def test_comparison_on_different_key_part_identifiers(self):
"""
Test that the equality/inequality operators return False/True when
comparing two SplitKey objects with different key part identifiers.
"""
a = secrets.SplitKey(key_part_identifier=1)
b = secrets.SplitKey(key_part_identifier=2)
self.assertFalse(a == b)
self.assertFalse(b == a)
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_comparison_on_different_split_key_thresholds(self):
"""
Test that the equality/inequality operators return False/True when
comparing two SplitKey objects with different split key thresholds.
"""
a = secrets.SplitKey(split_key_threshold=3)
b = secrets.SplitKey(split_key_threshold=4)
self.assertFalse(a == b)
self.assertFalse(b == a)
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_comparison_on_different_prime_field_sizes(self):
"""
Test that the equality/inequality operators return False/True when
comparing two SplitKey objects with different prime field sizes.
"""
a = secrets.SplitKey(prime_field_size=104723)
b = secrets.SplitKey(prime_field_size=104729)
self.assertFalse(a == b)
self.assertFalse(b == a)
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_comparison(self):
"""
Test that the equality/inequality operators return True/False when
comparing two SplitKey objects with the same data.
"""
a = secrets.SplitKey()
b = secrets.SplitKey()
self.assertTrue(a == b)
self.assertTrue(b == a)
self.assertFalse(a != b)
self.assertFalse(b != a)
a = secrets.SplitKey(
split_key_parts=4,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8,
prime_field_size=104729,
key_block=objects.KeyBlock(
key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW),
key_value=objects.KeyValue(key_material=objects.KeyMaterial(
value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'))),
cryptographic_algorithm=primitives.Enumeration(
enums.CryptographicAlgorithm,
value=enums.CryptographicAlgorithm.AES,
tag=enums.Tags.CRYPTOGRAPHIC_ALGORITHM),
cryptographic_length=primitives.Integer(
value=128, tag=enums.Tags.CRYPTOGRAPHIC_LENGTH)))
b = secrets.SplitKey(
split_key_parts=4,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8,
prime_field_size=104729,
key_block=objects.KeyBlock(
key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW),
key_value=objects.KeyValue(key_material=objects.KeyMaterial(
value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'))),
cryptographic_algorithm=primitives.Enumeration(
enums.CryptographicAlgorithm,
value=enums.CryptographicAlgorithm.AES,
tag=enums.Tags.CRYPTOGRAPHIC_ALGORITHM),
cryptographic_length=primitives.Integer(
value=128, tag=enums.Tags.CRYPTOGRAPHIC_LENGTH)))
self.assertTrue(a == b)
self.assertTrue(b == a)
self.assertFalse(a != b)
self.assertFalse(b != a)
def test_comparison_on_different_split_key_methods(self):
"""
Test that the equality/inequality operators return False/True when
comparing two SplitKey objects with different split key methods.
"""
a = secrets.SplitKey(split_key_method=enums.SplitKeyMethod.XOR)
b = secrets.SplitKey(
split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8)
self.assertFalse(a == b)
self.assertFalse(b == a)
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_read(self):
"""
Test that a SplitKey object can be read from a buffer.
"""
split_key = secrets.SplitKey()
self.assertIsNone(split_key.split_key_parts)
self.assertIsNone(split_key.key_part_identifier)
self.assertIsNone(split_key.split_key_threshold)
self.assertIsNone(split_key.split_key_method)
self.assertIsNone(split_key.prime_field_size)
self.assertIsNone(split_key.key_block)
split_key.read(self.full_encoding)
self.assertEqual(4, split_key.split_key_parts)
self.assertEqual(1, split_key.key_part_identifier)
self.assertEqual(2, split_key.split_key_threshold)
self.assertEqual(enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8,
split_key.split_key_method)
self.assertEqual(104729, split_key.prime_field_size)
self.assertIsInstance(split_key.key_block, objects.KeyBlock)
self.assertEqual(enums.KeyFormatType.RAW,
split_key.key_block.key_format_type.value)
self.assertIsInstance(split_key.key_block.key_value, objects.KeyValue)
self.assertIsInstance(split_key.key_block.key_value.key_material,
primitives.ByteString)
self.assertEqual((b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'),
split_key.key_block.key_value.key_material.value)
self.assertEqual(enums.CryptographicAlgorithm.AES,
split_key.key_block.cryptographic_algorithm.value)
self.assertEqual(128, split_key.key_block.cryptographic_length.value)
def test_write(self):
"""
Test that a SplitKey object can be written to a buffer.
"""
# TODO (peter-hamilton) Update this test when the KeyBlock supports
# generic key format type and key value/material values.
key_block = objects.KeyBlock(
key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW),
key_value=objects.KeyValue(key_material=objects.KeyMaterial(
value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'))),
cryptographic_algorithm=primitives.Enumeration(
enums.CryptographicAlgorithm,
value=enums.CryptographicAlgorithm.AES,
tag=enums.Tags.CRYPTOGRAPHIC_ALGORITHM),
cryptographic_length=primitives.Integer(
value=128, tag=enums.Tags.CRYPTOGRAPHIC_LENGTH))
split_key = secrets.SplitKey(
split_key_parts=4,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8,
prime_field_size=104729,
key_block=key_block)
stream = utils.BytearrayStream()
split_key.write(stream)
self.assertEqual(len(self.full_encoding), len(stream))
self.assertEqual(str(self.full_encoding), str(stream))
def test_repr(self):
"""
Test that repr can be applied to a SplitKey object.
"""
key_block = objects.KeyBlock(
key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW),
key_value=objects.KeyValue(key_material=objects.KeyMaterial(
value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'))),
cryptographic_algorithm=primitives.Enumeration(
enums.CryptographicAlgorithm,
value=enums.CryptographicAlgorithm.AES,
tag=enums.Tags.CRYPTOGRAPHIC_ALGORITHM),
cryptographic_length=primitives.Integer(
value=128, tag=enums.Tags.CRYPTOGRAPHIC_LENGTH))
split_key = secrets.SplitKey(
split_key_parts=4,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8,
prime_field_size=104729,
key_block=key_block)
args = [
"split_key_parts=4", "key_part_identifier=1",
"split_key_threshold=2",
"split_key_method=SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8",
"prime_field_size=104729", "key_block=Struct()"
]
self.assertEqual("SplitKey({})".format(", ".join(args)),
repr(split_key))
def test_str(self):
"""
Test that str can be applied to a SplitKey object.
"""
key_block = objects.KeyBlock(
key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW),
key_value=objects.KeyValue(key_material=objects.KeyMaterial(
value=(b'\x66\xC4\x6A\x77\x54\xF9\x4D\xE4'
b'\x20\xC7\xB1\xA7\xFF\xF5\xEC\x56'))),
cryptographic_algorithm=primitives.Enumeration(
enums.CryptographicAlgorithm,
value=enums.CryptographicAlgorithm.AES,
tag=enums.Tags.CRYPTOGRAPHIC_ALGORITHM),
cryptographic_length=primitives.Integer(
value=128, tag=enums.Tags.CRYPTOGRAPHIC_LENGTH))
split_key = secrets.SplitKey(
split_key_parts=4,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8,
prime_field_size=104729,
key_block=key_block)
args = [("split_key_parts", 4), ("key_part_identifier", 1),
("split_key_threshold", 2),
("split_key_method",
enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8),
("prime_field_size", 104729), ("key_block", str(key_block))]
value = "{}".format(", ".join(
['"{}": {}'.format(arg[0], arg[1]) for arg in args]))
self.assertEqual("{" + value + "}", str(split_key))
def test_comparison_on_type_mismatch(self):
"""
Test that the equality/inequality operators return False/True when
comparing two SplitKey objects with different types.
"""
a = secrets.SplitKey()
b = "invalid"
self.assertFalse(a == b)
self.assertFalse(b == a)
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_write_missing_split_key_parts(self):
"""
Test that an InvalidField error is raised during the encoding of a
SplitKey object when the object is missing the split key parts field.
"""
split_key = secrets.SplitKey(key_part_identifier=1)
stream = utils.BytearrayStream()
args = (stream, )
self.assertRaisesRegex(
exceptions.InvalidField,
"The SplitKey object is missing the SplitKeyParts field.",
split_key.write, *args)
def test_invalid_split_key_threshold(self):
"""
Test that a TypeError is raised when an invalid value is used to set
the split key threshold of a SplitKey object.
"""
kwargs = {"split_key_threshold": "invalid"}
self.assertRaisesRegex(TypeError,
"The split key threshold must be an integer.",
secrets.SplitKey, **kwargs)
args = (secrets.SplitKey(), "split_key_threshold", "invalid")
self.assertRaisesRegex(TypeError,
"The split key threshold must be an integer.",
setattr, *args)
def test_invalid_prime_field_size(self):
"""
Test that a TypeError is raised when an invalid value is used to set
the prime field size of a SplitKey object.
"""
kwargs = {"prime_field_size": "invalid"}
self.assertRaisesRegex(TypeError,
"The prime field size must be an integer.",
secrets.SplitKey, **kwargs)
args = (secrets.SplitKey(), "prime_field_size", "invalid")
self.assertRaisesRegex(TypeError,
"The prime field size must be an integer.",
setattr, *args)
def test_invalid_key_block(self):
"""
Test that a TypeError is raised when an invalid value is used to set
the key block of a SplitKey object.
"""
kwargs = {"key_block": "invalid"}
self.assertRaisesRegex(TypeError,
"The key block must be a KeyBlock structure.",
secrets.SplitKey, **kwargs)
args = (secrets.SplitKey(), "key_block", "invalid")
self.assertRaisesRegex(TypeError,
"The key block must be a KeyBlock structure.",
setattr, *args)
def test_invalid_key_part_identifier(self):
"""
Test that a TypeError is raised when an invalid value is used to set
the key part identifier of a SplitKey object.
"""
kwargs = {"key_part_identifier": "invalid"}
self.assertRaisesRegex(TypeError,
"The key part identifier must be an integer.",
secrets.SplitKey, **kwargs)
args = (secrets.SplitKey(), "key_part_identifier", "invalid")
self.assertRaisesRegex(TypeError,
"The key part identifier must be an integer.",
setattr, *args)
def test_read_missing_key_block(self):
"""
Test that an InvalidKmipEncoding error is raised during the decoding
of a SplitKey object when the key block is missing from the encoding.
"""
split_key = secrets.SplitKey()
self.assertIsNone(split_key.key_block)
args = (self.no_key_block_encoding, )
self.assertRaisesRegex(
exceptions.InvalidKmipEncoding,
"The SplitKey encoding is missing the KeyBlock field.",
split_key.read, *args)
def test_read_missing_split_key_method(self):
"""
Test that an InvalidKmipEncoding error is raised during the decoding
of a SplitKey object when the split key method is missing from the
encoding.
"""
split_key = secrets.SplitKey()
self.assertIsNone(split_key.split_key_method)
args = (self.no_split_key_method_encoding, )
self.assertRaisesRegex(
exceptions.InvalidKmipEncoding,
"The SplitKey encoding is missing the SplitKeyMethod field.",
split_key.read, *args)
def test_invalid_split_key_method(self):
"""
Test that a TypeError is raised when an invalid value is used to set
the split key method of a SplitKey object.
"""
kwargs = {"split_key_method": "invalid"}
self.assertRaisesRegex(
TypeError,
"The split key method must be a SplitKeyMethod enumeration.",
secrets.SplitKey, **kwargs)
args = (secrets.SplitKey(), "split_key_method", "invalid")
self.assertRaisesRegex(
TypeError,
"The split key method must be a SplitKeyMethod enumeration.",
setattr, *args)
def test_read_missing_prime_field_size(self):
"""
Test that an InvalidKmipEncoding error is raised during the decoding
of a SplitKey object when the prime field size is missing from the
encoding.
"""
split_key = secrets.SplitKey()
self.assertIsNone(split_key.prime_field_size)
args = (self.no_prime_field_size_encoding, )
self.assertRaisesRegex(
exceptions.InvalidKmipEncoding,
"The SplitKey encoding is missing the PrimeFieldSize "
"field. This field is required when the SplitKeyMethod is "
"PolynomialSharingPrimeField.", split_key.read, *args)
def test_write_missing_key_block(self):
"""
Test that an InvalidField error is raised during the encoding of a
SplitKey object when the object is missing the key block field.
"""
split_key = secrets.SplitKey(
split_key_parts=4,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.POLYNOMIAL_SHARING_GF_2_8)
stream = utils.BytearrayStream()
args = (stream, )
self.assertRaisesRegex(
exceptions.InvalidField,
"The SplitKey object is missing the KeyBlock field.",
split_key.write, *args)
def test_write_missing_prime_field_size(self):
"""
Test that an InvalidField error is raised during the encoding of a
SplitKey object when the object is missing the prime field size field.
"""
split_key_method = enums.SplitKeyMethod.POLYNOMIAL_SHARING_PRIME_FIELD
split_key = secrets.SplitKey(split_key_parts=4,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=split_key_method)
stream = utils.BytearrayStream()
args = (stream, )
self.assertRaisesRegex(
exceptions.InvalidField,
"The SplitKey object is missing the PrimeFieldSize field. "
"This field is required when the SplitKeyMethod is "
"PolynomialSharingPrimeField.", split_key.write, *args)
def test_build_pie_split_key(self):
"""
Test that a core split key object can be converted into a Pie split
key object.
"""
key_block = cobjects.KeyBlock(
key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW),
key_compression_type=None,
key_value=cobjects.KeyValue(
cobjects.KeyMaterial(self.symmetric_bytes)
),
cryptographic_algorithm=attributes.CryptographicAlgorithm(
enums.CryptographicAlgorithm.AES
),
cryptographic_length=attributes.CryptographicLength(128),
key_wrapping_data=None
)
core_split_key = secrets.SplitKey(
split_key_parts=3,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.XOR,
prime_field_size=None,
key_block=key_block
)
pie_split_key = self.factory._build_pie_split_key(core_split_key)
self.assertIsInstance(pie_split_key, pobjects.SplitKey)
self._test_pie_key(
pie_split_key,
enums.CryptographicAlgorithm.AES,
128,
self.symmetric_bytes,
enums.KeyFormatType.RAW
)
self.assertEqual(3, pie_split_key.split_key_parts)
self.assertEqual(1, pie_split_key.key_part_identifier)
self.assertEqual(2, pie_split_key.split_key_threshold)
self.assertEqual(
enums.SplitKeyMethod.XOR,
pie_split_key.split_key_method
)
self.assertIsNone(pie_split_key.prime_field_size)
def _build_core_split_key(self, secret):
key_material = cobjects.KeyMaterial(secret.value)
key_value = cobjects.KeyValue(key_material)
key_wrapping_data = None
if secret.key_wrapping_data:
key_wrapping_data = cobjects.KeyWrappingData(
**secret.key_wrapping_data)
key_block = cobjects.KeyBlock(
key_format_type=misc.KeyFormatType(secret.key_format_type),
key_compression_type=None,
key_value=key_value,
cryptographic_algorithm=attributes.CryptographicAlgorithm(
secret.cryptographic_algorithm),
cryptographic_length=attributes.CryptographicLength(
secret.cryptographic_length),
key_wrapping_data=key_wrapping_data)
return secrets.SplitKey(split_key_parts=secret.split_key_parts,
key_part_identifier=secret.key_part_identifier,
split_key_threshold=secret.split_key_threshold,
split_key_method=secret.split_key_method,
prime_field_size=secret.prime_field_size,
key_block=key_block)
