commit 007ea81a5cbffab8887e8228548e0b785a27bebc
author Gilles Peskine <Gilles.Peskine@arm.com> Thu Dec 15 22:41:34 2022 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Thu Jan 19 23:53:57 2023 +0100
tree 8dd461fbb88426d3380be53159c57f34f2b91e69
parent 7e0b9497d54848b899eda8706886718e492c83c4

Refactoring: new method Algorithm.is_valid_for_operation

No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

scripts/mbedtls_dev/crypto_knowledge.py

diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py
index 1a03321..a56c863 100644
--- a/scripts/mbedtls_dev/crypto_knowledge.py
+++ b/scripts/mbedtls_dev/crypto_knowledge.py
@@ -214,9 +214,7 @@
         This function does not currently handle key derivation or PAKE.
         """
         #pylint: disable=too-many-branches,too-many-return-statements
-        if alg.is_wildcard:
-            return False
-        if alg.is_invalid_truncation():
+        if not alg.is_valid_for_operation():
             return False
         if self.head == 'HMAC' and alg.head == 'HMAC':
             return True
@@ -498,6 +496,19 @@
                 return True
         return False
 
+    def is_valid_for_operation(self) -> bool:
+        """Whether this algorithm construction is valid for an operation.
+
+        This function assumes that the algorithm is constructed in a
+        "grammatically" correct way, and only rejects semantically invalid
+        combinations.
+        """
+        if self.is_wildcard:
+            return False
+        if self.is_invalid_truncation():
+            return False
+        return True
+
     def can_do(self, category: AlgorithmCategory) -> bool:
         """Whether this algorithm can perform operations in the given category.
         """