From 4d569df108d561565d47707e459744e6a8bf9b16 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 9 Mar 2023 18:28:08 +0100 Subject: [PATCH] Added dkek import in key domain tests. Signed-off-by: Pol Henarejos --- tests/pico-hsm/test_004_key_domains.py | 51 ++++++++++++++++++++------ 1 file changed, 39 insertions(+), 12 deletions(-) diff --git a/tests/pico-hsm/test_004_key_domains.py b/tests/pico-hsm/test_004_key_domains.py index 555870f..52243ca 100644 --- a/tests/pico-hsm/test_004_key_domains.py +++ b/tests/pico-hsm/test_004_key_domains.py @@ -18,9 +18,12 @@ """ import pytest +import hashlib from const import DEFAULT_DKEK_SHARES, DEFAULT_DKEK +from utils import SWCodes, APDUResponse KEY_DOMAINS = 3 +TEST_KEY_DOMAIN = 1 def test_key_domains(device): device.initialize(key_domains=KEY_DOMAINS) @@ -35,12 +38,12 @@ def test_key_domains(device): assert(device.get_key_domains() == KEY_DOMAINS) def test_set_key_domain(device): - kd = device.get_key_domain(key_domain=0) + kd = device.get_key_domain(key_domain=TEST_KEY_DOMAIN) assert('error' in kd) assert(kd['error'] == 0x6A88) - device.set_key_domain(key_domain=0) - kd = device.get_key_domain(key_domain=0) + device.set_key_domain(key_domain=TEST_KEY_DOMAIN) + kd = device.get_key_domain(key_domain=TEST_KEY_DOMAIN) assert('error' not in kd) assert('dkek' in kd) assert('total' in kd['dkek']) @@ -48,25 +51,49 @@ def test_set_key_domain(device): assert('missing' in kd['dkek']) assert(kd['dkek']['missing'] == DEFAULT_DKEK_SHARES) +def test_import_dkek_wrong_key_domain(device): + with pytest.raises(APDUResponse) as e: + device.import_dkek(DEFAULT_DKEK, key_domain=0) + assert(e.value.sw == SWCodes.SW_COMMAND_NOT_ALLOWED.value) + +def test_import_dkek(device): + resp = device.import_dkek(DEFAULT_DKEK, key_domain=TEST_KEY_DOMAIN) + assert(resp[0] == DEFAULT_DKEK_SHARES) + assert(resp[1] == DEFAULT_DKEK_SHARES-1) + + resp = device.import_dkek(DEFAULT_DKEK, key_domain=TEST_KEY_DOMAIN) + assert(resp[1] == DEFAULT_DKEK_SHARES-2) + + kcv = hashlib.sha256(b'\x00'*32).digest()[:8] + assert(bytes(resp[2:]) == kcv) + def test_clear_key_domain(device): kd = device.get_key_domain(key_domain=0) + assert('error' in kd) + assert(kd['error'] == SWCodes.SW_REFERENCE_NOT_FOUND.value) + + kd = device.get_key_domain(key_domain=TEST_KEY_DOMAIN) assert(kd['dkek']['total'] == DEFAULT_DKEK_SHARES) - device.import_dkek(DEFAULT_DKEK) - kd = device.get_key_domain(key_domain=0) - assert(kd['dkek']['missing'] == DEFAULT_DKEK_SHARES-1) - - device.clear_key_domain(key_domain=0) - kd = device.get_key_domain(key_domain=0) + device.clear_key_domain(key_domain=TEST_KEY_DOMAIN) + kd = device.get_key_domain(key_domain=TEST_KEY_DOMAIN) assert(kd['dkek']['missing'] == DEFAULT_DKEK_SHARES) def test_delete_key_domain(device): assert(device.get_key_domains() == KEY_DOMAINS) - kd = device.get_key_domain(key_domain=0) + kd = device.get_key_domain(key_domain=TEST_KEY_DOMAIN) + assert(kd['dkek']['total'] == DEFAULT_DKEK_SHARES) + with pytest.raises(APDUResponse) as e: + device.delete_key_domain(key_domain=0) + assert(e.value.sw == SWCodes.SW_INCORRECT_P1P2.value) + +def test_delete_key_domain(device): + assert(device.get_key_domains() == KEY_DOMAINS) + kd = device.get_key_domain(key_domain=TEST_KEY_DOMAIN) assert(kd['dkek']['total'] == DEFAULT_DKEK_SHARES) - device.delete_key_domain(key_domain=0) + device.delete_key_domain(key_domain=TEST_KEY_DOMAIN) assert(device.get_key_domains() == KEY_DOMAINS) - kd = device.get_key_domain(key_domain=0) + kd = device.get_key_domain(key_domain=TEST_KEY_DOMAIN) assert('error' in kd) assert(kd['error'] == 0x6A88)