# Random configuration options

# Copyright (c) 2017 Intel Corporation
# SPDX-License-Identifier: Apache-2.0

menu "Random Number Generators"

config TEST_RANDOM_GENERATOR
	bool "Non-random number generator"
	depends on !ENTROPY_HAS_DRIVER
	help
	  This option signifies that the kernel's random number APIs are
	  permitted to return values that are not truly random.
	  This capability is provided for testing purposes, when a truly random
	  number generator is not available. The non-random number generator
	  should not be used in a production environment.

choice RNG_GENERATOR_CHOICE
	prompt "Random generator"
	default ENTROPY_DEVICE_RANDOM_GENERATOR
	depends on ENTROPY_HAS_DRIVER || TEST_RANDOM_GENERATOR
	help
	  Platform dependent non-cryptographically secure random number support.

	  If the entropy support of the platform has sufficient performance
	  to support random request then select that. Otherwise, select the
	  XOSHIRO algorithm

config TIMER_RANDOM_GENERATOR
	bool "System timer clock based number generator"
	depends on TEST_RANDOM_GENERATOR
	help
	  This options enables number generator based on system timer
	  clock. This number generator is not random and used for
	  testing only.

config ENTROPY_DEVICE_RANDOM_GENERATOR
	bool "Use entropy driver to generate random numbers"
	depends on ENTROPY_HAS_DRIVER
	help
	  Enables a random number generator that uses the enabled hardware
	  entropy gathering driver to generate random numbers. Should only be
	  selected if hardware entropy driver is designed to be a random
	  number generator source.

config XOROSHIRO_RANDOM_GENERATOR
	bool "Use Xoroshiro128+ as PRNG (DEPRECATED)"
	help
	  This is deprecated, please use XOSHIRO_RANDOM_GENERATOR instead.

config XOSHIRO_RANDOM_GENERATOR
	bool "Use Xoshiro128++ as PRNG"
	depends on ENTROPY_HAS_DRIVER
	help
	  Enables the Xoshiro128++ pseudo-random number generator, that uses
	  the entropy driver as a seed source. This is a fast general-purpose
	  non-cryptographically secure random number generator.

endchoice # RNG_GENERATOR_CHOICE

#
# Implied dependency on a cryptographically secure entropy source when
# enabling CS generators. ENTROPY_HAS_DRIVER is the flag indicating the
# CS entropy source.
#
config CSPRING_ENABLED
#	bool "Cryptographically secure RNG functions enabled"
	bool
	default y
	depends on ENTROPY_HAS_DRIVER

choice CSPRNG_GENERATOR_CHOICE
	prompt "Cryptographically secure random generator"
	default HARDWARE_DEVICE_CS_GENERATOR
	help
	  Platform dependent cryptographically secure random number support.

	  If the hardware entropy support of the platform has sufficient
	  performance to support CSRNG then select that. Otherwise, select
	  CTR-DRBG CSPRNG as that is a FIPS140-2 recommmended CSPRNG.

config HARDWARE_DEVICE_CS_GENERATOR
	bool "Use hardware random driver for CS random numbers"
	depends on ENTROPY_HAS_DRIVER
	help
	  Enables a cryptographically secure random number generator that
	  uses the enabled hardware random number driver to generate
	  random numbers.

config CTR_DRBG_CSPRNG_GENERATOR
	bool "Use CTR-DRBG CSPRNG"
	depends on MBEDTLS || TINYCRYPT
	depends on ENTROPY_HAS_DRIVER
	select TINYCRYPT_CTR_PRNG if TINYCRYPT
	select TINYCRYPT_AES if TINYCRYPT
	help
	  Enables the CTR-DRBG pseudo-random number generator. This CSPRNG
	  shall use the entropy API for an initialization seed. The CTR-DRBG
	  is a a FIPS140-2 recommended cryptographically secure random number
	  generator.

endchoice # CSPRNG_GENERATOR_CHOICE

config CS_CTR_DRBG_PERSONALIZATION
	string "CTR-DRBG Personalization string"
	default "zephyr ctr-drbg seed"
	depends on CTR_DRBG_CSPRNG_GENERATOR
	help
	  Personalization data can be provided in addition to the entropy
	  source to make the initialization of the CTR-DRBG as unique as
	  possible.

endmenu