From 4fa76bdc687e20f70557bcdf1728f71f8533e1b0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Dec 2022 22:14:28 +0100 Subject: [PATCH 1/3] NotSupported is specifically about key types Rename NotSupported to KeyTypeNotSupported, because it's only about testing key management. For algorithms, not-supported is handled by OpFail. Signed-off-by: Gilles Peskine --- tests/scripts/generate_psa_tests.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index a11daded56af..2ea3fd9674f8 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -151,8 +151,8 @@ def test_case_for_key_type_not_supported( tc.set_arguments([key_type] + list(args)) return tc -class NotSupported: - """Generate test cases for when something is not supported.""" +class KeyTypeNotSupported: + """Generate test cases for when a key type is not supported.""" def __init__(self, info: Information) -> None: self.constructors = info.constructors @@ -902,7 +902,7 @@ class PSATestGenerator(test_data_generation.TestGenerator): 'test_suite_psa_crypto_generate_key.generated': lambda info: KeyGenerate(info).test_cases_for_key_generation(), 'test_suite_psa_crypto_not_supported.generated': - lambda info: NotSupported(info).test_cases_for_not_supported(), + lambda info: KeyTypeNotSupported(info).test_cases_for_not_supported(), 'test_suite_psa_crypto_op_fail.generated': lambda info: OpFail(info).all_test_cases(), 'test_suite_psa_crypto_storage_format.current': From 7f7630c0fe259269da125379ab39656a359d9311 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Dec 2022 22:41:34 +0100 Subject: [PATCH 2/3] Refactoring: new method Algorithm.is_valid_for_operation No intended behavior change. Signed-off-by: Gilles Peskine --- scripts/mbedtls_dev/crypto_knowledge.py | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py index f227a411b093..9c36fc073c9a 100644 --- a/scripts/mbedtls_dev/crypto_knowledge.py +++ b/scripts/mbedtls_dev/crypto_knowledge.py @@ -212,9 +212,7 @@ def can_do(self, alg: 'Algorithm') -> bool: This function does not currently handle key derivation or PAKE. """ #pylint: disable=too-many-branches,too-many-return-statements - if alg.is_wildcard: - return False - if alg.is_invalid_truncation(): + if not alg.is_valid_for_operation(): return False if self.head == 'HMAC' and alg.head == 'HMAC': return True @@ -495,6 +493,19 @@ def is_invalid_truncation(self) -> bool: return True return False + def is_valid_for_operation(self) -> bool: + """Whether this algorithm construction is valid for an operation. + + This function assumes that the algorithm is constructed in a + "grammatically" correct way, and only rejects semantically invalid + combinations. + """ + if self.is_wildcard: + return False + if self.is_invalid_truncation(): + return False + return True + def can_do(self, category: AlgorithmCategory) -> bool: """Whether this algorithm can perform operations in the given category. """ From 1efe7fd988558dd863b931abdb644ce4340f9888 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Dec 2022 23:03:19 +0100 Subject: [PATCH 3/3] Fix documentation Signed-off-by: Gilles Peskine --- tests/scripts/generate_psa_tests.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index 2ea3fd9674f8..dcff50ff1bb2 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -521,7 +521,7 @@ def exercise_key_with_algorithm( key_type: psa_storage.Expr, bits: int, alg: psa_storage.Expr ) -> bool: - """Whether to the given key with the given algorithm. + """Whether to exercise the given key with the given algorithm. Normally only the type and algorithm matter for compatibility, and this is handled in crypto_knowledge.KeyType.can_do(). This function