def test_ecdh_direct_hkdf_extract_with_invalid_private_key( self, recipient_public_key): rec = Recipient.from_jwk({ "kty": "EC", "crv": "P-256", "alg": "ECDH-ES+HKDF-256" }) enc_key = rec.apply(recipient_key=recipient_public_key, context={"alg": "A128GCM"}) ctx = COSE.new(alg_auto_inclusion=True) encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key, recipients=[rec]) another_priv_key = COSEKey.from_jwk({ "kty": "EC", "alg": "ECDH-ES+HKDF-256", "kid": "01", "crv": "P-256", "x": "-eZXC6nV-xgthy8zZMCN8pcYSeE2XfWWqckA2fsxHPc", "y": "BGU5soLgsu_y7GN2I3EPUXS9EZ7Sw0qif-V70JtInFI", "d": "kwibx3gas6Kz1V2fyQHKSnr-ybflddSjN0eOnbmLmyo", }) with pytest.raises(DecodeError) as err: ctx.decode(encoded, another_priv_key, context={"alg": "A128GCM"}) pytest.fail("decode() should fail.") assert "Failed to decrypt." in str(err.value)
def test_ecdh_direct_hkdf_apply_with_ecdh_ss_p256(self): rec = Recipient.from_jwk({ "kty": "EC", "alg": "ECDH-SS+HKDF-256", "d": "kwibx3gas6Kz1V2fyQHKSnr-ybflddSjN0eOnbmLmyo", "crv": "P-256", "kid": "01", "x": "-eZXC6nV-xgthy8zZMCN8pcYSeE2XfWWqckA2fsxHPc", "y": "BGU5soLgsu_y7GN2I3EPUXS9EZ7Sw0qif-V70JtInFI", }) with open(key_path("public_key_es256.pem")) as key_file: pub_key = COSEKey.from_pem(key_file.read(), kid="01") enc_key = rec.apply(recipient_key=pub_key, salt=token_bytes(32), context={"alg": "A128GCM"}) ctx = COSE.new(alg_auto_inclusion=True) encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key, recipients=[rec]) with open(key_path("private_key_es256.pem")) as key_file: priv_key = COSEKey.from_pem(key_file.read(), kid="01", alg="ECDH-SS+HKDF-256") assert b"Hello world!" == ctx.decode(encoded, priv_key, context={"alg": "A128GCM"})
def test_ecdh_direct_hkdf_apply_with_party_u_nonce(self): nonce = token_bytes(32) rec = Recipient.from_jwk({ "kty": "EC", "crv": "P-256", "alg": "ECDH-ES+HKDF-256" }) with open(key_path("public_key_es256.pem")) as key_file: pub_key = COSEKey.from_pem(key_file.read(), kid="01") context = [ 1, [None, nonce, None], [None, None, None], [128, cbor2.dumps({1: -25})], ] enc_key = rec.apply(recipient_key=pub_key, context=context) assert nonce == rec._unprotected[-22] ctx = COSE.new(alg_auto_inclusion=True) encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key, recipients=[rec]) with open(key_path("private_key_es256.pem")) as key_file: priv_key = COSEKey.from_pem(key_file.read(), kid="01", alg="ECDH-ES+HKDF-256") assert b"Hello world!" == ctx.decode(encoded, priv_key, context=context)
def test_ecdh_direct_hkdf_apply_without_salt(self): rec = Recipient.from_jwk({ "kty": "EC", "crv": "P-256", "alg": "ECDH-ES+HKDF-256" }) with open(key_path("public_key_es256.pem")) as key_file: pub_key = COSEKey.from_pem(key_file.read(), kid="01") enc_key = rec.apply( recipient_key=pub_key, context=[ 1, [None, None, None], [None, None, None], [128, cbor2.dumps({1: -25})], ], ) ctx = COSE.new(alg_auto_inclusion=True) encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key, recipients=[rec]) with open(key_path("private_key_es256.pem")) as key_file: priv_key = COSEKey.from_pem(key_file.read(), kid="01", alg="ECDH-ES+HKDF-256") assert b"Hello world!" == ctx.decode(encoded, priv_key, context={"alg": "A128GCM"})
def test_ecdh_direct_hkdf_apply_with_ecdh_ss_p521_with_default_salt(self): rec = Recipient.from_jwk({ "kty": "EC", "alg": "ECDH-SS+HKDF-512", "d": "ADYyo73ZKicOjwGDYQ_ybZKnVzdAcxGm9OVAxQjzgVM4jaS-Iwtkz90oLdDz3shgKlDgtRK2Aa9lMhqR94hBo4IE", "crv": "P-521", "kid": "01", "x": "APkZitSJMJUMB-iPCt47sWu_CrnUHg6IAR4qjmHON-2u41Rjg6DNOS0LZYJJt-AVH5NgGVi8ElIfjo71b9HXCTOc", "y": "ASx-Cb--149HJ-e1KlSaY-1BOhwOdcTkxSt8BGbW7_hnGfzHsoXM3ywwNcp1Yad-FHUKwmCyMelMQEn2Rh4V2l3I", "salt": "aabbccddeeff", }) with open(key_path("public_key_es512.pem")) as key_file: pub_key = COSEKey.from_pem(key_file.read(), kid="01") enc_key = rec.apply(recipient_key=pub_key, context={"alg": "A128GCM"}) ctx = COSE.new(alg_auto_inclusion=True) encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key, recipients=[rec]) with open(key_path("private_key_es512.pem")) as key_file: priv_key = COSEKey.from_pem(key_file.read(), kid="01", alg="ECDH-SS+HKDF-512") assert b"Hello world!" == ctx.decode(encoded, priv_key, context={"alg": "A128GCM"})
def test_ecdh_direct_hkdf_through_cose_api(self, recipient_public_key, recipient_private_key): rec = Recipient.from_jwk({ "kty": "EC", "crv": "P-256", "alg": "ECDH-ES+HKDF-256" }) enc_key = rec.apply(recipient_key=recipient_public_key, context={"alg": "A128GCM"}) ctx = COSE.new(alg_auto_inclusion=True) encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key, recipients=[rec]) assert b"Hello world!" == ctx.decode(encoded, recipient_private_key, context={"alg": "A128GCM"})
def test_ecdh_direct_hkdf_through_cose_api_with_ecdh_es( self, alg, crv, private_key_path, public_key_path): sender_key = COSEKey.new({1: 2, -1: crv, 3: alg}) rec = Recipient.new(protected={1: alg}, sender_key=sender_key) with open(key_path(public_key_path)) as key_file: pub_key = COSEKey.from_pem(key_file.read(), kid="01") enc_key = rec.apply(recipient_key=pub_key, context={"alg": "A128GCM"}) ctx = COSE.new(alg_auto_inclusion=True) encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key, recipients=[rec]) with open(key_path(private_key_path)) as key_file: priv_key = COSEKey.from_pem(key_file.read(), kid="01", alg=alg) assert b"Hello world!" == ctx.decode(encoded, priv_key, context={"alg": "A128GCM"})
def test_ecdh_aes_key_wrap_through_cose_api(self, recipient_public_key, recipient_private_key): enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305") rec = Recipient.from_jwk({ "kty": "EC", "crv": "P-256", "alg": "ECDH-ES+A128KW" }) rec.apply(enc_key, recipient_key=recipient_public_key, context={"alg": "A128GCM"}) ctx = COSE.new(alg_auto_inclusion=True) encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key, recipients=[rec]) assert b"Hello world!" == ctx.decode(encoded, recipient_private_key, context={"alg": "A128GCM"})
def test_ecdh_aes_key_wrap_through_cose_api_without_kid(self): enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305") rec = Recipient.from_jwk({ "kty": "EC", "crv": "P-256", "alg": "ECDH-ES+A128KW" }) pub_key = COSEKey.from_jwk({ "kty": "EC", # "kid": "01", "crv": "P-256", "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", }) rec.apply(enc_key, recipient_key=pub_key, context={"alg": "A128GCM"}) ctx = COSE.new(alg_auto_inclusion=True) priv_key = COSEKey.from_jwk({ "kty": "EC", # "kid": "01", "alg": "ECDH-ES+A128KW", "crv": "P-256", "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8", }) encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key, recipients=[rec]) assert b"Hello world!" == ctx.decode(encoded, priv_key, context={"alg": "A128GCM"})
def test_ecdh_aes_key_wrap_extract_with_invalid_recipient_private_key( self, recipient_public_key): enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305") rec = Recipient.from_jwk({ "kty": "EC", "crv": "P-256", "alg": "ECDH-ES+A128KW" }) rec.apply(enc_key, recipient_key=recipient_public_key, context={"alg": "A128GCM"}) ctx = COSE.new(alg_auto_inclusion=True) recipient_private_key = COSEKey.from_jwk({ "kty": "EC", "kid": "01", # "alg": "ECDH-ES+A128KW", "crv": "P-256", "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8", }) encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key, recipients=[rec]) with pytest.raises(DecodeError) as err: ctx.decode(encoded, recipient_private_key, context={"alg": "A128GCM"}) pytest.fail("extract() should fail.") assert "Failed to decode key." in str(err.value)