Exemplo n.º 1
0
def test_fail_on_illegal_keyops_verifying(ops):
    msg = Sign1Message(phdr={'ALG': 'ES256'},
                       payload="signed message".encode('utf-8'))

    ec2_key = EC2Key.generate_key(crv='P_256')
    msg.key = ec2_key

    msg = msg.encode()

    msg = CoseMessage.decode(msg)
    # set an illegal key op
    if ops in {
            'ENCRYPT', 'DECRYPT', 'WRAP', 'UNWRAP', 'MAC_CREATE', 'MAC_VERIFY'
    }:
        with pytest.raises(CoseIllegalKeyOps) as excinfo:
            ec2_key.key_ops = [ops]

        assert "Invalid COSE key operation" in str(excinfo.value)
        return
    else:
        ec2_key.key_ops = [ops]

    msg.key = ec2_key

    with pytest.raises(CoseIllegalKeyOps) as excinfo:
        msg.verify_signature()

    assert "Illegal key operations specified." in str(excinfo.value)
Exemplo n.º 2
0
def test_fail_on_non_matching_algorithms_phdr(alg):
    msg = Sign1Message(phdr={'ALG': 'ES256'},
                       payload="signed message".encode('utf-8'))

    ec2_key = EC2Key.generate_key(crv='P_256', optional_params={'ALG': alg})
    msg.key = ec2_key

    with pytest.raises(CoseIllegalAlgorithm) as excinfo:
        msg.encode()

    assert "Conflicting algorithms" in str(excinfo.value)
Exemplo n.º 3
0
def test_fail_on_illegal_keyops_signing(ops):
    msg = Sign1Message(phdr={'ALG': 'ES256'},
                       payload="signed message".encode('utf-8'))

    ec2_key = EC2Key.generate_key(crv='P_256',
                                  optional_params={'KEY_OPS': [ops]})
    msg.key = ec2_key

    with pytest.raises(CoseIllegalKeyOps) as excinfo:
        msg.encode()

    assert "Illegal key operations specified." in str(excinfo.value)
Exemplo n.º 4
0
 def sign(
     self,
     private_key: CoseKey,
     alg: cose.algorithms.CoseAlgorithm,
     kid_protected: bool = True,
     sign1: bool = True,
 ) -> bytes:
     self.protected_header.update({
         cose.headers.Algorithm:
         alg,
         cose.headers.ContentType:
         CoseContentTypes.CWT.value,
     })
     if kid_protected:
         self.protected_header[cose.headers.KID] = private_key.kid
     else:
         self.unprotected_header[cose.headers.KID] = private_key.kid
     if sign1:
         cose_msg = Sign1Message(
             phdr=self.protected_header
             if len(self.protected_header) else None,
             uhdr=self.unprotected_header
             if len(self.unprotected_header) else None,
             payload=cbor2.dumps(self.claims),
         )
         cose_msg.key = private_key
     else:
         signers = [
             CoseSignature(
                 phdr=self.protected_header
                 if len(self.protected_header) else None,
                 uhdr=self.unprotected_header
                 if len(self.unprotected_header) else None,
                 key=private_key,
             )
         ]
         cose_msg = SignMessage(
             phdr={cose.headers.ContentType: CoseContentTypes.CWT.value},
             uhdr=self.unprotected_header
             if len(self.unprotected_header) else None,
             payload=cbor2.dumps(self.claims),
             signers=signers,
         )
     return cose_msg.encode()
Exemplo n.º 5
0
def test_ec2sign1_encoding(setup_ec2sign1_tests) -> None:
    _, test_input, test_output, test_intermediate, fail = setup_ec2sign1_tests

    sign1 = Sign1Message(phdr=test_input['sign0'].get('protected', {}),
                         uhdr=test_input['sign0'].get('unprotected', {}),
                         payload=test_input.get('plaintext',
                                                '').encode('utf-8'),
                         external_aad=unhexlify(test_input['sign0'].get(
                             "external", b'')))

    assert sign1._sig_structure == unhexlify(test_intermediate["ToBeSign_hex"])
    private_key = create_cose_key(EC2,
                                  test_input['sign0']['key'],
                                  usage=KeyOps.SIGN,
                                  alg=extract_alg(test_input["sign0"]))

    if fail:
        assert sign1.encode(private_key) != unhexlify(test_output)
    else:
        assert sign1.encode(private_key) == unhexlify(test_output)
Exemplo n.º 6
0
def test_sign1_encoding(test_sign1):
    test_input = test_sign1['input']
    test_output = test_sign1['output']

    msg = Sign1Message(phdr=test_input['protected'],
                       uhdr=test_input['unprotected'],
                       payload=test_input['plaintext'],
                       external_aad=test_input['external_aad'])

    assert msg.phdr_encoded == test_output['protected']
    assert msg.uhdr_encoded == test_output['unprotected']

    assert msg._sig_structure == test_output['structure']

    key = CoseKey.from_dict(test_sign1["cek"])
    key.key_ops = [SignOp, VerifyOp]
    msg.key = key

    assert msg.compute_signature() == test_output['signature']
    assert cbor2.loads(
        msg.encode(tag=test_sign1['cbor_tag'])) == test_output['result']