Quick fix of key agreement setup tests for the new derivation API
Allow either the key derivation step or the key agreement step to
fail.
These tests should be split into three groups: key derivation setup
tests with an algorithm that includes a key agreement step, and
multipart key agreement failure tests, and raw key agreement failure
tests.
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index c26f065..668b5a0 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4664,6 +4664,8 @@
psa_key_type_t our_key_type = our_key_type_arg;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ psa_status_t expected_status = expected_status_arg;
+ psa_status_t status;
PSA_ASSERT( psa_crypto_init( ) );
@@ -4674,11 +4676,22 @@
our_key_data->x,
our_key_data->len ) );
- PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
- TEST_EQUAL( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET,
- our_key,
- peer_key_data->x, peer_key_data->len ),
- expected_status_arg );
+ /* The tests currently include inputs that should fail at either step.
+ * Test cases that fail at the setup step should be changed to call
+ * key_derivation_setup instead, and this function should be renamed
+ * to key_agreement_fail. */
+ status = psa_key_derivation_setup( &generator, alg );
+ if( status == PSA_SUCCESS )
+ {
+ TEST_EQUAL( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET,
+ our_key,
+ peer_key_data->x, peer_key_data->len ),
+ expected_status );
+ }
+ else
+ {
+ TEST_ASSERT( status == expected_status );
+ }
exit:
psa_generator_abort( &generator );