1
2014-06-19 Arthur de Jong <arthur@arthurdejong.org>
3
* [62c9af4] pskc/__init__.py: Only catch normal exceptions
5
2014-06-18 Arthur de Jong <arthur@arthurdejong.org>
7
* [deb57d7] pskc/__init__.py: Remove unused import
9
2014-06-17 Arthur de Jong <arthur@arthurdejong.org>
11
* [178ef1c] pskc/encryption.py: PEP8 fix
13
2014-06-17 Arthur de Jong <arthur@arthurdejong.org>
15
* [7435552] pskc/exceptions.py: Remove __str__ from exception
17
The message property has been deprecated as of Python 2.6 and
18
printing the first argument is the default.
20
2014-06-16 Arthur de Jong <arthur@arthurdejong.org>
22
* [f084735] README, docs/encryption.rst, docs/exceptions.rst,
23
docs/index.rst, docs/mac.rst, docs/policy.rst, docs/usage.rst:
26
This updates the documentation with the current API, adding
27
information on exceptions raised, HMAC algorithms supported and
28
changes to the MAC checking.
30
This also includes some editorial changes to some of the text and
31
making references shorter by not including the full package path.
33
2014-06-15 Arthur de Jong <arthur@arthurdejong.org>
35
* [d84e761] pskc/parse.py: Simplify finding ElementTree
38
These are the only ElementTree implementations that have been
39
tested to provide the needed functionality (mostly namespaces).
41
2014-06-15 Arthur de Jong <arthur@arthurdejong.org>
43
* [50b429d] pskc/key.py, pskc/parse.py, pskc/policy.py: Refactor
44
out some functions to parse
46
This introduces the getint() and getbool() functions in parse
47
to avoid some code duplication.
49
2014-06-15 Arthur de Jong <arthur@arthurdejong.org>
51
* [9a16ce4] pskc/key.py, tests/test_misc.doctest: Add support for
54
This supports setters for the secret, counter, time_offset,
55
time_interval and time_drift properties. Setting these values
56
stores the values unencrypted internally.
58
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
60
* [1b9ee9f] pskc/encryption.py: Support PBKDF2 PRF argument
62
Support specifying a pseudorandom function for PBKDF2 key
63
derivation. It currently supports any HMAC that the MAC checking
66
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
68
* [79b9a7d] pskc/mac.py: Provide a get_hmac() function
70
Refactor the functionality to find an HMAC function into a
73
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
75
* [1417d4a] tests/invalid-mac-algorithm.pskcxml,
76
tests/invalid-mac-value.pskcxml,
77
tests/invalid-no-mac-method.pskcxml, tests/test_invalid.doctest:
78
Add tests for missing or invalid MAC
80
This tests for incomplete, unknown or invalid MACs in PSKC files.
82
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
84
* [9d8aae0] pskc/key.py, pskc/mac.py: Raise exception when MAC
87
This changes the way the check() function works to raise an
88
exception when the MAC is not correct. The MAC is also now always
89
checked before attempting decryption.
91
This also renames the internal DataType.value property to a
92
get_value() method for clarity.
94
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
96
* [699ecf8] pskc/encryption.py: Handle missing MAC algorithm properly
98
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
100
* [01e102b] tests/aes128-cbc.pskcxml, tests/aes192-cbc.pskcxml,
101
tests/aes256-cbc.pskcxml, tests/test_encryption.doctest,
102
tests/tripledes-cbc.pskcxml: Add MAC tests to all CBC encrypted
105
This adds hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512
106
tests for values that are encrypted using CBC block cypher modes.
108
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
110
* [59e790e] pskc/mac.py: Automatically support all MACs in hashlib
112
This uses the name of the hash to automatically get the correct
113
hash object from Python's hashlib.
115
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
117
* [566e447] pskc/__init__.py, pskc/parse.py, setup.py: Support
118
various ElementTree implementations
120
When using a recent enough lxml, even Python 2.6 should work
121
now. The most important requirement is that the findall()
122
function supports the namespaces argument.
124
This also now catches all exceptions when parsing the PSKC file
125
fails and wraps it in ParseError because various implementations
126
raise different exceptions, even between versions (Python 2.6's
127
ElementTree raises ExpatError, lxml raises XMLSyntaxError).
129
2014-06-13 Arthur de Jong <arthur@arthurdejong.org>
131
* [5d60ee2] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
132
pskc/mac.py, pskc/parse.py, pskc/policy.py: Have parse module
133
provide find() functions
135
This changes the parse module functions to better match the
136
ElementTree API and extends it with findint(), findtime()
139
It also passes the namespaces to all calls that require it
140
without duplicating this throughout the normal code.
142
2014-06-11 Arthur de Jong <arthur@west.nl>
144
* [6a34c01] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
145
pskc/mac.py, pskc/policy.py: Use get() instead of attrib.get()
148
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
150
* [4d92b93] pskc/encryption.py, tests/kw-tripledes.pskcxml,
151
tests/test_encryption.doctest: Support kw-tripledes decryption
153
This adds support for key unwrapping using the RFC 3217 Triple
154
DES key wrap algorithm if the PSKC file uses this.
156
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
158
* [fd71f01] pskc/tripledeskw.py, tests/test_tripledeskw.doctest:
159
Implement RFC 3217 Triple DES key wrapping
161
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
163
* [f639318] tests/test_minimal.doctest, tests/test_misc.doctest:
164
Merge test_minimal into test_misc
166
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
168
* [1e7f861] tests/draft-keyprov-actividentity-3des.pskcxml,
169
tests/test_draft_keyprov.doctest: Add an ActivIdentity-3DES test
171
The test is taken from
172
draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit
173
the schema as described in RFC 6030.
175
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
177
* [b7cb928] tests/draft-keyprov-securid-aes-counter.pskcxml,
178
tests/test_draft_keyprov.doctest: Add an SecurID-AES-Counter test
180
The test is taken from
181
draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to be
182
valid XML and to fit the schema as described in RFC 6030.
184
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
186
* [427319f] tests/draft-keyprov-totp.pskcxml,
187
tests/test_draft_keyprov.doctest: Add an TOTP test
189
The test is taken from
190
draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit
191
the schema as described in RFC 6030.
193
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
195
* [ba49d09] tests/draft-keyprov-ocra.pskcxml,
196
tests/test_draft_keyprov.doctest: Add an OCRA test
198
The test is taken from
199
draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit
200
the schema as described in RFC 6030.
202
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
204
* [0a66ede] tests/odd-namespace.pskcxml, tests/test_misc.doctest:
205
Add a test for an odd namespace
207
2014-05-30 Arthur de Jong <arthur@arthurdejong.org>
209
* [287afa7] pskc/encryption.py, tests/kw-aes128.pskcxml,
210
tests/kw-aes192.pskcxml, tests/kw-aes256.pskcxml,
211
tests/test_encryption.doctest: Support kw-aes128, kw-aes192
214
This adds support for key unwrapping using the RFC 3394 or RFC
215
5649 algorithm if the PSKC file uses this.
217
2014-05-30 Arthur de Jong <arthur@arthurdejong.org>
219
* [99ba287] pskc/aeskw.py, tests/test_aeskw.doctest: Implement
220
padding as specified in RFC 5649
222
This adds a pad argument with which padding can be forced or
225
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
227
* [ebf8945] pskc/aeskw.py, tests/test_aeskw.doctest: Allow speciying
228
an initial value for key wrapping
230
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
232
* [5720fe5] pskc/aeskw.py, pskc/exceptions.py,
233
tests/test_aeskw.doctest: Provide an RFC 3394 AES key wrapping
236
This also introduces an EncryptionError exception.
238
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
240
* [7164d89] README, docs/usage.rst, pskc/__init__.py,
241
tests/rfc6030-figure10.pskcxml, tests/rfc6030-figure2.pskcxml,
242
tests/rfc6030-figure3.pskcxml, tests/rfc6030-figure4.pskcxml,
243
tests/rfc6030-figure5.pskcxml, tests/rfc6030-figure6.pskcxml,
244
tests/rfc6030-figure7.pskcxml, tests/test_rfc6030.doctest:
245
Always put a space between RFC and number
247
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
249
* [ccebb69] pskc/encryption.py, tests/test_encryption.doctest,
250
tests/tripledes-cbc.pskcxml: Support Tripple DES decryption
252
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
254
* [a11f31f] tests/test_invalid.doctest: Add tests for key derivation
257
This tests for unknown or missing algorithms and unknown
258
derivation parameters.
260
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
262
* [0738c94] pskc/encryption.py, pskc/exceptions.py: Raise exception
263
when key derivation fails
265
This also renames the internal function that implements the
268
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
270
* [76ef42b] pskc/encryption.py, pskc/exceptions.py,
271
tests/invalid-encryption.pskcxml, tests/test_invalid.doctest:
272
Add test for missing key encryption algorithm
274
This also introduces a toplevel PSKCError exception that all
275
exceptions have as parent.
277
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
279
* [7f26dc6] tests/aes128-cbc.pskcxml, tests/aes192-cbc.pskcxml,
280
tests/aes256-cbc.pskcxml, tests/test_encryption.doctest: Add
281
test for all AES-CBC encryption schemes
283
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
285
* [28f2c1c] pskc/encryption.py: Support more AES-CBC encryption
288
This also moves the crypto imports to the places where they are
289
used to avoid a depenency on pycrypto if no encryption is used.
291
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
293
* [678b127] tests/test_minimal.doctest: Add test for missing
296
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
298
* [bef2f7d] pskc/__init__.py, pskc/key.py,
299
tests/test_minimal.doctest: Add a function for adding a new key
301
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
303
* [46f5749] pskc/__init__.py: Consistency improvement
305
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
307
* [83f5a4b] pskc/__init__.py, tests/test_minimal.doctest: Support
308
creating an empty PSKC instance
310
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
312
* [820c83c] pskc/encryption.py, pskc/mac.py: Be more lenient in
315
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
317
* [02bde47] pskc/key.py: Code simplification
319
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
321
* [b62fec8] pskc/encryption.py, pskc/exceptions.py,
322
tests/invalid-encryption.pskcxml, tests/test_invalid.doctest,
323
tests/test_rfc6030.doctest: Raise an exception if decryption fails
325
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
327
* [7bc2e6b] pskc/encryption.py: Make decryption code better readable
329
2014-05-23 Arthur de Jong <arthur@arthurdejong.org>
331
* [714f387] setup.cfg, tests/invalid-notxml.pskcxml,
332
tests/invalid-wrongelement.pskcxml,
333
tests/invalid-wrongversion.pskcxml, tests/test_invalid.doctest:
334
Add tests for invalid PSKC files
336
2014-05-23 Arthur de Jong <arthur@arthurdejong.org>
338
* [803d24c] pskc/__init__.py, pskc/exceptions.py: Raise exceptions
339
on some parsing problems
341
2014-05-23 Arthur de Jong <arthur@arthurdejong.org>
343
* [8c37e26] setup.py: Fix install_requires
345
2014-05-23 Arthur de Jong <arthur@arthurdejong.org>
347
* [8e1729e] ChangeLog, MANIFEST.in, NEWS: Get files ready for
1
350
2014-05-23 Arthur de Jong <arthur@arthurdejong.org>
3
352
* [15ca643] README, pskc/__init__.py, tests/rfc6030-figure10.pskc,