From 43d3149674743b9d31a13c934361a286fb5539d7 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sun, 12 Jun 2016 18:11:34 -0400 Subject: A few RSA unit tests inspired by hsmbully. --- unit_tests.py | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 69 insertions(+), 1 deletion(-) diff --git a/unit_tests.py b/unit_tests.py index e218b42..ef7b980 100644 --- a/unit_tests.py +++ b/unit_tests.py @@ -307,7 +307,7 @@ class TestKeys(unittest.TestCase): p11.C_Verify(self.session, hamster, sig) def test_gen_sign_verify_rsa_2048(self): - if not args.all_tests: self.skipTest("RSA key generation is still painfully slow") + #if not args.all_tests: self.skipTest("RSA key generation is still painfully slow") public_key, private_key = p11.C_GenerateKeyPair( self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 2048, CKA_ID = "RSA-2048", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) @@ -394,5 +394,73 @@ class TestKeys(unittest.TestCase): p11.C_VerifyInit(self.session, CKM_ECDSA_SHA256, o) p11.C_Verify(self.session, hamster, sig) + def extract_rsa_public_key(self, handle): + from Crypto.PublicKey import RSA + a = p11.C_GetAttributeValue(self.session, handle, CKA_MODULUS, CKA_PUBLIC_EXPONENT) + return RSA.construct((a[CKA_MODULUS], a[CKA_PUBLIC_EXPONENT])) + + def assertRawRSASignatureMatches(self, handle, plain, sig): + pubkey = self.extract_rsa_public_key(handle) + result = pubkey.encrypt(sig, 0)[0] + prefix = "\x00\x01" if False else "\x01" # XXX + expect = prefix + "\xff" * (len(result) - len(plain) - len(prefix) - 1) + "\x00" + plain + self.assertEqual(result, expect) + + def test_gen_sign_verify_tralala_rsa_1024(self): + tralala = "tralala-en-hopsasa" + public_key, private_key = p11.C_GenerateKeyPair( + self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1024, + CKA_ID = "RSA-1024", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) + self.assertIsKeypair(public_key, private_key) + p11.C_SignInit(self.session, CKM_RSA_PKCS, private_key) + sig = p11.C_Sign(self.session, tralala) + self.assertIsInstance(sig, str) + self.assertRawRSASignatureMatches(public_key, tralala, sig) + p11.C_VerifyInit(self.session, CKM_RSA_PKCS, public_key) + p11.C_Verify(self.session, tralala, sig) + + def test_gen_sign_verify_tralala_rsa_3416(self): + tralala = "tralala-en-hopsasa" + public_key, private_key = p11.C_GenerateKeyPair( + self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 3416, + CKA_ID = "RSA-3416", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) + self.assertIsKeypair(public_key, private_key) + p11.C_SignInit(self.session, CKM_RSA_PKCS, private_key) + sig = p11.C_Sign(self.session, tralala) + self.assertIsInstance(sig, str) + self.assertRawRSASignatureMatches(public_key, tralala, sig) + p11.C_VerifyInit(self.session, CKM_RSA_PKCS, public_key) + p11.C_Verify(self.session, tralala, sig) + + def test_gen_sign_verify_rsa_3416(self): + public_key, private_key = p11.C_GenerateKeyPair( + self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 3416, + CKA_ID = "RSA-3416", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) + self.assertIsKeypair(public_key, private_key) + hamster = "Your mother was a hamster" + p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key) + sig = p11.C_Sign(self.session, hamster) + self.assertIsInstance(sig, str) + p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key) + p11.C_Verify(self.session, hamster, sig) + + def test_gen_rsa_1028(self): + with self.assertRaises(CKR_ATTRIBUTE_VALUE_INVALID): + p11.C_GenerateKeyPair( + self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1028, + CKA_ID = "RSA-1028", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) + + def test_gen_sign_verify_rsa_1032(self): + public_key, private_key = p11.C_GenerateKeyPair( + self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1032, + CKA_ID = "RSA-1032", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True) + self.assertIsKeypair(public_key, private_key) + hamster = "Your mother was a hamster" + p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key) + sig = p11.C_Sign(self.session, hamster) + self.assertIsInstance(sig, str) + p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key) + p11.C_Verify(self.session, hamster, sig) + if __name__ == "__main__": main() -- cgit v1.2.3