random: sys_csrand_get backend for TEST_RANDOM_GENERATOR

JordanYates · henrikbrixandersen · commit bff97fbc7f83 · 2024-10-16T10:00:47.000+02:00
When non-random number generation is allowed via
`TEST_RANDOM_GENERATOR`, enable an implementation for `sys_csrand_get`
that stubs out to `sys_rand_get`. This enables libraries that request
CS random numbers to be tested in CI, even if the results are not CS in
that context.

The documentation for `TEST_RANDOM_GENERATOR` is explicit enough about
the dangers of enabling this in production.

Signed-off-by: Jordan Yates &lt;jordan@embeint.com&gt;
diff --git a/subsys/random/CMakeLists.txt b/subsys/random/CMakeLists.txt
@@ -8,16 +8,17 @@ zephyr_library()
 zephyr_library_sources_ifdef(CONFIG_USERSPACE           random_handlers.c)
 endif()
 
-if (CONFIG_TIMER_RANDOM_GENERATOR)
+if (CONFIG_TIMER_RANDOM_GENERATOR OR CONFIG_TEST_CSPRNG_GENERATOR)
   message(WARNING "
-    Warning: CONFIG_TIMER_RANDOM_GENERATOR is not a truly random generator.
-    This capability is not secure and it is provided for testing purposes only.
-    Use it carefully.")
+    Warning: CONFIG_TIMER_RANDOM_GENERATOR and CONFIG_TEST_CSPRNG_GENERATOR are
+    not truly random generators. This capability is not secure and it is
+    provided for testing purposes only. Use it carefully.")
 endif()
 
 zephyr_library_sources_ifdef(CONFIG_TIMER_RANDOM_GENERATOR          random_timer.c)
 zephyr_library_sources_ifdef(CONFIG_XOSHIRO_RANDOM_GENERATOR        random_xoshiro128.c)
 zephyr_library_sources_ifdef(CONFIG_CTR_DRBG_CSPRNG_GENERATOR       random_ctr_drbg.c)
+zephyr_library_sources_ifdef(CONFIG_TEST_CSPRNG_GENERATOR           random_test_csprng.c)
 
 if (CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR OR CONFIG_HARDWARE_DEVICE_CS_GENERATOR)
 zephyr_library_sources(random_entropy_device.c)
diff --git a/subsys/random/Kconfig b/subsys/random/Kconfig
@@ -88,6 +88,7 @@ config CSPRNG_ENABLED
 choice CSPRNG_GENERATOR_CHOICE
 	prompt "Cryptographically secure random generator"
 	default HARDWARE_DEVICE_CS_GENERATOR
+	default TEST_CSPRNG_GENERATOR
 	help
 	  Platform dependent cryptographically secure random number support.
 
@@ -116,6 +117,13 @@ config CTR_DRBG_CSPRNG_GENERATOR
 	  is a FIPS140-2 recommended cryptographically secure random number
 	  generator.
 
+config TEST_CSPRNG_GENERATOR
+	bool "Use insecure CSPRNG for testing purposes"
+	depends on TEST_RANDOM_GENERATOR
+	help
+	  Route calls to `sys_csrand_get` through `sys_rand_get` to enable
+	  libraries that use the former to be tested with ZTEST.
+
 endchoice # CSPRNG_GENERATOR_CHOICE
 
 config CS_CTR_DRBG_PERSONALIZATION
diff --git a/subsys/random/random_test_csprng.c b/subsys/random/random_test_csprng.c
@@ -0,0 +1,13 @@
+/*
+ * Copyright (c) 2024 Embeint Inc
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include <zephyr/random/random.h>
+
+int z_impl_sys_csrand_get(void *dst, size_t outlen)
+{
+	sys_rand_get(dst, outlen);
+	return 0;
+}
