def test_digest_multi(self): x = hmac(hmac.SHA256, b'') d0 = x.digest() d1 = x.digest() d2 = x.digest() self.assertEqual(d0, d1) self.assertEqual(d0, d2)
def _node_from_key_handle(rp_id_hash: bytes, keyhandle: bytes, pathformat: str) -> bip32.HDNode | None: # unpack the keypath from the first half of keyhandle keypath = keyhandle[:32] path = ustruct.unpack(pathformat, keypath) # check high bit for hardened keys for i in path: if not i & HARDENED: if __debug__: log.warning(__name__, "invalid key path") return None # derive the signing key nodepath = [_U2F_KEY_PATH] + list(path) node = seed.derive_node_without_passphrase(nodepath, "nist256p1") # second half of keyhandle is a hmac of rp_id_hash and keypath mac = hmac(hmac.SHA256, node.private_key(), rp_id_hash) mac.update(keypath) # verify the hmac if not utils.consteq(mac.digest(), keyhandle[32:]): if __debug__: log.warning(__name__, "invalid key handle") return None return node
def __init__(self, seed: bytes = None, data: bytes = None) -> None: assert seed is None or data is None, "Specify exactly one of: seed, data" if data is not None: self.data = data elif seed is not None: self.data = hmac(hmac.SHA512, b"Symmetric key seed", seed).digest() else: raise ValueError # neither seed nor data specified
def get_address_mac(address: str, slip44: int, keychain: Keychain) -> bytes: # k = Key(m/"SLIP-0024"/"Address MAC key") node = keychain.derive_slip21(_ADDRESS_MAC_KEY_PATH) # mac = HMAC-SHA256(key = k, msg = slip44 || address) mac = utils.HashWriter(hmac(hmac.SHA256, node.key())) address_bytes = address.encode() write_uint32_le(mac, slip44) write_compact_size(mac, len(address_bytes)) write_bytes_unchecked(mac, address_bytes) return mac.get_digest()
def test_update(self): # case 3 key = b'\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa' x = hmac(hmac.SHA256, key) for i in range(50): x.update(b'\xdd') self.assertEqual( x.digest(), unhexlify( '773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe' )) x = hmac(hmac.SHA512, key) for i in range(50): x.update(b'\xdd') self.assertEqual( x.digest(), unhexlify( 'fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39bf3e848279a722c806b485a47e67c807b946a337bee8942674278859e13292fb' )) # case 4 key = b'\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19' x = hmac(hmac.SHA256, key) for i in range(50): x.update(b'\xcd') self.assertEqual( x.digest(), unhexlify( '82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b' )) x = hmac(hmac.SHA512, key) for i in range(50): x.update(b'\xcd') self.assertEqual( x.digest(), unhexlify( 'b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3dba91ca5c11aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd' ))
def compute_cipher_key_value(msg: CipherKeyValue, seckey: bytes) -> bytes: data = msg.key.encode() data += b"E1" if msg.ask_on_encrypt else b"E0" data += b"D1" if msg.ask_on_decrypt else b"D0" data = hmac(hmac.SHA512, seckey, data).digest() key = data[:32] if msg.iv and len(msg.iv) == 16: iv = msg.iv else: iv = data[32:48] ctx = aes(aes.CBC, key, iv) if msg.encrypt: return ctx.encrypt(msg.value) else: return ctx.decrypt(msg.value)
def generate_key_handle(self) -> None: # derivation path is m/U2F'/r'/r'/r'/r'/r'/r'/r'/r' path = [HARDENED | random.uniform(0x80000000) for _ in range(0, 8)] nodepath = [_U2F_KEY_PATH] + path # prepare signing key from random path, compute decompressed public key self.node = seed.derive_node_without_passphrase(nodepath, "nist256p1") # first half of keyhandle is keypath keypath = ustruct.pack("<8L", *path) # second half of keyhandle is a hmac of rp_id_hash and keypath mac = hmac(hmac.SHA256, self.node.private_key(), self.rp_id_hash) mac.update(keypath) self.id = keypath + mac.digest()
def get_identifier(script_pubkey: bytes, keychain: Keychain) -> bytes: # k = Key(m/"SLIP-0019"/"Ownership identification key") node = keychain.derive_slip21(_OWNERSHIP_ID_KEY_PATH) # id = HMAC-SHA256(key = k, msg = scriptPubKey) return hmac(hmac.SHA256, node.key(), script_pubkey).digest()
def derive_path(self, path: Slip21Path) -> None: for label in path: h = hmac(hmac.SHA512, self.data[0:32], b"\x00") h.update(label) self.data = h.digest()
def compute_auth_tag(salt: bytes, auth_key: bytes) -> bytes: digest = hmac(hmac.SHA256, auth_key, salt).digest() return digest[:SD_SALT_AUTH_TAG_LEN_BYTES]
def compute_auth_tag(salt: bytes, auth_key: bytes) -> bytes: from trezor.crypto import hmac digest = hmac(hmac.SHA256, auth_key, salt).digest() return digest[:SD_SALT_AUTH_TAG_LEN_BYTES]
def _create_digest(random_data: bytes, shared_secret: bytes) -> bytes: return hmac(hmac.SHA256, random_data, shared_secret).digest()[:_DIGEST_LENGTH_BYTES]
def bogus_signature(self) -> bytes: return der.encode_seq((b"\x0a" * 32, b"\x0a" * 32)) def generate_key_handle(self) -> None: # derivation path is m/U2F'/r'/r'/r'/r'/r'/r'/r'/r' path = [HARDENED | random.uniform(0x8000_0000) for _ in range(0, 8)] nodepath = [_U2F_KEY_PATH] + path # prepare signing key from random path, compute decompressed public key self.node = seed.derive_node_without_passphrase(nodepath, "nist256p1") # first half of keyhandle is keypath keypath = ustruct.pack("<8L", *path) # second half of keyhandle is a hmac of rp_id_hash and keypath mac = hmac(hmac.SHA256, self.node.private_key(), self.rp_id_hash) mac.update(keypath) self.id = keypath + mac.digest() def app_name(self) -> str: from . import knownapps app = knownapps.by_rp_id_hash(self.rp_id_hash) if app is not None: return app.label start = hexlify(self.rp_id_hash[:4]).decode() end = hexlify(self.rp_id_hash[-4:]).decode() return f"{start}...{end}"
def test_digest(self): # case 1 key = b'\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b' msg = b'Hi There' self.assertEqual( hmac(hmac.SHA256, key, msg).digest(), unhexlify( 'b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7' )) self.assertEqual( hmac(hmac.SHA512, key, msg).digest(), unhexlify( '87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854' )) # case 2 key = b'Jefe' msg = b'what do ya want for nothing?' self.assertEqual( hmac(hmac.SHA256, key, msg).digest(), unhexlify( '5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843' )) self.assertEqual( hmac(hmac.SHA512, key, msg).digest(), unhexlify( '164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737' )) # case 3 key = b'\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa' msg = b'\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd' self.assertEqual( hmac(hmac.SHA256, key, msg).digest(), unhexlify( '773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe' )) self.assertEqual( hmac(hmac.SHA512, key, msg).digest(), unhexlify( 'fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39bf3e848279a722c806b485a47e67c807b946a337bee8942674278859e13292fb' )) # case 4 key = b'\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19' msg = b'\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd' self.assertEqual( hmac(hmac.SHA256, key, msg).digest(), unhexlify( '82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b' )) self.assertEqual( hmac(hmac.SHA512, key, msg).digest(), unhexlify( 'b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3dba91ca5c11aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd' )) # case 6 key = bytes([0xAA] * 131) msg = b'Test Using Larger Than Block-Size Key - Hash Key First' self.assertEqual( hmac(hmac.SHA256, key, msg).digest(), unhexlify( '60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54' )) self.assertEqual( hmac(hmac.SHA512, key, msg).digest(), unhexlify( '80b24263c7c1a3ebb71493c1dd7be8b49b46d1f41b4aeec1121b013783f8f3526b56d037e05f2598bd0fd2215d6a1e5295e64f73f63f0aec8b915a985d786598' )) # case 7 key = bytes([0xAA] * 131) msg = b'This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.' self.assertEqual( hmac(hmac.SHA256, key, msg).digest(), unhexlify( '9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2' )) self.assertEqual( hmac(hmac.SHA512, key, msg).digest(), unhexlify( 'e37b6a775dc87dbaa4dfa9f96e5e3ffddebd71f8867289865df5a32d20cdc944b6022cac3c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58' ))