Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/pskc/mac.py
Commit message (Collapse)AuthorAgeFilesLines
* Allow MAC over plaintext or ciphertextArthur de Jong2016-12-201-13/+0
| | | | | | | | | | | | | | | | | | RFC 6030 implies that the MAC should be performed over the ciphertext but some earlier drafts implied that the MAC should be performed on the plaintext. This change accpets the MAC if either the plaintext or ciphertext match. Note that this change allows for a padding oracle attack when CBC encryption modes are used because decryption (and unpadding) needs to be done before MAC checking. However, this module is not expected to be available to users to process arbitrary PSKC files repeatedly. This removes the tests for a missing MAC key (and replaces it for tests of missing EncryptionMethod) because falling back to using the encryption key (implemented in a444f78) in combination with this change means that decryption is performed before MAC checking and is no longer possible to trigger a missing MAC key error.
* Move XML generation to own moduleArthur de Jong2016-09-171-22/+0
| | | | | Similar to the change for parsing, move the XML serialisation of PSKC data to a single class in a separate module.
* Move document parsing to own moduleArthur de Jong2016-09-171-14/+0
| | | | | | This moves all the parse() functions to a single class in a dedicated module that can be used for parsing PSKC files. This should make it easier to subclass the parser.
* Fall back to encryption key for MACArthur de Jong2016-04-231-0/+4
| | | | | | This uses the encryption key also as MAC key if no MAC key has been specified in the PSKC file. Earlier versions of the PSKC draft specified this behaviour.
* Move crypto to functionsArthur de Jong2016-04-231-9/+13
| | | | | This makes it much easier to test the encryption, decryption and HMAC processing separate from the PSKC parsing.
* Move algorithm uri handling to separate moduleArthur de Jong2016-04-051-1/+1
|
* Allow configuring a MAC keyArthur de Jong2016-03-261-0/+33
| | | | | This method will set up a MAC key and algorithm as specified or use reasonable defauts.
* Generate MAC valuesArthur de Jong2016-03-261-13/+23
|
* Write MACMethodArthur de Jong2016-03-261-2/+43
| | | | | | This also makes the MAC.algorithm a property similarly as what is done for Encryption (normalise algorithm names) and adds a setter for the MAC.key property.
* Make Encryption and MAC constructors consistentArthur de Jong2016-03-261-2/+1
| | | | | | This removes calling parse() from the Encryption and MAC constructors and stores a reference to the PSKC object in both objects so it can be used later on.
* Improve tests and test coverageArthur de Jong2016-03-191-2/+0
| | | | | | | | | | This adds tests to ensure that incorrect attribute and value types in the PSKC file raise a ValueError exception and extends the tests for invalid encryption options. This removes some code or adds no cover directives to a few places that have unreachable code or are Python version specific and places doctest directives inside the doctests where needed.
* Refactor out EncryptedValue and ValueMACArthur de Jong2016-01-241-41/+33
| | | | | | | | | This removes the EncryptedValue and ValueMAC classes and instead moves the XML parsing of these values to the DataType class. This will make it easier to support different parsing schemes. This also includes a small consistency improvement in the subclasses of DataType.
* Strip XML namespaces before parsingArthur de Jong2016-01-241-3/+3
| | | | | | | | | This simplifies calls to the find() family of functions and allows parsing PSKC files that have slightly different namespace URLs. This is especially common when parsing old draft versions of the specification. This also removes passing multiple patterns to the find() functions that was introduced in 68b20e2.
* Rename pskc.parse to pskc.xmlArthur de Jong2014-10-091-2/+2
| | | | | | | This renames the parse module to xml to better reflect the purpose of the module and it's functions. This also introduces a parse() function that wraps etree.parse().
* Provide a get_hmac() functionArthur de Jong2014-06-151-11/+16
| | | | | Refactor the functionality to find an HMAC function into a separate function.
* Raise exception when MAC validation failsArthur de Jong2014-06-141-5/+9
| | | | | | | | | This changes the way the check() function works to raise an exception when the MAC is not correct. The MAC is also now always checked before attempting decryption. This also renames the internal DataType.value property to a get_value() method for clarity.
* Automatically support all MACs in hashlibArthur de Jong2014-06-141-5/+15
| | | | | This uses the name of the hash to automatically get the correct hash object from Python's hashlib.
* Have parse module provide find() functionsArthur de Jong2014-06-141-9/+5
| | | | | | | | This changes the parse module functions to better match the ElementTree API and extends it with findint(), findtime() and findbin(). It also passes the namespaces to all calls that require it without duplicating this throughout the normal code.
* Use get() instead of attrib.get() (shorter)Arthur de Jong2014-06-141-1/+1
|
* Be more lenient in accepting algorithmsArthur de Jong2014-05-251-4/+1
|
* Provide pskc.mac docstringsArthur de Jong2014-04-191-8/+34
| | | | This also hides two properties that are not part of the public API.
* Move Key class to separate moduleArthur de Jong2014-04-191-1/+2
| | | | This also allows re-organising the imports a bit.
* Implement MAC checkingArthur de Jong2014-04-121-0/+74
This implements message message authentication code checking for the encrypted values if MACMethod and ValueMAC are present.