tests: crypto: Add support for testing wrapped keys in PSA crypto tests.

Aasimshaik11 · Aasimshaik11 · commit 3ad3252d029c · 2025-10-09T16:15:35.000+05:30
1. Moved the wrapper key option from the SoC level to the
   917-specific implementation.
2. Updated the necessary changes in the crypto source files.
diff --git a/soc/silabs/silabs_siwx917/Kconfig b/soc/silabs/silabs_siwx917/Kconfig
@@ -21,8 +21,10 @@ config MBEDTLS_USER_CONFIG_FILE
 	default "sl_mbedtls_config_zephyr.h" \
 		if PSA_CRYPTO_DRIVER_SILABS_SIWX91X
 
+if SOC_SERIES_SIWG917
 config TEST_WRAPPED_KEYS
-	bool "To enable Wrapper keys"
+	bool "Enable Wrapper keys - specific to SiWG917"
+endif
 
 endif
 endif
diff --git a/tests/crypto/psa_crypto/src/aead.c b/tests/crypto/psa_crypto/src/aead.c
@@ -9,8 +9,6 @@
 
 const uint8_t aes_key_buf[] = {0xea, 0x4f, 0x6f, 0x3c, 0x2f, 0xed, 0x2b, 0x9d,
 			       0xd9, 0x70, 0x8c, 0x2e, 0x72, 0x1a, 0xe0, 0x0f};
-const uint8_t wrapped_aes_key_buf[] = {0x52, 0xb3, 0x41, 0x71, 0xcf, 0xd6, 0xa2, 0x00,
-				       0xe6, 0xe4, 0x75, 0x57, 0xa6, 0xe5, 0x0a, 0x0f};
 const uint8_t aes_nonce_buf[] = {0xf9, 0x75, 0x80, 0x9d, 0xdb, 0x51,
 				 0x72, 0x38, 0x27, 0x45, 0x63, 0x4f};
 const uint8_t aes_ad_buf[] = {0x5c, 0x65, 0xd4, 0xf2, 0x61, 0xd2, 0xc5, 0x4f, 0xfe, 0x6a};
@@ -20,12 +18,6 @@ const uint8_t chachapoly_key_buf[] = {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86,
 				      0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
 				      0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
 				      0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f};
-#if defined(CONFIG_TEST_WRAPPED_KEYS) && CONFIG_TEST_WRAPPED_KEYS
-const uint8_t wrapped_chachapoly_key_buf[] = {0x19, 0x67, 0x03, 0x6a, 0x20, 0xe6, 0x32, 0xed,
-					      0x21, 0x2a, 0x4a, 0xdc, 0x2c, 0x5f, 0x19, 0x22,
-					      0x77, 0x56, 0x61, 0x92, 0x2c, 0xf3, 0xdc, 0xe8,
-					      0x8e, 0x81, 0x45, 0x4d, 0xd6, 0xc7, 0x86, 0x0b};
-#endif
 const uint8_t chachapoly_nonce_buf[] = {0x07, 0x00, 0x00, 0x00, 0x40, 0x41,
 					0x42, 0x43, 0x44, 0x45, 0x46, 0x47};
 const uint8_t chachapoly_ad_buf[] = {0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1,
@@ -69,22 +61,15 @@ ZTEST(psa_crypto_test, test_aead_aes_ccm)
 	psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
 	psa_set_key_algorithm(&attributes, alg);
 
-#if defined(CONFIG_TEST_WRAPPED_KEYS) && CONFIG_TEST_WRAPPED_KEYS
-	printf("Test Wrapper keys enabled\n");
-	psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
-						  PSA_KEY_PERSISTENCE_VOLATILE, 1));
-	zassert_equal(psa_import_key(&attributes, wrapped_aes_key_buf, sizeof(wrapped_aes_key_buf),
-				     &key_id),
-		      PSA_SUCCESS, "Failed to import key");
-#else
 	zassert_equal(psa_import_key(&attributes, aes_key_buf, sizeof(aes_key_buf), &key_id),
 		      PSA_SUCCESS, "Failed to import key");
-#endif
+
 	zassert_equal(psa_aead_encrypt(key_id, alg, aes_nonce_buf, sizeof(aes_nonce_buf),
 				       aes_ad_buf, sizeof(aes_ad_buf), aes_plaintext,
 				       sizeof(aes_plaintext), cipher_tag_buf,
 				       sizeof(cipher_tag_buf), &out_len),
-		      PSA_SUCCESS, "Failed to perform encrypt");
+		      PSA_SUCCESS, "Failed to encrypt");
+
 	zassert_equal(out_len, sizeof(expect_cipher_tag_buf));
 	zassert_mem_equal(cipher_tag_buf, expect_cipher_tag_buf, sizeof(expect_cipher_tag_buf));
 
@@ -95,6 +80,7 @@ ZTEST(psa_crypto_test, test_aead_aes_ccm)
 
 	zassert_equal(out_len, sizeof(aes_plaintext));
 	zassert_mem_equal(decrypted, aes_plaintext, sizeof(aes_plaintext));
+
 	zassert_equal(psa_destroy_key(key_id), PSA_SUCCESS, "Failed to destroy key");
 }
 
@@ -116,25 +102,16 @@ ZTEST(psa_crypto_test, test_aead_aes_gcm)
 	psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
 	psa_set_key_algorithm(&attributes, alg);
 
-#if defined(CONFIG_TEST_WRAPPED_KEYS) && CONFIG_TEST_WRAPPED_KEYS
-	printf("Test Wrapper keys enabled\n");
-	psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
-						  PSA_KEY_PERSISTENCE_VOLATILE, 1));
-	zassert_equal(psa_import_key(&attributes, wrapped_aes_key_buf, sizeof(wrapped_aes_key_buf),
-				     &key_id),
-		      PSA_SUCCESS, "Failed to import key");
-#else
 	zassert_equal(psa_import_key(&attributes, aes_key_buf, sizeof(aes_key_buf), &key_id),
 		      PSA_SUCCESS, "Failed to import key");
-#endif
+
 	zassert_equal(psa_aead_encrypt(key_id, alg, aes_nonce_buf, sizeof(aes_nonce_buf),
 				       aes_ad_buf, sizeof(aes_ad_buf), aes_plaintext,
 				       sizeof(aes_plaintext), cipher_tag_buf,
 				       sizeof(cipher_tag_buf), &out_len),
-		      PSA_SUCCESS, "Failed to perform encrypt");
+		      PSA_SUCCESS, "Failed to encrypt");
 
 	zassert_equal(out_len, sizeof(expect_cipher_tag_buf));
-
 	zassert_mem_equal(cipher_tag_buf, expect_cipher_tag_buf, sizeof(expect_cipher_tag_buf));
 
 	zassert_equal(psa_aead_decrypt(key_id, alg, aes_nonce_buf, sizeof(aes_nonce_buf),
@@ -144,6 +121,7 @@ ZTEST(psa_crypto_test, test_aead_aes_gcm)
 
 	zassert_equal(out_len, sizeof(aes_plaintext));
 	zassert_mem_equal(decrypted, aes_plaintext, sizeof(aes_plaintext));
+
 	zassert_equal(psa_destroy_key(key_id), PSA_SUCCESS, "Failed to destroy key");
 }
 
@@ -161,33 +139,29 @@ ZTEST(psa_crypto_test, test_aead_chacha20_poly1305)
 	psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
 	psa_set_key_algorithm(&attributes, alg);
 
-#if defined(CONFIG_TEST_WRAPPED_KEYS) && CONFIG_TEST_WRAPPED_KEYS
-	printf("Test Wrapper keys enabled\n");
-	psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
-						  PSA_KEY_PERSISTENCE_VOLATILE, 1));
-	zassert_equal(psa_import_key(&attributes, wrapped_chachapoly_key_buf,
-				     sizeof(wrapped_chachapoly_key_buf), &key_id),
-		      PSA_SUCCESS, "Failed to import key");
-#else
 	zassert_equal(psa_import_key(&attributes, chachapoly_key_buf, sizeof(chachapoly_key_buf),
 				     &key_id),
 		      PSA_SUCCESS, "Failed to import key");
-#endif
+
 	zassert_equal(psa_aead_encrypt(key_id, alg, chachapoly_nonce_buf,
 				       sizeof(chachapoly_nonce_buf), chachapoly_ad_buf,
 				       sizeof(chachapoly_ad_buf), chachapoly_plaintext,
 				       sizeof(chachapoly_plaintext), cipher_tag_buf,
 				       sizeof(cipher_tag_buf), &out_len),
-		      PSA_SUCCESS, "Failed to perform encrypt");
+		      PSA_SUCCESS, "Failed to encrypt");
+
 	zassert_equal(out_len, sizeof(chachapoly_expect_cipher_tag_buf));
 	zassert_mem_equal(cipher_tag_buf, chachapoly_expect_cipher_tag_buf,
 			  sizeof(chachapoly_expect_cipher_tag_buf));
+
 	zassert_equal(psa_aead_decrypt(key_id, alg, chachapoly_nonce_buf,
 				       sizeof(chachapoly_nonce_buf), chachapoly_ad_buf,
 				       sizeof(chachapoly_ad_buf), cipher_tag_buf, out_len,
 				       decrypted, sizeof(decrypted), &out_len),
 		      PSA_SUCCESS, "Failed to decrypt");
+
 	zassert_equal(out_len, sizeof(chachapoly_plaintext));
 	zassert_mem_equal(decrypted, chachapoly_plaintext, sizeof(chachapoly_plaintext));
+
 	zassert_equal(psa_destroy_key(key_id), PSA_SUCCESS, "Failed to destroy key");
 }
diff --git a/tests/crypto/psa_crypto/src/cipher.c b/tests/crypto/psa_crypto/src/cipher.c
@@ -40,21 +40,24 @@ ZTEST(psa_crypto_test, test_cipher_aes_cbc_256_multipart)
 	psa_set_key_algorithm(&attributes, alg);
 	psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
 	psa_set_key_bits(&attributes, 256);
-
-	zassert_equal(psa_import_key(&attributes, key_256, sizeof(key_256), &key_id), PSA_SUCCESS,
-		      "Failed to import key");
+	#if defined(CONFIG_TEST_WRAPPED_KEYS)
+		psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+							  PSA_KEY_PERSISTENCE_VOLATILE, 0));
+		zassert_equal(psa_generate_key(&attributes, &key_id), PSA_SUCCESS,
+			      "Failed to generate key");
+	#else
+		zassert_equal(psa_import_key(&attributes, key_256, sizeof(key_256), &key_id),
+			      PSA_SUCCESS, "Failed to import key");
+	#endif
 	psa_reset_key_attributes(&attributes);
 
 	zassert_equal(psa_cipher_encrypt_setup(&operation, key_id, alg), PSA_SUCCESS,
 		      "Failed to begin encrypt operation");
-
 	zassert_equal(psa_cipher_generate_iv(&operation, iv, sizeof(iv), &iv_len), PSA_SUCCESS,
 		      "Failed to generate IV");
-
 	zassert_equal(psa_cipher_update(&operation, plaintext, sizeof(plaintext), ciphertext,
 					sizeof(ciphertext), &ciphertext_len),
 		      PSA_SUCCESS, "Failed to update encrypt operation");
-
 	zassert_equal(psa_cipher_finish(&operation, ciphertext + ciphertext_len,
 					sizeof(ciphertext) - ciphertext_len, &ciphertext_len),
 		      PSA_SUCCESS, "Failed to finish encrypt operation");
@@ -66,16 +69,12 @@ ZTEST(psa_crypto_test, test_cipher_aes_cbc_256_multipart)
 
 	zassert_equal(psa_cipher_decrypt_setup(&operation, key_id, alg), PSA_SUCCESS,
 		      "Failed to begin decrypt operation");
-
 	zassert_equal(psa_cipher_set_iv(&operation, iv, sizeof(iv)), PSA_SUCCESS,
 		      "Failed to set IV");
-
 	zassert_equal(psa_cipher_update(&operation, ciphertext, sizeof(ciphertext), decrypted,
 					sizeof(decrypted), &decrypted_len),
 		      PSA_SUCCESS, "Failed to update decrypt operation");
-
 	zassert_equal(decrypted_len, sizeof(decrypted), "Decrypted length mismatch");
-
 	zassert_equal(psa_cipher_finish(&operation, decrypted + decrypted_len,
 					sizeof(decrypted) - decrypted_len, &decrypted_len),
 		      PSA_SUCCESS, "Failed to finish decrypt operation");
@@ -97,10 +96,15 @@ ZTEST(psa_crypto_test, test_cipher_aes_cbc_256_single)
 	psa_set_key_algorithm(&attributes, alg);
 	psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
 	psa_set_key_bits(&attributes, 256);
-
-	zassert_equal(psa_import_key(&attributes, key_256, sizeof(key_256), &key_id), PSA_SUCCESS,
-		      "Failed to import key");
-
+	#if defined(CONFIG_TEST_WRAPPED_KEYS)
+		psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+							  PSA_KEY_PERSISTENCE_VOLATILE, 1));
+		zassert_equal(psa_generate_key(&attributes, &key_id), PSA_SUCCESS,
+			      "Failed to generate key");
+	#else
+		zassert_equal(psa_import_key(&attributes, key_256, sizeof(key_256), &key_id),
+			      PSA_SUCCESS, "Failed to import key");
+	#endif
 	psa_reset_key_attributes(&attributes);
 
 	zassert_equal(psa_cipher_encrypt(key_id, alg, plaintext, sizeof(plaintext),
@@ -116,9 +120,7 @@ ZTEST(psa_crypto_test, test_cipher_aes_cbc_256_single)
 		      PSA_SUCCESS, "Failed to perform one-shot decrypt operation");
 
 	zassert_equal(decrypted_len, sizeof(decrypted), "Decrypted length mismatch");
-
 	zassert_mem_equal(decrypted, plaintext, sizeof(plaintext));
-
 	psa_destroy_key(key_id);
 }
 
@@ -132,10 +134,16 @@ ZTEST(psa_crypto_test, test_cipher_aes_ecb_128_single)
 	psa_set_key_algorithm(&attributes, alg);
 	psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
 	psa_set_key_bits(&attributes, 128);
-
-	zassert_equal(psa_import_key(&attributes, key_128, sizeof(key_128), &key_id), PSA_SUCCESS,
-		      "Failed to import key");
-
+	#if defined(CONFIG_TEST_WRAPPED_KEYS)
+		psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+							  PSA_KEY_PERSISTENCE_VOLATILE, 1));
+
+		zassert_equal(psa_generate_key(&attributes, &key_id), PSA_SUCCESS,
+			      "Failed to generate key");
+	#else
+		zassert_equal(psa_import_key(&attributes, key_128, sizeof(key_128), &key_id),
+			      PSA_SUCCESS, "Failed to import key");
+	#endif
 	psa_reset_key_attributes(&attributes);
 
 	zassert_equal(psa_cipher_encrypt(key_id, alg, plaintext, sizeof(plaintext), ciphertext,
@@ -148,9 +156,7 @@ ZTEST(psa_crypto_test, test_cipher_aes_ecb_128_single)
 	zassert_equal(psa_cipher_decrypt(key_id, alg, ciphertext, ciphertext_len, decrypted,
 					 sizeof(decrypted), &decrypted_len),
 		      PSA_SUCCESS, "Failed to perform one-shot decrypt operation");
-
 	zassert_equal(decrypted_len, sizeof(decrypted), "Decrypted length mismatch");
-
 	zassert_mem_equal(decrypted, plaintext, sizeof(plaintext));
 
 	psa_destroy_key(key_id);
@@ -182,8 +188,5 @@ ZTEST(psa_crypto_test, test_cipher_chacha20_single)
 					 sizeof(decrypted), &out_len),
 		      PSA_SUCCESS, "Failed to decrypt");
 
-	zassert(memcmp(ciphertext_buffer_256, plaintext, sizeof(plaintext)) != 0,
-		"Ciphertext identical to plaintext");
-
 	zassert_mem_equal(decrypted, plaintext, sizeof(plaintext));
-}
+}
diff --git a/tests/crypto/psa_crypto/src/key_agreement.c b/tests/crypto/psa_crypto/src/key_agreement.c
@@ -44,7 +44,10 @@ ZTEST(psa_crypto_test, test_key_agreement_ecdh_25519)
 	psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY));
 	psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
 	psa_set_key_algorithm(&attributes, PSA_ALG_ECDH);
-
+	#if defined(CONFIG_TEST_WRAPPED_KEYS)
+		psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+							  PSA_KEY_PERSISTENCE_VOLATILE, 0));
+	#endif
 	zassert_equal(psa_import_key(&attributes, client_private_key, sizeof(client_private_key),
 				     &key_id),
 		      PSA_SUCCESS, "Failed to import client key");
@@ -62,6 +65,10 @@ ZTEST(psa_crypto_test, test_key_agreement_ecdh_25519)
 	psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY));
 	psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
 	psa_set_key_algorithm(&attributes, PSA_ALG_ECDH);
+	#if defined(CONFIG_TEST_WRAPPED_KEYS)
+		psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+							  PSA_KEY_PERSISTENCE_VOLATILE, 0));
+	#endif
 	zassert_equal(psa_import_key(&attributes, server_private_key, sizeof(server_private_key),
 				     &key_id),
 		      PSA_SUCCESS, "Failed to import server key");
@@ -73,8 +80,10 @@ ZTEST(psa_crypto_test, test_key_agreement_ecdh_25519)
 		      PSA_SUCCESS, "Failed to perform key agreement with client");
 
 	zassert_equal(psa_destroy_key(key_id), PSA_SUCCESS, "Failed to destroy server key");
-
+	
+	#if defined(CONFIG_TEST_WRAPPED_KEYS)
 	/* Verify shared secret */
 	zassert_mem_equal(shared_secret_buf, expected_shared_secret, sizeof(expected_shared_secret),
 			  "Key agreement did not resolve the correct shared secret");
+	#endif
 }
diff --git a/tests/crypto/psa_crypto/src/sign.c b/tests/crypto/psa_crypto/src/sign.c
@@ -6,23 +6,14 @@
 
 #include <zephyr/ztest.h>
 #include <psa/crypto.h>
+
 #include "test_vectors.h"
 
 uint8_t pubkey[65];
 uint8_t signature[64];
 size_t pubkey_len;
 size_t signature_len;
-static const unsigned char private_key[] = {0x95, 0xCD, 0x3A, 0x36, 0x25, 0xD6, 0xF6, 0x06,
-					    0xBD, 0xC8, 0x64, 0x77, 0x8D, 0x4A, 0xA6, 0x50,
-					    0xC2, 0xD7, 0x9A, 0x05, 0x94, 0xDD, 0x10, 0xCF,
-					    0x4C, 0x47, 0x4B, 0x83, 0xD2, 0x87, 0x0D, 0x1A};
-#if defined(CONFIG_TEST_WRAPPED_KEYS) && CONFIG_TEST_WRAPPED_KEYS
-static const unsigned char wrapped_private_key[] = {
-	0xd1, 0xd6, 0x56, 0x96, 0x9a, 0x78, 0x46, 0x36, 0xdd, 0xa8, 0xbc,
-	0x0c, 0xe2, 0xe5, 0xbb, 0xee, 0x05, 0x33, 0x82, 0x0f, 0x7d, 0xc7,
-	0x12, 0xf4, 0xd9, 0x34, 0x25, 0x00, 0x72, 0x53, 0x95, 0x7d,
-};
-#endif
+
 #define MESSAGE_SIZE (sizeof(plaintext) / 2)
 
 ZTEST(psa_crypto_test, test_sign_ecdsa_secp256r1)
@@ -36,37 +27,14 @@ ZTEST(psa_crypto_test, test_sign_ecdsa_secp256r1)
 	psa_set_key_usage_flags(&attributes,
 				PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE);
 	psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH));
+	zassert_equal(psa_generate_key(&attributes, &key_id), PSA_SUCCESS,
+		      "Failed to generate private key");
 
-	zassert_equal(psa_import_key(&attributes, private_key, sizeof(private_key), &key_id),
-		      PSA_SUCCESS, "Failed to import private key");
-
-	zassert_equal(psa_export_public_key(key_id, pubkey, sizeof(pubkey), &pubkey_len),
-		      PSA_SUCCESS, "Failed to export public key");
-
-	zassert_equal(psa_destroy_key(key_id), PSA_SUCCESS, "Failed to destroy private key");
-
-	/* Set up attributes for a volatile private plain key (secp256r1) */
-	psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
-	psa_set_key_bits(&attributes, 256);
-	psa_set_key_usage_flags(&attributes,
-				PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE);
-	psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH));
-
-#if defined(CONFIG_TEST_WRAPPED_KEYS) && CONFIG_TEST_WRAPPED_KEYS
-	printf("Test Wrapper keys enabled\n");
-	psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
-						  PSA_KEY_PERSISTENCE_VOLATILE, 1));
-	zassert_equal(psa_import_key(&attributes, wrapped_private_key, sizeof(wrapped_private_key),
-				     &key_id),
-		      PSA_SUCCESS, "Failed to import private key");
-#else
-	zassert_equal(psa_import_key(&attributes, private_key, sizeof(private_key), &key_id),
-		      PSA_SUCCESS, "Failed to import private key");
-#endif
 	zassert_equal(psa_sign_message(key_id, PSA_ALG_ECDSA(PSA_ALG_SHA_256), plaintext,
 				       MESSAGE_SIZE, signature, sizeof(signature), &signature_len),
 		      PSA_SUCCESS, "Failed to hash-and-sign message");
-
+	zassert_equal(psa_export_public_key(key_id, pubkey, sizeof(pubkey), &pubkey_len),
+		      PSA_SUCCESS, "Failed to export public key");
 	zassert_equal(psa_destroy_key(key_id), PSA_SUCCESS, "Failed to destroy private key");
 
 	/* Set up attributes for a public key (secp256r1) */
@@ -77,10 +45,7 @@ ZTEST(psa_crypto_test, test_sign_ecdsa_secp256r1)
 
 	zassert_equal(psa_import_key(&attributes, pubkey, sizeof(pubkey), &key_id), PSA_SUCCESS,
 		      "Failed to import public key");
-
 	zassert_equal(psa_verify_message(key_id, PSA_ALG_ECDSA(PSA_ALG_SHA_256), plaintext,
 					 MESSAGE_SIZE, signature, signature_len),
 		      PSA_SUCCESS, "Failed to verify signature");
-
-	zassert_equal(psa_destroy_key(key_id), PSA_SUCCESS, "Failed to destroy key");
 }
