def _create_digest(random_data, shared_secret): return hmac.new(random_data, shared_secret, hashlib.sha256).digest()[:_DIGEST_LENGTH_BYTES]
def derive_path(self, path: list) -> None: for label in path: h = hmac.new(self.data[0:32], b"\x00", hashlib.sha512) h.update(label) self.data = h.digest()
def compute_hmac(key, msg=None): h = hmac.new(key, msg=msg, digestmod=keccak_factory) return h.digest()
def __init__(self, seed: bytes = None) -> None: if seed is not None: self.data = hmac.new(b"Symmetric key seed", seed, hashlib.sha512).digest() else: self.data = b""
async def request_sd_salt(ctx: Optional[wire.Context], salt_auth_key: bytes) -> bytearray: salt_path = _get_salt_path() new_salt_path = _get_salt_path(True) sd = io.SDCard() fs = io.FatFS() if not sd.power(True): await _insert_card_dialog(ctx) raise SdProtectCancelled try: fs.mount() # Load salt if it exists. try: with fs.open(salt_path, "r") as f: salt = bytearray( SD_SALT_LEN_BYTES) # type: Optional[bytearray] salt_tag = bytearray(SD_SALT_AUTH_TAG_LEN_BYTES) f.read(salt) f.read(salt_tag) except OSError: salt = None if salt is not None and consteq( hmac.new(salt_auth_key, salt, sha256).digest()[:SD_SALT_AUTH_TAG_LEN_BYTES], salt_tag, ): return salt # Load salt.new if it exists. try: with fs.open(new_salt_path, "r") as f: new_salt = bytearray( SD_SALT_LEN_BYTES) # type: Optional[bytearray] new_salt_tag = bytearray(SD_SALT_AUTH_TAG_LEN_BYTES) f.read(new_salt) f.read(new_salt_tag) except OSError: new_salt = None if new_salt is not None and consteq( hmac.new(salt_auth_key, new_salt, sha256).digest()[:SD_SALT_AUTH_TAG_LEN_BYTES], new_salt_tag, ): # SD salt regeneration was interrupted earlier. Bring into consistent state. # TODO Possibly overwrite salt file with random data. try: fs.unlink(salt_path) except OSError: pass fs.rename(new_salt_path, salt_path) return new_salt finally: fs.unmount() sd.power(False) await _wrong_card_dialog(ctx) raise SdProtectCancelled
def compute_auth_tag(salt: bytes, auth_key: bytes) -> bytes: digest = hmac.new(auth_key, salt, sha256).digest() return digest[:SD_SALT_AUTH_TAG_LEN_BYTES]
def _compute_state(salt: bytes, passphrase: str) -> bytes: # state = HMAC(passphrase, salt || device_id) message = salt + get_device_id().encode() state = hmac.new(passphrase.encode(), message, hashlib.sha256).digest() return salt + state
def derive_slip77_blinding_private_key(self, script: bytes) -> bytes: """Following the derivation by Elements/Liquid.""" master_node = self.derive(node_path=[b"SLIP-0077"], curve_name="slip21") return hmac.new( key=master_node.key(), msg=script, digestmod=hashlib.sha256 ).digest()