Support mbedtls_psa_get_random() in SSL test programs

The SSL test programs can now use mbedtls_psa_get_random() rather than
entropy+DRBG as a random generator. This happens if
the configuration option MBEDTLS_USE_PSA_CRYPTO is enabled, or if
MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is set at build time.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

programs/ssl/ssl_test_lib.c

@@ -46,6 +46,7 @@ mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
     return 0x5af2a056;
 }
 
+#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
 static int dummy_entropy( void *data, unsigned char *output, size_t len )
 {
     size_t i;
@@ -60,9 +61,15 @@ static int dummy_entropy( void *data, unsigned char *output, size_t len )
     }
     return( ret );
 }
+#endif
 
 void rng_init( rng_context_t *rng )
 {
+#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+    (void) rng;
+    psa_crypto_init( );
+#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
+
 #if defined(MBEDTLS_CTR_DRBG_C)
     mbedtls_ctr_drbg_init( &rng->drbg );
 #elif defined(MBEDTLS_HMAC_DRBG_C)
@@ -72,6 +79,7 @@ void rng_init( rng_context_t *rng )
 #endif
 
     mbedtls_entropy_init( &rng->entropy );
+#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
 }
 
 int rng_seed( rng_context_t *rng, int reproducible, const char *pers )
@@ -84,6 +92,18 @@ int rng_seed( rng_context_t *rng, int reproducible, const char *pers )
         return( -1 );
     }
 #endif
+#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+    /* The PSA crypto RNG does its own seeding. */
+    (void) rng;
+    (void) pers;
+    if( reproducible )
+    {
+        mbedtls_fprintf( stderr,
+                         "The PSA RNG does not support reproducible mode.\n" );
+        return( -1 );
+    }
+    return( 0 );
+#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
     int ( *f_entropy )( void *, unsigned char *, size_t ) =
         ( reproducible ? dummy_entropy : mbedtls_entropy_func );
 
@@ -108,9 +128,9 @@ int rng_seed( rng_context_t *rng, int reproducible, const char *pers )
                                       f_entropy, &rng->entropy,
                                       (const unsigned char *) pers,
                                       strlen( pers ) );
-#else
+#else /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
 #error "No DRBG available"
-#endif
+#endif /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
 
     if( ret != 0 )
     {
@@ -118,12 +138,21 @@ int rng_seed( rng_context_t *rng, int reproducible, const char *pers )
                         (unsigned int) -ret );
         return( ret );
     }
+#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
 
     return( 0 );
 }
 
 void rng_free( rng_context_t *rng )
 {
+#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+    (void) rng;
+    /* Deinitialize the PSA crypto subsystem. This deactivates all PSA APIs.
+     * This is ok because none of our applications try to do any crypto after
+     * deinitializing the RNG. */
+    mbedtls_psa_crypto_free( );
+#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
+
 #if defined(MBEDTLS_CTR_DRBG_C)
     mbedtls_ctr_drbg_free( &rng->drbg );
 #elif defined(MBEDTLS_HMAC_DRBG_C)
@@ -133,11 +162,18 @@ void rng_free( rng_context_t *rng )
 #endif
 
     mbedtls_entropy_free( &rng->entropy );
+#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
 }
 
 int rng_get( void *p_rng, unsigned char *output, size_t output_len )
 {
+#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+    (void) p_rng;
+    return( mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE,
+                                    output, output_len ) );
+#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
     rng_context_t *rng = p_rng;
+
 #if defined(MBEDTLS_CTR_DRBG_C)
     return( mbedtls_ctr_drbg_random( &rng->drbg, output, output_len ) );
 #elif defined(MBEDTLS_HMAC_DRBG_C)
@@ -145,6 +181,8 @@ int rng_get( void *p_rng, unsigned char *output, size_t output_len )
 #else
 #error "No DRBG available"
 #endif
+
+#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
 }
 
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)