Implement MAC checking

This implements message message authentication code checking for the encrypted values if MACMethod and ValueMAC are present.
author: Arthur de Jong <arthur@arthurdejong.org> 2014-04-12 17:52:08 +0200
committer: Arthur de Jong <arthur@arthurdejong.org> 2014-04-12 18:25:54 +0200
commit: a926ddb19ed022f09995aecbf4d572aeaa83339d (patch)
tree: 55ac39a00f9a7f9defb5deecb7a63035e50a4946 /pskc/mac.py
parent: e53e8651052ec9432d7f49c41c47573ee7477c7f (diff)
1 files changed, 74 insertions, 0 deletions
diff --git a/pskc/mac.py b/pskc/mac.py
new file mode 100644
index 0000000..8fbf39c
--- /dev/null
+++ b/pskc/mac.py
@@ -0,0 +1,74 @@
+# mac.py - module for checking value signatures
+# coding: utf-8
+#
+# Copyright (C) 2014 Arthur de Jong
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 USA
+
+import base64
+import hashlib
+import hmac
+
+
+HMAC_SHA1 = 'http://www.w3.org/2000/09/xmldsig#hmac-sha1'
+
+
+class ValueMAC(object):
+
+    def __init__(self, mac, value_mac=None):
+        self.mac = mac
+        self.value_mac = None
+        self.parse(value_mac)
+
+    def parse(self, value_mac):
+        from pskc.parse import g_e_v
+        if value_mac is None:
+            return
+        value = g_e_v(value_mac, '.')
+        if value is not None:
+            self.value_mac = base64.b64decode(value)
+
+    def check(self, value):
+        if value is None or self.value_mac is None:
+            return
+        algorithm = self.mac.algorithm
+        key = self.mac.key
+        if algorithm == HMAC_SHA1 and key is not None:
+            h = hmac.new(key, value, hashlib.sha1).digest()
+            return h == self.value_mac
+
+
+class MAC(object):
+
+    def __init__(self, pskc, mac_method=None):
+        from pskc.encryption import EncryptedValue
+        self.algorithm = None
+        self.mac_key = EncryptedValue(pskc.encryption)
+        self.parse(mac_method)
+
+    def parse(self, mac_method):
+        """Read encryption information from the EncryptionKey XML tree."""
+        from pskc.parse import g_e_v, namespaces
+        if mac_method is None:
+            return
+        self.algorithm = mac_method.attrib.get('Algorithm')
+        self.mac_key.parse(mac_method.find(
+            'pskc:MACKey', namespaces=namespaces))
+        mac_key_reference = g_e_v(mac_method, 'pskc:MACKeyReference')
+
+    @property
+    def key(self):
+        return self.mac_key.decrypt()
author	Arthur de Jong <arthur@arthurdejong.org>	2014-04-12 17:52:08 +0200
committer	Arthur de Jong <arthur@arthurdejong.org>	2014-04-12 18:25:54 +0200
commit	a926ddb19ed022f09995aecbf4d572aeaa83339d (patch)
tree	55ac39a00f9a7f9defb5deecb7a63035e50a4946 /pskc/mac.py
parent	e53e8651052ec9432d7f49c41c47573ee7477c7f (diff)