[PATCH 4/8] crypto: Kconfig - simplify AEAD and block mode entries

From: Robert Elliott
Date: Mon Aug 15 2022 - 16:40:24 EST


Shorten menu titles and help text and make them consistent:
* acronym
* name
* architecture and architecture features in parenthesis
* no suffixes like "<something> algorithm", "support", or
"hardware acceleration", or "optimized"

Clarify architecture restrictions (e.g., include x86 in the names of
all the x86-optimized modules.

Simplify descriptions, update references, and ensure that https
references are still valid.

Signed-off-by: Robert Elliott <elliott@xxxxxxx>
---
crypto/Kconfig | 133 +++++++++++++++++++++++++++----------------------
1 file changed, 74 insertions(+), 59 deletions(-)

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 045ef2a92449..703c91e8e7a0 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -198,7 +198,8 @@ menu "Crypto core or helper"
select CRYPTO_NULL
help
Authenc: Combined mode wrapper for IPsec.
- This is required for IPSec.
+
+ This is required for IPSec ESP (XFRM_ESP).

config CRYPTO_TEST
tristate "Testing module"
@@ -319,57 +320,65 @@ menu "Public-key cryptography"
menu "AEAD (Authenticated Encryption with Associated Data) ciphers"

config CRYPTO_CCM
- tristate "CCM support"
+ tristate "CCM (Counter with Cipher Block Chaining-Message Authentication Code)"
select CRYPTO_CTR
select CRYPTO_HASH
select CRYPTO_AEAD
select CRYPTO_MANAGER
help
- Support for Counter with CBC MAC. Required for IPsec.
+ CCM (Counter with Cipher Block Chaining-Message Authentication Code)
+ authenticated encryption mode (NIST SP800-38C)

config CRYPTO_GCM
- tristate "GCM/GMAC support"
+ tristate "GCM (Galois/Counter Mode) and GMAC (GCM Message Authentication Code)"
select CRYPTO_CTR
select CRYPTO_AEAD
select CRYPTO_GHASH
select CRYPTO_NULL
select CRYPTO_MANAGER
help
- Support for Galois/Counter Mode (GCM) and Galois Message
- Authentication Code (GMAC). Required for IPSec.
+ GCM (Galois/Counter Mode) authenticated encryption mode and GMAC
+ (GCM Message Authentication Code) (NIST SP800-38D)
+
+ This is required for IPSec ESP (XFRM_ESP).

config CRYPTO_CHACHA20POLY1305
- tristate "ChaCha20-Poly1305 AEAD support"
+ tristate "ChaCha20-Poly1305"
select CRYPTO_CHACHA20
select CRYPTO_POLY1305
select CRYPTO_AEAD
select CRYPTO_MANAGER
help
- ChaCha20-Poly1305 AEAD support, RFC7539.
-
- Support for the AEAD wrapper using the ChaCha20 stream cipher combined
- with the Poly1305 authenticator. It is defined in RFC7539 for use in
- IETF protocols.
+ ChaCha20 stream cipher and Poly1305 authenticator combined
+ mode (RFC8439)

config CRYPTO_AEGIS128
- tristate "AEGIS-128 AEAD algorithm"
+ tristate "AEGIS-128"
select CRYPTO_AEAD
select CRYPTO_AES # for AES S-box tables
help
- Support for the AEGIS-128 dedicated AEAD algorithm.
+ AEGIS-128 AEAD algorithm

config CRYPTO_AEGIS128_SIMD
- bool "Support SIMD acceleration for AEGIS-128"
+ bool "AEGIS-128 (arm SIMD acceleration)"
depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
default y
+ help
+ AEGIS-128 AEAD algorithm
+
+ Architecture: arm using the Neon SIMD architecture extension

config CRYPTO_AEGIS128_AESNI_SSE2
- tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
+ tristate "AEGIS-128 (x86_64 with AES-NI/SSE2)"
depends on X86 && 64BIT
select CRYPTO_AEAD
select CRYPTO_SIMD
help
- AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
+ AEGIS-128 AEAD algorithm
+
+ Architecture: x86_64 using:
+ * AES-NI (AES New Instructions)
+ * SSE2 (Streaming SIMD Extensions 2)

config CRYPTO_SEQIV
tristate "Sequence Number IV Generator"
@@ -380,7 +389,9 @@ menu "AEAD (Authenticated Encryption with Associated Data) ciphers"
select CRYPTO_MANAGER
help
This IV generator generates an IV based on a sequence number by
- xoring it with a salt. This algorithm is mainly useful for CTR
+ xoring it with a salt. This algorithm is mainly useful for CTR.
+
+ This is required for IPsec ESP (XFRM_ESP).

config CRYPTO_ECHAINIV
tristate "Encrypted Chain IV Generator"
@@ -400,72 +411,69 @@ menu "AEAD (Authenticated Encryption with Associated Data) ciphers"
menu "Block modes"

config CRYPTO_CBC
- tristate "CBC support"
+ tristate "CBC (Cipher Block Chaining)"
select CRYPTO_SKCIPHER
select CRYPTO_MANAGER
help
- CBC: Cipher Block Chaining mode
- This block cipher algorithm is required for IPSec.
+ CBC (Cipher Block Chaining) mode (NIST SP800-38A)
+
+ This block cipher mode is required for IPSec ESP (XFRM_ESP).

config CRYPTO_CFB
- tristate "CFB support"
+ tristate "CFB (Cipher Feedback)"
select CRYPTO_SKCIPHER
select CRYPTO_MANAGER
help
- CFB: Cipher FeedBack mode
- This block cipher algorithm is required for TPM2 Cryptography.
+ CFB (Cipher Feedback) mode (NIST SP800-38A)
+
+ This block cipher mode is required for TPM2 Cryptography.

config CRYPTO_CTR
- tristate "CTR support"
+ tristate "CTR (Counter)"
select CRYPTO_SKCIPHER
select CRYPTO_MANAGER
help
- CTR: Counter mode
- This block cipher algorithm is required for IPSec.
+ CTR (Counter) mode (NIST SP800-38A)

config CRYPTO_CTS
- tristate "CTS support"
+ tristate "CTS (Cipher Text Stealing)"
select CRYPTO_SKCIPHER
select CRYPTO_MANAGER
help
- CTS: Cipher Text Stealing
- This is the Cipher Text Stealing mode as described by
- Section 8 of rfc2040 and referenced by rfc3962
- (rfc3962 includes errata information in its Appendix A) or
- CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
+ CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST
+ Addendum to SP800-38A (October 2010))
+
This mode is required for Kerberos gss mechanism support
for AES encryption.

- See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
-
config CRYPTO_ECB
- tristate "ECB support"
+ tristate "ECB (Electronic Codebook)"
select CRYPTO_SKCIPHER
select CRYPTO_MANAGER
help
- ECB: Electronic CodeBook mode
- This is the simplest block cipher algorithm. It simply encrypts
- the input block by block.
+ ECB (Electronic Codebook) mode (NIST SP800-38A)

config CRYPTO_LRW
- tristate "LRW support"
+ tristate "LRW (Liskov Rivest Wagner)"
select CRYPTO_SKCIPHER
select CRYPTO_MANAGER
select CRYPTO_GF128MUL
select CRYPTO_ECB
help
- LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
+ LRW (Liskov Rivest Wagner) mode, a tweakable, non malleable, non movable
narrow block cipher mode for dm-crypt. Use it with cipher
specification string aes-lrw-benbi, the key must be 256, 320 or 384.
The first 128, 192 or 256 bits in the key are used for AES and the
rest is used to tie each cipher block to its logical position.

config CRYPTO_OFB
- tristate "OFB support"
+ tristate "OFB (Output Feedback)"
select CRYPTO_SKCIPHER
select CRYPTO_MANAGER
help
- OFB: the Output Feedback mode makes a block cipher into a synchronous
+ OFB (Output Feedback) mode (NIST SP800-38A)
+
+ This mode makes a block cipher into a synchronous
stream cipher. It generates keystream blocks, which are then XORed
with the plaintext blocks to get the ciphertext. Flipping a bit in the
ciphertext produces a flipped bit in the plaintext at the same
@@ -473,30 +481,33 @@ menu "Block modes"
normally even when applied before encryption.

config CRYPTO_PCBC
- tristate "PCBC support"
+ tristate "PCBC (Propagating Cipher Block Chaining)"
select CRYPTO_SKCIPHER
select CRYPTO_MANAGER
help
- PCBC: Propagating Cipher Block Chaining mode
+ PCBC (Propagating Cipher Block Chaining) mode
This block cipher algorithm is required for RxRPC.

config CRYPTO_XTS
- tristate "XTS support"
+ tristate "XTS (XOR Encrypt XOR with ciphertext stealing)"
select CRYPTO_SKCIPHER
select CRYPTO_MANAGER
select CRYPTO_ECB
help
- XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
- key size 256, 384 or 512 bits. This implementation currently
- can't handle a sectorsize which is not a multiple of 16 bytes.
+ XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
+ and IEEE 1619)
+
+ Use with aes-xts-plain, key size 256, 384 or 512 bits. This
+ implementation currently can't handle a sectorsize which is not a
+ multiple of 16 bytes.

config CRYPTO_KEYWRAP
- tristate "Key wrapping support"
+ tristate "KW (AES Key Wrap)"
select CRYPTO_SKCIPHER
select CRYPTO_MANAGER
help
- Support for key wrapping (NIST SP800-38F / RFC3394) without
- padding.
+ KW (AES Key Wrap) authenticated encryption mode (NIST SP800-38F
+ and RFC3394) without padding.

config CRYPTO_NHPOLY1305
tristate
@@ -504,23 +515,27 @@ menu "Block modes"
select CRYPTO_LIB_POLY1305_GENERIC

config CRYPTO_NHPOLY1305_SSE2
- tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
+ tristate "NHPoly1305 (x86_64 with SSE2)"
depends on X86 && 64BIT
select CRYPTO_NHPOLY1305
help
- SSE2 optimized implementation of the hash function used by the
- Adiantum encryption mode.
+ NHPoly1305 hash function (Adiantum)
+
+ Architecture: x86_64 using:
+ * SSE2 (Streaming SIMD Extensions 2)

config CRYPTO_NHPOLY1305_AVX2
- tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
+ tristate "NHPoly1305 (x86_64 with AVX2)"
depends on X86 && 64BIT
select CRYPTO_NHPOLY1305
help
- AVX2 optimized implementation of the hash function used by the
- Adiantum encryption mode.
+ NHPoly1305 hash function (Adiantum)
+
+ Architecture: x86_64 using:
+ * AVX2 (Advanced Vector Extensions 2)

config CRYPTO_ADIANTUM
- tristate "Adiantum support"
+ tristate "Adiantum"
select CRYPTO_CHACHA20
select CRYPTO_LIB_POLY1305_GENERIC
select CRYPTO_NHPOLY1305
--
2.37.1