def test_generate_symmetric(self): secret = models.Secret() secret.bit_length = 128 secret.algorithm = 'AES' generate_dto = plugin_import.GenerateDTO( secret.algorithm, secret.bit_length, None, None) kek_meta = mock.MagicMock() kek_meta.kek_label = 'pkek' kek_meta.plugin_meta = ('{"iv": "iv==",' '"hmac": "hmac",' '"wrapped_key": "wrappedkey==",' '"mkek_label": "mkek_label",' '"hmac_label": "hmac_label"}') response_dto = self.plugin.generate_symmetric(generate_dto, kek_meta, mock.MagicMock()) self.assertEqual(response_dto.cypher_text, b'0') self.assertIn('iv', response_dto.kek_meta_extended) self.assertEqual(self.pkcs11.get_key_handle.call_count, 2) self.assertEqual(self.pkcs11.get_session.call_count, 2) self.assertEqual(self.pkcs11.generate_random.call_count, 1) self.assertEqual(self.pkcs11.verify_hmac.call_count, 1) self.assertEqual(self.pkcs11.unwrap_key.call_count, 1) self.assertEqual(self.pkcs11.encrypt.call_count, 1) self.assertEqual(self.pkcs11.return_session.call_count, 1)
def test_generate_1024_bit_DSA_key_with_passphrase(self): generate_dto = plugin.GenerateDTO('dsa', 1024, None, 'Passphrase') kek_meta_dto = self._get_mocked_kek_meta_dto() self.assertRaises(ValueError, self.plugin.generate_asymmetric, generate_dto, kek_meta_dto, mock.MagicMock())
def test_generate_2048_bit_DSA_key(self): generate_dto = plugin.GenerateDTO('dsa', 2048, None, None) kek_meta_dto = self._get_mocked_kek_meta_dto() self.assertRaises(ValueError, self.plugin.generate_asymmetric, generate_dto, kek_meta_dto, mock.MagicMock())
def generate_symmetric_key(self, key_spec, context): """Generate a symmetric key. :param key_spec: KeySpec that contains details on the type of key to generate :param context: StoreCryptoContext for secret :returns: a dictionary that contains metadata about the key """ # Find HSM-style 'crypto' plugin. plugin_type = _determine_generation_type(key_spec.alg) if crypto.PluginSupportTypes.SYMMETRIC_KEY_GENERATION != plugin_type: raise sstore.SecretAlgorithmNotSupportedException(key_spec.alg) generating_plugin = manager.get_manager().get_plugin_store_generate( plugin_type, key_spec.alg, key_spec.bit_length, key_spec.mode) # Find or create a key encryption key metadata. kek_datum_model, kek_meta_dto = _find_or_create_kek_objects( generating_plugin, context.project_model) # Create an encrypted datum instance and add the created cypher text. generate_dto = crypto.GenerateDTO(key_spec.alg, key_spec.bit_length, key_spec.mode, None) # Create the encrypted meta. response_dto = generating_plugin.generate_symmetric( generate_dto, kek_meta_dto, context.project_model.external_id) # Convert binary data into a text-based format. _store_secret_and_datum(context, context.secret_model, kek_datum_model, response_dto) return None
def test_generate_calls_generate_random(self): with mock.patch.object(self.plugin, 'encrypt') as encrypt_mock: encrypt_mock.return_value = None secret = models.Secret() secret.bit_length = 128 secret.algorithm = "AES" generate_dto = plugin_import.GenerateDTO(secret.algorithm, secret.bit_length, None, None) self.plugin.generate_symmetric(generate_dto, mock.MagicMock(), mock.MagicMock()) self.assertEqual(self.lib.C_GenerateRandom.call_count, 2)
def generate_asymmetric_key(self, key_spec, context): """Generates an asymmetric key. Returns a AsymmetricKeyMetadataDTO object containing metadata(s) for asymmetric key components. The metadata can be used to retrieve individual components of asymmetric key pair. """ plugin_type = _determine_generation_type(key_spec.alg) if crypto.PluginSupportTypes.ASYMMETRIC_KEY_GENERATION != plugin_type: raise sstore.SecretAlgorithmNotSupportedException(key_spec.alg) generating_plugin = manager.get_manager().get_plugin_store_generate( plugin_type, key_spec.alg, key_spec.bit_length, project_id=context.project_model.id) # Find or create a key encryption key metadata. kek_datum_model, kek_meta_dto = _find_or_create_kek_objects( generating_plugin, context.project_model) generate_dto = crypto.GenerateDTO(key_spec.alg, key_spec.bit_length, None, key_spec.passphrase) # Create the encrypted meta. private_key_dto, public_key_dto, passwd_dto = ( generating_plugin.generate_asymmetric( generate_dto, kek_meta_dto, context.project_model.external_id ) ) _store_secret_and_datum( context, context.private_secret_model, kek_datum_model, private_key_dto) _store_secret_and_datum( context, context.public_secret_model, kek_datum_model, public_key_dto) if key_spec.passphrase and passwd_dto: _store_secret_and_datum( context, context.passphrase_secret_model, kek_datum_model, passwd_dto) return sstore.AsymmetricKeyMetadataDTO()
def test_generate_1024_bit_RSA_key_in_pem(self): generate_dto = plugin.GenerateDTO('rsa', 1024, None, 'changeme') kek_meta_dto = self._get_mocked_kek_meta_dto() private_dto, public_dto, passwd_dto = self.plugin.generate_asymmetric( generate_dto, kek_meta_dto, mock.MagicMock()) decrypt_dto = plugin.DecryptDTO(private_dto.cypher_text) private_dto = self.plugin.decrypt(decrypt_dto, kek_meta_dto, private_dto.kek_meta_extended, mock.MagicMock()) private_dto = RSA.importKey(private_dto, 'changeme') self.assertTrue(private_dto.has_private())
def test_generate_128_bit_hmac_key(self): secret = models.Secret() secret.bit_length = 128 secret.algorithm = "hmacsha256" kek_meta_dto = self._get_mocked_kek_meta_dto() generate_dto = plugin.GenerateDTO(secret.algorithm, secret.bit_length, None, None) response_dto = self.plugin.generate_symmetric(generate_dto, kek_meta_dto, mock.MagicMock()) decrypt_dto = plugin.DecryptDTO(response_dto.cypher_text) key = self.plugin.decrypt(decrypt_dto, kek_meta_dto, response_dto.kek_meta_extended, mock.MagicMock()) self.assertEqual(16, len(key))
def test_generate_1024_DSA_key_in_pem_and_reconstruct_key_der(self): generate_dto = plugin.GenerateDTO('dsa', 1024, None, None) kek_meta_dto = self._get_mocked_kek_meta_dto() private_dto, public_dto, passwd_dto = self.plugin.generate_asymmetric( generate_dto, kek_meta_dto, mock.MagicMock()) decrypt_dto = plugin.DecryptDTO(private_dto.cypher_text) private_dto = self.plugin.decrypt(decrypt_dto, kek_meta_dto, private_dto.kek_meta_extended, mock.MagicMock()) prv_seq = asn1.DerSequence() prv_seq.decode(private_dto) p, q, g, y, x = prv_seq[1:] private_dto = DSA.construct((y, g, p, q, x)) self.assertTrue(private_dto.has_private())
def test_generate_asymmetric_1024_bit_key(self): generate_dto = plugin.GenerateDTO('rsa', 1024, None, None) kek_meta_dto = self._get_mocked_kek_meta_dto() private_dto, public_dto, passwd_dto = self.plugin.generate_asymmetric( generate_dto, kek_meta_dto, mock.MagicMock()) decrypt_dto = plugin.DecryptDTO(private_dto.cypher_text) private_dto = self.plugin.decrypt(decrypt_dto, kek_meta_dto, private_dto.kek_meta_extended, mock.MagicMock()) decrypt_dto = plugin.DecryptDTO(public_dto.cypher_text) public_dto = self.plugin.decrypt(decrypt_dto, kek_meta_dto, public_dto.kek_meta_extended, mock.MagicMock()) public_dto = RSA.importKey(public_dto) private_dto = RSA.importKey(private_dto) self.assertEqual(1023, public_dto.size()) self.assertEqual(1023, private_dto.size()) self.assertTrue(private_dto.has_private)