Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backport 3.6: prepare for dynamic key store #9403

Merged
Changes from 1 commit
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Fix spurious test case failure with accelerated AES
When the PSA RNG uses AES through a PSA driver, it consumes one volatile key
identifier. When MBEDTLS_PSA_KEY_SLOT_DYNAMIC is enabled, that identifier
happens to coincide with the key ID value that the test case assumes not to
exist. Use a different value that avoids this coincidence.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm committed Jul 17, 2024
commit f39b2e01907fb3f583a53d1c20cb1d6ca70a9c12
13 changes: 12 additions & 1 deletion tests/suites/test_suite_psa_crypto_slot_management.data
Original file line number Diff line number Diff line change
@@ -122,7 +122,18 @@ open_fail:PSA_KEY_ID_VENDOR_MAX + 1:PSA_ERROR_DOES_NOT_EXIST

Open failure: invalid identifier (implementation range)
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
open_fail:PSA_KEY_ID_USER_MAX + 1:PSA_ERROR_DOES_NOT_EXIST
# We need to avoid existing volatile key IDs. Normally there aren't any
# existing volatile keys because the test case doesn't create any, but
# in some configurations, the implementation or a driver creates a
# volatile key during initialization for its own use. At the time of
# writing, this happens in builds where AES uses a PSA driver and the
# PSA RNG uses AES-CTR_DRBG through the PSA AES.
# Pick a key id that's in the middle of the volatile key ID range.
# That works out both when MBEDTLS_PSA_KEY_SLOT_DYNAMIC is enabled and
# volatile key IDs are assigned starting with the lowest value, and when
# MBEDTLS_PSA_KEY_SLOT_DYNAMIC is disabled and volatile key IDs are assigned
# starting with the highest values.
open_fail:(PSA_KEY_ID_VOLATILE_MIN + PSA_KEY_ID_VOLATILE_MAX) / 2:PSA_ERROR_DOES_NOT_EXIST

Open failure: non-existent identifier
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C