def ciphertext_3(self):
# TODO: resolve magic key and IV lengths
iv_bytes = self._hkdf3(13, 'IV_3ae', self._prk3e2m)
# TODO: resolve magic key and IV lengths
cose_key = self._create_cose_key(self._hkdf3, 16, 'K_3ae',
self._prk3e2m, [EncryptOp])
# create payload for the COSE_Encrypt0
payload = [self._p_3ae]
if self.aad3_cb is not None:
payload.append(self.aad3_cb())
payload = b''.join(payload)
# create the external data for the COSE_Encrypt0
th_3 = self.transcript(self.cipher_suite.hash.hash_cls,
self._th3_input)
# calculate the mac_2 using a COSE_Encrypt0 message
ciphertext = Enc0Message(uhdr={
headers.IV: iv_bytes,
headers.Algorithm: self.cipher_suite.aead
},
key=cose_key,
payload=payload,
external_aad=th_3).encrypt()
return ciphertext
def test_simple_enc0message():
msg = Enc0Message(
phdr={Algorithm: A128GCM, IV: b'000102030405060708090a0b0c'},
uhdr={KID: b'kid1'},
payload='some secret message'.encode('utf-8'))
assert str(msg) == "<COSE_Encrypt0: [{'Algorithm': 'A128GCM', 'IV': \"b'00010' ... (26 B)\"}, {'KID': b'kid1'}, " \
"b'some ' ... (19 B)]>"
cose_key = {
KpKty: KtySymmetric,
SymKpK: unhexlify(b'000102030405060708090a0b0c0d0e0f'),
KpKeyOps: [EncryptOp, DecryptOp]}
cose_key = CoseKey.from_dict(cose_key)
assert str(cose_key) == "<COSE_Key(Symmetric): {'SymKpK': \"b'\\\\x00\\\\x01\\\\x02\\\\x03\\\\x04' ... (16 B)\", " \
"'KpKty': 'KtySymmetric', 'KpKeyOps': ['EncryptOp', 'DecryptOp']}>"
msg.key = cose_key
# the encode() function performs the encryption automatically
encoded = msg.encode()
assert hexlify(encoded) == b'd0835820a2010105581a3030303130323033303430353036303730383039306130623063a104446b696' \
b'4315823cca3441a2464d240e09fe9ee0ea42a7852a4f41d9945325c1f8d3b1353b8eb83e6a62f'
# decode and decrypt
decoded = CoseMessage.decode(encoded)
decoded.key = cose_key
assert hexlify(decoded.payload) == b'cca3441a2464d240e09fe9ee0ea42a7852a4f41d9945325c1f8d3b1353b8eb83e6a62f'
assert decoded.decrypt() == b'some secret message'
def _decrypt(self, ciphertext: bytes) -> bytes:
# TODO: resolve magic key and IV lengths
iv_bytes = self._hkdf3(13, 'IV_3ae', self._prk3e2m)
# TODO: resolve magic key and IV lengths
cose_key = self._create_cose_key(self._hkdf3, 16, 'K_3ae', self._prk3e2m, [DecryptOp])
th_3 = self.transcript(self.cipher_suite.hash.hash_cls, self._th3_input)
return Enc0Message(uhdr={headers.IV: iv_bytes, headers.Algorithm: self.cipher_suite.aead},
key=cose_key,
payload=ciphertext,
external_aad=th_3).decrypt()
def _mac(self, hkdf: Callable, key_label: str, key_len: int, iv_label: str,
iv_len: int, th_input: bytes, prk: bytes,
aad_cb: Callable[..., bytes]) -> bytes:
iv_bytes = hkdf(iv_len, iv_label, prk)
cose_key = self._create_cose_key(hkdf, key_len, key_label, prk,
[EncryptOp])
# calculate the mac using a COSE_Encrypt0 message
return Enc0Message(phdr=self.cred_id,
uhdr={
headers.IV: iv_bytes,
headers.Algorithm: self.cipher_suite.aead
},
payload=b'',
key=cose_key,
external_aad=self._external_aad(th_input,
aad_cb)).encrypt()
def test_unknown_header_attribute_encoding_decoding():
msg = Enc0Message(phdr={
Algorithm: AESCCM1664128,
"Custom-Header-Attr1": 7879
},
uhdr={
KID: 8,
IV: unhexlify(b'00000000000000000000000000'),
"Custom-Header-Attr2": 879
})
msg.key = SymmetricKey.generate_key(key_len=16)
assert "Custom-Header-Attr1" in msg.phdr
assert "Custom-Header-Attr2" in msg.uhdr
msg = msg.encode()
msg_decoded = CoseMessage.decode(msg)
assert "Custom-Header-Attr1" in msg_decoded.phdr
assert "Custom-Header-Attr2" in msg_decoded.uhdr
msg = EncMessage(phdr={
Algorithm: AESCCM1664128,
"Custom-Header-Attr1": 7879
},
uhdr={
KID: 8,
IV: unhexlify(b'00000000000000000000000000'),
"Custom-Header-Attr2": 878
},
recipients=[
DirectEncryption(uhdr={
Algorithm: Direct,
"Custom-Header-Attr3": 9999
})
])
msg.key = SymmetricKey.generate_key(key_len=16)
assert "Custom-Header-Attr1" in msg.phdr
assert "Custom-Header-Attr2" in msg.uhdr
assert "Custom-Header-Attr3" in msg.recipients[0].uhdr
msg = msg.encode()
msg_decoded = CoseMessage.decode(msg)
assert "Custom-Header-Attr1" in msg_decoded.phdr
assert "Custom-Header-Attr2" in msg_decoded.uhdr
assert "Custom-Header-Attr3" in msg_decoded.recipients[0].uhdr
msg = Mac0Message(phdr={
Algorithm: HMAC256,
"Custom-Header-Attr1": 7879
},
uhdr={
KID: 8,
IV: unhexlify(b'00000000000000000000000000'),
"Custom-Header-Attr2": 878
})
msg.key = SymmetricKey.generate_key(key_len=16)
assert "Custom-Header-Attr1" in msg.phdr
assert "Custom-Header-Attr2" in msg.uhdr
msg = msg.encode()
msg_decoded = CoseMessage.decode(msg)
assert "Custom-Header-Attr1" in msg_decoded.phdr
assert "Custom-Header-Attr2" in msg_decoded.uhdr
msg = MacMessage(phdr={
Algorithm: HMAC256,
"Custom-Header-Attr1": 7879
},
uhdr={
KID: 8,
IV: unhexlify(b'00000000000000000000000000'),
"Custom-Header-Attr2": 878
},
recipients=[
DirectEncryption(uhdr={
Algorithm: Direct,
"Custom-Header-Attr3": 9999
})
])
msg.key = SymmetricKey.generate_key(key_len=16)
assert "Custom-Header-Attr1" in msg.phdr
assert "Custom-Header-Attr2" in msg.uhdr
assert "Custom-Header-Attr3" in msg.recipients[0].uhdr
msg = msg.encode()
msg_decoded = CoseMessage.decode(msg)
assert "Custom-Header-Attr1" in msg_decoded.phdr
assert "Custom-Header-Attr2" in msg_decoded.uhdr
assert "Custom-Header-Attr3" in msg_decoded.recipients[0].uhdr
msg = SignMessage(phdr={"Custom-Header-Attr1": 7879},
uhdr={
KID: 8,
IV: unhexlify(b'00000000000000000000000000'),
"Custom-Header-Attr2": 878
},
signers=[
CoseSignature(phdr={
Algorithm: Es256,
"Custom-Header-Attr3": 9999
},
key=EC2Key.generate_key(crv=P256))
])
assert "Custom-Header-Attr1" in msg.phdr
assert "Custom-Header-Attr2" in msg.uhdr
msg = msg.encode()
msg_decoded = CoseMessage.decode(msg)
assert "Custom-Header-Attr1" in msg_decoded.phdr
assert "Custom-Header-Attr2" in msg_decoded.uhdr
assert "Custom-Header-Attr3" in msg_decoded.signers[0].phdr
msg = Sign1Message(phdr={
Algorithm: Es256,
"Custom-Header-Attr1": 7879
},
uhdr={
KID: 8,
"Custom-Header-Attr2": 878
})
msg.key = EC2Key.generate_key(crv=P256)
assert "Custom-Header-Attr1" in msg.phdr
assert "Custom-Header-Attr2" in msg.uhdr
msg = msg.encode()
msg_decoded = CoseMessage.decode(msg)
assert "Custom-Header-Attr1" in msg_decoded.phdr
assert "Custom-Header-Attr2" in msg_decoded.uhdr