eden-emu/mbedtls
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Enable DH in generate_psa_tests.py

Browse source 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2023-07-11 10:23:02 +02:00
parent f1c032adba
commit afe4b79114
2 changed files with 27 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
scripts/mbedtls_dev/crypto_knowledge.py
View file

@ -138,6 +138,9 @@ class KeyType:
"""Whether the key type is for public keys.""" """Whether the key type is for public keys."""
return self.name.endswith('_PUBLIC_KEY') return self.name.endswith('_PUBLIC_KEY')
DH_KEY_SIZES = {
'PSA_DH_FAMILY_RFC7919': (2048, 3072, 4096, 6144, 8192),
} # type: Dict[str, Tuple[int, ...]]
ECC_KEY_SIZES = { ECC_KEY_SIZES = {
'PSA_ECC_FAMILY_SECP_K1': (192, 224, 256), 'PSA_ECC_FAMILY_SECP_K1': (192, 224, 256),
'PSA_ECC_FAMILY_SECP_R1': (225, 256, 384, 521), 'PSA_ECC_FAMILY_SECP_R1': (225, 256, 384, 521),
@ -175,6 +178,9 @@ class KeyType:
if self.private_type == 'PSA_KEY_TYPE_ECC_KEY_PAIR': if self.private_type == 'PSA_KEY_TYPE_ECC_KEY_PAIR':
assert self.params is not None assert self.params is not None
return self.ECC_KEY_SIZES[self.params[0]] return self.ECC_KEY_SIZES[self.params[0]]
if self.private_type == 'PSA_KEY_TYPE_DH_KEY_PAIR':
assert self.params is not None
return self.DH_KEY_SIZES[self.params[0]]
return self.KEY_TYPE_SIZES[self.private_type] return self.KEY_TYPE_SIZES[self.private_type]
# "48657265006973206b6579a064617461" # "48657265006973206b6579a064617461"

25
tests/scripts/generate_psa_tests.py
View file

@ -152,10 +152,8 @@ class Information:
def remove_unwanted_macros( def remove_unwanted_macros(
constructors: macro_collector.PSAMacroEnumerator constructors: macro_collector.PSAMacroEnumerator
) -> None: ) -> None:
# Mbed TLS doesn't support finite-field DH yet and will not support # Mbed TLS does not support finite-field DSA.
# finite-field DSA. Don't attempt to generate any related test case. # Don't attempt to generate any related test case.
constructors.key_types.discard('PSA_KEY_TYPE_DH_KEY_PAIR')
constructors.key_types.discard('PSA_KEY_TYPE_DH_PUBLIC_KEY')
constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR') constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR')
constructors.key_types.discard('PSA_KEY_TYPE_DSA_PUBLIC_KEY') constructors.key_types.discard('PSA_KEY_TYPE_DSA_PUBLIC_KEY')
@ -261,12 +259,16 @@ class KeyTypeNotSupported:
ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR', ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
'PSA_KEY_TYPE_ECC_PUBLIC_KEY') 'PSA_KEY_TYPE_ECC_PUBLIC_KEY')
DH_KEY_TYPES = ('PSA_KEY_TYPE_DH_KEY_PAIR',
'PSA_KEY_TYPE_DH_PUBLIC_KEY')
def test_cases_for_not_supported(self) -> Iterator[test_case.TestCase]: def test_cases_for_not_supported(self) -> Iterator[test_case.TestCase]:
"""Generate test cases that exercise the creation of keys of unsupported types.""" """Generate test cases that exercise the creation of keys of unsupported types."""
for key_type in sorted(self.constructors.key_types): for key_type in sorted(self.constructors.key_types):
if key_type in self.ECC_KEY_TYPES: if key_type in self.ECC_KEY_TYPES:
continue continue
if key_type in self.DH_KEY_TYPES:
continue
kt = crypto_knowledge.KeyType(key_type) kt = crypto_knowledge.KeyType(key_type)
yield from self.test_cases_for_key_type_not_supported(kt) yield from self.test_cases_for_key_type_not_supported(kt)
for curve_family in sorted(self.constructors.ecc_curves): for curve_family in sorted(self.constructors.ecc_curves):
@ -276,6 +278,13 @@ class KeyTypeNotSupported:
kt, param_descr='type') kt, param_descr='type')
yield from self.test_cases_for_key_type_not_supported( yield from self.test_cases_for_key_type_not_supported(
kt, 0, param_descr='curve') kt, 0, param_descr='curve')
for dh_family in sorted(self.constructors.dh_groups):
for constr in self.DH_KEY_TYPES:
kt = crypto_knowledge.KeyType(constr, [dh_family])
yield from self.test_cases_for_key_type_not_supported(
kt, param_descr='type')
yield from self.test_cases_for_key_type_not_supported(
kt, 0, param_descr='group')
def test_case_for_key_generation( def test_case_for_key_generation(
key_type: str, bits: int, key_type: str, bits: int,
@ -304,6 +313,8 @@ class KeyGenerate:
ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR', ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
'PSA_KEY_TYPE_ECC_PUBLIC_KEY') 'PSA_KEY_TYPE_ECC_PUBLIC_KEY')
DH_KEY_TYPES = ('PSA_KEY_TYPE_DH_KEY_PAIR',
'PSA_KEY_TYPE_DH_PUBLIC_KEY')
@staticmethod @staticmethod
def test_cases_for_key_type_key_generation( def test_cases_for_key_type_key_generation(
@ -341,12 +352,18 @@ class KeyGenerate:
for key_type in sorted(self.constructors.key_types): for key_type in sorted(self.constructors.key_types):
if key_type in self.ECC_KEY_TYPES: if key_type in self.ECC_KEY_TYPES:
continue continue
if key_type in self.DH_KEY_TYPES:
continue
kt = crypto_knowledge.KeyType(key_type) kt = crypto_knowledge.KeyType(key_type)
yield from self.test_cases_for_key_type_key_generation(kt) yield from self.test_cases_for_key_type_key_generation(kt)
for curve_family in sorted(self.constructors.ecc_curves): for curve_family in sorted(self.constructors.ecc_curves):
for constr in self.ECC_KEY_TYPES: for constr in self.ECC_KEY_TYPES:
kt = crypto_knowledge.KeyType(constr, [curve_family]) kt = crypto_knowledge.KeyType(constr, [curve_family])
yield from self.test_cases_for_key_type_key_generation(kt) yield from self.test_cases_for_key_type_key_generation(kt)
for dh_family in sorted(self.constructors.dh_groups):
for constr in self.DH_KEY_TYPES:
kt = crypto_knowledge.KeyType(constr, [dh_family])
yield from self.test_cases_for_key_type_key_generation(kt)
class OpFail: class OpFail:
"""Generate test cases for operations that must fail.""" """Generate test cases for operations that must fail."""