diff --git a/tests/memory.tar.gz b/tests/memory.tar.gz index 34c2da2..3be4de7 100644 Binary files a/tests/memory.tar.gz and b/tests/memory.tar.gz differ diff --git a/tests/pico-hsm/test_000_info.py b/tests/pico-hsm/test_000_info.py index 3e885b5..cf2c9e7 100644 --- a/tests/pico-hsm/test_000_info.py +++ b/tests/pico-hsm/test_000_info.py @@ -23,15 +23,15 @@ def test_select(device): device.select_applet() def test_initialization(device): - device.initialize(no_dev_cert=True) + device.initialize() def test_termca(device): data = device.get_termca() - assert(b'ESPICOHSMTR' == data['cv']['chr'][:11]) - assert(b'ESPICOHSMDV' == data['cv']['car'][:11] or b'ESPICOHSMTR' == data['cv']['car'][:11]) + assert(b'ESPICOHSMTR' == data['dev']['chr'][:11]) + assert(b'ESPICOHSMDV' == data['dev']['car'][:11] or b'ESPICOHSMTR' == data['dev']['car'][:11]) assert(b'ESPICOHSMDV' == data['dv']['chr'][:11] or b'ESPICOHSMTR' == data['dv']['chr'][:11]) assert(b'ESPICOHSMCA' == data['dv']['car'][:11] or b'ESPICOHSMTR' == data['dv']['car'][:11]) - assert(data['cv']['car'] == data['dv']['chr']) + assert(data['dev']['car'] == data['dv']['chr']) def test_get_version(device): version = device.get_version() diff --git a/tests/pico-hsm/test_004_key_domains.py b/tests/pico-hsm/test_004_key_domains.py index 6330c42..7800e83 100644 --- a/tests/pico-hsm/test_004_key_domains.py +++ b/tests/pico-hsm/test_004_key_domains.py @@ -27,7 +27,7 @@ KEY_DOMAINS = 3 TEST_KEY_DOMAIN = 1 def test_key_domains(device): - device.initialize(key_domains=KEY_DOMAINS, no_dev_cert=True) + device.initialize(key_domains=KEY_DOMAINS) for k in range(KEY_DOMAINS): kd = device.get_key_domain(key_domain=k) assert('error' in kd) diff --git a/tests/pico-hsm/test_005_dkek.py b/tests/pico-hsm/test_005_dkek.py index ee10dac..fb7f72e 100644 --- a/tests/pico-hsm/test_005_dkek.py +++ b/tests/pico-hsm/test_005_dkek.py @@ -23,7 +23,7 @@ from picohsm.const import DEFAULT_DKEK_SHARES, DEFAULT_PIN, DEFAULT_RETRIES from const import DEFAULT_DKEK def test_dkek(device): - device.initialize(retries=DEFAULT_RETRIES, dkek_shares=DEFAULT_DKEK_SHARES, no_dev_cert=True) + device.initialize(retries=DEFAULT_RETRIES, dkek_shares=DEFAULT_DKEK_SHARES) device.login(DEFAULT_PIN) resp = device.import_dkek(DEFAULT_DKEK) assert('dkek' in resp) diff --git a/tests/pico-hsm/test_010_pin.py b/tests/pico-hsm/test_010_pin.py index 7c7d0e5..4bf8b0e 100644 --- a/tests/pico-hsm/test_010_pin.py +++ b/tests/pico-hsm/test_010_pin.py @@ -24,16 +24,17 @@ from picohsm.const import DEFAULT_PIN, DEFAULT_RETRIES WRONG_PIN = '112233' def test_pin_init_retries(device): - device.initialize(retries=DEFAULT_RETRIES, no_dev_cert=True) + device.initialize(retries=DEFAULT_RETRIES) + device.logout() retries = device.get_login_retries() assert(retries == DEFAULT_RETRIES) def test_pin_login(device): - device.initialize(retries=DEFAULT_RETRIES, no_dev_cert=True) + device.initialize(retries=DEFAULT_RETRIES) device.login(DEFAULT_PIN) def test_pin_retries(device): - device.initialize(retries=DEFAULT_RETRIES, no_dev_cert=True) + device.initialize(retries=DEFAULT_RETRIES) device.login(DEFAULT_PIN) for ret in range(DEFAULT_RETRIES-1): @@ -45,7 +46,8 @@ def test_pin_retries(device): device.login(WRONG_PIN) assert(e.value.sw == SWCodes.SW_PIN_BLOCKED) - device.initialize(retries=DEFAULT_RETRIES, no_dev_cert=True) + device.initialize(retries=DEFAULT_RETRIES) + device.logout() retries = device.get_login_retries() assert(retries == DEFAULT_RETRIES) diff --git a/tests/pico-hsm/test_020_keypair_gen.py b/tests/pico-hsm/test_020_keypair_gen.py index 5c91f36..d8edb73 100644 --- a/tests/pico-hsm/test_020_keypair_gen.py +++ b/tests/pico-hsm/test_020_keypair_gen.py @@ -21,7 +21,7 @@ import pytest from picohsm import KeyType, DOPrefixes def test_gen_initialize(device): - device.initialize(no_dev_cert=True) + device.initialize() @pytest.mark.parametrize( "curve", ['secp192r1', 'secp256r1', 'secp384r1', 'secp521r1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1', 'secp192k1', 'secp256k1', 'curve25519', 'curve448', 'ed25519', 'ed448'] diff --git a/tests/pico-hsm/test_021_key_import.py b/tests/pico-hsm/test_021_key_import.py index 4666f7c..34d47f7 100644 --- a/tests/pico-hsm/test_021_key_import.py +++ b/tests/pico-hsm/test_021_key_import.py @@ -27,7 +27,7 @@ from picohsm.const import DEFAULT_RETRIES, DEFAULT_DKEK_SHARES from const import DEFAULT_DKEK def test_prepare_dkek(device): - device.initialize(retries=DEFAULT_RETRIES, dkek_shares=DEFAULT_DKEK_SHARES, no_dev_cert=True) + device.initialize(retries=DEFAULT_RETRIES, dkek_shares=DEFAULT_DKEK_SHARES) resp = device.import_dkek(DEFAULT_DKEK) resp = device.import_dkek(DEFAULT_DKEK) kcv = hashlib.sha256(b'\x00'*32).digest()[:8] diff --git a/tests/pico-hsm/test_022_key_exchange.py b/tests/pico-hsm/test_022_key_exchange.py index 2e536bc..f579732 100644 --- a/tests/pico-hsm/test_022_key_exchange.py +++ b/tests/pico-hsm/test_022_key_exchange.py @@ -25,7 +25,7 @@ from picohsm.const import DEFAULT_RETRIES, DEFAULT_DKEK_SHARES from const import DEFAULT_DKEK def test_prepare_dkek(device): - device.initialize(retries=DEFAULT_RETRIES, dkek_shares=DEFAULT_DKEK_SHARES, no_dev_cert=True) + device.initialize(retries=DEFAULT_RETRIES, dkek_shares=DEFAULT_DKEK_SHARES) resp = device.import_dkek(DEFAULT_DKEK) resp = device.import_dkek(DEFAULT_DKEK) kcv = hashlib.sha256(b'\x00'*32).digest()[:8] diff --git a/tests/pico-hsm/test_025_key_export.py b/tests/pico-hsm/test_025_key_export.py index 29babf8..8a2bb2e 100644 --- a/tests/pico-hsm/test_025_key_export.py +++ b/tests/pico-hsm/test_025_key_export.py @@ -29,7 +29,7 @@ from cryptography.hazmat.primitives.asymmetric import ec from cryptography.hazmat.primitives import serialization def test_initialize(device): - device.initialize(key_domains=1, no_dev_cert=True) + device.initialize(key_domains=1) assert(device.get_key_domains() == 1) device.set_key_domain(key_domain=0, total=2) diff --git a/tests/pico-hsm/test_050_cipher.py b/tests/pico-hsm/test_050_cipher.py index f64562f..523b333 100644 --- a/tests/pico-hsm/test_050_cipher.py +++ b/tests/pico-hsm/test_050_cipher.py @@ -27,7 +27,7 @@ from const import DEFAULT_DKEK MESSAGE = b'a secret message' def test_prepare_aes(device): - device.initialize(dkek_shares=DEFAULT_DKEK_SHARES, no_dev_cert=True) + device.initialize(dkek_shares=DEFAULT_DKEK_SHARES) resp = device.import_dkek(DEFAULT_DKEK) resp = device.import_dkek(DEFAULT_DKEK) diff --git a/tests/pico-hsm/test_051_chachapoly.py b/tests/pico-hsm/test_051_chachapoly.py index 1794a1d..521d710 100644 --- a/tests/pico-hsm/test_051_chachapoly.py +++ b/tests/pico-hsm/test_051_chachapoly.py @@ -31,7 +31,7 @@ MESSAGE = b'a secret message' AAD = b'this is a tag for AAD' def test_prepare_chachapoly(device): - device.initialize(dkek_shares=DEFAULT_DKEK_SHARES, no_dev_cert=True) + device.initialize(dkek_shares=DEFAULT_DKEK_SHARES) resp = device.import_dkek(DEFAULT_DKEK) resp = device.import_dkek(DEFAULT_DKEK) diff --git a/tests/pico-hsm/test_052_aes_ext.py b/tests/pico-hsm/test_052_aes_ext.py index 3566081..8d09bfe 100644 --- a/tests/pico-hsm/test_052_aes_ext.py +++ b/tests/pico-hsm/test_052_aes_ext.py @@ -29,7 +29,7 @@ MESSAGE = b'a secret message' AAD = b'this is a tag for AAD' def test_prepare_aes(device): - device.initialize(dkek_shares=DEFAULT_DKEK_SHARES, no_dev_cert=True) + device.initialize(dkek_shares=DEFAULT_DKEK_SHARES) resp = device.import_dkek(DEFAULT_DKEK) resp = device.import_dkek(DEFAULT_DKEK) diff --git a/tests/pico-hsm/test_060_mac.py b/tests/pico-hsm/test_060_mac.py index 3c37d53..bdf7a38 100644 --- a/tests/pico-hsm/test_060_mac.py +++ b/tests/pico-hsm/test_060_mac.py @@ -28,7 +28,7 @@ from const import DEFAULT_DKEK MESSAGE = b'a secret message' def test_prepare_aes(device): - device.initialize(dkek_shares=DEFAULT_DKEK_SHARES, no_dev_cert=True) + device.initialize(dkek_shares=DEFAULT_DKEK_SHARES) resp = device.import_dkek(DEFAULT_DKEK) resp = device.import_dkek(DEFAULT_DKEK) diff --git a/tests/pico-hsm/test_070_hkdf.py b/tests/pico-hsm/test_070_hkdf.py index b3ed469..62e3983 100644 --- a/tests/pico-hsm/test_070_hkdf.py +++ b/tests/pico-hsm/test_070_hkdf.py @@ -29,7 +29,7 @@ from picohsm import DOPrefixes INFO = b'info message' def test_prepare_kd(device): - device.initialize(dkek_shares=DEFAULT_DKEK_SHARES, no_dev_cert=True) + device.initialize(dkek_shares=DEFAULT_DKEK_SHARES) resp = device.import_dkek(DEFAULT_DKEK) resp = device.import_dkek(DEFAULT_DKEK) diff --git a/tests/pico-hsm/test_071_pbkdf2.py b/tests/pico-hsm/test_071_pbkdf2.py index a499522..ad9c090 100644 --- a/tests/pico-hsm/test_071_pbkdf2.py +++ b/tests/pico-hsm/test_071_pbkdf2.py @@ -29,7 +29,7 @@ from picohsm import DOPrefixes INFO = b'info message' def test_prepare_kd(device): - device.initialize(dkek_shares=DEFAULT_DKEK_SHARES, no_dev_cert=True) + device.initialize(dkek_shares=DEFAULT_DKEK_SHARES) resp = device.import_dkek(DEFAULT_DKEK) resp = device.import_dkek(DEFAULT_DKEK) diff --git a/tests/pico-hsm/test_072_x963.py b/tests/pico-hsm/test_072_x963.py index eb14b93..29f313f 100644 --- a/tests/pico-hsm/test_072_x963.py +++ b/tests/pico-hsm/test_072_x963.py @@ -29,7 +29,7 @@ from picohsm import DOPrefixes INFO = b'shared message' def test_prepare_kd(device): - device.initialize(dkek_shares=DEFAULT_DKEK_SHARES, no_dev_cert=True) + device.initialize(dkek_shares=DEFAULT_DKEK_SHARES) resp = device.import_dkek(DEFAULT_DKEK) resp = device.import_dkek(DEFAULT_DKEK) diff --git a/tests/pico-hsm/test_080_pka.py b/tests/pico-hsm/test_080_pka.py index ed08b08..515dd6d 100644 --- a/tests/pico-hsm/test_080_pka.py +++ b/tests/pico-hsm/test_080_pka.py @@ -34,7 +34,7 @@ AUT_PUK = unhexlify('678201ed7f218201937f4e82014b5f290100421045535049434f48534d5 term_chr = CVC().decode(TERM_CERT).chr() def test_initialize(device): - device.initialize(puk_auts=1, puk_min_auts=1, no_dev_cert=False) + device.initialize(puk_auts=1, puk_min_auts=1) device.logout() def test_register_puk(device): @@ -102,7 +102,7 @@ def test_enumerate_puk_1(device): assert(puks[0]['status'] == 0) def test_enumerate_puk_2(device): - device.initialize(puk_auts=2, puk_min_auts=1, no_dev_cert=True) + device.initialize(puk_auts=2, puk_min_auts=1) puks = device.enumerate_puk() assert(len(puks) == 2) assert(puks[0]['status'] == -1) @@ -115,7 +115,7 @@ def test_enumerate_puk_2(device): assert(puks[1]['status'] == -1) def test_register_more_puks(device): - device.initialize(puk_auts=2, puk_min_auts=1, no_dev_cert=True) + device.initialize(puk_auts=2, puk_min_auts=1) status = device.get_puk_status() assert(status == bytes([2,2,1,0])) @@ -123,14 +123,14 @@ def test_register_more_puks(device): assert(status == bytes([2,1,1,0])) def test_is_pku(device): - device.initialize(puk_auts=1, puk_min_auts=1, no_dev_cert=True) + device.initialize(puk_auts=1, puk_min_auts=1) assert(device.is_puk() == True) - device.initialize(no_dev_cert=True) + device.initialize() assert(device.is_puk() == False) def test_check_puk_key(device): - device.initialize(puk_auts=1, puk_min_auts=1, no_dev_cert=True) + device.initialize(puk_auts=1, puk_min_auts=1) status = device.check_puk_key(term_chr) assert(status == -1) @@ -140,7 +140,7 @@ def test_check_puk_key(device): def test_register_puk_with_no_puk(device): - device.initialize(no_dev_cert=True) + device.initialize() with pytest.raises(APDUResponse) as e: device.register_puk(AUT_PUK, TERM_CERT, DICA_CERT) assert(e.value.sw == SWCodes.SW_FILE_NOT_FOUND) diff --git a/tests/pico-hsm/test_090_xkek.py b/tests/pico-hsm/test_090_xkek.py index 2dcdcbf..3d5fa3f 100644 --- a/tests/pico-hsm/test_090_xkek.py +++ b/tests/pico-hsm/test_090_xkek.py @@ -31,14 +31,10 @@ from picokey import APDUResponse, SWCodes KDM = unhexlify(b'30820420060b2b0601040181c31f0402016181ed7f2181e97f4e81a25f290100421045535049434f48534d434130303030327f494f060a04007f00070202020203864104e66b473ec328caf39eaed840f9c7a4ba237e1dd19004861fa3f4f134bd2d5ea5f71c6c2e6321add4c8a7793ba41119c5783f48a5d9dfc0898d9ae9e7b14da8d65f201045535049434f48534d445630303030327f4c12060904007f000703010202530580000000045f25060205000400065f24060206000400065f3740a645594c6c338cd6bda6cad039cee54fd822b1011c0af1e4e3a2a6d03d43bdbb8be68a66a8757e7b1f963589bdd80d8e65de5055b722609041ec63f0498ddc8b6281e97f2181e57f4e819e5f290100421045535049434f48534d445630303030327f494f060a04007f000702020202038641043359f5234ce62e0eb80460046d8fd1aae018cc8b9e687b40aa2c047e352409b45153d1ad888e4e7e780a3b1fa8c69ca8998bd271c8849137149142e96816a5a45f201045535049434f48534d54524a5a58314a7f4c0e060904007f0007030102025301005f25060205010102085f24060206010102085f37409add1c1c8a05e7bc56a8bd846c9122d9214cc43c86b6952a961dce525d830a58130cbb275e9408af38dc16160f958d2b9ac6ac4f0f1b9b863284f00121d447ce638201f1678201ed7f218201937f4e82014b5f290100421045535049434f48534d54524a5a58314a7f4982011d060a04007f000702020202038120a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e537782207d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9832026dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b68441048bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f0469978520a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a78641049de55b50b921de72bbf740d3518905ff893e8208cfe8d144de34d79da3645d1c0cb551a19d6e6a5fee050e479a65d36fdf638af741e52dad4df9960b8ed443d18701015f201045535049434f48534d54524a5a58314a5f374099dede270b9a2def89a4d12dc0314e6289bd565808683f362e9f9ac9554ec5113bf7e412ecc386af12d2a9b43f27e54e10dfc6d8f2d6b618b1776459c13c0bec421045535049434f48534d54524a5a58314a5f3740459f6385f28a84f1c57f421a7f6cb4f1177084497321be94c87998c2e01af0202bab6984411cde1aab34e4e59cc27961b85855bae6340305281ff838253b0f3554404b6a2fe6947faa91f6ffa0d707cd4cbb43192935f561be137f4b3680304fc28b41210b671b8b033e06b4ad720010bcd36b92282844616261f944f3c4f67bfda5') def test_initialize(device): - device.initialize(key_domains=1, no_dev_cert=True) + device.initialize(key_domains=1) device.logout() def test_create_xkek(device): - with pytest.raises(APDUResponse) as e: - device.create_xkek(KDM) - assert(e.value.sw == SWCodes.SW_CONDITIONS_NOT_SATISFIED) - device.login() kcv, did = device.create_xkek(KDM) assert(kcv == b'\x00'*8) diff --git a/tests/pico-hsm/test_095_bip_slip.py b/tests/pico-hsm/test_095_bip_slip.py index 0abfa83..c49a46f 100644 --- a/tests/pico-hsm/test_095_bip_slip.py +++ b/tests/pico-hsm/test_095_bip_slip.py @@ -37,7 +37,7 @@ def sha256_sha256(data): return hashlib.sha256(hashlib.sha256(data).digest()).digest() def test_initialize(device): - device.initialize(dkek_shares=DEFAULT_DKEK_SHARES, no_dev_cert=True) + device.initialize(dkek_shares=DEFAULT_DKEK_SHARES) resp = device.import_dkek(DEFAULT_DKEK) resp = device.import_dkek(DEFAULT_DKEK)