aboutsummaryrefslogtreecommitdiff
path: root/crypto/Kconfig
diff options
context:
space:
mode:
authorRobert Elliott2022-08-20 13:41:48 -0500
committerHerbert Xu2022-08-26 18:50:43 +0800
commit3f342a23257df99b792c1edb1236e85badc157de (patch)
treec5f9b81d1ee59818bd0ec4f22473481d479cfb13 /crypto/Kconfig
parente3d2eadd06b39b69fbbc27de8e3ac2db022e8616 (diff)
crypto: Kconfig - simplify hash entries
Shorten menu titles and make them consistent: - acronym - name - architecture features in parenthesis - no suffixes like "<something> algorithm", "support", or "hardware acceleration", or "optimized" Simplify help text descriptions, update references, and ensure that https references are still valid. Signed-off-by: Robert Elliott <elliott@hpe.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/Kconfig')
-rw-r--r--crypto/Kconfig176
1 files changed, 97 insertions, 79 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 5159a0efec84..0a385a7aa040 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -890,215 +890,233 @@ endmenu
menu "Hashes, digests, and MACs"
config CRYPTO_BLAKE2B
- tristate "BLAKE2b digest algorithm"
+ tristate "BLAKE2b"
select CRYPTO_HASH
help
- Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
- optimized for 64bit platforms and can produce digests of any size
- between 1 to 64. The keyed hash is also implemented.
+ BLAKE2b cryptographic hash function (RFC 7693)
- This module provides the following algorithms:
+ BLAKE2b is optimized for 64-bit platforms and can produce digests
+ of any size between 1 and 64 bytes. The keyed hash is also implemented.
+ This module provides the following algorithms:
- blake2b-160
- blake2b-256
- blake2b-384
- blake2b-512
+ Used by the btrfs filesystem.
+
See https://blake2.net for further information.
+ config CRYPTO_BLAKE2S
+ tristate "BLAKE2s"
+ select CRYPTO_LIB_BLAKE2S_GENERIC
+ select CRYPTO_HASH
+ help
+ BLAKE2s cryptographic hash function (RFC 7693)
+
+ BLAKE2s is optimized for 8 to 32-bit platforms and can produce
+ digests of any size between 1 and 32 bytes. The keyed hash is
+ also implemented.
+
+ This module provides the following algorithms:
+ - blake2s-128
+ - blake2s-160
+ - blake2s-224
+ - blake2s-256
+
+ Used by Wireguard.
+
+ See https://blake2.net for further information.
+
config CRYPTO_CMAC
- tristate "CMAC support"
+ tristate "CMAC (Cipher-based MAC)"
select CRYPTO_HASH
select CRYPTO_MANAGER
help
- Cipher-based Message Authentication Code (CMAC) specified by
- The National Institute of Standards and Technology (NIST).
-
- https://tools.ietf.org/html/rfc4493
- http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
+ CMAC (Cipher-based Message Authentication Code) authentication
+ mode (NIST SP800-38B and IETF RFC4493)
config CRYPTO_GHASH
- tristate "GHASH hash function"
+ tristate "GHASH"
select CRYPTO_GF128MUL
select CRYPTO_HASH
help
- GHASH is the hash function used in GCM (Galois/Counter Mode).
- It is not a general-purpose cryptographic hash function.
+ GCM GHASH function (NIST SP800-38D)
config CRYPTO_HMAC
- tristate "HMAC support"
+ tristate "HMAC (Keyed-Hash MAC)"
select CRYPTO_HASH
select CRYPTO_MANAGER
help
- HMAC: Keyed-Hashing for Message Authentication (RFC2104).
- This is required for IPSec.
+ HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and
+ RFC2104)
+
+ This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
config CRYPTO_MD4
- tristate "MD4 digest algorithm"
+ tristate "MD4"
select CRYPTO_HASH
help
- MD4 message digest algorithm (RFC1320).
+ MD4 message digest algorithm (RFC1320)
config CRYPTO_MD5
- tristate "MD5 digest algorithm"
+ tristate "MD5"
select CRYPTO_HASH
help
- MD5 message digest algorithm (RFC1321).
+ MD5 message digest algorithm (RFC1321)
config CRYPTO_MICHAEL_MIC
- tristate "Michael MIC keyed digest algorithm"
+ tristate "Michael MIC"
select CRYPTO_HASH
help
- Michael MIC is used for message integrity protection in TKIP
- (IEEE 802.11i). This algorithm is required for TKIP, but it
- should not be used for other purposes because of the weakness
- of the algorithm.
+ Michael MIC (Message Integrity Code) (IEEE 802.11i)
+
+ Defined by the IEEE 802.11i TKIP (Temporal Key Integrity Protocol),
+ known as WPA (Wif-Fi Protected Access).
+
+ This algorithm is required for TKIP, but it should not be used for
+ other purposes because of the weakness of the algorithm.
config CRYPTO_POLYVAL
tristate
select CRYPTO_GF128MUL
select CRYPTO_HASH
help
- POLYVAL is the hash function used in HCTR2. It is not a general-purpose
+ POLYVAL hash function for HCTR2
+
+ This is used in HCTR2. It is not a general-purpose
cryptographic hash function.
config CRYPTO_POLY1305
- tristate "Poly1305 authenticator algorithm"
+ tristate "Poly1305"
select CRYPTO_HASH
select CRYPTO_LIB_POLY1305_GENERIC
help
- Poly1305 authenticator algorithm, RFC7539.
+ Poly1305 authenticator algorithm (RFC7539)
Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
in IETF protocols. This is the portable C implementation of Poly1305.
config CRYPTO_RMD160
- tristate "RIPEMD-160 digest algorithm"
+ tristate "RIPEMD-160"
select CRYPTO_HASH
help
- RIPEMD-160 (ISO/IEC 10118-3:2004).
+ RIPEMD-160 hash function (ISO/IEC 10118-3)
RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
to be used as a secure replacement for the 128-bit hash functions
MD4, MD5 and its predecessor RIPEMD
(not to be confused with RIPEMD-128).
- It's speed is comparable to SHA1 and there are no known attacks
+ Its speed is comparable to SHA-1 and there are no known attacks
against RIPEMD-160.
Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
- See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
+ See https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
+ for further information.
config CRYPTO_SHA1
- tristate "SHA1 digest algorithm"
+ tristate "SHA-1"
select CRYPTO_HASH
select CRYPTO_LIB_SHA1
help
- SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
+ SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3)
config CRYPTO_SHA256
- tristate "SHA224 and SHA256 digest algorithm"
+ tristate "SHA-224 and SHA-256"
select CRYPTO_HASH
select CRYPTO_LIB_SHA256
help
- SHA256 secure hash standard (DFIPS 180-2).
-
- This version of SHA implements a 256 bit hash with 128 bits of
- security against collision attacks.
+ SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
- This code also includes SHA-224, a 224 bit hash with 112 bits
- of security against collision attacks.
+ This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
+ Used by the btrfs filesystem, Ceph, NFS, and SMB.
config CRYPTO_SHA512
- tristate "SHA384 and SHA512 digest algorithms"
+ tristate "SHA-384 and SHA-512"
select CRYPTO_HASH
help
- SHA512 secure hash standard (DFIPS 180-2).
-
- This version of SHA implements a 512 bit hash with 256 bits of
- security against collision attacks.
-
- This code also includes SHA-384, a 384 bit hash with 192 bits
- of security against collision attacks.
+ SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
config CRYPTO_SHA3
- tristate "SHA3 digest algorithm"
+ tristate "SHA-3"
select CRYPTO_HASH
help
- SHA-3 secure hash standard (DFIPS 202). It's based on
- cryptographic sponge function family called Keccak.
-
- References:
- http://keccak.noekeon.org/
+ SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3)
config CRYPTO_SM3
tristate
config CRYPTO_SM3_GENERIC
- tristate "SM3 digest algorithm"
+ tristate "SM3 (ShangMi 3)"
select CRYPTO_HASH
select CRYPTO_SM3
help
- SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
- It is part of the Chinese Commercial Cryptography suite.
+ SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3)
+
+ This is part of the Chinese Commercial Cryptography suite.
References:
http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
config CRYPTO_STREEBOG
- tristate "Streebog Hash Function"
+ tristate "Streebog"
select CRYPTO_HASH
help
- Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
- cryptographic standard algorithms (called GOST algorithms).
- This setting enables two hash algorithms with 256 and 512 bits output.
+ Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3)
+
+ This is one of the Russian cryptographic standard algorithms (called
+ GOST algorithms). This setting enables two hash algorithms with
+ 256 and 512 bits output.
References:
https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
https://tools.ietf.org/html/rfc6986
config CRYPTO_VMAC
- tristate "VMAC support"
+ tristate "VMAC"
select CRYPTO_HASH
select CRYPTO_MANAGER
help
VMAC is a message authentication algorithm designed for
very high speed on 64-bit architectures.
- See also:
- <https://fastcrypto.org/vmac>
+ See https://fastcrypto.org/vmac for further information.
config CRYPTO_WP512
- tristate "Whirlpool digest algorithms"
+ tristate "Whirlpool"
select CRYPTO_HASH
help
- Whirlpool hash algorithm 512, 384 and 256-bit hashes
+ Whirlpool hash function (ISO/IEC 10118-3)
+
+ 512, 384 and 256-bit hashes.
Whirlpool-512 is part of the NESSIE cryptographic primitives.
- Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
- See also:
- <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
+ See https://web.archive.org/web/20171129084214/http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
+ for further information.
config CRYPTO_XCBC
- tristate "XCBC support"
+ tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)"
select CRYPTO_HASH
select CRYPTO_MANAGER
help
- XCBC: Keyed-Hashing with encryption algorithm
- https://www.ietf.org/rfc/rfc3566.txt
- http://csrc.nist.gov/encryption/modes/proposedmodes/
- xcbc-mac/xcbc-mac-spec.pdf
+ XCBC-MAC (Extended Cipher Block Chaining Message Authentication
+ Code) (RFC3566)
config CRYPTO_XXHASH
- tristate "xxHash hash algorithm"
+ tristate "xxHash"
select CRYPTO_HASH
select XXHASH
help
- xxHash non-cryptographic hash algorithm. Extremely fast, working at
- speeds close to RAM limits.
+ xxHash non-cryptographic hash algorithm
+
+ Extremely fast, working at speeds close to RAM limits.
+
+ Used by the btrfs filesystem.
endmenu