From 1011308ae39ad624a3d93941bf0c1cb9039134bf Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Wed, 18 May 2016 22:59:52 -0400 Subject: Add explicit generate/sign/verify unit tests both on and off the token, since we just demonstrated (the hard way) that testing only one is not sufficient. --- unit_tests.py | 45 +++++++++++++++++++++++++++------------------ 1 file changed, 27 insertions(+), 18 deletions(-) diff --git a/unit_tests.py b/unit_tests.py index 6866a87..2aefedc 100644 --- a/unit_tests.py +++ b/unit_tests.py @@ -247,8 +247,20 @@ class TestKeys(unittest.TestCase): CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256, CKA_SIGN = True, CKA_VERIFY = True)) - def test_gen_sign_verify_ecdsa_p256_sha256(self): - public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, + def test_gen_sign_verify_ecdsa_p256_sha256_token(self): + public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, CKA_TOKEN = True, + CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256, + CKA_SIGN = True, CKA_VERIFY = True) + self.assertIsKeypair(public_key, private_key) + hamster = "Your mother was a hamster" + p11.C_SignInit(self.session, CKM_ECDSA_SHA256, private_key) + sig = p11.C_Sign(self.session, hamster) + self.assertIsInstance(sig, str) + p11.C_VerifyInit(self.session, CKM_ECDSA_SHA256, public_key) + p11.C_Verify(self.session, hamster, sig) + + def test_gen_sign_verify_ecdsa_p256_sha256_session(self): + public_key, private_key = p11.C_GenerateKeyPair(self.session, CKM_EC_KEY_PAIR_GEN, CKA_TOKEN = False, CKA_ID = "EC-P256", CKA_EC_PARAMS = self.oid_p256, CKA_SIGN = True, CKA_VERIFY = True) self.assertIsKeypair(public_key, private_key) @@ -285,10 +297,10 @@ class TestKeys(unittest.TestCase): p11.C_VerifyInit(self.session, CKM_ECDSA_SHA512, public_key) p11.C_Verify(self.session, hamster, sig) - def test_gen_sign_verify_rsa_1024(self): + def test_gen_sign_verify_rsa_1024_token(self): public_key, private_key = p11.C_GenerateKeyPair( self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1024, - CKA_ID = "RSA-1024", CKA_SIGN = True, CKA_VERIFY = True) + CKA_ID = "RSA-1024", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) self.assertIsKeypair(public_key, private_key) hamster = "Your mother was a hamster" p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key) @@ -297,20 +309,17 @@ class TestKeys(unittest.TestCase): p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key) p11.C_Verify(self.session, hamster, sig) - if False: - a = p11.C_GetAttributeValue(self.session, public_key, - CKA_CLASS, CKA_KEY_TYPE, CKA_VERIFY, CKA_TOKEN, - CKA_PUBLIC_EXPONENT, CKA_MODULUS) - a[CKA_TOKEN] = not a[CKA_TOKEN] - o = p11.C_CreateObject(self.session, a) - p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, o) - p11.C_Verify(self.session, hamster, sig) - - self.tearDown() - self.setUp() - o = p11.C_CreateObject(self.session, a) - p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, o) - p11.C_Verify(self.session, hamster, sig) + def test_gen_sign_verify_rsa_1024_session(self): + public_key, private_key = p11.C_GenerateKeyPair( + self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1024, + CKA_ID = "RSA-1024", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = False) + self.assertIsKeypair(public_key, private_key) + hamster = "Your mother was a hamster" + p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key) + sig = p11.C_Sign(self.session, hamster) + self.assertIsInstance(sig, str) + p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key) + p11.C_Verify(self.session, hamster, sig) def test_gen_sign_verify_rsa_2048(self): if not args.all_tests: self.skipTest("RSA key generation is still painfully slow") -- cgit v1.2.3