def test_mac_direct_decoding(setup_mac_tests: tuple) -> None:
_, test_input, test_output, test_intermediate, fail = setup_mac_tests
if fail:
skip("invalid test input")
msg: MacMessage = CoseMessage.decode(unhexlify(test_output))
assert msg.phdr == test_input['mac'].get('protected', {})
assert msg.uhdr == test_input['mac'].get('unprotected', {})
assert msg.payload == test_input['plaintext'].encode('utf-8')
# set up potential external data
msg.external_aad = unhexlify(test_input['mac'].get("external", b''))
assert msg._mac_structure == unhexlify(test_intermediate['ToMac_hex'])
alg = extract_alg(test_input['mac'])
cek = create_cose_key(SymmetricKey, test_input['mac']["recipients"][0]["key"], usage=KeyOps.MAC_VERIFY, alg=alg)
assert cek.k == unhexlify(test_intermediate['CEK_hex'])
# verify recipients
for r1, r2 in zip(msg.recipients, test_input['mac']['recipients']):
assert r1.phdr == r2.get('protected', {})
assert r1.uhdr == r2.get('unprotected', {})
assert msg.verify_tag(cek)
# re-encode and verify we are back where we started
kek = SymmetricKey(key_ops=KeyOps.WRAP, alg=CoseAlgorithms.DIRECT.id)
cek.key_ops = KeyOps.MAC_CREATE
assert msg.encode(key=cek, mac_params=[RcptParams(key=kek)]) == unhexlify(test_output)
def test_encrypt0_encoding(setup_encrypt0_tests: tuple) -> None:
_, test_input, test_output, test_intermediate, fail = setup_encrypt0_tests
alg = extract_alg(test_input['encrypted'])
nonce = extract_nonce(test_input, 0)
# initialize a COSE_Encrypt0 message
enc0 = Enc0Message(phdr=extract_phdr(test_input, 'encrypted'),
uhdr=extract_uhdr(test_input, 'encrypted'),
payload=test_input['plaintext'].encode('utf-8'),
external_aad=unhexlify(test_input['encrypted'].get(
"external", b'')))
# set up key data and verify CEK
key = create_cose_key(SymmetricKey,
test_input["encrypted"]["recipients"][0]["key"])
# verify internal _enc_structure
assert enc0._enc_structure == unhexlify(test_intermediate['AAD_hex'])
# verify encoding (with automatic encryption)
if fail:
assert enc0.encode(alg=alg, nonce=nonce,
key=key) != unhexlify(test_output)
else:
assert enc0.encode(alg=alg, nonce=nonce,
key=key) == unhexlify(test_output)
def test_mac_direct_encoding(setup_mac_tests: tuple) -> None:
_, test_input, test_output, test_intermediate, fail = setup_mac_tests
mac = MacMessage(
phdr=test_input['mac'].get('protected', {}),
uhdr=test_input['mac'].get('unprotected', {}),
payload=test_input.get('plaintext', '').encode('utf-8'),
external_aad=unhexlify(test_input['mac'].get("external", b'')))
assert mac._mac_structure == unhexlify(test_intermediate["ToMac_hex"])
alg = extract_alg(test_input["mac"])
# set up the CEK and KEK
cek = create_cose_key(SymmetricKey, test_input['mac']['recipients'][0]['key'], alg=alg, usage=KeyOps.MAC_CREATE)
kek = create_cose_key(SymmetricKey, test_input['mac']['recipients'][0]['key'], alg=CoseAlgorithms.DIRECT.id,
usage=KeyOps.WRAP)
assert cek.k == unhexlify(test_intermediate["CEK_hex"])
recipient = test_input["mac"]["recipients"][0]
recipient = CoseRecipient(
phdr=recipient.get('protected', {}),
uhdr=recipient.get('unprotected', {}),
payload=cek.k)
mac.recipients.append(recipient)
# verify encoding (with automatic tag computation)
if fail:
assert mac.encode(cek, mac_params=[RcptParams(key=kek)]) != unhexlify(test_output)
else:
assert mac.encode(cek, mac_params=[RcptParams(key=kek)]) == unhexlify(test_output)
def test_encrypt0_decoding(setup_encrypt0_tests: tuple) -> None:
_, test_input, test_output, test_intermediate, fail = setup_encrypt0_tests
alg = extract_alg(test_input['encrypted'])
nonce = extract_nonce(test_input, 0)
if fail:
skip("invalid test input")
# parse initial message
msg: Enc0Message = CoseMessage.decode(unhexlify(test_output))
# verify parsed (un)protected header
assert msg.phdr == extract_phdr(test_input, 'encrypted')
assert msg.uhdr == extract_uhdr(test_input, 'encrypted')
# prepare and verify pre-shared key
key = create_cose_key(SymmetricKey,
test_input["encrypted"]["recipients"][0]["key"],
alg=alg,
usage=KeyOps.DECRYPT)
msg.key = key
assert msg.key.k == unhexlify(test_intermediate['CEK_hex'])
# look for external data and verify internal enc_structure
msg.external_aad = unhexlify(test_input['encrypted'].get('external', b''))
assert msg._enc_structure == unhexlify(test_intermediate['AAD_hex'])
# verify decryption
assert msg.decrypt(nonce=nonce,
key=key) == test_input['plaintext'].encode('utf-8')
# re-encode and verify we are back where we started
assert msg.encode(encrypt=False, key=key,
nonce=nonce) == unhexlify(test_output)
def test_sign_encoding(setup_sign_tests: tuple) -> None:
_, test_input, test_output, test_intermediate, fail = setup_sign_tests
sign: SignMessage = SignMessage(
phdr=test_input['sign'].get('protected', {}),
uhdr=test_input['sign'].get('unprotected', {}),
payload=test_input['plaintext'].encode('utf-8'))
alg = extract_alg(test_input["sign"]["signers"][0])
signer_key = create_cose_key(EC2,
test_input['sign']['signers'][0]['key'],
usage=KeyOps.SIGN,
alg=alg)
signer = test_input["sign"]['signers'][0]
signer = CoseSignature(phdr=signer.get('protected'),
uhdr=signer.get('unprotected'),
external_aad=unhexlify(signer.get("external", b'')))
sign.append_signer(signer)
assert signer._sig_structure == unhexlify(
test_intermediate['signers'][0]["ToBeSign_hex"])
# verify encoding (with automatic tag computation)
if fail:
assert sign.encode(sign_params=[SignerParams(
private_key=signer_key)]) != unhexlify(test_output)
else:
assert sign.encode(sign_params=[SignerParams(
private_key=signer_key)]) == unhexlify(test_output)
def test_encrypt_hkdf_hmac_direct_decode(
setup_encrypt_hkdf_hmac_direct_tests: tuple) -> None:
_, test_input, test_output, test_intermediate, fail = setup_encrypt_hkdf_hmac_direct_tests
# parse message and test for headers
md: EncMessage = CoseMessage.decode(unhexlify(test_output))
assert md.phdr == extract_phdr(test_input, 'enveloped')
assert md.uhdr == extract_uhdr(test_input, 'enveloped', 0)
# check for external data and verify internal _enc_structure
md.external_aad = unhexlify(test_input['enveloped'].get('external', b''))
assert md._enc_structure == unhexlify(test_intermediate['AAD_hex'])
recipient = test_input['enveloped']['recipients'][0]
assert md.recipients[0].phdr == recipient.get('protected', {})
# create HKDF contect
v = PartyInfo(
identity=md.recipients[0].uhdr.get(CoseHeaderKeys.PARTY_V_IDENTITY),
nonce=md.recipients[0].uhdr.get(CoseHeaderKeys.PARTY_V_NONCE),
other=md.recipients[0].uhdr.get(CoseHeaderKeys.PARTY_V_OTHER))
u = PartyInfo(
identity=md.recipients[0].uhdr.get(CoseHeaderKeys.PARTY_U_IDENTITY),
nonce=md.recipients[0].uhdr.get(CoseHeaderKeys.PARTY_U_NONCE),
other=md.recipients[0].uhdr.get(CoseHeaderKeys.PARTY_U_OTHER))
public_data = test_input['enveloped']['recipients'][0].get(
'unsent', {}).get('pub_other')
s = SuppPubInfo(
len(test_intermediate['CEK_hex']) * 4, md.recipients[0].encode_phdr(),
public_data.encode('utf-8')
if public_data is not None else public_data)
priv_data = test_input['enveloped']['recipients'][0].get('unsent', {}).get(
'priv_other', b'')
hkdf_context = CoseKDFContext(
md.phdr[CoseHeaderKeys.ALG], u, v, s,
priv_data.encode('utf-8') if priv_data != b'' else priv_data)
assert hkdf_context.encode() == unhexlify(
test_intermediate["recipients"][0]['Context_hex'])
# set shared secret key
shared_secret = SymmetricKey(
k=CoseKey.base64decode(test_input['enveloped']['recipients'][0]['key'][
SymmetricKey.SymPrm.K]))
kek = md.recipients[0].derive_kek(
shared_secret,
alg=md.recipients[0].phdr[CoseHeaderKeys.ALG],
context=hkdf_context,
salt=md.recipients[0].uhdr.get(CoseHeaderKeys.SALT))
assert kek == unhexlify(test_intermediate["CEK_hex"])
cek = SymmetricKey(k=kek, alg=extract_alg(test_input['enveloped']))
assert md.decrypt(key=cek, nonce=extract_nonce(
test_input, 0)) == test_input['plaintext'].encode('utf-8')
def test_encrypt_decoding(setup_encrypt_tests: tuple) -> None:
_, test_input, test_output, test_intermediate, fail = setup_encrypt_tests
if fail:
skip("invalid test input")
# parse initial message
msg: EncMessage = CoseMessage.decode(unhexlify(test_output))
# verify parsed protected header
assert msg.phdr == extract_phdr(test_input, 'enveloped')
assert msg.uhdr == extract_uhdr(test_input, 'enveloped')
nonce = extract_nonce(
test_input,
0) if extract_nonce(test_input, 0) != b'' else extract_unsent_nonce(
test_input, "enveloped")
alg = extract_alg(test_input['enveloped'])
cek = create_cose_key(SymmetricKey,
test_input['enveloped']["recipients"][0]["key"],
usage=KeyOps.DECRYPT,
alg=alg)
assert cek.k == unhexlify(test_intermediate['CEK_hex'])
# look for external data and verify internal enc_structure
msg.external_aad = unhexlify(test_input['enveloped'].get('external', b''))
assert msg._enc_structure == unhexlify(test_intermediate['AAD_hex'])
# verify recipients
assert len(msg.recipients) == 1
assert msg.recipients[0].phdr == test_input['enveloped']['recipients'][
0].get('protected', {})
assert msg.recipients[0].uhdr == test_input['enveloped']['recipients'][
0].get('unprotected', {})
# (1) verify decryption
assert msg.decrypt(nonce=nonce,
key=cek) == test_input['plaintext'].encode('utf-8')
# re-encode and verify we are back where we started
kek = SymmetricKey(key_ops=KeyOps.WRAP, alg=CoseAlgorithms.DIRECT.id)
assert msg.encode(encrypt=False,
nonce=nonce,
key=cek,
enc_params=[RcptParams(key=kek)
]) == unhexlify(test_output)
def test_okpsign1_decoding(setup_okpsign1_tests) -> None:
_, test_input, test_output, test_intermediate, fail = setup_okpsign1_tests
if fail:
skip("invalid test input")
cose_msg: Sign1Message = CoseMessage.decode(unhexlify(test_output))
# set up potential external data
cose_msg.external_aad = unhexlify(test_input['sign0'].get("external", b''))
public_key = create_cose_key(OKP,
test_input['sign0']['key'],
usage=KeyOps.VERIFY,
alg=extract_alg(test_input["sign0"]))
assert cose_msg.verify_signature(public_key)
def test_encrypt_x25519_wrap_decode(
setup_encrypt_x25519_direct_tests: tuple) -> None:
_, test_input, test_output, test_intermediate, fail = setup_encrypt_x25519_direct_tests
# DECODING
# parse message and test for headers
md: EncMessage = CoseMessage.decode(unhexlify(test_output))
assert md.phdr == extract_phdr(test_input, 'enveloped')
assert md.uhdr == extract_uhdr(test_input, 'enveloped', 1)
# check for external data and verify internal _enc_structure
md.external_aad = unhexlify(test_input['enveloped'].get('external', b''))
assert md._enc_structure == unhexlify(test_intermediate['AAD_hex'])
recipient = test_input['enveloped']['recipients'][0]
assert md.recipients[0].phdr == recipient.get('protected', {})
# do not verify unprotected header since it contains the ephemeral public key of the sender
# assert m.recipients[0].uhdr == rcpt.get('unprotected', {})
rcvr_skey, sender_key = setup_okp_receiver_keys(
recipient, md.recipients[0].uhdr.get(CoseHeaderKeys.EPHEMERAL_KEY))
# create context KDF
u = PartyInfo(nonce=unhexlify(test_input['rng_stream'][0])
) if "sender_key" in recipient else PartyInfo()
s = SuppPubInfo(
len(test_intermediate['CEK_hex']) * 4, md.recipients[0].encode_phdr())
kdf_ctx = CoseKDFContext(md.phdr[CoseHeaderKeys.ALG], u, PartyInfo(), s)
assert kdf_ctx.encode() == unhexlify(
test_intermediate['recipients'][0]['Context_hex'])
secret, kek_bytes = CoseRecipient.derive_kek(rcvr_skey,
sender_key,
context=kdf_ctx,
expose_secret=True)
assert secret == unhexlify(
test_intermediate['recipients'][0]['Secret_hex'])
assert kek_bytes == unhexlify(test_intermediate['CEK_hex'])
alg = extract_alg(test_input['enveloped'])
cek = SymmetricKey(k=kek_bytes)
nonce = extract_nonce(test_input, 1)
assert md.decrypt(nonce=nonce, alg=alg,
key=cek) == test_input['plaintext'].encode('utf-8')
def test_encrypt_encoding(setup_encrypt_tests: tuple) -> None:
title, test_input, test_output, test_intermediate, fail = setup_encrypt_tests
alg = extract_alg(test_input["enveloped"])
nonce = extract_nonce(
test_input,
0) if extract_nonce(test_input, 0) != b'' else extract_unsent_nonce(
test_input, "enveloped")
m = EncMessage(phdr=extract_phdr(test_input, 'enveloped'),
uhdr=extract_uhdr(test_input, 'enveloped'),
payload=test_input['plaintext'].encode('utf-8'),
external_aad=unhexlify(test_input['enveloped'].get(
'external', b'')))
# check for external data and verify internal _enc_structure
assert m._enc_structure == unhexlify(test_intermediate['AAD_hex'])
# set up the CEK and KEK
cek = create_cose_key(SymmetricKey,
test_input['enveloped']['recipients'][0]['key'],
alg=alg,
usage=KeyOps.ENCRYPT)
kek = create_cose_key(SymmetricKey,
test_input['enveloped']['recipients'][0]['key'],
alg=CoseAlgorithms.DIRECT.id,
usage=KeyOps.WRAP)
# create the recipients
r_info = test_input['enveloped']['recipients'][0]
recipient = CoseRecipient(phdr=r_info.get('protected', {}),
uhdr=r_info.get('unprotected', {}),
payload=cek.k)
m.recipients.append(recipient)
# verify encoding (with automatic encryption)
if fail:
assert m.encode(key=cek, nonce=nonce, enc_params=[RcptParams(
key=kek)]) != unhexlify(test_output)
else:
# test encoding/protection
assert m.encode(key=cek, nonce=nonce,
enc_params=[RcptParams(key=kek)
]) == unhexlify(test_output)
def test_ec2sign1_encoding(setup_ec2sign1_tests) -> None:
_, test_input, test_output, test_intermediate, fail = setup_ec2sign1_tests
sign1 = Sign1Message(phdr=test_input['sign0'].get('protected', {}),
uhdr=test_input['sign0'].get('unprotected', {}),
payload=test_input.get('plaintext',
'').encode('utf-8'),
external_aad=unhexlify(test_input['sign0'].get(
"external", b'')))
assert sign1._sig_structure == unhexlify(test_intermediate["ToBeSign_hex"])
private_key = create_cose_key(EC2,
test_input['sign0']['key'],
usage=KeyOps.SIGN,
alg=extract_alg(test_input["sign0"]))
if fail:
assert sign1.encode(private_key) != unhexlify(test_output)
else:
assert sign1.encode(private_key) == unhexlify(test_output)
def test_ec2sign1_decoding(setup_ec2sign1_tests) -> None:
_, test_input, test_output, test_intermediate, fail = setup_ec2sign1_tests
if fail:
skip("invalid test input")
cose_msg: Sign1Message = CoseMessage.decode(unhexlify(test_output))
assert cose_msg.phdr == test_input['sign0'].get('protected', {})
assert cose_msg.uhdr == test_input['sign0'].get('unprotected', {})
assert cose_msg.payload == test_input.get('plaintext', "").encode('utf-8')
# set up potential external data
cose_msg.external_aad = unhexlify(test_input['sign0'].get("external", b''))
public_key = create_cose_key(EC2,
test_input['sign0']['key'],
usage=KeyOps.VERIFY,
alg=extract_alg(test_input["sign0"]))
assert cose_msg.verify_signature(public_key)
def test_mac0_decoding(setup_mac0_tests: tuple) -> None:
_, test_input, test_output, test_intermediate, fail = setup_mac0_tests
if fail:
skip("invalid test input")
cose_msg: Mac0Message = CoseMessage.decode(unhexlify(test_output))
assert cose_msg.phdr == test_input['mac0'].get('protected', {})
assert cose_msg.uhdr == test_input['mac0'].get('unprotected', {})
assert cose_msg.payload == test_input.get('plaintext', "").encode('utf-8')
# set up potential external data
cose_msg.external_aad = unhexlify(test_input['mac0'].get("external", b''))
cek = create_cose_key(SymmetricKey,
test_input['mac0']["recipients"][0]["key"],
alg=extract_alg(test_input["mac0"]),
usage=KeyOps.MAC_VERIFY)
assert cek.k == unhexlify(test_intermediate["CEK_hex"])
assert cose_msg.verify_tag(cek)
def test_mac0_encoding(setup_mac0_tests: tuple) -> None:
title, test_input, test_output, test_intermediate, fail = setup_mac0_tests
mac0: Mac0Message = Mac0Message(
phdr=test_input['mac0'].get('protected', {}),
uhdr=test_input['mac0'].get('unprotected', {}),
payload=test_input.get('plaintext', '').encode('utf-8'),
external_aad=unhexlify(test_input['mac0'].get("external", b'')))
assert mac0._mac_structure == unhexlify(test_intermediate["ToMac_hex"])
cek = create_cose_key(SymmetricKey,
test_input['mac0']["recipients"][0]["key"],
alg=extract_alg(test_input["mac0"]),
usage=KeyOps.MAC_CREATE)
assert cek.k == unhexlify(test_intermediate["CEK_hex"])
# verify encoding (with automatic tag computation)
if fail:
assert mac0.encode(key=cek) != unhexlify(test_output)
else:
assert mac0.encode(key=cek) == unhexlify(test_output)
def test_encrypt_ecdh_wrap_decode(setup_encrypt_ecdh_wrap_tests: tuple):
_, test_input, test_output, test_intermediate, fail = setup_encrypt_ecdh_wrap_tests
# DECODING
# parse message and test for headers
md: EncMessage = CoseMessage.decode(unhexlify(test_output))
assert md.phdr == extract_phdr(test_input, 'enveloped')
assert md.uhdr == extract_uhdr(test_input, 'enveloped', 1)
# check for external data and verify internal _enc_structure
md.external_aad = unhexlify(test_input['enveloped'].get('external', b''))
assert md._enc_structure == unhexlify(test_intermediate['AAD_hex'])
recipient = test_input['enveloped']['recipients'][0]
assert md.recipients[0].phdr == recipient.get('protected', {})
# do not verify unprotected header since it contains the ephemeral public key of the sender
# assert m.recipients[0].uhdr == rcpt.get('unprotected', {})
rcvr_skey, sender_key = setup_ec_receiver_keys(
recipient, md.recipients[0].uhdr.get(CoseHeaderKeys.EPHEMERAL_KEY))
# create context KDF
s = SuppPubInfo(
len(test_intermediate['recipients'][0]['KEK_hex']) * 4,
md.recipients[0].encode_phdr())
if md.recipients[0].phdr[CoseHeaderKeys.ALG] in {
CoseAlgorithms.ECDH_ES_A192KW.id, CoseAlgorithms.ECDH_SS_A192KW.id
}:
kdf_ctx = CoseKDFContext(CoseAlgorithms.A192KW.id, PartyInfo(),
PartyInfo(), s)
elif md.recipients[0].phdr[CoseHeaderKeys.ALG] in {
CoseAlgorithms.ECDH_ES_A128KW.id, CoseAlgorithms.ECDH_SS_A128KW.id
}:
kdf_ctx = CoseKDFContext(CoseAlgorithms.A128KW.id, PartyInfo(),
PartyInfo(), s)
elif md.recipients[0].phdr[CoseHeaderKeys.ALG] in {
CoseAlgorithms.ECDH_ES_A256KW.id, CoseAlgorithms.ECDH_SS_A256KW.id
}:
kdf_ctx = CoseKDFContext(CoseAlgorithms.A256KW.id, PartyInfo(),
PartyInfo(), s)
else:
raise ValueError("Missed an algorithm?")
assert kdf_ctx.encode() == unhexlify(
test_intermediate['recipients'][0]['Context_hex'])
secret, kek = CoseRecipient.derive_kek(rcvr_skey,
sender_key,
context=kdf_ctx,
expose_secret=True)
assert secret == unhexlify(
test_intermediate['recipients'][0]['Secret_hex'])
assert kek == unhexlify(test_intermediate['recipients'][0]['KEK_hex'])
r1 = md.recipients[0]
cek = r1.decrypt(key=SymmetricKey(k=kek, alg=r1.phdr[CoseHeaderKeys.ALG]))
assert cek == unhexlify(test_intermediate['CEK_hex'])
cek = SymmetricKey(k=cek, alg=extract_alg(test_input["enveloped"]))
pld = md.decrypt(key=cek, nonce=extract_nonce(test_input, 1))
assert pld == test_input['plaintext'].encode('utf-8')
def test_encrypt_ecdh_direct_decode_encode(
setup_encrypt_ecdh_direct_tests: tuple) -> None:
_, test_input, test_output, test_intermediate, fail = setup_encrypt_ecdh_direct_tests
# DECODING
# parse message and test for headers
md: EncMessage = CoseMessage.decode(unhexlify(test_output))
assert md.phdr == extract_phdr(test_input, 'enveloped')
assert md.uhdr == extract_uhdr(test_input, 'enveloped', 1)
# check for external data and verify internal _enc_structure
md.external_aad = unhexlify(test_input['enveloped'].get('external', b''))
assert md._enc_structure == unhexlify(test_intermediate['AAD_hex'])
# verify the receiver and set up the keying material
recipient = test_input['enveloped']['recipients'][0]
assert md.recipients[0].phdr == recipient.get('protected', {})
# do not verify unprotected header since it contains the ephemeral public key of the sender
# assert m.recipients[0].uhdr == rcpt.get('unprotected', {})
rcvr_skey, sender_key = setup_ec_receiver_keys(
recipient, md.recipients[0].uhdr.get(CoseHeaderKeys.EPHEMERAL_KEY))
# create context KDF
v = PartyInfo()
u = PartyInfo(nonce=unhexlify(test_input['rng_stream'][0])
) if "sender_key" in recipient else PartyInfo()
s = SuppPubInfo(
len(test_intermediate['CEK_hex']) * 4, md.recipients[0].encode_phdr())
kdf_ctx = CoseKDFContext(md.phdr[CoseHeaderKeys.ALG], u, v, s)
assert kdf_ctx.encode() == unhexlify(
test_intermediate['recipients'][0]['Context_hex'])
secret, kek_bytes = CoseRecipient.derive_kek(rcvr_skey,
sender_key,
context=kdf_ctx,
expose_secret=True)
assert secret == unhexlify(
test_intermediate['recipients'][0]['Secret_hex'])
assert kek_bytes == unhexlify(test_intermediate['CEK_hex'])
alg = extract_alg(test_input['enveloped'])
cek = SymmetricKey(k=kek_bytes)
nonce = extract_nonce(test_input, 1)
assert md.decrypt(nonce=nonce, alg=alg,
key=cek) == test_input['plaintext'].encode('utf-8')
# ENCODING
me = EncMessage(phdr=test_input['enveloped'].get("protected", {}),
uhdr=test_input['enveloped'].get("unprotected", {}),
payload=test_input['plaintext'].encode('utf-8'))
if 'rng_stream' in test_input:
me.uhdr_update(
{CoseHeaderKeys.IV: unhexlify(test_input['rng_stream'][1])})
# Set up recipients and keys
recipient = test_input['enveloped']['recipients'][0]
if 'sender_key' in recipient:
r1 = CoseRecipient(phdr=recipient.get('protected', {}))
r1.uhdr_update(
{CoseHeaderKeys.STATIC_KEY: sender_key.encode('crv', 'x', 'y')})
r1.uhdr_update(recipient.get('unprotected', {}))
r1.uhdr_update({
CoseHeaderKeys.PARTY_U_NONCE:
unhexlify(test_input['rng_stream'][0])
})
else:
r1 = CoseRecipient(phdr=recipient.get('protected', {}))
r1.uhdr_update(
{CoseHeaderKeys.EPHEMERAL_KEY: sender_key.encode('crv', 'x', 'y')})
r1.uhdr_update(recipient.get('unprotected', {}))
# append the first and only recipient
me.recipients.append(r1)
# set up cek
cek = SymmetricKey(k=kek_bytes, alg=alg)
kek = SymmetricKey(k=kek_bytes, alg=CoseAlgorithms.DIRECT.id)
# without sorting probably does not match because the order of the recipient elements is not the same
assert sorted(
me.encode(key=cek, nonce=nonce,
enc_params=[RcptParams(key=kek)
])) == sorted(unhexlify(test_output))
