def keys(auth_session):
""" Fixture containing keys"""
keys = {}
try:
for key_gen in set(param[1] for param in PARAM_LIST):
template = get_default_key_template(key_gen)
ret, key_handle = c_generate_key(auth_session, key_gen, template)
ret2, wrap_handle = c_generate_key(auth_session, key_gen, template)
if ret == CKR_OK and ret2 == CKR_OK:
keys[key_gen] = key_handle, wrap_handle
elif ret2 != CKR_OK:
keys[key_gen] = key_handle, None
logger.info(
"Failed to generate key: {}\nReturn code: {}".format(
key_gen, ret2))
elif ret != CKR_OK:
keys[key_gen] = None, wrap_handle
logger.info(
"Failed to generate key: {}\nReturn code: {}".format(
key_gen, ret))
else:
logger.info(
"Failed to generate key: {}\nReturn code: {}".format(
key_gen, ret))
yield keys
finally:
for key, wrap in keys.values():
if key is not None:
c_destroy_object(auth_session, key)
if wrap is not None:
c_destroy_object(auth_session, wrap)
def test_derive_dukpt_ipek(self, valid_mechanisms):
"""
Test derive key for the new dukpt ipek mechanism
"""
if CKM_DES2_DUKPT_IPEK not in valid_mechanisms:
pytest.skip(
'This test is only valid for FWs that support CKM_DES2_DUKPT_IPEK'
)
key_template = get_session_template(
get_default_key_template(CKM_DES2_KEY_GEN))
ret, h_base_key = c_generate_key(self.h_session, CKM_DES2_KEY_GEN,
key_template)
mech = StringDataDerivationMechanism(mech_type=CKM_DES2_DUKPT_IPEK,
params={
'data': 0xffff9876543210e00000
}).to_c_mech()
derived_key_template = key_template.copy()
del derived_key_template[CKA_VALUE_LEN]
derived_key_template[CKA_LABEL] = b"DUKPT IPEK"
ret, h_derived_key = c_derive_key(self.h_session,
h_base_key,
derived_key_template,
mechanism=mech)
try:
self.verify_ret(ret, CKR_OK)
verify_object_attributes(self.h_session, h_derived_key,
derived_key_template)
finally:
if h_base_key:
c_destroy_object(self.h_session, h_base_key)
if h_derived_key:
c_destroy_object(self.h_session, h_derived_key)
def test_generate_key(self, key_type):
"""
Test generation of keys for sym. crypto systems
:param key_type: key generation mechanism
"""
key_template = get_default_key_template(key_type)
ret, key_handle = c_generate_key(self.h_session, key_type,
key_template)
self.verify_ret(ret, CKR_OK)
self.verify_key_len(key_handle, key_handle)
def test_generate_key(self, key_type, valid_mechanisms):
"""
Test generation of keys for sym. crypto systems
:param key_type: key generation mechanism
"""
key_template = get_session_template(get_default_key_template(key_type))
ret, key_handle = c_generate_key(self.h_session, key_type, key_template)
try:
if key_type not in valid_mechanisms:
self.verify_ret(ret, CKR_MECHANISM_INVALID)
else:
self.verify_ret(ret, CKR_OK)
self.verify_key_len(key_handle, key_handle)
finally:
c_destroy_object(self.h_session, key_handle)
def test_modifyusagecount(self, command_type):
"""Test modify usage count
:param command_type:
"""
ret, key_handle = c_generate_key(self.h_session, CKM_DES_KEY_GEN,
CKM_DES_KEY_GEN_TEMP)
assert ret == CKR_OK, "Return code should be " + \
ret_vals_dictionary[CKR_OK] + " not " + ret_vals_dictionary[ret]
assert key_handle > 0, "The key handle returned should be non zero"
ret = ca_modifyusagecount(self.h_session, key_handle, command_type, 0)
assert ret == CKR_OK, \
"Return code should be " + ret_vals_dictionary[CKR_OK] + \
" not " + ret_vals_dictionary[ret]
def sym_keys(auth_session):
""" Fixture containing all sym. keys """
keys = {}
try:
for key_type in SYM_KEYS:
template = get_session_template(get_default_key_template(key_type))
ret, key_handle = c_generate_key(auth_session, key_type, template)
if ret == CKR_OK:
keys[key_type] = key_handle
else:
logger.info(
"Failed to generate key: {}\nReturn code: {}".format(
key_type, ret))
yield keys
finally:
for handle in keys.values():
c_destroy_object(auth_session, handle)
