spec/jwe/alg_spec.rb in jwe-0.2.0 vs spec/jwe/alg_spec.rb in jwe-0.3.0

@@ -1,8 +1,11 @@
 require 'jwe/alg/dir'
 require 'jwe/alg/rsa_oaep'
 require 'jwe/alg/rsa15'
+require 'jwe/alg/a128_kw'
+require 'jwe/alg/a192_kw'
+require 'jwe/alg/a256_kw'
 require 'openssl'
 
 describe JWE::Alg do
   describe '.for' do
     it 'returns a class for the specified alg' do
@@ -60,7 +63,38 @@
   end
 
   it 'decrypts the encrypted key to the original key' do
     ciphertext = alg.encrypt('random key')
     expect(alg.decrypt(ciphertext)).to eq 'random key'
+  end
+end
+
+[
+  JWE::Alg::A128Kw,
+  JWE::Alg::A192Kw,
+  JWE::Alg::A256Kw
+].each_with_index do |klass, i|
+  describe klass do
+    let(:kek) { SecureRandom.random_bytes(16 + i * 8) }
+    let(:cek) { SecureRandom.random_bytes(32) }
+    let(:alg) { klass.new(kek) }
+
+    describe '#encrypt' do
+      it 'returns an encrypted string' do
+        expect(alg.encrypt(cek)).to_not eq cek
+      end
+    end
+
+    it 'decrypts the encrypted key to the original key' do
+      ciphertext = alg.encrypt(cek)
+      expect(alg.decrypt(ciphertext)).to eq cek
+    end
+
+    it 'raises when trying to decrypt tampered keys' do
+      alg = klass.new(kek, "\xA7\xA7\xA7\xA7\xA6\xA6\xA6\xA6")
+      ciphertext = alg.encrypt(cek)
+
+      bad_alg = klass.new(kek, "\xA7\xA7\xA7\xA7\xA7\xA7\xA7\xA7")
+      expect { bad_alg.decrypt(ciphertext) }.to raise_error(StandardError)
+    end
   end
 end