Commit 2869305d authored by Christian Heimes's avatar Christian Heimes Committed by Simo Sorce

Fix 'ECDH-ES' base classes and add tests

ECDH-ES is an actual JWA algorithm and not a base class. Therefore it
must be a subclass of JWAAlgorithm. New tests will catch these errors in
the future.
Signed-off-by: 's avatarChristian Heimes <cheimes@redhat.com>
Reviewed-by: 's avatarSimo Sorce <simo@redhat.com>
Closes #67
parent 19490b84
...@@ -720,7 +720,7 @@ class _Direct(_RawKeyMgmt, JWAAlgorithm): ...@@ -720,7 +720,7 @@ class _Direct(_RawKeyMgmt, JWAAlgorithm):
return cek return cek
class _EcdhEs(_RawKeyMgmt): class _EcdhEs(_RawKeyMgmt, JWAAlgorithm):
name = 'ECDH-ES' name = 'ECDH-ES'
description = "ECDH-ES using Concat KDF" description = "ECDH-ES using Concat KDF"
...@@ -815,7 +815,7 @@ class _EcdhEs(_RawKeyMgmt): ...@@ -815,7 +815,7 @@ class _EcdhEs(_RawKeyMgmt):
return cek return cek
class _EcdhEsAes128Kw(_EcdhEs, JWAAlgorithm): class _EcdhEsAes128Kw(_EcdhEs):
name = 'ECDH-ES+A128KW' name = 'ECDH-ES+A128KW'
description = 'ECDH-ES using Concat KDF and "A128KW" wrapping' description = 'ECDH-ES using Concat KDF and "A128KW" wrapping'
...@@ -824,7 +824,7 @@ class _EcdhEsAes128Kw(_EcdhEs, JWAAlgorithm): ...@@ -824,7 +824,7 @@ class _EcdhEsAes128Kw(_EcdhEs, JWAAlgorithm):
algorithm_use = 'kex' algorithm_use = 'kex'
class _EcdhEsAes192Kw(_EcdhEs, JWAAlgorithm): class _EcdhEsAes192Kw(_EcdhEs):
name = 'ECDH-ES+A192KW' name = 'ECDH-ES+A192KW'
description = 'ECDH-ES using Concat KDF and "A192KW" wrapping' description = 'ECDH-ES using Concat KDF and "A192KW" wrapping'
...@@ -833,7 +833,7 @@ class _EcdhEsAes192Kw(_EcdhEs, JWAAlgorithm): ...@@ -833,7 +833,7 @@ class _EcdhEsAes192Kw(_EcdhEs, JWAAlgorithm):
algorithm_use = 'kex' algorithm_use = 'kex'
class _EcdhEsAes256Kw(_EcdhEs, JWAAlgorithm): class _EcdhEsAes256Kw(_EcdhEs):
name = 'ECDH-ES+A256KW' name = 'ECDH-ES+A256KW'
description = 'ECDH-ES using Concat KDF and "A128KW" wrapping' description = 'ECDH-ES using Concat KDF and "A128KW" wrapping'
......
...@@ -10,6 +10,7 @@ from cryptography.hazmat.backends import default_backend ...@@ -10,6 +10,7 @@ from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import ec from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives.asymmetric import rsa
from jwcrypto import jwa
from jwcrypto import jwe from jwcrypto import jwe
from jwcrypto import jwk from jwcrypto import jwk
from jwcrypto import jws from jwcrypto import jws
...@@ -1107,3 +1108,42 @@ class ConformanceTests(unittest.TestCase): ...@@ -1107,3 +1108,42 @@ class ConformanceTests(unittest.TestCase):
check = jwe.JWE() check = jwe.JWE()
check.deserialize(enc, key) check.deserialize(enc, key)
self.assertEqual(b'plain', check.payload) self.assertEqual(b'plain', check.payload)
class JWATests(unittest.TestCase):
def test_jwa_create(self):
for name, cls in jwa.JWA.algorithms_registry.items():
self.assertEqual(cls.name, name)
self.assertIn(cls.algorithm_usage_location, {'alg', 'enc'})
if name == 'ECDH-ES':
self.assertIs(cls.keysize, None)
else:
self.assertIsInstance(cls.keysize, int)
self.assertGreaterEqual(cls.keysize, 0)
if cls.algorithm_use == 'sig':
with self.assertRaises(jwa.InvalidJWAAlgorithm):
jwa.JWA.encryption_alg(name)
with self.assertRaises(jwa.InvalidJWAAlgorithm):
jwa.JWA.keymgmt_alg(name)
inst = jwa.JWA.signing_alg(name)
self.assertIsInstance(inst, jwa.JWAAlgorithm)
self.assertEqual(inst.name, name)
elif cls.algorithm_use == 'kex':
with self.assertRaises(jwa.InvalidJWAAlgorithm):
jwa.JWA.encryption_alg(name)
with self.assertRaises(jwa.InvalidJWAAlgorithm):
jwa.JWA.signing_alg(name)
inst = jwa.JWA.keymgmt_alg(name)
self.assertIsInstance(inst, jwa.JWAAlgorithm)
self.assertEqual(inst.name, name)
elif cls.algorithm_use == 'enc':
with self.assertRaises(jwa.InvalidJWAAlgorithm):
jwa.JWA.signing_alg(name)
with self.assertRaises(jwa.InvalidJWAAlgorithm):
jwa.JWA.keymgmt_alg(name)
inst = jwa.JWA.encryption_alg(name)
self.assertIsInstance(inst, jwa.JWAAlgorithm)
self.assertEqual(inst.name, name)
else:
self.fail((name, cls))
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment