MBEDTLS_PSA_INJECT_ENTROPY: Make sure the seed file exist when running tests

The seed file must exist before running tests. Because the location is
somewhat platform- and configuration-dependent, and to be friendly to
developers who run test suites individually and aren't familiar with this
feature, rely on the test framework code rather than on test scripts to
create the seed file.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tests/include/test/psa_crypto_helpers.h

@@ -227,6 +227,22 @@ int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename);
  * Provide implementations of these functions for testing. */
 int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len);
 int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len);
+
+
+/** Make sure that the injected entropy is present.
+ *
+ * When MBEDTLS_PSA_INJECT_ENTROPY is enabled, psa_crypto_init()
+ * will fail if the PSA entropy seed is not present.
+ * This function must be called at least once in a test suite or other
+ * program before any call to psa_crypto_init().
+ * It does not need to be called in each test case.
+ *
+ * The test framework calls this function before running any test case.
+ *
+ * The few tests that might remove the entropy file must call this function
+ * in their cleanup.
+ */
+int mbedtls_test_inject_entropy_restore(void);
 #endif /* MBEDTLS_PSA_INJECT_ENTROPY */
 
 

tests/src/helpers.c

@@ -20,6 +20,11 @@
 #include <test/macros.h>
 #include <string.h>
 
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+#include <psa/crypto.h>
+#include <test/psa_crypto_helpers.h>
+#endif
+
 /*----------------------------------------------------------------------------*/
 /* Static global variables */
 
@@ -35,9 +40,22 @@ mbedtls_test_info_t mbedtls_test_info;
 int mbedtls_test_platform_setup(void)
 {
     int ret = 0;
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+    /* Make sure that injected entropy is present. Otherwise
+     * psa_crypto_init() will fail. This is not necessary for test suites
+     * that don't use PSA, but it's harmless (except for leaving a file
+     * behind). */
+    ret = mbedtls_test_inject_entropy_restore();
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
 #if defined(MBEDTLS_PLATFORM_C)
     ret = mbedtls_platform_setup(&platform_ctx);
 #endif /* MBEDTLS_PLATFORM_C */
+
     return ret;
 }
 

tests/src/psa_crypto_helpers.c

@@ -178,6 +178,20 @@ int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len)
     return 0;
 }
 
+int mbedtls_test_inject_entropy_restore(void)
+{
+    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
+    for (size_t i = 0; i < sizeof(buf); i++) {
+        buf[i] = (unsigned char) i;
+    }
+    psa_status_t status = mbedtls_psa_inject_entropy(buf, sizeof(buf));
+    /* It's ok if the file was just created, or if it already exists. */
+    if (status != PSA_SUCCESS && status != PSA_ERROR_NOT_PERMITTED) {
+        return status;
+    }
+    return PSA_SUCCESS;
+}
+
 #endif /* MBEDTLS_PSA_INJECT_ENTROPY */
 
 #endif /* MBEDTLS_PSA_CRYPTO_C */

tests/suites/test_suite_psa_crypto_entropy.function

@@ -153,8 +153,8 @@ void validate_entropy_seed_injection(int seed_length_a,
     TEST_ASSERT(memcmp(output, zeros, sizeof(output)) != 0);
 exit:
     mbedtls_free(seed);
-    remove_seed_file();
     PSA_DONE();
+    mbedtls_test_inject_entropy_restore();
 }
 /* END_CASE */
 
@@ -186,7 +186,7 @@ void run_entropy_inject_with_crypto_init()
     status = mbedtls_psa_inject_entropy(seed, sizeof(seed));
     TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
 exit:
-    remove_seed_file();
     PSA_DONE();
+    mbedtls_test_inject_entropy_restore();
 }
 /* END_CASE */