[Python-modules-commits] [python-pskc] 01/06: Import python-pskc_0.5.orig.tar.gz
Arthur de Jong
adejong at moszumanska.debian.org
Sat Jan 21 21:31:48 UTC 2017
This is an automated email from the git hooks/post-receive script.
adejong pushed a commit to branch master
in repository python-pskc.
commit 3a94d05401f13478ba73266699efeef462793be3
Author: Arthur de Jong <adejong at debian.org>
Date: Sat Jan 21 19:35:09 2017 +0100
Import python-pskc_0.5.orig.tar.gz
---
ChangeLog | 360 ++++++++++++++++++---
NEWS | 22 ++
PKG-INFO | 13 +-
README | 13 +-
docs/conf.py | 2 +-
docs/encryption.rst | 4 +-
docs/usage.rst | 164 ++++++----
pskc/__init__.py | 88 +++--
pskc/algorithms.py | 72 +++++
pskc/crypto/__init__.py | 38 +++
pskc/device.py | 69 ++++
pskc/encryption.py | 329 +++++++------------
pskc/key.py | 329 +++++--------------
pskc/mac.py | 73 +----
pskc/parser.py | 291 +++++++++++++++++
pskc/policy.py | 72 +----
pskc/serialiser.py | 222 +++++++++++++
pskc/xml.py | 30 +-
pskc2csv.py | 4 +-
python_pskc.egg-info/PKG-INFO | 13 +-
python_pskc.egg-info/SOURCES.txt | 31 +-
setup.cfg | 4 +-
setup.py | 4 +-
.../actividentity-3des.pskcxml | 72 ++---
.../ocra.pskcxml | 53 ++-
.../securid-aes-counter.pskcxml | 57 ++--
.../totp.pskcxml | 64 ++--
tests/draft-ietf-keyprov-pskc-02/figure2.pskcxml | 31 ++
tests/draft-ietf-keyprov-pskc-02/figure3.pskcxml | 52 +++
tests/draft-ietf-keyprov-pskc-02/figure4.pskcxml | 51 +++
tests/draft-ietf-keyprov-pskc-02/figure5.pskcxml | 71 ++++
tests/draft-ietf-keyprov-pskc-02/figure6.pskcxml | 63 ++++
tests/draft-ietf-keyprov-pskc-02/figure7.pskcxml | 34 ++
tests/draft-ietf-keyprov-pskc-02/figure8.pskcxml | 68 ++++
tests/draft-ietf-keyprov-pskc-02/figure9.pskcxml | 112 +++++++
tests/encryption/aes128-cbc-noiv.pskcxml | 38 +++
tests/encryption/mac-over-plaintext.pskcxml | 39 +++
tests/encryption/no-mac-key.pskcxml | 32 ++
tests/invalid/incomplete-derivation.pskcxml | 46 +++
tests/invalid/mac-value.pskcxml | 6 +-
...d.pskcxml => missing-encryption-method.pskcxml} | 12 +-
tests/invalid/missing-encryption.pskcxml | 2 +-
tests/invalid/no-mac-method.pskcxml | 2 +-
tests/misc/SampleFullyQualifiedNS.xml | 1 -
tests/misc/policy.pskcxml | 6 +-
tests/rfc6030/figure8.pskcxml | 60 ++++
tests/rfc6030/figure9.pskcxml | 65 ++++
tests/test_actividentity.doctest | 62 ++++
tests/test_aeskw.doctest | 42 ++-
tests/test_crypto.doctest | 76 +++++
tests/test_draft_ietf_keyprov_pskc_02.doctest | 305 +++++++++++++++++
tests/test_encryption.doctest | 60 +++-
.../{test_vendors.doctest => test_feitian.doctest} | 28 +-
tests/test_invalid.doctest | 39 ++-
tests/test_misc.doctest | 41 ++-
tests/test_nagraid.doctest | 54 ++++
tests/test_rfc6030.doctest | 84 ++++-
tests/test_write.doctest | 142 +++++++-
tests/test_yubico.doctest | 149 +++++++++
tests/yubico/example1.pskcxml | 38 +++
tests/yubico/example2.pskcxml | 61 ++++
tests/yubico/example3.pskcxml | 47 +++
62 files changed, 3542 insertions(+), 970 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 3300fd9..b39deaa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,300 @@
+2017-01-15 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [29a183d] tests/test_feitian.doctest, tests/test_nagraid.doctest:
+ Split vendor tests
+
+ Have one doctest file per vendor to make tests a little more
+ manageable.
+
+2017-01-14 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [02eb520] tests/test_yubico.doctest, tests/yubico/example1.pskcxml,
+ tests/yubico/example2.pskcxml, tests/yubico/example3.pskcxml:
+ Add tests for Yubikey files
+
+ This adds tests from draft-josefsson-keyprov-pskc-yubikey-00.
+
+2017-01-13 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [12dfa64] pskc/parser.py, tests/actividentity/test.pskc,
+ tests/test_actividentity.doctest: Support legacy ActivIdentity
+ files
+
+ This adds support for parsing ActivIdentity files that conform
+ to a very old version of an Internet Draft. The implementation
+ and test were based on a file provided by Jaap Ruijgrok.
+
+2017-01-11 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [a5e2343] pskc/parser.py,
+ tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/actividentity-3des.pskcxml,
+ tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/ocra.pskcxml,
+ tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/securid-aes-counter.pskcxml,
+ tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/totp.pskcxml:
+ Use original examples from old profiles Internet Draft
+
+ This updates the tests to use the original examples from
+ draft-hoyer-keyprov-pskc-algorithm-profiles-01 instead of
+ modifying them to fit the RFC 6030 schema (but does include some
+ minor changes to make them valid XML).
+
+ This adds a few additions to the parser to handle legacy challenge
+ and resposne encoding and a few key policy properties.
+
+ This also includes a fix for 0b757ec in the handling of the
+ <ChallengeFormat> element under a <Usage> element.
+
+2016-12-21 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [2f7cb1a] tests/rfc6030/figure8.pskcxml,
+ tests/rfc6030/figure9.pskcxml, tests/test_rfc6030.doctest:
+ Add all figures from RFC 6030 to test suite
+
+ Note that asymmetric encryption and digital signature checking
+ has not yet been implemented so the tests are pretty minimal.
+2016-12-21 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [0b757ec] pskc/parser.py, pskc/xml.py,
+ tests/draft-ietf-keyprov-pskc-02/figure2.pskcxml,
+ tests/draft-ietf-keyprov-pskc-02/figure3.pskcxml,
+ tests/draft-ietf-keyprov-pskc-02/figure4.pskcxml,
+ tests/draft-ietf-keyprov-pskc-02/figure5.pskcxml,
+ tests/draft-ietf-keyprov-pskc-02/figure6.pskcxml,
+ tests/draft-ietf-keyprov-pskc-02/figure7.pskcxml,
+ tests/draft-ietf-keyprov-pskc-02/figure8.pskcxml,
+ tests/draft-ietf-keyprov-pskc-02/figure9.pskcxml,
+ tests/test_draft_ietf_keyprov_pskc_02.doctest: Add support for
+ older Internet Draft version
+
+ This adds support for parsing most examples from
+ draft-ietf-keyprov-pskc-02. That file uses a few other names
+ for elements and attributes of the PSKC file and a few other
+ minor differences.
+
+ The XML parsing has been changed to allow specifying multiple
+ matches and the find*() functions now return the first found match.
+
+ While all examples from draft-ietf-keyprov-pskc-02 are tested
+ support for verifying digital signatures and asymmetric keys
+ have not yet been implemented.
+
+2016-12-19 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [09076f8] tests/test_encryption.doctest: Fix typo in test
+
+2016-12-20 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [46fa5f1] setup.cfg: Fail tests on missing coverage
+
+2016-12-20 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [047a2a9] pskc/key.py, pskc/mac.py,
+ tests/encryption/mac-over-plaintext.pskcxml,
+ tests/invalid/mac-missing.pskcxml, tests/invalid/mac-value.pskcxml,
+ tests/invalid/missing-encryption-method.pskcxml,
+ tests/test_encryption.doctest, tests/test_invalid.doctest:
+ Allow MAC over plaintext or ciphertext
+
+ RFC 6030 implies that the MAC should be performed over the
+ ciphertext but some earlier drafts implied that the MAC should
+ be performed on the plaintext. This change accpets the MAC if
+ either the plaintext or ciphertext match.
+
+ Note that this change allows for a padding oracle attack when
+ CBC encryption modes are used because decryption (and unpadding)
+ needs to be done before MAC checking. However, this module is
+ not expected to be available to users to process arbitrary PSKC
+ files repeatedly.
+
+ This removes the tests for a missing MAC key (and replaces it for
+ tests of missing EncryptionMethod) because falling back to using
+ the encryption key (implemented in a444f78) in combination with
+ this change means that decryption is performed before MAC checking
+ and is no longer possible to trigger a missing MAC key error.
+
+2016-12-19 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [bae7084] pskc/crypto/__init__.py, pskc/encryption.py,
+ tests/test_crypto.doctest: Add sanity checks to unpadding
+
+2016-12-19 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [d864bc8] pskc/serialiser.py: Ensure XML file ends with a newline
+
+2016-12-19 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [c631628] pskc/xml.py: Adapt coverage pragma annotations
+
+ This fixes the pragma directives to be be correct independently
+ of whether lxml is installed or not.
+
+2016-12-19 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [18d82dc] .gitignore, tox.ini: Add Tox configuration
+
+ This sets up Tox with various versions of Python and for each
+ version a run with and without lxml.
+
+2016-12-19 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [71058e2] tests/test_write.doctest: Close read files in tests
+
+ This ensures that the files that are read in the test suite are
+ properly closed to avoid leaking open file descriptors.
+
+2016-12-18 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [f0a0a3b] pskc/parser.py: Support missing or lowercase version
+ attribute
+
+2016-09-26 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [3bf4737] docs/usage.rst: Fix copy-pasto in documentation
+
+ This accidentally slipped in as part of beafc6b. 2016-09-19
+Arthur de Jong <arthur at arthurdejong.org>
+
+ * [02b30a9] pskc/__init__.py, pskc/parser.py, pskc/serialiser.py:
+ Also move outer writing and parsing to modules
+
+2016-09-17 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [b1f8f87] .gitignore, README, pskc/__init__.py: Add writing
+ example to toplevel documentation
+
+2016-09-17 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [e23a467] pskc/key.py: Use custom data descriptors for key
+ properties
+
+ This uses a custom data descriptor (property) for secret, counter,
+ time_offset, time_interval and time_drift.
+
+2016-09-17 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [beafc6b] docs/usage.rst, pskc/__init__.py, pskc/device.py,
+ pskc/key.py, pskc/parser.py, pskc/policy.py, pskc/serialiser.py,
+ tests/test_misc.doctest, tests/test_write.doctest: Support
+ separate device from key
+
+ This allows having multiple keys per device while also maintaining
+ the previous API.
+
+ Note that having multiple keys per device is not allowed by the
+ RFC 6030 schema but is allowed by some older internet drafts.
+
+2016-09-16 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [84bfb8a] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
+ pskc/mac.py, pskc/policy.py, pskc/serialiser.py: Move XML
+ generation to own module
+
+ Similar to the change for parsing, move the XML serialisation
+ of PSKC data to a single class in a separate module.
+
+2016-09-14 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [426e821] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
+ pskc/mac.py, pskc/parser.py, pskc/policy.py: Move document
+ parsing to own module
+
+ This moves all the parse() functions to a single class in a
+ dedicated module that can be used for parsing PSKC files. This
+ should make it easier to subclass the parser.
+
+2016-09-14 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [bf34209] tests/invalid/no-mac-method.pskcxml,
+ tests/test_invalid.doctest, tests/test_rfc6030.doctest: Some
+ minor improvements to the tests
+
+2016-09-12 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [600ae68] pskc/encryption.py, pskc/key.py, pskc/xml.py,
+ setup.cfg, tests/invalid/empty-mac-key.pskcxml,
+ tests/invalid/incomplete-derivation.pskcxml,
+ tests/invalid/missing-encryption.pskcxml,
+ tests/misc/SampleFullyQualifiedNS.xml, tests/misc/policy.pskcxml,
+ tests/test_aeskw.doctest, tests/test_encryption.doctest,
+ tests/test_invalid.doctest, tests/test_misc.doctest,
+ tests/test_write.doctest: Improve branch coverage
+
+ This enables branch coverage testing and adds tests to improve
+ coverage.
+
+2016-09-11 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [713d106] pskc/encryption.py, tests/test_encryption.doctest:
+ Support specifying PRF in setup_pbkdf2()
+
+ This also ensures that the PRF URL is normalised.
+
+2016-09-11 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [ff811c9] pskc/encryption.py: Fix bug in passing explicit key
+ to setup_preshared_key()
+
+2016-09-11 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [fa07aa5] docs/encryption.rst, pskc/encryption.py: Clarify
+ encryption.setup_*() documentation
+
+ This tries to make it clearer that the setup_preshared_key()
+ and setup_pbkdf2() functions are meant to be used when writing
+ out PSKC files.
+
+2016-04-23 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [a444f78] pskc/key.py, pskc/mac.py,
+ tests/encryption/no-mac-key.pskcxml,
+ tests/invalid/mac-missing.pskcxml, tests/test_encryption.doctest,
+ tests/test_invalid.doctest: Fall back to encryption key for MAC
+
+ This uses the encryption key also as MAC key if no MAC key has
+ been specified in the PSKC file. Earlier versions of the PSKC
+ draft specified this behaviour.
+
+2016-04-23 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [9b76135] pskc/encryption.py,
+ tests/encryption/aes128-cbc-noiv.pskcxml,
+ tests/test_encryption.doctest: Allow global specification of IV
+
+ In older versions of the PSKC standard it was allowed to
+ have a global initialization vector for CBC based encryption
+ algorithms. It is probably not a good idea to re-use an IV
+ in general.
+
+2016-04-23 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [d53f05b] pskc/encryption.py, pskc/mac.py: Move crypto to functions
+
+ This makes it much easier to test the encryption, decryption
+ and HMAC processing separate from the PSKC parsing.
+
+2016-04-05 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [5dbfefd] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
+ pskc/policy.py: Remove parse call from constructors
+
+ This makes the creation if internal instances a litte more
+ consistent.
+
+2016-04-05 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [0d7caf1] pskc/algorithms.py, pskc/encryption.py, pskc/mac.py:
+ Move algorithm uri handling to separate module
+
+2016-03-29 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [22ba9f1] pskc/crypto/__init__.py, pskc/encryption.py: Move
+ padding functions to crypto package
+
+2016-03-28 Arthur de Jong <arthur at arthurdejong.org>
+
+ * [efbe94c] ChangeLog, NEWS, pskc/__init__.py, setup.py: Get files
+ ready for 0.4 release
+
2016-03-26 Arthur de Jong <arthur at arthurdejong.org>
* [0c57335] docs/policy.rst: Document may_use() policy function
@@ -134,7 +431,6 @@
2016-03-19 Arthur de Jong <arthur at arthurdejong.org>
* [cadc6d9] pskc/key.py, pskc/mac.py,
- tests/invalid/encryption.pskcxml,
tests/invalid/missing-encryption.pskcxml,
tests/invalid/not-boolean.pskcxml,
tests/invalid/not-integer.pskcxml,
@@ -205,16 +501,10 @@
2016-01-24 Arthur de Jong <arthur at arthurdejong.org>
* [c86aaea] README, pskc/__init__.py,
- tests/SampleFullyQualifiedNS.xml, tests/aes128-cbc.pskcxml,
- tests/aes192-cbc.pskcxml, tests/aes256-cbc.pskcxml,
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/actividentity-3des.pskcxml,
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/ocra.pskcxml,
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/securid-aes-counter.pskcxml,
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/totp.pskcxml,
- tests/draft-keyprov-actividentity-3des.pskcxml,
- tests/draft-keyprov-ocra.pskcxml,
- tests/draft-keyprov-securid-aes-counter.pskcxml,
- tests/draft-keyprov-totp.pskcxml,
tests/encryption/aes128-cbc.pskcxml,
tests/encryption/aes192-cbc.pskcxml,
tests/encryption/aes256-cbc.pskcxml,
@@ -223,32 +513,21 @@
tests/encryption/kw-aes256.pskcxml,
tests/encryption/kw-tripledes.pskcxml,
tests/encryption/tripledes-cbc.pskcxml,
- tests/invalid-encryption.pskcxml,
- tests/invalid-mac-algorithm.pskcxml,
- tests/invalid-mac-value.pskcxml,
- tests/invalid-no-mac-method.pskcxml, tests/invalid-notxml.pskcxml,
- tests/invalid-wrongelement.pskcxml,
- tests/invalid-wrongversion.pskcxml,
tests/invalid/encryption.pskcxml,
tests/invalid/mac-algorithm.pskcxml,
tests/invalid/mac-value.pskcxml,
- tests/invalid/no-mac-method.pskcxml,
- tests/invalid/notxml.pskcxml, tests/invalid/wrongelement.pskcxml,
- tests/invalid/wrongversion.pskcxml, tests/kw-aes128.pskcxml,
- tests/kw-aes192.pskcxml, tests/kw-aes256.pskcxml,
- tests/kw-tripledes.pskcxml, tests/misc/SampleFullyQualifiedNS.xml,
- tests/misc/odd-namespace.pskcxml, tests/odd-namespace.pskcxml,
- tests/rfc6030-figure10.pskcxml, tests/rfc6030-figure2.pskcxml,
- tests/rfc6030-figure3.pskcxml, tests/rfc6030-figure4.pskcxml,
- tests/rfc6030-figure5.pskcxml, tests/rfc6030-figure6.pskcxml,
- tests/rfc6030-figure7.pskcxml, tests/rfc6030/figure10.pskcxml,
+ tests/invalid/no-mac-method.pskcxml, tests/invalid/notxml.pskcxml,
+ tests/invalid/wrongelement.pskcxml,
+ tests/invalid/wrongversion.pskcxml,
+ tests/misc/SampleFullyQualifiedNS.xml,
+ tests/misc/odd-namespace.pskcxml, tests/rfc6030/figure10.pskcxml,
tests/rfc6030/figure2.pskcxml, tests/rfc6030/figure3.pskcxml,
tests/rfc6030/figure4.pskcxml, tests/rfc6030/figure5.pskcxml,
tests/rfc6030/figure6.pskcxml, tests/rfc6030/figure7.pskcxml,
tests/test_draft_keyprov.doctest, tests/test_encryption.doctest,
tests/test_invalid.doctest, tests/test_misc.doctest,
- tests/test_rfc6030.doctest, tests/test_write.doctest,
- tests/tripledes-cbc.pskcxml: Re-organise test files
+ tests/test_rfc6030.doctest, tests/test_write.doctest: Re-organise
+ test files
This puts the test PSKC files in subdirectories so they can be
organised more cleanly.
@@ -407,11 +686,10 @@
2014-06-30 Arthur de Jong <arthur at arthurdejong.org>
- * [1363564] pskc/aeskw.py, pskc/crypto/__init__.py,
- pskc/crypto/aeskw.py, pskc/crypto/tripledeskw.py,
- pskc/encryption.py, pskc/tripledeskw.py, tests/test_aeskw.doctest,
- tests/test_tripledeskw.doctest: Move encryption functions in
- pskc.crypto package
+ * [1363564] pskc/crypto/__init__.py, pskc/crypto/aeskw.py,
+ pskc/crypto/tripledeskw.py, pskc/encryption.py,
+ tests/test_aeskw.doctest, tests/test_tripledeskw.doctest: Move
+ encryption functions in pskc.crypto package
This moves the encryption functions under the pskc.crypto package
to more clearly separate it from the other code. Ideally this
@@ -420,8 +698,8 @@
2014-06-30 Arthur de Jong <arthur at arthurdejong.org>
* [e468ebe] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
- pskc/mac.py, pskc/parse.py, pskc/policy.py, pskc/xml.py: Rename
- pskc.parse to pskc.xml
+ pskc/mac.py, pskc/policy.py, pskc/xml.py: Rename pskc.parse
+ to pskc.xml
This renames the parse module to xml to better reflect the
purpose of the module and it's functions.
@@ -831,15 +1109,11 @@
2014-05-23 Arthur de Jong <arthur at arthurdejong.org>
- * [15ca643] README, pskc/__init__.py, tests/rfc6030-figure10.pskc,
- tests/rfc6030-figure10.pskcxml, tests/rfc6030-figure2.pskc,
- tests/rfc6030-figure2.pskcxml, tests/rfc6030-figure3.pskc,
- tests/rfc6030-figure3.pskcxml, tests/rfc6030-figure4.pskc,
- tests/rfc6030-figure4.pskcxml, tests/rfc6030-figure5.pskc,
- tests/rfc6030-figure5.pskcxml, tests/rfc6030-figure6.pskc,
- tests/rfc6030-figure6.pskcxml, tests/rfc6030-figure7.pskc,
- tests/rfc6030-figure7.pskcxml, tests/test_rfc6030.doctest:
- Use pskcxml as file name extension
+ * [15ca643] README, pskc/__init__.py, tests/rfc6030-figure10.pskcxml,
+ tests/rfc6030-figure2.pskcxml, tests/rfc6030-figure3.pskcxml,
+ tests/rfc6030-figure4.pskcxml, tests/rfc6030-figure5.pskcxml,
+ tests/rfc6030-figure6.pskcxml, tests/rfc6030-figure7.pskcxml,
+ tests/test_rfc6030.doctest: Use pskcxml as file name extension
This is the extension that is suggested in RFC6030.
@@ -1034,8 +1308,8 @@
2014-04-07 Arthur de Jong <arthur at arthurdejong.org>
- * [e72369f] tests/rfc6030-figure3.pskc, tests/test-rfc6030.doctest,
- tests/test_rfc6030.doctest: Add test for Figure 3 from RFC6030
+ * [e72369f] tests/rfc6030-figure3.pskc, tests/test_rfc6030.doctest:
+ Add test for Figure 3 from RFC6030
This tests Figure 3 from RFC6030 with a very basic plain text
secret key and some supplementary data.
diff --git a/NEWS b/NEWS
index b1b4c1e..69459af 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,25 @@
+changes from 0.4 to 0.5
+-----------------------
+
+* numerous compatibility improvements for reading PSKC files that do not
+ follow the RFC 6030 schema exactly: specifically accept a number of old
+ Internet Draft specifications that preceded RFC 6030 and support an
+ ActivIdentity file format
+* split device information from key information (keep old API available) to
+ allow multiple keys per device (this is not allowed by RFC 6030 but was
+ allowed in older Internet Drafts)
+* accept MAC to be over plaintext in addition to ciphertext
+* fall back to using encryption key as MAC key
+* refactoring of some encryption, parsing and serialising functionality into
+ separate modules for better maintainability
+* add configuration for running test suite via Tox
+* addition of a large number of test cases, bringing the branch coverage to
+ 100%
+* documentation improvements
+* drop official support for Python 2.6 (the module still works but is just no
+ longer tested with it)
+
+
changes from 0.3 to 0.4
-----------------------
diff --git a/PKG-INFO b/PKG-INFO
index f9a15a5..2b22cb0 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: python-pskc
-Version: 0.4
+Version: 0.5
Summary: Python module for handling PSKC files
Home-page: http://arthurdejong.org/python-pskc/
Author: Arthur de Jong
@@ -25,6 +25,15 @@ Description: Python module for handling PSKC files
... print('%s %s' % (key.serial, str(key.secret.decode())))
987654321 12345678901234567890
+ The following generates an encrypted PSKC file:
+
+ >>> pskc = PSKC()
+ >>> key = pskc.add_key(
+ ... id='456', secret='987654321', manufacturer='Manufacturer',
+ ... algorithm = 'urn:ietf:params:xml:ns:keyprov:pskc:hotp')
+ >>> pskc.encryption.setup_pbkdf2('passphrase')
+ >>> pskc.write('output.pskcxml')
+
The module should be able to handle most common PSKC files.
Keywords: PSKC,RFC 6030,key container
@@ -37,11 +46,11 @@ Classifier: License :: OSI Approved :: GNU Lesser General Public License v2 or l
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 2
-Classifier: Programming Language :: Python :: 2.6
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.4
Classifier: Programming Language :: Python :: 3.5
+Classifier: Programming Language :: Python :: 3.6
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Classifier: Topic :: System :: Systems Administration :: Authentication/Directory
diff --git a/README b/README
index d52ded3..3b70159 100644
--- a/README
+++ b/README
@@ -19,7 +19,7 @@ API
The module provides a straightforward API that is mostly geared towards
parsing existing PSKC files.
-Extracting key material from encrypted PSKC files is as simple as.
+Extracting key material from encrypted PSKC files is as simple as:
>>> from pskc import PSKC
>>> pskc = PSKC('tests/rfc6030/figure7.pskcxml')
@@ -28,6 +28,15 @@ Extracting key material from encrypted PSKC files is as simple as.
... print key.serial, key.secret
987654321 12345678901234567890
+Writing am encrypted PSKC file is as simple as:
+
+>>> pskc = PSKC()
+>>> key = pskc.add_key(
+... id='456', secret='987654321', manufacturer='Manufacturer',
+... algorithm = 'urn:ietf:params:xml:ns:keyprov:pskc:hotp')
+>>> pskc.encryption.setup_pbkdf2('passphrase')
+>>> pskc.write('output.pskcxml')
+
The key object has a number of properties. See the pskc.key.Key documentation
for details.
@@ -44,7 +53,7 @@ private key material.
Copyright
---------
-Copyright (C) 2014-2016 Arthur de Jong
+Copyright (C) 2014-2017 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
diff --git a/docs/conf.py b/docs/conf.py
index 5a7ecbf..d7ad826 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -46,7 +46,7 @@ master_doc = 'index'
# General information about the project.
project = u'python-pskc'
-copyright = u'2014-2016 Arthur de Jong'
+copyright = u'2014-2017 Arthur de Jong'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
diff --git a/docs/encryption.rst b/docs/encryption.rst
index cafdb74..59242dd 100644
--- a/docs/encryption.rst
+++ b/docs/encryption.rst
@@ -93,7 +93,7 @@ The Encryption class
.. function:: setup_preshared_key(...)
- Configure pre-shared key encryption.
+ Configure pre-shared key encryption when writing the file.
:param binary key: the encryption key to use
:param str id: encryption key identifier
@@ -119,7 +119,7 @@ The Encryption class
.. function:: setup_pbkdf2(...)
- Configure password-based PSKC encryption.
+ Configure password-based PSKC encryption when writing the file.
:param str password: the password to use (required)
:param str id: encryption key identifier
diff --git a/docs/usage.rst b/docs/usage.rst
index 5e0edfc..47ea04b 100644
--- a/docs/usage.rst
+++ b/docs/usage.rst
@@ -3,8 +3,9 @@ Basic usage
The :mod:`pskc` module implements a simple and efficient API for parsing and
creating PSKC files. The :class:`~pskc.PSKC` class is used to access the file
-as a whole which provides access to a list of :class:`~pskc.key.Key`
-instances which contain most of the useful information of the PSKC file.
+as a whole which provides access to a list of :class:`~pskc.device.Device`
+and :class:`~pskc.key.Key` instances which contain most of the useful
+information of the PSKC file.
Reading a PSKC file
@@ -89,6 +90,11 @@ The PSKC class
A unique identifier for the container.
+ .. attribute:: devices
+
+ A list of :class:`~pskc.device.Device` instances that represent the key
+ containers within the PSKC file.
+
.. attribute:: keys
A list of :class:`~pskc.key.Key` instances that represent the keys
@@ -105,11 +111,18 @@ The PSKC class
See :doc:`mac` for more information.
+ .. function:: add_device([**kwargs])
+
+ Add a new key package to the PSKC instance. The keyword arguments may
+ refer to any attributes of the :class:`~pskc.device.Device` class with
+ which the new device is initialised.
+
.. function:: add_key([**kwargs])
Add a new key to the PSKC instance. The keyword arguments may refer to
- any attributes of the :class:`~pskc.key.Key` class with which the new
- key is initialised.
+ any attributes of the :class:`~pskc.key.Key` or
+ :class:`~pskc.device.Device` class with which the new key is
+ initialised.
.. function:: write(filename)
@@ -186,7 +199,7 @@ The Key class
.. attribute:: issuer
The name of the party that issued the key. This may be different from
- the :attr:`manufacturer` of the device.
+ the :attr:`~pskc.device.Device.manufacturer` of the device.
.. attribute:: key_profile
@@ -208,62 +221,7 @@ The Key class
.. attribute:: key_userid
The distinguished name of the user associated with the key.
- Also see :attr:`device_userid`.
-
- .. attribute:: manufacturer
-
- The name of the manufacturer of the device to which the key is
- provisioned.
- `RFC 6030 <https://tools.ietf.org/html/rfc6030#section-4.3.1>`__
- prescribes that the value is of the form ``oath.prefix`` for `OATH
- Manufacturer Prefixes <http://www.openauthentication.org/oath-id/prefixes/>`_
- or ``iana.organisation`` for `IANA Private Enterprise Numbers
- <https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers>`_
- however, it is generally just a string. The value may be different from
- the :attr:`issuer` of the key on the device.
-
- .. attribute:: serial
-
- The serial number of the device to which the key is provisioned.
- Together with :attr:`manufacturer` (and possibly :attr:`issue_no`) this
- should uniquely identify the device.
-
- .. attribute:: model
-
- A manufacturer-specific description of the model of the device.
-
- .. attribute:: issue_no
-
- The issue number in case there are devices with the same :attr:`serial`
- number so that they can be distinguished by different issue numbers.
-
- .. attribute:: device_binding
-
- Reference to a device identifier (e.g. IMEI) that allows a provisioning
- server to ensure that the key is going to be loaded into a specific
- device.
-
- .. attribute:: start_date
-
- :class:`datetime.datetime` value that indicates that the device should
- only be used after this date.
-
- .. attribute:: expiry_date
-
- :class:`datetime.datetime` value that indicates that the device should
- only be used before this date. Systems should not rely upon the device
- to enforce key usage date restrictions, as some devices do not have an
- internal clock.
-
- .. attribute:: device_userid
-
- The distinguished name of the user associated with the device.
- Also see :attr:`key_userid`.
-
- .. attribute:: crypto_module
-
- Implementation specific unique identifier of the cryptographic module
- on the device to which the keys have been (or will be) provisioned.
+ Also see :attr:`~pskc.device.Device.device_userid`.
.. attribute:: algorithm_suite
@@ -322,3 +280,87 @@ The Key class
This will return None if there is no MAC to be checked. It will return
True if all the MACs match. If any MAC fails a
:exc:`~pskc.exceptions.DecryptionError` exception is raised.
+
+ Apart from the above, all properties of the :class:`~pskc.device.Device`
+ class are also transparently available in :class:`~pskc.key.Key`
+ instances.
+
+
+The Device class
+----------------
+
+.. module:: pskc.device
+
+.. class:: Device()
+
+ Instances of this class provide the following attributes and functions:
+
+ .. attribute:: keys
+
+ A list of :class:`~pskc.key.Key` instances that represent the keys that
+ are linked to this device. Most PSKC files only allow one key per
+ device which is why all :class:`~pskc.device.Device` attributes are
+ available in :class:`~pskc.key.Key`.
+
+ .. function:: add_key([**kwargs])
+
+ Add a new key to the device. The keyword arguments may refer to
+ any attributes of the :class:`~pskc.key.Key` or
+ :class:`~pskc.device.Device` class with which the new key is
+ initialised.
+
+ .. attribute:: manufacturer
+
+ The name of the manufacturer of the device to which the key is
+ provisioned.
+ `RFC 6030 <https://tools.ietf.org/html/rfc6030#section-4.3.1>`__
+ prescribes that the value is of the form ``oath.prefix`` for `OATH
+ Manufacturer Prefixes <http://www.openauthentication.org/oath-id/prefixes/>`_
+ or ``iana.organisation`` for `IANA Private Enterprise Numbers
+ <https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers>`_
+ however, it is generally just a string.
+ The value may be different from the :attr:`~pskc.key.Key.issuer` of
+ the key on the device.
+
+ .. attribute:: serial
+
+ The serial number of the device to which the key is provisioned.
+ Together with :attr:`manufacturer` (and possibly :attr:`issue_no`) this
+ should uniquely identify the device.
+
+ .. attribute:: model
+
+ A manufacturer-specific description of the model of the device.
+
+ .. attribute:: issue_no
+
+ The issue number in case there are devices with the same :attr:`serial`
+ number so that they can be distinguished by different issue numbers.
+
+ .. attribute:: device_binding
+
+ Reference to a device identifier (e.g. IMEI) that allows a provisioning
+ server to ensure that the key is going to be loaded into a specific
+ device.
+
+ .. attribute:: start_date
+
+ :class:`datetime.datetime` value that indicates that the device should
+ only be used after this date.
+
+ .. attribute:: expiry_date
+
+ :class:`datetime.datetime` value that indicates that the device should
+ only be used before this date. Systems should not rely upon the device
+ to enforce key usage date restrictions, as some devices do not have an
+ internal clock.
+
+ .. attribute:: device_userid
+
+ The distinguished name of the user associated with the device.
+ Also see :attr:`~pskc.key.Key.key_userid`.
+
+ .. attribute:: crypto_module
+
+ Implementation specific unique identifier of the cryptographic module
+ on the device to which the keys have been (or will be) provisioned.
diff --git a/pskc/__init__.py b/pskc/__init__.py
index 843a919..c63bc0e 100644
--- a/pskc/__init__.py
+++ b/pskc/__init__.py
@@ -1,7 +1,7 @@
# __init__.py - main module
# coding: utf-8
#
-# Copyright (C) 2014-2016 Arthur de Jong
+# Copyright (C) 2014-2017 Arthur de Jong
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -37,6 +37,15 @@ The following prints all keys, decrypting using a password:
... print('%s %s' % (key.serial, str(key.secret.decode())))
987654321 12345678901234567890
+The following generates an encrypted PSKC file:
+
+>>> pskc = PSKC()
+>>> key = pskc.add_key(
+... id='456', secret='987654321', manufacturer='Manufacturer',
+... algorithm = 'urn:ietf:params:xml:ns:keyprov:pskc:hotp')
+>>> pskc.encryption.setup_pbkdf2('passphrase')
+>>> pskc.write('output.pskcxml')
+
The module should be able to handle most common PSKC files.
"""
@@ -45,7 +54,7 @@ __all__ = ['PSKC', '__version__']
# the version number of the library
-__version__ = '0.4'
+__version__ = '0.5'
class PSKC(object):
@@ -57,68 +66,50 @@ class PSKC(object):
id: identifier
encryption: information on used encryption (Encryption instance)
mac: information on used MAC method (MAC instance)
+ devices: list of devices (Device instances)
keys: list of keys (Key instances)
"""
def __init__(self, filename=None):
from pskc.encryption import Encryption
- from pskc.exceptions import ParseError
from pskc.mac import MAC
self.version = None
self.id = None
self.encryption = Encryption(self)
self.mac = MAC(self)
- self.keys = []
+ self.devices = []
if filename is not None:
- from pskc.xml import parse, remove_namespaces
- try:
- tree = parse(filename)
- except Exception:
- raise ParseError('Error parsing XML')
- remove_namespaces(tree)
- self.parse(tree.getroot())
+ from pskc.parser import PSKCParser
+ PSKCParser.parse_file(self, filename)
else:
self.version = '1.0'
- def parse(self, container):
- """Read information from the provided <KeyContainer> tree."""
- from pskc.exceptions import ParseError
- from pskc.key import Key
- from pskc.xml import find, findall
- if container.tag != 'KeyContainer':
- raise ParseError('Missing KeyContainer')
- # the version of the PSKC schema
- self.version = container.get('Version')
- if self.version != '1.0':
- raise ParseError('Unsupported version %r' % self.version)
- # unique identifier for the container
- self.id = container.get('Id')
- # handle EncryptionKey entries
- self.encryption.parse(find(container, 'EncryptionKey'))
- # handle MACMethod entries
- self.mac.parse(find(container, 'MACMethod'))
- # handle KeyPackage entries
- for key_package in findall(container, 'KeyPackage'):
- self.keys.append(Key(self, key_package))
-
- def make_xml(self):
- from pskc.xml import mk_elem
- container = mk_elem('pskc:KeyContainer', Version=self.version,
- Id=self.id)
- self.encryption.make_xml(container)
- self.mac.make_xml(container)
- for key in self.keys:
- key.make_xml(container)
- return container
+ @property
+ def keys(self):
+ return tuple(key for device in self.devices for key in device.keys)
+
+ def add_device(self, **kwargs):
+ """Create a new device instance for the PSKC file.
+
+ The device is initialised with properties from the provided keyword
+ arguments if any."""
+ from pskc.device import Device
+ device = Device(self)
+ self.devices.append(device)
+ # assign the kwargs as key properties
+ for k, v in kwargs.items():
+ if not hasattr(device, k):
+ raise AttributeError()
+ setattr(device, k, v)
+ return device
def add_key(self, **kwargs):
"""Create a new key instance for the PSKC file.
The new key is initialised with properties from the provided keyword
arguments if any."""
- from pskc.key import Key
- key = Key(self)
- self.keys.append(key)
+ device = self.add_device()
+ key = device.add_key()
# assign the kwargs as key properties
for k, v in kwargs.items():
if not hasattr(key, k):
@@ -128,14 +119,9 @@ class PSKC(object):
def write(self, filename):
"""Write the PSKC file to the provided file."""
- from pskc.xml import tostring
+ from pskc.serialiser import PSKCSerialiser
if hasattr(filename, 'write'):
- xml = tostring(self.make_xml())
- try:
- filename.write(xml)
- except TypeError: # pragma: no cover (Python 3 specific)
- # fall back to writing as string for Python 3
- filename.write(xml.decode('utf-8'))
+ PSKCSerialiser.serialise_file(self, filename)
else:
with open(filename, 'wb') as output:
... 4892 lines suppressed ...
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-pskc.git
More information about the Python-modules-commits
mailing list