Add test for Figure 6 from RFC6030

This test key encryption with a pre-shared key and MAC checks.
author: Arthur de Jong <arthur@arthurdejong.org> 2014-04-12 18:03:54 +0200
committer: Arthur de Jong <arthur@arthurdejong.org> 2014-04-12 18:28:25 +0200
commit: 460f335781f8146a04262edb8f2384310118baee (patch)
tree: 256b241b5f98c6644760aa7a2e3393831bfacb99
parent: a926ddb19ed022f09995aecbf4d572aeaa83339d (diff)
2 files changed, 78 insertions, 0 deletions
diff --git a/tests/rfc6030-figure6.pskc b/tests/rfc6030-figure6.pskc
new file mode 100644
index 0000000..950c620
--- /dev/null
+++ b/tests/rfc6030-figure6.pskc
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  Figure 6 example from RFC6030 that shows key material encrypted using
+  AES-128-CBC with pre-shared key (12345678901234567890123456789012 hex).
+  The MAC key used (1122334455667788990011223344556677889900 hex) is
+  encrypted with the same key.
+-->
+
+<KeyContainer Version="1.0"
+    xmlns="urn:ietf:params:xml:ns:keyprov:pskc"
+    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+    <EncryptionKey>
+        <ds:KeyName>Pre-shared-key</ds:KeyName>
+    </EncryptionKey>
+    <MACMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
+        <MACKey>
+            <xenc:EncryptionMethod
+            Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+            <xenc:CipherData>
+                <xenc:CipherValue>
+    ESIzRFVmd4iZABEiM0RVZgKn6WjLaTC1sbeBMSvIhRejN9vJa2BOlSaMrR7I5wSX
+                </xenc:CipherValue>
+            </xenc:CipherData>
+        </MACKey>
+    </MACMethod>
+    <KeyPackage>
+        <DeviceInfo>
+            <Manufacturer>Manufacturer</Manufacturer>
+            <SerialNo>987654321</SerialNo>
+        </DeviceInfo>
+        <CryptoModuleInfo>
+            <Id>CM_ID_001</Id>
+        </CryptoModuleInfo>
+        <Key Id="12345678"
+            Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp">
+            <Issuer>Issuer</Issuer>
+            <AlgorithmParameters>
+                <ResponseFormat Length="8" Encoding="DECIMAL"/>
+            </AlgorithmParameters>
+            <Data>
+                <Secret>
+                    <EncryptedValue>
+                        <xenc:EncryptionMethod
+                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+                        <xenc:CipherData>
+                            <xenc:CipherValue>
+    AAECAwQFBgcICQoLDA0OD+cIHItlB3Wra1DUpxVvOx2lef1VmNPCMl8jwZqIUqGv
+                            </xenc:CipherValue>
+                        </xenc:CipherData>
+                    </EncryptedValue>
+                    <ValueMAC>Su+NvtQfmvfJzF6bmQiJqoLRExc=
+                    </ValueMAC>
+                </Secret>
+                <Counter>
+                    <PlainValue>0</PlainValue>
+                </Counter>
+            </Data>
+        </Key>
+    </KeyPackage>
+</KeyContainer>
diff --git a/tests/test_rfc6030.doctest b/tests/test_rfc6030.doctest
index 049f3b1..de86724 100644
--- a/tests/test_rfc6030.doctest
+++ b/tests/test_rfc6030.doctest
@@ -138,3 +138,19 @@ False
 '1234'
 >>> key1.policy.pin
 '1234'
+
+
+This tests key encryption based on pre-shared keys as illustrated in
+Figure 6 from RFC6030.
+
+>>> pskc = PSKC('tests/rfc6030-figure6.pskc')
+>>> pskc.encryption.key_name
+'Pre-shared-key'
+>>> pskc.encryption.key = '12345678901234567890123456789012'.decode('hex')
+>>> pskc.mac.key.encode('hex')
+'1122334455667788990011223344556677889900'
+>>> key = pskc.keys[0]
+>>> key.secret.encode('hex')
+'3132333435363738393031323334353637383930'
+>>> key.check()
+True
author	Arthur de Jong <arthur@arthurdejong.org>	2014-04-12 18:03:54 +0200
committer	Arthur de Jong <arthur@arthurdejong.org>	2014-04-12 18:28:25 +0200
commit	460f335781f8146a04262edb8f2384310118baee (patch)
tree	256b241b5f98c6644760aa7a2e3393831bfacb99
parent	a926ddb19ed022f09995aecbf4d572aeaa83339d (diff)