| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Aug 2022 05:44:09 +0000
From: "Elliott, Robert (Servers)" <elliott@....com>
To: Eric Biggers <ebiggers@...nel.org>
CC: "herbert@...dor.apana.org.au" <herbert@...dor.apana.org.au>,
"davem@...emloft.net" <davem@...emloft.net>,
"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH v2 10/10] crypto: Kconfig - add submenus
> -----Original Message-----
> From: Eric Biggers <ebiggers@...nel.org>
> Sent: Wednesday, August 17, 2022 11:44 PM
> To: Elliott, Robert (Servers) <elliott@....com>
> Cc: herbert@...dor.apana.org.au; davem@...emloft.net; linux-
> crypto@...r.kernel.org; linux-kernel@...r.kernel.org
> Subject: Re: [PATCH v2 10/10] crypto: Kconfig - add submenus
>
> On Wed, Aug 17, 2022 at 06:20:57PM -0500, Robert Elliott wrote:
> > Convert each comment section into a submenu:
> > Cryptographic API
> > Crypto core or helper
> > Public-key cryptography
> > AEAD (Authenticated Encryption with Associated Data) ciphers
> > Block modes
> > Hash modes
> > Digests
> > Ciphers
> > Compression
> > Random Number Generation
> > User-space interface
>
> Thanks for doing this!
>
> Some of these proposed categories are confusing. By "hash mode" you
> mean a mode that operates as a hash, not that uses a hash, right?
> (CMAC is included.)
> So what is "block mode", then? And what's the difference between that and
> "ciphers"? What about modes that use both a hash and a block cipher,
> like Adiantum and HCTR2? And there is a category for "Ciphers", but then a
> category at the same level for "AEAD ciphers"?
>
> Some of the naming used in the code is poor, which is unfortunate and
> is not your fault, e.g. crypto_cipher really should be crypto_blockcipher.
> But this doesn't need to be carried through in these new menus.
Yeah, those are just the way the existing comment sections were
structured. I'm all for improving the structure.
>
> Just brainstorming, how about the following:
>
> * Block ciphers
> => i.e. crypto_cipher algorithms
This could be characterized as algorithms that are length preserving, but
only processes one block.
> * AEAD (Authenticated Encryption with Associated Data) ciphers
> => i.e. crypto_aead algorithms (and templates)
That could be viewed as any algorithm or template that has
output size > input size
> * Length-preserving symmetric ciphers
> => i.e. crypto_skcipher algorithms (and templates)
That could be viewed as any algorithm or template that processes more
than one block and has:
output size = input size
> * Digests and MACs
> => i.e. crypto_shash and crypto_ahash algorithms (and templates)
That could be viewed as any algorithm or template with
output size < input size
There are a lot of digests now (20). We could move the 4 CRC algorithms
into their own category since they're not really cryptographic, which
would make space for the MACs.
> Those 4 categories would replace your 5 categories "AEAD ciphers",
> "Block modes", "Hash modes", "Digests", and "Ciphers".
>
> CRYPTO_AUTHENC would go in the AEAD ciphers category, while
> CRYPTO_ESSIV would go in length-preserving symmetric ciphers.
> (CRYPTO_ESSIV registers a crypto_aead too, for a weird reason, but that
> is an obscure case not worth worrying about.) CRYPTO_CHACHA would go
> in length-preserving symmetric ciphers since it's a stream cipher.
These are the module and driver names in each current section:
Crypto core or helper
Module: fips
Module(s): crypto_null
Module(s): pcrypt
Driver(s): pcrypt(...)
Module(s): cryptd
Driver(s): cryptd(...)
Module(s): authenc
Driver(s): authenc(...)
Module(s): tcrypt
Public-key cryptography
Module(s): rsa_generic
Driver(s): rsa-generic
Module(s): dh_generic
Driver(s): dh-generic
Module(s): ecdh_generic
Driver(s): ecdh-nist-p192-generic, ecdh-nist-p256-generic, ecdh-nist-p384-generic
Module(s): ecdsa_generic
Driver(s): ecdsa-nist-p384-generic, ecdsa-nist-p256-generic, ecdsa-nist-p192-generic
Module(s): ecrdsa_generic
Driver(s): ecrdsa-generic
Module(s): sm2_generic
Driver(s): sm2-generic
Module(s): curve25519-generic
Driver(s): curve25519-generic
AEAD (Authenticated Encryption with Associated Data) ciphers
Module(s): ccm
Driver(s): ccm_base(...), rfc4309(...)
Module(s): gcm
Driver(s): gcm_base(...), rfc4106(...), rfc4543(...)
Module(s): chacha20poly1305
Driver(s): rfc7539(...), rfc7539esp(...)
Module(s): aegis128
Driver(s): aegis128-generic
Module(s): aegis128
Driver(s): aegis128-simd
Module(s): seqiv
Driver(s): seqiv(...)
Module(s): echainiv
Driver(s): echainiv(...)
Module(s): essiv
Driver(s): essiv(...)
Block modes
Module(s): cbc
Driver(s): cbc(...)
Module(s): cfb
Driver(s): cfb(...)
Module(s): ctr
Driver(s): ctr(...), rfc3686(...)
Module(s): cts
Driver(s): cts(...)
Module(s): ecb
Driver(s): ecb(...)
Module(s): lrw
Driver(s): lrw(...)
Module(s): ofb
Driver(s): ofb(...)
Module(s): pcbc
Driver(s): pcbc(...)
Module(s): xts
Driver(s): xts(...)
Module(s): keywrap
Driver(s): kw(...)
Module(s): nhpoly1305
Driver(s): nhpoly1305-generic
Module(s): adiantum
Driver(s): adiantum(...)
Hash modes
Module(s): cmac
Driver(s): cmac(...)
Module(s): hmac
Driver(s): hmac(...)
Module(s): xcbc
Driver(s): xcbc(...)
Module(s): vmac
Driver(s): vmac64(...)
Digests
Module(s): crc32c_generic
Driver(s): crc32c-generic
Module(s): crc32_generic
Driver(s): crc32-generic
Module(s): crct10dif_generic
Driver(s): crct10dif-generic
Module(s): crc64_rocksoft_generic
Driver(s): crc64-rocksoft-generic
Module(s): blake2b
Driver(s): blake2b-160-generic, blake2b-256-generic, blake2b-384-generic, blake2b-512-generic
Module(s): blake2s_generic
Driver(s): blake2s-128-generic, blake2s-160-generic, blake2s-224-generic, blake2s-256-generic
Module(s): ghash-generic
Driver(s): ghash-generic
Module(s): poly1305_generic
Driver(s): poly1305-generic
Module(s): md4
Driver(s): md4-generic
Module(s): md5
Driver(s): md5-generic
Module(s): michael_mic
Driver(s): michael_mic-generic
Module(s): rmd160
Driver(s): rmd160-generic
Module(s): sha1_generic
Driver(s): sha1-generic
Module(s): sha256_generic
Driver(s): sha224-generic, sha256-generic
Module(s): sha512_generic
Driver(s): sha384-generic, sha512-generic
Module(s): sha3_generic
Driver(s): sha3-224-generic, sha3-256-generic, sha3-384-generic, sha3-512-generic
Module(s): sm3_generic
Driver(s): sm3-generic
Module(s): streebog_generic
Driver(s): streebog256-generic, streebog512-generic
Module(s): wp512
Driver(s): wp256-generic, wp384-generic, wp512-generic
Module(s): xxhash_generic
Driver(s): xxhash64-generic
Ciphers
Module(s): aes_generic
Driver(s): aes-generic
Module(s): aes_ti
Driver(s): aes-fixed-time
Module(s): anubis
Driver(s): anubis-generic
Module(s): arc4
Driver(s): ecb(arc4)-generic
Module(s): blowfish_generic
Driver(s): blowfish-generic
Module(s): blowfish_common
Module(s): camellia_generic
Driver(s): camellia-generic
Module(s): cast_common
Module(s): cast5_generic
Driver(s): cast5-generic
Module(s): cast6_generic
Driver(s): cast6-generic
Module(s): des_generic
Driver(s): des-generic, des3_ede-generic
Module(s): fcrypt
Driver(s): fcrypt-generic
Module(s): khazad
Driver(s): khazad-generic
Module(s): chacha_generic
Driver(s): chacha20-generic, xchacha20-generic, xchacha12-generic
Module(s): seed
Driver(s): seed-generic
Module(s): serpent_generic
Driver(s): serpent-generic
Module(s): sm4_generic
Driver(s): sm4-generic
Module(s): tea
Driver(s): tea-generic, xtea-generic, xeta-generic
Module(s): twofish_generic
Driver(s): twofish-generic
Module(s): twofish_common
Compression
Module(s): deflate
Driver(s): deflate-generic, deflate-scomp, zlib-deflate-scomp
Module(s): lzo, lzo-rle
Driver(s): lzo-generic, lzo-scomp, lzo-rle-generic, lzo-rle-scomp
Module(s): 842
Driver(s): 842-generic, 842-scomp
Module(s): lz4
Driver(s): lz4-generic, lz4-scomp
Module(s): lz4hc
Driver(s): lz4hc-generic, lz4hc-scomp
Module(s): zstd
Driver(s): zstd-generic, zstd-scomp
Random Number Generation
Module(s): ansi_cprng
Driver(s): ansi_cprng, fips_ansi_cprng
# Driver(s): drbg_[pr|nopr]_hmac_sha[1,256,384,512]
Driver(s): drbg_[pr|nopr]_sha[1,256,384,512]
Driver(s): drbg_[pr|nopr][_ctr_aes[128,192,256]
Module(s): jitterentropy_rng
Driver(s): jitterentropy_rng
User-space interface
Module(s): algif_hash
Module(s): algif_skcipher
Module(s): algif_rng
Module(s): algif_aead
Powered by blists - more mailing lists