def keys_for_implicit_usage( self, implyer_usage: str, alg: str, key_type: crypto_knowledge.KeyType) -> StorageTestData: # pylint: disable=too-many-locals """Generate test keys for the specified implicit usage flag, algorithm and key type combination. """ bits = key_type.sizes_to_test()[0] implicit_usage = StorageKey.IMPLICIT_USAGE_FLAGS[implyer_usage] usage_flags = 'PSA_KEY_USAGE_EXPORT' material_usage_flags = usage_flags + ' | ' + implyer_usage expected_usage_flags = material_usage_flags + ' | ' + implicit_usage alg2 = 0 key_material = key_type.key_material(bits) usage_expression = re.sub(r'PSA_KEY_USAGE_', r'', implyer_usage) alg_expression = re.sub(r'PSA_ALG_', r'', alg) alg_expression = re.sub(r',', r', ', re.sub(r' +', r'', alg_expression)) key_type_expression = re.sub(r'\bPSA_(?:KEY_TYPE|ECC_FAMILY)_', r'', key_type.expression) description = 'implied by {}: {} {} {}-bit'.format( usage_expression, alg_expression, key_type_expression, bits) key = StorageTestData(version=self.version, id=1, lifetime=0x00000001, type=key_type.expression, bits=bits, usage=material_usage_flags, expected_usage=expected_usage_flags, without_implicit_usage=True, alg=alg, alg2=alg2, material=key_material, description=description) return key
def test_cases_for_key_type_not_supported( self, kt: crypto_knowledge.KeyType, param: Optional[int] = None, param_descr: str = '', ) -> Iterator[test_case.TestCase]: """Return test cases exercising key creation when the given type is unsupported. If param is present and not None, emit test cases conditioned on this parameter not being supported. If it is absent or None, emit test cases conditioned on the base type not being supported. """ if kt.name in self.ALWAYS_SUPPORTED: # Don't generate test cases for key types that are always supported. # They would be skipped in all configurations, which is noise. return import_dependencies = [ ('!' if param is None else '') + psa_want_symbol(kt.name) ] if kt.params is not None: import_dependencies += [ ('!' if param == i else '') + psa_want_symbol(sym) for i, sym in enumerate(kt.params) ] if kt.name.endswith('_PUBLIC_KEY'): generate_dependencies = [] else: generate_dependencies = import_dependencies for bits in kt.sizes_to_test(): yield test_case_for_key_type_not_supported( 'import', kt.expression, bits, finish_family_dependencies(import_dependencies, bits), test_case.hex_string(kt.key_material(bits)), param_descr=param_descr, ) if not generate_dependencies and param is not None: # If generation is impossible for this key type, rather than # supported or not depending on implementation capabilities, # only generate the test case once. continue # For public key we expect that key generation fails with # INVALID_ARGUMENT. It is handled by KeyGenerate class. if not kt.name.endswith('_PUBLIC_KEY'): yield test_case_for_key_type_not_supported( 'generate', kt.expression, bits, finish_family_dependencies(generate_dependencies, bits), str(bits), param_descr=param_descr, )
def test_cases_for_key_type_key_generation( kt: crypto_knowledge.KeyType) -> Iterator[test_case.TestCase]: """Return test cases exercising key generation. All key types can be generated except for public keys. For public key PSA_ERROR_INVALID_ARGUMENT status is expected. """ result = 'PSA_SUCCESS' import_dependencies = [psa_want_symbol(kt.name)] if kt.params is not None: import_dependencies += [ psa_want_symbol(sym) for i, sym in enumerate(kt.params) ] if kt.name.endswith('_PUBLIC_KEY'): # The library checks whether the key type is a public key generically, # before it reaches a point where it needs support for the specific key # type, so it returns INVALID_ARGUMENT for unsupported public key types. generate_dependencies = [] result = 'PSA_ERROR_INVALID_ARGUMENT' else: generate_dependencies = import_dependencies if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR': generate_dependencies.append("MBEDTLS_GENPRIME") for bits in kt.sizes_to_test(): yield test_case_for_key_generation( kt.expression, bits, finish_family_dependencies(generate_dependencies, bits), str(bits), result)