aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--csprng.c23
-rw-r--r--libhal.py31
-rw-r--r--unit-tests.py47
3 files changed, 82 insertions, 19 deletions
diff --git a/csprng.c b/csprng.c
index 7ff6c69..8ba4fa5 100644
--- a/csprng.c
+++ b/csprng.c
@@ -45,35 +45,34 @@
hal_error_t hal_get_random(hal_core_t *core, void *buffer, const size_t length)
{
- uint8_t temp[4], *buf = buffer;
+ uint8_t temp[4], ior = 0, * const buf = buffer;
hal_error_t err;
- size_t i;
if ((err = hal_core_alloc(CSPRNG_NAME, &core)) != HAL_OK)
return err;
- for (i = 0; i < length; i += 4) {
+ for (size_t i = 0; i < length; i += 4) {
const int last = (length - i) < 4;
if (WAIT_FOR_CSPRNG_VALID && (err = hal_io_wait_valid(core)) != HAL_OK)
- goto out;
+ break;
if ((err = hal_io_read(core, CSPRNG_ADDR_RANDOM, (last ? temp : &buf[i]), 4)) != HAL_OK)
- goto out;
+ break;
if (last)
for (; i < length; i++)
buf[i] = temp[i&3];
}
- for (i = 0, buf = buffer; i < length; i++, buf++)
- if (*buf != 0) {
- err = HAL_OK;
- goto out;
- }
- err = HAL_ERROR_CSPRNG_BROKEN;
+ if (err == HAL_OK) {
+ for (size_t i = 0; i < length; i++)
+ ior |= buf[i];
+
+ if (ior == 0 && length > 0)
+ err = HAL_ERROR_CSPRNG_BROKEN;
+ }
-out:
hal_core_free(core);
return err;
}
diff --git a/libhal.py b/libhal.py
index 7e8cc6f..3063398 100644
--- a/libhal.py
+++ b/libhal.py
@@ -405,6 +405,7 @@ class PKey(Handle):
class HSM(object):
mixed_mode = False
+ debug_io = False
def _raise_if_error(self, status):
if status != 0:
@@ -417,7 +418,8 @@ class HSM(object):
def _send(self, msg): # Expects an xdrlib.Packer
msg = slip_encode(msg.get_buffer())
- logger.debug("send: %s", ":".join("{:02x}".format(ord(c)) for c in msg))
+ if self.debug_io:
+ logger.debug("send: %s", ":".join("{:02x}".format(ord(c)) for c in msg))
self.socket.sendall(msg)
def _recv(self, code): # Returns an xdrlib.Unpacker
@@ -428,7 +430,8 @@ class HSM(object):
if msg[-1] == "":
raise HAL_ERROR_RPC_TRANSPORT()
msg.append(self.sockfile.read(1))
- logger.debug("recv: %s", ":".join("{:02x}".format(ord(c)) for c in msg))
+ if self.debug_io:
+ logger.debug("recv: %s", ":".join("{:02x}".format(ord(c)) for c in msg))
msg = slip_decode("".join(msg))
if not msg:
continue
@@ -545,25 +548,41 @@ class HSM(object):
def pkey_load(self, type, curve, der, flags = 0, client = 0, session = 0):
with self.rpc(RPC_FUNC_PKEY_LOAD, session, type, curve, der, flags, client = client) as r:
- return PKey(self, r.unpack_uint(), UUID(bytes = r.unpack_bytes()))
+ pkey = PKey(self, r.unpack_uint(), UUID(bytes = r.unpack_bytes()))
+ logger.debug("Loaded pkey %s", pkey.uuid)
+ return pkey
def pkey_open(self, uuid, flags = 0, client = 0, session = 0):
with self.rpc(RPC_FUNC_PKEY_OPEN, session, uuid, flags, client = client) as r:
- return PKey(self, r.unpack_uint(), uuid)
+ pkey = PKey(self, r.unpack_uint(), uuid)
+ logger.debug("Opened pkey %s", pkey.uuid)
+ return pkey
def pkey_generate_rsa(self, keylen, exponent = "\x01\x00\x01", flags = 0, client = 0, session = 0):
with self.rpc(RPC_FUNC_PKEY_GENERATE_RSA, session, keylen, exponent, flags, client = client) as r:
- return PKey(self, r.unpack_uint(), UUID(bytes = r.unpack_bytes()))
+ pkey = PKey(self, r.unpack_uint(), UUID(bytes = r.unpack_bytes()))
+ logger.debug("Generated RSA pkey %s", pkey.uuid)
+ return pkey
def pkey_generate_ec(self, curve, flags = 0, client = 0, session = 0):
with self.rpc(RPC_FUNC_PKEY_GENERATE_EC, session, curve, flags, client = client) as r:
- return PKey(self, r.unpack_uint(), UUID(bytes = r.unpack_bytes()))
+ pkey = PKey(self, r.unpack_uint(), UUID(bytes = r.unpack_bytes()))
+ logger.debug("Generated EC pkey %s", pkey.uuid)
+ return pkey
def pkey_close(self, pkey):
+ try:
+ logger.debug("Closing pkey %s", pkey.uuid)
+ except AttributeError:
+ pass
with self.rpc(RPC_FUNC_PKEY_CLOSE, pkey):
return
def pkey_delete(self, pkey):
+ try:
+ logger.debug("Deleting pkey %s", pkey.uuid)
+ except AttributeError:
+ pass
with self.rpc(RPC_FUNC_PKEY_DELETE, pkey):
return
diff --git a/unit-tests.py b/unit-tests.py
index 895bdb5..c1d0d44 100644
--- a/unit-tests.py
+++ b/unit-tests.py
@@ -39,6 +39,7 @@ LibHAL unit tests, using libhal.py and the Python unit_test framework.
import unittest
import datetime
+import logging
import sys
from libhal import *
@@ -66,6 +67,9 @@ except ImportError:
ecdsa_loaded = False
+logger = logging.getLogger("unit-tests")
+
+
def main():
from sys import argv
global args
@@ -121,6 +125,12 @@ class TextTestResult(unittest.TextTestResult):
self.stream.flush()
super(TextTestResult, self).addSuccess(test)
+ def addError(self, test, err):
+ if self.showAll:
+ self.stream.write("exception {!s} ".format(err[0].__name__)) # err[1]
+ self.stream.flush()
+ super(TextTestResult, self).addError(test, err)
+
class TextTestRunner(unittest.TextTestRunner):
resultclass = TextTestResult
@@ -331,93 +341,123 @@ class TestPKeyHashing(TestCaseLoggedIn):
k1.verify(signature = sig, hash = self.h(alg, mixed_mode = True))
k2.verify(signature = sig, hash = self.h(alg, mixed_mode = True))
+ @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
def test_load_sign_verify_rsa_1024_sha256_data(self):
self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_data)
+ @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
def test_load_sign_verify_rsa_2048_sha384_data(self):
self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_data)
+ @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
def test_load_sign_verify_rsa_4096_sha512_data(self):
self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_data)
+ @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
def test_load_sign_verify_ecdsa_p256_sha256_data(self):
self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_data)
+ @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
def test_load_sign_verify_ecdsa_p384_sha384_data(self):
self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_data)
+ @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
def test_load_sign_verify_ecdsa_p521_sha512_data(self):
self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_data)
+ @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
def test_load_sign_verify_rsa_1024_sha256_remote_remote(self):
self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_remote_remote)
+ @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
def test_load_sign_verify_rsa_2048_sha384_remote_remote(self):
self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_remote_remote)
+ @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
def test_load_sign_verify_rsa_4096_sha512_remote_remote(self):
self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_remote_remote)
+ @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
def test_load_sign_verify_ecdsa_p256_sha256_remote_remote(self):
self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_remote_remote)
+ @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
def test_load_sign_verify_ecdsa_p384_sha384_remote_remote(self):
self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_remote_remote)
+ @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
def test_load_sign_verify_ecdsa_p521_sha512_remote_remote(self):
self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_remote_remote)
+ @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
def test_load_sign_verify_rsa_1024_sha256_remote_local(self):
self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_remote_local)
+ @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
def test_load_sign_verify_rsa_2048_sha384_remote_local(self):
self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_remote_local)
+ @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
def test_load_sign_verify_rsa_4096_sha512_remote_local(self):
self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_remote_local)
+ @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
def test_load_sign_verify_ecdsa_p256_sha256_remote_local(self):
self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_remote_local)
+ @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
def test_load_sign_verify_ecdsa_p384_sha384_remote_local(self):
self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_remote_local)
+ @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
def test_load_sign_verify_ecdsa_p521_sha512_remote_local(self):
self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_remote_local)
+ @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
def test_load_sign_verify_rsa_1024_sha256_local_remote(self):
self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_local_remote)
+ @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
def test_load_sign_verify_rsa_2048_sha384_local_remote(self):
self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_local_remote)
+ @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
def test_load_sign_verify_rsa_4096_sha512_local_remote(self):
self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_local_remote)
+ @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
def test_load_sign_verify_ecdsa_p256_sha256_local_remote(self):
self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_local_remote)
+ @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
def test_load_sign_verify_ecdsa_p384_sha384_local_remote(self):
self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_local_remote)
+ @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
def test_load_sign_verify_ecdsa_p521_sha512_local_remote(self):
self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_local_remote)
+ @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
def test_load_sign_verify_rsa_1024_sha256_local_local(self):
self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_local_local)
+ @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
def test_load_sign_verify_rsa_2048_sha384_local_local(self):
self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_local_local)
+ @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
def test_load_sign_verify_rsa_4096_sha512_local_local(self):
self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_local_local)
+ @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
def test_load_sign_verify_ecdsa_p256_sha256_local_local(self):
self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_local_local)
+ @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
def test_load_sign_verify_ecdsa_p384_sha384_local_local(self):
self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_local_local)
+ @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
def test_load_sign_verify_ecdsa_p521_sha512_local_local(self):
self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_local_local)
@@ -490,7 +530,7 @@ class TestPKeyECDSAInterop(TestCaseLoggedIn):
self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, SHA512, HAL_CURVE_P521)
-class TestPKeyList(TestCaseLoggedIn):
+class TestPKeyMatch(TestCaseLoggedIn):
"""
Tests involving PKey list and match functions.
"""
@@ -590,6 +630,7 @@ class TestPKeyAttribute(TestCaseLoggedIn):
self.load_and_fill(HAL_KEY_FLAG_TOKEN, n_attrs = 4, n_fill = 512) # [16, 1024]
+@unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
class TestPKeyAttributeP11(TestCaseLoggedIn):
"""
Attribute creation/lookup/deletion tests based on a PKCS #11 trace.
@@ -654,6 +695,7 @@ class TestPKeyAttributeP11(TestCaseLoggedIn):
0x180 : "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07" })
+@unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
class TestPKeyAttributeWriteSpeedToken(TestCaseLoggedIn):
"""
Attribute speed tests.
@@ -678,6 +720,7 @@ class TestPKeyAttributeWriteSpeedToken(TestCaseLoggedIn):
def test_set_12_attributes(self):
self.set_attributes(12)
+@unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
class TestPKeyAttributeWriteSpeedVolatile(TestCaseLoggedIn):
"""
Attribute speed tests.
@@ -702,6 +745,7 @@ class TestPKeyAttributeWriteSpeedVolatile(TestCaseLoggedIn):
def test_set_12_attributes(self):
self.set_attributes(12)
+@unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
class TestPKeyAttributeReadSpeedToken(TestCaseLoggedIn):
"""
Attribute speed tests.
@@ -733,6 +777,7 @@ class TestPKeyAttributeReadSpeedToken(TestCaseLoggedIn):
def test_get_12_attributes(self):
self.get_attributes(12)
+@unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package")
class TestPKeyAttributeReadSpeedVolatile(TestCaseLoggedIn):
"""
Attribute speed tests.