Exemple #1
0
    def test_invalid_key(self):
        kdf = KBKDFHMAC(hashes.SHA256(),
                        Mode.CounterMode,
                        32,
                        4,
                        4,
                        CounterLocation.BeforeFixed,
                        b'label',
                        b'context',
                        None,
                        backend=default_backend())

        key = kdf.derive(b"material")

        kdf = KBKDFHMAC(hashes.SHA256(),
                        Mode.CounterMode,
                        32,
                        4,
                        4,
                        CounterLocation.BeforeFixed,
                        b'label',
                        b'context',
                        None,
                        backend=default_backend())

        with pytest.raises(InvalidKey):
            kdf.verify(b"material2", key)
Exemple #2
0
    def test_invalid_key(self, backend):
        kdf = KBKDFHMAC(
            hashes.SHA256(),
            Mode.CounterMode,
            32,
            4,
            4,
            CounterLocation.BeforeFixed,
            b"label",
            b"context",
            None,
            backend=backend,
        )

        key = kdf.derive(b"material")

        kdf = KBKDFHMAC(
            hashes.SHA256(),
            Mode.CounterMode,
            32,
            4,
            4,
            CounterLocation.BeforeFixed,
            b"label",
            b"context",
            None,
            backend=backend,
        )

        with pytest.raises(InvalidKey):
            kdf.verify(b"material2", key)
Exemple #3
0
    def test_already_finalized(self, backend):
        kdf = KBKDFHMAC(
            hashes.SHA256(),
            Mode.CounterMode,
            32,
            4,
            4,
            CounterLocation.BeforeFixed,
            b"label",
            b"context",
            None,
            backend=backend,
        )

        kdf.derive(b"material")

        with pytest.raises(AlreadyFinalized):
            kdf.derive(b"material2")

        kdf = KBKDFHMAC(
            hashes.SHA256(),
            Mode.CounterMode,
            32,
            4,
            4,
            CounterLocation.BeforeFixed,
            b"label",
            b"context",
            None,
            backend=backend,
        )

        key = kdf.derive(b"material")

        with pytest.raises(AlreadyFinalized):
            kdf.verify(b"material", key)

        kdf = KBKDFHMAC(
            hashes.SHA256(),
            Mode.CounterMode,
            32,
            4,
            4,
            CounterLocation.BeforeFixed,
            b"label",
            b"context",
            None,
            backend=backend,
        )
        kdf.verify(b"material", key)

        with pytest.raises(AlreadyFinalized):
            kdf.verify(b"material", key)
Exemple #4
0
def _kbkdf_hmac_counter_mode_test(backend, prf, ctr_loc, params):
    supported_hash_algorithms: typing.Dict[
        str, typing.Type[hashes.HashAlgorithm]] = {
            "hmac_sha1": hashes.SHA1,
            "hmac_sha224": hashes.SHA224,
            "hmac_sha256": hashes.SHA256,
            "hmac_sha384": hashes.SHA384,
            "hmac_sha512": hashes.SHA512,
        }

    algorithm = supported_hash_algorithms.get(prf)
    assert algorithm is not None
    assert backend.hmac_supported(algorithm())

    ctrkdf = KBKDFHMAC(
        algorithm(),
        Mode.CounterMode,
        params["l"] // 8,
        params["rlen"] // 8,
        None,
        ctr_loc,
        None,
        None,
        binascii.unhexlify(params["fixedinputdata"]),
        backend=backend,
    )

    ko = ctrkdf.derive(binascii.unhexlify(params["ki"]))
    assert binascii.hexlify(ko) == params["ko"]
Exemple #5
0
 def calculate_derived_key(self, sessionkey, context=None):
     """
     Calculate the derived key given a session key and optional context using KBKDFHMAC
     """
     label = b"AzureAD-SecureConversation"
     if not context:
         context = os.urandom(32)
     else:
         context = binascii.unhexlify(context)
     backend = default_backend()
     kdf = KBKDFHMAC(algorithm=hashes.SHA256(),
                     mode=Mode.CounterMode,
                     length=32,
                     rlen=4,
                     llen=4,
                     location=CounterLocation.BeforeFixed,
                     label=label,
                     context=context,
                     fixed=None,
                     backend=backend)
     if len(sessionkey) == 44:
         keybytes = base64.b64decode(sessionkey)
     else:
         keybytes = binascii.unhexlify(sessionkey)
     derived_key = kdf.derive(keybytes)
     # This is not ideal but further code expects it as hex string
     return binascii.hexlify(context).decode('utf-8'), binascii.hexlify(
         derived_key).decode('utf-8')
Exemple #6
0
    def test_already_finalized(self):
        kdf = KBKDFHMAC(hashes.SHA256(),
                        Mode.CounterMode,
                        32,
                        4,
                        4,
                        CounterLocation.BeforeFixed,
                        b'label',
                        b'context',
                        None,
                        backend=default_backend())

        kdf.derive(b'material')

        with pytest.raises(AlreadyFinalized):
            kdf.derive(b'material2')

        kdf = KBKDFHMAC(hashes.SHA256(),
                        Mode.CounterMode,
                        32,
                        4,
                        4,
                        CounterLocation.BeforeFixed,
                        b'label',
                        b'context',
                        None,
                        backend=default_backend())

        key = kdf.derive(b'material')

        with pytest.raises(AlreadyFinalized):
            kdf.verify(b'material', key)

        kdf = KBKDFHMAC(hashes.SHA256(),
                        Mode.CounterMode,
                        32,
                        4,
                        4,
                        CounterLocation.BeforeFixed,
                        b'label',
                        b'context',
                        None,
                        backend=default_backend())
        kdf.verify(b'material', key)

        with pytest.raises(AlreadyFinalized):
            kdf.verify(b"material", key)
Exemple #7
0
 def test_unicode_error_label(self):
     with pytest.raises(TypeError):
         KBKDFHMAC(hashes.SHA256(),
                   Mode.CounterMode,
                   32,
                   4,
                   4,
                   CounterLocation.BeforeFixed,
                   u'label',
                   b'context',
                   backend=default_backend())
 def test_l_type(self, backend):
     with pytest.raises(TypeError):
         KBKDFHMAC(hashes.SHA1(),
                   Mode.CounterMode,
                   32,
                   4,
                   b'l',
                   CounterLocation.BeforeFixed,
                   b'label',
                   b'context',
                   None,
                   backend=backend)
Exemple #9
0
 def test_unsupported_algorithm(self):
     with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
         KBKDFHMAC(DummyHashAlgorithm(),
                   Mode.CounterMode,
                   32,
                   4,
                   4,
                   CounterLocation.BeforeFixed,
                   b'label',
                   b'context',
                   None,
                   backend=default_backend())
Exemple #10
0
 def test_unsupported_parameters(self):
     with pytest.raises(ValueError):
         KBKDFHMAC(hashes.SHA256(),
                   Mode.CounterMode,
                   32,
                   4,
                   4,
                   CounterLocation.BeforeFixed,
                   b'label',
                   b'context',
                   b'fixed',
                   backend=default_backend())
Exemple #11
0
 def test_unsupported_location(self):
     with pytest.raises(TypeError):
         KBKDFHMAC(hashes.SHA256(),
                   Mode.CounterMode,
                   32,
                   4,
                   4,
                   None,
                   b'label',
                   b'context',
                   None,
                   backend=default_backend())
Exemple #12
0
 def test_unsupported_mode(self):
     with pytest.raises(TypeError):
         KBKDFHMAC(hashes.SHA256(),
                   None,
                   32,
                   4,
                   4,
                   CounterLocation.BeforeFixed,
                   b'label',
                   b'context',
                   None,
                   backend=default_backend())
Exemple #13
0
 def test_l(self):
     with pytest.raises(ValueError):
         KBKDFHMAC(hashes.SHA1(),
                   Mode.CounterMode,
                   32,
                   4,
                   None,
                   CounterLocation.BeforeFixed,
                   b'label',
                   b'context',
                   None,
                   backend=default_backend())
 def test_unicode_error_context(self, backend):
     with pytest.raises(TypeError):
         KBKDFHMAC(hashes.SHA256(),
                   Mode.CounterMode,
                   32,
                   4,
                   4,
                   CounterLocation.BeforeFixed,
                   b'label',
                   u'context',
                   None,
                   backend=backend)
 def test_invalid_backend(self, backend):
     with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
         KBKDFHMAC(hashes.SHA256(),
                   Mode.CounterMode,
                   32,
                   4,
                   4,
                   CounterLocation.BeforeFixed,
                   b'label',
                   b'context',
                   None,
                   backend=object())
 def test_unsupported_hash(self, backend):
     with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
         KBKDFHMAC(object(),
                   Mode.CounterMode,
                   32,
                   4,
                   4,
                   CounterLocation.BeforeFixed,
                   b'label',
                   b'context',
                   None,
                   backend=backend)
 def test_rlen(self, backend):
     with pytest.raises(ValueError):
         KBKDFHMAC(hashes.SHA256(),
                   Mode.CounterMode,
                   32,
                   5,
                   4,
                   CounterLocation.BeforeFixed,
                   b'label',
                   b'context',
                   None,
                   backend=backend)
Exemple #18
0
 def test_unicode_error_label(self, backend):
     with pytest.raises(TypeError):
         KBKDFHMAC(
             hashes.SHA256(),
             Mode.CounterMode,
             32,
             4,
             4,
             CounterLocation.BeforeFixed,
             "label",
             b"context",
             backend=backend,
         )
Exemple #19
0
 def test_unicode_error_key_material(self):
     with pytest.raises(TypeError):
         kdf = KBKDFHMAC(hashes.SHA256(),
                         Mode.CounterMode,
                         32,
                         4,
                         4,
                         CounterLocation.BeforeFixed,
                         b'label',
                         b'context',
                         None,
                         backend=default_backend())
         kdf.derive(u'material')
Exemple #20
0
 def __genKey(self):
     label = "!There is the sun label"
     context = "!There is the sun context"
     kdf = KBKDFHMAC(algorithm=hashes.SHA256(),\
     mode=Mode.CounterMode,length=32,\
     rlen=4,\
     llen=4,\
     location=CounterLocation.BeforeFixed,\
     label=label,\
     context=context,\
     fixed=None,\
     backend=default_backend())
     return base64.urlsafe_b64encode(
         kdf.derive(self.__getSerialNum(config.SER_N_FILE_LOC)))
Exemple #21
0
def _derive_urlsafe_key(*, label, context):
    backend = default_backend()
    kdf = KBKDFHMAC(algorithm=hashes.SHA256(),
                    mode=Mode.CounterMode,
                    length=32,
                    rlen=4,
                    llen=4,
                    location=CounterLocation.BeforeFixed,
                    label=label,
                    context=context,
                    fixed=None,
                    backend=backend)
    key = kdf.derive(settings.SECRET_KEY.encode())
    return urlsafe_b64encode(key)
Exemple #22
0
 def test_unicode_error_context(self, backend):
     with pytest.raises(TypeError):
         KBKDFHMAC(
             hashes.SHA256(),
             Mode.CounterMode,
             32,
             4,
             4,
             CounterLocation.BeforeFixed,
             b"label",
             "context",  # type: ignore[arg-type]
             None,
             backend=backend,
         )
Exemple #23
0
 def test_unsupported_algorithm(self, backend):
     with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
         KBKDFHMAC(
             DummyHashAlgorithm(),
             Mode.CounterMode,
             32,
             4,
             4,
             CounterLocation.BeforeFixed,
             b"label",
             b"context",
             None,
             backend=backend,
         )
Exemple #24
0
 def test_unsupported_hash(self, backend):
     with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
         KBKDFHMAC(
             object(),  # type: ignore[arg-type]
             Mode.CounterMode,
             32,
             4,
             4,
             CounterLocation.BeforeFixed,
             b"label",
             b"context",
             None,
             backend=backend,
         )
Exemple #25
0
 def test_unsupported_parameters(self, backend):
     with pytest.raises(ValueError):
         KBKDFHMAC(
             hashes.SHA256(),
             Mode.CounterMode,
             32,
             4,
             4,
             CounterLocation.BeforeFixed,
             b"label",
             b"context",
             b"fixed",
             backend=backend,
         )
Exemple #26
0
    def test_key_length(self):
        kdf = KBKDFHMAC(hashes.SHA1(),
                        Mode.CounterMode,
                        85899345920,
                        4,
                        4,
                        CounterLocation.BeforeFixed,
                        b'label',
                        b'context',
                        None,
                        backend=default_backend())

        with pytest.raises(ValueError):
            kdf.derive(b'material')
Exemple #27
0
 def test_unsupported_location(self, backend):
     with pytest.raises(TypeError):
         KBKDFHMAC(
             hashes.SHA256(),
             Mode.CounterMode,
             32,
             4,
             4,
             None,  # type: ignore[arg-type]
             b"label",
             b"context",
             None,
             backend=backend,
         )
Exemple #28
0
 def test_unsupported_mode(self, backend):
     with pytest.raises(TypeError):
         KBKDFHMAC(
             hashes.SHA256(),
             None,  # type: ignore[arg-type]
             32,
             4,
             4,
             CounterLocation.BeforeFixed,
             b"label",
             b"context",
             None,
             backend=backend,
         )
Exemple #29
0
 def test_l(self, backend):
     with pytest.raises(ValueError):
         KBKDFHMAC(
             hashes.SHA1(),
             Mode.CounterMode,
             32,
             4,
             None,
             CounterLocation.BeforeFixed,
             b"label",
             b"context",
             None,
             backend=backend,
         )
Exemple #30
0
 def test_l_type(self, backend):
     with pytest.raises(TypeError):
         KBKDFHMAC(
             hashes.SHA1(),
             Mode.CounterMode,
             32,
             4,
             b"l",  # type: ignore[arg-type]
             CounterLocation.BeforeFixed,
             b"label",
             b"context",
             None,
             backend=backend,
         )