commit cbe5ba500a77d29e8648ca8da3f4256374e95225
author Gabor Mezei <gabor.mezei@arm.com> Thu Feb 17 11:52:12 2022 +0100
committer Gabor Mezei <gabor.mezei@arm.com> Thu Feb 17 17:01:49 2022 +0100
tree bcb8d0841af25d1a93314bafc5f5ac6354338bb7
parent 8e3602569b3b5637338e337df94fadb246e72b5f

Add tests for mbedtls_psa_hkdf_expand

Add test cases which test psa_import_key and psa_mac_sign_setup
function call if they return error.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>

tests/suites/test_suite_ssl.data

diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 84133d1..0a2f366 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -4382,9 +4382,13 @@
 depends_on:PSA_WANT_ALG_SHA_256
 psa_hkdf_expand_ret:PSA_ALG_HMAC(PSA_ALG_SHA_256):32:0:PSA_ERROR_INVALID_ARGUMENT
 
-SSL TLS 1.3 Key schedule: HKDF expand fails with wrong hash alg
+SSL TLS 1.3 Key schedule: HKDF expand fails with invalid alg
 psa_hkdf_expand_ret:0:32:32:PSA_ERROR_INVALID_ARGUMENT
 
+SSL TLS 1.3 Key schedule: HKDF expand fails with incompatible alg
+depends_on:PSA_WANT_ALG_SHA_256
+psa_hkdf_expand_ret:PSA_ALG_SHA_256:32:32:PSA_ERROR_INVALID_ARGUMENT
+
 SSL TLS 1.3 Key schedule: HKDF expand fails with prk_len < hash_len
 depends_on:PSA_WANT_ALG_SHA_256
 psa_hkdf_expand_ret:PSA_ALG_HMAC(PSA_ALG_SHA_256):16:32:PSA_ERROR_INVALID_ARGUMENT
@@ -4392,6 +4396,10 @@
 SSL TLS 1.3 Key schedule: HKDF expand fails with okm_len / hash_len > 255
 psa_hkdf_expand_ret:PSA_ALG_HMAC(PSA_ALG_SHA_256):32:8192:PSA_ERROR_INVALID_ARGUMENT
 
+SSL TLS 1.3 Key schedule: HKDF expand fails with key import
+depends_on:PSA_WANT_ALG_SHA_256
+psa_hkdf_expand_ret:PSA_ALG_HMAC(PSA_ALG_SHA_256):32:32:PSA_ERROR_INSUFFICIENT_MEMORY
+
 SSL TLS 1.3 Key schedule: HKDF Expand Label #1
 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
 # Server handshake traffic secret -> Server traffic key

tests/suites/test_suite_ssl.function

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 6d3f2ee..fd1ff84 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3848,6 +3848,8 @@
     unsigned char *prk = NULL;
     unsigned char *okm = NULL;
     size_t info_len;
+    size_t i;
+    mbedtls_svc_key_id_t *keys = NULL;
 
     PSA_INIT( );
 
@@ -3859,6 +3861,30 @@
     if( okm_len > 0 )
         ASSERT_ALLOC( okm, okm_len );
 
+    if( ret == PSA_ERROR_INSUFFICIENT_MEMORY )
+    {
+        psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+        /* Reserve all key slot to make the key import fail. */
+        psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
+        psa_set_key_algorithm( &attributes, alg );
+        psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+
+        ASSERT_ALLOC( keys, MBEDTLS_PSA_KEY_SLOT_COUNT );
+
+        for( i = 0; i < MBEDTLS_PSA_KEY_SLOT_COUNT; i++ )
+        {
+            /* Do not use the 0 value because it will be passed to
+               mbedtls_psa_hkdf_expand */
+            prk[0] = i + 1;
+            keys[i] = MBEDTLS_SVC_KEY_ID_INIT;
+            psa_import_key( &attributes, prk, prk_len, &keys[i] );
+        }
+
+        /* reset prk buffer */
+        prk[0] = 0;
+    }
+
     output_ret = mbedtls_psa_hkdf_expand( alg, prk, prk_len,
                                           info, info_len,
                                           okm, okm_len );
@@ -3868,6 +3894,14 @@
     mbedtls_free( prk );
     mbedtls_free( okm );
 
+   if( ret == PSA_ERROR_INSUFFICIENT_MEMORY )
+   {
+        for( i = 0; i < MBEDTLS_PSA_KEY_SLOT_COUNT; i++ )
+            psa_destroy_key( keys[i] );
+
+        mbedtls_free( keys );
+   }
+
     PSA_DONE( );
 }
 /* END_CASE */