aboutsummaryrefslogtreecommitdiff
path: root/unit-tests.py
AgeCommit message (Collapse)Author
2017-04-04Fix strnagely-named test.Rob Austein
2017-04-03Merge branch 'pymux' into pkcs8Rob Austein
2017-04-03Race condition in test was triggering HAL_ERROR_KEY_NOT_FOUND.Rob Austein
2017-04-03Unit tests mostly working with PKCS #8.Rob Austein
A few parsing problems remaining, mostly with objects large enough that PKCS #8 may have pushed them over some buffer size or another. These are all with RSA, where the Python code (PyCrypto) already supported PKCS #8, so most likely it's a problem in the new C code. Python ECDSA PKCS #8 shim code is nasty and could use some cleanup. If practical, we might want to sub-class ecdsa.keys.SigningKey; we might also want to flesh this out into something we can send upstream to the author of the Python ecdsa library.
2017-03-06Add timestamps to debug logging.Rob Austein
2017-03-04Add --io-log option to unit-tests.py.Rob Austein
2017-02-03Unit test cleanup.Rob Austein
Log exceptions immediately when failing a test; doesn't replace backtrace at end of test run, but since a full test run can take a while it's useful to know what failed closer to when it happened. More conditionals to skip tests which require external Python crypto packages when those packages aren't installed.
2017-01-31Enable low-level debugging support in libhal.py.Rob Austein
2016-11-21Whack attribute code with a club until it works with PKCS #11.Rob Austein
PKCS #11 supports zero-length attributes (eg, CKA_LABEL) so hack of using zero length attribute as NIL value won't work, instead we use a slightly more portable version of the hack PKCS #11 uses (PKCS #11 stuffs -1 into a CK_ULONG, we stuff 0xFFFFFFFF into a uint32_t). ks_attribute.c code was trying too hard and tripping over its own socks. Instead of trying to maintain attributes[] in place during modification, we now perform the minimum necessary change then re-scan the block. This is (very slightly) slower but more robust, both because the scan code has better error checking and because it's the scan code that we want to be sure is happy before committing a change. Rename hal_rpc_pkey_attribute_t to hal_pkey_attribute_t.
2016-11-14More API cleanup: remove hal_rpc_pkey_list().Rob Austein
hal_rpc_pkey_list() was a simplistic solution that worked when the keystore only supported a handful of keys and we needed a quick temporary solution in time for a workshop. It doesn't handle large numbers of keys well, and while we could fix that, all of its functionality is now available via more robust API functions, so simplifying the API by deleting it seems best. Since this change required mucking with dispatch vectors yet again, it converts them to use C99 "designated initializer" syntax.
2016-11-14hal_rpc_pkey_find() -> hal_rpc_pkey_open().Rob Austein
2016-11-10Clean out huge swacks of RPC API we don't need anymore.Rob Austein
pkey attribute API is now just set_attributes() and get_attributes().
2016-11-10First cut at ks_flash support for attribute get/set/delete API.Rob Austein
Passes minimal unit-testing and the same minimal tests report that it does deliver the desired performance speed-up. More testing and much cleanup still needed. Attribute API not quite stable yet, we're probably going to want to remove all the singleton attribute operations from the RPC protocol, and it turns out that ks_delete_attributes() has enough code in common with ks_set_attributes() that it makes more sense to handle the former as a special case of the latter.
2016-11-08First cut at multi-attribute get/set/delete API.Rob Austein
This is not yet complete, only the ks_volatile driver supports it, ks_flash will be a bit more complicated and isn't written yet. At the moment, this adds a complete duplicate set of {set,get,delete}_attributes() functions in parallel to the earlier {set,get,delete}_attribute() functions. We will almost certainly want to get rid of the duplicates, probably (but not necessarily) the entire single-attribute suite. At the moment, though, we want both sets so we can compare execution speeds of the two sets of functions.
2016-11-05Add attribute read timing tests.Rob Austein
Result of running all these timing tests is about what theory would have predicted: read time does not vary significantly between RAM and flash, but write time sure does.
2016-11-04.set_attribute() speed tests.Rob Austein
2016-11-04Doh, tests should not assume an empty keystore.Rob Austein
2016-11-04More attribute bloat tests, pinwheel to monitor progress.Rob Austein
Watching the pinwheel makes it clear that the painfully slow execution of test_attribute_bloat_flash_many() isn't a single hidously long delay anywhere, rather it's a long steady stream of slow operations and it's the cumulative time that's hurting us. Most likely this is entirely dominated by flash write time, and suggests that it may be worth the additional API and implementation complexity to handle setting a complete set of attributes in a single operation, so that we only have to pay the flash write toll once. Will probably require further testing before we can make an informed decision.
2016-11-03Add keystore attribute tests; add wrapper for Python crypto.Rob Austein
New test class to thrash the keystore attribute mechanism. Added wrapper classes to encapsulate the more obscure bits of the multiple Python public key APIs we're using in a single uniform API, which lets us simplify some of the tests considerably.
2016-11-02Convert pkey_match() test into a proper assertion-based unit test.Rob Austein
2016-11-02Archive verbose version of pkey_match() tests before reducing to assertions.Rob Austein
2016-11-02Test pkey_match() attribute handling.Rob Austein
2016-11-01Add hal_rpc_pkey_get_key_curve().Rob Austein
Incidental minor refactoring of hal_rpc_server_dispatch().
2016-11-01More Pythonic API for certain pkey calls.Rob Austein
PKey objects can now be used as context managers, in which case the key handle will be closed when the block exits. HSM.pkey_find() now returns a generator which will iterate through the full set of results, making additional RPC calls as necessary. NIST ECDSA test vector test refactored to remove duplicated code.
2016-11-01hal_ks_index_fsck() and a pile of debugging code.Rob Austein
The debugging code was for tracking down what turned out to be a race condition in the Alpha's flash driver code (see sw/stm32); much of this was temporary, and will be removed in a (near) future commit, but some of the techniques were useful and belong in the repository in case we need to pull them back for something similar in the future. hal_ks_index_fsck() attempts to diagnose all the things I found wrong in the ks_flash index after one long series of errors. As presently written, it doesn't attempt to fix anything, just diagnose errors: the intent is that we can call this, before and after every modification if necessary, to poinpoint exactly which calls introduce errors. Once things stablize a bit, we may want to crank down the number of calls to this (it's a bit expensive, since it checks the entire index), and perhaps add the ability to clean up whatever errors it might find; the latter might be a good candidate for a CLI command.
2016-10-30Interop tests against Python RSA and ECDSA implementations.Rob Austein
2016-10-30Continue fleshing out libhal Python unit tests.Rob Austein
2016-10-29Add a bunch of static key tests, including a mixed-mode workout suite.Rob Austein
2016-10-26Version 0.1 of a set of HSM unit tests, using the Python RPC API.Rob Austein
This is very incomplete. Portions of it are still verbatim copies of the PKCS #11 unit tests, and have not yet been pruned for relevance, much less converted to the corresponding libhal tests.