Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* Split vendor testsArthur de Jong2017-01-152-27/+55
| | | | Have one doctest file per vendor to make tests a little more manageable.
* Add tests for Yubikey filesArthur de Jong2017-01-154-0/+295
| | | | This adds tests from draft-josefsson-keyprov-pskc-yubikey-00.
* Support legacy ActivIdentity filesArthur de Jong2017-01-152-0/+96
| | | | | | This adds support for parsing ActivIdentity files that conform to a very old version of an Internet Draft. The implementation and test were based on a file provided by Jaap Ruijgrok.
* Use original examples from old profiles Internet DraftArthur de Jong2017-01-114-125/+121
| | | | | | | | | | | | | This updates the tests to use the original examples from draft-hoyer-keyprov-pskc-algorithm-profiles-01 instead of modifying them to fit the RFC 6030 schema (but does include some minor changes to make them valid XML). This adds a few additions to the parser to handle legacy challenge and resposne encoding and a few key policy properties. This also includes a fix for 0b757ec in the handling of the <ChallengeFormat> element under a <Usage> element.
* Add all figures from RFC 6030 to test suiteArthur de Jong2016-12-213-10/+191
| | | | Note that asymmetric encryption and digital signature checking has not yet been implemented so the tests are pretty minimal.
* Add support for older Internet Draft versionArthur de Jong2016-12-219-0/+787
| | | | | | | | | | | | | | This adds support for parsing most examples from draft-ietf-keyprov-pskc-02. That file uses a few other names for elements and attributes of the PSKC file and a few other minor differences. The XML parsing has been changed to allow specifying multiple matches and the find*() functions now return the first found match. While all examples from draft-ietf-keyprov-pskc-02 are tested support for verifying digital signatures and asymmetric keys have not yet been implemented.
* Fix typo in testArthur de Jong2016-12-201-4/+4
|
* Allow MAC over plaintext or ciphertextArthur de Jong2016-12-206-75/+71
| | | | | | | | | | | | | | | | | | RFC 6030 implies that the MAC should be performed over the ciphertext but some earlier drafts implied that the MAC should be performed on the plaintext. This change accpets the MAC if either the plaintext or ciphertext match. Note that this change allows for a padding oracle attack when CBC encryption modes are used because decryption (and unpadding) needs to be done before MAC checking. However, this module is not expected to be available to users to process arbitrary PSKC files repeatedly. This removes the tests for a missing MAC key (and replaces it for tests of missing EncryptionMethod) because falling back to using the encryption key (implemented in a444f78) in combination with this change means that decryption is performed before MAC checking and is no longer possible to trigger a missing MAC key error.
* Add sanity checks to unpaddingArthur de Jong2016-12-201-0/+76
|
* Close read files in testsArthur de Jong2016-12-191-2/+4
| | | | | This ensures that the files that are read in the test suite are properly closed to avoid leaking open file descriptors.
* Support separate device from keyArthur de Jong2016-09-172-3/+67
| | | | | | | | This allows having multiple keys per device while also maintaining the previous API. Note that having multiple keys per device is not allowed by the RFC 6030 schema but is allowed by some older internet drafts.
* Some minor improvements to the testsArthur de Jong2016-09-143-2/+18
|
* Improve branch coverageArthur de Jong2016-09-1410-11/+273
| | | | This enables branch coverage testing and adds tests to improve coverage.
* Support specifying PRF in setup_pbkdf2()Arthur de Jong2016-09-111-2/+6
| | | | This also ensures that the PRF URL is normalised.
* Fall back to encryption key for MACArthur de Jong2016-04-234-0/+97
| | | | | | This uses the encryption key also as MAC key if no MAC key has been specified in the PSKC file. Earlier versions of the PSKC draft specified this behaviour.
* Allow global specification of IVArthur de Jong2016-04-232-0/+49
| | | | | | In older versions of the PSKC standard it was allowed to have a global initialization vector for CBC based encryption algorithms. It is probably not a good idea to re-use an IV in general.
* Add encryption error testsArthur de Jong2016-03-261-0/+74
|
* Add tests for writing encrypted PSKC filesArthur de Jong2016-03-261-0/+175
|
* Allow configuring PBKDF2 key derivationArthur de Jong2016-03-261-0/+58
| | | | | This factors out the PBKDF2 key derivation to a separate function and introduces a function to configure KeyDerivation instances with PBKDF2.
* Allow configuring a MAC keyArthur de Jong2016-03-261-0/+27
| | | | | This method will set up a MAC key and algorithm as specified or use reasonable defauts.
* Write encryption key informationArthur de Jong2016-03-261-0/+4
| | | | | | This writes information about a pre-shared key or PBKDF2 key derivation in the PSKC file. This also means that writing a decrypted version of a previously encrypted file requires actively removing the encryption.
* Add algorithm_key_lengths propertyArthur de Jong2016-03-261-0/+11
| | | | | This property on the Encryption object provides a list of key sizes (in bytes) that the configured encryption algorithm supports.
* Also check key expiry in may_use()Arthur de Jong2016-03-233-10/+26
|
* Support writing to text streams in Python 3Arthur de Jong2016-03-191-3/+1
| | | | | This supports writing the XML output to binary streams as well as text streams in Python 3.
* Improve tests and test coverageArthur de Jong2016-03-1912-54/+162
| | | | | | | | | | This adds tests to ensure that incorrect attribute and value types in the PSKC file raise a ValueError exception and extends the tests for invalid encryption options. This removes some code or adds no cover directives to a few places that have unreachable code or are Python version specific and places doctest directives inside the doctests where needed.
* Support both CheckDigit and CheckDigitsArthur de Jong2016-03-192-0/+75
| | | | | | RFC 6030 is not clear about whether the attribute of ChallengeFormat and ResponseFormat should be the singular CheckDigit or the plural CheckDigits. This ensures that both forms are accepted.
* Implement policy checkingArthur de Jong2016-03-192-0/+122
| | | | | This checks for unknown policy elements in the PSKC file and will cause the key usage policy check to fail.
* Add a few tests for vendor filesArthur de Jong2016-03-194-0/+434
| | | | | Some vendor-specific files were lifted from the LinOTP test suite and another Feitian file was found in the oath-toolkit repository.
* Support various integer representationsArthur de Jong2016-03-192-1/+56
| | | | | | | | | | | | | | | | | | | This extends support for handling various encoding methods for integer values in PSKC files. For encrypted files the decrypted value is first tried to be evaluated as an ASCII representation of the number and after that big-endian decoded. For plaintext values first ASCII decoding is tried after which base64 decoding is tried which tries the same encodings as for decrypted values. There should be no possibility for any base64 encoded value (either of an ASCII value or a big-endian value) to be interpreted as an ASCII value for any 32-bit integer. There is a possibility that a big-endian encoded integer could be incorrectly interpreted as an ASCII value but this is only the case for 110 numbers when only considering 6-digit numbers.
* Re-organise test filesArthur de Jong2016-01-3034-32/+32
| | | | | This puts the test PSKC files in subdirectories so they can be organised more cleanly.
* Add test for incorrect key derivationArthur de Jong2016-01-301-0/+10
| | | | | If no key derivation algorithm has been specified in the PSKC file an exception should be raised when attempting to perform key derivation.
* Normalise algorithm namesArthur de Jong2016-01-241-1/+1
| | | | | This transforms the algorithm URIs that are set to known values when parsing or setting the algorithm.
* Add encryption algorithm propertyArthur de Jong2016-01-242-2/+17
| | | | | | Either determine the encryption algorithm from the PSKC file or from the explicitly set value. This also adds support for setting the encryption key name.
* Fix a problem when writing previously encrypted fileArthur de Jong2016-01-241-0/+21
| | | | | This fixes a problem with writing a PSKC file that is based on a read file that was encrypted.
* Fix doctest: IGNORE_EXCEPTION_DETALMathias Laurin2015-11-301-5/+5
|
* Support Python 3Arthur de Jong2015-10-068-99/+131
| | | | | | | | This enables support for Python 3 together with Python 2 support with a single codebase. On Python 3 key data is passed around as bytestrings which makes the doctests a little harder to maintain across Python versions.
* Fix issue with namespaced PBKDF2 parametersArthur de Jong2015-10-062-1/+114
| | | | | | | | | | | | The find() utility functions now allow specifying multiple paths to be searched where the first match is returned. This allows handling PSKC files where the PBKDF2 salt, iteration count, key length and PRF elements are prefixed with the xenc11 namespace. A test including such a PSKC file has been included. Thanks to Eric Plet for reporting this.
* Move encryption functions in pskc.crypto packageArthur de Jong2014-10-092-2/+2
| | | | | | This moves the encryption functions under the pskc.crypto package to more clearly separate it from the other code. Ideally this should be replaced by third-party library code.
* Add test for writing PSKC filesArthur de Jong2014-06-281-0/+143
| | | | | This makes a simple doctest that checks the writing of the XML representation of the PSKC data.
* Add support for setting secretArthur de Jong2014-06-151-0/+12
| | | | | | This supports setters for the secret, counter, time_offset, time_interval and time_drift properties. Setting these values stores the values unencrypted internally.
* Add tests for missing or invalid MACArthur de Jong2014-06-144-0/+172
| | | | This tests for incomplete, unknown or invalid MACs in PSKC files.
* Add MAC tests to all CBC encrypted keysArthur de Jong2014-06-145-0/+52
| | | | | This adds hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512 tests for values that are encrypted using CBC block cypher modes.
* Support kw-tripledes decryptionArthur de Jong2014-05-312-0/+41
| | | | | This adds support for key unwrapping using the RFC 3217 Triple DES key wrap algorithm if the PSKC file uses this.
* Implement RFC 3217 Triple DES key wrappingArthur de Jong2014-05-311-0/+85
|
* Merge test_minimal into test_miscArthur de Jong2014-05-312-51/+30
|
* Add an ActivIdentity-3DES testArthur de Jong2014-05-312-0/+79
| | | | | The test is taken from draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit the schema as described in RFC 6030.
* Add an SecurID-AES-Counter testArthur de Jong2014-05-312-0/+69
| | | | | The test is taken from draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to be valid XML and to fit the schema as described in RFC 6030.
* Add an TOTP testArthur de Jong2014-05-312-0/+72
| | | | | The test is taken from draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit the schema as described in RFC 6030.
* Add an OCRA testArthur de Jong2014-05-312-0/+92
| | | | | The test is taken from draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit the schema as described in RFC 6030.
* Add a test for an odd namespaceArthur de Jong2014-05-312-0/+59
|