1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
# Copyright 2016-2018 Yubico AB
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from yubihsm.defs import CAPABILITY, ALGORITHM
from yubihsm.objects import Opaque
from yubihsm.exceptions import YubiHsmInvalidRequestError
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec
import os
import uuid
import datetime
import pytest
def get_test_cert():
private_key = ec.generate_private_key(
ALGORITHM.EC_P256.to_curve(), default_backend()
)
name = x509.Name(
[x509.NameAttribute(x509.oid.NameOID.COMMON_NAME, "Test Certificate")]
)
one_day = datetime.timedelta(1, 0, 0)
certificate = (
x509.CertificateBuilder()
.subject_name(name)
.issuer_name(name)
.not_valid_before(datetime.datetime.today() - one_day)
.not_valid_after(datetime.datetime.today() + one_day)
.serial_number(int(uuid.uuid4()))
.public_key(private_key.public_key())
.sign(private_key, hashes.SHA256(), default_backend())
)
return certificate
def test_put_empty(session):
# Can't put an empty object
with pytest.raises(ValueError):
Opaque.put(
session,
0,
"Test PUT empty Opaque",
1,
CAPABILITY.NONE,
ALGORITHM.OPAQUE_DATA,
b"",
)
def test_data(session):
for size in (1, 256, 1234, 1968):
data = os.urandom(size)
opaque = Opaque.put(
session,
0,
"Test data Opaque",
1,
CAPABILITY.NONE,
ALGORITHM.OPAQUE_DATA,
data,
)
assert data == opaque.get()
opaque.delete()
def test_put_too_big(session):
with pytest.raises(YubiHsmInvalidRequestError):
Opaque.put(
session,
0,
"Test large Opaque",
1,
CAPABILITY.NONE,
ALGORITHM.OPAQUE_DATA,
os.urandom(3064),
)
# Make sure our session is still working
assert len(session.get_pseudo_random(123)) == 123
def test_certificate(session):
certificate = get_test_cert()
certobj = Opaque.put_certificate(
session, 0, "Test certificate Opaque", 1, CAPABILITY.NONE, certificate
)
assert certificate == certobj.get_certificate()
certobj.delete()
def test_compressed_certificate(session):
certificate = get_test_cert()
certobj = Opaque.put_certificate(
session,
0,
"Test certificate Opaque",
1,
CAPABILITY.NONE,
certificate,
)
compressed_certobj = Opaque.put_certificate(
session,
0,
"Test certificate Opaque Compressed",
1,
CAPABILITY.NONE,
certificate,
compress=True,
)
assert certobj.get_certificate() == compressed_certobj.get_certificate()
assert certobj.get() != compressed_certobj.get()
assert len(certobj.get()) > len(compressed_certobj.get())
|
