def test_invalid_key(self): kdf = KBKDFHMAC(hashes.SHA256(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, b'label', b'context', None, backend=default_backend()) key = kdf.derive(b"material") kdf = KBKDFHMAC(hashes.SHA256(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, b'label', b'context', None, backend=default_backend()) with pytest.raises(InvalidKey): kdf.verify(b"material2", key)
def test_invalid_key(self, backend): kdf = KBKDFHMAC( hashes.SHA256(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, b"label", b"context", None, backend=backend, ) key = kdf.derive(b"material") kdf = KBKDFHMAC( hashes.SHA256(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, b"label", b"context", None, backend=backend, ) with pytest.raises(InvalidKey): kdf.verify(b"material2", key)
def test_already_finalized(self, backend): kdf = KBKDFHMAC( hashes.SHA256(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, b"label", b"context", None, backend=backend, ) kdf.derive(b"material") with pytest.raises(AlreadyFinalized): kdf.derive(b"material2") kdf = KBKDFHMAC( hashes.SHA256(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, b"label", b"context", None, backend=backend, ) key = kdf.derive(b"material") with pytest.raises(AlreadyFinalized): kdf.verify(b"material", key) kdf = KBKDFHMAC( hashes.SHA256(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, b"label", b"context", None, backend=backend, ) kdf.verify(b"material", key) with pytest.raises(AlreadyFinalized): kdf.verify(b"material", key)
def _kbkdf_hmac_counter_mode_test(backend, prf, ctr_loc, params): supported_hash_algorithms: typing.Dict[ str, typing.Type[hashes.HashAlgorithm]] = { "hmac_sha1": hashes.SHA1, "hmac_sha224": hashes.SHA224, "hmac_sha256": hashes.SHA256, "hmac_sha384": hashes.SHA384, "hmac_sha512": hashes.SHA512, } algorithm = supported_hash_algorithms.get(prf) assert algorithm is not None assert backend.hmac_supported(algorithm()) ctrkdf = KBKDFHMAC( algorithm(), Mode.CounterMode, params["l"] // 8, params["rlen"] // 8, None, ctr_loc, None, None, binascii.unhexlify(params["fixedinputdata"]), backend=backend, ) ko = ctrkdf.derive(binascii.unhexlify(params["ki"])) assert binascii.hexlify(ko) == params["ko"]
def calculate_derived_key(self, sessionkey, context=None): """ Calculate the derived key given a session key and optional context using KBKDFHMAC """ label = b"AzureAD-SecureConversation" if not context: context = os.urandom(32) else: context = binascii.unhexlify(context) backend = default_backend() kdf = KBKDFHMAC(algorithm=hashes.SHA256(), mode=Mode.CounterMode, length=32, rlen=4, llen=4, location=CounterLocation.BeforeFixed, label=label, context=context, fixed=None, backend=backend) if len(sessionkey) == 44: keybytes = base64.b64decode(sessionkey) else: keybytes = binascii.unhexlify(sessionkey) derived_key = kdf.derive(keybytes) # This is not ideal but further code expects it as hex string return binascii.hexlify(context).decode('utf-8'), binascii.hexlify( derived_key).decode('utf-8')
def test_already_finalized(self): kdf = KBKDFHMAC(hashes.SHA256(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, b'label', b'context', None, backend=default_backend()) kdf.derive(b'material') with pytest.raises(AlreadyFinalized): kdf.derive(b'material2') kdf = KBKDFHMAC(hashes.SHA256(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, b'label', b'context', None, backend=default_backend()) key = kdf.derive(b'material') with pytest.raises(AlreadyFinalized): kdf.verify(b'material', key) kdf = KBKDFHMAC(hashes.SHA256(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, b'label', b'context', None, backend=default_backend()) kdf.verify(b'material', key) with pytest.raises(AlreadyFinalized): kdf.verify(b"material", key)
def test_unicode_error_label(self): with pytest.raises(TypeError): KBKDFHMAC(hashes.SHA256(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, u'label', b'context', backend=default_backend())
def test_l_type(self, backend): with pytest.raises(TypeError): KBKDFHMAC(hashes.SHA1(), Mode.CounterMode, 32, 4, b'l', CounterLocation.BeforeFixed, b'label', b'context', None, backend=backend)
def test_unsupported_algorithm(self): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): KBKDFHMAC(DummyHashAlgorithm(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, b'label', b'context', None, backend=default_backend())
def test_unsupported_parameters(self): with pytest.raises(ValueError): KBKDFHMAC(hashes.SHA256(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, b'label', b'context', b'fixed', backend=default_backend())
def test_unsupported_location(self): with pytest.raises(TypeError): KBKDFHMAC(hashes.SHA256(), Mode.CounterMode, 32, 4, 4, None, b'label', b'context', None, backend=default_backend())
def test_unsupported_mode(self): with pytest.raises(TypeError): KBKDFHMAC(hashes.SHA256(), None, 32, 4, 4, CounterLocation.BeforeFixed, b'label', b'context', None, backend=default_backend())
def test_l(self): with pytest.raises(ValueError): KBKDFHMAC(hashes.SHA1(), Mode.CounterMode, 32, 4, None, CounterLocation.BeforeFixed, b'label', b'context', None, backend=default_backend())
def test_unicode_error_context(self, backend): with pytest.raises(TypeError): KBKDFHMAC(hashes.SHA256(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, b'label', u'context', None, backend=backend)
def test_invalid_backend(self, backend): with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): KBKDFHMAC(hashes.SHA256(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, b'label', b'context', None, backend=object())
def test_unsupported_hash(self, backend): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): KBKDFHMAC(object(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, b'label', b'context', None, backend=backend)
def test_rlen(self, backend): with pytest.raises(ValueError): KBKDFHMAC(hashes.SHA256(), Mode.CounterMode, 32, 5, 4, CounterLocation.BeforeFixed, b'label', b'context', None, backend=backend)
def test_unicode_error_label(self, backend): with pytest.raises(TypeError): KBKDFHMAC( hashes.SHA256(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, "label", b"context", backend=backend, )
def test_unicode_error_key_material(self): with pytest.raises(TypeError): kdf = KBKDFHMAC(hashes.SHA256(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, b'label', b'context', None, backend=default_backend()) kdf.derive(u'material')
def __genKey(self): label = "!There is the sun label" context = "!There is the sun context" kdf = KBKDFHMAC(algorithm=hashes.SHA256(),\ mode=Mode.CounterMode,length=32,\ rlen=4,\ llen=4,\ location=CounterLocation.BeforeFixed,\ label=label,\ context=context,\ fixed=None,\ backend=default_backend()) return base64.urlsafe_b64encode( kdf.derive(self.__getSerialNum(config.SER_N_FILE_LOC)))
def _derive_urlsafe_key(*, label, context): backend = default_backend() kdf = KBKDFHMAC(algorithm=hashes.SHA256(), mode=Mode.CounterMode, length=32, rlen=4, llen=4, location=CounterLocation.BeforeFixed, label=label, context=context, fixed=None, backend=backend) key = kdf.derive(settings.SECRET_KEY.encode()) return urlsafe_b64encode(key)
def test_unicode_error_context(self, backend): with pytest.raises(TypeError): KBKDFHMAC( hashes.SHA256(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, b"label", "context", # type: ignore[arg-type] None, backend=backend, )
def test_unsupported_algorithm(self, backend): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): KBKDFHMAC( DummyHashAlgorithm(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, b"label", b"context", None, backend=backend, )
def test_unsupported_hash(self, backend): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): KBKDFHMAC( object(), # type: ignore[arg-type] Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, b"label", b"context", None, backend=backend, )
def test_unsupported_parameters(self, backend): with pytest.raises(ValueError): KBKDFHMAC( hashes.SHA256(), Mode.CounterMode, 32, 4, 4, CounterLocation.BeforeFixed, b"label", b"context", b"fixed", backend=backend, )
def test_key_length(self): kdf = KBKDFHMAC(hashes.SHA1(), Mode.CounterMode, 85899345920, 4, 4, CounterLocation.BeforeFixed, b'label', b'context', None, backend=default_backend()) with pytest.raises(ValueError): kdf.derive(b'material')
def test_unsupported_location(self, backend): with pytest.raises(TypeError): KBKDFHMAC( hashes.SHA256(), Mode.CounterMode, 32, 4, 4, None, # type: ignore[arg-type] b"label", b"context", None, backend=backend, )
def test_unsupported_mode(self, backend): with pytest.raises(TypeError): KBKDFHMAC( hashes.SHA256(), None, # type: ignore[arg-type] 32, 4, 4, CounterLocation.BeforeFixed, b"label", b"context", None, backend=backend, )
def test_l(self, backend): with pytest.raises(ValueError): KBKDFHMAC( hashes.SHA1(), Mode.CounterMode, 32, 4, None, CounterLocation.BeforeFixed, b"label", b"context", None, backend=backend, )
def test_l_type(self, backend): with pytest.raises(TypeError): KBKDFHMAC( hashes.SHA1(), Mode.CounterMode, 32, 4, b"l", # type: ignore[arg-type] CounterLocation.BeforeFixed, b"label", b"context", None, backend=backend, )