mirror of
https://github.com/pacnpal/thrillwiki_django_no_react.git
synced 2025-12-21 18:11:08 -05:00
1295 lines
48 KiB
Python
1295 lines
48 KiB
Python
# Copyright (C) 2015 JWCrypto Project Contributors - see LICENSE file
|
|
|
|
import unittest
|
|
|
|
from jwcrypto import jwe
|
|
from jwcrypto import jwk
|
|
from jwcrypto import jws
|
|
from jwcrypto.common import base64url_decode, base64url_encode
|
|
from jwcrypto.common import json_decode, json_encode
|
|
|
|
# Based on: RFC 7520
|
|
|
|
EC_Public_Key_3_1 = {
|
|
"kty": "EC",
|
|
"kid": "bilbo.baggins@hobbiton.example",
|
|
"use": "sig",
|
|
"crv": "P-521",
|
|
"x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9"
|
|
"A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
|
|
"y": "[AWS-SECRET-REMOVED]C6pV5OhQHiraVy"
|
|
"SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1"}
|
|
|
|
EC_Private_Key_3_2 = {
|
|
"kty": "EC",
|
|
"kid": "bilbo.baggins@hobbiton.example",
|
|
"use": "sig",
|
|
"crv": "P-521",
|
|
"x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9"
|
|
"A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
|
|
"y": "[AWS-SECRET-REMOVED]C6pV5OhQHiraVy"
|
|
"SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1",
|
|
"d": "AAhRON2r9cqXX1hg-RoI6R1tX5p2rUAYdmpHZoC1XNM56KtscrX6zb"
|
|
"KipQrCW9CGZH3T4ubpnoTKLDYJ_fF3_rJt"}
|
|
|
|
RSA_Public_Key_3_3 = {
|
|
"kty": "RSA",
|
|
"kid": "bilbo.baggins@hobbiton.example",
|
|
"use": "sig",
|
|
"n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT"
|
|
"-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqV"
|
|
"wGU_NsYOYL-[AWS-SECRET-REMOVED]Z6Aj-"
|
|
"oBHqFEHYpPe7Tpe-[AWS-SECRET-REMOVED]"
|
|
"3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuC"
|
|
"LqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5g"
|
|
"HdrNP5zw",
|
|
"e": "AQAB"}
|
|
|
|
RSA_Private_Key_3_4 = {
|
|
"kty": "RSA",
|
|
"kid": "bilbo.baggins@hobbiton.example",
|
|
"use": "sig",
|
|
"n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT"
|
|
"-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqV"
|
|
"wGU_NsYOYL-[AWS-SECRET-REMOVED]Z6Aj-"
|
|
"oBHqFEHYpPe7Tpe-[AWS-SECRET-REMOVED]"
|
|
"3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuC"
|
|
"LqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5g"
|
|
"HdrNP5zw",
|
|
"e": "AQAB",
|
|
"d": "bWUC9B-EFRIo8kpGfh0ZuyGPvMNKvYWNtB_ikiH9k20eT-O1q_I78e"
|
|
"iZkpXxXQ0UTEs2LsNRS-8uJbvQ-A1irkwMSMkK1J3XTGgdrhCku9gRld"
|
|
"Y7sNA_AKZGh-Q661_42rINLRCe8W-nZ34ui_qOfkLnK9QWDDqpaIsA-b"
|
|
"[AWS-SECRET-REMOVED]BOBdkMXiuFhUq1BU"
|
|
"6l-DqEiWxqg82sXt2h-LMnT3046AOYJoRioz75tSUQfGCshWTBnP5uDj"
|
|
"d18kKhyv07lhfSJdrPdM5Plyl21hsFf4L_mHCuoFau7gdsPfHPxxjVOc"
|
|
"OpBrQzwQ",
|
|
"p": "3Slxg_DwTXJcb6095RoXygQCAZ5RnAvZlno1yhHtnUex_fp7AZ_9nR"
|
|
"aO7HX_-[AWS-SECRET-REMOVED]Amr_WCsmG"
|
|
"peNqQnev1T7IyEsnh8UMt-n5CafhkikzhEsrmndH6LxOrvRJlsPp6Zv8"
|
|
"bUq0k",
|
|
"q": "uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs6grT"
|
|
"8bR_[AWS-SECRET-REMOVED]u2lmKvwqW7an"
|
|
"V5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxHlSqAZ192zB3pVFJ0"
|
|
"s7pFc",
|
|
"dp": "B8PVvXkvJrj2L-GYQ7v3y9r6Kw5g9SahXBwsWUzp19TVlgI-YV85q"
|
|
"1NIb1rxQtD-IsXXR3-TanevuRPRt5OBOdiMGQp8pbt26gljYfKU_E9xn"
|
|
"-RULHz0-ed9E9gXLKD4VGngpz-PfQ_q29pk5xWHoJp009Qf1HvChixRX"
|
|
"59ehik",
|
|
"dq": "CLDmDGduhylc9o7r84rEUVn7pzQ6PF83Y-iBZx5NT-TpnOZKF1pEr"
|
|
"[AWS-SECRET-REMOVED]og5iTbwQGIC3gnJK"
|
|
"bi_7k_vJgGHwHxgPaX2PnvP-zyEkDERuf-ry4c_Z11Cq9AqC2yeL6kdK"
|
|
"T1cYF8",
|
|
"qi": "3PiqvXQN0zwMeE-sBvZgi289XP9XCQF3VWqPzMKnIgQp7_Tugo6-N"
|
|
"ZBKCQsMf3HaEGBjTVJs_jcK8-TRXvaKe-7ZMaQj8VfBdYkssbu0NKDDh"
|
|
"jJ-[AWS-SECRET-REMOVED]MF6xmujs4qMpP"
|
|
"z8aaI4"}
|
|
|
|
Symmetric_Key_MAC_3_5 = {
|
|
"kty": "oct",
|
|
"kid": "[HEROKU-API-KEY-REMOVED]",
|
|
"use": "sig",
|
|
"alg": "HS256",
|
|
"k": "hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"}
|
|
|
|
Symmetric_Key_Enc_3_6 = {
|
|
"kty": "oct",
|
|
"kid": "[HEROKU-API-KEY-REMOVED]",
|
|
"use": "enc",
|
|
"alg": "A256GCM",
|
|
"k": "AAPapAv4LbFbiVawEjagUBluYqN5rhna-8nuldDvOx8"}
|
|
|
|
Payload_plaintext_b64_4 = \
|
|
"[AWS-SECRET-REMOVED]cm9kbywgZ29pbmcgb3V0IH" + \
|
|
"[AWS-SECRET-REMOVED]9hZCwgYW5kIGlmIHlvdSBk" + \
|
|
"[AWS-SECRET-REMOVED]IG5vIGtub3dpbmcgd2hlcm" + \
|
|
"UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4"
|
|
|
|
# 4.1
|
|
JWS_Protected_Header_4_1_2 = \
|
|
"[AWS-SECRET-REMOVED]Z2dpbnNAaG9iYml0b24uZX" + \
|
|
"hhbXBsZSJ9"
|
|
|
|
JWS_Signature_4_1_2 = \
|
|
"MRjdkly7_-[AWS-SECRET-REMOVED]5NlKtainoFmK" + \
|
|
"[AWS-SECRET-REMOVED]nB-BDkoBwA78185hX-Es4J" + \
|
|
"IwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8w" + \
|
|
"[AWS-SECRET-REMOVED]uW3IS_de3xyIrDaLGdjluP" + \
|
|
"xUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_f" + \
|
|
"cIe8u9ipH84ogoree7vjbU5y18kDquDg"
|
|
|
|
JWS_compact_4_1_3 = \
|
|
"%s.%s.%s" % (JWS_Protected_Header_4_1_2,
|
|
Payload_plaintext_b64_4,
|
|
JWS_Signature_4_1_2)
|
|
|
|
JWS_general_4_1_3 = {
|
|
"payload": Payload_plaintext_b64_4,
|
|
"signatures": [{
|
|
"protected": JWS_Protected_Header_4_1_2,
|
|
"signature": JWS_Signature_4_1_2}]}
|
|
|
|
JWS_flattened_4_1_3 = {
|
|
"payload": Payload_plaintext_b64_4,
|
|
"protected": JWS_Protected_Header_4_1_2,
|
|
"signature": JWS_Signature_4_1_2}
|
|
|
|
# 4.2
|
|
JWS_Protected_Header_4_2_2 = \
|
|
"[AWS-SECRET-REMOVED]Z2dpbnNAaG9iYml0b24uZX" + \
|
|
"hhbXBsZSJ9"
|
|
|
|
JWS_Signature_4_2_2 = \
|
|
"[AWS-SECRET-REMOVED]Oy42miAh2qyBzk1xEsnk2I" + \
|
|
"pN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXU" + \
|
|
"vdvWXzg-[AWS-SECRET-REMOVED]dNqiVJRmBqrYRX" + \
|
|
"e8P_[AWS-SECRET-REMOVED]2Xez2Mlp8cBE5awDzT" + \
|
|
"0qI0n6uiP1aCN_2_[AWS-SECRET-REMOVED]bH510a" + \
|
|
"6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw"
|
|
|
|
JWS_compact_4_2_3 = \
|
|
"%s.%s.%s" % (JWS_Protected_Header_4_2_2,
|
|
Payload_plaintext_b64_4,
|
|
JWS_Signature_4_2_2)
|
|
|
|
JWS_general_4_2_3 = {
|
|
"payload": Payload_plaintext_b64_4,
|
|
"signatures": [{
|
|
"protected": JWS_Protected_Header_4_2_2,
|
|
"signature": JWS_Signature_4_2_2}]}
|
|
|
|
JWS_flattened_4_2_3 = {
|
|
"payload": Payload_plaintext_b64_4,
|
|
"protected": JWS_Protected_Header_4_2_2,
|
|
"signature": JWS_Signature_4_2_2}
|
|
|
|
# 4.3
|
|
JWS_Protected_Header_4_3_2 = \
|
|
"[AWS-SECRET-REMOVED]Z2dpbnNAaG9iYml0b24uZX" + \
|
|
"hhbXBsZSJ9"
|
|
|
|
JWS_Signature_4_3_2 = \
|
|
"AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb" + \
|
|
"u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv" + \
|
|
"AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2"
|
|
|
|
JWS_compact_4_3_3 = \
|
|
"%s.%s.%s" % (JWS_Protected_Header_4_3_2,
|
|
Payload_plaintext_b64_4,
|
|
JWS_Signature_4_3_2)
|
|
|
|
JWS_general_4_3_3 = {
|
|
"payload": Payload_plaintext_b64_4,
|
|
"signatures": [{
|
|
"protected": JWS_Protected_Header_4_3_2,
|
|
"signature": JWS_Signature_4_3_2}]}
|
|
|
|
JWS_flattened_4_3_3 = {
|
|
"payload": Payload_plaintext_b64_4,
|
|
"protected": JWS_Protected_Header_4_3_2,
|
|
"signature": JWS_Signature_4_3_2}
|
|
|
|
# 4.4
|
|
JWS_Protected_Header_4_4_2 = \
|
|
"[AWS-SECRET-REMOVED]LTRkOWItNDcxYi1iZmQ2LW" + \
|
|
"VlZjMxNGJjNzAzNyJ9"
|
|
|
|
JWS_Signature_4_4_2 = "[AWS-SECRET-REMOVED]7p0"
|
|
|
|
JWS_compact_4_4_3 = \
|
|
"%s.%s.%s" % (JWS_Protected_Header_4_4_2,
|
|
Payload_plaintext_b64_4,
|
|
JWS_Signature_4_4_2)
|
|
|
|
JWS_general_4_4_3 = {
|
|
"payload": Payload_plaintext_b64_4,
|
|
"signatures": [{
|
|
"protected": JWS_Protected_Header_4_4_2,
|
|
"signature": JWS_Signature_4_4_2}]}
|
|
|
|
JWS_flattened_4_4_3 = {
|
|
"payload": Payload_plaintext_b64_4,
|
|
"protected": JWS_Protected_Header_4_4_2,
|
|
"signature": JWS_Signature_4_4_2}
|
|
|
|
# 4.5 - TBD, see Issue #4
|
|
|
|
# 4.6
|
|
JWS_Protected_Header_4_6_2 = "eyJhbGciOiJIUzI1NiJ9"
|
|
|
|
JWS_Unprotected_Header_4_6_2 = {"kid": "[HEROKU-API-KEY-REMOVED]"}
|
|
|
|
JWS_Signature_4_6_2 = "[AWS-SECRET-REMOVED]r20"
|
|
|
|
JWS_general_4_6_3 = {
|
|
"payload": Payload_plaintext_b64_4,
|
|
"signatures": [{
|
|
"protected": JWS_Protected_Header_4_6_2,
|
|
"header": JWS_Unprotected_Header_4_6_2,
|
|
"signature": JWS_Signature_4_6_2}]}
|
|
|
|
JWS_flattened_4_6_3 = {
|
|
"payload": Payload_plaintext_b64_4,
|
|
"protected": JWS_Protected_Header_4_6_2,
|
|
"header": JWS_Unprotected_Header_4_6_2,
|
|
"signature": JWS_Signature_4_6_2}
|
|
|
|
# 4.7
|
|
JWS_Unprotected_Header_4_7_2 = {"alg": "HS256",
|
|
"kid": "[HEROKU-API-KEY-REMOVED]"}
|
|
|
|
JWS_Signature_4_7_2 = "[AWS-SECRET-REMOVED]Zuk"
|
|
|
|
JWS_general_4_7_3 = {
|
|
"payload": Payload_plaintext_b64_4,
|
|
"signatures": [{
|
|
"header": JWS_Unprotected_Header_4_7_2,
|
|
"signature": JWS_Signature_4_7_2}]}
|
|
|
|
JWS_flattened_4_7_3 = {
|
|
"payload": Payload_plaintext_b64_4,
|
|
"header": JWS_Unprotected_Header_4_7_2,
|
|
"signature": JWS_Signature_4_7_2}
|
|
|
|
# 4.8
|
|
JWS_Protected_Header_4_8_2 = "eyJhbGciOiJSUzI1NiJ9"
|
|
|
|
JWS_Unprotected_Header_4_8_2 = {"kid": "bilbo.baggins@hobbiton.example"}
|
|
|
|
JWS_Signature_4_8_2 = \
|
|
"MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5NvyG53uoimic1tcMdSg-qpt" + \
|
|
"rzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFcryNFiHkSw129EghGpwkpxaTn_THJTC" + \
|
|
"glNbADko1MZBCdwzJxwqZc-1RlpO2HibUYyXSwO97BSe0_evZKdjvvKSgsIqjy" + \
|
|
"tKSeAMbhMBdMma622_[AWS-SECRET-REMOVED]PUqB" + \
|
|
"BCXbYoQJwt7mxPftHmNlGoOSMxR_3thmXTCm4US-xiNOyhbm8afKK64jU6_TPt" + \
|
|
"QHiJeQJxz9G3Tx-083B745_AfYOnlC9w"
|
|
|
|
JWS_Unprotected_Header_4_8_3 = {"alg": "ES512",
|
|
"kid": "bilbo.baggins@hobbiton.example"}
|
|
|
|
JWS_Signature_4_8_3 = \
|
|
"ARcVLnaJJaUWG8fG-[AWS-SECRET-REMOVED]kn9Yb" + \
|
|
"[AWS-SECRET-REMOVED]cI3Jkl2U5IX3utNhODH6v7" + \
|
|
"[AWS-SECRET-REMOVED]gV3q7ZYhm5eD"
|
|
|
|
JWS_Protected_Header_4_8_4 = \
|
|
"[AWS-SECRET-REMOVED]LTRkOWItNDcxYi1iZmQ2LW" + \
|
|
"VlZjMxNGJjNzAzNyJ9"
|
|
|
|
JWS_Signature_4_8_4 = "[AWS-SECRET-REMOVED]7p0"
|
|
|
|
JWS_general_4_8_5 = {
|
|
"payload": Payload_plaintext_b64_4,
|
|
"signatures": [
|
|
{"protected": JWS_Protected_Header_4_8_2,
|
|
"header": JWS_Unprotected_Header_4_8_2,
|
|
"signature": JWS_Signature_4_8_2},
|
|
{"header": JWS_Unprotected_Header_4_8_3,
|
|
"signature": JWS_Signature_4_8_3},
|
|
{"protected": JWS_Protected_Header_4_8_4,
|
|
"signature": JWS_Signature_4_8_4}]}
|
|
|
|
|
|
class Cookbook08JWSTests(unittest.TestCase):
|
|
|
|
def test_4_1_signing(self):
|
|
plaintext = base64url_decode(Payload_plaintext_b64_4)
|
|
protected = \
|
|
base64url_decode(JWS_Protected_Header_4_1_2).decode('utf-8')
|
|
pub_key = jwk.JWK(**RSA_Public_Key_3_3)
|
|
pri_key = jwk.JWK(**RSA_Private_Key_3_4)
|
|
s = jws.JWS(payload=plaintext)
|
|
s.add_signature(pri_key, None, protected)
|
|
self.assertEqual(JWS_compact_4_1_3, s.serialize(compact=True))
|
|
s.deserialize(json_encode(JWS_general_4_1_3), pub_key)
|
|
s.deserialize(json_encode(JWS_flattened_4_1_3), pub_key)
|
|
|
|
def test_4_2_signing(self):
|
|
plaintext = base64url_decode(Payload_plaintext_b64_4)
|
|
protected = \
|
|
base64url_decode(JWS_Protected_Header_4_2_2).decode('utf-8')
|
|
pub_key = jwk.JWK(**RSA_Public_Key_3_3)
|
|
pri_key = jwk.JWK(**RSA_Private_Key_3_4)
|
|
s = jws.JWS(payload=plaintext)
|
|
s.add_signature(pri_key, None, protected)
|
|
# Can't compare signature with reference because RSASSA-PSS uses
|
|
# random nonces every time a signature is generated.
|
|
sig = s.serialize()
|
|
s.deserialize(sig, pub_key)
|
|
# Just deserialize each example form
|
|
s.deserialize(JWS_compact_4_2_3, pub_key)
|
|
s.deserialize(json_encode(JWS_general_4_2_3), pub_key)
|
|
s.deserialize(json_encode(JWS_flattened_4_2_3), pub_key)
|
|
|
|
def test_4_3_signing(self):
|
|
plaintext = base64url_decode(Payload_plaintext_b64_4)
|
|
protected = \
|
|
base64url_decode(JWS_Protected_Header_4_3_2).decode('utf-8')
|
|
pub_key = jwk.JWK(**EC_Public_Key_3_1)
|
|
pri_key = jwk.JWK(**EC_Private_Key_3_2)
|
|
s = jws.JWS(payload=plaintext)
|
|
s.add_signature(pri_key, None, protected)
|
|
# Can't compare signature with reference because ECDSA uses
|
|
# random nonces every time a signature is generated.
|
|
sig = s.serialize()
|
|
s.deserialize(sig, pub_key)
|
|
# Just deserialize each example form
|
|
s.deserialize(JWS_compact_4_3_3, pub_key)
|
|
s.deserialize(json_encode(JWS_general_4_3_3), pub_key)
|
|
s.deserialize(json_encode(JWS_flattened_4_3_3), pub_key)
|
|
|
|
def test_4_4_signing(self):
|
|
plaintext = base64url_decode(Payload_plaintext_b64_4)
|
|
protected = \
|
|
base64url_decode(JWS_Protected_Header_4_4_2).decode('utf-8')
|
|
key = jwk.JWK(**Symmetric_Key_MAC_3_5)
|
|
s = jws.JWS(payload=plaintext)
|
|
s.add_signature(key, None, protected)
|
|
sig = s.serialize(compact=True)
|
|
s.deserialize(sig, key)
|
|
self.assertEqual(sig, JWS_compact_4_4_3)
|
|
# Just deserialize each example form
|
|
s.deserialize(JWS_compact_4_4_3, key)
|
|
s.deserialize(json_encode(JWS_general_4_4_3), key)
|
|
s.deserialize(json_encode(JWS_flattened_4_4_3), key)
|
|
|
|
def test_4_6_signing(self):
|
|
plaintext = base64url_decode(Payload_plaintext_b64_4)
|
|
protected = \
|
|
base64url_decode(JWS_Protected_Header_4_6_2).decode('utf-8')
|
|
header = json_encode(JWS_Unprotected_Header_4_6_2)
|
|
key = jwk.JWK(**Symmetric_Key_MAC_3_5)
|
|
s = jws.JWS(payload=plaintext)
|
|
s.add_signature(key, None, protected, header)
|
|
sig = s.serialize()
|
|
s.deserialize(sig, key)
|
|
self.assertEqual(json_decode(sig), JWS_flattened_4_6_3)
|
|
# Just deserialize each example form
|
|
s.deserialize(json_encode(JWS_general_4_6_3), key)
|
|
s.deserialize(json_encode(JWS_flattened_4_6_3), key)
|
|
|
|
def test_4_7_signing(self):
|
|
plaintext = base64url_decode(Payload_plaintext_b64_4)
|
|
header = json_encode(JWS_Unprotected_Header_4_7_2)
|
|
key = jwk.JWK(**Symmetric_Key_MAC_3_5)
|
|
s = jws.JWS(payload=plaintext)
|
|
s.add_signature(key, None, None, header)
|
|
sig = s.serialize()
|
|
s.deserialize(sig, key)
|
|
self.assertEqual(json_decode(sig), JWS_flattened_4_7_3)
|
|
# Just deserialize each example form
|
|
s.deserialize(json_encode(JWS_general_4_7_3), key)
|
|
s.deserialize(json_encode(JWS_flattened_4_7_3), key)
|
|
|
|
def test_4_8_signing(self):
|
|
plaintext = base64url_decode(Payload_plaintext_b64_4)
|
|
s = jws.JWS(payload=plaintext)
|
|
# 4_8_2
|
|
protected = \
|
|
base64url_decode(JWS_Protected_Header_4_8_2).decode('utf-8')
|
|
header = json_encode(JWS_Unprotected_Header_4_8_2)
|
|
pri_key = jwk.JWK(**RSA_Private_Key_3_4)
|
|
s.add_signature(pri_key, None, protected, header)
|
|
# 4_8_3
|
|
header = json_encode(JWS_Unprotected_Header_4_8_3)
|
|
pri_key = jwk.JWK(**EC_Private_Key_3_2)
|
|
s.add_signature(pri_key, None, None, header)
|
|
# 4_8_4
|
|
protected = \
|
|
base64url_decode(JWS_Protected_Header_4_8_4).decode('utf-8')
|
|
sym_key = jwk.JWK(**Symmetric_Key_MAC_3_5)
|
|
s.add_signature(sym_key, None, protected)
|
|
sig = s.serialize()
|
|
# Can't compare signature with reference because ECDSA uses
|
|
# random nonces every time a signature is generated.
|
|
rsa_key = jwk.JWK(**RSA_Public_Key_3_3)
|
|
ec_key = jwk.JWK(**EC_Public_Key_3_1)
|
|
s.deserialize(sig, rsa_key)
|
|
s.deserialize(sig, ec_key)
|
|
s.deserialize(sig, sym_key)
|
|
# Just deserialize each example form
|
|
s.deserialize(json_encode(JWS_general_4_8_5), rsa_key)
|
|
s.deserialize(json_encode(JWS_general_4_8_5), ec_key)
|
|
s.deserialize(json_encode(JWS_general_4_8_5), sym_key)
|
|
|
|
|
|
# 5.0
|
|
Payload_plaintext_5 = \
|
|
b"You can trust us to stick with you through thick and " + \
|
|
b"thin\xe2\x80\x93to the bitter end. And you can trust us to " + \
|
|
b"keep any secret of yours\xe2\x80\x93closer than you keep it " + \
|
|
b"yourself. But you cannot trust us to let you face trouble " + \
|
|
b"alone, and go off without a word. We are your friends, Frodo."
|
|
|
|
# 5.1
|
|
RSA_key_5_1_1 = {
|
|
"kty": "RSA",
|
|
"kid": "frodo.baggins@hobbiton.example",
|
|
"use": "enc",
|
|
"n": "[AWS-SECRET-REMOVED]Lj8NnPU9XIYegT"
|
|
"HVHQjxKDSHP2l-F5jS7sppG1wgdAqZyhnWvXhYNvcM7RfgKxqNx_xAHx"
|
|
"6f3yy7s-[AWS-SECRET-REMOVED]t5fS9W5U"
|
|
"NwaAllhrd-osQGPjIeI1deHTwx-ZTHu3C60Pu_LJIl6hKn9wbwaUmA4c"
|
|
"[AWS-SECRET-REMOVED]zV0WOKPfA6OPI4oy"
|
|
"[AWS-SECRET-REMOVED]2e_VOIKVMsnDrJYA"
|
|
"VotGlvMQ",
|
|
"e": "AQAB",
|
|
"d": "[AWS-SECRET-REMOVED]nJN7ZEi963R7wy"
|
|
"bQ1PLAHmpIbNTztfrheoAniRV1NCIqXaW_qS461xiDTp4ntEPnqcKsyO"
|
|
"5jMAji7-[AWS-SECRET-REMOVED]USZ_hLg6"
|
|
"[AWS-SECRET-REMOVED]rdE6fpLc9Oaq-qeP"
|
|
"1GFULimrRdndm-P8q8kvN3KHlNAtEgrQAgTTgz80S-3VD0FgWfgnb1PN"
|
|
"miuPUxO8OpI9KDIfu_acc6fg14nsNaJqXe6RESvhGPH2afjHqSy_Fd2v"
|
|
"pzj85bQQ",
|
|
"p": "[AWS-SECRET-REMOVED]nUE3sdTYKSLtaE"
|
|
"oekX9vbBZuWxHdVhM6UnKCJ_2iNk8Z0ayLYHL0_G21aXf9-unynEpUsH"
|
|
"[AWS-SECRET-REMOVED]lOH-a3QQlDDQoJOJ"
|
|
"2VFmU",
|
|
"q": "te8LY4-[AWS-SECRET-REMOVED]wiQ93_V"
|
|
"F099aP1ESeLja2nw-6iKIe-qT7mtCPozKfVtUYfz5HrJ_XY2kfexJINb"
|
|
"9lhZHMv5p1skZpeIS-GPHCC6gRlKo1q-idn_qxyusfWv7WAxlSVfQfk8"
|
|
"d6Et0",
|
|
"dp": "UfYKcL_or492vVc0PzwLSplbg4L3-Z5wL48mwiswbpzOyIgd2xHTH"
|
|
"QmjJpFAIZ8q-[AWS-SECRET-REMOVED]17JV"
|
|
"RDo1inX7x2Kdh8ERCreW8_4zXItuTl_KiXZNU5lvMQjWbIw2eTx1lpsf"
|
|
"lo0rYU",
|
|
"dq": "iEgcO-QfpepdH8FWd7mUFyrXdnOkXJBCogChY6YKuIHGc_p8Le9Mb"
|
|
"pFKESzEaLlN1Ehf3B6oGBl5Iz_ayUlZj2IoQZ82znoUrpa9fVYNot87A"
|
|
"CfzIG7q9Mv7RiPAderZi03tkVXAdaBau_9vs5rS-7HMtxkVrxSUvJY14"
|
|
"TkXlHE",
|
|
"qi": "kC-lzZOqoFaZCr5l0tOVtREKoVqaAYhQiqIRGL-MzS4sCmRkxm5vZ"
|
|
"lXYx6RtE1n_[AWS-SECRET-REMOVED]QpSc7"
|
|
"[AWS-SECRET-REMOVED]L6fG9mkDcIyPrBXx"
|
|
"2bQ_mM"}
|
|
|
|
JWE_IV_5_1_2 = "bbd5sTkYwhAIqfHsx8DayA"
|
|
|
|
JWE_Encrypted_Key_5_1_3 = \
|
|
"laLxI0j-nLH-_[AWS-SECRET-REMOVED]1WClnQePF" + \
|
|
"vG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2G" + \
|
|
"[AWS-SECRET-REMOVED]H77f2ff7xiSxh9oSewYrcG" + \
|
|
"[AWS-SECRET-REMOVED]7Mv1rOTOI5I8NQqeXXW8Vl" + \
|
|
"[AWS-SECRET-REMOVED]EecelIO1wx1BpyIfgvfjOh" + \
|
|
"MBs9M8XL223Fg47xlGsMXdfuY-4jaqVw"
|
|
|
|
JWE_Protected_Header_5_1_4 = \
|
|
"[AWS-SECRET-REMOVED]YWdnaW5zQGhvYmJpdG9uLm" + \
|
|
"[AWS-SECRET-REMOVED]0"
|
|
|
|
JWE_Ciphertext_5_1_4 = \
|
|
"0fys_TY_[AWS-SECRET-REMOVED]vGZ4_FNVSiGc_r" + \
|
|
"aa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8O" + \
|
|
"[AWS-SECRET-REMOVED]dQKPdNTjPPEmRqcaGeTWZV" + \
|
|
"[AWS-SECRET-REMOVED]M_s8uwIFcqt4r5GX8TKaI0" + \
|
|
"zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2" + \
|
|
"O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VW" + \
|
|
"i7lzA6BP430m"
|
|
|
|
JWE_Authentication_Tag_5_1_4 = "kvKuFBXHe5mQr4lqgobAUg"
|
|
|
|
JWE_compact_5_1_5 = \
|
|
"%s.%s.%s.%s.%s" % (JWE_Protected_Header_5_1_4,
|
|
JWE_Encrypted_Key_5_1_3,
|
|
JWE_IV_5_1_2,
|
|
JWE_Ciphertext_5_1_4,
|
|
JWE_Authentication_Tag_5_1_4)
|
|
|
|
JWE_general_5_1_5 = {
|
|
"recipients": [{
|
|
"encrypted_key": JWE_Encrypted_Key_5_1_3}],
|
|
"protected": JWE_Protected_Header_5_1_4,
|
|
"iv": JWE_IV_5_1_2,
|
|
"ciphertext": JWE_Ciphertext_5_1_4,
|
|
"tag": JWE_Authentication_Tag_5_1_4}
|
|
|
|
JWE_flattened_5_1_5 = {
|
|
"protected": JWE_Protected_Header_5_1_4,
|
|
"encrypted_key": JWE_Encrypted_Key_5_1_3,
|
|
"iv": JWE_IV_5_1_2,
|
|
"ciphertext": JWE_Ciphertext_5_1_4,
|
|
"tag": JWE_Authentication_Tag_5_1_4}
|
|
|
|
# 5.2
|
|
RSA_key_5_2_1 = {
|
|
"kty": "RSA",
|
|
"kid": "samwise.gamgee@hobbiton.example",
|
|
"use": "enc",
|
|
"n": "[AWS-SECRET-REMOVED]2-5zVUxa6prHRr"
|
|
"[AWS-SECRET-REMOVED]BioZBl1XP2e-C-Fy"
|
|
"[AWS-SECRET-REMOVED]fpGrZLarohiWCPnk"
|
|
"Nrg71S2CuNZSQBIPGjXfkmIy2tl_VWgGnL22GplyXj5YlBLdxXp3XeSt"
|
|
"[AWS-SECRET-REMOVED]iwA7sXRItBCivR4M"
|
|
"5qnZtdw-7v4WuR4779ubDuJ5nalMv2S66-RPcnFAzWSKxtBDnFJJDGIU"
|
|
"e7Tzizjg1nms0Xq_yPub_UOlWn0ec85FCft1hACpWG8schrOBeNqHBOD"
|
|
"FskYpUc2LC5JA2TaPF2dA67dg1TTsC_FupfQ2kNGcE1LgprxKHcVWYQb"
|
|
"86B-HozjHZcqtauBzFNV5tbTuB-TpkcvJfNcFLlH3b8mb-H_ox35FjqB"
|
|
"SAjLKyoeqfKTpVjvXhd09knwgJf6VKq6UC418_TOljMVfFTWXUxlnfhO"
|
|
"[AWS-SECRET-REMOVED]5qFDxDQKis99gcDa"
|
|
"iCAwM3yEBIzuNeeCa5dartHDb1xEB_HcHSeYbghbMjGfasvKn0aZRsnT"
|
|
"yC0xhWBlsolZE",
|
|
"e": "AQAB",
|
|
"alg": "RSA-OAEP",
|
|
"d": "n7fzJc3_WG59VEOBTkayzuSMM780OJQuZjN_KbH8lOZG25ZoA7T4Bx"
|
|
"[AWS-SECRET-REMOVED]jcWZ-oBtVk7gCAWq"
|
|
"-B3qhfF3izlbkosrzjHajIcY33HBhsy4_WerrXg4MDNE4HYojy68TcxT"
|
|
"[AWS-SECRET-REMOVED]ewfmmrfveEogLx9E"
|
|
"A-KMgAjTiISXxqIXQhWUQX1G7v_mV_Hr2YuImYcNcHkRvp9E7ook0876"
|
|
"DhkO8v4UOZLwA1OlUX98mkoqwc58A_Y2lBYbVx1_s5lpPsEqbbH-nqIj"
|
|
"[AWS-SECRET-REMOVED]v-Rn9fLIv9jZ6r7r"
|
|
"-MSH9sqbuziHN2grGjD_jfRluMHa0l84fFKl6bcqN1JWxPVhzNZo01yD"
|
|
"F-[AWS-SECRET-REMOVED]q3jDIsgoL8Mo1L"
|
|
"oomgiJxUwL_GWEOGu28gplyzm-9Q0U0nyhEf1uhSR8aJAQWAiFImWH5W"
|
|
"_IQT9I7-yrindr_2fWQ_i1UgMsGzA7aOGzZfPljRy6z-tY_KuBG00-28"
|
|
"S_aWvjyUc-Alp8AUyKjBZ-7CWH32fGWK48j1t-zomrwjL_mnhsPbGs0c"
|
|
"9WsWgRzI-K8gE",
|
|
"p": "7_[AWS-SECRET-REMOVED]XgVy9l9etKgh"
|
|
"vM4hRkOvbb01kYVuLFmxIkCDtpi-zLCYAdXKrAK3PtSbtzld_XZ9nlsY"
|
|
"a_QZWpXB_[AWS-SECRET-REMOVED]zD_AC3m"
|
|
"Y46J961Y2LRnreVwAGNw53p07Db8yD_92pDa97vqcZOdgtybH9q6uma-"
|
|
"RFNhO1AoiJhYZj69hjmMRXx-x56HO9cnXNbmzNSCFCKnQmn4GQLmRj9s"
|
|
"fbZRqL94bbtE4_[AWS-SECRET-REMOVED]gP"
|
|
"gWCv5HoQ",
|
|
"q": "zqOHk1P6WN_[AWS-SECRET-REMOVED]6Zy"
|
|
"KQCO-O6mKXtcgE8_Q_hA2kMRcKOcvHil1hqMCNSXlflM7WPRPZu2qCDc"
|
|
"qssd_uMbP-DqYthH_EzwL9KnYoH7JQFxxmcv5An8oXUtTwk4knKjkIYG"
|
|
"[AWS-SECRET-REMOVED]n41UlbJ7TCqewzVJ"
|
|
"[AWS-SECRET-REMOVED]mnfPevSJQBE79-EX"
|
|
"e2kSwVgOzvt-[AWS-SECRET-REMOVED]epQJ"
|
|
"JlXXnH8Q",
|
|
"dp": "[AWS-SECRET-REMOVED]t1jK83_FJA-xn"
|
|
"x5kA7-1erdHdms_[AWS-SECRET-REMOVED]Q"
|
|
"J_[AWS-SECRET-REMOVED]LhUpGo1IZuG72F"
|
|
"ZQ5gTjXoTXC2-[AWS-SECRET-REMOVED]C3i"
|
|
"[AWS-SECRET-REMOVED]eIQAeEgT_yXcrKGm"
|
|
"pKdSO08kLBx8VUjkbv_3Pn20Gyu2YEuwpFlM_H1NikuxJNKFGmnAq9Lc"
|
|
"nwwT0jvoQ",
|
|
"dq": "[AWS-SECRET-REMOVED]f72O9kLMCfd_1"
|
|
"VBEqeD-1jjwELKDjck8kOBl5UvohK1oDfSP1DleAy-cnmL29DqWmhgwM"
|
|
"1ip0CCNmkmsmDSlqkUXDi6sAaZuntyukyflI-qSQ3C_BafPyFaKrt1fg"
|
|
"[AWS-SECRET-REMOVED]25cfc10wZ9hQNOrI"
|
|
"[AWS-SECRET-REMOVED]9zwJcSUvODlXBPc2"
|
|
"AycH6Ci5yjbxt4Ppox_5pjm6xnQkiPgj01GpsUssMmBN7iHVsrE7N2iz"
|
|
"nBNCeOUIQ",
|
|
"qi": "FZhClBMywVVjnuUud-05qd5CYU0dK79akAgy9oX6RX6I3IIIPckCc"
|
|
"iRrokxglZn-omAY5CnCe4KdrnjFOT5YUZE7G_Pg44XgCXaarLQf4hl80"
|
|
"oPEf6-jJ5Iy6wPRx7G2e8qLxnh9cOdf-kRqgOS3F48Ucvw3ma5V6KGMw"
|
|
"QqWFeV31XtZ8l5cVI-I3NzBS7qltpUVgz2Ju021eyc7IlqgzR98qKONl"
|
|
"[AWS-SECRET-REMOVED]ZI1seJiGDizHRUP4"
|
|
"[AWS-SECRET-REMOVED]6SNMNVcyVS9IWjlq"
|
|
"8EzqZEKIA"}
|
|
|
|
JWE_IV_5_2_2 = "-nBoKLH0YkLZPSI9"
|
|
|
|
JWE_Encrypted_Key_5_2_3 = \
|
|
"[AWS-SECRET-REMOVED]lCiud48LxeolRdtFF4nzQi" + \
|
|
"beYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyu" + \
|
|
"cvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58" + \
|
|
"-[AWS-SECRET-REMOVED]D4_H4Bd7V3u9h8Gkg8Bpx" + \
|
|
"KdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pK" + \
|
|
"IIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7" + \
|
|
"pZfPYDSXZyS0CfKKkMozT_[AWS-SECRET-REMOVED]" + \
|
|
"fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe3" + \
|
|
"[AWS-SECRET-REMOVED]-xDmMuxC0G7S2rscw5lQQU" + \
|
|
"06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5" + \
|
|
"Jx9paBpnNmOOKH35j_[AWS-SECRET-REMOVED]ozDR" + \
|
|
"s"
|
|
|
|
JWE_Protected_Header_5_2_4 = \
|
|
"[AWS-SECRET-REMOVED]c2UuZ2FtZ2VlQGhvYmJpdG" + \
|
|
"9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0"
|
|
|
|
JWE_Ciphertext_5_2_4 = \
|
|
"o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgR" + \
|
|
"L-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEw" + \
|
|
"[AWS-SECRET-REMOVED]rsuhw5f-pGYzseva-TUaL8" + \
|
|
"iWnctc-[AWS-SECRET-REMOVED]p5fnbYGLa1QUiML" + \
|
|
"7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSV" + \
|
|
"[AWS-SECRET-REMOVED]bnypNimbM8zVOw"
|
|
|
|
JWE_Authentication_Tag_5_2_4 = "UCGiqJxhBI3IFVdPalHHvA"
|
|
|
|
JWE_compact_5_2_5 = \
|
|
"%s.%s.%s.%s.%s" % (JWE_Protected_Header_5_2_4,
|
|
JWE_Encrypted_Key_5_2_3,
|
|
JWE_IV_5_2_2,
|
|
JWE_Ciphertext_5_2_4,
|
|
JWE_Authentication_Tag_5_2_4)
|
|
|
|
JWE_general_5_2_5 = {
|
|
"recipients": [{
|
|
"encrypted_key": JWE_Encrypted_Key_5_2_3}],
|
|
"protected": JWE_Protected_Header_5_2_4,
|
|
"iv": JWE_IV_5_2_2,
|
|
"ciphertext": JWE_Ciphertext_5_2_4,
|
|
"tag": JWE_Authentication_Tag_5_2_4}
|
|
|
|
JWE_flattened_5_2_5 = {
|
|
"protected": JWE_Protected_Header_5_2_4,
|
|
"encrypted_key": JWE_Encrypted_Key_5_2_3,
|
|
"iv": JWE_IV_5_2_2,
|
|
"ciphertext": JWE_Ciphertext_5_2_4,
|
|
"tag": JWE_Authentication_Tag_5_2_4}
|
|
|
|
# 5.3
|
|
Payload_plaintext_5_3_1 = \
|
|
b'{"keys":[{"kty":"oct","kid":"77c7e2b8-6e13-45cf-8672-617b5b45' + \
|
|
b'243a","use":"enc","alg":"A128GCM","k":"XctOhJAkA-pD9Lh7ZgW_2A' + \
|
|
b'"},{"kty":"oct","kid":"[HEROKU-API-KEY-REMOVED]",' + \
|
|
b'"use":"enc","alg":"A128KW","k":"GZy6sIZ6wl9NJOKB-jnmVQ"},{"kt' + \
|
|
b'y":"oct","kid":"[HEROKU-API-KEY-REMOVED]","use":"' + \
|
|
b'enc","alg":"A256GCMKW","k":"qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0N' + \
|
|
b'LBvdQstiS8"}]}'
|
|
|
|
Password_5_3_1 = b'entrap_o\xe2\x80\x93peter_long\xe2\x80\x93credit_tun'
|
|
|
|
JWE_IV_5_3_2 = "VBiCzVHNoLiR3F4V82uoTQ"
|
|
|
|
JWE_Encrypted_Key_5_3_3 = \
|
|
"[AWS-SECRET-REMOVED]PWdgtURtmeDV1g"
|
|
|
|
JWE_Protected_Header_no_p2x = {
|
|
"alg": "PBES2-HS512+A256KW",
|
|
"cty": "jwk-set+json",
|
|
"enc": "A128CBC-HS256"}
|
|
|
|
JWE_Protected_Header_5_3_4 = \
|
|
"[AWS-SECRET-REMOVED]MnMiOiI4UTFTemluYXNSM3" + \
|
|
"[AWS-SECRET-REMOVED]Jqd2stc2V0K2pzb24iLCJl" + \
|
|
"bmMiOiJBMTI4Q0JDLUhTMjU2In0"
|
|
|
|
JWE_Ciphertext_5_3_4 = \
|
|
"23i-[AWS-SECRET-REMOVED]2nsnGIX86vMXqIi6IR" + \
|
|
"[AWS-SECRET-REMOVED]EYCNA_XOmzg8yZR9oyjo6l" + \
|
|
"TF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb" + \
|
|
"6asmas_[AWS-SECRET-REMOVED]3fOoOJbmk2GBQZL" + \
|
|
"_[AWS-SECRET-REMOVED]8AtzXFFsx9qKvC982KLKd" + \
|
|
"[AWS-SECRET-REMOVED]aS-rCrcD_ePOGSuxvgtrok" + \
|
|
"[AWS-SECRET-REMOVED]hJwcmywIyzi4BqRpmdn_N-" + \
|
|
"zl5tuJYyuvKhjKv6ihbsV_[AWS-SECRET-REMOVED]" + \
|
|
"3kobXZ77ulMwDs4p"
|
|
|
|
JWE_Authentication_Tag_5_3_4 = "0HlwodAhOCILG5SQ2LQ9dg"
|
|
|
|
JWE_compact_5_3_5 = \
|
|
"%s.%s.%s.%s.%s" % (JWE_Protected_Header_5_3_4,
|
|
JWE_Encrypted_Key_5_3_3,
|
|
JWE_IV_5_3_2,
|
|
JWE_Ciphertext_5_3_4,
|
|
JWE_Authentication_Tag_5_3_4)
|
|
|
|
JWE_general_5_3_5 = {
|
|
"recipients": [{
|
|
"encrypted_key": JWE_Encrypted_Key_5_3_3}],
|
|
"protected": JWE_Protected_Header_5_3_4,
|
|
"iv": JWE_IV_5_3_2,
|
|
"ciphertext": JWE_Ciphertext_5_3_4,
|
|
"tag": JWE_Authentication_Tag_5_3_4}
|
|
|
|
JWE_flattened_5_3_5 = {
|
|
"protected": JWE_Protected_Header_5_3_4,
|
|
"encrypted_key": JWE_Encrypted_Key_5_3_3,
|
|
"iv": JWE_IV_5_3_2,
|
|
"ciphertext": JWE_Ciphertext_5_3_4,
|
|
"tag": JWE_Authentication_Tag_5_3_4}
|
|
|
|
# 5.4
|
|
EC_key_5_4_1 = {
|
|
"kty": "EC",
|
|
"kid": "peregrin.took@tuckborough.example",
|
|
"use": "enc",
|
|
"crv": "P-384",
|
|
"x": "YU4rRUzdmVqmRtWOs2OpDE_[AWS-SECRET-REMOVED]2",
|
|
"y": "A8-[AWS-SECRET-REMOVED]dtksRJU7D5-SkgaFL1ETP",
|
|
"d": "iTx2pk7wW-[AWS-SECRET-REMOVED]0IdnYK2xDlZh-j"}
|
|
|
|
JWE_IV_5_4_2 = "mH-G2zVqgztUtnW_"
|
|
|
|
JWE_Encrypted_Key_5_4_3 = \
|
|
"0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2"
|
|
|
|
JWE_Protected_Header_no_epk_5_4_4 = {
|
|
"alg": "ECDH-ES+A128KW",
|
|
"kid": "peregrin.took@tuckborough.example",
|
|
"enc": "A128GCM"}
|
|
|
|
JWE_Protected_Header_5_4_4 = \
|
|
"[AWS-SECRET-REMOVED]InBlcmVncmluLnRvb2tAdH" + \
|
|
"[AWS-SECRET-REMOVED]kiOiJFQyIsImNydiI6IlAt" + \
|
|
"[AWS-SECRET-REMOVED]ZF9vWXpCbWF6LUdLRlp1NH" + \
|
|
"[AWS-SECRET-REMOVED]J5Ijoic3AzcDVTR2haVkMy" + \
|
|
"[AWS-SECRET-REMOVED]NFBnRXdaT3lRVEEtSmRhWT" + \
|
|
"h0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0"
|
|
|
|
JWE_Ciphertext_5_4_4 = \
|
|
"[AWS-SECRET-REMOVED]OhXgz5NJ76oID7lpnAi_cP" + \
|
|
"WJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0" + \
|
|
"IgEnj_qfo1hIi-[AWS-SECRET-REMOVED]icQDVCkc" + \
|
|
"[AWS-SECRET-REMOVED]NU1ErkjcMqMoT_wtCex3w0" + \
|
|
"3XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu" + \
|
|
"[AWS-SECRET-REMOVED]4ioYezbS6vTPlQ"
|
|
|
|
JWE_Authentication_Tag_5_4_4 = "WuGzxmcreYjpHGJoa17EBg"
|
|
|
|
JWE_compact_5_4_5 = \
|
|
"%s.%s.%s.%s.%s" % (JWE_Protected_Header_5_4_4,
|
|
JWE_Encrypted_Key_5_4_3,
|
|
JWE_IV_5_4_2,
|
|
JWE_Ciphertext_5_4_4,
|
|
JWE_Authentication_Tag_5_4_4)
|
|
|
|
JWE_general_5_4_5 = {
|
|
"recipients": [{
|
|
"encrypted_key": JWE_Encrypted_Key_5_4_3}],
|
|
"protected": JWE_Protected_Header_5_4_4,
|
|
"iv": JWE_IV_5_4_2,
|
|
"ciphertext": JWE_Ciphertext_5_4_4,
|
|
"tag": JWE_Authentication_Tag_5_4_4}
|
|
|
|
JWE_flattened_5_4_5 = {
|
|
"protected": JWE_Protected_Header_5_4_4,
|
|
"encrypted_key": JWE_Encrypted_Key_5_4_3,
|
|
"iv": JWE_IV_5_4_2,
|
|
"ciphertext": JWE_Ciphertext_5_4_4,
|
|
"tag": JWE_Authentication_Tag_5_4_4}
|
|
|
|
# 5.5
|
|
EC_key_5_5_1 = {
|
|
"kty": "EC",
|
|
"kid": "meriadoc.brandybuck@buckland.example",
|
|
"use": "enc",
|
|
"crv": "P-256",
|
|
"x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
|
|
"y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
|
|
"d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8"}
|
|
|
|
JWE_IV_5_5_2 = "yc9N8v5sYyv3iGQT926IUg"
|
|
|
|
JWE_Protected_Header_no_epk_5_5_4 = {
|
|
"alg": "ECDH-ES",
|
|
"kid": "meriadoc.brandybuck@buckland.example",
|
|
"enc": "A128CBC-HS256"
|
|
}
|
|
|
|
JWE_Protected_Header_5_5_4 = \
|
|
"[AWS-SECRET-REMOVED]b2MuYnJhbmR5YnVja0BidW" + \
|
|
"[AWS-SECRET-REMOVED]VDIiwiY3J2IjoiUC0yNTYi" + \
|
|
"[AWS-SECRET-REMOVED]clhXUXVfdndWT0hIdE5rZF" + \
|
|
"[AWS-SECRET-REMOVED]lmR1RUMElqQnBGdzJTUzM0" + \
|
|
"[AWS-SECRET-REMOVED]fQ"
|
|
|
|
JWE_Ciphertext_5_5_4 = \
|
|
"BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9" + \
|
|
"IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_e" + \
|
|
"vAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7-" + \
|
|
"IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI" + \
|
|
"-[AWS-SECRET-REMOVED]4mYpvKDiwmyzGd65KqVw7" + \
|
|
"MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ61" + \
|
|
"95_JGG2m9Csg"
|
|
|
|
JWE_Authentication_Tag_5_5_4 = "WCCkNa-x4BeB9hIDIfFuhg"
|
|
|
|
JWE_compact_5_5_5 = \
|
|
"%s..%s.%s.%s" % (JWE_Protected_Header_5_5_4,
|
|
JWE_IV_5_5_2,
|
|
JWE_Ciphertext_5_5_4,
|
|
JWE_Authentication_Tag_5_5_4)
|
|
|
|
JWE_general_5_5_5 = {
|
|
"protected": JWE_Protected_Header_5_5_4,
|
|
"iv": JWE_IV_5_5_2,
|
|
"ciphertext": JWE_Ciphertext_5_5_4,
|
|
"tag": JWE_Authentication_Tag_5_5_4}
|
|
|
|
# 5.6
|
|
AES_key_5_6_1 = {
|
|
"kty": "oct",
|
|
"kid": "[HEROKU-API-KEY-REMOVED]",
|
|
"use": "enc",
|
|
"alg": "A128GCM",
|
|
"k": "XctOhJAkA-pD9Lh7ZgW_2A"}
|
|
|
|
JWE_IV_5_6_2 = "refa467QzzKx6QAB"
|
|
|
|
JWE_Protected_Header_5_6_3 = \
|
|
"[AWS-SECRET-REMOVED]ZTEzLTQ1Y2YtODY3Mi02MT" + \
|
|
"diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0"
|
|
|
|
JWE_Ciphertext_5_6_3 = \
|
|
"JW_i_f52hww_[AWS-SECRET-REMOVED]HP8yZOZG7Y" + \
|
|
"hLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zM" + \
|
|
"DB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_" + \
|
|
"[AWS-SECRET-REMOVED]i-aQpGbSv_F9N4IZAxscj5" + \
|
|
"g-NJsUPbjk29-[AWS-SECRET-REMOVED]9aKZSRSIn" + \
|
|
"ZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp"
|
|
|
|
JWE_Authentication_Tag_5_6_3 = "vbb32Xvllea2OtmHAdccRQ"
|
|
|
|
JWE_compact_5_6_4 = \
|
|
"%s..%s.%s.%s" % (JWE_Protected_Header_5_6_3,
|
|
JWE_IV_5_6_2,
|
|
JWE_Ciphertext_5_6_3,
|
|
JWE_Authentication_Tag_5_6_3)
|
|
|
|
JWE_general_5_6_4 = {
|
|
"protected": JWE_Protected_Header_5_6_3,
|
|
"iv": JWE_IV_5_6_2,
|
|
"ciphertext": JWE_Ciphertext_5_6_3,
|
|
"tag": JWE_Authentication_Tag_5_6_3}
|
|
|
|
# 5.7 - A256GCMKW not implemented yet
|
|
AES_key_5_7_1 = {
|
|
"kty": "oct",
|
|
"kid": "[HEROKU-API-KEY-REMOVED]",
|
|
"use": "enc",
|
|
"alg": "A256GCMKW",
|
|
"k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8"}
|
|
|
|
JWE_IV_5_7_2 = "gz6NjyEFNm_vm8Gj6FwoFQ"
|
|
|
|
JWE_Encrypted_Key_5_7_3 = "lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok"
|
|
|
|
JWE_Protected_Header_no_ivtag = {
|
|
"alg": "A256GCMKW",
|
|
"kid": "[HEROKU-API-KEY-REMOVED]",
|
|
"enc": "A128CBC-HS256"}
|
|
|
|
JWE_Protected_Header_5_7_4 = \
|
|
"[AWS-SECRET-REMOVED]MDhlMS1iZmE5LTRkOTUtYj" + \
|
|
"[AWS-SECRET-REMOVED]ZRM1QzSDZ2bmV3dC0ta3N3" + \
|
|
"[AWS-SECRET-REMOVED]IjoiQTEyOENCQy1IUzI1Ni" + \
|
|
"J9"
|
|
|
|
JWE_Ciphertext_5_7_4 = \
|
|
"Jf5p9-ZhJlJy_IQ_[AWS-SECRET-REMOVED]pS8iaE" + \
|
|
"[AWS-SECRET-REMOVED]ZKX0gxKdy6HgLvqoGNbZCz" + \
|
|
"LjqcpDiF8q2_[AWS-SECRET-REMOVED]wzZaGV3eFq" + \
|
|
"hpco8o4DijXaG5_[AWS-SECRET-REMOVED]Azw9Hde" + \
|
|
"b6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0Jtj" + \
|
|
"[AWS-SECRET-REMOVED]V98QhrKEnR7xKZ3KCr0_qR" + \
|
|
"1B-gxpNk3xWU"
|
|
|
|
JWE_Authentication_Tag_5_7_4 = "DKW7jrb4WaRSNfbXVPlT5g"
|
|
|
|
JWE_compact_5_7_5 = \
|
|
"%s.%s.%s.%s.%s" % (JWE_Protected_Header_5_7_4,
|
|
JWE_Encrypted_Key_5_7_3,
|
|
JWE_IV_5_7_2,
|
|
JWE_Ciphertext_5_7_4,
|
|
JWE_Authentication_Tag_5_7_4)
|
|
|
|
JWE_general_5_7_5 = {
|
|
"recipients": [{
|
|
"encrypted_key": JWE_Encrypted_Key_5_7_3}],
|
|
"protected": JWE_Protected_Header_5_7_4,
|
|
"iv": JWE_IV_5_7_2,
|
|
"ciphertext": JWE_Ciphertext_5_7_4,
|
|
"tag": JWE_Authentication_Tag_5_7_4}
|
|
|
|
JWE_flattened_5_7_5 = {
|
|
"protected": JWE_Protected_Header_5_7_4,
|
|
"encrypted_key": JWE_Encrypted_Key_5_7_3,
|
|
"iv": JWE_IV_5_7_2,
|
|
"ciphertext": JWE_Ciphertext_5_7_4,
|
|
"tag": JWE_Authentication_Tag_5_7_4}
|
|
|
|
# 5.8
|
|
AES_key_5_8_1 = {
|
|
"kty": "oct",
|
|
"kid": "[HEROKU-API-KEY-REMOVED]",
|
|
"use": "enc",
|
|
"alg": "A128KW",
|
|
"k": "GZy6sIZ6wl9NJOKB-jnmVQ"}
|
|
|
|
JWE_IV_5_8_2 = "Qx0pmsDa8KnJc9Jo"
|
|
|
|
JWE_Encrypted_Key_5_8_3 = "CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx"
|
|
|
|
JWE_Protected_Header_5_8_4 = \
|
|
"[AWS-SECRET-REMOVED]NS04MzMyLTQzZDktYTQ2OC" + \
|
|
"[AWS-SECRET-REMOVED]0"
|
|
|
|
JWE_Ciphertext_5_8_4 = \
|
|
"AwliP-[AWS-SECRET-REMOVED]dhtFJgJxeVmJkLD6" + \
|
|
"[AWS-SECRET-REMOVED]3EkU0vjHi9gTlb90qSYFfe" + \
|
|
"[AWS-SECRET-REMOVED]f7ej6zaYcMv3WwdxDFl8RE" + \
|
|
"wOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-p" + \
|
|
"uQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRa" + \
|
|
"a8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF"
|
|
|
|
JWE_Authentication_Tag_5_8_4 = "ER7MWJZ1FBI_NKvn7Zb1Lw"
|
|
|
|
JWE_compact_5_8_5 = \
|
|
"%s.%s.%s.%s.%s" % (JWE_Protected_Header_5_8_4,
|
|
JWE_Encrypted_Key_5_8_3,
|
|
JWE_IV_5_8_2,
|
|
JWE_Ciphertext_5_8_4,
|
|
JWE_Authentication_Tag_5_8_4)
|
|
|
|
JWE_general_5_8_5 = {
|
|
"recipients": [{
|
|
"encrypted_key": JWE_Encrypted_Key_5_8_3}],
|
|
"protected": JWE_Protected_Header_5_8_4,
|
|
"iv": JWE_IV_5_8_2,
|
|
"ciphertext": JWE_Ciphertext_5_8_4,
|
|
"tag": JWE_Authentication_Tag_5_8_4}
|
|
|
|
JWE_flattened_5_8_5 = {
|
|
"protected": JWE_Protected_Header_5_8_4,
|
|
"encrypted_key": JWE_Encrypted_Key_5_8_3,
|
|
"iv": JWE_IV_5_8_2,
|
|
"ciphertext": JWE_Ciphertext_5_8_4,
|
|
"tag": JWE_Authentication_Tag_5_8_4}
|
|
|
|
# 5.9
|
|
JWE_IV_5_9_2 = "p9pUq6XHY0jfEZIl"
|
|
|
|
JWE_Encrypted_Key_5_9_3 = "5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi"
|
|
|
|
JWE_Protected_Header_5_9_4 = \
|
|
"[AWS-SECRET-REMOVED]NS04MzMyLTQzZDktYTQ2OC" + \
|
|
"[AWS-SECRET-REMOVED]wiemlwIjoiREVGIn0"
|
|
|
|
JWE_Ciphertext_5_9_4 = \
|
|
"[AWS-SECRET-REMOVED]mMI6VB8hry57tDZ61jXyez" + \
|
|
"SPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0" + \
|
|
"m-[AWS-SECRET-REMOVED]2PsM-w5E_o2B3jDbrYBK" + \
|
|
"[AWS-SECRET-REMOVED]w"
|
|
|
|
JWE_Authentication_Tag_5_9_4 = "VILuUwuIxaLVmh5X-T7kmA"
|
|
|
|
JWE_compact_5_9_5 = \
|
|
"%s.%s.%s.%s.%s" % (JWE_Protected_Header_5_9_4,
|
|
JWE_Encrypted_Key_5_9_3,
|
|
JWE_IV_5_9_2,
|
|
JWE_Ciphertext_5_9_4,
|
|
JWE_Authentication_Tag_5_9_4)
|
|
|
|
JWE_general_5_9_5 = {
|
|
"recipients": [{
|
|
"encrypted_key": JWE_Encrypted_Key_5_9_3}],
|
|
"protected": JWE_Protected_Header_5_9_4,
|
|
"iv": JWE_IV_5_9_2,
|
|
"ciphertext": JWE_Ciphertext_5_9_4,
|
|
"tag": JWE_Authentication_Tag_5_9_4}
|
|
|
|
JWE_flattened_5_9_5 = {
|
|
"protected": JWE_Protected_Header_5_9_4,
|
|
"encrypted_key": JWE_Encrypted_Key_5_9_3,
|
|
"iv": JWE_IV_5_9_2,
|
|
"ciphertext": JWE_Ciphertext_5_9_4,
|
|
"tag": JWE_Authentication_Tag_5_9_4}
|
|
|
|
# 5.10
|
|
AAD_5_10_1 = base64url_encode(json_encode(
|
|
["vcard",
|
|
[["version", {}, "text", "4.0"],
|
|
["fn", {}, "text", "Meriadoc Brandybuck"],
|
|
["n", {}, "text", ["Brandybuck", "Meriadoc", "Mr.", ""]],
|
|
["bday", {}, "text", "TA 2982"],
|
|
["gender", {}, "text", "M"]]]))
|
|
|
|
JWE_IV_5_10_2 = "veCx9ece2orS7c_N"
|
|
|
|
JWE_Encrypted_Key_5_10_3 = "4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X"
|
|
|
|
JWE_Protected_Header_5_10_4 = \
|
|
"[AWS-SECRET-REMOVED]NS04MzMyLTQzZDktYTQ2OC" + \
|
|
"[AWS-SECRET-REMOVED]0"
|
|
|
|
JWE_Ciphertext_5_10_4 = \
|
|
"Z_[AWS-SECRET-REMOVED]eJ0Ui8p74SchQP8xygM1" + \
|
|
"[AWS-SECRET-REMOVED]_4NFqF-p2Mx8zkbKxI7oPK" + \
|
|
"8KNarFbyxIDvICNqBLba-v3uzXBdB89fzOI-Lv4PjOFAQGHrgv1rjXAmKbgkft" + \
|
|
"9cB4WeyZw8MldbBhc-V_KWZslrsLNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4a" + \
|
|
"[AWS-SECRET-REMOVED]1C6HxLIlqHhCwXDG59weHr" + \
|
|
"RDQeHyMRoBljoV3X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV"
|
|
|
|
JWE_Authentication_Tag_5_10_4 = "vOaH_Rajnpy_3hOtqvZHRA"
|
|
|
|
JWE_general_5_10_5 = {
|
|
"recipients": [{
|
|
"encrypted_key": JWE_Encrypted_Key_5_10_3}],
|
|
"protected": JWE_Protected_Header_5_10_4,
|
|
"iv": JWE_IV_5_10_2,
|
|
"aad": AAD_5_10_1,
|
|
"ciphertext": JWE_Ciphertext_5_10_4,
|
|
"tag": JWE_Authentication_Tag_5_10_4}
|
|
|
|
JWE_flattened_5_10_5 = {
|
|
"protected": JWE_Protected_Header_5_10_4,
|
|
"encrypted_key": JWE_Encrypted_Key_5_10_3,
|
|
"iv": JWE_IV_5_10_2,
|
|
"aad": AAD_5_10_1,
|
|
"ciphertext": JWE_Ciphertext_5_10_4,
|
|
"tag": JWE_Authentication_Tag_5_10_4}
|
|
|
|
# 5.11
|
|
JWE_IV_5_11_2 = "WgEJsDS9bkoXQ3nR"
|
|
|
|
JWE_Encrypted_Key_5_11_3 = "jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H"
|
|
|
|
JWE_Protected_Header_5_11_4 = "eyJlbmMiOiJBMTI4R0NNIn0"
|
|
|
|
JWE_Ciphertext_5_11_4 = \
|
|
"[AWS-SECRET-REMOVED]qLL2DM3swKkjOwQyZtWsFL" + \
|
|
"YMj5YeLht_[AWS-SECRET-REMOVED]4MyOt80MoPb8" + \
|
|
"[AWS-SECRET-REMOVED]nTGm_zWhqc_srOvgiLkzyF" + \
|
|
"XPq1hBAURbc3-8BqeRb48iR1-_5g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nO" + \
|
|
"WL4teUPS8yHLbWeL83olU4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWL" + \
|
|
"Hs1NqBbre0dEwK3HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf"
|
|
|
|
JWE_Authentication_Tag_5_11_4 = "fNYLqpUe84KD45lvDiaBAQ"
|
|
|
|
JWE_Unprotected_Header_5_11_5 = {
|
|
"alg": "A128KW",
|
|
"kid": "[HEROKU-API-KEY-REMOVED]"}
|
|
|
|
JWE_general_5_11_5 = {
|
|
"recipients": [{
|
|
"encrypted_key": JWE_Encrypted_Key_5_11_3}],
|
|
"unprotected": JWE_Unprotected_Header_5_11_5,
|
|
"protected": JWE_Protected_Header_5_11_4,
|
|
"iv": JWE_IV_5_11_2,
|
|
"ciphertext": JWE_Ciphertext_5_11_4,
|
|
"tag": JWE_Authentication_Tag_5_11_4}
|
|
|
|
JWE_flattened_5_11_5 = {
|
|
"protected": JWE_Protected_Header_5_11_4,
|
|
"unprotected": JWE_Unprotected_Header_5_11_5,
|
|
"encrypted_key": JWE_Encrypted_Key_5_11_3,
|
|
"iv": JWE_IV_5_11_2,
|
|
"ciphertext": JWE_Ciphertext_5_11_4,
|
|
"tag": JWE_Authentication_Tag_5_11_4}
|
|
|
|
# 5.11
|
|
JWE_IV_5_12_2 = "YihBoVOGsR1l7jCD"
|
|
|
|
JWE_Encrypted_Key_5_12_3 = "244YHfO_W7RMpQW81UjQrZcq5LSyqiPv"
|
|
|
|
JWE_Ciphertext_5_12_4 = \
|
|
"[AWS-SECRET-REMOVED]T1uq-arsVCPaIeFwQfzrSS" + \
|
|
"[AWS-SECRET-REMOVED]P3eqQPb4Ic1SDSqyXjw_L3" + \
|
|
"[AWS-SECRET-REMOVED]omqeifVPq5GTCWFo5k_MNI" + \
|
|
"[AWS-SECRET-REMOVED]u_mvifMYiikfNfsZAudISO" + \
|
|
"a6O73yPZtL04k_[AWS-SECRET-REMOVED]dY-bQz4Z" + \
|
|
"4KX9lfz1cne31N4-8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF"
|
|
|
|
JWE_Authentication_Tag_5_12_4 = "e2m0Vm7JvjK2VpCKXS-kyg"
|
|
|
|
JWE_Unprotected_Header_5_12_5 = {
|
|
"alg": "A128KW",
|
|
"kid": "[HEROKU-API-KEY-REMOVED]",
|
|
"enc": "A128GCM"}
|
|
|
|
JWE_general_5_12_5 = {
|
|
"recipients": [{
|
|
"encrypted_key": JWE_Encrypted_Key_5_12_3}],
|
|
"unprotected": JWE_Unprotected_Header_5_12_5,
|
|
"iv": JWE_IV_5_12_2,
|
|
"ciphertext": JWE_Ciphertext_5_12_4,
|
|
"tag": JWE_Authentication_Tag_5_12_4}
|
|
|
|
JWE_flattened_5_12_5 = {
|
|
"unprotected": JWE_Unprotected_Header_5_12_5,
|
|
"encrypted_key": JWE_Encrypted_Key_5_12_3,
|
|
"iv": JWE_IV_5_12_2,
|
|
"ciphertext": JWE_Ciphertext_5_12_4,
|
|
"tag": JWE_Authentication_Tag_5_12_4}
|
|
|
|
# 5.13 - A256GCMKW not implemented yet
|
|
|
|
|
|
# In general we can't compare ciphertexts with the reference because
|
|
# either the algorithms use random nonces to authenticate the ciphertext
|
|
# or we randomly generate the nonce when we create the JWe.
|
|
# To double check implementation we encrypt/decrypt our own input and then
|
|
# decrypt the reference and check it against the given plaintext
|
|
class Cookbook08JWETests(unittest.TestCase):
|
|
|
|
def test_5_1_encryption(self):
|
|
plaintext = Payload_plaintext_5
|
|
protected = base64url_decode(JWE_Protected_Header_5_1_4)
|
|
rsa_key = jwk.JWK(**RSA_key_5_1_1)
|
|
e = jwe.JWE(plaintext, protected,
|
|
algs=jwe.default_allowed_algs + ['RSA1_5'])
|
|
e.add_recipient(rsa_key)
|
|
enc = e.serialize()
|
|
e.deserialize(enc, rsa_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(JWE_compact_5_1_5, rsa_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_general_5_1_5), rsa_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_flattened_5_1_5), rsa_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
|
|
def test_5_2_encryption(self):
|
|
plaintext = Payload_plaintext_5
|
|
protected = base64url_decode(JWE_Protected_Header_5_2_4)
|
|
rsa_key = jwk.JWK(**RSA_key_5_2_1)
|
|
e = jwe.JWE(plaintext, protected)
|
|
e.add_recipient(rsa_key)
|
|
enc = e.serialize()
|
|
e.deserialize(enc, rsa_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(JWE_compact_5_2_5, rsa_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_general_5_2_5), rsa_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_flattened_5_2_5), rsa_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
|
|
def test_5_3_encryption(self):
|
|
plaintext = Payload_plaintext_5_3_1
|
|
[PASSWORD-REMOVED]
|
|
unicodepwd = Password_5_3_1.decode('utf8')
|
|
e = jwe.JWE(plaintext, json_encode(JWE_Protected_Header_no_p2x))
|
|
e.add_recipient(password)
|
|
e.serialize(compact=True)
|
|
enc = e.serialize()
|
|
e.deserialize(enc, unicodepwd)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(JWE_compact_5_3_5, password)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_general_5_3_5), unicodepwd)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_flattened_5_3_5), password)
|
|
self.assertEqual(e.payload, plaintext)
|
|
|
|
def test_5_4_encryption(self):
|
|
plaintext = Payload_plaintext_5
|
|
protected = json_encode(JWE_Protected_Header_no_epk_5_4_4)
|
|
ec_key = jwk.JWK(**EC_key_5_4_1)
|
|
e = jwe.JWE(plaintext, protected)
|
|
e.add_recipient(ec_key)
|
|
enc = e.serialize(compact=True)
|
|
e.deserialize(enc, ec_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(JWE_compact_5_4_5, ec_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_general_5_4_5), ec_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
|
|
def test_5_5_encryption(self):
|
|
plaintext = Payload_plaintext_5
|
|
protected = json_encode(JWE_Protected_Header_no_epk_5_5_4)
|
|
ec_key = jwk.JWK(**EC_key_5_5_1)
|
|
e = jwe.JWE(plaintext, protected)
|
|
e.add_recipient(ec_key)
|
|
enc = e.serialize(compact=True)
|
|
e.deserialize(enc, ec_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(JWE_compact_5_5_5, ec_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_general_5_5_5), ec_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
|
|
def test_5_6_encryption(self):
|
|
plaintext = Payload_plaintext_5
|
|
protected = base64url_decode(JWE_Protected_Header_5_6_3)
|
|
aes_key = jwk.JWK(**AES_key_5_6_1)
|
|
e = jwe.JWE(plaintext, protected)
|
|
e.add_recipient(aes_key)
|
|
e.serialize(compact=True)
|
|
enc = e.serialize()
|
|
e.deserialize(enc, aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(JWE_compact_5_6_4, aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_general_5_6_4), aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
|
|
def test_5_7_encryption(self):
|
|
plaintext = Payload_plaintext_5
|
|
aes_key = jwk.JWK(**AES_key_5_7_1)
|
|
e = jwe.JWE(plaintext, json_encode(JWE_Protected_Header_no_ivtag))
|
|
e.add_recipient(aes_key)
|
|
enc = e.serialize(compact=True)
|
|
e.deserialize(enc, aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(JWE_compact_5_7_5, aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_general_5_7_5), aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_flattened_5_7_5), aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
|
|
def test_5_8_encryption(self):
|
|
plaintext = Payload_plaintext_5
|
|
protected = base64url_decode(JWE_Protected_Header_5_8_4)
|
|
aes_key = jwk.JWK(**AES_key_5_8_1)
|
|
e = jwe.JWE(plaintext, protected)
|
|
e.add_recipient(aes_key)
|
|
enc = e.serialize()
|
|
e.deserialize(enc, aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(JWE_compact_5_8_5, aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_general_5_8_5), aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_flattened_5_8_5), aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
|
|
def test_5_9_encryption(self):
|
|
plaintext = Payload_plaintext_5
|
|
protected = base64url_decode(JWE_Protected_Header_5_9_4)
|
|
aes_key = jwk.JWK(**AES_key_5_8_1)
|
|
e = jwe.JWE(plaintext, protected)
|
|
e.add_recipient(aes_key)
|
|
enc = e.serialize()
|
|
e.deserialize(enc, aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(JWE_compact_5_9_5, aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_general_5_9_5), aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_flattened_5_9_5), aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
|
|
def test_5_10_encryption(self):
|
|
plaintext = Payload_plaintext_5
|
|
protected = base64url_decode(JWE_Protected_Header_5_10_4)
|
|
aad = base64url_decode(AAD_5_10_1)
|
|
aes_key = jwk.JWK(**AES_key_5_8_1)
|
|
e = jwe.JWE(plaintext, protected, aad=aad)
|
|
e.add_recipient(aes_key)
|
|
enc = e.serialize()
|
|
e.deserialize(enc, aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_general_5_10_5), aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_flattened_5_10_5), aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
|
|
def test_5_11_encryption(self):
|
|
plaintext = Payload_plaintext_5
|
|
protected = base64url_decode(JWE_Protected_Header_5_11_4)
|
|
unprotected = json_encode(JWE_Unprotected_Header_5_11_5)
|
|
aes_key = jwk.JWK(**AES_key_5_8_1)
|
|
e = jwe.JWE(plaintext, protected, unprotected)
|
|
e.add_recipient(aes_key)
|
|
enc = e.serialize()
|
|
e.deserialize(enc, aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_general_5_11_5), aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_flattened_5_11_5), aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
|
|
def test_5_12_encryption(self):
|
|
plaintext = Payload_plaintext_5
|
|
unprotected = json_encode(JWE_Unprotected_Header_5_12_5)
|
|
aes_key = jwk.JWK(**AES_key_5_8_1)
|
|
e = jwe.JWE(plaintext, None, unprotected)
|
|
e.add_recipient(aes_key)
|
|
enc = e.serialize()
|
|
e.deserialize(enc, aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_general_5_12_5), aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
e.deserialize(json_encode(JWE_flattened_5_12_5), aes_key)
|
|
self.assertEqual(e.payload, plaintext)
|
|
|
|
# 5.13 - AES-GCM key wrapping not implemented yet
|
|
# def test_5_13_encryption(self):
|