Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key #5037
Conversation
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
mprse
added
needs-review
mprse
changed the title
|
There are some tests that will expect this new code as a result. Please see the travis logs, search for "failed". |
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
tests/scripts/generate_psa_tests.py
Outdated
| @@ -148,10 +148,15 @@ def test_case_for_key_type_not_supported( | |||
| adverb = 'not' if dependencies else 'never' | |||
| if param_descr: | |||
| adverb = param_descr + ' ' + adverb | |||
| tc.set_description('PSA {} {} {}-bit {} supported' | |||
| .format(verb, short_key_type, bits, adverb)) | |||
| if (verb == "generate") and ("PUBLIC" in short_key_type): | |||
There was a problem hiding this comment.
In NotSupported.test_cases_for_key_type_not_supported, the test for is-a-public-key is a bit different (kt.name.endswith('_PUBLIC_KEY')). I'm working on a follow-up that adds a method kt.is_public(). It would be better to have a single place that implements the test “is this key type for a public key?”, otherwise they risk diverging. Can you arrange to pass the information “is public key” down to this function?
Or maybe it would be better to have a completely separate function for the invalid-argument-for-public key case? I find this function rather messy. That's unavoidable to some extent because we want to produce output that has a lot of tweakable parts. Here, I suspect that keeping test_case_for_key_type_not_supported as it originally was, and making a separate function for the new case invalid-argument-for-public key, would make the code easier to maintain.
There was a problem hiding this comment.
I would like to confirm if I understand correctly your proposition:
- restore original version of
test_case_for_key_type_not_supported() - add
test_case_for_key_type_invalid_argument()
In this solution we would also require to modify NotSupported class (change it to NotSupported_InvalidArgumentor addInvalidArgument class". What option you suggest?
There was a problem hiding this comment.
Yes, that's what I meant.
If we want to make this really clean, taking a high-level view, the job of NotSupported is to enumerate combinations of (key type, algorithm, operation) and generate test cases for when one of them is not supported. If a combination is inherently impossible, rather than not supported by the current configuration of the library, then it's not NotSupported's job to handle this. #4444 will introduce the generation of negative test cases for impossible combinations, but only for operations on existing keys, not for key generation (and not for key import either, but there are no impossible combinations for import). This leaves a gap of impossible combinations for key generation, which are just the cases where the key type is a public key. So, to be clean, there should be a separate CreationFail class (distinct from NotSupported and OpFail).
However, this is an evolving test script, we shouldn't expend too much energy on it. Since NotSupported already does much of the job of CreationFail, we can keep it doing that, with a comment explaining that it's doing a little extra job on the side.
Despite my saing we shouldn't expend too much energy on this, I do still prefer to restore the original test_case_for_key_type_not_supported and make a separate function for the invalid-generate case. I see renaming NotSupported as optional: not-supported is still its main job.
There was a problem hiding this comment.
I've filed #5060 as a follow-up. It's not a top priority, but it is something we'll need eventually and it's a well-defined task that both adds a feature to generate_psa_tests.py and, I think, will make it a bit better structured. So @mprse if you don't have a more urgent task, I suggest you pick it up next.
gilles-peskine-arm
added
bug
component-psa
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
mprse
added
needs-review
gilles-peskine-arm
removed
the
needs-reviewer
|
@gilles-peskine-arm Can we merge this one? It would be easier to work on #5060. |
gilles-peskine-arm
added
approved
Backport 2.x: Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key #5037
Test psa_generate_key with RSA 2048 Public key Changed the error code from PSA_ERROR_NOT_SUPPORTED to PSA_ERROR_INVALID_ARGUMENT as in the documentation of psa_generate_key() returned values: "PSA_ERROR_INVALID_ARGUMENT The key type is an asymmetric public key type." See: Mbed-TLS/mbedtls#4551 Mbed-TLS/mbedtls#5037 Mbed-TLS/mbedtls#5038 Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Test psa_generate_key with RSA 2048 Public key Changed the error code from PSA_ERROR_NOT_SUPPORTED to PSA_ERROR_INVALID_ARGUMENT as in the documentation of psa_generate_key() returned values: "PSA_ERROR_INVALID_ARGUMENT The key type is an asymmetric public key type." See: Mbed-TLS/mbedtls#4551 Mbed-TLS/mbedtls#5037 Mbed-TLS/mbedtls#5038 Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Test psa_generate_key with RSA 2048 Public key Changed the error code from PSA_ERROR_NOT_SUPPORTED to PSA_ERROR_INVALID_ARGUMENT as in the documentation of psa_generate_key() returned values: "PSA_ERROR_INVALID_ARGUMENT The key type is an asymmetric public key type." See: Mbed-TLS/mbedtls#4551 Mbed-TLS/mbedtls#5037 Mbed-TLS/mbedtls#5038 Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Description
Fixes #4551
Status
READY
Requires Backporting
Yes
development_2.xPR #5038
Migrations
NO
Additional comments
Verified that with this fix the following code returns
PSA_ERROR_INVALID_ARGUMENT (-135):Result:
Key generation failed (status = -135)