Don't exercise if the algorithm is not supported

Parsing a key and importing it into PSA may result in a policy that specifies an algorithm that is not included in the build. This happens if the key type is supported, but not the algorithm, e.g. in a build with MBEDTLS_ECP_C but not MBEDTLS_ECDSA_C. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-07-29 11:41:15 +03:00 · 2024-02-12 14:19:24 +01:00
parent 1d33876d37
commit 34955677e5
3 changed files with 67 additions and 2 deletions
--- a/tests/include/test/psa_exercise_key.h
+++ b/tests/include/test/psa_exercise_key.h
@ -221,4 +221,20 @@ int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key,
 psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type,
                                                   psa_algorithm_t alg);

+/** Whether the specified algorithm can be exercised.
+ *
+ * \note This function is solely based on the algorithm and does not
+ *       consider potential issues with the compatibility of a key.
+ *       The idea is that you already have a key, so you know that the
+ *       key type is supported, and you want to exercise the key but
+ *       only if the algorithm given in its policy is enabled in the
+ *       compile-time configuration.
+ *
+ * \note This function currently only supports signature algorithms
+ *       (including wildcards).
+ *       TODO: a more general mechanism, which should be automatically
+ *       generated and possibly available as a library function?
+ */
+int mbedtls_test_can_exercise_psa_algorithm(psa_algorithm_t alg);
+
 #endif /* PSA_EXERCISE_KEY_H */