| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
| |
This adds docstrings to public methods and cleans up a few other
docstrings to pass most flake8 docstring related tests.
This also adds noqa statements in a few places so we can remove most
entries from the global flake8 ignore list.
|
|
|
|
|
|
|
| |
This ensures that the encryption IV, which should be per encrypted value
is written out per encrypted value instead of globally. This is mostly
useful for when reading an old format PSKC file and writing out a RFC
6030 compliant one.
|
|
|
|
|
| |
This adds a function to decrypt all values and remove the encryption of
an encrypted PSKC file.
|
|
|
|
| |
Fixes 1ff3237f, 84bfb8a6 and 20bf9c5
|
|
|
|
|
|
| |
This property can be use to see whether the PSKC file needs an
additional pre-shared key or passphrase to decrypt any stored
information.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
The cryptography library is better supported.
This uses the functions from cryptography for AES and Triple DES
encryption, replaces the (un)padding functions that were previously
implemented in python-pskc with cryptography and uses PBKDF2
implementation from hashlib.
|
|
|
|
|
|
| |
This uses pbkdf2_hmac() from hashlib for the PBKDF2 calculation.
The downside of this is that this function is only available since
Python 2.7.8.
|
|
|
|
|
|
| |
This uses os.urandom() as a source for random data and replaces other
utility functions. This also removes one import for getting the lengths
of Tripple DES keys.
|
| |
|
|
|
|
|
| |
This makes KeyDerivation.algorithm and KeyDerivation.pbkdf2_prf
properties automatically normalise assigned values.
|
|
|
|
|
|
|
|
| |
This switches to using the hashlib.new() function to be able to use all
hashes that are available in Python (specifically RIPEMD160).
This also adds a number of tests for HMACs using test vectors from
RFC 2202, RFC 4231 and RFC 2857.
|
| |
|
|
|
|
|
| |
Similar to the change for parsing, move the XML serialisation of PSKC
data to a single class in a separate module.
|
|
|
|
|
|
| |
This moves all the parse() functions to a single class in a dedicated
module that can be used for parsing PSKC files. This should make it
easier to subclass the parser.
|
|
|
|
| |
This enables branch coverage testing and adds tests to improve coverage.
|
|
|
|
| |
This also ensures that the PRF URL is normalised.
|
| |
|
|
|
|
|
|
| |
This tries to make it clearer that the setup_preshared_key() and
setup_pbkdf2() functions are meant to be used when writing out PSKC
files.
|
|
|
|
|
|
| |
In older versions of the PSKC standard it was allowed to have a global
initialization vector for CBC based encryption algorithms. It is
probably not a good idea to re-use an IV in general.
|
|
|
|
|
| |
This makes it much easier to test the encryption, decryption and HMAC
processing separate from the PSKC parsing.
|
|
|
|
| |
This makes the creation if internal instances a litte more consistent.
|
| |
|
| |
|
|
|
|
|
|
|
| |
This method allows configuring a pre-shared encryption key and will
chose reasonable defaults for needed encryption values (e.g. it will
choose an algorithm, generate a new key of the appropriate length if
needed, etc.).
|
|
|
|
|
| |
This factors out the PBKDF2 key derivation to a separate function and
introduces a function to configure KeyDerivation instances with PBKDF2.
|
|
|
|
|
|
| |
This also makes the MAC.algorithm a property similarly as what is done
for Encryption (normalise algorithm names) and adds a setter for the
MAC.key property.
|
|
|
|
|
|
|
|
|
| |
The Encryption class now has a fields property that lists the fields
that should be encrypted when writing the PSKC file.
This adds an encrypt_value() function that performs the encryption and
various functions to convert the plain value to binary before writing
the encrypted XML elements.
|
|
|
|
|
|
| |
This removes calling parse() from the Encryption and MAC constructors
and stores a reference to the PSKC object in both objects so it can be
used later on.
|
|
|
|
|
|
| |
This writes information about a pre-shared key or PBKDF2 key derivation
in the PSKC file. This also means that writing a decrypted version of a
previously encrypted file requires actively removing the encryption.
|
|
|
|
|
| |
This property on the Encryption object provides a list of key sizes (in
bytes) that the configured encryption algorithm supports.
|
|
|
|
|
|
|
|
|
| |
This removes the EncryptedValue and ValueMAC classes and instead moves
the XML parsing of these values to the DataType class. This will make it
easier to support different parsing schemes.
This also includes a small consistency improvement in the subclasses of
DataType.
|
|
|
|
|
| |
This transforms the algorithm URIs that are set to known values when
parsing or setting the algorithm.
|
|
|
|
|
|
| |
Either determine the encryption algorithm from the PSKC file or from the
explicitly set value. This also adds support for setting the encryption
key name.
|
|
|
|
|
|
|
|
|
| |
This simplifies calls to the find() family of functions and allows
parsing PSKC files that have slightly different namespace URLs. This is
especially common when parsing old draft versions of the specification.
This also removes passing multiple patterns to the find() functions that
was introduced in 68b20e2.
|
| |
|
|
|
|
|
|
|
|
| |
This enables support for Python 3 together with Python 2 support with a
single codebase.
On Python 3 key data is passed around as bytestrings which makes the
doctests a little harder to maintain across Python versions.
|
|
|
|
|
|
|
|
|
|
|
|
| |
The find() utility functions now allow specifying multiple paths to be
searched where the first match is returned.
This allows handling PSKC files where the PBKDF2 salt, iteration count,
key length and PRF elements are prefixed with the xenc11 namespace.
A test including such a PSKC file has been included.
Thanks to Eric Plet for reporting this.
|
|
|
|
|
|
| |
This moves the encryption functions under the pskc.crypto package to
more clearly separate it from the other code. Ideally this should be
replaced by third-party library code.
|
|
|
|
|
|
|
| |
This renames the parse module to xml to better reflect the purpose of
the module and it's functions.
This also introduces a parse() function that wraps etree.parse().
|
| |
|
|
|
|
|
| |
Support specifying a pseudorandom function for PBKDF2 key derivation. It
currently supports any HMAC that the MAC checking also supports.
|
| |
|
|
|
|
|
|
|
|
| |
This changes the parse module functions to better match the ElementTree
API and extends it with findint(), findtime() and findbin().
It also passes the namespaces to all calls that require it without
duplicating this throughout the normal code.
|
| |
|
|
|
|
|
| |
This adds support for key unwrapping using the RFC 3217 Triple DES key
wrap algorithm if the PSKC file uses this.
|
|
|
|
|
| |
This adds support for key unwrapping using the RFC 3394 or RFC 5649
algorithm if the PSKC file uses this.
|
| |
|