def test_mac_direct_decoding(setup_mac_tests: tuple) -> None: _, test_input, test_output, test_intermediate, fail = setup_mac_tests if fail: skip("invalid test input") msg: MacMessage = CoseMessage.decode(unhexlify(test_output)) assert msg.phdr == test_input['mac'].get('protected', {}) assert msg.uhdr == test_input['mac'].get('unprotected', {}) assert msg.payload == test_input['plaintext'].encode('utf-8') # set up potential external data msg.external_aad = unhexlify(test_input['mac'].get("external", b'')) assert msg._mac_structure == unhexlify(test_intermediate['ToMac_hex']) alg = extract_alg(test_input['mac']) cek = create_cose_key(SymmetricKey, test_input['mac']["recipients"][0]["key"], usage=KeyOps.MAC_VERIFY, alg=alg) assert cek.k == unhexlify(test_intermediate['CEK_hex']) # verify recipients for r1, r2 in zip(msg.recipients, test_input['mac']['recipients']): assert r1.phdr == r2.get('protected', {}) assert r1.uhdr == r2.get('unprotected', {}) assert msg.verify_tag(cek) # re-encode and verify we are back where we started kek = SymmetricKey(key_ops=KeyOps.WRAP, alg=CoseAlgorithms.DIRECT.id) cek.key_ops = KeyOps.MAC_CREATE assert msg.encode(key=cek, mac_params=[RcptParams(key=kek)]) == unhexlify(test_output)
def test_encrypt0_encoding(setup_encrypt0_tests: tuple) -> None: _, test_input, test_output, test_intermediate, fail = setup_encrypt0_tests alg = extract_alg(test_input['encrypted']) nonce = extract_nonce(test_input, 0) # initialize a COSE_Encrypt0 message enc0 = Enc0Message(phdr=extract_phdr(test_input, 'encrypted'), uhdr=extract_uhdr(test_input, 'encrypted'), payload=test_input['plaintext'].encode('utf-8'), external_aad=unhexlify(test_input['encrypted'].get( "external", b''))) # set up key data and verify CEK key = create_cose_key(SymmetricKey, test_input["encrypted"]["recipients"][0]["key"]) # verify internal _enc_structure assert enc0._enc_structure == unhexlify(test_intermediate['AAD_hex']) # verify encoding (with automatic encryption) if fail: assert enc0.encode(alg=alg, nonce=nonce, key=key) != unhexlify(test_output) else: assert enc0.encode(alg=alg, nonce=nonce, key=key) == unhexlify(test_output)
def test_mac_direct_encoding(setup_mac_tests: tuple) -> None: _, test_input, test_output, test_intermediate, fail = setup_mac_tests mac = MacMessage( phdr=test_input['mac'].get('protected', {}), uhdr=test_input['mac'].get('unprotected', {}), payload=test_input.get('plaintext', '').encode('utf-8'), external_aad=unhexlify(test_input['mac'].get("external", b''))) assert mac._mac_structure == unhexlify(test_intermediate["ToMac_hex"]) alg = extract_alg(test_input["mac"]) # set up the CEK and KEK cek = create_cose_key(SymmetricKey, test_input['mac']['recipients'][0]['key'], alg=alg, usage=KeyOps.MAC_CREATE) kek = create_cose_key(SymmetricKey, test_input['mac']['recipients'][0]['key'], alg=CoseAlgorithms.DIRECT.id, usage=KeyOps.WRAP) assert cek.k == unhexlify(test_intermediate["CEK_hex"]) recipient = test_input["mac"]["recipients"][0] recipient = CoseRecipient( phdr=recipient.get('protected', {}), uhdr=recipient.get('unprotected', {}), payload=cek.k) mac.recipients.append(recipient) # verify encoding (with automatic tag computation) if fail: assert mac.encode(cek, mac_params=[RcptParams(key=kek)]) != unhexlify(test_output) else: assert mac.encode(cek, mac_params=[RcptParams(key=kek)]) == unhexlify(test_output)
def test_encrypt0_decoding(setup_encrypt0_tests: tuple) -> None: _, test_input, test_output, test_intermediate, fail = setup_encrypt0_tests alg = extract_alg(test_input['encrypted']) nonce = extract_nonce(test_input, 0) if fail: skip("invalid test input") # parse initial message msg: Enc0Message = CoseMessage.decode(unhexlify(test_output)) # verify parsed (un)protected header assert msg.phdr == extract_phdr(test_input, 'encrypted') assert msg.uhdr == extract_uhdr(test_input, 'encrypted') # prepare and verify pre-shared key key = create_cose_key(SymmetricKey, test_input["encrypted"]["recipients"][0]["key"], alg=alg, usage=KeyOps.DECRYPT) msg.key = key assert msg.key.k == unhexlify(test_intermediate['CEK_hex']) # look for external data and verify internal enc_structure msg.external_aad = unhexlify(test_input['encrypted'].get('external', b'')) assert msg._enc_structure == unhexlify(test_intermediate['AAD_hex']) # verify decryption assert msg.decrypt(nonce=nonce, key=key) == test_input['plaintext'].encode('utf-8') # re-encode and verify we are back where we started assert msg.encode(encrypt=False, key=key, nonce=nonce) == unhexlify(test_output)
def test_sign_encoding(setup_sign_tests: tuple) -> None: _, test_input, test_output, test_intermediate, fail = setup_sign_tests sign: SignMessage = SignMessage( phdr=test_input['sign'].get('protected', {}), uhdr=test_input['sign'].get('unprotected', {}), payload=test_input['plaintext'].encode('utf-8')) alg = extract_alg(test_input["sign"]["signers"][0]) signer_key = create_cose_key(EC2, test_input['sign']['signers'][0]['key'], usage=KeyOps.SIGN, alg=alg) signer = test_input["sign"]['signers'][0] signer = CoseSignature(phdr=signer.get('protected'), uhdr=signer.get('unprotected'), external_aad=unhexlify(signer.get("external", b''))) sign.append_signer(signer) assert signer._sig_structure == unhexlify( test_intermediate['signers'][0]["ToBeSign_hex"]) # verify encoding (with automatic tag computation) if fail: assert sign.encode(sign_params=[SignerParams( private_key=signer_key)]) != unhexlify(test_output) else: assert sign.encode(sign_params=[SignerParams( private_key=signer_key)]) == unhexlify(test_output)
def test_encrypt_hkdf_hmac_direct_decode( setup_encrypt_hkdf_hmac_direct_tests: tuple) -> None: _, test_input, test_output, test_intermediate, fail = setup_encrypt_hkdf_hmac_direct_tests # parse message and test for headers md: EncMessage = CoseMessage.decode(unhexlify(test_output)) assert md.phdr == extract_phdr(test_input, 'enveloped') assert md.uhdr == extract_uhdr(test_input, 'enveloped', 0) # check for external data and verify internal _enc_structure md.external_aad = unhexlify(test_input['enveloped'].get('external', b'')) assert md._enc_structure == unhexlify(test_intermediate['AAD_hex']) recipient = test_input['enveloped']['recipients'][0] assert md.recipients[0].phdr == recipient.get('protected', {}) # create HKDF contect v = PartyInfo( identity=md.recipients[0].uhdr.get(CoseHeaderKeys.PARTY_V_IDENTITY), nonce=md.recipients[0].uhdr.get(CoseHeaderKeys.PARTY_V_NONCE), other=md.recipients[0].uhdr.get(CoseHeaderKeys.PARTY_V_OTHER)) u = PartyInfo( identity=md.recipients[0].uhdr.get(CoseHeaderKeys.PARTY_U_IDENTITY), nonce=md.recipients[0].uhdr.get(CoseHeaderKeys.PARTY_U_NONCE), other=md.recipients[0].uhdr.get(CoseHeaderKeys.PARTY_U_OTHER)) public_data = test_input['enveloped']['recipients'][0].get( 'unsent', {}).get('pub_other') s = SuppPubInfo( len(test_intermediate['CEK_hex']) * 4, md.recipients[0].encode_phdr(), public_data.encode('utf-8') if public_data is not None else public_data) priv_data = test_input['enveloped']['recipients'][0].get('unsent', {}).get( 'priv_other', b'') hkdf_context = CoseKDFContext( md.phdr[CoseHeaderKeys.ALG], u, v, s, priv_data.encode('utf-8') if priv_data != b'' else priv_data) assert hkdf_context.encode() == unhexlify( test_intermediate["recipients"][0]['Context_hex']) # set shared secret key shared_secret = SymmetricKey( k=CoseKey.base64decode(test_input['enveloped']['recipients'][0]['key'][ SymmetricKey.SymPrm.K])) kek = md.recipients[0].derive_kek( shared_secret, alg=md.recipients[0].phdr[CoseHeaderKeys.ALG], context=hkdf_context, salt=md.recipients[0].uhdr.get(CoseHeaderKeys.SALT)) assert kek == unhexlify(test_intermediate["CEK_hex"]) cek = SymmetricKey(k=kek, alg=extract_alg(test_input['enveloped'])) assert md.decrypt(key=cek, nonce=extract_nonce( test_input, 0)) == test_input['plaintext'].encode('utf-8')
def test_encrypt_decoding(setup_encrypt_tests: tuple) -> None: _, test_input, test_output, test_intermediate, fail = setup_encrypt_tests if fail: skip("invalid test input") # parse initial message msg: EncMessage = CoseMessage.decode(unhexlify(test_output)) # verify parsed protected header assert msg.phdr == extract_phdr(test_input, 'enveloped') assert msg.uhdr == extract_uhdr(test_input, 'enveloped') nonce = extract_nonce( test_input, 0) if extract_nonce(test_input, 0) != b'' else extract_unsent_nonce( test_input, "enveloped") alg = extract_alg(test_input['enveloped']) cek = create_cose_key(SymmetricKey, test_input['enveloped']["recipients"][0]["key"], usage=KeyOps.DECRYPT, alg=alg) assert cek.k == unhexlify(test_intermediate['CEK_hex']) # look for external data and verify internal enc_structure msg.external_aad = unhexlify(test_input['enveloped'].get('external', b'')) assert msg._enc_structure == unhexlify(test_intermediate['AAD_hex']) # verify recipients assert len(msg.recipients) == 1 assert msg.recipients[0].phdr == test_input['enveloped']['recipients'][ 0].get('protected', {}) assert msg.recipients[0].uhdr == test_input['enveloped']['recipients'][ 0].get('unprotected', {}) # (1) verify decryption assert msg.decrypt(nonce=nonce, key=cek) == test_input['plaintext'].encode('utf-8') # re-encode and verify we are back where we started kek = SymmetricKey(key_ops=KeyOps.WRAP, alg=CoseAlgorithms.DIRECT.id) assert msg.encode(encrypt=False, nonce=nonce, key=cek, enc_params=[RcptParams(key=kek) ]) == unhexlify(test_output)
def test_okpsign1_decoding(setup_okpsign1_tests) -> None: _, test_input, test_output, test_intermediate, fail = setup_okpsign1_tests if fail: skip("invalid test input") cose_msg: Sign1Message = CoseMessage.decode(unhexlify(test_output)) # set up potential external data cose_msg.external_aad = unhexlify(test_input['sign0'].get("external", b'')) public_key = create_cose_key(OKP, test_input['sign0']['key'], usage=KeyOps.VERIFY, alg=extract_alg(test_input["sign0"])) assert cose_msg.verify_signature(public_key)
def test_encrypt_x25519_wrap_decode( setup_encrypt_x25519_direct_tests: tuple) -> None: _, test_input, test_output, test_intermediate, fail = setup_encrypt_x25519_direct_tests # DECODING # parse message and test for headers md: EncMessage = CoseMessage.decode(unhexlify(test_output)) assert md.phdr == extract_phdr(test_input, 'enveloped') assert md.uhdr == extract_uhdr(test_input, 'enveloped', 1) # check for external data and verify internal _enc_structure md.external_aad = unhexlify(test_input['enveloped'].get('external', b'')) assert md._enc_structure == unhexlify(test_intermediate['AAD_hex']) recipient = test_input['enveloped']['recipients'][0] assert md.recipients[0].phdr == recipient.get('protected', {}) # do not verify unprotected header since it contains the ephemeral public key of the sender # assert m.recipients[0].uhdr == rcpt.get('unprotected', {}) rcvr_skey, sender_key = setup_okp_receiver_keys( recipient, md.recipients[0].uhdr.get(CoseHeaderKeys.EPHEMERAL_KEY)) # create context KDF u = PartyInfo(nonce=unhexlify(test_input['rng_stream'][0]) ) if "sender_key" in recipient else PartyInfo() s = SuppPubInfo( len(test_intermediate['CEK_hex']) * 4, md.recipients[0].encode_phdr()) kdf_ctx = CoseKDFContext(md.phdr[CoseHeaderKeys.ALG], u, PartyInfo(), s) assert kdf_ctx.encode() == unhexlify( test_intermediate['recipients'][0]['Context_hex']) secret, kek_bytes = CoseRecipient.derive_kek(rcvr_skey, sender_key, context=kdf_ctx, expose_secret=True) assert secret == unhexlify( test_intermediate['recipients'][0]['Secret_hex']) assert kek_bytes == unhexlify(test_intermediate['CEK_hex']) alg = extract_alg(test_input['enveloped']) cek = SymmetricKey(k=kek_bytes) nonce = extract_nonce(test_input, 1) assert md.decrypt(nonce=nonce, alg=alg, key=cek) == test_input['plaintext'].encode('utf-8')
def test_encrypt_encoding(setup_encrypt_tests: tuple) -> None: title, test_input, test_output, test_intermediate, fail = setup_encrypt_tests alg = extract_alg(test_input["enveloped"]) nonce = extract_nonce( test_input, 0) if extract_nonce(test_input, 0) != b'' else extract_unsent_nonce( test_input, "enveloped") m = EncMessage(phdr=extract_phdr(test_input, 'enveloped'), uhdr=extract_uhdr(test_input, 'enveloped'), payload=test_input['plaintext'].encode('utf-8'), external_aad=unhexlify(test_input['enveloped'].get( 'external', b''))) # check for external data and verify internal _enc_structure assert m._enc_structure == unhexlify(test_intermediate['AAD_hex']) # set up the CEK and KEK cek = create_cose_key(SymmetricKey, test_input['enveloped']['recipients'][0]['key'], alg=alg, usage=KeyOps.ENCRYPT) kek = create_cose_key(SymmetricKey, test_input['enveloped']['recipients'][0]['key'], alg=CoseAlgorithms.DIRECT.id, usage=KeyOps.WRAP) # create the recipients r_info = test_input['enveloped']['recipients'][0] recipient = CoseRecipient(phdr=r_info.get('protected', {}), uhdr=r_info.get('unprotected', {}), payload=cek.k) m.recipients.append(recipient) # verify encoding (with automatic encryption) if fail: assert m.encode(key=cek, nonce=nonce, enc_params=[RcptParams( key=kek)]) != unhexlify(test_output) else: # test encoding/protection assert m.encode(key=cek, nonce=nonce, enc_params=[RcptParams(key=kek) ]) == unhexlify(test_output)
def test_ec2sign1_encoding(setup_ec2sign1_tests) -> None: _, test_input, test_output, test_intermediate, fail = setup_ec2sign1_tests sign1 = Sign1Message(phdr=test_input['sign0'].get('protected', {}), uhdr=test_input['sign0'].get('unprotected', {}), payload=test_input.get('plaintext', '').encode('utf-8'), external_aad=unhexlify(test_input['sign0'].get( "external", b''))) assert sign1._sig_structure == unhexlify(test_intermediate["ToBeSign_hex"]) private_key = create_cose_key(EC2, test_input['sign0']['key'], usage=KeyOps.SIGN, alg=extract_alg(test_input["sign0"])) if fail: assert sign1.encode(private_key) != unhexlify(test_output) else: assert sign1.encode(private_key) == unhexlify(test_output)
def test_ec2sign1_decoding(setup_ec2sign1_tests) -> None: _, test_input, test_output, test_intermediate, fail = setup_ec2sign1_tests if fail: skip("invalid test input") cose_msg: Sign1Message = CoseMessage.decode(unhexlify(test_output)) assert cose_msg.phdr == test_input['sign0'].get('protected', {}) assert cose_msg.uhdr == test_input['sign0'].get('unprotected', {}) assert cose_msg.payload == test_input.get('plaintext', "").encode('utf-8') # set up potential external data cose_msg.external_aad = unhexlify(test_input['sign0'].get("external", b'')) public_key = create_cose_key(EC2, test_input['sign0']['key'], usage=KeyOps.VERIFY, alg=extract_alg(test_input["sign0"])) assert cose_msg.verify_signature(public_key)
def test_mac0_decoding(setup_mac0_tests: tuple) -> None: _, test_input, test_output, test_intermediate, fail = setup_mac0_tests if fail: skip("invalid test input") cose_msg: Mac0Message = CoseMessage.decode(unhexlify(test_output)) assert cose_msg.phdr == test_input['mac0'].get('protected', {}) assert cose_msg.uhdr == test_input['mac0'].get('unprotected', {}) assert cose_msg.payload == test_input.get('plaintext', "").encode('utf-8') # set up potential external data cose_msg.external_aad = unhexlify(test_input['mac0'].get("external", b'')) cek = create_cose_key(SymmetricKey, test_input['mac0']["recipients"][0]["key"], alg=extract_alg(test_input["mac0"]), usage=KeyOps.MAC_VERIFY) assert cek.k == unhexlify(test_intermediate["CEK_hex"]) assert cose_msg.verify_tag(cek)
def test_mac0_encoding(setup_mac0_tests: tuple) -> None: title, test_input, test_output, test_intermediate, fail = setup_mac0_tests mac0: Mac0Message = Mac0Message( phdr=test_input['mac0'].get('protected', {}), uhdr=test_input['mac0'].get('unprotected', {}), payload=test_input.get('plaintext', '').encode('utf-8'), external_aad=unhexlify(test_input['mac0'].get("external", b''))) assert mac0._mac_structure == unhexlify(test_intermediate["ToMac_hex"]) cek = create_cose_key(SymmetricKey, test_input['mac0']["recipients"][0]["key"], alg=extract_alg(test_input["mac0"]), usage=KeyOps.MAC_CREATE) assert cek.k == unhexlify(test_intermediate["CEK_hex"]) # verify encoding (with automatic tag computation) if fail: assert mac0.encode(key=cek) != unhexlify(test_output) else: assert mac0.encode(key=cek) == unhexlify(test_output)
def test_encrypt_ecdh_wrap_decode(setup_encrypt_ecdh_wrap_tests: tuple): _, test_input, test_output, test_intermediate, fail = setup_encrypt_ecdh_wrap_tests # DECODING # parse message and test for headers md: EncMessage = CoseMessage.decode(unhexlify(test_output)) assert md.phdr == extract_phdr(test_input, 'enveloped') assert md.uhdr == extract_uhdr(test_input, 'enveloped', 1) # check for external data and verify internal _enc_structure md.external_aad = unhexlify(test_input['enveloped'].get('external', b'')) assert md._enc_structure == unhexlify(test_intermediate['AAD_hex']) recipient = test_input['enveloped']['recipients'][0] assert md.recipients[0].phdr == recipient.get('protected', {}) # do not verify unprotected header since it contains the ephemeral public key of the sender # assert m.recipients[0].uhdr == rcpt.get('unprotected', {}) rcvr_skey, sender_key = setup_ec_receiver_keys( recipient, md.recipients[0].uhdr.get(CoseHeaderKeys.EPHEMERAL_KEY)) # create context KDF s = SuppPubInfo( len(test_intermediate['recipients'][0]['KEK_hex']) * 4, md.recipients[0].encode_phdr()) if md.recipients[0].phdr[CoseHeaderKeys.ALG] in { CoseAlgorithms.ECDH_ES_A192KW.id, CoseAlgorithms.ECDH_SS_A192KW.id }: kdf_ctx = CoseKDFContext(CoseAlgorithms.A192KW.id, PartyInfo(), PartyInfo(), s) elif md.recipients[0].phdr[CoseHeaderKeys.ALG] in { CoseAlgorithms.ECDH_ES_A128KW.id, CoseAlgorithms.ECDH_SS_A128KW.id }: kdf_ctx = CoseKDFContext(CoseAlgorithms.A128KW.id, PartyInfo(), PartyInfo(), s) elif md.recipients[0].phdr[CoseHeaderKeys.ALG] in { CoseAlgorithms.ECDH_ES_A256KW.id, CoseAlgorithms.ECDH_SS_A256KW.id }: kdf_ctx = CoseKDFContext(CoseAlgorithms.A256KW.id, PartyInfo(), PartyInfo(), s) else: raise ValueError("Missed an algorithm?") assert kdf_ctx.encode() == unhexlify( test_intermediate['recipients'][0]['Context_hex']) secret, kek = CoseRecipient.derive_kek(rcvr_skey, sender_key, context=kdf_ctx, expose_secret=True) assert secret == unhexlify( test_intermediate['recipients'][0]['Secret_hex']) assert kek == unhexlify(test_intermediate['recipients'][0]['KEK_hex']) r1 = md.recipients[0] cek = r1.decrypt(key=SymmetricKey(k=kek, alg=r1.phdr[CoseHeaderKeys.ALG])) assert cek == unhexlify(test_intermediate['CEK_hex']) cek = SymmetricKey(k=cek, alg=extract_alg(test_input["enveloped"])) pld = md.decrypt(key=cek, nonce=extract_nonce(test_input, 1)) assert pld == test_input['plaintext'].encode('utf-8')
def test_encrypt_ecdh_direct_decode_encode( setup_encrypt_ecdh_direct_tests: tuple) -> None: _, test_input, test_output, test_intermediate, fail = setup_encrypt_ecdh_direct_tests # DECODING # parse message and test for headers md: EncMessage = CoseMessage.decode(unhexlify(test_output)) assert md.phdr == extract_phdr(test_input, 'enveloped') assert md.uhdr == extract_uhdr(test_input, 'enveloped', 1) # check for external data and verify internal _enc_structure md.external_aad = unhexlify(test_input['enveloped'].get('external', b'')) assert md._enc_structure == unhexlify(test_intermediate['AAD_hex']) # verify the receiver and set up the keying material recipient = test_input['enveloped']['recipients'][0] assert md.recipients[0].phdr == recipient.get('protected', {}) # do not verify unprotected header since it contains the ephemeral public key of the sender # assert m.recipients[0].uhdr == rcpt.get('unprotected', {}) rcvr_skey, sender_key = setup_ec_receiver_keys( recipient, md.recipients[0].uhdr.get(CoseHeaderKeys.EPHEMERAL_KEY)) # create context KDF v = PartyInfo() u = PartyInfo(nonce=unhexlify(test_input['rng_stream'][0]) ) if "sender_key" in recipient else PartyInfo() s = SuppPubInfo( len(test_intermediate['CEK_hex']) * 4, md.recipients[0].encode_phdr()) kdf_ctx = CoseKDFContext(md.phdr[CoseHeaderKeys.ALG], u, v, s) assert kdf_ctx.encode() == unhexlify( test_intermediate['recipients'][0]['Context_hex']) secret, kek_bytes = CoseRecipient.derive_kek(rcvr_skey, sender_key, context=kdf_ctx, expose_secret=True) assert secret == unhexlify( test_intermediate['recipients'][0]['Secret_hex']) assert kek_bytes == unhexlify(test_intermediate['CEK_hex']) alg = extract_alg(test_input['enveloped']) cek = SymmetricKey(k=kek_bytes) nonce = extract_nonce(test_input, 1) assert md.decrypt(nonce=nonce, alg=alg, key=cek) == test_input['plaintext'].encode('utf-8') # ENCODING me = EncMessage(phdr=test_input['enveloped'].get("protected", {}), uhdr=test_input['enveloped'].get("unprotected", {}), payload=test_input['plaintext'].encode('utf-8')) if 'rng_stream' in test_input: me.uhdr_update( {CoseHeaderKeys.IV: unhexlify(test_input['rng_stream'][1])}) # Set up recipients and keys recipient = test_input['enveloped']['recipients'][0] if 'sender_key' in recipient: r1 = CoseRecipient(phdr=recipient.get('protected', {})) r1.uhdr_update( {CoseHeaderKeys.STATIC_KEY: sender_key.encode('crv', 'x', 'y')}) r1.uhdr_update(recipient.get('unprotected', {})) r1.uhdr_update({ CoseHeaderKeys.PARTY_U_NONCE: unhexlify(test_input['rng_stream'][0]) }) else: r1 = CoseRecipient(phdr=recipient.get('protected', {})) r1.uhdr_update( {CoseHeaderKeys.EPHEMERAL_KEY: sender_key.encode('crv', 'x', 'y')}) r1.uhdr_update(recipient.get('unprotected', {})) # append the first and only recipient me.recipients.append(r1) # set up cek cek = SymmetricKey(k=kek_bytes, alg=alg) kek = SymmetricKey(k=kek_bytes, alg=CoseAlgorithms.DIRECT.id) # without sorting probably does not match because the order of the recipient elements is not the same assert sorted( me.encode(key=cek, nonce=nonce, enc_params=[RcptParams(key=kek) ])) == sorted(unhexlify(test_output))