Key policy negative tests don't actually require the algorithm

It doesn't make much difference in practice, but to keep closer to
what the current code does, run negative key policy tests even if the
algorithm for the operation attempt is not supported.

In particular, this allows the following test cases to run:
* "PSA key policy: agreement + KDF, wrong agreement algorithm"
* "PSA key policy: raw agreement, wrong algorithm"
Without this exception, those two test cases would never run, because
they would depend on PSA_ALG_WANT_FFDH. Since FFDH is not implemented
yet, it isn't enabled in any configuration. There's no alternative to
FFDH for these particular test cases because ECDH is the only key
agreement that is implemented in Mbed TLS so far.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-01-12 01:11:42 +01:00
parent 20987b9a46
commit 72d8e0ad04

View File

@ -160,6 +160,13 @@ def systematic_dependencies(file_name, function_name, arguments):
#pylint: disable=unused-argument
"""List the systematically determined dependency for a test case."""
deps = set()
# Run key policy negative tests even if the algorithm to attempt performing
# is not supported.
if function_name.endswith('_key_policy') and \
arguments[-1] != 'PSA_SUCCESS':
arguments[-2] = ''
for arg in arguments:
for symbol in re.findall(r'PSA_(?:ALG|KEY_TYPE)_\w+', arg):
deps.update(dependencies_of_symbol(symbol))