本文整理汇总了Python中cryptography.hazmat.primitives.asymmetric.ec.ECDH属性的典型用法代码示例。如果您正苦于以下问题:Python ec.ECDH属性的具体用法?Python ec.ECDH怎么用?Python ec.ECDH使用的例子?那么, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类cryptography.hazmat.primitives.asymmetric.ec的用法示例。
在下文中一共展示了ec.ECDH属性的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: encryption_step_5
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import ec [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDH [as 别名]
def encryption_step_5(self, module, message, additional_data, cm):
client_ephemeral_public = message[len(self.cmh_struct_encryption[4][0]):]
c = module.lookup_client_pub(additional_data)
try:
public_numbers = ec.EllipticCurvePublicNumbers.from_encoded_point(self.curve, "\x04"+client_ephemeral_public)
except:
common.internal_print("Erroneous key received from the client. Are you sure you are using the same settings on both sides?", -1)
return module.cmh_struct[cm][4+module.is_caller_stateless()]
client_ephemeral_public_key = public_numbers.public_key(default_backend())
server_ephemeral_private_key = c.get_encryption().get_private_key()
hkdf = HKDF(algorithm=hashes.SHA256(), length=32, salt="IRatherEatMaldonThanHimalayan", info=None, backend=default_backend())
c.get_encryption().set_shared_key(hkdf.derive(server_ephemeral_private_key.exchange(ec.ECDH(), client_ephemeral_public_key)))
module.post_encryption_server(message[len(self.cmh_struct_encryption[4][0]):], additional_data)
common.internal_print("Encryption key agreed with the client.", 1)
return module.cmh_struct[cm][3]
# checking for the key file values in the config 示例2: encryption_step_5
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import ec [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDH [as 别名]
def encryption_step_5(self, module, message, additional_data, cm):
client_ephemeral_public = message[len(self.cmh_struct_encryption[4][0]):]
c = module.lookup_client_pub(additional_data)
try:
public_numbers = ec.EllipticCurvePublicNumbers.from_encoded_point(self.curve, "\x04"+client_ephemeral_public)
except:
common.internal_print("Erroneous key received from the client. Are you sure you are using the same settings on both sides?", -1)
return module.cmh_struct[cm][4+module.is_caller_stateless()]
client_ephemeral_public_key = public_numbers.public_key(default_backend())
server_ephemeral_private_key = c.get_encryption().get_private_key()
c.get_encryption().set_shared_key(server_ephemeral_private_key.exchange(ec.ECDH(), client_ephemeral_public_key))
module.post_encryption_server(message[len(self.cmh_struct_encryption[4][0]):], additional_data)
common.internal_print("Encryption key agreed with the client.", 1)
return module.cmh_struct[cm][3]
# checking for the key file values in the config 示例3: encrypt
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import ec [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDH [as 别名]
def encrypt(message, receiver_public_key):
sender_private_key = ec.generate_private_key(ec.SECP256K1(), backend)
shared_key = sender_private_key.exchange(ec.ECDH(), receiver_public_key)
sender_public_key = sender_private_key.public_key()
point = sender_public_key.public_numbers().encode_point()
iv = '000000000000'
xkdf = x963kdf.X963KDF(
algorithm = hashes.SHA256(),
length = 32,
sharedinfo = '',
backend = backend
)
key = xkdf.derive(shared_key)
encryptor = Cipher(
algorithms.AES(key),
modes.GCM(iv),
backend = backend
).encryptor()
ciphertext = encryptor.update(message) + encryptor.finalize()
return point + encryptor.tag + ciphertext 示例4: decrypt
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import ec [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDH [as 别名]
def decrypt(message, receiver_private_key):
point = message[0:65]
tag = message[65:81]
ciphertext = message[81:]
sender_public_numbers = ec.EllipticCurvePublicNumbers.from_encoded_point(ec.SECP256K1(), point)
sender_public_key = sender_public_numbers.public_key(backend)
shared_key = receiver_private_key.exchange(ec.ECDH(), sender_public_key)
iv = '000000000000'
xkdf = x963kdf.X963KDF(
algorithm = hashes.SHA256(),
length = 32,
sharedinfo = '',
backend = backend
)
key = xkdf.derive(shared_key)
decryptor = Cipher(
algorithms.AES(key),
modes.GCM(iv,tag),
backend = backend
).decryptor()
message = decryptor.update(ciphertext) + decryptor.finalize()
return message 示例5: wrap
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import ec [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDH [as 别名]
def wrap(self, key, bitsize, cek, headers):
self._check_key(key)
dk_size = self.keysize
if self.keysize is None:
if cek is not None:
raise InvalidJWEOperation('ECDH-ES cannot use an existing CEK')
alg = headers['enc']
dk_size = bitsize
else:
alg = headers['alg']
epk = JWK.generate(kty=key.key_type, crv=key.key_curve)
dk = self._derive(epk.get_op_key('unwrapKey'),
key.get_op_key('wrapKey'),
alg, dk_size, headers)
if self.keysize is None:
ret = {'cek': dk}
else:
aeskw = self.aeskwmap[self.keysize]()
kek = JWK(kty="oct", use="enc", k=base64url_encode(dk))
ret = aeskw.wrap(kek, bitsize, cek, headers)
ret['header'] = {'epk': json_decode(epk.export_public())}
return ret 示例6: getSupportedKeyExchanges
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import ec [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDH [as 别名]
def getSupportedKeyExchanges():
"""
Get a list of supported key exchange algorithm names in order of
preference.
@return: A C{list} of supported key exchange algorithm names.
@rtype: C{list} of L{bytes}
"""
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import ec
from twisted.conch.ssh.keys import _curveTable
backend = default_backend()
kexAlgorithms = _kexAlgorithms.copy()
for keyAlgorithm in list(kexAlgorithms):
if keyAlgorithm.startswith(b"ecdh"):
keyAlgorithmDsa = keyAlgorithm.replace(b"ecdh", b"ecdsa")
supported = backend.elliptic_curve_exchange_algorithm_supported(
ec.ECDH(), _curveTable[keyAlgorithmDsa])
if not supported:
kexAlgorithms.pop(keyAlgorithm)
return sorted(
kexAlgorithms,
key = lambda kexAlgorithm: kexAlgorithms[kexAlgorithm].preference) 示例7: post_build
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import ec [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDH [as 别名]
def post_build(self, pkt, pay):
if not self.tls_session.frozen and self.server_share.privkey:
# if there is a privkey, we assume the crypto library is ok
privshare = self.tls_session.tls13_server_privshare
if len(privshare) > 0:
pkt_info = pkt.firstlayer().summary()
log_runtime.info("TLS: overwriting previous server key share [%s]", pkt_info) # noqa: E501
group_name = _tls_named_groups[self.server_share.group]
privshare[group_name] = self.server_share.privkey
if group_name in self.tls_session.tls13_client_pubshares:
privkey = self.server_share.privkey
pubkey = self.tls_session.tls13_client_pubshares[group_name]
if group_name in six.itervalues(_tls_named_ffdh_groups):
pms = privkey.exchange(pubkey)
elif group_name in six.itervalues(_tls_named_curves):
if group_name in ["x25519", "x448"]:
pms = privkey.exchange(pubkey)
else:
pms = privkey.exchange(ec.ECDH(), pubkey)
self.tls_session.tls13_dhe_secret = pms
return super(TLS_Ext_KeyShare_SH, self).post_build(pkt, pay) 示例8: fill_missing
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import ec [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDH [as 别名]
def fill_missing(self):
s = self.tls_session
params = s.client_kx_ecdh_params
s.client_kx_privkey = ec.generate_private_key(params,
default_backend())
pubkey = s.client_kx_privkey.public_key()
x = pubkey.public_numbers().x
y = pubkey.public_numbers().y
self.ecdh_Yc = (b"\x04" +
pkcs_i2osp(x, params.key_size // 8) +
pkcs_i2osp(y, params.key_size // 8))
if s.client_kx_privkey and s.server_kx_pubkey:
pms = s.client_kx_privkey.exchange(ec.ECDH(), s.server_kx_pubkey)
s.pre_master_secret = pms
s.compute_ms_and_derive_keys() 示例9: post_dissection
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import ec [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDH [as 别名]
def post_dissection(self, m):
s = self.tls_session
# if there are kx params and keys, we assume the crypto library is ok
if s.client_kx_ecdh_params:
try: # cryptography >= 2.5
import_point = ec.EllipticCurvePublicKey.from_encoded_point
s.client_kx_pubkey = import_point(s.client_kx_ecdh_params,
self.ecdh_Yc)
except AttributeError:
import_point = ec.EllipticCurvePublicNumbers.from_encoded_point
pub_num = import_point(s.client_kx_ecdh_params, self.ecdh_Yc)
s.client_kx_pubkey = pub_num.public_key(default_backend())
if s.server_kx_privkey and s.client_kx_pubkey:
ZZ = s.server_kx_privkey.exchange(ec.ECDH(), s.client_kx_pubkey)
s.pre_master_secret = ZZ
s.compute_ms_and_derive_keys()
# RSA Encryption (standard & export) 示例10: decrypt
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import ec [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDH [as 别名]
def decrypt(self, pk, *args):
km = pk.keymaterial
if km.oid == EllipticCurveOID.Curve25519:
v = x25519.X25519PublicKey.from_public_bytes(self.p.x)
s = km.__privkey__().exchange(v)
else:
# assemble the public component of ephemeral key v
v = ec.EllipticCurvePublicNumbers(self.p.x, self.p.y, km.oid.curve()).public_key(default_backend())
# compute s using the inverse of how it was derived during encryption
s = km.__privkey__().exchange(ec.ECDH(), v)
# derive the wrapping key
z = km.kdf.derive_key(s, km.oid, PubKeyAlgorithm.ECDH, pk.fingerprint)
# unwrap and unpad m
_m = aes_key_unwrap(z, self.c, default_backend())
padder = PKCS7(64).unpadder()
return padder.update(_m) + padder.finalize() 示例11: encryption_step_3
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import ec [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDH [as 别名]
def encryption_step_3(self, module, message, additional_data, cm):
client_public_key_stream = message[len(self.cmh_struct_encryption[2][0]):]
try:
public_numbers = ec.EllipticCurvePublicNumbers.from_encoded_point(self.curve, "\x04"+client_public_key_stream)
except:
common.internal_print("Erroneous key received from the client. Are you sure you are using the same settings on both sides?", -1)
return module.cmh_struct[cm][4+module.is_caller_stateless()]
client_public_key = public_numbers.public_key(default_backend())
c = module.lookup_client_pub(additional_data)
hkdf = HKDF(algorithm=hashes.SHA256(), length=32, salt="IRatherEatMaldonThanHimalayan", info=None, backend=default_backend())
c.get_encryption().set_shared_key(hkdf.derive(self.server_private_key.exchange(ec.ECDH(), client_public_key)))
server_ephemeral_private_key = ec.generate_private_key(self.curve, default_backend())
server_ephemeral_public_key = server_ephemeral_private_key.public_key()
# no need to save, but who knows?!
c.get_encryption().set_private_key(server_ephemeral_private_key)
c.get_encryption().set_public_key(server_ephemeral_public_key)
c.get_encryption().set_encrypted(True)
pbk = server_ephemeral_public_key.public_numbers().encode_point()[1:]
module.send(common.CONTROL_CHANNEL_BYTE, self.cmh_struct_encryption[3][0]+pbk, module.modify_additional_data(additional_data, 1))
return module.cmh_struct[cm][3]
# client side.
# Server's ephemeral receveid, client generates an ephemeral keypair as
# well. Client sends its ephemeral's public key to the server.
# Since this is the last client side function called, we invoke the
# next step that is most probably the authentication, defined in the
# post_encryption_client() function. 示例12: encryption_step_4
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import ec [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDH [as 别名]
def encryption_step_4(self, module, message, additional_data, cm):
server_ephemeral_public_key_stream = message[len(self.cmh_struct_encryption[3][0]):]
try:
public_numbers = ec.EllipticCurvePublicNumbers.from_encoded_point(self.curve, "\x04"+server_ephemeral_public_key_stream)
except:
common.internal_print("Erroneous key received from the server. Are you sure you are using the same settings on both sides?", -1)
return module.cmh_struct[cm][4+module.is_caller_stateless()]
server_ephemeral_public_key = public_numbers.public_key(default_backend())
client_ephemeral_private_key = ec.generate_private_key(self.curve, default_backend())
client_ephemeral_public_key = client_ephemeral_private_key.public_key()
module.encryption.set_private_key(client_ephemeral_private_key)
module.encryption.set_public_key(client_ephemeral_public_key)
pbk = client_ephemeral_public_key.public_numbers().encode_point()[1:]
module.send(common.CONTROL_CHANNEL_BYTE, self.cmh_struct_encryption[4][0]+pbk, module.modify_additional_data(additional_data, 0))
hkdf = HKDF(algorithm=hashes.SHA256(), length=32, salt="IRatherEatMaldonThanHimalayan", info=None, backend=default_backend())
module.encryption.set_shared_key(hkdf.derive(client_ephemeral_private_key.exchange(ec.ECDH(), server_ephemeral_public_key)))
module.post_encryption_client(message[len(self.cmh_struct_encryption[3][0]):], additional_data)
common.internal_print("Encryption key agreed with the server.", 1)
return module.cmh_struct[cm][3]
# server side.
# Client's ephemeral public key received. Key exchanged and saved. 示例13: encryption_step_4
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import ec [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDH [as 别名]
def encryption_step_4(self, module, message, additional_data, cm):
server_ephemeral_public_key_stream = message[len(self.cmh_struct_encryption[3][0]):]
try:
public_numbers = ec.EllipticCurvePublicNumbers.from_encoded_point(self.curve, "\x04"+server_ephemeral_public_key_stream)
except:
common.internal_print("Erroneous key received from the server. Are you sure you are using the same settings on both sides?", -1)
return module.cmh_struct[cm][4+module.is_caller_stateless()]
server_ephemeral_public_key = public_numbers.public_key(default_backend())
client_ephemeral_private_key = ec.generate_private_key(self.curve, default_backend())
client_ephemeral_public_key = client_ephemeral_private_key.public_key()
module.encryption.set_private_key(client_ephemeral_private_key)
module.encryption.set_public_key(client_ephemeral_public_key)
pbk = client_ephemeral_public_key.public_numbers().encode_point()[1:]
module.send(common.CONTROL_CHANNEL_BYTE, self.cmh_struct_encryption[4][0]+pbk, module.modify_additional_data(additional_data, 0))
module.encryption.set_shared_key(client_ephemeral_private_key.exchange(ec.ECDH(), server_ephemeral_public_key))
module.post_encryption_client(message[len(self.cmh_struct_encryption[3][0]):], additional_data)
common.internal_print("Encryption key agreed with the server.", 1)
return module.cmh_struct[cm][3]
# server side.
# Client's ephemeral public key received. Key exchanged and saved. 示例14: _derive
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import ec [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDH [as 别名]
def _derive(self, privkey, pubkey, alg, bitsize, headers):
# OtherInfo is defined in NIST SP 56A 5.8.1.2.1
# AlgorithmID
otherinfo = struct.pack('>I', len(alg))
otherinfo += bytes(alg.encode('utf8'))
# PartyUInfo
apu = base64url_decode(headers['apu']) if 'apu' in headers else b''
otherinfo += struct.pack('>I', len(apu))
otherinfo += apu
# PartyVInfo
apv = base64url_decode(headers['apv']) if 'apv' in headers else b''
otherinfo += struct.pack('>I', len(apv))
otherinfo += apv
# SuppPubInfo
otherinfo += struct.pack('>I', bitsize)
# no SuppPrivInfo
# Shared Key generation
if isinstance(privkey, ec.EllipticCurvePrivateKey):
shared_key = privkey.exchange(ec.ECDH(), pubkey)
else:
# X25519/X448
shared_key = privkey.exchange(pubkey)
ckdf = ConcatKDFHash(algorithm=hashes.SHA256(),
length=_inbytes(bitsize),
otherinfo=otherinfo,
backend=self.backend)
return ckdf.derive(shared_key) 示例15: ecdh_agree
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import ec [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDH [as 别名]
def ecdh_agree(privkey: datatypes.PrivateKey, pubkey: datatypes.PublicKey) -> bytes:
"""Performs a key exchange operation using the ECDH algorithm."""
privkey_as_int = int(cast(int, privkey))
ec_privkey = ec.derive_private_key(privkey_as_int, CURVE, default_backend())
pubkey_bytes = b"\x04" + pubkey.to_bytes()
pubkey_nums = ec.EllipticCurvePublicNumbers.from_encoded_point(CURVE, pubkey_bytes)
ec_pubkey = pubkey_nums.public_key(default_backend())
return ec_privkey.exchange(ec.ECDH(), ec_pubkey)