| Message ID | 20220817232057.73643-11-elliott@hpe.com |
|---|---|
| State | New |
| Headers | show |
| Series | crypto: Kconfig - simplify menus and help text | expand |
On Wed, Aug 17, 2022 at 06:20:57PM -0500, Robert Elliott wrote: > Convert each comment section into a submenu: > Cryptographic API > Crypto core or helper > Public-key cryptography > AEAD (Authenticated Encryption with Associated Data) ciphers > Block modes > Hash modes > Digests > Ciphers > Compression > Random Number Generation > User-space interface Thanks for doing this! Some of these proposed categories are confusing. By "hash mode" you mean a mode that operates as a hash, not that uses a hash, right? (CMAC is included.) So what is "block mode", then? And what's the difference between that and "ciphers"? What about modes that use both a hash and a block cipher, like Adiantum and HCTR2? And there is a category for "Ciphers", but then a category at the same level for "AEAD ciphers"? Some of the naming used in the code is poor, which is unfortunate and is not your fault, e.g. crypto_cipher really should be crypto_blockcipher. But this doesn't need to be carried through in these new menus. Just brainstorming, how about the following: * Block ciphers => i.e. crypto_cipher algorithms * AEAD (Authenticated Encryption with Associated Data) ciphers => i.e. crypto_aead algorithms (and templates) * Length-preserving symmetric ciphers => i.e. crypto_skcipher algorithms (and templates) * Digests and MACs => i.e. crypto_shash and crypto_ahash algorithms (and templates) Those 4 categories would replace your 5 categories "AEAD ciphers", "Block modes", "Hash modes", "Digests", and "Ciphers". CRYPTO_AUTHENC would go in the AEAD ciphers category, while CRYPTO_ESSIV would go in length-preserving symmetric ciphers. (CRYPTO_ESSIV registers a crypto_aead too, for a weird reason, but that is an obscure case not worth worrying about.) CRYPTO_CHACHA would go in length-preserving symmetric ciphers since it's a stream cipher. - Eric
> -----Original Message----- > From: Eric Biggers <ebiggers@kernel.org> > Sent: Wednesday, August 17, 2022 11:44 PM > To: Elliott, Robert (Servers) <elliott@hpe.com> > Cc: herbert@gondor.apana.org.au; davem@davemloft.net; linux- > crypto@vger.kernel.org; linux-kernel@vger.kernel.org > Subject: Re: [PATCH v2 10/10] crypto: Kconfig - add submenus > > On Wed, Aug 17, 2022 at 06:20:57PM -0500, Robert Elliott wrote: > > Convert each comment section into a submenu: > > Cryptographic API > > Crypto core or helper > > Public-key cryptography > > AEAD (Authenticated Encryption with Associated Data) ciphers > > Block modes > > Hash modes > > Digests > > Ciphers > > Compression > > Random Number Generation > > User-space interface > > Thanks for doing this! > > Some of these proposed categories are confusing. By "hash mode" you > mean a mode that operates as a hash, not that uses a hash, right? > (CMAC is included.) > So what is "block mode", then? And what's the difference between that and > "ciphers"? What about modes that use both a hash and a block cipher, > like Adiantum and HCTR2? And there is a category for "Ciphers", but then a > category at the same level for "AEAD ciphers"? > > Some of the naming used in the code is poor, which is unfortunate and > is not your fault, e.g. crypto_cipher really should be crypto_blockcipher. > But this doesn't need to be carried through in these new menus. Yeah, those are just the way the existing comment sections were structured. I'm all for improving the structure. > > Just brainstorming, how about the following: > > * Block ciphers > => i.e. crypto_cipher algorithms This could be characterized as algorithms that are length preserving, but only processes one block. > * AEAD (Authenticated Encryption with Associated Data) ciphers > => i.e. crypto_aead algorithms (and templates) That could be viewed as any algorithm or template that has output size > input size > * Length-preserving symmetric ciphers > => i.e. crypto_skcipher algorithms (and templates) That could be viewed as any algorithm or template that processes more than one block and has: output size = input size > * Digests and MACs > => i.e. crypto_shash and crypto_ahash algorithms (and templates) That could be viewed as any algorithm or template with output size < input size There are a lot of digests now (20). We could move the 4 CRC algorithms into their own category since they're not really cryptographic, which would make space for the MACs. > Those 4 categories would replace your 5 categories "AEAD ciphers", > "Block modes", "Hash modes", "Digests", and "Ciphers". > > CRYPTO_AUTHENC would go in the AEAD ciphers category, while > CRYPTO_ESSIV would go in length-preserving symmetric ciphers. > (CRYPTO_ESSIV registers a crypto_aead too, for a weird reason, but that > is an obscure case not worth worrying about.) CRYPTO_CHACHA would go > in length-preserving symmetric ciphers since it's a stream cipher. These are the module and driver names in each current section: Crypto core or helper Module: fips Module(s): crypto_null Module(s): pcrypt Driver(s): pcrypt(...) Module(s): cryptd Driver(s): cryptd(...) Module(s): authenc Driver(s): authenc(...) Module(s): tcrypt Public-key cryptography Module(s): rsa_generic Driver(s): rsa-generic Module(s): dh_generic Driver(s): dh-generic Module(s): ecdh_generic Driver(s): ecdh-nist-p192-generic, ecdh-nist-p256-generic, ecdh-nist-p384-generic Module(s): ecdsa_generic Driver(s): ecdsa-nist-p384-generic, ecdsa-nist-p256-generic, ecdsa-nist-p192-generic Module(s): ecrdsa_generic Driver(s): ecrdsa-generic Module(s): sm2_generic Driver(s): sm2-generic Module(s): curve25519-generic Driver(s): curve25519-generic AEAD (Authenticated Encryption with Associated Data) ciphers Module(s): ccm Driver(s): ccm_base(...), rfc4309(...) Module(s): gcm Driver(s): gcm_base(...), rfc4106(...), rfc4543(...) Module(s): chacha20poly1305 Driver(s): rfc7539(...), rfc7539esp(...) Module(s): aegis128 Driver(s): aegis128-generic Module(s): aegis128 Driver(s): aegis128-simd Module(s): seqiv Driver(s): seqiv(...) Module(s): echainiv Driver(s): echainiv(...) Module(s): essiv Driver(s): essiv(...) Block modes Module(s): cbc Driver(s): cbc(...) Module(s): cfb Driver(s): cfb(...) Module(s): ctr Driver(s): ctr(...), rfc3686(...) Module(s): cts Driver(s): cts(...) Module(s): ecb Driver(s): ecb(...) Module(s): lrw Driver(s): lrw(...) Module(s): ofb Driver(s): ofb(...) Module(s): pcbc Driver(s): pcbc(...) Module(s): xts Driver(s): xts(...) Module(s): keywrap Driver(s): kw(...) Module(s): nhpoly1305 Driver(s): nhpoly1305-generic Module(s): adiantum Driver(s): adiantum(...) Hash modes Module(s): cmac Driver(s): cmac(...) Module(s): hmac Driver(s): hmac(...) Module(s): xcbc Driver(s): xcbc(...) Module(s): vmac Driver(s): vmac64(...) Digests Module(s): crc32c_generic Driver(s): crc32c-generic Module(s): crc32_generic Driver(s): crc32-generic Module(s): crct10dif_generic Driver(s): crct10dif-generic Module(s): crc64_rocksoft_generic Driver(s): crc64-rocksoft-generic Module(s): blake2b Driver(s): blake2b-160-generic, blake2b-256-generic, blake2b-384-generic, blake2b-512-generic Module(s): blake2s_generic Driver(s): blake2s-128-generic, blake2s-160-generic, blake2s-224-generic, blake2s-256-generic Module(s): ghash-generic Driver(s): ghash-generic Module(s): poly1305_generic Driver(s): poly1305-generic Module(s): md4 Driver(s): md4-generic Module(s): md5 Driver(s): md5-generic Module(s): michael_mic Driver(s): michael_mic-generic Module(s): rmd160 Driver(s): rmd160-generic Module(s): sha1_generic Driver(s): sha1-generic Module(s): sha256_generic Driver(s): sha224-generic, sha256-generic Module(s): sha512_generic Driver(s): sha384-generic, sha512-generic Module(s): sha3_generic Driver(s): sha3-224-generic, sha3-256-generic, sha3-384-generic, sha3-512-generic Module(s): sm3_generic Driver(s): sm3-generic Module(s): streebog_generic Driver(s): streebog256-generic, streebog512-generic Module(s): wp512 Driver(s): wp256-generic, wp384-generic, wp512-generic Module(s): xxhash_generic Driver(s): xxhash64-generic Ciphers Module(s): aes_generic Driver(s): aes-generic Module(s): aes_ti Driver(s): aes-fixed-time Module(s): anubis Driver(s): anubis-generic Module(s): arc4 Driver(s): ecb(arc4)-generic Module(s): blowfish_generic Driver(s): blowfish-generic Module(s): blowfish_common Module(s): camellia_generic Driver(s): camellia-generic Module(s): cast_common Module(s): cast5_generic Driver(s): cast5-generic Module(s): cast6_generic Driver(s): cast6-generic Module(s): des_generic Driver(s): des-generic, des3_ede-generic Module(s): fcrypt Driver(s): fcrypt-generic Module(s): khazad Driver(s): khazad-generic Module(s): chacha_generic Driver(s): chacha20-generic, xchacha20-generic, xchacha12-generic Module(s): seed Driver(s): seed-generic Module(s): serpent_generic Driver(s): serpent-generic Module(s): sm4_generic Driver(s): sm4-generic Module(s): tea Driver(s): tea-generic, xtea-generic, xeta-generic Module(s): twofish_generic Driver(s): twofish-generic Module(s): twofish_common Compression Module(s): deflate Driver(s): deflate-generic, deflate-scomp, zlib-deflate-scomp Module(s): lzo, lzo-rle Driver(s): lzo-generic, lzo-scomp, lzo-rle-generic, lzo-rle-scomp Module(s): 842 Driver(s): 842-generic, 842-scomp Module(s): lz4 Driver(s): lz4-generic, lz4-scomp Module(s): lz4hc Driver(s): lz4hc-generic, lz4hc-scomp Module(s): zstd Driver(s): zstd-generic, zstd-scomp Random Number Generation Module(s): ansi_cprng Driver(s): ansi_cprng, fips_ansi_cprng # Driver(s): drbg_[pr|nopr]_hmac_sha[1,256,384,512] Driver(s): drbg_[pr|nopr]_sha[1,256,384,512] Driver(s): drbg_[pr|nopr][_ctr_aes[128,192,256] Module(s): jitterentropy_rng Driver(s): jitterentropy_rng User-space interface Module(s): algif_hash Module(s): algif_skcipher Module(s): algif_rng Module(s): algif_aead
diff --git a/crypto/Kconfig b/crypto/Kconfig index b61626bf8ee2..3d59f843eb4c 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -21,7 +21,7 @@ menuconfig CRYPTO if CRYPTO -comment "Crypto core or helper" +menu "Crypto core or helper" config CRYPTO_FIPS bool "FIPS 200 compliance" @@ -214,7 +214,9 @@ menuconfig CRYPTO config CRYPTO_ENGINE tristate -comment "Public-key cryptography" +endmenu + +menu "Public-key cryptography" config CRYPTO_RSA tristate "RSA algorithm" @@ -295,7 +297,9 @@ menuconfig CRYPTO select CRYPTO_KPP select CRYPTO_LIB_CURVE25519_GENERIC -comment "Authenticated Encryption with Associated Data" +endmenu + +menu "AEAD (Authenticated Encryption with Associated Data) ciphers" config CRYPTO_CCM tristate "CCM support" @@ -364,7 +368,39 @@ menuconfig CRYPTO a sequence number xored with a salt. This is the default algorithm for CBC. -comment "Block modes" + This is required for IPsec ESP (XFRM_ESP). + +config CRYPTO_ESSIV + tristate "ESSIV support for block encryption" + select CRYPTO_AUTHENC + help + Encrypted salt-sector initialization vector (ESSIV) is an IV + generation method that is used in some cases by fscrypt and/or + dm-crypt. It uses the hash of the block encryption key as the + symmetric key for a block encryption pass applied to the input + IV, making low entropy IV sources more suitable for block + encryption. + + This driver implements a crypto API template that can be + instantiated either as an skcipher or as an AEAD (depending on the + type of the first template argument), and which defers encryption + and decryption requests to the encapsulated cipher after applying + ESSIV to the input IV. Note that in the AEAD case, it is assumed + that the keys are presented in the same format used by the authenc + template, and that the IV appears at the end of the authenticated + associated data (AAD) region (which is how dm-crypt uses it.) + + Note that the use of ESSIV is not recommended for new deployments, + and so this only needs to be enabled when interoperability with + existing encrypted volumes of filesystems is required, or when + building for a particular system that requires it (e.g., when + the SoC in question has accelerated CBC but not XTS, making CBC + combined with ESSIV the only feasible mode for h/w accelerated + block encryption) + +endmenu + +menu "Block modes" config CRYPTO_CBC tristate "CBC support" @@ -494,35 +530,9 @@ menuconfig CRYPTO If unsure, say N. -config CRYPTO_ESSIV - tristate "ESSIV support for block encryption" - select CRYPTO_AUTHENC - help - Encrypted salt-sector initialization vector (ESSIV) is an IV - generation method that is used in some cases by fscrypt and/or - dm-crypt. It uses the hash of the block encryption key as the - symmetric key for a block encryption pass applied to the input - IV, making low entropy IV sources more suitable for block - encryption. +endmenu - This driver implements a crypto API template that can be - instantiated either as an skcipher or as an AEAD (depending on the - type of the first template argument), and which defers encryption - and decryption requests to the encapsulated cipher after applying - ESSIV to the input IV. Note that in the AEAD case, it is assumed - that the keys are presented in the same format used by the authenc - template, and that the IV appears at the end of the authenticated - associated data (AAD) region (which is how dm-crypt uses it.) - - Note that the use of ESSIV is not recommended for new deployments, - and so this only needs to be enabled when interoperability with - existing encrypted volumes of filesystems is required, or when - building for a particular system that requires it (e.g., when - the SoC in question has accelerated CBC but not XTS, making CBC - combined with ESSIV the only feasible mode for h/w accelerated - block encryption) - -comment "Hash modes" +menu "Hash modes" config CRYPTO_CMAC tristate "CMAC support" @@ -564,7 +574,9 @@ menuconfig CRYPTO See also: <https://fastcrypto.org/vmac> -comment "Digest" +endmenu + +menu "Digests" config CRYPTO_CRC32C tristate "CRC32c CRC algorithm" @@ -583,13 +595,18 @@ menuconfig CRYPTO CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. Shash crypto api wrappers to crc32_le function. -config CRYPTO_XXHASH - tristate "xxHash hash algorithm" +config CRYPTO_CRCT10DIF + tristate "CRCT10DIF algorithm" select CRYPTO_HASH - select XXHASH help - xxHash non-cryptographic hash algorithm. Extremely fast, working at - speeds close to RAM limits. + CRC T10 Data Integrity Field computation is being cast as + a crypto transform. This allows for faster crc t10 diff + transforms to be used if they are available. + +config CRYPTO_CRC64_ROCKSOFT + tristate "Rocksoft Model CRC64 algorithm" + depends on CRC64 + select CRYPTO_HASH config CRYPTO_BLAKE2B tristate "BLAKE2b digest algorithm" @@ -626,19 +643,6 @@ menuconfig CRYPTO See https://blake2.net for further information. -config CRYPTO_CRCT10DIF - tristate "CRCT10DIF algorithm" - select CRYPTO_HASH - help - CRC T10 Data Integrity Field computation is being cast as - a crypto transform. This allows for faster crc t10 diff - transforms to be used if they are available. - -config CRYPTO_CRC64_ROCKSOFT - tristate "Rocksoft Model CRC64 algorithm" - depends on CRC64 - select CRYPTO_HASH - config CRYPTO_GHASH tristate "GHASH hash function" select CRYPTO_GF128MUL @@ -776,7 +780,17 @@ menuconfig CRYPTO See also: <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> -comment "Ciphers" +config CRYPTO_XXHASH + tristate "xxHash hash algorithm" + select CRYPTO_HASH + select XXHASH + help + xxHash non-cryptographic hash algorithm. Extremely fast, working at + speeds close to RAM limits. + +endmenu + +menu "Ciphers" config CRYPTO_AES tristate "AES cipher algorithms" @@ -1050,7 +1064,9 @@ menuconfig CRYPTO Common parts of the Twofish cipher algorithm shared by the generic c and the assembler implementations. -comment "Compression" +endmenu + +menu "Compression" config CRYPTO_DEFLATE tristate "Deflate compression algorithm" @@ -1109,7 +1125,9 @@ menuconfig CRYPTO help This is the zstd algorithm. -comment "Random Number Generation" +endmenu + +menu "Random Number Generation" config CRYPTO_ANSI_CPRNG tristate "Pseudo Random Number Generation for Cryptographic modules" @@ -1166,6 +1184,8 @@ menuconfig CRYPTO_DRBG_MENU random numbers. This Jitterentropy RNG registers with the kernel crypto API and can be used by any caller. +endmenu + config CRYPTO_KDF800108_CTR tristate select CRYPTO_HMAC @@ -1174,6 +1194,7 @@ menuconfig CRYPTO_DRBG_MENU config CRYPTO_USER_API tristate +menu "User-space interface" config CRYPTO_USER_API_HASH tristate "User-space interface for hash algorithms" depends on NET @@ -1242,6 +1263,8 @@ menuconfig CRYPTO_DRBG_MENU - encrypt/decrypt/sign/verify numbers for asymmetric operations - generate/seed numbers for rng operations +endmenu + config CRYPTO_HASH_INFO bool
Convert each comment section into a submenu: Cryptographic API Crypto core or helper Public-key cryptography AEAD (Authenticated Encryption with Associated Data) ciphers Block modes Hash modes Digests Ciphers Compression Random Number Generation User-space interface That helps find entries (e.g., searching for a name like SHA512 doesn't just report the location is Main menu -> Cryptography API, leaving you to wade through 153 entries; it points you to the Digests page). Move a few of the entries so they fall into the correct submenu and are better sorted. Signed-off-by: Robert Elliott <elliott@hpe.com> --- crypto/Kconfig | 131 +++++++++++++++++++++++++++++-------------------- 1 file changed, 77 insertions(+), 54 deletions(-)