python-pskc branch master updated. 0.2-11-g671b6e2
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
python-pskc branch master updated. 0.2-11-g671b6e2
- From: Commits of the python-pskc project <python-pskc-commits [at] lists.arthurdejong.org>
- To: python-pskc-commits [at] lists.arthurdejong.org
- Reply-to: python-pskc-users [at] lists.arthurdejong.org
- Subject: python-pskc branch master updated. 0.2-11-g671b6e2
- Date: Tue, 6 Oct 2015 23:52:59 +0200 (CEST)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "python-pskc".
The branch, master has been updated
via 671b6e2a751322ceb19b324041c78d856ec53d26 (commit)
from 68b20e272d5546c94bffd90002732a55696f8978 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://arthurdejong.org/git/python-pskc/commit/?id=671b6e2a751322ceb19b324041c78d856ec53d26
commit 671b6e2a751322ceb19b324041c78d856ec53d26
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Tue Oct 6 22:50:37 2015 +0200
Support Python 3
This enables support for Python 3 together with Python 2 support with a
single codebase.
On Python 3 key data is passed around as bytestrings which makes the
doctests a little harder to maintain across Python versions.
diff --git a/pskc/__init__.py b/pskc/__init__.py
index 6edef85..8a7fa0c 100644
--- a/pskc/__init__.py
+++ b/pskc/__init__.py
@@ -1,7 +1,7 @@
# __init__.py - main module
# coding: utf-8
#
-# Copyright (C) 2014 Arthur de Jong
+# Copyright (C) 2014-2015 Arthur de Jong
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -34,7 +34,7 @@ The following prints all keys, decrypting using a password:
>>> pskc = PSKC('tests/rfc6030-figure7.pskcxml')
>>> pskc.encryption.derive_key('qwerty')
>>> for key in pskc.keys:
-... print key.serial, key.secret
+... print('%s %s' % (key.serial, str(key.secret.decode())))
987654321 12345678901234567890
The module should be able to handle most common PSKC files. Checking embedded
diff --git a/pskc/crypto/aeskw.py b/pskc/crypto/aeskw.py
index 24e90b0..eeafed1 100644
--- a/pskc/crypto/aeskw.py
+++ b/pskc/crypto/aeskw.py
@@ -1,7 +1,7 @@
# aeskw.py - implementation of AES key wrapping
# coding: utf-8
#
-# Copyright (C) 2014 Arthur de Jong
+# Copyright (C) 2014-2015 Arthur de Jong
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -20,6 +20,8 @@
"""Implement key wrapping as described in RFC 3394 and RFC 5649."""
+import binascii
+
from Crypto.Cipher import AES
from Crypto.Util.number import bytes_to_long, long_to_bytes
from Crypto.Util.strxor import strxor
@@ -31,8 +33,8 @@ def _split(value):
return value[:8], value[8:]
-RFC3394_IV = 'a6a6a6a6a6a6a6a6'.decode('hex')
-RFC5649_IV = 'a65959a6'.decode('hex')
+RFC3394_IV = binascii.a2b_hex('a6a6a6a6a6a6a6a6')
+RFC5649_IV = binascii.a2b_hex('a65959a6')
def wrap(plaintext, key, iv=None, pad=None):
@@ -54,7 +56,7 @@ def wrap(plaintext, key, iv=None, pad=None):
raise EncryptionError('Plaintext length wrong')
if mli % 8 != 0 and pad is not False:
r = (mli + 7) // 8
- plaintext += ((r * 8) - mli) * '\0'
+ plaintext += ((r * 8) - mli) * b'\0'
if iv is None:
if len(plaintext) != mli or pad is True:
@@ -63,7 +65,7 @@ def wrap(plaintext, key, iv=None, pad=None):
iv = RFC3394_IV
encrypt = AES.new(key).encrypt
- n = len(plaintext) / 8
+ n = len(plaintext) // 8
if n == 1:
# RFC 5649 shortcut
@@ -76,7 +78,7 @@ def wrap(plaintext, key, iv=None, pad=None):
for i in range(n):
A, R[i] = _split(encrypt(A + R[i]))
A = strxor(A, long_to_bytes(n * j + i + 1, 8))
- return A + ''.join(R)
+ return A + b''.join(R)
def unwrap(ciphertext, key, iv=None, pad=None):
@@ -95,7 +97,7 @@ def unwrap(ciphertext, key, iv=None, pad=None):
raise DecryptionError('Ciphertext length wrong')
decrypt = AES.new(key).decrypt
- n = len(ciphertext) / 8 - 1
+ n = len(ciphertext) // 8 - 1
if n == 1:
A, plaintext = _split(decrypt(ciphertext))
@@ -107,16 +109,16 @@ def unwrap(ciphertext, key, iv=None, pad=None):
for i in reversed(range(n)):
A = strxor(A, long_to_bytes(n * j + i + 1, 8))
A, R[i] = _split(decrypt(A + R[i]))
- plaintext = ''.join(R)
+ plaintext = b''.join(R)
if iv is None:
if A == RFC3394_IV and pad is not True:
return plaintext
elif A[:4] == RFC5649_IV and pad is not False:
mli = bytes_to_long(A[4:])
- # check padding length is valid and only contains zeros
+ # check padding length is valid and plaintext only contains zeros
if 8 * (n - 1) < mli <= 8 * n and \
- all(x == '\0' for x in plaintext[mli:]):
+ plaintext.endswith((len(plaintext) - mli) * b'\0'):
return plaintext[:mli]
elif A == iv:
return plaintext
diff --git a/pskc/crypto/tripledeskw.py b/pskc/crypto/tripledeskw.py
index 47c93f1..a135ebd 100644
--- a/pskc/crypto/tripledeskw.py
+++ b/pskc/crypto/tripledeskw.py
@@ -1,7 +1,7 @@
# tripledeskw.py - implementation of Triple DES key wrapping
# coding: utf-8
#
-# Copyright (C) 2014 Arthur de Jong
+# Copyright (C) 2014-2015 Arthur de Jong
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -20,6 +20,8 @@
"""Implement Triple DES key wrapping as described in RFC 3217."""
+import binascii
+
from Crypto import Random
from Crypto.Cipher import DES3
from Crypto.Hash import SHA
@@ -32,7 +34,7 @@ def _cms_hash(value):
return SHA.new(value).digest()[:8]
-RFC3217_IV = '4adda22c79e82105'.decode('hex')
+RFC3217_IV = binascii.a2b_hex('4adda22c79e82105')
def wrap(plaintext, key, iv=None):
@@ -48,7 +50,7 @@ def wrap(plaintext, key, iv=None):
cipher = DES3.new(key, DES3.MODE_CBC, iv)
tmp = iv + cipher.encrypt(plaintext + _cms_hash(plaintext))
cipher = DES3.new(key, DES3.MODE_CBC, RFC3217_IV)
- return cipher.encrypt(''.join(reversed(tmp)))
+ return cipher.encrypt(tmp[::-1])
def unwrap(ciphertext, key):
@@ -59,7 +61,7 @@ def unwrap(ciphertext, key):
if len(ciphertext) % DES3.block_size != 0:
raise DecryptionError('Ciphertext length wrong')
cipher = DES3.new(key, DES3.MODE_CBC, RFC3217_IV)
- tmp = ''.join(reversed(cipher.decrypt(ciphertext)))
+ tmp = cipher.decrypt(ciphertext)[::-1]
cipher = DES3.new(key, DES3.MODE_CBC, tmp[:8])
tmp = cipher.decrypt(tmp[8:])
if tmp[-8:] == _cms_hash(tmp[:-8]):
diff --git a/pskc/encryption.py b/pskc/encryption.py
index a9324e6..4911662 100644
--- a/pskc/encryption.py
+++ b/pskc/encryption.py
@@ -30,7 +30,7 @@ The encryption key can be derived using the KeyDerivation
class.
def unpad(value):
"""Remove padding from the plaintext."""
- return value[0:-ord(value[-1])]
+ return value[0:-ord(value[-1:])]
class EncryptedValue(object):
diff --git a/pskc/key.py b/pskc/key.py
index 9e29e2e..af5f87d 100644
--- a/pskc/key.py
+++ b/pskc/key.py
@@ -1,7 +1,7 @@
# key.py - module for handling keys from pskc files
# coding: utf-8
#
-# Copyright (C) 2014 Arthur de Jong
+# Copyright (C) 2014-2015 Arthur de Jong
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -102,7 +102,10 @@ class BinaryDataType(DataType):
def to_text(self, value):
"""Convert the value to an unencrypted string representation."""
- return base64.b64encode(value)
+ # force conversion to bytestring on Python 3
+ if not isinstance(value, type(b'')):
+ value = value.encode()
+ return base64.b64encode(value).decode()
def from_bin(self, value):
"""Convert the unencrypted binary to native representation."""
diff --git a/pskc/policy.py b/pskc/policy.py
index 4f0c64c..94b7c06 100644
--- a/pskc/policy.py
+++ b/pskc/policy.py
@@ -1,7 +1,7 @@
# policy.py - module for handling PSKC policy information
# coding: utf-8
#
-# Copyright (C) 2014 Arthur de Jong
+# Copyright (C) 2014-2015 Arthur de Jong
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -181,4 +181,4 @@ class Policy(object):
"""PIN value referenced by PINKeyId if any."""
key = self.pin_key
if key:
- return key.secret
+ return str(key.secret.decode())
diff --git a/pskc/xml.py b/pskc/xml.py
index a45793a..1de2485 100644
--- a/pskc/xml.py
+++ b/pskc/xml.py
@@ -66,7 +66,7 @@ def find(tree, *matches):
"""Find a child element that matches any of the patterns (or None)."""
for match in matches:
try:
- return iter(findall(tree, match)).next()
+ return next(iter(findall(tree, match)))
except StopIteration:
pass
@@ -138,7 +138,7 @@ def mk_elem(parent, tag=None, text=None, empty=False,
**kwargs):
empty = True
# don't create empty elements
if not empty and text is None and \
- all(x is None for x in kwargs.itervalues()):
+ all(x is None for x in kwargs.values()):
return
# replace namespace identifier with URL
if ':' in tag:
@@ -152,7 +152,7 @@ def mk_elem(parent, tag=None, text=None, empty=False,
**kwargs):
if text is not None:
element.text = _format(text)
# set kwargs as attributes
- for k, v in kwargs.iteritems():
+ for k, v in kwargs.items():
if v is not None:
element.set(k, _format(v))
return element
diff --git a/setup.py b/setup.py
index 8562e79..054f6bd 100755
--- a/setup.py
+++ b/setup.py
@@ -2,7 +2,7 @@
# setup.py - python-pskc installation script
#
-# Copyright (C) 2014 Arthur de Jong
+# Copyright (C) 2014-2015 Arthur de Jong
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -51,7 +51,9 @@ setup(
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.6',
'Programming Language :: Python :: 2.7',
- 'Topic :: Security :: Cryptography',
+ 'Programming Language :: Python :: 3',
+ 'Programming Language :: Python :: 3.4',
+ 'Programming Language :: Python :: 3.5',
'Topic :: Software Development :: Libraries :: Python Modules',
'Topic :: Text Processing :: Markup :: XML',
],
diff --git a/tests/test_aeskw.doctest b/tests/test_aeskw.doctest
index 2d9cbd7..efd90e3 100644
--- a/tests/test_aeskw.doctest
+++ b/tests/test_aeskw.doctest
@@ -1,6 +1,6 @@
test_keywrap.doctest - test keywrap functions
-Copyright (C) 2014 Arthur de Jong
+Copyright (C) 2014-2015 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -18,14 +18,15 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
MA
02110-1301 USA
+>>> from binascii import a2b_hex
>>> from pskc.crypto.aeskw import wrap, unwrap
Wrap 128 bits of Key Data with a 128-bit KEK (test vector 4.1 from RFC 3394).
->>> key = '000102030405060708090A0B0C0D0E0F'.decode('hex')
->>> plaintext = '00112233445566778899AABBCCDDEEFF'.decode('hex')
->>> ciphertext =
'1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5'.decode('hex')
+>>> key = a2b_hex('000102030405060708090A0B0C0D0E0F')
+>>> plaintext = a2b_hex('00112233445566778899AABBCCDDEEFF')
+>>> ciphertext = a2b_hex('1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5')
>>> wrap(plaintext, key) == ciphertext
True
>>> unwrap(ciphertext, key) == plaintext
@@ -34,9 +35,9 @@ True
Wrap 128 bits of Key Data with a 192-bit KEK (test vector 4.2 from RFC 3394).
->>> key = '000102030405060708090A0B0C0D0E0F1011121314151617'.decode('hex')
->>> plaintext = '00112233445566778899AABBCCDDEEFF'.decode('hex')
->>> ciphertext =
'96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D'.decode('hex')
+>>> key = a2b_hex('000102030405060708090A0B0C0D0E0F1011121314151617')
+>>> plaintext = a2b_hex('00112233445566778899AABBCCDDEEFF')
+>>> ciphertext = a2b_hex('96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D')
>>> wrap(plaintext, key) == ciphertext
True
>>> unwrap(ciphertext, key) == plaintext
@@ -45,9 +46,9 @@ True
Wrap 128 bits of Key Data with a 256-bit KEK (test vector 4.3 from RFC 3394).
->>> key =
'000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F'.decode('hex')
->>> plaintext = '00112233445566778899AABBCCDDEEFF'.decode('hex')
->>> ciphertext =
'64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7'.decode('hex')
+>>> key =
a2b_hex('000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F')
+>>> plaintext = a2b_hex('00112233445566778899AABBCCDDEEFF')
+>>> ciphertext = a2b_hex('64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7')
>>> wrap(plaintext, key) == ciphertext
True
>>> unwrap(ciphertext, key) == plaintext
@@ -56,9 +57,9 @@ True
Wrap 192 bits of Key Data with a 192-bit KEK (test vector 4.4 from RFC 3394).
->>> key = '000102030405060708090A0B0C0D0E0F1011121314151617'.decode('hex')
->>> plaintext =
'00112233445566778899AABBCCDDEEFF0001020304050607'.decode('hex')
->>> ciphertext =
'031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2'.decode('hex')
+>>> key = a2b_hex('000102030405060708090A0B0C0D0E0F1011121314151617')
+>>> plaintext = a2b_hex('00112233445566778899AABBCCDDEEFF0001020304050607')
+>>> ciphertext =
a2b_hex('031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2')
>>> wrap(plaintext, key) == ciphertext
True
>>> unwrap(ciphertext, key) == plaintext
@@ -67,9 +68,9 @@ True
Wrap 192 bits of Key Data with a 256-bit KEK (test vector 4.5 from RFC 3394).
->>> key =
'000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F'.decode('hex')
->>> plaintext =
'00112233445566778899AABBCCDDEEFF0001020304050607'.decode('hex')
->>> ciphertext =
'A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1'.decode('hex')
+>>> key =
a2b_hex('000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F')
+>>> plaintext = a2b_hex('00112233445566778899AABBCCDDEEFF0001020304050607')
+>>> ciphertext =
a2b_hex('A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1')
>>> wrap(plaintext, key) == ciphertext
True
>>> unwrap(ciphertext, key) == plaintext
@@ -78,9 +79,9 @@ True
Wrap 256 bits of Key Data with a 256-bit KEK (test vector 4.6 from RFC 3394).
->>> key =
'000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F'.decode('hex')
->>> plaintext =
'00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F'.decode('hex')
->>> ciphertext =
'28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21'.decode('hex')
+>>> key =
a2b_hex('000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F')
+>>> plaintext =
a2b_hex('00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F')
+>>> ciphertext =
a2b_hex('28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21')
>>> wrap(plaintext, key) == ciphertext
True
>>> unwrap(ciphertext, key) == plaintext
@@ -89,7 +90,7 @@ True
Mangling the ciphertext and unwrapping results in an exception:
->>> ciphertext = 'XX' + ciphertext[2:]
+>>> ciphertext = b'XX' + ciphertext[2:]
>>> unwrap(ciphertext, key)
Traceback (most recent call last):
...
@@ -103,9 +104,9 @@ DecryptionError: Ciphertext length wrong
Wrap 20 octets with a 192-bit key (first example from section 6 of RFC 5649).
->>> key = '5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8'.decode('hex')
->>> plaintext = 'c37b7e6492584340bed12207808941155068f738'.decode('hex')
->>> ciphertext =
'138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a'.decode('hex')
+>>> key = a2b_hex('5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8')
+>>> plaintext = a2b_hex('c37b7e6492584340bed12207808941155068f738')
+>>> ciphertext =
a2b_hex('138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a')
>>> wrap(plaintext, key) == ciphertext
True
>>> unwrap(ciphertext, key) == plaintext
@@ -122,9 +123,9 @@ DecryptionError: IV does not match
Wrap 7 octets with a 192-bit key (second example from section 6 of RFC 5649).
->>> key = '5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8'.decode('hex')
->>> plaintext = '466f7250617369'.decode('hex')
->>> ciphertext = 'afbeb0f07dfbf5419200f2ccb50bb24f'.decode('hex')
+>>> key = a2b_hex('5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8')
+>>> plaintext = a2b_hex('466f7250617369')
+>>> ciphertext = a2b_hex('afbeb0f07dfbf5419200f2ccb50bb24f')
>>> wrap(plaintext, key) == ciphertext
True
>>> unwrap(ciphertext, key) == plaintext
@@ -141,14 +142,14 @@ DecryptionError: Ciphertext length wrong
Normally padding is only done if needed but it can be forced.
->>> key = '000102030405060708090A0B0C0D0E0F'.decode('hex')
->>> plaintext = '00112233445566778899AABBCCDDEEFF'.decode('hex')
->>> ciphertext =
'1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5'.decode('hex')
+>>> key = a2b_hex('000102030405060708090A0B0C0D0E0F')
+>>> plaintext = a2b_hex('00112233445566778899AABBCCDDEEFF')
+>>> ciphertext = a2b_hex('1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5')
>>> wrap(plaintext, key) == ciphertext
True
>>> unwrap(ciphertext, key) == plaintext
True
->>> ciphertext =
'2cef0c9e30de26016c230cb78bc60d51b1fe083ba0c79cd5'.decode('hex')
+>>> ciphertext = a2b_hex('2cef0c9e30de26016c230cb78bc60d51b1fe083ba0c79cd5')
>>> wrap(plaintext, key, pad=True) == ciphertext
True
>>> unwrap(ciphertext, key) == plaintext
@@ -162,9 +163,9 @@ DecryptionError: IV does not match
Padding can also be disabled. This also disables the shortcut for small
plaintexts as described in RFC 5649.
->>> key = '000102030405060708090A0B0C0D0E0F'.decode('hex')
->>> plaintext = '0011223344556677'.decode('hex')
->>> ciphertext = 'f4740052e82a225174ce86fbd7b805e7'.decode('hex')
+>>> key = a2b_hex('000102030405060708090A0B0C0D0E0F')
+>>> plaintext = a2b_hex('0011223344556677')
+>>> ciphertext = a2b_hex('f4740052e82a225174ce86fbd7b805e7')
>>> wrap(plaintext, key) == ciphertext
True
>>> unwrap(ciphertext, key) == plaintext
@@ -181,15 +182,15 @@ DecryptionError: Ciphertext length wrong
Lastly, an explicit IV can be set but this disables the padding functionality.
->>> key = '000102030405060708090A0B0C0D0E0F'.decode('hex')
->>> plaintext = '0011223344556677'.decode('hex')
->>> iv = '1010101010101010'.decode('hex')
+>>> key = a2b_hex('000102030405060708090A0B0C0D0E0F')
+>>> plaintext = a2b_hex('0011223344556677')
+>>> iv = a2b_hex('1010101010101010')
>>> wrap(plaintext, key, iv)
Traceback (most recent call last):
...
EncryptionError: Plaintext length wrong
->>> plaintext = '00112233445566778899AABBCCDDEEFF'.decode('hex')
->>> ciphertext =
'4cd926c570e19c35ace71d59a1062dae850e6a709066e0bf'.decode('hex')
+>>> plaintext = a2b_hex('00112233445566778899AABBCCDDEEFF')
+>>> ciphertext = a2b_hex('4cd926c570e19c35ace71d59a1062dae850e6a709066e0bf')
>>> wrap(plaintext, key, iv) == ciphertext
True
>>> unwrap(ciphertext, key, iv) == plaintext
diff --git a/tests/test_draft_keyprov.doctest b/tests/test_draft_keyprov.doctest
index f01299d..8cd5f64 100644
--- a/tests/test_draft_keyprov.doctest
+++ b/tests/test_draft_keyprov.doctest
@@ -1,7 +1,7 @@
test_draft_keyprov.doctest - test for examples from
draft-hoyer-keyprov-pskc-algorithm-profiles-01
-Copyright (C) 2014 Arthur de Jong
+Copyright (C) 2014-2015 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -19,6 +19,9 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA
+>>> def tostr(x):
+... return str(x.decode())
+
>>> from pskc import PSKC
@@ -50,7 +53,7 @@ draft-hoyer-keyprov-pskc-algorithm-profiles-01.
'DECIMAL'
>>> key.response_length
8
->>> key.secret
+>>> tostr(key.secret)
'12345678901234567890'
>>> key.counter
0
@@ -79,7 +82,7 @@ described in section 4 of
draft-hoyer-keyprov-pskc-algorithm-profiles-01.
'DECIMAL'
>>> key.response_length
6
->>> key.secret
+>>> tostr(key.secret)
'12345678901234567890'
>>> key.time_offset
0
@@ -112,7 +115,7 @@ described in section 6 of
draft-hoyer-keyprov-pskc-algorithm-profiles-01.
'DECIMAL'
>>> key.response_length
6
->>> key.secret
+>>> tostr(key.secret)
'12345678901234567890'
>>> key.counter
0
@@ -145,7 +148,7 @@ described in section 8 of
draft-hoyer-keyprov-pskc-algorithm-profiles-01.
'DECIMAL'
>>> key.response_length
8
->>> key.secret
+>>> tostr(key.secret)
'12345678901234567890'
>>> key.counter
0
diff --git a/tests/test_encryption.doctest b/tests/test_encryption.doctest
index c2a12a2..928d2d3 100644
--- a/tests/test_encryption.doctest
+++ b/tests/test_encryption.doctest
@@ -1,6 +1,6 @@
test_encryption.doctest - test various encryption schemes
-Copyright (C) 2014 Arthur de Jong
+Copyright (C) 2014-2015 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -18,93 +18,100 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
MA
02110-1301 USA
+>>> from binascii import a2b_hex, b2a_hex
+>>> def tostr(x):
+... return str(x.decode())
+>>> def decode(f):
+... return lambda x: tostr(f(x))
+>>> b2a_hex = decode(b2a_hex)
+
>>> from pskc import PSKC
>>> pskc = PSKC('tests/aes128-cbc.pskcxml')
->>> pskc.encryption.key = '12345678901234567890123456789012'.decode('hex')
->>> pskc.keys[0].secret
+>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
+>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> pskc.mac.algorithm
'http://www.w3.org/2001/04/xmldsig-more#hmac-sha224'
->>> pskc.mac.key
+>>> tostr(pskc.mac.key)
'MacMacMacMacMacMacMa'
>>> pskc = PSKC('tests/aes192-cbc.pskcxml')
->>> pskc.encryption.key = '12345678901234567890123456789012'.decode('hex')
+>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> pskc.keys[0].secret
Traceback (most recent call last):
...
DecryptionError: Invalid key length
->>> pskc.encryption.key =
'123456789012345678901234567890123456789012345678'.decode('hex')
->>> pskc.keys[0].secret
+>>> pskc.encryption.key =
a2b_hex('123456789012345678901234567890123456789012345678')
+>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> pskc.mac.algorithm
'http://www.w3.org/2001/04/xmldsig-more#hmac-sha256'
->>> pskc.mac.key
+>>> tostr(pskc.mac.key)
'MacMacMacMacMacMacMa'
>>> pskc = PSKC('tests/aes256-cbc.pskcxml')
->>> pskc.encryption.key =
'1234567890123456789012345678901234567890123456789012345678901234'.decode('hex')
->>> pskc.keys[0].secret
+>>> pskc.encryption.key =
a2b_hex('1234567890123456789012345678901234567890123456789012345678901234')
+>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> pskc.mac.algorithm
'http://www.w3.org/2001/04/xmldsig-more#hmac-sha384'
->>> pskc.mac.key
+>>> tostr(pskc.mac.key)
'MacMacMacMacMacMacMa'
>>> pskc = PSKC('tests/tripledes-cbc.pskcxml')
->>> pskc.encryption.key = '1234'.decode('hex')
+>>> pskc.encryption.key = a2b_hex('1234')
>>> pskc.keys[0].secret
Traceback (most recent call last):
...
DecryptionError: Invalid key length
->>> pskc.encryption.key = '12345678901234567890123456789012'.decode('hex')
->>> pskc.keys[0].secret
+>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
+>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> pskc.mac.algorithm
'http://www.w3.org/2001/04/xmldsig-more#hmac-sha512'
->>> pskc.mac.key
+>>> tostr(pskc.mac.key)
'MacMacMacMacMacMacMa'
>>> pskc = PSKC('tests/kw-aes128.pskcxml')
->>> pskc.encryption.key = '1234'.decode('hex')
+>>> pskc.encryption.key = a2b_hex('1234')
>>> pskc.keys[0].secret
Traceback (most recent call last):
...
DecryptionError: Invalid key length
->>> pskc.encryption.key = '000102030405060708090a0b0c0d0e0f'.decode('hex')
->>> pskc.keys[0].secret.encode('hex')
+>>> pskc.encryption.key = a2b_hex('000102030405060708090a0b0c0d0e0f')
+>>> b2a_hex(pskc.keys[0].secret)
'00112233445566778899aabbccddeeff'
>>> pskc = PSKC('tests/kw-aes192.pskcxml')
->>> pskc.encryption.key = '000102030405060708090a0b0c0d0e0f'.decode('hex')
+>>> pskc.encryption.key = a2b_hex('000102030405060708090a0b0c0d0e0f')
>>> pskc.keys[0].secret
Traceback (most recent call last):
...
DecryptionError: Invalid key length
->>> pskc.encryption.key =
'000102030405060708090a0b0c0d0e0f1011121314151617'.decode('hex')
->>> pskc.keys[0].secret.encode('hex')
+>>> pskc.encryption.key =
a2b_hex('000102030405060708090a0b0c0d0e0f1011121314151617')
+>>> b2a_hex(pskc.keys[0].secret)
'00112233445566778899aabbccddeeff'
>>> pskc = PSKC('tests/kw-aes256.pskcxml')
->>> pskc.encryption.key =
'000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f'.decode('hex')
->>> pskc.keys[0].secret.encode('hex')
+>>> pskc.encryption.key =
a2b_hex('000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f')
+>>> b2a_hex(pskc.keys[0].secret)
'00112233445566778899aabbccddeeff0001020304050607'
>>> pskc = PSKC('tests/kw-tripledes.pskcxml')
->>> pskc.encryption.key = '255e0d1c07b646dfb3134cc843ba8aa71f'.decode('hex')
+>>> pskc.encryption.key = a2b_hex('255e0d1c07b646dfb3134cc843ba8aa71f')
>>> pskc.keys[0].secret
Traceback (most recent call last):
...
DecryptionError: Invalid key length
->>> pskc.encryption.key =
'255e0d1c07b646dfb3134cc843ba8aa71f025b7c0838251f'.decode('hex')
->>> pskc.keys[0].secret.encode('hex')
+>>> pskc.encryption.key =
a2b_hex('255e0d1c07b646dfb3134cc843ba8aa71f025b7c0838251f')
+>>> b2a_hex(pskc.keys[0].secret)
'2923bf85e06dd6ae529149f1f1bae9eab3a7da3d860d3e98'
diff --git a/tests/test_invalid.doctest b/tests/test_invalid.doctest
index adb1acf..4a1c314 100644
--- a/tests/test_invalid.doctest
+++ b/tests/test_invalid.doctest
@@ -1,6 +1,6 @@
test_invalid.doctest - test for invalid PSKC file
-Copyright (C) 2014 Arthur de Jong
+Copyright (C) 2014-2015 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -18,6 +18,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA
+>>> from binascii import a2b_hex
>>> from pskc import PSKC
@@ -59,7 +60,7 @@ algorithm specified.
Traceback (most recent call last):
...
DecryptionError: No key available
->>> pskc.encryption.key = '12345678901234567890123456789012'.decode('hex')
+>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> key.secret
Traceback (most recent call last):
...
@@ -106,7 +107,7 @@ KeyDerivationError: Pseudorandom function unsupported: ...
There is a ValueMAC element but no MACMethod element.
>>> pskc = PSKC('tests/invalid-no-mac-method.pskcxml')
->>> pskc.encryption.key = '12345678901234567890123456789012'.decode('hex')
+>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> key = pskc.keys[0]
>>> key.id
'12345678'
@@ -119,7 +120,7 @@ DecryptionError: No MAC key available
There is an unknown algorithm specified in MACMethod.
>>> pskc = PSKC('tests/invalid-mac-algorithm.pskcxml')
->>> pskc.encryption.key = '12345678901234567890123456789012'.decode('hex')
+>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> key = pskc.keys[0]
>>> key.id
'12345678'
@@ -133,7 +134,7 @@ The MAC value does not match the calculated MAC, something
was modified in
transit.
>>> pskc = PSKC('tests/invalid-mac-value.pskcxml')
->>> pskc.encryption.key = '12345678901234567890123456789012'.decode('hex')
+>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> key = pskc.keys[0]
>>> key.id
'12345678'
diff --git a/tests/test_misc.doctest b/tests/test_misc.doctest
index 3912463..ea20a03 100644
--- a/tests/test_misc.doctest
+++ b/tests/test_misc.doctest
@@ -18,13 +18,23 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
MA
02110-1301 USA
+>>> from binascii import b2a_hex
+>>> def tostr(x):
+... return str(x.decode())
+>>> def decode(f):
+... return lambda x: tostr(f(x))
+>>> b2a_hex = decode(b2a_hex)
+
>>> from pskc import PSKC
This tests the most minimal valid PSKC file with one empty key.
->>> import StringIO
->>> minimal_pskc = StringIO.StringIO('''
+>>> try:
+... from StringIO import StringIO
+... except ImportError:
+... from io import StringIO
+>>> minimal_pskc = StringIO('''
... <?xml version="1.0"?>
... <KeyContainer xmlns="urn:ietf:params:xml:ns:keyprov:pskc" Version="1.0">
... <KeyPackage/>
@@ -75,7 +85,7 @@ Load an PSKC file with an odd namespace.
'12345678'
>>> key.issuer
'Issuer-A'
->>> key.secret
+>>> tostr(key.secret)
'1234'
@@ -86,7 +96,7 @@ Load a PSKC file that uses the xenc11 namespace for the
PBKDF2 parameters.
'PassPhrase'
>>> pskc.encryption.derive_key('3FCA3158035072D6')
>>> key = pskc.keys[0]
->>> key.secret.encode('hex')
+>>> b2a_hex(key.secret)
'09fbecfd0bf47910839e2eb05ffa10b95cd0390950ce32ab790583ed134171e0'
>>> key.check()
True
diff --git a/tests/test_rfc6030.doctest b/tests/test_rfc6030.doctest
index 7a94940..ba70745 100644
--- a/tests/test_rfc6030.doctest
+++ b/tests/test_rfc6030.doctest
@@ -1,6 +1,6 @@
test_rfc6030.doctest - test for examples from RFC 6030
-Copyright (C) 2014 Arthur de Jong
+Copyright (C) 2014-2015 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -18,6 +18,13 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA
+>>> from binascii import a2b_hex, b2a_hex
+>>> def tostr(x):
+... return str(x.decode())
+>>> def decode(f):
+... return lambda x: tostr(f(x))
+>>> b2a_hex = decode(b2a_hex)
+
>>> from pskc import PSKC
@@ -25,7 +32,7 @@ This tests Figure 2 from RFC 6030. It is a basic key
container example with a
simple plain text secret key.
>>> pskc = PSKC('tests/rfc6030-figure2.pskcxml')
->>> [key.secret for key in pskc.keys]
+>>> [tostr(key.secret) for key in pskc.keys]
['1234']
>>> key = pskc.keys[0]
>>> key.id
@@ -34,7 +41,7 @@ simple plain text secret key.
'urn:ietf:params:xml:ns:keyprov:pskc:hotp'
>>> key.issuer
'Issuer-A'
->>> key.secret
+>>> tostr(key.secret)
'1234'
@@ -63,7 +70,7 @@ cryptographic module and user identification as well as some
more parameters.
'DECIMAL'
>>> key.response_length
8
->>> key.secret
+>>> tostr(key.secret)
'12345678901234567890'
>>> key.counter
0
@@ -102,7 +109,7 @@ This tests the key policy properties as illustrated in
Figure 5 from RFC
8
>>> key.response_encoding
'DECIMAL'
->>> key1.secret
+>>> tostr(key1.secret)
'12345678901234567890'
>>> key1.counter
0
@@ -134,7 +141,7 @@ False
4
>>> key2.response_encoding
'DECIMAL'
->>> key2.secret
+>>> tostr(key2.secret)
'1234'
>>> key1.policy.pin
'1234'
@@ -154,10 +161,10 @@ Traceback (most recent call last):
DecryptionError: No key available
>>> pskc.encryption.key_name
'Pre-shared-key'
->>> pskc.encryption.key = '12345678901234567890123456789012'.decode('hex')
->>> pskc.mac.key.encode('hex')
+>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
+>>> b2a_hex(pskc.mac.key)
'1122334455667788990011223344556677889900'
->>> key.secret.encode('hex')
+>>> b2a_hex(key.secret)
'3132333435363738393031323334353637383930'
>>> key.check()
True
@@ -170,12 +177,12 @@ This tests a derived master key using PBKDF2 as seen in
Figure 7 from RFC
>>> pskc.encryption.key_name
'My Password 1'
>>> pskc.encryption.derive_key('qwerty')
->>> pskc.encryption.key.encode('hex')
+>>> b2a_hex(pskc.encryption.key)
'651e63cd57008476af1ff6422cd02e41'
->>> pskc.mac.key.encode('hex')
+>>> b2a_hex(pskc.mac.key)
'bdaab8d648e850d25a3289364f7d7eaaf53ce581'
>>> key = pskc.keys[0]
->>> key.secret
+>>> tostr(key.secret)
'12345678901234567890'
>>> key.check()
True
@@ -196,7 +203,7 @@ True
True
>>> all(key.response_encoding == 'DECIMAL' for key in pskc.keys)
True
->>> all(key.secret == '12345678901234567890' for key in pskc.keys)
+>>> all(key.secret == b'12345678901234567890' for key in pskc.keys)
True
>>> all(key.counter == 0 for key in pskc.keys)
True
diff --git a/tests/test_tripledeskw.doctest b/tests/test_tripledeskw.doctest
index 6f2760b..92a4029 100644
--- a/tests/test_tripledeskw.doctest
+++ b/tests/test_tripledeskw.doctest
@@ -1,6 +1,6 @@
test_tripledeskw.doctest - test keywrap functions
-Copyright (C) 2014 Arthur de Jong
+Copyright (C) 2014-2015 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -18,9 +18,10 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA
>>> import re
+>>> from binascii import a2b_hex
>>> from pskc.crypto.tripledeskw import wrap, unwrap
>>> def fromhex(value):
-... return re.sub(r'\s', '', value).decode('hex')
+... return a2b_hex(re.sub(r'\s', '', value))
Example from RFC 3217 section 3.2 wrapping a 192 bit Triple DES key with
@@ -79,7 +80,7 @@ True
Traceback (most recent call last):
...
DecryptionError: Ciphertext length wrong
->>> unwrap(ciphertext[:-1] + 'A', key)
+>>> unwrap(ciphertext[:-1] + b'A', key)
Traceback (most recent call last):
...
DecryptionError: CMS key checksum error
diff --git a/tests/test_write.doctest b/tests/test_write.doctest
index 0d91eb6..7dc585e 100644
--- a/tests/test_write.doctest
+++ b/tests/test_write.doctest
@@ -1,6 +1,6 @@
test_write.doctest - tests for writing PSKC files
-Copyright (C) 2014 Arthur de Jong
+Copyright (C) 2014-2015 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -17,14 +17,16 @@ License along with this library; if not, write to the Free
Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA
+
+>>> from pskc import PSKC
+
>>> import datetime
>>> import sys
>>> import tempfile
+>>> from binascii import a2b_hex
>>> from dateutil.tz import tzutc
>>> utc = tzutc()
->>> from pskc import PSKC
-
Build a PSKC structure.
@@ -57,7 +59,7 @@ Add a key with all attributes set.
>>> key.response_length = 8
>>> key.response_check = False
>>> key.counter = 0
->>> key.secret = '4e1790ba272406ba309c5a31'.decode('hex')
+>>> key.secret = a2b_hex('4e1790ba272406ba309c5a31')
Add policy information and a PIN.
@@ -83,7 +85,7 @@ argument).
>>> f = tempfile.NamedTemporaryFile()
>>> pskc.write(f.name)
->>> sys.stdout.write(open(f.name, 'rb').read())
+>>> x = sys.stdout.write(open(f.name, 'r').read())
<?xml version="1.0" encoding="UTF-8"?>
<pskc:KeyContainer Version="1.0"
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc">
<pskc:KeyPackage>
-----------------------------------------------------------------------
Summary of changes:
pskc/__init__.py | 4 +-
pskc/crypto/aeskw.py | 22 ++++++-----
pskc/crypto/tripledeskw.py | 10 +++--
pskc/encryption.py | 2 +-
pskc/key.py | 7 +++-
pskc/policy.py | 4 +-
pskc/xml.py | 6 +--
setup.py | 6 ++-
tests/test_aeskw.doctest | 77 +++++++++++++++++++-------------------
tests/test_draft_keyprov.doctest | 13 ++++---
tests/test_encryption.doctest | 59 ++++++++++++++++-------------
tests/test_invalid.doctest | 11 +++---
tests/test_misc.doctest | 18 +++++++--
tests/test_rfc6030.doctest | 33 +++++++++-------
tests/test_tripledeskw.doctest | 7 ++--
tests/test_write.doctest | 12 +++---
16 files changed, 166 insertions(+), 125 deletions(-)
hooks/post-receive
--
python-pskc
--
To unsubscribe send an email to
python-pskc-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/python-pskc-commits/
- python-pskc branch master updated. 0.2-11-g671b6e2,
Commits of the python-pskc project
