1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-23 01:52:40 +03:00
Commit Graph

137 Commits

Author SHA1 Message Date
Werner Lewis
6cc5e5f0d9 Use Python 3.5 style typing for dependencies
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:49:13 +01:00
Werner Lewis
486b3410a4 Add dependencies attribute to BaseTarget
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:49:13 +01:00
Werner Lewis
2b0f7d8d56 Modify wording in docstrings
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:49:13 +01:00
Werner Lewis
6f67bae527 Fix trailing whitespace
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:48:39 +01:00
Werner Lewis
ac86390da8 Use argparser default for targets
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:48:39 +01:00
Werner Lewis
b03420fb3b Clarify documentation
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:47:33 +01:00
Werner Lewis
412c497cbe Fix TARGET types and code style
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:46:39 +01:00
Werner Lewis
d77d33defb Raise NotImplementedError in abstract methods
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:46:39 +01:00
Werner Lewis
486d25850f Disable pylint unused arg in __new__
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:46:39 +01:00
Werner Lewis
6d04142972 Remove trailing whitespace in description
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:46:39 +01:00
Werner Lewis
cace1aa02e Use __new__() for case counting
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:46:39 +01:00
Werner Lewis
c34d037fa0 Split generate_tests to reduce code complexity
Previous implementation mixed the test case generation and the
recursive generation calls together. A separate method is added to
generate test cases for the current class' test function. This reduces
the need to override generate_tests().

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:46:39 +01:00
Werner Lewis
47e37b3b75 Use ABCMeta for abstract classes
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:46:39 +01:00
Werner Lewis
008d90d424 Add details to docstrings
Clarification is added to docstrings, mostly in abstract classes.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:46:39 +01:00
Werner Lewis
70d3f3dcdc Remove abbreviations and clarify attributes
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:46:39 +01:00
Werner Lewis
dcad1e93fe Separate common test generation classes/functions
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:46:39 +01:00
Gilles Peskine
3d96ea1e4c Add warnings to test code and data about storage format stability
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-30 13:57:27 +02:00
Gilles Peskine
ce78c9600f Rename and document mac_or_tag_lengths -> permitted_truncations
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-20 20:58:04 +02:00
Gilles Peskine
913c01f978 Fix digits in octal constant
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-20 20:58:04 +02:00
Gilles Peskine
cb451702b4 Public keys can't be used as private-key inputs to key agreement
The PSA API does not use public key objects in key agreement
operations: it imports the public key as a formatted byte string.
So a public key object with a key agreement algorithm is not
a valid combination.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine
32611243d4 Don't exercise OAEP with small key and large hash
RSA-OAEP requires the key to be larger than a function of the hash size.
Ideally such combinations would be detected as a key/algorithm
incompatibility. However key/algorithm compatibility is currently tested
between the key type and the algorithm without considering the key size, and
this is inconvenient to change. So as a workaround, dispense
OAEP-with-too-small-hash from exercising, without including it in the
automatic operation-failure test generation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine
ae93ee6ddc Reject block cipher modes that are not implemented in Mbed TLS
Mbed TLS doesn't support certain block cipher mode combinations. This
limitation should probably be lifted, but for now, test them as unsupported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine
b0537ba3b9 Reject invalid MAC and AEAD truncations
Reject algorithms of the form PSA_ALG_TRUNCATED_MAC(...) or
PSA_ALG_AEAD_WITH_SHORTENED_TAG(...) when the truncation length is invalid
or not accepted by policy in Mbed TLS.

This is done in KeyType.can_do, so in generate_psa_tests.py, keys will be
tested for operation failure with this algorithm if the algorithm is
rejected, and for storage if the algorithm is accepted.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine
d36ed48f19 Fix invalid argument enumeration when there are >=3 arguments
This bug had no impact since currently no macro has more than 2 arguments.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine
c77f16b356 Test more truncated MAC and short AEAD tag lengths
The current macro collector only tried the minimum and maximum expressible
lengths for PSA_ALG_TRUNCATED_MAC and PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG.
This was good enough for psa_constant_names, but it's weak for exercising
keys, in particular because it doesn't include any valid AEAD tag length.
So cover more lengths.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine
4eb1c7e965 64-bit block ciphers are incompatible with some modes
Only allow selected modes with 64-bit block ciphers (i.e. DES).

This removes some storage tests and creates corresponding op_fail tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine
0de11438bb Storage format tests: exercise operations with keys
In key read tests, add usage flags that are suitable for the key type and
algorithm. This way, the call to exercise_key() in the test not only checks
that exporting the key is possible, but also that operations on the key are
possible.

This triggers a number of failures in edge cases where the generator
generates combinations that are not valid, which will be fixed in subsequent
commits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine
930ccefba0 Abbreviate descriptions of generated PSA storage tests
This currently makes all the descriptions unambiguous even when truncated at
66 characters, as the unit test framework does.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine
d79aef5f3c Unify the code to shorten expressions
The output of generate_psa_tests.py is almost unchanged: the differences are
only spaces after commas (now consistently omitted).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine
989c13dece Remove ad hoc is_valid_for_signature method
Use the new generic is_public method.

Impact on generated cases: there are new HMAC test cases for SIGN_HASH. It
was a bug that these test cases were previously not generated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:44 +02:00
Gilles Peskine
c2fc241e46 Test attempts to use a public key for a private-key operation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine
23cb12ef9f A key agreement algorithm can contain a key derivation
PSA_ALG_KEY_AGREEMENT(..., kdf) is a valid key derivation algorithm
when kdf is one.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine
390543381c Add knowledge of the compatibility of key types and algorithms
Determine key types that are compatible with an algorithm based on
their names.

Key derivation and PAKE are not yet supported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine
0dacd4d266 Add knowledge of algorithms
Determine the category of operations supported by an algorithm based
on its name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine
2a71b72bd5 Add missing type annotation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine
aeb8d66525 Ensure files get closed when they go out of scope
This is automatic in CPython but not guaranteed by the language. Be friendly
to other Python implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:18:28 +01:00
Przemyslaw Stekiel
e2b50957df test_case.py: add new line between test cases
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-09 14:40:35 +01:00
Przemyslaw Stekiel
1ab3a5ca98 generate_psa_tests.py: add key generation result to test case argument list, add comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-09 12:01:19 +01:00
Przemyslaw Stekiel
997caf835c Add test class for key generation
Genertae test_suite_psa_crypto_generate_key.generated.data.
Use test_suite_psa_crypto_generate_key.function as a test function.

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-09 11:55:58 +01:00
Gilles Peskine
35115f9c1a New algorithm PSA_ALG_RSA_PSS_ANY_SALT
This is a variant of PSA_ALG_RSA_PSS which currently has exactly the same
behavior, but is intended to have a different behavior when verifying
signatures.

In a subsequent commit, PSA_ALG_RSA_PSS will change to requiring the salt
length to be what it would produce when signing, as is currently documented,
whereas PSA_ALG_RSA_PSS_ANY_SALT will retain the current behavior of
allowing any salt length (including 0).

Changes in this commit:

* New algorithm constructor PSA_ALG_RSA_PSS_ANY_SALT.
* New predicates PSA_ALG_IS_RSA_PSS_STANDARD_SALT (corresponding to
  PSA_ALG_RSA_PSS) and PSA_ALG_IS_RSA_PSS_ANY_SALT (corresponding to
  PSA_ALG_RSA_PSS_ANY_SALT).
* Support for the new predicates in macro_collector.py (needed for
  generate_psa_constant_names).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 10:06:38 +02:00
Gilles Peskine
3545103fd4 Break out algorithm_tester() as a separate method
No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-27 21:38:56 +02:00
gabor-mezei-arm
e4b7499f74 Refactor handlibg of the key usage flags
Move implicit usage flags handling to the StorageKey class.
Create a subclass for test case data.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 15:29:24 +02:00
gabor-mezei-arm
5071a2e30e Use regexp pattern instaed of string
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 11:19:41 +02:00
gabor-mezei-arm
7e0d724d40 Keep the imported classes sorted
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 11:17:14 +02:00
gabor-mezei-arm
805c735a8b Move key type validation to crypto_knowledge
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 21:36:58 +02:00
gabor-mezei-arm
acfcc18697 Rename variables and funcions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 19:39:31 +02:00
gabor-mezei-arm
e84d321317 Use string in dict instead of Expr object
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 16:54:11 +02:00
gabor-mezei-arm
927742ec71 Add better name for variables
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 16:41:35 +02:00
gabor-mezei-arm
044fefcdfb Add test case generation for usage extensions when loading keys
Add test cases validating that if a stored key only had the hash policy,
then after loading it psa_get_key_attributes reports that it also has the
message policy, and the key can be used with message functions.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:28:36 +02:00
gabor-mezei-arm
15c1f03f78 Add key usage policy extension support for key generation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:28:34 +02:00