@@ -342,7 +342,14 @@ config INET_AH
tristate "IP: AH transformation"
select XFRM_AH
help
- Support for IPsec AH.
+ Support for IPsec AH (Authentication Header).
+
+ AH can be used with various authentication algorithms. Besides
+ enabling AH support itself, this option enables the generic
+ implementations of the algorithms that RFC 8221 lists as MUST be
+ implemented. If you need any other algorithms, you'll need to enable
+ them in the crypto API. You should also enable accelerated
+ implementations of any needed algorithms when available.
If unsure, say Y.
@@ -350,7 +357,14 @@ config INET_ESP
tristate "IP: ESP transformation"
select XFRM_ESP
help
- Support for IPsec ESP.
+ Support for IPsec ESP (Encapsulating Security Payload).
+
+ ESP can be used with various encryption and authentication algorithms.
+ Besides enabling ESP support itself, this option enables the generic
+ implementations of the algorithms that RFC 8221 lists as MUST be
+ implemented. If you need any other algorithms, you'll need to enable
+ them in the crypto API. You should also enable accelerated
+ implementations of any needed algorithms when available.
If unsure, say Y.
@@ -51,7 +51,14 @@ config INET6_AH
tristate "IPv6: AH transformation"
select XFRM_AH
help
- Support for IPsec AH.
+ Support for IPsec AH (Authentication Header).
+
+ AH can be used with various authentication algorithms. Besides
+ enabling AH support itself, this option enables the generic
+ implementations of the algorithms that RFC 8221 lists as MUST be
+ implemented. If you need any other algorithms, you'll need to enable
+ them in the crypto API. You should also enable accelerated
+ implementations of any needed algorithms when available.
If unsure, say Y.
@@ -59,7 +66,14 @@ config INET6_ESP
tristate "IPv6: ESP transformation"
select XFRM_ESP
help
- Support for IPsec ESP.
+ Support for IPsec ESP (Encapsulating Security Payload).
+
+ ESP can be used with various encryption and authentication algorithms.
+ Besides enabling ESP support itself, this option enables the generic
+ implementations of the algorithms that RFC 8221 lists as MUST be
+ implemented. If you need any other algorithms, you'll need to enable
+ them in the crypto API. You should also enable accelerated
+ implementations of any needed algorithms when available.
If unsure, say Y.
@@ -67,26 +67,29 @@ config XFRM_STATISTICS
If unsure, say N.
+# This option selects XFRM_ALGO along with the AH authentication algorithms that
+# RFC 8221 lists as MUST be implemented.
config XFRM_AH
tristate
select XFRM_ALGO
select CRYPTO
select CRYPTO_HMAC
- select CRYPTO_MD5
- select CRYPTO_SHA1
+ select CRYPTO_SHA256
+# This option selects XFRM_ALGO along with the ESP encryption and authentication
+# algorithms that RFC 8221 lists as MUST be implemented.
config XFRM_ESP
tristate
select XFRM_ALGO
select CRYPTO
+ select CRYPTO_AES
select CRYPTO_AUTHENC
- select CRYPTO_HMAC
- select CRYPTO_MD5
select CRYPTO_CBC
- select CRYPTO_SHA1
- select CRYPTO_DES
select CRYPTO_ECHAINIV
+ select CRYPTO_GCM
+ select CRYPTO_HMAC
select CRYPTO_SEQIV
+ select CRYPTO_SHA256
config XFRM_IPCOMP
tristate