From 5f573f8301267a8d8b443f61530ab279358107b9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 6 Sep 2023 16:17:55 +0200 Subject: [PATCH] Fix broken test with MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER When testing the lifecycle of a transient key, it doesn't make much sense to try psa_open_key: that expects a persistent key and the lookup takes a different path. The error from psa_open_key is also different depending on whether MBEDTLS_PSA_CRYPTO_STORAGE_C is enabled. To check that the key ownership is taken into account, try to access the same key id with a different owner without expecting that this is a persistent key. Just call psa_get_key_attributes, which works fine for a transient key. This fixes a test failure when MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is enabled and MBEDTLS_PSA_CRYPTO_STORAGE_C is disabled. Signed-off-by: Gilles Peskine --- configs/config-tfm.h | 3 --- tests/suites/test_suite_psa_crypto_slot_management.function | 5 ++--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index 772e6e5e3..500cb243f 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -38,9 +38,6 @@ /* pkparse.c fails to link without this. */ #define MBEDTLS_OID_C -/* Since MBEDTLS_PSA_CRYPTO_STORAGE_C is disabled, we need to disable this to - pass test_suite_psa_crypto_slot_management. */ -#undef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER /* Use built-in platform entropy functions. */ #undef MBEDTLS_NO_PLATFORM_ENTROPY /* Disable buffer-based memory allocator */ diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 5bd12eb09..b4f2d234e 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -142,7 +142,6 @@ void transient_slot_lifecycle(int owner_id_arg, #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) { - psa_key_handle_t handle; mbedtls_svc_key_id_t key_with_invalid_owner = mbedtls_svc_key_id_make(owner_id + 1, MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key)); @@ -150,8 +149,8 @@ void transient_slot_lifecycle(int owner_id_arg, TEST_ASSERT(mbedtls_key_owner_id_equal( owner_id, MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(key))); - TEST_EQUAL(psa_open_key(key_with_invalid_owner, &handle), - PSA_ERROR_DOES_NOT_EXIST); + TEST_EQUAL(psa_get_key_attributes(key_with_invalid_owner, &attributes), + PSA_ERROR_INVALID_HANDLE); } #endif