Increase unit testing coverage for PKCS#11

This patch adds a few tests to increase the test coverage for the PKCS#11 backend. Related-Bug: #2036506 Change-Id: I3a95d3c1bedb42f8874be8ef622f0b9b7ae27bd7
2024-11-19 14:45:18 -05:00 · 2024-11-19 14:45:18 -05:00 · bae6737cb3
commit bae6737cb3
parent 7b36764cd1
2 changed files with 49 additions and 0 deletions
--- a/barbican/tests/plugin/crypto/test_p11_crypto.py
+++ b/barbican/tests/plugin/crypto/test_p11_crypto.py
@ -391,3 +391,25 @@ class WhenTestingP11CryptoPlugin(utils.BaseTestCase):
        load_mock.assert_called_with(
            'test_kek', None, key, hmac,
            'test_mkek', 'test_hmac', 'CKM_AES_CBC_PAD')
    def test_load_kek_no_iv(self):
        key = os.urandom(32)
        wrapped = base64.b64encode(key).decode('UTF-8')
        hmac = base64.b64encode(os.urandom(16)).decode('UTF-8')
        self.plugin._load_kek('test_key', None, wrapped, hmac, 'mkek_label',
                              'hmac_label', 'CKM_AES_KEY_WRAP_KWP')
        key in self.pkcs11.verify_hmac.call_args.args
    def test_generate_wrapped_kek_no_iv(self):
        wrapped = base64.b64encode(os.urandom(32))
        self.pkcs11.wrap_key.return_value = {
            'iv': None,
            'wrapped_key': wrapped,
            'key_wrap_mechanism': 'CKM_AES_KEY_WRAP_KWP'
        }
        _ = self.plugin._generate_wrapped_kek(32, 'test_kek')
        wrapped in self.pkcs11.compute_hmac.call_args.args
--- a/barbican/tests/plugin/crypto/test_pkcs11.py
+++ b/barbican/tests/plugin/crypto/test_pkcs11.py
@ -178,6 +178,33 @@ class WhenTestingPKCS11(utils.BaseTestCase):
    def _verify(self, *args, **kwargs):
        return pkcs11.CKR_OK
    def test_init_raises_invalid_encryption_mechanism(self):
        self.assertRaises(
            ValueError,
            pkcs11.PKCS11,
            self.cfg_mock.library_path,
            self.cfg_mock.login_passphrase,
            encryption_mechanism='CKM_BOGUS')
    def test_init_raises_invalid_hmac_mechanism(self):
        self.assertRaises(
            ValueError,
            pkcs11.PKCS11,
            self.cfg_mock.library_path,
            self.cfg_mock.login_passphrase,
            encryption_mechanism='CKM_AES_GCM',
            hmac_mechanism='CKM_BOGUS')
    def test_init_raises_invalid_key_wrap_mechanism(self):
        self.assertRaises(
            ValueError,
            pkcs11.PKCS11,
            self.cfg_mock.library_path,
            self.cfg_mock.login_passphrase,
            encryption_mechanism='CKM_AES_GCM',
            hmac_mechanism='CKM_SHA256_HMAC',
            key_wrap_mechanism='CKM_BOGUS')
    def test_get_slot_id_from_serial_number(self):
        slot_id = self.pkcs11._get_slot_id('111111', None, 2)
        self.assertEqual(1, slot_id)