def test2(self): ref = HKDF(b("XXXXXX"), 12, b("YYYY"), SHA1) # Same output, but this time split over 2 keys key1, key2 = HKDF(b("XXXXXX"), 6, b("YYYY"), SHA1, 2) self.assertEqual((ref[:6], ref[6:]), (key1, key2)) # Same output, but this time split over 3 keys key1, key2, key3 = HKDF(b("XXXXXX"), 4, b("YYYY"), SHA1, 3) self.assertEqual((ref[:4], ref[4:8], ref[8:]), (key1, key2, key3))
def derive_keys(self): self.rpik = HKDF(master=self.tek, key_len=16, salt=None, hashmod=SHA256, context="EN-RPIK".encode("UTF-8")) log.log("CRYPTO: RPIK: %s" % self.rpik.hex()) self.aemk = HKDF(master=self.tek, key_len=16, salt=None, hashmod=SHA256, context="EN-AEMK".encode("UTF-8")) log.log("CRYPTO: AEMK: %s" % self.aemk.hex())
def hap_hkdf(key, salt, info): """Just a shorthand.""" return HKDF(key, HAP_CRYPTO.HKDF_KEYLEN, salt, HAP_CRYPTO.HKDF_HASH, context=info)
def _derive_subkey(self, salt: bytes) -> bytes: return HKDF(self.master_key, self.KEY_SIZE, salt, SHA1Hash, 1, context=self.info)
def test1(self): for tv in self._test_vector: secret, salt, info, exp = [ t2b(tv[x]) for x in (1,2,3,5) ] key_len, hashmod = [ tv[x] for x in (4,0) ] output = HKDF(secret, key_len, salt, hashmod, 1, info) self.assertEqual(output, exp)
def __init__(self, tek: TEK): self.key = HKDF( tek.key, 16, # 16 byte key b'', SHA256, num_keys=1, context=('EN-RPIK').encode()) self.tek = tek self.cipher = AES.new(self.key, AES.MODE_ECB)
def getKeys(node, kB): # derive syncKeyBundle from kB enc_key, hmac_key = HKDF(kB, 32, None, SHA256, 2, "identity.mozilla.com/picl/v1/oldsync") #print(enc_key.encode('hex'), hmac_key.encode('hex')) keys = getRecord(node, (enc_key, hmac_key), "/storage/crypto/keys") print "storage/crypto/keys: ", keys return (keys['default'][0].decode('base64'), keys['default'][1].decode('base64'))
def test_verify(self, tv): self._id = "Wycheproof HKDF Test #%d (%s, %s)" % (tv.id, tv.comment, tv.filename) try: key = HKDF(tv.ikm, tv.size, tv.salt, tv.hash_module, 1, tv.info) except ValueError: assert not tv.valid else: if key != tv.okm: assert not tv.valid else: assert tv.valid self.warn(tv)
def _keys(self, salt, password): if password is not None: dkey = PBKDF2( password, salt, self._key_len + self._mac_key_len, self.key_iterations, hmac_hash_module=SHA512 ) elif self._master_key is not None: dkey = HKDF( self._master_key, self._key_len + self._mac_key_len, salt, SHA256 ) else: raise ValueError('No password or key specified!') return (dkey[:self._key_len], dkey[self._key_len:])
def _keys(self, salt, password): ''' Derives encryption and authentication keys from a key or password. If the password is not null, it will be used to create the keys. :raises ValueError: if neither the key or password is set. ''' if password is not None: dkey = PBKDF2(password, salt, self._key_len + self._mac_key_len, self.key_iterations, hmac_hash_module=SHA512) elif self._master_key is not None: dkey = HKDF(self._master_key, self._key_len + self._mac_key_len, salt, SHA256) else: raise ValueError('No password or key specified!') return (dkey[:self._key_len], dkey[self._key_len:])
def test_hdkf(self): derived = HKDF(b"secret", 32, b"", SHA256).hex() self.assertEqual( derived, "2f34e5ff91ec85d53ca9b543683174d0cf550b60d5f52b24c97b386cfcf6cbbf") k1 = PrivateKey(secret=bytes([2])) self.assertEqual(k1.to_int(), 2) k2 = PrivateKey(secret=bytes([3])) self.assertEqual(k2.to_int(), 3) self.assertEqual(encapsulate(k1, k2.public_key), decapsulate(k1.public_key, k2)) self.assertEqual( encapsulate(k1, k2.public_key).hex(), "6f982d63e8590c9d9b5b4c1959ff80315d772edd8f60287c9361d548d5200f82", )
def decrypt_public_account(self, index): # on doit deja avoir appele get_info sym_key = HKDF( (str(self.key_point.x) + str(self.key_point.y)).encode(), 32, b'', SHA256) encrypted_account_eth = self.contract.caller( ).get_encrypted_public_account(index) e_sk = encrypted_account_eth[0] tag = encrypted_account_eth[1] nonce = encrypted_account_eth[2] aes = AES.new(sym_key, AES.MODE_CCM, nonce=nonce) try: self.public_account_private_key = aes.decrypt_and_verify( e_sk, tag).decode() self.is_member = True return True except ValueError: return False
def AuthenticationHandshake(): client_challenge = bytes.fromhex(input("client challenge: ").strip()) assert len(client_challenge) == 8 user = input("username: "******"{user} not in database!\n".encode()) return shared_secret = db[user].encode() server_challenge = os.urandom(8) print(f"server challenge: {server_challenge.hex()}") client_credential = bytes.fromhex(input("client credential: ").strip()) session_key = HKDF(shared_secret, 16, client_challenge + server_challenge, SHA256) if ComputeCredential(session_key, client_challenge) == client_credential: print(f"Welcome {user}") if user == "Administrator": print(flag) else: print("Login failed!")
def decapsulate(public_key: PublicKey, peer_private_key: PrivateKey) -> bytes: shared_point = public_key.multiply(peer_private_key.secret) master = public_key.format(compressed=False) + shared_point.format( compressed=False) derived = HKDF(master, AES_KEY_BYTES_LEN, b"", SHA256) return derived # type: ignore
def generate_keys_hkdf(password, mySalt): """reads in salt from secre_build_output.txt and produces two keys""" key1, key2 = HKDF(password, 16, mySalt, SHA512, 2) return key1, key2
class ENCrypto: def __init__(self, interval_length_minutes=10, tek_rolling_period=144): self.tek = bytes([0] * 16) self.tek_roll_interval_i = 0 self.rpik = bytes([0] * 16) self.aemk = bytes([0] * 16) self.rpi = bytes([0] * 16) self.aem = bytes([0] * 16) self.interval_length_minutes = interval_length_minutes self.tek_rolling_period = tek_rolling_period @staticmethod def get_current_unix_epoch_time_seconds(): return int(time.time()) def en_interval_number(self, timestamp_seconds): return timestamp_seconds // (60 * self.interval_length_minutes) def get_encoded_current_en_interval_number(self): return struct.pack( "<I", self.en_interval_number( self.get_current_unix_epoch_time_seconds())) def tek_should_roll(self): current_roll_interval = ( self.en_interval_number(self.get_current_unix_epoch_time_seconds()) // self.tek_rolling_period) * self.tek_rolling_period return current_roll_interval > self.tek_roll_interval_i def roll_tek(self): self.tek_roll_interval_i = ( self.en_interval_number(self.get_current_unix_epoch_time_seconds()) // self.tek_rolling_period) * self.tek_rolling_period self.tek = get_random_bytes(16) log.log("CRYPTO: Rolled TEK at i: %d (hex %s). New TEK: %s" % (self.tek_roll_interval_i, struct.pack("<I", self.tek_roll_interval_i).hex(), self.tek.hex())) def derive_keys(self): self.rpik = HKDF(master=self.tek, key_len=16, salt=None, hashmod=SHA256, context="EN-RPIK".encode("UTF-8")) log.log("CRYPTO: RPIK: %s" % self.rpik.hex()) self.aemk = HKDF(master=self.tek, key_len=16, salt=None, hashmod=SHA256, context="EN-AEMK".encode("UTF-8")) log.log("CRYPTO: AEMK: %s" % self.aemk.hex()) def encrypt_rpi(self): enin = self.get_encoded_current_en_interval_number() padded_data = "EN-RPI".encode("UTF-8") + bytes([0x00] * 6) + enin cipher = AES.new(self.rpik, AES.MODE_ECB) self.rpi = cipher.encrypt(padded_data) log.log("CRYPTO: padded data: %s --> RPI: %s" % (padded_data.hex(), self.rpi.hex())) def encrypt_aem(self, metadata, rpi): cipher = AES.new(self.aemk, AES.MODE_CTR, nonce=bytes(0), initial_value=rpi) self.aem = cipher.encrypt(bytes(metadata)) log.log("CRYPTO: metadata: %s --> AEM: %s" % (bytes(metadata).hex(), self.aem.hex()))
def kdf(secret, salt, info=b''): return HKDF(secret, 32, salt, SHA512, 1, context=info)
def kdf_ntor(key, n): return HKDF(key, n, T_KEY, SHA256, context=M_EXPAND)
def process(self, data): from Crypto.Protocol.KDF import HKDF return HKDF(data, self.args.size, self.args.salt, self.hash)
def encrypt_int(x, key_point): sym_key = HKDF((str(key_point.x) + str(key_point.y)).encode(), 32, b'', SHA256) salsa20 = Salsa20.new(sym_key, bytes(8)) enc_x = salsa20.encrypt(hex(x).encode()) return enc_x
def derive_aem_key(tek): return HKDF(master=tek, key_len=16, salt=None, hashmod=SHA256, context="EN-AEMK".encode("UTF-8"))
def decrypt_int(x, key_point): sym_key = HKDF((str(key_point.x) + str(key_point.y)).encode(), 32, b'', SHA256) salsa20 = Salsa20.new(sym_key, bytes(8)) dec_x = int(salsa20.decrypt(x).decode(), 0) return dec_x
def derive_key(key: bytes, salt: bytes) -> bytes: 'Derives a symmetric key from given master and salt.' return HKDF(key, AES_KEY_SIZE, salt, SHA512)
pk_x = ECC_key.pointQ.x pk_y = ECC_key.pointQ.y db.execute( "INSERT INTO eth_public_key (account_address, pk_x, pk_y) VALUES (?,?,?)", [account_address, hex(pk_x), hex(pk_y)]) # retrieving of a list of public keys address = [ account_address, ] placeholders = ', '.join('?' for account in address) public_keys = db.execute( "SELECT * from eth_public_key WHERE account_address IN (%s)" % placeholders, address).fetchall() # ciphering of public account public_account_private_key = '0x0d1f7c294e32490c48eaf6e9bbcc24380227334624bfad2f79736116a5408103' cipher_account_list = [] for row in public_keys: pk_x = int(row['pk_x'], 0) pk_y = int(row['pk_y'], 0) key_point = ECC.EccPoint(pk_x, pk_y) * int(public_account_private_key, 0) sym_key = HKDF((str(key_point.x) + str(key_point.y)).encode(), 32, b'', SHA256) aes = AES.new(sym_key, AES.MODE_CCM) nonce = aes.nonce enc_private_key = aes.encrypt(public_account_private_key.encode()) tag = aes.digest() encryption = {'private_key': enc_private_key, 'tag': tag, 'nonce': nonce} cipher_account_list.append(encryption)
from Crypto.Cipher import AES from Crypto.Hash import HMAC, SHA256 from Crypto.Protocol.KDF import HKDF from Crypto.Util.Padding import pad, unpad import json # testcases from https://mozilla-services.readthedocs.io/en/latest/sync/storageformat5.html#record-encryption master_key = "\xc7\x1a\xa7\xcb\xd8\xb8\x2a\x8f\xf6\xed\xa5\x5c\x39\x47\x9f\xd2" key1, key2 = HKDF(master_key, 32, None, SHA256, 2, "identity.mozilla.com/picl/v1/oldsync") print(key1.encode('hex'), key2.encode('hex')) encryption_key = "d3af449d2dc4b432b8cb5b59d40c8a5fe53b584b16469f5b44828b756ffb6a81".decode( 'hex') hmac_key = "2c5d98092d500a048d09fd01090bd0d3a4861fc8ea2438bd74a8f43be6f47f02".decode( 'hex') cleartext = "SECRET MESSAGE\x02\x02" # okcs #7 padding iv = "375a12d6de4ef26b735f6fccfbafff2d".decode('hex') aes = AES.new(encryption_key, AES.MODE_CBC, iv) c = "c1c82acc436de625edf7feca3c9deb4c".decode('hex') cn = aes.encrypt(cleartext) assert cn == c aes = AES.new(encryption_key, AES.MODE_CBC, iv) print(aes.decrypt(c).encode('hex')) cb64 = c.encode('base64').strip() print(cb64) local_hash = HMAC.new(hmac_key, digestmod=SHA256) local_hash.update(cb64)
def _aes_128_gcm(self): key_bytes = HKDF(self.key_material, 16, b'', SHA256) return AES.new(key_bytes, AES.MODE_GCM, nonce=bytes(12))