Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Follow COSE-HPKE early version of draft-03. #271

Merged
merged 1 commit into from Oct 31, 2022
Merged

Follow COSE-HPKE early version of draft-03. #271

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
8 changes: 4 additions & 4 deletions README.md
View file
Open in desktop
Expand Up @@ -397,8 +397,8 @@ encoded = sender.encode_and_encrypt(
4: b"01", # kid: "01"
-4: { # HPKE sender information
1: 0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
5: 0x0001, # kdf: HKDF-SHA256
2: 0x0001, # aead: AES-128-GCM
2: 0x0001, # kdf: HKDF-SHA256
3: 0x0001, # aead: AES-128-GCM
},
},
)
Expand Down Expand Up @@ -640,8 +640,8 @@ r = Recipient.new(
4: b"01", # kid: "01"
-4: { # HPKE sender information
1: 0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
5: 0x0001, # kdf: HKDF-SHA256
2: 0x0001, # aead: AES-128-GCM
2: 0x0001, # kdf: HKDF-SHA256
3: 0x0001, # aead: AES-128-GCM
},
},
)
Expand Down
12 changes: 6 additions & 6 deletions cwt/recipient_algs/hpke.py
View file
Open in desktop
Expand Up @@ -21,11 +21,11 @@ def __init__(
raise ValueError("HPKE sender information(-4) not found.")
if 1 not in unprotected[-4]:
raise ValueError("kem id(1) not found in HPKE sender information(-4).")
if 5 not in unprotected[-4]:
raise ValueError("kdf id(5) not found in HPKE sender information(-4).")
if 2 not in unprotected[-4]:
raise ValueError("aead id(2) not found in HPKE sender information(-4).")
self._suite = HPKECipherSuite(unprotected[-4][1], unprotected[-4][5], unprotected[-4][2])
raise ValueError("kdf id(2) not found in HPKE sender information(-4).")
if 3 not in unprotected[-4]:
raise ValueError("aead id(3) not found in HPKE sender information(-4).")
self._suite = HPKECipherSuite(unprotected[-4][1], unprotected[-4][2], unprotected[-4][3])
return

def apply(
Expand All @@ -45,7 +45,7 @@ def to_list(self, payload: bytes = b"", external_aad: bytes = b"", aad_context:
enc_structure = [aad_context, self._dumps(self._protected), external_aad]
aad = self._dumps(enc_structure)
enc, self._ciphertext = self._recipient_key.seal(self._suite, payload, aad)
self._unprotected[-4][3] = enc
self._unprotected[-4][4] = enc
return super().to_list(payload, external_aad, aad_context)

def decrypt(
Expand All @@ -61,4 +61,4 @@ def decrypt(
) -> bytes:
enc_structure = [aad_context, self._dumps(self._protected), external_aad]
aad = self._dumps(enc_structure)
return key.open(self._suite, self._unprotected[-4][3], self._ciphertext, aad)
return key.open(self._suite, self._unprotected[-4][4], self._ciphertext, aad)
24 changes: 12 additions & 12 deletions tests/test_cose_sample.py
View file
Open in desktop
Expand Up @@ -354,8 +354,8 @@ def test_cose_usage_examples_cose_encrypt0_hpke(self):
4: b"01", # kid: "01"
-4: { # HPKE sender information
1: 0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
5: 0x0001, # kdf: HKDF-SHA256
2: 0x0001, # aead: AES-128-GCM
2: 0x0001, # kdf: HKDF-SHA256
3: 0x0001, # aead: AES-128-GCM
},
},
)
Expand Down Expand Up @@ -438,8 +438,8 @@ def test_cose_usage_examples_cose_encrypt_hpke(self):
4: b"01", # kid: "01"
-4: { # HPKE sender information
1: 0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
5: 0x0001, # kdf: HKDF-SHA256
2: 0x0001, # aead: AES-128-GCM
2: 0x0001, # kdf: HKDF-SHA256
3: 0x0001, # aead: AES-128-GCM
},
},
)
Expand Down Expand Up @@ -486,8 +486,8 @@ def test_cose_usage_examples_cose_encrypt_hpke_with_1st_layer_hpke(self):
4: b"01", # kid: "01"
-4: { # HPKE sender information
1: 0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
5: 0x0001, # kdf: HKDF-SHA256
2: 0x0001, # aead: AES-128-GCM
2: 0x0001, # kdf: HKDF-SHA256
3: 0x0001, # aead: AES-128-GCM
},
},
)
Expand All @@ -503,8 +503,8 @@ def test_cose_usage_examples_cose_encrypt_hpke_with_1st_layer_hpke(self):
4: b"xx", # kid: "xx"
-4: { # HPKE sender information
1: 0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
5: 0x0001, # kdf: HKDF-SHA256
2: 0x0001, # aead: AES-128-GCM
2: 0x0001, # kdf: HKDF-SHA256
3: 0x0001, # aead: AES-128-GCM
},
},
recipients=[r],
Expand Down Expand Up @@ -532,8 +532,8 @@ def test_cose_usage_examples_cose_encrypt_hpke_with_nonce(self):
4: b"01", # kid: "01"
-4: { # HPKE sender information
1: 0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
5: 0x0001, # kdf: HKDF-SHA256
2: 0x0001, # aead: AES-128-GCM
2: 0x0001, # kdf: HKDF-SHA256
3: 0x0001, # aead: AES-128-GCM
},
},
)
Expand All @@ -549,8 +549,8 @@ def test_cose_usage_examples_cose_encrypt_hpke_with_nonce(self):
4: b"xx", # kid: "xx"
-4: { # HPKE sender information
1: 0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
5: 0x0001, # kdf: HKDF-SHA256
2: 0x0001, # aead: AES-128-GCM
2: 0x0001, # kdf: HKDF-SHA256
3: 0x0001, # aead: AES-128-GCM
},
},
recipients=[r],
Expand Down
12 changes: 6 additions & 6 deletions tests/test_recipient.py
View file
Open in desktop
Expand Up @@ -634,7 +634,7 @@ def test_recipients_from_list_with_invalid_args(self, invalid, msg):
assert msg in str(err.value)

def test_recipients_open_without_key(self):
r = RecipientInterface(protected={1: -1}, unprotected={4: b"01", -4: {1: 0x0010, 5: 0x0001, 2: 0x0001}})
r = RecipientInterface(protected={1: -1}, unprotected={4: b"01", -4: {1: 0x0010, 2: 0x0001, 3: 0x0001}})
rs = Recipients([r])
with pytest.raises(ValueError) as err:
rs.decrypt([])
Expand All @@ -649,7 +649,7 @@ def test_recipients_open_with_empty_recipients(self, rsk1):
assert "No recipients." in str(err.value)

def test_recipients_open_with_rpk_without_kid(self, rsk1, rsk2):
r = Recipient.new(protected={1: -1}, unprotected={-4: {1: 0x0010, 5: 0x0001, 2: 0x0001}})
r = Recipient.new(protected={1: -1}, unprotected={-4: {1: 0x0010, 2: 0x0001, 3: 0x0001}})
rpk = COSEKey.from_jwk(
{
"kty": "EC",
Expand All @@ -672,7 +672,7 @@ def test_recipients_open_with_rpk_without_kid(self, rsk1, rsk2):
assert b"This is the content." == recipient.decode(encoded, [rsk1, rsk2])

def test_recipients_open_with_verify_kid_and_rpk_without_kid(self, rsk1, rsk2):
r = Recipient.new(protected={1: -1}, unprotected={-4: {1: 0x0010, 5: 0x0001, 2: 0x0001}})
r = Recipient.new(protected={1: -1}, unprotected={-4: {1: 0x0010, 2: 0x0001, 3: 0x0001}})
rpk = COSEKey.from_jwk(
{
"kty": "EC",
Expand All @@ -698,7 +698,7 @@ def test_recipients_open_with_verify_kid_and_rpk_without_kid(self, rsk1, rsk2):
assert "kid should be specified in recipient." in str(err.value)

def test_recipients_open_failed_with_rpk_without_kid(self, rsk1):
r = Recipient.new(protected={1: -1}, unprotected={-4: {1: 0x0010, 5: 0x0001, 2: 0x0001}})
r = Recipient.new(protected={1: -1}, unprotected={-4: {1: 0x0010, 2: 0x0001, 3: 0x0001}})
rpk = COSEKey.from_jwk(
{
"kty": "EC",
Expand All @@ -724,7 +724,7 @@ def test_recipients_open_failed_with_rpk_without_kid(self, rsk1):
assert "Failed to decrypt." in str(err.value)

def test_recipients_open_with_multiple_rsks(self, rpk2, rsk1, rsk2):
r = Recipient.new(protected={1: -1}, unprotected={4: b"02", -4: {1: 0x0010, 5: 0x0001, 2: 0x0001}})
r = Recipient.new(protected={1: -1}, unprotected={4: b"02", -4: {1: 0x0010, 2: 0x0001, 3: 0x0001}})
r.apply(recipient_key=rpk2)
sender = COSE.new()
encoded = sender.encode_and_encrypt(
Expand All @@ -738,7 +738,7 @@ def test_recipients_open_with_multiple_rsks(self, rpk2, rsk1, rsk2):
assert b"This is the content." == recipient.decode(encoded, [rsk1, rsk2])

def test_recipients_open_with_invalid_rsk(self, rpk1):
r = Recipient.new(protected={1: -1}, unprotected={4: b"02", -4: {1: 0x0010, 5: 0x0001, 2: 0x0001}})
r = Recipient.new(protected={1: -1}, unprotected={4: b"02", -4: {1: 0x0010, 2: 0x0001, 3: 0x0001}})
r.apply(recipient_key=rpk1)
sender = COSE.new()
encoded = sender.encode_and_encrypt(
Expand Down
22 changes: 11 additions & 11 deletions tests/test_recipient_algs_hpke.py
View file
Open in desktop
Expand Up @@ -13,20 +13,20 @@ class TestHPKE:
"""

def test_recipient_algs_hpke(self):
ctx = HPKE({1: -1}, {-4: {1: 0x0010, 5: 0x0001, 2: 0x0001}})
ctx = HPKE({1: -1}, {-4: {1: 0x0010, 2: 0x0001, 3: 0x0001}})
assert isinstance(ctx, HPKE)
assert ctx.alg == -1

def test_recipient_algs_hpke_apply_without_recipient_key(self):
ctx = HPKE({1: -1}, {-4: {1: 0x0010, 5: 0x0001, 2: 0x0001}})
ctx = HPKE({1: -1}, {-4: {1: 0x0010, 2: 0x0001, 3: 0x0001}})
with pytest.raises(ValueError) as err:
ctx.apply()
pytest.fail("apply should fail.")
assert "recipient_key should be set." in str(err.value)

def test_recipient_algs_hpke_without_alg(self):
with pytest.raises(ValueError) as err:
HPKE({1: 1}, {-4: {1: 0x0010, 5: 0x0001, 2: 0x0001}})
HPKE({1: 1}, {-4: {1: 0x0010, 2: 0x0001, 3: 0x0001}})
pytest.fail("HPKE should fail.")
assert "alg should be HPKE(-1)." in str(err.value)

Expand All @@ -38,27 +38,27 @@ def test_recipient_algs_hpke_without_alg(self):
"HPKE sender information(-4) not found.",
),
(
{-4: {5: 0x0001, 2: 0x0001}},
{-4: {2: 0x0001, 3: 0x0001}},
"kem id(1) not found in HPKE sender information(-4).",
),
(
{-4: {1: 0x0010, 2: 0x0001}},
"kdf id(5) not found in HPKE sender information(-4).",
{-4: {1: 0x0010, 3: 0x0001}},
"kdf id(2) not found in HPKE sender information(-4).",
),
(
{-4: {1: 0x0010, 5: 0x0001}},
"aead id(2) not found in HPKE sender information(-4).",
{-4: {1: 0x0010, 2: 0x0001}},
"aead id(3) not found in HPKE sender information(-4).",
),
(
{-4: {1: 0xFFFF, 5: 0x0001, 2: 0x0001}},
{-4: {1: 0xFFFF, 2: 0x0001, 3: 0x0001}},
"Unsupported or unknown KEM id: 65535.",
),
(
{-4: {1: 0x0010, 5: 0xFFFF, 2: 0x0001}},
{-4: {1: 0x0010, 2: 0xFFFF, 3: 0x0001}},
"Unsupported or unknown KDF id: 65535.",
),
(
{-4: {1: 0x0010, 5: 0x0001, 2: 0xFFFF}},
{-4: {1: 0x0010, 2: 0x0001, 3: 0xFFFF}},
"Unsupported or unknown AEAD id: 65535.",
),
],
Expand Down