mirror of
https://github.com/OpenKMIP/PyKMIP.git
synced 2025-04-08 19:25:06 +02:00
f9e32552f8
This change adds client support for setting custom configuration file paths, allowing users and developers to place their settings file wherever they want. All client demo scripts have been updated to support a '-s' flag that can be used to set the configuration file for the demo. Client unit tests have also been updated to include this change.
178 lines
6.6 KiB
Python
178 lines
6.6 KiB
Python
# Copyright (c) 2017 The Johns Hopkins University/Applied Physics Laboratory
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import logging
|
|
import sys
|
|
|
|
from kmip.core import enums
|
|
from kmip.demos import utils
|
|
from kmip.pie import client
|
|
|
|
|
|
if __name__ == '__main__':
|
|
logger = utils.build_console_logger(logging.INFO)
|
|
|
|
# Build and parse arguments
|
|
parser = utils.build_cli_parser(enums.Operation.DERIVE_KEY)
|
|
opts, args = parser.parse_args(sys.argv[1:])
|
|
config = opts.config
|
|
|
|
# Build the client and connect to the server
|
|
with client.ProxyKmipClient(
|
|
config=config,
|
|
config_file=opts.config_file
|
|
) as client:
|
|
# Create keys to use for derivation
|
|
try:
|
|
key_id = client.create(
|
|
enums.CryptographicAlgorithm.AES,
|
|
128,
|
|
cryptographic_usage_mask=[
|
|
enums.CryptographicUsageMask.DERIVE_KEY
|
|
]
|
|
)
|
|
logger.info("Successfully created a new derivation key.")
|
|
logger.info("Secret ID: {0}".format(key_id))
|
|
except Exception as e:
|
|
logger.error(e)
|
|
sys.exit(-1)
|
|
|
|
# Derive a new secret via PBKDF2.
|
|
try:
|
|
secret_id = client.derive_key(
|
|
enums.ObjectType.SYMMETRIC_KEY,
|
|
[key_id],
|
|
enums.DerivationMethod.PBKDF2,
|
|
{
|
|
'cryptographic_parameters': {
|
|
'hashing_algorithm': enums.HashingAlgorithm.SHA_1
|
|
},
|
|
'salt': b'salt',
|
|
'iteration_count': 4096
|
|
},
|
|
cryptographic_length=160,
|
|
cryptographic_algorithm=enums.CryptographicAlgorithm.AES
|
|
)
|
|
logger.info("Successfully derived a new secret via PBKDF2.")
|
|
logger.info("Secret ID: {0}".format(secret_id))
|
|
except Exception as e:
|
|
logger.error(e)
|
|
|
|
# Derive a new secret via encryption.
|
|
try:
|
|
secret_id = client.derive_key(
|
|
enums.ObjectType.SECRET_DATA,
|
|
[key_id],
|
|
enums.DerivationMethod.ENCRYPT,
|
|
{
|
|
'cryptographic_parameters': {
|
|
'block_cipher_mode': enums.BlockCipherMode.CBC,
|
|
'padding_method': enums.PaddingMethod.PKCS5,
|
|
'cryptographic_algorithm':
|
|
enums.CryptographicAlgorithm.BLOWFISH
|
|
},
|
|
'initialization_vector': (
|
|
b'\xFE\xDC\xBA\x98\x76\x54\x32\x10'
|
|
),
|
|
'derivation_data': (
|
|
b'\x37\x36\x35\x34\x33\x32\x31\x30'
|
|
b'\x4E\x6F\x77\x20\x69\x73\x20\x74'
|
|
b'\x68\x65\x20\x74\x69\x6D\x65\x20'
|
|
b'\x66\x6F\x72\x20\x00'
|
|
)
|
|
},
|
|
cryptographic_length=256
|
|
)
|
|
logger.info("Successfully derived a new secret via encryption.")
|
|
logger.info("Secret ID: {0}".format(secret_id))
|
|
except Exception as e:
|
|
logger.error(e)
|
|
|
|
# Derive a new secret via HMAC.
|
|
try:
|
|
secret_id = client.derive_key(
|
|
enums.ObjectType.SYMMETRIC_KEY,
|
|
[key_id],
|
|
enums.DerivationMethod.HMAC,
|
|
{
|
|
'cryptographic_parameters': {
|
|
'hashing_algorithm': enums.HashingAlgorithm.SHA_256
|
|
},
|
|
'derivation_data': (
|
|
b'\xF0\xF1\xF2\xF3\xF4\xF5\xF6\xF7'
|
|
b'\xF8\xF9'
|
|
),
|
|
'salt': (
|
|
b'\x00\x01\x02\x03\x04\x05\x06\x07'
|
|
b'\x08\x09\x0A\x0B\x0C'
|
|
)
|
|
},
|
|
cryptographic_length=64,
|
|
cryptographic_algorithm=enums.CryptographicAlgorithm.RC4
|
|
)
|
|
logger.info("Successfully derived a new secret via HMAC.")
|
|
logger.info("Secret ID: {0}".format(secret_id))
|
|
except Exception as e:
|
|
logger.error(e)
|
|
|
|
# Derive a new secret via hashing.
|
|
try:
|
|
secret_id = client.derive_key(
|
|
enums.ObjectType.SECRET_DATA,
|
|
[key_id],
|
|
enums.DerivationMethod.HASH,
|
|
{
|
|
'cryptographic_parameters': {
|
|
'hashing_algorithm': enums.HashingAlgorithm.MD5
|
|
}
|
|
},
|
|
cryptographic_length=128
|
|
)
|
|
logger.info("Successfully derived a new secret via hashing.")
|
|
logger.info("Secret ID: {0}".format(secret_id))
|
|
except Exception as e:
|
|
logger.error(e)
|
|
|
|
# Derive a new secret via NIST 800 108-C.
|
|
try:
|
|
secret_id = client.derive_key(
|
|
enums.ObjectType.SYMMETRIC_KEY,
|
|
[key_id],
|
|
enums.DerivationMethod.NIST800_108_C,
|
|
{
|
|
'cryptographic_parameters': {
|
|
'hashing_algorithm': enums.HashingAlgorithm.SHA_1
|
|
},
|
|
'derivation_data': (
|
|
b'\x8e\x34\x7e\xf5\x5d\x5f\x5e\x99'
|
|
b'\xea\xb6\xde\x70\x6b\x51\xde\x7c'
|
|
b'\xe0\x04\xf3\x88\x28\x89\xe2\x59'
|
|
b'\xff\x4e\x5c\xff\x10\x21\x67\xa5'
|
|
b'\xa4\xbd\x71\x15\x78\xd4\xce\x17'
|
|
b'\xdd\x9a\xbe\x56\xe5\x1c\x1f\x2d'
|
|
b'\xf9\x50\xe2\xfc\x81\x2e\xc1\xb2'
|
|
b'\x17\xca\x08\xd6'
|
|
)
|
|
},
|
|
cryptographic_length=128,
|
|
cryptographic_algorithm=enums.CryptographicAlgorithm.AES
|
|
)
|
|
logger.info(
|
|
"Successfully derived a new secret via NIST 800 108-C."
|
|
)
|
|
logger.info("Secret ID: {0}".format(secret_id))
|
|
except Exception as e:
|
|
logger.error(e)
|