111 lines
3.6 KiB
Plaintext
111 lines
3.6 KiB
Plaintext
# Random configuration options
|
|
|
|
# Copyright (c) 2017 Intel Corporation
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
menu "Random Number Generators"
|
|
|
|
config TEST_RANDOM_GENERATOR
|
|
bool "Non-random number generator"
|
|
depends on !ENTROPY_HAS_DRIVER
|
|
help
|
|
This option signifies that the kernel's random number APIs are
|
|
permitted to return values that are not truly random.
|
|
This capability is provided for testing purposes, when a truly random
|
|
number generator is not available. The non-random number generator
|
|
should not be used in a production environment.
|
|
|
|
choice RNG_GENERATOR_CHOICE
|
|
prompt "Random generator"
|
|
default ENTROPY_DEVICE_RANDOM_GENERATOR
|
|
depends on ENTROPY_HAS_DRIVER || TEST_RANDOM_GENERATOR
|
|
help
|
|
Platform dependent non-cryptographically secure random number support.
|
|
|
|
If the entropy support of the platform has sufficient performance
|
|
to support random request then select that. Otherwise, select the
|
|
XOROSHIRO algorithm
|
|
|
|
config TIMER_RANDOM_GENERATOR
|
|
bool "System timer clock based number generator"
|
|
depends on TEST_RANDOM_GENERATOR
|
|
help
|
|
This options enables number generator based on system timer
|
|
clock. This number generator is not random and used for
|
|
testing only.
|
|
|
|
config ENTROPY_DEVICE_RANDOM_GENERATOR
|
|
bool "Use entropy driver to generate random numbers"
|
|
depends on ENTROPY_HAS_DRIVER
|
|
help
|
|
Enables a random number generator that uses the enabled hardware
|
|
entropy gathering driver to generate random numbers. Should only be
|
|
selected if hardware entropy driver is designed to be a random
|
|
number generator source.
|
|
|
|
config XOROSHIRO_RANDOM_GENERATOR
|
|
bool "Use Xoroshiro128+ as PRNG"
|
|
depends on ENTROPY_HAS_DRIVER
|
|
help
|
|
Enables the Xoroshiro128+ pseudo-random number generator, that uses
|
|
the entropy driver as a seed source. This is a fast non-cryptographically
|
|
secure random number generator.
|
|
|
|
It is so named because it uses 128 bits of state.
|
|
|
|
endchoice # RNG_GENERATOR_CHOICE
|
|
|
|
#
|
|
# Implied dependency on a cryptographically secure entropy source when
|
|
# enabling CS generators. ENTROPY_HAS_DRIVER is the flag indicating the
|
|
# CS entropy source.
|
|
#
|
|
config CSPRING_ENABLED
|
|
# bool "Cryptographically secure RNG functions enabled"
|
|
bool
|
|
default y
|
|
depends on ENTROPY_HAS_DRIVER
|
|
|
|
choice CSPRNG_GENERATOR_CHOICE
|
|
prompt "Cryptographically secure random generator"
|
|
default HARDWARE_DEVICE_CS_GENERATOR
|
|
help
|
|
Platform dependent cryptographically secure random number support.
|
|
|
|
If the hardware entropy support of the platform has sufficient
|
|
performance to support CSRNG then select that. Otherwise, select
|
|
CTR-DRBG CSPRNG as that is a FIPS140-2 recommmended CSPRNG.
|
|
|
|
config HARDWARE_DEVICE_CS_GENERATOR
|
|
bool "Use hardware random driver for CS random numbers"
|
|
depends on ENTROPY_HAS_DRIVER
|
|
help
|
|
Enables a cryptographically secure random number generator that
|
|
uses the enabled hardware random number driver to generate
|
|
random numbers.
|
|
|
|
config CTR_DRBG_CSPRNG_GENERATOR
|
|
bool "Use CTR-DRBG CSPRNG"
|
|
depends on MBEDTLS || TINYCRYPT
|
|
depends on ENTROPY_HAS_DRIVER
|
|
select TINYCRYPT_CTR_PRNG if TINYCRYPT
|
|
select TINYCRYPT_AES if TINYCRYPT
|
|
help
|
|
Enables the CTR-DRBG pseudo-random number generator. This CSPRNG
|
|
shall use the entropy API for an initialization seed. The CTR-DRBG
|
|
is a a FIPS140-2 recommended cryptographically secure random number
|
|
generator.
|
|
|
|
endchoice # CSPRNG_GENERATOR_CHOICE
|
|
|
|
config CS_CTR_DRBG_PERSONALIZATION
|
|
string "CTR-DRBG Personalization string"
|
|
default "zephyr ctr-drbg seed"
|
|
depends on CTR_DRBG_CSPRNG_GENERATOR
|
|
help
|
|
Personalization data can be provided in addition to the entropy
|
|
source to make the initialization of the CTR-DRBG as unique as
|
|
possible.
|
|
|
|
endmenu
|