Skip to content

Commit 76f2e71

Browse files
dajiajidajiaji
authored
Merge pull request #354 from dajiaji/follow-hpke-cose-draft-03
Change HPKE sender information from dict to list.
2 parents 94dc0a0 + e020c49 commit 76f2e71

6 files changed

Lines changed: 113 additions & 109 deletions

File tree

cwt/recipient_algs/hpke.py

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -24,13 +24,10 @@ def __init__(
2424
raise ValueError("alg should be HPKE(-1).")
2525
if -4 not in unprotected:
2626
raise ValueError("HPKE sender information(-4) not found.")
27-
if 1 not in unprotected[-4]:
28-
raise ValueError("kem id(1) not found in HPKE sender information(-4).")
29-
if 2 not in unprotected[-4]:
30-
raise ValueError("kdf id(2) not found in HPKE sender information(-4).")
31-
if 3 not in unprotected[-4]:
32-
raise ValueError("aead id(3) not found in HPKE sender information(-4).")
33-
self._suite = CipherSuite.new(KEMId(unprotected[-4][1]), KDFId(unprotected[-4][2]), AEADId(unprotected[-4][3]))
27+
if not isinstance(unprotected[-4], list) or len(unprotected[-4]) not in [3, 4]:
28+
print(len(unprotected[-4]))
29+
raise ValueError("HPKE sender information(-4) should be a list of length 3 or 4.")
30+
self._suite = CipherSuite.new(KEMId(unprotected[-4][0]), KDFId(unprotected[-4][1]), AEADId(unprotected[-4][2]))
3431
return
3532

3633
def encode(self, plaintext: bytes = b"", aad: bytes = b"") -> Tuple[List[Any], Optional[COSEKeyInterface]]:
@@ -39,7 +36,10 @@ def encode(self, plaintext: bytes = b"", aad: bytes = b"") -> Tuple[List[Any], O
3936
self._kem_key = self._to_kem_key(self._recipient_key)
4037
try:
4138
enc, ctx = self._suite.create_sender_context(self._kem_key)
42-
self._unprotected[-4][4] = enc
39+
if len(self._unprotected[-4]) == 3:
40+
self._unprotected[-4].append(enc)
41+
else:
42+
self._unprotected[-4][3] = enc
4343
self._ciphertext = ctx.seal(plaintext, aad=aad)
4444
except Exception as err:
4545
raise EncodeError("Failed to seal.") from err
@@ -53,7 +53,7 @@ def decode(
5353
as_cose_key: bool = False,
5454
) -> Union[bytes, COSEKeyInterface]:
5555
try:
56-
ctx = self._suite.create_recipient_context(self._unprotected[-4][4], self._to_kem_key(key))
56+
ctx = self._suite.create_recipient_context(self._unprotected[-4][3], self._to_kem_key(key))
5757
raw = ctx.open(self._ciphertext, aad=aad)
5858
if not as_cose_key:
5959
return raw

tests/test_cose_hpke.py

Lines changed: 25 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -51,11 +51,11 @@ def test_cose_hpke_kem_0x0010(self, kdf, aead):
5151
},
5252
unprotected={
5353
4: b"01", # kid: "01"
54-
-4: { # HPKE sender information
55-
1: 0x0010,
56-
2: kdf,
57-
3: aead,
58-
},
54+
-4: [ # HPKE sender information
55+
0x0010,
56+
kdf,
57+
aead,
58+
],
5959
},
6060
)
6161

@@ -107,11 +107,11 @@ def test_cose_hpke_kem_0x0011(self, kdf, aead):
107107
},
108108
unprotected={
109109
4: b"01", # kid: "01"
110-
-4: { # HPKE sender information
111-
1: 0x0011,
112-
2: kdf,
113-
3: aead,
114-
},
110+
-4: [ # HPKE sender information
111+
0x0011,
112+
kdf,
113+
aead,
114+
],
115115
},
116116
)
117117

@@ -163,11 +163,11 @@ def test_cose_hpke_kem_0x0012(self, kdf, aead):
163163
},
164164
unprotected={
165165
4: b"01", # kid: "01"
166-
-4: { # HPKE sender information
167-
1: 0x0012,
168-
2: kdf,
169-
3: aead,
170-
},
166+
-4: [ # HPKE sender information
167+
0x0012,
168+
kdf,
169+
aead,
170+
],
171171
},
172172
)
173173

@@ -220,11 +220,11 @@ def test_cose_hpke_kem_0x0020(self, kdf, aead):
220220
},
221221
unprotected={
222222
4: b"01", # kid: "01"
223-
-4: { # HPKE sender information
224-
1: 0x0020,
225-
2: kdf,
226-
3: aead,
227-
},
223+
-4: [ # HPKE sender information
224+
0x0020,
225+
kdf,
226+
aead,
227+
],
228228
},
229229
)
230230

@@ -278,11 +278,11 @@ def test_cose_hpke_kem_0x0021(self, kdf, aead):
278278
},
279279
unprotected={
280280
4: b"01", # kid: "01"
281-
-4: { # HPKE sender information
282-
1: 0x0021,
283-
2: kdf,
284-
3: aead,
285-
},
281+
-4: [ # HPKE sender information
282+
0x0021,
283+
kdf,
284+
aead,
285+
],
286286
},
287287
)
288288

tests/test_cose_sample.py

Lines changed: 30 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -315,11 +315,11 @@ def test_cose_usage_examples_cose_encrypt0_hpke(self):
315315
},
316316
unprotected={
317317
4: b"01", # kid: "01"
318-
-4: { # HPKE sender information
319-
1: 0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
320-
2: 0x0001, # kdf: HKDF-SHA256
321-
3: 0x0001, # aead: AES-128-GCM
322-
},
318+
-4: [ # HPKE sender information
319+
0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
320+
0x0001, # kdf: HKDF-SHA256
321+
0x0001, # aead: AES-128-GCM
322+
],
323323
},
324324
)
325325

@@ -391,11 +391,11 @@ def test_cose_usage_examples_cose_encrypt_hpke(self):
391391
},
392392
unprotected={
393393
4: b"01", # kid: "01"
394-
-4: { # HPKE sender information
395-
1: 0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
396-
2: 0x0001, # kdf: HKDF-SHA256
397-
3: 0x0001, # aead: AES-128-GCM
398-
},
394+
-4: [ # HPKE sender information
395+
0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
396+
0x0001, # kdf: HKDF-SHA256
397+
0x0001, # aead: AES-128-GCM
398+
],
399399
},
400400
recipient_key=rpk,
401401
)
@@ -440,11 +440,11 @@ def test_cose_usage_examples_cose_encrypt_hpke_with_1st_layer_hpke(self):
440440
},
441441
unprotected={
442442
4: b"01", # kid: "01"
443-
-4: { # HPKE sender information
444-
1: 0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
445-
2: 0x0001, # kdf: HKDF-SHA256
446-
3: 0x0001, # aead: AES-128-GCM
447-
},
443+
-4: [ # HPKE sender information
444+
0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
445+
0x0001, # kdf: HKDF-SHA256
446+
0x0001, # aead: AES-128-GCM
447+
],
448448
},
449449
recipient_key=rpk,
450450
)
@@ -457,11 +457,11 @@ def test_cose_usage_examples_cose_encrypt_hpke_with_1st_layer_hpke(self):
457457
},
458458
unprotected={
459459
4: b"xx", # kid: "xx"
460-
-4: { # HPKE sender information
461-
1: 0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
462-
2: 0x0001, # kdf: HKDF-SHA256
463-
3: 0x0001, # aead: AES-128-GCM
464-
},
460+
-4: [ # HPKE sender information
461+
0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
462+
0x0001, # kdf: HKDF-SHA256
463+
0x0001, # aead: AES-128-GCM
464+
],
465465
},
466466
recipients=[r],
467467
)
@@ -486,11 +486,11 @@ def test_cose_usage_examples_cose_encrypt_hpke_with_nonce(self):
486486
},
487487
unprotected={
488488
4: b"01", # kid: "01"
489-
-4: { # HPKE sender information
490-
1: 0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
491-
2: 0x0001, # kdf: HKDF-SHA256
492-
3: 0x0001, # aead: AES-128-GCM
493-
},
489+
-4: [ # HPKE sender information
490+
0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
491+
0x0001, # kdf: HKDF-SHA256
492+
0x0001, # aead: AES-128-GCM
493+
],
494494
},
495495
recipient_key=rpk,
496496
)
@@ -503,11 +503,11 @@ def test_cose_usage_examples_cose_encrypt_hpke_with_nonce(self):
503503
},
504504
unprotected={
505505
4: b"xx", # kid: "xx"
506-
-4: { # HPKE sender information
507-
1: 0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
508-
2: 0x0001, # kdf: HKDF-SHA256
509-
3: 0x0001, # aead: AES-128-GCM
510-
},
506+
-4: [ # HPKE sender information
507+
0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
508+
0x0001, # kdf: HKDF-SHA256
509+
0x0001, # aead: AES-128-GCM
510+
],
511511
},
512512
recipients=[r],
513513
)

tests/test_cose_sample_with_encode.py

Lines changed: 30 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -342,11 +342,11 @@ def test_cose_usage_examples_cose_mac_hpke(self):
342342
},
343343
unprotected={
344344
4: b"01", # kid: "01"
345-
-4: { # HPKE sender information
346-
1: 0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
347-
2: 0x0001, # kdf: HKDF-SHA256
348-
3: 0x0001, # aead: AES-128-GCM
349-
},
345+
-4: [ # HPKE sender information
346+
0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
347+
0x0001, # kdf: HKDF-SHA256
348+
0x0001, # aead: AES-128-GCM
349+
],
350350
},
351351
recipient_key=rpk,
352352
)
@@ -469,11 +469,11 @@ def test_cose_usage_examples_cose_encrypt0_hpke(self):
469469
},
470470
unprotected={
471471
4: b"01", # kid: "01"
472-
-4: { # HPKE sender information
473-
1: 0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
474-
2: 0x0001, # kdf: HKDF-SHA256
475-
3: 0x0001, # aead: AES-128-GCM
476-
},
472+
-4: [ # HPKE sender information
473+
0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
474+
0x0001, # kdf: HKDF-SHA256
475+
0x0001, # aead: AES-128-GCM
476+
],
477477
},
478478
)
479479

@@ -595,11 +595,11 @@ def test_cose_usage_examples_cose_encrypt_hpke(self):
595595
},
596596
unprotected={
597597
4: b"01", # kid: "01"
598-
-4: { # HPKE sender information
599-
1: 0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
600-
2: 0x0001, # kdf: HKDF-SHA256
601-
3: 0x0001, # aead: AES-128-GCM
602-
},
598+
-4: [ # HPKE sender information
599+
0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
600+
0x0001, # kdf: HKDF-SHA256
601+
0x0001, # aead: AES-128-GCM
602+
],
603603
},
604604
recipient_key=rpk,
605605
)
@@ -647,11 +647,11 @@ def test_cose_usage_examples_cose_encrypt_hpke_with_1st_layer_hpke(self):
647647
},
648648
unprotected={
649649
4: b"01", # kid: "01"
650-
-4: { # HPKE sender information
651-
1: 0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
652-
2: 0x0001, # kdf: HKDF-SHA256
653-
3: 0x0001, # aead: AES-128-GCM
654-
},
650+
-4: [ # HPKE sender information
651+
0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
652+
0x0001, # kdf: HKDF-SHA256
653+
0x0001, # aead: AES-128-GCM
654+
],
655655
},
656656
recipient_key=rpk,
657657
)
@@ -664,11 +664,11 @@ def test_cose_usage_examples_cose_encrypt_hpke_with_1st_layer_hpke(self):
664664
},
665665
unprotected={
666666
4: b"xx", # kid: "xx"
667-
-4: { # HPKE sender information
668-
1: 0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
669-
2: 0x0001, # kdf: HKDF-SHA256
670-
3: 0x0001, # aead: AES-128-GCM
671-
},
667+
-4: [ # HPKE sender information
668+
0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
669+
0x0001, # kdf: HKDF-SHA256
670+
0x0001, # aead: AES-128-GCM
671+
],
672672
},
673673
recipients=[r],
674674
)
@@ -693,11 +693,11 @@ def test_cose_usage_examples_cose_encrypt_hpke_with_nonce(self):
693693
},
694694
unprotected={
695695
4: b"01", # kid: "01"
696-
-4: { # HPKE sender information
697-
1: 0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
698-
2: 0x0001, # kdf: HKDF-SHA256
699-
3: 0x0001, # aead: AES-128-GCM
700-
},
696+
-4: [ # HPKE sender information
697+
0x0010, # kem: DHKEM(P-256, HKDF-SHA256)
698+
0x0001, # kdf: HKDF-SHA256
699+
0x0001, # aead: AES-128-GCM
700+
],
701701
},
702702
recipient_key=rpk,
703703
)

tests/test_recipient.py

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -649,7 +649,7 @@ def test_recipients_from_list_with_invalid_args(self, invalid, msg):
649649
assert msg in str(err.value)
650650

651651
def test_recipients_open_without_key(self):
652-
r = RecipientInterface(protected={1: -1}, unprotected={4: b"01", -4: {1: 0x0010, 2: 0x0001, 3: 0x0001}})
652+
r = RecipientInterface(protected={1: -1}, unprotected={4: b"01", -4: [0x0010, 0x0001, 0x0001]})
653653
rs = Recipients([r])
654654
with pytest.raises(ValueError) as err:
655655
rs.derive_key([], 0, b"", b"")
@@ -674,7 +674,7 @@ def test_recipients_open_with_rpk_without_kid(self, rsk1, rsk2):
674674
"y": "BGU5soLgsu_y7GN2I3EPUXS9EZ7Sw0qif-V70JtInFI",
675675
}
676676
)
677-
r = Recipient.new(protected={1: -1}, unprotected={-4: {1: 0x0010, 2: 0x0001, 3: 0x0001}}, recipient_key=rpk)
677+
r = Recipient.new(protected={1: -1}, unprotected={-4: [0x0010, 0x0001, 0x0001]}, recipient_key=rpk)
678678
r.encode(enc_key.key)
679679
sender = COSE.new()
680680
encoded = sender.encode_and_encrypt(
@@ -699,7 +699,7 @@ def test_recipients_open_with_verify_kid_and_rpk_without_kid(self, rsk1, rsk2):
699699
"y": "BGU5soLgsu_y7GN2I3EPUXS9EZ7Sw0qif-V70JtInFI",
700700
}
701701
)
702-
r = Recipient.new(protected={1: -1}, unprotected={-4: {1: 0x0010, 2: 0x0001, 3: 0x0001}}, recipient_key=rpk)
702+
r = Recipient.new(protected={1: -1}, unprotected={-4: [0x0010, 0x0001, 0x0001]}, recipient_key=rpk)
703703
sender = COSE.new()
704704
encoded = sender.encode_and_encrypt(
705705
b"This is the content.",
@@ -724,7 +724,7 @@ def test_recipients_open_failed_with_rpk_without_kid(self, rsk1):
724724
"y": "BGU5soLgsu_y7GN2I3EPUXS9EZ7Sw0qif-V70JtInFI",
725725
}
726726
)
727-
r = Recipient.new(protected={1: -1}, unprotected={-4: {1: 0x0010, 2: 0x0001, 3: 0x0001}}, recipient_key=rpk)
727+
r = Recipient.new(protected={1: -1}, unprotected={-4: [0x0010, 0x0001, 0x0001]}, recipient_key=rpk)
728728
r.encode(enc_key.key)
729729
sender = COSE.new()
730730
encoded = sender.encode_and_encrypt(
@@ -741,7 +741,7 @@ def test_recipients_open_failed_with_rpk_without_kid(self, rsk1):
741741

742742
def test_recipients_open_with_multiple_rsks(self, rpk2, rsk1, rsk2):
743743
enc_key = COSEKey.from_symmetric_key(alg="A128GCM")
744-
r = Recipient.new(protected={1: -1}, unprotected={4: b"02", -4: {1: 0x0010, 2: 0x0001, 3: 0x0001}}, recipient_key=rpk2)
744+
r = Recipient.new(protected={1: -1}, unprotected={4: b"02", -4: [0x0010, 0x0001, 0x0001]}, recipient_key=rpk2)
745745
r.encode(enc_key.key)
746746
sender = COSE.new(alg_auto_inclusion=True)
747747
encoded = sender.encode_and_encrypt(
@@ -757,7 +757,7 @@ def test_recipients_open_with_multiple_rsks(self, rpk2, rsk1, rsk2):
757757

758758
def test_recipients_open_with_invalid_rsk(self, rpk1):
759759
enc_key = COSEKey.from_symmetric_key(alg="A128GCM")
760-
r = Recipient.new(protected={1: -1}, unprotected={4: b"02", -4: {1: 0x0010, 2: 0x0001, 3: 0x0001}}, recipient_key=rpk1)
760+
r = Recipient.new(protected={1: -1}, unprotected={4: b"02", -4: [0x0010, 0x0001, 0x0001]}, recipient_key=rpk1)
761761
# r.encode(enc_key.to_bytes())
762762
sender = COSE.new()
763763
encoded = sender.encode_and_encrypt(

0 commit comments

Comments
 (0)