diff options
author | Arthur de Jong <arthur@arthurdejong.org> | 2018-02-04 16:08:47 +0100 |
---|---|---|
committer | Arthur de Jong <arthur@arthurdejong.org> | 2018-02-09 15:05:01 +0100 |
commit | be2b49fd90236ee16e5da3564caf3a6b227e46c8 (patch) | |
tree | dd5cf7d02046edeb69822f32ee6cd9e1faf0a944 /tests | |
parent | e60d7f3356c4808e17e363055fca23fae005f76f (diff) |
Correctly write a PSKC file with a global IV
This ensures that the encryption IV, which should be per encrypted value
is written out per encrypted value instead of globally. This is mostly
useful for when reading an old format PSKC file and writing out a RFC
6030 compliant one.
Diffstat (limited to 'tests')
-rw-r--r-- | tests/test_write.doctest | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/tests/test_write.doctest b/tests/test_write.doctest index 1ea806a..34ddb36 100644 --- a/tests/test_write.doctest +++ b/tests/test_write.doctest @@ -1,6 +1,6 @@ test_write.doctest - tests for writing PSKC files -Copyright (C) 2014-2017 Arthur de Jong +Copyright (C) 2014-2018 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -563,3 +563,41 @@ set on one key end up being applied to both keys. </pskc:Key> </pskc:KeyPackage> </pskc:KeyContainer> + + +If we specify a global IV it will be used for all encrypted values but will +be not be written as a global IV in the PSKC file because RFC 6030 does not +specify this (and re-using an IV is a bad idea). + +>>> pskc = PSKC() +>>> key = pskc.add_key(secret='1234') +>>> pskc.encryption.setup_preshared_key(key=a2b_hex('12345678901234567890123456789012')) +>>> pskc.encryption.iv = a2b_hex('000102030405060708090a0b0c0d0e0f') +>>> pskc.write(sys.stdout) #doctest: +ELLIPSIS +REPORT_UDIFF +<?xml version="1.0" encoding="UTF-8"?> +<pskc:KeyContainer ... Version="1.0"> + <pskc:EncryptionKey/> + <pskc:MACMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"> + <pskc:MACKey> + <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <xenc:CipherData> + <xenc:CipherValue>AAECAwQFBgcICQoLDA0OD...</xenc:CipherValue> + </xenc:CipherData> + </pskc:MACKey> + </pskc:MACMethod> + <pskc:KeyPackage> + <pskc:Key> + <pskc:Data> + <pskc:Secret> + <pskc:EncryptedValue> + <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <xenc:CipherData> + <xenc:CipherValue>AAECAwQFBgcICQoLDA0OD...</xenc:CipherValue> + </xenc:CipherData> + </pskc:EncryptedValue> + <pskc:ValueMAC>...</pskc:ValueMAC> + </pskc:Secret> + </pskc:Data> + </pskc:Key> + </pskc:KeyPackage> +</pskc:KeyContainer> |