MCPcopy
hub / github.com/authlib/authlib / wrap

Method wrap

authlib/jose/rfc7518/jwe_algs.py:144–167  ·  view source on GitHub ↗
(self, enc_alg, headers, key, preset=None)

Source from the content-addressed store, hash-verified

142 raise ValueError(f"A key of size {self.key_size} bits is required.")
143
144 def wrap(self, enc_alg, headers, key, preset=None):
145 if preset and "cek" in preset:
146 cek = preset["cek"]
147 else:
148 cek = enc_alg.generate_cek()
149
150 op_key = key.get_op_key("wrapKey")
151 self._check_key(op_key)
152
153 #: https://tools.ietf.org/html/rfc7518#section-4.7.1.1
154 #: The "iv" (initialization vector) Header Parameter value is the
155 #: base64url-encoded representation of the 96-bit IV value
156 iv_size = 96
157 iv = secrets.token_bytes(iv_size // 8)
158
159 cipher = Cipher(AES(op_key), GCM(iv), backend=default_backend())
160 enc = cipher.encryptor()
161 ek = enc.update(cek) + enc.finalize()
162
163 h = {
164 "iv": to_native(urlsafe_b64encode(iv)),
165 "tag": to_native(urlsafe_b64encode(enc.tag)),
166 }
167 return {"ek": ek, "cek": cek, "header": h}
168
169 def unwrap(self, enc_alg, ek, headers, key):
170 op_key = key.get_op_key("unwrapKey")

Callers

nothing calls this directly

Calls 5

_check_keyMethod · 0.95
to_nativeFunction · 0.90
urlsafe_b64encodeFunction · 0.90
generate_cekMethod · 0.80
get_op_keyMethod · 0.45

Tested by

no test coverage detected