Adjust psa entropy inject tests to take as minimum seed size
the maximum of MBEDTLS_ENTROPY_MIN_PLATFORM and MBEDTLS_ENTROPY_BLOCK_SIZE
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index fe73d1d..cc5532a 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -4227,10 +4227,46 @@
}
#if ( defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_PSA_HAS_ITS_IO) )
+
+/* Support function for error conversion between psa_its error codes to psa crypto */
+static psa_status_t its_to_psa_error( psa_its_status_t ret )
+{
+ switch( ret )
+ {
+ case PSA_ITS_SUCCESS:
+ return( PSA_SUCCESS );
+
+ case PSA_ITS_ERROR_KEY_NOT_FOUND:
+ return( PSA_ERROR_EMPTY_SLOT );
+
+ case PSA_ITS_ERROR_STORAGE_FAILURE:
+ return( PSA_ERROR_STORAGE_FAILURE );
+
+ case PSA_ITS_ERROR_INSUFFICIENT_SPACE:
+ return( PSA_ERROR_INSUFFICIENT_STORAGE );
+
+ case PSA_ITS_ERROR_INVALID_KEY:
+ case PSA_PS_ERROR_OFFSET_INVALID:
+ case PSA_ITS_ERROR_INCORRECT_SIZE:
+ case PSA_ITS_ERROR_BAD_POINTER:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ case PSA_ITS_ERROR_FLAGS_NOT_SUPPORTED:
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ case PSA_ITS_ERROR_WRITE_ONCE:
+ return( PSA_ERROR_OCCUPIED_SLOT );
+
+ default:
+ return( PSA_ERROR_UNKNOWN_ERROR );
+ }
+}
+
psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed,
size_t seed_size )
{
psa_status_t status;
+ psa_its_status_t its_status;
struct psa_its_info_t p_info;
if( global_data.initialized )
return( PSA_ERROR_NOT_PERMITTED );
@@ -4240,16 +4276,20 @@
( seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) )
return( PSA_ERROR_INVALID_ARGUMENT );
- status = psa_its_get_info( MBEDTLS_RANDOM_SEED_ITS_UID, &p_info );
- if( PSA_ITS_ERROR_KEY_NOT_FOUND == status ) /* No seed exists */
+ its_status = psa_its_get_info( MBEDTLS_RANDOM_SEED_ITS_UID, &p_info );
+ status = its_to_psa_error( its_status );
+
+ if( PSA_ITS_ERROR_KEY_NOT_FOUND == its_status ) /* No seed exists */
{
- status = psa_its_set( MBEDTLS_RANDOM_SEED_ITS_UID, seed_size, seed, 0 );
+ its_status = psa_its_set( MBEDTLS_RANDOM_SEED_ITS_UID, seed_size, seed, 0 );
+ status = its_to_psa_error( its_status );
}
- else if( PSA_ITS_SUCCESS == status )
+ else if( PSA_ITS_SUCCESS == its_status )
{
/* You should not be here. Seed needs to be injected only once */
status = PSA_ERROR_NOT_PERMITTED;
}
+
return( status );
}
#endif
diff --git a/tests/suites/test_suite_psa_crypto_entropy.data b/tests/suites/test_suite_psa_crypto_entropy.data
index a2355d5..61593e9 100644
--- a/tests/suites/test_suite_psa_crypto_entropy.data
+++ b/tests/suites/test_suite_psa_crypto_entropy.data
@@ -1,17 +1,17 @@
PSA validate entropy injection: good, minimum size
-validate_entropy_seed_injection:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_SUCCESS:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_ERROR_NOT_PERMITTED
+validate_entropy_seed_injection:MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE:PSA_SUCCESS:MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE:PSA_ERROR_NOT_PERMITTED
PSA validate entropy injection: good, max size
validate_entropy_seed_injection:MBEDTLS_ENTROPY_MAX_SEED_SIZE:PSA_SUCCESS:MBEDTLS_ENTROPY_MAX_SEED_SIZE:PSA_ERROR_NOT_PERMITTED
PSA validate entropy injection: bad, too big
-validate_entropy_seed_injection:MBEDTLS_ENTROPY_MAX_SEED_SIZE+1:PSA_ERROR_INVALID_ARGUMENT:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_SUCCESS
+validate_entropy_seed_injection:MBEDTLS_ENTROPY_MAX_SEED_SIZE+1:PSA_ERROR_INVALID_ARGUMENT:MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE:PSA_SUCCESS
PSA validate entropy injection: bad, too small using MBEDTLS_ENTROPY_MIN_PLATFORM
-validate_entropy_seed_injection:MBEDTLS_ENTROPY_MIN_PLATFORM-1:PSA_ERROR_INVALID_ARGUMENT:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_SUCCESS
+validate_entropy_seed_injection:MBEDTLS_ENTROPY_MIN_PLATFORM-1:PSA_ERROR_INVALID_ARGUMENT:MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE:PSA_SUCCESS
PSA validate entropy injection: bad, too small using MBEDTLS_ENTROPY_BLOCK_SIZE
-validate_entropy_seed_injection:MBEDTLS_ENTROPY_BLOCK_SIZE-1:PSA_ERROR_INVALID_ARGUMENT:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_SUCCESS
+validate_entropy_seed_injection:MBEDTLS_ENTROPY_BLOCK_SIZE-1:PSA_ERROR_INVALID_ARGUMENT:MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE:PSA_SUCCESS
PSA validate entropy injection: before and after crypto_init
run_entropy_inject_with_crypto_init:
diff --git a/tests/suites/test_suite_psa_crypto_entropy.function b/tests/suites/test_suite_psa_crypto_entropy.function
index 4be2c5a..2c069a9 100644
--- a/tests/suites/test_suite_psa_crypto_entropy.function
+++ b/tests/suites/test_suite_psa_crypto_entropy.function
@@ -6,6 +6,14 @@
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
+/* MAX value support macro */
+#if !defined(MAX)
+#define MAX(a,b) (((a)>(b))?(a):(b))
+#endif
+
+/* Calculating the minimum allowed entropy size in bytes */
+#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -26,7 +34,7 @@
uint8_t *seed = NULL;
int i;
int seed_size;
- if( seed_length_a > seed_length_b)
+ if( seed_length_a > seed_length_b )
{
seed_size = seed_length_a;
}
@@ -35,23 +43,25 @@
seed_size = seed_length_b;
}
ASSERT_ALLOC( seed, seed_size );
- /* fill seed in some data */
- for( i = 0; i < seed_size; ++i)
+ /* fill seed with some data */
+ for( i = 0; i < seed_size; ++i )
{
seed[i] = i;
}
- its_status = psa_its_remove(MBEDTLS_RANDOM_SEED_ITS_UID);
- TEST_ASSERT( (its_status == PSA_ITS_SUCCESS) || (its_status == PSA_ITS_ERROR_KEY_NOT_FOUND) );
+ its_status = psa_its_remove( MBEDTLS_RANDOM_SEED_ITS_UID );
+ TEST_ASSERT( ( its_status == PSA_ITS_SUCCESS ) ||
+ ( its_status == PSA_ITS_ERROR_KEY_NOT_FOUND ) );
status = mbedtls_psa_inject_entropy( seed, seed_length_a );
TEST_ASSERT( status == expected_status_a );
status = mbedtls_psa_inject_entropy( seed, seed_length_b );
TEST_ASSERT( status == expected_status_b );
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
- TEST_ASSERT( psa_generate_random( output, sizeof( output ) ) == PSA_SUCCESS );
- TEST_ASSERT( memcmp( output , zeros, sizeof( output ) ) != 0 );
+ TEST_ASSERT( psa_generate_random( output,
+ sizeof( output ) ) == PSA_SUCCESS );
+ TEST_ASSERT( memcmp( output, zeros, sizeof( output ) ) != 0 );
exit:
mbedtls_free( seed );
- psa_its_remove(MBEDTLS_RANDOM_SEED_ITS_UID);
+ psa_its_remove( MBEDTLS_RANDOM_SEED_ITS_UID );
mbedtls_psa_crypto_free( );
}
/* END_CASE */
@@ -62,27 +72,31 @@
psa_its_status_t its_status;
psa_status_t status;
int i;
- uint8_t seed[MBEDTLS_ENTROPY_BLOCK_SIZE] = {0};
- /* fill seed in some data */
- for( i = 0; i < MBEDTLS_ENTROPY_BLOCK_SIZE; ++i)
+ uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = { 0 };
+ /* fill seed with some data */
+ for( i = 0; i < sizeof( seed ); ++i )
{
seed[i] = i;
}
- its_status = psa_its_remove(MBEDTLS_RANDOM_SEED_ITS_UID);
- TEST_ASSERT( (its_status == PSA_ITS_SUCCESS) || (its_status == PSA_ITS_ERROR_KEY_NOT_FOUND) );
- status = mbedtls_psa_inject_entropy( seed, MBEDTLS_ENTROPY_BLOCK_SIZE );
+ its_status = psa_its_remove( MBEDTLS_RANDOM_SEED_ITS_UID );
+ TEST_ASSERT( ( its_status == PSA_ITS_SUCCESS ) ||
+ ( its_status == PSA_ITS_ERROR_KEY_NOT_FOUND ) );
+ status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );
TEST_ASSERT( status == PSA_SUCCESS );
- its_status = psa_its_remove(MBEDTLS_RANDOM_SEED_ITS_UID);
+ its_status = psa_its_remove( MBEDTLS_RANDOM_SEED_ITS_UID );
TEST_ASSERT( its_status == PSA_ITS_SUCCESS );
- TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
- status = mbedtls_psa_inject_entropy( seed, MBEDTLS_ENTROPY_BLOCK_SIZE );
- TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
+ status = psa_crypto_init( );
+ TEST_ASSERT( status == PSA_ERROR_INSUFFICIENT_ENTROPY );
+ status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );
+ TEST_ASSERT( status == PSA_SUCCESS );
+ status = psa_crypto_init( );
+ TEST_ASSERT( status == PSA_SUCCESS );
mbedtls_psa_crypto_free( );
/* The seed is written by nv_seed callback functions therefore the injection will fail */
- status = mbedtls_psa_inject_entropy( seed, MBEDTLS_ENTROPY_BLOCK_SIZE );
+ status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) );
TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
exit:
- psa_its_remove(MBEDTLS_RANDOM_SEED_ITS_UID);
+ psa_its_remove( MBEDTLS_RANDOM_SEED_ITS_UID );
mbedtls_psa_crypto_free( );
}
/* END_CASE */