Example #1
0
 def test_cose_decode_mac0_with_multiple_kid(self):
     ctx = COSE.new(alg_auto_inclusion=True, kid_auto_inclusion=True)
     key1 = COSEKey.from_symmetric_key(alg="HS256", kid="01")
     key2 = COSEKey.from_symmetric_key(alg="HS256", kid="01")
     key3 = COSEKey.from_symmetric_key(alg="HS256", kid="02")
     encoded = ctx.encode_and_mac(b"Hello world!", key2)
     assert b"Hello world!" == ctx.decode(encoded, [key1, key2, key3])
Example #2
0
    def test_sample_readme_cwt_with_pop_encrypted_cose_key_readable(self):
        with open(key_path("private_key_ed25519.pem")) as key_file:
            private_key = COSEKey.from_pem(key_file.read(), kid="issuer-01")
        enc_key = COSEKey.from_symmetric_key(
            "a-client-secret-of-cwt-recipient",  # Just 32 bytes!
            alg="ChaCha20/Poly1305",
            kid="presenter-01",
        )
        pop_key = COSEKey.from_symmetric_key(
            "a-client-secret-of-cwt-presenter",
            alg="HMAC 256/256",
        )
        token = cwt.encode(
            {
                "iss": "coaps://as.example",
                "sub": "dajiaji",
                "cti": "123",
                "cnf": {
                    # 'eck'(Encrypted Cose Key) is a keyword defined by this library.
                    "eck": EncryptedCOSEKey.from_cose_key(pop_key, enc_key),
                },
            },
            private_key,
        )

        with open(key_path("public_key_ed25519.pem")) as key_file:
            public_key = COSEKey.from_pem(key_file.read(), kid="issuer-01")
        decoded = cwt.decode(token, public_key)
        assert 8 in decoded and isinstance(decoded[8], dict)
        assert 2 in decoded[8] and isinstance(decoded[8][2], list)
        c = Claims.new(decoded)
        extracted = EncryptedCOSEKey.to_cose_key(c.cnf, enc_key)
        assert extracted.kty == 4  # Symmetric
        assert extracted.alg == 5  # HMAC 256/256
        assert extracted.key == b"a-client-secret-of-cwt-presenter"
Example #3
0
    def test_sample_readme_cwt_with_pop_encrypted_cose_key(self):
        with open(key_path("private_key_ed25519.pem")) as key_file:
            private_key = COSEKey.from_pem(key_file.read(), kid="issuer-01")
        enc_key = COSEKey.from_symmetric_key(
            "a-client-secret-of-cwt-recipient",  # Just 32 bytes!
            alg="ChaCha20/Poly1305",
            kid="presenter-01",
        )
        pop_key = COSEKey.from_symmetric_key(
            "a-client-secret-of-cwt-presenter",
            alg="HMAC 256/256",
        )
        token = cwt.encode(
            {
                1: "coaps://as.example",  # iss
                2: "dajiaji",  # sub
                7: b"123",  # cti
                8: {  # cnf
                    2: EncryptedCOSEKey.from_cose_key(pop_key, enc_key),
                },
            },
            private_key,
        )

        with open(key_path("public_key_ed25519.pem")) as key_file:
            public_key = COSEKey.from_pem(key_file.read(), kid="issuer-01")
        decoded = cwt.decode(token, public_key)
        assert 8 in decoded and isinstance(decoded[8], dict)
        assert 2 in decoded[8] and isinstance(decoded[8][2], list)
        extracted = EncryptedCOSEKey.to_cose_key(decoded[8][2], enc_key)
        assert extracted.kty == 4  # Symmetric
        assert extracted.alg == 5  # HMAC 256/256
        assert extracted.key == b"a-client-secret-of-cwt-presenter"
Example #4
0
 def test_key_builder_from_symmetric_key_with_invalid_key_ops(
         self, key_ops):
     with pytest.raises(ValueError) as err:
         COSEKey.from_symmetric_key("mysecret",
                                    alg="HS256",
                                    key_ops=key_ops)
         pytest.fail("from_symmetric_key should fail.")
     assert "Unsupported or unknown key_ops." in str(err.value)
Example #5
0
 def test_cose_decode_encrypt0_with_multiple_kid(self):
     ctx = COSE.new(alg_auto_inclusion=True, kid_auto_inclusion=True)
     key1 = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
     key2 = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
     key3 = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="02")
     encoded = ctx.encode_and_encrypt(b"Hello world!", key2)
     decoded = ctx.decode(encoded, [key1, key2, key3])
     assert decoded == b"Hello world!"
Example #6
0
 def test_encrypted_cose_key_from_cose_key_with_invalid_encryption_key(
         self):
     enc_key = COSEKey.from_symmetric_key(alg="HMAC 256/64")
     pop_key = COSEKey.from_symmetric_key(alg="HMAC 256/256")
     with pytest.raises(ValueError) as err:
         EncryptedCOSEKey.from_cose_key(pop_key, enc_key)
         pytest.fail("to_ should fail.")
     assert "Nonce generation is not supported for the key. Set a nonce explicitly." in str(
         err.value)
Example #7
0
 def test_cose_decode_mac0_with_different_multiple_keys(self, ctx):
     key1 = COSEKey.from_symmetric_key(alg="HS256")
     key2 = COSEKey.from_symmetric_key(alg="HS256")
     key3 = COSEKey.from_symmetric_key(alg="HS256")
     encoded = ctx.encode_and_mac(b"Hello world!", key1)
     with pytest.raises(VerifyError) as err:
         ctx.decode(encoded, [key2, key3])
         pytest.fail("decode() should fail.")
     assert "Failed to compare digest." in str(err.value)
Example #8
0
 def test_cose_decode_encrypt0_with_different_multiple_keys(self, ctx):
     key1 = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
     key2 = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
     key3 = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
     encoded = ctx.encode_and_encrypt(b"Hello world!", key1)
     with pytest.raises(DecodeError) as err:
         ctx.decode(encoded, [key2, key3])
         pytest.fail("decode() should fail.")
     assert "Failed to decrypt." in str(err.value)
Example #9
0
 def test_cose_decode_encrypt0_with_different_multiple_keys_2(self):
     ctx = COSE.new(alg_auto_inclusion=True, kid_auto_inclusion=True)
     key1 = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
     key2 = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
     key3 = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
     encoded = ctx.encode_and_encrypt(b"Hello world!", key1)
     with pytest.raises(ValueError) as err:
         ctx.decode(encoded, [key2, key3])
         pytest.fail("decode() should fail.")
     assert "key is not found." in str(err.value)
Example #10
0
 def test_encrypted_cose_key_from_cose_key_with_nonce(self):
     nonce = token_bytes(12)
     enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
     pop_key = COSEKey.from_symmetric_key(alg="HMAC 256/256")
     res = EncryptedCOSEKey.from_cose_key(pop_key, enc_key, nonce=nonce)
     assert isinstance(res, list)
     assert len(res) == 3
     protected = cbor2.loads(res[0])
     assert protected[1] == 24
     assert isinstance(res[1], dict)
     assert isinstance(res[1][5], bytes) and res[1][5] == nonce
Example #11
0
 def test_cose_wg_examples_rfc8152_c_3_2_with_json(self):
     cwt_str = "D8608443A1010AA1054D89F52F65A1C580933B5261A76C581C753548A19B1307084CA7B2056924ED95F2E3B17006DFE931B687B847818343A10129A2335061616262636364646565666667676868044A6F75722D73656372657440"
     recipient = Recipient.new({1: -10}, {
         -20: b"aabbccddeeffgghh",
         4: b"our-secret"
     })
     context = {
         "alg": "AES-CCM-16-64-128",
         "apu": {
             "id": "lighting-client",
         },
         "apv": {
             "id": "lighting-server",
         },
         "supp_pub": {
             "other": "Encryption Example 02",
         },
     }
     material = COSEKey.from_symmetric_key(
         base64url_decode("hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"),
         alg="A256GCM",
     )
     enc_key = recipient.apply(material, context=context)
     ctx = COSE.new()
     encoded = ctx.encode_and_encrypt(
         b"This is the content.",
         key=enc_key,
         nonce=bytes.fromhex("89F52F65A1C580933B5261A76C"),
         protected={1: 10},
         recipients=[recipient],
     )
     assert encoded == bytes.fromhex(cwt_str)
     material = COSEKey.from_symmetric_key(
         key=base64url_decode(
             "hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"),
         alg="A256GCM",
         kid="our-secret",
     )
     context = {
         "alg": "AES-CCM-16-64-128",
         "apu": {
             "id": "lighting-client",
         },
         "apv": {
             "id": "lighting-server",
         },
         "supp_pub": {
             "other": "Encryption Example 02",
         },
     }
     res = ctx.decode(encoded, context=context, keys=[material])
     assert res == b"This is the content."
Example #12
0
    def test_cose_usage_examples_cose_encrypt_ecdh_ss_a128kw(self):

        # The sender side:
        enc_key = COSEKey.from_symmetric_key(alg="A128GCM")
        nonce = enc_key.generate_nonce()
        r = Recipient.from_jwk({
            "kty":
            "EC",
            "crv":
            "P-256",
            "alg":
            "ECDH-SS+A128KW",
            "x":
            "7cvYCcdU22WCwW1tZXR8iuzJLWGcd46xfxO1XJs-SPU",
            "y":
            "DzhJXgz9RI6TseNmwEfLoNVns8UmvONsPzQDop2dKoo",
            "d":
            "Uqr4fay_qYQykwcNCB2efj_NFaQRRQ-6fHZm763jt5w",
        })
        pub_key = COSEKey.from_jwk({
            "kty":
            "EC",
            "crv":
            "P-256",
            "kid":
            "*****@*****.**",
            "x":
            "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
            "y":
            "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
        })
        r.apply(enc_key, recipient_key=pub_key, context={"alg": "A128GCM"})
        ctx = COSE.new(alg_auto_inclusion=True)
        encoded = ctx.encode_and_encrypt(
            b"Hello world!",
            key=enc_key,
            nonce=nonce,
            recipients=[r],
        )

        # The recipient side:
        priv_key = COSEKey.from_jwk({
            "kty":
            "EC",
            "crv":
            "P-256",
            "alg":
            "ECDH-SS+A128KW",
            "kid":
            "*****@*****.**",
            "x":
            "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
            "y":
            "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
            "d":
            "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
        })
        assert b"Hello world!" == ctx.decode(encoded,
                                             priv_key,
                                             context={"alg": "A128GCM"})
Example #13
0
    def test_cose_usage_examples_cose_mac_direct(self):
        mac_key = COSEKey.from_symmetric_key(alg="HS512", kid="01")

        r = Recipient.from_jwk({"alg": "direct"})
        r.apply(mac_key)

        ctx = COSE.new()
        encoded = ctx.encode_and_mac(b"Hello world!", mac_key, recipients=[r])
        assert b"Hello world!" == ctx.decode(encoded, mac_key)

        r2 = Recipient.new(unprotected={"alg": "direct"})
        r2.apply(mac_key)
        encoded2 = ctx.encode_and_mac(b"Hello world!",
                                      mac_key,
                                      recipients=[r2])
        assert b"Hello world!" == ctx.decode(encoded2, mac_key)

        r3 = Recipient.new(unprotected={1: -6})
        r3.apply(mac_key)
        encoded3 = ctx.encode_and_mac(b"Hello world!",
                                      mac_key,
                                      recipients=[r3])
        assert b"Hello world!" == ctx.decode(encoded3, mac_key)

        assert encoded == encoded2 == encoded3
Example #14
0
    def test_cose_usage_examples_cose_encrypt(self):
        enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
        nonce = enc_key.generate_nonce()
        r = Recipient.from_jwk({"alg": "direct"})
        r.apply(enc_key)

        ctx = COSE.new()
        encoded = ctx.encode_and_encrypt(
            b"Hello world!",
            enc_key,
            nonce=nonce,
            recipients=[r],
        )
        assert b"Hello world!" == ctx.decode(encoded, enc_key)

        r = Recipient.new(unprotected={"alg": "direct"})
        r.apply(enc_key)
        encoded2 = ctx.encode_and_encrypt(
            b"Hello world!",
            enc_key,
            nonce=nonce,
            recipients=[r],
        )
        assert b"Hello world!" == ctx.decode(encoded2, enc_key)

        encoded3 = ctx.encode_and_encrypt(
            b"Hello world!",
            enc_key,
            nonce=nonce,
            recipients=[r],
        )
        assert b"Hello world!" == ctx.decode(encoded3, enc_key)

        assert encoded == encoded2 == encoded3
Example #15
0
    def test_cose_usage_examples_cose_mac0(self):
        mac_key = COSEKey.from_symmetric_key(alg="HS256", kid="01")

        ctx = COSE.new(alg_auto_inclusion=True, kid_auto_inclusion=True)
        encoded = ctx.encode_and_mac(b"Hello world!", mac_key)
        assert b"Hello world!" == ctx.decode(encoded, mac_key)

        ctx = COSE.new()
        encoded2 = ctx.encode_and_mac(
            b"Hello world!",
            mac_key,
            protected={"alg": "HS256"},
            unprotected={"kid": "01"},
        )
        assert b"Hello world!" == ctx.decode(encoded2, mac_key)

        encoded3 = ctx.encode_and_mac(
            b"Hello world!",
            mac_key,
            protected={1: 5},
            unprotected={4: b"01"},
        )
        assert b"Hello world!" == ctx.decode(encoded3, mac_key)

        assert encoded == encoded2 == encoded3
Example #16
0
 def test_cose_decode_mac0_without_key_and_materials(self, ctx):
     key = COSEKey.from_symmetric_key(alg="HS256")
     encoded = cwt.encode({"iss": "coap://as.example"}, key)
     with pytest.raises(ValueError) as err:
         ctx.decode(encoded, b"")
         pytest.fail("decode should fail.")
     assert "key in keys should have COSEKeyInterface." in str(err.value)
Example #17
0
    def test_cose_usage_examples_cose_mac_aes_key_wrap(self):

        # The sender side:
        mac_key = COSEKey.from_symmetric_key(alg="HS512")
        r = Recipient.from_jwk(
            {
                "kty": "oct",
                "alg": "A128KW",
                "kid": "01",
                "k": "hJtXIZ2uSN5kbQfbtTNWbg",  # A shared wrapping key
            }, )
        r.apply(mac_key)
        ctx = COSE.new(alg_auto_inclusion=True)
        encoded = ctx.encode_and_mac(b"Hello world!",
                                     key=mac_key,
                                     recipients=[r])

        # The recipient side:
        shared_key = COSEKey.from_jwk(
            {
                "kty": "oct",
                "alg": "A128KW",
                "kid": "01",
                "k": "hJtXIZ2uSN5kbQfbtTNWbg",
            }, )
        assert b"Hello world!" == ctx.decode(encoded, shared_key)
Example #18
0
    def test_cose_decode_mac_with_different_multiple_keys_2(self):
        ctx = COSE.new(alg_auto_inclusion=True, verify_kid=True)
        key = COSEKey.from_symmetric_key(alg="HS256")

        material1 = base64.urlsafe_b64encode(token_bytes(16)).decode()
        material2 = base64.urlsafe_b64encode(token_bytes(16)).decode()
        material3 = base64.urlsafe_b64encode(token_bytes(16)).decode()

        r2 = Recipient.from_jwk({
            "kid": "03",
            "kty": "oct",
            "alg": "A128KW",
            "k": material2
        })
        r2.apply(key)

        encoded = ctx.encode_and_mac(b"Hello world!", key, recipients=[r2])

        shared_key1 = COSEKey.from_jwk({
            "kid": "01",
            "kty": "oct",
            "alg": "A128KW",
            "k": material1
        })
        shared_key3 = COSEKey.from_jwk({
            "kid": "02",
            "kty": "oct",
            "alg": "A128KW",
            "k": material3
        })

        with pytest.raises(ValueError) as err:
            ctx.decode(encoded, keys=[shared_key1, shared_key3])
            pytest.fail("decode() should fail.")
        assert "key is not found." in str(err.value)
Example #19
0
    def test_cose_decode_mac_with_multiple_keys_without_kid(self, ctx):
        key = COSEKey.from_symmetric_key(alg="HS256")

        material1 = base64.urlsafe_b64encode(token_bytes(16)).decode()
        material2 = base64.urlsafe_b64encode(token_bytes(16)).decode()
        material3 = base64.urlsafe_b64encode(token_bytes(16)).decode()

        r1 = Recipient.from_jwk({
            "kty": "oct",
            "alg": "A128KW",
            "k": material1
        })
        r2 = Recipient.from_jwk({
            "kty": "oct",
            "alg": "A128KW",
            "k": material2
        })
        r1.apply(key)
        r2.apply(key)

        encoded = ctx.encode_and_mac(b"Hello world!", key, recipients=[r2, r1])

        shared_key1 = COSEKey.from_jwk({
            "kty": "oct",
            "alg": "A128KW",
            "k": material1
        })
        shared_key3 = COSEKey.from_jwk({
            "kty": "oct",
            "alg": "A128KW",
            "k": material3
        })
        assert b"Hello world!" == ctx.decode(encoded,
                                             keys=[shared_key3, shared_key1])
Example #20
0
    def test_cose_encode_and_decode_encrypt0_with_options(self):
        ctx = COSE.new(alg_auto_inclusion=True, kid_auto_inclusion=True)

        # Encrypt0
        enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="02")
        encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key)
        assert b"Hello world!" == ctx.decode(encoded, enc_key)
Example #21
0
    def test_cose_encode_and_decode_mac0_with_options(self):
        ctx = COSE.new(alg_auto_inclusion=True, kid_auto_inclusion=True)

        # MAC0
        mac_key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
        encoded = ctx.encode_and_mac(b"Hello world!", mac_key)
        assert b"Hello world!" == ctx.decode(encoded, mac_key)
Example #22
0
 def test_cose_wg_examples_aes_wrap_128_03(self):
     cwt_str = "D8618543A10107A054546869732069732074686520636F6E74656E742E58400021C21B2A7FADB677DAB64389B3FDA4AAC892D5C81B786A459E4182104A1501462FFD471422AF4D48BEEB864951D5947A55E3155E670DFC4A96017B0FD0E725818340A20122044A6F75722D7365637265745848792C46CE0BC689747133FA0DB1F5E2BC4DAAE22F906E93DFCA2DF44F0DF6C2CEF16EA8FC91D52AD662C4B49DD0D689E1086EC754347957F80F95C92C887521641B8F637D91C6E258"
     mac_key = COSEKey.from_symmetric_key(
         bytes.fromhex(
             "DDDC08972DF9BE62855291A17A1B4CF767C2DC762CB551911893BF7754988B0A286127BFF5D60C4CBC877CAC4BF3BA02C07AD544C951C3CA2FC46B70219BC3DC"
         ),
         alg="HS512",
     )
     recipient = Recipient.from_jwk(
         {
             "kty": "oct",
             "alg": "A128KW",
             "kid": "our-secret",
             "k": "hJtXIZ2uSN5kbQfbtTNWbg",
         }, )
     recipient.apply(mac_key)
     ctx = COSE.new()
     encoded = ctx.encode_and_mac(
         b"This is the content.",
         key=mac_key,
         protected={1: 7},
         recipients=[recipient],
     )
     assert encoded == bytes.fromhex(cwt_str)
     key = COSEKey.from_jwk(
         {
             "kty": "oct",
             "alg": "A128KW",
             "kid": "our-secret",
             "k": "hJtXIZ2uSN5kbQfbtTNWbg",
         }, )
     res = ctx.decode(encoded, keys=[key])
     assert res == b"This is the content."
Example #23
0
    def test_cose_wg_examples_ecdh_wrap_p256_ss_wrap_128_01(self):
        # The sender side:
        enc_key = COSEKey.from_symmetric_key(
            # bytes.fromhex("B2353161740AACF1F7163647984B522A"),
            alg="A128GCM", )
        rec = Recipient.from_jwk({
            "kty":
            "EC",
            "crv":
            "P-256",
            "alg":
            "ECDH-SS+A128KW",
            "x":
            "7cvYCcdU22WCwW1tZXR8iuzJLWGcd46xfxO1XJs-SPU",
            "y":
            "DzhJXgz9RI6TseNmwEfLoNVns8UmvONsPzQDop2dKoo",
            "d":
            "Uqr4fay_qYQykwcNCB2efj_NFaQRRQ-6fHZm763jt5w",
        })
        pub_key = COSEKey.from_jwk({
            "kty":
            "EC",
            "crv":
            "P-256",
            "kid":
            "*****@*****.**",
            "x":
            "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
            "y":
            "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
            # "d":"r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8"
        })
        rec.apply(enc_key, recipient_key=pub_key, context={"alg": "A128GCM"})
        ctx = COSE.new(alg_auto_inclusion=True)
        encoded = ctx.encode_and_encrypt(
            b"This is the content.",
            key=enc_key,
            nonce=b"\x02\xd1\xf7\xe6\xf2lC\xd4\x86\x8d\x87\xce",
            recipients=[rec],
        )

        # The recipient side:
        priv_key = COSEKey.from_jwk({
            "kty":
            "EC",
            "crv":
            "P-256",
            "alg":
            "ECDH-SS+A128KW",
            "kid":
            "*****@*****.**",
            "x":
            "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
            "y":
            "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
            "d":
            "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
        })
        assert b"This is the content." == ctx.decode(
            encoded, priv_key, context={"alg": "A128GCM"})
Example #24
0
    def test_cose_usage_examples_cose_encrypt0(self):
        enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")

        nonce = enc_key.generate_nonce()
        ctx = COSE.new(alg_auto_inclusion=True, kid_auto_inclusion=True)
        encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key, nonce=nonce)
        assert b"Hello world!" == ctx.decode(encoded, enc_key)

        ctx = COSE.new()
        encoded2 = ctx.encode_and_encrypt(
            b"Hello world!",
            enc_key,
            nonce=nonce,
            protected={"alg": "ChaCha20/Poly1305"},
            unprotected={"kid": "01"},
        )
        assert b"Hello world!" == ctx.decode(encoded2, enc_key)

        encoded3 = ctx.encode_and_encrypt(
            b"Hello world!",
            enc_key,
            nonce=nonce,
            protected={1: 24},
            unprotected={4: b"01"},
        )
        assert b"Hello world!" == ctx.decode(encoded3, enc_key)

        assert encoded == encoded2 == encoded3
Example #25
0
 def test_cose_encode_and_mac_with_invalid_protected(
         self, ctx, invalid, msg):
     key = COSEKey.from_symmetric_key(alg="HS256")
     with pytest.raises(ValueError) as err:
         ctx.encode_and_mac(b"This is the content.", key, protected=invalid)
         pytest.fail("encode_and_mac should fail.")
     assert msg in str(err.value)
Example #26
0
    def test_cose_decode_ecdh_aes_key_wrap_without_context(self):
        with open(key_path("public_key_es256.pem")) as key_file:
            public_key = COSEKey.from_pem(key_file.read(), kid="01")
        enc_key = COSEKey.from_symmetric_key(alg="A128GCM")
        recipient = Recipient.from_jwk({
            "kty": "EC",
            "crv": "P-256",
            "alg": "ECDH-ES+A128KW"
        })
        recipient.apply(enc_key,
                        recipient_key=public_key,
                        context={"alg": "A128GCM"})
        ctx = COSE.new(alg_auto_inclusion=True)
        encoded = ctx.encode_and_encrypt(
            b"This is the content.",
            key=enc_key,
            recipients=[recipient],
        )

        with open(key_path("private_key_es256.pem")) as key_file:
            private_key = COSEKey.from_pem(key_file.read(), kid="01")
        with pytest.raises(ValueError) as err:
            ctx.decode(encoded, private_key)
            pytest.fail("decode should fail.")
        assert "context should be set." in str(err.value)
Example #27
0
 def test_sample_readme_maced_cwt_with_json_str_old(self):
     key = COSEKey.from_symmetric_key("mysecretpassword", alg="HS256", kid="01")
     encoded = cwt.encode_and_mac(
         Claims.from_json('{"iss":"coaps://as.example","sub":"dajiaji","cti":"123"}'),
         key,
     )
     decoded = cwt.decode(encoded, key)
     assert 1 in decoded and decoded[1] == "coaps://as.example"
Example #28
0
 def test_recipients_constructor_with_recipient_alg_direct(self):
     key = COSEKey.from_symmetric_key("mysecret",
                                      alg="HMAC 256/64",
                                      kid="our-secret")
     r = Recipients([Recipient.new(unprotected={1: -6, 4: b"our-secret"})])
     key = r.extract([key])
     assert key.kty == 4
     assert key.alg == 4
     assert key.kid == b"our-secret"
Example #29
0
    def test_sample_readme_nested_cwt(self):
        with open(key_path("private_key_es256.pem")) as key_file:
            private_key = COSEKey.from_pem(key_file.read(), kid="01")
        token = cwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, private_key)
        enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="02")
        nested = cwt.encode(token, enc_key)

        with open(key_path("public_key_es256.pem")) as key_file:
            public_key = COSEKey.from_pem(key_file.read(), kid="01")
        decoded = cwt.decode(nested, [enc_key, public_key])
        assert 1 in decoded and decoded[1] == "coaps://as.example"
Example #30
0
 def test_sample_readme_encrypted_cwt_old(self):
     nonce = token_bytes(13)
     mysecret = token_bytes(32)
     enc_key = COSEKey.from_symmetric_key(mysecret, alg="AES-CCM-16-64-256", kid="01")
     encoded = cwt.encode_and_encrypt(
         Claims.from_json({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}),
         enc_key,
         nonce=nonce,
     )
     decoded = cwt.decode(encoded, enc_key)
     assert 1 in decoded and decoded[1] == "coaps://as.example"