From 72d8e0ad0418e7ca64cba3dfd9353d73ae743363 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 12 Jan 2021 01:11:42 +0100 Subject: [PATCH] Key policy negative tests don't actually require the algorithm It doesn't make much difference in practice, but to keep closer to what the current code does, run negative key policy tests even if the algorithm for the operation attempt is not supported. In particular, this allows the following test cases to run: * "PSA key policy: agreement + KDF, wrong agreement algorithm" * "PSA key policy: raw agreement, wrong algorithm" Without this exception, those two test cases would never run, because they would depend on PSA_ALG_WANT_FFDH. Since FFDH is not implemented yet, it isn't enabled in any configuration. There's no alternative to FFDH for these particular test cases because ECDH is the only key agreement that is implemented in Mbed TLS so far. Signed-off-by: Gilles Peskine --- tests/scripts/set_psa_test_dependencies.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py index 3882a9b0d6..894272ef48 100755 --- a/tests/scripts/set_psa_test_dependencies.py +++ b/tests/scripts/set_psa_test_dependencies.py @@ -160,6 +160,13 @@ def systematic_dependencies(file_name, function_name, arguments): #pylint: disable=unused-argument """List the systematically determined dependency for a test case.""" deps = set() + + # Run key policy negative tests even if the algorithm to attempt performing + # is not supported. + if function_name.endswith('_key_policy') and \ + arguments[-1] != 'PSA_SUCCESS': + arguments[-2] = '' + for arg in arguments: for symbol in re.findall(r'PSA_(?:ALG|KEY_TYPE)_\w+', arg): deps.update(dependencies_of_symbol(symbol))