diff options
Diffstat (limited to 'unit-tests.py')
| -rw-r--r-- | unit-tests.py | 1035 |
1 files changed, 1035 insertions, 0 deletions
diff --git a/unit-tests.py b/unit-tests.py new file mode 100644 index 0000000..a8779c5 --- /dev/null +++ b/unit-tests.py @@ -0,0 +1,1035 @@ +#!/usr/bin/env python + +# Copyright (c) 2016, NORDUnet A/S +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# - Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# - Neither the name of the NORDUnet nor the names of its contributors may +# be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +""" +LibHAL unit tests, using libhal.py and the Python unit_test framework. +""" + +# There's some overlap between these tests and the PKCS #11 unit tests, +# because in many cases we're testing the same functionality, just via +# different APIs. + +import unittest +import datetime +import sys + +from libhal import * + +try: + from Crypto.Util.number import inverse + from Crypto.PublicKey import RSA + from Crypto.Signature import PKCS1_v1_5 + from Crypto.Hash.SHA256 import SHA256Hash as SHA256 + from Crypto.Hash.SHA384 import SHA384Hash as SHA384 + from Crypto.Hash.SHA512 import SHA512Hash as SHA512 + pycrypto_loaded = True +except ImportError: + pycrypto_loaded = False + + +try: + from ecdsa.keys import SigningKey as ECDSA_SigningKey, VerifyingKey as ECDSA_VerifyingKey + from ecdsa.ellipticcurve import Point + from ecdsa.curves import NIST256p, NIST384p, NIST521p + if not pycrypto_loaded: + from hashlib import sha256 as SHA256, sha384 as SHA384, sha512 as SHA512 + ecdsa_loaded = True +except ImportError: + ecdsa_loaded = False + + +def log(msg): + if not args.quiet: + sys.stderr.write(msg) + sys.stderr.write("\n") + + +def main(): + from sys import argv + global args + args = parse_arguments(argv[1:]) + argv = argv[:1] + args.only_test + unittest.main(verbosity = 1 if args.quiet else 2, argv = argv, catchbreak = True, testRunner = TextTestRunner) + +def parse_arguments(argv = ()): + from argparse import ArgumentParser, ArgumentDefaultsHelpFormatter + parser = ArgumentParser(description = __doc__, formatter_class = ArgumentDefaultsHelpFormatter) + parser.add_argument("--quiet", action = "store_true", help = "suppress chatter") + parser.add_argument("--wheel-pin", default = "fnord", help = "PIN for wheel user") + parser.add_argument("--so-pin", default = "fnord", help = "PIN for security officer") + parser.add_argument("--user-pin", default = "fnord", help = "PIN for normal user") + parser.add_argument("--all-tests", action = "store_true", help = "enable tests usually skipped") + parser.add_argument("--only-test", default = [], nargs = "+", help = "only run tests named here") + return parser.parse_args(argv) + +args = parse_arguments() +hsm = None + +pin_map = { HAL_USER_NORMAL : "user_pin", HAL_USER_SO : "so_pin", HAL_USER_WHEEL : "wheel_pin" } + + +def setUpModule(): + global hsm + hsm = HSM() + +def tearDownModule(): + hsm.logout() + #hsm.close() + + +# Subclass a few bits of unittest to add timing reports for individual tests. + +class TestCase(unittest.TestCase): + + def setUp(self): + super(TestCase, self).setUp() + self.startTime = datetime.datetime.now() + + def tearDown(self): + self.endTime = datetime.datetime.now() + super(TestCase, self).tearDown() + +class TextTestResult(unittest.TextTestResult): + + def addSuccess(self, test): + if self.showAll and hasattr(test, "startTime") and hasattr(test, "endTime"): + self.stream.write("runtime {} ... ".format(test.endTime - test.startTime)) + self.stream.flush() + super(TextTestResult, self).addSuccess(test) + +class TextTestRunner(unittest.TextTestRunner): + resultclass = TextTestResult + + +# Tests below here + + +class TestBasic(TestCase): + """ + Test basic functions that don't involve keys, digests, or PINs. + """ + + def test_get_version(self): + version = hsm.get_version() + # Might want to inspect the result here + self.assertIsInstance(version, int) + + def test_get_random(self): + length = 32 + random = hsm.get_random(length) + self.assertIsInstance(random, str) + self.assertEqual(length, len(random)) + + +class TestPIN(TestCase): + """ + Test functions involving PINs. + """ + + def setUp(self): + hsm.logout() + super(TestPIN, self).setUp() + + def tearDown(self): + super(TestPIN, self).tearDown() + hsm.logout() + + def test_is_logged_in(self): + for user in pin_map: + self.assertRaises(HAL_ERROR_FORBIDDEN, hsm.is_logged_in, user) + + def login_logout(self, user1): + pin = getattr(args, pin_map[user1]) + hsm.login(user1, pin) + for user2 in pin_map: + if user2 == user1: + hsm.is_logged_in(user2) + else: + self.assertRaises(HAL_ERROR_FORBIDDEN, hsm.is_logged_in, user2) + hsm.logout() + + def test_login_wheel(self): + self.login_logout(HAL_USER_WHEEL) + + def test_login_so(self): + self.login_logout(HAL_USER_SO) + + def test_login_user(self): + self.login_logout(HAL_USER_NORMAL) + + # Eventually we will want a test of set_pin(), probably under a + # @unittest.skipUnless to prevent it from being run unless the + # user requests it. Punt that one for the moment. + + +class TestDigest(TestCase): + """ + Test digest/HMAC functions. + """ + + # Should use NIST test vectors, this is just a placeholder. + + def test_basic_hash(self): + h = hsm.hash_initialize(HAL_DIGEST_ALGORITHM_SHA256) + h.update("Hi, Mom") + h.finalize() + + def test_basic_hmac(self): + h = hsm.hash_initialize(HAL_DIGEST_ALGORITHM_SHA256, key = "secret") + h.update("Hi, Dad") + h.finalize() + + +# Will need something to test for pkey access when not logged in +# properly (ie, test that we get an appropriate exception under a long +# list of screwy conditions and that we don't get it under another +# long list of screwy conditions, due to the PKCS #11 compatible +# access check semantics). Defer for now. + + +class TestCaseLoggedIn(TestCase): + """ + Abstract class to handle login for PKey tests. + """ + + @classmethod + def setUpClass(cls): + hsm.login(HAL_USER_NORMAL, args.user_pin) + + @classmethod + def tearDownClass(cls): + hsm.logout() + + +class TestPKeyGen(TestCaseLoggedIn): + """ + Tests involving key generation. + """ + + def sign_verify(self, hashalg, k1, k2): + h = hsm.hash_initialize(hashalg) + h.update("Your mother was a hamster") + data = h.finalize() + sig = k1.sign(data = data) + k1.verify(signature = sig, data = data) + k2.verify(signature = sig, data = data) + + def gen_sign_verify_rsa(self, hashalg, keylen): + k1 = hsm.pkey_generate_rsa(keylen) + self.addCleanup(k1.delete) + k2 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE, k1.public_key) + self.addCleanup(k2.delete) + self.sign_verify(hashalg, k1, k2) + + def gen_sign_verify_ecdsa(self, hashalg, curve): + k1 = hsm.pkey_generate_ec(curve) + self.addCleanup(k1.delete) + k2 = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, curve, k1.public_key) + self.addCleanup(k2.delete) + self.sign_verify(hashalg, k1, k2) + + def test_gen_sign_verify_ecdsa_p256_sha256(self): + self.gen_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256) + + def test_gen_sign_verify_ecdsa_p384_sha384(self): + self.gen_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384) + + def test_gen_sign_verify_ecdsa_p521_sha512(self): + self.gen_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521) + + def test_gen_sign_verify_rsa_1024_p256_sha256(self): + self.gen_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024) + + @unittest.skipUnless(args.all_tests, "Slow") + def test_gen_sign_verify_rsa_2048_sha384(self): + self.gen_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048) + + @unittest.skipUnless(args.all_tests, "Hideously slow") + def test_gen_sign_verify_rsa_4096_sha512(self): + self.gen_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096) + + def test_gen_unsupported_length(self): + with self.assertRaises(HAL_ERROR_BAD_ARGUMENTS): + hsm.pkey_generate_rsa(1028).delete() + +class TestPKeyHashing(TestCaseLoggedIn): + """ + Tests involving various ways of doing the hashing for public key operations. + """ + + def load_sign_verify_rsa(self, alg, keylen, method): + k1 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PRIVATE, HAL_CURVE_NONE, + PreloadedKey.db[HAL_KEY_TYPE_RSA_PRIVATE, keylen].der) + self.addCleanup(k1.delete) + k2 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE, + PreloadedKey.db[HAL_KEY_TYPE_RSA_PUBLIC, keylen].der) + self.addCleanup(k2.delete) + method(alg, k1, k2) + + def load_sign_verify_ecdsa(self, alg, curve, method): + k1 = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, curve, + PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, curve].der) + self.addCleanup(k1.delete) + k2 = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, curve, + PreloadedKey.db[HAL_KEY_TYPE_EC_PUBLIC, curve].der) + self.addCleanup(k2.delete) + method(alg, k1, k2) + + @staticmethod + def h(alg, mixed_mode = False): + h = hsm.hash_initialize(alg, mixed_mode = mixed_mode) + h.update("Your mother was a hamster") + return h + + def sign_verify_data(self, alg, k1, k2): + data = self.h(alg, mixed_mode = True).finalize() + sig = k1.sign(data = data) + k1.verify(signature = sig, data = data) + k2.verify(signature = sig, data = data) + + def sign_verify_remote_remote(self, alg, k1, k2): + sig = k1.sign(hash = self.h(alg, mixed_mode = False)) + k1.verify(signature = sig, hash = self.h(alg, mixed_mode = False)) + k2.verify(signature = sig, hash = self.h(alg, mixed_mode = False)) + + def sign_verify_remote_local(self, alg, k1, k2): + sig = k1.sign(hash = self.h(alg, mixed_mode = False)) + k1.verify(signature = sig, hash = self.h(alg, mixed_mode = True)) + k2.verify(signature = sig, hash = self.h(alg, mixed_mode = True)) + + def sign_verify_local_remote(self, alg, k1, k2): + sig = k1.sign(hash = self.h(alg, mixed_mode = True)) + k1.verify(signature = sig, hash = self.h(alg, mixed_mode = False)) + k2.verify(signature = sig, hash = self.h(alg, mixed_mode = False)) + + def sign_verify_local_local(self, alg, k1, k2): + sig = k1.sign(hash = self.h(alg, mixed_mode = True)) + k1.verify(signature = sig, hash = self.h(alg, mixed_mode = True)) + k2.verify(signature = sig, hash = self.h(alg, mixed_mode = True)) + + def test_load_sign_verify_rsa_1024_sha256_data(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_data) + + def test_load_sign_verify_rsa_2048_sha384_data(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_data) + + def test_load_sign_verify_rsa_4096_sha512_data(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_data) + + def test_load_sign_verify_ecdsa_p256_sha256_data(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_data) + + def test_load_sign_verify_ecdsa_p384_sha384_data(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_data) + + def test_load_sign_verify_ecdsa_p521_sha512_data(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_data) + + def test_load_sign_verify_rsa_1024_sha256_remote_remote(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_remote_remote) + + def test_load_sign_verify_rsa_2048_sha384_remote_remote(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_remote_remote) + + def test_load_sign_verify_rsa_4096_sha512_remote_remote(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_remote_remote) + + def test_load_sign_verify_ecdsa_p256_sha256_remote_remote(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_remote_remote) + + def test_load_sign_verify_ecdsa_p384_sha384_remote_remote(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_remote_remote) + + def test_load_sign_verify_ecdsa_p521_sha512_remote_remote(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_remote_remote) + + def test_load_sign_verify_rsa_1024_sha256_remote_local(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_remote_local) + + def test_load_sign_verify_rsa_2048_sha384_remote_local(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_remote_local) + + def test_load_sign_verify_rsa_4096_sha512_remote_local(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_remote_local) + + def test_load_sign_verify_ecdsa_p256_sha256_remote_local(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_remote_local) + + def test_load_sign_verify_ecdsa_p384_sha384_remote_local(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_remote_local) + + def test_load_sign_verify_ecdsa_p521_sha512_remote_local(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_remote_local) + + def test_load_sign_verify_rsa_1024_sha256_local_remote(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_local_remote) + + def test_load_sign_verify_rsa_2048_sha384_local_remote(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_local_remote) + + def test_load_sign_verify_rsa_4096_sha512_local_remote(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_local_remote) + + def test_load_sign_verify_ecdsa_p256_sha256_local_remote(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_local_remote) + + def test_load_sign_verify_ecdsa_p384_sha384_local_remote(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_local_remote) + + def test_load_sign_verify_ecdsa_p521_sha512_local_remote(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_local_remote) + + def test_load_sign_verify_rsa_1024_sha256_local_local(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_local_local) + + def test_load_sign_verify_rsa_2048_sha384_local_local(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_local_local) + + def test_load_sign_verify_rsa_4096_sha512_local_local(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_local_local) + + def test_load_sign_verify_ecdsa_p256_sha256_local_local(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, HAL_CURVE_P256, self.sign_verify_local_local) + + def test_load_sign_verify_ecdsa_p384_sha384_local_local(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, HAL_CURVE_P384, self.sign_verify_local_local) + + def test_load_sign_verify_ecdsa_p521_sha512_local_local(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_local_local) + + +@unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package") +class TestPKeyRSAInterop(TestCaseLoggedIn): + + @staticmethod + def h(alg, text): + h = hsm.hash_initialize(alg, mixed_mode = True) + h.update(text) + return h + + def load_sign_verify_rsa(self, alg, pyhash, keylen): + hamster = "Your mother was a hamster" + sk = PreloadedKey.db[HAL_KEY_TYPE_RSA_PRIVATE, keylen] + vk = PreloadedKey.db[HAL_KEY_TYPE_RSA_PUBLIC, keylen] + k1 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PRIVATE, HAL_CURVE_NONE, sk.der) + self.addCleanup(k1.delete) + k2 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE, vk.der) + self.addCleanup(k2.delete) + sig1 = k1.sign(hash = self.h(alg, hamster)) + sig2 = sk.sign(hamster, pyhash) + self.assertEqual(sig1, sig2) + k1.verify(signature = sig2, hash = self.h(alg, hamster)) + k2.verify(signature = sig2, hash = self.h(alg, hamster)) + sk.verify(hamster, pyhash, sig1) + vk.verify(hamster, pyhash, sig1) + + def test_interop_rsa_1024_sha256(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, SHA256, 1024) + + def test_interop_rsa_2048_sha384(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, SHA384, 2048) + + def test_interop_rsa_4096_sha512(self): + self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, SHA512, 4096) + + +@unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") +class TestPKeyECDSAInterop(TestCaseLoggedIn): + + @staticmethod + def h(alg, text): + h = hsm.hash_initialize(alg, mixed_mode = True) + h.update(text) + return h + + def load_sign_verify_ecdsa(self, alg, pyhash, curve): + hamster = "Your mother was a hamster" + sk = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, curve] + vk = PreloadedKey.db[HAL_KEY_TYPE_EC_PUBLIC, curve] + k1 = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, curve, sk.der) + self.addCleanup(k1.delete) + k2 = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, curve, vk.der) + self.addCleanup(k2.delete) + sig1 = k1.sign(hash = self.h(alg, hamster)) + sig2 = sk.sign(hamster, pyhash) + k1.verify(signature = sig2, hash = self.h(alg, hamster)) + k2.verify(signature = sig2, hash = self.h(alg, hamster)) + vk.verify(hamster, pyhash, sig1) + + def test_interop_ecdsa_p256_sha256(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA256, SHA256, HAL_CURVE_P256) + + def test_interop_ecdsa_p384_sha384(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA384, SHA384, HAL_CURVE_P384) + + def test_interop_ecdsa_p521_sha512(self): + self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, SHA512, HAL_CURVE_P521) + + +class TestPKeyList(TestCaseLoggedIn): + """ + Tests involving PKey list and match functions. + """ + + def load_keys(self, flags): + uuids = set() + for obj in PreloadedKey.db.itervalues(): + with hsm.pkey_load(obj.keytype, obj.curve, obj.der, flags) as k: + self.addCleanup(lambda uuid: hsm.pkey_open(uuid, flags = flags).delete(), k.uuid) + uuids.add(k.uuid) + k.set_attributes(dict((i, a) for i, a in enumerate((str(obj.keytype), str(obj.fn2))))) + return uuids + + def match(self, flags, **kwargs): + uuids = kwargs.pop("uuids", None) + kwargs.update(flags = flags) + n = 0 + for uuid in hsm.pkey_match(**kwargs): + if uuids is None or uuid in uuids: + with hsm.pkey_open(uuid, flags) as k: + n += 1 + yield n, k + + def ks_match(self, flags): + tags = [] + uuids = set() + for i in xrange(2): + uuids |= self.load_keys(flags) + tags.extend(PreloadedKey.db) + self.assertEqual(len(tags), len(uuids)) + + matched_uuids = set(k.uuid for n, k in self.match(flags = flags)) + self.assertGreaterEqual(matched_uuids, uuids) + + for keytype in set(HALKeyType.index.itervalues()) - {HAL_KEY_TYPE_NONE}: + for n, k in self.match(flags = flags, uuids = uuids, type = keytype): + self.assertEqual(k.key_type, keytype) + self.assertEqual(k.get_attributes({0}).pop(0), str(keytype)) + self.assertEqual(n, sum(1 for t1, t2 in tags if t1 == keytype)) + + for curve in set(HALCurve.index.itervalues()) - {HAL_CURVE_NONE}: + for n, k in self.match(flags = flags, uuids = uuids, curve = curve): + self.assertEqual(k.key_curve, curve) + self.assertEqual(k.get_attributes({1}).pop(1), str(curve)) + self.assertIn(k.key_type, (HAL_KEY_TYPE_EC_PUBLIC, + HAL_KEY_TYPE_EC_PRIVATE)) + self.assertEqual(n, sum(1 for t1, t2 in tags if t2 == curve)) + + for keylen in set(kl for kt, kl in tags if not isinstance(kl, Enum)): + for n, k in self.match(flags = flags, uuids = uuids, + attributes = {1 : str(keylen)}): + self.assertEqual(keylen, int(k.get_attributes({1}).pop(1))) + self.assertIn(k.key_type, (HAL_KEY_TYPE_RSA_PUBLIC, + HAL_KEY_TYPE_RSA_PRIVATE)) + self.assertEqual(n, sum(1 for t1, t2 in tags + if not isinstance(t2, Enum) and t2 == keylen)) + + for n, k in self.match(flags = flags, uuids = uuids, + type = HAL_KEY_TYPE_RSA_PUBLIC, attributes = {1 : "2048"}): + self.assertEqual(k.key_type, HAL_KEY_TYPE_RSA_PUBLIC) + self.assertEqual(n, sum(1 for t1, t2 in tags + if t1 == HAL_KEY_TYPE_RSA_PUBLIC and t2 == 2048)) + + def test_ks_match_token(self): + self.ks_match(HAL_KEY_FLAG_TOKEN) + + def test_ks_match_volatile(self): + self.ks_match(0) + + +class TestPKeyAttribute(TestCaseLoggedIn): + """ + Attribute creation/lookup/deletion tests. + """ + + def load_and_fill(self, flags, n_keys = 1, n_attrs = 2, n_fill = 0): + pinwheel = Pinwheel() + for i in xrange(n_keys): + for obj in PreloadedKey.db.itervalues(): + with hsm.pkey_load(obj.keytype, obj.curve, obj.der, flags) as k: + pinwheel() + self.addCleanup(lambda uuid: hsm.pkey_open(uuid, flags = flags).delete(), k.uuid) + k.set_attributes(dict((j, "Attribute {}{}".format(j, "*" * n_fill)) + for j in xrange(n_attrs))) + pinwheel() + + def test_attribute_bloat_volatile_many(self): + self.load_and_fill(0, n_attrs = 128) # 192 + + def test_attribute_bloat_volatile_big(self): + self.load_and_fill(0, n_attrs = 6, n_fill = 512) + + def test_attribute_bloat_token_many(self): + self.load_and_fill(HAL_KEY_FLAG_TOKEN, n_attrs = 128) + + def test_attribute_bloat_token_big(self): + self.load_and_fill(HAL_KEY_FLAG_TOKEN, n_attrs = 4, n_fill = 512) # [16, 1024] + + +class TestPKeyAttributeP11(TestCaseLoggedIn): + """ + Attribute creation/lookup/deletion tests based on a PKCS #11 trace. + """ + + def setUp(self): + der = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256].der + self.k = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256, der, HAL_KEY_FLAG_TOKEN) + self.addCleanup(self.k.delete) + super(TestPKeyAttributeP11, self).setUp() + + def test_set_many_attributes(self): + self.k.set_attributes({ + 0x001 : "\x01", + 0x108 : "\x01", + 0x105 : "\x00", + 0x002 : "\x01", + 0x107 : "\x00", + 0x102 : "\x45\x43\x2d\x50\x32\x35\x36", + 0x003 : "\x45\x43\x2d\x50\x32\x35\x36", + 0x162 : "\x00", + 0x103 : "\x01", + 0x000 : "\x03\x00\x00\x00", + 0x100 : "\x03\x00\x00\x00", + 0x101 : "", + 0x109 : "\x00", + 0x10c : "\x00", + 0x110 : "", + 0x111 : "", + 0x163 : "\x00", + 0x166 : "\xff\xff\xff\xff", + 0x170 : "\x01", + 0x210 : "\x00", + 0x163 : "\x01", + 0x166 : "\x40\x10\x00\x00", + 0x180 : "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07" }) + + def test_set_many_attributes_with_deletions(self): + self.k.set_attributes({ + 0x001 : "\x01", + 0x108 : "\x01", + 0x105 : "\x00", + 0x002 : "\x01", + 0x107 : "\x00", + 0x102 : "\x45\x43\x2d\x50\x32\x35\x36", + 0x003 : "\x45\x43\x2d\x50\x32\x35\x36", + 0x162 : "\x00", + 0x103 : "\x01", + 0x000 : "\x03\x00\x00\x00", + 0x100 : "\x03\x00\x00\x00", + 0x101 : None, + 0x109 : "\x00", + 0x10c : "\x00", + 0x110 : None, + 0x111 : None, + 0x163 : "\x00", + 0x166 : "\xff\xff\xff\xff", + 0x170 : "\x01", + 0x210 : "\x00", + 0x163 : "\x01", + 0x166 : "\x40\x10\x00\x00", + 0x180 : "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07" }) + + +class TestPKeyAttributeWriteSpeedToken(TestCaseLoggedIn): + """ + Attribute speed tests. + """ + + def setUp(self): + der = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256].der + self.k = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256, der, HAL_KEY_FLAG_TOKEN) + self.addCleanup(self.k.delete) + super(TestPKeyAttributeWriteSpeedToken, self).setUp() + + def set_attributes(self, n_attrs): + self.k.set_attributes(dict((i, "Attribute {}".format(i)) + for i in xrange(n_attrs))) + + def test_set_1_attribute(self): + self.set_attributes(1) + + def test_set_6_attributes(self): + self.set_attributes(6) + + def test_set_12_attributes(self): + self.set_attributes(12) + +class TestPKeyAttributeWriteSpeedVolatile(TestCaseLoggedIn): + """ + Attribute speed tests. + """ + + def setUp(self): + der = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256].der + self.k = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256, der, 0) + self.addCleanup(self.k.delete) + super(TestPKeyAttributeWriteSpeedVolatile, self).setUp() + + def set_attributes(self, n_attrs): + self.k.set_attributes(dict((i, "Attribute {}".format(i)) + for i in xrange(n_attrs))) + + def test_set_1_attribute(self): + self.set_attributes(1) + + def test_set_6_attributes(self): + self.set_attributes(6) + + def test_set_12_attributes(self): + self.set_attributes(12) + +class TestPKeyAttributeReadSpeedToken(TestCaseLoggedIn): + """ + Attribute speed tests. + """ + + def setUp(self): + der = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256].der + self.k = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256, der, HAL_KEY_FLAG_TOKEN) + self.addCleanup(self.k.delete) + self.k.set_attributes(dict((i, "Attribute {}".format(i)) + for i in xrange(12))) + super(TestPKeyAttributeReadSpeedToken, self).setUp() + + def verify_attributes(self, n_attrs, attributes): + expected = dict((i, "Attribute {}".format(i)) + for i in xrange(n_attrs)) + self.assertEqual(attributes, expected) + + def get_attributes(self, n_attrs): + attributes = self.k.get_attributes(range(n_attrs)) + self.verify_attributes(n_attrs, attributes) + + def test_get_1_attribute(self): + self.get_attributes(1) + + def test_get_6_attributes(self): + self.get_attributes(6) + + def test_get_12_attributes(self): + self.get_attributes(12) + +class TestPKeyAttributeReadSpeedVolatile(TestCaseLoggedIn): + """ + Attribute speed tests. + """ + + def setUp(self): + der = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256].der + self.k = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256, der, 0) + self.addCleanup(self.k.delete) + self.k.set_attributes(dict((i, "Attribute {}".format(i)) + for i in xrange(12))) + super(TestPKeyAttributeReadSpeedVolatile, self).setUp() + + def verify_attributes(self, n_attrs, attributes): + expected = dict((i, "Attribute {}".format(i)) + for i in xrange(n_attrs)) + self.assertEqual(attributes, expected) + + def get_attributes(self, n_attrs): + attributes = self.k.get_attributes(range(n_attrs)) + self.verify_attributes(n_attrs, attributes) + + def test_get_1_attribute(self): + self.get_attributes(1) + + def test_get_6_attributes(self): + self.get_attributes(6) + + def test_get_12_attributes(self): + self.get_attributes(12) + + +@unittest.skipUnless(ecdsa_loaded, "Requires Python ECDSA package") +class TestPkeyECDSAVerificationNIST(TestCaseLoggedIn): + """ + ECDSA verification tests based on Suite B Implementer's Guide to FIPS 186-3. + """ + + def verify(self, Qx, Qy, H, r, s, hal_curve, py_curve, py_hash): + Q = ECDSA_VerifyingKey.from_public_point(Point(py_curve.curve, Qx, Qy), + py_curve, py_hash).to_der() + k = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, hal_curve, Q) + self.addCleanup(k.delete) + k.verify(signature = (r + s).decode("hex"), data = H.decode("hex")) + + def test_suite_b_p256_verify(self): + self.verify( + Qx = 0x8101ece47464a6ead70cf69a6e2bd3d88691a3262d22cba4f7635eaff26680a8, + Qy = 0xd8a12ba61d599235f67d9cb4d58f1783d3ca43e78f0a5abaa624079936c0c3a9, + H = "7c3e883ddc8bd688f96eac5e9324222c8f30f9d6bb59e9c5f020bd39ba2b8377", + r = "7214bc9647160bbd39ff2f80533f5dc6ddd70ddf86bb815661e805d5d4e6f27c", + s = "7d1ff961980f961bdaa3233b6209f4013317d3e3f9e1493592dbeaa1af2bc367", + hal_curve = HAL_CURVE_P256, + py_curve = NIST256p, + py_hash = SHA256) + + def test_suite_b__p384_verify(self): + self.verify( + Qx = 0x1fbac8eebd0cbf35640b39efe0808dd774debff20a2a329e91713baf7d7f3c3e81546d883730bee7e48678f857b02ca0, + Qy = 0xeb213103bd68ce343365a8a4c3d4555fa385f5330203bdd76ffad1f3affb95751c132007e1b240353cb0a4cf1693bdf9, + H = "b9210c9d7e20897ab86597266a9d5077e8db1b06f7220ed6ee75bd8b45db37891f8ba5550304004159f4453dc5b3f5a1", + r = "a0c27ec893092dea1e1bd2ccfed3cf945c8134ed0c9f81311a0f4a05942db8dbed8dd59f267471d5462aa14fe72de856", + s = "20ab3f45b74f10b6e11f96a2c8eb694d206b9dda86d3c7e331c26b22c987b7537726577667adadf168ebbe803794a402", + hal_curve = HAL_CURVE_P384, + py_curve = NIST384p, + py_hash = SHA384) + + +# Entire classes of tests still missing: +# +# * pkey attribute functions +# +# * pkey list and match functions +# +# * token vs session key tests +# +# Preloaded keys should suffice for all of these. + + + +class Pinwheel(object): + """ + Activity pinwheel, as needed. + """ + + def __init__(self): + self.pinwheel = tuple("\b\b{} ".format(c) for c in "-/|\\") + self.modulo = len(self.pinwheel) + self.position = 0 + if not args.quiet: + from sys import stdout + stdout.write(". ") + stdout.flush() + + def __call__(self): + if not args.quiet: + from sys import stdout + stdout.write(self.pinwheel[self.position]) + stdout.flush() + self.position = (self.position + 1) % self.modulo + + +class PreloadedKey(object): + """ + Keys for preload tests, here at the end because they're large. + For the moment, we use PKCS #1.5 format for RSA and secg format + for ECDSA, because those are the formats that everything + (including our own ASN.1 code) supports. Arguably, we should be + using PKCS #8 to get a single, consistent, self-identifying + private key format, but we're not there yet and it's not + particularly urgent given widespread availablity of conversion + tools (eg, "openssl pkcs8"). + """ + + db = {} + + def __init__(self, keytype, fn2, obj, der, keylen = None, curve = HAL_CURVE_NONE): + self.keytype = keytype + self.fn2 = fn2 + self.obj = obj + self.der = der + self.keylen = keylen + self.curve = curve + self.db[keytype, fn2] = self + +class PreloadedRSAKey(PreloadedKey): + + @classmethod + def importKey(cls, keylen, pem): + if pycrypto_loaded: + k1 = RSA.importKey(pem) + k2 = k1.publickey() + cls(HAL_KEY_TYPE_RSA_PRIVATE, keylen, k1, k1.exportKey("DER"), keylen = keylen) + cls(HAL_KEY_TYPE_RSA_PUBLIC, keylen, k2, k2.exportKey("DER"), keylen = keylen) + + def sign(self, text, hash): + return PKCS1_v1_5.PKCS115_SigScheme(self.obj).sign(hash(text)) + + def verify(self, text, hash, signature): + return PKCS1_v1_5.PKCS115_SigScheme(self.obj).verify(hash(text), signature) + +class PreloadedECKey(PreloadedKey): + + @classmethod + def importKey(cls, curve, pem): + if ecdsa_loaded: + k1 = ECDSA_SigningKey.from_pem(pem) + k2 = k1.get_verifying_key() + cls(HAL_KEY_TYPE_EC_PRIVATE, curve, k1, k1.to_der(), curve = curve) + cls(HAL_KEY_TYPE_EC_PUBLIC, curve, k2, k2.to_der(), curve = curve) + + def sign(self, text, hash): + return self.obj.sign(text, hashfunc = hash) + + def verify(self, text, hash, signature): + return self.obj.verify(signature, text, hashfunc = hash) + + +# openssl genrsa 1024 +PreloadedRSAKey.importKey(1024, '''\ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQC95QlDOvlQhdCe/a7eIoX9SGPVfXfA8/62ilnF+NcwLrhxkr2R +4EVQB65+9AbxqM8Hqol6fhZzmDs48cl2tOFGJpE8iMhiFm4i6SGl2RXYaG0xi+lJ +FrXXCLFQovIEMuukBE129wra1xIB72tYR14lu8REX+Mhpbuz44M1jlCrlQIDAQAB +AoGAeU928l8bZIiH9PnlG318kYkMVhd4SGjXQK/zl9hXSC2goNV4i1d1kCHIJMwq +H3mTALe+aeVg3GnU85Tq+g2llzogoyXl8q902KbvImrM/XSbsue9/oj0OSgw+jKB +faFzX6FxAtNV5pmU9QiwauBIl/3yPCF9ifim5zg+pWCqLaECQQD59Z/R6TrTHxp6 +w2vH4CJyP5KORcf+eMa50SAriMVBXsJzsBiLLVxKIZfWbQn9gytJqJZKmIHezZQm +dyam84fpAkEAwnvSF27RhxLXE037+t7k5MZti6BfNTeUBrwffteepL6qax9HK+h9 +IQZ1vfNIqjZm8i7kQQyy4L8tRnk8mjZmzQJBAIUwfXWTilW+yBRMFx1M7+3itAv9 +YODWqEWRCkxIN5tqi8CrP5jBleCmX8rRFTaxcxpvq42aD/GRp3SLntvs/ikCQCSg +GOKc1gyv+Z0DFK8cBtMmoz6mRwfInbHe/7dtd8zis0lVLJwSPm5Xvxi0ljyn3h9B +wW6Wq6Ezn50j+8u27wkCQQCcIFE01BDAdtFHtTJ3aaEM9IdMCYrcJ0I/Y0NTE2M6 +lsTSiPyQjc4dQQJxFduvWHLx28bx+l7FTav7FaKntCJo +-----END RSA PRIVATE KEY----- +''') + +# openssl genrsa 2048 +PreloadedRSAKey.importKey(2048, '''\ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAsbvq6syhDXD/OMVAuLoMceGQLUIiezfShVqFfyMqADjqhFRW +Wbonn0XV9ZkypU4Ib9n6PtLATNaefhpsUlI4s+20YTlQ7GiwJ9p97/N1o1u060ja +4LdqhfYtn8GZX+JAfa5NqpmLKCJ58XJ3q28MPLRwYp5yKckjkzchZHFyjs1W7r5a +JfeJ/vsQusX3klmCehJ1jxSHPh8o6lTjFMnBK8t360YTu0UGK/RUcEAYO7l7FWjd +8PjZfawXIrOAhCLkVvDFfpsl2oyFIL9d1QE87WdyyZXAtWLs62gnX+kiBq9gUhu5 +GsgcQifHBcRiGZfH0TRIMgIsSjsorzHqJ9uoQwIDAQABAoIBAGqzx5/5A8NfEEpT +2bxNLcV8xqL1LmBNLh0TMEwYn1GM2fZh74lkwf7T3VTaCVbGlzgXZC4tNneq7XIF +iPyPEi2rSnyH/XZAj2kNukfBIOHW37HVhloco14TYmajwuGWomMRrtz521pYAF+c ++g042N7k8Qez2hQOBkaOdYSouz7RNdJUGUocRhcSkh+QZTBwtQxrkuhhHN+zkIri ++Q09hF2hAliHrh6mow8ci0gRsXnZzsdJfTX8CasHWTIll4gfrvWnUY7iYqB6ynRU +YN+7IgQXMUFLziIlH1qN+DlEYdznsgAPSS3JdTWh0cvjiO8wTFAnOIdsj+BpKoDB +PK2zzDkCgYEA3TP8h4Ds/y1tDijE3Sarrg0vWuY97sJmAla4qFHH4hscZ84NDzTM +I/ohLPJgpeR2MaBqZmVk9UFrd3rdt3/lX6kSO7Kffa9rVgfOB4CqJ4joso3j0qY8 +V/iVBcDcD1h4aXCRX2tMJICUTgVU/N8/2wBEElcOUjZHGlcHmbHndlUCgYEAzbFm +ttPuIHrYHkmOm/DjYB65+WD8gfPMdeUbnx+yIt5xwimIbq1qWzl4++goTAAyaU/7 +qM9IfveRue0B7yjnPa8fjN+CcXMGM6a3BIqeIv1icfgjHxlt7D+64FpENWXHvFE0 +MhRliINfkTHm+U4+1s0045a+bLdTbfVly1gATDcCgYEAyOaoWmFL3k7hl1SLx9eR +YVj0Q3iNk0XX5BPjTmxIQCEjYVwRHFh1d897Rhk0kja26kepmypH0UADXNaofDqa +lpE10CZhGIOz1sTr6ICBCbscrN6VpgH5GGTa5AjPVNijNBBa1/DZjOWCzIGnOKuC +kWLicE3E4gIN/exBKOQdNqkCgYEAjA5PMg38BoGexoCvad8L81b4qqUvSg0HGv91 +X1Plp3hvXRWKoFHUKWlox528UoOPz8V2ReteIZXQ1BhdSMtBKO8lPHa0CyuW/XR3 +CdCY/Jorfg7HW1WlU0fRpxHPf8xdxAxGzhK1T86kM+kWrIpqnzf62zy5TK1HUYfW +WC8DhOECgYBzU8hIA0PU7aRPUs0o9MO9XcvVPvdX6UOKdNb9CnBMudS/chKHJUYP +d0fFAiVaRX0JMQ0RSrenxCqfWVtW3T3wFYNHB/IFRIUT3I44wwXJTNOeoi3FDTMx +EQfc0UFoFHyc3mYEKR4zHheqQG5OFBN89LqG3S+O69vc1qwCvNKL+Q== +-----END RSA PRIVATE KEY----- +''') + +# openssl genrsa 4096 +PreloadedRSAKey.importKey(4096, '''\ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAzWpYSQt+DrUNI+EJT/ko92wM2POfFnmm3Kc34nmuK6sez0DJ +r9Vib9R5K46RNgqcUdAodjU6cy3/MZA53SqP7RwR/LQtWmK2a+T4iey2vQZ0iCDA +2NI4gjgmCAjZnOD/m5yUXjCig/wJ8pGXolg8oHnvdeLg1joIOSF9OudLrI6aJnDg +OfdegzmCWXmWl7TXrqHVIWZhZZF7qQZRso6ZQ1/8mjpvVD0drASBxMnIzvpe4ynr +Y2NB807X/D5bbScp292ZKTNf5unPN1SsFy5ymzfLZrfNksYef6xPXcVr6OiObi49 +De8e11aNPj6fgLzzqAu1rjjrDkgvXx5G7gPJXq1aq6uxB2cKMrRS+ivmyC8vQlzP +lQwW20oYeeOfCg7ddNAJcu3jNTuNJaZdhc9szpVhV8DXZoXe/RzUNjZH7wUqueHy +fpbLwS+h3McJqrbWFdCQBivZnoI05cF2JIHEeR3S0Gyo2/IheNeFX2Tt8oDnHY4a +olRHiR5CMdM8UoGSxR9Y12fZ9dcqdCH3d6wDAsBDHTCE8ZIwFwhW6iA+g54YE3X7 +BlsgWr60poCDgH+CJjh0VDVxqL7r+w76sD9WAQMa7Gb+Mp2XCYnIZPXTrsmwVbZ9 +s5vFXUEODYom6qBlbZB8gyZzee5Skc1jx2fnmqxRtflA4W3xVAQFof2rFiUCAwEA +AQKCAgBxhQXJSFqf0hqy61h0I+Qp6EKpWuleSFiYtKjDti803tql+s37KFfAKZHV +KnLBhNeitwDFYuEsag0P3P69ZRopFUwzdXdi7g6WTfG0d2b9y6V23XL14Cduf400 +/38TnZxk6QFtlD8b5ZuxvBgqlczbeseFRJ6whV2qBQHqHYzKjfxOpi6kmjpXFt8c +h39b04smbTUVwjitIttOK7nWjcvRWiiFKyn/Sc8uE0eL81/QUrlBnRcC1AXMapQe +SG/KQMx3P123UTb8q9XiZB6+qOKZORplZ8pqBKcyM42g6suZ6XtdFJyVKMLIioKA +FaecQ8/73IzI/ZeZSvcy/85/FwSfGjHD7C7vL9kfg77no+IvHYlBYiIqtTddpQH5 +LGJAJnOGtk047/OjTmL8QyylvDAv8jBeZZdbOX7L+8jk5DbHmfUcDjvBS9g+Fbfk +jDurphrp1dHn/YgaA27NZs87TPWX1aVPiOlXEhO9SHHiiKCHDpBzV1gW/eiho33s ++uEr57ZoakzonN/zNb7KqHUO/ZGwMg+V9bVIgThqbdgmxNz7JFz14CN79yPmW5QT +1P1v7a6xWaZTALe2HGvy0B+iRzhLpay1tI4O/omPj9vUzVJwGHztVt0RddcmA9wV +Y3qglRNl+YvNlm6BUn8KwPIqki8JoioA8J1EQ5mz/K0fbrzcOQKCAQEA8TCqq0pb +mfxtsf42zhsSUw1VdcCIG0IYcSWxIiCfujryAQX1tmstZeRchlykXmdO+JDcpvMy +BKBD7188JEWjCX1IRRtHxTJ5WG+pE8sNPLNL8eZVZ+CEbNjVk4dtWGLwyNm+rQkM +NmOlm+7ZHdezBXljZOeqZbdsTSDQcGYG8JxlvLpAN60pjIGvTdTrdnksMhB4PK+l +7KtyEVDWXU/VT6kqhP3Ri1doHv/81BplgfjEJM8ZxmasfP4SlJ1olKqsHMFSrclj +ZCAemKEexVyzg8cHm9ghj6MLQZe3gs94V6h8I2ifrBBNHMrZgYg2Db0GeyYrr+kZ +GDjT0DZp0jgyfwKCAQEA2gdTclmrfAU/67ziOJbjkMgfhBdteE1BbJDNUca0zB6q +Ju4BwNgt0cxHMbltgE2/8hWP95HIaQdh1mIgwSK93MxRbaAvAQfF3muJxvMR5Mru +DejE+IEK9eZetgkNHGWyfiFzBWHda/Z9PQkqYtRfop5qFBVAPZ4YzR5hT0j64eDQ +N/z9C0ZB6RL9EcXJgEYgGI3wP8Qsrw3JRBQN0SCVRmrEJm4WIXs+CEHOk56/VbPM +v82uwbHVghS0U9bEZvNoeq7ZQjS2tRXXRJeOgQyCNvYy670T0KvQZoDb59EbEDSz +eQZS1J7rDEBHW+VwRSJA8noMEgZdEv8AxbEF2CddWwKCAQAMwH71iXvoW1FNbNxm +70V7wKO5ExHfJxJ1wQFphYIMbZtn9HG2UFpZHcbKj9Fc8GdbewU/inIljnepC0b5 +v/jLwqT0imm0AmQqCdVNp5mukOg+BOiVEmjN/HTmVO2yE6EZbXHIYkcUBRa3dNxj +2IitjGp15k27DQSb21VJ7AsH46z5WnuUtgIRXLXxDoXYgLWWfApvYvYJ2lKwma6L +xnHHwXDvESBoFpn5sZ0jdbXSNl3geFarh7gs753534ys940cBBij+ZbYr14Owc4H +r0wKdpZvZfD4UC2DLUtVjjSVpeHSWXC/vyjkkdEIKTR6a3kRP8ZliZR7FF4Wjxnv +NGtvAoIBAEu5g6gRsNewUxUjU0boUT115ExSfrjrzC9S05z1cNH8TIic3YsHClL1 +qjyA9KE9X89K4efQgFTKNZbqGgo6cMsBQ77ZhbnL41Nu8jlhLvPR74BxOgg9eXsS +eg6rchxMzgO0xmg2J1taDwFl74zHyjeG4bz77IX6JQ8I4C9TX5+YH3lyqsiBrF6x +M6g6k9Ozh24/zhO3pPVfymmUtX/O20nLxzi5v4H9dfwULxVia33upsxvOaUYiNlX +K5J641gGbmE93UN7X4HhhhTStrHnkEpalDEASKOPKSCQ3M/U9ptYUoVURuyGDYkB +wkcOl0HLtdcBwLN59lWkr7X519fNREUCggEBAMk39k+shD2DW8ubE/LgoforwfT2 +558FPxpZ+pGwMHL3ZnLuQuiROyPyQZj/ZmmLAa2TPrwS/ssln46Y2KesejWK/0Hq +8SaFLhOjacF8u5IOOKBZvx+HOT6ctRNBVyzt9A8wu0DE6nzc5HQpm9TMXrOLuZ0L +u22yFikwoIgYpU6hBdbg1mnirZS/ZyqJV9gWB6ZYyUAUGdgBqL6euSAAqBp93qz8 +sQLesqTufT1mVZd/ndLyvjDJjNKUE0w1g/1xNtg6N5aM+7pc/DwE/s+EtCxc/858 +dQYLBHIPcw6e0FdL3nTs44BpAqcK28N5eWbe/KaZ3EA0lHRmyOQ++WgU6jo= +-----END RSA PRIVATE KEY----- +''') + +# openssl ecparam -genkey -name prime256v1 | openssl ec +PreloadedECKey.importKey(HAL_CURVE_P256, '''\ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIPBrVhD1iFF2e8wPkPf4N1038iR8xPgku/CVOT8lcSztoAoGCCqGSM49 +AwEHoUQDQgAE3mB5BmN5Fa4fV74LsDWIpBUxktPqYGJ6WOBrjPs1HWkNU7JHO3qY +9yy+CXFSPb89GWQgb5wLtNPn4QYMj+KRTA== +-----END EC PRIVATE KEY----- +''') + +# openssl ecparam -genkey -name secp384r1 | openssl ec +PreloadedECKey.importKey(HAL_CURVE_P384, '''\ +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDCVGo35Hbrf3Iys7mWRIm5yjg+6vPIgzbp2jCbDyszBo+wTxmQambG4 +g8yocp4wM6+gBwYFK4EEACKhZANiAATYwa+M8T8jsNHKmMZTvPPflUIfrjuZZo1D +3kkkmN4r6cTNctjaeRdAfD0X40l4yPnGIP9ParuKVVl1y0TdQ7BS3g/Gj/LP33HD +ESP8gFDIKFCWSDX0uhmy+HsGsPwgNoY= +-----END EC PRIVATE KEY----- +''') + +# openssl ecparam -genkey -name secp521r1 | openssl ec +PreloadedECKey.importKey(HAL_CURVE_P521, '''\ +-----BEGIN EC PRIVATE KEY----- +MIHcAgEBBEIBtf+LKhJNQEJRFQ2cGQPcviwfp9IKSnD5EFTqAPtv7/+t2FtmdHHP +/fWIlZ7jcC5N9dWy6bKGu3+FqwgZAYLpsqigBwYFK4EEACOhgYkDgYYABADdfcUe +P0oAZQ5308v5ijcg4hePvhvVi+QKcrwmE9kirXCFoYN1tzPmXZmw8lNJenrbwaNz +opJR84LBHnomGPogAQGF0aRk0jE8w1j1oMfrrzV6vCWnkh7pyzsDnrLU1HrkWeqw +ihzwMzYJgFzToDH+fCh7nrBFZZZ9P9gPYMlSM5UMeA== +-----END EC PRIVATE KEY----- +''') + + +if __name__ == "__main__": + main() |