Disable the insecure PSA test RNG by default

To reduce the risk of people accidentally using the test
implementation of mbedtls_psa_external_get_random(), which is
insecure, require the user to explicitly call
mbedtls_test_enable_insecure_external_rng() first.

Disabling the test implementation of mbedtls_psa_external_get_random()
will also allow negative testing for MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG,
which will be added in a subsequent commit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tests/include/test/psa_crypto_helpers.h

@@ -53,6 +53,32 @@ const char *mbedtls_test_helper_is_psa_leaking( void );
 
 
 
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+/** Enable the insecure implementation of mbedtls_psa_external_get_random().
+ *
+ * The insecure implementation of mbedtls_psa_external_get_random() is
+ * disabled by default.
+ *
+ * When MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled and the test
+ * helpers are linked into a program, you must enable this before any code
+ * that uses the PSA subsystem to generate random data (including internal
+ * random generation for purposes such as blinding when the random generation
+ * is routed through PSA).
+ *
+ * You can enable and disable it at any time, regardless of the state
+ * of the PSA subsystem. You may disable it temporarily to simulate a
+ * depleted entropy source.
+ */
+void mbedtls_test_enable_insecure_external_rng( void );
+
+/** Disable the insecure implementation of mbedtls_psa_external_get_random().
+ *
+ * See mbedtls_test_enable_insecure_external_rng().
+ */
+void mbedtls_test_disable_insecure_external_rng( void );
+#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+
+
 #if defined(RECORD_PSA_STATUS_COVERAGE_LOG)
 psa_status_t mbedtls_test_record_status( psa_status_t status,
                                          const char *func,

tests/src/psa_crypto_helpers.c

@@ -72,13 +72,29 @@ psa_status_t mbedtls_test_record_status( psa_status_t status,
 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
 #include <test/random.h>
 
+static int test_insecure_external_rng_enabled = 0;
+
+void mbedtls_test_enable_insecure_external_rng( void )
+{
+    test_insecure_external_rng_enabled = 1;
+}
+
+void mbedtls_test_disable_insecure_external_rng( void )
+{
+    test_insecure_external_rng_enabled = 0;
+}
+
 psa_status_t mbedtls_psa_external_get_random(
     mbedtls_psa_external_random_context_t *context,
     uint8_t *output, size_t output_size, size_t *output_length )
 {
+    (void) context;
+
+    if( !test_insecure_external_rng_enabled )
+        return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+
     /* This implementation is for test purposes only!
      * Use the libc non-cryptographic random generator. */
-    (void) context;
     mbedtls_test_rnd_std_rand( NULL, output, output_size );
     *output_length = output_size;
     return( PSA_SUCCESS );

tests/suites/main_test.function

@@ -164,6 +164,10 @@ $dispatch_code
  */
 void execute_function_ptr(TestWrapper_t fp, void **params)
 {
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+    mbedtls_test_enable_insecure_external_rng( );
+#endif
+
 #if defined(MBEDTLS_CHECK_PARAMS)
     mbedtls_test_param_failed_location_record_t location_record;