def test_mac_direct_encoding(setup_mac_tests: tuple) -> None: _, test_input, test_output, test_intermediate, fail = setup_mac_tests mac = MacMessage( phdr=test_input['mac'].get('protected', {}), uhdr=test_input['mac'].get('unprotected', {}), payload=test_input.get('plaintext', '').encode('utf-8'), external_aad=unhexlify(test_input['mac'].get("external", b''))) assert mac._mac_structure == unhexlify(test_intermediate["ToMac_hex"]) alg = extract_alg(test_input["mac"]) # set up the CEK and KEK cek = create_cose_key(SymmetricKey, test_input['mac']['recipients'][0]['key'], alg=alg, usage=KeyOps.MAC_CREATE) kek = create_cose_key(SymmetricKey, test_input['mac']['recipients'][0]['key'], alg=CoseAlgorithms.DIRECT.id, usage=KeyOps.WRAP) assert cek.k == unhexlify(test_intermediate["CEK_hex"]) recipient = test_input["mac"]["recipients"][0] recipient = CoseRecipient( phdr=recipient.get('protected', {}), uhdr=recipient.get('unprotected', {}), payload=cek.k) mac.recipients.append(recipient) # verify encoding (with automatic tag computation) if fail: assert mac.encode(cek, mac_params=[RcptParams(key=kek)]) != unhexlify(test_output) else: assert mac.encode(cek, mac_params=[RcptParams(key=kek)]) == unhexlify(test_output)
def test_mac_direct_decoding(setup_mac_tests: tuple) -> None: _, test_input, test_output, test_intermediate, fail = setup_mac_tests if fail: skip("invalid test input") msg: MacMessage = CoseMessage.decode(unhexlify(test_output)) assert msg.phdr == test_input['mac'].get('protected', {}) assert msg.uhdr == test_input['mac'].get('unprotected', {}) assert msg.payload == test_input['plaintext'].encode('utf-8') # set up potential external data msg.external_aad = unhexlify(test_input['mac'].get("external", b'')) assert msg._mac_structure == unhexlify(test_intermediate['ToMac_hex']) alg = extract_alg(test_input['mac']) cek = create_cose_key(SymmetricKey, test_input['mac']["recipients"][0]["key"], usage=KeyOps.MAC_VERIFY, alg=alg) assert cek.k == unhexlify(test_intermediate['CEK_hex']) # verify recipients for r1, r2 in zip(msg.recipients, test_input['mac']['recipients']): assert r1.phdr == r2.get('protected', {}) assert r1.uhdr == r2.get('unprotected', {}) assert msg.verify_tag(cek) # re-encode and verify we are back where we started kek = SymmetricKey(key_ops=KeyOps.WRAP, alg=CoseAlgorithms.DIRECT.id) cek.key_ops = KeyOps.MAC_CREATE assert msg.encode(key=cek, mac_params=[RcptParams(key=kek)]) == unhexlify(test_output)
def test_encrypt0_decoding(setup_encrypt0_tests: tuple) -> None: _, test_input, test_output, test_intermediate, fail = setup_encrypt0_tests alg = extract_alg(test_input['encrypted']) nonce = extract_nonce(test_input, 0) if fail: skip("invalid test input") # parse initial message msg: Enc0Message = CoseMessage.decode(unhexlify(test_output)) # verify parsed (un)protected header assert msg.phdr == extract_phdr(test_input, 'encrypted') assert msg.uhdr == extract_uhdr(test_input, 'encrypted') # prepare and verify pre-shared key key = create_cose_key(SymmetricKey, test_input["encrypted"]["recipients"][0]["key"], alg=alg, usage=KeyOps.DECRYPT) msg.key = key assert msg.key.k == unhexlify(test_intermediate['CEK_hex']) # look for external data and verify internal enc_structure msg.external_aad = unhexlify(test_input['encrypted'].get('external', b'')) assert msg._enc_structure == unhexlify(test_intermediate['AAD_hex']) # verify decryption assert msg.decrypt(nonce=nonce, key=key) == test_input['plaintext'].encode('utf-8') # re-encode and verify we are back where we started assert msg.encode(encrypt=False, key=key, nonce=nonce) == unhexlify(test_output)
def test_sign_decoding(setup_sign_tests: tuple) -> None: _, test_input, test_output, test_intermediate, fail = setup_sign_tests if fail: skip("invalid test input") cose_msg: SignMessage = CoseMessage.decode(unhexlify(test_output)) assert cose_msg.phdr == test_input['sign'].get('protected', {}) assert cose_msg.uhdr == test_input['sign'].get('unprotected', {}) assert cose_msg.payload == test_input.get('plaintext', "").encode('utf-8') assert len(cose_msg.signers) == 1 assert cose_msg.signers[0].phdr == test_input['sign']['signers'][0].get( 'protected', {}) assert cose_msg.signers[0].uhdr == test_input['sign']['signers'][0].get( 'unprotected', {}) # set up potential external data and keys cose_msg.signers[0].external_aad = unhexlify( test_input['sign']['signers'][0].get('external', b'')) alg = cose_msg.signers[0].phdr[CoseHeaderKeys.ALG] public_key = create_cose_key(EC2, test_input['sign']['signers'][0]['key'], usage=KeyOps.VERIFY, alg=alg) assert cose_msg.signers[0]._sig_structure == unhexlify( test_intermediate['signers'][0]["ToBeSign_hex"]) assert cose_msg.signers[0].verify_signature(public_key=public_key)
def test_encrypt0_encoding(setup_encrypt0_tests: tuple) -> None: _, test_input, test_output, test_intermediate, fail = setup_encrypt0_tests alg = extract_alg(test_input['encrypted']) nonce = extract_nonce(test_input, 0) # initialize a COSE_Encrypt0 message enc0 = Enc0Message(phdr=extract_phdr(test_input, 'encrypted'), uhdr=extract_uhdr(test_input, 'encrypted'), payload=test_input['plaintext'].encode('utf-8'), external_aad=unhexlify(test_input['encrypted'].get( "external", b''))) # set up key data and verify CEK key = create_cose_key(SymmetricKey, test_input["encrypted"]["recipients"][0]["key"]) # verify internal _enc_structure assert enc0._enc_structure == unhexlify(test_intermediate['AAD_hex']) # verify encoding (with automatic encryption) if fail: assert enc0.encode(alg=alg, nonce=nonce, key=key) != unhexlify(test_output) else: assert enc0.encode(alg=alg, nonce=nonce, key=key) == unhexlify(test_output)
def test_sign_encoding(setup_sign_tests: tuple) -> None: _, test_input, test_output, test_intermediate, fail = setup_sign_tests sign: SignMessage = SignMessage( phdr=test_input['sign'].get('protected', {}), uhdr=test_input['sign'].get('unprotected', {}), payload=test_input['plaintext'].encode('utf-8')) alg = extract_alg(test_input["sign"]["signers"][0]) signer_key = create_cose_key(EC2, test_input['sign']['signers'][0]['key'], usage=KeyOps.SIGN, alg=alg) signer = test_input["sign"]['signers'][0] signer = CoseSignature(phdr=signer.get('protected'), uhdr=signer.get('unprotected'), external_aad=unhexlify(signer.get("external", b''))) sign.append_signer(signer) assert signer._sig_structure == unhexlify( test_intermediate['signers'][0]["ToBeSign_hex"]) # verify encoding (with automatic tag computation) if fail: assert sign.encode(sign_params=[SignerParams( private_key=signer_key)]) != unhexlify(test_output) else: assert sign.encode(sign_params=[SignerParams( private_key=signer_key)]) == unhexlify(test_output)
def test_encrypt_encoding(setup_encrypt_tests: tuple) -> None: title, test_input, test_output, test_intermediate, fail = setup_encrypt_tests alg = extract_alg(test_input["enveloped"]) nonce = extract_nonce( test_input, 0) if extract_nonce(test_input, 0) != b'' else extract_unsent_nonce( test_input, "enveloped") m = EncMessage(phdr=extract_phdr(test_input, 'enveloped'), uhdr=extract_uhdr(test_input, 'enveloped'), payload=test_input['plaintext'].encode('utf-8'), external_aad=unhexlify(test_input['enveloped'].get( 'external', b''))) # check for external data and verify internal _enc_structure assert m._enc_structure == unhexlify(test_intermediate['AAD_hex']) # set up the CEK and KEK cek = create_cose_key(SymmetricKey, test_input['enveloped']['recipients'][0]['key'], alg=alg, usage=KeyOps.ENCRYPT) kek = create_cose_key(SymmetricKey, test_input['enveloped']['recipients'][0]['key'], alg=CoseAlgorithms.DIRECT.id, usage=KeyOps.WRAP) # create the recipients r_info = test_input['enveloped']['recipients'][0] recipient = CoseRecipient(phdr=r_info.get('protected', {}), uhdr=r_info.get('unprotected', {}), payload=cek.k) m.recipients.append(recipient) # verify encoding (with automatic encryption) if fail: assert m.encode(key=cek, nonce=nonce, enc_params=[RcptParams( key=kek)]) != unhexlify(test_output) else: # test encoding/protection assert m.encode(key=cek, nonce=nonce, enc_params=[RcptParams(key=kek) ]) == unhexlify(test_output)
def test_encrypt_decoding(setup_encrypt_tests: tuple) -> None: _, test_input, test_output, test_intermediate, fail = setup_encrypt_tests if fail: skip("invalid test input") # parse initial message msg: EncMessage = CoseMessage.decode(unhexlify(test_output)) # verify parsed protected header assert msg.phdr == extract_phdr(test_input, 'enveloped') assert msg.uhdr == extract_uhdr(test_input, 'enveloped') nonce = extract_nonce( test_input, 0) if extract_nonce(test_input, 0) != b'' else extract_unsent_nonce( test_input, "enveloped") alg = extract_alg(test_input['enveloped']) cek = create_cose_key(SymmetricKey, test_input['enveloped']["recipients"][0]["key"], usage=KeyOps.DECRYPT, alg=alg) assert cek.k == unhexlify(test_intermediate['CEK_hex']) # look for external data and verify internal enc_structure msg.external_aad = unhexlify(test_input['enveloped'].get('external', b'')) assert msg._enc_structure == unhexlify(test_intermediate['AAD_hex']) # verify recipients assert len(msg.recipients) == 1 assert msg.recipients[0].phdr == test_input['enveloped']['recipients'][ 0].get('protected', {}) assert msg.recipients[0].uhdr == test_input['enveloped']['recipients'][ 0].get('unprotected', {}) # (1) verify decryption assert msg.decrypt(nonce=nonce, key=cek) == test_input['plaintext'].encode('utf-8') # re-encode and verify we are back where we started kek = SymmetricKey(key_ops=KeyOps.WRAP, alg=CoseAlgorithms.DIRECT.id) assert msg.encode(encrypt=False, nonce=nonce, key=cek, enc_params=[RcptParams(key=kek) ]) == unhexlify(test_output)
def test_okpsign1_decoding(setup_okpsign1_tests) -> None: _, test_input, test_output, test_intermediate, fail = setup_okpsign1_tests if fail: skip("invalid test input") cose_msg: Sign1Message = CoseMessage.decode(unhexlify(test_output)) # set up potential external data cose_msg.external_aad = unhexlify(test_input['sign0'].get("external", b'')) public_key = create_cose_key(OKP, test_input['sign0']['key'], usage=KeyOps.VERIFY, alg=extract_alg(test_input["sign0"])) assert cose_msg.verify_signature(public_key)
def test_ec2sign1_encoding(setup_ec2sign1_tests) -> None: _, test_input, test_output, test_intermediate, fail = setup_ec2sign1_tests sign1 = Sign1Message(phdr=test_input['sign0'].get('protected', {}), uhdr=test_input['sign0'].get('unprotected', {}), payload=test_input.get('plaintext', '').encode('utf-8'), external_aad=unhexlify(test_input['sign0'].get( "external", b''))) assert sign1._sig_structure == unhexlify(test_intermediate["ToBeSign_hex"]) private_key = create_cose_key(EC2, test_input['sign0']['key'], usage=KeyOps.SIGN, alg=extract_alg(test_input["sign0"])) if fail: assert sign1.encode(private_key) != unhexlify(test_output) else: assert sign1.encode(private_key) == unhexlify(test_output)
def test_ec2sign1_decoding(setup_ec2sign1_tests) -> None: _, test_input, test_output, test_intermediate, fail = setup_ec2sign1_tests if fail: skip("invalid test input") cose_msg: Sign1Message = CoseMessage.decode(unhexlify(test_output)) assert cose_msg.phdr == test_input['sign0'].get('protected', {}) assert cose_msg.uhdr == test_input['sign0'].get('unprotected', {}) assert cose_msg.payload == test_input.get('plaintext', "").encode('utf-8') # set up potential external data cose_msg.external_aad = unhexlify(test_input['sign0'].get("external", b'')) public_key = create_cose_key(EC2, test_input['sign0']['key'], usage=KeyOps.VERIFY, alg=extract_alg(test_input["sign0"])) assert cose_msg.verify_signature(public_key)
def test_mac0_decoding(setup_mac0_tests: tuple) -> None: _, test_input, test_output, test_intermediate, fail = setup_mac0_tests if fail: skip("invalid test input") cose_msg: Mac0Message = CoseMessage.decode(unhexlify(test_output)) assert cose_msg.phdr == test_input['mac0'].get('protected', {}) assert cose_msg.uhdr == test_input['mac0'].get('unprotected', {}) assert cose_msg.payload == test_input.get('plaintext', "").encode('utf-8') # set up potential external data cose_msg.external_aad = unhexlify(test_input['mac0'].get("external", b'')) cek = create_cose_key(SymmetricKey, test_input['mac0']["recipients"][0]["key"], alg=extract_alg(test_input["mac0"]), usage=KeyOps.MAC_VERIFY) assert cek.k == unhexlify(test_intermediate["CEK_hex"]) assert cose_msg.verify_tag(cek)
def test_mac0_encoding(setup_mac0_tests: tuple) -> None: title, test_input, test_output, test_intermediate, fail = setup_mac0_tests mac0: Mac0Message = Mac0Message( phdr=test_input['mac0'].get('protected', {}), uhdr=test_input['mac0'].get('unprotected', {}), payload=test_input.get('plaintext', '').encode('utf-8'), external_aad=unhexlify(test_input['mac0'].get("external", b''))) assert mac0._mac_structure == unhexlify(test_intermediate["ToMac_hex"]) cek = create_cose_key(SymmetricKey, test_input['mac0']["recipients"][0]["key"], alg=extract_alg(test_input["mac0"]), usage=KeyOps.MAC_CREATE) assert cek.k == unhexlify(test_intermediate["CEK_hex"]) # verify encoding (with automatic tag computation) if fail: assert mac0.encode(key=cek) != unhexlify(test_output) else: assert mac0.encode(key=cek) == unhexlify(test_output)