Using new package pypicohsm.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
@@ -18,7 +18,6 @@
|
||||
"""
|
||||
|
||||
import pytest
|
||||
from const import EF_TERMCA
|
||||
|
||||
def test_select(device):
|
||||
device.select_applet()
|
||||
|
||||
@@ -19,8 +19,9 @@
|
||||
|
||||
import pytest
|
||||
import hashlib
|
||||
from const import DEFAULT_DKEK_SHARES, DEFAULT_DKEK
|
||||
from utils import SWCodes, APDUResponse
|
||||
from const import DEFAULT_DKEK
|
||||
from picohsm import APDUResponse, SWCodes
|
||||
from picohsm.const import DEFAULT_DKEK_SHARES
|
||||
|
||||
KEY_DOMAINS = 3
|
||||
TEST_KEY_DOMAIN = 1
|
||||
@@ -40,17 +41,17 @@ def test_key_domains(device):
|
||||
def test_import_dkek_wrong_key_domain(device):
|
||||
with pytest.raises(APDUResponse) as e:
|
||||
device.import_dkek(DEFAULT_DKEK, key_domain=0)
|
||||
assert(e.value.sw == SWCodes.SW_COMMAND_NOT_ALLOWED.value)
|
||||
assert(e.value.sw == SWCodes.SW_COMMAND_NOT_ALLOWED)
|
||||
|
||||
def test_import_dkek_fail(device):
|
||||
with pytest.raises(APDUResponse) as e:
|
||||
device.import_dkek(DEFAULT_DKEK, key_domain=TEST_KEY_DOMAIN)
|
||||
assert(e.value.sw == SWCodes.SW_COMMAND_NOT_ALLOWED.value)
|
||||
assert(e.value.sw == SWCodes.SW_COMMAND_NOT_ALLOWED)
|
||||
|
||||
def test_set_key_domain_fail(device):
|
||||
with pytest.raises(APDUResponse) as e:
|
||||
device.set_key_domain(key_domain=10)
|
||||
assert(e.value.sw == SWCodes.SW_INCORRECT_P1P2.value)
|
||||
assert(e.value.sw == SWCodes.SW_INCORRECT_P1P2)
|
||||
|
||||
def test_set_key_domain_ok(device):
|
||||
kd = device.get_key_domain(key_domain=TEST_KEY_DOMAIN)
|
||||
@@ -80,7 +81,7 @@ def test_import_dkek_ok(device):
|
||||
def test_clear_key_domain(device):
|
||||
kd = device.get_key_domain(key_domain=0)
|
||||
assert('error' in kd)
|
||||
assert(kd['error'] == SWCodes.SW_REFERENCE_NOT_FOUND.value)
|
||||
assert(kd['error'] == SWCodes.SW_REFERENCE_NOT_FOUND)
|
||||
|
||||
kd = device.get_key_domain(key_domain=TEST_KEY_DOMAIN)
|
||||
assert(kd['dkek']['total'] == DEFAULT_DKEK_SHARES)
|
||||
@@ -95,7 +96,7 @@ def test_delete_key_domain(device):
|
||||
assert(kd['dkek']['total'] == DEFAULT_DKEK_SHARES)
|
||||
with pytest.raises(APDUResponse) as e:
|
||||
device.delete_key_domain(key_domain=0)
|
||||
assert(e.value.sw == SWCodes.SW_INCORRECT_P1P2.value)
|
||||
assert(e.value.sw == SWCodes.SW_INCORRECT_P1P2)
|
||||
|
||||
def test_delete_key_domain(device):
|
||||
assert(device.get_key_domains() == KEY_DOMAINS)
|
||||
|
||||
@@ -19,8 +19,8 @@
|
||||
|
||||
import pytest
|
||||
import hashlib
|
||||
from utils import APDUResponse, SWCodes
|
||||
from const import DEFAULT_PIN, DEFAULT_RETRIES, DEFAULT_DKEK, DEFAULT_DKEK_SHARES
|
||||
from picohsm.const import DEFAULT_DKEK_SHARES, DEFAULT_PIN, DEFAULT_RETRIES
|
||||
from const import DEFAULT_DKEK
|
||||
|
||||
def test_dkek(device):
|
||||
device.initialize(retries=DEFAULT_RETRIES, dkek_shares=DEFAULT_DKEK_SHARES)
|
||||
|
||||
@@ -18,36 +18,35 @@
|
||||
"""
|
||||
|
||||
import pytest
|
||||
from utils import APDUResponse, SWCodes
|
||||
from const import DEFAULT_PIN, DEFAULT_RETRIES
|
||||
from picohsm import APDUResponse, SWCodes
|
||||
from picohsm.const import DEFAULT_PIN, DEFAULT_RETRIES
|
||||
|
||||
WRONG_PIN = '112233'
|
||||
RETRIES = DEFAULT_RETRIES
|
||||
|
||||
def test_pin_init_retries(device):
|
||||
device.initialize(retries=RETRIES)
|
||||
device.initialize(retries=DEFAULT_RETRIES)
|
||||
retries = device.get_login_retries()
|
||||
assert(retries == RETRIES)
|
||||
assert(retries == DEFAULT_RETRIES)
|
||||
|
||||
def test_pin_login(device):
|
||||
device.initialize(retries=RETRIES)
|
||||
device.initialize(retries=DEFAULT_RETRIES)
|
||||
device.login(DEFAULT_PIN)
|
||||
|
||||
def test_pin_retries(device):
|
||||
device.initialize(retries=RETRIES)
|
||||
device.initialize(retries=DEFAULT_RETRIES)
|
||||
device.login(DEFAULT_PIN)
|
||||
|
||||
for ret in range(RETRIES-1):
|
||||
for ret in range(DEFAULT_RETRIES-1):
|
||||
with pytest.raises(APDUResponse) as e:
|
||||
device.login(WRONG_PIN)
|
||||
assert(e.value.sw1 == 0x63 and e.value.sw2 == (0xC0 | (RETRIES-1-ret)))
|
||||
assert(e.value.sw1 == 0x63 and e.value.sw2 == (0xC0 | (DEFAULT_RETRIES-1-ret)))
|
||||
|
||||
with pytest.raises(APDUResponse) as e:
|
||||
device.login(WRONG_PIN)
|
||||
assert(e.value.sw == SWCodes.SW_PIN_BLOCKED.value)
|
||||
assert(e.value.sw == SWCodes.SW_PIN_BLOCKED)
|
||||
|
||||
device.initialize(retries=RETRIES)
|
||||
device.initialize(retries=DEFAULT_RETRIES)
|
||||
retries = device.get_login_retries()
|
||||
assert(retries == RETRIES)
|
||||
assert(retries == DEFAULT_RETRIES)
|
||||
|
||||
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
"""
|
||||
|
||||
import pytest
|
||||
from utils import KeyType, DOPrefixes
|
||||
from picohsm import KeyType, DOPrefixes
|
||||
|
||||
def test_gen_initialize(device):
|
||||
device.initialize()
|
||||
@@ -29,11 +29,11 @@ def test_gen_initialize(device):
|
||||
def test_gen_ecc(device, curve):
|
||||
keyid = device.key_generation(KeyType.ECC, curve)
|
||||
resp = device.list_keys()
|
||||
assert((DOPrefixes.KEY_PREFIX.value, keyid) in resp)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value, keyid)
|
||||
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX.value, keyid)
|
||||
assert((DOPrefixes.KEY_PREFIX, keyid) in resp)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid)
|
||||
resp = device.list_keys()
|
||||
assert((DOPrefixes.KEY_PREFIX.value, keyid) not in resp)
|
||||
assert((DOPrefixes.KEY_PREFIX, keyid) not in resp)
|
||||
|
||||
@pytest.mark.parametrize(
|
||||
"modulus", [1024, 2048, 4096]
|
||||
@@ -41,7 +41,7 @@ def test_gen_ecc(device, curve):
|
||||
def test_gen_rsa(device, modulus):
|
||||
keyid = device.key_generation(KeyType.RSA, modulus)
|
||||
resp = device.list_keys()
|
||||
assert((DOPrefixes.KEY_PREFIX.value, keyid) in resp)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value, keyid)
|
||||
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX.value, keyid)
|
||||
assert((DOPrefixes.KEY_PREFIX, keyid) in resp)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid)
|
||||
|
||||
|
||||
@@ -20,9 +20,10 @@
|
||||
import pytest
|
||||
import hashlib
|
||||
import os
|
||||
from utils import KeyType, DOPrefixes
|
||||
from picohsm import DOPrefixes
|
||||
from cryptography.hazmat.primitives.asymmetric import rsa, ec
|
||||
from const import DEFAULT_RETRIES, DEFAULT_DKEK_SHARES, DEFAULT_DKEK
|
||||
from picohsm.const import DEFAULT_RETRIES, DEFAULT_DKEK_SHARES
|
||||
from const import DEFAULT_DKEK
|
||||
|
||||
def test_prepare_dkek(device):
|
||||
device.initialize(retries=DEFAULT_RETRIES, dkek_shares=DEFAULT_DKEK_SHARES)
|
||||
@@ -42,8 +43,8 @@ def test_import_rsa(device, modulus):
|
||||
keyid = device.import_key(pkey)
|
||||
pubkey = device.public_key(keyid)
|
||||
assert(pubkey.public_numbers() == pkey.public_key().public_numbers())
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value, keyid)
|
||||
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX.value, keyid)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid)
|
||||
|
||||
|
||||
@pytest.mark.parametrize(
|
||||
@@ -54,8 +55,8 @@ def test_import_ecc(device, curve):
|
||||
keyid = device.import_key(pkey)
|
||||
pubkey = device.public_key(keyid, param=curve().name)
|
||||
assert(pubkey.public_numbers() == pkey.public_key().public_numbers())
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value, keyid)
|
||||
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX.value, keyid)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid)
|
||||
|
||||
@pytest.mark.parametrize(
|
||||
"size", [128, 192, 256]
|
||||
|
||||
@@ -19,9 +19,10 @@
|
||||
|
||||
import pytest
|
||||
import hashlib
|
||||
from utils import KeyType, DOPrefixes
|
||||
from cryptography.hazmat.primitives.asymmetric import rsa, ec
|
||||
from const import DEFAULT_RETRIES, DEFAULT_DKEK_SHARES, DEFAULT_DKEK
|
||||
from picohsm import DOPrefixes
|
||||
from cryptography.hazmat.primitives.asymmetric import ec
|
||||
from picohsm.const import DEFAULT_RETRIES, DEFAULT_DKEK_SHARES
|
||||
from const import DEFAULT_DKEK
|
||||
|
||||
def test_prepare_dkek(device):
|
||||
device.initialize(retries=DEFAULT_RETRIES, dkek_shares=DEFAULT_DKEK_SHARES)
|
||||
@@ -48,5 +49,5 @@ def test_exchange_ecc(device, curve):
|
||||
sharedAA = pkeyA.exchange(ec.ECDH(), pbkeyB)
|
||||
assert(bytes(sharedA) == sharedAA)
|
||||
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
|
||||
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX.value << 8 | keyid)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid)
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
"""
|
||||
|
||||
import pytest
|
||||
from utils import KeyType, DOPrefixes
|
||||
from picohsm import KeyType, DOPrefixes
|
||||
|
||||
@pytest.mark.parametrize(
|
||||
"size", [128, 192, 256]
|
||||
@@ -26,5 +26,5 @@ from utils import KeyType, DOPrefixes
|
||||
def test_gen_aes(device, size):
|
||||
keyid = device.key_generation(KeyType.AES, size)
|
||||
resp = device.list_keys()
|
||||
assert((DOPrefixes.KEY_PREFIX.value, keyid) in resp)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
|
||||
assert((DOPrefixes.KEY_PREFIX, keyid) in resp)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
"""
|
||||
|
||||
import pytest
|
||||
from utils import KeyType, DOPrefixes, APDUResponse, SWCodes
|
||||
from picohsm import KeyType, DOPrefixes, APDUResponse, SWCodes
|
||||
from binascii import hexlify
|
||||
import hashlib
|
||||
from const import DEFAULT_DKEK
|
||||
@@ -38,28 +38,28 @@ keyid_out = -1
|
||||
def test_key_generation_no_key_domain(device):
|
||||
global keyid_out
|
||||
keyid_out = device.key_generation(KeyType.ECC, 'brainpoolP256r1')
|
||||
device.put_contents(p1=DOPrefixes.PRKD_PREFIX.value, p2=keyid_out, data=[0xA0])
|
||||
device.put_contents(p1=DOPrefixes.PRKD_PREFIX, p2=keyid_out, data=[0xA0])
|
||||
resp = device.list_keys()
|
||||
assert((DOPrefixes.KEY_PREFIX.value, keyid_out) in resp)
|
||||
assert((DOPrefixes.PRKD_PREFIX.value, keyid_out) in resp)
|
||||
assert((DOPrefixes.KEY_PREFIX, keyid_out) in resp)
|
||||
assert((DOPrefixes.PRKD_PREFIX, keyid_out) in resp)
|
||||
|
||||
def test_key_generation_with_key_domain(device):
|
||||
global keyid_in
|
||||
keyid_in = device.key_generation(KeyType.ECC, 'brainpoolP256r1', key_domain=0)
|
||||
device.put_contents(p1=DOPrefixes.PRKD_PREFIX.value, p2=keyid_in, data=[0xA0])
|
||||
device.put_contents(p1=DOPrefixes.PRKD_PREFIX, p2=keyid_in, data=[0xA0])
|
||||
resp = device.list_keys()
|
||||
assert((DOPrefixes.KEY_PREFIX.value, keyid_in) in resp)
|
||||
assert((DOPrefixes.PRKD_PREFIX.value, keyid_in) in resp)
|
||||
assert((DOPrefixes.KEY_PREFIX, keyid_in) in resp)
|
||||
assert((DOPrefixes.PRKD_PREFIX, keyid_in) in resp)
|
||||
|
||||
def test_export_key_out(device):
|
||||
with pytest.raises(APDUResponse) as e:
|
||||
device.export_key(keyid_out)
|
||||
assert(e.value.sw == SWCodes.SW_REFERENCE_NOT_FOUND.value)
|
||||
assert(e.value.sw == SWCodes.SW_REFERENCE_NOT_FOUND)
|
||||
|
||||
def test_export_key_in_fail(device):
|
||||
with pytest.raises(APDUResponse) as e:
|
||||
device.export_key(keyid_in)
|
||||
assert(e.value.sw == SWCodes.SW_REFERENCE_NOT_FOUND.value)
|
||||
assert(e.value.sw == SWCodes.SW_REFERENCE_NOT_FOUND)
|
||||
|
||||
def test_export_import_dkek(device):
|
||||
resp = device.import_dkek(DEFAULT_DKEK, key_domain=0)
|
||||
@@ -79,10 +79,10 @@ def test_export_key_in_ok(device):
|
||||
assert(resCMAC == resp[-16:])
|
||||
|
||||
def test_delete_keys_in_out(device):
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value, keyid_in)
|
||||
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX.value, keyid_in)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value, keyid_out)
|
||||
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX.value, keyid_out)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid_in)
|
||||
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid_in)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid_out)
|
||||
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid_out)
|
||||
|
||||
def test_export_import(device):
|
||||
pkey_gen = ec.generate_private_key(ec.BrainpoolP256R1())
|
||||
@@ -133,5 +133,5 @@ def test_export_import(device):
|
||||
assert(pkey_gen.private_bytes(serialization.Encoding.DER, serialization.PrivateFormat.PKCS8, serialization.NoEncryption()) == pkey_ex.private_bytes(serialization.Encoding.DER, serialization.PrivateFormat.PKCS8, serialization.NoEncryption()))
|
||||
assert(pkey_gen.public_key().public_bytes(serialization.Encoding.X962, serialization.PublicFormat.UncompressedPoint) == pkey_ex.public_key().public_bytes(serialization.Encoding.X962, serialization.PublicFormat.UncompressedPoint))
|
||||
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value, keyid)
|
||||
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX.value, keyid)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid)
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
"""
|
||||
|
||||
import pytest
|
||||
from utils import KeyType, DOPrefixes, Algorithm
|
||||
from picohsm import KeyType, DOPrefixes, Algorithm
|
||||
from binascii import hexlify
|
||||
import hashlib
|
||||
|
||||
@@ -39,7 +39,7 @@ def test_signature_ecc(device, curve, scheme):
|
||||
else:
|
||||
datab = data
|
||||
signature = device.sign(keyid=keyid, scheme=scheme, data=datab)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
device.verify(pubkey, datab, signature, scheme)
|
||||
|
||||
@pytest.mark.parametrize(
|
||||
@@ -52,6 +52,6 @@ def test_signature_rsa(device, modulus, scheme):
|
||||
keyid = device.key_generation(KeyType.RSA, modulus)
|
||||
pubkey = device.public_key(keyid=keyid)
|
||||
signature = device.sign(keyid=keyid, scheme=scheme, data=data)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
device.verify(pubkey, data, signature, scheme)
|
||||
|
||||
|
||||
@@ -18,9 +18,8 @@
|
||||
"""
|
||||
|
||||
import pytest
|
||||
from utils import KeyType, DOPrefixes, Algorithm
|
||||
from picohsm import KeyType, DOPrefixes
|
||||
from binascii import hexlify
|
||||
import hashlib
|
||||
from cryptography.hazmat.primitives.asymmetric import padding
|
||||
from cryptography.hazmat.primitives import hashes
|
||||
|
||||
@@ -43,6 +42,6 @@ def test_decrypt_rsa(device, modulus, pad):
|
||||
message = data[:(modulus//8)-100]
|
||||
ciphered = pubkey.encrypt(message, pad)
|
||||
datab = device.decrypt(keyid, ciphered, pad)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
assert(datab == message)
|
||||
|
||||
|
||||
@@ -20,8 +20,9 @@
|
||||
import pytest
|
||||
import os
|
||||
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
|
||||
from utils import Algorithm, DOPrefixes
|
||||
from const import DEFAULT_DKEK_SHARES, DEFAULT_DKEK
|
||||
from picohsm import Algorithm, DOPrefixes
|
||||
from picohsm.const import DEFAULT_DKEK_SHARES
|
||||
from const import DEFAULT_DKEK
|
||||
|
||||
MESSAGE = b'a secret message'
|
||||
|
||||
@@ -47,6 +48,6 @@ def test_cipher_aes_cipher(device, size):
|
||||
decryptor = cipher.decryptor()
|
||||
plA = decryptor.update(ctA) + decryptor.finalize()
|
||||
plB = device.cipher(Algorithm.ALGO_AES_CBC_DECRYPT, keyid, ctA)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value, keyid)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
assert(bytes(plB) == plA)
|
||||
assert(bytes(plB) == MESSAGE)
|
||||
|
||||
@@ -21,8 +21,9 @@ import pytest
|
||||
import os
|
||||
from cryptography.hazmat.primitives import hashes, hmac, cmac
|
||||
from cryptography.hazmat.primitives.ciphers import algorithms
|
||||
from utils import Algorithm, DOPrefixes
|
||||
from const import DEFAULT_DKEK_SHARES, DEFAULT_DKEK
|
||||
from picohsm import DOPrefixes
|
||||
from picohsm.const import DEFAULT_DKEK_SHARES
|
||||
from const import DEFAULT_DKEK
|
||||
|
||||
MESSAGE = b'a secret message'
|
||||
|
||||
@@ -44,7 +45,7 @@ def test_mac_hmac(device, size, algo):
|
||||
h = hmac.HMAC(pkey, algo())
|
||||
h.update(MESSAGE)
|
||||
resB = h.finalize()
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
assert(bytes(resA) == resB)
|
||||
|
||||
@pytest.mark.parametrize(
|
||||
@@ -57,6 +58,6 @@ def test_mac_cmac(device, size):
|
||||
c = cmac.CMAC(algorithms.AES(pkey))
|
||||
c.update(MESSAGE)
|
||||
resB = c.finalize()
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
assert(bytes(resA) == resB)
|
||||
|
||||
|
||||
@@ -22,8 +22,9 @@ import os
|
||||
from cryptography.hazmat.primitives import hashes
|
||||
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
|
||||
from cryptography import exceptions
|
||||
from const import DEFAULT_DKEK_SHARES, DEFAULT_DKEK
|
||||
from utils import DOPrefixes
|
||||
from picohsm.const import DEFAULT_DKEK_SHARES
|
||||
from const import DEFAULT_DKEK
|
||||
from picohsm import DOPrefixes
|
||||
|
||||
INFO = b'info message'
|
||||
|
||||
@@ -47,7 +48,7 @@ class TestHKDF:
|
||||
keyid = device.import_key(pkey)
|
||||
salt = os.urandom(16)
|
||||
resA = device.hkdf(algo, keyid, INFO, salt, out_len=out_len)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
hkdf = HKDF(
|
||||
algorithm=algo(),
|
||||
length=out_len,
|
||||
@@ -69,7 +70,7 @@ class TestHKDF:
|
||||
keyid = device.import_key(pkey)
|
||||
salt = os.urandom(16)
|
||||
resA = device.hkdf(algo, keyid, INFO, salt, out_len=out_len)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
hkdf = HKDF(
|
||||
algorithm=algo(),
|
||||
length=out_len,
|
||||
|
||||
@@ -22,8 +22,9 @@ import os
|
||||
from cryptography.hazmat.primitives import hashes
|
||||
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
|
||||
from cryptography import exceptions
|
||||
from const import DEFAULT_DKEK_SHARES, DEFAULT_DKEK
|
||||
from utils import DOPrefixes
|
||||
from picohsm.const import DEFAULT_DKEK_SHARES
|
||||
from const import DEFAULT_DKEK
|
||||
from picohsm import DOPrefixes
|
||||
|
||||
INFO = b'info message'
|
||||
|
||||
@@ -50,7 +51,7 @@ class TestPBKDF2:
|
||||
keyid = device.import_key(pkey)
|
||||
salt = os.urandom(16)
|
||||
resA = device.pbkdf2(algo, keyid, salt, iterations=iterations, out_len=out_len)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
kdf = PBKDF2HMAC(
|
||||
algorithm=algo(),
|
||||
length=out_len,
|
||||
@@ -72,7 +73,7 @@ class TestPBKDF2:
|
||||
keyid = device.import_key(pkey)
|
||||
salt = os.urandom(16)
|
||||
resA = device.pbkdf2(algo, keyid, salt, iterations=iterations, out_len=out_len)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
|
||||
kdf = PBKDF2HMAC(
|
||||
algorithm=algo(),
|
||||
|
||||
@@ -22,8 +22,9 @@ import os
|
||||
from cryptography.hazmat.primitives import hashes
|
||||
from cryptography.hazmat.primitives.kdf.x963kdf import X963KDF
|
||||
from cryptography import exceptions
|
||||
from const import DEFAULT_DKEK_SHARES, DEFAULT_DKEK
|
||||
from utils import DOPrefixes
|
||||
from picohsm.const import DEFAULT_DKEK_SHARES
|
||||
from const import DEFAULT_DKEK
|
||||
from picohsm import DOPrefixes
|
||||
|
||||
INFO = b'shared message'
|
||||
|
||||
@@ -46,7 +47,7 @@ class TestX963:
|
||||
pkey = os.urandom(size // 8)
|
||||
keyid = device.import_key(pkey)
|
||||
resA = device.x963(algo, keyid, INFO, out_len=out_len)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
xkdf = X963KDF(
|
||||
algorithm=algo(),
|
||||
length=out_len,
|
||||
@@ -65,7 +66,7 @@ class TestX963:
|
||||
pkey = os.urandom(size // 8)
|
||||
keyid = device.import_key(pkey)
|
||||
resA = device.x963(algo, keyid, INFO, out_len=out_len)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
xkdf = X963KDF(
|
||||
algorithm=algo(),
|
||||
length=out_len,
|
||||
|
||||
@@ -18,16 +18,13 @@
|
||||
"""
|
||||
|
||||
import pytest
|
||||
import os
|
||||
from binascii import unhexlify, hexlify
|
||||
from cvc.certificates import CVC
|
||||
from cvc.asn1 import ASN1
|
||||
from utils import int_to_bytes
|
||||
from utils import APDUResponse, SWCodes
|
||||
from picohsm.utils import int_to_bytes
|
||||
from picohsm import APDUResponse, SWCodes
|
||||
from const import TERM_CERT, DICA_CERT
|
||||
from cryptography.hazmat.primitives.asymmetric import ec, utils
|
||||
from cryptography.hazmat.primitives import hashes
|
||||
from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
|
||||
|
||||
AUT_KEY = unhexlify('0A40E11E672C28C558B72C25D93BCF28C08D39AFDD5A1A2FD3BAF7A6B27F0C2E')
|
||||
aut_pk = ec.derive_private_key(int.from_bytes(AUT_KEY, 'big'), ec.BrainpoolP256R1())
|
||||
@@ -87,7 +84,7 @@ def test_authentication_fail(device):
|
||||
signature = list(int_to_bytes(r) + int_to_bytes(s))
|
||||
with pytest.raises(APDUResponse) as e:
|
||||
device.authenticate_puk(term_chr, signature)
|
||||
assert(e.value.sw == SWCodes.SW_CONDITIONS_NOT_SATISFIED.value)
|
||||
assert(e.value.sw == SWCodes.SW_CONDITIONS_NOT_SATISFIED)
|
||||
|
||||
status = device.get_puk_status()
|
||||
assert(status == [1,0,1,0])
|
||||
@@ -146,4 +143,4 @@ def test_register_puk_with_no_puk(device):
|
||||
device.initialize()
|
||||
with pytest.raises(APDUResponse) as e:
|
||||
device.register_puk(AUT_PUK, TERM_CERT, DICA_CERT)
|
||||
assert(e.value.sw == SWCodes.SW_FILE_NOT_FOUND.value)
|
||||
assert(e.value.sw == SWCodes.SW_FILE_NOT_FOUND)
|
||||
|
||||
@@ -19,14 +19,13 @@
|
||||
|
||||
import pytest
|
||||
from binascii import unhexlify, hexlify
|
||||
from utils import APDUResponse, SWCodes
|
||||
from utils import int_to_bytes
|
||||
from picohsm.utils import int_to_bytes
|
||||
from const import TERM_CERT, DICA_CERT
|
||||
from cvc.asn1 import ASN1
|
||||
from cvc.certificates import CVC
|
||||
from cvc import oid
|
||||
from cryptography.hazmat.primitives.asymmetric import ec
|
||||
from utils import DOPrefixes
|
||||
from picohsm import DOPrefixes, APDUResponse, SWCodes
|
||||
|
||||
KDM = unhexlify(b'30820420060b2b0601040181c31f0402016181ed7f2181e97f4e81a25f290100421045535049434f48534d434130303030317f494f060a04007f0007020202020386410421ee4a21c16a10f737f12e78e5091b266612038cdabebb722b15bf6d41b877fbf64d9ab69c39b9831b1ae00bef2a4e81976f7688d45189bb232a24703d8a96a55f201045535049434f48534d445630303030317f4c12060904007f000703010202530580000000005f25060202000801085f24060203000601045f37403f75c08fffc9186b56e6147199e82bfc327ceef72495bc567961cd54d702f13e3c2766fcd1d11bd6a9d1f4a229b76b248ceb9af88d59a74d0ab149448705159b6281e97f2181e57f4e819e5f290100421045535049434f48534d445630303030317f494f060a04007f00070202020203864104c8561b41e54fea81bb80dd4a6d537e7c3904344e8ca90bc5f668111811e02c8d5d51ca93ca89558f2a8a9cbb147434e3441ec174505ff980fd7a7106286196915f201045535049434f48534d54524a444736387f4c0e060904007f0007030102025301005f25060203000300065f24060204000300055f3740983de63d0975b715ebd8a93cb38fa9638882c8b7064d51a6facabed693b92edc098e458b713203413ef6de0958c44772cbdbc264205c7b1bdb8b4fcb2516437f638201f1678201ed7f218201937f4e82014b5f290100421045535049434f48534d54524a444736387f4982011d060a04007f000702020202038120a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e537782207d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9832026dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b68441048bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f0469978520a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a78641048b1f450912a2e4d428b7eefc5fa05618a9ef295e90009a61cbb0970181b333474ea94f94cde5a11aba0589e85d4225002789ff1cdcf25756f059647b49fc2a158701015f201045535049434f48534d54524a444736385f3740372407c20de7257c89dae1e6606c8a046ca65efaa010c0a22b75c402ee243de51f5f1507457193679ed9db4fbbfe8efb9d695b684492b665ad8ba98c1f84ea38421045535049434f48534d54524a444736385f374098718e2e14a44386b689b71a101530316b65ab49a91bab0dd56099c5161ecb8aadff6cf27449f94034e58b7306f01e6ffa2766a2f5bb1281e12e5f1f9174733454400cf8926ca5bec9a91bcd47bf391c15d94ef6e3243d5fd1fffeaafd586766bc3221eafd808f17f8450f238cc1fe7ab1854443db31d622f53a2b3fdb3ad750d5ce')
|
||||
|
||||
@@ -37,7 +36,7 @@ def test_initialize(device):
|
||||
def test_create_xkek(device):
|
||||
with pytest.raises(APDUResponse) as e:
|
||||
device.create_xkek(KDM)
|
||||
assert(e.value.sw == SWCodes.SW_CONDITIONS_NOT_SATISFIED.value)
|
||||
assert(e.value.sw == SWCodes.SW_CONDITIONS_NOT_SATISFIED)
|
||||
|
||||
device.login()
|
||||
kcv, did = device.create_xkek(KDM)
|
||||
@@ -54,7 +53,7 @@ def test_derive_xkek(device):
|
||||
keyid = device.generate_xkek_key()
|
||||
|
||||
resp = device.list_keys()
|
||||
assert((DOPrefixes.KEY_PREFIX.value, keyid) in resp)
|
||||
assert((DOPrefixes.KEY_PREFIX, keyid) in resp)
|
||||
|
||||
xkek_dom = device.get_key_domain()['xkek']
|
||||
pkey = ec.generate_private_key(ec.BrainpoolP256R1())
|
||||
@@ -83,10 +82,10 @@ def test_delete_xkek(device):
|
||||
def test_delete_domain_with_key(device):
|
||||
with pytest.raises(APDUResponse) as e:
|
||||
device.delete_key_domain()
|
||||
assert(e.value.sw == SWCodes.SW_FILE_EXISTS.value)
|
||||
assert(e.value.sw == SWCodes.SW_FILE_EXISTS)
|
||||
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
|
||||
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX.value << 8 | keyid)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid)
|
||||
|
||||
def test_delete_domain(device):
|
||||
device.delete_key_domain()
|
||||
@@ -95,5 +94,5 @@ def test_delete_domain(device):
|
||||
assert('kcv' not in resp)
|
||||
assert('xkek' not in resp)
|
||||
assert('error' in resp)
|
||||
assert(resp['error'] == SWCodes.SW_REFERENCE_NOT_FOUND.value)
|
||||
assert(resp['error'] == SWCodes.SW_REFERENCE_NOT_FOUND)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user