[Cryptech-Commits] [sw/pkcs11] 04/07: A few RSA unit tests inspired by hsmbully.

git at cryptech.is git at cryptech.is
Mon Jun 13 19:47:59 UTC 2016


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch master
in repository sw/pkcs11.

commit 43d3149674743b9d31a13c934361a286fb5539d7
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Sun Jun 12 18:11:34 2016 -0400

    A few RSA unit tests inspired by hsmbully.
---
 unit_tests.py | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 69 insertions(+), 1 deletion(-)

diff --git a/unit_tests.py b/unit_tests.py
index e218b42..ef7b980 100644
--- a/unit_tests.py
+++ b/unit_tests.py
@@ -307,7 +307,7 @@ class TestKeys(unittest.TestCase):
         p11.C_Verify(self.session, hamster, sig)
 
     def test_gen_sign_verify_rsa_2048(self):
-        if not args.all_tests: self.skipTest("RSA key generation is still painfully slow")
+        #if not args.all_tests: self.skipTest("RSA key generation is still painfully slow")
         public_key, private_key = p11.C_GenerateKeyPair(
             self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 2048,
             CKA_ID = "RSA-2048", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
@@ -394,5 +394,73 @@ class TestKeys(unittest.TestCase):
         p11.C_VerifyInit(self.session, CKM_ECDSA_SHA256, o)
         p11.C_Verify(self.session, hamster, sig)
 
+    def extract_rsa_public_key(self, handle):
+        from Crypto.PublicKey import RSA
+        a = p11.C_GetAttributeValue(self.session, handle, CKA_MODULUS, CKA_PUBLIC_EXPONENT)
+        return RSA.construct((a[CKA_MODULUS], a[CKA_PUBLIC_EXPONENT]))
+
+    def assertRawRSASignatureMatches(self, handle, plain, sig):
+        pubkey = self.extract_rsa_public_key(handle)
+        result = pubkey.encrypt(sig, 0)[0]
+        prefix = "\x00\x01" if False else "\x01" # XXX
+        expect = prefix + "\xff" * (len(result) - len(plain) - len(prefix) - 1) + "\x00" + plain
+        self.assertEqual(result, expect)
+
+    def test_gen_sign_verify_tralala_rsa_1024(self):
+        tralala = "tralala-en-hopsasa"
+        public_key, private_key = p11.C_GenerateKeyPair(
+            self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1024,
+            CKA_ID = "RSA-1024", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
+        self.assertIsKeypair(public_key, private_key)
+        p11.C_SignInit(self.session, CKM_RSA_PKCS, private_key)
+        sig = p11.C_Sign(self.session, tralala)
+        self.assertIsInstance(sig, str)
+        self.assertRawRSASignatureMatches(public_key, tralala, sig)
+        p11.C_VerifyInit(self.session, CKM_RSA_PKCS, public_key)
+        p11.C_Verify(self.session, tralala, sig)
+
+    def test_gen_sign_verify_tralala_rsa_3416(self):
+        tralala = "tralala-en-hopsasa"
+        public_key, private_key = p11.C_GenerateKeyPair(
+            self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 3416,
+            CKA_ID = "RSA-3416", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
+        self.assertIsKeypair(public_key, private_key)
+        p11.C_SignInit(self.session, CKM_RSA_PKCS, private_key)
+        sig = p11.C_Sign(self.session, tralala)
+        self.assertIsInstance(sig, str)
+        self.assertRawRSASignatureMatches(public_key, tralala, sig)
+        p11.C_VerifyInit(self.session, CKM_RSA_PKCS, public_key)
+        p11.C_Verify(self.session, tralala, sig)
+
+    def test_gen_sign_verify_rsa_3416(self):
+        public_key, private_key = p11.C_GenerateKeyPair(
+            self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 3416,
+            CKA_ID = "RSA-3416", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
+        self.assertIsKeypair(public_key, private_key)
+        hamster = "Your mother was a hamster"
+        p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
+        sig = p11.C_Sign(self.session, hamster)
+        self.assertIsInstance(sig, str)
+        p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
+        p11.C_Verify(self.session, hamster, sig)
+
+    def test_gen_rsa_1028(self):
+        with self.assertRaises(CKR_ATTRIBUTE_VALUE_INVALID):
+            p11.C_GenerateKeyPair(
+                self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1028,
+                CKA_ID = "RSA-1028", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
+
+    def test_gen_sign_verify_rsa_1032(self):
+        public_key, private_key = p11.C_GenerateKeyPair(
+            self.session, CKM_RSA_PKCS_KEY_PAIR_GEN, CKA_MODULUS_BITS = 1032,
+            CKA_ID = "RSA-1032", CKA_SIGN = True, CKA_VERIFY = True, CKA_TOKEN = True)
+        self.assertIsKeypair(public_key, private_key)
+        hamster = "Your mother was a hamster"
+        p11.C_SignInit(self.session, CKM_SHA512_RSA_PKCS, private_key)
+        sig = p11.C_Sign(self.session, hamster)
+        self.assertIsInstance(sig, str)
+        p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
+        p11.C_Verify(self.session, hamster, sig)
+
 if __name__ == "__main__":
     main()



More information about the Commits mailing list