dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Merge branch 'master' into development-eddsa

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2024-08-14 13:34:40 +02:00
parent fb5be153ed 3cae928de8
commit ad18577e98
51 changed files with 1345 additions and 1083 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/docker/bullseye/Dockerfile
View File

@@ -28,7 +28,7 @@ RUN pip3 install pytest pycvc cryptography pyscard base58
WORKDIR /
RUN git clone https://github.com/OpenSC/OpenSC
WORKDIR /OpenSC
RUN git checkout tags/0.23.0
RUN git checkout tags/0.25.1
RUN ./bootstrap
RUN ./configure --enable-openssl
RUN make -j `nproc`

13
tests/pico-hsm/test_004_key_domains.py
View File

@@ -69,14 +69,19 @@ def test_set_key_domain_ok(device):
def test_import_dkek_ok(device):
resp = device.import_dkek(DEFAULT_DKEK, key_domain=TEST_KEY_DOMAIN)
assert(resp[0] == DEFAULT_DKEK_SHARES)
assert(resp[1] == DEFAULT_DKEK_SHARES-1)
assert('dkek' in resp)
assert('kcv' in resp)
assert(resp['dkek']['total'] == DEFAULT_DKEK_SHARES)
assert(resp['dkek']['missing'] == DEFAULT_DKEK_SHARES-1)
resp = device.import_dkek(DEFAULT_DKEK, key_domain=TEST_KEY_DOMAIN)
assert(resp[1] == DEFAULT_DKEK_SHARES-2)
assert('dkek' in resp)
assert('kcv' in resp)
assert(resp['dkek']['total'] == DEFAULT_DKEK_SHARES)
assert(resp['dkek']['missing'] == DEFAULT_DKEK_SHARES-2)
kcv = hashlib.sha256(b'\x00'*32).digest()[:8]
assert(resp[2:] == kcv)
assert(resp['kcv'] == kcv)
def test_clear_key_domain(device):
kd = device.get_key_domain(key_domain=0)

13
tests/pico-hsm/test_005_dkek.py
View File

@@ -26,12 +26,17 @@ def test_dkek(device):
device.initialize(retries=DEFAULT_RETRIES, dkek_shares=DEFAULT_DKEK_SHARES)
device.login(DEFAULT_PIN)
resp = device.import_dkek(DEFAULT_DKEK)
assert(resp[0] == DEFAULT_DKEK_SHARES)
assert(resp[1] == DEFAULT_DKEK_SHARES-1)
assert('dkek' in resp)
assert('kcv' in resp)
assert(resp['dkek']['total'] == DEFAULT_DKEK_SHARES)
assert(resp['dkek']['missing'] == DEFAULT_DKEK_SHARES-1)
resp = device.import_dkek(DEFAULT_DKEK)
assert(resp[1] == DEFAULT_DKEK_SHARES-2)
assert('dkek' in resp)
assert('kcv' in resp)
assert(resp['dkek']['total'] == DEFAULT_DKEK_SHARES)
assert(resp['dkek']['missing'] == DEFAULT_DKEK_SHARES-2)
kcv = hashlib.sha256(b'\x00'*32).digest()[:8]
assert(resp[2:] == kcv)
assert(resp['kcv'] == kcv)

2
tests/pico-hsm/test_021_key_import.py
View File

@@ -31,7 +31,7 @@ def test_prepare_dkek(device):
resp = device.import_dkek(DEFAULT_DKEK)
resp = device.import_dkek(DEFAULT_DKEK)
kcv = hashlib.sha256(b'\x00'*32).digest()[:8]
assert(resp[2:] == kcv)
assert(resp['kcv'] == kcv)
@pytest.mark.parametrize(
"modulus", [1024, 2048, 4096]

2
tests/pico-hsm/test_022_key_exchange.py
View File

@@ -29,7 +29,7 @@ def test_prepare_dkek(device):
resp = device.import_dkek(DEFAULT_DKEK)
resp = device.import_dkek(DEFAULT_DKEK)
kcv = hashlib.sha256(b'\x00'*32).digest()[:8]
assert(resp[2:] == kcv)
assert(resp['kcv'] == kcv)
@pytest.mark.parametrize(
"curve", [ec.SECP192R1, ec.SECP256R1, ec.SECP384R1, ec.SECP521R1, ec.SECP256K1, ec.BrainpoolP256R1, ec.BrainpoolP384R1, ec.BrainpoolP512R1]

4
tests/scripts/sign_and_verify.sh
View File

@@ -12,7 +12,7 @@ create_dgst() {
test $? -eq 0 && echo -n "." || exit $?
}
dgsts=("sha1" "sha224" "sha256" "sha384" "sha512")
dgsts=("sha256" "sha384" "sha512")
for dgst in ${dgsts[*]}; do
echo -n " Create digest ${dgst}..."
create_dgst ${dgst}
@@ -104,7 +104,7 @@ dd if=/dev/zero bs=1 count=$((256-$tlen)) >> data_pad > /dev/null 2>&1
test $? -eq 0 && echo -n "." || exit $?
pkcs11-tool --id 1 --sign --pin 648219 --mechanism RSA-X-509 -i data_pad -o data.sig > /dev/null 2>&1
test $? -eq 0 && echo -n "." || exit $?
TDATA=$(tr -d '\0' < <(openssl rsautl -verify -inkey 1.pub -in data.sig -pubin -raw))
TDATA=$(tr -d '\0' < <(openssl rsautl -verify -inkey 1.pub -in data.sig -pubin -raw 2>/dev/null))
if [[ ${TEST_DATA} != "$TDATA" ]]; then
exit 1
fi