aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2016-10-29 19:31:17 -0400
committerRob Austein <sra@hactrn.net>2016-10-29 19:31:17 -0400
commit131083158a08fbd30e6929221715496296ae0944 (patch)
tree7240c2d5688c6616a7ef4a5a4bac73ea3c5ecf37
parent82b698a7823d5293a457b52a7d4774e6e513e70a (diff)
Add a bunch of static key tests, including a mixed-mode workout suite.
-rw-r--r--unit-tests.py518
1 files changed, 367 insertions, 151 deletions
diff --git a/unit-tests.py b/unit-tests.py
index c441cb1..0d93150 100644
--- a/unit-tests.py
+++ b/unit-tests.py
@@ -18,12 +18,23 @@ try:
from Crypto.Util.number import inverse
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5
- from Crypto.Hash import SHA256
+ from Crypto.Hash.SHA256 import SHA256Hash as SHA256
+ from Crypto.Hash.SHA384 import SHA384Hash as SHA384
+ from Crypto.Hash.SHA512 import SHA512Hash as SHA512
pycrypto_loaded = True
except ImportError:
pycrypto_loaded = False
+try:
+ from ecdsa.keys import SigningKey as ECDSA_SigningKey, VerifyingKey as ECDSA_VerifyingKey
+ if not pycrypto_loaded:
+ from hashlib import sha256 as SHA256, sha384 as SHA384, sha512 as SHA512
+ ecdsa_loaded = True
+except ImportError:
+ ecdsa_loaded = False
+
+
def log(msg):
if not args.quiet:
sys.stderr.write(msg)
@@ -31,6 +42,7 @@ def log(msg):
def main():
+ preload_public_keys()
from sys import argv
global args
args = parse_arguments(argv[1:])
@@ -109,7 +121,6 @@ class TestBasic(TestCase):
self.assertEqual(length, len(random))
-@unittest.skip("Slow")
class TestPIN(TestCase):
"""
Test functions involving PINs.
@@ -128,10 +139,14 @@ class TestPIN(TestCase):
for user in pin_map:
self.assertRaises(HAL_ERROR_FORBIDDEN, hsm.is_logged_in, user)
- def login_logout(self, user):
- pin = getattr(args, pin_map[user])
- hsm.login(user, pin)
- hsm.is_logged_in(user)
+ def login_logout(self, user1):
+ pin = getattr(args, pin_map[user1])
+ hsm.login(user1, pin)
+ for user2 in pin_map:
+ if user2 == user1:
+ hsm.is_logged_in(user2)
+ else:
+ self.assertRaises(HAL_ERROR_FORBIDDEN, hsm.is_logged_in, user2)
hsm.logout()
def test_login_wheel(self):
@@ -143,7 +158,7 @@ class TestPIN(TestCase):
def test_login_user(self):
self.login_logout(HAL_USER_NORMAL)
- # Eventually we will want a test of set_in(), probably under a
+ # Eventually we will want a test of set_pin(), probably under a
# @unittest.skipUnless to prevent it from being run unless the
# user requests it. Punt that one for the moment.
@@ -173,15 +188,11 @@ class TestDigest(TestCase):
# access check semantics). Defer for now.
-class TestPKey(TestCase):
+class TestPKeyGen(TestCase):
"""
- Tests involving keys.
+ Tests involving key generation.
"""
- oid_p256 = "".join(chr(i) for i in (0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07))
- oid_p384 = "".join(chr(i) for i in (0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22))
- oid_p521 = "".join(chr(i) for i in (0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23))
-
@classmethod
def setUpClass(cls):
hsm.login(HAL_USER_NORMAL, args.user_pin)
@@ -190,46 +201,27 @@ class TestPKey(TestCase):
def tearDownClass(cls):
hsm.logout()
- def setUp(self):
- self.k1 = self.k2 = None
- super(TestPKey, self).setUp()
-
- def tearDown(self):
- super(TestPKey, self).tearDown()
- for k in (self.k1, self.k2):
- if k is not None:
- try:
- k.delete()
- except:
- pass
-
- # Having all these tests in a single function kind of defeats the
- # purpose of having fine tuned unit tests. We're trying to
- # amortize the cost of key generation over a series of tests, but
- # maybe there's some better way to do that (deeper TestCase
- # subclassing?), or maybe we ought to be doing some of these tests
- # with canned keys. Also see unittest.TestCase.addCleanup().
+ def sign_verify(self, hashalg, k1, k2):
+ h = hsm.hash_initialize(hashalg)
+ h.update("Your mother was a hamster")
+ data = h.finalize()
+ sig = k1.sign(data = data)
+ k1.verify(signature = sig, data = data)
+ k2.verify(signature = sig, data = data)
+
+ def gen_sign_verify_rsa(self, hashalg, keylen):
+ k1 = hsm.pkey_generate_rsa(keylen)
+ self.addCleanup(k1.delete)
+ k2 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE, k1.public_key)
+ self.addCleanup(k2.delete)
+ self.sign_verify(hashalg, k1, k2)
def gen_sign_verify_ecdsa(self, hashalg, curve):
- hsm.mixed_mode = True
- hamster = "Your mother was a hamster"
- def h():
- hh = hsm.hash_initialize(hashalg)
- hh.update(hamster)
- return hh
- d = h().finalize()
- self.k1 = hsm.pkey_generate_ec(curve)
- self.k2 = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, curve, self.k1.public_key)
- sig1 = self.k1.sign(data = d)
- sig2 = self.k1.sign(hash = h())
- self.k1.verify(signature = sig1, data = d)
- self.k2.verify(signature = sig1, data = d)
- self.k1.verify(signature = sig1, hash = h())
- self.k2.verify(signature = sig1, hash = h())
- self.k1.verify(signature = sig2, data = d)
- self.k2.verify(signature = sig2, data = d)
- self.k1.verify(signature = sig2, hash = h())
- self.k2.verify(signature = sig2, hash = h())
+ k1 = hsm.pkey_generate_ec(curve)
+ self.addCleanup(k1.delete)
+ k2 = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, curve, k1.public_key)
+ self.addCleanup(k2.delete)
+ self.sign_verify(hashalg, k1, k2)
def test_gen_sign_verify_ecdsa_p256_sha256(self):
"Generate/sign/verify with ECDSA-P256-SHA-256"
@@ -243,10 +235,183 @@ class TestPKey(TestCase):
"Generate/sign/verify with ECDSA-P521-SHA-512"
self.gen_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521)
+ def test_gen_sign_verify_rsa_1024_p256_sha256(self):
+ "Generate/sign/verify with RSA-1024-SHA-256"
+ self.gen_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024)
+
+ @unittest.skipUnless(args.all_tests, "Slow")
+ def test_gen_sign_verify_rsa_2048_sha384(self):
+ "Generate/sign/verify with RSA-2048-SHA-384"
+ self.gen_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048)
+
+ @unittest.skipUnless(args.all_tests, "Hideously slow")
+ def test_gen_sign_verify_rsa_4096_sha512(self):
+ "Generate/sign/verify with RSA-4096-SHA-512"
+ self.gen_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096)
+
+
+class TestPKeyHashing(TestCase):
+ """
+ Tests involving various ways of doing the hashing for public key operations.
+ """
+
+ @classmethod
+ def setUpClass(cls):
+ hsm.login(HAL_USER_NORMAL, args.user_pin)
+
+ @classmethod
+ def tearDownClass(cls):
+ hsm.logout()
+
+ def load_sign_verify_rsa(self, alg, keylen, method):
+ k1 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PRIVATE, HAL_CURVE_NONE,
+ static_keys[HAL_KEY_TYPE_RSA_PRIVATE, keylen].exportKey("DER"))
+ self.addCleanup(k1.delete)
+ k2 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE,
+ static_keys[HAL_KEY_TYPE_RSA_PUBLIC, keylen].exportKey("DER"))
+ self.addCleanup(k2.delete)
+ method(alg, k1, k2)
+
+ def load_sign_verify_ecdsa(self, alg, curve, method):
+ k1 = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, curve,
+ static_keys[HAL_KEY_TYPE_EC_PRIVATE, curve].to_der())
+ self.addCleanup(k1.delete)
+ k2 = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, curve,
+ static_keys[HAL_KEY_TYPE_EC_PUBLIC, curve].to_der())
+ self.addCleanup(k2.delete)
+ method(alg, k1, k2)
+
+ @staticmethod
+ def h(alg, mixed_mode = False):
+ h = hsm.hash_initialize(alg, mixed_mode = mixed_mode)
+ h.update("Your mother was a hamster")
+ return h
+
+ def sign_verify_data(self, alg, k1, k2):
+ data = self.h(alg, mixed_mode = True).finalize()
+ sig = k1.sign(data = data)
+ k1.verify(signature = sig, data = data)
+ k2.verify(signature = sig, data = data)
+
+ def sign_verify_remote_remote(self, alg, k1, k2):
+ sig = k1.sign(hash = self.h(alg, mixed_mode = False))
+ k1.verify(signature = sig, hash = self.h(alg, mixed_mode = False))
+ k2.verify(signature = sig, hash = self.h(alg, mixed_mode = False))
+
+ def sign_verify_remote_local(self, alg, k1, k2):
+ sig = k1.sign(hash = self.h(alg, mixed_mode = False))
+ k1.verify(signature = sig, hash = self.h(alg, mixed_mode = True))
+ k2.verify(signature = sig, hash = self.h(alg, mixed_mode = True))
+
+ def sign_verify_local_remote(self, alg, k1, k2):
+ sig = k1.sign(hash = self.h(alg, mixed_mode = True))
+ k1.verify(signature = sig, hash = self.h(alg, mixed_mode = False))
+ k2.verify(signature = sig, hash = self.h(alg, mixed_mode = False))
+
+ def sign_verify_local_local(self, alg, k1, k2):
+ sig = k1.sign(hash = self.h(alg, mixed_mode = True))
+ k1.verify(signature = sig, hash = self.h(alg, mixed_mode = True))
+ k2.verify(signature = sig, hash = self.h(alg, mixed_mode = True))
+
+ def test_load_sign_verify_rsa_1024_sha256_data(self):
+ self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_data)
+
+ def test_load_sign_verify_rsa_2048_sha384_data(self):
+ self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_data)
+
+ def test_load_sign_verify_rsa_4096_sha512_data(self):
+ self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_data)
+
+ def test_load_sign_verify_ecdsa_p256_sha256_data(self):
+ self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_data)
+
+ def test_load_sign_verify_ecdsa_p384_sha384_data(self):
+ self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_data)
+
+ def test_load_sign_verify_ecdsa_p521_sha512_data(self):
+ self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_data)
+
+ def test_load_sign_verify_rsa_1024_sha256_remote_remote(self):
+ self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_remote_remote)
+
+ def test_load_sign_verify_rsa_2048_sha384_remote_remote(self):
+ self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_remote_remote)
+
+ def test_load_sign_verify_rsa_4096_sha512_remote_remote(self):
+ self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_remote_remote)
+
+ def test_load_sign_verify_ecdsa_p256_sha256_remote_remote(self):
+ self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_remote_remote)
+
+ def test_load_sign_verify_ecdsa_p384_sha384_remote_remote(self):
+ self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_remote_remote)
+
+ def test_load_sign_verify_ecdsa_p521_sha512_remote_remote(self):
+ self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_remote_remote)
+
+ def test_load_sign_verify_rsa_1024_sha256_remote_local(self):
+ self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_remote_local)
+
+ def test_load_sign_verify_rsa_2048_sha384_remote_local(self):
+ self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_remote_local)
+
+ def test_load_sign_verify_rsa_4096_sha512_remote_local(self):
+ self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_remote_local)
+
+ def test_load_sign_verify_ecdsa_p256_sha256_remote_local(self):
+ self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_remote_local)
+
+ def test_load_sign_verify_ecdsa_p384_sha384_remote_local(self):
+ self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_remote_local)
+
+ def test_load_sign_verify_ecdsa_p521_sha512_remote_local(self):
+ self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_remote_local)
+
+ def test_load_sign_verify_rsa_1024_sha256_local_remote(self):
+ self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_local_remote)
+
+ def test_load_sign_verify_rsa_2048_sha384_local_remote(self):
+ self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_local_remote)
+
+ def test_load_sign_verify_rsa_4096_sha512_local_remote(self):
+ self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_local_remote)
+
+ def test_load_sign_verify_ecdsa_p256_sha256_local_remote(self):
+ self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_local_remote)
+
+ def test_load_sign_verify_ecdsa_p384_sha384_local_remote(self):
+ self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_local_remote)
+
+ def test_load_sign_verify_ecdsa_p521_sha512_local_remote(self):
+ self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_local_remote)
+
+ def test_load_sign_verify_rsa_1024_sha256_local_local(self):
+ self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_local_local)
+
+ def test_load_sign_verify_rsa_2048_sha384_local_local(self):
+ self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_local_local)
+
+ def test_load_sign_verify_rsa_4096_sha512_local_local(self):
+ self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_local_local)
+
+ def test_load_sign_verify_ecdsa_p256_sha256_local_local(self):
+ self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_local_local)
+
+ def test_load_sign_verify_ecdsa_p384_sha384_local_local(self):
+ self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_local_local)
+
+ def test_load_sign_verify_ecdsa_p521_sha512_local_local(self):
+ self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_local_local)
+
+
if False:
class Wombat(TestCase):
+ oid_p256 = "".join(chr(i) for i in (0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07))
+ oid_p384 = "".join(chr(i) for i in (0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22))
+ oid_p521 = "".join(chr(i) for i in (0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23))
+
def test_gen_sign_verify_ecdsa_p384_sha384(self):
"Generate/sign/verify with ECDSA-P384-SHA-384"
#if not args.all_tests: self.skipTest("SHA-384 not available in current build")
@@ -536,7 +701,7 @@ if False:
hsm.C_VerifyInit(self.session, CKM_SHA256_RSA_PKCS, public_key)
hsm.C_Verify(self.session, tbs, sig)
verifier = PKCS1_v1_5.new(RSA.importKey(rsa_1024_pem))
- digest = SHA256.new(tbs)
+ digest = SHA256(tbs)
self.assertTrue(verifier.verify(digest, sig))
hsm.C_SignInit(self.session, CKM_SHA256_RSA_PKCS, private_key)
self.assertEqual(sig, hsm.C_Sign(self.session, tbs))
@@ -546,105 +711,156 @@ if False:
# Keys for preload tests, here rather than inline because they're
-# bulky. These are in PKCS #8 format, see PyCrypto or the "pkey" and
-# "genpkey" commands to OpenSSL's command line tool.
-
-rsa_1024_pem = '''\
------BEGIN PRIVATE KEY-----
-MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAIwSaEpCTVJvbd4Z
-B1P8H9EgFlZqats7PeBIOlC2Q1zla7wBmNJkX5Jkez8tF3l22Sn99c6c6PuhyhzB
-dZtifQbZniKCJEzyby5MXZeSr20rPdrqiB9FX13mmtLN7ii4nLyAYFAQ4R8ZvdH2
-dRIWtxwhS7d4AyrWYhJkemIvSApfAgMBAAECgYAmL1Zy+AQwNuRSqawPvynFTuQI
-Bta+kTXbEJWlLyrKBlkKVb0djfNn6zCWFmrR2A53nh4Gh0wUXRTGJg8znvPKJPcp
-45znc7aGQFmDivvl5m/UkbqET6SB6JyCOCKzYa1Rtn3YFMkf/3MgzrWIhFv+UNH/
-I5lSjzJcCrN4mgI+AQJBALcTNa0mOWRXX+6jssbf65Cx6wmHsrrptXiP9gKfwdkx
-697EzyvPDL8xwL20O+xBFehj866O/f8nOPP47imOPoECQQDD3gU8wD8MeWLqYcXI
-AdERIuuk1VnL36QOzn9NoPF01DLJcrcbN24i5/9tcza3Kdec8fexJTh/PMBvR8Zr
-w5jfAkAnFgrXtNl7+suYf4qjuxroAZRUrIwUK+F6pAG5/bG9VVMudIZmrAXkrBKi
-beB9SEgNHYnhMtY3q4AVVohChwQBAkAR1I5Jf3691fcJOylUEcZEdxdYhAuOoac/
-qdCw8mvIpOCSshy1H5CpINGB1zEt72MvaF+SAr9n5dHmz3Pir4WlAkB/ZccJ5QBH
-uBP0/flXdmhG5lC3MTMiiE7Rls/3L2t6S4xVDnQ81RYf7Car53WN7qSVSZnhDGsn
-BJpghq2nYUH1
------END PRIVATE KEY-----
-'''
-
-rsa_2048_pem = '''\
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCzvgb90hKxeDJy
-zeWz/F4JGZ3Acl1i3url3VPXHyoldyhuNC+8jf4iM7TGBYGLH+sYkBXWu9GD0erl
-KBMJMTBO8OdXulSAJh8r1Z8qNPSVNguvNgGQlRDGc7tZJ6gWFlzM2g5flED24bN9
-6Ir9O1cZi7xMc0Nzkn9Rms5IwPW8OB4IZZlbFC6Ih9vUSp06Tm3rQ/eQJkhLFbzM
-ejc9OH1LSpYtji44ohmy/jPJsmSlzwK5JSchZqbxl/msVw1t/nZS3loqKUMvzn9F
-iARLiaIrUKNCmSmL8HqEt2qKt0ESHG0vX07h5W5iHIJOuKhqcX3li8nFcwsOV3AB
-RsCRgeppAgMBAAECggEANEeTVQRjN4dUdRv6Me23lEIFJlKdYwKfpBhKKIoCAj+0
-XMmFEPzj7CLJ88bqNQMlqFFQaNLcT9Eg12Jelw/dkzhysYuaxGNSMbfCwc4BTd0Y
-bO/yaJFS/cXvujDUrQf4GgVapOZENwrS4E5hDuLRpLaGIF5uQhFcQuoaEgM99m6H
-TzOIhtu3DjdbfSsmkGVQ7xUVFcvaCrMVoq06dvUH4HpYTKeeqgcVv++XjIe83Nzv
-+oN5U2oFOzrYpGGHN6jrekmmbEaxy8UHOySC6Y+UyRrPEy9q1ZgkkC9VCrM7E28/
-4PETw8MI7uNoosuFXofctKjtRvC5Sn9zW3dyv9NkAQKBgQDSkdDy4+xN2kA7gdry
-4eLKUzKRNSbnoPrCu2TENUR8oTjbJ52LQEbGa9HIKaM33701hJsc34C6adJgoY9c
-PoBcJgxOI7N40A/rI3c8krKS5X/ViBY3TzJsP3LaBKDdfioaTDVTjhYD6v2eu7Lt
-4eIqa8sVA4PhLSVGRW53ZSYjwQKBgQDahY6cR8WgPseQJTkCbKyfKCSuz6nioZpC
-stkpKhJepzE6AKZTLLWvNIPNT/khl40aby5seLNkY3Tb9cYBX2iShGv4cguPMiAl
-hb7Uljz19i6YaX74gkTjsYpv44ddLSZp+/FTOl0C0I8WocQpb8B2d4BgvfxgHrHb
-KCHnyihQqQKBgQC7PKPixt7hnzdMcrxhCpDiPbaSPgQZJSC1NXJ1sbPzalynKwPA
-xefpGgiRBs02qsGRLBfNRcQuflhuSlqyuHTk+4Qnm0FEJSZyfLfS6dLWIjJYikjO
-56I7dPPIfyMXsM75UVh9srNKypK4qciCFEBKXk1XoyeKe91QLf77NbsDQQKBgDnY
-CLwNs56Lf8AEWmbt5XPr6GntxoabSH5HYXyoClzL3RgBfAWgXCeYuxrqBISD3XIV
-5DAKc1IrkY94K4XJf6DpNLt7VNv+5MuJ783ORyzEkej+ZAHcWef74y1jCT386aI8
-ctEZLe3Ez1uqToa5cjTpxS3WnKvE9EeTBAabWLihAoGBAKft+PG+j+QhZeHSGxRz
-mY6AQHH4z7IU94fmXiT2kTsG8/svhPNfsmVt7UCSJbCaYsrcuR2NonVV8wn/U793
-LcnLAV+WObeduMTBCasJw8IniFwFhhfkxOtmlevExE1I3ENwkRlJ7NdROky4pnd5
-LGmN2EOOlFijEGxBfw+Wb1rQ
------END PRIVATE KEY-----
-'''
-
-rsa_3416_pem = '''\
------BEGIN PRIVATE KEY-----
-MIIHvgIBADANBgkqhkiG9w0BAQEFAASCB6gwggekAgEAAoIBrADgnFnBx2/mTFGM
-pEQ891GLfN8lnCJsMTN3zkQKCAV1iQpXXoOzq+mFDudpYsBZRq15AZxPc6ZejD5Q
-P8PTIPdNWquC7u5mUsxLc12iVvXn3OBvxQyf/U+8S3Y2OsuVr9oTAU/PS4lO/bct
-GgTmGnuRgWSgKl+tqsmABqEDOvEGIK7MHiwL7XbFgxPTV9nhP6Qaox0/eBD1Cq0K
-pQ2DmwVCMglQl2s2kmmqT9HV/iZD/WuvxpnRYpGLtUQLgVbCO50spH/PSrsnaiIk
-DMzPreaRjNVhKz2cVAJysCdGygY0vUtZILlA9gngL/arQYV2eSwTyvpzZwiJOcVV
-d2A8Beebo0bWG2pnBnWNBlp20s+UQRheYJZapIgd5tmHLb9sJLeC6QRJzgCLweO3
-jaGzwN96q5/Wgjldn5a/eW1w0anwx34BVOkOJxvcvvhgleI7vlpZ93tuWsJ8xqjU
-0mRB3NhRhlVxS1UJbgF1LbciLvcLJ7QpCM5ExS1tpZFBeSY+sov+UQo05T66ZapY
-Wwbh7AqDI0F0J+j5pPUG0+Whkju4oxB0FUd69ggMmCaHAgMBAAECggGrYJYbat7u
-WaQ79TS2O1lG8aqy8qNfkhLeRQin7YBhiJdzoPp9vAeTFarBDGpwuHNSKZTtuKTM
-yB+atDuXY/TrI5J36ogAcHPucgucGjE28Yvj32xm722omhoBLXS/ExFZv45y2Xts
-AlHMMVLdBG4i8QEpWk6ecjndCHbRSmhQOQhY4mGfI0nsJyckoV9HzDrnwKSf8Ska
-caUzoD41v4AsFLkblFJowkDXu2szmsf9gIM7iYznnEi8uc0rA5+MxV2JSyc55tQG
-Av76y3HNqQjo+3IKWAyWFvujkBQRePw5HVMxmw9i5KIo41LGbZsMkwNkVq6pu6Gf
-rQGKaLD9L0o4h1zI8pOaNs8pX5SdtzhjYr3AsXdarL//dES6tVfFqVhN824debEC
-nIMEAaUmLFaergh37tl9BqKJncvWn/nqkKt2AmW3K07uXhbNBGp5VJiBJL1ade1k
-16t8c9HA1KqzEBXpWdiAoX1ezRkdlLNswOi0rjBFhLBlX7/8Nzlp7c4Mz7ioEXGc
-2yTEs2CgwYa+Tc0qKV1Q+zOJ97MNyi6NLsoG9FSpeNvmSwEqYQKB1g+Hdma2H+ud
-d5yLzONKanWzYddjnjxifgepBaHi0tKDysjGk9N/0LAX9sEOQsIqwVjE/OwpQFAy
-ScI1dvx1nTCw2S0XCtUIgSxmFq6ZO2BaduL6J6KxMN1JYkME7U5uAeAlH9gcKzqK
-sUPCPQE+q6rjVinK7oWp4ZeGEl+dGZyqGy1aScBN5Ie1URi9LYRZHCuKjyUYSmwF
-95QPc64HqYwr8k6zSfW7Hj5Ier8AWNlhO1/o0Q8OAMA42kQIAYpC23YZXQqqYifH
-80kEj4jl0Tvo+35jTjkCgdYOdryFRF/ukhz1ykZ3It3YfrkP56KuQ0a/GJvJ+XJU
-wMPunvuQ3rVjIWAB1JTl2ASUl8QJEsHuLeXO1mwtNpFHy5FAmi+VSnpIaTE6YHRX
-5/P/renuOeozwBPky95gULdRAgwTOdP0UucQ7I7U7FAXUronQHWrQTFbemnnXQYP
-m0yy2gxZ4TPRquaYP26sKWk6ollrPrtObppgpPtmKFVrdah9GMtPG0/ArrecP1g5
-6JF0KXX2bR/7lr1QK7ETMcopaTW9zTVhTA9go1aoVP99J1O/Bxq/AoHWBM495NEt
-laN4VXip4hiwU1Y8zAPm/vbX25UByjRAW6cvROy26HegZC42TU4VeLL0fH0RbB/j
-6C13x+L1vHDFQUEpJBwCXSSxnMTG9iczScEVE26of19oKMLB5s2Khn/ikrPKY/1r
-n0U2UCq26EC1rT+G9Y34PGLzDgoOe4pJV8MIgAN12U4Bj8GbpBU/FbrhzdOmMquO
-tFkwYaBagxuZ62faJ2KyW5oZZNrXKW55EGRXlHme4JLLxrCRUwZLO7cu5SA6O8e4
-cmkdL5Z6uLmuA2U5FsayeQKB1glMG8ySchP5yjHYr0j/mZkDhFQL8o+P4VcPK30+
-IlcGfivR+CVccz5ggsVKb9f67p7Rm4q1iwFecX1uaaT6kZKT8S+UrQeLE2WecK10
-uPSUvkxY76lZgwl265LD1ZMV73BcH4TwRCWmcK95UCrgKG+FlvGKRtkpk9+YpaC6
-NB4uFrRU42GXGGcrMwUkqTBzghfVqiL89QvqnsOG6a72OEpWHFMlb/LOvIpABPij
-40N+EpmX2SLpbIidkd2J6E5NUAUkgw4Zbbm4WZ4mAJs93+kEMZn2qCMCgdYLpnPB
-uZ6pDpmXxKmfGRqzZVCwYJk9myya2ZcAmjfEHGpLHcy99mDSgb9BaUnceGizgSnG
-KQCxAnX7xFXshz52DIfGZqKANyuuCRXv34aB0PxHozmlmAjuU5Y8I8PcioOqNLh3
-ZEcXNEVhhaZKGi9yz7QXZsauxjYGjgsGvaV+yPrzWcnIWsKW0X0aC3eIDOaw8yCC
-F9qQXfT559lNaH3+aBCVlDL17HtOkax8J04vI1gEbqIyd9vn34+iFBcC5TBq9qZT
-BvUE7g/dCNw3ISPEAgVJZUHJ
------END PRIVATE KEY-----
-'''
+# bulky.
+
+static_keys = {}
+
+# openssl genrsa 1024
+if pycrypto_loaded: static_keys[HAL_KEY_TYPE_RSA_PRIVATE, 1024] = RSA.importKey('''\
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC95QlDOvlQhdCe/a7eIoX9SGPVfXfA8/62ilnF+NcwLrhxkr2R
+4EVQB65+9AbxqM8Hqol6fhZzmDs48cl2tOFGJpE8iMhiFm4i6SGl2RXYaG0xi+lJ
+FrXXCLFQovIEMuukBE129wra1xIB72tYR14lu8REX+Mhpbuz44M1jlCrlQIDAQAB
+AoGAeU928l8bZIiH9PnlG318kYkMVhd4SGjXQK/zl9hXSC2goNV4i1d1kCHIJMwq
+H3mTALe+aeVg3GnU85Tq+g2llzogoyXl8q902KbvImrM/XSbsue9/oj0OSgw+jKB
+faFzX6FxAtNV5pmU9QiwauBIl/3yPCF9ifim5zg+pWCqLaECQQD59Z/R6TrTHxp6
+w2vH4CJyP5KORcf+eMa50SAriMVBXsJzsBiLLVxKIZfWbQn9gytJqJZKmIHezZQm
+dyam84fpAkEAwnvSF27RhxLXE037+t7k5MZti6BfNTeUBrwffteepL6qax9HK+h9
+IQZ1vfNIqjZm8i7kQQyy4L8tRnk8mjZmzQJBAIUwfXWTilW+yBRMFx1M7+3itAv9
+YODWqEWRCkxIN5tqi8CrP5jBleCmX8rRFTaxcxpvq42aD/GRp3SLntvs/ikCQCSg
+GOKc1gyv+Z0DFK8cBtMmoz6mRwfInbHe/7dtd8zis0lVLJwSPm5Xvxi0ljyn3h9B
+wW6Wq6Ezn50j+8u27wkCQQCcIFE01BDAdtFHtTJ3aaEM9IdMCYrcJ0I/Y0NTE2M6
+lsTSiPyQjc4dQQJxFduvWHLx28bx+l7FTav7FaKntCJo
+-----END RSA PRIVATE KEY-----
+''')
+
+# openssl genrsa 2048
+if pycrypto_loaded: static_keys[HAL_KEY_TYPE_RSA_PRIVATE, 2048] = RSA.importKey('''\
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAsbvq6syhDXD/OMVAuLoMceGQLUIiezfShVqFfyMqADjqhFRW
+Wbonn0XV9ZkypU4Ib9n6PtLATNaefhpsUlI4s+20YTlQ7GiwJ9p97/N1o1u060ja
+4LdqhfYtn8GZX+JAfa5NqpmLKCJ58XJ3q28MPLRwYp5yKckjkzchZHFyjs1W7r5a
+JfeJ/vsQusX3klmCehJ1jxSHPh8o6lTjFMnBK8t360YTu0UGK/RUcEAYO7l7FWjd
+8PjZfawXIrOAhCLkVvDFfpsl2oyFIL9d1QE87WdyyZXAtWLs62gnX+kiBq9gUhu5
+GsgcQifHBcRiGZfH0TRIMgIsSjsorzHqJ9uoQwIDAQABAoIBAGqzx5/5A8NfEEpT
+2bxNLcV8xqL1LmBNLh0TMEwYn1GM2fZh74lkwf7T3VTaCVbGlzgXZC4tNneq7XIF
+iPyPEi2rSnyH/XZAj2kNukfBIOHW37HVhloco14TYmajwuGWomMRrtz521pYAF+c
++g042N7k8Qez2hQOBkaOdYSouz7RNdJUGUocRhcSkh+QZTBwtQxrkuhhHN+zkIri
++Q09hF2hAliHrh6mow8ci0gRsXnZzsdJfTX8CasHWTIll4gfrvWnUY7iYqB6ynRU
+YN+7IgQXMUFLziIlH1qN+DlEYdznsgAPSS3JdTWh0cvjiO8wTFAnOIdsj+BpKoDB
+PK2zzDkCgYEA3TP8h4Ds/y1tDijE3Sarrg0vWuY97sJmAla4qFHH4hscZ84NDzTM
+I/ohLPJgpeR2MaBqZmVk9UFrd3rdt3/lX6kSO7Kffa9rVgfOB4CqJ4joso3j0qY8
+V/iVBcDcD1h4aXCRX2tMJICUTgVU/N8/2wBEElcOUjZHGlcHmbHndlUCgYEAzbFm
+ttPuIHrYHkmOm/DjYB65+WD8gfPMdeUbnx+yIt5xwimIbq1qWzl4++goTAAyaU/7
+qM9IfveRue0B7yjnPa8fjN+CcXMGM6a3BIqeIv1icfgjHxlt7D+64FpENWXHvFE0
+MhRliINfkTHm+U4+1s0045a+bLdTbfVly1gATDcCgYEAyOaoWmFL3k7hl1SLx9eR
+YVj0Q3iNk0XX5BPjTmxIQCEjYVwRHFh1d897Rhk0kja26kepmypH0UADXNaofDqa
+lpE10CZhGIOz1sTr6ICBCbscrN6VpgH5GGTa5AjPVNijNBBa1/DZjOWCzIGnOKuC
+kWLicE3E4gIN/exBKOQdNqkCgYEAjA5PMg38BoGexoCvad8L81b4qqUvSg0HGv91
+X1Plp3hvXRWKoFHUKWlox528UoOPz8V2ReteIZXQ1BhdSMtBKO8lPHa0CyuW/XR3
+CdCY/Jorfg7HW1WlU0fRpxHPf8xdxAxGzhK1T86kM+kWrIpqnzf62zy5TK1HUYfW
+WC8DhOECgYBzU8hIA0PU7aRPUs0o9MO9XcvVPvdX6UOKdNb9CnBMudS/chKHJUYP
+d0fFAiVaRX0JMQ0RSrenxCqfWVtW3T3wFYNHB/IFRIUT3I44wwXJTNOeoi3FDTMx
+EQfc0UFoFHyc3mYEKR4zHheqQG5OFBN89LqG3S+O69vc1qwCvNKL+Q==
+-----END RSA PRIVATE KEY-----
+''')
+
+# openssl genrsa 4096
+if pycrypto_loaded: static_keys[HAL_KEY_TYPE_RSA_PRIVATE, 4096] = RSA.importKey('''\
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAzWpYSQt+DrUNI+EJT/ko92wM2POfFnmm3Kc34nmuK6sez0DJ
+r9Vib9R5K46RNgqcUdAodjU6cy3/MZA53SqP7RwR/LQtWmK2a+T4iey2vQZ0iCDA
+2NI4gjgmCAjZnOD/m5yUXjCig/wJ8pGXolg8oHnvdeLg1joIOSF9OudLrI6aJnDg
+OfdegzmCWXmWl7TXrqHVIWZhZZF7qQZRso6ZQ1/8mjpvVD0drASBxMnIzvpe4ynr
+Y2NB807X/D5bbScp292ZKTNf5unPN1SsFy5ymzfLZrfNksYef6xPXcVr6OiObi49
+De8e11aNPj6fgLzzqAu1rjjrDkgvXx5G7gPJXq1aq6uxB2cKMrRS+ivmyC8vQlzP
+lQwW20oYeeOfCg7ddNAJcu3jNTuNJaZdhc9szpVhV8DXZoXe/RzUNjZH7wUqueHy
+fpbLwS+h3McJqrbWFdCQBivZnoI05cF2JIHEeR3S0Gyo2/IheNeFX2Tt8oDnHY4a
+olRHiR5CMdM8UoGSxR9Y12fZ9dcqdCH3d6wDAsBDHTCE8ZIwFwhW6iA+g54YE3X7
+BlsgWr60poCDgH+CJjh0VDVxqL7r+w76sD9WAQMa7Gb+Mp2XCYnIZPXTrsmwVbZ9
+s5vFXUEODYom6qBlbZB8gyZzee5Skc1jx2fnmqxRtflA4W3xVAQFof2rFiUCAwEA
+AQKCAgBxhQXJSFqf0hqy61h0I+Qp6EKpWuleSFiYtKjDti803tql+s37KFfAKZHV
+KnLBhNeitwDFYuEsag0P3P69ZRopFUwzdXdi7g6WTfG0d2b9y6V23XL14Cduf400
+/38TnZxk6QFtlD8b5ZuxvBgqlczbeseFRJ6whV2qBQHqHYzKjfxOpi6kmjpXFt8c
+h39b04smbTUVwjitIttOK7nWjcvRWiiFKyn/Sc8uE0eL81/QUrlBnRcC1AXMapQe
+SG/KQMx3P123UTb8q9XiZB6+qOKZORplZ8pqBKcyM42g6suZ6XtdFJyVKMLIioKA
+FaecQ8/73IzI/ZeZSvcy/85/FwSfGjHD7C7vL9kfg77no+IvHYlBYiIqtTddpQH5
+LGJAJnOGtk047/OjTmL8QyylvDAv8jBeZZdbOX7L+8jk5DbHmfUcDjvBS9g+Fbfk
+jDurphrp1dHn/YgaA27NZs87TPWX1aVPiOlXEhO9SHHiiKCHDpBzV1gW/eiho33s
++uEr57ZoakzonN/zNb7KqHUO/ZGwMg+V9bVIgThqbdgmxNz7JFz14CN79yPmW5QT
+1P1v7a6xWaZTALe2HGvy0B+iRzhLpay1tI4O/omPj9vUzVJwGHztVt0RddcmA9wV
+Y3qglRNl+YvNlm6BUn8KwPIqki8JoioA8J1EQ5mz/K0fbrzcOQKCAQEA8TCqq0pb
+mfxtsf42zhsSUw1VdcCIG0IYcSWxIiCfujryAQX1tmstZeRchlykXmdO+JDcpvMy
+BKBD7188JEWjCX1IRRtHxTJ5WG+pE8sNPLNL8eZVZ+CEbNjVk4dtWGLwyNm+rQkM
+NmOlm+7ZHdezBXljZOeqZbdsTSDQcGYG8JxlvLpAN60pjIGvTdTrdnksMhB4PK+l
+7KtyEVDWXU/VT6kqhP3Ri1doHv/81BplgfjEJM8ZxmasfP4SlJ1olKqsHMFSrclj
+ZCAemKEexVyzg8cHm9ghj6MLQZe3gs94V6h8I2ifrBBNHMrZgYg2Db0GeyYrr+kZ
+GDjT0DZp0jgyfwKCAQEA2gdTclmrfAU/67ziOJbjkMgfhBdteE1BbJDNUca0zB6q
+Ju4BwNgt0cxHMbltgE2/8hWP95HIaQdh1mIgwSK93MxRbaAvAQfF3muJxvMR5Mru
+DejE+IEK9eZetgkNHGWyfiFzBWHda/Z9PQkqYtRfop5qFBVAPZ4YzR5hT0j64eDQ
+N/z9C0ZB6RL9EcXJgEYgGI3wP8Qsrw3JRBQN0SCVRmrEJm4WIXs+CEHOk56/VbPM
+v82uwbHVghS0U9bEZvNoeq7ZQjS2tRXXRJeOgQyCNvYy670T0KvQZoDb59EbEDSz
+eQZS1J7rDEBHW+VwRSJA8noMEgZdEv8AxbEF2CddWwKCAQAMwH71iXvoW1FNbNxm
+70V7wKO5ExHfJxJ1wQFphYIMbZtn9HG2UFpZHcbKj9Fc8GdbewU/inIljnepC0b5
+v/jLwqT0imm0AmQqCdVNp5mukOg+BOiVEmjN/HTmVO2yE6EZbXHIYkcUBRa3dNxj
+2IitjGp15k27DQSb21VJ7AsH46z5WnuUtgIRXLXxDoXYgLWWfApvYvYJ2lKwma6L
+xnHHwXDvESBoFpn5sZ0jdbXSNl3geFarh7gs753534ys940cBBij+ZbYr14Owc4H
+r0wKdpZvZfD4UC2DLUtVjjSVpeHSWXC/vyjkkdEIKTR6a3kRP8ZliZR7FF4Wjxnv
+NGtvAoIBAEu5g6gRsNewUxUjU0boUT115ExSfrjrzC9S05z1cNH8TIic3YsHClL1
+qjyA9KE9X89K4efQgFTKNZbqGgo6cMsBQ77ZhbnL41Nu8jlhLvPR74BxOgg9eXsS
+eg6rchxMzgO0xmg2J1taDwFl74zHyjeG4bz77IX6JQ8I4C9TX5+YH3lyqsiBrF6x
+M6g6k9Ozh24/zhO3pPVfymmUtX/O20nLxzi5v4H9dfwULxVia33upsxvOaUYiNlX
+K5J641gGbmE93UN7X4HhhhTStrHnkEpalDEASKOPKSCQ3M/U9ptYUoVURuyGDYkB
+wkcOl0HLtdcBwLN59lWkr7X519fNREUCggEBAMk39k+shD2DW8ubE/LgoforwfT2
+558FPxpZ+pGwMHL3ZnLuQuiROyPyQZj/ZmmLAa2TPrwS/ssln46Y2KesejWK/0Hq
+8SaFLhOjacF8u5IOOKBZvx+HOT6ctRNBVyzt9A8wu0DE6nzc5HQpm9TMXrOLuZ0L
+u22yFikwoIgYpU6hBdbg1mnirZS/ZyqJV9gWB6ZYyUAUGdgBqL6euSAAqBp93qz8
+sQLesqTufT1mVZd/ndLyvjDJjNKUE0w1g/1xNtg6N5aM+7pc/DwE/s+EtCxc/858
+dQYLBHIPcw6e0FdL3nTs44BpAqcK28N5eWbe/KaZ3EA0lHRmyOQ++WgU6jo=
+-----END RSA PRIVATE KEY-----
+''')
+
+# openssl ecparam -genkey -name prime256v1 | openssl ec
+if ecdsa_loaded: static_keys[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256] = ECDSA_SigningKey.from_pem('''\
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIPBrVhD1iFF2e8wPkPf4N1038iR8xPgku/CVOT8lcSztoAoGCCqGSM49
+AwEHoUQDQgAE3mB5BmN5Fa4fV74LsDWIpBUxktPqYGJ6WOBrjPs1HWkNU7JHO3qY
+9yy+CXFSPb89GWQgb5wLtNPn4QYMj+KRTA==
+-----END EC PRIVATE KEY-----
+''', SHA256)
+
+# openssl ecparam -genkey -name secp384r1 | openssl ec
+if ecdsa_loaded: static_keys[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P384] = ECDSA_SigningKey.from_pem('''\
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDCVGo35Hbrf3Iys7mWRIm5yjg+6vPIgzbp2jCbDyszBo+wTxmQambG4
+g8yocp4wM6+gBwYFK4EEACKhZANiAATYwa+M8T8jsNHKmMZTvPPflUIfrjuZZo1D
+3kkkmN4r6cTNctjaeRdAfD0X40l4yPnGIP9ParuKVVl1y0TdQ7BS3g/Gj/LP33HD
+ESP8gFDIKFCWSDX0uhmy+HsGsPwgNoY=
+-----END EC PRIVATE KEY-----
+''', SHA384)
+
+# openssl ecparam -genkey -name secp521r1 | openssl ec
+if ecdsa_loaded: static_keys[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P521] = ECDSA_SigningKey.from_pem('''\
+-----BEGIN EC PRIVATE KEY-----
+MIHcAgEBBEIBtf+LKhJNQEJRFQ2cGQPcviwfp9IKSnD5EFTqAPtv7/+t2FtmdHHP
+/fWIlZ7jcC5N9dWy6bKGu3+FqwgZAYLpsqigBwYFK4EEACOhgYkDgYYABADdfcUe
+P0oAZQ5308v5ijcg4hePvhvVi+QKcrwmE9kirXCFoYN1tzPmXZmw8lNJenrbwaNz
+opJR84LBHnomGPogAQGF0aRk0jE8w1j1oMfrrzV6vCWnkh7pyzsDnrLU1HrkWeqw
+ihzwMzYJgFzToDH+fCh7nrBFZZZ9P9gPYMlSM5UMeA==
+-----END EC PRIVATE KEY-----
+''', SHA512)
+
+# Public key objects corresponding to the private key objects above.
+
+def preload_public_keys():
+ for keytag, k in static_keys.items():
+ keytype, len_or_curve = keytag
+ if keytype == HAL_KEY_TYPE_RSA_PRIVATE:
+ static_keys[HAL_KEY_TYPE_RSA_PUBLIC, len_or_curve] = k.publickey()
+ elif keytype == HAL_KEY_TYPE_EC_PRIVATE:
+ static_keys[HAL_KEY_TYPE_EC_PUBLIC, len_or_curve] = k.get_verifying_key()
+ else:
+ raise TypeError
if __name__ == "__main__":