openstack/barbican
Code Issues Proposed changes

Changed Test Key Size to 2048

Browse Source 
There were several places where RSA key sizes were less than 2048.
This change makes all of the keys now 2048 bits. This will help tests
with devices that are FIPS compliant and do not allow keys of 1024
bits. This is important for functional tests that use real devices.

The test code included two modules that provided example private key,
public key, and certificate. The utils module was modified to remove
its samples and the keys.py file will now contain the keys to be used
for testing. Those keys are 2048 while utils was 1024.

Change-Id: I19c5b32d7861953ebbb458a6f6336647bb13736c
This commit is contained in:
Nathan Reller 2015-06-17 17:21:06 -04:00
parent 5135991a33
commit 232dc6d52b
8 changed files with 34 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
barbican/tests/common/test_validators.py
View File

@ -22,6 +22,7 @@ import testtools
from barbican.common import exception as excep
from barbican.common import validators
from barbican.tests import certificate_utils as certs
from barbican.tests import keys
from barbican.tests import utils
VALID_EXTENSIONS = "valid extensions"
@ -43,9 +44,9 @@ def get_private_key_req():
'payload_content_type': 'application/pkcs8',
'payload_content_encoding': 'base64',
'algorithm': 'rsa',
'bit_length': 1024,
'bit_length': 2048,
'secret_type': 'private',
'payload': base64.b64encode(utils.get_private_key())}
'payload': base64.b64encode(keys.get_private_key_pem())}
def get_public_key_req():
@ -53,9 +54,9 @@ def get_public_key_req():
'payload_content_type': 'application/octet-stream',
'payload_content_encoding': 'base64',
'algorithm': 'rsa',
'bit_length': 1024,
'bit_length': 2048,
'secret_type': 'public',
'payload': base64.b64encode(utils.get_public_key())}
'payload': base64.b64encode(keys.get_public_key_pem())}
def get_certificate_req():
@ -63,9 +64,9 @@ def get_certificate_req():
'payload_content_type': 'application/pkix-cert',
'payload_content_encoding': 'base64',
'algorithm': 'rsa',
'bit_length': 1024,
'bit_length': 2048,
'secret_type': 'certificate',
'payload': base64.b64encode(utils.get_certificate())}
'payload': base64.b64encode(keys.get_certificate_pem())}
def get_passphrase_req():

4
barbican/tests/plugin/test_kmip.py
View File

@ -193,14 +193,14 @@ class WhenTestingKMIPSecretStore(utils.BaseTestCase):
def test_generate_supports_rsa(self):
key_spec = secret_store.KeySpec(secret_store.KeyAlgorithm.RSA,
None, 'mode')
for x in [1024, 2048, 3072, 4096]:
for x in [2048, 3072, 4096]:
key_spec.bit_length = x
self.assertTrue(self.secret_store.generate_supports(key_spec))
def test_generate_supports_dsa(self):
key_spec = secret_store.KeySpec(secret_store.KeyAlgorithm.DSA,
None, 'mode')
for x in [1024, 2048, 3072]:
for x in [2048, 3072]:
key_spec.bit_length = x
self.assertTrue(self.secret_store.generate_supports(key_spec))

13
barbican/tests/plugin/test_store_crypto.py
View File

@ -22,32 +22,33 @@ from barbican.model import models
from barbican.plugin.crypto import crypto
from barbican.plugin.interface import secret_store
from barbican.plugin import store_crypto
from barbican.tests import keys
from barbican.tests import utils as test_utils
def get_private_dto():
spec = secret_store.KeySpec(secret_store.KeyAlgorithm.RSA, 1024)
spec = secret_store.KeySpec(secret_store.KeyAlgorithm.RSA, 2048)
return secret_store.SecretDTO(secret_store.SecretType.PRIVATE,
base64.b64encode(
test_utils.get_private_key()),
keys.get_private_key_pem()),
spec,
'application/pkcs8')
def get_public_dto():
spec = secret_store.KeySpec(secret_store.KeyAlgorithm.RSA, 1024)
spec = secret_store.KeySpec(secret_store.KeyAlgorithm.RSA, 2048)
return secret_store.SecretDTO(secret_store.SecretType.PUBLIC,
base64.b64encode(
test_utils.get_public_key()),
keys.get_public_key_pem()),
spec,
'application/octet-stream')
def get_certificate_dto():
spec = secret_store.KeySpec(secret_store.KeyAlgorithm.RSA, 1024)
spec = secret_store.KeySpec(secret_store.KeyAlgorithm.RSA, 2048)
return secret_store.SecretDTO(secret_store.SecretType.CERTIFICATE,
base64.b64encode(
test_utils.get_certificate()),
keys.get_certificate_pem()),
spec,
'application/pkix-cert')

54
barbican/tests/utils.py
View File

@ -462,60 +462,6 @@ def get_symmetric_key():
return s
def get_private_key():
s = ("-----BEGIN PRIVATE KEY-----\n"
"MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMxOUcg4eiBTZnIy\n"
"4XhEV+IoBbye/ZkXnxWQPnz9Cm+2C3rIYBev6WLqztSfi1EHnn3jM9p36KJuVgvA\n"
"Jr4wfn19hM9pw5Cq5hcnkVlBCAKoCM7p/jf7G2qv0yxlhXK3eZVzR/8Km3wImKN5\n"
"mJRqCv89I1LXyiuHYlVrznx8hjTZAgMBAAECgYAYyVu0rd1rNJMWQcQHAkujPXXM\n"
"t4FO5IXBaPmb0ltEyFJGOC8oUIhBHvmu5BhT4VfCMCFnXOrVYguAa3SH2HxP54Wb\n"
"xfycCNow5ikujEfdvsAZi1tnKedFRnJhdANCAM+6+fTNUzNElUW6kjuvwWWnRq7C\n"
"iCHqhd5ssVa8vMjPjQJBAPpMz0rXo2DDtYqQLOnWwAbV+djM1+ldmBdh/Q4zETDO\n"
"xgPfUvLBhU40LJt8NQeia6Ce4oYH+W4WRyNYvvmcGz8CQQDQ9V/8IuMJN6vyAKrc\n"
"WMPyLfYFu3wJ74/DX0EZ7lf+UhTlCEwEQaVQ78El1oFJDl7cjnH3Ay5GNsFfHOfd\n"
"uaHnAkAa21MCvNCS+WzpST8IeDpygVMlqBUivSAsoh78/w3BJu6oS7YixhD/qyl+\n"
"JX2rLApQWbwElaZ14X4QlN0o+08RAkEAi79vIDtcx69Z6ZGUs6UR9wfR/+dxf1ue\n"
"NDWiXmtOoiHXI422+SnGHCkcbefVszxPKQaDJYYVDpRUIv47+8fIhQJAIPlfqUpN\n"
"0c23beUUWItd+fSVLH+bxTUv+FUqLQIC2VlXVecg7+eAOMNzF2CqcpWstIcrYkV7\n"
"lECxnorexnYA8g==\n"
"-----END PRIVATE KEY-----")
return s
def get_public_key():
s = ("-----BEGIN PUBLIC KEY-----\n"
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMTlHIOHogU2ZyMuF4RFfiKAW8\n"
"nv2ZF58VkD58/Qpvtgt6yGAXr+li6s7Un4tRB5594zPad+iiblYLwCa+MH59fYTP\n"
"acOQquYXJ5FZQQgCqAjO6f43+xtqr9MsZYVyt3mVc0f/Cpt8CJijeZiUagr/PSNS\n"
"18orh2JVa858fIY02QIDAQAB\n"
"-----END PUBLIC KEY-----")
return s
def get_certificate():
s = ("-----BEGIN CERTIFICATE-----\n"
"MIIDTzCCArigAwIBAgIJANwgT2i4cVRAMA0GCSqGSIb3DQEBBQUAMHkxCzAJBgNV\n"
"BAYTAlVTMQswCQYDVQQIEwJUWDEPMA0GA1UEBxMGQXVzdGluMRYwFAYDVQQKEw1t\n"
"eWNvbXBhbnkuY29tMQ8wDQYDVQQDEwZjb21tb24xIzAhBgkqhkiG9w0BCQEWFGNv\n"
"bW1vbkBteWNvbXBhbnkuY29tMB4XDTE1MDIxNzIxMDA1N1oXDTE4MDIxNjIxMDA1\n"
"N1oweTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlRYMQ8wDQYDVQQHEwZBdXN0aW4x\n"
"FjAUBgNVBAoTDW15Y29tcGFueS5jb20xDzANBgNVBAMTBmNvbW1vbjEjMCEGCSqG\n"
"SIb3DQEJARYUY29tbW9uQG15Y29tcGFueS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD\n"
"gY0AMIGJAoGBAMxOUcg4eiBTZnIy4XhEV+IoBbye/ZkXnxWQPnz9Cm+2C3rIYBev\n"
"6WLqztSfi1EHnn3jM9p36KJuVgvAJr4wfn19hM9pw5Cq5hcnkVlBCAKoCM7p/jf7\n"
"G2qv0yxlhXK3eZVzR/8Km3wImKN5mJRqCv89I1LXyiuHYlVrznx8hjTZAgMBAAGj\n"
"gd4wgdswHQYDVR0OBBYEFBxIlJZjp3+TkIwy8G3dqfCgL6GfMIGrBgNVHSMEgaMw\n"
"gaCAFBxIlJZjp3+TkIwy8G3dqfCgL6GfoX2kezB5MQswCQYDVQQGEwJVUzELMAkG\n"
"A1UECBMCVFgxDzANBgNVBAcTBkF1c3RpbjEWMBQGA1UEChMNbXljb21wYW55LmNv\n"
"bTEPMA0GA1UEAxMGY29tbW9uMSMwIQYJKoZIhvcNAQkBFhRjb21tb25AbXljb21w\n"
"YW55LmNvbYIJANwgT2i4cVRAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD\n"
"gYEANTlbvNaoADYMzGOoLgaAVt7tjQ6EZVXjswax1jnj8dEoQpUNCAzkkwFJDFqt\n"
"mOTTZxpWNbDm9AcbCubrLXwN22eBqYz02cBGoBnN/h2qINSL2caM08OMmMDm1g1Q\n"
"+iH+eUsCmvkTnylw8FJwN7TYV0No6V9/+aWvf6h1NqDiiLc=\n"
"-----END CERTIFICATE-----")
return s
def is_cert_valid(expected, observed):
c1 = crypto.load_certificate(crypto.FILETYPE_PEM, expected)
c2 = crypto.load_certificate(crypto.FILETYPE_PEM, observed)

10
functionaltests/api/v1/functional/test_certificate_orders.py
View File

@ -23,7 +23,7 @@ import testtools
from barbican.plugin.interface import secret_store as s
from barbican.tasks import certificate_resources as cert_res
from barbican.tests import certificate_utils as certutil
from barbican.tests import utils
from barbican.tests import keys
from functionaltests.api import base
from functionaltests.api.v1.behaviors import ca_behaviors
from functionaltests.api.v1.behaviors import container_behaviors
@ -106,9 +106,9 @@ def get_private_key_req():
'payload_content_type': 'application/octet-stream',
'payload_content_encoding': 'base64',
'algorithm': 'rsa',
'bit_length': 1024,
'bit_length': 2048,
'secret_type': s.SecretType.PRIVATE,
'payload': base64.b64encode(utils.get_private_key())}
'payload': base64.b64encode(keys.get_private_key_pem())}
def get_public_key_req():
@ -116,9 +116,9 @@ def get_public_key_req():
'payload_content_type': 'application/octet-stream',
'payload_content_encoding': 'base64',
'algorithm': 'rsa',
'bit_length': 1024,
'bit_length': 2048,
'secret_type': s.SecretType.PUBLIC,
'payload': base64.b64encode(utils.get_public_key())}
'payload': base64.b64encode(keys.get_public_key_pem())}
create_generic_container_data = {

2
functionaltests/api/v1/functional/test_orders.py
View File

@ -67,7 +67,7 @@ def get_default_order_create_asymmetric_data():
"meta": {
"name": "barbican functional test asymmetric secret name",
"algorithm": "rsa",
"bit_length": 1024,
"bit_length": 2048,
"mode": "cbc",
}
}

4
functionaltests/api/v1/functional/test_rsa.py
View File

@ -80,7 +80,7 @@ def get_order_rsa_container():
return {'type': 'asymmetric',
"meta": {"name": "ordered rsacontainer",
"algorithm": "rsa",
"bit_length": 1024,
"bit_length": 2048,
"mode": "cbc"}}
@ -88,7 +88,7 @@ def get_order_rsa_container_with_passphrase():
return {'type': 'asymmetric',
"meta": {"name": "ordered rsacontainer",
"algorithm": "rsa",
"bit_length": 1024,
"bit_length": 2048,
"passphrase": "password",
"mode": "cbc"}}

19
functionaltests/api/v1/functional/test_secrets.py
View File

@ -22,6 +22,7 @@ import time
from testtools import testcase
from barbican.plugin.util import translations
from barbican.tests import keys
from barbican.tests import utils
from functionaltests.api import base
from functionaltests.api.v1.behaviors import secret_behaviors
@ -38,9 +39,9 @@ def get_private_key_req():
'payload_content_type': 'application/octet-stream',
'payload_content_encoding': 'base64',
'algorithm': 'rsa',
'bit_length': 1024,
'bit_length': 2048,
'secret_type': 'private',
'payload': base64.b64encode(utils.get_private_key())}
'payload': base64.b64encode(keys.get_private_key_pem())}
def get_public_key_req():
@ -48,9 +49,9 @@ def get_public_key_req():
'payload_content_type': 'application/octet-stream',
'payload_content_encoding': 'base64',
'algorithm': 'rsa',
'bit_length': 1024,
'bit_length': 2048,
'secret_type': 'public',
'payload': base64.b64encode(utils.get_public_key())}
'payload': base64.b64encode(keys.get_public_key_pem())}
def get_certificate_req():
@ -58,9 +59,9 @@ def get_certificate_req():
'payload_content_type': 'application/octet-stream',
'payload_content_encoding': 'base64',
'algorithm': 'rsa',
'bit_length': 1024,
'bit_length': 2048,
'secret_type': 'certificate',
'payload': base64.b64encode(utils.get_certificate())}
'payload': base64.b64encode(keys.get_certificate_pem())}
def get_passphrase_req():
@ -921,13 +922,13 @@ class SecretsTestCase(base.TestCase):
get_default_payload()),
get_default_data()],
'private': ['private',
utils.get_private_key(),
keys.get_private_key_pem(),
get_private_key_req()],
'public': ['public',
utils.get_public_key(),
keys.get_public_key_pem(),
get_public_key_req()],
'certificate': ['certificate',
utils.get_certificate(),
keys.get_certificate_pem(),
get_certificate_req()],
'passphrase': ['passphrase',
'mysecretpassphrase',