1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-26 00:37:41 +03:00
Commit Graph

166 Commits

Author SHA1 Message Date
Gilles Peskine
64f2efdc40 More precise name for test data generation
We have Python code both for test code generation
(tests/scripts/generate_test_code.py) and now for test data generation.
Avoid the ambiguous expression "test generation".

This commit renames the Python module and adjusts all references to it. A
subsequent commit will adjust the documentation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-17 10:38:58 +02:00
Werner Lewis
c2fb540c67 Use a script specific description in CLI help
Previous changes used the docstring of the test_generation module,
which does not inform a user about the script.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-16 17:03:54 +01:00
Werner Lewis
07c830c164 Fix setting for default test suite directory
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-15 09:02:07 +01:00
Werner Lewis
52ae326ebb Update references to file targets in docstrings
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-14 16:52:45 +01:00
Werner Lewis
00d02423a5 Remove argparser default for directory
This reverts commit f156c43702. Adds a
comment to explain reasoning for current implementation.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-14 16:52:42 +01:00
Werner Lewis
858cffde1e Add toggle for test case count in descriptions
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-14 16:52:25 +01:00
Werner Lewis
34d6d3e4e5 Update comments/docstrings in TestGenerator
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-14 16:52:18 +01:00
Andrzej Kurek
08d34b8693 Add an EC J-PAKE KDF to transform K -> SHA256(K.X) for TLS 1.2
TLS uses it to derive the session secret. The algorithm takes a serialized
point in an uncompressed form, extracts the X coordinate and computes
SHA256 of it. It is only expected to work with P-256.
Fixes #5978.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 08:39:26 -04:00
Werner Lewis
56013081c7 Remove unused imports
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-02 12:57:37 +01:00
Werner Lewis
a4668a6b6c Rework TestGenerator to add file targets
BaseTarget-derived targets are now added to TestGenerator.targets in
initialization. This reduces repeated code in generate_xxx_tests.py
scripts which use this framework.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-02 11:56:34 +01:00
Werner Lewis
aaf3b79bbb Use Python 3.5 style typing for dependencies
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-31 17:16:44 +01:00
Werner Lewis
466f036326 Add dependencies attribute to BaseTarget
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-31 17:01:38 +01:00
Werner Lewis
81f24443b7 Modify wording in docstrings
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-30 09:37:07 +01:00
Werner Lewis
76f45625e6 Fix trailing whitespace
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-25 13:21:45 +01:00
Werner Lewis
9df9faac5c Use argparser default for targets
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-25 12:49:41 +01:00
Werner Lewis
6ef5436f3c Clarify documentation
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-25 12:29:46 +01:00
Werner Lewis
f156c43702 Use argparser default for directory
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-25 11:31:55 +01:00
Werner Lewis
e3ad22ecf2 Fix TARGET types and code style
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-25 10:02:06 +01:00
Werner Lewis
6d654c6491 Raise NotImplementedError in abstract methods
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-25 09:56:51 +01:00
Werner Lewis
a195ce73f5 Disable pylint unused arg in __new__
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 18:10:55 +01:00
Werner Lewis
d03d2a3a91 Remove trailing whitespace in description
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 18:10:25 +01:00
Werner Lewis
cfd4768df2 Use __new__() for case counting
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 18:10:13 +01:00
Werner Lewis
2b527a394d Split generate_tests to reduce code complexity
Previous implementation mixed the test case generation and the
recursive generation calls together. A separate method is added to
generate test cases for the current class' test function. This reduces
the need to override generate_tests().

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 18:10:13 +01:00
Werner Lewis
699e126942 Use ABCMeta for abstract classes
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 17:33:21 +01:00
Werner Lewis
169034ae63 Add details to docstrings
Clarification is added to docstrings, mostly in abstract classes.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 17:30:30 +01:00
Werner Lewis
55e638ca57 Remove abbreviations and clarify attributes
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 17:29:08 +01:00
Werner Lewis
fbb75e3fc5 Separate common test generation classes/functions
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 15:08:56 +01:00
Gilles Peskine
76851ae3a6 Add warnings to test code and data about storage format stability
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-20 19:10:35 +02:00
Gilles Peskine
dce7d8f51e Rename and document mac_or_tag_lengths -> permitted_truncations
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
2773f26971 Fix digits in octal constant
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
ac17ec4388 Public keys can't be used as private-key inputs to key agreement
The PSA API does not use public key objects in key agreement
operations: it imports the public key as a formatted byte string.
So a public key object with a key agreement algorithm is not
a valid combination.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
4bd90dc6b1 Don't exercise OAEP with small key and large hash
RSA-OAEP requires the key to be larger than a function of the hash size.
Ideally such combinations would be detected as a key/algorithm
incompatibility. However key/algorithm compatibility is currently tested
between the key type and the algorithm without considering the key size, and
this is inconvenient to change. So as a workaround, dispense
OAEP-with-too-small-hash from exercising, without including it in the
automatic operation-failure test generation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
7095d47749 Reject block cipher modes that are not implemented in Mbed TLS
Mbed TLS doesn't support certain block cipher mode combinations. This
limitation should probably be lifted, but for now, test them as unsupported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
e3a0890e4f Reject invalid MAC and AEAD truncations
Reject algorithms of the form PSA_ALG_TRUNCATED_MAC(...) or
PSA_ALG_AEAD_WITH_SHORTENED_TAG(...) when the truncation length is invalid
or not accepted by policy in Mbed TLS.

This is done in KeyType.can_do, so in generate_psa_tests.py, keys will be
tested for operation failure with this algorithm if the algorithm is
rejected, and for storage if the algorithm is accepted.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
2fa829c7dd Fix invalid argument enumeration when there are >=3 arguments
This bug had no impact since currently no macro has more than 2 arguments.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
d78c59c0de Test more truncated MAC and short AEAD tag lengths
The current macro collector only tried the minimum and maximum expressible
lengths for PSA_ALG_TRUNCATED_MAC and PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG.
This was good enough for psa_constant_names, but it's weak for exercising
keys, in particular because it doesn't include any valid AEAD tag length.
So cover more lengths.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
c47d3a4286 64-bit block ciphers are incompatible with some modes
Only allow selected modes with 64-bit block ciphers (i.e. DES).

This removes some storage tests and creates corresponding op_fail tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
e6b85b4d42 Storage format tests: exercise operations with keys
In key read tests, add usage flags that are suitable for the key type and
algorithm. This way, the call to exercise_key() in the test not only checks
that exporting the key is possible, but also that operations on the key are
possible.

This triggers a number of failures in edge cases where the generator
generates combinations that are not valid, which will be fixed in subsequent
commits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
16b2506e3d Abbreviate descriptions of generated PSA storage tests
This currently makes all the descriptions unambiguous even when truncated at
66 characters, as the unit test framework does.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
e8e058c9d4 Unify the code to shorten expressions
The output of generate_psa_tests.py is almost unchanged: the differences are
only spaces after commas (now consistently omitted).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
fa70ced195 Remove ad hoc is_valid_for_signature method
Use the new generic is_public method.

Impact on generated cases: there are new HMAC test cases for SIGN_HASH. It
was a bug that these test cases were previously not generated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
e6300959df Test attempts to use a public key for a private-key operation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:02:44 +02:00
Gilles Peskine
a401386f82 A key agreement algorithm can contain a key derivation
PSA_ALG_KEY_AGREEMENT(..., kdf) is a valid key derivation algorithm
when kdf is one.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 14:57:10 +02:00
Gilles Peskine
8345d63695 Add knowledge of the compatibility of key types and algorithms
Determine key types that are compatible with an algorithm based on
their names.

Key derivation and PAKE are not yet supported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Gilles Peskine
ee7554e606 Add knowledge of algorithms
Determine the category of operations supported by an algorithm based
on its name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Gilles Peskine
b9dbb7fe62 Add missing type annotation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-15 18:32:10 +01:00
Gilles Peskine
dcf2ff53c8 Ensure files get closed when they go out of scope
This is automatic in CPython but not guaranteed by the language. Be friendly
to other Python implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:02:00 +01:00
Jerry Yu
0cb2cf6cb4 fix build fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 14:23:37 +08:00
Jerry Yu
e6369b0061 fix test_cmake_as_package fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:47:03 +08:00
Gilles Peskine
f1a7ea88d1 Merge pull request #5092 from mprse/generate_key2
Generate test cases for PSA key generation
2021-11-10 20:55:35 +01:00