Move the fake PSA external RNG to its own header and source files

Move the declaration of the functions needed to use the test implementation of mbedtls_psa_external_get_random() to a new header file. Before, they were declared in tests/include/test/psa_crypto_helpers.h, but this header file can't be included in sample programs because it also includes headers from the library directory which is not on the include path for sample programs. This fixes the build of the sample programs when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_USE_PSA_CRYPTO are enabled. Move the implementation of the functions to a separate .c file as well. This isn't strictly necessary, but makes the structure of the source code easier to understand. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-20 20:02:01 +01:00 · 2021-01-20 20:02:01 +01:00 · 1af872d23b
commit 1af872d23b
parent e1d51bd99d
7 changed files with 119 additions and 59 deletions
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@ -194,7 +194,7 @@ int rng_get( void *p_rng, unsigned char *output, size_t output_len );
 * MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto
 * function that makes use of an RNG, you must call
 * mbedtls_test_enable_insecure_external_rng(). */
-#include <test/psa_crypto_helpers.h>
+#include <test/fake_external_rng_for_test.h>
 #endif

 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
--- a/tests/include/test/fake_external_rng_for_test.h
+++ b/tests/include/test/fake_external_rng_for_test.h
@ -0,0 +1,56 @@
+/*
+ * Insecure but standalone implementation of mbedtls_psa_external_get_random().
+ * Only for use in tests!
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+#ifndef FAKE_EXTERNAL_RNG_FOR_TEST_H
+#define FAKE_EXTERNAL_RNG_FOR_TEST_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+/** Enable the insecure implementation of mbedtls_psa_external_get_random().
+ *
+ * The insecure implementation of mbedtls_psa_external_get_random() is
+ * disabled by default.
+ *
+ * When MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled and the test
+ * helpers are linked into a program, you must enable this before running any
+ * code that uses the PSA subsystem to generate random data (including internal
+ * random generation for purposes such as blinding when the random generation
+ * is routed through PSA).
+ *
+ * You can enable and disable it at any time, regardless of the state
+ * of the PSA subsystem. You may disable it temporarily to simulate a
+ * depleted entropy source.
+ */
+void mbedtls_test_enable_insecure_external_rng( void );
+
+/** Disable the insecure implementation of mbedtls_psa_external_get_random().
+ *
+ * See mbedtls_test_enable_insecure_external_rng().
+ */
+void mbedtls_test_disable_insecure_external_rng( void );
+#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+
+#endif /* FAKE_EXTERNAL_RNG_FOR_TEST_H */
--- a/tests/include/test/helpers.h
+++ b/tests/include/test/helpers.h
@ -190,4 +190,8 @@ void* mbedtls_test_param_failed_get_state_buf( void );
 void mbedtls_test_param_failed_reset_state( void );
 #endif /* MBEDTLS_CHECK_PARAMS */

+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+#include "test/fake_external_rng_for_test.h"
+#endif
+
 #endif /* TEST_HELPERS_H */
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@ -63,32 +63,6 @@ const char *mbedtls_test_helper_is_psa_leaking( void );



-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-/** Enable the insecure implementation of mbedtls_psa_external_get_random().
- *
- * The insecure implementation of mbedtls_psa_external_get_random() is
- * disabled by default.
- *
- * When MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled and the test
- * helpers are linked into a program, you must enable this before running any
- * code that uses the PSA subsystem to generate random data (including internal
- * random generation for purposes such as blinding when the random generation
- * is routed through PSA).
- *
- * You can enable and disable it at any time, regardless of the state
- * of the PSA subsystem. You may disable it temporarily to simulate a
- * depleted entropy source.
- */
-void mbedtls_test_enable_insecure_external_rng( void );
-
-/** Disable the insecure implementation of mbedtls_psa_external_get_random().
- *
- * See mbedtls_test_enable_insecure_external_rng().
- */
-void mbedtls_test_disable_insecure_external_rng( void );
-#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-
-
 #if defined(RECORD_PSA_STATUS_COVERAGE_LOG)
 psa_status_t mbedtls_test_record_status( psa_status_t status,
                                         const char *func,
--- a/tests/src/fake_external_rng_for_test.c
+++ b/tests/src/fake_external_rng_for_test.c
@ -0,0 +1,56 @@
+/** \file psa_crypto_helpers.c
+ *
+ * \brief Helper functions to test PSA crypto functionality.
+ */
+
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+#include <test/fake_external_rng_for_test.h>
+
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+#include <test/random.h>
+#include <psa/crypto.h>
+
+static int test_insecure_external_rng_enabled = 0;
+
+void mbedtls_test_enable_insecure_external_rng( void )
+{
+    test_insecure_external_rng_enabled = 1;
+}
+
+void mbedtls_test_disable_insecure_external_rng( void )
+{
+    test_insecure_external_rng_enabled = 0;
+}
+
+psa_status_t mbedtls_psa_external_get_random(
+    mbedtls_psa_external_random_context_t *context,
+    uint8_t *output, size_t output_size, size_t *output_length )
+{
+    (void) context;
+
+    if( !test_insecure_external_rng_enabled )
+        return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+
+    /* This implementation is for test purposes only!
+     * Use the libc non-cryptographic random generator. */
+    mbedtls_test_rnd_std_rand( NULL, output, output_size );
+    *output_length = output_size;
+    return( PSA_SUCCESS );
+}
+#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
--- a/tests/src/psa_crypto_helpers.c
+++ b/tests/src/psa_crypto_helpers.c
@ -69,36 +69,4 @@ psa_status_t mbedtls_test_record_status( psa_status_t status,
 }
 #endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */

-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-#include <test/random.h>
-
-static int test_insecure_external_rng_enabled = 0;
-
-void mbedtls_test_enable_insecure_external_rng( void )
-{
-    test_insecure_external_rng_enabled = 1;
-}
-
-void mbedtls_test_disable_insecure_external_rng( void )
-{
-    test_insecure_external_rng_enabled = 0;
-}
-
-psa_status_t mbedtls_psa_external_get_random(
-    mbedtls_psa_external_random_context_t *context,
-    uint8_t *output, size_t output_size, size_t *output_length )
-{
-    (void) context;
-
-    if( !test_insecure_external_rng_enabled )
-        return( PSA_ERROR_INSUFFICIENT_ENTROPY );
-
-    /* This implementation is for test purposes only!
-     * Use the libc non-cryptographic random generator. */
-    mbedtls_test_rnd_std_rand( NULL, output, output_size );
-    *output_length = output_size;
-    return( PSA_SUCCESS );
-}
-#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-
 #endif /* MBEDTLS_PSA_CRYPTO_C */
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@ -233,6 +233,7 @@
    <ClInclude Include="..\..\include\psa\crypto_types.h" />
    <ClInclude Include="..\..\include\psa\crypto_values.h" />
    <ClInclude Include="..\..\tests\include\test\constant_flow.h" />
+    <ClInclude Include="..\..\tests\include\test\fake_external_rng_for_test.h" />
    <ClInclude Include="..\..\tests\include\test\helpers.h" />
    <ClInclude Include="..\..\tests\include\test\macros.h" />
    <ClInclude Include="..\..\tests\include\test\psa_crypto_helpers.h" />
@ -348,6 +349,7 @@
    <ClCompile Include="..\..\library\x509write_crt.c" />
    <ClCompile Include="..\..\library\x509write_csr.c" />
    <ClCompile Include="..\..\library\xtea.c" />
+    <ClCompile Include="..\..\tests\src\fake_external_rng_for_test.c" />
    <ClCompile Include="..\..\tests\src\helpers.c" />
    <ClCompile Include="..\..\tests\src\psa_crypto_helpers.c" />
    <ClCompile Include="..\..\tests\src\random.c" />