openpgp-card-app/tests/test_seed.py

# -*- coding: utf-8 -*-
# SPDX-FileCopyrightText: 2023 Ledger SAS
# SPDX-License-Identifier: LicenseRef-LEDGER
"""
This module provides Ragger tests for Signing feature with SEED mode
"""
import sys
from typing import Union
import pytest

from Crypto.PublicKey.RSA import RsaKey
from Crypto.PublicKey.ECC import EccKey

from ragger.backend import BackendInterface

from application_client.command_sender import CommandSender
from application_client.app_def import Errors, DataObject, PassWord, PubkeyAlgo

from utils import get_RSA_pub_key, get_ECDSA_pub_key, get_EDDSA_pub_key
from utils import check_pincode, generate_key, get_key_attributes, KEY_TEMPLATES


def _gen_key(client: CommandSender, template: str) -> Union[RsaKey,EccKey]:

    # Verify PW3 (Admin)
    check_pincode(client, PassWord.PW3)

    # Set SIG key template
    rapdu = client.set_template(DataObject.DO_SIG_ATTR, KEY_TEMPLATES[template])
    assert rapdu.status == Errors.SW_OK

    # Generate the SIG Key Pair in SEED mode
    generate_key(client, DataObject.DO_SIG_KEY, True)

    key_algo, _ = get_key_attributes(client, DataObject.DO_SIG_ATTR)

     # Read the SIG pub Key
    if key_algo == PubkeyAlgo.RSA:
        return get_RSA_pub_key(client, DataObject.DO_SIG_KEY)
    if key_algo == PubkeyAlgo.ECDSA:
        return get_ECDSA_pub_key(client, DataObject.DO_SIG_KEY)
    if key_algo == PubkeyAlgo.EDDSA:
        return get_EDDSA_pub_key(client, DataObject.DO_SIG_KEY)

    raise ValueError


@pytest.mark.parametrize(
    "template",
    [
        "rsa2048",
        pytest.param("rsa3072", marks=pytest.mark.skipif("--full" not in sys.argv, reason="skipping long test")),
        # pytest.param("rsa4096", marks=pytest.mark.skipif("--full" not in sys.argv, reason="skipping long test")),
        "nistp256",  # ECDSA
        "ed25519",   # EdDSA
        # "cv25519",   # ECDH, SDK returns CX_EC_INVALID_CURVE
    ],
)
def test_seed_key(backend: BackendInterface, template: str) -> None:
    # Use the app interface instead of raw interface
    client = CommandSender(backend)

    # Generate the key
    pubkey1 = _gen_key(client, template)

    # Reset the App (delete the key)
    client.send_terminate()
    client.send_activate()

    # Ensure the SIG Key is no more available
    rapdu = client.read_key(DataObject.DO_SIG_KEY)
    assert rapdu.status == Errors.SW_REFERENCED_DATA_NOT_FOUND

    # Generate the key again
    pubkey2 = _gen_key(client, template)

    # Check generated keys
    assert pubkey1 == pubkey2
Add ragger tests 9 months ago			`# -- coding: utf-8 --`
			`# SPDX-FileCopyrightText: 2023 Ledger SAS`
			`# SPDX-License-Identifier: LicenseRef-LEDGER`
			`"""`
			`This module provides Ragger tests for Signing feature with SEED mode`
			`"""`
			`import sys`
Fix pylint and mypy for ragger tests and pytools 4 months ago			`from typing import Union`
Add ragger tests 9 months ago			`import pytest`

Fix pylint and mypy for ragger tests and pytools 4 months ago			`from Crypto.PublicKey.RSA import RsaKey`
			`from Crypto.PublicKey.ECC import EccKey`

			`from ragger.backend import BackendInterface`

Add ragger tests 9 months ago			`from application_client.command_sender import CommandSender`
			`from application_client.app_def import Errors, DataObject, PassWord, PubkeyAlgo`

			`from utils import get_RSA_pub_key, get_ECDSA_pub_key, get_EDDSA_pub_key`
			`from utils import check_pincode, generate_key, get_key_attributes, KEY_TEMPLATES`


Fix pylint and mypy for ragger tests and pytools 4 months ago			`def _gen_key(client: CommandSender, template: str) -> Union[RsaKey,EccKey]:`
Add ragger tests 9 months ago
			`# Verify PW3 (Admin)`
			`check_pincode(client, PassWord.PW3)`

			`# Set SIG key template`
			`rapdu = client.set_template(DataObject.DO_SIG_ATTR, KEY_TEMPLATES[template])`
			`assert rapdu.status == Errors.SW_OK`

			`# Generate the SIG Key Pair in SEED mode`
			`generate_key(client, DataObject.DO_SIG_KEY, True)`

			`key_algo, _ = get_key_attributes(client, DataObject.DO_SIG_ATTR)`

			`# Read the SIG pub Key`
			`if key_algo == PubkeyAlgo.RSA:`
Fix mypy on ragger tests 8 months ago			`return get_RSA_pub_key(client, DataObject.DO_SIG_KEY)`
			`if key_algo == PubkeyAlgo.ECDSA:`
			`return get_ECDSA_pub_key(client, DataObject.DO_SIG_KEY)`
			`if key_algo == PubkeyAlgo.EDDSA:`
			`return get_EDDSA_pub_key(client, DataObject.DO_SIG_KEY)`

			`raise ValueError`
Add ragger tests 9 months ago

			`@pytest.mark.parametrize(`
			`"template",`
			`[`
			`"rsa2048",`
			`pytest.param("rsa3072", marks=pytest.mark.skipif("--full" not in sys.argv, reason="skipping long test")),`
Disable RSA4096 - watchdog issue 8 months ago			`# pytest.param("rsa4096", marks=pytest.mark.skipif("--full" not in sys.argv, reason="skipping long test")),`
Add ragger tests 9 months ago			`"nistp256", # ECDSA`
			`"ed25519", # EdDSA`
			`# "cv25519", # ECDH, SDK returns CX_EC_INVALID_CURVE`
			`],`
			`)`
Fix pylint and mypy for ragger tests and pytools 4 months ago			`def test_seed_key(backend: BackendInterface, template: str) -> None:`
Add ragger tests 9 months ago			`# Use the app interface instead of raw interface`
			`client = CommandSender(backend)`

			`# Generate the key`
			`pubkey1 = _gen_key(client, template)`

			`# Reset the App (delete the key)`
			`client.send_terminate()`
			`client.send_activate()`

			`# Ensure the SIG Key is no more available`
			`rapdu = client.read_key(DataObject.DO_SIG_KEY)`
			`assert rapdu.status == Errors.SW_REFERENCED_DATA_NOT_FOUND`

			`# Generate the key again`
			`pubkey2 = _gen_key(client, template)`

			`# Check generated keys`
			`assert pubkey1 == pubkey2`