In generate_psa_tests, use InputsForTest rather than PSAMacroCollector
to gather values. This way, the enumeration of values to test includes
values used in metadata tests in addition to constructors parsed from
header files. This allows greater coverage of values built from
constructors with arguments. This doesn't make a difference yet, but
it will once algorithm constructors with arguments are supported in
generate_psa_tests.
Make the injection of numerical values optional. They are useful for
test_psa_constant_names, so keep them there. Don't use them for
not-supported tests: they might make sense, but the current code
wouldn't work since it doesn't know how to make up fake key material
or what dependencies to generate. Don't use them for storage tests:
they only make sense for supported values.
Don't inject 'PSA_SUCCESS': that's superfluous.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add the test keys from RFC 8032 (§7.1 Ed25519 "TEST 1", §7.4 Ed448 "Blank").
This replaces the generic byte-sized data used for unknown key types
which no longer works now that Ed25519 is considered to have 255 bits.
Re-generate the automatically generated test data accordingly.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The coordinates are over $F_{2^{255}-19}$, so by the general
definition of the bit size associated with the curve in the
specification, the value for size attribute of keys is 255.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add an elliptic curve family for the twisted Edwards curves
Edwards25519 and Edwards448 ("Goldilocks"). As with Montgomery curves,
since these are the only two curves in common use, the family has a
generic name.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Generate test cases for all key types. These test cases cover the key
representation (checked with export) and the encoding of the key type and
the bit-size.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Construct an object given the attributes and material for a PSA crypto key
and get the Mbed TLS storage representation.
The code to generate the storage representation was written based on the
specification in docs/architecture/mbed-crypto-storage-specification.md,
without looking at the code.
The data in the unit tests is from the AES-128 format_storage_data_check
test case in test_suite_psa_crypto_persistent_key.data, tweaked manually.
This commit creates a basic framework for using symbolic values for
attributes, but does not yet implement obtaining the corresponding numerical
values from an external source.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Make it possible to enumerate the key types, algorithms, etc.
collected by PSAMacroCollector.
This commit ensures that all fields of PSAMacroEnumerator are filled
by code inspection. Testing of the result may reveal more work to be
done in later commits.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
There are type annotations that indirectly depend on the
typing_extensions module (on Python 3.5-3.7: Protocol was added to the
core typing module in 3.8). The typing_extensions module is not
installed by default, so the code didn't run on a pristine Python
installation.
To avoid depending on a non-default module, make the dependency on
typing_extensions optional. (It's still required to run mypy, but
installing mypy takes care of providing typing_extensions.) If it
isn't available, provide a substitute definition that's just good
enough to get the scripts to run.
Move this ugly code to its own module to avoid the temptation of
spreading such ugliness all over the place. It's likely to be used in
other modules anyway.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Otherwise the generation is sensitive to trivial differences such as
running `tests/scripts/generate_psa_tests.py` vs
`./tests/scripts/generate_psa_tests.py` vs an absolute path.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
SECP192R1 is declared in the PSA API specification, but it's an old
one that Mbed TLS doesn't support and even OpenSSL doesn't support.
We don't have test vectors for it. Just skip it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Asymmetric keys can't just be arbitrary byte strings: the public key
has to match the private key and the private key usually has
nontrivial constraints.
In order to have deterministic test data and not to rely on
cryptographic dependencies in the Python script, hard-code some test
keys.
In this commit, copy some test keys from test_suite_psa_crypto.data.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
New Python module intended to gather knowledge about key types and
cryptographic mechanisms, such as the ability to create test data for
a given key type and the determination of whether an algorithm is
compatible with a key type.
This commit just creates a class for knowledge about key types.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
At the moment it makes no difference, but it could if e.g. a new
algorithm was called 'foomask'.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
By default, exclude macros whose numerical value is not a valid member
of the semantic type (e.g. PSA_ALG_xxx_BASE is not itself an
algorithm, only an intermediate value used to construct others). But
do include them with include_intermediate=True, which
generate_psa_constants.py does.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Create a directory mbedtls_dev intended to contain various Python
module for use by Python scripts located anywhere in the Mbed TLS
source tree.
Move get_c_expression_values and its auxiliary functions into a new
Python module mbedtls_dev.c_build_helper.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
