(self, enc_alg, headers, key, preset=None)
| 142 | raise ValueError(f"A key of size {self.key_size} bits is required.") |
| 143 | |
| 144 | def wrap(self, enc_alg, headers, key, preset=None): |
| 145 | if preset and "cek" in preset: |
| 146 | cek = preset["cek"] |
| 147 | else: |
| 148 | cek = enc_alg.generate_cek() |
| 149 | |
| 150 | op_key = key.get_op_key("wrapKey") |
| 151 | self._check_key(op_key) |
| 152 | |
| 153 | #: https://tools.ietf.org/html/rfc7518#section-4.7.1.1 |
| 154 | #: The "iv" (initialization vector) Header Parameter value is the |
| 155 | #: base64url-encoded representation of the 96-bit IV value |
| 156 | iv_size = 96 |
| 157 | iv = secrets.token_bytes(iv_size // 8) |
| 158 | |
| 159 | cipher = Cipher(AES(op_key), GCM(iv), backend=default_backend()) |
| 160 | enc = cipher.encryptor() |
| 161 | ek = enc.update(cek) + enc.finalize() |
| 162 | |
| 163 | h = { |
| 164 | "iv": to_native(urlsafe_b64encode(iv)), |
| 165 | "tag": to_native(urlsafe_b64encode(enc.tag)), |
| 166 | } |
| 167 | return {"ek": ek, "cek": cek, "header": h} |
| 168 | |
| 169 | def unwrap(self, enc_alg, ek, headers, key): |
| 170 | op_key = key.get_op_key("unwrapKey") |
nothing calls this directly
no test coverage detected