aboutsummaryrefslogtreecommitdiff
path: root/unit_tests.py
AgeCommit message (Collapse)Author
2016-11-22Remove SQLite3 from build, no longer needed.Rob Austein
2016-09-03Hack PKCS #11 to work with revised libhal pkey API.Rob Austein
2016-08-10Add regression test for borked or missing PKCS #1.5 DigestInfo.Rob Austein
Oleg found a cute bug where C_SignUpdate() and C_SignFinal() would generate an incorrect signature which C_VerifyUpdate() and C_VerifyFinal() would think was fine because the verification code had essentially the same bug as the signature code. None of this applied to the (much) more commonly used C_Sign() and C_Verify() functions, which is why nobody noticed until now. Bug fixed in sw/libhal commit 36dfaf0adbddbb9f1f7852911228b3ab24ba01aa but we need a regression test to make sure we don't reintroduce the bug. So we add a test which computes the signature both ways, then verifies it with PyCrypto as well as both ways with our own code. We should probably be doing more comparisons of RSA results with PyCrypto. For ECDSA with non-deterministic signatures it's a bit harder, but more checking against the Python ecdsa library would still be a good idea.
2016-07-13Add "cryptech" to public "pkcs11" names.Rob Austein
Database location environment variable is now CRYPTECH_PKCS11_DATABASE. Installed library is now libcryptech-pkcs11.{so,dylib}.
2016-07-07Clean up test code that made sense on the Novena but not on the Alpha.Rob Austein
2016-06-16Convert timing report to integrate with unittest.TextTestRunner, to avoid ↵Rob Austein
garbled reports if a test fails.
2016-06-16Generalize and extend tests of externally-supplied RSA keys.Rob Austein
Disable 3416-bit RSA key generation tests while we sort out whether simply padding the modulus out to the next 32-bit boundary is sufficient to support these with ModExpS6/ModExpA7.
2016-06-16Completely farbled most of the super() incantations, sigh.Rob Austein
2016-06-16Add timing of individual tests, test descriptions.Rob Austein
2016-06-16Tweak unit tests to be a bit less annoying on Alpha.Rob Austein
* Don't modify the wheel PIN unless specifically requested * Don't try to run the Novena RPC test server (or any server) by default. Still need to rewrite some of the RSA key tests, particularly the external key load test, to conform to known implementation constraint that key length must be a multiple of 32 bits; deferred until we switch back to hardware modexp, as this won't matter until then.
2016-06-14Clean up debugging output left in one of the unit tests.Rob Austein
2016-06-13Add test for loading an externally generated keypair via C_CreateObject().Rob Austein
2016-06-12A few RSA unit tests inspired by hsmbully.Rob Austein
2016-06-10Support split keypairs, where private key is a token object and publicRob Austein
key is a session object. Doesn't actually save us anything, but Jakob tells us that this makes a difference on some HSMs so we people use this kind of setup and we need to support it. Explicitly disallow private keys as session objects, since we have no way to protect them. Update unit-tests now that we return the correct error code for this case.
2016-06-10Add support for running only a specified subset of the unit tests.Rob Austein
2016-06-10Update unit tests to match new behavior: we no longer allow privateRob Austein
keys to be stored as session objects, so test that doing so fails as expected, and update other tests to specify CKA_TOKEN = True.
2016-05-25Track PIN changes on libhal master branch.Rob Austein
2016-05-19Add test case using public key via C_CreateObject() to verify signature ↵Rob Austein
created by earlier keypair.
2016-05-18Add explicit generate/sign/verify unit tests both on and off theRob Austein
token, since we just demonstrated (the hard way) that testing only one is not sufficient.
2016-05-17Bugfixes to new error handling code, refactor some unreadable nested logic ↵Rob Austein
in handle lookup code. The mapping between PKCS #11 objects and libhal handles isn't quite right yet. This is a snapshot of bugfixes accumulated along the way, before refactoring mapping code to deal with the underlying problem.
2016-05-16Identical CKA_ID values no longer constitute a conflict, adjust test.Rob Austein
2016-05-15Fix broken unit test.Rob Austein
Turns out that the one remaining old PKCS #11 unit test we weren't passing was a broken test: code was correctly rejecting CKA_ID conflicts. Rewrote test, and added test setup code to use separate client and server keystores when using the ks_mmap keystore driver.
2016-05-13Sort out some disagreements between our command line parsing and unit_test's ↵Rob Austein
defaults.
2016-05-13Rework unit_test framework to use argparse and to run RPC server ↵Rob Austein
automatically if present.
2015-09-22Clean up Python APIs to C_FindObject*() and C_GetSlotList().Rob Austein
2015-09-21Better test for keypair object class.Rob Austein
2015-09-21More key unit tests.Rob Austein
2015-09-21More test cases.Rob Austein
2015-09-21Unit tests for init, session, and login functions.Rob Austein
2015-09-21First step towards unit tests.Rob Austein