Exemple #1
0
def test_reset(hsm, session, connect_hsm):
    Opaque.put(
        session,
        0,
        "Test opaque data",
        1,
        CAPABILITY.NONE,
        ALGORITHM.OPAQUE_DATA,
        b"dummyobject",
    )
    session.reset_device()
    hsm.close()

    time.sleep(5)  # Wait for device to reboot

    with connect_hsm() as hsm:  # Re-connect since device restarted.
        with hsm.create_session_derived(1, DEFAULT_KEY) as session:
            assert len(session.list_objects()) == 1
            auth_key = session.get_object(1, OBJECT.AUTHENTICATION_KEY)

            # Check details of default key
            info = auth_key.get_info()

    assert info.capabilities & CAPABILITY.ALL == CAPABILITY.ALL
    assert info.id == 1
    assert info.size == 40
    assert info.domains == 0xFFFF
    assert info.object_type == OBJECT.AUTHENTICATION_KEY
    assert info.algorithm == ALGORITHM.AES128_YUBICO_AUTHENTICATION
    assert info.sequence == 0
    assert info.origin == ORIGIN.IMPORTED
    assert info.label == "DEFAULT AUTHKEY CHANGE THIS ASAP"
    assert info.capabilities == info.delegated_capabilities
Exemple #2
0
    def test_reset(self):
        Opaque.put(self.session, 0, "Test opaque data", 1, 0, OBJECT.OPAQUE,
                   b"dummyobject")
        self.session.reset_device()
        self.hsm.close()

        time.sleep(5)  # Wait for device to reboot

        self.connect_hsm()  # Re-connect since device restarted.
        self.session = self.hsm.create_session_derived(1, DEFAULT_KEY)
        self.assertEqual(len(self.session.list_objects()), 1)
        auth_key = self.session.get_object(1, OBJECT.AUTHENTICATION_KEY)

        # Check details of default key
        info = auth_key.get_info()
        self.assertEqual(info.capabilities & CAPABILITY.ALL, CAPABILITY.ALL)
        self.assertEqual(info.id, 1)
        self.assertEqual(info.size, 40)
        self.assertEqual(info.domains, 0xFFFF)
        self.assertEqual(info.object_type, OBJECT.AUTHENTICATION_KEY)
        self.assertEqual(info.algorithm,
                         ALGORITHM.AES128_YUBICO_AUTHENTICATION)
        self.assertEqual(info.sequence, 0)
        self.assertEqual(info.origin, ORIGIN.IMPORTED)
        self.assertEqual(info.label, "DEFAULT AUTHKEY CHANGE THIS ASAP")
        self.assertEqual(info.capabilities, info.delegated_capabilities)
Exemple #3
0
    def test_put_too_big(self):
        with self.assertRaises(YubiHsmDeviceError) as cm:
            Opaque.put(self.session, 0, 'Test large Opaque',
                       1, CAPABILITY.NONE, ALGORITHM.OPAQUE_DATA,
                       os.urandom(1969))

        self.assertEqual(cm.exception.code, ERROR.WRONG_LENGTH)

        # Make sure our session is still working
        self.assertEqual(len(self.session.get_pseudo_random(123)), 123)
 def test_put_empty(self):
     # Can't put an empty object
     with self.assertRaises(ValueError):
         Opaque.put(
             self.session,
             0,
             "Test PUT empty Opaque",
             1,
             CAPABILITY.NONE,
             ALGORITHM.OPAQUE_DATA,
             b"",
         )
def test_put_too_big(session):
    with pytest.raises(YubiHsmInvalidRequestError):
        Opaque.put(
            session,
            0,
            "Test large Opaque",
            1,
            CAPABILITY.NONE,
            ALGORITHM.OPAQUE_DATA,
            os.urandom(1976),
        )

    # Make sure our session is still working
    assert len(session.get_pseudo_random(123)) == 123
Exemple #6
0
def test_import_wrap_overwrite(session):
    key_label = "wrap key"
    raw_key = os.urandom(24)
    w_key = WrapKey.put(
        session,
        0,
        key_label,
        1,
        CAPABILITY.EXPORT_WRAPPED | CAPABILITY.IMPORT_WRAPPED,
        ALGORITHM.AES192_CCM_WRAP,
        CAPABILITY.EXPORTABLE_UNDER_WRAP,
        raw_key,
    )
    opaque = Opaque.put(
        session,
        0,
        "Test Opaque Object",
        0xFFFF,
        CAPABILITY.EXPORTABLE_UNDER_WRAP,
        ALGORITHM.OPAQUE_DATA,
        b"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
    )
    opaque_wrapped = w_key.export_wrapped(opaque)
    with pytest.raises(YubiHsmDeviceError) as context:
        w_key.import_wrapped(opaque_wrapped)
    assert context.value.code == ERROR.OBJECT_EXISTS

    opaque.delete()

    opaque = w_key.import_wrapped(opaque_wrapped)

    assert opaque.get() == b"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
    with pytest.raises(YubiHsmDeviceError) as context:
        opaque = w_key.import_wrapped(opaque_wrapped)
    assert context.value.code == ERROR.OBJECT_EXISTS
Exemple #7
0
    def test_import_wrap_overwrite(self):
        key_label = "wrap key"
        raw_key = os.urandom(24)
        w_key = WrapKey.put(
            self.session,
            0,
            key_label,
            1,
            CAPABILITY.EXPORT_WRAPPED | CAPABILITY.IMPORT_WRAPPED,
            ALGORITHM.AES192_CCM_WRAP,
            CAPABILITY.EXPORTABLE_UNDER_WRAP,
            raw_key,
        )
        opaque = Opaque.put(
            self.session,
            0,
            "Test Opaque Object",
            0xFFFF,
            CAPABILITY.EXPORTABLE_UNDER_WRAP,
            ALGORITHM.OPAQUE_DATA,
            b"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
        )
        opaque_wrapped = w_key.export_wrapped(opaque)
        with self.assertRaises(YubiHsmDeviceError) as context:
            w_key.import_wrapped(opaque_wrapped)
        self.assertTrue("OBJECT_EXISTS" in str(context.exception))

        opaque.delete()

        opaque = w_key.import_wrapped(opaque_wrapped)

        self.assertEqual(opaque.get(), b"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa")
        with self.assertRaises(YubiHsmDeviceError) as context:
            opaque = w_key.import_wrapped(opaque_wrapped)
        self.assertTrue("OBJECT_EXISTS" in str(context.exception))
Exemple #8
0
    def test_data(self):
        for size in (1, 256, 1234, 1968):
            data = os.urandom(size)

            opaque = Opaque.put(self.session, 0, 'Test data Opaque', 1,
                                CAPABILITY.NONE, ALGORITHM.OPAQUE_DATA, data)

            self.assertEqual(data, opaque.get())
            opaque.delete()
def test_opaque(hsm, session):
    obj = Opaque.put(
        session,
        0,
        "Test opaque data",
        1,
        CAPABILITY.NONE,
        ALGORITHM.OPAQUE_DATA,
        b"data",
    )
    _test_delete(hsm, session, obj, CAPABILITY.DELETE_OPAQUE)
def test_data(session):
    for size in (1, 256, 1234, 1968):
        data = os.urandom(size)

        opaque = Opaque.put(
            session,
            0,
            "Test data Opaque",
            1,
            CAPABILITY.NONE,
            ALGORITHM.OPAQUE_DATA,
            data,
        )

        assert data == opaque.get()
        opaque.delete()
Exemple #11
0
def test_import_wrap_permissions(session):
    key_label = "wrap key"
    raw_key = os.urandom(24)
    opaque = Opaque.put(
        session,
        0,
        "Test Opaque Object",
        0xFFFF,
        CAPABILITY.EXPORTABLE_UNDER_WRAP,
        ALGORITHM.OPAQUE_DATA,
        b"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
    )
    w_key = WrapKey.put(
        session,
        0,
        key_label,
        1,
        CAPABILITY.EXPORT_WRAPPED | CAPABILITY.IMPORT_WRAPPED,
        ALGORITHM.AES192_CCM_WRAP,
        CAPABILITY.NONE,
        raw_key,
    )

    with pytest.raises(YubiHsmDeviceError) as context:
        w_key.export_wrapped(opaque)
    assert context.value.code == ERROR.INSUFFICIENT_PERMISSIONS

    w_key.delete()
    w_key = WrapKey.put(
        session,
        0,
        key_label,
        1,
        CAPABILITY.EXPORT_WRAPPED | CAPABILITY.IMPORT_WRAPPED,
        ALGORITHM.AES192_CCM_WRAP,
        CAPABILITY.EXPORTABLE_UNDER_WRAP,
        raw_key,
    )

    w_key.id += 1
    with pytest.raises(YubiHsmDeviceError) as context:
        w_key.export_wrapped(opaque)
    assert context.value.code == ERROR.OBJECT_NOT_FOUND

    w_key.id -= 1
    w_key.delete()
    w_key = WrapKey.put(
        session,
        0,
        key_label,
        1,
        CAPABILITY.IMPORT_WRAPPED,
        ALGORITHM.AES192_CCM_WRAP,
        CAPABILITY.EXPORTABLE_UNDER_WRAP,
        raw_key,
    )

    with pytest.raises(YubiHsmDeviceError) as context:
        w_key.export_wrapped(opaque)
    assert context.value.code == ERROR.INSUFFICIENT_PERMISSIONS

    w_key.delete()
    w_key = WrapKey.put(
        session,
        0,
        key_label,
        1,
        CAPABILITY.EXPORT_WRAPPED,
        ALGORITHM.AES192_CCM_WRAP,
        CAPABILITY.EXPORTABLE_UNDER_WRAP,
        raw_key,
    )

    opaque_wrapped = w_key.export_wrapped(opaque)

    with pytest.raises(YubiHsmDeviceError) as context:
        w_key.import_wrapped(opaque_wrapped)
    assert context.value.code == ERROR.INSUFFICIENT_PERMISSIONS

    w_key.delete()
    w_key = WrapKey.put(
        session,
        0,
        key_label,
        1,
        CAPABILITY.IMPORT_WRAPPED | CAPABILITY.EXPORT_WRAPPED,
        ALGORITHM.AES192_CCM_WRAP,
        CAPABILITY.EXPORTABLE_UNDER_WRAP,
        raw_key,
    )

    opaque_wrapped = w_key.export_wrapped(opaque)
    opaque.delete()
    w_key.id += 1
    with pytest.raises(YubiHsmDeviceError) as context:
        w_key.import_wrapped(opaque_wrapped)
    assert context.value.code == ERROR.OBJECT_NOT_FOUND
    w_key.id -= 1
    opaque = w_key.import_wrapped(opaque_wrapped)

    assert opaque.get() == b"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
Exemple #12
0
    def test_import_wrap_permissions(self):
        key_label = "wrap key"
        raw_key = os.urandom(24)
        opaque = Opaque.put(
            self.session,
            0,
            "Test Opaque Object",
            0xFFFF,
            CAPABILITY.EXPORTABLE_UNDER_WRAP,
            ALGORITHM.OPAQUE_DATA,
            b"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
        )
        w_key = WrapKey.put(
            self.session,
            0,
            key_label,
            1,
            CAPABILITY.EXPORT_WRAPPED | CAPABILITY.IMPORT_WRAPPED,
            ALGORITHM.AES192_CCM_WRAP,
            0,
            raw_key,
        )

        with self.assertRaises(YubiHsmDeviceError) as context:
            w_key.export_wrapped(opaque)
        self.assertTrue("INSUFFICIENT_PERMISSIONS" in str(context.exception))

        w_key.delete()
        w_key = WrapKey.put(
            self.session,
            0,
            key_label,
            1,
            CAPABILITY.EXPORT_WRAPPED | CAPABILITY.IMPORT_WRAPPED,
            ALGORITHM.AES192_CCM_WRAP,
            CAPABILITY.EXPORTABLE_UNDER_WRAP,
            raw_key,
        )

        w_key.id += 1
        with self.assertRaises(YubiHsmDeviceError) as context:
            w_key.export_wrapped(opaque)
        self.assertTrue("OBJECT_NOT_FOUND" in str(context.exception))

        w_key.id -= 1
        w_key.delete()
        w_key = WrapKey.put(
            self.session,
            0,
            key_label,
            1,
            CAPABILITY.IMPORT_WRAPPED,
            ALGORITHM.AES192_CCM_WRAP,
            CAPABILITY.EXPORTABLE_UNDER_WRAP,
            raw_key,
        )

        with self.assertRaises(YubiHsmDeviceError) as context:
            w_key.export_wrapped(opaque)
        self.assertTrue("INSUFFICIENT_PERMISSIONS" in str(context.exception))

        w_key.delete()
        w_key = WrapKey.put(
            self.session,
            0,
            key_label,
            1,
            CAPABILITY.EXPORT_WRAPPED,
            ALGORITHM.AES192_CCM_WRAP,
            CAPABILITY.EXPORTABLE_UNDER_WRAP,
            raw_key,
        )

        opaque_wrapped = w_key.export_wrapped(opaque)

        with self.assertRaises(YubiHsmDeviceError) as context:
            w_key.import_wrapped(opaque_wrapped)
        self.assertTrue("INSUFFICIENT_PERMISSIONS" in str(context.exception))

        w_key.delete()
        w_key = WrapKey.put(
            self.session,
            0,
            key_label,
            1,
            CAPABILITY.IMPORT_WRAPPED | CAPABILITY.EXPORT_WRAPPED,
            ALGORITHM.AES192_CCM_WRAP,
            CAPABILITY.EXPORTABLE_UNDER_WRAP,
            raw_key,
        )

        opaque_wrapped = w_key.export_wrapped(opaque)
        opaque.delete()
        w_key.id += 1
        with self.assertRaises(YubiHsmDeviceError) as context:
            w_key.import_wrapped(opaque_wrapped)
        self.assertTrue("OBJECT_NOT_FOUND" in str(context.exception))
        w_key.id -= 1
        opaque = w_key.import_wrapped(opaque_wrapped)

        self.assertEqual(opaque.get(), b"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa")
 def test_opaque(self):
     obj = Opaque.put(self.session, 0, 'Test opaque data', 1, 0,
                      OBJECT.OPAQUE, b'data')
     self._test_delete(obj, CAPABILITY.DELETE_OPAQUE)