1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
|
2017-01-15 Arthur de Jong <arthur@arthurdejong.org>
* [29a183d] tests/test_feitian.doctest, tests/test_nagraid.doctest:
Split vendor tests
Have one doctest file per vendor to make tests a little more
manageable.
2017-01-14 Arthur de Jong <arthur@arthurdejong.org>
* [02eb520] tests/test_yubico.doctest, tests/yubico/example1.pskcxml,
tests/yubico/example2.pskcxml, tests/yubico/example3.pskcxml:
Add tests for Yubikey files
This adds tests from draft-josefsson-keyprov-pskc-yubikey-00.
2017-01-13 Arthur de Jong <arthur@arthurdejong.org>
* [12dfa64] pskc/parser.py, tests/actividentity/test.pskc,
tests/test_actividentity.doctest: Support legacy ActivIdentity
files
This adds support for parsing ActivIdentity files that conform
to a very old version of an Internet Draft. The implementation
and test were based on a file provided by Jaap Ruijgrok.
2017-01-11 Arthur de Jong <arthur@arthurdejong.org>
* [a5e2343] pskc/parser.py,
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/actividentity-3des.pskcxml,
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/ocra.pskcxml,
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/securid-aes-counter.pskcxml,
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/totp.pskcxml:
Use original examples from old profiles Internet Draft
This updates the tests to use the original examples from
draft-hoyer-keyprov-pskc-algorithm-profiles-01 instead of
modifying them to fit the RFC 6030 schema (but does include some
minor changes to make them valid XML).
This adds a few additions to the parser to handle legacy challenge
and resposne encoding and a few key policy properties.
This also includes a fix for 0b757ec in the handling of the
<ChallengeFormat> element under a <Usage> element.
2016-12-21 Arthur de Jong <arthur@arthurdejong.org>
* [2f7cb1a] tests/rfc6030/figure8.pskcxml,
tests/rfc6030/figure9.pskcxml, tests/test_rfc6030.doctest:
Add all figures from RFC 6030 to test suite
Note that asymmetric encryption and digital signature checking
has not yet been implemented so the tests are pretty minimal.
2016-12-21 Arthur de Jong <arthur@arthurdejong.org>
* [0b757ec] pskc/parser.py, pskc/xml.py,
tests/draft-ietf-keyprov-pskc-02/figure2.pskcxml,
tests/draft-ietf-keyprov-pskc-02/figure3.pskcxml,
tests/draft-ietf-keyprov-pskc-02/figure4.pskcxml,
tests/draft-ietf-keyprov-pskc-02/figure5.pskcxml,
tests/draft-ietf-keyprov-pskc-02/figure6.pskcxml,
tests/draft-ietf-keyprov-pskc-02/figure7.pskcxml,
tests/draft-ietf-keyprov-pskc-02/figure8.pskcxml,
tests/draft-ietf-keyprov-pskc-02/figure9.pskcxml,
tests/test_draft_ietf_keyprov_pskc_02.doctest: Add support for
older Internet Draft version
This adds support for parsing most examples from
draft-ietf-keyprov-pskc-02. That file uses a few other names
for elements and attributes of the PSKC file and a few other
minor differences.
The XML parsing has been changed to allow specifying multiple
matches and the find*() functions now return the first found match.
While all examples from draft-ietf-keyprov-pskc-02 are tested
support for verifying digital signatures and asymmetric keys
have not yet been implemented.
2016-12-19 Arthur de Jong <arthur@arthurdejong.org>
* [09076f8] tests/test_encryption.doctest: Fix typo in test
2016-12-20 Arthur de Jong <arthur@arthurdejong.org>
* [46fa5f1] setup.cfg: Fail tests on missing coverage
2016-12-20 Arthur de Jong <arthur@arthurdejong.org>
* [047a2a9] pskc/key.py, pskc/mac.py,
tests/encryption/mac-over-plaintext.pskcxml,
tests/invalid/mac-missing.pskcxml, tests/invalid/mac-value.pskcxml,
tests/invalid/missing-encryption-method.pskcxml,
tests/test_encryption.doctest, tests/test_invalid.doctest:
Allow MAC over plaintext or ciphertext
RFC 6030 implies that the MAC should be performed over the
ciphertext but some earlier drafts implied that the MAC should
be performed on the plaintext. This change accpets the MAC if
either the plaintext or ciphertext match.
Note that this change allows for a padding oracle attack when
CBC encryption modes are used because decryption (and unpadding)
needs to be done before MAC checking. However, this module is
not expected to be available to users to process arbitrary PSKC
files repeatedly.
This removes the tests for a missing MAC key (and replaces it for
tests of missing EncryptionMethod) because falling back to using
the encryption key (implemented in a444f78) in combination with
this change means that decryption is performed before MAC checking
and is no longer possible to trigger a missing MAC key error.
2016-12-19 Arthur de Jong <arthur@arthurdejong.org>
* [bae7084] pskc/crypto/__init__.py, pskc/encryption.py,
tests/test_crypto.doctest: Add sanity checks to unpadding
2016-12-19 Arthur de Jong <arthur@arthurdejong.org>
* [d864bc8] pskc/serialiser.py: Ensure XML file ends with a newline
2016-12-19 Arthur de Jong <arthur@arthurdejong.org>
* [c631628] pskc/xml.py: Adapt coverage pragma annotations
This fixes the pragma directives to be be correct independently
of whether lxml is installed or not.
2016-12-19 Arthur de Jong <arthur@arthurdejong.org>
* [18d82dc] .gitignore, tox.ini: Add Tox configuration
This sets up Tox with various versions of Python and for each
version a run with and without lxml.
2016-12-19 Arthur de Jong <arthur@arthurdejong.org>
* [71058e2] tests/test_write.doctest: Close read files in tests
This ensures that the files that are read in the test suite are
properly closed to avoid leaking open file descriptors.
2016-12-18 Arthur de Jong <arthur@arthurdejong.org>
* [f0a0a3b] pskc/parser.py: Support missing or lowercase version
attribute
2016-09-26 Arthur de Jong <arthur@arthurdejong.org>
* [3bf4737] docs/usage.rst: Fix copy-pasto in documentation
This accidentally slipped in as part of beafc6b. 2016-09-19
Arthur de Jong <arthur@arthurdejong.org>
* [02b30a9] pskc/__init__.py, pskc/parser.py, pskc/serialiser.py:
Also move outer writing and parsing to modules
2016-09-17 Arthur de Jong <arthur@arthurdejong.org>
* [b1f8f87] .gitignore, README, pskc/__init__.py: Add writing
example to toplevel documentation
2016-09-17 Arthur de Jong <arthur@arthurdejong.org>
* [e23a467] pskc/key.py: Use custom data descriptors for key
properties
This uses a custom data descriptor (property) for secret, counter,
time_offset, time_interval and time_drift.
2016-09-17 Arthur de Jong <arthur@arthurdejong.org>
* [beafc6b] docs/usage.rst, pskc/__init__.py, pskc/device.py,
pskc/key.py, pskc/parser.py, pskc/policy.py, pskc/serialiser.py,
tests/test_misc.doctest, tests/test_write.doctest: Support
separate device from key
This allows having multiple keys per device while also maintaining
the previous API.
Note that having multiple keys per device is not allowed by the
RFC 6030 schema but is allowed by some older internet drafts.
2016-09-16 Arthur de Jong <arthur@arthurdejong.org>
* [84bfb8a] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
pskc/mac.py, pskc/policy.py, pskc/serialiser.py: Move XML
generation to own module
Similar to the change for parsing, move the XML serialisation
of PSKC data to a single class in a separate module.
2016-09-14 Arthur de Jong <arthur@arthurdejong.org>
* [426e821] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
pskc/mac.py, pskc/parser.py, pskc/policy.py: Move document
parsing to own module
This moves all the parse() functions to a single class in a
dedicated module that can be used for parsing PSKC files. This
should make it easier to subclass the parser.
2016-09-14 Arthur de Jong <arthur@arthurdejong.org>
* [bf34209] tests/invalid/no-mac-method.pskcxml,
tests/test_invalid.doctest, tests/test_rfc6030.doctest: Some
minor improvements to the tests
2016-09-12 Arthur de Jong <arthur@arthurdejong.org>
* [600ae68] pskc/encryption.py, pskc/key.py, pskc/xml.py,
setup.cfg, tests/invalid/empty-mac-key.pskcxml,
tests/invalid/incomplete-derivation.pskcxml,
tests/invalid/missing-encryption.pskcxml,
tests/misc/SampleFullyQualifiedNS.xml, tests/misc/policy.pskcxml,
tests/test_aeskw.doctest, tests/test_encryption.doctest,
tests/test_invalid.doctest, tests/test_misc.doctest,
tests/test_write.doctest: Improve branch coverage
This enables branch coverage testing and adds tests to improve
coverage.
2016-09-11 Arthur de Jong <arthur@arthurdejong.org>
* [713d106] pskc/encryption.py, tests/test_encryption.doctest:
Support specifying PRF in setup_pbkdf2()
This also ensures that the PRF URL is normalised.
2016-09-11 Arthur de Jong <arthur@arthurdejong.org>
* [ff811c9] pskc/encryption.py: Fix bug in passing explicit key
to setup_preshared_key()
2016-09-11 Arthur de Jong <arthur@arthurdejong.org>
* [fa07aa5] docs/encryption.rst, pskc/encryption.py: Clarify
encryption.setup_*() documentation
This tries to make it clearer that the setup_preshared_key()
and setup_pbkdf2() functions are meant to be used when writing
out PSKC files.
2016-04-23 Arthur de Jong <arthur@arthurdejong.org>
* [a444f78] pskc/key.py, pskc/mac.py,
tests/encryption/no-mac-key.pskcxml,
tests/invalid/mac-missing.pskcxml, tests/test_encryption.doctest,
tests/test_invalid.doctest: Fall back to encryption key for MAC
This uses the encryption key also as MAC key if no MAC key has
been specified in the PSKC file. Earlier versions of the PSKC
draft specified this behaviour.
2016-04-23 Arthur de Jong <arthur@arthurdejong.org>
* [9b76135] pskc/encryption.py,
tests/encryption/aes128-cbc-noiv.pskcxml,
tests/test_encryption.doctest: Allow global specification of IV
In older versions of the PSKC standard it was allowed to
have a global initialization vector for CBC based encryption
algorithms. It is probably not a good idea to re-use an IV
in general.
2016-04-23 Arthur de Jong <arthur@arthurdejong.org>
* [d53f05b] pskc/encryption.py, pskc/mac.py: Move crypto to functions
This makes it much easier to test the encryption, decryption
and HMAC processing separate from the PSKC parsing.
2016-04-05 Arthur de Jong <arthur@arthurdejong.org>
* [5dbfefd] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
pskc/policy.py: Remove parse call from constructors
This makes the creation if internal instances a litte more
consistent.
2016-04-05 Arthur de Jong <arthur@arthurdejong.org>
* [0d7caf1] pskc/algorithms.py, pskc/encryption.py, pskc/mac.py:
Move algorithm uri handling to separate module
2016-03-29 Arthur de Jong <arthur@arthurdejong.org>
* [22ba9f1] pskc/crypto/__init__.py, pskc/encryption.py: Move
padding functions to crypto package
2016-03-28 Arthur de Jong <arthur@arthurdejong.org>
* [efbe94c] ChangeLog, NEWS, pskc/__init__.py, setup.py: Get files
ready for 0.4 release
2016-03-26 Arthur de Jong <arthur@arthurdejong.org>
* [0c57335] docs/policy.rst: Document may_use() policy function
2016-03-27 Arthur de Jong <arthur@arthurdejong.org>
* [b4a6c72] : Implement writing encrypted files
This adds support for setting up encryption keys and password-based
key derivation when writing PSKC files. Also MAC keys are set
up when needed.
2016-03-26 Arthur de Jong <arthur@arthurdejong.org>
* [59aa65b] README, docs/conf.py, docs/encryption.rst, docs/mac.rst,
docs/usage.rst, pskc/__init__.py: Document writing encrypted files
2016-03-21 Arthur de Jong <arthur@arthurdejong.org>
* [5f32528] tests/test_write.doctest: Add encryption error tests
2016-03-21 Arthur de Jong <arthur@arthurdejong.org>
* [7ede4a1] tests/test_write.doctest: Add tests for writing
encrypted PSKC files
2016-03-20 Arthur de Jong <arthur@arthurdejong.org>
* [1ff3237] pskc/encryption.py: Allow configuring a pre-shared key
This method allows configuring a pre-shared encryption key and
will chose reasonable defaults for needed encryption values
(e.g. it will choose an algorithm, generate a new key of the
appropriate length if needed, etc.).
2016-03-19 Arthur de Jong <arthur@arthurdejong.org>
* [50414a3] pskc/encryption.py, tests/test_encryption.doctest:
Allow configuring PBKDF2 key derivation
This factors out the PBKDF2 key derivation to a separate function
and introduces a function to configure KeyDerivation instances
with PBKDF2.
2016-03-21 Arthur de Jong <arthur@arthurdejong.org>
* [5ac9d43] pskc/mac.py, tests/test_encryption.doctest: Allow
configuring a MAC key
This method will set up a MAC key and algorithm as specified or
use reasonable defauts.
2016-03-20 Arthur de Jong <arthur@arthurdejong.org>
* [16da531] pskc/key.py, pskc/mac.py: Generate MAC values
2016-03-20 Arthur de Jong <arthur@arthurdejong.org>
* [ca0fa36] pskc/__init__.py, pskc/encryption.py, pskc/mac.py:
Write MACMethod
This also makes the MAC.algorithm a property similarly as what
is done for Encryption (normalise algorithm names) and adds a
setter for the MAC.key property.
2016-03-21 Arthur de Jong <arthur@arthurdejong.org>
* [8fd35ba] pskc/encryption.py, pskc/key.py: Write out encrypted
values
The Encryption class now has a fields property that lists the
fields that should be encrypted when writing the PSKC file.
This adds an encrypt_value() function that performs the encryption
and various functions to convert the plain value to binary before
writing the encrypted XML elements.
2016-03-20 Arthur de Jong <arthur@arthurdejong.org>
* [eba541e] pskc/__init__.py, pskc/encryption.py, pskc/mac.py:
Make Encryption and MAC constructors consistent
This removes calling parse() from the Encryption and MAC
constructors and stores a reference to the PSKC object in both
objects so it can be used later on.
2016-03-20 Arthur de Jong <arthur@arthurdejong.org>
* [fe21231] pskc/__init__.py, pskc/encryption.py,
tests/test_write.doctest: Write encryption key information
This writes information about a pre-shared key or PBKDF2 key
derivation in the PSKC file. This also means that writing
a decrypted version of a previously encrypted file requires
actively removing the encryption.
2016-03-19 Arthur de Jong <arthur@arthurdejong.org>
* [0893640] pskc/encryption.py, tests/test_misc.doctest: Add
algorithm_key_lengths property
This property on the Encryption object provides a list of key
sizes (in bytes) that the configured encryption algorithm supports.
2016-03-22 Arthur de Jong <arthur@arthurdejong.org>
* [8b5f6c2] pskc/policy.py, tests/test_misc.doctest,
tests/test_rfc6030.doctest, tests/test_write.doctest: Also check
key expiry in may_use()
2016-03-20 Arthur de Jong <arthur@arthurdejong.org>
* [dfa57ae] pskc2csv.py: Support reading password or key in pskc2csv
This supports reading the encryption password or key from the
command line or from a file.
2014-06-28 Arthur de Jong <arthur@arthurdejong.org>
* [0744222] pskc/xml.py: Copy namespaces to toplevel element
Ensure that when writing an XML file all namespace definitions
are on the toplevel KeyContainer element instead of scattered
throughout the XML document.
2016-03-19 Arthur de Jong <arthur@arthurdejong.org>
* [e8ef157] pskc/__init__.py, tests/test_write.doctest: Support
writing to text streams in Python 3
This supports writing the XML output to binary streams as well
as text streams in Python 3.
2016-03-19 Arthur de Jong <arthur@arthurdejong.org>
* [cadc6d9] pskc/key.py, pskc/mac.py,
tests/invalid/missing-encryption.pskcxml,
tests/invalid/not-boolean.pskcxml,
tests/invalid/not-integer.pskcxml,
tests/invalid/not-integer2.pskcxml,
tests/invalid/unknown-encryption.pskcxml, tests/test_aeskw.doctest,
tests/test_encryption.doctest, tests/test_invalid.doctest,
tests/test_misc.doctest, tests/test_rfc6030.doctest,
tests/test_tripledeskw.doctest, tests/test_write.doctest:
Improve tests and test coverage
This adds tests to ensure that incorrect attribute and value
types in the PSKC file raise a ValueError exception and extends
the tests for invalid encryption options.
This removes some code or adds no cover directives to a few
places that have unreachable code or are Python version specific
and places doctest directives inside the doctests where needed.
2016-03-19 Arthur de Jong <arthur@arthurdejong.org>
* [b8905e0] pskc/key.py, pskc/xml.py, tests/misc/checkdigits.pskcxml,
tests/test_misc.doctest: Support both CheckDigit and CheckDigits
RFC 6030 is not clear about whether the attribute of
ChallengeFormat and ResponseFormat should be the singular
CheckDigit or the plural CheckDigits. This ensures that both
forms are accepted.
2016-03-19 Arthur de Jong <arthur@arthurdejong.org>
* [7915c55] pskc/policy.py, tests/misc/policy.pskcxml,
tests/test_misc.doctest: Implement policy checking
This checks for unknown policy elements in the PSKC file and
will cause the key usage policy check to fail.
2016-03-18 Arthur de Jong <arthur@arthurdejong.org>
* [1687fd6] tests/feitian/20120919-test001-4282.xml,
tests/feitian/file1.pskcxml, tests/nagraid/file1.pskcxml,
tests/test_vendors.doctest: Add a few tests for vendor files
Some vendor-specific files were lifted from the LinOTP test suite
and another Feitian file was found in the oath-toolkit repository.
2016-01-31 Arthur de Jong <arthur@arthurdejong.org>
* [aae8a18] pskc/key.py, tests/misc/integers.pskcxml,
tests/test_misc.doctest: Support various integer representations
This extends support for handling various encoding methods for
integer values in PSKC files. For encrypted files the decrypted
value is first tried to be evaluated as an ASCII representation
of the number and after that big-endian decoded.
For plaintext values first ASCII decoding is tried after which
base64 decoding is tried which tries the same encodings as for
decrypted values.
There should be no possibility for any base64 encoded value
(either of an ASCII value or a big-endian value) to be interpreted
as an ASCII value for any 32-bit integer.
There is a possibility that a big-endian encoded integer could
be incorrectly interpreted as an ASCII value but this is only
the case for 110 numbers when only considering 6-digit numbers.
2016-01-24 Arthur de Jong <arthur@arthurdejong.org>
* [c86aaea] README, pskc/__init__.py,
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/actividentity-3des.pskcxml,
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/ocra.pskcxml,
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/securid-aes-counter.pskcxml,
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/totp.pskcxml,
tests/encryption/aes128-cbc.pskcxml,
tests/encryption/aes192-cbc.pskcxml,
tests/encryption/aes256-cbc.pskcxml,
tests/encryption/kw-aes128.pskcxml,
tests/encryption/kw-aes192.pskcxml,
tests/encryption/kw-aes256.pskcxml,
tests/encryption/kw-tripledes.pskcxml,
tests/encryption/tripledes-cbc.pskcxml,
tests/invalid/encryption.pskcxml,
tests/invalid/mac-algorithm.pskcxml,
tests/invalid/mac-value.pskcxml,
tests/invalid/no-mac-method.pskcxml, tests/invalid/notxml.pskcxml,
tests/invalid/wrongelement.pskcxml,
tests/invalid/wrongversion.pskcxml,
tests/misc/SampleFullyQualifiedNS.xml,
tests/misc/odd-namespace.pskcxml, tests/rfc6030/figure10.pskcxml,
tests/rfc6030/figure2.pskcxml, tests/rfc6030/figure3.pskcxml,
tests/rfc6030/figure4.pskcxml, tests/rfc6030/figure5.pskcxml,
tests/rfc6030/figure6.pskcxml, tests/rfc6030/figure7.pskcxml,
tests/test_draft_keyprov.doctest, tests/test_encryption.doctest,
tests/test_invalid.doctest, tests/test_misc.doctest,
tests/test_rfc6030.doctest, tests/test_write.doctest: Re-organise
test files
This puts the test PSKC files in subdirectories so they can be
organised more cleanly.
2016-01-23 Arthur de Jong <arthur@arthurdejong.org>
* [1904dc2] tests/test_misc.doctest: Add test for incorrect key
derivation
If no key derivation algorithm has been specified in the PSKC
file an exception should be raised when attempting to perform
key derivation.
2016-01-24 Arthur de Jong <arthur@arthurdejong.org>
* [91f66f4] pskc/encryption.py, pskc/key.py, pskc/mac.py: Refactor
out EncryptedValue and ValueMAC
This removes the EncryptedValue and ValueMAC classes and instead
moves the XML parsing of these values to the DataType class. This
will make it easier to support different parsing schemes.
This also includes a small consistency improvement in the
subclasses of DataType.
2016-01-23 Arthur de Jong <arthur@arthurdejong.org>
* [9b13d3b] pskc/encryption.py, tests/test_misc.doctest: Normalise
algorithm names
This transforms the algorithm URIs that are set to known values
when parsing or setting the algorithm.
2016-01-22 Arthur de Jong <arthur@arthurdejong.org>
* [b6eab47] docs/encryption.rst, pskc/encryption.py,
tests/test_encryption.doctest, tests/test_misc.doctest: Add
encryption algorithm property
Either determine the encryption algorithm from the PSKC file
or from the explicitly set value. This also adds support for
setting the encryption key name.
2016-01-22 Arthur de Jong <arthur@arthurdejong.org>
* [b5f7de5] pskc/key.py, tests/test_write.doctest: Fix a problem
when writing previously encrypted file
This fixes a problem with writing a PSKC file that is based on
a read file that was encrypted.
2016-01-22 Arthur de Jong <arthur@arthurdejong.org>
* [107a836] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
pskc/mac.py, pskc/policy.py, pskc/xml.py: Strip XML namespaces
before parsing
This simplifies calls to the find() family of functions and
allows parsing PSKC files that have slightly different namespace
URLs. This is especially common when parsing old draft versions
of the specification.
This also removes passing multiple patterns to the find()
functions that was introduced in 68b20e2.
2015-12-28 Arthur de Jong <arthur@arthurdejong.org>
* [a86ff8a] README, docs/encryption.rst: Update some documentation
This adds a development notes section to the README and changes
the wording on the encryption page.
2015-12-01 Mathias Laurin <Mathias.Laurin+github.com@gmail.com>
* [0ff4154] docs/encryption.rst: Fix typo in the documentation
2015-12-01 Mathias Laurin <Mathias.Laurin+github.com@gmail.com>
* [3473903] pskc2csv.py: Support Python 3
2015-11-30 Mathias Laurin <Mathias.Laurin+github.com@gmail.com>
* [a82a60b] pskc/key.py: Make value conversion methods static private
- the conversions do not call self: they are static - the
conversions are not to be used out of the class: make private
2015-11-30 Mathias Laurin <Mathias.Laurin+github.com@gmail.com>
* [e711a30] pskc/key.py: Provide abstract methods to clarify API
2015-11-30 Mathias Laurin <Mathias.Laurin+github.com@gmail.com>
* [1577687] pskc/encryption.py: Fix typo in variable name
2015-11-30 Mathias Laurin <Mathias.Laurin+github.com@gmail.com>
* [3aa2a6f] tests/test_invalid.doctest: Fix doctest:
IGNORE_EXCEPTION_DETAL
2015-10-07 Arthur de Jong <arthur@arthurdejong.org>
* [c155d15] ChangeLog, MANIFEST.in, NEWS, pskc/__init__.py,
setup.py: Get files ready for 0.3 release
2015-10-07 Arthur de Jong <arthur@arthurdejong.org>
* [cf0c9e6] README, docs/conf.py, docs/encryption.rst,
docs/exceptions.rst, docs/mac.rst, docs/policy.rst, docs/usage.rst,
pskc/__init__.py: Update documentation
This updates the documentation with the new features (writing PSKC
files) as well as many editorial improvements, some rewording
and a few typo fixes. Some things were moved around a little in
order to be more easily readable and easier to find.
2015-10-06 Arthur de Jong <arthur@arthurdejong.org>
* [671b6e2] pskc/__init__.py, pskc/crypto/aeskw.py,
pskc/crypto/tripledeskw.py, pskc/encryption.py, pskc/key.py,
pskc/policy.py, pskc/xml.py, setup.py, tests/test_aeskw.doctest,
tests/test_draft_keyprov.doctest, tests/test_encryption.doctest,
tests/test_invalid.doctest, tests/test_misc.doctest,
tests/test_rfc6030.doctest, tests/test_tripledeskw.doctest,
tests/test_write.doctest: Support Python 3
This enables support for Python 3 together with Python 2 support
with a single codebase.
On Python 3 key data is passed around as bytestrings which makes
the doctests a little harder to maintain across Python versions.
2015-10-06 Arthur de Jong <arthur@arthurdejong.org>
* [68b20e2] pskc/encryption.py, pskc/xml.py,
tests/SampleFullyQualifiedNS.xml, tests/test_misc.doctest:
Fix issue with namespaced PBKDF2 parameters
The find() utility functions now allow specifying multiple paths
to be searched where the first match is returned.
This allows handling PSKC files where the PBKDF2 salt, iteration
count, key length and PRF elements are prefixed with the xenc11
namespace.
A test including such a PSKC file has been included.
Thanks to Eric Plet for reporting this.
2014-10-12 Arthur de Jong <arthur@arthurdejong.org>
* [ebe46f2] pskc2csv.py: Provide a sample pskc2csv script
This is a simple command-line utility that reads a PSKC file
and outputs information on keys as CSV.
2014-06-30 Arthur de Jong <arthur@arthurdejong.org>
* [1363564] pskc/crypto/__init__.py, pskc/crypto/aeskw.py,
pskc/crypto/tripledeskw.py, pskc/encryption.py,
tests/test_aeskw.doctest, tests/test_tripledeskw.doctest: Move
encryption functions in pskc.crypto package
This moves the encryption functions under the pskc.crypto package
to more clearly separate it from the other code. Ideally this
should be replaced by third-party library code.
2014-06-30 Arthur de Jong <arthur@arthurdejong.org>
* [e468ebe] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
pskc/mac.py, pskc/policy.py, pskc/xml.py: Rename pskc.parse
to pskc.xml
This renames the parse module to xml to better reflect the
purpose of the module and it's functions.
This also introduces a parse() function that wraps etree.parse().
2014-06-28 Arthur de Jong <arthur@arthurdejong.org>
* [480e2d0] : Support writing unencrypted PSKC files
2014-06-27 Arthur de Jong <arthur@arthurdejong.org>
* [37dc64a] tests/test_write.doctest: Add test for writing PSKC files
This makes a simple doctest that checks the writing of the XML
representation of the PSKC data.
2014-06-27 Arthur de Jong <arthur@arthurdejong.org>
* [865a755] pskc/__init__.py, pskc/parse.py: Add function for
writing XML
This provides a function for pretty-printing the generated
XML document.
2014-06-27 Arthur de Jong <arthur@arthurdejong.org>
* [61a192f] pskc/__init__.py, pskc/key.py, pskc/policy.py: Construct
XML document with basic PKSC information
This introduces make_xml() functions to build an XML document
that contains the basic PSKC information and keys. This currently
only supports writing unencrypted PSKC files.
2014-06-27 Arthur de Jong <arthur@arthurdejong.org>
* [69aec9f] pskc/parse.py: Introduce mk_elem() to create elements
This introduces the mk_elem() function that can be used to create
ElementTree elements for building XML documents. This function
transparetly handles namespaces, translation of values into
XML etc.
2014-06-27 Arthur de Jong <arthur@arthurdejong.org>
* [7591271] pskc/key.py: Simplify DataType value handling
Only store the native value of the property, not the text
representation. This also results in the BinaryDataType and
IntegerDataType subclasses only needing from_text() and from_bin()
functions.
2014-06-19 Arthur de Jong <arthur@arthurdejong.org>
* [09eb6b3] ChangeLog, NEWS, docs/changes.rst, docs/index.rst,
docs/usage.rst, pskc/__init__.py, setup.py: Get files ready for
0.2 release
2014-06-19 Arthur de Jong <arthur@arthurdejong.org>
* [62c9af4] pskc/__init__.py: Only catch normal exceptions
2014-06-18 Arthur de Jong <arthur@arthurdejong.org>
* [deb57d7] pskc/__init__.py: Remove unused import
2014-06-17 Arthur de Jong <arthur@arthurdejong.org>
* [178ef1c] pskc/encryption.py: PEP8 fix
2014-06-17 Arthur de Jong <arthur@arthurdejong.org>
* [7435552] pskc/exceptions.py: Remove __str__ from exception
The message property has been deprecated as of Python 2.6 and
printing the first argument is the default.
2014-06-16 Arthur de Jong <arthur@arthurdejong.org>
* [f084735] README, docs/encryption.rst, docs/exceptions.rst,
docs/index.rst, docs/mac.rst, docs/policy.rst, docs/usage.rst:
Update documentation
This updates the documentation with the current API, adding
information on exceptions raised, HMAC algorithms supported and
changes to the MAC checking.
This also includes some editorial changes to some of the text and
making references shorter by not including the full package path.
2014-06-15 Arthur de Jong <arthur@arthurdejong.org>
* [d84e761] pskc/parse.py: Simplify finding ElementTree
implementation
These are the only ElementTree implementations that have been
tested to provide the needed functionality (mostly namespaces).
2014-06-15 Arthur de Jong <arthur@arthurdejong.org>
* [50b429d] pskc/key.py, pskc/parse.py, pskc/policy.py: Refactor
out some functions to parse
This introduces the getint() and getbool() functions in parse
to avoid some code duplication.
2014-06-15 Arthur de Jong <arthur@arthurdejong.org>
* [9a16ce4] pskc/key.py, tests/test_misc.doctest: Add support for
setting secret
This supports setters for the secret, counter, time_offset,
time_interval and time_drift properties. Setting these values
stores the values unencrypted internally.
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
* [1b9ee9f] pskc/encryption.py: Support PBKDF2 PRF argument
Support specifying a pseudorandom function for PBKDF2 key
derivation. It currently supports any HMAC that the MAC checking
also supports.
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
* [79b9a7d] pskc/mac.py: Provide a get_hmac() function
Refactor the functionality to find an HMAC function into a
separate function.
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
* [1417d4a] tests/invalid-mac-algorithm.pskcxml,
tests/invalid-mac-value.pskcxml,
tests/invalid-no-mac-method.pskcxml, tests/test_invalid.doctest:
Add tests for missing or invalid MAC
This tests for incomplete, unknown or invalid MACs in PSKC files.
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
* [9d8aae0] pskc/key.py, pskc/mac.py: Raise exception when MAC
validation fails
This changes the way the check() function works to raise an
exception when the MAC is not correct. The MAC is also now always
checked before attempting decryption.
This also renames the internal DataType.value property to a
get_value() method for clarity.
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
* [699ecf8] pskc/encryption.py: Handle missing MAC algorithm properly
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
* [01e102b] tests/aes128-cbc.pskcxml, tests/aes192-cbc.pskcxml,
tests/aes256-cbc.pskcxml, tests/test_encryption.doctest,
tests/tripledes-cbc.pskcxml: Add MAC tests to all CBC encrypted
keys
This adds hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512
tests for values that are encrypted using CBC block cypher modes.
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
* [59e790e] pskc/mac.py: Automatically support all MACs in hashlib
This uses the name of the hash to automatically get the correct
hash object from Python's hashlib.
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
* [566e447] pskc/__init__.py, pskc/parse.py, setup.py: Support
various ElementTree implementations
When using a recent enough lxml, even Python 2.6 should work
now. The most important requirement is that the findall()
function supports the namespaces argument.
This also now catches all exceptions when parsing the PSKC file
fails and wraps it in ParseError because various implementations
raise different exceptions, even between versions (Python 2.6's
ElementTree raises ExpatError, lxml raises XMLSyntaxError).
2014-06-13 Arthur de Jong <arthur@arthurdejong.org>
* [5d60ee2] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
pskc/mac.py, pskc/parse.py, pskc/policy.py: Have parse module
provide find() functions
This changes the parse module functions to better match the
ElementTree API and extends it with findint(), findtime()
and findbin().
It also passes the namespaces to all calls that require it
without duplicating this throughout the normal code.
2014-06-11 Arthur de Jong <arthur@west.nl>
* [6a34c01] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
pskc/mac.py, pskc/policy.py: Use get() instead of attrib.get()
(shorter)
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
* [4d92b93] pskc/encryption.py, tests/kw-tripledes.pskcxml,
tests/test_encryption.doctest: Support kw-tripledes decryption
This adds support for key unwrapping using the RFC 3217 Triple
DES key wrap algorithm if the PSKC file uses this.
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
* [fd71f01] pskc/tripledeskw.py, tests/test_tripledeskw.doctest:
Implement RFC 3217 Triple DES key wrapping
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
* [f639318] tests/test_minimal.doctest, tests/test_misc.doctest:
Merge test_minimal into test_misc
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
* [1e7f861] tests/draft-keyprov-actividentity-3des.pskcxml,
tests/test_draft_keyprov.doctest: Add an ActivIdentity-3DES test
The test is taken from
draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit
the schema as described in RFC 6030.
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
* [b7cb928] tests/draft-keyprov-securid-aes-counter.pskcxml,
tests/test_draft_keyprov.doctest: Add an SecurID-AES-Counter test
The test is taken from
draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to be
valid XML and to fit the schema as described in RFC 6030.
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
* [427319f] tests/draft-keyprov-totp.pskcxml,
tests/test_draft_keyprov.doctest: Add an TOTP test
The test is taken from
draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit
the schema as described in RFC 6030.
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
* [ba49d09] tests/draft-keyprov-ocra.pskcxml,
tests/test_draft_keyprov.doctest: Add an OCRA test
The test is taken from
draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit
the schema as described in RFC 6030.
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
* [0a66ede] tests/odd-namespace.pskcxml, tests/test_misc.doctest:
Add a test for an odd namespace
2014-05-30 Arthur de Jong <arthur@arthurdejong.org>
* [287afa7] pskc/encryption.py, tests/kw-aes128.pskcxml,
tests/kw-aes192.pskcxml, tests/kw-aes256.pskcxml,
tests/test_encryption.doctest: Support kw-aes128, kw-aes192
and kw-aes256
This adds support for key unwrapping using the RFC 3394 or RFC
5649 algorithm if the PSKC file uses this.
2014-05-30 Arthur de Jong <arthur@arthurdejong.org>
* [99ba287] pskc/aeskw.py, tests/test_aeskw.doctest: Implement
padding as specified in RFC 5649
This adds a pad argument with which padding can be forced or
disabled.
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
* [ebf8945] pskc/aeskw.py, tests/test_aeskw.doctest: Allow speciying
an initial value for key wrapping
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
* [5720fe5] pskc/aeskw.py, pskc/exceptions.py,
tests/test_aeskw.doctest: Provide an RFC 3394 AES key wrapping
algorithm
This also introduces an EncryptionError exception.
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
* [7164d89] README, docs/usage.rst, pskc/__init__.py,
tests/rfc6030-figure10.pskcxml, tests/rfc6030-figure2.pskcxml,
tests/rfc6030-figure3.pskcxml, tests/rfc6030-figure4.pskcxml,
tests/rfc6030-figure5.pskcxml, tests/rfc6030-figure6.pskcxml,
tests/rfc6030-figure7.pskcxml, tests/test_rfc6030.doctest:
Always put a space between RFC and number
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
* [ccebb69] pskc/encryption.py, tests/test_encryption.doctest,
tests/tripledes-cbc.pskcxml: Support Tripple DES decryption
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
* [a11f31f] tests/test_invalid.doctest: Add tests for key derivation
problems
This tests for unknown or missing algorithms and unknown
derivation parameters.
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
* [0738c94] pskc/encryption.py, pskc/exceptions.py: Raise exception
when key derivation fails
This also renames the internal function that implements the
derivation.
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
* [76ef42b] pskc/encryption.py, pskc/exceptions.py,
tests/invalid-encryption.pskcxml, tests/test_invalid.doctest:
Add test for missing key encryption algorithm
This also introduces a toplevel PSKCError exception that all
exceptions have as parent.
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
* [7f26dc6] tests/aes128-cbc.pskcxml, tests/aes192-cbc.pskcxml,
tests/aes256-cbc.pskcxml, tests/test_encryption.doctest: Add
test for all AES-CBC encryption schemes
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
* [28f2c1c] pskc/encryption.py: Support more AES-CBC encryption
schemes
This also moves the crypto imports to the places where they are
used to avoid a depenency on pycrypto if no encryption is used.
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
* [678b127] tests/test_minimal.doctest: Add test for missing
secret value
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
* [bef2f7d] pskc/__init__.py, pskc/key.py,
tests/test_minimal.doctest: Add a function for adding a new key
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
* [46f5749] pskc/__init__.py: Consistency improvement
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
* [83f5a4b] pskc/__init__.py, tests/test_minimal.doctest: Support
creating an empty PSKC instance
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
* [820c83c] pskc/encryption.py, pskc/mac.py: Be more lenient in
accepting algorithms
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
* [02bde47] pskc/key.py: Code simplification
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
* [b62fec8] pskc/encryption.py, pskc/exceptions.py,
tests/invalid-encryption.pskcxml, tests/test_invalid.doctest,
tests/test_rfc6030.doctest: Raise an exception if decryption fails
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
* [7bc2e6b] pskc/encryption.py: Make decryption code better readable
2014-05-23 Arthur de Jong <arthur@arthurdejong.org>
* [714f387] setup.cfg, tests/invalid-notxml.pskcxml,
tests/invalid-wrongelement.pskcxml,
tests/invalid-wrongversion.pskcxml, tests/test_invalid.doctest:
Add tests for invalid PSKC files
2014-05-23 Arthur de Jong <arthur@arthurdejong.org>
* [803d24c] pskc/__init__.py, pskc/exceptions.py: Raise exceptions
on some parsing problems
2014-05-23 Arthur de Jong <arthur@arthurdejong.org>
* [8c37e26] setup.py: Fix install_requires
2014-05-23 Arthur de Jong <arthur@arthurdejong.org>
* [8e1729e] ChangeLog, MANIFEST.in, NEWS: Get files ready for
0.1 release
2014-05-23 Arthur de Jong <arthur@arthurdejong.org>
* [15ca643] README, pskc/__init__.py, tests/rfc6030-figure10.pskcxml,
tests/rfc6030-figure2.pskcxml, tests/rfc6030-figure3.pskcxml,
tests/rfc6030-figure4.pskcxml, tests/rfc6030-figure5.pskcxml,
tests/rfc6030-figure6.pskcxml, tests/rfc6030-figure7.pskcxml,
tests/test_rfc6030.doctest: Use pskcxml as file name extension
This is the extension that is suggested in RFC6030.
2014-05-23 Arthur de Jong <arthur@arthurdejong.org>
* [44c7d2e] docs/policy.rst, docs/usage.rst: Improve IANA links
2014-05-20 Arthur de Jong <arthur@arthurdejong.org>
* [cda1c5f] tests/test_rfc6030.doctest: Improve test
This tests that, before the PSKC ecnryption is key available,
the secret from the key cannot be extracted.
2014-05-19 Arthur de Jong <arthur@arthurdejong.org>
* [e96c746] docs/_templates/autosummary/module.rst, docs/conf.py,
docs/encryption.rst, docs/index.rst, docs/mac.rst, docs/policy.rst,
docs/usage.rst: Provide Sphinx documentation
2014-05-18 Arthur de Jong <arthur@arthurdejong.org>
* [edf4d24] pskc/policy.py: Add missing policy constant
2014-05-18 Arthur de Jong <arthur@arthurdejong.org>
* [92a994d] pskc/key.py: Fix attribute name in docstring
2014-04-20 Arthur de Jong <arthur@arthurdejong.org>
* [cc9bbb5] README: Update README
2014-05-17 Arthur de Jong <arthur@arthurdejong.org>
* [d0a7814] .gitignore, setup.py: Fix dateutil dependency
This also ignores downloaded .egg files.
2014-04-19 Arthur de Jong <arthur@arthurdejong.org>
* [e0159ba] pskc/parse.py: Fix module description
2014-04-19 Arthur de Jong <arthur@arthurdejong.org>
* [ba17976] pskc/__init__.py, pskc/parse.py: Move PSKC class to
toplevel module
This also splits the parsing to a parse() function for consistency.
2014-04-19 Arthur de Jong <arthur@arthurdejong.org>
* [64e207d] pskc/key.py, tests/test_rfc6030.doctest: Provide
pskc.key docstrings
This documents most of the information that is available per
key and adds a few other minor cosmetic changes.
This also re-organises the key properties to be in a slightly more
logical order and renames the userid key property to key_userid
to more clearly distinguish it from device_userid.
2014-04-19 Arthur de Jong <arthur@arthurdejong.org>
* [6becc61] pskc/parse.py: Provide pskc.parse docstrings
This documents most of the API of the parsing functions and the
PSKC class.
2014-04-19 Arthur de Jong <arthur@arthurdejong.org>
* [1d42fbc] pskc/policy.py: Complete pskc.policy docstrings
Also contains small consistency improvement.
2014-04-19 Arthur de Jong <arthur@arthurdejong.org>
* [b07d709] pskc/mac.py: Provide pskc.mac docstrings
This also hides two properties that are not part of the public API.
2014-04-19 Arthur de Jong <arthur@arthurdejong.org>
* [285860e] pskc/encryption.py: Provide pskc.encryption docstrings
This documents classes in the pskc.encryption module.
2014-04-19 Arthur de Jong <arthur@arthurdejong.org>
* [8c9e03d] pskc/key.py, pskc/mac.py, pskc/parse.py, pskc/policy.py:
Move Key class to separate module
This also allows re-organising the imports a bit.
2014-04-16 Arthur de Jong <arthur@arthurdejong.org>
* [c883d48] MANIFEST.in, pskc/__init__.py, setup.cfg, setup.py:
Add initial setup script
2014-04-14 Arthur de Jong <arthur@arthurdejong.org>
* [3df6849] COPYING: Include a license file (LGPL)
2014-04-13 Arthur de Jong <arthur@arthurdejong.org>
* [f08cdb5] tests/rfc6030-figure10.pskc, tests/test_rfc6030.doctest:
Add bulk provisioning test from Figure 10
2014-04-13 Arthur de Jong <arthur@arthurdejong.org>
* [41828cd] pskc/parse.py: Use slightly clearer names
2014-04-12 Arthur de Jong <arthur@arthurdejong.org>
* [5ab731c] tests/rfc6030-figure7.pskc, tests/test_rfc6030.doctest:
Add test for Figure 7 from RFC6030
This tests encrypted key derivation using PBKDF2 and a pre-shared
passphrase.
2014-04-12 Arthur de Jong <arthur@arthurdejong.org>
* [a3fd598] pskc/encryption.py: Implement PBKDF2 key derivation
This supports deriving the key from a passphrase and information
present in the DerivedKey and PBKDF2-params XML elements.
2014-04-12 Arthur de Jong <arthur@arthurdejong.org>
* [2ff470f] pskc/encryption.py: Add id attribute from EncryptionKey
2014-04-12 Arthur de Jong <arthur@arthurdejong.org>
* [460f335] tests/rfc6030-figure6.pskc, tests/test_rfc6030.doctest:
Add test for Figure 6 from RFC6030
This test key encryption with a pre-shared key and MAC checks.
2014-04-12 Arthur de Jong <arthur@arthurdejong.org>
* [a926ddb] pskc/mac.py, pskc/parse.py: Implement MAC checking
This implements message message authentication code checking
for the encrypted values if MACMethod and ValueMAC are present.
2014-04-12 Arthur de Jong <arthur@arthurdejong.org>
* [e53e865] pskc/encryption.py, pskc/parse.py: Support decrypting
with a pre-shared key
This adds an encryption module that provides wrappers for
handling decryption.
2014-04-11 Arthur de Jong <arthur@arthurdejong.org>
* [3fe0919] pskc/parse.py: Refactor DataType value handling
This ensures that DataType values are retrieved dynamically
instead of at the time the PSKC file was parsed in order to make
decryption work.
2014-04-11 Arthur de Jong <arthur@arthurdejong.org>
* [591bb5d] pskc/policy.py: Document key and pin usage values
2014-04-11 Arthur de Jong <arthur@arthurdejong.org>
* [b952b93] tests/rfc6030-figure5.pskc, tests/test_rfc6030.doctest:
Add test for Figure 5 from RFC6030
This test extraction of key policy information and cross-key
references.
2014-04-11 Arthur de Jong <arthur@arthurdejong.org>
* [e939a96] pskc/parse.py, pskc/policy.py: Implement key policy
parsing
This parses key policy from PSKC files and provides a few utility
methods to help with policy validation.
2014-04-11 Arthur de Jong <arthur@arthurdejong.org>
* [8c9ac8c] pskc/parse.py: Support parsing date and integer values
2014-04-11 Arthur de Jong <arthur@arthurdejong.org>
* [6446f7d] tests/rfc6030-figure4.pskc, tests/test_rfc6030.doctest:
Add test for Figure 4 from RFC6030
This tests for key profile and key reference properties that
can be used to reference external keys.
2014-04-07 Arthur de Jong <arthur@arthurdejong.org>
* [e72369f] tests/rfc6030-figure3.pskc, tests/test_rfc6030.doctest:
Add test for Figure 3 from RFC6030
This tests Figure 3 from RFC6030 with a very basic plain text
secret key and some supplementary data.
2014-04-07 Arthur de Jong <arthur@arthurdejong.org>
* [2c111a8] pskc/parse.py: Get more data from KeyPackage
This gets most simple string values from the KeyPackage as well
as some integer and boolean values.
2014-04-07 Arthur de Jong <arthur@arthurdejong.org>
* [96b4b54] tests/rfc6030-figure2.pskc, tests/test-rfc6030.doctest:
Add test for example from RFC6030
This tests Figure 2 from RFC6030 with a very basic plain text
secret key.
2014-04-07 Arthur de Jong <arthur@arthurdejong.org>
* [d662cf2] pskc/parse.py: Support getting plaintext key
2014-04-07 Arthur de Jong <arthur@arthurdejong.org>
* [550630d] tests/test_minimal.doctest: Minimal test
This adds a doctest for the absolute minimum PSKC file that does
not contain any useful information.
2014-04-07 Arthur de Jong <arthur@arthurdejong.org>
* [bf8e7f6] pskc/__init__.py, pskc/parse.py: Basic implementation
of PSKC class
This class is used for handling PSKC files. It will parse the
file and store relevant properties for easy access. The Key
class corresponds to a single key defined in the PSKC file.
This is a very minimal implementation that only provides some
meta-data from the file and keys (work in progress).
2014-04-04 Arthur de Jong <arthur@arthurdejong.org>
* [9803dfc] README: Provide an initial README
2014-04-02 Arthur de Jong <arthur@arthurdejong.org>
* [c912bb4] .gitignore, pskc/__init__.py: Initial project layout
|