Skip to content

Add support for AES-GCM key wrap algorithms (A128GCMKW, A192GCMKW, A256GCMKW) #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add support for AES-GCM key wrap algorithms (A128GCMKW, A192GCMKW, A256GCMKW) #38

wants to merge 1 commit into from

Conversation

vyperdon
Copy link

@vyperdon vyperdon commented Oct 8, 2025

Summary

This PR adds support for three new key management algorithms: A128GCMKW, A192GCMKW, and A256GCMKW as defined in RFC 7518.

Changes

New Features:

  • Added A128GCMKW, A192GCMKW, and A256GCMKW algorithm implementations
  • Added Base class for algorithm implementations to enable header parameter configuration
  • Added Validator, Header, and NameResolver classes to improve code organization
  • Fixed missing attribute reader for cek in JWE::Alg::AesGcm module

Backward Compatibility:

  • All existing public APIs remain functional
  • Deprecated several public methods that were not tested and should be internal:
    • JWE.check_params, JWE.check_alg, JWE.check_enc, JWE.check_zip, JWE.check_key
    • JWE.param_to_class_name
    • JWE.apply_zip, JWE.generate_header, JWE.generate_serialization
  • All deprecated methods include warning messages with migration guidance

Architecture Changes:

I had to introduce a Base class for algorithms because the new AES-GCM key wrap algorithms need to configure
additional parameters in the JWE header (IV and authentication tag). This was not possible with the previous
architecture.

I also found it strange that some methods were publicly available but had no tests. Since I wasn't sure if
they were intended for external use, I marked them as deprecated instead of making them private. This
preserves backward compatibility while discouraging their use.

Let me know if you'd like me to adjust the wording or add anything!

@vyperdon vyperdon force-pushed the feature-add-support-aes-gcm-algorithms branch from 7b803be to 9643786 Compare October 8, 2025 21:22
@vyperdon vyperdon marked this pull request as draft October 8, 2025 21:30
@vyperdon
- Add support for AES-GCM key wrap algorithms (A128GCMKW, A192GCMKW, …
8c0c9ee 
…A256GCMKW)

- Add new internal architecture with `Base`, `Validator`, `Header`, and `NameResolver` classes
- Improve code organization with refactored module structure
- RuboCop compliance improvements
- Deprecated `JWE.check_params`, `JWE.check_alg`, `JWE.check_enc`, `JWE.check_zip`, `JWE.check_key` (use `JWE::Validator` instead)
- Deprecated `JWE.param_to_class_name` (use `JWE::NameResolver` instead)
- Deprecated internal methods `JWE.apply_zip`, `JWE.generate_header`, `JWE.generate_serialization`
@vyperdon vyperdon force-pushed the feature-add-support-aes-gcm-algorithms branch from 9643786 to 8c0c9ee Compare October 8, 2025 22:30
@vyperdon vyperdon marked this pull request as ready for review October 8, 2025 22:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vyperdon