def test_crypto_pwhash_scryptsalsa208sha256(self): passwd = b'Correct Horse Battery Staple' other_passwd = b'correct horse battery staple' salt = binascii.unhexlify( b'4206baae5578933d7cfb315b1c257cc7af162965a91a74ccbb1cfa1d747eb691' ) other_salt = binascii.unhexlify( b'4206baae5578933d7cfb315b1c257cc7af162965a91a74ccbb1cfa1d747eb692' ) # Use very small limits to avoid burning resources in CI mem_limit = 16777216 ops_limit = 32768 key16 = pysodium.crypto_pwhash_scryptsalsa208sha256( 16, passwd, salt, ops_limit, mem_limit) self.assertEqual(len(key16), 16) self.assertEqual(key16, b'U\x18aL\xcf\xc9\xa3\xf6(\x8f\xed)\xeej8\xdf') key = pysodium.crypto_pwhash_scryptsalsa208sha256( 32, passwd, salt, ops_limit, mem_limit) self.assertEqual(len(key), 32) self.assertEqual( key, b'U\x18aL\xcf\xc9\xa3\xf6(\x8f\xed)\xeej8\xdfG\x82hf+vu\xcd\x9c\xdb\xbcmt\xf7\xf1\x10' ) self.assertNotEqual( key, pysodium.crypto_pwhash_scryptsalsa208sha256( 32, passwd, other_salt, ops_limit, mem_limit)) self.assertNotEqual( key, pysodium.crypto_pwhash_scryptsalsa208sha256( 32, other_passwd, salt, ops_limit, mem_limit))
def test_crypto_pwhash_scryptsalsa208sha256(self): passwd = "howdy" outlen = 128 salt = pysodium.randombytes( pysodium.crypto_pwhash_scryptsalsa208sha256_SALTBYTES) output = pysodium.crypto_pwhash_scryptsalsa208sha256( outlen, passwd, salt) self.assertEqual(128, len(output)) salt = b'12345678901234567890123456789012' output = pysodium.crypto_pwhash_scryptsalsa208sha256( outlen, passwd, salt) self.assertEqual( binascii.unhexlify( b'6c3c08743a1389029ed68744f24dfd4cd550ad4a78af60e450f310f084bf0fc6fed23c22c71a427308cb4b98e8bbefc2be3c385c585f65b8a23682b44d8b45605f1fec2b1650c7cdedc2a73dcbed13d9cfb630cb207b3a8773b1ae0ff880c2cb5a855b49ab79f85dfd257f6f25e2da17248d81f4b8035220b467d9ca078be5f6' ), output)
def test_crypto_pwhash_salsa208sha256(self): password = b'howdy' salt = b'salt' self.assertEqual( pysodium.crypto_pwhash_scryptsalsa208sha256(password, salt), binascii.unhexlify( b'e120dbbf3a5865f1bb0584e7cf307abcd9a3c7491871928fd7ca02577eb2b6b6' ))
def scrypt_decrypt(data, password): buf = io.BytesIO(data) memlimit = int.from_bytes(buf.read(4), "little") opslimit = int.from_bytes(buf.read(4), "little") salt = buf.read(pysodium.crypto_pwhash_scryptsalsa208sha256_SALTBYTES) if isinstance(password, str): password = password.encode("utf-8") key = pysodium.crypto_pwhash_scryptsalsa208sha256(pysodium.crypto_secretbox_KEYBYTES, password, salt, memlimit, opslimit) nonce = buf.read(pysodium.crypto_secretbox_NONCEBYTES) cyphertext = buf.read() return pysodium.crypto_secretbox_open(cyphertext, nonce, key)
def test_crypto_pwhash_scryptsalsa208sha256(self): passwd = b'Correct Horse Battery Staple' other_passwd = b'correct horse battery staple' salt = binascii.unhexlify(b'4206baae5578933d7cfb315b1c257cc7af162965a91a74ccbb1cfa1d747eb691') other_salt = binascii.unhexlify(b'4206baae5578933d7cfb315b1c257cc7af162965a91a74ccbb1cfa1d747eb692') # Use very small limits to avoid burning resources in CI mem_limit = 32 * 1024 ops_limit = 1024 key16 = pysodium.crypto_pwhash_scryptsalsa208sha256(16, passwd, salt, ops_limit, mem_limit) self.assertEqual(len(key16), 16) self.assertEqual(key16, binascii.unhexlify(b'34f05e9bef8beccd658acf5f123680b7')) key = pysodium.crypto_pwhash_scryptsalsa208sha256(32, passwd, salt, ops_limit, mem_limit) self.assertEqual(len(key), 32) self.assertEqual(key, binascii.unhexlify(b'34f05e9bef8beccd658acf5f123680b7d30c88d7e9328f9e47ab90185b6ee9ff')) self.assertNotEqual(key, pysodium.crypto_pwhash_scryptsalsa208sha256(32, passwd, other_salt, ops_limit, mem_limit)) self.assertNotEqual(key, pysodium.crypto_pwhash_scryptsalsa208sha256(32, other_passwd, salt, ops_limit, mem_limit))
def derive_keypair(salt, flag): flag = flag.encode('utf-8') assert isinstance(salt, bytes) assert isinstance(flag, bytes) assert len(salt) == pysodium.crypto_pwhash_scryptsalsa208sha256_SALTBYTES chall_seed = pysodium.crypto_pwhash_scryptsalsa208sha256( pysodium.crypto_sign_SEEDBYTES, flag, salt, Settings.scrypt_ops_limit, Settings.scrypt_mem_limit) return pysodium.crypto_sign_seed_keypair(chall_seed)
def test_crypto_pwhash_scryptsalsa208sha256(self): passwd = b'Correct Horse Battery Staple' other_passwd = b'correct horse battery staple' salt = binascii.unhexlify(b'4206baae5578933d7cfb315b1c257cc7af162965a91a74ccbb1cfa1d747eb691') other_salt = binascii.unhexlify(b'4206baae5578933d7cfb315b1c257cc7af162965a91a74ccbb1cfa1d747eb692') # Use very small limits to avoid burning resources in CI mem_limit = 16777216 ops_limit = 32768 key16 = pysodium.crypto_pwhash_scryptsalsa208sha256(16, passwd, salt, ops_limit, mem_limit) self.assertEqual(len(key16), 16) self.assertEqual(key16, b'U\x18aL\xcf\xc9\xa3\xf6(\x8f\xed)\xeej8\xdf') key = pysodium.crypto_pwhash_scryptsalsa208sha256(32, passwd, salt, ops_limit, mem_limit) self.assertEqual(len(key), 32) self.assertEqual(key, b'U\x18aL\xcf\xc9\xa3\xf6(\x8f\xed)\xeej8\xdfG\x82hf+vu\xcd\x9c\xdb\xbcmt\xf7\xf1\x10') self.assertNotEqual(key, pysodium.crypto_pwhash_scryptsalsa208sha256(32, passwd, other_salt, ops_limit, mem_limit)) self.assertNotEqual(key, pysodium.crypto_pwhash_scryptsalsa208sha256(32, other_passwd, salt, ops_limit, mem_limit))
def __init__(self, password): if (isinstance(password,(str,))): password = password.encode('utf-8') self._salt = pysodium.crypto_hash_sha256(b'Root of Trust' + password)[0:pysodium.crypto_pwhash_scryptsalsa208sha256_SALTBYTES] print("") print("Deriving root key with:") print(" opsl = ", self._ops) print(" meml = ", self._mem) print(" salt = ", hexlify(self._salt)) self._seed = pysodium.crypto_pwhash_scryptsalsa208sha256(pysodium.crypto_sign_SEEDBYTES, password, self._salt, opslimit=self._ops, memlimit=self._mem) self._pk, self._sk = pysodium.crypto_sign_seed_keypair(self._seed) print(" Root Public Key: ", hexlify(self._pk)) print("")
def encrypt(plaintext, password): """Encrypts the given plaintext using libsodium secretbox, key is generated using scryptsalsa208sha256 with a random salt and nonce (we can not guarantee the incrementing anyway). Note that any str objects are assumed to be in utf-8.""" salt = pysodium.randombytes(pysodium.crypto_pwhash_scryptsalsa208sha256_SALTBYTES) memlimit = pysodium.crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE opslimit = pysodium.crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE if isinstance(password, str): password = password.encode("utf-8") key = pysodium.crypto_pwhash_scryptsalsa208sha256(pysodium.crypto_secretbox_KEYBYTES, password, salt, memlimit, opslimit) nonce = pysodium.randombytes(pysodium.crypto_secretbox_NONCEBYTES) if isinstance(plaintext, str): plaintext = plaintext.encode("utf-8") cyphertext = pysodium.crypto_secretbox(plaintext, nonce, key) data = (1).to_bytes(1, "little") data += memlimit.to_bytes(4, "little") data += opslimit.to_bytes(4, "little") data += salt data += nonce data += cyphertext return base64.b64encode(data)
def pass2key(passphrase): """Generate key from passphrase using libsodium crypto_pwhash_scryptsalsa208sha256 func salt: buffer of zeros opslimit: crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE memlimit: crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE """ buf = passphrase.encode('utf-8') KEY_BYTES = pysodium.crypto_pwhash_scryptsalsa208sha256_SALTBYTES #32 # this should be: # salt = bytes(KEY_BYTES) # but due to bytes() stupid stuff in py2 we need this awfull stuff salt = ('\00' * KEY_BYTES).encode('utf-8') opslimit = pysodium.crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE memlimit = pysodium.crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE key = pysodium.crypto_pwhash_scryptsalsa208sha256(KEY_BYTES, buf, salt, opslimit, memlimit) return key
def __init__(self, password, rot): if (isinstance(password,(str,))): password = password.encode('utf-8') try: rot = unhexlify(rot) except: pass self._salt = {} self._salt['producer'] = pysodium.crypto_hash_sha256(b'producer' + rot)[0:pysodium.crypto_pwhash_scryptsalsa208sha256_SALTBYTES] self._salt['consumer'] = pysodium.crypto_hash_sha256(b'consumer' + rot)[0:pysodium.crypto_pwhash_scryptsalsa208sha256_SALTBYTES] self._salt['prodcon'] = pysodium.crypto_hash_sha256(b'prodcon' + rot)[0:pysodium.crypto_pwhash_scryptsalsa208sha256_SALTBYTES] self._seed = {} self._pk = {} self._sk = {} print("") print("Deriving provisioning keys with:") print(" opsl = ", self._ops) print(" meml = ", self._mem) for key in self._salt.keys(): print(" salt (", key, ") = ", hexlify(self._salt[key])) self._seed[key] = pysodium.crypto_pwhash_scryptsalsa208sha256(pysodium.crypto_sign_SEEDBYTES, password, self._salt[key], opslimit=self._ops, memlimit=self._mem) self._pk[key], self._sk[key] = pysodium.crypto_sign_seed_keypair(self._seed[key]) print(" Signing Public Key (", key, "): ", hexlify(self._pk[key])) print("")
def test_crypto_pwhash_salsa208sha256(self): password = b'howdy' salt = b'salt' self.assertEqual(pysodium.crypto_pwhash_scryptsalsa208sha256(password, salt), binascii.unhexlify(b'e120dbbf3a5865f1bb0584e7cf307abcd9a3c7491871928fd7ca02577eb2b6b6'))