| OLD | NEW |
|---|
| (Empty) | |
| 1 # |
| 2 # KDF.py : a collection of Key Derivation Functions |
| 3 # |
| 4 # Part of the Python Cryptography Toolkit |
| 5 # |
| 6 # =================================================================== |
| 7 # The contents of this file are dedicated to the public domain. To |
| 8 # the extent that dedication to the public domain is not available, |
| 9 # everyone is granted a worldwide, perpetual, royalty-free, |
| 10 # non-exclusive license to exercise all rights associated with the |
| 11 # contents of this file for any purpose whatsoever. |
| 12 # No rights are reserved. |
| 13 # |
| 14 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
| 15 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
| 16 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
| 17 # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS |
| 18 # BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
| 19 # ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
| 20 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
| 21 # SOFTWARE. |
| 22 # =================================================================== |
| 23 |
| 24 """This file contains a collection of standard key derivation functions. |
| 25 |
| 26 A key derivation function derives one or more secondary secret keys from |
| 27 one primary secret (a master key or a pass phrase). |
| 28 |
| 29 This is typically done to insulate the secondary keys from each other, |
| 30 to avoid that leakage of a secondary key compromises the security of the |
| 31 master key, or to thwart attacks on pass phrases (e.g. via rainbow tables). |
| 32 |
| 33 :undocumented: __revision__ |
| 34 """ |
| 35 |
| 36 __revision__ = "$Id$" |
| 37 |
| 38 import math |
| 39 import struct |
| 40 |
| 41 from Crypto.Util.py3compat import * |
| 42 from Crypto.Hash import SHA as SHA1, HMAC |
| 43 from Crypto.Util.strxor import strxor |
| 44 |
| 45 def PBKDF1(password, salt, dkLen, count=1000, hashAlgo=None): |
| 46 """Derive one key from a password (or passphrase). |
| 47 |
| 48 This function performs key derivation according an old version of |
| 49 the PKCS#5 standard (v1.5). |
| 50 |
| 51 This algorithm is called ``PBKDF1``. Even though it is still described |
| 52 in the latest version of the PKCS#5 standard (version 2, or RFC2898), |
| 53 newer applications should use the more secure and versatile `PBKDF2` instead
. |
| 54 |
| 55 :Parameters: |
| 56 password : string |
| 57 The secret password or pass phrase to generate the key from. |
| 58 salt : byte string |
| 59 An 8 byte string to use for better protection from dictionary attacks. |
| 60 This value does not need to be kept secret, but it should be randomly |
| 61 chosen for each derivation. |
| 62 dkLen : integer |
| 63 The length of the desired key. Default is 16 bytes, suitable for instanc
e for `Crypto.Cipher.AES`. |
| 64 count : integer |
| 65 The number of iterations to carry out. It's recommended to use at least
1000. |
| 66 hashAlgo : module |
| 67 The hash algorithm to use, as a module or an object from the `Crypto.Has
h` package. |
| 68 The digest length must be no shorter than ``dkLen``. |
| 69 The default algorithm is `SHA1`. |
| 70 |
| 71 :Return: A byte string of length `dkLen` that can be used as key. |
| 72 """ |
| 73 if not hashAlgo: |
| 74 hashAlgo = SHA1 |
| 75 password = tobytes(password) |
| 76 pHash = hashAlgo.new(password+salt) |
| 77 digest = pHash.digest_size |
| 78 if dkLen>digest: |
| 79 raise ValueError("Selected hash algorithm has a too short digest (%d byt
es)." % digest) |
| 80 if len(salt)!=8: |
| 81 raise ValueError("Salt is not 8 bytes long.") |
| 82 for i in xrange(count-1): |
| 83 pHash = pHash.new(pHash.digest()) |
| 84 return pHash.digest()[:dkLen] |
| 85 |
| 86 def PBKDF2(password, salt, dkLen=16, count=1000, prf=None): |
| 87 """Derive one or more keys from a password (or passphrase). |
| 88 |
| 89 This performs key derivation according to the PKCS#5 standard (v2.0), |
| 90 by means of the ``PBKDF2`` algorithm. |
| 91 |
| 92 :Parameters: |
| 93 password : string |
| 94 The secret password or pass phrase to generate the key from. |
| 95 salt : string |
| 96 A string to use for better protection from dictionary attacks. |
| 97 This value does not need to be kept secret, but it should be randomly |
| 98 chosen for each derivation. It is recommended to be at least 8 bytes lon
g. |
| 99 dkLen : integer |
| 100 The cumulative length of the desired keys. Default is 16 bytes, suitable
for instance for `Crypto.Cipher.AES`. |
| 101 count : integer |
| 102 The number of iterations to carry out. It's recommended to use at least
1000. |
| 103 prf : callable |
| 104 A pseudorandom function. It must be a function that returns a pseudorand
om string |
| 105 from two parameters: a secret and a salt. If not specified, HMAC-SHA1 is
used. |
| 106 |
| 107 :Return: A byte string of length `dkLen` that can be used as key material. |
| 108 If you wanted multiple keys, just break up this string into segments of
the desired length. |
| 109 """ |
| 110 password = tobytes(password) |
| 111 if prf is None: |
| 112 prf = lambda p,s: HMAC.new(p,s,SHA1).digest() |
| 113 key = b('') |
| 114 i = 1 |
| 115 while len(key)<dkLen: |
| 116 U = previousU = prf(password,salt+struct.pack(">I", i)) |
| 117 for j in xrange(count-1): |
| 118 previousU = t = prf(password,previousU) |
| 119 U = strxor(U,t) |
| 120 key += U |
| 121 i = i + 1 |
| 122 return key[:dkLen] |
| 123 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2666783008:
Add google-endpoints to third_party/. (Closed)
