From a4602c6f61f8aec0e0c644c99dbe421ebba96a7b Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Thu, 30 Nov 2023 19:53:09 +0100 Subject: [PATCH] remove unused hkdf_hmac_sha512 and related tests --- src/borg/crypto/low_level.pyx | 27 -------------- src/borg/selftest.py | 2 +- src/borg/testsuite/crypto.py | 69 ----------------------------------- 3 files changed, 1 insertion(+), 97 deletions(-) diff --git a/src/borg/crypto/low_level.pyx b/src/borg/crypto/low_level.pyx index aa28aa14..2a42ef51 100644 --- a/src/borg/crypto/low_level.pyx +++ b/src/borg/crypto/low_level.pyx @@ -714,30 +714,3 @@ def blake2b_256(key, data): def blake2b_128(data): return hashlib.blake2b(data, digest_size=16).digest() - - -def hkdf_hmac_sha512(ikm, salt, info, output_length): - """ - Compute HKDF-HMAC-SHA512 with input key material *ikm*, *salt* and *info* to produce *output_length* bytes. - - This is the "HMAC-based Extract-and-Expand Key Derivation Function (HKDF)" (RFC 5869) - instantiated with HMAC-SHA512. - - *output_length* must not be greater than 64 * 255 bytes. - """ - digest_length = 64 - assert output_length <= (255 * digest_length), 'output_length must be <= 255 * 64 bytes' - # Step 1. HKDF-Extract (ikm, salt) -> prk - if salt is None: - salt = bytes(64) - prk = hmac.digest(salt, ikm, 'sha512') - - # Step 2. HKDF-Expand (prk, info, output_length) -> output key - n = ceil(output_length / digest_length) - t_n = b'' - output = b'' - for i in range(n): - msg = t_n + info + (i + 1).to_bytes(1, 'little') - t_n = hmac.digest(prk, msg, 'sha512') - output += t_n - return output[:output_length] diff --git a/src/borg/selftest.py b/src/borg/selftest.py index 49a9704c..8f6b693b 100644 --- a/src/borg/selftest.py +++ b/src/borg/selftest.py @@ -33,7 +33,7 @@ SELFTEST_CASES = [ ChunkerTestCase, ] -SELFTEST_COUNT = 38 +SELFTEST_COUNT = 33 class SelfTestResult(TestResult): diff --git a/src/borg/testsuite/crypto.py b/src/borg/testsuite/crypto.py index 4e031899..d169dfce 100644 --- a/src/borg/testsuite/crypto.py +++ b/src/borg/testsuite/crypto.py @@ -7,7 +7,6 @@ import unittest from ..crypto.low_level import AES256_CTR_HMAC_SHA256, AES256_OCB, CHACHA20_POLY1305, UNENCRYPTED, IntegrityError from ..crypto.low_level import bytes_to_long, bytes_to_int, long_to_bytes -from ..crypto.low_level import hkdf_hmac_sha512 from ..crypto.low_level import AES, hmac_sha256 from ..crypto.key import CHPOKeyfileKey, AESOCBRepoKey, FlexiKey from ..helpers import msgpack @@ -195,74 +194,6 @@ class CryptoTestCase(BaseTestCase): cs = cs_cls(key, iv_int, header_len=len(header), aad_offset=0) self.assert_raises(IntegrityError, lambda: cs.decrypt(hdr_mac_iv_cdata, aad=b"incorrect_chunkid")) - # These test vectors come from https://www.kullo.net/blog/hkdf-sha-512-test-vectors/ - # who claims to have verified these against independent Python and C++ implementations. - - def test_hkdf_hmac_sha512(self): - ikm = b"\x0b" * 22 - salt = bytes.fromhex("000102030405060708090a0b0c") - info = bytes.fromhex("f0f1f2f3f4f5f6f7f8f9") - length = 42 - - okm = hkdf_hmac_sha512(ikm, salt, info, length) - assert okm == bytes.fromhex( - "832390086cda71fb47625bb5ceb168e4c8e26a1a16ed34d9fc7fe92c1481579338da362cb8d9f925d7cb" - ) - - def test_hkdf_hmac_sha512_2(self): - ikm = bytes.fromhex( - "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f2021222324252627" - "28292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f" - ) - salt = bytes.fromhex( - "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868" - "788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf" - ) - info = bytes.fromhex( - "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7" - "d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff" - ) - length = 82 - - okm = hkdf_hmac_sha512(ikm, salt, info, length) - assert okm == bytes.fromhex( - "ce6c97192805b346e6161e821ed165673b84f400a2b514b2fe23d84cd189ddf1b695b48cbd1c838844" - "1137b3ce28f16aa64ba33ba466b24df6cfcb021ecff235f6a2056ce3af1de44d572097a8505d9e7a93" - ) - - def test_hkdf_hmac_sha512_3(self): - ikm = bytes.fromhex("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b") - salt = None - info = b"" - length = 42 - - okm = hkdf_hmac_sha512(ikm, salt, info, length) - assert okm == bytes.fromhex( - "f5fa02b18298a72a8c23898a8703472c6eb179dc204c03425c970e3b164bf90fff22d04836d0e2343bac" - ) - - def test_hkdf_hmac_sha512_4(self): - ikm = bytes.fromhex("0b0b0b0b0b0b0b0b0b0b0b") - salt = bytes.fromhex("000102030405060708090a0b0c") - info = bytes.fromhex("f0f1f2f3f4f5f6f7f8f9") - length = 42 - - okm = hkdf_hmac_sha512(ikm, salt, info, length) - assert okm == bytes.fromhex( - "7413e8997e020610fbf6823f2ce14bff01875db1ca55f68cfcf3954dc8aff53559bd5e3028b080f7c068" - ) - - def test_hkdf_hmac_sha512_5(self): - ikm = bytes.fromhex("0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c") - salt = None - info = b"" - length = 42 - - okm = hkdf_hmac_sha512(ikm, salt, info, length) - assert okm == bytes.fromhex( - "1407d46013d98bc6decefcfee55f0f90b0c7f63d68eb1a80eaf07e953cfc0a3a5240a155d6e4daa965bb" - ) - def test_decrypt_key_file_argon2_chacha20_poly1305(): plain = b"hello"