def test_okp_key_derive_key_with_raw_context(self):
with open(key_path("private_key_x25519.pem")) as key_file:
private_key = COSEKey.from_pem(key_file.read(),
alg="ECDH-SS+HKDF-256")
pub_key = COSEKey.from_jwk({
"kty":
"OKP",
"alg":
"ECDH-ES+HKDF-256",
"kid":
"01",
"crv":
"X25519",
"x":
"y3wJq3uXPHeoCO4FubvTc7VcBuqpvUrSvU6ZMbHDTCI",
# "d": "vsJ1oX5NNi0IGdwGldiac75r-Utmq3Jq4LGv48Q_Qc4",
})
context = [
1,
[None, None, None],
[None, None, None],
[128, cbor2.dumps({1: -25})],
]
try:
private_key.derive_key(context, public_key=pub_key)
except Exception:
pytest.fail("derive_key() should not fail.")
def test_ec2_key_derive_key_with_invalid_alg(self, invalid_alg):
private_key = EC2Key({
1: 2,
-2:
b"\xa7\xddc*\xff\xc2?\x8b\xf8\x9c:\xad\xccDF\x9cZ \x04P\xef\x99\x0c=\xe6 w1\x08&\xba\xd9",
-3:
b"\xe2\xdb\xef\xfe\xb8\x8a\x12\xf27\xcb\x15:\x8a\xb9\x1a90B\x1a\x19^\xbc\xdc\xde\r\xb9s\xc1P\xf3\xaa\xdd",
-4:
b'\xe9\x16\x0c\xa96\x8d\xfa\xbc\xd5\xda"ua\xec\xf7\x96\r\x15\xf7_\xf3rb{\xb1\xde;\x99\x88\xafNh',
-1: 1,
3: -25,
})
pub_key = COSEKey.from_jwk({
"kty":
"EC",
"kid":
"01",
"crv":
"P-256",
"x":
"usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8",
"y":
"IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4",
})
with pytest.raises(ValueError) as err:
private_key.derive_key({"alg": invalid_alg}, public_key=pub_key)
pytest.fail("derive_key() should fail.")
assert f"Unsupported or unknown alg for context information: {invalid_alg}." in str(
err.value)
def test_ec2_key_derive_key(self, alg):
private_key = EC2Key({
1: 2,
-2:
b"\xa7\xddc*\xff\xc2?\x8b\xf8\x9c:\xad\xccDF\x9cZ \x04P\xef\x99\x0c=\xe6 w1\x08&\xba\xd9",
-3:
b"\xe2\xdb\xef\xfe\xb8\x8a\x12\xf27\xcb\x15:\x8a\xb9\x1a90B\x1a\x19^\xbc\xdc\xde\r\xb9s\xc1P\xf3\xaa\xdd",
-4:
b'\xe9\x16\x0c\xa96\x8d\xfa\xbc\xd5\xda"ua\xec\xf7\x96\r\x15\xf7_\xf3rb{\xb1\xde;\x99\x88\xafNh',
-1: 1,
3: -25,
})
pub_key = COSEKey.from_jwk({
"kty":
"EC",
"kid":
"01",
"crv":
"P-256",
"x":
"usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8",
"y":
"IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4",
})
try:
derived_key = private_key.derive_key({"alg": alg},
public_key=pub_key)
assert derived_key.kty == 4
except Exception:
pytest.fail("derive_key() should not fail.")
def test_ecdh_direct_hkdf_extract_with_invalid_private_key(
self, recipient_public_key):
rec = Recipient.from_jwk({
"kty": "EC",
"crv": "P-256",
"alg": "ECDH-ES+HKDF-256"
})
enc_key = rec.apply(recipient_key=recipient_public_key,
context={"alg": "A128GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(b"Hello world!",
enc_key,
recipients=[rec])
another_priv_key = COSEKey.from_jwk({
"kty":
"EC",
"alg":
"ECDH-ES+HKDF-256",
"kid":
"01",
"crv":
"P-256",
"x":
"-eZXC6nV-xgthy8zZMCN8pcYSeE2XfWWqckA2fsxHPc",
"y":
"BGU5soLgsu_y7GN2I3EPUXS9EZ7Sw0qif-V70JtInFI",
"d":
"kwibx3gas6Kz1V2fyQHKSnr-ybflddSjN0eOnbmLmyo",
})
with pytest.raises(DecodeError) as err:
ctx.decode(encoded, another_priv_key, context={"alg": "A128GCM"})
pytest.fail("decode() should fail.")
assert "Failed to decrypt." in str(err.value)
def recipient_public_key():
return COSEKey.from_jwk({
"kty": "EC",
"kid": "01",
"crv": "P-256",
"x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
})
def recipient_private_key():
return COSEKey.from_jwk({
"kty": "EC",
"alg": "ECDH-ES+A128KW",
"kid": "01",
"crv": "P-256",
"x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
"d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
})
def test_ecdh_aes_key_wrap_through_cose_api_without_kid(self):
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
rec = Recipient.from_jwk({
"kty": "EC",
"crv": "P-256",
"alg": "ECDH-ES+A128KW"
})
pub_key = COSEKey.from_jwk({
"kty":
"EC",
# "kid": "01",
"crv":
"P-256",
"x":
"Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y":
"HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
})
rec.apply(enc_key, recipient_key=pub_key, context={"alg": "A128GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
priv_key = COSEKey.from_jwk({
"kty":
"EC",
# "kid": "01",
"alg":
"ECDH-ES+A128KW",
"crv":
"P-256",
"x":
"Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y":
"HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
"d":
"r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
})
encoded = ctx.encode_and_encrypt(b"Hello world!",
enc_key,
recipients=[rec])
assert b"Hello world!" == ctx.decode(encoded,
priv_key,
context={"alg": "A128GCM"})
def test_ec2_key_constructor_with_ecdhe_es_hdkf_256(self):
private_key = EC2Key({
1:
2,
3:
-25,
# -2: b"\xa7\xddc*\xff\xc2?\x8b\xf8\x9c:\xad\xccDF\x9cZ \x04P\xef\x99\x0c=\xe6 w1\x08&\xba\xd9",
# -3: b"\xe2\xdb\xef\xfe\xb8\x8a\x12\xf27\xcb\x15:\x8a\xb9\x1a90B\x1a\x19^\xbc\xdc\xde\r\xb9s\xc1P\xf3\xaa\xdd",
# -4: b'\xe9\x16\x0c\xa96\x8d\xfa\xbc\xd5\xda"ua\xec\xf7\x96\r\x15\xf7_\xf3rb{\xb1\xde;\x99\x88\xafNh',
-1:
1,
})
assert private_key.kty == 2
assert private_key.kid is None
assert private_key.alg == -25
assert private_key.crv == 1
assert len(private_key.key_ops) == 2
assert 7 in private_key.key_ops
assert 8 in private_key.key_ops
pub_key = COSEKey.from_jwk({
"kty":
"EC",
"kid":
"01",
"crv":
"P-256",
"x":
"usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8",
"y":
"IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4",
# "d": "V8kgd2ZBRuh2dgyVINBUqpPDr7BOMGcF22CQMIUHtNM",
})
try:
derived_key = private_key.derive_key({"alg": "A128GCM"},
public_key=pub_key)
assert derived_key.alg == 1
except Exception:
pytest.fail("derive_key() should not fail.")
try:
derived_key = private_key.derive_key(
[
1,
[None, None, None],
[None, None, None],
[128, cbor2.dumps({1: -25})],
],
public_key=pub_key,
)
assert derived_key.alg == 1
except Exception:
pytest.fail("derive_key() should not fail.")
def test_okp_key_derive_key_with_ed25519_key(self):
with open(key_path("private_key_x25519.pem")) as key_file:
private_key = COSEKey.from_pem(key_file.read(),
alg="ECDH-SS+HKDF-256")
pub_key = COSEKey.from_jwk({
"kty":
"EC",
"kid":
"01",
"crv":
"P-256",
"x":
"usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8",
"y":
"IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4",
# "d": "V8kgd2ZBRuh2dgyVINBUqpPDr7BOMGcF22CQMIUHtNM",
})
with pytest.raises(ValueError) as err:
private_key.derive_key({"alg": "A128GCM"}, public_key=pub_key)
assert "public_key should be x25519/x448 public key." in str(err.value)
def test_okp_key_derive_key_with_public_key(self):
with open(key_path("public_key_x25519.pem")) as key_file:
public_key = COSEKey.from_pem(key_file.read(),
alg="ECDH-SS+HKDF-256")
pub_key = COSEKey.from_jwk({
"kty":
"OKP",
"alg":
"ECDH-ES+HKDF-256",
"kid":
"01",
"crv":
"X25519",
"x":
"y3wJq3uXPHeoCO4FubvTc7VcBuqpvUrSvU6ZMbHDTCI",
# "d": "vsJ1oX5NNi0IGdwGldiac75r-Utmq3Jq4LGv48Q_Qc4",
})
with pytest.raises(ValueError) as err:
public_key.derive_key({"alg": "A128GCM"}, public_key=pub_key)
assert "Public key cannot be used for key derivation." in str(
err.value)
def test_ecdh_aes_key_wrap_extract_with_invalid_recipient_private_key(
self, recipient_public_key):
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
rec = Recipient.from_jwk({
"kty": "EC",
"crv": "P-256",
"alg": "ECDH-ES+A128KW"
})
rec.apply(enc_key,
recipient_key=recipient_public_key,
context={"alg": "A128GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
recipient_private_key = COSEKey.from_jwk({
"kty":
"EC",
"kid":
"01",
# "alg": "ECDH-ES+A128KW",
"crv":
"P-256",
"x":
"Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y":
"HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
"d":
"r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
})
encoded = ctx.encode_and_encrypt(b"Hello world!",
enc_key,
recipients=[rec])
with pytest.raises(DecodeError) as err:
ctx.decode(encoded,
recipient_private_key,
context={"alg": "A128GCM"})
pytest.fail("extract() should fail.")
assert "Failed to decode key." in str(err.value)
def sender_key_es():
return COSEKey.from_jwk({
"kty": "EC",
"alg": "ECDH-ES+A128KW",
"crv": "P-256",
})