def test_fail_on_illegal_keyops_verifying(ops):
msg = Sign1Message(phdr={'ALG': 'ES256'},
payload="signed message".encode('utf-8'))
ec2_key = EC2Key.generate_key(crv='P_256')
msg.key = ec2_key
msg = msg.encode()
msg = CoseMessage.decode(msg)
# set an illegal key op
if ops in {
'ENCRYPT', 'DECRYPT', 'WRAP', 'UNWRAP', 'MAC_CREATE', 'MAC_VERIFY'
}:
with pytest.raises(CoseIllegalKeyOps) as excinfo:
ec2_key.key_ops = [ops]
assert "Invalid COSE key operation" in str(excinfo.value)
return
else:
ec2_key.key_ops = [ops]
msg.key = ec2_key
with pytest.raises(CoseIllegalKeyOps) as excinfo:
msg.verify_signature()
assert "Illegal key operations specified." in str(excinfo.value)
def test_ec2_key_generation_encoding_decoding(crv):
trails = 256
for i in range(trails):
ec2_test = EC2Key.generate_key(crv=crv)
ec2_encoded = ec2_test.encode()
ec2_decoded = CoseKey.decode(ec2_encoded)
assert _is_valid_ec2_key(ec2_decoded)
def test_fail_on_non_matching_algorithms_phdr(alg):
msg = Sign1Message(phdr={'ALG': 'ES256'},
payload="signed message".encode('utf-8'))
ec2_key = EC2Key.generate_key(crv='P_256', optional_params={'ALG': alg})
msg.key = ec2_key
with pytest.raises(CoseIllegalAlgorithm) as excinfo:
msg.encode()
assert "Conflicting algorithms" in str(excinfo.value)
def test_fail_on_illegal_keyops_signing(ops):
msg = Sign1Message(phdr={'ALG': 'ES256'},
payload="signed message".encode('utf-8'))
ec2_key = EC2Key.generate_key(crv='P_256',
optional_params={'KEY_OPS': [ops]})
msg.key = ec2_key
with pytest.raises(CoseIllegalKeyOps) as excinfo:
msg.encode()
assert "Illegal key operations specified." in str(excinfo.value)
def _generate_ephemeral_key(self) -> None:
"""
Generate a new ephemeral key if the key was not already set.
:return: None
"""
if self.ephemeral_key is not None:
return
chosen_suite = CipherSuite.from_id(self.cipher_suite)
if chosen_suite.dh_curve in [X25519, X448]:
self.ephemeral_key = OKPKey.generate_key(crv=chosen_suite.dh_curve)
else:
self.ephemeral_key = EC2Key.generate_key(crv=chosen_suite.dh_curve)
def test_unknown_header_attribute_encoding_decoding():
msg = Enc0Message(phdr={
Algorithm: AESCCM1664128,
"Custom-Header-Attr1": 7879
},
uhdr={
KID: 8,
IV: unhexlify(b'00000000000000000000000000'),
"Custom-Header-Attr2": 879
})
msg.key = SymmetricKey.generate_key(key_len=16)
assert "Custom-Header-Attr1" in msg.phdr
assert "Custom-Header-Attr2" in msg.uhdr
msg = msg.encode()
msg_decoded = CoseMessage.decode(msg)
assert "Custom-Header-Attr1" in msg_decoded.phdr
assert "Custom-Header-Attr2" in msg_decoded.uhdr
msg = EncMessage(phdr={
Algorithm: AESCCM1664128,
"Custom-Header-Attr1": 7879
},
uhdr={
KID: 8,
IV: unhexlify(b'00000000000000000000000000'),
"Custom-Header-Attr2": 878
},
recipients=[
DirectEncryption(uhdr={
Algorithm: Direct,
"Custom-Header-Attr3": 9999
})
])
msg.key = SymmetricKey.generate_key(key_len=16)
assert "Custom-Header-Attr1" in msg.phdr
assert "Custom-Header-Attr2" in msg.uhdr
assert "Custom-Header-Attr3" in msg.recipients[0].uhdr
msg = msg.encode()
msg_decoded = CoseMessage.decode(msg)
assert "Custom-Header-Attr1" in msg_decoded.phdr
assert "Custom-Header-Attr2" in msg_decoded.uhdr
assert "Custom-Header-Attr3" in msg_decoded.recipients[0].uhdr
msg = Mac0Message(phdr={
Algorithm: HMAC256,
"Custom-Header-Attr1": 7879
},
uhdr={
KID: 8,
IV: unhexlify(b'00000000000000000000000000'),
"Custom-Header-Attr2": 878
})
msg.key = SymmetricKey.generate_key(key_len=16)
assert "Custom-Header-Attr1" in msg.phdr
assert "Custom-Header-Attr2" in msg.uhdr
msg = msg.encode()
msg_decoded = CoseMessage.decode(msg)
assert "Custom-Header-Attr1" in msg_decoded.phdr
assert "Custom-Header-Attr2" in msg_decoded.uhdr
msg = MacMessage(phdr={
Algorithm: HMAC256,
"Custom-Header-Attr1": 7879
},
uhdr={
KID: 8,
IV: unhexlify(b'00000000000000000000000000'),
"Custom-Header-Attr2": 878
},
recipients=[
DirectEncryption(uhdr={
Algorithm: Direct,
"Custom-Header-Attr3": 9999
})
])
msg.key = SymmetricKey.generate_key(key_len=16)
assert "Custom-Header-Attr1" in msg.phdr
assert "Custom-Header-Attr2" in msg.uhdr
assert "Custom-Header-Attr3" in msg.recipients[0].uhdr
msg = msg.encode()
msg_decoded = CoseMessage.decode(msg)
assert "Custom-Header-Attr1" in msg_decoded.phdr
assert "Custom-Header-Attr2" in msg_decoded.uhdr
assert "Custom-Header-Attr3" in msg_decoded.recipients[0].uhdr
msg = SignMessage(phdr={"Custom-Header-Attr1": 7879},
uhdr={
KID: 8,
IV: unhexlify(b'00000000000000000000000000'),
"Custom-Header-Attr2": 878
},
signers=[
CoseSignature(phdr={
Algorithm: Es256,
"Custom-Header-Attr3": 9999
},
key=EC2Key.generate_key(crv=P256))
])
assert "Custom-Header-Attr1" in msg.phdr
assert "Custom-Header-Attr2" in msg.uhdr
msg = msg.encode()
msg_decoded = CoseMessage.decode(msg)
assert "Custom-Header-Attr1" in msg_decoded.phdr
assert "Custom-Header-Attr2" in msg_decoded.uhdr
assert "Custom-Header-Attr3" in msg_decoded.signers[0].phdr
msg = Sign1Message(phdr={
Algorithm: Es256,
"Custom-Header-Attr1": 7879
},
uhdr={
KID: 8,
"Custom-Header-Attr2": 878
})
msg.key = EC2Key.generate_key(crv=P256)
assert "Custom-Header-Attr1" in msg.phdr
assert "Custom-Header-Attr2" in msg.uhdr
msg = msg.encode()
msg_decoded = CoseMessage.decode(msg)
assert "Custom-Header-Attr1" in msg_decoded.phdr
assert "Custom-Header-Attr2" in msg_decoded.uhdr
def test_ec2_key_generation(crv):
key = EC2Key.generate_key(crv)
assert _is_valid_ec2_key(key)
