yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 22:55:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove ad hoc is_valid_for_signature method

Browse Source 
Use the new generic is_public method.

Impact on generated cases: there are new HMAC test cases for SIGN_HASH. It
was a bug that these test cases were previously not generated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2022-03-17 12:52:24 +01:00
parent a16d8fcee9
commit 989c13dece
3 changed files with 42 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
scripts/mbedtls_dev/crypto_knowledge.py
View File

@ -20,7 +20,7 @@ This module is entirely based on the PSA API.
import enum import enum
import re import re
from typing import Dict, Iterable, Optional, Pattern, Tuple from typing import Iterable, Optional, Tuple
from mbedtls_dev.asymmetric_key_data import ASYMMETRIC_KEY_DATA from mbedtls_dev.asymmetric_key_data import ASYMMETRIC_KEY_DATA
@ -176,21 +176,6 @@ class KeyType:
return b''.join([self.DATA_BLOCK] * (length // len(self.DATA_BLOCK)) + return b''.join([self.DATA_BLOCK] * (length // len(self.DATA_BLOCK)) +
[self.DATA_BLOCK[:length % len(self.DATA_BLOCK)]]) [self.DATA_BLOCK[:length % len(self.DATA_BLOCK)]])
KEY_TYPE_FOR_SIGNATURE = {
'PSA_KEY_USAGE_SIGN_HASH': re.compile('.*KEY_PAIR'),
'PSA_KEY_USAGE_VERIFY_HASH': re.compile('.*KEY.*')
} #type: Dict[str, Pattern]
"""Use a regexp to determine key types for which signature is possible
when using the actual usage flag.
"""
def is_valid_for_signature(self, usage: str) -> bool:
"""Determine if the key type is compatible with the specified
signitute type.
"""
# This is just temporaly solution for the implicit usage flags.
return re.match(self.KEY_TYPE_FOR_SIGNATURE[usage], self.name) is not None
def can_do(self, alg: 'Algorithm') -> bool: def can_do(self, alg: 'Algorithm') -> bool:
"""Whether this key type can be used for operations with the given algorithm. """Whether this key type can be used for operations with the given algorithm.

8
tests/scripts/generate_psa_tests.py
View File

@ -204,7 +204,7 @@ class NotSupported:
continue continue
# For public key we expect that key generation fails with # For public key we expect that key generation fails with
# INVALID_ARGUMENT. It is handled by KeyGenerate class. # INVALID_ARGUMENT. It is handled by KeyGenerate class.
if not kt.name.endswith('_PUBLIC_KEY'): if not kt.is_public():
yield test_case_for_key_type_not_supported( yield test_case_for_key_type_not_supported(
'generate', kt.expression, bits, 'generate', kt.expression, bits,
finish_family_dependencies(generate_dependencies, bits), finish_family_dependencies(generate_dependencies, bits),
@ -820,8 +820,10 @@ class StorageFormatV0(StorageFormat):
for key_type in sorted(alg_with_keys[alg]): for key_type in sorted(alg_with_keys[alg]):
# The key types must be filtered to fit the specific usage flag. # The key types must be filtered to fit the specific usage flag.
kt = crypto_knowledge.KeyType(key_type) kt = crypto_knowledge.KeyType(key_type)
if kt.is_valid_for_signature(usage): if kt.is_public() and '_SIGN_' in usage:
yield self.keys_for_implicit_usage(usage, alg, kt) # Can't sign with a public key
continue
yield self.keys_for_implicit_usage(usage, alg, kt)
def generate_all_keys(self) -> Iterator[StorageTestData]: def generate_all_keys(self) -> Iterator[StorageTestData]:
yield from super().generate_all_keys() yield from super().generate_all_keys()

36
tests/suites/test_suite_psa_crypto_storage_format.v0.data
View File

@ -2140,6 +2140,42 @@ PSA storage read: implied by SIGN_HASH: ED448PH ECC_KEY_PAIR(TWISTED_EDWARDS) 25
depends_on:PSA_WANT_ALG_ED448PH:PSA_WANT_ECC_TWISTED_EDWARDS_255:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR depends_on:PSA_WANT_ALG_ED448PH:PSA_WANT_ECC_TWISTED_EDWARDS_255:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ED448PH:0x0000:"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60":"505341004b45590000000000010000004271ff00011000001509000600000000200000009d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60":TEST_FLAG_EXERCISE key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ED448PH:0x0000:"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60":"505341004b45590000000000010000004271ff00011000001509000600000000200000009d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60":TEST_FLAG_EXERCISE
PSA storage read: implied by SIGN_HASH: HMAC(MD2) HMAC 128-bit
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_HMAC
key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_HMAC(PSA_ALG_MD2):0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001180000110000001008003000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: implied by SIGN_HASH: HMAC(MD4) HMAC 128-bit
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_HMAC
key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_HMAC(PSA_ALG_MD4):0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001180000110000002008003000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: implied by SIGN_HASH: HMAC(MD5) HMAC 128-bit
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_HMAC
key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_HMAC(PSA_ALG_MD5):0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001180000110000003008003000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: implied by SIGN_HASH: HMAC(RIPEMD160) HMAC 128-bit
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_HMAC
key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_HMAC(PSA_ALG_RIPEMD160):0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001180000110000004008003000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: implied by SIGN_HASH: HMAC(SHA_1) HMAC 128-bit
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_HMAC
key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_1):0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001180000110000005008003000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: implied by SIGN_HASH: HMAC(SHA_224) HMAC 128-bit
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_224):0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001180000110000008008003000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: implied by SIGN_HASH: HMAC(SHA_256) HMAC 128-bit
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001180000110000009008003000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: implied by SIGN_HASH: HMAC(SHA_384) HMAC 128-bit
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_HMAC
key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_384):0x0000:"48657265006973206b6579a064617461":"505341004b455900000000000100000000118000011000000a008003000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: implied by SIGN_HASH: HMAC(SHA_512) HMAC 128-bit
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_512):0x0000:"48657265006973206b6579a064617461":"505341004b455900000000000100000000118000011000000b008003000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: implied by SIGN_HASH: RSA_PKCS1V15_SIGN(SHA_256) RSA_KEY_PAIR 1024-bit PSA storage read: implied by SIGN_HASH: RSA_PKCS1V15_SIGN(SHA_256) RSA_KEY_PAIR 1024-bit
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
key_storage_read:0x0001:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0x0000:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b455900000000000100000001700004011000000902000600000000620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":TEST_FLAG_EXERCISE key_storage_read:0x0001:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0x0000:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b455900000000000100000001700004011000000902000600000000620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":TEST_FLAG_EXERCISE