forked from LedgerHQ/app-openpgp
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtest_cipher.py
More file actions
99 lines (71 loc) · 2.79 KB
/
test_cipher.py
File metadata and controls
99 lines (71 loc) · 2.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# -*- coding: utf-8 -*-
# SPDX-FileCopyrightText: 2023 Ledger SAS
# SPDX-License-Identifier: LicenseRef-LEDGER
"""
This module provides Ragger tests for Cipher feature
"""
from Crypto.Random import get_random_bytes
from Crypto.Cipher import PKCS1_v1_5
from ragger.backend import BackendInterface
from application_client.command_sender import CommandSender
from application_client.app_def import Errors, DataObject, PassWord
from utils import check_pincode, generate_key, get_RSA_pub_key
# In this test we check the symmetric key encryption
def test_AES(backend: BackendInterface) -> None:
# Use the app interface instead of raw interface
client = CommandSender(backend)
# Verify PW3 (Admin)
check_pincode(client, PassWord.PW3)
key = get_random_bytes(32)
# Store the AES Key
rapdu = client.put_data(DataObject.DO_KEY_AES, key)
assert rapdu.status == Errors.SW_OK
# Verify PW2 (User)
check_pincode(client, PassWord.PW2)
# Encrypt the data
plain = get_random_bytes(16)
rapdu = client.encrypt(plain)
assert rapdu.status == Errors.SW_OK
# Decrypt the data
rapdu = client.decrypt(rapdu.data)
assert rapdu.status == Errors.SW_OK
assert rapdu.data == plain
# In this test we check the symmetric key encryption
def test_Asym(backend: BackendInterface) -> None:
# Use the app interface instead of raw interface
client = CommandSender(backend)
# Generate the DEC Key Pair
generate_key(client, DataObject.DO_DEC_KEY)
# Verify PW2 (User)
check_pincode(client, PassWord.PW2)
# Read the DEC pub Key
pubkey = get_RSA_pub_key(client, DataObject.DO_DEC_KEY)
# Encrypt random bytes with Pub Key
plain = get_random_bytes(32)
cipher = PKCS1_v1_5.new(pubkey)
ciphertext = cipher.encrypt(plain)
# Decrypt the data with the Private key
rapdu = client.decrypt_asym(ciphertext)
assert rapdu.status == Errors.SW_OK
assert rapdu.data == plain
# In this test we check the symmetric key encryption with MSE
def test_MSE(backend: BackendInterface) -> None:
# Use the app interface instead of raw interface
client = CommandSender(backend)
# Generate the AUT Key Pair
generate_key(client, DataObject.DO_AUT_KEY)
# Verify PW2 (User)
check_pincode(client, PassWord.PW2)
# Read the AUT pub Key
pubkey = get_RSA_pub_key(client, DataObject.DO_AUT_KEY)
# Encrypt random bytes with Pub Key
plain = get_random_bytes(32)
cipher = PKCS1_v1_5.new(pubkey)
ciphertext = cipher.encrypt(plain)
# Change default DEC key by AUT
rapdu = client.manage_security_env(DataObject.DO_DEC_KEY, 3)
assert rapdu.status == Errors.SW_OK
# Decrypt the data with the Private key
rapdu = client.decrypt_asym(ciphertext)
assert rapdu.status == Errors.SW_OK
assert rapdu.data == plain