eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove ad hoc is_valid_for_signature method

Browse source 
Use the new generic is_public method.

Impact on generated cases: there are new HMAC test cases for SIGN_HASH. It
was a bug that these test cases were previously not generated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2022-03-17 12:52:24 +01:00
parent 09dc05b880
commit fa70ced195
2 changed files with 6 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

17
scripts/mbedtls_dev/crypto_knowledge.py
View file

@ -20,7 +20,7 @@ This module is entirely based on the PSA API.
import enum import enum
import re import re
from typing import Dict, Iterable, Optional, Pattern, Tuple from typing import Iterable, Optional, Tuple
from mbedtls_dev.asymmetric_key_data import ASYMMETRIC_KEY_DATA from mbedtls_dev.asymmetric_key_data import ASYMMETRIC_KEY_DATA
@ -178,21 +178,6 @@ class KeyType:
return b''.join([self.DATA_BLOCK] * (length // len(self.DATA_BLOCK)) + return b''.join([self.DATA_BLOCK] * (length // len(self.DATA_BLOCK)) +
[self.DATA_BLOCK[:length % len(self.DATA_BLOCK)]]) [self.DATA_BLOCK[:length % len(self.DATA_BLOCK)]])
KEY_TYPE_FOR_SIGNATURE = {
'PSA_KEY_USAGE_SIGN_HASH': re.compile('.*KEY_PAIR'),
'PSA_KEY_USAGE_VERIFY_HASH': re.compile('.*KEY.*')
} #type: Dict[str, Pattern]
"""Use a regexp to determine key types for which signature is possible
when using the actual usage flag.
"""
def is_valid_for_signature(self, usage: str) -> bool:
"""Determine if the key type is compatible with the specified
signitute type.
"""
# This is just temporaly solution for the implicit usage flags.
return re.match(self.KEY_TYPE_FOR_SIGNATURE[usage], self.name) is not None
def can_do(self, alg: 'Algorithm') -> bool: def can_do(self, alg: 'Algorithm') -> bool:
"""Whether this key type can be used for operations with the given algorithm. """Whether this key type can be used for operations with the given algorithm.

8
tests/scripts/generate_psa_tests.py
View file

@ -206,7 +206,7 @@ class NotSupported:
continue continue
# For public key we expect that key generation fails with # For public key we expect that key generation fails with
# INVALID_ARGUMENT. It is handled by KeyGenerate class. # INVALID_ARGUMENT. It is handled by KeyGenerate class.
if not kt.name.endswith('_PUBLIC_KEY'): if not kt.is_public():
yield test_case_for_key_type_not_supported( yield test_case_for_key_type_not_supported(
'generate', kt.expression, bits, 'generate', kt.expression, bits,
finish_family_dependencies(generate_dependencies, bits), finish_family_dependencies(generate_dependencies, bits),
@ -822,8 +822,10 @@ class StorageFormatV0(StorageFormat):
for key_type in sorted(alg_with_keys[alg]): for key_type in sorted(alg_with_keys[alg]):
# The key types must be filtered to fit the specific usage flag. # The key types must be filtered to fit the specific usage flag.
kt = crypto_knowledge.KeyType(key_type) kt = crypto_knowledge.KeyType(key_type)
if kt.is_valid_for_signature(usage): if kt.is_public() and '_SIGN_' in usage:
yield self.keys_for_implicit_usage(usage, alg, kt) # Can't sign with a public key
continue
yield self.keys_for_implicit_usage(usage, alg, kt)
def generate_all_keys(self) -> Iterator[StorageTestData]: def generate_all_keys(self) -> Iterator[StorageTestData]:
yield from super().generate_all_keys() yield from super().generate_all_keys()