cleanup direct / layer 1 tests

transmute-industries · Nov 13, 2023 · 1328d01 · 1328d01
1 parent 329743e
commit 1328d01
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 23 deletions.
diff --git a/test/hpke/common.ts b/test/hpke/common.ts
@@ -11,6 +11,9 @@ export type SecretCoseKeyMap = Map<string | number, string | number | Buffer | A
 export const encapsulated_key_header_label = -22222;
 export const example_suite_label = -55555;
 
+
+export const COSE_EncryptTag = 96
+
 const suite0 = new CipherSuite({
   kem: KemId.DhkemP256HkdfSha256,
   kdf: KdfId.HkdfSha256,
@@ -21,8 +24,6 @@ export const coseSuites = {
   [example_suite_label]: suite0,
 } as Record<number, CipherSuite>
 
-
-
 export const joseSuites = {
   [Suite0]: suite0,
 } as Record<string, CipherSuite>

diff --git a/test/hpke/cose/direct.test.ts b/test/hpke/cose/direct.test.ts
@@ -6,8 +6,6 @@ import alternateDiagnostic from '../../../src/diagnostic'
 
 import { Suite0 } from '../common'
 
-import directExample from '../ecdh-direct-example.json'
-
 it('sanity', async () => {
   const k = await generate(Suite0)
   const pt = 'hello world'
@@ -16,15 +14,14 @@ it('sanity', async () => {
     cosePublicKey: coseKey.importJWK(k.publicKeyJwk),
     cosePrivateKey: coseKey.importJWK(k.privateKeyJwk)
   }
+  k2.cosePublicKey.set(2, 'recipient-key-0')
   const c3 = await direct.encrypt(m, k2.cosePublicKey)
   const c3Diagnostic = await alternateDiagnostic(c3)
-  console.log('/ COSE HPKE Direct /\n' + c3Diagnostic)
-  // https://github.com/cose-wg/Examples/blob/3221310e2cf50ad13213daa7ca278209a8bc85fd/ecdh-direct-examples/p256-hkdf-256-01.json
+  // console.log('/ COSE HPKE Direct /\n' + c3Diagnostic)
+  expect(c3Diagnostic.startsWith('96([')).toBe(true)
   // Compare to direct mode ecdh
-  const ecdhDirect = await alternateDiagnostic(Buffer.from(directExample.output.cbor, 'hex'))
-  console.log('/ COSE ECDH Direct /\n' + ecdhDirect)
+  // https://github.com/cose-wg/Examples/blob/3221310e2cf50ad13213daa7ca278209a8bc85fd/ecdh-direct-examples/p256-hkdf-256-01.json
   const d3 = await direct.decrypt(c3, k2.cosePrivateKey)
   const rpt3 = new TextDecoder().decode(d3)
   expect(rpt3).toBe(pt)
-
 })
diff --git a/test/hpke/cose/direct.ts b/test/hpke/cose/direct.ts
@@ -4,7 +4,7 @@ import * as cbor from 'cbor-web'
 import * as coseKey from '../../../src/key'
 // eslint-disable-next-line @typescript-eslint/no-var-requires
 
-import { coseSuites, example_suite_label, encapsulated_key_header_label, PublicCoseKeyMap, SecretCoseKeyMap } from '../common'
+import { COSE_EncryptTag, coseSuites, example_suite_label, encapsulated_key_header_label, PublicCoseKeyMap, SecretCoseKeyMap } from '../common'
 
 
 const directMode = {
@@ -15,6 +15,7 @@ const directMode = {
     if (alg !== example_suite_label) {
       throw new Error('Unsupported algorithm')
     }
+    recipientPublic.delete(2) // prevent export issue
     const publicKeyJwk = coseKey.exportJWK(recipientPublic);
     const publicKey = await crypto.subtle.importKey(
       'jwk',
@@ -39,17 +40,16 @@ const directMode = {
     const Enc_structure = ["Encrypt0", encodedProtectedHeader, external_aad]
     const internal_aad = cbor.encode(Enc_structure)
     const ciphertext = await sender.seal(plaintext, internal_aad)
-    return cbor.encode([
-      encodedProtectedHeader,
-      unprotectedHeaderMap,
-      ciphertext
-    ])
-
-    // cbor.encodeAsync(new Tagged(Sign1Tag, coseSign1Structure), { canonical: true })
-
+    const coseEncrypt = [
+      encodedProtectedHeader, // protected header
+      unprotectedHeaderMap, // unprotected header
+      ciphertext // cipher text
+    ]
+    return cbor.encodeAsync(new cbor.Tagged(COSE_EncryptTag, coseEncrypt), { canonical: true })
   },
   decrypt: async (coseEnc: ArrayBuffer, recipientPrivate: SecretCoseKeyMap) => {
-    const decoded = await cbor.decode(coseEnc)
+    const decodedTagged = await cbor.decode(coseEnc)
+    const decoded = decodedTagged.value
     const alg = recipientPrivate.get(3) || example_suite_label
     if (alg !== example_suite_label) {
       throw new Error('Unsupported algorithm')

diff --git a/test/hpke/jose/direct.test.ts b/test/hpke/jose/direct.test.ts
@@ -10,6 +10,7 @@ it('sanity', async () => {
   const m = new TextEncoder().encode(pt)
 
   const c = await direct.encrypt(m, k.publicKeyJwk)
+  // console.log(c)
   const d = await direct.decrypt(c, k.privateKeyJwk)
   const rpt = new TextDecoder().decode(d)
   expect(rpt).toBe(pt)

diff --git a/test/hpke/jose/direct.ts b/test/hpke/jose/direct.ts
@@ -27,14 +27,16 @@ const directMode = {
     })
     const encodedEnc = jose.base64url.encode(new Uint8Array(sender.enc))
 
-    const encodedProtectedHeader = craftProtectedHeader({ alg, enc: encodedEnc, kid: recipientPublicKeyJwk.kid })
+    const encodedProtectedHeader = craftProtectedHeader({ alg })
     const aad = jose.base64url.decode(encodedProtectedHeader)
 
     // todo: generate content encryption key
     const ct = await sender.seal(plaintext, aad)
     const ciphertext = jose.base64url.encode(new Uint8Array(ct))
+    const unprotectedHeader = { kid: recipientPublicKeyJwk.kid, encapsulated_key: encodedEnc }
     return {
       protected: encodedProtectedHeader,
+      unprotected: jose.base64url.encode(JSON.stringify(unprotectedHeader)),
       ciphertext,
     }
   },
@@ -58,9 +60,9 @@ const directMode = {
     )
 
     const aad = jose.base64url.decode(jwe.protected)
-    const decodedUntrustedProtectedHeader = new TextDecoder().decode(aad)
-    const parsedUntrustedProtectedHeader = JSON.parse(decodedUntrustedProtectedHeader)
-    const decodedEnc = jose.base64url.decode(parsedUntrustedProtectedHeader.enc)
+    const unprotected = JSON.parse(jose.base64url.decode(jwe.unprotected).toString())
+
+    const decodedEnc = jose.base64url.decode(unprotected.encapsulated_key)
     const recipient = await joseSuites[alg].createRecipientContext({
       recipientKey: privateKey, // rkp (CryptoKeyPair) is also acceptable.
       enc: decodedEnc