def test_comparison(self): """ Test that the equality/inequality operators return True/False when comparing two SplitKey objects with the same data. """ a = secrets.SplitKey() b = secrets.SplitKey() self.assertTrue(a == b) self.assertTrue(b == a) self.assertFalse(a != b) self.assertFalse(b != a) a = secrets.SplitKey( split_key_parts=4, key_part_identifier=1, split_key_threshold=2, split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8, prime_field_size=104729, key_block=objects.KeyBlock( key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW), key_value=objects.KeyValue(key_material=objects.KeyMaterial( value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4' b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'))), cryptographic_algorithm=primitives.Enumeration( enums.CryptographicAlgorithm, value=enums.CryptographicAlgorithm.AES, tag=enums.Tags.CRYPTOGRAPHIC_ALGORITHM), cryptographic_length=primitives.Integer( value=128, tag=enums.Tags.CRYPTOGRAPHIC_LENGTH))) b = secrets.SplitKey( split_key_parts=4, key_part_identifier=1, split_key_threshold=2, split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8, prime_field_size=104729, key_block=objects.KeyBlock( key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW), key_value=objects.KeyValue(key_material=objects.KeyMaterial( value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4' b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'))), cryptographic_algorithm=primitives.Enumeration( enums.CryptographicAlgorithm, value=enums.CryptographicAlgorithm.AES, tag=enums.Tags.CRYPTOGRAPHIC_ALGORITHM), cryptographic_length=primitives.Integer( value=128, tag=enums.Tags.CRYPTOGRAPHIC_LENGTH))) self.assertTrue(a == b) self.assertTrue(b == a) self.assertFalse(a != b) self.assertFalse(b != a)
def test_repr(self): """ Test that repr can be applied to a SplitKey object. """ key_block = objects.KeyBlock( key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW), key_value=objects.KeyValue(key_material=objects.KeyMaterial( value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4' b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'))), cryptographic_algorithm=primitives.Enumeration( enums.CryptographicAlgorithm, value=enums.CryptographicAlgorithm.AES, tag=enums.Tags.CRYPTOGRAPHIC_ALGORITHM), cryptographic_length=primitives.Integer( value=128, tag=enums.Tags.CRYPTOGRAPHIC_LENGTH)) split_key = secrets.SplitKey( split_key_parts=4, key_part_identifier=1, split_key_threshold=2, split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8, prime_field_size=104729, key_block=key_block) args = [ "split_key_parts=4", "key_part_identifier=1", "split_key_threshold=2", "split_key_method=SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8", "prime_field_size=104729", "key_block=Struct()" ] self.assertEqual("SplitKey({})".format(", ".join(args)), repr(split_key))
def test_str(self): """ Test that str can be applied to a SplitKey object. """ key_block = objects.KeyBlock( key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW), key_value=objects.KeyValue(key_material=objects.KeyMaterial( value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4' b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'))), cryptographic_algorithm=primitives.Enumeration( enums.CryptographicAlgorithm, value=enums.CryptographicAlgorithm.AES, tag=enums.Tags.CRYPTOGRAPHIC_ALGORITHM), cryptographic_length=primitives.Integer( value=128, tag=enums.Tags.CRYPTOGRAPHIC_LENGTH)) split_key = secrets.SplitKey( split_key_parts=4, key_part_identifier=1, split_key_threshold=2, split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8, prime_field_size=104729, key_block=key_block) args = [("split_key_parts", 4), ("key_part_identifier", 1), ("split_key_threshold", 2), ("split_key_method", enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8), ("prime_field_size", 104729), ("key_block", str(key_block))] value = "{}".format(", ".join( ['"{}": {}'.format(arg[0], arg[1]) for arg in args])) self.assertEqual("{" + value + "}", str(split_key))
def test_write(self): """ Test that a SplitKey object can be written to a buffer. """ # TODO (peter-hamilton) Update this test when the KeyBlock supports # generic key format type and key value/material values. key_block = objects.KeyBlock( key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW), key_value=objects.KeyValue(key_material=objects.KeyMaterial( value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4' b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'))), cryptographic_algorithm=primitives.Enumeration( enums.CryptographicAlgorithm, value=enums.CryptographicAlgorithm.AES, tag=enums.Tags.CRYPTOGRAPHIC_ALGORITHM), cryptographic_length=primitives.Integer( value=128, tag=enums.Tags.CRYPTOGRAPHIC_LENGTH)) split_key = secrets.SplitKey( split_key_parts=4, key_part_identifier=1, split_key_threshold=2, split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8, prime_field_size=104729, key_block=key_block) stream = utils.BytearrayStream() split_key.write(stream) self.assertEqual(len(self.full_encoding), len(stream)) self.assertEqual(str(self.full_encoding), str(stream))
def test_build_pie_asymmetric_key(self): """ Test that a core asymmetric key object can be converted into a Pie asymmetric object. """ format_type = misc.KeyFormatType(enums.KeyFormatType.PKCS_1) algorithm = attributes.CryptographicAlgorithm( enums.CryptographicAlgorithm.RSA) length = attributes.CryptographicLength(2048) key_material = cobjects.KeyMaterial(self.public_bytes) key_value = cobjects.KeyValue(key_material) key_block = cobjects.KeyBlock( key_format_type=format_type, key_compression_type=None, key_value=key_value, cryptographic_algorithm=algorithm, cryptographic_length=length, key_wrapping_data=None) core_key = secrets.PublicKey(key_block) pie_key = self.factory._build_pie_key(core_key, pobjects.PublicKey) self.assertIsInstance(pie_key, pobjects.PublicKey) self._test_pie_key( pie_key, algorithm.value, length.value, self.public_bytes, format_type.value)
def test_convert_symmetric_key_core_to_pie(self): """ Test that a core symmetric key can be converted into a Pie symmetric key. """ format_type = misc.KeyFormatType(enums.KeyFormatType.RAW) algorithm = attributes.CryptographicAlgorithm( enums.CryptographicAlgorithm.AES) length = attributes.CryptographicLength(128) key_material = cobjects.KeyMaterial(self.symmetric_bytes) key_value = cobjects.KeyValue(key_material) key_block = cobjects.KeyBlock( key_format_type=format_type, key_compression_type=None, key_value=key_value, cryptographic_algorithm=algorithm, cryptographic_length=length, key_wrapping_data=None) core_key = secrets.SymmetricKey(key_block) pie_key = self.factory.convert(core_key) self.assertIsInstance(pie_key, pobjects.SymmetricKey) self._test_pie_key( pie_key, algorithm.value, length.value, self.symmetric_bytes, format_type.value)
def get_sample_symmetric_key(key_b64=utils.get_symmetric_key(), key_length=128, algorithm=enums.CryptographicAlgorithm.AES): key_material = objects.KeyMaterial(base64.b64decode(key_b64)) key_value = objects.KeyValue(key_material) key_block = objects.KeyBlock( key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW), key_compression_type=None, key_value=key_value, cryptographic_algorithm=attr.CryptographicAlgorithm(algorithm), cryptographic_length=attr.CryptographicLength(key_length), key_wrapping_data=None) return secrets.SymmetricKey(key_block)
def _build_core_secret_data(self, secret): secret_data_type = secret.data_type value = secret.value key_material = cobjects.KeyMaterial(value) key_value = cobjects.KeyValue(key_material) key_block = cobjects.KeyBlock(key_format_type=misc.KeyFormatType( enums.KeyFormatType.OPAQUE), key_compression_type=None, key_value=key_value, cryptographic_algorithm=None, cryptographic_length=None, key_wrapping_data=None) data_type = secrets.SecretData.SecretDataType(secret_data_type) return secrets.SecretData(data_type, key_block)
def get_sample_private_key(pkcs1=False): if pkcs1: private_key = kss.get_private_key_der_pkcs1(keys.get_private_key_pem()) key_format_type = misc.KeyFormatType(enums.KeyFormatType.PKCS_1) else: private_key = keys.get_private_key_der() key_format_type = misc.KeyFormatType(enums.KeyFormatType.PKCS_8) key_material = objects.KeyMaterial(private_key) key_value = objects.KeyValue(key_material) key_block = objects.KeyBlock( key_format_type=key_format_type, key_compression_type=None, key_value=key_value, cryptographic_algorithm=attr.CryptographicAlgorithm( enums.CryptographicAlgorithm.RSA), cryptographic_length=attr.CryptographicLength(2048), key_wrapping_data=None) return secrets.PrivateKey(key_block)
def _build_core_key(self, key, cls): algorithm = key.cryptographic_algorithm length = key.cryptographic_length value = key.value format_type = key.key_format_type key_material = cobjects.KeyMaterial(value) key_value = cobjects.KeyValue(key_material) key_block = cobjects.KeyBlock( key_format_type=misc.KeyFormatType(format_type), key_compression_type=None, key_value=key_value, cryptographic_algorithm=attributes.CryptographicAlgorithm( algorithm), cryptographic_length=attributes.CryptographicLength(length), key_wrapping_data=None) return cls(key_block)
def test_build_pie_split_key(self): """ Test that a core split key object can be converted into a Pie split key object. """ key_block = cobjects.KeyBlock( key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW), key_compression_type=None, key_value=cobjects.KeyValue( cobjects.KeyMaterial(self.symmetric_bytes) ), cryptographic_algorithm=attributes.CryptographicAlgorithm( enums.CryptographicAlgorithm.AES ), cryptographic_length=attributes.CryptographicLength(128), key_wrapping_data=None ) core_split_key = secrets.SplitKey( split_key_parts=3, key_part_identifier=1, split_key_threshold=2, split_key_method=enums.SplitKeyMethod.XOR, prime_field_size=None, key_block=key_block ) pie_split_key = self.factory._build_pie_split_key(core_split_key) self.assertIsInstance(pie_split_key, pobjects.SplitKey) self._test_pie_key( pie_split_key, enums.CryptographicAlgorithm.AES, 128, self.symmetric_bytes, enums.KeyFormatType.RAW ) self.assertEqual(3, pie_split_key.split_key_parts) self.assertEqual(1, pie_split_key.key_part_identifier) self.assertEqual(2, pie_split_key.split_key_threshold) self.assertEqual( enums.SplitKeyMethod.XOR, pie_split_key.split_key_method ) self.assertIsNone(pie_split_key.prime_field_size)
def test_build_pie_symmetric_key_on_invalid_format(self): """ Test that a TypeError exception is raised when attempting to create a Pie SymmetricKey object from a core SymmetricKey object with an incompatible format. """ format_type = misc.KeyFormatType(enums.KeyFormatType.OPAQUE) algorithm = attributes.CryptographicAlgorithm( enums.CryptographicAlgorithm.AES) length = attributes.CryptographicLength(128) key_material = cobjects.KeyMaterial(self.symmetric_bytes) key_value = cobjects.KeyValue(key_material) key_block = cobjects.KeyBlock(key_format_type=format_type, key_compression_type=None, key_value=key_value, cryptographic_algorithm=algorithm, cryptographic_length=length, key_wrapping_data=None) core_key = secrets.SymmetricKey(key_block) args = [core_key, pobjects.SymmetricKey] self.assertRaises(TypeError, self.factory._build_pie_key, *args)
def test_convert_secret_data_core_to_pie(self): """ Test that a core secret data object can be converted into a Pie secret data object. """ format_type = misc.KeyFormatType(enums.KeyFormatType.OPAQUE) key_material = cobjects.KeyMaterial(self.secret_bytes) key_value = cobjects.KeyValue(key_material) key_block = cobjects.KeyBlock(key_format_type=format_type, key_compression_type=None, key_value=key_value, cryptographic_algorithm=None, cryptographic_length=None, key_wrapping_data=None) data_type = secrets.SecretData.SecretDataType( enums.SecretDataType.PASSWORD) core_key = secrets.SecretData(data_type, key_block) pie_key = self.factory.convert(core_key) self.assertIsInstance(pie_key, pobjects.SecretData) self.assertEqual(enums.SecretDataType.PASSWORD, pie_key.data_type) self.assertEqual(self.secret_bytes, pie_key.value)
def _build_core_split_key(self, secret): key_material = cobjects.KeyMaterial(secret.value) key_value = cobjects.KeyValue(key_material) key_wrapping_data = None if secret.key_wrapping_data: key_wrapping_data = cobjects.KeyWrappingData( **secret.key_wrapping_data) key_block = cobjects.KeyBlock( key_format_type=misc.KeyFormatType(secret.key_format_type), key_compression_type=None, key_value=key_value, cryptographic_algorithm=attributes.CryptographicAlgorithm( secret.cryptographic_algorithm), cryptographic_length=attributes.CryptographicLength( secret.cryptographic_length), key_wrapping_data=key_wrapping_data) return secrets.SplitKey(split_key_parts=secret.split_key_parts, key_part_identifier=secret.key_part_identifier, split_key_threshold=secret.split_key_threshold, split_key_method=secret.split_key_method, prime_field_size=secret.prime_field_size, key_block=key_block)