Use fake RNG only when necessary (#350)

* use fake rng only when necessary

- Change tests to use CtrDrbg with OsEntropy as RNG by default.

* fix ci

Author: Taowyoo

mbedtls/src/pk/mod.rs

@@ -1235,7 +1235,7 @@ iy6KC991zzvaWY/Ys+q/84Afqa+0qJKQnPuy/7F5GkVdQA/lfbhi
 
     #[test]
     fn generate_rsa() {
-        let mut pk = Pk::generate_rsa(&mut crate::test_support::rand::test_rng(), 2048, 0x10001).unwrap();
+        let mut pk = Pk::generate_rsa(&mut crate::test_support::rand::test_deterministic_rng(), 2048, 0x10001).unwrap();
         let generated = pk.write_private_pem_string().unwrap();
         assert_eq!(0x10001, pk.rsa_public_exponent().unwrap());
         assert_eq!(generated, TEST_PEM[..TEST_PEM.len() - 1]);
@@ -1257,19 +1257,19 @@ iy6KC991zzvaWY/Ys+q/84Afqa+0qJKQnPuy/7F5GkVdQA/lfbhi
 
     #[test]
     fn generate_ec_secp256r1() {
-        let mut key1 = Pk::generate_ec(&mut crate::test_support::rand::test_rng(), EcGroupId::SecP256R1).unwrap();
+        let mut key1 = Pk::generate_ec(&mut crate::test_support::rand::test_deterministic_rng(), EcGroupId::SecP256R1).unwrap();
         let pem1 = key1.write_private_pem_string().unwrap();
 
         let secp256r1 = EcGroup::new(EcGroupId::SecP256R1).unwrap();
-        let mut key2 = Pk::generate_ec(&mut crate::test_support::rand::test_rng(), secp256r1.clone()).unwrap();
+        let mut key2 = Pk::generate_ec(&mut crate::test_support::rand::test_deterministic_rng(), secp256r1.clone()).unwrap();
         let pem2 = key2.write_private_pem_string().unwrap();
 
         assert_eq!(pem1, pem2);
 
         let mut key_from_components = Pk::private_from_ec_scalar_with_rng(
             secp256r1.clone(),
             key1.ec_private().unwrap(),
-            &mut crate::test_support::rand::test_rng(),
+            &mut crate::test_support::rand::test_deterministic_rng(),
         )
         .unwrap();
         let pem3 = key_from_components.write_private_pem_string().unwrap();
@@ -1628,7 +1628,7 @@ iy6KC991zzvaWY/Ys+q/84Afqa+0qJKQnPuy/7F5GkVdQA/lfbhi
 
     #[test]
     fn private_from_rsa_components_sanity() {
-        let mut pk = Pk::generate_rsa(&mut crate::test_support::rand::test_rng(), 2048, 0x10001).unwrap();
+        let mut pk = Pk::generate_rsa(&mut crate::test_support::rand::test_deterministic_rng(), 2048, 0x10001).unwrap();
         let components = RsaPrivateComponents::WithPrimes {
             p: &pk.rsa_private_prime1().unwrap(),
             q: &pk.rsa_private_prime2().unwrap(),

mbedtls/tests/support/rand.rs

@@ -12,11 +12,11 @@ use mbedtls_sys::types::size_t;
 use rand::{Rng, XorShiftRng};
 
 /// Not cryptographically secure!!! Use for testing only!!!
-pub struct TestRandom(XorShiftRng);
+pub struct TestInsecureRandom(XorShiftRng);
 
-impl crate::mbedtls::rng::RngCallbackMut for TestRandom {
+impl crate::mbedtls::rng::RngCallbackMut for TestInsecureRandom {
     unsafe extern "C" fn call_mut(p_rng: *mut c_void, data: *mut c_uchar, len: size_t) -> c_int {
-        (*(p_rng as *mut TestRandom))
+        (*(p_rng as *mut TestInsecureRandom))
             .0
             .fill_bytes(core::slice::from_raw_parts_mut(data, len));
         0
@@ -27,9 +27,9 @@ impl crate::mbedtls::rng::RngCallbackMut for TestRandom {
     }
 }
 
-impl crate::mbedtls::rng::RngCallback for TestRandom {
+impl crate::mbedtls::rng::RngCallback for TestInsecureRandom {
     unsafe extern "C" fn call(p_rng: *mut c_void, data: *mut c_uchar, len: size_t) -> c_int {
-        (*(p_rng as *mut TestRandom))
+        (*(p_rng as *mut TestInsecureRandom))
             .0
             .fill_bytes(core::slice::from_raw_parts_mut(data, len));
         0
@@ -40,7 +40,36 @@ impl crate::mbedtls::rng::RngCallback for TestRandom {
     }
 }
 
+cfg_if::cfg_if! {
+    if #[cfg(any(feature = "rdrand", target_env = "sgx", feature = "std"))]
+    {
+        pub type TestRandom = crate::mbedtls::rng::CtrDrbg;
+    } else {
+        pub type TestRandom = TestInsecureRandom;
+    }
+}
+
 /// Not cryptographically secure!!! Use for testing only!!!
 pub fn test_rng() -> TestRandom {
-    TestRandom(XorShiftRng::new_unseeded())
+    cfg_if::cfg_if! {
+        if #[cfg(any(feature = "rdrand", target_env = "sgx", feature = "std"))]
+        {
+            #[cfg(feature = "std")]
+            use std::sync::Arc;
+            #[cfg(not(feature = "std"))]
+            extern crate alloc as rust_alloc;
+            #[cfg(not(feature = "std"))]
+            use rust_alloc::sync::Arc;
+
+            let entropy = Arc::new(super::entropy::entropy_new());
+            TestRandom::new(entropy, None).unwrap()
+        } else {
+            test_deterministic_rng()
+        }
+    }
+}
+
+/// Not cryptographically secure!!! Use for testing only!!!
+pub fn test_deterministic_rng() -> TestInsecureRandom {
+    TestInsecureRandom(XorShiftRng::new_unseeded())
 }