12855273166

Committed 19 Jan 2025 04:26PM UTC coverage: 86.678% (-0.008%) from 86.686%

Build # 12855273166

Build Type

push

github

Committed by

LudovicRousseau

Commit Message

test_derive: document test_deriveKey_CKM_EXTRACT_KEY_FROM_KEY

Run Details

2993 of 3453 relevant lines covered (86.68%)

0.87 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

97.94

/test/test_objects.py

import unittest

from PyKCS11 import PyKCS11

# those shortcuts make the testing code more readable
CK_FALSE = PyKCS11.CK_FALSE
CK_TRUE = PyKCS11.CK_TRUE


class TestUtil(unittest.TestCase):
    def setUp(self):
        self.pkcs11 = PyKCS11.PyKCS11Lib()
        self.pkcs11.load()

        # get SoftHSM major version
        self.SoftHSMversion = self.pkcs11.getInfo().libraryVersion[0]

        self.slot = self.pkcs11.getSlotList(tokenPresent=True)[0]

        self.session = self.pkcs11.openSession(
            self.slot, PyKCS11.CKF_SERIAL_SESSION | PyKCS11.CKF_RW_SESSION
        )
        self.session.login("1234")

    def tearDown(self):
        self.session.logout()
        self.pkcs11.closeAllSessions(self.slot)
        del self.pkcs11

    def test_objects(self):
        if self.SoftHSMversion < 2:
            self.skipTest("generateKey() only supported by SoftHSM >= 2")

        AESKeyTemplate = [
            (PyKCS11.CKA_CLASS, PyKCS11.CKO_SECRET_KEY),
            (PyKCS11.CKA_KEY_TYPE, PyKCS11.CKK_AES),
            (PyKCS11.CKA_TOKEN, PyKCS11.CK_TRUE),
            (PyKCS11.CKA_PRIVATE, PyKCS11.CK_FALSE),
            (PyKCS11.CKA_ENCRYPT, PyKCS11.CK_TRUE),
            (PyKCS11.CKA_DECRYPT, PyKCS11.CK_TRUE),
            (PyKCS11.CKA_SIGN, PyKCS11.CK_FALSE),
            (PyKCS11.CKA_VERIFY, PyKCS11.CK_FALSE),
            (PyKCS11.CKA_VALUE_LEN, 32),
            (PyKCS11.CKA_LABEL, "TestAESKey"),
            (PyKCS11.CKA_ID, (0x01,)),
        ]

        # generate AES key
        AESKey = self.session.generateKey(AESKeyTemplate)
        self.assertIsNotNone(AESKey)

        # find the first secret key
        symKey = self.session.findObjects(
            [(PyKCS11.CKA_CLASS, PyKCS11.CKO_SECRET_KEY)]
        )[0]

        # test object handle
        text = str(symKey)
        self.assertIsNotNone(text)

        # test createObject()
        template = [(PyKCS11.CKA_CLASS, PyKCS11.CKO_DATA), (PyKCS11.CKA_LABEL, "data")]
        handle = self.session.createObject(template)
        self.assertIsNotNone(handle)

        self.session.destroyObject(handle)

        # test getAttributeValue

        # attributes as define by AESKeyTemplate
        all_attributes = [
            PyKCS11.CKA_CLASS,
            PyKCS11.CKA_KEY_TYPE,
            PyKCS11.CKA_TOKEN,
            PyKCS11.CKA_LABEL,
            PyKCS11.CKA_ID,
        ]

        values = self.session.getAttributeValue(AESKey, all_attributes)
        self.assertEqual(
            values,
            [
                PyKCS11.CKO_SECRET_KEY,
                PyKCS11.CKK_AES,
                PyKCS11.CK_TRUE,
                "TestAESKey",
                (0x01,),
            ],
        )

        # clean up
        self.session.destroyObject(AESKey)

        template = [(PyKCS11.CKA_HW_FEATURE_TYPE, PyKCS11.CKH_USER_INTERFACE)]
        o = self.session.findObjects(template)

    def test_BoolAttributes(self):
        # dictionary of attributes expected to be bool and their expected values
        boolAttributes = {
            PyKCS11.CKA_TOKEN: PyKCS11.CK_FALSE,
            PyKCS11.CKA_PRIVATE: PyKCS11.CK_FALSE,
            # The attributes below are defaulted to CK_TRUE
            # ( according to the PKCS#11 standard )
            PyKCS11.CKA_MODIFIABLE: PyKCS11.CK_TRUE,
            PyKCS11.CKA_COPYABLE: PyKCS11.CK_TRUE,
            PyKCS11.CKA_DESTROYABLE: PyKCS11.CK_TRUE,
        }

        CkoDataTemplate = [
            (PyKCS11.CKA_CLASS, PyKCS11.CKO_DATA),
            (PyKCS11.CKA_TOKEN, PyKCS11.CK_FALSE),
            (PyKCS11.CKA_PRIVATE, PyKCS11.CK_FALSE),
            (PyKCS11.CKA_LABEL, "TestData"),
        ]

        # create a CKO_DATA object
        ckoData = self.session.createObject(CkoDataTemplate)
        self.assertIsNotNone(ckoData)

        attrValues = self.session.getAttributeValue(
            ckoData, list(boolAttributes.keys())
        )

        # check that attributes are of bool type
        # and have expected values
        for i, attr in enumerate(boolAttributes):
            self.assertIsInstance(attrValues[i], bool)
            self.assertEqual(attrValues[i], boolAttributes[attr])

        # clean up
        self.session.destroyObject(ckoData)


class TestGetSetAttributeValues(unittest.TestCase):

    def setUp(self) -> None:

        self.pkcs11 = PyKCS11.PyKCS11Lib()
        self.pkcs11.load()

        # get SoftHSM major version
        self.SoftHSMversion = self.pkcs11.getInfo().libraryVersion[0]
        if self.SoftHSMversion < 2:
            self.skipTest("generateKey() only supported by SoftHSM >= 2")

        self.slot = self.pkcs11.getSlotList(tokenPresent=True)[0]

        self.session = self.pkcs11.openSession(
            self.slot, PyKCS11.CKF_SERIAL_SESSION | PyKCS11.CKF_RW_SESSION
        )
        self.session.login("1234")

        AESKeyTemplate = [
            (PyKCS11.CKA_CLASS, PyKCS11.CKO_SECRET_KEY),
            (PyKCS11.CKA_KEY_TYPE, PyKCS11.CKK_AES),
            (PyKCS11.CKA_TOKEN, CK_TRUE),
            (PyKCS11.CKA_PRIVATE, CK_FALSE),
            (PyKCS11.CKA_ENCRYPT, CK_TRUE),
            (PyKCS11.CKA_DECRYPT, CK_TRUE),
            (PyKCS11.CKA_SIGN, CK_FALSE),
            (PyKCS11.CKA_VERIFY, CK_FALSE),
            (PyKCS11.CKA_VALUE_LEN, 32),
            (PyKCS11.CKA_LABEL, "TestAESKey"),
            (PyKCS11.CKA_ID, (0x01,)),
        ]

        # generate AES key
        self.AESKey = self.session.generateKey(AESKeyTemplate)
        self.assertIsNotNone(self.AESKey)

    def tearDown(self):
        self.session.destroyObject(self.AESKey)
        self.session.logout()
        self.pkcs11.closeAllSessions(self.slot)
        del self.pkcs11

    def test_getAttributeValue(self):

        # attributes as defined by AESKeyTemplate in setUp
        all_attributes = [
            PyKCS11.CKA_CLASS,
            PyKCS11.CKA_KEY_TYPE,
            PyKCS11.CKA_TOKEN,
            PyKCS11.CKA_LABEL,
            PyKCS11.CKA_ID,
        ]

        values = self.session.getAttributeValue(self.AESKey, all_attributes)
        self.assertEqual(
            values,
            [
                PyKCS11.CKO_SECRET_KEY,
                PyKCS11.CKK_AES,
                CK_TRUE,
                "TestAESKey",
                (0x01,),
            ],
        )

    def test_setAttributeValue_with_single_binary_attribute(self):
        # test setAttributeValue with a binary attribute
        _ATTR = PyKCS11.CKA_SIGN  # which attribute to test with. use a binary attribute

        old_state = self.session.getAttributeValue(self.AESKey, [_ATTR])[0]
        new_state = CK_TRUE if old_state == CK_FALSE else CK_FALSE  # switch the state

        rv = self.session.setAttributeValue(self.AESKey, [(_ATTR, new_state)])
        assert rv is None

        # test to see if object is really modified
        test_state = self.session.getAttributeValue(self.AESKey, [_ATTR])[0]
        assert test_state == new_state
        assert test_state != old_state

    def test_setAttributeValue_with_a_list_of_attributes(self):

        # which binary attributes to flip?
        attributes_to_switch = [
            PyKCS11.CKA_SIGN,
            PyKCS11.CKA_ENCRYPT,
            PyKCS11.CKA_DECRYPT,
            PyKCS11.CKA_VERIFY,
            PyKCS11.CKA_WRAP,
            PyKCS11.CKA_UNWRAP,
        ]

        old_attributes = self.session.getAttributeValue(
            self.AESKey, attributes_to_switch
        )

        flipped_attributes = []
        for i, attr in enumerate(attributes_to_switch):
            new_value = CK_TRUE if old_attributes[i] == CK_FALSE else CK_FALSE
            flipped_attributes.append((attributes_to_switch[i], new_value))

        rv = self.session.setAttributeValue(self.AESKey, flipped_attributes)
        assert rv is None

        new_attributes = self.session.getAttributeValue(
            self.AESKey, attributes_to_switch
        )
        for new, old in zip(new_attributes, old_attributes):
            assert new != old
            assert (new == CK_TRUE and old == CK_FALSE) or (
                new == CK_FALSE and old == CK_TRUE
            )

    def test_setAttributeValue_with_label_attribute(self):
        # test setAttributeValue with the text field `CKA_Label` by appending some text

        old_label = self.session.getAttributeValue(self.AESKey, [PyKCS11.CKA_LABEL])[0]
        new_label = old_label + "-mod"
        self.session.setAttributeValue(self.AESKey, [(PyKCS11.CKA_LABEL, new_label)])
        test_label = self.session.getAttributeValue(self.AESKey, [PyKCS11.CKA_LABEL])[0]

        assert new_label != old_label
        assert test_label == new_label
        assert test_label != old_label

1	import unittest	1✔
2
3	from PyKCS11 import PyKCS11	1✔
4
5	# those shortcuts make the testing code more readable
6	CK_FALSE = PyKCS11.CK_FALSE	1✔
7	CK_TRUE = PyKCS11.CK_TRUE	1✔
8
9
10	class TestUtil(unittest.TestCase):	1✔
11	def setUp(self):	1✔
12	self.pkcs11 = PyKCS11.PyKCS11Lib()	1✔
13	self.pkcs11.load()	1✔
14
15	# get SoftHSM major version
16	self.SoftHSMversion = self.pkcs11.getInfo().libraryVersion[0]	1✔
17
18	self.slot = self.pkcs11.getSlotList(tokenPresent=True)[0]	1✔
19
20	self.session = self.pkcs11.openSession(	1✔
21	self.slot, PyKCS11.CKF_SERIAL_SESSION \| PyKCS11.CKF_RW_SESSION
22	)
23	self.session.login("1234")	1✔
24
25	def tearDown(self):	1✔
26	self.session.logout()	1✔
27	self.pkcs11.closeAllSessions(self.slot)	1✔
28	del self.pkcs11	1✔
29
30	def test_objects(self):	1✔
31	if self.SoftHSMversion < 2:	1✔
32	self.skipTest("generateKey() only supported by SoftHSM >= 2")	×
33
34	AESKeyTemplate = [	1✔
35	(PyKCS11.CKA_CLASS, PyKCS11.CKO_SECRET_KEY),
36	(PyKCS11.CKA_KEY_TYPE, PyKCS11.CKK_AES),
37	(PyKCS11.CKA_TOKEN, PyKCS11.CK_TRUE),
38	(PyKCS11.CKA_PRIVATE, PyKCS11.CK_FALSE),
39	(PyKCS11.CKA_ENCRYPT, PyKCS11.CK_TRUE),
40	(PyKCS11.CKA_DECRYPT, PyKCS11.CK_TRUE),
41	(PyKCS11.CKA_SIGN, PyKCS11.CK_FALSE),
42	(PyKCS11.CKA_VERIFY, PyKCS11.CK_FALSE),
43	(PyKCS11.CKA_VALUE_LEN, 32),
44	(PyKCS11.CKA_LABEL, "TestAESKey"),
45	(PyKCS11.CKA_ID, (0x01,)),
46	]
47
48	# generate AES key
49	AESKey = self.session.generateKey(AESKeyTemplate)	1✔
50	self.assertIsNotNone(AESKey)	1✔
51
52	# find the first secret key
53	symKey = self.session.findObjects(	1✔
54	[(PyKCS11.CKA_CLASS, PyKCS11.CKO_SECRET_KEY)]
55	)[0]
56
57	# test object handle
58	text = str(symKey)	1✔
59	self.assertIsNotNone(text)	1✔
60
61	# test createObject()
62	template = [(PyKCS11.CKA_CLASS, PyKCS11.CKO_DATA), (PyKCS11.CKA_LABEL, "data")]	1✔
63	handle = self.session.createObject(template)	1✔
64	self.assertIsNotNone(handle)	1✔
65
66	self.session.destroyObject(handle)	1✔
67
68	# test getAttributeValue
69
70	# attributes as define by AESKeyTemplate
71	all_attributes = [	1✔
72	PyKCS11.CKA_CLASS,
73	PyKCS11.CKA_KEY_TYPE,
74	PyKCS11.CKA_TOKEN,
75	PyKCS11.CKA_LABEL,
76	PyKCS11.CKA_ID,
77	]
78
79	values = self.session.getAttributeValue(AESKey, all_attributes)	1✔
80	self.assertEqual(	1✔
81	values,
82	[
83	PyKCS11.CKO_SECRET_KEY,
84	PyKCS11.CKK_AES,
85	PyKCS11.CK_TRUE,
86	"TestAESKey",
87	(0x01,),
88	],
89	)
90
91	# clean up
92	self.session.destroyObject(AESKey)	1✔
93
94	template = [(PyKCS11.CKA_HW_FEATURE_TYPE, PyKCS11.CKH_USER_INTERFACE)]	1✔
95	o = self.session.findObjects(template)	1✔
96
97	def test_BoolAttributes(self):	1✔
98	# dictionary of attributes expected to be bool and their expected values
99	boolAttributes = {	1✔
100	PyKCS11.CKA_TOKEN: PyKCS11.CK_FALSE,
101	PyKCS11.CKA_PRIVATE: PyKCS11.CK_FALSE,
102	# The attributes below are defaulted to CK_TRUE
103	# ( according to the PKCS#11 standard )
104	PyKCS11.CKA_MODIFIABLE: PyKCS11.CK_TRUE,
105	PyKCS11.CKA_COPYABLE: PyKCS11.CK_TRUE,
106	PyKCS11.CKA_DESTROYABLE: PyKCS11.CK_TRUE,
107	}
108
109	CkoDataTemplate = [	1✔
110	(PyKCS11.CKA_CLASS, PyKCS11.CKO_DATA),
111	(PyKCS11.CKA_TOKEN, PyKCS11.CK_FALSE),
112	(PyKCS11.CKA_PRIVATE, PyKCS11.CK_FALSE),
113	(PyKCS11.CKA_LABEL, "TestData"),
114	]
115
116	# create a CKO_DATA object
117	ckoData = self.session.createObject(CkoDataTemplate)	1✔
118	self.assertIsNotNone(ckoData)	1✔
119
120	attrValues = self.session.getAttributeValue(	1✔
121	ckoData, list(boolAttributes.keys())
122	)
123
124	# check that attributes are of bool type
125	# and have expected values
126	for i, attr in enumerate(boolAttributes):	1✔
127	self.assertIsInstance(attrValues[i], bool)	1✔
128	self.assertEqual(attrValues[i], boolAttributes[attr])	1✔
129
130	# clean up
131	self.session.destroyObject(ckoData)	1✔
132
133
134	class TestGetSetAttributeValues(unittest.TestCase):	1✔
135
136	def setUp(self) -> None:	1✔
137
138	self.pkcs11 = PyKCS11.PyKCS11Lib()	1✔
139	self.pkcs11.load()	1✔
140
141	# get SoftHSM major version
142	self.SoftHSMversion = self.pkcs11.getInfo().libraryVersion[0]	1✔
143	if self.SoftHSMversion < 2:	1✔
144	self.skipTest("generateKey() only supported by SoftHSM >= 2")	×
145
146	self.slot = self.pkcs11.getSlotList(tokenPresent=True)[0]	1✔
147
148	self.session = self.pkcs11.openSession(	1✔
149	self.slot, PyKCS11.CKF_SERIAL_SESSION \| PyKCS11.CKF_RW_SESSION
150	)
151	self.session.login("1234")	1✔
152
153	AESKeyTemplate = [	1✔
154	(PyKCS11.CKA_CLASS, PyKCS11.CKO_SECRET_KEY),
155	(PyKCS11.CKA_KEY_TYPE, PyKCS11.CKK_AES),
156	(PyKCS11.CKA_TOKEN, CK_TRUE),
157	(PyKCS11.CKA_PRIVATE, CK_FALSE),
158	(PyKCS11.CKA_ENCRYPT, CK_TRUE),
159	(PyKCS11.CKA_DECRYPT, CK_TRUE),
160	(PyKCS11.CKA_SIGN, CK_FALSE),
161	(PyKCS11.CKA_VERIFY, CK_FALSE),
162	(PyKCS11.CKA_VALUE_LEN, 32),
163	(PyKCS11.CKA_LABEL, "TestAESKey"),
164	(PyKCS11.CKA_ID, (0x01,)),
165	]
166
167	# generate AES key
168	self.AESKey = self.session.generateKey(AESKeyTemplate)	1✔
169	self.assertIsNotNone(self.AESKey)	1✔
170
171	def tearDown(self):	1✔
172	self.session.destroyObject(self.AESKey)	1✔
173	self.session.logout()	1✔
174	self.pkcs11.closeAllSessions(self.slot)	1✔
175	del self.pkcs11	1✔
176
177	def test_getAttributeValue(self):	1✔
178
179	# attributes as defined by AESKeyTemplate in setUp
180	all_attributes = [	1✔
181	PyKCS11.CKA_CLASS,
182	PyKCS11.CKA_KEY_TYPE,
183	PyKCS11.CKA_TOKEN,
184	PyKCS11.CKA_LABEL,
185	PyKCS11.CKA_ID,
186	]
187
188	values = self.session.getAttributeValue(self.AESKey, all_attributes)	1✔
189	self.assertEqual(	1✔
190	values,
191	[
192	PyKCS11.CKO_SECRET_KEY,
193	PyKCS11.CKK_AES,
194	CK_TRUE,
195	"TestAESKey",
196	(0x01,),
197	],
198	)
199
200	def test_setAttributeValue_with_single_binary_attribute(self):	1✔
201	# test setAttributeValue with a binary attribute
202	_ATTR = PyKCS11.CKA_SIGN # which attribute to test with. use a binary attribute	1✔
203
204	old_state = self.session.getAttributeValue(self.AESKey, [_ATTR])[0]	1✔
205	new_state = CK_TRUE if old_state == CK_FALSE else CK_FALSE # switch the state	1✔
206
207	rv = self.session.setAttributeValue(self.AESKey, [(_ATTR, new_state)])	1✔
208	assert rv is None	1✔
209
210	# test to see if object is really modified
211	test_state = self.session.getAttributeValue(self.AESKey, [_ATTR])[0]	1✔
212	assert test_state == new_state	1✔
213	assert test_state != old_state	1✔
214
215	def test_setAttributeValue_with_a_list_of_attributes(self):	1✔
216
217	# which binary attributes to flip?
218	attributes_to_switch = [	1✔
219	PyKCS11.CKA_SIGN,
220	PyKCS11.CKA_ENCRYPT,
221	PyKCS11.CKA_DECRYPT,
222	PyKCS11.CKA_VERIFY,
223	PyKCS11.CKA_WRAP,
224	PyKCS11.CKA_UNWRAP,
225	]
226
227	old_attributes = self.session.getAttributeValue(	1✔
228	self.AESKey, attributes_to_switch
229	)
230
231	flipped_attributes = []	1✔
232	for i, attr in enumerate(attributes_to_switch):	1✔
233	new_value = CK_TRUE if old_attributes[i] == CK_FALSE else CK_FALSE	1✔
234	flipped_attributes.append((attributes_to_switch[i], new_value))	1✔
235
236	rv = self.session.setAttributeValue(self.AESKey, flipped_attributes)	1✔
237	assert rv is None	1✔
238
239	new_attributes = self.session.getAttributeValue(	1✔
240	self.AESKey, attributes_to_switch
241	)
242	for new, old in zip(new_attributes, old_attributes):	1✔
243	assert new != old	1✔
244	assert (new == CK_TRUE and old == CK_FALSE) or (	1✔
245	new == CK_FALSE and old == CK_TRUE
246	)
247
248	def test_setAttributeValue_with_label_attribute(self):	1✔
249	# test setAttributeValue with the text field `CKA_Label` by appending some text
250
251	old_label = self.session.getAttributeValue(self.AESKey, [PyKCS11.CKA_LABEL])[0]	1✔
252	new_label = old_label + "-mod"	1✔
253	self.session.setAttributeValue(self.AESKey, [(PyKCS11.CKA_LABEL, new_label)])	1✔
254	test_label = self.session.getAttributeValue(self.AESKey, [PyKCS11.CKA_LABEL])[0]	1✔
255
256	assert new_label != old_label	1✔
257	assert test_label == new_label	1✔
258	assert test_label != old_label	1✔

LudovicRousseau / PyKCS11 / 12855273166

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous