| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220817232057.73643-11-elliott@hpe.com>
Date: Wed, 17 Aug 2022 18:20:57 -0500
From: Robert Elliott <elliott@....com>
To: herbert@...dor.apana.org.au, davem@...emloft.net,
ebiggers@...nel.org, linux-crypto@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: Robert Elliott <elliott@....com>
Subject: [PATCH v2 10/10] crypto: Kconfig - add submenus
Convert each comment section into a submenu:
Cryptographic API
Crypto core or helper
Public-key cryptography
AEAD (Authenticated Encryption with Associated Data) ciphers
Block modes
Hash modes
Digests
Ciphers
Compression
Random Number Generation
User-space interface
That helps find entries (e.g., searching for a name like SHA512 doesn't
just report the location is Main menu -> Cryptography API, leaving you
to wade through 153 entries; it points you to the Digests page).
Move a few of the entries so they fall into the correct submenu
and are better sorted.
Signed-off-by: Robert Elliott <elliott@....com>
---
crypto/Kconfig | 131 +++++++++++++++++++++++++++++--------------------
1 file changed, 77 insertions(+), 54 deletions(-)
diff --git a/crypto/Kconfig b/crypto/Kconfig
index b61626bf8ee2..3d59f843eb4c 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -21,7 +21,7 @@ menuconfig CRYPTO
if CRYPTO
-comment "Crypto core or helper"
+menu "Crypto core or helper"
config CRYPTO_FIPS
bool "FIPS 200 compliance"
@@ -214,7 +214,9 @@ menuconfig CRYPTO
config CRYPTO_ENGINE
tristate
-comment "Public-key cryptography"
+endmenu
+
+menu "Public-key cryptography"
config CRYPTO_RSA
tristate "RSA algorithm"
@@ -295,7 +297,9 @@ menuconfig CRYPTO
select CRYPTO_KPP
select CRYPTO_LIB_CURVE25519_GENERIC
-comment "Authenticated Encryption with Associated Data"
+endmenu
+
+menu "AEAD (Authenticated Encryption with Associated Data) ciphers"
config CRYPTO_CCM
tristate "CCM support"
@@ -364,7 +368,39 @@ menuconfig CRYPTO
a sequence number xored with a salt. This is the default
algorithm for CBC.
-comment "Block modes"
+ This is required for IPsec ESP (XFRM_ESP).
+
+config CRYPTO_ESSIV
+ tristate "ESSIV support for block encryption"
+ select CRYPTO_AUTHENC
+ help
+ Encrypted salt-sector initialization vector (ESSIV) is an IV
+ generation method that is used in some cases by fscrypt and/or
+ dm-crypt. It uses the hash of the block encryption key as the
+ symmetric key for a block encryption pass applied to the input
+ IV, making low entropy IV sources more suitable for block
+ encryption.
+
+ This driver implements a crypto API template that can be
+ instantiated either as an skcipher or as an AEAD (depending on the
+ type of the first template argument), and which defers encryption
+ and decryption requests to the encapsulated cipher after applying
+ ESSIV to the input IV. Note that in the AEAD case, it is assumed
+ that the keys are presented in the same format used by the authenc
+ template, and that the IV appears at the end of the authenticated
+ associated data (AAD) region (which is how dm-crypt uses it.)
+
+ Note that the use of ESSIV is not recommended for new deployments,
+ and so this only needs to be enabled when interoperability with
+ existing encrypted volumes of filesystems is required, or when
+ building for a particular system that requires it (e.g., when
+ the SoC in question has accelerated CBC but not XTS, making CBC
+ combined with ESSIV the only feasible mode for h/w accelerated
+ block encryption)
+
+endmenu
+
+menu "Block modes"
config CRYPTO_CBC
tristate "CBC support"
@@ -494,35 +530,9 @@ menuconfig CRYPTO
If unsure, say N.
-config CRYPTO_ESSIV
- tristate "ESSIV support for block encryption"
- select CRYPTO_AUTHENC
- help
- Encrypted salt-sector initialization vector (ESSIV) is an IV
- generation method that is used in some cases by fscrypt and/or
- dm-crypt. It uses the hash of the block encryption key as the
- symmetric key for a block encryption pass applied to the input
- IV, making low entropy IV sources more suitable for block
- encryption.
+endmenu
- This driver implements a crypto API template that can be
- instantiated either as an skcipher or as an AEAD (depending on the
- type of the first template argument), and which defers encryption
- and decryption requests to the encapsulated cipher after applying
- ESSIV to the input IV. Note that in the AEAD case, it is assumed
- that the keys are presented in the same format used by the authenc
- template, and that the IV appears at the end of the authenticated
- associated data (AAD) region (which is how dm-crypt uses it.)
-
- Note that the use of ESSIV is not recommended for new deployments,
- and so this only needs to be enabled when interoperability with
- existing encrypted volumes of filesystems is required, or when
- building for a particular system that requires it (e.g., when
- the SoC in question has accelerated CBC but not XTS, making CBC
- combined with ESSIV the only feasible mode for h/w accelerated
- block encryption)
-
-comment "Hash modes"
+menu "Hash modes"
config CRYPTO_CMAC
tristate "CMAC support"
@@ -564,7 +574,9 @@ menuconfig CRYPTO
See also:
<https://fastcrypto.org/vmac>
-comment "Digest"
+endmenu
+
+menu "Digests"
config CRYPTO_CRC32C
tristate "CRC32c CRC algorithm"
@@ -583,13 +595,18 @@ menuconfig CRYPTO
CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
Shash crypto api wrappers to crc32_le function.
-config CRYPTO_XXHASH
- tristate "xxHash hash algorithm"
+config CRYPTO_CRCT10DIF
+ tristate "CRCT10DIF algorithm"
select CRYPTO_HASH
- select XXHASH
help
- xxHash non-cryptographic hash algorithm. Extremely fast, working at
- speeds close to RAM limits.
+ CRC T10 Data Integrity Field computation is being cast as
+ a crypto transform. This allows for faster crc t10 diff
+ transforms to be used if they are available.
+
+config CRYPTO_CRC64_ROCKSOFT
+ tristate "Rocksoft Model CRC64 algorithm"
+ depends on CRC64
+ select CRYPTO_HASH
config CRYPTO_BLAKE2B
tristate "BLAKE2b digest algorithm"
@@ -626,19 +643,6 @@ menuconfig CRYPTO
See https://blake2.net for further information.
-config CRYPTO_CRCT10DIF
- tristate "CRCT10DIF algorithm"
- select CRYPTO_HASH
- help
- CRC T10 Data Integrity Field computation is being cast as
- a crypto transform. This allows for faster crc t10 diff
- transforms to be used if they are available.
-
-config CRYPTO_CRC64_ROCKSOFT
- tristate "Rocksoft Model CRC64 algorithm"
- depends on CRC64
- select CRYPTO_HASH
-
config CRYPTO_GHASH
tristate "GHASH hash function"
select CRYPTO_GF128MUL
@@ -776,7 +780,17 @@ menuconfig CRYPTO
See also:
<http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
-comment "Ciphers"
+config CRYPTO_XXHASH
+ tristate "xxHash hash algorithm"
+ select CRYPTO_HASH
+ select XXHASH
+ help
+ xxHash non-cryptographic hash algorithm. Extremely fast, working at
+ speeds close to RAM limits.
+
+endmenu
+
+menu "Ciphers"
config CRYPTO_AES
tristate "AES cipher algorithms"
@@ -1050,7 +1064,9 @@ menuconfig CRYPTO
Common parts of the Twofish cipher algorithm shared by the
generic c and the assembler implementations.
-comment "Compression"
+endmenu
+
+menu "Compression"
config CRYPTO_DEFLATE
tristate "Deflate compression algorithm"
@@ -1109,7 +1125,9 @@ menuconfig CRYPTO
help
This is the zstd algorithm.
-comment "Random Number Generation"
+endmenu
+
+menu "Random Number Generation"
config CRYPTO_ANSI_CPRNG
tristate "Pseudo Random Number Generation for Cryptographic modules"
@@ -1166,6 +1184,8 @@ menuconfig CRYPTO_DRBG_MENU
random numbers. This Jitterentropy RNG registers with
the kernel crypto API and can be used by any caller.
+endmenu
+
config CRYPTO_KDF800108_CTR
tristate
select CRYPTO_HMAC
@@ -1174,6 +1194,7 @@ menuconfig CRYPTO_DRBG_MENU
config CRYPTO_USER_API
tristate
+menu "User-space interface"
config CRYPTO_USER_API_HASH
tristate "User-space interface for hash algorithms"
depends on NET
@@ -1242,6 +1263,8 @@ menuconfig CRYPTO_DRBG_MENU
- encrypt/decrypt/sign/verify numbers for asymmetric operations
- generate/seed numbers for rng operations
+endmenu
+
config CRYPTO_HASH_INFO
bool
--
2.37.1
Powered by blists - more mailing lists