commit 739c98c5e8c079c4094cf1dbd023ddd4f2e5a403
author Gilles Peskine <Gilles.Peskine@arm.com> Thu Apr 29 21:34:33 2021 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Tue Apr 05 15:19:16 2022 +0200
tree 8dcba99aa72948d6a7bdfe17c07c413780eea964
parent ea0d95e27b91aa3a1ad3edd7bfcc5a889e15b246

Make psa_key_derivation_setup return early if the key agreement is not supported

Otherwise the systematically generated algorithm-not-supported tests
complain when they try to start an operation and succeed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index c1c351b..2d2b17c 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -4414,6 +4414,16 @@
     operation->capacity = 255 * hash_size;
     return( PSA_SUCCESS );
 }
+
+static psa_status_t psa_key_agreement_try_support( psa_algorithm_t alg )
+{
+#if defined(PSA_WANT_ALG_ECDH)
+    if( alg == PSA_ALG_ECDH )
+        return( PSA_SUCCESS );
+#endif
+    (void) alg;
+    return( PSA_ERROR_NOT_SUPPORTED );
+}
 #endif /* AT_LEAST_ONE_BUILTIN_KDF */
 
 psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation,
@@ -4430,6 +4440,10 @@
     {
 #if defined(AT_LEAST_ONE_BUILTIN_KDF)
         psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
+        psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( alg );
+        status = psa_key_agreement_try_support( ka_alg );
+        if( status != PSA_SUCCESS )
+            return( status );
         status = psa_key_derivation_setup_kdf( operation, kdf_alg );
 #else
         return( PSA_ERROR_NOT_SUPPORTED );