def test_encrypt_encoding(setup_encrypt_tests: tuple) -> None: title, test_input, test_output, test_intermediate, fail = setup_encrypt_tests alg = extract_alg(test_input["enveloped"]) nonce = extract_nonce( test_input, 0) if extract_nonce(test_input, 0) != b'' else extract_unsent_nonce( test_input, "enveloped") m = EncMessage(phdr=extract_phdr(test_input, 'enveloped'), uhdr=extract_uhdr(test_input, 'enveloped'), payload=test_input['plaintext'].encode('utf-8'), external_aad=unhexlify(test_input['enveloped'].get( 'external', b''))) # check for external data and verify internal _enc_structure assert m._enc_structure == unhexlify(test_intermediate['AAD_hex']) # set up the CEK and KEK cek = create_cose_key(SymmetricKey, test_input['enveloped']['recipients'][0]['key'], alg=alg, usage=KeyOps.ENCRYPT) kek = create_cose_key(SymmetricKey, test_input['enveloped']['recipients'][0]['key'], alg=CoseAlgorithms.DIRECT.id, usage=KeyOps.WRAP) # create the recipients r_info = test_input['enveloped']['recipients'][0] recipient = CoseRecipient(phdr=r_info.get('protected', {}), uhdr=r_info.get('unprotected', {}), payload=cek.k) m.recipients.append(recipient) # verify encoding (with automatic encryption) if fail: assert m.encode(key=cek, nonce=nonce, enc_params=[RcptParams( key=kek)]) != unhexlify(test_output) else: # test encoding/protection assert m.encode(key=cek, nonce=nonce, enc_params=[RcptParams(key=kek) ]) == unhexlify(test_output)
def test_cose_mac_creation(self): for name_test, (p, u, x, pld, r_p, r_u, key, solution) in self.test_cose_mac_creation_params.items(): mac_msg = MacMessage() with self.subTest(name=name_test): mac_msg.protected_header = p mac_msg.unprotected_header = u mac_msg.external_aad = x mac_msg.payload = pld rcp = CoseRecipient() rcp.protected_header = r_p rcp.unprotected_header = r_u mac_msg.recipients = rcp mac_msg.key = key try: alg = mac_msg.find_in_headers('alg') except KeyError: alg = mac_msg.find_in_recipients('alg') mac_msg.compute_auth_tag(alg) self.assertEqual(mac_msg.encode(), solution)
def test_mac_direct_encoding(setup_mac_tests: tuple) -> None: _, test_input, test_output, test_intermediate, fail = setup_mac_tests mac = MacMessage(phdr=test_input['mac'].get('protected', {}), uhdr=test_input['mac'].get('unprotected', {}), payload=test_input.get('plaintext', '').encode('utf-8'), external_aad=unhexlify(test_input['mac'].get( "external", b''))) assert mac._mac_structure == unhexlify(test_intermediate["ToMac_hex"]) alg = extract_alg(test_input["mac"]) # set up the CEK and KEK cek = create_cose_key(SymmetricKey, test_input['mac']['recipients'][0]['key'], alg=alg, usage=KeyOps.MAC_CREATE) kek = create_cose_key(SymmetricKey, test_input['mac']['recipients'][0]['key'], alg=CoseAlgorithms.DIRECT.id, usage=KeyOps.WRAP) assert cek.k == unhexlify(test_intermediate["CEK_hex"]) recipient = test_input["mac"]["recipients"][0] recipient = CoseRecipient(phdr=recipient.get('protected', {}), uhdr=recipient.get('unprotected', {}), payload=cek.k) mac.recipients.append(recipient) # verify encoding (with automatic tag computation) if fail: assert mac.encode(cek, mac_params=[RcptParams(key=kek) ]) != unhexlify(test_output) else: assert mac.encode(cek, mac_params=[RcptParams(key=kek) ]) == unhexlify(test_output)
def test_encrypt_ecdh_direct_decode_encode( setup_encrypt_ecdh_direct_tests: tuple) -> None: _, test_input, test_output, test_intermediate, fail = setup_encrypt_ecdh_direct_tests # DECODING # parse message and test for headers md: EncMessage = CoseMessage.decode(unhexlify(test_output)) assert md.phdr == extract_phdr(test_input, 'enveloped') assert md.uhdr == extract_uhdr(test_input, 'enveloped', 1) # check for external data and verify internal _enc_structure md.external_aad = unhexlify(test_input['enveloped'].get('external', b'')) assert md._enc_structure == unhexlify(test_intermediate['AAD_hex']) # verify the receiver and set up the keying material recipient = test_input['enveloped']['recipients'][0] assert md.recipients[0].phdr == recipient.get('protected', {}) # do not verify unprotected header since it contains the ephemeral public key of the sender # assert m.recipients[0].uhdr == rcpt.get('unprotected', {}) rcvr_skey, sender_key = setup_ec_receiver_keys( recipient, md.recipients[0].uhdr.get(CoseHeaderKeys.EPHEMERAL_KEY)) # create context KDF v = PartyInfo() u = PartyInfo(nonce=unhexlify(test_input['rng_stream'][0]) ) if "sender_key" in recipient else PartyInfo() s = SuppPubInfo( len(test_intermediate['CEK_hex']) * 4, md.recipients[0].encode_phdr()) kdf_ctx = CoseKDFContext(md.phdr[CoseHeaderKeys.ALG], u, v, s) assert kdf_ctx.encode() == unhexlify( test_intermediate['recipients'][0]['Context_hex']) secret, kek_bytes = CoseRecipient.derive_kek(rcvr_skey, sender_key, context=kdf_ctx, expose_secret=True) assert secret == unhexlify( test_intermediate['recipients'][0]['Secret_hex']) assert kek_bytes == unhexlify(test_intermediate['CEK_hex']) alg = extract_alg(test_input['enveloped']) cek = SymmetricKey(k=kek_bytes) nonce = extract_nonce(test_input, 1) assert md.decrypt(nonce=nonce, alg=alg, key=cek) == test_input['plaintext'].encode('utf-8') # ENCODING me = EncMessage(phdr=test_input['enveloped'].get("protected", {}), uhdr=test_input['enveloped'].get("unprotected", {}), payload=test_input['plaintext'].encode('utf-8')) if 'rng_stream' in test_input: me.uhdr_update( {CoseHeaderKeys.IV: unhexlify(test_input['rng_stream'][1])}) # Set up recipients and keys recipient = test_input['enveloped']['recipients'][0] if 'sender_key' in recipient: r1 = CoseRecipient(phdr=recipient.get('protected', {})) r1.uhdr_update( {CoseHeaderKeys.STATIC_KEY: sender_key.encode('crv', 'x', 'y')}) r1.uhdr_update(recipient.get('unprotected', {})) r1.uhdr_update({ CoseHeaderKeys.PARTY_U_NONCE: unhexlify(test_input['rng_stream'][0]) }) else: r1 = CoseRecipient(phdr=recipient.get('protected', {})) r1.uhdr_update( {CoseHeaderKeys.EPHEMERAL_KEY: sender_key.encode('crv', 'x', 'y')}) r1.uhdr_update(recipient.get('unprotected', {})) # append the first and only recipient me.recipients.append(r1) # set up cek cek = SymmetricKey(k=kek_bytes, alg=alg) kek = SymmetricKey(k=kek_bytes, alg=CoseAlgorithms.DIRECT.id) # without sorting probably does not match because the order of the recipient elements is not the same assert sorted( me.encode(key=cek, nonce=nonce, enc_params=[RcptParams(key=kek) ])) == sorted(unhexlify(test_output))