Fix broken test with MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER

When testing the lifecycle of a transient key, it doesn't make much sense to
try psa_open_key: that expects a persistent key and the lookup takes a
different path. The error from psa_open_key is also different depending on
whether MBEDTLS_PSA_CRYPTO_STORAGE_C is enabled.

To check that the key ownership is taken into account, try to access the
same key id with a different owner without expecting that this is a
persistent key. Just call psa_get_key_attributes, which works fine for a
transient key.

This fixes a test failure when MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is
enabled and MBEDTLS_PSA_CRYPTO_STORAGE_C is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2023-09-06 16:17:55 +02:00 committed by Yanray Wang
parent 0c98f9f842
commit 5f573f8301
2 changed files with 2 additions and 6 deletions

View file

@ -38,9 +38,6 @@
/* pkparse.c fails to link without this. */
#define MBEDTLS_OID_C
/* Since MBEDTLS_PSA_CRYPTO_STORAGE_C is disabled, we need to disable this to
pass test_suite_psa_crypto_slot_management. */
#undef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
/* Use built-in platform entropy functions. */
#undef MBEDTLS_NO_PLATFORM_ENTROPY
/* Disable buffer-based memory allocator */

View file

@ -142,7 +142,6 @@ void transient_slot_lifecycle(int owner_id_arg,
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
{
psa_key_handle_t handle;
mbedtls_svc_key_id_t key_with_invalid_owner =
mbedtls_svc_key_id_make(owner_id + 1,
MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key));
@ -150,8 +149,8 @@ void transient_slot_lifecycle(int owner_id_arg,
TEST_ASSERT(mbedtls_key_owner_id_equal(
owner_id,
MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(key)));
TEST_EQUAL(psa_open_key(key_with_invalid_owner, &handle),
PSA_ERROR_DOES_NOT_EXIST);
TEST_EQUAL(psa_get_key_attributes(key_with_invalid_owner, &attributes),
PSA_ERROR_INVALID_HANDLE);
}
#endif