From faa909266a1ec0cf2a89dfdd1926c770e3e5f603 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 Jun 2024 20:28:58 +0200 Subject: [PATCH] Fix spurious test case failure with accelerated AES When the PSA RNG uses AES through a PSA driver, it consumes one volatile key identifier. When MBEDTLS_PSA_KEY_SLOT_DYNAMIC is enabled, that identifier happens to coincide with the key ID value that the test case assumes not to exist. Use a different value that avoids this coincidence. Signed-off-by: Gilles Peskine --- .../test_suite_psa_crypto_slot_management.data | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.data index 560350c6ee..742f9b1ace 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.data @@ -122,7 +122,18 @@ open_fail:PSA_KEY_ID_VENDOR_MAX + 1:PSA_ERROR_DOES_NOT_EXIST Open failure: invalid identifier (implementation range) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -open_fail:PSA_KEY_ID_USER_MAX + 1:PSA_ERROR_DOES_NOT_EXIST +# We need to avoid existing volatile key IDs. Normally there aren't any +# existing volatile keys because the test case doesn't create any, but +# in some configurations, the implementation or a driver creates a +# volatile key during initialization for its own use. At the time of +# writing, this happens in builds where AES uses a PSA driver and the +# PSA RNG uses AES-CTR_DRBG through the PSA AES. +# Pick a key id that's in the middle of the volatile key ID range. +# That works out both when MBEDTLS_PSA_KEY_SLOT_DYNAMIC is enabled and +# volatile key IDs are assigned starting with the lowest value, and when +# MBEDTLS_PSA_KEY_SLOT_DYNAMIC is disabled and volatile key IDs are assigned +# starting with the highest values. +open_fail:(PSA_KEY_ID_VOLATILE_MIN + PSA_KEY_ID_VOLATILE_MAX) / 2:PSA_ERROR_DOES_NOT_EXIST Open failure: non-existent identifier depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C