mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-01-17 09:28:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Added delete XKEK tests.

Browse source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2023-03-09 18:28:31 +01:00
parent 4d569df108
commit 63c465138b
No known key found for this signature in database
GPG key ID: C0095B7870A4CCD3
2 changed files with 28 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
tests/conftest.py
View file

@ -310,8 +310,8 @@ class Device:
resp = self.send(command=0x62, p1=keyid, p2=p2, data=list(data)) resp = self.send(command=0x62, p1=keyid, p2=p2, data=list(data))
return bytes(resp) return bytes(resp)
def import_dkek(self, dkek): def import_dkek(self, dkek, key_domain=0):
resp = self.send(cla=0x80, command=0x52, p1=0x0, p2=0x0, data=dkek) resp = self.send(cla=0x80, command=0x52, p1=0x0, p2=key_domain, data=dkek)
return resp return resp
def import_key(self, pkey, dkek=None, purposes=None): def import_key(self, pkey, dkek=None, purposes=None):
@ -612,6 +612,8 @@ class Device:
def derive_xkek(self, keyid, cert): def derive_xkek(self, keyid, cert):
self.send(cla=0x80, command=0x62, p1=keyid, p2=Algorithm.ALGO_EC_ECDH_XKEK.value, data=cert) self.send(cla=0x80, command=0x62, p1=keyid, p2=Algorithm.ALGO_EC_ECDH_XKEK.value, data=cert)
def delete_xkek(self, key_domain=0):
self.send(cla=0x80, command=0x52, p1=0x04, p2=key_domain)
@pytest.fixture(scope="session") @pytest.fixture(scope="session")
def device(): def device():

24
tests/pico-hsm/test_090_xkek.py
View file

@ -48,7 +48,9 @@ def test_create_xkek(device):
pub = ec.EllipticCurvePublicKey.from_encoded_point(ec.BrainpoolP256R1(), bytes(gskQ)) pub = ec.EllipticCurvePublicKey.from_encoded_point(ec.BrainpoolP256R1(), bytes(gskQ))
assert(bytes(did) == int_to_bytes(pub.public_numbers().x)+int_to_bytes(pub.public_numbers().y)) assert(bytes(did) == int_to_bytes(pub.public_numbers().x)+int_to_bytes(pub.public_numbers().y))
keyid = -1
def test_derive_xkek(device): def test_derive_xkek(device):
global keyid
keyid = device.generate_xkek_key() keyid = device.generate_xkek_key()
resp = device.list_keys() resp = device.list_keys()
@ -71,5 +73,27 @@ def test_derive_xkek(device):
resp = device.get_key_domain() resp = device.get_key_domain()
assert(bytes(resp['kcv']) != b'\x00'*8) assert(bytes(resp['kcv']) != b'\x00'*8)
def test_delete_xkek(device):
device.delete_xkek()
resp = device.get_key_domain()
assert(bytes(resp['kcv']) == b'\x00'*8)
def test_delete_domain_with_key(device):
with pytest.raises(APDUResponse) as e:
device.delete_key_domain()
assert(e.value.sw == SWCodes.SW_FILE_EXISTS.value)
device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid) device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX.value << 8 | keyid) device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX.value << 8 | keyid)
def test_delete_domain(device):
device.delete_key_domain()
resp = device.get_key_domain()
assert('kcv' not in resp)
assert('xkek' not in resp)
assert('error' in resp)
assert(resp['error'] == SWCodes.SW_REFERENCE_NOT_FOUND.value)