feat: Align `main` branch to `eudiw-main` with ECDH-ES encryption #42

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed

LazyAfternoons wants to merge 7 commits into main from eudiw-main

docs/interfaces/types.JWEHeaderParameters.md

-Original file line number
+Diff line change
@@ Expand Up / @@ -53,7 +53,7 @@ ___ @@
     ### enc
-    • `Optional` **enc**: ``"A256CBC-HS512"`` \| ``"A128CBC-HS256"``
+    • `Optional` **enc**: ``"A256CBC-HS512"`` \| ``"A128CBC-HS256"``| ``"A256GCM"``
     JWE "enc" (Encryption Algorithm) Header Parameter.
@@ Expand Down @@

example/.ruby-version

Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		3.2.3

example/ios/Podfile.lock

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -7,19 +7,19 @@ PODS:
  
      - hermes-engine (0.76.1):

        - hermes-engine/Pre-built (= 0.76.1)

      - hermes-engine/Pre-built (0.76.1)

      - JOSESwift (2.4.0)

      - JOSESwift (3.0.0)

      - pagopa-io-react-native-crypto (0.2.3):

        - RCT-Folly

        - RCTRequired

        - RCTTypeSafety

        - React-Codegen

        - React-Core

        - ReactCommon/turbomodule/core

      - pagopa-io-react-native-jwt (1.2.0):

      - pagopa-io-react-native-jwt (2.1.0):

        - DoubleConversion

        - glog

        - hermes-engine

        - JOSESwift (~> 2.3)

        - JOSESwift (~> 3.0)

        - RCT-Folly (= 2024.01.01.00)

        - RCTRequired

        - RCTTypeSafety

    @@ -1758,9 +1758,9 @@ SPEC CHECKSUMS:
  
      fmt: 10c6e61f4be25dc963c36bd73fc7b1705fe975be

      glog: 08b301085f15bcbb6ff8632a8ebaf239aae04e6a

      hermes-engine: 46f1ffbf0297f4298862068dd4c274d4ac17a1fd

      JOSESwift: 7ff178bb9173ff42c6e990929a9f2fa702a34f69

      JOSESwift: 7784b1b844194d0f534eb6ac4fba5af683bccc79

      pagopa-io-react-native-crypto: 4f58db16d6100eb26155948bd7517e5e5f6053f4

      pagopa-io-react-native-jwt: f7d3312ef152b8c045be6ddc0b2afe2e5b1e8fd8

      pagopa-io-react-native-jwt: 504efa2b740fc5f143b9b08c19be5532dfe52d31

      RCT-Folly: bf5c0376ffe4dd2cf438dcf86db385df9fdce648

      RCTDeprecation: fde92935b3caa6cb65cbff9fbb7d3a9867ffb259

      RCTRequired: 75c6cee42d21c1530a6f204ba32ff57335d19007

    @@ -1819,7 +1819,7 @@ SPEC CHECKSUMS:
  
      ReactCodegen: 865bafc5c17ec2181620ced1a32c39c38ab2951d

      ReactCommon: 422e364463f33e336fc4db196aeb50fd801d90d6

      SocketRocket: d4aabe649be1e368d1318fdf28a022d714d65748

      Yoga: 157bed1c62656587df4639d4dc29714898f8fb10

      Yoga: db69236006b8b1c6d55ab453390c882306cbf219

    PODFILE CHECKSUM: a2c9d49bbf8a792d10e8a2f8dfebd03cf31e351c

example/src/App.tsx

-Original file line number
+Diff line change
@@ Expand Up / @@ -46,6 +46,16 @@ export default function App() { @@
         n: 'vpR83qn-xSu5asxFeKjl6rAMNNxze2R7Ut_oDTw2ERoAwRuIrrAceH_JU0bUiPD9Rwjo1000W7yN1T_w8N2cIh2uk3qll-CT9tUO1rifER7BsLbNHHpPDKYxuDZknLp7Ml-OMlb75i9WvHgRVqXVrIepfS-BM30u1eoxNygetWz_X-qkRv-5JXyGtL54Tc0x8oARsD-cMM6_rhgBJsx494cvwV5hw80j260WVtI8at727ZpXL1SpHVTI3R2m8g-xDkrRrlW8GbRbZ1WgJDVBJH5TAFGxEAd-Fva7ig2XC_zxrNpAupLDvwShIeIVpfmqkLsHlWGbIFU_v9bvgNmvHQ',
       };
+      const ecEncJwk = {
+        kty: 'EC',
+        use: 'enc',
+        crv: 'P-256',
+        kid: 'ebedaab1-4df4-44a7-8588-7dcf07434a6d',
+        x: 'IrxU7LHlxBligUjnQnra-Lfx2gKGGMDgZwQQE7RszPo',
+        y: 'yRBrbX_0iMlsrDKEh5g8xfGgadBr0VnVQQWk4SGq71Y',
+        alg: 'ECDH-ES',
+      };
       const generateAndSign = async () => {
         loading();
         const randomKeyTag = Math.random().toString(36).substr(2, 5);
@@ Expand Down Expand Up / @@ -106,7 +116,7 @@ export default function App() { @@
           .catch(showError);
       };
-      const encryptPlaintext = (plaintext: String, encKey: JWK) => {
+      const encryptPlaintextRsa = (plaintext: String, encKey: JWK) => {
         loading();
         const jwe = new EncryptJwe(plaintext, {
           alg: 'RSA-OAEP-256',
@@ Expand All / @@ -115,6 +125,19 @@ export default function App() { @@
         jwe.then(setResult).catch(showError);
       };
+      const encryptPlaintextEcdh = (plaintext: String, encKey: JWK) => {
+        loading();
+        const jwe = new EncryptJwe(plaintext, {
+          alg: 'ECDH-ES',
+          enc: 'A256GCM',
+        }).encrypt(encKey);
+        jwe.then(setResult).catch(showError);
+      };
+      React.useEffect(() => {
+        console.log(result);
+      }, [result]);
       const verifyWithJwks = () => {
         loading();
         const metadataUrl =
@@ Expand Down Expand Up / @@ -180,8 +203,20 @@ export default function App() { @@
               }
             />
             <Button
-              title="Generate JWE"
-              onPress={() => encryptPlaintext('hello', encJwk)}
+              title="Generate JWE (RSA)"
+              onPress={() => encryptPlaintextRsa('hello', encJwk)}
+            />
+            <Button
+              title="Generate JWE (EC)"
+              onPress={() => encryptPlaintextEcdh('hello', ecEncJwk)}
+            />
+            <Button
+              title="Generate JWE (RSA) (WrongKey)"
+              onPress={() => encryptPlaintextRsa('hello', ecEncJwk)}
+            />
+            <Button
+              title="Generate JWE (EC) (WrongKey)"
+              onPress={() => encryptPlaintextEcdh('hello', encJwk)}
             />
             <Button title="Verify with JWKSet" onPress={() => verifyWithJwks()} />
           </View>
@@ Expand Down @@

ios/IoReactNativeJwt.swift

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -1,5 +1,6 @@
  
    import JOSESwift

    import CommonCrypto

    import Foundation

    @objc(IoReactNativeJwt)

    @@ -23,6 +24,8 @@ class IoReactNativeJwt: NSObject {
  
                    return KeyManagementAlgorithm.RSAOAEP

                case "RSA-OAEP-256":

                    return KeyManagementAlgorithm.RSAOAEP256

                case "ECDH-ES":

                    return KeyManagementAlgorithm.ECDH_ES

            default:

                throw HeaderError.invalidAlg("alg value not supported")

            }

    @@ -35,6 +38,8 @@ class IoReactNativeJwt: NSObject {
  
                    return ContentEncryptionAlgorithm.A128CBCHS256

                case "A256CBC-HS512":

                    return ContentEncryptionAlgorithm.A256CBCHS512

                case "A256GCM":

                    return ContentEncryptionAlgorithm.A256GCM

            default:

                throw HeaderError.invalidAlg("enc value not supported")

            }

    @@ -52,11 +57,11 @@ class IoReactNativeJwt: NSObject {
  
                    if isECKey(jwk:jwk) {

                        let ecJwk = try ECPublicKey(data: publicKeyJson)

                        let publicKey = try ecJwk.converted(to: SecKey.self)

                        verifier = Verifier(verifyingAlgorithm: jws.header.algorithm!, key: publicKey)!

                      verifier = Verifier(signatureAlgorithm: jws.header.algorithm!, key: publicKey)!

                    } else {

                        let rsaJwk = try RSAPublicKey(data: publicKeyJson)

                        let publicKey = try rsaJwk.converted(to: SecKey.self)

                        verifier = Verifier(verifyingAlgorithm: jws.header.algorithm!, key: publicKey)!

                      verifier = Verifier(signatureAlgorithm: jws.header.algorithm!, key: publicKey)!

                    }

                    _ = try jws.validate(using: verifier!)

                    resolve(true)

    @@ -193,12 +198,25 @@ class IoReactNativeJwt: NSObject {
  
                    let payload = Payload(message)

                    if isECKey(jwk:jwk) {

                        reject("Error", "EC not supported", nil);

                        // --- ECDH-ES / EC Key ---

                        let ecPublicKey = try ECPublicKey(data: publicKeyJson)

                        guard let encrypter = Encrypter(keyManagementAlgorithm: try getKeyManagmentAlg(header: header), contentEncryptionAlgorithm: try getContentEncryptionAlgorithm(header: header), encryptionKey: ecPublicKey)

                        else {

                          reject("Error", "Error creating Encrypter, incompatible key", nil)

                          return

                        }

                        let jwe = try JWE(header: jweHeader, payload: payload, encrypter: encrypter)

                        resolve(jwe.compactSerializedString)

                    } else {

                        let rsaJwk = try RSAPublicKey(data: publicKeyJson)

                        let publicKey = try rsaJwk.converted(to: SecKey.self)

                        let encrypter = Encrypter(keyManagementAlgorithm: try getKeyManagmentAlg(header: header), contentEncryptionAlgorithm: try getContentEncryptionAlgorithm(header: header), encryptionKey: publicKey)!

                        guard let encrypter = Encrypter(keyManagementAlgorithm: try getKeyManagmentAlg(header: header), contentEncryptionAlgorithm: try getContentEncryptionAlgorithm(header: header), encryptionKey: publicKey)

                        else {

                          reject("Error", "Error creating Encrypter, incompatible key", nil)

                          return

                        }

                        let jwe = try JWE(header: jweHeader, payload: payload, encrypter: encrypter)

                        resolve(jwe.compactSerializedString)

package.json

-Original file line number
+Diff line change
@@ -1,6 +1,6 @@
     {
       "name": "@pagopa/io-react-native-jwt",
-      "version": "1.4.0",
+      "version": "2.1.0",
       "description": "Native support for JWT",
       "source": "src/index",
       "main": "lib/commonjs/index",
@@ Expand Down @@

pagopa-io-react-native-jwt.podspec

-Original file line number
+Diff line change
@@ Expand Up / @@ -17,7 +17,7 @@ Pod::Spec.new do |s| @@
       s.source_files = "ios/**/*.{h,m,mm,swift}"
       #JOSESwift dependency
-      s.dependency "JOSESwift", "~> 2.3"
+      s.dependency "JOSESwift", "~> 3.0"
       # Use install_modules_dependencies helper to install the dependencies if React Native version >=0.71.0.
       # See https://github.com/facebook/react-native/blob/febf6b7f33fdb4904669f99d795eba4c0f95d7bf/scripts/cocoapods/new_architecture.rb#L79.
@@ Expand Down @@

src/types.ts

-Original file line number
+Diff line change
@@ Expand Up @@
     /** Recognized JWE Header Parameters, any other Header members may also be present. */
     export interface JWEHeaderParameters extends JoseHeaderParameters {
       /** JWE "alg" (Algorithm) Header Parameter. */
-      alg?: 'RSA-OAEP-256' | 'RSA-OAEP';
+      alg?: 'RSA-OAEP-256' | 'RSA-OAEP' | 'ECDH-ES';
       /** JWE "enc" (Encryption Algorithm) Header Parameter. */
-      enc?: 'A256CBC-HS512' | 'A128CBC-HS256';
+      enc?: 'A256CBC-HS512' | 'A128CBC-HS256' | 'A128CBC-HS256' | 'A256GCM';
       /** Any other JWE Header member. */
       [propName: string]: unknown;
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Align `main` branch to `eudiw-main` with ECDH-ES encryption #42

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

feat: Align main branch to eudiw-main with ECDH-ES encryption #42

Uh oh!

feat: Align main branch to eudiw-main with ECDH-ES encryption #42

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

feat: Align `main` branch to `eudiw-main` with ECDH-ES encryption #42

feat: Align `main` branch to `eudiw-main` with ECDH-ES encryption #42