Merge "Add common crypto utilties"

2 files changed, 186 insertions, 0 deletions

diff --git a/tests/unit/crypto/__init__.py b/tests/unit/crypto/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/unit/crypto/__init__.py
diff --git a/tests/unit/crypto/test_utils.py b/tests/unit/crypto/test_utils.py
new file mode 100644
index 0000000..3a39100
--- /dev/null
+++ b/tests/unit/crypto/test_utils.py
@@ -0,0 +1,186 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2013 Red Hat, Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+"""
+Unit Tests for crypto utils.
+"""
+
+from openstack.common.crypto import utils as cryptoutils
+from tests import utils as test_utils
+
+
+class CryptoUtilsTestCase(test_utils.BaseTestCase):
+
+    # Uses Tests from RFC5869
+    def _test_HKDF(self, ikm, prk, okm, length,
+                   salt=None, info='', hashtype='SHA256'):
+        hkdf = cryptoutils.HKDF(hashtype=hashtype)
+
+        tprk = hkdf.extract(ikm, salt=salt)
+        self.assertEqual(prk, tprk)
+
+        tokm = hkdf.expand(prk, info, length)
+        self.assertEqual(okm, tokm)
+
+    def test_HKDF_1(self):
+        ikm = '\x0b' * 22
+        salt = ''.join(map(lambda x: chr(x), range(0x00, 0x0d)))
+        info = ''.join(map(lambda x: chr(x), range(0xf0, 0xfa)))
+        length = 42
+
+        prk = ('\x07\x77\x09\x36\x2c\x2e\x32\xdf\x0d\xdc\x3f\x0d\xc4\x7b'
+               '\xba\x63\x90\xb6\xc7\x3b\xb5\x0f\x9c\x31\x22\xec\x84\x4a'
+               '\xd7\xc2\xb3\xe5')
+
+        okm = ('\x3c\xb2\x5f\x25\xfa\xac\xd5\x7a\x90\x43\x4f\x64\xd0\x36'
+               '\x2f\x2a\x2d\x2d\x0a\x90\xcf\x1a\x5a\x4c\x5d\xb0\x2d\x56'
+               '\xec\xc4\xc5\xbf\x34\x00\x72\x08\xd5\xb8\x87\x18\x58\x65')
+
+        self._test_HKDF(ikm, prk, okm, length, salt, info)
+
+    def test_HKDF_2(self):
+        ikm = ''.join(map(lambda x: chr(x), range(0x00, 0x50)))
+        salt = ''.join(map(lambda x: chr(x), range(0x60, 0xb0)))
+        info = ''.join(map(lambda x: chr(x), range(0xb0, 0x100)))
+        length = 82
+
+        prk = ('\x06\xa6\xb8\x8c\x58\x53\x36\x1a\x06\x10\x4c\x9c\xeb\x35'
+               '\xb4\x5c\xef\x76\x00\x14\x90\x46\x71\x01\x4a\x19\x3f\x40'
+               '\xc1\x5f\xc2\x44')
+
+        okm = ('\xb1\x1e\x39\x8d\xc8\x03\x27\xa1\xc8\xe7\xf7\x8c\x59\x6a'
+               '\x49\x34\x4f\x01\x2e\xda\x2d\x4e\xfa\xd8\xa0\x50\xcc\x4c'
+               '\x19\xaf\xa9\x7c\x59\x04\x5a\x99\xca\xc7\x82\x72\x71\xcb'
+               '\x41\xc6\x5e\x59\x0e\x09\xda\x32\x75\x60\x0c\x2f\x09\xb8'
+               '\x36\x77\x93\xa9\xac\xa3\xdb\x71\xcc\x30\xc5\x81\x79\xec'
+               '\x3e\x87\xc1\x4c\x01\xd5\xc1\xf3\x43\x4f\x1d\x87')
+
+        self._test_HKDF(ikm, prk, okm, length, salt, info)
+
+    def test_HKDF_3(self):
+        ikm = '\x0b' * 22
+        length = 42
+
+        prk = ('\x19\xef\x24\xa3\x2c\x71\x7b\x16\x7f\x33\xa9\x1d\x6f\x64'
+               '\x8b\xdf\x96\x59\x67\x76\xaf\xdb\x63\x77\xac\x43\x4c\x1c'
+               '\x29\x3c\xcb\x04')
+
+        okm = ('\x8d\xa4\xe7\x75\xa5\x63\xc1\x8f\x71\x5f\x80\x2a\x06\x3c'
+               '\x5a\x31\xb8\xa1\x1f\x5c\x5e\xe1\x87\x9e\xc3\x45\x4e\x5f'
+               '\x3c\x73\x8d\x2d\x9d\x20\x13\x95\xfa\xa4\xb6\x1a\x96\xc8')
+
+        self._test_HKDF(ikm, prk, okm, length)
+
+    def test_HKDF_4(self):
+        ikm = '\x0b' * 11
+        salt = ''.join(map(lambda x: chr(x), range(0x00, 0x0d)))
+        info = ''.join(map(lambda x: chr(x), range(0xf0, 0xfa)))
+        length = 42
+
+        prk = ('\x9b\x6c\x18\xc4\x32\xa7\xbf\x8f\x0e\x71\xc8\xeb\x88\xf4'
+               '\xb3\x0b\xaa\x2b\xa2\x43')
+
+        okm = ('\x08\x5a\x01\xea\x1b\x10\xf3\x69\x33\x06\x8b\x56\xef\xa5'
+               '\xad\x81\xa4\xf1\x4b\x82\x2f\x5b\x09\x15\x68\xa9\xcd\xd4'
+               '\xf1\x55\xfd\xa2\xc2\x2e\x42\x24\x78\xd3\x05\xf3\xf8\x96')
+
+        self._test_HKDF(ikm, prk, okm, length, salt, info, hashtype='SHA')
+
+    def test_HKDF_5(self):
+        ikm = ''.join(map(lambda x: chr(x), range(0x00, 0x50)))
+        salt = ''.join(map(lambda x: chr(x), range(0x60, 0xb0)))
+        info = ''.join(map(lambda x: chr(x), range(0xb0, 0x100)))
+        length = 82
+
+        prk = ('\x8a\xda\xe0\x9a\x2a\x30\x70\x59\x47\x8d\x30\x9b\x26\xc4'
+               '\x11\x5a\x22\x4c\xfa\xf6')
+
+        okm = ('\x0b\xd7\x70\xa7\x4d\x11\x60\xf7\xc9\xf1\x2c\xd5\x91\x2a'
+               '\x06\xeb\xff\x6a\xdc\xae\x89\x9d\x92\x19\x1f\xe4\x30\x56'
+               '\x73\xba\x2f\xfe\x8f\xa3\xf1\xa4\xe5\xad\x79\xf3\xf3\x34'
+               '\xb3\xb2\x02\xb2\x17\x3c\x48\x6e\xa3\x7c\xe3\xd3\x97\xed'
+               '\x03\x4c\x7f\x9d\xfe\xb1\x5c\x5e\x92\x73\x36\xd0\x44\x1f'
+               '\x4c\x43\x00\xe2\xcf\xf0\xd0\x90\x0b\x52\xd3\xb4')
+
+        self._test_HKDF(ikm, prk, okm, length, salt, info, hashtype='SHA')
+
+    def test_HKDF_6(self):
+        ikm = '\x0b' * 22
+        length = 42
+
+        prk = ('\xda\x8c\x8a\x73\xc7\xfa\x77\x28\x8e\xc6\xf5\xe7\xc2\x97'
+               '\x78\x6a\xa0\xd3\x2d\x01')
+
+        okm = ('\x0a\xc1\xaf\x70\x02\xb3\xd7\x61\xd1\xe5\x52\x98\xda\x9d'
+               '\x05\x06\xb9\xae\x52\x05\x72\x20\xa3\x06\xe0\x7b\x6b\x87'
+               '\xe8\xdf\x21\xd0\xea\x00\x03\x3d\xe0\x39\x84\xd3\x49\x18')
+
+        self._test_HKDF(ikm, prk, okm, length, hashtype='SHA')
+
+    def test_HKDF_7(self):
+        ikm = '\x0c' * 22
+        length = 42
+
+        prk = ('\x2a\xdc\xca\xda\x18\x77\x9e\x7c\x20\x77\xad\x2e\xb1\x9d'
+               '\x3f\x3e\x73\x13\x85\xdd')
+
+        okm = ('\x2c\x91\x11\x72\x04\xd7\x45\xf3\x50\x0d\x63\x6a\x62\xf6'
+               '\x4f\x0a\xb3\xba\xe5\x48\xaa\x53\xd4\x23\xb0\xd1\xf2\x7e'
+               '\xbb\xa6\xf5\xe5\x67\x3a\x08\x1d\x70\xcc\xe7\xac\xfc\x48')
+
+        self._test_HKDF(ikm, prk, okm, length, hashtype='SHA')
+
+    def test_HKDF_8(self):
+        ikm = '\x0b' * 22
+        prk = ('\x19\xef\x24\xa3\x2c\x71\x7b\x16\x7f\x33\xa9\x1d\x6f\x64'
+               '\x8b\xdf\x96\x59\x67\x76\xaf\xdb\x63\x77\xac\x43\x4c\x1c'
+               '\x29\x3c\xcb\x04')
+
+        # Just testing HKDFOutputLengthTooLong is returned
+        try:
+            self._test_HKDF(ikm, prk, None, 1000000)
+        except cryptoutils.HKDFOutputLengthTooLong:
+            pass
+
+    def test_SymmetricCrypto_encrypt_string(self):
+        msg = 'Plain Text'
+
+        skc = cryptoutils.SymmetricCrypto()
+        key = skc.new_key(16)
+        cipher = skc.encrypt(key, msg)
+        plain = skc.decrypt(key, cipher)
+        self.assertEqual(msg, plain)
+
+    def test_SymmetricCrypto_encrypt_blocks(self):
+        cb = 16
+        et = 'AES'
+
+        skc = cryptoutils.SymmetricCrypto(enctype=et)
+        key = skc.new_key(16)
+        msg = skc.new_key(cb * 2)
+
+        for i in range(0, cb * 2):
+            cipher = skc.encrypt(key, msg[0:i], b64encode=False)
+            plain = skc.decrypt(key, cipher, b64decode=False)
+            self.assertEqual(msg[0:i], plain)
+
+    def test_SymmetricCrypto_signing(self):
+        msg = 'Authenticated Message'
+        signature = 'KWjl6i30RMjc5PjnaccRwTPKTRCWM6sPpmGS2bxm5fQ='
+        skey = 'L\xdd0\xf3\xb4\xc6\xe2p\xef\xc7\xbd\xaa\xc9eNC'
+
+        skc = cryptoutils.SymmetricCrypto()
+        validate = skc.sign(skey, msg)
+        self.assertEqual(signature, validate)