Fix and test MBEDTLS_PSA_INJECT_ENTROPY

tests/suites/test_suite_psa_crypto_entropy.function

@@ -14,6 +14,40 @@
 #if defined(MBEDTLS_PSA_INJECT_ENTROPY)
 #include <psa_crypto_its.h>
 
+/* Check the entropy seed file.
+ *
+ * \param expected_size     Expected size in bytes.
+ *                          If 0, the file must not exist.
+ *
+ * \retval 0    Either \p expected_size is nonzero and
+ *              the entropy seed file exists and has exactly this size,
+ *              or \p expected_size is zero and the file does not exist.
+ * \retval 1    Either \p expected_size is nonzero and
+ *              the entropy seed file exists,
+ *              or \p expected_size is zero and the file exists.
+ *              In this case, the test case is marked as failed.
+ *
+ * \note We enforce that the seed is in a specific ITS file.
+ *       This must not change, otherwise we break backward compatibility if
+ *       the library is upgraded on a device with an existing seed.
+ */
+int check_random_seed_file(size_t expected_size)
+{
+    struct psa_storage_info_t info = { 0, 0 };
+    psa_status_t status = psa_its_get_info(PSA_CRYPTO_ITS_RANDOM_SEED_UID,
+                                           &info);
+
+    if (expected_size == 0) {
+        TEST_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST);
+    } else {
+        TEST_EQUAL(status, PSA_SUCCESS);
+        TEST_EQUAL(info.size, expected_size);
+    }
+    return 1;
+
+exit:
+    return 0;
+}
 
 /* Remove the entropy seed file.
  *
@@ -131,14 +165,30 @@ void validate_entropy_seed_injection(int seed_length_a,
     status =  remove_seed_file();
     TEST_ASSERT((status == PSA_SUCCESS) ||
                 (status == PSA_ERROR_DOES_NOT_EXIST));
+    if (!check_random_seed_file(0)) {
+        goto exit;
+    }
+
     status = mbedtls_psa_inject_entropy(seed, seed_length_a);
     TEST_EQUAL(status, expected_status_a);
+    if (!check_random_seed_file(expected_status_a == PSA_SUCCESS ? seed_length_a :
+                                0)) {
+        goto exit;
+    }
+
     status = mbedtls_psa_inject_entropy(seed, seed_length_b);
     TEST_EQUAL(status, expected_status_b);
+    if (!check_random_seed_file(expected_status_a == PSA_SUCCESS ? seed_length_a :
+                                expected_status_b == PSA_SUCCESS ? seed_length_b :
+                                0)) {
+        goto exit;
+    }
+
     PSA_ASSERT(psa_crypto_init());
     PSA_ASSERT(psa_generate_random(output,
                                    sizeof(output)));
     TEST_ASSERT(memcmp(output, zeros, sizeof(output)) != 0);
+
 exit:
     mbedtls_free(seed);
     PSA_DONE();
@@ -156,23 +206,38 @@ void run_entropy_inject_with_crypto_init()
     for (i = 0; i < sizeof(seed); ++i) {
         seed[i] = i;
     }
+
     status =  remove_seed_file();
     TEST_ASSERT((status == PSA_SUCCESS) ||
                 (status == PSA_ERROR_DOES_NOT_EXIST));
+    if (!check_random_seed_file(0)) {
+        goto exit;
+    }
     status = mbedtls_psa_inject_entropy(seed, sizeof(seed));
     PSA_ASSERT(status);
+    TEST_ASSERT(check_random_seed_file(sizeof(seed)));
     status =  remove_seed_file();
     TEST_EQUAL(status, PSA_SUCCESS);
+    if (!check_random_seed_file(0)) {
+        goto exit;
+    }
+
     status = psa_crypto_init();
     TEST_EQUAL(status, PSA_ERROR_INSUFFICIENT_ENTROPY);
     status = mbedtls_psa_inject_entropy(seed, sizeof(seed));
     PSA_ASSERT(status);
+    if (!check_random_seed_file(sizeof(seed))) {
+        goto exit;
+    }
+
     status = psa_crypto_init();
     PSA_ASSERT(status);
     PSA_DONE();
+
     /* The seed is written by nv_seed callback functions therefore the injection will fail */
     status = mbedtls_psa_inject_entropy(seed, sizeof(seed));
     TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
+
 exit:
     PSA_DONE();
     mbedtls_test_inject_entropy_restore();