def test_list_keys(self): key1 = sym_key.SymmetricKey('AES', 64 * 8, bytes(b'0' * 64)) self.key_mgr.store(self.context, key1) key2 = sym_key.SymmetricKey('AES', 32 * 8, bytes(b'0' * 32)) self.key_mgr.store(self.context, key2) keys = self.key_mgr.list(self.context) self.assertEqual(2, len(keys)) self.assertTrue(key1 in keys) self.assertTrue(key2 in keys) for key in keys: self.assertIsNotNone(key.id)
def test_list_keys_metadata_only(self): key1 = sym_key.SymmetricKey('AES', 64 * 8, bytes(b'0' * 64)) self.key_mgr.store(self.context, key1) key2 = sym_key.SymmetricKey('AES', 32 * 8, bytes(b'0' * 32)) self.key_mgr.store(self.context, key2) keys = self.key_mgr.list(self.context, metadata_only=True) self.assertEqual(2, len(keys)) bit_length_list = [key1.bit_length, key2.bit_length] for key in keys: self.assertTrue(key.is_metadata_only()) self.assertTrue(key.bit_length in bit_length_list) for key in keys: self.assertIsNotNone(key.id)
def test_store_key(self): key_bytes = bytes(binascii.unhexlify('0' * 64)) _key = key.SymmetricKey('AES', len(key_bytes) * 8, key_bytes) key_id = self.key_mgr.store(self.ctxt, _key) actual_key = self.key_mgr.get(self.ctxt, key_id) self.assertEqual(_key, actual_key)
def _generate_key(self, **kwargs): name = kwargs.get('name', None) algorithm = kwargs.get('algorithm', 'AES') key_length = kwargs.get('length', 256) _hex = self._generate_hex_key(key_length) return sym_key.SymmetricKey(algorithm, key_length, bytes(binascii.unhexlify(_hex)), name)
def test_store_and_get_key(self): secret_key = bytes(b'0' * 64) _key = sym_key.SymmetricKey('AES', 64 * 8, secret_key) key_id = self.key_mgr.store(self.context, _key) actual_key = self.key_mgr.get(self.context, key_id) self.assertEqual(_key, actual_key)
def test_get_mangled_passphrase(self): # Confirm that a mangled passphrase is provided as per bug#1633518 unmangled_raw_key = bytes(binascii.unhexlify('0725230b')) symmetric_key = key.SymmetricKey('AES', len(unmangled_raw_key) * 8, unmangled_raw_key) unmangled_encoded_key = symmetric_key.get_encoded() self.assertEqual(self.encryptor._get_mangled_passphrase( unmangled_encoded_key), '72523b')
def test_store_key_and_get_metadata(self): secret_key = bytes(b'0' * 64) _key = sym_key.SymmetricKey('AES', 64 * 8, secret_key) key_id = self.key_mgr.store(self.context, _key) actual_key = self.key_mgr.get(self.context, key_id, metadata_only=True) self.assertIsNone(actual_key.get_encoded()) self.assertTrue(actual_key.is_metadata_only())
def test_store_with_error(self): self.mock_barbican.secrets.create = mock.Mock( side_effect=barbican_exceptions.HTTPClientError('test error')) secret_key = bytes(b'\x01\x02\xA0\xB3') key_length = len(secret_key) * 8 _key = sym_key.SymmetricKey('AES', key_length, secret_key) self.assertRaises(exception.KeyManagerError, self.key_mgr.store, self.ctxt, _key)
def setUp(self): super(ConfKeyManagerTestCase, self).setUp() self.ctxt = context.RequestContext('fake', 'fake') self.key_mgr = self._create_key_manager() encoded_key = bytes(binascii.unhexlify(self._hex_key)) self.key = key.SymmetricKey('AES', len(encoded_key) * 8, encoded_key) self.key_id = self.key_mgr.key_id
def _get_key(self): if self.conf.key_manager.fixed_key is None: raise ValueError( _('config option key_manager.fixed_key is not ' 'defined')) hex_key = self.conf.key_manager.fixed_key key_bytes = bytes(binascii.unhexlify(hex_key)) return symmetric_key.SymmetricKey('AES', len(key_bytes) * 8, key_bytes)
def test___eq__(self): self.assertTrue(self.key == self.key) self.assertTrue(self.key is self.key) self.assertFalse(self.key is None) self.assertFalse(None == self.key) other_key = sym_key.SymmetricKey(self.algorithm, self.bit_length, self.encoded, self.name) self.assertTrue(self.key == other_key) self.assertFalse(self.key is other_key)
def create_key(self, context, algorithm, length, name=None, **kwargs): """Creates a symmetric key.""" # Confirm context is provided, if not raise forbidden if not context: msg = _("User is not authorized to use key manager.") raise exception.Forbidden(msg) key_id = uuid.uuid4().hex key_value = os.urandom(length or 32) key = sym_key.SymmetricKey(algorithm, length or 32, key_value, key_id, name or int(time.time())) return self._store_key_value(key_id, key)
def setUp(self): super(MigrationKeyManagerTestCase, self).setUp() # Create fake context (actual contents doesn't matter). self.ctxt = mock.Mock() fixed_key_bytes = bytes(binascii.unhexlify(self.fixed_key)) fixed_key_length = len(fixed_key_bytes) * 8 self.fixed_key_secret = key.SymmetricKey('AES', fixed_key_length, fixed_key_bytes) self.fixed_key_id = '00000000-0000-0000-0000-000000000000' self.other_key_id = "d152fa13-2b41-42ca-a934-6c21566c0f40"
def get(self, context, managed_object_id): if managed_object_id == self.fixed_key_id: LOG.debug("Processing request for secret associated" " with fixed_key key ID") if context is None: raise exception.Forbidden() key_bytes = bytes(binascii.unhexlify(self.fixed_key)) secret = symmetric_key.SymmetricKey( 'AES', len(key_bytes) * 8, key_bytes) else: secret = super(MigrationKeyManager, self).get(context, managed_object_id) return secret
def create_key(self, context, algorithm, length, name=None, **kwargs): """Creates a symmetric key.""" if length % 8: msg = _("Length must be multiple of 8.") raise ValueError(msg) key_id = uuid.uuid4().hex key_value = os.urandom((length or 256) // 8) key = sym_key.SymmetricKey(algorithm, length or 256, key_value, key_id, name or int(time.time())) return self._store_key_value(key_id, key)
def test_store_key(self): # Create Key to store secret_key = bytes(b'\x01\x02\xA0\xB3') key_length = len(secret_key) * 8 _key = sym_key.SymmetricKey('AES', key_length, secret_key) # Define the return values secret = mock.Mock() self.create.return_value = secret secret.store.return_value = self.secret_ref # Store the Key returned_uuid = self.key_mgr.store(self.ctxt, _key) self.create.assert_called_once_with(algorithm='AES', bit_length=key_length, name=None, payload=secret_key, secret_type='symmetric') self.assertEqual(self.key_id, returned_uuid)
def test___ne___encoded(self): different_encoded = self.encoded * 2 other_key = sym_key.SymmetricKey(self.algorithm, self.bit_length, different_encoded, self.name) self.assertTrue(self.key != other_key)
def test___ne___algorithm(self): other_key = sym_key.SymmetricKey('DES', self.bit_length, self.encoded, self.name) self.assertTrue(self.key != other_key)
def _create_key(self): return sym_key.SymmetricKey(self.algorithm, self.bit_length, self.encoded, self.name)
def _get_test_symmetric_key(): key_bytes = bytes(utils.get_symmetric_key()) bit_length = 128 key = symmetric_key.SymmetricKey('AES', bit_length, key_bytes) return key
def _get_key(self): key_bytes = bytes(binascii.unhexlify(self._hex_key)) return key.SymmetricKey('AES', len(key_bytes) * 8, key_bytes)
def test_is_only_metadata(self): k = sym_key.SymmetricKey(self.algorithm, self.bit_length, None, self.name, self.created) self.assertTrue(k.is_metadata_only())
def test___ne___name(self): other_key = sym_key.SymmetricKey(self.algorithm, self.bit_length, self.encoded, 'other key') self.assertTrue(self.key != other_key)
def test_store_key_invalid(self): encoded = bytes(binascii.unhexlify('0' * 64)) inverse_key = key.SymmetricKey('AES', len(encoded) * 8, encoded) self.assertRaises(exception.KeyManagerError, self.key_mgr.store, self.ctxt, inverse_key)
def fake__get_key(context, passphrase): raw = bytes(binascii.unhexlify(passphrase)) symmetric_key = key.SymmetricKey('AES', len(raw) * 8, raw) return symmetric_key
def fake__get_key(context): raw = bytes(binascii.unhexlify('0' * 32)) symmetric_key = key.SymmetricKey('AES', len(raw) * 8, raw) return symmetric_key
def test_get_created_none(self): created = None key = sym_key.SymmetricKey(self.algorithm, self.bit_length, self.encoded, self.name, created) self.assertEqual(created, key.created)