Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 419090c6 authored by Stephan Mueller's avatar Stephan Mueller Committed by Herbert Xu
Browse files

crypto: drbg - DRBG kernel configuration options 



The different DRBG types of CTR, Hash, HMAC can be enabled or disabled
at compile time. At least one DRBG type shall be selected.

The default is the HMAC DRBG as its code base is smallest.

Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 3e16f959

crypto/Kconfig

+35 −1
Original line number Diff line number Diff line
@@ -23,7 +23,7 @@ comment "Crypto core or helper" 


config CRYPTO_FIPS

	bool "FIPS 200 compliance"

	depends on CRYPTO_ANSI_CPRNG && !CRYPTO_MANAGER_DISABLE_TESTS

	depends on (CRYPTO_ANSI_CPRNG || CRYTPO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS

	help

	  This options enables the fips boot option which is

	  required if you want to system to operate in a FIPS 200
@@ -1380,6 +1380,40 @@ config CRYPTO_ANSI_CPRNG 
	  ANSI X9.31 A.2.4. Note that this option must be enabled if

	  CRYPTO_FIPS is selected



menuconfig CRYTPO_DRBG

	tristate "NIST SP800-90A DRBG"

	depends on CRYPTO

	select CRYPTO_RNG

	help

	  NIST SP800-90A compliant DRBG. In the following submenu, one or

	  more of the DRBG types must be selected.



if CRYTPO_DRBG



config CRYPTO_DRBG_HMAC

	bool "Enable HMAC DRBG"

	default y

	depends on CRYTPO_DRBG

	select CRYPTO_HMAC

	help

	  Enable the HMAC DRBG variant as defined in NIST SP800-90A.



config CRYPTO_DRBG_HASH

	bool "Enable Hash DRBG"

	depends on CRYTPO_DRBG

	select CRYPTO_HASH

	help

	  Enable the Hash DRBG variant as defined in NIST SP800-90A.



config CRYPTO_DRBG_CTR

	bool "Enable CTR DRBG"

	depends on CRYTPO_DRBG

	select CRYPTO_AES

	help

	  Enable the CTR DRBG variant as defined in NIST SP800-90A.



endif #CRYTPO_DRBG



config CRYPTO_USER_API

	tristate