From 8b3c6fffa7319f0264de7605b820a45c6cc541b5 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Tue, 12 Mar 2024 06:05:03 +0100
Subject: [PATCH] test_suite_pk: add comment for pk_copy_from_psa_builtin_fail

Explain why this kind of test is possible for RSA keys, while
it is not possible for EC ones.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 tests/suites/test_suite_pk.data | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index f2e2c62ac1..18a1bb2063 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -1459,6 +1459,15 @@ pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAM
 Copy from PSA: use wrong parameters
 pk_copy_from_psa_fail:
 
+# The following test is only possible for RSA keys and not for EC ones:
+# - for the former it is possible to have an accelerated RSA key in PSA while
+#   having RSA_C disabled. Since RSA path is guarded by RSA_C in mbedtls_pk_copy_from_psa(),
+#   any attempt to copy that key will fail.
+# - for the latter instead the guard is PK_HAVE_ECC_KEYS which is enabled as soon
+#   as there is any curve supported either builtin or in a driver. In a scenario
+#   in which a certain EC key is only available through a driver and not as
+#   builtin mbedtls_pk_copy_from_psa() uses functions that will all succeed
+#   and therefore it will succeed.
 Copy from PSA: accelerated key only, not available as built-in
 pk_copy_from_psa_builtin_fail: