Storage format tests: exercise operations with keys
In key read tests, add usage flags that are suitable for the key type and algorithm. This way, the call to exercise_key() in the test not only checks that exporting the key is possible, but also that operations on the key are possible. This triggers a number of failures in edge cases where the generator generates combinations that are not valid, which will be fixed in subsequent commits. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
parent
16b2506e3d
commit
e6b85b4d42
2 changed files with 33 additions and 2 deletions
|
|
@ -20,7 +20,7 @@ This module is entirely based on the PSA API.
|
||||||
|
|
||||||
import enum
|
import enum
|
||||||
import re
|
import re
|
||||||
from typing import Iterable, Optional, Tuple
|
from typing import Iterable, List, Optional, Tuple
|
||||||
|
|
||||||
from mbedtls_dev.asymmetric_key_data import ASYMMETRIC_KEY_DATA
|
from mbedtls_dev.asymmetric_key_data import ASYMMETRIC_KEY_DATA
|
||||||
|
|
||||||
|
|
@ -422,3 +422,31 @@ class Algorithm:
|
||||||
self.is_key_agreement_with_derivation():
|
self.is_key_agreement_with_derivation():
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
def usage_flags(self, public: bool = False) -> List[str]:
|
||||||
|
"""The list of usage flags describing operations that can perform this algorithm.
|
||||||
|
|
||||||
|
If public is true, only return public-key operations, not private-key operations.
|
||||||
|
"""
|
||||||
|
if self.category == AlgorithmCategory.HASH:
|
||||||
|
flags = []
|
||||||
|
elif self.category == AlgorithmCategory.MAC:
|
||||||
|
flags = ['SIGN_HASH', 'SIGN_MESSAGE',
|
||||||
|
'VERIFY_HASH', 'VERIFY_MESSAGE']
|
||||||
|
elif self.category == AlgorithmCategory.CIPHER or \
|
||||||
|
self.category == AlgorithmCategory.AEAD:
|
||||||
|
flags = ['DECRYPT', 'ENCRYPT']
|
||||||
|
elif self.category == AlgorithmCategory.SIGN:
|
||||||
|
flags = ['VERIFY_HASH', 'VERIFY_MESSAGE']
|
||||||
|
if not public:
|
||||||
|
flags += ['SIGN_HASH', 'SIGN_MESSAGE']
|
||||||
|
elif self.category == AlgorithmCategory.ASYMMETRIC_ENCRYPTION:
|
||||||
|
flags = ['ENCRYPT']
|
||||||
|
if not public:
|
||||||
|
flags += ['DECRYPT']
|
||||||
|
elif self.category == AlgorithmCategory.KEY_DERIVATION or \
|
||||||
|
self.category == AlgorithmCategory.KEY_AGREEMENT:
|
||||||
|
flags = ['DERIVE']
|
||||||
|
else:
|
||||||
|
raise AlgorithmNotRecognized(self.expression)
|
||||||
|
return ['PSA_KEY_USAGE_' + flag for flag in flags]
|
||||||
|
|
|
||||||
|
|
@ -645,8 +645,11 @@ class StorageFormat:
|
||||||
If alg is not None, this key allows it.
|
If alg is not None, this key allows it.
|
||||||
"""
|
"""
|
||||||
usage_flags = ['PSA_KEY_USAGE_EXPORT']
|
usage_flags = ['PSA_KEY_USAGE_EXPORT']
|
||||||
alg1 = 0 if alg is None else alg.expression #type: psa_storage.Exprable
|
alg1 = 0 #type: psa_storage.Exprable
|
||||||
alg2 = 0
|
alg2 = 0
|
||||||
|
if alg is not None:
|
||||||
|
alg1 = alg.expression
|
||||||
|
usage_flags += alg.usage_flags(public=kt.is_public())
|
||||||
key_material = kt.key_material(bits)
|
key_material = kt.key_material(bits)
|
||||||
description = 'type: {} {}-bit'.format(kt.short_expression(1), bits)
|
description = 'type: {} {}-bit'.format(kt.short_expression(1), bits)
|
||||||
if alg is not None:
|
if alg is not None:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue