Merge pull request #115 from gilles-peskine-arm/psa-error-compatibility_aliases

Improve how generate_psa_constants handles compatibility aliases
This commit is contained in:
Gilles Peskine 2019-09-19 16:20:08 +02:00 committed by GitHub
commit c893235ea1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 41 additions and 38 deletions

View file

@ -45,21 +45,14 @@ extern "C" {
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#define PSA_ERROR_UNKNOWN_ERROR \
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_GENERIC_ERROR )
#endif
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#define PSA_ERROR_OCCUPIED_SLOT \
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_ALREADY_EXISTS )
#endif
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#define PSA_ERROR_EMPTY_SLOT \
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_DOES_NOT_EXIST )
#endif
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#define PSA_ERROR_INSUFFICIENT_CAPACITY \
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_INSUFFICIENT_DATA )
#define PSA_ERROR_TAMPERING_DETECTED \
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_CORRUPTION_DETECTED )
#endif
/** \addtogroup attributes

View file

@ -205,9 +205,13 @@ class MacroCollector:
self.key_usages = set()
# "#define" followed by a macro name with either no parameters
# or a single parameter. Grab the macro name in group 1, the
# parameter name if any in group 2 and the definition in group 3.
definition_re = re.compile(r'\s*#\s*define\s+(\w+)(?:\s+|\((\w+)\)\s*)(.+)(?:/[*/])?')
# or a single parameter and a non-empty expansion.
# Grab the macro name in group 1, the parameter name if any in group 2
# and the expansion in group 3.
_define_directive_re = re.compile(r'\s*#\s*define\s+(\w+)' +
r'(?:\s+|\((\w+)\)\s*)' +
r'(.+)')
_deprecated_definition_re = re.compile(r'\s*MBEDTLS_DEPRECATED')
def read_line(self, line):
"""Parse a C header line and record the PSA identifier it defines if any.
@ -215,24 +219,21 @@ class MacroCollector:
(up to non-significant whitespace) and skips all non-matching lines.
"""
# pylint: disable=too-many-branches
m = re.match(self.definition_re, line)
m = re.match(self._define_directive_re, line)
if not m:
return
name, parameter, definition = m.groups()
name, parameter, expansion = m.groups()
expansion = re.sub(r'/\*.*?\*/|//.*', r' ', expansion)
if re.match(self._deprecated_definition_re, expansion):
# Skip deprecated values, which are assumed to be
# backward compatibility aliases that share
# numerical values with non-deprecated values.
return
if name.endswith('_FLAG') or name.endswith('MASK'):
# Macro only to build actual values
return
elif (name.startswith('PSA_ERROR_') or name == 'PSA_SUCCESS') \
and not parameter:
if name in ['PSA_ERROR_UNKNOWN_ERROR',
'PSA_ERROR_OCCUPIED_SLOT',
'PSA_ERROR_EMPTY_SLOT',
'PSA_ERROR_INSUFFICIENT_CAPACITY',
]:
# Ad hoc skipping of deprecated error codes, which share
# numerical values with non-deprecated error codes
return
self.statuses.add(name)
elif name.startswith('PSA_KEY_TYPE_') and not parameter:
self.key_types.add(name)
@ -251,10 +252,10 @@ class MacroCollector:
return
self.algorithms.add(name)
# Ad hoc detection of hash algorithms
if re.search(r'0x010000[0-9A-Fa-f]{2}', definition):
if re.search(r'0x010000[0-9A-Fa-f]{2}', expansion):
self.hash_algorithms.add(name)
# Ad hoc detection of key agreement algorithms
if re.search(r'0x30[0-9A-Fa-f]{2}0000', definition):
if re.search(r'0x30[0-9A-Fa-f]{2}0000', expansion):
self.ka_algorithms.add(name)
elif name.startswith('PSA_ALG_') and parameter == 'hash_alg':
if name in ['PSA_ALG_DSA', 'PSA_ALG_ECDSA']:
@ -271,6 +272,9 @@ class MacroCollector:
def read_file(self, header_file):
for line in header_file:
while line.endswith('\\\n'):
cont = next(header_file)
line = line[:-2] + cont
self.read_line(line)
@staticmethod

View file

@ -159,19 +159,25 @@ class Inputs:
# Regex of macro names to exclude.
_excluded_name_re = re.compile(r'_(?:GET|IS|OF)_|_(?:BASE|FLAG|MASK)\Z')
# Additional excluded macros.
# PSA_ALG_ECDH and PSA_ALG_FFDH are excluded for now as the script
# currently doesn't support them. Deprecated errors are also excluded.
_excluded_names = set(['PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH',
'PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE',
'PSA_ALG_FULL_LENGTH_MAC',
'PSA_ALG_ECDH',
'PSA_ALG_FFDH',
'PSA_ERROR_UNKNOWN_ERROR',
'PSA_ERROR_OCCUPIED_SLOT',
'PSA_ERROR_EMPTY_SLOT',
'PSA_ERROR_INSUFFICIENT_CAPACITY',
])
_excluded_names = set([
# Macros that provide an alternative way to build the same
# algorithm as another macro.
'PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH',
'PSA_ALG_FULL_LENGTH_MAC',
# Auxiliary macro whose name doesn't fit the usual patterns for
# auxiliary macros.
'PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE',
# PSA_ALG_ECDH and PSA_ALG_FFDH are excluded for now as the script
# currently doesn't support them.
'PSA_ALG_ECDH',
'PSA_ALG_FFDH',
# Deprecated aliases.
'PSA_ERROR_UNKNOWN_ERROR',
'PSA_ERROR_OCCUPIED_SLOT',
'PSA_ERROR_EMPTY_SLOT',
'PSA_ERROR_INSUFFICIENT_CAPACITY',
'PSA_ERROR_TAMPERING_DETECTED',
])
def parse_header_line(self, line):
"""Parse a C header line, looking for "#define PSA_xxx"."""
m = re.match(self._header_line_re, line)