Пример #1
0
 def test_5(self):
     self.assertEqual(
         hexenc(
             pbkdf2(
                 b"passwordPASSWORDpassword",
                 b"saltSALTsaltSALTsaltSALTsaltSALTsalt",
                 4096,
                 100,
             )),
         "b2d8f1245fc4d29274802057e4b54e0a0753aa22fc53760b301cf008679e58fe4bee9addcae99ba2b0b20f431a9c5e50f395c89387d0945aedeca6eb4015dfc2bd2421ee9bb71183ba882ceebfef259f33f9e27dc6178cb89dc37428cf9cc52a2baa2d3a",
     )
Пример #2
0
4       0.198s
8       0.399s
16      0.767s
32      1.530s
64      3.065s
128     6.117s
256     12.255s
512     24.900s
1024    48.612s
'''

iterations = 32
keysize = 32
salt = urandom(32)
password = "******"
key = pbkdf2(password.encode(), salt, iterations, keysize)
ciph = GOST3412Kuznechik(key)

# An initialization vector has different security requirements than a key,
# so the IV usually does not need to be secret. However, in most cases,
# it is important that an initialization vector is never reused
# under the same key.
# For CBC and CFB, reusing an IV leaks some information about
# the first block of plaintext, and about any common prefix shared by
# the two messages.
# For OFB and CTR, reusing an IV completely destroys security.

# iv: blocksize-sized initialization vector
IV_SIZE = 32
iv = urandom(IV_SIZE)
Пример #3
0
    def init_cryptors(self, password):
        """
        Initialize the cryptors according to the given sec_mode

        This function must be called before
        trying to encrypt/decrypt anything.

        Parameters
        ----------
        password : string or bytes
        """
        password = self.to_bytes(password)

        kdfs = [None for i in range(self.CRYPTOR_NUM)]
        KEYS_SIZE = self.KEY_SIZE * self.CRYPTOR_NUM

        if self.SEC_MODE == '0':
            nacl_ops = pwhash.argon2i.OPSLIMIT_INTERACTIVE
            nacl_mem = pwhash.argon2i.MEMLIMIT_INTERACTIVE
            gost_iters = 4
            crypt_iters = 60000
        elif self.SEC_MODE == '1':
            nacl_ops = pwhash.argon2i.OPSLIMIT_MODERATE
            nacl_mem = pwhash.argon2i.MEMLIMIT_MODERATE
            gost_iters = 24
            crypt_iters = 500000
        elif self.SEC_MODE == '2':
            nacl_ops = pwhash.argon2i.OPSLIMIT_SENSITIVE
            nacl_mem = pwhash.argon2i.MEMLIMIT_SENSITIVE
            gost_iters = 111
            crypt_iters = 2500000
        else:
            raise TypeError("Wrong SEC_MODE!")

        kdfs[0] = lambda pw: pwhash.argon2i.kdf(KEYS_SIZE,
                                                pw,
                                                self.salts[0][:pwhash.argon2i.
                                                              SALTBYTES],
                                                opslimit=nacl_ops,
                                                memlimit=nacl_mem)

        kdfs[1] = lambda pw: pbkdf2(pw, self.salts[1], gost_iters, KEYS_SIZE)

        kdfs[2] = lambda pw: PBKDF2HMAC(algorithm=hashes.SHA256(),
                                        length=KEYS_SIZE,
                                        salt=self.salts[2],
                                        iterations=crypt_iters,
                                        backend=default_backend()).derive(pw)

        long_key = password
        for i in range(self.CRYPTOR_NUM):
            long_key = kdfs[i](long_key)

        keys = [
            long_key[self.KEY_SIZE * i:self.KEY_SIZE * (i + 1)]
            for i in range(self.CRYPTOR_NUM)
        ]

        self.cryptors[0] = Fernet(base64.urlsafe_b64encode(keys[2]))
        self.cryptors[1] = GOST_Cryptor(keys[1])
        self.cryptors[2] = secret.SecretBox(keys[0])
Пример #4
0
 def test_6(self):
     self.assertEqual(
         hexenc(pbkdf2(b"pass\x00word", b"sa\x00lt", 4096, 64)),
         "50df062885b69801a3c10248eb0a27ab6e522ffeb20c991c660f001475d73a4e167f782c18e97e92976d9c1d970831ea78ccb879f67068cdac1910740844e830",
     )
Пример #5
0
 def test_4(self):
     self.assertEqual(
         hexenc(pbkdf2(b"password", b"salt", 1677216, 64)),
         "49e4843bba76e300afe24c4d23dc7392def12f2c0e244172367cd70a8982ac361adb601c7e2a314e8cb7b1e9df840e36ab5615be5d742b6cf203fb55fdc48071",
     )
Пример #6
0
 def test_3(self):
     self.assertEqual(
         hexenc(pbkdf2(b"password", b"salt", 4096, 64)),
         "e52deb9a2d2aaff4e2ac9d47a41f34c20376591c67807f0477e32549dc341bc7867c09841b6d58e29d0347c996301d55df0d34e47cf68f4e3c2cdaf1d9ab86c3",
     )
Пример #7
0
 def test_2(self):
     self.assertEqual(
         hexenc(pbkdf2(b"password", b"salt", 2, 64)),
         "5a585bafdfbb6e8830d6d68aa3b43ac00d2e4aebce01c9b31c2caed56f0236d4d34b2b8fbd2c4e89d54d46f50e47d45bbac301571743119e8d3c42ba66d348de",
     )
Пример #8
0
 def test_1(self):
     self.assertEqual(
         hexenc(pbkdf2(b"password", b"salt", 1, 64)),
         "64770af7f748c3b1c9ac831dbcfd85c26111b30a8a657ddc3056b80ca73e040d2854fd36811f6d825cc4ab66ec0a68a490a9e5cf5156b3a2b7eecddbf9a16b47",
     )