def test_unicode_typeerror(self, backend):
with pytest.raises(TypeError):
X963KDF(
hashes.SHA256(),
16,
sharedinfo="foo", # type: ignore[arg-type]
backend=backend,
)
with pytest.raises(TypeError):
xkdf = X963KDF(
hashes.SHA256(), 16, sharedinfo=None, backend=backend
)
xkdf.derive("foo") # type: ignore[arg-type]
with pytest.raises(TypeError):
xkdf = X963KDF(
hashes.SHA256(), 16, sharedinfo=None, backend=backend
)
xkdf.verify("foo", b"bar") # type: ignore[arg-type]
with pytest.raises(TypeError):
xkdf = X963KDF(
hashes.SHA256(), 16, sharedinfo=None, backend=backend
)
xkdf.verify(b"foo", "bar") # type: ignore[arg-type]
def test_unicode_typeerror(self, backend):
with pytest.raises(TypeError):
X963KDF(hashes.SHA256(), 16, sharedinfo=u"foo", backend=backend)
with pytest.raises(TypeError):
xkdf = X963KDF(hashes.SHA256(),
16,
sharedinfo=None,
backend=backend)
xkdf.derive(u"foo")
with pytest.raises(TypeError):
xkdf = X963KDF(hashes.SHA256(),
16,
sharedinfo=None,
backend=backend)
xkdf.verify(u"foo", b"bar")
with pytest.raises(TypeError):
xkdf = X963KDF(hashes.SHA256(),
16,
sharedinfo=None,
backend=backend)
xkdf.verify(b"foo", u"bar")
def test_already_finalized(self, backend):
xkdf = X963KDF(hashes.SHA256(), 16, None, backend)
xkdf.derive(b"\x01" * 16)
with pytest.raises(AlreadyFinalized):
xkdf.derive(b"\x02" * 16)
def generate_shared_dh_key(x_pri_key, y_pub_key):
shared_key = x_pri_key.exchange(ec.ECDH(), y_pub_key)
xkdf = X963KDF(algorithm=hashes.SHA256(),
length=32,
sharedinfo=None,
backend=default_backend())
return base64.b64encode(xkdf.derive(shared_key))
def test_invalid_verify(self, backend):
key = binascii.unhexlify(
b"96c05619d56c328ab95fe84b18264b08725b85e33fd34f08")
xkdf = X963KDF(hashes.SHA256(), 16, None, backend)
with pytest.raises(InvalidKey):
xkdf.verify(key, b"wrong derived key")
def test_derive(self, backend):
key = binascii.unhexlify(
b"96c05619d56c328ab95fe84b18264b08725b85e33fd34f08")
derivedkey = binascii.unhexlify(b"443024c3dae66b95e6f5670601558f71")
xkdf = X963KDF(hashes.SHA256(), 16, None, backend)
assert xkdf.derive(key) == derivedkey
def test_invalid_backend():
pretend_backend = object()
with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
X963KDF(
hashes.SHA256(),
16,
None,
pretend_backend, # type: ignore[arg-type]
)
def test_verify(self, backend):
key = binascii.unhexlify(
b"22518b10e70f2a3f243810ae3254139efbee04aa57c7af7d")
sharedinfo = binascii.unhexlify(b"75eef81aa3041e33b80971203d2c0c52")
derivedkey = binascii.unhexlify(
b"c498af77161cc59f2962b9a713e2b215152d139766ce34a776df11866a69bf2e"
b"52a13d9c7c6fc878c50c5ea0bc7b00e0da2447cfd874f6cf92f30d0097111485"
b"500c90c3af8b487872d04685d14c8d1dc8d7fa08beb0ce0ababc11f0bd496269"
b"142d43525a78e5bc79a17f59676a5706dc54d54d4d1f0bd7e386128ec26afc21"
)
xkdf = X963KDF(hashes.SHA256(), 128, sharedinfo, backend)
xkdf.verify(key, derivedkey)
def test_x963(self, backend, vector):
hashfn = self._algorithms_dict[vector["hash"]]
_skip_hashfn_unsupported(backend, hashfn())
key = binascii.unhexlify(vector["Z"])
sharedinfo = None
if vector["sharedinfo_length"] != 0:
sharedinfo = binascii.unhexlify(vector["sharedinfo"])
key_data_len = vector["key_data_length"] // 8
key_data = binascii.unhexlify(vector["key_data"])
xkdf = X963KDF(algorithm=hashfn(),
length=key_data_len,
sharedinfo=sharedinfo,
backend=default_backend())
xkdf.verify(key, key_data)
def KDF(sharedinfo, sharedkey):
"""
Create object of X963KDF
Args:
sharedinfo: sharedinfo
sharedkey: sharedkey
Returns:
Object of X963KDF
"""
return X963KDF(
algorithm=hashes.SHA256(), # noqa: E126
length=
64, # 16 bytes AES key, 16 bytes AES CTR IV, 32 bytes HMAC-SHA-256 key
sharedinfo=sharedinfo,
backend=_backend,
).derive(sharedkey)
def test_x963(self, backend, subtests):
vectors = load_vectors_from_file(
os.path.join("KDF", "ansx963_2001.txt"), load_x963_vectors)
for vector in vectors:
with subtests.test():
hashfn = self._algorithms_dict[vector["hash"]]
_skip_hashfn_unsupported(backend, hashfn())
key = binascii.unhexlify(vector["Z"])
sharedinfo = None
if vector["sharedinfo_length"] != 0:
sharedinfo = binascii.unhexlify(vector["sharedinfo"])
key_data_len = vector["key_data_length"] // 8
key_data = binascii.unhexlify(vector["key_data"])
xkdf = X963KDF(
algorithm=hashfn(),
length=key_data_len,
sharedinfo=sharedinfo,
backend=backend,
)
xkdf.verify(key, key_data)
def test_length_limit(self, backend):
big_length = hashes.SHA256().digest_size * (2 ** 32 - 1) + 1
with pytest.raises(ValueError):
X963KDF(hashes.SHA256(), big_length, None, backend)
#!/usr/bin/python
# https://cryptography.io/en/latest/hazmat/primitives/key-derivation-functions/
import os
import hexdump
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.x963kdf import X963KDF
sharedinfo = b"ANSI X9.63 Example"
xkdf = X963KDF(
algorithm=hashes.SHA256(),
length=99,
sharedinfo=sharedinfo,
)
key = xkdf.derive(b"input key")
hexdump.hexdump(key)
#xkdf = X963KDF(
#algorithm=hashes.SHA256(),
#length=99,
#sharedinfo=sharedinfo,
#)
#xkdf.verify(b"input key", key)
shared_key = alice_priv.exchange(ec.ECDH(), bob_public)
print "ECDH Shared Key: %s\n" % binascii.b2a_hex(shared_key)
#
# Use the ANSI x9.63 Key Derivation Function to derive the final
# encryption key from the ECDH-built key.
#
# * Use the SHA-256 hash when deriving the key,
# * Use Alice's (ephemeral) public key data as Shared Info, and
# * Extract 16 bytes (enough for a 128-bit key
# <SEB> Modified to use latest
# kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM format
xkdf = X963KDF(algorithm=hashes.SHA256(),
length=32,
sharedinfo=alice_pub_bytes,
backend=backend)
kdf_out = xkdf.derive(shared_key)
key_enc = kdf_out[0:16]
iv = kdf_out[16:]
print 'Final AES Encryption Key: %s\n' % binascii.b2a_hex(key_enc)
print 'Initialization Vector: %s\n' % binascii.b2a_hex(iv)
#
# ENCRYPT THE MESSAGE!
#
C = AESGCM(key_enc)
ct = C.encrypt(iv, message, "")
print('hkdf: {}' .format(ba.hexlify(derived_key)))
return derived_key
def aes_decrypt(encd, derived_key, iv):
#cipher = Cipher(algorithms.AES(derived_key), modes.CBC(iv), backend=default_backend())
decryption = AES.new(derived_key, AES.MODE_CBC, iv)
plain_text = decryption.decrypt(encd)
#decryptor = cipher.decryptor()
#decryption1 = decryptor.update(encd)
return plain_text
pass_key = ba.unhexlify("12334343")
derived_key=hkdf_func(pass_key)
data = "c425be88f15f4d14c92303e504380aa9"
iv = X963KDF(algorithm=hashes.SHA256(), length=16, sharedinfo=b"mb_security", backend=default_backend()).derive(pass_key)
data2="016f75b94ccd687d96ec93ba190de4ea"
datahex=bytes.fromhex(data)
datahex2=bytes.fromhex(data2)
text=aes_decrypt(datahex,derived_key,iv)
text2=aes_decrypt(datahex2,derived_key,iv)
print("text-->",text)
print("\ntext2-->", text2)
print("\ntext-->", ba.b2a_hex(text))
print("\ntext2-->", ba.b2a_hex(text2))
shared_key=ba.unhexlify("12334343")
def KDF(sharedinfo, sharedkey):
return X963KDF(
algorithm=hashes.SHA256(),
length=64, # 16 bytes AES key, 16 bytes AES CTR IV, 32 bytes HMAC-SHA-256 key
sharedinfo=sharedinfo,
backend=_backend).derive(sharedkey)