Skip to content

xtest: Add Application Secrets TA testsuite#815

Open
tusal-vaisala wants to merge 1 commit into
OP-TEE:masterfrom
tusal-vaisala:asteec-suite
Open

xtest: Add Application Secrets TA testsuite#815
tusal-vaisala wants to merge 1 commit into
OP-TEE:masterfrom
tusal-vaisala:asteec-suite

Conversation

@tusal-vaisala
Copy link
Copy Markdown

@tusal-vaisala tusal-vaisala commented May 21, 2026

Related optee_os PR: OP-TEE/optee_os#7769

Addresses issue: OP-TEE/optee_os#7768

@tusal-vaisala
xtest: Add Application Secrets TA testsuite
abafecc 
The suite covers seal/unseal round-trips at 1-byte and maximum plaintext
sizes, randomized sealing (IV uniqueness), rejection of malformed and
tampered ciphertext, and binding to the caller's login identity.

Sealing overhead is measured at runtime via a one-byte probe seal
instead of being hardcoded, so the max-plaintext subcase remains valid
across changes to TA-side overhead. The same probe also detects TA
absence: TEEC_ERROR_ITEM_NOT_FOUND from the probe skips the suite, any
other probe error fails it.

A subcase that seals under one uid and unseals under another uid is not
included because that would require external orchestration outside this
test case. The analogous gid subcase is present, but skipped at runtime
when the caller is member of only one group. The login-method-mismatch
subcase still verifies that login type is part of the binding.

Signed-off-by: Tuomas Salokanto <tuomas.salokanto@vaisala.com>
@tusal-vaisala tusal-vaisala mentioned this pull request May 21, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tusal-vaisala