From 364e93de64906f804139d2cddc1973e1b7ae5b14 Mon Sep 17 00:00:00 2001 From: Arthur de Jong Date: Wed, 13 Dec 2017 19:55:38 +0100 Subject: Add support for Camellia-CBC suite of algorithms --- pskc/encryption.py | 16 ++++++++++++-- tests/encryption/camellia128-cbc.pskcxml | 38 ++++++++++++++++++++++++++++++++ tests/encryption/camellia192-cbc.pskcxml | 38 ++++++++++++++++++++++++++++++++ tests/encryption/camellia256-cbc.pskcxml | 38 ++++++++++++++++++++++++++++++++ tests/test_encryption.doctest | 33 +++++++++++++++++++++++++++ 5 files changed, 161 insertions(+), 2 deletions(-) create mode 100644 tests/encryption/camellia128-cbc.pskcxml create mode 100644 tests/encryption/camellia192-cbc.pskcxml create mode 100644 tests/encryption/camellia256-cbc.pskcxml diff --git a/pskc/encryption.py b/pskc/encryption.py index d90476c..a204a51 100644 --- a/pskc/encryption.py +++ b/pskc/encryption.py @@ -47,6 +47,10 @@ def algorithm_key_lengths(algorithm): algorithm.endswith('#kw-aes192') or \ algorithm.endswith('#kw-aes256'): return [int(algorithm[-3:]) // 8] + elif (algorithm.endswith('#camellia128-cbc') or + algorithm.endswith('#camellia192-cbc') or + algorithm.endswith('#camellia256-cbc')): + return [int(algorithm[-7:-4]) // 8] else: raise DecryptionError('Unsupported algorithm: %r' % algorithm) @@ -93,9 +97,13 @@ def decrypt(algorithm, key, ciphertext, iv=None): algorithm.endswith('#kw-aes256'): from pskc.crypto.aeskw import unwrap return unwrap(ciphertext, key) - elif algorithm.endswith('#kw-tripledes'): # pragma: no branch + elif algorithm.endswith('#kw-tripledes'): from pskc.crypto.tripledeskw import unwrap return unwrap(ciphertext, key) + elif (algorithm.endswith('#camellia128-cbc') or # pragma: no branch + algorithm.endswith('#camellia192-cbc') or + algorithm.endswith('#camellia256-cbc')): + return _decrypt_cbc(algorithms.Camellia, key, ciphertext, iv) # no fallthrough because algorithm_key_lengths() fails with unknown algo @@ -136,9 +144,13 @@ def encrypt(algorithm, key, plaintext, iv=None): algorithm.endswith('#kw-aes256'): from pskc.crypto.aeskw import wrap return wrap(plaintext, key) - elif algorithm.endswith('#kw-tripledes'): # pragma: no branch + elif algorithm.endswith('#kw-tripledes'): from pskc.crypto.tripledeskw import wrap return wrap(plaintext, key) + elif (algorithm.endswith('#camellia128-cbc') or # pragma: no branch + algorithm.endswith('#camellia192-cbc') or + algorithm.endswith('#camellia256-cbc')): + return _encrypt_cbc(algorithms.Camellia, key, plaintext, iv) # no fallthrough because algorithm_key_lengths() fails with unknown algo diff --git a/tests/encryption/camellia128-cbc.pskcxml b/tests/encryption/camellia128-cbc.pskcxml new file mode 100644 index 0000000..bbf4567 --- /dev/null +++ b/tests/encryption/camellia128-cbc.pskcxml @@ -0,0 +1,38 @@ + + + + + + + Pre-shared-key + + + + + + VnWO9OoCQWEuH0qsz1VnywNqjvXC/kUNcMp8cFfCqiw48doVY9XVcMV0GR5vn6g3 + + + + + + + + + + + DvtlFS8/QZle2xG8PjfA8Kg4bsjLlU8kH/sEfXC9VLWib2Z/WU8RDHR+fI9uCqOs + + + RDATcSJh3n8TAvMDoPzKqobgOCPZSluA7Gmvpg== + + + + + diff --git a/tests/encryption/camellia192-cbc.pskcxml b/tests/encryption/camellia192-cbc.pskcxml new file mode 100644 index 0000000..0365a10 --- /dev/null +++ b/tests/encryption/camellia192-cbc.pskcxml @@ -0,0 +1,38 @@ + + + + + + + Pre-shared-key + + + + + + WAL6YRtYa5/rE/DX26NKXaHpDu2qE4q5kdtCZmvhZeHMsV76CuLlO5ybTD9RsLWK + + + + + + + + + + + Wa5Kz1/BhuqUcpQyw8qRSDwurIsm2vjUR/PO3w1Q3//PFfHod+DgBhRW2BecWpP5 + + + RDATcSJh3n8TAvMDoPzKqobgOCPZSluA7Gmvpg== + + + + + diff --git a/tests/encryption/camellia256-cbc.pskcxml b/tests/encryption/camellia256-cbc.pskcxml new file mode 100644 index 0000000..59911aa --- /dev/null +++ b/tests/encryption/camellia256-cbc.pskcxml @@ -0,0 +1,38 @@ + + + + + + + Pre-shared-key + + + + + + uj9VFSjENtykiBdHoxF/CZ8y2XnWA/fW89i4xonEH9iYK2AH0/hkH7bVmI2ObcSa + + + + + + + + + + + X7We+WREABNPa0jlsUHZqF5CWUQiPYdXJ+7ure96AcNH/7TXcQs4mFuSCOHpiv/W + + + RDATcSJh3n8TAvMDoPzKqobgOCPZSluA7Gmvpg== + + + + + diff --git a/tests/test_encryption.doctest b/tests/test_encryption.doctest index 7e1d443..7f6ebd3 100644 --- a/tests/test_encryption.doctest +++ b/tests/test_encryption.doctest @@ -130,6 +130,39 @@ DecryptionError: Invalid key length '2923bf85e06dd6ae529149f1f1bae9eab3a7da3d860d3e98' +>>> pskc = PSKC('tests/encryption/camellia128-cbc.pskcxml') +>>> pskc.encryption.key = a2b_hex('200497e673a6fae2256e9749468a67ac') +>>> pskc.encryption.algorithm +'http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc' +>>> tostr(pskc.keys[0].secret) +'12345678901234567890' +>>> tostr(base64.b64encode(encrypt(pskc.encryption.algorithm, pskc.encryption.key, +... pskc.keys[0].secret, a2b_hex('0efb65152f3f41995edb11bc3e37c0f0')))) +'DvtlFS8/QZle2xG8PjfA8Kg4bsjLlU8kH/sEfXC9VLWib2Z/WU8RDHR+fI9uCqOs' + + +>>> pskc = PSKC('tests/encryption/camellia192-cbc.pskcxml') +>>> pskc.encryption.key = a2b_hex('e263279877384c84c987661a9d06766affdb9b3211eae801') +>>> pskc.encryption.algorithm +'http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc' +>>> tostr(pskc.keys[0].secret) +'12345678901234567890' +>>> tostr(base64.b64encode(encrypt(pskc.encryption.algorithm, pskc.encryption.key, +... pskc.keys[0].secret, a2b_hex('59AE4ACF5FC186EA94729432C3CA9148')))) +'Wa5Kz1/BhuqUcpQyw8qRSDwurIsm2vjUR/PO3w1Q3//PFfHod+DgBhRW2BecWpP5' + + +>>> pskc = PSKC('tests/encryption/camellia256-cbc.pskcxml') +>>> pskc.encryption.key = a2b_hex('33b37e31c5a0a16f004e7fe727d4ff808fc1f879d85ccd8f06dbb5799565d2f5') +>>> pskc.encryption.algorithm +'http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc' +>>> tostr(pskc.keys[0].secret) +'12345678901234567890' +>>> tostr(base64.b64encode(encrypt(pskc.encryption.algorithm, pskc.encryption.key, +... pskc.keys[0].secret, a2b_hex('5FB59EF9644400134F6B48E5B141D9A8')))) +'X7We+WREABNPa0jlsUHZqF5CWUQiPYdXJ+7ure96AcNH/7TXcQs4mFuSCOHpiv/W' + + The IV can also be specified globally. >>> pskc = PSKC('tests/encryption/aes128-cbc-noiv.pskcxml') -- cgit v1.2.3