Conversation
There was a problem hiding this comment.
Pull request overview
Adds new native (C API) resiliency stress tests to exercise partition/key operations under continuous partition resets, and updates the C++ resiliency callback helpers to use real POTA signing + the provisioned OBK so restore flows can succeed.
Changes:
- Switch resiliency test callbacks to generate valid POTA endorsements (real ECDSA P-384) and return the provisioned OBK.
- Factor Linux/OpenSSL POTA signing logic into a reusable helper (
sign_pota_endorsement) for reuse by resiliency callbacks. - Introduce new native resiliency stress test suites (init/AES/ECC/mixed) and wire them into the C++ test CMake target.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| api/tests/cpp/utils/resiliency_config.cpp | Updates resiliency callbacks to sign POTA endorsements and return the provisioned OBK for restore. |
| api/tests/cpp/utils/part_init_config.hpp | Declares a shared POTA signing helper used by init + resiliency callbacks. |
| api/tests/cpp/utils/part_init_config.cpp | Implements sign_pota_endorsement (Linux/OpenSSL) and refactors generate_pota_endorsement to call it. |
| api/tests/cpp/resiliency/resiliency_stress_helpers.hpp | Adds shared fixture/helpers for running operations under a background reset thread. |
| api/tests/cpp/resiliency/init_stress_tests.cpp | Adds init/cert-chain resiliency stress tests under reset. |
| api/tests/cpp/resiliency/aes_stress_tests.cpp | Adds AES resiliency stress tests under reset (encrypt/decrypt/keygen/delete). |
| api/tests/cpp/resiliency/ecc_stress_tests.cpp | Adds ECC resiliency stress tests under reset (sign/verify/keygen/report/unmask). |
| api/tests/cpp/resiliency/mixed_stress_tests.cpp | Adds mixed-operation and HMAC resiliency stress tests under reset. |
| api/tests/cpp/CMakeLists.txt | Adds the new resiliency stress test sources to the C++ test binary. |
| PartInitConfig init_config{}; | ||
| make_part_init_config(r.part, init_config); | ||
|
|
||
| azihsm_resiliency_config res_config{}; | ||
| make_resiliency_config_in(*r.resiliency_ctx, res_config); |
There was a problem hiding this comment.
make_part_init_config() can throw std::runtime_error (it calls generate_pota_endorsement(), which throws if azihsm_part_get_prop fails). Because this test runs while a reset thread is active, a transient DDI error can currently escape as an uncaught exception and abort the test instead of being counted/tolerated. Consider wrapping make_part_init_config()/azihsm_part_init() in a try/catch inside the worker loop and treating exceptions as transient failures (similar to the existing tolerance for DDI_CMD_FAILURE).
| return AZIHSM_STATUS_SUCCESS; | ||
| } | ||
|
|
||
| // Dummy OBK provider callback |
There was a problem hiding this comment.
The comment says this is a "Dummy OBK provider callback", but the implementation now returns the real provisioned OBK (TEST_OBK) so that restore can succeed. Please update the comment to avoid confusion when debugging restore/init failures.
| // Dummy OBK provider callback | |
| // OBK provider callback that returns the provisioned test OBK so restore can succeed. |
No description provided.