crypto: Kconfig - simplify hash entries

Shorten menu titles and make them consistent: - acronym - name - architecture features in parenthesis - no suffixes like "<something> algorithm", "support", or "hardware acceleration", or "optimized" Simplify help text descriptions, update references, and ensure that https references are still valid. Signed-off-by: Robert Elliott <elliott@hpe.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Robert Elliott <elliott@hpe.com> 2022-08-20 13:41:48 -0500
committer: Herbert Xu <herbert@gondor.apana.org.au> 2022-08-26 18:50:43 +0800
commit: 3f342a23257df99b792c1edb1236e85badc157de (patch)
tree: c5f9b81d1ee59818bd0ec4f22473481d479cfb13 /crypto
parent: e3d2eadd06b39b69fbbc27de8e3ac2db022e8616 (diff)
download: linux-3f342a23257df99b792c1edb1236e85badc157de.tar.gz
1 files changed, 97 insertions, 79 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 5159a0efec84..0a385a7aa040 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -890,215 +890,233 @@ endmenu
 menu "Hashes, digests, and MACs"
 
 config CRYPTO_BLAKE2B
-	tristate "BLAKE2b digest algorithm"
+	tristate "BLAKE2b"
 	select CRYPTO_HASH
 	help
-	  Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
-	  optimized for 64bit platforms and can produce digests of any size
-	  between 1 to 64.  The keyed hash is also implemented.
+	  BLAKE2b cryptographic hash function (RFC 7693)
 
-	  This module provides the following algorithms:
+	  BLAKE2b is optimized for 64-bit platforms and can produce digests
+	  of any size between 1 and 64 bytes. The keyed hash is also implemented.
 
+	  This module provides the following algorithms:
 	  - blake2b-160
 	  - blake2b-256
 	  - blake2b-384
 	  - blake2b-512
 
+	  Used by the btrfs filesystem.
+
 	  See https://blake2.net for further information.
 
+ config CRYPTO_BLAKE2S
+	tristate "BLAKE2s"
+        select CRYPTO_LIB_BLAKE2S_GENERIC
+        select CRYPTO_HASH
+        help
+	  BLAKE2s cryptographic hash function (RFC 7693)
+
+	  BLAKE2s is optimized for 8 to 32-bit platforms and can produce
+	  digests of any size between 1 and 32 bytes. The keyed hash is
+	  also implemented.
+
+	  This module provides the following algorithms:
+          - blake2s-128
+          - blake2s-160
+          - blake2s-224
+          - blake2s-256
+
+	  Used by Wireguard.
+
+          See https://blake2.net for further information.
+
 config CRYPTO_CMAC
-	tristate "CMAC support"
+	tristate "CMAC (Cipher-based MAC)"
 	select CRYPTO_HASH
 	select CRYPTO_MANAGER
 	help
-	  Cipher-based Message Authentication Code (CMAC) specified by
-	  The National Institute of Standards and Technology (NIST).
-
-	  https://tools.ietf.org/html/rfc4493
-	  http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
+	  CMAC (Cipher-based Message Authentication Code) authentication
+	  mode (NIST SP800-38B and IETF RFC4493)
 
 config CRYPTO_GHASH
-	tristate "GHASH hash function"
+	tristate "GHASH"
 	select CRYPTO_GF128MUL
 	select CRYPTO_HASH
 	help
-	  GHASH is the hash function used in GCM (Galois/Counter Mode).
-	  It is not a general-purpose cryptographic hash function.
+	  GCM GHASH function (NIST SP800-38D)
 
 config CRYPTO_HMAC
-	tristate "HMAC support"
+	tristate "HMAC (Keyed-Hash MAC)"
 	select CRYPTO_HASH
 	select CRYPTO_MANAGER
 	help
-	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
-	  This is required for IPSec.
+	  HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and
+	  RFC2104)
+
+	  This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
 
 config CRYPTO_MD4
-	tristate "MD4 digest algorithm"
+	tristate "MD4"
 	select CRYPTO_HASH
 	help
-	  MD4 message digest algorithm (RFC1320).
+	  MD4 message digest algorithm (RFC1320)
 
 config CRYPTO_MD5
-	tristate "MD5 digest algorithm"
+	tristate "MD5"
 	select CRYPTO_HASH
 	help
-	  MD5 message digest algorithm (RFC1321).
+	  MD5 message digest algorithm (RFC1321)
 
 config CRYPTO_MICHAEL_MIC
-	tristate "Michael MIC keyed digest algorithm"
+	tristate "Michael MIC"
 	select CRYPTO_HASH
 	help
-	  Michael MIC is used for message integrity protection in TKIP
-	  (IEEE 802.11i). This algorithm is required for TKIP, but it
-	  should not be used for other purposes because of the weakness
-	  of the algorithm.
+	  Michael MIC (Message Integrity Code) (IEEE 802.11i)
+
+	  Defined by the IEEE 802.11i TKIP (Temporal Key Integrity Protocol),
+	  known as WPA (Wif-Fi Protected Access).
+
+	  This algorithm is required for TKIP, but it should not be used for
+	  other purposes because of the weakness of the algorithm.
 
 config CRYPTO_POLYVAL
 	tristate
 	select CRYPTO_GF128MUL
 	select CRYPTO_HASH
 	help
-	  POLYVAL is the hash function used in HCTR2.  It is not a general-purpose
+	  POLYVAL hash function for HCTR2
+
+	  This is used in HCTR2.  It is not a general-purpose
 	  cryptographic hash function.
 
 config CRYPTO_POLY1305
-	tristate "Poly1305 authenticator algorithm"
+	tristate "Poly1305"
 	select CRYPTO_HASH
 	select CRYPTO_LIB_POLY1305_GENERIC
 	help
-	  Poly1305 authenticator algorithm, RFC7539.
+	  Poly1305 authenticator algorithm (RFC7539)
 
 	  Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
 	  It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
 	  in IETF protocols. This is the portable C implementation of Poly1305.
 
 config CRYPTO_RMD160
-	tristate "RIPEMD-160 digest algorithm"
+	tristate "RIPEMD-160"
 	select CRYPTO_HASH
 	help
-	  RIPEMD-160 (ISO/IEC 10118-3:2004).
+	  RIPEMD-160 hash function (ISO/IEC 10118-3)
 
 	  RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
 	  to be used as a secure replacement for the 128-bit hash functions
 	  MD4, MD5 and its predecessor RIPEMD
 	  (not to be confused with RIPEMD-128).
 
-	  It's speed is comparable to SHA1 and there are no known attacks
+	  Its speed is comparable to SHA-1 and there are no known attacks
 	  against RIPEMD-160.
 
 	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
-	  See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
+	  See https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
+	  for further information.
 
 config CRYPTO_SHA1
-	tristate "SHA1 digest algorithm"
+	tristate "SHA-1"
 	select CRYPTO_HASH
 	select CRYPTO_LIB_SHA1
 	help
-	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
+	  SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3)
 
 config CRYPTO_SHA256
-	tristate "SHA224 and SHA256 digest algorithm"
+	tristate "SHA-224 and SHA-256"
 	select CRYPTO_HASH
 	select CRYPTO_LIB_SHA256
 	help
-	  SHA256 secure hash standard (DFIPS 180-2).
-
-	  This version of SHA implements a 256 bit hash with 128 bits of
-	  security against collision attacks.
+	  SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
 
-	  This code also includes SHA-224, a 224 bit hash with 112 bits
-	  of security against collision attacks.
+	  This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
+	  Used by the btrfs filesystem, Ceph, NFS, and SMB.
 
 config CRYPTO_SHA512
-	tristate "SHA384 and SHA512 digest algorithms"
+	tristate "SHA-384 and SHA-512"
 	select CRYPTO_HASH
 	help
-	  SHA512 secure hash standard (DFIPS 180-2).
-
-	  This version of SHA implements a 512 bit hash with 256 bits of
-	  security against collision attacks.
-
-	  This code also includes SHA-384, a 384 bit hash with 192 bits
-	  of security against collision attacks.
+	  SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
 
 config CRYPTO_SHA3
-	tristate "SHA3 digest algorithm"
+	tristate "SHA-3"
 	select CRYPTO_HASH
 	help
-	  SHA-3 secure hash standard (DFIPS 202). It's based on
-	  cryptographic sponge function family called Keccak.
-
-	  References:
-	  http://keccak.noekeon.org/
+	  SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3)
 
 config CRYPTO_SM3
 	tristate
 
 config CRYPTO_SM3_GENERIC
-	tristate "SM3 digest algorithm"
+	tristate "SM3 (ShangMi 3)"
 	select CRYPTO_HASH
 	select CRYPTO_SM3
 	help
-	  SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
-	  It is part of the Chinese Commercial Cryptography suite.
+	  SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3)
+
+	  This is part of the Chinese Commercial Cryptography suite.
 
 	  References:
 	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
 	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
 
 config CRYPTO_STREEBOG
-	tristate "Streebog Hash Function"
+	tristate "Streebog"
 	select CRYPTO_HASH
 	help
-	  Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
-	  cryptographic standard algorithms (called GOST algorithms).
-	  This setting enables two hash algorithms with 256 and 512 bits output.
+	  Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3)
+
+	  This is one of the Russian cryptographic standard algorithms (called
+	  GOST algorithms). This setting enables two hash algorithms with
+	  256 and 512 bits output.
 
 	  References:
 	  https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
 	  https://tools.ietf.org/html/rfc6986
 
 config CRYPTO_VMAC
-	tristate "VMAC support"
+	tristate "VMAC"
 	select CRYPTO_HASH
 	select CRYPTO_MANAGER
 	help
 	  VMAC is a message authentication algorithm designed for
 	  very high speed on 64-bit architectures.
 
-	  See also:
-	  <https://fastcrypto.org/vmac>
+	  See https://fastcrypto.org/vmac for further information.
 
 config CRYPTO_WP512
-	tristate "Whirlpool digest algorithms"
+	tristate "Whirlpool"
 	select CRYPTO_HASH
 	help
-	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
+	  Whirlpool hash function (ISO/IEC 10118-3)
+
+	  512, 384 and 256-bit hashes.
 
 	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
-	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
 
-	  See also:
-	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
+	  See https://web.archive.org/web/20171129084214/http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
+	  for further information.
 
 config CRYPTO_XCBC
-	tristate "XCBC support"
+	tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)"
 	select CRYPTO_HASH
 	select CRYPTO_MANAGER
 	help
-	  XCBC: Keyed-Hashing with encryption algorithm
-		https://www.ietf.org/rfc/rfc3566.txt
-		http://csrc.nist.gov/encryption/modes/proposedmodes/
-		 xcbc-mac/xcbc-mac-spec.pdf
+	  XCBC-MAC (Extended Cipher Block Chaining Message Authentication
+	  Code) (RFC3566)
 
 config CRYPTO_XXHASH
-	tristate "xxHash hash algorithm"
+	tristate "xxHash"
 	select CRYPTO_HASH
 	select XXHASH
 	help
-	  xxHash non-cryptographic hash algorithm. Extremely fast, working at
-	  speeds close to RAM limits.
+	  xxHash non-cryptographic hash algorithm
+
+	  Extremely fast, working at speeds close to RAM limits.
+
+	  Used by the btrfs filesystem.
 
 endmenu
author	Robert Elliott <elliott@hpe.com>	2022-08-20 13:41:48 -0500
committer	Herbert Xu <herbert@gondor.apana.org.au>	2022-08-26 18:50:43 +0800
commit	3f342a23257df99b792c1edb1236e85badc157de (patch)
tree	c5f9b81d1ee59818bd0ec4f22473481d479cfb13 /crypto
parent	e3d2eadd06b39b69fbbc27de8e3ac2db022e8616 (diff)
download	linux-3f342a23257df99b792c1edb1236e85badc157de.tar.gz