Declare a code dependency in the code instead of in the data

When using the test function persistent_key_load_key_from_storage with
DERIVE_KEY, there's a dependency on HKDF-SHA-256. Since this
dependency is in the code, declare it there rather than with the data.
If the depenency is not met, mark the test as skipped since it can't
create the key to be tested.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-01-12 00:02:15 +01:00
parent 51b8bb01cb
commit 6fea21d515
2 changed files with 9 additions and 2 deletions

View file

@ -2808,5 +2808,4 @@ depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTL
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:GENERATE_KEY
PSA derive persistent key: HKDF SHA-256, exportable
depends_on:MBEDTLS_SHA256_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY

View file

@ -5786,6 +5786,7 @@ void persistent_key_load_key_from_storage( data_t *data,
break;
case DERIVE_KEY:
#if PSA_WANT_ALG_HKDF && PSA_WANT_ALG_SHA_256
{
/* Create base key */
psa_algorithm_t derive_alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 );
@ -5812,7 +5813,14 @@ void persistent_key_load_key_from_storage( data_t *data,
PSA_ASSERT( psa_destroy_key( base_key ) );
base_key = MBEDTLS_SVC_KEY_ID_INIT;
}
break;
#else
TEST_ASSUME( ! "KDF not supported in this configuration" );
#endif
break;
default:
TEST_ASSERT( ! "generation_method not implemented in test" );
break;
}
psa_reset_key_attributes( &attributes );