python-pskc branch master updated. 0.3-21-g0744222
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
python-pskc branch master updated. 0.3-21-g0744222
- From: Commits of the python-pskc project <python-pskc-commits [at] lists.arthurdejong.org>
- To: python-pskc-commits [at] lists.arthurdejong.org
- Reply-to: python-pskc-users [at] lists.arthurdejong.org
- Subject: python-pskc branch master updated. 0.3-21-g0744222
- Date: Sun, 20 Mar 2016 15:46:58 +0100 (CET)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "python-pskc".
The branch, master has been updated
via 07442226e09d69a9a91ce388c6bfb41eac67dae2 (commit)
via e8ef15790035b170e25c58d6af228cc94888a33e (commit)
via cadc6d94c8875ebaf8f1d4c400d788a059d76416 (commit)
via b8905e0b2d995e46190c30f8c7525839036a92d5 (commit)
via 7915c559aa388f6354a6d79c2b5bb2c29e526334 (commit)
via 1687fd662996998bac35cd1725bea6ed14516f5f (commit)
via aae8a18d556f09e6e1a4873dccfc62ae097d83e5 (commit)
via c86aaea6bcac0588bc4e195d03d381eaf889080c (commit)
via 1904dc2ce7b57e432b19e599e725a6dcef17ec99 (commit)
from 91f66f466e6929e306711761e296a6ff794a513b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://arthurdejong.org/git/python-pskc/commit/?id=07442226e09d69a9a91ce388c6bfb41eac67dae2
commit 07442226e09d69a9a91ce388c6bfb41eac67dae2
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Sat Jun 28 17:00:57 2014 +0200
Copy namespaces to toplevel element
Ensure that when writing an XML file all namespace definitions are on
the toplevel KeyContainer element instead of scattered throughout the
XML document.
diff --git a/pskc/xml.py b/pskc/xml.py
index 43696aa..8596375 100644
--- a/pskc/xml.py
+++ b/pskc/xml.py
@@ -175,6 +175,17 @@ def mk_elem(parent, tag=None, text=None, empty=False,
**kwargs):
def tostring(element):
"""Return a serialised XML document for the element tree."""
from xml.dom import minidom
+ # if we are using lxml.etree move namespaces to toplevel element
+ if hasattr(element, 'nsmap'):
+ # get all used namespaces
+ nsmap = {}
+ for e in element.iter():
+ nsmap.update(e.nsmap)
+ # replace toplevel element with all namespaces
+ e = etree.Element(element.tag, attrib=element.attrib, nsmap=nsmap)
+ for a in element:
+ e.append(a)
+ element = e
xml = etree.tostring(element, encoding='UTF-8')
return minidom.parseString(xml).toprettyxml(
indent=' ', encoding='UTF-8').strip()
http://arthurdejong.org/git/python-pskc/commit/?id=e8ef15790035b170e25c58d6af228cc94888a33e
commit e8ef15790035b170e25c58d6af228cc94888a33e
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Sat Mar 19 21:50:35 2016 +0100
Support writing to text streams in Python 3
This supports writing the XML output to binary streams as well as text
streams in Python 3.
diff --git a/pskc/__init__.py b/pskc/__init__.py
index 0771a72..1b02e81 100644
--- a/pskc/__init__.py
+++ b/pskc/__init__.py
@@ -128,7 +128,12 @@ class PSKC(object):
"""Write the PSKC file to the provided file."""
from pskc.xml import tostring
if hasattr(filename, 'write'):
- filename.write(tostring(self.make_xml()))
+ xml = tostring(self.make_xml())
+ try:
+ filename.write(xml)
+ except TypeError: # pragma: no cover (Python 3 specific)
+ # fall back to writing as string for Python 3
+ filename.write(xml.decode('utf-8'))
else:
with open(filename, 'wb') as output:
self.write(output)
diff --git a/tests/test_write.doctest b/tests/test_write.doctest
index 553c715..677bd29 100644
--- a/tests/test_write.doctest
+++ b/tests/test_write.doctest
@@ -149,9 +149,7 @@ Read an encrypted PSKC file and write it out as an
unencrypted file.
>>> pskc = PSKC('tests/encryption/kw-aes128.pskcxml')
>>> pskc.encryption.key = a2b_hex('000102030405060708090a0b0c0d0e0f')
->>> f = tempfile.NamedTemporaryFile()
->>> pskc.write(f.name)
->>> x = sys.stdout.write(open(f.name, 'r').read()) #doctest: +REPORT_UDIFF
+>>> pskc.write(sys.stdout) #doctest: +REPORT_UDIFF
<?xml version="1.0" encoding="UTF-8"?>
<pskc:KeyContainer Version="1.0"
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc">
<pskc:KeyPackage>
http://arthurdejong.org/git/python-pskc/commit/?id=cadc6d94c8875ebaf8f1d4c400d788a059d76416
commit cadc6d94c8875ebaf8f1d4c400d788a059d76416
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Sat Mar 19 20:02:49 2016 +0100
Improve tests and test coverage
This adds tests to ensure that incorrect attribute and value types in
the PSKC file raise a ValueError exception and extends the tests for
invalid encryption options.
This removes some code or adds no cover directives to a few places that
have unreachable code or are Python version specific and places doctest
directives inside the doctests where needed.
diff --git a/pskc/key.py b/pskc/key.py
index a971bdd..c332efa 100644
--- a/pskc/key.py
+++ b/pskc/key.py
@@ -79,17 +79,17 @@ class DataType(object):
@staticmethod
def _from_text(value):
"""Convert the plain value to native representation."""
- raise NotImplementedError
+ raise NotImplementedError # pragma: no cover
@staticmethod
def _from_bin(value):
"""Convert the unencrypted binary to native representation."""
- raise NotImplementedError
+ raise NotImplementedError # pragma: no cover
@staticmethod
def _to_text(value):
"""Convert the value to an unencrypted string representation."""
- raise NotImplementedError
+ raise NotImplementedError # pragma: no cover
def make_xml(self, key, tag):
from pskc.xml import find, mk_elem
@@ -147,7 +147,7 @@ class BinaryDataType(DataType):
"""Convert the value to an unencrypted string representation."""
# force conversion to bytestring on Python 3
if not isinstance(value, type(b'')):
- value = value.encode()
+ value = value.encode() # pragma: no cover (Python 3 specific)
return base64.b64encode(value).decode()
diff --git a/pskc/mac.py b/pskc/mac.py
index c14003f..4cab63c 100644
--- a/pskc/mac.py
+++ b/pskc/mac.py
@@ -91,8 +91,6 @@ class MAC(object):
return True if the MAC matches and raise an exception if it fails.
"""
from pskc.exceptions import DecryptionError
- if value is None or value_mac is None:
- return # no MAC present or nothing to check
key = self.key
if key is None:
raise DecryptionError('No MAC key available')
diff --git a/tests/invalid/encryption.pskcxml
b/tests/invalid/missing-encryption.pskcxml
similarity index 54%
copy from tests/invalid/encryption.pskcxml
copy to tests/invalid/missing-encryption.pskcxml
index d900dc9..1b525be 100644
--- a/tests/invalid/encryption.pskcxml
+++ b/tests/invalid/missing-encryption.pskcxml
@@ -1,8 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Based on the Figure 6 example, this file includes an unknown encryption
- algorithm and a key without an algorithm specified.
+ Based on the Figure 6 example, this file includes is missing the encryption
+ algorithm.
-->
<KeyContainer Version="1.0"
@@ -13,22 +13,6 @@
<ds:KeyName>Pre-shared-key</ds:KeyName>
</EncryptionKey>
<KeyPackage>
- <Key Id="12345678" Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp">
- <Data>
- <Secret>
- <EncryptedValue>
- <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#unknown"/>
- <xenc:CipherData>
- <xenc:CipherValue>
-AAECAwQFBgcICQoLDA0OD+cIHItlB3Wra1DUpxVvOx2lef1VmNPCMl8jwZqIUqGv
- </xenc:CipherValue>
- </xenc:CipherData>
- </EncryptedValue>
- </Secret>
- </Data>
- </Key>
- </KeyPackage>
- <KeyPackage>
<Key Id="45678901" Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp">
<Data>
<Secret>
diff --git a/tests/invalid/not-boolean.pskcxml
b/tests/invalid/not-boolean.pskcxml
new file mode 100644
index 0000000..204f5cc
--- /dev/null
+++ b/tests/invalid/not-boolean.pskcxml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Quick test with a non-boolean value for an attribute.
+-->
+
+<KeyContainer Version="1.0" xmlns="urn:ietf:params:xml:ns:keyprov:pskc">
+ <KeyPackage>
+ <Key>
+ <AlgorithmParameters>
+ <ResponseFormat Encoding="DECIMAL" Length="8" CheckDigits="not
really"/>
+ </AlgorithmParameters>
+ </Key>
+ </KeyPackage>
+</KeyContainer>
diff --git a/tests/invalid/not-integer.pskcxml
b/tests/invalid/not-integer.pskcxml
new file mode 100644
index 0000000..493417b
--- /dev/null
+++ b/tests/invalid/not-integer.pskcxml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Quick test with a non-integer element value.
+-->
+
+<KeyContainer Version="1.0" xmlns="urn:ietf:params:xml:ns:keyprov:pskc">
+ <KeyPackage>
+ <Key>
+ <Policy>
+ <NumberOfTransactions>TWELVE</NumberOfTransactions>
+ </Policy>
+ </Key>
+ </KeyPackage>
+</KeyContainer>
diff --git a/tests/invalid/not-integer2.pskcxml
b/tests/invalid/not-integer2.pskcxml
new file mode 100644
index 0000000..2f73efe
--- /dev/null
+++ b/tests/invalid/not-integer2.pskcxml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Quick test with a non-integer value for an attribute.
+-->
+
+<KeyContainer Version="1.0" xmlns="urn:ietf:params:xml:ns:keyprov:pskc">
+ <KeyPackage>
+ <Key>
+ <Policy>
+ <PINPolicy MinLength="FOUR"/>
+ </Policy>
+ </Key>
+ </KeyPackage>
+</KeyContainer>
diff --git a/tests/invalid/encryption.pskcxml
b/tests/invalid/unknown-encryption.pskcxml
similarity index 63%
rename from tests/invalid/encryption.pskcxml
rename to tests/invalid/unknown-encryption.pskcxml
index d900dc9..18ee5f1 100644
--- a/tests/invalid/encryption.pskcxml
+++ b/tests/invalid/unknown-encryption.pskcxml
@@ -2,7 +2,7 @@
<!--
Based on the Figure 6 example, this file includes an unknown encryption
- algorithm and a key without an algorithm specified.
+ algorithm.
-->
<KeyContainer Version="1.0"
@@ -28,20 +28,4 @@
AAECAwQFBgcICQoLDA0OD+cIHItlB3Wra1DUpxVvOx2lef1VmNPCMl8jwZqIUqGv
</Data>
</Key>
</KeyPackage>
- <KeyPackage>
- <Key Id="45678901" Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp">
- <Data>
- <Secret>
- <EncryptedValue>
- <xenc:EncryptionMethod/>
- <xenc:CipherData>
- <xenc:CipherValue>
-AAECAwQFBgcICQoLDA0OD+cIHItlB3Wra1DUpxVvOx2lef1VmNPCMl8jwZqIUqGv
- </xenc:CipherValue>
- </xenc:CipherData>
- </EncryptedValue>
- </Secret>
- </Data>
- </Key>
- </KeyPackage>
</KeyContainer>
diff --git a/tests/test_aeskw.doctest b/tests/test_aeskw.doctest
index efd90e3..78b1e98 100644
--- a/tests/test_aeskw.doctest
+++ b/tests/test_aeskw.doctest
@@ -1,6 +1,6 @@
test_keywrap.doctest - test keywrap functions
-Copyright (C) 2014-2015 Arthur de Jong
+Copyright (C) 2014-2016 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -91,12 +91,12 @@ True
Mangling the ciphertext and unwrapping results in an exception:
>>> ciphertext = b'XX' + ciphertext[2:]
->>> unwrap(ciphertext, key)
+>>> unwrap(ciphertext, key) # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
DecryptionError: IV does not match
>>> ciphertext = ciphertext[2:]
->>> unwrap(ciphertext, key)
+>>> unwrap(ciphertext, key) # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
DecryptionError: Ciphertext length wrong
@@ -111,11 +111,11 @@ Wrap 20 octets with a 192-bit key (first example from
section 6 of RFC 5649).
True
>>> unwrap(ciphertext, key) == plaintext
True
->>> wrap(plaintext, key, pad=False) # disable padding
+>>> wrap(plaintext, key, pad=False) # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
EncryptionError: Plaintext length wrong
->>> unwrap(ciphertext, key, pad=False)
+>>> unwrap(ciphertext, key, pad=False) # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
DecryptionError: IV does not match
diff --git a/tests/test_encryption.doctest b/tests/test_encryption.doctest
index 3674f8a..398b12e 100644
--- a/tests/test_encryption.doctest
+++ b/tests/test_encryption.doctest
@@ -42,7 +42,9 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
>>> pskc = PSKC('tests/encryption/aes192-cbc.pskcxml')
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
->>> pskc.keys[0].secret
+>>> pskc.encryption.algorithm
+'http://www.w3.org/2001/04/xmlenc#aes192-cbc'
+>>> pskc.keys[0].secret # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
DecryptionError: Invalid key length
@@ -69,7 +71,7 @@ DecryptionError: Invalid key length
>>> pskc = PSKC('tests/encryption/tripledes-cbc.pskcxml')
>>> pskc.encryption.key = a2b_hex('1234')
->>> pskc.keys[0].secret
+>>> pskc.keys[0].secret # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
DecryptionError: Invalid key length
@@ -84,7 +86,7 @@ DecryptionError: Invalid key length
>>> pskc = PSKC('tests/encryption/kw-aes128.pskcxml')
>>> pskc.encryption.key = a2b_hex('1234')
->>> pskc.keys[0].secret
+>>> pskc.keys[0].secret # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
DecryptionError: Invalid key length
@@ -95,7 +97,7 @@ DecryptionError: Invalid key length
>>> pskc = PSKC('tests/encryption/kw-aes192.pskcxml')
>>> pskc.encryption.key = a2b_hex('000102030405060708090a0b0c0d0e0f')
->>> pskc.keys[0].secret
+>>> pskc.keys[0].secret # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
DecryptionError: Invalid key length
@@ -112,7 +114,7 @@ DecryptionError: Invalid key length
>>> pskc = PSKC('tests/encryption/kw-tripledes.pskcxml')
>>> pskc.encryption.key = a2b_hex('255e0d1c07b646dfb3134cc843ba8aa71f')
->>> pskc.keys[0].secret
+>>> pskc.keys[0].secret # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
DecryptionError: Invalid key length
diff --git a/tests/test_invalid.doctest b/tests/test_invalid.doctest
index 2d0bbb0..d8f697d 100644
--- a/tests/test_invalid.doctest
+++ b/tests/test_invalid.doctest
@@ -1,6 +1,6 @@
test_invalid.doctest - test for invalid PSKC file
-Copyright (C) 2014-2015 Arthur de Jong
+Copyright (C) 2014-2016 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -18,7 +18,13 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA
->>> from binascii import a2b_hex
+>>> from binascii import a2b_hex, b2a_hex
+>>> def tostr(x):
+... return str(x.decode())
+>>> def decode(f):
+... return lambda x: tostr(f(x))
+>>> b2a_hex = decode(b2a_hex)
+
>>> from pskc import PSKC
@@ -27,7 +33,7 @@ Load a number of invalid files.
This file is plain invalid XML.
->>> pskc = PSKC('tests/invalid/notxml.pskcxml')
+>>> pskc = PSKC('tests/invalid/notxml.pskcxml') # doctest:
+IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
ParseError: Error parsing XML
@@ -35,7 +41,7 @@ ParseError: Error parsing XML
This XML file has a wrong top-level element.
->>> pskc = PSKC('tests/invalid/wrongelement.pskcxml')
+>>> pskc = PSKC('tests/invalid/wrongelement.pskcxml') # doctest:
+IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
ParseError: Missing KeyContainer
@@ -49,14 +55,13 @@ Traceback (most recent call last):
ParseError: Unsupported version
-This PSKC file has one key with an unknown algorithm and one key without an
-algorithm specified.
+This PSKC file has a key with an unknown algorithm specified.
->>> pskc = PSKC('tests/invalid/encryption.pskcxml')
+>>> pskc = PSKC('tests/invalid/unknown-encryption.pskcxml')
>>> key = pskc.keys[0]
>>> key.id
'12345678'
->>> key.secret
+>>> key.secret # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
DecryptionError: No key available
@@ -65,20 +70,29 @@ DecryptionError: No key available
Traceback (most recent call last):
...
DecryptionError: Unsupported algorithm: ...
->>> key = pskc.keys[1]
+
+
+This PSKC file has a key without an algorithm specified.
+
+>>> pskc = PSKC('tests/invalid/missing-encryption.pskcxml')
+>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
+>>> key = pskc.keys[0]
>>> key.id
'45678901'
->>> key.secret
+>>> b2a_hex(key.secret) # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
DecryptionError: No algorithm specified
+>>> pskc.encryption.algorithm = 'aes128-cbc'
+>>> b2a_hex(key.secret)
+'3132333435363738393031323334353637383930'
-Specify an unknown key derivation algorithm specified.
+Specify an unknown key derivation algorithm.
>>> pskc = PSKC('tests/rfc6030/figure7.pskcxml')
>>> pskc.encryption.derivation.algorithm = 'unknown'
->>> pskc.encryption.derive_key('qwerty')
+>>> pskc.encryption.derive_key('qwerty') # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
KeyDerivationError: Unsupported algorithm: 'unknown'
@@ -88,7 +102,7 @@ Figure 6 does use encryption but with a pre-shared key.
Attempting key
derivation with such a PSKC file should result in an exception.
>>> pskc = PSKC('tests/rfc6030/figure6.pskcxml')
->>> pskc.encryption.derive_key('qwerty')
+>>> pskc.encryption.derive_key('qwerty') # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
KeyDerivationError: No algorithm specified
@@ -98,7 +112,7 @@ Specify an unknown PBKDF2 PRF (pseudorandom function).
>>> pskc = PSKC('tests/rfc6030/figure7.pskcxml')
>>> pskc.encryption.derivation.pbkdf2_prf = 'unknown'
->>> pskc.encryption.derive_key('qwerty')
+>>> pskc.encryption.derive_key('qwerty') # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
KeyDerivationError: Pseudorandom function unsupported: 'unknown'
@@ -111,7 +125,7 @@ There is a ValueMAC element but no MACMethod element.
>>> key = pskc.keys[0]
>>> key.id
'12345678'
->>> key.secret
+>>> key.secret # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
DecryptionError: No MAC key available
@@ -138,7 +152,23 @@ transit.
>>> key = pskc.keys[0]
>>> key.id
'12345678'
->>> key.secret
+>>> key.secret # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
DecryptionError: MAC value does not match
+
+
+Checks to see that invalid values are detected.
+
+>>> pskc = PSKC('tests/invalid/not-integer.pskcxml') # doctest:
+IGNORE_EXCEPTION_DETAIL
+Traceback (most recent call last):
+ ...
+ValueError: invalid literal for int() with base 10: 'TWELVE'
+>>> pskc = PSKC('tests/invalid/not-integer2.pskcxml') # doctest:
+IGNORE_EXCEPTION_DETAIL
+Traceback (most recent call last):
+ ...
+ValueError: invalid literal for int() with base 10: 'FOUR'
+>>> pskc = PSKC('tests/invalid/not-boolean.pskcxml') # doctest:
+IGNORE_EXCEPTION_DETAIL
+Traceback (most recent call last):
+ ...
+ValueError: invalid boolean value: 'not really'
diff --git a/tests/test_misc.doctest b/tests/test_misc.doctest
index f57661e..358abcb 100644
--- a/tests/test_misc.doctest
+++ b/tests/test_misc.doctest
@@ -57,7 +57,7 @@ True
Adding a key with unknown attributes raises an error.
->>> key = pskc.add_key(foo='bar')
+>>> key = pskc.add_key(foo='bar') # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
AttributeError
@@ -78,10 +78,14 @@ Setting encryption key name and algorithm also works.
>>> pskc.encryption.key_name = 'Test encryption key'
>>> pskc.encryption.key_names
['Test encryption key']
->>> pskc.encryption.algorithm
+>>> pskc.encryption.algorithm is None
+True
>>> pskc.encryption.algorithm = 'aes128-cbc'
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmlenc#aes128-cbc'
+>>> pskc.encryption.algorithm = 'none'
+>>> pskc.encryption.algorithm is None
+True
Load an PSKC file with an odd namespace.
diff --git a/tests/test_rfc6030.doctest b/tests/test_rfc6030.doctest
index 98b276d..634e1c7 100644
--- a/tests/test_rfc6030.doctest
+++ b/tests/test_rfc6030.doctest
@@ -1,6 +1,6 @@
test_rfc6030.doctest - test for examples from RFC 6030
-Copyright (C) 2014-2015 Arthur de Jong
+Copyright (C) 2014-2016 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -155,7 +155,7 @@ encryption.
>>> key = pskc.keys[0]
>>> key.id
'12345678'
->>> key.secret
+>>> key.secret # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
DecryptionError: No key available
@@ -168,6 +168,12 @@ DecryptionError: No key available
'3132333435363738393031323334353637383930'
>>> key.check()
True
+>>> key.algorithm
+'urn:ietf:params:xml:ns:keyprov:pskc:hotp'
+>>> key.response_length
+8
+>>> key.manufacturer
+'Manufacturer'
This tests a derived master key using PBKDF2 as seen in Figure 7 from RFC
@@ -186,6 +192,12 @@ This tests a derived master key using PBKDF2 as seen in
Figure 7 from RFC
'12345678901234567890'
>>> key.check()
True
+>>> key.algorithm
+'urn:ietf:params:xml:ns:keyprov:pskc:hotp'
+>>> key.response_length
+8
+>>> key.manufacturer
+'TokenVendorAcme'
This tests bulk provisioning as shown in Figure 10 From RFC 6030.
diff --git a/tests/test_tripledeskw.doctest b/tests/test_tripledeskw.doctest
index 92a4029..b61265e 100644
--- a/tests/test_tripledeskw.doctest
+++ b/tests/test_tripledeskw.doctest
@@ -1,6 +1,6 @@
test_tripledeskw.doctest - test keywrap functions
-Copyright (C) 2014-2015 Arthur de Jong
+Copyright (C) 2014-2016 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -65,7 +65,7 @@ True
>>> short_plaintext = fromhex('''
... 2923 bf85 e06d d6ae 5291 49f1 f1ba e9
... ''')
->>> wrap(short_plaintext, key)
+>>> wrap(short_plaintext, key) # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
EncryptionError: Plaintext length wrong
@@ -76,11 +76,11 @@ size) and unwrapping is also authenticated.
>>> unwrap(ciphertext, key) == plaintext
True
->>> unwrap(ciphertext[:-1], key)
+>>> unwrap(ciphertext[:-1], key) # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
DecryptionError: Ciphertext length wrong
->>> unwrap(ciphertext[:-1] + b'A', key)
+>>> unwrap(ciphertext[:-1] + b'A', key) # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
DecryptionError: CMS key checksum error
diff --git a/tests/test_write.doctest b/tests/test_write.doctest
index 36e1783..553c715 100644
--- a/tests/test_write.doctest
+++ b/tests/test_write.doctest
@@ -1,6 +1,6 @@
test_write.doctest - tests for writing PSKC files
-Copyright (C) 2014-2015 Arthur de Jong
+Copyright (C) 2014-2016 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -85,7 +85,7 @@ argument).
>>> f = tempfile.NamedTemporaryFile()
>>> pskc.write(f.name)
->>> x = sys.stdout.write(open(f.name, 'r').read())
+>>> x = sys.stdout.write(open(f.name, 'r').read()) #doctest: +REPORT_UDIFF
<?xml version="1.0" encoding="UTF-8"?>
<pskc:KeyContainer Version="1.0"
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc">
<pskc:KeyPackage>
@@ -151,7 +151,7 @@ Read an encrypted PSKC file and write it out as an
unencrypted file.
>>> pskc.encryption.key = a2b_hex('000102030405060708090a0b0c0d0e0f')
>>> f = tempfile.NamedTemporaryFile()
>>> pskc.write(f.name)
->>> x = sys.stdout.write(open(f.name, 'r').read())
+>>> x = sys.stdout.write(open(f.name, 'r').read()) #doctest: +REPORT_UDIFF
<?xml version="1.0" encoding="UTF-8"?>
<pskc:KeyContainer Version="1.0"
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc">
<pskc:KeyPackage>
http://arthurdejong.org/git/python-pskc/commit/?id=b8905e0b2d995e46190c30f8c7525839036a92d5
commit b8905e0b2d995e46190c30f8c7525839036a92d5
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Sat Mar 19 20:01:46 2016 +0100
Support both CheckDigit and CheckDigits
RFC 6030 is not clear about whether the attribute of ChallengeFormat and
ResponseFormat should be the singular CheckDigit or the plural
CheckDigits. This ensures that both forms are accepted.
diff --git a/pskc/key.py b/pskc/key.py
index 3df4055..a971bdd 100644
--- a/pskc/key.py
+++ b/pskc/key.py
@@ -312,7 +312,9 @@ class Key(object):
self.challenge_encoding = challenge_format.get('Encoding')
self.challenge_min_length = getint(challenge_format, 'Min')
self.challenge_max_length = getint(challenge_format, 'Max')
- self.challenge_check = getbool(challenge_format, 'CheckDigits')
+ self.challenge_check = getbool(
+ challenge_format, 'CheckDigits', getbool(
+ challenge_format, 'CheckDigit'))
response_format = find(
key_package,
@@ -320,7 +322,9 @@ class Key(object):
if response_format is not None:
self.response_encoding = response_format.get('Encoding')
self.response_length = getint(response_format, 'Length')
- self.response_check = getbool(response_format, 'CheckDigits')
+ self.response_check = getbool(
+ response_format, 'CheckDigits', getbool(
+ response_format, 'CheckDigit'))
self.policy.parse(find(key_package, 'Key/Policy'))
diff --git a/pskc/xml.py b/pskc/xml.py
index d7c7f47..43696aa 100644
--- a/pskc/xml.py
+++ b/pskc/xml.py
@@ -115,11 +115,18 @@ def getint(tree, attribute):
return int(value)
-def getbool(tree, attribute):
+def getbool(tree, attribute, default=None):
"""Return an attribute value as a boolean (or None)."""
value = tree.get(attribute)
if value:
- return value.lower() == 'true'
+ value = value.lower()
+ if value in ('1', 'true'):
+ return True
+ elif value in ('0', 'false'):
+ return False
+ else:
+ raise ValueError('invalid boolean value: %r' % value)
+ return default
def _format(value):
diff --git a/tests/misc/checkdigits.pskcxml b/tests/misc/checkdigits.pskcxml
new file mode 100644
index 0000000..3dfd09e
--- /dev/null
+++ b/tests/misc/checkdigits.pskcxml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Test PSKC file for testing the check digit attributes in the
+ ChallengeFormat and ResponseFormat configuration.
+-->
+
+<KeyContainer Version="1.0" xmlns="urn:ietf:params:xml:ns:keyprov:pskc">
+ <KeyPackage>
+ <Key>
+ <AlgorithmParameters>
+ <ChallengeFormat Encoding="DECIMAL" Min="12" Max="34"
CheckDigits="true"/>
+ <ResponseFormat Encoding="DECIMAL" Length="8" CheckDigits="false"/>
+ </AlgorithmParameters>
+ <Data>
+ <Secret><PlainValue>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=</PlainValue></Secret>
+ </Data>
+ </Key>
+ </KeyPackage>
+ <KeyPackage>
+ <Key>
+ <AlgorithmParameters>
+ <ChallengeFormat Encoding="DECIMAL" Min="56" Max="78"
CheckDigits="FALSE"/>
+ <ResponseFormat Encoding="DECIMAL" Length="9" CheckDigits="1"/>
+ </AlgorithmParameters>
+ <Data>
+ <Secret><PlainValue>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=</PlainValue></Secret>
+ </Data>
+ </Key>
+ </KeyPackage>
+ <KeyPackage>
+ <Key>
+ <AlgorithmParameters>
+ <!-- note the singular CheckDigit here -->
+ <ChallengeFormat Encoding="DECIMAL" Min="16" Max="87"
CheckDigit="false"/>
+ <ResponseFormat Encoding="DECIMAL" Length="3" CheckDigit="true"/>
+ </AlgorithmParameters>
+ <Data>
+ <Secret><PlainValue>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=</PlainValue></Secret>
+ </Data>
+ </Key>
+ </KeyPackage>
+ <KeyPackage>
+ <Key>
+ <AlgorithmParameters>
+ <ChallengeFormat Encoding="HEXADECIMAL" Min="4" Max="6"/>
+ <ResponseFormat Encoding="ALPHANUMERIC" Length="6"/>
+ </AlgorithmParameters>
+ <Data>
+ <Secret><PlainValue>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=</PlainValue></Secret>
+ </Data>
+ </Key>
+ </KeyPackage>
+</KeyContainer>
diff --git a/tests/test_misc.doctest b/tests/test_misc.doctest
index 7e10610..f57661e 100644
--- a/tests/test_misc.doctest
+++ b/tests/test_misc.doctest
@@ -170,3 +170,24 @@ False
True
>>> key.policy.may_use('OTP')
False
+
+
+This checks the ChallengeFormat and ResponseFormat handling of keys and
+specifically the attribute indicating presence of check digits.
+
+>>> pskc = PSKC('tests/misc/checkdigits.pskcxml')
+>>> for key in pskc.keys:
+... print('challenge %r %r %r %r' % (
+... key.challenge_encoding, key.challenge_min_length,
+... key.challenge_max_length, key.challenge_check))
+... print('response %r %r %r' % (
+... key.response_encoding, key.response_length,
+... key.response_check)) #doctest: +REPORT_UDIFF
+challenge 'DECIMAL' 12 34 True
+response 'DECIMAL' 8 False
+challenge 'DECIMAL' 56 78 False
+response 'DECIMAL' 9 True
+challenge 'DECIMAL' 16 87 False
+response 'DECIMAL' 3 True
+challenge 'HEXADECIMAL' 4 6 None
+response 'ALPHANUMERIC' 6 None
http://arthurdejong.org/git/python-pskc/commit/?id=7915c559aa388f6354a6d79c2b5bb2c29e526334
commit 7915c559aa388f6354a6d79c2b5bb2c29e526334
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Sat Mar 19 16:30:34 2016 +0100
Implement policy checking
This checks for unknown policy elements in the PSKC file and will cause
the key usage policy check to fail.
diff --git a/pskc/policy.py b/pskc/policy.py
index af04de1..0243d59 100644
--- a/pskc/policy.py
+++ b/pskc/policy.py
@@ -130,11 +130,23 @@ class Policy(object):
self.pin_min_length = getint(pin_policy, 'MinLength')
self.pin_max_length = getint(pin_policy, 'MaxLength')
self.pin_encoding = pin_policy.get('PINEncoding')
- # TODO: check if there are any other attributes set for PINPolicy
- # of if there are any children and set unknown_policy_elementss
-
- # TODO: check if there are other children and make sure
- # policy rejects any key usage (set unknown_policy_elements)
+ # check for child elements
+ if list(pin_policy):
+ self.unknown_policy_elements = True
+ # check for unknown attributes
+ known_attributes = set([
+ 'PINKeyId', 'PINUsageMode', 'MaxFailedAttempts', 'MinLength',
+ 'MaxLength', 'PINEncoding'])
+ if set(pin_policy.keys()) - known_attributes:
+ self.unknown_policy_elements = True
+
+ # check for other child elements
+ known_children = set([
+ 'StartDate', 'ExpiryDate', 'NumberOfTransactions', 'KeyUsage',
+ 'PINPolicy'])
+ for child in policy:
+ if child.tag not in known_children:
+ self.unknown_policy_elements = True
def make_xml(self, key):
from pskc.xml import mk_elem
@@ -145,8 +157,6 @@ class Policy(object):
self.pin_max_failed_attemtps, self.pin_min_length,
self.pin_max_length, self.pin_encoding)):
return
- # TODO: raise exception if unknown_policy_elements is set
-
policy = mk_elem(key, 'pskc:Policy', empty=True)
mk_elem(policy, 'pskc:StartDate', self.start_date)
mk_elem(policy, 'pskc:ExpiryDate', self.expiry_date)
diff --git a/tests/misc/policy.pskcxml b/tests/misc/policy.pskcxml
new file mode 100644
index 0000000..119489e
--- /dev/null
+++ b/tests/misc/policy.pskcxml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Based on Figure 5 from the RFC 6030 tests that has unknown policy
+ elements.
+-->
+
+<KeyContainer Version="1.0" xmlns="urn:ietf:params:xml:ns:keyprov:pskc">
+ <KeyPackage>
+ <Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp">
+ <Data>
+ <Secret><PlainValue>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=</PlainValue></Secret>
+ </Data>
+ <!-- complete and valid policy -->
+ <Policy>
+ <StartDate>2006-05-01T00:00:00Z</StartDate>
+ <ExpiryDate>2026-05-31T00:00:00Z</ExpiryDate>
+ <NumberOfTransactions>4321</NumberOfTransactions>
+ <KeyUsage>OTP</KeyUsage>
+ <PINPolicy MinLength="4" MaxLength="4"
+ PINKeyId="123456781" PINEncoding="DECIMAL"
+ PINUsageMode="Local"/>
+ </Policy>
+ </Key>
+ </KeyPackage>
+ <KeyPackage>
+ <Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp">
+ <Data>
+ <Secret><PlainValue>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=</PlainValue></Secret>
+ </Data>
+ <Policy>
+ <KeyUsage>OTP</KeyUsage>
+ <!-- unknwon PINPolicy attribute -->
+ <PINPolicy MinLength="4" MaxLength="4"
+ PINKeyId="123456781" PINEncoding="DECIMAL"
+ PINUsageMode="Local" OnWeekDaysOnly="TRUE"/>
+ </Policy>
+ </Key>
+ </KeyPackage>
+ <KeyPackage>
+ <Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp">
+ <Data>
+ <Secret><PlainValue>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=</PlainValue></Secret>
+ </Data>
+ <Policy>
+ <KeyUsage>OTP</KeyUsage>
+ <PINPolicy MinLength="4" MaxLength="4"
+ PINKeyId="123456781" PINEncoding="DECIMAL"
+ PINUsageMode="Local">
+ <!-- unknown child element of PINPolicy -->
+ <Foo>Bar</Foo>
+ </PINPolicy>
+ </Policy>
+ </Key>
+ </KeyPackage>
+ <KeyPackage>
+ <Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp">
+ <Data>
+ <Secret><PlainValue>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=</PlainValue></Secret>
+ </Data>
+ <Policy>
+ <KeyUsage>OTP</KeyUsage>
+ <PINPolicy MinLength="4" MaxLength="4"
+ PINKeyId="123456781" PINEncoding="DECIMAL"
+ PINUsageMode="Local"/>
+ <!-- unknown child element of Policy -->
+ <Foo>bar</Foo>
+ </Policy>
+ </Key>
+ </KeyPackage>
+ <KeyPackage>
+ <Key Id="123456781" Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:pin">
+ <AlgorithmParameters>
+ <ResponseFormat Length="4" Encoding="DECIMAL"/>
+ </AlgorithmParameters>
+ <Data>
+ <Secret><PlainValue>MTIzNA==</PlainValue></Secret>
+ </Data>
+ </Key>
+ </KeyPackage>
+</KeyContainer>
diff --git a/tests/test_misc.doctest b/tests/test_misc.doctest
index 5af5778..7e10610 100644
--- a/tests/test_misc.doctest
+++ b/tests/test_misc.doctest
@@ -129,3 +129,44 @@ Integers can be represented in different ways in PSKC
files.
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> [key.counter for key in pskc.keys]
[831791, 709791, 405834, 298507, 961392]
+
+
+This tests key policy and unknown policy elements. The first key should have
+all known policy elements set while other keys should have extra unknown
+information added which should result in rejected usage.
+
+>>> pskc = PSKC('tests/misc/policy.pskcxml')
+>>> key = pskc.keys[0]
+>>> key.policy.start_date
+datetime.datetime(2006, 5, 1, 0, 0, tzinfo=tzutc())
+>>> key.policy.expiry_date
+datetime.datetime(2026, 5, 31, 0, 0, tzinfo=tzutc())
+>>> key.policy.number_of_transactions
+4321
+>>> key.policy.key_usage
+['OTP']
+>>> key.policy.unknown_policy_elements
+False
+>>> key.policy.may_use('OTP')
+True
+>>> key = pskc.keys[1]
+>>> key.policy.key_usage
+['OTP']
+>>> key.policy.unknown_policy_elements
+True
+>>> key.policy.may_use('OTP')
+False
+>>> key = pskc.keys[2]
+>>> key.policy.key_usage
+['OTP']
+>>> key.policy.unknown_policy_elements
+True
+>>> key.policy.may_use('OTP')
+False
+>>> key = pskc.keys[3]
+>>> key.policy.key_usage
+['OTP']
+>>> key.policy.unknown_policy_elements
+True
+>>> key.policy.may_use('OTP')
+False
http://arthurdejong.org/git/python-pskc/commit/?id=1687fd662996998bac35cd1725bea6ed14516f5f
commit 1687fd662996998bac35cd1725bea6ed14516f5f
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Fri Mar 18 19:18:53 2016 +0100
Add a few tests for vendor files
Some vendor-specific files were lifted from the LinOTP test suite and
another Feitian file was found in the oath-toolkit repository.
diff --git a/tests/feitian/20120919-test001-4282.xml
b/tests/feitian/20120919-test001-4282.xml
new file mode 100644
index 0000000..64686ca
--- /dev/null
+++ b/tests/feitian/20120919-test001-4282.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+This sample seed file for Feitian c100 / c200 hardware tokens was made
+available by GOOZE.
+-->
+
+<KeyContainer Version="1.0" xmlns ="urn:ietf:params:xml:ns:keyprov:pskc">
+ <KeyPackage>
+ <DeviceInfo>
+ <Manufacturer>FeiTian Technology Co.,Ltd</Manufacturer>
+ <SerialNo>2600215704919</SerialNo>
+ </DeviceInfo>
+ <Key Id="2600215704919"
Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:totp">
+ <AlgorithmParameters>
+ <ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </AlgorithmParameters>
+ <Data>
+ <Secret>
+ <PlainValue>zSK3gP/9LVNpaAfs039ATa45MnA=</PlainValue>
+ </Secret>
+ <Time>
+ <PlainValue>0</PlainValue>
+ </Time>
+ <TimeInterval>
+ <PlainValue>60</PlainValue>
+ </TimeInterval>
+ </Data>
+ <Policy>
+ <StartDate>2012-09-19T00:00:00Z</StartDate>
+ <ExpiryDate>2022-09-01T00:00:00Z</ExpiryDate>
+ </Policy>
+ </Key>
+ </KeyPackage>
+ <KeyPackage>
+ <DeviceInfo>
+ <Manufacturer>FeiTian Technology Co.,Ltd</Manufacturer>
+ <SerialNo>1000117803294</SerialNo>
+ </DeviceInfo>
+ <Key Id="1000117803294"
Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp">
+ <AlgorithmParameters>
+ <ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </AlgorithmParameters>
+ <Data>
+ <Secret>
+ <PlainValue>TfpfT+8Jn9s6FYNIySi+uzXkIi0=</PlainValue>
+ </Secret>
+ <Counter>
+ <PlainValue>0</PlainValue>
+ </Counter>
+ </Data>
+ <Policy>
+ <StartDate>2012-09-19T00:00:00Z</StartDate>
+ <ExpiryDate>2022-09-01T00:00:00Z</ExpiryDate>
+ </Policy>
+ </Key>
+ </KeyPackage>
+</KeyContainer>
diff --git a/tests/feitian/file1.pskcxml b/tests/feitian/file1.pskcxml
new file mode 100644
index 0000000..8a0309c
--- /dev/null
+++ b/tests/feitian/file1.pskcxml
@@ -0,0 +1,158 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+This file was lifted from the LinOTP test suite.
+-->
+
+<KeyContainer Version="1.0" xmlns ="urn:ietf:params:xml:ns:keyprov:pskc">
+ <KeyPackage>
+ <DeviceInfo>
+ <Manufacturer>Feitian Technology Co.,Ltd</Manufacturer>
+ <SerialNo>1000133508267</SerialNo>
+ </DeviceInfo>
+ <Key Id="1000133508267"
Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp">
+ <AlgorithmParameters>
+ <ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </AlgorithmParameters>
+ <Data>
+ <Secret>
+ <PlainValue>PuMnCivln/14Ii3DNhR4/1zGN5A=</PlainValue>
+ </Secret>
+ <Counter>
+ <PlainValue>0</PlainValue>
+ </Counter>
+ </Data>
+ <Policy>
+ <StartDate>2012-08-01T00:00:00Z</StartDate>
+ <ExpiryDate>2037-12-31T00:00:00Z</ExpiryDate>
+ </Policy>
+ </Key>
+ </KeyPackage>
+ <KeyPackage>
+ <DeviceInfo>
+ <Manufacturer>Feitian Technology Co.,Ltd</Manufacturer>
+ <SerialNo>1000133508255</SerialNo>
+ </DeviceInfo>
+ <Key Id="1000133508255"
Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp">
+ <AlgorithmParameters>
+ <ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </AlgorithmParameters>
+ <Data>
+ <Secret>
+ <PlainValue>wRjcslncyKj//L1oaDVQbAvCNnI=</PlainValue>
+ </Secret>
+ <Counter>
+ <PlainValue>0</PlainValue>
+ </Counter>
+ </Data>
+ <Policy>
+ <StartDate>2012-08-01T00:00:00Z</StartDate>
+ <ExpiryDate>2037-12-31T00:00:00Z</ExpiryDate>
+ </Policy>
+ </Key>
+ </KeyPackage>
+ <KeyPackage>
+ <DeviceInfo>
+ <Manufacturer>Feitian Technology Co.,Ltd</Manufacturer>
+ <SerialNo>2600124809778</SerialNo>
+ </DeviceInfo>
+ <Key Id="2600124809778"
Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:totp">
+ <AlgorithmParameters>
+ <ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </AlgorithmParameters>
+ <Data>
+ <Secret>
+ <PlainValue>MRffGnGNJKmo8uSW313HCvGNIYM=</PlainValue>
+ </Secret>
+ <Time>
+ <PlainValue>0</PlainValue>
+ </Time>
+ <TimeInterval>
+ <PlainValue>60</PlainValue>
+ </TimeInterval>
+ </Data>
+ <Policy>
+ <StartDate>2012-08-01T00:00:00Z</StartDate>
+ <ExpiryDate>2037-12-31T00:00:00Z</ExpiryDate>
+ </Policy>
+ </Key>
+ </KeyPackage>
+ <KeyPackage>
+ <DeviceInfo>
+ <Manufacturer>Feitian Technology Co.,Ltd</Manufacturer>
+ <SerialNo>2600124809787</SerialNo>
+ </DeviceInfo>
+ <Key Id="2600124809787"
Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:totp">
+ <AlgorithmParameters>
+ <ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </AlgorithmParameters>
+ <Data>
+ <Secret>
+ <PlainValue>9O9PX9g20x74kIcaLLrGiwMUReM=</PlainValue>
+ </Secret>
+ <Time>
+ <PlainValue>0</PlainValue>
+ </Time>
+ <TimeInterval>
+ <PlainValue>60</PlainValue>
+ </TimeInterval>
+ </Data>
+ <Policy>
+ <StartDate>2012-08-01T00:00:00Z</StartDate>
+ <ExpiryDate>2037-12-31T00:00:00Z</ExpiryDate>
+ </Policy>
+ </Key>
+ </KeyPackage>
+ <KeyPackage>
+ <DeviceInfo>
+ <Manufacturer>Feitian Technology Co.,Ltd</Manufacturer>
+ <SerialNo>2600135004012</SerialNo>
+ </DeviceInfo>
+ <Key Id="2600135004012"
Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:totp">
+ <AlgorithmParameters>
+ <ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </AlgorithmParameters>
+ <Data>
+ <Secret>
+ <PlainValue>A0DxFX1zRVTsxJlMKFsDXuNQYcI=</PlainValue>
+ </Secret>
+ <Time>
+ <PlainValue>0</PlainValue>
+ </Time>
+ <TimeInterval>
+ <PlainValue>60</PlainValue>
+ </TimeInterval>
+ </Data>
+ <Policy>
+ <StartDate>2012-08-01T00:00:00Z</StartDate>
+ <ExpiryDate>2037-12-31T00:00:00Z</ExpiryDate>
+ </Policy>
+ </Key>
+ </KeyPackage>
+ <KeyPackage>
+ <DeviceInfo>
+ <Manufacturer>Feitian Technology Co.,Ltd</Manufacturer>
+ <SerialNo>2600135004013</SerialNo>
+ </DeviceInfo>
+ <Key Id="2600135004013"
Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:totp">
+ <AlgorithmParameters>
+ <ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </AlgorithmParameters>
+ <Data>
+ <Secret>
+ <PlainValue>NSLuCF/qeQPsqY7Sod4anJMjIBg=</PlainValue>
+ </Secret>
+ <Time>
+ <PlainValue>0</PlainValue>
+ </Time>
+ <TimeInterval>
+ <PlainValue>60</PlainValue>
+ </TimeInterval>
+ </Data>
+ <Policy>
+ <StartDate>2012-08-01T00:00:00Z</StartDate>
+ <ExpiryDate>2037-12-31T00:00:00Z</ExpiryDate>
+ </Policy>
+ </Key>
+ </KeyPackage>
+</KeyContainer>
diff --git a/tests/nagraid/file1.pskcxml b/tests/nagraid/file1.pskcxml
new file mode 100644
index 0000000..f301251
--- /dev/null
+++ b/tests/nagraid/file1.pskcxml
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+This file was lifted from the LinOTP test suite and should include OCRA keys.
+The pre-shared key is 4A057F6AB6FCB57AB5408E46A9835E68.
+-->
+
+<KeyContainer Version="1.0"
+ Id="KC20130122"
+ xmlns="urn:ietf:params:xml:ns:keyprov:pskc"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
+ <EncryptionKey>
+ <ds:KeyName>Pre-shared-key</ds:KeyName>
+ </EncryptionKey>
+ <MACMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";>
+ <MACKey>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>OdudVkgsZywiwE1HqPGOJtHmBl+6HzJkylgDrZU9gcflyCddzO+cxEwzYIlOiwrE</xenc:CipherValue>
+ </xenc:CipherData>
+ </MACKey>
+ </MACMethod>
+ <KeyPackage>
+ <DeviceInfo>
+ <Manufacturer>NagraID Security</Manufacturer>
+ <SerialNo>306EUO4-00960</SerialNo>
+ <Model>306E</Model>
+ <IssueNo>880479B6A2CA2080</IssueNo>
+ </DeviceInfo>
+ <Key Id="880479B6A2CA2080"
+ Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra">
+ <AlgorithmParameters>
+ <Suite>OCRA-1:HOTP-SHA1-6:C-QN08-PSHA1</Suite>
+ <ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </AlgorithmParameters>
+ <Data>
+ <Secret>
+ <EncryptedValue>
+ <xenc:EncryptionMethod
+ Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>VHdEP8TXnMmE3yiAnB5Fx+SQ85UXCNAxH7IyOixJpUZHMk9GTdFYWNsxZp8jVpfp</xenc:CipherValue>
+ </xenc:CipherData>
+ </EncryptedValue>
+ <ValueMAC>uQ1Bef+XVXHQoW4ZzyQ/cv/9zYA=</ValueMAC>
+ </Secret>
+ <Counter>
+ <PlainValue>0</PlainValue>
+ </Counter>
+ </Data>
+ </Key>
+ </KeyPackage>
+ <KeyPackage>
+ <DeviceInfo>
+ <Manufacturer>NagraID Security</Manufacturer>
+ <SerialNo>306EUO4-00954</SerialNo>
+ <Model>306E</Model>
+ <IssueNo>880489CFA2CA2080</IssueNo>
+ </DeviceInfo>
+ <Key Id="880489CFA2CA2080"
+ Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra">
+ <AlgorithmParameters>
+ <Suite>OCRA-1:HOTP-SHA1-6:C-QN08-PSHA1</Suite>
+ <ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </AlgorithmParameters>
+ <Data>
+ <Secret>
+ <EncryptedValue>
+ <xenc:EncryptionMethod
+ Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>YTvA1cSntb4cPJHPFkJwuSZkAsLPo+o1EJPA22DeijZRaKhJAwArQKbwDwSmNrR1</xenc:CipherValue>
+ </xenc:CipherData>
+ </EncryptedValue>
+ <ValueMAC>N8QGRQ7yKd8suyUgaEVme7f0HrA=</ValueMAC>
+ </Secret>
+ <Counter>
+ <PlainValue>0</PlainValue>
+ </Counter>
+ </Data>
+ </Key>
+ </KeyPackage>
+ <KeyPackage>
+ <DeviceInfo>
+ <Manufacturer>NagraID Security</Manufacturer>
+ <SerialNo>306EUO4-00958</SerialNo>
+ <Model>306E</Model>
+ <IssueNo>880497B3A2CA2080</IssueNo>
+ </DeviceInfo>
+ <Key Id="880497B3A2CA2080"
+ Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:ocra">
+ <AlgorithmParameters>
+ <Suite>OCRA-1:HOTP-SHA1-6:C-QN08-PSHA1</Suite>
+ <ResponseFormat Length="6" Encoding="DECIMAL"/>
+ </AlgorithmParameters>
+ <Data>
+ <Secret>
+ <EncryptedValue>
+ <xenc:EncryptionMethod
+ Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>BdxW7Pb46LafGV8k2zDQ48ujoyYX7M+JumfS3Wx5dP1E9y5By/97QTMiGkzJrcWj</xenc:CipherValue>
+ </xenc:CipherData>
+ </EncryptedValue>
+ <ValueMAC>WGhmLhbGn4Dksa7lHKfKOqbsJhU=</ValueMAC>
+ </Secret>
+ <Counter>
+ <PlainValue>0</PlainValue>
+ </Counter>
+ </Data>
+ </Key>
+ </KeyPackage>
+</KeyContainer>
diff --git a/tests/test_vendors.doctest b/tests/test_vendors.doctest
new file mode 100644
index 0000000..006338f
--- /dev/null
+++ b/tests/test_vendors.doctest
@@ -0,0 +1,104 @@
+test_vendors.doctest - test for PSKC files provided by vendors
+
+Copyright (C) 2016 Arthur de Jong
+
+This library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Lesser General Public
+License as published by the Free Software Foundation; either
+version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public
+License along with this library; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA
+
+
+>>> from binascii import a2b_hex, b2a_hex
+>>> def tostr(x):
+... return str(x.decode())
+>>> def decode(f):
+... return lambda x: tostr(f(x))
+>>> b2a_hex = decode(b2a_hex)
+
+>>> from pskc import PSKC
+
+
+This tests a simple non-encrypted PSKC file from Feitian. The PSKC file
+contains two HOTP keys and four TOTP keys.
+
+>>> pskc = PSKC('tests/feitian/file1.pskcxml')
+>>> pskc.keys[0].manufacturer
+'Feitian Technology Co.,Ltd'
+>>> print('\n'.join(key.serial for key in pskc.keys)) #doctest: +REPORT_UDIFF
+1000133508267
+1000133508255
+2600124809778
+2600124809787
+2600135004012
+2600135004013
+>>> print('\n'.join(key.algorithm for key in pskc.keys)) #doctest:
+REPORT_UDIFF
+urn:ietf:params:xml:ns:keyprov:pskc:hotp
+urn:ietf:params:xml:ns:keyprov:pskc:hotp
+urn:ietf:params:xml:ns:keyprov:pskc:totp
+urn:ietf:params:xml:ns:keyprov:pskc:totp
+urn:ietf:params:xml:ns:keyprov:pskc:totp
+urn:ietf:params:xml:ns:keyprov:pskc:totp
+>>> pskc.keys[5].time_interval
+60
+
+
+This tests a sample seed file originally provided by GOOZE for Feitian
+c100 / c200 hardware tokens. There is one TOTP key and one HTOP key in
+the file.
+
+>>> pskc = PSKC('tests/feitian/20120919-test001-4282.xml')
+>>> pskc.keys[0].manufacturer
+'FeiTian Technology Co.,Ltd'
+>>> print('\n'.join(key.serial for key in pskc.keys))
+2600215704919
+1000117803294
+>>> key = pskc.keys[0]
+>>> key.algorithm, key.response_length, key.time_offset, key.time_interval
+('urn:ietf:params:xml:ns:keyprov:pskc:totp', 6, 0, 60)
+>>> key.policy.start_date
+datetime.datetime(2012, 9, 19, 0, 0, tzinfo=tzutc())
+>>> key.policy.expiry_date
+datetime.datetime(2022, 9, 1, 0, 0, tzinfo=tzutc())
+>>> key = pskc.keys[1]
+>>> key.algorithm, key.response_length, key.counter
+('urn:ietf:params:xml:ns:keyprov:pskc:hotp', 6, 0)
+>>> key.policy.start_date
+datetime.datetime(2012, 9, 19, 0, 0, tzinfo=tzutc())
+>>> key.policy.expiry_date
+datetime.datetime(2022, 9, 1, 0, 0, tzinfo=tzutc())
+
+
+This tests a simple PSKC file from NagraID which is protected by a pre-shared
+key. The file contains three OCRA keys.
+
+>>> pskc = PSKC('tests/nagraid/file1.pskcxml')
+>>> print('\n'.join(key.serial for key in pskc.keys)) #doctest: +REPORT_UDIFF
+306EUO4-00960
+306EUO4-00954
+306EUO4-00958
+>>> key = pskc.keys[0]
+>>> bool(key.secret) # doctest: +IGNORE_EXCEPTION_DETAIL
+Traceback (most recent call last):
+ ...
+DecryptionError: No key available
+>>> pskc.encryption.key_name
+'Pre-shared-key'
+>>> pskc.encryption.key = a2b_hex('4A057F6AB6FCB57AB5408E46A9835E68')
+>>> bool(key.secret)
+True
+>>> key.check()
+True
+>>> print('\n'.join(key.algorithm_suite for key in pskc.keys)) #doctest:
+REPORT_UDIFF
+OCRA-1:HOTP-SHA1-6:C-QN08-PSHA1
+OCRA-1:HOTP-SHA1-6:C-QN08-PSHA1
+OCRA-1:HOTP-SHA1-6:C-QN08-PSHA1
http://arthurdejong.org/git/python-pskc/commit/?id=aae8a18d556f09e6e1a4873dccfc62ae097d83e5
commit aae8a18d556f09e6e1a4873dccfc62ae097d83e5
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Sun Jan 31 14:37:23 2016 +0100
Support various integer representations
This extends support for handling various encoding methods for integer
values in PSKC files. For encrypted files the decrypted value is first
tried to be evaluated as an ASCII representation of the number and after
that big-endian decoded.
For plaintext values first ASCII decoding is tried after which base64
decoding is tried which tries the same encodings as for decrypted
values.
There should be no possibility for any base64 encoded value (either of
an ASCII value or a big-endian value) to be interpreted as an ASCII
value for any 32-bit integer.
There is a possibility that a big-endian encoded integer could be
incorrectly interpreted as an ASCII value but this is only the case for
110 numbers when only considering 6-digit numbers.
diff --git a/pskc/key.py b/pskc/key.py
index 858d12d..3df4055 100644
--- a/pskc/key.py
+++ b/pskc/key.py
@@ -21,6 +21,7 @@
"""Module that handles keys stored in PSKC files."""
+import array
import base64
from pskc.policy import Policy
@@ -156,14 +157,24 @@ class IntegerDataType(DataType):
@staticmethod
def _from_text(value):
"""Convert the plain value to native representation."""
- return int(value)
+ # try normal integer string parsing
+ try:
+ return int(value)
+ except ValueError:
+ pass
+ # fall back to base64 decoding
+ return IntegerDataType._from_bin(base64.b64decode(value))
@staticmethod
def _from_bin(value):
"""Convert the unencrypted binary to native representation."""
+ # try to handle value as ASCII representation
+ if value.isdigit():
+ return int(value)
+ # fall back to do big-endian decoding
result = 0
- for x in value:
- result = (result << 8) + ord(x)
+ for x in array.array('B', value):
+ result = (result << 8) + x
return result
@staticmethod
diff --git a/tests/misc/integers.pskcxml b/tests/misc/integers.pskcxml
new file mode 100644
index 0000000..24096f6
--- /dev/null
+++ b/tests/misc/integers.pskcxml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ This test file contains various ways of storing integer values.
+
+ Test that holds an aes128-cbc encrypted value. Key is
+ 12345678901234567890123456789012.
+-->
+
+<KeyContainer Version="1.0"
+ xmlns="urn:ietf:params:xml:ns:keyprov:pskc"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
+ <EncryptionKey>
+ <ds:KeyName>Pre-shared-key</ds:KeyName>
+ </EncryptionKey>
+ <!-- value 831791 as plain value ASCII encoded -->
+ <KeyPackage><Key><Data><Counter>
+ <PlainValue>831791</PlainValue>
+ </Counter></Data></Key></KeyPackage>
+ <!-- value 709791 ASCII encoded and then base64 encoded -->
+ <KeyPackage><Key><Data><Counter>
+ <PlainValue>NzA5Nzkx</PlainValue>
+ </Counter></Data></Key></KeyPackage>
+ <!-- value 405834 big endian encoded and then base64 encoded -->
+ <KeyPackage><Key><Data><Counter>
+ <PlainValue>AAYxSg==</PlainValue>
+ </Counter></Data></Key></KeyPackage>
+ <!-- value 298507 ASCII encoded and then encrypted -->
+ <KeyPackage><Key><Data><Counter>
+ <EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>I9Ro0yqZSyNhPY43+fZue7JvyPxbAqtNPuFiu3HprxY=</xenc:CipherValue>
+ </xenc:CipherData>
+ </EncryptedValue>
+ </Counter></Data></Key></KeyPackage>
+ <!-- value 961392 big endian encoded and then encrypted -->
+ <KeyPackage><Key><Data><Counter>
+ <EncryptedValue>
+ <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+
<xenc:CipherValue>juW3FkXwJwOoyJJ24vfY+ug/J3qAnaEMrhDeJgAMWMg=</xenc:CipherValue>
+ </xenc:CipherData>
+ </EncryptedValue>
+ </Counter></Data></Key></KeyPackage>
+</KeyContainer>
diff --git a/tests/test_misc.doctest b/tests/test_misc.doctest
index 8060da6..5af5778 100644
--- a/tests/test_misc.doctest
+++ b/tests/test_misc.doctest
@@ -18,7 +18,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA
->>> from binascii import b2a_hex
+>>> from binascii import a2b_hex, b2a_hex
>>> def tostr(x):
... return str(x.decode())
>>> def decode(f):
@@ -121,3 +121,11 @@ encryption key from a password.
Traceback (most recent call last):
...
KeyDerivationError: No algorithm specified
+
+
+Integers can be represented in different ways in PSKC files.
+
+>>> pskc = PSKC('tests/misc/integers.pskcxml')
+>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
+>>> [key.counter for key in pskc.keys]
+[831791, 709791, 405834, 298507, 961392]
http://arthurdejong.org/git/python-pskc/commit/?id=c86aaea6bcac0588bc4e195d03d381eaf889080c
commit c86aaea6bcac0588bc4e195d03d381eaf889080c
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Sun Jan 24 23:19:10 2016 +0100
Re-organise test files
This puts the test PSKC files in subdirectories so they can be organised
more cleanly.
diff --git a/README b/README
index 619fe2c..2231c13 100644
--- a/README
+++ b/README
@@ -22,7 +22,7 @@ parsing existing PSKC files.
Extracting key matarial from encrypted PSKC files is as simple as.
>>> from pskc import PSKC
->>> pskc = PSKC('tests/rfc6030-figure7.pskcxml')
+>>> pskc = PSKC('tests/rfc6030/figure7.pskcxml')
>>> pskc.encryption.derive_key('qwerty')
>>> for key in pskc.keys:
... print key.serial, key.secret
diff --git a/pskc/__init__.py b/pskc/__init__.py
index ea7c4c2..0771a72 100644
--- a/pskc/__init__.py
+++ b/pskc/__init__.py
@@ -31,7 +31,7 @@ for use in an OTP authentication system.
The following prints all keys, decrypting using a password:
>>> from pskc import PSKC
->>> pskc = PSKC('tests/rfc6030-figure7.pskcxml')
+>>> pskc = PSKC('tests/rfc6030/figure7.pskcxml')
>>> pskc.encryption.derive_key('qwerty')
>>> for key in pskc.keys:
... print('%s %s' % (key.serial, str(key.secret.decode())))
diff --git a/tests/draft-keyprov-actividentity-3des.pskcxml
b/tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/actividentity-3des.pskcxml
similarity index 100%
rename from tests/draft-keyprov-actividentity-3des.pskcxml
rename to
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/actividentity-3des.pskcxml
diff --git a/tests/draft-keyprov-ocra.pskcxml
b/tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/ocra.pskcxml
similarity index 100%
rename from tests/draft-keyprov-ocra.pskcxml
rename to tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/ocra.pskcxml
diff --git a/tests/draft-keyprov-securid-aes-counter.pskcxml
b/tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/securid-aes-counter.pskcxml
similarity index 100%
rename from tests/draft-keyprov-securid-aes-counter.pskcxml
rename to
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/securid-aes-counter.pskcxml
diff --git a/tests/draft-keyprov-totp.pskcxml
b/tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/totp.pskcxml
similarity index 100%
rename from tests/draft-keyprov-totp.pskcxml
rename to tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/totp.pskcxml
diff --git a/tests/aes128-cbc.pskcxml b/tests/encryption/aes128-cbc.pskcxml
similarity index 100%
rename from tests/aes128-cbc.pskcxml
rename to tests/encryption/aes128-cbc.pskcxml
diff --git a/tests/aes192-cbc.pskcxml b/tests/encryption/aes192-cbc.pskcxml
similarity index 100%
rename from tests/aes192-cbc.pskcxml
rename to tests/encryption/aes192-cbc.pskcxml
diff --git a/tests/aes256-cbc.pskcxml b/tests/encryption/aes256-cbc.pskcxml
similarity index 100%
rename from tests/aes256-cbc.pskcxml
rename to tests/encryption/aes256-cbc.pskcxml
diff --git a/tests/kw-aes128.pskcxml b/tests/encryption/kw-aes128.pskcxml
similarity index 100%
rename from tests/kw-aes128.pskcxml
rename to tests/encryption/kw-aes128.pskcxml
diff --git a/tests/kw-aes192.pskcxml b/tests/encryption/kw-aes192.pskcxml
similarity index 100%
rename from tests/kw-aes192.pskcxml
rename to tests/encryption/kw-aes192.pskcxml
diff --git a/tests/kw-aes256.pskcxml b/tests/encryption/kw-aes256.pskcxml
similarity index 100%
rename from tests/kw-aes256.pskcxml
rename to tests/encryption/kw-aes256.pskcxml
diff --git a/tests/kw-tripledes.pskcxml b/tests/encryption/kw-tripledes.pskcxml
similarity index 100%
rename from tests/kw-tripledes.pskcxml
rename to tests/encryption/kw-tripledes.pskcxml
diff --git a/tests/tripledes-cbc.pskcxml
b/tests/encryption/tripledes-cbc.pskcxml
similarity index 100%
rename from tests/tripledes-cbc.pskcxml
rename to tests/encryption/tripledes-cbc.pskcxml
diff --git a/tests/invalid-encryption.pskcxml b/tests/invalid/encryption.pskcxml
similarity index 100%
rename from tests/invalid-encryption.pskcxml
rename to tests/invalid/encryption.pskcxml
diff --git a/tests/invalid-mac-algorithm.pskcxml
b/tests/invalid/mac-algorithm.pskcxml
similarity index 100%
rename from tests/invalid-mac-algorithm.pskcxml
rename to tests/invalid/mac-algorithm.pskcxml
diff --git a/tests/invalid-mac-value.pskcxml b/tests/invalid/mac-value.pskcxml
similarity index 100%
rename from tests/invalid-mac-value.pskcxml
rename to tests/invalid/mac-value.pskcxml
diff --git a/tests/invalid-no-mac-method.pskcxml
b/tests/invalid/no-mac-method.pskcxml
similarity index 100%
rename from tests/invalid-no-mac-method.pskcxml
rename to tests/invalid/no-mac-method.pskcxml
diff --git a/tests/invalid-notxml.pskcxml b/tests/invalid/notxml.pskcxml
similarity index 100%
rename from tests/invalid-notxml.pskcxml
rename to tests/invalid/notxml.pskcxml
diff --git a/tests/invalid-wrongelement.pskcxml
b/tests/invalid/wrongelement.pskcxml
similarity index 100%
rename from tests/invalid-wrongelement.pskcxml
rename to tests/invalid/wrongelement.pskcxml
diff --git a/tests/invalid-wrongversion.pskcxml
b/tests/invalid/wrongversion.pskcxml
similarity index 100%
rename from tests/invalid-wrongversion.pskcxml
rename to tests/invalid/wrongversion.pskcxml
diff --git a/tests/SampleFullyQualifiedNS.xml
b/tests/misc/SampleFullyQualifiedNS.xml
similarity index 100%
rename from tests/SampleFullyQualifiedNS.xml
rename to tests/misc/SampleFullyQualifiedNS.xml
diff --git a/tests/odd-namespace.pskcxml b/tests/misc/odd-namespace.pskcxml
similarity index 100%
rename from tests/odd-namespace.pskcxml
rename to tests/misc/odd-namespace.pskcxml
diff --git a/tests/rfc6030-figure10.pskcxml b/tests/rfc6030/figure10.pskcxml
similarity index 100%
rename from tests/rfc6030-figure10.pskcxml
rename to tests/rfc6030/figure10.pskcxml
diff --git a/tests/rfc6030-figure2.pskcxml b/tests/rfc6030/figure2.pskcxml
similarity index 100%
rename from tests/rfc6030-figure2.pskcxml
rename to tests/rfc6030/figure2.pskcxml
diff --git a/tests/rfc6030-figure3.pskcxml b/tests/rfc6030/figure3.pskcxml
similarity index 100%
rename from tests/rfc6030-figure3.pskcxml
rename to tests/rfc6030/figure3.pskcxml
diff --git a/tests/rfc6030-figure4.pskcxml b/tests/rfc6030/figure4.pskcxml
similarity index 100%
rename from tests/rfc6030-figure4.pskcxml
rename to tests/rfc6030/figure4.pskcxml
diff --git a/tests/rfc6030-figure5.pskcxml b/tests/rfc6030/figure5.pskcxml
similarity index 100%
rename from tests/rfc6030-figure5.pskcxml
rename to tests/rfc6030/figure5.pskcxml
diff --git a/tests/rfc6030-figure6.pskcxml b/tests/rfc6030/figure6.pskcxml
similarity index 100%
rename from tests/rfc6030-figure6.pskcxml
rename to tests/rfc6030/figure6.pskcxml
diff --git a/tests/rfc6030-figure7.pskcxml b/tests/rfc6030/figure7.pskcxml
similarity index 100%
rename from tests/rfc6030-figure7.pskcxml
rename to tests/rfc6030/figure7.pskcxml
diff --git a/tests/test_draft_keyprov.doctest b/tests/test_draft_keyprov.doctest
index 8cd5f64..b184ea9 100644
--- a/tests/test_draft_keyprov.doctest
+++ b/tests/test_draft_keyprov.doctest
@@ -29,7 +29,7 @@ This tests an OCRA (OATH Challenge Response Algorithm) key
contained within
a PSKC file as described in section 3 of
draft-hoyer-keyprov-pskc-algorithm-profiles-01.
->>> pskc = PSKC('tests/draft-keyprov-ocra.pskcxml')
+>>> pskc =
PSKC('tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/ocra.pskcxml')
>>> pskc.version
'1.0'
>>> key = pskc.keys[0]
@@ -64,7 +64,7 @@ draft-hoyer-keyprov-pskc-algorithm-profiles-01.
This tests an TOTP (OATH Time based OTP) key contained within a PSKC file as
described in section 4 of draft-hoyer-keyprov-pskc-algorithm-profiles-01.
->>> pskc = PSKC('tests/draft-keyprov-totp.pskcxml')
+>>> pskc =
PSKC('tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/totp.pskcxml')
>>> pskc.version
'1.0'
>>> key = pskc.keys[0]
@@ -97,7 +97,7 @@ described in section 4 of
draft-hoyer-keyprov-pskc-algorithm-profiles-01.
This tests an SecurID-AES-Counter key contained within a PSKC file as
described in section 6 of draft-hoyer-keyprov-pskc-algorithm-profiles-01.
->>> pskc = PSKC('tests/draft-keyprov-securid-aes-counter.pskcxml')
+>>> pskc =
PSKC('tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/securid-aes-counter.pskcxml')
>>> pskc.version
'1.0'
>>> key = pskc.keys[0]
@@ -130,7 +130,7 @@ datetime.datetime(2010, 9, 30, 0, 0, tzinfo=tzutc())
This tests an ActivIdentity-3DES key contained within a PSKC file as
described in section 8 of draft-hoyer-keyprov-pskc-algorithm-profiles-01.
->>> pskc = PSKC('tests/draft-keyprov-actividentity-3des.pskcxml')
+>>> pskc =
PSKC('tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/actividentity-3des.pskcxml')
>>> pskc.version
'1.0'
>>> key = pskc.keys[0]
diff --git a/tests/test_encryption.doctest b/tests/test_encryption.doctest
index cd549c3..3674f8a 100644
--- a/tests/test_encryption.doctest
+++ b/tests/test_encryption.doctest
@@ -28,7 +28,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
>>> from pskc import PSKC
->>> pskc = PSKC('tests/aes128-cbc.pskcxml')
+>>> pskc = PSKC('tests/encryption/aes128-cbc.pskcxml')
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmlenc#aes128-cbc'
@@ -40,7 +40,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
'MacMacMacMacMacMacMa'
->>> pskc = PSKC('tests/aes192-cbc.pskcxml')
+>>> pskc = PSKC('tests/encryption/aes192-cbc.pskcxml')
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> pskc.keys[0].secret
Traceback (most recent call last):
@@ -55,7 +55,7 @@ DecryptionError: Invalid key length
'MacMacMacMacMacMacMa'
->>> pskc = PSKC('tests/aes256-cbc.pskcxml')
+>>> pskc = PSKC('tests/encryption/aes256-cbc.pskcxml')
>>> pskc.encryption.key =
>>> a2b_hex('1234567890123456789012345678901234567890123456789012345678901234')
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
@@ -67,7 +67,7 @@ DecryptionError: Invalid key length
'MacMacMacMacMacMacMa'
->>> pskc = PSKC('tests/tripledes-cbc.pskcxml')
+>>> pskc = PSKC('tests/encryption/tripledes-cbc.pskcxml')
>>> pskc.encryption.key = a2b_hex('1234')
>>> pskc.keys[0].secret
Traceback (most recent call last):
@@ -82,7 +82,7 @@ DecryptionError: Invalid key length
'MacMacMacMacMacMacMa'
->>> pskc = PSKC('tests/kw-aes128.pskcxml')
+>>> pskc = PSKC('tests/encryption/kw-aes128.pskcxml')
>>> pskc.encryption.key = a2b_hex('1234')
>>> pskc.keys[0].secret
Traceback (most recent call last):
@@ -93,7 +93,7 @@ DecryptionError: Invalid key length
'00112233445566778899aabbccddeeff'
->>> pskc = PSKC('tests/kw-aes192.pskcxml')
+>>> pskc = PSKC('tests/encryption/kw-aes192.pskcxml')
>>> pskc.encryption.key = a2b_hex('000102030405060708090a0b0c0d0e0f')
>>> pskc.keys[0].secret
Traceback (most recent call last):
@@ -104,13 +104,13 @@ DecryptionError: Invalid key length
'00112233445566778899aabbccddeeff'
->>> pskc = PSKC('tests/kw-aes256.pskcxml')
+>>> pskc = PSKC('tests/encryption/kw-aes256.pskcxml')
>>> pskc.encryption.key =
>>> a2b_hex('000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f')
>>> b2a_hex(pskc.keys[0].secret)
'00112233445566778899aabbccddeeff0001020304050607'
->>> pskc = PSKC('tests/kw-tripledes.pskcxml')
+>>> pskc = PSKC('tests/encryption/kw-tripledes.pskcxml')
>>> pskc.encryption.key = a2b_hex('255e0d1c07b646dfb3134cc843ba8aa71f')
>>> pskc.keys[0].secret
Traceback (most recent call last):
diff --git a/tests/test_invalid.doctest b/tests/test_invalid.doctest
index 5ee43d1..2d0bbb0 100644
--- a/tests/test_invalid.doctest
+++ b/tests/test_invalid.doctest
@@ -27,7 +27,7 @@ Load a number of invalid files.
This file is plain invalid XML.
->>> pskc = PSKC('tests/invalid-notxml.pskcxml')
+>>> pskc = PSKC('tests/invalid/notxml.pskcxml')
Traceback (most recent call last):
...
ParseError: Error parsing XML
@@ -35,7 +35,7 @@ ParseError: Error parsing XML
This XML file has a wrong top-level element.
->>> pskc = PSKC('tests/invalid-wrongelement.pskcxml')
+>>> pskc = PSKC('tests/invalid/wrongelement.pskcxml')
Traceback (most recent call last):
...
ParseError: Missing KeyContainer
@@ -43,7 +43,7 @@ ParseError: Missing KeyContainer
This file has an unknown PSKC version.
->>> pskc = PSKC('tests/invalid-wrongversion.pskcxml') # doctest:
+IGNORE_EXCEPTION_DETAIL
+>>> pskc = PSKC('tests/invalid/wrongversion.pskcxml') # doctest:
+IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
ParseError: Unsupported version
@@ -52,7 +52,7 @@ ParseError: Unsupported version
This PSKC file has one key with an unknown algorithm and one key without an
algorithm specified.
->>> pskc = PSKC('tests/invalid-encryption.pskcxml')
+>>> pskc = PSKC('tests/invalid/encryption.pskcxml')
>>> key = pskc.keys[0]
>>> key.id
'12345678'
@@ -76,7 +76,7 @@ DecryptionError: No algorithm specified
Specify an unknown key derivation algorithm specified.
->>> pskc = PSKC('tests/rfc6030-figure7.pskcxml')
+>>> pskc = PSKC('tests/rfc6030/figure7.pskcxml')
>>> pskc.encryption.derivation.algorithm = 'unknown'
>>> pskc.encryption.derive_key('qwerty')
Traceback (most recent call last):
@@ -87,7 +87,7 @@ KeyDerivationError: Unsupported algorithm: 'unknown'
Figure 6 does use encryption but with a pre-shared key. Attempting key
derivation with such a PSKC file should result in an exception.
->>> pskc = PSKC('tests/rfc6030-figure6.pskcxml')
+>>> pskc = PSKC('tests/rfc6030/figure6.pskcxml')
>>> pskc.encryption.derive_key('qwerty')
Traceback (most recent call last):
...
@@ -96,7 +96,7 @@ KeyDerivationError: No algorithm specified
Specify an unknown PBKDF2 PRF (pseudorandom function).
->>> pskc = PSKC('tests/rfc6030-figure7.pskcxml')
+>>> pskc = PSKC('tests/rfc6030/figure7.pskcxml')
>>> pskc.encryption.derivation.pbkdf2_prf = 'unknown'
>>> pskc.encryption.derive_key('qwerty')
Traceback (most recent call last):
@@ -106,7 +106,7 @@ KeyDerivationError: Pseudorandom function unsupported:
'unknown'
There is a ValueMAC element but no MACMethod element.
->>> pskc = PSKC('tests/invalid-no-mac-method.pskcxml')
+>>> pskc = PSKC('tests/invalid/no-mac-method.pskcxml')
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> key = pskc.keys[0]
>>> key.id
@@ -119,7 +119,7 @@ DecryptionError: No MAC key available
There is an unknown algorithm specified in MACMethod.
->>> pskc = PSKC('tests/invalid-mac-algorithm.pskcxml')
+>>> pskc = PSKC('tests/invalid/mac-algorithm.pskcxml')
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> key = pskc.keys[0]
>>> key.id
@@ -133,7 +133,7 @@ DecryptionError: Unsupported MAC algorithm: ...
The MAC value does not match the calculated MAC, something was modified in
transit.
->>> pskc = PSKC('tests/invalid-mac-value.pskcxml')
+>>> pskc = PSKC('tests/invalid/mac-value.pskcxml')
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> key = pskc.keys[0]
>>> key.id
diff --git a/tests/test_misc.doctest b/tests/test_misc.doctest
index 061b400..8060da6 100644
--- a/tests/test_misc.doctest
+++ b/tests/test_misc.doctest
@@ -86,7 +86,7 @@ Setting encryption key name and algorithm also works.
Load an PSKC file with an odd namespace.
->>> pskc = PSKC('tests/odd-namespace.pskcxml')
+>>> pskc = PSKC('tests/misc/odd-namespace.pskcxml')
>>> pskc.version
'1.0'
>>> pskc.id
@@ -102,7 +102,7 @@ Load an PSKC file with an odd namespace.
Load a PSKC file that uses the xenc11 namespace for the PBKDF2 parameters.
->>> pskc = PSKC('tests/SampleFullyQualifiedNS.xml')
+>>> pskc = PSKC('tests/misc/SampleFullyQualifiedNS.xml')
>>> pskc.encryption.key_name
'PassPhrase'
>>> pskc.encryption.derive_key('3FCA3158035072D6')
diff --git a/tests/test_rfc6030.doctest b/tests/test_rfc6030.doctest
index ba70745..98b276d 100644
--- a/tests/test_rfc6030.doctest
+++ b/tests/test_rfc6030.doctest
@@ -31,7 +31,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
This tests Figure 2 from RFC 6030. It is a basic key container example with a
simple plain text secret key.
->>> pskc = PSKC('tests/rfc6030-figure2.pskcxml')
+>>> pskc = PSKC('tests/rfc6030/figure2.pskcxml')
>>> [tostr(key.secret) for key in pskc.keys]
['1234']
>>> key = pskc.keys[0]
@@ -48,7 +48,7 @@ simple plain text secret key.
This tests Figure 3 from RFC 6030. Relative to Figure 2 this includes device,
cryptographic module and user identification as well as some more parameters.
->>> pskc = PSKC('tests/rfc6030-figure3.pskcxml')
+>>> pskc = PSKC('tests/rfc6030/figure3.pskcxml')
>>> pskc.id
'exampleID1'
>>> key = pskc.keys[0]
@@ -82,7 +82,7 @@ This tests Figure 4 from RFC 6030. In this case the key value
itself is not
contained but can be derived using the serial and out-of-band agreements on
the meanings of key_profile and key_reference.
->>> pskc = PSKC('tests/rfc6030-figure4.pskcxml')
+>>> pskc = PSKC('tests/rfc6030/figure4.pskcxml')
>>> key = pskc.keys[0]
>>> key.serial
'987654321'
@@ -97,7 +97,7 @@ the meanings of key_profile and key_reference.
This tests the key policy properties as illustrated in Figure 5 from RFC
6030.
->>> pskc = PSKC('tests/rfc6030-figure5.pskcxml')
+>>> pskc = PSKC('tests/rfc6030/figure5.pskcxml')
>>> len(pskc.keys)
2
>>> key1, key2 = pskc.keys
@@ -151,7 +151,7 @@ This tests key encryption based on pre-shared keys as
illustrated in Figure 6
from RFC 6030. The first attempt at extracting the key will fail due to the
encryption.
->>> pskc = PSKC('tests/rfc6030-figure6.pskcxml')
+>>> pskc = PSKC('tests/rfc6030/figure6.pskcxml')
>>> key = pskc.keys[0]
>>> key.id
'12345678'
@@ -173,7 +173,7 @@ True
This tests a derived master key using PBKDF2 as seen in Figure 7 from RFC
6030.
->>> pskc = PSKC('tests/rfc6030-figure7.pskcxml')
+>>> pskc = PSKC('tests/rfc6030/figure7.pskcxml')
>>> pskc.encryption.key_name
'My Password 1'
>>> pskc.encryption.derive_key('qwerty')
@@ -190,7 +190,7 @@ True
This tests bulk provisioning as shown in Figure 10 From RFC 6030.
->>> pskc = PSKC('tests/rfc6030-figure10.pskcxml')
+>>> pskc = PSKC('tests/rfc6030/figure10.pskcxml')
>>> all(key.manufacturer == 'TokenVendorAcme' for key in pskc.keys)
True
>>> [key.serial for key in pskc.keys]
diff --git a/tests/test_write.doctest b/tests/test_write.doctest
index 795aa86..36e1783 100644
--- a/tests/test_write.doctest
+++ b/tests/test_write.doctest
@@ -147,7 +147,7 @@ argument).
Read an encrypted PSKC file and write it out as an unencrypted file.
->>> pskc = PSKC('tests/kw-aes128.pskcxml')
+>>> pskc = PSKC('tests/encryption/kw-aes128.pskcxml')
>>> pskc.encryption.key = a2b_hex('000102030405060708090a0b0c0d0e0f')
>>> f = tempfile.NamedTemporaryFile()
>>> pskc.write(f.name)
http://arthurdejong.org/git/python-pskc/commit/?id=1904dc2ce7b57e432b19e599e725a6dcef17ec99
commit 1904dc2ce7b57e432b19e599e725a6dcef17ec99
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Sat Jan 23 01:14:57 2016 +0100
Add test for incorrect key derivation
If no key derivation algorithm has been specified in the PSKC file an
exception should be raised when attempting to perform key derivation.
diff --git a/tests/test_misc.doctest b/tests/test_misc.doctest
index db64b07..061b400 100644
--- a/tests/test_misc.doctest
+++ b/tests/test_misc.doctest
@@ -111,3 +111,13 @@ Load a PSKC file that uses the xenc11 namespace for the
PBKDF2 parameters.
'09fbecfd0bf47910839e2eb05ffa10b95cd0390950ce32ab790583ed134171e0'
>>> key.check()
True
+
+
+Empty PSKC files should raise a useful exception when trying to derive an
+encryption key from a password.
+
+>>> pskc = PSKC()
+>>> pskc.encryption.derive_key('123456') # doctest: +IGNORE_EXCEPTION_DETAIL
+Traceback (most recent call last):
+ ...
+KeyDerivationError: No algorithm specified
-----------------------------------------------------------------------
Summary of changes:
README | 2 +-
pskc/__init__.py | 9 +-
pskc/key.py | 33 +++--
pskc/mac.py | 2 -
pskc/policy.py | 24 +++-
pskc/xml.py | 22 ++-
.../actividentity-3des.pskcxml} | 0
.../ocra.pskcxml} | 0
.../securid-aes-counter.pskcxml} | 0
.../totp.pskcxml} | 0
tests/{ => encryption}/aes128-cbc.pskcxml | 0
tests/{ => encryption}/aes192-cbc.pskcxml | 0
tests/{ => encryption}/aes256-cbc.pskcxml | 0
tests/{ => encryption}/kw-aes128.pskcxml | 0
tests/{ => encryption}/kw-aes192.pskcxml | 0
tests/{ => encryption}/kw-aes256.pskcxml | 0
tests/{ => encryption}/kw-tripledes.pskcxml | 0
tests/{ => encryption}/tripledes-cbc.pskcxml | 0
tests/feitian/20120919-test001-4282.xml | 58 ++++++++
tests/feitian/file1.pskcxml | 158 +++++++++++++++++++++
.../mac-algorithm.pskcxml} | 0
.../mac-value.pskcxml} | 0
.../missing-encryption.pskcxml} | 13 +-
.../no-mac-method.pskcxml} | 0
tests/invalid/not-boolean.pskcxml | 15 ++
tests/invalid/not-integer.pskcxml | 15 ++
tests/invalid/not-integer2.pskcxml | 15 ++
.../notxml.pskcxml} | 0
.../unknown-encryption.pskcxml} | 18 +--
.../wrongelement.pskcxml} | 0
.../wrongversion.pskcxml} | 0
tests/{ => misc}/SampleFullyQualifiedNS.xml | 0
tests/misc/checkdigits.pskcxml | 54 +++++++
tests/misc/integers.pskcxml | 47 ++++++
tests/{ => misc}/odd-namespace.pskcxml | 0
tests/misc/policy.pskcxml | 81 +++++++++++
tests/nagraid/file1.pskcxml | 114 +++++++++++++++
.../figure10.pskcxml} | 0
.../figure2.pskcxml} | 0
.../figure3.pskcxml} | 0
.../figure4.pskcxml} | 0
.../figure5.pskcxml} | 0
.../figure6.pskcxml} | 0
.../figure7.pskcxml} | 0
tests/test_aeskw.doctest | 10 +-
tests/test_draft_keyprov.doctest | 8 +-
tests/test_encryption.doctest | 28 ++--
tests/test_invalid.doctest | 76 +++++++---
tests/test_misc.doctest | 94 +++++++++++-
tests/test_rfc6030.doctest | 30 ++--
tests/test_tripledeskw.doctest | 8 +-
tests/test_vendors.doctest | 104 ++++++++++++++
tests/test_write.doctest | 10 +-
53 files changed, 933 insertions(+), 115 deletions(-)
rename tests/{draft-keyprov-actividentity-3des.pskcxml =>
draft-hoyer-keyprov-pskc-algorithm-profiles-01/actividentity-3des.pskcxml}
(100%)
rename tests/{draft-keyprov-ocra.pskcxml =>
draft-hoyer-keyprov-pskc-algorithm-profiles-01/ocra.pskcxml} (100%)
rename tests/{draft-keyprov-securid-aes-counter.pskcxml =>
draft-hoyer-keyprov-pskc-algorithm-profiles-01/securid-aes-counter.pskcxml}
(100%)
rename tests/{draft-keyprov-totp.pskcxml =>
draft-hoyer-keyprov-pskc-algorithm-profiles-01/totp.pskcxml} (100%)
rename tests/{ => encryption}/aes128-cbc.pskcxml (100%)
rename tests/{ => encryption}/aes192-cbc.pskcxml (100%)
rename tests/{ => encryption}/aes256-cbc.pskcxml (100%)
rename tests/{ => encryption}/kw-aes128.pskcxml (100%)
rename tests/{ => encryption}/kw-aes192.pskcxml (100%)
rename tests/{ => encryption}/kw-aes256.pskcxml (100%)
rename tests/{ => encryption}/kw-tripledes.pskcxml (100%)
rename tests/{ => encryption}/tripledes-cbc.pskcxml (100%)
create mode 100644 tests/feitian/20120919-test001-4282.xml
create mode 100644 tests/feitian/file1.pskcxml
rename tests/{invalid-mac-algorithm.pskcxml => invalid/mac-algorithm.pskcxml}
(100%)
rename tests/{invalid-mac-value.pskcxml => invalid/mac-value.pskcxml} (100%)
copy tests/{invalid-no-mac-method.pskcxml =>
invalid/missing-encryption.pskcxml} (56%)
rename tests/{invalid-no-mac-method.pskcxml => invalid/no-mac-method.pskcxml}
(100%)
create mode 100644 tests/invalid/not-boolean.pskcxml
create mode 100644 tests/invalid/not-integer.pskcxml
create mode 100644 tests/invalid/not-integer2.pskcxml
rename tests/{invalid-notxml.pskcxml => invalid/notxml.pskcxml} (100%)
rename tests/{invalid-encryption.pskcxml =>
invalid/unknown-encryption.pskcxml} (63%)
rename tests/{invalid-wrongelement.pskcxml => invalid/wrongelement.pskcxml}
(100%)
rename tests/{invalid-wrongversion.pskcxml => invalid/wrongversion.pskcxml}
(100%)
rename tests/{ => misc}/SampleFullyQualifiedNS.xml (100%)
create mode 100644 tests/misc/checkdigits.pskcxml
create mode 100644 tests/misc/integers.pskcxml
rename tests/{ => misc}/odd-namespace.pskcxml (100%)
create mode 100644 tests/misc/policy.pskcxml
create mode 100644 tests/nagraid/file1.pskcxml
rename tests/{rfc6030-figure10.pskcxml => rfc6030/figure10.pskcxml} (100%)
rename tests/{rfc6030-figure2.pskcxml => rfc6030/figure2.pskcxml} (100%)
rename tests/{rfc6030-figure3.pskcxml => rfc6030/figure3.pskcxml} (100%)
rename tests/{rfc6030-figure4.pskcxml => rfc6030/figure4.pskcxml} (100%)
rename tests/{rfc6030-figure5.pskcxml => rfc6030/figure5.pskcxml} (100%)
rename tests/{rfc6030-figure6.pskcxml => rfc6030/figure6.pskcxml} (100%)
rename tests/{rfc6030-figure7.pskcxml => rfc6030/figure7.pskcxml} (100%)
create mode 100644 tests/test_vendors.doctest
hooks/post-receive
--
python-pskc
--
To unsubscribe send an email to
python-pskc-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/python-pskc-commits/
- python-pskc branch master updated. 0.3-21-g0744222,
Commits of the python-pskc project
