From 967727a167df84c3322bda6fe607801b9592fa14 Mon Sep 17 00:00:00 2001 From: Jeremy Kolbe Date: Thu, 24 Oct 2024 10:53:18 +0200 Subject: [PATCH 1/3] Fix missing apu/apv IdentityPython/JWTConnect-Python-CryptoJWT#159 --- src/cryptojwt/jwe/jwe_ec.py | 2 +- tests/test_07_jwe.py | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/src/cryptojwt/jwe/jwe_ec.py b/src/cryptojwt/jwe/jwe_ec.py index 8c6c616..ff36ff2 100644 --- a/src/cryptojwt/jwe/jwe_ec.py +++ b/src/cryptojwt/jwe/jwe_ec.py @@ -138,7 +138,7 @@ def dec_setup(self, token, key=None, **kwargs): raise Exception("Ephemeral Public Key Missing in ECDH-ES Computation") epubkey = ECKey(**self.headers["epk"]) - apu = apv = "" + apu = apv = b"" if "apu" in self.headers: apu = b64d(self.headers["apu"].encode()) if "apv" in self.headers: diff --git a/tests/test_07_jwe.py b/tests/test_07_jwe.py index ac855d0..6ffab8c 100644 --- a/tests/test_07_jwe.py +++ b/tests/test_07_jwe.py @@ -443,6 +443,27 @@ def test_ecdh_encrypt_decrypt_direct_key(): assert msg == plain +def test_ecdh_encrypt_decrypt_direct_key_wo_apu_apv(): + # Alice starts of + jwenc = JWE_EC(plain, alg="ECDH-ES", enc="A128GCM") + cek, encrypted_key, iv, params, ret_epk = jwenc.enc_setup(plain, key=eck_bob, apu=b"", apv=b"") + + # Remove agreement information about sending and receiving parties + del params["apv"] + del params["apu"] + + kwargs = {"params": params, "cek": cek, "iv": iv, "encrypted_key": encrypted_key} + jwt = jwenc.encrypt(**kwargs) + + # Bob decrypts + ret_jwe = factory(jwt, alg="ECDH-ES", enc="A128GCM") + jwdec = JWE_EC() + jwdec.dec_setup(ret_jwe.jwt, key=bob) + msg = jwdec.decrypt(ret_jwe.jwt) + + assert msg == plain + + def test_ecdh_encrypt_decrypt_keywrapped_key(): jwenc = JWE_EC(plain, alg="ECDH-ES+A128KW", enc="A128GCM") cek, encrypted_key, iv, params, ret_epk = jwenc.enc_setup(plain, key=eck_bob) From 7644755e1a53c799509b1ce15d38d3dc5e213a6d Mon Sep 17 00:00:00 2001 From: Jeremy Kolbe Date: Thu, 24 Oct 2024 11:17:40 +0200 Subject: [PATCH 2/3] Fix test --- tests/test_07_jwe.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/test_07_jwe.py b/tests/test_07_jwe.py index 6ffab8c..aa470fc 100644 --- a/tests/test_07_jwe.py +++ b/tests/test_07_jwe.py @@ -446,11 +446,12 @@ def test_ecdh_encrypt_decrypt_direct_key(): def test_ecdh_encrypt_decrypt_direct_key_wo_apu_apv(): # Alice starts of jwenc = JWE_EC(plain, alg="ECDH-ES", enc="A128GCM") - cek, encrypted_key, iv, params, ret_epk = jwenc.enc_setup(plain, key=eck_bob, apu=b"", apv=b"") - # Remove agreement information about sending and receiving parties - del params["apv"] - del params["apu"] + # Don't supply agreement party information. + cek, encrypted_key, iv, params, ret_epk = jwenc.enc_setup(plain, key=eck_bob, apu=b"", apv=b"") + # Assert they are not randomized + assert params["apv"] == b"" + assert params["apu"] == b"" kwargs = {"params": params, "cek": cek, "iv": iv, "encrypted_key": encrypted_key} jwt = jwenc.encrypt(**kwargs) From 65d16fb075231685459ff2187f332cfccc05a941 Mon Sep 17 00:00:00 2001 From: Jeremy Kolbe Date: Thu, 24 Oct 2024 13:17:33 +0200 Subject: [PATCH 3/3] Delete parameters --- tests/test_07_jwe.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/test_07_jwe.py b/tests/test_07_jwe.py index aa470fc..a83cf9d 100644 --- a/tests/test_07_jwe.py +++ b/tests/test_07_jwe.py @@ -453,6 +453,10 @@ def test_ecdh_encrypt_decrypt_direct_key_wo_apu_apv(): assert params["apv"] == b"" assert params["apu"] == b"" + # Delete agreement party information + del params["apv"] + del params["apu"] + kwargs = {"params": params, "cek": cek, "iv": iv, "encrypted_key": encrypted_key} jwt = jwenc.encrypt(**kwargs)