test: stop testing JWE RSA1_5 Algorithm

panva · Mar 7, 2024 · e839ecb · e839ecb
1 parent 1b91d88
commit e839ecb
Show file tree

Hide file tree

Showing 7 changed files with 33 additions and 74 deletions.
diff --git a/cookbook/jwe.mjs b/cookbook/jwe.mjs
@@ -1,70 +1,4 @@
 export default [
- {
- title:
- 'https://www.rfc-editor.org/rfc/rfc7520#section-5.1 - Key Encryption using RSA v1.5 and AES-HMAC-SHA2',
- webcrypto: false,
- reproducible: false,
- input: {
- plaintext:
- 'You can trust us to stick with you through thick and thin–to the bitter end. And you can trust us to keep any secret of yours–closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.',
- key: {
- kty: 'RSA',
- ext: false,
- kid: '[email protected]',
- use: 'enc',
- n: 'maxhbsmBtdQ3CNrKvprUE6n9lYcregDMLYNeTAWcLj8NnPU9XIYegTHVHQjxKDSHP2l-F5jS7sppG1wgdAqZyhnWvXhYNvcM7RfgKxqNx_xAHx6f3yy7s-M9PSNCwPC2lh6UAkR4I00EhV9lrypM9Pi4lBUop9t5fS9W5UNwaAllhrd-osQGPjIeI1deHTwx-ZTHu3C60Pu_LJIl6hKn9wbwaUmA4cR5Bd2pgbaY7ASgsjCUbtYJaNIHSoHXprUdJZKUMAzV0WOKPfA6OPI4oypBadjvMZ4ZAj3BnXaSYsEZhaueTXvZB4eZOAjIyh2e_VOIKVMsnDrJYAVotGlvMQ',
- e: 'AQAB',
- d: 'Kn9tgoHfiTVi8uPu5b9TnwyHwG5dK6RE0uFdlpCGnJN7ZEi963R7wybQ1PLAHmpIbNTztfrheoAniRV1NCIqXaW_qS461xiDTp4ntEPnqcKsyO5jMAji7-CL8vhpYYowNFvIesgMoVaPRYMYT9TW63hNM0aWs7USZ_hLg6Oe1mY0vHTI3FucjSM86Nff4oIENt43r2fspgEPGRrdE6fpLc9Oaq-qeP1GFULimrRdndm-P8q8kvN3KHlNAtEgrQAgTTgz80S-3VD0FgWfgnb1PNmiuPUxO8OpI9KDIfu_acc6fg14nsNaJqXe6RESvhGPH2afjHqSy_Fd2vpzj85bQQ',
- p: '2DwQmZ43FoTnQ8IkUj3BmKRf5Eh2mizZA5xEJ2MinUE3sdTYKSLtaEoekX9vbBZuWxHdVhM6UnKCJ_2iNk8Z0ayLYHL0_G21aXf9-unynEpUsH7HHTklLpYAzOOx1ZgVljoxAdWNn3hiEFrjZLZGS7lOH-a3QQlDDQoJOJ2VFmU',
- q: 'te8LY4-W7IyaqH1ExujjMqkTAlTeRbv0VLQnfLY2xINnrWdwiQ93_VF099aP1ESeLja2nw-6iKIe-qT7mtCPozKfVtUYfz5HrJ_XY2kfexJINb9lhZHMv5p1skZpeIS-GPHCC6gRlKo1q-idn_qxyusfWv7WAxlSVfQfk8d6Et0',
- dp: 'UfYKcL_or492vVc0PzwLSplbg4L3-Z5wL48mwiswbpzOyIgd2xHTHQmjJpFAIZ8q-zf9RmgJXkDrFs9rkdxPtAsL1WYdeCT5c125Fkdg317JVRDo1inX7x2Kdh8ERCreW8_4zXItuTl_KiXZNU5lvMQjWbIw2eTx1lpsflo0rYU',
- dq: 'iEgcO-QfpepdH8FWd7mUFyrXdnOkXJBCogChY6YKuIHGc_p8Le9MbpFKESzEaLlN1Ehf3B6oGBl5Iz_ayUlZj2IoQZ82znoUrpa9fVYNot87ACfzIG7q9Mv7RiPAderZi03tkVXAdaBau_9vs5rS-7HMtxkVrxSUvJY14TkXlHE',
- qi: 'kC-lzZOqoFaZCr5l0tOVtREKoVqaAYhQiqIRGL-MzS4sCmRkxm5vZlXYx6RtE1n_AagjqajlkjieGlxTTThHD8Iga6foGBMaAr5uR1hGQpSc7Gl7CF1DZkBJMTQN6EshYzZfxW08mIO8M6Rzuh0beL6fG9mkDcIyPrBXx2bQ_mM',
- },
- alg: 'RSA1_5',
- enc: 'A128CBC-HS256',
- },
- generated: {
- cek: '3qyTVhIWt5juqZUCpfRqpvauwB956MEJL2Rt-8qXKSo',
- iv: 'bbd5sTkYwhAIqfHsx8DayA',
- },
- encrypting_key: {},
- encrypting_content: {
- protected: {
- alg: 'RSA1_5',
- kid: '[email protected]',
- enc: 'A128CBC-HS256',
- },
- },
- output: {
- compact:
- 'eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8VlzNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOhMBs9M8XL223Fg47xlGsMXdfuY-4jaqVw.bbd5sTkYwhAIqfHsx8DayA.0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP430m.kvKuFBXHe5mQr4lqgobAUg',
- json: {
- recipients: [
- {
- encrypted_key:
- 'laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8VlzNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOhMBs9M8XL223Fg47xlGsMXdfuY-4jaqVw',
- },
- ],
- protected:
- 'eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0',
- iv: 'bbd5sTkYwhAIqfHsx8DayA',
- ciphertext:
- '0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP430m',
- tag: 'kvKuFBXHe5mQr4lqgobAUg',
- },
- json_flat: {
- protected:
- 'eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0',
- encrypted_key:
- 'laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8VlzNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOhMBs9M8XL223Fg47xlGsMXdfuY-4jaqVw',
- iv: 'bbd5sTkYwhAIqfHsx8DayA',
- ciphertext:
- '0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP430m',
- tag: 'kvKuFBXHe5mQr4lqgobAUg',
- },
- },
- },
  {
  title:
  'https://www.rfc-editor.org/rfc/rfc7520#section-5.2 - Key Encryption using RSA-OAEP with AES-GCM',

diff --git a/src/runtime/node/zlib.ts b/src/runtime/node/zlib.ts
@@ -1,11 +1,14 @@
 import { promisify } from 'util'
 import { inflateRaw as inflateRawCb, deflateRaw as deflateRawCb } from 'zlib'
+import { JWEDecompressionFailed } from '../../util/errors.js'
 
 import type { InflateFunction, DeflateFunction } from '../../types.d'
 
 const inflateRaw = promisify(inflateRawCb)
 const deflateRaw = promisify(deflateRawCb)
 
 export const inflate: InflateFunction = (input: Uint8Array) =>
- inflateRaw(input, { maxOutputLength: 250_000 })
+ inflateRaw(input, { maxOutputLength: 250_000 }).catch(() => {
+ throw new JWEDecompressionFailed()
+ })
 export const deflate: DeflateFunction = (input: Uint8Array) => deflateRaw(input)
diff --git a/src/util/errors.ts b/src/util/errors.ts
@@ -190,6 +190,35 @@ export class JWEDecryptionFailed extends JOSEError {
  message = 'decryption operation failed'
 }
 
+/**
+ * An error subclass thrown when a JWE ciphertext decompression fails.
+ *
+ * @example Checking thrown error is this one using a stable error code
+ *
+ * ```js
+ * if (err.code === 'ERR_JWE_DECOMPRESSION_FAILED') {
+ * // ...
+ * }
+ * ```
+ *
+ * @example Checking thrown error is this one using `instanceof`
+ *
+ * ```js
+ * if (err instanceof jose.errors.JWEDecompressionFailed) {
+ * // ...
+ * }
+ * ```
+ */
+export class JWEDecompressionFailed extends JOSEError {
+ static get code(): 'ERR_JWE_DECOMPRESSION_FAILED' {
+ return 'ERR_JWE_DECOMPRESSION_FAILED'
+ }
+
+ code = 'ERR_JWE_DECOMPRESSION_FAILED'
+
+ message = 'decompression operation failed'
+}
+
 /**
  * An error subclass thrown when a JWE is invalid.
  *

diff --git a/tap/jwk.ts b/tap/jwk.ts
@@ -35,7 +35,6 @@ export default (QUnit: QUnit, lib: typeof jose) => {
  ['RSA-OAEP-384', KEYS.RSA.jwk, true],
  ['RSA-OAEP-512', KEYS.RSA.jwk, true],
  ['RSA-OAEP', KEYS.RSA.jwk, true],
- ['RSA1_5', KEYS.RSA.jwk, env.isNodeCrypto || env.isElectron],
  ]
 
  function publicJwk(jwk: JsonWebKey) {

diff --git a/tap/pem.ts b/tap/pem.ts
@@ -55,9 +55,6 @@ export default (QUnit: QUnit, lib: typeof jose) => {
  ['RSA-OAEP', KEYS.RSA.pkcs8, true],
  ['RSA-OAEP', KEYS.RSA.spki, true],
  ['RSA-OAEP', KEYS.RSA.x509, true],
- ['RSA1_5', KEYS.RSA.pkcs8, env.isNodeCrypto || env.isElectron],
- ['RSA1_5', KEYS.RSA.spki, env.isNodeCrypto || env.isElectron],
- ['RSA1_5', KEYS.RSA.x509, env.isNodeCrypto || env.isElectron],
  [['ECDH-ES', 'P-256'], KEYS.P256.pkcs8, true],
  [['ECDH-ES', 'P-256'], KEYS.P256.spki, true],
  [['ECDH-ES', 'P-256'], KEYS.P256.x509, true],

diff --git a/tap/rsaes.ts b/tap/rsaes.ts
@@ -1,5 +1,4 @@
 import type QUnit from 'qunit'
-import * as env from './env.js'
 import type * as jose from '../src/index.js'
 import * as roundtrip from './encrypt.js'
 
@@ -11,7 +10,6 @@ export default (QUnit: QUnit, lib: typeof jose) => {
 
  type Vector = [string, boolean]
  const algorithms: Vector[] = [
- ['RSA1_5', env.isNodeCrypto || env.isElectron],
  ['RSA-OAEP', true],
  ['RSA-OAEP-256', true],
  ['RSA-OAEP-384', true],

diff --git a/test/jws/restrictions.test.mjs b/test/jws/restrictions.test.mjs
@@ -122,5 +122,4 @@ test(testECDSASigEncoding, 'ES256')
 test(testECDSASigEncoding, 'ES384')
 test(testECDSASigEncoding, 'ES512')
 
-test(testRSAenc, 'RSA1_5')
 test(testECDSASigEncoding, 'ES256K')