python-pskc branch master updated. 0.4-3-g5dbfefd
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
python-pskc branch master updated. 0.4-3-g5dbfefd
- From: Commits of the python-pskc project <python-pskc-commits [at] lists.arthurdejong.org>
- To: python-pskc-commits [at] lists.arthurdejong.org
- Reply-to: python-pskc-users [at] lists.arthurdejong.org
- Subject: python-pskc branch master updated. 0.4-3-g5dbfefd
- Date: Fri, 22 Apr 2016 16:17:17 +0200 (CEST)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "python-pskc".
The branch, master has been updated
via 5dbfefdd05133448c91f1ef014f71f3dc001dcd7 (commit)
via 0d7caf150e646724fbca54ac60f4d027b2b34aad (commit)
via 22ba9f158825bd0916552af4d88ec83847d77c38 (commit)
from efbe94c51bfc0ea947da7a2d079d8bdb185faed5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://arthurdejong.org/git/python-pskc/commit/?id=5dbfefdd05133448c91f1ef014f71f3dc001dcd7
commit 5dbfefdd05133448c91f1ef014f71f3dc001dcd7
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Tue Apr 5 18:35:35 2016 +0200
Remove parse call from constructors
This makes the creation if internal instances a litte more consistent.
diff --git a/pskc/__init__.py b/pskc/__init__.py
index 843a919..17021c7 100644
--- a/pskc/__init__.py
+++ b/pskc/__init__.py
@@ -99,7 +99,9 @@ class PSKC(object):
self.mac.parse(find(container, 'MACMethod'))
# handle KeyPackage entries
for key_package in findall(container, 'KeyPackage'):
- self.keys.append(Key(self, key_package))
+ key = Key(self)
+ key.parse(key_package)
+ self.keys.append(key)
def make_xml(self):
from pskc.xml import mk_elem
diff --git a/pskc/encryption.py b/pskc/encryption.py
index aeeb33c..f63bf7b 100644
--- a/pskc/encryption.py
+++ b/pskc/encryption.py
@@ -41,14 +41,13 @@ class KeyDerivation(object):
pbkdf2_prf: name of pseudorandom function used
"""
- def __init__(self, key_derivation=None):
+ def __init__(self):
self.algorithm = None
# PBKDF2 properties
self.pbkdf2_salt = None
self.pbkdf2_iterations = None
self.pbkdf2_key_length = None
self.pbkdf2_prf = None
- self.parse(key_derivation)
def parse(self, key_derivation):
"""Read derivation parameters from a <KeyDerivationMethod> element."""
diff --git a/pskc/key.py b/pskc/key.py
index d7d1cb0..56120ea 100644
--- a/pskc/key.py
+++ b/pskc/key.py
@@ -40,13 +40,12 @@ class DataType(object):
value_mac: MAC of the encrypted value
"""
- def __init__(self, key, element=None):
+ def __init__(self, key):
self.pskc = key.pskc
self.value = None
self.cipher_value = None
self.algorithm = None
self.value_mac = None
- self.parse(element)
def parse(self, element):
"""Read information from the provided element.
@@ -261,7 +260,7 @@ class Key(object):
policy: reference to policy information (see Policy class)
"""
- def __init__(self, pskc, key_package=None):
+ def __init__(self, pskc):
self.pskc = pskc
@@ -304,13 +303,9 @@ class Key(object):
self.policy = Policy(self)
- self.parse(key_package)
-
def parse(self, key_package):
"""Read key information from the provided <KeyPackage> tree."""
from pskc.xml import find, findtext, findtime, getint, getbool
- if key_package is None:
- return
key = find(key_package, 'Key')
if key is not None:
diff --git a/pskc/policy.py b/pskc/policy.py
index 87af698..20f5795 100644
--- a/pskc/policy.py
+++ b/pskc/policy.py
@@ -99,7 +99,7 @@ class Policy(object):
# The PIN is used in the algorithm computation.
PIN_USE_ALGORITHMIC = 'Algorithmic'
- def __init__(self, key=None, policy=None):
+ def __init__(self, key=None):
"""Create a new policy, optionally linked to the key and parsed."""
self.key = key
self.start_date = None
@@ -113,7 +113,6 @@ class Policy(object):
self.pin_max_length = None
self.pin_encoding = None
self.unknown_policy_elements = False
- self.parse(policy)
def parse(self, policy):
"""Read key policy information from the provided <Policy> tree."""
http://arthurdejong.org/git/python-pskc/commit/?id=0d7caf150e646724fbca54ac60f4d027b2b34aad
commit 0d7caf150e646724fbca54ac60f4d027b2b34aad
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Tue Apr 5 18:19:10 2016 +0200
Move algorithm uri handling to separate module
diff --git a/pskc/algorithms.py b/pskc/algorithms.py
new file mode 100644
index 0000000..99760d4
--- /dev/null
+++ b/pskc/algorithms.py
@@ -0,0 +1,72 @@
+# algorithms.py - module for handling algorithm URIs
+# coding: utf-8
+#
+# Copyright (C) 2016 Arthur de Jong
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 USA
+
+"""Utility module that handles algorthm URIs."""
+
+
+# cannonical URIs of known algorithms
+_algorithms = {
+ 'tripledes-cbc': 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc',
+ 'kw-tripledes': 'http://www.w3.org/2001/04/xmlenc#kw-tripledes',
+ 'aes128-cbc': 'http://www.w3.org/2001/04/xmlenc#aes128-cbc',
+ 'aes192-cbc': 'http://www.w3.org/2001/04/xmlenc#aes192-cbc',
+ 'aes256-cbc': 'http://www.w3.org/2001/04/xmlenc#aes256-cbc',
+ 'kw-aes128': 'http://www.w3.org/2001/04/xmlenc#kw-aes128',
+ 'kw-aes192': 'http://www.w3.org/2001/04/xmlenc#kw-aes192',
+ 'kw-aes256': 'http://www.w3.org/2001/04/xmlenc#kw-aes256',
+ 'camellia128': 'http://www.w3.org/2001/04/xmldsig-more#camellia128',
+ 'camellia192': 'http://www.w3.org/2001/04/xmldsig-more#camellia192',
+ 'camellia256': 'http://www.w3.org/2001/04/xmldsig-more#camellia256',
+ 'kw-camellia128': 'http://www.w3.org/2001/04/xmldsig-more#kw-camellia128',
+ 'kw-camellia192': 'http://www.w3.org/2001/04/xmldsig-more#kw-camellia192',
+ 'kw-camellia256': 'http://www.w3.org/2001/04/xmldsig-more#kw-camellia256',
+ 'hmac-md5': 'http://www.w3.org/2001/04/xmldsig-more#hmac-md5',
+ 'hmac-sha1': 'http://www.w3.org/2000/09/xmldsig#hmac-sha1',
+ 'hmac-sha224': 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha224',
+ 'hmac-sha256': 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha256',
+ 'hmac-sha384': 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha384',
+ 'hmac-sha512': 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha512',
+ 'hmac-ripemd160': 'http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160',
+ 'pbkdf2': 'http://www.rsasecurity.com/rsalabs/pkcs/schemas/' +
+ 'pkcs-5v2-0#pbkdf2',
+}
+
+# translation table to change old encryption names to new names
+_algorithm_aliases = {
+ '3des-cbc': 'tripledes-cbc',
+ '3des112-cbc': 'tripledes-cbc',
+ '3des168-cbc': 'tripledes-cbc',
+ 'kw-3des': 'kw-tripledes',
+ 'pbe-3des112-cbc': 'tripledes-cbc',
+ 'pbe-3des168-cbc': 'tripledes-cbc',
+ 'pbe-aes128-cbc': 'aes128-cbc',
+ 'pbe-aes192-cbc': 'aes192-cbc',
+ 'pbe-aes256-cbc': 'aes256-cbc',
+ 'rsa-1_5': 'rsa-1_5',
+ 'rsa-oaep-mgf1p': 'rsa-oaep-mgf1p',
+}
+
+
+def normalise_algorithm(algorithm):
+ """Return the canonical URI for the provided algorithm."""
+ if not algorithm or algorithm.lower() == 'none':
+ return None
+ algorithm = _algorithm_aliases.get(algorithm.lower(), algorithm)
+ return _algorithms.get(algorithm.rsplit('#', 1)[-1].lower(), algorithm)
diff --git a/pskc/encryption.py b/pskc/encryption.py
index a68169a..aeeb33c 100644
--- a/pskc/encryption.py
+++ b/pskc/encryption.py
@@ -28,56 +28,6 @@ The encryption key can be derived using the KeyDerivation
class.
import base64
-# cannonical URIs of known algorithms
-_algorithms = {
- 'tripledes-cbc': 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc',
- 'kw-tripledes': 'http://www.w3.org/2001/04/xmlenc#kw-tripledes',
- 'aes128-cbc': 'http://www.w3.org/2001/04/xmlenc#aes128-cbc',
- 'aes192-cbc': 'http://www.w3.org/2001/04/xmlenc#aes192-cbc',
- 'aes256-cbc': 'http://www.w3.org/2001/04/xmlenc#aes256-cbc',
- 'kw-aes128': 'http://www.w3.org/2001/04/xmlenc#kw-aes128',
- 'kw-aes192': 'http://www.w3.org/2001/04/xmlenc#kw-aes192',
- 'kw-aes256': 'http://www.w3.org/2001/04/xmlenc#kw-aes256',
- 'camellia128': 'http://www.w3.org/2001/04/xmldsig-more#camellia128',
- 'camellia192': 'http://www.w3.org/2001/04/xmldsig-more#camellia192',
- 'camellia256': 'http://www.w3.org/2001/04/xmldsig-more#camellia256',
- 'kw-camellia128': 'http://www.w3.org/2001/04/xmldsig-more#kw-camellia128',
- 'kw-camellia192': 'http://www.w3.org/2001/04/xmldsig-more#kw-camellia192',
- 'kw-camellia256': 'http://www.w3.org/2001/04/xmldsig-more#kw-camellia256',
- 'hmac-md5': 'http://www.w3.org/2001/04/xmldsig-more#hmac-md5',
- 'hmac-sha1': 'http://www.w3.org/2000/09/xmldsig#hmac-sha1',
- 'hmac-sha224': 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha224',
- 'hmac-sha256': 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha256',
- 'hmac-sha384': 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha384',
- 'hmac-sha512': 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha512',
- 'hmac-ripemd160': 'http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160',
- 'pbkdf2': 'http://www.rsasecurity.com/rsalabs/pkcs/schemas/' +
- 'pkcs-5v2-0#pbkdf2',
-}
-
-# translation table to change old encryption names to new names
-_algorithm_aliases = {
- '3des-cbc': 'tripledes-cbc',
- '3des112-cbc': 'tripledes-cbc',
- '3des168-cbc': 'tripledes-cbc',
- 'kw-3des': 'kw-tripledes',
- 'pbe-3des112-cbc': 'tripledes-cbc',
- 'pbe-3des168-cbc': 'tripledes-cbc',
- 'pbe-aes128-cbc': 'aes128-cbc',
- 'pbe-aes192-cbc': 'aes192-cbc',
- 'pbe-aes256-cbc': 'aes256-cbc',
- 'rsa-1_5': 'rsa-1_5',
- 'rsa-oaep-mgf1p': 'rsa-oaep-mgf1p',
-}
-
-
-def normalise_algorithm(algorithm):
- """Return the canonical URI for the provided algorithm."""
- if not algorithm or algorithm.lower() == 'none':
- return None
- algorithm = _algorithm_aliases.get(algorithm.lower(), algorithm)
- return _algorithms.get(algorithm.rsplit('#', 1)[-1].lower(), algorithm)
-
class KeyDerivation(object):
"""Handle key derivation.
@@ -167,6 +117,7 @@ class KeyDerivation(object):
def setup_pbkdf2(self, password, salt=None, salt_length=16,
key_length=None, iterations=None, prf=None):
from Crypto import Random
+ from pskc.algorithms import normalise_algorithm
self.algorithm = normalise_algorithm('pbkdf2')
if salt is None:
salt = Random.get_random_bytes(salt_length)
@@ -252,6 +203,7 @@ class Encryption(object):
@algorithm.setter
def algorithm(self, value):
+ from pskc.algorithms import normalise_algorithm
self._algorithm = normalise_algorithm(value)
def derive_key(self, password):
diff --git a/pskc/mac.py b/pskc/mac.py
index b4ddd53..56e8cfa 100644
--- a/pskc/mac.py
+++ b/pskc/mac.py
@@ -126,7 +126,7 @@ class MAC(object):
@algorithm.setter
def algorithm(self, value):
- from pskc.encryption import normalise_algorithm
+ from pskc.algorithms import normalise_algorithm
self._algorithm = normalise_algorithm(value)
@property
http://arthurdejong.org/git/python-pskc/commit/?id=22ba9f158825bd0916552af4d88ec83847d77c38
commit 22ba9f158825bd0916552af4d88ec83847d77c38
Author: Arthur de Jong <arthur@arthurdejong.org>
Date: Tue Mar 29 18:38:59 2016 +0200
Move padding functions to crypto package
diff --git a/pskc/crypto/__init__.py b/pskc/crypto/__init__.py
index e69de29..af0d336 100644
--- a/pskc/crypto/__init__.py
+++ b/pskc/crypto/__init__.py
@@ -0,0 +1,32 @@
+# __init__.py - general crypto utility functions
+# coding: utf-8
+#
+# Copyright (C) 2016 Arthur de Jong
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 USA
+
+"""Implement crypto utility functions."""
+
+
+def pad(value, block_size):
+ """Pad the value to block_size length."""
+ padding = block_size - (len(value) % block_size)
+ return value + padding * chr(padding).encode('ascii')
+
+
+def unpad(value):
+ """Remove padding from the plaintext."""
+ return value[0:-ord(value[-1:])]
diff --git a/pskc/encryption.py b/pskc/encryption.py
index 5a476c1..a68169a 100644
--- a/pskc/encryption.py
+++ b/pskc/encryption.py
@@ -79,17 +79,6 @@ def normalise_algorithm(algorithm):
return _algorithms.get(algorithm.rsplit('#', 1)[-1].lower(), algorithm)
-def pad(value, block_size):
- """Pad the value to block_size length."""
- padding = block_size - (len(value) % block_size)
- return value + padding * chr(padding).encode('ascii')
-
-
-def unpad(value):
- """Remove padding from the plaintext."""
- return value[0:-ord(value[-1:])]
-
-
class KeyDerivation(object):
"""Handle key derivation.
@@ -367,12 +356,14 @@ class Encryption(object):
algorithm.endswith('#aes192-cbc') or \
algorithm.endswith('#aes256-cbc'):
from Crypto.Cipher import AES
+ from pskc.crypto import unpad
iv = cipher_value[:AES.block_size]
ciphertext = cipher_value[AES.block_size:]
cipher = AES.new(key, AES.MODE_CBC, iv)
return unpad(cipher.decrypt(ciphertext))
elif algorithm.endswith('#tripledes-cbc'):
from Crypto.Cipher import DES3
+ from pskc.crypto import unpad
iv = cipher_value[:DES3.block_size]
ciphertext = cipher_value[DES3.block_size:]
cipher = DES3.new(key, DES3.MODE_CBC, iv)
@@ -402,12 +393,14 @@ class Encryption(object):
algorithm.endswith('#aes256-cbc'):
from Crypto import Random
from Crypto.Cipher import AES
+ from pskc.crypto import pad
iv = Random.get_random_bytes(AES.block_size)
cipher = AES.new(key, AES.MODE_CBC, iv)
return iv + cipher.encrypt(pad(plaintext, AES.block_size))
elif algorithm.endswith('#tripledes-cbc'):
from Crypto import Random
from Crypto.Cipher import DES3
+ from pskc.crypto import pad
iv = Random.get_random_bytes(DES3.block_size)
cipher = DES3.new(key, DES3.MODE_CBC, iv)
return iv + cipher.encrypt(pad(plaintext, DES3.block_size))
-----------------------------------------------------------------------
Summary of changes:
pskc/__init__.py | 4 ++-
pskc/algorithms.py | 72 +++++++++++++++++++++++++++++++++++++++++++++++++
pskc/crypto/__init__.py | 32 ++++++++++++++++++++++
pskc/encryption.py | 70 +++++------------------------------------------
pskc/key.py | 9 ++-----
pskc/mac.py | 2 +-
pskc/policy.py | 3 +--
7 files changed, 118 insertions(+), 74 deletions(-)
create mode 100644 pskc/algorithms.py
hooks/post-receive
--
python-pskc
--
To unsubscribe send an email to
python-pskc-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/python-pskc-commits/
- python-pskc branch master updated. 0.4-3-g5dbfefd,
Commits of the python-pskc project