def test_aes_key_wrap_wrap_key_without_alg(self):
key = COSEKey.from_symmetric_key(alg="A128GCM", kid="01")
ctx = AESKeyWrap({1: -3}, {},
sender_key=COSEKey.from_symmetric_key(alg="A128KW"))
with pytest.raises(ValueError) as err:
ctx.extract(key=key)
pytest.fail("extract() should fail.")
assert "alg should be set." in str(err.value)
def test_aes_key_wrap_apply_with_invalid_key(self):
key = COSEKey.from_symmetric_key(key="xxx", alg="HS256", kid="01")
ctx = AESKeyWrap({1: -3}, {},
sender_key=COSEKey.from_symmetric_key(alg="A128KW"))
with pytest.raises(EncodeError) as err:
ctx.apply(key, context={"alg": "A128GCM"})
pytest.fail("apply() should fail.")
assert "Failed to wrap key." in str(err.value)
def test_aes_key_wrap_wrap_key_without_ciphertext(self):
key = COSEKey.from_symmetric_key(alg="A128GCM", kid="01")
ctx = AESKeyWrap({1: -3}, {},
sender_key=COSEKey.from_symmetric_key(alg="A128KW"))
with pytest.raises(DecodeError) as err:
ctx.extract(key=key, alg="A128GCM")
pytest.fail("extract() should fail.")
assert "Failed to decode key." in str(err.value)
def test_aes_key_wrap_apply_without_key(self):
ctx = AESKeyWrap({1: -3}, {},
sender_key=COSEKey.from_symmetric_key(alg="A128KW"))
with pytest.raises(ValueError) as err:
ctx.apply()
pytest.fail("apply() should fail.")
assert "key should be set." in str(err.value)
def test_direct_hkdf_extract_with_invalid_key(self):
key = COSEKey.from_symmetric_key(key="a", alg="HS256")
ctx = DirectHKDF({1: -10}, {-20: b"aabbccddeeff"})
with pytest.raises(ValueError) as err:
ctx.extract(key, alg="A128GCM")
pytest.fail("extract() should fail.")
assert "context should be set." in str(err.value)
def test_direct_hkdf_verify_key(self):
material = COSEKey.from_symmetric_key(
key=base64url_decode(
"hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"),
alg="A256GCM",
)
ctx = DirectHKDF({1: -10}, {-20: b"aabbccddeeff"})
context = {
"alg": "AES-CCM-16-64-128",
"party_u": {
"identity": "lighting-client",
},
"party_v": {
"identity": "lighting-server",
},
"supp_pub": {
"other": "Encryption Example 02",
},
}
key = ctx.apply(material, context=context)
ctx.verify_key(
base64url_decode("hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"),
key.key,
context=context,
)
def test_direct_hkdf_extract_with_invalid_context(self):
key = COSEKey.from_symmetric_key(alg="A128GCM")
ctx = DirectHKDF({1: -10}, {-20: b"aabbccddeeff"})
with pytest.raises(ValueError) as err:
ctx.extract(key, alg="A128GCM", context=[None, None, None])
pytest.fail("extract() should fail.")
assert "Invalid context information." in str(err.value)
def test_aes_key_wrap_constructor_with_invalid_alg(self):
with pytest.raises(ValueError) as err:
AESKeyWrap({1: -1}, {},
sender_key=COSEKey.from_symmetric_key(alg="A128KW"))
pytest.fail("AESKeyWrap() should fail.")
assert "algs in protected and sender_key do not match." in str(
err.value)
def test_direct_hkdf_apply_without_alg(self):
material = COSEKey.from_symmetric_key(token_bytes(16))
ctx = DirectHKDF({1: -10}, {4: b"01"})
with pytest.raises(ValueError) as err:
ctx.apply(material)
pytest.fail("apply() should fail.")
assert "context should be set." in str(err.value)
def test_direct_hkdf_verify_key_with_invalid_material(self):
material = COSEKey.from_symmetric_key(
key=base64url_decode(
"hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"),
alg="A256GCM",
)
ctx = DirectHKDF({1: -10}, {-20: b"aabbccddeeff"})
context = {
"alg": "AES-CCM-16-64-128",
"party_u": {
"identity": "lighting-client",
},
"party_v": {
"identity": "lighting-server",
},
"supp_pub": {
"other": "Encryption Example 02",
},
}
key = ctx.apply(
material,
context=context,
)
with pytest.raises(VerifyError) as err:
ctx.verify_key(
b"xxxxxxxxxx",
key.key,
context=context,
)
pytest.fail("verify_key() should fail.")
assert "Failed to verify key." in str(err.value)
def test_ecdh_aes_key_wrap_extract_without_context(self):
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
ctx = ECDH_AESKeyWrap({1: -29}, {4: b"01"})
with pytest.raises(ValueError) as err:
ctx.extract(enc_key, alg="ChaCha20/Poly1305")
pytest.fail("extract() should fail.")
assert "context should be set." in str(err.value)
def test_ecdh_aes_key_wrap_apply_without_context(self, sender_key_es):
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
sender = ECDH_AESKeyWrap({1: -29}, {4: b"01"},
sender_key=sender_key_es)
with pytest.raises(ValueError) as err:
sender.apply(enc_key, recipient_key=recipient_public_key)
pytest.fail("apply() should fail.")
assert "context should be set." in str(err.value)
def test_ecdh_aes_key_wrap_apply_without_recipient_key(
self, sender_key_es):
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
sender = ECDH_AESKeyWrap({1: -29}, {4: b"01"},
sender_key=sender_key_es)
with pytest.raises(ValueError) as err:
sender.apply(enc_key, context={"alg": "A128GCM"})
pytest.fail("apply() should fail.")
assert "recipient_key should be set in advance." in str(err.value)
def test_aes_key_wrap_constructor_a256kw_with_key(self):
ctx = AESKeyWrap(
{1: -5},
{},
sender_key=COSEKey.from_symmetric_key(alg="A256KW",
key=token_bytes(32)),
)
assert isinstance(ctx, AESKeyWrap)
assert ctx.alg == -5
def test_aes_key_wrap_constructor_a256kw_invalid_key_length(self):
with pytest.raises(ValueError) as err:
AESKeyWrap(
{1: -5},
{},
sender_key=COSEKey.from_symmetric_key(key="xxx", alg="A256KW"),
)
pytest.fail("AESKeyWrap() should fail.")
assert "Invalid key length: 3." in str(err.value)
def test_aes_key_wrap_constructor_a128kw_with_invalid_alg_in_sender_key(
self):
with pytest.raises(ValueError) as err:
AESKeyWrap(
{1: -3},
{},
sender_key=COSEKey.from_symmetric_key(alg="A128GCM"),
)
pytest.fail("AESKeyWrap() should fail.")
assert "Invalid alg in sender_key: 1." in str(err.value)
def test_ecdh_aes_key_wrap_apply_with_invalid_key_to_wrap(
self, sender_key_es, recipient_public_key):
mac_key = COSEKey.from_symmetric_key(key="xxx", alg="HS256")
rec = Recipient.new(protected={"alg": "ECDH-ES+A128KW"},
sender_key=sender_key_es)
with pytest.raises(EncodeError) as err:
rec.apply(mac_key,
recipient_key=recipient_public_key,
context={"alg": "A128GCM"})
pytest.fail("apply() should fail.")
assert "Failed to wrap key." in str(err.value)
def test_direct_hkdf_apply_with_invalid_context(self, invalid, msg):
material = COSEKey.from_symmetric_key(
key=base64url_decode(
"hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"),
alg="A256GCM",
)
ctx = DirectHKDF({1: -10}, {-20: b"aabbccddeeff"})
with pytest.raises(ValueError) as err:
ctx.apply(key=material, context=invalid)
pytest.fail("apply() should fail.")
assert msg in str(err.value)
def test_direct_constructor(self):
k = COSEKey.from_symmetric_key(alg="HS256")
ctx = Direct({1: -6}, {})
assert isinstance(ctx, Direct)
assert ctx.alg == -6
with pytest.raises(NotImplementedError):
ctx.apply(k)
pytest.fail("apply() should fail.")
with pytest.raises(NotImplementedError):
ctx.extract(k)
pytest.fail("extract() should fail.")
def test_direct_hkdf_extract_with_raw_context(self):
context = [
10,
[b"lighting-client", None, None],
[b"lighting-server", None, None],
[128, cbor2.dumps({1: -10}), b"Encryption Example 02"],
]
key = COSEKey.from_symmetric_key(alg="A128GCM")
ctx = DirectHKDF({1: -10}, {-20: b"aabbccddeeff"})
decoded = ctx.extract(key, context=context)
assert decoded.alg == 10
assert len(decoded.key) == 16
def test_direct_hkdf_apply_without_salt(self):
context = [
10,
[b"lighting-client", None, None],
[b"lighting-server", None, None],
[128, cbor2.dumps({1: -10}), b"Encryption Example 02"],
]
material = COSEKey.from_symmetric_key(token_bytes(16))
ctx = DirectHKDF({1: -10}, {4: b"01"})
key = ctx.apply(material, context=context)
assert key.alg == 10
assert len(key.key) == 16
def test_ecdh_aes_key_wrap_apply_with_invalid_recipient_key(
self, sender_key_es, recipient_private_key):
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
rec = Recipient.new(protected={"alg": "ECDH-ES+A128KW"},
sender_key=sender_key_es)
with pytest.raises(ValueError) as err:
rec.apply(enc_key,
recipient_key=recipient_private_key,
context={"alg": "A128GCM"})
pytest.fail("apply() should fail.")
assert "public_key should be elliptic curve public key." in str(
err.value)
def test_ecdh_aes_key_wrap_encode_and_extract_with_ecdh_es(
self, sender_key_es, recipient_public_key, recipient_private_key):
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
sender = ECDH_AESKeyWrap({1: -29}, {4: b"01"},
sender_key=sender_key_es)
sender.apply(enc_key,
recipient_key=recipient_public_key,
context={"alg": "A128GCM"})
assert sender.ciphertext is not None
encoded = sender.to_list()
recipient = Recipient.from_list(encoded)
decoded_key = recipient.extract(recipient_private_key,
alg="ChaCha20/Poly1305",
context={"alg": "A128GCM"})
assert enc_key.key == decoded_key.key
def test_ecdh_aes_key_wrap_through_cose_api(self, recipient_public_key,
recipient_private_key):
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
rec = Recipient.from_jwk({
"kty": "EC",
"crv": "P-256",
"alg": "ECDH-ES+A128KW"
})
rec.apply(enc_key,
recipient_key=recipient_public_key,
context={"alg": "A128GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(b"Hello world!",
enc_key,
recipients=[rec])
assert b"Hello world!" == ctx.decode(encoded,
recipient_private_key,
context={"alg": "A128GCM"})
def test_direct_hkdf_verify_key_with_raw_context(self):
material = COSEKey.from_symmetric_key(
key=base64url_decode(
"hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"),
alg="A256GCM",
)
ctx = DirectHKDF({1: -10}, {-20: b"aabbccddeeff"})
context = [
10,
[b"lighting-client", None, None],
[b"lighting-server", None, None],
[128, cbor2.dumps({1: -10}), b"Encryption Example 02"],
]
key = ctx.apply(material, context=context)
ctx.verify_key(
base64url_decode("hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"),
key.key,
context=context,
)
def test_ecdh_aes_key_wrap_through_cose_api_without_kid(self):
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
rec = Recipient.from_jwk({
"kty": "EC",
"crv": "P-256",
"alg": "ECDH-ES+A128KW"
})
pub_key = COSEKey.from_jwk({
"kty":
"EC",
# "kid": "01",
"crv":
"P-256",
"x":
"Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y":
"HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
})
rec.apply(enc_key, recipient_key=pub_key, context={"alg": "A128GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
priv_key = COSEKey.from_jwk({
"kty":
"EC",
# "kid": "01",
"alg":
"ECDH-ES+A128KW",
"crv":
"P-256",
"x":
"Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y":
"HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
"d":
"r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
})
encoded = ctx.encode_and_encrypt(b"Hello world!",
enc_key,
recipients=[rec])
assert b"Hello world!" == ctx.decode(encoded,
priv_key,
context={"alg": "A128GCM"})
def test_ecdh_aes_key_wrap_extract_with_invalid_recipient_private_key(
self, recipient_public_key):
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
rec = Recipient.from_jwk({
"kty": "EC",
"crv": "P-256",
"alg": "ECDH-ES+A128KW"
})
rec.apply(enc_key,
recipient_key=recipient_public_key,
context={"alg": "A128GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
recipient_private_key = COSEKey.from_jwk({
"kty":
"EC",
"kid":
"01",
# "alg": "ECDH-ES+A128KW",
"crv":
"P-256",
"x":
"Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y":
"HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
"d":
"r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
})
encoded = ctx.encode_and_encrypt(b"Hello world!",
enc_key,
recipients=[rec])
with pytest.raises(DecodeError) as err:
ctx.decode(encoded,
recipient_private_key,
context={"alg": "A128GCM"})
pytest.fail("extract() should fail.")
assert "Failed to decode key." in str(err.value)
def test_direct_key_extract(self):
k = COSEKey.from_symmetric_key(alg="HS256")
ctx = DirectKey({1: -6}, {})
decoded = ctx.extract(k)
assert decoded.alg == 5
assert k.key == decoded.key
def test_direct_key_apply(self):
k = COSEKey.from_symmetric_key(alg="HS256")
ctx = DirectKey({1: -6}, {})
encoded = ctx.apply(k)
assert encoded.alg == 5
assert k.key == encoded.key
def test_direct_hkdf_extract_with_json_context(self, alg, alg_id, key_len):
key = COSEKey.from_symmetric_key(alg="A128GCM")
ctx = DirectHKDF({1: -10}, {-20: b"aabbccddeeff"})
decoded = ctx.extract(key, context={"alg": alg})
assert decoded.alg == alg_id
assert len(decoded.key) == key_len