mirror of
https://github.com/apache/nuttx.git
synced 2026-06-05 07:12:54 +08:00
Add entropy pool and strong random number generator
Entropy pool gathers environmental noise from device drivers, user-space, etc., and returns good random numbers, suitable for cryptographic use. Based on entropy pool design from *BSDs and uses BLAKE2Xs algorithm for CSPRNG output. Patch also adds /dev/urandom support for using entropy pool RNG and new 'getrandom' system call for getting randomness without file-descriptor usage (thus avoiding file-descriptor exhaustion attacks). The 'getrandom' interface is similar as 'getentropy' and 'getrandom' available on OpenBSD and Linux respectively.
This commit is contained in:
Jussi Kivilinna
committed by
Gregory Nutt
Gregory Nutt
parent
21545ab643
commit
dffb8a67e3
@@ -50,4 +50,35 @@ config CRYPTO_SW_AES
|
||||
implemenations. This needs to support up_aesinitialize() and
|
||||
aes_cypher() per include/nuttx/crypto/crypto.h.
|
||||
|
||||
config CRYPTO_BLAKE2S
|
||||
bool "BLAKE2s hash algorithm"
|
||||
default n
|
||||
---help---
|
||||
Enable the BLAKE2s hash algorithm
|
||||
|
||||
config CRYPTO_RANDOM_POOL
|
||||
bool "Entropy pool and strong randon number generator"
|
||||
default n
|
||||
select CRYPTO_BLAKE2S
|
||||
---help---
|
||||
Entropy pool gathers environmental noise from device drivers,
|
||||
user-space, etc., and returns good random numbers, suitable
|
||||
for cryptographic use. Based on entropy pool design from
|
||||
*BSDs and uses BLAKE2Xs algorithm for CSPRNG output.
|
||||
|
||||
NOTE: May not actually be cyptographically secure, if
|
||||
not enough entropy is made available to the entropy pool.
|
||||
|
||||
if CRYPTO_RANDOM_POOL
|
||||
|
||||
config CRYPTO_RANDOM_POOL_COLLECT_IRQ_RANDOMNESS
|
||||
bool "Use interrupts to feed timing randomness to entropy pool"
|
||||
default y
|
||||
---help---
|
||||
Feed entropy pool with interrupt randomness from interrupt
|
||||
dispatch function 'irq_dispatch'. This adds some overhead
|
||||
for every interrupt handled.
|
||||
|
||||
endif # CRYPTO_RANDOM_POOL
|
||||
|
||||
endif # CRYPTO
|
||||
|
||||
+13
-1
@@ -56,6 +56,18 @@ ifeq ($(CONFIG_CRYPTO_SW_AES),y)
|
||||
CRYPTO_CSRCS += aes.c
|
||||
endif
|
||||
|
||||
# BLAKE2s hash algorithm
|
||||
|
||||
ifeq ($(CONFIG_CRYPTO_BLAKE2S),y)
|
||||
CRYPTO_CSRCS += blake2s.c
|
||||
endif
|
||||
|
||||
# Entropy pool random number generator
|
||||
|
||||
ifeq ($(CONFIG_CRYPTO_RANDOM_POOL),y)
|
||||
CRYPTO_CSRCS += random_pool.c
|
||||
endif
|
||||
|
||||
endif # CONFIG_CRYPTO
|
||||
|
||||
ASRCS = $(CRYPTO_ASRCS)
|
||||
@@ -97,4 +109,4 @@ distclean: clean
|
||||
$(call DELFILE, Make.dep)
|
||||
$(call DELFILE, .depend)
|
||||
|
||||
-include Make.dep
|
||||
-include Make.dep
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user