Add enum COSEKeyOps.

Author: dajiaji

cwt/__init__.py

@@ -12,7 +12,14 @@
     set_private_claim_names,
 )
 from .encrypted_cose_key import EncryptedCOSEKey
-from .enums import COSEAlgs, COSEHeaders, COSEKeyParams, COSETypes, CWTClaims
+from .enums import (
+    COSEAlgs,
+    COSEHeaders,
+    COSEKeyOps,
+    COSEKeyParams,
+    COSETypes,
+    CWTClaims,
+)
 from .exceptions import CWTError, DecodeError, EncodeError, VerifyError
 from .helpers.hcert import load_pem_hcert_dsc
 from .recipient import Recipient
@@ -38,6 +45,7 @@
     "COSE",
     "COSEAlgs",
     "COSEHeaders",
+    "COSEKeyOps",
     "COSEKeyParams",
     "COSETypes",
     "COSEKey",

cwt/enums.py

@@ -137,3 +137,16 @@ class CWTClaims(enum.IntEnum):
     LOCATION = 17
     EAT_PROFILE = 18
     SUBMODS = 20
+
+
+class COSEKeyOps(enum.IntEnum):
+    SIGN = 1
+    VERIFY = 2
+    ENCRYPT = 3
+    DECRYPT = 4
+    WRAP_KEY = 5
+    UNWRAP_KEY = 6
+    DERIVE_KEY = 7
+    DERIVE_BITS = 8
+    MAC_CREATE = 9
+    MAC_VERIFY = 10

tests/test_algs_okp.py

@@ -7,7 +7,7 @@
 
 from cwt.algs.okp import OKPKey
 from cwt.cose_key import COSEKey
-from cwt.enums import COSEKeyParams
+from cwt.enums import COSEKeyOps, COSEKeyParams
 from cwt.exceptions import VerifyError
 
 from .utils import key_path
@@ -440,7 +440,10 @@ def test_okp_key_derive_bytes_with_raw_context(self):
                     COSEKeyParams.CRV: 6,
                     COSEKeyParams.X: b"\x18Es\xe0\x9a\x83\xfd\x0e\xe9K\xa8n\xf39i\x17\xfe\n2+|\xd1q\xcc\x87\xd2\xe9\xa9\xe8 \x9b\xd9",
                     COSEKeyParams.D: b"B\xc6u\xd0|-\x07\xe7)\x8d\x1c\x13\x14\xa2\x8dFC1\xdf3sQ\x049|\x14\xc1\xed\x01\xe5\xdb\xa9",
-                    COSEKeyParams.KEY_OPS: [7, 8],
+                    COSEKeyParams.KEY_OPS: [
+                        COSEKeyOps.DERIVE_KEY,
+                        COSEKeyOps.DERIVE_BITS,
+                    ],
                 },
                 "Invalid key_ops for signing key.",
             ),
@@ -451,7 +454,12 @@ def test_okp_key_derive_bytes_with_raw_context(self):
                     COSEKeyParams.CRV: 6,
                     COSEKeyParams.X: b"\x18Es\xe0\x9a\x83\xfd\x0e\xe9K\xa8n\xf39i\x17\xfe\n2+|\xd1q\xcc\x87\xd2\xe9\xa9\xe8 \x9b\xd9",
                     COSEKeyParams.D: b"B\xc6u\xd0|-\x07\xe7)\x8d\x1c\x13\x14\xa2\x8dFC1\xdf3sQ\x049|\x14\xc1\xed\x01\xe5\xdb\xa9",
-                    COSEKeyParams.KEY_OPS: [1, 2, 7, 8],
+                    COSEKeyParams.KEY_OPS: [
+                        COSEKeyOps.SIGN,
+                        COSEKeyOps.VERIFY,
+                        COSEKeyOps.DERIVE_KEY,
+                        COSEKeyOps.DERIVE_BITS,
+                    ],
                 },
                 "Signing key should not be used for key derivation.",
             ),
@@ -462,7 +470,10 @@ def test_okp_key_derive_bytes_with_raw_context(self):
                     COSEKeyParams.CRV: 6,
                     COSEKeyParams.X: b"\x18Es\xe0\x9a\x83\xfd\x0e\xe9K\xa8n\xf39i\x17\xfe\n2+|\xd1q\xcc\x87\xd2\xe9\xa9\xe8 \x9b\xd9",
                     # COSEKeyParams.D: b"B\xc6u\xd0|-\x07\xe7)\x8d\x1c\x13\x14\xa2\x8dFC1\xdf3sQ\x049|\x14\xc1\xed\x01\xe5\xdb\xa9",
-                    COSEKeyParams.KEY_OPS: [1, 2],
+                    COSEKeyParams.KEY_OPS: [
+                        COSEKeyOps.SIGN,
+                        COSEKeyOps.VERIFY,
+                    ],
                 },
                 "Invalid key_ops for public key.",
             ),
@@ -473,7 +484,10 @@ def test_okp_key_derive_bytes_with_raw_context(self):
                     COSEKeyParams.CRV: 6,
                     COSEKeyParams.X: b"\x18Es\xe0\x9a\x83\xfd\x0e\xe9K\xa8n\xf39i\x17\xfe\n2+|\xd1q\xcc\x87\xd2\xe9\xa9\xe8 \x9b\xd9",
                     COSEKeyParams.D: b"B\xc6u\xd0|-\x07\xe7)\x8d\x1c\x13\x14\xa2\x8dFC1\xdf3sQ\x049|\x14\xc1\xed\x01\xe5\xdb\xa9",
-                    COSEKeyParams.KEY_OPS: [1, 2],
+                    COSEKeyParams.KEY_OPS: [
+                        COSEKeyOps.SIGN,
+                        COSEKeyOps.VERIFY,
+                    ],
                 },
                 "Invalid key_ops for key derivation.",
             ),
@@ -484,7 +498,10 @@ def test_okp_key_derive_bytes_with_raw_context(self):
                     COSEKeyParams.CRV: 6,
                     COSEKeyParams.X: b"\x18Es\xe0\x9a\x83\xfd\x0e\xe9K\xa8n\xf39i\x17\xfe\n2+|\xd1q\xcc\x87\xd2\xe9\xa9\xe8 \x9b\xd9",
                     COSEKeyParams.D: b"B\xc6u\xd0|-\x07\xe7)\x8d\x1c\x13\x14\xa2\x8dFC1\xdf3sQ\x049|\x14\xc1\xed\x01\xe5\xdb\xa9",
-                    COSEKeyParams.KEY_OPS: [1, 2],
+                    COSEKeyParams.KEY_OPS: [
+                        COSEKeyOps.SIGN,
+                        COSEKeyOps.VERIFY,
+                    ],
                 },
                 "Invalid key_ops for key derivation.",
             ),
@@ -495,7 +512,12 @@ def test_okp_key_derive_bytes_with_raw_context(self):
                     COSEKeyParams.CRV: 6,
                     COSEKeyParams.X: b"\x18Es\xe0\x9a\x83\xfd\x0e\xe9K\xa8n\xf39i\x17\xfe\n2+|\xd1q\xcc\x87\xd2\xe9\xa9\xe8 \x9b\xd9",
                     COSEKeyParams.D: b"B\xc6u\xd0|-\x07\xe7)\x8d\x1c\x13\x14\xa2\x8dFC1\xdf3sQ\x049|\x14\xc1\xed\x01\xe5\xdb\xa9",
-                    COSEKeyParams.KEY_OPS: [1, 2, 7, 8],
+                    COSEKeyParams.KEY_OPS: [
+                        COSEKeyOps.SIGN,
+                        COSEKeyOps.VERIFY,
+                        COSEKeyOps.DERIVE_KEY,
+                        COSEKeyOps.DERIVE_BITS,
+                    ],
                 },
                 "Private key for ECDHE should not be used for signing.",
             ),
@@ -505,8 +527,10 @@ def test_okp_key_derive_bytes_with_raw_context(self):
                     COSEKeyParams.ALG: -25,
                     COSEKeyParams.CRV: 4,
                     COSEKeyParams.X: b"\x18Es\xe0\x9a\x83\xfd\x0e\xe9K\xa8n\xf39i\x17\xfe\n2+|\xd1q\xcc\x87\xd2\xe9\xa9\xe8 \x9b\xd9",
-                    # COSEKeyParams.D: b"B\xc6u\xd0|-\x07\xe7)\x8d\x1c\x13\x14\xa2\x8dFC1\xdf3sQ\x049|\x14\xc1\xed\x01\xe5\xdb\xa9",
-                    COSEKeyParams.KEY_OPS: [7, 8],
+                    COSEKeyParams.KEY_OPS: [
+                        COSEKeyOps.DERIVE_KEY,
+                        COSEKeyOps.DERIVE_BITS,
+                    ],
                 },
                 "Public key for ECDHE should not have key_ops.",
             ),
@@ -528,7 +552,12 @@ def test_okp_key_derive_bytes_with_raw_context(self):
                     COSEKeyParams.CRV: 6,
                     COSEKeyParams.X: b"\x18Es\xe0\x9a\x83\xfd\x0e\xe9K\xa8n\xf39i\x17\xfe\n2+|\xd1q\xcc\x87\xd2\xe9\xa9\xe8 \x9b\xd9",
                     COSEKeyParams.D: b"B\xc6u\xd0|-\x07\xe7)\x8d\x1c\x13\x14\xa2\x8dFC1\xdf3sQ\x049|\x14\xc1\xed\x01\xe5\xdb\xa9",
-                    COSEKeyParams.KEY_OPS: [1, 2, 7, 8],
+                    COSEKeyParams.KEY_OPS: [
+                        COSEKeyOps.SIGN,
+                        COSEKeyOps.VERIFY,
+                        COSEKeyOps.DERIVE_KEY,
+                        COSEKeyOps.DERIVE_BITS,
+                    ],
                 },
                 "OKP private key should not be used for both signing and key derivation.",
             ),
@@ -539,7 +568,12 @@ def test_okp_key_derive_bytes_with_raw_context(self):
                     COSEKeyParams.CRV: 6,
                     COSEKeyParams.X: b"\x18Es\xe0\x9a\x83\xfd\x0e\xe9K\xa8n\xf39i\x17\xfe\n2+|\xd1q\xcc\x87\xd2\xe9\xa9\xe8 \x9b\xd9",
                     # COSEKeyParams.D: b"B\xc6u\xd0|-\x07\xe7)\x8d\x1c\x13\x14\xa2\x8dFC1\xdf3sQ\x049|\x14\xc1\xed\x01\xe5\xdb\xa9",
-                    COSEKeyParams.KEY_OPS: [1, 2, 7, 8],
+                    COSEKeyParams.KEY_OPS: [
+                        COSEKeyOps.SIGN,
+                        COSEKeyOps.VERIFY,
+                        COSEKeyOps.DERIVE_KEY,
+                        COSEKeyOps.DERIVE_BITS,
+                    ],
                 },
                 "Invalid key_ops for public key.",
             ),
@@ -550,7 +584,10 @@ def test_okp_key_derive_bytes_with_raw_context(self):
                     COSEKeyParams.CRV: 6,
                     COSEKeyParams.X: b"\x18Es\xe0\x9a\x83\xfd\x0e\xe9K\xa8n\xf39i\x17\xfe\n2+|\xd1q\xcc\x87\xd2\xe9\xa9\xe8 \x9b\xd9",
                     # COSEKeyParams.D: b"B\xc6u\xd0|-\x07\xe7)\x8d\x1c\x13\x14\xa2\x8dFC1\xdf3sQ\x049|\x14\xc1\xed\x01\xe5\xdb\xa9",
-                    COSEKeyParams.KEY_OPS: [7, 8],
+                    COSEKeyParams.KEY_OPS: [
+                        COSEKeyOps.DERIVE_KEY,
+                        COSEKeyOps.DERIVE_BITS,
+                    ],
                 },
                 "Invalid key_ops for public key.",
             ),
@@ -562,7 +599,10 @@ def test_okp_key_derive_bytes_with_raw_context(self):
                     COSEKeyParams.X: b"\x18Es\xe0\x9a\x83\xfd\x0e\xe9K\xa8n\xf39i\x17\xfe\n2+|\xd1q\xcc\x87\xd2\xe9\xa9\xe8 \x9b\xd9",
                     COSEKeyParams.D: b"B\xc6u\xd0|-\x07\xe7)\x8d\x1c\x13\x14\xa2\x8dFC1\xdf3sQ\x049|\x14\xc1\xed\x01\xe5\xdb\xa9",
                     33: 123,
-                    COSEKeyParams.KEY_OPS: [7, 8],
+                    COSEKeyParams.KEY_OPS: [
+                        COSEKeyOps.DERIVE_KEY,
+                        COSEKeyOps.DERIVE_BITS,
+                    ],
                 },
                 "x5c(33) should be bytes(bstr) or list.",
             ),
@@ -571,7 +611,10 @@ def test_okp_key_derive_bytes_with_raw_context(self):
             #         COSEKeyParams.KTY: 1,
             #         COSEKeyParams.CRV: 4,
             #         COSEKeyParams.X: b"\x18Es\xe0\x9a\x83\xfd\x0e\xe9K\xa8n\xf39i\x17\xfe\n2+|\xd1q\xcc\x87\xd2\xe9\xa9\xe8 \x9b\xd9",
-            #         COSEKeyParams.KEY_OPS: [7, 8],
+            #         COSEKeyParams.KEY_OPS: [
+            #             COSEKeyOps.DERIVE_KEY,
+            #             COSEKeyOps.DERIVE_BITS,
+            #         ],
             #     },
             #     "X25519/X448 needs alg explicitly.",
             # ),
@@ -582,7 +625,9 @@ def test_okp_key_derive_bytes_with_raw_context(self):
                     COSEKeyParams.CRV: 6,
                     # COSEKeyParams.X: b"\x18Es\xe0\x9a\x83\xfd\x0e\xe9K\xa8n\xf39i\x17\xfe\n2+|\xd1q\xcc\x87\xd2\xe9\xa9\xe8 \x9b\xd9",
                     COSEKeyParams.D: b"B\xc6u\xd0|-\x07\xe7)\x8d\x1c\x13\x14\xa2\x8dFC1\xdf3sQ\x049|\x14\xc1\xed\x01\xe5\xdb\xa9",
-                    COSEKeyParams.KEY_OPS: [2],
+                    COSEKeyParams.KEY_OPS: [
+                        COSEKeyOps.VERIFY,
+                    ],
                 },
                 "x(-2) not found.",
             ),
@@ -593,15 +638,20 @@ def test_okp_key_derive_bytes_with_raw_context(self):
                     COSEKeyParams.CRV: 4,
                     COSEKeyParams.X: b"\x18Es\xe0\x9a\x83\xfd\x0e\xe9K\xa8n\xf39i\x17\xfe\n2+|\xd1q\xcc\x87\xd2\xe9\xa9\xe8 \x9b\xd9",
                     # COSEKeyParams.D: b"B\xc6u\xd0|-\x07\xe7)\x8d\x1c\x13\x14\xa2\x8dFC1\xdf3sQ\x049|\x14\xc1\xed\x01\xe5\xdb\xa9",
-                    COSEKeyParams.KEY_OPS: [2],
+                    COSEKeyParams.KEY_OPS: [
+                        COSEKeyOps.VERIFY,
+                    ],
                 },
                 "Unsupported or unknown alg used with X25519/X448: -8.",
             ),
             (
                 {
                     COSEKeyParams.KTY: 1,
                     COSEKeyParams.CRV: 6,
-                    COSEKeyParams.KEY_OPS: [7, 8],
+                    COSEKeyParams.KEY_OPS: [
+                        COSEKeyOps.DERIVE_KEY,
+                        COSEKeyOps.DERIVE_BITS,
+                    ],
                 },
                 "The body of the key not found.",
             ),
@@ -611,7 +661,10 @@ def test_okp_key_derive_bytes_with_raw_context(self):
                     # COSEKeyParams.ALG: -8,
                     COSEKeyParams.CRV: 6,
                     COSEKeyParams.D: b"B\xc6u\xd0|-\x07\xe7)\x8d\x1c\x13\x14\xa2\x8dFC1\xdf3sQ\x049|\x14\xc1\xed\x01\xe5\xdb\xa9",
-                    COSEKeyParams.KEY_OPS: [7, 8],
+                    COSEKeyParams.KEY_OPS: [
+                        COSEKeyOps.DERIVE_KEY,
+                        COSEKeyOps.DERIVE_BITS,
+                    ],
                 },
                 "x(-2) not found.",
             ),