python RFC6070的测试和python中pbkdf2用法的演示

Posted 2021-05-09

#!/usr/bin/env python


import os
import binascii
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.backends import default_backend

backend = default_backend()
# Verify RFC6070 test vectors
kdf = PBKDF2HMAC(algorithm=hashes.SHA1(), length=20, salt=b"salt", iterations=1, backend=backend)
kdf.verify(b"password", binascii.unhexlify("0c60c80f961f0e71f3a9b524af6012062fe037a6"))

kdf = PBKDF2HMAC(algorithm=hashes.SHA1(), length=20, salt=b"salt", iterations=2, backend=backend)
kdf.verify(b"password", binascii.unhexlify("ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957"))

kdf = PBKDF2HMAC(algorithm=hashes.SHA1(), length=20, salt=b"salt", iterations=4096, backend=backend)
kdf.verify(b"password", binascii.unhexlify("4b007901b765489abead49d926f721d065a429c1"))

kdf = PBKDF2HMAC(algorithm=hashes.SHA1(), length=20, salt=b"salt", iterations=16777216, backend=backend)
kdf.verify(b"password", binascii.unhexlify("eefe3d61cd4da4e4e9945b3d6ba2158c2634e984"))

kdf = PBKDF2HMAC(algorithm=hashes.SHA1(), length=25, salt=b"saltSALTsaltSALTsaltSALTsaltSALTsalt", iterations=4096, backend=backend)
kdf.verify(b"passwordPASSWORDpassword", binascii.unhexlify("3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038"))

kdf = PBKDF2HMAC(algorithm=hashes.SHA1(), length=16, salt=b"sa\0lt", iterations=4096, backend=backend)
kdf.verify(b"pass\0word", binascii.unhexlify("56fa6aa75548099dcc37d7f03425e0c3"))

print("All RFC6070 test vectors **PASSED**!")

#!/usr/bin/env python


import os
import binascii
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.backends import default_backend

backend = default_backend()

salt = b"324d9e95"
# salt will be 8 bytes, each character means a byte:
# 00000011 00000010 00000100 00001101 00001001 00001110 00001001 00000101

# In the case of binascii.unhexlify(salt), salt will be 4 bytes, two characters meas a byte:
# ==> 32 -> '2', 4d -> 'M', 9e -> '\x9e' 95 -> '\x95'
# ==> b'2M\x9e\x95'
# ==> 00000010 01001110 10011110 10010101


salt = b"\x8d\x3d\x71\xd6\x1f\x47\xa9\x2d"
# salt will be 8 bytes, each \xnn means a byte:
# 10001101 00111101 01110001 11010110 00011111 01000111 10101001 00101101
# In this situation, we can use binascii.unhexlify() to covert hex string to binary array:
# salt = binascii.unhexlify("8d3d71d61f47a92d")

password = b"123456"
# This is the same as:
# password = b"\x31\x32\x33\x34\x35\x36"

print(binascii.hexlify(salt))
print(binascii.hexlify(password))

# derive
kdf = PBKDF2HMAC(
        algorithm=hashes.SHA256(),
        length=32,
        salt=salt,
        iterations=100000,
        backend=backend
        )
key = kdf.derive(password)

# This is the same as printf("%02x" data[i]) in c programming language.
print(binascii.hexlify(key))