def setKeyName(keyHandle, identityName, params): """ Set the key name in keyHandle according to identityName and params. :param TpmKeyHandle keyHandle: :param Name identityName: :param KeyParams params: """ if params.getKeyIdType() == KeyIdType.USER_SPECIFIED: keyId = params.getKeyId() elif params.getKeyIdType() == KeyIdType.SHA256: sha256 = hashes.Hash(hashes.SHA256(), backend=default_backend()) sha256.update(keyHandle.derivePublicKey().toBytes()) digest = sha256.finalize() keyId = Name.Component(digest) elif params.getKeyIdType() == KeyIdType.RANDOM: if params.getKeyId().getValue().size() == 0: raise TpmBackEnd.Error( "setKeyName: The keyId is empty for type RANDOM") keyId = params.getKeyId() else: raise TpmBackEnd.Error( "setKeyName: unrecognized params.getKeyIdType()") keyHandle.setKeyName(PibKey.constructKeyName(identityName, keyId))
def test_key_management(self): for tpm in self.backEndList: identityName = Name("/Test/KeyName") keyId = Name.Component("1") keyName = PibKey.constructKeyName(identityName, keyId) # The key should not exist. self.assertEquals(False, tpm.hasKey(keyName)) self.assertTrue(tpm.getKeyHandle(keyName) == None) # Create a key, which should exist. self.assertTrue( tpm.createKey(identityName, RsaKeyParams(keyId)) != None) self.assertTrue(tpm.hasKey(keyName)) self.assertTrue(tpm.getKeyHandle(keyName) != None) # Create a key with the same name, which should throw an error. try: tpm.createKey(identityName, RsaKeyParams(keyId)) self.fail("Did not throw the expected exception") except Tpm.Error: pass else: self.fail("Did not throw the expected exception") # Delete the key, then it should not exist. tpm.deleteKey(keyName) self.assertEquals(False, tpm.hasKey(keyName)) self.assertTrue(tpm.getKeyHandle(keyName) == None)
def test_key_management(self): for tpm in self.backEndList: identityName = Name("/Test/KeyName") keyId = Name.Component("1") keyName = PibKey.constructKeyName(identityName, keyId) # The key should not exist. self.assertEqual(False, tpm.hasKey(keyName)) self.assertTrue(tpm.getKeyHandle(keyName) == None) # Create a key, which should exist. self.assertTrue( tpm.createKey(identityName, RsaKeyParams(keyId)) != None) self.assertTrue(tpm.hasKey(keyName)) self.assertTrue(tpm.getKeyHandle(keyName) != None) # Create a key with the same name, which should throw an error. try: tpm.createKey(identityName, RsaKeyParams(keyId)) self.fail("Did not throw the expected exception") except Tpm.Error: pass else: self.fail("Did not throw the expected exception") # Delete the key, then it should not exist. tpm.deleteKey(keyName) self.assertEqual(False, tpm.hasKey(keyName)) self.assertTrue(tpm.getKeyHandle(keyName) == None)
def createKey(self, identityName, params): """ Create a key for the identityName according to params. :param Name identityName: The name if the identity. :param KeyParams params: The KeyParams for creating the key. :return: The handle of the created key. :rtype: TpmKeyHandle :raises TpmBackEnd.Error: If the key cannot be created. """ # Do key name checking. if params.getKeyIdType() == KeyIdType.USER_SPECIFIED: # The keyId is pre-set. keyName = PibKey.constructKeyName(identityName, params.getKeyId()) if self.hasKey(keyName): raise Tpm.Error("Key `" + keyName.toUri() + "` already exists") elif params.getKeyIdType() == KeyIdType.SHA256: # The key name will be assigned in setKeyName after the key is generated. pass elif params.getKeyIdType() == KeyIdType.RANDOM: random = bytearray(8) while True: for i in range(len(random)): random[i] = _systemRandom.randint(0, 0xff) keyId = Name.Component(Blob(random, False)) keyName = PibKey.constructKeyName(identityName, keyId) if not self.hasKey(keyName): # We got a unique one. break params.setKeyId(keyId) else: raise Tpm.Error("Unsupported key id type") return self._doCreateKey(identityName, params)
def constructKeyName(identityName, params): """ Construct the key name according to identityName and params. :param Name identityName: :param KeyParams params: """ if params.getKeyIdType() == KeyIdType.USER_SPECIFIED: keyId = params.getKeyId() # We don't have the keyHandle, so we can't support KeyIdType.SHA256. elif params.getKeyIdType() == KeyIdType.RANDOM: if params.getKeyId().getValue().size() == 0: raise TpmBackEnd.Error( "setKeyName: The keyId is empty for type RANDOM") keyId = params.getKeyId() else: raise TpmBackEnd.Error( "setKeyName: unrecognized params.getKeyIdType()") return PibKey.constructKeyName(identityName, keyId)
def test_basic(self): fixture = self.fixture pibImpl = PibMemory() # Start with an empty container. container = PibKeyContainer(fixture.id1, pibImpl) self.assertEqual(0, container.size()) self.assertEqual(0, len(container._keys)) # Add the first key. key11 = container.add(fixture.id1Key1.buf(), fixture.id1Key1Name) self.assertTrue(fixture.id1Key1Name.equals(key11.getName())) self.assertTrue(key11.getPublicKey().equals(fixture.id1Key1)) self.assertEqual(1, container.size()) self.assertEqual(1, len(container._keys)) self.assertTrue(fixture.id1Key1Name in container._keys) # Add the same key again. key12 = container.add(fixture.id1Key1.buf(), fixture.id1Key1Name) self.assertTrue(fixture.id1Key1Name.equals(key12.getName())) self.assertTrue(key12.getPublicKey().equals(fixture.id1Key1)) self.assertEqual(1, container.size()) self.assertEqual(1, len(container._keys)) self.assertTrue(fixture.id1Key1Name in container._keys) # Add the second key. key21 = container.add(fixture.id1Key2.buf(), fixture.id1Key2Name) self.assertTrue(fixture.id1Key2Name.equals(key21.getName())) self.assertTrue(key21.getPublicKey().equals(fixture.id1Key2)) self.assertEqual(2, container.size()) self.assertEqual(2, len(container._keys)) self.assertTrue(fixture.id1Key1Name in container._keys) self.assertTrue(fixture.id1Key2Name in container._keys) # Get keys. try: container.get(fixture.id1Key1Name) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) try: container.get(fixture.id1Key2Name) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) id1Key3Name = PibKey.constructKeyName( fixture.id1, Name.Component("non-existing-id")) try: container.get(id1Key3Name) self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") # Get and check keys. key1 = container.get(fixture.id1Key1Name) key2 = container.get(fixture.id1Key2Name) self.assertTrue(fixture.id1Key1Name.equals(key1.getName())) self.assertTrue(key1.getPublicKey().equals(fixture.id1Key1)) self.assertEqual(fixture.id1Key2Name, key2.getName()) self.assertTrue(key2.getPublicKey().equals(fixture.id1Key2)) # Create another container using the same PibImpl. The cache should be empty. container2 = PibKeyContainer(fixture.id1, pibImpl) self.assertEqual(2, container2.size()) self.assertEqual(0, len(container2._keys)) # Get a key. The cache should be filled. try: container2.get(fixture.id1Key1Name) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) self.assertEqual(2, container2.size()) self.assertEqual(1, len(container2._keys)) try: container2.get(fixture.id1Key2Name) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) self.assertEqual(2, container2.size()) self.assertEqual(2, len(container2._keys)) # Remove a key. container2.remove(fixture.id1Key1Name) self.assertEqual(1, container2.size()) self.assertEqual(1, len(container2._keys)) self.assertTrue(not (fixture.id1Key1Name in container2._keys)) self.assertTrue(fixture.id1Key2Name in container2._keys) # Remove another key. container2.remove(fixture.id1Key2Name) self.assertEqual(0, container2.size()) self.assertEqual(0, len(container2._keys)) self.assertTrue(not (fixture.id1Key2Name in container2._keys))