def test_weak():
# this is a key with only 93 bits security from the paper:
unsafe_key = b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xEC\x69\x7A\xA8'
assert not is_key_safe(unsafe_key)
assert not is_key_safe(unsafe_key, threshold=THRESHOLD)
assert not is_key_safe(unsafe_key, threshold=94)
assert is_key_safe(unsafe_key, threshold=93)
def test_get_safe_key():
for threshold in 125, 126, 127, :
for length in 128, 256:
key1 = get_safe_key(length, threshold=threshold)
key2 = get_safe_key(length, threshold=threshold)
assert key1 != key2
assert len(key1) == len(key2) == length // 8
assert is_key_safe(key1, threshold=threshold)
assert is_key_safe(key2, threshold=threshold)
def test_get_safe_key():
for threshold in 125, 126, 127, :
for length in 128, 256:
key1 = get_safe_key(length, threshold=threshold)
key2 = get_safe_key(length, threshold=threshold)
assert key1 != key2
assert len(key1) == len(key2) == length // 8
assert is_key_safe(key1, threshold=threshold)
assert is_key_safe(key2, threshold=threshold)
def main():
parser = argparse.ArgumentParser(description='AES tools')
subparsers = parser.add_subparsers(dest='cmd', help='sub-command help')
parser_check = subparsers.add_parser('check', help='check an AES GCM key')
parser_check.add_argument('key', type=valid_key,
help='key in hex representation')
parser_generate = subparsers.add_parser('generate', help='generate a safe AES GCM key')
parser_generate.add_argument('bits', type=valid_bits,
help='key length, 128 or 256')
args = parser.parse_args()
if args.cmd == 'check':
selftest()
safe = is_key_safe(args.key)
print("%s is safe: %r" % (hexlify(args.key).decode('ascii'), safe))
return 0 if safe else 1
if args.cmd == 'generate':
selftest()
key = get_safe_key(args.bits)
print(hexlify(key).decode('ascii'))
return 0
def test_invalid_threshold():
key = b'\42' * 16
with pytest.raises(AssertionError):
is_key_safe(key, threshold=0)
with pytest.raises(AssertionError):
is_key_safe(key, threshold=129)
def test_strong():
# most keys should be strong
safe_key = b'\xfe\xde\xec\x12\x34\x56\x78\x00\xaa\xbb\xcc\xdd\xee\xff\x42\x23'
assert is_key_safe(safe_key)
assert is_key_safe(safe_key, threshold=THRESHOLD)
def test_invalid_threshold():
key, _ = KEYS_STRENGTHS[STRONG]
with pytest.raises(AssertionError):
is_key_safe(key, threshold=0)
with pytest.raises(AssertionError):
is_key_safe(key, threshold=129)
def test_strong():
safe_key, _ = KEYS_STRENGTHS[STRONG]
assert is_key_safe(safe_key)
assert is_key_safe(safe_key, threshold=THRESHOLD)
def test_weak():
unsafe_key, strength = KEYS_STRENGTHS[WEAK]
assert not is_key_safe(unsafe_key)
assert not is_key_safe(unsafe_key, threshold=THRESHOLD)
assert not is_key_safe(unsafe_key, threshold=strength+1)
assert is_key_safe(unsafe_key, threshold=strength)
def test_invalid_threshold():
key, _ = KEYS_STRENGTHS[STRONG]
with pytest.raises(AssertionError):
is_key_safe(key, threshold=0)
with pytest.raises(AssertionError):
is_key_safe(key, threshold=129)
def test_strong():
safe_key, _ = KEYS_STRENGTHS[STRONG]
assert is_key_safe(safe_key)
assert is_key_safe(safe_key, threshold=THRESHOLD)
def test_weak():
unsafe_key, strength = KEYS_STRENGTHS[WEAK]
assert not is_key_safe(unsafe_key)
assert not is_key_safe(unsafe_key, threshold=THRESHOLD)
assert not is_key_safe(unsafe_key, threshold=strength + 1)
assert is_key_safe(unsafe_key, threshold=strength)