def setUp(self):
super(WhenTestingP11CryptoPlugin, self).setUp()
self.lib = mock.Mock()
self.lib.C_Initialize.return_value = pkcs11.CKR_OK
self.lib.C_OpenSession.return_value = pkcs11.CKR_OK
self.lib.C_CloseSession.return_value = pkcs11.CKR_OK
self.lib.C_FindObjectsInit.return_value = pkcs11.CKR_OK
self.lib.C_FindObjects.return_value = pkcs11.CKR_OK
self.lib.C_FindObjectsFinal.return_value = pkcs11.CKR_OK
self.lib.C_GenerateKey.return_value = pkcs11.CKR_OK
self.lib.C_Login.return_value = pkcs11.CKR_OK
self.lib.C_GenerateRandom.side_effect = write_random_first_byte
self.ffi = pkcs11.build_ffi()
setattr(self.ffi, 'dlopen', lambda x: self.lib)
self.cfg_mock = mock.MagicMock(name='config mock')
self.cfg_mock.p11_crypto_plugin.mkek_label = "mkek"
self.cfg_mock.p11_crypto_plugin.hmac_label = "hmac"
self.cfg_mock.p11_crypto_plugin.mkek_length = 32
self.cfg_mock.p11_crypto_plugin.slot_id = 1
with mock.patch.object(pkcs11.PKCS11, 'get_key_handle') as mocked:
mocked.return_value = long(1)
self.plugin = p11_crypto.P11CryptoPlugin(ffi=self.ffi,
conf=self.cfg_mock)
self.test_session = self.plugin.pkcs11.create_working_session()
def setUp(self):
super(WhenTestingP11CryptoPlugin, self).setUp()
self.lib = mock.Mock()
self.lib.C_Initialize.return_value = pkcs11.CKR_OK
self.lib.C_OpenSession.return_value = pkcs11.CKR_OK
self.lib.C_CloseSession.return_value = pkcs11.CKR_OK
self.lib.C_FindObjectsInit.return_value = pkcs11.CKR_OK
self.lib.C_FindObjects.return_value = pkcs11.CKR_OK
self.lib.C_FindObjectsFinal.return_value = pkcs11.CKR_OK
self.lib.C_GenerateKey.return_value = pkcs11.CKR_OK
self.lib.C_Login.return_value = pkcs11.CKR_OK
self.lib.C_GenerateRandom.side_effect = write_random_first_byte
self.ffi = pkcs11.build_ffi()
setattr(self.ffi, 'dlopen', lambda x: self.lib)
self.cfg_mock = mock.MagicMock(name='config mock')
self.cfg_mock.p11_crypto_plugin.mkek_label = "mkek"
self.cfg_mock.p11_crypto_plugin.hmac_label = "hmac"
self.cfg_mock.p11_crypto_plugin.mkek_length = 32
self.cfg_mock.p11_crypto_plugin.slot_id = 1
with mock.patch.object(pkcs11.PKCS11, 'get_key_handle') as mocked:
mocked.return_value = long(1)
self.plugin = p11_crypto.P11CryptoPlugin(
ffi=self.ffi, conf=self.cfg_mock
)
self.test_session = self.plugin.pkcs11.create_working_session()
def setUp(self):
super(WhenTestingPKCS11, self).setUp()
self.lib = mock.Mock()
self.lib.C_Initialize.return_value = pkcs11.CKR_OK
self.lib.C_Finalize.return_value = pkcs11.CKR_OK
self.lib.C_GetSlotList.side_effect = self._get_slot_list
self.lib.C_GetTokenInfo.side_effect = self._get_token_info
self.lib.C_OpenSession.side_effect = self._open_session
self.lib.C_CloseSession.return_value = pkcs11.CKR_OK
self.lib.C_GetSessionInfo.side_effect = self._get_session_user
self.lib.C_Login.return_value = pkcs11.CKR_OK
self.lib.C_FindObjectsInit.return_value = pkcs11.CKR_OK
self.lib.C_FindObjects.side_effect = self._find_objects_one
self.lib.C_FindObjectsFinal.return_value = pkcs11.CKR_OK
self.lib.C_GenerateKey.side_effect = self._generate_key
self.lib.C_GenerateRandom.side_effect = self._generate_random
self.lib.C_SeedRandom.return_value = pkcs11.CKR_OK
self.lib.C_EncryptInit.return_value = pkcs11.CKR_OK
self.lib.C_Encrypt.side_effect = self._encrypt
self.lib.C_DecryptInit.return_value = pkcs11.CKR_OK
self.lib.C_Decrypt.side_effect = self._decrypt
self.lib.C_WrapKey.side_effect = self._wrap_key
self.lib.C_UnwrapKey.side_effect = self._unwrap_key
self.lib.C_SignInit.return_value = pkcs11.CKR_OK
self.lib.C_Sign.side_effect = self._sign
self.lib.C_VerifyInit.return_value = pkcs11.CKR_OK
self.lib.C_Verify.side_effect = self._verify
self.lib.C_DestroyObject.return_value = pkcs11.CKR_OK
self.ffi = pkcs11.build_ffi()
setattr(self.ffi, 'dlopen', lambda x: self.lib)
self.cfg_mock = mock.MagicMock(name='config mock')
self.cfg_mock.library_path = '/dev/null'
self.cfg_mock.login_passphrase = 'foobar'
self.cfg_mock.rw_session = False
self.cfg_mock.slot_id = 1
self.cfg_mock.encryption_mechanism = 'CKM_AES_CBC'
self.cfg_mock.hmac_keywrap_mechanism = 'CKM_SHA256_HMAC'
self.token_mock = mock.MagicMock()
self.token_mock.label = b'myLabel'
self.token_mock.serial_number = b'111111'
self.pkcs11 = pkcs11.PKCS11(
self.cfg_mock.library_path, self.cfg_mock.login_passphrase,
self.cfg_mock.rw_session, self.cfg_mock.slot_id,
self.cfg_mock.encryption_mechanism,
ffi=self.ffi,
hmac_keywrap_mechanism=self.cfg_mock.hmac_keywrap_mechanism
)
def test_create_pkcs11(self):
def _generate_random(session, buf, length):
ffi.buffer(buf)[:] = b'0' * length
return pkcs11.CKR_OK
lib = mock.Mock()
lib.C_Initialize.return_value = pkcs11.CKR_OK
lib.C_OpenSession.return_value = pkcs11.CKR_OK
lib.C_CloseSession.return_value = pkcs11.CKR_OK
lib.C_GetSessionInfo.return_value = pkcs11.CKR_OK
lib.C_Login.return_value = pkcs11.CKR_OK
lib.C_GenerateRandom.side_effect = _generate_random
ffi = pkcs11.build_ffi()
setattr(ffi, 'dlopen', lambda x: lib)
p11 = self.plugin._create_pkcs11(self.cfg_mock.p11_crypto_plugin, ffi)
self.assertIsInstance(p11, pkcs11.PKCS11)
def setUp(self):
super(WhenTestingPKCS11, self).setUp()
self.lib = mock.Mock()
self.lib.C_Initialize.return_value = pkcs11.CKR_OK
self.lib.C_Finalize.return_value = pkcs11.CKR_OK
self.lib.C_OpenSession.side_effect = self._open_session
self.lib.C_CloseSession.return_value = pkcs11.CKR_OK
self.lib.C_GetSessionInfo.side_effect = self._get_session_user
self.lib.C_Login.return_value = pkcs11.CKR_OK
self.lib.C_FindObjectsInit.return_value = pkcs11.CKR_OK
self.lib.C_FindObjects.side_effect = self._find_objects_one
self.lib.C_FindObjectsFinal.return_value = pkcs11.CKR_OK
self.lib.C_GenerateKey.side_effect = self._generate_key
self.lib.C_GenerateRandom.side_effect = self._generate_random
self.lib.C_EncryptInit.return_value = pkcs11.CKR_OK
self.lib.C_Encrypt.side_effect = self._encrypt
self.lib.C_DecryptInit.return_value = pkcs11.CKR_OK
self.lib.C_Decrypt.side_effect = self._decrypt
self.lib.C_WrapKey.side_effect = self._wrap_key
self.lib.C_UnwrapKey.side_effect = self._unwrap_key
self.lib.C_SignInit.return_value = pkcs11.CKR_OK
self.lib.C_Sign.side_effect = self._sign
self.lib.C_VerifyInit.return_value = pkcs11.CKR_OK
self.lib.C_Verify.side_effect = self._verify
self.lib.C_DestroyObject.return_value = pkcs11.CKR_OK
self.ffi = pkcs11.build_ffi()
setattr(self.ffi, 'dlopen', lambda x: self.lib)
self.cfg_mock = mock.MagicMock(name='config mock')
self.cfg_mock.library_path = '/dev/null'
self.cfg_mock.login_passphrase = 'foobar'
self.cfg_mock.rw_session = False
self.cfg_mock.slot_id = 1
self.cfg_mock.algorithm = 'CKM_AES_GCM'
self.pkcs11 = pkcs11.PKCS11(self.cfg_mock.library_path,
self.cfg_mock.login_passphrase,
self.cfg_mock.rw_session,
self.cfg_mock.slot_id,
ffi=self.ffi)
def test_create_pkcs11(self):
def _generate_random(session, buf, length):
ffi.buffer(buf)[:] = b'0' * length
return pkcs11.CKR_OK
lib = mock.Mock()
lib.C_Initialize.return_value = pkcs11.CKR_OK
lib.C_GetSlotList.return_value = pkcs11.CKR_OK
lib.C_GetTokenInfo.return_value = pkcs11.CKR_OK
lib.C_OpenSession.return_value = pkcs11.CKR_OK
lib.C_CloseSession.return_value = pkcs11.CKR_OK
lib.C_GetSessionInfo.return_value = pkcs11.CKR_OK
lib.C_Login.return_value = pkcs11.CKR_OK
lib.C_GenerateRandom.side_effect = _generate_random
lib.C_SeedRandom.return_value = pkcs11.CKR_OK
ffi = pkcs11.build_ffi()
setattr(ffi, 'dlopen', lambda x: lib)
p11 = self.plugin._create_pkcs11(ffi)
self.assertIsInstance(p11, pkcs11.PKCS11)
# test for when plugin_conf.seed_file is not None
self.plugin.seed_file = 'seed_file'
d = '01234567' * 4
mo = mock.mock_open(read_data=d)
with mock.patch(six.moves.builtins.__name__ + '.open', mo,
create=True):
p11 = self.plugin._create_pkcs11(ffi)
self.assertIsInstance(p11, pkcs11.PKCS11)
mo.assert_called_once_with('seed_file', 'rb')
calls = [
mock.call('seed_file', 'rb'),
mock.call().__enter__(),
mock.call().read(32),
mock.call().__exit__(None, None, None)
]
self.assertEqual(mo.mock_calls, calls)
lib.C_SeedRandom.assert_called_once_with(mock.ANY, mock.ANY, 32)
self.cfg_mock.p11_crypto_plugin.seed_file = ''
def setUp(self):
super(WhenTestingPKCS11, self).setUp()
self.lib = mock.Mock()
self.lib.C_Initialize.return_value = pkcs11.CKR_OK
self.lib.C_Finalize.return_value = pkcs11.CKR_OK
self.lib.C_OpenSession.side_effect = self._open_session
self.lib.C_CloseSession.return_value = pkcs11.CKR_OK
self.lib.C_GetSessionInfo.side_effect = self._get_session_user
self.lib.C_Login.return_value = pkcs11.CKR_OK
self.lib.C_FindObjectsInit.return_value = pkcs11.CKR_OK
self.lib.C_FindObjects.side_effect = self._find_objects_one
self.lib.C_FindObjectsFinal.return_value = pkcs11.CKR_OK
self.lib.C_GenerateKey.side_effect = self._generate_key
self.lib.C_GenerateRandom.side_effect = self._generate_random
self.lib.C_EncryptInit.return_value = pkcs11.CKR_OK
self.lib.C_Encrypt.side_effect = self._encrypt
self.lib.C_DecryptInit.return_value = pkcs11.CKR_OK
self.lib.C_Decrypt.side_effect = self._decrypt
self.lib.C_WrapKey.side_effect = self._wrap_key
self.lib.C_UnwrapKey.side_effect = self._unwrap_key
self.lib.C_SignInit.return_value = pkcs11.CKR_OK
self.lib.C_Sign.side_effect = self._sign
self.lib.C_VerifyInit.return_value = pkcs11.CKR_OK
self.lib.C_Verify.side_effect = self._verify
self.lib.C_DestroyObject.return_value = pkcs11.CKR_OK
self.ffi = pkcs11.build_ffi()
setattr(self.ffi, 'dlopen', lambda x: self.lib)
self.cfg_mock = mock.MagicMock(name='config mock')
self.cfg_mock.library_path = '/dev/null'
self.cfg_mock.login_passphrase = 'foobar'
self.cfg_mock.rw_session = False
self.cfg_mock.slot_id = 1
self.cfg_mock.algorithm = 'CKM_AES_GCM'
self.pkcs11 = pkcs11.PKCS11(
self.cfg_mock.library_path, self.cfg_mock.login_passphrase,
self.cfg_mock.rw_session, self.cfg_mock.slot_id, ffi=self.ffi
)
def test_create_pkcs11(self):
def _generate_random(session, buf, length):
ffi.buffer(buf)[:] = b'0' * length
return pkcs11.CKR_OK
lib = mock.Mock()
lib.C_Initialize.return_value = pkcs11.CKR_OK
lib.C_OpenSession.return_value = pkcs11.CKR_OK
lib.C_CloseSession.return_value = pkcs11.CKR_OK
lib.C_GetSessionInfo.return_value = pkcs11.CKR_OK
lib.C_Login.return_value = pkcs11.CKR_OK
lib.C_GenerateRandom.side_effect = _generate_random
lib.C_SeedRandom.return_value = pkcs11.CKR_OK
ffi = pkcs11.build_ffi()
setattr(ffi, 'dlopen', lambda x: lib)
p11 = self.plugin._create_pkcs11(self.cfg_mock.p11_crypto_plugin, ffi)
self.assertIsInstance(p11, pkcs11.PKCS11)
# test for when plugin_conf.seed_file is not None
self.cfg_mock.p11_crypto_plugin.seed_file = 'seed_file'
d = '01234567' * 4
mo = mock.mock_open(read_data=d)
with mock.patch(six.moves.builtins.__name__ + '.open',
mo,
create=True):
p11 = self.plugin._create_pkcs11(
self.cfg_mock.p11_crypto_plugin, ffi)
self.assertIsInstance(p11, pkcs11.PKCS11)
mo.assert_called_once_with('seed_file', 'rb')
calls = [mock.call('seed_file', 'rb'),
mock.call().__enter__(),
mock.call().read(32),
mock.call().__exit__(None, None, None)]
self.assertEqual(mo.mock_calls, calls)
lib.C_SeedRandom.assert_called_once_with(mock.ANY, mock.ANY, 32)
self.cfg_mock.p11_crypto_plugin.seed_file = ''
