TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 5f573f8301267a8d8b443f61530ab279358107b9^! / .
commit5f573f8301267a8d8b443f61530ab279358107b9[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Wed Sep 06 16:17:55 2023 +0200
committerYanray Wang <yanray.wang@arm.com>Tue Sep 26 17:15:52 2023 +0800
tree7f639a0f0c7a1cd56a6ddd757cd7f972ba2594a7
parent0c98f9f8423c74fcd2a04a0f1c17e3f9fb37448b [diff]
Fix broken test with MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER

When testing the lifecycle of a transient key, it doesn't make much sense to
try psa_open_key: that expects a persistent key and the lookup takes a
different path. The error from psa_open_key is also different depending on
whether MBEDTLS_PSA_CRYPTO_STORAGE_C is enabled.

To check that the key ownership is taken into account, try to access the
same key id with a different owner without expecting that this is a
persistent key. Just call psa_get_key_attributes, which works fine for a
transient key.

This fixes a test failure when MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is
enabled and MBEDTLS_PSA_CRYPTO_STORAGE_C is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

diff --git a/configs/config-tfm.h b/configs/config-tfm.h
index 772e6e5..500cb24 100644
--- a/configs/config-tfm.h
+++ b/configs/config-tfm.h

@@ -38,9 +38,6 @@
 /* pkparse.c fails to link without this. */
 #define MBEDTLS_OID_C
 
-/* Since MBEDTLS_PSA_CRYPTO_STORAGE_C is disabled, we need to disable this to
-   pass test_suite_psa_crypto_slot_management. */
-#undef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
 /* Use built-in platform entropy functions. */
 #undef MBEDTLS_NO_PLATFORM_ENTROPY
 /* Disable buffer-based memory allocator */

diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index 5bd12eb..b4f2d23 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function

@@ -142,7 +142,6 @@
 
 #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
     {
-        psa_key_handle_t handle;
         mbedtls_svc_key_id_t key_with_invalid_owner =
             mbedtls_svc_key_id_make(owner_id + 1,
                                     MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key));
@@ -150,8 +149,8 @@
         TEST_ASSERT(mbedtls_key_owner_id_equal(
                         owner_id,
                         MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(key)));
-        TEST_EQUAL(psa_open_key(key_with_invalid_owner, &handle),
-                   PSA_ERROR_DOES_NOT_EXIST);
+        TEST_EQUAL(psa_get_key_attributes(key_with_invalid_owner, &attributes),
+                   PSA_ERROR_INVALID_HANDLE);
     }
 #endif