def test_comparison(self):
"""
Test that the equality/inequality operators return True/False when
comparing two SplitKey objects with the same data.
"""
a = secrets.SplitKey()
b = secrets.SplitKey()
self.assertTrue(a == b)
self.assertTrue(b == a)
self.assertFalse(a != b)
self.assertFalse(b != a)
a = secrets.SplitKey(
split_key_parts=4,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8,
prime_field_size=104729,
key_block=objects.KeyBlock(
key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW),
key_value=objects.KeyValue(key_material=objects.KeyMaterial(
value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'))),
cryptographic_algorithm=primitives.Enumeration(
enums.CryptographicAlgorithm,
value=enums.CryptographicAlgorithm.AES,
tag=enums.Tags.CRYPTOGRAPHIC_ALGORITHM),
cryptographic_length=primitives.Integer(
value=128, tag=enums.Tags.CRYPTOGRAPHIC_LENGTH)))
b = secrets.SplitKey(
split_key_parts=4,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8,
prime_field_size=104729,
key_block=objects.KeyBlock(
key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW),
key_value=objects.KeyValue(key_material=objects.KeyMaterial(
value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'))),
cryptographic_algorithm=primitives.Enumeration(
enums.CryptographicAlgorithm,
value=enums.CryptographicAlgorithm.AES,
tag=enums.Tags.CRYPTOGRAPHIC_ALGORITHM),
cryptographic_length=primitives.Integer(
value=128, tag=enums.Tags.CRYPTOGRAPHIC_LENGTH)))
self.assertTrue(a == b)
self.assertTrue(b == a)
self.assertFalse(a != b)
self.assertFalse(b != a)
def test_repr(self):
"""
Test that repr can be applied to a SplitKey object.
"""
key_block = objects.KeyBlock(
key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW),
key_value=objects.KeyValue(key_material=objects.KeyMaterial(
value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'))),
cryptographic_algorithm=primitives.Enumeration(
enums.CryptographicAlgorithm,
value=enums.CryptographicAlgorithm.AES,
tag=enums.Tags.CRYPTOGRAPHIC_ALGORITHM),
cryptographic_length=primitives.Integer(
value=128, tag=enums.Tags.CRYPTOGRAPHIC_LENGTH))
split_key = secrets.SplitKey(
split_key_parts=4,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8,
prime_field_size=104729,
key_block=key_block)
args = [
"split_key_parts=4", "key_part_identifier=1",
"split_key_threshold=2",
"split_key_method=SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8",
"prime_field_size=104729", "key_block=Struct()"
]
self.assertEqual("SplitKey({})".format(", ".join(args)),
repr(split_key))
def test_str(self):
"""
Test that str can be applied to a SplitKey object.
"""
key_block = objects.KeyBlock(
key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW),
key_value=objects.KeyValue(key_material=objects.KeyMaterial(
value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'))),
cryptographic_algorithm=primitives.Enumeration(
enums.CryptographicAlgorithm,
value=enums.CryptographicAlgorithm.AES,
tag=enums.Tags.CRYPTOGRAPHIC_ALGORITHM),
cryptographic_length=primitives.Integer(
value=128, tag=enums.Tags.CRYPTOGRAPHIC_LENGTH))
split_key = secrets.SplitKey(
split_key_parts=4,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8,
prime_field_size=104729,
key_block=key_block)
args = [("split_key_parts", 4), ("key_part_identifier", 1),
("split_key_threshold", 2),
("split_key_method",
enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8),
("prime_field_size", 104729), ("key_block", str(key_block))]
value = "{}".format(", ".join(
['"{}": {}'.format(arg[0], arg[1]) for arg in args]))
self.assertEqual("{" + value + "}", str(split_key))
def test_write(self):
"""
Test that a SplitKey object can be written to a buffer.
"""
# TODO (peter-hamilton) Update this test when the KeyBlock supports
# generic key format type and key value/material values.
key_block = objects.KeyBlock(
key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW),
key_value=objects.KeyValue(key_material=objects.KeyMaterial(
value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'))),
cryptographic_algorithm=primitives.Enumeration(
enums.CryptographicAlgorithm,
value=enums.CryptographicAlgorithm.AES,
tag=enums.Tags.CRYPTOGRAPHIC_ALGORITHM),
cryptographic_length=primitives.Integer(
value=128, tag=enums.Tags.CRYPTOGRAPHIC_LENGTH))
split_key = secrets.SplitKey(
split_key_parts=4,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8,
prime_field_size=104729,
key_block=key_block)
stream = utils.BytearrayStream()
split_key.write(stream)
self.assertEqual(len(self.full_encoding), len(stream))
self.assertEqual(str(self.full_encoding), str(stream))
def test_build_pie_asymmetric_key(self):
"""
Test that a core asymmetric key object can be converted into a Pie
asymmetric object.
"""
format_type = misc.KeyFormatType(enums.KeyFormatType.PKCS_1)
algorithm = attributes.CryptographicAlgorithm(
enums.CryptographicAlgorithm.RSA)
length = attributes.CryptographicLength(2048)
key_material = cobjects.KeyMaterial(self.public_bytes)
key_value = cobjects.KeyValue(key_material)
key_block = cobjects.KeyBlock(
key_format_type=format_type,
key_compression_type=None,
key_value=key_value,
cryptographic_algorithm=algorithm,
cryptographic_length=length,
key_wrapping_data=None)
core_key = secrets.PublicKey(key_block)
pie_key = self.factory._build_pie_key(core_key, pobjects.PublicKey)
self.assertIsInstance(pie_key, pobjects.PublicKey)
self._test_pie_key(
pie_key, algorithm.value, length.value, self.public_bytes,
format_type.value)
def test_convert_symmetric_key_core_to_pie(self):
"""
Test that a core symmetric key can be converted into a Pie symmetric
key.
"""
format_type = misc.KeyFormatType(enums.KeyFormatType.RAW)
algorithm = attributes.CryptographicAlgorithm(
enums.CryptographicAlgorithm.AES)
length = attributes.CryptographicLength(128)
key_material = cobjects.KeyMaterial(self.symmetric_bytes)
key_value = cobjects.KeyValue(key_material)
key_block = cobjects.KeyBlock(
key_format_type=format_type,
key_compression_type=None,
key_value=key_value,
cryptographic_algorithm=algorithm,
cryptographic_length=length,
key_wrapping_data=None)
core_key = secrets.SymmetricKey(key_block)
pie_key = self.factory.convert(core_key)
self.assertIsInstance(pie_key, pobjects.SymmetricKey)
self._test_pie_key(
pie_key, algorithm.value, length.value, self.symmetric_bytes,
format_type.value)
def get_sample_symmetric_key(key_b64=utils.get_symmetric_key(),
key_length=128,
algorithm=enums.CryptographicAlgorithm.AES):
key_material = objects.KeyMaterial(base64.b64decode(key_b64))
key_value = objects.KeyValue(key_material)
key_block = objects.KeyBlock(
key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW),
key_compression_type=None,
key_value=key_value,
cryptographic_algorithm=attr.CryptographicAlgorithm(algorithm),
cryptographic_length=attr.CryptographicLength(key_length),
key_wrapping_data=None)
return secrets.SymmetricKey(key_block)
def _build_core_secret_data(self, secret):
secret_data_type = secret.data_type
value = secret.value
key_material = cobjects.KeyMaterial(value)
key_value = cobjects.KeyValue(key_material)
key_block = cobjects.KeyBlock(key_format_type=misc.KeyFormatType(
enums.KeyFormatType.OPAQUE),
key_compression_type=None,
key_value=key_value,
cryptographic_algorithm=None,
cryptographic_length=None,
key_wrapping_data=None)
data_type = secrets.SecretData.SecretDataType(secret_data_type)
return secrets.SecretData(data_type, key_block)
def get_sample_private_key(pkcs1=False):
if pkcs1:
private_key = kss.get_private_key_der_pkcs1(keys.get_private_key_pem())
key_format_type = misc.KeyFormatType(enums.KeyFormatType.PKCS_1)
else:
private_key = keys.get_private_key_der()
key_format_type = misc.KeyFormatType(enums.KeyFormatType.PKCS_8)
key_material = objects.KeyMaterial(private_key)
key_value = objects.KeyValue(key_material)
key_block = objects.KeyBlock(
key_format_type=key_format_type,
key_compression_type=None,
key_value=key_value,
cryptographic_algorithm=attr.CryptographicAlgorithm(
enums.CryptographicAlgorithm.RSA),
cryptographic_length=attr.CryptographicLength(2048),
key_wrapping_data=None)
return secrets.PrivateKey(key_block)
def _build_core_key(self, key, cls):
algorithm = key.cryptographic_algorithm
length = key.cryptographic_length
value = key.value
format_type = key.key_format_type
key_material = cobjects.KeyMaterial(value)
key_value = cobjects.KeyValue(key_material)
key_block = cobjects.KeyBlock(
key_format_type=misc.KeyFormatType(format_type),
key_compression_type=None,
key_value=key_value,
cryptographic_algorithm=attributes.CryptographicAlgorithm(
algorithm),
cryptographic_length=attributes.CryptographicLength(length),
key_wrapping_data=None)
return cls(key_block)
def test_build_pie_split_key(self):
"""
Test that a core split key object can be converted into a Pie split
key object.
"""
key_block = cobjects.KeyBlock(
key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW),
key_compression_type=None,
key_value=cobjects.KeyValue(
cobjects.KeyMaterial(self.symmetric_bytes)
),
cryptographic_algorithm=attributes.CryptographicAlgorithm(
enums.CryptographicAlgorithm.AES
),
cryptographic_length=attributes.CryptographicLength(128),
key_wrapping_data=None
)
core_split_key = secrets.SplitKey(
split_key_parts=3,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.XOR,
prime_field_size=None,
key_block=key_block
)
pie_split_key = self.factory._build_pie_split_key(core_split_key)
self.assertIsInstance(pie_split_key, pobjects.SplitKey)
self._test_pie_key(
pie_split_key,
enums.CryptographicAlgorithm.AES,
128,
self.symmetric_bytes,
enums.KeyFormatType.RAW
)
self.assertEqual(3, pie_split_key.split_key_parts)
self.assertEqual(1, pie_split_key.key_part_identifier)
self.assertEqual(2, pie_split_key.split_key_threshold)
self.assertEqual(
enums.SplitKeyMethod.XOR,
pie_split_key.split_key_method
)
self.assertIsNone(pie_split_key.prime_field_size)
def test_build_pie_symmetric_key_on_invalid_format(self):
"""
Test that a TypeError exception is raised when attempting to create a
Pie SymmetricKey object from a core SymmetricKey object with an
incompatible format.
"""
format_type = misc.KeyFormatType(enums.KeyFormatType.OPAQUE)
algorithm = attributes.CryptographicAlgorithm(
enums.CryptographicAlgorithm.AES)
length = attributes.CryptographicLength(128)
key_material = cobjects.KeyMaterial(self.symmetric_bytes)
key_value = cobjects.KeyValue(key_material)
key_block = cobjects.KeyBlock(key_format_type=format_type,
key_compression_type=None,
key_value=key_value,
cryptographic_algorithm=algorithm,
cryptographic_length=length,
key_wrapping_data=None)
core_key = secrets.SymmetricKey(key_block)
args = [core_key, pobjects.SymmetricKey]
self.assertRaises(TypeError, self.factory._build_pie_key, *args)
def test_convert_secret_data_core_to_pie(self):
"""
Test that a core secret data object can be converted into a Pie secret
data object.
"""
format_type = misc.KeyFormatType(enums.KeyFormatType.OPAQUE)
key_material = cobjects.KeyMaterial(self.secret_bytes)
key_value = cobjects.KeyValue(key_material)
key_block = cobjects.KeyBlock(key_format_type=format_type,
key_compression_type=None,
key_value=key_value,
cryptographic_algorithm=None,
cryptographic_length=None,
key_wrapping_data=None)
data_type = secrets.SecretData.SecretDataType(
enums.SecretDataType.PASSWORD)
core_key = secrets.SecretData(data_type, key_block)
pie_key = self.factory.convert(core_key)
self.assertIsInstance(pie_key, pobjects.SecretData)
self.assertEqual(enums.SecretDataType.PASSWORD, pie_key.data_type)
self.assertEqual(self.secret_bytes, pie_key.value)
def _build_core_split_key(self, secret):
key_material = cobjects.KeyMaterial(secret.value)
key_value = cobjects.KeyValue(key_material)
key_wrapping_data = None
if secret.key_wrapping_data:
key_wrapping_data = cobjects.KeyWrappingData(
**secret.key_wrapping_data)
key_block = cobjects.KeyBlock(
key_format_type=misc.KeyFormatType(secret.key_format_type),
key_compression_type=None,
key_value=key_value,
cryptographic_algorithm=attributes.CryptographicAlgorithm(
secret.cryptographic_algorithm),
cryptographic_length=attributes.CryptographicLength(
secret.cryptographic_length),
key_wrapping_data=key_wrapping_data)
return secrets.SplitKey(split_key_parts=secret.split_key_parts,
key_part_identifier=secret.key_part_identifier,
split_key_threshold=secret.split_key_threshold,
split_key_method=secret.split_key_method,
prime_field_size=secret.prime_field_size,
key_block=key_block)
