| # Random configuration options |
| |
| # Copyright (c) 2017 Intel Corporation |
| # SPDX-License-Identifier: Apache-2.0 |
| |
| menu "Random Number Generators" |
| |
| config TEST_RANDOM_GENERATOR |
| bool "Allow non-random number generator" |
| help |
| This option signifies that a non-random number generator is allowed to |
| be used and the kernel's random number APIs are permitted to return |
| values that are not truly random. |
| |
| This capability is provided for testing purposes when a truly random |
| number generator is not available. The non-random number generator |
| should not be used in a production environment. |
| |
| This option is intended to be selected only by application-level |
| configurations (e.g. in tests and samples) to indicate that the |
| application is allowed to run with a random number generator that is not |
| truly random. Board-level configurations must not select this option |
| unless the sole purpose of the board is testing (e.g. QEMU emulation |
| boards). |
| |
| Note that this option does not imply that a non-random number generator |
| is selected -- that is indicated by RNG_GENERATOR_CHOICE. An entropy |
| device-backed random number generator, if available, will be selected by |
| default even when CONFIG_TEST_RANDOM_GENERATOR=y. |
| |
| config TIMER_RANDOM_INITIAL_STATE |
| int "Initial state used by clock based number generator" |
| default 123456789 |
| help |
| Initial state value used by TIMER_RANDOM_GENERATOR and |
| early random number genenator. |
| |
| |
| choice RNG_GENERATOR_CHOICE |
| prompt "Random generator" |
| default ENTROPY_DEVICE_RANDOM_GENERATOR if ENTROPY_HAS_DRIVER |
| default TIMER_RANDOM_GENERATOR if TEST_RANDOM_GENERATOR |
| depends on ENTROPY_HAS_DRIVER || TEST_RANDOM_GENERATOR |
| help |
| Platform dependent non-cryptographically secure random number support. |
| |
| If the entropy support of the platform has sufficient performance |
| to support random request then select that. Otherwise, select the |
| XOSHIRO algorithm |
| |
| config TIMER_RANDOM_GENERATOR |
| bool "System timer clock based number generator" |
| depends on TEST_RANDOM_GENERATOR |
| help |
| This options enables number generator based on system timer |
| clock. This number generator is not random and used for |
| testing only. |
| |
| config ENTROPY_DEVICE_RANDOM_GENERATOR |
| bool "Use entropy driver to generate random numbers" |
| depends on ENTROPY_HAS_DRIVER |
| help |
| Enables a random number generator that uses the enabled hardware |
| entropy gathering driver to generate random numbers. Should only be |
| selected if hardware entropy driver is designed to be a random |
| number generator source. |
| |
| config XOSHIRO_RANDOM_GENERATOR |
| bool "Use Xoshiro128++ as PRNG" |
| depends on ENTROPY_HAS_DRIVER |
| help |
| Enables the Xoshiro128++ pseudo-random number generator, that uses |
| the entropy driver as a seed source. This is a fast general-purpose |
| non-cryptographically secure random number generator. |
| |
| endchoice # RNG_GENERATOR_CHOICE |
| |
| # |
| # Implied dependency on a cryptographically secure entropy source when |
| # enabling CS generators. ENTROPY_HAS_DRIVER is the flag indicating the |
| # CS entropy source. |
| # |
| config CSPRNG_ENABLED |
| bool |
| default y |
| depends on ENTROPY_HAS_DRIVER |
| |
| choice CSPRNG_GENERATOR_CHOICE |
| prompt "Cryptographically secure random generator" |
| default HARDWARE_DEVICE_CS_GENERATOR |
| default TEST_CSPRNG_GENERATOR |
| help |
| Platform dependent cryptographically secure random number support. |
| |
| If the hardware entropy support of the platform has sufficient |
| performance to support CSRNG then select that. Otherwise, select |
| CTR-DRBG CSPRNG as that is a FIPS140-2 recommended CSPRNG. |
| |
| config HARDWARE_DEVICE_CS_GENERATOR |
| bool "Use hardware random driver for CS random numbers" |
| depends on ENTROPY_HAS_DRIVER |
| help |
| Enables a cryptographically secure random number generator that |
| uses the enabled hardware random number driver to generate |
| random numbers. |
| |
| config CTR_DRBG_CSPRNG_GENERATOR |
| bool "Use CTR-DRBG CSPRNG" |
| depends on MBEDTLS |
| depends on ENTROPY_HAS_DRIVER |
| select MBEDTLS_CIPHER_AES_ENABLED |
| help |
| Enables the CTR-DRBG pseudo-random number generator. This CSPRNG |
| shall use the entropy API for an initialization seed. The CTR-DRBG |
| is a FIPS140-2 recommended cryptographically secure random number |
| generator. |
| |
| config TEST_CSPRNG_GENERATOR |
| bool "Use insecure CSPRNG for testing purposes" |
| depends on TEST_RANDOM_GENERATOR |
| help |
| Route calls to `sys_csrand_get` through `sys_rand_get` to enable |
| libraries that use the former to be tested with ZTEST. |
| |
| endchoice # CSPRNG_GENERATOR_CHOICE |
| |
| config CS_CTR_DRBG_PERSONALIZATION |
| string "CTR-DRBG Personalization string" |
| default "zephyr ctr-drbg seed" |
| depends on CTR_DRBG_CSPRNG_GENERATOR |
| help |
| Personalization data can be provided in addition to the entropy |
| source to make the initialization of the CTR-DRBG as unique as |
| possible. |
| |
| endmenu |