python-pskc branch master updated. 0.1-40-g1b9ee9f

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Commits of the python-pskc project <python-pskc-commits [at] lists.arthurdejong.org>
To: python-pskc-commits [at] lists.arthurdejong.org
Reply-to: python-pskc-users [at] lists.arthurdejong.org
Subject: python-pskc branch master updated. 0.1-40-g1b9ee9f
Date: Sun, 15 Jun 2014 14:20:25 +0200 (CEST)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "python-pskc".

The branch, master has been updated
       via  1b9ee9f51496ccb10094f9d5844589948a887a08 (commit)
       via  79b9a7d99ab081f33a8c3e2028a275216482a54a (commit)
      from  1417d4a0d8aee27e0578cc82c4965b295ba6b050 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://arthurdejong.org/git/python-pskc/commit/?id=1b9ee9f51496ccb10094f9d5844589948a887a08

commit 1b9ee9f51496ccb10094f9d5844589948a887a08
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sat Jun 14 23:40:45 2014 +0200

    Support PBKDF2 PRF argument
    
    Support specifying a pseudorandom function for PBKDF2 key derivation. It
    currently supports any HMAC that the MAC checking also supports.

diff --git a/pskc/encryption.py b/pskc/encryption.py
index 6b45a7b..a073314 100644
--- a/pskc/encryption.py
+++ b/pskc/encryption.py
@@ -117,7 +117,7 @@ class KeyDerivation(object):
       pbkdf2_salt: salt value
       pbkdf2_iterations: number of iterations to use
       pbkdf2_key_length: required key lengt
-      pbkdf2_prf: name of pseudorandom function used (HMAC-SHA1 is assumed)
+      pbkdf2_prf: name of pseudorandom function used
     """
 
     def __init__(self, key_deriviation=None):
@@ -158,13 +158,17 @@ class KeyDerivation(object):
             raise KeyDerivationError('No algorithm specified')
         if self.algorithm.endswith('#pbkdf2'):
             from Crypto.Protocol.KDF import PBKDF2
-            # TODO: support pseudorandom function (prf)
+            from pskc.mac import get_hmac
+            prf = None
             if self.pbkdf2_prf:
-                raise KeyDerivationError(
-                    'Pseudorandom function unsupported: %r' % self.pbkdf2_prf)
+                prf = get_hmac(self.pbkdf2_prf)
+                if prf is None:
+                    raise KeyDerivationError(
+                        'Pseudorandom function unsupported: %r' %
+                        self.pbkdf2_prf)
             return PBKDF2(
                 password, self.pbkdf2_salt, dkLen=self.pbkdf2_key_length,
-                count=self.pbkdf2_iterations, prf=None)
+                count=self.pbkdf2_iterations, prf=prf)
         else:
             raise KeyDerivationError(
                 'Unsupported algorithm: %r' % self.algorithm)

http://arthurdejong.org/git/python-pskc/commit/?id=79b9a7d99ab081f33a8c3e2028a275216482a54a

commit 79b9a7d99ab081f33a8c3e2028a275216482a54a
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sat Jun 14 23:35:50 2014 +0200

    Provide a get_hmac() function
    
    Refactor the functionality to find an HMAC function into a separate
    function.

diff --git a/pskc/mac.py b/pskc/mac.py
index 084d641..7e66d6e 100644
--- a/pskc/mac.py
+++ b/pskc/mac.py
@@ -29,16 +29,24 @@ with the PSKC encryption key.
 """
 
 
-import hashlib
-import hmac
 import re
 
-from pskc.encryption import EncryptedValue
-
 
 _hmac_url_re = re.compile(r'^.*#hmac-(?P<hash>[a-z0-9]+)$')
 
 
+def get_hmac(algorithm):
+    """Return an HMAC function that takes a secret and a value and returns a
+    digest."""
+    import hashlib
+    import hmac
+    match = _hmac_url_re.search(algorithm)
+    if match:
+        digestmod = getattr(hashlib, match.group('hash'), None)
+        if digestmod is not None:
+            return lambda key, value: hmac.new(key, value, digestmod).digest()
+
+
 class ValueMAC(object):
     """Provide MAC checking ability to PSKC data values."""
 
@@ -66,15 +74,11 @@ class ValueMAC(object):
         key = self.mac.key
         if key is None:
             raise DecryptionError('No MAC key available')
-        digestmod = None
-        match = _hmac_url_re.search(self.mac.algorithm)
-        if match:
-            digestmod = getattr(hashlib, match.group('hash'), None)
-        if digestmod is None:
+        hmacfn = get_hmac(self.mac.algorithm)
+        if hmacfn is None:
             raise DecryptionError(
                 'Unsupported MAC algorithm: %r' % self.mac.algorithm)
-        h = hmac.new(key, value, digestmod).digest()
-        if h != self._value_mac:
+        if hmacfn(key, value) != self._value_mac:
             raise DecryptionError('MAC value does not match')
         return True
 
@@ -89,6 +93,7 @@ class MAC(object):
     """
 
     def __init__(self, pskc, mac_method=None):
+        from pskc.encryption import EncryptedValue
         self.algorithm = None
         self._mac_key = EncryptedValue(pskc.encryption)
         self.parse(mac_method)

-----------------------------------------------------------------------

Summary of changes:
 pskc/encryption.py |   14 +++++++++-----
 pskc/mac.py        |   27 ++++++++++++++++-----------
 2 files changed, 25 insertions(+), 16 deletions(-)


hooks/post-receive
-- 
python-pskc
-- 
To unsubscribe send an email to
python-pskc-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/python-pskc-commits/

python-pskc branch master updated. 0.1-40-g1b9ee9f, Commits of the python-pskc project

Prev by Date: python-pskc branch master updated. 0.1-38-g1417d4a
Next by Date: python-pskc branch master updated. 0.1-42-g50b429d
Previous by thread: python-pskc branch master updated. 0.1-38-g1417d4a
Next by thread: python-pskc branch master updated. 0.1-42-g50b429d