def finalize(self):
padded = self._padder.finalize()
cipher_text = self._ctx.update(padded) + self._ctx.finalize()
self._hmac.update(cipher_text)
self._hmac.update(self._auth_data_length)
self._tag.extend(hmac.finalize()[:len(self._hmac_key)])
return cipher_text
def code_at(self, ts, return_remaining_validity=False):
remaining_validity = self._timestep - (ts % self._timestep)
T = int.to_bytes(ts // self._timestep, length=8, byteorder="big")
hmac = cryptography.hazmat.primitives.hmac.HMAC(self._secret,
self._hash_fnc,
backend=self._backend)
hmac.update(T)
mac = hmac.finalize()
offset = mac[-1] & 0x0f
value = int.from_bytes(mac[offset:offset + 4],
byteorder="big") & 0x7fffffff
token = self._presentation.convert(value)
if return_remaining_validity:
return (token, remaining_validity)
else:
return token
def derive_key(self, outputSizeBits, fixedInput):
assert outputSizeBits >= 56, "Key has size of %d, which is less than minimum of 56-bits." % outputSizeBits
assert (
outputSizeBits % 8
) == 0, "Key size (%d) must be a even multiple of 8-bits." % outputSizeBits
outputSizeBytes = self._calc_key_size(outputSizeBits)
# Safely convert to whole # of bytes.
derivedKey = [] # bytearray() (better to use this?)
# Repeatedly call of HmacSHA1 hash until we've collected enough bits
# for the derived key.
ctr = 1 # Iteration counter for NIST 800-108
totalCopied = 0
destPos = 0
lenn = 0
tmpKey = None
while True: # ugly translation of do-while
hmac = self._get_reseted_hmac()
hmac.update(self._to_one_byte(ctr))
ctr += 1 # note that the maximum value of ctr is 127 (1 byte only)
hmac.update(fixedInput)
tmpKey = hmac.finalize() # type: string
#print self._debug_string_as_bytes(tmpKey)
if len(tmpKey) >= outputSizeBytes:
lenn = outputSizeBytes
else:
lenn = min(len(tmpKey), outputSizeBytes - totalCopied)
#System.arraycopy(tmpKey, 0, derivedKey, destPos, lenn);
derivedKey[destPos:destPos + lenn] = tmpKey[:lenn]
totalCopied += len(tmpKey)
destPos += lenn
if totalCopied >= outputSizeBytes: # ugly translation of do-while
break
#print ''.join([x.encode("hex") for x in derivedKey]) #[hex(x) for x in derivedKey]
return bytearray(derivedKey)
def derive_key(self, outputSizeBits, fixedInput):
assert outputSizeBits >= 56, "Key has size of %d, which is less than minimum of 56-bits." % outputSizeBits
assert (outputSizeBits % 8) == 0, "Key size (%d) must be a even multiple of 8-bits." % outputSizeBits
outputSizeBytes = self._calc_key_size(outputSizeBits); # Safely convert to whole # of bytes.
derivedKey = [] # bytearray() (better to use this?)
# Repeatedly call of HmacSHA1 hash until we've collected enough bits
# for the derived key.
ctr = 1 # Iteration counter for NIST 800-108
totalCopied = 0
destPos = 0
lenn = 0
tmpKey = None
while True: # ugly translation of do-while
hmac = self._get_reseted_hmac()
hmac.update( self._to_one_byte(ctr) )
ctr += 1 # note that the maximum value of ctr is 127 (1 byte only)
hmac.update(fixedInput)
tmpKey = hmac.finalize() # type: string
#print self._debug_string_as_bytes(tmpKey)
if len(tmpKey) >= outputSizeBytes:
lenn = outputSizeBytes
else:
lenn = min(len(tmpKey), outputSizeBytes - totalCopied)
#System.arraycopy(tmpKey, 0, derivedKey, destPos, lenn);
derivedKey[destPos:destPos+lenn] = tmpKey[:lenn]
totalCopied += len(tmpKey)
destPos += lenn
if totalCopied >= outputSizeBytes: # ugly translation of do-while
break
#print ''.join([x.encode("hex") for x in derivedKey]) #[hex(x) for x in derivedKey]
return bytearray( derivedKey )
def _sign_hmac(self, data):
if isinstance(data, six.string_types): data = data.encode("ascii")
hmac = self._hash.copy()
hmac.update(data)
return hmac.finalize()
def _sign_hmac(self, data):
if isinstance(data, six.string_types):
data = data.encode("ascii")
hmac = self._hash.copy()
hmac.update(data)
return hmac.finalize()