Increase unit testing coverage for PKCS#11
This patch adds a few tests to increase the test coverage for the PKCS#11 backend. Related-Bug: #2036506 Change-Id: I3a95d3c1bedb42f8874be8ef622f0b9b7ae27bd7
This commit is contained in:
parent
7b36764cd1
commit
bae6737cb3
@ -391,3 +391,25 @@ class WhenTestingP11CryptoPlugin(utils.BaseTestCase):
|
||||
load_mock.assert_called_with(
|
||||
'test_kek', None, key, hmac,
|
||||
'test_mkek', 'test_hmac', 'CKM_AES_CBC_PAD')
|
||||
|
||||
def test_load_kek_no_iv(self):
|
||||
key = os.urandom(32)
|
||||
wrapped = base64.b64encode(key).decode('UTF-8')
|
||||
hmac = base64.b64encode(os.urandom(16)).decode('UTF-8')
|
||||
|
||||
self.plugin._load_kek('test_key', None, wrapped, hmac, 'mkek_label',
|
||||
'hmac_label', 'CKM_AES_KEY_WRAP_KWP')
|
||||
|
||||
key in self.pkcs11.verify_hmac.call_args.args
|
||||
|
||||
def test_generate_wrapped_kek_no_iv(self):
|
||||
wrapped = base64.b64encode(os.urandom(32))
|
||||
self.pkcs11.wrap_key.return_value = {
|
||||
'iv': None,
|
||||
'wrapped_key': wrapped,
|
||||
'key_wrap_mechanism': 'CKM_AES_KEY_WRAP_KWP'
|
||||
}
|
||||
|
||||
_ = self.plugin._generate_wrapped_kek(32, 'test_kek')
|
||||
|
||||
wrapped in self.pkcs11.compute_hmac.call_args.args
|
||||
|
@ -178,6 +178,33 @@ class WhenTestingPKCS11(utils.BaseTestCase):
|
||||
def _verify(self, *args, **kwargs):
|
||||
return pkcs11.CKR_OK
|
||||
|
||||
def test_init_raises_invalid_encryption_mechanism(self):
|
||||
self.assertRaises(
|
||||
ValueError,
|
||||
pkcs11.PKCS11,
|
||||
self.cfg_mock.library_path,
|
||||
self.cfg_mock.login_passphrase,
|
||||
encryption_mechanism='CKM_BOGUS')
|
||||
|
||||
def test_init_raises_invalid_hmac_mechanism(self):
|
||||
self.assertRaises(
|
||||
ValueError,
|
||||
pkcs11.PKCS11,
|
||||
self.cfg_mock.library_path,
|
||||
self.cfg_mock.login_passphrase,
|
||||
encryption_mechanism='CKM_AES_GCM',
|
||||
hmac_mechanism='CKM_BOGUS')
|
||||
|
||||
def test_init_raises_invalid_key_wrap_mechanism(self):
|
||||
self.assertRaises(
|
||||
ValueError,
|
||||
pkcs11.PKCS11,
|
||||
self.cfg_mock.library_path,
|
||||
self.cfg_mock.login_passphrase,
|
||||
encryption_mechanism='CKM_AES_GCM',
|
||||
hmac_mechanism='CKM_SHA256_HMAC',
|
||||
key_wrap_mechanism='CKM_BOGUS')
|
||||
|
||||
def test_get_slot_id_from_serial_number(self):
|
||||
slot_id = self.pkcs11._get_slot_id('111111', None, 2)
|
||||
self.assertEqual(1, slot_id)
|
||||
|
Loading…
Reference in New Issue
Block a user