def test_ecdh_internal(curve, hazmat_curve): key_object = objects.ECCKey(0xe0f1) _, _ = optiga_ec.generate_pair(key_object, curve) private_key = ec.generate_private_key(hazmat_curve, default_backend()) peer_public_key = private_key.public_key().public_bytes( encoding=serialization.Encoding.DER, format=serialization.PublicFormat.SubjectPublicKeyInfo) optiga_ec.ecdh(key_object, peer_public_key)
def test_ecdh_faulty(): with pytest.raises(IOError): key_object = objects.ECCKey(0xe0f1) pkey, _ = optiga_ec.generate_pair( key_object, curve='secp384r1', key_usage=['authentication', 'signature']) # key agreement hasnt been selected, thus an error optiga_ec.ecdh(key_object, pkey)
def test_hkdf(hash_alg, hazmat_curve, curve): key = objects.ECCKey(0xe0f1) _, _ = optiga_ec.generate_pair(key, curve=curve) private_key = ec.generate_private_key(hazmat_curve, default_backend()) peer_public_key = private_key.public_key().public_bytes( encoding=serialization.Encoding.DER, format=serialization.PublicFormat.SubjectPublicKeyInfo) optiga_ec.ecdh(key, peer_public_key) ses = objects.AcquiredSession() derived_key = optiga_ec.hkdf(ses, 32, hash_algorithm=hash_alg, export=True)
def test_hmac(hash_alg, hazmat_curve, curve): key = objects.ECCKey(0xe0f1) _, _ = optiga_ec.generate_pair(key, curve=curve) private_key = ec.generate_private_key(hazmat_curve, default_backend()) peer_public_key = private_key.public_key().public_bytes( encoding=serialization.Encoding.DER, format=serialization.PublicFormat.SubjectPublicKeyInfo) optiga_ec.ecdh(key, peer_public_key) data = 'Hello world!' ses = objects.AcquiredSession() mac = optiga_ec.hmac(ses, str.encode(data), hash_algorithm=hash_alg)
def test_ecdh_verify(): key_object = objects.ECCKey(0xe0f1) int_key_bytes, _ = optiga_ec.generate_pair(key_object, 'secp256r1') private_key = ec.generate_private_key(ec.SECP256R1(), default_backend()) peer_public_key = private_key.public_key().public_bytes( encoding=serialization.Encoding.DER, format=serialization.PublicFormat.SubjectPublicKeyInfo) shared_secret = optiga_ec.ecdh(key_object, peer_public_key, export=True) key = load_der_public_key(int_key_bytes, default_backend()) shared_secret_to_check = private_key.exchange(ec.ECDH(), key) assert shared_secret == shared_secret_to_check