diff --git a/programs/.gitignore b/programs/.gitignore index 02418966f..327dbdc17 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -29,6 +29,8 @@ pkey/rsa_sign pkey/rsa_sign_pss pkey/rsa_verify pkey/rsa_verify_pss +psa/psa_constant_names +psa/psa_constant_names_generated.c random/gen_entropy random/gen_random_ctr_drbg random/gen_random_havege diff --git a/programs/Makefile b/programs/Makefile index b6d1fa25b..c65a10c43 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -60,6 +60,7 @@ APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \ pkey/rsa_decrypt$(EXEXT) pkey/rsa_encrypt$(EXEXT) \ pkey/rsa_sign$(EXEXT) pkey/rsa_verify$(EXEXT) \ pkey/rsa_sign_pss$(EXEXT) pkey/rsa_verify_pss$(EXEXT) \ + psa/psa_constant_names$(EXEXT) \ ssl/dtls_client$(EXEXT) ssl/dtls_server$(EXEXT) \ ssl/ssl_client1$(EXEXT) ssl/ssl_client2$(EXEXT) \ ssl/ssl_server$(EXEXT) ssl/ssl_server2$(EXEXT) \ @@ -83,6 +84,8 @@ ifdef TEST_CPP APPS += test/cpp_dummy_build$(EXEXT) endif +EXTRA_GENERATED = + .SILENT: .PHONY: all clean list @@ -92,6 +95,11 @@ all: $(APPS) $(DEP): $(MAKE) -C ../library +EXTRA_GENERATED += psa/psa_constant_names_generated.c +psa/psa_constant_names$(EXEXT): psa/psa_constant_names_generated.c +psa/psa_constant_names_generated.c: ../scripts/generate_psa_constants.py ../include/psa/crypto.h + ../scripts/generate_psa_constants.py + aes/aescrypt2$(EXEXT): aes/aescrypt2.c $(DEP) echo " CC aes/aescrypt2.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/aescrypt2.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ @@ -188,6 +196,10 @@ pkey/rsa_encrypt$(EXEXT): pkey/rsa_encrypt.c $(DEP) echo " CC pkey/rsa_encrypt.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_encrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +psa/psa_constant_names$(EXEXT): psa/psa_constant_names.c $(DEP) + echo " CC psa/psa_constant_names.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/psa_constant_names.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + random/gen_entropy$(EXEXT): random/gen_entropy.c $(DEP) echo " CC random/gen_entropy.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_entropy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ @@ -294,9 +306,9 @@ x509/req_app$(EXEXT): x509/req_app.c $(DEP) clean: ifndef WINDOWS - rm -f $(APPS) + rm -f $(APPS) $(EXTRA_GENERATED) else - del /S /Q /F *.o *.exe + del /S /Q /F *.o *.exe $(EXTRA_GENERATED) endif list: diff --git a/programs/psa/psa_constant_names.c b/programs/psa/psa_constant_names.c new file mode 100644 index 000000000..d422e14f6 --- /dev/null +++ b/programs/psa/psa_constant_names.c @@ -0,0 +1,157 @@ +#include +#include +#include + +#include "psa/crypto.h" + +/* There are different GET_HASH macros for different kinds of algorithms + * built from hashes, but the values are all constructed on the + * same model. */ +#define PSA_ALG_GET_HASH(alg) \ + (((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH) + +static void append(char **buffer, size_t buffer_size, + size_t *required_size, + const char *string, size_t length) +{ + *required_size += length; + if (*required_size < buffer_size) { + memcpy(*buffer, string, length); + *buffer += length; + } +} + +/* The code of these function is automatically generated and included below. */ +static const char *psa_ecc_curve_name(psa_ecc_curve_t curve); +static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg); + +static void append_with_curve(char **buffer, size_t buffer_size, + size_t *required_size, + const char *string, size_t length, + psa_ecc_curve_t curve) +{ + const char *curve_name = psa_ecc_curve_name(curve); + append(buffer, buffer_size, required_size, string, length); + append(buffer, buffer_size, required_size, "(", 1); + if (curve_name != NULL) { + append(buffer, buffer_size, required_size, + curve_name, strlen(curve_name)); + } else { + size_t n = snprintf(*buffer, buffer_size - *required_size, + "0x%04x", (unsigned) curve); + if (n < buffer_size - *required_size) *buffer += n; + *required_size += n; + } + append(buffer, buffer_size, required_size, ")", 1); +} + +static void append_with_hash(char **buffer, size_t buffer_size, + size_t *required_size, + const char *string, size_t length, + psa_algorithm_t hash_alg) +{ + const char *hash_name = psa_hash_algorithm_name(hash_alg); + append(buffer, buffer_size, required_size, string, length); + append(buffer, buffer_size, required_size, "(", 1); + if (hash_name != NULL) { + append(buffer, buffer_size, required_size, + hash_name, strlen(hash_name)); + } else { + size_t n = snprintf(*buffer, buffer_size - *required_size, + "0x%08lx", (unsigned long) hash_alg); + if (n < buffer_size - *required_size) *buffer += n; + *required_size += n; + } + append(buffer, buffer_size, required_size, ")", 1); +} + +#include "psa_constant_names_generated.c" + +static int psa_snprint_status(char *buffer, size_t buffer_size, + psa_status_t status) +{ + const char *name = psa_strerror(status); + if (name == NULL) { + return snprintf(buffer, buffer_size, "%ld", (long) status); + } else { + size_t length = strlen(name); + if (length < buffer_size) { + memcpy(buffer, name, length + 1); + return length; + } else { + return buffer_size; + } + } +} + +static int psa_snprint_ecc_curve(char *buffer, size_t buffer_size, + psa_ecc_curve_t curve) +{ + const char *name = psa_ecc_curve_name(curve); + if (name == NULL) { + return snprintf(buffer, buffer_size, "0x%04x", (unsigned) curve); + } else { + size_t length = strlen(name); + if (length < buffer_size) { + memcpy(buffer, name, length + 1); + return length; + } else { + return buffer_size; + } + } +} + +static void usage(const char *program_name) +{ + printf("Usage: %s TYPE VALUE\n", + program_name == NULL ? "psa_constant_names" : program_name); + printf("Print the symbolic name whose numerical value is VALUE in TYPE.\n"); + printf("Supported types (with = between aliases):\n"); + printf(" alg=algorithm Status code (psa_algorithm_t)\n"); + printf(" curve=ecc_curve Elliptic curve identifier (psa_ecc_curve_t)\n"); + printf(" type=key_type Status code (psa_key_type_t)\n"); + printf(" usage=key_usage Key usage (psa_key_usage_t)\n"); + printf(" error=status Status code (psa_status_t)\n"); +} + +int main(int argc, char *argv[]) +{ + char buffer[200]; + unsigned long value; + char *end; + + if (argc <= 1 || + !strcmp(argv[1], "help") || + !strcmp(argv[1], "--help")) + { + usage(argv[0]); + return EXIT_FAILURE; + } + if (argc != 3) { + usage(argv[0]); + return EXIT_FAILURE; + } + value = strtoul(argv[2], &end, 0); + if (*end) { + printf("Non-numeric value: %s\n", argv[2]); + return EXIT_FAILURE; + } + + if (!strcmp(argv[1], "error") || !strcmp(argv[1], "status")) + psa_snprint_status(buffer, sizeof(buffer), value); + else if (!strcmp(argv[1], "alg") || !strcmp(argv[1], "algorithm")) + psa_snprint_algorithm(buffer, sizeof(buffer), value); + else if (!strcmp(argv[1], "curve") || !strcmp(argv[1], "ecc_curve")) + psa_snprint_ecc_curve(buffer, sizeof(buffer), value); + else if (!strcmp(argv[1], "type") || !strcmp(argv[1], "key_type")) + psa_snprint_key_type(buffer, sizeof(buffer), value); + else if (!strcmp(argv[1], "usage") || !strcmp(argv[1], "key_usage")) + psa_snprint_key_usage(buffer, sizeof(buffer), value); + else { + printf("Unknown type: %s\n", argv[1]); + return EXIT_FAILURE; + } + + puts(buffer); + return EXIT_SUCCESS; +} diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py new file mode 100755 index 000000000..e4cb45b4a --- /dev/null +++ b/scripts/generate_psa_constants.py @@ -0,0 +1,301 @@ +#!/usr/bin/env python +import os +import re +import sys + +output_template = '''\ +/* Automatically generated by generate_psa_constant.py. DO NOT EDIT. */ + +static const char *psa_strerror(psa_status_t status) +{ + switch (status) { + %(status_cases)s + default: return NULL; + } +} + +static const char *psa_ecc_curve_name(psa_ecc_curve_t curve) +{ + switch (curve) { + %(ecc_curve_cases)s + default: return NULL; + } +} + +static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg) +{ + switch (hash_alg) { + %(hash_algorithm_cases)s + default: return NULL; + } +} + +static int psa_snprint_key_type(char *buffer, size_t buffer_size, + psa_key_type_t type) +{ + size_t required_size = 0; + switch (type) { + %(key_type_cases)s + default: + %(key_type_code)s{ + return snprintf(buffer, buffer_size, + "0x%%08lx", (unsigned long) type); + } + break; + } + buffer[0] = 0; + return required_size; +} + +static void append_padding_mode(char **buffer, size_t buffer_size, + size_t *required_size, + psa_algorithm_t padding_mode) +{ + size_t n; + append(buffer, buffer_size, required_size, " | ", 3); + switch (padding_mode) { + %(padding_mode_cases)s + default: + n = snprintf(*buffer, buffer_size - *required_size, + "0x%%08lx", (unsigned long) padding_mode); + if (n < buffer_size - *required_size) *buffer += n; + *required_size += n; + break; + } +} + +static int psa_snprint_algorithm(char *buffer, size_t buffer_size, + psa_algorithm_t alg) +{ + size_t required_size = 0; + psa_algorithm_t padding_mode = -1; + psa_algorithm_t alg_without_padding = alg; + if (PSA_ALG_IS_CIPHER(alg) && PSA_ALG_IS_BLOCK_CIPHER(alg)) { + padding_mode = alg & PSA_ALG_BLOCK_CIPHER_PADDING_MASK; + alg_without_padding = alg & ~PSA_ALG_BLOCK_CIPHER_PADDING_MASK; + } + switch (alg_without_padding) { + %(algorithm_cases)s + default: + %(algorithm_code)s{ + return snprintf(buffer, buffer_size, + "0x%%08lx", (unsigned long) alg); + } + break; + } + if (padding_mode != (psa_algorithm_t) -1) { + append_padding_mode(&buffer, buffer_size, &required_size, padding_mode); + } + buffer[0] = 0; + return required_size; +} + +static int psa_snprint_key_usage(char *buffer, size_t buffer_size, + psa_key_usage_t usage) +{ + size_t required_size = 0; + if (usage == 0) { + if (buffer_size > 1) { + buffer[0] = '0'; + buffer[1] = 0; + } else if (buffer_size == 1) { + buffer[0] = 0; + } + return 1; + } +%(key_usage_code)s + if (usage != 0) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + required_size += snprintf(buffer, buffer_size - required_size, + "0x%%08x", usage); + } else { + buffer[0] = 0; + } + return required_size; +} + +/* End of automatically generated file. */ +''' + +key_type_from_curve_template = '''if (%(tester)s(type)) { + append_with_curve(&buffer, buffer_size, &required_size, + "%(builder)s", %(builder_length)s, + PSA_KEY_TYPE_GET_CURVE(type)); + } else ''' + +algorithm_from_hash_template = '''if (%(tester)s(alg_without_padding)) { + append_with_hash(&buffer, buffer_size, &required_size, + "%(builder)s", %(builder_length)s, + PSA_ALG_GET_HASH(alg_without_padding)); + } else ''' + +bit_test_template = '''\ + if (%(var)s & %(flag)s) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + append(&buffer, buffer_size, &required_size, "%(flag)s", %(length)d); + %(var)s ^= %(flag)s; + }\ +''' + +class MacroCollector: + def __init__(self): + self.statuses = set() + self.key_types = set() + self.key_types_from_curve = {} + self.ecc_curves = set() + self.algorithms = set() + self.hash_algorithms = set() + self.block_cipher_padding_modes = set() + self.algorithms_from_hash = {} + self.key_usages = set() + + # "#define" followed by a macro name with either no parameters + # or a single parameter. Grab the macro name in group 1, the + # parameter name if any in group 2 and the definition in group 3. + definition_re = re.compile(r'\s*#\s*define\s+(\w+)(?:\s+|\((\w+)\)\s*)(.+)(?:/[*/])?') + + def read_line(self, line): + m = re.match(self.definition_re, line) + if not m: + return + name, parameter, definition = m.groups() + if name.endswith('_FLAG') or name.endswith('MASK'): + # Macro only to build actual values + return + elif (name.startswith('PSA_ERROR_') or name == 'PSA_SUCCESS') \ + and not parameter: + self.statuses.add(name) + elif name.startswith('PSA_KEY_TYPE_') and not parameter: + self.key_types.add(name) + elif name.startswith('PSA_KEY_TYPE_') and parameter == 'curve': + self.key_types_from_curve[name] = name[:13] + 'IS_' + name[13:] + elif name.startswith('PSA_ECC_CURVE_') and not parameter: + self.ecc_curves.add(name) + elif name.startswith('PSA_ALG_BLOCK_CIPHER_PAD_') and not parameter: + self.block_cipher_padding_modes.add(name) + elif name.startswith('PSA_ALG_') and not parameter: + if name in ['PSA_ALG_BLOCK_CIPHER_BASE', + 'PSA_ALG_ECDSA_BASE', + 'PSA_ALG_RSA_PKCS1V15_SIGN_BASE']: + # Ad hoc skipping of duplicate names for some numerical values + return + self.algorithms.add(name) + # Ad hoc detection of hash algorithms + if re.search(r'0x010000[0-9A-Fa-f]{2}', definition): + self.hash_algorithms.add(name) + elif name.startswith('PSA_ALG_') and parameter == 'hash_alg': + if name in ['PSA_ALG_DSA', 'PSA_ALG_ECDSA']: + # A naming irregularity + tester = name[:8] + 'IS_RANDOMIZED_' + name[8:] + else: + tester = name[:8] + 'IS_' + name[8:] + self.algorithms_from_hash[name] = tester + elif name.startswith('PSA_KEY_USAGE_') and not parameter: + self.key_usages.add(name) + else: + # Other macro without parameter + return + + def read_file(self, header_file): + for line in header_file: + self.read_line(line) + + def make_return_case(self, name): + return 'case %(name)s: return "%(name)s";' % {'name': name} + + def make_append_case(self, name): + template = ('case %(name)s: ' + 'append(&buffer, buffer_size, &required_size, "%(name)s", %(length)d); ' + 'break;') + return template % {'name': name, 'length': len(name)} + + def make_inner_append_case(self, name): + template = ('case %(name)s: ' + 'append(buffer, buffer_size, required_size, "%(name)s", %(length)d); ' + 'break;') + return template % {'name': name, 'length': len(name)} + + def make_bit_test(self, var, flag): + return bit_test_template % {'var': var, + 'flag': flag, + 'length': len(flag)} + + def make_status_cases(self): + return '\n '.join(map(self.make_return_case, + sorted(self.statuses))) + + def make_ecc_curve_cases(self): + return '\n '.join(map(self.make_return_case, + sorted(self.ecc_curves))) + + def make_key_type_cases(self): + return '\n '.join(map(self.make_append_case, + sorted(self.key_types))) + + def make_key_type_from_curve_code(self, builder, tester): + return key_type_from_curve_template % {'builder': builder, + 'builder_length': len(builder), + 'tester': tester} + + def make_key_type_code(self): + d = self.key_types_from_curve + make = self.make_key_type_from_curve_code + return '\n '.join([make(k, d[k]) for k in sorted(d.keys())]) + + def make_hash_algorithm_cases(self): + return '\n '.join(map(self.make_return_case, + sorted(self.hash_algorithms))) + + def make_padding_mode_cases(self): + return '\n '.join(map(self.make_inner_append_case, + sorted(self.block_cipher_padding_modes))) + + def make_algorithm_cases(self): + return '\n '.join(map(self.make_append_case, + sorted(self.algorithms))) + + def make_algorithm_from_hash_code(self, builder, tester): + return algorithm_from_hash_template % {'builder': builder, + 'builder_length': len(builder), + 'tester': tester} + + def make_algorithm_code(self): + d = self.algorithms_from_hash + make = self.make_algorithm_from_hash_code + return '\n '.join([make(k, d[k]) for k in sorted(d.keys())]) + + def make_key_usage_code(self): + return '\n'.join([self.make_bit_test('usage', bit) + for bit in sorted(self.key_usages)]) + + def write_file(self, output_file): + data = {} + data['status_cases'] = self.make_status_cases() + data['ecc_curve_cases'] = self.make_ecc_curve_cases() + data['key_type_cases'] = self.make_key_type_cases() + data['key_type_code'] = self.make_key_type_code() + data['hash_algorithm_cases'] = self.make_hash_algorithm_cases() + data['padding_mode_cases'] = self.make_padding_mode_cases() + data['algorithm_cases'] = self.make_algorithm_cases() + data['algorithm_code'] = self.make_algorithm_code() + data['key_usage_code'] = self.make_key_usage_code() + output_file.write(output_template % data) + +def generate_psa_constants(header_file_name, output_file_name): + collector = MacroCollector() + with open(header_file_name) as header_file: + collector.read_file(header_file) + temp_file_name = output_file_name + '.tmp' + with open(temp_file_name, 'w') as output_file: + collector.write_file(output_file) + os.rename(temp_file_name, output_file_name) + +if __name__ == '__main__': + if not os.path.isdir('programs') and os.path.isdir('../programs'): + os.chdir('..') + generate_psa_constants('include/psa/crypto.h', + 'programs/psa/psa_constant_names_generated.c')