def test_unicode_typeerror(self, backend):
with pytest.raises(TypeError):
ConcatKDFHash(
hashes.SHA256(),
16,
otherinfo="foo", # type: ignore[arg-type]
backend=backend,
)
with pytest.raises(TypeError):
ckdf = ConcatKDFHash(hashes.SHA256(),
16,
otherinfo=None,
backend=backend)
ckdf.derive("foo") # type: ignore[arg-type]
with pytest.raises(TypeError):
ckdf = ConcatKDFHash(hashes.SHA256(),
16,
otherinfo=None,
backend=backend)
ckdf.verify("foo", b"bar") # type: ignore[arg-type]
with pytest.raises(TypeError):
ckdf = ConcatKDFHash(hashes.SHA256(),
16,
otherinfo=None,
backend=backend)
ckdf.verify(b"foo", "bar") # type: ignore[arg-type]
def test_unicode_typeerror(self, backend):
with pytest.raises(TypeError):
ConcatKDFHash(
hashes.SHA256(), 16, otherinfo=u"foo", backend=backend
)
with pytest.raises(TypeError):
ckdf = ConcatKDFHash(
hashes.SHA256(), 16, otherinfo=None, backend=backend
)
ckdf.derive(u"foo")
with pytest.raises(TypeError):
ckdf = ConcatKDFHash(
hashes.SHA256(), 16, otherinfo=None, backend=backend
)
ckdf.verify(u"foo", b"bar")
with pytest.raises(TypeError):
ckdf = ConcatKDFHash(
hashes.SHA256(), 16, otherinfo=None, backend=backend
)
ckdf.verify(b"foo", u"bar")
def test_invalid_verify(self, backend):
prk = binascii.unhexlify(
b"52169af5c485dcc2321eb8d26d5efa21fb9b93c98e38412ee2484cf14f0d0d23"
)
oinfo = binascii.unhexlify(
b"a1b2c3d4e53728157e634612c12d6d5223e204aeea4341565369647bd184bcd2"
b"46f72971f292badaa2fe4124612cba")
ckdf = ConcatKDFHash(hashes.SHA256(), 16, oinfo, backend)
with pytest.raises(InvalidKey):
ckdf.verify(prk, b"wrong key")
def test_verify(self, backend):
prk = binascii.unhexlify(
b"52169af5c485dcc2321eb8d26d5efa21fb9b93c98e38412ee2484cf14f0d0d23"
)
okm = binascii.unhexlify(b"1c3bc9e7c4547c5191c0d478cccaed55")
oinfo = binascii.unhexlify(
b"a1b2c3d4e53728157e634612c12d6d5223e204aeea4341565369647bd184bcd2"
b"46f72971f292badaa2fe4124612cba")
ckdf = ConcatKDFHash(hashes.SHA256(), 16, oinfo, backend)
ckdf.verify(prk, okm)
def test_invalid_verify(self, backend):
prk = binascii.unhexlify(
b"52169af5c485dcc2321eb8d26d5efa21fb9b93c98e38412ee2484cf14f0d0d23"
)
oinfo = binascii.unhexlify(
b"a1b2c3d4e53728157e634612c12d6d5223e204aeea4341565369647bd184bcd2"
b"46f72971f292badaa2fe4124612cba"
)
ckdf = ConcatKDFHash(hashes.SHA256(), 16, oinfo, backend)
with pytest.raises(InvalidKey):
ckdf.verify(prk, b"wrong key")
def test_unicode_typeerror(self, backend):
with pytest.raises(TypeError):
ConcatKDFHash(
hashes.SHA256(),
16,
otherinfo=u"foo",
backend=backend
)
with pytest.raises(TypeError):
ckdf = ConcatKDFHash(
hashes.SHA256(),
16,
otherinfo=None,
backend=backend
)
ckdf.derive(u"foo")
with pytest.raises(TypeError):
ckdf = ConcatKDFHash(
hashes.SHA256(),
16,
otherinfo=None,
backend=backend
)
ckdf.verify(u"foo", b"bar")
with pytest.raises(TypeError):
ckdf = ConcatKDFHash(
hashes.SHA256(),
16,
otherinfo=None,
backend=backend
)
ckdf.verify(b"foo", u"bar")
def test_verify(self, backend):
prk = binascii.unhexlify(
b"52169af5c485dcc2321eb8d26d5efa21fb9b93c98e38412ee2484cf14f0d0d23"
)
okm = binascii.unhexlify(b"1c3bc9e7c4547c5191c0d478cccaed55")
oinfo = binascii.unhexlify(
b"a1b2c3d4e53728157e634612c12d6d5223e204aeea4341565369647bd184bcd2"
b"46f72971f292badaa2fe4124612cba"
)
ckdf = ConcatKDFHash(hashes.SHA256(), 16, oinfo, backend)
assert ckdf.verify(prk, okm) is None
import base64
import os
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.concatkdf import ConcatKDFHash
from cryptography.hazmat.backends import default_backend
# The sample code is extracted from the book Python Cryptography
# The book can be downloaded from https://leanpub.com/cryptop
# Online Crypto Playgroud https://8gwifi.org
# Author Anish Nath
backend = default_backend()
otherinfo = b"concatkdf-example"
ckdf = ConcatKDFHash(algorithm=hashes.SHA256(),
length=32,
otherinfo=otherinfo,
backend=backend)
# CKDF Derive key
key = ckdf.derive(b"input key")
base64.b64encode(key)
# CKDF Verify Key
ckdf = ConcatKDFHash(algorithm=hashes.SHA256(),
length=32,
otherinfo=otherinfo,
backend=backend)
ckdf.verify(b"input key", key)
