Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate zero-length protected header for non AEAD #463

Merged
merged 8 commits into from Nov 8, 2023
Merged

Generate zero-length protected header for non AEAD #463

merged 8 commits into from Nov 8, 2023

Conversation

kentakayama
Copy link
Collaborator

@kentakayama kentakayama commented Nov 7, 2023
edited

Resolves #462 by

  • prohibiting non zero-length protected header for non-AEAD while encoding
  • getting algorithm id also from unprotected header while decoding

After this PR is merged

from cwt import COSE, COSEKey, Recipient

plaintext = b"This is the content."
cek = COSEKey.from_symmetric_key(alg="A128CBC")
kek = COSEKey.from_symmetric_key(alg="A128KW")
r = Recipient.new(unprotected={"alg": "A128KW"}, sender_key=kek)
sender = COSE.new()
encoded = sender.encode_and_encrypt(
    plaintext,
    cek,
    protected={
        "alg": "A128CBC",
    },
    unprotected={
        "iv": cek.generate_nonce(),
    },
    recipients=[r],
)

cause an ValueError, and it should be

from cwt import COSE, COSEKey, Recipient

plaintext = b"This is the content."
cek = COSEKey.from_symmetric_key(alg="A128CBC")
kek = COSEKey.from_symmetric_key(alg="A128KW")
r = Recipient.new(unprotected={"alg": "A128KW"}, sender_key=kek)
sender = COSE.new()
encoded = sender.encode_and_encrypt(
    plaintext,
    cek,
    protected={},
    unprotected={
        "alg": "A128CBC",
        "iv": cek.generate_nonce(),
    },
    recipients=[r],
)

@kentakayama kentakayama marked this pull request as draft November 7, 2023 19:04
@kentakayama
Copy link
Collaborator Author

@dajiaji
This change has an issue with non AEAD + HPKE.
Can you guess why?

@dajiaji
Copy link
Owner

dajiaji commented Nov 8, 2023
edited

This change has an issue with non AEAD + HPKE. Can you guess why?

I'll check. Wait for a moment.

@dajiaji dajiaji mentioned this pull request Nov 8, 2023
Merged
@dajiaji
Copy link
Owner

dajiaji commented Nov 8, 2023

This change has an issue with non AEAD + HPKE.

Resolved by #467

@kentakayama
Copy link
Collaborator Author

kentakayama commented Nov 8, 2023
edited

@dajiaji
After patching #467 locally, the test ended with success!
Thanks for your quick resolution.
After #467 merged into main, I'll merge it into this branch and set this PR Ready for review .

$ python3 -m tox 
check: commands[0]> poetry install --no-root
Installing dependencies from lock file

No dependencies to install or update
check: commands[1]> poetry run pre-commit run --all-files
black....................................................................Passed
blacken-docs.............................................................Passed
flake8...................................................................Passed
isort....................................................................Passed
mypy.....................................................................Passed
check json...............................................................Passed
check toml...............................................................Passed
check yaml...............................................................Passed
debug statements (python)................................................Passed
fix end of files.........................................................Passed
fix utf-8 byte order marker..............................................Passed
trim trailing whitespace.................................................Passed
check: OK ✔ in 3.35 seconds
build: commands[0]> poetry build
Building cwt (2.7.0)
  - Building sdist
  - Built cwt-2.7.0.tar.gz
  - Building wheel
  - Built cwt-2.7.0-py3-none-any.whl
build: OK ✔ in 0.57 seconds
build_docs: commands[0]> poetry install -E docs
Installing dependencies from lock file

No dependencies to install or update

Installing the current project: cwt (2.7.0)
build_docs: commands[1]> sphinx-build -n -T -W -b html -d /home/ken/github.com/kentakayama/python-cwt/.tox/build_docs/tmp/doctrees docs docs/_build/html
Running Sphinx v7.1.2
building [mo]: targets for 0 po files that are out of date
writing output... 
building [html]: targets for 6 source files that are out of date
updating environment: [new config] 6 added, 0 changed, 0 removed
reading sources... [100%] installation
looking for now-outdated files... none found
pickling environment... done
checking consistency... done
preparing documents... done
copying assets... copying static files... done
copying extra files... done
done
writing output... [100%] installation
generating indices... genindex py-modindex done
highlighting module code... [100%] cwt.signer
writing additional pages... search done
dumping search index in English (code: en)... done
dumping object inventory... done
build succeeded.

The HTML pages are in docs/_build/html.
build_docs: OK ✔ in 3.3 seconds
py38: commands[0]> poetry install
Installing dependencies from lock file

No dependencies to install or update

Installing the current project: cwt (2.7.0)
py38: commands[1]> poetry run pytest -ra --cov=cwt --cov-report=term --cov-report=xml tests
=========================================================================== test session starts ============================================================================
platform linux -- Python 3.8.10, pytest-7.4.3, pluggy-1.3.0
cachedir: .tox/py38/.pytest_cache
rootdir: /home/ken/github.com/kentakayama/python-cwt
plugins: cov-4.1.0
collected 1073 items                                                                                                                                                       

tests/test_algs_aes_key_wrap.py ......                                                                                                                               [  0%]
tests/test_algs_ec2.py .............................................................                                                                                 [  6%]
tests/test_algs_okp.py ........................................................                                                                                      [ 11%]
tests/test_algs_raw.py .....                                                                                                                                         [ 11%]
tests/test_algs_rsa.py .....................                                                                                                                         [ 13%]
tests/test_algs_symmetric.py ................................................................................................................                        [ 24%]
tests/test_claims.py .......................                                                                                                                         [ 26%]
tests/test_cose.py ..................................................................................................................                                [ 37%]
tests/test_cose_hpke.py ..........                                                                                                                                   [ 38%]
tests/test_cose_key.py ............................................................................................................................................. [ 51%]
.................                                                                                                                                                    [ 52%]
tests/test_cose_message.py ........................................                                                                                                  [ 56%]
tests/test_cose_sample.py ....................                                                                                                                       [ 58%]
tests/test_cose_sample_with_encode.py ............................                                                                                                   [ 60%]
tests/test_cose_wg_examples.py ....................                                                                                                                  [ 62%]
tests/test_cwt.py ............................................................................................................                                       [ 72%]
tests/test_cwt_sample.py ...................................................                                                                                         [ 77%]
tests/test_encrypted_cose_key.py ..                                                                                                                                  [ 77%]
tests/test_helpers_hcert.py ......                                                                                                                                   [ 78%]
tests/test_key.py ...................                                                                                                                                [ 80%]
tests/test_recipient.py ......................................................................................                                                       [ 88%]
tests/test_recipient_algs_aes_key_wrap.py ...............                                                                                                            [ 89%]
tests/test_recipient_algs_direct.py ..................................                                                                                               [ 92%]
tests/test_recipient_algs_ecdh_aes_key_wrap.py .............                                                                                                         [ 93%]
tests/test_recipient_algs_ecdh_direct_hkdf.py .......................                                                                                                [ 96%]
tests/test_recipient_algs_hpke.py ...........                                                                                                                        [ 97%]
tests/test_signer.py ...........                                                                                                                                     [ 98%]
tests/test_utils.py ....................                                                                                                                             [100%]

---------- coverage: platform linux, python 3.8.10-final-0 -----------
Name                                      Stmts   Miss  Cover
-------------------------------------------------------------
cwt/__init__.py                              22      0   100%
cwt/algs/__init__.py                          0      0   100%
cwt/algs/asymmetric.py                       30      0   100%
cwt/algs/ec2.py                             217      5    98%
cwt/algs/non_aead.py                         40      6    85%
cwt/algs/okp.py                             190      8    96%
cwt/algs/raw.py                              23      0   100%
cwt/algs/rsa.py                              89      0   100%
cwt/algs/symmetric.py                       334      4    99%
cwt/cbor_processor.py                        14      0   100%
cwt/claims.py                               137      0   100%
cwt/const.py                                 42      0   100%
cwt/cose.py                                 457     30    93%
cwt/cose_key.py                             156      1    99%
cwt/cose_key_interface.py                    86      0   100%
cwt/cose_message.py                         219      6    97%
cwt/cwt.py                                  188      0   100%
cwt/encrypted_cose_key.py                    25      0   100%
cwt/enums.py                                160      0   100%
cwt/exceptions.py                             8      0   100%
cwt/helpers/__init__.py                       0      0   100%
cwt/helpers/hcert.py                         36      0   100%
cwt/recipient.py                             71      0   100%
cwt/recipient_algs/__init__.py                0      0   100%
cwt/recipient_algs/aes_key_wrap.py           32      2    94%
cwt/recipient_algs/direct.py                  8      0   100%
cwt/recipient_algs/direct_hkdf.py            53      3    94%
cwt/recipient_algs/direct_key.py             15      1    93%
cwt/recipient_algs/ecdh_aes_key_wrap.py      60      7    88%
cwt/recipient_algs/ecdh_direct_hkdf.py       62      7    89%
cwt/recipient_algs/hpke.py                   58      3    95%
cwt/recipient_interface.py                  102      2    98%
cwt/recipients.py                            50      5    90%
cwt/signer.py                                58      0   100%
cwt/utils.py                                245      0   100%
-------------------------------------------------------------
TOTAL                                      3287     90    97%
Coverage XML written to file coverage.xml


=========================================================================== 1073 passed in 3.15s ===========================================================================
py38: OK ✔ in 4.38 seconds
py39: skipped because could not find python interpreter with spec(s): py39
py39: SKIP ⚠ in 0.02 seconds
py310: skipped because could not find python interpreter with spec(s): py310
py310: SKIP ⚠ in 0 seconds
py311: skipped because could not find python interpreter with spec(s): py311
  check: OK (3.35=setup[0.04]+cmd[0.66,2.65] seconds)
  build: OK (0.57=setup[0.00]+cmd[0.57] seconds)
  build_docs: OK (3.30=setup[0.01]+cmd[0.72,2.58] seconds)
  py38: OK (4.38=setup[0.00]+cmd[0.67,3.71] seconds)
  py39: SKIP (0.02 seconds)
  py310: SKIP (0.00 seconds)
  py311: SKIP (0.00 seconds)
  congratulations :) (11.68 seconds)

@codecov Codecov
Copy link

codecov bot commented Nov 8, 2023
edited

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (10f7efc) 97.31% compared to head (3392e5e) 97.29%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #463      +/-   ##
==========================================
- Coverage   97.31%   97.29%   -0.03%     
==========================================
  Files          32       32              
  Lines        3280     3287       +7     
==========================================
+ Hits         3192     3198       +6     
- Misses         88       89       +1
Files Coverage Δ
cwt/const.py 100.00% <100.00%> (ø)
cwt/cose.py 93.65% <100.00%> (-0.16%) ⬇️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@kentakayama
Copy link
Collaborator Author

I'll quickly create a test code covering non-AEAD + len(protected) > 0.

@kentakayama kentakayama marked this pull request as ready for review November 8, 2023 13:30
@dajiaji dajiaji merged commit 281c742 into dajiaji:main Nov 8, 2023
15 of 16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dajiaji dajiaji Awaiting requested review from dajiaji

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Non zero-length protected header for non AEAD
2 participants
@kentakayama @dajiaji