test_encryption.doctest - test various encryption schemes

Copyright (C) 2014-2016 Arthur de Jong

This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA


>>> from binascii import a2b_hex, b2a_hex
>>> def tostr(x):
...     return str(x.decode())
>>> def decode(f):
...     return lambda x: tostr(f(x))
>>> b2a_hex = decode(b2a_hex)
>>> import base64

>>> from pskc import PSKC


>>> pskc = PSKC('tests/encryption/aes128-cbc.pskcxml')
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmlenc#aes128-cbc'
>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> pskc.mac.algorithm
'http://www.w3.org/2001/04/xmldsig-more#hmac-sha224'
>>> tostr(pskc.mac.key)
'MacMacMacMacMacMacMa'


>>> pskc = PSKC('tests/encryption/aes192-cbc.pskcxml')
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmlenc#aes192-cbc'
>>> pskc.keys[0].secret  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
DecryptionError: Invalid key length
>>> pskc.encryption.key = a2b_hex('123456789012345678901234567890123456789012345678')
>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> pskc.mac.algorithm
'http://www.w3.org/2001/04/xmldsig-more#hmac-sha256'
>>> tostr(pskc.mac.key)
'MacMacMacMacMacMacMa'


>>> pskc = PSKC('tests/encryption/aes256-cbc.pskcxml')
>>> pskc.encryption.key = a2b_hex('1234567890123456789012345678901234567890123456789012345678901234')
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> pskc.mac.algorithm
'http://www.w3.org/2001/04/xmldsig-more#hmac-sha384'
>>> tostr(pskc.mac.key)
'MacMacMacMacMacMacMa'


>>> pskc = PSKC('tests/encryption/tripledes-cbc.pskcxml')
>>> pskc.encryption.key = a2b_hex('1234')
>>> pskc.keys[0].secret  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
DecryptionError: Invalid key length
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> pskc.mac.algorithm
'http://www.w3.org/2001/04/xmldsig-more#hmac-sha512'
>>> tostr(pskc.mac.key)
'MacMacMacMacMacMacMa'


>>> pskc = PSKC('tests/encryption/kw-aes128.pskcxml')
>>> pskc.encryption.key = a2b_hex('1234')
>>> pskc.keys[0].secret  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
DecryptionError: Invalid key length
>>> pskc.encryption.key = a2b_hex('000102030405060708090a0b0c0d0e0f')
>>> b2a_hex(pskc.keys[0].secret)
'00112233445566778899aabbccddeeff'


>>> pskc = PSKC('tests/encryption/kw-aes192.pskcxml')
>>> pskc.encryption.key = a2b_hex('000102030405060708090a0b0c0d0e0f')
>>> pskc.keys[0].secret  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
DecryptionError: Invalid key length
>>> pskc.encryption.key = a2b_hex('000102030405060708090a0b0c0d0e0f1011121314151617')
>>> b2a_hex(pskc.keys[0].secret)
'00112233445566778899aabbccddeeff'


>>> pskc = PSKC('tests/encryption/kw-aes256.pskcxml')
>>> pskc.encryption.key = a2b_hex('000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f')
>>> b2a_hex(pskc.keys[0].secret)
'00112233445566778899aabbccddeeff0001020304050607'


>>> pskc = PSKC('tests/encryption/kw-tripledes.pskcxml')
>>> pskc.encryption.key = a2b_hex('255e0d1c07b646dfb3134cc843ba8aa71f')
>>> pskc.keys[0].secret  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
DecryptionError: Invalid key length
>>> pskc.encryption.key = a2b_hex('255e0d1c07b646dfb3134cc843ba8aa71f025b7c0838251f')
>>> b2a_hex(pskc.keys[0].secret)
'2923bf85e06dd6ae529149f1f1bae9eab3a7da3d860d3e98'


The IV can also be specified globally.

>>> pskc = PSKC('tests/encryption/aes128-cbc-noiv.pskcxml')
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> pskc.encryption.iv = a2b_hex('000102030405060708090a0b0c0d0e0f')
>>> tostr(pskc.keys[0].secret)
'12345678901234567890'
>>> tostr(pskc.mac.key)
'MacMacMacMacMacMacMa'


MAC key and algorithm will use useful defaults but can also be manually
specified.

>>> pskc = PSKC()
>>> pskc.mac.setup()
>>> pskc.mac.algorithm
'http://www.w3.org/2000/09/xmldsig#hmac-sha1'
>>> len(pskc.mac.key)
20
>>> pskc.mac.setup(key=a2b_hex('548512684595'), algorithm='unknown')
>>> pskc.mac.algorithm
'unknown'
>>> len(pskc.mac.key)
6
>>> pskc.mac.algorithm_key_length  # this is the default
16
>>> pskc.mac.algorithm = None
>>> pskc.mac.key = None
>>> pskc.mac.setup(algorithm='hmac-sha224')
>>> pskc.mac.algorithm
'http://www.w3.org/2001/04/xmldsig-more#hmac-sha224'
>>> pskc.mac.algorithm_key_length
28
>>> len(pskc.mac.key)
28


Test PBKDF2 key derivation set-up. Only specifying a passphrase picks
reasonable defaults.

>>> pskc = PSKC()
>>> pskc.encryption.setup_pbkdf2('test')
>>> pskc.encryption.derivation.algorithm
'http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2'
>>> pskc.encryption.derivation.pbkdf2_iterations
12000
>>> len(pskc.encryption.derivation.pbkdf2_salt)
16
>>> pskc.encryption.derivation.pbkdf2_key_length
16
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmlenc#aes128-cbc'
>>> len(pskc.encryption.key)
16

>>> pskc = PSKC()
>>> pskc.encryption.algorithm = 'aes256-cbc'
>>> pskc.encryption.setup_pbkdf2('test')
>>> pskc.encryption.derivation.algorithm
'http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2'
>>> pskc.encryption.derivation.pbkdf2_iterations
12000
>>> len(pskc.encryption.derivation.pbkdf2_salt)
16
>>> pskc.encryption.derivation.pbkdf2_key_length
32
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
>>> len(pskc.encryption.key)
32


All properties can also be manually specified.

>>> pskc.encryption.setup_pbkdf2(
...    'qwerty', iterations=1000, algorithm='aes256-cbc', key_length=24,
...    salt=base64.b64decode('Ej7/PEpyEpw='),
...    key_name='PBKDF2 passphrase')
>>> pskc.encryption.derivation.algorithm
'http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2'
>>> pskc.encryption.derivation.pbkdf2_iterations
1000
>>> b2a_hex(pskc.encryption.derivation.pbkdf2_salt)
'123eff3c4a72129c'
>>> pskc.encryption.derivation.pbkdf2_key_length
24
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
>>> pskc.encryption.key_name
'PBKDF2 passphrase'
>>> b2a_hex(pskc.encryption.key)
'651e63cd57008476af1ff6422cd02e41a13be8f92db69ec9'