def setUp(self):
super(WhenTestingP11CryptoPlugin, self).setUp()
self.pkcs11 = mock.Mock()
self.pkcs11.get_session.return_value = long(1)
self.pkcs11.return_session.return_value = None
self.pkcs11.generate_random.side_effect = generate_random_effect
self.pkcs11.get_key_handle.return_value = long(2)
self.pkcs11.encrypt.return_value = {'iv': b'0', 'ct': b'0'}
self.pkcs11.decrypt.return_value = b'0'
self.pkcs11.generate_key.return_value = long(3)
self.pkcs11.wrap_key.return_value = {'iv': b'1', 'wrapped_key': b'1'}
self.pkcs11.unwrap_key.return_value = long(4)
self.pkcs11.compute_hmac.return_value = b'1'
self.pkcs11.verify_hmac.return_value = None
self.pkcs11.destroy_object.return_value = None
self.cfg_mock = mock.MagicMock(name='config mock')
self.cfg_mock.p11_crypto_plugin.mkek_label = 'mkek_label'
self.cfg_mock.p11_crypto_plugin.hmac_label = 'hmac_label'
self.cfg_mock.p11_crypto_plugin.mkek_length = 32
self.cfg_mock.p11_crypto_plugin.slot_id = 1
self.cfg_mock.p11_crypto_plugin.rw_session = True
self.cfg_mock.p11_crypto_plugin.pkek_length = 32
self.cfg_mock.p11_crypto_plugin.pkek_cache_ttl = 900
self.cfg_mock.p11_crypto_plugin.pkek_cache_limit = 10
self.cfg_mock.p11_crypto_plugin.algorithm = 'CKM_AES_GCM'
self.plugin = p11_crypto.P11CryptoPlugin(
conf=self.cfg_mock, pkcs11=self.pkcs11
)
def setUp(self):
super(WhenTestingP11CryptoPlugin, self).setUp()
self.lib = mock.Mock()
self.lib.C_Initialize.return_value = pkcs11.CKR_OK
self.lib.C_OpenSession.return_value = pkcs11.CKR_OK
self.lib.C_CloseSession.return_value = pkcs11.CKR_OK
self.lib.C_FindObjectsInit.return_value = pkcs11.CKR_OK
self.lib.C_FindObjects.return_value = pkcs11.CKR_OK
self.lib.C_FindObjectsFinal.return_value = pkcs11.CKR_OK
self.lib.C_GenerateKey.return_value = pkcs11.CKR_OK
self.lib.C_Login.return_value = pkcs11.CKR_OK
self.lib.C_GenerateRandom.side_effect = write_random_first_byte
self.ffi = pkcs11.build_ffi()
setattr(self.ffi, 'dlopen', lambda x: self.lib)
self.cfg_mock = mock.MagicMock(name='config mock')
self.cfg_mock.p11_crypto_plugin.mkek_label = "mkek"
self.cfg_mock.p11_crypto_plugin.hmac_label = "hmac"
self.cfg_mock.p11_crypto_plugin.mkek_length = 32
self.cfg_mock.p11_crypto_plugin.slot_id = 1
with mock.patch.object(pkcs11.PKCS11, 'get_key_handle') as mocked:
mocked.return_value = long(1)
self.plugin = p11_crypto.P11CryptoPlugin(ffi=self.ffi,
conf=self.cfg_mock)
self.test_session = self.plugin.pkcs11.create_working_session()
def __init__(self, db_connection, library_path, login, slot_id):
self.dry_run = False
self.db_engine = session.create_engine(db_connection)
self._session_creator = scoping.scoped_session(
orm.sessionmaker(bind=self.db_engine, autocommit=True))
self.crypto_plugin = p11_crypto.P11CryptoPlugin(CONF)
self.plugin_name = utils.generate_fullname_for(self.crypto_plugin)
self.pkcs11 = self.crypto_plugin.pkcs11
self.session = self.pkcs11.get_session()
def __init__(self, conf):
self.dry_run = False
self.db_engine = sqlalchemy.create_engine(conf.sql_connection)
self._session_creator = scoping.scoped_session(
orm.sessionmaker(bind=self.db_engine, autocommit=True))
self.crypto_plugin = p11_crypto.P11CryptoPlugin(conf)
self.pkcs11 = self.crypto_plugin.pkcs11
self.plugin_name = utils.generate_fullname_for(self.crypto_plugin)
self.hsm_session = self.pkcs11.get_session()
self.new_mkek_label = self.crypto_plugin.mkek_label
self.new_hmac_label = self.crypto_plugin.hmac_label
self.new_mkek = self.crypto_plugin._get_master_key(self.new_mkek_label)
self.new_mkhk = self.crypto_plugin._get_master_key(self.new_hmac_label)
def test_configurable_slot_id(self):
self.cfg_mock.p11_crypto_plugin.slot_id = 99
with mock.patch.object(pkcs11.PKCS11, 'get_key_handle') as mocked:
mocked.return_value = long(1)
test_plugin = p11_crypto.P11CryptoPlugin(ffi=self.ffi,
conf=self.cfg_mock)
with mock.patch.object(test_plugin.pkcs11, 'open_session') as mocked:
def mocked_open_session(slot):
self.assertEqual(99, slot)
mocked.side_effect = mocked_open_session
test_plugin.pkcs11.create_working_session()
def setUp(self):
super(WhenTestingP11CryptoPlugin, self).setUp()
self.pkcs11 = mock.Mock()
self.pkcs11.get_session.return_value = int(1)
self.pkcs11.return_session.return_value = None
self.pkcs11.generate_random.side_effect = generate_random_effect
self.pkcs11.get_key_handle.return_value = int(2)
self.pkcs11.encrypt.return_value = {'iv': b'0', 'ct': b'0'}
self.pkcs11.decrypt.return_value = b'0'
self.pkcs11.generate_key.return_value = int(3)
self.pkcs11.wrap_key.return_value = {'iv': b'1', 'wrapped_key': b'1'}
self.pkcs11.unwrap_key.return_value = int(4)
self.pkcs11.compute_hmac.return_value = b'1'
self.pkcs11.verify_hmac.return_value = None
self.pkcs11.destroy_object.return_value = None
self.pkcs11.finalize.return_value = None
self.cfg_mock = mock.MagicMock(name='config mock')
self.cfg_mock.p11_crypto_plugin.mkek_label = 'mkek_label'
self.cfg_mock.p11_crypto_plugin.hmac_label = 'hmac_label'
self.cfg_mock.p11_crypto_plugin.mkek_length = 32
self.cfg_mock.p11_crypto_plugin.slot_id = 1
self.cfg_mock.p11_crypto_plugin.token_serial_number = None
self.cfg_mock.p11_crypto_plugin.token_label = None
self.cfg_mock.p11_crypto_plugin.token_labels = None
self.cfg_mock.p11_crypto_plugin.rw_session = True
self.cfg_mock.p11_crypto_plugin.pkek_length = 32
self.cfg_mock.p11_crypto_plugin.pkek_cache_ttl = 900
self.cfg_mock.p11_crypto_plugin.pkek_cache_limit = 10
self.cfg_mock.p11_crypto_plugin.encryption_mechanism = 'CKM_AES_CBC'
self.cfg_mock.p11_crypto_plugin.seed_file = ''
self.cfg_mock.p11_crypto_plugin.seed_length = 32
self.cfg_mock.p11_crypto_plugin.hmac_keywrap_mechanism = \
'CKM_SHA256_HMAC'
self.plugin_name = 'Test PKCS11 plugin'
self.cfg_mock.p11_crypto_plugin.plugin_name = self.plugin_name
self.plugin = p11_crypto.P11CryptoPlugin(conf=self.cfg_mock,
pkcs11=self.pkcs11)
def setUp(self):
super(WhenTestingP11CryptoPlugin, self).setUp()
self.lib = mock.Mock()
self.lib.C_Initialize.return_value = p11_crypto.CKR_OK
self.lib.C_OpenSession.return_value = p11_crypto.CKR_OK
self.lib.C_FindObjectsInit.return_value = p11_crypto.CKR_OK
self.lib.C_FindObjects.return_value = p11_crypto.CKR_OK
self.lib.C_FindObjectsFinal.return_value = p11_crypto.CKR_OK
self.lib.C_GenerateKey.return_value = p11_crypto.CKR_OK
self.lib.C_Login.return_value = p11_crypto.CKR_OK
self.lib.C_GenerateRandom.side_effect = write_random_first_byte
self.ffi = p11_crypto._build_ffi()
setattr(self.ffi, 'dlopen', lambda x: self.lib)
self.cfg_mock = mock.MagicMock(name='config mock')
self.cfg_mock.p11_crypto_plugin.mkek_label = "mkek"
self.cfg_mock.p11_crypto_plugin.hmac_label = "hmac"
self.cfg_mock.p11_crypto_plugin.mkek_length = 32
self.plugin = p11_crypto.P11CryptoPlugin(ffi=self.ffi,
conf=self.cfg_mock)