本文整理汇总了Python中cryptography.hazmat.primitives.kdf.hkdf.HKDF类的典型用法代码示例。如果您正苦于以下问题:Python HKDF类的具体用法?Python HKDF怎么用?Python HKDF使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了HKDF类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: derive_key
def derive_key(key_material, info, algorithm=None, length=None):
if algorithm is None:
algorithm = hashes.SHA512()
if length is None:
length = algorithm.digest_size
hkdf = HKDF(algorithm, length, b'h.security', info, backend)
return hkdf.derive(key_material)示例2: deriveKey
def deriveKey(salt, key=None, dh=None, keyid=None):
if salt is None or len(salt) != 16:
raise Exception(u"'salt' must be a 16 octet value")
if key is not None:
secret = key
elif dh is not None:
if keyid is None:
raise Exception(u"'keyid' is not specified with 'dh'")
if keys[keyid] is None:
raise Exception(u"'keyid' doesn't identify a key")
secret = keys[keyid].get_ecdh_key(dh)
elif keyid is not None:
secret = keys[keyid]
if secret is None:
raise Exception(u"unable to determine the secret")
hkdf_key = HKDF(
algorithm=hashes.SHA256(),
length=16,
salt=salt,
info=b"Content-Encoding: aesgcm128",
backend=default_backend()
)
hkdf_nonce = HKDF(
algorithm=hashes.SHA256(),
length=12,
salt=salt,
info=b"Content-Encoding: nonce",
backend=default_backend()
)
return (hkdf_key.derive(secret), hkdf_nonce.derive(secret))示例3: test_verify
def test_verify(self, backend):
hkdf = HKDF(
hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend
)
hkdf.verify(b"\x01" * 16, b"gJ\xfb{\xb1Oi\xc5sMC\xb7\[email protected]\xf7u")示例4: test_derive_short_output
def test_derive_short_output(self, backend):
hkdf = HKDF(
hashes.SHA256(),
4,
salt=None,
info=None,
backend=backend
)
assert hkdf.derive(b"\x01" * 16) == b"gJ\xfb{"示例5: test_verify_invalid
def test_verify_invalid(self, backend):
hkdf = HKDF(
hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend
)
with pytest.raises(InvalidKey):
hkdf.verify(b"\x02" * 16, b"gJ\xfb{\xb1Oi\xc5sMC\xb7\[email protected]\xf7u")示例6: hkdf_derive_test
def hkdf_derive_test(backend, algorithm, params):
hkdf = HKDF(
algorithm,
int(params["l"]),
salt=binascii.unhexlify(params["salt"]) or None,
info=binascii.unhexlify(params["info"]) or None,
backend=backend
)
okm = hkdf.derive(binascii.unhexlify(params["ikm"]))
assert okm == binascii.unhexlify(params["okm"])示例7: hkdf_extract_test
def hkdf_extract_test(backend, algorithm, params):
hkdf = HKDF(
algorithm,
int(params["l"]),
salt=binascii.unhexlify(params["salt"]) or None,
info=binascii.unhexlify(params["info"]) or None,
backend=backend
)
prk = hkdf._extract(binascii.unhexlify(params["ikm"]))
assert prk == binascii.unhexlify(params["prk"])示例8: keygen
def keygen():
backend = default_backend()
salt = os.urandom(16)
info = b"hkdf-example"
hkdf = HKDF(
algorithm=hashes.SHA256(),
length=32,
salt=salt,
info=info,
backend=backend
)
key = hkdf.derive(b"This is the symetric key!")
return key示例9: derive_key
def derive_key(secret, namespace, size=32):
"""HKDF-derive key material from the given master secret.
This applies standard HKDF with our application-specific defaults, to
produce derived key material of the requested length.
"""
kdf = HKDF(
algorithm=hashes.SHA256(),
length=size,
salt=b"",
info=hkdf_namespace(namespace),
backend=backend
)
return kdf.derive(secret)示例10: test_derive_long_output
def test_derive_long_output(self, backend):
vector = load_vectors_from_file(
os.path.join("KDF", "hkdf-generated.txt"), load_nist_vectors
)[0]
hkdf = HKDF(
hashes.SHA256(),
int(vector["l"]),
salt=vector["salt"],
info=vector["info"],
backend=backend
)
ikm = binascii.unhexlify(vector["ikm"])
assert hkdf.derive(ikm) == binascii.unhexlify(vector["okm"])示例11: test_unicode_typeerror
def test_unicode_typeerror(self, backend):
with pytest.raises(TypeError):
HKDF(
hashes.SHA256(),
16,
salt=six.u("foo"),
info=None,
backend=backend
)
with pytest.raises(TypeError):
HKDF(
hashes.SHA256(),
16,
salt=None,
info=six.u("foo"),
backend=backend
)
with pytest.raises(TypeError):
hkdf = HKDF(
hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend
)
hkdf.derive(six.u("foo"))
with pytest.raises(TypeError):
hkdf = HKDF(
hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend
)
hkdf.verify(six.u("foo"), b"bar")
with pytest.raises(TypeError):
hkdf = HKDF(
hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend
)
hkdf.verify(b"foo", six.u("bar"))示例12: rotateip
def rotateip(ip, salt=None):
"""
rotate ip to another address
if 'salt' is given, the ip will be
* salted with secret
* hashed with SHA-256
* combined to a new IP
otherwise, the ip will be rotated to 0.0.0.0
>>> rotateip("127.0.0.1")
'0.0.0.0'
>>> x = rotateip("127.0.0.1", salt=b"secret")
>>> y = rotateip("127.0.0.1", salt=b"secret2")
>>> x == y
False
"""
def tokenize(a, n):
return map(lambda i: a[i:i+n], range(0, len(a), n))
def xor(t):
x, y = t
return x ^ y
if salt is None:
return "0.0.0.0"
hkdf = HKDF(algorithm=hashes.SHA256(), length=8, salt=salt,
info=b"ip-hashing", backend=default_backend())
hashed = hkdf.derive(ip.encode())
# for some reason, minimum derived key size is 8, so we need to further
# reduce the key
hashed = map(xor, zip(*tokenize(hashed, 4)))
return ".".join(map(str, hashed))示例13: get_filename_and_key
def get_filename_and_key(self, upath, ext=None):
path = upath.encode('utf-8')
nonpath = b"//\x00" # cannot occur in path, which is normalized
# Generate per-file key material via HKDF
info = path
if ext is not None:
info += nonpath + ext
hkdf = HKDF(algorithm=hashes.SHA256(),
length=3*32,
salt=self.salt_hkdf,
info=info,
backend=backend)
data = hkdf.derive(self.key)
# Generate key
key = data[:32]
# Generate filename
h = hmac.HMAC(key=data[32:], algorithm=hashes.SHA512(), backend=backend)
h.update(info)
fn = h.finalize().encode('hex')
return os.path.join(self.path, fn), key示例14: hkdf
def hkdf(secret, extra_secret, info, output_len):
hkdf = HKDF(algorithm=SHA512(), length=output_len, salt=extra_secret, info=info, backend=backend)
derived = hkdf.derive(secret)
assert len(derived) == output_len
return io.BytesIO(derived)示例15: _hkdf_expand
def _hkdf_expand(key, info):
backend = default_backend()
salt = '0' * len(key)
hkdf = HKDF(algorithm=hashes.SHA256(), length=32, salt=salt, info=info,
backend=backend)
return hkdf.derive(key)