From 739c98c5e8c079c4094cf1dbd023ddd4f2e5a403 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 29 Apr 2021 21:34:33 +0200 Subject: [PATCH] Make psa_key_derivation_setup return early if the key agreement is not supported Otherwise the systematically generated algorithm-not-supported tests complain when they try to start an operation and succeed. Signed-off-by: Gilles Peskine --- library/psa_crypto.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c1c351b5a7..2d2b17c006 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4414,6 +4414,16 @@ static psa_status_t psa_key_derivation_setup_kdf( operation->capacity = 255 * hash_size; return( PSA_SUCCESS ); } + +static psa_status_t psa_key_agreement_try_support( psa_algorithm_t alg ) +{ +#if defined(PSA_WANT_ALG_ECDH) + if( alg == PSA_ALG_ECDH ) + return( PSA_SUCCESS ); +#endif + (void) alg; + return( PSA_ERROR_NOT_SUPPORTED ); +} #endif /* AT_LEAST_ONE_BUILTIN_KDF */ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation, @@ -4430,6 +4440,10 @@ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation { #if defined(AT_LEAST_ONE_BUILTIN_KDF) psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ); + psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( alg ); + status = psa_key_agreement_try_support( ka_alg ); + if( status != PSA_SUCCESS ) + return( status ); status = psa_key_derivation_setup_kdf( operation, kdf_alg ); #else return( PSA_ERROR_NOT_SUPPORTED );