Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backport 2.28: Add metadata tests for CCM* and TLS1.2-ECJPAKE-to-PMS #6844

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 14 additions & 3 deletions scripts/mbedtls_dev/crypto_knowledge.py
Original file line number Diff line number Diff line change
Expand Up @@ -212,9 +212,7 @@ def can_do(self, alg: 'Algorithm') -> bool:
This function does not currently handle key derivation or PAKE.
"""
#pylint: disable=too-many-branches,too-many-return-statements
if alg.is_wildcard:
return False
if alg.is_invalid_truncation():
if not alg.is_valid_for_operation():
return False
if self.head == 'HMAC' and alg.head == 'HMAC':
return True
Expand Down Expand Up @@ -495,6 +493,19 @@ def is_invalid_truncation(self) -> bool:
return True
return False

def is_valid_for_operation(self) -> bool:
"""Whether this algorithm construction is valid for an operation.

This function assumes that the algorithm is constructed in a
"grammatically" correct way, and only rejects semantically invalid
combinations.
"""
if self.is_wildcard:
return False
if self.is_invalid_truncation():
return False
return True

def can_do(self, category: AlgorithmCategory) -> bool:
"""Whether this algorithm can perform operations in the given category.
"""
Expand Down
8 changes: 4 additions & 4 deletions tests/scripts/generate_psa_tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -151,8 +151,8 @@ def test_case_for_key_type_not_supported(
tc.set_arguments([key_type] + list(args))
return tc

class NotSupported:
"""Generate test cases for when something is not supported."""
class KeyTypeNotSupported:
"""Generate test cases for when a key type is not supported."""

def __init__(self, info: Information) -> None:
self.constructors = info.constructors
Expand Down Expand Up @@ -521,7 +521,7 @@ def exercise_key_with_algorithm(
key_type: psa_storage.Expr, bits: int,
alg: psa_storage.Expr
) -> bool:
"""Whether to the given key with the given algorithm.
"""Whether to exercise the given key with the given algorithm.

Normally only the type and algorithm matter for compatibility, and
this is handled in crypto_knowledge.KeyType.can_do(). This function
Expand Down Expand Up @@ -902,7 +902,7 @@ class PSATestGenerator(test_data_generation.TestGenerator):
'test_suite_psa_crypto_generate_key.generated':
lambda info: KeyGenerate(info).test_cases_for_key_generation(),
'test_suite_psa_crypto_not_supported.generated':
lambda info: NotSupported(info).test_cases_for_not_supported(),
lambda info: KeyTypeNotSupported(info).test_cases_for_not_supported(),
'test_suite_psa_crypto_op_fail.generated':
lambda info: OpFail(info).all_test_cases(),
'test_suite_psa_crypto_storage_format.current':
Expand Down