diff options
author | Jared <jamessenger@gmail.com> | 2016-05-29 17:32:37 -0700 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-05-29 19:32:37 -0500 |
commit | 6d7fe00c7066d8d474981b21cdadb16f021d3e6a (patch) | |
tree | f7b4010874132bec05b9a16f00f385f3d24636ae /tests/hazmat/primitives/utils.py | |
parent | 502f8f39cbadf88ca6494e68f90e1b7e937cdb3e (diff) | |
download | cryptography-6d7fe00c7066d8d474981b21cdadb16f021d3e6a.tar.gz cryptography-6d7fe00c7066d8d474981b21cdadb16f021d3e6a.tar.bz2 cryptography-6d7fe00c7066d8d474981b21cdadb16f021d3e6a.zip |
NIST SP 800-108 Counter Mode KDF (#2748)
* NIST SP 800-108 Counter Mode and Feedback Mode KDF
* CounterKDF unit tests
* Refactor to support multiple key based KDF modes.
* Extracting supported algorithms for KBKDF Counter Mode test vectors
* Adding support for different rlen and counter location in KBKDF
* support for multiple L lengths and 24 bit counter length.
* Adding KBKDF Documentation.
* Refactoring KBKDF to KBKDFHMAC to describe hash algorithm used.
Diffstat (limited to 'tests/hazmat/primitives/utils.py')
-rw-r--r-- | tests/hazmat/primitives/utils.py | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index e148bc63..e45466d8 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -18,6 +18,9 @@ from cryptography.hazmat.primitives import hashes, hmac from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.hazmat.primitives.kdf.hkdf import HKDF, HKDFExpand +from cryptography.hazmat.primitives.kdf.kbkdf import ( + CounterLocation, KBKDFHMAC, Mode +) from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC from ...utils import load_vectors_from_file @@ -370,6 +373,55 @@ def generate_hkdf_test(param_loader, path, file_names, algorithm): return test_hkdf +def generate_kbkdf_counter_mode_test(param_loader, path, file_names): + all_params = _load_all_params(path, file_names, param_loader) + + @pytest.mark.parametrize("params", all_params) + def test_kbkdf(self, backend, params): + kbkdf_counter_mode_test(backend, params) + return test_kbkdf + + +def kbkdf_counter_mode_test(backend, params): + supported_algorithms = { + 'hmac_sha1': hashes.SHA1, + 'hmac_sha224': hashes.SHA224, + 'hmac_sha256': hashes.SHA256, + 'hmac_sha384': hashes.SHA384, + 'hmac_sha512': hashes.SHA512, + } + + supportd_counter_locations = { + "before_fixed": CounterLocation.BeforeFixed, + "after_fixed": CounterLocation.AfterFixed, + } + + algorithm = supported_algorithms.get(params.get('prf')) + if algorithm is None or not backend.hmac_supported(algorithm()): + pytest.skip('Does not support algorithm') + + ctr_loc = supportd_counter_locations.get(params.get("ctrlocation")) + if ctr_loc is None or not isinstance(ctr_loc, CounterLocation): + pytest.skip("Does not support counter location".format( + location=params.get('ctrlocation') + )) + + ctrkdf = KBKDFHMAC( + algorithm(), + Mode.CounterMode, + params['l'] // 8, + params['rlen'] // 8, + None, + ctr_loc, + None, + None, + binascii.unhexlify(params['fixedinputdata']), + backend=backend) + + ko = ctrkdf.derive(binascii.unhexlify(params['ki'])) + assert binascii.hexlify(ko) == params["ko"] + + def generate_rsa_verification_test(param_loader, path, file_names, hash_alg, pad_factory): all_params = _load_all_params(path, file_names, param_loader) |