| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
Similar to the change for parsing, move the XML serialisation of PSKC
data to a single class in a separate module.
|
| |
|
|
|
|
| |
This moves all the parse() functions to a single class in a dedicated
module that can be used for parsing PSKC files. This should make it
easier to subclass the parser.
|
| |
|
|
| |
This enables branch coverage testing and adds tests to improve coverage.
|
| |
|
|
| |
This also ensures that the PRF URL is normalised.
|
| | |
|
| |
|
|
|
|
| |
This tries to make it clearer that the setup_preshared_key() and
setup_pbkdf2() functions are meant to be used when writing out PSKC
files.
|
| |
|
|
|
|
| |
In older versions of the PSKC standard it was allowed to have a global
initialization vector for CBC based encryption algorithms. It is
probably not a good idea to re-use an IV in general.
|
| |
|
|
|
| |
This makes it much easier to test the encryption, decryption and HMAC
processing separate from the PSKC parsing.
|
| |
|
|
| |
This makes the creation if internal instances a litte more consistent.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This method allows configuring a pre-shared encryption key and will
chose reasonable defaults for needed encryption values (e.g. it will
choose an algorithm, generate a new key of the appropriate length if
needed, etc.).
|
| |
|
|
|
| |
This factors out the PBKDF2 key derivation to a separate function and
introduces a function to configure KeyDerivation instances with PBKDF2.
|
| |
|
|
|
|
| |
This also makes the MAC.algorithm a property similarly as what is done
for Encryption (normalise algorithm names) and adds a setter for the
MAC.key property.
|
| |
|
|
|
|
|
|
|
| |
The Encryption class now has a fields property that lists the fields
that should be encrypted when writing the PSKC file.
This adds an encrypt_value() function that performs the encryption and
various functions to convert the plain value to binary before writing
the encrypted XML elements.
|
| |
|
|
|
|
| |
This removes calling parse() from the Encryption and MAC constructors
and stores a reference to the PSKC object in both objects so it can be
used later on.
|
| |
|
|
|
|
| |
This writes information about a pre-shared key or PBKDF2 key derivation
in the PSKC file. This also means that writing a decrypted version of a
previously encrypted file requires actively removing the encryption.
|
| |
|
|
|
| |
This property on the Encryption object provides a list of key sizes (in
bytes) that the configured encryption algorithm supports.
|
| |
|
|
|
|
|
|
|
| |
This removes the EncryptedValue and ValueMAC classes and instead moves
the XML parsing of these values to the DataType class. This will make it
easier to support different parsing schemes.
This also includes a small consistency improvement in the subclasses of
DataType.
|
| |
|
|
|
| |
This transforms the algorithm URIs that are set to known values when
parsing or setting the algorithm.
|
| |
|
|
|
|
| |
Either determine the encryption algorithm from the PSKC file or from the
explicitly set value. This also adds support for setting the encryption
key name.
|
| |
|
|
|
|
|
|
|
| |
This simplifies calls to the find() family of functions and allows
parsing PSKC files that have slightly different namespace URLs. This is
especially common when parsing old draft versions of the specification.
This also removes passing multiple patterns to the find() functions that
was introduced in 68b20e2.
|
| | |
|
| |
|
|
|
|
|
|
| |
This enables support for Python 3 together with Python 2 support with a
single codebase.
On Python 3 key data is passed around as bytestrings which makes the
doctests a little harder to maintain across Python versions.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The find() utility functions now allow specifying multiple paths to be
searched where the first match is returned.
This allows handling PSKC files where the PBKDF2 salt, iteration count,
key length and PRF elements are prefixed with the xenc11 namespace.
A test including such a PSKC file has been included.
Thanks to Eric Plet for reporting this.
|
| |
|
|
|
|
| |
This moves the encryption functions under the pskc.crypto package to
more clearly separate it from the other code. Ideally this should be
replaced by third-party library code.
|
| |
|
|
|
|
|
| |
This renames the parse module to xml to better reflect the purpose of
the module and it's functions.
This also introduces a parse() function that wraps etree.parse().
|
| | |
|
| |
|
|
|
| |
Support specifying a pseudorandom function for PBKDF2 key derivation. It
currently supports any HMAC that the MAC checking also supports.
|
| | |
|
| |
|
|
|
|
|
|
| |
This changes the parse module functions to better match the ElementTree
API and extends it with findint(), findtime() and findbin().
It also passes the namespaces to all calls that require it without
duplicating this throughout the normal code.
|
| | |
|
| |
|
|
|
| |
This adds support for key unwrapping using the RFC 3217 Triple DES key
wrap algorithm if the PSKC file uses this.
|
| |
|
|
|
| |
This adds support for key unwrapping using the RFC 3394 or RFC 5649
algorithm if the PSKC file uses this.
|
| | |
|
| |
|
|
| |
This also renames the internal function that implements the derivation.
|
| |
|
|
|
| |
This also introduces a toplevel PSKCError exception that all exceptions
have as parent.
|
| |
|
|
|
| |
This also moves the crypto imports to the places where they are used to
avoid a depenency on pycrypto if no encryption is used.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
This documents classes in the pskc.encryption module.
|
| |
|
|
|
| |
This supports deriving the key from a passphrase and information present
in the DerivedKey and PBKDF2-params XML elements.
|
| | |
|
|
|
This adds an encryption module that provides wrappers for handling
decryption.
|