def test_long_length_derive_key(self, key_type, d_type, valid_mechanisms): """ Test deriving a key :param key_type: key generation mechanism :param d_type: derive mechanism """ key_template = get_session_template(get_default_key_template(key_type)) if key_type not in valid_mechanisms: pytest.skip("Not a valid mechanism on this product") h_base_key = c_generate_key_ex(self.h_session, key_type, key_template) mech = NullMech(d_type).to_c_mech() derived_key_template = key_template.copy() del derived_key_template[CKA_VALUE_LEN] ret, h_derived_key = c_derive_key(self.h_session, h_base_key, key_template, mechanism=mech) try: self.verify_ret(ret, CKR_OK) verify_object_attributes(self.h_session, h_derived_key, key_template) finally: if h_base_key: c_destroy_object(self.h_session, h_base_key) if h_derived_key: c_destroy_object(self.h_session, h_derived_key)
def test_derive_dukpt_ipek(self, valid_mechanisms): """ Test derive key for the new dukpt ipek mechanism """ if CKM_DES2_DUKPT_IPEK not in valid_mechanisms: pytest.skip( 'This test is only valid for FWs that support CKM_DES2_DUKPT_IPEK' ) key_template = get_session_template( get_default_key_template(CKM_DES2_KEY_GEN)) ret, h_base_key = c_generate_key(self.h_session, CKM_DES2_KEY_GEN, key_template) mech = StringDataDerivationMechanism(mech_type=CKM_DES2_DUKPT_IPEK, params={ 'data': 0xffff9876543210e00000 }).to_c_mech() derived_key_template = key_template.copy() del derived_key_template[CKA_VALUE_LEN] derived_key_template[CKA_LABEL] = b"DUKPT IPEK" ret, h_derived_key = c_derive_key(self.h_session, h_base_key, derived_key_template, mechanism=mech) try: self.verify_ret(ret, CKR_OK) verify_object_attributes(self.h_session, h_derived_key, derived_key_template) finally: if h_base_key: c_destroy_object(self.h_session, h_base_key) if h_derived_key: c_destroy_object(self.h_session, h_derived_key)
def test_wrap_unwrap_key(self, mech, k_type, keys): """ Test key wrapping :param mech: encryption mech :param k_type: key gen mech :param keys: keys fixture """ temp = get_default_key_template(k_type) unwrap_temp = self.generate_unwrap_temp(k_type) extra_p = EXTRA_PARAM[mech] h_key, h_wrap_key = keys[k_type] if h_key is None or h_wrap_key is None: pytest.fail("No valid key found for {}".format(LOOKUP[mech][0])) # Wrap the key wrap_mech = {"mech_type": mech, "params": extra_p} ret, wrapped_key = c_wrap_key(self.h_session, h_wrap_key, h_key, mechanism=wrap_mech) self.verify_ret(ret, CKR_OK) # Unwrap the Key ret, h_unwrapped_key = c_unwrap_key(self.h_session, h_wrap_key, wrapped_key, unwrap_temp, mechanism=wrap_mech) self.verify_ret(ret, CKR_OK) # Verify all of the attributes against the originally generated attributes verify_object_attributes(self.h_session, h_unwrapped_key, temp)
def test_derive_key(self, key_type, d_type): """ Test derive key for using parametrized hash :param key_type: Key-gen mechanism :param d_type: Hash mech """ key_template = get_default_key_template(key_type) h_base_key = c_generate_key_ex(self.h_session, key_type, key_template) mech = NullMech(d_type).to_c_mech() derived_key_template = key_template.copy() del derived_key_template[CKA_VALUE_LEN] ret, h_derived_key = c_derive_key(self.h_session, h_base_key, key_template, mechanism=mech) try: self.verify_ret(ret, CKR_OK) verify_object_attributes(self.h_session, h_derived_key, key_template) finally: if h_base_key: c_destroy_object(self.h_session, h_base_key) if h_derived_key: c_destroy_object(self.h_session, h_derived_key)
def test_data_create(self): """Tests C_CreateObject with a data template and verifies the object's attributes """ ret, h_object = c_create_object(self.h_session, DATA_TEMPLATE) assert ret == CKR_OK, \ "The result of creating a data object should be CKR_OK, not" + ret_vals_dictionary[ret] verify_object_attributes(self.h_session, h_object, DATA_TEMPLATE)
def test_certificate_create(self): """Tests C_CreateObject with a certificate template and verifies the object's attributes """ ret, h_object = c_create_object(self.h_session, CERTIFICATE_TEMPLATE) assert ret == CKR_OK, \ "The result code of creating a " \ "certificate should be CKR_OK, not " + ret_vals_dictionary[ret] verify_object_attributes(self.h_session, h_object, CERTIFICATE_TEMPLATE)