypts the JWE object using the given JWK. Returns the plaintext data of * the JWE payload. * * \param jwe [in] the JWE object to decrypt. @@ -108,12 +95,7 @@ cjose_jwe_t *cjose_jwe_import( * this buffer when no longer in use. Failure to do so will result in * a memory leak. */ -uint8_t *cjose_jwe_decrypt( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - size_t *content_len, - cjose_err *err); - +uint8_t *cjose_jwe_decrypt(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, size_t *content_len, cjose_err *err); /** * Returns the protected header of the JWE object. @@ -138,4 +120,4 @@ void cjose_jwe_release(cjose_jwe_t *jwe); } #endif -#endif // CJOSE_JWE_H +#endif // CJOSE_JWE_H diff --git a/include/cjose/jwk.h b/include/cjose/jwk.h index 9662471..e56c645 100644 --- a/include/cjose/jwk.h +++ b/include/cjose/jwk.h @@ -14,7 +14,6 @@ #ifndef CJOSE_JWK_H #define CJOSE_JWK_H - #include #include #include @@ -22,13 +21,11 @@ #include "cjose/error.h" #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif /** Enumeration of supported JSON Web Key (JWK) types */ -typedef enum -{ +typedef enum { /** RSA Public (or Private) Key */ CJOSE_JWK_KTY_RSA = 1, /** Elliptic Curve Public (or Private) Key */ @@ -59,7 +56,7 @@ typedef struct _cjose_jwk_int cjose_jwk_t; * information in the event of an error. * \returns The retained JWK object */ -cjose_jwk_t * cjose_jwk_retain(cjose_jwk_t *jwk, cjose_err *err); +cjose_jwk_t *cjose_jwk_retain(cjose_jwk_t *jwk, cjose_err *err); /** * Releases a JWK object. For a newly-created key where cjose_jwk_retain() has @@ -104,7 +101,7 @@ size_t cjose_jwk_get_keysize(const cjose_jwk_t *jwk, cjose_err *err); * \param jwk The JWK to retrieve key data from * \returns The key data specific to the type of key */ -void * cjose_jwk_get_keydata(const cjose_jwk_t *jwk, cjose_err *err); +void *cjose_jwk_get_keydata(const cjose_jwk_t *jwk, cjose_err *err); /** * Retrieves the key id for the given JWK object. The string returned by @@ -129,11 +126,7 @@ const char *cjose_jwk_get_kid(const cjose_jwk_t *jwk, cjose_err *err); * information in the event of an error. * \returns True if successful, false otherwise. */ -bool cjose_jwk_set_kid( - cjose_jwk_t *jwk, - const char *kid, - size_t len, - cjose_err *err); +bool cjose_jwk_set_kid(cjose_jwk_t *jwk, const char *kid, size_t len, cjose_err *err); /** * Serializes the given JWK to a JSON string. @@ -146,43 +139,43 @@ bool cjose_jwk_set_kid( * information in the event of an error. * \returns The JSON string representation of jwk */ -char * cjose_jwk_to_json(const cjose_jwk_t *jwk, bool priv, cjose_err *err); +char *cjose_jwk_to_json(const cjose_jwk_t *jwk, bool priv, cjose_err *err); /** Key specification for RSA JWK objects. */ typedef struct { /** Public exponent */ - uint8_t *e; + uint8_t *e; /** Length of e */ - size_t elen; + size_t elen; /** Modulus */ - uint8_t *n; + uint8_t *n; /** Length of n */ - size_t nlen; + size_t nlen; /** Private exponent */ - uint8_t *d; + uint8_t *d; /** Length of d */ - size_t dlen; + size_t dlen; /** First prime */ - uint8_t *p; + uint8_t *p; /** Length of p */ - size_t plen; + size_t plen; /** Second prime */ - uint8_t *q; + uint8_t *q; /** Length of q */ - size_t qlen; + size_t qlen; /** d (mod p - 1) */ - uint8_t *dp; + uint8_t *dp; /** Length of dp */ - size_t dplen; + size_t dplen; /** d (mod q - 1) */ - uint8_t *dq; + uint8_t *dq; /** Length of dq */ - size_t dqlen; + size_t dqlen; /** coefficient */ - uint8_t *qi; + uint8_t *qi; /** Length of qi */ - size_t qilen; + size_t qilen; } cjose_jwk_rsa_keyspec; /** @@ -198,8 +191,7 @@ typedef struct * information in the event of an error. * \returns The generated symmetric JWK object. */ -cjose_jwk_t *cjose_jwk_create_RSA_random( - size_t keysize, const uint8_t *e, size_t elen, cjose_err *err); +cjose_jwk_t *cjose_jwk_create_RSA_random(size_t keysize, const uint8_t *e, size_t elen, cjose_err *err); /** * Creates a new RSA JWK, using the given raw value for the private @@ -216,12 +208,10 @@ cjose_jwk_t *cjose_jwk_create_RSA_random( * information in the event of an error. * \returns The generated RSA JWK object */ -cjose_jwk_t *cjose_jwk_create_RSA_spec( - const cjose_jwk_rsa_keyspec *spec, cjose_err *err); +cjose_jwk_t *cjose_jwk_create_RSA_spec(const cjose_jwk_rsa_keyspec *spec, cjose_err *err); /** Enumeration of supported Elliptic-Curve types */ -typedef enum -{ +typedef enum { /** NIST P-256 Prime Curve (secp256r1) */ CJOSE_JWK_EC_P_256 = NID_X9_62_prime256v1, /** NIST P-384 Prime Curve (secp384r1) */ @@ -234,19 +224,19 @@ typedef enum typedef struct { /** The elliptic curve */ - cjose_jwk_ec_curve crv; + cjose_jwk_ec_curve crv; /** The private key */ - uint8_t *d; + uint8_t *d; /** Length of d */ - size_t dlen; + size_t dlen; /** The public key's X coordinate */ - uint8_t *x; + uint8_t *x; /** Length of x */ - size_t xlen; + size_t xlen; /** The public key's Y coordiate */ - uint8_t *y; + uint8_t *y; /** Length of y */ - size_t ylen; + size_t ylen; } cjose_jwk_ec_keyspec; /** @@ -260,8 +250,7 @@ typedef struct * information in the event of an error. * \returns The generated Elliptic Curve JWK object */ -cjose_jwk_t * cjose_jwk_create_EC_random( - cjose_jwk_ec_curve crv, cjose_err *err); +cjose_jwk_t *cjose_jwk_create_EC_random(cjose_jwk_ec_curve crv, cjose_err *err); /** * Creates a new Elliptic-Curve JWK, using the given the raw values for @@ -278,8 +267,7 @@ cjose_jwk_t * cjose_jwk_create_EC_random( * information in the event of an error. * \returns The generated Elliptic Curve JWK object */ -cjose_jwk_t *cjose_jwk_create_EC_spec( - const cjose_jwk_ec_keyspec *spec, cjose_err *err); +cjose_jwk_t *cjose_jwk_create_EC_spec(const cjose_jwk_ec_keyspec *spec, cjose_err *err); /** * Creates a new symmetric octet JWK, using a secure random number generator. @@ -292,7 +280,7 @@ cjose_jwk_t *cjose_jwk_create_EC_spec( * information in the event of an error. * \returns The generated symmetric JWK object. */ -cjose_jwk_t * cjose_jwk_create_oct_random(size_t size, cjose_err *err); +cjose_jwk_t *cjose_jwk_create_oct_random(size_t size, cjose_err *err); /** * Creates a new symmetric oct JWK, using the given raw key data. @@ -309,8 +297,7 @@ cjose_jwk_t * cjose_jwk_create_oct_random(size_t size, cjose_err *err); * information in the event of an error. * \returns The symmetric JWK object for the given raw key data. */ -cjose_jwk_t * cjose_jwk_create_oct_spec( - const uint8_t *data, size_t len, cjose_err *err); +cjose_jwk_t *cjose_jwk_create_oct_spec(const uint8_t *data, size_t len, cjose_err *err); /** * Instantiates a new JWK given a JSON document representation conforming @@ -325,17 +312,17 @@ cjose_jwk_t * cjose_jwk_create_oct_spec( * \param err [out] An optional error object which can be used to get additional * information in the event of an error. * \returns A JWK object corresponding to the given JSON document. In - * the event the given JSON document cannot be parsed, or is + * the event the given JSON document cannot be parsed, or is * otherwise an invalid JWK representation, this will return NULL. */ -cjose_jwk_t * cjose_jwk_import(const char *json, size_t len, cjose_err *err); +cjose_jwk_t *cjose_jwk_import(const char *json, size_t len, cjose_err *err); /** - * Computes an ECDH ephemeral key as an HKDF hash of the derived shared - * secret from a local EC key-pair and a peer's EC public key. The result is + * Computes an ECDH ephemeral key as an HKDF hash of the derived shared + * secret from a local EC key-pair and a peer's EC public key. The result is * returned in the form of a new JWK of type oct. * - * Note: on successful return of a jwk_ecdh_ephemeral_key, the caller becomes + * Note: on successful return of a jwk_ecdh_ephemeral_key, the caller becomes * responsible for releasing that JWK wuth the cjose_jwk_release() command. * * \param jwk_self [in] The caller's own EC key pair. @@ -345,21 +332,15 @@ cjose_jwk_t * cjose_jwk_import(const char *json, size_t len, cjose_err *err); * \returns A new JWK representing the ephemeral key, or NULL in the event of * and error. */ -cjose_jwk_t *cjose_jwk_derive_ecdh_ephemeral_key( - cjose_jwk_t *jwk_self, - cjose_jwk_t *jwk_peer, - cjose_err *err); +cjose_jwk_t *cjose_jwk_derive_ecdh_ephemeral_key(cjose_jwk_t *jwk_self, cjose_jwk_t *jwk_peer, cjose_err *err); /** Deprecated. Alias for cjose_jwk_derive_ecdh_ephemeral_key. */ -cjose_jwk_t *cjose_jwk_derive_ecdh_secret( - cjose_jwk_t *jwk_self, - cjose_jwk_t *jwk_peer, - cjose_err *err); +cjose_jwk_t *cjose_jwk_derive_ecdh_secret(cjose_jwk_t *jwk_self, cjose_jwk_t *jwk_peer, cjose_err *err); #ifdef __cplusplus } #endif -#endif // CJOSE_JWK_H +#endif // CJOSE_JWK_H diff --git a/include/cjose/jws.h b/include/cjose/jws.h index a59e3bb..be878d9 100644 --- a/include/cjose/jws.h +++ b/include/cjose/jws.h @@ -7,7 +7,7 @@ /** * \file jws.h - * \brief Functions and data structures for interacting with + * \brief Functions and data structures for interacting with * JSON Web Signature (JWS) objects. * */ @@ -22,13 +22,11 @@ #include "jwk.h" #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif - -/** - * An instance of a JWS object. +/** + * An instance of a JWS object. */ typedef struct _cjose_jws_int cjose_jws_t; @@ -45,11 +43,7 @@ typedef struct _cjose_jws_int cjose_jws_t; * \returns a newly generated JWS with the given plaintext as the payload. */ cjose_jws_t *cjose_jws_sign( - const cjose_jwk_t *jwk, - cjose_header_t *protected_header, - const uint8_t *plaintext, - size_t plaintext_len, - cjose_err *err); + const cjose_jwk_t *jwk, cjose_header_t *protected_header, const uint8_t *plaintext, size_t plaintext_len, cjose_err *err); /** * Creates a serialization of the given JWS object. @@ -60,16 +54,13 @@ cjose_jws_t *cjose_jws_sign( * \param jws [in] the JWS object to be serialized. * \param ser [out] pointer to a compact serialization of this JWS. Note * the returned string pointer is owned by the JWS, the caller should - * not attempt to free it directly, and note that it will be freed + * not attempt to free it directly, and note that it will be freed * automatically when the JWS itself is released. * \param err [out] An optional error object which can be used to get additional * information in the event of an error. - * \returns true if the serialization is successfully returned. + * \returns true if the serialization is successfully returned. */ -bool cjose_jws_export( - cjose_jws_t *jws, - const char **ser, - cjose_err *err); +bool cjose_jws_export(cjose_jws_t *jws, const char **ser, cjose_err *err); /** * Creates a new JWS object from the given JWS compact serialization. @@ -83,13 +74,10 @@ bool cjose_jws_export( * information in the event of an error. * \returns a newly generated JWS object from the given JWS serialization. */ -cjose_jws_t *cjose_jws_import( - const char *compact, - size_t compact_len, - cjose_err *err); +cjose_jws_t *cjose_jws_import(const char *compact, size_t compact_len, cjose_err *err); /** - * Verifies the JWS object using the given JWK. + * Verifies the JWS object using the given JWK. * * \param jws [in] the JWS object to verify. * \param jwk [in] the key to use for verification. @@ -97,10 +85,7 @@ cjose_jws_t *cjose_jws_import( * information in the event of an error. * \returns true if verification was sucecssful. */ -bool cjose_jws_verify( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err); +bool cjose_jws_verify(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err); /** * Returns the plaintext data of the JWS payload. @@ -108,19 +93,15 @@ bool cjose_jws_verify( * \param jws [in] the JWS object for which the plaintext is requested. * \param plaintext [out] pointer to the plaintext of this JWS. Note * the returned buffer is owned by the JWS, the caller should - * not attempt to free it directly, and note that it will be freed + * not attempt to free it directly, and note that it will be freed * automatically when the JWS itself is released. * \param plaintext_len [out] number of bytes of plaintext in the returned * plaintext buffer. * \param err [out] An optional error object which can be used to get additional * information in the event of an error. - * \returns true if the plaintext is sucessfully returned. + * \returns true if the plaintext is sucessfully returned. */ -bool cjose_jws_get_plaintext( - const cjose_jws_t *jws, - uint8_t **plaintext, - size_t *plaintext_len, - cjose_err *err); +bool cjose_jws_get_plaintext(const cjose_jws_t *jws, uint8_t **plaintext, size_t *plaintext_len, cjose_err *err); /** * Returns the protected header of the JWS payload. @@ -145,4 +126,4 @@ void cjose_jws_release(cjose_jws_t *jws); } #endif -#endif // CJOSE_JWS_H +#endif // CJOSE_JWS_H diff --git a/include/cjose/util.h b/include/cjose/util.h index ec32567..22d84b7 100644 --- a/include/cjose/util.h +++ b/include/cjose/util.h @@ -21,11 +21,10 @@ #include #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif -#define CJOSE_OPENSSL_11X OPENSSL_VERSION_NUMBER >= 0x10100005L +#define CJOSE_OPENSSL_11X OPENSSL_VERSION_NUMBER >= 0x10100005L /** * Macro to explicitly mark a parameter unused, and usable across multiple @@ -36,29 +35,29 @@ extern "C" /** * Typedef for the basic memory allocator function. */ -typedef void *(* cjose_alloc_fn_t)(size_t); +typedef void *(*cjose_alloc_fn_t)(size_t); /** * Typedef for the enhanced memory allocator function. */ -typedef void *(* cjose_alloc3_fn_t)(size_t, const char *, int); +typedef void *(*cjose_alloc3_fn_t)(size_t, const char *, int); /** * Typedef for the basic memory reallocator function. */ -typedef void *(* cjose_realloc_fn_t)(void *, size_t); +typedef void *(*cjose_realloc_fn_t)(void *, size_t); /** * Typedef for the enhanced memory reallocator function. */ -typedef void *(* cjose_realloc3_fn_t)(void *, size_t, const char *, int); +typedef void *(*cjose_realloc3_fn_t)(void *, size_t, const char *, int); /** * Typedef for the basic memory deallocator function. */ -typedef void (* cjose_dealloc_fn_t)(void *); +typedef void (*cjose_dealloc_fn_t)(void *); /** * Typedef for the enhanced memory deallocator function. */ -typedef void (* cjose_dealloc3_fn_t)(void *, const char *, int); +typedef void (*cjose_dealloc3_fn_t)(void *, const char *, int); /** * Sets the allocator and deallocator functions. @@ -77,10 +76,7 @@ typedef void (* cjose_dealloc3_fn_t)(void *, const char *, int); * \param realloc [in] The custom reallocator function to use. * \param dealloc [in] The custom deallocator function to use. */ -void cjose_set_alloc_funcs(cjose_alloc_fn_t alloc, - cjose_realloc_fn_t realloc, - cjose_dealloc_fn_t dealloc); - +void cjose_set_alloc_funcs(cjose_alloc_fn_t alloc, cjose_realloc_fn_t realloc, cjose_dealloc_fn_t dealloc); /** * Sets the enhanced allocator and deallocator functions. This function provides @@ -103,9 +99,7 @@ void cjose_set_alloc_funcs(cjose_alloc_fn_t alloc, * \param dealloc3 [in] The custom deallocator function to use for * OpenSSL >= 1.1.0, called with extra file/line params. */ -void cjose_set_alloc_ex_funcs(cjose_alloc3_fn_t alloc3, - cjose_realloc3_fn_t realloc3, - cjose_dealloc3_fn_t dealloc3); +void cjose_set_alloc_ex_funcs(cjose_alloc3_fn_t alloc3, cjose_realloc3_fn_t realloc3, cjose_dealloc3_fn_t dealloc3); /** * Retrieves the configured allocator function. If an allocator function is @@ -171,13 +165,10 @@ cjose_dealloc3_fn_t cjose_get_dealloc3(); * greater than zero if the first n bytes of s1 is found, respectively, to * be less than, to match, or be greater than the first n bytes of s2 */ -int cjose_const_memcmp( - const uint8_t *a, - const uint8_t *b, - const size_t size); +int cjose_const_memcmp(const uint8_t *a, const uint8_t *b, const size_t size); #ifdef __cplusplus } #endif -#endif // CJOSE_UTIL_H +#endif // CJOSE_UTIL_H diff --git a/src/base64.c b/src/base64.c index fbedea8..9a33ebd 100644 --- a/src/base64.c +++ b/src/base64.c @@ -14,56 +14,34 @@ #include // defines -#define B64_BYTE1(ptr) (((*ptr) & 0xfc)>>2) -#define B64_BYTE2(ptr) ((((*ptr) & 0x03)<<4) | ((*(ptr+1)&0xf0)>>4)) -#define B64_BYTE3(ptr) (((*(ptr+1) & 0x0f)<< 2) | ((*(ptr+2)&0xc0)>>6)) -#define B64_BYTE4(ptr) (*(ptr+2) & 0x3f) +#define B64_BYTE1(ptr) (((*ptr) & 0xfc) >> 2) +#define B64_BYTE2(ptr) ((((*ptr) & 0x03) << 4) | ((*(ptr + 1) & 0xf0) >> 4)) +#define B64_BYTE3(ptr) (((*(ptr + 1) & 0x0f) << 2) | ((*(ptr + 2) & 0xc0) >> 6)) +#define B64_BYTE4(ptr) (*(ptr + 2) & 0x3f) // internal data -static const char * ALPHABET_B64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -static const char * ALPHABET_B64U = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; - -static const uint8_t TEBAHPLA_B64[] = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0x3e, 0xff, 0x3e, 0xff, 0x3f, - 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, - 0x3c, 0x3d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, - 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, - 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, - 0x17, 0x18, 0x19, 0xff, 0xff, 0xff, 0xff, 0x3f, - 0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, - 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, - 0x31, 0x32, 0x33, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff -}; +static const char *ALPHABET_B64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; +static const char *ALPHABET_B64U = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; + +static const uint8_t TEBAHPLA_B64[] + = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0x3e, 0xff, 0x3e, 0xff, 0x3f, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, + 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0x1a, 0x1b, 0x1c, + 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, + 0x31, 0x32, 0x33, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; // internal functions -static inline bool _decode(const char *input, size_t inlen, - uint8_t **output, size_t *outlen, - bool url, cjose_err *err) +static inline bool _decode(const char *input, size_t inlen, uint8_t **output, size_t *outlen, bool url, cjose_err *err) { if ((NULL == input) || (NULL == output) || (NULL == outlen)) { @@ -88,7 +66,7 @@ static inline bool _decode(const char *input, size_t inlen, } // extra validation -- inlen is a multiple of 4 - if ((!url && 0 != (inlen % 4)) || (inlen%4 == 1)) + if ((!url && 0 != (inlen % 4)) || (inlen % 4 == 1)) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); return false; @@ -96,7 +74,7 @@ static inline bool _decode(const char *input, size_t inlen, // rlen takes a best guess on size; // might be too large for base64url, but never too small. - size_t rlen = ((inlen * 3) >> 2) + 3; + size_t rlen = ((inlen * 3) >> 2) + 3; uint8_t *buffer = cjose_get_alloc()(sizeof(uint8_t) * rlen); if (NULL == buffer) { @@ -104,10 +82,10 @@ static inline bool _decode(const char *input, size_t inlen, return false; } - size_t idx = 0; - size_t pos = 0; - size_t shift = 0; - uint32_t packed = 0; + size_t idx = 0; + size_t pos = 0; + size_t shift = 0; + uint32_t packed = 0; while (inlen > idx) { uint8_t val; @@ -166,7 +144,7 @@ static inline bool _decode(const char *input, size_t inlen, assert(*outlen <= rlen); return true; - b64_decode_failed: +b64_decode_failed: if (NULL != buffer) { cjose_get_dealloc()(buffer); @@ -174,9 +152,7 @@ static inline bool _decode(const char *input, size_t inlen, return false; } -static inline bool _encode(const uint8_t *input, size_t inlen, - char **output, size_t *outlen, - const char *alphabet, cjose_err *err) +static inline bool _encode(const uint8_t *input, size_t inlen, char **output, size_t *outlen, const char *alphabet, cjose_err *err) { if ((inlen > 0 && NULL == input) || (NULL == output) || (NULL == outlen)) { @@ -187,7 +163,7 @@ static inline bool _encode(const uint8_t *input, size_t inlen, // return empty string on 0 length input if (!inlen) { - char * retVal = (char *)cjose_get_alloc()(sizeof(char)); + char *retVal = (char *)cjose_get_alloc()(sizeof(char)); if (!retVal) { CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY); @@ -199,30 +175,30 @@ static inline bool _encode(const uint8_t *input, size_t inlen, return true; } - const bool padit = (ALPHABET_B64 == alphabet); - size_t rlen = (((inlen + 2) / 3) << 2); - char *base; + const bool padit = (ALPHABET_B64 == alphabet); + size_t rlen = (((inlen + 2) / 3) << 2); + char *base; - base = (char *)cjose_get_alloc()(sizeof(char) * (rlen+1)); + base = (char *)cjose_get_alloc()(sizeof(char) * (rlen + 1)); if (NULL == base) { CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY); return false; } - size_t pos = 0, idx = 0; + size_t pos = 0, idx = 0; while ((idx + 2) < inlen) { base[pos++] = alphabet[0x3f & (input[idx] >> 2)]; - base[pos++] = alphabet[(0x3f & (input[idx] << 4)) | (0x3f & (input[idx+1] >> 4))]; - base[pos++] = alphabet[(0x3f & (input[idx+1] << 2)) | (0x3f & (input[idx+2] >> 6))]; - base[pos++] = alphabet[0x3f & input[idx+2]]; + base[pos++] = alphabet[(0x3f & (input[idx] << 4)) | (0x3f & (input[idx + 1] >> 4))]; + base[pos++] = alphabet[(0x3f & (input[idx + 1] << 2)) | (0x3f & (input[idx + 2] >> 6))]; + base[pos++] = alphabet[0x3f & input[idx + 2]]; idx += 3; } if (idx < inlen) { - if ((inlen-1) == idx) + if ((inlen - 1) == idx) { base[pos++] = alphabet[0x3f & (input[idx] >> 2)]; base[pos++] = alphabet[0x3f & (input[idx] << 4)]; @@ -235,8 +211,8 @@ static inline bool _encode(const uint8_t *input, size_t inlen, else { base[pos++] = alphabet[0x3f & (input[idx] >> 2)]; - base[pos++] = alphabet[(0x3f & (input[idx] << 4)) | (0x3f & (input[idx+1] >> 4))]; - base[pos++] = alphabet[0x3f & (input[idx+1] << 2)]; + base[pos++] = alphabet[(0x3f & (input[idx] << 4)) | (0x3f & (input[idx + 1] >> 4))]; + base[pos++] = alphabet[0x3f & (input[idx + 1] << 2)]; if (padit) { base[pos++] = '='; @@ -253,24 +229,20 @@ static inline bool _encode(const uint8_t *input, size_t inlen, // interface functions -bool cjose_base64_encode(const uint8_t *input, size_t inlen, - char **output, size_t *outlen, cjose_err *err) +bool cjose_base64_encode(const uint8_t *input, size_t inlen, char **output, size_t *outlen, cjose_err *err) { return _encode(input, inlen, output, outlen, ALPHABET_B64, err); } -bool cjose_base64url_encode(const uint8_t *input, size_t inlen, - char **output, size_t *outlen, cjose_err *err) +bool cjose_base64url_encode(const uint8_t *input, size_t inlen, char **output, size_t *outlen, cjose_err *err) { return _encode(input, inlen, output, outlen, ALPHABET_B64U, err); } -bool cjose_base64_decode(const char *input, size_t inlen, - uint8_t **output, size_t *outlen, cjose_err *err) +bool cjose_base64_decode(const char *input, size_t inlen, uint8_t **output, size_t *outlen, cjose_err *err) { return _decode(input, inlen, output, outlen, false, err); } -bool cjose_base64url_decode(const char *input, size_t inlen, - uint8_t **output, size_t *outlen, cjose_err *err) +bool cjose_base64url_decode(const char *input, size_t inlen, uint8_t **output, size_t *outlen, cjose_err *err) { return _decode(input, inlen, output, outlen, true, err); } diff --git a/src/error.c b/src/error.c index fde2509..950a870 100644 --- a/src/error.c +++ b/src/error.c @@ -9,16 +9,8 @@ #include #include "cjose/error.h" - //////////////////////////////////////////////////////////////////////////////// -static const char *_ERR_MSG_TABLE[] = { - "no error", - "invalid argument", - "invalid state", - "out of memory", - "crypto error" -}; - +static const char *_ERR_MSG_TABLE[] = { "no error", "invalid argument", "invalid state", "out of memory", "crypto error" }; //////////////////////////////////////////////////////////////////////////////// const char *cjose_err_message(cjose_errcode code) diff --git a/src/header.c b/src/header.c index 251fe86..c6a6084 100644 --- a/src/header.c +++ b/src/header.c @@ -5,13 +5,11 @@ * Copyright (c) 2014-2016 Cisco Systems, Inc. All Rights Reserved. */ - #include #include #include "cjose/header.h" #include "include/header_int.h" - const char *CJOSE_HDR_ALG = "alg"; const char *CJOSE_HDR_ALG_NONE = "none"; const char *CJOSE_HDR_ALG_RSA_OAEP = "RSA-OAEP"; @@ -44,8 +42,7 @@ const char *CJOSE_HDR_CTY = "cty"; const char *CJOSE_HDR_KID = "kid"; //////////////////////////////////////////////////////////////////////////////// -cjose_header_t *cjose_header_new( - cjose_err *err) +cjose_header_t *cjose_header_new(cjose_err *err) { cjose_header_t *retval = (cjose_header_t *)json_object(); if (NULL == retval) @@ -56,8 +53,7 @@ cjose_header_t *cjose_header_new( } //////////////////////////////////////////////////////////////////////////////// -cjose_header_t *cjose_header_retain( - cjose_header_t *header) +cjose_header_t *cjose_header_retain(cjose_header_t *header) { if (NULL != header) { @@ -67,8 +63,7 @@ cjose_header_t *cjose_header_retain( } //////////////////////////////////////////////////////////////////////////////// -void cjose_header_release( - cjose_header_t *header) +void cjose_header_release(cjose_header_t *header) { if (NULL != header) { @@ -76,13 +71,8 @@ void cjose_header_release( } } - //////////////////////////////////////////////////////////////////////////////// -bool cjose_header_set( - cjose_header_t *header, - const char *attr, - const char *value, - cjose_err *err) +bool cjose_header_set(cjose_header_t *header, const char *attr, const char *value, cjose_err *err) { if (NULL == header || NULL == attr || NULL == value) { @@ -97,20 +87,15 @@ bool cjose_header_set( return false; } - json_object_set( - (json_t *)header, attr, value_obj); + json_object_set((json_t *)header, attr, value_obj); json_decref(value_obj); return true; } - //////////////////////////////////////////////////////////////////////////////// -const char *cjose_header_get( - cjose_header_t *header, - const char *attr, - cjose_err *err) +const char *cjose_header_get(cjose_header_t *header, const char *attr, cjose_err *err) { if (NULL == header || NULL == attr) { diff --git a/src/include/jwe_int.h b/src/include/jwe_int.h index 11785f0..5430ce5 100644 --- a/src/include/jwe_int.h +++ b/src/include/jwe_int.h @@ -11,7 +11,6 @@ #include #include "cjose/jwe.h" - // JWE part struct _cjose_jwe_part_int { @@ -22,56 +21,37 @@ struct _cjose_jwe_part_int size_t b64u_len; }; - // functions for building JWE parts typedef struct _jwe_fntable_int { - bool (*set_cek)( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err); - - bool (*encrypt_ek)( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err); - - bool (*decrypt_ek)( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err); - - bool (*set_iv)( - cjose_jwe_t *jwe, - cjose_err *err); - - bool (*encrypt_dat)( - cjose_jwe_t *jwe, - const uint8_t *plaintext, - size_t plaintext_len, - cjose_err *err); - - bool (*decrypt_dat)( - cjose_jwe_t *jwe, - cjose_err *err); + bool (*set_cek)(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err); -} jwe_fntable; + bool (*encrypt_ek)(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err); + + bool (*decrypt_ek)(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err); + bool (*set_iv)(cjose_jwe_t *jwe, cjose_err *err); + + bool (*encrypt_dat)(cjose_jwe_t *jwe, const uint8_t *plaintext, size_t plaintext_len, cjose_err *err); + + bool (*decrypt_dat)(cjose_jwe_t *jwe, cjose_err *err); + +} jwe_fntable; // JWE object struct _cjose_jwe_int { - json_t *hdr; // header JSON object + json_t *hdr; // header JSON object - struct _cjose_jwe_part_int part[5]; // the 5 JWE parts + struct _cjose_jwe_part_int part[5]; // the 5 JWE parts - uint8_t *cek; // content-encryption key - size_t cek_len; + uint8_t *cek; // content-encryption key + size_t cek_len; - uint8_t *dat; // decrypted data - size_t dat_len; + uint8_t *dat; // decrypted data + size_t dat_len; - jwe_fntable fns; // functions for building JWE parts + jwe_fntable fns; // functions for building JWE parts }; #endif // SRC_JWE_INT_H diff --git a/src/include/jwk_int.h b/src/include/jwk_int.h index 1171678..0c66d22 100644 --- a/src/include/jwk_int.h +++ b/src/include/jwk_int.h @@ -37,19 +37,19 @@ typedef struct _key_fntable_int // JSON Web Key structure struct _cjose_jwk_int { - cjose_jwk_kty_t kty; - char * kid; - unsigned int retained; - size_t keysize; - void * keydata; - const key_fntable * fns; + cjose_jwk_kty_t kty; + char *kid; + unsigned int retained; + size_t keysize; + void *keydata; + const key_fntable *fns; }; // EC-specific keydata typedef struct _ec_keydata_int { - cjose_jwk_ec_curve crv; - EC_KEY * key; + cjose_jwk_ec_curve crv; + EC_KEY *key; } ec_keydata; // RSA-specific keydata = OpenSSL RSA struct @@ -57,17 +57,16 @@ typedef struct _ec_keydata_int // HKDF implementation, note it currrently supports only SHA256, no info // and okm must be exactly 32 bytes. -bool cjose_jwk_hkdf( - const EVP_MD *md, - const uint8_t *salt, - size_t salt_len, - const uint8_t *info, - size_t info_len, - const uint8_t *ikm, - size_t ikm_len, - uint8_t *okm, - unsigned int okm_len, - cjose_err *err); +bool cjose_jwk_hkdf(const EVP_MD *md, + const uint8_t *salt, + size_t salt_len, + const uint8_t *info, + size_t info_len, + const uint8_t *ikm, + size_t ikm_len, + uint8_t *okm, + unsigned int okm_len, + cjose_err *err); void _cjose_jwk_rsa_get(RSA *rsa, BIGNUM **n, BIGNUM **e, BIGNUM **d); diff --git a/src/include/jws_int.h b/src/include/jws_int.h index 493747c..72ebfc5 100644 --- a/src/include/jws_int.h +++ b/src/include/jws_int.h @@ -14,50 +14,41 @@ // functions for building JWS parts typedef struct _jws_fntable_int { - bool (*digest)( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err); + bool (*digest)(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err); - bool (*sign)( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err); + bool (*sign)(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err); - bool (*verify)( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err); + bool (*verify)(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err); } jws_fntable; // JWS object struct _cjose_jws_int { - json_t *hdr; // header JSON object + json_t *hdr; // header JSON object - char *hdr_b64u; // serialized and base64url encoded header - size_t hdr_b64u_len; + char *hdr_b64u; // serialized and base64url encoded header + size_t hdr_b64u_len; - uint8_t *dat; // payload data - size_t dat_len; + uint8_t *dat; // payload data + size_t dat_len; - char *dat_b64u; // base64url encoded payload data - size_t dat_b64u_len; + char *dat_b64u; // base64url encoded payload data + size_t dat_b64u_len; - uint8_t *dig; // digest of signing input value - size_t dig_len; + uint8_t *dig; // digest of signing input value + size_t dig_len; - uint8_t *sig; // signature - size_t sig_len; + uint8_t *sig; // signature + size_t sig_len; - char *sig_b64u; // base64url encoded signature - size_t sig_b64u_len; + char *sig_b64u; // base64url encoded signature + size_t sig_b64u_len; - char *cser; // compact serialization - size_t cser_len; + char *cser; // compact serialization + size_t cser_len; - jws_fntable fns; // functions for building JWS parts + jws_fntable fns; // functions for building JWS parts }; #endif // SRC_JWS_INT_H diff --git a/src/jwe.c b/src/jwe.c index ed65707..29ee32e 100644 --- a/src/jwe.c +++ b/src/jwe.c @@ -24,120 +24,66 @@ #include "include/jwe_int.h" #include "include/util_int.h" - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_set_cek_a256gcm( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err); - -static bool _cjose_jwe_set_cek_aes_cbc( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err); - -static bool _cjose_jwe_encrypt_ek_dir( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err); - -static bool _cjose_jwe_decrypt_ek_dir( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err); - -static bool _cjose_jwe_encrypt_ek_aes_kw( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err); - -static bool _cjose_jwe_decrypt_ek_aes_kw( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err); - -static bool _cjose_jwe_encrypt_ek_rsa_oaep( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err); - -static bool _cjose_jwe_decrypt_ek_rsa_oaep( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err); - -static bool _cjose_jwe_encrypt_ek_rsa1_5( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err); - -static bool _cjose_jwe_decrypt_ek_rsa1_5( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err); - -static bool _cjose_jwe_set_iv_a256gcm( - cjose_jwe_t *jwe, - cjose_err *err); - -static bool _cjose_jwe_set_iv_aes_cbc( - cjose_jwe_t *jwe, - cjose_err *err); - -static bool _cjose_jwe_encrypt_dat_a256gcm( - cjose_jwe_t *jwe, - const uint8_t *plaintext, - size_t plaintext_len, - cjose_err *err); - -static bool _cjose_jwe_encrypt_dat_aes_cbc( - cjose_jwe_t *jwe, - const uint8_t *plaintext, - size_t plaintext_len, - cjose_err *err); - -static bool _cjose_jwe_decrypt_dat_a256gcm( - cjose_jwe_t *jwe, - cjose_err *err); - -static bool _cjose_jwe_decrypt_dat_aes_cbc( - cjose_jwe_t *jwe, - cjose_err *err); +static bool _cjose_jwe_set_cek_a256gcm(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err); + +static bool _cjose_jwe_set_cek_aes_cbc(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err); + +static bool _cjose_jwe_encrypt_ek_dir(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err); + +static bool _cjose_jwe_decrypt_ek_dir(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err); + +static bool _cjose_jwe_encrypt_ek_aes_kw(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err); + +static bool _cjose_jwe_decrypt_ek_aes_kw(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err); + +static bool _cjose_jwe_encrypt_ek_rsa_oaep(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err); + +static bool _cjose_jwe_decrypt_ek_rsa_oaep(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err); + +static bool _cjose_jwe_encrypt_ek_rsa1_5(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err); + +static bool _cjose_jwe_decrypt_ek_rsa1_5(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err); + +static bool _cjose_jwe_set_iv_a256gcm(cjose_jwe_t *jwe, cjose_err *err); + +static bool _cjose_jwe_set_iv_aes_cbc(cjose_jwe_t *jwe, cjose_err *err); + +static bool _cjose_jwe_encrypt_dat_a256gcm(cjose_jwe_t *jwe, const uint8_t *plaintext, size_t plaintext_len, cjose_err *err); + +static bool _cjose_jwe_encrypt_dat_aes_cbc(cjose_jwe_t *jwe, const uint8_t *plaintext, size_t plaintext_len, cjose_err *err); + +static bool _cjose_jwe_decrypt_dat_a256gcm(cjose_jwe_t *jwe, cjose_err *err); + +static bool _cjose_jwe_decrypt_dat_aes_cbc(cjose_jwe_t *jwe, cjose_err *err); //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_malloc( - size_t bytes, bool random, - uint8_t **buffer, - cjose_err *err) +static bool _cjose_jwe_malloc(size_t bytes, bool random, uint8_t **buffer, cjose_err *err) { *buffer = (uint8_t *)cjose_get_alloc()(bytes); if (NULL == *buffer) - { + { CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY); return false; - } + } if (random) - { + { if (RAND_bytes((unsigned char *)*buffer, bytes) != 1) - { + { cjose_get_dealloc()(*buffer); CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); return false; - } - } + } + } else - { + { memset(*buffer, 0, bytes); - } + } return true; } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_build_hdr( - cjose_jwe_t *jwe, - cjose_header_t *header, - cjose_err *err) +static bool _cjose_jwe_build_hdr(cjose_jwe_t *jwe, cjose_header_t *header, cjose_err *err) { // save header object as part of the JWE (and incr. refcount) jwe->hdr = (json_t *)header; @@ -152,7 +98,7 @@ static bool _cjose_jwe_build_hdr( } // copy the serialized header to JWE (hdr_str is owned by header object) - size_t len = strlen(hdr_str); + size_t len = strlen(hdr_str); uint8_t *data = (uint8_t *)_cjose_strndup(hdr_str, len, err); if (!data) { @@ -163,16 +109,12 @@ static bool _cjose_jwe_build_hdr( jwe->part[0].raw = data; jwe->part[0].raw_len = len; cjose_get_dealloc()(hdr_str); - + return true; } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_validate_hdr( - cjose_jwe_t *jwe, - cjose_header_t *header, - cjose_err *err) +static bool _cjose_jwe_validate_hdr(cjose_jwe_t *jwe, cjose_header_t *header, cjose_err *err) { // make sure we have an alg header json_t *alg_obj = json_object_get((json_t *)header, CJOSE_HDR_ALG); @@ -208,7 +150,8 @@ static bool _cjose_jwe_validate_hdr( jwe->fns.encrypt_ek = _cjose_jwe_encrypt_ek_dir; jwe->fns.decrypt_ek = _cjose_jwe_decrypt_ek_dir; } - if ((strcmp(alg, CJOSE_HDR_ALG_A128KW) == 0) || (strcmp(alg, CJOSE_HDR_ALG_A192KW) == 0) || (strcmp(alg, CJOSE_HDR_ALG_A256KW) == 0)) + if ((strcmp(alg, CJOSE_HDR_ALG_A128KW) == 0) || (strcmp(alg, CJOSE_HDR_ALG_A192KW) == 0) + || (strcmp(alg, CJOSE_HDR_ALG_A256KW) == 0)) { jwe->fns.encrypt_ek = _cjose_jwe_encrypt_ek_aes_kw; jwe->fns.decrypt_ek = _cjose_jwe_decrypt_ek_aes_kw; @@ -220,7 +163,8 @@ static bool _cjose_jwe_validate_hdr( jwe->fns.encrypt_dat = _cjose_jwe_encrypt_dat_a256gcm; jwe->fns.decrypt_dat = _cjose_jwe_decrypt_dat_a256gcm; } - if ((strcmp(enc, CJOSE_HDR_ENC_A128CBC_HS256) == 0) || (strcmp(enc, CJOSE_HDR_ENC_A192CBC_HS384) == 0) || (strcmp(enc, CJOSE_HDR_ENC_A256CBC_HS512) == 0)) + if ((strcmp(enc, CJOSE_HDR_ENC_A128CBC_HS256) == 0) || (strcmp(enc, CJOSE_HDR_ENC_A192CBC_HS384) == 0) + || (strcmp(enc, CJOSE_HDR_ENC_A256CBC_HS512) == 0)) { jwe->fns.set_cek = _cjose_jwe_set_cek_aes_cbc; jwe->fns.set_iv = _cjose_jwe_set_iv_aes_cbc; @@ -229,12 +173,8 @@ static bool _cjose_jwe_validate_hdr( } // ensure required builders have been assigned - if (NULL == jwe->fns.set_cek || - NULL == jwe->fns.encrypt_ek || - NULL == jwe->fns.decrypt_ek || - NULL == jwe->fns.set_iv || - NULL == jwe->fns.encrypt_dat || - NULL == jwe->fns.decrypt_dat) + if (NULL == jwe->fns.set_cek || NULL == jwe->fns.encrypt_ek || NULL == jwe->fns.decrypt_ek || NULL == jwe->fns.set_iv + || NULL == jwe->fns.encrypt_dat || NULL == jwe->fns.decrypt_dat) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); return false; @@ -243,12 +183,8 @@ static bool _cjose_jwe_validate_hdr( return true; } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_set_cek_a256gcm( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err) +static bool _cjose_jwe_set_cek_a256gcm(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err) { // 256 bits = 32 bytes static const size_t keysize = 32; @@ -260,15 +196,13 @@ static bool _cjose_jwe_set_cek_a256gcm( if (!_cjose_jwe_malloc(keysize, true, &jwe->cek, err)) { return false; - } + } jwe->cek_len = keysize; } else { // if a JWK is provided, it must be a symmetric key of correct size - if (CJOSE_JWK_KTY_OCT != cjose_jwk_get_kty(jwk, err) || - jwk->keysize != keysize*8 || - NULL == jwk->keydata) + if (CJOSE_JWK_KTY_OCT != cjose_jwk_get_kty(jwk, err) || jwk->keysize != keysize * 8 || NULL == jwk->keydata) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); return false; @@ -279,7 +213,7 @@ static bool _cjose_jwe_set_cek_a256gcm( if (!_cjose_jwe_malloc(keysize, false, &jwe->cek, err)) { return false; - } + } memcpy(jwe->cek, jwk->keydata, keysize); jwe->cek_len = keysize; } @@ -287,12 +221,8 @@ static bool _cjose_jwe_set_cek_a256gcm( return true; } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_set_cek_aes_cbc( - cjose_jwe_t *jwe, - const cjose_jwk_t *dummy_set_to_null_for_random, - cjose_err *err) +static bool _cjose_jwe_set_cek_aes_cbc(cjose_jwe_t *jwe, const cjose_jwk_t *dummy_set_to_null_for_random, cjose_err *err) { // make sure we have an enc header json_t *enc_obj = json_object_get(jwe->hdr, CJOSE_HDR_ENC); @@ -322,16 +252,13 @@ static bool _cjose_jwe_set_cek_aes_cbc( } //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_encrypt_ek_dir( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err) +static bool _cjose_jwe_encrypt_ek_dir(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err) { // for direct encryption, JWE sec 5.1, step 6: let CEK be the symmetric key. if (!jwe->fns.set_cek(jwe, jwk, err)) { return false; - } + } // for direct encryption, JWE sec 5.1, step 5: let EK be empty octet seq. jwe->part[1].raw = NULL; @@ -340,23 +267,16 @@ static bool _cjose_jwe_encrypt_ek_dir( return true; } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_decrypt_ek_dir( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err) +static bool _cjose_jwe_decrypt_ek_dir(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err) { - // do not try and decrypt the ek. that's impossible. + // do not try and decrypt the ek. that's impossible. // instead... only try to realize the truth. there is no ek. return _cjose_jwe_set_cek_a256gcm(jwe, jwk, err); } //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_encrypt_ek_aes_kw( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err) +static bool _cjose_jwe_encrypt_ek_aes_kw(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err) { if (NULL == jwe || NULL == jwk) { @@ -403,12 +323,8 @@ static bool _cjose_jwe_encrypt_ek_aes_kw( return true; } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_decrypt_ek_aes_kw( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err) +static bool _cjose_jwe_decrypt_ek_aes_kw(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err) { if (NULL == jwe || NULL == jwk) { @@ -432,14 +348,14 @@ static bool _cjose_jwe_decrypt_ek_aes_kw( } // generate empty CEK so the the right amount of memory is allocated (abuse JWK parameter to empty) - if (!jwe->fns.set_cek(jwe, (const cjose_jwk_t *) 1, err)) + if (!jwe->fns.set_cek(jwe, (const cjose_jwk_t *)1, err)) { return false; } // AES unwrap the CEK in to jwe->cek - int len = AES_unwrap_key(&akey, (const unsigned char*) NULL, jwe->cek, (const unsigned char *) jwe->part[1].raw, - jwe->part[1].raw_len); + int len = AES_unwrap_key(&akey, (const unsigned char *)NULL, jwe->cek, (const unsigned char *)jwe->part[1].raw, + jwe->part[1].raw_len); if (len <= 0) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); @@ -450,13 +366,8 @@ static bool _cjose_jwe_decrypt_ek_aes_kw( return true; } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_encrypt_ek_rsa_padding( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - int padding, - cjose_err *err) +static bool _cjose_jwe_encrypt_ek_rsa_padding(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, int padding, cjose_err *err) { // jwk must be RSA if (jwk->kty != CJOSE_JWK_KTY_RSA || NULL == jwk->keydata) @@ -478,7 +389,7 @@ static bool _cjose_jwe_encrypt_ek_rsa_padding( if (!jwe->fns.set_cek(jwe, NULL, err)) { return false; - } + } // the size of the ek will match the size of the RSA key jwe->part[1].raw_len = RSA_size((RSA *)jwk->keydata); @@ -487,35 +398,28 @@ static bool _cjose_jwe_encrypt_ek_rsa_padding( if (jwe->cek_len >= jwe->part[1].raw_len - 41) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); - return false; + return false; } // allocate memory for RSA encryption cjose_get_dealloc()(jwe->part[1].raw); if (!_cjose_jwe_malloc(jwe->part[1].raw_len, false, &jwe->part[1].raw, err)) { - return false; + return false; } // encrypt the CEK using RSA v1.5 or OAEP padding - if (RSA_public_encrypt(jwe->cek_len, jwe->cek, jwe->part[1].raw, - (RSA *)jwk->keydata, padding) != - jwe->part[1].raw_len) + if (RSA_public_encrypt(jwe->cek_len, jwe->cek, jwe->part[1].raw, (RSA *)jwk->keydata, padding) != jwe->part[1].raw_len) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); - return false; + return false; } return true; } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_decrypt_ek_rsa_padding( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - int padding, - cjose_err *err) +static bool _cjose_jwe_decrypt_ek_rsa_padding(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, int padding, cjose_err *err) { if (NULL == jwe || NULL == jwk) { @@ -527,7 +431,7 @@ static bool _cjose_jwe_decrypt_ek_rsa_padding( if (jwk->kty != CJOSE_JWK_KTY_RSA) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); - return false; + return false; } // we don't know the size of the key to expect, but must be < RSA_size @@ -539,9 +443,7 @@ static bool _cjose_jwe_decrypt_ek_rsa_padding( } // decrypt the CEK using RSA v1.5 or OAEP padding - jwe->cek_len = RSA_private_decrypt( - jwe->part[1].raw_len, jwe->part[1].raw, jwe->cek, - (RSA *)jwk->keydata, padding); + jwe->cek_len = RSA_private_decrypt(jwe->part[1].raw_len, jwe->part[1].raw, jwe->cek, (RSA *)jwk->keydata, padding); if (-1 == jwe->cek_len) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); @@ -551,51 +453,32 @@ static bool _cjose_jwe_decrypt_ek_rsa_padding( return true; } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_encrypt_ek_rsa_oaep( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err) +static bool _cjose_jwe_encrypt_ek_rsa_oaep(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err) { - return _cjose_jwe_encrypt_ek_rsa_padding(jwe, jwk, RSA_PKCS1_OAEP_PADDING ,err); + return _cjose_jwe_encrypt_ek_rsa_padding(jwe, jwk, RSA_PKCS1_OAEP_PADDING, err); } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_decrypt_ek_rsa_oaep( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err) +static bool _cjose_jwe_decrypt_ek_rsa_oaep(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err) { - return _cjose_jwe_decrypt_ek_rsa_padding(jwe, jwk, RSA_PKCS1_OAEP_PADDING ,err); + return _cjose_jwe_decrypt_ek_rsa_padding(jwe, jwk, RSA_PKCS1_OAEP_PADDING, err); } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_encrypt_ek_rsa1_5( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err) +static bool _cjose_jwe_encrypt_ek_rsa1_5(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err) { - return _cjose_jwe_encrypt_ek_rsa_padding(jwe, jwk, RSA_PKCS1_PADDING ,err); + return _cjose_jwe_encrypt_ek_rsa_padding(jwe, jwk, RSA_PKCS1_PADDING, err); } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_decrypt_ek_rsa1_5( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - cjose_err *err) +static bool _cjose_jwe_decrypt_ek_rsa1_5(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err) { - return _cjose_jwe_decrypt_ek_rsa_padding(jwe, jwk, RSA_PKCS1_PADDING ,err); + return _cjose_jwe_decrypt_ek_rsa_padding(jwe, jwk, RSA_PKCS1_PADDING, err); } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_set_iv_a256gcm( - cjose_jwe_t *jwe, - cjose_err *err) +static bool _cjose_jwe_set_iv_a256gcm(cjose_jwe_t *jwe, cjose_err *err) { // generate IV as random 96 bit value cjose_get_dealloc()(jwe->part[2].raw); @@ -609,9 +492,7 @@ static bool _cjose_jwe_set_iv_a256gcm( } //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_set_iv_aes_cbc( - cjose_jwe_t *jwe, - cjose_err *err) +static bool _cjose_jwe_set_iv_aes_cbc(cjose_jwe_t *jwe, cjose_err *err) { // make sure we have an enc header json_t *enc_obj = json_object_get(jwe->hdr, CJOSE_HDR_ENC); @@ -647,28 +528,23 @@ static bool _cjose_jwe_set_iv_aes_cbc( return true; } - #if (CJOSE_OPENSSL_11X) - #define CJOSE_EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG - #define CJOSE_EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +#define CJOSE_EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +#define CJOSE_EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG #else - #define CJOSE_EVP_CTRL_GCM_GET_TAG EVP_CTRL_GCM_GET_TAG - #define CJOSE_EVP_CTRL_GCM_SET_TAG EVP_CTRL_GCM_SET_TAG +#define CJOSE_EVP_CTRL_GCM_GET_TAG EVP_CTRL_GCM_GET_TAG +#define CJOSE_EVP_CTRL_GCM_SET_TAG EVP_CTRL_GCM_SET_TAG #endif //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_encrypt_dat_a256gcm( - cjose_jwe_t *jwe, - const uint8_t *plaintext, - size_t plaintext_len, - cjose_err *err) +static bool _cjose_jwe_encrypt_dat_a256gcm(cjose_jwe_t *jwe, const uint8_t *plaintext, size_t plaintext_len, cjose_err *err) { EVP_CIPHER_CTX *ctx = NULL; if (NULL == plaintext) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); - goto _cjose_jwe_encrypt_dat_fail; + goto _cjose_jwe_encrypt_dat_fail; } // get A256GCM cipher @@ -696,20 +572,16 @@ static bool _cjose_jwe_encrypt_dat_a256gcm( } // we need the header in base64url encoding as input for encryption - if ((NULL == jwe->part[0].b64u) && (!cjose_base64url_encode( - (const uint8_t *)jwe->part[0].raw, jwe->part[0].raw_len, - &jwe->part[0].b64u, &jwe->part[0].b64u_len, err))) + if ((NULL == jwe->part[0].b64u) && (!cjose_base64url_encode((const uint8_t *)jwe->part[0].raw, jwe->part[0].raw_len, + &jwe->part[0].b64u, &jwe->part[0].b64u_len, err))) { goto _cjose_jwe_encrypt_dat_fail; - } + } // set GCM mode AAD data (hdr_b64u) by setting "out" to NULL int bytes_encrypted = 0; - if (EVP_EncryptUpdate(ctx, - NULL, &bytes_encrypted, - (unsigned char *)jwe->part[0].b64u, - jwe->part[0].b64u_len) != 1 || - bytes_encrypted != jwe->part[0].b64u_len) + if (EVP_EncryptUpdate(ctx, NULL, &bytes_encrypted, (unsigned char *)jwe->part[0].b64u, jwe->part[0].b64u_len) != 1 + || bytes_encrypted != jwe->part[0].b64u_len) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); goto _cjose_jwe_encrypt_dat_fail; @@ -720,13 +592,11 @@ static bool _cjose_jwe_encrypt_dat_a256gcm( jwe->part[3].raw_len = plaintext_len; if (!_cjose_jwe_malloc(jwe->part[3].raw_len, false, &jwe->part[3].raw, err)) { - goto _cjose_jwe_encrypt_dat_fail; + goto _cjose_jwe_encrypt_dat_fail; } // encrypt entire plaintext to ciphertext buffer - if (EVP_EncryptUpdate(ctx, - jwe->part[3].raw, &bytes_encrypted, - plaintext, plaintext_len) != 1) + if (EVP_EncryptUpdate(ctx, jwe->part[3].raw, &bytes_encrypted, plaintext, plaintext_len) != 1) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); goto _cjose_jwe_encrypt_dat_fail; @@ -745,7 +615,7 @@ static bool _cjose_jwe_encrypt_dat_a256gcm( jwe->part[4].raw_len = 16; if (!_cjose_jwe_malloc(jwe->part[4].raw_len, false, &jwe->part[4].raw, err)) { - goto _cjose_jwe_encrypt_dat_fail; + goto _cjose_jwe_encrypt_dat_fail; } // get the GCM-mode authentication tag @@ -758,7 +628,7 @@ static bool _cjose_jwe_encrypt_dat_a256gcm( EVP_CIPHER_CTX_free(ctx); return true; - _cjose_jwe_encrypt_dat_fail: +_cjose_jwe_encrypt_dat_fail: if (NULL != ctx) { EVP_CIPHER_CTX_free(ctx); @@ -769,15 +639,15 @@ static bool _cjose_jwe_encrypt_dat_a256gcm( //////////////////////////////////////////////////////////////////////////////// static bool _cjose_jwe_calc_auth_tag(const char *enc, cjose_jwe_t *jwe, uint8_t *md, unsigned int *md_len, cjose_err *err) { - bool retval = false; - const EVP_MD *hash = NULL; + bool retval = false; + const EVP_MD *hash = NULL; if (strcmp(enc, CJOSE_HDR_ENC_A128CBC_HS256) == 0) - hash = EVP_sha256(); + hash = EVP_sha256(); if (strcmp(enc, CJOSE_HDR_ENC_A192CBC_HS384) == 0) - hash = EVP_sha384(); + hash = EVP_sha384(); if (strcmp(enc, CJOSE_HDR_ENC_A256CBC_HS512) == 0) - hash = EVP_sha512(); + hash = EVP_sha512(); if (NULL == hash) { @@ -787,13 +657,13 @@ static bool _cjose_jwe_calc_auth_tag(const char *enc, cjose_jwe_t *jwe, uint8_t uint8_t *msg = NULL; - // calculate the Authentication Tag value over AAD + IV + ciphertext + AAD length + // calculate the Authentication Tag value over AAD + IV + ciphertext + AAD length - //0 = header - //1 = cek - //2 = iv - //3 = ciphertext - //4 = authentication tag + // 0 = header + // 1 = cek + // 2 = iv + // 3 = ciphertext + // 4 = authentication tag // Additional Authentication Data length (base64encoded header) in # of bits in 64 bit length field uint64_t al = jwe->part[0].b64u_len * 8; @@ -816,40 +686,36 @@ static bool _cjose_jwe_calc_auth_tag(const char *enc, cjose_jwe_t *jwe, uint8_t // check if we are on a big endian or little endian machine int c = 1; - if (*(char *) &c == 1) + if (*(char *)&c == 1) { - // little endian machine: reverse AAD length for big endian representation - al = (al & 0x00000000FFFFFFFF) << 32 | (al & 0xFFFFFFFF00000000) >> 32; - al = (al & 0x0000FFFF0000FFFF) << 16 | (al & 0xFFFF0000FFFF0000) >> 16; - al = (al & 0x00FF00FF00FF00FF) << 8 | (al & 0xFF00FF00FF00FF00) >> 8; + // little endian machine: reverse AAD length for big endian representation + al = (al & 0x00000000FFFFFFFF) << 32 | (al & 0xFFFFFFFF00000000) >> 32; + al = (al & 0x0000FFFF0000FFFF) << 16 | (al & 0xFFFF0000FFFF0000) >> 16; + al = (al & 0x00FF00FF00FF00FF) << 8 | (al & 0xFF00FF00FF00FF00) >> 8; } memcpy(p, &al, sizeof(uint64_t)); // HMAC the input - if (!HMAC(hash, jwe->cek, jwe->cek_len / 2, msg, msg_len, md, md_len)) - { - CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); + if (!HMAC(hash, jwe->cek, jwe->cek_len / 2, msg, msg_len, md, md_len)) + { + CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); goto _cjose_jwe_calc_auth_tag_end; - } + } - // use only the first half of the bits - *md_len = *md_len / 2; - retval = true; + // use only the first half of the bits + *md_len = *md_len / 2; + retval = true; - _cjose_jwe_calc_auth_tag_end: - if (msg) - { - cjose_get_dealloc()(msg); - } +_cjose_jwe_calc_auth_tag_end: + if (msg) + { + cjose_get_dealloc()(msg); + } return retval; } //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_encrypt_dat_aes_cbc( - cjose_jwe_t *jwe, - const uint8_t *plaintext, - size_t plaintext_len, - cjose_err *err) +static bool _cjose_jwe_encrypt_dat_aes_cbc(cjose_jwe_t *jwe, const uint8_t *plaintext, size_t plaintext_len, cjose_err *err) { // make sure we have an enc header json_t *enc_obj = json_object_get(jwe->hdr, CJOSE_HDR_ENC); @@ -894,9 +760,8 @@ static bool _cjose_jwe_encrypt_dat_aes_cbc( } // we need the header in base64url encoding as input for encryption - if ((NULL == jwe->part[0].b64u) - && (!cjose_base64url_encode((const uint8_t *) jwe->part[0].raw, jwe->part[0].raw_len, &jwe->part[0].b64u, - &jwe->part[0].b64u_len, err))) + if ((NULL == jwe->part[0].b64u) && (!cjose_base64url_encode((const uint8_t *)jwe->part[0].raw, jwe->part[0].raw_len, + &jwe->part[0].b64u, &jwe->part[0].b64u_len, err))) { goto _cjose_jwe_encrypt_dat_aes_cbc_fail; } @@ -929,7 +794,7 @@ static bool _cjose_jwe_encrypt_dat_aes_cbc( // calculate Authentication Tag unsigned int tag_len = 0; uint8_t tag[EVP_MAX_MD_SIZE]; - if (_cjose_jwe_calc_auth_tag(enc, jwe, (unsigned char *) &tag, &tag_len, err) == false) + if (_cjose_jwe_calc_auth_tag(enc, jwe, (unsigned char *)&tag, &tag_len, err) == false) { return false; } @@ -948,7 +813,7 @@ static bool _cjose_jwe_encrypt_dat_aes_cbc( return true; - _cjose_jwe_encrypt_dat_aes_cbc_fail: +_cjose_jwe_encrypt_dat_aes_cbc_fail: if (NULL != ctx) { EVP_CIPHER_CTX_free(ctx); @@ -956,11 +821,8 @@ static bool _cjose_jwe_encrypt_dat_aes_cbc( return false; } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_decrypt_dat_a256gcm( - cjose_jwe_t *jwe, - cjose_err *err) +static bool _cjose_jwe_decrypt_dat_a256gcm(cjose_jwe_t *jwe, cjose_err *err) { EVP_CIPHER_CTX *ctx = NULL; @@ -997,11 +859,8 @@ static bool _cjose_jwe_decrypt_dat_a256gcm( // set GCM mode AAD data (hdr_b64u) by setting "out" to NULL int bytes_decrypted = 0; - if (EVP_DecryptUpdate(ctx, - NULL, &bytes_decrypted, - (unsigned char *)jwe->part[0].b64u, - jwe->part[0].b64u_len) != 1 || - bytes_decrypted != jwe->part[0].b64u_len) + if (EVP_DecryptUpdate(ctx, NULL, &bytes_decrypted, (unsigned char *)jwe->part[0].b64u, jwe->part[0].b64u_len) != 1 + || bytes_decrypted != jwe->part[0].b64u_len) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); goto _cjose_jwe_decrypt_dat_a256gcm_fail; @@ -1016,9 +875,7 @@ static bool _cjose_jwe_decrypt_dat_a256gcm( } // decrypt ciphertext to plaintext buffer - if (EVP_DecryptUpdate(ctx, - jwe->dat, &bytes_decrypted, - jwe->part[3].raw, jwe->part[3].raw_len) != 1) + if (EVP_DecryptUpdate(ctx, jwe->dat, &bytes_decrypted, jwe->part[3].raw, jwe->part[3].raw_len) != 1) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); goto _cjose_jwe_decrypt_dat_a256gcm_fail; @@ -1035,7 +892,7 @@ static bool _cjose_jwe_decrypt_dat_a256gcm( EVP_CIPHER_CTX_free(ctx); return true; - _cjose_jwe_decrypt_dat_a256gcm_fail: +_cjose_jwe_decrypt_dat_a256gcm_fail: if (NULL != ctx) { EVP_CIPHER_CTX_free(ctx); @@ -1044,9 +901,7 @@ static bool _cjose_jwe_decrypt_dat_a256gcm( } //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jwe_decrypt_dat_aes_cbc( - cjose_jwe_t *jwe, - cjose_err *err) +static bool _cjose_jwe_decrypt_dat_aes_cbc(cjose_jwe_t *jwe, cjose_err *err) { // make sure we have an enc header json_t *enc_obj = json_object_get(jwe->hdr, CJOSE_HDR_ENC); @@ -1060,7 +915,7 @@ static bool _cjose_jwe_decrypt_dat_aes_cbc( // calculate Authentication Tag unsigned int tag_len = 0; uint8_t tag[EVP_MAX_MD_SIZE]; - if (_cjose_jwe_calc_auth_tag(enc, jwe, (unsigned char *) &tag, &tag_len, err) == false) + if (_cjose_jwe_calc_auth_tag(enc, jwe, (unsigned char *)&tag, &tag_len, err) == false) { return false; } @@ -1133,7 +988,7 @@ static bool _cjose_jwe_decrypt_dat_aes_cbc( return true; - _cjose_jwe_decrypt_dat_aes_cbc_fail: +_cjose_jwe_decrypt_dat_aes_cbc_fail: if (NULL != ctx) { EVP_CIPHER_CTX_free(ctx); @@ -1143,11 +998,7 @@ static bool _cjose_jwe_decrypt_dat_aes_cbc( //////////////////////////////////////////////////////////////////////////////// cjose_jwe_t *cjose_jwe_encrypt( - const cjose_jwk_t *jwk, - cjose_header_t *protected_header, - const uint8_t *plaintext, - size_t plaintext_len, - cjose_err *err) + const cjose_jwk_t *jwk, cjose_header_t *protected_header, const uint8_t *plaintext, size_t plaintext_len, cjose_err *err) { cjose_jwe_t *jwe = NULL; @@ -1159,8 +1010,9 @@ cjose_jwe_t *cjose_jwe_encrypt( // if not already set, add kid header to JWE to match that of JWK const char *kid = cjose_jwk_get_kid(jwk, err); - if (NULL != kid) { - if (!cjose_header_set(protected_header, CJOSE_HDR_KID, kid, err)) + if (NULL != kid) + { + if (!cjose_header_set(protected_header, CJOSE_HDR_KID, kid, err)) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_STATE); return false; @@ -1211,10 +1063,8 @@ cjose_jwe_t *cjose_jwe_encrypt( return jwe; } - //////////////////////////////////////////////////////////////////////////////// -void cjose_jwe_release( - cjose_jwe_t *jwe) +void cjose_jwe_release(cjose_jwe_t *jwe) { if (NULL == jwe) { @@ -1236,9 +1086,7 @@ void cjose_jwe_release( } //////////////////////////////////////////////////////////////////////////////// -char *cjose_jwe_export( - cjose_jwe_t *jwe, - cjose_err *err) +char *cjose_jwe_export(cjose_jwe_t *jwe, cjose_err *err) { char *cser = NULL; size_t cser_len = 0; @@ -1252,13 +1100,11 @@ char *cjose_jwe_export( // make sure all parts are b64u encoded for (int i = 0; i < 5; ++i) { - if ((NULL == jwe->part[i].b64u) && - (!cjose_base64url_encode( - (const uint8_t *)jwe->part[i].raw, jwe->part[i].raw_len, - &jwe->part[i].b64u, &jwe->part[i].b64u_len, err))) + if ((NULL == jwe->part[i].b64u) && (!cjose_base64url_encode((const uint8_t *)jwe->part[i].raw, jwe->part[i].raw_len, + &jwe->part[i].b64u, &jwe->part[i].b64u_len, err))) { return NULL; - } + } } // compute length of compact serialization @@ -1275,21 +1121,14 @@ char *cjose_jwe_export( } // build the compact serialization - snprintf(cser, cser_len, "%s.%s.%s.%s.%s", jwe->part[0].b64u, - jwe->part[1].b64u, jwe->part[2].b64u, - jwe->part[3].b64u, jwe->part[4].b64u); + snprintf(cser, cser_len, "%s.%s.%s.%s.%s", jwe->part[0].b64u, jwe->part[1].b64u, jwe->part[2].b64u, jwe->part[3].b64u, + jwe->part[4].b64u); return cser; } - //////////////////////////////////////////////////////////////////////////////// -bool _cjose_jwe_import_part( - cjose_jwe_t *jwe, - size_t p, - const char *b64u, - size_t b64u_len, - cjose_err *err) +bool _cjose_jwe_import_part(cjose_jwe_t *jwe, size_t p, const char *b64u, size_t b64u_len, cjose_err *err) { // only the ek and the data parts may be of zero length if (b64u_len == 0 && p != 1 && p != 3) @@ -1303,23 +1142,17 @@ bool _cjose_jwe_import_part( jwe->part[p].b64u_len = b64u_len; // b64u decode the part - if (!cjose_base64url_decode( - jwe->part[p].b64u, jwe->part[p].b64u_len, - (uint8_t **)&jwe->part[p].raw, &jwe->part[p].raw_len, err) || - NULL == jwe->part[p].raw) + if (!cjose_base64url_decode(jwe->part[p].b64u, jwe->part[p].b64u_len, (uint8_t **)&jwe->part[p].raw, &jwe->part[p].raw_len, err) + || NULL == jwe->part[p].raw) { - return false; + return false; } return true; } - //////////////////////////////////////////////////////////////////////////////// -cjose_jwe_t *cjose_jwe_import( - const char *cser, - size_t cser_len, - cjose_err *err) +cjose_jwe_t *cjose_jwe_import(const char *cser, size_t cser_len, cjose_err *err) { cjose_jwe_t *jwe = NULL; @@ -1343,15 +1176,15 @@ cjose_jwe_t *cjose_jwe_import( { if ((idx == cser_len) || (cser[idx] == '.')) { - if (!_cjose_jwe_import_part( - jwe, part++, cser + start_idx, idx - start_idx, err)) + if (!_cjose_jwe_import_part(jwe, part++, cser + start_idx, idx - start_idx, err)) { cjose_jwe_release(jwe); - return NULL; + return NULL; } start_idx = idx + 1; } - if (part < 5) ++idx; + if (part < 5) + ++idx; } // fail if we didn't find enough parts @@ -1367,12 +1200,11 @@ cjose_jwe_t *cjose_jwe_import( { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); cjose_jwe_release(jwe); - return NULL; + return NULL; } // deserialize JSON header - jwe->hdr = json_loadb( - (const char *)jwe->part[0].raw, jwe->part[0].raw_len, 0, NULL); + jwe->hdr = json_loadb((const char *)jwe->part[0].raw, jwe->part[0].raw_len, 0, NULL); if (NULL == jwe->hdr) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); @@ -1385,19 +1217,14 @@ cjose_jwe_t *cjose_jwe_import( { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); cjose_jwe_release(jwe); - return NULL; + return NULL; } return jwe; } - //////////////////////////////////////////////////////////////////////////////// -uint8_t *cjose_jwe_decrypt( - cjose_jwe_t *jwe, - const cjose_jwk_t *jwk, - size_t *content_len, - cjose_err *err) +uint8_t *cjose_jwe_decrypt(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, size_t *content_len, cjose_err *err) { if (NULL == jwe || NULL == jwk || NULL == content_len) { @@ -1405,7 +1232,7 @@ uint8_t *cjose_jwe_decrypt( return NULL; } - // decrypt JWE content-encryption key from encrypted key + // decrypt JWE content-encryption key from encrypted key if (!jwe->fns.decrypt_ek(jwe, jwk, err)) { return NULL; diff --git a/src/jwk.c b/src/jwk.c index b3a9777..92add05 100644 --- a/src/jwk.c +++ b/src/jwk.c @@ -30,39 +30,36 @@ static const char CJOSE_JWK_EC_P_256_STR[] = "P-256"; static const char CJOSE_JWK_EC_P_384_STR[] = "P-384"; static const char CJOSE_JWK_EC_P_521_STR[] = "P-521"; -static const char CJOSE_JWK_KTY_STR[] = "kty"; -static const char CJOSE_JWK_KID_STR[] = "kid"; -static const char CJOSE_JWK_KTY_EC_STR[] = "EC"; -static const char CJOSE_JWK_KTY_RSA_STR[] = "RSA"; -static const char CJOSE_JWK_KTY_OCT_STR[] = "oct"; -static const char CJOSE_JWK_CRV_STR[] = "crv"; -static const char CJOSE_JWK_X_STR[] = "x"; -static const char CJOSE_JWK_Y_STR[] = "y"; -static const char CJOSE_JWK_D_STR[] = "d"; -static const char CJOSE_JWK_N_STR[] = "n"; -static const char CJOSE_JWK_E_STR[] = "e"; -static const char CJOSE_JWK_P_STR[] = "p"; -static const char CJOSE_JWK_Q_STR[] = "q"; -static const char CJOSE_JWK_DP_STR[] = "dp"; -static const char CJOSE_JWK_DQ_STR[] = "dq"; -static const char CJOSE_JWK_QI_STR[] = "qi"; -static const char CJOSE_JWK_K_STR[] = "k"; - -static const char * JWK_KTY_NAMES[] = { - CJOSE_JWK_KTY_RSA_STR, - CJOSE_JWK_KTY_EC_STR, - CJOSE_JWK_KTY_OCT_STR -}; +static const char CJOSE_JWK_KTY_STR[] = "kty"; +static const char CJOSE_JWK_KID_STR[] = "kid"; +static const char CJOSE_JWK_KTY_EC_STR[] = "EC"; +static const char CJOSE_JWK_KTY_RSA_STR[] = "RSA"; +static const char CJOSE_JWK_KTY_OCT_STR[] = "oct"; +static const char CJOSE_JWK_CRV_STR[] = "crv"; +static const char CJOSE_JWK_X_STR[] = "x"; +static const char CJOSE_JWK_Y_STR[] = "y"; +static const char CJOSE_JWK_D_STR[] = "d"; +static const char CJOSE_JWK_N_STR[] = "n"; +static const char CJOSE_JWK_E_STR[] = "e"; +static const char CJOSE_JWK_P_STR[] = "p"; +static const char CJOSE_JWK_Q_STR[] = "q"; +static const char CJOSE_JWK_DP_STR[] = "dp"; +static const char CJOSE_JWK_DQ_STR[] = "dq"; +static const char CJOSE_JWK_QI_STR[] = "qi"; +static const char CJOSE_JWK_K_STR[] = "k"; + +static const char *JWK_KTY_NAMES[] = { CJOSE_JWK_KTY_RSA_STR, CJOSE_JWK_KTY_EC_STR, CJOSE_JWK_KTY_OCT_STR }; void _cjose_jwk_rsa_get(RSA *rsa, BIGNUM **rsa_n, BIGNUM **rsa_e, BIGNUM **rsa_d) { - if (rsa == NULL) return; + if (rsa == NULL) + return; #if (CJOSE_OPENSSL_11X) RSA_get0_key(rsa, (const BIGNUM **)rsa_n, (const BIGNUM **)rsa_e, (const BIGNUM **)rsa_d); #else - *rsa_n=rsa->n; - *rsa_e=rsa->e; - *rsa_d=rsa->d; + *rsa_n = rsa->n; + *rsa_e = rsa->e; + *rsa_d = rsa->d; #endif } @@ -84,10 +81,10 @@ bool _cjose_jwk_rsa_set(RSA *rsa, uint8_t *n, size_t n_len, uint8_t *e, size_t e #if (CJOSE_OPENSSL_11X) return RSA_set0_key(rsa, rsa_n, rsa_e, rsa_d) == 1; #else - rsa->n = rsa_n; - rsa->e = rsa_e; - rsa->d = rsa_d; - return true; + rsa->n = rsa_n; + rsa->e = rsa_e; + rsa->d = rsa_d; + return true; #endif } @@ -96,8 +93,8 @@ void _cjose_jwk_rsa_get_factors(RSA *rsa, BIGNUM **p, BIGNUM **q) #if (CJOSE_OPENSSL_11X) RSA_get0_factors(rsa, (const BIGNUM **)p, (const BIGNUM **)q); #else - *p=rsa->p; - *q=rsa->q; + *p = rsa->p; + *q = rsa->q; #endif } @@ -123,13 +120,14 @@ void _cjose_jwk_rsa_get_crt(RSA *rsa, BIGNUM **dmp1, BIGNUM **dmq1, BIGNUM **iqm #if (CJOSE_OPENSSL_11X) RSA_get0_crt_params(rsa, (const BIGNUM **)dmp1, (const BIGNUM **)dmq1, (const BIGNUM **)iqmp); #else - *dmp1=rsa->dmp1; - *dmq1=rsa->dmq1; - *iqmp=rsa->iqmp; + *dmp1 = rsa->dmp1; + *dmq1 = rsa->dmq1; + *iqmp = rsa->iqmp; #endif } -void _cjose_jwk_rsa_set_crt(RSA *rsa, uint8_t *dmp1, size_t dmp1_len, uint8_t *dmq1, size_t dmq1_len, uint8_t *iqmp, size_t iqmp_len) +void _cjose_jwk_rsa_set_crt( + RSA *rsa, uint8_t *dmp1, size_t dmp1_len, uint8_t *dmq1, size_t dmq1_len, uint8_t *iqmp, size_t iqmp_len) { BIGNUM *rsa_dmp1 = NULL, *rsa_dmq1 = NULL, *rsa_iqmp = NULL; @@ -149,11 +147,9 @@ void _cjose_jwk_rsa_set_crt(RSA *rsa, uint8_t *dmp1, size_t dmp1_len, uint8_t *d #endif } - - // interface functions -- Generic -const char * cjose_jwk_name_for_kty(cjose_jwk_kty_t kty, cjose_err *err) +const char *cjose_jwk_name_for_kty(cjose_jwk_kty_t kty, cjose_err *err) { if (0 == kty || CJOSE_JWK_KTY_OCT < kty) { @@ -164,7 +160,7 @@ const char * cjose_jwk_name_for_kty(cjose_jwk_kty_t kty, cjose_err *err) return JWK_KTY_NAMES[kty - CJOSE_JWK_KTY_RSA]; } -cjose_jwk_t * cjose_jwk_retain(cjose_jwk_t *jwk, cjose_err *err) +cjose_jwk_t *cjose_jwk_retain(cjose_jwk_t *jwk, cjose_err *err) { if (!jwk) { @@ -241,11 +237,7 @@ const char *cjose_jwk_get_kid(const cjose_jwk_t *jwk, cjose_err *err) return jwk->kid; } -bool cjose_jwk_set_kid( - cjose_jwk_t *jwk, - const char *kid, - size_t len, - cjose_err *err) +bool cjose_jwk_set_kid(cjose_jwk_t *jwk, const char *kid, size_t len, cjose_err *err) { if (!jwk || !kid) { @@ -255,14 +247,14 @@ bool cjose_jwk_set_kid( if (jwk->kid) { cjose_get_dealloc()(jwk->kid); - } - jwk->kid = (char *)cjose_get_alloc()(len+1); + } + jwk->kid = (char *)cjose_get_alloc()(len + 1); if (!jwk->kid) { CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY); return false; } - strncpy(jwk->kid, kid, len+1); + strncpy(jwk->kid, kid, len + 1); return true; } @@ -276,8 +268,7 @@ char *cjose_jwk_to_json(const cjose_jwk_t *jwk, bool priv, cjose_err *err) return NULL; } - json_t *json = json_object(), - *field = NULL; + json_t *json = json_object(), *field = NULL; if (!json) { CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY); @@ -317,15 +308,13 @@ char *cjose_jwk_to_json(const cjose_jwk_t *jwk, bool priv, cjose_err *err) } // set private fields - if (priv && jwk->fns->private_json && - !jwk->fns->private_json(jwk, json, err)) + if (priv && jwk->fns->private_json && !jwk->fns->private_json(jwk, json, err)) { goto to_json_cleanup; } // generate the string ... - char *str_jwk = json_dumps( - json, JSON_ENCODE_ANY | JSON_COMPACT | JSON_PRESERVE_ORDER); + char *str_jwk = json_dumps(json, JSON_ENCODE_ANY | JSON_COMPACT | JSON_PRESERVE_ORDER); if (!str_jwk) { CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY); @@ -338,8 +327,8 @@ char *cjose_jwk_to_json(const cjose_jwk_t *jwk, bool priv, cjose_err *err) goto to_json_cleanup; } cjose_get_dealloc()(str_jwk); - - to_json_cleanup: + +to_json_cleanup: if (json) { json_decref(json); @@ -350,7 +339,7 @@ char *cjose_jwk_to_json(const cjose_jwk_t *jwk, bool priv, cjose_err *err) json_decref(field); field = NULL; } - + return result; } @@ -358,16 +347,10 @@ char *cjose_jwk_to_json(const cjose_jwk_t *jwk, bool priv, cjose_err *err) // internal data & functions -- Octet String static void _oct_free(cjose_jwk_t *jwk); -static bool _oct_public_fields( - const cjose_jwk_t *jwk, json_t *json, cjose_err *err); -static bool _oct_private_fields( - const cjose_jwk_t *jwk, json_t *json, cjose_err *err); +static bool _oct_public_fields(const cjose_jwk_t *jwk, json_t *json, cjose_err *err); +static bool _oct_private_fields(const cjose_jwk_t *jwk, json_t *json, cjose_err *err); -static const key_fntable OCT_FNTABLE = { - _oct_free, - _oct_public_fields, - _oct_private_fields -}; +static const key_fntable OCT_FNTABLE = { _oct_free, _oct_public_fields, _oct_private_fields }; static cjose_jwk_t *_oct_new(uint8_t *buffer, size_t keysize, cjose_err *err) { @@ -391,8 +374,8 @@ static cjose_jwk_t *_oct_new(uint8_t *buffer, size_t keysize, cjose_err *err) static void _oct_free(cjose_jwk_t *jwk) { - uint8_t * buffer = (uint8_t *)jwk->keydata; - jwk->keydata = NULL; + uint8_t *buffer = (uint8_t *)jwk->keydata; + jwk->keydata = NULL; if (buffer) { cjose_get_dealloc()(buffer); @@ -400,14 +383,9 @@ static void _oct_free(cjose_jwk_t *jwk) cjose_get_dealloc()(jwk); } -static bool _oct_public_fields( - const cjose_jwk_t *jwk, json_t *json, cjose_err *err) -{ - return true; -} +static bool _oct_public_fields(const cjose_jwk_t *jwk, json_t *json, cjose_err *err) { return true; } -static bool _oct_private_fields( - const cjose_jwk_t *jwk, json_t *json, cjose_err *err) +static bool _oct_private_fields(const cjose_jwk_t *jwk, json_t *json, cjose_err *err) { json_t *field = NULL; char *k = NULL; @@ -429,7 +407,7 @@ static bool _oct_private_fields( } json_object_set(json, "k", field); json_decref(field); - + return true; } @@ -437,8 +415,8 @@ static bool _oct_private_fields( cjose_jwk_t *cjose_jwk_create_oct_random(size_t keysize, cjose_err *err) { - cjose_jwk_t * jwk = NULL; - uint8_t * buffer = NULL; + cjose_jwk_t *jwk = NULL; + uint8_t *buffer = NULL; if (0 == keysize) { @@ -467,7 +445,7 @@ cjose_jwk_t *cjose_jwk_create_oct_random(size_t keysize, cjose_err *err) } return jwk; - create_oct_failed: +create_oct_failed: if (buffer) { cjose_get_dealloc()(buffer); @@ -477,11 +455,10 @@ cjose_jwk_t *cjose_jwk_create_oct_random(size_t keysize, cjose_err *err) return NULL; } -cjose_jwk_t * cjose_jwk_create_oct_spec( - const uint8_t *data, size_t len, cjose_err *err) +cjose_jwk_t *cjose_jwk_create_oct_spec(const uint8_t *data, size_t len, cjose_err *err) { - cjose_jwk_t * jwk = NULL; - uint8_t * buffer = NULL; + cjose_jwk_t *jwk = NULL; + uint8_t *buffer = NULL; if (NULL == data || 0 == len) { @@ -505,7 +482,7 @@ cjose_jwk_t * cjose_jwk_create_oct_spec( return jwk; - create_oct_failed: +create_oct_failed: if (buffer) { cjose_get_dealloc()(buffer); @@ -519,59 +496,53 @@ cjose_jwk_t * cjose_jwk_create_oct_spec( // internal data & functions -- Elliptic Curve static void _EC_free(cjose_jwk_t *jwk); -static bool _EC_public_fields( - const cjose_jwk_t *jwk, json_t *json, cjose_err *err); -static bool _EC_private_fields( - const cjose_jwk_t *jwk, json_t *json, cjose_err *err); - -static const key_fntable EC_FNTABLE = { - _EC_free, - _EC_public_fields, - _EC_private_fields -}; - -static inline uint8_t _ec_size_for_curve( - cjose_jwk_ec_curve crv, cjose_err *err) +static bool _EC_public_fields(const cjose_jwk_t *jwk, json_t *json, cjose_err *err); +static bool _EC_private_fields(const cjose_jwk_t *jwk, json_t *json, cjose_err *err); + +static const key_fntable EC_FNTABLE = { _EC_free, _EC_public_fields, _EC_private_fields }; + +static inline uint8_t _ec_size_for_curve(cjose_jwk_ec_curve crv, cjose_err *err) { switch (crv) { - case CJOSE_JWK_EC_P_256: return 32; - case CJOSE_JWK_EC_P_384: return 48; - case CJOSE_JWK_EC_P_521: return 66; + case CJOSE_JWK_EC_P_256: + return 32; + case CJOSE_JWK_EC_P_384: + return 48; + case CJOSE_JWK_EC_P_521: + return 66; } return 0; } -static inline const char *_ec_name_for_curve( - cjose_jwk_ec_curve crv, cjose_err *err) +static inline const char *_ec_name_for_curve(cjose_jwk_ec_curve crv, cjose_err *err) { switch (crv) { - case CJOSE_JWK_EC_P_256: return CJOSE_JWK_EC_P_256_STR; - case CJOSE_JWK_EC_P_384: return CJOSE_JWK_EC_P_384_STR; - case CJOSE_JWK_EC_P_521: return CJOSE_JWK_EC_P_521_STR; + case CJOSE_JWK_EC_P_256: + return CJOSE_JWK_EC_P_256_STR; + case CJOSE_JWK_EC_P_384: + return CJOSE_JWK_EC_P_384_STR; + case CJOSE_JWK_EC_P_521: + return CJOSE_JWK_EC_P_521_STR; } return NULL; } -static inline bool _ec_curve_from_name( - const char *name, cjose_jwk_ec_curve *crv, cjose_err *err) +static inline bool _ec_curve_from_name(const char *name, cjose_jwk_ec_curve *crv, cjose_err *err) { bool retval = true; - if (strncmp( - name, CJOSE_JWK_EC_P_256_STR, sizeof(CJOSE_JWK_EC_P_256_STR)) == 0) + if (strncmp(name, CJOSE_JWK_EC_P_256_STR, sizeof(CJOSE_JWK_EC_P_256_STR)) == 0) { *crv = CJOSE_JWK_EC_P_256; } - else if (strncmp( - name, CJOSE_JWK_EC_P_384_STR, sizeof(CJOSE_JWK_EC_P_384_STR)) == 0) + else if (strncmp(name, CJOSE_JWK_EC_P_384_STR, sizeof(CJOSE_JWK_EC_P_384_STR)) == 0) { *crv = CJOSE_JWK_EC_P_384; } - else if (strncmp( - name, CJOSE_JWK_EC_P_521_STR, sizeof(CJOSE_JWK_EC_P_521_STR)) == 0) + else if (strncmp(name, CJOSE_JWK_EC_P_521_STR, sizeof(CJOSE_JWK_EC_P_521_STR)) == 0) { *crv = CJOSE_JWK_EC_P_521; } @@ -582,22 +553,18 @@ static inline bool _ec_curve_from_name( return retval; } -static inline bool _kty_from_name( - const char *name, cjose_jwk_kty_t *kty, cjose_err *err) +static inline bool _kty_from_name(const char *name, cjose_jwk_kty_t *kty, cjose_err *err) { bool retval = true; - if (strncmp( - name, CJOSE_JWK_KTY_EC_STR, sizeof(CJOSE_JWK_KTY_EC_STR)) == 0) + if (strncmp(name, CJOSE_JWK_KTY_EC_STR, sizeof(CJOSE_JWK_KTY_EC_STR)) == 0) { *kty = CJOSE_JWK_KTY_EC; } - else if (strncmp( - name, CJOSE_JWK_KTY_RSA_STR, sizeof(CJOSE_JWK_KTY_RSA_STR)) == 0) + else if (strncmp(name, CJOSE_JWK_KTY_RSA_STR, sizeof(CJOSE_JWK_KTY_RSA_STR)) == 0) { *kty = CJOSE_JWK_KTY_RSA; } - else if (strncmp( - name, CJOSE_JWK_KTY_OCT_STR, sizeof(CJOSE_JWK_KTY_OCT_STR)) == 0) + else if (strncmp(name, CJOSE_JWK_KTY_OCT_STR, sizeof(CJOSE_JWK_KTY_OCT_STR)) == 0) { *kty = CJOSE_JWK_KTY_OCT; } @@ -629,16 +596,17 @@ static cjose_jwk_t *_EC_new(cjose_jwk_ec_curve crv, EC_KEY *ec, cjose_err *err) memset(jwk, 0, sizeof(cjose_jwk_t)); jwk->retained = 1; jwk->kty = CJOSE_JWK_KTY_EC; - switch (crv) { - case CJOSE_JWK_EC_P_256: - jwk->keysize = 256; - break; - case CJOSE_JWK_EC_P_384: - jwk->keysize = 384; - break; - case CJOSE_JWK_EC_P_521: - jwk->keysize = 521; - break; + switch (crv) + { + case CJOSE_JWK_EC_P_256: + jwk->keysize = 256; + break; + case CJOSE_JWK_EC_P_384: + jwk->keysize = 384; + break; + case CJOSE_JWK_EC_P_521: + jwk->keysize = 521; + break; } jwk->keydata = keydata; jwk->fns = &EC_FNTABLE; @@ -648,12 +616,12 @@ static cjose_jwk_t *_EC_new(cjose_jwk_ec_curve crv, EC_KEY *ec, cjose_err *err) static void _EC_free(cjose_jwk_t *jwk) { - ec_keydata *keydata = (ec_keydata *)jwk->keydata; + ec_keydata *keydata = (ec_keydata *)jwk->keydata; jwk->keydata = NULL; if (keydata) { - EC_KEY *ec = keydata->key; + EC_KEY *ec = keydata->key; keydata->key = NULL; if (ec) { @@ -664,23 +632,20 @@ static void _EC_free(cjose_jwk_t *jwk) cjose_get_dealloc()(jwk); } -static bool _EC_public_fields( - const cjose_jwk_t *jwk, json_t *json, cjose_err *err) +static bool _EC_public_fields(const cjose_jwk_t *jwk, json_t *json, cjose_err *err) { - ec_keydata *keydata = (ec_keydata *)jwk->keydata; - const EC_GROUP *params = NULL; - const EC_POINT *pub = NULL; - BIGNUM *bnX = NULL, - *bnY = NULL; - uint8_t *buffer = NULL; - char *b64u = NULL; - size_t len = 0, - offset = 0; - json_t *field = NULL; - bool result = false; + ec_keydata *keydata = (ec_keydata *)jwk->keydata; + const EC_GROUP *params = NULL; + const EC_POINT *pub = NULL; + BIGNUM *bnX = NULL, *bnY = NULL; + uint8_t *buffer = NULL; + char *b64u = NULL; + size_t len = 0, offset = 0; + json_t *field = NULL; + bool result = false; // track expected binary data size - uint8_t numsize = _ec_size_for_curve(keydata->crv, err); + uint8_t numsize = _ec_size_for_curve(keydata->crv, err); // output the curve field = json_string(_ec_name_for_curve(keydata->crv, err)); @@ -756,7 +721,7 @@ static bool _EC_public_fields( result = true; - _ec_to_string_cleanup: +_ec_to_string_cleanup: if (field) { json_decref(field); @@ -781,20 +746,18 @@ static bool _EC_public_fields( return result; } -static bool _EC_private_fields( - const cjose_jwk_t *jwk, json_t *json, cjose_err *err) +static bool _EC_private_fields(const cjose_jwk_t *jwk, json_t *json, cjose_err *err) { - ec_keydata *keydata = (ec_keydata *)jwk->keydata; - const BIGNUM *bnD = EC_KEY_get0_private_key(keydata->key); - uint8_t *buffer = NULL; - char *b64u = NULL; - size_t len = 0, - offset = 0; - json_t *field = NULL; - bool result = false; + ec_keydata *keydata = (ec_keydata *)jwk->keydata; + const BIGNUM *bnD = EC_KEY_get0_private_key(keydata->key); + uint8_t *buffer = NULL; + char *b64u = NULL; + size_t len = 0, offset = 0; + json_t *field = NULL; + bool result = false; // track expected binary data size - uint8_t numsize = _ec_size_for_curve(keydata->crv, err); + uint8_t numsize = _ec_size_for_curve(keydata->crv, err); // short circuit if 'd' is NULL or 0 if (!bnD || BN_is_zero(bnD)) @@ -829,7 +792,7 @@ static bool _EC_private_fields( result = true; - _ec_to_string_cleanup: +_ec_to_string_cleanup: if (buffer) { cjose_get_dealloc()(buffer); @@ -842,8 +805,8 @@ static bool _EC_private_fields( cjose_jwk_t *cjose_jwk_create_EC_random(cjose_jwk_ec_curve crv, cjose_err *err) { - cjose_jwk_t * jwk = NULL; - EC_KEY * ec = NULL; + cjose_jwk_t *jwk = NULL; + EC_KEY *ec = NULL; ec = EC_KEY_new_by_curve_name(crv); if (!ec) @@ -851,7 +814,7 @@ cjose_jwk_t *cjose_jwk_create_EC_random(cjose_jwk_ec_curve crv, cjose_err *err) CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); goto create_EC_failed; } - + if (1 != EC_KEY_generate_key(ec)) { CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY); @@ -866,7 +829,7 @@ cjose_jwk_t *cjose_jwk_create_EC_random(cjose_jwk_ec_curve crv, cjose_err *err) return jwk; - create_EC_failed: +create_EC_failed: if (jwk) { cjose_get_dealloc()(jwk); @@ -881,16 +844,15 @@ cjose_jwk_t *cjose_jwk_create_EC_random(cjose_jwk_ec_curve crv, cjose_err *err) return NULL; } -cjose_jwk_t *cjose_jwk_create_EC_spec( - const cjose_jwk_ec_keyspec *spec, cjose_err *err) +cjose_jwk_t *cjose_jwk_create_EC_spec(const cjose_jwk_ec_keyspec *spec, cjose_err *err) { - cjose_jwk_t * jwk = NULL; - EC_KEY * ec = NULL; - EC_GROUP * params = NULL; - EC_POINT * Q = NULL; - BIGNUM * bnD = NULL; - BIGNUM * bnX = NULL; - BIGNUM * bnY = NULL; + cjose_jwk_t *jwk = NULL; + EC_KEY *ec = NULL; + EC_GROUP *params = NULL; + EC_POINT *Q = NULL; + BIGNUM *bnD = NULL; + BIGNUM *bnX = NULL; + BIGNUM *bnY = NULL; if (!spec) { @@ -898,9 +860,8 @@ cjose_jwk_t *cjose_jwk_create_EC_spec( return NULL; } - bool hasPriv = (NULL != spec->d && 0 < spec->dlen); - bool hasPub = ((NULL != spec->x && 0 < spec->xlen) && - (NULL != spec->y && 0 < spec->ylen)); + bool hasPriv = (NULL != spec->d && 0 < spec->dlen); + bool hasPub = ((NULL != spec->x && 0 < spec->xlen) && (NULL != spec->y && 0 < spec->ylen)); if (!hasPriv && !hasPub) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); @@ -983,7 +944,7 @@ cjose_jwk_t *cjose_jwk_create_EC_spec( CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY); goto create_EC_failed; } - + jwk = _EC_new(spec->crv, ec, err); if (!jwk) { @@ -993,7 +954,7 @@ cjose_jwk_t *cjose_jwk_create_EC_spec( // jump to cleanup goto create_EC_cleanup; - create_EC_failed: +create_EC_failed: if (jwk) { cjose_get_dealloc()(jwk); @@ -1005,7 +966,7 @@ cjose_jwk_t *cjose_jwk_create_EC_spec( ec = NULL; } - create_EC_cleanup: +create_EC_cleanup: if (Q) { EC_POINT_free(Q); @@ -1034,16 +995,10 @@ cjose_jwk_t *cjose_jwk_create_EC_spec( // internal data & functions -- RSA static void _RSA_free(cjose_jwk_t *jwk); -static bool _RSA_public_fields( - const cjose_jwk_t *jwk, json_t *json, cjose_err *err); -static bool _RSA_private_fields( - const cjose_jwk_t *jwk, json_t *json, cjose_err *err); +static bool _RSA_public_fields(const cjose_jwk_t *jwk, json_t *json, cjose_err *err); +static bool _RSA_private_fields(const cjose_jwk_t *jwk, json_t *json, cjose_err *err); -static const key_fntable RSA_FNTABLE = { - _RSA_free, - _RSA_public_fields, - _RSA_private_fields -}; +static const key_fntable RSA_FNTABLE = { _RSA_free, _RSA_public_fields, _RSA_private_fields }; static inline cjose_jwk_t *_RSA_new(RSA *rsa, cjose_err *err) { @@ -1074,15 +1029,13 @@ static void _RSA_free(cjose_jwk_t *jwk) cjose_get_dealloc()(jwk); } -static inline bool _RSA_json_field( - BIGNUM *param, const char *name, json_t *json, cjose_err *err) +static inline bool _RSA_json_field(BIGNUM *param, const char *name, json_t *json, cjose_err *err) { - json_t *field = NULL; - uint8_t *data = NULL; - char *b64u = NULL; - size_t datalen = 0, - b64ulen = 0; - bool result = false; + json_t *field = NULL; + uint8_t *data = NULL; + char *b64u = NULL; + size_t datalen = 0, b64ulen = 0; + bool result = false; if (!param) { @@ -1111,7 +1064,7 @@ static inline bool _RSA_json_field( field = NULL; result = true; - RSA_json_field_cleanup: +RSA_json_field_cleanup: if (b64u) { cjose_get_dealloc()(b64u); @@ -1126,8 +1079,7 @@ static inline bool _RSA_json_field( return result; } -static bool _RSA_public_fields( - const cjose_jwk_t *jwk, json_t *json, cjose_err *err) +static bool _RSA_public_fields(const cjose_jwk_t *jwk, json_t *json, cjose_err *err) { RSA *rsa = (RSA *)jwk->keydata; @@ -1146,8 +1098,7 @@ static bool _RSA_public_fields( return true; } -static bool _RSA_private_fields( - const cjose_jwk_t *jwk, json_t *json, cjose_err *err) +static bool _RSA_private_fields(const cjose_jwk_t *jwk, json_t *json, cjose_err *err) { RSA *rsa = (RSA *)jwk->keydata; @@ -1192,8 +1143,7 @@ static bool _RSA_private_fields( static const uint8_t *DEFAULT_E_DAT = (const uint8_t *)"\x01\x00\x01"; static const size_t DEFAULT_E_LEN = 3; -cjose_jwk_t *cjose_jwk_create_RSA_random( - size_t keysize, const uint8_t *e, size_t elen, cjose_err *err) +cjose_jwk_t *cjose_jwk_create_RSA_random(size_t keysize, const uint8_t *e, size_t elen, cjose_err *err) { if (0 == keysize) { @@ -1206,8 +1156,8 @@ cjose_jwk_t *cjose_jwk_create_RSA_random( elen = DEFAULT_E_LEN; } - RSA *rsa = NULL; - BIGNUM *bn = NULL; + RSA *rsa = NULL; + BIGNUM *bn = NULL; rsa = RSA_new(); if (!rsa) @@ -1232,7 +1182,7 @@ cjose_jwk_t *cjose_jwk_create_RSA_random( BN_free(bn); return _RSA_new(rsa, err); - create_RSA_random_failed: +create_RSA_random_failed: if (bn) { BN_free(bn); @@ -1244,8 +1194,7 @@ cjose_jwk_t *cjose_jwk_create_RSA_random( return NULL; } -cjose_jwk_t *cjose_jwk_create_RSA_spec( - const cjose_jwk_rsa_keyspec *spec, cjose_err *err) +cjose_jwk_t *cjose_jwk_create_RSA_spec(const cjose_jwk_rsa_keyspec *spec, cjose_err *err) { if (NULL == spec) { @@ -1253,17 +1202,15 @@ cjose_jwk_t *cjose_jwk_create_RSA_spec( return NULL; } - bool hasPub = (NULL != spec->n && 0 < spec->nlen) && - (NULL != spec->e && 0 < spec->elen); - bool hasPriv = (NULL != spec->n && 0 < spec->nlen) && - (NULL != spec->d && 0 < spec->dlen); + bool hasPub = (NULL != spec->n && 0 < spec->nlen) && (NULL != spec->e && 0 < spec->elen); + bool hasPriv = (NULL != spec->n && 0 < spec->nlen) && (NULL != spec->d && 0 < spec->dlen); if (!hasPub && !hasPriv) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); return NULL; } - RSA *rsa = NULL; + RSA *rsa = NULL; rsa = RSA_new(); if (!rsa) { @@ -1280,7 +1227,6 @@ cjose_jwk_t *cjose_jwk_create_RSA_spec( } _cjose_jwk_rsa_set_factors(rsa, spec->p, spec->plen, spec->q, spec->qlen); _cjose_jwk_rsa_set_crt(rsa, spec->dp, spec->dplen, spec->dq, spec->dqlen, spec->qi, spec->qilen); - } else if (hasPub) { @@ -1293,7 +1239,7 @@ cjose_jwk_t *cjose_jwk_create_RSA_spec( return _RSA_new(rsa, err); - create_RSA_spec_failed: +create_RSA_spec_failed: if (rsa) { RSA_free(rsa); @@ -1305,19 +1251,16 @@ cjose_jwk_t *cjose_jwk_create_RSA_spec( //////////////// Import //////////////// // internal data & functions -- JWK key import - -static const char *_get_json_object_string_attribute( - json_t *json, const char *key, cjose_err *err) +static const char *_get_json_object_string_attribute(json_t *json, const char *key, cjose_err *err) { - const char *attr_str = NULL; + const char *attr_str = NULL; json_t *attr_json = json_object_get(json, key); if (NULL != attr_json) { attr_str = json_string_value(attr_json); } return attr_str; -} - +} /** * Internal helper function for extracing an octet string from a base64url @@ -1331,7 +1274,7 @@ static const char *_get_json_object_string_attribute( * \param[in] json the JSON object from which to read the attribute. * \param[in] key the name of the attribute to be decoded. * \param[out] pointer to buffer of octet string (if decoding succeeds). - * \param[in/out] in as the expected length of the attribute, out as the + * \param[in/out] in as the expected length of the attribute, out as the * actual decoded length. Note, this method succeeds only * if the actual decoded length matches the expected length. * If the in-value is 0 this indicates there is no particular @@ -1339,8 +1282,8 @@ static const char *_get_json_object_string_attribute( * \returns true if attribute is either not present or successfully decoded. * false otherwise. */ -static bool _decode_json_object_base64url_attribute(json_t *jwk_json, - const char *key, uint8_t **buffer, size_t *buflen, cjose_err *err) +static bool +_decode_json_object_base64url_attribute(json_t *jwk_json, const char *key, uint8_t **buffer, size_t *buflen, cjose_err *err) { // get the base64url encoded string value of the attribute (if any) const char *str = _get_json_object_string_attribute(jwk_json, key, err); @@ -1355,7 +1298,8 @@ static bool _decode_json_object_base64url_attribute(json_t *jwk_json, if (*buflen != 0) { const char *end = NULL; - for (end = str + strlen(str) - 1; *end == '=' && end > str; --end); + for (end = str + strlen(str) - 1; *end == '=' && end > str; --end) + ; size_t unpadded_len = end + 1 - str - ((*end == '=') ? 1 : 0); size_t expected_len = ceil(4 * ((float)*buflen / 3)); @@ -1387,26 +1331,24 @@ static cjose_jwk_t *_cjose_jwk_import_EC(json_t *jwk_json, cjose_err *err) uint8_t *d_buffer = NULL; // get the value of the crv attribute - const char *crv_str = - _get_json_object_string_attribute(jwk_json, CJOSE_JWK_CRV_STR, err); + const char *crv_str = _get_json_object_string_attribute(jwk_json, CJOSE_JWK_CRV_STR, err); if (crv_str == NULL) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); goto import_EC_cleanup; } - + // get the curve identifer for the curve named by crv cjose_jwk_ec_curve crv; if (!_ec_curve_from_name(crv_str, &crv, err)) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); goto import_EC_cleanup; - } + } // get the decoded value of the x coordinate size_t x_buflen = (size_t)_ec_size_for_curve(crv, err); - if (!_decode_json_object_base64url_attribute( - jwk_json, CJOSE_JWK_X_STR, &x_buffer, &x_buflen, err)) + if (!_decode_json_object_base64url_attribute(jwk_json, CJOSE_JWK_X_STR, &x_buffer, &x_buflen, err)) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); goto import_EC_cleanup; @@ -1414,8 +1356,7 @@ static cjose_jwk_t *_cjose_jwk_import_EC(json_t *jwk_json, cjose_err *err) // get the decoded value of the y coordinate size_t y_buflen = (size_t)_ec_size_for_curve(crv, err); - if (!_decode_json_object_base64url_attribute( - jwk_json, CJOSE_JWK_Y_STR, &y_buffer, &y_buflen, err)) + if (!_decode_json_object_base64url_attribute(jwk_json, CJOSE_JWK_Y_STR, &y_buffer, &y_buflen, err)) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); goto import_EC_cleanup; @@ -1423,8 +1364,7 @@ static cjose_jwk_t *_cjose_jwk_import_EC(json_t *jwk_json, cjose_err *err) // get the decoded value of the private key d size_t d_buflen = (size_t)_ec_size_for_curve(crv, err); - if (!_decode_json_object_base64url_attribute( - jwk_json, CJOSE_JWK_D_STR, &d_buffer, &d_buflen, err)) + if (!_decode_json_object_base64url_attribute(jwk_json, CJOSE_JWK_D_STR, &d_buffer, &d_buflen, err)) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); goto import_EC_cleanup; @@ -1444,7 +1384,7 @@ static cjose_jwk_t *_cjose_jwk_import_EC(json_t *jwk_json, cjose_err *err) // create the jwk jwk = cjose_jwk_create_EC_spec(&ec_keyspec, err); - import_EC_cleanup: +import_EC_cleanup: if (NULL != x_buffer) { cjose_get_dealloc()(x_buffer); @@ -1473,73 +1413,65 @@ static cjose_jwk_t *_cjose_jwk_import_RSA(json_t *jwk_json, cjose_err *err) uint8_t *dq_buffer = NULL; uint8_t *qi_buffer = NULL; - // get the decoded value of n (buflen = 0 means no particular expected len) + // get the decoded value of n (buflen = 0 means no particular expected len) size_t n_buflen = 0; - if (!_decode_json_object_base64url_attribute( - jwk_json, CJOSE_JWK_N_STR, &n_buffer, &n_buflen, err)) + if (!_decode_json_object_base64url_attribute(jwk_json, CJOSE_JWK_N_STR, &n_buffer, &n_buflen, err)) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); goto import_RSA_cleanup; } - // get the decoded value of e + // get the decoded value of e size_t e_buflen = 0; - if (!_decode_json_object_base64url_attribute( - jwk_json, CJOSE_JWK_E_STR, &e_buffer, &e_buflen, err)) + if (!_decode_json_object_base64url_attribute(jwk_json, CJOSE_JWK_E_STR, &e_buffer, &e_buflen, err)) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); goto import_RSA_cleanup; } - // get the decoded value of d + // get the decoded value of d size_t d_buflen = 0; - if (!_decode_json_object_base64url_attribute( - jwk_json, CJOSE_JWK_D_STR, &d_buffer, &d_buflen, err)) + if (!_decode_json_object_base64url_attribute(jwk_json, CJOSE_JWK_D_STR, &d_buffer, &d_buflen, err)) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); goto import_RSA_cleanup; } - // get the decoded value of p + // get the decoded value of p size_t p_buflen = 0; - if (!_decode_json_object_base64url_attribute( - jwk_json, CJOSE_JWK_P_STR, &p_buffer, &p_buflen, err)) + if (!_decode_json_object_base64url_attribute(jwk_json, CJOSE_JWK_P_STR, &p_buffer, &p_buflen, err)) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); goto import_RSA_cleanup; } - // get the decoded value of q + // get the decoded value of q size_t q_buflen = 0; - if (!_decode_json_object_base64url_attribute( - jwk_json, CJOSE_JWK_Q_STR, &q_buffer, &q_buflen, err)) + if (!_decode_json_object_base64url_attribute(jwk_json, CJOSE_JWK_Q_STR, &q_buffer, &q_buflen, err)) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); goto import_RSA_cleanup; } - // get the decoded value of dp + // get the decoded value of dp size_t dp_buflen = 0; - if (!_decode_json_object_base64url_attribute( - jwk_json, CJOSE_JWK_DP_STR, &dp_buffer, &dp_buflen, err)) + if (!_decode_json_object_base64url_attribute(jwk_json, CJOSE_JWK_DP_STR, &dp_buffer, &dp_buflen, err)) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); goto import_RSA_cleanup; } - // get the decoded value of dq + // get the decoded value of dq size_t dq_buflen = 0; - if (!_decode_json_object_base64url_attribute( - jwk_json, CJOSE_JWK_DQ_STR, &dq_buffer, &dq_buflen, err)) + if (!_decode_json_object_base64url_attribute(jwk_json, CJOSE_JWK_DQ_STR, &dq_buffer, &dq_buflen, err)) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); goto import_RSA_cleanup; } - // get the decoded value of qi + // get the decoded value of qi size_t qi_buflen = 0; - if (!_decode_json_object_base64url_attribute( - jwk_json, CJOSE_JWK_QI_STR, &qi_buffer, &qi_buflen, err)) + if (!_decode_json_object_base64url_attribute(jwk_json, CJOSE_JWK_QI_STR, &qi_buffer, &qi_buflen, err)) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); goto import_RSA_cleanup; @@ -1568,7 +1500,7 @@ static cjose_jwk_t *_cjose_jwk_import_RSA(json_t *jwk_json, cjose_err *err) // create the jwk jwk = cjose_jwk_create_RSA_spec(&rsa_keyspec, err); - import_RSA_cleanup: +import_RSA_cleanup: cjose_get_dealloc()(n_buffer); cjose_get_dealloc()(e_buffer); cjose_get_dealloc()(d_buffer); @@ -1586,10 +1518,9 @@ static cjose_jwk_t *_cjose_jwk_import_oct(json_t *jwk_json, cjose_err *err) cjose_jwk_t *jwk = NULL; uint8_t *k_buffer = NULL; - // get the decoded value of k (buflen = 0 means no particular expected len) + // get the decoded value of k (buflen = 0 means no particular expected len) size_t k_buflen = 0; - if (!_decode_json_object_base64url_attribute( - jwk_json, CJOSE_JWK_K_STR, &k_buffer, &k_buflen, err)) + if (!_decode_json_object_base64url_attribute(jwk_json, CJOSE_JWK_K_STR, &k_buffer, &k_buflen, err)) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); goto import_oct_cleanup; @@ -1598,7 +1529,7 @@ static cjose_jwk_t *_cjose_jwk_import_oct(json_t *jwk_json, cjose_err *err) // create the jwk jwk = cjose_jwk_create_oct_spec(k_buffer, k_buflen, err); - import_oct_cleanup: +import_oct_cleanup: if (NULL != k_buffer) { cjose_get_dealloc()(k_buffer); @@ -1607,9 +1538,9 @@ static cjose_jwk_t *_cjose_jwk_import_oct(json_t *jwk_json, cjose_err *err) return jwk; } -cjose_jwk_t *cjose_jwk_import(const char *jwk_str, size_t len, cjose_err *err) +cjose_jwk_t *cjose_jwk_import(const char *jwk_str, size_t len, cjose_err *err) { - cjose_jwk_t *jwk= NULL; + cjose_jwk_t *jwk = NULL; // check params if ((NULL == jwk_str) || (0 == len)) @@ -1626,13 +1557,12 @@ cjose_jwk_t *cjose_jwk_import(const char *jwk_str, size_t len, cjose_err *err) } // get the string value of the kty attribute of the jwk - const char *kty_str = - _get_json_object_string_attribute(jwk_json, CJOSE_JWK_KTY_STR, err); + const char *kty_str = _get_json_object_string_attribute(jwk_json, CJOSE_JWK_KTY_STR, err); if (NULL == kty_str) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); goto import_cleanup; - } + } // get kty corresponding to kty_str (kty is required) cjose_jwk_kty_t kty; @@ -1641,25 +1571,25 @@ cjose_jwk_t *cjose_jwk_import(const char *jwk_str, size_t len, cjose_err *err) CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); goto import_cleanup; } - + // create a cjose_jwt_t based on the kty switch (kty) { - case CJOSE_JWK_KTY_EC: - jwk = _cjose_jwk_import_EC(jwk_json, err); - break; + case CJOSE_JWK_KTY_EC: + jwk = _cjose_jwk_import_EC(jwk_json, err); + break; - case CJOSE_JWK_KTY_RSA: - jwk = _cjose_jwk_import_RSA(jwk_json, err); - break; + case CJOSE_JWK_KTY_RSA: + jwk = _cjose_jwk_import_RSA(jwk_json, err); + break; - case CJOSE_JWK_KTY_OCT: - jwk = _cjose_jwk_import_oct(jwk_json, err); - break; + case CJOSE_JWK_KTY_OCT: + jwk = _cjose_jwk_import_oct(jwk_json, err); + break; - default: - CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); - goto import_cleanup; + default: + CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); + goto import_cleanup; } if (NULL == jwk) { @@ -1668,8 +1598,7 @@ cjose_jwk_t *cjose_jwk_import(const char *jwk_str, size_t len, cjose_err *err) } // get the value of the kid attribute (kid is optional) - const char *kid_str = - _get_json_object_string_attribute(jwk_json, CJOSE_JWK_KID_STR, err); + const char *kid_str = _get_json_object_string_attribute(jwk_json, CJOSE_JWK_KID_STR, err); if (kid_str != NULL) { jwk->kid = _cjose_strndup(kid_str, -1, err); @@ -1681,8 +1610,8 @@ cjose_jwk_t *cjose_jwk_import(const char *jwk_str, size_t len, cjose_err *err) } } - // poor man's "finally" - import_cleanup: +// poor man's "finally" +import_cleanup: if (NULL != jwk_json) { json_decref(jwk_json); @@ -1694,18 +1623,13 @@ cjose_jwk_t *cjose_jwk_import(const char *jwk_str, size_t len, cjose_err *err) //////////////// ECDH //////////////// // internal data & functions -- ECDH derivation -static bool _cjose_jwk_evp_key_from_ec_key( - cjose_jwk_t *jwk, EVP_PKEY **key, cjose_err *err) +static bool _cjose_jwk_evp_key_from_ec_key(cjose_jwk_t *jwk, EVP_PKEY **key, cjose_err *err) { // validate that the jwk is of type EC and we have a valid out-param - if (NULL == jwk || - CJOSE_JWK_KTY_EC != jwk->kty || - NULL == jwk->keydata || - NULL == key || - NULL != *key) + if (NULL == jwk || CJOSE_JWK_KTY_EC != jwk->kty || NULL == jwk->keydata || NULL == key || NULL != *key) { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); - goto _cjose_jwk_evp_key_from_ec_key_fail; + goto _cjose_jwk_evp_key_from_ec_key_fail; } // create a blank EVP_PKEY @@ -1717,8 +1641,7 @@ static bool _cjose_jwk_evp_key_from_ec_key( } // assign the EVP_PKEY to reference the jwk's internal EC_KEY structure - if (1 != EVP_PKEY_set1_EC_KEY( - *key, ((struct _ec_keydata_int *)(jwk->keydata))->key)) + if (1 != EVP_PKEY_set1_EC_KEY(*key, ((struct _ec_keydata_int *)(jwk->keydata))->key)) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); goto _cjose_jwk_evp_key_from_ec_key_fail; @@ -1727,8 +1650,8 @@ static bool _cjose_jwk_evp_key_from_ec_key( // happy path return true; - // fail path - _cjose_jwk_evp_key_from_ec_key_fail: +// fail path +_cjose_jwk_evp_key_from_ec_key_fail: EVP_PKEY_free(*key); *key = NULL; @@ -1736,20 +1659,12 @@ static bool _cjose_jwk_evp_key_from_ec_key( return false; } - -cjose_jwk_t *cjose_jwk_derive_ecdh_secret( - cjose_jwk_t *jwk_self, - cjose_jwk_t *jwk_peer, - cjose_err *err) +cjose_jwk_t *cjose_jwk_derive_ecdh_secret(cjose_jwk_t *jwk_self, cjose_jwk_t *jwk_peer, cjose_err *err) { return cjose_jwk_derive_ecdh_ephemeral_key(jwk_self, jwk_peer, err); } - -cjose_jwk_t *cjose_jwk_derive_ecdh_ephemeral_key( - cjose_jwk_t *jwk_self, - cjose_jwk_t *jwk_peer, - cjose_err *err) +cjose_jwk_t *cjose_jwk_derive_ecdh_ephemeral_key(cjose_jwk_t *jwk_self, cjose_jwk_t *jwk_peer, cjose_err *err) { EVP_PKEY_CTX *ctx = NULL; EVP_PKEY *pkey_self = NULL; @@ -1795,7 +1710,7 @@ cjose_jwk_t *cjose_jwk_derive_ecdh_ephemeral_key( } // determine buffer length for shared secret - if(1 != EVP_PKEY_derive(ctx, NULL, &secret_len)) + if (1 != EVP_PKEY_derive(ctx, NULL, &secret_len)) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); goto _cjose_jwk_derive_shared_secret_fail; @@ -1806,7 +1721,7 @@ cjose_jwk_t *cjose_jwk_derive_ecdh_ephemeral_key( if (NULL == secret) { CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY); - goto _cjose_jwk_derive_shared_secret_fail; + goto _cjose_jwk_derive_shared_secret_fail; } memset(secret, 0, secret_len); @@ -1814,24 +1729,23 @@ cjose_jwk_t *cjose_jwk_derive_ecdh_ephemeral_key( if (1 != (EVP_PKEY_derive(ctx, secret, &secret_len))) { CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY); - goto _cjose_jwk_derive_shared_secret_fail; + goto _cjose_jwk_derive_shared_secret_fail; } // HKDF of the DH shared secret (SHA256, no salt, no info, 256 bit expand) ephemeral_key_len = 32; ephemeral_key = (uint8_t *)cjose_get_alloc()(ephemeral_key_len); - if (!cjose_jwk_hkdf(EVP_sha256(), (uint8_t *)"", 0, (uint8_t *)"", 0, - secret, secret_len, ephemeral_key, ephemeral_key_len, err)) + if (!cjose_jwk_hkdf(EVP_sha256(), (uint8_t *)"", 0, (uint8_t *)"", 0, secret, secret_len, ephemeral_key, ephemeral_key_len, + err)) { - goto _cjose_jwk_derive_shared_secret_fail; + goto _cjose_jwk_derive_shared_secret_fail; } // create a JWK of the shared secret - jwk_ephemeral_key = cjose_jwk_create_oct_spec( - ephemeral_key, ephemeral_key_len, err); + jwk_ephemeral_key = cjose_jwk_create_oct_spec(ephemeral_key, ephemeral_key_len, err); if (NULL == jwk_ephemeral_key) { - goto _cjose_jwk_derive_shared_secret_fail; + goto _cjose_jwk_derive_shared_secret_fail; } // happy path @@ -1843,9 +1757,9 @@ cjose_jwk_t *cjose_jwk_derive_ecdh_ephemeral_key( return jwk_ephemeral_key; - // fail path - _cjose_jwk_derive_shared_secret_fail: - +// fail path +_cjose_jwk_derive_shared_secret_fail: + if (NULL != ctx) { EVP_PKEY_CTX_free(ctx); @@ -1867,20 +1781,20 @@ cjose_jwk_t *cjose_jwk_derive_ecdh_ephemeral_key( return NULL; } -bool cjose_jwk_hkdf( - const EVP_MD *md, - const uint8_t *salt, - size_t salt_len, - const uint8_t *info, - size_t info_len, - const uint8_t *ikm, - size_t ikm_len, - uint8_t *okm, - unsigned int okm_len, - cjose_err *err) +bool cjose_jwk_hkdf(const EVP_MD *md, + const uint8_t *salt, + size_t salt_len, + const uint8_t *info, + size_t info_len, + const uint8_t *ikm, + size_t ikm_len, + uint8_t *okm, + unsigned int okm_len, + cjose_err *err) { // current impl. is very limited: SHA256, 256 bit output, and no info - if ((EVP_sha256() != md) || (0 != info_len) || (32 != okm_len)) { + if ((EVP_sha256() != md) || (0 != info_len) || (32 != okm_len)) + { CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG); return false; } @@ -1889,7 +1803,7 @@ bool cjose_jwk_hkdf( unsigned int prk_len; unsigned char prk[EVP_MAX_MD_SIZE]; HMAC(md, salt, salt_len, ikm, ikm_len, prk, &prk_len); - + // HKDF-Expand, HMAC-SHA256(PRK,0x01) -> OKM const unsigned char t[] = { 0x01 }; HMAC(md, prk, prk_len, t, sizeof(t), okm, NULL); diff --git a/src/jws.c b/src/jws.c index 2aec22b..88e4289 100644 --- a/src/jws.c +++ b/src/jws.c @@ -5,7 +5,6 @@ * Copyright (c) 2014-2016 Cisco Systems, Inc. All Rights Reserved. */ - #include #include #include @@ -23,63 +22,29 @@ #include "include/header_int.h" #include "include/jws_int.h" - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jws_build_dig_sha( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err); - -static bool _cjose_jws_build_sig_ps( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err); - -static bool _cjose_jws_build_dig_hmac_sha( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err); - -static bool _cjose_jws_verify_sig_ps( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err); - -static bool _cjose_jws_build_sig_rs( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err); - -static bool _cjose_jws_verify_sig_rs( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err); - -static bool _cjose_jws_build_sig_hmac_sha( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err); - -static bool _cjose_jws_verify_sig_hmac_sha( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err); - -static bool _cjose_jws_build_sig_ec( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err); - -static bool _cjose_jws_verify_sig_ec( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err); +static bool _cjose_jws_build_dig_sha(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err); + +static bool _cjose_jws_build_sig_ps(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err); + +static bool _cjose_jws_build_dig_hmac_sha(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err); + +static bool _cjose_jws_verify_sig_ps(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err); + +static bool _cjose_jws_build_sig_rs(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err); + +static bool _cjose_jws_verify_sig_rs(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err); + +static bool _cjose_jws_build_sig_hmac_sha(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err); + +static bool _cjose_jws_verify_sig_hmac_sha(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err); + +static bool _cjose_jws_build_sig_ec(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err); + +static bool _cjose_jws_verify_sig_ec(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err); //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jws_build_hdr( - cjose_jws_t *jws, - cjose_header_t *header, - cjose_err *err) +static bool _cjose_jws_build_hdr(cjose_jws_t *jws, cjose_header_t *header, cjose_err *err) { // save header object as part of the JWS (and incr. refcount) jws->hdr = (json_t *)header; @@ -92,22 +57,18 @@ static bool _cjose_jws_build_hdr( CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY); return false; } - if (!cjose_base64url_encode((const uint8_t *)hdr_str, strlen(hdr_str), - &jws->hdr_b64u, &jws->hdr_b64u_len, err)) + if (!cjose_base64url_encode((const uint8_t *)hdr_str, strlen(hdr_str), &jws->hdr_b64u, &jws->hdr_b64u_len, err)) { free(hdr_str); - return false; + return false; } free(hdr_str); - + return true; } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jws_validate_hdr( - cjose_jws_t *jws, - cjose_err *err) +static bool _cjose_jws_validate_hdr(cjose_jws_t *jws, cjose_err *err) { // make sure we have an alg header json_t *alg_obj = json_object_get(jws->hdr, CJOSE_HDR_ALG); @@ -118,25 +79,29 @@ static bool _cjose_jws_validate_hdr( } const char *alg = json_string_value(alg_obj); - if ((strcmp(alg, CJOSE_HDR_ALG_PS256) == 0) || (strcmp(alg, CJOSE_HDR_ALG_PS384) == 0) || (strcmp(alg, CJOSE_HDR_ALG_PS512) == 0)) + if ((strcmp(alg, CJOSE_HDR_ALG_PS256) == 0) || (strcmp(alg, CJOSE_HDR_ALG_PS384) == 0) + || (strcmp(alg, CJOSE_HDR_ALG_PS512) == 0)) { jws->fns.digest = _cjose_jws_build_dig_sha; jws->fns.sign = _cjose_jws_build_sig_ps; jws->fns.verify = _cjose_jws_verify_sig_ps; } - else if ((strcmp(alg, CJOSE_HDR_ALG_RS256) == 0) || (strcmp(alg, CJOSE_HDR_ALG_RS384) == 0) || (strcmp(alg, CJOSE_HDR_ALG_RS512) == 0)) + else if ((strcmp(alg, CJOSE_HDR_ALG_RS256) == 0) || (strcmp(alg, CJOSE_HDR_ALG_RS384) == 0) + || (strcmp(alg, CJOSE_HDR_ALG_RS512) == 0)) { jws->fns.digest = _cjose_jws_build_dig_sha; jws->fns.sign = _cjose_jws_build_sig_rs; jws->fns.verify = _cjose_jws_verify_sig_rs; } - else if ((strcmp(alg, CJOSE_HDR_ALG_HS256) == 0) || (strcmp(alg, CJOSE_HDR_ALG_HS384) == 0) || (strcmp(alg, CJOSE_HDR_ALG_HS512) == 0)) + else if ((strcmp(alg, CJOSE_HDR_ALG_HS256) == 0) || (strcmp(alg, CJOSE_HDR_ALG_HS384) == 0) + || (strcmp(alg, CJOSE_HDR_ALG_HS512) == 0)) { jws->fns.digest = _cjose_jws_build_dig_hmac_sha; jws->fns.sign = _cjose_jws_build_sig_hmac_sha; jws->fns.verify = _cjose_jws_verify_sig_hmac_sha; } - else if ((strcmp(alg, CJOSE_HDR_ALG_ES256) == 0) || (strcmp(alg, CJOSE_HDR_ALG_ES384) == 0) || (strcmp(alg, CJOSE_HDR_ALG_ES512) == 0)) + else if ((strcmp(alg, CJOSE_HDR_ALG_ES256) == 0) || (strcmp(alg, CJOSE_HDR_ALG_ES384) == 0) + || (strcmp(alg, CJOSE_HDR_ALG_ES512) == 0)) { jws->fns.digest = _cjose_jws_build_dig_sha; jws->fns.sign = _cjose_jws_build_sig_ec; @@ -151,13 +116,8 @@ static bool _cjose_jws_validate_hdr( return true; } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jws_build_dat( - cjose_jws_t *jws, - const uint8_t *plaintext, - size_t plaintext_len, - cjose_err *err) +static bool _cjose_jws_build_dat(cjose_jws_t *jws, const uint8_t *plaintext, size_t plaintext_len, cjose_err *err) { // copy plaintext data jws->dat_len = plaintext_len; @@ -170,8 +130,7 @@ static bool _cjose_jws_build_dat( memcpy(jws->dat, plaintext, jws->dat_len); // base64url encode data - if (!cjose_base64url_encode((const uint8_t *)plaintext, - plaintext_len, &jws->dat_b64u, &jws->dat_b64u_len, err)) + if (!cjose_base64url_encode((const uint8_t *)plaintext, plaintext_len, &jws->dat_b64u, &jws->dat_b64u_len, err)) { return false; } @@ -179,12 +138,8 @@ static bool _cjose_jws_build_dat( return true; } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jws_build_dig_sha( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err) +static bool _cjose_jws_build_dig_sha(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err) { bool retval = false; EVP_MD_CTX *ctx = NULL; @@ -200,12 +155,15 @@ static bool _cjose_jws_build_dig_sha( // build digest using SHA-256/384/512 digest algorithm const EVP_MD *digest_alg = NULL; - if ((strcmp(alg, CJOSE_HDR_ALG_RS256) == 0) || (strcmp(alg, CJOSE_HDR_ALG_PS256) == 0) || (strcmp(alg, CJOSE_HDR_ALG_ES256) == 0)) - digest_alg = EVP_sha256(); - else if ((strcmp(alg, CJOSE_HDR_ALG_RS384) == 0) || (strcmp(alg, CJOSE_HDR_ALG_PS384) == 0) || (strcmp(alg, CJOSE_HDR_ALG_ES384) == 0)) - digest_alg = EVP_sha384(); - else if ((strcmp(alg, CJOSE_HDR_ALG_RS512) == 0) || (strcmp(alg, CJOSE_HDR_ALG_PS512) == 0) || (strcmp(alg, CJOSE_HDR_ALG_ES512) == 0)) - digest_alg = EVP_sha512(); + if ((strcmp(alg, CJOSE_HDR_ALG_RS256) == 0) || (strcmp(alg, CJOSE_HDR_ALG_PS256) == 0) + || (strcmp(alg, CJOSE_HDR_ALG_ES256) == 0)) + digest_alg = EVP_sha256(); + else if ((strcmp(alg, CJOSE_HDR_ALG_RS384) == 0) || (strcmp(alg, CJOSE_HDR_ALG_PS384) == 0) + || (strcmp(alg, CJOSE_HDR_ALG_ES384) == 0)) + digest_alg = EVP_sha384(); + else if ((strcmp(alg, CJOSE_HDR_ALG_RS512) == 0) || (strcmp(alg, CJOSE_HDR_ALG_PS512) == 0) + || (strcmp(alg, CJOSE_HDR_ALG_ES512) == 0)) + digest_alg = EVP_sha512(); if (NULL == digest_alg) { @@ -261,7 +219,7 @@ static bool _cjose_jws_build_dig_sha( // if we got this far - success retval = true; - _cjose_jws_build_dig_sha_cleanup: +_cjose_jws_build_dig_sha_cleanup: if (NULL != ctx) { EVP_MD_CTX_destroy(ctx); @@ -271,10 +229,7 @@ static bool _cjose_jws_build_dig_sha( } //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jws_build_dig_hmac_sha( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err) +static bool _cjose_jws_build_dig_hmac_sha(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err) { bool retval = false; HMAC_CTX *ctx = NULL; @@ -291,11 +246,11 @@ static bool _cjose_jws_build_dig_hmac_sha( // build digest using SHA-256/384/512 digest algorithm const EVP_MD *digest_alg = NULL; if (strcmp(alg, CJOSE_HDR_ALG_HS256) == 0) - digest_alg = EVP_sha256(); + digest_alg = EVP_sha256(); else if (strcmp(alg, CJOSE_HDR_ALG_HS384) == 0) - digest_alg = EVP_sha384(); + digest_alg = EVP_sha384(); else if (strcmp(alg, CJOSE_HDR_ALG_HS512) == 0) - digest_alg = EVP_sha512(); + digest_alg = EVP_sha512(); if (NULL == digest_alg) { @@ -312,7 +267,7 @@ static bool _cjose_jws_build_dig_hmac_sha( goto _cjose_jws_build_dig_hmac_sha_cleanup; } - // instantiate and initialize a new mac digest context +// instantiate and initialize a new mac digest context #if (CJOSE_OPENSSL_11X) ctx = HMAC_CTX_new(); #else @@ -358,14 +313,14 @@ static bool _cjose_jws_build_dig_hmac_sha( // if we got this far - success retval = true; - _cjose_jws_build_dig_hmac_sha_cleanup: +_cjose_jws_build_dig_hmac_sha_cleanup: if (NULL != ctx) { #if (CJOSE_OPENSSL_11X) HMAC_CTX_free(ctx); #else - HMAC_CTX_cleanup(ctx); - cjose_get_dealloc()(ctx); + HMAC_CTX_cleanup(ctx); + cjose_get_dealloc()(ctx); #endif } @@ -373,10 +328,7 @@ static bool _cjose_jws_build_dig_hmac_sha( } //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jws_build_sig_ps( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err) +static bool _cjose_jws_build_sig_ps(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err) { bool retval = false; uint8_t *em = NULL; @@ -409,11 +361,11 @@ static bool _cjose_jws_build_sig_ps( // build digest using SHA-256/384/512 digest algorithm const EVP_MD *digest_alg = NULL; if (strcmp(alg, CJOSE_HDR_ALG_PS256) == 0) - digest_alg = EVP_sha256(); + digest_alg = EVP_sha256(); else if (strcmp(alg, CJOSE_HDR_ALG_PS384) == 0) - digest_alg = EVP_sha384(); + digest_alg = EVP_sha384(); else if (strcmp(alg, CJOSE_HDR_ALG_PS512) == 0) - digest_alg = EVP_sha512(); + digest_alg = EVP_sha512(); if (NULL == digest_alg) { @@ -430,8 +382,7 @@ static bool _cjose_jws_build_sig_ps( CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY); goto _cjose_jws_build_sig_ps_cleanup; } - if (RSA_padding_add_PKCS1_PSS((RSA *)jwk->keydata, - em, jws->dig, digest_alg, -1) != 1) + if (RSA_padding_add_PKCS1_PSS((RSA *)jwk->keydata, em, jws->dig, digest_alg, -1) != 1) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); goto _cjose_jws_build_sig_ps_cleanup; @@ -446,16 +397,14 @@ static bool _cjose_jws_build_sig_ps( goto _cjose_jws_build_sig_ps_cleanup; } - if (RSA_private_encrypt(em_len, em, jws->sig, - (RSA *)jwk->keydata, RSA_NO_PADDING) != jws->sig_len) + if (RSA_private_encrypt(em_len, em, jws->sig, (RSA *)jwk->keydata, RSA_NO_PADDING) != jws->sig_len) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); goto _cjose_jws_build_sig_ps_cleanup; } // base64url encode signed digest - if (!cjose_base64url_encode((const uint8_t *)jws->sig, jws->sig_len, - &jws->sig_b64u, &jws->sig_b64u_len, err)) + if (!cjose_base64url_encode((const uint8_t *)jws->sig, jws->sig_len, &jws->sig_b64u, &jws->sig_b64u_len, err)) { goto _cjose_jws_build_sig_ps_cleanup; } @@ -463,18 +412,14 @@ static bool _cjose_jws_build_sig_ps( // if we got this far - success retval = true; - _cjose_jws_build_sig_ps_cleanup: +_cjose_jws_build_sig_ps_cleanup: cjose_get_dealloc()(em); return retval; } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jws_build_sig_rs( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err) +static bool _cjose_jws_build_sig_rs(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err) { // ensure jwk is private RSA if (jwk->kty != CJOSE_JWK_KTY_RSA) @@ -499,7 +444,7 @@ static bool _cjose_jws_build_sig_rs( CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY); return false; } - + // make sure we have an alg header json_t *alg_obj = json_object_get(jws->hdr, CJOSE_HDR_ALG); if (NULL == alg_obj) @@ -512,26 +457,25 @@ static bool _cjose_jws_build_sig_rs( // build digest using SHA-256/384/512 digest algorithm int digest_alg = -1; if (strcmp(alg, CJOSE_HDR_ALG_RS256) == 0) - digest_alg = NID_sha256; + digest_alg = NID_sha256; else if (strcmp(alg, CJOSE_HDR_ALG_RS384) == 0) - digest_alg = NID_sha384; + digest_alg = NID_sha384; else if (strcmp(alg, CJOSE_HDR_ALG_RS512) == 0) - digest_alg = NID_sha512; + digest_alg = NID_sha512; if (-1 == digest_alg) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); return false; } - if (RSA_sign(digest_alg, jws->dig, jws->dig_len, jws->sig, (unsigned int *)&jws->sig_len, (RSA *)jwk->keydata) != 1) + if (RSA_sign(digest_alg, jws->dig, jws->dig_len, jws->sig, (unsigned int *)&jws->sig_len, (RSA *)jwk->keydata) != 1) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); return false; } - + // base64url encode signed digest - if (!cjose_base64url_encode((const uint8_t *)jws->sig, jws->sig_len, - &jws->sig_b64u, &jws->sig_b64u_len, err)) + if (!cjose_base64url_encode((const uint8_t *)jws->sig, jws->sig_len, &jws->sig_b64u, &jws->sig_b64u_len, err)) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); return false; @@ -540,10 +484,7 @@ static bool _cjose_jws_build_sig_rs( return true; } -static bool _cjose_jws_build_sig_hmac_sha( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err) +static bool _cjose_jws_build_sig_hmac_sha(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err) { // ensure jwk is OCT if (jwk->kty != CJOSE_JWK_KTY_OCT) @@ -564,8 +505,7 @@ static bool _cjose_jws_build_sig_hmac_sha( memcpy(jws->sig, jws->dig, jws->sig_len); // base64url encode signed digest - if (!cjose_base64url_encode((const uint8_t *)jws->sig, jws->sig_len, - &jws->sig_b64u, &jws->sig_b64u_len, err)) + if (!cjose_base64url_encode((const uint8_t *)jws->sig, jws->sig_len, &jws->sig_b64u, &jws->sig_b64u_len, err)) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); return false; @@ -575,10 +515,7 @@ static bool _cjose_jws_build_sig_hmac_sha( } //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jws_build_sig_ec( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err) +static bool _cjose_jws_build_sig_ec(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err) { bool retval = false; @@ -589,8 +526,8 @@ static bool _cjose_jws_build_sig_ec( return false; } - ec_keydata *keydata = (ec_keydata *)jwk->keydata; - EC_KEY *ec = keydata->key; + ec_keydata *keydata = (ec_keydata *)jwk->keydata; + EC_KEY *ec = keydata->key; ECDSA_SIG *ecdsa_sig = ECDSA_do_sign(jws->dig, jws->dig_len, ec); if (NULL == ecdsa_sig) @@ -600,16 +537,17 @@ static bool _cjose_jws_build_sig_ec( } // allocate buffer for signature - switch (keydata->crv) { - case CJOSE_JWK_EC_P_256: - jws->sig_len = 32 * 2; - break; - case CJOSE_JWK_EC_P_384: - jws->sig_len = 48 * 2; - break; - case CJOSE_JWK_EC_P_521: - jws->sig_len = 66 * 2; - break; + switch (keydata->crv) + { + case CJOSE_JWK_EC_P_256: + jws->sig_len = 32 * 2; + break; + case CJOSE_JWK_EC_P_384: + jws->sig_len = 48 * 2; + break; + case CJOSE_JWK_EC_P_521: + jws->sig_len = 66 * 2; + break; } jws->sig = (uint8_t *)cjose_get_alloc()(jws->sig_len); @@ -635,8 +573,7 @@ static bool _cjose_jws_build_sig_ec( BN_bn2bin(ps, jws->sig + jws->sig_len - slen); // base64url encode signed digest - if (!cjose_base64url_encode((const uint8_t *)jws->sig, jws->sig_len, - &jws->sig_b64u, &jws->sig_b64u_len, err)) + if (!cjose_base64url_encode((const uint8_t *)jws->sig, jws->sig_len, &jws->sig_b64u, &jws->sig_b64u_len, err)) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); goto _cjose_jws_build_sig_ec_cleanup; @@ -644,7 +581,7 @@ static bool _cjose_jws_build_sig_ec( retval = true; - _cjose_jws_build_sig_ec_cleanup: +_cjose_jws_build_sig_ec_cleanup: if (ecdsa_sig) ECDSA_SIG_free(ecdsa_sig); @@ -652,21 +589,16 @@ static bool _cjose_jws_build_sig_ec( } //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jws_build_cser( - cjose_jws_t *jws, - cjose_err *err) +static bool _cjose_jws_build_cser(cjose_jws_t *jws, cjose_err *err) { // both sign and import should be setting these - but check just in case - if (NULL == jws->hdr_b64u || - NULL == jws->dat_b64u || - NULL == jws->sig_b64u) + if (NULL == jws->hdr_b64u || NULL == jws->dat_b64u || NULL == jws->sig_b64u) { return false; } // compute length of compact serialization - jws->cser_len = - jws->hdr_b64u_len + jws->dat_b64u_len + jws->sig_b64u_len + 3; + jws->cser_len = jws->hdr_b64u_len + jws->dat_b64u_len + jws->sig_b64u_len + 3; // allocate buffer for compact serialization assert(NULL == jws->cser); @@ -678,20 +610,14 @@ static bool _cjose_jws_build_cser( } // build the compact serialization - snprintf(jws->cser, jws->cser_len, "%s.%s.%s", - jws->hdr_b64u, jws->dat_b64u, jws->sig_b64u); + snprintf(jws->cser, jws->cser_len, "%s.%s.%s", jws->hdr_b64u, jws->dat_b64u, jws->sig_b64u); return true; } - //////////////////////////////////////////////////////////////////////////////// cjose_jws_t *cjose_jws_sign( - const cjose_jwk_t *jwk, - cjose_header_t *protected_header, - const uint8_t *plaintext, - size_t plaintext_len, - cjose_err *err) + const cjose_jwk_t *jwk, cjose_header_t *protected_header, const uint8_t *plaintext, size_t plaintext_len, cjose_err *err) { cjose_jws_t *jws = NULL; @@ -755,7 +681,6 @@ cjose_jws_t *cjose_jws_sign( return jws; } - //////////////////////////////////////////////////////////////////////////////// void cjose_jws_release(cjose_jws_t *jws) { @@ -779,12 +704,8 @@ void cjose_jws_release(cjose_jws_t *jws) cjose_get_dealloc()(jws); } - //////////////////////////////////////////////////////////////////////////////// -bool cjose_jws_export( - cjose_jws_t *jws, - const char **compact, - cjose_err *err) +bool cjose_jws_export(cjose_jws_t *jws, const char **compact, cjose_err *err) { if (NULL == jws || NULL == compact) { @@ -801,13 +722,8 @@ bool cjose_jws_export( return true; } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jws_strcpy( - char **dst, - const char *src, - int len, - cjose_err *err) +static bool _cjose_jws_strcpy(char **dst, const char *src, int len, cjose_err *err) { *dst = (char *)cjose_get_alloc()(len + 1); if (NULL == dst) @@ -822,12 +738,8 @@ static bool _cjose_jws_strcpy( return true; } - //////////////////////////////////////////////////////////////////////////////// -cjose_jws_t *cjose_jws_import( - const char *cser, - size_t cser_len, - cjose_err *err) +cjose_jws_t *cjose_jws_import(const char *cser, size_t cser_len, cjose_err *err) { cjose_jws_t *jws = NULL; size_t len = 0; @@ -870,12 +782,10 @@ cjose_jws_t *cjose_jws_import( uint8_t *hdr_str = NULL; jws->hdr_b64u_len = d[0]; _cjose_jws_strcpy(&jws->hdr_b64u, cser, jws->hdr_b64u_len, err); - if (!cjose_base64url_decode( - jws->hdr_b64u, jws->hdr_b64u_len, &hdr_str, &len, err) || - NULL == hdr_str) + if (!cjose_base64url_decode(jws->hdr_b64u, jws->hdr_b64u_len, &hdr_str, &len, err) || NULL == hdr_str) { cjose_jws_release(jws); - return NULL; + return NULL; } // deserialize JSON header @@ -910,8 +820,7 @@ cjose_jws_t *cjose_jws_import( // copy and b64u decode data segment jws->dat_b64u_len = d[1] - d[0] - 1; _cjose_jws_strcpy(&jws->dat_b64u, cser + d[0] + 1, jws->dat_b64u_len, err); - if (!cjose_base64url_decode( - jws->dat_b64u, jws->dat_b64u_len, &jws->dat, &jws->dat_len, err)) + if (!cjose_base64url_decode(jws->dat_b64u, jws->dat_b64u_len, &jws->dat, &jws->dat_len, err)) { cjose_jws_release(jws); return NULL; @@ -920,8 +829,7 @@ cjose_jws_t *cjose_jws_import( // copy and b64u decode signature segment jws->sig_b64u_len = cser_len - d[1] - 1; _cjose_jws_strcpy(&jws->sig_b64u, cser + d[1] + 1, jws->sig_b64u_len, err); - if (!cjose_base64url_decode( - jws->sig_b64u, jws->sig_b64u_len, &jws->sig, &jws->sig_len, err)) + if (!cjose_base64url_decode(jws->sig_b64u, jws->sig_b64u_len, &jws->sig, &jws->sig_len, err)) { cjose_jws_release(jws); return NULL; @@ -930,12 +838,8 @@ cjose_jws_t *cjose_jws_import( return jws; } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jws_verify_sig_ps( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err) +static bool _cjose_jws_verify_sig_ps(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err) { bool retval = false; uint8_t *em = NULL; @@ -960,11 +864,11 @@ static bool _cjose_jws_verify_sig_ps( // build digest using SHA-256/384/512 digest algorithm const EVP_MD *digest_alg = NULL; if (strcmp(alg, CJOSE_HDR_ALG_PS256) == 0) - digest_alg = EVP_sha256(); + digest_alg = EVP_sha256(); else if (strcmp(alg, CJOSE_HDR_ALG_PS384) == 0) - digest_alg = EVP_sha384(); + digest_alg = EVP_sha384(); else if (strcmp(alg, CJOSE_HDR_ALG_PS512) == 0) - digest_alg = EVP_sha512(); + digest_alg = EVP_sha512(); if (NULL == digest_alg) { @@ -982,36 +886,30 @@ static bool _cjose_jws_verify_sig_ps( } // decrypt signature - if (RSA_public_decrypt(jws->sig_len, jws->sig, em, - (RSA *)jwk->keydata, RSA_NO_PADDING) != em_len) + if (RSA_public_decrypt(jws->sig_len, jws->sig, em, (RSA *)jwk->keydata, RSA_NO_PADDING) != em_len) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); goto _cjose_jws_verify_sig_ps_cleanup; } // verify decrypted signature data against PSS encoded digest - if (RSA_verify_PKCS1_PSS( - (RSA *)jwk->keydata, jws->dig, digest_alg, em, -1) != 1) + if (RSA_verify_PKCS1_PSS((RSA *)jwk->keydata, jws->dig, digest_alg, em, -1) != 1) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); goto _cjose_jws_verify_sig_ps_cleanup; } - + // if we got this far - success retval = true; - _cjose_jws_verify_sig_ps_cleanup: +_cjose_jws_verify_sig_ps_cleanup: cjose_get_dealloc()(em); return retval; } - //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jws_verify_sig_rs( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err) +static bool _cjose_jws_verify_sig_rs(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err) { bool retval = false; @@ -1034,18 +932,18 @@ static bool _cjose_jws_verify_sig_rs( // build digest using SHA-256/384/512 digest algorithm int digest_alg = -1; if (strcmp(alg, CJOSE_HDR_ALG_RS256) == 0) - digest_alg = NID_sha256; + digest_alg = NID_sha256; else if (strcmp(alg, CJOSE_HDR_ALG_RS384) == 0) - digest_alg = NID_sha384; + digest_alg = NID_sha384; else if (strcmp(alg, CJOSE_HDR_ALG_RS512) == 0) - digest_alg = NID_sha512; + digest_alg = NID_sha512; if (-1 == digest_alg) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); goto _cjose_jws_verify_sig_rs_cleanup; } - if (RSA_verify(digest_alg, jws->dig, jws->dig_len, jws->sig, jws->sig_len, (RSA *)jwk->keydata) != 1) + if (RSA_verify(digest_alg, jws->dig, jws->dig_len, jws->sig, jws->sig_len, (RSA *)jwk->keydata) != 1) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); goto _cjose_jws_verify_sig_rs_cleanup; @@ -1054,16 +952,13 @@ static bool _cjose_jws_verify_sig_rs( // if we got this far - success retval = true; - _cjose_jws_verify_sig_rs_cleanup: +_cjose_jws_verify_sig_rs_cleanup: return retval; } //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jws_verify_sig_hmac_sha( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err) +static bool _cjose_jws_verify_sig_hmac_sha(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err) { bool retval = false; @@ -1075,8 +970,7 @@ static bool _cjose_jws_verify_sig_hmac_sha( } // verify decrypted digest matches computed digest - if ((cjose_const_memcmp(jws->dig, jws->sig, jws->dig_len) != 0) || - (jws->sig_len != jws->dig_len)) + if ((cjose_const_memcmp(jws->dig, jws->sig, jws->dig_len) != 0) || (jws->sig_len != jws->dig_len)) { CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); goto _cjose_jws_verify_sig_hmac_sha_cleanup; @@ -1085,16 +979,13 @@ static bool _cjose_jws_verify_sig_hmac_sha( // if we got this far - success retval = true; - _cjose_jws_verify_sig_hmac_sha_cleanup: +_cjose_jws_verify_sig_hmac_sha_cleanup: return retval; } //////////////////////////////////////////////////////////////////////////////// -static bool _cjose_jws_verify_sig_ec( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err) +static bool _cjose_jws_verify_sig_ec(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err) { bool retval = false; @@ -1105,8 +996,8 @@ static bool _cjose_jws_verify_sig_ec( return false; } - ec_keydata *keydata = (ec_keydata *)jwk->keydata; - EC_KEY *ec = keydata->key; + ec_keydata *keydata = (ec_keydata *)jwk->keydata; + EC_KEY *ec = keydata->key; ECDSA_SIG *ecdsa_sig = ECDSA_SIG_new(); int key_len = jws->sig_len / 2; @@ -1130,7 +1021,7 @@ static bool _cjose_jws_verify_sig_ec( // if we got this far - success retval = true; - _cjose_jws_verify_sig_ec_cleanup: +_cjose_jws_verify_sig_ec_cleanup: if (ecdsa_sig) ECDSA_SIG_free(ecdsa_sig); @@ -1138,10 +1029,7 @@ static bool _cjose_jws_verify_sig_ec( } //////////////////////////////////////////////////////////////////////////////// -bool cjose_jws_verify( - cjose_jws_t *jws, - const cjose_jwk_t *jwk, - cjose_err *err) +bool cjose_jws_verify(cjose_jws_t *jws, const cjose_jwk_t *jwk, cjose_err *err) { if (NULL == jws || NULL == jwk) { @@ -1170,13 +1058,8 @@ bool cjose_jws_verify( return true; } - //////////////////////////////////////////////////////////////////////////////// -bool cjose_jws_get_plaintext( - const cjose_jws_t *jws, - uint8_t **plaintext, - size_t *plaintext_len, - cjose_err *err) +bool cjose_jws_get_plaintext(const cjose_jws_t *jws, uint8_t **plaintext, size_t *plaintext_len, cjose_err *err) { if (NULL == jws || NULL == plaintext || NULL == jws->dat) { @@ -1191,8 +1074,7 @@ bool cjose_jws_get_plaintext( } //////////////////////////////////////////////////////////////////////////////// -cjose_header_t *cjose_jws_get_protected( - cjose_jws_t *jws) +cjose_header_t *cjose_jws_get_protected(cjose_jws_t *jws) { if (NULL == jws) { diff --git a/src/util.c b/src/util.c index e60245b..8a59daf 100644 --- a/src/util.c +++ b/src/util.c @@ -1,9 +1,9 @@ - /*! - * Copyrights - * - * Portions created or assigned to Cisco Systems, Inc. are - * Copyright (c) 2014-2016 Cisco Systems, Inc. All Rights Reserved. - */ +/*! +* Copyrights +* +* Portions created or assigned to Cisco Systems, Inc. are +* Copyright (c) 2014-2016 Cisco Systems, Inc. All Rights Reserved. +*/ #include "include/util_int.h" @@ -21,38 +21,29 @@ static cjose_alloc3_fn_t _alloc3; static cjose_realloc3_fn_t _realloc3; static cjose_dealloc3_fn_t _dealloc3; -void *cjose_alloc_wrapped(size_t n) -{ - return cjose_get_alloc3()(n, __FILE__, __LINE__); -} -void *cjose_realloc_wrapped(void *p, size_t n) -{ - return cjose_get_realloc3()(p, n, __FILE__, __LINE__); -} -void cjose_dealloc_wrapped(void *p) -{ - cjose_get_dealloc3()(p, __FILE__, __LINE__); -} +void *cjose_alloc_wrapped(size_t n) { return cjose_get_alloc3()(n, __FILE__, __LINE__); } +void *cjose_realloc_wrapped(void *p, size_t n) { return cjose_get_realloc3()(p, n, __FILE__, __LINE__); } +void cjose_dealloc_wrapped(void *p) { cjose_get_dealloc3()(p, __FILE__, __LINE__); } void *cjose_alloc3_default(size_t n, const char *file, int line) { - CJOSE_UNUSED_PARAM(file); - CJOSE_UNUSED_PARAM(line); - return cjose_get_alloc()(n); + CJOSE_UNUSED_PARAM(file); + CJOSE_UNUSED_PARAM(line); + return cjose_get_alloc()(n); } void *cjose_realloc3_default(void *p, size_t n, const char *file, int line) { - CJOSE_UNUSED_PARAM(file); - CJOSE_UNUSED_PARAM(line); - return cjose_get_realloc()(p, n); + CJOSE_UNUSED_PARAM(file); + CJOSE_UNUSED_PARAM(line); + return cjose_get_realloc()(p, n); } void cjose_dealloc3_default(void *p, const char *file, int line) { - CJOSE_UNUSED_PARAM(file); - CJOSE_UNUSED_PARAM(line); - cjose_get_dealloc()(p); + CJOSE_UNUSED_PARAM(file); + CJOSE_UNUSED_PARAM(line); + cjose_get_dealloc()(p); } static void cjose_apply_allocs() @@ -66,82 +57,42 @@ static void cjose_apply_allocs() #endif } -void cjose_set_alloc_funcs(cjose_alloc_fn_t alloc, - cjose_realloc_fn_t realloc, - cjose_dealloc_fn_t dealloc) +void cjose_set_alloc_funcs(cjose_alloc_fn_t alloc, cjose_realloc_fn_t realloc, cjose_dealloc_fn_t dealloc) { // save "locally" _alloc = alloc; _realloc = realloc; _dealloc = dealloc; - _alloc3 = cjose_alloc3_default; - _realloc3 = cjose_realloc3_default; - _dealloc3 = cjose_dealloc3_default; + _alloc3 = cjose_alloc3_default; + _realloc3 = cjose_realloc3_default; + _dealloc3 = cjose_dealloc3_default; - cjose_apply_allocs(); + cjose_apply_allocs(); } -void cjose_set_alloc_ex_funcs(cjose_alloc3_fn_t alloc3, - cjose_realloc3_fn_t realloc3, - cjose_dealloc3_fn_t dealloc3) +void cjose_set_alloc_ex_funcs(cjose_alloc3_fn_t alloc3, cjose_realloc3_fn_t realloc3, cjose_dealloc3_fn_t dealloc3) { // save "locally" _alloc3 = alloc3; _realloc3 = realloc3; _dealloc3 = dealloc3; - _alloc = (NULL != alloc3) ? cjose_alloc_wrapped : - NULL; - _realloc = (NULL != realloc3) ? cjose_realloc_wrapped : - NULL; - _dealloc = (NULL != dealloc3) ? cjose_dealloc_wrapped : - NULL; - - cjose_apply_allocs(); -} + _alloc = (NULL != alloc3) ? cjose_alloc_wrapped : NULL; + _realloc = (NULL != realloc3) ? cjose_realloc_wrapped : NULL; + _dealloc = (NULL != dealloc3) ? cjose_dealloc_wrapped : NULL; -cjose_alloc_fn_t cjose_get_alloc() -{ - return (!_alloc) ? - malloc : - _alloc; -} -cjose_alloc3_fn_t cjose_get_alloc3() -{ - return (!_alloc3) ? - cjose_alloc3_default : - _alloc3; + cjose_apply_allocs(); } -cjose_realloc_fn_t cjose_get_realloc() -{ - return (!_realloc) ? - realloc : - _realloc; -} -cjose_realloc3_fn_t cjose_get_realloc3() -{ - return (!_realloc3) ? - cjose_realloc3_default : - _realloc3; -} +cjose_alloc_fn_t cjose_get_alloc() { return (!_alloc) ? malloc : _alloc; } +cjose_alloc3_fn_t cjose_get_alloc3() { return (!_alloc3) ? cjose_alloc3_default : _alloc3; } -cjose_dealloc_fn_t cjose_get_dealloc() -{ - return (!_dealloc) ? - free : - _dealloc; -} -cjose_dealloc3_fn_t cjose_get_dealloc3() -{ - return (!_dealloc3) ? - cjose_dealloc3_default : - _dealloc3; -} +cjose_realloc_fn_t cjose_get_realloc() { return (!_realloc) ? realloc : _realloc; } +cjose_realloc3_fn_t cjose_get_realloc3() { return (!_realloc3) ? cjose_realloc3_default : _realloc3; } + +cjose_dealloc_fn_t cjose_get_dealloc() { return (!_dealloc) ? free : _dealloc; } +cjose_dealloc3_fn_t cjose_get_dealloc3() { return (!_dealloc3) ? cjose_dealloc3_default : _dealloc3; } -int cjose_const_memcmp( - const uint8_t *a, - const uint8_t *b, - const size_t size) +int cjose_const_memcmp(const uint8_t *a, const uint8_t *b, const size_t size) { unsigned char result = 0; for (size_t i = 0; i < size; i++) @@ -177,13 +128,14 @@ char *_cjose_strndup(const char *str, ssize_t len, cjose_err *err) return result; } -json_t *_cjose_json_stringn(const char *value, size_t len, cjose_err *err) { - json_t *result = NULL; +json_t *_cjose_json_stringn(const char *value, size_t len, cjose_err *err) +{ + json_t *result = NULL; #if JANSSON_VERSION_HEX <= 0x020600 char *s = _cjose_strndup(value, len, err); if (!s) { - return NULL; + return NULL; } result = json_string(s); if (!result) diff --git a/src/version.c b/src/version.c index ae718a3..6c627de 100644 --- a/src/version.c +++ b/src/version.c @@ -1,13 +1,10 @@ - /*! - * Copyrights - * - * Portions created or assigned to Cisco Systems, Inc. are - * Copyright (c) 2014-2016 Cisco Systems, Inc. All Rights Reserved. - */ +/*! +* Copyrights +* +* Portions created or assigned to Cisco Systems, Inc. are +* Copyright (c) 2014-2016 Cisco Systems, Inc. All Rights Reserved. +*/ #include -const char * cjose_version() -{ - return CJOSE_VERSION; -} +const char *cjose_version() { return CJOSE_VERSION; } diff --git a/test/check_cjose.c b/test/check_cjose.c index 79c21a6..9fd866a 100644 --- a/test/check_cjose.c +++ b/test/check_cjose.c @@ -39,7 +39,5 @@ int main() EVP_cleanup(); ERR_free_strings(); - return (0 == failed) ? - EXIT_SUCCESS : - EXIT_FAILURE; + return (0 == failed) ? EXIT_SUCCESS : EXIT_FAILURE; } diff --git a/test/check_cjose.h b/test/check_cjose.h index 780eed0..09f50c5 100644 --- a/test/check_cjose.h +++ b/test/check_cjose.h @@ -18,12 +18,14 @@ Suite *cjose_jws_suite(); Suite *cjose_header_suite(); Suite *cjose_utils_suite(); -#define _ck_assert_bin(X, OP, Y, LEN) do {\ - const uint8_t *_chk_x = (X); \ - const uint8_t *_chk_y = (Y); \ - const size_t _chk_len = (LEN); \ - ck_assert_msg(0 OP memcmp(_chk_x, _chk_y, _chk_len), \ - "Assertion '"#X#OP#Y"' failed: "#X"==0x%zx, 0x"#Y"==0x%zx", _chk_x, _chk_y); \ -} while (0); +#define _ck_assert_bin(X, OP, Y, LEN) \ + do \ + { \ + const uint8_t *_chk_x = (X); \ + const uint8_t *_chk_y = (Y); \ + const size_t _chk_len = (LEN); \ + ck_assert_msg(0 OP memcmp(_chk_x, _chk_y, _chk_len), "Assertion '" #X #OP #Y "' failed: " #X "==0x%zx, 0x" #Y "==0x%zx", \ + _chk_x, _chk_y); \ + } while (0); #define ck_assert_bin_eq(X, Y, LEN) _ck_assert_bin(X, ==, Y, LEN) diff --git a/test/check_header.c b/test/check_header.c index 219842a..7304dff 100644 --- a/test/check_header.c +++ b/test/check_header.c @@ -15,7 +15,6 @@ #include #include - START_TEST(test_cjose_header_new_release) { cjose_err err; @@ -66,18 +65,17 @@ START_TEST(test_cjose_header_set_get) ck_assert_msg(result, "cjose_header_set failed to get ENC"); ck_assert_msg(!strcmp(alg_set, alg_get), "cjose_header_get failed, " - "expected: %s, found: %s", ((alg_set) ? alg_set : "null"), - ((alg_get) ? alg_get : "null")); + "expected: %s, found: %s", + ((alg_set) ? alg_set : "null"), ((alg_get) ? alg_get : "null")); ck_assert_msg(!strcmp(enc_set, enc_get), "cjose_header_get failed, " - "expected: %s, found: %s", ((enc_set) ? enc_set : "null"), - ((enc_get) ? enc_get : "null")); + "expected: %s, found: %s", + ((enc_set) ? enc_set : "null"), ((enc_get) ? enc_get : "null")); cjose_header_release(header); } END_TEST - Suite *cjose_header_suite() { Suite *suite = suite_create("header"); diff --git a/test/check_jwe.c b/test/check_jwe.c index d737ba2..37582b2 100644 --- a/test/check_jwe.c +++ b/test/check_jwe.c @@ -15,34 +15,53 @@ #include #include - // a JWK of type RSA -static const char *JWK_RSA = - "{ \"kty\": \"RSA\", " - "\"e\": \"AQAB\", " - "\"n\": \"wsqJbopx18NQFYLYOq4ZeMSE89yGiEankUpf25yV8QqroKUGrASj_OeqTWUjwPGKTN1vGFFuHYxiJeAUQH2qQPmg9Oqk6-ATBEKn9COKYniQ5459UxCwmZA2RL6ufhrNyq0JF3GfXkjLDBfhU9zJJEOhknsA0L_c-X4AI3d_NbFdMqxNe1V_UWAlLcbKdwO6iC9fAvwUmDQxgy6R0DC1CMouQpenMRcALaSHar1cm4K-syoNobv3HEuqgZ3s6-hOOSqauqAO0GUozPpaIA7OeruyRl5sTWT0r-iz39bchID2bIKtcqLiFcSYPLBcxmsaQCqRlGhmv6stjTCLV1yT9w\", " - "\"kid\": \"ff3c5c96-392e-46ef-a839-6ff16027af78\", " - "\"d\": \"b9hXfQ8lOtw8mX1dpqPcoElGhbczz_-xq2znCXQpbBPSZBUddZvchRSH5pSSKPEHlgb3CSGIdpLqsBCv0C_XmCM9ViN8uqsYgDO9uCLIDK5plWttbkqA_EufvW03R9UgIKWmOL3W4g4t-C2mBb8aByaGGVNjLnlb6i186uBsPGkvaeLHbQcRQKAvhOUTeNiyiiCbUGJwCm4avMiZrsz1r81Y1Z5izo0ERxdZymxM3FRZ9vjTB-6DtitvTXXnaAm1JTu6TIpj38u2mnNLkGMbflOpgelMNKBZVxSmfobIbFN8CHVc1UqLK2ElsZ9RCQANgkMHlMkOMj-XT0wHa3VBUQ\", " - "\"p\": \"8mgriveKJAp1S7SHqirQAfZafxVuAK_A2QBYPsAUhikfBOvN0HtZjgurPXSJSdgR8KbWV7ZjdJM_eOivIb_XiuAaUdIOXbLRet7t9a_NJtmX9iybhoa9VOJFMBq_rbnbbte2kq0-FnXmv3cukbC2LaEw3aEcDgyURLCgWFqt7M0\", " - "\"q\": \"zbbTv5421GowOfKVEuVoA35CEWgl8mdasnEZac2LWxMwKExikKU5LLacLQlcOt7A6n1ZGUC2wyH8mstO5tV34Eug3fnNrbnxFUEE_ZB_njs_rtZnwz57AoUXOXVnd194seIZF9PjdzZcuwXwXbrZ2RSVW8if_ZH5OVYEM1EsA9M\", " - "\"dp\": \"1BaIYmIKn1X3InGlcSFcNRtSOnaJdFhRpotCqkRssKUx2qBlxs7ln_5dqLtZkx5VM_UE_GE7yzc6BZOwBxtOftdsr8HVh-14ksSR9rAGEsO2zVBiEuW4qZf_aQM-ScWfU--wcczZ0dT-Ou8P87Bk9K9fjcn0PeaLoz3WTPepzNE\", " - "\"dq\": \"kYw2u4_UmWvcXVOeV_VKJ5aQZkJ6_sxTpodRBMPyQmkMHKcW4eKU1mcJju_deqWadw5jGPPpm5yTXm5UkAwfOeookoWpGa7CvVf4kPNI6Aphn3GBjunJHNpPuU6w-wvomGsxd-NqQDGNYKHuFFMcyXO_zWXglQdP_1o1tJ1M-BM\", " - "\"qi\": \"j94Ens784M8zsfwWoJhYq9prcSZOGgNbtFWQZO8HP8pcNM9ls7YA4snTtAS_B4peWWFAFZ0LSKPCxAvJnrq69ocmEKEk7ss1Jo062f9pLTQ6cnhMjev3IqLocIFt5Vbsg_PWYpFSR7re6FRbF9EYOM7F2-HRv1idxKCWoyQfBqk\" }"; +static const char *JWK_RSA + = "{ \"kty\": \"RSA\", " + "\"e\": \"AQAB\", " + "\"n\": " + "\"wsqJbopx18NQFYLYOq4ZeMSE89yGiEankUpf25yV8QqroKUGrASj_OeqTWUjwPGKTN1vGFFuHYxiJeAUQH2qQPmg9Oqk6-" + "ATBEKn9COKYniQ5459UxCwmZA2RL6ufhrNyq0JF3GfXkjLDBfhU9zJJEOhknsA0L_c-X4AI3d_NbFdMqxNe1V_" + "UWAlLcbKdwO6iC9fAvwUmDQxgy6R0DC1CMouQpenMRcALaSHar1cm4K-syoNobv3HEuqgZ3s6-hOOSqauqAO0GUozPpaIA7OeruyRl5sTWT0r-" + "iz39bchID2bIKtcqLiFcSYPLBcxmsaQCqRlGhmv6stjTCLV1yT9w\", " + "\"kid\": \"ff3c5c96-392e-46ef-a839-6ff16027af78\", " + "\"d\": " + "\"b9hXfQ8lOtw8mX1dpqPcoElGhbczz_-xq2znCXQpbBPSZBUddZvchRSH5pSSKPEHlgb3CSGIdpLqsBCv0C_XmCM9ViN8uqsYgDO9uCLIDK5plWttbkqA_" + "EufvW03R9UgIKWmOL3W4g4t-" + "C2mBb8aByaGGVNjLnlb6i186uBsPGkvaeLHbQcRQKAvhOUTeNiyiiCbUGJwCm4avMiZrsz1r81Y1Z5izo0ERxdZymxM3FRZ9vjTB-" + "6DtitvTXXnaAm1JTu6TIpj38u2mnNLkGMbflOpgelMNKBZVxSmfobIbFN8CHVc1UqLK2ElsZ9RCQANgkMHlMkOMj-XT0wHa3VBUQ\", " + "\"p\": " + "\"8mgriveKJAp1S7SHqirQAfZafxVuAK_A2QBYPsAUhikfBOvN0HtZjgurPXSJSdgR8KbWV7ZjdJM_eOivIb_XiuAaUdIOXbLRet7t9a_" + "NJtmX9iybhoa9VOJFMBq_rbnbbte2kq0-FnXmv3cukbC2LaEw3aEcDgyURLCgWFqt7M0\", " + "\"q\": " + "\"zbbTv5421GowOfKVEuVoA35CEWgl8mdasnEZac2LWxMwKExikKU5LLacLQlcOt7A6n1ZGUC2wyH8mstO5tV34Eug3fnNrbnxFUEE_ZB_njs_" + "rtZnwz57AoUXOXVnd194seIZF9PjdzZcuwXwXbrZ2RSVW8if_ZH5OVYEM1EsA9M\", " + "\"dp\": " + "\"1BaIYmIKn1X3InGlcSFcNRtSOnaJdFhRpotCqkRssKUx2qBlxs7ln_5dqLtZkx5VM_UE_GE7yzc6BZOwBxtOftdsr8HVh-14ksSR9rAGEsO2zVBiEuW4qZf_" + "aQM-ScWfU--wcczZ0dT-Ou8P87Bk9K9fjcn0PeaLoz3WTPepzNE\", " + "\"dq\": " + "\"kYw2u4_UmWvcXVOeV_VKJ5aQZkJ6_sxTpodRBMPyQmkMHKcW4eKU1mcJju_" + "deqWadw5jGPPpm5yTXm5UkAwfOeookoWpGa7CvVf4kPNI6Aphn3GBjunJHNpPuU6w-wvomGsxd-NqQDGNYKHuFFMcyXO_zWXglQdP_1o1tJ1M-BM\", " + "\"qi\": " + "\"j94Ens784M8zsfwWoJhYq9prcSZOGgNbtFWQZO8HP8pcNM9ls7YA4snTtAS_" + "B4peWWFAFZ0LSKPCxAvJnrq69ocmEKEk7ss1Jo062f9pLTQ6cnhMjev3IqLocIFt5Vbsg_PWYpFSR7re6FRbF9EYOM7F2-HRv1idxKCWoyQfBqk\" }"; // a JWK of type oct -static const char *JWK_OCT = - "{\"kty\":\"oct\", " - "\"k\":\"ZMpktzGq1g6_r4fKVdnx9OaYr4HjxPjIs7l7SwAsgsg\"}"; +static const char *JWK_OCT = "{\"kty\":\"oct\", " + "\"k\":\"ZMpktzGq1g6_r4fKVdnx9OaYr4HjxPjIs7l7SwAsgsg\"}"; // a JWE encrypted with the above JWK_RSA key (using node-jose) -static const char *JWE_RSA = - "eyJraWQiOiJmZjNjNWM5Ni0zOTJlLTQ2ZWYtYTgzOS02ZmYxNjAyN2FmNzgiLCJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.FGQ9IUhjmSJr4dAntH0DP-dAJiZPfKCRhg-SjUywNFqmG-ruhRvio1K7qy2Z0joatZxdJmkOInlsGvGIZeyapTtOndshCsfTlazHH-4fqFyepIm6o-gZ8gfntDG_sa9hi9uw1KxeJfNmaL94JMjq-QVmocdCeruIE7_bL90MNflQ8qf5vhuh_hF_Ea_vUnHlIbbQsF1ZF4rRsEGBR7CxTBxusMgErct0kp3La6qQbnX8fDJMqL_aeot4xZRm3zobIYqKePaGBaSJ7wooWslM1w57IrYXN0UVODRAFO6L5ldF_PHpWbBnFx4k_-FWCOVb-iVpQmLtBkniKG6iItXVUQ.ebcXmjWfUMq-brIT.BPt7F9tcIwQpoAjlyguagOGftJE392-j3kSnP5I6nB-WhWKfpPAeChIW23oWTUHlUbadOeBaiI6r-2TLTZzf3jFKc8Wwr-F0q_iEUQjmg3om-PKR_Pgl_ncDTXjkxSQjbHOAV1JByh61G-WFuEC1UItyib0AOq9R.Mlo2kQF8Zn2hwwdDl_4Lnw"; +static const char *JWE_RSA + = "eyJraWQiOiJmZjNjNWM5Ni0zOTJlLTQ2ZWYtYTgzOS02ZmYxNjAyN2FmNzgiLCJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ." + "FGQ9IUhjmSJr4dAntH0DP-dAJiZPfKCRhg-SjUywNFqmG-ruhRvio1K7qy2Z0joatZxdJmkOInlsGvGIZeyapTtOndshCsfTlazHH-4fqFyepIm6o-gZ8gfntDG_" + "sa9hi9uw1KxeJfNmaL94JMjq-QVmocdCeruIE7_bL90MNflQ8qf5vhuh_hF_Ea_vUnHlIbbQsF1ZF4rRsEGBR7CxTBxusMgErct0kp3La6qQbnX8fDJMqL_" + "aeot4xZRm3zobIYqKePaGBaSJ7wooWslM1w57IrYXN0UVODRAFO6L5ldF_PHpWbBnFx4k_-FWCOVb-iVpQmLtBkniKG6iItXVUQ.ebcXmjWfUMq-brIT." + "BPt7F9tcIwQpoAjlyguagOGftJE392-j3kSnP5I6nB-WhWKfpPAeChIW23oWTUHlUbadOeBaiI6r-2TLTZzf3jFKc8Wwr-F0q_iEUQjmg3om-PKR_Pgl_" + "ncDTXjkxSQjbHOAV1JByh61G-WFuEC1UItyib0AOq9R.Mlo2kQF8Zn2hwwdDl_4Lnw"; // the plaintext payload of the above JWE object(s) -static const char *PLAINTEXT = - "If you reveal your secrets to the wind, you should not blame the " - "wind for revealing them to the trees. — Kahlil Gibran"; - +static const char *PLAINTEXT = "If you reveal your secrets to the wind, you should not blame the " + "wind for revealing them to the trees. — Kahlil Gibran"; START_TEST(test_cjose_jwe_node_jose_encrypt_self_decrypt) { @@ -51,32 +70,27 @@ START_TEST(test_cjose_jwe_node_jose_encrypt_self_decrypt) // import the JWK cjose_jwk_t *jwk = cjose_jwk_import(JWK_RSA, strlen(JWK_RSA), &err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // import the JWE cjose_jwe_t *jwe = cjose_jwe_import(JWE_RSA, strlen(JWE_RSA), &err); ck_assert_msg(NULL != jwe, "cjose_jwe_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // decrypt the imported JWE size_t plain2_len = 0; uint8_t *plain2 = cjose_jwe_decrypt(jwe, jwk, &plain2_len, &err); - ck_assert_msg( - NULL != plain2, - "cjose_jwe_get_plaintext failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(NULL != plain2, "cjose_jwe_get_plaintext failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // confirm plain2 == PLAINTEXT - ck_assert_msg( - plain2_len == strlen(PLAINTEXT), - "length of decrypted plaintext does not match length of original, " - "expected: %lu, found: %lu", strlen(PLAINTEXT), plain2_len); - ck_assert_msg( - strncmp(PLAINTEXT, plain2, plain2_len) == 0, - "decrypted plaintext does not match encrypted plaintext"); + ck_assert_msg(plain2_len == strlen(PLAINTEXT), "length of decrypted plaintext does not match length of original, " + "expected: %lu, found: %lu", + strlen(PLAINTEXT), plain2_len); + ck_assert_msg(strncmp(PLAINTEXT, plain2, plain2_len) == 0, "decrypted plaintext does not match encrypted plaintext"); cjose_get_dealloc()(plain2); cjose_jwk_release(jwk); @@ -84,74 +98,57 @@ START_TEST(test_cjose_jwe_node_jose_encrypt_self_decrypt) } END_TEST - -static void _self_encrypt_self_decrypt_with_key( - const char *alg, - const char *enc, - const char *key, - const char *plain1) +static void _self_encrypt_self_decrypt_with_key(const char *alg, const char *enc, const char *key, const char *plain1) { cjose_err err; cjose_jwk_t *jwk = cjose_jwk_import(key, strlen(key), &err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // set header for JWE cjose_header_t *hdr = cjose_header_new(&err); - ck_assert_msg( - cjose_header_set(hdr, CJOSE_HDR_ALG, alg, &err), - "cjose_header_set failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); - - ck_assert_msg( - cjose_header_set(hdr, CJOSE_HDR_ENC, enc, &err), - "cjose_header_set failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(cjose_header_set(hdr, CJOSE_HDR_ALG, alg, &err), "cjose_header_set failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); + + ck_assert_msg(cjose_header_set(hdr, CJOSE_HDR_ENC, enc, &err), "cjose_header_set failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // create the JWE size_t plain1_len = strlen(plain1); cjose_jwe_t *jwe1 = cjose_jwe_encrypt(jwk, hdr, plain1, plain1_len, &err); - ck_assert_msg(NULL != jwe1, - "cjose_jwe_encrypt failed: %s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(NULL != jwe1, "cjose_jwe_encrypt failed: %s, file: %s, function: %s, line: %ld", err.message, err.file, + err.function, err.line); ck_assert(hdr == cjose_jwe_get_protected(jwe1)); // get the compact serialization of JWE char *compact = cjose_jwe_export(jwe1, &err); - ck_assert_msg(NULL != compact, - "cjose_jwe_export failed: %s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(NULL != compact, "cjose_jwe_export failed: %s, file: %s, function: %s, line: %ld", err.message, err.file, + err.function, err.line); // deserialize the compact representation to a new JWE cjose_jwe_t *jwe2 = cjose_jwe_import(compact, strlen(compact), &err); ck_assert_msg(NULL != jwe2, "cjose_jwe_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // get the decrypted plaintext uint8_t *plain2 = NULL; size_t plain2_len = 0; plain2 = cjose_jwe_decrypt(jwe2, jwk, &plain2_len, &err); - ck_assert_msg( - NULL != plain2, "cjose_jwe_decrypt failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(NULL != plain2, "cjose_jwe_decrypt failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // confirm plain2 == plain1 - ck_assert(json_equal( - (json_t *)cjose_jwe_get_protected(jwe1), - (json_t *)cjose_jwe_get_protected(jwe2))); - ck_assert_msg( - plain2_len == strlen(plain1), - "length of decrypted plaintext does not match length of original, " - "expected: %lu, found: %lu", strlen(plain1), plain2_len); - ck_assert_msg( - strncmp(plain1, plain2, plain2_len) == 0, - "decrypted plaintext does not match encrypted plaintext"); + ck_assert(json_equal((json_t *)cjose_jwe_get_protected(jwe1), (json_t *)cjose_jwe_get_protected(jwe2))); + ck_assert_msg(plain2_len == strlen(plain1), "length of decrypted plaintext does not match length of original, " + "expected: %lu, found: %lu", + strlen(plain1), plain2_len); + ck_assert_msg(strncmp(plain1, plain2, plain2_len) == 0, "decrypted plaintext does not match encrypted plaintext"); cjose_get_dealloc()(plain2); cjose_header_release(hdr); @@ -161,93 +158,56 @@ static void _self_encrypt_self_decrypt_with_key( cjose_get_dealloc()(compact); } - static void _self_encrypt_self_decrypt(const char *plain1) { - _self_encrypt_self_decrypt_with_key( - CJOSE_HDR_ALG_RSA_OAEP, - CJOSE_HDR_ENC_A256GCM, - JWK_RSA, - plain1); - - _self_encrypt_self_decrypt_with_key( - CJOSE_HDR_ALG_RSA1_5, - CJOSE_HDR_ENC_A256GCM, - JWK_RSA, - plain1); - - _self_encrypt_self_decrypt_with_key( - CJOSE_HDR_ALG_DIR, - CJOSE_HDR_ENC_A256GCM, - JWK_OCT, - plain1); - - _self_encrypt_self_decrypt_with_key( - CJOSE_HDR_ALG_A128KW, - CJOSE_HDR_ENC_A128CBC_HS256, - JWK_OCT, - plain1); - - _self_encrypt_self_decrypt_with_key( - CJOSE_HDR_ALG_A192KW, - CJOSE_HDR_ENC_A192CBC_HS384, - JWK_OCT, - plain1); - - _self_encrypt_self_decrypt_with_key( - CJOSE_HDR_ALG_A256KW, - CJOSE_HDR_ENC_A256CBC_HS512, - JWK_OCT, - plain1); -} + _self_encrypt_self_decrypt_with_key(CJOSE_HDR_ALG_RSA_OAEP, CJOSE_HDR_ENC_A256GCM, JWK_RSA, plain1); + _self_encrypt_self_decrypt_with_key(CJOSE_HDR_ALG_RSA1_5, CJOSE_HDR_ENC_A256GCM, JWK_RSA, plain1); -START_TEST(test_cjose_jwe_self_encrypt_self_decrypt) -{ - _self_encrypt_self_decrypt( - "Sed ut perspiciatis unde omnis iste natus error sit voluptatem " - "doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo " - "veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo " - "ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed " - "consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt. " - "porro quisquam est, qui dolorem ipsum quia dolor sit amet, " - "adipisci velit, sed quia non numquam eius modi tempora incidunt ut " - "dolore magnam aliquam quaerat voluptatem. Ut enim ad minima veniam, " - "nostrum exercitationem ullam corporis suscipit laboriosam, nisi ut " - "ea commodi consequatur? Quis autem vel eum iure reprehenderit qui in " - "voluptate velit esse quam nihil molestiae consequatur, vel illum qui " - "eum fugiat quo voluptas nulla pariatur?"); -} -END_TEST + _self_encrypt_self_decrypt_with_key(CJOSE_HDR_ALG_DIR, CJOSE_HDR_ENC_A256GCM, JWK_OCT, plain1); + _self_encrypt_self_decrypt_with_key(CJOSE_HDR_ALG_A128KW, CJOSE_HDR_ENC_A128CBC_HS256, JWK_OCT, plain1); -START_TEST(test_cjose_jwe_self_encrypt_self_decrypt_short) -{ - _self_encrypt_self_decrypt("Setec Astronomy"); -} -END_TEST + _self_encrypt_self_decrypt_with_key(CJOSE_HDR_ALG_A192KW, CJOSE_HDR_ENC_A192CBC_HS384, JWK_OCT, plain1); + _self_encrypt_self_decrypt_with_key(CJOSE_HDR_ALG_A256KW, CJOSE_HDR_ENC_A256CBC_HS512, JWK_OCT, plain1); +} -START_TEST(test_cjose_jwe_self_encrypt_self_decrypt_empty) +START_TEST(test_cjose_jwe_self_encrypt_self_decrypt) { - _self_encrypt_self_decrypt(""); + _self_encrypt_self_decrypt("Sed ut perspiciatis unde omnis iste natus error sit voluptatem " + "doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo " + "veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo " + "ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed " + "consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt. " + "porro quisquam est, qui dolorem ipsum quia dolor sit amet, " + "adipisci velit, sed quia non numquam eius modi tempora incidunt ut " + "dolore magnam aliquam quaerat voluptatem. Ut enim ad minima veniam, " + "nostrum exercitationem ullam corporis suscipit laboriosam, nisi ut " + "ea commodi consequatur? Quis autem vel eum iure reprehenderit qui in " + "voluptate velit esse quam nihil molestiae consequatur, vel illum qui " + "eum fugiat quo voluptas nulla pariatur?"); } END_TEST +START_TEST(test_cjose_jwe_self_encrypt_self_decrypt_short) { _self_encrypt_self_decrypt("Setec Astronomy"); } +END_TEST + +START_TEST(test_cjose_jwe_self_encrypt_self_decrypt_empty) { _self_encrypt_self_decrypt(""); } +END_TEST START_TEST(test_cjose_jwe_self_encrypt_self_decrypt_large) { // encrypt and decrypt a 4MB buffer of z's - size_t len = 1024*4096; + size_t len = 1024 * 4096; char *plain = (char *)malloc(len); memset(plain, 'z', len); - plain[len-1] = 0; + plain[len - 1] = 0; _self_encrypt_self_decrypt(plain); free(plain); } END_TEST - START_TEST(test_cjose_jwe_self_encrypt_self_decrypt_many) { // encrypt and decrypt a whole lot of randomly sized payloads @@ -256,7 +216,7 @@ START_TEST(test_cjose_jwe_self_encrypt_self_decrypt_many) size_t len = random() % 1024; char *plain = (char *)malloc(len); ck_assert_msg(RAND_bytes(plain, len) == 1, "RAND_bytes failed"); - plain[len-1] = 0; + plain[len - 1] = 0; _self_encrypt_self_decrypt(plain); free(plain); } @@ -269,59 +229,52 @@ START_TEST(test_cjose_jwe_encrypt_with_bad_header) cjose_jwe_t *jwe = NULL; cjose_err err; - static const char *plain = - "The mind is everything. What you think you become."; + static const char *plain = "The mind is everything. What you think you become."; size_t plain_len = strlen(plain); - static const char *JWK = - "{ \"kty\": \"RSA\", " - "\"kid\": \"9ebf9edb-3a24-48b4-b2cb-21f0cf747ea7\", " - "\"e\": \"AQAB\", " - "\"n\": \"0a5nKJLjaB1xdebYWfhvlhYhgfzkw49HAUIjyvb6fNPKhwlBQMoAS5jM3kI17_OMGrHxL7ZP00OE-24__VWDCAhOQsSvlgCvw2XOOCtSWWLpb03dTrCMFeemqS4S9jrKd3NbUk3UJ2dVb_EIbQEC_BVjZStr_HcCrKsj4AluaQUn09H7TuK0yZFBzZMhJ1J8Yi3nAPkxzdGah0XuWhLObMAvANSVmHzRXwnTDw9Dh_bJ4G1xd1DE7W94uoUlcSDx59aSdzTpQzJh1l3lXc6JRUrXTESYgHpMv0O1n0gbIxX8X1ityBlMiccDjfZIKLnwz6hQObvRtRIpxEdq4SYS-w\" }"; + static const char *JWK + = "{ \"kty\": \"RSA\", " + "\"kid\": \"9ebf9edb-3a24-48b4-b2cb-21f0cf747ea7\", " + "\"e\": \"AQAB\", " + "\"n\": " + "\"0a5nKJLjaB1xdebYWfhvlhYhgfzkw49HAUIjyvb6fNPKhwlBQMoAS5jM3kI17_OMGrHxL7ZP00OE-24__" + "VWDCAhOQsSvlgCvw2XOOCtSWWLpb03dTrCMFeemqS4S9jrKd3NbUk3UJ2dVb_EIbQEC_BVjZStr_" + "HcCrKsj4AluaQUn09H7TuK0yZFBzZMhJ1J8Yi3nAPkxzdGah0XuWhLObMAvANSVmHzRXwnTDw9Dh_" + "bJ4G1xd1DE7W94uoUlcSDx59aSdzTpQzJh1l3lXc6JRUrXTESYgHpMv0O1n0gbIxX8X1ityBlMiccDjfZIKLnwz6hQObvRtRIpxEdq4SYS-w\" }"; cjose_jwk_t *jwk = cjose_jwk_import(JWK, strlen(JWK), &err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // set header for JWE with bad alg hdr = cjose_header_new(&err); - ck_assert_msg( - cjose_header_set(hdr, CJOSE_HDR_ALG, "Cayley-Purser", &err), - "cjose_header_set failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); - - ck_assert_msg( - cjose_header_set(hdr, CJOSE_HDR_ENC, CJOSE_HDR_ENC_A256GCM, &err), - "cjose_header_set failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(cjose_header_set(hdr, CJOSE_HDR_ALG, "Cayley-Purser", &err), "cjose_header_set failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); + + ck_assert_msg(cjose_header_set(hdr, CJOSE_HDR_ENC, CJOSE_HDR_ENC_A256GCM, &err), "cjose_header_set failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // create a JWE jwe = cjose_jwe_encrypt(jwk, hdr, plain, plain_len, &err); ck_assert_msg(NULL == jwe, "cjose_jwe_encrypt created with bad header"); - ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, - "cjose_jwe_encrypt returned bad err.code"); + ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, "cjose_jwe_encrypt returned bad err.code"); // set header for JWE with bad enc - ck_assert_msg( - cjose_header_set(hdr, CJOSE_HDR_ALG, CJOSE_HDR_ALG_RSA_OAEP, &err), - "cjose_header_set failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); - - ck_assert_msg( - cjose_header_set(hdr, CJOSE_HDR_ENC, "Twofish", &err), - "cjose_header_set failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(cjose_header_set(hdr, CJOSE_HDR_ALG, CJOSE_HDR_ALG_RSA_OAEP, &err), "cjose_header_set failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); + + ck_assert_msg(cjose_header_set(hdr, CJOSE_HDR_ENC, "Twofish", &err), "cjose_header_set failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // create a JWE jwe = cjose_jwe_encrypt(jwk, hdr, plain, plain_len, &err); ck_assert_msg(NULL == jwe, "cjose_jwe_encrypt created with bad header"); - ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, - "cjose_jwe_encrypt returned bad err.code"); + ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, "cjose_jwe_encrypt returned bad err.code"); cjose_header_release(hdr); cjose_jwk_release(jwk); @@ -334,8 +287,7 @@ START_TEST(test_cjose_jwe_encrypt_with_bad_key) cjose_jwe_t *jwe = NULL; cjose_err err; - static const char *plain = - "The mind is everything. What you think you become."; + static const char *plain = "The mind is everything. What you think you become."; size_t plain_len = strlen(plain); // some bad keys to test with @@ -354,93 +306,82 @@ START_TEST(test_cjose_jwe_encrypt_with_bad_key) // set header for JWE hdr = cjose_header_new(&err); - ck_assert_msg( - cjose_header_set(hdr, CJOSE_HDR_ALG, CJOSE_HDR_ALG_RSA_OAEP, &err), - "cjose_header_set failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); - - ck_assert_msg( - cjose_header_set(hdr, CJOSE_HDR_ENC, CJOSE_HDR_ENC_A256GCM, &err), - "cjose_header_set failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(cjose_header_set(hdr, CJOSE_HDR_ALG, CJOSE_HDR_ALG_RSA_OAEP, &err), "cjose_header_set failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); + + ck_assert_msg(cjose_header_set(hdr, CJOSE_HDR_ENC, CJOSE_HDR_ENC_A256GCM, &err), "cjose_header_set failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // attempt encryption with each bad key for (int i = 0; NULL != JWK_BAD[i]; ++i) { - cjose_jwk_t *jwk = cjose_jwk_import( - JWK_BAD[i], strlen(JWK_BAD[i]), &err); + cjose_jwk_t *jwk = cjose_jwk_import(JWK_BAD[i], strlen(JWK_BAD[i]), &err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); jwe = cjose_jwe_encrypt(jwk, hdr, plain, plain_len, &err); ck_assert_msg(NULL == jwe, "cjose_jwe_encrypt created with bad key"); - ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, - "cjose_jwe_encrypt returned bad err.code"); + ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, "cjose_jwe_encrypt returned bad err.code"); cjose_jwk_release(jwk); } jwe = cjose_jwe_encrypt(NULL, hdr, plain, plain_len, &err); ck_assert_msg(NULL == jwe, "cjose_jwe_encrypt created with bad key"); - ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, - "cjose_jwe_encrypt returned bad err.code"); + ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, "cjose_jwe_encrypt returned bad err.code"); cjose_header_release(hdr); } END_TEST - START_TEST(test_cjose_jwe_encrypt_with_bad_content) { cjose_header_t *hdr = NULL; cjose_jwe_t *jwe = NULL; cjose_err err; - static const char *JWK = - "{ \"kty\": \"RSA\", " - "\"kid\": \"9ebf9edb-3a24-48b4-b2cb-21f0cf747ea7\", " - "\"e\": \"AQAB\", " - "\"n\": \"0a5nKJLjaB1xdebYWfhvlhYhgfzkw49HAUIjyvb6fNPKhwlBQMoAS5jM3kI17_OMGrHxL7ZP00OE-24__VWDCAhOQsSvlgCvw2XOOCtSWWLpb03dTrCMFeemqS4S9jrKd3NbUk3UJ2dVb_EIbQEC_BVjZStr_HcCrKsj4AluaQUn09H7TuK0yZFBzZMhJ1J8Yi3nAPkxzdGah0XuWhLObMAvANSVmHzRXwnTDw9Dh_bJ4G1xd1DE7W94uoUlcSDx59aSdzTpQzJh1l3lXc6JRUrXTESYgHpMv0O1n0gbIxX8X1ityBlMiccDjfZIKLnwz6hQObvRtRIpxEdq4SYS-w\" }"; + static const char *JWK + = "{ \"kty\": \"RSA\", " + "\"kid\": \"9ebf9edb-3a24-48b4-b2cb-21f0cf747ea7\", " + "\"e\": \"AQAB\", " + "\"n\": " + "\"0a5nKJLjaB1xdebYWfhvlhYhgfzkw49HAUIjyvb6fNPKhwlBQMoAS5jM3kI17_OMGrHxL7ZP00OE-24__" + "VWDCAhOQsSvlgCvw2XOOCtSWWLpb03dTrCMFeemqS4S9jrKd3NbUk3UJ2dVb_EIbQEC_BVjZStr_" + "HcCrKsj4AluaQUn09H7TuK0yZFBzZMhJ1J8Yi3nAPkxzdGah0XuWhLObMAvANSVmHzRXwnTDw9Dh_" + "bJ4G1xd1DE7W94uoUlcSDx59aSdzTpQzJh1l3lXc6JRUrXTESYgHpMv0O1n0gbIxX8X1ityBlMiccDjfZIKLnwz6hQObvRtRIpxEdq4SYS-w\" }"; // import the key cjose_jwk_t *jwk = cjose_jwk_import(JWK, strlen(JWK), &err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // set header for JWE hdr = cjose_header_new(&err); - ck_assert_msg( - cjose_header_set(hdr, CJOSE_HDR_ALG, CJOSE_HDR_ALG_RSA_OAEP, &err), - "cjose_header_set failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); - - ck_assert_msg( - cjose_header_set(hdr, CJOSE_HDR_ENC, CJOSE_HDR_ENC_A256GCM, &err), - "cjose_header_set failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(cjose_header_set(hdr, CJOSE_HDR_ALG, CJOSE_HDR_ALG_RSA_OAEP, &err), "cjose_header_set failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); + + ck_assert_msg(cjose_header_set(hdr, CJOSE_HDR_ENC, CJOSE_HDR_ENC_A256GCM, &err), "cjose_header_set failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); jwe = cjose_jwe_encrypt(jwk, hdr, NULL, 1024, &err); ck_assert_msg(NULL == jwe, "cjose_jwe_encrypt created with NULL plaintext"); - ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, - "cjose_jwe_encrypt returned bad err.code"); + ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, "cjose_jwe_encrypt returned bad err.code"); jwe = cjose_jwe_encrypt(jwk, hdr, NULL, 0, &err); ck_assert_msg(NULL == jwe, "cjose_jwe_encrypt created with NULL plaintext"); - ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, - "cjose_jwe_encrypt returned bad err.code"); + ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, "cjose_jwe_encrypt returned bad err.code"); cjose_jwk_release(jwk); cjose_header_release(hdr); } END_TEST - START_TEST(test_cjose_jwe_import_export_compare) { cjose_err err; @@ -448,26 +389,23 @@ START_TEST(test_cjose_jwe_import_export_compare) // import the common key cjose_jwk_t *jwk = cjose_jwk_import(JWK_RSA, strlen(JWK_RSA), &err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // import the jwe created with the common key cjose_jwe_t *jwe = cjose_jwe_import(JWE_RSA, strlen(JWE_RSA), &err); ck_assert_msg(NULL != jwe, "cjose_jwe_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // re-export the jwe object char *cser = cjose_jwe_export(jwe, &err); - ck_assert_msg(NULL != cser, - "re-export of imported JWE failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(NULL != cser, "re-export of imported JWE failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // compare the re-export to the original serialization - ck_assert_msg( - strncmp(JWE_RSA, cser, strlen(JWE_RSA)) == 0, - "export of imported JWE doesn't match original"); + ck_assert_msg(strncmp(JWE_RSA, cser, strlen(JWE_RSA)) == 0, "export of imported JWE doesn't match original"); cjose_jwk_release(jwk); cjose_jwe_release(jwe); @@ -475,39 +413,110 @@ START_TEST(test_cjose_jwe_import_export_compare) } END_TEST - START_TEST(test_cjose_jwe_import_invalid_serialization) { cjose_err err; - static const char *JWE_BAD[] = { - "eyJraWQiOiI5ZWJmOWVkYi0zYTI0LTQ4YjQtYjJjYi0yMWYwY2Y3NDdlYTciLCJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.D4Od2xiHoO5SYtoUXt_I_oZvxFfCA29dxbyz21Uw6sP-uQpoPxu-jQ7NUJtmzZIf4VIWHN5YOrV0-UqKkP-Woipug26blBPkIV4YzoNFJD3sMW3Bbc91M_Rwd03QID6eGv0REkCo1KbbLnw_u56PGBtPVHJNIMwNTKdU-FJwxEkahZGU3FS8RLw8-0BeFvLbjg3yTCUVuZex2mZ3QL_sXrCYADSMpYDWC41nxEWt26Z_cxGhGmRU_5fjsE_AWHrIWS1-qdZcAlYrv-wMg0pRqsElGVVcFSkfXBfyGFURcAqB-a2ge2IxxQ-G3Jkhl7EFIWhhD1ZtQWGEpBVjHZeH3w.NnDIbUkIHi1suUKk.jUGOQ2vKzL_nrjbaK6qwnDBTtU26Ut9HiyUsblnEs_0aO0aJ50f13bu2EBic5e0e50Lu8jVUlMSfwPgfqKePV9xbHmE6GPn_E59VxnzJpMVoxohjqezkG50ydvqXg_lJ84BLk8R0dR_LtUZxJdbzNo-B8YRloiKPOee7zyZ6tU9h-_so37XgLBy6uDDeGxGlK6TnG8q9oqLB7zLF03Seyv8XBl-Bved7V8sor_sr4efoyW_oKneqqBSqnaQ0OApMnFTQ7yudwfI19R9CvYI62bfluDSknai0Lwm3cGDOSningMxKpPVja_Ieyb5cJNHsnR5u5bCYjBl5l7wL7ttXBBURaFDO6i67KxHq-K02AAxyAWkJM9DWt_IXsx4vxvYCgUQQxmMvZRAzxdrT1UOvpyJoh64LcuKuj4LGY_b6xaSV72CpeNQWXaSJDSNtQKsoO3-S4QAcqHTUXb9-_HKIi8sZJgqxeyHYs2oJRD0WItq0BUVoHvaQmR2gRm-rhXuujOWJW_xk9Wp8lpbJR8tANdcai7O84WR9noA0-z3BdYdLOftK-YAR1Fa8OEE1-VSAI7TfRjMdAMw01pGJZmwn4VhbcE60QS0uESnNPRq9abpVqVlEA6WdFtAgv6oUJ34YpSQ5hXEXbTSz0XL948q58QZ0oadVeR-1JOm3fjCgvJgvvcdmDs1kZy2iPPmMhsmwiTQCBXlgwbj7xUxuA9EtcVcIylL3X1BmRqDJG8kyJLBFvRtBwe6OC0uApr_74evzbnihMFk1bBEeL0H8yJWvWpl20SHF6gjlEHb7OqF1fMGj3oqxRjYrRcNj2EV-Acq8WVbRuizYSxREnBt5_sWoiUHtbSpgNeMEv3Go9fzVsa93KKF6llT2KBo6V8Vx4XxjmGG6U5oUS_SX1S3bnHPqepv9izstL2Stlz8_UwxqVER1aotgywX1ez70YGA37Ikr6gO9LPKCYVQtcRG7P597mka0STnYFf6arOF0DUC_hyWYLjwoiTj9QVg9JPqMuxSo8JFTpkGeNQf6slLiYc9WDd4J-QfFmSZBBguWmxq3ch_sg9YfPlBXir5oCVu3GDTZX2oH1h5gGwWHCgqM8qv2fsQoLwAZR9EhThb6zi1u12WxyLlwApw5O32GiJpOj1bWr-_69Lo4Mpc66EYdmoKDXl4qmp6b0yhCUVS9e1Miu0vsXFq2NJwP4HUUnN_FojhS1F5EYOSW8ue1K3ESyqVrKKoF5sVqGJZESiveiR5ypVpmAOSfmZltJ-GVO5cOcGKvtYG4PQz_wN7T_I0g9XWP9hBW5G0BZTR-rvT8mwobLT2ijFA_5TMkRualT2NzAttEbx7ThGwEJoU3-2k3_hqykZtfQv7KxwwYdezVsxV-ukbMfzrOsOU517tIZ9wNdf1BV4c1sINlWfllAi9Sm54KqoLyqTtzvtM54InuknS4H-mEMMK3J7geH3GKpuAz-RUiim6OKihuOJvKSsyLxRL32u-HnszlczfShAOfWA_1nfWzRYzVxtqfv3PXPQguF8A4-VhE_YSPQc6Bnwh_LzliqA-8Vk5WZiAwDN_WybhPmZg5UnwVh5x7tnBPq82HSuCU4uefjaLBfjYnfRul2UY86HlHlpXVgyZEAvhRFPQwklqcfmlf3lCFz-g6P9wKYj0uncG3T9NUs28Oksy-o9MdC3aekP-0LszrxQbfwps0nq45dVsnURJCGyT7vwCObUTPDGFCMg.B4xpiaoieUnluhz5U4ivTg.x", - "eyJraWQiOiI5ZWJmOWVkYi0zYTI0LTQ4YjQtYjJjYi0yMWYwY2Y3NDdlYTciLCJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.D4Od2xiHoO5SYtoUXt_I_oZvxFfCA29dxbyz21Uw6sP-uQpoPxu-jQ7NUJtmzZIf4VIWHN5YOrV0-UqKkP-Woipug26blBPkIV4YzoNFJD3sMW3Bbc91M_Rwd03QID6eGv0REkCo1KbbLnw_u56PGBtPVHJNIMwNTKdU-FJwxEkahZGU3FS8RLw8-0BeFvLbjg3yTCUVuZex2mZ3QL_sXrCYADSMpYDWC41nxEWt26Z_cxGhGmRU_5fjsE_AWHrIWS1-qdZcAlYrv-wMg0pRqsElGVVcFSkfXBfyGFURcAqB-a2ge2IxxQ-G3Jkhl7EFIWhhD1ZtQWGEpBVjHZeH3w.NnDIbUkIHi1suUKk.jUGOQ2vKzL_nrjbaK6qwnDBTtU26Ut9HiyUsblnEs_0aO0aJ50f13bu2EBic5e0e50Lu8jVUlMSfwPgfqKePV9xbHmE6GPn_E59VxnzJpMVoxohjqezkG50ydvqXg_lJ84BLk8R0dR_LtUZxJdbzNo-B8YRloiKPOee7zyZ6tU9h-_so37XgLBy6uDDeGxGlK6TnG8q9oqLB7zLF03Seyv8XBl-Bved7V8sor_sr4efoyW_oKneqqBSqnaQ0OApMnFTQ7yudwfI19R9CvYI62bfluDSknai0Lwm3cGDOSningMxKpPVja_Ieyb5cJNHsnR5u5bCYjBl5l7wL7ttXBBURaFDO6i67KxHq-K02AAxyAWkJM9DWt_IXsx4vxvYCgUQQxmMvZRAzxdrT1UOvpyJoh64LcuKuj4LGY_b6xaSV72CpeNQWXaSJDSNtQKsoO3-S4QAcqHTUXb9-_HKIi8sZJgqxeyHYs2oJRD0WItq0BUVoHvaQmR2gRm-rhXuujOWJW_xk9Wp8lpbJR8tANdcai7O84WR9noA0-z3BdYdLOftK-YAR1Fa8OEE1-VSAI7TfRjMdAMw01pGJZmwn4VhbcE60QS0uESnNPRq9abpVqVlEA6WdFtAgv6oUJ34YpSQ5hXEXbTSz0XL948q58QZ0oadVeR-1JOm3fjCgvJgvvcdmDs1kZy2iPPmMhsmwiTQCBXlgwbj7xUxuA9EtcVcIylL3X1BmRqDJG8kyJLBFvRtBwe6OC0uApr_74evzbnihMFk1bBEeL0H8yJWvWpl20SHF6gjlEHb7OqF1fMGj3oqxRjYrRcNj2EV-Acq8WVbRuizYSxREnBt5_sWoiUHtbSpgNeMEv3Go9fzVsa93KKF6llT2KBo6V8Vx4XxjmGG6U5oUS_SX1S3bnHPqepv9izstL2Stlz8_UwxqVER1aotgywX1ez70YGA37Ikr6gO9LPKCYVQtcRG7P597mka0STnYFf6arOF0DUC_hyWYLjwoiTj9QVg9JPqMuxSo8JFTpkGeNQf6slLiYc9WDd4J-QfFmSZBBguWmxq3ch_sg9YfPlBXir5oCVu3GDTZX2oH1h5gGwWHCgqM8qv2fsQoLwAZR9EhThb6zi1u12WxyLlwApw5O32GiJpOj1bWr-_69Lo4Mpc66EYdmoKDXl4qmp6b0yhCUVS9e1Miu0vsXFq2NJwP4HUUnN_FojhS1F5EYOSW8ue1K3ESyqVrKKoF5sVqGJZESiveiR5ypVpmAOSfmZltJ-GVO5cOcGKvtYG4PQz_wN7T_I0g9XWP9hBW5G0BZTR-rvT8mwobLT2ijFA_5TMkRualT2NzAttEbx7ThGwEJoU3-2k3_hqykZtfQv7KxwwYdezVsxV-ukbMfzrOsOU517tIZ9wNdf1BV4c1sINlWfllAi9Sm54KqoLyqTtzvtM54InuknS4H-mEMMK3J7geH3GKpuAz-RUiim6OKihuOJvKSsyLxRL32u-HnszlczfShAOfWA_1nfWzRYzVxtqfv3PXPQguF8A4-VhE_YSPQc6Bnwh_LzliqA-8Vk5WZiAwDN_WybhPmZg5UnwVh5x7tnBPq82HSuCU4uefjaLBfjYnfRul2UY86HlHlpXVgyZEAvhRFPQwklqcfmlf3lCFz-g6P9wKYj0uncG3T9NUs28Oksy-o9MdC3aekP-0LszrxQbfwps0nq45dVsnURJCGyT7vwCObUTPDGFCMg.B4xpiaoieUnluhz5U4ivTg.", - "eyJraWQiOiI5ZWJmOWVkYi0zYTI0LTQ4YjQtYjJjYi0yMWYwY2Y3NDdlYTciLCJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.D4Od2xiHoO5SYtoUXt_I_oZvxFfCA29dxbyz21Uw6sP-uQpoPxu-jQ7NUJtmzZIf4VIWHN5YOrV0-UqKkP-Woipug26blBPkIV4YzoNFJD3sMW3Bbc91M_Rwd03QID6eGv0REkCo1KbbLnw_u56PGBtPVHJNIMwNTKdU-FJwxEkahZGU3FS8RLw8-0BeFvLbjg3yTCUVuZex2mZ3QL_sXrCYADSMpYDWC41nxEWt26Z_cxGhGmRU_5fjsE_AWHrIWS1-qdZcAlYrv-wMg0pRqsElGVVcFSkfXBfyGFURcAqB-a2ge2IxxQ-G3Jkhl7EFIWhhD1ZtQWGEpBVjHZeH3w.NnDIbUkIHi1suUKk..jUGOQ2vKzL_nrjbaK6qwnDBTtU26Ut9HiyUsblnEs_0aO0aJ50f13bu2EBic5e0e50Lu8jVUlMSfwPgfqKePV9xbHmE6GPn_E59VxnzJpMVoxohjqezkG50ydvqXg_lJ84BLk8R0dR_LtUZxJdbzNo-B8YRloiKPOee7zyZ6tU9h-_so37XgLBy6uDDeGxGlK6TnG8q9oqLB7zLF03Seyv8XBl-Bved7V8sor_sr4efoyW_oKneqqBSqnaQ0OApMnFTQ7yudwfI19R9CvYI62bfluDSknai0Lwm3cGDOSningMxKpPVja_Ieyb5cJNHsnR5u5bCYjBl5l7wL7ttXBBURaFDO6i67KxHq-K02AAxyAWkJM9DWt_IXsx4vxvYCgUQQxmMvZRAzxdrT1UOvpyJoh64LcuKuj4LGY_b6xaSV72CpeNQWXaSJDSNtQKsoO3-S4QAcqHTUXb9-_HKIi8sZJgqxeyHYs2oJRD0WItq0BUVoHvaQmR2gRm-rhXuujOWJW_xk9Wp8lpbJR8tANdcai7O84WR9noA0-z3BdYdLOftK-YAR1Fa8OEE1-VSAI7TfRjMdAMw01pGJZmwn4VhbcE60QS0uESnNPRq9abpVqVlEA6WdFtAgv6oUJ34YpSQ5hXEXbTSz0XL948q58QZ0oadVeR-1JOm3fjCgvJgvvcdmDs1kZy2iPPmMhsmwiTQCBXlgwbj7xUxuA9EtcVcIylL3X1BmRqDJG8kyJLBFvRtBwe6OC0uApr_74evzbnihMFk1bBEeL0H8yJWvWpl20SHF6gjlEHb7OqF1fMGj3oqxRjYrRcNj2EV-Acq8WVbRuizYSxREnBt5_sWoiUHtbSpgNeMEv3Go9fzVsa93KKF6llT2KBo6V8Vx4XxjmGG6U5oUS_SX1S3bnHPqepv9izstL2Stlz8_UwxqVER1aotgywX1ez70YGA37Ikr6gO9LPKCYVQtcRG7P597mka0STnYFf6arOF0DUC_hyWYLjwoiTj9QVg9JPqMuxSo8JFTpkGeNQf6slLiYc9WDd4J-QfFmSZBBguWmxq3ch_sg9YfPlBXir5oCVu3GDTZX2oH1h5gGwWHCgqM8qv2fsQoLwAZR9EhThb6zi1u12WxyLlwApw5O32GiJpOj1bWr-_69Lo4Mpc66EYdmoKDXl4qmp6b0yhCUVS9e1Miu0vsXFq2NJwP4HUUnN_FojhS1F5EYOSW8ue1K3ESyqVrKKoF5sVqGJZESiveiR5ypVpmAOSfmZltJ-GVO5cOcGKvtYG4PQz_wN7T_I0g9XWP9hBW5G0BZTR-rvT8mwobLT2ijFA_5TMkRualT2NzAttEbx7ThGwEJoU3-2k3_hqykZtfQv7KxwwYdezVsxV-ukbMfzrOsOU517tIZ9wNdf1BV4c1sINlWfllAi9Sm54KqoLyqTtzvtM54InuknS4H-mEMMK3J7geH3GKpuAz-RUiim6OKihuOJvKSsyLxRL32u-HnszlczfShAOfWA_1nfWzRYzVxtqfv3PXPQguF8A4-VhE_YSPQc6Bnwh_LzliqA-8Vk5WZiAwDN_WybhPmZg5UnwVh5x7tnBPq82HSuCU4uefjaLBfjYnfRul2UY86HlHlpXVgyZEAvhRFPQwklqcfmlf3lCFz-g6P9wKYj0uncG3T9NUs28Oksy-o9MdC3aekP-0LszrxQbfwps0nq45dVsnURJCGyT7vwCObUTPDGFCMg.B4xpiaoieUnluhz5U4ivTg", - ".eyJraWQiOiI5ZWJmOWVkYi0zYTI0LTQ4YjQtYjJjYi0yMWYwY2Y3NDdlYTciLCJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.D4Od2xiHoO5SYtoUXt_I_oZvxFfCA29dxbyz21Uw6sP-uQpoPxu-jQ7NUJtmzZIf4VIWHN5YOrV0-UqKkP-Woipug26blBPkIV4YzoNFJD3sMW3Bbc91M_Rwd03QID6eGv0REkCo1KbbLnw_u56PGBtPVHJNIMwNTKdU-FJwxEkahZGU3FS8RLw8-0BeFvLbjg3yTCUVuZex2mZ3QL_sXrCYADSMpYDWC41nxEWt26Z_cxGhGmRU_5fjsE_AWHrIWS1-qdZcAlYrv-wMg0pRqsElGVVcFSkfXBfyGFURcAqB-a2ge2IxxQ-G3Jkhl7EFIWhhD1ZtQWGEpBVjHZeH3w.NnDIbUkIHi1suUKk.jUGOQ2vKzL_nrjbaK6qwnDBTtU26Ut9HiyUsblnEs_0aO0aJ50f13bu2EBic5e0e50Lu8jVUlMSfwPgfqKePV9xbHmE6GPn_E59VxnzJpMVoxohjqezkG50ydvqXg_lJ84BLk8R0dR_LtUZxJdbzNo-B8YRloiKPOee7zyZ6tU9h-_so37XgLBy6uDDeGxGlK6TnG8q9oqLB7zLF03Seyv8XBl-Bved7V8sor_sr4efoyW_oKneqqBSqnaQ0OApMnFTQ7yudwfI19R9CvYI62bfluDSknai0Lwm3cGDOSningMxKpPVja_Ieyb5cJNHsnR5u5bCYjBl5l7wL7ttXBBURaFDO6i67KxHq-K02AAxyAWkJM9DWt_IXsx4vxvYCgUQQxmMvZRAzxdrT1UOvpyJoh64LcuKuj4LGY_b6xaSV72CpeNQWXaSJDSNtQKsoO3-S4QAcqHTUXb9-_HKIi8sZJgqxeyHYs2oJRD0WItq0BUVoHvaQmR2gRm-rhXuujOWJW_xk9Wp8lpbJR8tANdcai7O84WR9noA0-z3BdYdLOftK-YAR1Fa8OEE1-VSAI7TfRjMdAMw01pGJZmwn4VhbcE60QS0uESnNPRq9abpVqVlEA6WdFtAgv6oUJ34YpSQ5hXEXbTSz0XL948q58QZ0oadVeR-1JOm3fjCgvJgvvcdmDs1kZy2iPPmMhsmwiTQCBXlgwbj7xUxuA9EtcVcIylL3X1BmRqDJG8kyJLBFvRtBwe6OC0uApr_74evzbnihMFk1bBEeL0H8yJWvWpl20SHF6gjlEHb7OqF1fMGj3oqxRjYrRcNj2EV-Acq8WVbRuizYSxREnBt5_sWoiUHtbSpgNeMEv3Go9fzVsa93KKF6llT2KBo6V8Vx4XxjmGG6U5oUS_SX1S3bnHPqepv9izstL2Stlz8_UwxqVER1aotgywX1ez70YGA37Ikr6gO9LPKCYVQtcRG7P597mka0STnYFf6arOF0DUC_hyWYLjwoiTj9QVg9JPqMuxSo8JFTpkGeNQf6slLiYc9WDd4J-QfFmSZBBguWmxq3ch_sg9YfPlBXir5oCVu3GDTZX2oH1h5gGwWHCgqM8qv2fsQoLwAZR9EhThb6zi1u12WxyLlwApw5O32GiJpOj1bWr-_69Lo4Mpc66EYdmoKDXl4qmp6b0yhCUVS9e1Miu0vsXFq2NJwP4HUUnN_FojhS1F5EYOSW8ue1K3ESyqVrKKoF5sVqGJZESiveiR5ypVpmAOSfmZltJ-GVO5cOcGKvtYG4PQz_wN7T_I0g9XWP9hBW5G0BZTR-rvT8mwobLT2ijFA_5TMkRualT2NzAttEbx7ThGwEJoU3-2k3_hqykZtfQv7KxwwYdezVsxV-ukbMfzrOsOU517tIZ9wNdf1BV4c1sINlWfllAi9Sm54KqoLyqTtzvtM54InuknS4H-mEMMK3J7geH3GKpuAz-RUiim6OKihuOJvKSsyLxRL32u-HnszlczfShAOfWA_1nfWzRYzVxtqfv3PXPQguF8A4-VhE_YSPQc6Bnwh_LzliqA-8Vk5WZiAwDN_WybhPmZg5UnwVh5x7tnBPq82HSuCU4uefjaLBfjYnfRul2UY86HlHlpXVgyZEAvhRFPQwklqcfmlf3lCFz-g6P9wKYj0uncG3T9NUs28Oksy-o9MdC3aekP-0LszrxQbfwps0nq45dVsnURJCGyT7vwCObUTPDGFCMg.B4xpiaoieUnluhz5U4ivTg", - "AAAA.BBBB.CCCC.DDDD", - "AAAA.BBBB.CCCC", - "AAAA.BBBB", - "AAAA", - "", - "....", - "this test is dedicated to swhitsel", - NULL - }; + static const char *JWE_BAD[] + = { "eyJraWQiOiI5ZWJmOWVkYi0zYTI0LTQ4YjQtYjJjYi0yMWYwY2Y3NDdlYTciLCJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ." + "D4Od2xiHoO5SYtoUXt_I_oZvxFfCA29dxbyz21Uw6sP-uQpoPxu-jQ7NUJtmzZIf4VIWHN5YOrV0-UqKkP-Woipug26blBPkIV4YzoNFJD3sMW3Bbc91M_" + "Rwd03QID6eGv0REkCo1KbbLnw_u56PGBtPVHJNIMwNTKdU-FJwxEkahZGU3FS8RLw8-0BeFvLbjg3yTCUVuZex2mZ3QL_sXrCYADSMpYDWC41nxEWt26Z_" + "cxGhGmRU_5fjsE_AWHrIWS1-qdZcAlYrv-wMg0pRqsElGVVcFSkfXBfyGFURcAqB-a2ge2IxxQ-G3Jkhl7EFIWhhD1ZtQWGEpBVjHZeH3w." + "NnDIbUkIHi1suUKk.jUGOQ2vKzL_nrjbaK6qwnDBTtU26Ut9HiyUsblnEs_0aO0aJ50f13bu2EBic5e0e50Lu8jVUlMSfwPgfqKePV9xbHmE6GPn_" + "E59VxnzJpMVoxohjqezkG50ydvqXg_lJ84BLk8R0dR_LtUZxJdbzNo-B8YRloiKPOee7zyZ6tU9h-_" + "so37XgLBy6uDDeGxGlK6TnG8q9oqLB7zLF03Seyv8XBl-Bved7V8sor_sr4efoyW_" + "oKneqqBSqnaQ0OApMnFTQ7yudwfI19R9CvYI62bfluDSknai0Lwm3cGDOSningMxKpPVja_Ieyb5cJNHsnR5u5bCYjBl5l7wL7ttXBBURaFDO6i67KxHq-" + "K02AAxyAWkJM9DWt_IXsx4vxvYCgUQQxmMvZRAzxdrT1UOvpyJoh64LcuKuj4LGY_b6xaSV72CpeNQWXaSJDSNtQKsoO3-S4QAcqHTUXb9-_" + "HKIi8sZJgqxeyHYs2oJRD0WItq0BUVoHvaQmR2gRm-rhXuujOWJW_xk9Wp8lpbJR8tANdcai7O84WR9noA0-z3BdYdLOftK-YAR1Fa8OEE1-" + "VSAI7TfRjMdAMw01pGJZmwn4VhbcE60QS0uESnNPRq9abpVqVlEA6WdFtAgv6oUJ34YpSQ5hXEXbTSz0XL948q58QZ0oadVeR-" + "1JOm3fjCgvJgvvcdmDs1kZy2iPPmMhsmwiTQCBXlgwbj7xUxuA9EtcVcIylL3X1BmRqDJG8kyJLBFvRtBwe6OC0uApr_" + "74evzbnihMFk1bBEeL0H8yJWvWpl20SHF6gjlEHb7OqF1fMGj3oqxRjYrRcNj2EV-Acq8WVbRuizYSxREnBt5_" + "sWoiUHtbSpgNeMEv3Go9fzVsa93KKF6llT2KBo6V8Vx4XxjmGG6U5oUS_SX1S3bnHPqepv9izstL2Stlz8_" + "UwxqVER1aotgywX1ez70YGA37Ikr6gO9LPKCYVQtcRG7P597mka0STnYFf6arOF0DUC_hyWYLjwoiTj9QVg9JPqMuxSo8JFTpkGeNQf6slLiYc9WDd4J-" + "QfFmSZBBguWmxq3ch_sg9YfPlBXir5oCVu3GDTZX2oH1h5gGwWHCgqM8qv2fsQoLwAZR9EhThb6zi1u12WxyLlwApw5O32GiJpOj1bWr-_" + "69Lo4Mpc66EYdmoKDXl4qmp6b0yhCUVS9e1Miu0vsXFq2NJwP4HUUnN_FojhS1F5EYOSW8ue1K3ESyqVrKKoF5sVqGJZESiveiR5ypVpmAOSfmZltJ-" + "GVO5cOcGKvtYG4PQz_wN7T_I0g9XWP9hBW5G0BZTR-rvT8mwobLT2ijFA_5TMkRualT2NzAttEbx7ThGwEJoU3-2k3_hqykZtfQv7KxwwYdezVsxV-" + "ukbMfzrOsOU517tIZ9wNdf1BV4c1sINlWfllAi9Sm54KqoLyqTtzvtM54InuknS4H-mEMMK3J7geH3GKpuAz-RUiim6OKihuOJvKSsyLxRL32u-" + "HnszlczfShAOfWA_1nfWzRYzVxtqfv3PXPQguF8A4-VhE_YSPQc6Bnwh_LzliqA-8Vk5WZiAwDN_" + "WybhPmZg5UnwVh5x7tnBPq82HSuCU4uefjaLBfjYnfRul2UY86HlHlpXVgyZEAvhRFPQwklqcfmlf3lCFz-g6P9wKYj0uncG3T9NUs28Oksy-" + "o9MdC3aekP-0LszrxQbfwps0nq45dVsnURJCGyT7vwCObUTPDGFCMg.B4xpiaoieUnluhz5U4ivTg.x", + "eyJraWQiOiI5ZWJmOWVkYi0zYTI0LTQ4YjQtYjJjYi0yMWYwY2Y3NDdlYTciLCJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ." + "D4Od2xiHoO5SYtoUXt_I_oZvxFfCA29dxbyz21Uw6sP-uQpoPxu-jQ7NUJtmzZIf4VIWHN5YOrV0-UqKkP-Woipug26blBPkIV4YzoNFJD3sMW3Bbc91M_" + "Rwd03QID6eGv0REkCo1KbbLnw_u56PGBtPVHJNIMwNTKdU-FJwxEkahZGU3FS8RLw8-0BeFvLbjg3yTCUVuZex2mZ3QL_sXrCYADSMpYDWC41nxEWt26Z_" + "cxGhGmRU_5fjsE_AWHrIWS1-qdZcAlYrv-wMg0pRqsElGVVcFSkfXBfyGFURcAqB-a2ge2IxxQ-G3Jkhl7EFIWhhD1ZtQWGEpBVjHZeH3w." + "NnDIbUkIHi1suUKk.jUGOQ2vKzL_nrjbaK6qwnDBTtU26Ut9HiyUsblnEs_0aO0aJ50f13bu2EBic5e0e50Lu8jVUlMSfwPgfqKePV9xbHmE6GPn_" + "E59VxnzJpMVoxohjqezkG50ydvqXg_lJ84BLk8R0dR_LtUZxJdbzNo-B8YRloiKPOee7zyZ6tU9h-_" + "so37XgLBy6uDDeGxGlK6TnG8q9oqLB7zLF03Seyv8XBl-Bved7V8sor_sr4efoyW_" + "oKneqqBSqnaQ0OApMnFTQ7yudwfI19R9CvYI62bfluDSknai0Lwm3cGDOSningMxKpPVja_Ieyb5cJNHsnR5u5bCYjBl5l7wL7ttXBBURaFDO6i67KxHq-" + "K02AAxyAWkJM9DWt_IXsx4vxvYCgUQQxmMvZRAzxdrT1UOvpyJoh64LcuKuj4LGY_b6xaSV72CpeNQWXaSJDSNtQKsoO3-S4QAcqHTUXb9-_" + "HKIi8sZJgqxeyHYs2oJRD0WItq0BUVoHvaQmR2gRm-rhXuujOWJW_xk9Wp8lpbJR8tANdcai7O84WR9noA0-z3BdYdLOftK-YAR1Fa8OEE1-" + "VSAI7TfRjMdAMw01pGJZmwn4VhbcE60QS0uESnNPRq9abpVqVlEA6WdFtAgv6oUJ34YpSQ5hXEXbTSz0XL948q58QZ0oadVeR-" + "1JOm3fjCgvJgvvcdmDs1kZy2iPPmMhsmwiTQCBXlgwbj7xUxuA9EtcVcIylL3X1BmRqDJG8kyJLBFvRtBwe6OC0uApr_" + "74evzbnihMFk1bBEeL0H8yJWvWpl20SHF6gjlEHb7OqF1fMGj3oqxRjYrRcNj2EV-Acq8WVbRuizYSxREnBt5_" + "sWoiUHtbSpgNeMEv3Go9fzVsa93KKF6llT2KBo6V8Vx4XxjmGG6U5oUS_SX1S3bnHPqepv9izstL2Stlz8_" + "UwxqVER1aotgywX1ez70YGA37Ikr6gO9LPKCYVQtcRG7P597mka0STnYFf6arOF0DUC_hyWYLjwoiTj9QVg9JPqMuxSo8JFTpkGeNQf6slLiYc9WDd4J-" + "QfFmSZBBguWmxq3ch_sg9YfPlBXir5oCVu3GDTZX2oH1h5gGwWHCgqM8qv2fsQoLwAZR9EhThb6zi1u12WxyLlwApw5O32GiJpOj1bWr-_" + "69Lo4Mpc66EYdmoKDXl4qmp6b0yhCUVS9e1Miu0vsXFq2NJwP4HUUnN_FojhS1F5EYOSW8ue1K3ESyqVrKKoF5sVqGJZESiveiR5ypVpmAOSfmZltJ-" + "GVO5cOcGKvtYG4PQz_wN7T_I0g9XWP9hBW5G0BZTR-rvT8mwobLT2ijFA_5TMkRualT2NzAttEbx7ThGwEJoU3-2k3_hqykZtfQv7KxwwYdezVsxV-" + "ukbMfzrOsOU517tIZ9wNdf1BV4c1sINlWfllAi9Sm54KqoLyqTtzvtM54InuknS4H-mEMMK3J7geH3GKpuAz-RUiim6OKihuOJvKSsyLxRL32u-" + "HnszlczfShAOfWA_1nfWzRYzVxtqfv3PXPQguF8A4-VhE_YSPQc6Bnwh_LzliqA-8Vk5WZiAwDN_" + "WybhPmZg5UnwVh5x7tnBPq82HSuCU4uefjaLBfjYnfRul2UY86HlHlpXVgyZEAvhRFPQwklqcfmlf3lCFz-g6P9wKYj0uncG3T9NUs28Oksy-" + "o9MdC3aekP-0LszrxQbfwps0nq45dVsnURJCGyT7vwCObUTPDGFCMg.B4xpiaoieUnluhz5U4ivTg.", + "eyJraWQiOiI5ZWJmOWVkYi0zYTI0LTQ4YjQtYjJjYi0yMWYwY2Y3NDdlYTciLCJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ." + "D4Od2xiHoO5SYtoUXt_I_oZvxFfCA29dxbyz21Uw6sP-uQpoPxu-jQ7NUJtmzZIf4VIWHN5YOrV0-UqKkP-Woipug26blBPkIV4YzoNFJD3sMW3Bbc91M_" + "Rwd03QID6eGv0REkCo1KbbLnw_u56PGBtPVHJNIMwNTKdU-FJwxEkahZGU3FS8RLw8-0BeFvLbjg3yTCUVuZex2mZ3QL_sXrCYADSMpYDWC41nxEWt26Z_" + "cxGhGmRU_5fjsE_AWHrIWS1-qdZcAlYrv-wMg0pRqsElGVVcFSkfXBfyGFURcAqB-a2ge2IxxQ-G3Jkhl7EFIWhhD1ZtQWGEpBVjHZeH3w." + "NnDIbUkIHi1suUKk..jUGOQ2vKzL_nrjbaK6qwnDBTtU26Ut9HiyUsblnEs_0aO0aJ50f13bu2EBic5e0e50Lu8jVUlMSfwPgfqKePV9xbHmE6GPn_" + "E59VxnzJpMVoxohjqezkG50ydvqXg_lJ84BLk8R0dR_LtUZxJdbzNo-B8YRloiKPOee7zyZ6tU9h-_" + "so37XgLBy6uDDeGxGlK6TnG8q9oqLB7zLF03Seyv8XBl-Bved7V8sor_sr4efoyW_" + "oKneqqBSqnaQ0OApMnFTQ7yudwfI19R9CvYI62bfluDSknai0Lwm3cGDOSningMxKpPVja_Ieyb5cJNHsnR5u5bCYjBl5l7wL7ttXBBURaFDO6i67KxHq-" + "K02AAxyAWkJM9DWt_IXsx4vxvYCgUQQxmMvZRAzxdrT1UOvpyJoh64LcuKuj4LGY_b6xaSV72CpeNQWXaSJDSNtQKsoO3-S4QAcqHTUXb9-_" + "HKIi8sZJgqxeyHYs2oJRD0WItq0BUVoHvaQmR2gRm-rhXuujOWJW_xk9Wp8lpbJR8tANdcai7O84WR9noA0-z3BdYdLOftK-YAR1Fa8OEE1-" + "VSAI7TfRjMdAMw01pGJZmwn4VhbcE60QS0uESnNPRq9abpVqVlEA6WdFtAgv6oUJ34YpSQ5hXEXbTSz0XL948q58QZ0oadVeR-" + "1JOm3fjCgvJgvvcdmDs1kZy2iPPmMhsmwiTQCBXlgwbj7xUxuA9EtcVcIylL3X1BmRqDJG8kyJLBFvRtBwe6OC0uApr_" + "74evzbnihMFk1bBEeL0H8yJWvWpl20SHF6gjlEHb7OqF1fMGj3oqxRjYrRcNj2EV-Acq8WVbRuizYSxREnBt5_" + "sWoiUHtbSpgNeMEv3Go9fzVsa93KKF6llT2KBo6V8Vx4XxjmGG6U5oUS_SX1S3bnHPqepv9izstL2Stlz8_" + "UwxqVER1aotgywX1ez70YGA37Ikr6gO9LPKCYVQtcRG7P597mka0STnYFf6arOF0DUC_hyWYLjwoiTj9QVg9JPqMuxSo8JFTpkGeNQf6slLiYc9WDd4J-" + "QfFmSZBBguWmxq3ch_sg9YfPlBXir5oCVu3GDTZX2oH1h5gGwWHCgqM8qv2fsQoLwAZR9EhThb6zi1u12WxyLlwApw5O32GiJpOj1bWr-_" + "69Lo4Mpc66EYdmoKDXl4qmp6b0yhCUVS9e1Miu0vsXFq2NJwP4HUUnN_FojhS1F5EYOSW8ue1K3ESyqVrKKoF5sVqGJZESiveiR5ypVpmAOSfmZltJ-" + "GVO5cOcGKvtYG4PQz_wN7T_I0g9XWP9hBW5G0BZTR-rvT8mwobLT2ijFA_5TMkRualT2NzAttEbx7ThGwEJoU3-2k3_hqykZtfQv7KxwwYdezVsxV-" + "ukbMfzrOsOU517tIZ9wNdf1BV4c1sINlWfllAi9Sm54KqoLyqTtzvtM54InuknS4H-mEMMK3J7geH3GKpuAz-RUiim6OKihuOJvKSsyLxRL32u-" + "HnszlczfShAOfWA_1nfWzRYzVxtqfv3PXPQguF8A4-VhE_YSPQc6Bnwh_LzliqA-8Vk5WZiAwDN_" + "WybhPmZg5UnwVh5x7tnBPq82HSuCU4uefjaLBfjYnfRul2UY86HlHlpXVgyZEAvhRFPQwklqcfmlf3lCFz-g6P9wKYj0uncG3T9NUs28Oksy-" + "o9MdC3aekP-0LszrxQbfwps0nq45dVsnURJCGyT7vwCObUTPDGFCMg.B4xpiaoieUnluhz5U4ivTg", + ".eyJraWQiOiI5ZWJmOWVkYi0zYTI0LTQ4YjQtYjJjYi0yMWYwY2Y3NDdlYTciLCJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ." + "D4Od2xiHoO5SYtoUXt_I_oZvxFfCA29dxbyz21Uw6sP-uQpoPxu-jQ7NUJtmzZIf4VIWHN5YOrV0-UqKkP-Woipug26blBPkIV4YzoNFJD3sMW3Bbc91M_" + "Rwd03QID6eGv0REkCo1KbbLnw_u56PGBtPVHJNIMwNTKdU-FJwxEkahZGU3FS8RLw8-0BeFvLbjg3yTCUVuZex2mZ3QL_sXrCYADSMpYDWC41nxEWt26Z_" + "cxGhGmRU_5fjsE_AWHrIWS1-qdZcAlYrv-wMg0pRqsElGVVcFSkfXBfyGFURcAqB-a2ge2IxxQ-G3Jkhl7EFIWhhD1ZtQWGEpBVjHZeH3w." + "NnDIbUkIHi1suUKk.jUGOQ2vKzL_nrjbaK6qwnDBTtU26Ut9HiyUsblnEs_0aO0aJ50f13bu2EBic5e0e50Lu8jVUlMSfwPgfqKePV9xbHmE6GPn_" + "E59VxnzJpMVoxohjqezkG50ydvqXg_lJ84BLk8R0dR_LtUZxJdbzNo-B8YRloiKPOee7zyZ6tU9h-_" + "so37XgLBy6uDDeGxGlK6TnG8q9oqLB7zLF03Seyv8XBl-Bved7V8sor_sr4efoyW_" + "oKneqqBSqnaQ0OApMnFTQ7yudwfI19R9CvYI62bfluDSknai0Lwm3cGDOSningMxKpPVja_Ieyb5cJNHsnR5u5bCYjBl5l7wL7ttXBBURaFDO6i67KxHq-" + "K02AAxyAWkJM9DWt_IXsx4vxvYCgUQQxmMvZRAzxdrT1UOvpyJoh64LcuKuj4LGY_b6xaSV72CpeNQWXaSJDSNtQKsoO3-S4QAcqHTUXb9-_" + "HKIi8sZJgqxeyHYs2oJRD0WItq0BUVoHvaQmR2gRm-rhXuujOWJW_xk9Wp8lpbJR8tANdcai7O84WR9noA0-z3BdYdLOftK-YAR1Fa8OEE1-" + "VSAI7TfRjMdAMw01pGJZmwn4VhbcE60QS0uESnNPRq9abpVqVlEA6WdFtAgv6oUJ34YpSQ5hXEXbTSz0XL948q58QZ0oadVeR-" + "1JOm3fjCgvJgvvcdmDs1kZy2iPPmMhsmwiTQCBXlgwbj7xUxuA9EtcVcIylL3X1BmRqDJG8kyJLBFvRtBwe6OC0uApr_" + "74evzbnihMFk1bBEeL0H8yJWvWpl20SHF6gjlEHb7OqF1fMGj3oqxRjYrRcNj2EV-Acq8WVbRuizYSxREnBt5_" + "sWoiUHtbSpgNeMEv3Go9fzVsa93KKF6llT2KBo6V8Vx4XxjmGG6U5oUS_SX1S3bnHPqepv9izstL2Stlz8_" + "UwxqVER1aotgywX1ez70YGA37Ikr6gO9LPKCYVQtcRG7P597mka0STnYFf6arOF0DUC_hyWYLjwoiTj9QVg9JPqMuxSo8JFTpkGeNQf6slLiYc9WDd4J-" + "QfFmSZBBguWmxq3ch_sg9YfPlBXir5oCVu3GDTZX2oH1h5gGwWHCgqM8qv2fsQoLwAZR9EhThb6zi1u12WxyLlwApw5O32GiJpOj1bWr-_" + "69Lo4Mpc66EYdmoKDXl4qmp6b0yhCUVS9e1Miu0vsXFq2NJwP4HUUnN_FojhS1F5EYOSW8ue1K3ESyqVrKKoF5sVqGJZESiveiR5ypVpmAOSfmZltJ-" + "GVO5cOcGKvtYG4PQz_wN7T_I0g9XWP9hBW5G0BZTR-rvT8mwobLT2ijFA_5TMkRualT2NzAttEbx7ThGwEJoU3-2k3_hqykZtfQv7KxwwYdezVsxV-" + "ukbMfzrOsOU517tIZ9wNdf1BV4c1sINlWfllAi9Sm54KqoLyqTtzvtM54InuknS4H-mEMMK3J7geH3GKpuAz-RUiim6OKihuOJvKSsyLxRL32u-" + "HnszlczfShAOfWA_1nfWzRYzVxtqfv3PXPQguF8A4-VhE_YSPQc6Bnwh_LzliqA-8Vk5WZiAwDN_" + "WybhPmZg5UnwVh5x7tnBPq82HSuCU4uefjaLBfjYnfRul2UY86HlHlpXVgyZEAvhRFPQwklqcfmlf3lCFz-g6P9wKYj0uncG3T9NUs28Oksy-" + "o9MdC3aekP-0LszrxQbfwps0nq45dVsnURJCGyT7vwCObUTPDGFCMg.B4xpiaoieUnluhz5U4ivTg", + "AAAA.BBBB.CCCC.DDDD", "AAAA.BBBB.CCCC", "AAAA.BBBB", "AAAA", "", "....", "this test is dedicated to swhitsel", NULL }; for (int i = 0; NULL != JWE_BAD[i]; ++i) { - cjose_jwe_t *jwe = cjose_jwe_import( - JWE_BAD[i], strlen(JWE_BAD[i]), &err); - ck_assert_msg( - NULL == jwe, "cjose_jwe_import of bad JWE succeeded (%d)", i); - ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, - "cjose_jwe_import returned wrong err.code"); + cjose_jwe_t *jwe = cjose_jwe_import(JWE_BAD[i], strlen(JWE_BAD[i]), &err); + ck_assert_msg(NULL == jwe, "cjose_jwe_import of bad JWE succeeded (%d)", i); + ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, "cjose_jwe_import returned wrong err.code"); } } END_TEST - START_TEST(test_cjose_jwe_decrypt_bad_params) { cjose_err err; @@ -519,7 +528,11 @@ START_TEST(test_cjose_jwe_decrypt_bad_params) // missing private part 'd' needed for encryption "{ \"kty\": \"RSA\", " "\"e\": \"AQAB\", " - "\"n\": \"0a5nKJLjaB1xdebYWfhvlhYhgfzkw49HAUIjyvb6fNPKhwlBQMoAS5jM3kI17_OMGrHxL7ZP00OE-24__VWDCAhOQsSvlgCvw2XOOCtSWWLpb03dTrCMFeemqS4S9jrKd3NbUk3UJ2dVb_EIbQEC_BVjZStr_HcCrKsj4AluaQUn09H7TuK0yZFBzZMhJ1J8Yi3nAPkxzdGah0XuWhLObMAvANSVmHzRXwnTDw9Dh_bJ4G1xd1DE7W94uoUlcSDx59aSdzTpQzJh1l3lXc6JRUrXTESYgHpMv0O1n0gbIxX8X1ityBlMiccDjfZIKLnwz6hQObvRtRIpxEdq4SYS-w\", " + "\"n\": " + "\"0a5nKJLjaB1xdebYWfhvlhYhgfzkw49HAUIjyvb6fNPKhwlBQMoAS5jM3kI17_OMGrHxL7ZP00OE-24__" + "VWDCAhOQsSvlgCvw2XOOCtSWWLpb03dTrCMFeemqS4S9jrKd3NbUk3UJ2dVb_EIbQEC_BVjZStr_" + "HcCrKsj4AluaQUn09H7TuK0yZFBzZMhJ1J8Yi3nAPkxzdGah0XuWhLObMAvANSVmHzRXwnTDw9Dh_" + "bJ4G1xd1DE7W94uoUlcSDx59aSdzTpQzJh1l3lXc6JRUrXTESYgHpMv0O1n0gbIxX8X1ityBlMiccDjfZIKLnwz6hQObvRtRIpxEdq4SYS-w\", " "\"kid\": \"9ebf9edb-3a24-48b4-b2cb-21f0cf747ea7\" }", // currently unsupported key type (EC) @@ -534,38 +547,31 @@ START_TEST(test_cjose_jwe_decrypt_bad_params) // import the common key cjose_jwk_t *jwk = cjose_jwk_import(JWK_RSA, strlen(JWK_RSA), &err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // import the jwe created with the common key cjose_jwe_t *jwe = cjose_jwe_import(JWE_RSA, strlen(JWE_RSA), &err); ck_assert_msg(NULL != jwe, "cjose_jwe_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // try to decrypt a NULL jwe - ck_assert_msg(!cjose_jwe_decrypt(NULL, jwk, &len, &err), - "cjose_jwe_decrypt succeeded with NULL jwe"); - ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, - "cjose_jwe_decrypt returned wrong err.code"); + ck_assert_msg(!cjose_jwe_decrypt(NULL, jwk, &len, &err), "cjose_jwe_decrypt succeeded with NULL jwe"); + ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, "cjose_jwe_decrypt returned wrong err.code"); // try to decrypt with a NULL jwk - ck_assert_msg(!cjose_jwe_decrypt(jwe, NULL, &len, &err), - "cjose_jwe_decrypt succeeded with NULL jwk"); - ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, - "cjose_jwe_decrypt returned wrong err.code"); + ck_assert_msg(!cjose_jwe_decrypt(jwe, NULL, &len, &err), "cjose_jwe_decrypt succeeded with NULL jwk"); + ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, "cjose_jwe_decrypt returned wrong err.code"); // try to decrypt with bad/wrong/unsupported keys for (int i = 0; NULL != JWK_BAD[i]; ++i) { - cjose_jwk_t *jwk_bad = cjose_jwk_import( - JWK_BAD[i], strlen(JWK_BAD[i]), &err); + cjose_jwk_t *jwk_bad = cjose_jwk_import(JWK_BAD[i], strlen(JWK_BAD[i]), &err); ck_assert_msg(NULL != jwk_bad, "cjose_jwk_import failed"); - ck_assert_msg(!cjose_jwe_decrypt(jwe, NULL, &len, &err), - "cjose_jwe_decrypt succeeded with bad jwk"); - ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, - "cjose_jwe_decrypt returned wrong err.code"); + ck_assert_msg(!cjose_jwe_decrypt(jwe, NULL, &len, &err), "cjose_jwe_decrypt succeeded with bad jwk"); + ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, "cjose_jwe_decrypt returned wrong err.code"); cjose_jwk_release(jwk_bad); } @@ -575,18 +581,16 @@ START_TEST(test_cjose_jwe_decrypt_bad_params) } END_TEST - START_TEST(test_cjose_jwe_decrypt_aes) { // https://tools.ietf.org/html/rfc7516#appendix-A.3 - // JWE Using AES Key Wrap and AES_128_CBC_HMAC_SHA_256 + // JWE Using AES Key Wrap and AES_128_CBC_HMAC_SHA_256 static const char *JWK_S = "{\"kty\":\"oct\", \"k\":\"GawgguFyGrWKav7AX4VKUg\"}"; - static const char *JWE_S = - "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0." - "6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ." - "AxY8DCtDaGlsbGljb3RoZQ." - "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY." - "U0m_YmjN04DJvceFICbCVQ"; + static const char *JWE_S = "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0." + "6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ." + "AxY8DCtDaGlsbGljb3RoZQ." + "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY." + "U0m_YmjN04DJvceFICbCVQ"; static const char *PLAINTEXT_S = "Live long and prosper."; cjose_err err; @@ -594,143 +598,123 @@ START_TEST(test_cjose_jwe_decrypt_aes) // import the JWK cjose_jwk_t *jwk = cjose_jwk_import(JWK_S, strlen(JWK_S), &err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // import the JWE cjose_jwe_t *jwe = cjose_jwe_import(JWE_S, strlen(JWE_S), &err); ck_assert_msg(NULL != jwe, "cjose_jwe_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // decrypt the imported JWE size_t plain1_len = 0; uint8_t *plain1 = cjose_jwe_decrypt(jwe, jwk, &plain1_len, &err); - ck_assert_msg( - NULL != plain1, - "cjose_jwe_get_plaintext failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(NULL != plain1, "cjose_jwe_get_plaintext failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // confirm plain == PLAINTEXT_S - ck_assert_msg( - plain1_len == strlen(PLAINTEXT_S), - "length of decrypted plaintext does not match length of original, " - "expected: %lu, found: %lu", strlen(PLAINTEXT_S), plain1_len); - ck_assert_msg( - strncmp(PLAINTEXT_S, plain1, plain1_len) == 0, - "decrypted plaintext does not match encrypted plaintext"); + ck_assert_msg(plain1_len == strlen(PLAINTEXT_S), "length of decrypted plaintext does not match length of original, " + "expected: %lu, found: %lu", + strlen(PLAINTEXT_S), plain1_len); + ck_assert_msg(strncmp(PLAINTEXT_S, plain1, plain1_len) == 0, "decrypted plaintext does not match encrypted plaintext"); cjose_get_dealloc()(plain1); cjose_jwe_release(jwe); - static const char *JWE_TAMPERED_AT = - "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0." - "6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ." - "AxY8DCtDaGlsbGljb3RoZQ." - "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY." - "U0m_YmjN04DJvceFICbCVq"; + static const char *JWE_TAMPERED_AT = "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0." + "6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ." + "AxY8DCtDaGlsbGljb3RoZQ." + "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY." + "U0m_YmjN04DJvceFICbCVq"; // import the JWE jwe = cjose_jwe_import(JWE_TAMPERED_AT, strlen(JWE_TAMPERED_AT), &err); ck_assert_msg(NULL != jwe, "cjose_jwe_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // decrypt the imported JWE size_t plain2_len = 0; uint8_t *plain2 = cjose_jwe_decrypt(jwe, jwk, &plain2_len, &err); - ck_assert_msg( - NULL == plain2, - "cjose_jwe_get_plaintext succeeded for tampered authentication tag"); + ck_assert_msg(NULL == plain2, "cjose_jwe_get_plaintext succeeded for tampered authentication tag"); cjose_jwe_release(jwe); - static const char *JWE_TAMPERED_CIPHERTEXT = - "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0." - "6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ." - "AxY8DCtDaGlsbGljb3RoZQ." - "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGy." - "U0m_YmjN04DJvceFICbCVQ"; + static const char *JWE_TAMPERED_CIPHERTEXT = "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0." + "6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ." + "AxY8DCtDaGlsbGljb3RoZQ." + "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGy." + "U0m_YmjN04DJvceFICbCVQ"; // import the JWE jwe = cjose_jwe_import(JWE_TAMPERED_CIPHERTEXT, strlen(JWE_TAMPERED_CIPHERTEXT), &err); ck_assert_msg(NULL != jwe, "cjose_jwe_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // decrypt the imported JWE size_t plain3_len = 0; uint8_t *plain3 = cjose_jwe_decrypt(jwe, jwk, &plain3_len, &err); - ck_assert_msg( - NULL == plain3, - "cjose_jwe_get_plaintext succeeded for tampered ciphertext"); + ck_assert_msg(NULL == plain3, "cjose_jwe_get_plaintext succeeded for tampered ciphertext"); cjose_jwe_release(jwe); - static const char *JWE_TAMPERED_IV = - "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0." - "6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ." - "AxY8DCtDaGlsbGljb3RoZq." - "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY." - "U0m_YmjN04DJvceFICbCVQ"; + static const char *JWE_TAMPERED_IV = "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0." + "6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ." + "AxY8DCtDaGlsbGljb3RoZq." + "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY." + "U0m_YmjN04DJvceFICbCVQ"; // import the JWE jwe = cjose_jwe_import(JWE_TAMPERED_IV, strlen(JWE_TAMPERED_IV), &err); ck_assert_msg(NULL != jwe, "cjose_jwe_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // decrypt the imported JWE size_t plain4_len = 0; uint8_t *plain4 = cjose_jwe_decrypt(jwe, jwk, &plain4_len, &err); - ck_assert_msg( - NULL == plain4, - "cjose_jwe_get_plaintext succeeded for tampered IV"); + ck_assert_msg(NULL == plain4, "cjose_jwe_get_plaintext succeeded for tampered IV"); cjose_jwe_release(jwe); - static const char *JWE_TAMPERED_CEK = - "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0." - "6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOq." - "AxY8DCtDaGlsbGljb3RoZQ." - "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY." - "U0m_YmjN04DJvceFICbCVQ"; + static const char *JWE_TAMPERED_CEK = "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0." + "6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOq." + "AxY8DCtDaGlsbGljb3RoZQ." + "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY." + "U0m_YmjN04DJvceFICbCVQ"; // import the JWE jwe = cjose_jwe_import(JWE_TAMPERED_CEK, strlen(JWE_TAMPERED_CEK), &err); ck_assert_msg(NULL != jwe, "cjose_jwe_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // decrypt the imported JWE size_t plain5_len = 0; uint8_t *plain5 = cjose_jwe_decrypt(jwe, jwk, &plain5_len, &err); - ck_assert_msg( - NULL == plain5, - "cjose_jwe_get_plaintext succeeded for tampered content encryption key"); + ck_assert_msg(NULL == plain5, "cjose_jwe_get_plaintext succeeded for tampered content encryption key"); cjose_jwe_release(jwe); - static const char *JWE_TAMPERED_HDR = - "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiB9." - "6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ." - "AxY8DCtDaGlsbGljb3RoZQ." - "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY." - "U0m_YmjN04DJvceFICbCVQ"; + static const char *JWE_TAMPERED_HDR = "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiB9." + "6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ." + "AxY8DCtDaGlsbGljb3RoZQ." + "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY." + "U0m_YmjN04DJvceFICbCVQ"; // import the JWE jwe = cjose_jwe_import(JWE_TAMPERED_HDR, strlen(JWE_TAMPERED_HDR), &err); ck_assert_msg(NULL != jwe, "cjose_jwe_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // decrypt the imported JWE size_t plain6_len = 0; uint8_t *plain6 = cjose_jwe_decrypt(jwe, jwk, &plain6_len, &err); - ck_assert_msg( - NULL == plain6, - "cjose_jwe_get_plaintext succeeded for tampered header"); + ck_assert_msg(NULL == plain6, "cjose_jwe_get_plaintext succeeded for tampered header"); cjose_jwe_release(jwe); cjose_jwk_release(jwk); @@ -739,7 +723,8 @@ END_TEST START_TEST(test_cjose_jwe_decrypt_rsa) { - struct cjose_jwe_decrypt_rsa { + struct cjose_jwe_decrypt_rsa + { const char *jwe; const char *plaintext; const char *jwk; @@ -747,98 +732,98 @@ START_TEST(test_cjose_jwe_decrypt_rsa) static const struct cjose_jwe_decrypt_rsa JWE_RSA[] = { - // https://tools.ietf.org/html/rfc7516#appendix-A.1 - // JWE using RSAES-OAEP and AES GCM - { "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ." - "OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe" - "ipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDb" - "Sv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaV" - "mqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je8" - "1860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi" - "6UklfCpIMfIjf7iGdXKHzg." - "48V1_ALb6US04U3b." - "5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6ji" - "SdiwkIr3ajwQzaBtQD_A." - "XFBoMYUZodetZdvTiFvSkQ", - - "The true sign of intelligence is not knowledge but imagination.", - - "{\"kty\":\"RSA\"," - "\"n\":\"oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" - "cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" - "psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" - "sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" - "tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" - "YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw\"," - "\"e\":\"AQAB\"," - "\"d\":\"kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" - "WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" - "3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" - "qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" - "t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" - "VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ\"," - "\"p\":\"1r52Xk46c-LsfB5P442p7atdPUrxQSy4mti_tZI3Mgf2EuFVbUoDBvaRQ-" - "SWxkbkmoEzL7JXroSBjSrK3YIQgYdMgyAEPTPjXv_hI2_1eTSPVZfzL0lf" - "fNn03IXqWF5MDFuoUYE0hzb2vhrlN_rKrbfDIwUbTrjjgieRbwC6Cl0\"," - "\"q\":\"wLb35x7hmQWZsWJmB_vle87ihgZ19S8lBEROLIsZG4ayZVe9Hi9gDVCOBm" - "UDdaDYVTSNx_8Fyw1YYa9XGrGnDew00J28cRUoeBB_jKI1oma0Orv1T9aX" - "IWxKwd4gvxFImOWr3QRL9KEBRzk2RatUBnmDZJTIAfwTs0g68UZHvtc\"," - "\"dp\":\"ZK-YwE7diUh0qR1tR7w8WHtolDx3MZ_OTowiFvgfeQ3SiresXjm9gZ5KL" - "hMXvo-uz-KUJWDxS5pFQ_M0evdo1dKiRTjVw_x4NyqyXPM5nULPkcpU827" - "rnpZzAJKpdhWAgqrXGKAECQH0Xt4taznjnd_zVpAmZZq60WPMBMfKcuE\"," - "\"dq\":\"Dq0gfgJ1DdFGXiLvQEZnuKEN0UUmsJBxkjydc3j4ZYdBiMRAy86x0vHCj" - "ywcMlYYg4yoC4YZa9hNVcsjqA3FeiL19rk8g6Qn29Tt0cj8qqyFpz9vNDB" - "UfCAiJVeESOjJDZPYHdHY8v1b-o-Z2X5tvLx-TCekf7oxyeKDUqKWjis\"," - "\"qi\":\"VIMpMYbPf47dT1w_zDUXfPimsSegnMOA1zTaX7aGk_8urY6R8-ZW1FxU7" - "AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3" - "eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY\" }" }, + // https://tools.ietf.org/html/rfc7516#appendix-A.1 + // JWE using RSAES-OAEP and AES GCM + { "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ." + "OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe" + "ipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDb" + "Sv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaV" + "mqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je8" + "1860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi" + "6UklfCpIMfIjf7iGdXKHzg." + "48V1_ALb6US04U3b." + "5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6ji" + "SdiwkIr3ajwQzaBtQD_A." + "XFBoMYUZodetZdvTiFvSkQ", + + "The true sign of intelligence is not knowledge but imagination.", + + "{\"kty\":\"RSA\"," + "\"n\":\"oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" + "cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" + "psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" + "sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" + "tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" + "YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw\"," + "\"e\":\"AQAB\"," + "\"d\":\"kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" + "WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" + "3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" + "qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" + "t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" + "VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ\"," + "\"p\":\"1r52Xk46c-LsfB5P442p7atdPUrxQSy4mti_tZI3Mgf2EuFVbUoDBvaRQ-" + "SWxkbkmoEzL7JXroSBjSrK3YIQgYdMgyAEPTPjXv_hI2_1eTSPVZfzL0lf" + "fNn03IXqWF5MDFuoUYE0hzb2vhrlN_rKrbfDIwUbTrjjgieRbwC6Cl0\"," + "\"q\":\"wLb35x7hmQWZsWJmB_vle87ihgZ19S8lBEROLIsZG4ayZVe9Hi9gDVCOBm" + "UDdaDYVTSNx_8Fyw1YYa9XGrGnDew00J28cRUoeBB_jKI1oma0Orv1T9aX" + "IWxKwd4gvxFImOWr3QRL9KEBRzk2RatUBnmDZJTIAfwTs0g68UZHvtc\"," + "\"dp\":\"ZK-YwE7diUh0qR1tR7w8WHtolDx3MZ_OTowiFvgfeQ3SiresXjm9gZ5KL" + "hMXvo-uz-KUJWDxS5pFQ_M0evdo1dKiRTjVw_x4NyqyXPM5nULPkcpU827" + "rnpZzAJKpdhWAgqrXGKAECQH0Xt4taznjnd_zVpAmZZq60WPMBMfKcuE\"," + "\"dq\":\"Dq0gfgJ1DdFGXiLvQEZnuKEN0UUmsJBxkjydc3j4ZYdBiMRAy86x0vHCj" + "ywcMlYYg4yoC4YZa9hNVcsjqA3FeiL19rk8g6Qn29Tt0cj8qqyFpz9vNDB" + "UfCAiJVeESOjJDZPYHdHY8v1b-o-Z2X5tvLx-TCekf7oxyeKDUqKWjis\"," + "\"qi\":\"VIMpMYbPf47dT1w_zDUXfPimsSegnMOA1zTaX7aGk_8urY6R8-ZW1FxU7" + "AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3" + "eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY\" }" }, // https://tools.ietf.org/html/rfc7516#appendix-A.2 // JWE using RSAES-PKCS1-v1_5 and AES_128_CBC_HMAC_SHA_256 { "eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0." - "UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm" - "1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7Pc" - "HALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIF" - "NPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8" - "rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv" - "-B3oWh2TbqmScqXMR4gp_A." - "AxY8DCtDaGlsbGljb3RoZQ." - "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY." - "9hH0vgRfYgPnAHOd8stkvw", - - "Live long and prosper.", - - "{\"kty\":\"RSA\"," - "\"n\":\"sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1Wl" - "UzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDpre" - "cbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_" - "7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBI" - "Y2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU" - "7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw\"," - "\"e\":\"AQAB\"," - "\"d\":\"VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq" - "1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-ry" - "nq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_" - "0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj" - "-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-Kyvj" - "T1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ\"," - "\"p\":\"9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68" - "ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEP" - "krdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM\"," - "\"q\":\"uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-y" - "BhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN" - "-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0\"," - "\"dp\":\"w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuv" - "ngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcra" - "Hawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs\"," - "\"dq\":\"o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff" - "7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_" - "odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU\"," - "\"qi\":\"eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlC" - "tUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZ" - "B9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo\" }" }, - - { NULL, NULL, NULL } + "UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm" + "1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7Pc" + "HALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIF" + "NPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8" + "rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv" + "-B3oWh2TbqmScqXMR4gp_A." + "AxY8DCtDaGlsbGljb3RoZQ." + "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY." + "9hH0vgRfYgPnAHOd8stkvw", + + "Live long and prosper.", + + "{\"kty\":\"RSA\"," + "\"n\":\"sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1Wl" + "UzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDpre" + "cbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_" + "7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBI" + "Y2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU" + "7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw\"," + "\"e\":\"AQAB\"," + "\"d\":\"VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq" + "1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-ry" + "nq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_" + "0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj" + "-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-Kyvj" + "T1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ\"," + "\"p\":\"9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68" + "ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEP" + "krdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM\"," + "\"q\":\"uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-y" + "BhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN" + "-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0\"," + "\"dp\":\"w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuv" + "ngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcra" + "Hawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs\"," + "\"dq\":\"o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff" + "7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_" + "odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU\"," + "\"qi\":\"eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlC" + "tUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZ" + "B9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo\" }" }, + + { NULL, NULL, NULL } }; for (int i = 0; NULL != JWE_RSA[i].jwe; ++i) @@ -848,32 +833,29 @@ START_TEST(test_cjose_jwe_decrypt_rsa) // import the JWK cjose_jwk_t *jwk = cjose_jwk_import(JWE_RSA[i].jwk, strlen(JWE_RSA[i].jwk), &err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // import the JWE cjose_jwe_t *jwe = cjose_jwe_import(JWE_RSA[i].jwe, strlen(JWE_RSA[i].jwe), &err); ck_assert_msg(NULL != jwe, "cjose_jwe_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // decrypt the imported JWE size_t plain1_len = 0; uint8_t *plain1 = cjose_jwe_decrypt(jwe, jwk, &plain1_len, &err); - ck_assert_msg( - NULL != plain1, - "cjose_jwe_get_plaintext failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(NULL != plain1, "cjose_jwe_get_plaintext failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // confirm plain == PLAINTEXT_S - ck_assert_msg( - plain1_len == strlen(JWE_RSA[i].plaintext), - "length of decrypted plaintext does not match length of original, " - "expected: %lu, found: %lu", strlen(JWE_RSA[i].plaintext), plain1_len); - ck_assert_msg( - strncmp(JWE_RSA[i].plaintext, plain1, plain1_len) == 0, - "decrypted plaintext does not match encrypted plaintext"); + ck_assert_msg(plain1_len == strlen(JWE_RSA[i].plaintext), + "length of decrypted plaintext does not match length of original, " + "expected: %lu, found: %lu", + strlen(JWE_RSA[i].plaintext), plain1_len); + ck_assert_msg(strncmp(JWE_RSA[i].plaintext, plain1, plain1_len) == 0, + "decrypted plaintext does not match encrypted plaintext"); cjose_get_dealloc()(plain1); cjose_jwe_release(jwe); @@ -882,7 +864,6 @@ START_TEST(test_cjose_jwe_decrypt_rsa) } END_TEST - Suite *cjose_jwe_suite() { Suite *suite = suite_create("jwe"); diff --git a/test/check_jwk.c b/test/check_jwk.c index 59ca304..39098ea 100644 --- a/test/check_jwk.c +++ b/test/check_jwk.c @@ -15,15 +15,14 @@ /** * Convenience function for comparing multiple string attributes of two * json objects. - * + * * \param left_json a json object to be compared. * \param right_json a json object to be compared. * \param null terminated array of attribute names. * \returns true if string values of all named attributes are identical in both * json objects or are both missing from each, false otherwise. */ -static bool _match_string_attrs( - json_t *left_json, json_t *right_json, const char **attrs) +static bool _match_string_attrs(json_t *left_json, json_t *right_json, const char **attrs) { for (int i = 0; NULL != attrs[i]; ++i) { @@ -43,9 +42,8 @@ static bool _match_string_attrs( } // return false if strings don't match (consider NULL==NULL a match) - if ((left_attr_str != right_attr_str) && - (left_attr_str == NULL || right_attr_str == NULL || - strcmp(left_attr_str, right_attr_str) != 0)) + if ((left_attr_str != right_attr_str) + && (left_attr_str == NULL || right_attr_str == NULL || strcmp(left_attr_str, right_attr_str) != 0)) { return false; } @@ -64,19 +62,30 @@ START_TEST(test_cjose_jwk_name_for_kty) } END_TEST -const char * RSA_e = "AQAB"; -const char * RSA_n = "2Rgbvu_cGMpvVl8DE6aGGX7IE2lKn5c9ZtexriFrCLqBbKt2TBOZkoCn_AbcDjUVk23CxsIj9Z1VfsL_0UeVA_AeOLUWw0F5-JhoK6NBeLpYZOz7HYieTOSJjSxYhoCYtVbLKI27e3NEvckxTs-90CdKl71P7YwrdSrY59hR-u2etyNCRGAPcoDH5xYJxrG2p5FH_Dh_MQ0ugDnJY2_b_-w9NS2Y2atIkzXZDjtcSpjImKpL0eIFF69ptiF8vd4q2j-ougipFBGP9U5bSVzeZ7FyGkJ5Qa2DYc0osYi1QFs3YZKzkKfcblx14u-yZYhUkZHlb_jbfulnUHxDdO_r8Q"; -const char * RSA_d = "P9N6tNRIXXGG8lnUyb43xt8ja7GVIv6QKuBXeN6SXWqYCp8OlKdei1gQC2To5bRtt36ZuV3yvI-ZRz-Ffr4Q7at29y0mmBl0BsaoOcwxv5Dp1CJoYfJ8uBao6jyTelfsjcQKzs18xXrKRxIT0Rv6rmwe3iXmjeycCkKiqudKkv8m9RtbvdWH8AFd2ZsCLNblVRrOZ9ZPQQCMVJLf65pF_cBfux-Zz_CJCfq93gFcN3h1tPFLX8UPBMqvqkBZzDx8PGoYgrydz-T8tcqtkDriyEL3mGYe9b2uH_8JnzMMNMFheVPDdNBhyQQVOmQqPj7idv7677eSle4LJZANUYZdwQ"; -const char * RSA_p = "8Yhaq4UMiFptSuUMcLUqOJdZ9Jr0z2KG_ZrPaaHIX8gfbtp5DGjhXEE--SwoX9ukEzR6vCewSFcEl20wnT0uTwrVs-Bf2J1L-5tKKeiiwLQxXtk1cG5-PI-ECkqX0AP2K2Xa0wpIjldBE5SBR0S7whANpKxhVFMtNgKog4xNvxU"; -const char * RSA_q = "5hkENNaWQSJ5qWXVJYh0LAHddr1NXwkKIfKNjK8vCYfOHXDgKxW4UbAIu7wIU9iZcVjTdN2UcaJMe5fBQR9ZEP8bcuY9ZpeUCkv-g9IGw69HUXE7ERBz1es_lZOuJzENwL85Al7jOtVJ2y26g4r30q4jqaL7CcgUZjBKAytjUG0"; -const char * RSA_dp = "pAn1epQsRNcVb05Muqdv-2tfnu824TqLb-YahCVqjxK9tm4O1EzO8fcmK9i_uwrTTm_QA8X4xcjDx4xS_he1Qd2b8kSrE9UQ69s17WygTLyU41QmJSwF9F-MT-kFXjOylxrgGYDccj_0ZLXxb1PRKSX5_iNNHxY2mH4JsP4zN1k"; -const char * RSA_dq = "gTTxAL6y9vZl_PKa4w2htoiBlMiuJryLvQ5X3_ULY72nxy54Ipl6vBwue0UWJAcP-u8XJpu6XKj3a7uGoIv61ql5_2Y8elyJm9Kao-kPNVk6oggEVAu6EBiext57v7Qy9dYrLCKeVI4qf_JIts8VZG-2xO4pK4_3rH5XQTpe9W0"; -const char * RSA_qi = "xTJ_ON_6kc9g3ZbunSSt_oqJBguxH2x8HVl2KQXafW-F0_DOv09P1e0fbSdOLhR-V9lLjq8DxOcvCMxkpQr2G8lTaBRVTF_-szu9adi9bgb_-egvc_NAvRkuGE9fUmB2_nAyU-j4VUh1MMSP5qqQhMYvFdAF5y36MpI-pV1SLFQ"; -START_TEST (test_cjose_jwk_create_RSA_spec) +const char *RSA_e = "AQAB"; +const char *RSA_n = "2Rgbvu_cGMpvVl8DE6aGGX7IE2lKn5c9ZtexriFrCLqBbKt2TBOZkoCn_AbcDjUVk23CxsIj9Z1VfsL_0UeVA_AeOLUWw0F5-" + "JhoK6NBeLpYZOz7HYieTOSJjSxYhoCYtVbLKI27e3NEvckxTs-90CdKl71P7YwrdSrY59hR-u2etyNCRGAPcoDH5xYJxrG2p5FH_Dh_" + "MQ0ugDnJY2_b_-w9NS2Y2atIkzXZDjtcSpjImKpL0eIFF69ptiF8vd4q2j-" + "ougipFBGP9U5bSVzeZ7FyGkJ5Qa2DYc0osYi1QFs3YZKzkKfcblx14u-yZYhUkZHlb_jbfulnUHxDdO_r8Q"; +const char *RSA_d = "P9N6tNRIXXGG8lnUyb43xt8ja7GVIv6QKuBXeN6SXWqYCp8OlKdei1gQC2To5bRtt36ZuV3yvI-ZRz-" + "Ffr4Q7at29y0mmBl0BsaoOcwxv5Dp1CJoYfJ8uBao6jyTelfsjcQKzs18xXrKRxIT0Rv6rmwe3iXmjeycCkKiqudKkv8m9RtbvdWH8AFd2ZsCL" + "NblVRrOZ9ZPQQCMVJLf65pF_cBfux-Zz_CJCfq93gFcN3h1tPFLX8UPBMqvqkBZzDx8PGoYgrydz-T8tcqtkDriyEL3mGYe9b2uH_" + "8JnzMMNMFheVPDdNBhyQQVOmQqPj7idv7677eSle4LJZANUYZdwQ"; +const char *RSA_p = "8Yhaq4UMiFptSuUMcLUqOJdZ9Jr0z2KG_ZrPaaHIX8gfbtp5DGjhXEE--SwoX9ukEzR6vCewSFcEl20wnT0uTwrVs-Bf2J1L-" + "5tKKeiiwLQxXtk1cG5-PI-ECkqX0AP2K2Xa0wpIjldBE5SBR0S7whANpKxhVFMtNgKog4xNvxU"; +const char *RSA_q = "5hkENNaWQSJ5qWXVJYh0LAHddr1NXwkKIfKNjK8vCYfOHXDgKxW4UbAIu7wIU9iZcVjTdN2UcaJMe5fBQR9ZEP8bcuY9ZpeUCkv-" + "g9IGw69HUXE7ERBz1es_lZOuJzENwL85Al7jOtVJ2y26g4r30q4jqaL7CcgUZjBKAytjUG0"; +const char *RSA_dp = "pAn1epQsRNcVb05Muqdv-2tfnu824TqLb-YahCVqjxK9tm4O1EzO8fcmK9i_uwrTTm_QA8X4xcjDx4xS_" + "he1Qd2b8kSrE9UQ69s17WygTLyU41QmJSwF9F-MT-kFXjOylxrgGYDccj_0ZLXxb1PRKSX5_iNNHxY2mH4JsP4zN1k"; +const char *RSA_dq = "gTTxAL6y9vZl_PKa4w2htoiBlMiuJryLvQ5X3_ULY72nxy54Ipl6vBwue0UWJAcP-u8XJpu6XKj3a7uGoIv61ql5_2Y8elyJm9Kao-" + "kPNVk6oggEVAu6EBiext57v7Qy9dYrLCKeVI4qf_JIts8VZG-2xO4pK4_3rH5XQTpe9W0"; +const char *RSA_qi = "xTJ_ON_6kc9g3ZbunSSt_oqJBguxH2x8HVl2KQXafW-F0_DOv09P1e0fbSdOLhR-V9lLjq8DxOcvCMxkpQr2G8lTaBRVTF_-szu9adi9bgb_-" + "egvc_NAvRkuGE9fUmB2_nAyU-j4VUh1MMSP5qqQhMYvFdAF5y36MpI-pV1SLFQ"; +START_TEST(test_cjose_jwk_create_RSA_spec) { cjose_err err; - cjose_jwk_rsa_keyspec specPub; - cjose_jwk_rsa_keyspec specPriv; + cjose_jwk_rsa_keyspec specPub; + cjose_jwk_rsa_keyspec specPriv; memset(&specPriv, 0, sizeof(cjose_jwk_rsa_keyspec)); cjose_base64url_decode(RSA_e, strlen(RSA_e), &specPriv.e, &specPriv.elen, &err); @@ -152,12 +161,12 @@ START_TEST (test_cjose_jwk_create_RSA_spec) } END_TEST -START_TEST (test_cjose_jwk_create_RSA_random) +START_TEST(test_cjose_jwk_create_RSA_random) { cjose_err err; - cjose_jwk_t *jwk = NULL; - uint8_t *e = NULL; - size_t elen = 0; + cjose_jwk_t *jwk = NULL; + uint8_t *e = NULL; + size_t elen = 0; e = (uint8_t *)"\x01\x00\x01"; elen = 3; @@ -187,14 +196,14 @@ START_TEST (test_cjose_jwk_create_RSA_random) } END_TEST -const char * EC_P256_d = "RSSjcBQW_EBxm1gzYhejCdWtj3Id_GuwldwEgSuKCEM"; -const char * EC_P256_x = "ii8jCnvs4FLc0rteSWxanup22pNDhzizmlGN-bfTcFk"; -const char * EC_P256_y = "KbkZ7r_DQ-t67pnxPnFDHObTLBqn44BSjcqn0STUkaM"; -START_TEST (test_cjose_jwk_create_EC_P256_spec) +const char *EC_P256_d = "RSSjcBQW_EBxm1gzYhejCdWtj3Id_GuwldwEgSuKCEM"; +const char *EC_P256_x = "ii8jCnvs4FLc0rteSWxanup22pNDhzizmlGN-bfTcFk"; +const char *EC_P256_y = "KbkZ7r_DQ-t67pnxPnFDHObTLBqn44BSjcqn0STUkaM"; +START_TEST(test_cjose_jwk_create_EC_P256_spec) { cjose_err err; - cjose_jwk_t *jwk = NULL; - cjose_jwk_ec_keyspec spec; + cjose_jwk_t *jwk = NULL; + cjose_jwk_ec_keyspec spec; memset(&spec, 0, sizeof(cjose_jwk_ec_keyspec)); spec.crv = CJOSE_JWK_EC_P_256; @@ -218,10 +227,10 @@ START_TEST (test_cjose_jwk_create_EC_P256_spec) cjose_jwk_release(jwk); } END_TEST -START_TEST (test_cjose_jwk_create_EC_P256_random) +START_TEST(test_cjose_jwk_create_EC_P256_random) { cjose_err err; - cjose_jwk_t * jwk = NULL; + cjose_jwk_t *jwk = NULL; jwk = cjose_jwk_create_EC_random(CJOSE_JWK_EC_P_256, &err); ck_assert(1 == jwk->retained); @@ -236,14 +245,14 @@ START_TEST (test_cjose_jwk_create_EC_P256_random) } END_TEST -const char * EC_384_d = "vpwFfxYfV7Ftm3fuidQsK-l_tGxqqnUUG6R5QZStJAeZy7qQiHAo7rZumFslws38"; -const char * EC_384_x = "ulIwcMpG6gbi9Bo_CeVFDIu7RT-AFxu5NRiH9Wm39lYQOAcZTlHJM8Tz4Fwbtu-0"; -const char * EC_384_y = "WOZtl6a6x_ukWquJbd_sF18zivwVq26HhJbnmwEKuab7zvZ3sGzOX7LJCHl4zmXa"; -START_TEST (test_cjose_jwk_create_EC_P384_spec) +const char *EC_384_d = "vpwFfxYfV7Ftm3fuidQsK-l_tGxqqnUUG6R5QZStJAeZy7qQiHAo7rZumFslws38"; +const char *EC_384_x = "ulIwcMpG6gbi9Bo_CeVFDIu7RT-AFxu5NRiH9Wm39lYQOAcZTlHJM8Tz4Fwbtu-0"; +const char *EC_384_y = "WOZtl6a6x_ukWquJbd_sF18zivwVq26HhJbnmwEKuab7zvZ3sGzOX7LJCHl4zmXa"; +START_TEST(test_cjose_jwk_create_EC_P384_spec) { cjose_err err; - cjose_jwk_t *jwk = NULL; - cjose_jwk_ec_keyspec spec; + cjose_jwk_t *jwk = NULL; + cjose_jwk_ec_keyspec spec; memset(&spec, 0, sizeof(cjose_jwk_ec_keyspec)); spec.crv = CJOSE_JWK_EC_P_384; @@ -267,10 +276,10 @@ START_TEST (test_cjose_jwk_create_EC_P384_spec) cjose_jwk_release(jwk); } END_TEST -START_TEST (test_cjose_jwk_create_EC_P384_random) +START_TEST(test_cjose_jwk_create_EC_P384_random) { cjose_err err; - cjose_jwk_t * jwk = NULL; + cjose_jwk_t *jwk = NULL; jwk = cjose_jwk_create_EC_random(CJOSE_JWK_EC_P_384, &err); ck_assert(1 == jwk->retained); @@ -285,14 +294,14 @@ START_TEST (test_cjose_jwk_create_EC_P384_random) } END_TEST -const char * EC_521_d = "E-0dXEk-bh2Fb08ge8_kNCiSSLiWu7zAR-4SVxH_SfqX2vPimGlF8cU-RFxb64zjW599vsULwvE62MzFWtK63Y4"; -const char * EC_521_x = "C3LEPuVWTeIQ7KGNibjAdUyHYyapCE6GAQ_oEs7P49yA8AWyJhxIVGWuc1punIsi5WjzHRoNhj0TqEBN4LsW0-g"; -const char * EC_521_y = "AeMjLFBhdk-lBiaFc8QKYZYziRIS_8q-3ziwXm5zfREdzVv9GUm-l-APSv4gIq-0-G0oSyFf6j6oh7KTf4aYGTV6"; -START_TEST (test_cjose_jwk_create_EC_P521_spec) +const char *EC_521_d = "E-0dXEk-bh2Fb08ge8_kNCiSSLiWu7zAR-4SVxH_SfqX2vPimGlF8cU-RFxb64zjW599vsULwvE62MzFWtK63Y4"; +const char *EC_521_x = "C3LEPuVWTeIQ7KGNibjAdUyHYyapCE6GAQ_oEs7P49yA8AWyJhxIVGWuc1punIsi5WjzHRoNhj0TqEBN4LsW0-g"; +const char *EC_521_y = "AeMjLFBhdk-lBiaFc8QKYZYziRIS_8q-3ziwXm5zfREdzVv9GUm-l-APSv4gIq-0-G0oSyFf6j6oh7KTf4aYGTV6"; +START_TEST(test_cjose_jwk_create_EC_P521_spec) { cjose_err err; - cjose_jwk_t *jwk = NULL; - cjose_jwk_ec_keyspec spec; + cjose_jwk_t *jwk = NULL; + cjose_jwk_ec_keyspec spec; memset(&spec, 0, sizeof(cjose_jwk_ec_keyspec)); spec.crv = CJOSE_JWK_EC_P_521; @@ -316,10 +325,10 @@ START_TEST (test_cjose_jwk_create_EC_P521_spec) cjose_jwk_release(jwk); } END_TEST -START_TEST (test_cjose_jwk_create_EC_P521_random) +START_TEST(test_cjose_jwk_create_EC_P521_random) { cjose_err err; - cjose_jwk_t * jwk = NULL; + cjose_jwk_t *jwk = NULL; jwk = cjose_jwk_create_EC_random(CJOSE_JWK_EC_P_521, &err); ck_assert(1 == jwk->retained); @@ -335,12 +344,12 @@ START_TEST (test_cjose_jwk_create_EC_P521_random) END_TEST const uint8_t *OCT_KEY = "pKE-eSbyFqPdtA5WzazKFg"; -START_TEST (test_cjose_jwk_create_oct_spec) +START_TEST(test_cjose_jwk_create_oct_spec) { cjose_err err; - cjose_jwk_t * jwk = NULL; - uint8_t * k = NULL; - size_t klen = 0; + cjose_jwk_t *jwk = NULL; + uint8_t *k = NULL; + size_t klen = 0; cjose_base64url_decode(OCT_KEY, strlen(OCT_KEY), &k, &klen, &err); @@ -358,10 +367,10 @@ START_TEST (test_cjose_jwk_create_oct_spec) cjose_jwk_release(jwk); } END_TEST -START_TEST (test_cjose_jwk_create_oct_random) +START_TEST(test_cjose_jwk_create_oct_random) { cjose_err err; - cjose_jwk_t * jwk = NULL; + cjose_jwk_t *jwk = NULL; jwk = cjose_jwk_create_oct_random(128, &err); ck_assert(1 == jwk->retained); @@ -375,10 +384,10 @@ START_TEST (test_cjose_jwk_create_oct_random) cjose_jwk_release(jwk); } END_TEST -START_TEST (test_cjose_jwk_create_oct_random_inval) +START_TEST(test_cjose_jwk_create_oct_random_inval) { cjose_err err; - cjose_jwk_t * jwk = NULL; + cjose_jwk_t *jwk = NULL; jwk = cjose_jwk_create_oct_random(0, &err); ck_assert(NULL == jwk); @@ -386,14 +395,14 @@ START_TEST (test_cjose_jwk_create_oct_random_inval) } END_TEST -START_TEST (test_cjose_jwk_retain_release) +START_TEST(test_cjose_jwk_retain_release) { cjose_err err; // create some type of key - cjose_jwk_t * jwk = cjose_jwk_create_oct_random(128, &err); + cjose_jwk_t *jwk = cjose_jwk_create_oct_random(128, &err); ck_assert(1 == jwk->retained); - cjose_jwk_t * retained = NULL; + cjose_jwk_t *retained = NULL; retained = cjose_jwk_retain(jwk, &err); ck_assert(jwk == retained); ck_assert(2 == jwk->retained); @@ -425,7 +434,7 @@ END_TEST START_TEST(test_cjose_jwk_get_kty) { cjose_err err; - cjose_jwk_t * jwk = NULL; + cjose_jwk_t *jwk = NULL; jwk = cjose_jwk_create_oct_random(128, &err); ck_assert(CJOSE_JWK_KTY_OCT == cjose_jwk_get_kty(jwk, &err)); cjose_jwk_release(jwk); @@ -439,9 +448,9 @@ END_TEST START_TEST(test_cjose_jwk_to_json_oct) { cjose_err err; - cjose_jwk_t * jwk = NULL; - uint8_t * k = NULL; - size_t klen = 0; + cjose_jwk_t *jwk = NULL; + uint8_t *k = NULL; + size_t klen = 0; cjose_base64url_decode(OCT_KEY, strlen(OCT_KEY), &k, &klen, &err); jwk = cjose_jwk_create_oct_spec(k, klen, &err); @@ -464,8 +473,8 @@ END_TEST START_TEST(test_cjose_jwk_to_json_ec) { cjose_err err; - cjose_jwk_t *jwk = NULL; - cjose_jwk_ec_keyspec spec; + cjose_jwk_t *jwk = NULL; + cjose_jwk_ec_keyspec spec; memset(&spec, 0, sizeof(cjose_jwk_ec_keyspec)); spec.crv = CJOSE_JWK_EC_P_256; @@ -481,37 +490,37 @@ START_TEST(test_cjose_jwk_to_json_ec) char *json; json = cjose_jwk_to_json(jwk, false, &err); ck_assert(NULL != json); - ck_assert_str_eq( - "{\"kty\":\"EC\",\"crv\":\"P-256\"" \ - ",\"x\":\"ii8jCnvs4FLc0rteSWxanup22pNDhzizmlGN-bfTcFk\"" - ",\"y\":\"KbkZ7r_DQ-t67pnxPnFDHObTLBqn44BSjcqn0STUkaM\"}", - json - ); + ck_assert_str_eq("{\"kty\":\"EC\",\"crv\":\"P-256\"" + ",\"x\":\"ii8jCnvs4FLc0rteSWxanup22pNDhzizmlGN-bfTcFk\"" + ",\"y\":\"KbkZ7r_DQ-t67pnxPnFDHObTLBqn44BSjcqn0STUkaM\"}", + json); free(json); json = cjose_jwk_to_json(jwk, true, &err); ck_assert(NULL != json); - ck_assert_str_eq( - "{\"kty\":\"EC\",\"crv\":\"P-256\"" - ",\"x\":\"ii8jCnvs4FLc0rteSWxanup22pNDhzizmlGN-bfTcFk\"" - ",\"y\":\"KbkZ7r_DQ-t67pnxPnFDHObTLBqn44BSjcqn0STUkaM\"" - ",\"d\":\"RSSjcBQW_EBxm1gzYhejCdWtj3Id_GuwldwEgSuKCEM\"}", - json); + ck_assert_str_eq("{\"kty\":\"EC\",\"crv\":\"P-256\"" + ",\"x\":\"ii8jCnvs4FLc0rteSWxanup22pNDhzizmlGN-bfTcFk\"" + ",\"y\":\"KbkZ7r_DQ-t67pnxPnFDHObTLBqn44BSjcqn0STUkaM\"" + ",\"d\":\"RSSjcBQW_EBxm1gzYhejCdWtj3Id_GuwldwEgSuKCEM\"}", + json); free(json); cjose_jwk_release(jwk); } END_TEST -const char *RSA_PUBLIC_JSON = "{\"kty\":\"RSA\"," \ - "\"e\":\"AQAB\"" \ - ",\"n\":\"2Rgbvu_cGMpvVl8DE6aGGX7IE2lKn5c9ZtexriFrCLqBbKt2TBOZkoCn_AbcDjUVk23CxsIj9Z1VfsL_0UeVA_AeOLUWw0F5-JhoK6NBeLpYZOz7HYieTOSJjSxYhoCYtVbLKI27e3NEvckxTs-90CdKl71P7YwrdSrY59hR-u2etyNCRGAPcoDH5xYJxrG2p5FH_Dh_MQ0ugDnJY2_b_-w9NS2Y2atIkzXZDjtcSpjImKpL0eIFF69ptiF8vd4q2j-ougipFBGP9U5bSVzeZ7FyGkJ5Qa2DYc0osYi1QFs3YZKzkKfcblx14u-yZYhUkZHlb_jbfulnUHxDdO_r8Q\"" \ - "}"; +const char *RSA_PUBLIC_JSON = "{\"kty\":\"RSA\"," + "\"e\":\"AQAB\"" + ",\"n\":\"2Rgbvu_cGMpvVl8DE6aGGX7IE2lKn5c9ZtexriFrCLqBbKt2TBOZkoCn_AbcDjUVk23CxsIj9Z1VfsL_0UeVA_" + "AeOLUWw0F5-JhoK6NBeLpYZOz7HYieTOSJjSxYhoCYtVbLKI27e3NEvckxTs-90CdKl71P7YwrdSrY59hR-" + "u2etyNCRGAPcoDH5xYJxrG2p5FH_Dh_MQ0ugDnJY2_b_-w9NS2Y2atIkzXZDjtcSpjImKpL0eIFF69ptiF8vd4q2j-" + "ougipFBGP9U5bSVzeZ7FyGkJ5Qa2DYc0osYi1QFs3YZKzkKfcblx14u-yZYhUkZHlb_jbfulnUHxDdO_r8Q\"" + "}"; START_TEST(test_cjose_jwk_to_json_rsa) { cjose_err err; - cjose_jwk_t *jwk = NULL; - cjose_jwk_rsa_keyspec spec; + cjose_jwk_t *jwk = NULL; + cjose_jwk_rsa_keyspec spec; memset(&spec, 0, sizeof(cjose_jwk_rsa_keyspec)); cjose_base64url_decode(RSA_e, strlen(RSA_e), &spec.e, &spec.elen, &err); @@ -541,18 +550,27 @@ START_TEST(test_cjose_jwk_to_json_rsa) json = cjose_jwk_to_json(jwk, true, &err); ck_assert(NULL != json); - ck_assert_str_eq( - "{\"kty\":\"RSA\",\"e\":\"AQAB\"" \ - ",\"n\":\"2Rgbvu_cGMpvVl8DE6aGGX7IE2lKn5c9ZtexriFrCLqBbKt2TBOZkoCn_AbcDjUVk23CxsIj9Z1VfsL_0UeVA_AeOLUWw0F5-JhoK6NBeLpYZOz7HYieTOSJjSxYhoCYtVbLKI27e3NEvckxTs-90CdKl71P7YwrdSrY59hR-u2etyNCRGAPcoDH5xYJxrG2p5FH_Dh_MQ0ugDnJY2_b_-w9NS2Y2atIkzXZDjtcSpjImKpL0eIFF69ptiF8vd4q2j-ougipFBGP9U5bSVzeZ7FyGkJ5Qa2DYc0osYi1QFs3YZKzkKfcblx14u-yZYhUkZHlb_jbfulnUHxDdO_r8Q\"" \ - ",\"d\":\"P9N6tNRIXXGG8lnUyb43xt8ja7GVIv6QKuBXeN6SXWqYCp8OlKdei1gQC2To5bRtt36ZuV3yvI-ZRz-Ffr4Q7at29y0mmBl0BsaoOcwxv5Dp1CJoYfJ8uBao6jyTelfsjcQKzs18xXrKRxIT0Rv6rmwe3iXmjeycCkKiqudKkv8m9RtbvdWH8AFd2ZsCLNblVRrOZ9ZPQQCMVJLf65pF_cBfux-Zz_CJCfq93gFcN3h1tPFLX8UPBMqvqkBZzDx8PGoYgrydz-T8tcqtkDriyEL3mGYe9b2uH_8JnzMMNMFheVPDdNBhyQQVOmQqPj7idv7677eSle4LJZANUYZdwQ\"" \ - ",\"p\":\"8Yhaq4UMiFptSuUMcLUqOJdZ9Jr0z2KG_ZrPaaHIX8gfbtp5DGjhXEE--SwoX9ukEzR6vCewSFcEl20wnT0uTwrVs-Bf2J1L-5tKKeiiwLQxXtk1cG5-PI-ECkqX0AP2K2Xa0wpIjldBE5SBR0S7whANpKxhVFMtNgKog4xNvxU\"" \ - ",\"q\":\"5hkENNaWQSJ5qWXVJYh0LAHddr1NXwkKIfKNjK8vCYfOHXDgKxW4UbAIu7wIU9iZcVjTdN2UcaJMe5fBQR9ZEP8bcuY9ZpeUCkv-g9IGw69HUXE7ERBz1es_lZOuJzENwL85Al7jOtVJ2y26g4r30q4jqaL7CcgUZjBKAytjUG0\"" \ - ",\"dp\":\"pAn1epQsRNcVb05Muqdv-2tfnu824TqLb-YahCVqjxK9tm4O1EzO8fcmK9i_uwrTTm_QA8X4xcjDx4xS_he1Qd2b8kSrE9UQ69s17WygTLyU41QmJSwF9F-MT-kFXjOylxrgGYDccj_0ZLXxb1PRKSX5_iNNHxY2mH4JsP4zN1k\"" \ - ",\"dq\":\"gTTxAL6y9vZl_PKa4w2htoiBlMiuJryLvQ5X3_ULY72nxy54Ipl6vBwue0UWJAcP-u8XJpu6XKj3a7uGoIv61ql5_2Y8elyJm9Kao-kPNVk6oggEVAu6EBiext57v7Qy9dYrLCKeVI4qf_JIts8VZG-2xO4pK4_3rH5XQTpe9W0\"" \ - ",\"qi\":\"xTJ_ON_6kc9g3ZbunSSt_oqJBguxH2x8HVl2KQXafW-F0_DOv09P1e0fbSdOLhR-V9lLjq8DxOcvCMxkpQr2G8lTaBRVTF_-szu9adi9bgb_-egvc_NAvRkuGE9fUmB2_nAyU-j4VUh1MMSP5qqQhMYvFdAF5y36MpI-pV1SLFQ\"" \ - "}", - json - ); + ck_assert_str_eq("{\"kty\":\"RSA\",\"e\":\"AQAB\"" + ",\"n\":\"2Rgbvu_cGMpvVl8DE6aGGX7IE2lKn5c9ZtexriFrCLqBbKt2TBOZkoCn_AbcDjUVk23CxsIj9Z1VfsL_0UeVA_AeOLUWw0F5-" + "JhoK6NBeLpYZOz7HYieTOSJjSxYhoCYtVbLKI27e3NEvckxTs-90CdKl71P7YwrdSrY59hR-u2etyNCRGAPcoDH5xYJxrG2p5FH_Dh_" + "MQ0ugDnJY2_b_-w9NS2Y2atIkzXZDjtcSpjImKpL0eIFF69ptiF8vd4q2j-" + "ougipFBGP9U5bSVzeZ7FyGkJ5Qa2DYc0osYi1QFs3YZKzkKfcblx14u-yZYhUkZHlb_jbfulnUHxDdO_r8Q\"" + ",\"d\":\"P9N6tNRIXXGG8lnUyb43xt8ja7GVIv6QKuBXeN6SXWqYCp8OlKdei1gQC2To5bRtt36ZuV3yvI-ZRz-" + "Ffr4Q7at29y0mmBl0BsaoOcwxv5Dp1CJoYfJ8uBao6jyTelfsjcQKzs18xXrKRxIT0Rv6rmwe3iXmjeycCkKiqudKkv8m9RtbvdWH8AFd2ZsC" + "LNblVRrOZ9ZPQQCMVJLf65pF_cBfux-Zz_CJCfq93gFcN3h1tPFLX8UPBMqvqkBZzDx8PGoYgrydz-T8tcqtkDriyEL3mGYe9b2uH_" + "8JnzMMNMFheVPDdNBhyQQVOmQqPj7idv7677eSle4LJZANUYZdwQ\"" + ",\"p\":\"8Yhaq4UMiFptSuUMcLUqOJdZ9Jr0z2KG_ZrPaaHIX8gfbtp5DGjhXEE--SwoX9ukEzR6vCewSFcEl20wnT0uTwrVs-Bf2J1L-" + "5tKKeiiwLQxXtk1cG5-PI-ECkqX0AP2K2Xa0wpIjldBE5SBR0S7whANpKxhVFMtNgKog4xNvxU\"" + ",\"q\":\"5hkENNaWQSJ5qWXVJYh0LAHddr1NXwkKIfKNjK8vCYfOHXDgKxW4UbAIu7wIU9iZcVjTdN2UcaJMe5fBQR9ZEP8bcuY9ZpeUCkv-" + "g9IGw69HUXE7ERBz1es_lZOuJzENwL85Al7jOtVJ2y26g4r30q4jqaL7CcgUZjBKAytjUG0\"" + ",\"dp\":\"pAn1epQsRNcVb05Muqdv-2tfnu824TqLb-YahCVqjxK9tm4O1EzO8fcmK9i_uwrTTm_QA8X4xcjDx4xS_" + "he1Qd2b8kSrE9UQ69s17WygTLyU41QmJSwF9F-MT-kFXjOylxrgGYDccj_0ZLXxb1PRKSX5_iNNHxY2mH4JsP4zN1k\"" + ",\"dq\":\"gTTxAL6y9vZl_PKa4w2htoiBlMiuJryLvQ5X3_ULY72nxy54Ipl6vBwue0UWJAcP-u8XJpu6XKj3a7uGoIv61ql5_" + "2Y8elyJm9Kao-kPNVk6oggEVAu6EBiext57v7Qy9dYrLCKeVI4qf_JIts8VZG-2xO4pK4_3rH5XQTpe9W0\"" + ",\"qi\":\"xTJ_ON_6kc9g3ZbunSSt_oqJBguxH2x8HVl2KQXafW-F0_DOv09P1e0fbSdOLhR-V9lLjq8DxOcvCMxkpQr2G8lTaBRVTF_-" + "szu9adi9bgb_-egvc_NAvRkuGE9fUmB2_nAyU-j4VUh1MMSP5qqQhMYvFdAF5y36MpI-pV1SLFQ\"" + "}", + json); free(json); cjose_jwk_release(jwk); @@ -562,8 +580,7 @@ END_TEST START_TEST(test_cjose_jwk_import_valid) { cjose_err err; - static const char *JWK[] = - { + static const char *JWK[] = { // EC P-256 "{ \"kty\": \"EC\", \"crv\": \"P-256\", " "\"x\": \"VoFkf6Wk5kDQ1ob6csBmiMPHU8jALwdtaap35Fsj20M\", " @@ -615,29 +632,73 @@ START_TEST(test_cjose_jwk_import_valid) // RSA 2048 public params only "{ \"kty\": \"RSA\", " "\"e\": \"AQAB\", " - "\"n\": \"zSNO12-ydrm-bheszVm2ZvycKrSV2CN0xqQHPxB4yT8MFlWfopMA2Imt4EkILfPfZPeUYV6lElCjoY_4GBtQOy_e4RvDSMC0pqt5X4e6mjQvLsaAClkBmhhCYd-Vn9XIC3rSeAmBpSJDuwq_RTweXSG0hb_bn5FHf1Bl_ekEBUsm0Xq4p6N5DjC0ImNP74G0qxBVJzu07qsCJzYpifYYoEYkwIY7S4jqyHv55wiuMt89VTl37y8VFR3ll6RPiPFa4Raiminw5wKNJEmrGEukabibspiC0XvWEMXj_zk0YnVTGAGdZeDPwnjYY6JUOJ9KgcYkiQYb9SXetsjSbyheZw\", " + "\"n\": " + "\"zSNO12-ydrm-bheszVm2ZvycKrSV2CN0xqQHPxB4yT8MFlWfopMA2Imt4EkILfPfZPeUYV6lElCjoY_4GBtQOy_" + "e4RvDSMC0pqt5X4e6mjQvLsaAClkBmhhCYd-Vn9XIC3rSeAmBpSJDuwq_RTweXSG0hb_bn5FHf1Bl_" + "ekEBUsm0Xq4p6N5DjC0ImNP74G0qxBVJzu07qsCJzYpifYYoEYkwIY7S4jqyHv55wiuMt89VTl37y8VFR3ll6RPiPFa4Raiminw5wKNJEmrGEukabibspiC0Xv" + "WEMXj_zk0YnVTGAGdZeDPwnjYY6JUOJ9KgcYkiQYb9SXetsjSbyheZw\", " "\"kid\": \"05F24DC3-59F4-4AC5-9849-F2F5EA8A6F3E\" }", // RSA 2048 public and private params with CRT params "{ \"kty\": \"RSA\", " "\"e\": \"AQAB\", " - "\"n\": \"zSNO12-ydrm-bheszVm2ZvycKrSV2CN0xqQHPxB4yT8MFlWfopMA2Imt4EkILfPfZPeUYV6lElCjoY_4GBtQOy_e4RvDSMC0pqt5X4e6mjQvLsaAClkBmhhCYd-Vn9XIC3rSeAmBpSJDuwq_RTweXSG0hb_bn5FHf1Bl_ekEBUsm0Xq4p6N5DjC0ImNP74G0qxBVJzu07qsCJzYpifYYoEYkwIY7S4jqyHv55wiuMt89VTl37y8VFR3ll6RPiPFa4Raiminw5wKNJEmrGEukabibspiC0XvWEMXj_zk0YnVTGAGdZeDPwnjYY6JUOJ9KgcYkiQYb9SXetsjSbyheZw\", " + "\"n\": " + "\"zSNO12-ydrm-bheszVm2ZvycKrSV2CN0xqQHPxB4yT8MFlWfopMA2Imt4EkILfPfZPeUYV6lElCjoY_4GBtQOy_" + "e4RvDSMC0pqt5X4e6mjQvLsaAClkBmhhCYd-Vn9XIC3rSeAmBpSJDuwq_RTweXSG0hb_bn5FHf1Bl_" + "ekEBUsm0Xq4p6N5DjC0ImNP74G0qxBVJzu07qsCJzYpifYYoEYkwIY7S4jqyHv55wiuMt89VTl37y8VFR3ll6RPiPFa4Raiminw5wKNJEmrGEukabibspiC0Xv" + "WEMXj_zk0YnVTGAGdZeDPwnjYY6JUOJ9KgcYkiQYb9SXetsjSbyheZw\", " "\"kid\": \"F7D90C71-6671-4064-A0AA-379AD1862D19\", " - "\"d\": \"bixuZapp0PYFXp98gXWTT1CQlycR61lvmFf0RFyWYo9n8H7gE7KcG7AmIHVY3UVDT7jgikMIqQOCPn1SI7BXsNIPBBujEGnfHDywHSyKfdNVG-wkTGptP9OTo3kvpP5uSCwY6btBU-1JLyWggJC_RgmaKNNYIyUlny0Q-gOx0x0I-6ipWyLQVdKZBkw6erSODM244sPU9qEmyzVW7Nbmo5PKC1U4w-Dt4nBe19TIUHG-ggN_UDRauljbegIIcnEWWeXdJZDdPUHgmIRa2ODN0mfSKl1CB4LJ2eyKlmddGLFiHys44OVwA8LVzrodUixIQP6wQ02AUwlaYU_BWLEVoQ\", " - "\"p\": \"9GRrzfmxrL_WgSKXexO6uc2hWh-lV9bPfBU735uHUFBS2_OOUjtQSYSqm-HK2ND1EIlPZBEEu9ccdshaEVYx79eP5fRnpF8EKEo1W-eeinmn7pQsfR-6kFzkKmdBVhUyfpZvWtNuIwNZLu-HEvF2eIVVauQtJCPnjeYFbDyveqk\", " - "\"q\": \"1uGXUwk052ayLvpYx3-L272X5srOyme3PCS2W1AZBXnXK06jqFp_KqUDpPnL3MNYZlfoYW5HIQBNpGCcZaTwfdLnSZroSbkQk-9w3zfsOiJplDbZb77mG6xbw7m7AqcNQA6szoGlCrxluE74apKg4dUOg5rEx8-LOeK90rz-So8\", " - "\"dp\": \"D36KYy2weQ5UkC1cQz5V-U-zKh6VggMpdml2OVAH_SyKhE1luYrvJSoXEvj2vlZJIzpBYUu-7BXQRSugoja_xb_57I9ZPs-TWOaTiXce0xKxdevJAknPrzVkddfECawgXmw1NSHweqHMtrAS9T1_0FZLuxIqVn88P__UWi9ixLk\", " - "\"dq\": \"J733d-MXBslGoUuqCdO8MTsCkivmTScbi6Mamw7YYdvkAN19hVCffmqgnu2YV89FVUBi-UolG6Rrt8AqjN4RoKPWJRXiamgw-btqO86jASmGL2RpmLJM6sdY_X0nalktKTDNoy_1L2QiyBDK_yL5YGtAUPTZ-j6XeHBIPWa4_V8\", " - "\"qi\": \"DJcZFEvdjynkwHEOrTSXLezReXT8bj73eo7Yoadtbln27nD_8q5yAobHVOO9ZzrwSoDCeepW_fVotgMuqxdGIBXZB_DboRvjWW0QuBZ7Lg2SwwQqi9Ve8w31Z36gvOr1fR-Bd12B5STepC4SYBn1u5uMG5AIgfgzoa-FXEEBgB8\" }", + "\"d\": " + "\"bixuZapp0PYFXp98gXWTT1CQlycR61lvmFf0RFyWYo9n8H7gE7KcG7AmIHVY3UVDT7jgikMIqQOCPn1SI7BXsNIPBBujEGnfHDywHSyKfdNVG-" + "wkTGptP9OTo3kvpP5uSCwY6btBU-1JLyWggJC_RgmaKNNYIyUlny0Q-gOx0x0I-6ipWyLQVdKZBkw6erSODM244sPU9qEmyzVW7Nbmo5PKC1U4w-" + "Dt4nBe19TIUHG-ggN_UDRauljbegIIcnEWWeXdJZDdPUHgmIRa2ODN0mfSKl1CB4LJ2eyKlmddGLFiHys44OVwA8LVzrodUixIQP6wQ02AUwlaYU_" + "BWLEVoQ\", " + "\"p\": " + "\"9GRrzfmxrL_WgSKXexO6uc2hWh-lV9bPfBU735uHUFBS2_OOUjtQSYSqm-HK2ND1EIlPZBEEu9ccdshaEVYx79eP5fRnpF8EKEo1W-eeinmn7pQsfR-" + "6kFzkKmdBVhUyfpZvWtNuIwNZLu-HEvF2eIVVauQtJCPnjeYFbDyveqk\", " + "\"q\": " + "\"1uGXUwk052ayLvpYx3-L272X5srOyme3PCS2W1AZBXnXK06jqFp_KqUDpPnL3MNYZlfoYW5HIQBNpGCcZaTwfdLnSZroSbkQk-" + "9w3zfsOiJplDbZb77mG6xbw7m7AqcNQA6szoGlCrxluE74apKg4dUOg5rEx8-LOeK90rz-So8\", " + "\"dp\": " + "\"D36KYy2weQ5UkC1cQz5V-U-zKh6VggMpdml2OVAH_SyKhE1luYrvJSoXEvj2vlZJIzpBYUu-7BXQRSugoja_xb_57I9ZPs-" + "TWOaTiXce0xKxdevJAknPrzVkddfECawgXmw1NSHweqHMtrAS9T1_0FZLuxIqVn88P__UWi9ixLk\", " + "\"dq\": " + "\"J733d-MXBslGoUuqCdO8MTsCkivmTScbi6Mamw7YYdvkAN19hVCffmqgnu2YV89FVUBi-UolG6Rrt8AqjN4RoKPWJRXiamgw-" + "btqO86jASmGL2RpmLJM6sdY_X0nalktKTDNoy_1L2QiyBDK_yL5YGtAUPTZ-j6XeHBIPWa4_V8\", " + "\"qi\": " + "\"DJcZFEvdjynkwHEOrTSXLezReXT8bj73eo7Yoadtbln27nD_8q5yAobHVOO9ZzrwSoDCeepW_fVotgMuqxdGIBXZB_" + "DboRvjWW0QuBZ7Lg2SwwQqi9Ve8w31Z36gvOr1fR-Bd12B5STepC4SYBn1u5uMG5AIgfgzoa-FXEEBgB8\" }", // RSA 4096 public and private params, without CRT params "{ \"kty\": \"RSA\", " "\"e\": \"AQAB\", " - "\"n\": \"vlbWUA9HUDHB5MDotmXObtE_Y4zKtGNtmPHUy_xkp_fSr0BxNdSOUzvzoAhK3sxTqpzVujKC245RHJ84Hhbl-KDj-n7Ee8EV3nKpnsqiBgHyc3rBpxpIi0J8kYmpiPGXu7k4xnCWCeiu_gfFGzvPdLHzlV7WOfYIHvymtbS7WOyTQLBgDjUKfHdJzH75vogy35h_mEcS-pde-EIi7u4OqD3bNW7iLbf2JVLtSNUYNCMMu23GsOEcBAsdf4QMq5gU-AEFK4Aib8mSPi_tXoohembr-JkzByRAkHbdzoGXssj0EHESt4reDfY8enVo5ACKmzbqlIJ1jmPVV6EKPBPzcQiN9dUA43xei2gmRAswdUKnexVPAPFPfKMpLqr24h1e7jHFBQL23-QqZX-gASbEDiYa9GusSY4kRn80hZRqCq4sgIRVEiu3ofjVdo4YzzESAkmfgFayUThhakqP82_wr9_Uc2vw3ZtlaTC_0LY70ne9yTy3SD3yEOa649nOTBfSh156YGtxvaHHidFojVHpPHBmjGAlak--mONHXHn00l_CVivUcuBqIGcZXRfiO6YwVDH_4ZTVzAkDov1C-4SNJK0XKeIwvGSspaSQrTmH_pT66L7tIhdZLTMVMh2ahnInVZP2G_-motugLq-x962JLQuLLeuh_r_Rk4VHZYhOgoc\", " + "\"n\": " + "\"vlbWUA9HUDHB5MDotmXObtE_Y4zKtGNtmPHUy_xkp_fSr0BxNdSOUzvzoAhK3sxTqpzVujKC245RHJ84Hhbl-KDj-" + "n7Ee8EV3nKpnsqiBgHyc3rBpxpIi0J8kYmpiPGXu7k4xnCWCeiu_gfFGzvPdLHzlV7WOfYIHvymtbS7WOyTQLBgDjUKfHdJzH75vogy35h_mEcS-pde-" + "EIi7u4OqD3bNW7iLbf2JVLtSNUYNCMMu23GsOEcBAsdf4QMq5gU-AEFK4Aib8mSPi_tXoohembr-" + "JkzByRAkHbdzoGXssj0EHESt4reDfY8enVo5ACKmzbqlIJ1jmPVV6EKPBPzcQiN9dUA43xei2gmRAswdUKnexVPAPFPfKMpLqr24h1e7jHFBQL23-QqZX-" + "gASbEDiYa9GusSY4kRn80hZRqCq4sgIRVEiu3ofjVdo4YzzESAkmfgFayUThhakqP82_wr9_Uc2vw3ZtlaTC_" + "0LY70ne9yTy3SD3yEOa649nOTBfSh156YGtxvaHHidFojVHpPHBmjGAlak--mONHXHn00l_CVivUcuBqIGcZXRfiO6YwVDH_4ZTVzAkDov1C-" + "4SNJK0XKeIwvGSspaSQrTmH_pT66L7tIhdZLTMVMh2ahnInVZP2G_-motugLq-x962JLQuLLeuh_r_Rk4VHZYhOgoc\", " "\"kid\": \"2940921e-3646-451c-8510-971552754e74\", " - "\"d\": \"oMyvxXcC4icHDQBEGUOswEYabTmWTgrpnho_kg0p5BUjclbYzYdCreKqEPqwdcTcsfhJP0JI9r8mmy2PtSvXINKbhxXtXDdlCEaKMdIySyz97L06OLelrbB_mFxaU4z2iOsToeGff8OJgqaByF4hBw8HH5u9E75cYgFDvaJv29IRHMdkftwkfb4xJIfo6SQbBnbI5Ja22-lhnA4TgRKwY0XOmTeR8NnHIwUJ3UvZZMJvkTBOeUPT7T6OrxmZsqWKoXILMhLQBOyfldXbjNDZM5UbqSuTxmbD_MfO3xTwWWQXfIRqMZEpw1XRBguGj4g9kJ82Ujxcn-yLYbp08QhR0ijBY13HzFVMZ2jxqckrvp3uYgfJjcCN9QXZ6qlv40s_vJRRgv4wxdDc035eoymqGQby0UnDTmhijRV_-eAJQvdl3bv-R5dH9IzhxoJA8xAqZfVtlehPuGaXDAsa4pIWSg9hZkMdDEjW15g3zTQi3ba8_MfmnKuDe4GXYBjrH69z7epxbhnTmKQ-fZIxboA9sYuJHj6pEGT8D485QmrnmLjvqmQUzcxnpU6E3awksTp_HeBYLLbmrv4DPGNyVri2yPPTTRrNBtbWkuvEGVnMhvL2ed9uqLSnH8zOfgWqstqjxadxKADidYEZzmiYfEjYTDZGd9VDIUdKNGHWGFRB7UE\", " - "\"p\": \"6VtjaNMD_VKTbs7sUQk-qjPTn6mCI8_3loqrOOy32b1G0HfIzCijuV-L7g7RxmMszEEfEILxRpJnOZRehN8etsIEuCdhU6VAdhBsBH5hIA9ZtX8GIs0sPrhc4kzPiwJ6JcLytUc6HCTICf2FIU7SI8I17-p53d35VItYiC1sGLZ2yN61VoKYNTncUSwboP2zXmGv4FPB5wQogryA_bEn-1U12FFSRd75Ku9GAEVxbTk3OaQqYgqfo9LnAWvunTDu31D4uyC6rze77NCo8UguqCpFjvF0ihOryQI6C3d0e8kxcM1vJbMvZNfrDN65btzqWi4m-CnqGYkl6BXQtS5UVw\", " - "\"q\": \"0M7h_gtxoVoNPLRjYA5zBUD8qmyWiAzjloFOrDRLJwiD4OPHgImUx2WPTiSCjouvGqwfJh1jEEryJV_d0e4iVGyKYbFeXfzadwYXXR2jK4QwO1V_JDHI7HUYwNl6qzZqATi2zNKunPgIwY55gWBKjP2aUvPUBAcTeCsUPvrN_SajPVfc2wSlA2TvEnjmweNvgSTNqtBlMpmpwvEb9WXfv4pl3BfRvoTk3VR4icyvl-PLFedp2y0Fs0aQ4LRQ2ZMKWyGQEam_uAoa1tXrRJ_yQRvtWm1K8GpRZGKwN3TvtAg649PxQ7tJ8cvh3BwQROJyQBZDrlR04wqvDK4SNezlUQ\" }", + "\"d\": " + "\"oMyvxXcC4icHDQBEGUOswEYabTmWTgrpnho_kg0p5BUjclbYzYdCreKqEPqwdcTcsfhJP0JI9r8mmy2PtSvXINKbhxXtXDdlCEaKMdIySyz97L06OLelrbB_" + "mFxaU4z2iOsToeGff8OJgqaByF4hBw8HH5u9E75cYgFDvaJv29IRHMdkftwkfb4xJIfo6SQbBnbI5Ja22-" + "lhnA4TgRKwY0XOmTeR8NnHIwUJ3UvZZMJvkTBOeUPT7T6OrxmZsqWKoXILMhLQBOyfldXbjNDZM5UbqSuTxmbD_" + "MfO3xTwWWQXfIRqMZEpw1XRBguGj4g9kJ82Ujxcn-yLYbp08QhR0ijBY13HzFVMZ2jxqckrvp3uYgfJjcCN9QXZ6qlv40s_" + "vJRRgv4wxdDc035eoymqGQby0UnDTmhijRV_-eAJQvdl3bv-R5dH9IzhxoJA8xAqZfVtlehPuGaXDAsa4pIWSg9hZkMdDEjW15g3zTQi3ba8_" + "MfmnKuDe4GXYBjrH69z7epxbhnTmKQ-fZIxboA9sYuJHj6pEGT8D485QmrnmLjvqmQUzcxnpU6E3awksTp_" + "HeBYLLbmrv4DPGNyVri2yPPTTRrNBtbWkuvEGVnMhvL2ed9uqLSnH8zOfgWqstqjxadxKADidYEZzmiYfEjYTDZGd9VDIUdKNGHWGFRB7UE\", " + "\"p\": " + "\"6VtjaNMD_VKTbs7sUQk-qjPTn6mCI8_3loqrOOy32b1G0HfIzCijuV-" + "L7g7RxmMszEEfEILxRpJnOZRehN8etsIEuCdhU6VAdhBsBH5hIA9ZtX8GIs0sPrhc4kzPiwJ6JcLytUc6HCTICf2FIU7SI8I17-" + "p53d35VItYiC1sGLZ2yN61VoKYNTncUSwboP2zXmGv4FPB5wQogryA_bEn-" + "1U12FFSRd75Ku9GAEVxbTk3OaQqYgqfo9LnAWvunTDu31D4uyC6rze77NCo8UguqCpFjvF0ihOryQI6C3d0e8kxcM1vJbMvZNfrDN65btzqWi4m-" + "CnqGYkl6BXQtS5UVw\", " + "\"q\": " + "\"0M7h_gtxoVoNPLRjYA5zBUD8qmyWiAzjloFOrDRLJwiD4OPHgImUx2WPTiSCjouvGqwfJh1jEEryJV_d0e4iVGyKYbFeXfzadwYXXR2jK4QwO1V_" + "JDHI7HUYwNl6qzZqATi2zNKunPgIwY55gWBKjP2aUvPUBAcTeCsUPvrN_SajPVfc2wSlA2TvEnjmweNvgSTNqtBlMpmpwvEb9WXfv4pl3BfRvoTk3VR4icyvl-" + "PLFedp2y0Fs0aQ4LRQ2ZMKWyGQEam_uAoa1tXrRJ_yQRvtWm1K8GpRZGKwN3TvtAg649PxQ7tJ8cvh3BwQROJyQBZDrlR04wqvDK4SNezlUQ\" }", // oct 256 "{ \"kty\": \"oct\", " @@ -652,7 +713,9 @@ START_TEST(test_cjose_jwk_import_valid) // oct 1024 "{ \"kty\": \"oct\", " "\"kid\": \"3dfc3c58-74fd-4b8a-88d6-5321b30b554c\", " - "\"k\": \"dCDW6NH5DkKtH6dTsRm_yJchQtrVxD_ZjDob3UquMBoAwdtVIjKvMztbP4XQE7Gf_QjzEa58_UrI80QzBxG_UpFxzpjTOBfWz8Do1BHZak_W1KBWDyfnEqc8RtxZmc4yE1dko5B8GUyfplMrEFa2tO899hnGe7pqRVdiwFF5QkY\" }", + "\"k\": " + "\"dCDW6NH5DkKtH6dTsRm_yJchQtrVxD_ZjDob3UquMBoAwdtVIjKvMztbP4XQE7Gf_QjzEa58_UrI80QzBxG_UpFxzpjTOBfWz8Do1BHZak_" + "W1KBWDyfnEqc8RtxZmc4yE1dko5B8GUyfplMrEFa2tO899hnGe7pqRVdiwFF5QkY\" }", NULL, }; @@ -661,25 +724,22 @@ START_TEST(test_cjose_jwk_import_valid) for (int i = 0; JWK[i] != NULL; ++i) { // do import - jwk = cjose_jwk_import( JWK[i], strlen(JWK[i]), &err); - ck_assert_msg( - NULL != jwk, - "expected a cjose_jwk_t, but got NULL (%s) : " - "%s, file: %s, function: %s, line: %ld", - JWK[i], err.message, err.file, err.function, err.line); - - // get json representation of "before" + jwk = cjose_jwk_import(JWK[i], strlen(JWK[i]), &err); + ck_assert_msg(NULL != jwk, "expected a cjose_jwk_t, but got NULL (%s) : " + "%s, file: %s, function: %s, line: %ld", + JWK[i], err.message, err.file, err.function, err.line); + + // get json representation of "before" json_t *left_json = json_loads(JWK[i], 0, NULL); ck_assert(NULL != left_json); - // get json representation of "after" + // get json representation of "after" char *jwk_str = cjose_jwk_to_json(jwk, true, &err); json_t *right_json = json_loads(jwk_str, 0, NULL); ck_assert(NULL != right_json); // check that cooresponding attributes match up - const char *attrs[] = { "kty", "crv", "x", "y", "d", "kid", - "e", "n", "p", "q", "dp", "dq", "qi", NULL }; + const char *attrs[] = { "kty", "crv", "x", "y", "d", "kid", "e", "n", "p", "q", "dp", "dq", "qi", NULL }; if (!_match_string_attrs(left_json, right_json, attrs)) { ck_assert_str_eq(JWK[i], jwk_str); @@ -696,8 +756,7 @@ END_TEST START_TEST(test_cjose_jwk_import_invalid) { cjose_err err; - static const char *JWK[] = - { + static const char *JWK[] = { // EC P-256 invalid 'kty' "{ \"kty\": \"EMC\", \"crv\": \"P-256\", " "\"x\": \"VoFkf6Wk5kDQ1ob6csBmiMPHU8jALwdtaap35Fsj20M\", " @@ -734,7 +793,7 @@ START_TEST(test_cjose_jwk_import_invalid) "\"y\": \"XymwN6u2PmsKbIPy5iij6qZ-mIyej5dvZWB_75lnRgQ\", " "\"kid\": \"5B3F3AB3-E716-4D85-8E4A-4BAC0D7D64E8\" }", - // EC P-256 missing 'x' + // EC P-256 missing 'x' "{ \"kty\": \"EC\", \"crv\": \"P-256\", " "\"y\": \"XymwN6u2PmsKbIPy5iij6qZ-mIyej5dvZWB_75lnRgQ\", " "\"kid\": \"9354D170-5FA4-46B5-901D-38098716E28A\" }", @@ -756,13 +815,13 @@ START_TEST(test_cjose_jwk_import_invalid) "\"x\": \"VoFkf6Wk5kDQ1ob6csBmiMPHU8jALwdtaap35Fsj20M\", " "\"kid\": \"CBA61EED-3C61-45B3-9A35-9DE03F247720\" }", - // EC P-384 invalid 'x' (truncated) + // EC P-384 invalid 'x' (truncated) "{ \"kty\": \"EC\", \"crv\": \"P-384\", " "\"x\": \"pO1SWmH7uOJfrtU1ibqVVK7VHffbpZtGfPYMPP_5KLQO9Dtsy41UEkMlL3BWHJD\", " "\"y\": \"RdBNoaV42bRE55V8PJR3Toeo8omQAIHPboOa7LlbQSGPYp6H6zW0tKroPquJYr3w\", " "\"kid\": \"FFC23684-88C8-4783-BBA3-ABF29971943B\" }", - // EC P-521 invalid 'x' (truncated) + // EC P-521 invalid 'x' (truncated) "{ \"kty\": \"EC\", \"crv\": \"P-521\", " "\"x\": \"AVq9Y0jEvSINQJzcExSIUWYjo73cJcVTz_QHXCU7p9rbmC8chFdACiGLKDKlzdgW6lhZzA5qnp8mkpS2qJO_EVxU\", " "\"y\": \"AQHcQF8s_dhS_84CKLll0vkr0xCqWLp5XXdb79coYWI7Ev9SwZ4UZZVPxgu7ZGyp_2WdtaWw68uYeUVU4WiyKfP\", " @@ -779,10 +838,10 @@ START_TEST(test_cjose_jwk_import_invalid) // empty string "\"\"", - // null JWK + // null JWK "null", - // a number + // a number "5", // nothing @@ -808,11 +867,10 @@ END_TEST START_TEST(test_cjose_jwk_import_underflow_length) { cjose_err err; - static const char *JWK = - "{ \"kty\": \"EC\", \"crv\": \"P-256\", " - "\"x\": \"VoFkf6Wk5kDQ1ob6csBmiMPHU8jALwdtaap35Fsj20M\", " - "\"y\": \"XymwN6u2PmsKbIPy5iij6qZ-mIyej5dvZWB_75lnRgQ\", " - "\"kid\": \"CF21823B-D7C3-4C7F-BBE9-F11745E6BD21\" }"; + static const char *JWK = "{ \"kty\": \"EC\", \"crv\": \"P-256\", " + "\"x\": \"VoFkf6Wk5kDQ1ob6csBmiMPHU8jALwdtaap35Fsj20M\", " + "\"y\": \"XymwN6u2PmsKbIPy5iij6qZ-mIyej5dvZWB_75lnRgQ\", " + "\"kid\": \"CF21823B-D7C3-4C7F-BBE9-F11745E6BD21\" }"; cjose_jwk_t *jwk = NULL; @@ -831,27 +889,26 @@ END_TEST START_TEST(test_cjose_jwk_import_no_zero_termination) { cjose_err err; - static const char *JWK = - "{ \"kty\": \"EC\", \"crv\": \"P-256\", " - "\"x\": \"VoFkf6Wk5kDQ1ob6csBmiMPHU8jALwdtaap35Fsj20M\", " - "\"y\": \"XymwN6u2PmsKbIPy5iij6qZ-mIyej5dvZWB_75lnRgQ\", " - "\"kid\": \"7CD876ED-6404-443A-8BBD-D4C1C99B6F71\" }, " - "{ \"kty\": \"EC\", \"crv\": \"P-384\", " - "\"x\": \"pO1SWmH7uOJfrtU1ibqVVK7VHffbpZtGfPYMPP_5KLQO9Dtsy41UEkMlL3BWHJD\", " - "\"y\": \"RdBNoaV42bRE55V8PJR3Toeo8omQAIHPboOa7LlbQSGPYp6H6zW0tKroPquJYr3w\", " - "\"kid\": \"7CD876ED-6404-443A-8BBD-D4C1C99B6F71\" }"; + static const char *JWK = "{ \"kty\": \"EC\", \"crv\": \"P-256\", " + "\"x\": \"VoFkf6Wk5kDQ1ob6csBmiMPHU8jALwdtaap35Fsj20M\", " + "\"y\": \"XymwN6u2PmsKbIPy5iij6qZ-mIyej5dvZWB_75lnRgQ\", " + "\"kid\": \"7CD876ED-6404-443A-8BBD-D4C1C99B6F71\" }, " + "{ \"kty\": \"EC\", \"crv\": \"P-384\", " + "\"x\": \"pO1SWmH7uOJfrtU1ibqVVK7VHffbpZtGfPYMPP_5KLQO9Dtsy41UEkMlL3BWHJD\", " + "\"y\": \"RdBNoaV42bRE55V8PJR3Toeo8omQAIHPboOa7LlbQSGPYp6H6zW0tKroPquJYr3w\", " + "\"kid\": \"7CD876ED-6404-443A-8BBD-D4C1C99B6F71\" }"; cjose_jwk_t *jwk = NULL; - // do import providing length of just the first key (which is length 182) + // do import providing length of just the first key (which is length 182) jwk = cjose_jwk_import(JWK, 182, &err); ck_assert_msg(NULL != jwk, "expected a cjose_jwk_t, but got NULL"); - // get json representation of "before" + // get json representation of "before" json_t *left_json = json_loads(JWK, JSON_DISABLE_EOF_CHECK, NULL); ck_assert(NULL != left_json); - // get json representation of "after" + // get json representation of "after" char *jwk_str = cjose_jwk_to_json(jwk, true, &err); json_t *right_json = json_loads(jwk_str, 0, NULL); ck_assert(NULL != right_json); @@ -873,17 +930,15 @@ END_TEST START_TEST(test_cjose_jwk_import_with_base64url_padding) { cjose_err err; - static const char *JWK_IN = - "{ \"kty\": \"EC\", \"crv\": \"P-256\", " - "\"x\": \"VoFkf6Wk5kDQ1ob6csBmiMPHU8jALwdtaap35Fsj20M=\", " - "\"y\": \"XymwN6u2PmsKbIPy5iij6qZ-mIyej5dvZWB_75lnRgQ=\", " - "\"kid\": \"BEB14BFF-1D35-4AC0-9D0A-3FD44D1C834D\" }"; + static const char *JWK_IN = "{ \"kty\": \"EC\", \"crv\": \"P-256\", " + "\"x\": \"VoFkf6Wk5kDQ1ob6csBmiMPHU8jALwdtaap35Fsj20M=\", " + "\"y\": \"XymwN6u2PmsKbIPy5iij6qZ-mIyej5dvZWB_75lnRgQ=\", " + "\"kid\": \"BEB14BFF-1D35-4AC0-9D0A-3FD44D1C834D\" }"; - static const char *JWK_OUT = - "{ \"kty\": \"EC\", \"crv\": \"P-256\", " - "\"x\": \"VoFkf6Wk5kDQ1ob6csBmiMPHU8jALwdtaap35Fsj20M\", " - "\"y\": \"XymwN6u2PmsKbIPy5iij6qZ-mIyej5dvZWB_75lnRgQ\", " - "\"kid\": \"BEB14BFF-1D35-4AC0-9D0A-3FD44D1C834D\" }"; + static const char *JWK_OUT = "{ \"kty\": \"EC\", \"crv\": \"P-256\", " + "\"x\": \"VoFkf6Wk5kDQ1ob6csBmiMPHU8jALwdtaap35Fsj20M\", " + "\"y\": \"XymwN6u2PmsKbIPy5iij6qZ-mIyej5dvZWB_75lnRgQ\", " + "\"kid\": \"BEB14BFF-1D35-4AC0-9D0A-3FD44D1C834D\" }"; cjose_jwk_t *jwk = NULL; @@ -891,14 +946,14 @@ START_TEST(test_cjose_jwk_import_with_base64url_padding) jwk = cjose_jwk_import(JWK_IN, strlen(JWK_IN), &err); ck_assert_msg(NULL != jwk, "expected a cjose_jwk_t, but got NULL"); - // get json representation of "expected" (i.e. no padding) + // get json representation of "expected" (i.e. no padding) json_t *left_json = json_loads(JWK_OUT, 0, NULL); ck_assert(NULL != left_json); // get json representation of "actual" (i.e. reserialized original) char *jwk_str = cjose_jwk_to_json(jwk, true, &err); json_t *right_json = json_loads(jwk_str, 0, NULL); - ck_assert(NULL != right_json); + ck_assert(NULL != right_json); // check that cooresponding attributes match up const char *attrs[] = { "kty", "crv", "x", "y", "d", "kid", NULL }; @@ -914,36 +969,33 @@ START_TEST(test_cjose_jwk_import_with_base64url_padding) } END_TEST - START_TEST(test_cjose_jwk_EC_import_with_priv_export_with_pub) { cjose_err err; - static const char *JWK_IN = - "{ \"kty\": \"EC\", \"crv\": \"P-256\", " - "\"kid\": \"7302734F-A854-40BC-A44F-93F6F72B0D34\", " - "\"d\": \"hWdoUQvCWta1UQhC0nkTG0fHLFjWpDLv5wucVyq4-HY\" }"; + static const char *JWK_IN = "{ \"kty\": \"EC\", \"crv\": \"P-256\", " + "\"kid\": \"7302734F-A854-40BC-A44F-93F6F72B0D34\", " + "\"d\": \"hWdoUQvCWta1UQhC0nkTG0fHLFjWpDLv5wucVyq4-HY\" }"; - static const char *JWK_OUT = - "{ \"kty\": \"EC\", \"crv\": \"P-256\", " - "\"x\": \"ccXrxIe0aS32y9kBkZFfAh6f7UvdcowtGH5uxCIo7eY\", " - "\"y\": \"GGQACnDgoiQvdQTsv1KxNUzOjZgnNoO4wQe_F75-bb0\", " - "\"kid\": \"7302734F-A854-40BC-A44F-93F6F72B0D34\", " - "\"d\": \"hWdoUQvCWta1UQhC0nkTG0fHLFjWpDLv5wucVyq4-HY\" }"; + static const char *JWK_OUT = "{ \"kty\": \"EC\", \"crv\": \"P-256\", " + "\"x\": \"ccXrxIe0aS32y9kBkZFfAh6f7UvdcowtGH5uxCIo7eY\", " + "\"y\": \"GGQACnDgoiQvdQTsv1KxNUzOjZgnNoO4wQe_F75-bb0\", " + "\"kid\": \"7302734F-A854-40BC-A44F-93F6F72B0D34\", " + "\"d\": \"hWdoUQvCWta1UQhC0nkTG0fHLFjWpDLv5wucVyq4-HY\" }"; cjose_jwk_t *jwk = NULL; - // do import which includes just the private key 'd' + // do import which includes just the private key 'd' jwk = cjose_jwk_import(JWK_IN, strlen(JWK_IN), &err); ck_assert_msg(NULL != jwk, "expected a cjose_jwk_t, but got NULL"); - // get json representation of "expected" (i.e. includes 'x' and 'y') + // get json representation of "expected" (i.e. includes 'x' and 'y') json_t *left_json = json_loads(JWK_OUT, 0, NULL); ck_assert(NULL != left_json); // get json representation of "actual" (i.e. reserialized original) char *jwk_str = cjose_jwk_to_json(jwk, true, &err); json_t *right_json = json_loads(jwk_str, 0, NULL); - ck_assert(NULL != right_json); + ck_assert(NULL != right_json); // check that cooresponding attributes match up const char *attrs[] = { "kty", "crv", "x", "y", "d", "kid", NULL }; @@ -968,21 +1020,18 @@ START_TEST(test_cjose_jwk_hkdf) size_t ephemeral_key_len = 32; uint8_t *ephemeral_key = (uint8_t *)malloc(ephemeral_key_len); - bool ok = cjose_jwk_hkdf(EVP_sha256(), (uint8_t *)"", 0, (uint8_t *)"", 0, - ikm, ikm_len, ephemeral_key, ephemeral_key_len, &err); - ck_assert_msg(ok, "Failed to compute HKDF"); + bool ok + = cjose_jwk_hkdf(EVP_sha256(), (uint8_t *)"", 0, (uint8_t *)"", 0, ikm, ikm_len, ephemeral_key, ephemeral_key_len, &err); + ck_assert_msg(ok, "Failed to compute HKDF"); - // the following is the expected output of HKDF with the ikm given above, - // SHA256, no salt, no info, and an extend length of 256 bits, as provided + // the following is the expected output of HKDF with the ikm given above, + // SHA256, no salt, no info, and an extend length of 256 bits, as provided // by the Ruby impl. of HKDF found here: https://github.com/jtdowney/hkdf - const uint8_t expected[] = { - 0x0C, 0x23, 0xF4, 0x62, 0x98, 0x9B, 0x7F, 0x77, 0x3E, 0x7C, 0x2F, - 0x7C, 0x6B, 0xF4, 0x6B, 0xB7, 0xB9, 0x11, 0x65, 0xC5, 0x92, 0xD1, - 0x0C, 0x48, 0xFD, 0x47, 0x94, 0x76, 0x74, 0xB4, 0x14, 0xCE }; - for (int i = 0; i < ephemeral_key_len; i++) + const uint8_t expected[] = { 0x0C, 0x23, 0xF4, 0x62, 0x98, 0x9B, 0x7F, 0x77, 0x3E, 0x7C, 0x2F, 0x7C, 0x6B, 0xF4, 0x6B, 0xB7, + 0xB9, 0x11, 0x65, 0xC5, 0x92, 0xD1, 0x0C, 0x48, 0xFD, 0x47, 0x94, 0x76, 0x74, 0xB4, 0x14, 0xCE }; + for (int i = 0; i < ephemeral_key_len; i++) { - ck_assert_msg( - ephemeral_key[i] == expected[i], "HKDF failed on byte: %d", i); + ck_assert_msg(ephemeral_key[i] == expected[i], "HKDF failed on byte: %d", i); } free(ephemeral_key); } @@ -995,63 +1044,59 @@ START_TEST(test_cjose_jwk_get_and_set_kid) const char *oldKid = "725cad72-23c6-4bf7-84c3-4583a6cf5fe9"; const char *newKid = "aec1cebf-ddec-4d5f-8a61-f29e2f68dc41"; - static const char *JWK_BEFORE[] = - { - // OCT key - "{\"kty\":\"oct\"," - "\"kid\":\"725cad72-23c6-4bf7-84c3-4583a6cf5fe9\"," - "\"k\":\"wsL6R8uXG4RnsckLggj9Lg-kE5MMSJ8luzIBA8j7WXE\"}", - - // EC key - "{\"kty\":\"EC\"," - "\"kid\":\"725cad72-23c6-4bf7-84c3-4583a6cf5fe9\"," - "\"crv\":\"P-256\"," - "\"x\":\"ccXrxIe0aS32y9kBkZFfAh6f7UvdcowtGH5uxCIo7eY\"," - "\"y\":\"GGQACnDgoiQvdQTsv1KxNUzOjZgnNoO4wQe_F75-bb0\"," - "\"d\":\"hWdoUQvCWta1UQhC0nkTG0fHLFjWpDLv5wucVyq4-HY\"}", - - // RSA key - "{\"kty\":\"RSA\"," - "\"kid\":\"725cad72-23c6-4bf7-84c3-4583a6cf5fe9\"," - "\"e\":\"AQAB\"," - "\"n\":\"zSNO12-ydrm-bheszVm2ZvycKrSV2CN0xqQHPxB4yT8MFlWfopMA2Im" - "t4EkILfPfZPeUYV6lElCjoY_4GBtQOy_e4RvDSMC0pqt5X4e6mjQvLsaAClkBmh" - "hCYd-Vn9XIC3rSeAmBpSJDuwq_RTweXSG0hb_bn5FHf1Bl_ekEBUsm0Xq4p6N5D" - "jC0ImNP74G0qxBVJzu07qsCJzYpifYYoEYkwIY7S4jqyHv55wiuMt89VTl37y8V" - "FR3ll6RPiPFa4Raiminw5wKNJEmrGEukabibspiC0XvWEMXj_zk0YnVTGAGdZeD" - "PwnjYY6JUOJ9KgcYkiQYb9SXetsjSbyheZw\"}", - - NULL + static const char *JWK_BEFORE[] = { // OCT key + "{\"kty\":\"oct\"," + "\"kid\":\"725cad72-23c6-4bf7-84c3-4583a6cf5fe9\"," + "\"k\":\"wsL6R8uXG4RnsckLggj9Lg-kE5MMSJ8luzIBA8j7WXE\"}", + + // EC key + "{\"kty\":\"EC\"," + "\"kid\":\"725cad72-23c6-4bf7-84c3-4583a6cf5fe9\"," + "\"crv\":\"P-256\"," + "\"x\":\"ccXrxIe0aS32y9kBkZFfAh6f7UvdcowtGH5uxCIo7eY\"," + "\"y\":\"GGQACnDgoiQvdQTsv1KxNUzOjZgnNoO4wQe_F75-bb0\"," + "\"d\":\"hWdoUQvCWta1UQhC0nkTG0fHLFjWpDLv5wucVyq4-HY\"}", + + // RSA key + "{\"kty\":\"RSA\"," + "\"kid\":\"725cad72-23c6-4bf7-84c3-4583a6cf5fe9\"," + "\"e\":\"AQAB\"," + "\"n\":\"zSNO12-ydrm-bheszVm2ZvycKrSV2CN0xqQHPxB4yT8MFlWfopMA2Im" + "t4EkILfPfZPeUYV6lElCjoY_4GBtQOy_e4RvDSMC0pqt5X4e6mjQvLsaAClkBmh" + "hCYd-Vn9XIC3rSeAmBpSJDuwq_RTweXSG0hb_bn5FHf1Bl_ekEBUsm0Xq4p6N5D" + "jC0ImNP74G0qxBVJzu07qsCJzYpifYYoEYkwIY7S4jqyHv55wiuMt89VTl37y8V" + "FR3ll6RPiPFa4Raiminw5wKNJEmrGEukabibspiC0XvWEMXj_zk0YnVTGAGdZeD" + "PwnjYY6JUOJ9KgcYkiQYb9SXetsjSbyheZw\"}", + + NULL }; - static const char *JWK_AFTER[] = - { - // OCT key - "{\"kty\":\"oct\"," - "\"kid\":\"aec1cebf-ddec-4d5f-8a61-f29e2f68dc41\"," - "\"k\":\"wsL6R8uXG4RnsckLggj9Lg-kE5MMSJ8luzIBA8j7WXE\"}", - - // EC key - "{\"kty\":\"EC\"," - "\"kid\":\"aec1cebf-ddec-4d5f-8a61-f29e2f68dc41\"," - "\"crv\":\"P-256\"," - "\"x\":\"ccXrxIe0aS32y9kBkZFfAh6f7UvdcowtGH5uxCIo7eY\"," - "\"y\":\"GGQACnDgoiQvdQTsv1KxNUzOjZgnNoO4wQe_F75-bb0\"," - "\"d\":\"hWdoUQvCWta1UQhC0nkTG0fHLFjWpDLv5wucVyq4-HY\"}", - - // RSA key - "{\"kty\":\"RSA\"," - "\"kid\":\"aec1cebf-ddec-4d5f-8a61-f29e2f68dc41\"," - "\"e\":\"AQAB\"," - "\"n\":\"zSNO12-ydrm-bheszVm2ZvycKrSV2CN0xqQHPxB4yT8MFlWfopMA2Im" - "t4EkILfPfZPeUYV6lElCjoY_4GBtQOy_e4RvDSMC0pqt5X4e6mjQvLsaAClkBmh" - "hCYd-Vn9XIC3rSeAmBpSJDuwq_RTweXSG0hb_bn5FHf1Bl_ekEBUsm0Xq4p6N5D" - "jC0ImNP74G0qxBVJzu07qsCJzYpifYYoEYkwIY7S4jqyHv55wiuMt89VTl37y8V" - "FR3ll6RPiPFa4Raiminw5wKNJEmrGEukabibspiC0XvWEMXj_zk0YnVTGAGdZeD" - "PwnjYY6JUOJ9KgcYkiQYb9SXetsjSbyheZw\"}", - - NULL + static const char *JWK_AFTER[] = { // OCT key + "{\"kty\":\"oct\"," + "\"kid\":\"aec1cebf-ddec-4d5f-8a61-f29e2f68dc41\"," + "\"k\":\"wsL6R8uXG4RnsckLggj9Lg-kE5MMSJ8luzIBA8j7WXE\"}", + + // EC key + "{\"kty\":\"EC\"," + "\"kid\":\"aec1cebf-ddec-4d5f-8a61-f29e2f68dc41\"," + "\"crv\":\"P-256\"," + "\"x\":\"ccXrxIe0aS32y9kBkZFfAh6f7UvdcowtGH5uxCIo7eY\"," + "\"y\":\"GGQACnDgoiQvdQTsv1KxNUzOjZgnNoO4wQe_F75-bb0\"," + "\"d\":\"hWdoUQvCWta1UQhC0nkTG0fHLFjWpDLv5wucVyq4-HY\"}", + + // RSA key + "{\"kty\":\"RSA\"," + "\"kid\":\"aec1cebf-ddec-4d5f-8a61-f29e2f68dc41\"," + "\"e\":\"AQAB\"," + "\"n\":\"zSNO12-ydrm-bheszVm2ZvycKrSV2CN0xqQHPxB4yT8MFlWfopMA2Im" + "t4EkILfPfZPeUYV6lElCjoY_4GBtQOy_e4RvDSMC0pqt5X4e6mjQvLsaAClkBmh" + "hCYd-Vn9XIC3rSeAmBpSJDuwq_RTweXSG0hb_bn5FHf1Bl_ekEBUsm0Xq4p6N5D" + "jC0ImNP74G0qxBVJzu07qsCJzYpifYYoEYkwIY7S4jqyHv55wiuMt89VTl37y8V" + "FR3ll6RPiPFa4Raiminw5wKNJEmrGEukabibspiC0XvWEMXj_zk0YnVTGAGdZeD" + "PwnjYY6JUOJ9KgcYkiQYb9SXetsjSbyheZw\"}", + + NULL }; // because stuff happens diff --git a/test/check_jws.c b/test/check_jws.c index c745078..869c3bf 100644 --- a/test/check_jws.c +++ b/test/check_jws.c @@ -14,114 +14,125 @@ #include // a JWK to be re-used for unit tests -static const char *JWK_COMMON = - "{ \"kty\": \"RSA\", " - "\"e\": \"AQAB\", " - "\"n\": \"0a5nKJLjaB1xdebYWfhvlhYhgfzkw49HAUIjyvb6fNPKhwlBQMoAS5jM3kI17_OMGrHxL7ZP00OE-24__VWDCAhOQsSvlgCvw2XOOCtSWWLpb03dTrCMFeemqS4S9jrKd3NbUk3UJ2dVb_EIbQEC_BVjZStr_HcCrKsj4AluaQUn09H7TuK0yZFBzZMhJ1J8Yi3nAPkxzdGah0XuWhLObMAvANSVmHzRXwnTDw9Dh_bJ4G1xd1DE7W94uoUlcSDx59aSdzTpQzJh1l3lXc6JRUrXTESYgHpMv0O1n0gbIxX8X1ityBlMiccDjfZIKLnwz6hQObvRtRIpxEdq4SYS-w\", " - "\"kid\": \"9ebf9edb-3a24-48b4-b2cb-21f0cf747ea7\", " - "\"d\": \"B1vTivz8th6yaKzdUusBH4dPTbyOWr6gg07K6siYKeFU7kBI5fkw4XZPWk2AjxdBB37PNBl127g25owL-twRaSrBdF5quxzzDix4fEgo77Ik9x8IcUaI5AvpMW7Ig5O0n1SRE-ZfV7KssO0Imqq6bBZkEpzfgVC760tmSuqJ0W2on8eWzi36zuKru9qA5uo7L8w9I5rzqY7XEaak0PYFi5zB1BkpI83tN2bBP2jPsym9lMP4fbf-duHgu0s9H4mDeQFyb7OuI_P7AyH3V3qhUAvk37w-HNL-17g7OBYsZK5jMwa7LobO8Tw0ZdPk5u6dWKdmiWOUUScQVAqtaDjRIQ\", " - "\"p\": \"7X_Hk-tohqmSp8Wv1UcjLw-_DyzYZTmHuXblxWJUk54shbujVU6MQg0_6NIGi0-9Y5_yjiUQMM4wRqrMevYxqMnSzDherN1fI-nWv-PNDrxEFObIFEYJy1vHQe1fqgraoLkgVwyzvrDXtUN_EnSXyALhBdr8vLUnCjkG7-j2UV8\", " - "\"q\": \"4gPgtf7FT91-FmkkNsrpK0J4Fp8jG1N0GuM30NvS4D715NWOKeuoUi1Ius3yHNdzo9uwLJgY7xJMJlr3ZSmcldwFLBKGVkLctOVLqDWrBLMwD-fPkQVV1FeRfso9bMUcprvSI2RbmIccF02MuLprltmbTdgOJA47_OqjmkHYV-U\", " - "\"dp\": \"VIJbae8iSoicfsaBQssFYgGgYq36ckp-WShNqmbK4ZwvC4cxH3HLxtUgIKBbY8cEBSctEBdwI227D-pGyJpCIWVvdOu6BJjg-c6Dc9SDavLi5u0X1N73LT2DMZpdqAwkr3wwXclPTFNw7jcOSGrkd29O0t6RgDSVp7WTGlszCtE\", " - "\"dq\": \"ZWB_5qJENrKO39aBW-Jf-_twihUPVi50oarRWml_iP40pVP01HDTqyiMut2tf6pUQGdF-nqulG2Mopei6Ell5wItf7s_bmnHPYysBuMrtov5PuknfVD7UqeEp25nZuZzF4aflyhovV29B-bM-_8CS0OIGb6TeTC5T5SflY17UNE\", " - "\"qi\": \"RowmdelfiEBdqfBCSb3yblUKhwJsbyg6HtcugIVOC1yDxD5sZ0cjJPnXj7TJkrC0tICQ50MlPY5F650D9pvACIYnvrGEwsq757Lxg5nqshvuSC-7i1TMkv7_uPBmIxRfzqsnh_hVhxLgSUW1NI6_ncwk9vDQqpkY6qBirgvbyO0\" }"; - -static const char *JWK_COMMON_OCT = - "{ \"kty\": \"oct\", " - "\"k\": \"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow\" }"; - -static const char *JWK_COMMON_EC = - "{ \"kty\":\"EC\"," - "\"crv\":\"P-256\"," - "\"x\":\"ii8jCnvs4FLc0rteSWxanup22pNDhzizmlGN-bfTcFk\"," - "\"y\":\"KbkZ7r_DQ-t67pnxPnFDHObTLBqn44BSjcqn0STUkaM\"," - "\"d\":\"RSSjcBQW_EBxm1gzYhejCdWtj3Id_GuwldwEgSuKCEM\" }"; +static const char *JWK_COMMON + = "{ \"kty\": \"RSA\", " + "\"e\": \"AQAB\", " + "\"n\": " + "\"0a5nKJLjaB1xdebYWfhvlhYhgfzkw49HAUIjyvb6fNPKhwlBQMoAS5jM3kI17_OMGrHxL7ZP00OE-24__" + "VWDCAhOQsSvlgCvw2XOOCtSWWLpb03dTrCMFeemqS4S9jrKd3NbUk3UJ2dVb_EIbQEC_BVjZStr_" + "HcCrKsj4AluaQUn09H7TuK0yZFBzZMhJ1J8Yi3nAPkxzdGah0XuWhLObMAvANSVmHzRXwnTDw9Dh_" + "bJ4G1xd1DE7W94uoUlcSDx59aSdzTpQzJh1l3lXc6JRUrXTESYgHpMv0O1n0gbIxX8X1ityBlMiccDjfZIKLnwz6hQObvRtRIpxEdq4SYS-w\", " + "\"kid\": \"9ebf9edb-3a24-48b4-b2cb-21f0cf747ea7\", " + "\"d\": " + "\"B1vTivz8th6yaKzdUusBH4dPTbyOWr6gg07K6siYKeFU7kBI5fkw4XZPWk2AjxdBB37PNBl127g25owL-" + "twRaSrBdF5quxzzDix4fEgo77Ik9x8IcUaI5AvpMW7Ig5O0n1SRE-" + "ZfV7KssO0Imqq6bBZkEpzfgVC760tmSuqJ0W2on8eWzi36zuKru9qA5uo7L8w9I5rzqY7XEaak0PYFi5zB1BkpI83tN2bBP2jPsym9lMP4fbf-" + "duHgu0s9H4mDeQFyb7OuI_P7AyH3V3qhUAvk37w-HNL-17g7OBYsZK5jMwa7LobO8Tw0ZdPk5u6dWKdmiWOUUScQVAqtaDjRIQ\", " + "\"p\": " + "\"7X_Hk-tohqmSp8Wv1UcjLw-_DyzYZTmHuXblxWJUk54shbujVU6MQg0_6NIGi0-9Y5_yjiUQMM4wRqrMevYxqMnSzDherN1fI-nWv-" + "PNDrxEFObIFEYJy1vHQe1fqgraoLkgVwyzvrDXtUN_EnSXyALhBdr8vLUnCjkG7-j2UV8\", " + "\"q\": " + "\"4gPgtf7FT91-FmkkNsrpK0J4Fp8jG1N0GuM30NvS4D715NWOKeuoUi1Ius3yHNdzo9uwLJgY7xJMJlr3ZSmcldwFLBKGVkLctOVLqDWrBLMwD-" + "fPkQVV1FeRfso9bMUcprvSI2RbmIccF02MuLprltmbTdgOJA47_OqjmkHYV-U\", " + "\"dp\": " + "\"VIJbae8iSoicfsaBQssFYgGgYq36ckp-WShNqmbK4ZwvC4cxH3HLxtUgIKBbY8cEBSctEBdwI227D-pGyJpCIWVvdOu6BJjg-" + "c6Dc9SDavLi5u0X1N73LT2DMZpdqAwkr3wwXclPTFNw7jcOSGrkd29O0t6RgDSVp7WTGlszCtE\", " + "\"dq\": " + "\"ZWB_5qJENrKO39aBW-Jf-_twihUPVi50oarRWml_iP40pVP01HDTqyiMut2tf6pUQGdF-nqulG2Mopei6Ell5wItf7s_" + "bmnHPYysBuMrtov5PuknfVD7UqeEp25nZuZzF4aflyhovV29B-bM-_8CS0OIGb6TeTC5T5SflY17UNE\", " + "\"qi\": " + "\"RowmdelfiEBdqfBCSb3yblUKhwJsbyg6HtcugIVOC1yDxD5sZ0cjJPnXj7TJkrC0tICQ50MlPY5F650D9pvACIYnvrGEwsq757Lxg5nqshvuSC-7i1TMkv7_" + "uPBmIxRfzqsnh_hVhxLgSUW1NI6_ncwk9vDQqpkY6qBirgvbyO0\" }"; + +static const char *JWK_COMMON_OCT + = "{ \"kty\": \"oct\", " + "\"k\": \"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow\" }"; + +static const char *JWK_COMMON_EC = "{ \"kty\":\"EC\"," + "\"crv\":\"P-256\"," + "\"x\":\"ii8jCnvs4FLc0rteSWxanup22pNDhzizmlGN-bfTcFk\"," + "\"y\":\"KbkZ7r_DQ-t67pnxPnFDHObTLBqn44BSjcqn0STUkaM\"," + "\"d\":\"RSSjcBQW_EBxm1gzYhejCdWtj3Id_GuwldwEgSuKCEM\" }"; // a JWS encrypted with the above JWK_COMMON key -static const char *JWS_COMMON = - "eyAiYWxnIjogIlBTMjU2IiB9.SWYgeW91IHJldmVhbCB5b3VyIHNlY3JldHMgdG8gdGhlIHdpbmQsIHlvdSBzaG91bGQgbm90IGJsYW1lIHRoZSB3aW5kIGZvciByZXZlYWxpbmcgdGhlbSB0byB0aGUgdHJlZXMuIOKAlCBLYWhsaWwgR2licmFu.0YJo4r9gbI2nZ2_1_KLTY3i5SRcZvahRuToavqBvLbm87pN7IYx8YV9kwKQclMW2ASpbEAzKNIJfQ3FycobRwZGtqCI9sRUo0vQvkpb3HIS6HKp3Kvur57J7LcZhz7uNIxzUYNQSg4EWpwhF9FnGng7bmU8qjNPiXCWfQ-n74gopAVzd3KDJ5ai7q66voRc9pCKJVbsaIMHIqcl9OPiMdY5Hz3_PgBalR2632HOdpUlIMvnMOL3EQICvyBwxaYPbhMcCpEc3_4K-sywOGiCSp9KlaLcRq0knZtAT0ynJszaiOwfR-W18PEFLfGclpeR6e_gop9mq69t36wK7KRUjrQ"; +static const char *JWS_COMMON + = "eyAiYWxnIjogIlBTMjU2IiB9." + "SWYgeW91IHJldmVhbCB5b3VyIHNlY3JldHMgdG8gdGhlIHdpbmQsIHlvdSBzaG91bGQgbm90IGJsYW1lIHRoZSB3aW5kIGZvciByZXZlYWxpbmcgdGhlbSB0byB0" + "aGUgdHJlZXMuIOKAlCBLYWhsaWwgR2licmFu.0YJo4r9gbI2nZ2_1_" + "KLTY3i5SRcZvahRuToavqBvLbm87pN7IYx8YV9kwKQclMW2ASpbEAzKNIJfQ3FycobRwZGtqCI9sRUo0vQvkpb3HIS6HKp3Kvur57J7LcZhz7uNIxzUYNQSg4EWp" + "whF9FnGng7bmU8qjNPiXCWfQ-n74gopAVzd3KDJ5ai7q66voRc9pCKJVbsaIMHIqcl9OPiMdY5Hz3_PgBalR2632HOdpUlIMvnMOL3EQICvyBwxaYPbhMcCpEc3_" + "4K-sywOGiCSp9KlaLcRq0knZtAT0ynJszaiOwfR-W18PEFLfGclpeR6e_gop9mq69t36wK7KRUjrQ"; // the plaintext payload of the above JWS_COMMON -static const char *PLAIN_COMMON = - "If you reveal your secrets to the wind, you should not blame the " - "wind for revealing them to the trees. — Kahlil Gibran"; +static const char *PLAIN_COMMON = "If you reveal your secrets to the wind, you should not blame the " + "wind for revealing them to the trees. — Kahlil Gibran"; - -static const char *_self_get_jwk_by_alg(const char *alg) { - if ((strcmp(alg, CJOSE_HDR_ALG_HS256) == 0) || (strcmp(alg, CJOSE_HDR_ALG_HS384) == 0) || (strcmp(alg, CJOSE_HDR_ALG_HS512) == 0)) - return JWK_COMMON_OCT; - if ((strcmp(alg, CJOSE_HDR_ALG_ES256) == 0) || (strcmp(alg, CJOSE_HDR_ALG_ES384) == 0) || (strcmp(alg, CJOSE_HDR_ALG_ES512) == 0)) - return JWK_COMMON_EC; - return JWK_COMMON; +static const char *_self_get_jwk_by_alg(const char *alg) +{ + if ((strcmp(alg, CJOSE_HDR_ALG_HS256) == 0) || (strcmp(alg, CJOSE_HDR_ALG_HS384) == 0) + || (strcmp(alg, CJOSE_HDR_ALG_HS512) == 0)) + return JWK_COMMON_OCT; + if ((strcmp(alg, CJOSE_HDR_ALG_ES256) == 0) || (strcmp(alg, CJOSE_HDR_ALG_ES384) == 0) + || (strcmp(alg, CJOSE_HDR_ALG_ES512) == 0)) + return JWK_COMMON_EC; + return JWK_COMMON; } -static void _self_sign_self_verify( - const char *plain1, const char *alg, cjose_err *err) +static void _self_sign_self_verify(const char *plain1, const char *alg, cjose_err *err) { - const char *s_jwk = _self_get_jwk_by_alg(alg); + const char *s_jwk = _self_get_jwk_by_alg(alg); cjose_jwk_t *jwk = cjose_jwk_import(s_jwk, strlen(s_jwk), err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err->message, err->file, err->function, err->line); + "%s, file: %s, function: %s, line: %ld", + err->message, err->file, err->function, err->line); // set header for JWS cjose_header_t *hdr = cjose_header_new(err); - ck_assert_msg( - cjose_header_set(hdr, CJOSE_HDR_ALG, alg, err), - "cjose_header_set failed: " - "%s, file: %s, function: %s, line: %ld", - err->message, err->file, err->function, err->line); + ck_assert_msg(cjose_header_set(hdr, CJOSE_HDR_ALG, alg, err), "cjose_header_set failed: " + "%s, file: %s, function: %s, line: %ld", + err->message, err->file, err->function, err->line); // create the JWS size_t plain1_len = strlen(plain1); cjose_jws_t *jws1 = cjose_jws_sign(jwk, hdr, plain1, plain1_len, err); ck_assert_msg(NULL != jws1, "cjose_jws_sign failed: " - "%s, file: %s, function: %s, line: %ld", - err->message, err->file, err->function, err->line); + "%s, file: %s, function: %s, line: %ld", + err->message, err->file, err->function, err->line); ck_assert(hdr == cjose_jws_get_protected(jws1)); // get the compact serialization of JWS const char *compact = NULL; - ck_assert_msg( - cjose_jws_export(jws1, &compact, err), - "cjose_jws_export failed: " - "%s, file: %s, function: %s, line: %ld", - err->message, err->file, err->function, err->line); + ck_assert_msg(cjose_jws_export(jws1, &compact, err), "cjose_jws_export failed: " + "%s, file: %s, function: %s, line: %ld", + err->message, err->file, err->function, err->line); // deserialize the compact representation to a new JWS cjose_jws_t *jws2 = cjose_jws_import(compact, strlen(compact), err); ck_assert_msg(NULL != jws2, "cjose_jws_import failed: " - "%s, file: %s, function: %s, line: %ld", - err->message, err->file, err->function, err->line); + "%s, file: %s, function: %s, line: %ld", + err->message, err->file, err->function, err->line); // verify the deserialized JWS ck_assert_msg(cjose_jws_verify(jws2, jwk, err), "cjose_jws_verify failed: " - "%s, file: %s, function: %s, line: %ld", - err->message, err->file, err->function, err->line); + "%s, file: %s, function: %s, line: %ld", + err->message, err->file, err->function, err->line); // get the verified plaintext uint8_t *plain2 = NULL; size_t plain2_len = 0; - ck_assert_msg( - cjose_jws_get_plaintext(jws2, &plain2, &plain2_len, err), - "cjose_jws_get_plaintext failed: " - "%s, file: %s, function: %s, line: %ld", - err->message, err->file, err->function, err->line); + ck_assert_msg(cjose_jws_get_plaintext(jws2, &plain2, &plain2_len, err), "cjose_jws_get_plaintext failed: " + "%s, file: %s, function: %s, line: %ld", + err->message, err->file, err->function, err->line); // confirm equal headers - ck_assert(json_equal( - (json_t *)cjose_jws_get_protected(jws1), - (json_t *)cjose_jws_get_protected(jws2))); + ck_assert(json_equal((json_t *)cjose_jws_get_protected(jws1), (json_t *)cjose_jws_get_protected(jws2))); // confirm plain2 == plain1 - ck_assert_msg( - plain2_len == strlen(plain1), - "length of verified plaintext does not match length of original, " - "expected: %lu, found: %lu", strlen(plain1), plain2_len); - ck_assert_msg( - strncmp(plain1, plain2, plain2_len) == 0, - "verified plaintext does not match signed plaintext"); + ck_assert_msg(plain2_len == strlen(plain1), "length of verified plaintext does not match length of original, " + "expected: %lu, found: %lu", + strlen(plain1), plain2_len); + ck_assert_msg(strncmp(plain1, plain2, plain2_len) == 0, "verified plaintext does not match signed plaintext"); cjose_header_release(hdr); cjose_jws_release(jws1); @@ -129,7 +140,6 @@ static void _self_sign_self_verify( cjose_jwk_release(jwk); } - START_TEST(test_cjose_jws_self_sign_self_verify) { cjose_err err; @@ -148,7 +158,6 @@ START_TEST(test_cjose_jws_self_sign_self_verify) } END_TEST - START_TEST(test_cjose_jws_self_sign_self_verify_short) { cjose_err err; @@ -167,7 +176,6 @@ START_TEST(test_cjose_jws_self_sign_self_verify_short) } END_TEST - START_TEST(test_cjose_jws_self_sign_self_verify_empty) { cjose_err err; @@ -186,7 +194,6 @@ START_TEST(test_cjose_jws_self_sign_self_verify_empty) } END_TEST - START_TEST(test_cjose_jws_self_sign_self_verify_many) { cjose_err err; @@ -197,7 +204,7 @@ START_TEST(test_cjose_jws_self_sign_self_verify_many) size_t len = random() % 1024; char *plain = (char *)malloc(len); ck_assert_msg(RAND_bytes(plain, len) == 1, "RAND_bytes failed"); - plain[len-1] = 0; + plain[len - 1] = 0; _self_sign_self_verify(plain, CJOSE_HDR_ALG_PS256, &err); _self_sign_self_verify(plain, CJOSE_HDR_ALG_PS384, &err); _self_sign_self_verify(plain, CJOSE_HDR_ALG_PS512, &err); @@ -215,58 +222,53 @@ START_TEST(test_cjose_jws_self_sign_self_verify_many) } END_TEST - START_TEST(test_cjose_jws_sign_with_bad_header) { cjose_err err; cjose_header_t *hdr = NULL; cjose_jws_t *jws = NULL; - static const char *plain = - "The mind is everything. What you think you become."; + static const char *plain = "The mind is everything. What you think you become."; size_t plain_len = strlen(plain); - static const char *JWK = - "{ \"kty\": \"RSA\", " - "\"kid\": \"9ebf9edb-3a24-48b4-b2cb-21f0cf747ea7\", " - "\"e\": \"AQAB\", " - "\"n\": \"0a5nKJLjaB1xdebYWfhvlhYhgfzkw49HAUIjyvb6fNPKhwlBQMoAS5jM3kI17_OMGrHxL7ZP00OE-24__VWDCAhOQsSvlgCvw2XOOCtSWWLpb03dTrCMFeemqS4S9jrKd3NbUk3UJ2dVb_EIbQEC_BVjZStr_HcCrKsj4AluaQUn09H7TuK0yZFBzZMhJ1J8Yi3nAPkxzdGah0XuWhLObMAvANSVmHzRXwnTDw9Dh_bJ4G1xd1DE7W94uoUlcSDx59aSdzTpQzJh1l3lXc6JRUrXTESYgHpMv0O1n0gbIxX8X1ityBlMiccDjfZIKLnwz6hQObvRtRIpxEdq4SYS-w\" }"; + static const char *JWK + = "{ \"kty\": \"RSA\", " + "\"kid\": \"9ebf9edb-3a24-48b4-b2cb-21f0cf747ea7\", " + "\"e\": \"AQAB\", " + "\"n\": " + "\"0a5nKJLjaB1xdebYWfhvlhYhgfzkw49HAUIjyvb6fNPKhwlBQMoAS5jM3kI17_OMGrHxL7ZP00OE-24__" + "VWDCAhOQsSvlgCvw2XOOCtSWWLpb03dTrCMFeemqS4S9jrKd3NbUk3UJ2dVb_EIbQEC_BVjZStr_" + "HcCrKsj4AluaQUn09H7TuK0yZFBzZMhJ1J8Yi3nAPkxzdGah0XuWhLObMAvANSVmHzRXwnTDw9Dh_" + "bJ4G1xd1DE7W94uoUlcSDx59aSdzTpQzJh1l3lXc6JRUrXTESYgHpMv0O1n0gbIxX8X1ityBlMiccDjfZIKLnwz6hQObvRtRIpxEdq4SYS-w\" }"; cjose_jwk_t *jwk = cjose_jwk_import(JWK, strlen(JWK), &err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // set header for JWS with bad alg hdr = cjose_header_new(&err); - ck_assert_msg( - cjose_header_set(hdr, CJOSE_HDR_ALG, "Cayley-Purser", &err), - "cjose_header_set failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(cjose_header_set(hdr, CJOSE_HDR_ALG, "Cayley-Purser", &err), "cjose_header_set failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // create a JWS jws = cjose_jws_sign(jwk, hdr, plain, plain_len, &err); ck_assert_msg(NULL == jws, "cjose_jws_sign created with bad header"); - ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, - "cjose_jws_sign returned bad err.code (%zu:%s)", - err.code, - err.message); + ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, "cjose_jws_sign returned bad err.code (%zu:%s)", err.code, err.message); cjose_header_release(hdr); cjose_jwk_release(jwk); } END_TEST - START_TEST(test_cjose_jws_sign_with_bad_key) { cjose_err err; cjose_header_t *hdr = NULL; cjose_jws_t *jws = NULL; - static const char *plain = - "The mind is everything. What you think you become."; + static const char *plain = "The mind is everything. What you think you become."; size_t plain_len = strlen(plain); // some bad keys to test with @@ -276,7 +278,11 @@ START_TEST(test_cjose_jws_sign_with_bad_key) "{ \"kty\": \"RSA\", " "\"kid\": \"9ebf9edb-3a24-48b4-b2cb-21f0cf747ea7\", " "\"e\": \"AQAB\", " - "\"n\": \"0a5nKJLjaB1xdebYWfhvlhYhgfzkw49HAUIjyvb6fNPKhwlBQMoAS5jM3kI17_OMGrHxL7ZP00OE-24__VWDCAhOQsSvlgCvw2XOOCtSWWLpb03dTrCMFeemqS4S9jrKd3NbUk3UJ2dVb_EIbQEC_BVjZStr_HcCrKsj4AluaQUn09H7TuK0yZFBzZMhJ1J8Yi3nAPkxzdGah0XuWhLObMAvANSVmHzRXwnTDw9Dh_bJ4G1xd1DE7W94uoUlcSDx59aSdzTpQzJh1l3lXc6JRUrXTESYgHpMv0O1n0gbIxX8X1ityBlMiccDjfZIKLnwz6hQObvRtRIpxEdq4SYS-w\" }", + "\"n\": " + "\"0a5nKJLjaB1xdebYWfhvlhYhgfzkw49HAUIjyvb6fNPKhwlBQMoAS5jM3kI17_OMGrHxL7ZP00OE-24__" + "VWDCAhOQsSvlgCvw2XOOCtSWWLpb03dTrCMFeemqS4S9jrKd3NbUk3UJ2dVb_EIbQEC_BVjZStr_" + "HcCrKsj4AluaQUn09H7TuK0yZFBzZMhJ1J8Yi3nAPkxzdGah0XuWhLObMAvANSVmHzRXwnTDw9Dh_" + "bJ4G1xd1DE7W94uoUlcSDx59aSdzTpQzJh1l3lXc6JRUrXTESYgHpMv0O1n0gbIxX8X1ityBlMiccDjfZIKLnwz6hQObvRtRIpxEdq4SYS-w\" }", // currently unsupported key type (EC) "{ \"kty\": \"EC\", \"crv\": \"P-256\", " @@ -289,27 +295,21 @@ START_TEST(test_cjose_jws_sign_with_bad_key) // set header for JWS hdr = cjose_header_new(&err); - ck_assert_msg( - cjose_header_set(hdr, CJOSE_HDR_ALG, CJOSE_HDR_ALG_PS256, &err), - "cjose_header_set failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(cjose_header_set(hdr, CJOSE_HDR_ALG, CJOSE_HDR_ALG_PS256, &err), "cjose_header_set failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // attempt signion with each bad key for (int i = 0; NULL != JWK_BAD[i]; ++i) { - cjose_jwk_t *jwk = cjose_jwk_import( - JWK_BAD[i], strlen(JWK_BAD[i]), &err); + cjose_jwk_t *jwk = cjose_jwk_import(JWK_BAD[i], strlen(JWK_BAD[i]), &err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); jws = cjose_jws_sign(jwk, hdr, plain, plain_len, &err); ck_assert_msg(NULL == jws, "cjose_jws_sign created with bad key"); - ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, - "%d cjose_jws_sign returned bad err.code (%zu:%s)", - i, - err.code, + ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, "%d cjose_jws_sign returned bad err.code (%zu:%s)", i, err.code, err.message); cjose_jwk_release(jwk); @@ -317,61 +317,56 @@ START_TEST(test_cjose_jws_sign_with_bad_key) jws = cjose_jws_sign(NULL, hdr, plain, plain_len, &err); ck_assert_msg(NULL == jws, "cjose_jws_sign created with bad key"); - ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, - "cjose_jws_sign returned bad err.code (%zu:%s)", - err.code, - err.message); + ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, "cjose_jws_sign returned bad err.code (%zu:%s)", err.code, err.message); cjose_header_release(hdr); } END_TEST - START_TEST(test_cjose_jws_sign_with_bad_content) { cjose_err err; cjose_header_t *hdr = NULL; cjose_jws_t *jws = NULL; - static const char *JWK = - "{ \"kty\": \"RSA\", " - "\"e\": \"AQAB\", " - "\"n\": \"0a5nKJLjaB1xdebYWfhvlhYhgfzkw49HAUIjyvb6fNPKhwlBQMoAS5jM3kI17_OMGrHxL7ZP00OE-24__VWDCAhOQsSvlgCvw2XOOCtSWWLpb03dTrCMFeemqS4S9jrKd3NbUk3UJ2dVb_EIbQEC_BVjZStr_HcCrKsj4AluaQUn09H7TuK0yZFBzZMhJ1J8Yi3nAPkxzdGah0XuWhLObMAvANSVmHzRXwnTDw9Dh_bJ4G1xd1DE7W94uoUlcSDx59aSdzTpQzJh1l3lXc6JRUrXTESYgHpMv0O1n0gbIxX8X1ityBlMiccDjfZIKLnwz6hQObvRtRIpxEdq4SYS-w\", " - "\"kid\": \"9ebf9edb-3a24-48b4-b2cb-21f0cf747ea7\", " - "\"d\": \"B1vTivz8th6yaKzdUusBH4dPTbyOWr6gg07K6siYKeFU7kBI5fkw4XZPWk2AjxdBB37PNBl127g25owL-twRaSrBdF5quxzzDix4fEgo77Ik9x8IcUaI5AvpMW7Ig5O0n1SRE-ZfV7KssO0Imqq6bBZkEpzfgVC760tmSuqJ0W2on8eWzi36zuKru9qA5uo7L8w9I5rzqY7XEaak0PYFi5zB1BkpI83tN2bBP2jPsym9lMP4fbf-duHgu0s9H4mDeQFyb7OuI_P7AyH3V3qhUAvk37w-HNL-17g7OBYsZK5jMwa7LobO8Tw0ZdPk5u6dWKdmiWOUUScQVAqtaDjRIQ\" }"; + static const char *JWK + = "{ \"kty\": \"RSA\", " + "\"e\": \"AQAB\", " + "\"n\": " + "\"0a5nKJLjaB1xdebYWfhvlhYhgfzkw49HAUIjyvb6fNPKhwlBQMoAS5jM3kI17_OMGrHxL7ZP00OE-24__" + "VWDCAhOQsSvlgCvw2XOOCtSWWLpb03dTrCMFeemqS4S9jrKd3NbUk3UJ2dVb_EIbQEC_BVjZStr_" + "HcCrKsj4AluaQUn09H7TuK0yZFBzZMhJ1J8Yi3nAPkxzdGah0XuWhLObMAvANSVmHzRXwnTDw9Dh_" + "bJ4G1xd1DE7W94uoUlcSDx59aSdzTpQzJh1l3lXc6JRUrXTESYgHpMv0O1n0gbIxX8X1ityBlMiccDjfZIKLnwz6hQObvRtRIpxEdq4SYS-w\", " + "\"kid\": \"9ebf9edb-3a24-48b4-b2cb-21f0cf747ea7\", " + "\"d\": " + "\"B1vTivz8th6yaKzdUusBH4dPTbyOWr6gg07K6siYKeFU7kBI5fkw4XZPWk2AjxdBB37PNBl127g25owL-" + "twRaSrBdF5quxzzDix4fEgo77Ik9x8IcUaI5AvpMW7Ig5O0n1SRE-" + "ZfV7KssO0Imqq6bBZkEpzfgVC760tmSuqJ0W2on8eWzi36zuKru9qA5uo7L8w9I5rzqY7XEaak0PYFi5zB1BkpI83tN2bBP2jPsym9lMP4fbf-" + "duHgu0s9H4mDeQFyb7OuI_P7AyH3V3qhUAvk37w-HNL-17g7OBYsZK5jMwa7LobO8Tw0ZdPk5u6dWKdmiWOUUScQVAqtaDjRIQ\" }"; // import the key cjose_jwk_t *jwk = cjose_jwk_import(JWK, strlen(JWK), &err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // set header for JWS hdr = cjose_header_new(&err); - ck_assert_msg( - cjose_header_set(hdr, CJOSE_HDR_ALG, CJOSE_HDR_ALG_PS256, &err), - "cjose_header_set failed"); + ck_assert_msg(cjose_header_set(hdr, CJOSE_HDR_ALG, CJOSE_HDR_ALG_PS256, &err), "cjose_header_set failed"); jws = cjose_jws_sign(jwk, hdr, NULL, 1024, &err); ck_assert_msg(NULL == jws, "cjose_jws_sign created with NULL plaintext"); - ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, - "cjose_jws_sign returned bad err.code (%zu:%s)", - err.code, - err.message); + ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, "cjose_jws_sign returned bad err.code (%zu:%s)", err.code, err.message); jws = cjose_jws_sign(jwk, hdr, NULL, 0, &err); ck_assert_msg(NULL == jws, "cjose_jws_sign created with NULL plaintext"); - ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, - "cjose_jws_sign returned bad err.code (%zu:%s)", - err.code, - err.message); + ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, "cjose_jws_sign returned bad err.code (%zu:%s)", err.code, err.message); cjose_jwk_release(jwk); cjose_header_release(hdr); } END_TEST - START_TEST(test_cjose_jws_import_export_compare) { cjose_err err; @@ -379,63 +374,70 @@ START_TEST(test_cjose_jws_import_export_compare) // import the common key cjose_jwk_t *jwk = cjose_jwk_import(JWK_COMMON, strlen(JWK_COMMON), &err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // import the jws created with the common key cjose_jws_t *jws = cjose_jws_import(JWS_COMMON, strlen(JWS_COMMON), &err); ck_assert_msg(NULL != jws, "cjose_jws_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // re-export the jws object const char *cser = NULL; - ck_assert_msg( - cjose_jws_export(jws, &cser, &err), - "re-export of imported JWS faied: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(cjose_jws_export(jws, &cser, &err), "re-export of imported JWS faied: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // compare the re-export to the original serialization - ck_assert_msg( - strncmp(JWS_COMMON, cser, strlen(JWS_COMMON)) == 0, - "export of imported JWS doesn't match original"); + ck_assert_msg(strncmp(JWS_COMMON, cser, strlen(JWS_COMMON)) == 0, "export of imported JWS doesn't match original"); cjose_jwk_release(jwk); cjose_jws_release(jws); } END_TEST - START_TEST(test_cjose_jws_import_invalid_serialization) { cjose_err err; - static const char *JWS_BAD[] = { - "eyAiYWxnIjogIkhTMjU2IiB9.SWYgeW91IHJldmVhbCB5b3VyIHNlY3JldHMgdG8gdGhlIHdpbmQsIHlvdSBzaG91bGQgbm90IGJsYW1lIHRoZSB3aW5kIGZvciByZXZlYWxpbmcgdGhlbSB0byB0aGUgdHJlZXMuIOKAlCBLYWhsaWwgR2licmFu.KR6Ax37YPaVYjX56frkw_-cn43uBrGFj28sUCHfnQ5hq8SbxpwbsjvqT-TUUqjAa8QGAV9dVcSQzYDE1sJjvAYlpjWVb_ksiWaNo9CuoT14V08Q9kbfMlSncDS7bTILU6ywYVXnU2-X6I-_M0s2JCE8Mx4nBoUcZXtjlh2mn4iNpshG4N3EiCbCMZnHc4wRo5Pwt3GpppyutpLZlpBcXKJk42dNpKvQnxzYulig6OIgNwv6c9SEW-3qG2FJW-eFcTuFSCnAqTYBU2V-l5pa2huoHzbwHp2PeXANz4ckyJ1SGVGHHjEPIr5UXBS2HfSTxVVLHZzm1NXDs9_mqzCtpvg.x", - "eyAiYWxnIjogIkhTMjU2IiB9.SWYgeW91IHJldmVhbCB5b3VyIHNlY3JldHMgdG8gdGhlIHdpbmQsIHlvdSBzaG91bGQgbm90IGJsYW1lIHRoZSB3aW5kIGZvciByZXZlYWxpbmcgdGhlbSB0byB0aGUgdHJlZXMuIOKAlCBLYWhsaWwgR2licmFu.KR6Ax37YPaVYjX56frkw_-cn43uBrGFj28sUCHfnQ5hq8SbxpwbsjvqT-TUUqjAa8QGAV9dVcSQzYDE1sJjvAYlpjWVb_ksiWaNo9CuoT14V08Q9kbfMlSncDS7bTILU6ywYVXnU2-X6I-_M0s2JCE8Mx4nBoUcZXtjlh2mn4iNpshG4N3EiCbCMZnHc4wRo5Pwt3GpppyutpLZlpBcXKJk42dNpKvQnxzYulig6OIgNwv6c9SEW-3qG2FJW-eFcTuFSCnAqTYBU2V-l5pa2huoHzbwHp2PeXANz4ckyJ1SGVGHHjEPIr5UXBS2HfSTxVVLHZzm1NXDs9_mqzCtpvg.", - "eyAiYWxnIjogIkhTMjU2IiB9..SWYgeW91IHJldmVhbCB5b3VyIHNlY3JldHMgdG8gdGhlIHdpbmQsIHlvdSBzaG91bGQgbm90IGJsYW1lIHRoZSB3aW5kIGZvciByZXZlYWxpbmcgdGhlbSB0byB0aGUgdHJlZXMuIOKAlCBLYWhsaWwgR2licmFu.KR6Ax37YPaVYjX56frkw_-cn43uBrGFj28sUCHfnQ5hq8SbxpwbsjvqT-TUUqjAa8QGAV9dVcSQzYDE1sJjvAYlpjWVb_ksiWaNo9CuoT14V08Q9kbfMlSncDS7bTILU6ywYVXnU2-X6I-_M0s2JCE8Mx4nBoUcZXtjlh2mn4iNpshG4N3EiCbCMZnHc4wRo5Pwt3GpppyutpLZlpBcXKJk42dNpKvQnxzYulig6OIgNwv6c9SEW-3qG2FJW-eFcTuFSCnAqTYBU2V-l5pa2huoHzbwHp2PeXANz4ckyJ1SGVGHHjEPIr5UXBS2HfSTxVVLHZzm1NXDs9_mqzCtpvg", - ".eyAiYWxnIjogIkhTMjU2IiB9.SWYgeW91IHJldmVhbCB5b3VyIHNlY3JldHMgdG8gdGhlIHdpbmQsIHlvdSBzaG91bGQgbm90IGJsYW1lIHRoZSB3aW5kIGZvciByZXZlYWxpbmcgdGhlbSB0byB0aGUgdHJlZXMuIOKAlCBLYWhsaWwgR2licmFu.KR6Ax37YPaVYjX56frkw_-cn43uBrGFj28sUCHfnQ5hq8SbxpwbsjvqT-TUUqjAa8QGAV9dVcSQzYDE1sJjvAYlpjWVb_ksiWaNo9CuoT14V08Q9kbfMlSncDS7bTILU6ywYVXnU2-X6I-_M0s2JCE8Mx4nBoUcZXtjlh2mn4iNpshG4N3EiCbCMZnHc4wRo5Pwt3GpppyutpLZlpBcXKJk42dNpKvQnxzYulig6OIgNwv6c9SEW-3qG2FJW-eFcTuFSCnAqTYBU2V-l5pa2huoHzbwHp2PeXANz4ckyJ1SGVGHHjEPIr5UXBS2HfSTxVVLHZzm1NXDs9_mqzCtpvg", - "AAAA.BBBB", - "AAAA", - "", - "..", - NULL - }; + static const char *JWS_BAD[] + = { "eyAiYWxnIjogIkhTMjU2IiB9." + "SWYgeW91IHJldmVhbCB5b3VyIHNlY3JldHMgdG8gdGhlIHdpbmQsIHlvdSBzaG91bGQgbm90IGJsYW1lIHRoZSB3aW5kIGZvciByZXZlYWxpbmcgdGhlbS" + "B0byB0aGUgdHJlZXMuIOKAlCBLYWhsaWwgR2licmFu.KR6Ax37YPaVYjX56frkw_-cn43uBrGFj28sUCHfnQ5hq8SbxpwbsjvqT-" + "TUUqjAa8QGAV9dVcSQzYDE1sJjvAYlpjWVb_ksiWaNo9CuoT14V08Q9kbfMlSncDS7bTILU6ywYVXnU2-X6I-_" + "M0s2JCE8Mx4nBoUcZXtjlh2mn4iNpshG4N3EiCbCMZnHc4wRo5Pwt3GpppyutpLZlpBcXKJk42dNpKvQnxzYulig6OIgNwv6c9SEW-3qG2FJW-" + "eFcTuFSCnAqTYBU2V-l5pa2huoHzbwHp2PeXANz4ckyJ1SGVGHHjEPIr5UXBS2HfSTxVVLHZzm1NXDs9_mqzCtpvg.x", + "eyAiYWxnIjogIkhTMjU2IiB9." + "SWYgeW91IHJldmVhbCB5b3VyIHNlY3JldHMgdG8gdGhlIHdpbmQsIHlvdSBzaG91bGQgbm90IGJsYW1lIHRoZSB3aW5kIGZvciByZXZlYWxpbmcgdGhlbS" + "B0byB0aGUgdHJlZXMuIOKAlCBLYWhsaWwgR2licmFu.KR6Ax37YPaVYjX56frkw_-cn43uBrGFj28sUCHfnQ5hq8SbxpwbsjvqT-" + "TUUqjAa8QGAV9dVcSQzYDE1sJjvAYlpjWVb_ksiWaNo9CuoT14V08Q9kbfMlSncDS7bTILU6ywYVXnU2-X6I-_" + "M0s2JCE8Mx4nBoUcZXtjlh2mn4iNpshG4N3EiCbCMZnHc4wRo5Pwt3GpppyutpLZlpBcXKJk42dNpKvQnxzYulig6OIgNwv6c9SEW-3qG2FJW-" + "eFcTuFSCnAqTYBU2V-l5pa2huoHzbwHp2PeXANz4ckyJ1SGVGHHjEPIr5UXBS2HfSTxVVLHZzm1NXDs9_mqzCtpvg.", + "eyAiYWxnIjogIkhTMjU2IiB9.." + "SWYgeW91IHJldmVhbCB5b3VyIHNlY3JldHMgdG8gdGhlIHdpbmQsIHlvdSBzaG91bGQgbm90IGJsYW1lIHRoZSB3aW5kIGZvciByZXZlYWxpbmcgdGhlbS" + "B0byB0aGUgdHJlZXMuIOKAlCBLYWhsaWwgR2licmFu.KR6Ax37YPaVYjX56frkw_-cn43uBrGFj28sUCHfnQ5hq8SbxpwbsjvqT-" + "TUUqjAa8QGAV9dVcSQzYDE1sJjvAYlpjWVb_ksiWaNo9CuoT14V08Q9kbfMlSncDS7bTILU6ywYVXnU2-X6I-_" + "M0s2JCE8Mx4nBoUcZXtjlh2mn4iNpshG4N3EiCbCMZnHc4wRo5Pwt3GpppyutpLZlpBcXKJk42dNpKvQnxzYulig6OIgNwv6c9SEW-3qG2FJW-" + "eFcTuFSCnAqTYBU2V-l5pa2huoHzbwHp2PeXANz4ckyJ1SGVGHHjEPIr5UXBS2HfSTxVVLHZzm1NXDs9_mqzCtpvg", + ".eyAiYWxnIjogIkhTMjU2IiB9." + "SWYgeW91IHJldmVhbCB5b3VyIHNlY3JldHMgdG8gdGhlIHdpbmQsIHlvdSBzaG91bGQgbm90IGJsYW1lIHRoZSB3aW5kIGZvciByZXZlYWxpbmcgdGhlbS" + "B0byB0aGUgdHJlZXMuIOKAlCBLYWhsaWwgR2licmFu.KR6Ax37YPaVYjX56frkw_-cn43uBrGFj28sUCHfnQ5hq8SbxpwbsjvqT-" + "TUUqjAa8QGAV9dVcSQzYDE1sJjvAYlpjWVb_ksiWaNo9CuoT14V08Q9kbfMlSncDS7bTILU6ywYVXnU2-X6I-_" + "M0s2JCE8Mx4nBoUcZXtjlh2mn4iNpshG4N3EiCbCMZnHc4wRo5Pwt3GpppyutpLZlpBcXKJk42dNpKvQnxzYulig6OIgNwv6c9SEW-3qG2FJW-" + "eFcTuFSCnAqTYBU2V-l5pa2huoHzbwHp2PeXANz4ckyJ1SGVGHHjEPIr5UXBS2HfSTxVVLHZzm1NXDs9_mqzCtpvg", + "AAAA.BBBB", "AAAA", "", "..", NULL }; for (int i = 0; NULL != JWS_BAD[i]; ++i) { - cjose_jws_t *jws = cjose_jws_import(JWS_BAD[i],strlen(JWS_BAD[i]),&err); + cjose_jws_t *jws = cjose_jws_import(JWS_BAD[i], strlen(JWS_BAD[i]), &err); ck_assert_msg(NULL == jws, "cjose_jws_import of bad JWS succeeded"); - ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, - "cjose_jws_import returned wrong err.code (%zu:%s)", - err.code, + ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, "cjose_jws_import returned wrong err.code (%zu:%s)", err.code, err.message); } } END_TEST - START_TEST(test_cjose_jws_import_get_plain_before_verify) { cjose_err err; @@ -443,22 +445,19 @@ START_TEST(test_cjose_jws_import_get_plain_before_verify) // import the jws created with the common key cjose_jws_t *jws = cjose_jws_import(JWS_COMMON, strlen(JWS_COMMON), &err); ck_assert_msg(NULL != jws, "cjose_jws_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); uint8_t *plaintext = NULL; size_t plaintext_len = 0; - ck_assert_msg( - cjose_jws_get_plaintext(jws, &plaintext, &plaintext_len, &err), - "cjose_jws_get_plaintext before verify failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(cjose_jws_get_plaintext(jws, &plaintext, &plaintext_len, &err), "cjose_jws_get_plaintext before verify failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); cjose_jws_release(jws); } END_TEST - START_TEST(test_cjose_jws_import_get_plain_after_verify) { cjose_err err; @@ -466,40 +465,36 @@ START_TEST(test_cjose_jws_import_get_plain_after_verify) // import the common key cjose_jwk_t *jwk = cjose_jwk_import(JWK_COMMON, strlen(JWK_COMMON), &err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // import the jws created with the common key cjose_jws_t *jws = cjose_jws_import(JWS_COMMON, strlen(JWS_COMMON), &err); ck_assert_msg(NULL != jws, "cjose_jws_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // verify the imported jws ck_assert_msg(cjose_jws_verify(jws, jwk, &err), "cjose_jws_verify failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // get plaintext from imported and verified jws uint8_t *plaintext = NULL; size_t plaintext_len = 0; - ck_assert_msg( - cjose_jws_get_plaintext(jws, &plaintext, &plaintext_len, &err), - "cjose_jws_get_plaintext failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(cjose_jws_get_plaintext(jws, &plaintext, &plaintext_len, &err), "cjose_jws_get_plaintext failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // compare the verified plaintext to the expected value - ck_assert_msg( - strncmp(PLAIN_COMMON, plaintext, strlen(PLAIN_COMMON)) == 0, - "verified plaintext from JWS doesn't match the original"); + ck_assert_msg(strncmp(PLAIN_COMMON, plaintext, strlen(PLAIN_COMMON)) == 0, + "verified plaintext from JWS doesn't match the original"); cjose_jws_release(jws); cjose_jwk_release(jwk); } END_TEST - START_TEST(test_cjose_jws_verify_bad_params) { cjose_err err; @@ -510,7 +505,11 @@ START_TEST(test_cjose_jws_verify_bad_params) // missing private part 'd' needed for signion "{ \"kty\": \"RSA\", " "\"e\": \"AQAB\", " - "\"n\": \"0a5nKJLjaB1xdebYWfhvlhYhgfzkw49HAUIjyvb6fNPKhwlBQMoAS5jM3kI17_OMGrHxL7ZP00OE-24__VWDCAhOQsSvlgCvw2XOOCtSWWLpb03dTrCMFeemqS4S9jrKd3NbUk3UJ2dVb_EIbQEC_BVjZStr_HcCrKsj4AluaQUn09H7TuK0yZFBzZMhJ1J8Yi3nAPkxzdGah0XuWhLObMAvANSVmHzRXwnTDw9Dh_bJ4G1xd1DE7W94uoUlcSDx59aSdzTpQzJh1l3lXc6JRUrXTESYgHpMv0O1n0gbIxX8X1ityBlMiccDjfZIKLnwz6hQObvRtRIpxEdq4SYS-w\", " + "\"n\": " + "\"0a5nKJLjaB1xdebYWfhvlhYhgfzkw49HAUIjyvb6fNPKhwlBQMoAS5jM3kI17_OMGrHxL7ZP00OE-24__" + "VWDCAhOQsSvlgCvw2XOOCtSWWLpb03dTrCMFeemqS4S9jrKd3NbUk3UJ2dVb_EIbQEC_BVjZStr_" + "HcCrKsj4AluaQUn09H7TuK0yZFBzZMhJ1J8Yi3nAPkxzdGah0XuWhLObMAvANSVmHzRXwnTDw9Dh_" + "bJ4G1xd1DE7W94uoUlcSDx59aSdzTpQzJh1l3lXc6JRUrXTESYgHpMv0O1n0gbIxX8X1ityBlMiccDjfZIKLnwz6hQObvRtRIpxEdq4SYS-w\", " "\"kid\": \"9ebf9edb-3a24-48b4-b2cb-21f0cf747ea7\" }", // currently unsupported key type (EC) @@ -525,43 +524,31 @@ START_TEST(test_cjose_jws_verify_bad_params) // import the common key cjose_jwk_t *jwk = cjose_jwk_import(JWK_COMMON, strlen(JWK_COMMON), &err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // import the jws created with the common key cjose_jws_t *jws = cjose_jws_import(JWS_COMMON, strlen(JWS_COMMON), &err); ck_assert_msg(NULL != jws, "cjose_jws_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // try to verify a NULL jws - ck_assert_msg(!cjose_jws_verify(NULL, jwk, &err), - "cjose_jws_verify succeeded with NULL jws"); - ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, - "cjose_jws_verify returned wrong err.code (%zu:%s)", - err.code, - err.message); + ck_assert_msg(!cjose_jws_verify(NULL, jwk, &err), "cjose_jws_verify succeeded with NULL jws"); + ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, "cjose_jws_verify returned wrong err.code (%zu:%s)", err.code, err.message); // try to verify with a NULL jwk - ck_assert_msg(!cjose_jws_verify(jws, NULL, &err), - "cjose_jws_verify succeeded with NULL jwk"); - ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, - "cjose_jws_verify returned wrong err.code (%zu:%s)", - err.code, - err.message); + ck_assert_msg(!cjose_jws_verify(jws, NULL, &err), "cjose_jws_verify succeeded with NULL jwk"); + ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, "cjose_jws_verify returned wrong err.code (%zu:%s)", err.code, err.message); // try to verify with bad/wrong/unsupported keys for (int i = 0; NULL != JWK_BAD[i]; ++i) { - cjose_jwk_t *jwk_bad = cjose_jwk_import( - JWK_BAD[i], strlen(JWK_BAD[i]), &err); + cjose_jwk_t *jwk_bad = cjose_jwk_import(JWK_BAD[i], strlen(JWK_BAD[i]), &err); ck_assert_msg(NULL != jwk_bad, "cjose_jwk_import failed"); - ck_assert_msg(!cjose_jws_verify(jws, NULL, &err), - "cjose_jws_verify succeeded with bad jwk"); - ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, - "cjose_jws_verify returned wrong err.code (%zu:%s)", - err.code, + ck_assert_msg(!cjose_jws_verify(jws, NULL, &err), "cjose_jws_verify succeeded with bad jwk"); + ck_assert_msg(err.code == CJOSE_ERR_INVALID_ARG, "cjose_jws_verify returned wrong err.code (%zu:%s)", err.code, err.message); cjose_jwk_release(jwk_bad); @@ -572,29 +559,28 @@ START_TEST(test_cjose_jws_verify_bad_params) } END_TEST - START_TEST(test_cjose_jws_verify_hs256) { cjose_err err; // https://tools.ietf.org/html/rfc7515#appendix-A.1 - static const char *JWS = - "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"; + static const char *JWS = "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9." + "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ." + "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"; cjose_jws_t *jws = cjose_jws_import(JWS, strlen(JWS), &err); ck_assert_msg(NULL != jws, "cjose_jws_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); - static const char *JWK = - "{ \"kty\": \"oct\", " - "\"k\": \"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow\" }"; + static const char *JWK = "{ \"kty\": \"oct\", " + "\"k\": \"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow\" }"; // import the key cjose_jwk_t *jwk = cjose_jwk_import(JWK, strlen(JWK), &err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // verify the deserialized JWS ck_assert_msg(cjose_jws_verify(jws, jwk, &err), "cjose_jws_verify failed"); @@ -602,177 +588,183 @@ START_TEST(test_cjose_jws_verify_hs256) // get the verified plaintext uint8_t *plain = NULL; size_t plain_len = 0; - ck_assert_msg( - cjose_jws_get_plaintext(jws, &plain, &plain_len, &err), - "cjose_jws_get_plaintext failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(cjose_jws_get_plaintext(jws, &plain, &plain_len, &err), "cjose_jws_get_plaintext failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); - static const char *PLAINTEXT = - "{\"iss\":\"joe\",\r\n" - " \"exp\":1300819380,\r\n" - " \"http://example.com/is_root\":true}"; + static const char *PLAINTEXT = "{\"iss\":\"joe\",\r\n" + " \"exp\":1300819380,\r\n" + " \"http://example.com/is_root\":true}"; // confirm plain == PLAINTEXT - ck_assert_msg( - plain_len == strlen(PLAINTEXT), - "length of verified plaintext does not match length of original, " - "expected: %lu, found: %lu", strlen(PLAINTEXT), plain_len); - ck_assert_msg( - strncmp(PLAINTEXT, plain, plain_len) == 0, - "verified plaintext does not match signed plaintext: %s", plain); + ck_assert_msg(plain_len == strlen(PLAINTEXT), "length of verified plaintext does not match length of original, " + "expected: %lu, found: %lu", + strlen(PLAINTEXT), plain_len); + ck_assert_msg(strncmp(PLAINTEXT, plain, plain_len) == 0, "verified plaintext does not match signed plaintext: %s", plain); cjose_jwk_release(jwk); cjose_jws_release(jws); } END_TEST - START_TEST(test_cjose_jws_verify_rs256) { cjose_err err; // https://tools.ietf.org/html/rfc7515#appendix-A.2 - static const char *JWS = - "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqvhJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrBp0igcN_IoypGlUPQGe77Rw"; + static const char *JWS + = "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ." + "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7AAuHIm4Bh-0Qc_lF5YKt_" + "O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K0GarZRmB_" + "eSN9383LcOLn6_dO--xi12jzDwusC-" + "eOkHWEsqtFZESc6BfI7noOPqvhJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrBp0igcN_IoypGlUPQGe77Rw"; cjose_jws_t *jws_ok = cjose_jws_import(JWS, strlen(JWS), &err); ck_assert_msg(NULL != jws_ok, "cjose_jws_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); - - static const char *JWK = - "{ \"kty\":\"RSA\"," - "\"n\":\"ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddxHmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMsD1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSHSXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ\"," - "\"e\":\"AQAB\"," - "\"d\":\"Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97IjlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYTCBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLhBOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ\"," - "\"p\":\"4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH_5IB3jw3bcxGn6QLvnEtfdUdiYrqBdss1l58BQ3KhooKeQTa9AB0Hw_Py5PJdTJNPY8cQn7ouZ2KKDcmnPGBY5t7yLc1QlQ5xHdwW1VhvKn-nXqhJTBgIPgtldC-KDV5z-y2XDwGUc\"," - "\"q\":\"uQPEfgmVtjL0Uyyx88GZFF1fOunH3-7cepKmtH4pxhtCoHqpWmT8YAmZxaewHgHAjLYsp1ZSe7zFYHj7C6ul7TjeLQeZD_YwD66t62wDmpe_HlB-TnBA-njbglfIsRLtXlnDzQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdc\"," - "\"dp\":\"BwKfV3Akq5_MFZDFZCnW-wzl-CCo83WoZvnLQwCTeDv8uzluRSnm71I3QCLdhrqE2e9YkxvuxdBfpT_PI7Yz-FOKnu1R6HsJeDCjn12Sk3vmAktV2zb34MCdy7cpdTh_YVr7tss2u6vneTwrA86rZtu5Mbr1C1XsmvkxHQAdYo0\"," - "\"dq\":\"h_96-mK1R_7glhsum81dZxjTnYynPbZpHziZjeeHcXYsXaaMwkOlODsWa7I9xXDoRwbKgB719rrmI2oKr6N3Do9U0ajaHF-NKJnwgjMd2w9cjz3_-kyNlxAr2v4IKhGNpmM5iIgOS1VZnOZ68m6_pbLBSp3nssTdlqvd0tIiTHU\"," - "\"qi\":\"IYd7DHOhrWvxkwPQsRM2tOgrjbcrfvtQJipd-DlcxyVuuM9sQLdgjVk2oy26F0EmpScGLq2MowX7fhd_QJQ3ydy5cY7YIBi87w93IKLEdfnbJtoOPLUW0ITrJReOgo1cq9SbsxYawBgfp_gh6A5603k2-ZQwVK0JKSHuLFkuQ3U\" }"; + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); + + static const char *JWK + = "{ \"kty\":\"RSA\"," + "\"n\":\"ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddxHmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-" + "pCgNMsD1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSHSXndS5z5rexMdbBYUsLA9e-KXBdQOS-" + "UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8NAco9_" + "h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ\"," + "\"e\":\"AQAB\"," + "\"d\":\"Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97IjlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-" + "pWJ1O0BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_" + "0ZHHzQlBjudU2QvXt4ehNYTCBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLhBOneufuBiB4cS98l2SR_" + "RQyGWSeWjnczT0QU91p1DhOVRuOopznQ\"," + "\"p\":\"4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH_5IB3jw3bcxGn6QLvnEtfdUdiYrqBdss1l58BQ3KhooKeQTa9AB0Hw_" + "Py5PJdTJNPY8cQn7ouZ2KKDcmnPGBY5t7yLc1QlQ5xHdwW1VhvKn-nXqhJTBgIPgtldC-KDV5z-y2XDwGUc\"," + "\"q\":\"uQPEfgmVtjL0Uyyx88GZFF1fOunH3-7cepKmtH4pxhtCoHqpWmT8YAmZxaewHgHAjLYsp1ZSe7zFYHj7C6ul7TjeLQeZD_YwD66t62wDmpe_HlB-" + "TnBA-njbglfIsRLtXlnDzQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdc\"," + "\"dp\":\"BwKfV3Akq5_MFZDFZCnW-wzl-CCo83WoZvnLQwCTeDv8uzluRSnm71I3QCLdhrqE2e9YkxvuxdBfpT_PI7Yz-" + "FOKnu1R6HsJeDCjn12Sk3vmAktV2zb34MCdy7cpdTh_YVr7tss2u6vneTwrA86rZtu5Mbr1C1XsmvkxHQAdYo0\"," + "\"dq\":\"h_96-mK1R_7glhsum81dZxjTnYynPbZpHziZjeeHcXYsXaaMwkOlODsWa7I9xXDoRwbKgB719rrmI2oKr6N3Do9U0ajaHF-" + "NKJnwgjMd2w9cjz3_-kyNlxAr2v4IKhGNpmM5iIgOS1VZnOZ68m6_pbLBSp3nssTdlqvd0tIiTHU\"," + "\"qi\":\"IYd7DHOhrWvxkwPQsRM2tOgrjbcrfvtQJipd-DlcxyVuuM9sQLdgjVk2oy26F0EmpScGLq2MowX7fhd_" + "QJQ3ydy5cY7YIBi87w93IKLEdfnbJtoOPLUW0ITrJReOgo1cq9SbsxYawBgfp_gh6A5603k2-ZQwVK0JKSHuLFkuQ3U\" }"; // import the key cjose_jwk_t *jwk = cjose_jwk_import(JWK, strlen(JWK), &err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // verify the deserialized JWS ck_assert_msg(cjose_jws_verify(jws_ok, jwk, &err), "cjose_jws_verify failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // get the verified plaintext uint8_t *plain = NULL; size_t plain_len = 0; - ck_assert_msg( - cjose_jws_get_plaintext(jws_ok, &plain, &plain_len, &err), - "cjose_jws_get_plaintext failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(cjose_jws_get_plaintext(jws_ok, &plain, &plain_len, &err), "cjose_jws_get_plaintext failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); - static const char *PLAINTEXT = - "{\"iss\":\"joe\",\r\n" - " \"exp\":1300819380,\r\n" - " \"http://example.com/is_root\":true}"; + static const char *PLAINTEXT = "{\"iss\":\"joe\",\r\n" + " \"exp\":1300819380,\r\n" + " \"http://example.com/is_root\":true}"; // confirm plain == PLAINTEXT - ck_assert_msg( - plain_len == strlen(PLAINTEXT), - "length of verified plaintext does not match length of original, " - "expected: %lu, found: %lu", strlen(PLAINTEXT), plain_len); - ck_assert_msg( - strncmp(PLAINTEXT, plain, plain_len) == 0, - "verified plaintext does not match signed plaintext: %s", plain); + ck_assert_msg(plain_len == strlen(PLAINTEXT), "length of verified plaintext does not match length of original, " + "expected: %lu, found: %lu", + strlen(PLAINTEXT), plain_len); + ck_assert_msg(strncmp(PLAINTEXT, plain, plain_len) == 0, "verified plaintext does not match signed plaintext: %s", plain); cjose_jws_release(jws_ok); - static const char *JWS_TAMPERED_SIG = - "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqvhJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrBp0igcN_IoypGlUPQGe77RW"; + static const char *JWS_TAMPERED_SIG + = "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ." + "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7AAuHIm4Bh-0Qc_lF5YKt_" + "O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K0GarZRmB_" + "eSN9383LcOLn6_dO--xi12jzDwusC-" + "eOkHWEsqtFZESc6BfI7noOPqvhJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrBp0igcN_IoypGlUPQGe77RW"; cjose_jws_t *jws_ts = cjose_jws_import(JWS_TAMPERED_SIG, strlen(JWS_TAMPERED_SIG), &err); ck_assert_msg(NULL != jws_ts, "cjose_jws_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); - - ck_assert_msg(!cjose_jws_verify(jws_ts, jwk, &err), - "cjose_jws_verify succeeded with tampered signature"); - ck_assert_msg(err.code == CJOSE_ERR_CRYPTO, - "cjose_jws_verify returned wrong err.code (%zu:%s)", - err.code, - err.message); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); + + ck_assert_msg(!cjose_jws_verify(jws_ts, jwk, &err), "cjose_jws_verify succeeded with tampered signature"); + ck_assert_msg(err.code == CJOSE_ERR_CRYPTO, "cjose_jws_verify returned wrong err.code (%zu:%s)", err.code, err.message); cjose_jws_release(jws_ts); - static const char *JWS_TAMPERED_CONTENT = - "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfq.cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqvhJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrBp0igcN_IoypGlUPQGe77Rw"; + static const char *JWS_TAMPERED_CONTENT + = "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfq." + "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7AAuHIm4Bh-0Qc_lF5YKt_" + "O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K0GarZRmB_" + "eSN9383LcOLn6_dO--xi12jzDwusC-" + "eOkHWEsqtFZESc6BfI7noOPqvhJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrBp0igcN_IoypGlUPQGe77Rw"; cjose_jws_t *jws_tc = cjose_jws_import(JWS_TAMPERED_CONTENT, strlen(JWS_TAMPERED_CONTENT), &err); ck_assert_msg(NULL != jws_tc, "cjose_jws_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); - ck_assert_msg(!cjose_jws_verify(jws_tc, jwk, &err), - "cjose_jws_verify succeeded with tampered content"); - ck_assert_msg(err.code == CJOSE_ERR_CRYPTO, - "cjose_jws_verify returned wrong err.code (%zu:%s)", - err.code, - err.message); + ck_assert_msg(!cjose_jws_verify(jws_tc, jwk, &err), "cjose_jws_verify succeeded with tampered content"); + ck_assert_msg(err.code == CJOSE_ERR_CRYPTO, "cjose_jws_verify returned wrong err.code (%zu:%s)", err.code, err.message); cjose_jws_release(jws_tc); cjose_jwk_release(jwk); } END_TEST - START_TEST(test_cjose_jws_verify_rs384) { cjose_err err; - static const char *JWS = - "eyJhbGciOiJSUzM4NCIsImtpZCI6InhrdjNhIn0.eyJzdWIiOiJqb2UiLCJhdWQiOiJhY19vaWNfY2xpZW50IiwianRpIjoiZmp1cXJDMGlmand0MTVjdEE3dWJEOCIsImlzcyI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6OTAzMSIsImlhdCI6MTQ2ODgyODIwNiwiZXhwIjoxNDY4ODI4NTA2LCJub25jZSI6ImpVSmZDeHZ0cGNhcDIxWjJBZ3F5ejRJUFVVVWZ3NElrM2JlVks5blpjSjQifQ.Ir1TaYIybDQxubPA1nRKUVaz4X2D6kMjWJpUzC_kYiBt8BzdINh5uiCNFXeI9LOVP-eSnwa0vlIg2ZcO1MNyiOQtcK71CKFfwA-1LUMrZtOEYkEQjO8YTAK_Bp1LUQ6QSm_jyibUBOHG0mXjdJimwh7Hu8WPOco4RcCXx-LgT55L5ewYReXPC4rNKTm3e3uvwkBs0KcL7CjgMlf6K9AbITwpIHxVFX4s6mlb-nlhXZ6pVapkREzvpLxC1JWQIN4Bf4KHv5tMKvjGGvMx-l3FTMQ1ZP-TkuzhN2ZdOE6LynqeNS9uo9qEa4zRM8HLD6-WM6e23y2ph_dHgNasVXa2bQ"; + static const char *JWS = "eyJhbGciOiJSUzM4NCIsImtpZCI6InhrdjNhIn0." + "eyJzdWIiOiJqb2UiLCJhdWQiOiJhY19vaWNfY2xpZW50IiwianRpIjoiZmp1cXJDMGlmand0MTVjdEE3dWJEOCIsImlzcyI6Imh0d" + "HBzOlwvXC9sb2NhbGhvc3Q6OTAzMSIsImlhdCI6MTQ2ODgyODIwNiwiZXhwIjoxNDY4ODI4NTA2LCJub25jZSI6ImpVSmZDeHZ0cG" + "NhcDIxWjJBZ3F5ejRJUFVVVWZ3NElrM2JlVks5blpjSjQifQ.Ir1TaYIybDQxubPA1nRKUVaz4X2D6kMjWJpUzC_" + "kYiBt8BzdINh5uiCNFXeI9LOVP-eSnwa0vlIg2ZcO1MNyiOQtcK71CKFfwA-1LUMrZtOEYkEQjO8YTAK_Bp1LUQ6QSm_" + "jyibUBOHG0mXjdJimwh7Hu8WPOco4RcCXx-LgT55L5ewYReXPC4rNKTm3e3uvwkBs0KcL7CjgMlf6K9AbITwpIHxVFX4s6mlb-" + "nlhXZ6pVapkREzvpLxC1JWQIN4Bf4KHv5tMKvjGGvMx-l3FTMQ1ZP-TkuzhN2ZdOE6LynqeNS9uo9qEa4zRM8HLD6-WM6e23y2ph_" + "dHgNasVXa2bQ"; cjose_jws_t *jws = cjose_jws_import(JWS, strlen(JWS), &err); ck_assert_msg(NULL != jws, "cjose_jws_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); - static const char *JWK = - "{ \"kty\":\"RSA\"," - "\"n\":\"u-kRzaNkYQXZWtfADCiOC_uGl1Fti_dolgzJgaZdOVpAE4zXbOgfJzm9wQK3IY7K1kFMD7p1bjamWXPOKgKKzqQwdLUOnq-zgTGga06wR1xGO4luEvRojsYp-eGlgpLCOW2uhzknh6s9JLsfcJ2vzz6LD9omgMY3-JSGS71ECR78yTXAxUnyeoUr_tlFDhDi31uAmXnyP_O89uqzGn2ZeVFdMPEpdaJCndpuW_zj6jDBFcOlkn6IC_O9UxQH9aEtctkaVdhB5Zw2mP5DWf81f8v8XfScrqn2IVtNcbBWPnHDcRSZPXx1vuN9T083w8_3wyb3YbTYlcRyvFN703FxsQ\"," - "\"e\":\"AQAB\" }"; + static const char *JWK + = "{ \"kty\":\"RSA\"," + "\"n\":\"u-kRzaNkYQXZWtfADCiOC_uGl1Fti_dolgzJgaZdOVpAE4zXbOgfJzm9wQK3IY7K1kFMD7p1bjamWXPOKgKKzqQwdLUOnq-" + "zgTGga06wR1xGO4luEvRojsYp-eGlgpLCOW2uhzknh6s9JLsfcJ2vzz6LD9omgMY3-JSGS71ECR78yTXAxUnyeoUr_tlFDhDi31uAmXnyP_" + "O89uqzGn2ZeVFdMPEpdaJCndpuW_zj6jDBFcOlkn6IC_O9UxQH9aEtctkaVdhB5Zw2mP5DWf81f8v8XfScrqn2IVtNcbBWPnHDcRSZPXx1vuN9T083w8_" + "3wyb3YbTYlcRyvFN703FxsQ\"," + "\"e\":\"AQAB\" }"; // import the key cjose_jwk_t *jwk = cjose_jwk_import(JWK, strlen(JWK), &err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // verify the deserialized JWS ck_assert_msg(cjose_jws_verify(jws, jwk, &err), "cjose_jws_verify failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // get the verified plaintext uint8_t *plain = NULL; size_t plain_len = 0; - ck_assert_msg( - cjose_jws_get_plaintext(jws, &plain, &plain_len, &err), - "cjose_jws_get_plaintext failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(cjose_jws_get_plaintext(jws, &plain, &plain_len, &err), "cjose_jws_get_plaintext failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); - static const char *PLAINTEXT = - "{\"sub\":\"joe\",\"aud\":\"ac_oic_client\",\"jti\":\"fjuqrC0ifjwt15ctA7ubD8\",\"iss\":\"https:\\/\\/localhost:9031\",\"iat\":1468828206,\"exp\":1468828506,\"nonce\":\"jUJfCxvtpcap21Z2Agqyz4IPUUUfw4Ik3beVK9nZcJ4\"}"; + static const char *PLAINTEXT + = "{\"sub\":\"joe\",\"aud\":\"ac_oic_client\",\"jti\":\"fjuqrC0ifjwt15ctA7ubD8\",\"iss\":\"https:\\/\\/" + "localhost:9031\",\"iat\":1468828206,\"exp\":1468828506,\"nonce\":\"jUJfCxvtpcap21Z2Agqyz4IPUUUfw4Ik3beVK9nZcJ4\"}"; // confirm plain == PLAINTEXT - ck_assert_msg( - plain_len == strlen(PLAINTEXT), - "length of verified plaintext does not match length of original, " - "expected: %lu, found: %lu", strlen(PLAINTEXT), plain_len); - ck_assert_msg( - strncmp(PLAINTEXT, plain, plain_len) == 0, - "verified plaintext does not match signed plaintext: %s", plain); + ck_assert_msg(plain_len == strlen(PLAINTEXT), "length of verified plaintext does not match length of original, " + "expected: %lu, found: %lu", + strlen(PLAINTEXT), plain_len); + ck_assert_msg(strncmp(PLAINTEXT, plain, plain_len) == 0, "verified plaintext does not match signed plaintext: %s", plain); cjose_jwk_release(jwk); cjose_jws_release(jws); @@ -783,86 +775,82 @@ START_TEST(test_cjose_jws_verify_ec256) { cjose_err err; - static const char *JWS = - "eyJhbGciOiJFUzI1NiIsImtpZCI6Img0aDkzIn0.eyJzdWIiOiJqb2UiLCJhdWQiOiJhY19vaWNfY2xpZW50IiwianRpIjoiZGV0blVpU2FTS0lpSUFvdHZ0ZzV3VyIsImlzcyI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6OTAzMSIsImlhdCI6MTQ2OTAzMDk1MCwiZXhwIjoxNDY5MDMxMjUwLCJub25jZSI6Im8zNU8wMi1WM0poSXJ1SkdHSlZVOGpUUGg2LUhKUTgzWEpmQXBZTGtrZHcifQ.o9bb_yW6-h9lPser01eYoK-VMlJoUabKFQ9tT_KdgMHlqRqTa4isqFqXllViDdUIQoHGMMP7Qms565YKSCS3iA"; + static const char *JWS = "eyJhbGciOiJFUzI1NiIsImtpZCI6Img0aDkzIn0." + "eyJzdWIiOiJqb2UiLCJhdWQiOiJhY19vaWNfY2xpZW50IiwianRpIjoiZGV0blVpU2FTS0lpSUFvdHZ0ZzV3VyIsImlzcyI6Imh0d" + "HBzOlwvXC9sb2NhbGhvc3Q6OTAzMSIsImlhdCI6MTQ2OTAzMDk1MCwiZXhwIjoxNDY5MDMxMjUwLCJub25jZSI6Im8zNU8wMi1WM0" + "poSXJ1SkdHSlZVOGpUUGg2LUhKUTgzWEpmQXBZTGtrZHcifQ.o9bb_yW6-h9lPser01eYoK-VMlJoUabKFQ9tT_" + "KdgMHlqRqTa4isqFqXllViDdUIQoHGMMP7Qms565YKSCS3iA"; cjose_jws_t *jws_ok = cjose_jws_import(JWS, strlen(JWS), &err); ck_assert_msg(NULL != jws_ok, "cjose_jws_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); - static const char *JWK = - "{ \"kty\": \"EC\"," - "\"kid\": \"h4h93\"," - "\"use\": \"sig\"," - "\"x\": \"qcZ8jiBDygzf1XMWNN3jS7qT3DDslHOYvaa6XHMxShw\"," - "\"y\": \"vMcP1OkZsSNaFN6MHrdApLdtLPWo8RnNflgP3DAbcfY\"," - "\"crv\": \"P-256\" }"; + static const char *JWK = "{ \"kty\": \"EC\"," + "\"kid\": \"h4h93\"," + "\"use\": \"sig\"," + "\"x\": \"qcZ8jiBDygzf1XMWNN3jS7qT3DDslHOYvaa6XHMxShw\"," + "\"y\": \"vMcP1OkZsSNaFN6MHrdApLdtLPWo8RnNflgP3DAbcfY\"," + "\"crv\": \"P-256\" }"; // import the key cjose_jwk_t *jwk = cjose_jwk_import(JWK, strlen(JWK), &err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // verify the deserialized JWS ck_assert_msg(cjose_jws_verify(jws_ok, jwk, &err), "cjose_jws_verify failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // get the verified plaintext uint8_t *plain = NULL; size_t plain_len = 0; - ck_assert_msg( - cjose_jws_get_plaintext(jws_ok, &plain, &plain_len, &err), - "cjose_jws_get_plaintext failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(cjose_jws_get_plaintext(jws_ok, &plain, &plain_len, &err), "cjose_jws_get_plaintext failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); - static const char *PLAINTEXT = - "{\"sub\":\"joe\",\"aud\":\"ac_oic_client\",\"jti\":\"detnUiSaSKIiIAotvtg5wW\",\"iss\":\"https:\\/\\/localhost:9031\",\"iat\":1469030950,\"exp\":1469031250,\"nonce\":\"o35O02-V3JhIruJGGJVU8jTPh6-HJQ83XJfApYLkkdw\"}"; + static const char *PLAINTEXT + = "{\"sub\":\"joe\",\"aud\":\"ac_oic_client\",\"jti\":\"detnUiSaSKIiIAotvtg5wW\",\"iss\":\"https:\\/\\/" + "localhost:9031\",\"iat\":1469030950,\"exp\":1469031250,\"nonce\":\"o35O02-V3JhIruJGGJVU8jTPh6-HJQ83XJfApYLkkdw\"}"; // confirm plain == PLAINTEXT - ck_assert_msg( - plain_len == strlen(PLAINTEXT), - "length of verified plaintext does not match length of original, " - "expected: %lu, found: %lu", strlen(PLAINTEXT), plain_len); - ck_assert_msg( - strncmp(PLAINTEXT, plain, plain_len) == 0, - "verified plaintext does not match signed plaintext: %s", plain); + ck_assert_msg(plain_len == strlen(PLAINTEXT), "length of verified plaintext does not match length of original, " + "expected: %lu, found: %lu", + strlen(PLAINTEXT), plain_len); + ck_assert_msg(strncmp(PLAINTEXT, plain, plain_len) == 0, "verified plaintext does not match signed plaintext: %s", plain); cjose_jws_release(jws_ok); - static const char *JWS_TAMPERED_SIG = - "eyJhbGciOiJFUzI1NiIsImtpZCI6Img0aDkzIn0.eyJzdWIiOiJqb2UiLCJhdWQiOiJhY19vaWNfY2xpZW50IiwianRpIjoiZGV0blVpU2FTS0lpSUFvdHZ0ZzV3VyIsImlzcyI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6OTAzMSIsImlhdCI6MTQ2OTAzMDk1MCwiZXhwIjoxNDY5MDMxMjUwLCJub25jZSI6Im8zNU8wMi1WM0poSXJ1SkdHSlZVOGpUUGg2LUhKUTgzWEpmQXBZTGtrZHcifQ.o9bb_yW6-h9lPser01eYoK-VMlJoUabKFQ9tT_KdgMHlqRqTa4isqFqXllViDdUIQoHGMMP7Qms565YKSCS3ia"; + static const char *JWS_TAMPERED_SIG = "eyJhbGciOiJFUzI1NiIsImtpZCI6Img0aDkzIn0." + "eyJzdWIiOiJqb2UiLCJhdWQiOiJhY19vaWNfY2xpZW50IiwianRpIjoiZGV0blVpU2FTS0lpSUFvdHZ0ZzV3VyIs" + "ImlzcyI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6OTAzMSIsImlhdCI6MTQ2OTAzMDk1MCwiZXhwIjoxNDY5MDMxMjUw" + "LCJub25jZSI6Im8zNU8wMi1WM0poSXJ1SkdHSlZVOGpUUGg2LUhKUTgzWEpmQXBZTGtrZHcifQ.o9bb_yW6-" + "h9lPser01eYoK-VMlJoUabKFQ9tT_KdgMHlqRqTa4isqFqXllViDdUIQoHGMMP7Qms565YKSCS3ia"; cjose_jws_t *jws_ts = cjose_jws_import(JWS_TAMPERED_SIG, strlen(JWS_TAMPERED_SIG), &err); ck_assert_msg(NULL != jws_ts, "cjose_jws_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); - - ck_assert_msg(!cjose_jws_verify(jws_ts, jwk, &err), - "cjose_jws_verify succeeded with tampered signature"); - ck_assert_msg(err.code == CJOSE_ERR_CRYPTO, - "cjose_jws_verify returned wrong err.code (%zu:%s)", - err.code, - err.message); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); + + ck_assert_msg(!cjose_jws_verify(jws_ts, jwk, &err), "cjose_jws_verify succeeded with tampered signature"); + ck_assert_msg(err.code == CJOSE_ERR_CRYPTO, "cjose_jws_verify returned wrong err.code (%zu:%s)", err.code, err.message); cjose_jws_release(jws_ts); - static const char *JWS_TAMPERED_CONTENT = - "eyJhbGciOiJFUzI1NiIsImtpZCI6Img0aDkzIn0.eyJzdWIiOiJqb2UiLCJhdWQiOiJhY19vaWNfY2xpZW50IiwianRpIjoiZGV0blVpU2FTS0lpSUFvdHZ0ZzV3VyIsImlzcyI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6OTAzMSIsImlhdCI6MTQ2OTAzMDk1MCwiZXhwIjoxNDY5MDMxMjUwLCJub25jZSI6Im8zNU8wMi1WM0poSXJ1SkdHSlZVOGpUUGG2LUhKUTgzWEpmQXBZTGtrZHcifQ.o9bb_yW6-h9lPser01eYoK-VMlJoUabKFQ9tT_KdgMHlqRqTa4isqFqXllViDdUIQoHGMMP7Qms565YKSCS3iA"; + static const char *JWS_TAMPERED_CONTENT + = "eyJhbGciOiJFUzI1NiIsImtpZCI6Img0aDkzIn0." + "eyJzdWIiOiJqb2UiLCJhdWQiOiJhY19vaWNfY2xpZW50IiwianRpIjoiZGV0blVpU2FTS0lpSUFvdHZ0ZzV3VyIsImlzcyI6Imh0dHBzOlwvXC9sb2NhbGhv" + "c3Q6OTAzMSIsImlhdCI6MTQ2OTAzMDk1MCwiZXhwIjoxNDY5MDMxMjUwLCJub25jZSI6Im8zNU8wMi1WM0poSXJ1SkdHSlZVOGpUUGG2LUhKUTgzWEpmQXBZ" + "TGtrZHcifQ.o9bb_yW6-h9lPser01eYoK-VMlJoUabKFQ9tT_KdgMHlqRqTa4isqFqXllViDdUIQoHGMMP7Qms565YKSCS3iA"; cjose_jws_t *jws_tc = cjose_jws_import(JWS_TAMPERED_CONTENT, strlen(JWS_TAMPERED_CONTENT), &err); ck_assert_msg(NULL != jws_tc, "cjose_jws_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); - ck_assert_msg(!cjose_jws_verify(jws_tc, jwk, &err), - "cjose_jws_verify succeeded with tampered content"); - ck_assert_msg(err.code == CJOSE_ERR_CRYPTO, - "cjose_jws_verify returned wrong err.code (%zu:%s)", - err.code, - err.message); + ck_assert_msg(!cjose_jws_verify(jws_tc, jwk, &err), "cjose_jws_verify succeeded with tampered content"); + ck_assert_msg(err.code == CJOSE_ERR_CRYPTO, "cjose_jws_verify returned wrong err.code (%zu:%s)", err.code, err.message); cjose_jws_release(jws_tc); cjose_jwk_release(jwk); @@ -875,67 +863,58 @@ START_TEST(test_cjose_jws_none) // https://tools.ietf.org/html/rfc7519#section-6.1 // Unsecured JWT (alg=none) - static const char *JWS = - "eyJhbGciOiJub25lIn0" - ".eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ" - "."; + static const char *JWS = "eyJhbGciOiJub25lIn0" + ".eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ" + "."; cjose_jws_t *jws = cjose_jws_import(JWS, strlen(JWS), &err); ck_assert_msg(NULL != jws, "cjose_jws_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); - static const char *JWK = - "{ \"kty\": \"EC\"," - "\"kid\": \"h4h93\"," - "\"use\": \"sig\"," - "\"x\": \"qcZ8jiBDygzf1XMWNN3jS7qT3DDslHOYvaa6XHMxShw\"," - "\"y\": \"vMcP1OkZsSNaFN6MHrdApLdtLPWo8RnNflgP3DAbcfY\"," - "\"crv\": \"P-256\" }"; + static const char *JWK = "{ \"kty\": \"EC\"," + "\"kid\": \"h4h93\"," + "\"use\": \"sig\"," + "\"x\": \"qcZ8jiBDygzf1XMWNN3jS7qT3DDslHOYvaa6XHMxShw\"," + "\"y\": \"vMcP1OkZsSNaFN6MHrdApLdtLPWo8RnNflgP3DAbcfY\"," + "\"crv\": \"P-256\" }"; // import the key cjose_jwk_t *jwk = cjose_jwk_import(JWK, strlen(JWK), &err); ck_assert_msg(NULL != jwk, "cjose_jwk_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // get the plaintext uint8_t *plain = NULL; size_t plain_len = 0; - ck_assert_msg( - cjose_jws_get_plaintext(jws, &plain, &plain_len, &err), - "cjose_jws_get_plaintext failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + ck_assert_msg(cjose_jws_get_plaintext(jws, &plain, &plain_len, &err), "cjose_jws_get_plaintext failed: " + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); - static const char *PLAINTEXT = - "{\"iss\":\"joe\",\r\n" - " \"exp\":1300819380,\r\n" - " \"http://example.com/is_root\":true}"; + static const char *PLAINTEXT = "{\"iss\":\"joe\",\r\n" + " \"exp\":1300819380,\r\n" + " \"http://example.com/is_root\":true}"; // confirm plain == PLAINTEXT - ck_assert_msg( - plain_len == strlen(PLAINTEXT), - "length of verified plaintext does not match length of original, " - "expected: %lu, found: %lu", strlen(PLAINTEXT), plain_len); - ck_assert_msg( - strncmp(PLAINTEXT, plain, plain_len) == 0, - "verified plaintext does not match signed plaintext: %s", plain); + ck_assert_msg(plain_len == strlen(PLAINTEXT), "length of verified plaintext does not match length of original, " + "expected: %lu, found: %lu", + strlen(PLAINTEXT), plain_len); + ck_assert_msg(strncmp(PLAINTEXT, plain, plain_len) == 0, "verified plaintext does not match signed plaintext: %s", plain); // try to verify the unsecured JWS - ck_assert_msg(!cjose_jws_verify(jws, jwk, &err), - "cjose_jws_verify succeeded for unsecured JWT"); + ck_assert_msg(!cjose_jws_verify(jws, jwk, &err), "cjose_jws_verify succeeded for unsecured JWT"); cjose_jws_release(jws); jws = cjose_jws_import(JWS, strlen(JWS), &err); ck_assert_msg(NULL != jws, "cjose_jws_import failed: " - "%s, file: %s, function: %s, line: %ld", - err.message, err.file, err.function, err.line); + "%s, file: %s, function: %s, line: %ld", + err.message, err.file, err.function, err.line); // try to sign the unsecured JWS ck_assert_msg(!cjose_jws_sign(jwk, (cjose_header_t *)jws->hdr, PLAINTEXT, strlen(PLAINTEXT), &err), - "cjose_jws_sign succeeded for unsecured JWT"); + "cjose_jws_sign succeeded for unsecured JWT"); cjose_jws_release(jws); cjose_jwk_release(jwk); diff --git a/test/check_util.c b/test/check_util.c index 7f4b666..8a7feaa 100644 --- a/test/check_util.c +++ b/test/check_util.c @@ -54,11 +54,11 @@ START_TEST(test_cjose_set_allocators) ck_assert(NULL != cjose_get_alloc3()); ck_assert(NULL != cjose_get_realloc3()); ck_assert(NULL != cjose_get_dealloc3()); - + // test simple allocation/reallocation/deallocation redirect - size_t amt; - void *ptr; - void *re_ptr; + size_t amt; + void *ptr; + void *re_ptr; test_alloc_reset(); @@ -72,7 +72,7 @@ START_TEST(test_cjose_set_allocators) ck_assert(amt == _test_alloc_in_amt); ck_assert(ptr == _test_alloc_in_ptr); ck_assert(re_ptr == _test_alloc_out_ptr); - + ptr = re_ptr; cjose_get_dealloc()(ptr); ck_assert(ptr == _test_alloc_out_ptr); @@ -90,7 +90,7 @@ START_TEST(test_cjose_set_allocators) ck_assert(amt == _test_alloc_in_amt); ck_assert(ptr == _test_alloc_in_ptr); ck_assert(re_ptr == _test_alloc_out_ptr); - + ptr = re_ptr; cjose_get_dealloc3()(ptr, __FILE__, __LINE__); ck_assert(ptr == _test_alloc_out_ptr); @@ -165,11 +165,11 @@ START_TEST(test_cjose_set_allocators_ex) ck_assert(NULL != cjose_get_realloc3()); ck_assert(NULL != cjose_get_dealloc3()); - size_t amt; - void *ptr; - void *re_ptr; - const char *file; - int line; + size_t amt; + void *ptr; + void *re_ptr; + const char *file; + int line; // test extended allocation/reallocation/deallocation redirect test_alloc3_reset(); @@ -224,7 +224,7 @@ START_TEST(test_cjose_set_allocators_ex) ck_assert(ptr == _test_alloc3_in_ptr); ck_assert(NULL != _test_alloc3_in_file); ck_assert(0 != _test_alloc3_in_line); - + test_alloc3_reset(); cjose_set_alloc_ex_funcs(NULL, NULL, NULL); diff --git a/test/check_version.c b/test/check_version.c index 380db87..2b26c26 100644 --- a/test/check_version.c +++ b/test/check_version.c @@ -9,13 +9,10 @@ #include #include -START_TEST (test_cjose_version_define) -{ - ck_assert_str_eq(CJOSE_VERSION, VERSION); -} +START_TEST(test_cjose_version_define) { ck_assert_str_eq(CJOSE_VERSION, VERSION); } END_TEST -START_TEST (test_cjose_version_fn) +START_TEST(test_cjose_version_fn) { const char *version = cjose_version(); ck_assert_str_eq(version, VERSION); @@ -33,4 +30,3 @@ Suite *cjose_version_suite() return suite; } -