1# Random configuration options
2
3# Copyright (c) 2017 Intel Corporation
4# SPDX-License-Identifier: Apache-2.0
5
6menu "Random Number Generators"
7
8config TEST_RANDOM_GENERATOR
9	bool "Allow non-random number generator"
10	help
11	  This option signifies that a non-random number generator is allowed to
12	  be used and the kernel's random number APIs are permitted to return
13	  values that are not truly random.
14
15	  This capability is provided for testing purposes when a truly random
16	  number generator is not available. The non-random number generator
17	  should not be used in a production environment.
18
19	  This option is intended to be selected only by application-level
20	  configurations (e.g. in tests and samples) to indicate that the
21	  application is allowed to run with a random number generator that is not
22	  truly random. Board-level configurations must not select this option
23	  unless the sole purpose of the board is testing (e.g. QEMU emulation
24	  boards).
25
26	  Note that this option does not imply that a non-random number generator
27	  is selected -- that is indicated by RNG_GENERATOR_CHOICE. An entropy
28	  device-backed random number generator, if available, will be selected by
29	  default even when CONFIG_TEST_RANDOM_GENERATOR=y.
30
31choice RNG_GENERATOR_CHOICE
32	prompt "Random generator"
33	default ENTROPY_DEVICE_RANDOM_GENERATOR if ENTROPY_HAS_DRIVER
34	default TIMER_RANDOM_GENERATOR if TEST_RANDOM_GENERATOR
35	depends on ENTROPY_HAS_DRIVER || TEST_RANDOM_GENERATOR
36	help
37	  Platform dependent non-cryptographically secure random number support.
38
39	  If the entropy support of the platform has sufficient performance
40	  to support random request then select that. Otherwise, select the
41	  XOSHIRO algorithm
42
43config TIMER_RANDOM_GENERATOR
44	bool "System timer clock based number generator"
45	depends on TEST_RANDOM_GENERATOR
46	help
47	  This options enables number generator based on system timer
48	  clock. This number generator is not random and used for
49	  testing only.
50
51config ENTROPY_DEVICE_RANDOM_GENERATOR
52	bool "Use entropy driver to generate random numbers"
53	depends on ENTROPY_HAS_DRIVER
54	help
55	  Enables a random number generator that uses the enabled hardware
56	  entropy gathering driver to generate random numbers. Should only be
57	  selected if hardware entropy driver is designed to be a random
58	  number generator source.
59
60config XOROSHIRO_RANDOM_GENERATOR
61	bool "Use Xoroshiro128+ as PRNG (DEPRECATED)"
62	help
63	  This is deprecated, please use XOSHIRO_RANDOM_GENERATOR instead.
64
65config XOSHIRO_RANDOM_GENERATOR
66	bool "Use Xoshiro128++ as PRNG"
67	depends on ENTROPY_HAS_DRIVER
68	help
69	  Enables the Xoshiro128++ pseudo-random number generator, that uses
70	  the entropy driver as a seed source. This is a fast general-purpose
71	  non-cryptographically secure random number generator.
72
73endchoice # RNG_GENERATOR_CHOICE
74
75#
76# Implied dependency on a cryptographically secure entropy source when
77# enabling CS generators. ENTROPY_HAS_DRIVER is the flag indicating the
78# CS entropy source.
79#
80config CSPRING_ENABLED
81#	bool "Cryptographically secure RNG functions enabled"
82	bool
83	default y
84	depends on ENTROPY_HAS_DRIVER
85
86choice CSPRNG_GENERATOR_CHOICE
87	prompt "Cryptographically secure random generator"
88	default HARDWARE_DEVICE_CS_GENERATOR
89	help
90	  Platform dependent cryptographically secure random number support.
91
92	  If the hardware entropy support of the platform has sufficient
93	  performance to support CSRNG then select that. Otherwise, select
94	  CTR-DRBG CSPRNG as that is a FIPS140-2 recommended CSPRNG.
95
96config HARDWARE_DEVICE_CS_GENERATOR
97	bool "Use hardware random driver for CS random numbers"
98	depends on ENTROPY_HAS_DRIVER
99	help
100	  Enables a cryptographically secure random number generator that
101	  uses the enabled hardware random number driver to generate
102	  random numbers.
103
104config CTR_DRBG_CSPRNG_GENERATOR
105	bool "Use CTR-DRBG CSPRNG"
106	depends on MBEDTLS || TINYCRYPT
107	depends on ENTROPY_HAS_DRIVER
108	select TINYCRYPT_CTR_PRNG if TINYCRYPT
109	select TINYCRYPT_AES if TINYCRYPT
110	help
111	  Enables the CTR-DRBG pseudo-random number generator. This CSPRNG
112	  shall use the entropy API for an initialization seed. The CTR-DRBG
113	  is a a FIPS140-2 recommended cryptographically secure random number
114	  generator.
115
116endchoice # CSPRNG_GENERATOR_CHOICE
117
118config CS_CTR_DRBG_PERSONALIZATION
119	string "CTR-DRBG Personalization string"
120	default "zephyr ctr-drbg seed"
121	depends on CTR_DRBG_CSPRNG_GENERATOR
122	help
123	  Personalization data can be provided in addition to the entropy
124	  source to make the initialization of the CTR-DRBG as unique as
125	  possible.
126
127endmenu
128