mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-11 12:05:31 +00:00
Storage format tests: cover algorithms for each key type
In the generated storage format test cases, cover all supported algorithms for each key type. This is a step towards exercising the key with all the algorithms it supports; a subsequent commit will generate a policy that permits the specified algorithms. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
989c13dece
commit
6213a00ec1
|
@ -621,46 +621,68 @@ class StorageFormat:
|
||||||
yield from self.generate_keys_for_usage_flags()
|
yield from self.generate_keys_for_usage_flags()
|
||||||
yield from self.generate_key_for_all_usage_flags()
|
yield from self.generate_key_for_all_usage_flags()
|
||||||
|
|
||||||
|
def key_for_type_and_alg(
|
||||||
|
self,
|
||||||
|
kt: crypto_knowledge.KeyType,
|
||||||
|
bits: int,
|
||||||
|
alg: Optional[crypto_knowledge.Algorithm] = None,
|
||||||
|
) -> StorageTestData:
|
||||||
|
"""Construct a test key of the given type.
|
||||||
|
|
||||||
|
If alg is not None, this key allows it.
|
||||||
|
"""
|
||||||
|
usage_flags = 'PSA_KEY_USAGE_EXPORT'
|
||||||
|
alg1 = 0 if alg is None else alg.expression #type: psa_storage.Exprable
|
||||||
|
alg2 = 0
|
||||||
|
key_material = kt.key_material(bits)
|
||||||
|
short_expression = re.sub(r'\bPSA_(?:KEY_TYPE|ECC_FAMILY)_',
|
||||||
|
r'',
|
||||||
|
kt.expression)
|
||||||
|
description = 'type: {} {}-bit'.format(short_expression, bits)
|
||||||
|
if alg is not None:
|
||||||
|
description += ', ' + re.sub(r'PSA_ALG_', r'', alg.expression)
|
||||||
|
key = StorageTestData(version=self.version,
|
||||||
|
id=1, lifetime=0x00000001,
|
||||||
|
type=kt.expression, bits=bits,
|
||||||
|
usage=usage_flags, alg=alg1, alg2=alg2,
|
||||||
|
material=key_material,
|
||||||
|
description=description)
|
||||||
|
return key
|
||||||
|
|
||||||
def keys_for_type(
|
def keys_for_type(
|
||||||
self,
|
self,
|
||||||
key_type: str,
|
key_type: str,
|
||||||
params: Optional[Iterable[str]] = None
|
all_algorithms: List[crypto_knowledge.Algorithm],
|
||||||
) -> Iterator[StorageTestData]:
|
) -> Iterator[StorageTestData]:
|
||||||
"""Generate test keys for the given key type.
|
"""Generate test keys for the given key type."""
|
||||||
|
kt = crypto_knowledge.KeyType(key_type)
|
||||||
For key types that depend on a parameter (e.g. elliptic curve family),
|
|
||||||
`param` is the parameter to pass to the constructor. Only a single
|
|
||||||
parameter is supported.
|
|
||||||
"""
|
|
||||||
kt = crypto_knowledge.KeyType(key_type, params)
|
|
||||||
for bits in kt.sizes_to_test():
|
for bits in kt.sizes_to_test():
|
||||||
usage_flags = 'PSA_KEY_USAGE_EXPORT'
|
# Test a non-exercisable key, as well as exercisable keys for
|
||||||
alg = 0
|
# each compatible algorithm.
|
||||||
alg2 = 0
|
# To do: test reading a key from storage with an incompatible
|
||||||
key_material = kt.key_material(bits)
|
# or unsupported algorithm.
|
||||||
short_expression = re.sub(r'\bPSA_(?:KEY_TYPE|ECC_FAMILY)_',
|
yield self.key_for_type_and_alg(kt, bits)
|
||||||
r'',
|
compatible_algorithms = [alg for alg in all_algorithms
|
||||||
kt.expression)
|
if kt.can_do(alg)]
|
||||||
description = 'type: {} {}-bit'.format(short_expression, bits)
|
for alg in compatible_algorithms:
|
||||||
key = StorageTestData(version=self.version,
|
yield self.key_for_type_and_alg(kt, bits, alg)
|
||||||
id=1, lifetime=0x00000001,
|
|
||||||
type=kt.expression, bits=bits,
|
|
||||||
usage=usage_flags, alg=alg, alg2=alg2,
|
|
||||||
material=key_material,
|
|
||||||
description=description)
|
|
||||||
yield key
|
|
||||||
|
|
||||||
def all_keys_for_types(self) -> Iterator[StorageTestData]:
|
def all_keys_for_types(self) -> Iterator[StorageTestData]:
|
||||||
"""Generate test keys covering key types and their representations."""
|
"""Generate test keys covering key types and their representations."""
|
||||||
key_types = sorted(self.constructors.key_types)
|
key_types = sorted(self.constructors.key_types)
|
||||||
|
all_algorithms = [crypto_knowledge.Algorithm(alg)
|
||||||
|
for alg in self.constructors.generate_expressions(
|
||||||
|
sorted(self.constructors.algorithms)
|
||||||
|
)]
|
||||||
for key_type in self.constructors.generate_expressions(key_types):
|
for key_type in self.constructors.generate_expressions(key_types):
|
||||||
yield from self.keys_for_type(key_type)
|
yield from self.keys_for_type(key_type, all_algorithms)
|
||||||
|
|
||||||
def keys_for_algorithm(self, alg: str) -> Iterator[StorageTestData]:
|
def keys_for_algorithm(self, alg: str) -> Iterator[StorageTestData]:
|
||||||
"""Generate test keys for the specified algorithm."""
|
"""Generate test keys for the encoding of the specified algorithm."""
|
||||||
# For now, we don't have information on the compatibility of key
|
# These test cases only validate the encoding of algorithms, not
|
||||||
# types and algorithms. So we just test the encoding of algorithms,
|
# whether the key read from storage is suitable for an operation.
|
||||||
# and not that operations can be performed with them.
|
# `keys_for_types` generate read tests with an algorithm and a
|
||||||
|
# compatible key.
|
||||||
descr = re.sub(r'PSA_ALG_', r'', alg)
|
descr = re.sub(r'PSA_ALG_', r'', alg)
|
||||||
descr = re.sub(r',', r', ', re.sub(r' +', r'', descr))
|
descr = re.sub(r',', r', ', re.sub(r' +', r'', descr))
|
||||||
usage = 'PSA_KEY_USAGE_EXPORT'
|
usage = 'PSA_KEY_USAGE_EXPORT'
|
||||||
|
|
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
Loading…
Reference in a new issue