def test_digest_multi(self):
x = hmac(hmac.SHA256, b'')
d0 = x.digest()
d1 = x.digest()
d2 = x.digest()
self.assertEqual(d0, d1)
self.assertEqual(d0, d2)
def _node_from_key_handle(rp_id_hash: bytes, keyhandle: bytes,
pathformat: str) -> bip32.HDNode | None:
# unpack the keypath from the first half of keyhandle
keypath = keyhandle[:32]
path = ustruct.unpack(pathformat, keypath)
# check high bit for hardened keys
for i in path:
if not i & HARDENED:
if __debug__:
log.warning(__name__, "invalid key path")
return None
# derive the signing key
nodepath = [_U2F_KEY_PATH] + list(path)
node = seed.derive_node_without_passphrase(nodepath, "nist256p1")
# second half of keyhandle is a hmac of rp_id_hash and keypath
mac = hmac(hmac.SHA256, node.private_key(), rp_id_hash)
mac.update(keypath)
# verify the hmac
if not utils.consteq(mac.digest(), keyhandle[32:]):
if __debug__:
log.warning(__name__, "invalid key handle")
return None
return node
def __init__(self, seed: bytes = None, data: bytes = None) -> None:
assert seed is None or data is None, "Specify exactly one of: seed, data"
if data is not None:
self.data = data
elif seed is not None:
self.data = hmac(hmac.SHA512, b"Symmetric key seed", seed).digest()
else:
raise ValueError # neither seed nor data specified
def get_address_mac(address: str, slip44: int, keychain: Keychain) -> bytes:
# k = Key(m/"SLIP-0024"/"Address MAC key")
node = keychain.derive_slip21(_ADDRESS_MAC_KEY_PATH)
# mac = HMAC-SHA256(key = k, msg = slip44 || address)
mac = utils.HashWriter(hmac(hmac.SHA256, node.key()))
address_bytes = address.encode()
write_uint32_le(mac, slip44)
write_compact_size(mac, len(address_bytes))
write_bytes_unchecked(mac, address_bytes)
return mac.get_digest()
def test_update(self):
# case 3
key = b'\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa'
x = hmac(hmac.SHA256, key)
for i in range(50):
x.update(b'\xdd')
self.assertEqual(
x.digest(),
unhexlify(
'773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe'
))
x = hmac(hmac.SHA512, key)
for i in range(50):
x.update(b'\xdd')
self.assertEqual(
x.digest(),
unhexlify(
'fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39bf3e848279a722c806b485a47e67c807b946a337bee8942674278859e13292fb'
))
# case 4
key = b'\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19'
x = hmac(hmac.SHA256, key)
for i in range(50):
x.update(b'\xcd')
self.assertEqual(
x.digest(),
unhexlify(
'82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b'
))
x = hmac(hmac.SHA512, key)
for i in range(50):
x.update(b'\xcd')
self.assertEqual(
x.digest(),
unhexlify(
'b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3dba91ca5c11aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd'
))
def compute_cipher_key_value(msg: CipherKeyValue, seckey: bytes) -> bytes:
data = msg.key.encode()
data += b"E1" if msg.ask_on_encrypt else b"E0"
data += b"D1" if msg.ask_on_decrypt else b"D0"
data = hmac(hmac.SHA512, seckey, data).digest()
key = data[:32]
if msg.iv and len(msg.iv) == 16:
iv = msg.iv
else:
iv = data[32:48]
ctx = aes(aes.CBC, key, iv)
if msg.encrypt:
return ctx.encrypt(msg.value)
else:
return ctx.decrypt(msg.value)
def generate_key_handle(self) -> None:
# derivation path is m/U2F'/r'/r'/r'/r'/r'/r'/r'/r'
path = [HARDENED | random.uniform(0x80000000) for _ in range(0, 8)]
nodepath = [_U2F_KEY_PATH] + path
# prepare signing key from random path, compute decompressed public key
self.node = seed.derive_node_without_passphrase(nodepath, "nist256p1")
# first half of keyhandle is keypath
keypath = ustruct.pack("<8L", *path)
# second half of keyhandle is a hmac of rp_id_hash and keypath
mac = hmac(hmac.SHA256, self.node.private_key(), self.rp_id_hash)
mac.update(keypath)
self.id = keypath + mac.digest()
def get_identifier(script_pubkey: bytes, keychain: Keychain) -> bytes:
# k = Key(m/"SLIP-0019"/"Ownership identification key")
node = keychain.derive_slip21(_OWNERSHIP_ID_KEY_PATH)
# id = HMAC-SHA256(key = k, msg = scriptPubKey)
return hmac(hmac.SHA256, node.key(), script_pubkey).digest()
def derive_path(self, path: Slip21Path) -> None:
for label in path:
h = hmac(hmac.SHA512, self.data[0:32], b"\x00")
h.update(label)
self.data = h.digest()
def compute_auth_tag(salt: bytes, auth_key: bytes) -> bytes:
digest = hmac(hmac.SHA256, auth_key, salt).digest()
return digest[:SD_SALT_AUTH_TAG_LEN_BYTES]
def compute_auth_tag(salt: bytes, auth_key: bytes) -> bytes:
from trezor.crypto import hmac
digest = hmac(hmac.SHA256, auth_key, salt).digest()
return digest[:SD_SALT_AUTH_TAG_LEN_BYTES]
def _create_digest(random_data: bytes, shared_secret: bytes) -> bytes:
return hmac(hmac.SHA256, random_data,
shared_secret).digest()[:_DIGEST_LENGTH_BYTES]
def bogus_signature(self) -> bytes:
return der.encode_seq((b"\x0a" * 32, b"\x0a" * 32))
def generate_key_handle(self) -> None:
# derivation path is m/U2F'/r'/r'/r'/r'/r'/r'/r'/r'
path = [HARDENED | random.uniform(0x8000_0000) for _ in range(0, 8)]
nodepath = [_U2F_KEY_PATH] + path
# prepare signing key from random path, compute decompressed public key
self.node = seed.derive_node_without_passphrase(nodepath, "nist256p1")
# first half of keyhandle is keypath
keypath = ustruct.pack("<8L", *path)
# second half of keyhandle is a hmac of rp_id_hash and keypath
mac = hmac(hmac.SHA256, self.node.private_key(), self.rp_id_hash)
mac.update(keypath)
self.id = keypath + mac.digest()
def app_name(self) -> str:
from . import knownapps
app = knownapps.by_rp_id_hash(self.rp_id_hash)
if app is not None:
return app.label
start = hexlify(self.rp_id_hash[:4]).decode()
end = hexlify(self.rp_id_hash[-4:]).decode()
return f"{start}...{end}"
def test_digest(self):
# case 1
key = b'\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b'
msg = b'Hi There'
self.assertEqual(
hmac(hmac.SHA256, key, msg).digest(),
unhexlify(
'b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7'
))
self.assertEqual(
hmac(hmac.SHA512, key, msg).digest(),
unhexlify(
'87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854'
))
# case 2
key = b'Jefe'
msg = b'what do ya want for nothing?'
self.assertEqual(
hmac(hmac.SHA256, key, msg).digest(),
unhexlify(
'5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843'
))
self.assertEqual(
hmac(hmac.SHA512, key, msg).digest(),
unhexlify(
'164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737'
))
# case 3
key = b'\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa'
msg = b'\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd'
self.assertEqual(
hmac(hmac.SHA256, key, msg).digest(),
unhexlify(
'773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe'
))
self.assertEqual(
hmac(hmac.SHA512, key, msg).digest(),
unhexlify(
'fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39bf3e848279a722c806b485a47e67c807b946a337bee8942674278859e13292fb'
))
# case 4
key = b'\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19'
msg = b'\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd'
self.assertEqual(
hmac(hmac.SHA256, key, msg).digest(),
unhexlify(
'82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b'
))
self.assertEqual(
hmac(hmac.SHA512, key, msg).digest(),
unhexlify(
'b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3dba91ca5c11aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd'
))
# case 6
key = bytes([0xAA] * 131)
msg = b'Test Using Larger Than Block-Size Key - Hash Key First'
self.assertEqual(
hmac(hmac.SHA256, key, msg).digest(),
unhexlify(
'60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54'
))
self.assertEqual(
hmac(hmac.SHA512, key, msg).digest(),
unhexlify(
'80b24263c7c1a3ebb71493c1dd7be8b49b46d1f41b4aeec1121b013783f8f3526b56d037e05f2598bd0fd2215d6a1e5295e64f73f63f0aec8b915a985d786598'
))
# case 7
key = bytes([0xAA] * 131)
msg = b'This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.'
self.assertEqual(
hmac(hmac.SHA256, key, msg).digest(),
unhexlify(
'9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2'
))
self.assertEqual(
hmac(hmac.SHA512, key, msg).digest(),
unhexlify(
'e37b6a775dc87dbaa4dfa9f96e5e3ffddebd71f8867289865df5a32d20cdc944b6022cac3c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58'
))
