From b952b935314e77a01cd71448730fe029978d1627 Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Fri, 11 Apr 2014 17:53:23 +0200
Subject: Add test for Figure 5 from RFC6030

This test extraction of key policy information and cross-key references.
---
 tests/rfc6030-figure5.pskc | 62 ++++++++++++++++++++++++++++++++++++++++++++++
 tests/test_rfc6030.doctest | 52 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 114 insertions(+)
 create mode 100644 tests/rfc6030-figure5.pskc

diff --git a/tests/rfc6030-figure5.pskc b/tests/rfc6030-figure5.pskc
new file mode 100644
index 0000000..88f7c6e
--- /dev/null
+++ b/tests/rfc6030-figure5.pskc
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  Non-Encrypted HOTP Secret Key with PIN example from RFC6030 (Figure 5).
+-->
+
+<KeyContainer Version="1.0"
+    Id="exampleID1"
+    xmlns="urn:ietf:params:xml:ns:keyprov:pskc">
+    <KeyPackage>
+        <DeviceInfo>
+            <Manufacturer>Manufacturer</Manufacturer>
+            <SerialNo>987654321</SerialNo>
+        </DeviceInfo>
+        <CryptoModuleInfo>
+            <Id>CM_ID_001</Id>
+        </CryptoModuleInfo>
+        <Key Id="12345678"
+            Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp">
+            <Issuer>Issuer</Issuer>
+            <AlgorithmParameters>
+                <ResponseFormat Length="8" Encoding="DECIMAL"/>
+            </AlgorithmParameters>
+            <Data>
+                <Secret>
+                    <PlainValue>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=
+                    </PlainValue>
+                </Secret>
+                <Counter>
+                    <PlainValue>0</PlainValue>
+                </Counter>
+            </Data>
+            <Policy>
+                <PINPolicy MinLength="4" MaxLength="4"
+                    PINKeyId="123456781" PINEncoding="DECIMAL"
+                    PINUsageMode="Local"/>
+                <KeyUsage>OTP</KeyUsage>
+            </Policy>
+        </Key>
+    </KeyPackage>
+    <KeyPackage>
+        <DeviceInfo>
+            <Manufacturer>Manufacturer</Manufacturer>
+            <SerialNo>987654321</SerialNo>
+        </DeviceInfo>
+        <CryptoModuleInfo>
+            <Id>CM_ID_001</Id>
+        </CryptoModuleInfo>
+        <Key Id="123456781"
+            Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:pin">
+            <Issuer>Issuer</Issuer>
+            <AlgorithmParameters>
+                <ResponseFormat Length="4" Encoding="DECIMAL"/>
+            </AlgorithmParameters>
+            <Data>
+                <Secret>
+                    <PlainValue>MTIzNA==</PlainValue>
+                </Secret>
+            </Data>
+        </Key>
+    </KeyPackage>
+</KeyContainer>
diff --git a/tests/test_rfc6030.doctest b/tests/test_rfc6030.doctest
index 5e131e0..049f3b1 100644
--- a/tests/test_rfc6030.doctest
+++ b/tests/test_rfc6030.doctest
@@ -86,3 +86,55 @@ on the meanings of key_profile and key_reference.
 'MasterKeyLabel'
 >>> key.counter
 0
+
+
+This tests the key policy properties as illustrated in Figure 5 from RFC6030.
+
+>>> pskc = PSKC('tests/rfc6030-figure5.pskc')
+>>> len(pskc.keys)
+2
+>>> key1, key2 = pskc.keys
+>>> key1.serial
+'987654321'
+>>> key.algorithm
+'urn:ietf:params:xml:ns:keyprov:pskc:hotp'
+>>> key.response_length
+8
+>>> key.response_encoding
+'DECIMAL'
+>>> key1.secret
+'12345678901234567890'
+>>> key1.counter
+0
+>>> key1.policy.pin_min_length
+4
+>>> key1.policy.pin_max_length
+4
+>>> key1.policy.pin_key_id
+'123456781'
+>>> key1.policy.pin_encoding
+'DECIMAL'
+>>> key1.policy.pin_usage
+'Local'
+>>> key1.policy.key_usage
+['OTP']
+>>> key1.policy.may_use('OTP')
+True
+>>> key1.policy.may_use('Encrypt')
+False
+>>> key1.policy.unknown_policy_elements
+False
+>>> key2.id
+'123456781'
+>>> key2.serial
+'987654321'
+>>> key2.algorithm
+'urn:ietf:params:xml:ns:keyprov:pskc:pin'
+>>> key2.response_length
+4
+>>> key2.response_encoding
+'DECIMAL'
+>>> key2.secret
+'1234'
+>>> key1.policy.pin
+'1234'
-- 
cgit v1.2.3