lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220815190608.47182-5-elliott@hpe.com>
Date:   Mon, 15 Aug 2022 14:06:04 -0500
From:   Robert Elliott <elliott@....com>
To:     herbert@...dor.apana.org.au, davem@...emloft.net,
        linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Cc:     toshi.kani@....com, Robert Elliott <elliott@....com>
Subject: [PATCH 4/8] crypto: Kconfig - simplify AEAD and block mode entries

Shorten menu titles and help text and make them consistent:
* acronym
* name
* architecture and architecture features in parenthesis
* no suffixes like "<something> algorithm", "support", or
"hardware acceleration", or "optimized"

Clarify architecture restrictions (e.g., include x86 in the names of
all the x86-optimized modules.

Simplify descriptions, update references, and ensure that https
references are still valid.

Signed-off-by: Robert Elliott <elliott@....com>
---
 crypto/Kconfig | 133 +++++++++++++++++++++++++++----------------------
 1 file changed, 74 insertions(+), 59 deletions(-)

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 045ef2a92449..703c91e8e7a0 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -198,7 +198,8 @@ menu "Crypto core or helper"
 	select CRYPTO_NULL
 	help
 	  Authenc: Combined mode wrapper for IPsec.
-	  This is required for IPSec.
+
+	  This is required for IPSec ESP (XFRM_ESP).
 
 config CRYPTO_TEST
 	tristate "Testing module"
@@ -319,57 +320,65 @@ menu "Public-key cryptography"
 menu "AEAD (Authenticated Encryption with Associated Data) ciphers"
 
 config CRYPTO_CCM
-	tristate "CCM support"
+	tristate "CCM (Counter with Cipher Block Chaining-Message Authentication Code)"
 	select CRYPTO_CTR
 	select CRYPTO_HASH
 	select CRYPTO_AEAD
 	select CRYPTO_MANAGER
 	help
-	  Support for Counter with CBC MAC. Required for IPsec.
+	  CCM (Counter with Cipher Block Chaining-Message Authentication Code)
+	  authenticated encryption mode (NIST SP800-38C)
 
 config CRYPTO_GCM
-	tristate "GCM/GMAC support"
+	tristate "GCM (Galois/Counter Mode) and GMAC (GCM Message Authentication Code)"
 	select CRYPTO_CTR
 	select CRYPTO_AEAD
 	select CRYPTO_GHASH
 	select CRYPTO_NULL
 	select CRYPTO_MANAGER
 	help
-	  Support for Galois/Counter Mode (GCM) and Galois Message
-	  Authentication Code (GMAC). Required for IPSec.
+	  GCM (Galois/Counter Mode) authenticated encryption mode and GMAC
+	  (GCM Message Authentication Code) (NIST SP800-38D)
+
+	  This is required for IPSec ESP (XFRM_ESP).
 
 config CRYPTO_CHACHA20POLY1305
-	tristate "ChaCha20-Poly1305 AEAD support"
+	tristate "ChaCha20-Poly1305"
 	select CRYPTO_CHACHA20
 	select CRYPTO_POLY1305
 	select CRYPTO_AEAD
 	select CRYPTO_MANAGER
 	help
-	  ChaCha20-Poly1305 AEAD support, RFC7539.
-
-	  Support for the AEAD wrapper using the ChaCha20 stream cipher combined
-	  with the Poly1305 authenticator. It is defined in RFC7539 for use in
-	  IETF protocols.
+	  ChaCha20 stream cipher and Poly1305 authenticator combined
+	  mode (RFC8439)
 
 config CRYPTO_AEGIS128
-	tristate "AEGIS-128 AEAD algorithm"
+	tristate "AEGIS-128"
 	select CRYPTO_AEAD
 	select CRYPTO_AES  # for AES S-box tables
 	help
-	 Support for the AEGIS-128 dedicated AEAD algorithm.
+	  AEGIS-128 AEAD algorithm
 
 config CRYPTO_AEGIS128_SIMD
-	bool "Support SIMD acceleration for AEGIS-128"
+	bool "AEGIS-128 (arm SIMD acceleration)"
 	depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
 	default y
+	help
+	  AEGIS-128 AEAD algorithm
+
+	  Architecture: arm using the Neon SIMD architecture extension
 
 config CRYPTO_AEGIS128_AESNI_SSE2
-	tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
+	tristate "AEGIS-128 (x86_64 with AES-NI/SSE2)"
 	depends on X86 && 64BIT
 	select CRYPTO_AEAD
 	select CRYPTO_SIMD
 	help
-	 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
+	  AEGIS-128 AEAD algorithm
+
+	  Architecture: x86_64 using:
+	  * AES-NI (AES New Instructions)
+	  * SSE2 (Streaming SIMD Extensions 2)
 
 config CRYPTO_SEQIV
 	tristate "Sequence Number IV Generator"
@@ -380,7 +389,9 @@ menu "AEAD (Authenticated Encryption with Associated Data) ciphers"
 	select CRYPTO_MANAGER
 	help
 	  This IV generator generates an IV based on a sequence number by
-	  xoring it with a salt.  This algorithm is mainly useful for CTR
+	  xoring it with a salt.  This algorithm is mainly useful for CTR.
+
+	  This is required for IPsec ESP (XFRM_ESP).
 
 config CRYPTO_ECHAINIV
 	tristate "Encrypted Chain IV Generator"
@@ -400,72 +411,69 @@ menu "AEAD (Authenticated Encryption with Associated Data) ciphers"
 menu "Block modes"
 
 config CRYPTO_CBC
-	tristate "CBC support"
+	tristate "CBC (Cipher Block Chaining)"
 	select CRYPTO_SKCIPHER
 	select CRYPTO_MANAGER
 	help
-	  CBC: Cipher Block Chaining mode
-	  This block cipher algorithm is required for IPSec.
+	  CBC (Cipher Block Chaining) mode (NIST SP800-38A)
+
+	  This block cipher mode is required for IPSec ESP (XFRM_ESP).
 
 config CRYPTO_CFB
-	tristate "CFB support"
+	tristate "CFB (Cipher Feedback)"
 	select CRYPTO_SKCIPHER
 	select CRYPTO_MANAGER
 	help
-	  CFB: Cipher FeedBack mode
-	  This block cipher algorithm is required for TPM2 Cryptography.
+	  CFB (Cipher Feedback) mode (NIST SP800-38A)
+
+	  This block cipher mode is required for TPM2 Cryptography.
 
 config CRYPTO_CTR
-	tristate "CTR support"
+	tristate "CTR (Counter)"
 	select CRYPTO_SKCIPHER
 	select CRYPTO_MANAGER
 	help
-	  CTR: Counter mode
-	  This block cipher algorithm is required for IPSec.
+	  CTR (Counter) mode (NIST SP800-38A)
 
 config CRYPTO_CTS
-	tristate "CTS support"
+	tristate "CTS (Cipher Text Stealing)"
 	select CRYPTO_SKCIPHER
 	select CRYPTO_MANAGER
 	help
-	  CTS: Cipher Text Stealing
-	  This is the Cipher Text Stealing mode as described by
-	  Section 8 of rfc2040 and referenced by rfc3962
-	  (rfc3962 includes errata information in its Appendix A) or
-	  CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
+	  CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST
+	  Addendum to SP800-38A (October 2010))
+
 	  This mode is required for Kerberos gss mechanism support
 	  for AES encryption.
 
-	  See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
-
 config CRYPTO_ECB
-	tristate "ECB support"
+	tristate "ECB (Electronic Codebook)"
 	select CRYPTO_SKCIPHER
 	select CRYPTO_MANAGER
 	help
-	  ECB: Electronic CodeBook mode
-	  This is the simplest block cipher algorithm.  It simply encrypts
-	  the input block by block.
+	  ECB (Electronic Codebook) mode (NIST SP800-38A)
 
 config CRYPTO_LRW
-	tristate "LRW support"
+	tristate "LRW (Liskov Rivest Wagner)"
 	select CRYPTO_SKCIPHER
 	select CRYPTO_MANAGER
 	select CRYPTO_GF128MUL
 	select CRYPTO_ECB
 	help
-	  LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
+	  LRW (Liskov Rivest Wagner) mode, a tweakable, non malleable, non movable
 	  narrow block cipher mode for dm-crypt.  Use it with cipher
 	  specification string aes-lrw-benbi, the key must be 256, 320 or 384.
 	  The first 128, 192 or 256 bits in the key are used for AES and the
 	  rest is used to tie each cipher block to its logical position.
 
 config CRYPTO_OFB
-	tristate "OFB support"
+	tristate "OFB (Output Feedback)"
 	select CRYPTO_SKCIPHER
 	select CRYPTO_MANAGER
 	help
-	  OFB: the Output Feedback mode makes a block cipher into a synchronous
+	  OFB (Output Feedback) mode (NIST SP800-38A)
+
+	  This mode makes a block cipher into a synchronous
 	  stream cipher. It generates keystream blocks, which are then XORed
 	  with the plaintext blocks to get the ciphertext. Flipping a bit in the
 	  ciphertext produces a flipped bit in the plaintext at the same
@@ -473,30 +481,33 @@ menu "Block modes"
 	  normally even when applied before encryption.
 
 config CRYPTO_PCBC
-	tristate "PCBC support"
+	tristate "PCBC (Propagating Cipher Block Chaining)"
 	select CRYPTO_SKCIPHER
 	select CRYPTO_MANAGER
 	help
-	  PCBC: Propagating Cipher Block Chaining mode
+	  PCBC (Propagating Cipher Block Chaining) mode
 	  This block cipher algorithm is required for RxRPC.
 
 config CRYPTO_XTS
-	tristate "XTS support"
+	tristate "XTS (XOR Encrypt XOR with ciphertext stealing)"
 	select CRYPTO_SKCIPHER
 	select CRYPTO_MANAGER
 	select CRYPTO_ECB
 	help
-	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
-	  key size 256, 384 or 512 bits. This implementation currently
-	  can't handle a sectorsize which is not a multiple of 16 bytes.
+	  XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
+	  and IEEE 1619)
+
+	  Use with aes-xts-plain, key size 256, 384 or 512 bits. This
+	  implementation currently can't handle a sectorsize which is not a
+	  multiple of 16 bytes.
 
 config CRYPTO_KEYWRAP
-	tristate "Key wrapping support"
+	tristate "KW (AES Key Wrap)"
 	select CRYPTO_SKCIPHER
 	select CRYPTO_MANAGER
 	help
-	  Support for key wrapping (NIST SP800-38F / RFC3394) without
-	  padding.
+	  KW (AES Key Wrap) authenticated encryption mode (NIST SP800-38F
+	  and RFC3394) without padding.
 
 config CRYPTO_NHPOLY1305
 	tristate
@@ -504,23 +515,27 @@ menu "Block modes"
 	select CRYPTO_LIB_POLY1305_GENERIC
 
 config CRYPTO_NHPOLY1305_SSE2
-	tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
+	tristate "NHPoly1305 (x86_64 with SSE2)"
 	depends on X86 && 64BIT
 	select CRYPTO_NHPOLY1305
 	help
-	  SSE2 optimized implementation of the hash function used by the
-	  Adiantum encryption mode.
+	  NHPoly1305 hash function (Adiantum)
+
+	  Architecture: x86_64 using:
+	  * SSE2 (Streaming SIMD Extensions 2)
 
 config CRYPTO_NHPOLY1305_AVX2
-	tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
+	tristate "NHPoly1305 (x86_64 with AVX2)"
 	depends on X86 && 64BIT
 	select CRYPTO_NHPOLY1305
 	help
-	  AVX2 optimized implementation of the hash function used by the
-	  Adiantum encryption mode.
+	  NHPoly1305 hash function (Adiantum)
+
+	  Architecture: x86_64 using:
+	  * AVX2 (Advanced Vector Extensions 2)
 
 config CRYPTO_ADIANTUM
-	tristate "Adiantum support"
+	tristate "Adiantum"
 	select CRYPTO_CHACHA20
 	select CRYPTO_LIB_POLY1305_GENERIC
 	select CRYPTO_NHPOLY1305
-- 
2.37.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ