class TestSHA3384(object): test_sha3_384 = generate_hash_test( load_hash_vectors, os.path.join("hashes", "SHA3"), ["SHA3_384LongMsg.rsp", "SHA3_384ShortMsg.rsp"], hashes.SHA3_384(), )
def deriveKey(shared_secret, hashAlg, BlukEnc): if hashAlg == "sha256": hashAlg = hashes.SHA256() else: hashAlg = hashes.SHA3_384() salt = bytes(bytearray(shared_secret)[0:16]) key = HKDF(algorithm=hashAlg, length=24, salt=salt, info=b'handshake data', backend=default_backend()).derive(shared_secret) iv = bytearray(shared_secret)[0:16] if BlukEnc == "AES-256-CBC": BlukEnc = modes.CBC(iv) else: BlukEnc = modes.OFB(iv) cipher = Cipher(algorithms.AES(key), BlukEnc, default_backend()) print("Symmetric key has been generated successfully...") return cipher
def Verification(client_pub_key,signature,message,hashAlg): try: if hashAlg == "sha256": hashAlg = hashes.SHA256() else: hashAlg = hashes.SHA3_384() client_pub_key.verify( signature, message, pad.PSS( mgf=pad.MGF1(hashAlg), salt_length=pad.PSS.MAX_LENGTH ), hashAlg ) print(bcolors.succ + "Signature has been verified successfully" + bcolors.ENDC) return True except InvalidSignature: print(bcolors.FAIL + "invalidSignature" + bcolors.ENDC) return False
def get_algorithm(self): if self.bits == 224: return hashes.SHA3_224() elif self.bits == 256: return hashes.SHA3_256() elif self.bits == 384: return hashes.SHA3_384() elif self.bits == 521: return hashes.SHA3_512()
def Signing_Data(private_key, message, hashAlg): if hashAlg == "sha256": hashAlg = hashes.SHA256() else: hashAlg = hashes.SHA3_384() signature = private_key.sign( message, pad.PSS(mgf=pad.MGF1(hashAlg), salt_length=pad.PSS.MAX_LENGTH), hashAlg) print("Message has been signed successfully....") return signature
async def SHA3_384(message): message = message.encode() kdf = PBKDF2HMAC( algorithm=hashes.SHA3_384(), length=hashLen, salt= b'\xe7\xde\xc1\xf0\x81\x99\xde}\xa4\xb50u;&\x06\xe7\xa4\xbfn\xbc', iterations=hashIter, backend=default_backend()) output = base64.urlsafe_b64encode(kdf.derive(message)) return (output)
import pytest from cryptography.exceptions import InvalidSignature from cryptography.hazmat.primitives import hashes, hmac from .utils import wycheproof_tests _HMAC_ALGORITHMS = { "HMACSHA1": hashes.SHA1(), "HMACSHA224": hashes.SHA224(), "HMACSHA256": hashes.SHA256(), "HMACSHA384": hashes.SHA384(), "HMACSHA512": hashes.SHA512(), "HMACSHA3-224": hashes.SHA3_224(), "HMACSHA3-256": hashes.SHA3_256(), "HMACSHA3-384": hashes.SHA3_384(), "HMACSHA3-512": hashes.SHA3_512(), } @wycheproof_tests( "hmac_sha1_test.json", "hmac_sha224_test.json", "hmac_sha256_test.json", "hmac_sha384_test.json", "hmac_sha3_224_test.json", "hmac_sha3_256_test.json", "hmac_sha3_384_test.json", "hmac_sha3_512_test.json", "hmac_sha512_test.json", )
from .utils import wycheproof_tests _DIGESTS = { "SHA-1": hashes.SHA1(), "SHA-224": hashes.SHA224(), "SHA-256": hashes.SHA256(), "SHA-384": hashes.SHA384(), "SHA-512": hashes.SHA512(), # Not supported by OpenSSL for RSA signing "SHA-512/224": None, "SHA-512/256": None, "SHA3-224": hashes.SHA3_224(), "SHA3-256": hashes.SHA3_256(), "SHA3-384": hashes.SHA3_384(), "SHA3-512": hashes.SHA3_512(), } def should_verify(backend, wycheproof): if wycheproof.valid: return True if wycheproof.acceptable: return not wycheproof.has_flag("MissingNull") return False @wycheproof_tests(
) @pytest.mark.requires_backend_interface(interface=HashBackend) class TestSHA3256(object): test_sha3_256 = generate_hash_test( load_hash_vectors, os.path.join("hashes", "SHA3"), [ "SHA3_256LongMsg.rsp", "SHA3_256ShortMsg.rsp", ], hashes.SHA3_256(), ) @pytest.mark.supported( only_if=lambda backend: backend.hash_supported(hashes.SHA3_384()), skip_message="Does not support SHA3_384", ) @pytest.mark.requires_backend_interface(interface=HashBackend) class TestSHA3384(object): test_sha3_384 = generate_hash_test( load_hash_vectors, os.path.join("hashes", "SHA3"), [ "SHA3_384LongMsg.rsp", "SHA3_384ShortMsg.rsp", ], hashes.SHA3_384(), )
class CryptoUtils: pwd_context = CryptContext(schemes=["pbkdf2_sha256"], default="pbkdf2_sha256", pbkdf2_sha256__default_rounds=30000) algorithms = { "sha256": hashes.SHA256(), "sha224": hashes.SHA224(), "sha384": hashes.SHA256(), "sha512": hashes.SHA256(), "blake2b": hashes.BLAKE2b(64), "blake2s": hashes.BLAKE2s(32), "sha3_256": hashes.SHA3_256(), "sha3_224": hashes.SHA3_224(), "sha3_384": hashes.SHA3_384(), "sha3_512": hashes.SHA3_512() } @staticmethod def hash(password): return CryptoUtils.pwd_context.hash(password) @staticmethod def check_hash(password, hashed): return CryptoUtils.pwd_context.verify(password, hashed) @staticmethod def make_key(password, algorithm, salt): if algorithm not in CryptoUtils.algorithms: raise casket.invalid_algorithm("Algorithm %s is not supported." % (algorithm)) kdf = PBKDF2HMAC(algorithm=CryptoUtils.algorithms[algorithm], length=32, salt=salt, iterations=100000, backend=default_backend()) return base64.urlsafe_b64encode(kdf.derive(password)) @staticmethod def encrypt_password(master_pswd, plain_pswd, salt=os.urandom(16), algorithm="sha256"): key = CryptoUtils.make_key(master_pswd.encode("utf-8"), algorithm, salt) cipher_suite = Fernet(key) cipher_text = cipher_suite.encrypt(plain_pswd.encode("utf-8")) enc_pswd = base64.b64encode(salt).decode('utf-8') + cipher_text.decode( 'utf-8') return enc_pswd @staticmethod def decrypt_password(master_pswd, enc_pswd, algorithm="sha256"): salt = base64.b64decode(enc_pswd[:24].encode("utf-8")) key = CryptoUtils.make_key(master_pswd.encode("utf-8"), algorithm, salt) cipher_suite = Fernet(key) plain_text = cipher_suite.decrypt(enc_pswd[24:].encode("utf-8")) plain_text_utf8 = plain_text.decode("utf-8") return plain_text_utf8 @staticmethod def get_salt(encrypted_string): return base64.b64decode(encrypted_string[:24].encode("utf-8"))
from asn1crypto.algos import SignedDigestAlgorithm from cryptography.hazmat.primitives import hashes _STR_TO_HASH_ALGO = { 'md5' : hashes.MD5(), 'sha1' : hashes.SHA1(), 'sha224' : hashes.SHA224(), 'sha256' : hashes.SHA256(), 'sha384' : hashes.SHA384(), 'sha512' : hashes.SHA512(), 'sha512_224' : hashes.SHA512_224(), 'sha512_256' : hashes.SHA512_256(), 'sha3_224' : hashes.SHA3_224(), 'sha3_256' : hashes.SHA3_256(), 'sha3_384' : hashes.SHA3_384(), 'sha3_512' : hashes.SHA3_512(), } def get_hash_algo_by_name(hash_algo: str): hash_algo = hash_algo.lower() if hash_algo not in _STR_TO_HASH_ALGO: raise ValueError("Invalid hash algorithm '{}'".format(hash_algo)) return _STR_TO_HASH_ALGO[hash_algo] def update_sig_algo_if_no_hash_algo(sig_algo: SignedDigestAlgorithm, hash_algo: str): n_sig_algo = sig_algo['algorithm'].native if n_sig_algo == 'rsassa_pkcs1v15' or n_sig_algo == 'ecdsa' or n_sig_algo == 'dsa': if n_sig_algo == 'rsassa_pkcs1v15': n_sig_algo = 'rsa' if hash_algo == 'md5':
#calculated index for each bloomfilter b1_h4_hval = int(b1_h4_hval) % (len(bit_vect2)) #set corresponding bloom filter index to 1 bit_vect2[b1_h4_hval] = 1 b1_h5 = hashes.Hash(hashes.SHA3_256(), backend=backend) b1_h5.update(TempHash.encode()) b1_h5_hval = b1_h5.finalize() b1_h5_hval = hexlify(b1_h5_hval) b1_h5_hval = int(b1_h5_hval, 16) b1_h5_hval = int(b1_h5_hval) % (len(bit_vect2)) bit_vect2[b1_h5_hval] = 1 b1_h6 = hashes.Hash(hashes.SHA3_384(), backend=backend) b1_h6.update(TempHash.encode()) b1_h6_hval = b1_h6.finalize() b1_h6_hval = hexlify(b1_h6_hval) b1_h6_hval = int(b1_h6_hval, 16) b1_h6_hval = int(b1_h6_hval) % (len(bit_vect2)) bit_vect2[b1_h6_hval] = 1 b1_h7 = hashes.Hash(hashes.SHA3_512(), backend=backend) b1_h7.update(TempHash.encode()) b1_h7_hval = b1_h7.finalize() b1_h7_hval = hexlify(b1_h7_hval) b1_h7_hval = int(b1_h7_hval, 16) b1_h7_hval = int(b1_h7_hval) % (len(bit_vect2))
def _publish_certificate(req: object, issuer: dict): logger.info('Create a certificate builder...') crt_builder = x509.CertificateBuilder() crt_builder = crt_builder.subject_name(name=req._subject()) crt_builder = crt_builder.public_key(key=req._public_key()) for extension in req._extensions(): crt_builder = crt_builder.add_extension(extension=extension.value, critical=extension.critical) logger.info('Ready to sign the certificate request...') if not isinstance(issuer['valid_year'], int): issuer['valid_year'] = int(issuer['valid_year']) if issuer['is_ca'] == 'true': issuer['is_ca'] = True if issuer['is_ca'] == 'false': issuer['is_ca'] = False crt_builder = crt_builder.not_valid_before(time=datetime.datetime.today()) crt_builder = crt_builder.not_valid_after( time=datetime.datetime.today() + datetime.timedelta(days=issuer['valid_year'] * 365)) crt_builder = crt_builder.serial_number(number=x509.random_serial_number()) crt_builder = crt_builder.add_extension(extension=x509.BasicConstraints( ca=issuer['is_ca'], path_length=None), critical=True) logger.info( 'Select CA to sign the certificate signing request and output certificate' ) if issuer['ca'] == 'SelfSign': logger.debug('CA is self-signed') crt_builder = crt_builder.issuer_name(name=req._subject()) ca_key = req.private_key() else: ca_dir = os.path.join( os.path.dirname(os.path.dirname(os.path.abspath(__file__))), 'common_static/ca') ca_file = "{}/{}.pfx".format(ca_dir, issuer['ca']) logger.debug("CA file is located in {}".format(ca_file)) with open(file=ca_file, mode='rb') as f: ca_bytes = f.read() logger.debug('CA file content is \n{}'.format(ca_bytes)) crt_chain = ReadCertificateChain({ 'bytes': ca_bytes, 'password': b'Cisco123!' }) ca_crt = crt_chain.certificate(data_type='object') ca_key = crt_chain.private_key(data_type='object') crt_builder = crt_builder.issuer_name(name=ca_crt.subject) hash_obj_list = { hashes.MD5(), hashes.SHA1(), hashes.SHA224(), hashes.SHA256(), hashes.SHA384(), hashes.SHA512(), hashes.SHA512_224(), hashes.SHA512_256(), hashes.SHA3_224(), hashes.SHA3_256(), hashes.SHA3_384(), hashes.SHA3_512() } for hash_obj in hash_obj_list: if issuer['hash_alg'] == hash_obj.name: hash_algor = hash_obj break else: hash_algor = hashes.MD5() return crt_builder.sign(private_key=ca_key, algorithm=hash_algor, backend=default_backend())