summaryrefslogtreecommitdiffstats
path: root/crypto/Kconfig
diff options
context:
space:
mode:
authorElena Petrova <lenaptr@google.com>2020-09-18 16:42:16 +0100
committerHerbert Xu <herbert@gondor.apana.org.au>2020-09-25 17:48:52 +1000
commit77ebdabe8de7c02f43c6de3357f79ff96f9f0579 (patch)
treee6f8fbb41137d2e27703a31083d6cf99762251af /crypto/Kconfig
parentfcf5d2dcadde06f2c82eef460198e2f2f4b642f8 (diff)
downloadlinux-77ebdabe8de7c02f43c6de3357f79ff96f9f0579.tar.gz
linux-77ebdabe8de7c02f43c6de3357f79ff96f9f0579.tar.bz2
linux-77ebdabe8de7c02f43c6de3357f79ff96f9f0579.zip
crypto: af_alg - add extra parameters for DRBG interface
Extend the user-space RNG interface: 1. Add entropy input via ALG_SET_DRBG_ENTROPY setsockopt option; 2. Add additional data input via sendmsg syscall. This allows DRBG to be tested with test vectors, for example for the purpose of CAVP testing, which otherwise isn't possible. To prevent erroneous use of entropy input, it is hidden under CRYPTO_USER_API_RNG_CAVP config option and requires CAP_SYS_ADMIN to succeed. Signed-off-by: Elena Petrova <lenaptr@google.com> Acked-by: Stephan Müller <smueller@chronox.de> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/Kconfig')
-rw-r--r--crypto/Kconfig9
1 files changed, 9 insertions, 0 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig
index fac10143d23f..88f98caaf30d 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -1875,6 +1875,15 @@ config CRYPTO_USER_API_RNG
This option enables the user-spaces interface for random
number generator algorithms.
+config CRYPTO_USER_API_RNG_CAVP
+ bool "Enable CAVP testing of DRBG"
+ depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
+ help
+ This option enables extra API for CAVP testing via the user-space
+ interface: resetting of DRBG entropy, and providing Additional Data.
+ This should only be enabled for CAVP testing. You should say
+ no unless you know what this is.
+
config CRYPTO_USER_API_AEAD
tristate "User-space interface for AEAD cipher algorithms"
depends on NET