jwt
Add support for AES-GCM key wrap algorithms (A128GCMKW, A192GCMKW, A256GCMKW)
Summary
This PR adds support for three new key management algorithms: A128GCMKW, A192GCMKW, and A256GCMKW as defined in RFC 7518.
Changes
New Features:
- Added A128GCMKW, A192GCMKW, and A256GCMKW algorithm implementations
- Added Base class for algorithm implementations to enable header parameter configuration
- Added Validator, Header, and NameResolver classes to improve code organization
- Fixed missing attribute reader for cek in JWE::Alg::AesGcm module
Backward Compatibility:
- All existing public APIs remain functional
- Deprecated several public methods that were not tested and should be internal:
- JWE.check_params, JWE.check_alg, JWE.check_enc, JWE.check_zip, JWE.check_key
- JWE.param_to_class_name
- JWE.apply_zip, JWE.generate_header, JWE.generate_serialization
- All deprecated methods include warning messages with migration guidance
Architecture Changes:
I had to introduce a Base class for algorithms because the new AES-GCM key wrap algorithms need to configure additional parameters in the JWE header (IV and authentication tag). This was not possible with the previous architecture.
I also found it strange that some methods were publicly available but had no tests. Since I wasn't sure if they were intended for external use, I marked them as deprecated instead of making them private. This preserves backward compatibility while discouraging their use.
Let me know if you'd like me to adjust the wording or add anything!
@anakinj Hey 👋, could you please look into this? We are motivated to get those new algorithms supported, please share your feedback, we are happy to adjust the implementation accordingly 🫡
Hi @pandwoter I'll try to find time in the very near future to check this out.
