def test_crypto_pwhash_scryptsalsa208sha256(self):
passwd = b'Correct Horse Battery Staple'
other_passwd = b'correct horse battery staple'
salt = binascii.unhexlify(
b'4206baae5578933d7cfb315b1c257cc7af162965a91a74ccbb1cfa1d747eb691'
)
other_salt = binascii.unhexlify(
b'4206baae5578933d7cfb315b1c257cc7af162965a91a74ccbb1cfa1d747eb692'
)
# Use very small limits to avoid burning resources in CI
mem_limit = 16777216
ops_limit = 32768
key16 = pysodium.crypto_pwhash_scryptsalsa208sha256(
16, passwd, salt, ops_limit, mem_limit)
self.assertEqual(len(key16), 16)
self.assertEqual(key16, b'U\x18aL\xcf\xc9\xa3\xf6(\x8f\xed)\xeej8\xdf')
key = pysodium.crypto_pwhash_scryptsalsa208sha256(
32, passwd, salt, ops_limit, mem_limit)
self.assertEqual(len(key), 32)
self.assertEqual(
key,
b'U\x18aL\xcf\xc9\xa3\xf6(\x8f\xed)\xeej8\xdfG\x82hf+vu\xcd\x9c\xdb\xbcmt\xf7\xf1\x10'
)
self.assertNotEqual(
key,
pysodium.crypto_pwhash_scryptsalsa208sha256(
32, passwd, other_salt, ops_limit, mem_limit))
self.assertNotEqual(
key,
pysodium.crypto_pwhash_scryptsalsa208sha256(
32, other_passwd, salt, ops_limit, mem_limit))
def test_crypto_pwhash_scryptsalsa208sha256(self):
passwd = "howdy"
outlen = 128
salt = pysodium.randombytes(
pysodium.crypto_pwhash_scryptsalsa208sha256_SALTBYTES)
output = pysodium.crypto_pwhash_scryptsalsa208sha256(
outlen, passwd, salt)
self.assertEqual(128, len(output))
salt = b'12345678901234567890123456789012'
output = pysodium.crypto_pwhash_scryptsalsa208sha256(
outlen, passwd, salt)
self.assertEqual(
binascii.unhexlify(
b'6c3c08743a1389029ed68744f24dfd4cd550ad4a78af60e450f310f084bf0fc6fed23c22c71a427308cb4b98e8bbefc2be3c385c585f65b8a23682b44d8b45605f1fec2b1650c7cdedc2a73dcbed13d9cfb630cb207b3a8773b1ae0ff880c2cb5a855b49ab79f85dfd257f6f25e2da17248d81f4b8035220b467d9ca078be5f6'
), output)
def test_crypto_pwhash_salsa208sha256(self):
password = b'howdy'
salt = b'salt'
self.assertEqual(
pysodium.crypto_pwhash_scryptsalsa208sha256(password, salt),
binascii.unhexlify(
b'e120dbbf3a5865f1bb0584e7cf307abcd9a3c7491871928fd7ca02577eb2b6b6'
))
def scrypt_decrypt(data, password):
buf = io.BytesIO(data)
memlimit = int.from_bytes(buf.read(4), "little")
opslimit = int.from_bytes(buf.read(4), "little")
salt = buf.read(pysodium.crypto_pwhash_scryptsalsa208sha256_SALTBYTES)
if isinstance(password, str): password = password.encode("utf-8")
key = pysodium.crypto_pwhash_scryptsalsa208sha256(pysodium.crypto_secretbox_KEYBYTES, password, salt, memlimit, opslimit)
nonce = buf.read(pysodium.crypto_secretbox_NONCEBYTES)
cyphertext = buf.read()
return pysodium.crypto_secretbox_open(cyphertext, nonce, key)
def test_crypto_pwhash_scryptsalsa208sha256(self):
passwd = b'Correct Horse Battery Staple'
other_passwd = b'correct horse battery staple'
salt = binascii.unhexlify(b'4206baae5578933d7cfb315b1c257cc7af162965a91a74ccbb1cfa1d747eb691')
other_salt = binascii.unhexlify(b'4206baae5578933d7cfb315b1c257cc7af162965a91a74ccbb1cfa1d747eb692')
# Use very small limits to avoid burning resources in CI
mem_limit = 32 * 1024
ops_limit = 1024
key16 = pysodium.crypto_pwhash_scryptsalsa208sha256(16, passwd, salt, ops_limit, mem_limit)
self.assertEqual(len(key16), 16)
self.assertEqual(key16, binascii.unhexlify(b'34f05e9bef8beccd658acf5f123680b7'))
key = pysodium.crypto_pwhash_scryptsalsa208sha256(32, passwd, salt, ops_limit, mem_limit)
self.assertEqual(len(key), 32)
self.assertEqual(key, binascii.unhexlify(b'34f05e9bef8beccd658acf5f123680b7d30c88d7e9328f9e47ab90185b6ee9ff'))
self.assertNotEqual(key, pysodium.crypto_pwhash_scryptsalsa208sha256(32, passwd, other_salt, ops_limit, mem_limit))
self.assertNotEqual(key, pysodium.crypto_pwhash_scryptsalsa208sha256(32, other_passwd, salt, ops_limit, mem_limit))
def derive_keypair(salt, flag):
flag = flag.encode('utf-8')
assert isinstance(salt, bytes)
assert isinstance(flag, bytes)
assert len(salt) == pysodium.crypto_pwhash_scryptsalsa208sha256_SALTBYTES
chall_seed = pysodium.crypto_pwhash_scryptsalsa208sha256(
pysodium.crypto_sign_SEEDBYTES, flag, salt, Settings.scrypt_ops_limit,
Settings.scrypt_mem_limit)
return pysodium.crypto_sign_seed_keypair(chall_seed)
def test_crypto_pwhash_scryptsalsa208sha256(self):
passwd = b'Correct Horse Battery Staple'
other_passwd = b'correct horse battery staple'
salt = binascii.unhexlify(b'4206baae5578933d7cfb315b1c257cc7af162965a91a74ccbb1cfa1d747eb691')
other_salt = binascii.unhexlify(b'4206baae5578933d7cfb315b1c257cc7af162965a91a74ccbb1cfa1d747eb692')
# Use very small limits to avoid burning resources in CI
mem_limit = 16777216
ops_limit = 32768
key16 = pysodium.crypto_pwhash_scryptsalsa208sha256(16, passwd, salt, ops_limit, mem_limit)
self.assertEqual(len(key16), 16)
self.assertEqual(key16, b'U\x18aL\xcf\xc9\xa3\xf6(\x8f\xed)\xeej8\xdf')
key = pysodium.crypto_pwhash_scryptsalsa208sha256(32, passwd, salt, ops_limit, mem_limit)
self.assertEqual(len(key), 32)
self.assertEqual(key, b'U\x18aL\xcf\xc9\xa3\xf6(\x8f\xed)\xeej8\xdfG\x82hf+vu\xcd\x9c\xdb\xbcmt\xf7\xf1\x10')
self.assertNotEqual(key, pysodium.crypto_pwhash_scryptsalsa208sha256(32, passwd, other_salt, ops_limit, mem_limit))
self.assertNotEqual(key, pysodium.crypto_pwhash_scryptsalsa208sha256(32, other_passwd, salt, ops_limit, mem_limit))
def test_crypto_pwhash_scryptsalsa208sha256(self):
passwd = b'Correct Horse Battery Staple'
other_passwd = b'correct horse battery staple'
salt = binascii.unhexlify(b'4206baae5578933d7cfb315b1c257cc7af162965a91a74ccbb1cfa1d747eb691')
other_salt = binascii.unhexlify(b'4206baae5578933d7cfb315b1c257cc7af162965a91a74ccbb1cfa1d747eb692')
# Use very small limits to avoid burning resources in CI
mem_limit = 32 * 1024
ops_limit = 1024
key16 = pysodium.crypto_pwhash_scryptsalsa208sha256(16, passwd, salt, ops_limit, mem_limit)
self.assertEqual(len(key16), 16)
self.assertEqual(key16, binascii.unhexlify(b'34f05e9bef8beccd658acf5f123680b7'))
key = pysodium.crypto_pwhash_scryptsalsa208sha256(32, passwd, salt, ops_limit, mem_limit)
self.assertEqual(len(key), 32)
self.assertEqual(key, binascii.unhexlify(b'34f05e9bef8beccd658acf5f123680b7d30c88d7e9328f9e47ab90185b6ee9ff'))
self.assertNotEqual(key, pysodium.crypto_pwhash_scryptsalsa208sha256(32, passwd, other_salt, ops_limit, mem_limit))
self.assertNotEqual(key, pysodium.crypto_pwhash_scryptsalsa208sha256(32, other_passwd, salt, ops_limit, mem_limit))
def __init__(self, password):
if (isinstance(password,(str,))):
password = password.encode('utf-8')
self._salt = pysodium.crypto_hash_sha256(b'Root of Trust' + password)[0:pysodium.crypto_pwhash_scryptsalsa208sha256_SALTBYTES]
print("")
print("Deriving root key with:")
print(" opsl = ", self._ops)
print(" meml = ", self._mem)
print(" salt = ", hexlify(self._salt))
self._seed = pysodium.crypto_pwhash_scryptsalsa208sha256(pysodium.crypto_sign_SEEDBYTES, password, self._salt, opslimit=self._ops, memlimit=self._mem)
self._pk, self._sk = pysodium.crypto_sign_seed_keypair(self._seed)
print(" Root Public Key: ", hexlify(self._pk))
print("")
def encrypt(plaintext, password):
"""Encrypts the given plaintext using libsodium secretbox, key is generated using scryptsalsa208sha256 with a random salt and nonce (we can not guarantee the incrementing anyway). Note that any str objects are assumed to be in utf-8."""
salt = pysodium.randombytes(pysodium.crypto_pwhash_scryptsalsa208sha256_SALTBYTES)
memlimit = pysodium.crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE
opslimit = pysodium.crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE
if isinstance(password, str): password = password.encode("utf-8")
key = pysodium.crypto_pwhash_scryptsalsa208sha256(pysodium.crypto_secretbox_KEYBYTES, password, salt, memlimit, opslimit)
nonce = pysodium.randombytes(pysodium.crypto_secretbox_NONCEBYTES)
if isinstance(plaintext, str): plaintext = plaintext.encode("utf-8")
cyphertext = pysodium.crypto_secretbox(plaintext, nonce, key)
data = (1).to_bytes(1, "little")
data += memlimit.to_bytes(4, "little")
data += opslimit.to_bytes(4, "little")
data += salt
data += nonce
data += cyphertext
return base64.b64encode(data)
def pass2key(passphrase):
"""Generate key from passphrase using libsodium
crypto_pwhash_scryptsalsa208sha256 func
salt: buffer of zeros
opslimit: crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE
memlimit: crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE
"""
buf = passphrase.encode('utf-8')
KEY_BYTES = pysodium.crypto_pwhash_scryptsalsa208sha256_SALTBYTES #32
# this should be:
# salt = bytes(KEY_BYTES)
# but due to bytes() stupid stuff in py2 we need this awfull stuff
salt = ('\00' * KEY_BYTES).encode('utf-8')
opslimit = pysodium.crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE
memlimit = pysodium.crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE
key = pysodium.crypto_pwhash_scryptsalsa208sha256(KEY_BYTES, buf, salt,
opslimit, memlimit)
return key
def __init__(self, password, rot):
if (isinstance(password,(str,))):
password = password.encode('utf-8')
try:
rot = unhexlify(rot)
except:
pass
self._salt = {}
self._salt['producer'] = pysodium.crypto_hash_sha256(b'producer' + rot)[0:pysodium.crypto_pwhash_scryptsalsa208sha256_SALTBYTES]
self._salt['consumer'] = pysodium.crypto_hash_sha256(b'consumer' + rot)[0:pysodium.crypto_pwhash_scryptsalsa208sha256_SALTBYTES]
self._salt['prodcon'] = pysodium.crypto_hash_sha256(b'prodcon' + rot)[0:pysodium.crypto_pwhash_scryptsalsa208sha256_SALTBYTES]
self._seed = {}
self._pk = {}
self._sk = {}
print("")
print("Deriving provisioning keys with:")
print(" opsl = ", self._ops)
print(" meml = ", self._mem)
for key in self._salt.keys():
print(" salt (", key, ") = ", hexlify(self._salt[key]))
self._seed[key] = pysodium.crypto_pwhash_scryptsalsa208sha256(pysodium.crypto_sign_SEEDBYTES, password, self._salt[key], opslimit=self._ops, memlimit=self._mem)
self._pk[key], self._sk[key] = pysodium.crypto_sign_seed_keypair(self._seed[key])
print(" Signing Public Key (", key, "): ", hexlify(self._pk[key]))
print("")
def test_crypto_pwhash_salsa208sha256(self):
password = b'howdy'
salt = b'salt'
self.assertEqual(pysodium.crypto_pwhash_scryptsalsa208sha256(password, salt), binascii.unhexlify(b'e120dbbf3a5865f1bb0584e7cf307abcd9a3c7491871928fd7ca02577eb2b6b6'))
