2014-06-19 Arthur de Jong * [62c9af4] pskc/__init__.py: Only catch normal exceptions 2014-06-18 Arthur de Jong * [deb57d7] pskc/__init__.py: Remove unused import 2014-06-17 Arthur de Jong * [178ef1c] pskc/encryption.py: PEP8 fix 2014-06-17 Arthur de Jong * [7435552] pskc/exceptions.py: Remove __str__ from exception The message property has been deprecated as of Python 2.6 and printing the first argument is the default. 2014-06-16 Arthur de Jong * [f084735] README, docs/encryption.rst, docs/exceptions.rst, docs/index.rst, docs/mac.rst, docs/policy.rst, docs/usage.rst: Update documentation This updates the documentation with the current API, adding information on exceptions raised, HMAC algorithms supported and changes to the MAC checking. This also includes some editorial changes to some of the text and making references shorter by not including the full package path. 2014-06-15 Arthur de Jong * [d84e761] pskc/parse.py: Simplify finding ElementTree implementation These are the only ElementTree implementations that have been tested to provide the needed functionality (mostly namespaces). 2014-06-15 Arthur de Jong * [50b429d] pskc/key.py, pskc/parse.py, pskc/policy.py: Refactor out some functions to parse This introduces the getint() and getbool() functions in parse to avoid some code duplication. 2014-06-15 Arthur de Jong * [9a16ce4] pskc/key.py, tests/test_misc.doctest: Add support for setting secret This supports setters for the secret, counter, time_offset, time_interval and time_drift properties. Setting these values stores the values unencrypted internally. 2014-06-14 Arthur de Jong * [1b9ee9f] pskc/encryption.py: Support PBKDF2 PRF argument Support specifying a pseudorandom function for PBKDF2 key derivation. It currently supports any HMAC that the MAC checking also supports. 2014-06-14 Arthur de Jong * [79b9a7d] pskc/mac.py: Provide a get_hmac() function Refactor the functionality to find an HMAC function into a separate function. 2014-06-14 Arthur de Jong * [1417d4a] tests/invalid-mac-algorithm.pskcxml, tests/invalid-mac-value.pskcxml, tests/invalid-no-mac-method.pskcxml, tests/test_invalid.doctest: Add tests for missing or invalid MAC This tests for incomplete, unknown or invalid MACs in PSKC files. 2014-06-14 Arthur de Jong * [9d8aae0] pskc/key.py, pskc/mac.py: Raise exception when MAC validation fails This changes the way the check() function works to raise an exception when the MAC is not correct. The MAC is also now always checked before attempting decryption. This also renames the internal DataType.value property to a get_value() method for clarity. 2014-06-14 Arthur de Jong * [699ecf8] pskc/encryption.py: Handle missing MAC algorithm properly 2014-06-14 Arthur de Jong * [01e102b] tests/aes128-cbc.pskcxml, tests/aes192-cbc.pskcxml, tests/aes256-cbc.pskcxml, tests/test_encryption.doctest, tests/tripledes-cbc.pskcxml: Add MAC tests to all CBC encrypted keys This adds hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512 tests for values that are encrypted using CBC block cypher modes. 2014-06-14 Arthur de Jong * [59e790e] pskc/mac.py: Automatically support all MACs in hashlib This uses the name of the hash to automatically get the correct hash object from Python's hashlib. 2014-06-14 Arthur de Jong * [566e447] pskc/__init__.py, pskc/parse.py, setup.py: Support various ElementTree implementations When using a recent enough lxml, even Python 2.6 should work now. The most important requirement is that the findall() function supports the namespaces argument. This also now catches all exceptions when parsing the PSKC file fails and wraps it in ParseError because various implementations raise different exceptions, even between versions (Python 2.6's ElementTree raises ExpatError, lxml raises XMLSyntaxError). 2014-06-13 Arthur de Jong * [5d60ee2] pskc/__init__.py, pskc/encryption.py, pskc/key.py, pskc/mac.py, pskc/parse.py, pskc/policy.py: Have parse module provide find() functions This changes the parse module functions to better match the ElementTree API and extends it with findint(), findtime() and findbin(). It also passes the namespaces to all calls that require it without duplicating this throughout the normal code. 2014-06-11 Arthur de Jong * [6a34c01] pskc/__init__.py, pskc/encryption.py, pskc/key.py, pskc/mac.py, pskc/policy.py: Use get() instead of attrib.get() (shorter) 2014-05-31 Arthur de Jong * [4d92b93] pskc/encryption.py, tests/kw-tripledes.pskcxml, tests/test_encryption.doctest: Support kw-tripledes decryption This adds support for key unwrapping using the RFC 3217 Triple DES key wrap algorithm if the PSKC file uses this. 2014-05-31 Arthur de Jong * [fd71f01] pskc/tripledeskw.py, tests/test_tripledeskw.doctest: Implement RFC 3217 Triple DES key wrapping 2014-05-31 Arthur de Jong * [f639318] tests/test_minimal.doctest, tests/test_misc.doctest: Merge test_minimal into test_misc 2014-05-31 Arthur de Jong * [1e7f861] tests/draft-keyprov-actividentity-3des.pskcxml, tests/test_draft_keyprov.doctest: Add an ActivIdentity-3DES test The test is taken from draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit the schema as described in RFC 6030. 2014-05-31 Arthur de Jong * [b7cb928] tests/draft-keyprov-securid-aes-counter.pskcxml, tests/test_draft_keyprov.doctest: Add an SecurID-AES-Counter test The test is taken from draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to be valid XML and to fit the schema as described in RFC 6030. 2014-05-31 Arthur de Jong * [427319f] tests/draft-keyprov-totp.pskcxml, tests/test_draft_keyprov.doctest: Add an TOTP test The test is taken from draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit the schema as described in RFC 6030. 2014-05-31 Arthur de Jong * [ba49d09] tests/draft-keyprov-ocra.pskcxml, tests/test_draft_keyprov.doctest: Add an OCRA test The test is taken from draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit the schema as described in RFC 6030. 2014-05-31 Arthur de Jong * [0a66ede] tests/odd-namespace.pskcxml, tests/test_misc.doctest: Add a test for an odd namespace 2014-05-30 Arthur de Jong * [287afa7] pskc/encryption.py, tests/kw-aes128.pskcxml, tests/kw-aes192.pskcxml, tests/kw-aes256.pskcxml, tests/test_encryption.doctest: Support kw-aes128, kw-aes192 and kw-aes256 This adds support for key unwrapping using the RFC 3394 or RFC 5649 algorithm if the PSKC file uses this. 2014-05-30 Arthur de Jong * [99ba287] pskc/aeskw.py, tests/test_aeskw.doctest: Implement padding as specified in RFC 5649 This adds a pad argument with which padding can be forced or disabled. 2014-05-29 Arthur de Jong * [ebf8945] pskc/aeskw.py, tests/test_aeskw.doctest: Allow speciying an initial value for key wrapping 2014-05-29 Arthur de Jong * [5720fe5] pskc/aeskw.py, pskc/exceptions.py, tests/test_aeskw.doctest: Provide an RFC 3394 AES key wrapping algorithm This also introduces an EncryptionError exception. 2014-05-29 Arthur de Jong * [7164d89] README, docs/usage.rst, pskc/__init__.py, tests/rfc6030-figure10.pskcxml, tests/rfc6030-figure2.pskcxml, tests/rfc6030-figure3.pskcxml, tests/rfc6030-figure4.pskcxml, tests/rfc6030-figure5.pskcxml, tests/rfc6030-figure6.pskcxml, tests/rfc6030-figure7.pskcxml, tests/test_rfc6030.doctest: Always put a space between RFC and number 2014-05-29 Arthur de Jong * [ccebb69] pskc/encryption.py, tests/test_encryption.doctest, tests/tripledes-cbc.pskcxml: Support Tripple DES decryption 2014-05-29 Arthur de Jong * [a11f31f] tests/test_invalid.doctest: Add tests for key derivation problems This tests for unknown or missing algorithms and unknown derivation parameters. 2014-05-29 Arthur de Jong * [0738c94] pskc/encryption.py, pskc/exceptions.py: Raise exception when key derivation fails This also renames the internal function that implements the derivation. 2014-05-29 Arthur de Jong * [76ef42b] pskc/encryption.py, pskc/exceptions.py, tests/invalid-encryption.pskcxml, tests/test_invalid.doctest: Add test for missing key encryption algorithm This also introduces a toplevel PSKCError exception that all exceptions have as parent. 2014-05-29 Arthur de Jong * [7f26dc6] tests/aes128-cbc.pskcxml, tests/aes192-cbc.pskcxml, tests/aes256-cbc.pskcxml, tests/test_encryption.doctest: Add test for all AES-CBC encryption schemes 2014-05-29 Arthur de Jong * [28f2c1c] pskc/encryption.py: Support more AES-CBC encryption schemes This also moves the crypto imports to the places where they are used to avoid a depenency on pycrypto if no encryption is used. 2014-05-29 Arthur de Jong * [678b127] tests/test_minimal.doctest: Add test for missing secret value 2014-05-25 Arthur de Jong * [bef2f7d] pskc/__init__.py, pskc/key.py, tests/test_minimal.doctest: Add a function for adding a new key 2014-05-25 Arthur de Jong * [46f5749] pskc/__init__.py: Consistency improvement 2014-05-25 Arthur de Jong * [83f5a4b] pskc/__init__.py, tests/test_minimal.doctest: Support creating an empty PSKC instance 2014-05-25 Arthur de Jong * [820c83c] pskc/encryption.py, pskc/mac.py: Be more lenient in accepting algorithms 2014-05-25 Arthur de Jong * [02bde47] pskc/key.py: Code simplification 2014-05-25 Arthur de Jong * [b62fec8] pskc/encryption.py, pskc/exceptions.py, tests/invalid-encryption.pskcxml, tests/test_invalid.doctest, tests/test_rfc6030.doctest: Raise an exception if decryption fails 2014-05-25 Arthur de Jong * [7bc2e6b] pskc/encryption.py: Make decryption code better readable 2014-05-23 Arthur de Jong * [714f387] setup.cfg, tests/invalid-notxml.pskcxml, tests/invalid-wrongelement.pskcxml, tests/invalid-wrongversion.pskcxml, tests/test_invalid.doctest: Add tests for invalid PSKC files 2014-05-23 Arthur de Jong * [803d24c] pskc/__init__.py, pskc/exceptions.py: Raise exceptions on some parsing problems 2014-05-23 Arthur de Jong * [8c37e26] setup.py: Fix install_requires 2014-05-23 Arthur de Jong * [8e1729e] ChangeLog, MANIFEST.in, NEWS: Get files ready for 0.1 release 2014-05-23 Arthur de Jong * [15ca643] README, pskc/__init__.py, tests/rfc6030-figure10.pskc, tests/rfc6030-figure10.pskcxml, tests/rfc6030-figure2.pskc, tests/rfc6030-figure2.pskcxml, tests/rfc6030-figure3.pskc, tests/rfc6030-figure3.pskcxml, tests/rfc6030-figure4.pskc, tests/rfc6030-figure4.pskcxml, tests/rfc6030-figure5.pskc, tests/rfc6030-figure5.pskcxml, tests/rfc6030-figure6.pskc, tests/rfc6030-figure6.pskcxml, tests/rfc6030-figure7.pskc, tests/rfc6030-figure7.pskcxml, tests/test_rfc6030.doctest: Use pskcxml as file name extension This is the extension that is suggested in RFC6030. 2014-05-23 Arthur de Jong * [44c7d2e] docs/policy.rst, docs/usage.rst: Improve IANA links 2014-05-20 Arthur de Jong * [cda1c5f] tests/test_rfc6030.doctest: Improve test This tests that, before the PSKC ecnryption is key available, the secret from the key cannot be extracted. 2014-05-19 Arthur de Jong * [e96c746] docs/_templates/autosummary/module.rst, docs/conf.py, docs/encryption.rst, docs/index.rst, docs/mac.rst, docs/policy.rst, docs/usage.rst: Provide Sphinx documentation 2014-05-18 Arthur de Jong * [edf4d24] pskc/policy.py: Add missing policy constant 2014-05-18 Arthur de Jong * [92a994d] pskc/key.py: Fix attribute name in docstring 2014-04-20 Arthur de Jong * [cc9bbb5] README: Update README 2014-05-17 Arthur de Jong * [d0a7814] .gitignore, setup.py: Fix dateutil dependency This also ignores downloaded .egg files. 2014-04-19 Arthur de Jong * [e0159ba] pskc/parse.py: Fix module description 2014-04-19 Arthur de Jong * [ba17976] pskc/__init__.py, pskc/parse.py: Move PSKC class to toplevel module This also splits the parsing to a parse() function for consistency. 2014-04-19 Arthur de Jong * [64e207d] pskc/key.py, tests/test_rfc6030.doctest: Provide pskc.key docstrings This documents most of the information that is available per key and adds a few other minor cosmetic changes. This also re-organises the key properties to be in a slightly more logical order and renames the userid key property to key_userid to more clearly distinguish it from device_userid. 2014-04-19 Arthur de Jong * [6becc61] pskc/parse.py: Provide pskc.parse docstrings This documents most of the API of the parsing functions and the PSKC class. 2014-04-19 Arthur de Jong * [1d42fbc] pskc/policy.py: Complete pskc.policy docstrings Also contains small consistency improvement. 2014-04-19 Arthur de Jong * [b07d709] pskc/mac.py: Provide pskc.mac docstrings This also hides two properties that are not part of the public API. 2014-04-19 Arthur de Jong * [285860e] pskc/encryption.py: Provide pskc.encryption docstrings This documents classes in the pskc.encryption module. 2014-04-19 Arthur de Jong * [8c9e03d] pskc/key.py, pskc/mac.py, pskc/parse.py, pskc/policy.py: Move Key class to separate module This also allows re-organising the imports a bit. 2014-04-16 Arthur de Jong * [c883d48] MANIFEST.in, pskc/__init__.py, setup.cfg, setup.py: Add initial setup script 2014-04-14 Arthur de Jong * [3df6849] COPYING: Include a license file (LGPL) 2014-04-13 Arthur de Jong * [f08cdb5] tests/rfc6030-figure10.pskc, tests/test_rfc6030.doctest: Add bulk provisioning test from Figure 10 2014-04-13 Arthur de Jong * [41828cd] pskc/parse.py: Use slightly clearer names 2014-04-12 Arthur de Jong * [5ab731c] tests/rfc6030-figure7.pskc, tests/test_rfc6030.doctest: Add test for Figure 7 from RFC6030 This tests encrypted key derivation using PBKDF2 and a pre-shared passphrase. 2014-04-12 Arthur de Jong * [a3fd598] pskc/encryption.py: Implement PBKDF2 key derivation This supports deriving the key from a passphrase and information present in the DerivedKey and PBKDF2-params XML elements. 2014-04-12 Arthur de Jong * [2ff470f] pskc/encryption.py: Add id attribute from EncryptionKey 2014-04-12 Arthur de Jong * [460f335] tests/rfc6030-figure6.pskc, tests/test_rfc6030.doctest: Add test for Figure 6 from RFC6030 This test key encryption with a pre-shared key and MAC checks. 2014-04-12 Arthur de Jong * [a926ddb] pskc/mac.py, pskc/parse.py: Implement MAC checking This implements message message authentication code checking for the encrypted values if MACMethod and ValueMAC are present. 2014-04-12 Arthur de Jong * [e53e865] pskc/encryption.py, pskc/parse.py: Support decrypting with a pre-shared key This adds an encryption module that provides wrappers for handling decryption. 2014-04-11 Arthur de Jong * [3fe0919] pskc/parse.py: Refactor DataType value handling This ensures that DataType values are retrieved dynamically instead of at the time the PSKC file was parsed in order to make decryption work. 2014-04-11 Arthur de Jong * [591bb5d] pskc/policy.py: Document key and pin usage values 2014-04-11 Arthur de Jong * [b952b93] tests/rfc6030-figure5.pskc, tests/test_rfc6030.doctest: Add test for Figure 5 from RFC6030 This test extraction of key policy information and cross-key references. 2014-04-11 Arthur de Jong * [e939a96] pskc/parse.py, pskc/policy.py: Implement key policy parsing This parses key policy from PSKC files and provides a few utility methods to help with policy validation. 2014-04-11 Arthur de Jong * [8c9ac8c] pskc/parse.py: Support parsing date and integer values 2014-04-11 Arthur de Jong * [6446f7d] tests/rfc6030-figure4.pskc, tests/test_rfc6030.doctest: Add test for Figure 4 from RFC6030 This tests for key profile and key reference properties that can be used to reference external keys. 2014-04-07 Arthur de Jong * [e72369f] tests/rfc6030-figure3.pskc, tests/test-rfc6030.doctest, tests/test_rfc6030.doctest: Add test for Figure 3 from RFC6030 This tests Figure 3 from RFC6030 with a very basic plain text secret key and some supplementary data. 2014-04-07 Arthur de Jong * [2c111a8] pskc/parse.py: Get more data from KeyPackage This gets most simple string values from the KeyPackage as well as some integer and boolean values. 2014-04-07 Arthur de Jong * [96b4b54] tests/rfc6030-figure2.pskc, tests/test-rfc6030.doctest: Add test for example from RFC6030 This tests Figure 2 from RFC6030 with a very basic plain text secret key. 2014-04-07 Arthur de Jong * [d662cf2] pskc/parse.py: Support getting plaintext key 2014-04-07 Arthur de Jong * [550630d] tests/test_minimal.doctest: Minimal test This adds a doctest for the absolute minimum PSKC file that does not contain any useful information. 2014-04-07 Arthur de Jong * [bf8e7f6] pskc/__init__.py, pskc/parse.py: Basic implementation of PSKC class This class is used for handling PSKC files. It will parse the file and store relevant properties for easy access. The Key class corresponds to a single key defined in the PSKC file. This is a very minimal implementation that only provides some meta-data from the file and keys (work in progress). 2014-04-04 Arthur de Jong * [9803dfc] README: Provide an initial README 2014-04-02 Arthur de Jong * [c912bb4] .gitignore, pskc/__init__.py: Initial project layout