diff options
author | Arthur de Jong <arthur@arthurdejong.org> | 2014-05-31 23:39:17 +0200 |
---|---|---|
committer | Arthur de Jong <arthur@arthurdejong.org> | 2014-05-31 23:50:45 +0200 |
commit | 4d92b937bddea136a709bb29b66a2ce6fe0ac943 (patch) | |
tree | 2a4f02849d33c8b50577bb260cde83ddb1597e6b | |
parent | fd71f01a9237c9076d07ac39bf6f18d0ccc4b6fe (diff) |
Support kw-tripledes decryption
This adds support for key unwrapping using the RFC 3217 Triple DES key
wrap algorithm if the PSKC file uses this.
-rw-r--r-- | pskc/encryption.py | 6 | ||||
-rw-r--r-- | tests/kw-tripledes.pskcxml | 30 | ||||
-rw-r--r-- | tests/test_encryption.doctest | 11 |
3 files changed, 47 insertions, 0 deletions
diff --git a/pskc/encryption.py b/pskc/encryption.py index d1451df..48b9ef5 100644 --- a/pskc/encryption.py +++ b/pskc/encryption.py @@ -102,6 +102,12 @@ class EncryptedValue(object): len(key) not in AES.key_size: raise DecryptionError('Invalid key length') return unwrap(self.cipher_value, key) + elif self.algorithm.endswith('#kw-tripledes'): + from pskc.tripledeskw import unwrap + from Crypto.Cipher import DES3 + if len(key) not in DES3.key_size: + raise DecryptionError('Invalid key length') + return unwrap(self.cipher_value, key) else: raise DecryptionError('Unsupported algorithm: %r' % self.algorithm) diff --git a/tests/kw-tripledes.pskcxml b/tests/kw-tripledes.pskcxml new file mode 100644 index 0000000..ffa0264 --- /dev/null +++ b/tests/kw-tripledes.pskcxml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<!-- + Test that holds an kw-tripledes encrypted value. The pre-shared key is + 255e0d1c07b646dfb3134cc843ba8aa71f025b7c0838251f, the plain text value is + 2923bf85e06dd6ae529149f1f1bae9eab3a7da3d860d3e98. +--> + +<KeyContainer Version="1.0" + xmlns="urn:ietf:params:xml:ns:keyprov:pskc" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> + <EncryptionKey> + <ds:KeyName>Pre-shared-key</ds:KeyName> + </EncryptionKey> + <KeyPackage> + <Key> + <Data> + <Secret> + <EncryptedValue> + <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-tripledes"/> + <xenc:CipherData> + <xenc:CipherValue>aQEHYY7wkrO0jKF5ayNK6foz67QVlgQDfbXWqE6zqsJ2jGMndaRn1A==</xenc:CipherValue> + </xenc:CipherData> + </EncryptedValue> + </Secret> + </Data> + </Key> + </KeyPackage> +</KeyContainer> diff --git a/tests/test_encryption.doctest b/tests/test_encryption.doctest index 19ea062..6d39e35 100644 --- a/tests/test_encryption.doctest +++ b/tests/test_encryption.doctest @@ -81,3 +81,14 @@ DecryptionError: Invalid key length >>> pskc.encryption.key = '000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f'.decode('hex') >>> pskc.keys[0].secret.encode('hex') '00112233445566778899aabbccddeeff0001020304050607' + + +>>> pskc = PSKC('tests/kw-tripledes.pskcxml') +>>> pskc.encryption.key = '255e0d1c07b646dfb3134cc843ba8aa71f'.decode('hex') +>>> pskc.keys[0].secret +Traceback (most recent call last): + ... +DecryptionError: Invalid key length +>>> pskc.encryption.key = '255e0d1c07b646dfb3134cc843ba8aa71f025b7c0838251f'.decode('hex') +>>> pskc.keys[0].secret.encode('hex') +'2923bf85e06dd6ae529149f1f1bae9eab3a7da3d860d3e98' |