diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 4ad390d7a..73a3ea356 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -533,6 +533,10 @@ extern "C" { #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ +/* These features are always enabled. */ +#define PSA_WANT_KEY_TYPE_DERIVE 1 +#define PSA_WANT_KEY_TYPE_RAW_DATA 1 + #ifdef __cplusplus } #endif diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 9453e81c7..773e1711d 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -79,6 +79,7 @@ #define PSA_WANT_ALG_TLS12_PRF 1 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 #define PSA_WANT_ALG_XTS 1 + #define PSA_WANT_KEY_TYPE_DERIVE 1 #define PSA_WANT_KEY_TYPE_HMAC 1 #define PSA_WANT_KEY_TYPE_AES 1 @@ -88,6 +89,7 @@ #define PSA_WANT_KEY_TYPE_DES 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 +#define PSA_WANT_KEY_TYPE_RAW_DATA 1 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index 4036ee38f..19cb78cf6 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -119,8 +119,12 @@ class TestGenerator: filename = os.path.join(self.test_suite_directory, basename + '.data') test_case.write_data_file(filename, test_cases) - @staticmethod + ALWAYS_SUPPORTED = frozenset([ + 'PSA_KEY_TYPE_DERIVE', + 'PSA_KEY_TYPE_RAW_DATA', + ]) def test_cases_for_key_type_not_supported( + self, kt: crypto_knowledge.KeyType, param: Optional[int] = None, param_descr: str = '', @@ -131,8 +135,9 @@ class TestGenerator: parameter not being supported. If it is absent or None, emit test cases conditioned on the base type not being supported. """ - if kt.name == 'PSA_KEY_TYPE_RAW_DATA': - # This key type is always supported. + if kt.name in self.ALWAYS_SUPPORTED: + # Don't generate test cases for key types that are always supported. + # They would be skipped in all configurations, which is noise. return [] import_dependencies = [('!' if param is None else '') + psa_want_symbol(kt.name)] diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py index e3760c564..7a84cf4d8 100755 --- a/tests/scripts/set_psa_test_dependencies.py +++ b/tests/scripts/set_psa_test_dependencies.py @@ -112,9 +112,9 @@ WITHOUT_SYSTEMATIC_DEPENDENCIES = frozenset([ 'PSA_ALG_ANY_HASH', # only meaningful in policies 'PSA_ALG_KEY_AGREEMENT', # only a way to combine algorithms 'PSA_ALG_TRUNCATED_MAC', # only a modifier - 'PSA_KEY_TYPE_NONE', # always supported - 'PSA_KEY_TYPE_DERIVE', # always supported - 'PSA_KEY_TYPE_RAW_DATA', # always supported + 'PSA_KEY_TYPE_NONE', # not a real key type + 'PSA_KEY_TYPE_DERIVE', # always supported, don't list it to reduce noise + 'PSA_KEY_TYPE_RAW_DATA', # always supported, don't list it to reduce noise # Not implemented yet: cipher-related key types and algorithms. # Manually extracted from crypto_values.h. diff --git a/tests/suites/test_suite_psa_crypto_not_supported.generated.data b/tests/suites/test_suite_psa_crypto_not_supported.generated.data index 614f4a42a..02c7df399 100644 --- a/tests/suites/test_suite_psa_crypto_not_supported.generated.data +++ b/tests/suites/test_suite_psa_crypto_not_supported.generated.data @@ -80,22 +80,6 @@ PSA generate CHACHA20 256-bit not supported depends_on:!PSA_WANT_KEY_TYPE_CHACHA20 generate_not_supported:PSA_KEY_TYPE_CHACHA20:256 -PSA import DERIVE 120-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_DERIVE -import_not_supported:PSA_KEY_TYPE_DERIVE:"48657265006973206b6579a0646174" - -PSA generate DERIVE 120-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_DERIVE -generate_not_supported:PSA_KEY_TYPE_DERIVE:120 - -PSA import DERIVE 128-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_DERIVE -import_not_supported:PSA_KEY_TYPE_DERIVE:"48657265006973206b6579a064617461" - -PSA generate DERIVE 128-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_DERIVE -generate_not_supported:PSA_KEY_TYPE_DERIVE:128 - PSA import DES 64-bit not supported depends_on:!PSA_WANT_KEY_TYPE_DES import_not_supported:PSA_KEY_TYPE_DES:"644573206b457901"