From f7c3a151c7b0a3f040ab9aa8d81c562684d3f2e8 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Tue, 1 Nov 2016 12:09:41 -0400 Subject: hal_ks_index_fsck() and a pile of debugging code. The debugging code was for tracking down what turned out to be a race condition in the Alpha's flash driver code (see sw/stm32); much of this was temporary, and will be removed in a (near) future commit, but some of the techniques were useful and belong in the repository in case we need to pull them back for something similar in the future. hal_ks_index_fsck() attempts to diagnose all the things I found wrong in the ks_flash index after one long series of errors. As presently written, it doesn't attempt to fix anything, just diagnose errors: the intent is that we can call this, before and after every modification if necessary, to poinpoint exactly which calls introduce errors. Once things stablize a bit, we may want to crank down the number of calls to this (it's a bit expensive, since it checks the entire index), and perhaps add the ability to clean up whatever errors it might find; the latter might be a good candidate for a CLI command. --- unit-tests.py | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 55 insertions(+), 4 deletions(-) (limited to 'unit-tests.py') diff --git a/unit-tests.py b/unit-tests.py index 5646add..d460a26 100644 --- a/unit-tests.py +++ b/unit-tests.py @@ -96,13 +96,13 @@ hsm = None pin_map = { HAL_USER_NORMAL : "user_pin", HAL_USER_SO : "so_pin", HAL_USER_WHEEL : "wheel_pin" } + def setUpModule(): global hsm hsm = HSM() - def tearDownModule(): - hsm.logout_all() + hsm.logout() #hsm.close() @@ -158,12 +158,12 @@ class TestPIN(TestCase): """ def setUp(self): - hsm.logout_all() + hsm.logout() super(TestPIN, self).setUp() def tearDown(self): super(TestPIN, self).tearDown() - hsm.logout_all() + hsm.logout() def test_is_logged_in(self): "Test whether is_logged_in() returns correct exception when not logged in" @@ -505,6 +505,55 @@ class TestPKeyECDSAInterop(TestCaseLoggedIn): self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521) +class TestPKeyList(TestCaseLoggedIn): + """ + Tests involving PKey list and match functions. + """ + + # Some kind of race condition, don't understand it yet, but + # without the sleep, the flash keystore code occasionally reads + # zeroed pages immediately after a deletion (which itself zeros + # pages, which is suspicious, but I haven't spotted a problem + # there yet), with the sleep it doesn't. Worrisome. + + kludge_around_race_condition = False + + def cleanup(self): + for uuid, flags in self.keys: + if self.kludge_around_race_condition and (flags & HAL_KEY_FLAG_TOKEN) != 0: + from time import sleep + sleep(0.1) + hsm.pkey_find(uuid, flags = flags).delete() + + def load_keys(self, flags): + self.keys = [] + self.addCleanup(self.cleanup) + + for keytype, curve in static_keys: + obj = static_keys[keytype, curve] + if keytype in (HAL_KEY_TYPE_RSA_PRIVATE, HAL_KEY_TYPE_RSA_PUBLIC): + curve = HAL_CURVE_NONE + der = obj.exportKey("DER") + elif keytype in (HAL_KEY_TYPE_EC_PRIVATE, HAL_KEY_TYPE_EC_PUBLIC): + der = obj.to_der() + else: + raise ValueError + k = hsm.pkey_load(keytype, curve, der, flags) + self.keys.append((k.uuid, flags)) + k.close() + + def ks_list(self, flags): + self.load_keys(flags) + hsm.pkey_list(flags = flags) + hsm.pkey_match(flags = flags) + + def test_ks_list_volatile(self): + self.ks_list(0) + + def test_ks_list_token(self): + self.ks_list(HAL_KEY_FLAG_TOKEN) + + class TestPkeyECDSAVerificationNIST(TestCaseLoggedIn): """ ECDSA verification tests based on Suite B Implementer's Guide to FIPS 186-3. @@ -541,6 +590,8 @@ class TestPkeyECDSAVerificationNIST(TestCaseLoggedIn): # # * pkey list and match functions # +# * token vs session key tests +# # Preloaded keys should suffice for all of these. if False: -- cgit v1.2.3