def test_aes_key_wrap_wrap_key_without_alg(self): key = COSEKey.from_symmetric_key(alg="A128GCM", kid="01") ctx = AESKeyWrap({1: -3}, {}, sender_key=COSEKey.from_symmetric_key(alg="A128KW")) with pytest.raises(ValueError) as err: ctx.extract(key=key) pytest.fail("extract() should fail.") assert "alg should be set." in str(err.value)
def test_aes_key_wrap_apply_with_invalid_key(self): key = COSEKey.from_symmetric_key(key="xxx", alg="HS256", kid="01") ctx = AESKeyWrap({1: -3}, {}, sender_key=COSEKey.from_symmetric_key(alg="A128KW")) with pytest.raises(EncodeError) as err: ctx.apply(key, context={"alg": "A128GCM"}) pytest.fail("apply() should fail.") assert "Failed to wrap key." in str(err.value)
def test_aes_key_wrap_wrap_key_without_ciphertext(self): key = COSEKey.from_symmetric_key(alg="A128GCM", kid="01") ctx = AESKeyWrap({1: -3}, {}, sender_key=COSEKey.from_symmetric_key(alg="A128KW")) with pytest.raises(DecodeError) as err: ctx.extract(key=key, alg="A128GCM") pytest.fail("extract() should fail.") assert "Failed to decode key." in str(err.value)
def test_aes_key_wrap_apply_without_key(self): ctx = AESKeyWrap({1: -3}, {}, sender_key=COSEKey.from_symmetric_key(alg="A128KW")) with pytest.raises(ValueError) as err: ctx.apply() pytest.fail("apply() should fail.") assert "key should be set." in str(err.value)
def test_direct_hkdf_extract_with_invalid_key(self): key = COSEKey.from_symmetric_key(key="a", alg="HS256") ctx = DirectHKDF({1: -10}, {-20: b"aabbccddeeff"}) with pytest.raises(ValueError) as err: ctx.extract(key, alg="A128GCM") pytest.fail("extract() should fail.") assert "context should be set." in str(err.value)
def test_direct_hkdf_verify_key(self): material = COSEKey.from_symmetric_key( key=base64url_decode( "hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"), alg="A256GCM", ) ctx = DirectHKDF({1: -10}, {-20: b"aabbccddeeff"}) context = { "alg": "AES-CCM-16-64-128", "party_u": { "identity": "lighting-client", }, "party_v": { "identity": "lighting-server", }, "supp_pub": { "other": "Encryption Example 02", }, } key = ctx.apply(material, context=context) ctx.verify_key( base64url_decode("hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"), key.key, context=context, )
def test_direct_hkdf_extract_with_invalid_context(self): key = COSEKey.from_symmetric_key(alg="A128GCM") ctx = DirectHKDF({1: -10}, {-20: b"aabbccddeeff"}) with pytest.raises(ValueError) as err: ctx.extract(key, alg="A128GCM", context=[None, None, None]) pytest.fail("extract() should fail.") assert "Invalid context information." in str(err.value)
def test_aes_key_wrap_constructor_with_invalid_alg(self): with pytest.raises(ValueError) as err: AESKeyWrap({1: -1}, {}, sender_key=COSEKey.from_symmetric_key(alg="A128KW")) pytest.fail("AESKeyWrap() should fail.") assert "algs in protected and sender_key do not match." in str( err.value)
def test_direct_hkdf_apply_without_alg(self): material = COSEKey.from_symmetric_key(token_bytes(16)) ctx = DirectHKDF({1: -10}, {4: b"01"}) with pytest.raises(ValueError) as err: ctx.apply(material) pytest.fail("apply() should fail.") assert "context should be set." in str(err.value)
def test_direct_hkdf_verify_key_with_invalid_material(self): material = COSEKey.from_symmetric_key( key=base64url_decode( "hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"), alg="A256GCM", ) ctx = DirectHKDF({1: -10}, {-20: b"aabbccddeeff"}) context = { "alg": "AES-CCM-16-64-128", "party_u": { "identity": "lighting-client", }, "party_v": { "identity": "lighting-server", }, "supp_pub": { "other": "Encryption Example 02", }, } key = ctx.apply( material, context=context, ) with pytest.raises(VerifyError) as err: ctx.verify_key( b"xxxxxxxxxx", key.key, context=context, ) pytest.fail("verify_key() should fail.") assert "Failed to verify key." in str(err.value)
def test_ecdh_aes_key_wrap_extract_without_context(self): enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305") ctx = ECDH_AESKeyWrap({1: -29}, {4: b"01"}) with pytest.raises(ValueError) as err: ctx.extract(enc_key, alg="ChaCha20/Poly1305") pytest.fail("extract() should fail.") assert "context should be set." in str(err.value)
def test_ecdh_aes_key_wrap_apply_without_context(self, sender_key_es): enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305") sender = ECDH_AESKeyWrap({1: -29}, {4: b"01"}, sender_key=sender_key_es) with pytest.raises(ValueError) as err: sender.apply(enc_key, recipient_key=recipient_public_key) pytest.fail("apply() should fail.") assert "context should be set." in str(err.value)
def test_ecdh_aes_key_wrap_apply_without_recipient_key( self, sender_key_es): enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305") sender = ECDH_AESKeyWrap({1: -29}, {4: b"01"}, sender_key=sender_key_es) with pytest.raises(ValueError) as err: sender.apply(enc_key, context={"alg": "A128GCM"}) pytest.fail("apply() should fail.") assert "recipient_key should be set in advance." in str(err.value)
def test_aes_key_wrap_constructor_a256kw_with_key(self): ctx = AESKeyWrap( {1: -5}, {}, sender_key=COSEKey.from_symmetric_key(alg="A256KW", key=token_bytes(32)), ) assert isinstance(ctx, AESKeyWrap) assert ctx.alg == -5
def test_aes_key_wrap_constructor_a256kw_invalid_key_length(self): with pytest.raises(ValueError) as err: AESKeyWrap( {1: -5}, {}, sender_key=COSEKey.from_symmetric_key(key="xxx", alg="A256KW"), ) pytest.fail("AESKeyWrap() should fail.") assert "Invalid key length: 3." in str(err.value)
def test_aes_key_wrap_constructor_a128kw_with_invalid_alg_in_sender_key( self): with pytest.raises(ValueError) as err: AESKeyWrap( {1: -3}, {}, sender_key=COSEKey.from_symmetric_key(alg="A128GCM"), ) pytest.fail("AESKeyWrap() should fail.") assert "Invalid alg in sender_key: 1." in str(err.value)
def test_ecdh_aes_key_wrap_apply_with_invalid_key_to_wrap( self, sender_key_es, recipient_public_key): mac_key = COSEKey.from_symmetric_key(key="xxx", alg="HS256") rec = Recipient.new(protected={"alg": "ECDH-ES+A128KW"}, sender_key=sender_key_es) with pytest.raises(EncodeError) as err: rec.apply(mac_key, recipient_key=recipient_public_key, context={"alg": "A128GCM"}) pytest.fail("apply() should fail.") assert "Failed to wrap key." in str(err.value)
def test_direct_hkdf_apply_with_invalid_context(self, invalid, msg): material = COSEKey.from_symmetric_key( key=base64url_decode( "hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"), alg="A256GCM", ) ctx = DirectHKDF({1: -10}, {-20: b"aabbccddeeff"}) with pytest.raises(ValueError) as err: ctx.apply(key=material, context=invalid) pytest.fail("apply() should fail.") assert msg in str(err.value)
def test_direct_constructor(self): k = COSEKey.from_symmetric_key(alg="HS256") ctx = Direct({1: -6}, {}) assert isinstance(ctx, Direct) assert ctx.alg == -6 with pytest.raises(NotImplementedError): ctx.apply(k) pytest.fail("apply() should fail.") with pytest.raises(NotImplementedError): ctx.extract(k) pytest.fail("extract() should fail.")
def test_direct_hkdf_extract_with_raw_context(self): context = [ 10, [b"lighting-client", None, None], [b"lighting-server", None, None], [128, cbor2.dumps({1: -10}), b"Encryption Example 02"], ] key = COSEKey.from_symmetric_key(alg="A128GCM") ctx = DirectHKDF({1: -10}, {-20: b"aabbccddeeff"}) decoded = ctx.extract(key, context=context) assert decoded.alg == 10 assert len(decoded.key) == 16
def test_direct_hkdf_apply_without_salt(self): context = [ 10, [b"lighting-client", None, None], [b"lighting-server", None, None], [128, cbor2.dumps({1: -10}), b"Encryption Example 02"], ] material = COSEKey.from_symmetric_key(token_bytes(16)) ctx = DirectHKDF({1: -10}, {4: b"01"}) key = ctx.apply(material, context=context) assert key.alg == 10 assert len(key.key) == 16
def test_ecdh_aes_key_wrap_apply_with_invalid_recipient_key( self, sender_key_es, recipient_private_key): enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305") rec = Recipient.new(protected={"alg": "ECDH-ES+A128KW"}, sender_key=sender_key_es) with pytest.raises(ValueError) as err: rec.apply(enc_key, recipient_key=recipient_private_key, context={"alg": "A128GCM"}) pytest.fail("apply() should fail.") assert "public_key should be elliptic curve public key." in str( err.value)
def test_ecdh_aes_key_wrap_encode_and_extract_with_ecdh_es( self, sender_key_es, recipient_public_key, recipient_private_key): enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305") sender = ECDH_AESKeyWrap({1: -29}, {4: b"01"}, sender_key=sender_key_es) sender.apply(enc_key, recipient_key=recipient_public_key, context={"alg": "A128GCM"}) assert sender.ciphertext is not None encoded = sender.to_list() recipient = Recipient.from_list(encoded) decoded_key = recipient.extract(recipient_private_key, alg="ChaCha20/Poly1305", context={"alg": "A128GCM"}) assert enc_key.key == decoded_key.key
def test_ecdh_aes_key_wrap_through_cose_api(self, recipient_public_key, recipient_private_key): enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305") rec = Recipient.from_jwk({ "kty": "EC", "crv": "P-256", "alg": "ECDH-ES+A128KW" }) rec.apply(enc_key, recipient_key=recipient_public_key, context={"alg": "A128GCM"}) ctx = COSE.new(alg_auto_inclusion=True) encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key, recipients=[rec]) assert b"Hello world!" == ctx.decode(encoded, recipient_private_key, context={"alg": "A128GCM"})
def test_direct_hkdf_verify_key_with_raw_context(self): material = COSEKey.from_symmetric_key( key=base64url_decode( "hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"), alg="A256GCM", ) ctx = DirectHKDF({1: -10}, {-20: b"aabbccddeeff"}) context = [ 10, [b"lighting-client", None, None], [b"lighting-server", None, None], [128, cbor2.dumps({1: -10}), b"Encryption Example 02"], ] key = ctx.apply(material, context=context) ctx.verify_key( base64url_decode("hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"), key.key, context=context, )
def test_ecdh_aes_key_wrap_through_cose_api_without_kid(self): enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305") rec = Recipient.from_jwk({ "kty": "EC", "crv": "P-256", "alg": "ECDH-ES+A128KW" }) pub_key = COSEKey.from_jwk({ "kty": "EC", # "kid": "01", "crv": "P-256", "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", }) rec.apply(enc_key, recipient_key=pub_key, context={"alg": "A128GCM"}) ctx = COSE.new(alg_auto_inclusion=True) priv_key = COSEKey.from_jwk({ "kty": "EC", # "kid": "01", "alg": "ECDH-ES+A128KW", "crv": "P-256", "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8", }) encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key, recipients=[rec]) assert b"Hello world!" == ctx.decode(encoded, priv_key, context={"alg": "A128GCM"})
def test_ecdh_aes_key_wrap_extract_with_invalid_recipient_private_key( self, recipient_public_key): enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305") rec = Recipient.from_jwk({ "kty": "EC", "crv": "P-256", "alg": "ECDH-ES+A128KW" }) rec.apply(enc_key, recipient_key=recipient_public_key, context={"alg": "A128GCM"}) ctx = COSE.new(alg_auto_inclusion=True) recipient_private_key = COSEKey.from_jwk({ "kty": "EC", "kid": "01", # "alg": "ECDH-ES+A128KW", "crv": "P-256", "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8", }) encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key, recipients=[rec]) with pytest.raises(DecodeError) as err: ctx.decode(encoded, recipient_private_key, context={"alg": "A128GCM"}) pytest.fail("extract() should fail.") assert "Failed to decode key." in str(err.value)
def test_direct_key_extract(self): k = COSEKey.from_symmetric_key(alg="HS256") ctx = DirectKey({1: -6}, {}) decoded = ctx.extract(k) assert decoded.alg == 5 assert k.key == decoded.key
def test_direct_key_apply(self): k = COSEKey.from_symmetric_key(alg="HS256") ctx = DirectKey({1: -6}, {}) encoded = ctx.apply(k) assert encoded.alg == 5 assert k.key == encoded.key
def test_direct_hkdf_extract_with_json_context(self, alg, alg_id, key_len): key = COSEKey.from_symmetric_key(alg="A128GCM") ctx = DirectHKDF({1: -10}, {-20: b"aabbccddeeff"}) decoded = ctx.extract(key, context={"alg": alg}) assert decoded.alg == alg_id assert len(decoded.key) == key_len