nuttx/drivers/crypto/Kconfig
2023-09-09 15:54:08 +08:00

134 lines
3.5 KiB
Plaintext

#
# For a description of the syntax of this configuration file,
# see the file kconfig-language.txt in the NuttX tools repository.
#
config ARCH_HAVE_RNG
bool
config DEV_RANDOM
bool "Enable /dev/random"
default y
depends on ARCH_HAVE_RNG
---help---
Enable support for /dev/random provided by a hardware TRNG.
config DEV_URANDOM
bool "Enable /dev/urandom"
default n
---help---
Enable support for /dev/urandom provided by either a hardware TRNG or
by a software PRNG implementation.
NOTE: This option may not be cryptographially secure and should not
be enabled if you are concerned about cyptographically secure
pseudo-random numbers (CPRNG) and do not know the characteristics
of the software PRNG implementation!
if DEV_URANDOM
choice
prompt "/dev/urandom algorithm"
default DEV_URANDOM_ARCH if ARCH_HAVE_RNG
default DEV_URANDOM_XORSHIFT128 if !ARCH_HAVE_RNG
config DEV_URANDOM_XORSHIFT128
bool "xorshift128"
---help---
xorshift128 is a pseudorandom number generator that is simple,
portable, and can also be used on 8-bit and 16-bit MCUs.
NOTE: Not cyptographically secure
config DEV_URANDOM_CONGRUENTIAL
bool "Congruential"
---help---
Use the same congruential general used with srand(). This algorithm
is computationally more intense and uses double precision floating
point. NOTE: Good randomness from the congruential generator also
requires that you also select CONFIG_LIBC_RAND_ORDER > 2
NOTE: Not cyptographically secure
config DEV_URANDOM_RANDOM_POOL
bool "Entropy pool"
depends on CRYPTO_RANDOM_POOL
---help---
Use the entropy pool CPRNG output for urandom algorithm.
NOTE: May or may not be cyptographically secure, depending upon the
quality entropy available to entropy pool.
config DEV_URANDOM_ARCH
bool "Architecture-specific"
depends on ARCH_HAVE_RNG
---help---
The implementation of /dev/urandom is provided in archtecture-
specific logic using hardware TRNG logic. architecture-specific
logic must provide the whole implementation in this case, including
the function devurandom_register(). In this case, /dev/urandom may
refer to the same driver as /dev/random.
NOTE: May or may not be cyptographically secure, depending upon the
implementation.
endchoice # /dev/urandom algorithm
endif # DEV_URANDOM
menuconfig DEV_SE05X
bool "Enable secure element (SE05X)"
depends on I2C
depends on CRYPTO
default n
---help---
Enable support for /dev/se05x secure element provided by NXP SE050
or SE051
if DEV_SE05X
choice
prompt "Channel communication interface"
default DEV_SE05X_PLAIN
---help---
Select authentication method
config DEV_SE05X_SCP03
bool "SCP03 secure channel (TBI)"
select CRYPTO_RANDOM_POOL
select CRYPTO_AES
config DEV_SE05X_PLAIN
bool "plain communication"
endchoice
config DEV_SE05X_SCP03_KEY_FILE
string "SCP03 keys"
depends on DEV_SE05X_SCP03
default "/host/path/to/key_file"
---help---
Specify file containing the keys needed with SCP03 channel authentication.
Location may be relative to the NuttX root folder. File should contain
the definitions for SCP03_ENC_KEY, SCP03_MAC_KEY and SCP03_DEK_KEY as
byte array initializers.
choice SE05X_LOG_LEVEL
prompt "SE05x debug log level"
default SE05X_LOG_NONE
---help---
The SE05x log is divided into the following levels: ERROR,WARNING,INFO,DEBUG.
config SE05X_LOG_NONE
bool "No output"
config SE05X_LOG_ERROR
bool "Error"
config SE05X_LOG_WARNING
bool "Warning"
config SE05X_LOG_INFO
bool "Info"
config SE05X_LOG_DEBUG
bool "Debug"
endchoice
endif #DEV_SE05X