mmosko
diff --git a/‎ccnpy/core/DisplayFormatter.py
Lines changed: 2 additions & 0 deletions b/‎ccnpy/core/DisplayFormatter.py
Lines changed: 2 additions & 0 deletions
diff --git a/‎ccnpy/core/TlvType.py
Lines changed: 7 additions & 2 deletions b/‎ccnpy/core/TlvType.py
Lines changed: 7 additions & 2 deletions
diff --git a/‎ccnpy/crypto/AeadKey.py
Lines changed: 8 additions & 2 deletions b/‎ccnpy/crypto/AeadKey.py
Lines changed: 8 additions & 2 deletions
diff --git a/‎ccnpy/crypto/InsecureKeystore.py
Lines changed: 27 additions & 8 deletions b/‎ccnpy/crypto/InsecureKeystore.py
Lines changed: 27 additions & 8 deletions
diff --git a/‎ccnpy/flic/LeafOnlyManifestTree.py
Lines changed: 0 additions & 115 deletions b/‎ccnpy/flic/LeafOnlyManifestTree.py
Lines changed: 0 additions & 115 deletions
diff --git a/‎ccnpy/flic/ManifestEncryptor.py
Lines changed: 2 additions & 5 deletions b/‎ccnpy/flic/ManifestEncryptor.py
Lines changed: 2 additions & 5 deletions
diff --git a/‎ccnpy/flic/RsaOaepCtx/RsaOaepEncryptor.py
Lines changed: 3 additions & 3 deletions b/‎ccnpy/flic/RsaOaepCtx/RsaOaepEncryptor.py
Lines changed: 3 additions & 3 deletions
@@ -21,6 +21,8 @@
 class DisplayFormatter:
     @classmethod
     def hexlify(cls, value):
+        if value is None:
+            return "None"
         return str(binascii.hexlify(value), 'utf-8')
 
     @classmethod
 
@@ -77,7 +77,7 @@ class constructor and the class is the corresponding TlvType.  `auto_parse` will
         return cls.auto_value_parse(tlv.value(), name_class_pairs)
 
     @staticmethod
-    def auto_value_parse(tlv_value, name_class_pairs):
+    def auto_value_parse(tlv_value, name_class_pairs, skip_unknown: bool = True):
         """
         Like `auto_parse`, but only parses the value after we've verified the outer class_type.
         """
@@ -101,7 +101,9 @@ def auto_value_parse(tlv_value, name_class_pairs):
                 assert values[arg_name] is None
                 values[arg_name] = clazz.parse(inner_tlv)
             except KeyError:
-                raise ParseError("Unsupported TLV type %r" % inner_tlv)
+                if not skip_unknown:
+                    raise ParseError("Unsupported TLV type %r" % inner_tlv)
+
         return values
 
 
@@ -145,6 +147,9 @@ class OctetTlvType(TlvType, ABC):
     def __init__(self, value):
         TlvType.__init__(self)
 
+        if value is None:
+            raise ValueError(f"Nonce value must not be None, use an empty list")
+
         if isinstance(value, list):
             value = array.array("B", value)
 
 
@@ -30,7 +30,7 @@ class AeadKey(ABC):
     AeadKey does not have a concept of salt, only an IV.  It is up to the user of the class to
     handle salt, if used.  `flic.aeadctx.AeadImpl` is where we find salt.
     """
-
+    DEBUG = False
     __salt_length = 128
 
     def __init__(self, key, algo):
@@ -43,6 +43,7 @@ def __init__(self, key, algo):
         self._key_bits = len(key) * 8
         self._algo = algo
         self._impl = algo(key)
+        self._key = key
 
     def __len__(self):
         return self._key_bits
@@ -94,6 +95,8 @@ def encrypt(self, iv, plaintext, associated_data):
         output = self._impl.encrypt(iv, plaintext, associated_data)
         ciphertext = array.array("B", output[:-self._tag_len])
         authtag = array.array("B", output[len(ciphertext):])
+        if self.DEBUG:
+            print(f"Encrypt: iv: {iv}, data: {associated_data}, authtag: {authtag}")
         return ciphertext, authtag
 
     def decrypt(self, iv, ciphertext, associated_data, auth_tag):
@@ -118,11 +121,14 @@ def decrypt(self, iv, ciphertext, associated_data, auth_tag):
 
         combined = ciphertext + auth_tag
 
+        if self.DEBUG:
+            print(f"Decrypt: iv: {iv}, data: {associated_data}, authtag: {auth_tag}")
+
         try:
             plaintext = self._impl.decrypt(iv, combined, associated_data)
             return array.array("B", plaintext)
         except InvalidTag as e:
-            print("Decryption failed.  Either the key or salt is incorrect for the packet.")
+            print(f"Decryption failed due to tag mismatch.  Either the key or salt is incorrect for the packet.")
             # translate a Cryptography package exception into our own exception
             raise DecryptionError(e)
 
 
@@ -18,6 +18,13 @@
 from ccnpy.flic.tlvs.KeyNumber import KeyNumber
 
 
+class KeyIdNotFoundError(RuntimeError):
+    pass
+
+class KeyNumberNotFoundError(RuntimeError):
+    pass
+
+
 class InsecureKeystore:
     """
     This is a prototype keystore for symmetric and asymmetric keys.  It is not secure.  It should not be used
@@ -43,19 +50,31 @@ def add_aes_key(self, key_num: KeyNumber | int, key: AeadKey, salt: Optional[int
         return self
 
     def get_aes_key(self, key_num: KeyNumber) -> AeadKey:
-        return self._symmetric_by_keynum[key_num.value()]
+        try:
+            return self._symmetric_by_keynum[key_num.value()]
+        except KeyError as e:
+            raise KeyNumberNotFoundError(e)
 
     def get_aes_salt(self, key_num: KeyNumber):
-        return self._salt_by_keynum[key_num.value()]
+        try:
+            return self._salt_by_keynum[key_num.value()]
+        except KeyError as e:
+            raise KeyNumberNotFoundError(e)
 
     def get_rsa(self, name_or_keyid) -> RsaKey:
         if name_or_keyid in self._asymmetric_by_keyid:
             return self._asymmetric_by_keyid[name_or_keyid]
-        return self._asymmetric_by_name[name_or_keyid]
+        try:
+            return self._asymmetric_by_name[name_or_keyid]
+        except KeyError as e:
+            raise KeyIdNotFoundError(e)
 
     def get_rsa_pub_key(self, keyid) -> RsaKey:
-        k = self._asymmetric_by_keyid[keyid]
-        if k.has_public_key():
-            return k
-        else:
-            raise ValueError(f'Key matching keyid {keyid} has no public key')
+        try:
+            k = self._asymmetric_by_keyid[keyid]
+            if k.has_public_key():
+                return k
+            else:
+                raise KeyIdNotFoundError(f'Key matching keyid {keyid} has no public key')
+        except KeyError as e:
+            raise KeyIdNotFoundError(e)
@@ -20,14 +20,11 @@ class ManifestEncryptor(ABC):
     Abstract class used to sign a Packet.
     """
     @abstractmethod
-    def encrypt(self, node):
+    def encrypt(self, node, **kwargs):
         """
         Returns an encrypted Manifest
         :param node: The plaintext Node
+        :param kwargs: Some encryptors may take optional arguments
         :return: The tuple (security_ctx, encrypted_node, auth_tag)
         """
         pass
-
-    def salt_size(self):
-        """0 if no salt, otherwise the bytes of salt"""
-        return 0
@@ -25,7 +25,7 @@
 class RsaOaepEncryptor(ManifestEncryptor):
 
     @classmethod
-    def create_with_new_key(cls, wrapping_key: RsaKey):
+    def create_with_new_content_key(cls, wrapping_key: RsaKey):
         """
         Creates with a random content encryption key and salt.
 
@@ -41,5 +41,5 @@ def __init__(self, wrapping_key: RsaKey, key: AeadKey, key_number: KeyNumber, sa
         self._wrapper = RsaOaepWrapper.create_sha256(key_id=wrapping_key.keyid(), wrapped_key=self._wrapped_key)
         self._impl = RsaOaepImpl(wrapper=self._wrapper, key=key, key_number=key_number, salt=salt)
 
-    def encrypt(self, node):
-        return self._impl.encrypt(node)
+    def encrypt(self, node, **kwargs):
+        return self._impl.encrypt(node, **kwargs)