Define WANT symbols for always-supported key types

PSA_KEY_TYPE_RAW_DATA and PSA_KEY_TYPE_DERIVE are always supported.
Make this explicit by declaring PSA_WANT_KEY_TYPE_RAW_DATA and
PSA_WANT_KEY_TYPE_DERIVE unconditionally. This makes it easier to
infer dependencies in a systematic way.

Don't generate not-supported test cases for those key types. They
would always be skipped, which is noise and would make it impossible
to eventually validate that all test cases pass in at least one
configuration over the whole CI.

Don't remove the exception in set_psa_test_dependencies.py for now, to
get less noise in dependencies. This may be revised later if it is
deemed more important to be systematic.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-02-16 14:06:50 +01:00
parent 7f756876b9
commit 60b29fea46
5 changed files with 17 additions and 22 deletions

View file

@ -533,6 +533,10 @@ extern "C" {
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
/* These features are always enabled. */
#define PSA_WANT_KEY_TYPE_DERIVE 1
#define PSA_WANT_KEY_TYPE_RAW_DATA 1
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

View file

@ -79,6 +79,7 @@
#define PSA_WANT_ALG_TLS12_PRF 1 #define PSA_WANT_ALG_TLS12_PRF 1
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
#define PSA_WANT_ALG_XTS 1 #define PSA_WANT_ALG_XTS 1
#define PSA_WANT_KEY_TYPE_DERIVE 1 #define PSA_WANT_KEY_TYPE_DERIVE 1
#define PSA_WANT_KEY_TYPE_HMAC 1 #define PSA_WANT_KEY_TYPE_HMAC 1
#define PSA_WANT_KEY_TYPE_AES 1 #define PSA_WANT_KEY_TYPE_AES 1
@ -88,6 +89,7 @@
#define PSA_WANT_KEY_TYPE_DES 1 #define PSA_WANT_KEY_TYPE_DES 1
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
#define PSA_WANT_KEY_TYPE_RAW_DATA 1
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1

View file

@ -119,8 +119,12 @@ class TestGenerator:
filename = os.path.join(self.test_suite_directory, basename + '.data') filename = os.path.join(self.test_suite_directory, basename + '.data')
test_case.write_data_file(filename, test_cases) test_case.write_data_file(filename, test_cases)
@staticmethod ALWAYS_SUPPORTED = frozenset([
'PSA_KEY_TYPE_DERIVE',
'PSA_KEY_TYPE_RAW_DATA',
])
def test_cases_for_key_type_not_supported( def test_cases_for_key_type_not_supported(
self,
kt: crypto_knowledge.KeyType, kt: crypto_knowledge.KeyType,
param: Optional[int] = None, param: Optional[int] = None,
param_descr: str = '', param_descr: str = '',
@ -131,8 +135,9 @@ class TestGenerator:
parameter not being supported. If it is absent or None, emit test cases parameter not being supported. If it is absent or None, emit test cases
conditioned on the base type not being supported. conditioned on the base type not being supported.
""" """
if kt.name == 'PSA_KEY_TYPE_RAW_DATA': if kt.name in self.ALWAYS_SUPPORTED:
# This key type is always supported. # Don't generate test cases for key types that are always supported.
# They would be skipped in all configurations, which is noise.
return [] return []
import_dependencies = [('!' if param is None else '') + import_dependencies = [('!' if param is None else '') +
psa_want_symbol(kt.name)] psa_want_symbol(kt.name)]

View file

@ -112,9 +112,9 @@ WITHOUT_SYSTEMATIC_DEPENDENCIES = frozenset([
'PSA_ALG_ANY_HASH', # only meaningful in policies 'PSA_ALG_ANY_HASH', # only meaningful in policies
'PSA_ALG_KEY_AGREEMENT', # only a way to combine algorithms 'PSA_ALG_KEY_AGREEMENT', # only a way to combine algorithms
'PSA_ALG_TRUNCATED_MAC', # only a modifier 'PSA_ALG_TRUNCATED_MAC', # only a modifier
'PSA_KEY_TYPE_NONE', # always supported 'PSA_KEY_TYPE_NONE', # not a real key type
'PSA_KEY_TYPE_DERIVE', # always supported 'PSA_KEY_TYPE_DERIVE', # always supported, don't list it to reduce noise
'PSA_KEY_TYPE_RAW_DATA', # always supported 'PSA_KEY_TYPE_RAW_DATA', # always supported, don't list it to reduce noise
# Not implemented yet: cipher-related key types and algorithms. # Not implemented yet: cipher-related key types and algorithms.
# Manually extracted from crypto_values.h. # Manually extracted from crypto_values.h.

View file

@ -80,22 +80,6 @@ PSA generate CHACHA20 256-bit not supported
depends_on:!PSA_WANT_KEY_TYPE_CHACHA20 depends_on:!PSA_WANT_KEY_TYPE_CHACHA20
generate_not_supported:PSA_KEY_TYPE_CHACHA20:256 generate_not_supported:PSA_KEY_TYPE_CHACHA20:256
PSA import DERIVE 120-bit not supported
depends_on:!PSA_WANT_KEY_TYPE_DERIVE
import_not_supported:PSA_KEY_TYPE_DERIVE:"48657265006973206b6579a0646174"
PSA generate DERIVE 120-bit not supported
depends_on:!PSA_WANT_KEY_TYPE_DERIVE
generate_not_supported:PSA_KEY_TYPE_DERIVE:120
PSA import DERIVE 128-bit not supported
depends_on:!PSA_WANT_KEY_TYPE_DERIVE
import_not_supported:PSA_KEY_TYPE_DERIVE:"48657265006973206b6579a064617461"
PSA generate DERIVE 128-bit not supported
depends_on:!PSA_WANT_KEY_TYPE_DERIVE
generate_not_supported:PSA_KEY_TYPE_DERIVE:128
PSA import DES 64-bit not supported PSA import DES 64-bit not supported
depends_on:!PSA_WANT_KEY_TYPE_DES depends_on:!PSA_WANT_KEY_TYPE_DES
import_not_supported:PSA_KEY_TYPE_DES:"644573206b457901" import_not_supported:PSA_KEY_TYPE_DES:"644573206b457901"