1 # SPDX-License-Identifier: GPL-2.0 <<
2 # 1 #
3 # Generic algorithms support 2 # Generic algorithms support
4 # 3 #
5 config XOR_BLOCKS 4 config XOR_BLOCKS
6 tristate 5 tristate
7 6
8 # 7 #
9 # async_tx api: hardware offloaded memory tran 8 # async_tx api: hardware offloaded memory transfer/transform support
10 # 9 #
11 source "crypto/async_tx/Kconfig" 10 source "crypto/async_tx/Kconfig"
12 11
13 # 12 #
14 # Cryptographic API Configuration 13 # Cryptographic API Configuration
15 # 14 #
16 menuconfig CRYPTO 15 menuconfig CRYPTO
17 tristate "Cryptographic API" 16 tristate "Cryptographic API"
18 select CRYPTO_LIB_UTILS <<
19 help 17 help
20 This option provides the core Crypto 18 This option provides the core Cryptographic API.
21 19
22 if CRYPTO 20 if CRYPTO
23 21
24 menu "Crypto core or helper" !! 22 comment "Crypto core or helper"
25 23
26 config CRYPTO_FIPS 24 config CRYPTO_FIPS
27 bool "FIPS 200 compliance" 25 bool "FIPS 200 compliance"
28 depends on (CRYPTO_ANSI_CPRNG || CRYPT 26 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
29 depends on (MODULE_SIG || !MODULES) !! 27 depends on MODULE_SIG
30 help 28 help
31 This option enables the fips boot op !! 29 This options enables the fips boot option which is
32 required if you want the system to o !! 30 required if you want to system to operate in a FIPS 200
33 certification. You should say no un 31 certification. You should say no unless you know what
34 this is. 32 this is.
35 33
36 config CRYPTO_FIPS_NAME <<
37 string "FIPS Module Name" <<
38 default "Linux Kernel Cryptographic AP <<
39 depends on CRYPTO_FIPS <<
40 help <<
41 This option sets the FIPS Module nam <<
42 the /proc/sys/crypto/fips_name file. <<
43 <<
44 config CRYPTO_FIPS_CUSTOM_VERSION <<
45 bool "Use Custom FIPS Module Version" <<
46 depends on CRYPTO_FIPS <<
47 default n <<
48 <<
49 config CRYPTO_FIPS_VERSION <<
50 string "FIPS Module Version" <<
51 default "(none)" <<
52 depends on CRYPTO_FIPS_CUSTOM_VERSION <<
53 help <<
54 This option provides the ability to <<
55 By default the KERNELRELEASE value i <<
56 <<
57 config CRYPTO_ALGAPI 34 config CRYPTO_ALGAPI
58 tristate 35 tristate
59 select CRYPTO_ALGAPI2 36 select CRYPTO_ALGAPI2
60 help 37 help
61 This option provides the API for cry 38 This option provides the API for cryptographic algorithms.
62 39
63 config CRYPTO_ALGAPI2 40 config CRYPTO_ALGAPI2
64 tristate 41 tristate
65 42
66 config CRYPTO_AEAD 43 config CRYPTO_AEAD
67 tristate 44 tristate
68 select CRYPTO_AEAD2 45 select CRYPTO_AEAD2
69 select CRYPTO_ALGAPI 46 select CRYPTO_ALGAPI
70 47
71 config CRYPTO_AEAD2 48 config CRYPTO_AEAD2
72 tristate 49 tristate
73 select CRYPTO_ALGAPI2 50 select CRYPTO_ALGAPI2
>> 51 select CRYPTO_NULL2
>> 52 select CRYPTO_RNG2
74 53
75 config CRYPTO_SIG !! 54 config CRYPTO_BLKCIPHER
76 tristate <<
77 select CRYPTO_SIG2 <<
78 select CRYPTO_ALGAPI <<
79 <<
80 config CRYPTO_SIG2 <<
81 tristate <<
82 select CRYPTO_ALGAPI2 <<
83 <<
84 config CRYPTO_SKCIPHER <<
85 tristate 55 tristate
86 select CRYPTO_SKCIPHER2 !! 56 select CRYPTO_BLKCIPHER2
87 select CRYPTO_ALGAPI 57 select CRYPTO_ALGAPI
88 select CRYPTO_ECB <<
89 58
90 config CRYPTO_SKCIPHER2 !! 59 config CRYPTO_BLKCIPHER2
91 tristate 60 tristate
92 select CRYPTO_ALGAPI2 61 select CRYPTO_ALGAPI2
>> 62 select CRYPTO_RNG2
>> 63 select CRYPTO_WORKQUEUE
93 64
94 config CRYPTO_HASH 65 config CRYPTO_HASH
95 tristate 66 tristate
96 select CRYPTO_HASH2 67 select CRYPTO_HASH2
97 select CRYPTO_ALGAPI 68 select CRYPTO_ALGAPI
98 69
99 config CRYPTO_HASH2 70 config CRYPTO_HASH2
100 tristate 71 tristate
101 select CRYPTO_ALGAPI2 72 select CRYPTO_ALGAPI2
102 73
103 config CRYPTO_RNG 74 config CRYPTO_RNG
104 tristate 75 tristate
105 select CRYPTO_RNG2 76 select CRYPTO_RNG2
106 select CRYPTO_ALGAPI 77 select CRYPTO_ALGAPI
107 78
108 config CRYPTO_RNG2 79 config CRYPTO_RNG2
109 tristate 80 tristate
110 select CRYPTO_ALGAPI2 81 select CRYPTO_ALGAPI2
111 82
112 config CRYPTO_RNG_DEFAULT 83 config CRYPTO_RNG_DEFAULT
113 tristate 84 tristate
114 select CRYPTO_DRBG_MENU 85 select CRYPTO_DRBG_MENU
115 86
116 config CRYPTO_AKCIPHER2 87 config CRYPTO_AKCIPHER2
117 tristate 88 tristate
118 select CRYPTO_ALGAPI2 89 select CRYPTO_ALGAPI2
119 90
120 config CRYPTO_AKCIPHER 91 config CRYPTO_AKCIPHER
121 tristate 92 tristate
122 select CRYPTO_AKCIPHER2 93 select CRYPTO_AKCIPHER2
123 select CRYPTO_ALGAPI 94 select CRYPTO_ALGAPI
124 95
125 config CRYPTO_KPP2 96 config CRYPTO_KPP2
126 tristate 97 tristate
127 select CRYPTO_ALGAPI2 98 select CRYPTO_ALGAPI2
128 99
129 config CRYPTO_KPP 100 config CRYPTO_KPP
130 tristate 101 tristate
131 select CRYPTO_ALGAPI 102 select CRYPTO_ALGAPI
132 select CRYPTO_KPP2 103 select CRYPTO_KPP2
133 104
134 config CRYPTO_ACOMP2 !! 105 config CRYPTO_RSA
135 tristate !! 106 tristate "RSA algorithm"
136 select CRYPTO_ALGAPI2 !! 107 select CRYPTO_AKCIPHER
137 select SGL_ALLOC !! 108 select CRYPTO_MANAGER
>> 109 select MPILIB
>> 110 select ASN1
>> 111 help
>> 112 Generic implementation of the RSA public key algorithm.
138 113
139 config CRYPTO_ACOMP !! 114 config CRYPTO_DH
140 tristate !! 115 tristate "Diffie-Hellman algorithm"
141 select CRYPTO_ALGAPI !! 116 select CRYPTO_KPP
142 select CRYPTO_ACOMP2 !! 117 select MPILIB
>> 118 help
>> 119 Generic implementation of the Diffie-Hellman algorithm.
>> 120
>> 121 config CRYPTO_ECDH
>> 122 tristate "ECDH algorithm"
>> 123 select CRYPTO_KPP
>> 124 help
>> 125 Generic implementation of the ECDH algorithm
143 126
144 config CRYPTO_MANAGER 127 config CRYPTO_MANAGER
145 tristate "Cryptographic algorithm mana 128 tristate "Cryptographic algorithm manager"
146 select CRYPTO_MANAGER2 129 select CRYPTO_MANAGER2
147 help 130 help
148 Create default cryptographic templat 131 Create default cryptographic template instantiations such as
149 cbc(aes). 132 cbc(aes).
150 133
151 config CRYPTO_MANAGER2 134 config CRYPTO_MANAGER2
152 def_tristate CRYPTO_MANAGER || (CRYPTO 135 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153 select CRYPTO_ACOMP2 <<
154 select CRYPTO_AEAD2 136 select CRYPTO_AEAD2
155 select CRYPTO_AKCIPHER2 <<
156 select CRYPTO_SIG2 <<
157 select CRYPTO_HASH2 137 select CRYPTO_HASH2
>> 138 select CRYPTO_BLKCIPHER2
>> 139 select CRYPTO_AKCIPHER2
158 select CRYPTO_KPP2 140 select CRYPTO_KPP2
159 select CRYPTO_RNG2 <<
160 select CRYPTO_SKCIPHER2 <<
161 141
162 config CRYPTO_USER 142 config CRYPTO_USER
163 tristate "Userspace cryptographic algo 143 tristate "Userspace cryptographic algorithm configuration"
164 depends on NET 144 depends on NET
165 select CRYPTO_MANAGER 145 select CRYPTO_MANAGER
166 help 146 help
167 Userspace configuration for cryptogr 147 Userspace configuration for cryptographic instantiations such as
168 cbc(aes). 148 cbc(aes).
169 149
170 config CRYPTO_MANAGER_DISABLE_TESTS 150 config CRYPTO_MANAGER_DISABLE_TESTS
171 bool "Disable run-time self tests" 151 bool "Disable run-time self tests"
172 default y 152 default y
>> 153 depends on CRYPTO_MANAGER2
173 help 154 help
174 Disable run-time self tests that nor 155 Disable run-time self tests that normally take place at
175 algorithm registration. 156 algorithm registration.
176 157
177 config CRYPTO_MANAGER_EXTRA_TESTS !! 158 config CRYPTO_GF128MUL
178 bool "Enable extra run-time crypto sel !! 159 tristate "GF(2^128) multiplication functions"
179 depends on DEBUG_KERNEL && !CRYPTO_MAN <<
180 help 160 help
181 Enable extra run-time self tests of !! 161 Efficient table driven implementation of multiplications in the
182 including randomized fuzz tests. !! 162 field GF(2^128). This is needed by some cypher modes. This
183 !! 163 option will be selected automatically if you select such a
184 This is intended for developer use o !! 164 cipher mode. Only select this option by hand if you expect to load
185 longer to run than the normal self t !! 165 an external module that requires these functions.
186 166
187 config CRYPTO_NULL 167 config CRYPTO_NULL
188 tristate "Null algorithms" 168 tristate "Null algorithms"
189 select CRYPTO_NULL2 169 select CRYPTO_NULL2
190 help 170 help
191 These are 'Null' algorithms, used by 171 These are 'Null' algorithms, used by IPsec, which do nothing.
192 172
193 config CRYPTO_NULL2 173 config CRYPTO_NULL2
194 tristate 174 tristate
195 select CRYPTO_ALGAPI2 175 select CRYPTO_ALGAPI2
196 select CRYPTO_SKCIPHER2 !! 176 select CRYPTO_BLKCIPHER2
197 select CRYPTO_HASH2 177 select CRYPTO_HASH2
198 178
199 config CRYPTO_PCRYPT 179 config CRYPTO_PCRYPT
200 tristate "Parallel crypto engine" 180 tristate "Parallel crypto engine"
201 depends on SMP 181 depends on SMP
202 select PADATA 182 select PADATA
203 select CRYPTO_MANAGER 183 select CRYPTO_MANAGER
204 select CRYPTO_AEAD 184 select CRYPTO_AEAD
205 help 185 help
206 This converts an arbitrary crypto al 186 This converts an arbitrary crypto algorithm into a parallel
207 algorithm that executes in kernel th 187 algorithm that executes in kernel threads.
208 188
>> 189 config CRYPTO_WORKQUEUE
>> 190 tristate
>> 191
209 config CRYPTO_CRYPTD 192 config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon 193 tristate "Software async crypto daemon"
211 select CRYPTO_SKCIPHER !! 194 select CRYPTO_BLKCIPHER
212 select CRYPTO_HASH 195 select CRYPTO_HASH
213 select CRYPTO_MANAGER 196 select CRYPTO_MANAGER
>> 197 select CRYPTO_WORKQUEUE
214 help 198 help
215 This is a generic software asynchron 199 This is a generic software asynchronous crypto daemon that
216 converts an arbitrary synchronous so 200 converts an arbitrary synchronous software crypto algorithm
217 into an asynchronous algorithm that 201 into an asynchronous algorithm that executes in a kernel thread.
218 202
>> 203 config CRYPTO_MCRYPTD
>> 204 tristate "Software async multi-buffer crypto daemon"
>> 205 select CRYPTO_BLKCIPHER
>> 206 select CRYPTO_HASH
>> 207 select CRYPTO_MANAGER
>> 208 select CRYPTO_WORKQUEUE
>> 209 help
>> 210 This is a generic software asynchronous crypto daemon that
>> 211 provides the kernel thread to assist multi-buffer crypto
>> 212 algorithms for submitting jobs and flushing jobs in multi-buffer
>> 213 crypto algorithms. Multi-buffer crypto algorithms are executed
>> 214 in the context of this kernel thread and drivers can post
>> 215 their crypto request asynchronously to be processed by this daemon.
>> 216
219 config CRYPTO_AUTHENC 217 config CRYPTO_AUTHENC
220 tristate "Authenc support" 218 tristate "Authenc support"
221 select CRYPTO_AEAD 219 select CRYPTO_AEAD
222 select CRYPTO_SKCIPHER !! 220 select CRYPTO_BLKCIPHER
223 select CRYPTO_MANAGER 221 select CRYPTO_MANAGER
224 select CRYPTO_HASH 222 select CRYPTO_HASH
225 select CRYPTO_NULL 223 select CRYPTO_NULL
226 help 224 help
227 Authenc: Combined mode wrapper for I 225 Authenc: Combined mode wrapper for IPsec.
228 !! 226 This is required for IPSec.
229 This is required for IPSec ESP (XFRM <<
230 227
231 config CRYPTO_TEST 228 config CRYPTO_TEST
232 tristate "Testing module" 229 tristate "Testing module"
233 depends on m || EXPERT !! 230 depends on m
234 select CRYPTO_MANAGER 231 select CRYPTO_MANAGER
235 help 232 help
236 Quick & dirty crypto test module. 233 Quick & dirty crypto test module.
237 234
238 config CRYPTO_SIMD !! 235 config CRYPTO_ABLK_HELPER
239 tristate 236 tristate
240 select CRYPTO_CRYPTD 237 select CRYPTO_CRYPTD
241 238
242 config CRYPTO_ENGINE !! 239 config CRYPTO_GLUE_HELPER_X86
243 tristate 240 tristate
>> 241 depends on X86
>> 242 select CRYPTO_ALGAPI
244 243
245 endmenu !! 244 config CRYPTO_ENGINE
>> 245 tristate
246 246
247 menu "Public-key cryptography" !! 247 comment "Authenticated Encryption with Associated Data"
248 248
249 config CRYPTO_RSA !! 249 config CRYPTO_CCM
250 tristate "RSA (Rivest-Shamir-Adleman)" !! 250 tristate "CCM support"
251 select CRYPTO_AKCIPHER !! 251 select CRYPTO_CTR
252 select CRYPTO_MANAGER !! 252 select CRYPTO_AEAD
253 select MPILIB <<
254 select ASN1 <<
255 help 253 help
256 RSA (Rivest-Shamir-Adleman) public k !! 254 Support for Counter with CBC MAC. Required for IPsec.
257 255
258 config CRYPTO_DH !! 256 config CRYPTO_GCM
259 tristate "DH (Diffie-Hellman)" !! 257 tristate "GCM/GMAC support"
260 select CRYPTO_KPP !! 258 select CRYPTO_CTR
261 select MPILIB !! 259 select CRYPTO_AEAD
>> 260 select CRYPTO_GHASH
>> 261 select CRYPTO_NULL
262 help 262 help
263 DH (Diffie-Hellman) key exchange alg !! 263 Support for Galois/Counter Mode (GCM) and Galois Message
>> 264 Authentication Code (GMAC). Required for IPSec.
264 265
265 config CRYPTO_DH_RFC7919_GROUPS !! 266 config CRYPTO_CHACHA20POLY1305
266 bool "RFC 7919 FFDHE groups" !! 267 tristate "ChaCha20-Poly1305 AEAD support"
267 depends on CRYPTO_DH !! 268 select CRYPTO_CHACHA20
268 select CRYPTO_RNG_DEFAULT !! 269 select CRYPTO_POLY1305
>> 270 select CRYPTO_AEAD
269 help 271 help
270 FFDHE (Finite-Field-based Diffie-Hel !! 272 ChaCha20-Poly1305 AEAD support, RFC7539.
271 defined in RFC7919. <<
272 273
273 Support these finite-field groups in !! 274 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
274 - ffdhe2048, ffdhe3072, ffdhe4096, f !! 275 with the Poly1305 authenticator. It is defined in RFC7539 for use in
>> 276 IETF protocols.
275 277
276 If unsure, say N. !! 278 config CRYPTO_SEQIV
>> 279 tristate "Sequence Number IV Generator"
>> 280 select CRYPTO_AEAD
>> 281 select CRYPTO_BLKCIPHER
>> 282 select CRYPTO_NULL
>> 283 select CRYPTO_RNG_DEFAULT
>> 284 help
>> 285 This IV generator generates an IV based on a sequence number by
>> 286 xoring it with a salt. This algorithm is mainly useful for CTR
277 287
278 config CRYPTO_ECC !! 288 config CRYPTO_ECHAINIV
279 tristate !! 289 tristate "Encrypted Chain IV Generator"
>> 290 select CRYPTO_AEAD
>> 291 select CRYPTO_NULL
280 select CRYPTO_RNG_DEFAULT 292 select CRYPTO_RNG_DEFAULT
>> 293 default m
>> 294 help
>> 295 This IV generator generates an IV based on the encryption of
>> 296 a sequence number xored with a salt. This is the default
>> 297 algorithm for CBC.
281 298
282 config CRYPTO_ECDH !! 299 comment "Block modes"
283 tristate "ECDH (Elliptic Curve Diffie- !! 300
284 select CRYPTO_ECC !! 301 config CRYPTO_CBC
285 select CRYPTO_KPP !! 302 tristate "CBC support"
>> 303 select CRYPTO_BLKCIPHER
>> 304 select CRYPTO_MANAGER
286 help 305 help
287 ECDH (Elliptic Curve Diffie-Hellman) !! 306 CBC: Cipher Block Chaining mode
288 using curves P-192, P-256, and P-384 !! 307 This block cipher algorithm is required for IPSec.
289 308
290 config CRYPTO_ECDSA !! 309 config CRYPTO_CTR
291 tristate "ECDSA (Elliptic Curve Digita !! 310 tristate "CTR support"
292 select CRYPTO_ECC !! 311 select CRYPTO_BLKCIPHER
293 select CRYPTO_AKCIPHER !! 312 select CRYPTO_SEQIV
294 select ASN1 !! 313 select CRYPTO_MANAGER
295 help 314 help
296 ECDSA (Elliptic Curve Digital Signat !! 315 CTR: Counter mode
297 ISO/IEC 14888-3) !! 316 This block cipher algorithm is required for IPSec.
298 using curves P-192, P-256, and P-384 !! 317
299 !! 318 config CRYPTO_CTS
300 Only signature verification is imple !! 319 tristate "CTS support"
301 !! 320 select CRYPTO_BLKCIPHER
302 config CRYPTO_ECRDSA <<
303 tristate "EC-RDSA (Elliptic Curve Russ <<
304 select CRYPTO_ECC <<
305 select CRYPTO_AKCIPHER <<
306 select CRYPTO_STREEBOG <<
307 select OID_REGISTRY <<
308 select ASN1 <<
309 help 321 help
310 Elliptic Curve Russian Digital Signa !! 322 CTS: Cipher Text Stealing
311 RFC 7091, ISO/IEC 14888-3) !! 323 This is the Cipher Text Stealing mode as described by
>> 324 Section 8 of rfc2040 and referenced by rfc3962.
>> 325 (rfc3962 includes errata information in its Appendix A)
>> 326 This mode is required for Kerberos gss mechanism support
>> 327 for AES encryption.
312 328
313 One of the Russian cryptographic sta !! 329 config CRYPTO_ECB
314 algorithms). Only signature verifica !! 330 tristate "ECB support"
>> 331 select CRYPTO_BLKCIPHER
>> 332 select CRYPTO_MANAGER
>> 333 help
>> 334 ECB: Electronic CodeBook mode
>> 335 This is the simplest block cipher algorithm. It simply encrypts
>> 336 the input block by block.
315 337
316 config CRYPTO_CURVE25519 !! 338 config CRYPTO_LRW
317 tristate "Curve25519" !! 339 tristate "LRW support"
318 select CRYPTO_KPP !! 340 select CRYPTO_BLKCIPHER
319 select CRYPTO_LIB_CURVE25519_GENERIC !! 341 select CRYPTO_MANAGER
>> 342 select CRYPTO_GF128MUL
320 help 343 help
321 Curve25519 elliptic curve (RFC7748) !! 344 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
>> 345 narrow block cipher mode for dm-crypt. Use it with cipher
>> 346 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
>> 347 The first 128, 192 or 256 bits in the key are used for AES and the
>> 348 rest is used to tie each cipher block to its logical position.
322 349
323 endmenu !! 350 config CRYPTO_PCBC
>> 351 tristate "PCBC support"
>> 352 select CRYPTO_BLKCIPHER
>> 353 select CRYPTO_MANAGER
>> 354 help
>> 355 PCBC: Propagating Cipher Block Chaining mode
>> 356 This block cipher algorithm is required for RxRPC.
324 357
325 menu "Block ciphers" !! 358 config CRYPTO_XTS
>> 359 tristate "XTS support"
>> 360 select CRYPTO_BLKCIPHER
>> 361 select CRYPTO_MANAGER
>> 362 select CRYPTO_GF128MUL
>> 363 help
>> 364 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
>> 365 key size 256, 384 or 512 bits. This implementation currently
>> 366 can't handle a sectorsize which is not a multiple of 16 bytes.
326 367
327 config CRYPTO_AES !! 368 config CRYPTO_KEYWRAP
328 tristate "AES (Advanced Encryption Sta !! 369 tristate "Key wrapping support"
329 select CRYPTO_ALGAPI !! 370 select CRYPTO_BLKCIPHER
330 select CRYPTO_LIB_AES <<
331 help 371 help
332 AES cipher algorithms (Rijndael)(FIP !! 372 Support for key wrapping (NIST SP800-38F / RFC3394) without
>> 373 padding.
333 374
334 Rijndael appears to be consistently !! 375 comment "Hash modes"
335 both hardware and software across a <<
336 environments regardless of its use i <<
337 modes. Its key setup time is excelle <<
338 good. Rijndael's very low memory req <<
339 suited for restricted-space environm <<
340 demonstrates excellent performance. <<
341 among the easiest to defend against <<
342 376
343 The AES specifies three key sizes: 1 !! 377 config CRYPTO_CMAC
>> 378 tristate "CMAC support"
>> 379 select CRYPTO_HASH
>> 380 select CRYPTO_MANAGER
>> 381 help
>> 382 Cipher-based Message Authentication Code (CMAC) specified by
>> 383 The National Institute of Standards and Technology (NIST).
344 384
345 config CRYPTO_AES_TI !! 385 https://tools.ietf.org/html/rfc4493
346 tristate "AES (Advanced Encryption Sta !! 386 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
347 select CRYPTO_ALGAPI !! 387
348 select CRYPTO_LIB_AES !! 388 config CRYPTO_HMAC
>> 389 tristate "HMAC support"
>> 390 select CRYPTO_HASH
>> 391 select CRYPTO_MANAGER
349 help 392 help
350 AES cipher algorithms (Rijndael)(FIP !! 393 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
>> 394 This is required for IPSec.
351 395
352 This is a generic implementation of !! 396 config CRYPTO_XCBC
353 data dependent latencies as much as !! 397 tristate "XCBC support"
354 performance too much. It is intended !! 398 select CRYPTO_HASH
355 and GCM drivers, and other CTR or CM !! 399 select CRYPTO_MANAGER
356 solely on encryption (although decry !! 400 help
357 with a more dramatic performance hit !! 401 XCBC: Keyed-Hashing with encryption algorithm
358 !! 402 http://www.ietf.org/rfc/rfc3566.txt
359 Instead of using 16 lookup tables of !! 403 http://csrc.nist.gov/encryption/modes/proposedmodes/
360 8 for decryption), this implementati !! 404 xcbc-mac/xcbc-mac-spec.pdf
361 256 bytes each, and attempts to elim <<
362 prefetching the entire table into th <<
363 block. Interrupts are also disabled <<
364 are evicted when the CPU is interrup <<
365 405
366 config CRYPTO_ANUBIS !! 406 config CRYPTO_VMAC
367 tristate "Anubis" !! 407 tristate "VMAC support"
368 depends on CRYPTO_USER_API_ENABLE_OBSO !! 408 select CRYPTO_HASH
369 select CRYPTO_ALGAPI !! 409 select CRYPTO_MANAGER
370 help 410 help
371 Anubis cipher algorithm !! 411 VMAC is a message authentication algorithm designed for
>> 412 very high speed on 64-bit architectures.
372 413
373 Anubis is a variable key length ciph !! 414 See also:
374 128 bits to 320 bits in length. It !! 415 <http://fastcrypto.org/vmac>
375 in the NESSIE competition. <<
376 416
377 See https://web.archive.org/web/2016 !! 417 comment "Digest"
378 for further information. <<
379 418
380 config CRYPTO_ARIA !! 419 config CRYPTO_CRC32C
381 tristate "ARIA" !! 420 tristate "CRC32c CRC algorithm"
382 select CRYPTO_ALGAPI !! 421 select CRYPTO_HASH
>> 422 select CRC32
>> 423 help
>> 424 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
>> 425 by iSCSI for header and data digests and by others.
>> 426 See Castagnoli93. Module will be crc32c.
>> 427
>> 428 config CRYPTO_CRC32C_INTEL
>> 429 tristate "CRC32c INTEL hardware acceleration"
>> 430 depends on X86
>> 431 select CRYPTO_HASH
>> 432 help
>> 433 In Intel processor with SSE4.2 supported, the processor will
>> 434 support CRC32C implementation using hardware accelerated CRC32
>> 435 instruction. This option will create 'crc32c-intel' module,
>> 436 which will enable any routine to use the CRC32 instruction to
>> 437 gain performance compared with software implementation.
>> 438 Module will be crc32c-intel.
>> 439
>> 440 config CRYPT_CRC32C_VPMSUM
>> 441 tristate "CRC32c CRC algorithm (powerpc64)"
>> 442 depends on PPC64 && ALTIVEC
>> 443 select CRYPTO_HASH
>> 444 select CRC32
383 help 445 help
384 ARIA cipher algorithm (RFC5794) !! 446 CRC32c algorithm implemented using vector polynomial multiply-sum
>> 447 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
>> 448 and newer processors for improved performance.
385 449
386 ARIA is a standard encryption algori <<
387 The ARIA specifies three key sizes a <<
388 128-bit: 12 rounds. <<
389 192-bit: 14 rounds. <<
390 256-bit: 16 rounds. <<
391 450
392 See: !! 451 config CRYPTO_CRC32C_SPARC64
393 https://seed.kisa.or.kr/kisa/algorit !! 452 tristate "CRC32c CRC algorithm (SPARC64)"
>> 453 depends on SPARC64
>> 454 select CRYPTO_HASH
>> 455 select CRC32
>> 456 help
>> 457 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
>> 458 when available.
394 459
395 config CRYPTO_BLOWFISH !! 460 config CRYPTO_CRC32
396 tristate "Blowfish" !! 461 tristate "CRC32 CRC algorithm"
397 select CRYPTO_ALGAPI !! 462 select CRYPTO_HASH
398 select CRYPTO_BLOWFISH_COMMON !! 463 select CRC32
399 help 464 help
400 Blowfish cipher algorithm, by Bruce !! 465 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
>> 466 Shash crypto api wrappers to crc32_le function.
401 467
402 This is a variable key length cipher !! 468 config CRYPTO_CRC32_PCLMUL
403 bits to 448 bits in length. It's fa !! 469 tristate "CRC32 PCLMULQDQ hardware acceleration"
404 designed for use on "large microproc !! 470 depends on X86
>> 471 select CRYPTO_HASH
>> 472 select CRC32
>> 473 help
>> 474 From Intel Westmere and AMD Bulldozer processor with SSE4.2
>> 475 and PCLMULQDQ supported, the processor will support
>> 476 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
>> 477 instruction. This option will create 'crc32-plcmul' module,
>> 478 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
>> 479 and gain better performance as compared with the table implementation.
405 480
406 See https://www.schneier.com/blowfis !! 481 config CRYPTO_CRCT10DIF
>> 482 tristate "CRCT10DIF algorithm"
>> 483 select CRYPTO_HASH
>> 484 help
>> 485 CRC T10 Data Integrity Field computation is being cast as
>> 486 a crypto transform. This allows for faster crc t10 diff
>> 487 transforms to be used if they are available.
407 488
408 config CRYPTO_BLOWFISH_COMMON !! 489 config CRYPTO_CRCT10DIF_PCLMUL
409 tristate !! 490 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
>> 491 depends on X86 && 64BIT && CRC_T10DIF
>> 492 select CRYPTO_HASH
410 help 493 help
411 Common parts of the Blowfish cipher !! 494 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
412 generic c and the assembler implemen !! 495 CRC T10 DIF PCLMULQDQ computation can be hardware
>> 496 accelerated PCLMULQDQ instruction. This option will create
>> 497 'crct10dif-plcmul' module, which is faster when computing the
>> 498 crct10dif checksum as compared with the generic table implementation.
413 499
414 config CRYPTO_CAMELLIA !! 500 config CRYPTO_GHASH
415 tristate "Camellia" !! 501 tristate "GHASH digest algorithm"
416 select CRYPTO_ALGAPI !! 502 select CRYPTO_GF128MUL
>> 503 select CRYPTO_HASH
417 help 504 help
418 Camellia cipher algorithms (ISO/IEC !! 505 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
419 506
420 Camellia is a symmetric key block ci !! 507 config CRYPTO_POLY1305
421 at NTT and Mitsubishi Electric Corpo !! 508 tristate "Poly1305 authenticator algorithm"
>> 509 select CRYPTO_HASH
>> 510 help
>> 511 Poly1305 authenticator algorithm, RFC7539.
422 512
423 The Camellia specifies three key siz !! 513 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
>> 514 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
>> 515 in IETF protocols. This is the portable C implementation of Poly1305.
424 516
425 See https://info.isl.ntt.co.jp/crypt !! 517 config CRYPTO_POLY1305_X86_64
>> 518 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
>> 519 depends on X86 && 64BIT
>> 520 select CRYPTO_POLY1305
>> 521 help
>> 522 Poly1305 authenticator algorithm, RFC7539.
426 523
427 config CRYPTO_CAST_COMMON !! 524 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
428 tristate !! 525 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
>> 526 in IETF protocols. This is the x86_64 assembler implementation using SIMD
>> 527 instructions.
>> 528
>> 529 config CRYPTO_MD4
>> 530 tristate "MD4 digest algorithm"
>> 531 select CRYPTO_HASH
429 help 532 help
430 Common parts of the CAST cipher algo !! 533 MD4 message digest algorithm (RFC1320).
431 generic c and the assembler implemen <<
432 534
433 config CRYPTO_CAST5 !! 535 config CRYPTO_MD5
434 tristate "CAST5 (CAST-128)" !! 536 tristate "MD5 digest algorithm"
435 select CRYPTO_ALGAPI !! 537 select CRYPTO_HASH
436 select CRYPTO_CAST_COMMON <<
437 help 538 help
438 CAST5 (CAST-128) cipher algorithm (R !! 539 MD5 message digest algorithm (RFC1321).
439 540
440 config CRYPTO_CAST6 !! 541 config CRYPTO_MD5_OCTEON
441 tristate "CAST6 (CAST-256)" !! 542 tristate "MD5 digest algorithm (OCTEON)"
442 select CRYPTO_ALGAPI !! 543 depends on CPU_CAVIUM_OCTEON
443 select CRYPTO_CAST_COMMON !! 544 select CRYPTO_MD5
>> 545 select CRYPTO_HASH
444 help 546 help
445 CAST6 (CAST-256) encryption algorith !! 547 MD5 message digest algorithm (RFC1321) implemented
>> 548 using OCTEON crypto instructions, when available.
446 549
447 config CRYPTO_DES !! 550 config CRYPTO_MD5_PPC
448 tristate "DES and Triple DES EDE" !! 551 tristate "MD5 digest algorithm (PPC)"
449 select CRYPTO_ALGAPI !! 552 depends on PPC
450 select CRYPTO_LIB_DES !! 553 select CRYPTO_HASH
451 help 554 help
452 DES (Data Encryption Standard)(FIPS !! 555 MD5 message digest algorithm (RFC1321) implemented
453 Triple DES EDE (Encrypt/Decrypt/Encr !! 556 in PPC assembler.
454 cipher algorithms <<
455 557
456 config CRYPTO_FCRYPT !! 558 config CRYPTO_MD5_SPARC64
457 tristate "FCrypt" !! 559 tristate "MD5 digest algorithm (SPARC64)"
458 select CRYPTO_ALGAPI !! 560 depends on SPARC64
459 select CRYPTO_SKCIPHER !! 561 select CRYPTO_MD5
>> 562 select CRYPTO_HASH
460 help 563 help
461 FCrypt algorithm used by RxRPC !! 564 MD5 message digest algorithm (RFC1321) implemented
>> 565 using sparc64 crypto instructions, when available.
462 566
463 See https://ota.polyonymo.us/fcrypt- !! 567 config CRYPTO_MICHAEL_MIC
>> 568 tristate "Michael MIC keyed digest algorithm"
>> 569 select CRYPTO_HASH
>> 570 help
>> 571 Michael MIC is used for message integrity protection in TKIP
>> 572 (IEEE 802.11i). This algorithm is required for TKIP, but it
>> 573 should not be used for other purposes because of the weakness
>> 574 of the algorithm.
464 575
465 config CRYPTO_KHAZAD !! 576 config CRYPTO_RMD128
466 tristate "Khazad" !! 577 tristate "RIPEMD-128 digest algorithm"
467 depends on CRYPTO_USER_API_ENABLE_OBSO !! 578 select CRYPTO_HASH
468 select CRYPTO_ALGAPI <<
469 help 579 help
470 Khazad cipher algorithm !! 580 RIPEMD-128 (ISO/IEC 10118-3:2004).
471 581
472 Khazad was a finalist in the initial !! 582 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
473 an algorithm optimized for 64-bit pr !! 583 be used as a secure replacement for RIPEMD. For other use cases,
474 on 32-bit processors. Khazad uses a !! 584 RIPEMD-160 should be used.
475 585
476 See https://web.archive.org/web/2017 !! 586 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
477 for further information. !! 587 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
478 588
479 config CRYPTO_SEED !! 589 config CRYPTO_RMD160
480 tristate "SEED" !! 590 tristate "RIPEMD-160 digest algorithm"
481 depends on CRYPTO_USER_API_ENABLE_OBSO !! 591 select CRYPTO_HASH
482 select CRYPTO_ALGAPI <<
483 help 592 help
484 SEED cipher algorithm (RFC4269, ISO/ !! 593 RIPEMD-160 (ISO/IEC 10118-3:2004).
485 594
486 SEED is a 128-bit symmetric key bloc !! 595 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
487 developed by KISA (Korea Information !! 596 to be used as a secure replacement for the 128-bit hash functions
488 national standard encryption algorit !! 597 MD4, MD5 and it's predecessor RIPEMD
489 It is a 16 round block cipher with t !! 598 (not to be confused with RIPEMD-128).
490 599
491 See https://seed.kisa.or.kr/kisa/alg !! 600 It's speed is comparable to SHA1 and there are no known attacks
492 for further information. !! 601 against RIPEMD-160.
493 602
494 config CRYPTO_SERPENT !! 603 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
495 tristate "Serpent" !! 604 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
496 select CRYPTO_ALGAPI !! 605
>> 606 config CRYPTO_RMD256
>> 607 tristate "RIPEMD-256 digest algorithm"
>> 608 select CRYPTO_HASH
497 help 609 help
498 Serpent cipher algorithm, by Anderso !! 610 RIPEMD-256 is an optional extension of RIPEMD-128 with a
>> 611 256 bit hash. It is intended for applications that require
>> 612 longer hash-results, without needing a larger security level
>> 613 (than RIPEMD-128).
499 614
500 Keys are allowed to be from 0 to 256 !! 615 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
501 of 8 bits. !! 616 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
502 617
503 See https://www.cl.cam.ac.uk/~rja14/ !! 618 config CRYPTO_RMD320
>> 619 tristate "RIPEMD-320 digest algorithm"
>> 620 select CRYPTO_HASH
>> 621 help
>> 622 RIPEMD-320 is an optional extension of RIPEMD-160 with a
>> 623 320 bit hash. It is intended for applications that require
>> 624 longer hash-results, without needing a larger security level
>> 625 (than RIPEMD-160).
504 626
505 config CRYPTO_SM4 !! 627 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
506 tristate !! 628 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
507 629
508 config CRYPTO_SM4_GENERIC !! 630 config CRYPTO_SHA1
509 tristate "SM4 (ShangMi 4)" !! 631 tristate "SHA1 digest algorithm"
510 select CRYPTO_ALGAPI !! 632 select CRYPTO_HASH
511 select CRYPTO_SM4 <<
512 help 633 help
513 SM4 cipher algorithms (OSCCA GB/T 32 !! 634 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
514 ISO/IEC 18033-3:2010/Amd 1:2021) <<
515 635
516 SM4 (GBT.32907-2016) is a cryptograp !! 636 config CRYPTO_SHA1_SSSE3
517 Organization of State Commercial Adm !! 637 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
518 as an authorized cryptographic algor !! 638 depends on X86 && 64BIT
>> 639 select CRYPTO_SHA1
>> 640 select CRYPTO_HASH
>> 641 help
>> 642 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 643 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
>> 644 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
>> 645 when available.
519 646
520 SMS4 was originally created for use !! 647 config CRYPTO_SHA256_SSSE3
521 networks, and is mandated in the Chi !! 648 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
522 Wireless LAN WAPI (Wired Authenticat !! 649 depends on X86 && 64BIT
523 (GB.15629.11-2003). !! 650 select CRYPTO_SHA256
>> 651 select CRYPTO_HASH
>> 652 help
>> 653 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 654 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 655 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 656 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
>> 657 Instructions) when available.
>> 658
>> 659 config CRYPTO_SHA512_SSSE3
>> 660 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
>> 661 depends on X86 && 64BIT
>> 662 select CRYPTO_SHA512
>> 663 select CRYPTO_HASH
>> 664 help
>> 665 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 666 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 667 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 668 version 2 (AVX2) instructions, when available.
>> 669
>> 670 config CRYPTO_SHA1_OCTEON
>> 671 tristate "SHA1 digest algorithm (OCTEON)"
>> 672 depends on CPU_CAVIUM_OCTEON
>> 673 select CRYPTO_SHA1
>> 674 select CRYPTO_HASH
>> 675 help
>> 676 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 677 using OCTEON crypto instructions, when available.
>> 678
>> 679 config CRYPTO_SHA1_SPARC64
>> 680 tristate "SHA1 digest algorithm (SPARC64)"
>> 681 depends on SPARC64
>> 682 select CRYPTO_SHA1
>> 683 select CRYPTO_HASH
>> 684 help
>> 685 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 686 using sparc64 crypto instructions, when available.
>> 687
>> 688 config CRYPTO_SHA1_PPC
>> 689 tristate "SHA1 digest algorithm (powerpc)"
>> 690 depends on PPC
>> 691 help
>> 692 This is the powerpc hardware accelerated implementation of the
>> 693 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
>> 694
>> 695 config CRYPTO_SHA1_PPC_SPE
>> 696 tristate "SHA1 digest algorithm (PPC SPE)"
>> 697 depends on PPC && SPE
>> 698 help
>> 699 SHA-1 secure hash standard (DFIPS 180-4) implemented
>> 700 using powerpc SPE SIMD instruction set.
>> 701
>> 702 config CRYPTO_SHA1_MB
>> 703 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
>> 704 depends on X86 && 64BIT
>> 705 select CRYPTO_SHA1
>> 706 select CRYPTO_HASH
>> 707 select CRYPTO_MCRYPTD
>> 708 help
>> 709 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 710 using multi-buffer technique. This algorithm computes on
>> 711 multiple data lanes concurrently with SIMD instructions for
>> 712 better throughput. It should not be enabled by default but
>> 713 used when there is significant amount of work to keep the keep
>> 714 the data lanes filled to get performance benefit. If the data
>> 715 lanes remain unfilled, a flush operation will be initiated to
>> 716 process the crypto jobs, adding a slight latency.
>> 717
>> 718 config CRYPTO_SHA256_MB
>> 719 tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)"
>> 720 depends on X86 && 64BIT
>> 721 select CRYPTO_SHA256
>> 722 select CRYPTO_HASH
>> 723 select CRYPTO_MCRYPTD
>> 724 help
>> 725 SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 726 using multi-buffer technique. This algorithm computes on
>> 727 multiple data lanes concurrently with SIMD instructions for
>> 728 better throughput. It should not be enabled by default but
>> 729 used when there is significant amount of work to keep the keep
>> 730 the data lanes filled to get performance benefit. If the data
>> 731 lanes remain unfilled, a flush operation will be initiated to
>> 732 process the crypto jobs, adding a slight latency.
>> 733
>> 734 config CRYPTO_SHA512_MB
>> 735 tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)"
>> 736 depends on X86 && 64BIT
>> 737 select CRYPTO_SHA512
>> 738 select CRYPTO_HASH
>> 739 select CRYPTO_MCRYPTD
>> 740 help
>> 741 SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 742 using multi-buffer technique. This algorithm computes on
>> 743 multiple data lanes concurrently with SIMD instructions for
>> 744 better throughput. It should not be enabled by default but
>> 745 used when there is significant amount of work to keep the keep
>> 746 the data lanes filled to get performance benefit. If the data
>> 747 lanes remain unfilled, a flush operation will be initiated to
>> 748 process the crypto jobs, adding a slight latency.
524 749
525 The latest SM4 standard (GBT.32907-2 !! 750 config CRYPTO_SHA256
526 standardized through TC 260 of the S !! 751 tristate "SHA224 and SHA256 digest algorithm"
527 of the People's Republic of China (S !! 752 select CRYPTO_HASH
>> 753 help
>> 754 SHA256 secure hash standard (DFIPS 180-2).
528 755
529 The input, output, and key of SMS4 a !! 756 This version of SHA implements a 256 bit hash with 128 bits of
>> 757 security against collision attacks.
530 758
531 See https://eprint.iacr.org/2008/329 !! 759 This code also includes SHA-224, a 224 bit hash with 112 bits
>> 760 of security against collision attacks.
532 761
533 If unsure, say N. !! 762 config CRYPTO_SHA256_PPC_SPE
>> 763 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
>> 764 depends on PPC && SPE
>> 765 select CRYPTO_SHA256
>> 766 select CRYPTO_HASH
>> 767 help
>> 768 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
>> 769 implemented using powerpc SPE SIMD instruction set.
534 770
535 config CRYPTO_TEA !! 771 config CRYPTO_SHA256_OCTEON
536 tristate "TEA, XTEA and XETA" !! 772 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
537 depends on CRYPTO_USER_API_ENABLE_OBSO !! 773 depends on CPU_CAVIUM_OCTEON
538 select CRYPTO_ALGAPI !! 774 select CRYPTO_SHA256
>> 775 select CRYPTO_HASH
539 help 776 help
540 TEA (Tiny Encryption Algorithm) ciph !! 777 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 778 using OCTEON crypto instructions, when available.
541 779
542 Tiny Encryption Algorithm is a simpl !! 780 config CRYPTO_SHA256_SPARC64
543 many rounds for security. It is ver !! 781 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
544 little memory. !! 782 depends on SPARC64
>> 783 select CRYPTO_SHA256
>> 784 select CRYPTO_HASH
>> 785 help
>> 786 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 787 using sparc64 crypto instructions, when available.
545 788
546 Xtendend Tiny Encryption Algorithm i !! 789 config CRYPTO_SHA512
547 the TEA algorithm to address a poten !! 790 tristate "SHA384 and SHA512 digest algorithms"
548 in the TEA algorithm. !! 791 select CRYPTO_HASH
>> 792 help
>> 793 SHA512 secure hash standard (DFIPS 180-2).
549 794
550 Xtendend Encryption Tiny Algorithm i !! 795 This version of SHA implements a 512 bit hash with 256 bits of
551 of the XTEA algorithm for compatibil !! 796 security against collision attacks.
552 797
553 config CRYPTO_TWOFISH !! 798 This code also includes SHA-384, a 384 bit hash with 192 bits
554 tristate "Twofish" !! 799 of security against collision attacks.
555 select CRYPTO_ALGAPI !! 800
556 select CRYPTO_TWOFISH_COMMON !! 801 config CRYPTO_SHA512_OCTEON
>> 802 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
>> 803 depends on CPU_CAVIUM_OCTEON
>> 804 select CRYPTO_SHA512
>> 805 select CRYPTO_HASH
557 help 806 help
558 Twofish cipher algorithm !! 807 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 808 using OCTEON crypto instructions, when available.
559 809
560 Twofish was submitted as an AES (Adv !! 810 config CRYPTO_SHA512_SPARC64
561 candidate cipher by researchers at C !! 811 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
562 16 round block cipher supporting key !! 812 depends on SPARC64
563 bits. !! 813 select CRYPTO_SHA512
>> 814 select CRYPTO_HASH
>> 815 help
>> 816 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 817 using sparc64 crypto instructions, when available.
564 818
565 See https://www.schneier.com/twofish !! 819 config CRYPTO_SHA3
>> 820 tristate "SHA3 digest algorithm"
>> 821 select CRYPTO_HASH
>> 822 help
>> 823 SHA-3 secure hash standard (DFIPS 202). It's based on
>> 824 cryptographic sponge function family called Keccak.
566 825
567 config CRYPTO_TWOFISH_COMMON !! 826 References:
568 tristate !! 827 http://keccak.noekeon.org/
>> 828
>> 829 config CRYPTO_TGR192
>> 830 tristate "Tiger digest algorithms"
>> 831 select CRYPTO_HASH
569 help 832 help
570 Common parts of the Twofish cipher a !! 833 Tiger hash algorithm 192, 160 and 128-bit hashes
571 generic c and the assembler implemen <<
572 834
573 endmenu !! 835 Tiger is a hash function optimized for 64-bit processors while
>> 836 still having decent performance on 32-bit processors.
>> 837 Tiger was developed by Ross Anderson and Eli Biham.
574 838
575 menu "Length-preserving ciphers and modes" !! 839 See also:
>> 840 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
576 841
577 config CRYPTO_ADIANTUM !! 842 config CRYPTO_WP512
578 tristate "Adiantum" !! 843 tristate "Whirlpool digest algorithms"
579 select CRYPTO_CHACHA20 !! 844 select CRYPTO_HASH
580 select CRYPTO_LIB_POLY1305_GENERIC <<
581 select CRYPTO_NHPOLY1305 <<
582 select CRYPTO_MANAGER <<
583 help 845 help
584 Adiantum tweakable, length-preservin !! 846 Whirlpool hash algorithm 512, 384 and 256-bit hashes
585 847
586 Designed for fast and secure disk en !! 848 Whirlpool-512 is part of the NESSIE cryptographic primitives.
587 CPUs without dedicated crypto instru !! 849 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
588 each sector using the XChaCha12 stre <<
589 an ε-almost-∆-universal hash func <<
590 the AES-256 block cipher on a single <<
591 without AES instructions, Adiantum i <<
592 AES-XTS. <<
593 <<
594 Adiantum's security is provably redu <<
595 underlying stream and block ciphers, <<
596 bound. Unlike XTS, Adiantum is a tr <<
597 mode, so it actually provides an eve <<
598 security than XTS, subject to the se <<
599 850
600 If unsure, say N. !! 851 See also:
>> 852 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
601 853
602 config CRYPTO_ARC4 !! 854 config CRYPTO_GHASH_CLMUL_NI_INTEL
603 tristate "ARC4 (Alleged Rivest Cipher !! 855 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
604 depends on CRYPTO_USER_API_ENABLE_OBSO !! 856 depends on X86 && 64BIT
605 select CRYPTO_SKCIPHER !! 857 select CRYPTO_CRYPTD
606 select CRYPTO_LIB_ARC4 <<
607 help 858 help
608 ARC4 cipher algorithm !! 859 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
>> 860 The implementation is accelerated by CLMUL-NI of Intel.
609 861
610 ARC4 is a stream cipher using keys r !! 862 comment "Ciphers"
611 bits in length. This algorithm is r <<
612 WEP, but it should not be for other <<
613 weakness of the algorithm. <<
614 863
615 config CRYPTO_CHACHA20 !! 864 config CRYPTO_AES
616 tristate "ChaCha" !! 865 tristate "AES cipher algorithms"
617 select CRYPTO_LIB_CHACHA_GENERIC !! 866 select CRYPTO_ALGAPI
618 select CRYPTO_SKCIPHER <<
619 help 867 help
620 The ChaCha20, XChaCha20, and XChaCha !! 868 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 869 algorithm.
621 870
622 ChaCha20 is a 256-bit high-speed str !! 871 Rijndael appears to be consistently a very good performer in
623 Bernstein and further specified in R !! 872 both hardware and software across a wide range of computing
624 This is the portable C implementatio !! 873 environments regardless of its use in feedback or non-feedback
625 https://cr.yp.to/chacha/chacha-20080 !! 874 modes. Its key setup time is excellent, and its key agility is
>> 875 good. Rijndael's very low memory requirements make it very well
>> 876 suited for restricted-space environments, in which it also
>> 877 demonstrates excellent performance. Rijndael's operations are
>> 878 among the easiest to defend against power and timing attacks.
626 879
627 XChaCha20 is the application of the !! 880 The AES specifies three key sizes: 128, 192 and 256 bits
628 rather than to Salsa20. XChaCha20 e <<
629 from 64 bits (or 96 bits using the R <<
630 while provably retaining ChaCha20's <<
631 https://cr.yp.to/snuffle/xsalsa-2008 <<
632 <<
633 XChaCha12 is XChaCha20 reduced to 12 <<
634 reduced security margin but increase <<
635 in some performance-sensitive scenar <<
636 881
637 config CRYPTO_CBC !! 882 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
638 tristate "CBC (Cipher Block Chaining)" !! 883
639 select CRYPTO_SKCIPHER !! 884 config CRYPTO_AES_586
640 select CRYPTO_MANAGER !! 885 tristate "AES cipher algorithms (i586)"
>> 886 depends on (X86 || UML_X86) && !64BIT
>> 887 select CRYPTO_ALGAPI
>> 888 select CRYPTO_AES
641 help 889 help
642 CBC (Cipher Block Chaining) mode (NI !! 890 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 891 algorithm.
>> 892
>> 893 Rijndael appears to be consistently a very good performer in
>> 894 both hardware and software across a wide range of computing
>> 895 environments regardless of its use in feedback or non-feedback
>> 896 modes. Its key setup time is excellent, and its key agility is
>> 897 good. Rijndael's very low memory requirements make it very well
>> 898 suited for restricted-space environments, in which it also
>> 899 demonstrates excellent performance. Rijndael's operations are
>> 900 among the easiest to defend against power and timing attacks.
643 901
644 This block cipher mode is required f !! 902 The AES specifies three key sizes: 128, 192 and 256 bits
645 903
646 config CRYPTO_CTR !! 904 See <http://csrc.nist.gov/encryption/aes/> for more information.
647 tristate "CTR (Counter)" <<
648 select CRYPTO_SKCIPHER <<
649 select CRYPTO_MANAGER <<
650 help <<
651 CTR (Counter) mode (NIST SP800-38A) <<
652 905
653 config CRYPTO_CTS !! 906 config CRYPTO_AES_X86_64
654 tristate "CTS (Cipher Text Stealing)" !! 907 tristate "AES cipher algorithms (x86_64)"
655 select CRYPTO_SKCIPHER !! 908 depends on (X86 || UML_X86) && 64BIT
656 select CRYPTO_MANAGER !! 909 select CRYPTO_ALGAPI
>> 910 select CRYPTO_AES
657 help 911 help
658 CBC-CS3 variant of CTS (Cipher Text !! 912 AES cipher algorithms (FIPS-197). AES uses the Rijndael
659 Addendum to SP800-38A (October 2010) !! 913 algorithm.
660 914
661 This mode is required for Kerberos g !! 915 Rijndael appears to be consistently a very good performer in
662 for AES encryption. !! 916 both hardware and software across a wide range of computing
>> 917 environments regardless of its use in feedback or non-feedback
>> 918 modes. Its key setup time is excellent, and its key agility is
>> 919 good. Rijndael's very low memory requirements make it very well
>> 920 suited for restricted-space environments, in which it also
>> 921 demonstrates excellent performance. Rijndael's operations are
>> 922 among the easiest to defend against power and timing attacks.
663 923
664 config CRYPTO_ECB !! 924 The AES specifies three key sizes: 128, 192 and 256 bits
665 tristate "ECB (Electronic Codebook)" <<
666 select CRYPTO_SKCIPHER2 <<
667 select CRYPTO_MANAGER <<
668 help <<
669 ECB (Electronic Codebook) mode (NIST <<
670 925
671 config CRYPTO_HCTR2 !! 926 See <http://csrc.nist.gov/encryption/aes/> for more information.
672 tristate "HCTR2" !! 927
673 select CRYPTO_XCTR !! 928 config CRYPTO_AES_NI_INTEL
674 select CRYPTO_POLYVAL !! 929 tristate "AES cipher algorithms (AES-NI)"
675 select CRYPTO_MANAGER !! 930 depends on X86
>> 931 select CRYPTO_AES_X86_64 if 64BIT
>> 932 select CRYPTO_AES_586 if !64BIT
>> 933 select CRYPTO_CRYPTD
>> 934 select CRYPTO_ABLK_HELPER
>> 935 select CRYPTO_ALGAPI
>> 936 select CRYPTO_GLUE_HELPER_X86 if 64BIT
>> 937 select CRYPTO_LRW
>> 938 select CRYPTO_XTS
676 help 939 help
677 HCTR2 length-preserving encryption m !! 940 Use Intel AES-NI instructions for AES algorithm.
678 941
679 A mode for storage encryption that i !! 942 AES cipher algorithms (FIPS-197). AES uses the Rijndael
680 instructions to accelerate AES and c !! 943 algorithm.
681 x86 processors with AES-NI and CLMUL <<
682 ARMv8 crypto extensions. <<
683 944
684 See https://eprint.iacr.org/2021/144 !! 945 Rijndael appears to be consistently a very good performer in
>> 946 both hardware and software across a wide range of computing
>> 947 environments regardless of its use in feedback or non-feedback
>> 948 modes. Its key setup time is excellent, and its key agility is
>> 949 good. Rijndael's very low memory requirements make it very well
>> 950 suited for restricted-space environments, in which it also
>> 951 demonstrates excellent performance. Rijndael's operations are
>> 952 among the easiest to defend against power and timing attacks.
685 953
686 config CRYPTO_KEYWRAP !! 954 The AES specifies three key sizes: 128, 192 and 256 bits
687 tristate "KW (AES Key Wrap)" <<
688 select CRYPTO_SKCIPHER <<
689 select CRYPTO_MANAGER <<
690 help <<
691 KW (AES Key Wrap) authenticated encr <<
692 and RFC3394) without padding. <<
693 955
694 config CRYPTO_LRW !! 956 See <http://csrc.nist.gov/encryption/aes/> for more information.
695 tristate "LRW (Liskov Rivest Wagner)" !! 957
696 select CRYPTO_LIB_GF128MUL !! 958 In addition to AES cipher algorithm support, the acceleration
697 select CRYPTO_SKCIPHER !! 959 for some popular block cipher mode is supported too, including
698 select CRYPTO_MANAGER !! 960 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
699 select CRYPTO_ECB !! 961 acceleration for CTR.
>> 962
>> 963 config CRYPTO_AES_SPARC64
>> 964 tristate "AES cipher algorithms (SPARC64)"
>> 965 depends on SPARC64
>> 966 select CRYPTO_CRYPTD
>> 967 select CRYPTO_ALGAPI
700 help 968 help
701 LRW (Liskov Rivest Wagner) mode !! 969 Use SPARC64 crypto opcodes for AES algorithm.
702 970
703 A tweakable, non malleable, non mova !! 971 AES cipher algorithms (FIPS-197). AES uses the Rijndael
704 narrow block cipher mode for dm-cryp !! 972 algorithm.
705 specification string aes-lrw-benbi, <<
706 The first 128, 192 or 256 bits in th <<
707 rest is used to tie each cipher bloc <<
708 973
709 See https://people.csail.mit.edu/riv !! 974 Rijndael appears to be consistently a very good performer in
>> 975 both hardware and software across a wide range of computing
>> 976 environments regardless of its use in feedback or non-feedback
>> 977 modes. Its key setup time is excellent, and its key agility is
>> 978 good. Rijndael's very low memory requirements make it very well
>> 979 suited for restricted-space environments, in which it also
>> 980 demonstrates excellent performance. Rijndael's operations are
>> 981 among the easiest to defend against power and timing attacks.
710 982
711 config CRYPTO_PCBC !! 983 The AES specifies three key sizes: 128, 192 and 256 bits
712 tristate "PCBC (Propagating Cipher Blo <<
713 select CRYPTO_SKCIPHER <<
714 select CRYPTO_MANAGER <<
715 help <<
716 PCBC (Propagating Cipher Block Chain <<
717 984
718 This block cipher mode is required f !! 985 See <http://csrc.nist.gov/encryption/aes/> for more information.
719 986
720 config CRYPTO_XCTR !! 987 In addition to AES cipher algorithm support, the acceleration
721 tristate !! 988 for some popular block cipher mode is supported too, including
722 select CRYPTO_SKCIPHER !! 989 ECB and CBC.
723 select CRYPTO_MANAGER !! 990
>> 991 config CRYPTO_AES_PPC_SPE
>> 992 tristate "AES cipher algorithms (PPC SPE)"
>> 993 depends on PPC && SPE
>> 994 help
>> 995 AES cipher algorithms (FIPS-197). Additionally the acceleration
>> 996 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
>> 997 This module should only be used for low power (router) devices
>> 998 without hardware AES acceleration (e.g. caam crypto). It reduces the
>> 999 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
>> 1000 timining attacks. Nevertheless it might be not as secure as other
>> 1001 architecture specific assembler implementations that work on 1KB
>> 1002 tables or 256 bytes S-boxes.
>> 1003
>> 1004 config CRYPTO_ANUBIS
>> 1005 tristate "Anubis cipher algorithm"
>> 1006 select CRYPTO_ALGAPI
724 help 1007 help
725 XCTR (XOR Counter) mode for HCTR2 !! 1008 Anubis cipher algorithm.
726 1009
727 This blockcipher mode is a variant o !! 1010 Anubis is a variable key length cipher which can use keys from
728 addition rather than big-endian arit !! 1011 128 bits to 320 bits in length. It was evaluated as a entrant
>> 1012 in the NESSIE competition.
729 1013
730 XCTR mode is used to implement HCTR2 !! 1014 See also:
>> 1015 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
>> 1016 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
731 1017
732 config CRYPTO_XTS !! 1018 config CRYPTO_ARC4
733 tristate "XTS (XOR Encrypt XOR with ci !! 1019 tristate "ARC4 cipher algorithm"
734 select CRYPTO_SKCIPHER !! 1020 select CRYPTO_BLKCIPHER
735 select CRYPTO_MANAGER <<
736 select CRYPTO_ECB <<
737 help 1021 help
738 XTS (XOR Encrypt XOR with ciphertext !! 1022 ARC4 cipher algorithm.
739 and IEEE 1619) <<
740 1023
741 Use with aes-xts-plain, key size 256 !! 1024 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
742 implementation currently can't handl !! 1025 bits in length. This algorithm is required for driver-based
743 multiple of 16 bytes. !! 1026 WEP, but it should not be for other purposes because of the
>> 1027 weakness of the algorithm.
744 1028
745 config CRYPTO_NHPOLY1305 !! 1029 config CRYPTO_BLOWFISH
746 tristate !! 1030 tristate "Blowfish cipher algorithm"
747 select CRYPTO_HASH !! 1031 select CRYPTO_ALGAPI
748 select CRYPTO_LIB_POLY1305_GENERIC !! 1032 select CRYPTO_BLOWFISH_COMMON
>> 1033 help
>> 1034 Blowfish cipher algorithm, by Bruce Schneier.
749 1035
750 endmenu !! 1036 This is a variable key length cipher which can use keys from 32
>> 1037 bits to 448 bits in length. It's fast, simple and specifically
>> 1038 designed for use on "large microprocessors".
751 1039
752 menu "AEAD (authenticated encryption with asso !! 1040 See also:
>> 1041 <http://www.schneier.com/blowfish.html>
753 1042
754 config CRYPTO_AEGIS128 !! 1043 config CRYPTO_BLOWFISH_COMMON
755 tristate "AEGIS-128" !! 1044 tristate
756 select CRYPTO_AEAD <<
757 select CRYPTO_AES # for AES S-box tab <<
758 help 1045 help
759 AEGIS-128 AEAD algorithm !! 1046 Common parts of the Blowfish cipher algorithm shared by the
>> 1047 generic c and the assembler implementations.
760 1048
761 config CRYPTO_AEGIS128_SIMD !! 1049 See also:
762 bool "AEGIS-128 (arm NEON, arm64 NEON) !! 1050 <http://www.schneier.com/blowfish.html>
763 depends on CRYPTO_AEGIS128 && ((ARM || !! 1051
764 default y !! 1052 config CRYPTO_BLOWFISH_X86_64
>> 1053 tristate "Blowfish cipher algorithm (x86_64)"
>> 1054 depends on X86 && 64BIT
>> 1055 select CRYPTO_ALGAPI
>> 1056 select CRYPTO_BLOWFISH_COMMON
765 help 1057 help
766 AEGIS-128 AEAD algorithm !! 1058 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
767 1059
768 Architecture: arm or arm64 using: !! 1060 This is a variable key length cipher which can use keys from 32
769 - NEON (Advanced SIMD) extension !! 1061 bits to 448 bits in length. It's fast, simple and specifically
>> 1062 designed for use on "large microprocessors".
770 1063
771 config CRYPTO_CHACHA20POLY1305 !! 1064 See also:
772 tristate "ChaCha20-Poly1305" !! 1065 <http://www.schneier.com/blowfish.html>
773 select CRYPTO_CHACHA20 <<
774 select CRYPTO_POLY1305 <<
775 select CRYPTO_AEAD <<
776 select CRYPTO_MANAGER <<
777 help <<
778 ChaCha20 stream cipher and Poly1305 <<
779 mode (RFC8439) <<
780 1066
781 config CRYPTO_CCM !! 1067 config CRYPTO_CAMELLIA
782 tristate "CCM (Counter with Cipher Blo !! 1068 tristate "Camellia cipher algorithms"
783 select CRYPTO_CTR !! 1069 depends on CRYPTO
784 select CRYPTO_HASH !! 1070 select CRYPTO_ALGAPI
785 select CRYPTO_AEAD <<
786 select CRYPTO_MANAGER <<
787 help 1071 help
788 CCM (Counter with Cipher Block Chain !! 1072 Camellia cipher algorithms module.
789 authenticated encryption mode (NIST <<
790 1073
791 config CRYPTO_GCM !! 1074 Camellia is a symmetric key block cipher developed jointly
792 tristate "GCM (Galois/Counter Mode) an !! 1075 at NTT and Mitsubishi Electric Corporation.
793 select CRYPTO_CTR <<
794 select CRYPTO_AEAD <<
795 select CRYPTO_GHASH <<
796 select CRYPTO_NULL <<
797 select CRYPTO_MANAGER <<
798 help <<
799 GCM (Galois/Counter Mode) authentica <<
800 (GCM Message Authentication Code) (N <<
801 1076
802 This is required for IPSec ESP (XFRM !! 1077 The Camellia specifies three key sizes: 128, 192 and 256 bits.
803 1078
804 config CRYPTO_GENIV !! 1079 See also:
805 tristate !! 1080 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
806 select CRYPTO_AEAD <<
807 select CRYPTO_NULL <<
808 select CRYPTO_MANAGER <<
809 select CRYPTO_RNG_DEFAULT <<
810 1081
811 config CRYPTO_SEQIV !! 1082 config CRYPTO_CAMELLIA_X86_64
812 tristate "Sequence Number IV Generator !! 1083 tristate "Camellia cipher algorithm (x86_64)"
813 select CRYPTO_GENIV !! 1084 depends on X86 && 64BIT
>> 1085 depends on CRYPTO
>> 1086 select CRYPTO_ALGAPI
>> 1087 select CRYPTO_GLUE_HELPER_X86
>> 1088 select CRYPTO_LRW
>> 1089 select CRYPTO_XTS
814 help 1090 help
815 Sequence Number IV generator !! 1091 Camellia cipher algorithm module (x86_64).
816 1092
817 This IV generator generates an IV ba !! 1093 Camellia is a symmetric key block cipher developed jointly
818 xoring it with a salt. This algorit !! 1094 at NTT and Mitsubishi Electric Corporation.
819 1095
820 This is required for IPsec ESP (XFRM !! 1096 The Camellia specifies three key sizes: 128, 192 and 256 bits.
821 1097
822 config CRYPTO_ECHAINIV !! 1098 See also:
823 tristate "Encrypted Chain IV Generator !! 1099 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
824 select CRYPTO_GENIV !! 1100
>> 1101 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1102 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
>> 1103 depends on X86 && 64BIT
>> 1104 depends on CRYPTO
>> 1105 select CRYPTO_ALGAPI
>> 1106 select CRYPTO_CRYPTD
>> 1107 select CRYPTO_ABLK_HELPER
>> 1108 select CRYPTO_GLUE_HELPER_X86
>> 1109 select CRYPTO_CAMELLIA_X86_64
>> 1110 select CRYPTO_LRW
>> 1111 select CRYPTO_XTS
825 help 1112 help
826 Encrypted Chain IV generator !! 1113 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
827 1114
828 This IV generator generates an IV ba !! 1115 Camellia is a symmetric key block cipher developed jointly
829 a sequence number xored with a salt. !! 1116 at NTT and Mitsubishi Electric Corporation.
830 algorithm for CBC. <<
831 1117
832 config CRYPTO_ESSIV !! 1118 The Camellia specifies three key sizes: 128, 192 and 256 bits.
833 tristate "Encrypted Salt-Sector IV Gen <<
834 select CRYPTO_AUTHENC <<
835 help <<
836 Encrypted Salt-Sector IV generator <<
837 1119
838 This IV generator is used in some ca !! 1120 See also:
839 dm-crypt. It uses the hash of the bl !! 1121 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
840 symmetric key for a block encryption <<
841 IV, making low entropy IV sources mo <<
842 encryption. <<
843 1122
844 This driver implements a crypto API !! 1123 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
845 instantiated either as an skcipher o !! 1124 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
846 type of the first template argument) !! 1125 depends on X86 && 64BIT
847 and decryption requests to the encap !! 1126 depends on CRYPTO
848 ESSIV to the input IV. Note that in !! 1127 select CRYPTO_ALGAPI
849 that the keys are presented in the s !! 1128 select CRYPTO_CRYPTD
850 template, and that the IV appears at !! 1129 select CRYPTO_ABLK_HELPER
851 associated data (AAD) region (which !! 1130 select CRYPTO_GLUE_HELPER_X86
>> 1131 select CRYPTO_CAMELLIA_X86_64
>> 1132 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1133 select CRYPTO_LRW
>> 1134 select CRYPTO_XTS
>> 1135 help
>> 1136 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
852 1137
853 Note that the use of ESSIV is not re !! 1138 Camellia is a symmetric key block cipher developed jointly
854 and so this only needs to be enabled !! 1139 at NTT and Mitsubishi Electric Corporation.
855 existing encrypted volumes of filesy <<
856 building for a particular system tha <<
857 the SoC in question has accelerated <<
858 combined with ESSIV the only feasibl <<
859 block encryption) <<
860 1140
861 endmenu !! 1141 The Camellia specifies three key sizes: 128, 192 and 256 bits.
862 1142
863 menu "Hashes, digests, and MACs" !! 1143 See also:
>> 1144 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
864 1145
865 config CRYPTO_BLAKE2B !! 1146 config CRYPTO_CAMELLIA_SPARC64
866 tristate "BLAKE2b" !! 1147 tristate "Camellia cipher algorithm (SPARC64)"
867 select CRYPTO_HASH !! 1148 depends on SPARC64
>> 1149 depends on CRYPTO
>> 1150 select CRYPTO_ALGAPI
868 help 1151 help
869 BLAKE2b cryptographic hash function !! 1152 Camellia cipher algorithm module (SPARC64).
870 1153
871 BLAKE2b is optimized for 64-bit plat !! 1154 Camellia is a symmetric key block cipher developed jointly
872 of any size between 1 and 64 bytes. !! 1155 at NTT and Mitsubishi Electric Corporation.
873 1156
874 This module provides the following a !! 1157 The Camellia specifies three key sizes: 128, 192 and 256 bits.
875 - blake2b-160 !! 1158
876 - blake2b-256 !! 1159 See also:
877 - blake2b-384 !! 1160 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
878 - blake2b-512 <<
879 1161
880 Used by the btrfs filesystem. !! 1162 config CRYPTO_CAST_COMMON
>> 1163 tristate
>> 1164 help
>> 1165 Common parts of the CAST cipher algorithms shared by the
>> 1166 generic c and the assembler implementations.
881 1167
882 See https://blake2.net for further i !! 1168 config CRYPTO_CAST5
>> 1169 tristate "CAST5 (CAST-128) cipher algorithm"
>> 1170 select CRYPTO_ALGAPI
>> 1171 select CRYPTO_CAST_COMMON
>> 1172 help
>> 1173 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1174 described in RFC2144.
883 1175
884 config CRYPTO_CMAC !! 1176 config CRYPTO_CAST5_AVX_X86_64
885 tristate "CMAC (Cipher-based MAC)" !! 1177 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
886 select CRYPTO_HASH !! 1178 depends on X86 && 64BIT
887 select CRYPTO_MANAGER !! 1179 select CRYPTO_ALGAPI
>> 1180 select CRYPTO_CRYPTD
>> 1181 select CRYPTO_ABLK_HELPER
>> 1182 select CRYPTO_CAST_COMMON
>> 1183 select CRYPTO_CAST5
888 help 1184 help
889 CMAC (Cipher-based Message Authentic !! 1185 The CAST5 encryption algorithm (synonymous with CAST-128) is
890 mode (NIST SP800-38B and IETF RFC449 !! 1186 described in RFC2144.
891 1187
892 config CRYPTO_GHASH !! 1188 This module provides the Cast5 cipher algorithm that processes
893 tristate "GHASH" !! 1189 sixteen blocks parallel using the AVX instruction set.
894 select CRYPTO_HASH !! 1190
895 select CRYPTO_LIB_GF128MUL !! 1191 config CRYPTO_CAST6
>> 1192 tristate "CAST6 (CAST-256) cipher algorithm"
>> 1193 select CRYPTO_ALGAPI
>> 1194 select CRYPTO_CAST_COMMON
896 help 1195 help
897 GCM GHASH function (NIST SP800-38D) !! 1196 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1197 described in RFC2612.
898 1198
899 config CRYPTO_HMAC !! 1199 config CRYPTO_CAST6_AVX_X86_64
900 tristate "HMAC (Keyed-Hash MAC)" !! 1200 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
901 select CRYPTO_HASH !! 1201 depends on X86 && 64BIT
902 select CRYPTO_MANAGER !! 1202 select CRYPTO_ALGAPI
>> 1203 select CRYPTO_CRYPTD
>> 1204 select CRYPTO_ABLK_HELPER
>> 1205 select CRYPTO_GLUE_HELPER_X86
>> 1206 select CRYPTO_CAST_COMMON
>> 1207 select CRYPTO_CAST6
>> 1208 select CRYPTO_LRW
>> 1209 select CRYPTO_XTS
903 help 1210 help
904 HMAC (Keyed-Hash Message Authenticat !! 1211 The CAST6 encryption algorithm (synonymous with CAST-256) is
905 RFC2104) !! 1212 described in RFC2612.
906 1213
907 This is required for IPsec AH (XFRM_ !! 1214 This module provides the Cast6 cipher algorithm that processes
>> 1215 eight blocks parallel using the AVX instruction set.
908 1216
909 config CRYPTO_MD4 !! 1217 config CRYPTO_DES
910 tristate "MD4" !! 1218 tristate "DES and Triple DES EDE cipher algorithms"
911 select CRYPTO_HASH !! 1219 select CRYPTO_ALGAPI
912 help 1220 help
913 MD4 message digest algorithm (RFC132 !! 1221 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
914 1222
915 config CRYPTO_MD5 !! 1223 config CRYPTO_DES_SPARC64
916 tristate "MD5" !! 1224 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
917 select CRYPTO_HASH !! 1225 depends on SPARC64
>> 1226 select CRYPTO_ALGAPI
>> 1227 select CRYPTO_DES
918 help 1228 help
919 MD5 message digest algorithm (RFC132 !! 1229 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
>> 1230 optimized using SPARC64 crypto opcodes.
920 1231
921 config CRYPTO_MICHAEL_MIC !! 1232 config CRYPTO_DES3_EDE_X86_64
922 tristate "Michael MIC" !! 1233 tristate "Triple DES EDE cipher algorithm (x86-64)"
923 select CRYPTO_HASH !! 1234 depends on X86 && 64BIT
>> 1235 select CRYPTO_ALGAPI
>> 1236 select CRYPTO_DES
924 help 1237 help
925 Michael MIC (Message Integrity Code) !! 1238 Triple DES EDE (FIPS 46-3) algorithm.
926 1239
927 Defined by the IEEE 802.11i TKIP (Te !! 1240 This module provides implementation of the Triple DES EDE cipher
928 known as WPA (Wif-Fi Protected Acces !! 1241 algorithm that is optimized for x86-64 processors. Two versions of
>> 1242 algorithm are provided; regular processing one input block and
>> 1243 one that processes three blocks parallel.
929 1244
930 This algorithm is required for TKIP, !! 1245 config CRYPTO_FCRYPT
931 other purposes because of the weakne !! 1246 tristate "FCrypt cipher algorithm"
>> 1247 select CRYPTO_ALGAPI
>> 1248 select CRYPTO_BLKCIPHER
>> 1249 help
>> 1250 FCrypt algorithm used by RxRPC.
932 1251
933 config CRYPTO_POLYVAL !! 1252 config CRYPTO_KHAZAD
934 tristate !! 1253 tristate "Khazad cipher algorithm"
935 select CRYPTO_HASH !! 1254 select CRYPTO_ALGAPI
936 select CRYPTO_LIB_GF128MUL <<
937 help 1255 help
938 POLYVAL hash function for HCTR2 !! 1256 Khazad cipher algorithm.
939 1257
940 This is used in HCTR2. It is not a !! 1258 Khazad was a finalist in the initial NESSIE competition. It is
941 cryptographic hash function. !! 1259 an algorithm optimized for 64-bit processors with good performance
>> 1260 on 32-bit processors. Khazad uses an 128 bit key size.
942 1261
943 config CRYPTO_POLY1305 !! 1262 See also:
944 tristate "Poly1305" !! 1263 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
945 select CRYPTO_HASH !! 1264
946 select CRYPTO_LIB_POLY1305_GENERIC !! 1265 config CRYPTO_SALSA20
>> 1266 tristate "Salsa20 stream cipher algorithm"
>> 1267 select CRYPTO_BLKCIPHER
947 help 1268 help
948 Poly1305 authenticator algorithm (RF !! 1269 Salsa20 stream cipher algorithm.
949 1270
950 Poly1305 is an authenticator algorit !! 1271 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
951 It is used for the ChaCha20-Poly1305 !! 1272 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
952 in IETF protocols. This is the porta <<
953 1273
954 config CRYPTO_RMD160 !! 1274 The Salsa20 stream cipher algorithm is designed by Daniel J.
955 tristate "RIPEMD-160" !! 1275 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
956 select CRYPTO_HASH !! 1276
>> 1277 config CRYPTO_SALSA20_586
>> 1278 tristate "Salsa20 stream cipher algorithm (i586)"
>> 1279 depends on (X86 || UML_X86) && !64BIT
>> 1280 select CRYPTO_BLKCIPHER
957 help 1281 help
958 RIPEMD-160 hash function (ISO/IEC 10 !! 1282 Salsa20 stream cipher algorithm.
959 1283
960 RIPEMD-160 is a 160-bit cryptographi !! 1284 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
961 to be used as a secure replacement f !! 1285 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
962 MD4, MD5 and its predecessor RIPEMD <<
963 (not to be confused with RIPEMD-128) <<
964 1286
965 Its speed is comparable to SHA-1 and !! 1287 The Salsa20 stream cipher algorithm is designed by Daniel J.
966 against RIPEMD-160. !! 1288 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
967 1289
968 Developed by Hans Dobbertin, Antoon !! 1290 config CRYPTO_SALSA20_X86_64
969 See https://homes.esat.kuleuven.be/~ !! 1291 tristate "Salsa20 stream cipher algorithm (x86_64)"
970 for further information. !! 1292 depends on (X86 || UML_X86) && 64BIT
971 !! 1293 select CRYPTO_BLKCIPHER
972 config CRYPTO_SHA1 <<
973 tristate "SHA-1" <<
974 select CRYPTO_HASH <<
975 select CRYPTO_LIB_SHA1 <<
976 help 1294 help
977 SHA-1 secure hash algorithm (FIPS 18 !! 1295 Salsa20 stream cipher algorithm.
978 1296
979 config CRYPTO_SHA256 !! 1297 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
980 tristate "SHA-224 and SHA-256" !! 1298 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
981 select CRYPTO_HASH !! 1299
982 select CRYPTO_LIB_SHA256 !! 1300 The Salsa20 stream cipher algorithm is designed by Daniel J.
>> 1301 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
>> 1302
>> 1303 config CRYPTO_CHACHA20
>> 1304 tristate "ChaCha20 cipher algorithm"
>> 1305 select CRYPTO_BLKCIPHER
983 help 1306 help
984 SHA-224 and SHA-256 secure hash algo !! 1307 ChaCha20 cipher algorithm, RFC7539.
985 1308
986 This is required for IPsec AH (XFRM_ !! 1309 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
987 Used by the btrfs filesystem, Ceph, !! 1310 Bernstein and further specified in RFC7539 for use in IETF protocols.
>> 1311 This is the portable C implementation of ChaCha20.
988 1312
989 config CRYPTO_SHA512 !! 1313 See also:
990 tristate "SHA-384 and SHA-512" !! 1314 <http://cr.yp.to/chacha/chacha-20080128.pdf>
991 select CRYPTO_HASH !! 1315
>> 1316 config CRYPTO_CHACHA20_X86_64
>> 1317 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
>> 1318 depends on X86 && 64BIT
>> 1319 select CRYPTO_BLKCIPHER
>> 1320 select CRYPTO_CHACHA20
992 help 1321 help
993 SHA-384 and SHA-512 secure hash algo !! 1322 ChaCha20 cipher algorithm, RFC7539.
994 1323
995 config CRYPTO_SHA3 !! 1324 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
996 tristate "SHA-3" !! 1325 Bernstein and further specified in RFC7539 for use in IETF protocols.
997 select CRYPTO_HASH !! 1326 This is the x86_64 assembler implementation using SIMD instructions.
>> 1327
>> 1328 See also:
>> 1329 <http://cr.yp.to/chacha/chacha-20080128.pdf>
>> 1330
>> 1331 config CRYPTO_SEED
>> 1332 tristate "SEED cipher algorithm"
>> 1333 select CRYPTO_ALGAPI
998 help 1334 help
999 SHA-3 secure hash algorithms (FIPS 2 !! 1335 SEED cipher algorithm (RFC4269).
1000 1336
1001 config CRYPTO_SM3 !! 1337 SEED is a 128-bit symmetric key block cipher that has been
1002 tristate !! 1338 developed by KISA (Korea Information Security Agency) as a
>> 1339 national standard encryption algorithm of the Republic of Korea.
>> 1340 It is a 16 round block cipher with the key size of 128 bit.
1003 1341
1004 config CRYPTO_SM3_GENERIC !! 1342 See also:
1005 tristate "SM3 (ShangMi 3)" !! 1343 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1006 select CRYPTO_HASH !! 1344
1007 select CRYPTO_SM3 !! 1345 config CRYPTO_SERPENT
>> 1346 tristate "Serpent cipher algorithm"
>> 1347 select CRYPTO_ALGAPI
1008 help 1348 help
1009 SM3 (ShangMi 3) secure hash functio !! 1349 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1010 1350
1011 This is part of the Chinese Commerc !! 1351 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1352 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
>> 1353 variant of Serpent for compatibility with old kerneli.org code.
1012 1354
1013 References: !! 1355 See also:
1014 http://www.oscca.gov.cn/UpFile/2010 !! 1356 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1015 https://datatracker.ietf.org/doc/ht <<
1016 1357
1017 config CRYPTO_STREEBOG !! 1358 config CRYPTO_SERPENT_SSE2_X86_64
1018 tristate "Streebog" !! 1359 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1019 select CRYPTO_HASH !! 1360 depends on X86 && 64BIT
>> 1361 select CRYPTO_ALGAPI
>> 1362 select CRYPTO_CRYPTD
>> 1363 select CRYPTO_ABLK_HELPER
>> 1364 select CRYPTO_GLUE_HELPER_X86
>> 1365 select CRYPTO_SERPENT
>> 1366 select CRYPTO_LRW
>> 1367 select CRYPTO_XTS
1020 help 1368 help
1021 Streebog Hash Function (GOST R 34.1 !! 1369 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1022 1370
1023 This is one of the Russian cryptogr !! 1371 Keys are allowed to be from 0 to 256 bits in length, in steps
1024 GOST algorithms). This setting enab !! 1372 of 8 bits.
1025 256 and 512 bits output. <<
1026 1373
1027 References: !! 1374 This module provides Serpent cipher algorithm that processes eight
1028 https://tc26.ru/upload/iblock/fed/f !! 1375 blocks parallel using SSE2 instruction set.
1029 https://tools.ietf.org/html/rfc6986 <<
1030 1376
1031 config CRYPTO_VMAC !! 1377 See also:
1032 tristate "VMAC" !! 1378 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1033 select CRYPTO_HASH !! 1379
1034 select CRYPTO_MANAGER !! 1380 config CRYPTO_SERPENT_SSE2_586
>> 1381 tristate "Serpent cipher algorithm (i586/SSE2)"
>> 1382 depends on X86 && !64BIT
>> 1383 select CRYPTO_ALGAPI
>> 1384 select CRYPTO_CRYPTD
>> 1385 select CRYPTO_ABLK_HELPER
>> 1386 select CRYPTO_GLUE_HELPER_X86
>> 1387 select CRYPTO_SERPENT
>> 1388 select CRYPTO_LRW
>> 1389 select CRYPTO_XTS
1035 help 1390 help
1036 VMAC is a message authentication al !! 1391 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1037 very high speed on 64-bit architect !! 1392
>> 1393 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1394 of 8 bits.
1038 1395
1039 See https://fastcrypto.org/vmac for !! 1396 This module provides Serpent cipher algorithm that processes four
>> 1397 blocks parallel using SSE2 instruction set.
1040 1398
1041 config CRYPTO_WP512 !! 1399 See also:
1042 tristate "Whirlpool" !! 1400 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1043 select CRYPTO_HASH !! 1401
>> 1402 config CRYPTO_SERPENT_AVX_X86_64
>> 1403 tristate "Serpent cipher algorithm (x86_64/AVX)"
>> 1404 depends on X86 && 64BIT
>> 1405 select CRYPTO_ALGAPI
>> 1406 select CRYPTO_CRYPTD
>> 1407 select CRYPTO_ABLK_HELPER
>> 1408 select CRYPTO_GLUE_HELPER_X86
>> 1409 select CRYPTO_SERPENT
>> 1410 select CRYPTO_LRW
>> 1411 select CRYPTO_XTS
1044 help 1412 help
1045 Whirlpool hash function (ISO/IEC 10 !! 1413 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1046 1414
1047 512, 384 and 256-bit hashes. !! 1415 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1416 of 8 bits.
1048 1417
1049 Whirlpool-512 is part of the NESSIE !! 1418 This module provides the Serpent cipher algorithm that processes
>> 1419 eight blocks parallel using the AVX instruction set.
1050 1420
1051 See https://web.archive.org/web/201 !! 1421 See also:
1052 for further information. !! 1422 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1053 1423
1054 config CRYPTO_XCBC !! 1424 config CRYPTO_SERPENT_AVX2_X86_64
1055 tristate "XCBC-MAC (Extended Cipher B !! 1425 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1056 select CRYPTO_HASH !! 1426 depends on X86 && 64BIT
1057 select CRYPTO_MANAGER !! 1427 select CRYPTO_ALGAPI
>> 1428 select CRYPTO_CRYPTD
>> 1429 select CRYPTO_ABLK_HELPER
>> 1430 select CRYPTO_GLUE_HELPER_X86
>> 1431 select CRYPTO_SERPENT
>> 1432 select CRYPTO_SERPENT_AVX_X86_64
>> 1433 select CRYPTO_LRW
>> 1434 select CRYPTO_XTS
1058 help 1435 help
1059 XCBC-MAC (Extended Cipher Block Cha !! 1436 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1060 Code) (RFC3566) <<
1061 1437
1062 config CRYPTO_XXHASH !! 1438 Keys are allowed to be from 0 to 256 bits in length, in steps
1063 tristate "xxHash" !! 1439 of 8 bits.
1064 select CRYPTO_HASH !! 1440
1065 select XXHASH !! 1441 This module provides Serpent cipher algorithm that processes 16
>> 1442 blocks parallel using AVX2 instruction set.
>> 1443
>> 1444 See also:
>> 1445 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1446
>> 1447 config CRYPTO_TEA
>> 1448 tristate "TEA, XTEA and XETA cipher algorithms"
>> 1449 select CRYPTO_ALGAPI
1066 help 1450 help
1067 xxHash non-cryptographic hash algor !! 1451 TEA cipher algorithm.
>> 1452
>> 1453 Tiny Encryption Algorithm is a simple cipher that uses
>> 1454 many rounds for security. It is very fast and uses
>> 1455 little memory.
>> 1456
>> 1457 Xtendend Tiny Encryption Algorithm is a modification to
>> 1458 the TEA algorithm to address a potential key weakness
>> 1459 in the TEA algorithm.
>> 1460
>> 1461 Xtendend Encryption Tiny Algorithm is a mis-implementation
>> 1462 of the XTEA algorithm for compatibility purposes.
1068 1463
1069 Extremely fast, working at speeds c !! 1464 config CRYPTO_TWOFISH
>> 1465 tristate "Twofish cipher algorithm"
>> 1466 select CRYPTO_ALGAPI
>> 1467 select CRYPTO_TWOFISH_COMMON
>> 1468 help
>> 1469 Twofish cipher algorithm.
1070 1470
1071 Used by the btrfs filesystem. !! 1471 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1472 candidate cipher by researchers at CounterPane Systems. It is a
>> 1473 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1474 bits.
1072 1475
1073 endmenu !! 1476 See also:
>> 1477 <http://www.schneier.com/twofish.html>
1074 1478
1075 menu "CRCs (cyclic redundancy checks)" !! 1479 config CRYPTO_TWOFISH_COMMON
>> 1480 tristate
>> 1481 help
>> 1482 Common parts of the Twofish cipher algorithm shared by the
>> 1483 generic c and the assembler implementations.
1076 1484
1077 config CRYPTO_CRC32C !! 1485 config CRYPTO_TWOFISH_586
1078 tristate "CRC32c" !! 1486 tristate "Twofish cipher algorithms (i586)"
1079 select CRYPTO_HASH !! 1487 depends on (X86 || UML_X86) && !64BIT
1080 select CRC32 !! 1488 select CRYPTO_ALGAPI
>> 1489 select CRYPTO_TWOFISH_COMMON
1081 help 1490 help
1082 CRC32c CRC algorithm with the iSCSI !! 1491 Twofish cipher algorithm.
1083 1492
1084 A 32-bit CRC (cyclic redundancy che !! 1493 Twofish was submitted as an AES (Advanced Encryption Standard)
1085 by G. Castagnoli, S. Braeuer and M. !! 1494 candidate cipher by researchers at CounterPane Systems. It is a
1086 Redundancy-Check Codes with 24 and !! 1495 16 round block cipher supporting key sizes of 128, 192, and 256
1087 on Communications, Vol. 41, No. 6, !! 1496 bits.
1088 iSCSI. <<
1089 1497
1090 Used by btrfs, ext4, jbd2, NVMeoF/T !! 1498 See also:
>> 1499 <http://www.schneier.com/twofish.html>
1091 1500
1092 config CRYPTO_CRC32 !! 1501 config CRYPTO_TWOFISH_X86_64
1093 tristate "CRC32" !! 1502 tristate "Twofish cipher algorithm (x86_64)"
1094 select CRYPTO_HASH !! 1503 depends on (X86 || UML_X86) && 64BIT
1095 select CRC32 !! 1504 select CRYPTO_ALGAPI
>> 1505 select CRYPTO_TWOFISH_COMMON
1096 help 1506 help
1097 CRC32 CRC algorithm (IEEE 802.3) !! 1507 Twofish cipher algorithm (x86_64).
1098 1508
1099 Used by RoCEv2 and f2fs. !! 1509 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1510 candidate cipher by researchers at CounterPane Systems. It is a
>> 1511 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1512 bits.
1100 1513
1101 config CRYPTO_CRCT10DIF !! 1514 See also:
1102 tristate "CRCT10DIF" !! 1515 <http://www.schneier.com/twofish.html>
1103 select CRYPTO_HASH !! 1516
>> 1517 config CRYPTO_TWOFISH_X86_64_3WAY
>> 1518 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
>> 1519 depends on X86 && 64BIT
>> 1520 select CRYPTO_ALGAPI
>> 1521 select CRYPTO_TWOFISH_COMMON
>> 1522 select CRYPTO_TWOFISH_X86_64
>> 1523 select CRYPTO_GLUE_HELPER_X86
>> 1524 select CRYPTO_LRW
>> 1525 select CRYPTO_XTS
1104 help 1526 help
1105 CRC16 CRC algorithm used for the T1 !! 1527 Twofish cipher algorithm (x86_64, 3-way parallel).
1106 1528
1107 CRC algorithm used by the SCSI Bloc !! 1529 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1530 candidate cipher by researchers at CounterPane Systems. It is a
>> 1531 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1532 bits.
1108 1533
1109 config CRYPTO_CRC64_ROCKSOFT !! 1534 This module provides Twofish cipher algorithm that processes three
1110 tristate "CRC64 based on Rocksoft Mod !! 1535 blocks parallel, utilizing resources of out-of-order CPUs better.
1111 depends on CRC64 !! 1536
1112 select CRYPTO_HASH !! 1537 See also:
>> 1538 <http://www.schneier.com/twofish.html>
>> 1539
>> 1540 config CRYPTO_TWOFISH_AVX_X86_64
>> 1541 tristate "Twofish cipher algorithm (x86_64/AVX)"
>> 1542 depends on X86 && 64BIT
>> 1543 select CRYPTO_ALGAPI
>> 1544 select CRYPTO_CRYPTD
>> 1545 select CRYPTO_ABLK_HELPER
>> 1546 select CRYPTO_GLUE_HELPER_X86
>> 1547 select CRYPTO_TWOFISH_COMMON
>> 1548 select CRYPTO_TWOFISH_X86_64
>> 1549 select CRYPTO_TWOFISH_X86_64_3WAY
>> 1550 select CRYPTO_LRW
>> 1551 select CRYPTO_XTS
1113 help 1552 help
1114 CRC64 CRC algorithm based on the Ro !! 1553 Twofish cipher algorithm (x86_64/AVX).
1115 1554
1116 Used by the NVMe implementation of !! 1555 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1556 candidate cipher by researchers at CounterPane Systems. It is a
>> 1557 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1558 bits.
1117 1559
1118 See https://zlib.net/crc_v3.txt !! 1560 This module provides the Twofish cipher algorithm that processes
>> 1561 eight blocks parallel using the AVX Instruction Set.
1119 1562
1120 endmenu !! 1563 See also:
>> 1564 <http://www.schneier.com/twofish.html>
1121 1565
1122 menu "Compression" !! 1566 comment "Compression"
1123 1567
1124 config CRYPTO_DEFLATE 1568 config CRYPTO_DEFLATE
1125 tristate "Deflate" !! 1569 tristate "Deflate compression algorithm"
1126 select CRYPTO_ALGAPI 1570 select CRYPTO_ALGAPI
1127 select CRYPTO_ACOMP2 <<
1128 select ZLIB_INFLATE 1571 select ZLIB_INFLATE
1129 select ZLIB_DEFLATE 1572 select ZLIB_DEFLATE
1130 help 1573 help
1131 Deflate compression algorithm (RFC1 !! 1574 This is the Deflate algorithm (RFC1951), specified for use in
>> 1575 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1132 1576
1133 Used by IPSec with the IPCOMP proto !! 1577 You will most probably want this if using IPSec.
1134 1578
1135 config CRYPTO_LZO 1579 config CRYPTO_LZO
1136 tristate "LZO" !! 1580 tristate "LZO compression algorithm"
1137 select CRYPTO_ALGAPI 1581 select CRYPTO_ALGAPI
1138 select CRYPTO_ACOMP2 <<
1139 select LZO_COMPRESS 1582 select LZO_COMPRESS
1140 select LZO_DECOMPRESS 1583 select LZO_DECOMPRESS
1141 help 1584 help
1142 LZO compression algorithm !! 1585 This is the LZO algorithm.
1143 <<
1144 See https://www.oberhumer.com/opens <<
1145 1586
1146 config CRYPTO_842 1587 config CRYPTO_842
1147 tristate "842" !! 1588 tristate "842 compression algorithm"
1148 select CRYPTO_ALGAPI 1589 select CRYPTO_ALGAPI
1149 select CRYPTO_ACOMP2 <<
1150 select 842_COMPRESS 1590 select 842_COMPRESS
1151 select 842_DECOMPRESS 1591 select 842_DECOMPRESS
1152 help 1592 help
1153 842 compression algorithm by IBM !! 1593 This is the 842 algorithm.
1154 <<
1155 See https://github.com/plauth/lib84 <<
1156 1594
1157 config CRYPTO_LZ4 1595 config CRYPTO_LZ4
1158 tristate "LZ4" !! 1596 tristate "LZ4 compression algorithm"
1159 select CRYPTO_ALGAPI 1597 select CRYPTO_ALGAPI
1160 select CRYPTO_ACOMP2 <<
1161 select LZ4_COMPRESS 1598 select LZ4_COMPRESS
1162 select LZ4_DECOMPRESS 1599 select LZ4_DECOMPRESS
1163 help 1600 help
1164 LZ4 compression algorithm !! 1601 This is the LZ4 algorithm.
1165 <<
1166 See https://github.com/lz4/lz4 for <<
1167 1602
1168 config CRYPTO_LZ4HC 1603 config CRYPTO_LZ4HC
1169 tristate "LZ4HC" !! 1604 tristate "LZ4HC compression algorithm"
1170 select CRYPTO_ALGAPI 1605 select CRYPTO_ALGAPI
1171 select CRYPTO_ACOMP2 <<
1172 select LZ4HC_COMPRESS 1606 select LZ4HC_COMPRESS
1173 select LZ4_DECOMPRESS 1607 select LZ4_DECOMPRESS
1174 help 1608 help
1175 LZ4 high compression mode algorithm !! 1609 This is the LZ4 high compression mode algorithm.
1176 1610
1177 See https://github.com/lz4/lz4 for !! 1611 comment "Random Number Generation"
1178 <<
1179 config CRYPTO_ZSTD <<
1180 tristate "Zstd" <<
1181 select CRYPTO_ALGAPI <<
1182 select CRYPTO_ACOMP2 <<
1183 select ZSTD_COMPRESS <<
1184 select ZSTD_DECOMPRESS <<
1185 help <<
1186 zstd compression algorithm <<
1187 <<
1188 See https://github.com/facebook/zst <<
1189 <<
1190 endmenu <<
1191 <<
1192 menu "Random number generation" <<
1193 1612
1194 config CRYPTO_ANSI_CPRNG 1613 config CRYPTO_ANSI_CPRNG
1195 tristate "ANSI PRNG (Pseudo Random Nu !! 1614 tristate "Pseudo Random Number Generation for Cryptographic modules"
1196 select CRYPTO_AES 1615 select CRYPTO_AES
1197 select CRYPTO_RNG 1616 select CRYPTO_RNG
1198 help 1617 help
1199 Pseudo RNG (random number generator !! 1618 This option enables the generic pseudo random number generator
1200 !! 1619 for cryptographic modules. Uses the Algorithm specified in
1201 This uses the AES cipher algorithm. !! 1620 ANSI X9.31 A.2.4. Note that this option must be enabled if
1202 !! 1621 CRYPTO_FIPS is selected
1203 Note that this option must be enabl <<
1204 1622
1205 menuconfig CRYPTO_DRBG_MENU 1623 menuconfig CRYPTO_DRBG_MENU
1206 tristate "NIST SP800-90A DRBG (Determ !! 1624 tristate "NIST SP800-90A DRBG"
1207 help 1625 help
1208 DRBG (Deterministic Random Bit Gene !! 1626 NIST SP800-90A compliant DRBG. In the following submenu, one or
1209 !! 1627 more of the DRBG types must be selected.
1210 In the following submenu, one or mo <<
1211 1628
1212 if CRYPTO_DRBG_MENU 1629 if CRYPTO_DRBG_MENU
1213 1630
1214 config CRYPTO_DRBG_HMAC 1631 config CRYPTO_DRBG_HMAC
1215 bool 1632 bool
1216 default y 1633 default y
1217 select CRYPTO_HMAC 1634 select CRYPTO_HMAC
1218 select CRYPTO_SHA512 !! 1635 select CRYPTO_SHA256
1219 1636
1220 config CRYPTO_DRBG_HASH 1637 config CRYPTO_DRBG_HASH
1221 bool "Hash_DRBG" !! 1638 bool "Enable Hash DRBG"
1222 select CRYPTO_SHA256 1639 select CRYPTO_SHA256
1223 help 1640 help
1224 Hash_DRBG variant as defined in NIS !! 1641 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1225 <<
1226 This uses the SHA-1, SHA-256, SHA-3 <<
1227 1642
1228 config CRYPTO_DRBG_CTR 1643 config CRYPTO_DRBG_CTR
1229 bool "CTR_DRBG" !! 1644 bool "Enable CTR DRBG"
1230 select CRYPTO_AES 1645 select CRYPTO_AES
1231 select CRYPTO_CTR !! 1646 depends on CRYPTO_CTR
1232 help 1647 help
1233 CTR_DRBG variant as defined in NIST !! 1648 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1234 <<
1235 This uses the AES cipher algorithm <<
1236 1649
1237 config CRYPTO_DRBG 1650 config CRYPTO_DRBG
1238 tristate 1651 tristate
1239 default CRYPTO_DRBG_MENU 1652 default CRYPTO_DRBG_MENU
1240 select CRYPTO_RNG 1653 select CRYPTO_RNG
1241 select CRYPTO_JITTERENTROPY 1654 select CRYPTO_JITTERENTROPY
1242 1655
1243 endif # if CRYPTO_DRBG_MENU 1656 endif # if CRYPTO_DRBG_MENU
1244 1657
1245 config CRYPTO_JITTERENTROPY 1658 config CRYPTO_JITTERENTROPY
1246 tristate "CPU Jitter Non-Deterministi !! 1659 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1247 select CRYPTO_RNG 1660 select CRYPTO_RNG
1248 select CRYPTO_SHA3 <<
1249 help 1661 help
1250 CPU Jitter RNG (Random Number Gener !! 1662 The Jitterentropy RNG is a noise that is intended
1251 !! 1663 to provide seed to another RNG. The RNG does not
1252 A non-physical non-deterministic (" !! 1664 perform any cryptographic whitening of the generated
1253 compliant with NIST SP800-90B) inte !! 1665 random numbers. This Jitterentropy RNG registers with
1254 deterministic RNG (e.g., per NIST S !! 1666 the kernel crypto API and can be used by any caller.
1255 This RNG does not perform any crypt <<
1256 random numbers. <<
1257 <<
1258 See https://www.chronox.de/jent/ <<
1259 <<
1260 if CRYPTO_JITTERENTROPY <<
1261 if CRYPTO_FIPS && EXPERT <<
1262 <<
1263 choice <<
1264 prompt "CPU Jitter RNG Memory Size" <<
1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ <<
1266 help <<
1267 The Jitter RNG measures the executi <<
1268 Multiple consecutive memory accesse <<
1269 size fits into a cache (e.g. L1), o <<
1270 to that cache is measured. The clos <<
1271 the less variations are measured an <<
1272 obtained. Thus, if the memory size <<
1273 obtained entropy is less than if th <<
1274 L1 + L2, which in turn is less if t <<
1275 L1 + L2 + L3. Thus, by selecting a <<
1276 the entropy rate produced by the Ji <<
1277 <<
1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 <<
1279 bool "2048 Bytes (default)" <<
1280 <<
1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1282 bool "128 kBytes" <<
1283 <<
1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1285 bool "1024 kBytes" <<
1286 <<
1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 <<
1288 bool "8192 kBytes" <<
1289 endchoice <<
1290 <<
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1292 int <<
1293 default 64 if CRYPTO_JITTERENTROPY_ME <<
1294 default 512 if CRYPTO_JITTERENTROPY_M <<
1295 default 1024 if CRYPTO_JITTERENTROPY_ <<
1296 default 4096 if CRYPTO_JITTERENTROPY_ <<
1297 <<
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1299 int <<
1300 default 32 if CRYPTO_JITTERENTROPY_ME <<
1301 default 256 if CRYPTO_JITTERENTROPY_M <<
1302 default 1024 if CRYPTO_JITTERENTROPY_ <<
1303 default 2048 if CRYPTO_JITTERENTROPY_ <<
1304 <<
1305 config CRYPTO_JITTERENTROPY_OSR <<
1306 int "CPU Jitter RNG Oversampling Rate <<
1307 range 1 15 <<
1308 default 3 <<
1309 help <<
1310 The Jitter RNG allows the specifica <<
1311 The Jitter RNG operation requires a <<
1312 measurements to produce one output <<
1313 OSR value is multiplied with the am <<
1314 generate one output block. Thus, th <<
1315 by the OSR factor. The oversampling <<
1316 on hardware whose timers deliver li <<
1317 the timer is coarse) by setting the <<
1318 trade-off, however, is that the Jit <<
1319 to generate random numbers. <<
1320 <<
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1322 bool "CPU Jitter RNG Test Interface" <<
1323 help <<
1324 The test interface allows a privile <<
1325 the raw unconditioned high resoluti <<
1326 is collected by the Jitter RNG for <<
1327 this data is used at the same time <<
1328 the Jitter RNG operates in an insec <<
1329 recording is enabled. This interfac <<
1330 intended for testing purposes and i <<
1331 production systems. <<
1332 <<
1333 The raw noise data can be obtained <<
1334 debugfs file. Using the option <<
1335 jitterentropy_testing.boot_raw_hire <<
1336 the first 1000 entropy events since <<
1337 <<
1338 If unsure, select N. <<
1339 <<
1340 endif # if CRYPTO_FIPS && EXPERT <<
1341 <<
1342 if !(CRYPTO_FIPS && EXPERT) <<
1343 <<
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1345 int <<
1346 default 64 <<
1347 <<
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1349 int <<
1350 default 32 <<
1351 <<
1352 config CRYPTO_JITTERENTROPY_OSR <<
1353 int <<
1354 default 1 <<
1355 <<
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1357 bool <<
1358 <<
1359 endif # if !(CRYPTO_FIPS && EXPERT) <<
1360 endif # if CRYPTO_JITTERENTROPY <<
1361 <<
1362 config CRYPTO_KDF800108_CTR <<
1363 tristate <<
1364 select CRYPTO_HMAC <<
1365 select CRYPTO_SHA256 <<
1366 <<
1367 endmenu <<
1368 menu "Userspace interface" <<
1369 1667
1370 config CRYPTO_USER_API 1668 config CRYPTO_USER_API
1371 tristate 1669 tristate
1372 1670
1373 config CRYPTO_USER_API_HASH 1671 config CRYPTO_USER_API_HASH
1374 tristate "Hash algorithms" !! 1672 tristate "User-space interface for hash algorithms"
1375 depends on NET 1673 depends on NET
1376 select CRYPTO_HASH 1674 select CRYPTO_HASH
1377 select CRYPTO_USER_API 1675 select CRYPTO_USER_API
1378 help 1676 help
1379 Enable the userspace interface for !! 1677 This option enables the user-spaces interface for hash
1380 !! 1678 algorithms.
1381 See Documentation/crypto/userspace- <<
1382 https://www.chronox.de/libkcapi/htm <<
1383 1679
1384 config CRYPTO_USER_API_SKCIPHER 1680 config CRYPTO_USER_API_SKCIPHER
1385 tristate "Symmetric key cipher algori !! 1681 tristate "User-space interface for symmetric key cipher algorithms"
1386 depends on NET 1682 depends on NET
1387 select CRYPTO_SKCIPHER !! 1683 select CRYPTO_BLKCIPHER
1388 select CRYPTO_USER_API 1684 select CRYPTO_USER_API
1389 help 1685 help
1390 Enable the userspace interface for !! 1686 This option enables the user-spaces interface for symmetric
1391 !! 1687 key cipher algorithms.
1392 See Documentation/crypto/userspace- <<
1393 https://www.chronox.de/libkcapi/htm <<
1394 1688
1395 config CRYPTO_USER_API_RNG 1689 config CRYPTO_USER_API_RNG
1396 tristate "RNG (random number generato !! 1690 tristate "User-space interface for random number generator algorithms"
1397 depends on NET 1691 depends on NET
1398 select CRYPTO_RNG 1692 select CRYPTO_RNG
1399 select CRYPTO_USER_API 1693 select CRYPTO_USER_API
1400 help 1694 help
1401 Enable the userspace interface for !! 1695 This option enables the user-spaces interface for random
1402 algorithms. !! 1696 number generator algorithms.
1403 <<
1404 See Documentation/crypto/userspace- <<
1405 https://www.chronox.de/libkcapi/htm <<
1406 <<
1407 config CRYPTO_USER_API_RNG_CAVP <<
1408 bool "Enable CAVP testing of DRBG" <<
1409 depends on CRYPTO_USER_API_RNG && CRY <<
1410 help <<
1411 Enable extra APIs in the userspace <<
1412 (Cryptographic Algorithm Validation <<
1413 - resetting DRBG entropy <<
1414 - providing Additional Data <<
1415 <<
1416 This should only be enabled for CAV <<
1417 no unless you know what this is. <<
1418 1697
1419 config CRYPTO_USER_API_AEAD 1698 config CRYPTO_USER_API_AEAD
1420 tristate "AEAD cipher algorithms" !! 1699 tristate "User-space interface for AEAD cipher algorithms"
1421 depends on NET 1700 depends on NET
1422 select CRYPTO_AEAD 1701 select CRYPTO_AEAD
1423 select CRYPTO_SKCIPHER <<
1424 select CRYPTO_NULL <<
1425 select CRYPTO_USER_API 1702 select CRYPTO_USER_API
1426 help 1703 help
1427 Enable the userspace interface for !! 1704 This option enables the user-spaces interface for AEAD
1428 !! 1705 cipher algorithms.
1429 See Documentation/crypto/userspace- <<
1430 https://www.chronox.de/libkcapi/htm <<
1431 <<
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE <<
1433 bool "Obsolete cryptographic algorith <<
1434 depends on CRYPTO_USER_API <<
1435 default y <<
1436 help <<
1437 Allow obsolete cryptographic algori <<
1438 already been phased out from intern <<
1439 only useful for userspace clients t <<
1440 <<
1441 endmenu <<
1442 1706
1443 config CRYPTO_HASH_INFO 1707 config CRYPTO_HASH_INFO
1444 bool 1708 bool
1445 1709
1446 if !KMSAN # avoid false positives from assemb <<
1447 if ARM <<
1448 source "arch/arm/crypto/Kconfig" <<
1449 endif <<
1450 if ARM64 <<
1451 source "arch/arm64/crypto/Kconfig" <<
1452 endif <<
1453 if LOONGARCH <<
1454 source "arch/loongarch/crypto/Kconfig" <<
1455 endif <<
1456 if MIPS <<
1457 source "arch/mips/crypto/Kconfig" <<
1458 endif <<
1459 if PPC <<
1460 source "arch/powerpc/crypto/Kconfig" <<
1461 endif <<
1462 if RISCV <<
1463 source "arch/riscv/crypto/Kconfig" <<
1464 endif <<
1465 if S390 <<
1466 source "arch/s390/crypto/Kconfig" <<
1467 endif <<
1468 if SPARC <<
1469 source "arch/sparc/crypto/Kconfig" <<
1470 endif <<
1471 if X86 <<
1472 source "arch/x86/crypto/Kconfig" <<
1473 endif <<
1474 endif <<
1475 <<
1476 source "drivers/crypto/Kconfig" 1710 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig" !! 1711 source crypto/asymmetric_keys/Kconfig
1478 source "certs/Kconfig" !! 1712 source certs/Kconfig
1479 1713
1480 endif # if CRYPTO 1714 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.