Added AES cipher tests.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2023-02-15 19:47:16 +01:00
parent 9279773073
commit 215fdca9f8
8 changed files with 152 additions and 25 deletions
--- a/tests/pico-hsm/test_020_keypair_gen.py
+++ b/tests/pico-hsm/test_020_keypair_gen.py
@@ -20,12 +20,14 @@
 import pytest
 from utils import KeyType, DOPrefixes

+def test_gen_initialize(device):
+    device.initialize()
+
@pytest.mark.parametrize(
    "curve", ['secp192r1', 'secp256r1', 'secp384r1', 'secp521r1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1', 'secp192k1', 'secp256k1']
 )
 def test_gen_ecc(device, curve):
-    device.initialize(retries=3)
-    keyid = device.keypair_generation(KeyType.ECC, curve)
+    keyid = device.key_generation(KeyType.ECC, curve)
    resp = device.list_keys()
    assert((DOPrefixes.KEY_PREFIX.value, keyid) in resp)
    device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
@@ -35,8 +37,7 @@ def test_gen_ecc(device, curve):
    "modulus", [1024, 2048, 4096]
 )
 def test_gen_rsa(device, modulus):
-    device.initialize(retries=3)
-    keyid = device.keypair_generation(KeyType.RSA, modulus)
+    keyid = device.key_generation(KeyType.RSA, modulus)
    resp = device.list_keys()
    assert((DOPrefixes.KEY_PREFIX.value, keyid) in resp)
    device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
--- a/tests/pico-hsm/test_021_key_import.py
+++ b/tests/pico-hsm/test_021_key_import.py
@@ -19,6 +19,7 @@

 import pytest
 import hashlib
+import os
 from utils import KeyType, DOPrefixes
 from cryptography.hazmat.primitives.asymmetric import rsa, ec
 from const import DEFAULT_RETRIES, DEFAULT_DKEK_SHARES, DEFAULT_DKEK
@@ -55,3 +56,10 @@ def test_import_ecc(device, curve):
    assert(pubkey.public_numbers() == pkey.public_key().public_numbers())
    device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
    device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX.value << 8 | keyid)
+
+@pytest.mark.parametrize(
+    "size", [128, 192, 256]
+)
+def test_import_aes(device, size):
+    pkey = os.urandom(size // 8)
+    keyid = device.import_key(pkey)
--- a/tests/pico-hsm/test_023_key_generation.py
+++ b/tests/pico-hsm/test_023_key_generation.py
@@ -0,0 +1,30 @@
+"""
+/*
+ * This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+"""
+
+import pytest
+from utils import KeyType, DOPrefixes
+
+@pytest.mark.parametrize(
+    "size", [128, 192, 256]
+)
+def test_gen_aes(device, size):
+    keyid = device.key_generation(KeyType.AES, size)
+    resp = device.list_keys()
+    assert((DOPrefixes.KEY_PREFIX.value, keyid) in resp)
+    device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
--- a/tests/pico-hsm/test_030_signature.py
+++ b/tests/pico-hsm/test_030_signature.py
@@ -32,7 +32,7 @@ data = b'Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nullam neque u
    "scheme", [Algorithm.ALGO_EC_RAW, Algorithm.ALGO_EC_SHA1, Algorithm.ALGO_EC_SHA224, Algorithm.ALGO_EC_SHA256, Algorithm.ALGO_EC_SHA384, Algorithm.ALGO_EC_SHA512]
 )
 def test_signature_ecc(device, curve, scheme):
-    keyid = device.keypair_generation(KeyType.ECC, curve)
+    keyid = device.key_generation(KeyType.ECC, curve)
    pubkey = device.public_key(keyid=keyid, param=curve)
    if (scheme == Algorithm.ALGO_EC_RAW):
        datab = hashlib.sha512(data).digest()
@@ -49,7 +49,7 @@ def test_signature_ecc(device, curve, scheme):
    "scheme", [Algorithm.ALGO_RSA_PKCS1_SHA1, Algorithm.ALGO_RSA_PKCS1_SHA224, Algorithm.ALGO_RSA_PKCS1_SHA256, Algorithm.ALGO_RSA_PKCS1_SHA384, Algorithm.ALGO_RSA_PKCS1_SHA512, Algorithm.ALGO_RSA_PSS_SHA1, Algorithm.ALGO_RSA_PSS_SHA224, Algorithm.ALGO_RSA_PSS_SHA256, Algorithm.ALGO_RSA_PSS_SHA384, Algorithm.ALGO_RSA_PSS_SHA512]
 )
 def test_signature_rsa(device, modulus, scheme):
-    keyid = device.keypair_generation(KeyType.RSA, modulus)
+    keyid = device.key_generation(KeyType.RSA, modulus)
    pubkey = device.public_key(keyid=keyid)
    signature = device.sign(keyid=keyid, scheme=scheme, data=data)
    device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
--- a/tests/pico-hsm/test_040_decrypt.py
+++ b/tests/pico-hsm/test_040_decrypt.py
@@ -38,7 +38,7 @@ data = b'Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nullam neque u
 )
 def test_decrypt_rsa(device, modulus, pad):

-    keyid = device.keypair_generation(KeyType.RSA, modulus)
+    keyid = device.key_generation(KeyType.RSA, modulus)
    pubkey = device.public_key(keyid=keyid)
    message = data[:(modulus//8)-100]
    ciphered = pubkey.encrypt(message, pad)
--- a/tests/pico-hsm/test_050_cipher.py
+++ b/tests/pico-hsm/test_050_cipher.py
@@ -0,0 +1,52 @@
+"""
+/*
+ * This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+"""
+
+import pytest
+import os
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+from utils import Algorithm, DOPrefixes
+from const import DEFAULT_DKEK_SHARES, DEFAULT_DKEK
+
+MESSAGE = b'a secret message'
+
+def test_prepare_aes(device):
+    device.initialize(dkek_shares=DEFAULT_DKEK_SHARES)
+    resp = device.import_dkek(DEFAULT_DKEK)
+    resp = device.import_dkek(DEFAULT_DKEK)
+
+@pytest.mark.parametrize(
+    "size", [128, 192, 256]
+)
+def test_cipher_aes_cipher(device, size):
+    pkey = os.urandom(size // 8)
+    iv = b'\x00'*16
+    keyid = device.import_key(pkey)
+
+    cipher = Cipher(algorithms.AES(pkey), modes.CBC(iv))
+    encryptor = cipher.encryptor()
+    ctA = encryptor.update(MESSAGE) + encryptor.finalize()
+    ctB = device.cipher(Algorithm.ALGO_AES_CBC_ENCRYPT, keyid, MESSAGE)
+    assert(bytes(ctB) == ctA)
+
+    decryptor = cipher.decryptor()
+    plA = decryptor.update(ctA) + decryptor.finalize()
+    plB = device.cipher(Algorithm.ALGO_AES_CBC_DECRYPT, keyid, ctA)
+    device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
+    assert(bytes(plB) == plA)
+    assert(bytes(plB) == MESSAGE)