python-pskc branch master updated. 0.1-13-g7f26dc6

[Date Prev][Date Next] [Thread Prev][Thread Next]
From: Commits of the python-pskc project <python-pskc-commits [at] lists.arthurdejong.org>
To: python-pskc-commits [at] lists.arthurdejong.org
Reply-to: python-pskc-users [at] lists.arthurdejong.org
Subject: python-pskc branch master updated. 0.1-13-g7f26dc6
Date: Thu, 29 May 2014 11:39:20 +0200 (CEST)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "python-pskc".

The branch, master has been updated
       via  7f26dc68c898ed7465a621d4f77544f473437491 (commit)
       via  28f2c1c14f0b55b79105033e37cc8735e717f745 (commit)
       via  678b127d1e8d8bb9088ea57dd8497456cdb3428c (commit)
      from  bef2f7db8590004f5a4dd7cca75f995a545ab89a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://arthurdejong.org/git/python-pskc/commit/?id=7f26dc68c898ed7465a621d4f77544f473437491

commit 7f26dc68c898ed7465a621d4f77544f473437491
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Thu May 29 11:26:12 2014 +0200

    Add test for all AES-CBC encryption schemes

diff --git a/tests/aes128-cbc.pskcxml b/tests/aes128-cbc.pskcxml
new file mode 100644
index 0000000..3761991
--- /dev/null
+++ b/tests/aes128-cbc.pskcxml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  Test that holds an aes128-cbc encrypted value. Key is
+  12345678901234567890123456789012.
+-->
+
+<KeyContainer Version="1.0"
+  xmlns="urn:ietf:params:xml:ns:keyprov:pskc"
+  xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
+  xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
+ <EncryptionKey>
+  <ds:KeyName>Pre-shared-key</ds:KeyName>
+ </EncryptionKey>
+ <KeyPackage>
+  <Key>
+   <Data>
+    <Secret>
+     <EncryptedValue>
+      <xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+      <xenc:CipherData>
+       
<xenc:CipherValue>AAECAwQFBgcICQoLDA0OD+cIHItlB3Wra1DUpxVvOx2lef1VmNPCMl8jwZqIUqGv</xenc:CipherValue>
+      </xenc:CipherData>
+     </EncryptedValue>
+    </Secret>
+   </Data>
+  </Key>
+ </KeyPackage>
+</KeyContainer>
diff --git a/tests/aes192-cbc.pskcxml b/tests/aes192-cbc.pskcxml
new file mode 100644
index 0000000..4148688
--- /dev/null
+++ b/tests/aes192-cbc.pskcxml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  Test that holds an aes192-cbc encrypted value. Key is
+  123456789012345678901234567890123456789012345678.
+-->
+
+<KeyContainer Version="1.0"
+  xmlns="urn:ietf:params:xml:ns:keyprov:pskc"
+  xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
+  xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
+ <EncryptionKey>
+  <ds:KeyName>Pre-shared-key</ds:KeyName>
+ </EncryptionKey>
+ <KeyPackage>
+  <Key>
+   <Data>
+    <Secret>
+     <EncryptedValue>
+      <xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
+      <xenc:CipherData>
+       
<xenc:CipherValue>AAECAwQFBgcICQoLDA0OD/616ab2do/xcWNKuW1qE3rSzwqoZcpg5ucwpjiZ07tV</xenc:CipherValue>
+      </xenc:CipherData>
+     </EncryptedValue>
+    </Secret>
+   </Data>
+  </Key>
+ </KeyPackage>
+</KeyContainer>
diff --git a/tests/aes256-cbc.pskcxml b/tests/aes256-cbc.pskcxml
new file mode 100644
index 0000000..204c014
--- /dev/null
+++ b/tests/aes256-cbc.pskcxml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  Test that holds an aes256-cbc encrypted value. Key is
+  1234567890123456789012345678901234567890123456789012345678901234.
+-->
+
+<KeyContainer Version="1.0"
+  xmlns="urn:ietf:params:xml:ns:keyprov:pskc"
+  xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
+  xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
+ <EncryptionKey>
+  <ds:KeyName>Pre-shared-key</ds:KeyName>
+ </EncryptionKey>
+ <KeyPackage>
+  <Key>
+   <Data>
+    <Secret>
+     <EncryptedValue>
+      <xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
+      <xenc:CipherData>
+       
<xenc:CipherValue>AAECAwQFBgcICQoLDA0OD7mg24krBXvsLMVBhZbLXDVFEWhqNqRTCO8AfowoBFcd</xenc:CipherValue>
+      </xenc:CipherData>
+     </EncryptedValue>
+    </Secret>
+   </Data>
+  </Key>
+ </KeyPackage>
+</KeyContainer>
diff --git a/tests/test_encryption.doctest b/tests/test_encryption.doctest
new file mode 100644
index 0000000..300270f
--- /dev/null
+++ b/tests/test_encryption.doctest
@@ -0,0 +1,44 @@
+test_encryption.doctest - test various encryption schemes
+
+Copyright (C) 2014 Arthur de Jong
+
+This library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Lesser General Public
+License as published by the Free Software Foundation; either
+version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public
+License along with this library; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA
+
+
+>>> from pskc import PSKC
+
+
+>>> pskc = PSKC('tests/aes128-cbc.pskcxml')
+>>> pskc.encryption.key = '12345678901234567890123456789012'.decode('hex')
+>>> pskc.keys[0].secret
+'12345678901234567890'
+
+
+>>> pskc = PSKC('tests/aes192-cbc.pskcxml')
+>>> pskc.encryption.key = '12345678901234567890123456789012'.decode('hex')
+>>> pskc.keys[0].secret
+Traceback (most recent call last):
+    ...
+DecryptionError: Invalid key length
+>>> pskc.encryption.key = 
'123456789012345678901234567890123456789012345678'.decode('hex')
+>>> pskc.keys[0].secret
+'12345678901234567890'
+
+
+>>> pskc = PSKC('tests/aes256-cbc.pskcxml')
+>>> pskc.encryption.key = 
'1234567890123456789012345678901234567890123456789012345678901234'.decode('hex')
+>>> pskc.keys[0].secret
+'12345678901234567890'

http://arthurdejong.org/git/python-pskc/commit/?id=28f2c1c14f0b55b79105033e37cc8735e717f745

commit 28f2c1c14f0b55b79105033e37cc8735e717f745
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Thu May 29 11:18:04 2014 +0200

    Support more AES-CBC encryption schemes
    
    This also moves the crypto imports to the places where they are used to
    avoid a depenency on pycrypto if no encryption is used.

diff --git a/pskc/encryption.py b/pskc/encryption.py
index a185871..4e6a661 100644
--- a/pskc/encryption.py
+++ b/pskc/encryption.py
@@ -30,9 +30,6 @@ The encryption key can be derived using the KeyDerivation 
class.
 
 import base64
 
-from Crypto.Cipher import AES
-from Crypto.Protocol.KDF import PBKDF2
-
 
 def unpad(value):
     """Remove padding from the plaintext."""
@@ -75,7 +72,13 @@ class EncryptedValue(object):
         key = self.encryption.key
         if key is None:
             raise DecryptionError('No key available')
-        if self.algorithm.endswith('#aes128-cbc'):
+        if self.algorithm.endswith('#aes128-cbc') or \
+           self.algorithm.endswith('#aes192-cbc') or \
+           self.algorithm.endswith('#aes256-cbc'):
+            from Crypto.Cipher import AES
+            if len(key) * 8 != int(self.algorithm[-7:-4]) or \
+               len(key) not in AES.key_size:
+                raise DecryptionError('Invalid key length')
             iv = self.cipher_value[:AES.block_size]
             ciphertext = self.cipher_value[AES.block_size:]
             cipher = AES.new(key, AES.MODE_CBC, iv)
@@ -134,6 +137,7 @@ class KeyDerivation(object):
     def generate(self, password):
         """Derive a key from the password."""
         if self.algorithm.endswith('#pbkdf2'):
+            from Crypto.Protocol.KDF import PBKDF2
             # TODO: support pseudorandom function (prf)
             return PBKDF2(
                 password, self.pbkdf2_salt, dkLen=self.pbkdf2_key_length,

http://arthurdejong.org/git/python-pskc/commit/?id=678b127d1e8d8bb9088ea57dd8497456cdb3428c

commit 678b127d1e8d8bb9088ea57dd8497456cdb3428c
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Thu May 29 11:14:20 2014 +0200

    Add test for missing secret value

diff --git a/tests/test_minimal.doctest b/tests/test_minimal.doctest
index ef54e59..eee45db 100644
--- a/tests/test_minimal.doctest
+++ b/tests/test_minimal.doctest
@@ -41,6 +41,8 @@ Check creation of empty PSKC structure and adding an empty 
key to the list.
 >>> key = pskc.add_key(id='123')
 >>> key.id
 '123'
+>>> key.secret is None
+True
 
 Adding a key with unknown attributes raises an error.
 >>> key = pskc.add_key(foo='bar')

-----------------------------------------------------------------------

Summary of changes:
 pskc/encryption.py                                 |   12 ++++--
 tests/aes128-cbc.pskcxml                           |   29 +++++++++++++
 tests/aes192-cbc.pskcxml                           |   29 +++++++++++++
 tests/aes256-cbc.pskcxml                           |   29 +++++++++++++
 ...est_invalid.doctest => test_encryption.doctest} |   45 +++++++-------------
 tests/test_minimal.doctest                         |    2 +
 6 files changed, 113 insertions(+), 33 deletions(-)
 create mode 100644 tests/aes128-cbc.pskcxml
 create mode 100644 tests/aes192-cbc.pskcxml
 create mode 100644 tests/aes256-cbc.pskcxml
 copy tests/{test_invalid.doctest => test_encryption.doctest} (55%)


hooks/post-receive
-- 
python-pskc
-- 
To unsubscribe send an email to
python-pskc-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/python-pskc-commits/
python-pskc branch master updated. 0.1-13-g7f26dc6, Commits of the python-pskc project
Prev by Date: python-pskc branch master updated. 0.1-10-gbef2f7d
Next by Date: python-pskc branch master updated. 0.1-17-gccebb69
Previous by thread: python-pskc branch master updated. 0.1-10-gbef2f7d
Next by thread: python-pskc branch master updated. 0.1-17-gccebb69