python-pskc branch master updated. 0.1-17-gccebb69
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
python-pskc branch master updated. 0.1-17-gccebb69
- From: Commits of the python-pskc project <python-pskc-commits [at] lists.arthurdejong.org>
- To: python-pskc-commits [at] lists.arthurdejong.org
- Reply-to: python-pskc-users [at] lists.arthurdejong.org
- Subject: python-pskc branch master updated. 0.1-17-gccebb69
- Date: Thu, 29 May 2014 16:36:16 +0200 (CEST)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "python-pskc".
The branch, master has been updated
via ccebb694d460ec2292a51a3e8d9f81fe54969c3e (commit)
via a11f31fd0c575c243418f919016634cfb102b138 (commit)
via 0738c94bdfbac6ceefdb1080bbeede2ddaa5ed11 (commit)
via 76ef42bf1009e542b90814dc0b629e0ee5b0356c (commit)
from 7f26dc68c898ed7465a621d4f77544f473437491 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://arthurdejong.org/git/python-pskc/commit/?id=ccebb694d460ec2292a51a3e8d9f81fe54969c3e
commit ccebb694d460ec2292a51a3e8d9f81fe54969c3e
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Thu May 29 16:35:26 2014 +0200
Support Tripple DES decryption
diff --git a/pskc/encryption.py b/pskc/encryption.py
index 3700d17..9b6f763 100644
--- a/pskc/encryption.py
+++ b/pskc/encryption.py
@@ -85,6 +85,14 @@ class EncryptedValue(object):
ciphertext = self.cipher_value[AES.block_size:]
cipher = AES.new(key, AES.MODE_CBC, iv)
return unpad(cipher.decrypt(ciphertext))
+ elif self.algorithm.endswith('#tripledes-cbc'):
+ from Crypto.Cipher import DES3
+ if len(key) not in DES3.key_size:
+ raise DecryptionError('Invalid key length')
+ iv = self.cipher_value[:DES3.block_size]
+ ciphertext = self.cipher_value[DES3.block_size:]
+ cipher = DES3.new(key, DES3.MODE_CBC, iv)
+ return unpad(cipher.decrypt(ciphertext))
else:
raise DecryptionError('Unsupported algorithm: %r' % self.algorithm)
diff --git a/tests/test_encryption.doctest b/tests/test_encryption.doctest
index 300270f..3f54998 100644
--- a/tests/test_encryption.doctest
+++ b/tests/test_encryption.doctest
@@ -42,3 +42,14 @@ DecryptionError: Invalid key length
>>> pskc.encryption.key =
>>> '1234567890123456789012345678901234567890123456789012345678901234'.decode('hex')
>>> pskc.keys[0].secret
'12345678901234567890'
+
+
+>>> pskc = PSKC('tests/tripledes-cbc.pskcxml')
+>>> pskc.encryption.key = '1234'.decode('hex')
+>>> pskc.keys[0].secret
+Traceback (most recent call last):
+ ...
+DecryptionError: Invalid key length
+>>> pskc.encryption.key = '12345678901234567890123456789012'.decode('hex')
+>>> pskc.keys[0].secret
+'12345678901234567890'
diff --git a/tests/tripledes-cbc.pskcxml b/tests/tripledes-cbc.pskcxml
new file mode 100644
index 0000000..04d822b
--- /dev/null
+++ b/tests/tripledes-cbc.pskcxml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Test that holds an tripledes-cbc encrypted value. Key is
+ 12345678901234567890123456789012.
+-->
+
+<KeyContainer Version="1.0"
+ xmlns="urn:ietf:params:xml:ns:keyprov:pskc"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
+ <EncryptionKey>
+ <ds:KeyName>Pre-shared-key</ds:KeyName>
+ </EncryptionKey>
+ <KeyPackage>
+ <Key>
+ <Data>
+ <Secret>
+ <EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>SVYxMjM0NTbvR25//t5tAuWfL+6ma90GGESqe3AlrJM=</xenc:CipherValue>
+ </xenc:CipherData>
+ </EncryptedValue>
+ </Secret>
+ </Data>
+ </Key>
+ </KeyPackage>
+</KeyContainer>
http://arthurdejong.org/git/python-pskc/commit/?id=a11f31fd0c575c243418f919016634cfb102b138
commit a11f31fd0c575c243418f919016634cfb102b138
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Thu May 29 16:16:32 2014 +0200
Add tests for key derivation problems
This tests for unknown or missing algorithms and unknown derivation
parameters.
diff --git a/tests/test_invalid.doctest b/tests/test_invalid.doctest
index 7c291e1..c8e8a78 100644
--- a/tests/test_invalid.doctest
+++ b/tests/test_invalid.doctest
@@ -24,24 +24,33 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
MA
Load a number of invalid files.
+This file is plain invalid XML.
+
>>> pskc = PSKC('tests/invalid-notxml.pskcxml')
Traceback (most recent call last):
...
ParseError: Error parsing XML
+This XML file has a wrong top-level element.
+
>>> pskc = PSKC('tests/invalid-wrongelement.pskcxml')
Traceback (most recent call last):
...
ParseError: Missing KeyContainer
+This file has an unknown PSKC version.
+
>>> pskc = PSKC('tests/invalid-wrongversion.pskcxml')
Traceback (most recent call last):
...
ParseError: Unsupported version
+This PSKC file has one key with an unknown algorithm and one key without an
+algorithm specified.
+
>>> pskc = PSKC('tests/invalid-encryption.pskcxml')
>>> key = pskc.keys[0]
>>> key.id
@@ -62,3 +71,33 @@ DecryptionError: Unsupported algorithm: ...
Traceback (most recent call last):
...
DecryptionError: No algorithm specified
+
+
+Specify an unknown key derivation algorithm specified.
+
+>>> pskc = PSKC('tests/rfc6030-figure7.pskcxml')
+>>> pskc.encryption.derivation.algorithm = 'unknown'
+>>> pskc.encryption.derive_key('qwerty')
+Traceback (most recent call last):
+ ...
+KeyDerivationError: Unsupported algorithm: ...
+
+
+Figure 6 does use encryption but with a pre-shared key. Attempting key
+derivation with such a PSKC file should result in an exception.
+
+>>> pskc = PSKC('tests/rfc6030-figure6.pskcxml')
+>>> pskc.encryption.derive_key('qwerty')
+Traceback (most recent call last):
+ ...
+KeyDerivationError: No algorithm specified
+
+
+Specify an unknown PBKDF2 PRF (pseudorandom function).
+
+>>> pskc = PSKC('tests/rfc6030-figure7.pskcxml')
+>>> pskc.encryption.derivation.pbkdf2_prf = 'unknown'
+>>> pskc.encryption.derive_key('qwerty')
+Traceback (most recent call last):
+ ...
+KeyDerivationError: Pseudorandom function unsupported: ...
http://arthurdejong.org/git/python-pskc/commit/?id=0738c94bdfbac6ceefdb1080bbeede2ddaa5ed11
commit 0738c94bdfbac6ceefdb1080bbeede2ddaa5ed11
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Thu May 29 14:33:03 2014 +0200
Raise exception when key derivation fails
This also renames the internal function that implements the derivation.
diff --git a/pskc/encryption.py b/pskc/encryption.py
index cd5720a..3700d17 100644
--- a/pskc/encryption.py
+++ b/pskc/encryption.py
@@ -136,14 +136,23 @@ class KeyDerivation(object):
if prf is not None:
self.pbkdf2_prf = prf.attrib.get('Algorithm')
- def generate(self, password):
+ def derive(self, password):
"""Derive a key from the password."""
+ from pskc.exceptions import KeyDerivationError
+ if self.algorithm is None:
+ raise KeyDerivationError('No algorithm specified')
if self.algorithm.endswith('#pbkdf2'):
from Crypto.Protocol.KDF import PBKDF2
# TODO: support pseudorandom function (prf)
+ if self.pbkdf2_prf:
+ raise KeyDerivationError(
+ 'Pseudorandom function unsupported: %r' % self.pbkdf2_prf)
return PBKDF2(
password, self.pbkdf2_salt, dkLen=self.pbkdf2_key_length,
count=self.pbkdf2_iterations, prf=None)
+ else:
+ raise KeyDerivationError(
+ 'Unsupported algorithm: %r' % self.algorithm)
class Encryption(object):
@@ -193,4 +202,4 @@ class Encryption(object):
def derive_key(self, password):
"""Derive a key from the password."""
- self.key = self.derivation.generate(password)
+ self.key = self.derivation.derive(password)
diff --git a/pskc/exceptions.py b/pskc/exceptions.py
index 801de20..7fde416 100644
--- a/pskc/exceptions.py
+++ b/pskc/exceptions.py
@@ -42,3 +42,8 @@ class DecryptionError(PSKCError):
The encrypted value as available but something went wrong with decrypting
it."""
pass
+
+
+class KeyDerivationError(PSKCError):
+ """There was a problem performing the key derivation."""
+ pass
http://arthurdejong.org/git/python-pskc/commit/?id=76ef42bf1009e542b90814dc0b629e0ee5b0356c
commit 76ef42bf1009e542b90814dc0b629e0ee5b0356c
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Thu May 29 14:49:05 2014 +0200
Add test for missing key encryption algorithm
This also introduces a toplevel PSKCError exception that all exceptions
have as parent.
diff --git a/pskc/encryption.py b/pskc/encryption.py
index 4e6a661..cd5720a 100644
--- a/pskc/encryption.py
+++ b/pskc/encryption.py
@@ -72,6 +72,8 @@ class EncryptedValue(object):
key = self.encryption.key
if key is None:
raise DecryptionError('No key available')
+ if self.algorithm is None:
+ raise DecryptionError('No algorithm specified')
if self.algorithm.endswith('#aes128-cbc') or \
self.algorithm.endswith('#aes192-cbc') or \
self.algorithm.endswith('#aes256-cbc'):
diff --git a/pskc/exceptions.py b/pskc/exceptions.py
index 9203dfe..801de20 100644
--- a/pskc/exceptions.py
+++ b/pskc/exceptions.py
@@ -21,21 +21,24 @@
"""Collection of exceptions."""
-class ParseError(Exception):
+class PSKCError(Exception):
+ """General top-level exception."""
+
+ def __str__(self):
+ return getattr(self, 'message', '')
+
+
+class ParseError(PSKCError):
"""Something went wrong with parsing the PSKC file.
Either the file is invalid XML or required elements or attributes are
missing."""
-
- def __str__(self):
- return getattr(self, 'message', '')
+ pass
-class DecryptionError(Exception):
+class DecryptionError(PSKCError):
"""There was a problem decrypting the value.
The encrypted value as available but something went wrong with decrypting
it."""
-
- def __str__(self):
- return getattr(self, 'message', '')
+ pass
diff --git a/tests/invalid-encryption.pskcxml b/tests/invalid-encryption.pskcxml
index 18ee5f1..d900dc9 100644
--- a/tests/invalid-encryption.pskcxml
+++ b/tests/invalid-encryption.pskcxml
@@ -2,7 +2,7 @@
<!--
Based on the Figure 6 example, this file includes an unknown encryption
- algorithm.
+ algorithm and a key without an algorithm specified.
-->
<KeyContainer Version="1.0"
@@ -28,4 +28,20 @@
AAECAwQFBgcICQoLDA0OD+cIHItlB3Wra1DUpxVvOx2lef1VmNPCMl8jwZqIUqGv
</Data>
</Key>
</KeyPackage>
+ <KeyPackage>
+ <Key Id="45678901" Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp">
+ <Data>
+ <Secret>
+ <EncryptedValue>
+ <xenc:EncryptionMethod/>
+ <xenc:CipherData>
+ <xenc:CipherValue>
+AAECAwQFBgcICQoLDA0OD+cIHItlB3Wra1DUpxVvOx2lef1VmNPCMl8jwZqIUqGv
+ </xenc:CipherValue>
+ </xenc:CipherData>
+ </EncryptedValue>
+ </Secret>
+ </Data>
+ </Key>
+ </KeyPackage>
</KeyContainer>
diff --git a/tests/test_invalid.doctest b/tests/test_invalid.doctest
index 2665bae..7c291e1 100644
--- a/tests/test_invalid.doctest
+++ b/tests/test_invalid.doctest
@@ -55,3 +55,10 @@ DecryptionError: No key available
Traceback (most recent call last):
...
DecryptionError: Unsupported algorithm: ...
+>>> key = pskc.keys[1]
+>>> key.id
+'45678901'
+>>> key.secret
+Traceback (most recent call last):
+ ...
+DecryptionError: No algorithm specified
-----------------------------------------------------------------------
Summary of changes:
pskc/encryption.py | 23 +++++++++-
pskc/exceptions.py | 22 +++++++---
tests/invalid-encryption.pskcxml | 18 +++++++-
tests/test_encryption.doctest | 11 +++++
tests/test_invalid.doctest | 46 ++++++++++++++++++++
.../{aes128-cbc.pskcxml => tripledes-cbc.pskcxml} | 6 +--
6 files changed, 113 insertions(+), 13 deletions(-)
copy tests/{aes128-cbc.pskcxml => tripledes-cbc.pskcxml} (76%)
hooks/post-receive
--
python-pskc
--
To unsubscribe send an email to
python-pskc-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/python-pskc-commits/
- python-pskc branch master updated. 0.1-17-gccebb69,
Commits of the python-pskc project
