commit d66dc64622aaae8c47500ce081f1d6c103e204e0
author Gilles Peskine <Gilles.Peskine@arm.com> Wed Jul 17 14:00:31 2024 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Wed Jul 17 14:00:31 2024 +0200
tree 6fd87c3de6db0416c589ab57207b09310e78575b
parent f39b2e01907fb3f583a53d1c20cb1d6ca70a9c12

Keep track of PSA keys used interally

When PSA uses CTR_DRBG for its random generator and CTR_DRBG uses PSA for
AES, as currently implemented, there is one volatile key in permanent use
for the CTR_DRBG instance. Account for that in tests that want to know
exactly how many volatile keys are in use, or how many volatile keys can be
created.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tests/include/test/psa_crypto_helpers.h

diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index fae715c..71ba0fc 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -440,4 +440,24 @@
 #define AES_PSA_DONE() ((void) 0)
 #endif /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */
 
+#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) &&                        \
+    defined(MBEDTLS_CTR_DRBG_C) &&                                      \
+    defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
+/* When AES_C is not defined and PSA does not have an external RNG,
+ * then CTR_DRBG uses PSA to perform AES-ECB. In this scenario 1 key
+ * slot is used internally from PSA to hold the AES key and it should
+ * not be taken into account when evaluating remaining open slots. */
+#define MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG 1
+#else
+#define MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG 0
+#endif
+
+/** The number of volatile keys that PSA crypto uses internally.
+ *
+ * We expect that many volatile keys to be in use after a successful
+ * psa_crypto_init().
+ */
+#define MBEDTLS_TEST_PSA_INTERNAL_KEYS          \
+    MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG
+
 #endif /* PSA_CRYPTO_HELPERS_H */