python-pskc branch master updated. 1.0-5-g8054c6e

[Date Prev][Date Next] [Thread Prev][Thread Next]
From: Commits of the python-pskc project <python-pskc-commits [at] lists.arthurdejong.org>
To: python-pskc-commits [at] lists.arthurdejong.org
Reply-to: python-pskc-users [at] lists.arthurdejong.org
Subject: python-pskc branch master updated. 1.0-5-g8054c6e
Date: Thu, 8 Feb 2018 21:43:33 +0100 (CET)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "python-pskc".

The branch, master has been updated
       via  8054c6e6244de9d5d830a7a24b5ef84d60f8c4b2 (commit)
       via  97faa13e7e58a0fe23087f81d667f9b26e700889 (commit)
      from  269865713b7761366e501787b0a552d76590c396 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://arthurdejong.org/git/python-pskc/commit/?id=8054c6e6244de9d5d830a7a24b5ef84d60f8c4b2

commit 8054c6e6244de9d5d830a7a24b5ef84d60f8c4b2
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Wed Jan 31 19:49:35 2018 +0100

    Always output a PSKC 1.0 format file
    
    This ignores the value of the version attribute in the PSKC object and
    always writes a PSKC 1.0 (RFC 6030) format file.

diff --git a/pskc/serialiser.py b/pskc/serialiser.py
index 51dcd70..c71f6ea 100644
--- a/pskc/serialiser.py
+++ b/pskc/serialiser.py
@@ -1,7 +1,7 @@
 # serialiser.py - PSKC file parsing functions
 # coding: utf-8
 #
-# Copyright (C) 2016-2017 Arthur de Jong
+# Copyright (C) 2016-2018 Arthur de Jong
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -47,8 +47,7 @@ class PSKCSerialiser(object):
 
     @classmethod
     def serialise_document(cls, pskc):
-        container = mk_elem('pskc:KeyContainer', Version=pskc.version,
-                            Id=pskc.id)
+        container = mk_elem('pskc:KeyContainer', Version='1.0', Id=pskc.id)
         cls.serialise_encryption(pskc.encryption, container)
         cls.serialise_mac(pskc.mac, container)
         for device in pskc.devices:

https://arthurdejong.org/git/python-pskc/commit/?id=97faa13e7e58a0fe23087f81d667f9b26e700889

commit 97faa13e7e58a0fe23087f81d667f9b26e700889
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Wed Jan 31 19:48:23 2018 +0100

    Implement removing encryption
    
    This adds a function to decrypt all values and remove the encryption of
    an encrypted PSKC file.

diff --git a/docs/encryption.rst b/docs/encryption.rst
index a6e26d1..23836db 100644
--- a/docs/encryption.rst
+++ b/docs/encryption.rst
@@ -149,6 +149,13 @@ The Encryption class
       By default 12000 iterations will be used and a random salt with the
       length of the to-be-generated encryption key will be used.
 
+   .. function:: remove_encryption()
+
+      Decrypt all data stored in the PSKC file and remove the encryption
+      configuration. This can be used to read and encrypted PSKC file,
+      decrypt the file, remove the encryption and output an unencrypted PSKC
+      file or to replace the encryption algorithm.
+
 
 .. _encryption-algorithms:
 
diff --git a/pskc/encryption.py b/pskc/encryption.py
index 77d43c1..35b7c79 100644
--- a/pskc/encryption.py
+++ b/pskc/encryption.py
@@ -1,7 +1,7 @@
 # encryption.py - module for handling encrypted values
 # coding: utf-8
 #
-# Copyright (C) 2014-2017 Arthur de Jong
+# Copyright (C) 2014-2018 Arthur de Jong
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -403,3 +403,29 @@ class Encryption(object):
     def encrypt_value(self, plaintext):
         """Encrypt the provided value and return the cipher_value."""
         return encrypt(self.algorithm, self.key, plaintext, self.iv)
+
+    def remove_encryption(self):
+        """Decrypt all values and remove the encryption from the PSKC file."""
+        # decrypt all values and store decrypted values
+        for key in self.pskc.keys:
+            key.secret = key.secret
+            key.counter = key.counter
+            key.time_offset = key.time_offset
+            key.time_interval = key.time_interval
+            key.time_drift = key.time_drift
+        # remove MAC configuration
+        self.pskc.mac.algorithm = None
+        self.pskc.mac.key = None
+        # remove encryption configuration
+        self.id = None
+        self.algorithm = None
+        self.key_names = []
+        self.key = None
+        self.iv = None
+        self.fields = []
+        # remove key derivation configuration
+        self.derivation.algorithm = None
+        self.derivation.pbkdf2_salt = None
+        self.derivation.pbkdf2_iterations = None
+        self.derivation.pbkdf2_key_length = None
+        self.derivation.pbkdf2_prf = None
diff --git a/tests/test_encryption.doctest b/tests/test_encryption.doctest
index f2ab455..0a5dcdb 100644
--- a/tests/test_encryption.doctest
+++ b/tests/test_encryption.doctest
@@ -1,6 +1,6 @@
 test_encryption.doctest - test various encryption schemes
 
-Copyright (C) 2014-2017 Arthur de Jong
+Copyright (C) 2014-2018 Arthur de Jong
 
 This library is free software; you can redistribute it and/or
 modify it under the terms of the GNU Lesser General Public
@@ -328,3 +328,24 @@ All properties can also be manually specified.
 'PBKDF2 passphrase'
 >>> b2a_hex(pskc.encryption.key)
 'e8c5fecfb2a5cbb80ff791782ff5e125cc375bb6ba113071'
+
+
+We can also remove the encryption totally and end up with a PSKC structure
+that only contains decrypted values (note that the original encryption
+properties are lost in this case).
+
+>>> pskc = PSKC('tests/encryption/aes192-cbc.pskcxml')
+>>> pskc.encryption.algorithm
+'http://www.w3.org/2001/04/xmlenc#aes192-cbc'
+>>> pskc.encryption.key = 
a2b_hex('123456789012345678901234567890123456789012345678')
+>>> tostr(pskc.keys[0].secret)
+'12345678901234567890'
+>>> pskc.encryption.remove_encryption()
+>>> pskc.encryption.algorithm is None
+True
+>>> pskc.encryption.key is None
+True
+>>> pskc.mac.key is None
+True
+>>> tostr(pskc.keys[0].secret)
+'12345678901234567890'
diff --git a/tests/test_write.doctest b/tests/test_write.doctest
index 91bbe8c..1ea806a 100644
--- a/tests/test_write.doctest
+++ b/tests/test_write.doctest
@@ -191,10 +191,7 @@ Read an encrypted PSKC file and write it out as an 
unencrypted file.
 
 >>> pskc = PSKC('tests/encryption/kw-aes128.pskcxml')
 >>> pskc.encryption.key = a2b_hex('000102030405060708090a0b0c0d0e0f')
->>> for key in pskc.keys:
-...     key.secret = key.secret  # force decryption of values
->>> pskc.encryption.key = None
->>> pskc.encryption.key_name = None
+>>> pskc.encryption.remove_encryption()
 >>> pskc.write(sys.stdout)  #doctest: +REPORT_UDIFF
 <?xml version="1.0" encoding="UTF-8"?>
 <pskc:KeyContainer xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc" 
Version="1.0">

-----------------------------------------------------------------------

Summary of changes:
 docs/encryption.rst           |  7 +++++++
 pskc/encryption.py            | 28 +++++++++++++++++++++++++++-
 pskc/serialiser.py            |  5 ++---
 tests/test_encryption.doctest | 23 ++++++++++++++++++++++-
 tests/test_write.doctest      |  5 +----
 5 files changed, 59 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
python-pskc
-- 
To unsubscribe send an email to
python-pskc-commits-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/python-pskc-commits/
python-pskc branch master updated. 1.0-5-g8054c6e, Commits of the python-pskc project
Prev by Date: python-pskc branch master updated. 1.0-3-g2698657
Next by Date: python-pskc branch master updated. 1.0-8-g924e1f3
Previous by thread: python-pskc branch master updated. 1.0-3-g2698657
Next by thread: python-pskc branch master updated. 1.0-8-g924e1f3