[pentest] Connect trng init

siemen11 · nasahlpa · commit a5718d889b50 · 2026-04-15T07:52:03.000+02:00
Connect the otcrypto_entropy_init function to the pentest framework.
This function is currently only useful for fault injection testing.

Signed-off-by: Siemen Dhooghe &lt;sdhooghe@google.com&gt;
diff --git a/sw/device/tests/penetrationtests/firmware/fi/cryptolib_fi_sym.c b/sw/device/tests/penetrationtests/firmware/fi/cryptolib_fi_sym.c
@@ -400,7 +400,9 @@ status_t handle_cryptolib_fi_sym_trng_init(ujson_t *uj) {
       &rv_core_ibex));
 
   cryptolib_fi_sym_trng_init_out_t uj_output;
-  memset(&uj_output, 0, sizeof(uj_output));
+  uj_output.status = kUnknown;
+  uj_output.status =
+      (size_t)cryptolib_fi_trng_init_impl(uj_input, &uj_output).value;
 
   // Get registered alerts from alert handler.
   reg_alerts = pentest_get_triggered_alerts();
diff --git a/sw/device/tests/penetrationtests/firmware/fi/cryptolib_fi_sym_impl.c b/sw/device/tests/penetrationtests/firmware/fi/cryptolib_fi_sym_impl.c
@@ -10,6 +10,7 @@
 #include "sw/device/lib/crypto/include/aes_gcm.h"
 #include "sw/device/lib/crypto/include/datatypes.h"
 #include "sw/device/lib/crypto/include/drbg.h"
+#include "sw/device/lib/crypto/include/entropy_src.h"
 #include "sw/device/lib/crypto/include/hmac.h"
 #include "sw/device/lib/crypto/include/integrity.h"
 #include "sw/device/lib/crypto/include/key_transport.h"
@@ -217,6 +218,24 @@ status_t cryptolib_fi_drbg_reseed_impl(
   return OK_STATUS();
 }
 
+status_t cryptolib_fi_trng_init_impl(
+    cryptolib_fi_sym_trng_init_in_t uj_input,
+    cryptolib_fi_sym_trng_init_out_t *uj_output) {
+  // Trigger window 0.
+  if (uj_input.trigger & kPentestTrigger1) {
+    pentest_set_trigger_high();
+  }
+  TRY(otcrypto_entropy_init());
+  if (uj_input.trigger & kPentestTrigger1) {
+    pentest_set_trigger_low();
+  }
+
+  // Return data back to host.
+  uj_output->cfg = 0;
+
+  return OK_STATUS();
+}
+
 status_t cryptolib_fi_gcm_impl(cryptolib_fi_sym_gcm_in_t uj_input,
                                cryptolib_fi_sym_gcm_out_t *uj_output) {
   // Construct the blinded key configuration.
diff --git a/sw/device/tests/penetrationtests/firmware/fi/cryptolib_fi_sym_impl.h b/sw/device/tests/penetrationtests/firmware/fi/cryptolib_fi_sym_impl.h
@@ -41,6 +41,17 @@ status_t cryptolib_fi_drbg_reseed_impl(
     cryptolib_fi_sym_drbg_reseed_in_t uj_input,
     cryptolib_fi_sym_drbg_reseed_out_t *uj_output);
 
+/**
+ * Wrapper to TRNG init cryptolib implementation.
+ *
+ * @param uj_input An initialized uJSON context.
+ * @param uj_output An initialized uJSON context.
+ * @return OK or error.
+ */
+status_t cryptolib_fi_trng_init_impl(
+    cryptolib_fi_sym_trng_init_in_t uj_input,
+    cryptolib_fi_sym_trng_init_out_t *uj_output);
+
 /**
  * Wrapper to AES-GCM cryptolib implementation.
  *
