bump: Merge 'hidekatsu-izuno:master'

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "josekit"
-version = "0.8.5"
+version = "0.10.0"
 description = "JOSE (Javascript Object Signing and Encryption) library for Rust."
 repository = "https://github.com/hidekatsu-izuno/josekit-rs"
 readme = "README.md"
@@ -17,16 +17,15 @@ default = []
 vendored = ["openssl/vendored"]
 
 [dependencies]
-thiserror = "1"
+thiserror = "2"
 anyhow = "1"
-once_cell = "1"
 regex = "1"
 serde = { version = "1", features = ["derive"] }
 serde_json = { version = "1", features = ["preserve_order"] }
-base64 = "0.21"
+base64 = "0.22"
 flate2 = "1"
-openssl = "0.10.62"
 time = "0.3"
+openssl = { version = "0.10.66" }
 
 [dev-dependencies]
 doc-comment = "0.3.3"

README.md

@@ -6,7 +6,7 @@ JOSE (Javascript Object Signing and Encryption: JWT, JWS, JWE, JWA, JWK) library
 
 ```toml
 [dependencies]
-josekit = "0.8.5"
+josekit = "0.10.0"
 ```
 
 This library depends on OpenSSL 1.1.1 or above DLL. Read more about [Crate openssl](https://docs.rs/openssl/). 

src/jose_header.rs

@@ -1,8 +1,8 @@
 use crate::Value;
 
-use std::fmt::Debug;
+use std::{any::Any, fmt::Debug};
 
-pub trait JoseHeader: Send + Sync + Debug {
+pub trait JoseHeader: Any + Send + Sync + Debug {
     /// Return claim count.
     fn len(&self) -> usize;
 
@@ -14,6 +14,12 @@ pub trait JoseHeader: Send + Sync + Debug {
     fn claim(&self, key: &str) -> Option<&Value>;
 
     fn box_clone(&self) -> Box<dyn JoseHeader>;
+
+    fn as_any(&self) -> &dyn Any;
+
+    fn as_any_mut(&mut self) -> &mut dyn Any;
+
+    fn into_any(self: Box<Self>) -> Box<dyn Any>;
 }
 
 impl Clone for Box<dyn JoseHeader> {

src/jwe.rs

@@ -10,7 +10,7 @@ mod jwe_header;
 mod jwe_header_set;
 pub mod zip;
 
-use once_cell::sync::Lazy;
+use std::sync::LazyLock;
 
 use crate::JoseError;
 
@@ -54,7 +54,7 @@ pub use RsaesJweAlgorithm::RsaOaep256 as RSA_OAEP_256;
 pub use RsaesJweAlgorithm::RsaOaep384 as RSA_OAEP_384;
 pub use RsaesJweAlgorithm::RsaOaep512 as RSA_OAEP_512;
 
-static DEFAULT_CONTEXT: Lazy<JweContext> = Lazy::new(|| JweContext::new());
+static DEFAULT_CONTEXT: LazyLock<JweContext> = LazyLock::new(|| JweContext::new());
 
 /// Return a representation of the data that is formatted by compact serialization.
 ///

src/jwe/alg/aesgcmkw.rs

@@ -240,7 +240,7 @@ impl JweEncrypter for AesgcmkwJweEncrypter {
         out_header: &mut JweHeader,
     ) -> Result<Option<Vec<u8>>, JoseError> {
         (|| -> anyhow::Result<Option<Vec<u8>>> {
-            let iv = util::random_bytes(32);
+            let iv = util::random_bytes(12);
 
             let cipher = self.algorithm.cipher();
             let mut tag = [0; 16];
@@ -315,7 +315,7 @@ impl JweDecrypter for AesgcmkwJweDecrypter {
                 None => bail!("A encrypted_key is required."),
             };
 
-            let iv = match header.claim("iv") {
+            let iv: Vec<u8> = match header.claim("iv") {
                 Some(Value::String(val)) => util::decode_base64_urlsafe_no_pad(val)?,
                 Some(_) => bail!("The iv header claim must be string."),
                 None => bail!("The iv header claim is required."),

src/jwe/alg/pbes2_hmac_aeskw.rs

@@ -5,6 +5,7 @@ use std::ops::Deref;
 
 use anyhow::bail;
 use openssl::aes::{self, AesKey};
+use openssl::hash::MessageDigest;
 use openssl::pkcs5;
 
 use crate::jwe::{JweAlgorithm, JweContentEncryption, JweDecrypter, JweEncrypter, JweHeader};
@@ -288,7 +289,12 @@ impl JweEncrypter for Pbes2HmacAeskwJweEncrypter {
             salt.push(0);
             salt.extend_from_slice(&p2s);
 
-            let md = self.algorithm.hash_algorithm().message_digest();
+            let md = match &self.algorithm.hash_algorithm() {
+                HashAlgorithm::Sha1 => MessageDigest::sha1(),
+                HashAlgorithm::Sha256 => MessageDigest::sha256(),
+                HashAlgorithm::Sha384 => MessageDigest::sha384(),
+                HashAlgorithm::Sha512 => MessageDigest::sha512(),
+            };
             let mut derived_key = vec![0; self.algorithm.derived_key_len()];
             pkcs5::pbkdf2_hmac(&self.private_key, &salt, p2c, md, &mut derived_key)?;
 
@@ -398,7 +404,12 @@ impl JweDecrypter for Pbes2HmacAeskwJweDecrypter {
             salt.push(0);
             salt.extend_from_slice(&p2s);
 
-            let md = self.algorithm.hash_algorithm().message_digest();
+            let md = match &self.algorithm.hash_algorithm() {
+                HashAlgorithm::Sha1 => MessageDigest::sha1(),
+                HashAlgorithm::Sha256 => MessageDigest::sha256(),
+                HashAlgorithm::Sha384 => MessageDigest::sha384(),
+                HashAlgorithm::Sha512 => MessageDigest::sha512(),
+            };
             let mut derived_key = vec![0; self.algorithm.derived_key_len()];
             pkcs5::pbkdf2_hmac(&self.private_key, &salt, p2c, md, &mut derived_key)?;
 

src/jwe/enc/aescbc_hmac.rs

@@ -109,8 +109,11 @@ impl JweContentEncryption for AescbcHmacJweEncryption {
             let mac_key_len = expected_len / 2;
             let mac_key = &key[0..mac_key_len];
             let enc_key = &key[mac_key_len..];
-
-            let cipher = self.cipher();
+            let cipher = match self {
+                AescbcHmacJweEncryption::A128cbcHs256 => Cipher::aes_128_cbc(),
+                AescbcHmacJweEncryption::A192cbcHs384 => Cipher::aes_192_cbc(),
+                AescbcHmacJweEncryption::A256cbcHs512 => Cipher::aes_256_cbc(),
+            };
             let encrypted_message = symm::encrypt(cipher, enc_key, iv, message)?;
             Ok((encrypted_message, mac_key))
         })()
@@ -142,8 +145,11 @@ impl JweContentEncryption for AescbcHmacJweEncryption {
             let mac_key_len = expected_len / 2;
             let mac_key = &key[0..mac_key_len];
             let enc_key = &key[mac_key_len..];
-
-            let cipher = self.cipher();
+            let cipher = match self {
+                AescbcHmacJweEncryption::A128cbcHs256 => Cipher::aes_128_cbc(),
+                AescbcHmacJweEncryption::A192cbcHs384 => Cipher::aes_192_cbc(),
+                AescbcHmacJweEncryption::A256cbcHs512 => Cipher::aes_256_cbc(),
+            };
             let message = symm::decrypt(cipher, enc_key, iv, encrypted_message)?;
             Ok((message, mac_key))
         })()

src/jwe/enc/aesgcm.rs

@@ -17,16 +17,6 @@ pub enum AesgcmJweEncryption {
     A256gcm,
 }
 
-impl AesgcmJweEncryption {
-    fn cipher(&self) -> Cipher {
-        match self {
-            Self::A128gcm => Cipher::aes_128_gcm(),
-            Self::A192gcm => Cipher::aes_192_gcm(),
-            Self::A256gcm => Cipher::aes_256_gcm(),
-        }
-    }
-}
-
 impl JweContentEncryption for AesgcmJweEncryption {
     fn name(&self) -> &str {
         match self {
@@ -65,7 +55,11 @@ impl JweContentEncryption for AesgcmJweEncryption {
                 );
             }
 
-            let cipher = self.cipher();
+            let cipher = match self {
+                AesgcmJweEncryption::A128gcm => Cipher::aes_128_gcm(),
+                AesgcmJweEncryption::A192gcm => Cipher::aes_192_gcm(),
+                AesgcmJweEncryption::A256gcm => Cipher::aes_256_gcm(),
+            };
             let mut tag = [0; 16];
             let encrypted_message = symm::encrypt_aead(cipher, key, iv, aad, message, &mut tag)?;
             Ok((encrypted_message, Some(tag.to_vec())))
@@ -96,7 +90,11 @@ impl JweContentEncryption for AesgcmJweEncryption {
                 None => bail!("A tag value is required."),
             };
 
-            let cipher = self.cipher();
+            let cipher = match self {
+                AesgcmJweEncryption::A128gcm => Cipher::aes_128_gcm(),
+                AesgcmJweEncryption::A192gcm => Cipher::aes_192_gcm(),
+                AesgcmJweEncryption::A256gcm => Cipher::aes_256_gcm(),
+            };
             let message = symm::decrypt_aead(cipher, key, iv, aad, encrypted_message, tag)?;
             Ok(message)
         })()

src/jwe/jwe_header.rs

@@ -1,3 +1,4 @@
+use std::any::Any;
 use std::cmp::Eq;
 use std::convert::Into;
 use std::fmt::{Debug, Display};
@@ -612,6 +613,18 @@ impl JoseHeader for JweHeader {
     fn box_clone(&self) -> Box<dyn JoseHeader> {
         Box::new(self.clone())
     }
+
+    fn as_any(&self) -> &dyn Any {
+        self
+    }
+
+    fn as_any_mut(&mut self) -> &mut dyn Any {
+        self
+    }
+
+    fn into_any(self: Box<Self>) -> Box<dyn Any> {
+        self
+    }
 }
 
 impl AsRef<Map<String, Value>> for JweHeader {

src/jwe/jwe_header_set.rs

@@ -1,3 +1,4 @@
+use std::any::Any;
 use std::fmt::{Debug, Display};
 use std::ops::Deref;
 
@@ -672,6 +673,18 @@ impl JoseHeader for JweHeaderSet {
     fn box_clone(&self) -> Box<dyn JoseHeader> {
         Box::new(self.clone())
     }
+
+    fn as_any(&self) -> &dyn Any {
+        self
+    }
+
+    fn as_any_mut(&mut self) -> &mut dyn Any {
+        self
+    }
+
+    fn into_any(self: Box<Self>) -> Box<dyn Any> {
+        self
+    }
 }
 
 impl Display for JweHeaderSet {

src/jwk/alg/ec.rs

@@ -2,7 +2,7 @@ use std::fmt::Display;
 use std::ops::Deref;
 
 use anyhow::bail;
-use openssl::bn::{BigNum, BigNumContext};
+use openssl::bn::{BigNum, BigNumContext, BigNumRef};
 use openssl::ec::{EcGroup, EcKey};
 use openssl::nid::Nid;
 use openssl::pkey::{PKey, Private};
@@ -106,7 +106,14 @@ impl EcKeyPair {
     /// Generate EC key pair.
     pub fn generate(curve: EcCurve) -> Result<EcKeyPair, JoseError> {
         (|| -> anyhow::Result<EcKeyPair> {
-            let ec_group = EcGroup::from_curve_name(curve.nid())?;
+            let nid = match curve {
+                EcCurve::P256 => Nid::X9_62_PRIME256V1,
+                EcCurve::P384 => Nid::SECP384R1,
+                EcCurve::P521 => Nid::SECP521R1,
+                EcCurve::Secp256k1 => Nid::SECP256K1,
+                EcCurve::BP256R1 => Nid::BRAINPOOL_P256R1,
+            };
+            let ec_group = EcGroup::from_curve_name(nid)?;
             let ec_key = EcKey::generate(&ec_group)?;
             let private_key = PKey::from_ec_key(ec_key)?;
 
@@ -337,7 +344,7 @@ impl EcKeyPair {
             .unwrap();
         if private {
             let d = ec_key.private_key();
-            let d = util::num_to_vec(&d, self.curve.coordinate_size());
+            let d = Self::num_to_vec(&d, self.curve.coordinate_size());
             let d = util::encode_base64_urlsafe_nopad(&d);
 
             jwk.set_parameter("d", Some(Value::String(d))).unwrap();
@@ -351,10 +358,10 @@ impl EcKeyPair {
                 .affine_coordinates_gfp(ec_key.group(), &mut x, &mut y, &mut ctx)
                 .unwrap();
 
-            let x = util::num_to_vec(&x, self.curve.coordinate_size());
+            let x = Self::num_to_vec(&x, self.curve.coordinate_size());
             let x = util::encode_base64_urlsafe_nopad(&x);
 
-            let y = util::num_to_vec(&y, self.curve.coordinate_size());
+            let y = Self::num_to_vec(&y, self.curve.coordinate_size());
             let y = util::encode_base64_urlsafe_nopad(&y);
 
             jwk.set_parameter("x", Some(Value::String(x))).unwrap();
@@ -494,6 +501,20 @@ impl EcKeyPair {
 
         builder.build()
     }
+
+    fn num_to_vec(num: &BigNumRef, len: usize) -> Vec<u8> {
+        let vec = num.to_vec();
+        if vec.len() < len {
+            let mut tmp = Vec::with_capacity(len);
+            for _ in 0..(len - vec.len()) {
+                tmp.push(0);
+            }
+            tmp.extend_from_slice(&vec);
+            tmp
+        } else {
+            vec
+        }
+    }
 }
 
 impl KeyPair for EcKeyPair {