本文整理汇总了Python中cryptography.hazmat.primitives.hmac.HMAC属性的典型用法代码示例。如果您正苦于以下问题:Python hmac.HMAC属性的具体用法?Python hmac.HMAC怎么用?Python hmac.HMAC使用的例子?那么, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类cryptography.hazmat.primitives.hmac
的用法示例。
在下文中一共展示了hmac.HMAC属性的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: seal_aes_ctr_legacy
# 需要导入模块: from cryptography.hazmat.primitives import hmac [as 别名]
# 或者: from cryptography.hazmat.primitives.hmac import HMAC [as 别名]
def seal_aes_ctr_legacy(key_service, secret, digest_method=DEFAULT_DIGEST):
"""
Encrypts `secret` using the key service.
You can decrypt with the companion method `open_aes_ctr_legacy`.
"""
# generate a a 64 byte key.
# Half will be for data encryption, the other half for HMAC
key, encoded_key = key_service.generate_key_data(64)
ciphertext, hmac = _seal_aes_ctr(
secret, key, LEGACY_NONCE, digest_method,
)
return {
'key': b64encode(encoded_key).decode('utf-8'),
'contents': b64encode(ciphertext).decode('utf-8'),
'hmac': codecs.encode(hmac, "hex_codec"),
'digest': digest_method,
}
示例2: _encrypt_from_parts
# 需要导入模块: from cryptography.hazmat.primitives import hmac [as 别名]
# 或者: from cryptography.hazmat.primitives.hmac import HMAC [as 别名]
def _encrypt_from_parts(self, data, current_time, iv):
if not isinstance(data, bytes):
raise TypeError("data must be bytes.")
padder = padding.PKCS7(algorithms.AES.block_size).padder()
padded_data = padder.update(data) + padder.finalize()
encryptor = Cipher(
algorithms.AES(self._encryption_key), modes.CBC(iv), self._backend
).encryptor()
ciphertext = encryptor.update(padded_data) + encryptor.finalize()
basic_parts = (
b"\x80" + struct.pack(">Q", current_time) + iv + ciphertext
)
h = HMAC(self._signing_key, hashes.SHA256(), backend=self._backend)
h.update(basic_parts)
hmac = h.finalize()
return base64.urlsafe_b64encode(basic_parts + hmac)
示例3: _encrypt_from_parts
# 需要导入模块: from cryptography.hazmat.primitives import hmac [as 别名]
# 或者: from cryptography.hazmat.primitives.hmac import HMAC [as 别名]
def _encrypt_from_parts(self, data, current_time, iv):
utils._check_bytes("data", data)
padder = padding.PKCS7(algorithms.AES.block_size).padder()
padded_data = padder.update(data) + padder.finalize()
encryptor = Cipher(
algorithms.AES(self._encryption_key), modes.CBC(iv), self._backend
).encryptor()
ciphertext = encryptor.update(padded_data) + encryptor.finalize()
basic_parts = (
b"\x80" + struct.pack(">Q", current_time) + iv + ciphertext
)
h = HMAC(self._signing_key, hashes.SHA256(), backend=self._backend)
h.update(basic_parts)
hmac = h.finalize()
return base64.urlsafe_b64encode(basic_parts + hmac)
示例4: test_allowed_unsecured_valid_token
# 需要导入模块: from cryptography.hazmat.primitives import hmac [as 别名]
# 或者: from cryptography.hazmat.primitives.hmac import HMAC [as 别名]
def test_allowed_unsecured_valid_token(self):
"""Test payload data from valid secured token (unsecured allowed)."""
header = force_bytes(json.dumps({'alg': 'HS256', 'typ': 'JWT'}))
payload = force_bytes(json.dumps({'foo': 'bar'}))
# Compute signature
key = b'mysupersecuretestkey'
h = hmac.HMAC(key, hashes.SHA256(), backend=default_backend())
msg = '{}.{}'.format(smart_text(b64encode(header)), smart_text(b64encode(payload)))
h.update(force_bytes(msg))
signature = b64encode(h.finalize())
token = '{}.{}.{}'.format(
smart_text(b64encode(header)),
smart_text(b64encode(payload)),
smart_text(signature)
)
token_bytes = force_bytes(token)
key_text = smart_text(key)
output = self.backend.get_payload_data(token_bytes, key_text)
self.assertEqual(output, payload)
示例5: test_disallowed_unsecured_valid_token
# 需要导入模块: from cryptography.hazmat.primitives import hmac [as 别名]
# 或者: from cryptography.hazmat.primitives.hmac import HMAC [as 别名]
def test_disallowed_unsecured_valid_token(self):
"""Test payload data from valid secure token (unsecured disallowed)."""
header = force_bytes(json.dumps({'alg': 'HS256', 'typ': 'JWT'}))
payload = force_bytes(json.dumps({'foo': 'bar'}))
# Compute signature
key = b'mysupersecuretestkey'
h = hmac.HMAC(key, hashes.SHA256(), backend=default_backend())
msg = '{}.{}'.format(smart_text(b64encode(header)), smart_text(b64encode(payload)))
h.update(force_bytes(msg))
signature = b64encode(h.finalize())
token = '{}.{}.{}'.format(
smart_text(b64encode(header)),
smart_text(b64encode(payload)),
smart_text(signature)
)
token_bytes = force_bytes(token)
key_text = smart_text(key)
output = self.backend.get_payload_data(token_bytes, key_text)
self.assertEqual(output, payload)
示例6: test_allowed_unsecured_invalid_token
# 需要导入模块: from cryptography.hazmat.primitives import hmac [as 别名]
# 或者: from cryptography.hazmat.primitives.hmac import HMAC [as 别名]
def test_allowed_unsecured_invalid_token(self):
"""Test payload data from invalid secure token (unsecured allowed)."""
header = force_bytes(json.dumps({'alg': 'HS256', 'typ': 'JWT'}))
payload = force_bytes(json.dumps({'foo': 'bar'}))
# Compute signature
key = b'mysupersecuretestkey'
fake_key = b'mysupersecurefaketestkey'
h = hmac.HMAC(key, hashes.SHA256(), backend=default_backend())
msg = '{}.{}'.format(smart_text(b64encode(header)), smart_text(b64encode(payload)))
h.update(force_bytes(msg))
signature = b64encode(h.finalize())
token = '{}.{}.{}'.format(
smart_text(b64encode(header)),
smart_text(b64encode(payload)),
smart_text(signature)
)
token_bytes = force_bytes(token)
key_text = smart_text(fake_key)
with self.assertRaises(SuspiciousOperation) as ctx:
self.backend.get_payload_data(token_bytes, key_text)
self.assertEqual(ctx.exception.args[0], 'JWS token verification failed.')
示例7: test_disallowed_unsecured_invalid_token
# 需要导入模块: from cryptography.hazmat.primitives import hmac [as 别名]
# 或者: from cryptography.hazmat.primitives.hmac import HMAC [as 别名]
def test_disallowed_unsecured_invalid_token(self):
"""Test payload data from invalid secure token (unsecured disallowed)."""
header = force_bytes(json.dumps({'alg': 'HS256', 'typ': 'JWT'}))
payload = force_bytes(json.dumps({'foo': 'bar'}))
# Compute signature
key = b'mysupersecuretestkey'
fake_key = b'mysupersecurefaketestkey'
h = hmac.HMAC(key, hashes.SHA256(), backend=default_backend())
msg = '{}.{}'.format(smart_text(b64encode(header)), smart_text(b64encode(payload)))
h.update(force_bytes(msg))
signature = b64encode(h.finalize())
token = '{}.{}.{}'.format(
smart_text(b64encode(header)),
smart_text(b64encode(payload)),
smart_text(signature)
)
token_bytes = force_bytes(token)
key_text = smart_text(fake_key)
with self.assertRaises(SuspiciousOperation) as ctx:
self.backend.get_payload_data(token_bytes, key_text)
self.assertEqual(ctx.exception.args[0], 'JWS token verification failed.')
示例8: insert_encrypted_value
# 需要导入模块: from cryptography.hazmat.primitives import hmac [as 别名]
# 或者: from cryptography.hazmat.primitives.hmac import HMAC [as 别名]
def insert_encrypted_value(self, element, encryption_algorithm, encrypted_string):
"""
Add an encrypted value (key) to the document.
"""
encrypted_value = element_tree.SubElement(element, "{urn:ietf:params:xml:ns:keyprov:pskc}EncryptedValue")
encryption_method = element_tree.SubElement(encrypted_value, "{http://www.w3.org/2001/04/xmlenc#}EncryptionMethod")
encryption_method.set("Algorithm", encryption_algorithm)
cipher_data = element_tree.SubElement(encrypted_value, "{http://www.w3.org/2001/04/xmlenc#}CipherData")
cipher_value = element_tree.SubElement(cipher_data, "{http://www.w3.org/2001/04/xmlenc#}CipherValue")
cipher_value.text = encrypted_string
# calculate and set MAC using HMAC-SHA512 over data in CipherValue
if not self.hmac_key:
raise Exception("Missing HMAC key")
value_mac = element_tree.SubElement(element, "{urn:ietf:params:xml:ns:keyprov:pskc}ValueMAC")
hmac_instance = hmac.HMAC(self.hmac_key, hashes.SHA512(), backend=default_backend())
hmac_instance.update(base64.b64decode(encrypted_string))
value_mac.text = base64.b64encode(hmac_instance.finalize()).decode('utf-8')
示例9: load_key
# 需要导入模块: from cryptography.hazmat.primitives import hmac [as 别名]
# 或者: from cryptography.hazmat.primitives.hmac import HMAC [as 别名]
def load_key(self, key, key_type, key_encoding):
# (bytes, EncryptionKeyType, KeyEncodingType) -> bytes
"""Load a raw key from bytes.
:param bytes key: Raw key bytes to load
:param EncryptionKeyType key_type: Type of key to load
:param KeyEncodingType key_encoding: Encoding used to serialize ``key``
:returns: Loaded key
:rtype: bytes
:raises ValueError: if ``key_type`` is not symmetric or ``key_encoding`` is not raw
"""
if not (key_type is EncryptionKeyType.SYMMETRIC and key_encoding is KeyEncodingType.RAW):
raise ValueError("Key type must be symmetric and encoding must be raw.")
if len(key) * 8 < MinimumKeySizes.HMAC.value:
_LOGGER.warning("HMAC keys smaller than %d bits are unsafe" % MinimumKeySizes.HMAC.value)
return key
示例10: generate
# 需要导入模块: from cryptography.hazmat.primitives import hmac [as 别名]
# 或者: from cryptography.hazmat.primitives.hmac import HMAC [as 别名]
def generate(self, key_size=DEFAULT_AES_KEY_SIZE):
"""
Generate a new AES key with the corresponding HMAC key.
:rtype: :class:`AESKey`
"""
if key_size < MINIMUM_AES_KEY_SIZE:
raise ValueError('Unsafe key size: %s' % (key_size))
aes_key_bytes = os.urandom(int(key_size / 8))
aes_key_string = Base64WSEncode(aes_key_bytes)
hmac_key_bytes = os.urandom(int(key_size / 8))
hmac_key_string = Base64WSEncode(hmac_key_bytes)
return AESKey(aes_key_string=aes_key_string, hmac_key_string=hmac_key_string,
hmac_key_size=key_size, mode='CBC', size=key_size)
示例11: update
# 需要导入模块: from cryptography.hazmat.primitives import hmac [as 别名]
# 或者: from cryptography.hazmat.primitives.hmac import HMAC [as 别名]
def update(self, data):
ret = b""
if self.cipher is None:
key = os.urandom(16)
nonce = os.urandom(16)
auth_key = os.urandom(32)
self.cipher = Cipher(algorithms.AES(key), modes.CTR(nonce), backend=default_backend()).encryptor()
self.authenticator = HMAC(auth_key, SHA256(), backend=default_backend())
pad = padding.OAEP(mgf=padding.MGF1(algorithm=SHA1()),
algorithm=SHA1(),
label=None)
cipherkey = self.rsa_public_key.encrypt(key + nonce + auth_key, pad)
ret = FILEMAGIC + struct.pack(">H", len(cipherkey)) + cipherkey
cur = self.cipher.update(data)
self.authenticator.update(cur)
if ret:
return ret + cur
else:
return cur
示例12: process_header
# 需要导入模块: from cryptography.hazmat.primitives import hmac [as 别名]
# 或者: from cryptography.hazmat.primitives.hmac import HMAC [as 别名]
def process_header(self, data):
if self._cipher_key_len is None:
if data[0:6] != FILEMAGIC:
raise EncryptorError("Invalid magic bytes")
self._cipher_key_len = struct.unpack(">H", data[6:8])[0]
else:
pad = padding.OAEP(mgf=padding.MGF1(algorithm=SHA1()),
algorithm=SHA1(),
label=None)
try:
plainkey = self.rsa_private_key.decrypt(data, pad)
except AssertionError:
raise EncryptorError("Decrypting key data failed")
if len(plainkey) != 64:
raise EncryptorError("Integrity check failed")
key = plainkey[0:16]
nonce = plainkey[16:32]
auth_key = plainkey[32:64]
self._header_size = 8 + len(data)
self.cipher = Cipher(algorithms.AES(key), modes.CTR(nonce), backend=default_backend()).decryptor()
self.authenticator = HMAC(auth_key, SHA256(), backend=default_backend())
示例13: _verify_ciphertext
# 需要导入模块: from cryptography.hazmat.primitives import hmac [as 别名]
# 或者: from cryptography.hazmat.primitives.hmac import HMAC [as 别名]
def _verify_ciphertext(self):
backend = default_backend()
h = hmac.HMAC(self.mac_key, hashes.SHA256(), backend=backend)
stream = self.iv.asOctets() + self.ciphertext
h.update(stream)
mac_code = h.finalize()
if mac_code != self.mac:
sys.stderr.write("Calculated MAC did not match anticipated MAC\n")
sys.stderr.write("Calculated MAC: {0}\n".format(mac_code))
sys.stderr.write("Expected MAC: {0}\n".format(self.mac))
die()
if self.DEBUG:
sys.stderr.write("MAC Calculated over IV and Ciphertext: {0}\n".format(mac_code))
示例14: _hmac_setup
# 需要导入模块: from cryptography.hazmat.primitives import hmac [as 别名]
# 或者: from cryptography.hazmat.primitives.hmac import HMAC [as 别名]
def _hmac_setup(self, key, payload):
h = hmac.HMAC(key, self.hashfn, backend=self.backend)
h.update(payload)
return h
示例15: _mac
# 需要导入模块: from cryptography.hazmat.primitives import hmac [as 别名]
# 或者: from cryptography.hazmat.primitives.hmac import HMAC [as 别名]
def _mac(self, k, a, iv, e):
al = _encode_int(_bitsize(a), 64)
h = hmac.HMAC(k, self.hashfn, backend=self.backend)
h.update(a)
h.update(iv)
h.update(e)
h.update(al)
m = h.finalize()
return m[:_inbytes(self.keysize)]
# RFC 7518 - 5.2.2