From a08def9871ed489712f63e36adad46f4b5f64b1b Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 28 Apr 2023 21:01:49 +0200
Subject: [PATCH] Tests: provide necessary functions for
 MBEDTLS_PSA_INJECT_ENTROPY

The build option MBEDTLS_PSA_INJECT_ENTROPY requires some extra platform
functions, for historical reasons. To enable us to test this option, provide
a version of these functions for testing.

(These versions would actually work in production, but providing them in the
library in a way that doesn't break existing users might be slightly tricky,
so it's out of scope of this commit.)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 scripts/config.py                       |  2 +-
 tests/configs/user-config-for-test.h    | 20 ++++++++++++++++
 tests/include/test/psa_crypto_helpers.h | 19 +++++++++++++++
 tests/src/psa_crypto_helpers.c          | 31 +++++++++++++++++++++++++
 4 files changed, 71 insertions(+), 1 deletion(-)

diff --git a/scripts/config.py b/scripts/config.py
index ac5f77ceb..e9d421878 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -208,7 +208,7 @@ EXCLUDE_FROM_FULL = frozenset([
     'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG', # behavior change + build dependency
     'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # incompatible with USE_PSA_CRYPTO
     'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
-    'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions)
+    'MBEDTLS_PSA_INJECT_ENTROPY', # conflicts with platform entropy sources
     'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS
     'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT
     'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT
diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h
index 444a4bf00..8c2680d4a 100644
--- a/tests/configs/user-config-for-test.h
+++ b/tests/configs/user-config-for-test.h
@@ -55,3 +55,23 @@
 #define MBEDTLS_PSA_ACCEL_ALG_HMAC
 
 #endif  /* PSA_CRYPTO_DRIVER_TEST_ALL */
+
+
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+/* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform
+ * functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
+ * and #MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO. The job of these functions
+ * is to read and write from the entropy seed file, which is located
+ * in the PSA ITS file whose uid is #PSA_CRYPTO_ITS_RANDOM_SEED_UID.
+ * (These could have been provided as library functions, but for historical
+ * reasons, they weren't, and so each integrator has to provide a copy
+ * of these functions.)
+ *
+ * Provide implementations of these functions for testing. */
+#include <stddef.h>
+int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len);
+int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len);
+#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_test_inject_entropy_seed_read
+#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_test_inject_entropy_seed_write
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index 6ff235dbb..d50bc681e 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -212,6 +212,25 @@ psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags)
  */
 int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename);
 
+
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+/* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform
+ * functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
+ * and #MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO. The job of these functions
+ * is to read and write from the entropy seed file, which is located
+ * in the PSA ITS file whose uid is #PSA_CRYPTO_ITS_RANDOM_SEED_UID.
+ * (These could have been provided as library functions, but for historical
+ * reasons, they weren't, and so each integrator has to provide a copy
+ * of these functions.)
+ *
+ * Provide implementations of these functions for testing. */
+int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len);
+int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len);
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
+
+
+
 /** Skip a test case if the given key is a 192 bits AES key and the AES
  *  implementation is at least partially provided by an accelerator or
  *  alternative implementation.
diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c
index 77c2f8976..7861185ee 100644
--- a/tests/src/psa_crypto_helpers.c
+++ b/tests/src/psa_crypto_helpers.c
@@ -149,4 +149,35 @@ int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename)
     }
 }
 
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+
+#include <mbedtls/entropy.h>
+#include <psa_crypto_its.h>
+
+int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len)
+{
+    size_t actual_len = 0;
+    psa_status_t status = psa_its_get(PSA_CRYPTO_ITS_RANDOM_SEED_UID,
+                                      0, len, buf, &actual_len);
+    if (status != 0) {
+        return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
+    }
+    if (actual_len != len) {
+        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+    }
+    return 0;
+}
+
+int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len)
+{
+    psa_status_t status = psa_its_set(PSA_CRYPTO_ITS_RANDOM_SEED_UID,
+                                      len, buf, 0);
+    if (status != 0) {
+        return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
+    }
+    return 0;
+}
+
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
+
 #endif /* MBEDTLS_PSA_CRYPTO_C */