test_encryption.doctest - test various encryption schemes

Copyright (C) 2014-2018 Arthur de Jong

This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA


>>> from binascii import a2b_hex, b2a_hex
>>> def tostr(x):
...     return str(x.decode())
>>> def decode(f):
...     return lambda x: tostr(f(x))
>>> b2a_hex = decode(b2a_hex)
>>> import base64

>>> from pskc import PSKC
>>> from pskc.encryption import encrypt, decrypt


>>> pskc = PSKC('tests/encryption/aes128-cbc.pskcxml')
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmlenc#aes128-cbc'
>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> pskc.mac.algorithm
'http://www.w3.org/2001/04/xmldsig-more#hmac-sha224'
>>> tostr(pskc.mac.key)
'MacMacMacMacMacMacMa'


>>> pskc = PSKC('tests/encryption/aes192-cbc.pskcxml')
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmlenc#aes192-cbc'
>>> pskc.keys[0].secret  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
DecryptionError: Invalid key length
>>> pskc.encryption.key = a2b_hex('123456789012345678901234567890123456789012345678')
>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> pskc.mac.algorithm
'http://www.w3.org/2001/04/xmldsig-more#hmac-sha256'
>>> tostr(pskc.mac.key)
'MacMacMacMacMacMacMa'


>>> pskc = PSKC('tests/encryption/aes256-cbc.pskcxml')
>>> pskc.encryption.key = a2b_hex('1234567890123456789012345678901234567890123456789012345678901234')
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> pskc.mac.algorithm
'http://www.w3.org/2001/04/xmldsig-more#hmac-sha384'
>>> tostr(pskc.mac.key)
'MacMacMacMacMacMacMa'


>>> pskc = PSKC('tests/encryption/tripledes-cbc.pskcxml')
>>> pskc.encryption.key = a2b_hex('1234')
>>> pskc.keys[0].secret  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
DecryptionError: Invalid key length
>>> pskc.encryption.key = a2b_hex('11111111111111111111111111111111')
>>> pskc.keys[0].secret  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
DecryptionError: Invalid padding
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> pskc.mac.algorithm
'http://www.w3.org/2001/04/xmldsig-more#hmac-sha512'
>>> tostr(pskc.mac.key)
'MacMacMacMacMacMacMa'


>>> pskc = PSKC('tests/encryption/kw-aes128.pskcxml')
>>> pskc.encryption.key = a2b_hex('1234')
>>> pskc.keys[0].secret  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
DecryptionError: Invalid key length
>>> pskc.encryption.key = a2b_hex('000102030405060708090a0b0c0d0e0f')
>>> b2a_hex(pskc.keys[0].secret)
'00112233445566778899aabbccddeeff'


>>> pskc = PSKC('tests/encryption/kw-aes192.pskcxml')
>>> pskc.encryption.key = a2b_hex('000102030405060708090a0b0c0d0e0f')
>>> pskc.keys[0].secret  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
DecryptionError: Invalid key length
>>> pskc.encryption.key = a2b_hex('000102030405060708090a0b0c0d0e0f1011121314151617')
>>> b2a_hex(pskc.keys[0].secret)
'00112233445566778899aabbccddeeff'


>>> pskc = PSKC('tests/encryption/kw-aes256.pskcxml')
>>> pskc.encryption.key = a2b_hex('000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f')
>>> b2a_hex(pskc.keys[0].secret)
'00112233445566778899aabbccddeeff0001020304050607'


>>> pskc = PSKC('tests/encryption/kw-tripledes.pskcxml')
>>> pskc.encryption.key = a2b_hex('255e0d1c07b646dfb3134cc843ba8aa71f')
>>> pskc.keys[0].secret  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
DecryptionError: Invalid key length
>>> pskc.encryption.key = a2b_hex('255e0d1c07b646dfb3134cc843ba8aa71f025b7c0838251f')
>>> b2a_hex(pskc.keys[0].secret)
'2923bf85e06dd6ae529149f1f1bae9eab3a7da3d860d3e98'


>>> pskc = PSKC('tests/encryption/camellia128-cbc.pskcxml')
>>> pskc.encryption.key = a2b_hex('200497e673a6fae2256e9749468a67ac')
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc'
>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> tostr(base64.b64encode(encrypt(pskc.encryption.algorithm, pskc.encryption.key,
...     pskc.keys[0].secret, a2b_hex('0efb65152f3f41995edb11bc3e37c0f0'))))
'DvtlFS8/QZle2xG8PjfA8Kg4bsjLlU8kH/sEfXC9VLWib2Z/WU8RDHR+fI9uCqOs'


>>> pskc = PSKC('tests/encryption/camellia192-cbc.pskcxml')
>>> pskc.encryption.key = a2b_hex('e263279877384c84c987661a9d06766affdb9b3211eae801')
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc'
>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> tostr(base64.b64encode(encrypt(pskc.encryption.algorithm, pskc.encryption.key,
...     pskc.keys[0].secret, a2b_hex('59AE4ACF5FC186EA94729432C3CA9148'))))
'Wa5Kz1/BhuqUcpQyw8qRSDwurIsm2vjUR/PO3w1Q3//PFfHod+DgBhRW2BecWpP5'


>>> pskc = PSKC('tests/encryption/camellia256-cbc.pskcxml')
>>> pskc.encryption.key = a2b_hex('33b37e31c5a0a16f004e7fe727d4ff808fc1f879d85ccd8f06dbb5799565d2f5')
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc'
>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> tostr(base64.b64encode(encrypt(pskc.encryption.algorithm, pskc.encryption.key,
...     pskc.keys[0].secret, a2b_hex('5FB59EF9644400134F6B48E5B141D9A8'))))
'X7We+WREABNPa0jlsUHZqF5CWUQiPYdXJ+7ure96AcNH/7TXcQs4mFuSCOHpiv/W'


>>> pskc = PSKC('tests/encryption/kw-camellia128.pskcxml')
>>> pskc.encryption.key = a2b_hex('e35b135a09bfff8b314a5a0c32193c37')
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmldsig-more#kw-camellia128'
>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> tostr(base64.b64encode(encrypt(pskc.encryption.algorithm, pskc.encryption.key, pskc.keys[0].secret)))
'WB128TBZ1WGZzPNJNbwNrWRqQceU7M4FQSJPy2nw6iI='


>>> pskc = PSKC('tests/encryption/kw-camellia192.pskcxml')
>>> pskc.encryption.key = a2b_hex('5eb0bccad29abe52d143d5aebc1c1ba174b8d379ce763c28')
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmldsig-more#kw-camellia192'
>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> tostr(base64.b64encode(encrypt(pskc.encryption.algorithm, pskc.encryption.key, pskc.keys[0].secret)))
'y/wSpn3aNjeXzY1giHLOy0P+WQ+NmkN7EovBtHBXZ14='


>>> pskc = PSKC('tests/encryption/kw-camellia256.pskcxml')
>>> pskc.encryption.key = a2b_hex('0e187c656c36975b0d6bded79d7089142209457114ce8e6f4ae78339d71114e8')
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmldsig-more#kw-camellia256'
>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> tostr(base64.b64encode(encrypt(pskc.encryption.algorithm, pskc.encryption.key, pskc.keys[0].secret)))
'tCrhhD62tBGCcbsp8GV91+79MhaXTy1MP1SkaT2OLaU='


The IV can also be specified globally.

>>> pskc = PSKC('tests/encryption/aes128-cbc-noiv.pskcxml')
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> pskc.encryption.iv = a2b_hex('000102030405060708090a0b0c0d0e0f')
>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> tostr(pskc.mac.key)
'MacMacMacMacMacMacMa'


If the PSKC file does not have a MAC key configured, older versions of the
PSKC format allowed using the encryption key for the HMAC function.

>>> pskc = PSKC('tests/encryption/no-mac-key.pskcxml')
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> b2a_hex(pskc.mac.key)
'12345678901234567890123456789012'
>>> tostr(pskc.keys[0].secret)
'12345678901234567890'


Older versions of the PSKC format allowed having the MAC go over the
plaintext instead of the ciphertext.

>>> pskc = PSKC('tests/encryption/mac-over-plaintext.pskcxml')
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> tostr(pskc.keys[0].secret)
'12345678901234567890'


Test decryption with tripledes-cbc and a specified IV.

>>> iv = a2b_hex('1010101010101010')
>>> key = a2b_hex('12345678901234567890123456789012')
>>> ciphertext = encrypt('#tripledes-cbc', key, b'FOOBAR', iv)
>>> ciphertext = ciphertext[8:]  # strip IV
>>> tostr(decrypt('#tripledes-cbc', key, ciphertext, iv))
'FOOBAR'
>>> tostr(decrypt('#tripledes-cbc', key, iv + ciphertext))
'FOOBAR'


MAC key and algorithm will use useful defaults but can also be manually
specified.

>>> pskc = PSKC()
>>> pskc.mac.setup()
>>> pskc.mac.algorithm
'http://www.w3.org/2000/09/xmldsig#hmac-sha1'
>>> len(pskc.mac.key)
20
>>> pskc.mac.setup(key=a2b_hex('548512684595'), algorithm='unknown')
>>> pskc.mac.algorithm
'unknown'
>>> len(pskc.mac.key)
6
>>> pskc.mac.algorithm_key_length  # this is the default
16
>>> pskc.mac.algorithm = None
>>> pskc.mac.key = None
>>> pskc.mac.setup(algorithm='hmac-sha224')
>>> pskc.mac.algorithm
'http://www.w3.org/2001/04/xmldsig-more#hmac-sha224'
>>> pskc.mac.algorithm_key_length
28
>>> len(pskc.mac.key)
28


Test PBKDF2 key derivation set-up. Only specifying a passphrase picks
reasonable defaults.

>>> pskc = PSKC()
>>> pskc.encryption.setup_pbkdf2('test')
>>> pskc.encryption.derivation.algorithm
'http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2'
>>> pskc.encryption.derivation.pbkdf2_iterations
100000
>>> len(pskc.encryption.derivation.pbkdf2_salt)
16
>>> pskc.encryption.derivation.pbkdf2_key_length
16
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmlenc#aes128-cbc'
>>> len(pskc.encryption.key)
16


The function will pick up an pre-specified values. If an encryption algorithm
is defined (can also be passed) the key with the correct size will be
generated.

>>> pskc = PSKC()
>>> pskc.encryption.algorithm = 'aes256-cbc'
>>> pskc.encryption.derivation.pbkdf2_iterations = 15000
>>> pskc.encryption.setup_pbkdf2('test')
>>> pskc.encryption.derivation.algorithm
'http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2'
>>> pskc.encryption.derivation.pbkdf2_iterations
15000
>>> len(pskc.encryption.derivation.pbkdf2_salt)
16
>>> pskc.encryption.derivation.pbkdf2_key_length
32
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
>>> len(pskc.encryption.key)
32


All properties can also be manually specified.

>>> pskc = PSKC()
>>> pskc.encryption.setup_pbkdf2(
...    'qwerty', iterations=1000, algorithm='aes256-cbc', key_length=24,
...    salt=base64.b64decode('Ej7/PEpyEpw='),
...    key_name='PBKDF2 passphrase',
...    prf='hmac-md5')
>>> pskc.encryption.derivation.algorithm
'http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2'
>>> pskc.encryption.derivation.pbkdf2_iterations
1000
>>> b2a_hex(pskc.encryption.derivation.pbkdf2_salt)
'123eff3c4a72129c'
>>> pskc.encryption.derivation.pbkdf2_key_length
24
>>> pskc.encryption.derivation.pbkdf2_prf
'http://www.w3.org/2001/04/xmldsig-more#hmac-md5'
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
>>> pskc.encryption.key_name
'PBKDF2 passphrase'
>>> b2a_hex(pskc.encryption.key)
'e8c5fecfb2a5cbb80ff791782ff5e125cc375bb6ba113071'


We can also remove the encryption totally and end up with a PSKC structure
that only contains decrypted values (note that the original encryption
properties are lost in this case).

>>> pskc = PSKC('tests/encryption/aes192-cbc.pskcxml')
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmlenc#aes192-cbc'
>>> pskc.encryption.key = a2b_hex('123456789012345678901234567890123456789012345678')
>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> pskc.encryption.remove_encryption()
>>> pskc.encryption.algorithm is None
True
>>> pskc.encryption.key is None
True
>>> pskc.mac.key is None
True
>>> tostr(pskc.keys[0].secret)
'12345678901234567890'