Merge tag 'v6.4-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

[platform/kernel/linux-starfive.git] / net / sunrpc / Kconfig

# SPDX-License-Identifier: GPL-2.0-only
config SUNRPC
        tristate
        depends on MULTIUSER

config SUNRPC_GSS
        tristate
        select OID_REGISTRY
        depends on MULTIUSER

config SUNRPC_BACKCHANNEL
        bool
        depends on SUNRPC

config SUNRPC_SWAP
        bool
        depends on SUNRPC

config RPCSEC_GSS_KRB5
        tristate "Secure RPC: Kerberos V mechanism"
        depends on SUNRPC && CRYPTO
        default y
        select SUNRPC_GSS
        select CRYPTO_SKCIPHER
        select CRYPTO_HASH
        help
          Choose Y here to enable Secure RPC using the Kerberos version 5
          GSS-API mechanism (RFC 1964).

          Secure RPC calls with Kerberos require an auxiliary user-space
          daemon which may be found in the Linux nfs-utils package
          available from http://linux-nfs.org/.  In addition, user-space
          Kerberos support should be installed.

          If unsure, say Y.

config RPCSEC_GSS_KRB5_SIMPLIFIED
        bool
        depends on RPCSEC_GSS_KRB5

config RPCSEC_GSS_KRB5_CRYPTOSYSTEM
        bool
        depends on RPCSEC_GSS_KRB5

config RPCSEC_GSS_KRB5_ENCTYPES_DES
        bool "Enable Kerberos enctypes based on DES (deprecated)"
        depends on RPCSEC_GSS_KRB5
        depends on CRYPTO_CBC && CRYPTO_CTS && CRYPTO_ECB
        depends on CRYPTO_HMAC && CRYPTO_MD5 && CRYPTO_SHA1
        depends on CRYPTO_DES
        default n
        select RPCSEC_GSS_KRB5_SIMPLIFIED
        help
          Choose Y to enable the use of deprecated Kerberos 5
          encryption types that utilize Data Encryption Standard
          (DES) based ciphers. These include des-cbc-md5,
          des-cbc-crc, and des-cbc-md4, which were deprecated by
          RFC 6649, and des3-cbc-sha1, which was deprecated by RFC
          8429.

          These encryption types are known to be insecure, therefore
          the default setting of this option is N. Support for these
          encryption types is available only for compatibility with
          legacy NFS client and server implementations.

          Removal of support is planned for a subsequent kernel
          release.

config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1
        bool "Enable Kerberos enctypes based on AES and SHA-1"
        depends on RPCSEC_GSS_KRB5
        depends on CRYPTO_CBC && CRYPTO_CTS
        depends on CRYPTO_HMAC && CRYPTO_SHA1
        depends on CRYPTO_AES
        default y
        select RPCSEC_GSS_KRB5_CRYPTOSYSTEM
        help
          Choose Y to enable the use of Kerberos 5 encryption types
          that utilize Advanced Encryption Standard (AES) ciphers and
          SHA-1 digests. These include aes128-cts-hmac-sha1-96 and
          aes256-cts-hmac-sha1-96.

config RPCSEC_GSS_KRB5_ENCTYPES_CAMELLIA
        bool "Enable Kerberos encryption types based on Camellia and CMAC"
        depends on RPCSEC_GSS_KRB5
        depends on CRYPTO_CBC && CRYPTO_CTS && CRYPTO_CAMELLIA
        depends on CRYPTO_CMAC
        default n
        select RPCSEC_GSS_KRB5_CRYPTOSYSTEM
        help
          Choose Y to enable the use of Kerberos 5 encryption types
          that utilize Camellia ciphers (RFC 3713) and CMAC digests
          (NIST Special Publication 800-38B). These include
          camellia128-cts-cmac and camellia256-cts-cmac.

config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2
        bool "Enable Kerberos enctypes based on AES and SHA-2"
        depends on RPCSEC_GSS_KRB5
        depends on CRYPTO_CBC && CRYPTO_CTS
        depends on CRYPTO_HMAC && CRYPTO_SHA256 && CRYPTO_SHA512
        depends on CRYPTO_AES
        default n
        select RPCSEC_GSS_KRB5_CRYPTOSYSTEM
        help
          Choose Y to enable the use of Kerberos 5 encryption types
          that utilize Advanced Encryption Standard (AES) ciphers and
          SHA-2 digests. These include aes128-cts-hmac-sha256-128 and
          aes256-cts-hmac-sha384-192.

config RPCSEC_GSS_KRB5_KUNIT_TEST
        tristate "KUnit tests for RPCSEC GSS Kerberos" if !KUNIT_ALL_TESTS
        depends on RPCSEC_GSS_KRB5 && KUNIT
        default KUNIT_ALL_TESTS
        help
          This builds the KUnit tests for RPCSEC GSS Kerberos 5.

          KUnit tests run during boot and output the results to the debug
          log in TAP format (https://testanything.org/). Only useful for
          kernel devs running KUnit test harness and are not for inclusion
          into a production build.

          For more information on KUnit and unit tests in general, refer
          to the KUnit documentation in Documentation/dev-tools/kunit/.

config SUNRPC_DEBUG
        bool "RPC: Enable dprintk debugging"
        depends on SUNRPC && SYSCTL
        select DEBUG_FS
        help
          This option enables a sysctl-based debugging interface
          that is be used by the 'rpcdebug' utility to turn on or off
          logging of different aspects of the kernel RPC activity.

          Disabling this option will make your kernel slightly smaller,
          but makes troubleshooting NFS issues significantly harder.

          If unsure, say Y.

config SUNRPC_XPRT_RDMA
        tristate "RPC-over-RDMA transport"
        depends on SUNRPC && INFINIBAND && INFINIBAND_ADDR_TRANS
        default SUNRPC && INFINIBAND
        select SG_POOL
        help
          This option allows the NFS client and server to use RDMA
          transports (InfiniBand, iWARP, or RoCE).

          To compile this support as a module, choose M. The module
          will be called rpcrdma.ko.

          If unsure, or you know there is no RDMA capability on your
          hardware platform, say N.