def test_01_default_security_module(self):
config = current_app.config
hsm = DefaultSecurityModule({"file": config.get("PI_ENCFILE")})
hsm.setup_module({"file": config.get("PI_ENCFILE")})
self.assertTrue(hsm is not None, hsm)
self.assertTrue(hsm.secFile is not None, hsm.secFile)
self.assertTrue(hsm.is_ready)
def test_07_encrypted_key_file(self):
config = current_app.config
hsm = DefaultSecurityModule({"file": config.get("PI_ENCFILE_ENC"),
"crypted": True})
# The HSM is not ready, since the file is crypted and we did not
# provide the password, yet
self.assertFalse(hsm.is_ready)
# Now, provide the password, that will decrypt the encrypted file
# But the password is missing
self.assertRaises(Exception, hsm.setup_module, {})
# As long as the HSM is not ready, we can not encrypt and not decrypt
self.assertRaises(Exception, hsm.encrypt, "data", "iv")
self.assertRaises(Exception, hsm.decrypt, "data", "iv")
# If we provide a wrong password, that decryption will fail with a
# unicode error and an exception is raised.
self.assertRaises(Exception, hsm.setup_module,
{"password": "******"})
# Now we provide the password
hsm.setup_module({"password": "******"})
self.assertTrue(hsm.is_ready)
self.assertTrue(0 in hsm.secrets, hsm.secrets)
self.assertTrue(1 in hsm.secrets, hsm.secrets)
self.assertTrue(2 in hsm.secrets, hsm.secrets)
# test _get_secret
# this raises an exception, that the file does not contain a 4th key
self.assertRaises(Exception, hsm._get_secret, 4)
# calling the same slot two times, returns the cache the second time
self.assertTrue(hsm._get_secret(2))
self.assertTrue(hsm._get_secret(2))
def test_04_random(self):
config = current_app.config
hsm = DefaultSecurityModule({"file": config.get("PI_ENCFILE"),
"crypted": True})
r = hsm.random(20)
self.assertTrue(len(r) == 20, r)
self.assertFalse(hsm.is_ready)
def test_05_encrypt_decrypt(self):
config = current_app.config
hsm = DefaultSecurityModule({"file": config.get("PI_ENCFILE")})
cipher = hsm.encrypt(b"data", b"iv12345678901234")
text = hsm.decrypt(cipher, b"iv12345678901234")
self.assertEqual(text, b"data")
cipher = hsm.encrypt_pin(u"pin")
text = hsm.decrypt_pin(cipher)
self.assertEqual(text, u"pin")
cipher = hsm.encrypt_password(u"password")
text = hsm.decrypt_password(cipher)
self.assertEqual(text, u"password")
def test_05_encrypt_decrypt(self):
config = current_app.config
hsm = DefaultSecurityModule({"file": config.get("PI_ENCFILE")})
cipher = hsm.encrypt("data", "iv12345678901234")
text = hsm.decrypt(cipher, "iv12345678901234")
self.assertTrue(text == "data", text)
cipher = hsm.encrypt_pin("data")
text = hsm.decrypt_pin(cipher)
self.assertTrue(text == "data", text)
cipher = hsm.encrypt_password("data")
text = hsm.decrypt_password(cipher)
self.assertTrue(text == "data", text)
