def derive_key(key_material, info, algorithm=None, length=None): if algorithm is None: algorithm = hashes.SHA512() if length is None: length = algorithm.digest_size hkdf = HKDF(algorithm, length, b'h.security', info, backend) return hkdf.derive(key_material)
def deriveKey(salt, key=None, dh=None, keyid=None): if salt is None or len(salt) != 16: raise Exception(u"'salt' must be a 16 octet value") if key is not None: secret = key elif dh is not None: if keyid is None: raise Exception(u"'keyid' is not specified with 'dh'") if keys[keyid] is None: raise Exception(u"'keyid' doesn't identify a key") secret = keys[keyid].get_ecdh_key(dh) elif keyid is not None: secret = keys[keyid] if secret is None: raise Exception(u"unable to determine the secret") hkdf_key = HKDF( algorithm=hashes.SHA256(), length=16, salt=salt, info=b"Content-Encoding: aesgcm128", backend=default_backend() ) hkdf_nonce = HKDF( algorithm=hashes.SHA256(), length=12, salt=salt, info=b"Content-Encoding: nonce", backend=default_backend() ) return (hkdf_key.derive(secret), hkdf_nonce.derive(secret))
def setup_keys(shared_key): output_key = ChaCha20Poly1305( HKDF(hashes.SHA512(), 32, b"MediaRemote-Salt", b"MediaRemote-Write-Encryption-Key", default_backend()).derive(shared_key)) input_key = ChaCha20Poly1305( HKDF(hashes.SHA512(), 32, b"MediaRemote-Salt", b"MediaRemote-Read-Encryption-Key", default_backend()).derive(shared_key)) return output_key, input_key
def KDF_RK(rk, dh_out): kd = HKDF(algorithm=hashes.SHA256(), length=64, salt=rk, info=b'kdf_rk_info', backend=default_backend()) kd_out = kd.derive(dh_out) root_key = kd_out[:32] chain_key = kd_out[32:] return root_key, chain_key
def derive_kek(cls, curve: 'CoseCurve', private_key: 'EC2', public_key: 'EC2', context: 'CoseKDFContext') -> bytes: shared_secret = cls._ecdh(curve, private_key, public_key) kdf = HKDF(algorithm=cls.get_hash_func(), length=context.supp_pub_info.key_data_length, salt=None, info=context.encode(), backend=default_backend()) return kdf.derive(shared_secret)
def test_derive_short_output(self, backend): hkdf = HKDF( hashes.SHA256(), 4, salt=None, info=None, backend=backend ) assert hkdf.derive(b"\x01" * 16) == b"gJ\xfb{"
def hkdf_extract_test(backend, algorithm, params): hkdf = HKDF(algorithm, int(params["l"]), salt=binascii.unhexlify(params["salt"]) or None, info=binascii.unhexlify(params["info"]) or None, backend=backend) prk = hkdf._extract(binascii.unhexlify(params["ikm"])) assert prk == binascii.unhexlify(params["prk"])
def hkdf_derive_test(backend, algorithm, params): hkdf = HKDF(algorithm, int(params["l"]), salt=binascii.unhexlify(params["salt"]) or None, info=binascii.unhexlify(params["info"]) or None, backend=backend) okm = hkdf.derive(binascii.unhexlify(params["ikm"])) assert okm == binascii.unhexlify(params["okm"])
def hkdf(inp: bytes, length: int) -> bytes: # use HKDF on an input to derive a key hkdf = HKDF( algorithm=hashes.SHA256(), length=length, salt=b"", info=b"", backend=default_backend(), ) return hkdf.derive(inp)
def expand(self, prk, info, L, salt=None): """ Expand a pseudorandom key 'prk'' using optional string "info" into "L" bytes of output keying material. """ hkdf = HKDF_hazmat(algorithm=self.Hash(), length=L, salt=salt, info=info, backend=backend) return hkdf.derive(prk)
def derive_fernet_key(key): backend = default_backend() salt = b'fleio-hkdf-salt' # NOTE(tomo): We need a predictable salt, do not change info = b'fleio-fernet-hkdf' hkdf = HKDF(algorithm=hashes.SHA256(), length=32, salt=salt, info=info, backend=backend) return base64.urlsafe_b64encode(hkdf.derive(force_bytes(key)))
def computeAemKey(tek): salt = None info = 'EN-AEMK'.encode('UTF-8') hkdf = HKDF(algorithm=hashes.SHA256(), length=16, salt=salt, info=info, backend=backend) aemKey = hkdf.derive(tek) return (aemKey)
def deriveShared(self, salt=None): saltN = salt if salt != None else os.urandom(16) info = b"is-just-info" hkdf = HKDF(algorithm=hashes.SHA256(), length=32, salt=saltN, info=info, backend=default_backend()) key = hkdf.derive(self.sharedKey) return key, saltN
def test_verify(self, backend): hkdf = HKDF( hashes.SHA256(), 16, salt=None, info=None, backend=backend ) hkdf.verify(b"\x01" * 16, b"gJ\xfb{\xb1Oi\xc5sMC\xb7\xe4@\xf7u")
def hap_hkdf(key, salt, info): """Just a shorthand.""" hkdf = HKDF( algorithm=HAP_CRYPTO.HKDF_HASH, length=HAP_CRYPTO.HKDF_KEYLEN, salt=salt, info=info, backend=backend, ) return hkdf.derive(key)
def hkdf_expand(salt, info, shared_secret): """Derive encryption keys from shared secret.""" hkdf = HKDF( algorithm=hashes.SHA512(), length=32, salt=salt.encode(), info=info.encode(), backend=default_backend(), ) return hkdf.derive(shared_secret)
def hkdf_function(session_key): salt = b'alienware' info = b'hello world' backend = default_backend() hkdf = HKDF(algorithm=hashes.SHA256(), length=32, salt=salt, info=info, backend=backend) obtained_key = hkdf.derive(session_key) return obtained_key
def keygen(): backend = default_backend() salt = os.urandom(16) info = b"hkdf-example" hkdf = HKDF(algorithm=hashes.SHA256(), length=32, salt=salt, info=info, backend=backend) key = hkdf.derive(b"This is the symetric key!") return key
def test_verify_invalid(self, backend): hkdf = HKDF( hashes.SHA256(), 16, salt=None, info=None, backend=backend ) with pytest.raises(InvalidKey): hkdf.verify(b"\x02" * 16, b"gJ\xfb{\xb1Oi\xc5sMC\xb7\xe4@\xf7u")
def daily_trace(dayNumber, traceKey): """A Daily Tracing Key is generated for every 24-hour window where the protocol is advertising.""" hkdf = HKDF(algorithm=hashes.SHA256(), #Setup HKDF length=16, salt=None, info=str.encode("CT-DTK" + str(dayNumber)), backend=default_backend()) dtk_i = hkdf.derive(traceKey) return dtk_i
def derive_fernet_key(input_key): """Derive a 32-bit b64-encoded Fernet key from arbitrary input key. """ hkdf = HKDF( algorithm=hashes.SHA256(), length=32, salt=salt, info=info, backend=backend, ) return base64.urlsafe_b64encode(hkdf.derive(force_bytes(input_key)))
def extract(self, salt, ikm): """ Extract a pseudorandom key of fixed length from input keying material "ikm" and an optional octet string "salt" """ hash_len = self.Hash.digest_size hkdf = HKDF_hazmat(algorithm=self.Hash(), length=hash_len, salt=salt, info=None, backend=backend) return hkdf.derive(ikm)
def set_server_public_key(self, server_public_key: Sequence): common_secret = pow(int_from_bytes(server_public_key, 'big'), self.pkey, self.DH_PRIME_1024) common_secret = int_to_bytes(common_secret) hkdf = HKDF(algorithm=hashes.SHA256(), length=16, salt=None, info=None, backend=default_backend()) self.aes_key = hkdf.derive(common_secret)
def derivation_keys(shared_key): if not type(shared_key) == bytes: shared_key = shared_key.encode(utf_type) hkdf = HKDF(algorithm=hashes.SHA256(), length=32, salt=shared_key[16:32], info=shared_key[:16], backend=default_backend()) keyDerived = hkdf.derive(shared_key[16:]) return keyDerived
def derive_key(session_key, salt): backend = default_backend() hkdf = HKDF(algorithm=hashes.SHA256(), length=32, salt=salt, info=None, backend=backend) return hkdf.derive(session_key)
def test_derive_long_output(self, backend): vector = load_vectors_from_file( os.path.join("KDF", "hkdf-generated.txt"), load_nist_vectors)[0] hkdf = HKDF(hashes.SHA256(), int(vector["l"]), salt=vector["salt"], info=vector["info"], backend=backend) ikm = binascii.unhexlify(vector["ikm"]) assert hkdf.derive(ikm) == binascii.unhexlify(vector["okm"])
def KeyBuild(self, key): key = key.encode() hdkf = HKDF( algorithm = hashes.SHA512(), length = 32, salt = self.salt, info = None, backend = self.backend ) key = hdkf.derive(key) return(key)
def generate_final_master_secret(master_secret, rand_client_server): backend = default_backend() info = "hkdf-example" hkdf = HKDF( algorithm=hashes.SHA256(), length=32, salt=rand_client_server, info=info, backend=backend) key = hkdf.derive(master_secret) return key
def _hkdf(self, initial_material, key_length, info): # type: (bytes, int, Text) -> bytes """Use HKDF to derive a key. :param bytes initial_material: Initial material to use with HKDF :param int key_length: Length of key to derive :param str info: Info value to use in HKDF calculate :returns: Derived key material :rtype: bytes """ hkdf = HKDF(algorithm=hashes.SHA256(), length=key_length, salt=None, info=info, backend=default_backend()) return hkdf.derive(initial_material)
def derivate(key, salt, spec): length = 0 if spec == 'ECDHE-AES128-SHA': length = 16 elif spec == 'ECDHE-AES256-SHA': length = 32 hkdf = HKDF(algorithm=hashes.SHA256(), length=length, salt=salt, info=b"hkdf-example", backend=default_backend()) return hkdf.derive(key)
def derive_key(secret, namespace, size=32): """HKDF-derive key material from the given master secret. This applies standard HKDF with our application-specific defaults, to produce derived key material of the requested length. """ kdf = HKDF(algorithm=hashes.SHA256(), length=size, salt=b"", info=hkdf_namespace(namespace), backend=default_backend()) return kdf.derive(secret)
def hkdf_derive_test(backend, algorithm, params): hkdf = HKDF( algorithm, int(params["l"]), salt=binascii.unhexlify(params["salt"]) or None, info=binascii.unhexlify(params["info"]) or None, backend=backend ) okm = hkdf.derive(binascii.unhexlify(params["ikm"])) assert okm == binascii.unhexlify(params["okm"])
def hkdf_extract_test(backend, algorithm, params): hkdf = HKDF( algorithm, int(params["l"]), salt=binascii.unhexlify(params["salt"]) or None, info=binascii.unhexlify(params["info"]) or None, backend=backend ) prk = hkdf._extract(binascii.unhexlify(params["ikm"])) assert prk == binascii.unhexlify(params["prk"])
def derive_key(self, bpassword, bsalt, attr_types): """ Generate the key used for encryption """ passToken = bpassword + self.btoken hkdf = Crypto_HKDF(algorithm=hashes.SHA256(), length=32, salt=bsalt, info=self.btoken, backend=default_backend()) return hkdf.derive(bpassword)
def keygen(): backend = default_backend() salt = os.urandom(16) info = b"hkdf-example" hkdf = HKDF( algorithm=hashes.SHA256(), length=32, salt=salt, info=info, backend=backend ) key = hkdf.derive(b"This is the symetric key!") return key
def test_derive_long_output(self, backend): vector = load_vectors_from_file( os.path.join("KDF", "hkdf-generated.txt"), load_nist_vectors )[0] hkdf = HKDF( hashes.SHA256(), int(vector["l"]), salt=vector["salt"], info=vector["info"], backend=backend ) ikm = binascii.unhexlify(vector["ikm"]) assert hkdf.derive(ikm) == binascii.unhexlify(vector["okm"])
def derive_key(secret, namespace, size=32): """HKDF-derive key material from the given master secret. This applies standard HKDF with our application-specific defaults, to produce derived key material of the requested length. """ kdf = HKDF( algorithm=hashes.SHA256(), length=size, salt=b"", info=hkdf_namespace(namespace), backend=backend ) return kdf.derive(secret)
def test_unicode_typeerror(self, backend): with pytest.raises(TypeError): HKDF( hashes.SHA256(), 16, salt=six.u("foo"), info=None, backend=backend ) with pytest.raises(TypeError): HKDF( hashes.SHA256(), 16, salt=None, info=six.u("foo"), backend=backend ) with pytest.raises(TypeError): hkdf = HKDF( hashes.SHA256(), 16, salt=None, info=None, backend=backend ) hkdf.derive(six.u("foo")) with pytest.raises(TypeError): hkdf = HKDF( hashes.SHA256(), 16, salt=None, info=None, backend=backend ) hkdf.verify(six.u("foo"), b"bar") with pytest.raises(TypeError): hkdf = HKDF( hashes.SHA256(), 16, salt=None, info=None, backend=backend ) hkdf.verify(b"foo", six.u("bar"))
def rotateip(ip, salt=None): """ rotate ip to another address if 'salt' is given, the ip will be * salted with secret * hashed with SHA-256 * combined to a new IP otherwise, the ip will be rotated to 0.0.0.0 >>> rotateip("127.0.0.1") '0.0.0.0' >>> x = rotateip("127.0.0.1", salt=b"secret") >>> y = rotateip("127.0.0.1", salt=b"secret2") >>> x == y False """ def tokenize(a, n): return map(lambda i: a[i:i+n], range(0, len(a), n)) def xor(t): x, y = t return x ^ y if salt is None: return "0.0.0.0" hkdf = HKDF(algorithm=hashes.SHA256(), length=8, salt=salt, info=b"ip-hashing", backend=default_backend()) hashed = hkdf.derive(ip.encode()) # for some reason, minimum derived key size is 8, so we need to further # reduce the key hashed = map(xor, zip(*tokenize(hashed, 4))) return ".".join(map(str, hashed))
def get_filename_and_key(self, upath, ext=None): path = upath.encode('utf-8') nonpath = b"//\x00" # cannot occur in path, which is normalized # Generate per-file key material via HKDF info = path if ext is not None: info += nonpath + ext hkdf = HKDF(algorithm=hashes.SHA256(), length=3*32, salt=self.salt_hkdf, info=info, backend=backend) data = hkdf.derive(self.key) # Generate key key = data[:32] # Generate filename h = hmac.HMAC(key=data[32:], algorithm=hashes.SHA512(), backend=backend) h.update(info) fn = h.finalize().encode('hex') return os.path.join(self.path, fn), key
def extract(self, salt, ikm): h = self.hash hkdf = HKDF(h, h.digest_size, salt, None, default_backend()) if ikm is None: ikm = b"\x00" * h.digest_size return hkdf._extract(ikm)
def deriveKey(mode, salt, key=None, dh=None, keyid=None, authSecret=None, padSize=2): def buildInfo(base, context): return b"Content-Encoding: " + base + b"\0" + context def deriveDH(mode, keyid, dh): def lengthPrefix(key): return struct.pack("!H", len(key)) + key if keyid is None: raise Exception(u"'keyid' is not specified with 'dh'") if not keyid in keys: raise Exception(u"'keyid' doesn't identify a key: " + keyid) if not keyid in labels: raise Exception(u"'keyid' doesn't identify a key label: " + keyid) if mode == "encrypt": senderPubKey = keys[keyid].get_pubkey() receiverPubKey = dh elif mode == "decrypt": senderPubKey = dh receiverPubKey = keys[keyid].get_pubkey() else: raise Exception(u"unknown 'mode' specified: " + mode); if type(labels[keyid]) == type(u""): labels[keyid] = labels[keyid].encode("utf-8") return (keys[keyid].get_ecdh_key(dh), labels[keyid] + b"\0" + lengthPrefix(receiverPubKey) + lengthPrefix(senderPubKey)) if salt is None or len(salt) != 16: raise Exception(u"'salt' must be a 16 octet value") context = b"" if key is not None: secret = key elif dh is not None: (secret, context) = deriveDH(mode=mode, keyid=keyid, dh=dh) elif keyid is not None: secret = keys[keyid] if secret is None: raise Exception(u"unable to determine the secret") if authSecret is not None: hkdf_auth = HKDF( algorithm=hashes.SHA256(), length=32, salt=authSecret, info=buildInfo(b"auth", b""), backend=default_backend() ) secret = hkdf_auth.derive(secret) if padSize == 2: keyinfo = buildInfo(b"aesgcm", context) nonceinfo = buildInfo(b"nonce", context) elif padSize == 1: keyinfo = b"Content-Encoding: aesgcm128" nonceinfo = b"Content-Encoding: nonce" else: raise Exception(u"unable to set context for padSize=" + str(padSize)) hkdf_key = HKDF( algorithm=hashes.SHA256(), length=16, salt=salt, info=keyinfo, backend=default_backend() ) hkdf_nonce = HKDF( algorithm=hashes.SHA256(), length=12, salt=salt, info=nonceinfo, backend=default_backend() ) result = (hkdf_key.derive(secret), hkdf_nonce.derive(secret)) return result
def derive_key(key_material, salt, info): algorithm = hashes.SHA512() length = algorithm.digest_size hkdf = HKDF(algorithm, length, salt, info, backend) return hkdf.derive(key_material)
def hkdf(secret, extra_secret, info, output_len): hkdf = HKDF(algorithm=SHA512(), length=output_len, salt=extra_secret, info=info, backend=backend) derived = hkdf.derive(secret) assert len(derived) == output_len return io.BytesIO(derived)
def _hkdf_expand(key, info): backend = default_backend() salt = '0' * len(key) hkdf = HKDF(algorithm=hashes.SHA256(), length=32, salt=salt, info=info, backend=backend) return hkdf.derive(key)
def test_already_finalized(self, backend): hkdf = HKDF(hashes.SHA256(), 16, salt=None, info=None, backend=backend) hkdf.derive(b"\x01" * 16) with pytest.raises(AlreadyFinalized): hkdf.derive(b"\x02" * 16) hkdf = HKDF(hashes.SHA256(), 16, salt=None, info=None, backend=backend) hkdf.verify(b"\x01" * 16, b"gJ\xfb{\xb1Oi\xc5sMC\xb7\xe4@\xf7u") with pytest.raises(AlreadyFinalized): hkdf.verify(b"\x02" * 16, b"gJ\xfb{\xb1Oi\xc5sMC\xb7\xe4@\xf7u") hkdf = HKDF(hashes.SHA256(), 16, salt=None, info=None, backend=backend)