def keys(auth_session): """ Fixture containing keys""" keys = {} try: for key_gen in set(param[1] for param in PARAM_LIST): template = get_default_key_template(key_gen) ret, key_handle = c_generate_key(auth_session, key_gen, template) ret2, wrap_handle = c_generate_key(auth_session, key_gen, template) if ret == CKR_OK and ret2 == CKR_OK: keys[key_gen] = key_handle, wrap_handle elif ret2 != CKR_OK: keys[key_gen] = key_handle, None logger.info( "Failed to generate key: {}\nReturn code: {}".format( key_gen, ret2)) elif ret != CKR_OK: keys[key_gen] = None, wrap_handle logger.info( "Failed to generate key: {}\nReturn code: {}".format( key_gen, ret)) else: logger.info( "Failed to generate key: {}\nReturn code: {}".format( key_gen, ret)) yield keys finally: for key, wrap in keys.values(): if key is not None: c_destroy_object(auth_session, key) if wrap is not None: c_destroy_object(auth_session, wrap)
def test_derive_dukpt_ipek(self, valid_mechanisms): """ Test derive key for the new dukpt ipek mechanism """ if CKM_DES2_DUKPT_IPEK not in valid_mechanisms: pytest.skip( 'This test is only valid for FWs that support CKM_DES2_DUKPT_IPEK' ) key_template = get_session_template( get_default_key_template(CKM_DES2_KEY_GEN)) ret, h_base_key = c_generate_key(self.h_session, CKM_DES2_KEY_GEN, key_template) mech = StringDataDerivationMechanism(mech_type=CKM_DES2_DUKPT_IPEK, params={ 'data': 0xffff9876543210e00000 }).to_c_mech() derived_key_template = key_template.copy() del derived_key_template[CKA_VALUE_LEN] derived_key_template[CKA_LABEL] = b"DUKPT IPEK" ret, h_derived_key = c_derive_key(self.h_session, h_base_key, derived_key_template, mechanism=mech) try: self.verify_ret(ret, CKR_OK) verify_object_attributes(self.h_session, h_derived_key, derived_key_template) finally: if h_base_key: c_destroy_object(self.h_session, h_base_key) if h_derived_key: c_destroy_object(self.h_session, h_derived_key)
def test_generate_key(self, key_type): """ Test generation of keys for sym. crypto systems :param key_type: key generation mechanism """ key_template = get_default_key_template(key_type) ret, key_handle = c_generate_key(self.h_session, key_type, key_template) self.verify_ret(ret, CKR_OK) self.verify_key_len(key_handle, key_handle)
def test_generate_key(self, key_type, valid_mechanisms): """ Test generation of keys for sym. crypto systems :param key_type: key generation mechanism """ key_template = get_session_template(get_default_key_template(key_type)) ret, key_handle = c_generate_key(self.h_session, key_type, key_template) try: if key_type not in valid_mechanisms: self.verify_ret(ret, CKR_MECHANISM_INVALID) else: self.verify_ret(ret, CKR_OK) self.verify_key_len(key_handle, key_handle) finally: c_destroy_object(self.h_session, key_handle)
def test_modifyusagecount(self, command_type): """Test modify usage count :param command_type: """ ret, key_handle = c_generate_key(self.h_session, CKM_DES_KEY_GEN, CKM_DES_KEY_GEN_TEMP) assert ret == CKR_OK, "Return code should be " + \ ret_vals_dictionary[CKR_OK] + " not " + ret_vals_dictionary[ret] assert key_handle > 0, "The key handle returned should be non zero" ret = ca_modifyusagecount(self.h_session, key_handle, command_type, 0) assert ret == CKR_OK, \ "Return code should be " + ret_vals_dictionary[CKR_OK] + \ " not " + ret_vals_dictionary[ret]
def sym_keys(auth_session): """ Fixture containing all sym. keys """ keys = {} try: for key_type in SYM_KEYS: template = get_session_template(get_default_key_template(key_type)) ret, key_handle = c_generate_key(auth_session, key_type, template) if ret == CKR_OK: keys[key_type] = key_handle else: logger.info( "Failed to generate key: {}\nReturn code: {}".format( key_type, ret)) yield keys finally: for handle in keys.values(): c_destroy_object(auth_session, handle)