Add support for Camellia-CBC suite of algorithms

author: Arthur de Jong <arthur@arthurdejong.org> 2017-12-13 19:55:38 +0100
committer: Arthur de Jong <arthur@arthurdejong.org> 2017-12-13 22:51:00 +0100
commit: 364e93de64906f804139d2cddc1973e1b7ae5b14 (patch)
tree: ed295e382290f2945fc9210f9bda7d1de76be238
parent: 4c5e04612937c95409056818c13f60e1221a773a (diff)
5 files changed, 161 insertions, 2 deletions
diff --git a/pskc/encryption.py b/pskc/encryption.py
index d90476c..a204a51 100644
--- a/pskc/encryption.py
+++ b/pskc/encryption.py
@@ -47,6 +47,10 @@ def algorithm_key_lengths(algorithm):
             algorithm.endswith('#kw-aes192') or \
             algorithm.endswith('#kw-aes256'):
         return [int(algorithm[-3:]) // 8]
+    elif (algorithm.endswith('#camellia128-cbc') or
+            algorithm.endswith('#camellia192-cbc') or
+            algorithm.endswith('#camellia256-cbc')):
+        return [int(algorithm[-7:-4]) // 8]
     else:
         raise DecryptionError('Unsupported algorithm: %r' % algorithm)
 
@@ -93,9 +97,13 @@ def decrypt(algorithm, key, ciphertext, iv=None):
             algorithm.endswith('#kw-aes256'):
         from pskc.crypto.aeskw import unwrap
         return unwrap(ciphertext, key)
-    elif algorithm.endswith('#kw-tripledes'):  # pragma: no branch
+    elif algorithm.endswith('#kw-tripledes'):
         from pskc.crypto.tripledeskw import unwrap
         return unwrap(ciphertext, key)
+    elif (algorithm.endswith('#camellia128-cbc') or  # pragma: no branch
+            algorithm.endswith('#camellia192-cbc') or
+            algorithm.endswith('#camellia256-cbc')):
+        return _decrypt_cbc(algorithms.Camellia, key, ciphertext, iv)
     # no fallthrough because algorithm_key_lengths() fails with unknown algo
 
 
@@ -136,9 +144,13 @@ def encrypt(algorithm, key, plaintext, iv=None):
             algorithm.endswith('#kw-aes256'):
         from pskc.crypto.aeskw import wrap
         return wrap(plaintext, key)
-    elif algorithm.endswith('#kw-tripledes'):  # pragma: no branch
+    elif algorithm.endswith('#kw-tripledes'):
         from pskc.crypto.tripledeskw import wrap
         return wrap(plaintext, key)
+    elif (algorithm.endswith('#camellia128-cbc') or  # pragma: no branch
+            algorithm.endswith('#camellia192-cbc') or
+            algorithm.endswith('#camellia256-cbc')):
+        return _encrypt_cbc(algorithms.Camellia, key, plaintext, iv)
     # no fallthrough because algorithm_key_lengths() fails with unknown algo
 
 
diff --git a/tests/encryption/camellia128-cbc.pskcxml b/tests/encryption/camellia128-cbc.pskcxml
new file mode 100644
index 0000000..bbf4567
--- /dev/null
+++ b/tests/encryption/camellia128-cbc.pskcxml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  Test that holds an camellia128-cbc encrypted value. Encryption key is
+  200497e673a6fae2256e9749468a67ac.
+-->
+
+<KeyContainer Version="1.0"
+  xmlns="urn:ietf:params:xml:ns:keyprov:pskc"
+  xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+  xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionKey>
+  <ds:KeyName>Pre-shared-key</ds:KeyName>
+ </EncryptionKey>
+ <MACMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha224">
+  <MACKey>
+   <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#camellia128-cbc"/>
+   <xenc:CipherData>
+    <xenc:CipherValue>VnWO9OoCQWEuH0qsz1VnywNqjvXC/kUNcMp8cFfCqiw48doVY9XVcMV0GR5vn6g3</xenc:CipherValue>
+   </xenc:CipherData>
+  </MACKey>
+ </MACMethod>
+ <KeyPackage>
+  <Key>
+   <Data>
+    <Secret>
+     <EncryptedValue>
+      <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#camellia128-cbc"/>
+      <xenc:CipherData>
+       <xenc:CipherValue>DvtlFS8/QZle2xG8PjfA8Kg4bsjLlU8kH/sEfXC9VLWib2Z/WU8RDHR+fI9uCqOs</xenc:CipherValue>
+      </xenc:CipherData>
+     </EncryptedValue>
+     <ValueMAC>RDATcSJh3n8TAvMDoPzKqobgOCPZSluA7Gmvpg==</ValueMAC>
+    </Secret>
+   </Data>
+  </Key>
+ </KeyPackage>
+</KeyContainer>
diff --git a/tests/encryption/camellia192-cbc.pskcxml b/tests/encryption/camellia192-cbc.pskcxml
new file mode 100644
index 0000000..0365a10
--- /dev/null
+++ b/tests/encryption/camellia192-cbc.pskcxml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  Test that holds an camellia192-cbc encrypted value. Encryption key is
+  e263279877384c84c987661a9d06766affdb9b3211eae801.
+-->
+
+<KeyContainer Version="1.0"
+  xmlns="urn:ietf:params:xml:ns:keyprov:pskc"
+  xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+  xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionKey>
+  <ds:KeyName>Pre-shared-key</ds:KeyName>
+ </EncryptionKey>
+ <MACMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha224">
+  <MACKey>
+   <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#camellia192-cbc"/>
+   <xenc:CipherData>
+    <xenc:CipherValue>WAL6YRtYa5/rE/DX26NKXaHpDu2qE4q5kdtCZmvhZeHMsV76CuLlO5ybTD9RsLWK</xenc:CipherValue>
+   </xenc:CipherData>
+  </MACKey>
+ </MACMethod>
+ <KeyPackage>
+  <Key>
+   <Data>
+    <Secret>
+     <EncryptedValue>
+      <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#camellia192-cbc"/>
+      <xenc:CipherData>
+       <xenc:CipherValue>Wa5Kz1/BhuqUcpQyw8qRSDwurIsm2vjUR/PO3w1Q3//PFfHod+DgBhRW2BecWpP5</xenc:CipherValue>
+      </xenc:CipherData>
+     </EncryptedValue>
+     <ValueMAC>RDATcSJh3n8TAvMDoPzKqobgOCPZSluA7Gmvpg==</ValueMAC>
+    </Secret>
+   </Data>
+  </Key>
+ </KeyPackage>
+</KeyContainer>
diff --git a/tests/encryption/camellia256-cbc.pskcxml b/tests/encryption/camellia256-cbc.pskcxml
new file mode 100644
index 0000000..59911aa
--- /dev/null
+++ b/tests/encryption/camellia256-cbc.pskcxml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  Test that holds an camellia256-cbc encrypted value. Encryption key is
+  33b37e31c5a0a16f004e7fe727d4ff808fc1f879d85ccd8f06dbb5799565d2f5.
+-->
+
+<KeyContainer Version="1.0"
+  xmlns="urn:ietf:params:xml:ns:keyprov:pskc"
+  xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+  xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionKey>
+  <ds:KeyName>Pre-shared-key</ds:KeyName>
+ </EncryptionKey>
+ <MACMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha224">
+  <MACKey>
+   <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#camellia256-cbc"/>
+   <xenc:CipherData>
+    <xenc:CipherValue>uj9VFSjENtykiBdHoxF/CZ8y2XnWA/fW89i4xonEH9iYK2AH0/hkH7bVmI2ObcSa</xenc:CipherValue>
+   </xenc:CipherData>
+  </MACKey>
+ </MACMethod>
+ <KeyPackage>
+  <Key>
+   <Data>
+    <Secret>
+     <EncryptedValue>
+      <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#camellia256-cbc"/>
+      <xenc:CipherData>
+       <xenc:CipherValue>X7We+WREABNPa0jlsUHZqF5CWUQiPYdXJ+7ure96AcNH/7TXcQs4mFuSCOHpiv/W</xenc:CipherValue>
+      </xenc:CipherData>
+     </EncryptedValue>
+     <ValueMAC>RDATcSJh3n8TAvMDoPzKqobgOCPZSluA7Gmvpg==</ValueMAC>
+    </Secret>
+   </Data>
+  </Key>
+ </KeyPackage>
+</KeyContainer>
diff --git a/tests/test_encryption.doctest b/tests/test_encryption.doctest
index 7e1d443..7f6ebd3 100644
--- a/tests/test_encryption.doctest
+++ b/tests/test_encryption.doctest
@@ -130,6 +130,39 @@ DecryptionError: Invalid key length
 '2923bf85e06dd6ae529149f1f1bae9eab3a7da3d860d3e98'
 
 
+>>> pskc = PSKC('tests/encryption/camellia128-cbc.pskcxml')
+>>> pskc.encryption.key = a2b_hex('200497e673a6fae2256e9749468a67ac')
+>>> pskc.encryption.algorithm
+'http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc'
+>>> tostr(pskc.keys[0].secret)
+'12345678901234567890'
+>>> tostr(base64.b64encode(encrypt(pskc.encryption.algorithm, pskc.encryption.key,
+...     pskc.keys[0].secret, a2b_hex('0efb65152f3f41995edb11bc3e37c0f0'))))
+'DvtlFS8/QZle2xG8PjfA8Kg4bsjLlU8kH/sEfXC9VLWib2Z/WU8RDHR+fI9uCqOs'
+
+
+>>> pskc = PSKC('tests/encryption/camellia192-cbc.pskcxml')
+>>> pskc.encryption.key = a2b_hex('e263279877384c84c987661a9d06766affdb9b3211eae801')
+>>> pskc.encryption.algorithm
+'http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc'
+>>> tostr(pskc.keys[0].secret)
+'12345678901234567890'
+>>> tostr(base64.b64encode(encrypt(pskc.encryption.algorithm, pskc.encryption.key,
+...     pskc.keys[0].secret, a2b_hex('59AE4ACF5FC186EA94729432C3CA9148'))))
+'Wa5Kz1/BhuqUcpQyw8qRSDwurIsm2vjUR/PO3w1Q3//PFfHod+DgBhRW2BecWpP5'
+
+
+>>> pskc = PSKC('tests/encryption/camellia256-cbc.pskcxml')
+>>> pskc.encryption.key = a2b_hex('33b37e31c5a0a16f004e7fe727d4ff808fc1f879d85ccd8f06dbb5799565d2f5')
+>>> pskc.encryption.algorithm
+'http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc'
+>>> tostr(pskc.keys[0].secret)
+'12345678901234567890'
+>>> tostr(base64.b64encode(encrypt(pskc.encryption.algorithm, pskc.encryption.key,
+...     pskc.keys[0].secret, a2b_hex('5FB59EF9644400134F6B48E5B141D9A8'))))
+'X7We+WREABNPa0jlsUHZqF5CWUQiPYdXJ+7ure96AcNH/7TXcQs4mFuSCOHpiv/W'
+
+
 The IV can also be specified globally.
 
 >>> pskc = PSKC('tests/encryption/aes128-cbc-noiv.pskcxml')
author	Arthur de Jong <arthur@arthurdejong.org>	2017-12-13 19:55:38 +0100
committer	Arthur de Jong <arthur@arthurdejong.org>	2017-12-13 22:51:00 +0100
commit	364e93de64906f804139d2cddc1973e1b7ae5b14 (patch)
tree	ed295e382290f2945fc9210f9bda7d1de76be238
parent	4c5e04612937c95409056818c13f60e1221a773a (diff)