mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-18 05:42:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #7909 from mpg/dh-generate-psa-tests

Browse Source 
Enable DH in generate_psa_tests.py
This commit is contained in:
Gilles Peskine 2023-07-26 17:46:09 +00:00 committed by GitHub
commit 51ed3139d1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 39 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
scripts/mbedtls_dev/crypto_knowledge.py
View File

@ -34,7 +34,7 @@ def short_expression(original: str, level: int = 0) -> str:
unambiguous, but ad hoc way. unambiguous, but ad hoc way.
""" """
short = original short = original
short = re.sub(r'\bPSA_(?:ALG|ECC_FAMILY|KEY_[A-Z]+)_', r'', short) short = re.sub(r'\bPSA_(?:ALG|DH_FAMILY|ECC_FAMILY|KEY_[A-Z]+)_', r'', short)
short = re.sub(r' +', r'', short) short = re.sub(r' +', r'', short)
if level >= 1: if level >= 1:
short = re.sub(r'PUBLIC_KEY\b', r'PUB', short) short = re.sub(r'PUBLIC_KEY\b', r'PUB', short)
@ -138,6 +138,9 @@ class KeyType:
"""Whether the key type is for public keys.""" """Whether the key type is for public keys."""
return self.name.endswith('_PUBLIC_KEY') return self.name.endswith('_PUBLIC_KEY')
DH_KEY_SIZES = {
'PSA_DH_FAMILY_RFC7919': (2048, 3072, 4096, 6144, 8192),
} # type: Dict[str, Tuple[int, ...]]
ECC_KEY_SIZES = { ECC_KEY_SIZES = {
'PSA_ECC_FAMILY_SECP_K1': (192, 224, 256), 'PSA_ECC_FAMILY_SECP_K1': (192, 224, 256),
'PSA_ECC_FAMILY_SECP_R1': (225, 256, 384, 521), 'PSA_ECC_FAMILY_SECP_R1': (225, 256, 384, 521),
@ -175,6 +178,9 @@ class KeyType:
if self.private_type == 'PSA_KEY_TYPE_ECC_KEY_PAIR': if self.private_type == 'PSA_KEY_TYPE_ECC_KEY_PAIR':
assert self.params is not None assert self.params is not None
return self.ECC_KEY_SIZES[self.params[0]] return self.ECC_KEY_SIZES[self.params[0]]
if self.private_type == 'PSA_KEY_TYPE_DH_KEY_PAIR':
assert self.params is not None
return self.DH_KEY_SIZES[self.params[0]]
return self.KEY_TYPE_SIZES[self.private_type] return self.KEY_TYPE_SIZES[self.private_type]
# "48657265006973206b6579a064617461" # "48657265006973206b6579a064617461"
@ -261,6 +267,8 @@ class KeyType:
if alg.head in {'PURE_EDDSA', 'EDDSA_PREHASH'} and \ if alg.head in {'PURE_EDDSA', 'EDDSA_PREHASH'} and \
eccc == EllipticCurveCategory.TWISTED_EDWARDS: eccc == EllipticCurveCategory.TWISTED_EDWARDS:
return True return True
if self.head == 'DH' and alg.head == 'FFDH':
return True
return False return False

36
tests/scripts/generate_psa_tests.py
View File

@ -111,7 +111,7 @@ def hack_dependencies_not_implemented(dependencies: List[str]) -> None:
_implemented_dependencies = \ _implemented_dependencies = \
read_implemented_dependencies('include/psa/crypto_config.h') read_implemented_dependencies('include/psa/crypto_config.h')
if not all((dep.lstrip('!') in _implemented_dependencies or if not all((dep.lstrip('!') in _implemented_dependencies or
'PSA_WANT' not in dep) not dep.lstrip('!').startswith('PSA_WANT'))
for dep in dependencies): for dep in dependencies):
dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET') dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET')
@ -121,7 +121,14 @@ def tweak_key_pair_dependency(dep: str, usage: str):
symbols according to the required usage. symbols according to the required usage.
""" """
ret_list = list() ret_list = list()
if dep.endswith('KEY_PAIR'): # Note: this LEGACY replacement DH is temporary and it's going
# to be aligned with ECC one in #7773.
if dep.endswith('DH_KEY_PAIR'):
legacy = dep
legacy = re.sub(r'KEY_PAIR\Z', r'KEY_PAIR_LEGACY', legacy)
legacy = re.sub(r'PSA_WANT', r'MBEDTLS_PSA_WANT', legacy)
ret_list.append(legacy)
elif dep.endswith('KEY_PAIR'):
if usage == "BASIC": if usage == "BASIC":
# BASIC automatically includes IMPORT and EXPORT for test purposes (see # BASIC automatically includes IMPORT and EXPORT for test purposes (see
# config_psa.h). # config_psa.h).
@ -152,10 +159,8 @@ class Information:
def remove_unwanted_macros( def remove_unwanted_macros(
constructors: macro_collector.PSAMacroEnumerator constructors: macro_collector.PSAMacroEnumerator
) -> None: ) -> None:
# Mbed TLS doesn't support finite-field DH yet and will not support # Mbed TLS does not support finite-field DSA.
# finite-field DSA. Don't attempt to generate any related test case. # Don't attempt to generate any related test case.
constructors.key_types.discard('PSA_KEY_TYPE_DH_KEY_PAIR')
constructors.key_types.discard('PSA_KEY_TYPE_DH_PUBLIC_KEY')
constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR') constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR')
constructors.key_types.discard('PSA_KEY_TYPE_DSA_PUBLIC_KEY') constructors.key_types.discard('PSA_KEY_TYPE_DSA_PUBLIC_KEY')
@ -261,12 +266,16 @@ class KeyTypeNotSupported:
ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR', ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
'PSA_KEY_TYPE_ECC_PUBLIC_KEY') 'PSA_KEY_TYPE_ECC_PUBLIC_KEY')
DH_KEY_TYPES = ('PSA_KEY_TYPE_DH_KEY_PAIR',
'PSA_KEY_TYPE_DH_PUBLIC_KEY')
def test_cases_for_not_supported(self) -> Iterator[test_case.TestCase]: def test_cases_for_not_supported(self) -> Iterator[test_case.TestCase]:
"""Generate test cases that exercise the creation of keys of unsupported types.""" """Generate test cases that exercise the creation of keys of unsupported types."""
for key_type in sorted(self.constructors.key_types): for key_type in sorted(self.constructors.key_types):
if key_type in self.ECC_KEY_TYPES: if key_type in self.ECC_KEY_TYPES:
continue continue
if key_type in self.DH_KEY_TYPES:
continue
kt = crypto_knowledge.KeyType(key_type) kt = crypto_knowledge.KeyType(key_type)
yield from self.test_cases_for_key_type_not_supported(kt) yield from self.test_cases_for_key_type_not_supported(kt)
for curve_family in sorted(self.constructors.ecc_curves): for curve_family in sorted(self.constructors.ecc_curves):
@ -276,6 +285,13 @@ class KeyTypeNotSupported:
kt, param_descr='type') kt, param_descr='type')
yield from self.test_cases_for_key_type_not_supported( yield from self.test_cases_for_key_type_not_supported(
kt, 0, param_descr='curve') kt, 0, param_descr='curve')
for dh_family in sorted(self.constructors.dh_groups):
for constr in self.DH_KEY_TYPES:
kt = crypto_knowledge.KeyType(constr, [dh_family])
yield from self.test_cases_for_key_type_not_supported(
kt, param_descr='type')
yield from self.test_cases_for_key_type_not_supported(
kt, 0, param_descr='group')
def test_case_for_key_generation( def test_case_for_key_generation(
key_type: str, bits: int, key_type: str, bits: int,
@ -304,6 +320,8 @@ class KeyGenerate:
ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR', ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
'PSA_KEY_TYPE_ECC_PUBLIC_KEY') 'PSA_KEY_TYPE_ECC_PUBLIC_KEY')
DH_KEY_TYPES = ('PSA_KEY_TYPE_DH_KEY_PAIR',
'PSA_KEY_TYPE_DH_PUBLIC_KEY')
@staticmethod @staticmethod
def test_cases_for_key_type_key_generation( def test_cases_for_key_type_key_generation(
@ -341,12 +359,18 @@ class KeyGenerate:
for key_type in sorted(self.constructors.key_types): for key_type in sorted(self.constructors.key_types):
if key_type in self.ECC_KEY_TYPES: if key_type in self.ECC_KEY_TYPES:
continue continue
if key_type in self.DH_KEY_TYPES:
continue
kt = crypto_knowledge.KeyType(key_type) kt = crypto_knowledge.KeyType(key_type)
yield from self.test_cases_for_key_type_key_generation(kt) yield from self.test_cases_for_key_type_key_generation(kt)
for curve_family in sorted(self.constructors.ecc_curves): for curve_family in sorted(self.constructors.ecc_curves):
for constr in self.ECC_KEY_TYPES: for constr in self.ECC_KEY_TYPES:
kt = crypto_knowledge.KeyType(constr, [curve_family]) kt = crypto_knowledge.KeyType(constr, [curve_family])
yield from self.test_cases_for_key_type_key_generation(kt) yield from self.test_cases_for_key_type_key_generation(kt)
for dh_family in sorted(self.constructors.dh_groups):
for constr in self.DH_KEY_TYPES:
kt = crypto_knowledge.KeyType(constr, [dh_family])
yield from self.test_cases_for_key_type_key_generation(kt)
class OpFail: class OpFail:
"""Generate test cases for operations that must fail.""" """Generate test cases for operations that must fail."""