diff mbox series

[v2,10/10] crypto: Kconfig - add submenus

Message ID 20220817232057.73643-11-elliott@hpe.com (mailing list archive)
State Superseded
Delegated to: Herbert Xu
Headers show
Series crypto: Kconfig - simplify menus and help text | expand

Commit Message

Elliott, Robert (Servers) Aug. 17, 2022, 11:20 p.m. UTC
Convert each comment section into a submenu:
Cryptographic API
    Crypto core or helper
    Public-key cryptography
    AEAD (Authenticated Encryption with Associated Data) ciphers
    Block modes
    Hash modes
    Digests
    Ciphers
    Compression
    Random Number Generation
    User-space interface

That helps find entries (e.g., searching for a name like SHA512 doesn't
just report the location is Main menu -> Cryptography API, leaving you
to wade through 153 entries; it points you to the Digests page).

Move a few of the entries so they fall into the correct submenu
and are better sorted.

Signed-off-by: Robert Elliott <elliott@hpe.com>
---
 crypto/Kconfig | 131 +++++++++++++++++++++++++++++--------------------
 1 file changed, 77 insertions(+), 54 deletions(-)

Comments

Eric Biggers Aug. 18, 2022, 4:43 a.m. UTC | #1
On Wed, Aug 17, 2022 at 06:20:57PM -0500, Robert Elliott wrote:
> Convert each comment section into a submenu:
> Cryptographic API
>     Crypto core or helper
>     Public-key cryptography
>     AEAD (Authenticated Encryption with Associated Data) ciphers
>     Block modes
>     Hash modes
>     Digests
>     Ciphers
>     Compression
>     Random Number Generation
>     User-space interface

Thanks for doing this!

Some of these proposed categories are confusing.  By "hash mode" you mean a mode
that operates as a hash, not that uses a hash, right?  (CMAC is included.)  So
what is "block mode", then?  And what's the difference between that and
"ciphers"?  What about modes that use both a hash and a block cipher, like
Adiantum and HCTR2?  And there is a category for "Ciphers", but then a category
at the same level for "AEAD ciphers"?

Some of the naming used in the code is poor, which is unfortunate and is not
your fault, e.g. crypto_cipher really should be crypto_blockcipher.  But this
doesn't need to be carried through in these new menus.

Just brainstorming, how about the following:

	* Block ciphers
		=> i.e. crypto_cipher algorithms
	* AEAD (Authenticated Encryption with Associated Data) ciphers
		=> i.e. crypto_aead algorithms (and templates)
	* Length-preserving symmetric ciphers
		=> i.e. crypto_skcipher algorithms (and templates)
	* Digests and MACs
		=> i.e. crypto_shash and crypto_ahash algorithms (and templates)

Those 4 categories would replace your 5 categories "AEAD ciphers",
"Block modes", "Hash modes", "Digests", and "Ciphers".

CRYPTO_AUTHENC would go in the AEAD ciphers category, while CRYPTO_ESSIV would
go in length-preserving symmetric ciphers.  (CRYPTO_ESSIV registers a
crypto_aead too, for a weird reason, but that is an obscure case not worth
worrying about.) CRYPTO_CHACHA would go in length-preserving symmetric ciphers
since it's a stream cipher.

- Eric
Elliott, Robert (Servers) Aug. 18, 2022, 5:44 a.m. UTC | #2
> -----Original Message-----
> From: Eric Biggers <ebiggers@kernel.org>
> Sent: Wednesday, August 17, 2022 11:44 PM
> To: Elliott, Robert (Servers) <elliott@hpe.com>
> Cc: herbert@gondor.apana.org.au; davem@davemloft.net; linux-
> crypto@vger.kernel.org; linux-kernel@vger.kernel.org
> Subject: Re: [PATCH v2 10/10] crypto: Kconfig - add submenus
> 
> On Wed, Aug 17, 2022 at 06:20:57PM -0500, Robert Elliott wrote:
> > Convert each comment section into a submenu:
> > Cryptographic API
> >     Crypto core or helper
> >     Public-key cryptography
> >     AEAD (Authenticated Encryption with Associated Data) ciphers
> >     Block modes
> >     Hash modes
> >     Digests
> >     Ciphers
> >     Compression
> >     Random Number Generation
> >     User-space interface
> 
> Thanks for doing this!
> 
> Some of these proposed categories are confusing.  By "hash mode" you
> mean a mode that operates as a hash, not that uses a hash, right?  
> (CMAC is included.)  
> So what is "block mode", then?  And what's the difference between that and
> "ciphers"?  What about modes that use both a hash and a block cipher,
> like Adiantum and HCTR2?  And there is a category for "Ciphers", but then a
> category at the same level for "AEAD ciphers"?
>
> Some of the naming used in the code is poor, which is unfortunate and
> is not your fault, e.g. crypto_cipher really should be crypto_blockcipher.
> But this doesn't need to be carried through in these new menus.

Yeah, those are just the way the existing comment sections were
structured. I'm all for improving the structure.

> 
> Just brainstorming, how about the following:
> 
> 	* Block ciphers
> 		=> i.e. crypto_cipher algorithms

This could be characterized as algorithms that are length preserving, but 
only processes one block.

> 	* AEAD (Authenticated Encryption with Associated Data) ciphers
> 		=> i.e. crypto_aead algorithms (and templates)

That could be viewed as any algorithm or template that has 
    output size > input size

> 	* Length-preserving symmetric ciphers
> 		=> i.e. crypto_skcipher algorithms (and templates)

That could be viewed as any algorithm or template that processes more
than one block and has:
    output size = input size

> 	* Digests and MACs
> 		=> i.e. crypto_shash and crypto_ahash algorithms (and templates)

That could be viewed as any algorithm or template with
	output size < input size

There are a lot of digests now (20). We could move the 4 CRC algorithms
into their own category since they're not really cryptographic, which
would make space for the MACs.


> Those 4 categories would replace your 5 categories "AEAD ciphers",
> "Block modes", "Hash modes", "Digests", and "Ciphers".
> 
> CRYPTO_AUTHENC would go in the AEAD ciphers category, while
> CRYPTO_ESSIV would go in length-preserving symmetric ciphers.  
> (CRYPTO_ESSIV registers a crypto_aead too, for a weird reason, but that
> is an obscure case not worth worrying about.) CRYPTO_CHACHA would go
> in length-preserving symmetric ciphers since it's a stream cipher.


These are the module and driver names in each current section:

Crypto core or helper
          Module: fips
          Module(s): crypto_null
          Module(s): pcrypt
          Driver(s): pcrypt(...)
          Module(s): cryptd
          Driver(s): cryptd(...)
          Module(s): authenc
          Driver(s): authenc(...)
          Module(s): tcrypt

Public-key cryptography
          Module(s): rsa_generic
          Driver(s): rsa-generic
          Module(s): dh_generic
          Driver(s): dh-generic
          Module(s): ecdh_generic
          Driver(s): ecdh-nist-p192-generic, ecdh-nist-p256-generic, ecdh-nist-p384-generic
          Module(s): ecdsa_generic
          Driver(s): ecdsa-nist-p384-generic, ecdsa-nist-p256-generic, ecdsa-nist-p192-generic
          Module(s): ecrdsa_generic
          Driver(s): ecrdsa-generic
          Module(s): sm2_generic
          Driver(s): sm2-generic
          Module(s): curve25519-generic
          Driver(s): curve25519-generic

AEAD (Authenticated Encryption with Associated Data) ciphers
          Module(s): ccm
          Driver(s): ccm_base(...), rfc4309(...)
          Module(s): gcm
          Driver(s): gcm_base(...), rfc4106(...), rfc4543(...)
          Module(s): chacha20poly1305
          Driver(s): rfc7539(...), rfc7539esp(...)
          Module(s): aegis128
          Driver(s): aegis128-generic
          Module(s): aegis128
          Driver(s): aegis128-simd
          Module(s): seqiv
          Driver(s): seqiv(...)
          Module(s): echainiv
          Driver(s): echainiv(...)
          Module(s): essiv
          Driver(s): essiv(...)

Block modes
          Module(s): cbc
          Driver(s): cbc(...)
          Module(s): cfb
          Driver(s): cfb(...)
          Module(s): ctr
          Driver(s): ctr(...), rfc3686(...)
          Module(s): cts
          Driver(s): cts(...)
          Module(s): ecb
          Driver(s): ecb(...)
          Module(s): lrw
          Driver(s): lrw(...)
          Module(s): ofb
          Driver(s): ofb(...)
          Module(s): pcbc
          Driver(s): pcbc(...)
          Module(s): xts
          Driver(s): xts(...)
          Module(s): keywrap
          Driver(s): kw(...)
          Module(s): nhpoly1305
          Driver(s): nhpoly1305-generic
          Module(s): adiantum
          Driver(s): adiantum(...)

Hash modes
          Module(s): cmac
          Driver(s): cmac(...)
          Module(s): hmac
          Driver(s): hmac(...)
          Module(s): xcbc
          Driver(s): xcbc(...)
          Module(s): vmac
          Driver(s): vmac64(...)

Digests
          Module(s): crc32c_generic
          Driver(s): crc32c-generic
          Module(s): crc32_generic
          Driver(s): crc32-generic
          Module(s): crct10dif_generic
          Driver(s): crct10dif-generic
          Module(s): crc64_rocksoft_generic
          Driver(s): crc64-rocksoft-generic

          Module(s): blake2b
          Driver(s): blake2b-160-generic, blake2b-256-generic, blake2b-384-generic, blake2b-512-generic
          Module(s): blake2s_generic
          Driver(s): blake2s-128-generic, blake2s-160-generic, blake2s-224-generic, blake2s-256-generic
          Module(s): ghash-generic
          Driver(s): ghash-generic
          Module(s): poly1305_generic
          Driver(s): poly1305-generic
          Module(s): md4
          Driver(s): md4-generic
          Module(s): md5
          Driver(s): md5-generic
          Module(s): michael_mic
          Driver(s): michael_mic-generic
          Module(s): rmd160
          Driver(s): rmd160-generic
          Module(s): sha1_generic
          Driver(s): sha1-generic
          Module(s): sha256_generic
          Driver(s): sha224-generic, sha256-generic
          Module(s): sha512_generic
          Driver(s): sha384-generic, sha512-generic
          Module(s): sha3_generic
          Driver(s): sha3-224-generic, sha3-256-generic, sha3-384-generic, sha3-512-generic
          Module(s): sm3_generic
          Driver(s): sm3-generic
          Module(s): streebog_generic
          Driver(s): streebog256-generic, streebog512-generic
          Module(s): wp512
          Driver(s): wp256-generic, wp384-generic, wp512-generic
          Module(s): xxhash_generic
          Driver(s): xxhash64-generic

Ciphers
          Module(s): aes_generic
          Driver(s): aes-generic
          Module(s): aes_ti
          Driver(s): aes-fixed-time
          Module(s): anubis
          Driver(s): anubis-generic
          Module(s): arc4
          Driver(s): ecb(arc4)-generic
          Module(s): blowfish_generic
          Driver(s): blowfish-generic
          Module(s): blowfish_common
          Module(s): camellia_generic
          Driver(s): camellia-generic
          Module(s): cast_common
          Module(s): cast5_generic
          Driver(s): cast5-generic
          Module(s): cast6_generic
          Driver(s): cast6-generic
          Module(s): des_generic
          Driver(s): des-generic, des3_ede-generic
          Module(s): fcrypt
          Driver(s): fcrypt-generic
          Module(s): khazad
          Driver(s): khazad-generic
          Module(s): chacha_generic
          Driver(s): chacha20-generic, xchacha20-generic, xchacha12-generic
          Module(s): seed
          Driver(s): seed-generic
          Module(s): serpent_generic
          Driver(s): serpent-generic
          Module(s): sm4_generic
          Driver(s): sm4-generic
          Module(s): tea
          Driver(s): tea-generic, xtea-generic, xeta-generic
          Module(s): twofish_generic
          Driver(s): twofish-generic
          Module(s): twofish_common

Compression
          Module(s): deflate
          Driver(s): deflate-generic, deflate-scomp, zlib-deflate-scomp
          Module(s): lzo, lzo-rle
          Driver(s): lzo-generic, lzo-scomp, lzo-rle-generic, lzo-rle-scomp
          Module(s): 842
          Driver(s): 842-generic, 842-scomp
          Module(s): lz4
          Driver(s): lz4-generic, lz4-scomp
          Module(s): lz4hc
          Driver(s): lz4hc-generic, lz4hc-scomp
          Module(s): zstd
          Driver(s): zstd-generic, zstd-scomp

Random Number Generation
          Module(s): ansi_cprng
          Driver(s): ansi_cprng, fips_ansi_cprng
#         Driver(s): drbg_[pr|nopr]_hmac_sha[1,256,384,512]
          Driver(s): drbg_[pr|nopr]_sha[1,256,384,512]
          Driver(s): drbg_[pr|nopr][_ctr_aes[128,192,256]
          Module(s): jitterentropy_rng
          Driver(s): jitterentropy_rng

User-space interface
          Module(s): algif_hash
          Module(s): algif_skcipher
          Module(s): algif_rng
          Module(s): algif_aead
diff mbox series

Patch

diff --git a/crypto/Kconfig b/crypto/Kconfig
index b61626bf8ee2..3d59f843eb4c 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -21,7 +21,7 @@  menuconfig CRYPTO
 
 if CRYPTO
 
-comment "Crypto core or helper"
+menu "Crypto core or helper"
 
 config CRYPTO_FIPS
 	bool "FIPS 200 compliance"
@@ -214,7 +214,9 @@  menuconfig CRYPTO
 config CRYPTO_ENGINE
 	tristate
 
-comment "Public-key cryptography"
+endmenu
+
+menu "Public-key cryptography"
 
 config CRYPTO_RSA
 	tristate "RSA algorithm"
@@ -295,7 +297,9 @@  menuconfig CRYPTO
 	select CRYPTO_KPP
 	select CRYPTO_LIB_CURVE25519_GENERIC
 
-comment "Authenticated Encryption with Associated Data"
+endmenu
+
+menu "AEAD (Authenticated Encryption with Associated Data) ciphers"
 
 config CRYPTO_CCM
 	tristate "CCM support"
@@ -364,7 +368,39 @@  menuconfig CRYPTO
 	  a sequence number xored with a salt.  This is the default
 	  algorithm for CBC.
 
-comment "Block modes"
+	  This is required for IPsec ESP (XFRM_ESP).
+
+config CRYPTO_ESSIV
+	tristate "ESSIV support for block encryption"
+	select CRYPTO_AUTHENC
+	help
+	  Encrypted salt-sector initialization vector (ESSIV) is an IV
+	  generation method that is used in some cases by fscrypt and/or
+	  dm-crypt. It uses the hash of the block encryption key as the
+	  symmetric key for a block encryption pass applied to the input
+	  IV, making low entropy IV sources more suitable for block
+	  encryption.
+
+	  This driver implements a crypto API template that can be
+	  instantiated either as an skcipher or as an AEAD (depending on the
+	  type of the first template argument), and which defers encryption
+	  and decryption requests to the encapsulated cipher after applying
+	  ESSIV to the input IV. Note that in the AEAD case, it is assumed
+	  that the keys are presented in the same format used by the authenc
+	  template, and that the IV appears at the end of the authenticated
+	  associated data (AAD) region (which is how dm-crypt uses it.)
+
+	  Note that the use of ESSIV is not recommended for new deployments,
+	  and so this only needs to be enabled when interoperability with
+	  existing encrypted volumes of filesystems is required, or when
+	  building for a particular system that requires it (e.g., when
+	  the SoC in question has accelerated CBC but not XTS, making CBC
+	  combined with ESSIV the only feasible mode for h/w accelerated
+	  block encryption)
+
+endmenu
+
+menu "Block modes"
 
 config CRYPTO_CBC
 	tristate "CBC support"
@@ -494,35 +530,9 @@  menuconfig CRYPTO
 
 	  If unsure, say N.
 
-config CRYPTO_ESSIV
-	tristate "ESSIV support for block encryption"
-	select CRYPTO_AUTHENC
-	help
-	  Encrypted salt-sector initialization vector (ESSIV) is an IV
-	  generation method that is used in some cases by fscrypt and/or
-	  dm-crypt. It uses the hash of the block encryption key as the
-	  symmetric key for a block encryption pass applied to the input
-	  IV, making low entropy IV sources more suitable for block
-	  encryption.
+endmenu
 
-	  This driver implements a crypto API template that can be
-	  instantiated either as an skcipher or as an AEAD (depending on the
-	  type of the first template argument), and which defers encryption
-	  and decryption requests to the encapsulated cipher after applying
-	  ESSIV to the input IV. Note that in the AEAD case, it is assumed
-	  that the keys are presented in the same format used by the authenc
-	  template, and that the IV appears at the end of the authenticated
-	  associated data (AAD) region (which is how dm-crypt uses it.)
-
-	  Note that the use of ESSIV is not recommended for new deployments,
-	  and so this only needs to be enabled when interoperability with
-	  existing encrypted volumes of filesystems is required, or when
-	  building for a particular system that requires it (e.g., when
-	  the SoC in question has accelerated CBC but not XTS, making CBC
-	  combined with ESSIV the only feasible mode for h/w accelerated
-	  block encryption)
-
-comment "Hash modes"
+menu "Hash modes"
 
 config CRYPTO_CMAC
 	tristate "CMAC support"
@@ -564,7 +574,9 @@  menuconfig CRYPTO
 	  See also:
 	  <https://fastcrypto.org/vmac>
 
-comment "Digest"
+endmenu
+
+menu "Digests"
 
 config CRYPTO_CRC32C
 	tristate "CRC32c CRC algorithm"
@@ -583,13 +595,18 @@  menuconfig CRYPTO
 	  CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
 	  Shash crypto api wrappers to crc32_le function.
 
-config CRYPTO_XXHASH
-	tristate "xxHash hash algorithm"
+config CRYPTO_CRCT10DIF
+	tristate "CRCT10DIF algorithm"
 	select CRYPTO_HASH
-	select XXHASH
 	help
-	  xxHash non-cryptographic hash algorithm. Extremely fast, working at
-	  speeds close to RAM limits.
+	  CRC T10 Data Integrity Field computation is being cast as
+	  a crypto transform.  This allows for faster crc t10 diff
+	  transforms to be used if they are available.
+
+config CRYPTO_CRC64_ROCKSOFT
+	tristate "Rocksoft Model CRC64 algorithm"
+	depends on CRC64
+	select CRYPTO_HASH
 
 config CRYPTO_BLAKE2B
 	tristate "BLAKE2b digest algorithm"
@@ -626,19 +643,6 @@  menuconfig CRYPTO
 
 	  See https://blake2.net for further information.
 
-config CRYPTO_CRCT10DIF
-	tristate "CRCT10DIF algorithm"
-	select CRYPTO_HASH
-	help
-	  CRC T10 Data Integrity Field computation is being cast as
-	  a crypto transform.  This allows for faster crc t10 diff
-	  transforms to be used if they are available.
-
-config CRYPTO_CRC64_ROCKSOFT
-	tristate "Rocksoft Model CRC64 algorithm"
-	depends on CRC64
-	select CRYPTO_HASH
-
 config CRYPTO_GHASH
 	tristate "GHASH hash function"
 	select CRYPTO_GF128MUL
@@ -776,7 +780,17 @@  menuconfig CRYPTO
 	  See also:
 	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
 
-comment "Ciphers"
+config CRYPTO_XXHASH
+	tristate "xxHash hash algorithm"
+	select CRYPTO_HASH
+	select XXHASH
+	help
+	  xxHash non-cryptographic hash algorithm. Extremely fast, working at
+	  speeds close to RAM limits.
+
+endmenu
+
+menu "Ciphers"
 
 config CRYPTO_AES
 	tristate "AES cipher algorithms"
@@ -1050,7 +1064,9 @@  menuconfig CRYPTO
 	  Common parts of the Twofish cipher algorithm shared by the
 	  generic c and the assembler implementations.
 
-comment "Compression"
+endmenu
+
+menu "Compression"
 
 config CRYPTO_DEFLATE
 	tristate "Deflate compression algorithm"
@@ -1109,7 +1125,9 @@  menuconfig CRYPTO
 	help
 	  This is the zstd algorithm.
 
-comment "Random Number Generation"
+endmenu
+
+menu "Random Number Generation"
 
 config CRYPTO_ANSI_CPRNG
 	tristate "Pseudo Random Number Generation for Cryptographic modules"
@@ -1166,6 +1184,8 @@  menuconfig CRYPTO_DRBG_MENU
 	  random numbers. This Jitterentropy RNG registers with
 	  the kernel crypto API and can be used by any caller.
 
+endmenu
+
 config CRYPTO_KDF800108_CTR
 	tristate
 	select CRYPTO_HMAC
@@ -1174,6 +1194,7 @@  menuconfig CRYPTO_DRBG_MENU
 config CRYPTO_USER_API
 	tristate
 
+menu "User-space interface"
 config CRYPTO_USER_API_HASH
 	tristate "User-space interface for hash algorithms"
 	depends on NET
@@ -1242,6 +1263,8 @@  menuconfig CRYPTO_DRBG_MENU
 	  - encrypt/decrypt/sign/verify numbers for asymmetric operations
 	  - generate/seed numbers for rng operations
 
+endmenu
+
 config CRYPTO_HASH_INFO
 	bool