Commit 2869305d authored by Christian Heimes's avatar Christian Heimes Committed by Simo Sorce

Fix 'ECDH-ES' base classes and add tests

ECDH-ES is an actual JWA algorithm and not a base class. Therefore it
must be a subclass of JWAAlgorithm. New tests will catch these errors in
the future.
Signed-off-by: 's avatarChristian Heimes <cheimes@redhat.com>
Reviewed-by: 's avatarSimo Sorce <simo@redhat.com>
Closes #67
parent 19490b84
......@@ -720,7 +720,7 @@ class _Direct(_RawKeyMgmt, JWAAlgorithm):
return cek
class _EcdhEs(_RawKeyMgmt):
class _EcdhEs(_RawKeyMgmt, JWAAlgorithm):
name = 'ECDH-ES'
description = "ECDH-ES using Concat KDF"
......@@ -815,7 +815,7 @@ class _EcdhEs(_RawKeyMgmt):
return cek
class _EcdhEsAes128Kw(_EcdhEs, JWAAlgorithm):
class _EcdhEsAes128Kw(_EcdhEs):
name = 'ECDH-ES+A128KW'
description = 'ECDH-ES using Concat KDF and "A128KW" wrapping'
......@@ -824,7 +824,7 @@ class _EcdhEsAes128Kw(_EcdhEs, JWAAlgorithm):
algorithm_use = 'kex'
class _EcdhEsAes192Kw(_EcdhEs, JWAAlgorithm):
class _EcdhEsAes192Kw(_EcdhEs):
name = 'ECDH-ES+A192KW'
description = 'ECDH-ES using Concat KDF and "A192KW" wrapping'
......@@ -833,7 +833,7 @@ class _EcdhEsAes192Kw(_EcdhEs, JWAAlgorithm):
algorithm_use = 'kex'
class _EcdhEsAes256Kw(_EcdhEs, JWAAlgorithm):
class _EcdhEsAes256Kw(_EcdhEs):
name = 'ECDH-ES+A256KW'
description = 'ECDH-ES using Concat KDF and "A128KW" wrapping'
......
......@@ -10,6 +10,7 @@ from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.asymmetric import rsa
from jwcrypto import jwa
from jwcrypto import jwe
from jwcrypto import jwk
from jwcrypto import jws
......@@ -1107,3 +1108,42 @@ class ConformanceTests(unittest.TestCase):
check = jwe.JWE()
check.deserialize(enc, key)
self.assertEqual(b'plain', check.payload)
class JWATests(unittest.TestCase):
def test_jwa_create(self):
for name, cls in jwa.JWA.algorithms_registry.items():
self.assertEqual(cls.name, name)
self.assertIn(cls.algorithm_usage_location, {'alg', 'enc'})
if name == 'ECDH-ES':
self.assertIs(cls.keysize, None)
else:
self.assertIsInstance(cls.keysize, int)
self.assertGreaterEqual(cls.keysize, 0)
if cls.algorithm_use == 'sig':
with self.assertRaises(jwa.InvalidJWAAlgorithm):
jwa.JWA.encryption_alg(name)
with self.assertRaises(jwa.InvalidJWAAlgorithm):
jwa.JWA.keymgmt_alg(name)
inst = jwa.JWA.signing_alg(name)
self.assertIsInstance(inst, jwa.JWAAlgorithm)
self.assertEqual(inst.name, name)
elif cls.algorithm_use == 'kex':
with self.assertRaises(jwa.InvalidJWAAlgorithm):
jwa.JWA.encryption_alg(name)
with self.assertRaises(jwa.InvalidJWAAlgorithm):
jwa.JWA.signing_alg(name)
inst = jwa.JWA.keymgmt_alg(name)
self.assertIsInstance(inst, jwa.JWAAlgorithm)
self.assertEqual(inst.name, name)
elif cls.algorithm_use == 'enc':
with self.assertRaises(jwa.InvalidJWAAlgorithm):
jwa.JWA.signing_alg(name)
with self.assertRaises(jwa.InvalidJWAAlgorithm):
jwa.JWA.keymgmt_alg(name)
inst = jwa.JWA.encryption_alg(name)
self.assertIsInstance(inst, jwa.JWAAlgorithm)
self.assertEqual(inst.name, name)
else:
self.fail((name, cls))
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment