本文整理汇总了Python中cryptography.hazmat.primitives.kdf.hkdf.HKDF.derive方法的典型用法代码示例。如果您正苦于以下问题:Python HKDF.derive方法的具体用法?Python HKDF.derive怎么用?Python HKDF.derive使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类cryptography.hazmat.primitives.kdf.hkdf.HKDF的用法示例。
在下文中一共展示了HKDF.derive方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: deriveKey
# 需要导入模块: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf.HKDF import derive [as 别名]
def deriveKey(salt, key=None, dh=None, keyid=None):
if salt is None or len(salt) != 16:
raise Exception(u"'salt' must be a 16 octet value")
if key is not None:
secret = key
elif dh is not None:
if keyid is None:
raise Exception(u"'keyid' is not specified with 'dh'")
if keys[keyid] is None:
raise Exception(u"'keyid' doesn't identify a key")
secret = keys[keyid].get_ecdh_key(dh)
elif keyid is not None:
secret = keys[keyid]
if secret is None:
raise Exception(u"unable to determine the secret")
hkdf_key = HKDF(
algorithm=hashes.SHA256(),
length=16,
salt=salt,
info=b"Content-Encoding: aesgcm128",
backend=default_backend()
)
hkdf_nonce = HKDF(
algorithm=hashes.SHA256(),
length=12,
salt=salt,
info=b"Content-Encoding: nonce",
backend=default_backend()
)
return (hkdf_key.derive(secret), hkdf_nonce.derive(secret))示例2: test_already_finalized
# 需要导入模块: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf.HKDF import derive [as 别名]
def test_already_finalized(self, backend):
hkdf = HKDF(
hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend
)
hkdf.derive(b"\x01" * 16)
with pytest.raises(AlreadyFinalized):
hkdf.derive(b"\x02" * 16)
hkdf = HKDF(
hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend
)
hkdf.verify(b"\x01" * 16, b"gJ\xfb{\xb1Oi\xc5sMC\xb7\[email protected]\xf7u")
with pytest.raises(AlreadyFinalized):
hkdf.verify(b"\x02" * 16, b"gJ\xfb{\xb1Oi\xc5sMC\xb7\[email protected]\xf7u")
hkdf = HKDF(
hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend
)示例3: test_unicode_typeerror
# 需要导入模块: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf.HKDF import derive [as 别名]
def test_unicode_typeerror(self, backend):
with pytest.raises(TypeError):
HKDF(
hashes.SHA256(),
16,
salt=six.u("foo"),
info=None,
backend=backend
)
with pytest.raises(TypeError):
HKDF(
hashes.SHA256(),
16,
salt=None,
info=six.u("foo"),
backend=backend
)
with pytest.raises(TypeError):
hkdf = HKDF(
hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend
)
hkdf.derive(six.u("foo"))
with pytest.raises(TypeError):
hkdf = HKDF(
hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend
)
hkdf.verify(six.u("foo"), b"bar")
with pytest.raises(TypeError):
hkdf = HKDF(
hashes.SHA256(),
16,
salt=None,
info=None,
backend=backend
)
hkdf.verify(b"foo", six.u("bar"))示例4: derive_key
# 需要导入模块: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf.HKDF import derive [as 别名]
def derive_key(key_material, info, algorithm=None, length=None):
if algorithm is None:
algorithm = hashes.SHA512()
if length is None:
length = algorithm.digest_size
hkdf = HKDF(algorithm, length, b'h.security', info, backend)
return hkdf.derive(key_material)示例5: test_derive_short_output
# 需要导入模块: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf.HKDF import derive [as 别名]
def test_derive_short_output(self, backend):
hkdf = HKDF(
hashes.SHA256(),
4,
salt=None,
info=None,
backend=backend
)
assert hkdf.derive(b"\x01" * 16) == b"gJ\xfb{"示例6: hkdf_derive_test
# 需要导入模块: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf.HKDF import derive [as 别名]
def hkdf_derive_test(backend, algorithm, params):
hkdf = HKDF(
algorithm,
int(params["l"]),
salt=binascii.unhexlify(params["salt"]) or None,
info=binascii.unhexlify(params["info"]) or None,
backend=backend
)
okm = hkdf.derive(binascii.unhexlify(params["ikm"]))
assert okm == binascii.unhexlify(params["okm"])示例7: keygen
# 需要导入模块: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf.HKDF import derive [as 别名]
def keygen():
backend = default_backend()
salt = os.urandom(16)
info = b"hkdf-example"
hkdf = HKDF(
algorithm=hashes.SHA256(),
length=32,
salt=salt,
info=info,
backend=backend
)
key = hkdf.derive(b"This is the symetric key!")
return key示例8: derive_key
# 需要导入模块: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf.HKDF import derive [as 别名]
def derive_key(secret, namespace, size=32):
"""HKDF-derive key material from the given master secret.
This applies standard HKDF with our application-specific defaults, to
produce derived key material of the requested length.
"""
kdf = HKDF(
algorithm=hashes.SHA256(),
length=size,
salt=b"",
info=hkdf_namespace(namespace),
backend=backend
)
return kdf.derive(secret)示例9: test_derive_long_output
# 需要导入模块: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf.HKDF import derive [as 别名]
def test_derive_long_output(self, backend):
vector = load_vectors_from_file(
os.path.join("KDF", "hkdf-generated.txt"), load_nist_vectors
)[0]
hkdf = HKDF(
hashes.SHA256(),
int(vector["l"]),
salt=vector["salt"],
info=vector["info"],
backend=backend
)
ikm = binascii.unhexlify(vector["ikm"])
assert hkdf.derive(ikm) == binascii.unhexlify(vector["okm"])示例10: rotateip
# 需要导入模块: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf.HKDF import derive [as 别名]
def rotateip(ip, salt=None):
"""
rotate ip to another address
if 'salt' is given, the ip will be
* salted with secret
* hashed with SHA-256
* combined to a new IP
otherwise, the ip will be rotated to 0.0.0.0
>>> rotateip("127.0.0.1")
'0.0.0.0'
>>> x = rotateip("127.0.0.1", salt=b"secret")
>>> y = rotateip("127.0.0.1", salt=b"secret2")
>>> x == y
False
"""
def tokenize(a, n):
return map(lambda i: a[i:i+n], range(0, len(a), n))
def xor(t):
x, y = t
return x ^ y
if salt is None:
return "0.0.0.0"
hkdf = HKDF(algorithm=hashes.SHA256(), length=8, salt=salt,
info=b"ip-hashing", backend=default_backend())
hashed = hkdf.derive(ip.encode())
# for some reason, minimum derived key size is 8, so we need to further
# reduce the key
hashed = map(xor, zip(*tokenize(hashed, 4)))
return ".".join(map(str, hashed))示例11: get_filename_and_key
# 需要导入模块: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf.HKDF import derive [as 别名]
def get_filename_and_key(self, upath, ext=None):
path = upath.encode('utf-8')
nonpath = b"//\x00" # cannot occur in path, which is normalized
# Generate per-file key material via HKDF
info = path
if ext is not None:
info += nonpath + ext
hkdf = HKDF(algorithm=hashes.SHA256(),
length=3*32,
salt=self.salt_hkdf,
info=info,
backend=backend)
data = hkdf.derive(self.key)
# Generate key
key = data[:32]
# Generate filename
h = hmac.HMAC(key=data[32:], algorithm=hashes.SHA512(), backend=backend)
h.update(info)
fn = h.finalize().encode('hex')
return os.path.join(self.path, fn), key示例12: hkdf
# 需要导入模块: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf.HKDF import derive [as 别名]
def hkdf(secret, extra_secret, info, output_len):
hkdf = HKDF(algorithm=SHA512(), length=output_len, salt=extra_secret, info=info, backend=backend)
derived = hkdf.derive(secret)
assert len(derived) == output_len
return io.BytesIO(derived)示例13: _hkdf_expand
# 需要导入模块: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf.HKDF import derive [as 别名]
def _hkdf_expand(key, info):
backend = default_backend()
salt = '0' * len(key)
hkdf = HKDF(algorithm=hashes.SHA256(), length=32, salt=salt, info=info,
backend=backend)
return hkdf.derive(key)示例14: derive_key
# 需要导入模块: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf.HKDF import derive [as 别名]
def derive_key(key_material, salt, info):
algorithm = hashes.SHA512()
length = algorithm.digest_size
hkdf = HKDF(algorithm, length, salt, info, backend)
return hkdf.derive(key_material)示例15: deriveKey
# 需要导入模块: from cryptography.hazmat.primitives.kdf.hkdf import HKDF [as 别名]
# 或者: from cryptography.hazmat.primitives.kdf.hkdf.HKDF import derive [as 别名]
def deriveKey(mode, salt, key=None, dh=None, keyid=None, authSecret=None, padSize=2):
def buildInfo(base, context):
return b"Content-Encoding: " + base + b"\0" + context
def deriveDH(mode, keyid, dh):
def lengthPrefix(key):
return struct.pack("!H", len(key)) + key
if keyid is None:
raise Exception(u"'keyid' is not specified with 'dh'")
if not keyid in keys:
raise Exception(u"'keyid' doesn't identify a key: " + keyid)
if not keyid in labels:
raise Exception(u"'keyid' doesn't identify a key label: " + keyid)
if mode == "encrypt":
senderPubKey = keys[keyid].get_pubkey()
receiverPubKey = dh
elif mode == "decrypt":
senderPubKey = dh
receiverPubKey = keys[keyid].get_pubkey()
else:
raise Exception(u"unknown 'mode' specified: " + mode);
if type(labels[keyid]) == type(u""):
labels[keyid] = labels[keyid].encode("utf-8")
return (keys[keyid].get_ecdh_key(dh),
labels[keyid] + b"\0" +
lengthPrefix(receiverPubKey) + lengthPrefix(senderPubKey))
if salt is None or len(salt) != 16:
raise Exception(u"'salt' must be a 16 octet value")
context = b""
if key is not None:
secret = key
elif dh is not None:
(secret, context) = deriveDH(mode=mode, keyid=keyid, dh=dh)
elif keyid is not None:
secret = keys[keyid]
if secret is None:
raise Exception(u"unable to determine the secret")
if authSecret is not None:
hkdf_auth = HKDF(
algorithm=hashes.SHA256(),
length=32,
salt=authSecret,
info=buildInfo(b"auth", b""),
backend=default_backend()
)
secret = hkdf_auth.derive(secret)
if padSize == 2:
keyinfo = buildInfo(b"aesgcm", context)
nonceinfo = buildInfo(b"nonce", context)
elif padSize == 1:
keyinfo = b"Content-Encoding: aesgcm128"
nonceinfo = b"Content-Encoding: nonce"
else:
raise Exception(u"unable to set context for padSize=" + str(padSize))
hkdf_key = HKDF(
algorithm=hashes.SHA256(),
length=16,
salt=salt,
info=keyinfo,
backend=default_backend()
)
hkdf_nonce = HKDF(
algorithm=hashes.SHA256(),
length=12,
salt=salt,
info=nonceinfo,
backend=default_backend()
)
result = (hkdf_key.derive(secret), hkdf_nonce.derive(secret))
return result