def get_cose_mac0_pyload(cose, key=None):
msg = Mac0Message.decode(cose)
if key:
msg.key = key
try:
msg.verify_auth_tag(alg='HS256')
except Exception as e:
raise ValueError('Bad signature ({})'.format(e))
return msg.payload
def test_header_encoding(self):
for name_test, (a, b, c, d) in self.header_params.items():
mac0_msg = Mac0Message()
with self.subTest(name=name_test):
mac0_msg.add_to_headers(a, b, c)
if c == 'PROTECTED':
self.assertEqual(mac0_msg.encoded_protected_header, d, name_test)
if c == 'UNPROTECTED':
self.assertEqual(mac0_msg.unprotected_header, d, name_test)
def test_cose_mac1_creation(self):
for name_test, (a, b, x, c, d, e) in self.test_cose_mac1_creation_params.items():
with self.subTest(name=name_test):
mac0_msg = Mac0Message()
mac0_msg.protected_header = a
mac0_msg.unprotected_header = b
mac0_msg.external_aad = x
mac0_msg.payload = c
mac0_msg.key = d
alg = mac0_msg.find_in_headers('alg')
mac0_msg.compute_auth_tag(alg)
self.assertEqual(mac0_msg.encode(), e)
def test_mac0_encoding(setup_mac0_tests: tuple) -> None:
title, test_input, test_output, test_intermediate, fail = setup_mac0_tests
mac0: Mac0Message = Mac0Message(
phdr=test_input['mac0'].get('protected', {}),
uhdr=test_input['mac0'].get('unprotected', {}),
payload=test_input.get('plaintext', '').encode('utf-8'),
external_aad=unhexlify(test_input['mac0'].get("external", b'')))
assert mac0._mac_structure == unhexlify(test_intermediate["ToMac_hex"])
cek = create_cose_key(SymmetricKey,
test_input['mac0']["recipients"][0]["key"],
alg=extract_alg(test_input["mac0"]),
usage=KeyOps.MAC_CREATE)
assert cek.k == unhexlify(test_intermediate["CEK_hex"])
# verify encoding (with automatic tag computation)
if fail:
assert mac0.encode(key=cek) != unhexlify(test_output)
else:
assert mac0.encode(key=cek) == unhexlify(test_output)
def hmac_eat(token, key=None):
hmac_msg = Mac0Message(payload=token, key=key)
hmac_msg.compute_auth_tag('HS256')
return hmac_msg.encode()
def test_header_find(self):
for name_test, (a, b, c, d) in self.header_find_params.items():
with self.subTest(name=name_test):
mac0_msg = Mac0Message()
mac0_msg.add_to_headers(a, b, c)
self.assertEqual(mac0_msg.find_in_headers(a), d, name_test)
def test_encoding(self):
util = TestUtilities()
for test in util.get_next_test(
os.path.join(TEST_ROOT, 'testcases', 'mac0-tests')):
test_name = test['title']
test_input = test['input']
test_intermediates = test['intermediates']
test_output = test['output']
mac0_msg = Mac0Message()
with self.subTest(name=test_name):
mac0_msg.payload = test_input['plaintext']
try:
mac0_msg.protected_header = test_input['mac0']['protected']
except KeyError:
pass
try:
mac0_msg.unprotected_header = test_input['mac0'][
'unprotected']
except KeyError:
pass
try:
mac0_msg.external_aad = unhexlify(
test_input['mac0']['external'])
except KeyError:
pass
mac0_msg.key = crypto.base64decode(
test_input['mac0']['recipients'][0]['key']['k'])
self.assertEqual(mac0_msg._mac_structure,
unhexlify(test_intermediates["ToMac_hex"]))
self.assertEqual(mac0_msg.key,
unhexlify(test_intermediates["CEK_hex"]))
mac0_msg.compute_auth_tag(test_input['mac0']['alg'])
if 'failures' in test_input:
failure = test_input['failures']
if 'ChangeCBORTag' in failure:
mac0_msg.cbor_tag = failure['ChangeCBORTag']
self.assertEqual(mac0_msg.encode(),
unhexlify(test_output['cbor']))
elif 'ChangeTag' in failure:
decoded_msg = CoseMessage.decode(
unhexlify(test_output['cbor']))
self.assertAlmostEqual(
int(hexlify(mac0_msg.auth_tag), 16),
int(hexlify(decoded_msg.auth_tag), 16),
delta=1)
elif 'ChangeAttr' in failure:
if mac0_msg.protected_header:
mac0_msg.protected_header = failure["ChangeAttr"]
if mac0_msg.unprotected_header:
mac0_msg.unprotected_header = failure["ChangeAttr"]
self.assertEqual(mac0_msg.encode(),
unhexlify(test_output['cbor']))
elif "AddProtected" in failure:
mac0_msg.add_to_headers(failure["AddProtected"],
"PROTECTED")
self.assertEqual(mac0_msg.encode(),
unhexlify(test_output['cbor']))
elif "RemoveProtected" in failure:
mac0_msg.remove_from_headers(
failure["RemoveProtected"], "PROTECTED")
self.assertEqual(mac0_msg.encode(),
unhexlify(test_output['cbor']))
elif "RemoveCBORTag" in failure:
self.assertEqual(
hexlify(mac0_msg.encode())[2:],
hexlify(unhexlify(test_output['cbor'])))
elif "ChangeProtected" in failure:
with self.assertRaises(TypeError):
mac0_msg.protected_header = failure[
"ChangeProtected"]
else:
raise Exception(
"Test case {} failed.".format(test_name))
else:
self.assertEqual(mac0_msg.encode(),
unhexlify(test_output['cbor']))