Skip to content

Commit

Permalink
awslabsGH-54 Skip HSM/PKCS devices in ECDSA-P521 test cases
Browse files Browse the repository at this point in the history
  • Loading branch information
@gregbreen
gregbreen committed Mar 25, 2024
1 parent e474e46 commit 412007a
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 9 deletions.
21 changes: 19 additions & 2 deletions robot/libs/Greengrass.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,8 +195,25 @@ def remove_windows_devices_from_thing_group(self):

return removed_things

def add_windows_devices_to_thing_group(self, removed_things):
""" Restores Windows core devices to the thing group """
def remove_pkcs_devices_from_thing_group(self):
""" Removes any core devices using PKCS/HSM/TPM from the thing group """
core_devices = self._greengrassv2_client.list_core_devices(thingGroupArn=self._target_arn)['coreDevices']
removed_things = []

for device in core_devices:
thing_name = device['coreDeviceThingName']
response = self._greengrassv2_client.list_installed_components(coreDeviceThingName=thing_name)
for component in response['installedComponents']:
if component['componentName'] == 'aws.greengrass.crypto.Pkcs11Provider':
self._logger.info('Removing core device %s from Thing group', thing_name)
self._iot_client.remove_thing_from_thing_group(thingGroupName=self._thing_group_name,
thingName=thing_name)
removed_things.append(thing_name)

return removed_things

def add_devices_to_thing_group(self, removed_things):
""" Restores core devices to the thing group """
for thing in removed_things:
self._logger.info('Adding core device %s to Thing group', thing)
self._iot_client.add_thing_to_thing_group(thingGroupName=self._thing_group_name,
Expand Down
24 changes: 17 additions & 7 deletions robot/suites/3-rotation-aws-iot-ca.robot
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,8 @@ Suite Setup Setup
Test Template Rotation Should Succeed

*** Variables ***
${removed_things}
${windows_things}
${pkcs_things}

*** Test Cases *** KEY SIGNING
AWS IoT CA with RSA-2048 key and SHA256WITHRSA CSR RSA-2048 SHA256WITHRSA
Expand Down Expand Up @@ -42,9 +43,15 @@ Setup
Rotation Should Succeed
[Arguments] ${key_algorithm} ${signing_algorithm}

# The IoT Device SDK doesn't support EC keys under Windows: https://github.com/awslabs/aws-c-io/issues/260
# The IoT Device SDK doesn't support PKCS#8 keys under Windows, and Greengrass
# can only use EC keys in PKCS#8 format: https://github.com/awslabs/aws-c-io/issues/260
IF '${key_algorithm}' == 'ECDSA-P256' or '${key_algorithm}' == 'ECDSA-P384' or '${key_algorithm}' == 'ECDSA-P521'
${removed_things} = Greengrass.Remove Windows Devices From Thing Group
${windows_things} = Greengrass.Remove Windows Devices From Thing Group
END

# The IoT Device SDK doesn't support ECDSA-P521 with HSMs/PKCS#11: https://github.com/awslabs/aws-c-io/issues/591
IF '${key_algorithm}' == 'ECDSA-P521'
${pkcs_things} = Greengrass.Remove PKCS Devices From Thing Group
END

${result} = Greengrass.Merge Configuration ${key_algorithm} ${signing_algorithm}
Expand All @@ -58,10 +65,13 @@ Rotation Should Succeed
${result} = Greengrass.Check Certificates ${True} ${key_algorithm} SHA256WITHRSA
Should Be True ${result}

[Teardown] Restore Windows Devices ${key_algorithm} ${signing_algorithm} ${removed_things}
[Teardown] Restore Devices ${key_algorithm} ${signing_algorithm} ${windows_things} ${pkcs_things}

Restore Windows Devices
[Arguments] ${key_algorithm} ${signing_algorithm} ${removed_things}
Restore Devices
[Arguments] ${key_algorithm} ${signing_algorithm} ${windows_things} ${pkcs_things}
IF '${key_algorithm}' == 'ECDSA-P256' or '${key_algorithm}' == 'ECDSA-P384' or '${key_algorithm}' == 'ECDSA-P521'
Greengrass.Add Windows Devices To Thing Group ${removed_things}
Greengrass.Add Devices To Thing Group ${windows_things}
END
IF '${key_algorithm}' == 'ECDSA-P521'
Greengrass.Add Devices To Thing Group ${pkcs_things}
END

0 comments on commit 412007a

Please sign in to comment.