# Random configuration options # Copyright (c) 2017 Intel Corporation # SPDX-License-Identifier: Apache-2.0 menu "Random Number Generators" config TEST_RANDOM_GENERATOR bool "Non-random number generator" depends on !ENTROPY_HAS_DRIVER help This option signifies that the kernel's random number APIs are permitted to return values that are not truly random. This capability is provided for testing purposes, when a truly random number generator is not available. The non-random number generator should not be used in a production environment. choice RNG_GENERATOR_CHOICE prompt "Random generator" default ENTROPY_DEVICE_RANDOM_GENERATOR depends on ENTROPY_HAS_DRIVER || TEST_RANDOM_GENERATOR help Platform dependent non-cryptographically secure random number support. If the entropy support of the platform has sufficient performance to support random request then select that. Otherwise, select the XOSHIRO algorithm config TIMER_RANDOM_GENERATOR bool "System timer clock based number generator" depends on TEST_RANDOM_GENERATOR help This options enables number generator based on system timer clock. This number generator is not random and used for testing only. config ENTROPY_DEVICE_RANDOM_GENERATOR bool "Use entropy driver to generate random numbers" depends on ENTROPY_HAS_DRIVER help Enables a random number generator that uses the enabled hardware entropy gathering driver to generate random numbers. Should only be selected if hardware entropy driver is designed to be a random number generator source. config XOROSHIRO_RANDOM_GENERATOR bool "Use Xoroshiro128+ as PRNG (DEPRECATED)" help This is deprecated, please use XOSHIRO_RANDOM_GENERATOR instead. config XOSHIRO_RANDOM_GENERATOR bool "Use Xoshiro128++ as PRNG" depends on ENTROPY_HAS_DRIVER help Enables the Xoshiro128++ pseudo-random number generator, that uses the entropy driver as a seed source. This is a fast general-purpose non-cryptographically secure random number generator. endchoice # RNG_GENERATOR_CHOICE # # Implied dependency on a cryptographically secure entropy source when # enabling CS generators. ENTROPY_HAS_DRIVER is the flag indicating the # CS entropy source. # config CSPRING_ENABLED # bool "Cryptographically secure RNG functions enabled" bool default y depends on ENTROPY_HAS_DRIVER choice CSPRNG_GENERATOR_CHOICE prompt "Cryptographically secure random generator" default HARDWARE_DEVICE_CS_GENERATOR help Platform dependent cryptographically secure random number support. If the hardware entropy support of the platform has sufficient performance to support CSRNG then select that. Otherwise, select CTR-DRBG CSPRNG as that is a FIPS140-2 recommmended CSPRNG. config HARDWARE_DEVICE_CS_GENERATOR bool "Use hardware random driver for CS random numbers" depends on ENTROPY_HAS_DRIVER help Enables a cryptographically secure random number generator that uses the enabled hardware random number driver to generate random numbers. config CTR_DRBG_CSPRNG_GENERATOR bool "Use CTR-DRBG CSPRNG" depends on MBEDTLS || TINYCRYPT depends on ENTROPY_HAS_DRIVER select TINYCRYPT_CTR_PRNG if TINYCRYPT select TINYCRYPT_AES if TINYCRYPT help Enables the CTR-DRBG pseudo-random number generator. This CSPRNG shall use the entropy API for an initialization seed. The CTR-DRBG is a a FIPS140-2 recommended cryptographically secure random number generator. endchoice # CSPRNG_GENERATOR_CHOICE config CS_CTR_DRBG_PERSONALIZATION string "CTR-DRBG Personalization string" default "zephyr ctr-drbg seed" depends on CTR_DRBG_CSPRNG_GENERATOR help Personalization data can be provided in addition to the entropy source to make the initialization of the CTR-DRBG as unique as possible. endmenu