1# Random configuration options
2
3# Copyright (c) 2017 Intel Corporation
4# SPDX-License-Identifier: Apache-2.0
5
6menu "Random Number Generators"
7
8config TEST_RANDOM_GENERATOR
9	bool "Allow non-random number generator"
10	help
11	  This option signifies that a non-random number generator is allowed to
12	  be used and the kernel's random number APIs are permitted to return
13	  values that are not truly random.
14
15	  This capability is provided for testing purposes when a truly random
16	  number generator is not available. The non-random number generator
17	  should not be used in a production environment.
18
19	  This option is intended to be selected only by application-level
20	  configurations (e.g. in tests and samples) to indicate that the
21	  application is allowed to run with a random number generator that is not
22	  truly random. Board-level configurations must not select this option
23	  unless the sole purpose of the board is testing (e.g. QEMU emulation
24	  boards).
25
26	  Note that this option does not imply that a non-random number generator
27	  is selected -- that is indicated by RNG_GENERATOR_CHOICE. An entropy
28	  device-backed random number generator, if available, will be selected by
29	  default even when CONFIG_TEST_RANDOM_GENERATOR=y.
30
31config TIMER_RANDOM_INITIAL_STATE
32	int "Initial state used by clock based number generator"
33	default 123456789
34	help
35	  Initial state value used by TIMER_RANDOM_GENERATOR and
36	  early random number genenator.
37
38
39choice RNG_GENERATOR_CHOICE
40	prompt "Random generator"
41	default ENTROPY_DEVICE_RANDOM_GENERATOR if ENTROPY_HAS_DRIVER
42	default TIMER_RANDOM_GENERATOR if TEST_RANDOM_GENERATOR
43	depends on ENTROPY_HAS_DRIVER || TEST_RANDOM_GENERATOR
44	help
45	  Platform dependent non-cryptographically secure random number support.
46
47	  If the entropy support of the platform has sufficient performance
48	  to support random request then select that. Otherwise, select the
49	  XOSHIRO algorithm
50
51config TIMER_RANDOM_GENERATOR
52	bool "System timer clock based number generator"
53	depends on TEST_RANDOM_GENERATOR
54	help
55	  This options enables number generator based on system timer
56	  clock. This number generator is not random and used for
57	  testing only.
58
59config ENTROPY_DEVICE_RANDOM_GENERATOR
60	bool "Use entropy driver to generate random numbers"
61	depends on ENTROPY_HAS_DRIVER
62	help
63	  Enables a random number generator that uses the enabled hardware
64	  entropy gathering driver to generate random numbers. Should only be
65	  selected if hardware entropy driver is designed to be a random
66	  number generator source.
67
68config XOSHIRO_RANDOM_GENERATOR
69	bool "Use Xoshiro128++ as PRNG"
70	depends on ENTROPY_HAS_DRIVER
71	help
72	  Enables the Xoshiro128++ pseudo-random number generator, that uses
73	  the entropy driver as a seed source. This is a fast general-purpose
74	  non-cryptographically secure random number generator.
75
76endchoice # RNG_GENERATOR_CHOICE
77
78#
79# Implied dependency on a cryptographically secure entropy source when
80# enabling CS generators. ENTROPY_HAS_DRIVER is the flag indicating the
81# CS entropy source.
82#
83config CSPRNG_ENABLED
84	bool
85	default y
86	depends on ENTROPY_HAS_DRIVER
87
88choice CSPRNG_GENERATOR_CHOICE
89	prompt "Cryptographically secure random generator"
90	default HARDWARE_DEVICE_CS_GENERATOR
91	help
92	  Platform dependent cryptographically secure random number support.
93
94	  If the hardware entropy support of the platform has sufficient
95	  performance to support CSRNG then select that. Otherwise, select
96	  CTR-DRBG CSPRNG as that is a FIPS140-2 recommended CSPRNG.
97
98config HARDWARE_DEVICE_CS_GENERATOR
99	bool "Use hardware random driver for CS random numbers"
100	depends on ENTROPY_HAS_DRIVER
101	help
102	  Enables a cryptographically secure random number generator that
103	  uses the enabled hardware random number driver to generate
104	  random numbers.
105
106config CTR_DRBG_CSPRNG_GENERATOR
107	bool "Use CTR-DRBG CSPRNG"
108	depends on MBEDTLS || TINYCRYPT
109	depends on ENTROPY_HAS_DRIVER
110	select MBEDTLS_CIPHER_AES_ENABLED if MBEDTLS
111	select TINYCRYPT_CTR_PRNG if TINYCRYPT
112	select TINYCRYPT_AES if TINYCRYPT
113	help
114	  Enables the CTR-DRBG pseudo-random number generator. This CSPRNG
115	  shall use the entropy API for an initialization seed. The CTR-DRBG
116	  is a FIPS140-2 recommended cryptographically secure random number
117	  generator.
118
119endchoice # CSPRNG_GENERATOR_CHOICE
120
121config CS_CTR_DRBG_PERSONALIZATION
122	string "CTR-DRBG Personalization string"
123	default "zephyr ctr-drbg seed"
124	depends on CTR_DRBG_CSPRNG_GENERATOR
125	help
126	  Personalization data can be provided in addition to the entropy
127	  source to make the initialization of the CTR-DRBG as unique as
128	  possible.
129
130endmenu
131