test_encryption.doctest - test various encryption schemes Copyright (C) 2014-2016 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA >>> from binascii import a2b_hex, b2a_hex >>> def tostr(x): ... return str(x.decode()) >>> def decode(f): ... return lambda x: tostr(f(x)) >>> b2a_hex = decode(b2a_hex) >>> import base64 >>> from pskc import PSKC >>> from pskc.encryption import encrypt, decrypt >>> pskc = PSKC('tests/encryption/aes128-cbc.pskcxml') >>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012') >>> pskc.encryption.algorithm 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' >>> tostr(pskc.keys[0].secret) '12345678901234567890' >>> pskc.mac.algorithm 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha224' >>> tostr(pskc.mac.key) 'MacMacMacMacMacMacMa' >>> pskc = PSKC('tests/encryption/aes192-cbc.pskcxml') >>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012') >>> pskc.encryption.algorithm 'http://www.w3.org/2001/04/xmlenc#aes192-cbc' >>> pskc.keys[0].secret # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... DecryptionError: Invalid key length >>> pskc.encryption.key = a2b_hex('123456789012345678901234567890123456789012345678') >>> tostr(pskc.keys[0].secret) '12345678901234567890' >>> pskc.mac.algorithm 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha256' >>> tostr(pskc.mac.key) 'MacMacMacMacMacMacMa' >>> pskc = PSKC('tests/encryption/aes256-cbc.pskcxml') >>> pskc.encryption.key = a2b_hex('1234567890123456789012345678901234567890123456789012345678901234') >>> pskc.encryption.algorithm 'http://www.w3.org/2001/04/xmlenc#aes256-cbc' >>> tostr(pskc.keys[0].secret) '12345678901234567890' >>> pskc.mac.algorithm 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha384' >>> tostr(pskc.mac.key) 'MacMacMacMacMacMacMa' >>> pskc = PSKC('tests/encryption/tripledes-cbc.pskcxml') >>> pskc.encryption.key = a2b_hex('1234') >>> pskc.keys[0].secret # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... DecryptionError: Invalid key length >>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012') >>> tostr(pskc.keys[0].secret) '12345678901234567890' >>> pskc.mac.algorithm 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha512' >>> tostr(pskc.mac.key) 'MacMacMacMacMacMacMa' >>> pskc = PSKC('tests/encryption/kw-aes128.pskcxml') >>> pskc.encryption.key = a2b_hex('1234') >>> pskc.keys[0].secret # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... DecryptionError: Invalid key length >>> pskc.encryption.key = a2b_hex('000102030405060708090a0b0c0d0e0f') >>> b2a_hex(pskc.keys[0].secret) '00112233445566778899aabbccddeeff' >>> pskc = PSKC('tests/encryption/kw-aes192.pskcxml') >>> pskc.encryption.key = a2b_hex('000102030405060708090a0b0c0d0e0f') >>> pskc.keys[0].secret # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... DecryptionError: Invalid key length >>> pskc.encryption.key = a2b_hex('000102030405060708090a0b0c0d0e0f1011121314151617') >>> b2a_hex(pskc.keys[0].secret) '00112233445566778899aabbccddeeff' >>> pskc = PSKC('tests/encryption/kw-aes256.pskcxml') >>> pskc.encryption.key = a2b_hex('000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f') >>> b2a_hex(pskc.keys[0].secret) '00112233445566778899aabbccddeeff0001020304050607' >>> pskc = PSKC('tests/encryption/kw-tripledes.pskcxml') >>> pskc.encryption.key = a2b_hex('255e0d1c07b646dfb3134cc843ba8aa71f') >>> pskc.keys[0].secret # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... DecryptionError: Invalid key length >>> pskc.encryption.key = a2b_hex('255e0d1c07b646dfb3134cc843ba8aa71f025b7c0838251f') >>> b2a_hex(pskc.keys[0].secret) '2923bf85e06dd6ae529149f1f1bae9eab3a7da3d860d3e98' The IV can also be specified globally. >>> pskc = PSKC('tests/encryption/aes128-cbc-noiv.pskcxml') >>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012') >>> pskc.encryption.iv = a2b_hex('000102030405060708090a0b0c0d0e0f') >>> tostr(pskc.keys[0].secret) '12345678901234567890' >>> tostr(pskc.mac.key) 'MacMacMacMacMacMacMa' If the PSKC file does not have a MAC key configured, older versions of the PSKC format allowed using the encryption key for the HMAC function. >>> pskc = PSKC('tests/encryption/no-mac-key.pskcxml') >>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012') >>> b2a_hex(pskc.mac.key) '12345678901234567890123456789012' >>> tostr(pskc.keys[0].secret) '12345678901234567890' Older versions of the PSKC format allowed having the MAC go over the plaintext instead of the ciphertext. >>> pskc = PSKC('tests/encryption/mac-over-plaintext.pskcxml') >>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012') >>> tostr(pskc.keys[0].secret) '12345678901234567890' Test decryption with tripledes-cbc and a specified IV. >>> iv = a2b_hex('1010101010101010') >>> key = a2b_hex('12345678901234567890123456789012') >>> ciphertext = encrypt('#tripledes-cbc', key, b'FOOBAR', iv) >>> ciphertext = ciphertext[8:] # strip IV >>> tostr(decrypt('#tripledes-cbc', key, ciphertext, iv)) 'FOOBAR' >>> tostr(decrypt('#tripledes-cbc', key, iv + ciphertext)) 'FOOBAR' MAC key and algorithm will use useful defaults but can also be manually specified. >>> pskc = PSKC() >>> pskc.mac.setup() >>> pskc.mac.algorithm 'http://www.w3.org/2000/09/xmldsig#hmac-sha1' >>> len(pskc.mac.key) 20 >>> pskc.mac.setup(key=a2b_hex('548512684595'), algorithm='unknown') >>> pskc.mac.algorithm 'unknown' >>> len(pskc.mac.key) 6 >>> pskc.mac.algorithm_key_length # this is the default 16 >>> pskc.mac.algorithm = None >>> pskc.mac.key = None >>> pskc.mac.setup(algorithm='hmac-sha224') >>> pskc.mac.algorithm 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha224' >>> pskc.mac.algorithm_key_length 28 >>> len(pskc.mac.key) 28 Test PBKDF2 key derivation set-up. Only specifying a passphrase picks reasonable defaults. >>> pskc = PSKC() >>> pskc.encryption.setup_pbkdf2('test') >>> pskc.encryption.derivation.algorithm 'http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2' >>> pskc.encryption.derivation.pbkdf2_iterations 12000 >>> len(pskc.encryption.derivation.pbkdf2_salt) 16 >>> pskc.encryption.derivation.pbkdf2_key_length 16 >>> pskc.encryption.algorithm 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' >>> len(pskc.encryption.key) 16 The function will pick up an pre-specified values. If an encryption algorithm is defined (can also be passed) the key with the correct size will be generated. >>> pskc = PSKC() >>> pskc.encryption.algorithm = 'aes256-cbc' >>> pskc.encryption.derivation.pbkdf2_iterations = 15000 >>> pskc.encryption.setup_pbkdf2('test') >>> pskc.encryption.derivation.algorithm 'http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2' >>> pskc.encryption.derivation.pbkdf2_iterations 15000 >>> len(pskc.encryption.derivation.pbkdf2_salt) 16 >>> pskc.encryption.derivation.pbkdf2_key_length 32 >>> pskc.encryption.algorithm 'http://www.w3.org/2001/04/xmlenc#aes256-cbc' >>> len(pskc.encryption.key) 32 All properties can also be manually specified. >>> pskc = PSKC() >>> pskc.encryption.setup_pbkdf2( ... 'qwerty', iterations=1000, algorithm='aes256-cbc', key_length=24, ... salt=base64.b64decode('Ej7/PEpyEpw='), ... key_name='PBKDF2 passphrase', ... prf='hmac-md5') >>> pskc.encryption.derivation.algorithm 'http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2' >>> pskc.encryption.derivation.pbkdf2_iterations 1000 >>> b2a_hex(pskc.encryption.derivation.pbkdf2_salt) '123eff3c4a72129c' >>> pskc.encryption.derivation.pbkdf2_key_length 24 >>> pskc.encryption.derivation.pbkdf2_prf 'http://www.w3.org/2001/04/xmldsig-more#hmac-md5' >>> pskc.encryption.algorithm 'http://www.w3.org/2001/04/xmlenc#aes256-cbc' >>> pskc.encryption.key_name 'PBKDF2 passphrase' >>> b2a_hex(pskc.encryption.key) 'e8c5fecfb2a5cbb80ff791782ff5e125cc375bb6ba113071'