TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-02 18:46:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

Move entropy-related tests to test_suite_psa_crypto_entropy

Browse Source 
They were in test_suite_psa_crypto_init, but their only connection to init
is that RNG setup is part of init. When testing how the RNG is set up, the
fact that it happens during init is incidental, what matters is the
difficulties around collecting entropy.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2026-01-23 20:15:08 +01:00
parent a1d7a81d39
commit 178cda8cc6
4 changed files with 266 additions and 262 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
tests/suites/test_suite_psa_crypto_entropy.data
View File

@@ -1,3 +1,49 @@
Create NV seed file
create_nv_seed:
Custom entropy sources: all standard
custom_entropy_sources:0x0000ffff:PSA_SUCCESS
# MBEDTLS_PSA_INJECT_ENTROPY means that a source of entropy (the seed file)
# is effectively always available.
Custom entropy sources: none
depends_on:!MBEDTLS_PSA_INJECT_ENTROPY
custom_entropy_sources:0:PSA_ERROR_INSUFFICIENT_ENTROPY
Fake entropy: never returns anything
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:0:0:0:0:PSA_ERROR_INSUFFICIENT_ENTROPY
Fake entropy: less than the block size
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:-1:-1:-1:PSA_ERROR_INSUFFICIENT_ENTROPY
Fake entropy: not enough for a nonce
depends_on:ENTROPY_NONCE_LEN != 0
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:ENTROPY_NONCE_LEN - 1:-1:-1:-1:PSA_ERROR_INSUFFICIENT_ENTROPY
Fake entropy: one block eventually
depends_on:ENTROPY_NONCE_LEN == 0
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:0:0:0:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_SUCCESS
Fake entropy: one block in two steps
depends_on:ENTROPY_NONCE_LEN == 0
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:1:-1:-1:PSA_SUCCESS
Fake entropy: more than one block in two steps
depends_on:ENTROPY_NONCE_LEN == 0
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:-1:-1:PSA_SUCCESS
Fake entropy: two blocks eventually
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:0:MBEDTLS_ENTROPY_BLOCK_SIZE:0:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_SUCCESS
NV seed only: less than minimum
entropy_from_nv_seed:MBEDTLS_ENTROPY_MIN_PLATFORM - 1:PSA_ERROR_INSUFFICIENT_ENTROPY
NV seed only: less than one block
entropy_from_nv_seed:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:PSA_ERROR_INSUFFICIENT_ENTROPY
NV seed only: just enough
entropy_from_nv_seed:ENTROPY_MIN_NV_SEED_SIZE:PSA_SUCCESS
PSA external RNG failure: generate random and key
external_rng_failure_generate:
@@ -43,3 +89,5 @@ validate_entropy_seed_injection:MBEDTLS_ENTROPY_BLOCK_SIZE-1:PSA_ERROR_INVALID_A
PSA validate entropy injection: before and after crypto_init
run_entropy_inject_with_crypto_init:
Recreate NV seed file
create_nv_seed:

217
tests/suites/test_suite_psa_crypto_entropy.function
View File

@@ -4,9 +4,117 @@
#include <psa/crypto.h>
/* Some tests in this module configure entropy sources. */
#include "psa_crypto_invasive.h"
#include "mbedtls/entropy.h"
#include "entropy_poll.h"
#define ENTROPY_MIN_NV_SEED_SIZE \
MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
#include "psa_crypto_random_impl.h"
#if defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)
/* PSA crypto uses the HMAC_DRBG module. It reads from the entropy source twice:
* once for the initial entropy and once for a nonce. The nonce length is
* half the entropy length. For SHA-256, SHA-384 or SHA-512, the
* entropy length is 256 per the documentation of mbedtls_hmac_drbg_seed(),
* and PSA crypto doesn't support other hashes for HMAC_DRBG. */
#define ENTROPY_NONCE_LEN (256 / 2)
#else
/* PSA crypto uses the CTR_DRBG module. In some configurations, it needs
* to read from the entropy source twice: once for the initial entropy
* and once for a nonce. */
#include "mbedtls/ctr_drbg.h"
#define ENTROPY_NONCE_LEN MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN
#endif
#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
typedef struct {
size_t threshold; /* Minimum bytes to make mbedtls_entropy_func happy */
size_t max_steps;
size_t *length_sequence;
size_t step;
} fake_entropy_state_t;
static int fake_entropy_source(void *state_arg,
unsigned char *output, size_t len,
size_t *olen)
{
fake_entropy_state_t *state = state_arg;
size_t i;
if (state->step >= state->max_steps) {
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
*olen = MIN(len, state->length_sequence[state->step]);
for (i = 0; i < *olen; i++) {
output[i] = i;
}
++state->step;
return 0;
}
#define ENTROPY_SOURCE_PLATFORM 0x00000001
#define ENTROPY_SOURCE_TIMING 0x00000002
#define ENTROPY_SOURCE_HARDWARE 0x00000004
#define ENTROPY_SOURCE_NV_SEED 0x00000008
#define ENTROPY_SOURCE_FAKE 0x40000000
static uint32_t custom_entropy_sources_mask;
static fake_entropy_state_t fake_entropy_state;
/* This is a modified version of mbedtls_entropy_init() from entropy.c
* which chooses entropy sources dynamically. */
static void custom_entropy_init(mbedtls_entropy_context *ctx)
{
ctx->source_count = 0;
memset(ctx->source, 0, sizeof(ctx->source));
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_init(&ctx->mutex);
#endif
ctx->accumulator_started = 0;
mbedtls_md_init(&ctx->accumulator);
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
if (custom_entropy_sources_mask & ENTROPY_SOURCE_PLATFORM) {
mbedtls_entropy_add_source(ctx, mbedtls_platform_entropy_poll, NULL,
MBEDTLS_ENTROPY_MIN_PLATFORM,
MBEDTLS_ENTROPY_SOURCE_STRONG);
}
#endif
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
if (custom_entropy_sources_mask & ENTROPY_SOURCE_HARDWARE) {
mbedtls_entropy_add_source(ctx, mbedtls_hardware_poll, NULL,
MBEDTLS_ENTROPY_MIN_HARDWARE,
MBEDTLS_ENTROPY_SOURCE_STRONG);
}
#endif
#if defined(MBEDTLS_ENTROPY_NV_SEED)
if (custom_entropy_sources_mask & ENTROPY_SOURCE_NV_SEED) {
mbedtls_entropy_add_source(ctx, mbedtls_nv_seed_poll, NULL,
MBEDTLS_ENTROPY_BLOCK_SIZE,
MBEDTLS_ENTROPY_SOURCE_STRONG);
ctx->initial_entropy_run = 0;
} else {
/* Skip the NV seed even though it's compiled in. */
ctx->initial_entropy_run = 1;
}
#endif
if (custom_entropy_sources_mask & ENTROPY_SOURCE_FAKE) {
mbedtls_entropy_add_source(ctx,
fake_entropy_source, &fake_entropy_state,
fake_entropy_state.threshold,
MBEDTLS_ENTROPY_SOURCE_STRONG);
}
}
#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
/* Calculating the minimum allowed entropy size in bytes */
#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, \
MBEDTLS_ENTROPY_BLOCK_SIZE)
@@ -68,6 +176,115 @@ psa_status_t remove_seed_file(void)
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_PSA_CRYPTO_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
void create_nv_seed()
{
static unsigned char seed[ENTROPY_MIN_NV_SEED_SIZE];
TEST_ASSERT(mbedtls_nv_seed_write(seed, sizeof(seed)) >= 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
void custom_entropy_sources(int sources_arg, int expected_init_status_arg)
{
psa_status_t expected_init_status = expected_init_status_arg;
uint8_t random[10] = { 0 };
custom_entropy_sources_mask = sources_arg;
PSA_ASSERT(mbedtls_psa_crypto_configure_entropy_sources(
custom_entropy_init, mbedtls_entropy_free));
TEST_EQUAL(psa_crypto_init(), expected_init_status);
if (expected_init_status != PSA_SUCCESS) {
goto exit;
}
PSA_ASSERT(psa_generate_random(random, sizeof(random)));
exit:
PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
void fake_entropy_source(int threshold,
int amount1,
int amount2,
int amount3,
int amount4,
int expected_init_status_arg)
{
psa_status_t expected_init_status = expected_init_status_arg;
uint8_t random[10] = { 0 };
size_t lengths[4];
fake_entropy_state.threshold = threshold;
fake_entropy_state.step = 0;
fake_entropy_state.max_steps = 0;
if (amount1 >= 0) {
lengths[fake_entropy_state.max_steps++] = amount1;
}
if (amount2 >= 0) {
lengths[fake_entropy_state.max_steps++] = amount2;
}
if (amount3 >= 0) {
lengths[fake_entropy_state.max_steps++] = amount3;
}
if (amount4 >= 0) {
lengths[fake_entropy_state.max_steps++] = amount4;
}
fake_entropy_state.length_sequence = lengths;
custom_entropy_sources_mask = ENTROPY_SOURCE_FAKE;
PSA_ASSERT(mbedtls_psa_crypto_configure_entropy_sources(
custom_entropy_init, mbedtls_entropy_free));
TEST_EQUAL(psa_crypto_init(), expected_init_status);
if (expected_init_status != PSA_SUCCESS) {
goto exit;
}
PSA_ASSERT(psa_generate_random(random, sizeof(random)));
exit:
PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
void entropy_from_nv_seed(int seed_size_arg,
int expected_init_status_arg)
{
psa_status_t expected_init_status = expected_init_status_arg;
uint8_t random[10] = { 0 };
uint8_t *seed = NULL;
size_t seed_size = seed_size_arg;
TEST_CALLOC(seed, seed_size);
TEST_ASSERT(mbedtls_nv_seed_write(seed, seed_size) >= 0);
custom_entropy_sources_mask = ENTROPY_SOURCE_NV_SEED;
PSA_ASSERT(mbedtls_psa_crypto_configure_entropy_sources(
custom_entropy_init, mbedtls_entropy_free));
TEST_EQUAL(psa_crypto_init(), expected_init_status);
if (expected_init_status != PSA_SUCCESS) {
goto exit;
}
PSA_ASSERT(psa_generate_random(random, sizeof(random)));
exit:
mbedtls_free(seed);
PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
void external_rng_failure_generate()
{

49
tests/suites/test_suite_psa_crypto_init.data
View File

@@ -1,6 +1,3 @@
Create NV seed file
create_nv_seed:
PSA init/deinit
init_deinit:2
@@ -24,49 +21,3 @@ validate_module_init_generate_random:1
No key slot access after deinit
validate_module_init_key_based:1
Custom entropy sources: all standard
custom_entropy_sources:0x0000ffff:PSA_SUCCESS
# MBEDTLS_PSA_INJECT_ENTROPY means that a source of entropy (the seed file)
# is effectively always available.
Custom entropy sources: none
depends_on:!MBEDTLS_PSA_INJECT_ENTROPY
custom_entropy_sources:0:PSA_ERROR_INSUFFICIENT_ENTROPY
Fake entropy: never returns anything
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:0:0:0:0:PSA_ERROR_INSUFFICIENT_ENTROPY
Fake entropy: less than the block size
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:-1:-1:-1:PSA_ERROR_INSUFFICIENT_ENTROPY
Fake entropy: not enough for a nonce
depends_on:ENTROPY_NONCE_LEN != 0
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:ENTROPY_NONCE_LEN - 1:-1:-1:-1:PSA_ERROR_INSUFFICIENT_ENTROPY
Fake entropy: one block eventually
depends_on:ENTROPY_NONCE_LEN == 0
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:0:0:0:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_SUCCESS
Fake entropy: one block in two steps
depends_on:ENTROPY_NONCE_LEN == 0
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:1:-1:-1:PSA_SUCCESS
Fake entropy: more than one block in two steps
depends_on:ENTROPY_NONCE_LEN == 0
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:-1:-1:PSA_SUCCESS
Fake entropy: two blocks eventually
fake_entropy_source:MBEDTLS_ENTROPY_BLOCK_SIZE:0:MBEDTLS_ENTROPY_BLOCK_SIZE:0:MBEDTLS_ENTROPY_BLOCK_SIZE:PSA_SUCCESS
NV seed only: less than minimum
entropy_from_nv_seed:MBEDTLS_ENTROPY_MIN_PLATFORM - 1:PSA_ERROR_INSUFFICIENT_ENTROPY
NV seed only: less than one block
entropy_from_nv_seed:MBEDTLS_ENTROPY_BLOCK_SIZE - 1:PSA_ERROR_INSUFFICIENT_ENTROPY
NV seed only: just enough
entropy_from_nv_seed:ENTROPY_MIN_NV_SEED_SIZE:PSA_SUCCESS
Recreate NV seed file
create_nv_seed:

214
tests/suites/test_suite_psa_crypto_init.function
View File

@@ -2,12 +2,9 @@
#include <stdint.h>
#include "psa_crypto_core.h"
/* Some tests in this module configure entropy sources. */
/* For mbedtls_psa_crypto_configure_entropy_sources() */
#include "psa_crypto_invasive.h"
#include "mbedtls/entropy.h"
#include "entropy_poll.h"
static int check_stats(void)
{
mbedtls_psa_stats_t stats;
@@ -25,111 +22,6 @@ exit:
return 0;
}
#define ENTROPY_MIN_NV_SEED_SIZE \
MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
#include "psa_crypto_random_impl.h"
#if defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)
/* PSA crypto uses the HMAC_DRBG module. It reads from the entropy source twice:
* once for the initial entropy and once for a nonce. The nonce length is
* half the entropy length. For SHA-256, SHA-384 or SHA-512, the
* entropy length is 256 per the documentation of mbedtls_hmac_drbg_seed(),
* and PSA crypto doesn't support other hashes for HMAC_DRBG. */
#define ENTROPY_NONCE_LEN (256 / 2)
#else
/* PSA crypto uses the CTR_DRBG module. In some configurations, it needs
* to read from the entropy source twice: once for the initial entropy
* and once for a nonce. */
#include "mbedtls/ctr_drbg.h"
#define ENTROPY_NONCE_LEN MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN
#endif
#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
typedef struct {
size_t threshold; /* Minimum bytes to make mbedtls_entropy_func happy */
size_t max_steps;
size_t *length_sequence;
size_t step;
} fake_entropy_state_t;
static int fake_entropy_source(void *state_arg,
unsigned char *output, size_t len,
size_t *olen)
{
fake_entropy_state_t *state = state_arg;
size_t i;
if (state->step >= state->max_steps) {
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
*olen = MIN(len, state->length_sequence[state->step]);
for (i = 0; i < *olen; i++) {
output[i] = i;
}
++state->step;
return 0;
}
#define ENTROPY_SOURCE_PLATFORM 0x00000001
#define ENTROPY_SOURCE_TIMING 0x00000002
#define ENTROPY_SOURCE_HARDWARE 0x00000004
#define ENTROPY_SOURCE_NV_SEED 0x00000008
#define ENTROPY_SOURCE_FAKE 0x40000000
static uint32_t custom_entropy_sources_mask;
static fake_entropy_state_t fake_entropy_state;
/* This is a modified version of mbedtls_entropy_init() from entropy.c
* which chooses entropy sources dynamically. */
static void custom_entropy_init(mbedtls_entropy_context *ctx)
{
ctx->source_count = 0;
memset(ctx->source, 0, sizeof(ctx->source));
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_init(&ctx->mutex);
#endif
ctx->accumulator_started = 0;
mbedtls_md_init(&ctx->accumulator);
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
if (custom_entropy_sources_mask & ENTROPY_SOURCE_PLATFORM) {
mbedtls_entropy_add_source(ctx, mbedtls_platform_entropy_poll, NULL,
MBEDTLS_ENTROPY_MIN_PLATFORM,
MBEDTLS_ENTROPY_SOURCE_STRONG);
}
#endif
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
if (custom_entropy_sources_mask & ENTROPY_SOURCE_HARDWARE) {
mbedtls_entropy_add_source(ctx, mbedtls_hardware_poll, NULL,
MBEDTLS_ENTROPY_MIN_HARDWARE,
MBEDTLS_ENTROPY_SOURCE_STRONG);
}
#endif
#if defined(MBEDTLS_ENTROPY_NV_SEED)
if (custom_entropy_sources_mask & ENTROPY_SOURCE_NV_SEED) {
mbedtls_entropy_add_source(ctx, mbedtls_nv_seed_poll, NULL,
MBEDTLS_ENTROPY_BLOCK_SIZE,
MBEDTLS_ENTROPY_SOURCE_STRONG);
ctx->initial_entropy_run = 0;
} else {
/* Skip the NV seed even though it's compiled in. */
ctx->initial_entropy_run = 1;
}
#endif
if (custom_entropy_sources_mask & ENTROPY_SOURCE_FAKE) {
mbedtls_entropy_add_source(ctx,
fake_entropy_source, &fake_entropy_state,
fake_entropy_state.threshold,
MBEDTLS_ENTROPY_SOURCE_STRONG);
}
}
#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
#if defined MBEDTLS_THREADING_PTHREAD
typedef struct {
@@ -190,14 +82,6 @@ exit:
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
void create_nv_seed()
{
static unsigned char seed[ENTROPY_MIN_NV_SEED_SIZE];
TEST_ASSERT(mbedtls_nv_seed_write(seed, sizeof(seed)) >= 0);
}
/* END_CASE */
/* BEGIN_CASE */
void init_deinit(int count)
{
@@ -333,99 +217,3 @@ void validate_module_init_key_based(int count)
TEST_ASSERT(mbedtls_svc_key_id_is_null(key));
}
/* END_CASE */
/* BEGIN_CASE depends_on:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
void custom_entropy_sources(int sources_arg, int expected_init_status_arg)
{
psa_status_t expected_init_status = expected_init_status_arg;
uint8_t random[10] = { 0 };
custom_entropy_sources_mask = sources_arg;
PSA_ASSERT(mbedtls_psa_crypto_configure_entropy_sources(
custom_entropy_init, mbedtls_entropy_free));
TEST_EQUAL(psa_crypto_init(), expected_init_status);
if (expected_init_status != PSA_SUCCESS) {
goto exit;
}
PSA_ASSERT(psa_generate_random(random, sizeof(random)));
exit:
PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
void fake_entropy_source(int threshold,
int amount1,
int amount2,
int amount3,
int amount4,
int expected_init_status_arg)
{
psa_status_t expected_init_status = expected_init_status_arg;
uint8_t random[10] = { 0 };
size_t lengths[4];
fake_entropy_state.threshold = threshold;
fake_entropy_state.step = 0;
fake_entropy_state.max_steps = 0;
if (amount1 >= 0) {
lengths[fake_entropy_state.max_steps++] = amount1;
}
if (amount2 >= 0) {
lengths[fake_entropy_state.max_steps++] = amount2;
}
if (amount3 >= 0) {
lengths[fake_entropy_state.max_steps++] = amount3;
}
if (amount4 >= 0) {
lengths[fake_entropy_state.max_steps++] = amount4;
}
fake_entropy_state.length_sequence = lengths;
custom_entropy_sources_mask = ENTROPY_SOURCE_FAKE;
PSA_ASSERT(mbedtls_psa_crypto_configure_entropy_sources(
custom_entropy_init, mbedtls_entropy_free));
TEST_EQUAL(psa_crypto_init(), expected_init_status);
if (expected_init_status != PSA_SUCCESS) {
goto exit;
}
PSA_ASSERT(psa_generate_random(random, sizeof(random)));
exit:
PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
void entropy_from_nv_seed(int seed_size_arg,
int expected_init_status_arg)
{
psa_status_t expected_init_status = expected_init_status_arg;
uint8_t random[10] = { 0 };
uint8_t *seed = NULL;
size_t seed_size = seed_size_arg;
TEST_CALLOC(seed, seed_size);
TEST_ASSERT(mbedtls_nv_seed_write(seed, seed_size) >= 0);
custom_entropy_sources_mask = ENTROPY_SOURCE_NV_SEED;
PSA_ASSERT(mbedtls_psa_crypto_configure_entropy_sources(
custom_entropy_init, mbedtls_entropy_free));
TEST_EQUAL(psa_crypto_init(), expected_init_status);
if (expected_init_status != PSA_SUCCESS) {
goto exit;
}
PSA_ASSERT(psa_generate_random(random, sizeof(random)));
exit:
mbedtls_free(seed);
PSA_DONE();
}
/* END_CASE */