Correctly write a PSKC file with a global IV

This ensures that the encryption IV, which should be per encrypted value is written out per encrypted value instead of globally. This is mostly useful for when reading an old format PSKC file and writing out a RFC 6030 compliant one.
author: Arthur de Jong <arthur@arthurdejong.org> 2018-02-04 16:08:47 +0100
committer: Arthur de Jong <arthur@arthurdejong.org> 2018-02-09 15:05:01 +0100
commit: be2b49fd90236ee16e5da3564caf3a6b227e46c8 (patch)
tree: dd5cf7d02046edeb69822f32ee6cd9e1faf0a944 /pskc/serialiser.py
parent: e60d7f3356c4808e17e363055fca23fae005f76f (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/pskc/serialiser.py b/pskc/serialiser.py
index 8020f60..ca6622c 100644
--- a/pskc/serialiser.py
+++ b/pskc/serialiser.py
@@ -100,11 +100,14 @@ class PSKCSerialiser(object):
             key_value = EncryptedValue.create(mac.pskc, key_value)
         # construct encrypted MACKey
         algorithm = key_value.algorithm or mac.pskc.encryption.algorithm
+        cipher_value = key_value.cipher_value
+        if mac.pskc.encryption.iv:
+            cipher_value = mac.pskc.encryption.iv + cipher_value
         mac_key = mk_elem(mac_method, 'pskc:MACKey', empty=True)
         mk_elem(mac_key, 'xenc:EncryptionMethod', Algorithm=algorithm)
         cipher_data = mk_elem(mac_key, 'xenc:CipherData', empty=True)
         mk_elem(cipher_data, 'xenc:CipherValue',
-                base64.b64encode(key_value.cipher_value).decode())
+                base64.b64encode(cipher_value).decode())
 
     @classmethod
     def serialise_key_package(cls, device, container):
@@ -195,6 +198,9 @@ class PSKCSerialiser(object):
         else:
             # encrypted value
             algorithm = value.algorithm or pskc.encryption.algorithm
+            cipher_value = value.cipher_value
+            if pskc.encryption.iv:
+                cipher_value = pskc.encryption.iv + cipher_value
             encrypted_value = mk_elem(
                 element, 'pskc:EncryptedValue', empty=True)
             mk_elem(encrypted_value, 'xenc:EncryptionMethod',
@@ -202,7 +208,7 @@ class PSKCSerialiser(object):
             cipher_data = mk_elem(
                 encrypted_value, 'xenc:CipherData', empty=True)
             mk_elem(cipher_data, 'xenc:CipherValue',
-                    base64.b64encode(value.cipher_value).decode())
+                    base64.b64encode(cipher_value).decode())
             if value.mac_value:
                 mk_elem(element, 'pskc:ValueMAC',
                         base64.b64encode(value.mac_value).decode())
author	Arthur de Jong <arthur@arthurdejong.org>	2018-02-04 16:08:47 +0100
committer	Arthur de Jong <arthur@arthurdejong.org>	2018-02-09 15:05:01 +0100
commit	be2b49fd90236ee16e5da3564caf3a6b227e46c8 (patch)
tree	dd5cf7d02046edeb69822f32ee6cd9e1faf0a944 /pskc/serialiser.py
parent	e60d7f3356c4808e17e363055fca23fae005f76f (diff)