Increase unit testing coverage for PKCS#11

This patch adds a few tests to increase the test coverage for the
PKCS#11 backend.

Related-Bug: #2036506
Change-Id: I3a95d3c1bedb42f8874be8ef622f0b9b7ae27bd7
This commit is contained in:
Douglas Mendizabal 2024-11-19 14:45:18 -05:00
parent 7b36764cd1
commit bae6737cb3
2 changed files with 49 additions and 0 deletions

View File

@ -391,3 +391,25 @@ class WhenTestingP11CryptoPlugin(utils.BaseTestCase):
load_mock.assert_called_with(
'test_kek', None, key, hmac,
'test_mkek', 'test_hmac', 'CKM_AES_CBC_PAD')
def test_load_kek_no_iv(self):
key = os.urandom(32)
wrapped = base64.b64encode(key).decode('UTF-8')
hmac = base64.b64encode(os.urandom(16)).decode('UTF-8')
self.plugin._load_kek('test_key', None, wrapped, hmac, 'mkek_label',
'hmac_label', 'CKM_AES_KEY_WRAP_KWP')
key in self.pkcs11.verify_hmac.call_args.args
def test_generate_wrapped_kek_no_iv(self):
wrapped = base64.b64encode(os.urandom(32))
self.pkcs11.wrap_key.return_value = {
'iv': None,
'wrapped_key': wrapped,
'key_wrap_mechanism': 'CKM_AES_KEY_WRAP_KWP'
}
_ = self.plugin._generate_wrapped_kek(32, 'test_kek')
wrapped in self.pkcs11.compute_hmac.call_args.args

View File

@ -178,6 +178,33 @@ class WhenTestingPKCS11(utils.BaseTestCase):
def _verify(self, *args, **kwargs):
return pkcs11.CKR_OK
def test_init_raises_invalid_encryption_mechanism(self):
self.assertRaises(
ValueError,
pkcs11.PKCS11,
self.cfg_mock.library_path,
self.cfg_mock.login_passphrase,
encryption_mechanism='CKM_BOGUS')
def test_init_raises_invalid_hmac_mechanism(self):
self.assertRaises(
ValueError,
pkcs11.PKCS11,
self.cfg_mock.library_path,
self.cfg_mock.login_passphrase,
encryption_mechanism='CKM_AES_GCM',
hmac_mechanism='CKM_BOGUS')
def test_init_raises_invalid_key_wrap_mechanism(self):
self.assertRaises(
ValueError,
pkcs11.PKCS11,
self.cfg_mock.library_path,
self.cfg_mock.login_passphrase,
encryption_mechanism='CKM_AES_GCM',
hmac_mechanism='CKM_SHA256_HMAC',
key_wrap_mechanism='CKM_BOGUS')
def test_get_slot_id_from_serial_number(self):
slot_id = self.pkcs11._get_slot_id('111111', None, 2)
self.assertEqual(1, slot_id)