fix: multi-round Concat KDF for ECDH-ES with >256-bit enc keys

The Concat KDF (RFC 7518 §4.6.2) only performed a single SHA-256 round,
breaking ECDH-ES direct key agreement with A192CBC-HS384 (384-bit) and
A256CBC-HS512 (512-bit) content encryption algorithms.

Added 21 JWE tests covering dir+GCM, ECDH-ES+CBC, P-384 curve,
wrong-key rejection, claim validation, and edge cases. Added luacov
coverage tooling (ci-coverage script, 87% line coverage).

858 tests passing.

Author: cdbattags

.gitignore

@@ -1,3 +1,5 @@
 *swp
 t/servroot
 .DS_Store
+luacov.stats.out
+luacov.report.out

.luacov

@@ -0,0 +1,22 @@
+-- luacov configuration
+-- Only instrument our library files, not third-party or test code
+return {
+  statsfile = "luacov.stats.out",
+  reportfile = "luacov.report.out",
+
+  include = {
+    "resty/jwt$",
+    "resty/evp$",
+    "resty/jwt%-validators$",
+    "resty/hmac$",
+    "resty/utils$",
+  },
+
+  exclude = {
+    "luacov$",
+    "luacov/",
+    "cjson",
+    "resty/openssl",
+    "resty/random",
+  },
+}

ci-coverage

@@ -0,0 +1,31 @@
+#!/bin/bash
+set -eo pipefail
+
+IMAGE="cdbattags/openresty-testsuite:latest"
+
+docker run \
+  -i --rm \
+  --entrypoint=/bin/sh \
+  -v "$(pwd)":/lua-resty-jwt \
+  -w /lua-resty-jwt \
+  --name lua-resty-jwt-coverage \
+  "$IMAGE" \
+  -c '
+    luarocks install luacov
+    luarocks make lua-resty-jwt-dev-0.rockspec
+
+    rm -f luacov.stats.out luacov.report.out
+
+    COVERAGE=1 prove -j1 -r t
+    rc=$?
+
+    luacov
+    echo ""
+    echo "========================================"
+    echo "  Coverage Report"
+    echo "========================================"
+    cat luacov.report.out
+
+    rm -rf t/servroot_* 2>/dev/null
+    exit $rc
+  '

lib/resty/jwt.lua

@@ -10,7 +10,7 @@ local openssl_rand = require "resty.openssl.rand"
 local kdf = require "resty.openssl.kdf"
 local utils = require "resty.utils"
 
-local _M = { _VERSION = "0.3.0" }
+local _M = { _VERSION = "0.3.1" }
 
 local mt = {
     __index = _M
@@ -187,7 +187,8 @@ local ec_nid_to_curve = {
   [716] = "secp521r1",
 }
 
--- RFC 7518 Section 4.6.2 - Concat KDF (single-pass SHA-256)
+-- RFC 7518 Section 4.6.2 - Concat KDF (multi-round SHA-256)
+-- reps = ceil(keydatalen / hashlen); hashlen = 256 for SHA-256
 local function derive_shared_key(header, shared_secret_Z)
     local enc = header.enc
     local keydatalen = keydatalen_map[enc]
@@ -219,21 +220,32 @@ local function derive_shared_key(header, shared_secret_Z)
 
     utils.append_array(other_info, utils.integer_to_32_bit_big_endian(keydatalen))
 
+    local hashlen = 256
+    local reps = math.ceil(keydatalen / hashlen)
     local z_bytes = utils.string_to_byte_array(shared_secret_Z)
-    local round_concat = utils.append_array({0, 0, 0, 1}, z_bytes)
-    utils.append_array(round_concat, other_info)
-
-    local input = string_char(unpack(round_concat))
-    local d, err = digest.new("SHA256")
-    if not d then
-        error({reason="failed to create SHA256 digest: " .. (err or "")})
-    end
-    local md, hash_err = d:final(input)
-    if not md then
-        error({reason="failed to compute KDF hash: " .. (hash_err or "")})
+    local derived = {}
+
+    for round = 1, reps do
+        local counter = utils.integer_to_32_bit_big_endian(round)
+        local round_concat = {}
+        utils.append_array(round_concat, counter)
+        utils.append_array(round_concat, z_bytes)
+        utils.append_array(round_concat, other_info)
+
+        local input = string_char(unpack(round_concat))
+        local d, err = digest.new("SHA256")
+        if not d then
+            error({reason="failed to create SHA256 digest: " .. (err or "")})
+        end
+        local md, hash_err = d:final(input)
+        if not md then
+            error({reason="failed to compute KDF hash: " .. (hash_err or "")})
+        end
+        derived[round] = md
     end
 
-    return string_sub(md, 1, keydatalen / 8)
+    local full = table_concat(derived)
+    return string_sub(full, 1, keydatalen / 8)
 end
 
 -- AES Key Wrap (RFC 3394) default IV

t/function-secret.t

@@ -9,6 +9,10 @@ our $HttpConfig = <<'_EOC_';
     lua_package_path 'lib/?.lua;;';
 _EOC_
 
+if ($ENV{COVERAGE}) {
+    $HttpConfig .= "    init_by_lua_block { require('luacov') }\n";
+}
+
 no_long_string();
 
 run_tests();