From c612667e75d4316a228cb6051ea89b2c4c9e0540 Mon Sep 17 00:00:00 2001
From: Valerio Setti <vsetti@baylibre.com>
Date: Mon, 28 Apr 2025 13:01:26 +0200
Subject: [PATCH] test: fake_external_rng_for_test: add more functionalities to
 mbedtls_platform_get_entropy()

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
---
 .../include/test/fake_external_rng_for_test.h | 39 ++++++++++----
 tests/src/fake_external_rng_for_test.c        | 52 ++++++++++++++++---
 2 files changed, 74 insertions(+), 17 deletions(-)

diff --git a/tests/include/test/fake_external_rng_for_test.h b/tests/include/test/fake_external_rng_for_test.h
index 330399908..e2c46019a 100644
--- a/tests/include/test/fake_external_rng_for_test.h
+++ b/tests/include/test/fake_external_rng_for_test.h
@@ -41,16 +41,37 @@ void mbedtls_test_disable_insecure_external_rng(void);
 
 #include <mbedtls/platform.h>
 
-/* Force return value or entropy content in mbedtls_platform_get_entropy()
- * as follows:
- * - if fail == 0 && forced_entropy_content == 0 then
- *   mbedtls_platform_get_entropy() behaves properly.
- * - if fail != 0 then MBEDTLS_ERR_ENTROPY_SOURCE_FAILED is returned.
- * - if forced_entropy_content != 0 then
- *      - return value is success (0) but
- *      - returned entropy_content will be equal to forced_entropy_content.
+/* In the following there are some helper functions which allow tests to
+ * modify the behavior of the mbedtls_platform_get_entropy() implementation
+ * provided for test purposes.
+ * The following features can be controlled:
+ * - force a return value;
+ * - force the amount of bytes returned on each call;
+ * - force amount of entroy returned on each call;
+ * - get the number of times the callback has been called.
  */
-void mbedtls_test_get_entropy_force(int fail, size_t forced_entropy_content);
+
+/* Disable all forced values */
+void mbedtls_test_platform_get_entropy_reset(void);
+
+/* Force a failure on mbedtls_platform_get_entropy() as follows
+ * - val = 1 --> returns MBEDTLS_ERR_ENTROPY_SOURCE_FAILED.
+ * - val = 0 --> works normally (other forced values apply if set).
+ */
+void mbedtls_test_platform_get_entropy_set_force_failure(int val);
+
+/* If `val < SIZE_MAX` then forcedly limit the amount of data returned from
+ * mbedtls_platform_get_entropy() to the provided `val` value.
+ */
+void mbedtls_test_platform_get_entropy_set_output_len(size_t val);
+
+/* If `val < SIZE_MAX` then forcedly limit the amount of returned entropy from
+ * mbedtls_platform_get_entropy() to the provided `val` value.
+ */
+void mbedtls_test_platform_get_entropy_set_entropy_content(size_t val);
+
+/* Return the number of times mbedtls_platform_get_entropy() was called. */
+size_t mbedtls_test_platform_get_entropy_get_call_count(void);
 
 #endif /* MBEDTLS_PLATFORM_GET_ENTROPY_ALT */
 
diff --git a/tests/src/fake_external_rng_for_test.c b/tests/src/fake_external_rng_for_test.c
index 60e39e3f1..21da1414a 100644
--- a/tests/src/fake_external_rng_for_test.c
+++ b/tests/src/fake_external_rng_for_test.c
@@ -56,28 +56,64 @@ psa_status_t mbedtls_psa_external_get_random(
 #include <test/random.h>
 #include <mbedtls/entropy.h>
 
-static int get_entropy_alt_force_failure = 0;
-static size_t get_entropy_alt_forced_entropy_content = SIZE_MAX;
+static int platform_get_entropy_force_failure;
+static size_t platform_get_entropy_forced_entropy_content = SIZE_MAX;
+static size_t platform_get_entropy_forced_output_len = SIZE_MAX;
+static size_t platform_get_entropy_call_count;
 
-void mbedtls_test_get_entropy_force(int fail, size_t forced_entropy_content)
+void mbedtls_test_platform_get_entropy_reset()
 {
-    get_entropy_alt_force_failure = fail;
-    get_entropy_alt_forced_entropy_content = forced_entropy_content;
+    platform_get_entropy_call_count = 0;
+    platform_get_entropy_force_failure = 0;
+    platform_get_entropy_forced_entropy_content = SIZE_MAX;
+    platform_get_entropy_forced_output_len = SIZE_MAX;
+}
+
+void mbedtls_test_platform_get_entropy_set_force_failure(int val)
+{
+    platform_get_entropy_force_failure = (val != 0);
+}
+
+void mbedtls_test_platform_get_entropy_set_output_len(size_t val)
+{
+    platform_get_entropy_forced_output_len = val;
+}
+
+void mbedtls_test_platform_get_entropy_set_entropy_content(size_t val)
+{
+    platform_get_entropy_forced_entropy_content = val;
+}
+
+size_t mbedtls_test_platform_get_entropy_get_call_count()
+{
+    return platform_get_entropy_call_count;
 }
 
 int mbedtls_platform_get_entropy(unsigned char *output, size_t output_size,
                                  size_t *output_len, size_t *entropy_content)
 {
-    if (get_entropy_alt_force_failure != 0) {
+    platform_get_entropy_call_count++;
+
+    /* Return a failure if we were requested to. */
+    if (platform_get_entropy_force_failure != 0) {
         return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
     }
 
+    /* Return less data than requested if we were requested to. */
+    if (platform_get_entropy_forced_output_len < SIZE_MAX) {
+        /* Prevent buffer overrun */
+        if (platform_get_entropy_forced_output_len > output_size) {
+            return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+        }
+        output_size = platform_get_entropy_forced_output_len;
+    }
+
     mbedtls_test_rnd_std_rand(NULL, output, output_size);
 
     *output_len = output_size;
     if (entropy_content != NULL) {
-        if (get_entropy_alt_forced_entropy_content < SIZE_MAX) {
-            *entropy_content = get_entropy_alt_forced_entropy_content;
+        if (platform_get_entropy_forced_entropy_content < SIZE_MAX) {
+            *entropy_content = platform_get_entropy_forced_entropy_content;
         } else {
             *entropy_content = output_size * 8;
         }