Use separate input_keysize property

This allows to propery compute an octect key for algorithms like
A256CBC-HS512 ha sa different input keysize than the putput key size.

Signed-off-by: Simo Sorce <[email protected]>

Author: simo5

jwcrypto/jwa.py

@@ -56,6 +56,14 @@ def algorithm_usage_location(self):
     def algorithm_use(self):
         """One of 'sig', 'kex', 'enc'"""
 
+    @property
+    def input_keysize(self):
+        """The input key size"""
+        try:
+            return self.wrap_key_size
+        except AttributeError:
+            return self.keysize
+
 
 def _bitsize(x):
     return len(x) * 8
@@ -900,6 +908,9 @@ def encrypt(self, k, a, m):
 
         Returns a dictionary with the computed data.
         """
+        if len(k) != _inbytes(self.wrap_key_size):
+            raise ValueError("Invalid input key size")
+
         hkey = k[:_inbytes(self.keysize)]
         ekey = k[_inbytes(self.keysize):]
 
@@ -928,6 +939,9 @@ def decrypt(self, k, a, iv, e, t):
 
         Returns plaintext or raises an error
         """
+        if len(k) != _inbytes(self.wrap_key_size):
+            raise ValueError("Invalid input key size")
+
         hkey = k[:_inbytes(self.keysize)]
         dkey = k[_inbytes(self.keysize):]
 

jwcrypto/jwk.py

@@ -377,7 +377,7 @@ def _get_gen_size(self, params, default_size=None):
                 alg = JWA.instantiate_alg(params['alg'])
             except KeyError as e:
                 raise ValueError("Invalid 'alg' parameter") from e
-            size = alg.keysize
+            size = alg.input_keysize
         return size
 
     def _generate_oct(self, params):