diff options
-rw-r--r-- | csprng.c | 23 | ||||
-rw-r--r-- | libhal.py | 31 | ||||
-rw-r--r-- | unit-tests.py | 47 |
3 files changed, 82 insertions, 19 deletions
@@ -45,35 +45,34 @@ hal_error_t hal_get_random(hal_core_t *core, void *buffer, const size_t length) { - uint8_t temp[4], *buf = buffer; + uint8_t temp[4], ior = 0, * const buf = buffer; hal_error_t err; - size_t i; if ((err = hal_core_alloc(CSPRNG_NAME, &core)) != HAL_OK) return err; - for (i = 0; i < length; i += 4) { + for (size_t i = 0; i < length; i += 4) { const int last = (length - i) < 4; if (WAIT_FOR_CSPRNG_VALID && (err = hal_io_wait_valid(core)) != HAL_OK) - goto out; + break; if ((err = hal_io_read(core, CSPRNG_ADDR_RANDOM, (last ? temp : &buf[i]), 4)) != HAL_OK) - goto out; + break; if (last) for (; i < length; i++) buf[i] = temp[i&3]; } - for (i = 0, buf = buffer; i < length; i++, buf++) - if (*buf != 0) { - err = HAL_OK; - goto out; - } - err = HAL_ERROR_CSPRNG_BROKEN; + if (err == HAL_OK) { + for (size_t i = 0; i < length; i++) + ior |= buf[i]; + + if (ior == 0 && length > 0) + err = HAL_ERROR_CSPRNG_BROKEN; + } -out: hal_core_free(core); return err; } @@ -405,6 +405,7 @@ class PKey(Handle): class HSM(object): mixed_mode = False + debug_io = False def _raise_if_error(self, status): if status != 0: @@ -417,7 +418,8 @@ class HSM(object): def _send(self, msg): # Expects an xdrlib.Packer msg = slip_encode(msg.get_buffer()) - logger.debug("send: %s", ":".join("{:02x}".format(ord(c)) for c in msg)) + if self.debug_io: + logger.debug("send: %s", ":".join("{:02x}".format(ord(c)) for c in msg)) self.socket.sendall(msg) def _recv(self, code): # Returns an xdrlib.Unpacker @@ -428,7 +430,8 @@ class HSM(object): if msg[-1] == "": raise HAL_ERROR_RPC_TRANSPORT() msg.append(self.sockfile.read(1)) - logger.debug("recv: %s", ":".join("{:02x}".format(ord(c)) for c in msg)) + if self.debug_io: + logger.debug("recv: %s", ":".join("{:02x}".format(ord(c)) for c in msg)) msg = slip_decode("".join(msg)) if not msg: continue @@ -545,25 +548,41 @@ class HSM(object): def pkey_load(self, type, curve, der, flags = 0, client = 0, session = 0): with self.rpc(RPC_FUNC_PKEY_LOAD, session, type, curve, der, flags, client = client) as r: - return PKey(self, r.unpack_uint(), UUID(bytes = r.unpack_bytes())) + pkey = PKey(self, r.unpack_uint(), UUID(bytes = r.unpack_bytes())) + logger.debug("Loaded pkey %s", pkey.uuid) + return pkey def pkey_open(self, uuid, flags = 0, client = 0, session = 0): with self.rpc(RPC_FUNC_PKEY_OPEN, session, uuid, flags, client = client) as r: - return PKey(self, r.unpack_uint(), uuid) + pkey = PKey(self, r.unpack_uint(), uuid) + logger.debug("Opened pkey %s", pkey.uuid) + return pkey def pkey_generate_rsa(self, keylen, exponent = "\x01\x00\x01", flags = 0, client = 0, session = 0): with self.rpc(RPC_FUNC_PKEY_GENERATE_RSA, session, keylen, exponent, flags, client = client) as r: - return PKey(self, r.unpack_uint(), UUID(bytes = r.unpack_bytes())) + pkey = PKey(self, r.unpack_uint(), UUID(bytes = r.unpack_bytes())) + logger.debug("Generated RSA pkey %s", pkey.uuid) + return pkey def pkey_generate_ec(self, curve, flags = 0, client = 0, session = 0): with self.rpc(RPC_FUNC_PKEY_GENERATE_EC, session, curve, flags, client = client) as r: - return PKey(self, r.unpack_uint(), UUID(bytes = r.unpack_bytes())) + pkey = PKey(self, r.unpack_uint(), UUID(bytes = r.unpack_bytes())) + logger.debug("Generated EC pkey %s", pkey.uuid) + return pkey def pkey_close(self, pkey): + try: + logger.debug("Closing pkey %s", pkey.uuid) + except AttributeError: + pass with self.rpc(RPC_FUNC_PKEY_CLOSE, pkey): return def pkey_delete(self, pkey): + try: + logger.debug("Deleting pkey %s", pkey.uuid) + except AttributeError: + pass with self.rpc(RPC_FUNC_PKEY_DELETE, pkey): return diff --git a/unit-tests.py b/unit-tests.py index 895bdb5..c1d0d44 100644 --- a/unit-tests.py +++ b/unit-tests.py @@ -39,6 +39,7 @@ LibHAL unit tests, using libhal.py and the Python unit_test framework. import unittest import datetime +import logging import sys from libhal import * @@ -66,6 +67,9 @@ except ImportError: ecdsa_loaded = False +logger = logging.getLogger("unit-tests") + + def main(): from sys import argv global args @@ -121,6 +125,12 @@ class TextTestResult(unittest.TextTestResult): self.stream.flush() super(TextTestResult, self).addSuccess(test) + def addError(self, test, err): + if self.showAll: + self.stream.write("exception {!s} ".format(err[0].__name__)) # err[1] + self.stream.flush() + super(TextTestResult, self).addError(test, err) + class TextTestRunner(unittest.TextTestRunner): resultclass = TextTestResult @@ -331,93 +341,123 @@ class TestPKeyHashing(TestCaseLoggedIn): k1.verify(signature = sig, hash = self.h(alg, mixed_mode = True)) k2.verify(signature = sig, hash = self.h(alg, mixed_mode = True)) + @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package") def test_load_sign_verify_rsa_1024_sha256_data(self): self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_data) + @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package") def test_load_sign_verify_rsa_2048_sha384_data(self): self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_data) + @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package") def test_load_sign_verify_rsa_4096_sha512_data(self): self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_data) + @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") def test_load_sign_verify_ecdsa_p256_sha256_data(self): self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_data) + @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") def test_load_sign_verify_ecdsa_p384_sha384_data(self): self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_data) + @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") def test_load_sign_verify_ecdsa_p521_sha512_data(self): self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_data) + @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package") def test_load_sign_verify_rsa_1024_sha256_remote_remote(self): self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_remote_remote) + @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package") def test_load_sign_verify_rsa_2048_sha384_remote_remote(self): self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_remote_remote) + @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package") def test_load_sign_verify_rsa_4096_sha512_remote_remote(self): self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_remote_remote) + @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") def test_load_sign_verify_ecdsa_p256_sha256_remote_remote(self): self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_remote_remote) + @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") def test_load_sign_verify_ecdsa_p384_sha384_remote_remote(self): self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_remote_remote) + @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") def test_load_sign_verify_ecdsa_p521_sha512_remote_remote(self): self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_remote_remote) + @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package") def test_load_sign_verify_rsa_1024_sha256_remote_local(self): self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_remote_local) + @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package") def test_load_sign_verify_rsa_2048_sha384_remote_local(self): self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_remote_local) + @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package") def test_load_sign_verify_rsa_4096_sha512_remote_local(self): self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_remote_local) + @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") def test_load_sign_verify_ecdsa_p256_sha256_remote_local(self): self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_remote_local) + @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") def test_load_sign_verify_ecdsa_p384_sha384_remote_local(self): self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_remote_local) + @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") def test_load_sign_verify_ecdsa_p521_sha512_remote_local(self): self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_remote_local) + @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package") def test_load_sign_verify_rsa_1024_sha256_local_remote(self): self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_local_remote) + @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package") def test_load_sign_verify_rsa_2048_sha384_local_remote(self): self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_local_remote) + @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package") def test_load_sign_verify_rsa_4096_sha512_local_remote(self): self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_local_remote) + @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") def test_load_sign_verify_ecdsa_p256_sha256_local_remote(self): self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_local_remote) + @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") def test_load_sign_verify_ecdsa_p384_sha384_local_remote(self): self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_local_remote) + @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") def test_load_sign_verify_ecdsa_p521_sha512_local_remote(self): self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_local_remote) + @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package") def test_load_sign_verify_rsa_1024_sha256_local_local(self): self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_local_local) + @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package") def test_load_sign_verify_rsa_2048_sha384_local_local(self): self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_local_local) + @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package") def test_load_sign_verify_rsa_4096_sha512_local_local(self): self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_local_local) + @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") def test_load_sign_verify_ecdsa_p256_sha256_local_local(self): self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_local_local) + @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") def test_load_sign_verify_ecdsa_p384_sha384_local_local(self): self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_local_local) + @unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") def test_load_sign_verify_ecdsa_p521_sha512_local_local(self): self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_local_local) @@ -490,7 +530,7 @@ class TestPKeyECDSAInterop(TestCaseLoggedIn): self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, SHA512, HAL_CURVE_P521) -class TestPKeyList(TestCaseLoggedIn): +class TestPKeyMatch(TestCaseLoggedIn): """ Tests involving PKey list and match functions. """ @@ -590,6 +630,7 @@ class TestPKeyAttribute(TestCaseLoggedIn): self.load_and_fill(HAL_KEY_FLAG_TOKEN, n_attrs = 4, n_fill = 512) # [16, 1024] +@unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") class TestPKeyAttributeP11(TestCaseLoggedIn): """ Attribute creation/lookup/deletion tests based on a PKCS #11 trace. @@ -654,6 +695,7 @@ class TestPKeyAttributeP11(TestCaseLoggedIn): 0x180 : "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07" }) +@unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") class TestPKeyAttributeWriteSpeedToken(TestCaseLoggedIn): """ Attribute speed tests. @@ -678,6 +720,7 @@ class TestPKeyAttributeWriteSpeedToken(TestCaseLoggedIn): def test_set_12_attributes(self): self.set_attributes(12) +@unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") class TestPKeyAttributeWriteSpeedVolatile(TestCaseLoggedIn): """ Attribute speed tests. @@ -702,6 +745,7 @@ class TestPKeyAttributeWriteSpeedVolatile(TestCaseLoggedIn): def test_set_12_attributes(self): self.set_attributes(12) +@unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") class TestPKeyAttributeReadSpeedToken(TestCaseLoggedIn): """ Attribute speed tests. @@ -733,6 +777,7 @@ class TestPKeyAttributeReadSpeedToken(TestCaseLoggedIn): def test_get_12_attributes(self): self.get_attributes(12) +@unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") class TestPKeyAttributeReadSpeedVolatile(TestCaseLoggedIn): """ Attribute speed tests. |