diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2016-01-23 00:13:23 +0100 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2016-01-24 16:33:36 +0100 |
| commit | 9b13d3b78c864028b5e8e892141f09a65c93a68f (patch) | |
| tree | b3ad364bd23b373ef4cb9174693e2d928de01e6b | |
| parent | b6eab4723392e398a459f99ccecc9749c857f0c6 (diff) | |
Normalise algorithm names
This transforms the algorithm URIs that are set to known values when
parsing or setting the algorithm.
| -rw-r--r-- | pskc/encryption.py | 47 | ||||
| -rw-r--r-- | tests/test_misc.doctest | 2 |
2 files changed, 46 insertions, 3 deletions
diff --git a/pskc/encryption.py b/pskc/encryption.py index 2959b1a..6007d79 100644 --- a/pskc/encryption.py +++ b/pskc/encryption.py @@ -28,6 +28,48 @@ The encryption key can be derived using the KeyDerivation class. """ +# cannonical URIs of known encryption algorithms +_algorithms = { + 'tripledes-cbc': 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc', + 'kw-tripledes': 'http://www.w3.org/2001/04/xmlenc#kw-tripledes', + 'aes128-cbc': 'http://www.w3.org/2001/04/xmlenc#aes128-cbc', + 'aes192-cbc': 'http://www.w3.org/2001/04/xmlenc#aes192-cbc', + 'aes256-cbc': 'http://www.w3.org/2001/04/xmlenc#aes256-cbc', + 'kw-aes128': 'http://www.w3.org/2001/04/xmlenc#kw-aes128', + 'kw-aes192': 'http://www.w3.org/2001/04/xmlenc#kw-aes192', + 'kw-aes256': 'http://www.w3.org/2001/04/xmlenc#kw-aes256', + 'camellia128': 'http://www.w3.org/2001/04/xmldsig-more#camellia128', + 'camellia192': 'http://www.w3.org/2001/04/xmldsig-more#camellia192', + 'camellia256': 'http://www.w3.org/2001/04/xmldsig-more#camellia256', + 'kw-camellia128': 'http://www.w3.org/2001/04/xmldsig-more#kw-camellia128', + 'kw-camellia192': 'http://www.w3.org/2001/04/xmldsig-more#kw-camellia192', + 'kw-camellia256': 'http://www.w3.org/2001/04/xmldsig-more#kw-camellia256', +} + +# translation table to change old encryption names to new names +_algorithm_aliases = { + '3des-cbc': 'tripledes-cbc', + '3des112-cbc': 'tripledes-cbc', + '3des168-cbc': 'tripledes-cbc', + 'kw-3des': 'kw-tripledes', + 'pbe-3des112-cbc': 'tripledes-cbc', + 'pbe-3des168-cbc': 'tripledes-cbc', + 'pbe-aes128-cbc': 'aes128-cbc', + 'pbe-aes192-cbc': 'aes192-cbc', + 'pbe-aes256-cbc': 'aes256-cbc', + 'rsa-1_5': 'rsa-1_5', + 'rsa-oaep-mgf1p': 'rsa-oaep-mgf1p', +} + + +def normalise_algorithm(algorithm): + """Return the canonical URI for the provided algorithm.""" + if not algorithm or algorithm.lower() == 'none': + return None + algorithm = _algorithm_aliases.get(algorithm.lower(), algorithm) + return _algorithms.get(algorithm.rsplit('#', 1)[-1].lower(), algorithm) + + def unpad(value): """Remove padding from the plaintext.""" return value[0:-ord(value[-1:])] @@ -57,7 +99,8 @@ class EncryptedValue(object): return encryption_method = find(encrypted_value, 'EncryptionMethod') if encryption_method is not None: - self.algorithm = encryption_method.attrib.get('Algorithm') + self.algorithm = normalise_algorithm( + encryption_method.attrib.get('Algorithm')) self.cipher_value = findbin( encrypted_value, 'CipherData/CipherValue') @@ -235,7 +278,7 @@ class Encryption(object): @algorithm.setter def algorithm(self, value): - self._algorithm = value + self._algorithm = normalise_algorithm(value) def derive_key(self, password): """Derive a key from the password.""" diff --git a/tests/test_misc.doctest b/tests/test_misc.doctest index 4e15879..db64b07 100644 --- a/tests/test_misc.doctest +++ b/tests/test_misc.doctest @@ -79,7 +79,7 @@ Setting encryption key name and algorithm also works. >>> pskc.encryption.key_names ['Test encryption key'] >>> pskc.encryption.algorithm ->>> pskc.encryption.algorithm = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' +>>> pskc.encryption.algorithm = 'aes128-cbc' >>> pskc.encryption.algorithm 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' |