Linux/x86 6.6.13 内核配置选--Cryptographic API

dummy@example.com (batsom) — Fri, 16 Feb 2024 03:58:11 +0000

Crypto core or helper --->
翻译:
说明:

[ ] FIPS 200 compliance --->
翻译:
说明:"fips"内核引导参数支持.这是在FIPS200认证的系统中运行所必须的.选"N",除非你确实知道自己在做什么
(Linux Kernel Cryptographic API) FIPS Module Name
[ ] Use Custom FIPS Module Version
- - Cryptographic algorithm manager
< > Userspace cryptographic algorithm configuration
[ ] Disable run-time self tests
[ ] Enable extra run-time crypto self tests
{ } Null algorithms
< > Parallel crypto engine
{ } Software async crypto daemon
{ } Authenc support
< > Testing module

Public-key cryptography --->
翻译:
说明:非对称加密算法(公钥加密算法)
- - RSA (Rivest-Shamir-Adleman)
- - DH (Diffie-Hellman)
[ ] RFC 7919 FFDHE groups
{ } ECDH (Elliptic Curve Diffie-Hellman)
< > ECDSA (Elliptic Curve Digital Signature Algorithm)
< > EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)
< > SM2 (ShangMi 2)
< > Curve25519

Block ciphers --->
翻译:
说明:对敏感数据进行加密
- - AES (Advanced Encryption Standard)
< > AES (Advanced Encryption Standard) (fixed time)
< > Anubis
< > ARIA
< > Blowfish
< > Camellia
{ } CAST5 (CAST-128)
{ } CAST6 (CAST-256)
< > DES and Triple DES EDE
{ } FCrypt
< > Khazad
< > SEED
{ } Serpent
< > SM4 (ShangMi 4)
< > TEA, XTEA and XETA
< > Twofish
Length-preserving ciphers and modes --->
翻译:
说明:保长密码和模式
< > Adiantum phic API
< > ARC4 (Alleged Rivest Cipher 4)
{ } ChaCha
- - CBC (Cipher Block Chaining)
< > CFB (Cipher Feedback)
- - CTR (Counter)
< > CTS (Cipher Text Stealing)
{ } ECB (Electronic Codebook)
< > HCTR2
< > KW (AES Key Wrap)
< > LRW (Liskov Rivest Wagner)
< > OFB (Output Feedback)
{ } PCBC (Propagating Cipher Block Chaining)
< > XTS (XOR Encrypt XOR with ciphertext stealing)
AEAD (authenticated encryption with associated data) ciphers --->
翻译:AEAD（具有相关数据的认证加密）密码
说明:
< > AEGIS-128 hic API
< > ChaCha20-Poly1305
{ } CCM (Counter with Cipher Block Chaining-MAC)
{ } GCM (Galois/Counter Mode) and GMAC (GCM MAC)
{ } Sequence Number IV Generator
{ } Encrypted Chain IV Generator
{ } Encrypted Salt-Sector IV Generator
Hashes, digests, and MACs --->
{ } BLAKE2b aphic API
{ } CMAC (Cipher-based MAC)
{ } GHASH
- - HMAC (Keyed-Hash MAC)
< > MD4
- - MD5
{ } Michael MIC
{ } Poly1305
< > RIPEMD-160
- - SHA-1
- - SHA-224 and SHA-256
- - SHA-384 and SHA-512
- - SHA-3
< > SM3 (ShangMi 3)
{ } Streebog
< > VMAC
< > Whirlpool
< > XCBC-MAC (Extended Cipher Block Chaining MAC)
{ } xxHash
CRCs (cyclic redundancy checks) --->
翻译:循环冗余校验
说明:

{ } CRC32c raphic API
{ } CRC32
- - CRCT10DIF
- - CRC64 based on Rocksoft Model algorithm
Compression --->
翻译:
说明:压缩算法

{ } Deflate aphic API
- - LZO
< > 842
< > LZ4
< > LZ4HC
{ } Zstd
Random number generation --->
翻译:
说明:符合ANSI(美国国家标准学会)X9.31-1998附录A.2.4所描述的伪随机数发生器(基于3DES).这是一种较老的算法,生成的随机数质量不高

< > ANSI PRNG (Pseudo Random Number Generator)
{ } NIST SP800-90A DRBG (Deterministic Random Bit Generator) --->
- - CPU Jitter Non-Deterministic RNG (Random Number Generator)
[ ] CPU Jitter RNG Test Interface
Userspace interface --->
翻译:
说明:

- - Hash algorithms
< > Symmetric key cipher algorithms
< > RNG (random number generator) algorithms
[ ] Enable CAVP testing of DRBG
< > AEAD cipher algorithms
[ ] Obsolete cryptographic algorithms
[ ] Crypto usage statistics
Accelerated Cryptographic Algorithms for CPU (x86) --->
Ciphers Hash CRC32c CRCT10DIF
[ ] Hardware crypto devices --->
翻译:
说明:硬件加密设备支持

< > Support for VIA PadLock ACE
< > PadLock driver for AES algorithm
< > PadLock driver for SHA1 and SHA256 algorithms
< > Support for Microchip / Atmel ECC hw accelerator
< > Support for Microchip / Atmel SHA accelerator and RNG
[ ] Support for AMD Secure Processor
< > Secure Processor device driver
[ ] Cryptographic Coprocessor device
< > Encryption and hashing offload support
[ ] Platform Security Processor (PSP) device
[ ] Enable CCP Internals in DebugFS
< > Support for Cavium CNN55XX driver
< > Support for Intel(R) DH895xCC
< > Support for Intel(R) C3XXX
< > Support for Intel(R) C62X
< > Support for Intel(R) QAT_4XXX
< > Support for Intel(R) DH895xCC Virtual Function
< > Support for Intel(R) C3XXX Virtual Function
< > Support for Intel(R) C62X Virtual Function
< > Chelsio Crypto Co-processor Driver
< > Inside Secure's SafeXcel cryptographic engine driver
< > Support for amlogic cryptographic offloader
- - Asymmetric (public-key cryptographic) key type --->
翻译:
说明:非对称加密算法(公钥加密算法)

--- Asymmetric (public-key cryptographic) key type
- - Asymmetric public-key crypto algorithm subtype
- - X.509 certificate parser
< > PKCS#8 private key parser
- - PKCS#7 message parser
< > PKCS#7 testing key type
[ ] Support for PE file signature verification
< > Run FIPS selftests on the X.509+PKCS7 signature verification
Certificates for signature checking --->
翻译:
说明:用于检查签名有效性的证书:(1)用于检查内核模块的签名,(2)用于检查全局密钥环(keyring)中的密钥的可靠性

(certs/signing_key.pem) File name or PKCS#11 URI of module signing key
Type of module signing key to be generated (RSA) --->
- - Provide system-wide ring of trusted keys
() Additional X.509 keys for default system keyring
[ ] Reserve area for inserting a certificate without recompiling
[ ] Provide a keyring to which extra trustable keys may be added
[ ] Provide system-wide ring of blacklisted keys
() Hashes to be preloaded into the system blacklist keyring
[ ] Provide system-wide ring of revocation certificates
[ ] Allow root to add signed blacklist keys

Gentoo中文社区 / Linux/x86 6.6.13 内核配置选--Cryptographic API

Linux/x86 6.6.13 内核配置选--Cryptographic API