Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArthur de Jong <arthur@arthurdejong.org>2014-05-31 23:39:17 +0200
committerArthur de Jong <arthur@arthurdejong.org>2014-05-31 23:50:45 +0200
commit4d92b937bddea136a709bb29b66a2ce6fe0ac943 (patch)
tree2a4f02849d33c8b50577bb260cde83ddb1597e6b
parentfd71f01a9237c9076d07ac39bf6f18d0ccc4b6fe (diff)
Support kw-tripledes decryption
This adds support for key unwrapping using the RFC 3217 Triple DES key wrap algorithm if the PSKC file uses this.
-rw-r--r--pskc/encryption.py6
-rw-r--r--tests/kw-tripledes.pskcxml30
-rw-r--r--tests/test_encryption.doctest11
3 files changed, 47 insertions, 0 deletions
diff --git a/pskc/encryption.py b/pskc/encryption.py
index d1451df..48b9ef5 100644
--- a/pskc/encryption.py
+++ b/pskc/encryption.py
@@ -102,6 +102,12 @@ class EncryptedValue(object):
len(key) not in AES.key_size:
raise DecryptionError('Invalid key length')
return unwrap(self.cipher_value, key)
+ elif self.algorithm.endswith('#kw-tripledes'):
+ from pskc.tripledeskw import unwrap
+ from Crypto.Cipher import DES3
+ if len(key) not in DES3.key_size:
+ raise DecryptionError('Invalid key length')
+ return unwrap(self.cipher_value, key)
else:
raise DecryptionError('Unsupported algorithm: %r' % self.algorithm)
diff --git a/tests/kw-tripledes.pskcxml b/tests/kw-tripledes.pskcxml
new file mode 100644
index 0000000..ffa0264
--- /dev/null
+++ b/tests/kw-tripledes.pskcxml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Test that holds an kw-tripledes encrypted value. The pre-shared key is
+ 255e0d1c07b646dfb3134cc843ba8aa71f025b7c0838251f, the plain text value is
+ 2923bf85e06dd6ae529149f1f1bae9eab3a7da3d860d3e98.
+-->
+
+<KeyContainer Version="1.0"
+ xmlns="urn:ietf:params:xml:ns:keyprov:pskc"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionKey>
+ <ds:KeyName>Pre-shared-key</ds:KeyName>
+ </EncryptionKey>
+ <KeyPackage>
+ <Key>
+ <Data>
+ <Secret>
+ <EncryptedValue>
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-tripledes"/>
+ <xenc:CipherData>
+ <xenc:CipherValue>aQEHYY7wkrO0jKF5ayNK6foz67QVlgQDfbXWqE6zqsJ2jGMndaRn1A==</xenc:CipherValue>
+ </xenc:CipherData>
+ </EncryptedValue>
+ </Secret>
+ </Data>
+ </Key>
+ </KeyPackage>
+</KeyContainer>
diff --git a/tests/test_encryption.doctest b/tests/test_encryption.doctest
index 19ea062..6d39e35 100644
--- a/tests/test_encryption.doctest
+++ b/tests/test_encryption.doctest
@@ -81,3 +81,14 @@ DecryptionError: Invalid key length
>>> pskc.encryption.key = '000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f'.decode('hex')
>>> pskc.keys[0].secret.encode('hex')
'00112233445566778899aabbccddeeff0001020304050607'
+
+
+>>> pskc = PSKC('tests/kw-tripledes.pskcxml')
+>>> pskc.encryption.key = '255e0d1c07b646dfb3134cc843ba8aa71f'.decode('hex')
+>>> pskc.keys[0].secret
+Traceback (most recent call last):
+ ...
+DecryptionError: Invalid key length
+>>> pskc.encryption.key = '255e0d1c07b646dfb3134cc843ba8aa71f025b7c0838251f'.decode('hex')
+>>> pskc.keys[0].secret.encode('hex')
+'2923bf85e06dd6ae529149f1f1bae9eab3a7da3d860d3e98'