def decrypt(self, token, key=None, cek=None):
if not key and not cek:
raise MissingKey("On of key or cek must be specified")
jwe = JWEnc().unpack(token)
if len(jwe) != 5:
raise WrongNumberOfParts(len(jwe))
if not cek:
jek = jwe.encrypted_key()
if isinstance(key, SYMKey):
try:
key = key.key.encode('utf8')
except AttributeError:
key = key.key
# The iv for this function must be 64 bit
cek = aes_unwrap_key(key, jek)
msg = self._decrypt(
jwe.headers["enc"], cek, jwe.ciphertext(),
jwe.b64_protected_header(),
jwe.initialization_vector(), jwe.authentication_tag())
if "zip" in self and self["zip"] == "DEF":
msg = zlib.decompress(msg)
return msg
def dec_setup(self, token, key=None, **kwargs):
self.headers = token.headers
self.iv = token.initialization_vector()
self.ctxt = token.ciphertext()
self.tag = token.authentication_tag()
# Handle EPK / Curve
if "epk" not in self.headers or "crv" not in self.headers["epk"]:
raise Exception(
"Ephemeral Public Key Missing in ECDH-ES Computation")
epubkey = ECKey(**self.headers["epk"])
apu = apv = ""
if "apu" in self.headers:
apu = b64d(self.headers["apu"].encode())
if "apv" in self.headers:
apv = b64d(self.headers["apv"].encode())
if self.headers["alg"] == "ECDH-ES":
try:
dk_len = KEYLEN[self.headers["enc"]]
except KeyError:
raise Exception("Unknown key length for algorithm")
self.cek = ecdh_derive_key(epubkey.curve, key.d,
(epubkey.x, epubkey.y), apu, apv,
str(self.headers["enc"]).encode(),
dk_len)
elif self.headers["alg"] in [
"ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW"
]:
_pre, _post = self.headers['alg'].split("+")
klen = int(_post[1:4])
kek = ecdh_derive_key(epubkey.curve, key.d, (epubkey.x, epubkey.y),
apu, apv,
str(_post).encode(), klen)
self.cek = aes_unwrap_key(kek, token.encrypted_key())
else:
raise Exception("Unsupported algorithm %s" % self.headers["alg"])
return self.cek
def decrypt(self, token, key=None, cek=None):
if not key and not cek:
raise MissingKey("On of key or cek must be specified")
jwe = JWEnc().unpack(token)
if not cek:
jek = jwe.encrypted_key()
# The iv for this function must be 64 bit
cek = aes_unwrap_key(key, jek)
msg = self._decrypt(
jwe.headers["enc"], cek, jwe.ciphertext(),
jwe.b64_protected_header(),
jwe.initialization_vector(), jwe.authentication_tag())
if "zip" in self and self["zip"] == "DEF":
msg = zlib.decompress(msg)
return msg
def decrypt(self, token, key=None, cek=None):
if not key and not cek:
raise MissingKey("On of key or cek must be specified")
jwe = JWEnc().unpack(token)
if not cek:
jek = jwe.encrypted_key()
# The iv for this function must be 64 bit
cek = aes_unwrap_key(key, jek)
msg = self._decrypt(jwe.headers["enc"], cek, jwe.ciphertext(),
jwe.b64_protected_header(),
jwe.initialization_vector(),
jwe.authentication_tag())
if "zip" in self and self["zip"] == "DEF":
msg = zlib.decompress(msg)
return msg
def dec_setup(self, token, key=None, **kwargs):
self.headers = token.headers
self.iv = token.initialization_vector()
self.ctxt = token.ciphertext()
self.tag = token.authentication_tag()
# Handle EPK / Curve
if "epk" not in self.headers or "crv" not in self.headers["epk"]:
raise Exception(
"Ephemeral Public Key Missing in ECDH-ES Computation")
epubkey = ECKey(**self.headers["epk"])
apu = apv = ""
if "apu" in self.headers:
apu = b64d(self.headers["apu"].encode())
if "apv" in self.headers:
apv = b64d(self.headers["apv"].encode())
if self.headers["alg"] == "ECDH-ES":
try:
dk_len = KEYLEN[self.headers["enc"]]
except KeyError:
raise Exception("Unknown key length for algorithm")
self.cek = ecdh_derive_key(epubkey.curve, key.d,
(epubkey.x, epubkey.y), apu, apv,
str(self.headers["enc"]).encode(),
dk_len)
elif self.headers["alg"] in ["ECDH-ES+A128KW", "ECDH-ES+A192KW",
"ECDH-ES+A256KW"]:
_pre, _post = self.headers['alg'].split("+")
klen = int(_post[1:4])
kek = ecdh_derive_key(epubkey.curve, key.d, (epubkey.x, epubkey.y),
apu, apv, str(_post).encode(), klen)
self.cek = aes_unwrap_key(kek, token.encrypted_key())
else:
raise Exception("Unsupported algorithm %s" % self.headers["alg"])
return self.cek
