Merge pull request #115 from gilles-peskine-arm/psa-error-compatibility_aliases
Improve how generate_psa_constants handles compatibility aliases
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index 636c881..f0e4782 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -45,21 +45,14 @@
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#define PSA_ERROR_UNKNOWN_ERROR \
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_GENERIC_ERROR )
-#endif
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#define PSA_ERROR_OCCUPIED_SLOT \
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_ALREADY_EXISTS )
-#endif
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#define PSA_ERROR_EMPTY_SLOT \
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_DOES_NOT_EXIST )
-#endif
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#define PSA_ERROR_INSUFFICIENT_CAPACITY \
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_INSUFFICIENT_DATA )
+#define PSA_ERROR_TAMPERING_DETECTED \
+ MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( PSA_ERROR_CORRUPTION_DETECTED )
#endif
/** \addtogroup attributes
diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py
index bf76c2d..c2d2558 100755
--- a/scripts/generate_psa_constants.py
+++ b/scripts/generate_psa_constants.py
@@ -205,9 +205,13 @@
self.key_usages = set()
# "#define" followed by a macro name with either no parameters
- # or a single parameter. Grab the macro name in group 1, the
- # parameter name if any in group 2 and the definition in group 3.
- definition_re = re.compile(r'\s*#\s*define\s+(\w+)(?:\s+|\((\w+)\)\s*)(.+)(?:/[*/])?')
+ # or a single parameter and a non-empty expansion.
+ # Grab the macro name in group 1, the parameter name if any in group 2
+ # and the expansion in group 3.
+ _define_directive_re = re.compile(r'\s*#\s*define\s+(\w+)' +
+ r'(?:\s+|\((\w+)\)\s*)' +
+ r'(.+)')
+ _deprecated_definition_re = re.compile(r'\s*MBEDTLS_DEPRECATED')
def read_line(self, line):
"""Parse a C header line and record the PSA identifier it defines if any.
@@ -215,24 +219,21 @@
(up to non-significant whitespace) and skips all non-matching lines.
"""
# pylint: disable=too-many-branches
- m = re.match(self.definition_re, line)
+ m = re.match(self._define_directive_re, line)
if not m:
return
- name, parameter, definition = m.groups()
+ name, parameter, expansion = m.groups()
+ expansion = re.sub(r'/\*.*?\*/|//.*', r' ', expansion)
+ if re.match(self._deprecated_definition_re, expansion):
+ # Skip deprecated values, which are assumed to be
+ # backward compatibility aliases that share
+ # numerical values with non-deprecated values.
+ return
if name.endswith('_FLAG') or name.endswith('MASK'):
# Macro only to build actual values
return
elif (name.startswith('PSA_ERROR_') or name == 'PSA_SUCCESS') \
and not parameter:
- if name in ['PSA_ERROR_UNKNOWN_ERROR',
- 'PSA_ERROR_OCCUPIED_SLOT',
- 'PSA_ERROR_EMPTY_SLOT',
- 'PSA_ERROR_INSUFFICIENT_CAPACITY',
- ]:
- # Ad hoc skipping of deprecated error codes, which share
- # numerical values with non-deprecated error codes
- return
-
self.statuses.add(name)
elif name.startswith('PSA_KEY_TYPE_') and not parameter:
self.key_types.add(name)
@@ -251,10 +252,10 @@
return
self.algorithms.add(name)
# Ad hoc detection of hash algorithms
- if re.search(r'0x010000[0-9A-Fa-f]{2}', definition):
+ if re.search(r'0x010000[0-9A-Fa-f]{2}', expansion):
self.hash_algorithms.add(name)
# Ad hoc detection of key agreement algorithms
- if re.search(r'0x30[0-9A-Fa-f]{2}0000', definition):
+ if re.search(r'0x30[0-9A-Fa-f]{2}0000', expansion):
self.ka_algorithms.add(name)
elif name.startswith('PSA_ALG_') and parameter == 'hash_alg':
if name in ['PSA_ALG_DSA', 'PSA_ALG_ECDSA']:
@@ -271,6 +272,9 @@
def read_file(self, header_file):
for line in header_file:
+ while line.endswith('\\\n'):
+ cont = next(header_file)
+ line = line[:-2] + cont
self.read_line(line)
@staticmethod
diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py
index cf3a224..724f8d9 100755
--- a/tests/scripts/test_psa_constant_names.py
+++ b/tests/scripts/test_psa_constant_names.py
@@ -159,19 +159,25 @@
# Regex of macro names to exclude.
_excluded_name_re = re.compile(r'_(?:GET|IS|OF)_|_(?:BASE|FLAG|MASK)\Z')
# Additional excluded macros.
- # PSA_ALG_ECDH and PSA_ALG_FFDH are excluded for now as the script
- # currently doesn't support them. Deprecated errors are also excluded.
- _excluded_names = set(['PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH',
- 'PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE',
- 'PSA_ALG_FULL_LENGTH_MAC',
- 'PSA_ALG_ECDH',
- 'PSA_ALG_FFDH',
- 'PSA_ERROR_UNKNOWN_ERROR',
- 'PSA_ERROR_OCCUPIED_SLOT',
- 'PSA_ERROR_EMPTY_SLOT',
- 'PSA_ERROR_INSUFFICIENT_CAPACITY',
- ])
-
+ _excluded_names = set([
+ # Macros that provide an alternative way to build the same
+ # algorithm as another macro.
+ 'PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH',
+ 'PSA_ALG_FULL_LENGTH_MAC',
+ # Auxiliary macro whose name doesn't fit the usual patterns for
+ # auxiliary macros.
+ 'PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH_CASE',
+ # PSA_ALG_ECDH and PSA_ALG_FFDH are excluded for now as the script
+ # currently doesn't support them.
+ 'PSA_ALG_ECDH',
+ 'PSA_ALG_FFDH',
+ # Deprecated aliases.
+ 'PSA_ERROR_UNKNOWN_ERROR',
+ 'PSA_ERROR_OCCUPIED_SLOT',
+ 'PSA_ERROR_EMPTY_SLOT',
+ 'PSA_ERROR_INSUFFICIENT_CAPACITY',
+ 'PSA_ERROR_TAMPERING_DETECTED',
+ ])
def parse_header_line(self, line):
"""Parse a C header line, looking for "#define PSA_xxx"."""
m = re.match(self._header_line_re, line)