hal_ks_index_fsck() and a pile of debugging code.

The debugging code was for tracking down what turned out to be a race
condition in the Alpha's flash driver code (see sw/stm32); much of
this was temporary, and will be removed in a (near) future commit, but
some of the techniques were useful and belong in the repository in
case we need to pull them back for something similar in the future.

hal_ks_index_fsck() attempts to diagnose all the things I found wrong
in the ks_flash index after one long series of errors.  As presently
written, it doesn't attempt to fix anything, just diagnose errors: the
intent is that we can call this, before and after every modification
if necessary, to poinpoint exactly which calls introduce errors.  Once
things stablize a bit, we may want to crank down the number of calls
to this (it's a bit expensive, since it checks the entire index), and
perhaps add the ability to clean up whatever errors it might find; the
latter might be a good candidate for a CLI command.

1 files changed, 55 insertions, 4 deletions

diff --git a/unit-tests.py b/unit-tests.py
index 5646add..d460a26 100644
--- a/unit-tests.py
+++ b/unit-tests.py
@@ -96,13 +96,13 @@ hsm  = None
 
 pin_map = { HAL_USER_NORMAL : "user_pin", HAL_USER_SO : "so_pin", HAL_USER_WHEEL : "wheel_pin" }
 
+
 def setUpModule():
     global hsm
     hsm = HSM()
 
-
 def tearDownModule():
-    hsm.logout_all()
+    hsm.logout()
     #hsm.close()
 
 
@@ -158,12 +158,12 @@ class TestPIN(TestCase):
     """
 
     def setUp(self):
-        hsm.logout_all()
+        hsm.logout()
         super(TestPIN, self).setUp()
 
     def tearDown(self):
         super(TestPIN, self).tearDown()
-        hsm.logout_all()
+        hsm.logout()
 
     def test_is_logged_in(self):
         "Test whether is_logged_in() returns correct exception when not logged in"
@@ -505,6 +505,55 @@ class TestPKeyECDSAInterop(TestCaseLoggedIn):
         self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521)
 
 
+class TestPKeyList(TestCaseLoggedIn):
+    """
+    Tests involving PKey list and match functions.
+    """
+
+    # Some kind of race condition, don't understand it yet, but
+    # without the sleep, the flash keystore code occasionally reads
+    # zeroed pages immediately after a deletion (which itself zeros
+    # pages, which is suspicious, but I haven't spotted a problem
+    # there yet), with the sleep it doesn't.  Worrisome.
+
+    kludge_around_race_condition = False
+
+    def cleanup(self):
+        for uuid, flags in self.keys:
+            if self.kludge_around_race_condition and (flags & HAL_KEY_FLAG_TOKEN) != 0:
+                from time import sleep
+                sleep(0.1)
+            hsm.pkey_find(uuid, flags = flags).delete()
+
+    def load_keys(self, flags):
+        self.keys = []
+        self.addCleanup(self.cleanup)
+
+        for keytype, curve in static_keys:
+            obj = static_keys[keytype, curve]
+            if keytype in (HAL_KEY_TYPE_RSA_PRIVATE, HAL_KEY_TYPE_RSA_PUBLIC):
+                curve = HAL_CURVE_NONE
+                der   = obj.exportKey("DER")
+            elif keytype in (HAL_KEY_TYPE_EC_PRIVATE, HAL_KEY_TYPE_EC_PUBLIC):
+                der   = obj.to_der()
+            else:
+                raise ValueError
+            k = hsm.pkey_load(keytype, curve, der, flags)
+            self.keys.append((k.uuid, flags))
+            k.close()
+
+    def ks_list(self, flags):
+        self.load_keys(flags)
+        hsm.pkey_list(flags = flags)
+        hsm.pkey_match(flags = flags)
+
+    def test_ks_list_volatile(self):
+        self.ks_list(0)
+
+    def test_ks_list_token(self):
+        self.ks_list(HAL_KEY_FLAG_TOKEN)
+
+
 class TestPkeyECDSAVerificationNIST(TestCaseLoggedIn):
     """
     ECDSA verification tests based on Suite B Implementer's Guide to FIPS 186-3.
@@ -541,6 +590,8 @@ class TestPkeyECDSAVerificationNIST(TestCaseLoggedIn):
 #
 # * pkey list and match functions
 #
+# * token vs session key tests
+#
 # Preloaded keys should suffice for all of these.
 
 if False: