| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This method allows configuring a pre-shared encryption key and will
chose reasonable defaults for needed encryption values (e.g. it will
choose an algorithm, generate a new key of the appropriate length if
needed, etc.).
|
| |
|
|
|
| |
This factors out the PBKDF2 key derivation to a separate function and
introduces a function to configure KeyDerivation instances with PBKDF2.
|
| |
|
|
|
| |
This method will set up a MAC key and algorithm as specified or use
reasonable defauts.
|
| | |
|
| |
|
|
|
|
| |
This also makes the MAC.algorithm a property similarly as what is done
for Encryption (normalise algorithm names) and adds a setter for the
MAC.key property.
|
| |
|
|
|
|
|
|
|
| |
The Encryption class now has a fields property that lists the fields
that should be encrypted when writing the PSKC file.
This adds an encrypt_value() function that performs the encryption and
various functions to convert the plain value to binary before writing
the encrypted XML elements.
|
| |
|
|
|
|
| |
This removes calling parse() from the Encryption and MAC constructors
and stores a reference to the PSKC object in both objects so it can be
used later on.
|
| |
|
|
|
|
| |
This writes information about a pre-shared key or PBKDF2 key derivation
in the PSKC file. This also means that writing a decrypted version of a
previously encrypted file requires actively removing the encryption.
|
| |
|
|
|
| |
This property on the Encryption object provides a list of key sizes (in
bytes) that the configured encryption algorithm supports.
|
| | |
|
| |
|
|
|
|
| |
Ensure that when writing an XML file all namespace definitions are on
the toplevel KeyContainer element instead of scattered throughout the
XML document.
|
| |
|
|
|
| |
This supports writing the XML output to binary streams as well as text
streams in Python 3.
|
| |
|
|
|
|
|
|
|
|
| |
This adds tests to ensure that incorrect attribute and value types in
the PSKC file raise a ValueError exception and extends the tests for
invalid encryption options.
This removes some code or adds no cover directives to a few places that
have unreachable code or are Python version specific and places doctest
directives inside the doctests where needed.
|
| |
|
|
|
|
| |
RFC 6030 is not clear about whether the attribute of ChallengeFormat and
ResponseFormat should be the singular CheckDigit or the plural
CheckDigits. This ensures that both forms are accepted.
|
| |
|
|
|
| |
This checks for unknown policy elements in the PSKC file and will cause
the key usage policy check to fail.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This extends support for handling various encoding methods for integer
values in PSKC files. For encrypted files the decrypted value is first
tried to be evaluated as an ASCII representation of the number and after
that big-endian decoded.
For plaintext values first ASCII decoding is tried after which base64
decoding is tried which tries the same encodings as for decrypted
values.
There should be no possibility for any base64 encoded value (either of
an ASCII value or a big-endian value) to be interpreted as an ASCII
value for any 32-bit integer.
There is a possibility that a big-endian encoded integer could be
incorrectly interpreted as an ASCII value but this is only the case for
110 numbers when only considering 6-digit numbers.
|
| |
|
|
|
| |
This puts the test PSKC files in subdirectories so they can be organised
more cleanly.
|
| |
|
|
|
|
|
|
|
| |
This removes the EncryptedValue and ValueMAC classes and instead moves
the XML parsing of these values to the DataType class. This will make it
easier to support different parsing schemes.
This also includes a small consistency improvement in the subclasses of
DataType.
|
| |
|
|
|
| |
This transforms the algorithm URIs that are set to known values when
parsing or setting the algorithm.
|
| |
|
|
|
|
| |
Either determine the encryption algorithm from the PSKC file or from the
explicitly set value. This also adds support for setting the encryption
key name.
|
| |
|
|
|
| |
This fixes a problem with writing a PSKC file that is based on a read
file that was encrypted.
|
| |
|
|
|
|
|
|
|
| |
This simplifies calls to the find() family of functions and allows
parsing PSKC files that have slightly different namespace URLs. This is
especially common when parsing old draft versions of the specification.
This also removes passing multiple patterns to the find() functions that
was introduced in 68b20e2.
|
| |
|
|
|
| |
- the conversions do not call self: they are static
- the conversions are not to be used out of the class: make private
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This updates the documentation with the new features (writing PSKC
files) as well as many editorial improvements, some rewording and a few
typo fixes. Some things were moved around a little in order to be more
easily readable and easier to find.
|
| |
|
|
|
|
|
|
| |
This enables support for Python 3 together with Python 2 support with a
single codebase.
On Python 3 key data is passed around as bytestrings which makes the
doctests a little harder to maintain across Python versions.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The find() utility functions now allow specifying multiple paths to be
searched where the first match is returned.
This allows handling PSKC files where the PBKDF2 salt, iteration count,
key length and PRF elements are prefixed with the xenc11 namespace.
A test including such a PSKC file has been included.
Thanks to Eric Plet for reporting this.
|
| |
|
|
|
|
| |
This moves the encryption functions under the pskc.crypto package to
more clearly separate it from the other code. Ideally this should be
replaced by third-party library code.
|
| |
|
|
|
|
|
| |
This renames the parse module to xml to better reflect the purpose of
the module and it's functions.
This also introduces a parse() function that wraps etree.parse().
|
| |
|
|
| |
This provides a function for pretty-printing the generated XML document.
|
| |
|
|
|
|
| |
This introduces make_xml() functions to build an XML document that
contains the basic PSKC information and keys. This currently only
supports writing unencrypted PSKC files.
|
| |
|
|
|
|
| |
This introduces the mk_elem() function that can be used to create
ElementTree elements for building XML documents. This function
transparetly handles namespaces, translation of values into XML etc.
|
| |
|
|
|
|
|
| |
Only store the native value of the property, not the text
representation. This also results in the BinaryDataType and
IntegerDataType subclasses only needing from_text() and from_bin()
functions.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
The message property has been deprecated as of Python 2.6 and printing
the first argument is the default.
|
| |
|
|
|
| |
These are the only ElementTree implementations that have been tested to
provide the needed functionality (mostly namespaces).
|
| |
|
|
|
| |
This introduces the getint() and getbool() functions in parse to avoid
some code duplication.
|
| |
|
|
|
|
| |
This supports setters for the secret, counter, time_offset,
time_interval and time_drift properties. Setting these values stores the
values unencrypted internally.
|
| |
|
|
|
| |
Support specifying a pseudorandom function for PBKDF2 key derivation. It
currently supports any HMAC that the MAC checking also supports.
|
| |
|
|
|
| |
Refactor the functionality to find an HMAC function into a separate
function.
|
| |
|
|
|
|
|
|
|
| |
This changes the way the check() function works to raise an exception
when the MAC is not correct. The MAC is also now always checked before
attempting decryption.
This also renames the internal DataType.value property to a get_value()
method for clarity.
|
| | |
|
| |
|
|
|
| |
This uses the name of the hash to automatically get the correct hash
object from Python's hashlib.
|