From fcdd023ba62f90ef6c2f34feba93807a89d3ea82 Mon Sep 17 00:00:00 2001
From: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Date: Thu, 19 May 2022 10:28:58 +0200
Subject: [PATCH] derive_output tests: add invalid input secret test for
 HKDF-Expand

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
---
 tests/suites/test_suite_psa_crypto.data     | 4 ++++
 tests/suites/test_suite_psa_crypto.function | 8 ++++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 97e2cc614..8d3550d56 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -5401,6 +5401,10 @@ PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 42+1 (over capacity)
 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"00":0:1:0
 
+PSA key derivation: HKDF-Expand Invalid secret length
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e500":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:0:0
+
 # Test vectors taken from https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
 PSA key derivation: TLS 1.2 PRF SHA-256, output 100+0
 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 7b9bbfe54..f4d80eea6 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -7005,9 +7005,13 @@ void derive_output( int alg_arg,
                 switch( key_input_type )
                 {
                     case 0: // input bytes
-                        PSA_ASSERT( psa_key_derivation_input_bytes(
+                        TEST_EQUAL( psa_key_derivation_input_bytes(
                                         &operation, steps[i],
-                                        inputs[i]->x, inputs[i]->len ) );
+                                        inputs[i]->x, inputs[i]->len ),
+                                    statuses[i] );
+
+                        if( statuses[i] != PSA_SUCCESS )
+                            goto exit;
                         break;
                     case 1: // input key
                         psa_set_key_usage_flags( &attributes1, PSA_KEY_USAGE_DERIVE );