crypto: drbg - DRBG kernel configuration options

The different DRBG types of CTR, Hash, HMAC can be enabled or disabled
at compile time. At least one DRBG type shall be selected.

The default is the HMAC DRBG as its code base is smallest.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/Kconfig b/crypto/Kconfig
index ce4012a58781b7b4b7f46ecd847a7cd254d80055..c9c1cd91031ca6095011ba990a68db6ffe6b79ec 100644 (file)
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -23,7 +23,7 @@ comment "Crypto core or helper"
 
 config CRYPTO_FIPS
        bool "FIPS 200 compliance"
-       depends on CRYPTO_ANSI_CPRNG && !CRYPTO_MANAGER_DISABLE_TESTS
+       depends on (CRYPTO_ANSI_CPRNG || CRYTPO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
        help
          This options enables the fips boot option which is
          required if you want to system to operate in a FIPS 200
@@ -1380,6 +1380,40 @@ config CRYPTO_ANSI_CPRNG
          ANSI X9.31 A.2.4. Note that this option must be enabled if
          CRYPTO_FIPS is selected
 
+menuconfig CRYTPO_DRBG
+       tristate "NIST SP800-90A DRBG"
+       depends on CRYPTO
+       select CRYPTO_RNG
+       help
+         NIST SP800-90A compliant DRBG. In the following submenu, one or
+         more of the DRBG types must be selected.
+
+if CRYTPO_DRBG
+
+config CRYPTO_DRBG_HMAC
+       bool "Enable HMAC DRBG"
+       default y
+       depends on CRYTPO_DRBG
+       select CRYPTO_HMAC
+       help
+         Enable the HMAC DRBG variant as defined in NIST SP800-90A.
+
+config CRYPTO_DRBG_HASH
+       bool "Enable Hash DRBG"
+       depends on CRYTPO_DRBG
+       select CRYPTO_HASH
+       help
+         Enable the Hash DRBG variant as defined in NIST SP800-90A.
+
+config CRYPTO_DRBG_CTR
+       bool "Enable CTR DRBG"
+       depends on CRYTPO_DRBG
+       select CRYPTO_AES
+       help
+         Enable the CTR DRBG variant as defined in NIST SP800-90A.
+
+endif #CRYTPO_DRBG
+
 config CRYPTO_USER_API
        tristate