random: `sys_csrand_get` backend for `TEST_RANDOM_GENERATOR`

When non-random number generation is allowed via `TEST_RANDOM_GENERATOR`, enable an implementation for `sys_csrand_get` that stubs out to `sys_rand_get`. This enables libraries that request CS random numbers to be tested in CI, even if the results are not CS in that context. The documentation for `TEST_RANDOM_GENERATOR` is explicit enough about the dangers of enabling this in production. Signed-off-by: Jordan Yates <jordan@embeint.com>
2024-06-20 16:55:22 +10:00 · 2024-06-20 16:55:22 +10:00 · bff97fbc7f
parent fdcdc5d3cd
commit bff97fbc7f
3 changed files with 26 additions and 4 deletions
--- a/subsys/random/CMakeLists.txt
+++ b/subsys/random/CMakeLists.txt
@ -8,16 +8,17 @@ zephyr_library()
 zephyr_library_sources_ifdef(CONFIG_USERSPACE           random_handlers.c)
 endif()

-if (CONFIG_TIMER_RANDOM_GENERATOR)
+if (CONFIG_TIMER_RANDOM_GENERATOR OR CONFIG_TEST_CSPRNG_GENERATOR)
  message(WARNING "
-    Warning: CONFIG_TIMER_RANDOM_GENERATOR is not a truly random generator.
-    This capability is not secure and it is provided for testing purposes only.
-    Use it carefully.")
+    Warning: CONFIG_TIMER_RANDOM_GENERATOR and CONFIG_TEST_CSPRNG_GENERATOR are
+    not truly random generators. This capability is not secure and it is
+    provided for testing purposes only. Use it carefully.")
 endif()

 zephyr_library_sources_ifdef(CONFIG_TIMER_RANDOM_GENERATOR          random_timer.c)
 zephyr_library_sources_ifdef(CONFIG_XOSHIRO_RANDOM_GENERATOR        random_xoshiro128.c)
 zephyr_library_sources_ifdef(CONFIG_CTR_DRBG_CSPRNG_GENERATOR       random_ctr_drbg.c)
+zephyr_library_sources_ifdef(CONFIG_TEST_CSPRNG_GENERATOR           random_test_csprng.c)

 if (CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR OR CONFIG_HARDWARE_DEVICE_CS_GENERATOR)
 zephyr_library_sources(random_entropy_device.c)
--- a/subsys/random/Kconfig
+++ b/subsys/random/Kconfig
@ -88,6 +88,7 @@ config CSPRNG_ENABLED
 choice CSPRNG_GENERATOR_CHOICE
 	prompt "Cryptographically secure random generator"
 	default HARDWARE_DEVICE_CS_GENERATOR
+	default TEST_CSPRNG_GENERATOR
 	help
 	  Platform dependent cryptographically secure random number support.

@ -116,6 +117,13 @@ config CTR_DRBG_CSPRNG_GENERATOR
 	  is a FIPS140-2 recommended cryptographically secure random number
 	  generator.

+config TEST_CSPRNG_GENERATOR
+	bool "Use insecure CSPRNG for testing purposes"
+	depends on TEST_RANDOM_GENERATOR
+	help
+	  Route calls to `sys_csrand_get` through `sys_rand_get` to enable
+	  libraries that use the former to be tested with ZTEST.
+
 endchoice # CSPRNG_GENERATOR_CHOICE

 config CS_CTR_DRBG_PERSONALIZATION
--- a/subsys/random/random_test_csprng.c
+++ b/subsys/random/random_test_csprng.c
@ -0,0 +1,13 @@
+/*
+ * Copyright (c) 2024 Embeint Inc
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include <zephyr/random/random.h>
+
+int z_impl_sys_csrand_get(void *dst, size_t outlen)
+{
+	sys_rand_get(dst, outlen);
+	return 0;
+}