def test_x448_unsupported(backend): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM): X448PublicKey.from_public_bytes(b"0" * 56) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM): X448PrivateKey.from_private_bytes(b"0" * 56) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM): X448PrivateKey.generate()
def test_x448_with_the_official_test_vectors(self) -> None: sk_alice_ = X448PrivateKey.from_private_bytes(TestX448.sk_alice) sk_bob_ = X448PrivateKey.from_private_bytes(TestX448.sk_bob) self.assertEqual(X448.derive_public_key(sk_alice_), TestX448.pk_alice) self.assertEqual(X448.derive_public_key(sk_bob_), TestX448.pk_bob) shared_secret1 = X448.shared_key(sk_alice_, TestX448.pk_bob) shared_secret2 = X448.shared_key(sk_bob_, TestX448.pk_alice) self.assertEqual(shared_secret1, blake2b(TestX448.shared_secret)) self.assertEqual(shared_secret2, blake2b(TestX448.shared_secret))
def shared_secret(private_key: 'CK', public_key: 'CK') -> bytes: """ Compute the shared secret. """ if public_key.crv == X25519: d = X25519PrivateKey.from_private_bytes(private_key.d) x = X25519PublicKey.from_public_bytes(public_key.x) secret = d.exchange(x) elif public_key.crv == X448: d = X448PrivateKey.from_private_bytes(private_key.d) x = X448PublicKey.from_public_bytes(public_key.x) secret = d.exchange(x) elif public_key.crv == P256: d = ec.derive_private_key(int(hexlify(private_key.d), 16), SECP256R1(), default_backend()) x = ec.EllipticCurvePublicNumbers(int(hexlify(public_key.x), 16), int(hexlify(public_key.y), 16), SECP256R1()) x = x.public_key() secret = d.exchange(ec.ECDH(), x) else: raise CoseIllegalCurve(f"{public_key.crv} is unsupported") return secret
def deserialize(cls, serialized_dh): if not isinstance(serialized_dh, dict): raise TypeError("serialized_dh must be of type: dict") private_key = X448PrivateKey.from_private_bytes( bytes.fromhex(serialized_dh["private_key"])) return cls(private_key)
def test_x448(backend, wycheproof): assert set(wycheproof.testgroup.items()) == { ("curve", "curve448"), ("type", "XdhComp"), } private_key = X448PrivateKey.from_private_bytes( binascii.unhexlify(wycheproof.testcase["private"])) public_key_bytes = binascii.unhexlify(wycheproof.testcase["public"]) if len(public_key_bytes) == 57: assert wycheproof.acceptable assert wycheproof.has_flag("NonCanonicalPublic") with pytest.raises(ValueError): X448PublicKey.from_public_bytes(public_key_bytes) return public_key = X448PublicKey.from_public_bytes(public_key_bytes) assert wycheproof.valid or wycheproof.acceptable expected = binascii.unhexlify(wycheproof.testcase["shared"]) if expected == b"\x00" * 56: assert wycheproof.acceptable # OpenSSL returns an error on all zeros shared key with pytest.raises(ValueError): private_key.exchange(public_key) else: assert private_key.exchange(public_key) == expected
def get_shared_secret(client_private_key, server_public_key, cryptographic_group): # x25519 (x00 x1d) if cryptographic_group == b"\x00\x1d": private_key = X25519PrivateKey.from_private_bytes( client_private_key) public_key = X25519PublicKey.from_public_bytes(server_public_key) return private_key.exchange(public_key) # x448 (x00 x1e) elif cryptographic_group == b"\x00\x1e": private_key = X448PrivateKey.from_private_bytes(client_private_key) public_key = X448PublicKey.from_public_bytes(server_public_key) return private_key.exchange(public_key) # secp256r1 (x00 x17) elif cryptographic_group == b"\x00\x17": return Crypto_Helper.get_shared_secret_secpr1( client_private_key, server_public_key, SECP256R1) # secp384r1 (x00 x18) elif cryptographic_group == b"\x00\x18": return Crypto_Helper.get_shared_secret_secpr1( client_private_key, server_public_key, SECP384R1) # secp521r1 (x00 x19) elif cryptographic_group == b"\x00\x19": return Crypto_Helper.get_shared_secret_secpr1( client_private_key, server_public_key, SECP521R1)
def test_rfc7748(self, vector, backend): private = binascii.unhexlify(vector["input_scalar"]) public = binascii.unhexlify(vector["input_u"]) shared_key = binascii.unhexlify(vector["output_u"]) private_key = X448PrivateKey.from_private_bytes(private) public_key = X448PublicKey.from_public_bytes(public) computed_shared_key = private_key.exchange(public_key) assert computed_shared_key == shared_key
def test_rfc7748(self, vector, backend): private = binascii.unhexlify(vector["input_scalar"]) public = binascii.unhexlify(vector["input_u"]) shared_key = binascii.unhexlify(vector["output_u"]) private_key = X448PrivateKey.from_private_bytes(private) public_key = X448PublicKey.from_public_bytes(public) computed_shared_key = private_key.exchange(public_key) assert computed_shared_key == shared_key
def test_rfc7748_1000_iteration(self, backend): old_private = private = public = binascii.unhexlify( b"05000000000000000000000000000000000000000000000000000000" b"00000000000000000000000000000000000000000000000000000000") shared_key = binascii.unhexlify( b"aa3b4749d55b9daf1e5b00288826c467274ce3ebbdd5c17b975e09d4" b"af6c67cf10d087202db88286e2b79fceea3ec353ef54faa26e219f38") private_key = X448PrivateKey.from_private_bytes(private) public_key = X448PublicKey.from_public_bytes(public) for _ in range(1000): computed_shared_key = private_key.exchange(public_key) private_key = X448PrivateKey.from_private_bytes( computed_shared_key) public_key = X448PublicKey.from_public_bytes(old_private) old_private = computed_shared_key assert computed_shared_key == shared_key
def test_buffer_protocol(self, backend): private_bytes = binascii.unhexlify( b"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28d" b"d9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b") key = X448PrivateKey.from_private_bytes(bytearray(private_bytes)) assert key.private_bytes(serialization.Encoding.Raw, serialization.PrivateFormat.Raw, serialization.NoEncryption()) == private_bytes
def test_buffer_protocol(self, backend): private_bytes = binascii.unhexlify( b"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28d" b"d9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b" ) key = X448PrivateKey.from_private_bytes(bytearray(private_bytes)) assert key.private_bytes( serialization.Encoding.Raw, serialization.PrivateFormat.Raw, serialization.NoEncryption() ) == private_bytes
def test_rfc7748_1000_iteration(self, backend): old_private = private = public = binascii.unhexlify( b"05000000000000000000000000000000000000000000000000000000" b"00000000000000000000000000000000000000000000000000000000" ) shared_key = binascii.unhexlify( b"aa3b4749d55b9daf1e5b00288826c467274ce3ebbdd5c17b975e09d4" b"af6c67cf10d087202db88286e2b79fceea3ec353ef54faa26e219f38" ) private_key = X448PrivateKey.from_private_bytes(private) public_key = X448PublicKey.from_public_bytes(public) for _ in range(1000): computed_shared_key = private_key.exchange(public_key) private_key = X448PrivateKey.from_private_bytes( computed_shared_key ) public_key = X448PublicKey.from_public_bytes(old_private) old_private = computed_shared_key assert computed_shared_key == shared_key
def test_pub_priv_bytes_raw(self, private_bytes, public_bytes, backend): private_key = X448PrivateKey.from_private_bytes(private_bytes) assert private_key.private_bytes( serialization.Encoding.Raw, serialization.PrivateFormat.Raw, serialization.NoEncryption()) == private_bytes assert private_key.public_key().public_bytes( serialization.Encoding.Raw, serialization.PublicFormat.Raw) == public_bytes public_key = X448PublicKey.from_public_bytes(public_bytes) assert public_key.public_bytes( serialization.Encoding.Raw, serialization.PublicFormat.Raw) == public_bytes
def test_pub_priv_bytes_raw(self, private_bytes, public_bytes, backend): private_key = X448PrivateKey.from_private_bytes(private_bytes) assert private_key.private_bytes( serialization.Encoding.Raw, serialization.PrivateFormat.Raw, serialization.NoEncryption() ) == private_bytes assert private_key.public_key().public_bytes( serialization.Encoding.Raw, serialization.PublicFormat.Raw ) == public_bytes public_key = X448PublicKey.from_public_bytes(public_bytes) assert public_key.public_bytes( serialization.Encoding.Raw, serialization.PublicFormat.Raw ) == public_bytes
def shared_secret(private_key: Key, public_key: Key) -> bytes: """ Compute the shared secret. """ if public_key.crv == CoseEllipticCurves.X25519: d = X25519PrivateKey.from_private_bytes(private_key.d) x = X25519PublicKey.from_public_bytes(public_key.x) elif public_key.crv == CoseEllipticCurves.X448: d = X448PrivateKey.from_private_bytes(private_key.d) x = X448PublicKey.from_public_bytes(public_key.x) elif public_key.crv == CoseEllipticCurves.P_256: d = ec.derive_private_key(int(hexlify(private_key.d), 16), config_cose(public_key.crv).curve[1](), default_backend()) x = ec.EllipticCurvePublicNumbers( int(hexlify(public_key.x), 16), int(hexlify(public_key.y), 16), config_cose(public_key.crv).curve[1]()) else: raise CoseIllegalCurve(f"{public_key.crv} is unsupported") secret = d.exchange(x) return secret
def test_invalid_length_from_private_bytes(self, backend): with pytest.raises(ValueError): X448PrivateKey.from_private_bytes(b"a" * 55) with pytest.raises(ValueError): X448PrivateKey.from_private_bytes(b"a" * 57)
def test_invalid_length_from_private_bytes(self, backend): with pytest.raises(ValueError): X448PrivateKey.from_private_bytes(b"a" * 55) with pytest.raises(ValueError): X448PrivateKey.from_private_bytes(b"a" * 57)
def __init__(self, params: Dict[int, Any]): super().__init__(params) self._public_key: Any = None self._private_key: Any = None self._hash_alg: Any = None self._x = None self._d = None # Validate kty. if params[1] != 1: raise ValueError("kty(1) should be OKP(1).") # Validate crv. if -1 not in params: raise ValueError("crv(-1) not found.") self._crv = params[-1] if not isinstance(self._crv, int): raise ValueError("crv(-1) should be int.") if self._crv not in [4, 5, 6, 7]: raise ValueError( f"Unsupported or unknown crv(-1) for OKP: {self._crv}.") if self._crv in [4, 5]: if not self._alg: raise ValueError("X25519/X448 needs alg explicitly.") if self._alg in [-25, -27]: self._hash_alg = hashes.SHA256 elif self._alg in [-26, -28]: self._hash_alg = hashes.SHA512 else: raise ValueError( f"Unsupported or unknown alg used with X25519/X448: {self._alg}." ) # Validate alg and key_ops. if self._key_ops: if set(self._key_ops) & set([3, 4, 5, 6, 9, 10]): raise ValueError( "Unknown or not permissible key_ops(4) for OKP.") else: if self._crv in [4, 5]: self._key_ops = [7, 8] if -4 in params else [] else: # self._crv in [6, 7] self._key_ops = [1, 2] if -4 in params else [2] if self._alg: if self._alg in COSE_ALGORITHMS_SIG_OKP.values(): if -4 in params: # private key for signing. if not (set(self._key_ops) & set([1, 2])): raise ValueError("Invalid key_ops for signing key.") if set(self._key_ops) & set([7, 8]): raise ValueError( "Signing key should not be used for key derivation." ) else: # public key for signing. if 2 not in self._key_ops or len(self._key_ops) != 1: raise ValueError("Invalid key_ops for public key.") elif self._alg in COSE_ALGORITHMS_CKDM_KEY_AGREEMENT.values(): if -4 in params: # private key for key derivation. if not (set(self._key_ops) & set([7, 8])): raise ValueError("Invalid key_ops for key derivation.") if set(self._key_ops) & set([1, 2]): raise ValueError( "Private key for ECDHE should not be used for signing." ) else: # public key for key derivation. if self._key_ops: raise ValueError( "Public key for ECDHE should not have key_ops.") else: raise ValueError( f"Unsupported or unknown alg(3) for OKP: {self._alg}.") else: if -4 in params: # private key. if set(self._key_ops) & set([1, 2]): # private key for signing. if set(self._key_ops) & set([7, 8]): raise ValueError( "OKP private key should not be used for both signing and key derivation." ) self._alg = -8 # EdDSA else: # public key. if 2 in self._key_ops: if len(self._key_ops) > 1: raise ValueError("Invalid key_ops for public key.") else: raise ValueError("Invalid key_ops for public key.") if self._alg in COSE_ALGORITHMS_CKDM_KEY_AGREEMENT_ES.values(): if -2 not in params: return # Validate x. if -2 not in params: raise ValueError("x(-2) not found.") if not isinstance(params[-2], bytes): raise ValueError("x(-2) should be bytes(bstr).") self._x = params[-2] try: if -4 not in params: if self._crv == 4: # X25519 self._public_key = X25519PublicKey.from_public_bytes( self._x) elif self._crv == 5: # X448 self._public_key = X448PublicKey.from_public_bytes(self._x) elif self._crv == 6: # Ed25519 self._public_key = Ed25519PublicKey.from_public_bytes( self._x) else: # self._crv == 7 (Ed448) self._public_key = Ed448PublicKey.from_public_bytes( self._x) self._key = self._public_key return except ValueError as err: raise ValueError("Invalid key parameter.") from err if not isinstance(params[-4], bytes): raise ValueError("d(-4) should be bytes(bstr).") try: self._d = params[-4] if self._crv == 4: # X25519 self._private_key = X25519PrivateKey.from_private_bytes( self._d) elif self._crv == 5: # X448 self._private_key = X448PrivateKey.from_private_bytes(self._d) elif self._crv == 6: # Ed25519 self._private_key = Ed25519PrivateKey.from_private_bytes( self._d) else: # self._crv == 7 (Ed448) self._private_key = Ed448PrivateKey.from_private_bytes(self._d) self._key = self._private_key except ValueError as err: raise ValueError("Invalid key parameter.") from err return