test_invalid.doctest - test for invalid PSKC file Copyright (C) 2014-2016 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA >>> from binascii import a2b_hex, b2a_hex >>> def tostr(x): ... return str(x.decode()) >>> def decode(f): ... return lambda x: tostr(f(x)) >>> b2a_hex = decode(b2a_hex) >>> from pskc import PSKC Load a number of invalid files. This file is plain invalid XML. >>> pskc = PSKC('tests/invalid/notxml.pskcxml') # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... ParseError: Error parsing XML This XML file has a wrong top-level element. >>> pskc = PSKC('tests/invalid/wrongelement.pskcxml') # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... ParseError: Missing KeyContainer This file has an unknown PSKC version. >>> pskc = PSKC('tests/invalid/wrongversion.pskcxml') # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... ParseError: Unsupported version This PSKC file has a key with an unknown algorithm specified. >>> pskc = PSKC('tests/invalid/unknown-encryption.pskcxml') >>> key = pskc.keys[0] >>> key.id '12345678' >>> key.secret # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... DecryptionError: No key available >>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012') >>> key.secret # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... DecryptionError: Unsupported algorithm: ... This PSKC file has a key without an algorithm specified. >>> pskc = PSKC('tests/invalid/missing-encryption.pskcxml') >>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012') >>> key = pskc.keys[0] >>> key.id '45678901' >>> b2a_hex(key.secret) # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... DecryptionError: No algorithm specified >>> pskc.encryption.algorithm = 'aes128-cbc' >>> b2a_hex(key.secret) '3132333435363738393031323334353637383930' This PSKC file has a key without an encryption method specified. >>> pskc = PSKC('tests/invalid/missing-encryption-method.pskcxml') >>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012') >>> key = pskc.keys[0] >>> key.id '45678901' >>> b2a_hex(key.secret) # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... DecryptionError: No algorithm specified >>> pskc.encryption.algorithm = 'aes128-cbc' >>> b2a_hex(key.secret) '3132333435363738393031323334353637383930' This PSKC file has an incomplete key derivation configuration. >>> pskc = PSKC('tests/invalid/incomplete-derivation.pskcxml') >>> pskc.encryption.derive_key('qwerty') # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... KeyDerivationError: Incomplete PBKDF2 configuration Specify an unknown key derivation algorithm. >>> pskc = PSKC('tests/rfc6030/figure7.pskcxml') >>> pskc.encryption.derivation.algorithm = 'unknown' >>> pskc.encryption.derive_key('qwerty') # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... KeyDerivationError: Unsupported algorithm: 'unknown' Figure 6 does use encryption but with a pre-shared key. Attempting key derivation with such a PSKC file should result in an exception. >>> pskc = PSKC('tests/rfc6030/figure6.pskcxml') >>> pskc.encryption.derive_key('qwerty') # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... KeyDerivationError: No algorithm specified Specify an unknown PBKDF2 PRF (pseudorandom function). >>> pskc = PSKC('tests/rfc6030/figure7.pskcxml') >>> pskc.encryption.derivation.pbkdf2_prf = 'unknown' >>> pskc.encryption.derive_key('qwerty') # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... KeyDerivationError: Pseudorandom function unsupported: 'unknown' There is a ValueMAC element but no MACMethod element. >>> pskc = PSKC('tests/invalid/no-mac-method.pskcxml') >>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012') >>> pskc.encryption.algorithm 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' >>> pskc.mac.algorithm is None True >>> key = pskc.keys[0] >>> key.id '12345678' >>> key.secret # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... DecryptionError: No MAC algorithm set There is an unknown algorithm specified in MACMethod. >>> pskc = PSKC('tests/invalid/mac-algorithm.pskcxml') >>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012') >>> key = pskc.keys[0] >>> key.id '12345678' >>> key.secret # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... DecryptionError: Unsupported MAC algorithm: ... The MAC value does not match the calculated MAC, something was modified in transit. >>> pskc = PSKC('tests/invalid/mac-value.pskcxml') >>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012') >>> pskc.encryption.algorithm 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' >>> pskc.mac.algorithm 'http://www.w3.org/2000/09/xmldsig#hmac-sha1' >>> key = pskc.keys[0] >>> key.id '12345678' >>> key.secret # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... DecryptionError: MAC value does not match >>> key.check() # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... DecryptionError: MAC value does not match Checks to see that invalid values are detected. >>> pskc = PSKC('tests/invalid/not-integer.pskcxml') # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... ValueError: invalid literal for int() with base 10: 'TWELVE' >>> pskc = PSKC('tests/invalid/not-integer2.pskcxml') # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... ValueError: invalid literal for int() with base 10: 'FOUR' >>> pskc = PSKC('tests/invalid/not-boolean.pskcxml') # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... ValueError: invalid boolean value: 'not really'