commit 4fc21fdeb6ecff1165b1a7e77cea5676b8058ee0
author Gilles Peskine <Gilles.Peskine@arm.com> Fri Nov 13 18:47:18 2020 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Mon Nov 23 17:42:54 2020 +0100
tree 7fdbc1bf06f08e805f0b6602869828bef922432b
parent 1c49f1ac4606963f1b6ac00a18dbe870e0222fa0

Implement MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG

Implement support for MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.

For test purposes, write an implementation that uses libc rand().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index a32ce94..410d6a1 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -6297,6 +6297,10 @@
  */
 static void mbedtls_psa_random_init( mbedtls_psa_random_context_t *rng )
 {
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+    memset( rng, 0, sizeof( *rng ) );
+#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+
     /* Set default configuration if
      * mbedtls_psa_crypto_configure_entropy_sources() hasn't been called. */
     if( rng->entropy_init == NULL )
@@ -6316,31 +6320,59 @@
 #endif
 
     mbedtls_psa_drbg_init( mbedtls_psa_random_state( rng ) );
+#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 }
 
 /** Deinitialize the PSA random generator.
  */
 static void mbedtls_psa_random_free( mbedtls_psa_random_context_t *rng )
 {
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+    memset( rng, 0, sizeof( *rng ) );
+#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
     mbedtls_psa_drbg_free( mbedtls_psa_random_state( rng ) );
     rng->entropy_free( &rng->entropy );
+#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 }
 
 /** Seed the PSA random generator.
  */
 static psa_status_t mbedtls_psa_random_seed( mbedtls_psa_random_context_t *rng )
 {
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+    /* Do nothing: the external RNG seeds itself. */
+    (void) rng;
+    return( PSA_SUCCESS );
+#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
     const unsigned char drbg_seed[] = "PSA";
     int ret = mbedtls_psa_drbg_seed( rng, drbg_seed, sizeof( drbg_seed ) - 1 );
     return mbedtls_to_psa_error( ret );
+#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 }
 
 psa_status_t psa_generate_random( uint8_t *output,
                                   size_t output_size )
 {
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     GUARD_MODULE_INITIALIZED;
 
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+
+    size_t output_length = 0;
+    psa_status_t status = mbedtls_psa_external_get_random( &global_data.rng,
+                                                           output, output_size,
+                                                           &output_length );
+    if( status != PSA_SUCCESS )
+        return( status );
+    /* Breaking up a request into smaller chunks is currently not supported
+     * for the extrernal RNG interface. */
+    if( output_length != output_size )
+        return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+    return( PSA_SUCCESS );
+
+#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
     while( output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST )
     {
         ret = mbedtls_psa_get_random(
@@ -6355,6 +6387,7 @@
     ret = mbedtls_psa_get_random( mbedtls_psa_random_state( &global_data.rng ),
                                   output, output_size );
     return( mbedtls_to_psa_error( ret ) );
+#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 }
 
 #if defined(MBEDTLS_PSA_INJECT_ENTROPY)
@@ -6586,6 +6619,7 @@
 /* Module setup */
 /****************************************************************/
 
+#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
 psa_status_t mbedtls_psa_crypto_configure_entropy_sources(
     void (* entropy_init )( mbedtls_entropy_context *ctx ),
     void (* entropy_free )( mbedtls_entropy_context *ctx ) )
@@ -6596,6 +6630,7 @@
     global_data.rng.entropy_free = entropy_free;
     return( PSA_SUCCESS );
 }
+#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
 
 void mbedtls_psa_crypto_free( void )
 {