From 5d929fba0e4b5fd43418c983a5d96d57a22cbed4 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Thu, 14 Apr 2016 20:08:27 +0200 Subject: [PATCH] add trezor.crypto.pbkdf2 --- src/tests/test_crypto_pbkdf2.py | 44 ++++++++++++++++++++ src/trezor/crypto/hmac.py | 28 ++++++------- src/trezor/crypto/pbkdf2.py | 72 +++++++++++++++++++++++++++++++++ 3 files changed, 130 insertions(+), 14 deletions(-) create mode 100644 src/tests/test_crypto_pbkdf2.py create mode 100644 src/trezor/crypto/pbkdf2.py diff --git a/src/tests/test_crypto_pbkdf2.py b/src/tests/test_crypto_pbkdf2.py new file mode 100644 index 000000000..9e1a3abff --- /dev/null +++ b/src/tests/test_crypto_pbkdf2.py @@ -0,0 +1,44 @@ +import sys +sys.path.append('..') +sys.path.append('../lib') +import unittest +import trezor.utils + +import trezor.crypto.hash +import trezor.crypto.hmac +import trezor.crypto.pbkdf2 + +class TestCryptoPbkdf2(unittest.TestCase): + + # vectors from https://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors + def test_hmac_sha256(self): + P = b'password' + S = b'salt' + k = trezor.crypto.pbkdf2.PBKDF2(P, S, 1, trezor.crypto.hash.sha256, trezor.crypto.hmac).read(32) + self.assertEqual(k, trezor.utils.unhexlify('120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b')) + k = trezor.crypto.pbkdf2.PBKDF2(P, S, 2, trezor.crypto.hash.sha256, trezor.crypto.hmac).read(32) + self.assertEqual(k, trezor.utils.unhexlify('ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43')) + k = trezor.crypto.pbkdf2.PBKDF2(P, S, 4096, trezor.crypto.hash.sha256, trezor.crypto.hmac).read(32) + self.assertEqual(k, trezor.utils.unhexlify('c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a')) + P = b'passwordPASSWORDpassword' + S = b'saltSALTsaltSALTsaltSALTsaltSALTsalt' + k = trezor.crypto.pbkdf2.PBKDF2(P, S, 4096, trezor.crypto.hash.sha256, trezor.crypto.hmac).read(40) + self.assertEqual(k, trezor.utils.unhexlify('348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1c635518c7dac47e9')) + + # vectors from https://stackoverflow.com/questions/15593184/pbkdf2-hmac-sha-512-test-vectors + def test_hmac_sha512(self): + P = b'password' + S = b'salt' + k = trezor.crypto.pbkdf2.PBKDF2(P, S, 1, trezor.crypto.hash.sha512, trezor.crypto.hmac).read(64) + self.assertEqual(k, trezor.utils.unhexlify('867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252c02d470a285a0501bad999bfe943c08f050235d7d68b1da55e63f73b60a57fce')) + k = trezor.crypto.pbkdf2.PBKDF2(P, S, 2, trezor.crypto.hash.sha512, trezor.crypto.hmac).read(64) + self.assertEqual(k, trezor.utils.unhexlify('e1d9c16aa681708a45f5c7c4e215ceb66e011a2e9f0040713f18aefdb866d53cf76cab2868a39b9f7840edce4fef5a82be67335c77a6068e04112754f27ccf4e')) + k = trezor.crypto.pbkdf2.PBKDF2(P, S, 4096, trezor.crypto.hash.sha512, trezor.crypto.hmac).read(64) + self.assertEqual(k, trezor.utils.unhexlify('d197b1b33db0143e018b12f3d1d1479e6cdebdcc97c5c0f87f6902e072f457b5143f30602641b3d55cd335988cb36b84376060ecd532e039b742a239434af2d5')) + P = b'passwordPASSWORDpassword' + S = b'saltSALTsaltSALTsaltSALTsaltSALTsalt' + k = trezor.crypto.pbkdf2.PBKDF2(P, S, 4096, trezor.crypto.hash.sha512, trezor.crypto.hmac).read(64) + self.assertEqual(k, trezor.utils.unhexlify('8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868c005174dc4ee71115b59f9e60cd9532fa33e0f75aefe30225c583a186cd82bd4daea9724a3d3b8')) + +if __name__ == '__main__': + unittest.main() diff --git a/src/trezor/crypto/hmac.py b/src/trezor/crypto/hmac.py index 12fb0be6d..76f7b1ab0 100644 --- a/src/trezor/crypto/hmac.py +++ b/src/trezor/crypto/hmac.py @@ -1,24 +1,24 @@ class Hmac: - def __init__(self, key, msg, digest_cons): - self._digest_cons = digest_cons - self._inner = digest_cons() - self.digest_size = self._inner.digest_size - self.block_size = self._inner.block_size + def __init__(self, key, msg, digestmod): + self.__digestmod = digestmod + self.__inner = digestmod() + self.digest_size = self.__inner.digest_size + self.block_size = self.__inner.block_size if len(key) > self.block_size: - key = digest_cons(key).digest() - self._key = key + bytes(self.block_size - len(key)) - self._inner.update(bytes((x ^ 0x36) for x in self._key)) + key = digestmod(key).digest() + self.__key = key + bytes(self.block_size - len(key)) + self.__inner.update(bytes((x ^ 0x36) for x in self.__key)) if msg is not None: self.update(msg) def update(self, msg): - self._inner.update(msg) + self.__inner.update(msg) def digest(self): - outer = self._digest_cons() - outer.update(bytes((x ^ 0x5C) for x in self._key)) - outer.update(self._inner.digest()) + outer = self.__digestmod() + outer.update(bytes((x ^ 0x5C) for x in self.__key)) + outer.update(self.__inner.digest()) return outer.digest() -def new(key, msg, digest_cons): - return Hmac(key, msg, digest_cons) +def new(key, msg, digestmod): + return Hmac(key, msg, digestmod) diff --git a/src/trezor/crypto/pbkdf2.py b/src/trezor/crypto/pbkdf2.py new file mode 100644 index 000000000..d7d87f014 --- /dev/null +++ b/src/trezor/crypto/pbkdf2.py @@ -0,0 +1,72 @@ +# +# Copyright (C) 2007-2011 Dwayne C. Litzenberger +# Copyright (C) 2016 Pavol Rusnak +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# + +from ustruct import pack + +class PBKDF2(object): + + def __init__(self, passphrase, salt, iterations, digestmodule, macmodule): + self.__macmodule = macmodule + self.__digestmodule = digestmodule + self.__passphrase = passphrase + self.__salt = salt + self.__iterations = iterations + self.__prf = self._pseudorandom + self.__blockNum = 0 + self.__buf = b'' + self.closed = False + + def _pseudorandom(self, key, msg): + return self.__macmodule.new(key=key, msg=msg, digestmod=self.__digestmodule).digest() + + def read(self, numbytes): + if self.closed: + raise ValueError('file-like object is closed') + size = len(self.__buf) + blocks = [self.__buf] + i = self.__blockNum + while size < numbytes: + i += 1 + U = self.__prf(self.__passphrase, self.__salt + pack('!L', i)) + block = U + for j in range(2, 1 + self.__iterations): + U = self.__prf(self.__passphrase, U) + block = bytes([x ^ y for (x, y) in zip(block, U)]) + blocks.append(block) + size += len(block) + buf = b''.join(blocks) + retval = buf[:numbytes] + self.__buf = buf[numbytes:] + self.__blockNum = i + return retval + + def close(self): + if not self.closed: + del self.__passphrase + del self.__salt + del self.__iterations + del self.__prf + del self.__blockNum + del self.__buf + self.closed = True