本文整理汇总了Python中cryptography.hazmat.primitives.kdf.hkdf.HKDF属性的典型用法代码示例。如果您正苦于以下问题:Python hkdf.HKDF属性的具体用法?Python hkdf.HKDF怎么用?Python hkdf.HKDF使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类cryptography.hazmat.primitives.kdf.hkdf的用法示例。
在下文中一共展示了hkdf.HKDF属性的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: encryption_step_5
# 需要导入模块: from cryptography.hazmat.primitives.kdf import hkdf [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
def encryption_step_5(self, module, message, additional_data, cm):
client_ephemeral_public = message[len(self.cmh_struct_encryption[4][0]):]
c = module.lookup_client_pub(additional_data)
try:
public_numbers = ec.EllipticCurvePublicNumbers.from_encoded_point(self.curve, "\x04"+client_ephemeral_public)
except:
common.internal_print("Erroneous key received from the client. Are you sure you are using the same settings on both sides?", -1)
return module.cmh_struct[cm][4+module.is_caller_stateless()]
client_ephemeral_public_key = public_numbers.public_key(default_backend())
server_ephemeral_private_key = c.get_encryption().get_private_key()
hkdf = HKDF(algorithm=hashes.SHA256(), length=32, salt="IRatherEatMaldonThanHimalayan", info=None, backend=default_backend())
c.get_encryption().set_shared_key(hkdf.derive(server_ephemeral_private_key.exchange(ec.ECDH(), client_ephemeral_public_key)))
module.post_encryption_server(message[len(self.cmh_struct_encryption[4][0]):], additional_data)
common.internal_print("Encryption key agreed with the client.", 1)
return module.cmh_struct[cm][3]
# checking for the key file values in the config 示例2: _derive_delegated_key
# 需要导入模块: from cryptography.hazmat.primitives.kdf import hkdf [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
def _derive_delegated_key(self, initial_material, key_info, hkdf_info):
# type: (bytes, KeyInfo, HkdfInfo) -> JceNameLocalDelegatedKey
"""Derive the raw key and use it to build a JceNameLocalDelegatedKey.
:param bytes initial_material: Initial material to use with KDF
:param KeyInfo key_info: Key information to use to calculate encryption key
:param HkdfInfo hkdf_info: Info to use in HKDF calculation
:returns: Delegated key to use for encryption and decryption
:rtype: JceNameLocalDelegatedKey
"""
raw_key = self._hkdf(initial_material, key_info.length // 8, hkdf_info.value)
return JceNameLocalDelegatedKey(
key=raw_key,
algorithm=key_info.algorithm,
key_type=EncryptionKeyType.SYMMETRIC,
key_encoding=KeyEncodingType.RAW,
) 示例3: kdf
# 需要导入模块: from cryptography.hazmat.primitives.kdf import hkdf [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
def kdf(ecpoint: Point,
key_length: int,
salt: Optional[bytes] = None,
info: Optional[bytes] = None,
) -> bytes:
data = ecpoint.to_bytes(is_compressed=True)
hkdf = HKDF(algorithm=hashes.BLAKE2b(64),
length=key_length,
salt=salt,
info=info,
backend=default_backend())
return hkdf.derive(data)
# TODO: Common API for all hash_to_curvebn functions.
# TODO: ^ It should check the correct number and type args, instead of current approach. 示例4: derive_privkey_by_label
# 需要导入模块: from cryptography.hazmat.primitives.kdf import hkdf [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
def derive_privkey_by_label(self,
label: bytes,
salt: Optional[bytes] = None,
params: Optional[UmbralParameters] = None) -> UmbralPrivateKey:
"""
Derives an UmbralPrivateKey using a KDF from this instance of
UmbralKeyingMaterial, a label, and an optional salt.
"""
params = params if params is not None else default_params()
key_material = HKDF(
algorithm=hashes.BLAKE2b(64),
length=64,
salt=salt,
info=b"NuCypher/KeyDerivation/"+label,
backend=default_backend()
).derive(self.__keying_material)
bn_key = hash_to_curvebn(key_material, params=params)
return UmbralPrivateKey(bn_key, params) 示例5: encryption_step_3
# 需要导入模块: from cryptography.hazmat.primitives.kdf import hkdf [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
def encryption_step_3(self, module, message, additional_data, cm):
client_public_key_stream = message[len(self.cmh_struct_encryption[2][0]):]
try:
public_numbers = ec.EllipticCurvePublicNumbers.from_encoded_point(self.curve, "\x04"+client_public_key_stream)
except:
common.internal_print("Erroneous key received from the client. Are you sure you are using the same settings on both sides?", -1)
return module.cmh_struct[cm][4+module.is_caller_stateless()]
client_public_key = public_numbers.public_key(default_backend())
c = module.lookup_client_pub(additional_data)
hkdf = HKDF(algorithm=hashes.SHA256(), length=32, salt="IRatherEatMaldonThanHimalayan", info=None, backend=default_backend())
c.get_encryption().set_shared_key(hkdf.derive(self.server_private_key.exchange(ec.ECDH(), client_public_key)))
server_ephemeral_private_key = ec.generate_private_key(self.curve, default_backend())
server_ephemeral_public_key = server_ephemeral_private_key.public_key()
# no need to save, but who knows?!
c.get_encryption().set_private_key(server_ephemeral_private_key)
c.get_encryption().set_public_key(server_ephemeral_public_key)
c.get_encryption().set_encrypted(True)
pbk = server_ephemeral_public_key.public_numbers().encode_point()[1:]
module.send(common.CONTROL_CHANNEL_BYTE, self.cmh_struct_encryption[3][0]+pbk, module.modify_additional_data(additional_data, 1))
return module.cmh_struct[cm][3]
# client side.
# Server's ephemeral receveid, client generates an ephemeral keypair as
# well. Client sends its ephemeral's public key to the server.
# Since this is the last client side function called, we invoke the
# next step that is most probably the authentication, defined in the
# post_encryption_client() function. 示例6: encryption_step_4
# 需要导入模块: from cryptography.hazmat.primitives.kdf import hkdf [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
def encryption_step_4(self, module, message, additional_data, cm):
server_ephemeral_public_key_stream = message[len(self.cmh_struct_encryption[3][0]):]
try:
public_numbers = ec.EllipticCurvePublicNumbers.from_encoded_point(self.curve, "\x04"+server_ephemeral_public_key_stream)
except:
common.internal_print("Erroneous key received from the server. Are you sure you are using the same settings on both sides?", -1)
return module.cmh_struct[cm][4+module.is_caller_stateless()]
server_ephemeral_public_key = public_numbers.public_key(default_backend())
client_ephemeral_private_key = ec.generate_private_key(self.curve, default_backend())
client_ephemeral_public_key = client_ephemeral_private_key.public_key()
module.encryption.set_private_key(client_ephemeral_private_key)
module.encryption.set_public_key(client_ephemeral_public_key)
pbk = client_ephemeral_public_key.public_numbers().encode_point()[1:]
module.send(common.CONTROL_CHANNEL_BYTE, self.cmh_struct_encryption[4][0]+pbk, module.modify_additional_data(additional_data, 0))
hkdf = HKDF(algorithm=hashes.SHA256(), length=32, salt="IRatherEatMaldonThanHimalayan", info=None, backend=default_backend())
module.encryption.set_shared_key(hkdf.derive(client_ephemeral_private_key.exchange(ec.ECDH(), server_ephemeral_public_key)))
module.post_encryption_client(message[len(self.cmh_struct_encryption[3][0]):], additional_data)
common.internal_print("Encryption key agreed with the server.", 1)
return module.cmh_struct[cm][3]
# server side.
# Client's ephemeral public key received. Key exchanged and saved. 示例7: extract
# 需要导入模块: from cryptography.hazmat.primitives.kdf import hkdf [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
def extract(self, salt, ikm):
h = self.hash
hkdf = HKDF(h, h.digest_size, salt, None, default_backend())
if ikm is None:
ikm = b"\x00" * h.digest_size
return hkdf._extract(ikm) 示例8: _generate_initial_material
# 需要导入模块: from cryptography.hazmat.primitives.kdf import hkdf [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
def _generate_initial_material(self, encryption_context):
# type: (EncryptionContext) -> Tuple[bytes, bytes]
"""Generate the initial cryptographic material for use with HKDF.
:param EncryptionContext encryption_context: Encryption context providing information about request
:returns: Plaintext and ciphertext of initial cryptographic material
:rtype: bytes and bytes
"""
key_id = self._select_key_id(encryption_context)
self._validate_key_id(key_id, encryption_context)
key_length = 256 // 8
kms_encryption_context = self._kms_encryption_context(
encryption_context=encryption_context,
encryption_description=self._content_key_info.description,
signing_description=self._signing_key_info.description,
)
kms_params = dict(KeyId=key_id, NumberOfBytes=key_length, EncryptionContext=kms_encryption_context)
if self._grant_tokens:
kms_params["GrantTokens"] = self._grant_tokens
# Catch any boto3 errors and normalize to expected WrappingError
try:
response = self._client(key_id).generate_data_key(**kms_params)
return response["Plaintext"], response["CiphertextBlob"]
except (botocore.exceptions.ClientError, KeyError):
message = "Failed to generate materials using AWS KMS"
_LOGGER.exception(message)
raise WrappingError(message) 示例9: _hkdf
# 需要导入模块: from cryptography.hazmat.primitives.kdf import hkdf [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
def _hkdf(self, initial_material, key_length, info):
# type: (bytes, int, Text) -> bytes
"""Use HKDF to derive a key.
:param bytes initial_material: Initial material to use with HKDF
:param int key_length: Length of key to derive
:param str info: Info value to use in HKDF calculate
:returns: Derived key material
:rtype: bytes
"""
hkdf = HKDF(algorithm=hashes.SHA256(), length=key_length, salt=None, info=info, backend=default_backend())
return hkdf.derive(initial_material) 示例10: hkdf_expand
# 需要导入模块: from cryptography.hazmat.primitives.kdf import hkdf [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
def hkdf_expand(salt, info, shared_secret):
"""Derive encryption keys from shared secret."""
hkdf = HKDF(
algorithm=hashes.SHA512(),
length=32,
salt=salt.encode(),
info=info.encode(),
backend=default_backend(),
)
return hkdf.derive(shared_secret)
# pylint: disable=too-many-instance-attributes 示例11: hkdf_expand_and_extract
# 需要导入模块: from cryptography.hazmat.primitives.kdf import hkdf [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
def hkdf_expand_and_extract(secret: bytes,
initiator_node_id: NodeID,
recipient_node_id: NodeID,
id_nonce: IDNonce,
) -> Tuple[bytes, bytes, bytes]:
info = b"".join((
HKDF_INFO,
initiator_node_id,
recipient_node_id,
))
hkdf = HKDF(
algorithm=SHA256(),
length=3 * AES128_KEY_SIZE,
salt=id_nonce,
info=info,
backend=cryptography_default_backend(),
)
expanded_key = hkdf.derive(secret)
if len(expanded_key) != 3 * AES128_KEY_SIZE:
raise Exception("Invariant: Secret is expanded to three AES128 keys")
initiator_key = expanded_key[:AES128_KEY_SIZE]
recipient_key = expanded_key[AES128_KEY_SIZE:2 * AES128_KEY_SIZE]
auth_response_key = expanded_key[2 * AES128_KEY_SIZE:3 * AES128_KEY_SIZE]
return initiator_key, recipient_key, auth_response_key 示例12: derive_fernet_key
# 需要导入模块: from cryptography.hazmat.primitives.kdf import hkdf [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
def derive_fernet_key(input_key):
"""Derive a 32-bit b64-encoded Fernet key from arbitrary input key."""
hkdf = HKDF(
algorithm=hashes.SHA256(),
length=32,
salt=salt,
info=info,
backend=backend,
)
return base64.urlsafe_b64encode(hkdf.derive(force_bytes(input_key))) 示例13: doECDHE
# 需要导入模块: from cryptography.hazmat.primitives.kdf import hkdf [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
def doECDHE(statprv_u, statpub_v, ephmprv_u, ephmpub_v,
length=64,
salt=None,
info=None):
'''
Perform one side of an Ecliptic Curve Diffie Hellman Ephemeral key exchange.
Args:
statprv_u (PriKey): Static Private Key for U
statpub_v (PubKey: Static Public Key for V
ephmprv_u (PriKey): Ephemeral Private Key for U
ephmpub_v (PubKey): Ephemeral Public Key for V
length (int): Number of bytes to return
salt (bytes): Salt to use when computing the key.
info (bytes): Additional information to use when computing the key.
Notes:
This makes no assumption about the reuse of the Ephemeral keys passed
to the function. It is the caller's responsibility to destroy the keys
after they are used for doing key generation. This implementation is
the dhHybrid1 scheme described in NIST 800-56A Revision 2.
Returns:
bytes: The derived key.
'''
zs = statprv_u.exchange(statpub_v)
ze = ephmprv_u.exchange(ephmpub_v)
z = ze + zs
kdf = c_hkdf.HKDF(c_hashes.SHA256(),
length=length,
salt=salt,
info=info,
backend=default_backend())
k = kdf.derive(z)
return k 示例14: encryption_step_2
# 需要导入模块: from cryptography.hazmat.primitives.kdf import hkdf [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
def encryption_step_2(self, module, message, additional_data, cm):
server_public_key_stream = message[len(self.cmh_struct_encryption[1][0]):]
digest = hashes.Hash(hashes.SHA256(), backend=default_backend())
digest.update(server_public_key_stream)
pubkey_hash = base64.b64encode(digest.finalize())
ip = module.config.get("Global", "remoteserverip")
fingerprint = self.check_fingerprint(ip, pubkey_hash)
if fingerprint == 2:
# text was shamelessly copied from OpenSSH
common.internal_print("The authenticity of host '{0}' can't be established.".format(ip), 1)
common.internal_print("Server's key fingerprint is SHA256: {0}".format(base64.b64encode(pubkey_hash)), 1)
answer = ""
while (answer != "yes") and (answer != "no"):
answer = raw_input("Are you sure you want to continue connecting? (yes/no) ")
if answer == "yes":
if not self.add_fingerprint(ip, pubkey_hash):
common.internal_print("Error opening known_hosts file.", -1)
return module.cmh_struct[cm][4+module.is_caller_stateless()]
else:
common.internal_print("Exiting...", -1)
return module.cmh_struct[cm][4+module.is_caller_stateless()]
if fingerprint == 1:
common.internal_print("The fingerprint has changed for the server. If you don't trust this network,\nthis can be a Man-in-The-Middle attack!", -1)
common.internal_print("Exiting...", -1)
return module.cmh_struct[cm][4+module.is_caller_stateless()]
try:
public_numbers = ec.EllipticCurvePublicNumbers.from_encoded_point(self.curve, "\x04"+server_public_key_stream)
except:
common.internal_print("Erroneous key received from the server. Are you sure you are using the same settings on both sides?", -1)
return module.cmh_struct[cm][4+module.is_caller_stateless()]
server_public_key = public_numbers.public_key(default_backend())
client_private_key = ec.generate_private_key(self.curve, default_backend())
hkdf = HKDF(algorithm=hashes.SHA256(), length=32, salt="IRatherEatMaldonThanHimalayan", info=None, backend=default_backend())
module.encryption.set_shared_key(hkdf.derive(client_private_key.exchange(ec.ECDH(), server_public_key)))
pbk = client_private_key.public_key().public_numbers().encode_point()[1:]
module.send(common.CONTROL_CHANNEL_BYTE, self.cmh_struct_encryption[2][0]+pbk, module.modify_additional_data(additional_data, 0))
module.encryption.set_encrypted(True)
return module.cmh_struct[cm][3]
# server side.
# Client's public key received, key exchanged.
# A new ephemeral key pair is generated, public key is sent to the client.
# This is to use a new, disposable key for every session 示例15: test_lib_crypto_ecc_exchange
# 需要导入模块: from cryptography.hazmat.primitives.kdf import hkdf [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
def test_lib_crypto_ecc_exchange(self):
spvk1 = s_ecc.PriKey.generate()
spbk1 = spvk1.public()
spvk2 = s_ecc.PriKey.generate()
spbk2 = spvk2.public()
k1 = (spvk1.exchange(spbk2))
k2 = (spvk2.exchange(spbk1))
self.eq(k1, k2)
# Curves must be the same
_pkd = c_ec.generate_private_key(
c_ec.SECP192R1(), # We don't use this curve
default_backend()
)
prkdiff = s_ecc.PriKey(_pkd)
pbkdiff = prkdiff.public()
self.raises(s_exc.BadEccExchange, spvk1.exchange, pbkdiff)
self.raises(s_exc.BadEccExchange, prkdiff.exchange, spbk1)
# Do a demonstrative ephemeral exchange
epvk1 = s_ecc.PriKey.generate()
epbk1 = epvk1.public()
epvk2 = s_ecc.PriKey.generate()
epbk2 = epvk2.public()
# assume epbk2 is sent to the owner of pvk1
z1e = epvk1.exchange(epbk2)
z1s = spvk1.exchange(spbk2)
z1 = z1e + z1s
# assume epbk1 is sent to the owner of pvk2
z2e = epvk2.exchange(epbk1)
z2s = spvk2.exchange(spbk1)
z2 = z2e + z2s
self.eq(z1, z2)
# run through kdf
kdf1 = c_hkdf.HKDF(c_hashes.SHA256(),
length=64,
salt=None,
info=b'test',
backend=default_backend())
k1 = kdf1.derive(z1)
k1tx, k1rx = k1[32:], k1[:32]
kdf2 = c_hkdf.HKDF(c_hashes.SHA256(),
length=64,
salt=None,
info=b'test',
backend=default_backend())
k2 = kdf2.derive(z2)
k2rx, k2tx = k2[32:], k2[:32]
self.eq(k1tx, k2rx)
self.eq(k1rx, k2tx)
self.ne(k1tx, k2tx)