michaelh/zephyr
1
0
Fork 0
Code Releases Activity

random: sys_csrand_get backend for TEST_RANDOM_GENERATOR

Browse source 
When non-random number generation is allowed via
`TEST_RANDOM_GENERATOR`, enable an implementation for `sys_csrand_get`
that stubs out to `sys_rand_get`. This enables libraries that request
CS random numbers to be tested in CI, even if the results are not CS in
that context.

The documentation for `TEST_RANDOM_GENERATOR` is explicit enough about
the dangers of enabling this in production.

Signed-off-by: Jordan Yates <jordan@embeint.com>
This commit is contained in:
Jordan Yates 2024-06-20 16:55:22 +10:00 committed by Henrik Brix Andersen
commit bff97fbc7f
3 changed files with 26 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
subsys/random/CMakeLists.txt
View file

@ -8,16 +8,17 @@ zephyr_library()
zephyr_library_sources_ifdef(CONFIG_USERSPACE random_handlers.c) zephyr_library_sources_ifdef(CONFIG_USERSPACE random_handlers.c)
endif() endif()
if (CONFIG_TIMER_RANDOM_GENERATOR) if (CONFIG_TIMER_RANDOM_GENERATOR OR CONFIG_TEST_CSPRNG_GENERATOR)
message(WARNING " message(WARNING "
Warning: CONFIG_TIMER_RANDOM_GENERATOR is not a truly random generator. Warning: CONFIG_TIMER_RANDOM_GENERATOR and CONFIG_TEST_CSPRNG_GENERATOR are
This capability is not secure and it is provided for testing purposes only. not truly random generators. This capability is not secure and it is
Use it carefully.") provided for testing purposes only. Use it carefully.")
endif() endif()
zephyr_library_sources_ifdef(CONFIG_TIMER_RANDOM_GENERATOR random_timer.c) zephyr_library_sources_ifdef(CONFIG_TIMER_RANDOM_GENERATOR random_timer.c)
zephyr_library_sources_ifdef(CONFIG_XOSHIRO_RANDOM_GENERATOR random_xoshiro128.c) zephyr_library_sources_ifdef(CONFIG_XOSHIRO_RANDOM_GENERATOR random_xoshiro128.c)
zephyr_library_sources_ifdef(CONFIG_CTR_DRBG_CSPRNG_GENERATOR random_ctr_drbg.c) zephyr_library_sources_ifdef(CONFIG_CTR_DRBG_CSPRNG_GENERATOR random_ctr_drbg.c)
zephyr_library_sources_ifdef(CONFIG_TEST_CSPRNG_GENERATOR random_test_csprng.c)
if (CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR OR CONFIG_HARDWARE_DEVICE_CS_GENERATOR) if (CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR OR CONFIG_HARDWARE_DEVICE_CS_GENERATOR)
zephyr_library_sources(random_entropy_device.c) zephyr_library_sources(random_entropy_device.c)

8
subsys/random/Kconfig
View file

@ -88,6 +88,7 @@ config CSPRNG_ENABLED
choice CSPRNG_GENERATOR_CHOICE choice CSPRNG_GENERATOR_CHOICE
prompt "Cryptographically secure random generator" prompt "Cryptographically secure random generator"
default HARDWARE_DEVICE_CS_GENERATOR default HARDWARE_DEVICE_CS_GENERATOR
default TEST_CSPRNG_GENERATOR
help help
Platform dependent cryptographically secure random number support. Platform dependent cryptographically secure random number support.
@ -116,6 +117,13 @@ config CTR_DRBG_CSPRNG_GENERATOR
is a FIPS140-2 recommended cryptographically secure random number is a FIPS140-2 recommended cryptographically secure random number
generator. generator.
config TEST_CSPRNG_GENERATOR
bool "Use insecure CSPRNG for testing purposes"
depends on TEST_RANDOM_GENERATOR
help
Route calls to `sys_csrand_get` through `sys_rand_get` to enable
libraries that use the former to be tested with ZTEST.
endchoice # CSPRNG_GENERATOR_CHOICE endchoice # CSPRNG_GENERATOR_CHOICE
config CS_CTR_DRBG_PERSONALIZATION config CS_CTR_DRBG_PERSONALIZATION

13
subsys/random/random_test_csprng.c Normal file
View file

@ -0,0 +1,13 @@
/*
* Copyright (c) 2024 Embeint Inc
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <zephyr/random/random.h>
int z_impl_sys_csrand_get(void *dst, size_t outlen)
{
sys_rand_get(dst, outlen);
return 0;
}