feat: udpate jose-test
This commit is contained in:
19
__crypto/jose-test/Cargo.lock
generated
19
__crypto/jose-test/Cargo.lock
generated
@@ -462,12 +462,6 @@ dependencies = [
|
|||||||
"serde",
|
"serde",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "jose-jwe"
|
|
||||||
version = "0.0.0"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "da37393583c7f15d664109cbfb1c451601766e95850d3b3963292a6763fcb9e8"
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "jose-jwk"
|
name = "jose-jwk"
|
||||||
version = "0.1.2"
|
version = "0.1.2"
|
||||||
@@ -491,7 +485,6 @@ dependencies = [
|
|||||||
"aes-kw",
|
"aes-kw",
|
||||||
"base64",
|
"base64",
|
||||||
"biscuit",
|
"biscuit",
|
||||||
"jose-jwe",
|
|
||||||
"jose-jwk",
|
"jose-jwk",
|
||||||
"josekit",
|
"josekit",
|
||||||
"rand",
|
"rand",
|
||||||
@@ -499,6 +492,7 @@ dependencies = [
|
|||||||
"rust_util",
|
"rust_util",
|
||||||
"serde",
|
"serde",
|
||||||
"serde_json",
|
"serde_json",
|
||||||
|
"sha1",
|
||||||
"sha2",
|
"sha2",
|
||||||
]
|
]
|
||||||
|
|
||||||
@@ -978,6 +972,17 @@ dependencies = [
|
|||||||
"serde",
|
"serde",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "sha1"
|
||||||
|
version = "0.10.6"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
|
||||||
|
dependencies = [
|
||||||
|
"cfg-if",
|
||||||
|
"cpufeatures",
|
||||||
|
"digest",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "sha2"
|
name = "sha2"
|
||||||
version = "0.10.8"
|
version = "0.10.8"
|
||||||
|
|||||||
@@ -8,7 +8,7 @@ aes-gcm-stream = "0.2.3"
|
|||||||
aes-kw = { version = "0.2.1", features = ["alloc"] }
|
aes-kw = { version = "0.2.1", features = ["alloc"] }
|
||||||
base64 = "0.22.1"
|
base64 = "0.22.1"
|
||||||
biscuit = "0.7.0"
|
biscuit = "0.7.0"
|
||||||
jose-jwe = "0.0.0"
|
#jose-jwe = "0.0.0"
|
||||||
jose-jwk = { version = "0.1.2", features = ["rsa"] }
|
jose-jwk = { version = "0.1.2", features = ["rsa"] }
|
||||||
josekit = "0.10.0"
|
josekit = "0.10.0"
|
||||||
rand = { version = "0.8.5", features = [] }
|
rand = { version = "0.8.5", features = [] }
|
||||||
@@ -16,4 +16,5 @@ rsa = "0.9.6"
|
|||||||
rust_util = "0.6.47"
|
rust_util = "0.6.47"
|
||||||
serde = "1.0.214"
|
serde = "1.0.214"
|
||||||
serde_json = "1.0.132"
|
serde_json = "1.0.132"
|
||||||
|
sha1 = "0.10.6"
|
||||||
sha2 = "0.10.8"
|
sha2 = "0.10.8"
|
||||||
|
|||||||
@@ -10,14 +10,14 @@ use josekit::jwk::alg::rsa::RsaKeyPair;
|
|||||||
use josekit::jwk::Jwk;
|
use josekit::jwk::Jwk;
|
||||||
use rand::random;
|
use rand::random;
|
||||||
use rand::rngs::OsRng;
|
use rand::rngs::OsRng;
|
||||||
use rsa::RsaPrivateKey;
|
use rsa::{Oaep, RsaPrivateKey};
|
||||||
use rust_util::XResult;
|
use rust_util::XResult;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
use serde_json::Value;
|
use serde_json::Value;
|
||||||
|
use sha1::Sha1;
|
||||||
|
|
||||||
const LOCAL_KMS_PREFIX: &str = "LKMS:";
|
const LOCAL_KMS_PREFIX: &str = "LKMS:";
|
||||||
|
|
||||||
|
|
||||||
// JWE format:
|
// JWE format:
|
||||||
// BASE64URL(UTF8(JWE Protected Header)) || '.' ||
|
// BASE64URL(UTF8(JWE Protected Header)) || '.' ||
|
||||||
// BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization Vector)
|
// BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization Vector)
|
||||||
@@ -69,6 +69,33 @@ pub fn serialize_jwe_rsa(payload: &[u8], jwk: &Jwk) -> XResult<String> {
|
|||||||
Ok(format!("{}{}", LOCAL_KMS_PREFIX, jwe::serialize_compact(payload, &header, &encrypter)?))
|
Ok(format!("{}{}", LOCAL_KMS_PREFIX, jwe::serialize_compact(payload, &header, &encrypter)?))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn deserialize_jwe_rsa_2(jwe: &str, rsa: &RsaPrivateKey) -> XResult<(Vec<u8>, JweHeader2)> {
|
||||||
|
let jwe_parts = jwe.split(".").collect::<Vec<&str>>();
|
||||||
|
if jwe_parts.len() != 5 {
|
||||||
|
panic!("Invalid jwe");
|
||||||
|
}
|
||||||
|
let header_bytes = URL_SAFE_NO_PAD.decode(jwe_parts[0].as_bytes()).unwrap();
|
||||||
|
let header: JweHeader2 = serde_json::from_slice(&header_bytes).unwrap();
|
||||||
|
println!("{:?}", jwe_parts);
|
||||||
|
println!("{:?}", header);
|
||||||
|
let key_wrap = URL_SAFE_NO_PAD.decode(jwe_parts[1].as_bytes()).unwrap();
|
||||||
|
let nonce = URL_SAFE_NO_PAD.decode(jwe_parts[2].as_bytes()).unwrap();
|
||||||
|
let ciphertext = URL_SAFE_NO_PAD.decode(jwe_parts[3].as_bytes()).unwrap();
|
||||||
|
let tag = URL_SAFE_NO_PAD.decode(jwe_parts[4].as_bytes()).unwrap();
|
||||||
|
|
||||||
|
let data_key = rsa.decrypt(Oaep::new::<Sha1>(), &key_wrap).unwrap();
|
||||||
|
let data_key_b32 = bytes_to_32(&data_key);
|
||||||
|
|
||||||
|
let mut decryptor = Aes256GcmStreamDecryptor::new(data_key_b32, &nonce);
|
||||||
|
decryptor.init_adata(jwe_parts[0].as_bytes());
|
||||||
|
let mut p1 = decryptor.update(&ciphertext);
|
||||||
|
let p2 = decryptor.update(&tag);
|
||||||
|
let pf = decryptor.finalize().unwrap();
|
||||||
|
p1.extend_from_slice(&p2);
|
||||||
|
p1.extend_from_slice(&pf);
|
||||||
|
Ok((p1, header))
|
||||||
|
}
|
||||||
|
|
||||||
pub fn deserialize_jwe_rsa(jwe: &str, jwk: &Jwk) -> XResult<(Vec<u8>, JweHeader)> {
|
pub fn deserialize_jwe_rsa(jwe: &str, jwk: &Jwk) -> XResult<(Vec<u8>, JweHeader)> {
|
||||||
let decrypter = RsaesJweAlgorithm::RsaOaep.decrypter_from_jwk(jwk)?;
|
let decrypter = RsaesJweAlgorithm::RsaOaep.decrypter_from_jwk(jwk)?;
|
||||||
Ok(jwe::deserialize_compact(&get_jwe(jwe), &decrypter)?)
|
Ok(jwe::deserialize_compact(&get_jwe(jwe), &decrypter)?)
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
mod jose;
|
mod jose;
|
||||||
|
|
||||||
use crate::jose::{deserialize_jwe_aes, deserialize_jwe_aes_2, serialize_jwe_aes_2};
|
use crate::jose::{deserialize_jwe_aes, deserialize_jwe_aes_2, deserialize_jwe_rsa_2, serialize_jwe_aes_2, serialize_jwe_rsa};
|
||||||
use base64::engine::general_purpose::STANDARD;
|
use base64::engine::general_purpose::STANDARD;
|
||||||
use base64::Engine;
|
use base64::Engine;
|
||||||
use jose_jwk::{Jwk, Key, Rsa};
|
use jose_jwk::{Jwk, Key, Rsa};
|
||||||
@@ -36,10 +36,17 @@ fn main() {
|
|||||||
key: Key::Rsa(public_rsa),
|
key: Key::Rsa(public_rsa),
|
||||||
prm: Default::default(),
|
prm: Default::default(),
|
||||||
};
|
};
|
||||||
println!("{}", serde_json::to_string(&jwk).unwrap());
|
let jwk_str = serde_json::to_string(&jwk).unwrap();
|
||||||
|
println!("{}", &jwk_str);
|
||||||
|
// let rsa: Rsa = serde_json::from_str(&jwk_str).unwrap();
|
||||||
|
let josekitjwk = josekit::jwk::Jwk::from_bytes(jwk_str.as_bytes()).unwrap();
|
||||||
|
let rsa_jwe = serialize_jwe_rsa(b"hello world 001", &josekitjwk).unwrap();
|
||||||
// let rsa_key_2: RsaPrivateKey = rsa.try_into().unwrap();
|
// let rsa_key_2: RsaPrivateKey = rsa.try_into().unwrap();
|
||||||
// println!("{:?}", rsa_key_2);
|
println!(">>> {}", rsa_jwe);
|
||||||
|
let rsa_jwe = rsa_jwe.chars().skip(5).collect::<String>();
|
||||||
|
let (dd, hh) = deserialize_jwe_rsa_2(&rsa_jwe, &rsa_key).unwrap();
|
||||||
|
println!("DD: {}", String::from_utf8_lossy(&dd));
|
||||||
|
println!("HH: {:?}", hh);
|
||||||
|
|
||||||
main2();
|
main2();
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user