Add encode() to Recipients other than HPKE.

dajiaji · dajiaji · commit e17c035c04cd · 2022-11-20T12:14:38.000+09:00
diff --git a/cwt/algs/raw.py b/cwt/algs/raw.py
@@ -25,6 +25,9 @@ def __init__(self, params: Dict[int, Any]):
     def key(self) -> bytes:
         return self._key
 
+    def to_bytes(self) -> bytes:
+        return self._key
+
     def to_dict(self) -> Dict[int, Any]:
         res = super().to_dict()
         res[-1] = self._key
diff --git a/cwt/cose_key_interface.py b/cwt/cose_key_interface.py
@@ -104,6 +104,13 @@ def key(self) -> Any:
         """
         raise NotImplementedError
 
+    @property
+    def crv(self) -> int:
+        """
+        The curve (``crv`` parameter value) of the key.
+        """
+        raise NotImplementedError
+
     def to_bytes(self) -> bytes:
         """
         Serializes the body of the key as a byte string.
diff --git a/cwt/recipient.py b/cwt/recipient.py
@@ -36,6 +36,7 @@ def new(
         ciphertext: bytes = b"",
         recipients: List[Any] = [],
         sender_key: Optional[COSEKeyInterface] = None,
+        recipient_key: Optional[COSEKeyInterface] = None,
     ) -> RecipientInterface:
         """
         Creates a recipient from a CBOR-like dictionary with numeric keys.
diff --git a/cwt/recipient_algs/aes_key_wrap.py b/cwt/recipient_algs/aes_key_wrap.py
@@ -3,7 +3,7 @@
 from ..const import COSE_KEY_OPERATION_VALUES
 from ..cose_key import COSEKey
 from ..cose_key_interface import COSEKeyInterface
-from ..exceptions import DecodeError, EncodeError
+from ..exceptions import DecodeError
 from ..recipient_interface import RecipientInterface
 
 
@@ -35,6 +35,19 @@ def __init__(
         )
         self._sender_key = sender_key
 
+    def encode(
+        self,
+        plaintext: bytes = b"",
+        recipient_key: Optional[COSEKeyInterface] = None,
+        salt: Optional[bytes] = None,
+        context: Optional[Union[List[Any], Dict[str, Any]]] = None,
+        external_aad: bytes = b"",
+        aad_context: str = "Enc_Recipient",
+    ) -> Optional[COSEKeyInterface]:
+
+        self._ciphertext = self._sender_key.wrap_key(plaintext)
+        return None
+
     def apply(
         self,
         key: Optional[COSEKeyInterface] = None,
@@ -48,10 +61,7 @@ def apply(
             raise ValueError("key should be set.")
         if key.kid:
             self._protected[4] = key.kid
-        try:
-            self._ciphertext = self._sender_key.wrap_key(key.key)
-        except Exception as err:
-            raise EncodeError("Failed to wrap key.") from err
+        self._ciphertext = self._sender_key.wrap_key(key.key)
         return key
 
     def extract(
diff --git a/cwt/recipient_algs/direct_hkdf.py b/cwt/recipient_algs/direct_hkdf.py
@@ -82,6 +82,55 @@ def verify_key(
             raise VerifyError("Failed to verify key.") from err
         return
 
+    def encode(
+        self,
+        plaintext: bytes = b"",
+        recipient_key: Optional[COSEKeyInterface] = None,
+        salt: Optional[bytes] = None,
+        context: Optional[Union[List[Any], Dict[str, Any]]] = None,
+        external_aad: bytes = b"",
+        aad_context: str = "Enc_Recipient",
+    ) -> Optional[COSEKeyInterface]:
+
+        if not context:
+            raise ValueError("context should be set.")
+        ctx: list
+        if isinstance(context, dict):
+            alg = self._alg if isinstance(self._alg, int) else 0
+            ctx = to_cis(context, alg)
+        else:
+            self._validate_context(context)
+            ctx = context
+        self._applied_ctx = self._apply_context(ctx)
+
+        # Generate a salt automatically if both of a salt and a PartyU nonce are not specified.
+        if not salt and not self._salt and not self._applied_ctx[1][1]:
+            self._salt = token_bytes(32) if self._alg == -10 else token_bytes(64)
+            self._unprotected[-20] = self._salt
+        elif salt:
+            self._salt = salt
+            self._unprotected[-20] = self._salt
+
+        # PartyU nonce
+        if self._applied_ctx[1][1]:
+            self._unprotected[-22] = self._applied_ctx[1][1]
+        # PartyV nonce
+        if self._applied_ctx[2][1]:
+            self._unprotected[-25] = self._applied_ctx[2][1]
+
+        # Derive key.
+        try:
+            hkdf = HKDF(
+                algorithm=self._hash_alg,
+                length=COSE_KEY_LEN[self._applied_ctx[0]] // 8,
+                salt=self._salt,
+                info=self._dumps(self._applied_ctx),
+            )
+            derived = hkdf.derive(plaintext)
+            return COSEKey.from_symmetric_key(derived, self._applied_ctx[0], self._kid)
+        except Exception as err:
+            raise EncodeError("Failed to derive key.") from err
+
     def apply(
         self,
         key: Optional[COSEKeyInterface] = None,
diff --git a/cwt/recipient_algs/ecdh_aes_key_wrap.py b/cwt/recipient_algs/ecdh_aes_key_wrap.py
@@ -2,6 +2,7 @@
 
 from cryptography.hazmat.primitives.keywrap import aes_key_unwrap, aes_key_wrap
 
+from ..algs.ec2 import EC2Key
 from ..const import COSE_KEY_OPERATION_VALUES
 from ..cose_key import COSEKey
 from ..cose_key_interface import COSEKeyInterface
@@ -49,6 +50,40 @@ def __init__(
         else:
             raise ValueError(f"Unknown alg(1) for ECDH with key wrap: {self._alg}.")
 
+    def encode(
+        self,
+        plaintext: bytes = b"",
+        recipient_key: Optional[COSEKeyInterface] = None,
+        salt: Optional[bytes] = None,
+        context: Optional[Union[List[Any], Dict[str, Any]]] = None,
+        external_aad: bytes = b"",
+        aad_context: str = "Enc_Recipient",
+    ) -> Optional[COSEKeyInterface]:
+
+        if not recipient_key:
+            raise ValueError("recipient_key should be set in advance.")
+        if not context:
+            raise ValueError("context should be set.")
+        if self._alg in [-29, -30, -31]:
+            # ECDH-ES
+            self._sender_key = EC2Key({1: 2, -1: recipient_key.crv, 3: self._alg})
+        else:
+            # ECDH-SS (alg=-32, -33, -34)
+            if not self._sender_key:
+                raise ValueError("sender_key should be set in advance.")
+        wrapping_key = self._sender_key.derive_key(context, public_key=recipient_key)
+        if self._alg in [-29, -30, -31]:
+            # ECDH-ES
+            self._unprotected[-1] = self._to_cose_key(self._sender_key.key.public_key())
+        else:
+            # ECDH-SS (alg=-32, -33, -34)
+            self._unprotected[-2] = self._to_cose_key(self._sender_key.key.public_key())
+        try:
+            self._ciphertext = aes_key_wrap(wrapping_key.key, plaintext)
+        except Exception as err:
+            raise EncodeError("Failed to wrap key.") from err
+        return None
+
     def apply(
         self,
         key: Optional[COSEKeyInterface] = None,
diff --git a/cwt/recipient_algs/ecdh_direct_hkdf.py b/cwt/recipient_algs/ecdh_direct_hkdf.py
@@ -2,6 +2,8 @@
 from secrets import token_bytes
 from typing import Any, Dict, List, Optional, Union
 
+from ..algs.ec2 import EC2Key
+from ..algs.okp import OKPKey
 from ..const import COSE_KEY_OPERATION_VALUES
 from ..cose_key import COSEKey
 from ..cose_key_interface import COSEKeyInterface
@@ -58,6 +60,66 @@ def __init__(
         else:
             raise ValueError(f"Unknown alg(1) for ECDH with HKDF: {self._alg}.")
 
+    def encode(
+        self,
+        plaintext: bytes = b"",
+        recipient_key: Optional[COSEKeyInterface] = None,
+        salt: Optional[bytes] = None,
+        context: Optional[Union[List[Any], Dict[str, Any]]] = None,
+        external_aad: bytes = b"",
+        aad_context: str = "Enc_Recipient",
+    ) -> Optional[COSEKeyInterface]:
+
+        if not recipient_key:
+            raise ValueError("recipient_key should be set in advance.")
+        if not context:
+            raise ValueError("context should be set.")
+        ctx: list
+        if isinstance(context, dict):
+            alg = self._alg if isinstance(self._alg, int) else 0
+            ctx = to_cis(context, alg)
+        else:
+            self._validate_context(context)
+            ctx = context
+        self._applied_ctx = self._apply_context(ctx)
+
+        # Generate a salt automatically if both of a salt and a PartyU nonce are not specified.
+        if self._alg in [-27, -28]:  # ECDH-SS
+            if not salt and not self._salt and not self._applied_ctx[1][1]:
+                self._salt = token_bytes(32) if self._alg == -27 else token_bytes(64)
+                self._unprotected[-20] = self._salt
+            elif salt:
+                self._salt = salt
+                self._unprotected[-20] = self._salt
+
+        # PartyU nonce
+        if self._applied_ctx[1][1]:
+            self._unprotected[-22] = self._applied_ctx[1][1]
+        # PartyV nonce
+        if self._applied_ctx[2][1]:
+            self._unprotected[-25] = self._applied_ctx[2][1]
+
+        # Derive key.
+        if self._alg in [-25, -26]:
+            # ECDH-ES
+            if recipient_key.kty == 2:
+                self._sender_key = EC2Key({1: 2, -1: recipient_key.crv, 3: self._alg})
+            else:
+                # should drop this support.
+                self._sender_key = OKPKey({1: 1, -1: recipient_key.crv, 3: self._alg})
+        else:
+            # ECDH-SS (alg=-27 or -28)
+            if not self._sender_key:
+                raise ValueError("sender_key should be set in advance.")
+        derived_key = self._sender_key.derive_key(self._applied_ctx, public_key=recipient_key)
+        if self._alg in [-25, -26]:
+            # ECDH-ES
+            self._unprotected[-1] = self._to_cose_key(self._sender_key.key.public_key())
+        else:
+            # ECDH-SS (alg=-27 or -28)
+            self._unprotected[-2] = self._to_cose_key(self._sender_key.key.public_key())
+        return derived_key
+
     def apply(
         self,
         key: Optional[COSEKeyInterface] = None,
diff --git a/cwt/recipient_algs/hpke.py b/cwt/recipient_algs/hpke.py
@@ -33,7 +33,7 @@ def __init__(
 
     def encode(
         self,
-        plaintext: bytes,
+        plaintext: bytes = b"",
         recipient_key: Optional[COSEKeyInterface] = None,
         salt: Optional[bytes] = None,
         context: Optional[Union[List[Any], Dict[str, Any]]] = None,
diff --git a/cwt/recipient_interface.py b/cwt/recipient_interface.py
@@ -156,7 +156,7 @@ def to_list(self, payload: bytes = b"", external_aad: bytes = b"", aad_context:
 
     def encode(
         self,
-        plaintext: bytes,
+        plaintext: bytes = b"",
         recipient_key: Optional[COSEKeyInterface] = None,
         salt: Optional[bytes] = None,
         context: Optional[Union[List[Any], Dict[str, Any]]] = None,
diff --git a/tests/test_cose_key.py b/tests/test_cose_key.py
@@ -626,3 +626,7 @@ def test_cose_key_interface(self):
             ki.to_bytes()
             pytest.fail("to_bytes should fail.")
         assert "" == str(err.value)
+        with pytest.raises(NotImplementedError) as err:
+            ki.crv
+            pytest.fail("crv should fail.")
+        assert "" == str(err.value)
diff --git a/tests/test_cose_sample.py b/tests/test_cose_sample.py
