Add generate_symmetric_key as a COSEKey classmethod.

Add generate_symmetric_key as a COSEKey classmethod.

Author: dajiaji

README.md

@@ -29,7 +29,7 @@ And then, you can use it as follows:
 ```py
 >>> import cwt
 >>> from cwt import COSEKey
->>> key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
+>>> key = COSEKey.generate_symmetric_key(alg="HS256", kid="01")
 >>> token = cwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, key)
 >>> token.hex()
 'd18443a10105a05835a60172636f6170733a2f2f61732e657861'...
@@ -101,7 +101,7 @@ Create a COSE MAC0 message, verify and decode it as follows:
 ```py
 from cwt import COSE, COSEKey
 
-mac_key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
+mac_key = COSEKey.generate_symmetric_key(alg="HS256", kid="01")
 
 # The sender side:
 sender = COSE.new(alg_auto_inclusion=True, kid_auto_inclusion=True)
@@ -117,7 +117,7 @@ Following two samples are other ways of writing the above example:
 ```py
 from cwt import COSE, COSEKey
 
-mac_key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
+mac_key = COSEKey.generate_symmetric_key(alg="HS256", kid="01")
 
 # The sender side:
 sender = COSE.new()
@@ -136,7 +136,7 @@ assert b"Hello world!" == recipient.decode(encoded, mac_key)
 ```py
 from cwt import COSE, COSEKey
 
-mac_key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
+mac_key = COSEKey.generate_symmetric_key(alg="HS256", kid="01")
 
 # The sender side:
 sender = COSE.new()
@@ -163,7 +163,7 @@ key distribution method.
 ```py
 from cwt import COSE, COSEKey, Recipient
 
-mac_key = COSEKey.from_symmetric_key(alg="HS512", kid="01")
+mac_key = COSEKey.generate_symmetric_key(alg="HS512", kid="01")
 
 # The sender side:
 r = Recipient.from_jwk({"alg": "direct"})
@@ -216,7 +216,7 @@ The AES key wrap algorithm can be used to wrap a MAC key as follows:
 from cwt import COSE, COSEKey, Recipient
 
 # The sender side:
-mac_key = COSEKey.from_symmetric_key(alg="HS512")
+mac_key = COSEKey.generate_symmetric_key(alg="HS512")
 r = Recipient.from_jwk(
     {
         "kty": "oct",
@@ -354,7 +354,7 @@ Create a COSE Encrypt0 message and decrypt it as follows:
 ```py
 from cwt import COSE, COSEKey
 
-enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
+enc_key = COSEKey.generate_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
 
 # The sender side:
 nonce = enc_key.generate_nonce()
@@ -431,7 +431,7 @@ key distribution method.
 ```py
 from cwt import COSE, COSEKey, Recipient
 
-enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
+enc_key = COSEKey.generate_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
 
 # The sender side:
 nonce = enc_key.generate_nonce()
@@ -489,7 +489,7 @@ The AES key wrap algorithm can be used to wrap a MAC key as follows:
 from cwt import COSE, COSEKey, Recipient
 
 # A key to be wrapped
-enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
+enc_key = COSEKey.generate_symmetric_key(alg="ChaCha20/Poly1305")
 
 # The sender side:
 r = Recipient.from_jwk(
@@ -623,7 +623,7 @@ Create a COSE-HPKE Encrypt message and decrypt it as follows:
 from cwt import COSE, COSEKey, Recipient
 
 # The sender side:
-enc_key = COSEKey.from_symmetric_key(alg="A128GCM")
+enc_key = COSEKey.generate_symmetric_key(alg="A128GCM")
 rpk = COSEKey.from_jwk(
     {
         "kty": "EC",
@@ -761,7 +761,7 @@ import cwt
 from cwt import Claims, COSEKey
 
 try:
-    key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
+    key = COSEKey.generate_symmetric_key(alg="HS256", kid="01")
     token = cwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, key)
     decoded = cwt.decode(token, key)
 
@@ -790,7 +790,7 @@ A raw CWT structure (Dict[int, Any]) can also be used as follows:
 import cwt
 from cwt import COSEKey
 
-key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
+key = COSEKey.generate_symmetric_key(alg="HS256", kid="01")
 token = cwt.encode({1: "coaps://as.example", 2: "dajiaji", 7: b"123"}, key)
 decoded = cwt.decode(token, key)
 ```
@@ -868,7 +868,7 @@ Create an encrypted CWT with `ChaCha20/Poly1305` and decrypt it as follows:
 import cwt
 from cwt import COSEKey
 
-enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
+enc_key = COSEKey.generate_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
 token = cwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, enc_key)
 decoded = cwt.decode(token, enc_key)
 ```
@@ -885,7 +885,7 @@ import cwt
 from cwt import COSEKey
 
 # A shared encryption key.
-enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="enc-01")
+enc_key = COSEKey.generate_symmetric_key(alg="ChaCha20/Poly1305", kid="enc-01")
 
 # Creates a CWT with ES256 signing.
 with open("./private_key.pem") as key_file:
@@ -915,7 +915,7 @@ If you want to change the settings, you can create your own `CWT` class instance
 ```py
 from cwt import COSEKey, CWT
 
-key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
+key = COSEKey.generate_symmetric_key(alg="HS256", kid="01")
 mycwt = CWT.new(expires_in=3600*24, leeway=10)
 token = mycwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, key)
 decoded = mycwt.decode(token, key)

cwt/cose_key.py

@@ -76,6 +76,33 @@ def new(params: Dict[int, Any]) -> COSEKeyInterface:
             raise ValueError(f"Unsupported or unknown alg(3): {params[3]}.")
         raise ValueError(f"Unsupported or unknown kty(1): {params[1]}.")
 
+    @classmethod
+    def generate_symmetric_key(
+        cls,
+        alg: Union[int, str] = "",
+        kid: Union[bytes, str] = b"",
+        key_ops: Optional[Union[List[int], List[str]]] = None,
+    ) -> COSEKeyInterface:
+        """
+        Generates a symmetric COSE key from from a randomly genarated byte string.
+
+        Args:
+            alg (Union[int, str]): An algorithm label(int) or name(str).
+                Supported ``alg`` are listed in
+                `Supported COSE Algorithms <https://python-cwt.readthedocs.io/en/stable/algorithms.html>`_.
+            kid (Union[bytes, str]): A key identifier.
+            key_ops (Union[List[int], List[str]]): A list of key operation values.
+                Following values can be used:
+                ``1("sign")``, ``2("verify")``, ``3("encrypt")``, ``4("decrypt")``, ``5("wrap key")``,
+                ``6("unwrap key")``, ``7("derive key")``, ``8("derive bits")``,
+                ``9("MAC create")``, ``10("MAC verify")``
+        Returns:
+            COSEKeyInterface: A COSE key object.
+        Raises:
+            ValueError: Invalid arguments.
+        """
+        return cls.from_symmetric_key(b"", alg, kid, key_ops)
+
     @classmethod
     def from_symmetric_key(
         cls,

docs/cose_usage.rst

@@ -8,7 +8,7 @@ The following is a simple sample code using COSE API:
 
     >>> from cwt import COSE, COSEKey
     >>> ctx = COSE.new(alg_auto_inclusion=True, kid_auto_inclusion=True)
-    >>> mac_key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
+    >>> mac_key = COSEKey.generate_symmetric_key(alg="HS256", kid="01")
     >>> encoded = ctx.encode_and_mac(b"Hello world!", mac_key)
     >>> encoded.hex()
     'd18443a10105a1044230314c48656c6c6f20776f726c642158205d0b144add282ccaac32a02e0d5eec76928ccadf3623271eb48e9464e2ee03b2'
@@ -29,7 +29,7 @@ Create a COSE MAC0 message, verify and decode it as follows:
 
     from cwt import COSE, COSEKey
 
-    mac_key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
+    mac_key = COSEKey.generate_symmetric_key(alg="HS256", kid="01")
     ctx = COSE.new(alg_auto_inclusion=True, kid_auto_inclusion=True)
     encoded = ctx.encode_and_mac(b"Hello world!", mac_key)
     assert b"Hello world!" == ctx.decode(encoded, mac_key)
@@ -42,7 +42,7 @@ Following two samples are other ways of writing the above example:
 
     from cwt import COSE, COSEKey
 
-    mac_key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
+    mac_key = COSEKey.generate_symmetric_key(alg="HS256", kid="01")
     ctx = COSE.new()
     encoded = ctx.encode_and_mac(
         b"Hello world!",
@@ -56,7 +56,7 @@ Following two samples are other ways of writing the above example:
 
     from cwt import COSE, COSEKey
 
-    mac_key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
+    mac_key = COSEKey.generate_symmetric_key(alg="HS256", kid="01")
     ctx = COSE.new()
     encoded = ctx.encode_and_mac(
         b"Hello world!",
@@ -81,7 +81,7 @@ key distribution method.
     from cwt import COSE, COSEKey, Recipient
 
     # The sender makes a COSE MAC message as follows:
-    mac_key = COSEKey.from_symmetric_key(alg="HS512", kid="01")
+    mac_key = COSEKey.generate_symmetric_key(alg="HS512", kid="01")
     r = Recipient.from_jwk({"alg": "direct"})
     r.apply(mac_key)
     ctx = COSE.new()
@@ -98,7 +98,7 @@ Following samples are other ways of writing the above sample:
 
     # The sender side:
     # In contrast to from_jwk(), new() is low-level constructor.
-    mac_key = COSEKey.from_symmetric_key(alg="HS512", kid="01")
+    mac_key = COSEKey.generate_symmetric_key(alg="HS512", kid="01")
     r = Recipient.new(unprotected={"alg": "direct"})
     r.apply(mac_key)
     ctx = COSE.new()
@@ -113,7 +113,7 @@ Following samples are other ways of writing the above sample:
 
     # The sender side:
     # new() can accept following raw COSE header parameters.
-    mac_key = COSEKey.from_symmetric_key(alg="HS512", kid="01")
+    mac_key = COSEKey.generate_symmetric_key(alg="HS512", kid="01")
     r = Recipient.new(unprotected={1: 7})
     r.apply(mac_key)
     ctx = COSE.new()
@@ -161,7 +161,7 @@ The AES key wrap algorithm can be used to wrap a MAC key as follows:
     from cwt import COSE, COSEKey, Recipient
 
     # The sender side:
-    mac_key = COSEKey.from_symmetric_key(alg="HS512")
+    mac_key = COSEKey.generate_symmetric_key(alg="HS512")
     r = Recipient.from_jwk(
         {
             "kid": "01",
@@ -337,7 +337,7 @@ Key Agreement with Key Wrap
     from cwt import COSE, COSEKey, Recipient
 
     # The sender side:
-    mac_key = COSEKey.from_symmetric_key(alg="HS256")
+    mac_key = COSEKey.generate_symmetric_key(alg="HS256")
     r = Recipient.from_jwk(
         {
             "kty": "EC",
@@ -389,7 +389,7 @@ Create a COSE Encrypt0 message, verify and decode it as follows:
 
     from cwt import COSE, COSEKey
 
-    enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
+    enc_key = COSEKey.generate_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
 
     # The sender side:
     nonce = enc_key.generate_nonce()
@@ -407,7 +407,7 @@ Following two samples are other ways of writing the above example:
 
     from cwt import COSE, COSEKey
 
-    enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
+    enc_key = COSEKey.generate_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
 
     # The sender side:
     nonce = enc_key.generate_nonce()
@@ -427,7 +427,7 @@ Following two samples are other ways of writing the above example:
 
     from cwt import COSE, COSEKey
 
-    enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
+    enc_key = COSEKey.generate_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
 
     # The sender side:
     nonce = enc_key.generate_nonce()
@@ -457,7 +457,7 @@ key distribution method.
 
     from cwt import COSE, COSEKey, Recipient
 
-    enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
+    enc_key = COSEKey.generate_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
 
     # The sender side:
     nonce = enc_key.generate_nonce()
@@ -519,7 +519,7 @@ The AES key wrap algorithm can be used to wrap an encryption key as follows:
             "k": "hJtXIZ2uSN5kbQfbtTNWbg",  # A shared wrapping key
         },
     )
-    enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
+    enc_key = COSEKey.generate_symmetric_key(alg="ChaCha20/Poly1305")
     r.apply(enc_key)
     ctx = COSE.new(alg_auto_inclusion=True)
     encoded = ctx.encode_and_encrypt(b"Hello world!", key=enc_key, recipients=[r])
@@ -688,7 +688,7 @@ Key Agreement with Key Wrap
     from cwt import COSE, COSEKey, Recipient
 
     # The sender side:
-    enc_key = COSEKey.from_symmetric_key(alg="A128GCM")
+    enc_key = COSEKey.generate_symmetric_key(alg="A128GCM")
     nonce = enc_key.generate_nonce()
     r = Recipient.from_jwk(
         {

docs/cwt_usage.rst

@@ -7,7 +7,7 @@ The following is a simple sample code using CWT API:
 
     >>> import cwt
     >>> from cwt import Claims, COSEKey
-    >>> key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
+    >>> key = COSEKey.generate_symmetric_key(alg="HS256", kid="01")
     >>> token = cwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, key)
     >>> token.hex()
     'd18443a10105a05835a60172636f6170733a2f2f61732e6578616d706c65026764616a69616a690743313233041a609097b7051a609089a7061a609089a758201fad9b0a76803194bd11ca9b9b3cbbf1028005e15321665a768994f38c7127f7'
@@ -30,7 +30,7 @@ Create a MACed CWT, verify and decode it as follows:
     from cwt import COSEKey
 
     try:
-        key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
+        key = COSEKey.generate_symmetric_key(alg="HS256", kid="01")
         token = cwt.encode(
             {"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"},
             key,
@@ -63,7 +63,7 @@ A raw CWT structure (Dict[int, Any]) can also be used as follows:
     import cwt
     from cwt import COSEKey
 
-    key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
+    key = COSEKey.generate_symmetric_key(alg="HS256", kid="01")
     token = cwt.encode({1: "coaps://as.example", 2: "dajiaji", 7: b"123"}, key)
     decoded = cwt.decode(token, key)
 
@@ -168,7 +168,7 @@ and decrypt it as follows:
     import cwt
     from cwt import COSEKey
 
-    enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
+    enc_key = COSEKey.generate_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
     token = cwt.encode(
         {"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, enc_key
     )
@@ -182,7 +182,7 @@ Algorithms other than ``ChaCha20/Poly1305`` are also supported. The following is
     import cwt
     from cwt import COSEKey
 
-    enc_key = COSEKey.from_symmetric_key(alg="AES-CCM-16-64-256", kid="01")
+    enc_key = COSEKey.generate_symmetric_key(alg="AES-CCM-16-64-256", kid="01")
     token = cwt.encode(
         {"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, enc_key
     )
@@ -201,7 +201,7 @@ Create a signed CWT and encrypt it, and then decrypt and verify the nested CWT a
     from cwt import COSEKey
 
     # A shared encryption key.
-    enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="enc-01")
+    enc_key = COSEKey.generate_symmetric_key(alg="ChaCha20/Poly1305", kid="enc-01")
 
     # Creates a CWT with ES256 signing.
     with open("./private_key.pem") as key_file:
@@ -233,7 +233,7 @@ If you want to change the settings, you can create your own ``CWT`` class instan
 
     from cwt import COSEKey, CWT
 
-    key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
+    key = COSEKey.generate_symmetric_key(alg="HS256", kid="01")
     mycwt = CWT.new(expires_in=3600 * 24, leeway=10)
     token = mycwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, key)
     decoded = mycwt.decode(token, key)