Add Tests for psa crypto entropy incjection

Adjust code to handle and work with MBEDTLS_ENTROPY_BLOCK_SIZE definition option

include/psa/crypto_extra.h

@@ -91,8 +91,10 @@ void mbedtls_psa_crypto_free( void );
  *
  * \param seed[in]      Buffer containing the seed value to inject.
  * \param seed_size     Size of the \p seed buffer.
- *                      The size of the seed must be
- *                      at least #MBEDTLS_ENTROPY_MIN_PLATFORM bytes
+ *                      The size of the seed must be equal or larger than any
+ *                      of the values defined both in
+ *                      #MBEDTLS_ENTROPY_MIN_PLATFORM
+ *                      and in the #MBEDTLS_ENTROPY_BLOCK_SIZE defines
  *                      and at most #MBEDTLS_ENTROPY_MAX_SEED_SIZE bytes.
  *
  * \retval #PSA_SUCCESS

library/psa_crypto.c

@@ -4234,8 +4234,12 @@ psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed,
     struct psa_its_info_t p_info;
     if( global_data.initialized )
         return( PSA_ERROR_NOT_PERMITTED );
-    if( ( seed_size < MBEDTLS_ENTROPY_MIN_PLATFORM ) || ( seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+
+    if( ( ( seed_size < MBEDTLS_ENTROPY_MIN_PLATFORM ) ||
+          ( seed_size < MBEDTLS_ENTROPY_BLOCK_SIZE ) ) ||
+          ( seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) )
+            return( PSA_ERROR_INVALID_ARGUMENT );
+
     status = psa_its_get_info( MBED_RANDOM_SEED_ITS_UID, &p_info );
     if( PSA_ITS_ERROR_KEY_NOT_FOUND == status ) /* No seed exists */
     {

library/version_features.c

@@ -402,6 +402,9 @@ static const char *features[] = {
 #if defined(MBEDTLS_ENTROPY_NV_SEED)
     "MBEDTLS_ENTROPY_NV_SEED",
 #endif /* MBEDTLS_ENTROPY_NV_SEED */
+#if defined(MBEDTLS_PSA_HAS_ITS_IO)
+    "MBEDTLS_PSA_HAS_ITS_IO",
+#endif /* MBEDTLS_PSA_HAS_ITS_IO */
 #if defined(MBEDTLS_MEMORY_DEBUG)
     "MBEDTLS_MEMORY_DEBUG",
 #endif /* MBEDTLS_MEMORY_DEBUG */

tests/suites/test_suite_psa_crypto_entropy.data

@@ -1,14 +1,15 @@
 PSA validate entropy injection: good, minimum size
-validate_entropy_seed_injection:MBEDTLS_ENTROPY_MIN_PLATFORM:PSA_SUCCESS:MBEDTLS_ENTROPY_MIN_PLATFORM:PSA_ERROR_NOT_PERMITTED
+validate_entropy_seed_injection:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_SUCCESS:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_ERROR_NOT_PERMITTED
 
 PSA validate entropy injection: good, max size
 validate_entropy_seed_injection:MBEDTLS_ENTROPY_MAX_SEED_SIZE:PSA_SUCCESS:MBEDTLS_ENTROPY_MAX_SEED_SIZE:PSA_ERROR_NOT_PERMITTED
 
 PSA validate entropy injection: bad, too big
-validate_entropy_seed_injection:MBEDTLS_ENTROPY_MAX_SEED_SIZE+1:PSA_ERROR_INVALID_ARGUMENT:MBEDTLS_ENTROPY_MIN_PLATFORM:PSA_SUCCESS
+validate_entropy_seed_injection:MBEDTLS_ENTROPY_MAX_SEED_SIZE+1:PSA_ERROR_INVALID_ARGUMENT:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_SUCCESS
 
 PSA validate entropy injection: bad, too small
-validate_entropy_seed_injection:MBEDTLS_ENTROPY_MIN_PLATFORM-1:PSA_ERROR_INVALID_ARGUMENT:MBEDTLS_ENTROPY_MIN_PLATFORM:PSA_SUCCESS
+validate_entropy_seed_injection:MBEDTLS_ENTROPY_BLOCK_SIZE-1:PSA_ERROR_INVALID_ARGUMENT:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_SUCCESS
 
 PSA validate entropy injection: before and after crypto_init
 run_entropy_inject_with_crypto_init:
+

tests/suites/test_suite_psa_crypto_entropy.function

@@ -62,24 +62,24 @@ void run_entropy_inject_with_crypto_init( )
     psa_its_status_t its_status;
     psa_status_t status;
     int i;
-    uint8_t seed[MBEDTLS_ENTROPY_MIN_PLATFORM] = {0};
+    uint8_t seed[MBEDTLS_ENTROPY_BLOCK_SIZE] = {0};
     /* fill seed in some data */
-    for( i = 0; i < MBEDTLS_ENTROPY_MIN_PLATFORM; ++i)
+    for( i = 0; i < MBEDTLS_ENTROPY_BLOCK_SIZE; ++i)
     {
         seed[i] = i;
     }
     its_status =  psa_its_remove(MBED_RANDOM_SEED_ITS_UID);
     TEST_ASSERT( (its_status == PSA_ITS_SUCCESS) || (its_status == PSA_ITS_ERROR_KEY_NOT_FOUND) );
-    status = mbedtls_psa_inject_entropy( seed, MBEDTLS_ENTROPY_MIN_PLATFORM );
+    status = mbedtls_psa_inject_entropy( seed, MBEDTLS_ENTROPY_BLOCK_SIZE );
     TEST_ASSERT( status == PSA_SUCCESS );
     its_status =  psa_its_remove(MBED_RANDOM_SEED_ITS_UID);
     TEST_ASSERT( its_status == PSA_ITS_SUCCESS );
     TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
-    status = mbedtls_psa_inject_entropy( seed, MBEDTLS_ENTROPY_MIN_PLATFORM );
+    status = mbedtls_psa_inject_entropy( seed, MBEDTLS_ENTROPY_BLOCK_SIZE );
     TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
     mbedtls_psa_crypto_free( );
     /* The seed is written by nv_seed callback functions therefore the injection will fail */
-    status = mbedtls_psa_inject_entropy( seed, MBEDTLS_ENTROPY_MIN_PLATFORM );
+    status = mbedtls_psa_inject_entropy( seed, MBEDTLS_ENTROPY_BLOCK_SIZE );
     TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
 exit:
     psa_its_remove(MBED_RANDOM_SEED_ITS_UID);