Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArthur de Jong <arthur@arthurdejong.org>2016-03-21 21:12:57 +0100
committerArthur de Jong <arthur@arthurdejong.org>2016-03-26 14:11:40 +0100
commit7ede4a110efddfd401b48b20cdf2ebcf89a165ad (patch)
treef69144818376a24dfb008e0bf1956c4472d2fd8d
parent1ff3237f704c0a107d5eccc1deb754888a71a1ac (diff)
Add tests for writing encrypted PSKC files
-rw-r--r--tests/test_write.doctest175
1 files changed, 175 insertions, 0 deletions
diff --git a/tests/test_write.doctest b/tests/test_write.doctest
index b4cc634..352e93d 100644
--- a/tests/test_write.doctest
+++ b/tests/test_write.doctest
@@ -165,3 +165,178 @@ Read an encrypted PSKC file and write it out as an unencrypted file.
</pskc:Key>
</pskc:KeyPackage>
</pskc:KeyContainer>
+
+
+Read an encrypted PSKC file and write it out as-is. This does not require
+providing the encryption key.
+
+>>> pskc = PSKC('tests/rfc6030/figure6.pskcxml')
+>>> pskc.write(sys.stdout) #doctest: +REPORT_UDIFF
+<?xml version="1.0" encoding="UTF-8"?>
+<pskc:KeyContainer Version="1.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <pskc:EncryptionKey>
+ <ds:KeyName>Pre-shared-key</ds:KeyName>
+ </pskc:EncryptionKey>
+ <pskc:MACMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
+ <pskc:MACKey>
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+ <xenc:CipherValue>ESIzRFVmd4iZABEiM0RVZgKn6WjLaTC1sbeBMSvIhRejN9vJa2BOlSaMrR7I5wSX</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:MACKey>
+ </pskc:MACMethod>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:Manufacturer>Manufacturer</pskc:Manufacturer>
+ <pskc:SerialNo>987654321</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:CryptoModuleInfo>
+ <pskc:Id>CM_ID_001</pskc:Id>
+ </pskc:CryptoModuleInfo>
+ <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp" Id="12345678">
+ <pskc:Issuer>Issuer</pskc:Issuer>
+ <pskc:AlgorithmParameters>
+ <pskc:ResponseFormat Encoding="DECIMAL" Length="8"/>
+ </pskc:AlgorithmParameters>
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+ <xenc:CipherValue>AAECAwQFBgcICQoLDA0OD+cIHItlB3Wra1DUpxVvOx2lef1VmNPCMl8jwZqIUqGv</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>Su+NvtQfmvfJzF6bmQiJqoLRExc=</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Counter>
+ <pskc:PlainValue>0</pskc:PlainValue>
+ </pskc:Counter>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+</pskc:KeyContainer>
+
+
+Set up an encrypted PSKC file and generate a pre-shared key for it.
+
+>>> pskc = PSKC()
+>>> key = pskc.add_key(
+... id='1', serial='123456', secret='1234', counter=42)
+>>> pskc.encryption.setup_preshared_key(
+... key_name='Pre-shared KEY', fields = ['secret', 'counter'])
+>>> f = tempfile.NamedTemporaryFile()
+>>> pskc.write(f.name)
+>>> x = sys.stdout.write(open(f.name, 'r').read()) #doctest: +ELLIPSIS +REPORT_UDIFF
+<?xml version="1.0" encoding="UTF-8"?>
+<pskc:KeyContainer Version="1.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <pskc:EncryptionKey>
+ <ds:KeyName>Pre-shared KEY</ds:KeyName>
+ </pskc:EncryptionKey>
+ <pskc:MACMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
+ <pskc:MACKey>
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+ <xenc:CipherValue>...</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:MACKey>
+ </pskc:MACMethod>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:SerialNo>123456</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Id="1">
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+ <xenc:CipherValue>...</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>...</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Counter>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+ <xenc:CipherValue>...</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>...</pskc:ValueMAC>
+ </pskc:Counter>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+</pskc:KeyContainer>
+
+
+Read the generated file back in and verify that it matches the original data.
+
+>>> newpskc = PSKC(f.name)
+>>> newpskc.encryption.algorithm == pskc.encryption.algorithm
+True
+>>> newpskc.encryption.key = pskc.encryption.key
+>>> all(newkey.check() for newkey in newpskc.keys)
+True
+>>> key = pskc.keys[0]
+>>> newkey = newpskc.keys[0]
+>>> newkey.secret == key.secret
+True
+>>> newkey.counter == key.counter
+True
+
+
+Use PBKDF2 to derive a key instead of using a pre-shared key.
+
+>>> pskc = PSKC()
+>>> key = pskc.add_key(
+... id='1', serial='123456', secret='1234', counter=42)
+>>> pskc.encryption.setup_pbkdf2(
+... 'passphrase', key_name='Passphrase')
+>>> pskc.write(sys.stdout) #doctest: +ELLIPSIS +REPORT_UDIFF
+<?xml version="1.0" encoding="UTF-8"?>
+<pskc:KeyContainer Version="1.0" xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#">
+ <pskc:EncryptionKey>
+ <xenc11:DerivedKey>
+ <xenc11:KeyDerivationMethod Algorithm="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2">
+ <xenc11:PBKDF2-params>
+ <Salt>
+ <Specified>...</Specified>
+ </Salt>
+ <IterationCount>12000</IterationCount>
+ <KeyLength>16</KeyLength>
+ </xenc11:PBKDF2-params>
+ </xenc11:KeyDerivationMethod>
+ <xenc11:MasterKeyName>Passphrase</xenc11:MasterKeyName>
+ </xenc11:DerivedKey>
+ </pskc:EncryptionKey>
+ <pskc:MACMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
+ <pskc:MACKey>
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+ <xenc:CipherValue>...</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:MACKey>
+ </pskc:MACMethod>
+ <pskc:KeyPackage>
+ <pskc:DeviceInfo>
+ <pskc:SerialNo>123456</pskc:SerialNo>
+ </pskc:DeviceInfo>
+ <pskc:Key Id="1">
+ <pskc:Data>
+ <pskc:Secret>
+ <pskc:EncryptedValue>
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <xenc:CipherData>
+ <xenc:CipherValue>...</xenc:CipherValue>
+ </xenc:CipherData>
+ </pskc:EncryptedValue>
+ <pskc:ValueMAC>...</pskc:ValueMAC>
+ </pskc:Secret>
+ <pskc:Counter>
+ <pskc:PlainValue>42</pskc:PlainValue>
+ </pskc:Counter>
+ </pskc:Data>
+ </pskc:Key>
+ </pskc:KeyPackage>
+</pskc:KeyContainer>