/* BEGIN_HEADER */ #include #include "psa/crypto.h" #include "psa_prot_internal_storage.h" #include "mbedtls/entropy.h" #include "mbedtls/entropy_poll.h" /* MAX value support macro */ #if !defined(MAX) #define MAX(a,b) (((a)>(b))?(a):(b)) #endif /* Calculating the minimum allowed entropy size in bytes */ #define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE) /* END_HEADER */ /* BEGIN_DEPENDENCIES * depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PSA_HAS_ITS_IO:MBEDTLS_PSA_CRYPTO_C * END_DEPENDENCIES */ /* BEGIN_CASE */ void validate_entropy_seed_injection( int seed_length_a, int expected_status_a, int seed_length_b, int expected_status_b ) { psa_its_status_t its_status; psa_status_t status; uint8_t output[32] = { 0 }; uint8_t zeros[32] = { 0 }; uint8_t *seed = NULL; int i; int seed_size; if( seed_length_a > seed_length_b ) { seed_size = seed_length_a; } else { seed_size = seed_length_b; } ASSERT_ALLOC( seed, seed_size ); /* fill seed with some data */ for( i = 0; i < seed_size; ++i ) { seed[i] = i; } its_status = psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ); TEST_ASSERT( ( its_status == PSA_ITS_SUCCESS ) || ( its_status == PSA_ITS_ERROR_KEY_NOT_FOUND ) ); status = mbedtls_psa_inject_entropy( seed, seed_length_a ); TEST_ASSERT( status == expected_status_a ); status = mbedtls_psa_inject_entropy( seed, seed_length_b ); TEST_ASSERT( status == expected_status_b ); PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_generate_random( output, sizeof( output ) ) ); TEST_ASSERT( memcmp( output, zeros, sizeof( output ) ) != 0 ); exit: mbedtls_free( seed ); psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void run_entropy_inject_with_crypto_init( ) { psa_its_status_t its_status; psa_status_t status; int i; uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = { 0 }; /* fill seed with some data */ for( i = 0; i < sizeof( seed ); ++i ) { seed[i] = i; } its_status = psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ); TEST_ASSERT( ( its_status == PSA_ITS_SUCCESS ) || ( its_status == PSA_ITS_ERROR_KEY_NOT_FOUND ) ); status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) ); PSA_ASSERT( status ); its_status = psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ); TEST_ASSERT( its_status == PSA_ITS_SUCCESS ); status = psa_crypto_init( ); TEST_ASSERT( status == PSA_ERROR_INSUFFICIENT_ENTROPY ); status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) ); PSA_ASSERT( status ); status = psa_crypto_init( ); PSA_ASSERT( status ); mbedtls_psa_crypto_free( ); /* The seed is written by nv_seed callback functions therefore the injection will fail */ status = mbedtls_psa_inject_entropy( seed, sizeof( seed ) ); TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED ); exit: psa_its_remove( PSA_CRYPTO_ITS_RANDOM_SEED_UID ); mbedtls_psa_crypto_free( ); } /* END_CASE */