lists.arthurdejong.org
RSS feed

python-pskc branch master updated. 0.5-5-gf0d2991

[Date Prev][Date Next] [Thread Prev][Thread Next]

python-pskc branch master updated. 0.5-5-gf0d2991



This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "python-pskc".

The branch, master has been updated
       via  f0d2991ed71824551db9726fdd4bc975f192ee27 (commit)
       via  8b8848dab93f71aa7ea4f37285211582ea7054b4 (commit)
       via  e10f9c618a19dabf2d40bfbedf651c79786eb999 (commit)
      from  1fc1a035bb2e04c25bd20c88df485c9beaf331aa (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://arthurdejong.org/git/python-pskc/commit/?id=f0d2991ed71824551db9726fdd4bc975f192ee27

commit f0d2991ed71824551db9726fdd4bc975f192ee27
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Fri Jun 9 22:39:57 2017 +0200

    Document supported encryption and MAC algorithms
    
    This also includes a few other small documentation improvements.

diff --git a/docs/conf.py b/docs/conf.py
index d7ad826..2487640 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -29,7 +29,8 @@ import pskc
 # coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
 extensions = [
      'sphinx.ext.autodoc', 'sphinx.ext.doctest', 'sphinx.ext.todo',
-     'sphinx.ext.coverage', 'sphinx.ext.autosummary'
+     'sphinx.ext.coverage', 'sphinx.ext.autosummary',
+     'sphinx.ext.intersphinx',
 ]
 
 # Add any paths that contain templates here, relative to this directory.
@@ -132,7 +133,7 @@ html_theme = 'default'
 
 # If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
 # using the given strftime format.
-html_last_updated_fmt = '%b %d, %Y'
+html_last_updated_fmt = '%Y-%m-%d'
 
 # If true, SmartyPants will be used to convert quotes and dashes to
 # typographically correct entities.
@@ -189,3 +190,5 @@ man_pages = [
 
 # If true, show URL addresses after external links.
 #man_show_urls = False
+
+intersphinx_mapping = {'python': ('https://docs.python.org/3', None)}
diff --git a/docs/encryption.rst b/docs/encryption.rst
index 59242dd..df0fb8a 100644
--- a/docs/encryption.rst
+++ b/docs/encryption.rst
@@ -52,10 +52,14 @@ The Encryption class
 
    .. attribute:: algorithm
 
-      A URI of the encryption algorithm used. Setting a value for this
-      attribute will result in an attempt to use the canonical URI for this
-      algorithm. For instance setting a `3DES-CBC` value will automatically
-      be converted to `http://www.w3.org/2001/04/xmlenc#aes128-cbc`.
+      A URI of the encryption algorithm used. See the section
+      :ref:`encryption-algorithms` below for a list of algorithms URIs.
+
+      Assigned values to this attribute will be converted to the canonical
+      URI for the algorithm if it is known. For instance, the value
+      ``3DES-CBC`` will automatically be converted into
+      ``http://www.w3.org/2001/04/xmlenc#tripledes-cbc``.
+
 
    .. attribute:: key_names
 
@@ -138,3 +142,27 @@ The Encryption class
 
       By default 12000 iterations will be used and a random salt with the
       length of the to-be-generated encryption key will be used.
+
+
+.. _encryption-algorithms:
+
+Supported encryption algorithms
+-------------------------------
+
+The following encryption algorithms are currently supported by python-pskc.
+
++----------------------------------------------------+-----------------------------------------------------+
+| URI                                                | Description             
                            |
++====================================================+=====================================================+
+| ``http://www.w3.org/2001/04/xmlenc#aes128-cbc``    | AES encryption in CBC 
mode with various key lengths |
+| ``http://www.w3.org/2001/04/xmlenc#aes192-cbc``    |                         
                            |
+| ``http://www.w3.org/2001/04/xmlenc#aes256-cbc``    |                         
                            |
++----------------------------------------------------+-----------------------------------------------------+
+| ``http://www.w3.org/2001/04/xmlenc#kw-aes128``     | AES key wrap with 
various key lengths               |
+| ``http://www.w3.org/2001/04/xmlenc#kw-aes192``     |                         
                            |
+| ``http://www.w3.org/2001/04/xmlenc#kw-aes256``     |                         
                            |
++----------------------------------------------------+-----------------------------------------------------+
+| ``http://www.w3.org/2001/04/xmlenc#tripledes-cbc`` | Triple DES (3DES) 
encryption in CBC mode            |
++----------------------------------------------------+-----------------------------------------------------+
+| ``http://www.w3.org/2001/04/xmlenc#kw-tripledes``  | Triple DES (3DES) key 
wrap                          |
++----------------------------------------------------+-----------------------------------------------------+
diff --git a/docs/exceptions.rst b/docs/exceptions.rst
index fbd8e7f..81a73b2 100644
--- a/docs/exceptions.rst
+++ b/docs/exceptions.rst
@@ -1,6 +1,9 @@
 Exceptions
 ==========
 
+The module and parser will try to interpret any provided PSKC files and will
+only raise exceptions on wildly invalid PSKC files.
+
 .. module:: pskc.exceptions
 
 .. exception:: PSKCError
diff --git a/docs/mac.rst b/docs/mac.rst
index 0e8e5d5..569bc9c 100644
--- a/docs/mac.rst
+++ b/docs/mac.rst
@@ -28,9 +28,13 @@ The MAC class
 
    .. attribute:: algorithm
 
-      The name of the MAC algorithm to use (currently ``HMAC-MD5``,
-      ``HMAC-SHA1``, ``HMAC-SHA224``, ``HMAC-SHA256``, ``HMAC-SHA384`` and
-      ``HMAC-SHA512`` are supported).
+      A URI of the MAC algorithm used for message authentication. See the
+      section :ref:`mac-algorithms` below for a list of algorithm URIs.
+
+      Assigned values to this attribute will be converted to the canonical
+      URI for the algorithm if it is known. For instance, the value
+      ``HMAC-SHA-256`` will automatically be converted into
+      ``http://www.w3.org/2001/04/xmldsig-more#hmac-sha256``.
 
    .. attribute:: key
 
@@ -41,7 +45,7 @@ The MAC class
 
    .. function:: setup(...)
 
-      Configure an encrypted MAC key.
+      Configure an encrypted MAC key for creating a new PSKC file.
 
       :param str algorithm: encryption algorithm
       :param binary key: the encryption key to use
@@ -49,3 +53,31 @@ The MAC class
       None of the arguments are required. By default HMAC-SHA1 will be used
       as a MAC algorithm. If no key is configured a random key will be
       generated with the length of the output of the configured hash.
+
+      This function will automatically be called when the configured
+      encryption algorithm requires a message authentication code.
+
+
+.. _mac-algorithms:
+
+Supported MAC algorithms
+------------------------
+
+The module should support all HMAC algorithms that can be constructed from
+hash algorithms that are available in the standard Python :mod:`hashlib`
+module. At the least the following algorithms should be supported:
+
++-----------------------------------------------------------+--------------------------+
+| URI                                                       | Description      
        |
++===========================================================+==========================+
+| ``http://www.w3.org/2001/04/xmldsig-more#hmac-md5``       | MD5-based HMAC   
        |
++-----------------------------------------------------------+--------------------------+
+| ``http://www.w3.org/2000/09/xmldsig#hmac-sha1``           | SHA-1 based HMAC 
        |
++-----------------------------------------------------------+--------------------------+
+| ``http://www.w3.org/2001/04/xmldsig-more#hmac-sha224``    | SHA-2 family 
based HMACs |
+| ``http://www.w3.org/2001/04/xmldsig-more#hmac-sha256``    |                  
        |
+| ``http://www.w3.org/2001/04/xmldsig-more#hmac-sha384``    |                  
        |
+| ``http://www.w3.org/2001/04/xmldsig-more#hmac-sha512``    |                  
        |
++-----------------------------------------------------------+--------------------------+
+| ``http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160`` | RIPEMD-160 based 
HMAC    |
++-----------------------------------------------------------+--------------------------+

https://arthurdejong.org/git/python-pskc/commit/?id=8b8848dab93f71aa7ea4f37285211582ea7054b4

commit 8b8848dab93f71aa7ea4f37285211582ea7054b4
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Fri Jun 9 22:25:40 2017 +0200

    Refactor MAC lookups
    
    This switches to using the hashlib.new() function to be able to use all
    hashes that are available in Python (specifically RIPEMD160).
    
    This also adds a number of tests for HMACs using test vectors from
    RFC 2202, RFC 4231 and RFC 2857.

diff --git a/pskc/encryption.py b/pskc/encryption.py
index bbfcf2f..0fcc444 100644
--- a/pskc/encryption.py
+++ b/pskc/encryption.py
@@ -1,7 +1,7 @@
 # encryption.py - module for handling encrypted values
 # coding: utf-8
 #
-# Copyright (C) 2014-2016 Arthur de Jong
+# Copyright (C) 2014-2017 Arthur de Jong
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -144,21 +144,21 @@ class KeyDerivation(object):
 
     def derive_pbkdf2(self, password):
         from Crypto.Protocol.KDF import PBKDF2
-        from pskc.mac import get_hmac
-        from pskc.exceptions import KeyDerivationError
+        from pskc.mac import get_mac_fn
+        from pskc.exceptions import DecryptionError, KeyDerivationError
         prf = None
         if self.pbkdf2_prf:
-            prf = get_hmac(self.pbkdf2_prf)
-            if prf is None:
-                raise KeyDerivationError(
-                    'Pseudorandom function unsupported: %r' %
-                    self.pbkdf2_prf)
+            prf = get_mac_fn(self.pbkdf2_prf)
         if not all((password, self.pbkdf2_salt, self.pbkdf2_key_length,
                    self.pbkdf2_iterations)):
             raise KeyDerivationError('Incomplete PBKDF2 configuration')
-        return PBKDF2(
-            password, self.pbkdf2_salt, dkLen=self.pbkdf2_key_length,
-            count=self.pbkdf2_iterations, prf=prf)
+        try:
+            return PBKDF2(
+                password, self.pbkdf2_salt, dkLen=self.pbkdf2_key_length,
+                count=self.pbkdf2_iterations, prf=prf)
+        except DecryptionError:
+            raise KeyDerivationError(
+                    'Pseudorandom function unsupported: %r' % self.pbkdf2_prf)
 
     def derive(self, password):
         """Derive a key from the password."""
diff --git a/pskc/mac.py b/pskc/mac.py
index b051eb8..d771b9b 100644
--- a/pskc/mac.py
+++ b/pskc/mac.py
@@ -1,7 +1,7 @@
 # mac.py - module for checking value signatures
 # coding: utf-8
 #
-# Copyright (C) 2014-2016 Arthur de Jong
+# Copyright (C) 2014-2017 Arthur de Jong
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -32,36 +32,46 @@ with the PSKC encryption key.
 import re
 
 
-_hmac_url_re = re.compile(r'^.*#hmac-(?P<hash>[a-z0-9]+)$')
+_hmac_url_re = re.compile(r'^(.*#)?hmac-(?P<hash>[a-z0-9-]+)$')
 
 
-def get_hash(algorithm):
-    """Return the hash function for the specifies HMAC algorithm."""
+def _get_hash_obj(algorithm, *args):
+    """Return an instantiated hash object."""
     import hashlib
-    match = _hmac_url_re.search(algorithm)
+    from pskc.algorithms import normalise_algorithm
+    from pskc.exceptions import DecryptionError
+    match = _hmac_url_re.search(normalise_algorithm(algorithm) or '')
     if match:
-        return getattr(hashlib, match.group('hash'), None)
+        try:
+            return hashlib.new(match.group('hash'), *args)
+        except ValueError:
+            pass
+    raise DecryptionError('Unsupported MAC algorithm: %r' % algorithm)
 
 
-def get_hmac(algorithm):
-    """Return an HMAC function that takes a secret and a value and returns a
-    digest."""
+def get_mac_fn(algorithm):
+    """Return a function that takes a key and a value and returns an HMAC for
+    the specified algorithm."""
     import hmac
-    digestmod = get_hash(algorithm)
-    if digestmod is not None:
-        return lambda key, value: hmac.new(key, value, digestmod).digest()
+    return lambda key, value: hmac.new(
+        key, value,
+        lambda *args: _get_hash_obj(algorithm, *args)).digest()
 
 
-def get_mac(algorithm, key, value):
+def mac(algorithm, key, value):
     """Generate the MAC value over the specified value."""
+    return get_mac_fn(algorithm)(key, value)
+
+
+def mac_key_length(algorithm):
+    """Recommended minimal key length in bytes for the set algorithm."""
+    # https://tools.ietf.org/html/rfc2104#section-3
+    # an HMAC key should be at least as long as the hash output length
     from pskc.exceptions import DecryptionError
-    if algorithm is None:
-        raise DecryptionError('No MAC algorithm set')
-    hmacfn = get_hmac(algorithm)
-    if hmacfn is None:
-        raise DecryptionError(
-            'Unsupported MAC algorithm: %r' % algorithm)
-    return hmacfn(key, value)
+    try:
+        return int(_get_hash_obj(algorithm).digest_size)
+    except DecryptionError:
+        return 16  # fallback value
 
 
 class MAC(object):
@@ -110,17 +120,11 @@ class MAC(object):
     @property
     def algorithm_key_length(self):
         """Recommended minimal key length in bytes for the set algorithm."""
-        # https://tools.ietf.org/html/rfc2104#section-3
-        # an HMAC key should be at least as long as the hash output length
-        hashfn = get_hash(self.algorithm)
-        if hashfn is not None:
-            return int(hashfn().digest_size)
-        else:
-            return 16
+        return mac_key_length(self.algorithm)
 
     def generate_mac(self, value):
         """Generate the MAC over the specified value."""
-        return get_mac(self.algorithm, self.key, value)
+        return mac(self.algorithm, self.key, value)
 
     def setup(self, key=None, algorithm=None):
         """Configure an encrypted MAC key.
diff --git a/tests/test_invalid.doctest b/tests/test_invalid.doctest
index 9231c5c..4b8f18a 100644
--- a/tests/test_invalid.doctest
+++ b/tests/test_invalid.doctest
@@ -1,6 +1,6 @@
 test_invalid.doctest - test for invalid PSKC file
 
-Copyright (C) 2014-2016 Arthur de Jong
+Copyright (C) 2014-2017 Arthur de Jong
 
 This library is free software; you can redistribute it and/or
 modify it under the terms of the GNU Lesser General Public
@@ -143,6 +143,16 @@ Traceback (most recent call last):
 KeyDerivationError: Pseudorandom function unsupported: 'unknown'
 
 
+Specify an unknown hash for the HMAC for the PBKDF2 PRF.
+
+>>> pskc = PSKC('tests/rfc6030/figure7.pskcxml')
+>>> pskc.encryption.derivation.pbkdf2_prf = 'hmac-unknown'
+>>> pskc.encryption.derive_key('qwerty')  # doctest: +IGNORE_EXCEPTION_DETAIL
+Traceback (most recent call last):
+    ...
+KeyDerivationError: Pseudorandom function unsupported: 'hmac-unknown'
+
+
 There is a ValueMAC element but no MACMethod element.
 
 >>> pskc = PSKC('tests/invalid/no-mac-method.pskcxml')
diff --git a/tests/test_mac.doctest b/tests/test_mac.doctest
new file mode 100644
index 0000000..2951ca9
--- /dev/null
+++ b/tests/test_mac.doctest
@@ -0,0 +1,126 @@
+test_mac.doctest - test various mac schemes
+
+Copyright (C) 2017 Arthur de Jong
+
+This library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Lesser General Public
+License as published by the Free Software Foundation; either
+version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public
+License along with this library; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA
+
+
+>>> from binascii import a2b_hex, b2a_hex
+>>> def tostr(x):
+...     return str(x.decode())
+>>> def decode(f):
+...     return lambda x: tostr(f(x))
+>>> b2a_hex = decode(b2a_hex)
+>>> import hashlib
+
+>>> from pskc.mac import mac, mac_key_length
+
+
+The module supports a wide variety of HMAC algorithms.
+
+
+Some test cases from RFC 2202 for HMAC-MD5 and HMAC-SHA-1.
+
+>>> key = a2b_hex('0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b')
+>>> b2a_hex(mac('HMAC-MD5', key, b'Hi There'))
+'9294727a3638bb1c13f48ef8158bfc9d'
+>>> b2a_hex(mac('HMAC-MD5', b'Jefe', b'what do ya want for nothing?'))
+'750c783e6ab0b503eaa86e310a5db738'
+
+>>> key = a2b_hex('0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b')
+>>> b2a_hex(mac('HMAC-SHA-1', key, b'Hi There'))
+'b617318655057264e28bc0b6fb378c8ef146be00'
+>>> b2a_hex(mac('HMAC-SHA-1', b'Jefe', b'what do ya want for nothing?'))
+'effcdf6ae5eb2fa2d27416d5f184df9c259a7c79'
+
+
+Some test cases from RFC 4231 for HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384
+and HMAC-SHA-512.
+
+>>> key = a2b_hex('0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b')
+>>> data = b'Hi There'
+>>> b2a_hex(mac('HMAC-SHA-224', key, data))
+'896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22'
+>>> b2a_hex(mac('HMAC-SHA-256', key, data))
+'b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7'
+>>> b2a_hex(mac('HMAC-SHA-384', key, data))
+'afd03944d84895626b0825f4ab46907f15f9dadbe4101ec682aa034c7cebc59cfaea9ea9076ede7f4af152e8b2fa9cb6'
+>>> b2a_hex(mac('HMAC-SHA-512', key, data))
+'87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854'
+
+>>> key = b'Jefe'
+>>> data = b'what do ya want for nothing?'
+>>> b2a_hex(mac('HMAC-SHA-224', key, data))
+'a30e01098bc6dbbf45690f3a7e9e6d0f8bbea2a39e6148008fd05e44'
+>>> b2a_hex(mac('HMAC-SHA-256', key, data))
+'5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843'
+>>> b2a_hex(mac('HMAC-SHA-384', key, data))
+'af45d2e376484031617f78d2b58a6b1b9c7ef464f5a01b47e42ec3736322445e8e2240ca5e69e2c78b3239ecfab21649'
+>>> b2a_hex(mac('HMAC-SHA-512', key, data))
+'164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737'
+
+
+Some test cases from RFC 2857 for HMAC-RIPEMD160 but not all versions of
+hashlib have RIPEMD-160.
+
+>>> if 'ripemd160' in hashlib.algorithms_available:
+...     key = a2b_hex('0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b')
+...     b2a_hex(mac('HMAC-RIPEMD160', key, b'Hi There')) == \
+...         '24cb4bd67d20fc1a5d2ed7732dcc39377f0a5668'
+...     b2a_hex(mac('HMAC-RIPEMD160', b'Jefe', b'what do ya want for 
nothing?')) == \
+...         'dda6c0213a485a9e24f4742064a7f033b43c4069'
+... else:
+...     True  # some hashlib implementations
+...     True  # do not have RIPEMD-160
+True
+True
+
+
+Some recommended minimal key lengths for some algorithms.
+
+>>> mac_key_length('HMAC-MD5')
+16
+>>> mac_key_length('HMAC-SHA-1')
+20
+>>> mac_key_length('HMAC-SHA-224')
+28
+>>> mac_key_length('HMAC-SHA-256')
+32
+>>> mac_key_length('HMAC-SHA-384')
+48
+>>> mac_key_length('HMAC-SHA-512')
+64
+
+
+Unknown algorithms should raise an exception for the mac() function.
+
+>>> mac('unknown', b'FOO', b'BAR')  # doctest: +IGNORE_EXCEPTION_DETAIL
+Traceback (most recent call last):
+    ...
+DecryptionError: Unsupported MAC algorithm: 'unknown'
+>>> mac('hmac-unknown', b'FOO', b'BAR')  # doctest: +IGNORE_EXCEPTION_DETAIL
+Traceback (most recent call last):
+    ...
+DecryptionError: Unsupported MAC algorithm: 'hmac-unknown'
+
+
+The mac_key_length() function should return a default value for unknown
+MACs.
+
+>>> mac_key_length('unknown')
+16
+>>> mac_key_length('hmac-unknown')
+16

https://arthurdejong.org/git/python-pskc/commit/?id=e10f9c618a19dabf2d40bfbedf651c79786eb999

commit e10f9c618a19dabf2d40bfbedf651c79786eb999
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Fri Jun 9 22:15:09 2017 +0200

    Handle more algortihm URIs
    
    This adds a number of algorithm URIs defined in RFC 6931 and also
    simplifies the definition of the list of URIs. It also adds more aliases
    for algorithms.

diff --git a/pskc/algorithms.py b/pskc/algorithms.py
index 99760d4..973a2bb 100644
--- a/pskc/algorithms.py
+++ b/pskc/algorithms.py
@@ -1,7 +1,7 @@
 # algorithms.py - module for handling algorithm URIs
 # coding: utf-8
 #
-# Copyright (C) 2016 Arthur de Jong
+# Copyright (C) 2016-2017 Arthur de Jong
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -22,37 +22,62 @@
 
 
 # cannonical URIs of known algorithms
-_algorithms = {
-    'tripledes-cbc': 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc',
-    'kw-tripledes': 'http://www.w3.org/2001/04/xmlenc#kw-tripledes',
-    'aes128-cbc': 'http://www.w3.org/2001/04/xmlenc#aes128-cbc',
-    'aes192-cbc': 'http://www.w3.org/2001/04/xmlenc#aes192-cbc',
-    'aes256-cbc': 'http://www.w3.org/2001/04/xmlenc#aes256-cbc',
-    'kw-aes128': 'http://www.w3.org/2001/04/xmlenc#kw-aes128',
-    'kw-aes192': 'http://www.w3.org/2001/04/xmlenc#kw-aes192',
-    'kw-aes256': 'http://www.w3.org/2001/04/xmlenc#kw-aes256',
-    'camellia128': 'http://www.w3.org/2001/04/xmldsig-more#camellia128',
-    'camellia192': 'http://www.w3.org/2001/04/xmldsig-more#camellia192',
-    'camellia256': 'http://www.w3.org/2001/04/xmldsig-more#camellia256',
-    'kw-camellia128': 'http://www.w3.org/2001/04/xmldsig-more#kw-camellia128',
-    'kw-camellia192': 'http://www.w3.org/2001/04/xmldsig-more#kw-camellia192',
-    'kw-camellia256': 'http://www.w3.org/2001/04/xmldsig-more#kw-camellia256',
-    'hmac-md5': 'http://www.w3.org/2001/04/xmldsig-more#hmac-md5',
-    'hmac-sha1': 'http://www.w3.org/2000/09/xmldsig#hmac-sha1',
-    'hmac-sha224': 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha224',
-    'hmac-sha256': 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha256',
-    'hmac-sha384': 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha384',
-    'hmac-sha512': 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha512',
-    'hmac-ripemd160': 'http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160',
-    'pbkdf2': 'http://www.rsasecurity.com/rsalabs/pkcs/schemas/' +
-              'pkcs-5v2-0#pbkdf2',
-}
+# Note that even if a URI is listed here it does not mean that
+# the algorithm is supported in python-pskc.
+_algorithms = dict((x.rsplit('#', 1)[-1], x) for x in [
+    'http://www.w3.org/2001/04/xmlenc#tripledes-cbc',
+    'http://www.w3.org/2001/04/xmlenc#kw-tripledes',
+    'http://www.w3.org/2001/04/xmlenc#arcfour',
+    'http://www.w3.org/2001/04/xmlenc#aes128-cbc',
+    'http://www.w3.org/2001/04/xmlenc#aes192-cbc',
+    'http://www.w3.org/2001/04/xmlenc#aes256-cbc',
+    'http://www.w3.org/2001/04/xmlenc#kw-aes128',
+    'http://www.w3.org/2001/04/xmlenc#kw-aes192',
+    'http://www.w3.org/2001/04/xmlenc#kw-aes256',
+    'http://www.w3.org/2009/xmlenc11#aes128-gcm',
+    'http://www.w3.org/2009/xmlenc11#aes192-gcm',
+    'http://www.w3.org/2009/xmlenc11#aes256-gcm',
+    'http://www.w3.org/2009/xmlenc11#kw-aes-128-pad',
+    'http://www.w3.org/2009/xmlenc11#kw-aes-192-pad',
+    'http://www.w3.org/2009/xmlenc11#kw-aes-256-pad',
+    'http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc',
+    'http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc',
+    'http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc',
+    'http://www.w3.org/2001/04/xmldsig-more#kw-camellia128',
+    'http://www.w3.org/2001/04/xmldsig-more#kw-camellia192',
+    'http://www.w3.org/2001/04/xmldsig-more#kw-camellia256',
+    'http://www.w3.org/2007/05/xmldsig-more#seed128-cbc'
+    'http://www.w3.org/2007/05/xmldsig-more#kw-seed128',
+    'http://www.w3.org/2001/04/xmldsig-more#hmac-md5',
+    'http://www.w3.org/2000/09/xmldsig#hmac-sha1',
+    'http://www.w3.org/2001/04/xmldsig-more#hmac-sha224',
+    'http://www.w3.org/2001/04/xmldsig-more#hmac-sha256',
+    'http://www.w3.org/2001/04/xmldsig-more#hmac-sha384',
+    'http://www.w3.org/2001/04/xmldsig-more#hmac-sha512',
+    'http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160',
+    'http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2',
+    # a newer URI seems to be http://www.w3.org/2009/xmlenc11#pbkdf2
+])
+
 
 # translation table to change old encryption names to new names
 _algorithm_aliases = {
     '3des-cbc': 'tripledes-cbc',
     '3des112-cbc': 'tripledes-cbc',
     '3des168-cbc': 'tripledes-cbc',
+    'rc4': 'arcfour',
+    'kw-aes128-pad': 'kw-aes-128-pad',
+    'kw-aes192-pad': 'kw-aes-192-pad',
+    'kw-aes256-pad': 'kw-aes-256-pad',
+    'camellia128': 'camellia128-cbc',
+    'camellia192': 'camellia192-cbc',
+    'camellia256': 'camellia256-cbc',
+    'hmac-sha-1': 'hmac-sha1',
+    'hmac-sha-224': 'hmac-sha224',
+    'hmac-sha-256': 'hmac-sha256',
+    'hmac-sha-384': 'hmac-sha384',
+    'hmac-sha-512': 'hmac-sha512',
+    'hmac-ripemd-160': 'hmac-ripemd160',
     'kw-3des': 'kw-tripledes',
     'pbe-3des112-cbc': 'tripledes-cbc',
     'pbe-3des168-cbc': 'tripledes-cbc',

-----------------------------------------------------------------------

Summary of changes:
 docs/conf.py               |   7 ++-
 docs/encryption.rst        |  36 +++++++++++--
 docs/exceptions.rst        |   3 ++
 docs/mac.rst               |  40 ++++++++++++--
 pskc/algorithms.py         |  77 +++++++++++++++++----------
 pskc/encryption.py         |  22 ++++----
 pskc/mac.py                |  60 +++++++++++----------
 tests/test_invalid.doctest |  12 ++++-
 tests/test_mac.doctest     | 126 +++++++++++++++++++++++++++++++++++++++++++++
 9 files changed, 307 insertions(+), 76 deletions(-)
 create mode 100644 tests/test_mac.doctest


hooks/post-receive
-- 
python-pskc
-- 
To unsubscribe send an email to
python-pskc-commits-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/python-pskc-commits/