Merge branch 'adamve/test/fips_openpgp' into dain/scp

Yubico · Jul 10, 2024 · 9fb0522 · 9fb0522
2 parents c7a782b + abaa35d
commit 9fb0522
Show file tree

Hide file tree

Showing 12 changed files with 464 additions and 178 deletions.
diff --git a/management/src/main/java/com/yubico/yubikit/management/DeviceInfo.java b/management/src/main/java/com/yubico/yubikit/management/DeviceInfo.java
@@ -269,7 +269,7 @@ static DeviceInfo parseTlvs(Map<Integer, byte[]> data, Version defaultVersion) {
                 ? Version.fromBytes(data.get(TAG_FIRMWARE_VERSION))
                 : defaultVersion;
 
-        final Version versionZero = new Version(0,0,0);
+        final Version versionZero = new Version(0, 0, 0);
 
         Version fpsVersion = null;
         if (data.containsKey(TAG_FPS_VERSION)) {

diff --git a/openpgp/src/main/java/com/yubico/yubikit/openpgp/OpenPgpSession.java b/openpgp/src/main/java/com/yubico/yubikit/openpgp/OpenPgpSession.java
@@ -30,7 +30,6 @@
 import com.yubico.yubikit.core.keys.PublicKeyValues;
 import com.yubico.yubikit.core.smartcard.Apdu;
 import com.yubico.yubikit.core.smartcard.ApduException;
-import com.yubico.yubikit.core.smartcard.ApduFormat;
 import com.yubico.yubikit.core.smartcard.AppId;
 import com.yubico.yubikit.core.smartcard.SW;
 import com.yubico.yubikit.core.smartcard.SmartCardConnection;
@@ -198,6 +197,7 @@ public OpenPgpSession(SmartCardConnection connection, @Nullable ScpKeyParams scp
             versionBytes[i] = decodeBcd(versionBcd[i]);
         }
         version = Version.fromBytes(versionBytes);
+        // version = new Version (5,7, 2);
         protocol.configure(version);
 
         // Note: This value is cached!
@@ -824,7 +824,8 @@ public void setAlgorithmAttributes(KeyRef keyRef, AlgorithmAttributes attributes
         if (!supported.containsKey(keyRef)) {
             throw new UnsupportedOperationException("Key slot not supported");
         }
-        if (!supported.get(keyRef).contains(attributes)) {
+        List<AlgorithmAttributes> supportedAttributes = supported.get(keyRef);
+        if (!supportedAttributes.contains(attributes)) {
             throw new UnsupportedOperationException("Algorithm attributes not supported: " + attributes);
         }
 

diff --git a/testing-android/src/androidTest/java/com/yubico/yubikit/testing/DeviceTests.java b/testing-android/src/androidTest/java/com/yubico/yubikit/testing/DeviceTests.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2024 Yubico.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.yubico.yubikit.testing;
+
+import com.yubico.yubikit.testing.openpgp.OpenPgpTests;
+import com.yubico.yubikit.testing.piv.PivTests;
+
+import org.junit.runner.RunWith;
+import org.junit.runners.Suite;
+
+/**
+ * All integration tests.
+ */
+@RunWith(Suite.class)
+@Suite.SuiteClasses({
+        PivTests.class,
+        OpenPgpTests.class,
+})
+public class DeviceTests {
+}
diff --git a/testing-android/src/androidTest/java/com/yubico/yubikit/testing/FastDeviceTests.java b/testing-android/src/androidTest/java/com/yubico/yubikit/testing/FastDeviceTests.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2024 Yubico.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.yubico.yubikit.testing;
+
+import org.junit.experimental.categories.Categories;
+import org.junit.runner.RunWith;
+import org.junit.runners.Suite;
+
+/**
+ * All device tests excluding tests considered too slow.
+ */
+@RunWith(Categories.class)
+@Categories.ExcludeCategory(SlowTest.class)
+@Suite.SuiteClasses({
+        DeviceTests.class
+})
+public class FastDeviceTests {
+}
diff --git a/testing-android/src/androidTest/java/com/yubico/yubikit/testing/openpgp/OpenPgpTests.java b/testing-android/src/androidTest/java/com/yubico/yubikit/testing/openpgp/OpenPgpTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2023 Yubico.
+ * Copyright (C) 2023-2024 Yubico.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,108 +16,131 @@
 
 package com.yubico.yubikit.testing.openpgp;
 
+import androidx.annotation.Nullable;
+
+import com.yubico.yubikit.core.smartcard.scp.ScpKid;
+import com.yubico.yubikit.testing.SlowTest;
 import com.yubico.yubikit.testing.framework.OpenPgpInstrumentedTests;
 
 import org.junit.Test;
-
-public class OpenPgpTests extends OpenPgpInstrumentedTests {
-    @Test
-    public void testImportRsaKeys() throws Throwable {
-        withOpenPgpSession(OpenPgpDeviceTests::testImportRsaKeys);
-    }
-
-    @Test
-    public void testImportEcDsaKeys() throws Throwable {
-        withOpenPgpSession(OpenPgpDeviceTests::testImportEcDsaKeys);
-    }
-
-    @Test
-    public void testImportEd25519Keys() throws Throwable {
-        withOpenPgpSession(OpenPgpDeviceTests::testImportEd25519);
-    }
-
-    @Test
-    public void testImportX25519Keys() throws Throwable {
-        withOpenPgpSession(OpenPgpDeviceTests::testImportX25519);
-    }
-
-    @Test
-    public void testGenerateRequiresAdmin() throws Throwable {
-        withOpenPgpSession(OpenPgpDeviceTests::testGenerateRequiresAdmin);
-    }
-
-    @Test
-    public void testChangePin() throws Throwable {
-        withOpenPgpSession(OpenPgpDeviceTests::testChangePin);
-    }
-
-    @Test
-    public void testResetPin() throws Throwable {
-        withOpenPgpSession(OpenPgpDeviceTests::testResetPin);
-    }
-
-    @Test
-    public void testSetPinAttempts() throws Throwable {
-        withOpenPgpSession(OpenPgpDeviceTests::testSetPinAttempts);
-    }
-
-    @Test
-    public void testGenerateRsaKeys() throws Throwable {
-        withOpenPgpSession(OpenPgpDeviceTests::testGenerateRsaKeys);
-    }
-
-    @Test
-    public void testGenerateEcKeys() throws Throwable {
-        withOpenPgpSession(OpenPgpDeviceTests::testGenerateEcKeys);
-    }
-
-    @Test
-    public void testGenerateEd25519() throws Throwable {
-        withOpenPgpSession(OpenPgpDeviceTests::testGenerateEd25519);
-    }
-
-    @Test
-    public void testGenerateX25519() throws Throwable {
-        withOpenPgpSession(OpenPgpDeviceTests::testGenerateX25519);
-    }
-
-    @Test
-    public void testAttestation() throws Throwable {
-        withOpenPgpSession(OpenPgpDeviceTests::testAttestation);
-    }
-
-    @Test
-    public void testSigPinPolicy() throws Throwable {
-        withOpenPgpSession(OpenPgpDeviceTests::testSigPinPolicy);
-    }
-
-    @Test
-    public void testKdf() throws Throwable {
-        withOpenPgpSession(OpenPgpDeviceTests::testKdf);
-    }
-
-    @Test
-    public void testUnverifyPin() throws Throwable {
-        withOpenPgpSession(OpenPgpDeviceTests::testUnverifyPin);
-    }
-
-    @Test
-    public void testDeleteKey() throws Throwable {
-        withOpenPgpSession(OpenPgpDeviceTests::testDeleteKey);
-    }
-
-    @Test
-    public void testCertificateManagement() throws Throwable {
-        withOpenPgpSession(OpenPgpDeviceTests::testCertificateManagement);
-    }
-
-    @Test
-    public void testGetChallenge() throws Throwable {
-        withOpenPgpSession(OpenPgpDeviceTests::testGetChallenge);
-    }
-
-    @Test
-    public void testSetUif() throws Throwable {
-        withOpenPgpSession(OpenPgpDeviceTests::testSetUif);
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Suite;
+
+@RunWith(Suite.class)
+@Suite.SuiteClasses({
+        OpenPgpTests.NoScpTests.class,
+        OpenPgpTests.Scp11bTests.class,
+})
+public class OpenPgpTests {
+    public static class NoScpTests extends OpenPgpInstrumentedTests {
+        @Test
+        public void testImportRsaKeys() throws Throwable {
+            withOpenPgpSession(OpenPgpDeviceTests::testImportRsaKeys);
+        }
+
+        @Test
+        public void testImportEcDsaKeys() throws Throwable {
+            withOpenPgpSession(OpenPgpDeviceTests::testImportEcDsaKeys);
+        }
+
+        @Test
+        public void testImportEd25519Keys() throws Throwable {
+            withOpenPgpSession(OpenPgpDeviceTests::testImportEd25519);
+        }
+
+        @Test
+        public void testImportX25519Keys() throws Throwable {
+            withOpenPgpSession(OpenPgpDeviceTests::testImportX25519);
+        }
+
+        @Test
+        public void testGenerateRequiresAdmin() throws Throwable {
+            withOpenPgpSession(OpenPgpDeviceTests::testGenerateRequiresAdmin);
+        }
+
+        @Test
+        public void testChangePin() throws Throwable {
+            withOpenPgpSession(OpenPgpDeviceTests::testChangePin);
+        }
+
+        @Test
+        public void testResetPin() throws Throwable {
+            withOpenPgpSession(OpenPgpDeviceTests::testResetPin);
+        }
+
+        @Test
+        public void testSetPinAttempts() throws Throwable {
+            withOpenPgpSession(OpenPgpDeviceTests::testSetPinAttempts);
+        }
+
+        @Test
+        @Category(SlowTest.class)
+        public void testGenerateRsaKeys() throws Throwable {
+            withOpenPgpSession(OpenPgpDeviceTests::testGenerateRsaKeys);
+        }
+
+        @Test
+        public void testGenerateEcKeys() throws Throwable {
+            withOpenPgpSession(OpenPgpDeviceTests::testGenerateEcKeys);
+        }
+
+        @Test
+        public void testGenerateEd25519() throws Throwable {
+            withOpenPgpSession(OpenPgpDeviceTests::testGenerateEd25519);
+        }
+
+        @Test
+        public void testGenerateX25519() throws Throwable {
+            withOpenPgpSession(OpenPgpDeviceTests::testGenerateX25519);
+        }
+
+        @Test
+        public void testAttestation() throws Throwable {
+            withOpenPgpSession(OpenPgpDeviceTests::testAttestation);
+        }
+
+        @Test
+        public void testSigPinPolicy() throws Throwable {
+            withOpenPgpSession(OpenPgpDeviceTests::testSigPinPolicy);
+        }
+
+        @Test
+        public void testKdf() throws Throwable {
+            withOpenPgpSession(OpenPgpDeviceTests::testKdf);
+        }
+
+        @Test
+        public void testUnverifyPin() throws Throwable {
+            withOpenPgpSession(OpenPgpDeviceTests::testUnverifyPin);
+        }
+
+        @Test
+        public void testDeleteKey() throws Throwable {
+            withOpenPgpSession(OpenPgpDeviceTests::testDeleteKey);
+        }
+
+        @Test
+        public void testCertificateManagement() throws Throwable {
+            withOpenPgpSession(OpenPgpDeviceTests::testCertificateManagement);
+        }
+
+        @Test
+        public void testGetChallenge() throws Throwable {
+            withOpenPgpSession(OpenPgpDeviceTests::testGetChallenge);
+        }
+
+        @Test
+        public void testSetUif() throws Throwable {
+            withOpenPgpSession(OpenPgpDeviceTests::testSetUif);
+        }
+    }
+
+    public static class Scp11bTests extends NoScpTests {
+        @Nullable
+        @Override
+        protected Byte getScpKid() {
+            return ScpKid.SCP11b;
+        }
     }
 }
diff --git a/testing-android/src/androidTest/java/com/yubico/yubikit/testing/piv/PivJcaProviderTests.java b/testing-android/src/androidTest/java/com/yubico/yubikit/testing/piv/PivJcaProviderTests.java
@@ -20,21 +20,25 @@
 import androidx.test.ext.junit.runners.AndroidJUnit4;
 
 import com.yubico.yubikit.core.smartcard.scp.ScpKid;
+import com.yubico.yubikit.testing.SlowTest;
 import com.yubico.yubikit.testing.framework.PivInstrumentedTests;
 
 import org.junit.Test;
+import org.junit.experimental.categories.Category;
 import org.junit.runner.RunWith;
 
 @RunWith(AndroidJUnit4.class)
 public class PivJcaProviderTests {
 
     public static class NoScpTests extends PivInstrumentedTests {
         @Test
+        @Category(SlowTest.class)
         public void testGenerateKeys() throws Throwable {
             withPivSession(PivJcaDeviceTests::testGenerateKeys);
         }
 
         @Test
+        @Category(SlowTest.class)
         public void testGenerateKeysPreferBC() throws Throwable {
             withPivSession(PivJcaDeviceTests::testGenerateKeysPreferBC);
         }
@@ -45,11 +49,13 @@ public void testImportKeys() throws Throwable {
         }
 
         @Test
+        @Category(SlowTest.class)
         public void testSigning() throws Throwable {
             withPivSession(PivJcaSigningTests::testSign);
         }
 
         @Test
+        @Category(SlowTest.class)
         public void testDecrypt() throws Throwable {
             withPivSession(PivJcaDecryptTests::testDecrypt);
         }