diff options
author | bleichen <bleichen@google.com> | 2023-02-24 02:39:24 -0800 |
---|---|---|
committer | Charles Lee <ckl@google.com> | 2023-02-27 16:44:40 -0800 |
commit | e9d7f3a862fe0d9d613762b53110454902198071 (patch) | |
tree | 7b09f57dd4a4976d4efbc5c2b1c46b202bfdc71c | |
parent | 5be6b6eb4474278bad010eee304cc004a196bbb1 (diff) | |
download | wycheproof-e9d7f3a862fe0d9d613762b53110454902198071.tar.gz |
Adding more test vectors for JWK.
There are a few more cases where jose4j does not check the algorithm of the
key. It is for example possible to abuse an AES key as an HMAC key.
NOKEYCHECK=True
PiperOrigin-RevId: 512019595
-rw-r--r-- | java/com/google/security/wycheproof/jose4j/JsonWebKeyTest.java | 11 | ||||
-rw-r--r-- | testvectors/json_web_key_test.json | 460 |
2 files changed, 425 insertions, 46 deletions
diff --git a/java/com/google/security/wycheproof/jose4j/JsonWebKeyTest.java b/java/com/google/security/wycheproof/jose4j/JsonWebKeyTest.java index 6aa82ad..d075dbc 100644 --- a/java/com/google/security/wycheproof/jose4j/JsonWebKeyTest.java +++ b/java/com/google/security/wycheproof/jose4j/JsonWebKeyTest.java @@ -71,7 +71,16 @@ public class JsonWebKeyTest { // 1024 bit RSA keys and keys with public exponent e = 1. // This test vector contains an RSA key with the ROCA vulnerability. // Nothing checks for such weak keys during the verification process. - "jws_rsa_roca_key_rejectsKeyWithRocaVulnerability_tcId7"); + "jws_rsa_roca_key_rejectsKeyWithRocaVulnerability_tcId7", + // The test vector contains a key where the algorithm and curve do not + // match. jose.4.j ignores the algorithm. + "wrong_algorithm_mismatchedAlgAndCurve_tcId19", + // The test vector contains a key with an invalid algorithms "ES224". + // jose.4.j only looks at the curve. + "invalid_algorithm_mismatchedAlgAndCurve_tcId20", + // An AES key should not be usable as an HMAC key. + "invalid_aes_gcm_key_rejectsAesKey_tcId25", + "invalid_aes_kw_key_rejectsAesKey_tcId26"); } /** A JsonWebCryptoTestGroup that contains key information and tests against those keys. */ diff --git a/testvectors/json_web_key_test.json b/testvectors/json_web_key_test.json index 1f4002c..8dcd2d6 100644 --- a/testvectors/json_web_key_test.json +++ b/testvectors/json_web_key_test.json @@ -1,6 +1,6 @@ { "generatorVersion" : "0.3", - "numberOfTests" : 15, + "numberOfTests" : 26, "header" : [ "Test vectors of type JsonWebKey are intended for tests that verify the ", "validation of keysets of a JSON Web Encryption/Signature library." @@ -248,29 +248,34 @@ "comment": "keysize_too_small", "private": { "keys" : [ - { - "kty" : "RSA", - "use" : "sig", - "alg" : "RS256", - "n" : "rJBIp6T1YK-RtPyvYqFFlcucqewSAA_IReSFchE8qyiQrbARqRlXWkB2DR8j_pJQnIpYELbQWZC5Cd0PTGAU8rMbar2AW6zpmBbi7aQf17lUBdt8XI9M9rq7FPVQ1dDdUXm1SVH_9qqWhvMPR422SbfHBEzCAtzK0ANDRo6qz78", - "e" : "AQAB", - "kid" : "RS256_1024", - "d" : "DDpubTOc0DAQ0LT5QeSwvcEy34p8ttsBDUB42yqKh7-occGg0FodEEAYikYZjGAjUzx6EIRYtlTkyX4_QWFe11T83kaaq8cGaeVHOQO9X7jE6a4OXDXtQfuGFnwY7p9gsh7ubF4wluscZSgx-ORdWYw6KdMMlvOmjbMFkf2bY30", - "p" : "05fc-rSRnbI7triMRRFRb2E14RGCd-SWEw8Mqzp1ZhAQzJjsj0DNsMGrYSwDu-OwI9iR9GGFeI-xFEN8iprnHQ", - "q" : "0MeAUVlQndrXDzW5p2x8K9lahE02t22WE4z8eipV-IBy6LEKw3Rjyvm_jRAUyToAEhTXziMMgzL7WNrbBdUviw", - "dp" : "di08S32sUpIoTb43AaBRhk6Z5BF-d-3gb9aY8c1dolpYt5y1irDb8NvKFySZFUhuqSadJguNmy9N7I5gsZ0gdQ", - "dq" : "YqTwbv9JRNxiYpBa4M00Oi-fQgWNhctkbmZd4IbiSeC-6kzELidvAzdPlyHzAETERcbNVFthDRhog8ocVDwvEw", - "qi" : "PPzwRANcGFRHXh26SArFDSoFnzLRjoGclqMZmx44VaZT7A5Vd-TXZ31uC3pV_EGLEyAu4ZQwIoxL-dKK-IUcmw" - }]}, + { + "kty" : "RSA", + "use" : "sig", + "alg" : "RS256", + "n" : "rJBIp6T1YK-RtPyvYqFFlcucqewSAA_IReSFchE8qyiQrbARqRlXWkB2DR8j_pJQnIpYELbQWZC5Cd0PTGAU8rMbar2AW6zpmBbi7aQf17lUBdt8XI9M9rq7FPVQ1dDdUXm1SVH_9qqWhvMPR422SbfHBEzCAtzK0ANDRo6qz78", + "e" : "AQAB", + "kid" : "RS256_1024", + "d" : "DDpubTOc0DAQ0LT5QeSwvcEy34p8ttsBDUB42yqKh7-occGg0FodEEAYikYZjGAjUzx6EIRYtlTkyX4_QWFe11T83kaaq8cGaeVHOQO9X7jE6a4OXDXtQfuGFnwY7p9gsh7ubF4wluscZSgx-ORdWYw6KdMMlvOmjbMFkf2bY30", + "p" : "05fc-rSRnbI7triMRRFRb2E14RGCd-SWEw8Mqzp1ZhAQzJjsj0DNsMGrYSwDu-OwI9iR9GGFeI-xFEN8iprnHQ", + "q" : "0MeAUVlQndrXDzW5p2x8K9lahE02t22WE4z8eipV-IBy6LEKw3Rjyvm_jRAUyToAEhTXziMMgzL7WNrbBdUviw", + "dp" : "di08S32sUpIoTb43AaBRhk6Z5BF-d-3gb9aY8c1dolpYt5y1irDb8NvKFySZFUhuqSadJguNmy9N7I5gsZ0gdQ", + "dq" : "YqTwbv9JRNxiYpBa4M00Oi-fQgWNhctkbmZd4IbiSeC-6kzELidvAzdPlyHzAETERcbNVFthDRhog8ocVDwvEw", + "qi" : "PPzwRANcGFRHXh26SArFDSoFnzLRjoGclqMZmx44VaZT7A5Vd-TXZ31uC3pV_EGLEyAu4ZQwIoxL-dKK-IUcmw" + } + ] + }, "public" : { - "keys" : [{ - "kty" : "RSA", - "use" : "sig", - "alg" : "RS256", - "n" : "rJBIp6T1YK-RtPyvYqFFlcucqewSAA_IReSFchE8qyiQrbARqRlXWkB2DR8j_pJQnIpYELbQWZC5Cd0PTGAU8rMbar2AW6zpmBbi7aQf17lUBdt8XI9M9rq7FPVQ1dDdUXm1SVH_9qqWhvMPR422SbfHBEzCAtzK0ANDRo6qz78", - "e" : "AQAB", - "kid" : "RS256_1024" - }]}, + "keys" : [ + { + "kty" : "RSA", + "use" : "sig", + "alg" : "RS256", + "n" : "rJBIp6T1YK-RtPyvYqFFlcucqewSAA_IReSFchE8qyiQrbARqRlXWkB2DR8j_pJQnIpYELbQWZC5Cd0PTGAU8rMbar2AW6zpmBbi7aQf17lUBdt8XI9M9rq7FPVQ1dDdUXm1SVH_9qqWhvMPR422SbfHBEzCAtzK0ANDRo6qz78", + "e" : "AQAB", + "kid" : "RS256_1024" + } + ] + }, "tests" : [ { "tcId" : 8, @@ -286,29 +291,34 @@ "comment": "exponentOne", "private": { "keys" : [ - { - "kty" : "RSA", - "use" : "sig", - "alg" : "RS256", - "n" : "u-SfdHPjFtGmzuoH6gheIIZ4nLwUHBQEtFGqOe0N8JuZUc5VOzlI8yl0r8ESilAouttkdftexj4VFJz5R9FH90ypVQDPL0H4mC_RtkcJ1DBB8MriU8dmzqSXP1SBs4s5L-pJWxKKLjXddD6gXJZ7HT_aPl2olvlLh8JkD_52U6sjdeP3OWDKvMu5GsrMlS9XJCVaCx8r9698OEElwK-ZW9PztgTSb-MvyTuyzis5Yc13n_z0wMLahpDilI2fzNsZ3yH6htu4VXPraSEZV6C0Z7epAAAUqiUnxh3WRupEICaewYEnW3MVS2hHwLwtPu_RR0XHoZr1oPSlQMP3Zi2QKw", - "e" : "AQ", - "kid" : "RS256_2048", - "d" : "AQ", - "p" : "3IPTertqAkvQnaJsrPPYTLXhHzpTUKAFmFlNhP7-VeidMyg-dvr-NmPaC5iQCvWraXgO2Xh-yjPC5gTFG8Qx8IZtax4DNp9yQV5qVMohs-YXtfd4afaLqvffRAXBZlKTL5tquubSQqMwJ5HLqwAZzCgifi3KXRhsf9wUom3UFKs", - "q" : "2iDt2_MW5MEB9qXDMNJ9FAEBeppGkiRTwFH4KJkbvTVDUaN1HCLklQJPJsF7J9ylLOgx7-KFhPFJrrc9GLWISxv6Rp7ciKHHuIjzPkuNxJbq3La3-x5thGll9JXvEX2lDojUx2uedw3Xiu04-ECRbVvauF-CsN29C413gzlRcoE", - "dp" : "AQ", - "dq" : "AQ", - "qi" : "kBgmwm2yaYSIqUD6NVBwffWokCg_FSxTwaVZq6xv9WAz9mcIz81VFDLkP1_K6XsdnZiMX9p2pZg02TmKXX-nMT5128ueofiqvmTa_4FVqqOzYYoY4sdYMXR1z_rYroeRttojYWG1udmctHWDhNUUofSsCo08c7owVRShq1oSjlE" - }]}, + { + "kty" : "RSA", + "use" : "sig", + "alg" : "RS256", + "n" : "u-SfdHPjFtGmzuoH6gheIIZ4nLwUHBQEtFGqOe0N8JuZUc5VOzlI8yl0r8ESilAouttkdftexj4VFJz5R9FH90ypVQDPL0H4mC_RtkcJ1DBB8MriU8dmzqSXP1SBs4s5L-pJWxKKLjXddD6gXJZ7HT_aPl2olvlLh8JkD_52U6sjdeP3OWDKvMu5GsrMlS9XJCVaCx8r9698OEElwK-ZW9PztgTSb-MvyTuyzis5Yc13n_z0wMLahpDilI2fzNsZ3yH6htu4VXPraSEZV6C0Z7epAAAUqiUnxh3WRupEICaewYEnW3MVS2hHwLwtPu_RR0XHoZr1oPSlQMP3Zi2QKw", + "e" : "AQ", + "kid" : "RS256_2048", + "d" : "AQ", + "p" : "3IPTertqAkvQnaJsrPPYTLXhHzpTUKAFmFlNhP7-VeidMyg-dvr-NmPaC5iQCvWraXgO2Xh-yjPC5gTFG8Qx8IZtax4DNp9yQV5qVMohs-YXtfd4afaLqvffRAXBZlKTL5tquubSQqMwJ5HLqwAZzCgifi3KXRhsf9wUom3UFKs", + "q" : "2iDt2_MW5MEB9qXDMNJ9FAEBeppGkiRTwFH4KJkbvTVDUaN1HCLklQJPJsF7J9ylLOgx7-KFhPFJrrc9GLWISxv6Rp7ciKHHuIjzPkuNxJbq3La3-x5thGll9JXvEX2lDojUx2uedw3Xiu04-ECRbVvauF-CsN29C413gzlRcoE", + "dp" : "AQ", + "dq" : "AQ", + "qi" : "kBgmwm2yaYSIqUD6NVBwffWokCg_FSxTwaVZq6xv9WAz9mcIz81VFDLkP1_K6XsdnZiMX9p2pZg02TmKXX-nMT5128ueofiqvmTa_4FVqqOzYYoY4sdYMXR1z_rYroeRttojYWG1udmctHWDhNUUofSsCo08c7owVRShq1oSjlE" + } + ] + }, "public" : { - "keys" : [{ - "kty" : "RSA", - "use" : "sig", - "alg" : "RS256", - "n" : "u-SfdHPjFtGmzuoH6gheIIZ4nLwUHBQEtFGqOe0N8JuZUc5VOzlI8yl0r8ESilAouttkdftexj4VFJz5R9FH90ypVQDPL0H4mC_RtkcJ1DBB8MriU8dmzqSXP1SBs4s5L-pJWxKKLjXddD6gXJZ7HT_aPl2olvlLh8JkD_52U6sjdeP3OWDKvMu5GsrMlS9XJCVaCx8r9698OEElwK-ZW9PztgTSb-MvyTuyzis5Yc13n_z0wMLahpDilI2fzNsZ3yH6htu4VXPraSEZV6C0Z7epAAAUqiUnxh3WRupEICaewYEnW3MVS2hHwLwtPu_RR0XHoZr1oPSlQMP3Zi2QKw", - "e" : "AQ", - "kid" : "RS256_2048" - }]}, + "keys" : [ + { + "kty" : "RSA", + "use" : "sig", + "alg" : "RS256", + "n" : "u-SfdHPjFtGmzuoH6gheIIZ4nLwUHBQEtFGqOe0N8JuZUc5VOzlI8yl0r8ESilAouttkdftexj4VFJz5R9FH90ypVQDPL0H4mC_RtkcJ1DBB8MriU8dmzqSXP1SBs4s5L-pJWxKKLjXddD6gXJZ7HT_aPl2olvlLh8JkD_52U6sjdeP3OWDKvMu5GsrMlS9XJCVaCx8r9698OEElwK-ZW9PztgTSb-MvyTuyzis5Yc13n_z0wMLahpDilI2fzNsZ3yH6htu4VXPraSEZV6C0Z7epAAAUqiUnxh3WRupEICaewYEnW3MVS2hHwLwtPu_RR0XHoZr1oPSlQMP3Zi2QKw", + "e" : "AQ", + "kid" : "RS256_2048" + } + ] + }, "tests" : [ { "tcId" : 9, @@ -462,6 +472,366 @@ "flags": [] } ] + }, + { + "type": "JsonWebKey", + "comment": "HS256", + "private": { + "keys": [ + { + "kty": "oct", + "use": "sig", + "kid": "hs256_key", + "alg": "HS256", + "k": "" + } + ] + }, + "tests": [ + { + "tcId": 16, + "comment": "empty_key", + "jws": "eyJhbGciOiJIUzI1NiIsImtpZCI6ImhzMjU2X2tleSJ9.Zm9v.fyLEImF-r3ro2KJGK6cE1r304rKYqPMDLOwWF7A8cn4", + "result": "invalid", + "flags": [] + } + ] + }, + { + "type": "JsonWebKey", + "comment": "HS384", + "private": { + "keys": [ + { + "kty": "oct", + "use": "sig", + "kid": "hs384_key", + "alg": "HS384", + "k": "" + } + ] + }, + "tests": [ + { + "tcId": 17, + "comment": "empty_key", + "jws": "eyJhbGciOiJIUzM4NCIsImtpZCI6ImhzMzg0X2tleSJ9.Zm9v.MucSluWWs1vlepYBpVrIrCv9_j1E3QjP2_bjx6Elmv6hs08BFpZHZgAzKmkuE8Hq", + "result": "invalid", + "flags": [] + } + ] + }, + { + "type": "JsonWebKey", + "comment": "HS512", + "private": { + "keys": [ + { + "kty": "oct", + "use": "sig", + "kid": "hs512_key", + "alg": "HS512", + "k": "" + } + ] + }, + "tests": [ + { + "tcId": 18, + "comment": "empty_key", + "jws": "eyJhbGciOiJIUzUxMiIsImtpZCI6ImhzNTEyX2tleSJ9.Zm9v.DvLOFJrm8h9rvMXLtami3YIXZXrDVxnKAjputDbIo4NWt5WvfCkV7xlf8kqOhmQeBSi38VBBSI-Jl0tqJvrfNg", + "result": "invalid", + "flags": [] + } + ] + }, + { + "type": "JsonWebKey", + "comment": "wrong_algorithm", + "private": { + "keys" : [ + { + "alg": "ES521", + "use": "sig", + "x": "04N0xi21hshyvBp7I167sbE_bXqyqkAPfefdklMO7wY", + "y": "UI8exy-C06a7DUnjIdENkxeFtHM4-l_41LqEw9nVgmw", + "crv": "P-256", + "d": "yy49oPcINGK2ps0LmtxpB6UTEOiITghHBif6wDqmJ3c", + "kid": "kid-ec-sign", + "kty": "EC" + } + ] + }, + "public": { + "keys" : [ + { + "alg": "ES521", + "use": "sig", + "x": "04N0xi21hshyvBp7I167sbE_bXqyqkAPfefdklMO7wY", + "y": "UI8exy-C06a7DUnjIdENkxeFtHM4-l_41LqEw9nVgmw", + "crv": "P-256", + "kid": "kid-ec-sign", + "kty": "EC" + } + ] + }, + "tests": [ + { + "tcId": 19, + "comment": "mismatchedAlgAndCurve", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.5cA0OHyMP7ezamUd5c9kV-FrGxdx4hbGXOdplQkutrqWrte5P-pAvsE3Ve6xSyU3YDQwUHjVVOtvcrEbbnZ8yA", + "result": "invalid", + "flags": [] + } + ] + }, + { + "type": "JsonWebKey", + "comment": "invalid_algorithm", + "private": { + "keys" : [ + { + "alg": "ES224", + "use": "sig", + "x": "04N0xi21hshyvBp7I167sbE_bXqyqkAPfefdklMO7wY", + "y": "UI8exy-C06a7DUnjIdENkxeFtHM4-l_41LqEw9nVgmw", + "crv": "P-256", + "d": "yy49oPcINGK2ps0LmtxpB6UTEOiITghHBif6wDqmJ3c", + "kid": "kid-ec-sign", + "kty": "EC" + } + ] + }, + "public": { + "keys" : [ + { + "alg": "ES224", + "use": "sig", + "x": "04N0xi21hshyvBp7I167sbE_bXqyqkAPfefdklMO7wY", + "y": "UI8exy-C06a7DUnjIdENkxeFtHM4-l_41LqEw9nVgmw", + "crv": "P-256", + "kid": "kid-ec-sign", + "kty": "EC" + } + ] + }, + "tests": [ + { + "tcId": 20, + "comment": "mismatchedAlgAndCurve", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.5cA0OHyMP7ezamUd5c9kV-FrGxdx4hbGXOdplQkutrqWrte5P-pAvsE3Ve6xSyU3YDQwUHjVVOtvcrEbbnZ8yA", + "result": "invalid", + "flags": [] + } + ] + }, + { + "type": "JsonWebKey", + "comment": "invalid_use", + "private": { + "keys" : [ + { + "alg": "ES256", + "use": "enc", + "x": "04N0xi21hshyvBp7I167sbE_bXqyqkAPfefdklMO7wY", + "y": "UI8exy-C06a7DUnjIdENkxeFtHM4-l_41LqEw9nVgmw", + "crv": "P-256", + "d": "yy49oPcINGK2ps0LmtxpB6UTEOiITghHBif6wDqmJ3c", + "kid": "kid-ec-sign", + "kty": "EC" + } + ] + }, + "public": { + "keys" : [ + { + "alg": "ES256", + "use": "enc", + "x": "04N0xi21hshyvBp7I167sbE_bXqyqkAPfefdklMO7wY", + "y": "UI8exy-C06a7DUnjIdENkxeFtHM4-l_41LqEw9nVgmw", + "crv": "P-256", + "kid": "kid-ec-sign", + "kty": "EC" + } + ] + }, + "tests": [ + { + "tcId": 21, + "comment": "rejectsModifiedKey", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.5cA0OHyMP7ezamUd5c9kV-FrGxdx4hbGXOdplQkutrqWrte5P-pAvsE3Ve6xSyU3YDQwUHjVVOtvcrEbbnZ8yA", + "result": "invalid", + "flags": [] + } + ] + }, + { + "type": "JsonWebKey", + "comment": "invalid_point", + "private": { + "keys" : [ + { + "alg": "ES256", + "use": "sig", + "x": "04N0xi21hshyvBp7I167sbE_bXqyqkAPfefdklMO7wY", + "y": "UI8exy-C06a7DUnjIdENkxeFtHM4-l_41LqEw9nVgnw", + "crv": "P-256", + "d": "yy49oPcINGK2ps0LmtxpB6UTEOiITghHBif6wDqmJ3c", + "kid": "kid-ec-sign", + "kty": "EC" + } + ] + }, + "public": { + "keys" : [ + { + "alg": "ES256", + "use": "sig", + "x": "04N0xi21hshyvBp7I167sbE_bXqyqkAPfefdklMO7wY", + "y": "UI8exy-C06a7DUnjIdENkxeFtHM4-l_41LqEw9nVgnw", + "crv": "P-256", + "kid": "kid-ec-sign", + "kty": "EC" + } + ] + }, + "tests": [ + { + "tcId": 22, + "comment": "rejectsModifiedKey", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.5cA0OHyMP7ezamUd5c9kV-FrGxdx4hbGXOdplQkutrqWrte5P-pAvsE3Ve6xSyU3YDQwUHjVVOtvcrEbbnZ8yA", + "result": "invalid", + "flags": [] + } + ] + }, + { + "type": "JsonWebKey", + "comment": "wrong_curve", + "private": { + "keys" : [ + { + "alg": "ES256", + "use": "sig", + "x": "04N0xi21hshyvBp7I167sbE_bXqyqkAPfefdklMO7wY", + "y": "UI8exy-C06a7DUnjIdENkxeFtHM4-l_41LqEw9nVgmw", + "crv": "P-384", + "d": "yy49oPcINGK2ps0LmtxpB6UTEOiITghHBif6wDqmJ3c", + "kid": "kid-ec-sign", + "kty": "EC" + } + ] + }, + "public": { + "keys" : [ + { + "alg": "ES256", + "use": "sig", + "x": "04N0xi21hshyvBp7I167sbE_bXqyqkAPfefdklMO7wY", + "y": "UI8exy-C06a7DUnjIdENkxeFtHM4-l_41LqEw9nVgmw", + "crv": "P-384", + "kid": "kid-ec-sign", + "kty": "EC" + } + ] + }, + "tests": [ + { + "tcId": 23, + "comment": "rejectsModifiedKey", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.5cA0OHyMP7ezamUd5c9kV-FrGxdx4hbGXOdplQkutrqWrte5P-pAvsE3Ve6xSyU3YDQwUHjVVOtvcrEbbnZ8yA", + "result": "invalid", + "flags": [] + } + ] + }, + { + "type": "JsonWebKey", + "comment": "wrong_kty", + "private": { + "keys" : [ + { + "alg": "ES256", + "use": "sig", + "x": "04N0xi21hshyvBp7I167sbE_bXqyqkAPfefdklMO7wY", + "y": "UI8exy-C06a7DUnjIdENkxeFtHM4-l_41LqEw9nVgmw", + "crv": "P-256", + "d": "yy49oPcINGK2ps0LmtxpB6UTEOiITghHBif6wDqmJ3c", + "kid": "kid-ec-sign", + "kty": "RSA" + } + ] + }, + "public": { + "keys" : [ + { + "alg": "ES256", + "use": "sig", + "x": "04N0xi21hshyvBp7I167sbE_bXqyqkAPfefdklMO7wY", + "y": "UI8exy-C06a7DUnjIdENkxeFtHM4-l_41LqEw9nVgmw", + "crv": "P-256", + "kid": "kid-ec-sign", + "kty": "RSA" + } + ] + }, + "tests": [ + { + "tcId": 24, + "comment": "rejectsModifiedKey", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.5cA0OHyMP7ezamUd5c9kV-FrGxdx4hbGXOdplQkutrqWrte5P-pAvsE3Ve6xSyU3YDQwUHjVVOtvcrEbbnZ8yA", + "result": "invalid", + "flags": [] + } + ] + }, + { + "type" : "JsonWebKey", + "comment": "invalid_aes_gcm_key", + "private" : { + "keys" : [ + { + "alg" : "A256GCM", + "use" : "sig", + "k" : "-ebuDNsVZ2iJtoZ-akfXTSCt4UO2cruLCsbWlBinggE", + "kid" : "kid-aes-sign", + "kty" : "oct" + } + ] + }, + "tests" : [ + { + "tcId" : 25, + "comment" : "rejectsAesKey", + "jws" : "eyJhbGciOiJIUzI1NiIsImtpZCI6ImtpZC1hZXMtc2lnbiJ9.Zm9v.TD37p4c_0jmreSrBSDmE0F3mYSPtkZ3WrSyI5wb_KTg", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "type" : "JsonWebKey", + "comment": "invalid_aes_kw_key", + "private" : { + "keys" : [ + { + "alg" : "A256KW", + "use" : "sig", + "k" : "-ebuDNsVZ2iJtoZ-akfXTSCt4UO2cruLCsbWlBinggE", + "kid" : "kid-aes-sign", + "kty" : "oct" + } + ] + }, + "tests" : [ + { + "tcId" : 26, + "comment" : "rejectsAesKey", + "jws" : "eyJhbGciOiJIUzI1NiIsImtpZCI6ImtpZC1hZXMtc2lnbiJ9.Zm9v.TD37p4c_0jmreSrBSDmE0F3mYSPtkZ3WrSyI5wb_KTg", + "result" : "invalid", + "flags" : [] + } + ] } ] } |