From a091b1f84bf86fe75f1a1b641eecbbaedbabd2bf Mon Sep 17 00:00:00 2001 From: vladdd Date: Thu, 10 Oct 2013 14:01:55 -0400 Subject: [PATCH] Add test_keys.py and update keys.py --- tests/unit/test_keys.py | 198 ++++++++++++++++++++++++++++ tests/unit/test_rsa_key.py | 258 ------------------------------------- tuf/keys.py | 7 +- 3 files changed, 203 insertions(+), 260 deletions(-) create mode 100755 tests/unit/test_keys.py delete mode 100755 tests/unit/test_rsa_key.py diff --git a/tests/unit/test_keys.py b/tests/unit/test_keys.py new file mode 100755 index 00000000..3297680f --- /dev/null +++ b/tests/unit/test_keys.py @@ -0,0 +1,198 @@ +""" + + test_keys.py + + + Konstantin Andrianov + + + April 24, 2012. + + + See LICENSE for licensing information. + + + Test cases for test_keys.py. + + + I'm using 'global rsakey_dict' - there is no harm in doing so since + in order to modify the global variable in any method, python requires + explicit indication to modify i.e. declaring 'global' in each method + that modifies the global variable 'rsakey_dict'. +""" + +import unittest +import logging + +import tuf +import tuf.log +import tuf.formats +import tuf.keys + +logger = logging.getLogger('tuf.test_keys') + +KEYS = tuf.keys +FORMAT_ERROR_MSG = 'tuf.FormatError was raised! Check object\'s format.' +DATA = 'SOME DATA REQUIRING AUTHENTICITY.' + + +rsakey_dict = KEYS.generate_rsa_key() +temp_key_info_vals = rsakey_dict.values() +temp_key_vals = rsakey_dict['keyval'].values() + + +class TestKeys(unittest.TestCase): + def setUp(self): + rsakey_dict['keytype']=temp_key_info_vals[0] + rsakey_dict['keyid']=temp_key_info_vals[1] + rsakey_dict['keyval']=temp_key_info_vals[2] + rsakey_dict['keyval']['public']=temp_key_vals[0] + rsakey_dict['keyval']['private']=temp_key_vals[1] + + + def test_generate_rsa_key(self): + _rsakey_dict = KEYS.generate_rsa_key() + + # Check if the format of the object returned by generate() corresponds + # to RSAKEY_SCHEMA format. + self.assertEqual(None, tuf.formats.RSAKEY_SCHEMA.check_match(_rsakey_dict), + FORMAT_ERROR_MSG) + + # Passing a bit value that is <2048 to generate() - should raise + # 'tuf.FormatError'. + self.assertRaises(tuf.FormatError, KEYS.generate_rsa_key, 555) + + # Passing a string instead of integer for a bit value. + self.assertRaises(tuf.FormatError, KEYS.generate_rsa_key, 'bits') + + # NOTE if random bit value >=2048 (not 4096) is passed generate(bits) + # does not raise any errors and returns a valid key. + self.assertTrue(tuf.formats.RSAKEY_SCHEMA.matches(KEYS.generate_rsa_key(2048))) + self.assertTrue(tuf.formats.RSAKEY_SCHEMA.matches(KEYS.generate_rsa_key(4096))) + + def test_create_in_metadata_format(self): + keyvalue = rsakey_dict['keyval'] + keytype = rsakey_dict['keytype'] + key_meta = KEYS.create_in_metadata_format(keytype, keyvalue) + + # Check if the format of the object returned by this function corresponds + # to KEY_SCHEMA format. + self.assertEqual(None, + tuf.formats.KEY_SCHEMA.check_match(key_meta), + FORMAT_ERROR_MSG) + key_meta = KEYS.create_in_metadata_format(keytype, keyvalue, private=True) + + # Check if the format of the object returned by this function corresponds + # to KEY_SCHEMA format. + self.assertEqual(None, tuf.formats.KEY_SCHEMA.check_match(key_meta), + FORMAT_ERROR_MSG) + + # Supplying a 'bad' keyvalue. + self.assertRaises(tuf.FormatError, KEYS.create_in_metadata_format, + 'bad_keytype', keyvalue) + + del keyvalue['public'] + self.assertRaises(tuf.FormatError, KEYS.create_in_metadata_format, + keytype, keyvalue) + + + + def test_create_from_metadata_format(self): + # Reconfiguring rsakey_dict to conform to KEY_SCHEMA + # i.e. {keytype: 'rsa', keyval: {public: pub_key, private: priv_key}} + #keyid = rsakey_dict['keyid'] + del rsakey_dict['keyid'] + + rsakey_dict_from_meta = KEYS.create_from_metadata_format(rsakey_dict) + + # Check if the format of the object returned by this function corresponds + # to RSAKEY_SCHEMA format. + self.assertEqual(None, + tuf.formats.RSAKEY_SCHEMA.check_match(rsakey_dict_from_meta), + FORMAT_ERROR_MSG) + + # Supplying a wrong number of arguments. + self.assertRaises(TypeError, KEYS.create_from_metadata_format) + args = (rsakey_dict, rsakey_dict) + self.assertRaises(TypeError, KEYS.create_from_metadata_format, *args) + + # Supplying a malformed argument to the function - should get FormatError + del rsakey_dict['keyval'] + self.assertRaises(tuf.FormatError, KEYS.create_from_metadata_format, + rsakey_dict) + + + def test_helper_get_keyid(self): + keytype = rsakey_dict['keytype'] + keyvalue = rsakey_dict['keyval'] + + # Check format of 'keytype'. + self.assertEqual(None, tuf.formats.KEYTYPE_SCHEMA.check_match(keytype), + FORMAT_ERROR_MSG) + + # Check format of 'keyvalue'. + self.assertEqual(None, tuf.formats.KEYVAL_SCHEMA.check_match(keyvalue), + FORMAT_ERROR_MSG) + + keyid = KEYS._get_keyid(keytype, keyvalue) + + # Check format of 'keyid' - the output of '_get_keyid()' function. + self.assertEqual(None, tuf.formats.KEYID_SCHEMA.check_match(keyid), + FORMAT_ERROR_MSG) + + + def test_create_signature(self): + # Creating a signature for 'DATA'. + signature = KEYS.create_signature(rsakey_dict, DATA) + + # Check format of output. + self.assertEqual(None, + tuf.formats.SIGNATURE_SCHEMA.check_match(signature), + FORMAT_ERROR_MSG) + + # Removing private key from 'rsakey_dict' - should raise a TypeError. + rsakey_dict['keyval']['private'] = '' + + args = (rsakey_dict, DATA) + self.assertRaises(TypeError, KEYS.create_signature, *args) + + # Supplying an incorrect number of arguments. + self.assertRaises(TypeError, KEYS.create_signature) + + + def test_verify_signature(self): + # Creating a signature 'signature' of 'DATA' to be verified. + signature = KEYS.create_signature(rsakey_dict, DATA) + + # Verifying the 'signature' of 'DATA'. + verified = KEYS.verify_signature(rsakey_dict, signature, DATA) + self.assertTrue(verified, "Incorrect signature.") + + # Testing an invalid 'signature'. Same 'signature' is passed, with + # 'DATA' different than the original 'DATA' that was used + # in creating the 'signature'. Function should return 'False'. + + # Modifying 'DATA'. + _DATA = '1111'+DATA+'1111' + + # Verifying the 'signature' of modified '_DATA'. + verified = KEYS.verify_signature(rsakey_dict, signature, _DATA) + self.assertFalse(verified, + 'Returned \'True\' on an incorrect signature.') + + # Modifying 'signature' to pass an incorrect method since only + # 'PyCrypto-PKCS#1 PSS' + # is accepted. + signature['method'] = 'Biff' + + args = (rsakey_dict, signature, DATA) + self.assertRaises(tuf.UnknownMethodError, KEYS.verify_signature, *args) + + # Passing incorrect number of arguments. + self.assertRaises(TypeError, KEYS.verify_signature) + + + +# Run the unit tests. +if __name__ == '__main__': + unittest.main() diff --git a/tests/unit/test_rsa_key.py b/tests/unit/test_rsa_key.py deleted file mode 100755 index 881ee1d7..00000000 --- a/tests/unit/test_rsa_key.py +++ /dev/null @@ -1,258 +0,0 @@ -""" - - test_rsa_key.py - - - Konstantin Andrianov - - - April 24, 2012. - - - See LICENSE for licensing information. - - - Test cases for rsa_key.py. - - - I'm using 'global rsakey_dict' - there is no harm in doing so since - in order to modify the global variable in any method, python requires - explicit indication to modify i.e. declaring 'global' in each method - that modifies the global variable 'rsakey_dict'. - -""" - -import unittest -import logging - -import tuf -import tuf.log -import tuf.formats -import tuf.rsa_key - -logger = logging.getLogger('tuf.test_rsa_key') - -RSA_KEY = tuf.rsa_key -FORMAT_ERROR_MSG = 'tuf.FormatError was raised! Check object\'s format.' -DATA = 'SOME DATA REQUIRING AUTHENTICITY.' - - -rsakey_dict = RSA_KEY.generate() -temp_key_info_vals = rsakey_dict.values() -temp_key_vals = rsakey_dict['keyval'].values() - - -class TestRsa_key(unittest.TestCase): - def setUp(self): - rsakey_dict['keytype']=temp_key_info_vals[0] - rsakey_dict['keyid']=temp_key_info_vals[1] - rsakey_dict['keyval']=temp_key_info_vals[2] - rsakey_dict['keyval']['public']=temp_key_vals[0] - rsakey_dict['keyval']['private']=temp_key_vals[1] - - - def test_generate(self): - _rsakey_dict = RSA_KEY.generate() - - # Check if the format of the object returned by generate() corresponds - # to RSAKEY_SCHEMA format. - self.assertEqual(None, tuf.formats.RSAKEY_SCHEMA.check_match(_rsakey_dict), - FORMAT_ERROR_MSG) - - # Passing a bit value that is <2048 to generate() - should raise - # 'tuf.FormatError'. - self.assertRaises(tuf.FormatError, RSA_KEY.generate, 555) - - # Passing a string instead of integer for a bit value. - self.assertRaises(tuf.FormatError, RSA_KEY.generate, 'bits') - - # NOTE if random bit value >=2048 (not 4096) is passed generate(bits) - # does not raise any errors and returns a valid key. - self.assertTrue(tuf.formats.RSAKEY_SCHEMA.matches(RSA_KEY.generate(2048))) - self.assertTrue(tuf.formats.RSAKEY_SCHEMA.matches(RSA_KEY.generate(4096))) - - def test_create_in_metadata_format(self): - key_value = rsakey_dict['keyval'] - key_meta = RSA_KEY.create_in_metadata_format(key_value) - - # Check if the format of the object returned by this function corresponds - # to KEY_SCHEMA format. - self.assertEqual(None, - tuf.formats.KEY_SCHEMA.check_match(key_meta), - FORMAT_ERROR_MSG) - key_meta = RSA_KEY.create_in_metadata_format(key_value, private=True) - - # Check if the format of the object returned by this function corresponds - # to KEY_SCHEMA format. - self.assertEqual(None, tuf.formats.KEY_SCHEMA.check_match(key_meta), - FORMAT_ERROR_MSG) - - # Supplying a 'bad' key_value. - del key_value['public'] - self.assertRaises(tuf.FormatError, RSA_KEY.create_in_metadata_format, - key_value) - - - def test_create_from_metadata_format(self): - # Reconfiguring rsakey_dict to conform to KEY_SCHEMA - # i.e. {keytype: 'rsa', keyval: {public: pub_key, private: priv_key}} - #keyid = rsakey_dict['keyid'] - del rsakey_dict['keyid'] - - rsakey_dict_from_meta = RSA_KEY.create_from_metadata_format(rsakey_dict) - - # Check if the format of the object returned by this function corresponds - # to RSAKEY_SCHEMA format. - self.assertEqual(None, - tuf.formats.RSAKEY_SCHEMA.check_match(rsakey_dict_from_meta), - FORMAT_ERROR_MSG) - - # Supplying a wrong number of arguments. - self.assertRaises(TypeError, RSA_KEY.create_from_metadata_format) - args = (rsakey_dict, rsakey_dict) - self.assertRaises(TypeError, RSA_KEY.create_from_metadata_format, *args) - - # Supplying a malformed argument to the function - should get FormatError - del rsakey_dict['keyval'] - self.assertRaises(tuf.FormatError, RSA_KEY.create_from_metadata_format, - rsakey_dict) - - - def test_helper_get_keyid(self): - key_value = rsakey_dict['keyval'] - - # Check format of 'key_value'. - self.assertEqual(None, tuf.formats.KEYVAL_SCHEMA.check_match(key_value), - FORMAT_ERROR_MSG) - - keyid = RSA_KEY._get_keyid(key_value) - - # Check format of 'keyid' - the output of '_get_keyid()' function. - self.assertEqual(None, tuf.formats.KEYID_SCHEMA.check_match(keyid), - FORMAT_ERROR_MSG) - - - def test_createsignature(self): - # Creating a signature for 'DATA'. - signature = RSA_KEY.create_signature(rsakey_dict, DATA) - - # Check format of output. - self.assertEqual(None, - tuf.formats.SIGNATURE_SCHEMA.check_match(signature), - FORMAT_ERROR_MSG) - - # Removing private key from 'rsakey_dict' - should raise a TypeError. - rsakey_dict['keyval']['private'] = '' - - args = (rsakey_dict, DATA) - self.assertRaises(TypeError, RSA_KEY.create_signature, *args) - - # Supplying an incorrect number of arguments. - self.assertRaises(TypeError, RSA_KEY.create_signature) - - - def test_verify_signature(self): - # Creating a signature 'signature' of 'DATA' to be verified. - signature = RSA_KEY.create_signature(rsakey_dict, DATA) - - # Verifying the 'signature' of 'DATA'. - verified = RSA_KEY.verify_signature(rsakey_dict, signature, DATA) - self.assertTrue(verified, "Incorrect signature.") - - # Testing an invalid 'signature'. Same 'signature' is passed, with - # 'DATA' different than the original 'DATA' that was used - # in creating the 'signature'. Function should return 'False'. - - # Modifying 'DATA'. - _DATA = '1111'+DATA+'1111' - - # Verifying the 'signature' of modified '_DATA'. - verified = RSA_KEY.verify_signature(rsakey_dict, signature, _DATA) - self.assertFalse(verified, - 'Returned \'True\' on an incorrect signature.') - - # Modifying 'signature' to pass an incorrect method since only - # 'PyCrypto-PKCS#1 PSS' - # is accepted. - signature['method'] = 'Biff' - - args = (rsakey_dict, signature, DATA) - self.assertRaises(tuf.UnknownMethodError, RSA_KEY.verify_signature, *args) - - # Passing incorrect number of arguments. - self.assertRaises(TypeError,RSA_KEY.verify_signature) - - - def test_create_encrypted_pem(self): - passphrase = 'pw' - - # Check format of 'rsakey_dict'. - self.assertEqual(None, tuf.formats.RSAKEY_SCHEMA.check_match(rsakey_dict), - FORMAT_ERROR_MSG) - - # Check format of 'passphrase'. - self.assertEqual(None, tuf.formats.PASSWORD_SCHEMA.check_match(passphrase), - FORMAT_ERROR_MSG) - - # Generate the encrypted PEM string of 'rsakey_dict'. - pem_rsakey = tuf.rsa_key.create_encrypted_pem(rsakey_dict, passphrase) - - # Check for invalid arguments. - self.assertRaises(tuf.FormatError, - tuf.rsa_key.create_encrypted_pem, 'Biff', passphrase) - self.assertRaises(tuf.FormatError, - tuf.rsa_key.create_encrypted_pem, rsakey_dict, ['pw']) - - - - def test_create_from_encrypted_pem(self): - passphrase = 'pw' - - # Check format of 'rsakey_dict'. - self.assertEqual(None, tuf.formats.RSAKEY_SCHEMA.check_match(rsakey_dict), - FORMAT_ERROR_MSG) - - # Check format of 'passphrase'. - self.assertEqual(None, tuf.formats.PASSWORD_SCHEMA.check_match(passphrase), - FORMAT_ERROR_MSG) - - # Generate the encrypted PEM string of 'rsakey_dict'. - pem_rsakey = tuf.rsa_key.create_encrypted_pem(rsakey_dict, passphrase) - - # Decrypt 'pem_rsakey' and verify the decrypted object is properly - # formatted. - decrypted_rsakey = tuf.rsa_key.create_from_encrypted_pem(pem_rsakey, - passphrase) - self.assertEqual(None, tuf.formats.RSAKEY_SCHEMA.check_match(decrypted_rsakey), - FORMAT_ERROR_MSG) - - # Does 'decrypted_rsakey' match the original 'rsakey_dict'. - self.assertEqual(rsakey_dict, decrypted_rsakey) - - # Attempt decryption of 'pem_rsakey' using an incorrect passphrase. - self.assertRaises(tuf.CryptoError, - tuf.rsa_key.create_from_encrypted_pem, pem_rsakey, - 'bad_pw') - # Check for non-encrypted PEM string. create_from_encrypted_pem()/PyCrypto - # returns a tuf.formats.RSAKEY_SCHEMA object if PEM formatted string is - # not actually encrypted but still a valid PEM string. - non_encrypted_private_key = rsakey_dict['keyval']['private'] - decrypted_non_encrypted = tuf.rsa_key.create_from_encrypted_pem( - non_encrypted_private_key, passphrase) - self.assertEqual(None, tuf.formats.RSAKEY_SCHEMA.check_match( - decrypted_non_encrypted), FORMAT_ERROR_MSG) - - # Check for invalid arguments. - self.assertRaises(tuf.FormatError, - tuf.rsa_key.create_from_encrypted_pem, 123, passphrase) - self.assertRaises(tuf.FormatError, - tuf.rsa_key.create_from_encrypted_pem, pem_rsakey, ['pw']) - self.assertRaises(tuf.CryptoError, - tuf.rsa_key.create_from_encrypted_pem, 'invalid_pem', - passphrase) - - - -# Run the unit tests. -if __name__ == '__main__': - unittest.main() diff --git a/tuf/keys.py b/tuf/keys.py index 49c78a35..5f1062cf 100755 --- a/tuf/keys.py +++ b/tuf/keys.py @@ -326,10 +326,13 @@ def create_in_metadata_format(keytype, key_value, private=False): An 'KEY_SCHEMA' dictionary. """ - # Does 'key_value' have the correct format? - # This check will ensure 'key_value' has the appropriate number + # Does 'keytype' have the correct format? + # This check will ensure 'keytype' has the appropriate number # of objects and object types, and that all dict keys are properly named. # Raise 'tuf.FormatError' if the check fails. + tuf.formats.KEYTYPE_SCHEMA.check_match(keytype) + + # Does 'key_value' have the correct format? tuf.formats.KEYVAL_SCHEMA.check_match(key_value) if private is True and key_value['private']: