python-pskc branch master updated. 0.2-10-g68b20e2
[Date Prev][
Date Next]
[Thread Prev][
Thread Next]
python-pskc branch master updated. 0.2-10-g68b20e2
- From: Commits of the python-pskc project <python-pskc-commits [at] lists.arthurdejong.org>
- To: python-pskc-commits [at] lists.arthurdejong.org
- Reply-to: python-pskc-users [at] lists.arthurdejong.org
- Subject: python-pskc branch master updated. 0.2-10-g68b20e2
- Date: Tue, 6 Oct 2015 17:37:12 +0200 (CEST)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "python-pskc".
The branch, master has been updated
via 68b20e272d5546c94bffd90002732a55696f8978 (commit)
from ebe46f2e9cd2a43a50e153d29e48a0b7ac82c88c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://arthurdejong.org/git/python-pskc/commit/?id=68b20e272d5546c94bffd90002732a55696f8978
commit 68b20e272d5546c94bffd90002732a55696f8978
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Tue Oct 6 17:30:37 2015 +0200
Fix issue with namespaced PBKDF2 parameters
The find() utility functions now allow specifying multiple paths to be
searched where the first match is returned.
This allows handling PSKC files where the PBKDF2 salt, iteration count,
key length and PRF elements are prefixed with the xenc11 namespace.
A test including such a PSKC file has been included.
Thanks to Eric Plet for reporting this.
diff --git a/pskc/encryption.py b/pskc/encryption.py
index fec4166..a9324e6 100644
--- a/pskc/encryption.py
+++ b/pskc/encryption.py
@@ -1,7 +1,7 @@
# encryption.py - module for handling encrypted values
# coding: utf-8
#
-# Copyright (C) 2014 Arthur de Jong
+# Copyright (C) 2014-2015 Arthur de Jong
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -136,18 +136,20 @@ class KeyDerivation(object):
return
self.algorithm = key_deriviation.get('Algorithm')
# PBKDF2 properties
- pbkdf2 = find(key_deriviation, 'xenc11:PBKDF2-params')
- if pbkdf2 is None:
- pbkdf2 = find(key_deriviation, 'pkcs5:PBKDF2-params')
+ pbkdf2 = find(
+ key_deriviation, 'xenc11:PBKDF2-params', 'pkcs5:PBKDF2-params')
if pbkdf2 is not None:
# get used salt
- self.pbkdf2_salt = findbin(pbkdf2, 'Salt/Specified')
+ self.pbkdf2_salt = findbin(
+ pbkdf2, 'Salt/Specified', 'xenc11:Salt/xenc11:Specified')
# required number of iterations
- self.pbkdf2_iterations = findint(pbkdf2, 'IterationCount')
+ self.pbkdf2_iterations = findint(
+ pbkdf2, 'IterationCount', 'xenc11:IterationCount')
# key length
- self.pbkdf2_key_length = findint(pbkdf2, 'KeyLength')
+ self.pbkdf2_key_length = findint(
+ pbkdf2, 'KeyLength', 'xenc11:KeyLength')
# pseudorandom function used
- prf = find(pbkdf2, 'PRF')
+ prf = find(pbkdf2, 'PRF', 'xenc11:PRF')
if prf is not None:
self.pbkdf2_prf = prf.get('Algorithm')
diff --git a/pskc/xml.py b/pskc/xml.py
index 539870b..a45793a 100644
--- a/pskc/xml.py
+++ b/pskc/xml.py
@@ -1,7 +1,7 @@
# xml.py - module for parsing and writing XML for PSKC files
# coding: utf-8
#
-# Copyright (C) 2014 Arthur de Jong
+# Copyright (C) 2014-2015 Arthur de Jong
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -58,43 +58,44 @@ def parse(source):
def findall(tree, match):
- """Find a child element (or None)."""
+ """Find the child elements."""
return tree.findall(match, namespaces=namespaces)
-def find(tree, match):
- """Find a child element (or None)."""
- try:
- return iter(findall(tree, match)).next()
- except StopIteration:
- return None
+def find(tree, *matches):
+ """Find a child element that matches any of the patterns (or None)."""
+ for match in matches:
+ try:
+ return iter(findall(tree, match)).next()
+ except StopIteration:
+ pass
-def findtext(tree, match):
+def findtext(tree, *matches):
"""Get the text value of an element (or None)."""
- element = find(tree, match)
+ element = find(tree, *matches)
if element is not None:
return element.text.strip()
-def findint(tree, match):
+def findint(tree, *matches):
"""Return an element value as an int (or None)."""
- value = findtext(tree, match)
+ value = findtext(tree, *matches)
if value:
return int(value)
-def findtime(tree, match):
+def findtime(tree, *matches):
"""Return an element value as a datetime (or None)."""
- value = findtext(tree, match)
+ value = findtext(tree, *matches)
if value:
import dateutil.parser
return dateutil.parser.parse(value)
-def findbin(tree, match):
+def findbin(tree, *matches):
"""Return the binary element value base64 decoded."""
- value = findtext(tree, match)
+ value = findtext(tree, *matches)
if value:
import base64
return base64.b64decode(value)
diff --git a/tests/SampleFullyQualifiedNS.xml b/tests/SampleFullyQualifiedNS.xml
new file mode 100644
index 0000000..c09340d
--- /dev/null
+++ b/tests/SampleFullyQualifiedNS.xml
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="utf-8"?>
+<pskc:KeyContainer xmlns:xenc11="http://www.w3.org/2009/xmlenc11#";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:pkcs5="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Version="1.0"
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc">
+ <pskc:EncryptionKey>
+ <xenc11:DerivedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc"
xmlns:pkcs5="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
xmlns:xenc11="http://www.w3.org/2009/xmlenc11#";>
+ <xenc11:KeyDerivationMethod
Algorithm="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2";>
+ <xenc11:PBKDF2-params xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc"
xmlns:pkcs5="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
xmlns:xenc11="http://www.w3.org/2009/xmlenc11#";>
+ <xenc11:Salt>
+
<xenc11:Specified>C8R6xBQu36C7Z1zDXc8rN//pE3ksB2rK</xenc11:Specified>
+ </xenc11:Salt>
+ <xenc11:IterationCount>249</xenc11:IterationCount>
+ <xenc11:KeyLength>16</xenc11:KeyLength>
+ <xenc11:PRF />
+ </xenc11:PBKDF2-params>
+ </xenc11:KeyDerivationMethod>
+ <xenc:ReferenceList>
+ <xenc:DataReference URI="#ED" />
+ </xenc:ReferenceList>
+ <xenc11:MasterKeyName>PassPhrase</xenc11:MasterKeyName>
+ </xenc11:DerivedKey>
+ </pskc:EncryptionKey>
+ <pskc:MACMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";>
+ <pskc:MACKey>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; />
+ <xenc:CipherData>
+
<xenc:CipherValue>rBdEN+D5lY5511A1isLWvCHzZAhDJ779KFlvoIv48VFT/FJjLfzOpGDSeGonSLjk</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:MACKey>
+ </pskc:MACMethod>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Company</pskc:Manufacturer>
+ <pskc:SerialNo>XXXX0000001F</pskc:SerialNo>
+ <pskc:Model>Token</pskc:Model>
+ <pskc:IssueNo>1</pskc:IssueNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Id="XXXX0000001F#1"
Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:totp">
+ <pskc:Issuer>Company</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>HMAC-SHA256</pskc:Suite>
+ <pskc:ResponseFormat Encoding="DECIMAL" Length="6" />
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; />
+ <xenc:CipherData>
+
<xenc:CipherValue>PTTVlVTEiH/4HdphmBhxFJ7h5bGu5x476HXYd5jUtELg+MVqv+28/V1qT2bXdZXQ5rISLRNsZV0solNfH5WOSQ==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>snQNqaSQl8vxksYL9dDPrS0LHxM=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:PlainValue>0</pskc:PlainValue>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:PlainValue>172800</pskc:PlainValue>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ <pskc:Policy>
+ <pskc:KeyUsage>OTP</pskc:KeyUsage>
+ </pskc:Policy>
+ </pskc:Key>
+ </pskc:KeyPackage>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Company</pskc:Manufacturer>
+ <pskc:SerialNo>XXXX0000001F</pskc:SerialNo>
+ <pskc:Model>Token</pskc:Model>
+ <pskc:IssueNo>2</pskc:IssueNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Id="XXXX0000001F#2"
Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra">
+ <pskc:Issuer>Company</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:Suite>OCRA-1:HOTP-SHA256-9:QN02-T2H</pskc:Suite>
+ <pskc:ResponseFormat Encoding="DECIMAL" Length="9" />
+ <pskc:ChallengeFormat Encoding="DECIMAL" Min="0" Max="2" />
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; />
+ <xenc:CipherData>
+
<xenc:CipherValue>gO8BOgs+yOpfbrvdWV7eyi9/LdNkD/YwpXSllE+koMWkx/9n0Ms3D51Q5Av4KbRyrlGHOO61oeRYI0FYSbrdRg==</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>L1Pne7RIEU1oLM+1kok2zfsfNSw=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Time>
+ <pskc:PlainValue>0</pskc:PlainValue>
+ </pskc:Time>
+ <pskc:TimeInterval>
+ <pskc:PlainValue>7200</pskc:PlainValue>
+ </pskc:TimeInterval>
+ </pskc:Data>
+ <pskc:Policy>
+ <pskc:KeyUsage>CR</pskc:KeyUsage>
+ </pskc:Policy>
+ </pskc:Key>
+ </pskc:KeyPackage>
+</pskc:KeyContainer>
diff --git a/tests/test_misc.doctest b/tests/test_misc.doctest
index 0b9604c..3912463 100644
--- a/tests/test_misc.doctest
+++ b/tests/test_misc.doctest
@@ -1,6 +1,6 @@
test_misc.doctest - miscellaneous tests
-Copyright (C) 2014 Arthur de Jong
+Copyright (C) 2014-2015 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -77,3 +77,16 @@ Load an PSKC file with an odd namespace.
'Issuer-A'
>>> key.secret
'1234'
+
+
+Load a PSKC file that uses the xenc11 namespace for the PBKDF2 parameters.
+
+>>> pskc = PSKC('tests/SampleFullyQualifiedNS.xml')
+>>> pskc.encryption.key_name
+'PassPhrase'
+>>> pskc.encryption.derive_key('3FCA3158035072D6')
+>>> key = pskc.keys[0]
+>>> key.secret.encode('hex')
+'09fbecfd0bf47910839e2eb05ffa10b95cd0390950ce32ab790583ed134171e0'
+>>> key.check()
+True
-----------------------------------------------------------------------
Summary of changes:
pskc/encryption.py | 18 ++++---
pskc/xml.py | 33 +++++++------
tests/SampleFullyQualifiedNS.xml | 100 ++++++++++++++++++++++++++++++++++++++
tests/test_misc.doctest | 15 +++++-
4 files changed, 141 insertions(+), 25 deletions(-)
create mode 100644 tests/SampleFullyQualifiedNS.xml
hooks/post-receive
--
python-pskc
--
To unsubscribe send an email to
python-pskc-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/python-pskc-commits/
- python-pskc branch master updated. 0.2-10-g68b20e2,
Commits of the python-pskc project
