1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-24 13:32:59 +03:00
Commit Graph

351 Commits

Author SHA1 Message Date
Werner Lewis
6ef5436f3c Clarify documentation
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-25 12:29:46 +01:00
Werner Lewis
f156c43702 Use argparser default for directory
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-25 11:31:55 +01:00
Werner Lewis
e3ad22ecf2 Fix TARGET types and code style
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-25 10:02:06 +01:00
Werner Lewis
6d654c6491 Raise NotImplementedError in abstract methods
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-25 09:56:51 +01:00
Werner Lewis
a195ce73f5 Disable pylint unused arg in __new__
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 18:10:55 +01:00
Werner Lewis
d03d2a3a91 Remove trailing whitespace in description
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 18:10:25 +01:00
Werner Lewis
cfd4768df2 Use __new__() for case counting
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 18:10:13 +01:00
Werner Lewis
2b527a394d Split generate_tests to reduce code complexity
Previous implementation mixed the test case generation and the
recursive generation calls together. A separate method is added to
generate test cases for the current class' test function. This reduces
the need to override generate_tests().

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 18:10:13 +01:00
Werner Lewis
699e126942 Use ABCMeta for abstract classes
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 17:33:21 +01:00
Werner Lewis
169034ae63 Add details to docstrings
Clarification is added to docstrings, mostly in abstract classes.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 17:30:30 +01:00
Werner Lewis
55e638ca57 Remove abbreviations and clarify attributes
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 17:29:08 +01:00
Werner Lewis
fbb75e3fc5 Separate common test generation classes/functions
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 15:08:56 +01:00
Gilles Peskine
76851ae3a6 Add warnings to test code and data about storage format stability
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-20 19:10:35 +02:00
Gilles Peskine
dce7d8f51e Rename and document mac_or_tag_lengths -> permitted_truncations
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
2773f26971 Fix digits in octal constant
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
ac17ec4388 Public keys can't be used as private-key inputs to key agreement
The PSA API does not use public key objects in key agreement
operations: it imports the public key as a formatted byte string.
So a public key object with a key agreement algorithm is not
a valid combination.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
4bd90dc6b1 Don't exercise OAEP with small key and large hash
RSA-OAEP requires the key to be larger than a function of the hash size.
Ideally such combinations would be detected as a key/algorithm
incompatibility. However key/algorithm compatibility is currently tested
between the key type and the algorithm without considering the key size, and
this is inconvenient to change. So as a workaround, dispense
OAEP-with-too-small-hash from exercising, without including it in the
automatic operation-failure test generation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
7095d47749 Reject block cipher modes that are not implemented in Mbed TLS
Mbed TLS doesn't support certain block cipher mode combinations. This
limitation should probably be lifted, but for now, test them as unsupported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
e3a0890e4f Reject invalid MAC and AEAD truncations
Reject algorithms of the form PSA_ALG_TRUNCATED_MAC(...) or
PSA_ALG_AEAD_WITH_SHORTENED_TAG(...) when the truncation length is invalid
or not accepted by policy in Mbed TLS.

This is done in KeyType.can_do, so in generate_psa_tests.py, keys will be
tested for operation failure with this algorithm if the algorithm is
rejected, and for storage if the algorithm is accepted.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
2fa829c7dd Fix invalid argument enumeration when there are >=3 arguments
This bug had no impact since currently no macro has more than 2 arguments.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
d78c59c0de Test more truncated MAC and short AEAD tag lengths
The current macro collector only tried the minimum and maximum expressible
lengths for PSA_ALG_TRUNCATED_MAC and PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG.
This was good enough for psa_constant_names, but it's weak for exercising
keys, in particular because it doesn't include any valid AEAD tag length.
So cover more lengths.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
c47d3a4286 64-bit block ciphers are incompatible with some modes
Only allow selected modes with 64-bit block ciphers (i.e. DES).

This removes some storage tests and creates corresponding op_fail tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
e6b85b4d42 Storage format tests: exercise operations with keys
In key read tests, add usage flags that are suitable for the key type and
algorithm. This way, the call to exercise_key() in the test not only checks
that exporting the key is possible, but also that operations on the key are
possible.

This triggers a number of failures in edge cases where the generator
generates combinations that are not valid, which will be fixed in subsequent
commits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
16b2506e3d Abbreviate descriptions of generated PSA storage tests
This currently makes all the descriptions unambiguous even when truncated at
66 characters, as the unit test framework does.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
e8e058c9d4 Unify the code to shorten expressions
The output of generate_psa_tests.py is almost unchanged: the differences are
only spaces after commas (now consistently omitted).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
fa70ced195 Remove ad hoc is_valid_for_signature method
Use the new generic is_public method.

Impact on generated cases: there are new HMAC test cases for SIGN_HASH. It
was a bug that these test cases were previously not generated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
e6300959df Test attempts to use a public key for a private-key operation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:02:44 +02:00
Gilles Peskine
a401386f82 A key agreement algorithm can contain a key derivation
PSA_ALG_KEY_AGREEMENT(..., kdf) is a valid key derivation algorithm
when kdf is one.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 14:57:10 +02:00
Gilles Peskine
8345d63695 Add knowledge of the compatibility of key types and algorithms
Determine key types that are compatible with an algorithm based on
their names.

Key derivation and PAKE are not yet supported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Gilles Peskine
ee7554e606 Add knowledge of algorithms
Determine the category of operations supported by an algorithm based
on its name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Gilles Peskine
b9dbb7fe62 Add missing type annotation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-15 18:32:10 +01:00
Gilles Peskine
dcf2ff53c8 Ensure files get closed when they go out of scope
This is automatic in CPython but not guaranteed by the language. Be friendly
to other Python implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:02:00 +01:00
Jerry Yu
0cb2cf6cb4 fix build fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 14:23:37 +08:00
Jerry Yu
e6369b0061 fix test_cmake_as_package fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:47:03 +08:00
Gilles Peskine
f1a7ea88d1 Merge pull request #5092 from mprse/generate_key2
Generate test cases for PSA key generation
2021-11-10 20:55:35 +01:00
Przemyslaw Stekiel
729c244819 test_case.py: add new line between test cases
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-09 14:45:40 +01:00
Przemyslaw Stekiel
7bc26b8c2a generate_psa_tests.py: add key generation result to test case argument list, add comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-02 10:51:49 +01:00
Przemyslaw Stekiel
1b0978b803 Add test class for key generation
Genertae test_suite_psa_crypto_generate_key.generated.data.
Use test_suite_psa_crypto_generate_key.function as a test function.

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-20 09:05:33 +02:00
Gilles Peskine
acd2d0e923 New algorithm PSA_ALG_RSA_PSS_ANY_SALT
This is a variant of PSA_ALG_RSA_PSS which currently has exactly the same
behavior, but is intended to have a different behavior when verifying
signatures.

In a subsequent commit, PSA_ALG_RSA_PSS will change to requiring the salt
length to be what it would produce when signing, as is currently documented,
whereas PSA_ALG_RSA_PSS_ANY_SALT will retain the current behavior of
allowing any salt length (including 0).

Changes in this commit:

* New algorithm constructor PSA_ALG_RSA_PSS_ANY_SALT.
* New predicates PSA_ALG_IS_RSA_PSS_STANDARD_SALT (corresponding to
  PSA_ALG_RSA_PSS) and PSA_ALG_IS_RSA_PSS_ANY_SALT (corresponding to
  PSA_ALG_RSA_PSS_ANY_SALT).
* Support for the new predicates in macro_collector.py (needed for
  generate_psa_constant_names).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-05 14:26:25 +02:00
Gilles Peskine
8135cb9e07 Break out algorithm_tester() as a separate method
No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-05 14:26:25 +02:00
Ronald Cron
3c62693c99 Merge pull request #4701 from gilles-peskine-arm/make_generated_files-non_english-3.0
psa_generate_test: tweak MSVC detection to work with non-English Visual Studio
2021-07-23 14:05:08 +02:00
gabor-mezei-arm
2a499c0cc5 Refactor handlibg of the key usage flags
Move implicit usage flags handling to the StorageKey class.
Create a subclass for test case data.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:07:00 +02:00
gabor-mezei-arm
f73f896bdf Use regexp pattern instaed of string
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:07:00 +02:00
gabor-mezei-arm
6f7282b09a Keep the imported classes sorted
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:07:00 +02:00
gabor-mezei-arm
2784bfe226 Move key type validation to crypto_knowledge
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:59 +02:00
gabor-mezei-arm
5df1dee0c6 Rename variables and funcions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:47 +02:00
gabor-mezei-arm
2710bb1d82 Use string in dict instead of Expr object
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:47 +02:00
gabor-mezei-arm
8f40510a92 Add better name for variables
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:34 +02:00
gabor-mezei-arm
672e376ba5 Add test case generation for usage extensions when loading keys
Add test cases validating that if a stored key only had the hash policy,
then after loading it psa_get_key_attributes reports that it also has the
message policy, and the key can be used with message functions.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:20 +02:00
gabor-mezei-arm
7748b6f24b Add key usage policy extension support for key generation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:08 +02:00