diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2016-09-11 22:15:55 +0200 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2016-09-11 23:46:57 +0200 |
| commit | 713d10620107a0d38a90b8110a31a856fca36a85 (patch) | |
| tree | a3519fe5f6e192168f067699a6b7ffb243579337 | |
| parent | ff811c9041312c2ae5eaa3bb47b96e3ea5f6f9db (diff) | |
Support specifying PRF in setup_pbkdf2()
This also ensures that the PRF URL is normalised.
| -rw-r--r-- | pskc/encryption.py | 5 | ||||
| -rw-r--r-- | tests/test_encryption.doctest | 8 |
2 files changed, 10 insertions, 3 deletions
diff --git a/pskc/encryption.py b/pskc/encryption.py index fd8dd49..4ce3f24 100644 --- a/pskc/encryption.py +++ b/pskc/encryption.py @@ -160,7 +160,8 @@ class KeyDerivation(object): # pseudorandom function used prf = find(pbkdf2, 'PRF') if prf is not None: - self.pbkdf2_prf = prf.get('Algorithm') + from pskc.algorithms import normalise_algorithm + self.pbkdf2_prf = normalise_algorithm(prf.get('Algorithm')) def make_xml(self, encryption_key, key_names): from pskc.xml import mk_elem @@ -220,6 +221,8 @@ class KeyDerivation(object): self.pbkdf2_iterations = 12 * 1000 if key_length: self.pbkdf2_key_length = key_length + if prf: + self.pbkdf2_prf = normalise_algorithm(prf) return self.derive_pbkdf2(password) diff --git a/tests/test_encryption.doctest b/tests/test_encryption.doctest index eed76a1..22bb118 100644 --- a/tests/test_encryption.doctest +++ b/tests/test_encryption.doctest @@ -210,10 +210,12 @@ reasonable defaults. All properties can also be manually specified. +>>> pskc = PSKC() >>> pskc.encryption.setup_pbkdf2( ... 'qwerty', iterations=1000, algorithm='aes256-cbc', key_length=24, ... salt=base64.b64decode('Ej7/PEpyEpw='), -... key_name='PBKDF2 passphrase') +... key_name='PBKDF2 passphrase', +... prf='hmac-md5') >>> pskc.encryption.derivation.algorithm 'http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2' >>> pskc.encryption.derivation.pbkdf2_iterations @@ -222,9 +224,11 @@ All properties can also be manually specified. '123eff3c4a72129c' >>> pskc.encryption.derivation.pbkdf2_key_length 24 +>>> pskc.encryption.derivation.pbkdf2_prf +'http://www.w3.org/2001/04/xmldsig-more#hmac-md5' >>> pskc.encryption.algorithm 'http://www.w3.org/2001/04/xmlenc#aes256-cbc' >>> pskc.encryption.key_name 'PBKDF2 passphrase' >>> b2a_hex(pskc.encryption.key) -'651e63cd57008476af1ff6422cd02e41a13be8f92db69ec9' +'e8c5fecfb2a5cbb80ff791782ff5e125cc375bb6ba113071' |