MBEDTLS_PSA_INJECT_ENTROPY: Make sure the seed file exist when running tests
The seed file must exist before running tests. Because the location is
somewhat platform- and configuration-dependent, and to be friendly to
developers who run test suites individually and aren't familiar with this
feature, rely on the test framework code rather than on test scripts to
create the seed file.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index d50bc68..15ffffb 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -227,6 +227,22 @@
* Provide implementations of these functions for testing. */
int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len);
int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len);
+
+
+/** Make sure that the injected entropy is present.
+ *
+ * When MBEDTLS_PSA_INJECT_ENTROPY is enabled, psa_crypto_init()
+ * will fail if the PSA entropy seed is not present.
+ * This function must be called at least once in a test suite or other
+ * program before any call to psa_crypto_init().
+ * It does not need to be called in each test case.
+ *
+ * The test framework calls this function before running any test case.
+ *
+ * The few tests that might remove the entropy file must call this function
+ * in their cleanup.
+ */
+int mbedtls_test_inject_entropy_restore(void);
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
index 30fd362..7cac6e0 100644
--- a/tests/src/helpers.c
+++ b/tests/src/helpers.c
@@ -20,6 +20,11 @@
#include <test/macros.h>
#include <string.h>
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+#include <psa/crypto.h>
+#include <test/psa_crypto_helpers.h>
+#endif
+
/*----------------------------------------------------------------------------*/
/* Static global variables */
@@ -35,9 +40,22 @@
int mbedtls_test_platform_setup(void)
{
int ret = 0;
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+ /* Make sure that injected entropy is present. Otherwise
+ * psa_crypto_init() will fail. This is not necessary for test suites
+ * that don't use PSA, but it's harmless (except for leaving a file
+ * behind). */
+ ret = mbedtls_test_inject_entropy_restore();
+ if (ret != 0) {
+ return ret;
+ }
+#endif
+
#if defined(MBEDTLS_PLATFORM_C)
ret = mbedtls_platform_setup(&platform_ctx);
#endif /* MBEDTLS_PLATFORM_C */
+
return ret;
}
diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c
index 7861185..cab96ab 100644
--- a/tests/src/psa_crypto_helpers.c
+++ b/tests/src/psa_crypto_helpers.c
@@ -178,6 +178,20 @@
return 0;
}
+int mbedtls_test_inject_entropy_restore(void)
+{
+ unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
+ for (size_t i = 0; i < sizeof(buf); i++) {
+ buf[i] = (unsigned char) i;
+ }
+ psa_status_t status = mbedtls_psa_inject_entropy(buf, sizeof(buf));
+ /* It's ok if the file was just created, or if it already exists. */
+ if (status != PSA_SUCCESS && status != PSA_ERROR_NOT_PERMITTED) {
+ return status;
+ }
+ return PSA_SUCCESS;
+}
+
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/tests/suites/test_suite_psa_crypto_entropy.function b/tests/suites/test_suite_psa_crypto_entropy.function
index 1bb9efb..f751287 100644
--- a/tests/suites/test_suite_psa_crypto_entropy.function
+++ b/tests/suites/test_suite_psa_crypto_entropy.function
@@ -153,8 +153,8 @@
TEST_ASSERT(memcmp(output, zeros, sizeof(output)) != 0);
exit:
mbedtls_free(seed);
- remove_seed_file();
PSA_DONE();
+ mbedtls_test_inject_entropy_restore();
}
/* END_CASE */
@@ -186,7 +186,7 @@
status = mbedtls_psa_inject_entropy(seed, sizeof(seed));
TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
exit:
- remove_seed_file();
PSA_DONE();
+ mbedtls_test_inject_entropy_restore();
}
/* END_CASE */