diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/unit/crypto/__init__.py | 0 | ||||
-rw-r--r-- | tests/unit/crypto/test_utils.py | 186 |
2 files changed, 186 insertions, 0 deletions
diff --git a/tests/unit/crypto/__init__.py b/tests/unit/crypto/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/unit/crypto/__init__.py diff --git a/tests/unit/crypto/test_utils.py b/tests/unit/crypto/test_utils.py new file mode 100644 index 0000000..3a39100 --- /dev/null +++ b/tests/unit/crypto/test_utils.py @@ -0,0 +1,186 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2013 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +""" +Unit Tests for crypto utils. +""" + +from openstack.common.crypto import utils as cryptoutils +from tests import utils as test_utils + + +class CryptoUtilsTestCase(test_utils.BaseTestCase): + + # Uses Tests from RFC5869 + def _test_HKDF(self, ikm, prk, okm, length, + salt=None, info='', hashtype='SHA256'): + hkdf = cryptoutils.HKDF(hashtype=hashtype) + + tprk = hkdf.extract(ikm, salt=salt) + self.assertEqual(prk, tprk) + + tokm = hkdf.expand(prk, info, length) + self.assertEqual(okm, tokm) + + def test_HKDF_1(self): + ikm = '\x0b' * 22 + salt = ''.join(map(lambda x: chr(x), range(0x00, 0x0d))) + info = ''.join(map(lambda x: chr(x), range(0xf0, 0xfa))) + length = 42 + + prk = ('\x07\x77\x09\x36\x2c\x2e\x32\xdf\x0d\xdc\x3f\x0d\xc4\x7b' + '\xba\x63\x90\xb6\xc7\x3b\xb5\x0f\x9c\x31\x22\xec\x84\x4a' + '\xd7\xc2\xb3\xe5') + + okm = ('\x3c\xb2\x5f\x25\xfa\xac\xd5\x7a\x90\x43\x4f\x64\xd0\x36' + '\x2f\x2a\x2d\x2d\x0a\x90\xcf\x1a\x5a\x4c\x5d\xb0\x2d\x56' + '\xec\xc4\xc5\xbf\x34\x00\x72\x08\xd5\xb8\x87\x18\x58\x65') + + self._test_HKDF(ikm, prk, okm, length, salt, info) + + def test_HKDF_2(self): + ikm = ''.join(map(lambda x: chr(x), range(0x00, 0x50))) + salt = ''.join(map(lambda x: chr(x), range(0x60, 0xb0))) + info = ''.join(map(lambda x: chr(x), range(0xb0, 0x100))) + length = 82 + + prk = ('\x06\xa6\xb8\x8c\x58\x53\x36\x1a\x06\x10\x4c\x9c\xeb\x35' + '\xb4\x5c\xef\x76\x00\x14\x90\x46\x71\x01\x4a\x19\x3f\x40' + '\xc1\x5f\xc2\x44') + + okm = ('\xb1\x1e\x39\x8d\xc8\x03\x27\xa1\xc8\xe7\xf7\x8c\x59\x6a' + '\x49\x34\x4f\x01\x2e\xda\x2d\x4e\xfa\xd8\xa0\x50\xcc\x4c' + '\x19\xaf\xa9\x7c\x59\x04\x5a\x99\xca\xc7\x82\x72\x71\xcb' + '\x41\xc6\x5e\x59\x0e\x09\xda\x32\x75\x60\x0c\x2f\x09\xb8' + '\x36\x77\x93\xa9\xac\xa3\xdb\x71\xcc\x30\xc5\x81\x79\xec' + '\x3e\x87\xc1\x4c\x01\xd5\xc1\xf3\x43\x4f\x1d\x87') + + self._test_HKDF(ikm, prk, okm, length, salt, info) + + def test_HKDF_3(self): + ikm = '\x0b' * 22 + length = 42 + + prk = ('\x19\xef\x24\xa3\x2c\x71\x7b\x16\x7f\x33\xa9\x1d\x6f\x64' + '\x8b\xdf\x96\x59\x67\x76\xaf\xdb\x63\x77\xac\x43\x4c\x1c' + '\x29\x3c\xcb\x04') + + okm = ('\x8d\xa4\xe7\x75\xa5\x63\xc1\x8f\x71\x5f\x80\x2a\x06\x3c' + '\x5a\x31\xb8\xa1\x1f\x5c\x5e\xe1\x87\x9e\xc3\x45\x4e\x5f' + '\x3c\x73\x8d\x2d\x9d\x20\x13\x95\xfa\xa4\xb6\x1a\x96\xc8') + + self._test_HKDF(ikm, prk, okm, length) + + def test_HKDF_4(self): + ikm = '\x0b' * 11 + salt = ''.join(map(lambda x: chr(x), range(0x00, 0x0d))) + info = ''.join(map(lambda x: chr(x), range(0xf0, 0xfa))) + length = 42 + + prk = ('\x9b\x6c\x18\xc4\x32\xa7\xbf\x8f\x0e\x71\xc8\xeb\x88\xf4' + '\xb3\x0b\xaa\x2b\xa2\x43') + + okm = ('\x08\x5a\x01\xea\x1b\x10\xf3\x69\x33\x06\x8b\x56\xef\xa5' + '\xad\x81\xa4\xf1\x4b\x82\x2f\x5b\x09\x15\x68\xa9\xcd\xd4' + '\xf1\x55\xfd\xa2\xc2\x2e\x42\x24\x78\xd3\x05\xf3\xf8\x96') + + self._test_HKDF(ikm, prk, okm, length, salt, info, hashtype='SHA') + + def test_HKDF_5(self): + ikm = ''.join(map(lambda x: chr(x), range(0x00, 0x50))) + salt = ''.join(map(lambda x: chr(x), range(0x60, 0xb0))) + info = ''.join(map(lambda x: chr(x), range(0xb0, 0x100))) + length = 82 + + prk = ('\x8a\xda\xe0\x9a\x2a\x30\x70\x59\x47\x8d\x30\x9b\x26\xc4' + '\x11\x5a\x22\x4c\xfa\xf6') + + okm = ('\x0b\xd7\x70\xa7\x4d\x11\x60\xf7\xc9\xf1\x2c\xd5\x91\x2a' + '\x06\xeb\xff\x6a\xdc\xae\x89\x9d\x92\x19\x1f\xe4\x30\x56' + '\x73\xba\x2f\xfe\x8f\xa3\xf1\xa4\xe5\xad\x79\xf3\xf3\x34' + '\xb3\xb2\x02\xb2\x17\x3c\x48\x6e\xa3\x7c\xe3\xd3\x97\xed' + '\x03\x4c\x7f\x9d\xfe\xb1\x5c\x5e\x92\x73\x36\xd0\x44\x1f' + '\x4c\x43\x00\xe2\xcf\xf0\xd0\x90\x0b\x52\xd3\xb4') + + self._test_HKDF(ikm, prk, okm, length, salt, info, hashtype='SHA') + + def test_HKDF_6(self): + ikm = '\x0b' * 22 + length = 42 + + prk = ('\xda\x8c\x8a\x73\xc7\xfa\x77\x28\x8e\xc6\xf5\xe7\xc2\x97' + '\x78\x6a\xa0\xd3\x2d\x01') + + okm = ('\x0a\xc1\xaf\x70\x02\xb3\xd7\x61\xd1\xe5\x52\x98\xda\x9d' + '\x05\x06\xb9\xae\x52\x05\x72\x20\xa3\x06\xe0\x7b\x6b\x87' + '\xe8\xdf\x21\xd0\xea\x00\x03\x3d\xe0\x39\x84\xd3\x49\x18') + + self._test_HKDF(ikm, prk, okm, length, hashtype='SHA') + + def test_HKDF_7(self): + ikm = '\x0c' * 22 + length = 42 + + prk = ('\x2a\xdc\xca\xda\x18\x77\x9e\x7c\x20\x77\xad\x2e\xb1\x9d' + '\x3f\x3e\x73\x13\x85\xdd') + + okm = ('\x2c\x91\x11\x72\x04\xd7\x45\xf3\x50\x0d\x63\x6a\x62\xf6' + '\x4f\x0a\xb3\xba\xe5\x48\xaa\x53\xd4\x23\xb0\xd1\xf2\x7e' + '\xbb\xa6\xf5\xe5\x67\x3a\x08\x1d\x70\xcc\xe7\xac\xfc\x48') + + self._test_HKDF(ikm, prk, okm, length, hashtype='SHA') + + def test_HKDF_8(self): + ikm = '\x0b' * 22 + prk = ('\x19\xef\x24\xa3\x2c\x71\x7b\x16\x7f\x33\xa9\x1d\x6f\x64' + '\x8b\xdf\x96\x59\x67\x76\xaf\xdb\x63\x77\xac\x43\x4c\x1c' + '\x29\x3c\xcb\x04') + + # Just testing HKDFOutputLengthTooLong is returned + try: + self._test_HKDF(ikm, prk, None, 1000000) + except cryptoutils.HKDFOutputLengthTooLong: + pass + + def test_SymmetricCrypto_encrypt_string(self): + msg = 'Plain Text' + + skc = cryptoutils.SymmetricCrypto() + key = skc.new_key(16) + cipher = skc.encrypt(key, msg) + plain = skc.decrypt(key, cipher) + self.assertEqual(msg, plain) + + def test_SymmetricCrypto_encrypt_blocks(self): + cb = 16 + et = 'AES' + + skc = cryptoutils.SymmetricCrypto(enctype=et) + key = skc.new_key(16) + msg = skc.new_key(cb * 2) + + for i in range(0, cb * 2): + cipher = skc.encrypt(key, msg[0:i], b64encode=False) + plain = skc.decrypt(key, cipher, b64decode=False) + self.assertEqual(msg[0:i], plain) + + def test_SymmetricCrypto_signing(self): + msg = 'Authenticated Message' + signature = 'KWjl6i30RMjc5PjnaccRwTPKTRCWM6sPpmGS2bxm5fQ=' + skey = 'L\xdd0\xf3\xb4\xc6\xe2p\xef\xc7\xbd\xaa\xc9eNC' + + skc = cryptoutils.SymmetricCrypto() + validate = skc.sign(skey, msg) + self.assertEqual(signature, validate) |