示例#1
0
func (s *TestSuite) Test384Secret_256Key(c *C) {
	//when
	test := DeriveConcatKDF(256, z2, algId, partyUInfo, partyVInfo, arrays.UInt32ToBytes(256), nil, sha256.New())

	//then
	c.Assert(test, DeepEquals, []byte{27, 55, 33, 99, 20, 191, 202, 69, 84, 176, 250, 108, 99, 7, 91, 49, 200, 47, 219, 142, 190, 216, 197, 154, 235, 17, 76, 12, 165, 75, 201, 108})
}
示例#2
0
// DeriveConcatKDF implements NIST SP 800-56A Concatenation Key Derivation Function. Derives
// key material of keydatalen bits size given Z (sharedSecret), OtherInfo (AlgorithmID |
// PartyUInfo | PartyVInfo | SuppPubInfo | SuppPrivInfo) and hash function
func DeriveConcatKDF(keydatalen int, sharedSecret, algId, partyUInfo, partyVInfo, suppPubInfo, suppPrivInfo []byte, h hash.Hash) []byte {

	otherInfo := arrays.Concat(algId, partyUInfo, partyVInfo, suppPubInfo, suppPrivInfo)

	keyLenBytes := keydatalen >> 3

	reps := int(math.Ceil(float64(keyLenBytes) / float64(h.Size())))

	if reps > MaxInt {
		panic("kdf.DeriveConcatKDF: too much iterations (more than 2^32-1).")
	}

	dk := make([]byte, 0, keyLenBytes)

	for counter := 1; counter <= reps; counter++ {
		h.Reset()

		counterBytes := arrays.UInt32ToBytes(uint32(counter))

		h.Write(counterBytes)
		h.Write(sharedSecret)
		h.Write(otherInfo)

		dk = h.Sum(dk)
	}

	return dk[:keyLenBytes]
}
示例#3
0
func (s *TestSuite) Test256Secret_521Key(c *C) {
	//when
	test := DeriveConcatKDF(521, z, algId, partyUInfo, partyVInfo, arrays.UInt32ToBytes(521), nil, sha256.New())

	//then
	c.Assert(test, DeepEquals, []byte{245, 40, 159, 13, 25, 70, 170, 74, 210, 240, 242, 224, 37, 215, 23, 201, 126, 90, 108, 103, 205, 180, 48, 193, 131, 40, 86, 183, 97, 144, 1, 150, 154, 186, 196, 127, 6, 19, 17, 230, 75, 144, 229, 195, 61, 240, 20, 173, 167, 159, 50, 103, 133, 177, 241, 145, 134, 84, 50, 246, 157, 252, 51, 24, 35})
}
示例#4
0
func (s *TestSuite) Test256Secret_384Key(c *C) {
	//when
	test := DeriveConcatKDF(384, z, algId, partyUInfo, partyVInfo, arrays.UInt32ToBytes(384), nil, sha256.New())

	//then
	c.Assert(test, DeepEquals, []byte{187, 16, 110, 253, 151, 199, 57, 235, 219, 8, 73, 191, 208, 108, 63, 241, 235, 137, 178, 149, 3, 199, 216, 99, 105, 217, 45, 114, 109, 213, 83, 198, 52, 101, 99, 146, 193, 31, 172, 157, 19, 140, 25, 202, 153, 92, 252, 192})
}
示例#5
0
func (s *TestSuite) Test256Secret_256Key(c *C) {
	//when
	test := DeriveConcatKDF(256, z, algId, partyUInfo, partyVInfo, arrays.UInt32ToBytes(256), nil, sha256.New())

	//then
	c.Assert(test, DeepEquals, []byte{190, 69, 15, 62, 38, 64, 30, 141, 208, 163, 55, 202, 18, 71, 176, 174, 114, 221, 249, 255, 207, 131, 190, 77, 12, 115, 220, 144, 102, 149, 78, 28})
}
示例#6
0
文件: pbkdf2.go 项目: ryancox/notary
func f(salt []byte, iterationCount, blockIndex int, prf hash.Hash) []byte {

	prf.Reset()
	prf.Write(salt)
	prf.Write(arrays.UInt32ToBytes(uint32(blockIndex)))

	u := prf.Sum(nil) // U_1 = PRF (P, S || INT (i))

	result := u

	for i := 2; i <= iterationCount; i++ {
		prf.Reset()
		prf.Write(u)

		u = prf.Sum(nil)               // U_c = PRF (P, U_{c-1}) .
		result = arrays.Xor(result, u) // U_1 \xor U_2 \xor ... \xor U_c
	}

	return result
}
示例#7
0
文件: ecdh.go 项目: useidel/notary
func prependDatalen(bytes []byte) []byte {
	return arrays.Concat(arrays.UInt32ToBytes(uint32(len(bytes))), bytes)
}
示例#8
0
文件: ecdh.go 项目: useidel/notary
func (alg *Ecdh) deriveKey(pubKey *ecdsa.PublicKey, privKey *ecdsa.PrivateKey, keySizeBits int, header map[string]interface{}) []byte {

	var enc, apv, apu []byte
	var err error

	enc = []byte(header[alg.idHeader()].(string))

	if a, ok := header["apv"].(string); !ok {
		if apv, err = base64url.Decode(a); err != nil {
			apv = nil
		}
	}

	if a, ok := header["apu"].(string); !ok {
		if apu, err = base64url.Decode(a); err != nil {
			apu = nil
		}
	}

	z, _ := pubKey.Curve.ScalarMult(pubKey.X, pubKey.Y, privKey.D.Bytes())
	zBytes := padding.Align(z.Bytes(), privKey.Curve.Params().BitSize)

	return kdf.DeriveConcatKDF(keySizeBits, zBytes, prependDatalen(enc), prependDatalen(apu), prependDatalen(apv), arrays.UInt32ToBytes(uint32(keySizeBits)), nil, sha256.New())
}