def test_unicode_typeerror(self, backend): with pytest.raises(TypeError): X963KDF( hashes.SHA256(), 16, sharedinfo="foo", # type: ignore[arg-type] backend=backend, ) with pytest.raises(TypeError): xkdf = X963KDF( hashes.SHA256(), 16, sharedinfo=None, backend=backend ) xkdf.derive("foo") # type: ignore[arg-type] with pytest.raises(TypeError): xkdf = X963KDF( hashes.SHA256(), 16, sharedinfo=None, backend=backend ) xkdf.verify("foo", b"bar") # type: ignore[arg-type] with pytest.raises(TypeError): xkdf = X963KDF( hashes.SHA256(), 16, sharedinfo=None, backend=backend ) xkdf.verify(b"foo", "bar") # type: ignore[arg-type]
def test_unicode_typeerror(self, backend): with pytest.raises(TypeError): X963KDF(hashes.SHA256(), 16, sharedinfo=u"foo", backend=backend) with pytest.raises(TypeError): xkdf = X963KDF(hashes.SHA256(), 16, sharedinfo=None, backend=backend) xkdf.derive(u"foo") with pytest.raises(TypeError): xkdf = X963KDF(hashes.SHA256(), 16, sharedinfo=None, backend=backend) xkdf.verify(u"foo", b"bar") with pytest.raises(TypeError): xkdf = X963KDF(hashes.SHA256(), 16, sharedinfo=None, backend=backend) xkdf.verify(b"foo", u"bar")
def test_already_finalized(self, backend): xkdf = X963KDF(hashes.SHA256(), 16, None, backend) xkdf.derive(b"\x01" * 16) with pytest.raises(AlreadyFinalized): xkdf.derive(b"\x02" * 16)
def generate_shared_dh_key(x_pri_key, y_pub_key): shared_key = x_pri_key.exchange(ec.ECDH(), y_pub_key) xkdf = X963KDF(algorithm=hashes.SHA256(), length=32, sharedinfo=None, backend=default_backend()) return base64.b64encode(xkdf.derive(shared_key))
def test_invalid_verify(self, backend): key = binascii.unhexlify( b"96c05619d56c328ab95fe84b18264b08725b85e33fd34f08") xkdf = X963KDF(hashes.SHA256(), 16, None, backend) with pytest.raises(InvalidKey): xkdf.verify(key, b"wrong derived key")
def test_derive(self, backend): key = binascii.unhexlify( b"96c05619d56c328ab95fe84b18264b08725b85e33fd34f08") derivedkey = binascii.unhexlify(b"443024c3dae66b95e6f5670601558f71") xkdf = X963KDF(hashes.SHA256(), 16, None, backend) assert xkdf.derive(key) == derivedkey
def test_invalid_backend(): pretend_backend = object() with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): X963KDF( hashes.SHA256(), 16, None, pretend_backend, # type: ignore[arg-type] )
def test_verify(self, backend): key = binascii.unhexlify( b"22518b10e70f2a3f243810ae3254139efbee04aa57c7af7d") sharedinfo = binascii.unhexlify(b"75eef81aa3041e33b80971203d2c0c52") derivedkey = binascii.unhexlify( b"c498af77161cc59f2962b9a713e2b215152d139766ce34a776df11866a69bf2e" b"52a13d9c7c6fc878c50c5ea0bc7b00e0da2447cfd874f6cf92f30d0097111485" b"500c90c3af8b487872d04685d14c8d1dc8d7fa08beb0ce0ababc11f0bd496269" b"142d43525a78e5bc79a17f59676a5706dc54d54d4d1f0bd7e386128ec26afc21" ) xkdf = X963KDF(hashes.SHA256(), 128, sharedinfo, backend) xkdf.verify(key, derivedkey)
def test_x963(self, backend, vector): hashfn = self._algorithms_dict[vector["hash"]] _skip_hashfn_unsupported(backend, hashfn()) key = binascii.unhexlify(vector["Z"]) sharedinfo = None if vector["sharedinfo_length"] != 0: sharedinfo = binascii.unhexlify(vector["sharedinfo"]) key_data_len = vector["key_data_length"] // 8 key_data = binascii.unhexlify(vector["key_data"]) xkdf = X963KDF(algorithm=hashfn(), length=key_data_len, sharedinfo=sharedinfo, backend=default_backend()) xkdf.verify(key, key_data)
def KDF(sharedinfo, sharedkey): """ Create object of X963KDF Args: sharedinfo: sharedinfo sharedkey: sharedkey Returns: Object of X963KDF """ return X963KDF( algorithm=hashes.SHA256(), # noqa: E126 length= 64, # 16 bytes AES key, 16 bytes AES CTR IV, 32 bytes HMAC-SHA-256 key sharedinfo=sharedinfo, backend=_backend, ).derive(sharedkey)
def test_x963(self, backend, subtests): vectors = load_vectors_from_file( os.path.join("KDF", "ansx963_2001.txt"), load_x963_vectors) for vector in vectors: with subtests.test(): hashfn = self._algorithms_dict[vector["hash"]] _skip_hashfn_unsupported(backend, hashfn()) key = binascii.unhexlify(vector["Z"]) sharedinfo = None if vector["sharedinfo_length"] != 0: sharedinfo = binascii.unhexlify(vector["sharedinfo"]) key_data_len = vector["key_data_length"] // 8 key_data = binascii.unhexlify(vector["key_data"]) xkdf = X963KDF( algorithm=hashfn(), length=key_data_len, sharedinfo=sharedinfo, backend=backend, ) xkdf.verify(key, key_data)
def test_length_limit(self, backend): big_length = hashes.SHA256().digest_size * (2 ** 32 - 1) + 1 with pytest.raises(ValueError): X963KDF(hashes.SHA256(), big_length, None, backend)
#!/usr/bin/python # https://cryptography.io/en/latest/hazmat/primitives/key-derivation-functions/ import os import hexdump from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.kdf.x963kdf import X963KDF sharedinfo = b"ANSI X9.63 Example" xkdf = X963KDF( algorithm=hashes.SHA256(), length=99, sharedinfo=sharedinfo, ) key = xkdf.derive(b"input key") hexdump.hexdump(key) #xkdf = X963KDF( #algorithm=hashes.SHA256(), #length=99, #sharedinfo=sharedinfo, #) #xkdf.verify(b"input key", key)
shared_key = alice_priv.exchange(ec.ECDH(), bob_public) print "ECDH Shared Key: %s\n" % binascii.b2a_hex(shared_key) # # Use the ANSI x9.63 Key Derivation Function to derive the final # encryption key from the ECDH-built key. # # * Use the SHA-256 hash when deriving the key, # * Use Alice's (ephemeral) public key data as Shared Info, and # * Extract 16 bytes (enough for a 128-bit key # <SEB> Modified to use latest # kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM format xkdf = X963KDF(algorithm=hashes.SHA256(), length=32, sharedinfo=alice_pub_bytes, backend=backend) kdf_out = xkdf.derive(shared_key) key_enc = kdf_out[0:16] iv = kdf_out[16:] print 'Final AES Encryption Key: %s\n' % binascii.b2a_hex(key_enc) print 'Initialization Vector: %s\n' % binascii.b2a_hex(iv) # # ENCRYPT THE MESSAGE! # C = AESGCM(key_enc) ct = C.encrypt(iv, message, "")
print('hkdf: {}' .format(ba.hexlify(derived_key))) return derived_key def aes_decrypt(encd, derived_key, iv): #cipher = Cipher(algorithms.AES(derived_key), modes.CBC(iv), backend=default_backend()) decryption = AES.new(derived_key, AES.MODE_CBC, iv) plain_text = decryption.decrypt(encd) #decryptor = cipher.decryptor() #decryption1 = decryptor.update(encd) return plain_text pass_key = ba.unhexlify("12334343") derived_key=hkdf_func(pass_key) data = "c425be88f15f4d14c92303e504380aa9" iv = X963KDF(algorithm=hashes.SHA256(), length=16, sharedinfo=b"mb_security", backend=default_backend()).derive(pass_key) data2="016f75b94ccd687d96ec93ba190de4ea" datahex=bytes.fromhex(data) datahex2=bytes.fromhex(data2) text=aes_decrypt(datahex,derived_key,iv) text2=aes_decrypt(datahex2,derived_key,iv) print("text-->",text) print("\ntext2-->", text2) print("\ntext-->", ba.b2a_hex(text)) print("\ntext2-->", ba.b2a_hex(text2)) shared_key=ba.unhexlify("12334343")
def KDF(sharedinfo, sharedkey): return X963KDF( algorithm=hashes.SHA256(), length=64, # 16 bytes AES key, 16 bytes AES CTR IV, 32 bytes HMAC-SHA-256 key sharedinfo=sharedinfo, backend=_backend).derive(sharedkey)