aboutsummaryrefslogtreecommitdiff
path: root/unit_tests.py
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2020-06-10 00:46:48 -0400
committerRob Austein <sra@hactrn.net>2020-06-10 00:46:48 -0400
commit8dc8f4c9cf7d1fc10cc110407a73f55909eeeb9d (patch)
tree55ebd7ad173108b9a46aa86f4d87e37877c7bd97 /unit_tests.py
parent3e6addd37b2165857a8208b7cb003485a5654cfa (diff)
Whack with club until works with Python 2 and Python 3
String types are still a bit weird. Amost everything here is currently required to be bytes rather than str in Python 3, which feels a bit unnatural, but everything on the wire has to be bytes and we don't really have enough information to know when we should be converting back to str. In the long term, once we ditch Python 2, we may be able to do a bit better for things like the string versions of attribute names, but for the moment it's simplest to stick with bytes.
Diffstat (limited to 'unit_tests.py')
-rw-r--r--unit_tests.py128
1 files changed, 66 insertions, 62 deletions
diff --git a/unit_tests.py b/unit_tests.py
index 186daa9..512d648 100644
--- a/unit_tests.py
+++ b/unit_tests.py
@@ -23,6 +23,10 @@ try:
except ImportError:
pycrypto_loaded = False
+try:
+ long
+except NameError:
+ long = int
def log(msg):
if not args.quiet:
@@ -138,7 +142,7 @@ class TestDevice(TestCase):
"Test C_GetTokenInfo()"
token_info = p11.C_GetTokenInfo(args.slot)
self.assertIsInstance(token_info, CK_TOKEN_INFO)
- self.assertEqual(token_info.label.rstrip(), "Cryptech Token")
+ self.assertEqual(token_info.label.rstrip(), b"Cryptech Token")
def test_sessions_serial(self):
"Test C_OpenSession() for useful (serial) cases"
@@ -180,7 +184,7 @@ class TestDevice(TestCase):
session = p11.C_OpenSession(args.slot)
n = 17
random = p11.C_GenerateRandom(session, n)
- self.assertIsInstance(random, str)
+ self.assertIsInstance(random, bytes)
self.assertEqual(len(random), n)
def test_findObjects_operation_state(self):
@@ -189,7 +193,7 @@ class TestDevice(TestCase):
with self.assertRaises(CKR_OPERATION_NOT_INITIALIZED):
for handle in p11.C_FindObjects(session):
- self.assertIsInstance(handle, (int, int))
+ self.assertIsInstance(handle, (int, long))
with self.assertRaises(CKR_OPERATION_NOT_INITIALIZED):
p11.C_FindObjectsFinal(session)
@@ -200,7 +204,7 @@ class TestDevice(TestCase):
p11.C_FindObjectsInit(session, CKA_CLASS = CKO_PRIVATE_KEY)
for handle in p11.C_FindObjects(session):
- self.assertIsInstance(handle, (int, int))
+ self.assertIsInstance(handle, (int, long))
p11.C_FindObjectsFinal(session)
@@ -247,36 +251,36 @@ class TestKeys(TestCase):
self.assertIsKeypair(
p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, CKA_TOKEN = False,
- CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
+ CKA_ID = b"EC-P256", CKA_EC_PARAMS = self.oid_p256,
CKA_SIGN = True, CKA_VERIFY = True))
self.assertIsKeypair(
p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, CKA_TOKEN = True,
- CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
+ CKA_ID = b"EC-P256", CKA_EC_PARAMS = self.oid_p256,
CKA_SIGN = True, CKA_VERIFY = True))
self.assertIsKeypair(
p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN,
public_CKA_TOKEN = False, private_CKA_TOKEN = True,
- CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
+ CKA_ID = b"EC-P256", CKA_EC_PARAMS = self.oid_p256,
CKA_SIGN = True, CKA_VERIFY = True))
self.assertIsKeypair(
p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN,
public_CKA_TOKEN = True, private_CKA_TOKEN = False,
- CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
+ CKA_ID = b"EC-P256", CKA_EC_PARAMS = self.oid_p256,
CKA_SIGN = True, CKA_VERIFY = True))
def test_gen_sign_verify_ecdsa_p256_sha256(self):
"Generate/sign/verify with ECDSA-P256-SHA-256"
public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN,
- CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
+ CKA_ID = b"EC-P256", CKA_EC_PARAMS = self.oid_p256,
CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
self.assertIsKeypair(public_key, private_key)
- hamster = "Your mother was a hamster"
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_ECDSA_SHA256, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_ECDSA_SHA256, public_key)
p11.C_Verify(self.session, hamster, sig)
@@ -284,13 +288,13 @@ class TestKeys(TestCase):
"Generate/sign/verify with ECDSA-P384-SHA-384"
#if not args.all_tests: self.skipTest("SHA-384 not available in current build")
public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN,
- CKA_ID = "EC-P384", CKA_EC_PARAMS = self.oid_p384,
+ CKA_ID = b"EC-P384", CKA_EC_PARAMS = self.oid_p384,
CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
self.assertIsKeypair(public_key, private_key)
- hamster = "Your mother was a hamster"
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_ECDSA_SHA384, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_ECDSA_SHA384, public_key)
p11.C_Verify(self.session, hamster, sig)
@@ -298,13 +302,13 @@ class TestKeys(TestCase):
"Generate/sign/verify with ECDSA-P521-SHA-512"
#if not args.all_tests: self.skipTest("SHA-512 not available in current build")
public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN,
- CKA_ID = "EC-P521", CKA_EC_PARAMS = self.oid_p521,
+ CKA_ID = b"EC-P521", CKA_EC_PARAMS = self.oid_p521,
CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
self.assertIsKeypair(public_key, private_key)
- hamster = "Your mother was a hamster"
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_ECDSA_SHA512, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_ECDSA_SHA512, public_key)
p11.C_Verify(self.session, hamster, sig)
@@ -313,12 +317,12 @@ class TestKeys(TestCase):
"RSA 1024-bit generate/sign/verify test"
public_key, private_key = p11.C_GenerateKeyPair(
self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1024,
- CKA_ID = "RSA-1024", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
+ CKA_ID = b"RSA-1024", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
self.assertIsKeypair(public_key, private_key)
- hamster = "Your mother was a hamster"
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
p11.C_Verify(self.session, hamster, sig)
@@ -327,24 +331,24 @@ class TestKeys(TestCase):
#if not args.all_tests: self.skipTest("RSA key generation is still painfully slow")
public_key, private_key = p11.C_GenerateKeyPair(
self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 2048,
- CKA_ID = "RSA-2048", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
+ CKA_ID = b"RSA-2048", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
self.assertIsKeypair(public_key, private_key)
- hamster = "Your mother was a hamster"
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
p11.C_Verify(self.session, hamster, sig)
@staticmethod
def _build_ecpoint(x, y):
- bytes_per_coordinate = (max(x.bit_length(), y.bit_length()) + 15) / 16
+ bytes_per_coordinate = (max(x.bit_length(), y.bit_length()) + 15) // 16
value = b"\x04" + binascii.unhexlify("{0:0{2}x}{1:0{2}x}".format(x, y, bytes_per_coordinate))
if len(value) < 128:
- length = struct.pack("U", len(value))
+ length = struct.pack("B", len(value))
else:
n = len(value).bit_length()
- length = struct.pack("U", (n + 7) / 8) + binascii.unhexlify("{0:0{1}x}".format(len(value), (n + 15) / 16)))
+ length = struct.pack("B", (n + 7) // 8) + binascii.unhexlify("{0:0{1}x}".format(len(value), (n + 15) // 16))
tag = b"\x04"
return tag + length + value
@@ -359,8 +363,8 @@ class TestKeys(TestCase):
session = self.session,
CKA_CLASS = CKO_PUBLIC_KEY,
CKA_KEY_TYPE = CKK_EC,
- CKA_LABEL = "EC-P-256 test case from \"Suite B Implementer's Guide to FIPS 186-3\"",
- CKA_ID = "EC-P-256",
+ CKA_LABEL = b"EC-P-256 test case from \"Suite B Implementer's Guide to FIPS 186-3\"",
+ CKA_ID = b"EC-P-256",
CKA_VERIFY = True,
CKA_EC_POINT = Q,
CKA_EC_PARAMS = self.oid_p256)
@@ -379,8 +383,8 @@ class TestKeys(TestCase):
session = self.session,
CKA_CLASS = CKO_PUBLIC_KEY,
CKA_KEY_TYPE = CKK_EC,
- CKA_LABEL = "EC-P-384 test case from \"Suite B Implementer's Guide to FIPS 186-3\"",
- CKA_ID = "EC-P-384",
+ CKA_LABEL = b"EC-P-384 test case from \"Suite B Implementer's Guide to FIPS 186-3\"",
+ CKA_ID = b"EC-P-384",
CKA_VERIFY = True,
CKA_EC_POINT = Q,
CKA_EC_PARAMS = self.oid_p384)
@@ -392,13 +396,13 @@ class TestKeys(TestCase):
"Generate/sign/verify/destroy/reload/verify with ECDSA-P256-SHA-256"
public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN,
public_CKA_TOKEN = False, private_CKA_TOKEN = True,
- CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256,
+ CKA_ID = b"EC-P256", CKA_EC_PARAMS = self.oid_p256,
CKA_SIGN = True, CKA_VERIFY = True)
self.assertIsKeypair(public_key, private_key)
- hamster = "Your mother was a hamster"
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_ECDSA_SHA256, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_ECDSA_SHA256, public_key)
p11.C_Verify(self.session, hamster, sig)
@@ -419,7 +423,7 @@ class TestKeys(TestCase):
def _extract_rsa_public_key(self, handle):
a = p11.C_GetAttributeValue(self.session, handle, CKA_MODULUS, CKA_PUBLIC_EXPONENT)
- return RSA.construct((a[CKA_MODULUS], a[CKA_PUBLIC_EXPONENT]))
+ return RSA.construct((long(a[CKA_MODULUS]), long(a[CKA_PUBLIC_EXPONENT])))
def assertRawRSASignatureMatches(self, handle, plain, sig):
pubkey = self._extract_rsa_public_key(handle)
@@ -433,11 +437,11 @@ class TestKeys(TestCase):
tralala = b"tralala-en-hopsasa"
public_key, private_key = p11.C_GenerateKeyPair(
self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1024,
- CKA_ID = "RSA-1024", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
+ CKA_ID = b"RSA-1024", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
self.assertIsKeypair(public_key, private_key)
p11.C_SignInit(self.session, CKM_RSA_PKCS, private_key)
sig = p11.C_Sign(self.session, tralala)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
self.assertRawRSASignatureMatches(public_key, tralala, sig)
p11.C_VerifyInit(self.session, CKM_RSA_PKCS, public_key)
p11.C_Verify(self.session, tralala, sig)
@@ -449,11 +453,11 @@ class TestKeys(TestCase):
tralala = b"tralala-en-hopsasa"
public_key, private_key = p11.C_GenerateKeyPair(
self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 3416,
- CKA_ID = "RSA-3416", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
+ CKA_ID = b"RSA-3416", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
self.assertIsKeypair(public_key, private_key)
p11.C_SignInit(self.session, CKM_RSA_PKCS, private_key)
sig = p11.C_Sign(self.session, tralala)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
self.assertRawRSASignatureMatches(public_key, tralala, sig)
p11.C_VerifyInit(self.session, CKM_RSA_PKCS, public_key)
p11.C_Verify(self.session, tralala, sig)
@@ -484,22 +488,22 @@ class TestKeys(TestCase):
@unittest.skipUnless(pycrypto_loaded, "requires PyCrypto")
def test_load_sign_verify_rsa_1024(self):
"Load/sign/verify with RSA-1024-SHA-512 and externally-supplied key"
- public_key, private_key = self._load_rsa_keypair(rsa_1024_pem, "RSA-1024")
- hamster = "Your mother was a hamster"
+ public_key, private_key = self._load_rsa_keypair(rsa_1024_pem, b"RSA-1024")
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
p11.C_Verify(self.session, hamster, sig)
@unittest.skipUnless(pycrypto_loaded, "requires PyCrypto")
def test_load_sign_verify_rsa_2048(self):
"Load/sign/verify with RSA-2048-SHA-512 and externally-supplied key"
- public_key, private_key = self._load_rsa_keypair(rsa_2048_pem, "RSA-2048")
- hamster = "Your mother was a hamster"
+ public_key, private_key = self._load_rsa_keypair(rsa_2048_pem, b"RSA-2048")
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
p11.C_Verify(self.session, hamster, sig)
@@ -508,11 +512,11 @@ class TestKeys(TestCase):
"Load/sign/verify with RSA-3416-SHA-512 and externally-supplied key"
if not args.all_tests:
self.skipTest("Key length not a multiple of 32, so expected to fail (fairly quickly)")
- public_key, private_key = self._load_rsa_keypair(rsa_3416_pem, "RSA-3416")
- hamster = "Your mother was a hamster"
+ public_key, private_key = self._load_rsa_keypair(rsa_3416_pem, b"RSA-3416")
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
p11.C_Verify(self.session, hamster, sig)
@@ -522,12 +526,12 @@ class TestKeys(TestCase):
self.skipTest("Key length not a multiple of 32, so expected to fail (very slowly)")
public_key, private_key = p11.C_GenerateKeyPair(
self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 3416,
- CKA_ID = "RSA-3416", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
+ CKA_ID = b"RSA-3416", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
self.assertIsKeypair(public_key, private_key)
- hamster = "Your mother was a hamster"
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
p11.C_Verify(self.session, hamster, sig)
@@ -536,26 +540,26 @@ class TestKeys(TestCase):
with self.assertRaises(CKR_ATTRIBUTE_VALUE_INVALID):
p11.C_GenerateKeyPair(
self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1028,
- CKA_ID = "RSA-1028", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
+ CKA_ID = b"RSA-1028", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
def test_gen_sign_verify_rsa_1032(self):
"Generate/sign/verify with RSA-1032-SHA-512 (sic)"
public_key, private_key = p11.C_GenerateKeyPair(
self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1032,
- CKA_ID = "RSA-1032", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
+ CKA_ID = b"RSA-1032", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
self.assertIsKeypair(public_key, private_key)
- hamster = "Your mother was a hamster"
+ hamster = b"Your mother was a hamster"
p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
sig = p11.C_Sign(self.session, hamster)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
p11.C_Verify(self.session, hamster, sig)
@unittest.skipUnless(pycrypto_loaded, "requires PyCrypto")
def test_load_sign_verify_rsa_1024_with_rpki_data(self):
"Load/sign/verify with RSA-1024-SHA-256, externally-supplied key"
- public_key, private_key = self._load_rsa_keypair(rsa_1024_pem, "RSA-1024")
- tbs = '''
+ public_key, private_key = self._load_rsa_keypair(rsa_1024_pem, b"RSA-1024")
+ tbs = b'''
31 6B 30 1A 06 09 2A 86 48 86 F7 0D 01 09 03 31
0D 06 0B 2A 86 48 86 F7 0D 01 09 10 01 1A 30 1C
06 09 2A 86 48 86 F7 0D 01 09 05 31 0F 17 0D 31
@@ -564,11 +568,11 @@ class TestKeys(TestCase):
0F 1F 86 AF 45 25 4D 8F E1 1F C9 EA B3 83 4A 41
17 C1 42 B7 43 AD 51 5E F5 A2 F8 E3 25
'''
- tbs = binascii.unhexlify("".join(tbs.split()))
+ tbs = binascii.unhexlify(b"".join(tbs.split()))
p11.C_SignInit(self.session, CKM_SHA256_RSA_PKCS, private_key)
p11.C_SignUpdate(self.session, tbs)
sig = p11.C_SignFinal(self.session)
- self.assertIsInstance(sig, str)
+ self.assertIsInstance(sig, bytes)
p11.C_VerifyInit(self.session, CKM_SHA256_RSA_PKCS, public_key)
p11.C_Verify(self.session, tbs, sig)
verifier = PKCS1_v1_5.new(RSA.importKey(rsa_1024_pem))
@@ -583,14 +587,14 @@ class TestKeys(TestCase):
def _find_objects(self, chunk_size = 10, template = None, **kwargs):
p11.C_FindObjectsInit(self.session, template, **kwargs)
for handle in p11.C_FindObjects(self.session, chunk_size):
- self.assertIsInstance(handle, (int, int))
+ self.assertIsInstance(handle, (int, long))
p11.C_FindObjectsFinal(self.session)
@unittest.skipUnless(pycrypto_loaded, "requires PyCrypto")
def test_findObjects(self):
- self._load_rsa_keypair(rsa_1024_pem, "RSA-1024")
- self._load_rsa_keypair(rsa_2048_pem, "RSA-2048")
- self._load_rsa_keypair(rsa_3416_pem, "RSA-3416")
+ self._load_rsa_keypair(rsa_1024_pem, b"RSA-1024")
+ self._load_rsa_keypair(rsa_2048_pem, b"RSA-2048")
+ self._load_rsa_keypair(rsa_3416_pem, b"RSA-3416")
self._find_objects(chunk_size = 1, CKA_CLASS = CKO_PUBLIC_KEY)
self._find_objects(chunk_size = 1, CKA_CLASS = CKO_PRIVATE_KEY)
self._find_objects(chunk_size = 10, CKA_CLASS = CKO_PUBLIC_KEY)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-17 02:12:00 +0000