From patchwork Mon Aug 15 19:06:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Elliott, Robert \(Servers\)" X-Patchwork-Id: 597307 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF043C28B2B for ; Mon, 15 Aug 2022 20:37:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344937AbiHOUhF (ORCPT ); Mon, 15 Aug 2022 16:37:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49626 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345016AbiHOUfE (ORCPT ); Mon, 15 Aug 2022 16:35:04 -0400 Received: from mx0b-002e3701.pphosted.com (mx0b-002e3701.pphosted.com [148.163.143.35]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E337AABD61; Mon, 15 Aug 2022 12:06:23 -0700 (PDT) Received: from pps.filterd (m0134423.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27FIDjeH009888; Mon, 15 Aug 2022 19:06:19 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : content-transfer-encoding : mime-version; s=pps0720; bh=OvGNgjyXdRVoprmq/MPuupJ6TYjVRr2YqHsIXBFGU8o=; b=nYYy1CKfQpwbMCsrCCSmy5Hk4onohxaszlZ1hQ68uwP1oldmm8+lImAb3yjvfyohFdNu bO/KrYi8zIu4NRmC0s+87xkPwBT5DzySp3i96HG47orFbE+9OvUzOOa/zHst9WCwPhQT T90k3Dyve3nPT8mXebx1gPVE/yFnSOVfAuEUakaDvlNo/Fpcol/NO+SW23KaS4foYmq9 2EhQhgRkWTKjSVOseWwfh/AnPi+h8UbG9KlsdVBtdzN/i4NOlDhKeqh+ZU1T+iGEbHvS e7OUWg4UkA93TiF+FyEjKMby50YqQDHoWMjhuc2jMTHjZ9DU/JzmFLEMT/dJOpvUGcuE Zg== Received: from p1lg14878.it.hpe.com (p1lg14878.it.hpe.com [16.230.97.204]) by mx0b-002e3701.pphosted.com (PPS) with ESMTPS id 3hyu7r8bpq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 15 Aug 2022 19:06:19 +0000 Received: from p1lg14886.dc01.its.hpecorp.net (unknown [10.119.18.237]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by p1lg14878.it.hpe.com (Postfix) with ESMTPS id 218A5D2CF; Mon, 15 Aug 2022 19:06:18 +0000 (UTC) Received: from adevxp033-sys.us.rdlabs.hpecorp.net (unknown [16.231.227.36]) by p1lg14886.dc01.its.hpecorp.net (Postfix) with ESMTP id CCA3B802BAD; Mon, 15 Aug 2022 19:06:17 +0000 (UTC) From: Robert Elliott To: herbert@gondor.apana.org.au, davem@davemloft.net, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Cc: toshi.kani@hpe.com, Robert Elliott Subject: [PATCH 1/8] crypto: Kconfig - add submenus Date: Mon, 15 Aug 2022 14:06:01 -0500 Message-Id: <20220815190608.47182-2-elliott@hpe.com> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220815190608.47182-1-elliott@hpe.com> References: <20220815190608.47182-1-elliott@hpe.com> X-Proofpoint-GUID: MTwPZk1esdoIQHNY7bUQETSbs3wsir6g X-Proofpoint-ORIG-GUID: MTwPZk1esdoIQHNY7bUQETSbs3wsir6g X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-HPE-SCL: -1 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-15_08,2022-08-15_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 clxscore=1015 suspectscore=0 mlxlogscore=428 spamscore=0 mlxscore=0 impostorscore=0 phishscore=0 bulkscore=0 lowpriorityscore=0 adultscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208150071 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Convert each comment section into a submenu: Cryptographic API Crypto core or helper Public-key cryptography AEAD (Authenticated Encryption with Associated Data) ciphers Block modes Hash modes Digests Ciphers Compression Random Number Generation User-space interface That helps find entries (e.g., searching for a name like SHA512 doesn't just report the location is Main menu -> Cryptography API, leaving you to wade through 153 entries; it points you to the Digests page). Signed-off-by: Robert Elliott --- crypto/Kconfig | 42 ++++++++++++++++++++++++++++++++---------- 1 file changed, 32 insertions(+), 10 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index 7b81685b5655..c2db970bc998 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -21,7 +21,7 @@ menuconfig CRYPTO if CRYPTO -comment "Crypto core or helper" +menu "Crypto core or helper" config CRYPTO_FIPS bool "FIPS 200 compliance" @@ -214,7 +214,9 @@ menuconfig CRYPTO config CRYPTO_ENGINE tristate -comment "Public-key cryptography" +endmenu + +menu "Public-key cryptography" config CRYPTO_RSA tristate "RSA algorithm" @@ -301,7 +303,9 @@ menuconfig CRYPTO select CRYPTO_LIB_CURVE25519_GENERIC select CRYPTO_ARCH_HAVE_LIB_CURVE25519 -comment "Authenticated Encryption with Associated Data" +endmenu + +menu "AEAD (Authenticated Encryption with Associated Data) ciphers" config CRYPTO_CCM tristate "CCM support" @@ -378,7 +382,11 @@ menuconfig CRYPTO a sequence number xored with a salt. This is the default algorithm for CBC. -comment "Block modes" + This is required for IPsec ESP (XFRM_ESP). + +endmenu + +menu "Block modes" config CRYPTO_CBC tristate "CBC support" @@ -552,7 +560,9 @@ menuconfig CRYPTO combined with ESSIV the only feasible mode for h/w accelerated block encryption) -comment "Hash modes" +endmenu + +menu "Hash modes" config CRYPTO_CMAC tristate "CMAC support" @@ -594,7 +604,9 @@ menuconfig CRYPTO See also: -comment "Digest" +endmenu + +menu "Digests" config CRYPTO_CRC32C tristate "CRC32c CRC algorithm" @@ -627,7 +639,6 @@ menuconfig CRYPTO (vpmsum) instructions, introduced in POWER8. Enable on POWER8 and newer processors for improved performance. - config CRYPTO_CRC32C_SPARC64 tristate "CRC32c CRC algorithm (SPARC64)" depends on SPARC64 @@ -1142,7 +1153,9 @@ menuconfig CRYPTO It is available as of z196. -comment "Ciphers" +endmenu + +menu "Ciphers" config CRYPTO_AES tristate "AES cipher algorithms" @@ -1877,7 +1890,9 @@ menuconfig CRYPTO See also: -comment "Compression" +endmenu + +menu "Compression" config CRYPTO_DEFLATE tristate "Deflate compression algorithm" @@ -1936,7 +1951,9 @@ menuconfig CRYPTO help This is the zstd algorithm. -comment "Random Number Generation" +endmenu + +menu "Random Number Generation" config CRYPTO_ANSI_CPRNG tristate "Pseudo Random Number Generation for Cryptographic modules" @@ -1993,6 +2010,8 @@ menuconfig CRYPTO_DRBG_MENU random numbers. This Jitterentropy RNG registers with the kernel crypto API and can be used by any caller. +endmenu + config CRYPTO_KDF800108_CTR tristate select CRYPTO_HMAC @@ -2001,6 +2020,7 @@ menuconfig CRYPTO_DRBG_MENU config CRYPTO_USER_API tristate +menu "User-space interface" config CRYPTO_USER_API_HASH tristate "User-space interface for hash algorithms" depends on NET @@ -2069,6 +2089,8 @@ menuconfig CRYPTO_DRBG_MENU - encrypt/decrypt/sign/verify numbers for asymmetric operations - generate/seed numbers for rng operations +endmenu + config CRYPTO_HASH_INFO bool From patchwork Mon Aug 15 19:06:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Elliott, Robert \(Servers\)" X-Patchwork-Id: 598988 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A4408C25B0E for ; Mon, 15 Aug 2022 20:56:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243396AbiHOU4k (ORCPT ); Mon, 15 Aug 2022 16:56:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55462 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346882AbiHOUz7 (ORCPT ); Mon, 15 Aug 2022 16:55:59 -0400 Received: from mx0a-002e3701.pphosted.com (mx0a-002e3701.pphosted.com [148.163.147.86]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D33A0C04C4; Mon, 15 Aug 2022 12:11:25 -0700 (PDT) Received: from pps.filterd (m0134421.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27FIEmf4004739; Mon, 15 Aug 2022 19:11:20 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : content-transfer-encoding : mime-version; s=pps0720; bh=I701k4loSA5KNIeCflmPRMkgysoXzKyC/LnkRHw7w8Q=; b=XoSBg8Qq74kAE92VnlmdOD5JMn/dQAsBiIQGU49Rmkqe3wyliCB3D+eIP61//s8Li0ZQ DUSLBUH8g1/vsw4sYq1YSmiZPDcz/Ll2ISoIh0pJMT+DRiI/cghgZHPVPtgHTEaVBI12 exkGZR+//xL6ZwDc0NV3hSJxQ2DU58GCFdlR+WsZNQRg1D1hYWyjZzDGMgs3tlQdTzk2 Dnysn4JY7PXFrizFO1Qha4jK18SuUdUj2a3r2iVgE+Oha4745GmdU9/iT3rfCKMJQlEc 0WGuE9jjekNmxTPnEMqK2PIwgHBCtCfJF/32DocH3jDBxncmOKQ/LKIVI89I5moHAdn3 SQ== Received: from p1lg14880.it.hpe.com (p1lg14880.it.hpe.com [16.230.97.201]) by mx0b-002e3701.pphosted.com (PPS) with ESMTPS id 3hyu8d0ctk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 15 Aug 2022 19:11:19 +0000 Received: from p1lg14886.dc01.its.hpecorp.net (unknown [10.119.18.237]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by p1lg14880.it.hpe.com (Postfix) with ESMTPS id 54FD18001A6; Mon, 15 Aug 2022 19:06:19 +0000 (UTC) Received: from adevxp033-sys.us.rdlabs.hpecorp.net (unknown [16.231.227.36]) by p1lg14886.dc01.its.hpecorp.net (Postfix) with ESMTP id 0D9B080B10C; Mon, 15 Aug 2022 19:06:19 +0000 (UTC) From: Robert Elliott To: herbert@gondor.apana.org.au, davem@davemloft.net, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Cc: toshi.kani@hpe.com, Robert Elliott Subject: [PATCH 2/8] crypto: Kconfig - simplify public-key entries Date: Mon, 15 Aug 2022 14:06:02 -0500 Message-Id: <20220815190608.47182-3-elliott@hpe.com> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220815190608.47182-1-elliott@hpe.com> References: <20220815190608.47182-1-elliott@hpe.com> X-Proofpoint-ORIG-GUID: 7Qi9pyEbKaGvP_0fYOZJa0v42YoSgeLe X-Proofpoint-GUID: 7Qi9pyEbKaGvP_0fYOZJa0v42YoSgeLe X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-HPE-SCL: -1 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-15_08,2022-08-15_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 phishscore=0 priorityscore=1501 malwarescore=0 clxscore=1015 impostorscore=0 mlxscore=0 spamscore=0 suspectscore=0 mlxlogscore=999 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208150072 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Shorten menu titles and help text and make them consistent: * acronym * name * architecture and architecture features in parenthesis * no suffixes like " algorithm", "support", or "hardware acceleration", or "optimized" Clarify architecture restrictions (e.g., include x86 in the names of all the x86-optimized modules. Simplify descriptions, update references, and ensure that https references are still valid. Signed-off-by: Robert Elliott --- crypto/Kconfig | 51 ++++++++++++++++++++++++++++++-------------------- 1 file changed, 31 insertions(+), 20 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index c2db970bc998..a7679e8cf842 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -219,20 +219,20 @@ menu "Crypto core or helper" menu "Public-key cryptography" config CRYPTO_RSA - tristate "RSA algorithm" + tristate "RSA (Rivest-Shamir-Adleman)" select CRYPTO_AKCIPHER select CRYPTO_MANAGER select MPILIB select ASN1 help - Generic implementation of the RSA public key algorithm. + RSA (Rivest-Shamir-Adleman) public key algorithm config CRYPTO_DH - tristate "Diffie-Hellman algorithm" + tristate "DH (Diffie-Hellman)" select CRYPTO_KPP select MPILIB help - Generic implementation of the Diffie-Hellman algorithm. + DH (Diffie-Hellman) key exchange algorithm config CRYPTO_DH_RFC7919_GROUPS bool "Support for RFC 7919 FFDHE group parameters" @@ -246,24 +246,26 @@ menu "Public-key cryptography" select CRYPTO_RNG_DEFAULT config CRYPTO_ECDH - tristate "ECDH algorithm" + tristate "ECDH (Elliptic Curve Diffie-Hellman)" select CRYPTO_ECC select CRYPTO_KPP help - Generic implementation of the ECDH algorithm + ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm + using curves P-192, P-256, and P-384 (FIPS 186) config CRYPTO_ECDSA - tristate "ECDSA (NIST P192, P256 etc.) algorithm" + tristate "ECDSA (Elliptic Curve Digital Signature Algorithm)" select CRYPTO_ECC select CRYPTO_AKCIPHER select ASN1 help - Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.) - is A NIST cryptographic standard algorithm. Only signature verification - is implemented. + ECDSA (Elliptic Curve Digital Signature Algorithm) (FIPS 186) + using curves P-192, P-256, and P-384 + + Only signature verification is implemented. config CRYPTO_ECRDSA - tristate "EC-RDSA (GOST 34.10) algorithm" + tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)" select CRYPTO_ECC select CRYPTO_AKCIPHER select CRYPTO_STREEBOG @@ -271,37 +273,46 @@ menu "Public-key cryptography" select ASN1 help Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, - RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic - standard algorithms (called GOST algorithms). Only signature verification - is implemented. + RFC 7091, ISO/IEC 14888-3:2018) + + One of the Russian cryptographic standard algorithms (called GOST + algorithms). Only signature verification is implemented. config CRYPTO_SM2 - tristate "SM2 algorithm" + tristate "SM2 (ShangMi 2)" select CRYPTO_SM3 select CRYPTO_AKCIPHER select CRYPTO_MANAGER select MPILIB select ASN1 help - Generic implementation of the SM2 public key algorithm. It was - published by State Encryption Management Bureau, China. + SM2 (ShangMi 2) public key algorithm + + Published by State Encryption Management Bureau, China, as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012. References: - https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 + https://datatracker.ietf.org/doc/draft-shen-sm2-ecdsa/ http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml http://www.gmbz.org.cn/main/bzlb.html config CRYPTO_CURVE25519 - tristate "Curve25519 algorithm" + tristate "Curve25519" select CRYPTO_KPP select CRYPTO_LIB_CURVE25519_GENERIC + help + Curve25519 algorithm config CRYPTO_CURVE25519_X86 - tristate "x86_64 accelerated Curve25519 scalar multiplication library" + tristate "Curve25519 (x86_64 with ADX)" depends on X86 && 64BIT select CRYPTO_LIB_CURVE25519_GENERIC select CRYPTO_ARCH_HAVE_LIB_CURVE25519 + help + Curve25519 algorithm + + Architecture: x86_64 using: + * ADX (large integer arithmetic) endmenu From patchwork Mon Aug 15 19:06:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Elliott, Robert \(Servers\)" X-Patchwork-Id: 598991 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 31FCEC282E7 for ; Mon, 15 Aug 2022 20:37:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344485AbiHOUhG (ORCPT ); Mon, 15 Aug 2022 16:37:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49952 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346069AbiHOUfM (ORCPT ); Mon, 15 Aug 2022 16:35:12 -0400 Received: from mx0a-002e3701.pphosted.com (mx0a-002e3701.pphosted.com [148.163.147.86]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 89849ABD6A; Mon, 15 Aug 2022 12:06:24 -0700 (PDT) Received: from pps.filterd (m0134421.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27FIEgS6004375; Mon, 15 Aug 2022 19:06:21 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : content-transfer-encoding : mime-version; s=pps0720; bh=7UZRl7S6CD59FxX0p50QXXowmOOF0KD87WiCrV0FFvc=; b=WoTZfNGQ6W5T+ONutzqQsBHZsRydbTwo0MjYrWxKHQs63hahiBhSZMKKZMTdFFhfJL2s 3/cj0T6wodN3xloXdTTK+HI62xipD0IXJCEy00CZBOAfSZ3eLuk6GQgLy2Nw31LjqVVL LMqQdvXBZsDkjbOpVWP0fLrrvtW7Ixs3MBFqV37j4vXRwvrBb/V16zI8izJZ/T1JqADM WK0nNJRnUqJMj+RLJYA70GI538ZvQjWlt9TbjkopOLsIURXHJ3BgqUPM7O2lnuUY95XD A9lEu/KFAhU8jC/HOpWwOA2oQ2oe9Yy128d5J8BGWG9pTHsjNZBlnfufUG6paXERQ7qD 2A== Received: from p1lg14881.it.hpe.com (p1lg14881.it.hpe.com [16.230.97.202]) by mx0b-002e3701.pphosted.com (PPS) with ESMTPS id 3hyu8d0bst-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 15 Aug 2022 19:06:21 +0000 Received: from p1lg14886.dc01.its.hpecorp.net (unknown [10.119.18.237]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by p1lg14881.it.hpe.com (Postfix) with ESMTPS id 709AD804CB5; Mon, 15 Aug 2022 19:06:20 +0000 (UTC) Received: from adevxp033-sys.us.rdlabs.hpecorp.net (unknown [16.231.227.36]) by p1lg14886.dc01.its.hpecorp.net (Postfix) with ESMTP id 25F73804CF8; Mon, 15 Aug 2022 19:06:20 +0000 (UTC) From: Robert Elliott To: herbert@gondor.apana.org.au, davem@davemloft.net, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Cc: toshi.kani@hpe.com, Robert Elliott Subject: [PATCH 3/8] crypto: Kconfig - simplify user-space interface entries Date: Mon, 15 Aug 2022 14:06:03 -0500 Message-Id: <20220815190608.47182-4-elliott@hpe.com> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220815190608.47182-1-elliott@hpe.com> References: <20220815190608.47182-1-elliott@hpe.com> X-Proofpoint-ORIG-GUID: qzScPmMadnJgI9WTV04XrqEjOjTzo2TL X-Proofpoint-GUID: qzScPmMadnJgI9WTV04XrqEjOjTzo2TL X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-HPE-SCL: -1 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-15_08,2022-08-15_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 phishscore=0 priorityscore=1501 malwarescore=0 clxscore=1015 impostorscore=0 mlxscore=0 spamscore=0 suspectscore=0 mlxlogscore=999 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208150071 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Shorten menu titles and help text and make them consistent: * acronym * name * architecture and architecture features in parenthesis * no suffixes like " algorithm", "support", or "hardware acceleration", or "optimized" Clarify architecture restrictions (e.g., include x86 in the names of all the x86-optimized modules. Simplify descriptions, update references, and ensure that https references are still valid. Signed-off-by: Robert Elliott --- crypto/Kconfig | 63 ++++++++++++++++++++++++++++++++------------------ 1 file changed, 40 insertions(+), 23 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index a7679e8cf842..045ef2a92449 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -2032,55 +2032,67 @@ menuconfig CRYPTO_DRBG_MENU tristate menu "User-space interface" +comment "Enable the user-space interface for ..." config CRYPTO_USER_API_HASH - tristate "User-space interface for hash algorithms" + tristate "Hash algorithms" depends on NET select CRYPTO_HASH select CRYPTO_USER_API help - This option enables the user-spaces interface for hash - algorithms. + Enable the user-space interface for hash algorithms. + + See Documentation/crypto/userspace-if.rst and + https://www.chronox.de/libkcapi/html/index.html config CRYPTO_USER_API_SKCIPHER - tristate "User-space interface for symmetric key cipher algorithms" + tristate "Symmetric key cipher algorithms" depends on NET select CRYPTO_SKCIPHER select CRYPTO_USER_API help - This option enables the user-spaces interface for symmetric - key cipher algorithms. + Enable the user-space interface for symmetric key cipher algorithms. + + See Documentation/crypto/userspace-if.rst and + https://www.chronox.de/libkcapi/html/index.html config CRYPTO_USER_API_RNG - tristate "User-space interface for random number generator algorithms" + tristate "RNG (random number generator) algorithms" depends on NET select CRYPTO_RNG select CRYPTO_USER_API help - This option enables the user-spaces interface for random - number generator algorithms. + Enable the user-space interface for RNG (random number generator) + algorithms. + + See Documentation/crypto/userspace-if.rst and + https://www.chronox.de/libkcapi/html/index.html config CRYPTO_USER_API_RNG_CAVP bool "Enable CAVP testing of DRBG" depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG help - This option enables extra API for CAVP testing via the user-space - interface: resetting of DRBG entropy, and providing Additional Data. + Enable extra APIs in the user-space interface for NIST CAVP + (Cryptographic Algorithm Validation Program) testing: + - resetting DRBG entropy + - providing Additional Data This should only be enabled for CAVP testing. You should say no unless you know what this is. config CRYPTO_USER_API_AEAD - tristate "User-space interface for AEAD cipher algorithms" + tristate "AEAD cipher algorithms" depends on NET select CRYPTO_AEAD select CRYPTO_SKCIPHER select CRYPTO_NULL select CRYPTO_USER_API help - This option enables the user-spaces interface for AEAD - cipher algorithms. + Enable the user-space interface for AEAD cipher algorithms. + + See Documentation/crypto/userspace-if.rst and + https://www.chronox.de/libkcapi/html/index.html config CRYPTO_USER_API_ENABLE_OBSOLETE - bool "Enable obsolete cryptographic algorithms for userspace" + bool "Obsolete cryptographic algorithms" depends on CRYPTO_USER_API default y help @@ -2089,16 +2101,21 @@ menu "User-space interface" only useful for userspace clients that still rely on them. config CRYPTO_STATS - bool "Crypto usage statistics for User-space" + bool "Crypto usage statistics" depends on CRYPTO_USER help - This option enables the gathering of crypto stats. - This will collect: - - encrypt/decrypt size and numbers of symmeric operations - - compress/decompress size and numbers of compress operations - - size and numbers of hash operations - - encrypt/decrypt/sign/verify numbers for asymmetric operations - - generate/seed numbers for rng operations + Enable the gathering of crypto stats. + + This collects data sizes, numbers of requests, and numbers + of errors processed by: + - AEAD ciphers (encrypt, decrypt) + - asymmetric key ciphers (encrypt, decrypt, verify, sign) + - symmetric key ciphers (encrypt, decrypt) + - compression algorithms (compress, decompress) + - hash algorithms (hash) + - key-agreement protocol primitives (setsecret, generate + public key, compute shared secret) + - RNG (generate, seed) endmenu From patchwork Mon Aug 15 19:06:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Elliott, Robert \(Servers\)" X-Patchwork-Id: 597306 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D64B9C25B0E for ; Mon, 15 Aug 2022 20:37:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232333AbiHOUhI (ORCPT ); Mon, 15 Aug 2022 16:37:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50208 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344432AbiHOUfS (ORCPT ); Mon, 15 Aug 2022 16:35:18 -0400 Received: from mx0b-002e3701.pphosted.com (mx0b-002e3701.pphosted.com [148.163.143.35]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A3182A73A; Mon, 15 Aug 2022 12:06:26 -0700 (PDT) Received: from pps.filterd (m0150245.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27FIoMh9018977; Mon, 15 Aug 2022 19:06:22 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : content-transfer-encoding : mime-version; s=pps0720; bh=Iuxo2ne31HiW7Rg0v8Ej/FidItYg8f+vFmxa8hRVvfE=; b=WfSLjPkI/Avdc59M4Ab1Wybh25WfuivLT3w/Kd/AiavmKbhISJIsSONAAImEQpJZqcAZ iGf1IUJuHDApT3t+AqaUePWvgfs30Il2gWRBMKpKrBP+IvXWMkU5F+Rk5GujuaCx/RL4 hLb62A1PoO44jdRzssfCNWWJv3zI3PjFrhEpuQ8hdMj5V3YXq+OOG2KGCSBBEozp85qU eDtUeotthI6cIS/IxneLM3DaXScAMQeb7HbBpj7paJQGcw5gyN93oBydrcJ716RlEwcJ YhLzcyzxtKetxvGZqROgJeoi9wK3rwMFi61ZQRGXvln0tUE+WFUQEzSc3BX7KWijiSr+ bQ== Received: from p1lg14881.it.hpe.com (p1lg14881.it.hpe.com [16.230.97.202]) by mx0b-002e3701.pphosted.com (PPS) with ESMTPS id 3hyus1842s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 15 Aug 2022 19:06:22 +0000 Received: from p1lg14886.dc01.its.hpecorp.net (unknown [10.119.18.237]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by p1lg14881.it.hpe.com (Postfix) with ESMTPS id 75477804CB9; Mon, 15 Aug 2022 19:06:21 +0000 (UTC) Received: from adevxp033-sys.us.rdlabs.hpecorp.net (unknown [16.231.227.36]) by p1lg14886.dc01.its.hpecorp.net (Postfix) with ESMTP id 313DD803299; Mon, 15 Aug 2022 19:06:21 +0000 (UTC) From: Robert Elliott To: herbert@gondor.apana.org.au, davem@davemloft.net, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Cc: toshi.kani@hpe.com, Robert Elliott Subject: [PATCH 4/8] crypto: Kconfig - simplify AEAD and block mode entries Date: Mon, 15 Aug 2022 14:06:04 -0500 Message-Id: <20220815190608.47182-5-elliott@hpe.com> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220815190608.47182-1-elliott@hpe.com> References: <20220815190608.47182-1-elliott@hpe.com> X-Proofpoint-ORIG-GUID: iC-CXEQD6YDHaaxkV9PF2TRMe8NyW-Lu X-Proofpoint-GUID: iC-CXEQD6YDHaaxkV9PF2TRMe8NyW-Lu X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-HPE-SCL: -1 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-15_08,2022-08-15_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 malwarescore=0 bulkscore=0 priorityscore=1501 adultscore=0 suspectscore=0 phishscore=0 impostorscore=0 mlxscore=0 spamscore=0 mlxlogscore=493 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208150072 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Shorten menu titles and help text and make them consistent: * acronym * name * architecture and architecture features in parenthesis * no suffixes like " algorithm", "support", or "hardware acceleration", or "optimized" Clarify architecture restrictions (e.g., include x86 in the names of all the x86-optimized modules. Simplify descriptions, update references, and ensure that https references are still valid. Signed-off-by: Robert Elliott --- crypto/Kconfig | 133 +++++++++++++++++++++++++++---------------------- 1 file changed, 74 insertions(+), 59 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index 045ef2a92449..703c91e8e7a0 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -198,7 +198,8 @@ menu "Crypto core or helper" select CRYPTO_NULL help Authenc: Combined mode wrapper for IPsec. - This is required for IPSec. + + This is required for IPSec ESP (XFRM_ESP). config CRYPTO_TEST tristate "Testing module" @@ -319,57 +320,65 @@ menu "Public-key cryptography" menu "AEAD (Authenticated Encryption with Associated Data) ciphers" config CRYPTO_CCM - tristate "CCM support" + tristate "CCM (Counter with Cipher Block Chaining-Message Authentication Code)" select CRYPTO_CTR select CRYPTO_HASH select CRYPTO_AEAD select CRYPTO_MANAGER help - Support for Counter with CBC MAC. Required for IPsec. + CCM (Counter with Cipher Block Chaining-Message Authentication Code) + authenticated encryption mode (NIST SP800-38C) config CRYPTO_GCM - tristate "GCM/GMAC support" + tristate "GCM (Galois/Counter Mode) and GMAC (GCM Message Authentication Code)" select CRYPTO_CTR select CRYPTO_AEAD select CRYPTO_GHASH select CRYPTO_NULL select CRYPTO_MANAGER help - Support for Galois/Counter Mode (GCM) and Galois Message - Authentication Code (GMAC). Required for IPSec. + GCM (Galois/Counter Mode) authenticated encryption mode and GMAC + (GCM Message Authentication Code) (NIST SP800-38D) + + This is required for IPSec ESP (XFRM_ESP). config CRYPTO_CHACHA20POLY1305 - tristate "ChaCha20-Poly1305 AEAD support" + tristate "ChaCha20-Poly1305" select CRYPTO_CHACHA20 select CRYPTO_POLY1305 select CRYPTO_AEAD select CRYPTO_MANAGER help - ChaCha20-Poly1305 AEAD support, RFC7539. - - Support for the AEAD wrapper using the ChaCha20 stream cipher combined - with the Poly1305 authenticator. It is defined in RFC7539 for use in - IETF protocols. + ChaCha20 stream cipher and Poly1305 authenticator combined + mode (RFC8439) config CRYPTO_AEGIS128 - tristate "AEGIS-128 AEAD algorithm" + tristate "AEGIS-128" select CRYPTO_AEAD select CRYPTO_AES # for AES S-box tables help - Support for the AEGIS-128 dedicated AEAD algorithm. + AEGIS-128 AEAD algorithm config CRYPTO_AEGIS128_SIMD - bool "Support SIMD acceleration for AEGIS-128" + bool "AEGIS-128 (arm SIMD acceleration)" depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) default y + help + AEGIS-128 AEAD algorithm + + Architecture: arm using the Neon SIMD architecture extension config CRYPTO_AEGIS128_AESNI_SSE2 - tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" + tristate "AEGIS-128 (x86_64 with AES-NI/SSE2)" depends on X86 && 64BIT select CRYPTO_AEAD select CRYPTO_SIMD help - AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm. + AEGIS-128 AEAD algorithm + + Architecture: x86_64 using: + * AES-NI (AES New Instructions) + * SSE2 (Streaming SIMD Extensions 2) config CRYPTO_SEQIV tristate "Sequence Number IV Generator" @@ -380,7 +389,9 @@ menu "AEAD (Authenticated Encryption with Associated Data) ciphers" select CRYPTO_MANAGER help This IV generator generates an IV based on a sequence number by - xoring it with a salt. This algorithm is mainly useful for CTR + xoring it with a salt. This algorithm is mainly useful for CTR. + + This is required for IPsec ESP (XFRM_ESP). config CRYPTO_ECHAINIV tristate "Encrypted Chain IV Generator" @@ -400,72 +411,69 @@ menu "AEAD (Authenticated Encryption with Associated Data) ciphers" menu "Block modes" config CRYPTO_CBC - tristate "CBC support" + tristate "CBC (Cipher Block Chaining)" select CRYPTO_SKCIPHER select CRYPTO_MANAGER help - CBC: Cipher Block Chaining mode - This block cipher algorithm is required for IPSec. + CBC (Cipher Block Chaining) mode (NIST SP800-38A) + + This block cipher mode is required for IPSec ESP (XFRM_ESP). config CRYPTO_CFB - tristate "CFB support" + tristate "CFB (Cipher Feedback)" select CRYPTO_SKCIPHER select CRYPTO_MANAGER help - CFB: Cipher FeedBack mode - This block cipher algorithm is required for TPM2 Cryptography. + CFB (Cipher Feedback) mode (NIST SP800-38A) + + This block cipher mode is required for TPM2 Cryptography. config CRYPTO_CTR - tristate "CTR support" + tristate "CTR (Counter)" select CRYPTO_SKCIPHER select CRYPTO_MANAGER help - CTR: Counter mode - This block cipher algorithm is required for IPSec. + CTR (Counter) mode (NIST SP800-38A) config CRYPTO_CTS - tristate "CTS support" + tristate "CTS (Cipher Text Stealing)" select CRYPTO_SKCIPHER select CRYPTO_MANAGER help - CTS: Cipher Text Stealing - This is the Cipher Text Stealing mode as described by - Section 8 of rfc2040 and referenced by rfc3962 - (rfc3962 includes errata information in its Appendix A) or - CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. + CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST + Addendum to SP800-38A (October 2010)) + This mode is required for Kerberos gss mechanism support for AES encryption. - See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final - config CRYPTO_ECB - tristate "ECB support" + tristate "ECB (Electronic Codebook)" select CRYPTO_SKCIPHER select CRYPTO_MANAGER help - ECB: Electronic CodeBook mode - This is the simplest block cipher algorithm. It simply encrypts - the input block by block. + ECB (Electronic Codebook) mode (NIST SP800-38A) config CRYPTO_LRW - tristate "LRW support" + tristate "LRW (Liskov Rivest Wagner)" select CRYPTO_SKCIPHER select CRYPTO_MANAGER select CRYPTO_GF128MUL select CRYPTO_ECB help - LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable + LRW (Liskov Rivest Wagner) mode, a tweakable, non malleable, non movable narrow block cipher mode for dm-crypt. Use it with cipher specification string aes-lrw-benbi, the key must be 256, 320 or 384. The first 128, 192 or 256 bits in the key are used for AES and the rest is used to tie each cipher block to its logical position. config CRYPTO_OFB - tristate "OFB support" + tristate "OFB (Output Feedback)" select CRYPTO_SKCIPHER select CRYPTO_MANAGER help - OFB: the Output Feedback mode makes a block cipher into a synchronous + OFB (Output Feedback) mode (NIST SP800-38A) + + This mode makes a block cipher into a synchronous stream cipher. It generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext. Flipping a bit in the ciphertext produces a flipped bit in the plaintext at the same @@ -473,30 +481,33 @@ menu "Block modes" normally even when applied before encryption. config CRYPTO_PCBC - tristate "PCBC support" + tristate "PCBC (Propagating Cipher Block Chaining)" select CRYPTO_SKCIPHER select CRYPTO_MANAGER help - PCBC: Propagating Cipher Block Chaining mode + PCBC (Propagating Cipher Block Chaining) mode This block cipher algorithm is required for RxRPC. config CRYPTO_XTS - tristate "XTS support" + tristate "XTS (XOR Encrypt XOR with ciphertext stealing)" select CRYPTO_SKCIPHER select CRYPTO_MANAGER select CRYPTO_ECB help - XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, - key size 256, 384 or 512 bits. This implementation currently - can't handle a sectorsize which is not a multiple of 16 bytes. + XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E + and IEEE 1619) + + Use with aes-xts-plain, key size 256, 384 or 512 bits. This + implementation currently can't handle a sectorsize which is not a + multiple of 16 bytes. config CRYPTO_KEYWRAP - tristate "Key wrapping support" + tristate "KW (AES Key Wrap)" select CRYPTO_SKCIPHER select CRYPTO_MANAGER help - Support for key wrapping (NIST SP800-38F / RFC3394) without - padding. + KW (AES Key Wrap) authenticated encryption mode (NIST SP800-38F + and RFC3394) without padding. config CRYPTO_NHPOLY1305 tristate @@ -504,23 +515,27 @@ menu "Block modes" select CRYPTO_LIB_POLY1305_GENERIC config CRYPTO_NHPOLY1305_SSE2 - tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)" + tristate "NHPoly1305 (x86_64 with SSE2)" depends on X86 && 64BIT select CRYPTO_NHPOLY1305 help - SSE2 optimized implementation of the hash function used by the - Adiantum encryption mode. + NHPoly1305 hash function (Adiantum) + + Architecture: x86_64 using: + * SSE2 (Streaming SIMD Extensions 2) config CRYPTO_NHPOLY1305_AVX2 - tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)" + tristate "NHPoly1305 (x86_64 with AVX2)" depends on X86 && 64BIT select CRYPTO_NHPOLY1305 help - AVX2 optimized implementation of the hash function used by the - Adiantum encryption mode. + NHPoly1305 hash function (Adiantum) + + Architecture: x86_64 using: + * AVX2 (Advanced Vector Extensions 2) config CRYPTO_ADIANTUM - tristate "Adiantum support" + tristate "Adiantum" select CRYPTO_CHACHA20 select CRYPTO_LIB_POLY1305_GENERIC select CRYPTO_NHPOLY1305 From patchwork Mon Aug 15 19:06:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Elliott, Robert \(Servers\)" X-Patchwork-Id: 598989 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AEE7CC25B08 for ; Mon, 15 Aug 2022 20:37:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345506AbiHOUhO (ORCPT ); Mon, 15 Aug 2022 16:37:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46378 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346073AbiHOUfX (ORCPT ); Mon, 15 Aug 2022 16:35:23 -0400 Received: from mx0b-002e3701.pphosted.com (mx0b-002e3701.pphosted.com [148.163.143.35]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 865FA4E623; Mon, 15 Aug 2022 12:06:27 -0700 (PDT) Received: from pps.filterd (m0150244.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27FIplv8001482; Mon, 15 Aug 2022 19:06:23 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : content-transfer-encoding : mime-version; s=pps0720; bh=GnXigjBi3Y9D5niWTEiKyH5NhrpH/AJZUwps2V8zaYM=; b=MqXoVfG3DEAMD2Ffu6YKhoNaH6k7OOwDjOrWVQj2neTvhLBsgQhZy2f5nzleoUpld9OA tHg3mAgvi9PoGFD24lYqCXuyUj5uapzfWg5d9fp56FSS4Vvxfu9DOxS6+4TOiQAZMwtN 9cBcyHJdHcxvZ5CW1dVuTddJgdbkApNYleQeC2saYMVl97cXZMcdhg0DMG9gN3TyqHDG nn8QEmQByrS25whcgqIuK/lj9u0mjB7pa1ag0vq5qSDghS3C3Sobk5L7XinatzUIm0rn 2VRxPCXcQPYIk5o3WMNS/z5YcBHplJ2BRHTpKO0O9PykpyM0Q9CVxTrFTMFgPSU0wsbh qA== Received: from p1lg14881.it.hpe.com (p1lg14881.it.hpe.com [16.230.97.202]) by mx0b-002e3701.pphosted.com (PPS) with ESMTPS id 3hyusxg3jv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 15 Aug 2022 19:06:23 +0000 Received: from p1lg14886.dc01.its.hpecorp.net (unknown [10.119.18.237]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by p1lg14881.it.hpe.com (Postfix) with ESMTPS id 75DF9804CBC; Mon, 15 Aug 2022 19:06:22 +0000 (UTC) Received: from adevxp033-sys.us.rdlabs.hpecorp.net (unknown [16.231.227.36]) by p1lg14886.dc01.its.hpecorp.net (Postfix) with ESMTP id 2F15F803AF6; Mon, 15 Aug 2022 19:06:22 +0000 (UTC) From: Robert Elliott To: herbert@gondor.apana.org.au, davem@davemloft.net, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Cc: toshi.kani@hpe.com, Robert Elliott Subject: [PATCH 5/8] crypto: Kconfig - simplify hash mode and digest entries Date: Mon, 15 Aug 2022 14:06:05 -0500 Message-Id: <20220815190608.47182-6-elliott@hpe.com> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220815190608.47182-1-elliott@hpe.com> References: <20220815190608.47182-1-elliott@hpe.com> X-Proofpoint-GUID: KI9Co6rv90VAoOgIhIG69O-1NtDz7644 X-Proofpoint-ORIG-GUID: KI9Co6rv90VAoOgIhIG69O-1NtDz7644 X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-HPE-SCL: -1 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-15_08,2022-08-15_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 malwarescore=0 spamscore=0 phishscore=0 clxscore=1015 adultscore=0 mlxlogscore=999 lowpriorityscore=0 priorityscore=1501 impostorscore=0 mlxscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208150072 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Shorten menu titles and help text and make them consistent: * acronym * name * architecture and architecture features in parenthesis * no suffixes like " algorithm", "support", or "hardware acceleration", or "optimized" Clarify architecture restrictions (e.g., include x86 in the names of all the x86-optimized modules. Simplify descriptions, update references, and ensure that https references are still valid. Signed-off-by: Robert Elliott --- crypto/Kconfig | 495 +++++++++++++++++++++++++++---------------------- 1 file changed, 275 insertions(+), 220 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index 703c91e8e7a0..e012d33eb739 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -304,6 +304,8 @@ menu "Public-key cryptography" help Curve25519 algorithm + Used by Wireguard. + config CRYPTO_CURVE25519_X86 tristate "Curve25519 (x86_64 with ADX)" depends on X86 && 64BIT @@ -591,149 +593,160 @@ menu "Block modes" menu "Hash modes" config CRYPTO_CMAC - tristate "CMAC support" + tristate "CMAC (Cipher-based Message Authentication Code)" select CRYPTO_HASH select CRYPTO_MANAGER help - Cipher-based Message Authentication Code (CMAC) specified by - The National Institute of Standards and Technology (NIST). - - https://tools.ietf.org/html/rfc4493 - http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf + CMAC (Cipher-based Message Authentication Code) authentication + mode (NIST SP800-38B and IETF RFC4493) config CRYPTO_HMAC - tristate "HMAC support" + tristate "HMAC (Keyed-Hash Message Authentication Code)" select CRYPTO_HASH select CRYPTO_MANAGER help - HMAC: Keyed-Hashing for Message Authentication (RFC2104). - This is required for IPSec. + HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and + RFC2104) + + This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP). config CRYPTO_XCBC - tristate "XCBC support" + tristate "XCBC-MAC (Extended Cipher Block Chaining Message Authentication Code)" select CRYPTO_HASH select CRYPTO_MANAGER help - XCBC: Keyed-Hashing with encryption algorithm - https://www.ietf.org/rfc/rfc3566.txt - http://csrc.nist.gov/encryption/modes/proposedmodes/ - xcbc-mac/xcbc-mac-spec.pdf + XCBC-MAC (Extended Cipher Block Chaining Message Authentication + Code) (RFC3566) config CRYPTO_VMAC - tristate "VMAC support" + tristate "VMAC" select CRYPTO_HASH select CRYPTO_MANAGER help VMAC is a message authentication algorithm designed for very high speed on 64-bit architectures. - See also: - + See https://fastcrypto.org/vmac for further information. endmenu menu "Digests" config CRYPTO_CRC32C - tristate "CRC32c CRC algorithm" + tristate "CRC32c" select CRYPTO_HASH select CRC32 help - Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used - by iSCSI for header and data digests and by others. - See Castagnoli93. Module will be crc32c. + CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720) + + A 32-bit CRC (cyclic redundancy check) with a polynomial defined + by G. Castagnoli, S. Braeuer and M. Herrman in "Optimization of Cyclic + Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions + on Communications, Vol. 41, No. 6, June 1993, selected for use with + iSCSI. + + Used by btrfs, ext4, jbd2, NVMeoF/TCP, and iSCSI. config CRYPTO_CRC32C_INTEL - tristate "CRC32c INTEL hardware acceleration" + tristate "CRC32c (x86 with SSE4.2/PCLMULQDQ)" depends on X86 select CRYPTO_HASH help - In Intel processor with SSE4.2 supported, the processor will - support CRC32C implementation using hardware accelerated CRC32 - instruction. This option will create 'crc32c-intel' module, - which will enable any routine to use the CRC32 instruction to - gain performance compared with software implementation. + CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720) + + Architecture: x86 (32-bit and 64-bit) using: + * SSE4.2 (Streaming SIMD Extensions 4.2 - CRC32 instruction) + * PCLMULQDQ (carry-less multiplication) + Module will be crc32c-intel. config CRYPTO_CRC32C_VPMSUM - tristate "CRC32c CRC algorithm (powerpc64)" + tristate "CRC32c (powerpc64)" depends on PPC64 && ALTIVEC select CRYPTO_HASH select CRC32 help - CRC32c algorithm implemented using vector polynomial multiply-sum - (vpmsum) instructions, introduced in POWER8. Enable on POWER8 - and newer processors for improved performance. + CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720) + + Architecture: powerpc64 using AltiVec extensions + + Enable on POWER8 and newer processors for improved performance. config CRYPTO_CRC32C_SPARC64 - tristate "CRC32c CRC algorithm (SPARC64)" + tristate "CRC32c (SPARC64)" depends on SPARC64 select CRYPTO_HASH select CRC32 help - CRC32c CRC algorithm implemented using sparc64 crypto instructions, - when available. + CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720) + + Architecture: sparc64 config CRYPTO_CRC32 - tristate "CRC32 CRC algorithm" + tristate "CRC32" select CRYPTO_HASH select CRC32 help - CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. + CRC32 CRC algorithm (IEEE 802.3) Shash crypto api wrappers to crc32_le function. + Used by RoCEv2 and f2fs. + config CRYPTO_CRC32_PCLMUL - tristate "CRC32 PCLMULQDQ hardware acceleration" + tristate "CRC32 (x86 with PCLMULQDQ)" depends on X86 select CRYPTO_HASH select CRC32 help - From Intel Westmere and AMD Bulldozer processor with SSE4.2 - and PCLMULQDQ supported, the processor will support - CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ - instruction. This option will create 'crc32-pclmul' module, - which will enable any routine to use the CRC-32-IEEE 802.3 checksum - and gain better performance as compared with the table implementation. + CRC32 CRC algorithm (IEEE 802.3) + + Architecture: x86 (32-bit and 64-bit) using: + * PCLMULQDQ (carry-less multiplication) + + Module will be crc32-pclmul. config CRYPTO_CRC32_MIPS - tristate "CRC32c and CRC32 CRC algorithm (MIPS)" + tristate "CRC32c and CRC32 (MIPS)" depends on MIPS_CRC_SUPPORT select CRYPTO_HASH help - CRC32c and CRC32 CRC algorithms implemented using mips crypto - instructions, when available. + CRC32c and CRC32 CRC algorithms + + Architecture: mips config CRYPTO_CRC32_S390 - tristate "CRC-32 algorithms" + tristate "CRC32c and CRC32 (s390)" depends on S390 select CRYPTO_HASH select CRC32 help - Select this option if you want to use hardware accelerated - implementations of CRC algorithms. With this option, you - can optimize the computation of CRC-32 (IEEE 802.3 Ethernet) - and CRC-32C (Castagnoli). + CRC32c and CRC32 CRC algorithms + + Architecture: s390 It is available with IBM z13 or later. config CRYPTO_XXHASH - tristate "xxHash hash algorithm" + tristate "xxHash" select CRYPTO_HASH select XXHASH help - xxHash non-cryptographic hash algorithm. Extremely fast, working at - speeds close to RAM limits. + xxHash non-cryptographic hash algorithm + + Extremely fast, working at speeds close to RAM limits. + + Used by the btrfs filesystem. config CRYPTO_BLAKE2B - tristate "BLAKE2b digest algorithm" + tristate "BLAKE2b" select CRYPTO_HASH help - Implementation of cryptographic hash function BLAKE2b (or just BLAKE2), - optimized for 64bit platforms and can produce digests of any size - between 1 to 64. The keyed hash is also implemented. + BLAKE2b cryptographic hash function (RFC 7693) - This module provides the following algorithms: + BLAKE2b is optimized for 64-bit platforms and can produce digests + of any size between 1 and 64 bytes. The keyed hash is also implemented. + This module provides the following algorithms: - blake2b-160 - blake2b-256 - blake2b-384 @@ -741,371 +754,407 @@ menu "Digests" See https://blake2.net for further information. + Used by the btrfs filesystem. + config CRYPTO_BLAKE2S - tristate "BLAKE2s digest algorithm" + tristate "BLAKE2s" select CRYPTO_LIB_BLAKE2S_GENERIC select CRYPTO_HASH help - Implementation of cryptographic hash function BLAKE2s - optimized for 8-32bit platforms and can produce digests of any size - between 1 to 32. The keyed hash is also implemented. + BLAKE2s cryptographic hash function (RFC 7693) - This module provides the following algorithms: + BLAKE2s is optimized for 8 to 32-bit platforms and can produce + digests of any size between 1 and 32 bytes. The keyed hash is + also implemented. + This module provides the following algorithms: - blake2s-128 - blake2s-160 - blake2s-224 - blake2s-256 + Used by Wireguard. + See https://blake2.net for further information. config CRYPTO_BLAKE2S_X86 - tristate "BLAKE2s digest algorithm (x86 accelerated version)" + tristate "BLAKE2s (x86_64 with SSSE3/AVX-512)" depends on X86 && 64BIT select CRYPTO_LIB_BLAKE2S_GENERIC select CRYPTO_ARCH_HAVE_LIB_BLAKE2S + help + BLAKE2s cryptographic hash function (RFC 7693) + + Architecture: x86_64 using: + * SSSE3 (Supplemental SSE3) + * AVX-512 (Advanced Vector Extensions-512) config CRYPTO_CRCT10DIF - tristate "CRCT10DIF algorithm" + tristate "CRCT10DIF" select CRYPTO_HASH help - CRC T10 Data Integrity Field computation is being cast as - a crypto transform. This allows for faster crc t10 diff - transforms to be used if they are available. + CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF) + + CRC algorithm used by the SCSI Block Commands standard. config CRYPTO_CRCT10DIF_PCLMUL - tristate "CRCT10DIF PCLMULQDQ hardware acceleration" + tristate "CRCT10DIF (x86_64 with PCLMULQDQ)" depends on X86 && 64BIT && CRC_T10DIF select CRYPTO_HASH help - For x86_64 processors with SSE4.2 and PCLMULQDQ supported, - CRC T10 DIF PCLMULQDQ computation can be hardware - accelerated PCLMULQDQ instruction. This option will create - 'crct10dif-pclmul' module, which is faster when computing the - crct10dif checksum as compared with the generic table implementation. + CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF) + + Architecture: x86_64 using: + * PCLMULQDQ (carry-less multiplication) + + Module is crct10dif-pclmul. config CRYPTO_CRCT10DIF_VPMSUM - tristate "CRC32T10DIF powerpc64 hardware acceleration" + tristate "CRC32T10DIF (powerpc64)" depends on PPC64 && ALTIVEC && CRC_T10DIF select CRYPTO_HASH help - CRC10T10DIF algorithm implemented using vector polynomial - multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on - POWER8 and newer processors for improved performance. + CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF) + + Architecture: powerpc64 using AltiVec extensions + Enable on POWER8 and newer processors for improved performance. config CRYPTO_CRC64_ROCKSOFT - tristate "Rocksoft Model CRC64 algorithm" + tristate "CRC64 based on the Rocksoft Model CRC Algorithm" depends on CRC64 select CRYPTO_HASH + help + CRC64 CRC algorithm based on the Rocksoft Model CRC Algorithm + + Used by the NVMe implementation of T10 DIF (BLK_DEV_INTEGRITY) + + See https://zlib.net/crc_v3.txt config CRYPTO_VPMSUM_TESTER - tristate "Powerpc64 vpmsum hardware acceleration tester" + tristate "CRC32C and CRC32T10DIF vpmsum hardware acceleration tester (powerpc64)" depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM help - Stress test for CRC32c and CRC-T10DIF algorithms implemented with - POWER8 vpmsum instructions. + Stress test for CRC32c and CRCT10DIF algorithms implemented with + powerpc64 AltiVec extensions (POWER8 vpmsum instructions). Unless you are testing these algorithms, you don't need this. config CRYPTO_GHASH - tristate "GHASH hash function" + tristate "GHASH" select CRYPTO_GF128MUL select CRYPTO_HASH help - GHASH is the hash function used in GCM (Galois/Counter Mode). - It is not a general-purpose cryptographic hash function. + GCM GHASH function (NIST SP800-38D) config CRYPTO_POLY1305 - tristate "Poly1305 authenticator algorithm" + tristate "Poly1305" select CRYPTO_HASH select CRYPTO_LIB_POLY1305_GENERIC help - Poly1305 authenticator algorithm, RFC7539. + Poly1305 authenticator algorithm (RFC7539) Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use in IETF protocols. This is the portable C implementation of Poly1305. config CRYPTO_POLY1305_X86_64 - tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" + tristate "Poly1305 (x86_64 with SSE2/AVX2)" depends on X86 && 64BIT select CRYPTO_LIB_POLY1305_GENERIC select CRYPTO_ARCH_HAVE_LIB_POLY1305 help - Poly1305 authenticator algorithm, RFC7539. + Poly1305 authenticator algorithm (RFC7539) - Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. - It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use - in IETF protocols. This is the x86_64 assembler implementation using SIMD - instructions. + Architecture: x86_64 using: + * SSE2 (Streaming SIMD Extensions 2) + * AVX2 (Advanced Vector Extensions 2) config CRYPTO_POLY1305_MIPS - tristate "Poly1305 authenticator algorithm (MIPS optimized)" + tristate "Poly1305 (MIPS)" depends on MIPS select CRYPTO_ARCH_HAVE_LIB_POLY1305 + help + Poly1305 authenticator algorithm (RFC7539) + + Architecture: mips config CRYPTO_MD4 - tristate "MD4 digest algorithm" + tristate "MD4" select CRYPTO_HASH help - MD4 message digest algorithm (RFC1320). + MD4 message digest algorithm (RFC1320) config CRYPTO_MD5 - tristate "MD5 digest algorithm" + tristate "MD5" select CRYPTO_HASH help - MD5 message digest algorithm (RFC1321). + MD5 message digest algorithm (RFC1321) config CRYPTO_MD5_OCTEON - tristate "MD5 digest algorithm (OCTEON)" + tristate "MD5 (OCTEON)" depends on CPU_CAVIUM_OCTEON select CRYPTO_MD5 select CRYPTO_HASH help - MD5 message digest algorithm (RFC1321) implemented - using OCTEON crypto instructions, when available. + MD5 message digest algorithm (RFC1321) + + Architecture: OCTEON using crypto instructions, when available config CRYPTO_MD5_PPC - tristate "MD5 digest algorithm (PPC)" + tristate "MD5 (PPC)" depends on PPC select CRYPTO_HASH help - MD5 message digest algorithm (RFC1321) implemented - in PPC assembler. + MD5 message digest algorithm (RFC1321) + + Architecture: powerpc config CRYPTO_MD5_SPARC64 - tristate "MD5 digest algorithm (SPARC64)" + tristate "MD5 (SPARC64)" depends on SPARC64 select CRYPTO_MD5 select CRYPTO_HASH help - MD5 message digest algorithm (RFC1321) implemented - using sparc64 crypto instructions, when available. + MD5 message digest algorithm (RFC1321) + + Architecture: sparc64 using crypto instructions, when available config CRYPTO_MICHAEL_MIC - tristate "Michael MIC keyed digest algorithm" + tristate "Michael MIC" select CRYPTO_HASH help - Michael MIC is used for message integrity protection in TKIP - (IEEE 802.11i). This algorithm is required for TKIP, but it - should not be used for other purposes because of the weakness - of the algorithm. + Michael MIC (Message Integrity Code) (IEEE 802.11i) + + Defined by the IEEE 802.11i TKIP (Temporal Key Integrity Protocol), + known as WPA (Wif-Fi Protected Access). + + This algorithm is required for TKIP, but it should not be used for + other purposes because of the weakness of the algorithm. config CRYPTO_RMD160 - tristate "RIPEMD-160 digest algorithm" + tristate "RIPEMD-160" select CRYPTO_HASH help - RIPEMD-160 (ISO/IEC 10118-3:2004). + RIPEMD-160 (ISO/IEC 10118-3:2004) RIPEMD-160 is a 160-bit cryptographic hash function. It is intended to be used as a secure replacement for the 128-bit hash functions - MD4, MD5 and it's predecessor RIPEMD + MD4, MD5 and its predecessor RIPEMD (not to be confused with RIPEMD-128). - It's speed is comparable to SHA1 and there are no known attacks + Its speed is comparable to SHA1 and there are no known attacks against RIPEMD-160. Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. - See + See https://homes.esat.kuleuven.be/~bosselae/ripemd160.html + for further information. config CRYPTO_SHA1 - tristate "SHA1 digest algorithm" + tristate "SHA1" select CRYPTO_HASH help - SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). + SHA-1 secure hash algorithm (FIPS 180) config CRYPTO_SHA1_SSSE3 - tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" + tristate "SHA1 (x86_64 with SSSE3/AVX/AVX2/SHA-NI)" depends on X86 && 64BIT select CRYPTO_SHA1 select CRYPTO_HASH help - SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented - using Supplemental SSE3 (SSSE3) instructions or Advanced Vector - Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), - when available. + SHA-1 secure hash algorithm (FIPS 180) + + Architecture: x86_64 using: + * SSSE3 (Supplemental SSE3) + * AVX (Advanced Vector Extensions) + * AVX2 (Advanced Vector Extensions 2) + * SHA-NI (SHA Extensions New Instructions) config CRYPTO_SHA256_SSSE3 - tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" + tristate "SHA224 and SHA256 (x86_64 with SSSE3/AVX/AVX2/SHA-NI)" depends on X86 && 64BIT select CRYPTO_SHA256 select CRYPTO_HASH help - SHA-256 secure hash standard (DFIPS 180-2) implemented - using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector - Extensions version 1 (AVX1), or Advanced Vector Extensions - version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New - Instructions) when available. + SHA-224 and SHA-256 secure hash algorithms (FIPS 180) + + Architecture: x86_64 using: + * SSSE3 (Supplemental SSE3) + * AVX (Advanced Vector Extensions) + * AVX2 (Advanced Vector Extensions 2) + * SHA-NI (SHA Extensions New Instructions) config CRYPTO_SHA512_SSSE3 - tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" + tristate "SHA384 and SHA512 (x86_64 with SSSE3/AVX/AVX2)" depends on X86 && 64BIT select CRYPTO_SHA512 select CRYPTO_HASH help - SHA-512 secure hash standard (DFIPS 180-2) implemented - using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector - Extensions version 1 (AVX1), or Advanced Vector Extensions - version 2 (AVX2) instructions, when available. + SHA-384 and SHA-512 secure hash algorithms (FIPS 180) + + Architecture: x86_64 using: + * SSSE3 (Supplemental SSE3) + * AVX (Advanced Vector Extensions) + * AVX2 (Advanced Vector Extensions 2) config CRYPTO_SHA512_S390 - tristate "SHA384 and SHA512 digest algorithm" + tristate "SHA384 and SHA512 (s390)" depends on S390 select CRYPTO_HASH help - This is the s390 hardware accelerated implementation of the - SHA512 secure hash standard. + SHA-384 and SHA-512 secure hash algorithms (FIPS 180) + + Architecture: s390 It is available as of z10. config CRYPTO_SHA1_OCTEON - tristate "SHA1 digest algorithm (OCTEON)" + tristate "SHA1 (OCTEON)" depends on CPU_CAVIUM_OCTEON select CRYPTO_SHA1 select CRYPTO_HASH help - SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented - using OCTEON crypto instructions, when available. + SHA-1 secure hash algorithm (FIPS 180) + + Architecture: OCTEON config CRYPTO_SHA1_SPARC64 - tristate "SHA1 digest algorithm (SPARC64)" + tristate "SHA1 (SPARC64)" depends on SPARC64 select CRYPTO_SHA1 select CRYPTO_HASH help - SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented - using sparc64 crypto instructions, when available. + SHA-1 secure hash algorithm (FIPS 180) + + Architecture: sparc64 config CRYPTO_SHA1_PPC - tristate "SHA1 digest algorithm (powerpc)" + tristate "SHA1 (powerpc)" depends on PPC help - This is the powerpc hardware accelerated implementation of the - SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). + SHA-1 secure hash algorithm (FIPS 180) + + Architecture: powerpc config CRYPTO_SHA1_PPC_SPE - tristate "SHA1 digest algorithm (PPC SPE)" + tristate "SHA1 (PPC SPE)" depends on PPC && SPE help - SHA-1 secure hash standard (DFIPS 180-4) implemented - using powerpc SPE SIMD instruction set. + SHA-1 secure hash algorithm (FIPS 180) + + Architecture: powerpc using SPE (Signal Processing Engine) extensions config CRYPTO_SHA1_S390 - tristate "SHA1 digest algorithm" + tristate "SHA1 (s390)" depends on S390 select CRYPTO_HASH help - This is the s390 hardware accelerated implementation of the - SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). + SHA-1 secure hash algorithm (FIPS 180) + + Architecture: s390 It is available as of z990. config CRYPTO_SHA256 - tristate "SHA224 and SHA256 digest algorithm" + tristate "SHA224 and SHA256" select CRYPTO_HASH select CRYPTO_LIB_SHA256 help - SHA256 secure hash standard (DFIPS 180-2). + SHA-224 and SHA-256 secure hash algorithms (FIPS 180). - This version of SHA implements a 256 bit hash with 128 bits of - security against collision attacks. - - This code also includes SHA-224, a 224 bit hash with 112 bits - of security against collision attacks. + This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP). + Used by the btrfs filesystem, Ceph, NFS, and SMB. config CRYPTO_SHA256_PPC_SPE - tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" + tristate "SHA224 and SHA256 (PPC SPE)" depends on PPC && SPE select CRYPTO_SHA256 select CRYPTO_HASH help - SHA224 and SHA256 secure hash standard (DFIPS 180-2) - implemented using powerpc SPE SIMD instruction set. + SHA-224 and SHA-256 secure hash algorithms (FIPS 180) + + Architecture: powerpc using SPE (Signal Processing Engine) extensions config CRYPTO_SHA256_OCTEON - tristate "SHA224 and SHA256 digest algorithm (OCTEON)" + tristate "SHA224 and SHA256 (OCTEON)" depends on CPU_CAVIUM_OCTEON select CRYPTO_SHA256 select CRYPTO_HASH help - SHA-256 secure hash standard (DFIPS 180-2) implemented - using OCTEON crypto instructions, when available. + SHA-224 and SHA-256 secure hash algorithms (FIPS 180) + + Architecture: OCTEON using crypto instructions, when available config CRYPTO_SHA256_SPARC64 - tristate "SHA224 and SHA256 digest algorithm (SPARC64)" + tristate "SHA224 and SHA256 (SPARC64)" depends on SPARC64 select CRYPTO_SHA256 select CRYPTO_HASH help - SHA-256 secure hash standard (DFIPS 180-2) implemented - using sparc64 crypto instructions, when available. + SHA-224 and SHA-256 secure hash algorithms (FIPS 180) + + Architecture: sparc64 using crypto instructions, when available config CRYPTO_SHA256_S390 - tristate "SHA256 digest algorithm" + tristate "SHA224 and SHA256 (s390)" depends on S390 select CRYPTO_HASH help - This is the s390 hardware accelerated implementation of the - SHA256 secure hash standard (DFIPS 180-2). + SHA-224 and SHA-256 secure hash algorithms (FIPS 180) + + Architecture: s390 It is available as of z9. config CRYPTO_SHA512 - tristate "SHA384 and SHA512 digest algorithms" + tristate "SHA384 and SHA512" select CRYPTO_HASH help - SHA512 secure hash standard (DFIPS 180-2). - - This version of SHA implements a 512 bit hash with 256 bits of - security against collision attacks. - - This code also includes SHA-384, a 384 bit hash with 192 bits - of security against collision attacks. + SHA-384 and SHA-512 secure hash algorithms (FIPS 180) config CRYPTO_SHA512_OCTEON - tristate "SHA384 and SHA512 digest algorithms (OCTEON)" + tristate "SHA384 and SHA512 (OCTEON)" depends on CPU_CAVIUM_OCTEON select CRYPTO_SHA512 select CRYPTO_HASH help - SHA-512 secure hash standard (DFIPS 180-2) implemented - using OCTEON crypto instructions, when available. + SHA-384 and SHA-512 secure hash algorithms (FIPS 180) + + Architecture: OCTEON using crypto instructions, when available config CRYPTO_SHA512_SPARC64 - tristate "SHA384 and SHA512 digest algorithm (SPARC64)" + tristate "SHA384 and SHA512 (SPARC64)" depends on SPARC64 select CRYPTO_SHA512 select CRYPTO_HASH help - SHA-512 secure hash standard (DFIPS 180-2) implemented - using sparc64 crypto instructions, when available. + SHA-384 and SHA-512 secure hash algorithms (FIPS 180) + + Architecture: sparc64 using crypto instructions, when available config CRYPTO_SHA3 - tristate "SHA3 digest algorithm" + tristate "SHA3" select CRYPTO_HASH help - SHA-3 secure hash standard (DFIPS 202). It's based on - cryptographic sponge function family called Keccak. - - References: - http://keccak.noekeon.org/ + SHA-3 secure hash algorithms (FIPS 202) config CRYPTO_SHA3_256_S390 - tristate "SHA3_224 and SHA3_256 digest algorithm" + tristate "SHA3_224 and SHA3_256 (s390)" depends on S390 select CRYPTO_HASH help - This is the s390 hardware accelerated implementation of the - SHA3_256 secure hash standard. + SHA3-224 and SHA3-256 hash functions (FIPS 202) + + Architecture: s390 It is available as of z14. config CRYPTO_SHA3_512_S390 - tristate "SHA3_384 and SHA3_512 digest algorithm" + tristate "SHA3_384 and SHA3_512 (s390)" depends on S390 select CRYPTO_HASH help - This is the s390 hardware accelerated implementation of the - SHA3_512 secure hash standard. + SHA3-384 and SHA3-512 hash functions (FIPS 202) + + Architecture: s390 It is available as of z14. @@ -1113,44 +1162,47 @@ menu "Digests" tristate config CRYPTO_SM3_GENERIC - tristate "SM3 digest algorithm" + tristate "SM3 (ShangMi 3)" select CRYPTO_HASH select CRYPTO_SM3 help - SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). - It is part of the Chinese Commercial Cryptography suite. + SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3 + + This is part of the Chinese Commercial Cryptography suite. References: http://www.oscca.gov.cn/UpFile/20101222141857786.pdf https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash config CRYPTO_SM3_AVX_X86_64 - tristate "SM3 digest algorithm (x86_64/AVX)" + tristate "SM3 (ShangMi 3) (x86_64 with AVX)" depends on X86 && 64BIT select CRYPTO_HASH select CRYPTO_SM3 help - SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). - It is part of the Chinese Commercial Cryptography suite. This is - SM3 optimized implementation using Advanced Vector Extensions (AVX) - when available. + SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3 + + Architecture: x86_64 using: + * AVX (Advanced Vector Extensions) If unsure, say N. config CRYPTO_STREEBOG - tristate "Streebog Hash Function" + tristate "Streebog (GOST 34.11)" select CRYPTO_HASH help - Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian - cryptographic standard algorithms (called GOST algorithms). - This setting enables two hash algorithms with 256 and 512 bits output. + Streebog Hash Function (GOST R 34.11-2012, RFC 6986) + + This is one of the Russian cryptographic standard algorithms (called + GOST algorithms). This setting enables two hash algorithms with + 256 and 512 bits output. References: https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf https://tools.ietf.org/html/rfc6986 config CRYPTO_WP512 - tristate "Whirlpool digest algorithms" + tristate "Whirlpool" select CRYPTO_HASH help Whirlpool hash algorithm 512, 384 and 256-bit hashes @@ -1158,24 +1210,27 @@ menu "Digests" Whirlpool-512 is part of the NESSIE cryptographic primitives. Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard - See also: - + See https://web.archive.org/web/20171129084214/http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html + for further information. config CRYPTO_GHASH_CLMUL_NI_INTEL - tristate "GHASH hash function (CLMUL-NI accelerated)" + tristate "GHASH (x86_64 with CLMUL-NI)" depends on X86 && 64BIT select CRYPTO_CRYPTD help - This is the x86_64 CLMUL-NI accelerated implementation of - GHASH, the hash function used in GCM (Galois/Counter mode). + GCM GHASH hash function (NIST SP800-38D) + + Architecture: x86_64 using: + * CLMUL-NI (carry-less multiplication new instructions) config CRYPTO_GHASH_S390 - tristate "GHASH hash function" + tristate "GHASH (s390)" depends on S390 select CRYPTO_HASH help - This is the s390 hardware accelerated implementation of GHASH, - the hash function used in GCM (Galois/Counter mode). + GCM GHASH hash function (NIST SP800-38D) + + Architecture: s390 It is available as of z196. From patchwork Mon Aug 15 19:06:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Elliott, Robert \(Servers\)" X-Patchwork-Id: 597305 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2731EC25B0E for ; Mon, 15 Aug 2022 20:37:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232912AbiHOUhL (ORCPT ); Mon, 15 Aug 2022 16:37:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43942 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345548AbiHOUfY (ORCPT ); Mon, 15 Aug 2022 16:35:24 -0400 Received: from mx0b-002e3701.pphosted.com (mx0b-002e3701.pphosted.com [148.163.143.35]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0D8FA4E63B; Mon, 15 Aug 2022 12:06:28 -0700 (PDT) Received: from pps.filterd (m0134424.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27FHgZeB030960; Mon, 15 Aug 2022 19:06:24 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : content-transfer-encoding : mime-version; s=pps0720; bh=W7YuKLSlg+L9y+3SYMorR1VdFBeJpRx8rEYlFvqIycA=; b=A8osAhyuWYcSO7MCQFm/9LUyiDcSxDjkrPLM1pq7NaVbqXfsRNRtB2VtxLgNMw6j/pF1 EcKUw7j5wGwredqNVXEV5V4A5Dho0IDS5CNv4HHvDRCXkj5KfpDfv+ke1H53U++CahO6 ArqAr/+iv0XL0o4G5koQrMzd80VAvmn+/AhXZbc0gv260yG/QjysUkTWIieYvsIeAIP1 5BB57exN/6+CIqXrvPT1g2Ni9gVrhfmFdn4SEo/ucwlesyl67lT/WAGQJlR2dHYtq0oG yjcBmzfZTMmbDPTk32Pc8mHVZpWDNdwV1lVO4MMtKs6aFg8AeO2iOynAwySza6TqO57R UQ== Received: from p1lg14878.it.hpe.com (p1lg14878.it.hpe.com [16.230.97.204]) by mx0b-002e3701.pphosted.com (PPS) with ESMTPS id 3hyts4rp84-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 15 Aug 2022 19:06:24 +0000 Received: from p1lg14886.dc01.its.hpecorp.net (unknown [10.119.18.237]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by p1lg14878.it.hpe.com (Postfix) with ESMTPS id 75596D2EE; Mon, 15 Aug 2022 19:06:23 +0000 (UTC) Received: from adevxp033-sys.us.rdlabs.hpecorp.net (unknown [16.231.227.36]) by p1lg14886.dc01.its.hpecorp.net (Postfix) with ESMTP id 2DA1B808EA6; Mon, 15 Aug 2022 19:06:23 +0000 (UTC) From: Robert Elliott To: herbert@gondor.apana.org.au, davem@davemloft.net, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Cc: toshi.kani@hpe.com, Robert Elliott Subject: [PATCH 6/8] crypto: Kconfig - simplify cipher, compression, and RNG entries Date: Mon, 15 Aug 2022 14:06:06 -0500 Message-Id: <20220815190608.47182-7-elliott@hpe.com> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220815190608.47182-1-elliott@hpe.com> References: <20220815190608.47182-1-elliott@hpe.com> X-Proofpoint-ORIG-GUID: 5wJYbzrvh1bZkfrywhv38VkEunJ0LXvE X-Proofpoint-GUID: 5wJYbzrvh1bZkfrywhv38VkEunJ0LXvE X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-HPE-SCL: -1 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-15_08,2022-08-15_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 impostorscore=0 lowpriorityscore=0 mlxlogscore=999 mlxscore=0 spamscore=0 bulkscore=0 phishscore=0 priorityscore=1501 clxscore=1015 adultscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208150072 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Shorten menu titles and help text and make them consistent: * acronym * name * architecture and architecture features in parenthesis * no suffixes like " algorithm", "support", or "hardware acceleration", or "optimized" Clarify architecture restrictions (e.g., include x86 in the names of all the x86-optimized modules. Simplify descriptions, update references, and ensure that https references are still valid. Signed-off-by: Robert Elliott --- crypto/Kconfig | 510 +++++++++++++++++++++---------------------------- 1 file changed, 220 insertions(+), 290 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index e012d33eb739..0116729ea369 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1239,7 +1239,7 @@ menu "Digests" menu "Ciphers" config CRYPTO_AES - tristate "AES cipher algorithms" + tristate "AES (Advanced Encryption Standard)" select CRYPTO_ALGAPI select CRYPTO_LIB_AES help @@ -1257,10 +1257,8 @@ menu "Ciphers" The AES specifies three key sizes: 128, 192 and 256 bits - See for more information. - config CRYPTO_AES_TI - tristate "Fixed time AES cipher" + tristate "AES (Advanced Encryption Standard) (fixed time)" select CRYPTO_ALGAPI select CRYPTO_LIB_AES help @@ -1279,7 +1277,7 @@ menu "Ciphers" are evicted when the CPU is interrupted to do something else. config CRYPTO_AES_NI_INTEL - tristate "AES cipher algorithms (AES-NI)" + tristate "AES (Advanced Encryption Standard) (x86 with AES-NI)" depends on X86 select CRYPTO_AEAD select CRYPTO_LIB_AES @@ -1287,63 +1285,29 @@ menu "Ciphers" select CRYPTO_SKCIPHER select CRYPTO_SIMD help - Use Intel AES-NI instructions for AES algorithm. - - AES cipher algorithms (FIPS-197). AES uses the Rijndael - algorithm. - - Rijndael appears to be consistently a very good performer in - both hardware and software across a wide range of computing - environments regardless of its use in feedback or non-feedback - modes. Its key setup time is excellent, and its key agility is - good. Rijndael's very low memory requirements make it very well - suited for restricted-space environments, in which it also - demonstrates excellent performance. Rijndael's operations are - among the easiest to defend against power and timing attacks. - - The AES specifies three key sizes: 128, 192 and 256 bits + AES cipher algorithms with ECB, CBC, CTS, CTR, XTS, GCM modes - See for more information. - - In addition to AES cipher algorithm support, the acceleration - for some popular block cipher mode is supported too, including - ECB, CBC, LRW, XTS. The 64 bit version has additional - acceleration for CTR. + Architecture: x86 (32-bit and 64-bit) using: + * AES-NI (AES new instructions) config CRYPTO_AES_SPARC64 - tristate "AES cipher algorithms (SPARC64)" + tristate "AES (Advanced Encryption Standard) (SPARC64)" depends on SPARC64 select CRYPTO_SKCIPHER help - Use SPARC64 crypto opcodes for AES algorithm. - - AES cipher algorithms (FIPS-197). AES uses the Rijndael - algorithm. + AES cipher algorithms (FIPS-197) - Rijndael appears to be consistently a very good performer in - both hardware and software across a wide range of computing - environments regardless of its use in feedback or non-feedback - modes. Its key setup time is excellent, and its key agility is - good. Rijndael's very low memory requirements make it very well - suited for restricted-space environments, in which it also - demonstrates excellent performance. Rijndael's operations are - among the easiest to defend against power and timing attacks. - - The AES specifies three key sizes: 128, 192 and 256 bits - - See for more information. - - In addition to AES cipher algorithm support, the acceleration - for some popular block cipher mode is supported too, including - ECB and CBC. + Architecture: sparc64 using crypto instructions config CRYPTO_AES_PPC_SPE - tristate "AES cipher algorithms (PPC SPE)" + tristate "AES (Advanced Encryption Standard) (PPC SPE)" depends on PPC && SPE select CRYPTO_SKCIPHER help - AES cipher algorithms (FIPS-197). Additionally the acceleration - for popular block cipher modes ECB, CBC, CTR and XTS is supported. + AES cipher algorithms (FIPS-197) + + Architecture: powerpc using SPE (Signal Processing Engine) extensions + This module should only be used for low power (router) devices without hardware AES acceleration (e.g. caam crypto). It reduces the size of the AES tables from 16KB to 8KB + 256 bytes and mitigates @@ -1352,13 +1316,14 @@ menu "Ciphers" tables or 256 bytes S-boxes. config CRYPTO_AES_S390 - tristate "AES cipher algorithms" + tristate "AES (Advanced Encryption Standard) (s390)" depends on S390 select CRYPTO_ALGAPI select CRYPTO_SKCIPHER help - This is the s390 hardware accelerated implementation of the - AES cipher algorithms (FIPS-197). + AES cipher algorithms (FIPS 197) + + Architecture: s390 As of z9 the ECB and CBC modes are hardware accelerated for 128 bit keys. @@ -1369,7 +1334,7 @@ menu "Ciphers" 512 bit keys. config CRYPTO_ANUBIS - tristate "Anubis cipher algorithm" + tristate "Anubis" depends on CRYPTO_USER_API_ENABLE_OBSOLETE select CRYPTO_ALGAPI help @@ -1379,12 +1344,11 @@ menu "Ciphers" 128 bits to 320 bits in length. It was evaluated as a entrant in the NESSIE competition. - See also: - - + See https://web.archive.org/web/20160606112246/http://www.larc.usp.br/~pbarreto/AnubisPage.html + for further information. config CRYPTO_ARC4 - tristate "ARC4 cipher algorithm" + tristate "ARC4" depends on CRYPTO_USER_API_ENABLE_OBSOLETE select CRYPTO_SKCIPHER select CRYPTO_LIB_ARC4 @@ -1397,7 +1361,7 @@ menu "Ciphers" weakness of the algorithm. config CRYPTO_BLOWFISH - tristate "Blowfish cipher algorithm" + tristate "Blowfish" select CRYPTO_ALGAPI select CRYPTO_BLOWFISH_COMMON help @@ -1407,8 +1371,7 @@ menu "Ciphers" bits to 448 bits in length. It's fast, simple and specifically designed for use on "large microprocessors". - See also: - + See https://www.schneier.com/blowfish.html for further information. config CRYPTO_BLOWFISH_COMMON tristate @@ -1416,103 +1379,74 @@ menu "Ciphers" Common parts of the Blowfish cipher algorithm shared by the generic c and the assembler implementations. - See also: - - config CRYPTO_BLOWFISH_X86_64 - tristate "Blowfish cipher algorithm (x86_64)" + tristate "Blowfish (x86_64)" depends on X86 && 64BIT select CRYPTO_SKCIPHER select CRYPTO_BLOWFISH_COMMON imply CRYPTO_CTR help - Blowfish cipher algorithm (x86_64), by Bruce Schneier. - - This is a variable key length cipher which can use keys from 32 - bits to 448 bits in length. It's fast, simple and specifically - designed for use on "large microprocessors". + Blowfish cipher algorithm, by Bruce Schneier. - See also: - + Architecture: x86_64 config CRYPTO_CAMELLIA - tristate "Camellia cipher algorithms" + tristate "Camellia" select CRYPTO_ALGAPI help - Camellia cipher algorithms module. + Camellia cipher algorithms Camellia is a symmetric key block cipher developed jointly at NTT and Mitsubishi Electric Corporation. The Camellia specifies three key sizes: 128, 192 and 256 bits. - See also: - + See https://info.isl.ntt.co.jp/crypt/eng/camellia/ for further information. config CRYPTO_CAMELLIA_X86_64 - tristate "Camellia cipher algorithm (x86_64)" + tristate "Camellia (x86_64)" depends on X86 && 64BIT select CRYPTO_SKCIPHER imply CRYPTO_CTR help - Camellia cipher algorithm module (x86_64). - - Camellia is a symmetric key block cipher developed jointly - at NTT and Mitsubishi Electric Corporation. + Camellia cipher algorithms - The Camellia specifies three key sizes: 128, 192 and 256 bits. - - See also: - + Architecture: x86_64 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 - tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" + tristate "Camellia (x86_64 with AES-NI/AVX)" depends on X86 && 64BIT select CRYPTO_SKCIPHER select CRYPTO_CAMELLIA_X86_64 select CRYPTO_SIMD imply CRYPTO_XTS help - Camellia cipher algorithm module (x86_64/AES-NI/AVX). - - Camellia is a symmetric key block cipher developed jointly - at NTT and Mitsubishi Electric Corporation. + Camellia cipher algorithms - The Camellia specifies three key sizes: 128, 192 and 256 bits. - - See also: - + Architecture: x86_64 using: + * AES-NI (AES New Instructions) + * AVX (Advanced Vector Extensions) config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 - tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" + tristate "Camellia (x86_64 with AES-NI/AVX2)" depends on X86 && 64BIT select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 help - Camellia cipher algorithm module (x86_64/AES-NI/AVX2). - - Camellia is a symmetric key block cipher developed jointly - at NTT and Mitsubishi Electric Corporation. + Camellia cipher algorithms - The Camellia specifies three key sizes: 128, 192 and 256 bits. - - See also: - + Architecture: x86_64 using: + * AES-NI (AES New Instructions) + * AVX2 (Advanced Vector Extensions 2) config CRYPTO_CAMELLIA_SPARC64 - tristate "Camellia cipher algorithm (SPARC64)" + tristate "Camellia (SPARC64)" depends on SPARC64 select CRYPTO_ALGAPI select CRYPTO_SKCIPHER help - Camellia cipher algorithm module (SPARC64). - - Camellia is a symmetric key block cipher developed jointly - at NTT and Mitsubishi Electric Corporation. - - The Camellia specifies three key sizes: 128, 192 and 256 bits. + Camellia cipher algorithm module - See also: - + Architecture: sparc64 config CRYPTO_CAST_COMMON tristate @@ -1521,15 +1455,14 @@ menu "Ciphers" generic c and the assembler implementations. config CRYPTO_CAST5 - tristate "CAST5 (CAST-128) cipher algorithm" + tristate "CAST5 (CAST-128)" select CRYPTO_ALGAPI select CRYPTO_CAST_COMMON help - The CAST5 encryption algorithm (synonymous with CAST-128) is - described in RFC2144. + CAST5 (CAST-128) cipher algorithm (RFC2144) config CRYPTO_CAST5_AVX_X86_64 - tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" + tristate "CAST5 (CAST-128) (x86_64 with AVX)" depends on X86 && 64BIT select CRYPTO_SKCIPHER select CRYPTO_CAST5 @@ -1537,22 +1470,22 @@ menu "Ciphers" select CRYPTO_SIMD imply CRYPTO_CTR help - The CAST5 encryption algorithm (synonymous with CAST-128) is - described in RFC2144. + CAST5 (CAST-128) cipher algorithm (RFC2144) - This module provides the Cast5 cipher algorithm that processes - sixteen blocks parallel using the AVX instruction set. + Architecture: x86_64 using: + * AVX (Advanced Vector Extensions) + + Processes 16 blocks in parallel. config CRYPTO_CAST6 - tristate "CAST6 (CAST-256) cipher algorithm" + tristate "CAST6 (CAST-256)" select CRYPTO_ALGAPI select CRYPTO_CAST_COMMON help - The CAST6 encryption algorithm (synonymous with CAST-256) is - described in RFC2612. + CAST6 (CAST-256) encryption algorithm (RFC2612) config CRYPTO_CAST6_AVX_X86_64 - tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" + tristate "CAST6 (CAST-256) (x86_64 with AVX)" depends on X86 && 64BIT select CRYPTO_SKCIPHER select CRYPTO_CAST6 @@ -1561,144 +1494,155 @@ menu "Ciphers" imply CRYPTO_XTS imply CRYPTO_CTR help - The CAST6 encryption algorithm (synonymous with CAST-256) is - described in RFC2612. + CAST6 (CAST-256) encryption algorithm (RFC2612) - This module provides the Cast6 cipher algorithm that processes - eight blocks parallel using the AVX instruction set. + Architecture: x86_64 using: + * AVX (Advanced Vector Extensions) + + Processes eight blocks in parallel. config CRYPTO_DES - tristate "DES and Triple DES EDE cipher algorithms" + tristate "DES and Triple DES EDE" select CRYPTO_ALGAPI select CRYPTO_LIB_DES help - DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). + DES (FIPS 46-2) and Triple DES EDE (FIPS 46-3) cipher algorithms config CRYPTO_DES_SPARC64 - tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" + tristate "DES and Triple DES EDE (SPARC64)" depends on SPARC64 select CRYPTO_ALGAPI select CRYPTO_LIB_DES select CRYPTO_SKCIPHER help - DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), - optimized using SPARC64 crypto opcodes. + DES (FIPS 46-2) and Triple DES EDE (FIPS 46-3) cipher algorithms + + Architecture: sparc64 config CRYPTO_DES3_EDE_X86_64 - tristate "Triple DES EDE cipher algorithm (x86-64)" + tristate "Triple DES EDE (x86_64)" depends on X86 && 64BIT select CRYPTO_SKCIPHER select CRYPTO_LIB_DES imply CRYPTO_CTR help - Triple DES EDE (FIPS 46-3) algorithm. + Triple DES EDE (FIPS 46-3) cipher algorithm - This module provides implementation of the Triple DES EDE cipher - algorithm that is optimized for x86-64 processors. Two versions of - algorithm are provided; regular processing one input block and - one that processes three blocks parallel. + Architecture: x86_64 + + Processes one or three blocks in parallel. config CRYPTO_DES_S390 - tristate "DES and Triple DES cipher algorithms" + tristate "DES and Triple DES EDE (s390)" depends on S390 select CRYPTO_ALGAPI select CRYPTO_SKCIPHER select CRYPTO_LIB_DES help - This is the s390 hardware accelerated implementation of the - DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). + DES (FIPS 46-2) and Triple DES EDE (FIPS 46-3) cipher algorithms + + Architecture: s390 As of z990 the ECB and CBC mode are hardware accelerated. As of z196 the CTR mode is hardware accelerated. config CRYPTO_FCRYPT - tristate "FCrypt cipher algorithm" + tristate "FCrypt" select CRYPTO_ALGAPI select CRYPTO_SKCIPHER help FCrypt algorithm used by RxRPC. config CRYPTO_KHAZAD - tristate "Khazad cipher algorithm" + tristate "Khazad" depends on CRYPTO_USER_API_ENABLE_OBSOLETE select CRYPTO_ALGAPI help - Khazad cipher algorithm. + Khazad cipher algorithm Khazad was a finalist in the initial NESSIE competition. It is an algorithm optimized for 64-bit processors with good performance on 32-bit processors. Khazad uses an 128 bit key size. - See also: - + See https://web.archive.org/web/20171011071731/http://www.larc.usp.br/~pbarreto/KhazadPage.html + for further information. config CRYPTO_CHACHA20 - tristate "ChaCha stream cipher algorithms" + tristate "ChaCha" select CRYPTO_LIB_CHACHA_GENERIC select CRYPTO_SKCIPHER help - The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms. + The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. Bernstein and further specified in RFC7539 for use in IETF protocols. - This is the portable C implementation of ChaCha20. See also: - + This is the portable C implementation of ChaCha20. See + https://cr.yp.to/chacha/chacha-20080128.pdf for further information. XChaCha20 is the application of the XSalsa20 construction to ChaCha20 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, - while provably retaining ChaCha20's security. See also: - + while provably retaining ChaCha20's security. See + https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information. XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly reduced security margin but increased performance. It can be needed in some performance-sensitive scenarios. config CRYPTO_CHACHA20_X86_64 - tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)" + tristate "ChaCha (x86_64 with SSSE3/AVX2/AVX-512VL)" depends on X86 && 64BIT select CRYPTO_SKCIPHER select CRYPTO_LIB_CHACHA_GENERIC select CRYPTO_ARCH_HAVE_LIB_CHACHA help - SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20, - XChaCha20, and XChaCha12 stream ciphers. + ChaCha stream cipher algorithms + + Architecture: x86_64 using: + * SSSE3 (Supplemental SSE3) + * AVX2 (Advanced Vector Extensions 2) + * AVX-512VL (Advanced Vector Extensions-512VL) config CRYPTO_CHACHA_MIPS - tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)" + tristate "ChaCha (MIPS32r2)" depends on CPU_MIPS32_R2 select CRYPTO_SKCIPHER select CRYPTO_ARCH_HAVE_LIB_CHACHA + help + ChaCha stream cipher algorithms + + Architecture: MIPS32r2 config CRYPTO_CHACHA_S390 - tristate "ChaCha20 stream cipher" + tristate "ChaCha20 (s390)" depends on S390 select CRYPTO_SKCIPHER select CRYPTO_LIB_CHACHA_GENERIC select CRYPTO_ARCH_HAVE_LIB_CHACHA help - This is the s390 SIMD implementation of the ChaCha20 stream - cipher (RFC 7539). + ChaCha20 stream cipher (RFC 7539) + + Architecture: s390 It is available as of z13. config CRYPTO_SEED - tristate "SEED cipher algorithm" + tristate "SEED" depends on CRYPTO_USER_API_ENABLE_OBSOLETE select CRYPTO_ALGAPI help - SEED cipher algorithm (RFC4269). + SEED cipher algorithm (RFC4269) SEED is a 128-bit symmetric key block cipher that has been developed by KISA (Korea Information Security Agency) as a national standard encryption algorithm of the Republic of Korea. It is a 16 round block cipher with the key size of 128 bit. - See also: - + See https://seed.kisa.or.kr/kisa/algorithm/EgovSeedInfo.do + for further information. config CRYPTO_SERPENT - tristate "Serpent cipher algorithm" + tristate "Serpent" select CRYPTO_ALGAPI help Serpent cipher algorithm, by Anderson, Biham & Knudsen. @@ -1706,49 +1650,40 @@ menu "Ciphers" Keys are allowed to be from 0 to 256 bits in length, in steps of 8 bits. - See also: - + See https://www.cl.cam.ac.uk/~rja14/serpent.html for further information. config CRYPTO_SERPENT_SSE2_X86_64 - tristate "Serpent cipher algorithm (x86_64/SSE2)" + tristate "Serpent (x86_64 with SSE2)" depends on X86 && 64BIT select CRYPTO_SKCIPHER select CRYPTO_SERPENT select CRYPTO_SIMD imply CRYPTO_CTR help - Serpent cipher algorithm, by Anderson, Biham & Knudsen. - - Keys are allowed to be from 0 to 256 bits in length, in steps - of 8 bits. + Serpent cipher algorithm - This module provides Serpent cipher algorithm that processes eight - blocks parallel using SSE2 instruction set. + Architecture: x86_64 using: + * SSE2 (Streaming SIMD Extensions 2) - See also: - + Processes eight blocks in parallel. config CRYPTO_SERPENT_SSE2_586 - tristate "Serpent cipher algorithm (i586/SSE2)" + tristate "Serpent (x86 with SSE2)" depends on X86 && !64BIT select CRYPTO_SKCIPHER select CRYPTO_SERPENT select CRYPTO_SIMD imply CRYPTO_CTR help - Serpent cipher algorithm, by Anderson, Biham & Knudsen. + Serpent cipher algorithm - Keys are allowed to be from 0 to 256 bits in length, in steps - of 8 bits. - - This module provides Serpent cipher algorithm that processes four - blocks parallel using SSE2 instruction set. + Architecture: x86 (32-bit) using: + * SSE2 (Streaming SIMD Extensions 2) - See also: - + Processes four blocks in parallel. config CRYPTO_SERPENT_AVX_X86_64 - tristate "Serpent cipher algorithm (x86_64/AVX)" + tristate "Serpent (x86_64 with AVX)" depends on X86 && 64BIT select CRYPTO_SKCIPHER select CRYPTO_SERPENT @@ -1756,42 +1691,34 @@ menu "Ciphers" imply CRYPTO_XTS imply CRYPTO_CTR help - Serpent cipher algorithm, by Anderson, Biham & Knudsen. + Serpent cipher algorithm - Keys are allowed to be from 0 to 256 bits in length, in steps - of 8 bits. - - This module provides the Serpent cipher algorithm that processes - eight blocks parallel using the AVX instruction set. + Architecture: x86_64 using: + * AVX (Advanced Vector Extensions) - See also: - + Processes eight blocks in parallel. config CRYPTO_SERPENT_AVX2_X86_64 - tristate "Serpent cipher algorithm (x86_64/AVX2)" + tristate "Serpent (x86_64 with AVX2)" depends on X86 && 64BIT select CRYPTO_SERPENT_AVX_X86_64 help - Serpent cipher algorithm, by Anderson, Biham & Knudsen. + Serpent cipher algorithm - Keys are allowed to be from 0 to 256 bits in length, in steps - of 8 bits. - - This module provides Serpent cipher algorithm that processes 16 - blocks parallel using AVX2 instruction set. + Architecture: x86_64 using: + * AVX2 (Advanced Vector Extensions 2) - See also: - + Processes 16 blocks in parallel. config CRYPTO_SM4 tristate config CRYPTO_SM4_GENERIC - tristate "SM4 cipher algorithm" + tristate "SM4 (ShangMi 4)" select CRYPTO_ALGAPI select CRYPTO_SM4 help - SM4 cipher algorithms (OSCCA GB/T 32907-2016). + SM4 cipher algorithms (OSCCA GB/T 32907-2016) SM4 (GBT.32907-2016) is a cryptographic standard issued by the Organization of State Commercial Administration of China (OSCCA) @@ -1808,33 +1735,36 @@ menu "Ciphers" The input, output, and key of SMS4 are each 128 bits. - See also: + See https://eprint.iacr.org/2008/329.pdf for further information. If unsure, say N. config CRYPTO_SM4_AESNI_AVX_X86_64 - tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX)" + tristate "SM4 (ShangMi 4) (x86_64 with AES-NI/AVX)" depends on X86 && 64BIT select CRYPTO_SKCIPHER select CRYPTO_SIMD select CRYPTO_ALGAPI select CRYPTO_SM4 help - SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX). + SM4 cipher algorithms (OSCCA GB/T 32907-2016) + + Architecture: x86_64 using: + * AES-NI (AES New Instructions) + * AVX (Advanced Vector Extensions) SM4 (GBT.32907-2016) is a cryptographic standard issued by the Organization of State Commercial Administration of China (OSCCA) as an authorized cryptographic algorithms for the use within China. - This is SM4 optimized implementation using AES-NI/AVX/x86_64 - instruction set for block cipher. Through two affine transforms, + Through two affine transforms, we can use the AES S-Box to simulate the SM4 S-Box to achieve the effect of instruction acceleration. If unsure, say N. config CRYPTO_SM4_AESNI_AVX2_X86_64 - tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX2)" + tristate "SM4 (ShangMi 4) (x86_64 with AES-NI/AVX2)" depends on X86 && 64BIT select CRYPTO_SKCIPHER select CRYPTO_SIMD @@ -1842,25 +1772,28 @@ menu "Ciphers" select CRYPTO_SM4 select CRYPTO_SM4_AESNI_AVX_X86_64 help - SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX2). + SM4 cipher algorithms (OSCCA GB/T 32907-2016) + + Architecture: x86_64 using: + * AES-NI (AES New Instructions) + * AVX2 (Advanced Vector Extensions 2) SM4 (GBT.32907-2016) is a cryptographic standard issued by the Organization of State Commercial Administration of China (OSCCA) as an authorized cryptographic algorithms for the use within China. - This is SM4 optimized implementation using AES-NI/AVX2/x86_64 - instruction set for block cipher. Through two affine transforms, + Through two affine transforms, we can use the AES S-Box to simulate the SM4 S-Box to achieve the effect of instruction acceleration. If unsure, say N. config CRYPTO_TEA - tristate "TEA, XTEA and XETA cipher algorithms" + tristate "TEA, XTEA and XETA" depends on CRYPTO_USER_API_ENABLE_OBSOLETE select CRYPTO_ALGAPI help - TEA cipher algorithm. + TEA cipher algorithm Tiny Encryption Algorithm is a simple cipher that uses many rounds for security. It is very fast and uses @@ -1874,19 +1807,18 @@ menu "Ciphers" of the XTEA algorithm for compatibility purposes. config CRYPTO_TWOFISH - tristate "Twofish cipher algorithm" + tristate "Twofish" select CRYPTO_ALGAPI select CRYPTO_TWOFISH_COMMON help - Twofish cipher algorithm. + Twofish cipher algorithm Twofish was submitted as an AES (Advanced Encryption Standard) candidate cipher by researchers at CounterPane Systems. It is a 16 round block cipher supporting key sizes of 128, 192, and 256 bits. - See also: - + See https://www.schneier.com/twofish.html for further information. config CRYPTO_TWOFISH_COMMON tristate @@ -1895,61 +1827,43 @@ menu "Ciphers" generic c and the assembler implementations. config CRYPTO_TWOFISH_586 - tristate "Twofish cipher algorithms (i586)" + tristate "Twofish (x86)" depends on (X86 || UML_X86) && !64BIT select CRYPTO_ALGAPI select CRYPTO_TWOFISH_COMMON imply CRYPTO_CTR help - Twofish cipher algorithm. - - Twofish was submitted as an AES (Advanced Encryption Standard) - candidate cipher by researchers at CounterPane Systems. It is a - 16 round block cipher supporting key sizes of 128, 192, and 256 - bits. + Twofish cipher algorithm - See also: - + Architecture: x86 (32-bit) config CRYPTO_TWOFISH_X86_64 - tristate "Twofish cipher algorithm (x86_64)" + tristate "Twofish (x86_64)" depends on (X86 || UML_X86) && 64BIT select CRYPTO_ALGAPI select CRYPTO_TWOFISH_COMMON imply CRYPTO_CTR help - Twofish cipher algorithm (x86_64). - - Twofish was submitted as an AES (Advanced Encryption Standard) - candidate cipher by researchers at CounterPane Systems. It is a - 16 round block cipher supporting key sizes of 128, 192, and 256 - bits. + Twofish cipher algorithm - See also: - + Architecture: x86_64 config CRYPTO_TWOFISH_X86_64_3WAY - tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" + tristate "Twofish (x86_64, 3-way parallel)" depends on X86 && 64BIT select CRYPTO_SKCIPHER select CRYPTO_TWOFISH_COMMON select CRYPTO_TWOFISH_X86_64 help - Twofish cipher algorithm (x86_64, 3-way parallel). - - Twofish was submitted as an AES (Advanced Encryption Standard) - candidate cipher by researchers at CounterPane Systems. It is a - 16 round block cipher supporting key sizes of 128, 192, and 256 - bits. + Twofish cipher algorithm - This module provides Twofish cipher algorithm that processes three - blocks parallel, utilizing resources of out-of-order CPUs better. + Architecture: x86_64 - See also: - + Processes three blocks in parallel, better utilizing resources of + out-of-order CPUs. config CRYPTO_TWOFISH_AVX_X86_64 - tristate "Twofish cipher algorithm (x86_64/AVX)" + tristate "Twofish (x86_64 with AVX)" depends on X86 && 64BIT select CRYPTO_SKCIPHER select CRYPTO_SIMD @@ -1958,99 +1872,105 @@ menu "Ciphers" select CRYPTO_TWOFISH_X86_64_3WAY imply CRYPTO_XTS help - Twofish cipher algorithm (x86_64/AVX). + Twofish cipher algorithm - Twofish was submitted as an AES (Advanced Encryption Standard) - candidate cipher by researchers at CounterPane Systems. It is a - 16 round block cipher supporting key sizes of 128, 192, and 256 - bits. - - This module provides the Twofish cipher algorithm that processes - eight blocks parallel using the AVX Instruction Set. + Architecture: x86_64 using: + * AVX (Advanced Vector Extensions) - See also: - + Processes eight blocks in parallel. endmenu menu "Compression" config CRYPTO_DEFLATE - tristate "Deflate compression algorithm" + tristate "Deflate" select CRYPTO_ALGAPI select CRYPTO_ACOMP2 select ZLIB_INFLATE select ZLIB_DEFLATE help - This is the Deflate algorithm (RFC1951), specified for use in - IPSec with the IPCOMP protocol (RFC3173, RFC2394). + Deflate algorithm (RFC1951) - You will most probably want this if using IPSec. + This is specified for use in IPSec with the IPCOMP protocol (RFC3173, RFC2394). config CRYPTO_LZO - tristate "LZO compression algorithm" + tristate "LZO (Lempel-Ziv-Oberhumer)" select CRYPTO_ALGAPI select CRYPTO_ACOMP2 select LZO_COMPRESS select LZO_DECOMPRESS help - This is the LZO algorithm. + LZO compression algorithm + + See https://www.oberhumer.com/opensource/lzo/ for further information. + Loads two modules: lzo and lzo-rle config CRYPTO_842 - tristate "842 compression algorithm" + tristate "842" select CRYPTO_ALGAPI select CRYPTO_ACOMP2 select 842_COMPRESS select 842_DECOMPRESS help - This is the 842 algorithm. + 842 compression algorithm by IBM + + See https://github.com/plauth/lib842 for further information. config CRYPTO_LZ4 - tristate "LZ4 compression algorithm" + tristate "LZ4" select CRYPTO_ALGAPI select CRYPTO_ACOMP2 select LZ4_COMPRESS select LZ4_DECOMPRESS help - This is the LZ4 algorithm. + LZ4 compression algorithm + + See https://github.com/lz4/lz4 for further information. config CRYPTO_LZ4HC - tristate "LZ4HC compression algorithm" + tristate "LZ4HC" select CRYPTO_ALGAPI select CRYPTO_ACOMP2 select LZ4HC_COMPRESS select LZ4_DECOMPRESS help - This is the LZ4 high compression mode algorithm. + LZ4 high compression mode algorithm + + See https://github.com/lz4/lz4 for further information. config CRYPTO_ZSTD - tristate "Zstd compression algorithm" + tristate "Zstd" select CRYPTO_ALGAPI select CRYPTO_ACOMP2 select ZSTD_COMPRESS select ZSTD_DECOMPRESS help - This is the zstd algorithm. + zstd compression algorithm + + See https://github.com/facebook/zstd for further information. endmenu menu "Random Number Generation" config CRYPTO_ANSI_CPRNG - tristate "Pseudo Random Number Generation for Cryptographic modules" + tristate "ANSI PRNG (Pseudo Random Number Generator)" select CRYPTO_AES select CRYPTO_RNG help - This option enables the generic pseudo random number generator - for cryptographic modules. Uses the Algorithm specified in - ANSI X9.31 A.2.4. Note that this option must be enabled if - CRYPTO_FIPS is selected + Pseudo RNG (random number generator) (ANSI X9.31 Appendix A.2.4) + + This uses the AES cipher algorithm. + + Note that this option must be enabled if CRYPTO_FIPS is selected menuconfig CRYPTO_DRBG_MENU - tristate "NIST SP800-90A DRBG" + tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)" help - NIST SP800-90A compliant DRBG. In the following submenu, one or - more of the DRBG types must be selected. + DRBG (Deterministic Random Bit Generator) (NIST SP800-90A) + + In the following submenu, one or more of the DRBG types must be selected. if CRYPTO_DRBG_MENU @@ -2061,17 +1981,21 @@ menuconfig CRYPTO_DRBG_MENU select CRYPTO_SHA512 config CRYPTO_DRBG_HASH - bool "Enable Hash DRBG" + bool "Hash_DRBG (Deterministic Random Bit Generator)" select CRYPTO_SHA256 help - Enable the Hash DRBG variant as defined in NIST SP800-90A. + Hash_DRBG variant as defined in NIST SP800-90A. + + This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms. config CRYPTO_DRBG_CTR - bool "Enable CTR DRBG" + bool "CTR DRBG (Counter Mode Deterministic Random Bit Generator)" select CRYPTO_AES select CRYPTO_CTR help - Enable the CTR DRBG variant as defined in NIST SP800-90A. + CTR_DRBG variant as defined in NIST SP800-90A. + + This uses the AES cipher algorithm and the counter block cipher mode. config CRYPTO_DRBG tristate @@ -2082,15 +2006,21 @@ menuconfig CRYPTO_DRBG_MENU endif # if CRYPTO_DRBG_MENU config CRYPTO_JITTERENTROPY - tristate "Jitterentropy Non-Deterministic Random Number Generator" + tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)" select CRYPTO_RNG help - The Jitterentropy RNG is a noise that is intended - to provide seed to another RNG. The RNG does not - perform any cryptographic whitening of the generated + CPU Jitter RNG (Random Number Generator) from the Jitterentropy library + + A non-physical non-deterministic ("true") RNG (e.g., an entropy source + compliant with NIST SP800-90B) intended to provide a seed to a + deterministic RNG (e.g. per NIST SP800-90C). + + This RNG does not perform any cryptographic whitening of the generated random numbers. This Jitterentropy RNG registers with the kernel crypto API and can be used by any caller. + See https://www.chronox.de/jent.html + endmenu config CRYPTO_KDF800108_CTR From patchwork Wed Aug 17 23:20:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Elliott, Robert \(Servers\)" X-Patchwork-Id: 597939 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0757DC25B08 for ; Wed, 17 Aug 2022 23:21:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242378AbiHQXVl (ORCPT ); Wed, 17 Aug 2022 19:21:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46758 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242243AbiHQXV3 (ORCPT ); Wed, 17 Aug 2022 19:21:29 -0400 Received: from mx0a-002e3701.pphosted.com (mx0a-002e3701.pphosted.com [148.163.147.86]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3F108A404D; Wed, 17 Aug 2022 16:21:24 -0700 (PDT) Received: from pps.filterd (m0134420.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27HNK2P2020374; Wed, 17 Aug 2022 23:21:20 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pps0720; bh=tUbh+vNC70urocfZcuHC8mry030DvJifO41MfmcUrTc=; b=A6Tv8X+QInwjSu1v+gJikbG9oRSqQITJotZplfPXNy9xvS+6yWdGonWHRayLxWidAfNd WA4e6ImZ8DfgUwiaMLyxFLm1lvhrHR3oQYL8ZnbbSgqvK4v9EXPJfV1V3d3t7Cw5bjAc hBoBFpqQFKlFuVG1QKX0GrLO+HkIcCaOAvJn83csi6bjQEKjOkaPn3O4J5LXRvsB0GQ6 PB14tTYJANQ4sDDx8HLjgzSy/UGrthGLiYZrJdPtLDg1/GvTOdRUB+s7Tts0B3Fv6+j2 kLahNAUAf++vQDCmz1UgV27B/kLh6EdxvNV949iClaHntqWRGG6Dtr1wUYr8sekRo8BS 5Q== Received: from p1lg14880.it.hpe.com (p1lg14880.it.hpe.com [16.230.97.201]) by mx0b-002e3701.pphosted.com (PPS) with ESMTPS id 3j19wer08d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Aug 2022 23:21:20 +0000 Received: from p1lg14886.dc01.its.hpecorp.net (unknown [10.119.18.237]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by p1lg14880.it.hpe.com (Postfix) with ESMTPS id 8E62D8001AE; Wed, 17 Aug 2022 23:21:19 +0000 (UTC) Received: from adevxp033-sys.us.rdlabs.hpecorp.net (unknown [16.231.227.36]) by p1lg14886.dc01.its.hpecorp.net (Postfix) with ESMTP id 43D8B803ADE; Wed, 17 Aug 2022 23:21:19 +0000 (UTC) From: Robert Elliott To: herbert@gondor.apana.org.au, davem@davemloft.net, ebiggers@kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Robert Elliott Subject: [PATCH v2 07/10] crypto: Kconfig - move arm and arm64 menus to Crypto API page Date: Wed, 17 Aug 2022 18:20:54 -0500 Message-Id: <20220817232057.73643-8-elliott@hpe.com> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220817232057.73643-1-elliott@hpe.com> References: <20220815190608.47182-9-elliott@hpe.com> <20220817232057.73643-1-elliott@hpe.com> MIME-Version: 1.0 X-Proofpoint-GUID: 4rvn-bmJZa3fo7lhd-Xz4H-rY5tZYFLe X-Proofpoint-ORIG-GUID: 4rvn-bmJZa3fo7lhd-Xz4H-rY5tZYFLe X-HPE-SCL: -1 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-17_15,2022-08-16_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 bulkscore=0 adultscore=0 impostorscore=0 malwarescore=0 lowpriorityscore=0 suspectscore=0 mlxlogscore=840 clxscore=1015 mlxscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208170088 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Move ARM- and ARM64-accelerated menus into a submenu under the Crypto API menu (paralleling all the architectures). Make each submenu always appear if the corresponding architecture is supported. Get rid of the ARM_CRYPTO and ARM64_CRYPTO symbols. The "ARM Accelerated" or "ARM64 Accelerated" entry disappears from: General setup ---> Platform selection ---> Kernel Features ---> Boot options ---> Power management options ---> CPU Power Management ---> [*] ACPI (Advanced Configuration and Power Interface) Support ---> [*] Virtualization ---> [*] ARM Accelerated Cryptographic Algorithms ---> (or) [*] ARM64 Accelerated Cryptographic Algorithms ---> ... -*- Cryptographic API ---> Library routines ---> Kernel hacking ---> and moves into the Cryptographic API menu, which now contains: ... Accelerated Cryptographic Algorithms for CPU (arm) ---> (or) Accelerated Cryptographic Algorithms for CPU (arm64) ---> [*] Hardware crypto devices ---> ... Suggested-by: Eric Biggers Signed-off-by: Robert Elliott --- arch/arm/Kconfig | 4 ---- arch/arm/configs/exynos_defconfig | 1 - arch/arm/configs/milbeaut_m10v_defconfig | 1 - arch/arm/configs/multi_v7_defconfig | 1 - arch/arm/configs/omap2plus_defconfig | 1 - arch/arm/configs/pxa_defconfig | 1 - arch/arm/crypto/Kconfig | 11 ++--------- arch/arm64/Kconfig | 3 --- arch/arm64/configs/defconfig | 1 - arch/arm64/crypto/Kconfig | 11 ++--------- crypto/Kconfig | 6 ++++++ drivers/crypto/Kconfig | 1 - drivers/net/Kconfig | 2 -- 13 files changed, 10 insertions(+), 34 deletions(-) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 7630ba9cb6cc..2b42c6ece2de 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -1903,8 +1903,4 @@ menu "Power management options" endmenu -if CRYPTO -source "arch/arm/crypto/Kconfig" -endif - source "arch/arm/Kconfig.assembler" diff --git a/arch/arm/configs/exynos_defconfig b/arch/arm/configs/exynos_defconfig index aa061074db78..4ac1f1dcb429 100644 --- a/arch/arm/configs/exynos_defconfig +++ b/arch/arm/configs/exynos_defconfig @@ -34,7 +34,6 @@ CONFIG_NEON=y CONFIG_KERNEL_MODE_NEON=y CONFIG_PM_DEBUG=y CONFIG_PM_ADVANCED_DEBUG=y -CONFIG_ARM_CRYPTO=y CONFIG_CRYPTO_SHA1_ARM_NEON=m CONFIG_CRYPTO_SHA256_ARM=m CONFIG_CRYPTO_SHA512_ARM=m diff --git a/arch/arm/configs/milbeaut_m10v_defconfig b/arch/arm/configs/milbeaut_m10v_defconfig index 7c07f9893a0f..ab0acf1e0a71 100644 --- a/arch/arm/configs/milbeaut_m10v_defconfig +++ b/arch/arm/configs/milbeaut_m10v_defconfig @@ -46,7 +46,6 @@ CONFIG_NEON=y CONFIG_KERNEL_MODE_NEON=y CONFIG_EFI_VARS=m CONFIG_EFI_CAPSULE_LOADER=m -CONFIG_ARM_CRYPTO=y CONFIG_CRYPTO_SHA1_ARM_NEON=m CONFIG_CRYPTO_SHA1_ARM_CE=m CONFIG_CRYPTO_SHA2_ARM_CE=m diff --git a/arch/arm/configs/multi_v7_defconfig b/arch/arm/configs/multi_v7_defconfig index ce9826bce29b..ef6e2f9c3288 100644 --- a/arch/arm/configs/multi_v7_defconfig +++ b/arch/arm/configs/multi_v7_defconfig @@ -135,7 +135,6 @@ CONFIG_TRUSTED_FOUNDATIONS=y CONFIG_BCM47XX_NVRAM=y CONFIG_BCM47XX_SPROM=y CONFIG_EFI_CAPSULE_LOADER=m -CONFIG_ARM_CRYPTO=y CONFIG_CRYPTO_SHA1_ARM_NEON=m CONFIG_CRYPTO_SHA1_ARM_CE=m CONFIG_CRYPTO_SHA2_ARM_CE=m diff --git a/arch/arm/configs/omap2plus_defconfig b/arch/arm/configs/omap2plus_defconfig index 9380df6b530f..85cd9d232f8d 100644 --- a/arch/arm/configs/omap2plus_defconfig +++ b/arch/arm/configs/omap2plus_defconfig @@ -54,7 +54,6 @@ CONFIG_CPU_IDLE=y CONFIG_ARM_CPUIDLE=y CONFIG_KERNEL_MODE_NEON=y CONFIG_PM_DEBUG=y -CONFIG_ARM_CRYPTO=y CONFIG_CRYPTO_SHA1_ARM_NEON=m CONFIG_CRYPTO_SHA256_ARM=m CONFIG_CRYPTO_SHA512_ARM=m diff --git a/arch/arm/configs/pxa_defconfig b/arch/arm/configs/pxa_defconfig index 1db70dfd32d2..a97f9aca572c 100644 --- a/arch/arm/configs/pxa_defconfig +++ b/arch/arm/configs/pxa_defconfig @@ -743,7 +743,6 @@ CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_DEFLATE=y CONFIG_CRYPTO_LZO=y -CONFIG_ARM_CRYPTO=y CONFIG_CRYPTO_SHA1_ARM=m CONFIG_CRYPTO_SHA256_ARM=m CONFIG_CRYPTO_SHA512_ARM=m diff --git a/arch/arm/crypto/Kconfig b/arch/arm/crypto/Kconfig index e4dba5461cb3..f6edc8f19d17 100644 --- a/arch/arm/crypto/Kconfig +++ b/arch/arm/crypto/Kconfig @@ -1,13 +1,6 @@ # SPDX-License-Identifier: GPL-2.0 -menuconfig ARM_CRYPTO - bool "ARM Accelerated Cryptographic Algorithms" - depends on ARM - help - Say Y here to choose from a selection of cryptographic algorithms - implemented using ARM specific CPU features or instructions. - -if ARM_CRYPTO +menu "Accelerated Cryptographic Algorithms for CPU (arm)" config CRYPTO_SHA1_ARM tristate "SHA1 digest algorithm (ARM-asm)" @@ -170,4 +163,4 @@ menuconfig ARM_CRYPTO select CRYPTO_LIB_CURVE25519_GENERIC select CRYPTO_ARCH_HAVE_LIB_CURVE25519 -endif +endmenu diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 1652a9800ebe..78af1ffaa252 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -2186,6 +2186,3 @@ menu "CPU Power Management" source "arch/arm64/kvm/Kconfig" -if CRYPTO -source "arch/arm64/crypto/Kconfig" -endif # CRYPTO diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig index 7d1105343bc2..eac6f5bf4dea 100644 --- a/arch/arm64/configs/defconfig +++ b/arch/arm64/configs/defconfig @@ -108,7 +108,6 @@ CONFIG_ACPI_APEI_MEMORY_FAILURE=y CONFIG_ACPI_APEI_EINJ=y CONFIG_VIRTUALIZATION=y CONFIG_KVM=y -CONFIG_ARM64_CRYPTO=y CONFIG_CRYPTO_SHA1_ARM64_CE=y CONFIG_CRYPTO_SHA2_ARM64_CE=y CONFIG_CRYPTO_SHA512_ARM64_CE=m diff --git a/arch/arm64/crypto/Kconfig b/arch/arm64/crypto/Kconfig index ac85682c013c..5b4d4bfb0356 100644 --- a/arch/arm64/crypto/Kconfig +++ b/arch/arm64/crypto/Kconfig @@ -1,13 +1,6 @@ # SPDX-License-Identifier: GPL-2.0 -menuconfig ARM64_CRYPTO - bool "ARM64 Accelerated Cryptographic Algorithms" - depends on ARM64 - help - Say Y here to choose from a selection of cryptographic algorithms - implemented using ARM64 specific CPU features or instructions. - -if ARM64_CRYPTO +menu "Accelerated Cryptographic Algorithms for CPU (arm64)" config CRYPTO_SHA256_ARM64 tristate "SHA-224/SHA-256 digest algorithm for arm64" @@ -132,4 +125,4 @@ menuconfig ARM64_CRYPTO select CRYPTO_AES_ARM64_NEON_BLK select CRYPTO_LIB_AES -endif +endmenu diff --git a/crypto/Kconfig b/crypto/Kconfig index f24ba726af25..b61626bf8ee2 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1245,6 +1245,12 @@ menuconfig CRYPTO_DRBG_MENU config CRYPTO_HASH_INFO bool +if ARM +source "arch/arm/crypto/Kconfig" +endif +if ARM64 +source "arch/arm64/crypto/Kconfig" +endif if MIPS source "arch/mips/crypto/Kconfig" endif diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 9728874f66a0..06c71b6da07e 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -802,7 +802,6 @@ menuconfig CRYPTO_HW config CRYPTO_DEV_SA2UL tristate "Support for TI security accelerator" depends on ARCH_K3 || COMPILE_TEST - select ARM64_CRYPTO select CRYPTO_AES select CRYPTO_ALGAPI select CRYPTO_AUTHENC diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig index 8c1eeb5a8db8..c94733b0b10f 100644 --- a/drivers/net/Kconfig +++ b/drivers/net/Kconfig @@ -85,8 +85,6 @@ menuconfig NETDEVICES select CRYPTO_POLY1305_X86_64 if X86 && 64BIT select CRYPTO_BLAKE2S_X86 if X86 && 64BIT select CRYPTO_CURVE25519_X86 if X86 && 64BIT - select ARM_CRYPTO if ARM - select ARM64_CRYPTO if ARM64 select CRYPTO_CHACHA20_NEON if ARM || (ARM64 && KERNEL_MODE_NEON) select CRYPTO_POLY1305_NEON if ARM64 && KERNEL_MODE_NEON select CRYPTO_POLY1305_ARM if ARM From patchwork Mon Aug 15 19:06:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Elliott, Robert \(Servers\)" X-Patchwork-Id: 597304 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3B63BC28B2B for ; Mon, 15 Aug 2022 20:37:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345453AbiHOUhM (ORCPT ); Mon, 15 Aug 2022 16:37:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46404 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346055AbiHOUfX (ORCPT ); Mon, 15 Aug 2022 16:35:23 -0400 Received: from mx0a-002e3701.pphosted.com (mx0a-002e3701.pphosted.com [148.163.147.86]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E04C54E626; Mon, 15 Aug 2022 12:06:28 -0700 (PDT) Received: from pps.filterd (m0134420.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27FJ4te5010959; Mon, 15 Aug 2022 19:06:26 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : content-transfer-encoding : mime-version; s=pps0720; bh=qCh6I0+cDF6swBdDYOmEA/mJHXnGtsAsU0SP+AClfmE=; b=Ub0KNwFzAZhvt6rYkm/dOa6yB19Q/C8OVqcGHY5JcpWdFLGK7ZjiD12XkoqWzmE4BCWi IdMQC8c44alChEH+DKLX5ncij16sgEh++2gvTqmvXj3VQvvsvb6jhbBvPwiYIV3LS21i LXE6LDJDvdw7OKtS0C+qJN9dqeFwUcEsN1ZMW8IcVzYa1r5E7lHF3CbFM8VfzbKX/AgD FzbiYG1Yps6CPH65vCEWhjJUVnFJXKueLsRTMYp09jF7/CmHx3gqPxVcxA1fGFWPat1x 9CZRGCxbYXmTMc4TnJEKypxqvBgucH3xQjfzGWHkRR3lA/PGrp/kMLxC3HygJITddm/X 4Q== Received: from p1lg14880.it.hpe.com (p1lg14880.it.hpe.com [16.230.97.201]) by mx0b-002e3701.pphosted.com (PPS) with ESMTPS id 3hyuys00ds-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 15 Aug 2022 19:06:26 +0000 Received: from p1lg14886.dc01.its.hpecorp.net (unknown [10.119.18.237]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by p1lg14880.it.hpe.com (Postfix) with ESMTPS id 99787800E88; Mon, 15 Aug 2022 19:06:25 +0000 (UTC) Received: from adevxp033-sys.us.rdlabs.hpecorp.net (unknown [16.231.227.36]) by p1lg14886.dc01.its.hpecorp.net (Postfix) with ESMTP id 56A00808EA6; Mon, 15 Aug 2022 19:06:25 +0000 (UTC) From: Robert Elliott To: herbert@gondor.apana.org.au, davem@davemloft.net, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Cc: toshi.kani@hpe.com, Robert Elliott Subject: [PATCH 8/8] crypto: Kconfig - sort the ciphers Date: Mon, 15 Aug 2022 14:06:08 -0500 Message-Id: <20220815190608.47182-9-elliott@hpe.com> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220815190608.47182-1-elliott@hpe.com> References: <20220815190608.47182-1-elliott@hpe.com> X-Proofpoint-ORIG-GUID: uHjKQu-OpM44Ya7c7n1iQLIosvqeJO6e X-Proofpoint-GUID: uHjKQu-OpM44Ya7c7n1iQLIosvqeJO6e X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-HPE-SCL: -1 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-15_08,2022-08-15_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 malwarescore=0 bulkscore=0 lowpriorityscore=0 spamscore=0 adultscore=0 mlxlogscore=999 priorityscore=1501 clxscore=1015 suspectscore=0 mlxscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208150071 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Sort the entries in Ciphers by their displayed names. In particular, keep the optimized CPU implementations next to the generic implementations. Signed-off-by: Robert Elliott --- crypto/Kconfig | 118 ++++++++++++++++++++++++------------------------- 1 file changed, 59 insertions(+), 59 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index f5cfb73e2423..03f4e2d97ef9 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1500,6 +1500,65 @@ menu "Ciphers" Processes eight blocks in parallel. +config CRYPTO_CHACHA20 + tristate "ChaCha" + select CRYPTO_LIB_CHACHA_GENERIC + select CRYPTO_SKCIPHER + help + The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms + + ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. + Bernstein and further specified in RFC7539 for use in IETF protocols. + This is the portable C implementation of ChaCha20. See + https://cr.yp.to/chacha/chacha-20080128.pdf for further information. + + XChaCha20 is the application of the XSalsa20 construction to ChaCha20 + rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length + from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, + while provably retaining ChaCha20's security. See + https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information. + + XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly + reduced security margin but increased performance. It can be needed + in some performance-sensitive scenarios. + +config CRYPTO_CHACHA20_X86_64 + tristate "ChaCha (x86_64 with SSSE3/AVX2/AVX-512VL)" + depends on X86 && 64BIT + select CRYPTO_SKCIPHER + select CRYPTO_LIB_CHACHA_GENERIC + select CRYPTO_ARCH_HAVE_LIB_CHACHA + help + ChaCha stream cipher algorithms + + Architecture: x86_64 using: + * SSSE3 (Supplemental SSE3) + * AVX2 (Advanced Vector Extensions 2) + * AVX-512VL (Advanced Vector Extensions-512VL) + +config CRYPTO_CHACHA_MIPS + tristate "ChaCha (MIPS32r2)" + depends on CPU_MIPS32_R2 + select CRYPTO_SKCIPHER + select CRYPTO_ARCH_HAVE_LIB_CHACHA + help + ChaCha stream cipher algorithms + + Architecture: MIPS32r2 + +config CRYPTO_CHACHA_S390 + tristate "ChaCha20 (s390)" + depends on S390 + select CRYPTO_SKCIPHER + select CRYPTO_LIB_CHACHA_GENERIC + select CRYPTO_ARCH_HAVE_LIB_CHACHA + help + ChaCha20 stream cipher (RFC 7539) + + Architecture: s390 + + It is available as of z13. + config CRYPTO_DES tristate "DES and Triple DES EDE" select CRYPTO_ALGAPI @@ -1566,65 +1625,6 @@ menu "Ciphers" See https://web.archive.org/web/20171011071731/http://www.larc.usp.br/~pbarreto/KhazadPage.html for further information. -config CRYPTO_CHACHA20 - tristate "ChaCha" - select CRYPTO_LIB_CHACHA_GENERIC - select CRYPTO_SKCIPHER - help - The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms - - ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. - Bernstein and further specified in RFC7539 for use in IETF protocols. - This is the portable C implementation of ChaCha20. See - https://cr.yp.to/chacha/chacha-20080128.pdf for further information. - - XChaCha20 is the application of the XSalsa20 construction to ChaCha20 - rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length - from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, - while provably retaining ChaCha20's security. See - https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information. - - XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly - reduced security margin but increased performance. It can be needed - in some performance-sensitive scenarios. - -config CRYPTO_CHACHA20_X86_64 - tristate "ChaCha (x86_64 with SSSE3/AVX2/AVX-512VL)" - depends on X86 && 64BIT - select CRYPTO_SKCIPHER - select CRYPTO_LIB_CHACHA_GENERIC - select CRYPTO_ARCH_HAVE_LIB_CHACHA - help - ChaCha stream cipher algorithms - - Architecture: x86_64 using: - * SSSE3 (Supplemental SSE3) - * AVX2 (Advanced Vector Extensions 2) - * AVX-512VL (Advanced Vector Extensions-512VL) - -config CRYPTO_CHACHA_MIPS - tristate "ChaCha (MIPS32r2)" - depends on CPU_MIPS32_R2 - select CRYPTO_SKCIPHER - select CRYPTO_ARCH_HAVE_LIB_CHACHA - help - ChaCha stream cipher algorithms - - Architecture: MIPS32r2 - -config CRYPTO_CHACHA_S390 - tristate "ChaCha20 (s390)" - depends on S390 - select CRYPTO_SKCIPHER - select CRYPTO_LIB_CHACHA_GENERIC - select CRYPTO_ARCH_HAVE_LIB_CHACHA - help - ChaCha20 stream cipher (RFC 7539) - - Architecture: s390 - - It is available as of z13. - config CRYPTO_SEED tristate "SEED" depends on CRYPTO_USER_API_ENABLE_OBSOLETE From patchwork Wed Aug 17 23:20:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Elliott, Robert \(Servers\)" X-Patchwork-Id: 597940 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B0DFDC32774 for ; Wed, 17 Aug 2022 23:21:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242374AbiHQXVk (ORCPT ); Wed, 17 Aug 2022 19:21:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46890 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242312AbiHQXVf (ORCPT ); Wed, 17 Aug 2022 19:21:35 -0400 Received: from mx0a-002e3701.pphosted.com (mx0a-002e3701.pphosted.com [148.163.147.86]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A3739A59BE; Wed, 17 Aug 2022 16:21:29 -0700 (PDT) Received: from pps.filterd (m0134420.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27HNKIMb020598; Wed, 17 Aug 2022 23:21:25 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : content-transfer-encoding : mime-version; s=pps0720; bh=l0okhPqh6jj7+W69lSh6MeNqDZDXZJin5lQaSUzN0AA=; b=mNoLAUznm9S+pPAPF+v4OCEFt1k3eueV5ghHAKMZ+8DBlLBw8dRoDmMMwRUOYELeORei dVh7HvFLXm0OEy6Jlcknce+IYG7mC4/rJEg3auakFFV530XbUGbjBl5ao+8nS8ZHCuOr edgVDV8OBDtCCRAzJACOxhw2niCBCQgzVFj5TAkFQKbYbsc0I+I5quxi6tDOkzuRMBiP b6v4XbEBXpeNAfiDcOT7OXW+Tg2e4EuJ5jtvFdmZ8YROAia1pOhlF1Tpn/tA/+hEUj44 02QpwkdkaXeu2695XHono03hTjtvatXW/woAngFwlauUnFZBW4nd989R7JuMCn3Y5wAR TQ== Received: from p1lg14881.it.hpe.com (p1lg14881.it.hpe.com [16.230.97.202]) by mx0b-002e3701.pphosted.com (PPS) with ESMTPS id 3j19wer08y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Aug 2022 23:21:25 +0000 Received: from p1lg14886.dc01.its.hpecorp.net (unknown [10.119.18.237]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by p1lg14881.it.hpe.com (Postfix) with ESMTPS id CE82C804CA9; Wed, 17 Aug 2022 23:21:24 +0000 (UTC) Received: from adevxp033-sys.us.rdlabs.hpecorp.net (unknown [16.231.227.36]) by p1lg14886.dc01.its.hpecorp.net (Postfix) with ESMTP id 87D1F808E9C; Wed, 17 Aug 2022 23:21:24 +0000 (UTC) From: Robert Elliott To: herbert@gondor.apana.org.au, davem@davemloft.net, ebiggers@kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Robert Elliott Subject: [PATCH v2 10/10] crypto: Kconfig - add submenus Date: Wed, 17 Aug 2022 18:20:57 -0500 Message-Id: <20220817232057.73643-11-elliott@hpe.com> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220817232057.73643-1-elliott@hpe.com> References: <20220815190608.47182-9-elliott@hpe.com> <20220817232057.73643-1-elliott@hpe.com> X-Proofpoint-GUID: ApJzdwhHTUt2cKV82RLPUZtu-ooHgKzU X-Proofpoint-ORIG-GUID: ApJzdwhHTUt2cKV82RLPUZtu-ooHgKzU X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-HPE-SCL: -1 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-17_15,2022-08-16_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 bulkscore=0 adultscore=0 impostorscore=0 malwarescore=0 lowpriorityscore=0 suspectscore=0 mlxlogscore=917 clxscore=1015 mlxscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208170088 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Convert each comment section into a submenu: Cryptographic API Crypto core or helper Public-key cryptography AEAD (Authenticated Encryption with Associated Data) ciphers Block modes Hash modes Digests Ciphers Compression Random Number Generation User-space interface That helps find entries (e.g., searching for a name like SHA512 doesn't just report the location is Main menu -> Cryptography API, leaving you to wade through 153 entries; it points you to the Digests page). Move a few of the entries so they fall into the correct submenu and are better sorted. Signed-off-by: Robert Elliott --- crypto/Kconfig | 131 +++++++++++++++++++++++++++++-------------------- 1 file changed, 77 insertions(+), 54 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index b61626bf8ee2..3d59f843eb4c 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -21,7 +21,7 @@ menuconfig CRYPTO if CRYPTO -comment "Crypto core or helper" +menu "Crypto core or helper" config CRYPTO_FIPS bool "FIPS 200 compliance" @@ -214,7 +214,9 @@ menuconfig CRYPTO config CRYPTO_ENGINE tristate -comment "Public-key cryptography" +endmenu + +menu "Public-key cryptography" config CRYPTO_RSA tristate "RSA algorithm" @@ -295,7 +297,9 @@ menuconfig CRYPTO select CRYPTO_KPP select CRYPTO_LIB_CURVE25519_GENERIC -comment "Authenticated Encryption with Associated Data" +endmenu + +menu "AEAD (Authenticated Encryption with Associated Data) ciphers" config CRYPTO_CCM tristate "CCM support" @@ -364,7 +368,39 @@ menuconfig CRYPTO a sequence number xored with a salt. This is the default algorithm for CBC. -comment "Block modes" + This is required for IPsec ESP (XFRM_ESP). + +config CRYPTO_ESSIV + tristate "ESSIV support for block encryption" + select CRYPTO_AUTHENC + help + Encrypted salt-sector initialization vector (ESSIV) is an IV + generation method that is used in some cases by fscrypt and/or + dm-crypt. It uses the hash of the block encryption key as the + symmetric key for a block encryption pass applied to the input + IV, making low entropy IV sources more suitable for block + encryption. + + This driver implements a crypto API template that can be + instantiated either as an skcipher or as an AEAD (depending on the + type of the first template argument), and which defers encryption + and decryption requests to the encapsulated cipher after applying + ESSIV to the input IV. Note that in the AEAD case, it is assumed + that the keys are presented in the same format used by the authenc + template, and that the IV appears at the end of the authenticated + associated data (AAD) region (which is how dm-crypt uses it.) + + Note that the use of ESSIV is not recommended for new deployments, + and so this only needs to be enabled when interoperability with + existing encrypted volumes of filesystems is required, or when + building for a particular system that requires it (e.g., when + the SoC in question has accelerated CBC but not XTS, making CBC + combined with ESSIV the only feasible mode for h/w accelerated + block encryption) + +endmenu + +menu "Block modes" config CRYPTO_CBC tristate "CBC support" @@ -494,35 +530,9 @@ menuconfig CRYPTO If unsure, say N. -config CRYPTO_ESSIV - tristate "ESSIV support for block encryption" - select CRYPTO_AUTHENC - help - Encrypted salt-sector initialization vector (ESSIV) is an IV - generation method that is used in some cases by fscrypt and/or - dm-crypt. It uses the hash of the block encryption key as the - symmetric key for a block encryption pass applied to the input - IV, making low entropy IV sources more suitable for block - encryption. +endmenu - This driver implements a crypto API template that can be - instantiated either as an skcipher or as an AEAD (depending on the - type of the first template argument), and which defers encryption - and decryption requests to the encapsulated cipher after applying - ESSIV to the input IV. Note that in the AEAD case, it is assumed - that the keys are presented in the same format used by the authenc - template, and that the IV appears at the end of the authenticated - associated data (AAD) region (which is how dm-crypt uses it.) - - Note that the use of ESSIV is not recommended for new deployments, - and so this only needs to be enabled when interoperability with - existing encrypted volumes of filesystems is required, or when - building for a particular system that requires it (e.g., when - the SoC in question has accelerated CBC but not XTS, making CBC - combined with ESSIV the only feasible mode for h/w accelerated - block encryption) - -comment "Hash modes" +menu "Hash modes" config CRYPTO_CMAC tristate "CMAC support" @@ -564,7 +574,9 @@ menuconfig CRYPTO See also: -comment "Digest" +endmenu + +menu "Digests" config CRYPTO_CRC32C tristate "CRC32c CRC algorithm" @@ -583,13 +595,18 @@ menuconfig CRYPTO CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. Shash crypto api wrappers to crc32_le function. -config CRYPTO_XXHASH - tristate "xxHash hash algorithm" +config CRYPTO_CRCT10DIF + tristate "CRCT10DIF algorithm" select CRYPTO_HASH - select XXHASH help - xxHash non-cryptographic hash algorithm. Extremely fast, working at - speeds close to RAM limits. + CRC T10 Data Integrity Field computation is being cast as + a crypto transform. This allows for faster crc t10 diff + transforms to be used if they are available. + +config CRYPTO_CRC64_ROCKSOFT + tristate "Rocksoft Model CRC64 algorithm" + depends on CRC64 + select CRYPTO_HASH config CRYPTO_BLAKE2B tristate "BLAKE2b digest algorithm" @@ -626,19 +643,6 @@ menuconfig CRYPTO See https://blake2.net for further information. -config CRYPTO_CRCT10DIF - tristate "CRCT10DIF algorithm" - select CRYPTO_HASH - help - CRC T10 Data Integrity Field computation is being cast as - a crypto transform. This allows for faster crc t10 diff - transforms to be used if they are available. - -config CRYPTO_CRC64_ROCKSOFT - tristate "Rocksoft Model CRC64 algorithm" - depends on CRC64 - select CRYPTO_HASH - config CRYPTO_GHASH tristate "GHASH hash function" select CRYPTO_GF128MUL @@ -776,7 +780,17 @@ menuconfig CRYPTO See also: -comment "Ciphers" +config CRYPTO_XXHASH + tristate "xxHash hash algorithm" + select CRYPTO_HASH + select XXHASH + help + xxHash non-cryptographic hash algorithm. Extremely fast, working at + speeds close to RAM limits. + +endmenu + +menu "Ciphers" config CRYPTO_AES tristate "AES cipher algorithms" @@ -1050,7 +1064,9 @@ menuconfig CRYPTO Common parts of the Twofish cipher algorithm shared by the generic c and the assembler implementations. -comment "Compression" +endmenu + +menu "Compression" config CRYPTO_DEFLATE tristate "Deflate compression algorithm" @@ -1109,7 +1125,9 @@ menuconfig CRYPTO help This is the zstd algorithm. -comment "Random Number Generation" +endmenu + +menu "Random Number Generation" config CRYPTO_ANSI_CPRNG tristate "Pseudo Random Number Generation for Cryptographic modules" @@ -1166,6 +1184,8 @@ menuconfig CRYPTO_DRBG_MENU random numbers. This Jitterentropy RNG registers with the kernel crypto API and can be used by any caller. +endmenu + config CRYPTO_KDF800108_CTR tristate select CRYPTO_HMAC @@ -1174,6 +1194,7 @@ menuconfig CRYPTO_DRBG_MENU config CRYPTO_USER_API tristate +menu "User-space interface" config CRYPTO_USER_API_HASH tristate "User-space interface for hash algorithms" depends on NET @@ -1242,6 +1263,8 @@ menuconfig CRYPTO_DRBG_MENU - encrypt/decrypt/sign/verify numbers for asymmetric operations - generate/seed numbers for rng operations +endmenu + config CRYPTO_HASH_INFO bool