Convert each comment section into a submenu: Cryptographic API Crypto core or helper Public-key cryptography AEAD (Authenticated Encryption with Associated Data) ciphers Block modes Hash modes Digests Ciphers Compression Random Number Generation User-space interface That helps find entries (e.g., searching for a name like SHA512 doesn't just report the location is Main menu -> Cryptography API, leaving you to wade through 153 entries; it points you to the Digests page). Move a few of the entries so they fall into the correct submenu and are better sorted. Signed-off-by: Robert Elliott <elliott@xxxxxxx> --- crypto/Kconfig | 131 +++++++++++++++++++++++++++++-------------------- 1 file changed, 77 insertions(+), 54 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index b61626bf8ee2..3d59f843eb4c 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -21,7 +21,7 @@ menuconfig CRYPTO if CRYPTO -comment "Crypto core or helper" +menu "Crypto core or helper" config CRYPTO_FIPS bool "FIPS 200 compliance" @@ -214,7 +214,9 @@ menuconfig CRYPTO config CRYPTO_ENGINE tristate -comment "Public-key cryptography" +endmenu + +menu "Public-key cryptography" config CRYPTO_RSA tristate "RSA algorithm" @@ -295,7 +297,9 @@ menuconfig CRYPTO select CRYPTO_KPP select CRYPTO_LIB_CURVE25519_GENERIC -comment "Authenticated Encryption with Associated Data" +endmenu + +menu "AEAD (Authenticated Encryption with Associated Data) ciphers" config CRYPTO_CCM tristate "CCM support" @@ -364,7 +368,39 @@ menuconfig CRYPTO a sequence number xored with a salt. This is the default algorithm for CBC. -comment "Block modes" + This is required for IPsec ESP (XFRM_ESP). + +config CRYPTO_ESSIV + tristate "ESSIV support for block encryption" + select CRYPTO_AUTHENC + help + Encrypted salt-sector initialization vector (ESSIV) is an IV + generation method that is used in some cases by fscrypt and/or + dm-crypt. It uses the hash of the block encryption key as the + symmetric key for a block encryption pass applied to the input + IV, making low entropy IV sources more suitable for block + encryption. + + This driver implements a crypto API template that can be + instantiated either as an skcipher or as an AEAD (depending on the + type of the first template argument), and which defers encryption + and decryption requests to the encapsulated cipher after applying + ESSIV to the input IV. Note that in the AEAD case, it is assumed + that the keys are presented in the same format used by the authenc + template, and that the IV appears at the end of the authenticated + associated data (AAD) region (which is how dm-crypt uses it.) + + Note that the use of ESSIV is not recommended for new deployments, + and so this only needs to be enabled when interoperability with + existing encrypted volumes of filesystems is required, or when + building for a particular system that requires it (e.g., when + the SoC in question has accelerated CBC but not XTS, making CBC + combined with ESSIV the only feasible mode for h/w accelerated + block encryption) + +endmenu + +menu "Block modes" config CRYPTO_CBC tristate "CBC support" @@ -494,35 +530,9 @@ menuconfig CRYPTO If unsure, say N. -config CRYPTO_ESSIV - tristate "ESSIV support for block encryption" - select CRYPTO_AUTHENC - help - Encrypted salt-sector initialization vector (ESSIV) is an IV - generation method that is used in some cases by fscrypt and/or - dm-crypt. It uses the hash of the block encryption key as the - symmetric key for a block encryption pass applied to the input - IV, making low entropy IV sources more suitable for block - encryption. +endmenu - This driver implements a crypto API template that can be - instantiated either as an skcipher or as an AEAD (depending on the - type of the first template argument), and which defers encryption - and decryption requests to the encapsulated cipher after applying - ESSIV to the input IV. Note that in the AEAD case, it is assumed - that the keys are presented in the same format used by the authenc - template, and that the IV appears at the end of the authenticated - associated data (AAD) region (which is how dm-crypt uses it.) - - Note that the use of ESSIV is not recommended for new deployments, - and so this only needs to be enabled when interoperability with - existing encrypted volumes of filesystems is required, or when - building for a particular system that requires it (e.g., when - the SoC in question has accelerated CBC but not XTS, making CBC - combined with ESSIV the only feasible mode for h/w accelerated - block encryption) - -comment "Hash modes" +menu "Hash modes" config CRYPTO_CMAC tristate "CMAC support" @@ -564,7 +574,9 @@ menuconfig CRYPTO See also: <https://fastcrypto.org/vmac> -comment "Digest" +endmenu + +menu "Digests" config CRYPTO_CRC32C tristate "CRC32c CRC algorithm" @@ -583,13 +595,18 @@ menuconfig CRYPTO CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. Shash crypto api wrappers to crc32_le function. -config CRYPTO_XXHASH - tristate "xxHash hash algorithm" +config CRYPTO_CRCT10DIF + tristate "CRCT10DIF algorithm" select CRYPTO_HASH - select XXHASH help - xxHash non-cryptographic hash algorithm. Extremely fast, working at - speeds close to RAM limits. + CRC T10 Data Integrity Field computation is being cast as + a crypto transform. This allows for faster crc t10 diff + transforms to be used if they are available. + +config CRYPTO_CRC64_ROCKSOFT + tristate "Rocksoft Model CRC64 algorithm" + depends on CRC64 + select CRYPTO_HASH config CRYPTO_BLAKE2B tristate "BLAKE2b digest algorithm" @@ -626,19 +643,6 @@ menuconfig CRYPTO See https://blake2.net for further information. -config CRYPTO_CRCT10DIF - tristate "CRCT10DIF algorithm" - select CRYPTO_HASH - help - CRC T10 Data Integrity Field computation is being cast as - a crypto transform. This allows for faster crc t10 diff - transforms to be used if they are available. - -config CRYPTO_CRC64_ROCKSOFT - tristate "Rocksoft Model CRC64 algorithm" - depends on CRC64 - select CRYPTO_HASH - config CRYPTO_GHASH tristate "GHASH hash function" select CRYPTO_GF128MUL @@ -776,7 +780,17 @@ menuconfig CRYPTO See also: <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> -comment "Ciphers" +config CRYPTO_XXHASH + tristate "xxHash hash algorithm" + select CRYPTO_HASH + select XXHASH + help + xxHash non-cryptographic hash algorithm. Extremely fast, working at + speeds close to RAM limits. + +endmenu + +menu "Ciphers" config CRYPTO_AES tristate "AES cipher algorithms" @@ -1050,7 +1064,9 @@ menuconfig CRYPTO Common parts of the Twofish cipher algorithm shared by the generic c and the assembler implementations. -comment "Compression" +endmenu + +menu "Compression" config CRYPTO_DEFLATE tristate "Deflate compression algorithm" @@ -1109,7 +1125,9 @@ menuconfig CRYPTO help This is the zstd algorithm. -comment "Random Number Generation" +endmenu + +menu "Random Number Generation" config CRYPTO_ANSI_CPRNG tristate "Pseudo Random Number Generation for Cryptographic modules" @@ -1166,6 +1184,8 @@ menuconfig CRYPTO_DRBG_MENU random numbers. This Jitterentropy RNG registers with the kernel crypto API and can be used by any caller. +endmenu + config CRYPTO_KDF800108_CTR tristate select CRYPTO_HMAC @@ -1174,6 +1194,7 @@ menuconfig CRYPTO_DRBG_MENU config CRYPTO_USER_API tristate +menu "User-space interface" config CRYPTO_USER_API_HASH tristate "User-space interface for hash algorithms" depends on NET @@ -1242,6 +1263,8 @@ menuconfig CRYPTO_DRBG_MENU - encrypt/decrypt/sign/verify numbers for asymmetric operations - generate/seed numbers for rng operations +endmenu + config CRYPTO_HASH_INFO bool -- 2.37.1