def test_okp_key_derive_key_with_raw_context(self): with open(key_path("private_key_x25519.pem")) as key_file: private_key = COSEKey.from_pem(key_file.read(), alg="ECDH-SS+HKDF-256") pub_key = COSEKey.from_jwk({ "kty": "OKP", "alg": "ECDH-ES+HKDF-256", "kid": "01", "crv": "X25519", "x": "y3wJq3uXPHeoCO4FubvTc7VcBuqpvUrSvU6ZMbHDTCI", # "d": "vsJ1oX5NNi0IGdwGldiac75r-Utmq3Jq4LGv48Q_Qc4", }) context = [ 1, [None, None, None], [None, None, None], [128, cbor2.dumps({1: -25})], ] try: private_key.derive_key(context, public_key=pub_key) except Exception: pytest.fail("derive_key() should not fail.")
def test_ec2_key_derive_key_with_invalid_alg(self, invalid_alg): private_key = EC2Key({ 1: 2, -2: b"\xa7\xddc*\xff\xc2?\x8b\xf8\x9c:\xad\xccDF\x9cZ \x04P\xef\x99\x0c=\xe6 w1\x08&\xba\xd9", -3: b"\xe2\xdb\xef\xfe\xb8\x8a\x12\xf27\xcb\x15:\x8a\xb9\x1a90B\x1a\x19^\xbc\xdc\xde\r\xb9s\xc1P\xf3\xaa\xdd", -4: b'\xe9\x16\x0c\xa96\x8d\xfa\xbc\xd5\xda"ua\xec\xf7\x96\r\x15\xf7_\xf3rb{\xb1\xde;\x99\x88\xafNh', -1: 1, 3: -25, }) pub_key = COSEKey.from_jwk({ "kty": "EC", "kid": "01", "crv": "P-256", "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8", "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4", }) with pytest.raises(ValueError) as err: private_key.derive_key({"alg": invalid_alg}, public_key=pub_key) pytest.fail("derive_key() should fail.") assert f"Unsupported or unknown alg for context information: {invalid_alg}." in str( err.value)
def test_ec2_key_derive_key(self, alg): private_key = EC2Key({ 1: 2, -2: b"\xa7\xddc*\xff\xc2?\x8b\xf8\x9c:\xad\xccDF\x9cZ \x04P\xef\x99\x0c=\xe6 w1\x08&\xba\xd9", -3: b"\xe2\xdb\xef\xfe\xb8\x8a\x12\xf27\xcb\x15:\x8a\xb9\x1a90B\x1a\x19^\xbc\xdc\xde\r\xb9s\xc1P\xf3\xaa\xdd", -4: b'\xe9\x16\x0c\xa96\x8d\xfa\xbc\xd5\xda"ua\xec\xf7\x96\r\x15\xf7_\xf3rb{\xb1\xde;\x99\x88\xafNh', -1: 1, 3: -25, }) pub_key = COSEKey.from_jwk({ "kty": "EC", "kid": "01", "crv": "P-256", "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8", "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4", }) try: derived_key = private_key.derive_key({"alg": alg}, public_key=pub_key) assert derived_key.kty == 4 except Exception: pytest.fail("derive_key() should not fail.")
def test_ecdh_direct_hkdf_extract_with_invalid_private_key( self, recipient_public_key): rec = Recipient.from_jwk({ "kty": "EC", "crv": "P-256", "alg": "ECDH-ES+HKDF-256" }) enc_key = rec.apply(recipient_key=recipient_public_key, context={"alg": "A128GCM"}) ctx = COSE.new(alg_auto_inclusion=True) encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key, recipients=[rec]) another_priv_key = COSEKey.from_jwk({ "kty": "EC", "alg": "ECDH-ES+HKDF-256", "kid": "01", "crv": "P-256", "x": "-eZXC6nV-xgthy8zZMCN8pcYSeE2XfWWqckA2fsxHPc", "y": "BGU5soLgsu_y7GN2I3EPUXS9EZ7Sw0qif-V70JtInFI", "d": "kwibx3gas6Kz1V2fyQHKSnr-ybflddSjN0eOnbmLmyo", }) with pytest.raises(DecodeError) as err: ctx.decode(encoded, another_priv_key, context={"alg": "A128GCM"}) pytest.fail("decode() should fail.") assert "Failed to decrypt." in str(err.value)
def recipient_public_key(): return COSEKey.from_jwk({ "kty": "EC", "kid": "01", "crv": "P-256", "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", })
def recipient_private_key(): return COSEKey.from_jwk({ "kty": "EC", "alg": "ECDH-ES+A128KW", "kid": "01", "crv": "P-256", "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8", })
def test_ecdh_aes_key_wrap_through_cose_api_without_kid(self): enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305") rec = Recipient.from_jwk({ "kty": "EC", "crv": "P-256", "alg": "ECDH-ES+A128KW" }) pub_key = COSEKey.from_jwk({ "kty": "EC", # "kid": "01", "crv": "P-256", "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", }) rec.apply(enc_key, recipient_key=pub_key, context={"alg": "A128GCM"}) ctx = COSE.new(alg_auto_inclusion=True) priv_key = COSEKey.from_jwk({ "kty": "EC", # "kid": "01", "alg": "ECDH-ES+A128KW", "crv": "P-256", "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8", }) encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key, recipients=[rec]) assert b"Hello world!" == ctx.decode(encoded, priv_key, context={"alg": "A128GCM"})
def test_ec2_key_constructor_with_ecdhe_es_hdkf_256(self): private_key = EC2Key({ 1: 2, 3: -25, # -2: b"\xa7\xddc*\xff\xc2?\x8b\xf8\x9c:\xad\xccDF\x9cZ \x04P\xef\x99\x0c=\xe6 w1\x08&\xba\xd9", # -3: b"\xe2\xdb\xef\xfe\xb8\x8a\x12\xf27\xcb\x15:\x8a\xb9\x1a90B\x1a\x19^\xbc\xdc\xde\r\xb9s\xc1P\xf3\xaa\xdd", # -4: b'\xe9\x16\x0c\xa96\x8d\xfa\xbc\xd5\xda"ua\xec\xf7\x96\r\x15\xf7_\xf3rb{\xb1\xde;\x99\x88\xafNh', -1: 1, }) assert private_key.kty == 2 assert private_key.kid is None assert private_key.alg == -25 assert private_key.crv == 1 assert len(private_key.key_ops) == 2 assert 7 in private_key.key_ops assert 8 in private_key.key_ops pub_key = COSEKey.from_jwk({ "kty": "EC", "kid": "01", "crv": "P-256", "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8", "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4", # "d": "V8kgd2ZBRuh2dgyVINBUqpPDr7BOMGcF22CQMIUHtNM", }) try: derived_key = private_key.derive_key({"alg": "A128GCM"}, public_key=pub_key) assert derived_key.alg == 1 except Exception: pytest.fail("derive_key() should not fail.") try: derived_key = private_key.derive_key( [ 1, [None, None, None], [None, None, None], [128, cbor2.dumps({1: -25})], ], public_key=pub_key, ) assert derived_key.alg == 1 except Exception: pytest.fail("derive_key() should not fail.")
def test_okp_key_derive_key_with_ed25519_key(self): with open(key_path("private_key_x25519.pem")) as key_file: private_key = COSEKey.from_pem(key_file.read(), alg="ECDH-SS+HKDF-256") pub_key = COSEKey.from_jwk({ "kty": "EC", "kid": "01", "crv": "P-256", "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8", "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4", # "d": "V8kgd2ZBRuh2dgyVINBUqpPDr7BOMGcF22CQMIUHtNM", }) with pytest.raises(ValueError) as err: private_key.derive_key({"alg": "A128GCM"}, public_key=pub_key) assert "public_key should be x25519/x448 public key." in str(err.value)
def test_okp_key_derive_key_with_public_key(self): with open(key_path("public_key_x25519.pem")) as key_file: public_key = COSEKey.from_pem(key_file.read(), alg="ECDH-SS+HKDF-256") pub_key = COSEKey.from_jwk({ "kty": "OKP", "alg": "ECDH-ES+HKDF-256", "kid": "01", "crv": "X25519", "x": "y3wJq3uXPHeoCO4FubvTc7VcBuqpvUrSvU6ZMbHDTCI", # "d": "vsJ1oX5NNi0IGdwGldiac75r-Utmq3Jq4LGv48Q_Qc4", }) with pytest.raises(ValueError) as err: public_key.derive_key({"alg": "A128GCM"}, public_key=pub_key) assert "Public key cannot be used for key derivation." in str( err.value)
def test_ecdh_aes_key_wrap_extract_with_invalid_recipient_private_key( self, recipient_public_key): enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305") rec = Recipient.from_jwk({ "kty": "EC", "crv": "P-256", "alg": "ECDH-ES+A128KW" }) rec.apply(enc_key, recipient_key=recipient_public_key, context={"alg": "A128GCM"}) ctx = COSE.new(alg_auto_inclusion=True) recipient_private_key = COSEKey.from_jwk({ "kty": "EC", "kid": "01", # "alg": "ECDH-ES+A128KW", "crv": "P-256", "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8", }) encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key, recipients=[rec]) with pytest.raises(DecodeError) as err: ctx.decode(encoded, recipient_private_key, context={"alg": "A128GCM"}) pytest.fail("extract() should fail.") assert "Failed to decode key." in str(err.value)
def sender_key_es(): return COSEKey.from_jwk({ "kty": "EC", "alg": "ECDH-ES+A128KW", "crv": "P-256", })