mirror of https://github.com/OpenKMIP/PyKMIP.git
178 lines
6.6 KiB
Python
178 lines
6.6 KiB
Python
# Copyright (c) 2017 The Johns Hopkins University/Applied Physics Laboratory
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import logging
|
|
import sys
|
|
|
|
from kmip.core import enums
|
|
from kmip.demos import utils
|
|
from kmip.pie import client
|
|
|
|
|
|
if __name__ == '__main__':
|
|
logger = utils.build_console_logger(logging.INFO)
|
|
|
|
# Build and parse arguments
|
|
parser = utils.build_cli_parser(enums.Operation.DERIVE_KEY)
|
|
opts, args = parser.parse_args(sys.argv[1:])
|
|
config = opts.config
|
|
|
|
# Build the client and connect to the server
|
|
with client.ProxyKmipClient(
|
|
config=config,
|
|
config_file=opts.config_file
|
|
) as client:
|
|
# Create keys to use for derivation
|
|
try:
|
|
key_id = client.create(
|
|
enums.CryptographicAlgorithm.AES,
|
|
128,
|
|
cryptographic_usage_mask=[
|
|
enums.CryptographicUsageMask.DERIVE_KEY
|
|
]
|
|
)
|
|
logger.info("Successfully created a new derivation key.")
|
|
logger.info("Secret ID: {0}".format(key_id))
|
|
except Exception as e:
|
|
logger.error(e)
|
|
sys.exit(-1)
|
|
|
|
# Derive a new secret via PBKDF2.
|
|
try:
|
|
secret_id = client.derive_key(
|
|
enums.ObjectType.SYMMETRIC_KEY,
|
|
[key_id],
|
|
enums.DerivationMethod.PBKDF2,
|
|
{
|
|
'cryptographic_parameters': {
|
|
'hashing_algorithm': enums.HashingAlgorithm.SHA_1
|
|
},
|
|
'salt': b'salt',
|
|
'iteration_count': 4096
|
|
},
|
|
cryptographic_length=160,
|
|
cryptographic_algorithm=enums.CryptographicAlgorithm.AES
|
|
)
|
|
logger.info("Successfully derived a new secret via PBKDF2.")
|
|
logger.info("Secret ID: {0}".format(secret_id))
|
|
except Exception as e:
|
|
logger.error(e)
|
|
|
|
# Derive a new secret via encryption.
|
|
try:
|
|
secret_id = client.derive_key(
|
|
enums.ObjectType.SECRET_DATA,
|
|
[key_id],
|
|
enums.DerivationMethod.ENCRYPT,
|
|
{
|
|
'cryptographic_parameters': {
|
|
'block_cipher_mode': enums.BlockCipherMode.CBC,
|
|
'padding_method': enums.PaddingMethod.PKCS5,
|
|
'cryptographic_algorithm':
|
|
enums.CryptographicAlgorithm.BLOWFISH
|
|
},
|
|
'initialization_vector': (
|
|
b'\xFE\xDC\xBA\x98\x76\x54\x32\x10'
|
|
),
|
|
'derivation_data': (
|
|
b'\x37\x36\x35\x34\x33\x32\x31\x30'
|
|
b'\x4E\x6F\x77\x20\x69\x73\x20\x74'
|
|
b'\x68\x65\x20\x74\x69\x6D\x65\x20'
|
|
b'\x66\x6F\x72\x20\x00'
|
|
)
|
|
},
|
|
cryptographic_length=256
|
|
)
|
|
logger.info("Successfully derived a new secret via encryption.")
|
|
logger.info("Secret ID: {0}".format(secret_id))
|
|
except Exception as e:
|
|
logger.error(e)
|
|
|
|
# Derive a new secret via HMAC.
|
|
try:
|
|
secret_id = client.derive_key(
|
|
enums.ObjectType.SYMMETRIC_KEY,
|
|
[key_id],
|
|
enums.DerivationMethod.HMAC,
|
|
{
|
|
'cryptographic_parameters': {
|
|
'hashing_algorithm': enums.HashingAlgorithm.SHA_256
|
|
},
|
|
'derivation_data': (
|
|
b'\xF0\xF1\xF2\xF3\xF4\xF5\xF6\xF7'
|
|
b'\xF8\xF9'
|
|
),
|
|
'salt': (
|
|
b'\x00\x01\x02\x03\x04\x05\x06\x07'
|
|
b'\x08\x09\x0A\x0B\x0C'
|
|
)
|
|
},
|
|
cryptographic_length=64,
|
|
cryptographic_algorithm=enums.CryptographicAlgorithm.RC4
|
|
)
|
|
logger.info("Successfully derived a new secret via HMAC.")
|
|
logger.info("Secret ID: {0}".format(secret_id))
|
|
except Exception as e:
|
|
logger.error(e)
|
|
|
|
# Derive a new secret via hashing.
|
|
try:
|
|
secret_id = client.derive_key(
|
|
enums.ObjectType.SECRET_DATA,
|
|
[key_id],
|
|
enums.DerivationMethod.HASH,
|
|
{
|
|
'cryptographic_parameters': {
|
|
'hashing_algorithm': enums.HashingAlgorithm.MD5
|
|
}
|
|
},
|
|
cryptographic_length=128
|
|
)
|
|
logger.info("Successfully derived a new secret via hashing.")
|
|
logger.info("Secret ID: {0}".format(secret_id))
|
|
except Exception as e:
|
|
logger.error(e)
|
|
|
|
# Derive a new secret via NIST 800 108-C.
|
|
try:
|
|
secret_id = client.derive_key(
|
|
enums.ObjectType.SYMMETRIC_KEY,
|
|
[key_id],
|
|
enums.DerivationMethod.NIST800_108_C,
|
|
{
|
|
'cryptographic_parameters': {
|
|
'hashing_algorithm': enums.HashingAlgorithm.SHA_1
|
|
},
|
|
'derivation_data': (
|
|
b'\x8e\x34\x7e\xf5\x5d\x5f\x5e\x99'
|
|
b'\xea\xb6\xde\x70\x6b\x51\xde\x7c'
|
|
b'\xe0\x04\xf3\x88\x28\x89\xe2\x59'
|
|
b'\xff\x4e\x5c\xff\x10\x21\x67\xa5'
|
|
b'\xa4\xbd\x71\x15\x78\xd4\xce\x17'
|
|
b'\xdd\x9a\xbe\x56\xe5\x1c\x1f\x2d'
|
|
b'\xf9\x50\xe2\xfc\x81\x2e\xc1\xb2'
|
|
b'\x17\xca\x08\xd6'
|
|
)
|
|
},
|
|
cryptographic_length=128,
|
|
cryptographic_algorithm=enums.CryptographicAlgorithm.AES
|
|
)
|
|
logger.info(
|
|
"Successfully derived a new secret via NIST 800 108-C."
|
|
)
|
|
logger.info("Secret ID: {0}".format(secret_id))
|
|
except Exception as e:
|
|
logger.error(e)
|