test_suite_pk: add comment for pk_copy_from_psa_builtin_fail

Explain why this kind of test is possible for RSA keys, while it is not possible for EC ones. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-16 04:20:49 +00:00 · 2024-03-12 06:05:03 +01:00 · 2024-03-12 06:05:03 +01:00 · 8b3c6fffa7
commit 8b3c6fffa7
parent d286491ed7
1 changed files with 9 additions and 0 deletions
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@ -1459,6 +1459,15 @@ pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAM
 Copy from PSA: use wrong parameters
 pk_copy_from_psa_fail:

+# The following test is only possible for RSA keys and not for EC ones:
+# - for the former it is possible to have an accelerated RSA key in PSA while
+#   having RSA_C disabled. Since RSA path is guarded by RSA_C in mbedtls_pk_copy_from_psa(),
+#   any attempt to copy that key will fail.
+# - for the latter instead the guard is PK_HAVE_ECC_KEYS which is enabled as soon
+#   as there is any curve supported either builtin or in a driver. In a scenario
+#   in which a certain EC key is only available through a driver and not as
+#   builtin mbedtls_pk_copy_from_psa() uses functions that will all succeed
+#   and therefore it will succeed.
 Copy from PSA: accelerated key only, not available as built-in
 pk_copy_from_psa_builtin_fail: