Add test case generation for usage extensions when loading keys

Add test cases validating that if a stored key only had the hash policy, then after loading it psa_get_key_attributes reports that it also has the message policy, and the key can be used with message functions. Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 10:16:44 +02:00 · 2021-06-24 10:16:44 +02:00 · 672e376ba5
commit 672e376ba5
parent 7748b6f24b
3 changed files with 148 additions and 5 deletions
--- a/scripts/mbedtls_dev/macro_collector.py
+++ b/scripts/mbedtls_dev/macro_collector.py
@ -101,6 +101,7 @@ class PSAMacroEnumerator:
        self.kdf_algorithms = set() #type: Set[str]
        self.pake_algorithms = set() #type: Set[str]
        self.aead_algorithms = set() #type: Set[str]
+        self.sign_algorithms = set() #type: Set[str]
        # macro name -> list of argument names
        self.argspecs = {} #type: Dict[str, List[str]]
        # argument name -> list of values
@ -135,6 +136,7 @@ class PSAMacroEnumerator:
        self.arguments_for['ka_alg'] = sorted(self.ka_algorithms)
        self.arguments_for['kdf_alg'] = sorted(self.kdf_algorithms)
        self.arguments_for['aead_alg'] = sorted(self.aead_algorithms)
+        self.arguments_for['sign_alg'] = sorted(self.sign_algorithms)
        self.arguments_for['curve'] = sorted(self.ecc_curves)
        self.arguments_for['group'] = sorted(self.dh_groups)
        self.arguments_for['persistence'] = sorted(self.persistence_levels)
@ -368,11 +370,11 @@ enumerate
            'hash_algorithm': [self.hash_algorithms],
            'mac_algorithm': [self.mac_algorithms],
            'cipher_algorithm': [],
-            'hmac_algorithm': [self.mac_algorithms],
+            'hmac_algorithm': [self.mac_algorithms, self.sign_algorithms],
            'aead_algorithm': [self.aead_algorithms],
            'key_derivation_algorithm': [self.kdf_algorithms],
            'key_agreement_algorithm': [self.ka_algorithms],
-            'asymmetric_signature_algorithm': [],
+            'asymmetric_signature_algorithm': [self.sign_algorithms],
            'asymmetric_signature_wildcard': [self.algorithms],
            'asymmetric_encryption_algorithm': [],
            'pake_algorithm': [self.pake_algorithms],
--- a/scripts/mbedtls_dev/psa_storage.py
+++ b/scripts/mbedtls_dev/psa_storage.py
@ -107,6 +107,14 @@ class Key:
    } #type: Dict[Expr, Expr]
    """The extendable usage flags with the corresponding extension flags."""

+    EXTENDABLE_USAGE_FLAGS_KEY_RESTRICTION = {
+        'PSA_KEY_USAGE_SIGN_HASH': '.*KEY_PAIR',
+        'PSA_KEY_USAGE_VERIFY_HASH': '.*KEY.*'
+    } #type: Dict[str, str]
+    """The key type filter for the extendable usage flags.
+    The filter is a regexp.
+    """
+
    def __init__(self, *,
                 version: Optional[int] = None,
                 id: Optional[int] = None, #pylint: disable=redefined-builtin