In order to bring consistency in-tree, migrate all subsystems code to
the new prefix <zephyr/...>. Note that the conversion has been scripted,
refer to zephyrproject-rtos#45388 for more details.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Bug introduced that prevented the logic from initializing the
context structure. Without this initialization, the application
will crash on repeated request for ctr_drbg random data.
Fixes: #44092
Signed-off-by: David Leach <david.leach@nxp.com>
With f44b3dc4df statically initializing
the entropy_dev variable, `ctr_drbg_initialize` was not being run on
the first call to `z_impl_sys_csrand_get`. Use a dedicated static bool
to track whether the init needs to be run.
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
When requesting seed entropy data fails, reseed the PRNG state with
runtime data. This is a minimal effort to ensure that random data
requested before a backing entropy device is ready does not result in
repeatable data on each boot.
The random XOR integers are selected from the CRC32 algorithm.
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
Defer the state initialization of the xoshiro algorithm until the first
time a random number is requested. This allows the PRNG algorithm to be
used with entropy sources which may not be available at boot, i.e
Bluetooth HCI.
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
The entropy device reference can be obtained at compile time. Adjust
error code to -ENODEV.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
THe entropy device can be ontained at compile time. Simplify some
logs/code as a result. Also adjusted "entropy_driver" name to
"entropy_dev", since it holds a "device", not a "driver".
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
The entropy device can be obtained at compile time. Adjusted the
assertion message slightly, as it no longer uses the entropy macro
label. Also adjusted the entropy_driver variable to entropy_dev, since
it does not hold a "driver" but a "device".
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
For functions returning nothing, there is no need to document
with @return, as Doxgen complains about "documented empty
return type of ...".
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
z_impl_sys_csrand_get is implement if the system is build with either
CONFIG_CTR_DRBG_CSPRNG_GENERATOR or CONFIG_HARDWARE_DEVICE_CS_GENERATOR.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
PR #36996 disabled running mem_protect/stack_random test on qemu_riscv32
platform because of this test consistently failing on said platform.
This test starts new threads in equal time intervals, and because of
that we get repeating values after performing the modulus operation when
calculating the stack pointer address.
This can be solved by changing the value of the _RAND32_INC constant
that is used to increase the value returned by the timer-based PRNG.
This commit decreases the value of the mentioned constant from
1000000013U to 1000000003U.
Fixes#37006.
Signed-off-by: Filip Kokosinski <fkokosinski@antmicro.com>
Deprecate the xoroshiro128+ PRNG algorithm in favour of xoshiro128++.
xoshiro128++ is a drop-in replacement which is invisible from the user
perspective.
xoroshiro128+ is unsuitable because it is explicitly a floating-point
PRNG, not a general-purpose PRNG. This means that the lower 4 bits of
the output are actually linear, not random (from the designers,
https://prng.di.unimi.it/). This means 1/8th of the generated data is
not random.
Additionally, xoroshiro128+ is not a 32bit algorithm, it operates on
64bit numbers. For the vast majority of Zephyr devices, this makes the
PRNG slower than it needs to be. The replacement (xoshiro128++) is
32bit, with no loss in state space (still 128 bit).
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
Adds an implementation of xoshiro128++ as a pseudo random number
generator from https://prng.di.unimi.it/ that operates on 32bit words.
The algorithm postfix signifies the main operation in the generation
function. Therefore xoshiro++ is chosen over xoshiro** as we would
prefer to do 2 additions isntead of 2 multiplications on embedded
hardware. The quality of the generators appears to be the same in all
other respects.
xoshiro+ is not chosen despite being faster as it generates random
floating-point values, not general purpose random values (The lower 4
bits are linear).
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
The previous implementation assumed that the dst pointer was always
aligned to a 4-byte boundary in platforms that require alignment for
storage of 32-bit integers. Since this is required for certain platforms
(eg. Arm Cortex-M0), use memcpy() instead, which always takes
alignment into account.
Fixes#33969.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
When ctr_drbg_initialize fails the function returns without unlock irq
that was previously locked.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
entropy_get_entropy return is not being checked what may result in a
vulnerability because tc_ctr_prng_reseed will not get proper entropy
data.
Fixes#29869
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
If rand32_xoroshiro128::z_impl_sys_rand_get is called with outlen
not divisible by 4, it will overflow the dst buffer. This happens
because blocksize is not changed from 4 to the difference between
outlen and len. If outlen is < 4, z_impl_sys_rand_get will be stuck
in an infinite loop that keeps writing random bytes outside the buffer.
If outlen is > 4, z_impl_sys_rand_get returns after the correct number
of loops, but it writes every byte to the buffer, not just outlen number
of bytes. This causes the buffer to be overflowed with up to and
including 3 bytes.
Signed-off-by: Didrik Rokhaug <didrik.rokhaug@gmail.com>
Generates a warning message when building with
CONFIG_TEST_RANDOM_GENERATOR. The purpose is inform that this is not
secure and should not used in production.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Both operands of an operator in the arithmetic conversions
performed shall have the same essential type category.
Changes are related to converting the integer constants to the
unsigned integer constants
Signed-off-by: Aastha Grover <aastha.grover@intel.com>
Now that device_api attribute is unmodified at runtime, as well as all
the other attributes, it is possible to switch all device driver
instance to be constant.
A coccinelle rule is used for this:
@r_const_dev_1
disable optional_qualifier
@
@@
-struct device *
+const struct device *
@r_const_dev_2
disable optional_qualifier
@
@@
-struct device * const
+const struct device *
Fixes#27399
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Create syscalls to make possible using random APIs from user mode
threads. These APIs can have different implementations, like using
entropy driver or Xoroshiro128. Some of these implementations also have
some globals to preserve state between calls.
Make it run entire in user space would require user adding these globals
to their memeory domains and/or grant access to entropy device. Syscalls
simplify its usage.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
In sys_rand_get() if the entropy hardware unlikely return error, the
fallgback is using the system timer to and fill the given buffer with
that data.
The problem what that k_cycle_get_32() returns a four bytes integer and
depending the sizeof of the buffer we need copy the right amount of
data. That was not being done properly leading to invalid read/write
memory access.
Fixes#26435
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Replace CONFIG_ENTROPY_NAME with DT_CHOSEN_ZEPHYR_ENTROPY_LABEL. We now
set zephyr,entropy in the chosen node of the device tree to the entropy
device.
This allows us to remove CONFIG_ENTROPY_NAME from dts_fixup.h. Also
remove any other stale ENTROPY related defines in dts_fixup.h files.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This is a copy of rand32_timer.c that uses
z_do_read_cpu_timestamp32() instead of k_cycle_get_32(),
with some logic to ensure different values when called in
rapid succession missing.
Like the other driver, its reported values are not random,
it's a testing generator only.
This appears to have no advantages over rand32_timer.c,
just remove it. In QEMU emulation, the reported TSC values
tend to have the lowest five bits zeroed.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Initialize function has to fail when a call to get entropy fails.
TinyCrypt prng_init relies on a proper entropy data, so we need to
check if the driver return it properly.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Propagate driver error when getting entropy data when calling a
cryptographically secure random generator.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The build infrastructure should not be adding the drivers subdirectory
to the include path. Fix the legacy uses that depended on that
addition.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
When using LLVM/Clang, it complains about memcpy() being
casted to (void *):
warning: expression result unused; should this cast be to 'void'? [-Wunused-value]
So change those to (void) instead as the return of memcpy()
is not used anyway.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
1) Add cryptographically secure random functions to provide
FIPS 140-2 compliant random functions.
2) Add name to random function choice selectors to ease
selection in SOC .defconfig files
3) Add bulk fill random functions.
Signed-off-by: David Leach <david.leach@nxp.com>
Use this short header style in all Kconfig files:
# <description>
# <copyright>
# <license>
...
Also change all <description>s from
# Kconfig[.extension] - Foo-related options
to just
# Foo-related options
It's clear enough that it's about Kconfig.
The <description> cleanup was done with this command, along with some
manual cleanup (big letter at the start, etc.)
git ls-files '*Kconfig*' | \
xargs sed -i -E '1 s/#\s*Kconfig[\w.-]*\s*-\s*/# /'
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
move entropy.h to drivers/entropy.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move atomic.h to sys/atomic.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Move internal and architecture specific headers from include/drivers to
subfolder for timer:
include/drivers/timer
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
There is no reason for storing a pointer into an atomic_t variable here.
Not only because this requires a dubious double cast that breaks on
64-bit builds as atomic_t is a 32-bit type, but also because the comment
in the code already admits that the whole operation isn't atomic anyway
and that it is fine. So let's keep things simple.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Update the files which contain no license information with the
'Apache-2.0' SPDX license identifier. Many source files in the tree are
missing licensing information, which makes it harder for compliance
tools to determine the correct license.
By default all files without license information are under the default
license of Zephyr, which is Apache version 2.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Rename reserved function names in drivers/ subdirectory. Update
function macros concatenatenating function names with '##'. As
there is a conflict between the existing gpio_sch_manage_callback()
and _gpio_sch_manage_callback() names, leave the latter unmodified.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Current implementation of the xoroshiro depends on the ISR being
triggered when the interrupts is locked. This patch proposes
implementing the init with entropy_get_isr. This implementation
can be called at PRE_KERNEL_2 stage, even when the interrupts
are locked.
Fixes: GH-8199
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Bool symbols implicitly default to 'n'.
A 'default n' can make sense e.g. in a Kconfig.defconfig file, if you
want to override a 'default y' on the base definition of the symbol. It
isn't used like that on any of these symbols though.
Remove some 'default ""' properties on string symbols too.
Also make definitions more consistent by converting some
config FOO
<type>
prompt "foo"
definitions to a shorter form:
config FOO
<type> "foo"
This shorthand works for int/hex/string symbols too, not just for bool
symbols.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Not only removes a branch during normal operation, but also ensures
that, by initializing at the PRE_KERNEL_2 stage, and granting
privileges to all threads to the semaphore, this code will work in
early boot situations and in user mode.
This assumes that entropy drivers will all initialize during
PRE_KERNEL_1 stage. All in-tree drivers do that.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Semaphore state_sem initial count is set to 0 but k_sem_give()
is invoked first in sys_rand32_get() which will block the caller
forever.
Fix the issue by setting the initail count to count_limit.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
If there is a build setup problem where a device driver has not been
setup for the entropy driver then the call to device_get_binding()
will return a NULL value and the code will continue to use this NULL
value. The result is a hard fault later in code execution.
Note that CONFIG_ASSERT is by default off so one has to turn this
configuration on to catch this problem.
Signed-off-by: David Leach <david.leach@nxp.com>
Introducing CMake is an important step in a larger effort to make
Zephyr easy to use for application developers working on different
platforms with different development environment needs.
Simplified, this change retains Kconfig as-is, and replaces all
Makefiles with CMakeLists.txt. The DSL-like Make language that KBuild
offers is replaced by a set of CMake extentions. These extentions have
either provided simple one-to-one translations of KBuild features or
introduced new concepts that replace KBuild concepts.
This is a breaking change for existing test infrastructure and build
scripts that are maintained out-of-tree. But for FW itself, no porting
should be necessary.
For users that just want to continue their work with minimal
disruption the following should suffice:
Install CMake 3.8.2+
Port any out-of-tree Makefiles to CMake.
Learn the absolute minimum about the new command line interface:
$ cd samples/hello_world
$ mkdir build && cd build
$ cmake -DBOARD=nrf52_pca10040 ..
$ cd build
$ make
PR: zephyrproject-rtos#4692
docs: http://docs.zephyrproject.org/getting_started/getting_started.html
Signed-off-by: Sebastian Boe <sebastian.boe@nordicsemi.no>
This adds an implementation of Xoroshiro128+ PRNG, based on the
original implementation at [1]. This pseudorandom number generator
will use the entropy driver to obtain the seed.
While it uses only 128 bits of state, it's pretty robust for non-crypto
safe applications.
[1] http://vigna.di.unimi.it/xorshift/xoroshiro128plus.c
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Instead of every hardware number generator driver providing an
implementation of this function, use the random device API to
centralize the implementation of this function.
This is a very simplistic function that can be seen as a stepping stone
to refactor the random number generation in Zephyr.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Gerard Marull-Paretas