| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
| |
This updates the documentation with the new features (writing PSKC
files) as well as many editorial improvements, some rewording and a few
typo fixes. Some things were moved around a little in order to be more
easily readable and easier to find.
|
| |
|
|
|
|
|
|
| |
This enables support for Python 3 together with Python 2 support with a
single codebase.
On Python 3 key data is passed around as bytestrings which makes the
doctests a little harder to maintain across Python versions.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The find() utility functions now allow specifying multiple paths to be
searched where the first match is returned.
This allows handling PSKC files where the PBKDF2 salt, iteration count,
key length and PRF elements are prefixed with the xenc11 namespace.
A test including such a PSKC file has been included.
Thanks to Eric Plet for reporting this.
|
| |
|
|
|
| |
This is a simple command-line utility that reads a PSKC file and outputs
information on keys as CSV.
|
| |
|
|
|
|
| |
This moves the encryption functions under the pskc.crypto package to
more clearly separate it from the other code. Ideally this should be
replaced by third-party library code.
|
| |
|
|
|
|
|
| |
This renames the parse module to xml to better reflect the purpose of
the module and it's functions.
This also introduces a parse() function that wraps etree.parse().
|
| |\ |
|
| | |
| |
| |
| |
| | |
This makes a simple doctest that checks the writing of the XML
representation of the PSKC data.
|
| | |
| |
| |
| | |
This provides a function for pretty-printing the generated XML document.
|
| | |
| |
| |
| |
| |
| | |
This introduces make_xml() functions to build an XML document that
contains the basic PSKC information and keys. This currently only
supports writing unencrypted PSKC files.
|
| |/
|
|
|
|
| |
This introduces the mk_elem() function that can be used to create
ElementTree elements for building XML documents. This function
transparetly handles namespaces, translation of values into XML etc.
|
| |
|
|
|
|
|
| |
Only store the native value of the property, not the text
representation. This also results in the BinaryDataType and
IntegerDataType subclasses only needing from_text() and from_bin()
functions.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
The message property has been deprecated as of Python 2.6 and printing
the first argument is the default.
|
| |
|
|
|
|
|
|
|
| |
This updates the documentation with the current API, adding information
on exceptions raised, HMAC algorithms supported and changes to the MAC
checking.
This also includes some editorial changes to some of the text and making
references shorter by not including the full package path.
|
| |
|
|
|
| |
These are the only ElementTree implementations that have been tested to
provide the needed functionality (mostly namespaces).
|
| |
|
|
|
| |
This introduces the getint() and getbool() functions in parse to avoid
some code duplication.
|
| |
|
|
|
|
| |
This supports setters for the secret, counter, time_offset,
time_interval and time_drift properties. Setting these values stores the
values unencrypted internally.
|
| |
|
|
|
| |
Support specifying a pseudorandom function for PBKDF2 key derivation. It
currently supports any HMAC that the MAC checking also supports.
|
| |
|
|
|
| |
Refactor the functionality to find an HMAC function into a separate
function.
|
| |
|
|
| |
This tests for incomplete, unknown or invalid MACs in PSKC files.
|
| |
|
|
|
|
|
|
|
| |
This changes the way the check() function works to raise an exception
when the MAC is not correct. The MAC is also now always checked before
attempting decryption.
This also renames the internal DataType.value property to a get_value()
method for clarity.
|
| | |
|
| |
|
|
|
| |
This adds hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512 tests
for values that are encrypted using CBC block cypher modes.
|
| |
|
|
|
| |
This uses the name of the hash to automatically get the correct hash
object from Python's hashlib.
|
| |
|
|
|
|
|
|
|
|
|
| |
When using a recent enough lxml, even Python 2.6 should work now. The
most important requirement is that the findall() function supports the
namespaces argument.
This also now catches all exceptions when parsing the PSKC file fails
and wraps it in ParseError because various implementations raise
different exceptions, even between versions (Python 2.6's ElementTree
raises ExpatError, lxml raises XMLSyntaxError).
|
| |
|
|
|
|
|
|
| |
This changes the parse module functions to better match the ElementTree
API and extends it with findint(), findtime() and findbin().
It also passes the namespaces to all calls that require it without
duplicating this throughout the normal code.
|
| | |
|
| |
|
|
|
| |
This adds support for key unwrapping using the RFC 3217 Triple DES key
wrap algorithm if the PSKC file uses this.
|
| | |
|
| | |
|
| |
|
|
|
| |
The test is taken from draft-hoyer-keyprov-pskc-algorithm-profiles-01
modified to fit the schema as described in RFC 6030.
|
| |
|
|
|
| |
The test is taken from draft-hoyer-keyprov-pskc-algorithm-profiles-01
modified to be valid XML and to fit the schema as described in RFC 6030.
|
| |
|
|
|
| |
The test is taken from draft-hoyer-keyprov-pskc-algorithm-profiles-01
modified to fit the schema as described in RFC 6030.
|
| |
|
|
|
| |
The test is taken from draft-hoyer-keyprov-pskc-algorithm-profiles-01
modified to fit the schema as described in RFC 6030.
|
| | |
|
| |
|
|
|
| |
This adds support for key unwrapping using the RFC 3394 or RFC 5649
algorithm if the PSKC file uses this.
|
| |
|
|
| |
This adds a pad argument with which padding can be forced or disabled.
|
| | |
|
| |
|
|
| |
This also introduces an EncryptionError exception.
|
| | |
|
| | |
|
| |
|
|
|
| |
This tests for unknown or missing algorithms and unknown derivation
parameters.
|
| |
|
|
| |
This also renames the internal function that implements the derivation.
|
| |
|
|
|
| |
This also introduces a toplevel PSKCError exception that all exceptions
have as parent.
|
| | |
|