(self, enc_alg, ek, headers, key)
| 167 | return {"ek": ek, "cek": cek, "header": h} |
| 168 | |
| 169 | def unwrap(self, enc_alg, ek, headers, key): |
| 170 | op_key = key.get_op_key("unwrapKey") |
| 171 | self._check_key(op_key) |
| 172 | |
| 173 | iv = headers.get("iv") |
| 174 | if not iv: |
| 175 | raise ValueError('Missing "iv" in headers') |
| 176 | |
| 177 | tag = headers.get("tag") |
| 178 | if not tag: |
| 179 | raise ValueError('Missing "tag" in headers') |
| 180 | |
| 181 | iv = urlsafe_b64decode(to_bytes(iv)) |
| 182 | tag = urlsafe_b64decode(to_bytes(tag)) |
| 183 | |
| 184 | cipher = Cipher(AES(op_key), GCM(iv, tag), backend=default_backend()) |
| 185 | d = cipher.decryptor() |
| 186 | cek = d.update(ek) + d.finalize() |
| 187 | if len(cek) * 8 != enc_alg.CEK_SIZE: |
| 188 | cek = secrets.token_bytes(enc_alg.CEK_SIZE // 8) |
| 189 | return cek |
| 190 | |
| 191 | |
| 192 | class ECDHESAlgorithm(JWEAlgorithm): |
nothing calls this directly
no test coverage detected