Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Use defusedxml if availableArthur de Jong2017-09-243-11/+27
| | | | | This uses the defusedxml library if available to defend agains a number of XML-based attacks.
* Fix bug in saving PBKDF2 salt on Python3Arthur de Jong2017-09-242-3/+21
| | | | | | | The PBKDF2 salt was saved in the wrong way (b'base64encodeddata' instead of base64encodeddata) when using Python 3. This fixes that problem and tests that saving and loading of a file that uses PBKDF2 key derivation works.
* Add tests for the pskc2csv scriptArthur de Jong2017-09-243-9/+198
| | | | | This makes minor changes to the pskc2csv script to make it more easily testable.
* Support adding custom CSV file headersArthur de Jong2017-09-221-4/+5
| | | | | | This allows adding an optional label to the --columns option that can be used to output a label different from the key property name in the CSV file header.
* Add --secret-encoding option to pskc2csvArthur de Jong2017-09-201-11/+15
| | | | | This option can be used to configure the encoding of the secret in the CSV file (still hex by default).
* Run flake8 from toxArthur de Jong2017-09-2010-16/+50
| | | | | This also makes a few small code formatting changes to ensure that the flake8 tests pass.
* Simplify Tox configurationArthur de Jong2017-09-111-21/+3
|
* Various minor code style improvementsArthur de Jong2017-06-106-11/+23
|
* Normalise key derivation algorithmsArthur de Jong2017-06-102-8/+27
| | | | | This makes KeyDerivation.algorithm and KeyDerivation.pbkdf2_prf properties automatically normalise assigned values.
* Switch to using non-deprecated methodArthur de Jong2017-06-101-1/+1
| | | | | | This uses ElementTree.iter() instead of ElementTree.getiterator() for going over all the child elements in the tree because the latter is deprecated.
* Provide Key.userid convenience propertyArthur de Jong2017-06-103-5/+16
| | | | | This provides a read-only userid property on Key objects that uses the key_userid or device_userid value, whichever one is defined.
* Document supported encryption and MAC algorithmsArthur de Jong2017-06-094-10/+76
| | | | This also includes a few other small documentation improvements.
* Refactor MAC lookupsArthur de Jong2017-06-094-40/+180
| | | | | | | | This switches to using the hashlib.new() function to be able to use all hashes that are available in Python (specifically RIPEMD160). This also adds a number of tests for HMACs using test vectors from RFC 2202, RFC 4231 and RFC 2857.
* Handle more algortihm URIsArthur de Jong2017-06-091-26/+51
| | | | | | This adds a number of algorithm URIs defined in RFC 6931 and also simplifies the definition of the list of URIs. It also adds more aliases for algorithms.
* Switch URLs to HTTPSArthur de Jong2017-01-253-6/+6
|
* Correct name of ActivIdentity test fileArthur de Jong2017-01-212-1/+1
|
* Get files ready for 0.5 release0.5Arthur de Jong2017-01-217-51/+347
|
* Split vendor testsArthur de Jong2017-01-152-27/+55
| | | | Have one doctest file per vendor to make tests a little more manageable.
* Add tests for Yubikey filesArthur de Jong2017-01-154-0/+295
| | | | This adds tests from draft-josefsson-keyprov-pskc-yubikey-00.
* Support legacy ActivIdentity filesArthur de Jong2017-01-153-12/+129
| | | | | | This adds support for parsing ActivIdentity files that conform to a very old version of an Internet Draft. The implementation and test were based on a file provided by Jaap Ruijgrok.
* Use original examples from old profiles Internet DraftArthur de Jong2017-01-115-129/+139
| | | | | | | | | | | | | This updates the tests to use the original examples from draft-hoyer-keyprov-pskc-algorithm-profiles-01 instead of modifying them to fit the RFC 6030 schema (but does include some minor changes to make them valid XML). This adds a few additions to the parser to handle legacy challenge and resposne encoding and a few key policy properties. This also includes a fix for 0b757ec in the handling of the <ChallengeFormat> element under a <Usage> element.
* Add all figures from RFC 6030 to test suiteArthur de Jong2016-12-213-10/+191
| | | | Note that asymmetric encryption and digital signature checking has not yet been implemented so the tests are pretty minimal.
* Add support for older Internet Draft versionArthur de Jong2016-12-2111-35/+839
| | | | | | | | | | | | | | This adds support for parsing most examples from draft-ietf-keyprov-pskc-02. That file uses a few other names for elements and attributes of the PSKC file and a few other minor differences. The XML parsing has been changed to allow specifying multiple matches and the find*() functions now return the first found match. While all examples from draft-ietf-keyprov-pskc-02 are tested support for verifying digital signatures and asymmetric keys have not yet been implemented.
* Fix typo in testArthur de Jong2016-12-201-4/+4
|
* Fail tests on missing coverageArthur de Jong2016-12-201-0/+2
|
* Allow MAC over plaintext or ciphertextArthur de Jong2016-12-208-102/+84
| | | | | | | | | | | | | | | | | | RFC 6030 implies that the MAC should be performed over the ciphertext but some earlier drafts implied that the MAC should be performed on the plaintext. This change accpets the MAC if either the plaintext or ciphertext match. Note that this change allows for a padding oracle attack when CBC encryption modes are used because decryption (and unpadding) needs to be done before MAC checking. However, this module is not expected to be available to users to process arbitrary PSKC files repeatedly. This removes the tests for a missing MAC key (and replaces it for tests of missing EncryptionMethod) because falling back to using the encryption key (implemented in a444f78) in combination with this change means that decryption is performed before MAC checking and is no longer possible to trigger a missing MAC key error.
* Add sanity checks to unpaddingArthur de Jong2016-12-203-4/+86
|
* Ensure XML file ends with a newlineArthur de Jong2016-12-201-1/+1
|
* Adapt coverage pragma annotationsArthur de Jong2016-12-201-2/+2
| | | | | This fixes the pragma directives to be be correct independently of whether lxml is installed or not.
* Add Tox configurationArthur de Jong2016-12-192-0/+32
| | | | | This sets up Tox with various versions of Python and for each version a run with and without lxml.
* Close read files in testsArthur de Jong2016-12-191-2/+4
| | | | | This ensures that the files that are read in the test suite are properly closed to avoid leaking open file descriptors.
* Support missing or lowercase version attributeArthur de Jong2016-12-181-2/+2
|
* Fix copy-pasto in documentationArthur de Jong2016-09-261-7/+0
| | | This accidentally slipped in as part of beafc6b.
* Also move outer writing and parsing to modulesArthur de Jong2016-09-243-17/+23
|
* Add writing example to toplevel documentationArthur de Jong2016-09-243-1/+20
|
* Use custom data descriptors for key propertiesArthur de Jong2016-09-171-24/+25
| | | | | This uses a custom data descriptor (property) for secret, counter, time_offset, time_interval and time_drift.
* Support separate device from keyArthur de Jong2016-09-179-149/+361
| | | | | | | | This allows having multiple keys per device while also maintaining the previous API. Note that having multiple keys per device is not allowed by the RFC 6030 schema but is allowed by some older internet drafts.
* Move XML generation to own moduleArthur de Jong2016-09-176-183/+216
| | | | | Similar to the change for parsing, move the XML serialisation of PSKC data to a single class in a separate module.
* Move document parsing to own moduleArthur de Jong2016-09-176-204/+229
| | | | | | This moves all the parse() functions to a single class in a dedicated module that can be used for parsing PSKC files. This should make it easier to subclass the parser.
* Some minor improvements to the testsArthur de Jong2016-09-143-2/+18
|
* Improve branch coverageArthur de Jong2016-09-1414-16/+285
| | | | This enables branch coverage testing and adds tests to improve coverage.
* Support specifying PRF in setup_pbkdf2()Arthur de Jong2016-09-112-3/+10
| | | | This also ensures that the PRF URL is normalised.
* Fix bug in passing explicit key to setup_preshared_key()Arthur de Jong2016-09-111-2/+2
|
* Clarify encryption.setup_*() documentationArthur de Jong2016-09-112-4/+4
| | | | | | This tries to make it clearer that the setup_preshared_key() and setup_pbkdf2() functions are meant to be used when writing out PSKC files.
* Fall back to encryption key for MACArthur de Jong2016-04-236-1/+102
| | | | | | This uses the encryption key also as MAC key if no MAC key has been specified in the PSKC file. Earlier versions of the PSKC draft specified this behaviour.
* Allow global specification of IVArthur de Jong2016-04-233-9/+62
| | | | | | In older versions of the PSKC standard it was allowed to have a global initialization vector for CBC based encryption algorithms. It is probably not a good idea to re-use an IV in general.
* Move crypto to functionsArthur de Jong2016-04-232-93/+108
| | | | | This makes it much easier to test the encryption, decryption and HMAC processing separate from the PSKC parsing.
* Remove parse call from constructorsArthur de Jong2016-04-054-12/+7
| | | | This makes the creation if internal instances a litte more consistent.
* Move algorithm uri handling to separate moduleArthur de Jong2016-04-053-51/+75
|
* Move padding functions to crypto packageArthur de Jong2016-04-052-11/+36
|