TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 23cb12ef9f4bef638fc135b9a42255edc5fce394 / . / tests / scripts / generate_psa_tests.py
blob: d1d8abcb2cfa9b2e60e44359ef29cb362e3f9c7e [file] [log] [blame]
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]1#!/usr/bin/env python3
2"""Generate test data for PSA cryptographic mechanisms.
Gilles Peskine0298bda2021-03-10 02:34:37 +0100[diff] [blame]3
4With no arguments, generate all test data. With non-option arguments,
5generate only the specified files.
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]6"""
7
8# Copyright The Mbed TLS Contributors
9# SPDX-License-Identifier: Apache-2.0
10#
11# Licensed under the Apache License, Version 2.0 (the "License"); you may
12# not use this file except in compliance with the License.
13# You may obtain a copy of the License at
14#
15# http://www.apache.org/licenses/LICENSE-2.0
16#
17# Unless required by applicable law or agreed to in writing, software
18# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
19# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20# See the License for the specific language governing permissions and
21# limitations under the License.
22
23import argparse
Gilles Peskinef8b6b502022-03-15 17:26:33 +0100[diff] [blame]24import enum
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]25import os
26import re
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]27import sys
Gilles Peskine3d778392021-02-17 15:11:05 +0100[diff] [blame]28from typing import Callable, Dict, FrozenSet, Iterable, Iterator, List, Optional, TypeVar
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]29
30import scripts_path # pylint: disable=unused-import
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]31from mbedtls_dev import crypto_knowledge
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]32from mbedtls_dev import macro_collector
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]33from mbedtls_dev import psa_storage
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]34from mbedtls_dev import test_case
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]35
36T = TypeVar('T') #pylint: disable=invalid-name
37
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]38
Gilles Peskine7f756872021-02-16 12:13:12 +0100[diff] [blame]39def psa_want_symbol(name: str) -> str:
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]40 """Return the PSA_WANT_xxx symbol associated with a PSA crypto feature."""
41 if name.startswith('PSA_'):
42 return name[:4] + 'WANT_' + name[4:]
43 else:
44 raise ValueError('Unable to determine the PSA_WANT_ symbol for ' + name)
45
Gilles Peskine7f756872021-02-16 12:13:12 +0100[diff] [blame]46def finish_family_dependency(dep: str, bits: int) -> str:
47 """Finish dep if it's a family dependency symbol prefix.
48
49 A family dependency symbol prefix is a PSA_WANT_ symbol that needs to be
50 qualified by the key size. If dep is such a symbol, finish it by adjusting
51 the prefix and appending the key size. Other symbols are left unchanged.
52 """
53 return re.sub(r'_FAMILY_(.*)', r'_\1_' + str(bits), dep)
54
55def finish_family_dependencies(dependencies: List[str], bits: int) -> List[str]:
56 """Finish any family dependency symbol prefixes.
57
58 Apply `finish_family_dependency` to each element of `dependencies`.
59 """
60 return [finish_family_dependency(dep, bits) for dep in dependencies]
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]61
Gilles Peskine8a55b432021-04-20 23:23:45 +0200[diff] [blame]62SYMBOLS_WITHOUT_DEPENDENCY = frozenset([
63 'PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG', # modifier, only in policies
64 'PSA_ALG_AEAD_WITH_SHORTENED_TAG', # modifier
65 'PSA_ALG_ANY_HASH', # only in policies
66 'PSA_ALG_AT_LEAST_THIS_LENGTH_MAC', # modifier, only in policies
67 'PSA_ALG_KEY_AGREEMENT', # chaining
68 'PSA_ALG_TRUNCATED_MAC', # modifier
69])
Gilles Peskinef8223ab2021-03-10 15:07:16 +0100[diff] [blame]70def automatic_dependencies(*expressions: str) -> List[str]:
71 """Infer dependencies of a test case by looking for PSA_xxx symbols.
72
73 The arguments are strings which should be C expressions. Do not use
74 string literals or comments as this function is not smart enough to
75 skip them.
76 """
77 used = set()
78 for expr in expressions:
79 used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|KEY_TYPE)_\w+', expr))
Gilles Peskine8a55b432021-04-20 23:23:45 +0200[diff] [blame]80 used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY)
Gilles Peskinef8223ab2021-03-10 15:07:16 +0100[diff] [blame]81 return sorted(psa_want_symbol(name) for name in used)
82
Gilles Peskined169d602021-02-16 14:16:25 +0100[diff] [blame]83# A temporary hack: at the time of writing, not all dependency symbols
84# are implemented yet. Skip test cases for which the dependency symbols are
85# not available. Once all dependency symbols are available, this hack must
86# be removed so that a bug in the dependency symbols proprely leads to a test
87# failure.
88def read_implemented_dependencies(filename: str) -> FrozenSet[str]:
89 return frozenset(symbol
90 for line in open(filename)
91 for symbol in re.findall(r'\bPSA_WANT_\w+\b', line))
Przemyslaw Stekiel29275932021-11-09 12:06:26 +0100[diff] [blame]92_implemented_dependencies = None #type: Optional[FrozenSet[str]] #pylint: disable=invalid-name
Gilles Peskined169d602021-02-16 14:16:25 +0100[diff] [blame]93def hack_dependencies_not_implemented(dependencies: List[str]) -> None:
Przemyslaw Stekiel29275932021-11-09 12:06:26 +0100[diff] [blame]94 global _implemented_dependencies #pylint: disable=global-statement,invalid-name
Przemyslaw Stekiel08101082021-10-22 10:39:56 +0200[diff] [blame]95 if _implemented_dependencies is None:
96 _implemented_dependencies = \
97 read_implemented_dependencies('include/psa/crypto_config.h')
98 if not all((dep.lstrip('!') in _implemented_dependencies or 'PSA_WANT' not in dep)
Gilles Peskined169d602021-02-16 14:16:25 +0100[diff] [blame]99 for dep in dependencies):
100 dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET')
101
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]102
Gilles Peskineb94ea512021-03-10 02:12:08 +0100[diff] [blame]103class Information:
104 """Gather information about PSA constructors."""
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]105
Gilles Peskineb94ea512021-03-10 02:12:08 +0100[diff] [blame]106 def __init__(self) -> None:
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]107 self.constructors = self.read_psa_interface()
108
109 @staticmethod
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]110 def remove_unwanted_macros(
Gilles Peskineb93f8542021-04-19 13:50:25 +0200[diff] [blame]111 constructors: macro_collector.PSAMacroEnumerator
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]112 ) -> None:
Gilles Peskineb93f8542021-04-19 13:50:25 +0200[diff] [blame]113 # Mbed TLS doesn't support finite-field DH yet and will not support
114 # finite-field DSA. Don't attempt to generate any related test case.
115 constructors.key_types.discard('PSA_KEY_TYPE_DH_KEY_PAIR')
116 constructors.key_types.discard('PSA_KEY_TYPE_DH_PUBLIC_KEY')
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]117 constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR')
118 constructors.key_types.discard('PSA_KEY_TYPE_DSA_PUBLIC_KEY')
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]119
Gilles Peskineb93f8542021-04-19 13:50:25 +0200[diff] [blame]120 def read_psa_interface(self) -> macro_collector.PSAMacroEnumerator:
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]121 """Return the list of known key types, algorithms, etc."""
Gilles Peskined6d2d6a2021-03-30 21:46:35 +0200[diff] [blame]122 constructors = macro_collector.InputsForTest()
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]123 header_file_names = ['include/psa/crypto_values.h',
124 'include/psa/crypto_extra.h']
Gilles Peskineb93f8542021-04-19 13:50:25 +0200[diff] [blame]125 test_suites = ['tests/suites/test_suite_psa_crypto_metadata.data']
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]126 for header_file_name in header_file_names:
Gilles Peskineb93f8542021-04-19 13:50:25 +0200[diff] [blame]127 constructors.parse_header(header_file_name)
128 for test_cases in test_suites:
129 constructors.parse_test_cases(test_cases)
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]130 self.remove_unwanted_macros(constructors)
Gilles Peskined6d2d6a2021-03-30 21:46:35 +0200[diff] [blame]131 constructors.gather_arguments()
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]132 return constructors
133
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]134
Przemyslaw Stekield6ead7c2021-10-11 10:15:25 +0200[diff] [blame]135def test_case_for_key_type_not_supported(
Gilles Peskineb94ea512021-03-10 02:12:08 +0100[diff] [blame]136 verb: str, key_type: str, bits: int,
137 dependencies: List[str],
138 *args: str,
139 param_descr: str = ''
140) -> test_case.TestCase:
141 """Return one test case exercising a key creation method
142 for an unsupported key type or size.
143 """
144 hack_dependencies_not_implemented(dependencies)
145 tc = test_case.TestCase()
146 short_key_type = re.sub(r'PSA_(KEY_TYPE|ECC_FAMILY)_', r'', key_type)
147 adverb = 'not' if dependencies else 'never'
148 if param_descr:
149 adverb = param_descr + ' ' + adverb
Przemyslaw Stekield6ead7c2021-10-11 10:15:25 +0200[diff] [blame]150 tc.set_description('PSA {} {} {}-bit {} supported'
151 .format(verb, short_key_type, bits, adverb))
152 tc.set_dependencies(dependencies)
153 tc.set_function(verb + '_not_supported')
154 tc.set_arguments([key_type] + list(args))
155 return tc
156
Gilles Peskineb94ea512021-03-10 02:12:08 +0100[diff] [blame]157class NotSupported:
Przemyslaw Stekiel32a8b842021-10-18 14:58:20 +0200[diff] [blame]158 """Generate test cases for when something is not supported."""
Gilles Peskineb94ea512021-03-10 02:12:08 +0100[diff] [blame]159
160 def __init__(self, info: Information) -> None:
161 self.constructors = info.constructors
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]162
Gilles Peskine60b29fe2021-02-16 14:06:50 +0100[diff] [blame]163 ALWAYS_SUPPORTED = frozenset([
164 'PSA_KEY_TYPE_DERIVE',
165 'PSA_KEY_TYPE_RAW_DATA',
166 ])
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]167 def test_cases_for_key_type_not_supported(
Gilles Peskine60b29fe2021-02-16 14:06:50 +0100[diff] [blame]168 self,
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]169 kt: crypto_knowledge.KeyType,
170 param: Optional[int] = None,
171 param_descr: str = '',
Gilles Peskine3d778392021-02-17 15:11:05 +0100[diff] [blame]172 ) -> Iterator[test_case.TestCase]:
Przemyslaw Stekiel32a8b842021-10-18 14:58:20 +0200[diff] [blame]173 """Return test cases exercising key creation when the given type is unsupported.
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]174
175 If param is present and not None, emit test cases conditioned on this
176 parameter not being supported. If it is absent or None, emit test cases
Przemyslaw Stekiel32a8b842021-10-18 14:58:20 +0200[diff] [blame]177 conditioned on the base type not being supported.
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]178 """
Gilles Peskine60b29fe2021-02-16 14:06:50 +0100[diff] [blame]179 if kt.name in self.ALWAYS_SUPPORTED:
180 # Don't generate test cases for key types that are always supported.
181 # They would be skipped in all configurations, which is noise.
Gilles Peskine3d778392021-02-17 15:11:05 +0100[diff] [blame]182 return
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]183 import_dependencies = [('!' if param is None else '') +
184 psa_want_symbol(kt.name)]
185 if kt.params is not None:
186 import_dependencies += [('!' if param == i else '') +
187 psa_want_symbol(sym)
188 for i, sym in enumerate(kt.params)]
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]189 if kt.name.endswith('_PUBLIC_KEY'):
190 generate_dependencies = []
191 else:
192 generate_dependencies = import_dependencies
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]193 for bits in kt.sizes_to_test():
Przemyslaw Stekield6ead7c2021-10-11 10:15:25 +0200[diff] [blame]194 yield test_case_for_key_type_not_supported(
Gilles Peskine7f756872021-02-16 12:13:12 +0100[diff] [blame]195 'import', kt.expression, bits,
196 finish_family_dependencies(import_dependencies, bits),
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]197 test_case.hex_string(kt.key_material(bits)),
198 param_descr=param_descr,
Gilles Peskine3d778392021-02-17 15:11:05 +0100[diff] [blame]199 )
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]200 if not generate_dependencies and param is not None:
201 # If generation is impossible for this key type, rather than
202 # supported or not depending on implementation capabilities,
203 # only generate the test case once.
204 continue
Przemyslaw Stekiel1ab3a5c2021-11-02 10:50:44 +0100[diff] [blame]205 # For public key we expect that key generation fails with
206 # INVALID_ARGUMENT. It is handled by KeyGenerate class.
Przemyslaw Stekiel32a8b842021-10-18 14:58:20 +0200[diff] [blame]207 if not kt.name.endswith('_PUBLIC_KEY'):
Przemyslaw Stekield6ead7c2021-10-11 10:15:25 +0200[diff] [blame]208 yield test_case_for_key_type_not_supported(
209 'generate', kt.expression, bits,
210 finish_family_dependencies(generate_dependencies, bits),
211 str(bits),
212 param_descr=param_descr,
213 )
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]214 # To be added: derive
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]215
Gilles Peskineb93f8542021-04-19 13:50:25 +0200[diff] [blame]216 ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
217 'PSA_KEY_TYPE_ECC_PUBLIC_KEY')
218
Gilles Peskine3d778392021-02-17 15:11:05 +0100[diff] [blame]219 def test_cases_for_not_supported(self) -> Iterator[test_case.TestCase]:
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]220 """Generate test cases that exercise the creation of keys of unsupported types."""
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]221 for key_type in sorted(self.constructors.key_types):
Gilles Peskineb93f8542021-04-19 13:50:25 +0200[diff] [blame]222 if key_type in self.ECC_KEY_TYPES:
223 continue
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]224 kt = crypto_knowledge.KeyType(key_type)
Gilles Peskine3d778392021-02-17 15:11:05 +0100[diff] [blame]225 yield from self.test_cases_for_key_type_not_supported(kt)
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]226 for curve_family in sorted(self.constructors.ecc_curves):
Gilles Peskineb93f8542021-04-19 13:50:25 +0200[diff] [blame]227 for constr in self.ECC_KEY_TYPES:
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]228 kt = crypto_knowledge.KeyType(constr, [curve_family])
Gilles Peskine3d778392021-02-17 15:11:05 +0100[diff] [blame]229 yield from self.test_cases_for_key_type_not_supported(
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]230 kt, param_descr='type')
Gilles Peskine3d778392021-02-17 15:11:05 +0100[diff] [blame]231 yield from self.test_cases_for_key_type_not_supported(
Gilles Peskineaf172842021-01-27 18:24:48 +0100[diff] [blame]232 kt, 0, param_descr='curve')
Gilles Peskineb94ea512021-03-10 02:12:08 +0100[diff] [blame]233
Przemyslaw Stekiel997caf82021-10-15 15:21:51 +0200[diff] [blame]234def test_case_for_key_generation(
235 key_type: str, bits: int,
236 dependencies: List[str],
237 *args: str,
Przemyslaw Stekielc03b7c52021-10-20 11:59:50 +0200[diff] [blame]238 result: str = ''
Przemyslaw Stekiel997caf82021-10-15 15:21:51 +0200[diff] [blame]239) -> test_case.TestCase:
240 """Return one test case exercising a key generation.
241 """
242 hack_dependencies_not_implemented(dependencies)
243 tc = test_case.TestCase()
244 short_key_type = re.sub(r'PSA_(KEY_TYPE|ECC_FAMILY)_', r'', key_type)
245 tc.set_description('PSA {} {}-bit'
Przemyslaw Stekielc03b7c52021-10-20 11:59:50 +0200[diff] [blame]246 .format(short_key_type, bits))
Przemyslaw Stekiel997caf82021-10-15 15:21:51 +0200[diff] [blame]247 tc.set_dependencies(dependencies)
248 tc.set_function('generate_key')
Przemyslaw Stekiel1ab3a5c2021-11-02 10:50:44 +0100[diff] [blame]249 tc.set_arguments([key_type] + list(args) + [result])
Przemyslaw Stekiel997caf82021-10-15 15:21:51 +0200[diff] [blame]250
251 return tc
252
253class KeyGenerate:
254 """Generate positive and negative (invalid argument) test cases for key generation."""
255
256 def __init__(self, info: Information) -> None:
257 self.constructors = info.constructors
258
Przemyslaw Stekielc03b7c52021-10-20 11:59:50 +0200[diff] [blame]259 ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
260 'PSA_KEY_TYPE_ECC_PUBLIC_KEY')
261
Przemyslaw Stekiel1ab3a5c2021-11-02 10:50:44 +0100[diff] [blame]262 @staticmethod
Przemyslaw Stekiel997caf82021-10-15 15:21:51 +0200[diff] [blame]263 def test_cases_for_key_type_key_generation(
Przemyslaw Stekielc03b7c52021-10-20 11:59:50 +0200[diff] [blame]264 kt: crypto_knowledge.KeyType
Przemyslaw Stekiel997caf82021-10-15 15:21:51 +0200[diff] [blame]265 ) -> Iterator[test_case.TestCase]:
266 """Return test cases exercising key generation.
267
268 All key types can be generated except for public keys. For public key
269 PSA_ERROR_INVALID_ARGUMENT status is expected.
270 """
271 result = 'PSA_SUCCESS'
272
273 import_dependencies = [psa_want_symbol(kt.name)]
274 if kt.params is not None:
275 import_dependencies += [psa_want_symbol(sym)
276 for i, sym in enumerate(kt.params)]
277 if kt.name.endswith('_PUBLIC_KEY'):
Przemyslaw Stekiel1ab3a5c2021-11-02 10:50:44 +0100[diff] [blame]278 # The library checks whether the key type is a public key generically,
279 # before it reaches a point where it needs support for the specific key
280 # type, so it returns INVALID_ARGUMENT for unsupported public key types.
Przemyslaw Stekiel997caf82021-10-15 15:21:51 +0200[diff] [blame]281 generate_dependencies = []
282 result = 'PSA_ERROR_INVALID_ARGUMENT'
283 else:
284 generate_dependencies = import_dependencies
Przemyslaw Stekiel1ab3a5c2021-11-02 10:50:44 +0100[diff] [blame]285 if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR':
Przemyslaw Stekiel08101082021-10-22 10:39:56 +0200[diff] [blame]286 generate_dependencies.append("MBEDTLS_GENPRIME")
Przemyslaw Stekiel997caf82021-10-15 15:21:51 +0200[diff] [blame]287 for bits in kt.sizes_to_test():
288 yield test_case_for_key_generation(
289 kt.expression, bits,
290 finish_family_dependencies(generate_dependencies, bits),
291 str(bits),
Przemyslaw Stekielc03b7c52021-10-20 11:59:50 +0200[diff] [blame]292 result
Przemyslaw Stekiel997caf82021-10-15 15:21:51 +0200[diff] [blame]293 )
294
Przemyslaw Stekiel997caf82021-10-15 15:21:51 +0200[diff] [blame]295 def test_cases_for_key_generation(self) -> Iterator[test_case.TestCase]:
296 """Generate test cases that exercise the generation of keys."""
297 for key_type in sorted(self.constructors.key_types):
298 if key_type in self.ECC_KEY_TYPES:
299 continue
300 kt = crypto_knowledge.KeyType(key_type)
301 yield from self.test_cases_for_key_type_key_generation(kt)
302 for curve_family in sorted(self.constructors.ecc_curves):
303 for constr in self.ECC_KEY_TYPES:
304 kt = crypto_knowledge.KeyType(constr, [curve_family])
Przemyslaw Stekielc03b7c52021-10-20 11:59:50 +0200[diff] [blame]305 yield from self.test_cases_for_key_type_key_generation(kt)
Przemyslaw Stekiel997caf82021-10-15 15:21:51 +0200[diff] [blame]306
Gilles Peskinec05158b2021-04-27 20:40:10 +0200[diff] [blame]307class OpFail:
308 """Generate test cases for operations that must fail."""
309 #pylint: disable=too-few-public-methods
310
Gilles Peskinef8b6b502022-03-15 17:26:33 +0100[diff] [blame]311 class Reason(enum.Enum):
312 NOT_SUPPORTED = 0
313 INVALID = 1
314 INCOMPATIBLE = 2
315
Gilles Peskinec05158b2021-04-27 20:40:10 +0200[diff] [blame]316 def __init__(self, info: Information) -> None:
317 self.constructors = info.constructors
Gilles Peskinef8b6b502022-03-15 17:26:33 +0100[diff] [blame]318 key_type_expressions = self.constructors.generate_expressions(
319 sorted(self.constructors.key_types)
320 )
321 self.key_types = [crypto_knowledge.KeyType(kt_expr)
322 for kt_expr in key_type_expressions]
Gilles Peskinec05158b2021-04-27 20:40:10 +0200[diff] [blame]323
Gilles Peskinef8b6b502022-03-15 17:26:33 +0100[diff] [blame]324 def make_test_case(
325 self,
326 alg: crypto_knowledge.Algorithm,
327 category: crypto_knowledge.AlgorithmCategory,
328 reason: 'Reason',
329 kt: Optional[crypto_knowledge.KeyType] = None,
330 not_deps: FrozenSet[str] = frozenset(),
331 ) -> test_case.TestCase:
332 """Construct a failure test case for a one-key or keyless operation."""
333 #pylint: disable=too-many-arguments,too-many-locals
Gilles Peskinea2180472021-04-27 21:03:43 +0200[diff] [blame]334 tc = test_case.TestCase()
Gilles Peskinef8b6b502022-03-15 17:26:33 +0100[diff] [blame]335 pretty_alg = re.sub(r'PSA_ALG_', r'', alg.expression)
Gilles Peskined0964452021-04-29 21:35:03 +0200[diff] [blame]336 if reason == self.Reason.NOT_SUPPORTED:
337 short_deps = [re.sub(r'PSA_WANT_ALG_', r'', dep)
338 for dep in not_deps]
339 pretty_reason = '!' + '&'.join(sorted(short_deps))
340 else:
341 pretty_reason = reason.name.lower()
Gilles Peskinef8b6b502022-03-15 17:26:33 +0100[diff] [blame]342 if kt:
343 key_type = kt.expression
344 pretty_type = re.sub(r'PSA_KEY_TYPE_', r'', key_type)
Gilles Peskinea2180472021-04-27 21:03:43 +0200[diff] [blame]345 else:
Gilles Peskinef8b6b502022-03-15 17:26:33 +0100[diff] [blame]346 key_type = ''
347 pretty_type = ''
348 tc.set_description('PSA {} {}: {}{}'
349 .format(category.name.lower(),
350 pretty_alg,
351 pretty_reason,
352 ' with ' + pretty_type if pretty_type else ''))
353 dependencies = automatic_dependencies(alg.base_expression, key_type)
354 for i, dep in enumerate(dependencies):
355 if dep in not_deps:
356 dependencies[i] = '!' + dep
Gilles Peskinea2180472021-04-27 21:03:43 +0200[diff] [blame]357 tc.set_dependencies(dependencies)
Gilles Peskinef8b6b502022-03-15 17:26:33 +0100[diff] [blame]358 tc.set_function(category.name.lower() + '_fail')
359 arguments = []
360 if kt:
361 key_material = kt.key_material(kt.sizes_to_test()[0])
362 arguments += [key_type, test_case.hex_string(key_material)]
363 arguments.append(alg.expression)
364 error = ('NOT_SUPPORTED' if reason == self.Reason.NOT_SUPPORTED else
365 'INVALID_ARGUMENT')
366 arguments.append('PSA_ERROR_' + error)
367 tc.set_arguments(arguments)
368 return tc
Gilles Peskinea2180472021-04-27 21:03:43 +0200[diff] [blame]369
Gilles Peskinef8b6b502022-03-15 17:26:33 +0100[diff] [blame]370 def no_key_test_cases(
371 self,
372 alg: crypto_knowledge.Algorithm,
373 category: crypto_knowledge.AlgorithmCategory,
374 ) -> Iterator[test_case.TestCase]:
375 """Generate failure test cases for keyless operations with the specified algorithm."""
Gilles Peskine23cb12e2021-04-29 20:54:40 +0200[diff] [blame^]376 if alg.can_do(category):
Gilles Peskinef8b6b502022-03-15 17:26:33 +0100[diff] [blame]377 # Compatible operation, unsupported algorithm
378 for dep in automatic_dependencies(alg.base_expression):
379 yield self.make_test_case(alg, category,
380 self.Reason.NOT_SUPPORTED,
381 not_deps=frozenset([dep]))
382 else:
383 # Incompatible operation, supported algorithm
384 yield self.make_test_case(alg, category, self.Reason.INVALID)
385
386 def one_key_test_cases(
387 self,
388 alg: crypto_knowledge.Algorithm,
389 category: crypto_knowledge.AlgorithmCategory,
390 ) -> Iterator[test_case.TestCase]:
391 """Generate failure test cases for one-key operations with the specified algorithm."""
392 for kt in self.key_types:
393 key_is_compatible = kt.can_do(alg)
394 # To do: public key for a private key operation
Gilles Peskine23cb12e2021-04-29 20:54:40 +0200[diff] [blame^]395 if key_is_compatible and alg.can_do(category):
Gilles Peskinef8b6b502022-03-15 17:26:33 +0100[diff] [blame]396 # Compatible key and operation, unsupported algorithm
397 for dep in automatic_dependencies(alg.base_expression):
398 yield self.make_test_case(alg, category,
399 self.Reason.NOT_SUPPORTED,
400 kt=kt, not_deps=frozenset([dep]))
401 elif key_is_compatible:
402 # Compatible key, incompatible operation, supported algorithm
403 yield self.make_test_case(alg, category,
404 self.Reason.INVALID,
405 kt=kt)
Gilles Peskine23cb12e2021-04-29 20:54:40 +0200[diff] [blame^]406 elif alg.can_do(category):
Gilles Peskinef8b6b502022-03-15 17:26:33 +0100[diff] [blame]407 # Incompatible key, compatible operation, supported algorithm
408 yield self.make_test_case(alg, category,
409 self.Reason.INCOMPATIBLE,
410 kt=kt)
411 else:
412 # Incompatible key and operation. Don't test cases where
413 # multiple things are wrong, to keep the number of test
414 # cases reasonable.
415 pass
416
417 def test_cases_for_algorithm(
418 self,
419 alg: crypto_knowledge.Algorithm,
420 ) -> Iterator[test_case.TestCase]:
Gilles Peskinea2180472021-04-27 21:03:43 +0200[diff] [blame]421 """Generate operation failure test cases for the specified algorithm."""
Gilles Peskinef8b6b502022-03-15 17:26:33 +0100[diff] [blame]422 for category in crypto_knowledge.AlgorithmCategory:
423 if category == crypto_knowledge.AlgorithmCategory.PAKE:
424 # PAKE operations are not implemented yet
425 pass
426 elif category.requires_key():
427 yield from self.one_key_test_cases(alg, category)
428 else:
429 yield from self.no_key_test_cases(alg, category)
Gilles Peskinea2180472021-04-27 21:03:43 +0200[diff] [blame]430
Gilles Peskinec05158b2021-04-27 20:40:10 +0200[diff] [blame]431 def all_test_cases(self) -> Iterator[test_case.TestCase]:
432 """Generate all test cases for operations that must fail."""
Gilles Peskinea2180472021-04-27 21:03:43 +0200[diff] [blame]433 algorithms = sorted(self.constructors.algorithms)
Gilles Peskinef8b6b502022-03-15 17:26:33 +0100[diff] [blame]434 for expr in self.constructors.generate_expressions(algorithms):
435 alg = crypto_knowledge.Algorithm(expr)
Gilles Peskinea2180472021-04-27 21:03:43 +0200[diff] [blame]436 yield from self.test_cases_for_algorithm(alg)
Gilles Peskinec05158b2021-04-27 20:40:10 +0200[diff] [blame]437
438
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]439class StorageKey(psa_storage.Key):
440 """Representation of a key for storage format testing."""
441
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]442 IMPLICIT_USAGE_FLAGS = {
443 'PSA_KEY_USAGE_SIGN_HASH': 'PSA_KEY_USAGE_SIGN_MESSAGE',
444 'PSA_KEY_USAGE_VERIFY_HASH': 'PSA_KEY_USAGE_VERIFY_MESSAGE'
445 } #type: Dict[str, str]
446 """Mapping of usage flags to the flags that they imply."""
447
448 def __init__(
449 self,
450 usage: str,
451 without_implicit_usage: Optional[bool] = False,
452 **kwargs
453 ) -> None:
454 """Prepare to generate a key.
455
456 * `usage` : The usage flags used for the key.
457 * `without_implicit_usage`: Flag to defide to apply the usage extension
458 """
gabor-mezei-arm3ea27322021-06-29 17:21:21 +0200[diff] [blame]459 super().__init__(usage=usage, **kwargs)
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]460
461 if not without_implicit_usage:
462 for flag, implicit in self.IMPLICIT_USAGE_FLAGS.items():
463 if self.usage.value() & psa_storage.Expr(flag).value() and \
464 self.usage.value() & psa_storage.Expr(implicit).value() == 0:
465 self.usage = psa_storage.Expr(self.usage.string + ' | ' + implicit)
466
467class StorageTestData(StorageKey):
468 """Representation of test case data for storage format testing."""
469
gabor-mezei-arm044fefc2021-06-24 10:16:44 +0200[diff] [blame]470 def __init__(
471 self,
472 description: str,
473 expected_usage: Optional[str] = None,
474 **kwargs
475 ) -> None:
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]476 """Prepare to generate test data
gabor-mezei-arm044fefc2021-06-24 10:16:44 +0200[diff] [blame]477
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]478 * `description` : used for the the test case names
479 * `expected_usage`: the usage flags generated as the expected usage flags
480 in the test cases. CAn differ from the usage flags
481 stored in the keys because of the usage flags extension.
gabor-mezei-arm044fefc2021-06-24 10:16:44 +0200[diff] [blame]482 """
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]483 super().__init__(**kwargs)
484 self.description = description #type: str
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]485 self.expected_usage = expected_usage if expected_usage else self.usage.string #type: str
gabor-mezei-arm15c1f032021-06-24 10:04:38 +0200[diff] [blame]486
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]487class StorageFormat:
488 """Storage format stability test cases."""
489
490 def __init__(self, info: Information, version: int, forward: bool) -> None:
491 """Prepare to generate test cases for storage format stability.
492
493 * `info`: information about the API. See the `Information` class.
494 * `version`: the storage format version to generate test cases for.
495 * `forward`: if true, generate forward compatibility test cases which
496 save a key and check that its representation is as intended. Otherwise
497 generate backward compatibility test cases which inject a key
498 representation and check that it can be read and used.
499 """
gabor-mezei-arm0bdb84e2021-06-23 17:01:44 +0200[diff] [blame]500 self.constructors = info.constructors #type: macro_collector.PSAMacroEnumerator
501 self.version = version #type: int
502 self.forward = forward #type: bool
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]503
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]504 def make_test_case(self, key: StorageTestData) -> test_case.TestCase:
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]505 """Construct a storage format test case for the given key.
506
507 If ``forward`` is true, generate a forward compatibility test case:
508 create a key and validate that it has the expected representation.
509 Otherwise generate a backward compatibility test case: inject the
510 key representation into storage and validate that it can be read
511 correctly.
512 """
513 verb = 'save' if self.forward else 'read'
514 tc = test_case.TestCase()
515 tc.set_description('PSA storage {}: {}'.format(verb, key.description))
Gilles Peskinef8223ab2021-03-10 15:07:16 +0100[diff] [blame]516 dependencies = automatic_dependencies(
517 key.lifetime.string, key.type.string,
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]518 key.expected_usage, key.alg.string, key.alg2.string,
Gilles Peskinef8223ab2021-03-10 15:07:16 +0100[diff] [blame]519 )
520 dependencies = finish_family_dependencies(dependencies, key.bits)
521 tc.set_dependencies(dependencies)
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]522 tc.set_function('key_storage_' + verb)
523 if self.forward:
524 extra_arguments = []
525 else:
Gilles Peskine643eb832021-04-21 20:11:33 +0200[diff] [blame]526 flags = []
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]527 # Some test keys have the RAW_DATA type and attributes that don't
528 # necessarily make sense. We do this to validate numerical
529 # encodings of the attributes.
530 # Raw data keys have no useful exercise anyway so there is no
531 # loss of test coverage.
Gilles Peskine643eb832021-04-21 20:11:33 +0200[diff] [blame]532 if key.type.string != 'PSA_KEY_TYPE_RAW_DATA':
533 flags.append('TEST_FLAG_EXERCISE')
534 if 'READ_ONLY' in key.lifetime.string:
535 flags.append('TEST_FLAG_READ_ONLY')
536 extra_arguments = [' | '.join(flags) if flags else '0']
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]537 tc.set_arguments([key.lifetime.string,
538 key.type.string, str(key.bits),
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]539 key.expected_usage, key.alg.string, key.alg2.string,
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]540 '"' + key.material.hex() + '"',
541 '"' + key.hex() + '"',
542 *extra_arguments])
543 return tc
544
Gilles Peskineefb584d2021-04-21 22:05:34 +0200[diff] [blame]545 def key_for_lifetime(
546 self,
547 lifetime: str,
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]548 ) -> StorageTestData:
Gilles Peskineefb584d2021-04-21 22:05:34 +0200[diff] [blame]549 """Construct a test key for the given lifetime."""
550 short = lifetime
551 short = re.sub(r'PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION',
552 r'', short)
553 short = re.sub(r'PSA_KEY_[A-Z]+_', r'', short)
554 description = 'lifetime: ' + short
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]555 key = StorageTestData(version=self.version,
556 id=1, lifetime=lifetime,
557 type='PSA_KEY_TYPE_RAW_DATA', bits=8,
558 usage='PSA_KEY_USAGE_EXPORT', alg=0, alg2=0,
559 material=b'L',
560 description=description)
561 return key
Gilles Peskineefb584d2021-04-21 22:05:34 +0200[diff] [blame]562
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]563 def all_keys_for_lifetimes(self) -> Iterator[StorageTestData]:
Gilles Peskineefb584d2021-04-21 22:05:34 +0200[diff] [blame]564 """Generate test keys covering lifetimes."""
565 lifetimes = sorted(self.constructors.lifetimes)
566 expressions = self.constructors.generate_expressions(lifetimes)
567 for lifetime in expressions:
568 # Don't attempt to create or load a volatile key in storage
569 if 'VOLATILE' in lifetime:
570 continue
571 # Don't attempt to create a read-only key in storage,
572 # but do attempt to load one.
573 if 'READ_ONLY' in lifetime and self.forward:
574 continue
gabor-mezei-arm5ea30372021-06-28 19:26:55 +0200[diff] [blame]575 yield self.key_for_lifetime(lifetime)
Gilles Peskineefb584d2021-04-21 22:05:34 +0200[diff] [blame]576
Gilles Peskinea296e482022-02-24 18:58:08 +0100[diff] [blame]577 def key_for_usage_flags(
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]578 self,
579 usage_flags: List[str],
gabor-mezei-armd71659f2021-06-24 09:42:02 +0200[diff] [blame]580 short: Optional[str] = None,
Gilles Peskinea296e482022-02-24 18:58:08 +0100[diff] [blame]581 test_implicit_usage: Optional[bool] = True
582 ) -> StorageTestData:
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]583 """Construct a test key for the given key usage."""
584 usage = ' | '.join(usage_flags) if usage_flags else '0'
585 if short is None:
586 short = re.sub(r'\bPSA_KEY_USAGE_', r'', usage)
Gilles Peskinea296e482022-02-24 18:58:08 +0100[diff] [blame]587 extra_desc = ' without implication' if test_implicit_usage else ''
gabor-mezei-armd71659f2021-06-24 09:42:02 +0200[diff] [blame]588 description = 'usage' + extra_desc + ': ' + short
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]589 key1 = StorageTestData(version=self.version,
590 id=1, lifetime=0x00000001,
591 type='PSA_KEY_TYPE_RAW_DATA', bits=8,
592 expected_usage=usage,
Gilles Peskinea296e482022-02-24 18:58:08 +0100[diff] [blame]593 without_implicit_usage=not test_implicit_usage,
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]594 usage=usage, alg=0, alg2=0,
595 material=b'K',
596 description=description)
Gilles Peskinea296e482022-02-24 18:58:08 +0100[diff] [blame]597 return key1
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]598
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]599 def generate_keys_for_usage_flags(self, **kwargs) -> Iterator[StorageTestData]:
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]600 """Generate test keys covering usage flags."""
601 known_flags = sorted(self.constructors.key_usage_flags)
Gilles Peskinea296e482022-02-24 18:58:08 +0100[diff] [blame]602 yield self.key_for_usage_flags(['0'], **kwargs)
gabor-mezei-arm5ea30372021-06-28 19:26:55 +0200[diff] [blame]603 for usage_flag in known_flags:
Gilles Peskinea296e482022-02-24 18:58:08 +0100[diff] [blame]604 yield self.key_for_usage_flags([usage_flag], **kwargs)
gabor-mezei-arm5ea30372021-06-28 19:26:55 +0200[diff] [blame]605 for flag1, flag2 in zip(known_flags,
606 known_flags[1:] + [known_flags[0]]):
Gilles Peskinea296e482022-02-24 18:58:08 +0100[diff] [blame]607 yield self.key_for_usage_flags([flag1, flag2], **kwargs)
gabor-mezei-armbce85272021-06-24 14:38:51 +0200[diff] [blame]608
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]609 def generate_key_for_all_usage_flags(self) -> Iterator[StorageTestData]:
gabor-mezei-armbce85272021-06-24 14:38:51 +0200[diff] [blame]610 known_flags = sorted(self.constructors.key_usage_flags)
Gilles Peskinea296e482022-02-24 18:58:08 +0100[diff] [blame]611 yield self.key_for_usage_flags(known_flags, short='all known')
gabor-mezei-armbce85272021-06-24 14:38:51 +0200[diff] [blame]612
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]613 def all_keys_for_usage_flags(self) -> Iterator[StorageTestData]:
gabor-mezei-arm5ea30372021-06-28 19:26:55 +0200[diff] [blame]614 yield from self.generate_keys_for_usage_flags()
615 yield from self.generate_key_for_all_usage_flags()
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]616
Gilles Peskinef8223ab2021-03-10 15:07:16 +0100[diff] [blame]617 def keys_for_type(
618 self,
619 key_type: str,
620 params: Optional[Iterable[str]] = None
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]621 ) -> Iterator[StorageTestData]:
Gilles Peskinef8223ab2021-03-10 15:07:16 +0100[diff] [blame]622 """Generate test keys for the given key type.
623
624 For key types that depend on a parameter (e.g. elliptic curve family),
625 `param` is the parameter to pass to the constructor. Only a single
626 parameter is supported.
627 """
628 kt = crypto_knowledge.KeyType(key_type, params)
629 for bits in kt.sizes_to_test():
630 usage_flags = 'PSA_KEY_USAGE_EXPORT'
631 alg = 0
632 alg2 = 0
633 key_material = kt.key_material(bits)
634 short_expression = re.sub(r'\bPSA_(?:KEY_TYPE|ECC_FAMILY)_',
635 r'',
636 kt.expression)
637 description = 'type: {} {}-bit'.format(short_expression, bits)
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]638 key = StorageTestData(version=self.version,
639 id=1, lifetime=0x00000001,
640 type=kt.expression, bits=bits,
641 usage=usage_flags, alg=alg, alg2=alg2,
642 material=key_material,
643 description=description)
644 yield key
Gilles Peskinef8223ab2021-03-10 15:07:16 +0100[diff] [blame]645
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]646 def all_keys_for_types(self) -> Iterator[StorageTestData]:
Gilles Peskinef8223ab2021-03-10 15:07:16 +0100[diff] [blame]647 """Generate test keys covering key types and their representations."""
Gilles Peskineb93f8542021-04-19 13:50:25 +0200[diff] [blame]648 key_types = sorted(self.constructors.key_types)
gabor-mezei-arm5ea30372021-06-28 19:26:55 +0200[diff] [blame]649 for key_type in self.constructors.generate_expressions(key_types):
650 yield from self.keys_for_type(key_type)
Gilles Peskinef8223ab2021-03-10 15:07:16 +0100[diff] [blame]651
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]652 def keys_for_algorithm(self, alg: str) -> Iterator[StorageTestData]:
Gilles Peskined86bc522021-03-10 15:08:57 +0100[diff] [blame]653 """Generate test keys for the specified algorithm."""
654 # For now, we don't have information on the compatibility of key
655 # types and algorithms. So we just test the encoding of algorithms,
656 # and not that operations can be performed with them.
Gilles Peskineff9629f2021-04-21 10:18:19 +0200[diff] [blame]657 descr = re.sub(r'PSA_ALG_', r'', alg)
658 descr = re.sub(r',', r', ', re.sub(r' +', r'', descr))
Gilles Peskined86bc522021-03-10 15:08:57 +0100[diff] [blame]659 usage = 'PSA_KEY_USAGE_EXPORT'
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]660 key1 = StorageTestData(version=self.version,
661 id=1, lifetime=0x00000001,
662 type='PSA_KEY_TYPE_RAW_DATA', bits=8,
663 usage=usage, alg=alg, alg2=0,
664 material=b'K',
665 description='alg: ' + descr)
666 yield key1
667 key2 = StorageTestData(version=self.version,
668 id=1, lifetime=0x00000001,
669 type='PSA_KEY_TYPE_RAW_DATA', bits=8,
670 usage=usage, alg=0, alg2=alg,
671 material=b'L',
672 description='alg2: ' + descr)
673 yield key2
Gilles Peskined86bc522021-03-10 15:08:57 +0100[diff] [blame]674
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]675 def all_keys_for_algorithms(self) -> Iterator[StorageTestData]:
Gilles Peskined86bc522021-03-10 15:08:57 +0100[diff] [blame]676 """Generate test keys covering algorithm encodings."""
Gilles Peskineb93f8542021-04-19 13:50:25 +0200[diff] [blame]677 algorithms = sorted(self.constructors.algorithms)
gabor-mezei-arm5ea30372021-06-28 19:26:55 +0200[diff] [blame]678 for alg in self.constructors.generate_expressions(algorithms):
679 yield from self.keys_for_algorithm(alg)
Gilles Peskined86bc522021-03-10 15:08:57 +0100[diff] [blame]680
gabor-mezei-armea840de2021-06-29 15:42:57 +0200[diff] [blame]681 def generate_all_keys(self) -> Iterator[StorageTestData]:
gabor-mezei-arm8b0c91c2021-06-24 09:49:50 +0200[diff] [blame]682 """Generate all keys for the test cases."""
gabor-mezei-armea840de2021-06-29 15:42:57 +0200[diff] [blame]683 yield from self.all_keys_for_lifetimes()
684 yield from self.all_keys_for_usage_flags()
685 yield from self.all_keys_for_types()
686 yield from self.all_keys_for_algorithms()
gabor-mezei-arm8b0c91c2021-06-24 09:49:50 +0200[diff] [blame]687
gabor-mezei-arm5ea30372021-06-28 19:26:55 +0200[diff] [blame]688 def all_test_cases(self) -> Iterator[test_case.TestCase]:
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]689 """Generate all storage format test cases."""
Gilles Peskineae9f14b2021-04-12 14:43:05 +0200[diff] [blame]690 # First build a list of all keys, then construct all the corresponding
691 # test cases. This allows all required information to be obtained in
692 # one go, which is a significant performance gain as the information
693 # includes numerical values obtained by compiling a C program.
Gilles Peskine3008c582021-07-06 21:05:52 +0200[diff] [blame]694 all_keys = list(self.generate_all_keys())
695 for key in all_keys:
gabor-mezei-arm5ea30372021-06-28 19:26:55 +0200[diff] [blame]696 if key.location_value() != 0:
697 # Skip keys with a non-default location, because they
698 # require a driver and we currently have no mechanism to
699 # determine whether a driver is available.
700 continue
701 yield self.make_test_case(key)
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]702
gabor-mezei-arm4d9fb732021-06-24 09:53:26 +0200[diff] [blame]703class StorageFormatForward(StorageFormat):
704 """Storage format stability test cases for forward compatibility."""
705
706 def __init__(self, info: Information, version: int) -> None:
707 super().__init__(info, version, True)
708
709class StorageFormatV0(StorageFormat):
710 """Storage format stability test cases for version 0 compatibility."""
711
712 def __init__(self, info: Information) -> None:
713 super().__init__(info, 0, False)
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]714
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]715 def all_keys_for_usage_flags(self) -> Iterator[StorageTestData]:
gabor-mezei-arm15c1f032021-06-24 10:04:38 +0200[diff] [blame]716 """Generate test keys covering usage flags."""
Gilles Peskinea296e482022-02-24 18:58:08 +0100[diff] [blame]717 yield from super().all_keys_for_usage_flags()
718 yield from self.generate_keys_for_usage_flags(test_implicit_usage=False)
gabor-mezei-arm15c1f032021-06-24 10:04:38 +0200[diff] [blame]719
gabor-mezei-armacfcc182021-06-28 17:40:32 +0200[diff] [blame]720 def keys_for_implicit_usage(
gabor-mezei-arm044fefc2021-06-24 10:16:44 +0200[diff] [blame]721 self,
gabor-mezei-arme84d3212021-06-28 16:54:11 +0200[diff] [blame]722 implyer_usage: str,
gabor-mezei-arm044fefc2021-06-24 10:16:44 +0200[diff] [blame]723 alg: str,
gabor-mezei-arm805c7352021-06-28 20:02:11 +0200[diff] [blame]724 key_type: crypto_knowledge.KeyType
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]725 ) -> StorageTestData:
gabor-mezei-armb92d61b2021-06-24 14:38:25 +0200[diff] [blame]726 # pylint: disable=too-many-locals
gabor-mezei-arm927742e2021-06-28 16:27:29 +0200[diff] [blame]727 """Generate test keys for the specified implicit usage flag,
gabor-mezei-arm044fefc2021-06-24 10:16:44 +0200[diff] [blame]728 algorithm and key type combination.
729 """
gabor-mezei-arm805c7352021-06-28 20:02:11 +0200[diff] [blame]730 bits = key_type.sizes_to_test()[0]
gabor-mezei-arme84d3212021-06-28 16:54:11 +0200[diff] [blame]731 implicit_usage = StorageKey.IMPLICIT_USAGE_FLAGS[implyer_usage]
gabor-mezei-arm47812632021-06-28 16:35:48 +0200[diff] [blame]732 usage_flags = 'PSA_KEY_USAGE_EXPORT'
gabor-mezei-arme84d3212021-06-28 16:54:11 +0200[diff] [blame]733 material_usage_flags = usage_flags + ' | ' + implyer_usage
734 expected_usage_flags = material_usage_flags + ' | ' + implicit_usage
gabor-mezei-arm47812632021-06-28 16:35:48 +0200[diff] [blame]735 alg2 = 0
gabor-mezei-arm805c7352021-06-28 20:02:11 +0200[diff] [blame]736 key_material = key_type.key_material(bits)
gabor-mezei-arme84d3212021-06-28 16:54:11 +0200[diff] [blame]737 usage_expression = re.sub(r'PSA_KEY_USAGE_', r'', implyer_usage)
gabor-mezei-arm47812632021-06-28 16:35:48 +0200[diff] [blame]738 alg_expression = re.sub(r'PSA_ALG_', r'', alg)
739 alg_expression = re.sub(r',', r', ', re.sub(r' +', r'', alg_expression))
740 key_type_expression = re.sub(r'\bPSA_(?:KEY_TYPE|ECC_FAMILY)_',
741 r'',
gabor-mezei-arm805c7352021-06-28 20:02:11 +0200[diff] [blame]742 key_type.expression)
gabor-mezei-armacfcc182021-06-28 17:40:32 +0200[diff] [blame]743 description = 'implied by {}: {} {} {}-bit'.format(
gabor-mezei-arm47812632021-06-28 16:35:48 +0200[diff] [blame]744 usage_expression, alg_expression, key_type_expression, bits)
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]745 key = StorageTestData(version=self.version,
746 id=1, lifetime=0x00000001,
747 type=key_type.expression, bits=bits,
748 usage=material_usage_flags,
749 expected_usage=expected_usage_flags,
750 without_implicit_usage=True,
751 alg=alg, alg2=alg2,
752 material=key_material,
753 description=description)
754 return key
gabor-mezei-arm044fefc2021-06-24 10:16:44 +0200[diff] [blame]755
756 def gather_key_types_for_sign_alg(self) -> Dict[str, List[str]]:
gabor-mezei-armb92d61b2021-06-24 14:38:25 +0200[diff] [blame]757 # pylint: disable=too-many-locals
gabor-mezei-arm044fefc2021-06-24 10:16:44 +0200[diff] [blame]758 """Match possible key types for sign algorithms."""
759 # To create a valid combinaton both the algorithms and key types
760 # must be filtered. Pair them with keywords created from its names.
761 incompatible_alg_keyword = frozenset(['RAW', 'ANY', 'PURE'])
762 incompatible_key_type_keywords = frozenset(['MONTGOMERY'])
763 keyword_translation = {
764 'ECDSA': 'ECC',
765 'ED[0-9]*.*' : 'EDWARDS'
766 }
767 exclusive_keywords = {
768 'EDWARDS': 'ECC'
769 }
gabor-mezei-armb92d61b2021-06-24 14:38:25 +0200[diff] [blame]770 key_types = set(self.constructors.generate_expressions(self.constructors.key_types))
771 algorithms = set(self.constructors.generate_expressions(self.constructors.sign_algorithms))
gabor-mezei-arm044fefc2021-06-24 10:16:44 +0200[diff] [blame]772 alg_with_keys = {} #type: Dict[str, List[str]]
773 translation_table = str.maketrans('(', '_', ')')
774 for alg in algorithms:
775 # Generate keywords from the name of the algorithm
776 alg_keywords = set(alg.partition('(')[0].split(sep='_')[2:])
777 # Translate keywords for better matching with the key types
778 for keyword in alg_keywords.copy():
779 for pattern, replace in keyword_translation.items():
780 if re.match(pattern, keyword):
781 alg_keywords.remove(keyword)
782 alg_keywords.add(replace)
783 # Filter out incompatible algortihms
784 if not alg_keywords.isdisjoint(incompatible_alg_keyword):
785 continue
786
787 for key_type in key_types:
788 # Generate keywords from the of the key type
789 key_type_keywords = set(key_type.translate(translation_table).split(sep='_')[3:])
790
791 # Remove ambigious keywords
792 for keyword1, keyword2 in exclusive_keywords.items():
793 if keyword1 in key_type_keywords:
794 key_type_keywords.remove(keyword2)
795
796 if key_type_keywords.isdisjoint(incompatible_key_type_keywords) and\
797 not key_type_keywords.isdisjoint(alg_keywords):
798 if alg in alg_with_keys:
799 alg_with_keys[alg].append(key_type)
800 else:
801 alg_with_keys[alg] = [key_type]
802 return alg_with_keys
803
gabor-mezei-arme4b74992021-06-29 15:29:24 +0200[diff] [blame]804 def all_keys_for_implicit_usage(self) -> Iterator[StorageTestData]:
gabor-mezei-arm044fefc2021-06-24 10:16:44 +0200[diff] [blame]805 """Generate test keys for usage flag extensions."""
806 # Generate a key type and algorithm pair for each extendable usage
807 # flag to generate a valid key for exercising. The key is generated
808 # without usage extension to check the extension compatiblity.
gabor-mezei-arm044fefc2021-06-24 10:16:44 +0200[diff] [blame]809 alg_with_keys = self.gather_key_types_for_sign_alg()
gabor-mezei-arm7d2ec9a2021-06-24 16:35:01 +0200[diff] [blame]810
gabor-mezei-arm5ea30372021-06-28 19:26:55 +0200[diff] [blame]811 for usage in sorted(StorageKey.IMPLICIT_USAGE_FLAGS, key=str):
812 for alg in sorted(alg_with_keys):
813 for key_type in sorted(alg_with_keys[alg]):
814 # The key types must be filtered to fit the specific usage flag.
gabor-mezei-arm805c7352021-06-28 20:02:11 +0200[diff] [blame]815 kt = crypto_knowledge.KeyType(key_type)
816 if kt.is_valid_for_signature(usage):
817 yield self.keys_for_implicit_usage(usage, alg, kt)
gabor-mezei-arm044fefc2021-06-24 10:16:44 +0200[diff] [blame]818
gabor-mezei-armea840de2021-06-29 15:42:57 +0200[diff] [blame]819 def generate_all_keys(self) -> Iterator[StorageTestData]:
820 yield from super().generate_all_keys()
821 yield from self.all_keys_for_implicit_usage()
gabor-mezei-arm15c1f032021-06-24 10:04:38 +0200[diff] [blame]822
Gilles Peskineb94ea512021-03-10 02:12:08 +0100[diff] [blame]823class TestGenerator:
824 """Generate test data."""
825
826 def __init__(self, options) -> None:
827 self.test_suite_directory = self.get_option(options, 'directory',
828 'tests/suites')
829 self.info = Information()
830
831 @staticmethod
832 def get_option(options, name: str, default: T) -> T:
833 value = getattr(options, name, None)
834 return default if value is None else value
835
Gilles Peskine0298bda2021-03-10 02:34:37 +0100[diff] [blame]836 def filename_for(self, basename: str) -> str:
837 """The location of the data file with the specified base name."""
838 return os.path.join(self.test_suite_directory, basename + '.data')
839
Gilles Peskineb94ea512021-03-10 02:12:08 +0100[diff] [blame]840 def write_test_data_file(self, basename: str,
841 test_cases: Iterable[test_case.TestCase]) -> None:
842 """Write the test cases to a .data file.
843
844 The output file is ``basename + '.data'`` in the test suite directory.
845 """
Gilles Peskine0298bda2021-03-10 02:34:37 +0100[diff] [blame]846 filename = self.filename_for(basename)
Gilles Peskineb94ea512021-03-10 02:12:08 +0100[diff] [blame]847 test_case.write_data_file(filename, test_cases)
848
Gilles Peskinecfd4fae2021-04-23 16:37:12 +0200[diff] [blame]849 # Note that targets whose name containns 'test_format' have their content
850 # validated by `abi_check.py`.
Gilles Peskine0298bda2021-03-10 02:34:37 +0100[diff] [blame]851 TARGETS = {
Przemyslaw Stekiel997caf82021-10-15 15:21:51 +0200[diff] [blame]852 'test_suite_psa_crypto_generate_key.generated':
853 lambda info: KeyGenerate(info).test_cases_for_key_generation(),
Gilles Peskine0298bda2021-03-10 02:34:37 +0100[diff] [blame]854 'test_suite_psa_crypto_not_supported.generated':
Gilles Peskine3d778392021-02-17 15:11:05 +0100[diff] [blame]855 lambda info: NotSupported(info).test_cases_for_not_supported(),
Gilles Peskinec05158b2021-04-27 20:40:10 +0200[diff] [blame]856 'test_suite_psa_crypto_op_fail.generated':
857 lambda info: OpFail(info).all_test_cases(),
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]858 'test_suite_psa_crypto_storage_format.current':
gabor-mezei-arm4d9fb732021-06-24 09:53:26 +0200[diff] [blame]859 lambda info: StorageFormatForward(info, 0).all_test_cases(),
Gilles Peskine897dff92021-03-10 15:03:44 +0100[diff] [blame]860 'test_suite_psa_crypto_storage_format.v0':
gabor-mezei-arm4d9fb732021-06-24 09:53:26 +0200[diff] [blame]861 lambda info: StorageFormatV0(info).all_test_cases(),
Gilles Peskine0298bda2021-03-10 02:34:37 +0100[diff] [blame]862 } #type: Dict[str, Callable[[Information], Iterable[test_case.TestCase]]]
863
864 def generate_target(self, name: str) -> None:
865 test_cases = self.TARGETS[name](self.info)
866 self.write_test_data_file(name, test_cases)
Gilles Peskine14e428f2021-01-26 22:19:21 +0100[diff] [blame]867
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]868def main(args):
869 """Command line entry point."""
870 parser = argparse.ArgumentParser(description=__doc__)
Gilles Peskine0298bda2021-03-10 02:34:37 +0100[diff] [blame]871 parser.add_argument('--list', action='store_true',
872 help='List available targets and exit')
873 parser.add_argument('targets', nargs='*', metavar='TARGET',
874 help='Target file to generate (default: all; "-": none)')
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]875 options = parser.parse_args(args)
876 generator = TestGenerator(options)
Gilles Peskine0298bda2021-03-10 02:34:37 +0100[diff] [blame]877 if options.list:
878 for name in sorted(generator.TARGETS):
879 print(generator.filename_for(name))
880 return
881 if options.targets:
882 # Allow "-" as a special case so you can run
883 # ``generate_psa_tests.py - $targets`` and it works uniformly whether
884 # ``$targets`` is empty or not.
885 options.targets = [os.path.basename(re.sub(r'\.data\Z', r'', target))
886 for target in options.targets
887 if target != '-']
888 else:
889 options.targets = sorted(generator.TARGETS)
890 for target in options.targets:
891 generator.generate_target(target)
Gilles Peskine09940492021-01-26 22:16:30 +0100[diff] [blame]892
893if __name__ == '__main__':
894 main(sys.argv[1:])