Keep track of PSA keys used interally

When PSA uses CTR_DRBG for its random generator and CTR_DRBG uses PSA for AES, as currently implemented, there is one volatile key in permanent use for the CTR_DRBG instance. Account for that in tests that want to know exactly how many volatile keys are in use, or how many volatile keys can be created. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-08-01 10:06:53 +03:00 · 2024-07-17 14:00:31 +02:00
parent f39b2e0190
commit d66dc64622
4 changed files with 47 additions and 16 deletions
--- a/tests/suites/test_suite_psa_crypto_init.function
+++ b/tests/suites/test_suite_psa_crypto_init.function
@ -8,6 +8,23 @@
 #include "mbedtls/entropy.h"
 #include "entropy_poll.h"

+static int check_stats(void)
+{
+    mbedtls_psa_stats_t stats;
+    mbedtls_psa_get_stats(&stats);
+
+    TEST_EQUAL(stats.volatile_slots, MBEDTLS_TEST_PSA_INTERNAL_KEYS);
+    TEST_EQUAL(stats.persistent_slots, 0);
+    TEST_EQUAL(stats.external_slots, 0);
+    TEST_EQUAL(stats.half_filled_slots, 0);
+    TEST_EQUAL(stats.locked_slots, 0);
+
+    return 1;
+
+exit:
+    return 0;
+}
+
 #define ENTROPY_MIN_NV_SEED_SIZE                                        \
    MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)

@ -187,10 +204,19 @@ void init_deinit(int count)
    psa_status_t status;
    int i;
    for (i = 0; i < count; i++) {
+        mbedtls_test_set_step(2 * i);
        status = psa_crypto_init();
        PSA_ASSERT(status);
+        if (!check_stats()) {
+            goto exit;
+        }
+
+        mbedtls_test_set_step(2 * i);
        status = psa_crypto_init();
        PSA_ASSERT(status);
+        if (!check_stats()) {
+            goto exit;
+        }
        PSA_DONE();
    }
 }