Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add test_keys.py and update keys.py

Browse source
This commit is contained in:
vladdd 2013-10-10 14:01:55 -04:00
parent ae2e7489b1
commit a091b1f84b
3 changed files with 203 additions and 260 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

198
tests/unit/test_keys.py Executable file
View file

@ -0,0 +1,198 @@
"""
<Program Name>
test_keys.py
<Author>
Konstantin Andrianov
<Started>
April 24, 2012.
<Copyright>
See LICENSE for licensing information.
<Purpose>
Test cases for test_keys.py.
<Notes>
I'm using 'global rsakey_dict' - there is no harm in doing so since
in order to modify the global variable in any method, python requires
explicit indication to modify i.e. declaring 'global' in each method
that modifies the global variable 'rsakey_dict'.
"""
import unittest
import logging
import tuf
import tuf.log
import tuf.formats
import tuf.keys
logger = logging.getLogger('tuf.test_keys')
KEYS = tuf.keys
FORMAT_ERROR_MSG = 'tuf.FormatError was raised! Check object\'s format.'
DATA = 'SOME DATA REQUIRING AUTHENTICITY.'
rsakey_dict = KEYS.generate_rsa_key()
temp_key_info_vals = rsakey_dict.values()
temp_key_vals = rsakey_dict['keyval'].values()
class TestKeys(unittest.TestCase):
def setUp(self):
rsakey_dict['keytype']=temp_key_info_vals[0]
rsakey_dict['keyid']=temp_key_info_vals[1]
rsakey_dict['keyval']=temp_key_info_vals[2]
rsakey_dict['keyval']['public']=temp_key_vals[0]
rsakey_dict['keyval']['private']=temp_key_vals[1]
def test_generate_rsa_key(self):
_rsakey_dict = KEYS.generate_rsa_key()
# Check if the format of the object returned by generate() corresponds
# to RSAKEY_SCHEMA format.
self.assertEqual(None, tuf.formats.RSAKEY_SCHEMA.check_match(_rsakey_dict),
FORMAT_ERROR_MSG)
# Passing a bit value that is <2048 to generate() - should raise
# 'tuf.FormatError'.
self.assertRaises(tuf.FormatError, KEYS.generate_rsa_key, 555)
# Passing a string instead of integer for a bit value.
self.assertRaises(tuf.FormatError, KEYS.generate_rsa_key, 'bits')
# NOTE if random bit value >=2048 (not 4096) is passed generate(bits)
# does not raise any errors and returns a valid key.
self.assertTrue(tuf.formats.RSAKEY_SCHEMA.matches(KEYS.generate_rsa_key(2048)))
self.assertTrue(tuf.formats.RSAKEY_SCHEMA.matches(KEYS.generate_rsa_key(4096)))
def test_create_in_metadata_format(self):
keyvalue = rsakey_dict['keyval']
keytype = rsakey_dict['keytype']
key_meta = KEYS.create_in_metadata_format(keytype, keyvalue)
# Check if the format of the object returned by this function corresponds
# to KEY_SCHEMA format.
self.assertEqual(None,
tuf.formats.KEY_SCHEMA.check_match(key_meta),
FORMAT_ERROR_MSG)
key_meta = KEYS.create_in_metadata_format(keytype, keyvalue, private=True)
# Check if the format of the object returned by this function corresponds
# to KEY_SCHEMA format.
self.assertEqual(None, tuf.formats.KEY_SCHEMA.check_match(key_meta),
FORMAT_ERROR_MSG)
# Supplying a 'bad' keyvalue.
self.assertRaises(tuf.FormatError, KEYS.create_in_metadata_format,
'bad_keytype', keyvalue)
del keyvalue['public']
self.assertRaises(tuf.FormatError, KEYS.create_in_metadata_format,
keytype, keyvalue)
def test_create_from_metadata_format(self):
# Reconfiguring rsakey_dict to conform to KEY_SCHEMA
# i.e. {keytype: 'rsa', keyval: {public: pub_key, private: priv_key}}
#keyid = rsakey_dict['keyid']
del rsakey_dict['keyid']
rsakey_dict_from_meta = KEYS.create_from_metadata_format(rsakey_dict)
# Check if the format of the object returned by this function corresponds
# to RSAKEY_SCHEMA format.
self.assertEqual(None,
tuf.formats.RSAKEY_SCHEMA.check_match(rsakey_dict_from_meta),
FORMAT_ERROR_MSG)
# Supplying a wrong number of arguments.
self.assertRaises(TypeError, KEYS.create_from_metadata_format)
args = (rsakey_dict, rsakey_dict)
self.assertRaises(TypeError, KEYS.create_from_metadata_format, *args)
# Supplying a malformed argument to the function - should get FormatError
del rsakey_dict['keyval']
self.assertRaises(tuf.FormatError, KEYS.create_from_metadata_format,
rsakey_dict)
def test_helper_get_keyid(self):
keytype = rsakey_dict['keytype']
keyvalue = rsakey_dict['keyval']
# Check format of 'keytype'.
self.assertEqual(None, tuf.formats.KEYTYPE_SCHEMA.check_match(keytype),
FORMAT_ERROR_MSG)
# Check format of 'keyvalue'.
self.assertEqual(None, tuf.formats.KEYVAL_SCHEMA.check_match(keyvalue),
FORMAT_ERROR_MSG)
keyid = KEYS._get_keyid(keytype, keyvalue)
# Check format of 'keyid' - the output of '_get_keyid()' function.
self.assertEqual(None, tuf.formats.KEYID_SCHEMA.check_match(keyid),
FORMAT_ERROR_MSG)
def test_create_signature(self):
# Creating a signature for 'DATA'.
signature = KEYS.create_signature(rsakey_dict, DATA)
# Check format of output.
self.assertEqual(None,
tuf.formats.SIGNATURE_SCHEMA.check_match(signature),
FORMAT_ERROR_MSG)
# Removing private key from 'rsakey_dict' - should raise a TypeError.
rsakey_dict['keyval']['private'] = ''
args = (rsakey_dict, DATA)
self.assertRaises(TypeError, KEYS.create_signature, *args)
# Supplying an incorrect number of arguments.
self.assertRaises(TypeError, KEYS.create_signature)
def test_verify_signature(self):
# Creating a signature 'signature' of 'DATA' to be verified.
signature = KEYS.create_signature(rsakey_dict, DATA)
# Verifying the 'signature' of 'DATA'.
verified = KEYS.verify_signature(rsakey_dict, signature, DATA)
self.assertTrue(verified, "Incorrect signature.")
# Testing an invalid 'signature'. Same 'signature' is passed, with
# 'DATA' different than the original 'DATA' that was used
# in creating the 'signature'. Function should return 'False'.
# Modifying 'DATA'.
_DATA = '1111'+DATA+'1111'
# Verifying the 'signature' of modified '_DATA'.
verified = KEYS.verify_signature(rsakey_dict, signature, _DATA)
self.assertFalse(verified,
'Returned \'True\' on an incorrect signature.')
# Modifying 'signature' to pass an incorrect method since only
# 'PyCrypto-PKCS#1 PSS'
# is accepted.
signature['method'] = 'Biff'
args = (rsakey_dict, signature, DATA)
self.assertRaises(tuf.UnknownMethodError, KEYS.verify_signature, *args)
# Passing incorrect number of arguments.
self.assertRaises(TypeError, KEYS.verify_signature)
# Run the unit tests.
if __name__ == '__main__':
unittest.main()

258
tests/unit/test_rsa_key.py
View file

@ -1,258 +0,0 @@
"""
<Program Name>
test_rsa_key.py
<Author>
Konstantin Andrianov
<Started>
April 24, 2012.
<Copyright>
See LICENSE for licensing information.
<Purpose>
Test cases for rsa_key.py.
<Notes>
I'm using 'global rsakey_dict' - there is no harm in doing so since
in order to modify the global variable in any method, python requires
explicit indication to modify i.e. declaring 'global' in each method
that modifies the global variable 'rsakey_dict'.
"""
import unittest
import logging
import tuf
import tuf.log
import tuf.formats
import tuf.rsa_key
logger = logging.getLogger('tuf.test_rsa_key')
RSA_KEY = tuf.rsa_key
FORMAT_ERROR_MSG = 'tuf.FormatError was raised! Check object\'s format.'
DATA = 'SOME DATA REQUIRING AUTHENTICITY.'
rsakey_dict = RSA_KEY.generate()
temp_key_info_vals = rsakey_dict.values()
temp_key_vals = rsakey_dict['keyval'].values()
class TestRsa_key(unittest.TestCase):
def setUp(self):
rsakey_dict['keytype']=temp_key_info_vals[0]
rsakey_dict['keyid']=temp_key_info_vals[1]
rsakey_dict['keyval']=temp_key_info_vals[2]
rsakey_dict['keyval']['public']=temp_key_vals[0]
rsakey_dict['keyval']['private']=temp_key_vals[1]
def test_generate(self):
_rsakey_dict = RSA_KEY.generate()
# Check if the format of the object returned by generate() corresponds
# to RSAKEY_SCHEMA format.
self.assertEqual(None, tuf.formats.RSAKEY_SCHEMA.check_match(_rsakey_dict),
FORMAT_ERROR_MSG)
# Passing a bit value that is <2048 to generate() - should raise
# 'tuf.FormatError'.
self.assertRaises(tuf.FormatError, RSA_KEY.generate, 555)
# Passing a string instead of integer for a bit value.
self.assertRaises(tuf.FormatError, RSA_KEY.generate, 'bits')
# NOTE if random bit value >=2048 (not 4096) is passed generate(bits)
# does not raise any errors and returns a valid key.
self.assertTrue(tuf.formats.RSAKEY_SCHEMA.matches(RSA_KEY.generate(2048)))
self.assertTrue(tuf.formats.RSAKEY_SCHEMA.matches(RSA_KEY.generate(4096)))
def test_create_in_metadata_format(self):
key_value = rsakey_dict['keyval']
key_meta = RSA_KEY.create_in_metadata_format(key_value)
# Check if the format of the object returned by this function corresponds
# to KEY_SCHEMA format.
self.assertEqual(None,
tuf.formats.KEY_SCHEMA.check_match(key_meta),
FORMAT_ERROR_MSG)
key_meta = RSA_KEY.create_in_metadata_format(key_value, private=True)
# Check if the format of the object returned by this function corresponds
# to KEY_SCHEMA format.
self.assertEqual(None, tuf.formats.KEY_SCHEMA.check_match(key_meta),
FORMAT_ERROR_MSG)
# Supplying a 'bad' key_value.
del key_value['public']
self.assertRaises(tuf.FormatError, RSA_KEY.create_in_metadata_format,
key_value)
def test_create_from_metadata_format(self):
# Reconfiguring rsakey_dict to conform to KEY_SCHEMA
# i.e. {keytype: 'rsa', keyval: {public: pub_key, private: priv_key}}
#keyid = rsakey_dict['keyid']
del rsakey_dict['keyid']
rsakey_dict_from_meta = RSA_KEY.create_from_metadata_format(rsakey_dict)
# Check if the format of the object returned by this function corresponds
# to RSAKEY_SCHEMA format.
self.assertEqual(None,
tuf.formats.RSAKEY_SCHEMA.check_match(rsakey_dict_from_meta),
FORMAT_ERROR_MSG)
# Supplying a wrong number of arguments.
self.assertRaises(TypeError, RSA_KEY.create_from_metadata_format)
args = (rsakey_dict, rsakey_dict)
self.assertRaises(TypeError, RSA_KEY.create_from_metadata_format, *args)
# Supplying a malformed argument to the function - should get FormatError
del rsakey_dict['keyval']
self.assertRaises(tuf.FormatError, RSA_KEY.create_from_metadata_format,
rsakey_dict)
def test_helper_get_keyid(self):
key_value = rsakey_dict['keyval']
# Check format of 'key_value'.
self.assertEqual(None, tuf.formats.KEYVAL_SCHEMA.check_match(key_value),
FORMAT_ERROR_MSG)
keyid = RSA_KEY._get_keyid(key_value)
# Check format of 'keyid' - the output of '_get_keyid()' function.
self.assertEqual(None, tuf.formats.KEYID_SCHEMA.check_match(keyid),
FORMAT_ERROR_MSG)
def test_createsignature(self):
# Creating a signature for 'DATA'.
signature = RSA_KEY.create_signature(rsakey_dict, DATA)
# Check format of output.
self.assertEqual(None,
tuf.formats.SIGNATURE_SCHEMA.check_match(signature),
FORMAT_ERROR_MSG)
# Removing private key from 'rsakey_dict' - should raise a TypeError.
rsakey_dict['keyval']['private'] = ''
args = (rsakey_dict, DATA)
self.assertRaises(TypeError, RSA_KEY.create_signature, *args)
# Supplying an incorrect number of arguments.
self.assertRaises(TypeError, RSA_KEY.create_signature)
def test_verify_signature(self):
# Creating a signature 'signature' of 'DATA' to be verified.
signature = RSA_KEY.create_signature(rsakey_dict, DATA)
# Verifying the 'signature' of 'DATA'.
verified = RSA_KEY.verify_signature(rsakey_dict, signature, DATA)
self.assertTrue(verified, "Incorrect signature.")
# Testing an invalid 'signature'. Same 'signature' is passed, with
# 'DATA' different than the original 'DATA' that was used
# in creating the 'signature'. Function should return 'False'.
# Modifying 'DATA'.
_DATA = '1111'+DATA+'1111'
# Verifying the 'signature' of modified '_DATA'.
verified = RSA_KEY.verify_signature(rsakey_dict, signature, _DATA)
self.assertFalse(verified,
'Returned \'True\' on an incorrect signature.')
# Modifying 'signature' to pass an incorrect method since only
# 'PyCrypto-PKCS#1 PSS'
# is accepted.
signature['method'] = 'Biff'
args = (rsakey_dict, signature, DATA)
self.assertRaises(tuf.UnknownMethodError, RSA_KEY.verify_signature, *args)
# Passing incorrect number of arguments.
self.assertRaises(TypeError,RSA_KEY.verify_signature)
def test_create_encrypted_pem(self):
passphrase = 'pw'
# Check format of 'rsakey_dict'.
self.assertEqual(None, tuf.formats.RSAKEY_SCHEMA.check_match(rsakey_dict),
FORMAT_ERROR_MSG)
# Check format of 'passphrase'.
self.assertEqual(None, tuf.formats.PASSWORD_SCHEMA.check_match(passphrase),
FORMAT_ERROR_MSG)
# Generate the encrypted PEM string of 'rsakey_dict'.
pem_rsakey = tuf.rsa_key.create_encrypted_pem(rsakey_dict, passphrase)
# Check for invalid arguments.
self.assertRaises(tuf.FormatError,
tuf.rsa_key.create_encrypted_pem, 'Biff', passphrase)
self.assertRaises(tuf.FormatError,
tuf.rsa_key.create_encrypted_pem, rsakey_dict, ['pw'])
def test_create_from_encrypted_pem(self):
passphrase = 'pw'
# Check format of 'rsakey_dict'.
self.assertEqual(None, tuf.formats.RSAKEY_SCHEMA.check_match(rsakey_dict),
FORMAT_ERROR_MSG)
# Check format of 'passphrase'.
self.assertEqual(None, tuf.formats.PASSWORD_SCHEMA.check_match(passphrase),
FORMAT_ERROR_MSG)
# Generate the encrypted PEM string of 'rsakey_dict'.
pem_rsakey = tuf.rsa_key.create_encrypted_pem(rsakey_dict, passphrase)
# Decrypt 'pem_rsakey' and verify the decrypted object is properly
# formatted.
decrypted_rsakey = tuf.rsa_key.create_from_encrypted_pem(pem_rsakey,
passphrase)
self.assertEqual(None, tuf.formats.RSAKEY_SCHEMA.check_match(decrypted_rsakey),
FORMAT_ERROR_MSG)
# Does 'decrypted_rsakey' match the original 'rsakey_dict'.
self.assertEqual(rsakey_dict, decrypted_rsakey)
# Attempt decryption of 'pem_rsakey' using an incorrect passphrase.
self.assertRaises(tuf.CryptoError,
tuf.rsa_key.create_from_encrypted_pem, pem_rsakey,
'bad_pw')
# Check for non-encrypted PEM string. create_from_encrypted_pem()/PyCrypto
# returns a tuf.formats.RSAKEY_SCHEMA object if PEM formatted string is
# not actually encrypted but still a valid PEM string.
non_encrypted_private_key = rsakey_dict['keyval']['private']
decrypted_non_encrypted = tuf.rsa_key.create_from_encrypted_pem(
non_encrypted_private_key, passphrase)
self.assertEqual(None, tuf.formats.RSAKEY_SCHEMA.check_match(
decrypted_non_encrypted), FORMAT_ERROR_MSG)
# Check for invalid arguments.
self.assertRaises(tuf.FormatError,
tuf.rsa_key.create_from_encrypted_pem, 123, passphrase)
self.assertRaises(tuf.FormatError,
tuf.rsa_key.create_from_encrypted_pem, pem_rsakey, ['pw'])
self.assertRaises(tuf.CryptoError,
tuf.rsa_key.create_from_encrypted_pem, 'invalid_pem',
passphrase)
# Run the unit tests.
if __name__ == '__main__':
unittest.main()

7
tuf/keys.py
View file

@ -326,10 +326,13 @@ def create_in_metadata_format(keytype, key_value, private=False):
An 'KEY_SCHEMA' dictionary.
"""
# Does 'key_value' have the correct format?
# This check will ensure 'key_value' has the appropriate number
# Does 'keytype' have the correct format?
# This check will ensure 'keytype' has the appropriate number
# of objects and object types, and that all dict keys are properly named.
# Raise 'tuf.FormatError' if the check fails.
tuf.formats.KEYTYPE_SCHEMA.check_match(keytype)
# Does 'key_value' have the correct format?
tuf.formats.KEYVAL_SCHEMA.check_match(key_value)
if private is True and key_value['private']: