zephyr/subsys/random/Kconfig

111 lines
3.6 KiB
Plaintext

# Random configuration options
# Copyright (c) 2017 Intel Corporation
# SPDX-License-Identifier: Apache-2.0
menu "Random Number Generators"
config TEST_RANDOM_GENERATOR
bool "Non-random number generator"
depends on !ENTROPY_HAS_DRIVER
help
This option signifies that the kernel's random number APIs are
permitted to return values that are not truly random.
This capability is provided for testing purposes, when a truly random
number generator is not available. The non-random number generator
should not be used in a production environment.
choice RNG_GENERATOR_CHOICE
prompt "Random generator"
default ENTROPY_DEVICE_RANDOM_GENERATOR
depends on ENTROPY_HAS_DRIVER || TEST_RANDOM_GENERATOR
help
Platform dependent non-cryptographically secure random number support.
If the entropy support of the platform has sufficient performance
to support random request then select that. Otherwise, select the
XOROSHIRO algorithm
config TIMER_RANDOM_GENERATOR
bool "System timer clock based number generator"
depends on TEST_RANDOM_GENERATOR
help
This options enables number generator based on system timer
clock. This number generator is not random and used for
testing only.
config ENTROPY_DEVICE_RANDOM_GENERATOR
bool "Use entropy driver to generate random numbers"
depends on ENTROPY_HAS_DRIVER
help
Enables a random number generator that uses the enabled hardware
entropy gathering driver to generate random numbers. Should only be
selected if hardware entropy driver is designed to be a random
number generator source.
config XOROSHIRO_RANDOM_GENERATOR
bool "Use Xoroshiro128+ as PRNG"
depends on ENTROPY_HAS_DRIVER
help
Enables the Xoroshiro128+ pseudo-random number generator, that uses
the entropy driver as a seed source. This is a fast non-cryptographically
secure random number generator.
It is so named because it uses 128 bits of state.
endchoice # RNG_GENERATOR_CHOICE
#
# Implied dependency on a cryptographically secure entropy source when
# enabling CS generators. ENTROPY_HAS_DRIVER is the flag indicating the
# CS entropy source.
#
config CSPRING_ENABLED
# bool "Cryptographically secure RNG functions enabled"
bool
default y
depends on ENTROPY_HAS_DRIVER
choice CSPRNG_GENERATOR_CHOICE
prompt "Cryptographically secure random generator"
default HARDWARE_DEVICE_CS_GENERATOR
help
Platform dependent cryptographically secure random number support.
If the hardware entropy support of the platform has sufficient
performance to support CSRNG then select that. Otherwise, select
CTR-DRBG CSPRNG as that is a FIPS140-2 recommmended CSPRNG.
config HARDWARE_DEVICE_CS_GENERATOR
bool "Use hardware random driver for CS random numbers"
depends on ENTROPY_HAS_DRIVER
help
Enables a cryptographically secure random number generator that
uses the enabled hardware random number driver to generate
random numbers.
config CTR_DRBG_CSPRNG_GENERATOR
bool "Use CTR-DRBG CSPRNG"
depends on MBEDTLS || TINYCRYPT
depends on ENTROPY_HAS_DRIVER
select TINYCRYPT_CTR_PRNG if TINYCRYPT
select TINYCRYPT_AES if TINYCRYPT
help
Enables the CTR-DRBG pseudo-random number generator. This CSPRNG
shall use the entropy API for an initialization seed. The CTR-DRBG
is a a FIPS140-2 recommended cryptographically secure random number
generator.
endchoice # CSPRNG_GENERATOR_CHOICE
config CS_CTR_DRBG_PERSONALIZATION
string "CTR-DRBG Personalization string"
default "zephyr ctr-drbg seed"
depends on CTR_DRBG_CSPRNG_GENERATOR
help
Personalization data can be provided in addition to the entropy
source to make the initialization of the CTR-DRBG as unique as
possible.
endmenu