test_suite_psa_crypto_slot_management: modify check on open key slots
This commit
- Reverts changes previously done to psa_crypto_helpers.[c,h]
- Implements a new check for open key slots in
mbedtls_test_helper_is_psa_leaking():
- when CTR_DRBG does not use AES_C or PSA does not have an external
RNG, then we allow 1 key slot (it's the one holding the AES key)
- when the above conditions are not met, then we fallback to the
usual check for "no open key slots remaining"
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti
parent
7ab90723c4
commit
7448367f68
3 changed files with 17 additions and 11 deletions
|
|
@ -34,7 +34,6 @@
|
|||
#define PSA_DONE() \
|
||||
do \
|
||||
{ \
|
||||
mbedtls_psa_random_free(); \
|
||||
mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__); \
|
||||
mbedtls_test_psa_purge_key_storage(); \
|
||||
mbedtls_psa_crypto_free(); \
|
||||
|
|
@ -126,21 +125,17 @@ const char *mbedtls_test_helper_is_psa_leaking(void);
|
|||
|
||||
/** Shut down the PSA Crypto subsystem, allowing persistent keys to survive.
|
||||
* Expect a clean shutdown, with no slots in use.
|
||||
* mbedtls_psa_random_free() is called before any check for remaining open
|
||||
* keys because when AES_C is not defined, CTR_DRBG relies on PSA to perform
|
||||
* AES-ECB so it holds an open AES key for that since psa_crypto_init().
|
||||
*
|
||||
* If some key slots are still in use, record the test case as failed and
|
||||
* jump to the `exit` label.
|
||||
*/
|
||||
#define PSA_SESSION_DONE() \
|
||||
do \
|
||||
{ \
|
||||
mbedtls_psa_random_free(); \
|
||||
do \
|
||||
{ \
|
||||
mbedtls_test_psa_purge_key_cache(); \
|
||||
ASSERT_PSA_PRISTINE(); \
|
||||
mbedtls_psa_crypto_free(); \
|
||||
} \
|
||||
} \
|
||||
while (0)
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue