From ef94948e8861fdb5ec82aa59141a434e9c0b1a04 Mon Sep 17 00:00:00 2001
From: M1nd3r <petrsedlacek.km@seznam.cz>
Date: Sat, 25 May 2024 02:28:39 +0200
Subject: [PATCH] test(core): add credential manager tests [no changelog]

---
 ...test_trezor.wire.thp.credential_manager.py | 61 +++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 core/tests/test_trezor.wire.thp.credential_manager.py

diff --git a/core/tests/test_trezor.wire.thp.credential_manager.py b/core/tests/test_trezor.wire.thp.credential_manager.py
new file mode 100644
index 00000000000..c33dc808e2b
--- /dev/null
+++ b/core/tests/test_trezor.wire.thp.credential_manager.py
@@ -0,0 +1,61 @@
+from common import *  # isort:skip
+
+from trezor import config, utils
+from trezor import log
+
+if utils.USE_THP:
+    from trezor.wire.thp import credential_manager
+    from trezor.messages import ThpCredentialMetadata
+
+    def _issue_credential(host_name: str, host_static_pubkey: bytes) -> bytes:
+        metadata = ThpCredentialMetadata(host_name=host_name)
+        return credential_manager.issue_credential(host_static_pubkey, metadata)
+
+    def _dummy_log(name: str, msg: str, *args):
+        pass
+
+    log.debug = _dummy_log
+
+
+@unittest.skipUnless(utils.USE_THP, "only needed for THP")
+class TestTrezorHostProtocolCredentialManager(unittest.TestCase):
+    def setUp(self):
+        config.init()
+        config.wipe()
+
+    def test_derive_cred_auth_key(self):
+        key1 = credential_manager.derive_cred_auth_key()
+        key2 = credential_manager.derive_cred_auth_key()
+        self.assertEqual(len(key1), 32)
+        self.assertEqual(key1, key2)
+
+    def test_invalidate_cred_auth_key(self):
+        key1 = credential_manager.derive_cred_auth_key()
+        credential_manager.invalidate_cred_auth_key()
+        key2 = credential_manager.derive_cred_auth_key()
+        self.assertNotEqual(key1, key2)
+
+    def test_credentials(self):
+
+        DUMMY_KEY_1 = "\x00\x00"
+        DUMMY_KEY_2 = "\xff\xff"
+        cred_1 = _issue_credential("host_name", DUMMY_KEY_1)
+        cred_2 = _issue_credential("host_name", DUMMY_KEY_1)
+        self.assertEqual(cred_1, cred_2)
+        cred_3 = _issue_credential("different host_name", DUMMY_KEY_1)
+        self.assertNotEqual(cred_1, cred_3)
+
+        self.assertTrue(credential_manager.validate_credential(cred_1, DUMMY_KEY_1))
+        self.assertTrue(credential_manager.validate_credential(cred_3, DUMMY_KEY_1))
+        self.assertFalse(credential_manager.validate_credential(cred_1, DUMMY_KEY_2))
+
+        credential_manager.invalidate_cred_auth_key()
+        cred_4 = _issue_credential("host_name", DUMMY_KEY_1)
+        self.assertNotEqual(cred_1, cred_4)
+        self.assertFalse(credential_manager.validate_credential(cred_1, DUMMY_KEY_1))
+        self.assertFalse(credential_manager.validate_credential(cred_3, DUMMY_KEY_1))
+        self.assertTrue(credential_manager.validate_credential(cred_4, DUMMY_KEY_1))
+
+
+if __name__ == "__main__":
+    unittest.main()