Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* Fix typos (thanks codespell)Arthur de Jong2023-11-121-1/+1
|
* Support bytearray for key valuesArthur de Jong2022-01-301-1/+57
| | | | Related to https://github.com/arthurdejong/python-pskc/issues/5
* Fix typos found by codespellArthur de Jong2021-08-102-2/+2
|
* Remove test for PSKC file without certificateArthur de Jong2020-01-051-45/+0
| | | | | | | Remove this test for now because signxml cannor currently validate this certificate in a backwards compatible way. See https://github.com/XML-Security/signxml/issues/143
* Add --skip-columns optionArthur de Jong2018-04-211-0/+49
| | | | | | This option can be used to skip a number of rows in the CSV file before the key data is read. If the number of rows to skip is 0, the column interpretation should be provided using the --columns option.
* Add --set optionArthur de Jong2018-04-211-0/+47
| | | | | This option can be used to set key properties for all keys in the PSKC file.
* Add --columns optionArthur de Jong2018-04-211-0/+86
| | | | | | This option can be used to override the list of columns as found in the first line of the CSV file or provide a mapping for values found in the first line to PSKC properties.
* Add a csv2pskc script for CSV to PSKC conversionArthur de Jong2018-04-211-0/+421
| | | | | | This script reads a CSV file and writes out a PSKC file with the key information from the CSV file. The CSV file is expected to have one row for each key and key property values in columns.
* Ship the script as part of the pskc packageArthur de Jong2018-04-022-2/+2
| | | | | This also installs pskc2csv and pskc2pskc console script entry points as part of the package installation.
* Support setting key sub-properties via add_key()Arthur de Jong2018-04-021-0/+14
|
* Increase default PBKDF2 iterations to 100000Arthur de Jong2018-03-113-4/+4
|
* Add a pskc2pskc script for converting PSKC filesArthur de Jong2018-02-101-0/+371
| | | | | | This script reads a PSKC file in any supported format and writes out a RFC 6030 compliant version of the file, optionally with the encryption removed or (re-)encrypting the file with a new key.
* Correctly write a PSKC file without a MAC keyArthur de Jong2018-02-091-0/+92
| | | | | | | | In some cases a PSKC file can be written with a MAC algorithm but without a MAC key. This is possible when the MAC key is not supplied (allowed in older PSKC versions) and a fallback to the encryption key is done. If we have not yet decrypted the file the MAC key is not yet available and so can't be included in the written file.
* Correctly write a PSKC file with a global IVArthur de Jong2018-02-091-1/+39
| | | | | | | This ensures that the encryption IV, which should be per encrypted value is written out per encrypted value instead of globally. This is mostly useful for when reading an old format PSKC file and writing out a RFC 6030 compliant one.
* Implement removing encryptionArthur de Jong2018-02-082-5/+23
| | | | | This adds a function to decrypt all values and remove the encryption of an encrypted PSKC file.
* Fixes to test suiteArthur de Jong2018-02-082-0/+19
| | | | | | | This ensures that the tests also work without a TTY and work regardless of the PYTHONWARNINGS and TZ environment variables Fixes cd33833
* Not all XML serialisers write namespaces in same orderArthur de Jong2017-12-291-6/+6
| | | | | | This ignores the namespace declarations in the generated XML files because not all implementations on all environments write these in the same order.
* Add an is_encrypted propertyArthur de Jong2017-12-271-0/+8
| | | | | | This property can be use to see whether the PSKC file needs an additional pre-shared key or passphrase to decrypt any stored information.
* Implement signature checkingArthur de Jong2017-12-2711-7/+390
| | | | | | | | | | | | | | | This adds support for creating and verifying embedded XML signatures in PSKC files. This uses the third-party signxml library for actual signing and verification. The signxml library has a dependency on lxml and defusedxml (and a few others) but all parts of python-pskc still work correctly with our without lxml and/or defusedxml and signxml is only required when working with embedded signatures. This modifies the tox configuration to skip the signature checks if singxml is not installed and to only require 100% code coverage if the signature tests are done.
* Implement basic parsing of signature propertiesArthur de Jong2017-12-272-1/+25
|
* Fix typo in pin_max_failed_attempts attributeArthur de Jong2017-12-182-1/+20
| | | | | This makes the old name (pin_max_failed_attemtps) available as a deprecated property.
* Add limited support for very old draft PSKC versionsArthur de Jong2017-12-155-0/+353
| | | | | | | | | | | | This adds basic support for parsing the PSKC files as specified in draft-hoyer-keyprov-portable-symmetric-key-container-00 and draft-hoyer-keyprov-portable-symmetric-key-container-01. It should be able to extract secrets, counters, etc. but not all properties from the PSKC file are supported. It is speculated that this format resembles the "Verisign PSKC format" that some applications produce.
* Add test files from multiOTPArthur de Jong2017-12-1511-0/+2012
| | | | | | | This adds tests for parsing the files that are shipped as part of the multiOTP test suite. https://www.multiotp.net/
* Refactor internal storate of encrypted valuesArthur de Jong2017-12-153-3/+34
| | | | | | | | | | | This changes the way encrypted values are stored internally before being decrypted. For example, the internal _secret property can now be a decrypted plain value or an EncryptedValue instance instead of always being a DataType, simplifying some things (e.g. all XML encoding/decoding is now done in the corresponding module). This should not change the public API but does have consequences for those who use custom serialisers or parsers.
* Add support for KW-Camellia suite of algorithmsArthur de Jong2017-12-134-0/+117
|
* Add support for Camellia-CBC suite of algorithmsArthur de Jong2017-12-134-0/+147
|
* Replace pycrypto with cryptographyArthur de Jong2017-10-092-77/+6
| | | | | | | | | The cryptography library is better supported. This uses the functions from cryptography for AES and Triple DES encryption, replaces the (un)padding functions that were previously implemented in python-pskc with cryptography and uses PBKDF2 implementation from hashlib.
* Replace use of pycrypto utility functionsArthur de Jong2017-10-012-6/+6
| | | | | | This uses os.urandom() as a source for random data and replaces other utility functions. This also removes one import for getting the lengths of Tripple DES keys.
* Implement our own XML formattingArthur de Jong2017-09-251-8/+8
| | | | | | This avoids a using xml.dom.minidom to indent the XML tree and keep the attributes ordered alphabetically. This also allows for customisations to the XML formatting.
* Support hashlib from Python 2.7.3Arthur de Jong2017-09-241-1/+4
| | | | | Some Python versions don't have the algorithms_available property but do have the algorithms property in hashlib.
* Fix bug in saving PBKDF2 salt on Python3Arthur de Jong2017-09-241-2/+20
| | | | | | | The PBKDF2 salt was saved in the wrong way (b'base64encodeddata' instead of base64encodeddata) when using Python 3. This fixes that problem and tests that saving and loading of a file that uses PBKDF2 key derivation works.
* Add tests for the pskc2csv scriptArthur de Jong2017-09-241-0/+185
| | | | | This makes minor changes to the pskc2csv script to make it more easily testable.
* Provide Key.userid convenience propertyArthur de Jong2017-06-101-4/+4
| | | | | This provides a read-only userid property on Key objects that uses the key_userid or device_userid value, whichever one is defined.
* Refactor MAC lookupsArthur de Jong2017-06-092-1/+137
| | | | | | | | This switches to using the hashlib.new() function to be able to use all hashes that are available in Python (specifically RIPEMD160). This also adds a number of tests for HMACs using test vectors from RFC 2202, RFC 4231 and RFC 2857.
* Correct name of ActivIdentity test fileArthur de Jong2017-01-212-1/+1
|
* Split vendor testsArthur de Jong2017-01-152-27/+55
| | | | Have one doctest file per vendor to make tests a little more manageable.
* Add tests for Yubikey filesArthur de Jong2017-01-154-0/+295
| | | | This adds tests from draft-josefsson-keyprov-pskc-yubikey-00.
* Support legacy ActivIdentity filesArthur de Jong2017-01-152-0/+96
| | | | | | This adds support for parsing ActivIdentity files that conform to a very old version of an Internet Draft. The implementation and test were based on a file provided by Jaap Ruijgrok.
* Use original examples from old profiles Internet DraftArthur de Jong2017-01-114-125/+121
| | | | | | | | | | | | | This updates the tests to use the original examples from draft-hoyer-keyprov-pskc-algorithm-profiles-01 instead of modifying them to fit the RFC 6030 schema (but does include some minor changes to make them valid XML). This adds a few additions to the parser to handle legacy challenge and resposne encoding and a few key policy properties. This also includes a fix for 0b757ec in the handling of the <ChallengeFormat> element under a <Usage> element.
* Add all figures from RFC 6030 to test suiteArthur de Jong2016-12-213-10/+191
| | | | Note that asymmetric encryption and digital signature checking has not yet been implemented so the tests are pretty minimal.
* Add support for older Internet Draft versionArthur de Jong2016-12-219-0/+787
| | | | | | | | | | | | | | This adds support for parsing most examples from draft-ietf-keyprov-pskc-02. That file uses a few other names for elements and attributes of the PSKC file and a few other minor differences. The XML parsing has been changed to allow specifying multiple matches and the find*() functions now return the first found match. While all examples from draft-ietf-keyprov-pskc-02 are tested support for verifying digital signatures and asymmetric keys have not yet been implemented.
* Fix typo in testArthur de Jong2016-12-201-4/+4
|
* Allow MAC over plaintext or ciphertextArthur de Jong2016-12-206-75/+71
| | | | | | | | | | | | | | | | | | RFC 6030 implies that the MAC should be performed over the ciphertext but some earlier drafts implied that the MAC should be performed on the plaintext. This change accpets the MAC if either the plaintext or ciphertext match. Note that this change allows for a padding oracle attack when CBC encryption modes are used because decryption (and unpadding) needs to be done before MAC checking. However, this module is not expected to be available to users to process arbitrary PSKC files repeatedly. This removes the tests for a missing MAC key (and replaces it for tests of missing EncryptionMethod) because falling back to using the encryption key (implemented in a444f78) in combination with this change means that decryption is performed before MAC checking and is no longer possible to trigger a missing MAC key error.
* Add sanity checks to unpaddingArthur de Jong2016-12-201-0/+76
|
* Close read files in testsArthur de Jong2016-12-191-2/+4
| | | | | This ensures that the files that are read in the test suite are properly closed to avoid leaking open file descriptors.
* Support separate device from keyArthur de Jong2016-09-172-3/+67
| | | | | | | | This allows having multiple keys per device while also maintaining the previous API. Note that having multiple keys per device is not allowed by the RFC 6030 schema but is allowed by some older internet drafts.
* Some minor improvements to the testsArthur de Jong2016-09-143-2/+18
|
* Improve branch coverageArthur de Jong2016-09-1410-11/+273
| | | | This enables branch coverage testing and adds tests to improve coverage.
* Support specifying PRF in setup_pbkdf2()Arthur de Jong2016-09-111-2/+6
| | | | This also ensures that the PRF URL is normalised.
* Fall back to encryption key for MACArthur de Jong2016-04-234-0/+97
| | | | | | This uses the encryption key also as MAC key if no MAC key has been specified in the PSKC file. Earlier versions of the PSKC draft specified this behaviour.