test_invalid.doctest - test for invalid PSKC file

Copyright (C) 2014-2017 Arthur de Jong

This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA


>>> from binascii import a2b_hex, b2a_hex
>>> def tostr(x):
...     return str(x.decode())
>>> def decode(f):
...     return lambda x: tostr(f(x))
>>> b2a_hex = decode(b2a_hex)

>>> from pskc import PSKC


Load a number of invalid files.


This file is plain invalid XML.

>>> pskc = PSKC('tests/invalid/notxml.pskcxml')  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
ParseError: Error parsing XML


This XML file has a wrong top-level element.

>>> pskc = PSKC('tests/invalid/wrongelement.pskcxml')  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
ParseError: Missing KeyContainer


This file has an unknown PSKC version.

>>> pskc = PSKC('tests/invalid/wrongversion.pskcxml')  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
ParseError: Unsupported version


This PSKC file has a key with an unknown algorithm specified.

>>> pskc = PSKC('tests/invalid/unknown-encryption.pskcxml')
>>> key = pskc.keys[0]
>>> key.id
'12345678'
>>> key.secret  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
DecryptionError: No key available
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> key.secret  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
DecryptionError: Unsupported algorithm: ...


This PSKC file has a key without an algorithm specified.

>>> pskc = PSKC('tests/invalid/missing-encryption.pskcxml')
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> key = pskc.keys[0]
>>> key.id
'45678901'
>>> b2a_hex(key.secret)  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
DecryptionError: No algorithm specified
>>> pskc.encryption.algorithm = 'aes128-cbc'
>>> b2a_hex(key.secret)
'3132333435363738393031323334353637383930'


This PSKC file has a key without an encryption method specified.

>>> pskc = PSKC('tests/invalid/missing-encryption-method.pskcxml')
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> key = pskc.keys[0]
>>> key.id
'45678901'
>>> b2a_hex(key.secret)  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
DecryptionError: No algorithm specified
>>> pskc.encryption.algorithm = 'aes128-cbc'
>>> b2a_hex(key.secret)
'3132333435363738393031323334353637383930'


This PSKC file has an incomplete key derivation configuration.

>>> pskc = PSKC('tests/invalid/incomplete-derivation.pskcxml')
>>> pskc.encryption.derive_key('qwerty')  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
KeyDerivationError: Incomplete PBKDF2 configuration


Specify an unknown key derivation algorithm.

>>> pskc = PSKC('tests/rfc6030/figure7.pskcxml')
>>> pskc.encryption.derivation.algorithm = 'unknown'
>>> pskc.encryption.derive_key('qwerty')  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
KeyDerivationError: Unsupported algorithm: 'unknown'


Figure 6 does use encryption but with a pre-shared key. Attempting key
derivation with such a PSKC file should result in an exception.

>>> pskc = PSKC('tests/rfc6030/figure6.pskcxml')
>>> pskc.encryption.derive_key('qwerty')  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
KeyDerivationError: No algorithm specified


Specify an unknown PBKDF2 PRF (pseudorandom function).

>>> pskc = PSKC('tests/rfc6030/figure7.pskcxml')
>>> pskc.encryption.derivation.pbkdf2_prf = 'unknown'
>>> pskc.encryption.derive_key('qwerty')  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
KeyDerivationError: Pseudorandom function unsupported: 'unknown'


Specify an unknown hash for the HMAC for the PBKDF2 PRF.

>>> pskc = PSKC('tests/rfc6030/figure7.pskcxml')
>>> pskc.encryption.derivation.pbkdf2_prf = 'hmac-unknown'
>>> pskc.encryption.derive_key('qwerty')  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
KeyDerivationError: Pseudorandom function unsupported: 'hmac-unknown'


There is a ValueMAC element but no MACMethod element.

>>> pskc = PSKC('tests/invalid/no-mac-method.pskcxml')
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmlenc#aes128-cbc'
>>> pskc.mac.algorithm is None
True
>>> key = pskc.keys[0]
>>> key.id
'12345678'
>>> key.secret  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
DecryptionError: No MAC algorithm set


There is an unknown algorithm specified in MACMethod.

>>> pskc = PSKC('tests/invalid/mac-algorithm.pskcxml')
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> key = pskc.keys[0]
>>> key.id
'12345678'
>>> key.secret  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
DecryptionError: Unsupported MAC algorithm: ...


The MAC value does not match the calculated MAC, something was modified in
transit.

>>> pskc = PSKC('tests/invalid/mac-value.pskcxml')
>>> pskc.encryption.key = a2b_hex('12345678901234567890123456789012')
>>> pskc.encryption.algorithm
'http://www.w3.org/2001/04/xmlenc#aes128-cbc'
>>> pskc.mac.algorithm
'http://www.w3.org/2000/09/xmldsig#hmac-sha1'
>>> key = pskc.keys[0]
>>> key.id
'12345678'
>>> key.secret  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
DecryptionError: MAC value does not match
>>> key.check()  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
DecryptionError: MAC value does not match


Checks to see that invalid values are detected.

>>> pskc = PSKC('tests/invalid/not-integer.pskcxml')  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
ValueError: invalid literal for int() with base 10: 'TWELVE'
>>> pskc = PSKC('tests/invalid/not-integer2.pskcxml')  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
ValueError: invalid literal for int() with base 10: 'FOUR'
>>> pskc = PSKC('tests/invalid/not-boolean.pskcxml')  # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
    ...
ValueError: invalid boolean value: 'not really'