Add Tests for psa crypto entropy incjection

Adjust code to handle and work with MBEDTLS_ENTROPY_BLOCK_SIZE definition option
2025-02-20 21:39:54 +00:00 · 2018-11-19 11:53:55 +02:00 · 2018-11-19 11:53:55 +02:00 · 21f37cbbec
commit 21f37cbbec
parent ee2ffd311b
5 changed files with 23 additions and 13 deletions
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@ -91,8 +91,10 @@ void mbedtls_psa_crypto_free( void );
 *
 * \param seed[in]      Buffer containing the seed value to inject.
 * \param seed_size     Size of the \p seed buffer.
- *                      The size of the seed must be
- *                      at least #MBEDTLS_ENTROPY_MIN_PLATFORM bytes
+ *                      The size of the seed must be equal or larger than any
+ *                      of the values defined both in
+ *                      #MBEDTLS_ENTROPY_MIN_PLATFORM
+ *                      and in the #MBEDTLS_ENTROPY_BLOCK_SIZE defines
 *                      and at most #MBEDTLS_ENTROPY_MAX_SEED_SIZE bytes.
 *
 * \retval #PSA_SUCCESS
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -4234,8 +4234,12 @@ psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed,
    struct psa_its_info_t p_info;
    if( global_data.initialized )
        return( PSA_ERROR_NOT_PERMITTED );
-    if( ( seed_size < MBEDTLS_ENTROPY_MIN_PLATFORM ) || ( seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+
+    if( ( ( seed_size < MBEDTLS_ENTROPY_MIN_PLATFORM ) ||
+          ( seed_size < MBEDTLS_ENTROPY_BLOCK_SIZE ) ) ||
+          ( seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) )
+            return( PSA_ERROR_INVALID_ARGUMENT );
+
    status = psa_its_get_info( MBED_RANDOM_SEED_ITS_UID, &p_info );
    if( PSA_ITS_ERROR_KEY_NOT_FOUND == status ) /* No seed exists */
    {
--- a/library/version_features.c
+++ b/library/version_features.c
@ -402,6 +402,9 @@ static const char *features[] = {
 #if defined(MBEDTLS_ENTROPY_NV_SEED)
    "MBEDTLS_ENTROPY_NV_SEED",
 #endif /* MBEDTLS_ENTROPY_NV_SEED */
+#if defined(MBEDTLS_PSA_HAS_ITS_IO)
+    "MBEDTLS_PSA_HAS_ITS_IO",
+#endif /* MBEDTLS_PSA_HAS_ITS_IO */
 #if defined(MBEDTLS_MEMORY_DEBUG)
    "MBEDTLS_MEMORY_DEBUG",
 #endif /* MBEDTLS_MEMORY_DEBUG */
--- a/tests/suites/test_suite_psa_crypto_entropy.data
+++ b/tests/suites/test_suite_psa_crypto_entropy.data
@ -1,14 +1,15 @@
 PSA validate entropy injection: good, minimum size
-validate_entropy_seed_injection:MBEDTLS_ENTROPY_MIN_PLATFORM:PSA_SUCCESS:MBEDTLS_ENTROPY_MIN_PLATFORM:PSA_ERROR_NOT_PERMITTED
+validate_entropy_seed_injection:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_SUCCESS:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_ERROR_NOT_PERMITTED

 PSA validate entropy injection: good, max size
 validate_entropy_seed_injection:MBEDTLS_ENTROPY_MAX_SEED_SIZE:PSA_SUCCESS:MBEDTLS_ENTROPY_MAX_SEED_SIZE:PSA_ERROR_NOT_PERMITTED

 PSA validate entropy injection: bad, too big
-validate_entropy_seed_injection:MBEDTLS_ENTROPY_MAX_SEED_SIZE+1:PSA_ERROR_INVALID_ARGUMENT:MBEDTLS_ENTROPY_MIN_PLATFORM:PSA_SUCCESS
+validate_entropy_seed_injection:MBEDTLS_ENTROPY_MAX_SEED_SIZE+1:PSA_ERROR_INVALID_ARGUMENT:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_SUCCESS

 PSA validate entropy injection: bad, too small
-validate_entropy_seed_injection:MBEDTLS_ENTROPY_MIN_PLATFORM-1:PSA_ERROR_INVALID_ARGUMENT:MBEDTLS_ENTROPY_MIN_PLATFORM:PSA_SUCCESS
+validate_entropy_seed_injection:MBEDTLS_ENTROPY_BLOCK_SIZE-1:PSA_ERROR_INVALID_ARGUMENT:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_SUCCESS

 PSA validate entropy injection: before and after crypto_init
-run_entropy_inject_with_crypto_init:
+run_entropy_inject_with_crypto_init:
+
--- a/tests/suites/test_suite_psa_crypto_entropy.function
+++ b/tests/suites/test_suite_psa_crypto_entropy.function
@ -62,24 +62,24 @@ void run_entropy_inject_with_crypto_init( )
    psa_its_status_t its_status;
    psa_status_t status;
    int i;
-    uint8_t seed[MBEDTLS_ENTROPY_MIN_PLATFORM] = {0};
+    uint8_t seed[MBEDTLS_ENTROPY_BLOCK_SIZE] = {0};
    /* fill seed in some data */
-    for( i = 0; i < MBEDTLS_ENTROPY_MIN_PLATFORM; ++i)
+    for( i = 0; i < MBEDTLS_ENTROPY_BLOCK_SIZE; ++i)
    {
        seed[i] = i;
    }
    its_status =  psa_its_remove(MBED_RANDOM_SEED_ITS_UID);
    TEST_ASSERT( (its_status == PSA_ITS_SUCCESS) || (its_status == PSA_ITS_ERROR_KEY_NOT_FOUND) );
-    status = mbedtls_psa_inject_entropy( seed, MBEDTLS_ENTROPY_MIN_PLATFORM );
+    status = mbedtls_psa_inject_entropy( seed, MBEDTLS_ENTROPY_BLOCK_SIZE );
    TEST_ASSERT( status == PSA_SUCCESS );
    its_status =  psa_its_remove(MBED_RANDOM_SEED_ITS_UID);
    TEST_ASSERT( its_status == PSA_ITS_SUCCESS );
    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
-    status = mbedtls_psa_inject_entropy( seed, MBEDTLS_ENTROPY_MIN_PLATFORM );
+    status = mbedtls_psa_inject_entropy( seed, MBEDTLS_ENTROPY_BLOCK_SIZE );
    TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
    mbedtls_psa_crypto_free( );
    /* The seed is written by nv_seed callback functions therefore the injection will fail */
-    status = mbedtls_psa_inject_entropy( seed, MBEDTLS_ENTROPY_MIN_PLATFORM );
+    status = mbedtls_psa_inject_entropy( seed, MBEDTLS_ENTROPY_BLOCK_SIZE );
    TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
 exit:
    psa_its_remove(MBED_RANDOM_SEED_ITS_UID);