def test_comparison_on_different_key_part_identifiers(self):
"""
Test that the equality/inequality operators return False/True when
comparing two SplitKey objects with different key part identifiers.
"""
a = objects.SplitKey(key_part_identifier=1)
b = objects.SplitKey(key_part_identifier=2)
self.assertFalse(a == b)
self.assertFalse(b == a)
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_comparison_on_different_prime_field_sizes(self):
"""
Test that the equality/inequality operators return False/True when
comparing two SplitKey objects with different prime field sizes.
"""
a = objects.SplitKey(prime_field_size=13)
b = objects.SplitKey(prime_field_size=104729)
self.assertFalse(a == b)
self.assertFalse(b == a)
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_comparison_on_different_values(self):
"""
Test that the equality/inequality operators return False/True when
comparing two SplitKey objects with different values.
"""
a = objects.SplitKey(key_value=b'\x00')
b = objects.SplitKey(key_value=b'\xFF')
self.assertFalse(a == b)
self.assertFalse(b == a)
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_comparison_on_different_key_format_types(self):
"""
Test that the equality/inequality operators return False/True when
comparing two SplitKey objects with different key format types.
"""
a = objects.SplitKey(key_format_type=enums.KeyFormatType.RAW)
b = objects.SplitKey(key_format_type=enums.KeyFormatType.OPAQUE)
self.assertFalse(a == b)
self.assertFalse(b == a)
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_comparison_on_different_split_key_thresholds(self):
"""
Test that the equality/inequality operators return False/True when
comparing two SplitKey objects with different split key thresholds.
"""
a = objects.SplitKey(split_key_threshold=1)
b = objects.SplitKey(split_key_threshold=2)
self.assertFalse(a == b)
self.assertFalse(b == a)
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_comparison_on_different_cryptographic_lengths(self):
"""
Test that the equality/inequality operators return False/True when
comparing two SplitKey objects with different cryptographic lengths.
"""
a = objects.SplitKey(cryptographic_length=128)
b = objects.SplitKey(cryptographic_length=256)
self.assertFalse(a == b)
self.assertFalse(b == a)
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_comparison_on_different_names(self):
"""
Test that the equality/inequality operators return False/True when
comparing two SplitKey objects with different names.
"""
a = objects.SplitKey(name="Test Split Key")
b = objects.SplitKey(name="Split Key Test")
self.assertFalse(a == b)
self.assertFalse(b == a)
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_comparison_on_different_split_key_methods(self):
"""
Test that the equality/inequality operators return False/True when
comparing two SplitKey objects with different split key methods.
"""
a = objects.SplitKey(split_key_method=enums.SplitKeyMethod.XOR)
b = objects.SplitKey(
split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8)
self.assertFalse(a == b)
self.assertFalse(b == a)
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_comparison_on_different_key_wrapping_data(self):
"""
Test that the equality/inequality operators return False/True when
comparing two SplitKey objects with different key wrapping data.
"""
a = objects.SplitKey(key_wrapping_data={})
b = objects.SplitKey(key_wrapping_data={
"wrapping_method": enums.WrappingMethod.ENCRYPT
})
self.assertFalse(a == b)
self.assertFalse(b == a)
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_comparison_on_different_cryptographic_algorithms(self):
"""
Test that the equality/inequality operators return False/True when
comparing two SplitKey objects with different cryptographic algorithms.
"""
a = objects.SplitKey(
cryptographic_algorithm=enums.CryptographicAlgorithm.AES)
b = objects.SplitKey(
cryptographic_algorithm=enums.CryptographicAlgorithm.RSA)
self.assertFalse(a == b)
self.assertFalse(b == a)
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_comparison_on_different_cryptographic_usage_masks(self):
"""
Test that the equality/inequality operators return False/True when
comparing two SplitKey objects with different cryptographic usage
masks.
"""
a = objects.SplitKey(
cryptographic_usage_masks=[enums.CryptographicUsageMask.ENCRYPT])
b = objects.SplitKey(
cryptographic_usage_masks=[enums.CryptographicUsageMask.EXPORT])
self.assertFalse(a == b)
self.assertFalse(b == a)
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_save(self):
"""
Test that a SplitKey object can be saved using SQLAlchemy. This will
add it to the database, verify that no exceptions are thrown, and check
that its unique identifier was set.
"""
split_key = objects.SplitKey(
cryptographic_algorithm=enums.CryptographicAlgorithm.AES,
cryptographic_length=128,
key_value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'),
key_format_type=enums.KeyFormatType.RAW,
cryptographic_usage_masks=[enums.CryptographicUsageMask.EXPORT],
name="Test Split Key",
split_key_parts=4,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8,
prime_field_size=104729)
session = sqlalchemy.orm.sessionmaker(bind=self.engine)()
session.add(split_key)
session.commit()
self.assertIsNotNone(split_key.unique_identifier)
def test_init_with_args(self):
"""
Test that a SplitKey object can be instantiated with all arguments.
"""
split_key = objects.SplitKey(
cryptographic_algorithm=enums.CryptographicAlgorithm.AES,
cryptographic_length=128,
key_value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'),
key_format_type=enums.KeyFormatType.RAW,
cryptographic_usage_masks=[enums.CryptographicUsageMask.EXPORT],
name="Test Split Key",
split_key_parts=4,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8,
prime_field_size=104729)
self.assertEqual(split_key.cryptographic_algorithm,
enums.CryptographicAlgorithm.AES)
self.assertEqual(split_key.cryptographic_length, 128)
self.assertEqual(
split_key.value,
b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'
)
self.assertEqual(split_key.key_format_type, enums.KeyFormatType.RAW)
self.assertEqual(split_key.cryptographic_usage_masks,
[enums.CryptographicUsageMask.EXPORT])
self.assertEqual(split_key.names, ["Test Split Key"])
self.assertEqual(split_key.split_key_parts, 4)
self.assertEqual(split_key.key_part_identifier, 1)
self.assertEqual(split_key.split_key_threshold, 2)
self.assertEqual(split_key.split_key_method,
enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8)
self.assertEqual(split_key.prime_field_size, 104729)
def test_comparison_on_equal(self):
"""
Test that the equality/inequality operators return True/False when
comparing two SplitKey objects with the same data.
"""
a = objects.SplitKey()
b = objects.SplitKey()
self.assertTrue(a == b)
self.assertTrue(b == a)
self.assertFalse(a != b)
self.assertFalse(b != a)
a = objects.SplitKey(
cryptographic_algorithm=enums.CryptographicAlgorithm.AES,
cryptographic_length=128,
key_value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'),
key_format_type=enums.KeyFormatType.RAW,
cryptographic_usage_masks=[enums.CryptographicUsageMask.EXPORT],
name="Test Split Key",
split_key_parts=4,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8,
prime_field_size=104729)
b = objects.SplitKey(
cryptographic_algorithm=enums.CryptographicAlgorithm.AES,
cryptographic_length=128,
key_value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'),
key_format_type=enums.KeyFormatType.RAW,
cryptographic_usage_masks=[enums.CryptographicUsageMask.EXPORT],
name="Test Split Key",
split_key_parts=4,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8,
prime_field_size=104729)
self.assertTrue(a == b)
self.assertTrue(b == a)
self.assertFalse(a != b)
self.assertFalse(b != a)
def test_str(self):
"""
Test that str can be applied to a SplitKey.
"""
split_key = objects.SplitKey(
key_value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'))
expected = str(binascii.hexlify(split_key.value))
observed = str(split_key)
self.assertEqual(expected, observed)
def test_comparison_on_type_mismatch(self):
"""
Test that the equality/inequality operators return False/True when
comparing a SplitKey object to a non-SplitKey object.
"""
a = objects.SplitKey()
b = "invalid"
self.assertFalse(a == b)
self.assertFalse(b == a)
self.assertTrue(a != b)
self.assertTrue(b != a)
def _build_pie_split_key(self, secret):
algorithm = secret.key_block.cryptographic_algorithm.value
return pobjects.SplitKey(
cryptographic_algorithm=algorithm,
cryptographic_length=secret.key_block.cryptographic_length.value,
key_value=secret.key_block.key_value.key_material.value,
key_format_type=secret.key_block.key_format_type.value,
key_wrapping_data=self._build_key_wrapping_data(
secret.key_block.key_wrapping_data),
split_key_parts=secret.split_key_parts,
key_part_identifier=secret.key_part_identifier,
split_key_threshold=secret.split_key_threshold,
split_key_method=secret.split_key_method,
prime_field_size=secret.prime_field_size)
def test_invalid_prime_field_size(self):
"""
Test that a TypeError is raised when an invalid prime field size value
is used to construct a SplitKey.
"""
kwargs = {"prime_field_size": "invalid"}
self.assertRaisesRegex(TypeError,
"The prime field size must be an integer.",
objects.SplitKey, **kwargs)
args = (objects.SplitKey(), "prime_field_size", "invalid")
self.assertRaisesRegex(TypeError,
"The prime field size must be an integer.",
setattr, *args)
def test_invalid_split_key_parts(self):
"""
Test that a TypeError is raised when an invalid split key parts value
is used to construct a SplitKey.
"""
kwargs = {"split_key_parts": "invalid"}
self.assertRaisesRegex(TypeError,
"The split key parts must be an integer.",
objects.SplitKey, **kwargs)
args = (objects.SplitKey(), "split_key_parts", "invalid")
self.assertRaisesRegex(TypeError,
"The split key parts must be an integer.",
setattr, *args)
def test_invalid_key_part_identifier(self):
"""
Test that a TypeError is raised when an invalid key part identifier
value is used to construct a SplitKey.
"""
kwargs = {"key_part_identifier": "invalid"}
self.assertRaisesRegex(TypeError,
"The key part identifier must be an integer.",
objects.SplitKey, **kwargs)
args = (objects.SplitKey(), "key_part_identifier", "invalid")
self.assertRaisesRegex(TypeError,
"The key part identifier must be an integer.",
setattr, *args)
def test_get(self):
"""
Test that a SplitKey object can be saved and then retrieved using
SQLAlchemy. This test adds the object to the database and then
retrieves it by ID and verifies some of the attributes.
"""
split_key = objects.SplitKey(
cryptographic_algorithm=enums.CryptographicAlgorithm.AES,
cryptographic_length=128,
key_value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'),
key_format_type=enums.KeyFormatType.RAW,
cryptographic_usage_masks=[enums.CryptographicUsageMask.EXPORT],
name="Test Split Key",
split_key_parts=4,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8,
prime_field_size=104729)
session = sqlalchemy.orm.sessionmaker(bind=self.engine)()
session.add(split_key)
session.commit()
session = sqlalchemy.orm.sessionmaker(bind=self.engine)()
retrieved_key = session.query(
objects.SplitKey).filter(objects.ManagedObject.unique_identifier ==
split_key.unique_identifier).one()
session.commit()
self.assertEqual(retrieved_key.names, ["Test Split Key"])
self.assertEqual(retrieved_key.cryptographic_algorithm,
enums.CryptographicAlgorithm.AES)
self.assertEqual(retrieved_key.cryptographic_length, 128)
self.assertEqual(retrieved_key.value,
(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'))
self.assertEqual(retrieved_key.key_format_type,
enums.KeyFormatType.RAW)
self.assertEqual(retrieved_key.cryptographic_usage_masks,
[enums.CryptographicUsageMask.EXPORT])
self.assertEqual(retrieved_key.split_key_parts, 4)
self.assertEqual(retrieved_key.key_part_identifier, 1)
self.assertEqual(retrieved_key.split_key_threshold, 2)
self.assertEqual(retrieved_key.split_key_method,
enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8)
self.assertEqual(retrieved_key.prime_field_size, 104729)
def test_invalid_split_key_method(self):
"""
Test that a TypeError is raised when an invalid split key method value
is used to construct a SplitKey.
"""
kwargs = {"split_key_method": "invalid"}
self.assertRaisesRegex(
TypeError,
"The split key method must be a SplitKeyMethod enumeration.",
objects.SplitKey, **kwargs)
args = (objects.SplitKey(), "split_key_method", "invalid")
self.assertRaisesRegex(
TypeError,
"The split key method must be a SplitKeyMethod enumeration.",
setattr, *args)
def test_init(self):
"""
Test that a SplitKey object can be instantiated.
"""
split_key = objects.SplitKey()
self.assertIsNone(split_key.cryptographic_algorithm)
self.assertIsNone(split_key.cryptographic_length)
self.assertIsNone(split_key.value)
self.assertEqual(split_key.key_format_type, enums.KeyFormatType.RAW)
self.assertEqual(split_key.cryptographic_usage_masks, [])
self.assertEqual(split_key.names, ["Split Key"])
self.assertIsNone(split_key.split_key_parts)
self.assertIsNone(split_key.key_part_identifier)
self.assertIsNone(split_key.split_key_threshold)
self.assertIsNone(split_key.split_key_method)
self.assertIsNone(split_key.prime_field_size)
def test_repr(self):
"""
Test that repr can be applied to a SplitKey.
"""
split_key = objects.SplitKey(
cryptographic_algorithm=enums.CryptographicAlgorithm.AES,
cryptographic_length=128,
key_value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'),
key_format_type=enums.KeyFormatType.RAW,
cryptographic_usage_masks=[enums.CryptographicUsageMask.EXPORT],
name="Test Split Key",
split_key_parts=4,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8,
prime_field_size=104729)
args = [
"cryptographic_algorithm={}".format(
enums.CryptographicAlgorithm.AES),
"cryptographic_length={}".format(128), "key_value={}".format(
binascii.hexlify(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56')),
"key_format_type={}".format(enums.KeyFormatType.RAW),
"key_wrapping_data={}".format({}),
"cryptographic_usage_masks={}".format([
enums.CryptographicUsageMask.EXPORT
]), "name={}".format(["Test Split Key"]), "split_key_parts=4",
"key_part_identifier=1", "split_key_threshold=2",
"split_key_method={}".format(
enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8),
"prime_field_size=104729"
]
expected = "SplitKey({})".format(", ".join(args))
observed = repr(split_key)
self.assertEqual(expected, observed)
def test_build_core_split_key(self):
"""
Test that a Pie split key object can be converted into a core key
object.
"""
pie_split_key = pobjects.SplitKey(
cryptographic_algorithm=enums.CryptographicAlgorithm.AES,
cryptographic_length=128,
key_value=self.symmetric_bytes,
cryptographic_usage_masks=[enums.CryptographicUsageMask.EXPORT],
name="Split Key",
key_format_type=enums.KeyFormatType.RAW,
key_wrapping_data=None,
split_key_parts=3,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.XOR,
prime_field_size=None
)
core_split_key = self.factory._build_core_split_key(pie_split_key)
self.assertIsInstance(core_split_key, secrets.SplitKey)
self._test_core_key(
core_split_key,
enums.CryptographicAlgorithm.AES,
128,
self.symmetric_bytes,
enums.KeyFormatType.RAW
)
self.assertEqual(3, core_split_key.split_key_parts)
self.assertEqual(1, core_split_key.key_part_identifier)
self.assertEqual(2, core_split_key.split_key_threshold)
self.assertEqual(
enums.SplitKeyMethod.XOR,
core_split_key.split_key_method
)
self.assertIsNone(core_split_key.prime_field_size)
if __name__ == '__main__':
logger = utils.build_console_logger(logging.INFO)
parser = utils.build_cli_parser(enums.Operation.REGISTER)
opts, args = parser.parse_args(sys.argv[1:])
config = opts.config
split_key = objects.SplitKey(
cryptographic_algorithm=enums.CryptographicAlgorithm.AES,
cryptographic_length=128,
key_value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'),
name="Demo Split Key",
cryptographic_usage_masks=[enums.CryptographicUsageMask.EXPORT],
key_format_type=enums.KeyFormatType.RAW,
key_wrapping_data=None,
split_key_parts=4,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.XOR,
prime_field_size=None)
split_key.operation_policy_name = opts.operation_policy_name
# Build the client and connect to the server
with client.ProxyKmipClient(config=config,
config_file=opts.config_file) as client:
try:
uid = client.register(split_key)
logger.info(
"Successfully registered split key with ID: {0}".format(uid))