Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/ChangeLog
blob: b39deaa9c47bb29ed398afc23a9949ae768f7f51 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
2017-01-15  Arthur de Jong <arthur@arthurdejong.org>

	* [29a183d] tests/test_feitian.doctest, tests/test_nagraid.doctest:
	  Split vendor tests

	  Have one doctest file per vendor to make tests a little more
	  manageable.

2017-01-14  Arthur de Jong <arthur@arthurdejong.org>

	* [02eb520] tests/test_yubico.doctest, tests/yubico/example1.pskcxml,
	  tests/yubico/example2.pskcxml, tests/yubico/example3.pskcxml:
	  Add tests for Yubikey files

	  This adds tests from draft-josefsson-keyprov-pskc-yubikey-00.

2017-01-13  Arthur de Jong <arthur@arthurdejong.org>

	* [12dfa64] pskc/parser.py, tests/actividentity/test.pskc,
	  tests/test_actividentity.doctest: Support legacy ActivIdentity
	  files

	  This adds support for parsing ActivIdentity files that conform
	  to a very old version of an Internet Draft. The implementation
	  and test were based on a file provided by Jaap Ruijgrok.

2017-01-11  Arthur de Jong <arthur@arthurdejong.org>

	* [a5e2343] pskc/parser.py,
	  tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/actividentity-3des.pskcxml,
	  tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/ocra.pskcxml,
	  tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/securid-aes-counter.pskcxml,
	  tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/totp.pskcxml:
	  Use original examples from old profiles Internet Draft

	  This updates the tests to use the original examples from
	  draft-hoyer-keyprov-pskc-algorithm-profiles-01 instead of
	  modifying them to fit the RFC 6030 schema (but does include some
	  minor changes to make them valid XML).

	  This adds a few additions to the parser to handle legacy challenge
	  and resposne encoding and a few key policy properties.

	  This also includes a fix for 0b757ec in the handling of the
	  <ChallengeFormat> element under a <Usage> element.

2016-12-21  Arthur de Jong <arthur@arthurdejong.org>

	* [2f7cb1a] tests/rfc6030/figure8.pskcxml,
	  tests/rfc6030/figure9.pskcxml, tests/test_rfc6030.doctest:
	  Add all figures from RFC 6030 to test suite

	  Note that asymmetric encryption and digital signature checking
	  has not yet been implemented so the tests are pretty minimal.
2016-12-21  Arthur de Jong <arthur@arthurdejong.org>

	* [0b757ec] pskc/parser.py, pskc/xml.py,
	  tests/draft-ietf-keyprov-pskc-02/figure2.pskcxml,
	  tests/draft-ietf-keyprov-pskc-02/figure3.pskcxml,
	  tests/draft-ietf-keyprov-pskc-02/figure4.pskcxml,
	  tests/draft-ietf-keyprov-pskc-02/figure5.pskcxml,
	  tests/draft-ietf-keyprov-pskc-02/figure6.pskcxml,
	  tests/draft-ietf-keyprov-pskc-02/figure7.pskcxml,
	  tests/draft-ietf-keyprov-pskc-02/figure8.pskcxml,
	  tests/draft-ietf-keyprov-pskc-02/figure9.pskcxml,
	  tests/test_draft_ietf_keyprov_pskc_02.doctest: Add support for
	  older Internet Draft version

	  This adds support for parsing most examples from
	  draft-ietf-keyprov-pskc-02. That file uses a few other names
	  for elements and attributes of the PSKC file and a few other
	  minor differences.

	  The XML parsing has been changed to allow specifying multiple
	  matches and the find*() functions now return the first found match.

	  While all examples from draft-ietf-keyprov-pskc-02 are tested
	  support for verifying digital signatures and asymmetric keys
	  have not yet been implemented.

2016-12-19  Arthur de Jong <arthur@arthurdejong.org>

	* [09076f8] tests/test_encryption.doctest: Fix typo in test

2016-12-20  Arthur de Jong <arthur@arthurdejong.org>

	* [46fa5f1] setup.cfg: Fail tests on missing coverage

2016-12-20  Arthur de Jong <arthur@arthurdejong.org>

	* [047a2a9] pskc/key.py, pskc/mac.py,
	  tests/encryption/mac-over-plaintext.pskcxml,
	  tests/invalid/mac-missing.pskcxml, tests/invalid/mac-value.pskcxml,
	  tests/invalid/missing-encryption-method.pskcxml,
	  tests/test_encryption.doctest, tests/test_invalid.doctest:
	  Allow MAC over plaintext or ciphertext

	  RFC 6030 implies that the MAC should be performed over the
	  ciphertext but some earlier drafts implied that the MAC should
	  be performed on the plaintext. This change accpets the MAC if
	  either the plaintext or ciphertext match.

	  Note that this change allows for a padding oracle attack when
	  CBC encryption modes are used because decryption (and unpadding)
	  needs to be done before MAC checking. However, this module is
	  not expected to be available to users to process arbitrary PSKC
	  files repeatedly.

	  This removes the tests for a missing MAC key (and replaces it for
	  tests of missing EncryptionMethod) because falling back to using
	  the encryption key (implemented in a444f78) in combination with
	  this change means that decryption is performed before MAC checking
	  and is no longer possible to trigger a missing MAC key error.

2016-12-19  Arthur de Jong <arthur@arthurdejong.org>

	* [bae7084] pskc/crypto/__init__.py, pskc/encryption.py,
	  tests/test_crypto.doctest: Add sanity checks to unpadding

2016-12-19  Arthur de Jong <arthur@arthurdejong.org>

	* [d864bc8] pskc/serialiser.py: Ensure XML file ends with a newline

2016-12-19  Arthur de Jong <arthur@arthurdejong.org>

	* [c631628] pskc/xml.py: Adapt coverage pragma annotations

	  This fixes the pragma directives to be be correct independently
	  of whether lxml is installed or not.

2016-12-19  Arthur de Jong <arthur@arthurdejong.org>

	* [18d82dc] .gitignore, tox.ini: Add Tox configuration

	  This sets up Tox with various versions of Python and for each
	  version a run with and without lxml.

2016-12-19  Arthur de Jong <arthur@arthurdejong.org>

	* [71058e2] tests/test_write.doctest: Close read files in tests

	  This ensures that the files that are read in the test suite are
	  properly closed to avoid leaking open file descriptors.

2016-12-18  Arthur de Jong <arthur@arthurdejong.org>

	* [f0a0a3b] pskc/parser.py: Support missing or lowercase version
	  attribute

2016-09-26  Arthur de Jong <arthur@arthurdejong.org>

	* [3bf4737] docs/usage.rst: Fix copy-pasto in documentation

	  This accidentally slipped in as part of beafc6b.  2016-09-19
Arthur de Jong <arthur@arthurdejong.org>

	* [02b30a9] pskc/__init__.py, pskc/parser.py, pskc/serialiser.py:
	  Also move outer writing and parsing to modules

2016-09-17  Arthur de Jong <arthur@arthurdejong.org>

	* [b1f8f87] .gitignore, README, pskc/__init__.py: Add writing
	  example to toplevel documentation

2016-09-17  Arthur de Jong <arthur@arthurdejong.org>

	* [e23a467] pskc/key.py: Use custom data descriptors for key
	  properties

	  This uses a custom data descriptor (property) for secret, counter,
	  time_offset, time_interval and time_drift.

2016-09-17  Arthur de Jong <arthur@arthurdejong.org>

	* [beafc6b] docs/usage.rst, pskc/__init__.py, pskc/device.py,
	  pskc/key.py, pskc/parser.py, pskc/policy.py, pskc/serialiser.py,
	  tests/test_misc.doctest, tests/test_write.doctest: Support
	  separate device from key

	  This allows having multiple keys per device while also maintaining
	  the previous API.

	  Note that having multiple keys per device is not allowed by the
	  RFC 6030 schema but is allowed by some older internet drafts.

2016-09-16  Arthur de Jong <arthur@arthurdejong.org>

	* [84bfb8a] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
	  pskc/mac.py, pskc/policy.py, pskc/serialiser.py: Move XML
	  generation to own module

	  Similar to the change for parsing, move the XML serialisation
	  of PSKC data to a single class in a separate module.

2016-09-14  Arthur de Jong <arthur@arthurdejong.org>

	* [426e821] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
	  pskc/mac.py, pskc/parser.py, pskc/policy.py: Move document
	  parsing to own module

	  This moves all the parse() functions to a single class in a
	  dedicated module that can be used for parsing PSKC files. This
	  should make it easier to subclass the parser.

2016-09-14  Arthur de Jong <arthur@arthurdejong.org>

	* [bf34209] tests/invalid/no-mac-method.pskcxml,
	  tests/test_invalid.doctest, tests/test_rfc6030.doctest: Some
	  minor improvements to the tests

2016-09-12  Arthur de Jong <arthur@arthurdejong.org>

	* [600ae68] pskc/encryption.py, pskc/key.py, pskc/xml.py,
	  setup.cfg, tests/invalid/empty-mac-key.pskcxml,
	  tests/invalid/incomplete-derivation.pskcxml,
	  tests/invalid/missing-encryption.pskcxml,
	  tests/misc/SampleFullyQualifiedNS.xml, tests/misc/policy.pskcxml,
	  tests/test_aeskw.doctest, tests/test_encryption.doctest,
	  tests/test_invalid.doctest, tests/test_misc.doctest,
	  tests/test_write.doctest: Improve branch coverage

	  This enables branch coverage testing and adds tests to improve
	  coverage.

2016-09-11  Arthur de Jong <arthur@arthurdejong.org>

	* [713d106] pskc/encryption.py, tests/test_encryption.doctest:
	  Support specifying PRF in setup_pbkdf2()

	  This also ensures that the PRF URL is normalised.

2016-09-11  Arthur de Jong <arthur@arthurdejong.org>

	* [ff811c9] pskc/encryption.py: Fix bug in passing explicit key
	  to setup_preshared_key()

2016-09-11  Arthur de Jong <arthur@arthurdejong.org>

	* [fa07aa5] docs/encryption.rst, pskc/encryption.py: Clarify
	  encryption.setup_*() documentation

	  This tries to make it clearer that the setup_preshared_key()
	  and setup_pbkdf2() functions are meant to be used when writing
	  out PSKC files.

2016-04-23  Arthur de Jong <arthur@arthurdejong.org>

	* [a444f78] pskc/key.py, pskc/mac.py,
	  tests/encryption/no-mac-key.pskcxml,
	  tests/invalid/mac-missing.pskcxml, tests/test_encryption.doctest,
	  tests/test_invalid.doctest: Fall back to encryption key for MAC

	  This uses the encryption key also as MAC key if no MAC key has
	  been specified in the PSKC file. Earlier versions of the PSKC
	  draft specified this behaviour.

2016-04-23  Arthur de Jong <arthur@arthurdejong.org>

	* [9b76135] pskc/encryption.py,
	  tests/encryption/aes128-cbc-noiv.pskcxml,
	  tests/test_encryption.doctest: Allow global specification of IV

	  In older versions of the PSKC standard it was allowed to
	  have a global initialization vector for CBC based encryption
	  algorithms. It is probably not a good idea to re-use an IV
	  in general.

2016-04-23  Arthur de Jong <arthur@arthurdejong.org>

	* [d53f05b] pskc/encryption.py, pskc/mac.py: Move crypto to functions

	  This makes it much easier to test the encryption, decryption
	  and HMAC processing separate from the PSKC parsing.

2016-04-05  Arthur de Jong <arthur@arthurdejong.org>

	* [5dbfefd] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
	  pskc/policy.py: Remove parse call from constructors

	  This makes the creation if internal instances a litte more
	  consistent.

2016-04-05  Arthur de Jong <arthur@arthurdejong.org>

	* [0d7caf1] pskc/algorithms.py, pskc/encryption.py, pskc/mac.py:
	  Move algorithm uri handling to separate module

2016-03-29  Arthur de Jong <arthur@arthurdejong.org>

	* [22ba9f1] pskc/crypto/__init__.py, pskc/encryption.py: Move
	  padding functions to crypto package

2016-03-28  Arthur de Jong <arthur@arthurdejong.org>

	* [efbe94c] ChangeLog, NEWS, pskc/__init__.py, setup.py: Get files
	  ready for 0.4 release

2016-03-26  Arthur de Jong <arthur@arthurdejong.org>

	* [0c57335] docs/policy.rst: Document may_use() policy function

2016-03-27  Arthur de Jong <arthur@arthurdejong.org>

	* [b4a6c72] : Implement writing encrypted files

	  This adds support for setting up encryption keys and password-based
	  key derivation when writing PSKC files. Also MAC keys are set
	  up when needed.

2016-03-26  Arthur de Jong <arthur@arthurdejong.org>

	* [59aa65b] README, docs/conf.py, docs/encryption.rst, docs/mac.rst,
	  docs/usage.rst, pskc/__init__.py: Document writing encrypted files

2016-03-21  Arthur de Jong <arthur@arthurdejong.org>

	* [5f32528] tests/test_write.doctest: Add encryption error tests

2016-03-21  Arthur de Jong <arthur@arthurdejong.org>

	* [7ede4a1] tests/test_write.doctest: Add tests for writing
	  encrypted PSKC files

2016-03-20  Arthur de Jong <arthur@arthurdejong.org>

	* [1ff3237] pskc/encryption.py: Allow configuring a pre-shared key

	  This method allows configuring a pre-shared encryption key and
	  will chose reasonable defaults for needed encryption values
	  (e.g. it will choose an algorithm, generate a new key of the
	  appropriate length if needed, etc.).

2016-03-19  Arthur de Jong <arthur@arthurdejong.org>

	* [50414a3] pskc/encryption.py, tests/test_encryption.doctest:
	  Allow configuring PBKDF2 key derivation

	  This factors out the PBKDF2 key derivation to a separate function
	  and introduces a function to configure KeyDerivation instances
	  with PBKDF2.

2016-03-21  Arthur de Jong <arthur@arthurdejong.org>

	* [5ac9d43] pskc/mac.py, tests/test_encryption.doctest: Allow
	  configuring a MAC key

	  This method will set up a MAC key and algorithm as specified or
	  use reasonable defauts.

2016-03-20  Arthur de Jong <arthur@arthurdejong.org>

	* [16da531] pskc/key.py, pskc/mac.py: Generate MAC values

2016-03-20  Arthur de Jong <arthur@arthurdejong.org>

	* [ca0fa36] pskc/__init__.py, pskc/encryption.py, pskc/mac.py:
	  Write MACMethod

	  This also makes the MAC.algorithm a property similarly as what
	  is done for Encryption (normalise algorithm names) and adds a
	  setter for the MAC.key property.

2016-03-21  Arthur de Jong <arthur@arthurdejong.org>

	* [8fd35ba] pskc/encryption.py, pskc/key.py: Write out encrypted
	  values

	  The Encryption class now has a fields property that lists the
	  fields that should be encrypted when writing the PSKC file.

	  This adds an encrypt_value() function that performs the encryption
	  and various functions to convert the plain value to binary before
	  writing the encrypted XML elements.

2016-03-20  Arthur de Jong <arthur@arthurdejong.org>

	* [eba541e] pskc/__init__.py, pskc/encryption.py, pskc/mac.py:
	  Make Encryption and MAC constructors consistent

	  This removes calling parse() from the Encryption and MAC
	  constructors and stores a reference to the PSKC object in both
	  objects so it can be used later on.

2016-03-20  Arthur de Jong <arthur@arthurdejong.org>

	* [fe21231] pskc/__init__.py, pskc/encryption.py,
	  tests/test_write.doctest: Write encryption key information

	  This writes information about a pre-shared key or PBKDF2 key
	  derivation in the PSKC file. This also means that writing
	  a decrypted version of a previously encrypted file requires
	  actively removing the encryption.

2016-03-19  Arthur de Jong <arthur@arthurdejong.org>

	* [0893640] pskc/encryption.py, tests/test_misc.doctest: Add
	  algorithm_key_lengths property

	  This property on the Encryption object provides a list of key
	  sizes (in bytes) that the configured encryption algorithm supports.

2016-03-22  Arthur de Jong <arthur@arthurdejong.org>

	* [8b5f6c2] pskc/policy.py, tests/test_misc.doctest,
	  tests/test_rfc6030.doctest, tests/test_write.doctest: Also check
	  key expiry in may_use()

2016-03-20  Arthur de Jong <arthur@arthurdejong.org>

	* [dfa57ae] pskc2csv.py: Support reading password or key in pskc2csv

	  This supports reading the encryption password or key from the
	  command line or from a file.

2014-06-28  Arthur de Jong <arthur@arthurdejong.org>

	* [0744222] pskc/xml.py: Copy namespaces to toplevel element

	  Ensure that when writing an XML file all namespace definitions
	  are on the toplevel KeyContainer element instead of scattered
	  throughout the XML document.

2016-03-19  Arthur de Jong <arthur@arthurdejong.org>

	* [e8ef157] pskc/__init__.py, tests/test_write.doctest: Support
	  writing to text streams in Python 3

	  This supports writing the XML output to binary streams as well
	  as text streams in Python 3.

2016-03-19  Arthur de Jong <arthur@arthurdejong.org>

	* [cadc6d9] pskc/key.py, pskc/mac.py,
	  tests/invalid/missing-encryption.pskcxml,
	  tests/invalid/not-boolean.pskcxml,
	  tests/invalid/not-integer.pskcxml,
	  tests/invalid/not-integer2.pskcxml,
	  tests/invalid/unknown-encryption.pskcxml, tests/test_aeskw.doctest,
	  tests/test_encryption.doctest, tests/test_invalid.doctest,
	  tests/test_misc.doctest, tests/test_rfc6030.doctest,
	  tests/test_tripledeskw.doctest, tests/test_write.doctest:
	  Improve tests and test coverage

	  This adds tests to ensure that incorrect attribute and value
	  types in the PSKC file raise a ValueError exception and extends
	  the tests for invalid encryption options.

	  This removes some code or adds no cover directives to a few
	  places that have unreachable code or are Python version specific
	  and places doctest directives inside the doctests where needed.

2016-03-19  Arthur de Jong <arthur@arthurdejong.org>

	* [b8905e0] pskc/key.py, pskc/xml.py, tests/misc/checkdigits.pskcxml,
	  tests/test_misc.doctest: Support both CheckDigit and CheckDigits

	  RFC 6030 is not clear about whether the attribute of
	  ChallengeFormat and ResponseFormat should be the singular
	  CheckDigit or the plural CheckDigits. This ensures that both
	  forms are accepted.

2016-03-19  Arthur de Jong <arthur@arthurdejong.org>

	* [7915c55] pskc/policy.py, tests/misc/policy.pskcxml,
	  tests/test_misc.doctest: Implement policy checking

	  This checks for unknown policy elements in the PSKC file and
	  will cause the key usage policy check to fail.

2016-03-18  Arthur de Jong <arthur@arthurdejong.org>

	* [1687fd6] tests/feitian/20120919-test001-4282.xml,
	  tests/feitian/file1.pskcxml, tests/nagraid/file1.pskcxml,
	  tests/test_vendors.doctest: Add a few tests for vendor files

	  Some vendor-specific files were lifted from the LinOTP test suite
	  and another Feitian file was found in the oath-toolkit repository.

2016-01-31  Arthur de Jong <arthur@arthurdejong.org>

	* [aae8a18] pskc/key.py, tests/misc/integers.pskcxml,
	  tests/test_misc.doctest: Support various integer representations

	  This extends support for handling various encoding methods for
	  integer values in PSKC files. For encrypted files the decrypted
	  value is first tried to be evaluated as an ASCII representation
	  of the number and after that big-endian decoded.

	  For plaintext values first ASCII decoding is tried after which
	  base64 decoding is tried which tries the same encodings as for
	  decrypted values.

	  There should be no possibility for any base64 encoded value
	  (either of an ASCII value or a big-endian value) to be interpreted
	  as an ASCII value for any 32-bit integer.

	  There is a possibility that a big-endian encoded integer could
	  be incorrectly interpreted as an ASCII value but this is only
	  the case for 110 numbers when only considering 6-digit numbers.

2016-01-24  Arthur de Jong <arthur@arthurdejong.org>

	* [c86aaea] README, pskc/__init__.py,
	  tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/actividentity-3des.pskcxml,
	  tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/ocra.pskcxml,
	  tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/securid-aes-counter.pskcxml,
	  tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/totp.pskcxml,
	  tests/encryption/aes128-cbc.pskcxml,
	  tests/encryption/aes192-cbc.pskcxml,
	  tests/encryption/aes256-cbc.pskcxml,
	  tests/encryption/kw-aes128.pskcxml,
	  tests/encryption/kw-aes192.pskcxml,
	  tests/encryption/kw-aes256.pskcxml,
	  tests/encryption/kw-tripledes.pskcxml,
	  tests/encryption/tripledes-cbc.pskcxml,
	  tests/invalid/encryption.pskcxml,
	  tests/invalid/mac-algorithm.pskcxml,
	  tests/invalid/mac-value.pskcxml,
	  tests/invalid/no-mac-method.pskcxml, tests/invalid/notxml.pskcxml,
	  tests/invalid/wrongelement.pskcxml,
	  tests/invalid/wrongversion.pskcxml,
	  tests/misc/SampleFullyQualifiedNS.xml,
	  tests/misc/odd-namespace.pskcxml, tests/rfc6030/figure10.pskcxml,
	  tests/rfc6030/figure2.pskcxml, tests/rfc6030/figure3.pskcxml,
	  tests/rfc6030/figure4.pskcxml, tests/rfc6030/figure5.pskcxml,
	  tests/rfc6030/figure6.pskcxml, tests/rfc6030/figure7.pskcxml,
	  tests/test_draft_keyprov.doctest, tests/test_encryption.doctest,
	  tests/test_invalid.doctest, tests/test_misc.doctest,
	  tests/test_rfc6030.doctest, tests/test_write.doctest: Re-organise
	  test files

	  This puts the test PSKC files in subdirectories so they can be
	  organised more cleanly.

2016-01-23  Arthur de Jong <arthur@arthurdejong.org>

	* [1904dc2] tests/test_misc.doctest: Add test for incorrect key
	  derivation

	  If no key derivation algorithm has been specified in the PSKC
	  file an exception should be raised when attempting to perform
	  key derivation.

2016-01-24  Arthur de Jong <arthur@arthurdejong.org>

	* [91f66f4] pskc/encryption.py, pskc/key.py, pskc/mac.py: Refactor
	  out EncryptedValue and ValueMAC

	  This removes the EncryptedValue and ValueMAC classes and instead
	  moves the XML parsing of these values to the DataType class. This
	  will make it easier to support different parsing schemes.

	  This also includes a small consistency improvement in the
	  subclasses of DataType.

2016-01-23  Arthur de Jong <arthur@arthurdejong.org>

	* [9b13d3b] pskc/encryption.py, tests/test_misc.doctest: Normalise
	  algorithm names

	  This transforms the algorithm URIs that are set to known values
	  when parsing or setting the algorithm.

2016-01-22  Arthur de Jong <arthur@arthurdejong.org>

	* [b6eab47] docs/encryption.rst, pskc/encryption.py,
	  tests/test_encryption.doctest, tests/test_misc.doctest: Add
	  encryption algorithm property

	  Either determine the encryption algorithm from the PSKC file
	  or from the explicitly set value. This also adds support for
	  setting the encryption key name.

2016-01-22  Arthur de Jong <arthur@arthurdejong.org>

	* [b5f7de5] pskc/key.py, tests/test_write.doctest: Fix a problem
	  when writing previously encrypted file

	  This fixes a problem with writing a PSKC file that is based on
	  a read file that was encrypted.

2016-01-22  Arthur de Jong <arthur@arthurdejong.org>

	* [107a836] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
	  pskc/mac.py, pskc/policy.py, pskc/xml.py: Strip XML namespaces
	  before parsing

	  This simplifies calls to the find() family of functions and
	  allows parsing PSKC files that have slightly different namespace
	  URLs. This is especially common when parsing old draft versions
	  of the specification.

	  This also removes passing multiple patterns to the find()
	  functions that was introduced in 68b20e2.

2015-12-28  Arthur de Jong <arthur@arthurdejong.org>

	* [a86ff8a] README, docs/encryption.rst: Update some documentation

	  This adds a development notes section to the README and changes
	  the wording on the encryption page.

2015-12-01  Mathias Laurin <Mathias.Laurin+github.com@gmail.com>

	* [0ff4154] docs/encryption.rst: Fix typo in the documentation

2015-12-01  Mathias Laurin <Mathias.Laurin+github.com@gmail.com>

	* [3473903] pskc2csv.py: Support Python 3

2015-11-30  Mathias Laurin <Mathias.Laurin+github.com@gmail.com>

	* [a82a60b] pskc/key.py: Make value conversion methods static private

	  - the conversions do not call self: they are static - the
	  conversions are not to be used out of the class: make private

2015-11-30  Mathias Laurin <Mathias.Laurin+github.com@gmail.com>

	* [e711a30] pskc/key.py: Provide abstract methods to clarify API

2015-11-30  Mathias Laurin <Mathias.Laurin+github.com@gmail.com>

	* [1577687] pskc/encryption.py: Fix typo in variable name

2015-11-30  Mathias Laurin <Mathias.Laurin+github.com@gmail.com>

	* [3aa2a6f] tests/test_invalid.doctest: Fix doctest:
	  IGNORE_EXCEPTION_DETAL

2015-10-07  Arthur de Jong <arthur@arthurdejong.org>

	* [c155d15] ChangeLog, MANIFEST.in, NEWS, pskc/__init__.py,
	  setup.py: Get files ready for 0.3 release

2015-10-07  Arthur de Jong <arthur@arthurdejong.org>

	* [cf0c9e6] README, docs/conf.py, docs/encryption.rst,
	  docs/exceptions.rst, docs/mac.rst, docs/policy.rst, docs/usage.rst,
	  pskc/__init__.py: Update documentation

	  This updates the documentation with the new features (writing PSKC
	  files) as well as many editorial improvements, some rewording
	  and a few typo fixes. Some things were moved around a little in
	  order to be more easily readable and easier to find.

2015-10-06  Arthur de Jong <arthur@arthurdejong.org>

	* [671b6e2] pskc/__init__.py, pskc/crypto/aeskw.py,
	  pskc/crypto/tripledeskw.py, pskc/encryption.py, pskc/key.py,
	  pskc/policy.py, pskc/xml.py, setup.py, tests/test_aeskw.doctest,
	  tests/test_draft_keyprov.doctest, tests/test_encryption.doctest,
	  tests/test_invalid.doctest, tests/test_misc.doctest,
	  tests/test_rfc6030.doctest, tests/test_tripledeskw.doctest,
	  tests/test_write.doctest: Support Python 3

	  This enables support for Python 3 together with Python 2 support
	  with a single codebase.

	  On Python 3 key data is passed around as bytestrings which makes
	  the doctests a little harder to maintain across Python versions.

2015-10-06  Arthur de Jong <arthur@arthurdejong.org>

	* [68b20e2] pskc/encryption.py, pskc/xml.py,
	  tests/SampleFullyQualifiedNS.xml, tests/test_misc.doctest:
	  Fix issue with namespaced PBKDF2 parameters

	  The find() utility functions now allow specifying multiple paths
	  to be searched where the first match is returned.

	  This allows handling PSKC files where the PBKDF2 salt, iteration
	  count, key length and PRF elements are prefixed with the xenc11
	  namespace.

	  A test including such a PSKC file has been included.

	  Thanks to Eric Plet for reporting this.

2014-10-12  Arthur de Jong <arthur@arthurdejong.org>

	* [ebe46f2] pskc2csv.py: Provide a sample pskc2csv script

	  This is a simple command-line utility that reads a PSKC file
	  and outputs information on keys as CSV.

2014-06-30  Arthur de Jong <arthur@arthurdejong.org>

	* [1363564] pskc/crypto/__init__.py, pskc/crypto/aeskw.py,
	  pskc/crypto/tripledeskw.py, pskc/encryption.py,
	  tests/test_aeskw.doctest, tests/test_tripledeskw.doctest: Move
	  encryption functions in pskc.crypto package

	  This moves the encryption functions under the pskc.crypto package
	  to more clearly separate it from the other code. Ideally this
	  should be replaced by third-party library code.

2014-06-30  Arthur de Jong <arthur@arthurdejong.org>

	* [e468ebe] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
	  pskc/mac.py, pskc/policy.py, pskc/xml.py: Rename pskc.parse
	  to pskc.xml

	  This renames the parse module to xml to better reflect the
	  purpose of the module and it's functions.

	  This also introduces a parse() function that wraps etree.parse().

2014-06-28  Arthur de Jong <arthur@arthurdejong.org>

	* [480e2d0] : Support writing unencrypted PSKC files

2014-06-27  Arthur de Jong <arthur@arthurdejong.org>

	* [37dc64a] tests/test_write.doctest: Add test for writing PSKC files

	  This makes a simple doctest that checks the writing of the XML
	  representation of the PSKC data.

2014-06-27  Arthur de Jong <arthur@arthurdejong.org>

	* [865a755] pskc/__init__.py, pskc/parse.py: Add function for
	  writing XML

	  This provides a function for pretty-printing the generated
	  XML document.

2014-06-27  Arthur de Jong <arthur@arthurdejong.org>

	* [61a192f] pskc/__init__.py, pskc/key.py, pskc/policy.py: Construct
	  XML document with basic PKSC information

	  This introduces make_xml() functions to build an XML document
	  that contains the basic PSKC information and keys. This currently
	  only supports writing unencrypted PSKC files.

2014-06-27  Arthur de Jong <arthur@arthurdejong.org>

	* [69aec9f] pskc/parse.py: Introduce mk_elem() to create elements

	  This introduces the mk_elem() function that can be used to create
	  ElementTree elements for building XML documents. This function
	  transparetly handles namespaces, translation of values into
	  XML etc.

2014-06-27  Arthur de Jong <arthur@arthurdejong.org>

	* [7591271] pskc/key.py: Simplify DataType value handling

	  Only store the native value of the property, not the text
	  representation. This also results in the BinaryDataType and
	  IntegerDataType subclasses only needing from_text() and from_bin()
	  functions.

2014-06-19  Arthur de Jong <arthur@arthurdejong.org>

	* [09eb6b3] ChangeLog, NEWS, docs/changes.rst, docs/index.rst,
	  docs/usage.rst, pskc/__init__.py, setup.py: Get files ready for
	  0.2 release

2014-06-19  Arthur de Jong <arthur@arthurdejong.org>

	* [62c9af4] pskc/__init__.py: Only catch normal exceptions

2014-06-18  Arthur de Jong <arthur@arthurdejong.org>

	* [deb57d7] pskc/__init__.py: Remove unused import

2014-06-17  Arthur de Jong <arthur@arthurdejong.org>

	* [178ef1c] pskc/encryption.py: PEP8 fix

2014-06-17  Arthur de Jong <arthur@arthurdejong.org>

	* [7435552] pskc/exceptions.py: Remove __str__ from exception

	  The message property has been deprecated as of Python 2.6 and
	  printing the first argument is the default.

2014-06-16  Arthur de Jong <arthur@arthurdejong.org>

	* [f084735] README, docs/encryption.rst, docs/exceptions.rst,
	  docs/index.rst, docs/mac.rst, docs/policy.rst, docs/usage.rst:
	  Update documentation

	  This updates the documentation with the current API, adding
	  information on exceptions raised, HMAC algorithms supported and
	  changes to the MAC checking.

	  This also includes some editorial changes to some of the text and
	  making references shorter by not including the full package path.

2014-06-15  Arthur de Jong <arthur@arthurdejong.org>

	* [d84e761] pskc/parse.py: Simplify finding ElementTree
	  implementation

	  These are the only ElementTree implementations that have been
	  tested to provide the needed functionality (mostly namespaces).

2014-06-15  Arthur de Jong <arthur@arthurdejong.org>

	* [50b429d] pskc/key.py, pskc/parse.py, pskc/policy.py: Refactor
	  out some functions to parse

	  This introduces the getint() and getbool() functions in parse
	  to avoid some code duplication.

2014-06-15  Arthur de Jong <arthur@arthurdejong.org>

	* [9a16ce4] pskc/key.py, tests/test_misc.doctest: Add support for
	  setting secret

	  This supports setters for the secret, counter, time_offset,
	  time_interval and time_drift properties. Setting these values
	  stores the values unencrypted internally.

2014-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [1b9ee9f] pskc/encryption.py: Support PBKDF2 PRF argument

	  Support specifying a pseudorandom function for PBKDF2 key
	  derivation. It currently supports any HMAC that the MAC checking
	  also supports.

2014-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [79b9a7d] pskc/mac.py: Provide a get_hmac() function

	  Refactor the functionality to find an HMAC function into a
	  separate function.

2014-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [1417d4a] tests/invalid-mac-algorithm.pskcxml,
	  tests/invalid-mac-value.pskcxml,
	  tests/invalid-no-mac-method.pskcxml, tests/test_invalid.doctest:
	  Add tests for missing or invalid MAC

	  This tests for incomplete, unknown or invalid MACs in PSKC files.

2014-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [9d8aae0] pskc/key.py, pskc/mac.py: Raise exception when MAC
	  validation fails

	  This changes the way the check() function works to raise an
	  exception when the MAC is not correct. The MAC is also now always
	  checked before attempting decryption.

	  This also renames the internal DataType.value property to a
	  get_value() method for clarity.

2014-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [699ecf8] pskc/encryption.py: Handle missing MAC algorithm properly

2014-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [01e102b] tests/aes128-cbc.pskcxml, tests/aes192-cbc.pskcxml,
	  tests/aes256-cbc.pskcxml, tests/test_encryption.doctest,
	  tests/tripledes-cbc.pskcxml: Add MAC tests to all CBC encrypted
	  keys

	  This adds hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512
	  tests for values that are encrypted using CBC block cypher modes.

2014-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [59e790e] pskc/mac.py: Automatically support all MACs in hashlib

	  This uses the name of the hash to automatically get the correct
	  hash object from Python's hashlib.

2014-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [566e447] pskc/__init__.py, pskc/parse.py, setup.py: Support
	  various ElementTree implementations

	  When using a recent enough lxml, even Python 2.6 should work
	  now. The most important requirement is that the findall()
	  function supports the namespaces argument.

	  This also now catches all exceptions when parsing the PSKC file
	  fails and wraps it in ParseError because various implementations
	  raise different exceptions, even between versions (Python 2.6's
	  ElementTree raises ExpatError, lxml raises XMLSyntaxError).

2014-06-13  Arthur de Jong <arthur@arthurdejong.org>

	* [5d60ee2] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
	  pskc/mac.py, pskc/parse.py, pskc/policy.py: Have parse module
	  provide find() functions

	  This changes the parse module functions to better match the
	  ElementTree API and extends it with findint(), findtime()
	  and findbin().

	  It also passes the namespaces to all calls that require it
	  without duplicating this throughout the normal code.

2014-06-11  Arthur de Jong <arthur@west.nl>

	* [6a34c01] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
	  pskc/mac.py, pskc/policy.py: Use get() instead of attrib.get()
	  (shorter)

2014-05-31  Arthur de Jong <arthur@arthurdejong.org>

	* [4d92b93] pskc/encryption.py, tests/kw-tripledes.pskcxml,
	  tests/test_encryption.doctest: Support kw-tripledes decryption

	  This adds support for key unwrapping using the RFC 3217 Triple
	  DES key wrap algorithm if the PSKC file uses this.

2014-05-31  Arthur de Jong <arthur@arthurdejong.org>

	* [fd71f01] pskc/tripledeskw.py, tests/test_tripledeskw.doctest:
	  Implement RFC 3217 Triple DES key wrapping

2014-05-31  Arthur de Jong <arthur@arthurdejong.org>

	* [f639318] tests/test_minimal.doctest, tests/test_misc.doctest:
	  Merge test_minimal into test_misc

2014-05-31  Arthur de Jong <arthur@arthurdejong.org>

	* [1e7f861] tests/draft-keyprov-actividentity-3des.pskcxml,
	  tests/test_draft_keyprov.doctest: Add an ActivIdentity-3DES test

	  The test is taken from
	  draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit
	  the schema as described in RFC 6030.

2014-05-31  Arthur de Jong <arthur@arthurdejong.org>

	* [b7cb928] tests/draft-keyprov-securid-aes-counter.pskcxml,
	  tests/test_draft_keyprov.doctest: Add an SecurID-AES-Counter test

	  The test is taken from
	  draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to be
	  valid XML and to fit the schema as described in RFC 6030.

2014-05-31  Arthur de Jong <arthur@arthurdejong.org>

	* [427319f] tests/draft-keyprov-totp.pskcxml,
	  tests/test_draft_keyprov.doctest: Add an TOTP test

	  The test is taken from
	  draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit
	  the schema as described in RFC 6030.

2014-05-31  Arthur de Jong <arthur@arthurdejong.org>

	* [ba49d09] tests/draft-keyprov-ocra.pskcxml,
	  tests/test_draft_keyprov.doctest: Add an OCRA test

	  The test is taken from
	  draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit
	  the schema as described in RFC 6030.

2014-05-31  Arthur de Jong <arthur@arthurdejong.org>

	* [0a66ede] tests/odd-namespace.pskcxml, tests/test_misc.doctest:
	  Add a test for an odd namespace

2014-05-30  Arthur de Jong <arthur@arthurdejong.org>

	* [287afa7] pskc/encryption.py, tests/kw-aes128.pskcxml,
	  tests/kw-aes192.pskcxml, tests/kw-aes256.pskcxml,
	  tests/test_encryption.doctest: Support kw-aes128, kw-aes192
	  and kw-aes256

	  This adds support for key unwrapping using the RFC 3394 or RFC
	  5649 algorithm if the PSKC file uses this.

2014-05-30  Arthur de Jong <arthur@arthurdejong.org>

	* [99ba287] pskc/aeskw.py, tests/test_aeskw.doctest: Implement
	  padding as specified in RFC 5649

	  This adds a pad argument with which padding can be forced or
	  disabled.

2014-05-29  Arthur de Jong <arthur@arthurdejong.org>

	* [ebf8945] pskc/aeskw.py, tests/test_aeskw.doctest: Allow speciying
	  an initial value for key wrapping

2014-05-29  Arthur de Jong <arthur@arthurdejong.org>

	* [5720fe5] pskc/aeskw.py, pskc/exceptions.py,
	  tests/test_aeskw.doctest: Provide an RFC 3394 AES key wrapping
	  algorithm

	  This also introduces an EncryptionError exception.

2014-05-29  Arthur de Jong <arthur@arthurdejong.org>

	* [7164d89] README, docs/usage.rst, pskc/__init__.py,
	  tests/rfc6030-figure10.pskcxml, tests/rfc6030-figure2.pskcxml,
	  tests/rfc6030-figure3.pskcxml, tests/rfc6030-figure4.pskcxml,
	  tests/rfc6030-figure5.pskcxml, tests/rfc6030-figure6.pskcxml,
	  tests/rfc6030-figure7.pskcxml, tests/test_rfc6030.doctest:
	  Always put a space between RFC and number

2014-05-29  Arthur de Jong <arthur@arthurdejong.org>

	* [ccebb69] pskc/encryption.py, tests/test_encryption.doctest,
	  tests/tripledes-cbc.pskcxml: Support Tripple DES decryption

2014-05-29  Arthur de Jong <arthur@arthurdejong.org>

	* [a11f31f] tests/test_invalid.doctest: Add tests for key derivation
	  problems

	  This tests for unknown or missing algorithms and unknown
	  derivation parameters.

2014-05-29  Arthur de Jong <arthur@arthurdejong.org>

	* [0738c94] pskc/encryption.py, pskc/exceptions.py: Raise exception
	  when key derivation fails

	  This also renames the internal function that implements the
	  derivation.

2014-05-29  Arthur de Jong <arthur@arthurdejong.org>

	* [76ef42b] pskc/encryption.py, pskc/exceptions.py,
	  tests/invalid-encryption.pskcxml, tests/test_invalid.doctest:
	  Add test for missing key encryption algorithm

	  This also introduces a toplevel PSKCError exception that all
	  exceptions have as parent.

2014-05-29  Arthur de Jong <arthur@arthurdejong.org>

	* [7f26dc6] tests/aes128-cbc.pskcxml, tests/aes192-cbc.pskcxml,
	  tests/aes256-cbc.pskcxml, tests/test_encryption.doctest: Add
	  test for all AES-CBC encryption schemes

2014-05-29  Arthur de Jong <arthur@arthurdejong.org>

	* [28f2c1c] pskc/encryption.py: Support more AES-CBC encryption
	  schemes

	  This also moves the crypto imports to the places where they are
	  used to avoid a depenency on pycrypto if no encryption is used.

2014-05-29  Arthur de Jong <arthur@arthurdejong.org>

	* [678b127] tests/test_minimal.doctest: Add test for missing
	  secret value

2014-05-25  Arthur de Jong <arthur@arthurdejong.org>

	* [bef2f7d] pskc/__init__.py, pskc/key.py,
	  tests/test_minimal.doctest: Add a function for adding a new key

2014-05-25  Arthur de Jong <arthur@arthurdejong.org>

	* [46f5749] pskc/__init__.py: Consistency improvement

2014-05-25  Arthur de Jong <arthur@arthurdejong.org>

	* [83f5a4b] pskc/__init__.py, tests/test_minimal.doctest: Support
	  creating an empty PSKC instance

2014-05-25  Arthur de Jong <arthur@arthurdejong.org>

	* [820c83c] pskc/encryption.py, pskc/mac.py: Be more lenient in
	  accepting algorithms

2014-05-25  Arthur de Jong <arthur@arthurdejong.org>

	* [02bde47] pskc/key.py: Code simplification

2014-05-25  Arthur de Jong <arthur@arthurdejong.org>

	* [b62fec8] pskc/encryption.py, pskc/exceptions.py,
	  tests/invalid-encryption.pskcxml, tests/test_invalid.doctest,
	  tests/test_rfc6030.doctest: Raise an exception if decryption fails

2014-05-25  Arthur de Jong <arthur@arthurdejong.org>

	* [7bc2e6b] pskc/encryption.py: Make decryption code better readable

2014-05-23  Arthur de Jong <arthur@arthurdejong.org>

	* [714f387] setup.cfg, tests/invalid-notxml.pskcxml,
	  tests/invalid-wrongelement.pskcxml,
	  tests/invalid-wrongversion.pskcxml, tests/test_invalid.doctest:
	  Add tests for invalid PSKC files

2014-05-23  Arthur de Jong <arthur@arthurdejong.org>

	* [803d24c] pskc/__init__.py, pskc/exceptions.py: Raise exceptions
	  on some parsing problems

2014-05-23  Arthur de Jong <arthur@arthurdejong.org>

	* [8c37e26] setup.py: Fix install_requires

2014-05-23  Arthur de Jong <arthur@arthurdejong.org>

	* [8e1729e] ChangeLog, MANIFEST.in, NEWS: Get files ready for
	  0.1 release

2014-05-23  Arthur de Jong <arthur@arthurdejong.org>

	* [15ca643] README, pskc/__init__.py, tests/rfc6030-figure10.pskcxml,
	  tests/rfc6030-figure2.pskcxml, tests/rfc6030-figure3.pskcxml,
	  tests/rfc6030-figure4.pskcxml, tests/rfc6030-figure5.pskcxml,
	  tests/rfc6030-figure6.pskcxml, tests/rfc6030-figure7.pskcxml,
	  tests/test_rfc6030.doctest: Use pskcxml as file name extension

	  This is the extension that is suggested in RFC6030.

2014-05-23  Arthur de Jong <arthur@arthurdejong.org>

	* [44c7d2e] docs/policy.rst, docs/usage.rst: Improve IANA links

2014-05-20  Arthur de Jong <arthur@arthurdejong.org>

	* [cda1c5f] tests/test_rfc6030.doctest: Improve test

	  This tests that, before the PSKC ecnryption is key available,
	  the secret from the key cannot be extracted.

2014-05-19  Arthur de Jong <arthur@arthurdejong.org>

	* [e96c746] docs/_templates/autosummary/module.rst, docs/conf.py,
	  docs/encryption.rst, docs/index.rst, docs/mac.rst, docs/policy.rst,
	  docs/usage.rst: Provide Sphinx documentation

2014-05-18  Arthur de Jong <arthur@arthurdejong.org>

	* [edf4d24] pskc/policy.py: Add missing policy constant

2014-05-18  Arthur de Jong <arthur@arthurdejong.org>

	* [92a994d] pskc/key.py: Fix attribute name in docstring

2014-04-20  Arthur de Jong <arthur@arthurdejong.org>

	* [cc9bbb5] README: Update README

2014-05-17  Arthur de Jong <arthur@arthurdejong.org>

	* [d0a7814] .gitignore, setup.py: Fix dateutil dependency

	  This also ignores downloaded .egg files.

2014-04-19  Arthur de Jong <arthur@arthurdejong.org>

	* [e0159ba] pskc/parse.py: Fix module description

2014-04-19  Arthur de Jong <arthur@arthurdejong.org>

	* [ba17976] pskc/__init__.py, pskc/parse.py: Move PSKC class to
	  toplevel module

	  This also splits the parsing to a parse() function for consistency.

2014-04-19  Arthur de Jong <arthur@arthurdejong.org>

	* [64e207d] pskc/key.py, tests/test_rfc6030.doctest: Provide
	  pskc.key docstrings

	  This documents most of the information that is available per
	  key and adds a few other minor cosmetic changes.

	  This also re-organises the key properties to be in a slightly more
	  logical order and renames the userid key property to key_userid
	  to more clearly distinguish it from device_userid.

2014-04-19  Arthur de Jong <arthur@arthurdejong.org>

	* [6becc61] pskc/parse.py: Provide pskc.parse docstrings

	  This documents most of the API of the parsing functions and the
	  PSKC class.

2014-04-19  Arthur de Jong <arthur@arthurdejong.org>

	* [1d42fbc] pskc/policy.py: Complete pskc.policy docstrings

	  Also contains small consistency improvement.

2014-04-19  Arthur de Jong <arthur@arthurdejong.org>

	* [b07d709] pskc/mac.py: Provide pskc.mac docstrings

	  This also hides two properties that are not part of the public API.

2014-04-19  Arthur de Jong <arthur@arthurdejong.org>

	* [285860e] pskc/encryption.py: Provide pskc.encryption docstrings

	  This documents classes in the pskc.encryption module.

2014-04-19  Arthur de Jong <arthur@arthurdejong.org>

	* [8c9e03d] pskc/key.py, pskc/mac.py, pskc/parse.py, pskc/policy.py:
	  Move Key class to separate module

	  This also allows re-organising the imports a bit.

2014-04-16  Arthur de Jong <arthur@arthurdejong.org>

	* [c883d48] MANIFEST.in, pskc/__init__.py, setup.cfg, setup.py:
	  Add initial setup script

2014-04-14  Arthur de Jong <arthur@arthurdejong.org>

	* [3df6849] COPYING: Include a license file (LGPL)

2014-04-13  Arthur de Jong <arthur@arthurdejong.org>

	* [f08cdb5] tests/rfc6030-figure10.pskc, tests/test_rfc6030.doctest:
	  Add bulk provisioning test from Figure 10

2014-04-13  Arthur de Jong <arthur@arthurdejong.org>

	* [41828cd] pskc/parse.py: Use slightly clearer names

2014-04-12  Arthur de Jong <arthur@arthurdejong.org>

	* [5ab731c] tests/rfc6030-figure7.pskc, tests/test_rfc6030.doctest:
	  Add test for Figure 7 from RFC6030

	  This tests encrypted key derivation using PBKDF2 and a pre-shared
	  passphrase.

2014-04-12  Arthur de Jong <arthur@arthurdejong.org>

	* [a3fd598] pskc/encryption.py: Implement PBKDF2 key derivation

	  This supports deriving the key from a passphrase and information
	  present in the DerivedKey and PBKDF2-params XML elements.

2014-04-12  Arthur de Jong <arthur@arthurdejong.org>

	* [2ff470f] pskc/encryption.py: Add id attribute from EncryptionKey

2014-04-12  Arthur de Jong <arthur@arthurdejong.org>

	* [460f335] tests/rfc6030-figure6.pskc, tests/test_rfc6030.doctest:
	  Add test for Figure 6 from RFC6030

	  This test key encryption with a pre-shared key and MAC checks.

2014-04-12  Arthur de Jong <arthur@arthurdejong.org>

	* [a926ddb] pskc/mac.py, pskc/parse.py: Implement MAC checking

	  This implements message message authentication code checking
	  for the encrypted values if MACMethod and ValueMAC are present.

2014-04-12  Arthur de Jong <arthur@arthurdejong.org>

	* [e53e865] pskc/encryption.py, pskc/parse.py: Support decrypting
	  with a pre-shared key

	  This adds an encryption module that provides wrappers for
	  handling decryption.

2014-04-11  Arthur de Jong <arthur@arthurdejong.org>

	* [3fe0919] pskc/parse.py: Refactor DataType value handling

	  This ensures that DataType values are retrieved dynamically
	  instead of at the time the PSKC file was parsed in order to make
	  decryption work.

2014-04-11  Arthur de Jong <arthur@arthurdejong.org>

	* [591bb5d] pskc/policy.py: Document key and pin usage values

2014-04-11  Arthur de Jong <arthur@arthurdejong.org>

	* [b952b93] tests/rfc6030-figure5.pskc, tests/test_rfc6030.doctest:
	  Add test for Figure 5 from RFC6030

	  This test extraction of key policy information and cross-key
	  references.

2014-04-11  Arthur de Jong <arthur@arthurdejong.org>

	* [e939a96] pskc/parse.py, pskc/policy.py: Implement key policy
	  parsing

	  This parses key policy from PSKC files and provides a few utility
	  methods to help with policy validation.

2014-04-11  Arthur de Jong <arthur@arthurdejong.org>

	* [8c9ac8c] pskc/parse.py: Support parsing date and integer values

2014-04-11  Arthur de Jong <arthur@arthurdejong.org>

	* [6446f7d] tests/rfc6030-figure4.pskc, tests/test_rfc6030.doctest:
	  Add test for Figure 4 from RFC6030

	  This tests for key profile and key reference properties that
	  can be used to reference external keys.

2014-04-07  Arthur de Jong <arthur@arthurdejong.org>

	* [e72369f] tests/rfc6030-figure3.pskc, tests/test_rfc6030.doctest:
	  Add test for Figure 3 from RFC6030

	  This tests Figure 3 from RFC6030 with a very basic plain text
	  secret key and some supplementary data.

2014-04-07  Arthur de Jong <arthur@arthurdejong.org>

	* [2c111a8] pskc/parse.py: Get more data from KeyPackage

	  This gets most simple string values from the KeyPackage as well
	  as some integer and boolean values.

2014-04-07  Arthur de Jong <arthur@arthurdejong.org>

	* [96b4b54] tests/rfc6030-figure2.pskc, tests/test-rfc6030.doctest:
	  Add test for example from RFC6030

	  This tests Figure 2 from RFC6030 with a very basic plain text
	  secret key.

2014-04-07  Arthur de Jong <arthur@arthurdejong.org>

	* [d662cf2] pskc/parse.py: Support getting plaintext key

2014-04-07  Arthur de Jong <arthur@arthurdejong.org>

	* [550630d] tests/test_minimal.doctest: Minimal test

	  This adds a doctest for the absolute minimum PSKC file that does
	  not contain any useful information.

2014-04-07  Arthur de Jong <arthur@arthurdejong.org>

	* [bf8e7f6] pskc/__init__.py, pskc/parse.py: Basic implementation
	  of PSKC class

	  This class is used for handling PSKC files. It will parse the
	  file and store relevant properties for easy access. The Key
	  class corresponds to a single key defined in the PSKC file.

	  This is a very minimal implementation that only provides some
	  meta-data from the file and keys (work in progress).

2014-04-04  Arthur de Jong <arthur@arthurdejong.org>

	* [9803dfc] README: Provide an initial README

2014-04-02  Arthur de Jong <arthur@arthurdejong.org>

	* [c912bb4] .gitignore, pskc/__init__.py: Initial project layout