Make RNG parameters mandatory in ECP functions

Fix trivial faulty calls in ECP test suite and ECP/ECJPAKE self-tests (by adding a dummy RNG). Several tests suites are not passing yet, as a couple of library function do call ecp_mul() with a NULL RNG. The complexity of the fixes range from "simple refactoring" to "requires API changes", so these will be addressed in separate commits. This makes the option MBEDTLS_ECP_NO_INTERNAL_RNG, as well as the whole "internal RNG" code, obsolete. This will be addressed in a future commit, after getting the test suites to pass again. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2025-07-28 00:21:48 +03:00 · 2021-06-15 11:29:26 +02:00
parent 7861ecf838
commit aa3ed6f987
4 changed files with 76 additions and 27 deletions
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@ -962,6 +962,28 @@ static const unsigned char ecjpake_test_pms[] = {
    0xb4, 0x38, 0xf7, 0x19, 0xd3, 0xc4, 0xf3, 0x51
 };

+/*
+ * PRNG for test - !!!INSECURE NEVER USE IN PRODUCTION!!!
+ *
+ * This is the linear congruential generator from numerical recipes,
+ * except we only use the low byte as the output. See
+ * https://en.wikipedia.org/wiki/Linear_congruential_generator#Parameters_in_common_use
+ */
+static int self_test_rng( void *ctx, unsigned char *out, size_t len )
+{
+    static uint32_t state = 42;
+
+    (void) ctx;
+
+    for( size_t i = 0; i < len; i++ )
+    {
+        state = state * 1664525u + 1013904223u;
+        out[i] = (unsigned char) state;
+    }
+
+    return( 0 );
+}
+
 /* Load my private keys and generate the corresponding public keys */
 static int ecjpake_test_load( mbedtls_ecjpake_context *ctx,
                              const unsigned char *xm1, size_t len1,
@ -972,9 +994,9 @@ static int ecjpake_test_load( mbedtls_ecjpake_context *ctx,
    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm1, xm1, len1 ) );
    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm2, xm2, len2 ) );
    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm1, &ctx->xm1,
-                                      &ctx->grp.G, NULL, NULL ) );
+                                      &ctx->grp.G, self_test_rng, NULL ) );
    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm2, &ctx->xm2,
-                                      &ctx->grp.G, NULL, NULL ) );
+                                      &ctx->grp.G, self_test_rng, NULL ) );

 cleanup:
    return( ret );