def verify_key(
self,
material: bytes,
expected_key: bytes,
context: Union[List[Any], Dict[str, Any]],
):
if isinstance(context, dict):
alg = self._alg if isinstance(self._alg, int) else 0
context = to_cis(context, alg)
else:
self._validate_context(context)
# Verify key.
try:
hkdf = HKDF(
algorithm=self._hash_alg,
length=COSE_KEY_LEN[context[0]] // 8,
salt=self._salt,
info=self._dumps(context),
)
hkdf.verify(material, expected_key)
except Exception as err:
raise VerifyError("Failed to verify key.") from err
return
def test_unicode_typeerror(self, backend):
with pytest.raises(TypeError):
HKDF(hashes.SHA256(), 16, salt="foo", info=None, backend=backend)
with pytest.raises(TypeError):
HKDF(hashes.SHA256(), 16, salt=None, info="foo", backend=backend)
with pytest.raises(TypeError):
hkdf = HKDF(hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend)
hkdf.derive("foo")
with pytest.raises(TypeError):
hkdf = HKDF(hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend)
hkdf.verify("foo", b"bar")
with pytest.raises(TypeError):
hkdf = HKDF(hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend)
hkdf.verify(b"foo", "bar")
def test_already_finalized(self, backend):
hkdf = HKDF(
hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend
)
hkdf.derive(b"\x01" * 16)
with pytest.raises(AlreadyFinalized):
hkdf.derive(b"\x02" * 16)
hkdf = HKDF(
hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend
)
hkdf.verify(b"\x01" * 16, b"gJ\xfb{\xb1Oi\xc5sMC\xb7\xe4@\xf7u")
with pytest.raises(AlreadyFinalized):
hkdf.verify(b"\x02" * 16, b"gJ\xfb{\xb1Oi\xc5sMC\xb7\xe4@\xf7u")
hkdf = HKDF(
hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend
)
def test_verify(self, backend):
hkdf = HKDF(
hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend
)
hkdf.verify(b"\x01" * 16, b"gJ\xfb{\xb1Oi\xc5sMC\xb7\xe4@\xf7u")
def test_verify_invalid(self, backend):
hkdf = HKDF(
hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend
)
with pytest.raises(InvalidKey):
hkdf.verify(b"\x02" * 16, b"gJ\xfb{\xb1Oi\xc5sMC\xb7\xe4@\xf7u")
def test_unicode_typeerror(self, backend):
with pytest.raises(TypeError):
HKDF(
hashes.SHA256(),
16,
salt=six.u("foo"),
info=None,
backend=backend
)
with pytest.raises(TypeError):
HKDF(
hashes.SHA256(),
16,
salt=None,
info=six.u("foo"),
backend=backend
)
with pytest.raises(TypeError):
hkdf = HKDF(
hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend
)
hkdf.derive(six.u("foo"))
with pytest.raises(TypeError):
hkdf = HKDF(
hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend
)
hkdf.verify(six.u("foo"), b"bar")
with pytest.raises(TypeError):
hkdf = HKDF(
hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend
)
hkdf.verify(b"foo", six.u("bar"))
# The book can be downloaded from https://leanpub.com/cryptop
# Online Crypto Playgroud https://8gwifi.org
# Author Anish Nath
backend = default_backend()
salt = os.urandom(16)
info = b"hkdf-example"
hkdf = HKDF(
algorithm=hashes.SHA256(),
length=32,
salt=salt,
info=info,
backend=backend
)
key = hkdf.derive(b"input key")
base64.b64encode(key)
# Recreate the HKDF Instace to Verify the
hkdf = HKDF(
algorithm=hashes.SHA256(),
length=32,
salt=salt,
info=info,
backend=backend
)
hkdf.verify(b"input key", key)
