コード例 #1
0
 def test_ecdh_direct_hkdf_extract_with_invalid_private_key(
         self, recipient_public_key):
     rec = Recipient.from_jwk({
         "kty": "EC",
         "crv": "P-256",
         "alg": "ECDH-ES+HKDF-256"
     })
     enc_key = rec.apply(recipient_key=recipient_public_key,
                         context={"alg": "A128GCM"})
     ctx = COSE.new(alg_auto_inclusion=True)
     encoded = ctx.encode_and_encrypt(b"Hello world!",
                                      enc_key,
                                      recipients=[rec])
     another_priv_key = COSEKey.from_jwk({
         "kty":
         "EC",
         "alg":
         "ECDH-ES+HKDF-256",
         "kid":
         "01",
         "crv":
         "P-256",
         "x":
         "-eZXC6nV-xgthy8zZMCN8pcYSeE2XfWWqckA2fsxHPc",
         "y":
         "BGU5soLgsu_y7GN2I3EPUXS9EZ7Sw0qif-V70JtInFI",
         "d":
         "kwibx3gas6Kz1V2fyQHKSnr-ybflddSjN0eOnbmLmyo",
     })
     with pytest.raises(DecodeError) as err:
         ctx.decode(encoded, another_priv_key, context={"alg": "A128GCM"})
         pytest.fail("decode() should fail.")
     assert "Failed to decrypt." in str(err.value)
コード例 #2
0
    def test_ecdh_direct_hkdf_apply_with_ecdh_ss_p256(self):
        rec = Recipient.from_jwk({
            "kty":
            "EC",
            "alg":
            "ECDH-SS+HKDF-256",
            "d":
            "kwibx3gas6Kz1V2fyQHKSnr-ybflddSjN0eOnbmLmyo",
            "crv":
            "P-256",
            "kid":
            "01",
            "x":
            "-eZXC6nV-xgthy8zZMCN8pcYSeE2XfWWqckA2fsxHPc",
            "y":
            "BGU5soLgsu_y7GN2I3EPUXS9EZ7Sw0qif-V70JtInFI",
        })
        with open(key_path("public_key_es256.pem")) as key_file:
            pub_key = COSEKey.from_pem(key_file.read(), kid="01")
        enc_key = rec.apply(recipient_key=pub_key,
                            salt=token_bytes(32),
                            context={"alg": "A128GCM"})
        ctx = COSE.new(alg_auto_inclusion=True)
        encoded = ctx.encode_and_encrypt(b"Hello world!",
                                         enc_key,
                                         recipients=[rec])

        with open(key_path("private_key_es256.pem")) as key_file:
            priv_key = COSEKey.from_pem(key_file.read(),
                                        kid="01",
                                        alg="ECDH-SS+HKDF-256")
        assert b"Hello world!" == ctx.decode(encoded,
                                             priv_key,
                                             context={"alg": "A128GCM"})
コード例 #3
0
    def test_ecdh_direct_hkdf_apply_with_party_u_nonce(self):
        nonce = token_bytes(32)
        rec = Recipient.from_jwk({
            "kty": "EC",
            "crv": "P-256",
            "alg": "ECDH-ES+HKDF-256"
        })
        with open(key_path("public_key_es256.pem")) as key_file:
            pub_key = COSEKey.from_pem(key_file.read(), kid="01")
        context = [
            1,
            [None, nonce, None],
            [None, None, None],
            [128, cbor2.dumps({1: -25})],
        ]
        enc_key = rec.apply(recipient_key=pub_key, context=context)
        assert nonce == rec._unprotected[-22]
        ctx = COSE.new(alg_auto_inclusion=True)
        encoded = ctx.encode_and_encrypt(b"Hello world!",
                                         enc_key,
                                         recipients=[rec])

        with open(key_path("private_key_es256.pem")) as key_file:
            priv_key = COSEKey.from_pem(key_file.read(),
                                        kid="01",
                                        alg="ECDH-ES+HKDF-256")
        assert b"Hello world!" == ctx.decode(encoded,
                                             priv_key,
                                             context=context)
コード例 #4
0
    def test_ecdh_direct_hkdf_apply_without_salt(self):
        rec = Recipient.from_jwk({
            "kty": "EC",
            "crv": "P-256",
            "alg": "ECDH-ES+HKDF-256"
        })
        with open(key_path("public_key_es256.pem")) as key_file:
            pub_key = COSEKey.from_pem(key_file.read(), kid="01")
        enc_key = rec.apply(
            recipient_key=pub_key,
            context=[
                1,
                [None, None, None],
                [None, None, None],
                [128, cbor2.dumps({1: -25})],
            ],
        )
        ctx = COSE.new(alg_auto_inclusion=True)
        encoded = ctx.encode_and_encrypt(b"Hello world!",
                                         enc_key,
                                         recipients=[rec])

        with open(key_path("private_key_es256.pem")) as key_file:
            priv_key = COSEKey.from_pem(key_file.read(),
                                        kid="01",
                                        alg="ECDH-ES+HKDF-256")
        assert b"Hello world!" == ctx.decode(encoded,
                                             priv_key,
                                             context={"alg": "A128GCM"})
コード例 #5
0
    def test_ecdh_direct_hkdf_apply_with_ecdh_ss_p521_with_default_salt(self):
        rec = Recipient.from_jwk({
            "kty": "EC",
            "alg": "ECDH-SS+HKDF-512",
            "d":
            "ADYyo73ZKicOjwGDYQ_ybZKnVzdAcxGm9OVAxQjzgVM4jaS-Iwtkz90oLdDz3shgKlDgtRK2Aa9lMhqR94hBo4IE",
            "crv": "P-521",
            "kid": "01",
            "x":
            "APkZitSJMJUMB-iPCt47sWu_CrnUHg6IAR4qjmHON-2u41Rjg6DNOS0LZYJJt-AVH5NgGVi8ElIfjo71b9HXCTOc",
            "y":
            "ASx-Cb--149HJ-e1KlSaY-1BOhwOdcTkxSt8BGbW7_hnGfzHsoXM3ywwNcp1Yad-FHUKwmCyMelMQEn2Rh4V2l3I",
            "salt": "aabbccddeeff",
        })
        with open(key_path("public_key_es512.pem")) as key_file:
            pub_key = COSEKey.from_pem(key_file.read(), kid="01")
        enc_key = rec.apply(recipient_key=pub_key, context={"alg": "A128GCM"})
        ctx = COSE.new(alg_auto_inclusion=True)
        encoded = ctx.encode_and_encrypt(b"Hello world!",
                                         enc_key,
                                         recipients=[rec])

        with open(key_path("private_key_es512.pem")) as key_file:
            priv_key = COSEKey.from_pem(key_file.read(),
                                        kid="01",
                                        alg="ECDH-SS+HKDF-512")
        assert b"Hello world!" == ctx.decode(encoded,
                                             priv_key,
                                             context={"alg": "A128GCM"})
コード例 #6
0
 def test_ecdh_direct_hkdf_through_cose_api(self, recipient_public_key,
                                            recipient_private_key):
     rec = Recipient.from_jwk({
         "kty": "EC",
         "crv": "P-256",
         "alg": "ECDH-ES+HKDF-256"
     })
     enc_key = rec.apply(recipient_key=recipient_public_key,
                         context={"alg": "A128GCM"})
     ctx = COSE.new(alg_auto_inclusion=True)
     encoded = ctx.encode_and_encrypt(b"Hello world!",
                                      enc_key,
                                      recipients=[rec])
     assert b"Hello world!" == ctx.decode(encoded,
                                          recipient_private_key,
                                          context={"alg": "A128GCM"})
コード例 #7
0
    def test_ecdh_direct_hkdf_through_cose_api_with_ecdh_es(
            self, alg, crv, private_key_path, public_key_path):
        sender_key = COSEKey.new({1: 2, -1: crv, 3: alg})
        rec = Recipient.new(protected={1: alg}, sender_key=sender_key)
        with open(key_path(public_key_path)) as key_file:
            pub_key = COSEKey.from_pem(key_file.read(), kid="01")
        enc_key = rec.apply(recipient_key=pub_key, context={"alg": "A128GCM"})
        ctx = COSE.new(alg_auto_inclusion=True)
        encoded = ctx.encode_and_encrypt(b"Hello world!",
                                         enc_key,
                                         recipients=[rec])

        with open(key_path(private_key_path)) as key_file:
            priv_key = COSEKey.from_pem(key_file.read(), kid="01", alg=alg)
        assert b"Hello world!" == ctx.decode(encoded,
                                             priv_key,
                                             context={"alg": "A128GCM"})
コード例 #8
0
 def test_ecdh_aes_key_wrap_through_cose_api(self, recipient_public_key,
                                             recipient_private_key):
     enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
     rec = Recipient.from_jwk({
         "kty": "EC",
         "crv": "P-256",
         "alg": "ECDH-ES+A128KW"
     })
     rec.apply(enc_key,
               recipient_key=recipient_public_key,
               context={"alg": "A128GCM"})
     ctx = COSE.new(alg_auto_inclusion=True)
     encoded = ctx.encode_and_encrypt(b"Hello world!",
                                      enc_key,
                                      recipients=[rec])
     assert b"Hello world!" == ctx.decode(encoded,
                                          recipient_private_key,
                                          context={"alg": "A128GCM"})
コード例 #9
0
 def test_ecdh_aes_key_wrap_through_cose_api_without_kid(self):
     enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
     rec = Recipient.from_jwk({
         "kty": "EC",
         "crv": "P-256",
         "alg": "ECDH-ES+A128KW"
     })
     pub_key = COSEKey.from_jwk({
         "kty":
         "EC",
         # "kid": "01",
         "crv":
         "P-256",
         "x":
         "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
         "y":
         "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
     })
     rec.apply(enc_key, recipient_key=pub_key, context={"alg": "A128GCM"})
     ctx = COSE.new(alg_auto_inclusion=True)
     priv_key = COSEKey.from_jwk({
         "kty":
         "EC",
         # "kid": "01",
         "alg":
         "ECDH-ES+A128KW",
         "crv":
         "P-256",
         "x":
         "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
         "y":
         "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
         "d":
         "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
     })
     encoded = ctx.encode_and_encrypt(b"Hello world!",
                                      enc_key,
                                      recipients=[rec])
     assert b"Hello world!" == ctx.decode(encoded,
                                          priv_key,
                                          context={"alg": "A128GCM"})
コード例 #10
0
 def test_ecdh_aes_key_wrap_extract_with_invalid_recipient_private_key(
         self, recipient_public_key):
     enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
     rec = Recipient.from_jwk({
         "kty": "EC",
         "crv": "P-256",
         "alg": "ECDH-ES+A128KW"
     })
     rec.apply(enc_key,
               recipient_key=recipient_public_key,
               context={"alg": "A128GCM"})
     ctx = COSE.new(alg_auto_inclusion=True)
     recipient_private_key = COSEKey.from_jwk({
         "kty":
         "EC",
         "kid":
         "01",
         # "alg": "ECDH-ES+A128KW",
         "crv":
         "P-256",
         "x":
         "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
         "y":
         "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
         "d":
         "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
     })
     encoded = ctx.encode_and_encrypt(b"Hello world!",
                                      enc_key,
                                      recipients=[rec])
     with pytest.raises(DecodeError) as err:
         ctx.decode(encoded,
                    recipient_private_key,
                    context={"alg": "A128GCM"})
         pytest.fail("extract() should fail.")
     assert "Failed to decode key." in str(err.value)