aboutsummaryrefslogtreecommitdiff
path: root/unit-tests.py
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2017-04-11 00:14:59 -0400
committerRob Austein <sra@hactrn.net>2017-04-11 00:14:59 -0400
commitcc46a697de71e66e90653e3ac7fffe413acfd8c8 (patch)
treec6df3d427c9ea29b6cd71cb92a6e6a579e977076 /unit-tests.py
parenta90d24ee670af4e605cbd95418b000f811265c59 (diff)
API cleanup: pkey_open() and pkey_match().
pkey_open() now looks in both keystores rather than requiring the user to know. The chance of collision with randomly-generated UUID is low enough that we really ought to be able to present a single namespace. So now we do. pkey_match() now takes a couple of extra arguments which allow a single search to cover both keystores, as well as matching for specific key flags. The former interface was pretty much useless for anything involving flags, and required the user to issue a separate call for each keystore. User wheel is now exempt from the per-session key lookup constraints, Whether this is a good idea or not is an interesting question, but the whole PKCS #11 derived per-session key thing is weird to begin with, and having keystore listings on the console deliberately ignore session keys was just too confusing.
Diffstat (limited to 'unit-tests.py')
-rw-r--r--unit-tests.py46
1 files changed, 30 insertions, 16 deletions
diff --git a/unit-tests.py b/unit-tests.py
index d5b6c77..295bf40 100644
--- a/unit-tests.py
+++ b/unit-tests.py
@@ -550,43 +550,54 @@ class TestPKeyMatch(TestCaseLoggedIn):
Tests involving PKey list and match functions.
"""
+ @staticmethod
+ def key_flag_names(flags):
+ names = dict(digitalsignature = HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE,
+ keyencipherment = HAL_KEY_FLAG_USAGE_KEYENCIPHERMENT,
+ dataencipherment = HAL_KEY_FLAG_USAGE_DATAENCIPHERMENT,
+ token = HAL_KEY_FLAG_TOKEN,
+ public = HAL_KEY_FLAG_PUBLIC,
+ exportable = HAL_KEY_FLAG_EXPORTABLE)
+ return ", ".join(sorted(k for k, v in names.iteritems() if (flags & v) != 0))
+
def load_keys(self, flags):
uuids = set()
for obj in PreloadedKey.db.itervalues():
with hsm.pkey_load(obj.der, flags) as k:
- self.addCleanup(lambda uuid: hsm.pkey_open(uuid, flags = flags).delete(), k.uuid)
+ self.addCleanup(lambda uuid: hsm.pkey_open(uuid).delete(), k.uuid)
uuids.add(k.uuid)
+ #print k.uuid, k.key_type, k.key_curve, self.key_flag_names(k.key_flags)
k.set_attributes(dict((i, a) for i, a in enumerate((str(obj.keytype), str(obj.fn2)))))
return uuids
- def match(self, flags, **kwargs):
- uuids = kwargs.pop("uuids", None)
- kwargs.update(flags = flags)
+ def match(self, uuids, **kwargs):
n = 0
for uuid in hsm.pkey_match(**kwargs):
- if uuids is None or uuid in uuids:
- with hsm.pkey_open(uuid, flags) as k:
+ if uuid in uuids:
+ with hsm.pkey_open(uuid) as k:
n += 1
yield n, k
- def ks_match(self, flags):
+ def ks_match(self, mask, flags):
tags = []
uuids = set()
for i in xrange(2):
- uuids |= self.load_keys(flags)
+ uuids |= self.load_keys(flags if mask else HAL_KEY_FLAG_TOKEN * i)
tags.extend(PreloadedKey.db)
self.assertEqual(len(tags), len(uuids))
- self.assertEqual(uuids, set(k.uuid for n, k in self.match(flags = flags, uuids = uuids)))
+ self.assertEqual(uuids, set(k.uuid for n, k in self.match(mask = mask,
+ flags = flags,
+ uuids = uuids)))
for keytype in set(HALKeyType.index.itervalues()) - {HAL_KEY_TYPE_NONE}:
- for n, k in self.match(flags = flags, uuids = uuids, type = keytype):
+ for n, k in self.match(mask = mask, flags = flags, uuids = uuids, type = keytype):
self.assertEqual(k.key_type, keytype)
self.assertEqual(k.get_attributes({0}).pop(0), str(keytype))
self.assertEqual(n, sum(1 for t1, t2 in tags if t1 == keytype))
for curve in set(HALCurve.index.itervalues()) - {HAL_CURVE_NONE}:
- for n, k in self.match(flags = flags, uuids = uuids, curve = curve):
+ for n, k in self.match(mask = mask, flags = flags, uuids = uuids, curve = curve):
self.assertEqual(k.key_curve, curve)
self.assertEqual(k.get_attributes({1}).pop(1), str(curve))
self.assertIn(k.key_type, (HAL_KEY_TYPE_EC_PUBLIC,
@@ -594,7 +605,7 @@ class TestPKeyMatch(TestCaseLoggedIn):
self.assertEqual(n, sum(1 for t1, t2 in tags if t2 == curve))
for keylen in set(kl for kt, kl in tags if not isinstance(kl, Enum)):
- for n, k in self.match(flags = flags, uuids = uuids,
+ for n, k in self.match(mask = mask, flags = flags, uuids = uuids,
attributes = {1 : str(keylen)}):
self.assertEqual(keylen, int(k.get_attributes({1}).pop(1)))
self.assertIn(k.key_type, (HAL_KEY_TYPE_RSA_PUBLIC,
@@ -602,17 +613,20 @@ class TestPKeyMatch(TestCaseLoggedIn):
self.assertEqual(n, sum(1 for t1, t2 in tags
if not isinstance(t2, Enum) and t2 == keylen))
- for n, k in self.match(flags = flags, uuids = uuids,
+ for n, k in self.match(mask = mask, flags = flags, uuids = uuids,
type = HAL_KEY_TYPE_RSA_PUBLIC, attributes = {1 : "2048"}):
self.assertEqual(k.key_type, HAL_KEY_TYPE_RSA_PUBLIC)
self.assertEqual(n, sum(1 for t1, t2 in tags
if t1 == HAL_KEY_TYPE_RSA_PUBLIC and t2 == 2048))
def test_ks_match_token(self):
- self.ks_match(HAL_KEY_FLAG_TOKEN)
+ self.ks_match(mask = HAL_KEY_FLAG_TOKEN, flags = HAL_KEY_FLAG_TOKEN)
def test_ks_match_volatile(self):
- self.ks_match(0)
+ self.ks_match(mask = HAL_KEY_FLAG_TOKEN, flags = 0)
+
+ def test_ks_match_all(self):
+ self.ks_match(mask = 0, flags = 0)
class TestPKeyAttribute(TestCaseLoggedIn):
@@ -626,7 +640,7 @@ class TestPKeyAttribute(TestCaseLoggedIn):
for obj in PreloadedKey.db.itervalues():
with hsm.pkey_load(obj.der, flags) as k:
pinwheel()
- self.addCleanup(lambda uuid: hsm.pkey_open(uuid, flags = flags).delete(), k.uuid)
+ self.addCleanup(lambda uuid: hsm.pkey_open(uuid).delete(), k.uuid)
k.set_attributes(dict((j, "Attribute {}{}".format(j, "*" * n_fill))
for j in xrange(n_attrs)))
pinwheel()
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 13:46:31 +0000