def test_cose_decode_mac_with_multiple_keys_without_kid(self, ctx):
key = COSEKey.from_symmetric_key(alg="HS256")
material1 = base64.urlsafe_b64encode(token_bytes(16)).decode()
material2 = base64.urlsafe_b64encode(token_bytes(16)).decode()
material3 = base64.urlsafe_b64encode(token_bytes(16)).decode()
r1 = Recipient.from_jwk({
"kty": "oct",
"alg": "A128KW",
"k": material1
})
r2 = Recipient.from_jwk({
"kty": "oct",
"alg": "A128KW",
"k": material2
})
r1.apply(key)
r2.apply(key)
encoded = ctx.encode_and_mac(b"Hello world!", key, recipients=[r2, r1])
shared_key1 = COSEKey.from_jwk({
"kty": "oct",
"alg": "A128KW",
"k": material1
})
shared_key3 = COSEKey.from_jwk({
"kty": "oct",
"alg": "A128KW",
"k": material3
})
assert b"Hello world!" == ctx.decode(encoded,
keys=[shared_key3, shared_key1])
def test_cose_usage_examples_cose_mac_direct(self):
mac_key = COSEKey.from_symmetric_key(alg="HS512", kid="01")
r = Recipient.from_jwk({"alg": "direct"})
r.apply(mac_key)
ctx = COSE.new()
encoded = ctx.encode_and_mac(b"Hello world!", mac_key, recipients=[r])
assert b"Hello world!" == ctx.decode(encoded, mac_key)
r2 = Recipient.new(unprotected={"alg": "direct"})
r2.apply(mac_key)
encoded2 = ctx.encode_and_mac(b"Hello world!",
mac_key,
recipients=[r2])
assert b"Hello world!" == ctx.decode(encoded2, mac_key)
r3 = Recipient.new(unprotected={1: -6})
r3.apply(mac_key)
encoded3 = ctx.encode_and_mac(b"Hello world!",
mac_key,
recipients=[r3])
assert b"Hello world!" == ctx.decode(encoded3, mac_key)
assert encoded == encoded2 == encoded3
def test_cose_usage_examples_cose_encrypt(self):
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
nonce = enc_key.generate_nonce()
r = Recipient.from_jwk({"alg": "direct"})
r.apply(enc_key)
ctx = COSE.new()
encoded = ctx.encode_and_encrypt(
b"Hello world!",
enc_key,
nonce=nonce,
recipients=[r],
)
assert b"Hello world!" == ctx.decode(encoded, enc_key)
r = Recipient.new(unprotected={"alg": "direct"})
r.apply(enc_key)
encoded2 = ctx.encode_and_encrypt(
b"Hello world!",
enc_key,
nonce=nonce,
recipients=[r],
)
assert b"Hello world!" == ctx.decode(encoded2, enc_key)
encoded3 = ctx.encode_and_encrypt(
b"Hello world!",
enc_key,
nonce=nonce,
recipients=[r],
)
assert b"Hello world!" == ctx.decode(encoded3, enc_key)
assert encoded == encoded2 == encoded3
def test_recipients_extract_with_multiple_materials(
self, material, context):
r1 = Recipient.from_jwk({
"alg": "direct",
"kid": "01",
})
r2 = Recipient.from_jwk({
"alg": "direct+HKDF-SHA-256",
"kid": "02",
"salt": "aabbccddeeffgghh",
})
rs = Recipients([r1, r2])
key = rs.extract(context=context, keys=[material])
assert key.alg == 10
assert key.kid == b"02"
def test_cose_wg_examples_aes_wrap_128_03(self):
cwt_str = "D8618543A10107A054546869732069732074686520636F6E74656E742E58400021C21B2A7FADB677DAB64389B3FDA4AAC892D5C81B786A459E4182104A1501462FFD471422AF4D48BEEB864951D5947A55E3155E670DFC4A96017B0FD0E725818340A20122044A6F75722D7365637265745848792C46CE0BC689747133FA0DB1F5E2BC4DAAE22F906E93DFCA2DF44F0DF6C2CEF16EA8FC91D52AD662C4B49DD0D689E1086EC754347957F80F95C92C887521641B8F637D91C6E258"
mac_key = COSEKey.from_symmetric_key(
bytes.fromhex(
"DDDC08972DF9BE62855291A17A1B4CF767C2DC762CB551911893BF7754988B0A286127BFF5D60C4CBC877CAC4BF3BA02C07AD544C951C3CA2FC46B70219BC3DC"
),
alg="HS512",
)
recipient = Recipient.from_jwk(
{
"kty": "oct",
"alg": "A128KW",
"kid": "our-secret",
"k": "hJtXIZ2uSN5kbQfbtTNWbg",
}, )
recipient.apply(mac_key)
ctx = COSE.new()
encoded = ctx.encode_and_mac(
b"This is the content.",
key=mac_key,
protected={1: 7},
recipients=[recipient],
)
assert encoded == bytes.fromhex(cwt_str)
key = COSEKey.from_jwk(
{
"kty": "oct",
"alg": "A128KW",
"kid": "our-secret",
"k": "hJtXIZ2uSN5kbQfbtTNWbg",
}, )
res = ctx.decode(encoded, keys=[key])
assert res == b"This is the content."
def test_cose_usage_examples_cose_encrypt_ecdh_ss_a128kw(self):
# The sender side:
enc_key = COSEKey.from_symmetric_key(alg="A128GCM")
nonce = enc_key.generate_nonce()
r = Recipient.from_jwk({
"kty":
"EC",
"crv":
"P-256",
"alg":
"ECDH-SS+A128KW",
"x":
"7cvYCcdU22WCwW1tZXR8iuzJLWGcd46xfxO1XJs-SPU",
"y":
"DzhJXgz9RI6TseNmwEfLoNVns8UmvONsPzQDop2dKoo",
"d":
"Uqr4fay_qYQykwcNCB2efj_NFaQRRQ-6fHZm763jt5w",
})
pub_key = COSEKey.from_jwk({
"kty":
"EC",
"crv":
"P-256",
"kid":
"*****@*****.**",
"x":
"Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y":
"HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
})
r.apply(enc_key, recipient_key=pub_key, context={"alg": "A128GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(
b"Hello world!",
key=enc_key,
nonce=nonce,
recipients=[r],
)
# The recipient side:
priv_key = COSEKey.from_jwk({
"kty":
"EC",
"crv":
"P-256",
"alg":
"ECDH-SS+A128KW",
"kid":
"*****@*****.**",
"x":
"Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y":
"HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
"d":
"r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
})
assert b"Hello world!" == ctx.decode(encoded,
priv_key,
context={"alg": "A128GCM"})
def test_cose_usage_examples_cose_mac_aes_key_wrap(self):
# The sender side:
mac_key = COSEKey.from_symmetric_key(alg="HS512")
r = Recipient.from_jwk(
{
"kty": "oct",
"alg": "A128KW",
"kid": "01",
"k": "hJtXIZ2uSN5kbQfbtTNWbg", # A shared wrapping key
}, )
r.apply(mac_key)
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_mac(b"Hello world!",
key=mac_key,
recipients=[r])
# The recipient side:
shared_key = COSEKey.from_jwk(
{
"kty": "oct",
"alg": "A128KW",
"kid": "01",
"k": "hJtXIZ2uSN5kbQfbtTNWbg",
}, )
assert b"Hello world!" == ctx.decode(encoded, shared_key)
def test_cose_decode_ecdh_aes_key_wrap_without_context(self):
with open(key_path("public_key_es256.pem")) as key_file:
public_key = COSEKey.from_pem(key_file.read(), kid="01")
enc_key = COSEKey.from_symmetric_key(alg="A128GCM")
recipient = Recipient.from_jwk({
"kty": "EC",
"crv": "P-256",
"alg": "ECDH-ES+A128KW"
})
recipient.apply(enc_key,
recipient_key=public_key,
context={"alg": "A128GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(
b"This is the content.",
key=enc_key,
recipients=[recipient],
)
with open(key_path("private_key_es256.pem")) as key_file:
private_key = COSEKey.from_pem(key_file.read(), kid="01")
with pytest.raises(ValueError) as err:
ctx.decode(encoded, private_key)
pytest.fail("decode should fail.")
assert "context should be set." in str(err.value)
def test_cose_decode_mac_with_different_multiple_keys_2(self):
ctx = COSE.new(alg_auto_inclusion=True, verify_kid=True)
key = COSEKey.from_symmetric_key(alg="HS256")
material1 = base64.urlsafe_b64encode(token_bytes(16)).decode()
material2 = base64.urlsafe_b64encode(token_bytes(16)).decode()
material3 = base64.urlsafe_b64encode(token_bytes(16)).decode()
r2 = Recipient.from_jwk({
"kid": "03",
"kty": "oct",
"alg": "A128KW",
"k": material2
})
r2.apply(key)
encoded = ctx.encode_and_mac(b"Hello world!", key, recipients=[r2])
shared_key1 = COSEKey.from_jwk({
"kid": "01",
"kty": "oct",
"alg": "A128KW",
"k": material1
})
shared_key3 = COSEKey.from_jwk({
"kid": "02",
"kty": "oct",
"alg": "A128KW",
"k": material3
})
with pytest.raises(ValueError) as err:
ctx.decode(encoded, keys=[shared_key1, shared_key3])
pytest.fail("decode() should fail.")
assert "key is not found." in str(err.value)
def test_recipient_from_jwk_with_context(self):
recipient = Recipient.from_jwk({
"kty": "oct",
"alg": "direct+HKDF-SHA-256",
"context": {
"apu": {
"id": "sender-01",
"nonce": "xxx",
"other": "yyy",
},
"apv": {
"id": "recipient-01",
"nonce": "abc",
"other": "def",
},
},
})
assert isinstance(recipient, RecipientInterface)
assert recipient.alg == -10
assert recipient._unprotected[-21] == b"sender-01"
assert recipient._unprotected[-22] == b"xxx"
assert recipient._unprotected[-23] == b"yyy"
assert recipient._unprotected[-24] == b"recipient-01"
assert recipient._unprotected[-25] == b"abc"
assert recipient._unprotected[-26] == b"def"
def test_cose_wg_examples_ecdh_wrap_p256_ss_wrap_128_01(self):
# The sender side:
enc_key = COSEKey.from_symmetric_key(
# bytes.fromhex("B2353161740AACF1F7163647984B522A"),
alg="A128GCM", )
rec = Recipient.from_jwk({
"kty":
"EC",
"crv":
"P-256",
"alg":
"ECDH-SS+A128KW",
"x":
"7cvYCcdU22WCwW1tZXR8iuzJLWGcd46xfxO1XJs-SPU",
"y":
"DzhJXgz9RI6TseNmwEfLoNVns8UmvONsPzQDop2dKoo",
"d":
"Uqr4fay_qYQykwcNCB2efj_NFaQRRQ-6fHZm763jt5w",
})
pub_key = COSEKey.from_jwk({
"kty":
"EC",
"crv":
"P-256",
"kid":
"*****@*****.**",
"x":
"Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y":
"HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
# "d":"r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8"
})
rec.apply(enc_key, recipient_key=pub_key, context={"alg": "A128GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(
b"This is the content.",
key=enc_key,
nonce=b"\x02\xd1\xf7\xe6\xf2lC\xd4\x86\x8d\x87\xce",
recipients=[rec],
)
# The recipient side:
priv_key = COSEKey.from_jwk({
"kty":
"EC",
"crv":
"P-256",
"alg":
"ECDH-SS+A128KW",
"kid":
"*****@*****.**",
"x":
"Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y":
"HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
"d":
"r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
})
assert b"This is the content." == ctx.decode(
encoded, priv_key, context={"alg": "A128GCM"})
def test_cose_decode_mac_with_multiple_keys_with_verify_kid_and_protected_kid(
self):
ctx = COSE.new(alg_auto_inclusion=True, verify_kid=True)
key = COSEKey.from_symmetric_key(alg="HS256")
material1 = base64.urlsafe_b64encode(token_bytes(16)).decode()
material2 = base64.urlsafe_b64encode(token_bytes(16)).decode()
material3 = base64.urlsafe_b64encode(token_bytes(16)).decode()
shared_key1 = COSEKey.from_jwk({
"kty": "oct",
"alg": "A128KW",
"k": material1
})
shared_key2 = COSEKey.from_jwk({
"kty": "oct",
"alg": "A128KW",
"k": material2
})
shared_key3 = COSEKey.from_jwk({
"kty": "oct",
"alg": "A128KW",
"k": material3
})
r1 = Recipient.new(protected={1: -3, 4: b"01"}, sender_key=shared_key1)
r2 = Recipient.new(protected={1: -3, 4: b"02"}, sender_key=shared_key2)
r1.apply(key)
r2.apply(key)
encoded = ctx.encode_and_mac(b"Hello world!", key, recipients=[r2, r1])
shared_key1 = COSEKey.from_jwk({
"kid": "01",
"kty": "oct",
"alg": "A128KW",
"k": material1
})
shared_key3 = COSEKey.from_jwk({
"kid": "03",
"kty": "oct",
"alg": "A128KW",
"k": material3
})
assert b"Hello world!" == ctx.decode(encoded,
keys=[shared_key3, shared_key1])
def test_recipient_from_jwk_with_dict(self):
recipient = Recipient.from_jwk({
"kty": "oct",
"alg": "A128KW",
"key_ops": ["wrapKey"]
})
assert isinstance(recipient, RecipientInterface)
assert recipient.alg == -3
def test_recipients_constructor_with_recipient_alg_direct(self):
key = COSEKey.from_symmetric_key("mysecret",
alg="HMAC 256/64",
kid="our-secret")
r = Recipients([Recipient.new(unprotected={1: -6, 4: b"our-secret"})])
key = r.extract([key])
assert key.kty == 4
assert key.alg == 4
assert key.kid == b"our-secret"
def test_recipient_from_jwk_with_dict_and_with_byte_formatted_kid(self):
recipient = Recipient.from_jwk({
"kty": "oct",
"kid": b"01",
"alg": "A128KW",
"key_ops": ["wrapKey"]
})
assert isinstance(recipient, RecipientInterface)
assert recipient.alg == -3
assert recipient.kid == b"01"
def test_cose_encode_and_decode_encrypt_with_options(self):
ctx = COSE.new(alg_auto_inclusion=True, kid_auto_inclusion=True)
# Encrypt
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="02")
rec = Recipient.from_jwk({"alg": "direct", "kid": "02"})
encoded = ctx.encode_and_encrypt(
b"Hello world!",
enc_key,
recipients=[rec],
)
assert b"Hello world!" == ctx.decode(encoded, enc_key)
def test_cose_wg_examples_rfc8152_c_3_2_with_json(self):
cwt_str = "D8608443A1010AA1054D89F52F65A1C580933B5261A76C581C753548A19B1307084CA7B2056924ED95F2E3B17006DFE931B687B847818343A10129A2335061616262636364646565666667676868044A6F75722D73656372657440"
recipient = Recipient.new({1: -10}, {
-20: b"aabbccddeeffgghh",
4: b"our-secret"
})
context = {
"alg": "AES-CCM-16-64-128",
"apu": {
"id": "lighting-client",
},
"apv": {
"id": "lighting-server",
},
"supp_pub": {
"other": "Encryption Example 02",
},
}
material = COSEKey.from_symmetric_key(
base64url_decode("hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"),
alg="A256GCM",
)
enc_key = recipient.apply(material, context=context)
ctx = COSE.new()
encoded = ctx.encode_and_encrypt(
b"This is the content.",
key=enc_key,
nonce=bytes.fromhex("89F52F65A1C580933B5261A76C"),
protected={1: 10},
recipients=[recipient],
)
assert encoded == bytes.fromhex(cwt_str)
material = COSEKey.from_symmetric_key(
key=base64url_decode(
"hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"),
alg="A256GCM",
kid="our-secret",
)
context = {
"alg": "AES-CCM-16-64-128",
"apu": {
"id": "lighting-client",
},
"apv": {
"id": "lighting-server",
},
"supp_pub": {
"other": "Encryption Example 02",
},
}
res = ctx.decode(encoded, context=context, keys=[material])
assert res == b"This is the content."
def test_recipients_extract_without_context(self, material):
r = Recipients(
[
Recipient.new(unprotected={
"alg": "direct+HKDF-SHA-256",
"kid": "02"
}, )
],
True,
)
with pytest.raises(ValueError) as err:
r.extract(keys=[material])
pytest.fail("extract() should fail.")
assert "context should be set." in str(err.value)
def test_cose_encode_and_decode_with_recipient_builder(self):
ctx = COSE.new()
mac_key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
recipient = Recipient.from_jwk({
"alg": "direct",
"kid": "01",
})
encoded = ctx.encode_and_mac(
b"Hello world!",
mac_key,
recipients=[recipient],
)
assert b"Hello world!" == ctx.decode(encoded, mac_key)
def test_recipients_extract_with_multiple_keys(self, material):
mac_key = COSEKey.from_symmetric_key(
bytes.fromhex(
"DDDC08972DF9BE62855291A17A1B4CF767C2DC762CB551911893BF7754988B0A286127BFF5D60C4CBC877CAC4BF3BA02C07AD544C951C3CA2FC46B70219BC3DC"
),
alg="HS512",
)
r1 = Recipient.from_jwk({
"kty": "oct",
"alg": "A128KW",
"kid": "01",
})
r2 = Recipient.from_jwk(
{
"alg": "direct+HKDF-SHA-256",
"kid": "02",
"salt": "aabbccddeeffgghh",
}, )
r3 = Recipient.from_jwk(
{
"kty": "oct",
"alg": "A128KW",
"kid": "03",
"k": "hJtXIZ2uSN5kbQfbtTNWbg",
}, )
k3 = COSEKey.from_jwk(
{
"kty": "oct",
"alg": "A128KW",
"kid": "03",
"k": "hJtXIZ2uSN5kbQfbtTNWbg",
}, )
r3.apply(mac_key)
rs = Recipients([r1, r2, r3])
key = rs.extract(keys=[k3], alg=7)
assert key.alg == 7
assert key.kid == b"03"
def test_cose_usage_examples_cose_encrypt_ecdh_aes_key_wrap(self):
enc_key = COSEKey.from_symmetric_key(alg="A128GCM")
r = Recipient.from_jwk(
{
"kty": "EC",
"alg": "ECDH-ES+A128KW",
"crv": "P-256",
}, )
pub_key = COSEKey.from_jwk({
"kty":
"EC",
"alg":
"ECDH-ES+A128KW",
"kid":
"01",
"crv":
"P-256",
"x":
"Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y":
"HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
})
r.apply(enc_key, recipient_key=pub_key, context={"alg": "A128GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(
b"Hello world!",
key=enc_key,
recipients=[r],
)
priv_key = COSEKey.from_jwk({
"kty":
"EC",
"alg":
"ECDH-ES+A128KW",
"kid":
"01",
"crv":
"P-256",
"x":
"Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y":
"HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
"d":
"r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
})
assert b"Hello world!" == ctx.decode(encoded,
priv_key,
context={"alg": "A128GCM"})
def test_cose_usage_examples_cose_mac_ecdh_direct_hkdf_p256(self):
r = Recipient.from_jwk(
{
"kty": "EC",
"alg": "ECDH-ES+HKDF-256",
"crv": "P-256",
}, )
pub_key = COSEKey.from_jwk({
"kty":
"EC",
"kid":
"01",
"crv":
"P-256",
"x":
"Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y":
"HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
})
mac_key = r.apply(recipient_key=pub_key, context={"alg": "HS256"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_mac(
b"Hello world!",
key=mac_key,
recipients=[r],
)
priv_key = COSEKey.from_jwk({
"kty":
"EC",
"alg":
"ECDH-ES+HKDF-256",
"kid":
"01",
"crv":
"P-256",
"x":
"Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y":
"HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
"d":
"r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
})
assert b"Hello world!" == ctx.decode(encoded,
priv_key,
context={"alg": "HS256"})
def test_cose_usage_examples_cose_encrypt_ecdh_direct_hkdf_x448(self):
r = Recipient.from_jwk(
{
"kty": "OKP",
"alg": "ECDH-ES+HKDF-256",
"crv": "X448",
}, )
pub_key = COSEKey.from_jwk({
"kty":
"OKP",
"alg":
"ECDH-ES+HKDF-256",
"kid":
"01",
"crv":
"X448",
"x":
"IkLmc0klvEMXYneHMKAB6ePohryAwAPVe2pRSffIDY6NrjeYNWVX5J-fG4NV2OoU77C88A0mvxI",
})
enc_key = r.apply(recipient_key=pub_key, context={"alg": "A128GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(
b"Hello world!",
key=enc_key,
recipients=[r],
)
priv_key = COSEKey.from_jwk({
"kty":
"OKP",
"alg":
"ECDH-ES+HKDF-256",
"kid":
"01",
"crv":
"X448",
"x":
"IkLmc0klvEMXYneHMKAB6ePohryAwAPVe2pRSffIDY6NrjeYNWVX5J-fG4NV2OoU77C88A0mvxI",
"d":
"rJJRG3nshyCtd9CgXld8aNaB9YXKR0UOi7zj7hApg9YH4XdBO0G8NcAFNz_uPH2GnCZVcSDgV5c",
})
assert b"Hello world!" == ctx.decode(encoded,
priv_key,
context={"alg": "A128GCM"})
def test_cose_usage_examples_cose_encrypt_ecdh_direct_hkdf_x25519(self):
r = Recipient.from_jwk(
{
"kty": "OKP",
"alg": "ECDH-ES+HKDF-256",
"crv": "X25519",
}, )
pub_key = COSEKey.from_jwk({
"kty":
"OKP",
"alg":
"ECDH-ES+HKDF-256",
"kid":
"01",
"crv":
"X25519",
"x":
"y3wJq3uXPHeoCO4FubvTc7VcBuqpvUrSvU6ZMbHDTCI",
})
enc_key = r.apply(recipient_key=pub_key, context={"alg": "A128GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(
b"Hello world!",
key=enc_key,
recipients=[r],
)
priv_key = COSEKey.from_jwk({
"kty":
"OKP",
"alg":
"ECDH-ES+HKDF-256",
"kid":
"01",
"crv":
"X25519",
"x":
"y3wJq3uXPHeoCO4FubvTc7VcBuqpvUrSvU6ZMbHDTCI",
"d":
"vsJ1oX5NNi0IGdwGldiac75r-Utmq3Jq4LGv48Q_Qc4",
})
assert b"Hello world!" == ctx.decode(encoded,
priv_key,
context={"alg": "A128GCM"})
def test_cose_wg_examples_ecdh_direct_p256_hkdf_256_01(self):
rec = Recipient.from_jwk({
"kty": "EC",
"crv": "P-256",
"alg": "ECDH-ES+HKDF-256",
})
pub_key = COSEKey.from_jwk({
"kty":
"EC",
"kid":
"*****@*****.**",
"crv":
"P-256",
"x":
"Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y":
"HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
})
enc_key = rec.apply(recipient_key=pub_key, context={"alg": "A128GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(
b"This is the content.",
key=enc_key,
recipients=[rec],
)
priv_key = COSEKey.from_jwk({
"kty":
"EC",
"kid":
"*****@*****.**",
"crv":
"P-256",
"alg":
"ECDH-ES+HKDF-256",
"x":
"Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y":
"HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
"d":
"r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
})
assert b"This is the content." == ctx.decode(
encoded, priv_key, context={"alg": "A128GCM"})
def test_cose_usage_examples_cose_mac_direct_hkdf_sha_256(self):
shared_material = token_bytes(32)
shared_key = COSEKey.from_symmetric_key(shared_material, kid="01")
r = Recipient.from_jwk(
{
"kty": "oct",
"alg": "direct+HKDF-SHA-256",
"salt": "aabbccddeeffgghh",
}, )
mac_key = r.apply(shared_key, context={"alg": "HS256"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_mac(
b"Hello world!",
key=mac_key,
recipients=[r],
)
assert b"Hello world!" == ctx.decode(encoded,
shared_key,
context={"alg": "HS256"})
def test_recipient_from_jwk_with_context_id(self):
recipient = Recipient.from_jwk({
"kty": "oct",
"alg": "direct+HKDF-SHA-256",
"context": {
"apu": {
"id": "sender-01",
},
"apv": {
"id": "recipient-01",
},
},
})
assert isinstance(recipient, RecipientInterface)
assert recipient.alg == -10
assert recipient._unprotected[-21] == b"sender-01"
assert -22 not in recipient._unprotected
assert -23 not in recipient._unprotected
assert recipient._unprotected[-24] == b"recipient-01"
assert -25 not in recipient._unprotected
assert -26 not in recipient._unprotected
def test_recipient_from_jwk_with_context_other(self):
recipient = Recipient.from_jwk({
"kty": "oct",
"alg": "direct+HKDF-SHA-256",
"context": {
"apu": {
"other": "yyy",
},
"apv": {
"other": "def",
},
},
})
assert isinstance(recipient, RecipientInterface)
assert recipient.alg == -10
assert -21 not in recipient._unprotected
assert -22 not in recipient._unprotected
assert recipient._unprotected[-23] == b"yyy"
assert -24 not in recipient._unprotected
assert -25 not in recipient._unprotected
assert recipient._unprotected[-26] == b"def"
def test_recipient_from_jwk_with_context_nonce(self):
recipient = Recipient.from_jwk({
"kty": "oct",
"alg": "direct+HKDF-SHA-256",
"context": {
"apu": {
"nonce": "xxx",
},
"apv": {
"nonce": "abc",
},
},
})
assert isinstance(recipient, RecipientInterface)
assert recipient.alg == -10
assert -21 not in recipient._unprotected
assert recipient._unprotected[-22] == b"xxx"
assert -23 not in recipient._unprotected
assert -24 not in recipient._unprotected
assert recipient._unprotected[-25] == b"abc"
assert -26 not in recipient._unprotected
def test_cose_usage_examples_cose_encrypt_aes_key_wrap_a128kw(self):
# A key to wrap
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
r = Recipient.from_jwk(
{
"kty": "oct",
"alg": "A128KW",
"kid": "01",
"k": "hJtXIZ2uSN5kbQfbtTNWbg", # A shared wrapping key
}, )
r.apply(enc_key)
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(b"Hello world!",
key=enc_key,
recipients=[r])
shared_key = COSEKey.from_jwk(
{
"kty": "oct",
"alg": "A128KW",
"kid": "01",
"k": "hJtXIZ2uSN5kbQfbtTNWbg",
}, )
assert b"Hello world!" == ctx.decode(encoded, shared_key)