From 407110def426d856ac33808e4d6717ffe054ec2c Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 14 Feb 2023 11:25:02 +0100 Subject: [PATCH] Added ECDH tests. Signed-off-by: Pol Henarejos --- tests/conftest.py | 6 ++- tests/pico-hsm/test_022_key_derivation.py | 52 +++++++++++++++++++++++ tests/utils.py | 1 + 3 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 tests/pico-hsm/test_022_key_derivation.py diff --git a/tests/conftest.py b/tests/conftest.py index 4cc960f..d5915a1 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -335,9 +335,13 @@ class Device: data += c.finalize() p1 = self.get_first_free_id() - resp = self.send(cla=0x80, command=0x74, p1=p1, p2=0x93, data=data) + _ = self.send(cla=0x80, command=0x74, p1=p1, p2=0x93, data=data) return p1 + def exchange(self, keyid, pubkey): + resp = self.send(cla=0x80, command=0x62, p1=keyid, p2=Algorithm.ALGO_EC_DH.value, data=pubkey.public_bytes(Encoding.X962, PublicFormat.UncompressedPoint)) + return resp + @pytest.fixture(scope="session") def device(): diff --git a/tests/pico-hsm/test_022_key_derivation.py b/tests/pico-hsm/test_022_key_derivation.py new file mode 100644 index 0000000..e28298a --- /dev/null +++ b/tests/pico-hsm/test_022_key_derivation.py @@ -0,0 +1,52 @@ +""" +/* + * This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm). + * Copyright (c) 2022 Pol Henarejos. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, version 3. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +""" + +import pytest +import hashlib +from utils import KeyType, DOPrefixes +from cryptography.hazmat.primitives.asymmetric import rsa, ec +from const import DEFAULT_RETRIES, DEFAULT_DKEK_SHARES, DEFAULT_DKEK + +def test_prepare_dkek(device): + device.initialize(retries=DEFAULT_RETRIES, dkek_shares=DEFAULT_DKEK_SHARES) + resp = device.import_dkek(DEFAULT_DKEK) + resp = device.import_dkek(DEFAULT_DKEK) + kcv = hashlib.sha256(b'\x00'*32).digest()[:8] + assert(bytes(resp[2:]) == kcv) + +@pytest.mark.parametrize( + "curve", [ec.SECP192R1, ec.SECP256R1, ec.SECP384R1, ec.SECP521R1, ec.SECP256K1, ec.BrainpoolP256R1, ec.BrainpoolP384R1, ec.BrainpoolP512R1] +) +def test_exchange_ecc(device, curve): + pkeyA = ec.generate_private_key(curve()) + pbkeyA = pkeyA.public_key() + keyid = device.import_key(pkeyA) + pkeyB = ec.generate_private_key(curve()) + pbkeyB = pkeyB.public_key() + + sharedB = pkeyB.exchange(ec.ECDH(), pbkeyA) + sharedA = device.exchange(keyid, pbkeyB) + + assert(bytes(sharedA) == sharedB) + + sharedAA = pkeyA.exchange(ec.ECDH(), pbkeyB) + assert(bytes(sharedA) == sharedAA) + + device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid) + device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX.value << 8 | keyid) diff --git a/tests/utils.py b/tests/utils.py index e5935b9..d59505c 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -101,6 +101,7 @@ class Algorithm(Enum): ALGO_EC_SHA256 = 0x73 ALGO_EC_SHA384 = 0x74 ALGO_EC_SHA512 = 0x75 + ALGO_EC_DH = 0x80 ALGO_RSA_RAW = 0x20 ALGO_RSA_DECRYPT = 0x21