def test_mac_direct_encoding(setup_mac_tests: tuple) -> None:
_, test_input, test_output, test_intermediate, fail = setup_mac_tests
mac = MacMessage(
phdr=test_input['mac'].get('protected', {}),
uhdr=test_input['mac'].get('unprotected', {}),
payload=test_input.get('plaintext', '').encode('utf-8'),
external_aad=unhexlify(test_input['mac'].get("external", b'')))
assert mac._mac_structure == unhexlify(test_intermediate["ToMac_hex"])
alg = extract_alg(test_input["mac"])
# set up the CEK and KEK
cek = create_cose_key(SymmetricKey, test_input['mac']['recipients'][0]['key'], alg=alg, usage=KeyOps.MAC_CREATE)
kek = create_cose_key(SymmetricKey, test_input['mac']['recipients'][0]['key'], alg=CoseAlgorithms.DIRECT.id,
usage=KeyOps.WRAP)
assert cek.k == unhexlify(test_intermediate["CEK_hex"])
recipient = test_input["mac"]["recipients"][0]
recipient = CoseRecipient(
phdr=recipient.get('protected', {}),
uhdr=recipient.get('unprotected', {}),
payload=cek.k)
mac.recipients.append(recipient)
# verify encoding (with automatic tag computation)
if fail:
assert mac.encode(cek, mac_params=[RcptParams(key=kek)]) != unhexlify(test_output)
else:
assert mac.encode(cek, mac_params=[RcptParams(key=kek)]) == unhexlify(test_output)
def test_mac_direct_decoding(setup_mac_tests: tuple) -> None:
_, test_input, test_output, test_intermediate, fail = setup_mac_tests
if fail:
skip("invalid test input")
msg: MacMessage = CoseMessage.decode(unhexlify(test_output))
assert msg.phdr == test_input['mac'].get('protected', {})
assert msg.uhdr == test_input['mac'].get('unprotected', {})
assert msg.payload == test_input['plaintext'].encode('utf-8')
# set up potential external data
msg.external_aad = unhexlify(test_input['mac'].get("external", b''))
assert msg._mac_structure == unhexlify(test_intermediate['ToMac_hex'])
alg = extract_alg(test_input['mac'])
cek = create_cose_key(SymmetricKey, test_input['mac']["recipients"][0]["key"], usage=KeyOps.MAC_VERIFY, alg=alg)
assert cek.k == unhexlify(test_intermediate['CEK_hex'])
# verify recipients
for r1, r2 in zip(msg.recipients, test_input['mac']['recipients']):
assert r1.phdr == r2.get('protected', {})
assert r1.uhdr == r2.get('unprotected', {})
assert msg.verify_tag(cek)
# re-encode and verify we are back where we started
kek = SymmetricKey(key_ops=KeyOps.WRAP, alg=CoseAlgorithms.DIRECT.id)
cek.key_ops = KeyOps.MAC_CREATE
assert msg.encode(key=cek, mac_params=[RcptParams(key=kek)]) == unhexlify(test_output)
def test_encrypt0_decoding(setup_encrypt0_tests: tuple) -> None:
_, test_input, test_output, test_intermediate, fail = setup_encrypt0_tests
alg = extract_alg(test_input['encrypted'])
nonce = extract_nonce(test_input, 0)
if fail:
skip("invalid test input")
# parse initial message
msg: Enc0Message = CoseMessage.decode(unhexlify(test_output))
# verify parsed (un)protected header
assert msg.phdr == extract_phdr(test_input, 'encrypted')
assert msg.uhdr == extract_uhdr(test_input, 'encrypted')
# prepare and verify pre-shared key
key = create_cose_key(SymmetricKey,
test_input["encrypted"]["recipients"][0]["key"],
alg=alg,
usage=KeyOps.DECRYPT)
msg.key = key
assert msg.key.k == unhexlify(test_intermediate['CEK_hex'])
# look for external data and verify internal enc_structure
msg.external_aad = unhexlify(test_input['encrypted'].get('external', b''))
assert msg._enc_structure == unhexlify(test_intermediate['AAD_hex'])
# verify decryption
assert msg.decrypt(nonce=nonce,
key=key) == test_input['plaintext'].encode('utf-8')
# re-encode and verify we are back where we started
assert msg.encode(encrypt=False, key=key,
nonce=nonce) == unhexlify(test_output)
def test_sign_decoding(setup_sign_tests: tuple) -> None:
_, test_input, test_output, test_intermediate, fail = setup_sign_tests
if fail:
skip("invalid test input")
cose_msg: SignMessage = CoseMessage.decode(unhexlify(test_output))
assert cose_msg.phdr == test_input['sign'].get('protected', {})
assert cose_msg.uhdr == test_input['sign'].get('unprotected', {})
assert cose_msg.payload == test_input.get('plaintext', "").encode('utf-8')
assert len(cose_msg.signers) == 1
assert cose_msg.signers[0].phdr == test_input['sign']['signers'][0].get(
'protected', {})
assert cose_msg.signers[0].uhdr == test_input['sign']['signers'][0].get(
'unprotected', {})
# set up potential external data and keys
cose_msg.signers[0].external_aad = unhexlify(
test_input['sign']['signers'][0].get('external', b''))
alg = cose_msg.signers[0].phdr[CoseHeaderKeys.ALG]
public_key = create_cose_key(EC2,
test_input['sign']['signers'][0]['key'],
usage=KeyOps.VERIFY,
alg=alg)
assert cose_msg.signers[0]._sig_structure == unhexlify(
test_intermediate['signers'][0]["ToBeSign_hex"])
assert cose_msg.signers[0].verify_signature(public_key=public_key)
def test_encrypt0_encoding(setup_encrypt0_tests: tuple) -> None:
_, test_input, test_output, test_intermediate, fail = setup_encrypt0_tests
alg = extract_alg(test_input['encrypted'])
nonce = extract_nonce(test_input, 0)
# initialize a COSE_Encrypt0 message
enc0 = Enc0Message(phdr=extract_phdr(test_input, 'encrypted'),
uhdr=extract_uhdr(test_input, 'encrypted'),
payload=test_input['plaintext'].encode('utf-8'),
external_aad=unhexlify(test_input['encrypted'].get(
"external", b'')))
# set up key data and verify CEK
key = create_cose_key(SymmetricKey,
test_input["encrypted"]["recipients"][0]["key"])
# verify internal _enc_structure
assert enc0._enc_structure == unhexlify(test_intermediate['AAD_hex'])
# verify encoding (with automatic encryption)
if fail:
assert enc0.encode(alg=alg, nonce=nonce,
key=key) != unhexlify(test_output)
else:
assert enc0.encode(alg=alg, nonce=nonce,
key=key) == unhexlify(test_output)
def test_sign_encoding(setup_sign_tests: tuple) -> None:
_, test_input, test_output, test_intermediate, fail = setup_sign_tests
sign: SignMessage = SignMessage(
phdr=test_input['sign'].get('protected', {}),
uhdr=test_input['sign'].get('unprotected', {}),
payload=test_input['plaintext'].encode('utf-8'))
alg = extract_alg(test_input["sign"]["signers"][0])
signer_key = create_cose_key(EC2,
test_input['sign']['signers'][0]['key'],
usage=KeyOps.SIGN,
alg=alg)
signer = test_input["sign"]['signers'][0]
signer = CoseSignature(phdr=signer.get('protected'),
uhdr=signer.get('unprotected'),
external_aad=unhexlify(signer.get("external", b'')))
sign.append_signer(signer)
assert signer._sig_structure == unhexlify(
test_intermediate['signers'][0]["ToBeSign_hex"])
# verify encoding (with automatic tag computation)
if fail:
assert sign.encode(sign_params=[SignerParams(
private_key=signer_key)]) != unhexlify(test_output)
else:
assert sign.encode(sign_params=[SignerParams(
private_key=signer_key)]) == unhexlify(test_output)
def test_encrypt_encoding(setup_encrypt_tests: tuple) -> None:
title, test_input, test_output, test_intermediate, fail = setup_encrypt_tests
alg = extract_alg(test_input["enveloped"])
nonce = extract_nonce(
test_input,
0) if extract_nonce(test_input, 0) != b'' else extract_unsent_nonce(
test_input, "enveloped")
m = EncMessage(phdr=extract_phdr(test_input, 'enveloped'),
uhdr=extract_uhdr(test_input, 'enveloped'),
payload=test_input['plaintext'].encode('utf-8'),
external_aad=unhexlify(test_input['enveloped'].get(
'external', b'')))
# check for external data and verify internal _enc_structure
assert m._enc_structure == unhexlify(test_intermediate['AAD_hex'])
# set up the CEK and KEK
cek = create_cose_key(SymmetricKey,
test_input['enveloped']['recipients'][0]['key'],
alg=alg,
usage=KeyOps.ENCRYPT)
kek = create_cose_key(SymmetricKey,
test_input['enveloped']['recipients'][0]['key'],
alg=CoseAlgorithms.DIRECT.id,
usage=KeyOps.WRAP)
# create the recipients
r_info = test_input['enveloped']['recipients'][0]
recipient = CoseRecipient(phdr=r_info.get('protected', {}),
uhdr=r_info.get('unprotected', {}),
payload=cek.k)
m.recipients.append(recipient)
# verify encoding (with automatic encryption)
if fail:
assert m.encode(key=cek, nonce=nonce, enc_params=[RcptParams(
key=kek)]) != unhexlify(test_output)
else:
# test encoding/protection
assert m.encode(key=cek, nonce=nonce,
enc_params=[RcptParams(key=kek)
]) == unhexlify(test_output)
def test_encrypt_decoding(setup_encrypt_tests: tuple) -> None:
_, test_input, test_output, test_intermediate, fail = setup_encrypt_tests
if fail:
skip("invalid test input")
# parse initial message
msg: EncMessage = CoseMessage.decode(unhexlify(test_output))
# verify parsed protected header
assert msg.phdr == extract_phdr(test_input, 'enveloped')
assert msg.uhdr == extract_uhdr(test_input, 'enveloped')
nonce = extract_nonce(
test_input,
0) if extract_nonce(test_input, 0) != b'' else extract_unsent_nonce(
test_input, "enveloped")
alg = extract_alg(test_input['enveloped'])
cek = create_cose_key(SymmetricKey,
test_input['enveloped']["recipients"][0]["key"],
usage=KeyOps.DECRYPT,
alg=alg)
assert cek.k == unhexlify(test_intermediate['CEK_hex'])
# look for external data and verify internal enc_structure
msg.external_aad = unhexlify(test_input['enveloped'].get('external', b''))
assert msg._enc_structure == unhexlify(test_intermediate['AAD_hex'])
# verify recipients
assert len(msg.recipients) == 1
assert msg.recipients[0].phdr == test_input['enveloped']['recipients'][
0].get('protected', {})
assert msg.recipients[0].uhdr == test_input['enveloped']['recipients'][
0].get('unprotected', {})
# (1) verify decryption
assert msg.decrypt(nonce=nonce,
key=cek) == test_input['plaintext'].encode('utf-8')
# re-encode and verify we are back where we started
kek = SymmetricKey(key_ops=KeyOps.WRAP, alg=CoseAlgorithms.DIRECT.id)
assert msg.encode(encrypt=False,
nonce=nonce,
key=cek,
enc_params=[RcptParams(key=kek)
]) == unhexlify(test_output)
def test_okpsign1_decoding(setup_okpsign1_tests) -> None:
_, test_input, test_output, test_intermediate, fail = setup_okpsign1_tests
if fail:
skip("invalid test input")
cose_msg: Sign1Message = CoseMessage.decode(unhexlify(test_output))
# set up potential external data
cose_msg.external_aad = unhexlify(test_input['sign0'].get("external", b''))
public_key = create_cose_key(OKP,
test_input['sign0']['key'],
usage=KeyOps.VERIFY,
alg=extract_alg(test_input["sign0"]))
assert cose_msg.verify_signature(public_key)
def test_ec2sign1_encoding(setup_ec2sign1_tests) -> None:
_, test_input, test_output, test_intermediate, fail = setup_ec2sign1_tests
sign1 = Sign1Message(phdr=test_input['sign0'].get('protected', {}),
uhdr=test_input['sign0'].get('unprotected', {}),
payload=test_input.get('plaintext',
'').encode('utf-8'),
external_aad=unhexlify(test_input['sign0'].get(
"external", b'')))
assert sign1._sig_structure == unhexlify(test_intermediate["ToBeSign_hex"])
private_key = create_cose_key(EC2,
test_input['sign0']['key'],
usage=KeyOps.SIGN,
alg=extract_alg(test_input["sign0"]))
if fail:
assert sign1.encode(private_key) != unhexlify(test_output)
else:
assert sign1.encode(private_key) == unhexlify(test_output)
def test_ec2sign1_decoding(setup_ec2sign1_tests) -> None:
_, test_input, test_output, test_intermediate, fail = setup_ec2sign1_tests
if fail:
skip("invalid test input")
cose_msg: Sign1Message = CoseMessage.decode(unhexlify(test_output))
assert cose_msg.phdr == test_input['sign0'].get('protected', {})
assert cose_msg.uhdr == test_input['sign0'].get('unprotected', {})
assert cose_msg.payload == test_input.get('plaintext', "").encode('utf-8')
# set up potential external data
cose_msg.external_aad = unhexlify(test_input['sign0'].get("external", b''))
public_key = create_cose_key(EC2,
test_input['sign0']['key'],
usage=KeyOps.VERIFY,
alg=extract_alg(test_input["sign0"]))
assert cose_msg.verify_signature(public_key)
def test_mac0_decoding(setup_mac0_tests: tuple) -> None:
_, test_input, test_output, test_intermediate, fail = setup_mac0_tests
if fail:
skip("invalid test input")
cose_msg: Mac0Message = CoseMessage.decode(unhexlify(test_output))
assert cose_msg.phdr == test_input['mac0'].get('protected', {})
assert cose_msg.uhdr == test_input['mac0'].get('unprotected', {})
assert cose_msg.payload == test_input.get('plaintext', "").encode('utf-8')
# set up potential external data
cose_msg.external_aad = unhexlify(test_input['mac0'].get("external", b''))
cek = create_cose_key(SymmetricKey,
test_input['mac0']["recipients"][0]["key"],
alg=extract_alg(test_input["mac0"]),
usage=KeyOps.MAC_VERIFY)
assert cek.k == unhexlify(test_intermediate["CEK_hex"])
assert cose_msg.verify_tag(cek)
def test_mac0_encoding(setup_mac0_tests: tuple) -> None:
title, test_input, test_output, test_intermediate, fail = setup_mac0_tests
mac0: Mac0Message = Mac0Message(
phdr=test_input['mac0'].get('protected', {}),
uhdr=test_input['mac0'].get('unprotected', {}),
payload=test_input.get('plaintext', '').encode('utf-8'),
external_aad=unhexlify(test_input['mac0'].get("external", b'')))
assert mac0._mac_structure == unhexlify(test_intermediate["ToMac_hex"])
cek = create_cose_key(SymmetricKey,
test_input['mac0']["recipients"][0]["key"],
alg=extract_alg(test_input["mac0"]),
usage=KeyOps.MAC_CREATE)
assert cek.k == unhexlify(test_intermediate["CEK_hex"])
# verify encoding (with automatic tag computation)
if fail:
assert mac0.encode(key=cek) != unhexlify(test_output)
else:
assert mac0.encode(key=cek) == unhexlify(test_output)
