diff options
author | Rob Austein <sra@hactrn.net> | 2016-10-29 19:31:17 -0400 |
---|---|---|
committer | Rob Austein <sra@hactrn.net> | 2016-10-29 19:31:17 -0400 |
commit | 131083158a08fbd30e6929221715496296ae0944 (patch) | |
tree | 7240c2d5688c6616a7ef4a5a4bac73ea3c5ecf37 /unit-tests.py | |
parent | 82b698a7823d5293a457b52a7d4774e6e513e70a (diff) |
Add a bunch of static key tests, including a mixed-mode workout suite.
Diffstat (limited to 'unit-tests.py')
-rw-r--r-- | unit-tests.py | 518 |
1 files changed, 367 insertions, 151 deletions
diff --git a/unit-tests.py b/unit-tests.py index c441cb1..0d93150 100644 --- a/unit-tests.py +++ b/unit-tests.py @@ -18,12 +18,23 @@ try: from Crypto.Util.number import inverse from Crypto.PublicKey import RSA from Crypto.Signature import PKCS1_v1_5 - from Crypto.Hash import SHA256 + from Crypto.Hash.SHA256 import SHA256Hash as SHA256 + from Crypto.Hash.SHA384 import SHA384Hash as SHA384 + from Crypto.Hash.SHA512 import SHA512Hash as SHA512 pycrypto_loaded = True except ImportError: pycrypto_loaded = False +try: + from ecdsa.keys import SigningKey as ECDSA_SigningKey, VerifyingKey as ECDSA_VerifyingKey + if not pycrypto_loaded: + from hashlib import sha256 as SHA256, sha384 as SHA384, sha512 as SHA512 + ecdsa_loaded = True +except ImportError: + ecdsa_loaded = False + + def log(msg): if not args.quiet: sys.stderr.write(msg) @@ -31,6 +42,7 @@ def log(msg): def main(): + preload_public_keys() from sys import argv global args args = parse_arguments(argv[1:]) @@ -109,7 +121,6 @@ class TestBasic(TestCase): self.assertEqual(length, len(random)) -@unittest.skip("Slow") class TestPIN(TestCase): """ Test functions involving PINs. @@ -128,10 +139,14 @@ class TestPIN(TestCase): for user in pin_map: self.assertRaises(HAL_ERROR_FORBIDDEN, hsm.is_logged_in, user) - def login_logout(self, user): - pin = getattr(args, pin_map[user]) - hsm.login(user, pin) - hsm.is_logged_in(user) + def login_logout(self, user1): + pin = getattr(args, pin_map[user1]) + hsm.login(user1, pin) + for user2 in pin_map: + if user2 == user1: + hsm.is_logged_in(user2) + else: + self.assertRaises(HAL_ERROR_FORBIDDEN, hsm.is_logged_in, user2) hsm.logout() def test_login_wheel(self): @@ -143,7 +158,7 @@ class TestPIN(TestCase): def test_login_user(self): self.login_logout(HAL_USER_NORMAL) - # Eventually we will want a test of set_in(), probably under a + # Eventually we will want a test of set_pin(), probably under a # @unittest.skipUnless to prevent it from being run unless the # user requests it. Punt that one for the moment. @@ -173,15 +188,11 @@ class TestDigest(TestCase): # access check semantics). Defer for now. -class TestPKey(TestCase): +class TestPKeyGen(TestCase): """ - Tests involving keys. + Tests involving key generation. """ - oid_p256 = "".join(chr(i) for i in (0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07)) - oid_p384 = "".join(chr(i) for i in (0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22)) - oid_p521 = "".join(chr(i) for i in (0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23)) - @classmethod def setUpClass(cls): hsm.login(HAL_USER_NORMAL, args.user_pin) @@ -190,46 +201,27 @@ class TestPKey(TestCase): def tearDownClass(cls): hsm.logout() - def setUp(self): - self.k1 = self.k2 = None - super(TestPKey, self).setUp() - - def tearDown(self): - super(TestPKey, self).tearDown() - for k in (self.k1, self.k2): - if k is not None: - try: - k.delete() - except: - pass - - # Having all these tests in a single function kind of defeats the - # purpose of having fine tuned unit tests. We're trying to - # amortize the cost of key generation over a series of tests, but - # maybe there's some better way to do that (deeper TestCase - # subclassing?), or maybe we ought to be doing some of these tests - # with canned keys. Also see unittest.TestCase.addCleanup(). + def sign_verify(self, hashalg, k1, k2): + h = hsm.hash_initialize(hashalg) + h.update("Your mother was a hamster") + data = h.finalize() + sig = k1.sign(data = data) + k1.verify(signature = sig, data = data) + k2.verify(signature = sig, data = data) + + def gen_sign_verify_rsa(self, hashalg, keylen): + k1 = hsm.pkey_generate_rsa(keylen) + self.addCleanup(k1.delete) + k2 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE, k1.public_key) + self.addCleanup(k2.delete) + self.sign_verify(hashalg, k1, k2) def gen_sign_verify_ecdsa(self, hashalg, curve): - hsm.mixed_mode = True - hamster = "Your mother was a hamster" - def h(): - hh = hsm.hash_initialize(hashalg) - hh.update(hamster) - return hh - d = h().finalize() - self.k1 = hsm.pkey_generate_ec(curve) - self.k2 = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, curve, self.k1.public_key) - sig1 = self.k1.sign(data = d) - sig2 = self.k1.sign(hash = h()) - self.k1.verify(signature = sig1, data = d) - self.k2.verify(signature = sig1, data = d) - self.k1.verify(signature = sig1, hash = h()) - self.k2.verify(signature = sig1, hash = h()) - self.k1.verify(signature = sig2, data = d) - self.k2.verify(signature = sig2, data = d) - self.k1.verify(signature = sig2, hash = h()) - self.k2.verify(signature = sig2, hash = h()) + k1 = hsm.pkey_generate_ec(curve) + self.addCleanup(k1.delete) + k2 = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, curve, k1.public_key) + self.addCleanup(k2.delete) + self.sign_verify(hashalg, k1, k2) def test_gen_sign_verify_ecdsa_p256_sha256(self): "Generate/sign/verify with ECDSA-P256-SHA-256" @@ -243,10 +235,183 @@ class TestPKey(TestCase): "Generate/sign/verify with ECDSA-P521-SHA-512" self.gen_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521) + def test_gen_sign_verify_rsa_1024_p256_sha256(self): + "Generate/sign/verify with RSA-1024-SHA-256" + self.gen_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024) + + @unittest.skipUnless(args.all_tests, "Slow") + def test_gen_sign_verify_rsa_2048_sha384(self): + "Generate/sign/verify with RSA-2048-SHA-384" + self.gen_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048) + + @unittest.skipUnless(args.all_tests, "Hideously slow") + def test_gen_sign_verify_rsa_4096_sha512(self): + "Generate/sign/verify with RSA-4096-SHA-512" + self.gen_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096) + + +class TestPKeyHashing(TestCase): + """ + Tests involving various ways of doing the hashing for public key operations. + """ + + @classmethod + def setUpClass(cls): + hsm.login(HAL_USER_NORMAL, args.user_pin) + + @classmethod + def tearDownClass(cls): + hsm.logout() + + def load_sign_verify_rsa(self, alg, keylen, method): + k1 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PRIVATE, HAL_CURVE_NONE, + static_keys[HAL_KEY_TYPE_RSA_PRIVATE, keylen].exportKey("DER")) + self.addCleanup(k1.delete) + k2 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE, + static_keys[HAL_KEY_TYPE_RSA_PUBLIC, keylen].exportKey("DER")) + self.addCleanup(k2.delete) + method(alg, k1, k2) + + def load_sign_verify_ecdsa(self, alg, curve, method): + k1 = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, curve, + static_keys[HAL_KEY_TYPE_EC_PRIVATE, curve].to_der()) + self.addCleanup(k1.delete) + k2 = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, curve, + static_keys[HAL_KEY_TYPE_EC_PUBLIC, curve].to_der()) + self.addCleanup(k2.delete) + method(alg, k1, k2) + + @staticmethod + def h(alg, mixed_mode = False): + h = hsm.hash_initialize(alg, mixed_mode = mixed_mode) + h.update("Your mother was a hamster") + return h + + def sign_verify_data(self, alg, k1, k2): + data = self.h(alg, mixed_mode = True).finalize() + sig = k1.sign(data = data) + k1.verify(signature = sig, data = data) + k2.verify(signature = sig, data = data) + + def sign_verify_remote_remote(self, alg, k1, k2): + sig = k1.sign(hash = self.h(alg, mixed_mode = False)) + k1.verify(signature = sig, hash = self.h(alg, mixed_mode = False)) + k2.verify(signature = sig, hash = self.h(alg, mixed_mode = False)) + + def sign_verify_remote_local(self, alg, k1, k2): + sig = k1.sign(hash = self.h(alg, mixed_mode = False)) + k1.verify(signature = sig, hash = self.h(alg, mixed_mode = True)) + k2.verify(signature = sig, hash = self.h(alg, mixed_mode = True)) + + def sign_verify_local_remote(self, alg, k1, k2): + sig = k1.sign(hash = self.h(alg, mixed_mode = True)) + k1.verify(signature = sig, hash = self.h(alg, mixed_mode = False)) + k2.verify(signature = sig, hash = self.h(alg, mixed_mode = False)) + + def sign_verify_local_local(self, alg, k1, k2): + sig = k1.sign(hash = self.h(alg, mixed_mode = True)) + k1.verify(signature = sig, hash = self.h(alg, mixed_mode = True)) + k2.verify(signature = sig, hash = self.h(alg, mixed_mode = True)) + + def test_load_sign_verify_rsa_1024_sha256_data(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_data) + + def test_load_sign_verify_rsa_2048_sha384_data(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_data) + + def test_load_sign_verify_rsa_4096_sha512_data(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_data) + + def test_load_sign_verify_ecdsa_p256_sha256_data(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_data) + + def test_load_sign_verify_ecdsa_p384_sha384_data(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_data) + + def test_load_sign_verify_ecdsa_p521_sha512_data(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_data) + + def test_load_sign_verify_rsa_1024_sha256_remote_remote(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_remote_remote) + + def test_load_sign_verify_rsa_2048_sha384_remote_remote(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_remote_remote) + + def test_load_sign_verify_rsa_4096_sha512_remote_remote(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_remote_remote) + + def test_load_sign_verify_ecdsa_p256_sha256_remote_remote(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_remote_remote) + + def test_load_sign_verify_ecdsa_p384_sha384_remote_remote(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_remote_remote) + + def test_load_sign_verify_ecdsa_p521_sha512_remote_remote(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_remote_remote) + + def test_load_sign_verify_rsa_1024_sha256_remote_local(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_remote_local) + + def test_load_sign_verify_rsa_2048_sha384_remote_local(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_remote_local) + + def test_load_sign_verify_rsa_4096_sha512_remote_local(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_remote_local) + + def test_load_sign_verify_ecdsa_p256_sha256_remote_local(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_remote_local) + + def test_load_sign_verify_ecdsa_p384_sha384_remote_local(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_remote_local) + + def test_load_sign_verify_ecdsa_p521_sha512_remote_local(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_remote_local) + + def test_load_sign_verify_rsa_1024_sha256_local_remote(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_local_remote) + + def test_load_sign_verify_rsa_2048_sha384_local_remote(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_local_remote) + + def test_load_sign_verify_rsa_4096_sha512_local_remote(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_local_remote) + + def test_load_sign_verify_ecdsa_p256_sha256_local_remote(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_local_remote) + + def test_load_sign_verify_ecdsa_p384_sha384_local_remote(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_local_remote) + + def test_load_sign_verify_ecdsa_p521_sha512_local_remote(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_local_remote) + + def test_load_sign_verify_rsa_1024_sha256_local_local(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_local_local) + + def test_load_sign_verify_rsa_2048_sha384_local_local(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_local_local) + + def test_load_sign_verify_rsa_4096_sha512_local_local(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_local_local) + + def test_load_sign_verify_ecdsa_p256_sha256_local_local(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_local_local) + + def test_load_sign_verify_ecdsa_p384_sha384_local_local(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_local_local) + + def test_load_sign_verify_ecdsa_p521_sha512_local_local(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_local_local) + + if False: class Wombat(TestCase): + oid_p256 = "".join(chr(i) for i in (0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07)) + oid_p384 = "".join(chr(i) for i in (0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22)) + oid_p521 = "".join(chr(i) for i in (0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23)) + def test_gen_sign_verify_ecdsa_p384_sha384(self): "Generate/sign/verify with ECDSA-P384-SHA-384" #if not args.all_tests: self.skipTest("SHA-384 not available in current build") @@ -536,7 +701,7 @@ if False: hsm.C_VerifyInit(self.session, CKM_SHA256_RSA_PKCS, public_key) hsm.C_Verify(self.session, tbs, sig) verifier = PKCS1_v1_5.new(RSA.importKey(rsa_1024_pem)) - digest = SHA256.new(tbs) + digest = SHA256(tbs) self.assertTrue(verifier.verify(digest, sig)) hsm.C_SignInit(self.session, CKM_SHA256_RSA_PKCS, private_key) self.assertEqual(sig, hsm.C_Sign(self.session, tbs)) @@ -546,105 +711,156 @@ if False: # Keys for preload tests, here rather than inline because they're -# bulky. These are in PKCS #8 format, see PyCrypto or the "pkey" and -# "genpkey" commands to OpenSSL's command line tool. - -rsa_1024_pem = '''\ ------BEGIN PRIVATE KEY----- -MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAIwSaEpCTVJvbd4Z -B1P8H9EgFlZqats7PeBIOlC2Q1zla7wBmNJkX5Jkez8tF3l22Sn99c6c6PuhyhzB -dZtifQbZniKCJEzyby5MXZeSr20rPdrqiB9FX13mmtLN7ii4nLyAYFAQ4R8ZvdH2 -dRIWtxwhS7d4AyrWYhJkemIvSApfAgMBAAECgYAmL1Zy+AQwNuRSqawPvynFTuQI -Bta+kTXbEJWlLyrKBlkKVb0djfNn6zCWFmrR2A53nh4Gh0wUXRTGJg8znvPKJPcp -45znc7aGQFmDivvl5m/UkbqET6SB6JyCOCKzYa1Rtn3YFMkf/3MgzrWIhFv+UNH/ -I5lSjzJcCrN4mgI+AQJBALcTNa0mOWRXX+6jssbf65Cx6wmHsrrptXiP9gKfwdkx -697EzyvPDL8xwL20O+xBFehj866O/f8nOPP47imOPoECQQDD3gU8wD8MeWLqYcXI -AdERIuuk1VnL36QOzn9NoPF01DLJcrcbN24i5/9tcza3Kdec8fexJTh/PMBvR8Zr -w5jfAkAnFgrXtNl7+suYf4qjuxroAZRUrIwUK+F6pAG5/bG9VVMudIZmrAXkrBKi -beB9SEgNHYnhMtY3q4AVVohChwQBAkAR1I5Jf3691fcJOylUEcZEdxdYhAuOoac/ -qdCw8mvIpOCSshy1H5CpINGB1zEt72MvaF+SAr9n5dHmz3Pir4WlAkB/ZccJ5QBH -uBP0/flXdmhG5lC3MTMiiE7Rls/3L2t6S4xVDnQ81RYf7Car53WN7qSVSZnhDGsn -BJpghq2nYUH1 ------END PRIVATE KEY----- -''' - -rsa_2048_pem = '''\ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCzvgb90hKxeDJy -zeWz/F4JGZ3Acl1i3url3VPXHyoldyhuNC+8jf4iM7TGBYGLH+sYkBXWu9GD0erl -KBMJMTBO8OdXulSAJh8r1Z8qNPSVNguvNgGQlRDGc7tZJ6gWFlzM2g5flED24bN9 -6Ir9O1cZi7xMc0Nzkn9Rms5IwPW8OB4IZZlbFC6Ih9vUSp06Tm3rQ/eQJkhLFbzM -ejc9OH1LSpYtji44ohmy/jPJsmSlzwK5JSchZqbxl/msVw1t/nZS3loqKUMvzn9F -iARLiaIrUKNCmSmL8HqEt2qKt0ESHG0vX07h5W5iHIJOuKhqcX3li8nFcwsOV3AB -RsCRgeppAgMBAAECggEANEeTVQRjN4dUdRv6Me23lEIFJlKdYwKfpBhKKIoCAj+0 -XMmFEPzj7CLJ88bqNQMlqFFQaNLcT9Eg12Jelw/dkzhysYuaxGNSMbfCwc4BTd0Y -bO/yaJFS/cXvujDUrQf4GgVapOZENwrS4E5hDuLRpLaGIF5uQhFcQuoaEgM99m6H -TzOIhtu3DjdbfSsmkGVQ7xUVFcvaCrMVoq06dvUH4HpYTKeeqgcVv++XjIe83Nzv -+oN5U2oFOzrYpGGHN6jrekmmbEaxy8UHOySC6Y+UyRrPEy9q1ZgkkC9VCrM7E28/ -4PETw8MI7uNoosuFXofctKjtRvC5Sn9zW3dyv9NkAQKBgQDSkdDy4+xN2kA7gdry -4eLKUzKRNSbnoPrCu2TENUR8oTjbJ52LQEbGa9HIKaM33701hJsc34C6adJgoY9c -PoBcJgxOI7N40A/rI3c8krKS5X/ViBY3TzJsP3LaBKDdfioaTDVTjhYD6v2eu7Lt -4eIqa8sVA4PhLSVGRW53ZSYjwQKBgQDahY6cR8WgPseQJTkCbKyfKCSuz6nioZpC -stkpKhJepzE6AKZTLLWvNIPNT/khl40aby5seLNkY3Tb9cYBX2iShGv4cguPMiAl -hb7Uljz19i6YaX74gkTjsYpv44ddLSZp+/FTOl0C0I8WocQpb8B2d4BgvfxgHrHb -KCHnyihQqQKBgQC7PKPixt7hnzdMcrxhCpDiPbaSPgQZJSC1NXJ1sbPzalynKwPA -xefpGgiRBs02qsGRLBfNRcQuflhuSlqyuHTk+4Qnm0FEJSZyfLfS6dLWIjJYikjO -56I7dPPIfyMXsM75UVh9srNKypK4qciCFEBKXk1XoyeKe91QLf77NbsDQQKBgDnY -CLwNs56Lf8AEWmbt5XPr6GntxoabSH5HYXyoClzL3RgBfAWgXCeYuxrqBISD3XIV -5DAKc1IrkY94K4XJf6DpNLt7VNv+5MuJ783ORyzEkej+ZAHcWef74y1jCT386aI8 -ctEZLe3Ez1uqToa5cjTpxS3WnKvE9EeTBAabWLihAoGBAKft+PG+j+QhZeHSGxRz -mY6AQHH4z7IU94fmXiT2kTsG8/svhPNfsmVt7UCSJbCaYsrcuR2NonVV8wn/U793 -LcnLAV+WObeduMTBCasJw8IniFwFhhfkxOtmlevExE1I3ENwkRlJ7NdROky4pnd5 -LGmN2EOOlFijEGxBfw+Wb1rQ ------END PRIVATE KEY----- -''' - -rsa_3416_pem = '''\ ------BEGIN PRIVATE KEY----- -MIIHvgIBADANBgkqhkiG9w0BAQEFAASCB6gwggekAgEAAoIBrADgnFnBx2/mTFGM -pEQ891GLfN8lnCJsMTN3zkQKCAV1iQpXXoOzq+mFDudpYsBZRq15AZxPc6ZejD5Q -P8PTIPdNWquC7u5mUsxLc12iVvXn3OBvxQyf/U+8S3Y2OsuVr9oTAU/PS4lO/bct -GgTmGnuRgWSgKl+tqsmABqEDOvEGIK7MHiwL7XbFgxPTV9nhP6Qaox0/eBD1Cq0K -pQ2DmwVCMglQl2s2kmmqT9HV/iZD/WuvxpnRYpGLtUQLgVbCO50spH/PSrsnaiIk -DMzPreaRjNVhKz2cVAJysCdGygY0vUtZILlA9gngL/arQYV2eSwTyvpzZwiJOcVV -d2A8Beebo0bWG2pnBnWNBlp20s+UQRheYJZapIgd5tmHLb9sJLeC6QRJzgCLweO3 -jaGzwN96q5/Wgjldn5a/eW1w0anwx34BVOkOJxvcvvhgleI7vlpZ93tuWsJ8xqjU -0mRB3NhRhlVxS1UJbgF1LbciLvcLJ7QpCM5ExS1tpZFBeSY+sov+UQo05T66ZapY -Wwbh7AqDI0F0J+j5pPUG0+Whkju4oxB0FUd69ggMmCaHAgMBAAECggGrYJYbat7u -WaQ79TS2O1lG8aqy8qNfkhLeRQin7YBhiJdzoPp9vAeTFarBDGpwuHNSKZTtuKTM -yB+atDuXY/TrI5J36ogAcHPucgucGjE28Yvj32xm722omhoBLXS/ExFZv45y2Xts -AlHMMVLdBG4i8QEpWk6ecjndCHbRSmhQOQhY4mGfI0nsJyckoV9HzDrnwKSf8Ska -caUzoD41v4AsFLkblFJowkDXu2szmsf9gIM7iYznnEi8uc0rA5+MxV2JSyc55tQG -Av76y3HNqQjo+3IKWAyWFvujkBQRePw5HVMxmw9i5KIo41LGbZsMkwNkVq6pu6Gf -rQGKaLD9L0o4h1zI8pOaNs8pX5SdtzhjYr3AsXdarL//dES6tVfFqVhN824debEC -nIMEAaUmLFaergh37tl9BqKJncvWn/nqkKt2AmW3K07uXhbNBGp5VJiBJL1ade1k -16t8c9HA1KqzEBXpWdiAoX1ezRkdlLNswOi0rjBFhLBlX7/8Nzlp7c4Mz7ioEXGc -2yTEs2CgwYa+Tc0qKV1Q+zOJ97MNyi6NLsoG9FSpeNvmSwEqYQKB1g+Hdma2H+ud -d5yLzONKanWzYddjnjxifgepBaHi0tKDysjGk9N/0LAX9sEOQsIqwVjE/OwpQFAy -ScI1dvx1nTCw2S0XCtUIgSxmFq6ZO2BaduL6J6KxMN1JYkME7U5uAeAlH9gcKzqK -sUPCPQE+q6rjVinK7oWp4ZeGEl+dGZyqGy1aScBN5Ie1URi9LYRZHCuKjyUYSmwF -95QPc64HqYwr8k6zSfW7Hj5Ier8AWNlhO1/o0Q8OAMA42kQIAYpC23YZXQqqYifH -80kEj4jl0Tvo+35jTjkCgdYOdryFRF/ukhz1ykZ3It3YfrkP56KuQ0a/GJvJ+XJU -wMPunvuQ3rVjIWAB1JTl2ASUl8QJEsHuLeXO1mwtNpFHy5FAmi+VSnpIaTE6YHRX -5/P/renuOeozwBPky95gULdRAgwTOdP0UucQ7I7U7FAXUronQHWrQTFbemnnXQYP -m0yy2gxZ4TPRquaYP26sKWk6ollrPrtObppgpPtmKFVrdah9GMtPG0/ArrecP1g5 -6JF0KXX2bR/7lr1QK7ETMcopaTW9zTVhTA9go1aoVP99J1O/Bxq/AoHWBM495NEt -laN4VXip4hiwU1Y8zAPm/vbX25UByjRAW6cvROy26HegZC42TU4VeLL0fH0RbB/j -6C13x+L1vHDFQUEpJBwCXSSxnMTG9iczScEVE26of19oKMLB5s2Khn/ikrPKY/1r -n0U2UCq26EC1rT+G9Y34PGLzDgoOe4pJV8MIgAN12U4Bj8GbpBU/FbrhzdOmMquO -tFkwYaBagxuZ62faJ2KyW5oZZNrXKW55EGRXlHme4JLLxrCRUwZLO7cu5SA6O8e4 -cmkdL5Z6uLmuA2U5FsayeQKB1glMG8ySchP5yjHYr0j/mZkDhFQL8o+P4VcPK30+ -IlcGfivR+CVccz5ggsVKb9f67p7Rm4q1iwFecX1uaaT6kZKT8S+UrQeLE2WecK10 -uPSUvkxY76lZgwl265LD1ZMV73BcH4TwRCWmcK95UCrgKG+FlvGKRtkpk9+YpaC6 -NB4uFrRU42GXGGcrMwUkqTBzghfVqiL89QvqnsOG6a72OEpWHFMlb/LOvIpABPij -40N+EpmX2SLpbIidkd2J6E5NUAUkgw4Zbbm4WZ4mAJs93+kEMZn2qCMCgdYLpnPB -uZ6pDpmXxKmfGRqzZVCwYJk9myya2ZcAmjfEHGpLHcy99mDSgb9BaUnceGizgSnG -KQCxAnX7xFXshz52DIfGZqKANyuuCRXv34aB0PxHozmlmAjuU5Y8I8PcioOqNLh3 -ZEcXNEVhhaZKGi9yz7QXZsauxjYGjgsGvaV+yPrzWcnIWsKW0X0aC3eIDOaw8yCC -F9qQXfT559lNaH3+aBCVlDL17HtOkax8J04vI1gEbqIyd9vn34+iFBcC5TBq9qZT -BvUE7g/dCNw3ISPEAgVJZUHJ ------END PRIVATE KEY----- -''' +# bulky. + +static_keys = {} + +# openssl genrsa 1024 +if pycrypto_loaded: static_keys[HAL_KEY_TYPE_RSA_PRIVATE, 1024] = RSA.importKey('''\ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQC95QlDOvlQhdCe/a7eIoX9SGPVfXfA8/62ilnF+NcwLrhxkr2R +4EVQB65+9AbxqM8Hqol6fhZzmDs48cl2tOFGJpE8iMhiFm4i6SGl2RXYaG0xi+lJ +FrXXCLFQovIEMuukBE129wra1xIB72tYR14lu8REX+Mhpbuz44M1jlCrlQIDAQAB +AoGAeU928l8bZIiH9PnlG318kYkMVhd4SGjXQK/zl9hXSC2goNV4i1d1kCHIJMwq +H3mTALe+aeVg3GnU85Tq+g2llzogoyXl8q902KbvImrM/XSbsue9/oj0OSgw+jKB +faFzX6FxAtNV5pmU9QiwauBIl/3yPCF9ifim5zg+pWCqLaECQQD59Z/R6TrTHxp6 +w2vH4CJyP5KORcf+eMa50SAriMVBXsJzsBiLLVxKIZfWbQn9gytJqJZKmIHezZQm +dyam84fpAkEAwnvSF27RhxLXE037+t7k5MZti6BfNTeUBrwffteepL6qax9HK+h9 +IQZ1vfNIqjZm8i7kQQyy4L8tRnk8mjZmzQJBAIUwfXWTilW+yBRMFx1M7+3itAv9 +YODWqEWRCkxIN5tqi8CrP5jBleCmX8rRFTaxcxpvq42aD/GRp3SLntvs/ikCQCSg +GOKc1gyv+Z0DFK8cBtMmoz6mRwfInbHe/7dtd8zis0lVLJwSPm5Xvxi0ljyn3h9B +wW6Wq6Ezn50j+8u27wkCQQCcIFE01BDAdtFHtTJ3aaEM9IdMCYrcJ0I/Y0NTE2M6 +lsTSiPyQjc4dQQJxFduvWHLx28bx+l7FTav7FaKntCJo +-----END RSA PRIVATE KEY----- +''') + +# openssl genrsa 2048 +if pycrypto_loaded: static_keys[HAL_KEY_TYPE_RSA_PRIVATE, 2048] = RSA.importKey('''\ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAsbvq6syhDXD/OMVAuLoMceGQLUIiezfShVqFfyMqADjqhFRW +Wbonn0XV9ZkypU4Ib9n6PtLATNaefhpsUlI4s+20YTlQ7GiwJ9p97/N1o1u060ja +4LdqhfYtn8GZX+JAfa5NqpmLKCJ58XJ3q28MPLRwYp5yKckjkzchZHFyjs1W7r5a +JfeJ/vsQusX3klmCehJ1jxSHPh8o6lTjFMnBK8t360YTu0UGK/RUcEAYO7l7FWjd +8PjZfawXIrOAhCLkVvDFfpsl2oyFIL9d1QE87WdyyZXAtWLs62gnX+kiBq9gUhu5 +GsgcQifHBcRiGZfH0TRIMgIsSjsorzHqJ9uoQwIDAQABAoIBAGqzx5/5A8NfEEpT +2bxNLcV8xqL1LmBNLh0TMEwYn1GM2fZh74lkwf7T3VTaCVbGlzgXZC4tNneq7XIF +iPyPEi2rSnyH/XZAj2kNukfBIOHW37HVhloco14TYmajwuGWomMRrtz521pYAF+c ++g042N7k8Qez2hQOBkaOdYSouz7RNdJUGUocRhcSkh+QZTBwtQxrkuhhHN+zkIri ++Q09hF2hAliHrh6mow8ci0gRsXnZzsdJfTX8CasHWTIll4gfrvWnUY7iYqB6ynRU +YN+7IgQXMUFLziIlH1qN+DlEYdznsgAPSS3JdTWh0cvjiO8wTFAnOIdsj+BpKoDB +PK2zzDkCgYEA3TP8h4Ds/y1tDijE3Sarrg0vWuY97sJmAla4qFHH4hscZ84NDzTM +I/ohLPJgpeR2MaBqZmVk9UFrd3rdt3/lX6kSO7Kffa9rVgfOB4CqJ4joso3j0qY8 +V/iVBcDcD1h4aXCRX2tMJICUTgVU/N8/2wBEElcOUjZHGlcHmbHndlUCgYEAzbFm +ttPuIHrYHkmOm/DjYB65+WD8gfPMdeUbnx+yIt5xwimIbq1qWzl4++goTAAyaU/7 +qM9IfveRue0B7yjnPa8fjN+CcXMGM6a3BIqeIv1icfgjHxlt7D+64FpENWXHvFE0 +MhRliINfkTHm+U4+1s0045a+bLdTbfVly1gATDcCgYEAyOaoWmFL3k7hl1SLx9eR +YVj0Q3iNk0XX5BPjTmxIQCEjYVwRHFh1d897Rhk0kja26kepmypH0UADXNaofDqa +lpE10CZhGIOz1sTr6ICBCbscrN6VpgH5GGTa5AjPVNijNBBa1/DZjOWCzIGnOKuC +kWLicE3E4gIN/exBKOQdNqkCgYEAjA5PMg38BoGexoCvad8L81b4qqUvSg0HGv91 +X1Plp3hvXRWKoFHUKWlox528UoOPz8V2ReteIZXQ1BhdSMtBKO8lPHa0CyuW/XR3 +CdCY/Jorfg7HW1WlU0fRpxHPf8xdxAxGzhK1T86kM+kWrIpqnzf62zy5TK1HUYfW +WC8DhOECgYBzU8hIA0PU7aRPUs0o9MO9XcvVPvdX6UOKdNb9CnBMudS/chKHJUYP +d0fFAiVaRX0JMQ0RSrenxCqfWVtW3T3wFYNHB/IFRIUT3I44wwXJTNOeoi3FDTMx +EQfc0UFoFHyc3mYEKR4zHheqQG5OFBN89LqG3S+O69vc1qwCvNKL+Q== +-----END RSA PRIVATE KEY----- +''') + +# openssl genrsa 4096 +if pycrypto_loaded: static_keys[HAL_KEY_TYPE_RSA_PRIVATE, 4096] = RSA.importKey('''\ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAzWpYSQt+DrUNI+EJT/ko92wM2POfFnmm3Kc34nmuK6sez0DJ +r9Vib9R5K46RNgqcUdAodjU6cy3/MZA53SqP7RwR/LQtWmK2a+T4iey2vQZ0iCDA +2NI4gjgmCAjZnOD/m5yUXjCig/wJ8pGXolg8oHnvdeLg1joIOSF9OudLrI6aJnDg +OfdegzmCWXmWl7TXrqHVIWZhZZF7qQZRso6ZQ1/8mjpvVD0drASBxMnIzvpe4ynr +Y2NB807X/D5bbScp292ZKTNf5unPN1SsFy5ymzfLZrfNksYef6xPXcVr6OiObi49 +De8e11aNPj6fgLzzqAu1rjjrDkgvXx5G7gPJXq1aq6uxB2cKMrRS+ivmyC8vQlzP +lQwW20oYeeOfCg7ddNAJcu3jNTuNJaZdhc9szpVhV8DXZoXe/RzUNjZH7wUqueHy +fpbLwS+h3McJqrbWFdCQBivZnoI05cF2JIHEeR3S0Gyo2/IheNeFX2Tt8oDnHY4a +olRHiR5CMdM8UoGSxR9Y12fZ9dcqdCH3d6wDAsBDHTCE8ZIwFwhW6iA+g54YE3X7 +BlsgWr60poCDgH+CJjh0VDVxqL7r+w76sD9WAQMa7Gb+Mp2XCYnIZPXTrsmwVbZ9 +s5vFXUEODYom6qBlbZB8gyZzee5Skc1jx2fnmqxRtflA4W3xVAQFof2rFiUCAwEA +AQKCAgBxhQXJSFqf0hqy61h0I+Qp6EKpWuleSFiYtKjDti803tql+s37KFfAKZHV +KnLBhNeitwDFYuEsag0P3P69ZRopFUwzdXdi7g6WTfG0d2b9y6V23XL14Cduf400 +/38TnZxk6QFtlD8b5ZuxvBgqlczbeseFRJ6whV2qBQHqHYzKjfxOpi6kmjpXFt8c +h39b04smbTUVwjitIttOK7nWjcvRWiiFKyn/Sc8uE0eL81/QUrlBnRcC1AXMapQe +SG/KQMx3P123UTb8q9XiZB6+qOKZORplZ8pqBKcyM42g6suZ6XtdFJyVKMLIioKA +FaecQ8/73IzI/ZeZSvcy/85/FwSfGjHD7C7vL9kfg77no+IvHYlBYiIqtTddpQH5 +LGJAJnOGtk047/OjTmL8QyylvDAv8jBeZZdbOX7L+8jk5DbHmfUcDjvBS9g+Fbfk +jDurphrp1dHn/YgaA27NZs87TPWX1aVPiOlXEhO9SHHiiKCHDpBzV1gW/eiho33s ++uEr57ZoakzonN/zNb7KqHUO/ZGwMg+V9bVIgThqbdgmxNz7JFz14CN79yPmW5QT +1P1v7a6xWaZTALe2HGvy0B+iRzhLpay1tI4O/omPj9vUzVJwGHztVt0RddcmA9wV +Y3qglRNl+YvNlm6BUn8KwPIqki8JoioA8J1EQ5mz/K0fbrzcOQKCAQEA8TCqq0pb +mfxtsf42zhsSUw1VdcCIG0IYcSWxIiCfujryAQX1tmstZeRchlykXmdO+JDcpvMy +BKBD7188JEWjCX1IRRtHxTJ5WG+pE8sNPLNL8eZVZ+CEbNjVk4dtWGLwyNm+rQkM +NmOlm+7ZHdezBXljZOeqZbdsTSDQcGYG8JxlvLpAN60pjIGvTdTrdnksMhB4PK+l +7KtyEVDWXU/VT6kqhP3Ri1doHv/81BplgfjEJM8ZxmasfP4SlJ1olKqsHMFSrclj +ZCAemKEexVyzg8cHm9ghj6MLQZe3gs94V6h8I2ifrBBNHMrZgYg2Db0GeyYrr+kZ +GDjT0DZp0jgyfwKCAQEA2gdTclmrfAU/67ziOJbjkMgfhBdteE1BbJDNUca0zB6q +Ju4BwNgt0cxHMbltgE2/8hWP95HIaQdh1mIgwSK93MxRbaAvAQfF3muJxvMR5Mru +DejE+IEK9eZetgkNHGWyfiFzBWHda/Z9PQkqYtRfop5qFBVAPZ4YzR5hT0j64eDQ +N/z9C0ZB6RL9EcXJgEYgGI3wP8Qsrw3JRBQN0SCVRmrEJm4WIXs+CEHOk56/VbPM +v82uwbHVghS0U9bEZvNoeq7ZQjS2tRXXRJeOgQyCNvYy670T0KvQZoDb59EbEDSz +eQZS1J7rDEBHW+VwRSJA8noMEgZdEv8AxbEF2CddWwKCAQAMwH71iXvoW1FNbNxm +70V7wKO5ExHfJxJ1wQFphYIMbZtn9HG2UFpZHcbKj9Fc8GdbewU/inIljnepC0b5 +v/jLwqT0imm0AmQqCdVNp5mukOg+BOiVEmjN/HTmVO2yE6EZbXHIYkcUBRa3dNxj +2IitjGp15k27DQSb21VJ7AsH46z5WnuUtgIRXLXxDoXYgLWWfApvYvYJ2lKwma6L +xnHHwXDvESBoFpn5sZ0jdbXSNl3geFarh7gs753534ys940cBBij+ZbYr14Owc4H +r0wKdpZvZfD4UC2DLUtVjjSVpeHSWXC/vyjkkdEIKTR6a3kRP8ZliZR7FF4Wjxnv +NGtvAoIBAEu5g6gRsNewUxUjU0boUT115ExSfrjrzC9S05z1cNH8TIic3YsHClL1 +qjyA9KE9X89K4efQgFTKNZbqGgo6cMsBQ77ZhbnL41Nu8jlhLvPR74BxOgg9eXsS +eg6rchxMzgO0xmg2J1taDwFl74zHyjeG4bz77IX6JQ8I4C9TX5+YH3lyqsiBrF6x +M6g6k9Ozh24/zhO3pPVfymmUtX/O20nLxzi5v4H9dfwULxVia33upsxvOaUYiNlX +K5J641gGbmE93UN7X4HhhhTStrHnkEpalDEASKOPKSCQ3M/U9ptYUoVURuyGDYkB +wkcOl0HLtdcBwLN59lWkr7X519fNREUCggEBAMk39k+shD2DW8ubE/LgoforwfT2 +558FPxpZ+pGwMHL3ZnLuQuiROyPyQZj/ZmmLAa2TPrwS/ssln46Y2KesejWK/0Hq +8SaFLhOjacF8u5IOOKBZvx+HOT6ctRNBVyzt9A8wu0DE6nzc5HQpm9TMXrOLuZ0L +u22yFikwoIgYpU6hBdbg1mnirZS/ZyqJV9gWB6ZYyUAUGdgBqL6euSAAqBp93qz8 +sQLesqTufT1mVZd/ndLyvjDJjNKUE0w1g/1xNtg6N5aM+7pc/DwE/s+EtCxc/858 +dQYLBHIPcw6e0FdL3nTs44BpAqcK28N5eWbe/KaZ3EA0lHRmyOQ++WgU6jo= +-----END RSA PRIVATE KEY----- +''') + +# openssl ecparam -genkey -name prime256v1 | openssl ec +if ecdsa_loaded: static_keys[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256] = ECDSA_SigningKey.from_pem('''\ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIPBrVhD1iFF2e8wPkPf4N1038iR8xPgku/CVOT8lcSztoAoGCCqGSM49 +AwEHoUQDQgAE3mB5BmN5Fa4fV74LsDWIpBUxktPqYGJ6WOBrjPs1HWkNU7JHO3qY +9yy+CXFSPb89GWQgb5wLtNPn4QYMj+KRTA== +-----END EC PRIVATE KEY----- +''', SHA256) + +# openssl ecparam -genkey -name secp384r1 | openssl ec +if ecdsa_loaded: static_keys[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P384] = ECDSA_SigningKey.from_pem('''\ +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDCVGo35Hbrf3Iys7mWRIm5yjg+6vPIgzbp2jCbDyszBo+wTxmQambG4 +g8yocp4wM6+gBwYFK4EEACKhZANiAATYwa+M8T8jsNHKmMZTvPPflUIfrjuZZo1D +3kkkmN4r6cTNctjaeRdAfD0X40l4yPnGIP9ParuKVVl1y0TdQ7BS3g/Gj/LP33HD +ESP8gFDIKFCWSDX0uhmy+HsGsPwgNoY= +-----END EC PRIVATE KEY----- +''', SHA384) + +# openssl ecparam -genkey -name secp521r1 | openssl ec +if ecdsa_loaded: static_keys[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P521] = ECDSA_SigningKey.from_pem('''\ +-----BEGIN EC PRIVATE KEY----- +MIHcAgEBBEIBtf+LKhJNQEJRFQ2cGQPcviwfp9IKSnD5EFTqAPtv7/+t2FtmdHHP +/fWIlZ7jcC5N9dWy6bKGu3+FqwgZAYLpsqigBwYFK4EEACOhgYkDgYYABADdfcUe +P0oAZQ5308v5ijcg4hePvhvVi+QKcrwmE9kirXCFoYN1tzPmXZmw8lNJenrbwaNz +opJR84LBHnomGPogAQGF0aRk0jE8w1j1oMfrrzV6vCWnkh7pyzsDnrLU1HrkWeqw +ihzwMzYJgFzToDH+fCh7nrBFZZZ9P9gPYMlSM5UMeA== +-----END EC PRIVATE KEY----- +''', SHA512) + +# Public key objects corresponding to the private key objects above. + +def preload_public_keys(): + for keytag, k in static_keys.items(): + keytype, len_or_curve = keytag + if keytype == HAL_KEY_TYPE_RSA_PRIVATE: + static_keys[HAL_KEY_TYPE_RSA_PUBLIC, len_or_curve] = k.publickey() + elif keytype == HAL_KEY_TYPE_EC_PRIVATE: + static_keys[HAL_KEY_TYPE_EC_PUBLIC, len_or_curve] = k.get_verifying_key() + else: + raise TypeError if __name__ == "__main__": |