TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 1fdc884ed831927600838a3656b6d74a0417d52b / . / tests / scripts / generate_psa_tests.py
blob: 993457872f0e20bc7c32c054fda26720f26de68a [file] [log] [blame]
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]1#!/usr/bin/env python3
2"""Generate test data for PSA cryptographic mechanisms.
Gilles Peskine0298bda2021-03-10 02:34:37 +0100[diff] [blame]3
4With no arguments, generate all test data. With non-option arguments,
5generate only the specified files.
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]6"""
7
8# Copyright The Mbed TLS Contributors
9# SPDX-License-Identifier: Apache-2.0
10#
11# Licensed under the Apache License, Version 2.0 (the "License"); you may
12# not use this file except in compliance with the License.
13# You may obtain a copy of the License at
14#
15# http://www.apache.org/licenses/LICENSE-2.0
16#
17# Unless required by applicable law or agreed to in writing, software
18# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
19# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20# See the License for the specific language governing permissions and
21# limitations under the License.
22
Gilles Peskinecba28a72022-03-15 17:26:33 +0100[diff] [blame]23import enum
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]24import re
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]25import sys
Werner Lewisfbb75e32022-08-24 11:30:03 +0100[diff] [blame]26from typing import Callable, Dict, FrozenSet, Iterable, Iterator, List, Optional
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]27
28import scripts_path # pylint: disable=unused-import
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]29from mbedtls_dev import crypto_knowledge
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]30from mbedtls_dev import macro_collector
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]31from mbedtls_dev import psa_storage
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]32from mbedtls_dev import test_case
Gilles Peskine64f2efd2022-09-16 21:41:47 +0200[diff] [blame]33from mbedtls_dev import test_data_generation
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]34
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]35
Gilles Peskine7f756872021-02-16 12:13:12 +0100[diff] [blame]36def psa_want_symbol(name: str) -> str:
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]37 """Return the PSA_WANT_xxx symbol associated with a PSA crypto feature."""
38 if name.startswith('PSA_'):
39 return name[:4] + 'WANT_' + name[4:]
40 else:
41 raise ValueError('Unable to determine the PSA_WANT_ symbol for ' + name)
42
Gilles Peskine7f756872021-02-16 12:13:12 +0100[diff] [blame]43def finish_family_dependency(dep: str, bits: int) -> str:
44 """Finish dep if it's a family dependency symbol prefix.
45
46 A family dependency symbol prefix is a PSA_WANT_ symbol that needs to be
47 qualified by the key size. If dep is such a symbol, finish it by adjusting
48 the prefix and appending the key size. Other symbols are left unchanged.
49 """
50 return re.sub(r'_FAMILY_(.*)', r'_\1_' + str(bits), dep)
51
52def finish_family_dependencies(dependencies: List[str], bits: int) -> List[str]:
53 """Finish any family dependency symbol prefixes.
54
55 Apply `finish_family_dependency` to each element of `dependencies`.
56 """
57 return [finish_family_dependency(dep, bits) for dep in dependencies]
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]58
Gilles Peskinec5d086f2021-04-20 23:23:45 +0200[diff] [blame]59SYMBOLS_WITHOUT_DEPENDENCY = frozenset([
60 'PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG', # modifier, only in policies
61 'PSA_ALG_AEAD_WITH_SHORTENED_TAG', # modifier
62 'PSA_ALG_ANY_HASH', # only in policies
63 'PSA_ALG_AT_LEAST_THIS_LENGTH_MAC', # modifier, only in policies
64 'PSA_ALG_KEY_AGREEMENT', # chaining
65 'PSA_ALG_TRUNCATED_MAC', # modifier
66])
Gilles Peskinef8223ab2021-03-10 15:07:16 +0100[diff] [blame]67def automatic_dependencies(*expressions: str) -> List[str]:
68 """Infer dependencies of a test case by looking for PSA_xxx symbols.
69
70 The arguments are strings which should be C expressions. Do not use
71 string literals or comments as this function is not smart enough to
72 skip them.
73 """
74 used = set()
75 for expr in expressions:
76 used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|KEY_TYPE)_\w+', expr))
Gilles Peskinec5d086f2021-04-20 23:23:45 +0200[diff] [blame]77 used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY)
Gilles Peskinef8223ab2021-03-10 15:07:16 +0100[diff] [blame]78 return sorted(psa_want_symbol(name) for name in used)
79
Yanray Wang3f417442023-04-21 14:29:16 +0800[diff] [blame]80# Define set of regular expressions and dependencies to optionally append
81# extra dependencies for test case.
82AES_128BIT_ONLY_DEP_REGEX = r'AES\s(192|256)'
83AES_128BIT_ONLY_DEP = ["!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"]
84
85DEPENDENCY_FROM_KEY = {
86 AES_128BIT_ONLY_DEP_REGEX: AES_128BIT_ONLY_DEP
87}#type: Dict[str, List[str]]
Yanray Wang5dd429c2023-05-10 09:58:46 +0800[diff] [blame]88def generate_key_dependencies(description: str) -> List[str]:
Yanray Wang3f417442023-04-21 14:29:16 +0800[diff] [blame]89 """Return additional dependencies based on pairs of REGEX and dependencies.
90 """
91 deps = []
92 for regex, dep in DEPENDENCY_FROM_KEY.items():
93 if re.search(regex, description):
94 deps += dep
95
96 return deps
97
Gilles Peskined169d602021-02-16 14:16:25 +0100[diff] [blame]98# A temporary hack: at the time of writing, not all dependency symbols
99# are implemented yet. Skip test cases for which the dependency symbols are
100# not available. Once all dependency symbols are available, this hack must
Tom Cosgrove1797b052022-12-04 17:19:59 +0000[diff] [blame]101# be removed so that a bug in the dependency symbols properly leads to a test
Gilles Peskined169d602021-02-16 14:16:25 +0100[diff] [blame]102# failure.
103def read_implemented_dependencies(filename: str) -> FrozenSet[str]:
104 return frozenset(symbol
105 for line in open(filename)
106 for symbol in re.findall(r'\bPSA_WANT_\w+\b', line))
Gilles Peskinec86f20a2021-04-22 00:20:47 +0200[diff] [blame]107_implemented_dependencies = None #type: Optional[FrozenSet[str]] #pylint: disable=invalid-name
Gilles Peskined169d602021-02-16 14:16:25 +0100[diff] [blame]108def hack_dependencies_not_implemented(dependencies: List[str]) -> None:
Gilles Peskinec86f20a2021-04-22 00:20:47 +0200[diff] [blame]109 global _implemented_dependencies #pylint: disable=global-statement,invalid-name
110 if _implemented_dependencies is None:
111 _implemented_dependencies = \
112 read_implemented_dependencies('include/psa/crypto_config.h')
Valerio Setti323ad1c2023-05-26 17:47:55 +0200[diff] [blame]113 if not all((dep.lstrip('!') in _implemented_dependencies or
Manuel Pégourié-Gonnardc154a042023-07-18 11:01:14 +0200[diff] [blame]114 not dep.lstrip('!').startswith('PSA_WANT'))
Gilles Peskined169d602021-02-16 14:16:25 +0100[diff] [blame]115 for dep in dependencies):
116 dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET')
117
Valerio Setti0c42c432023-06-29 12:10:52 +0200[diff] [blame]118def tweak_key_pair_dependency(dep: str, usage: str):
Valerio Settieabfef32023-06-30 11:09:43 +0200[diff] [blame]119 """
120 This helper function add the proper suffix to PSA_WANT_KEY_TYPE_xxx_KEY_PAIR
121 symbols according to the required usage.
122 """
Valerio Setti0c42c432023-06-29 12:10:52 +0200[diff] [blame]123 ret_list = list()
Valerio Setti3a962272023-07-27 11:01:33 +0200[diff] [blame]124 if dep.endswith('KEY_PAIR'):
Valerio Setti0c42c432023-06-29 12:10:52 +0200[diff] [blame]125 if usage == "BASIC":
126 # BASIC automatically includes IMPORT and EXPORT for test purposes (see
127 # config_psa.h).
Valerio Setti42796e22023-07-10 12:24:34 +0200[diff] [blame]128 ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_BASIC', dep))
129 ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_IMPORT', dep))
130 ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_EXPORT', dep))
Valerio Setti0c42c432023-06-29 12:10:52 +0200[diff] [blame]131 elif usage == "GENERATE":
Valerio Setti42796e22023-07-10 12:24:34 +0200[diff] [blame]132 ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_GENERATE', dep))
Valerio Setti0c42c432023-06-29 12:10:52 +0200[diff] [blame]133 else:
134 # No replacement to do in this case
135 ret_list.append(dep)
136 return ret_list
137
138def fix_key_pair_dependencies(dep_list: List[str], usage: str):
139 new_list = [new_deps
140 for dep in dep_list
141 for new_deps in tweak_key_pair_dependency(dep, usage)]
142
Valerio Setti24c64e82023-06-26 11:49:02 +0200[diff] [blame]143 return new_list
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]144
Gilles Peskineb94ea512021-03-10 02:12:08 +0100[diff] [blame]145class Information:
146 """Gather information about PSA constructors."""
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]147
Gilles Peskineb94ea512021-03-10 02:12:08 +0100[diff] [blame]148 def __init__(self) -> None:
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]149 self.constructors = self.read_psa_interface()
150
151 @staticmethod
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]152 def remove_unwanted_macros(
Gilles Peskine537d5fa2021-04-19 13:50:25 +0200[diff] [blame]153 constructors: macro_collector.PSAMacroEnumerator
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]154 ) -> None:
Manuel Pégourié-Gonnardafe4b792023-07-11 10:23:02 +0200[diff] [blame]155 # Mbed TLS does not support finite-field DSA.
156 # Don't attempt to generate any related test case.
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]157 constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR')
158 constructors.key_types.discard('PSA_KEY_TYPE_DSA_PUBLIC_KEY')
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]159
Gilles Peskine537d5fa2021-04-19 13:50:25 +0200[diff] [blame]160 def read_psa_interface(self) -> macro_collector.PSAMacroEnumerator:
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]161 """Return the list of known key types, algorithms, etc."""
Gilles Peskine3d404b82021-03-30 21:46:35 +0200[diff] [blame]162 constructors = macro_collector.InputsForTest()
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]163 header_file_names = ['include/psa/crypto_values.h',
164 'include/psa/crypto_extra.h']
Gilles Peskine537d5fa2021-04-19 13:50:25 +0200[diff] [blame]165 test_suites = ['tests/suites/test_suite_psa_crypto_metadata.data']
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]166 for header_file_name in header_file_names:
Gilles Peskine537d5fa2021-04-19 13:50:25 +0200[diff] [blame]167 constructors.parse_header(header_file_name)
168 for test_cases in test_suites:
169 constructors.parse_test_cases(test_cases)
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]170 self.remove_unwanted_macros(constructors)
Gilles Peskine3d404b82021-03-30 21:46:35 +0200[diff] [blame]171 constructors.gather_arguments()
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]172 return constructors
173
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]174
Przemyslaw Stekielb576c7b2021-10-11 10:15:25 +0200[diff] [blame]175def test_case_for_key_type_not_supported(
Gilles Peskineb94ea512021-03-10 02:12:08 +0100[diff] [blame]176 verb: str, key_type: str, bits: int,
177 dependencies: List[str],
178 *args: str,
179 param_descr: str = ''
180) -> test_case.TestCase:
181 """Return one test case exercising a key creation method
182 for an unsupported key type or size.
183 """
184 hack_dependencies_not_implemented(dependencies)
185 tc = test_case.TestCase()
Gilles Peskinee8e058c2022-03-17 23:42:25 +0100[diff] [blame]186 short_key_type = crypto_knowledge.short_expression(key_type)
Gilles Peskineb94ea512021-03-10 02:12:08 +0100[diff] [blame]187 adverb = 'not' if dependencies else 'never'
188 if param_descr:
189 adverb = param_descr + ' ' + adverb
Przemyslaw Stekielb576c7b2021-10-11 10:15:25 +0200[diff] [blame]190 tc.set_description('PSA {} {} {}-bit {} supported'
191 .format(verb, short_key_type, bits, adverb))
192 tc.set_dependencies(dependencies)
193 tc.set_function(verb + '_not_supported')
194 tc.set_arguments([key_type] + list(args))
195 return tc
196
Gilles Peskine0e9e4422022-12-15 22:14:28 +0100[diff] [blame]197class KeyTypeNotSupported:
198 """Generate test cases for when a key type is not supported."""
Gilles Peskineb94ea512021-03-10 02:12:08 +0100[diff] [blame]199
200 def __init__(self, info: Information) -> None:
201 self.constructors = info.constructors
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]202
Gilles Peskine60b29fe2021-02-16 14:06:50 +0100[diff] [blame]203 ALWAYS_SUPPORTED = frozenset([
204 'PSA_KEY_TYPE_DERIVE',
Gilles Peskinebba26302022-12-15 23:25:17 +0100[diff] [blame]205 'PSA_KEY_TYPE_PASSWORD',
206 'PSA_KEY_TYPE_PASSWORD_HASH',
Gilles Peskine60b29fe2021-02-16 14:06:50 +0100[diff] [blame]207 'PSA_KEY_TYPE_RAW_DATA',
Przemek Stekiel1068c222022-05-05 11:52:30 +0200[diff] [blame]208 'PSA_KEY_TYPE_HMAC'
Gilles Peskine60b29fe2021-02-16 14:06:50 +0100[diff] [blame]209 ])
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]210 def test_cases_for_key_type_not_supported(
Gilles Peskine60b29fe2021-02-16 14:06:50 +0100[diff] [blame]211 self,
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]212 kt: crypto_knowledge.KeyType,
213 param: Optional[int] = None,
214 param_descr: str = '',
Gilles Peskine3d778392021-02-17 15:11:05 +0100[diff] [blame]215 ) -> Iterator[test_case.TestCase]:
Przemyslaw Stekiel8d468e42021-10-18 14:58:20 +0200[diff] [blame]216 """Return test cases exercising key creation when the given type is unsupported.
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]217
218 If param is present and not None, emit test cases conditioned on this
219 parameter not being supported. If it is absent or None, emit test cases
Przemyslaw Stekiel8d468e42021-10-18 14:58:20 +0200[diff] [blame]220 conditioned on the base type not being supported.
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]221 """
Gilles Peskine60b29fe2021-02-16 14:06:50 +0100[diff] [blame]222 if kt.name in self.ALWAYS_SUPPORTED:
223 # Don't generate test cases for key types that are always supported.
224 # They would be skipped in all configurations, which is noise.
Gilles Peskine3d778392021-02-17 15:11:05 +0100[diff] [blame]225 return
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]226 import_dependencies = [('!' if param is None else '') +
227 psa_want_symbol(kt.name)]
228 if kt.params is not None:
229 import_dependencies += [('!' if param == i else '') +
230 psa_want_symbol(sym)
231 for i, sym in enumerate(kt.params)]
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]232 if kt.name.endswith('_PUBLIC_KEY'):
233 generate_dependencies = []
234 else:
Valerio Setti24c64e82023-06-26 11:49:02 +0200[diff] [blame]235 generate_dependencies = fix_key_pair_dependencies(import_dependencies, 'GENERATE')
Valerio Setti27c501a2023-06-27 16:58:52 +0200[diff] [blame]236 import_dependencies = fix_key_pair_dependencies(import_dependencies, 'BASIC')
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]237 for bits in kt.sizes_to_test():
Przemyslaw Stekielb576c7b2021-10-11 10:15:25 +0200[diff] [blame]238 yield test_case_for_key_type_not_supported(
Gilles Peskine7f756872021-02-16 12:13:12 +0100[diff] [blame]239 'import', kt.expression, bits,
240 finish_family_dependencies(import_dependencies, bits),
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]241 test_case.hex_string(kt.key_material(bits)),
242 param_descr=param_descr,
Gilles Peskine3d778392021-02-17 15:11:05 +0100[diff] [blame]243 )
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]244 if not generate_dependencies and param is not None:
245 # If generation is impossible for this key type, rather than
246 # supported or not depending on implementation capabilities,
247 # only generate the test case once.
248 continue
Przemyslaw Stekiel7bc26b82021-11-02 10:50:44 +0100[diff] [blame]249 # For public key we expect that key generation fails with
250 # INVALID_ARGUMENT. It is handled by KeyGenerate class.
Gilles Peskinefa70ced2022-03-17 12:52:24 +0100[diff] [blame]251 if not kt.is_public():
Przemyslaw Stekielb576c7b2021-10-11 10:15:25 +0200[diff] [blame]252 yield test_case_for_key_type_not_supported(
253 'generate', kt.expression, bits,
254 finish_family_dependencies(generate_dependencies, bits),
255 str(bits),
256 param_descr=param_descr,
257 )
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]258 # To be added: derive
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]259
Gilles Peskine537d5fa2021-04-19 13:50:25 +0200[diff] [blame]260 ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
261 'PSA_KEY_TYPE_ECC_PUBLIC_KEY')
Manuel Pégourié-Gonnardafe4b792023-07-11 10:23:02 +0200[diff] [blame]262 DH_KEY_TYPES = ('PSA_KEY_TYPE_DH_KEY_PAIR',
263 'PSA_KEY_TYPE_DH_PUBLIC_KEY')
Gilles Peskine537d5fa2021-04-19 13:50:25 +0200[diff] [blame]264
Gilles Peskine3d778392021-02-17 15:11:05 +0100[diff] [blame]265 def test_cases_for_not_supported(self) -> Iterator[test_case.TestCase]:
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]266 """Generate test cases that exercise the creation of keys of unsupported types."""
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]267 for key_type in sorted(self.constructors.key_types):
Gilles Peskine537d5fa2021-04-19 13:50:25 +0200[diff] [blame]268 if key_type in self.ECC_KEY_TYPES:
269 continue
Manuel Pégourié-Gonnardafe4b792023-07-11 10:23:02 +0200[diff] [blame]270 if key_type in self.DH_KEY_TYPES:
271 continue
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]272 kt = crypto_knowledge.KeyType(key_type)
Gilles Peskine3d778392021-02-17 15:11:05 +0100[diff] [blame]273 yield from self.test_cases_for_key_type_not_supported(kt)
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]274 for curve_family in sorted(self.constructors.ecc_curves):
Gilles Peskine537d5fa2021-04-19 13:50:25 +0200[diff] [blame]275 for constr in self.ECC_KEY_TYPES:
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]276 kt = crypto_knowledge.KeyType(constr, [curve_family])
Gilles Peskine3d778392021-02-17 15:11:05 +0100[diff] [blame]277 yield from self.test_cases_for_key_type_not_supported(
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]278 kt, param_descr='type')
Gilles Peskine3d778392021-02-17 15:11:05 +0100[diff] [blame]279 yield from self.test_cases_for_key_type_not_supported(
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]280 kt, 0, param_descr='curve')
Manuel Pégourié-Gonnardafe4b792023-07-11 10:23:02 +0200[diff] [blame]281 for dh_family in sorted(self.constructors.dh_groups):
282 for constr in self.DH_KEY_TYPES:
283 kt = crypto_knowledge.KeyType(constr, [dh_family])
284 yield from self.test_cases_for_key_type_not_supported(
285 kt, param_descr='type')
286 yield from self.test_cases_for_key_type_not_supported(
287 kt, 0, param_descr='group')
Gilles Peskineb94ea512021-03-10 02:12:08 +0100[diff] [blame]288
Przemyslaw Stekiel1b0978b2021-10-15 15:21:51 +0200[diff] [blame]289def test_case_for_key_generation(
290 key_type: str, bits: int,
291 dependencies: List[str],
292 *args: str,
Przemyslaw Stekiel437da192021-10-20 11:59:50 +0200[diff] [blame]293 result: str = ''
Przemyslaw Stekiel1b0978b2021-10-15 15:21:51 +0200[diff] [blame]294) -> test_case.TestCase:
295 """Return one test case exercising a key generation.
296 """
297 hack_dependencies_not_implemented(dependencies)
298 tc = test_case.TestCase()
Gilles Peskinee8e058c2022-03-17 23:42:25 +0100[diff] [blame]299 short_key_type = crypto_knowledge.short_expression(key_type)
Przemyslaw Stekiel1b0978b2021-10-15 15:21:51 +0200[diff] [blame]300 tc.set_description('PSA {} {}-bit'
Przemyslaw Stekiel437da192021-10-20 11:59:50 +0200[diff] [blame]301 .format(short_key_type, bits))
Przemyslaw Stekiel1b0978b2021-10-15 15:21:51 +0200[diff] [blame]302 tc.set_dependencies(dependencies)
303 tc.set_function('generate_key')
Przemyslaw Stekiel7bc26b82021-11-02 10:50:44 +0100[diff] [blame]304 tc.set_arguments([key_type] + list(args) + [result])
Przemyslaw Stekiel1b0978b2021-10-15 15:21:51 +0200[diff] [blame]305
306 return tc
307
308class KeyGenerate:
309 """Generate positive and negative (invalid argument) test cases for key generation."""
310
311 def __init__(self, info: Information) -> None:
312 self.constructors = info.constructors
313
Przemyslaw Stekiel437da192021-10-20 11:59:50 +0200[diff] [blame]314 ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
315 'PSA_KEY_TYPE_ECC_PUBLIC_KEY')
Manuel Pégourié-Gonnardafe4b792023-07-11 10:23:02 +0200[diff] [blame]316 DH_KEY_TYPES = ('PSA_KEY_TYPE_DH_KEY_PAIR',
317 'PSA_KEY_TYPE_DH_PUBLIC_KEY')
Przemyslaw Stekiel437da192021-10-20 11:59:50 +0200[diff] [blame]318
Przemyslaw Stekiel7bc26b82021-11-02 10:50:44 +0100[diff] [blame]319 @staticmethod
Przemyslaw Stekiel1b0978b2021-10-15 15:21:51 +0200[diff] [blame]320 def test_cases_for_key_type_key_generation(
Przemyslaw Stekiel437da192021-10-20 11:59:50 +0200[diff] [blame]321 kt: crypto_knowledge.KeyType
Przemyslaw Stekiel1b0978b2021-10-15 15:21:51 +0200[diff] [blame]322 ) -> Iterator[test_case.TestCase]:
323 """Return test cases exercising key generation.
324
325 All key types can be generated except for public keys. For public key
326 PSA_ERROR_INVALID_ARGUMENT status is expected.
327 """
328 result = 'PSA_SUCCESS'
329
330 import_dependencies = [psa_want_symbol(kt.name)]
331 if kt.params is not None:
332 import_dependencies += [psa_want_symbol(sym)
333 for i, sym in enumerate(kt.params)]
334 if kt.name.endswith('_PUBLIC_KEY'):
Przemyslaw Stekiel7bc26b82021-11-02 10:50:44 +0100[diff] [blame]335 # The library checks whether the key type is a public key generically,
336 # before it reaches a point where it needs support for the specific key
337 # type, so it returns INVALID_ARGUMENT for unsupported public key types.
Przemyslaw Stekiel1b0978b2021-10-15 15:21:51 +0200[diff] [blame]338 generate_dependencies = []
339 result = 'PSA_ERROR_INVALID_ARGUMENT'
340 else:
Valerio Setti24c64e82023-06-26 11:49:02 +0200[diff] [blame]341 generate_dependencies = fix_key_pair_dependencies(import_dependencies, 'GENERATE')
Przemyslaw Stekiel1b0978b2021-10-15 15:21:51 +0200[diff] [blame]342 for bits in kt.sizes_to_test():
Waleed Elmelegy3d158f02023-07-07 11:48:03 +0000[diff] [blame]343 if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR':
Waleed Elmelegyd7bdbbe2023-07-20 16:26:58 +0000[diff] [blame]344 size_dependency = "PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= " + str(bits)
Waleed Elmelegy3d158f02023-07-07 11:48:03 +0000[diff] [blame]345 test_dependencies = generate_dependencies + [size_dependency]
346 else:
347 test_dependencies = generate_dependencies
Przemyslaw Stekiel1b0978b2021-10-15 15:21:51 +0200[diff] [blame]348 yield test_case_for_key_generation(
349 kt.expression, bits,
Waleed Elmelegy3d158f02023-07-07 11:48:03 +0000[diff] [blame]350 finish_family_dependencies(test_dependencies, bits),
Przemyslaw Stekiel1b0978b2021-10-15 15:21:51 +0200[diff] [blame]351 str(bits),
Przemyslaw Stekiel437da192021-10-20 11:59:50 +0200[diff] [blame]352 result
Przemyslaw Stekiel1b0978b2021-10-15 15:21:51 +0200[diff] [blame]353 )
354
Przemyslaw Stekiel1b0978b2021-10-15 15:21:51 +0200[diff] [blame]355 def test_cases_for_key_generation(self) -> Iterator[test_case.TestCase]:
356 """Generate test cases that exercise the generation of keys."""
357 for key_type in sorted(self.constructors.key_types):
358 if key_type in self.ECC_KEY_TYPES:
359 continue
Manuel Pégourié-Gonnardafe4b792023-07-11 10:23:02 +0200[diff] [blame]360 if key_type in self.DH_KEY_TYPES:
361 continue
Przemyslaw Stekiel1b0978b2021-10-15 15:21:51 +0200[diff] [blame]362 kt = crypto_knowledge.KeyType(key_type)
363 yield from self.test_cases_for_key_type_key_generation(kt)
364 for curve_family in sorted(self.constructors.ecc_curves):
365 for constr in self.ECC_KEY_TYPES:
366 kt = crypto_knowledge.KeyType(constr, [curve_family])
Przemyslaw Stekiel437da192021-10-20 11:59:50 +0200[diff] [blame]367 yield from self.test_cases_for_key_type_key_generation(kt)
Manuel Pégourié-Gonnardafe4b792023-07-11 10:23:02 +0200[diff] [blame]368 for dh_family in sorted(self.constructors.dh_groups):
369 for constr in self.DH_KEY_TYPES:
370 kt = crypto_knowledge.KeyType(constr, [dh_family])
371 yield from self.test_cases_for_key_type_key_generation(kt)
Przemyslaw Stekiel1b0978b2021-10-15 15:21:51 +0200[diff] [blame]372
Gilles Peskinec7e1ea02021-04-27 20:40:10 +0200[diff] [blame]373class OpFail:
374 """Generate test cases for operations that must fail."""
375 #pylint: disable=too-few-public-methods
376
Gilles Peskinecba28a72022-03-15 17:26:33 +0100[diff] [blame]377 class Reason(enum.Enum):
378 NOT_SUPPORTED = 0
379 INVALID = 1
380 INCOMPATIBLE = 2
Gilles Peskinee6300952021-04-29 21:56:59 +0200[diff] [blame]381 PUBLIC = 3
Gilles Peskinecba28a72022-03-15 17:26:33 +0100[diff] [blame]382
Gilles Peskinec7e1ea02021-04-27 20:40:10 +0200[diff] [blame]383 def __init__(self, info: Information) -> None:
384 self.constructors = info.constructors
Gilles Peskinecba28a72022-03-15 17:26:33 +0100[diff] [blame]385 key_type_expressions = self.constructors.generate_expressions(
386 sorted(self.constructors.key_types)
387 )
388 self.key_types = [crypto_knowledge.KeyType(kt_expr)
389 for kt_expr in key_type_expressions]
Gilles Peskinec7e1ea02021-04-27 20:40:10 +0200[diff] [blame]390
Gilles Peskinecba28a72022-03-15 17:26:33 +0100[diff] [blame]391 def make_test_case(
392 self,
393 alg: crypto_knowledge.Algorithm,
394 category: crypto_knowledge.AlgorithmCategory,
395 reason: 'Reason',
396 kt: Optional[crypto_knowledge.KeyType] = None,
397 not_deps: FrozenSet[str] = frozenset(),
398 ) -> test_case.TestCase:
399 """Construct a failure test case for a one-key or keyless operation."""
400 #pylint: disable=too-many-arguments,too-many-locals
Gilles Peskine8b4a3812021-04-27 21:03:43 +0200[diff] [blame]401 tc = test_case.TestCase()
Gilles Peskinee8e058c2022-03-17 23:42:25 +0100[diff] [blame]402 pretty_alg = alg.short_expression()
Gilles Peskined79e3b92021-04-29 21:35:03 +0200[diff] [blame]403 if reason == self.Reason.NOT_SUPPORTED:
404 short_deps = [re.sub(r'PSA_WANT_ALG_', r'', dep)
405 for dep in not_deps]
406 pretty_reason = '!' + '&'.join(sorted(short_deps))
407 else:
408 pretty_reason = reason.name.lower()
Gilles Peskinecba28a72022-03-15 17:26:33 +0100[diff] [blame]409 if kt:
410 key_type = kt.expression
Gilles Peskinee8e058c2022-03-17 23:42:25 +0100[diff] [blame]411 pretty_type = kt.short_expression()
Gilles Peskine8b4a3812021-04-27 21:03:43 +0200[diff] [blame]412 else:
Gilles Peskinecba28a72022-03-15 17:26:33 +0100[diff] [blame]413 key_type = ''
414 pretty_type = ''
415 tc.set_description('PSA {} {}: {}{}'
416 .format(category.name.lower(),
417 pretty_alg,
418 pretty_reason,
419 ' with ' + pretty_type if pretty_type else ''))
420 dependencies = automatic_dependencies(alg.base_expression, key_type)
Valerio Setti27c501a2023-06-27 16:58:52 +0200[diff] [blame]421 dependencies = fix_key_pair_dependencies(dependencies, 'BASIC')
Gilles Peskinecba28a72022-03-15 17:26:33 +0100[diff] [blame]422 for i, dep in enumerate(dependencies):
423 if dep in not_deps:
424 dependencies[i] = '!' + dep
Gilles Peskine8b4a3812021-04-27 21:03:43 +0200[diff] [blame]425 tc.set_dependencies(dependencies)
Gilles Peskinecba28a72022-03-15 17:26:33 +0100[diff] [blame]426 tc.set_function(category.name.lower() + '_fail')
David Horstmannf0c75792023-01-24 18:53:15 +0000[diff] [blame]427 arguments = [] # type: List[str]
Gilles Peskinecba28a72022-03-15 17:26:33 +0100[diff] [blame]428 if kt:
429 key_material = kt.key_material(kt.sizes_to_test()[0])
430 arguments += [key_type, test_case.hex_string(key_material)]
431 arguments.append(alg.expression)
Gilles Peskinee6300952021-04-29 21:56:59 +0200[diff] [blame]432 if category.is_asymmetric():
433 arguments.append('1' if reason == self.Reason.PUBLIC else '0')
Gilles Peskinecba28a72022-03-15 17:26:33 +0100[diff] [blame]434 error = ('NOT_SUPPORTED' if reason == self.Reason.NOT_SUPPORTED else
435 'INVALID_ARGUMENT')
436 arguments.append('PSA_ERROR_' + error)
437 tc.set_arguments(arguments)
438 return tc
Gilles Peskine8b4a3812021-04-27 21:03:43 +0200[diff] [blame]439
Gilles Peskinecba28a72022-03-15 17:26:33 +0100[diff] [blame]440 def no_key_test_cases(
441 self,
442 alg: crypto_knowledge.Algorithm,
443 category: crypto_knowledge.AlgorithmCategory,
444 ) -> Iterator[test_case.TestCase]:
445 """Generate failure test cases for keyless operations with the specified algorithm."""
Gilles Peskinea4013862021-04-29 20:54:40 +0200[diff] [blame]446 if alg.can_do(category):
Gilles Peskinecba28a72022-03-15 17:26:33 +0100[diff] [blame]447 # Compatible operation, unsupported algorithm
448 for dep in automatic_dependencies(alg.base_expression):
449 yield self.make_test_case(alg, category,
450 self.Reason.NOT_SUPPORTED,
451 not_deps=frozenset([dep]))
452 else:
453 # Incompatible operation, supported algorithm
454 yield self.make_test_case(alg, category, self.Reason.INVALID)
455
456 def one_key_test_cases(
457 self,
458 alg: crypto_knowledge.Algorithm,
459 category: crypto_knowledge.AlgorithmCategory,
460 ) -> Iterator[test_case.TestCase]:
461 """Generate failure test cases for one-key operations with the specified algorithm."""
462 for kt in self.key_types:
463 key_is_compatible = kt.can_do(alg)
Gilles Peskinea4013862021-04-29 20:54:40 +0200[diff] [blame]464 if key_is_compatible and alg.can_do(category):
Gilles Peskinecba28a72022-03-15 17:26:33 +0100[diff] [blame]465 # Compatible key and operation, unsupported algorithm
466 for dep in automatic_dependencies(alg.base_expression):
467 yield self.make_test_case(alg, category,
468 self.Reason.NOT_SUPPORTED,
469 kt=kt, not_deps=frozenset([dep]))
Gilles Peskinee6300952021-04-29 21:56:59 +0200[diff] [blame]470 # Public key for a private-key operation
471 if category.is_asymmetric() and kt.is_public():
472 yield self.make_test_case(alg, category,
473 self.Reason.PUBLIC,
474 kt=kt)
Gilles Peskinecba28a72022-03-15 17:26:33 +0100[diff] [blame]475 elif key_is_compatible:
476 # Compatible key, incompatible operation, supported algorithm
477 yield self.make_test_case(alg, category,
478 self.Reason.INVALID,
479 kt=kt)
Gilles Peskinea4013862021-04-29 20:54:40 +0200[diff] [blame]480 elif alg.can_do(category):
Gilles Peskinecba28a72022-03-15 17:26:33 +0100[diff] [blame]481 # Incompatible key, compatible operation, supported algorithm
482 yield self.make_test_case(alg, category,
483 self.Reason.INCOMPATIBLE,
484 kt=kt)
485 else:
486 # Incompatible key and operation. Don't test cases where
487 # multiple things are wrong, to keep the number of test
488 # cases reasonable.
489 pass
490
491 def test_cases_for_algorithm(
492 self,
493 alg: crypto_knowledge.Algorithm,
494 ) -> Iterator[test_case.TestCase]:
Gilles Peskine8b4a3812021-04-27 21:03:43 +0200[diff] [blame]495 """Generate operation failure test cases for the specified algorithm."""
Gilles Peskinecba28a72022-03-15 17:26:33 +0100[diff] [blame]496 for category in crypto_knowledge.AlgorithmCategory:
497 if category == crypto_knowledge.AlgorithmCategory.PAKE:
498 # PAKE operations are not implemented yet
499 pass
500 elif category.requires_key():
501 yield from self.one_key_test_cases(alg, category)
502 else:
503 yield from self.no_key_test_cases(alg, category)
Gilles Peskine8b4a3812021-04-27 21:03:43 +0200[diff] [blame]504
Gilles Peskinec7e1ea02021-04-27 20:40:10 +0200[diff] [blame]505 def all_test_cases(self) -> Iterator[test_case.TestCase]:
506 """Generate all test cases for operations that must fail."""
Gilles Peskine8b4a3812021-04-27 21:03:43 +0200[diff] [blame]507 algorithms = sorted(self.constructors.algorithms)
Gilles Peskinecba28a72022-03-15 17:26:33 +0100[diff] [blame]508 for expr in self.constructors.generate_expressions(algorithms):
509 alg = crypto_knowledge.Algorithm(expr)
Gilles Peskine8b4a3812021-04-27 21:03:43 +0200[diff] [blame]510 yield from self.test_cases_for_algorithm(alg)
Gilles Peskinec7e1ea02021-04-27 20:40:10 +0200[diff] [blame]511
512
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]513class StorageKey(psa_storage.Key):
514 """Representation of a key for storage format testing."""
515
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]516 IMPLICIT_USAGE_FLAGS = {
517 'PSA_KEY_USAGE_SIGN_HASH': 'PSA_KEY_USAGE_SIGN_MESSAGE',
518 'PSA_KEY_USAGE_VERIFY_HASH': 'PSA_KEY_USAGE_VERIFY_MESSAGE'
519 } #type: Dict[str, str]
520 """Mapping of usage flags to the flags that they imply."""
521
522 def __init__(
523 self,
Gilles Peskine564fae82022-03-17 22:32:59 +0100[diff] [blame]524 usage: Iterable[str],
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]525 without_implicit_usage: Optional[bool] = False,
526 **kwargs
527 ) -> None:
528 """Prepare to generate a key.
529
530 * `usage` : The usage flags used for the key.
Tom Cosgrove1797b052022-12-04 17:19:59 +0000[diff] [blame]531 * `without_implicit_usage`: Flag to define to apply the usage extension
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]532 """
Gilles Peskine564fae82022-03-17 22:32:59 +0100[diff] [blame]533 usage_flags = set(usage)
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]534 if not without_implicit_usage:
Gilles Peskine564fae82022-03-17 22:32:59 +0100[diff] [blame]535 for flag in sorted(usage_flags):
536 if flag in self.IMPLICIT_USAGE_FLAGS:
537 usage_flags.add(self.IMPLICIT_USAGE_FLAGS[flag])
538 if usage_flags:
539 usage_expression = ' | '.join(sorted(usage_flags))
540 else:
541 usage_expression = '0'
542 super().__init__(usage=usage_expression, **kwargs)
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]543
544class StorageTestData(StorageKey):
545 """Representation of test case data for storage format testing."""
546
gabor-mezei-arm672e3762021-06-24 10:16:44 +0200[diff] [blame]547 def __init__(
548 self,
549 description: str,
Gilles Peskine564fae82022-03-17 22:32:59 +0100[diff] [blame]550 expected_usage: Optional[List[str]] = None,
gabor-mezei-arm672e3762021-06-24 10:16:44 +0200[diff] [blame]551 **kwargs
552 ) -> None:
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]553 """Prepare to generate test data
gabor-mezei-arm672e3762021-06-24 10:16:44 +0200[diff] [blame]554
Tom Cosgrove1797b052022-12-04 17:19:59 +0000[diff] [blame]555 * `description` : used for the test case names
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]556 * `expected_usage`: the usage flags generated as the expected usage flags
557 in the test cases. CAn differ from the usage flags
558 stored in the keys because of the usage flags extension.
gabor-mezei-arm672e3762021-06-24 10:16:44 +0200[diff] [blame]559 """
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]560 super().__init__(**kwargs)
561 self.description = description #type: str
Gilles Peskine564fae82022-03-17 22:32:59 +0100[diff] [blame]562 if expected_usage is None:
563 self.expected_usage = self.usage #type: psa_storage.Expr
564 elif expected_usage:
565 self.expected_usage = psa_storage.Expr(' | '.join(expected_usage))
566 else:
567 self.expected_usage = psa_storage.Expr(0)
gabor-mezei-arm7748b6f2021-06-24 10:04:38 +0200[diff] [blame]568
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]569class StorageFormat:
570 """Storage format stability test cases."""
571
572 def __init__(self, info: Information, version: int, forward: bool) -> None:
573 """Prepare to generate test cases for storage format stability.
574
575 * `info`: information about the API. See the `Information` class.
576 * `version`: the storage format version to generate test cases for.
577 * `forward`: if true, generate forward compatibility test cases which
578 save a key and check that its representation is as intended. Otherwise
579 generate backward compatibility test cases which inject a key
580 representation and check that it can be read and used.
581 """
gabor-mezei-arm7b5c4e22021-06-23 17:01:44 +0200[diff] [blame]582 self.constructors = info.constructors #type: macro_collector.PSAMacroEnumerator
583 self.version = version #type: int
584 self.forward = forward #type: bool
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]585
Gilles Peskine4bd90dc2022-03-19 12:09:13 +0100[diff] [blame]586 RSA_OAEP_RE = re.compile(r'PSA_ALG_RSA_OAEP\((.*)\)\Z')
Gilles Peskine61548d12022-03-19 15:36:09 +0100[diff] [blame]587 BRAINPOOL_RE = re.compile(r'PSA_KEY_TYPE_\w+\(PSA_ECC_FAMILY_BRAINPOOL_\w+\)\Z')
Gilles Peskine4bd90dc2022-03-19 12:09:13 +0100[diff] [blame]588 @classmethod
Gilles Peskine61548d12022-03-19 15:36:09 +0100[diff] [blame]589 def exercise_key_with_algorithm(
Gilles Peskine4bd90dc2022-03-19 12:09:13 +0100[diff] [blame]590 cls,
591 key_type: psa_storage.Expr, bits: int,
592 alg: psa_storage.Expr
593 ) -> bool:
Gilles Peskinecafda872022-12-15 23:03:19 +0100[diff] [blame]594 """Whether to exercise the given key with the given algorithm.
Gilles Peskine4bd90dc2022-03-19 12:09:13 +0100[diff] [blame]595
596 Normally only the type and algorithm matter for compatibility, and
597 this is handled in crypto_knowledge.KeyType.can_do(). This function
598 exists to detect exceptional cases. Exceptional cases detected here
599 are not tested in OpFail and should therefore have manually written
600 test cases.
601 """
Gilles Peskine61548d12022-03-19 15:36:09 +0100[diff] [blame]602 # Some test keys have the RAW_DATA type and attributes that don't
603 # necessarily make sense. We do this to validate numerical
604 # encodings of the attributes.
605 # Raw data keys have no useful exercise anyway so there is no
606 # loss of test coverage.
607 if key_type.string == 'PSA_KEY_TYPE_RAW_DATA':
608 return False
Gilles Peskine4bd90dc2022-03-19 12:09:13 +0100[diff] [blame]609 # OAEP requires room for two hashes plus wrapping
610 m = cls.RSA_OAEP_RE.match(alg.string)
611 if m:
612 hash_alg = m.group(1)
613 hash_length = crypto_knowledge.Algorithm.hash_length(hash_alg)
614 key_length = (bits + 7) // 8
615 # Leave enough room for at least one byte of plaintext
616 return key_length > 2 * hash_length + 2
Gilles Peskine61548d12022-03-19 15:36:09 +0100[diff] [blame]617 # There's nothing wrong with ECC keys on Brainpool curves,
618 # but operations with them are very slow. So we only exercise them
619 # with a single algorithm, not with all possible hashes. We do
620 # exercise other curves with all algorithms so test coverage is
621 # perfectly adequate like this.
622 m = cls.BRAINPOOL_RE.match(key_type.string)
623 if m and alg.string != 'PSA_ALG_ECDSA_ANY':
624 return False
Gilles Peskine4bd90dc2022-03-19 12:09:13 +0100[diff] [blame]625 return True
626
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]627 def make_test_case(self, key: StorageTestData) -> test_case.TestCase:
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]628 """Construct a storage format test case for the given key.
629
630 If ``forward`` is true, generate a forward compatibility test case:
631 create a key and validate that it has the expected representation.
632 Otherwise generate a backward compatibility test case: inject the
633 key representation into storage and validate that it can be read
634 correctly.
635 """
636 verb = 'save' if self.forward else 'read'
637 tc = test_case.TestCase()
Gilles Peskine16b25062022-03-18 00:02:15 +0100[diff] [blame]638 tc.set_description(verb + ' ' + key.description)
Gilles Peskinef8223ab2021-03-10 15:07:16 +0100[diff] [blame]639 dependencies = automatic_dependencies(
640 key.lifetime.string, key.type.string,
Gilles Peskine564fae82022-03-17 22:32:59 +0100[diff] [blame]641 key.alg.string, key.alg2.string,
Gilles Peskinef8223ab2021-03-10 15:07:16 +0100[diff] [blame]642 )
643 dependencies = finish_family_dependencies(dependencies, key.bits)
Yanray Wang5dd429c2023-05-10 09:58:46 +0800[diff] [blame]644 dependencies += generate_key_dependencies(key.description)
Valerio Setti27c501a2023-06-27 16:58:52 +0200[diff] [blame]645 dependencies = fix_key_pair_dependencies(dependencies, 'BASIC')
Gilles Peskinef8223ab2021-03-10 15:07:16 +0100[diff] [blame]646 tc.set_dependencies(dependencies)
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]647 tc.set_function('key_storage_' + verb)
648 if self.forward:
649 extra_arguments = []
650 else:
Gilles Peskine45f1cd72021-04-21 20:11:33 +0200[diff] [blame]651 flags = []
Gilles Peskine61548d12022-03-19 15:36:09 +0100[diff] [blame]652 if self.exercise_key_with_algorithm(key.type, key.bits, key.alg):
Gilles Peskine45f1cd72021-04-21 20:11:33 +0200[diff] [blame]653 flags.append('TEST_FLAG_EXERCISE')
654 if 'READ_ONLY' in key.lifetime.string:
655 flags.append('TEST_FLAG_READ_ONLY')
656 extra_arguments = [' | '.join(flags) if flags else '0']
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]657 tc.set_arguments([key.lifetime.string,
658 key.type.string, str(key.bits),
Gilles Peskine564fae82022-03-17 22:32:59 +0100[diff] [blame]659 key.expected_usage.string,
660 key.alg.string, key.alg2.string,
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]661 '"' + key.material.hex() + '"',
662 '"' + key.hex() + '"',
663 *extra_arguments])
664 return tc
665
Gilles Peskineeb7bdaa2021-04-21 22:05:34 +0200[diff] [blame]666 def key_for_lifetime(
667 self,
668 lifetime: str,
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]669 ) -> StorageTestData:
Gilles Peskineeb7bdaa2021-04-21 22:05:34 +0200[diff] [blame]670 """Construct a test key for the given lifetime."""
671 short = lifetime
672 short = re.sub(r'PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION',
673 r'', short)
Gilles Peskinee8e058c2022-03-17 23:42:25 +0100[diff] [blame]674 short = crypto_knowledge.short_expression(short)
Gilles Peskineeb7bdaa2021-04-21 22:05:34 +0200[diff] [blame]675 description = 'lifetime: ' + short
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]676 key = StorageTestData(version=self.version,
677 id=1, lifetime=lifetime,
678 type='PSA_KEY_TYPE_RAW_DATA', bits=8,
Gilles Peskine564fae82022-03-17 22:32:59 +0100[diff] [blame]679 usage=['PSA_KEY_USAGE_EXPORT'], alg=0, alg2=0,
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]680 material=b'L',
681 description=description)
682 return key
Gilles Peskineeb7bdaa2021-04-21 22:05:34 +0200[diff] [blame]683
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]684 def all_keys_for_lifetimes(self) -> Iterator[StorageTestData]:
Gilles Peskineeb7bdaa2021-04-21 22:05:34 +0200[diff] [blame]685 """Generate test keys covering lifetimes."""
686 lifetimes = sorted(self.constructors.lifetimes)
687 expressions = self.constructors.generate_expressions(lifetimes)
688 for lifetime in expressions:
689 # Don't attempt to create or load a volatile key in storage
690 if 'VOLATILE' in lifetime:
691 continue
692 # Don't attempt to create a read-only key in storage,
693 # but do attempt to load one.
694 if 'READ_ONLY' in lifetime and self.forward:
695 continue
gabor-mezei-arm340fbf32021-06-28 19:26:55 +0200[diff] [blame]696 yield self.key_for_lifetime(lifetime)
Gilles Peskineeb7bdaa2021-04-21 22:05:34 +0200[diff] [blame]697
Gilles Peskinef7614272022-02-24 18:58:08 +0100[diff] [blame]698 def key_for_usage_flags(
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]699 self,
700 usage_flags: List[str],
gabor-mezei-arm6ee72532021-06-24 09:42:02 +0200[diff] [blame]701 short: Optional[str] = None,
Gilles Peskinef7614272022-02-24 18:58:08 +0100[diff] [blame]702 test_implicit_usage: Optional[bool] = True
703 ) -> StorageTestData:
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]704 """Construct a test key for the given key usage."""
Gilles Peskinef7614272022-02-24 18:58:08 +0100[diff] [blame]705 extra_desc = ' without implication' if test_implicit_usage else ''
Gilles Peskine564fae82022-03-17 22:32:59 +0100[diff] [blame]706 description = 'usage' + extra_desc + ': '
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]707 key1 = StorageTestData(version=self.version,
708 id=1, lifetime=0x00000001,
709 type='PSA_KEY_TYPE_RAW_DATA', bits=8,
Gilles Peskine564fae82022-03-17 22:32:59 +0100[diff] [blame]710 expected_usage=usage_flags,
Gilles Peskinef7614272022-02-24 18:58:08 +0100[diff] [blame]711 without_implicit_usage=not test_implicit_usage,
Gilles Peskine564fae82022-03-17 22:32:59 +0100[diff] [blame]712 usage=usage_flags, alg=0, alg2=0,
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]713 material=b'K',
714 description=description)
Gilles Peskine564fae82022-03-17 22:32:59 +0100[diff] [blame]715 if short is None:
Gilles Peskinee8e058c2022-03-17 23:42:25 +0100[diff] [blame]716 usage_expr = key1.expected_usage.string
717 key1.description += crypto_knowledge.short_expression(usage_expr)
Gilles Peskine564fae82022-03-17 22:32:59 +0100[diff] [blame]718 else:
719 key1.description += short
Gilles Peskinef7614272022-02-24 18:58:08 +0100[diff] [blame]720 return key1
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]721
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]722 def generate_keys_for_usage_flags(self, **kwargs) -> Iterator[StorageTestData]:
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]723 """Generate test keys covering usage flags."""
724 known_flags = sorted(self.constructors.key_usage_flags)
Gilles Peskinef7614272022-02-24 18:58:08 +0100[diff] [blame]725 yield self.key_for_usage_flags(['0'], **kwargs)
gabor-mezei-arm340fbf32021-06-28 19:26:55 +0200[diff] [blame]726 for usage_flag in known_flags:
Gilles Peskinef7614272022-02-24 18:58:08 +0100[diff] [blame]727 yield self.key_for_usage_flags([usage_flag], **kwargs)
gabor-mezei-arm340fbf32021-06-28 19:26:55 +0200[diff] [blame]728 for flag1, flag2 in zip(known_flags,
729 known_flags[1:] + [known_flags[0]]):
Gilles Peskinef7614272022-02-24 18:58:08 +0100[diff] [blame]730 yield self.key_for_usage_flags([flag1, flag2], **kwargs)
gabor-mezei-arm49d6ea92021-06-24 14:38:51 +0200[diff] [blame]731
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]732 def generate_key_for_all_usage_flags(self) -> Iterator[StorageTestData]:
gabor-mezei-arm49d6ea92021-06-24 14:38:51 +0200[diff] [blame]733 known_flags = sorted(self.constructors.key_usage_flags)
Gilles Peskinef7614272022-02-24 18:58:08 +0100[diff] [blame]734 yield self.key_for_usage_flags(known_flags, short='all known')
gabor-mezei-arm49d6ea92021-06-24 14:38:51 +0200[diff] [blame]735
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]736 def all_keys_for_usage_flags(self) -> Iterator[StorageTestData]:
gabor-mezei-arm340fbf32021-06-28 19:26:55 +0200[diff] [blame]737 yield from self.generate_keys_for_usage_flags()
738 yield from self.generate_key_for_all_usage_flags()
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]739
Gilles Peskine7de7c102021-04-29 22:28:07 +0200[diff] [blame]740 def key_for_type_and_alg(
741 self,
742 kt: crypto_knowledge.KeyType,
743 bits: int,
744 alg: Optional[crypto_knowledge.Algorithm] = None,
745 ) -> StorageTestData:
746 """Construct a test key of the given type.
747
748 If alg is not None, this key allows it.
749 """
Gilles Peskine564fae82022-03-17 22:32:59 +0100[diff] [blame]750 usage_flags = ['PSA_KEY_USAGE_EXPORT']
Gilles Peskinee6b85b42022-03-18 09:58:09 +0100[diff] [blame]751 alg1 = 0 #type: psa_storage.Exprable
Gilles Peskine7de7c102021-04-29 22:28:07 +0200[diff] [blame]752 alg2 = 0
Gilles Peskinee6b85b42022-03-18 09:58:09 +0100[diff] [blame]753 if alg is not None:
754 alg1 = alg.expression
755 usage_flags += alg.usage_flags(public=kt.is_public())
Gilles Peskine7de7c102021-04-29 22:28:07 +0200[diff] [blame]756 key_material = kt.key_material(bits)
Gilles Peskine16b25062022-03-18 00:02:15 +0100[diff] [blame]757 description = 'type: {} {}-bit'.format(kt.short_expression(1), bits)
Gilles Peskine7de7c102021-04-29 22:28:07 +0200[diff] [blame]758 if alg is not None:
Gilles Peskine16b25062022-03-18 00:02:15 +0100[diff] [blame]759 description += ', ' + alg.short_expression(1)
Gilles Peskine7de7c102021-04-29 22:28:07 +0200[diff] [blame]760 key = StorageTestData(version=self.version,
761 id=1, lifetime=0x00000001,
762 type=kt.expression, bits=bits,
763 usage=usage_flags, alg=alg1, alg2=alg2,
764 material=key_material,
765 description=description)
766 return key
767
Gilles Peskinef8223ab2021-03-10 15:07:16 +0100[diff] [blame]768 def keys_for_type(
769 self,
770 key_type: str,
Gilles Peskine7de7c102021-04-29 22:28:07 +0200[diff] [blame]771 all_algorithms: List[crypto_knowledge.Algorithm],
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]772 ) -> Iterator[StorageTestData]:
Gilles Peskine7de7c102021-04-29 22:28:07 +0200[diff] [blame]773 """Generate test keys for the given key type."""
774 kt = crypto_knowledge.KeyType(key_type)
Gilles Peskinef8223ab2021-03-10 15:07:16 +0100[diff] [blame]775 for bits in kt.sizes_to_test():
Gilles Peskine7de7c102021-04-29 22:28:07 +0200[diff] [blame]776 # Test a non-exercisable key, as well as exercisable keys for
777 # each compatible algorithm.
778 # To do: test reading a key from storage with an incompatible
779 # or unsupported algorithm.
780 yield self.key_for_type_and_alg(kt, bits)
781 compatible_algorithms = [alg for alg in all_algorithms
782 if kt.can_do(alg)]
783 for alg in compatible_algorithms:
784 yield self.key_for_type_and_alg(kt, bits, alg)
Gilles Peskinef8223ab2021-03-10 15:07:16 +0100[diff] [blame]785
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]786 def all_keys_for_types(self) -> Iterator[StorageTestData]:
Gilles Peskinef8223ab2021-03-10 15:07:16 +0100[diff] [blame]787 """Generate test keys covering key types and their representations."""
Gilles Peskine537d5fa2021-04-19 13:50:25 +0200[diff] [blame]788 key_types = sorted(self.constructors.key_types)
Gilles Peskine7de7c102021-04-29 22:28:07 +0200[diff] [blame]789 all_algorithms = [crypto_knowledge.Algorithm(alg)
790 for alg in self.constructors.generate_expressions(
791 sorted(self.constructors.algorithms)
792 )]
gabor-mezei-arm340fbf32021-06-28 19:26:55 +0200[diff] [blame]793 for key_type in self.constructors.generate_expressions(key_types):
Gilles Peskine7de7c102021-04-29 22:28:07 +0200[diff] [blame]794 yield from self.keys_for_type(key_type, all_algorithms)
Gilles Peskinef8223ab2021-03-10 15:07:16 +0100[diff] [blame]795
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]796 def keys_for_algorithm(self, alg: str) -> Iterator[StorageTestData]:
Gilles Peskine7de7c102021-04-29 22:28:07 +0200[diff] [blame]797 """Generate test keys for the encoding of the specified algorithm."""
798 # These test cases only validate the encoding of algorithms, not
799 # whether the key read from storage is suitable for an operation.
800 # `keys_for_types` generate read tests with an algorithm and a
801 # compatible key.
Gilles Peskine16b25062022-03-18 00:02:15 +0100[diff] [blame]802 descr = crypto_knowledge.short_expression(alg, 1)
Gilles Peskine564fae82022-03-17 22:32:59 +0100[diff] [blame]803 usage = ['PSA_KEY_USAGE_EXPORT']
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]804 key1 = StorageTestData(version=self.version,
805 id=1, lifetime=0x00000001,
806 type='PSA_KEY_TYPE_RAW_DATA', bits=8,
807 usage=usage, alg=alg, alg2=0,
808 material=b'K',
809 description='alg: ' + descr)
810 yield key1
811 key2 = StorageTestData(version=self.version,
812 id=1, lifetime=0x00000001,
813 type='PSA_KEY_TYPE_RAW_DATA', bits=8,
814 usage=usage, alg=0, alg2=alg,
815 material=b'L',
816 description='alg2: ' + descr)
817 yield key2
Gilles Peskined86bc522021-03-10 15:08:57 +0100[diff] [blame]818
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]819 def all_keys_for_algorithms(self) -> Iterator[StorageTestData]:
Gilles Peskined86bc522021-03-10 15:08:57 +0100[diff] [blame]820 """Generate test keys covering algorithm encodings."""
Gilles Peskine537d5fa2021-04-19 13:50:25 +0200[diff] [blame]821 algorithms = sorted(self.constructors.algorithms)
gabor-mezei-arm340fbf32021-06-28 19:26:55 +0200[diff] [blame]822 for alg in self.constructors.generate_expressions(algorithms):
823 yield from self.keys_for_algorithm(alg)
Gilles Peskined86bc522021-03-10 15:08:57 +0100[diff] [blame]824
gabor-mezei-arm0c24edd2021-06-29 15:42:57 +0200[diff] [blame]825 def generate_all_keys(self) -> Iterator[StorageTestData]:
gabor-mezei-arm780cf9d2021-06-24 09:49:50 +0200[diff] [blame]826 """Generate all keys for the test cases."""
gabor-mezei-arm0c24edd2021-06-29 15:42:57 +0200[diff] [blame]827 yield from self.all_keys_for_lifetimes()
828 yield from self.all_keys_for_usage_flags()
829 yield from self.all_keys_for_types()
830 yield from self.all_keys_for_algorithms()
gabor-mezei-arm780cf9d2021-06-24 09:49:50 +0200[diff] [blame]831
gabor-mezei-arm340fbf32021-06-28 19:26:55 +0200[diff] [blame]832 def all_test_cases(self) -> Iterator[test_case.TestCase]:
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]833 """Generate all storage format test cases."""
Gilles Peskine3c9d4232021-04-12 14:43:05 +0200[diff] [blame]834 # First build a list of all keys, then construct all the corresponding
835 # test cases. This allows all required information to be obtained in
836 # one go, which is a significant performance gain as the information
837 # includes numerical values obtained by compiling a C program.
Gilles Peskine45f2a402021-07-06 21:05:52 +0200[diff] [blame]838 all_keys = list(self.generate_all_keys())
839 for key in all_keys:
gabor-mezei-arm340fbf32021-06-28 19:26:55 +0200[diff] [blame]840 if key.location_value() != 0:
841 # Skip keys with a non-default location, because they
842 # require a driver and we currently have no mechanism to
843 # determine whether a driver is available.
844 continue
845 yield self.make_test_case(key)
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]846
gabor-mezei-arma4102cb2021-06-24 09:53:26 +0200[diff] [blame]847class StorageFormatForward(StorageFormat):
848 """Storage format stability test cases for forward compatibility."""
849
850 def __init__(self, info: Information, version: int) -> None:
851 super().__init__(info, version, True)
852
853class StorageFormatV0(StorageFormat):
854 """Storage format stability test cases for version 0 compatibility."""
855
856 def __init__(self, info: Information) -> None:
857 super().__init__(info, 0, False)
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]858
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]859 def all_keys_for_usage_flags(self) -> Iterator[StorageTestData]:
gabor-mezei-arm7748b6f2021-06-24 10:04:38 +0200[diff] [blame]860 """Generate test keys covering usage flags."""
Gilles Peskinef7614272022-02-24 18:58:08 +0100[diff] [blame]861 yield from super().all_keys_for_usage_flags()
862 yield from self.generate_keys_for_usage_flags(test_implicit_usage=False)
gabor-mezei-arm7748b6f2021-06-24 10:04:38 +0200[diff] [blame]863
gabor-mezei-arm5df1dee2021-06-28 17:40:32 +0200[diff] [blame]864 def keys_for_implicit_usage(
gabor-mezei-arm672e3762021-06-24 10:16:44 +0200[diff] [blame]865 self,
gabor-mezei-arm2710bb12021-06-28 16:54:11 +0200[diff] [blame]866 implyer_usage: str,
gabor-mezei-arm672e3762021-06-24 10:16:44 +0200[diff] [blame]867 alg: str,
gabor-mezei-arm2784bfe2021-06-28 20:02:11 +0200[diff] [blame]868 key_type: crypto_knowledge.KeyType
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]869 ) -> StorageTestData:
gabor-mezei-arm0f8136a2021-06-24 14:38:25 +0200[diff] [blame]870 # pylint: disable=too-many-locals
gabor-mezei-arm8f405102021-06-28 16:27:29 +0200[diff] [blame]871 """Generate test keys for the specified implicit usage flag,
gabor-mezei-arm672e3762021-06-24 10:16:44 +0200[diff] [blame]872 algorithm and key type combination.
873 """
gabor-mezei-arm2784bfe2021-06-28 20:02:11 +0200[diff] [blame]874 bits = key_type.sizes_to_test()[0]
gabor-mezei-arm2710bb12021-06-28 16:54:11 +0200[diff] [blame]875 implicit_usage = StorageKey.IMPLICIT_USAGE_FLAGS[implyer_usage]
Gilles Peskine564fae82022-03-17 22:32:59 +0100[diff] [blame]876 usage_flags = ['PSA_KEY_USAGE_EXPORT']
877 material_usage_flags = usage_flags + [implyer_usage]
878 expected_usage_flags = material_usage_flags + [implicit_usage]
gabor-mezei-armd9050a52021-06-28 16:35:48 +0200[diff] [blame]879 alg2 = 0
gabor-mezei-arm2784bfe2021-06-28 20:02:11 +0200[diff] [blame]880 key_material = key_type.key_material(bits)
Gilles Peskine16b25062022-03-18 00:02:15 +0100[diff] [blame]881 usage_expression = crypto_knowledge.short_expression(implyer_usage, 1)
882 alg_expression = crypto_knowledge.short_expression(alg, 1)
883 key_type_expression = key_type.short_expression(1)
gabor-mezei-arm5df1dee2021-06-28 17:40:32 +0200[diff] [blame]884 description = 'implied by {}: {} {} {}-bit'.format(
gabor-mezei-armd9050a52021-06-28 16:35:48 +0200[diff] [blame]885 usage_expression, alg_expression, key_type_expression, bits)
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]886 key = StorageTestData(version=self.version,
887 id=1, lifetime=0x00000001,
888 type=key_type.expression, bits=bits,
889 usage=material_usage_flags,
890 expected_usage=expected_usage_flags,
891 without_implicit_usage=True,
892 alg=alg, alg2=alg2,
893 material=key_material,
894 description=description)
895 return key
gabor-mezei-arm672e3762021-06-24 10:16:44 +0200[diff] [blame]896
897 def gather_key_types_for_sign_alg(self) -> Dict[str, List[str]]:
gabor-mezei-arm0f8136a2021-06-24 14:38:25 +0200[diff] [blame]898 # pylint: disable=too-many-locals
gabor-mezei-arm672e3762021-06-24 10:16:44 +0200[diff] [blame]899 """Match possible key types for sign algorithms."""
Shaun Case8b0ecbc2021-12-20 21:14:10 -0800[diff] [blame]900 # To create a valid combination both the algorithms and key types
gabor-mezei-arm672e3762021-06-24 10:16:44 +0200[diff] [blame]901 # must be filtered. Pair them with keywords created from its names.
902 incompatible_alg_keyword = frozenset(['RAW', 'ANY', 'PURE'])
903 incompatible_key_type_keywords = frozenset(['MONTGOMERY'])
904 keyword_translation = {
905 'ECDSA': 'ECC',
906 'ED[0-9]*.*' : 'EDWARDS'
907 }
908 exclusive_keywords = {
909 'EDWARDS': 'ECC'
910 }
gabor-mezei-arm0f8136a2021-06-24 14:38:25 +0200[diff] [blame]911 key_types = set(self.constructors.generate_expressions(self.constructors.key_types))
912 algorithms = set(self.constructors.generate_expressions(self.constructors.sign_algorithms))
gabor-mezei-arm672e3762021-06-24 10:16:44 +0200[diff] [blame]913 alg_with_keys = {} #type: Dict[str, List[str]]
914 translation_table = str.maketrans('(', '_', ')')
915 for alg in algorithms:
916 # Generate keywords from the name of the algorithm
917 alg_keywords = set(alg.partition('(')[0].split(sep='_')[2:])
918 # Translate keywords for better matching with the key types
919 for keyword in alg_keywords.copy():
920 for pattern, replace in keyword_translation.items():
921 if re.match(pattern, keyword):
922 alg_keywords.remove(keyword)
923 alg_keywords.add(replace)
Shaun Case8b0ecbc2021-12-20 21:14:10 -0800[diff] [blame]924 # Filter out incompatible algorithms
gabor-mezei-arm672e3762021-06-24 10:16:44 +0200[diff] [blame]925 if not alg_keywords.isdisjoint(incompatible_alg_keyword):
926 continue
927
928 for key_type in key_types:
929 # Generate keywords from the of the key type
930 key_type_keywords = set(key_type.translate(translation_table).split(sep='_')[3:])
931
Shaun Case8b0ecbc2021-12-20 21:14:10 -0800[diff] [blame]932 # Remove ambiguous keywords
gabor-mezei-arm672e3762021-06-24 10:16:44 +0200[diff] [blame]933 for keyword1, keyword2 in exclusive_keywords.items():
934 if keyword1 in key_type_keywords:
935 key_type_keywords.remove(keyword2)
936
937 if key_type_keywords.isdisjoint(incompatible_key_type_keywords) and\
938 not key_type_keywords.isdisjoint(alg_keywords):
939 if alg in alg_with_keys:
940 alg_with_keys[alg].append(key_type)
941 else:
942 alg_with_keys[alg] = [key_type]
943 return alg_with_keys
944
gabor-mezei-arm2a499c02021-06-29 15:29:24 +0200[diff] [blame]945 def all_keys_for_implicit_usage(self) -> Iterator[StorageTestData]:
gabor-mezei-arm672e3762021-06-24 10:16:44 +0200[diff] [blame]946 """Generate test keys for usage flag extensions."""
947 # Generate a key type and algorithm pair for each extendable usage
948 # flag to generate a valid key for exercising. The key is generated
Shaun Case8b0ecbc2021-12-20 21:14:10 -0800[diff] [blame]949 # without usage extension to check the extension compatibility.
gabor-mezei-arm672e3762021-06-24 10:16:44 +0200[diff] [blame]950 alg_with_keys = self.gather_key_types_for_sign_alg()
gabor-mezei-arm11e48382021-06-24 16:35:01 +0200[diff] [blame]951
gabor-mezei-arm340fbf32021-06-28 19:26:55 +0200[diff] [blame]952 for usage in sorted(StorageKey.IMPLICIT_USAGE_FLAGS, key=str):
953 for alg in sorted(alg_with_keys):
954 for key_type in sorted(alg_with_keys[alg]):
955 # The key types must be filtered to fit the specific usage flag.
gabor-mezei-arm2784bfe2021-06-28 20:02:11 +0200[diff] [blame]956 kt = crypto_knowledge.KeyType(key_type)
Gilles Peskinefa70ced2022-03-17 12:52:24 +0100[diff] [blame]957 if kt.is_public() and '_SIGN_' in usage:
958 # Can't sign with a public key
959 continue
960 yield self.keys_for_implicit_usage(usage, alg, kt)
gabor-mezei-arm672e3762021-06-24 10:16:44 +0200[diff] [blame]961
gabor-mezei-arm0c24edd2021-06-29 15:42:57 +0200[diff] [blame]962 def generate_all_keys(self) -> Iterator[StorageTestData]:
963 yield from super().generate_all_keys()
964 yield from self.all_keys_for_implicit_usage()
gabor-mezei-arm7748b6f2021-06-24 10:04:38 +0200[diff] [blame]965
Gilles Peskine64f2efd2022-09-16 21:41:47 +0200[diff] [blame]966class PSATestGenerator(test_data_generation.TestGenerator):
Werner Lewisfbb75e32022-08-24 11:30:03 +0100[diff] [blame]967 """Test generator subclass including PSA targets and info."""
Dave Rodgman3009a972022-04-22 14:52:41 +0100[diff] [blame]968 # Note that targets whose names contain 'test_format' have their content
Gilles Peskine92165362021-04-23 16:37:12 +0200[diff] [blame]969 # validated by `abi_check.py`.
Werner Lewisa4668a62022-09-02 11:56:34 +0100[diff] [blame]970 targets = {
Przemyslaw Stekiel1b0978b2021-10-15 15:21:51 +0200[diff] [blame]971 'test_suite_psa_crypto_generate_key.generated':
972 lambda info: KeyGenerate(info).test_cases_for_key_generation(),
Gilles Peskine0298bda2021-03-10 02:34:37 +0100[diff] [blame]973 'test_suite_psa_crypto_not_supported.generated':
Gilles Peskine0e9e4422022-12-15 22:14:28 +0100[diff] [blame]974 lambda info: KeyTypeNotSupported(info).test_cases_for_not_supported(),
Gilles Peskinec7e1ea02021-04-27 20:40:10 +0200[diff] [blame]975 'test_suite_psa_crypto_op_fail.generated':
976 lambda info: OpFail(info).all_test_cases(),
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]977 'test_suite_psa_crypto_storage_format.current':
gabor-mezei-arma4102cb2021-06-24 09:53:26 +0200[diff] [blame]978 lambda info: StorageFormatForward(info, 0).all_test_cases(),
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]979 'test_suite_psa_crypto_storage_format.v0':
gabor-mezei-arma4102cb2021-06-24 09:53:26 +0200[diff] [blame]980 lambda info: StorageFormatV0(info).all_test_cases(),
Gilles Peskine0298bda2021-03-10 02:34:37 +0100[diff] [blame]981 } #type: Dict[str, Callable[[Information], Iterable[test_case.TestCase]]]
982
Werner Lewisfbb75e32022-08-24 11:30:03 +0100[diff] [blame]983 def __init__(self, options):
984 super().__init__(options)
985 self.info = Information()
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]986
Werner Lewisfbb75e32022-08-24 11:30:03 +0100[diff] [blame]987 def generate_target(self, name: str, *target_args) -> None:
988 super().generate_target(name, self.info)
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]989
990if __name__ == '__main__':
Gilles Peskine64f2efd2022-09-16 21:41:47 +0200[diff] [blame]991 test_data_generation.main(sys.argv[1:], __doc__, PSATestGenerator)