1 # SPDX-License-Identifier: GPL-2.0 1 # SPDX-License-Identifier: GPL-2.0
2 # 2 #
3 # Generic algorithms support 3 # Generic algorithms support
4 # 4 #
5 config XOR_BLOCKS 5 config XOR_BLOCKS
6 tristate 6 tristate
7 7
8 # 8 #
9 # async_tx api: hardware offloaded memory tran 9 # async_tx api: hardware offloaded memory transfer/transform support
10 # 10 #
11 source "crypto/async_tx/Kconfig" 11 source "crypto/async_tx/Kconfig"
12 12
13 # 13 #
14 # Cryptographic API Configuration 14 # Cryptographic API Configuration
15 # 15 #
16 menuconfig CRYPTO 16 menuconfig CRYPTO
17 tristate "Cryptographic API" 17 tristate "Cryptographic API"
18 select CRYPTO_LIB_UTILS !! 18 select LIB_MEMNEQ
19 help 19 help
20 This option provides the core Crypto 20 This option provides the core Cryptographic API.
21 21
22 if CRYPTO 22 if CRYPTO
23 23
24 menu "Crypto core or helper" !! 24 comment "Crypto core or helper"
25 25
26 config CRYPTO_FIPS 26 config CRYPTO_FIPS
27 bool "FIPS 200 compliance" 27 bool "FIPS 200 compliance"
28 depends on (CRYPTO_ANSI_CPRNG || CRYPT 28 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
29 depends on (MODULE_SIG || !MODULES) 29 depends on (MODULE_SIG || !MODULES)
30 help 30 help
31 This option enables the fips boot op 31 This option enables the fips boot option which is
32 required if you want the system to o 32 required if you want the system to operate in a FIPS 200
33 certification. You should say no un 33 certification. You should say no unless you know what
34 this is. 34 this is.
35 35
36 config CRYPTO_FIPS_NAME <<
37 string "FIPS Module Name" <<
38 default "Linux Kernel Cryptographic AP <<
39 depends on CRYPTO_FIPS <<
40 help <<
41 This option sets the FIPS Module nam <<
42 the /proc/sys/crypto/fips_name file. <<
43 <<
44 config CRYPTO_FIPS_CUSTOM_VERSION <<
45 bool "Use Custom FIPS Module Version" <<
46 depends on CRYPTO_FIPS <<
47 default n <<
48 <<
49 config CRYPTO_FIPS_VERSION <<
50 string "FIPS Module Version" <<
51 default "(none)" <<
52 depends on CRYPTO_FIPS_CUSTOM_VERSION <<
53 help <<
54 This option provides the ability to <<
55 By default the KERNELRELEASE value i <<
56 <<
57 config CRYPTO_ALGAPI 36 config CRYPTO_ALGAPI
58 tristate 37 tristate
59 select CRYPTO_ALGAPI2 38 select CRYPTO_ALGAPI2
60 help 39 help
61 This option provides the API for cry 40 This option provides the API for cryptographic algorithms.
62 41
63 config CRYPTO_ALGAPI2 42 config CRYPTO_ALGAPI2
64 tristate 43 tristate
65 44
66 config CRYPTO_AEAD 45 config CRYPTO_AEAD
67 tristate 46 tristate
68 select CRYPTO_AEAD2 47 select CRYPTO_AEAD2
69 select CRYPTO_ALGAPI 48 select CRYPTO_ALGAPI
70 49
71 config CRYPTO_AEAD2 50 config CRYPTO_AEAD2
72 tristate 51 tristate
73 select CRYPTO_ALGAPI2 52 select CRYPTO_ALGAPI2
74 !! 53 select CRYPTO_NULL2
75 config CRYPTO_SIG !! 54 select CRYPTO_RNG2
76 tristate <<
77 select CRYPTO_SIG2 <<
78 select CRYPTO_ALGAPI <<
79 <<
80 config CRYPTO_SIG2 <<
81 tristate <<
82 select CRYPTO_ALGAPI2 <<
83 55
84 config CRYPTO_SKCIPHER 56 config CRYPTO_SKCIPHER
85 tristate 57 tristate
86 select CRYPTO_SKCIPHER2 58 select CRYPTO_SKCIPHER2
87 select CRYPTO_ALGAPI 59 select CRYPTO_ALGAPI
88 select CRYPTO_ECB <<
89 60
90 config CRYPTO_SKCIPHER2 61 config CRYPTO_SKCIPHER2
91 tristate 62 tristate
92 select CRYPTO_ALGAPI2 63 select CRYPTO_ALGAPI2
>> 64 select CRYPTO_RNG2
93 65
94 config CRYPTO_HASH 66 config CRYPTO_HASH
95 tristate 67 tristate
96 select CRYPTO_HASH2 68 select CRYPTO_HASH2
97 select CRYPTO_ALGAPI 69 select CRYPTO_ALGAPI
98 70
99 config CRYPTO_HASH2 71 config CRYPTO_HASH2
100 tristate 72 tristate
101 select CRYPTO_ALGAPI2 73 select CRYPTO_ALGAPI2
102 74
103 config CRYPTO_RNG 75 config CRYPTO_RNG
104 tristate 76 tristate
105 select CRYPTO_RNG2 77 select CRYPTO_RNG2
106 select CRYPTO_ALGAPI 78 select CRYPTO_ALGAPI
107 79
108 config CRYPTO_RNG2 80 config CRYPTO_RNG2
109 tristate 81 tristate
110 select CRYPTO_ALGAPI2 82 select CRYPTO_ALGAPI2
111 83
112 config CRYPTO_RNG_DEFAULT 84 config CRYPTO_RNG_DEFAULT
113 tristate 85 tristate
114 select CRYPTO_DRBG_MENU 86 select CRYPTO_DRBG_MENU
115 87
116 config CRYPTO_AKCIPHER2 88 config CRYPTO_AKCIPHER2
117 tristate 89 tristate
118 select CRYPTO_ALGAPI2 90 select CRYPTO_ALGAPI2
119 91
120 config CRYPTO_AKCIPHER 92 config CRYPTO_AKCIPHER
121 tristate 93 tristate
122 select CRYPTO_AKCIPHER2 94 select CRYPTO_AKCIPHER2
123 select CRYPTO_ALGAPI 95 select CRYPTO_ALGAPI
124 96
125 config CRYPTO_KPP2 97 config CRYPTO_KPP2
126 tristate 98 tristate
127 select CRYPTO_ALGAPI2 99 select CRYPTO_ALGAPI2
128 100
129 config CRYPTO_KPP 101 config CRYPTO_KPP
130 tristate 102 tristate
131 select CRYPTO_ALGAPI 103 select CRYPTO_ALGAPI
132 select CRYPTO_KPP2 104 select CRYPTO_KPP2
133 105
134 config CRYPTO_ACOMP2 106 config CRYPTO_ACOMP2
135 tristate 107 tristate
136 select CRYPTO_ALGAPI2 108 select CRYPTO_ALGAPI2
137 select SGL_ALLOC 109 select SGL_ALLOC
138 110
139 config CRYPTO_ACOMP 111 config CRYPTO_ACOMP
140 tristate 112 tristate
141 select CRYPTO_ALGAPI 113 select CRYPTO_ALGAPI
142 select CRYPTO_ACOMP2 114 select CRYPTO_ACOMP2
143 115
144 config CRYPTO_MANAGER 116 config CRYPTO_MANAGER
145 tristate "Cryptographic algorithm mana 117 tristate "Cryptographic algorithm manager"
146 select CRYPTO_MANAGER2 118 select CRYPTO_MANAGER2
147 help 119 help
148 Create default cryptographic templat 120 Create default cryptographic template instantiations such as
149 cbc(aes). 121 cbc(aes).
150 122
151 config CRYPTO_MANAGER2 123 config CRYPTO_MANAGER2
152 def_tristate CRYPTO_MANAGER || (CRYPTO 124 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153 select CRYPTO_ACOMP2 <<
154 select CRYPTO_AEAD2 125 select CRYPTO_AEAD2
155 select CRYPTO_AKCIPHER2 <<
156 select CRYPTO_SIG2 <<
157 select CRYPTO_HASH2 126 select CRYPTO_HASH2
158 select CRYPTO_KPP2 <<
159 select CRYPTO_RNG2 <<
160 select CRYPTO_SKCIPHER2 127 select CRYPTO_SKCIPHER2
>> 128 select CRYPTO_AKCIPHER2
>> 129 select CRYPTO_KPP2
>> 130 select CRYPTO_ACOMP2
161 131
162 config CRYPTO_USER 132 config CRYPTO_USER
163 tristate "Userspace cryptographic algo 133 tristate "Userspace cryptographic algorithm configuration"
164 depends on NET 134 depends on NET
165 select CRYPTO_MANAGER 135 select CRYPTO_MANAGER
166 help 136 help
167 Userspace configuration for cryptogr 137 Userspace configuration for cryptographic instantiations such as
168 cbc(aes). 138 cbc(aes).
169 139
170 config CRYPTO_MANAGER_DISABLE_TESTS 140 config CRYPTO_MANAGER_DISABLE_TESTS
171 bool "Disable run-time self tests" 141 bool "Disable run-time self tests"
172 default y 142 default y
173 help 143 help
174 Disable run-time self tests that nor 144 Disable run-time self tests that normally take place at
175 algorithm registration. 145 algorithm registration.
176 146
177 config CRYPTO_MANAGER_EXTRA_TESTS 147 config CRYPTO_MANAGER_EXTRA_TESTS
178 bool "Enable extra run-time crypto sel 148 bool "Enable extra run-time crypto self tests"
179 depends on DEBUG_KERNEL && !CRYPTO_MAN 149 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
180 help 150 help
181 Enable extra run-time self tests of 151 Enable extra run-time self tests of registered crypto algorithms,
182 including randomized fuzz tests. 152 including randomized fuzz tests.
183 153
184 This is intended for developer use o 154 This is intended for developer use only, as these tests take much
185 longer to run than the normal self t 155 longer to run than the normal self tests.
186 156
>> 157 config CRYPTO_GF128MUL
>> 158 tristate
>> 159
187 config CRYPTO_NULL 160 config CRYPTO_NULL
188 tristate "Null algorithms" 161 tristate "Null algorithms"
189 select CRYPTO_NULL2 162 select CRYPTO_NULL2
190 help 163 help
191 These are 'Null' algorithms, used by 164 These are 'Null' algorithms, used by IPsec, which do nothing.
192 165
193 config CRYPTO_NULL2 166 config CRYPTO_NULL2
194 tristate 167 tristate
195 select CRYPTO_ALGAPI2 168 select CRYPTO_ALGAPI2
196 select CRYPTO_SKCIPHER2 169 select CRYPTO_SKCIPHER2
197 select CRYPTO_HASH2 170 select CRYPTO_HASH2
198 171
199 config CRYPTO_PCRYPT 172 config CRYPTO_PCRYPT
200 tristate "Parallel crypto engine" 173 tristate "Parallel crypto engine"
201 depends on SMP 174 depends on SMP
202 select PADATA 175 select PADATA
203 select CRYPTO_MANAGER 176 select CRYPTO_MANAGER
204 select CRYPTO_AEAD 177 select CRYPTO_AEAD
205 help 178 help
206 This converts an arbitrary crypto al 179 This converts an arbitrary crypto algorithm into a parallel
207 algorithm that executes in kernel th 180 algorithm that executes in kernel threads.
208 181
209 config CRYPTO_CRYPTD 182 config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon 183 tristate "Software async crypto daemon"
211 select CRYPTO_SKCIPHER 184 select CRYPTO_SKCIPHER
212 select CRYPTO_HASH 185 select CRYPTO_HASH
213 select CRYPTO_MANAGER 186 select CRYPTO_MANAGER
214 help 187 help
215 This is a generic software asynchron 188 This is a generic software asynchronous crypto daemon that
216 converts an arbitrary synchronous so 189 converts an arbitrary synchronous software crypto algorithm
217 into an asynchronous algorithm that 190 into an asynchronous algorithm that executes in a kernel thread.
218 191
219 config CRYPTO_AUTHENC 192 config CRYPTO_AUTHENC
220 tristate "Authenc support" 193 tristate "Authenc support"
221 select CRYPTO_AEAD 194 select CRYPTO_AEAD
222 select CRYPTO_SKCIPHER 195 select CRYPTO_SKCIPHER
223 select CRYPTO_MANAGER 196 select CRYPTO_MANAGER
224 select CRYPTO_HASH 197 select CRYPTO_HASH
225 select CRYPTO_NULL 198 select CRYPTO_NULL
226 help 199 help
227 Authenc: Combined mode wrapper for I 200 Authenc: Combined mode wrapper for IPsec.
228 !! 201 This is required for IPSec.
229 This is required for IPSec ESP (XFRM <<
230 202
231 config CRYPTO_TEST 203 config CRYPTO_TEST
232 tristate "Testing module" 204 tristate "Testing module"
233 depends on m || EXPERT 205 depends on m || EXPERT
234 select CRYPTO_MANAGER 206 select CRYPTO_MANAGER
235 help 207 help
236 Quick & dirty crypto test module. 208 Quick & dirty crypto test module.
237 209
238 config CRYPTO_SIMD 210 config CRYPTO_SIMD
239 tristate 211 tristate
240 select CRYPTO_CRYPTD 212 select CRYPTO_CRYPTD
241 213
242 config CRYPTO_ENGINE 214 config CRYPTO_ENGINE
243 tristate 215 tristate
244 216
245 endmenu !! 217 comment "Public-key cryptography"
246 <<
247 menu "Public-key cryptography" <<
248 218
249 config CRYPTO_RSA 219 config CRYPTO_RSA
250 tristate "RSA (Rivest-Shamir-Adleman)" !! 220 tristate "RSA algorithm"
251 select CRYPTO_AKCIPHER 221 select CRYPTO_AKCIPHER
252 select CRYPTO_MANAGER 222 select CRYPTO_MANAGER
253 select MPILIB 223 select MPILIB
254 select ASN1 224 select ASN1
255 help 225 help
256 RSA (Rivest-Shamir-Adleman) public k !! 226 Generic implementation of the RSA public key algorithm.
257 227
258 config CRYPTO_DH 228 config CRYPTO_DH
259 tristate "DH (Diffie-Hellman)" !! 229 tristate "Diffie-Hellman algorithm"
260 select CRYPTO_KPP 230 select CRYPTO_KPP
261 select MPILIB 231 select MPILIB
262 help 232 help
263 DH (Diffie-Hellman) key exchange alg !! 233 Generic implementation of the Diffie-Hellman algorithm.
264 234
265 config CRYPTO_DH_RFC7919_GROUPS 235 config CRYPTO_DH_RFC7919_GROUPS
266 bool "RFC 7919 FFDHE groups" !! 236 bool "Support for RFC 7919 FFDHE group parameters"
267 depends on CRYPTO_DH 237 depends on CRYPTO_DH
268 select CRYPTO_RNG_DEFAULT 238 select CRYPTO_RNG_DEFAULT
269 help 239 help
270 FFDHE (Finite-Field-based Diffie-Hel !! 240 Provide support for RFC 7919 FFDHE group parameters. If unsure, say N.
271 defined in RFC7919. <<
272 <<
273 Support these finite-field groups in <<
274 - ffdhe2048, ffdhe3072, ffdhe4096, f <<
275 <<
276 If unsure, say N. <<
277 241
278 config CRYPTO_ECC 242 config CRYPTO_ECC
279 tristate 243 tristate
280 select CRYPTO_RNG_DEFAULT 244 select CRYPTO_RNG_DEFAULT
281 245
282 config CRYPTO_ECDH 246 config CRYPTO_ECDH
283 tristate "ECDH (Elliptic Curve Diffie- !! 247 tristate "ECDH algorithm"
284 select CRYPTO_ECC 248 select CRYPTO_ECC
285 select CRYPTO_KPP 249 select CRYPTO_KPP
286 help 250 help
287 ECDH (Elliptic Curve Diffie-Hellman) !! 251 Generic implementation of the ECDH algorithm
288 using curves P-192, P-256, and P-384 <<
289 252
290 config CRYPTO_ECDSA 253 config CRYPTO_ECDSA
291 tristate "ECDSA (Elliptic Curve Digita !! 254 tristate "ECDSA (NIST P192, P256 etc.) algorithm"
292 select CRYPTO_ECC 255 select CRYPTO_ECC
293 select CRYPTO_AKCIPHER 256 select CRYPTO_AKCIPHER
294 select ASN1 257 select ASN1
295 help 258 help
296 ECDSA (Elliptic Curve Digital Signat !! 259 Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
297 ISO/IEC 14888-3) !! 260 is A NIST cryptographic standard algorithm. Only signature verification
298 using curves P-192, P-256, and P-384 !! 261 is implemented.
299 <<
300 Only signature verification is imple <<
301 262
302 config CRYPTO_ECRDSA 263 config CRYPTO_ECRDSA
303 tristate "EC-RDSA (Elliptic Curve Russ !! 264 tristate "EC-RDSA (GOST 34.10) algorithm"
304 select CRYPTO_ECC 265 select CRYPTO_ECC
305 select CRYPTO_AKCIPHER 266 select CRYPTO_AKCIPHER
306 select CRYPTO_STREEBOG 267 select CRYPTO_STREEBOG
307 select OID_REGISTRY 268 select OID_REGISTRY
308 select ASN1 269 select ASN1
309 help 270 help
310 Elliptic Curve Russian Digital Signa 271 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
311 RFC 7091, ISO/IEC 14888-3) !! 272 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
>> 273 standard algorithms (called GOST algorithms). Only signature verification
>> 274 is implemented.
>> 275
>> 276 config CRYPTO_SM2
>> 277 tristate "SM2 algorithm"
>> 278 select CRYPTO_SM3
>> 279 select CRYPTO_AKCIPHER
>> 280 select CRYPTO_MANAGER
>> 281 select MPILIB
>> 282 select ASN1
>> 283 help
>> 284 Generic implementation of the SM2 public key algorithm. It was
>> 285 published by State Encryption Management Bureau, China.
>> 286 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
312 287
313 One of the Russian cryptographic sta !! 288 References:
314 algorithms). Only signature verifica !! 289 https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
>> 290 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
>> 291 http://www.gmbz.org.cn/main/bzlb.html
315 292
316 config CRYPTO_CURVE25519 293 config CRYPTO_CURVE25519
317 tristate "Curve25519" !! 294 tristate "Curve25519 algorithm"
318 select CRYPTO_KPP 295 select CRYPTO_KPP
319 select CRYPTO_LIB_CURVE25519_GENERIC 296 select CRYPTO_LIB_CURVE25519_GENERIC
320 help <<
321 Curve25519 elliptic curve (RFC7748) <<
322 <<
323 endmenu <<
324 <<
325 menu "Block ciphers" <<
326 <<
327 config CRYPTO_AES <<
328 tristate "AES (Advanced Encryption Sta <<
329 select CRYPTO_ALGAPI <<
330 select CRYPTO_LIB_AES <<
331 help <<
332 AES cipher algorithms (Rijndael)(FIP <<
333 <<
334 Rijndael appears to be consistently <<
335 both hardware and software across a <<
336 environments regardless of its use i <<
337 modes. Its key setup time is excelle <<
338 good. Rijndael's very low memory req <<
339 suited for restricted-space environm <<
340 demonstrates excellent performance. <<
341 among the easiest to defend against <<
342 <<
343 The AES specifies three key sizes: 1 <<
344 <<
345 config CRYPTO_AES_TI <<
346 tristate "AES (Advanced Encryption Sta <<
347 select CRYPTO_ALGAPI <<
348 select CRYPTO_LIB_AES <<
349 help <<
350 AES cipher algorithms (Rijndael)(FIP <<
351 <<
352 This is a generic implementation of <<
353 data dependent latencies as much as <<
354 performance too much. It is intended <<
355 and GCM drivers, and other CTR or CM <<
356 solely on encryption (although decry <<
357 with a more dramatic performance hit <<
358 <<
359 Instead of using 16 lookup tables of <<
360 8 for decryption), this implementati <<
361 256 bytes each, and attempts to elim <<
362 prefetching the entire table into th <<
363 block. Interrupts are also disabled <<
364 are evicted when the CPU is interrup <<
365 <<
366 config CRYPTO_ANUBIS <<
367 tristate "Anubis" <<
368 depends on CRYPTO_USER_API_ENABLE_OBSO <<
369 select CRYPTO_ALGAPI <<
370 help <<
371 Anubis cipher algorithm <<
372 <<
373 Anubis is a variable key length ciph <<
374 128 bits to 320 bits in length. It <<
375 in the NESSIE competition. <<
376 <<
377 See https://web.archive.org/web/2016 <<
378 for further information. <<
379 <<
380 config CRYPTO_ARIA <<
381 tristate "ARIA" <<
382 select CRYPTO_ALGAPI <<
383 help <<
384 ARIA cipher algorithm (RFC5794) <<
385 297
386 ARIA is a standard encryption algori !! 298 config CRYPTO_CURVE25519_X86
387 The ARIA specifies three key sizes a !! 299 tristate "x86_64 accelerated Curve25519 scalar multiplication library"
388 128-bit: 12 rounds. !! 300 depends on X86 && 64BIT
389 192-bit: 14 rounds. !! 301 select CRYPTO_LIB_CURVE25519_GENERIC
390 256-bit: 16 rounds. !! 302 select CRYPTO_ARCH_HAVE_LIB_CURVE25519
391 303
392 See: !! 304 comment "Authenticated Encryption with Associated Data"
393 https://seed.kisa.or.kr/kisa/algorit <<
394 305
395 config CRYPTO_BLOWFISH !! 306 config CRYPTO_CCM
396 tristate "Blowfish" !! 307 tristate "CCM support"
397 select CRYPTO_ALGAPI !! 308 select CRYPTO_CTR
398 select CRYPTO_BLOWFISH_COMMON !! 309 select CRYPTO_HASH
>> 310 select CRYPTO_AEAD
>> 311 select CRYPTO_MANAGER
399 help 312 help
400 Blowfish cipher algorithm, by Bruce !! 313 Support for Counter with CBC MAC. Required for IPsec.
401 <<
402 This is a variable key length cipher <<
403 bits to 448 bits in length. It's fa <<
404 designed for use on "large microproc <<
405 <<
406 See https://www.schneier.com/blowfis <<
407 314
408 config CRYPTO_BLOWFISH_COMMON !! 315 config CRYPTO_GCM
409 tristate !! 316 tristate "GCM/GMAC support"
>> 317 select CRYPTO_CTR
>> 318 select CRYPTO_AEAD
>> 319 select CRYPTO_GHASH
>> 320 select CRYPTO_NULL
>> 321 select CRYPTO_MANAGER
410 help 322 help
411 Common parts of the Blowfish cipher !! 323 Support for Galois/Counter Mode (GCM) and Galois Message
412 generic c and the assembler implemen !! 324 Authentication Code (GMAC). Required for IPSec.
413 325
414 config CRYPTO_CAMELLIA !! 326 config CRYPTO_CHACHA20POLY1305
415 tristate "Camellia" !! 327 tristate "ChaCha20-Poly1305 AEAD support"
416 select CRYPTO_ALGAPI !! 328 select CRYPTO_CHACHA20
>> 329 select CRYPTO_POLY1305
>> 330 select CRYPTO_AEAD
>> 331 select CRYPTO_MANAGER
417 help 332 help
418 Camellia cipher algorithms (ISO/IEC !! 333 ChaCha20-Poly1305 AEAD support, RFC7539.
419 <<
420 Camellia is a symmetric key block ci <<
421 at NTT and Mitsubishi Electric Corpo <<
422 334
423 The Camellia specifies three key siz !! 335 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
424 !! 336 with the Poly1305 authenticator. It is defined in RFC7539 for use in
425 See https://info.isl.ntt.co.jp/crypt !! 337 IETF protocols.
426 <<
427 config CRYPTO_CAST_COMMON <<
428 tristate <<
429 help <<
430 Common parts of the CAST cipher algo <<
431 generic c and the assembler implemen <<
432 338
433 config CRYPTO_CAST5 !! 339 config CRYPTO_AEGIS128
434 tristate "CAST5 (CAST-128)" !! 340 tristate "AEGIS-128 AEAD algorithm"
435 select CRYPTO_ALGAPI !! 341 select CRYPTO_AEAD
436 select CRYPTO_CAST_COMMON !! 342 select CRYPTO_AES # for AES S-box tables
437 help 343 help
438 CAST5 (CAST-128) cipher algorithm (R !! 344 Support for the AEGIS-128 dedicated AEAD algorithm.
439 345
440 config CRYPTO_CAST6 !! 346 config CRYPTO_AEGIS128_SIMD
441 tristate "CAST6 (CAST-256)" !! 347 bool "Support SIMD acceleration for AEGIS-128"
442 select CRYPTO_ALGAPI !! 348 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
443 select CRYPTO_CAST_COMMON !! 349 default y
444 help <<
445 CAST6 (CAST-256) encryption algorith <<
446 350
447 config CRYPTO_DES !! 351 config CRYPTO_AEGIS128_AESNI_SSE2
448 tristate "DES and Triple DES EDE" !! 352 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
449 select CRYPTO_ALGAPI !! 353 depends on X86 && 64BIT
450 select CRYPTO_LIB_DES !! 354 select CRYPTO_AEAD
>> 355 select CRYPTO_SIMD
451 help 356 help
452 DES (Data Encryption Standard)(FIPS !! 357 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
453 Triple DES EDE (Encrypt/Decrypt/Encr <<
454 cipher algorithms <<
455 358
456 config CRYPTO_FCRYPT !! 359 config CRYPTO_SEQIV
457 tristate "FCrypt" !! 360 tristate "Sequence Number IV Generator"
458 select CRYPTO_ALGAPI !! 361 select CRYPTO_AEAD
459 select CRYPTO_SKCIPHER 362 select CRYPTO_SKCIPHER
460 help !! 363 select CRYPTO_NULL
461 FCrypt algorithm used by RxRPC !! 364 select CRYPTO_RNG_DEFAULT
462 <<
463 See https://ota.polyonymo.us/fcrypt- <<
464 <<
465 config CRYPTO_KHAZAD <<
466 tristate "Khazad" <<
467 depends on CRYPTO_USER_API_ENABLE_OBSO <<
468 select CRYPTO_ALGAPI <<
469 help <<
470 Khazad cipher algorithm <<
471 <<
472 Khazad was a finalist in the initial <<
473 an algorithm optimized for 64-bit pr <<
474 on 32-bit processors. Khazad uses a <<
475 <<
476 See https://web.archive.org/web/2017 <<
477 for further information. <<
478 <<
479 config CRYPTO_SEED <<
480 tristate "SEED" <<
481 depends on CRYPTO_USER_API_ENABLE_OBSO <<
482 select CRYPTO_ALGAPI <<
483 help <<
484 SEED cipher algorithm (RFC4269, ISO/ <<
485 <<
486 SEED is a 128-bit symmetric key bloc <<
487 developed by KISA (Korea Information <<
488 national standard encryption algorit <<
489 It is a 16 round block cipher with t <<
490 <<
491 See https://seed.kisa.or.kr/kisa/alg <<
492 for further information. <<
493 <<
494 config CRYPTO_SERPENT <<
495 tristate "Serpent" <<
496 select CRYPTO_ALGAPI <<
497 help <<
498 Serpent cipher algorithm, by Anderso <<
499 <<
500 Keys are allowed to be from 0 to 256 <<
501 of 8 bits. <<
502 <<
503 See https://www.cl.cam.ac.uk/~rja14/ <<
504 <<
505 config CRYPTO_SM4 <<
506 tristate <<
507 <<
508 config CRYPTO_SM4_GENERIC <<
509 tristate "SM4 (ShangMi 4)" <<
510 select CRYPTO_ALGAPI <<
511 select CRYPTO_SM4 <<
512 help <<
513 SM4 cipher algorithms (OSCCA GB/T 32 <<
514 ISO/IEC 18033-3:2010/Amd 1:2021) <<
515 <<
516 SM4 (GBT.32907-2016) is a cryptograp <<
517 Organization of State Commercial Adm <<
518 as an authorized cryptographic algor <<
519 <<
520 SMS4 was originally created for use <<
521 networks, and is mandated in the Chi <<
522 Wireless LAN WAPI (Wired Authenticat <<
523 (GB.15629.11-2003). <<
524 <<
525 The latest SM4 standard (GBT.32907-2 <<
526 standardized through TC 260 of the S <<
527 of the People's Republic of China (S <<
528 <<
529 The input, output, and key of SMS4 a <<
530 <<
531 See https://eprint.iacr.org/2008/329 <<
532 <<
533 If unsure, say N. <<
534 <<
535 config CRYPTO_TEA <<
536 tristate "TEA, XTEA and XETA" <<
537 depends on CRYPTO_USER_API_ENABLE_OBSO <<
538 select CRYPTO_ALGAPI <<
539 help <<
540 TEA (Tiny Encryption Algorithm) ciph <<
541 <<
542 Tiny Encryption Algorithm is a simpl <<
543 many rounds for security. It is ver <<
544 little memory. <<
545 <<
546 Xtendend Tiny Encryption Algorithm i <<
547 the TEA algorithm to address a poten <<
548 in the TEA algorithm. <<
549 <<
550 Xtendend Encryption Tiny Algorithm i <<
551 of the XTEA algorithm for compatibil <<
552 <<
553 config CRYPTO_TWOFISH <<
554 tristate "Twofish" <<
555 select CRYPTO_ALGAPI <<
556 select CRYPTO_TWOFISH_COMMON <<
557 help <<
558 Twofish cipher algorithm <<
559 <<
560 Twofish was submitted as an AES (Adv <<
561 candidate cipher by researchers at C <<
562 16 round block cipher supporting key <<
563 bits. <<
564 <<
565 See https://www.schneier.com/twofish <<
566 <<
567 config CRYPTO_TWOFISH_COMMON <<
568 tristate <<
569 help <<
570 Common parts of the Twofish cipher a <<
571 generic c and the assembler implemen <<
572 <<
573 endmenu <<
574 <<
575 menu "Length-preserving ciphers and modes" <<
576 <<
577 config CRYPTO_ADIANTUM <<
578 tristate "Adiantum" <<
579 select CRYPTO_CHACHA20 <<
580 select CRYPTO_LIB_POLY1305_GENERIC <<
581 select CRYPTO_NHPOLY1305 <<
582 select CRYPTO_MANAGER 365 select CRYPTO_MANAGER
583 help 366 help
584 Adiantum tweakable, length-preservin !! 367 This IV generator generates an IV based on a sequence number by
585 !! 368 xoring it with a salt. This algorithm is mainly useful for CTR
586 Designed for fast and secure disk en <<
587 CPUs without dedicated crypto instru <<
588 each sector using the XChaCha12 stre <<
589 an ε-almost-∆-universal hash func <<
590 the AES-256 block cipher on a single <<
591 without AES instructions, Adiantum i <<
592 AES-XTS. <<
593 <<
594 Adiantum's security is provably redu <<
595 underlying stream and block ciphers, <<
596 bound. Unlike XTS, Adiantum is a tr <<
597 mode, so it actually provides an eve <<
598 security than XTS, subject to the se <<
599 <<
600 If unsure, say N. <<
601 369
602 config CRYPTO_ARC4 !! 370 config CRYPTO_ECHAINIV
603 tristate "ARC4 (Alleged Rivest Cipher !! 371 tristate "Encrypted Chain IV Generator"
604 depends on CRYPTO_USER_API_ENABLE_OBSO !! 372 select CRYPTO_AEAD
605 select CRYPTO_SKCIPHER !! 373 select CRYPTO_NULL
606 select CRYPTO_LIB_ARC4 !! 374 select CRYPTO_RNG_DEFAULT
>> 375 select CRYPTO_MANAGER
607 help 376 help
608 ARC4 cipher algorithm !! 377 This IV generator generates an IV based on the encryption of
>> 378 a sequence number xored with a salt. This is the default
>> 379 algorithm for CBC.
609 380
610 ARC4 is a stream cipher using keys r !! 381 comment "Block modes"
611 bits in length. This algorithm is r <<
612 WEP, but it should not be for other <<
613 weakness of the algorithm. <<
614 382
615 config CRYPTO_CHACHA20 !! 383 config CRYPTO_CBC
616 tristate "ChaCha" !! 384 tristate "CBC support"
617 select CRYPTO_LIB_CHACHA_GENERIC <<
618 select CRYPTO_SKCIPHER 385 select CRYPTO_SKCIPHER
>> 386 select CRYPTO_MANAGER
619 help 387 help
620 The ChaCha20, XChaCha20, and XChaCha !! 388 CBC: Cipher Block Chaining mode
621 !! 389 This block cipher algorithm is required for IPSec.
622 ChaCha20 is a 256-bit high-speed str <<
623 Bernstein and further specified in R <<
624 This is the portable C implementatio <<
625 https://cr.yp.to/chacha/chacha-20080 <<
626 <<
627 XChaCha20 is the application of the <<
628 rather than to Salsa20. XChaCha20 e <<
629 from 64 bits (or 96 bits using the R <<
630 while provably retaining ChaCha20's <<
631 https://cr.yp.to/snuffle/xsalsa-2008 <<
632 <<
633 XChaCha12 is XChaCha20 reduced to 12 <<
634 reduced security margin but increase <<
635 in some performance-sensitive scenar <<
636 390
637 config CRYPTO_CBC !! 391 config CRYPTO_CFB
638 tristate "CBC (Cipher Block Chaining)" !! 392 tristate "CFB support"
639 select CRYPTO_SKCIPHER 393 select CRYPTO_SKCIPHER
640 select CRYPTO_MANAGER 394 select CRYPTO_MANAGER
641 help 395 help
642 CBC (Cipher Block Chaining) mode (NI !! 396 CFB: Cipher FeedBack mode
643 !! 397 This block cipher algorithm is required for TPM2 Cryptography.
644 This block cipher mode is required f <<
645 398
646 config CRYPTO_CTR 399 config CRYPTO_CTR
647 tristate "CTR (Counter)" !! 400 tristate "CTR support"
648 select CRYPTO_SKCIPHER 401 select CRYPTO_SKCIPHER
649 select CRYPTO_MANAGER 402 select CRYPTO_MANAGER
650 help 403 help
651 CTR (Counter) mode (NIST SP800-38A) !! 404 CTR: Counter mode
>> 405 This block cipher algorithm is required for IPSec.
652 406
653 config CRYPTO_CTS 407 config CRYPTO_CTS
654 tristate "CTS (Cipher Text Stealing)" !! 408 tristate "CTS support"
655 select CRYPTO_SKCIPHER 409 select CRYPTO_SKCIPHER
656 select CRYPTO_MANAGER 410 select CRYPTO_MANAGER
657 help 411 help
658 CBC-CS3 variant of CTS (Cipher Text !! 412 CTS: Cipher Text Stealing
659 Addendum to SP800-38A (October 2010) !! 413 This is the Cipher Text Stealing mode as described by
660 !! 414 Section 8 of rfc2040 and referenced by rfc3962
>> 415 (rfc3962 includes errata information in its Appendix A) or
>> 416 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
661 This mode is required for Kerberos g 417 This mode is required for Kerberos gss mechanism support
662 for AES encryption. 418 for AES encryption.
663 419
664 config CRYPTO_ECB !! 420 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
665 tristate "ECB (Electronic Codebook)" <<
666 select CRYPTO_SKCIPHER2 <<
667 select CRYPTO_MANAGER <<
668 help <<
669 ECB (Electronic Codebook) mode (NIST <<
670 <<
671 config CRYPTO_HCTR2 <<
672 tristate "HCTR2" <<
673 select CRYPTO_XCTR <<
674 select CRYPTO_POLYVAL <<
675 select CRYPTO_MANAGER <<
676 help <<
677 HCTR2 length-preserving encryption m <<
678 <<
679 A mode for storage encryption that i <<
680 instructions to accelerate AES and c <<
681 x86 processors with AES-NI and CLMUL <<
682 ARMv8 crypto extensions. <<
683 421
684 See https://eprint.iacr.org/2021/144 !! 422 config CRYPTO_ECB
685 !! 423 tristate "ECB support"
686 config CRYPTO_KEYWRAP <<
687 tristate "KW (AES Key Wrap)" <<
688 select CRYPTO_SKCIPHER 424 select CRYPTO_SKCIPHER
689 select CRYPTO_MANAGER 425 select CRYPTO_MANAGER
690 help 426 help
691 KW (AES Key Wrap) authenticated encr !! 427 ECB: Electronic CodeBook mode
692 and RFC3394) without padding. !! 428 This is the simplest block cipher algorithm. It simply encrypts
>> 429 the input block by block.
693 430
694 config CRYPTO_LRW 431 config CRYPTO_LRW
695 tristate "LRW (Liskov Rivest Wagner)" !! 432 tristate "LRW support"
696 select CRYPTO_LIB_GF128MUL <<
697 select CRYPTO_SKCIPHER 433 select CRYPTO_SKCIPHER
698 select CRYPTO_MANAGER 434 select CRYPTO_MANAGER
>> 435 select CRYPTO_GF128MUL
699 select CRYPTO_ECB 436 select CRYPTO_ECB
700 help 437 help
701 LRW (Liskov Rivest Wagner) mode !! 438 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
702 <<
703 A tweakable, non malleable, non mova <<
704 narrow block cipher mode for dm-cryp 439 narrow block cipher mode for dm-crypt. Use it with cipher
705 specification string aes-lrw-benbi, 440 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
706 The first 128, 192 or 256 bits in th 441 The first 128, 192 or 256 bits in the key are used for AES and the
707 rest is used to tie each cipher bloc 442 rest is used to tie each cipher block to its logical position.
708 443
709 See https://people.csail.mit.edu/riv !! 444 config CRYPTO_OFB
710 !! 445 tristate "OFB support"
711 config CRYPTO_PCBC <<
712 tristate "PCBC (Propagating Cipher Blo <<
713 select CRYPTO_SKCIPHER 446 select CRYPTO_SKCIPHER
714 select CRYPTO_MANAGER 447 select CRYPTO_MANAGER
715 help 448 help
716 PCBC (Propagating Cipher Block Chain !! 449 OFB: the Output Feedback mode makes a block cipher into a synchronous
>> 450 stream cipher. It generates keystream blocks, which are then XORed
>> 451 with the plaintext blocks to get the ciphertext. Flipping a bit in the
>> 452 ciphertext produces a flipped bit in the plaintext at the same
>> 453 location. This property allows many error correcting codes to function
>> 454 normally even when applied before encryption.
717 455
718 This block cipher mode is required f !! 456 config CRYPTO_PCBC
719 !! 457 tristate "PCBC support"
720 config CRYPTO_XCTR <<
721 tristate <<
722 select CRYPTO_SKCIPHER 458 select CRYPTO_SKCIPHER
723 select CRYPTO_MANAGER 459 select CRYPTO_MANAGER
724 help 460 help
725 XCTR (XOR Counter) mode for HCTR2 !! 461 PCBC: Propagating Cipher Block Chaining mode
726 !! 462 This block cipher algorithm is required for RxRPC.
727 This blockcipher mode is a variant o <<
728 addition rather than big-endian arit <<
729 <<
730 XCTR mode is used to implement HCTR2 <<
731 463
732 config CRYPTO_XTS 464 config CRYPTO_XTS
733 tristate "XTS (XOR Encrypt XOR with ci !! 465 tristate "XTS support"
734 select CRYPTO_SKCIPHER 466 select CRYPTO_SKCIPHER
735 select CRYPTO_MANAGER 467 select CRYPTO_MANAGER
736 select CRYPTO_ECB 468 select CRYPTO_ECB
737 help 469 help
738 XTS (XOR Encrypt XOR with ciphertext !! 470 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
739 and IEEE 1619) !! 471 key size 256, 384 or 512 bits. This implementation currently
>> 472 can't handle a sectorsize which is not a multiple of 16 bytes.
740 473
741 Use with aes-xts-plain, key size 256 !! 474 config CRYPTO_KEYWRAP
742 implementation currently can't handl !! 475 tristate "Key wrapping support"
743 multiple of 16 bytes. !! 476 select CRYPTO_SKCIPHER
>> 477 select CRYPTO_MANAGER
>> 478 help
>> 479 Support for key wrapping (NIST SP800-38F / RFC3394) without
>> 480 padding.
744 481
745 config CRYPTO_NHPOLY1305 482 config CRYPTO_NHPOLY1305
746 tristate 483 tristate
747 select CRYPTO_HASH 484 select CRYPTO_HASH
748 select CRYPTO_LIB_POLY1305_GENERIC 485 select CRYPTO_LIB_POLY1305_GENERIC
749 486
750 endmenu !! 487 config CRYPTO_NHPOLY1305_SSE2
751 !! 488 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
752 menu "AEAD (authenticated encryption with asso !! 489 depends on X86 && 64BIT
753 !! 490 select CRYPTO_NHPOLY1305
754 config CRYPTO_AEGIS128 <<
755 tristate "AEGIS-128" <<
756 select CRYPTO_AEAD <<
757 select CRYPTO_AES # for AES S-box tab <<
758 help 491 help
759 AEGIS-128 AEAD algorithm !! 492 SSE2 optimized implementation of the hash function used by the
>> 493 Adiantum encryption mode.
760 494
761 config CRYPTO_AEGIS128_SIMD !! 495 config CRYPTO_NHPOLY1305_AVX2
762 bool "AEGIS-128 (arm NEON, arm64 NEON) !! 496 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
763 depends on CRYPTO_AEGIS128 && ((ARM || !! 497 depends on X86 && 64BIT
764 default y !! 498 select CRYPTO_NHPOLY1305
765 help 499 help
766 AEGIS-128 AEAD algorithm !! 500 AVX2 optimized implementation of the hash function used by the
767 !! 501 Adiantum encryption mode.
768 Architecture: arm or arm64 using: <<
769 - NEON (Advanced SIMD) extension <<
770 502
771 config CRYPTO_CHACHA20POLY1305 !! 503 config CRYPTO_ADIANTUM
772 tristate "ChaCha20-Poly1305" !! 504 tristate "Adiantum support"
773 select CRYPTO_CHACHA20 505 select CRYPTO_CHACHA20
774 select CRYPTO_POLY1305 !! 506 select CRYPTO_LIB_POLY1305_GENERIC
775 select CRYPTO_AEAD !! 507 select CRYPTO_NHPOLY1305
776 select CRYPTO_MANAGER <<
777 help <<
778 ChaCha20 stream cipher and Poly1305 <<
779 mode (RFC8439) <<
780 <<
781 config CRYPTO_CCM <<
782 tristate "CCM (Counter with Cipher Blo <<
783 select CRYPTO_CTR <<
784 select CRYPTO_HASH <<
785 select CRYPTO_AEAD <<
786 select CRYPTO_MANAGER <<
787 help <<
788 CCM (Counter with Cipher Block Chain <<
789 authenticated encryption mode (NIST <<
790 <<
791 config CRYPTO_GCM <<
792 tristate "GCM (Galois/Counter Mode) an <<
793 select CRYPTO_CTR <<
794 select CRYPTO_AEAD <<
795 select CRYPTO_GHASH <<
796 select CRYPTO_NULL <<
797 select CRYPTO_MANAGER <<
798 help <<
799 GCM (Galois/Counter Mode) authentica <<
800 (GCM Message Authentication Code) (N <<
801 <<
802 This is required for IPSec ESP (XFRM <<
803 <<
804 config CRYPTO_GENIV <<
805 tristate <<
806 select CRYPTO_AEAD <<
807 select CRYPTO_NULL <<
808 select CRYPTO_MANAGER 508 select CRYPTO_MANAGER
809 select CRYPTO_RNG_DEFAULT <<
810 <<
811 config CRYPTO_SEQIV <<
812 tristate "Sequence Number IV Generator <<
813 select CRYPTO_GENIV <<
814 help 509 help
815 Sequence Number IV generator !! 510 Adiantum is a tweakable, length-preserving encryption mode
816 !! 511 designed for fast and secure disk encryption, especially on
817 This IV generator generates an IV ba !! 512 CPUs without dedicated crypto instructions. It encrypts
818 xoring it with a salt. This algorit !! 513 each sector using the XChaCha12 stream cipher, two passes of
819 !! 514 an ε-almost-∆-universal hash function, and an invocation of
820 This is required for IPsec ESP (XFRM !! 515 the AES-256 block cipher on a single 16-byte block. On CPUs
>> 516 without AES instructions, Adiantum is much faster than
>> 517 AES-XTS.
821 518
822 config CRYPTO_ECHAINIV !! 519 Adiantum's security is provably reducible to that of its
823 tristate "Encrypted Chain IV Generator !! 520 underlying stream and block ciphers, subject to a security
824 select CRYPTO_GENIV !! 521 bound. Unlike XTS, Adiantum is a true wide-block encryption
825 help !! 522 mode, so it actually provides an even stronger notion of
826 Encrypted Chain IV generator !! 523 security than XTS, subject to the security bound.
827 524
828 This IV generator generates an IV ba !! 525 If unsure, say N.
829 a sequence number xored with a salt. <<
830 algorithm for CBC. <<
831 526
832 config CRYPTO_ESSIV 527 config CRYPTO_ESSIV
833 tristate "Encrypted Salt-Sector IV Gen !! 528 tristate "ESSIV support for block encryption"
834 select CRYPTO_AUTHENC 529 select CRYPTO_AUTHENC
835 help 530 help
836 Encrypted Salt-Sector IV generator !! 531 Encrypted salt-sector initialization vector (ESSIV) is an IV
837 !! 532 generation method that is used in some cases by fscrypt and/or
838 This IV generator is used in some ca <<
839 dm-crypt. It uses the hash of the bl 533 dm-crypt. It uses the hash of the block encryption key as the
840 symmetric key for a block encryption 534 symmetric key for a block encryption pass applied to the input
841 IV, making low entropy IV sources mo 535 IV, making low entropy IV sources more suitable for block
842 encryption. 536 encryption.
843 537
844 This driver implements a crypto API 538 This driver implements a crypto API template that can be
845 instantiated either as an skcipher o 539 instantiated either as an skcipher or as an AEAD (depending on the
846 type of the first template argument) 540 type of the first template argument), and which defers encryption
847 and decryption requests to the encap 541 and decryption requests to the encapsulated cipher after applying
848 ESSIV to the input IV. Note that in 542 ESSIV to the input IV. Note that in the AEAD case, it is assumed
849 that the keys are presented in the s 543 that the keys are presented in the same format used by the authenc
850 template, and that the IV appears at 544 template, and that the IV appears at the end of the authenticated
851 associated data (AAD) region (which 545 associated data (AAD) region (which is how dm-crypt uses it.)
852 546
853 Note that the use of ESSIV is not re 547 Note that the use of ESSIV is not recommended for new deployments,
854 and so this only needs to be enabled 548 and so this only needs to be enabled when interoperability with
855 existing encrypted volumes of filesy 549 existing encrypted volumes of filesystems is required, or when
856 building for a particular system tha 550 building for a particular system that requires it (e.g., when
857 the SoC in question has accelerated 551 the SoC in question has accelerated CBC but not XTS, making CBC
858 combined with ESSIV the only feasibl 552 combined with ESSIV the only feasible mode for h/w accelerated
859 block encryption) 553 block encryption)
860 554
861 endmenu !! 555 comment "Hash modes"
>> 556
>> 557 config CRYPTO_CMAC
>> 558 tristate "CMAC support"
>> 559 select CRYPTO_HASH
>> 560 select CRYPTO_MANAGER
>> 561 help
>> 562 Cipher-based Message Authentication Code (CMAC) specified by
>> 563 The National Institute of Standards and Technology (NIST).
>> 564
>> 565 https://tools.ietf.org/html/rfc4493
>> 566 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
862 567
863 menu "Hashes, digests, and MACs" !! 568 config CRYPTO_HMAC
>> 569 tristate "HMAC support"
>> 570 select CRYPTO_HASH
>> 571 select CRYPTO_MANAGER
>> 572 help
>> 573 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
>> 574 This is required for IPSec.
864 575
865 config CRYPTO_BLAKE2B !! 576 config CRYPTO_XCBC
866 tristate "BLAKE2b" !! 577 tristate "XCBC support"
>> 578 select CRYPTO_HASH
>> 579 select CRYPTO_MANAGER
>> 580 help
>> 581 XCBC: Keyed-Hashing with encryption algorithm
>> 582 https://www.ietf.org/rfc/rfc3566.txt
>> 583 http://csrc.nist.gov/encryption/modes/proposedmodes/
>> 584 xcbc-mac/xcbc-mac-spec.pdf
>> 585
>> 586 config CRYPTO_VMAC
>> 587 tristate "VMAC support"
>> 588 select CRYPTO_HASH
>> 589 select CRYPTO_MANAGER
>> 590 help
>> 591 VMAC is a message authentication algorithm designed for
>> 592 very high speed on 64-bit architectures.
>> 593
>> 594 See also:
>> 595 <https://fastcrypto.org/vmac>
>> 596
>> 597 comment "Digest"
>> 598
>> 599 config CRYPTO_CRC32C
>> 600 tristate "CRC32c CRC algorithm"
>> 601 select CRYPTO_HASH
>> 602 select CRC32
>> 603 help
>> 604 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
>> 605 by iSCSI for header and data digests and by others.
>> 606 See Castagnoli93. Module will be crc32c.
>> 607
>> 608 config CRYPTO_CRC32C_INTEL
>> 609 tristate "CRC32c INTEL hardware acceleration"
>> 610 depends on X86
>> 611 select CRYPTO_HASH
>> 612 help
>> 613 In Intel processor with SSE4.2 supported, the processor will
>> 614 support CRC32C implementation using hardware accelerated CRC32
>> 615 instruction. This option will create 'crc32c-intel' module,
>> 616 which will enable any routine to use the CRC32 instruction to
>> 617 gain performance compared with software implementation.
>> 618 Module will be crc32c-intel.
>> 619
>> 620 config CRYPTO_CRC32C_VPMSUM
>> 621 tristate "CRC32c CRC algorithm (powerpc64)"
>> 622 depends on PPC64 && ALTIVEC
>> 623 select CRYPTO_HASH
>> 624 select CRC32
>> 625 help
>> 626 CRC32c algorithm implemented using vector polynomial multiply-sum
>> 627 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
>> 628 and newer processors for improved performance.
>> 629
>> 630
>> 631 config CRYPTO_CRC32C_SPARC64
>> 632 tristate "CRC32c CRC algorithm (SPARC64)"
>> 633 depends on SPARC64
>> 634 select CRYPTO_HASH
>> 635 select CRC32
>> 636 help
>> 637 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
>> 638 when available.
>> 639
>> 640 config CRYPTO_CRC32
>> 641 tristate "CRC32 CRC algorithm"
>> 642 select CRYPTO_HASH
>> 643 select CRC32
>> 644 help
>> 645 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
>> 646 Shash crypto api wrappers to crc32_le function.
>> 647
>> 648 config CRYPTO_CRC32_PCLMUL
>> 649 tristate "CRC32 PCLMULQDQ hardware acceleration"
>> 650 depends on X86
>> 651 select CRYPTO_HASH
>> 652 select CRC32
>> 653 help
>> 654 From Intel Westmere and AMD Bulldozer processor with SSE4.2
>> 655 and PCLMULQDQ supported, the processor will support
>> 656 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
>> 657 instruction. This option will create 'crc32-pclmul' module,
>> 658 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
>> 659 and gain better performance as compared with the table implementation.
>> 660
>> 661 config CRYPTO_CRC32_MIPS
>> 662 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
>> 663 depends on MIPS_CRC_SUPPORT
>> 664 select CRYPTO_HASH
>> 665 help
>> 666 CRC32c and CRC32 CRC algorithms implemented using mips crypto
>> 667 instructions, when available.
>> 668
>> 669 config CRYPTO_CRC32_S390
>> 670 tristate "CRC-32 algorithms"
>> 671 depends on S390
>> 672 select CRYPTO_HASH
>> 673 select CRC32
>> 674 help
>> 675 Select this option if you want to use hardware accelerated
>> 676 implementations of CRC algorithms. With this option, you
>> 677 can optimize the computation of CRC-32 (IEEE 802.3 Ethernet)
>> 678 and CRC-32C (Castagnoli).
>> 679
>> 680 It is available with IBM z13 or later.
>> 681
>> 682 config CRYPTO_XXHASH
>> 683 tristate "xxHash hash algorithm"
867 select CRYPTO_HASH 684 select CRYPTO_HASH
>> 685 select XXHASH
868 help 686 help
869 BLAKE2b cryptographic hash function !! 687 xxHash non-cryptographic hash algorithm. Extremely fast, working at
>> 688 speeds close to RAM limits.
870 689
871 BLAKE2b is optimized for 64-bit plat !! 690 config CRYPTO_BLAKE2B
872 of any size between 1 and 64 bytes. !! 691 tristate "BLAKE2b digest algorithm"
>> 692 select CRYPTO_HASH
>> 693 help
>> 694 Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
>> 695 optimized for 64bit platforms and can produce digests of any size
>> 696 between 1 to 64. The keyed hash is also implemented.
873 697
874 This module provides the following a 698 This module provides the following algorithms:
>> 699
875 - blake2b-160 700 - blake2b-160
876 - blake2b-256 701 - blake2b-256
877 - blake2b-384 702 - blake2b-384
878 - blake2b-512 703 - blake2b-512
879 704
880 Used by the btrfs filesystem. <<
881 <<
882 See https://blake2.net for further i 705 See https://blake2.net for further information.
883 706
884 config CRYPTO_CMAC !! 707 config CRYPTO_BLAKE2S_X86
885 tristate "CMAC (Cipher-based MAC)" !! 708 bool "BLAKE2s digest algorithm (x86 accelerated version)"
>> 709 depends on X86 && 64BIT
>> 710 select CRYPTO_LIB_BLAKE2S_GENERIC
>> 711 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
>> 712
>> 713 config CRYPTO_CRCT10DIF
>> 714 tristate "CRCT10DIF algorithm"
>> 715 select CRYPTO_HASH
>> 716 help
>> 717 CRC T10 Data Integrity Field computation is being cast as
>> 718 a crypto transform. This allows for faster crc t10 diff
>> 719 transforms to be used if they are available.
>> 720
>> 721 config CRYPTO_CRCT10DIF_PCLMUL
>> 722 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
>> 723 depends on X86 && 64BIT && CRC_T10DIF
>> 724 select CRYPTO_HASH
>> 725 help
>> 726 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
>> 727 CRC T10 DIF PCLMULQDQ computation can be hardware
>> 728 accelerated PCLMULQDQ instruction. This option will create
>> 729 'crct10dif-pclmul' module, which is faster when computing the
>> 730 crct10dif checksum as compared with the generic table implementation.
>> 731
>> 732 config CRYPTO_CRCT10DIF_VPMSUM
>> 733 tristate "CRC32T10DIF powerpc64 hardware acceleration"
>> 734 depends on PPC64 && ALTIVEC && CRC_T10DIF
886 select CRYPTO_HASH 735 select CRYPTO_HASH
887 select CRYPTO_MANAGER <<
888 help 736 help
889 CMAC (Cipher-based Message Authentic !! 737 CRC10T10DIF algorithm implemented using vector polynomial
890 mode (NIST SP800-38B and IETF RFC449 !! 738 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
>> 739 POWER8 and newer processors for improved performance.
>> 740
>> 741 config CRYPTO_CRC64_ROCKSOFT
>> 742 tristate "Rocksoft Model CRC64 algorithm"
>> 743 depends on CRC64
>> 744 select CRYPTO_HASH
>> 745
>> 746 config CRYPTO_VPMSUM_TESTER
>> 747 tristate "Powerpc64 vpmsum hardware acceleration tester"
>> 748 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
>> 749 help
>> 750 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
>> 751 POWER8 vpmsum instructions.
>> 752 Unless you are testing these algorithms, you don't need this.
891 753
892 config CRYPTO_GHASH 754 config CRYPTO_GHASH
893 tristate "GHASH" !! 755 tristate "GHASH hash function"
>> 756 select CRYPTO_GF128MUL
894 select CRYPTO_HASH 757 select CRYPTO_HASH
895 select CRYPTO_LIB_GF128MUL <<
896 help 758 help
897 GCM GHASH function (NIST SP800-38D) !! 759 GHASH is the hash function used in GCM (Galois/Counter Mode).
>> 760 It is not a general-purpose cryptographic hash function.
898 761
899 config CRYPTO_HMAC !! 762 config CRYPTO_POLY1305
900 tristate "HMAC (Keyed-Hash MAC)" !! 763 tristate "Poly1305 authenticator algorithm"
901 select CRYPTO_HASH 764 select CRYPTO_HASH
902 select CRYPTO_MANAGER !! 765 select CRYPTO_LIB_POLY1305_GENERIC
>> 766 help
>> 767 Poly1305 authenticator algorithm, RFC7539.
>> 768
>> 769 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
>> 770 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
>> 771 in IETF protocols. This is the portable C implementation of Poly1305.
>> 772
>> 773 config CRYPTO_POLY1305_X86_64
>> 774 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
>> 775 depends on X86 && 64BIT
>> 776 select CRYPTO_LIB_POLY1305_GENERIC
>> 777 select CRYPTO_ARCH_HAVE_LIB_POLY1305
903 help 778 help
904 HMAC (Keyed-Hash Message Authenticat !! 779 Poly1305 authenticator algorithm, RFC7539.
905 RFC2104) <<
906 780
907 This is required for IPsec AH (XFRM_ !! 781 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
>> 782 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
>> 783 in IETF protocols. This is the x86_64 assembler implementation using SIMD
>> 784 instructions.
>> 785
>> 786 config CRYPTO_POLY1305_MIPS
>> 787 tristate "Poly1305 authenticator algorithm (MIPS optimized)"
>> 788 depends on MIPS
>> 789 select CRYPTO_ARCH_HAVE_LIB_POLY1305
908 790
909 config CRYPTO_MD4 791 config CRYPTO_MD4
910 tristate "MD4" !! 792 tristate "MD4 digest algorithm"
911 select CRYPTO_HASH 793 select CRYPTO_HASH
912 help 794 help
913 MD4 message digest algorithm (RFC132 !! 795 MD4 message digest algorithm (RFC1320).
914 796
915 config CRYPTO_MD5 797 config CRYPTO_MD5
916 tristate "MD5" !! 798 tristate "MD5 digest algorithm"
917 select CRYPTO_HASH 799 select CRYPTO_HASH
918 help 800 help
919 MD5 message digest algorithm (RFC132 !! 801 MD5 message digest algorithm (RFC1321).
920 802
921 config CRYPTO_MICHAEL_MIC !! 803 config CRYPTO_MD5_OCTEON
922 tristate "Michael MIC" !! 804 tristate "MD5 digest algorithm (OCTEON)"
>> 805 depends on CPU_CAVIUM_OCTEON
>> 806 select CRYPTO_MD5
923 select CRYPTO_HASH 807 select CRYPTO_HASH
924 help 808 help
925 Michael MIC (Message Integrity Code) !! 809 MD5 message digest algorithm (RFC1321) implemented
>> 810 using OCTEON crypto instructions, when available.
926 811
927 Defined by the IEEE 802.11i TKIP (Te !! 812 config CRYPTO_MD5_PPC
928 known as WPA (Wif-Fi Protected Acces !! 813 tristate "MD5 digest algorithm (PPC)"
929 !! 814 depends on PPC
930 This algorithm is required for TKIP, <<
931 other purposes because of the weakne <<
932 <<
933 config CRYPTO_POLYVAL <<
934 tristate <<
935 select CRYPTO_HASH 815 select CRYPTO_HASH
936 select CRYPTO_LIB_GF128MUL <<
937 help 816 help
938 POLYVAL hash function for HCTR2 !! 817 MD5 message digest algorithm (RFC1321) implemented
939 !! 818 in PPC assembler.
940 This is used in HCTR2. It is not a <<
941 cryptographic hash function. <<
942 819
943 config CRYPTO_POLY1305 !! 820 config CRYPTO_MD5_SPARC64
944 tristate "Poly1305" !! 821 tristate "MD5 digest algorithm (SPARC64)"
>> 822 depends on SPARC64
>> 823 select CRYPTO_MD5
945 select CRYPTO_HASH 824 select CRYPTO_HASH
946 select CRYPTO_LIB_POLY1305_GENERIC <<
947 help 825 help
948 Poly1305 authenticator algorithm (RF !! 826 MD5 message digest algorithm (RFC1321) implemented
>> 827 using sparc64 crypto instructions, when available.
949 828
950 Poly1305 is an authenticator algorit !! 829 config CRYPTO_MICHAEL_MIC
951 It is used for the ChaCha20-Poly1305 !! 830 tristate "Michael MIC keyed digest algorithm"
952 in IETF protocols. This is the porta !! 831 select CRYPTO_HASH
>> 832 help
>> 833 Michael MIC is used for message integrity protection in TKIP
>> 834 (IEEE 802.11i). This algorithm is required for TKIP, but it
>> 835 should not be used for other purposes because of the weakness
>> 836 of the algorithm.
953 837
954 config CRYPTO_RMD160 838 config CRYPTO_RMD160
955 tristate "RIPEMD-160" !! 839 tristate "RIPEMD-160 digest algorithm"
956 select CRYPTO_HASH 840 select CRYPTO_HASH
957 help 841 help
958 RIPEMD-160 hash function (ISO/IEC 10 !! 842 RIPEMD-160 (ISO/IEC 10118-3:2004).
959 843
960 RIPEMD-160 is a 160-bit cryptographi 844 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
961 to be used as a secure replacement f 845 to be used as a secure replacement for the 128-bit hash functions
962 MD4, MD5 and its predecessor RIPEMD !! 846 MD4, MD5 and it's predecessor RIPEMD
963 (not to be confused with RIPEMD-128) 847 (not to be confused with RIPEMD-128).
964 848
965 Its speed is comparable to SHA-1 and !! 849 It's speed is comparable to SHA1 and there are no known attacks
966 against RIPEMD-160. 850 against RIPEMD-160.
967 851
968 Developed by Hans Dobbertin, Antoon 852 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
969 See https://homes.esat.kuleuven.be/~ !! 853 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
970 for further information. <<
971 854
972 config CRYPTO_SHA1 855 config CRYPTO_SHA1
973 tristate "SHA-1" !! 856 tristate "SHA1 digest algorithm"
>> 857 select CRYPTO_HASH
>> 858 help
>> 859 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
>> 860
>> 861 config CRYPTO_SHA1_SSSE3
>> 862 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
>> 863 depends on X86 && 64BIT
>> 864 select CRYPTO_SHA1
>> 865 select CRYPTO_HASH
>> 866 help
>> 867 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 868 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
>> 869 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
>> 870 when available.
>> 871
>> 872 config CRYPTO_SHA256_SSSE3
>> 873 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
>> 874 depends on X86 && 64BIT
>> 875 select CRYPTO_SHA256
>> 876 select CRYPTO_HASH
>> 877 help
>> 878 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 879 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 880 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 881 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
>> 882 Instructions) when available.
>> 883
>> 884 config CRYPTO_SHA512_SSSE3
>> 885 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
>> 886 depends on X86 && 64BIT
>> 887 select CRYPTO_SHA512
>> 888 select CRYPTO_HASH
>> 889 help
>> 890 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 891 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 892 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 893 version 2 (AVX2) instructions, when available.
>> 894
>> 895 config CRYPTO_SHA512_S390
>> 896 tristate "SHA384 and SHA512 digest algorithm"
>> 897 depends on S390
>> 898 select CRYPTO_HASH
>> 899 help
>> 900 This is the s390 hardware accelerated implementation of the
>> 901 SHA512 secure hash standard.
>> 902
>> 903 It is available as of z10.
>> 904
>> 905 config CRYPTO_SHA1_OCTEON
>> 906 tristate "SHA1 digest algorithm (OCTEON)"
>> 907 depends on CPU_CAVIUM_OCTEON
>> 908 select CRYPTO_SHA1
>> 909 select CRYPTO_HASH
>> 910 help
>> 911 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 912 using OCTEON crypto instructions, when available.
>> 913
>> 914 config CRYPTO_SHA1_SPARC64
>> 915 tristate "SHA1 digest algorithm (SPARC64)"
>> 916 depends on SPARC64
>> 917 select CRYPTO_SHA1
974 select CRYPTO_HASH 918 select CRYPTO_HASH
975 select CRYPTO_LIB_SHA1 <<
976 help 919 help
977 SHA-1 secure hash algorithm (FIPS 18 !! 920 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 921 using sparc64 crypto instructions, when available.
>> 922
>> 923 config CRYPTO_SHA1_PPC
>> 924 tristate "SHA1 digest algorithm (powerpc)"
>> 925 depends on PPC
>> 926 help
>> 927 This is the powerpc hardware accelerated implementation of the
>> 928 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
>> 929
>> 930 config CRYPTO_SHA1_PPC_SPE
>> 931 tristate "SHA1 digest algorithm (PPC SPE)"
>> 932 depends on PPC && SPE
>> 933 help
>> 934 SHA-1 secure hash standard (DFIPS 180-4) implemented
>> 935 using powerpc SPE SIMD instruction set.
>> 936
>> 937 config CRYPTO_SHA1_S390
>> 938 tristate "SHA1 digest algorithm"
>> 939 depends on S390
>> 940 select CRYPTO_HASH
>> 941 help
>> 942 This is the s390 hardware accelerated implementation of the
>> 943 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
>> 944
>> 945 It is available as of z990.
978 946
979 config CRYPTO_SHA256 947 config CRYPTO_SHA256
980 tristate "SHA-224 and SHA-256" !! 948 tristate "SHA224 and SHA256 digest algorithm"
981 select CRYPTO_HASH 949 select CRYPTO_HASH
982 select CRYPTO_LIB_SHA256 950 select CRYPTO_LIB_SHA256
983 help 951 help
984 SHA-224 and SHA-256 secure hash algo !! 952 SHA256 secure hash standard (DFIPS 180-2).
>> 953
>> 954 This version of SHA implements a 256 bit hash with 128 bits of
>> 955 security against collision attacks.
>> 956
>> 957 This code also includes SHA-224, a 224 bit hash with 112 bits
>> 958 of security against collision attacks.
>> 959
>> 960 config CRYPTO_SHA256_PPC_SPE
>> 961 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
>> 962 depends on PPC && SPE
>> 963 select CRYPTO_SHA256
>> 964 select CRYPTO_HASH
>> 965 help
>> 966 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
>> 967 implemented using powerpc SPE SIMD instruction set.
>> 968
>> 969 config CRYPTO_SHA256_OCTEON
>> 970 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
>> 971 depends on CPU_CAVIUM_OCTEON
>> 972 select CRYPTO_SHA256
>> 973 select CRYPTO_HASH
>> 974 help
>> 975 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 976 using OCTEON crypto instructions, when available.
>> 977
>> 978 config CRYPTO_SHA256_SPARC64
>> 979 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
>> 980 depends on SPARC64
>> 981 select CRYPTO_SHA256
>> 982 select CRYPTO_HASH
>> 983 help
>> 984 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 985 using sparc64 crypto instructions, when available.
>> 986
>> 987 config CRYPTO_SHA256_S390
>> 988 tristate "SHA256 digest algorithm"
>> 989 depends on S390
>> 990 select CRYPTO_HASH
>> 991 help
>> 992 This is the s390 hardware accelerated implementation of the
>> 993 SHA256 secure hash standard (DFIPS 180-2).
985 994
986 This is required for IPsec AH (XFRM_ !! 995 It is available as of z9.
987 Used by the btrfs filesystem, Ceph, <<
988 996
989 config CRYPTO_SHA512 997 config CRYPTO_SHA512
990 tristate "SHA-384 and SHA-512" !! 998 tristate "SHA384 and SHA512 digest algorithms"
>> 999 select CRYPTO_HASH
>> 1000 help
>> 1001 SHA512 secure hash standard (DFIPS 180-2).
>> 1002
>> 1003 This version of SHA implements a 512 bit hash with 256 bits of
>> 1004 security against collision attacks.
>> 1005
>> 1006 This code also includes SHA-384, a 384 bit hash with 192 bits
>> 1007 of security against collision attacks.
>> 1008
>> 1009 config CRYPTO_SHA512_OCTEON
>> 1010 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
>> 1011 depends on CPU_CAVIUM_OCTEON
>> 1012 select CRYPTO_SHA512
>> 1013 select CRYPTO_HASH
>> 1014 help
>> 1015 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 1016 using OCTEON crypto instructions, when available.
>> 1017
>> 1018 config CRYPTO_SHA512_SPARC64
>> 1019 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
>> 1020 depends on SPARC64
>> 1021 select CRYPTO_SHA512
991 select CRYPTO_HASH 1022 select CRYPTO_HASH
992 help 1023 help
993 SHA-384 and SHA-512 secure hash algo !! 1024 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 1025 using sparc64 crypto instructions, when available.
994 1026
995 config CRYPTO_SHA3 1027 config CRYPTO_SHA3
996 tristate "SHA-3" !! 1028 tristate "SHA3 digest algorithm"
>> 1029 select CRYPTO_HASH
>> 1030 help
>> 1031 SHA-3 secure hash standard (DFIPS 202). It's based on
>> 1032 cryptographic sponge function family called Keccak.
>> 1033
>> 1034 References:
>> 1035 http://keccak.noekeon.org/
>> 1036
>> 1037 config CRYPTO_SHA3_256_S390
>> 1038 tristate "SHA3_224 and SHA3_256 digest algorithm"
>> 1039 depends on S390
>> 1040 select CRYPTO_HASH
>> 1041 help
>> 1042 This is the s390 hardware accelerated implementation of the
>> 1043 SHA3_256 secure hash standard.
>> 1044
>> 1045 It is available as of z14.
>> 1046
>> 1047 config CRYPTO_SHA3_512_S390
>> 1048 tristate "SHA3_384 and SHA3_512 digest algorithm"
>> 1049 depends on S390
997 select CRYPTO_HASH 1050 select CRYPTO_HASH
998 help 1051 help
999 SHA-3 secure hash algorithms (FIPS 2 !! 1052 This is the s390 hardware accelerated implementation of the
>> 1053 SHA3_512 secure hash standard.
>> 1054
>> 1055 It is available as of z14.
1000 1056
1001 config CRYPTO_SM3 1057 config CRYPTO_SM3
1002 tristate 1058 tristate
1003 1059
1004 config CRYPTO_SM3_GENERIC 1060 config CRYPTO_SM3_GENERIC
1005 tristate "SM3 (ShangMi 3)" !! 1061 tristate "SM3 digest algorithm"
1006 select CRYPTO_HASH 1062 select CRYPTO_HASH
1007 select CRYPTO_SM3 1063 select CRYPTO_SM3
1008 help 1064 help
1009 SM3 (ShangMi 3) secure hash functio !! 1065 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1010 !! 1066 It is part of the Chinese Commercial Cryptography suite.
1011 This is part of the Chinese Commerc <<
1012 1067
1013 References: 1068 References:
1014 http://www.oscca.gov.cn/UpFile/2010 1069 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1015 https://datatracker.ietf.org/doc/ht 1070 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1016 1071
1017 config CRYPTO_STREEBOG !! 1072 config CRYPTO_SM3_AVX_X86_64
1018 tristate "Streebog" !! 1073 tristate "SM3 digest algorithm (x86_64/AVX)"
>> 1074 depends on X86 && 64BIT
1019 select CRYPTO_HASH 1075 select CRYPTO_HASH
>> 1076 select CRYPTO_SM3
1020 help 1077 help
1021 Streebog Hash Function (GOST R 34.1 !! 1078 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
>> 1079 It is part of the Chinese Commercial Cryptography suite. This is
>> 1080 SM3 optimized implementation using Advanced Vector Extensions (AVX)
>> 1081 when available.
1022 1082
1023 This is one of the Russian cryptogr !! 1083 If unsure, say N.
1024 GOST algorithms). This setting enab !! 1084
1025 256 and 512 bits output. !! 1085 config CRYPTO_STREEBOG
>> 1086 tristate "Streebog Hash Function"
>> 1087 select CRYPTO_HASH
>> 1088 help
>> 1089 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
>> 1090 cryptographic standard algorithms (called GOST algorithms).
>> 1091 This setting enables two hash algorithms with 256 and 512 bits output.
1026 1092
1027 References: 1093 References:
1028 https://tc26.ru/upload/iblock/fed/f 1094 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1029 https://tools.ietf.org/html/rfc6986 1095 https://tools.ietf.org/html/rfc6986
1030 1096
1031 config CRYPTO_VMAC !! 1097 config CRYPTO_WP512
1032 tristate "VMAC" !! 1098 tristate "Whirlpool digest algorithms"
1033 select CRYPTO_HASH 1099 select CRYPTO_HASH
1034 select CRYPTO_MANAGER <<
1035 help 1100 help
1036 VMAC is a message authentication al !! 1101 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1037 very high speed on 64-bit architect <<
1038 1102
1039 See https://fastcrypto.org/vmac for !! 1103 Whirlpool-512 is part of the NESSIE cryptographic primitives.
>> 1104 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1040 1105
1041 config CRYPTO_WP512 !! 1106 See also:
1042 tristate "Whirlpool" !! 1107 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
>> 1108
>> 1109 config CRYPTO_GHASH_CLMUL_NI_INTEL
>> 1110 tristate "GHASH hash function (CLMUL-NI accelerated)"
>> 1111 depends on X86 && 64BIT
>> 1112 select CRYPTO_CRYPTD
>> 1113 help
>> 1114 This is the x86_64 CLMUL-NI accelerated implementation of
>> 1115 GHASH, the hash function used in GCM (Galois/Counter mode).
>> 1116
>> 1117 config CRYPTO_GHASH_S390
>> 1118 tristate "GHASH hash function"
>> 1119 depends on S390
1043 select CRYPTO_HASH 1120 select CRYPTO_HASH
1044 help 1121 help
1045 Whirlpool hash function (ISO/IEC 10 !! 1122 This is the s390 hardware accelerated implementation of GHASH,
>> 1123 the hash function used in GCM (Galois/Counter mode).
1046 1124
1047 512, 384 and 256-bit hashes. !! 1125 It is available as of z196.
1048 1126
1049 Whirlpool-512 is part of the NESSIE !! 1127 comment "Ciphers"
>> 1128
>> 1129 config CRYPTO_AES
>> 1130 tristate "AES cipher algorithms"
>> 1131 select CRYPTO_ALGAPI
>> 1132 select CRYPTO_LIB_AES
>> 1133 help
>> 1134 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1135 algorithm.
>> 1136
>> 1137 Rijndael appears to be consistently a very good performer in
>> 1138 both hardware and software across a wide range of computing
>> 1139 environments regardless of its use in feedback or non-feedback
>> 1140 modes. Its key setup time is excellent, and its key agility is
>> 1141 good. Rijndael's very low memory requirements make it very well
>> 1142 suited for restricted-space environments, in which it also
>> 1143 demonstrates excellent performance. Rijndael's operations are
>> 1144 among the easiest to defend against power and timing attacks.
>> 1145
>> 1146 The AES specifies three key sizes: 128, 192 and 256 bits
1050 1147
1051 See https://web.archive.org/web/201 !! 1148 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1052 for further information. <<
1053 1149
1054 config CRYPTO_XCBC !! 1150 config CRYPTO_AES_TI
1055 tristate "XCBC-MAC (Extended Cipher B !! 1151 tristate "Fixed time AES cipher"
1056 select CRYPTO_HASH !! 1152 select CRYPTO_ALGAPI
1057 select CRYPTO_MANAGER !! 1153 select CRYPTO_LIB_AES
1058 help 1154 help
1059 XCBC-MAC (Extended Cipher Block Cha !! 1155 This is a generic implementation of AES that attempts to eliminate
1060 Code) (RFC3566) !! 1156 data dependent latencies as much as possible without affecting
>> 1157 performance too much. It is intended for use by the generic CCM
>> 1158 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
>> 1159 solely on encryption (although decryption is supported as well, but
>> 1160 with a more dramatic performance hit)
1061 1161
1062 config CRYPTO_XXHASH !! 1162 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1063 tristate "xxHash" !! 1163 8 for decryption), this implementation only uses just two S-boxes of
1064 select CRYPTO_HASH !! 1164 256 bytes each, and attempts to eliminate data dependent latencies by
1065 select XXHASH !! 1165 prefetching the entire table into the cache at the start of each
>> 1166 block. Interrupts are also disabled to avoid races where cachelines
>> 1167 are evicted when the CPU is interrupted to do something else.
>> 1168
>> 1169 config CRYPTO_AES_NI_INTEL
>> 1170 tristate "AES cipher algorithms (AES-NI)"
>> 1171 depends on X86
>> 1172 select CRYPTO_AEAD
>> 1173 select CRYPTO_LIB_AES
>> 1174 select CRYPTO_ALGAPI
>> 1175 select CRYPTO_SKCIPHER
>> 1176 select CRYPTO_SIMD
1066 help 1177 help
1067 xxHash non-cryptographic hash algor !! 1178 Use Intel AES-NI instructions for AES algorithm.
1068 1179
1069 Extremely fast, working at speeds c !! 1180 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1181 algorithm.
1070 1182
1071 Used by the btrfs filesystem. !! 1183 Rijndael appears to be consistently a very good performer in
>> 1184 both hardware and software across a wide range of computing
>> 1185 environments regardless of its use in feedback or non-feedback
>> 1186 modes. Its key setup time is excellent, and its key agility is
>> 1187 good. Rijndael's very low memory requirements make it very well
>> 1188 suited for restricted-space environments, in which it also
>> 1189 demonstrates excellent performance. Rijndael's operations are
>> 1190 among the easiest to defend against power and timing attacks.
1072 1191
1073 endmenu !! 1192 The AES specifies three key sizes: 128, 192 and 256 bits
1074 1193
1075 menu "CRCs (cyclic redundancy checks)" !! 1194 See <http://csrc.nist.gov/encryption/aes/> for more information.
1076 1195
1077 config CRYPTO_CRC32C !! 1196 In addition to AES cipher algorithm support, the acceleration
1078 tristate "CRC32c" !! 1197 for some popular block cipher mode is supported too, including
1079 select CRYPTO_HASH !! 1198 ECB, CBC, LRW, XTS. The 64 bit version has additional
1080 select CRC32 !! 1199 acceleration for CTR.
>> 1200
>> 1201 config CRYPTO_AES_SPARC64
>> 1202 tristate "AES cipher algorithms (SPARC64)"
>> 1203 depends on SPARC64
>> 1204 select CRYPTO_SKCIPHER
1081 help 1205 help
1082 CRC32c CRC algorithm with the iSCSI !! 1206 Use SPARC64 crypto opcodes for AES algorithm.
1083 1207
1084 A 32-bit CRC (cyclic redundancy che !! 1208 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1085 by G. Castagnoli, S. Braeuer and M. !! 1209 algorithm.
1086 Redundancy-Check Codes with 24 and <<
1087 on Communications, Vol. 41, No. 6, <<
1088 iSCSI. <<
1089 1210
1090 Used by btrfs, ext4, jbd2, NVMeoF/T !! 1211 Rijndael appears to be consistently a very good performer in
>> 1212 both hardware and software across a wide range of computing
>> 1213 environments regardless of its use in feedback or non-feedback
>> 1214 modes. Its key setup time is excellent, and its key agility is
>> 1215 good. Rijndael's very low memory requirements make it very well
>> 1216 suited for restricted-space environments, in which it also
>> 1217 demonstrates excellent performance. Rijndael's operations are
>> 1218 among the easiest to defend against power and timing attacks.
1091 1219
1092 config CRYPTO_CRC32 !! 1220 The AES specifies three key sizes: 128, 192 and 256 bits
1093 tristate "CRC32" !! 1221
1094 select CRYPTO_HASH !! 1222 See <http://csrc.nist.gov/encryption/aes/> for more information.
1095 select CRC32 !! 1223
>> 1224 In addition to AES cipher algorithm support, the acceleration
>> 1225 for some popular block cipher mode is supported too, including
>> 1226 ECB and CBC.
>> 1227
>> 1228 config CRYPTO_AES_PPC_SPE
>> 1229 tristate "AES cipher algorithms (PPC SPE)"
>> 1230 depends on PPC && SPE
>> 1231 select CRYPTO_SKCIPHER
>> 1232 help
>> 1233 AES cipher algorithms (FIPS-197). Additionally the acceleration
>> 1234 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
>> 1235 This module should only be used for low power (router) devices
>> 1236 without hardware AES acceleration (e.g. caam crypto). It reduces the
>> 1237 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
>> 1238 timining attacks. Nevertheless it might be not as secure as other
>> 1239 architecture specific assembler implementations that work on 1KB
>> 1240 tables or 256 bytes S-boxes.
>> 1241
>> 1242 config CRYPTO_AES_S390
>> 1243 tristate "AES cipher algorithms"
>> 1244 depends on S390
>> 1245 select CRYPTO_ALGAPI
>> 1246 select CRYPTO_SKCIPHER
1096 help 1247 help
1097 CRC32 CRC algorithm (IEEE 802.3) !! 1248 This is the s390 hardware accelerated implementation of the
>> 1249 AES cipher algorithms (FIPS-197).
1098 1250
1099 Used by RoCEv2 and f2fs. !! 1251 As of z9 the ECB and CBC modes are hardware accelerated
>> 1252 for 128 bit keys.
>> 1253 As of z10 the ECB and CBC modes are hardware accelerated
>> 1254 for all AES key sizes.
>> 1255 As of z196 the CTR mode is hardware accelerated for all AES
>> 1256 key sizes and XTS mode is hardware accelerated for 256 and
>> 1257 512 bit keys.
1100 1258
1101 config CRYPTO_CRCT10DIF !! 1259 config CRYPTO_ANUBIS
1102 tristate "CRCT10DIF" !! 1260 tristate "Anubis cipher algorithm"
1103 select CRYPTO_HASH !! 1261 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
>> 1262 select CRYPTO_ALGAPI
1104 help 1263 help
1105 CRC16 CRC algorithm used for the T1 !! 1264 Anubis cipher algorithm.
1106 1265
1107 CRC algorithm used by the SCSI Bloc !! 1266 Anubis is a variable key length cipher which can use keys from
>> 1267 128 bits to 320 bits in length. It was evaluated as a entrant
>> 1268 in the NESSIE competition.
1108 1269
1109 config CRYPTO_CRC64_ROCKSOFT !! 1270 See also:
1110 tristate "CRC64 based on Rocksoft Mod !! 1271 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1111 depends on CRC64 !! 1272 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1112 select CRYPTO_HASH !! 1273
>> 1274 config CRYPTO_ARC4
>> 1275 tristate "ARC4 cipher algorithm"
>> 1276 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
>> 1277 select CRYPTO_SKCIPHER
>> 1278 select CRYPTO_LIB_ARC4
>> 1279 help
>> 1280 ARC4 cipher algorithm.
>> 1281
>> 1282 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
>> 1283 bits in length. This algorithm is required for driver-based
>> 1284 WEP, but it should not be for other purposes because of the
>> 1285 weakness of the algorithm.
>> 1286
>> 1287 config CRYPTO_BLOWFISH
>> 1288 tristate "Blowfish cipher algorithm"
>> 1289 select CRYPTO_ALGAPI
>> 1290 select CRYPTO_BLOWFISH_COMMON
>> 1291 help
>> 1292 Blowfish cipher algorithm, by Bruce Schneier.
>> 1293
>> 1294 This is a variable key length cipher which can use keys from 32
>> 1295 bits to 448 bits in length. It's fast, simple and specifically
>> 1296 designed for use on "large microprocessors".
>> 1297
>> 1298 See also:
>> 1299 <https://www.schneier.com/blowfish.html>
>> 1300
>> 1301 config CRYPTO_BLOWFISH_COMMON
>> 1302 tristate
>> 1303 help
>> 1304 Common parts of the Blowfish cipher algorithm shared by the
>> 1305 generic c and the assembler implementations.
>> 1306
>> 1307 See also:
>> 1308 <https://www.schneier.com/blowfish.html>
>> 1309
>> 1310 config CRYPTO_BLOWFISH_X86_64
>> 1311 tristate "Blowfish cipher algorithm (x86_64)"
>> 1312 depends on X86 && 64BIT
>> 1313 select CRYPTO_SKCIPHER
>> 1314 select CRYPTO_BLOWFISH_COMMON
>> 1315 imply CRYPTO_CTR
>> 1316 help
>> 1317 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
>> 1318
>> 1319 This is a variable key length cipher which can use keys from 32
>> 1320 bits to 448 bits in length. It's fast, simple and specifically
>> 1321 designed for use on "large microprocessors".
>> 1322
>> 1323 See also:
>> 1324 <https://www.schneier.com/blowfish.html>
>> 1325
>> 1326 config CRYPTO_CAMELLIA
>> 1327 tristate "Camellia cipher algorithms"
>> 1328 select CRYPTO_ALGAPI
>> 1329 help
>> 1330 Camellia cipher algorithms module.
>> 1331
>> 1332 Camellia is a symmetric key block cipher developed jointly
>> 1333 at NTT and Mitsubishi Electric Corporation.
>> 1334
>> 1335 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1336
>> 1337 See also:
>> 1338 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1339
>> 1340 config CRYPTO_CAMELLIA_X86_64
>> 1341 tristate "Camellia cipher algorithm (x86_64)"
>> 1342 depends on X86 && 64BIT
>> 1343 select CRYPTO_SKCIPHER
>> 1344 imply CRYPTO_CTR
>> 1345 help
>> 1346 Camellia cipher algorithm module (x86_64).
>> 1347
>> 1348 Camellia is a symmetric key block cipher developed jointly
>> 1349 at NTT and Mitsubishi Electric Corporation.
>> 1350
>> 1351 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1352
>> 1353 See also:
>> 1354 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1355
>> 1356 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1357 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
>> 1358 depends on X86 && 64BIT
>> 1359 select CRYPTO_SKCIPHER
>> 1360 select CRYPTO_CAMELLIA_X86_64
>> 1361 select CRYPTO_SIMD
>> 1362 imply CRYPTO_XTS
>> 1363 help
>> 1364 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
>> 1365
>> 1366 Camellia is a symmetric key block cipher developed jointly
>> 1367 at NTT and Mitsubishi Electric Corporation.
>> 1368
>> 1369 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1370
>> 1371 See also:
>> 1372 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1373
>> 1374 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
>> 1375 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
>> 1376 depends on X86 && 64BIT
>> 1377 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1378 help
>> 1379 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
>> 1380
>> 1381 Camellia is a symmetric key block cipher developed jointly
>> 1382 at NTT and Mitsubishi Electric Corporation.
>> 1383
>> 1384 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1385
>> 1386 See also:
>> 1387 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1388
>> 1389 config CRYPTO_CAMELLIA_SPARC64
>> 1390 tristate "Camellia cipher algorithm (SPARC64)"
>> 1391 depends on SPARC64
>> 1392 select CRYPTO_ALGAPI
>> 1393 select CRYPTO_SKCIPHER
>> 1394 help
>> 1395 Camellia cipher algorithm module (SPARC64).
>> 1396
>> 1397 Camellia is a symmetric key block cipher developed jointly
>> 1398 at NTT and Mitsubishi Electric Corporation.
>> 1399
>> 1400 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1401
>> 1402 See also:
>> 1403 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1404
>> 1405 config CRYPTO_CAST_COMMON
>> 1406 tristate
>> 1407 help
>> 1408 Common parts of the CAST cipher algorithms shared by the
>> 1409 generic c and the assembler implementations.
>> 1410
>> 1411 config CRYPTO_CAST5
>> 1412 tristate "CAST5 (CAST-128) cipher algorithm"
>> 1413 select CRYPTO_ALGAPI
>> 1414 select CRYPTO_CAST_COMMON
>> 1415 help
>> 1416 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1417 described in RFC2144.
>> 1418
>> 1419 config CRYPTO_CAST5_AVX_X86_64
>> 1420 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
>> 1421 depends on X86 && 64BIT
>> 1422 select CRYPTO_SKCIPHER
>> 1423 select CRYPTO_CAST5
>> 1424 select CRYPTO_CAST_COMMON
>> 1425 select CRYPTO_SIMD
>> 1426 imply CRYPTO_CTR
1113 help 1427 help
1114 CRC64 CRC algorithm based on the Ro !! 1428 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1429 described in RFC2144.
1115 1430
1116 Used by the NVMe implementation of !! 1431 This module provides the Cast5 cipher algorithm that processes
>> 1432 sixteen blocks parallel using the AVX instruction set.
>> 1433
>> 1434 config CRYPTO_CAST6
>> 1435 tristate "CAST6 (CAST-256) cipher algorithm"
>> 1436 select CRYPTO_ALGAPI
>> 1437 select CRYPTO_CAST_COMMON
>> 1438 help
>> 1439 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1440 described in RFC2612.
1117 1441
1118 See https://zlib.net/crc_v3.txt !! 1442 config CRYPTO_CAST6_AVX_X86_64
>> 1443 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
>> 1444 depends on X86 && 64BIT
>> 1445 select CRYPTO_SKCIPHER
>> 1446 select CRYPTO_CAST6
>> 1447 select CRYPTO_CAST_COMMON
>> 1448 select CRYPTO_SIMD
>> 1449 imply CRYPTO_XTS
>> 1450 imply CRYPTO_CTR
>> 1451 help
>> 1452 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1453 described in RFC2612.
1119 1454
1120 endmenu !! 1455 This module provides the Cast6 cipher algorithm that processes
>> 1456 eight blocks parallel using the AVX instruction set.
1121 1457
1122 menu "Compression" !! 1458 config CRYPTO_DES
>> 1459 tristate "DES and Triple DES EDE cipher algorithms"
>> 1460 select CRYPTO_ALGAPI
>> 1461 select CRYPTO_LIB_DES
>> 1462 help
>> 1463 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
>> 1464
>> 1465 config CRYPTO_DES_SPARC64
>> 1466 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
>> 1467 depends on SPARC64
>> 1468 select CRYPTO_ALGAPI
>> 1469 select CRYPTO_LIB_DES
>> 1470 select CRYPTO_SKCIPHER
>> 1471 help
>> 1472 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
>> 1473 optimized using SPARC64 crypto opcodes.
>> 1474
>> 1475 config CRYPTO_DES3_EDE_X86_64
>> 1476 tristate "Triple DES EDE cipher algorithm (x86-64)"
>> 1477 depends on X86 && 64BIT
>> 1478 select CRYPTO_SKCIPHER
>> 1479 select CRYPTO_LIB_DES
>> 1480 imply CRYPTO_CTR
>> 1481 help
>> 1482 Triple DES EDE (FIPS 46-3) algorithm.
>> 1483
>> 1484 This module provides implementation of the Triple DES EDE cipher
>> 1485 algorithm that is optimized for x86-64 processors. Two versions of
>> 1486 algorithm are provided; regular processing one input block and
>> 1487 one that processes three blocks parallel.
>> 1488
>> 1489 config CRYPTO_DES_S390
>> 1490 tristate "DES and Triple DES cipher algorithms"
>> 1491 depends on S390
>> 1492 select CRYPTO_ALGAPI
>> 1493 select CRYPTO_SKCIPHER
>> 1494 select CRYPTO_LIB_DES
>> 1495 help
>> 1496 This is the s390 hardware accelerated implementation of the
>> 1497 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
>> 1498
>> 1499 As of z990 the ECB and CBC mode are hardware accelerated.
>> 1500 As of z196 the CTR mode is hardware accelerated.
>> 1501
>> 1502 config CRYPTO_FCRYPT
>> 1503 tristate "FCrypt cipher algorithm"
>> 1504 select CRYPTO_ALGAPI
>> 1505 select CRYPTO_SKCIPHER
>> 1506 help
>> 1507 FCrypt algorithm used by RxRPC.
>> 1508
>> 1509 config CRYPTO_KHAZAD
>> 1510 tristate "Khazad cipher algorithm"
>> 1511 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
>> 1512 select CRYPTO_ALGAPI
>> 1513 help
>> 1514 Khazad cipher algorithm.
>> 1515
>> 1516 Khazad was a finalist in the initial NESSIE competition. It is
>> 1517 an algorithm optimized for 64-bit processors with good performance
>> 1518 on 32-bit processors. Khazad uses an 128 bit key size.
>> 1519
>> 1520 See also:
>> 1521 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
>> 1522
>> 1523 config CRYPTO_CHACHA20
>> 1524 tristate "ChaCha stream cipher algorithms"
>> 1525 select CRYPTO_LIB_CHACHA_GENERIC
>> 1526 select CRYPTO_SKCIPHER
>> 1527 help
>> 1528 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
>> 1529
>> 1530 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
>> 1531 Bernstein and further specified in RFC7539 for use in IETF protocols.
>> 1532 This is the portable C implementation of ChaCha20. See also:
>> 1533 <https://cr.yp.to/chacha/chacha-20080128.pdf>
>> 1534
>> 1535 XChaCha20 is the application of the XSalsa20 construction to ChaCha20
>> 1536 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
>> 1537 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
>> 1538 while provably retaining ChaCha20's security. See also:
>> 1539 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
>> 1540
>> 1541 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
>> 1542 reduced security margin but increased performance. It can be needed
>> 1543 in some performance-sensitive scenarios.
>> 1544
>> 1545 config CRYPTO_CHACHA20_X86_64
>> 1546 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
>> 1547 depends on X86 && 64BIT
>> 1548 select CRYPTO_SKCIPHER
>> 1549 select CRYPTO_LIB_CHACHA_GENERIC
>> 1550 select CRYPTO_ARCH_HAVE_LIB_CHACHA
>> 1551 help
>> 1552 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
>> 1553 XChaCha20, and XChaCha12 stream ciphers.
>> 1554
>> 1555 config CRYPTO_CHACHA_MIPS
>> 1556 tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)"
>> 1557 depends on CPU_MIPS32_R2
>> 1558 select CRYPTO_SKCIPHER
>> 1559 select CRYPTO_ARCH_HAVE_LIB_CHACHA
>> 1560
>> 1561 config CRYPTO_CHACHA_S390
>> 1562 tristate "ChaCha20 stream cipher"
>> 1563 depends on S390
>> 1564 select CRYPTO_SKCIPHER
>> 1565 select CRYPTO_LIB_CHACHA_GENERIC
>> 1566 select CRYPTO_ARCH_HAVE_LIB_CHACHA
>> 1567 help
>> 1568 This is the s390 SIMD implementation of the ChaCha20 stream
>> 1569 cipher (RFC 7539).
>> 1570
>> 1571 It is available as of z13.
>> 1572
>> 1573 config CRYPTO_SEED
>> 1574 tristate "SEED cipher algorithm"
>> 1575 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
>> 1576 select CRYPTO_ALGAPI
>> 1577 help
>> 1578 SEED cipher algorithm (RFC4269).
>> 1579
>> 1580 SEED is a 128-bit symmetric key block cipher that has been
>> 1581 developed by KISA (Korea Information Security Agency) as a
>> 1582 national standard encryption algorithm of the Republic of Korea.
>> 1583 It is a 16 round block cipher with the key size of 128 bit.
>> 1584
>> 1585 See also:
>> 1586 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
>> 1587
>> 1588 config CRYPTO_SERPENT
>> 1589 tristate "Serpent cipher algorithm"
>> 1590 select CRYPTO_ALGAPI
>> 1591 help
>> 1592 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1593
>> 1594 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1595 of 8 bits.
>> 1596
>> 1597 See also:
>> 1598 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1599
>> 1600 config CRYPTO_SERPENT_SSE2_X86_64
>> 1601 tristate "Serpent cipher algorithm (x86_64/SSE2)"
>> 1602 depends on X86 && 64BIT
>> 1603 select CRYPTO_SKCIPHER
>> 1604 select CRYPTO_SERPENT
>> 1605 select CRYPTO_SIMD
>> 1606 imply CRYPTO_CTR
>> 1607 help
>> 1608 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1609
>> 1610 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1611 of 8 bits.
>> 1612
>> 1613 This module provides Serpent cipher algorithm that processes eight
>> 1614 blocks parallel using SSE2 instruction set.
>> 1615
>> 1616 See also:
>> 1617 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1618
>> 1619 config CRYPTO_SERPENT_SSE2_586
>> 1620 tristate "Serpent cipher algorithm (i586/SSE2)"
>> 1621 depends on X86 && !64BIT
>> 1622 select CRYPTO_SKCIPHER
>> 1623 select CRYPTO_SERPENT
>> 1624 select CRYPTO_SIMD
>> 1625 imply CRYPTO_CTR
>> 1626 help
>> 1627 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1628
>> 1629 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1630 of 8 bits.
>> 1631
>> 1632 This module provides Serpent cipher algorithm that processes four
>> 1633 blocks parallel using SSE2 instruction set.
>> 1634
>> 1635 See also:
>> 1636 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1637
>> 1638 config CRYPTO_SERPENT_AVX_X86_64
>> 1639 tristate "Serpent cipher algorithm (x86_64/AVX)"
>> 1640 depends on X86 && 64BIT
>> 1641 select CRYPTO_SKCIPHER
>> 1642 select CRYPTO_SERPENT
>> 1643 select CRYPTO_SIMD
>> 1644 imply CRYPTO_XTS
>> 1645 imply CRYPTO_CTR
>> 1646 help
>> 1647 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1648
>> 1649 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1650 of 8 bits.
>> 1651
>> 1652 This module provides the Serpent cipher algorithm that processes
>> 1653 eight blocks parallel using the AVX instruction set.
>> 1654
>> 1655 See also:
>> 1656 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1657
>> 1658 config CRYPTO_SERPENT_AVX2_X86_64
>> 1659 tristate "Serpent cipher algorithm (x86_64/AVX2)"
>> 1660 depends on X86 && 64BIT
>> 1661 select CRYPTO_SERPENT_AVX_X86_64
>> 1662 help
>> 1663 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1664
>> 1665 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1666 of 8 bits.
>> 1667
>> 1668 This module provides Serpent cipher algorithm that processes 16
>> 1669 blocks parallel using AVX2 instruction set.
>> 1670
>> 1671 See also:
>> 1672 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1673
>> 1674 config CRYPTO_SM4
>> 1675 tristate
>> 1676
>> 1677 config CRYPTO_SM4_GENERIC
>> 1678 tristate "SM4 cipher algorithm"
>> 1679 select CRYPTO_ALGAPI
>> 1680 select CRYPTO_SM4
>> 1681 help
>> 1682 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
>> 1683
>> 1684 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
>> 1685 Organization of State Commercial Administration of China (OSCCA)
>> 1686 as an authorized cryptographic algorithms for the use within China.
>> 1687
>> 1688 SMS4 was originally created for use in protecting wireless
>> 1689 networks, and is mandated in the Chinese National Standard for
>> 1690 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
>> 1691 (GB.15629.11-2003).
>> 1692
>> 1693 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
>> 1694 standardized through TC 260 of the Standardization Administration
>> 1695 of the People's Republic of China (SAC).
>> 1696
>> 1697 The input, output, and key of SMS4 are each 128 bits.
>> 1698
>> 1699 See also: <https://eprint.iacr.org/2008/329.pdf>
>> 1700
>> 1701 If unsure, say N.
>> 1702
>> 1703 config CRYPTO_SM4_AESNI_AVX_X86_64
>> 1704 tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX)"
>> 1705 depends on X86 && 64BIT
>> 1706 select CRYPTO_SKCIPHER
>> 1707 select CRYPTO_SIMD
>> 1708 select CRYPTO_ALGAPI
>> 1709 select CRYPTO_SM4
>> 1710 help
>> 1711 SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX).
>> 1712
>> 1713 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
>> 1714 Organization of State Commercial Administration of China (OSCCA)
>> 1715 as an authorized cryptographic algorithms for the use within China.
>> 1716
>> 1717 This is SM4 optimized implementation using AES-NI/AVX/x86_64
>> 1718 instruction set for block cipher. Through two affine transforms,
>> 1719 we can use the AES S-Box to simulate the SM4 S-Box to achieve the
>> 1720 effect of instruction acceleration.
>> 1721
>> 1722 If unsure, say N.
>> 1723
>> 1724 config CRYPTO_SM4_AESNI_AVX2_X86_64
>> 1725 tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX2)"
>> 1726 depends on X86 && 64BIT
>> 1727 select CRYPTO_SKCIPHER
>> 1728 select CRYPTO_SIMD
>> 1729 select CRYPTO_ALGAPI
>> 1730 select CRYPTO_SM4
>> 1731 select CRYPTO_SM4_AESNI_AVX_X86_64
>> 1732 help
>> 1733 SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX2).
>> 1734
>> 1735 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
>> 1736 Organization of State Commercial Administration of China (OSCCA)
>> 1737 as an authorized cryptographic algorithms for the use within China.
>> 1738
>> 1739 This is SM4 optimized implementation using AES-NI/AVX2/x86_64
>> 1740 instruction set for block cipher. Through two affine transforms,
>> 1741 we can use the AES S-Box to simulate the SM4 S-Box to achieve the
>> 1742 effect of instruction acceleration.
>> 1743
>> 1744 If unsure, say N.
>> 1745
>> 1746 config CRYPTO_TEA
>> 1747 tristate "TEA, XTEA and XETA cipher algorithms"
>> 1748 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
>> 1749 select CRYPTO_ALGAPI
>> 1750 help
>> 1751 TEA cipher algorithm.
>> 1752
>> 1753 Tiny Encryption Algorithm is a simple cipher that uses
>> 1754 many rounds for security. It is very fast and uses
>> 1755 little memory.
>> 1756
>> 1757 Xtendend Tiny Encryption Algorithm is a modification to
>> 1758 the TEA algorithm to address a potential key weakness
>> 1759 in the TEA algorithm.
>> 1760
>> 1761 Xtendend Encryption Tiny Algorithm is a mis-implementation
>> 1762 of the XTEA algorithm for compatibility purposes.
>> 1763
>> 1764 config CRYPTO_TWOFISH
>> 1765 tristate "Twofish cipher algorithm"
>> 1766 select CRYPTO_ALGAPI
>> 1767 select CRYPTO_TWOFISH_COMMON
>> 1768 help
>> 1769 Twofish cipher algorithm.
>> 1770
>> 1771 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1772 candidate cipher by researchers at CounterPane Systems. It is a
>> 1773 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1774 bits.
>> 1775
>> 1776 See also:
>> 1777 <https://www.schneier.com/twofish.html>
>> 1778
>> 1779 config CRYPTO_TWOFISH_COMMON
>> 1780 tristate
>> 1781 help
>> 1782 Common parts of the Twofish cipher algorithm shared by the
>> 1783 generic c and the assembler implementations.
>> 1784
>> 1785 config CRYPTO_TWOFISH_586
>> 1786 tristate "Twofish cipher algorithms (i586)"
>> 1787 depends on (X86 || UML_X86) && !64BIT
>> 1788 select CRYPTO_ALGAPI
>> 1789 select CRYPTO_TWOFISH_COMMON
>> 1790 imply CRYPTO_CTR
>> 1791 help
>> 1792 Twofish cipher algorithm.
>> 1793
>> 1794 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1795 candidate cipher by researchers at CounterPane Systems. It is a
>> 1796 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1797 bits.
>> 1798
>> 1799 See also:
>> 1800 <https://www.schneier.com/twofish.html>
>> 1801
>> 1802 config CRYPTO_TWOFISH_X86_64
>> 1803 tristate "Twofish cipher algorithm (x86_64)"
>> 1804 depends on (X86 || UML_X86) && 64BIT
>> 1805 select CRYPTO_ALGAPI
>> 1806 select CRYPTO_TWOFISH_COMMON
>> 1807 imply CRYPTO_CTR
>> 1808 help
>> 1809 Twofish cipher algorithm (x86_64).
>> 1810
>> 1811 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1812 candidate cipher by researchers at CounterPane Systems. It is a
>> 1813 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1814 bits.
>> 1815
>> 1816 See also:
>> 1817 <https://www.schneier.com/twofish.html>
>> 1818
>> 1819 config CRYPTO_TWOFISH_X86_64_3WAY
>> 1820 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
>> 1821 depends on X86 && 64BIT
>> 1822 select CRYPTO_SKCIPHER
>> 1823 select CRYPTO_TWOFISH_COMMON
>> 1824 select CRYPTO_TWOFISH_X86_64
>> 1825 help
>> 1826 Twofish cipher algorithm (x86_64, 3-way parallel).
>> 1827
>> 1828 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1829 candidate cipher by researchers at CounterPane Systems. It is a
>> 1830 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1831 bits.
>> 1832
>> 1833 This module provides Twofish cipher algorithm that processes three
>> 1834 blocks parallel, utilizing resources of out-of-order CPUs better.
>> 1835
>> 1836 See also:
>> 1837 <https://www.schneier.com/twofish.html>
>> 1838
>> 1839 config CRYPTO_TWOFISH_AVX_X86_64
>> 1840 tristate "Twofish cipher algorithm (x86_64/AVX)"
>> 1841 depends on X86 && 64BIT
>> 1842 select CRYPTO_SKCIPHER
>> 1843 select CRYPTO_SIMD
>> 1844 select CRYPTO_TWOFISH_COMMON
>> 1845 select CRYPTO_TWOFISH_X86_64
>> 1846 select CRYPTO_TWOFISH_X86_64_3WAY
>> 1847 imply CRYPTO_XTS
>> 1848 help
>> 1849 Twofish cipher algorithm (x86_64/AVX).
>> 1850
>> 1851 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1852 candidate cipher by researchers at CounterPane Systems. It is a
>> 1853 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1854 bits.
>> 1855
>> 1856 This module provides the Twofish cipher algorithm that processes
>> 1857 eight blocks parallel using the AVX Instruction Set.
>> 1858
>> 1859 See also:
>> 1860 <https://www.schneier.com/twofish.html>
>> 1861
>> 1862 comment "Compression"
1123 1863
1124 config CRYPTO_DEFLATE 1864 config CRYPTO_DEFLATE
1125 tristate "Deflate" !! 1865 tristate "Deflate compression algorithm"
1126 select CRYPTO_ALGAPI 1866 select CRYPTO_ALGAPI
1127 select CRYPTO_ACOMP2 1867 select CRYPTO_ACOMP2
1128 select ZLIB_INFLATE 1868 select ZLIB_INFLATE
1129 select ZLIB_DEFLATE 1869 select ZLIB_DEFLATE
1130 help 1870 help
1131 Deflate compression algorithm (RFC1 !! 1871 This is the Deflate algorithm (RFC1951), specified for use in
>> 1872 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1132 1873
1133 Used by IPSec with the IPCOMP proto !! 1874 You will most probably want this if using IPSec.
1134 1875
1135 config CRYPTO_LZO 1876 config CRYPTO_LZO
1136 tristate "LZO" !! 1877 tristate "LZO compression algorithm"
1137 select CRYPTO_ALGAPI 1878 select CRYPTO_ALGAPI
1138 select CRYPTO_ACOMP2 1879 select CRYPTO_ACOMP2
1139 select LZO_COMPRESS 1880 select LZO_COMPRESS
1140 select LZO_DECOMPRESS 1881 select LZO_DECOMPRESS
1141 help 1882 help
1142 LZO compression algorithm !! 1883 This is the LZO algorithm.
1143 <<
1144 See https://www.oberhumer.com/opens <<
1145 1884
1146 config CRYPTO_842 1885 config CRYPTO_842
1147 tristate "842" !! 1886 tristate "842 compression algorithm"
1148 select CRYPTO_ALGAPI 1887 select CRYPTO_ALGAPI
1149 select CRYPTO_ACOMP2 1888 select CRYPTO_ACOMP2
1150 select 842_COMPRESS 1889 select 842_COMPRESS
1151 select 842_DECOMPRESS 1890 select 842_DECOMPRESS
1152 help 1891 help
1153 842 compression algorithm by IBM !! 1892 This is the 842 algorithm.
1154 <<
1155 See https://github.com/plauth/lib84 <<
1156 1893
1157 config CRYPTO_LZ4 1894 config CRYPTO_LZ4
1158 tristate "LZ4" !! 1895 tristate "LZ4 compression algorithm"
1159 select CRYPTO_ALGAPI 1896 select CRYPTO_ALGAPI
1160 select CRYPTO_ACOMP2 1897 select CRYPTO_ACOMP2
1161 select LZ4_COMPRESS 1898 select LZ4_COMPRESS
1162 select LZ4_DECOMPRESS 1899 select LZ4_DECOMPRESS
1163 help 1900 help
1164 LZ4 compression algorithm !! 1901 This is the LZ4 algorithm.
1165 <<
1166 See https://github.com/lz4/lz4 for <<
1167 1902
1168 config CRYPTO_LZ4HC 1903 config CRYPTO_LZ4HC
1169 tristate "LZ4HC" !! 1904 tristate "LZ4HC compression algorithm"
1170 select CRYPTO_ALGAPI 1905 select CRYPTO_ALGAPI
1171 select CRYPTO_ACOMP2 1906 select CRYPTO_ACOMP2
1172 select LZ4HC_COMPRESS 1907 select LZ4HC_COMPRESS
1173 select LZ4_DECOMPRESS 1908 select LZ4_DECOMPRESS
1174 help 1909 help
1175 LZ4 high compression mode algorithm !! 1910 This is the LZ4 high compression mode algorithm.
1176 <<
1177 See https://github.com/lz4/lz4 for <<
1178 1911
1179 config CRYPTO_ZSTD 1912 config CRYPTO_ZSTD
1180 tristate "Zstd" !! 1913 tristate "Zstd compression algorithm"
1181 select CRYPTO_ALGAPI 1914 select CRYPTO_ALGAPI
1182 select CRYPTO_ACOMP2 1915 select CRYPTO_ACOMP2
1183 select ZSTD_COMPRESS 1916 select ZSTD_COMPRESS
1184 select ZSTD_DECOMPRESS 1917 select ZSTD_DECOMPRESS
1185 help 1918 help
1186 zstd compression algorithm !! 1919 This is the zstd algorithm.
1187 <<
1188 See https://github.com/facebook/zst <<
1189 1920
1190 endmenu !! 1921 comment "Random Number Generation"
1191 <<
1192 menu "Random number generation" <<
1193 1922
1194 config CRYPTO_ANSI_CPRNG 1923 config CRYPTO_ANSI_CPRNG
1195 tristate "ANSI PRNG (Pseudo Random Nu !! 1924 tristate "Pseudo Random Number Generation for Cryptographic modules"
1196 select CRYPTO_AES 1925 select CRYPTO_AES
1197 select CRYPTO_RNG 1926 select CRYPTO_RNG
1198 help 1927 help
1199 Pseudo RNG (random number generator !! 1928 This option enables the generic pseudo random number generator
1200 !! 1929 for cryptographic modules. Uses the Algorithm specified in
1201 This uses the AES cipher algorithm. !! 1930 ANSI X9.31 A.2.4. Note that this option must be enabled if
1202 !! 1931 CRYPTO_FIPS is selected
1203 Note that this option must be enabl <<
1204 1932
1205 menuconfig CRYPTO_DRBG_MENU 1933 menuconfig CRYPTO_DRBG_MENU
1206 tristate "NIST SP800-90A DRBG (Determ !! 1934 tristate "NIST SP800-90A DRBG"
1207 help 1935 help
1208 DRBG (Deterministic Random Bit Gene !! 1936 NIST SP800-90A compliant DRBG. In the following submenu, one or
1209 !! 1937 more of the DRBG types must be selected.
1210 In the following submenu, one or mo <<
1211 1938
1212 if CRYPTO_DRBG_MENU 1939 if CRYPTO_DRBG_MENU
1213 1940
1214 config CRYPTO_DRBG_HMAC 1941 config CRYPTO_DRBG_HMAC
1215 bool 1942 bool
1216 default y 1943 default y
1217 select CRYPTO_HMAC 1944 select CRYPTO_HMAC
1218 select CRYPTO_SHA512 1945 select CRYPTO_SHA512
1219 1946
1220 config CRYPTO_DRBG_HASH 1947 config CRYPTO_DRBG_HASH
1221 bool "Hash_DRBG" !! 1948 bool "Enable Hash DRBG"
1222 select CRYPTO_SHA256 1949 select CRYPTO_SHA256
1223 help 1950 help
1224 Hash_DRBG variant as defined in NIS !! 1951 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1225 <<
1226 This uses the SHA-1, SHA-256, SHA-3 <<
1227 1952
1228 config CRYPTO_DRBG_CTR 1953 config CRYPTO_DRBG_CTR
1229 bool "CTR_DRBG" !! 1954 bool "Enable CTR DRBG"
1230 select CRYPTO_AES 1955 select CRYPTO_AES
1231 select CRYPTO_CTR 1956 select CRYPTO_CTR
1232 help 1957 help
1233 CTR_DRBG variant as defined in NIST !! 1958 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1234 <<
1235 This uses the AES cipher algorithm <<
1236 1959
1237 config CRYPTO_DRBG 1960 config CRYPTO_DRBG
1238 tristate 1961 tristate
1239 default CRYPTO_DRBG_MENU 1962 default CRYPTO_DRBG_MENU
1240 select CRYPTO_RNG 1963 select CRYPTO_RNG
1241 select CRYPTO_JITTERENTROPY 1964 select CRYPTO_JITTERENTROPY
1242 1965
1243 endif # if CRYPTO_DRBG_MENU 1966 endif # if CRYPTO_DRBG_MENU
1244 1967
1245 config CRYPTO_JITTERENTROPY 1968 config CRYPTO_JITTERENTROPY
1246 tristate "CPU Jitter Non-Deterministi !! 1969 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1247 select CRYPTO_RNG 1970 select CRYPTO_RNG
1248 select CRYPTO_SHA3 <<
1249 help 1971 help
1250 CPU Jitter RNG (Random Number Gener !! 1972 The Jitterentropy RNG is a noise that is intended
1251 !! 1973 to provide seed to another RNG. The RNG does not
1252 A non-physical non-deterministic (" !! 1974 perform any cryptographic whitening of the generated
1253 compliant with NIST SP800-90B) inte !! 1975 random numbers. This Jitterentropy RNG registers with
1254 deterministic RNG (e.g., per NIST S !! 1976 the kernel crypto API and can be used by any caller.
1255 This RNG does not perform any crypt <<
1256 random numbers. <<
1257 <<
1258 See https://www.chronox.de/jent/ <<
1259 <<
1260 if CRYPTO_JITTERENTROPY <<
1261 if CRYPTO_FIPS && EXPERT <<
1262 <<
1263 choice <<
1264 prompt "CPU Jitter RNG Memory Size" <<
1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ <<
1266 help <<
1267 The Jitter RNG measures the executi <<
1268 Multiple consecutive memory accesse <<
1269 size fits into a cache (e.g. L1), o <<
1270 to that cache is measured. The clos <<
1271 the less variations are measured an <<
1272 obtained. Thus, if the memory size <<
1273 obtained entropy is less than if th <<
1274 L1 + L2, which in turn is less if t <<
1275 L1 + L2 + L3. Thus, by selecting a <<
1276 the entropy rate produced by the Ji <<
1277 <<
1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 <<
1279 bool "2048 Bytes (default)" <<
1280 <<
1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1282 bool "128 kBytes" <<
1283 <<
1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1285 bool "1024 kBytes" <<
1286 <<
1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 <<
1288 bool "8192 kBytes" <<
1289 endchoice <<
1290 <<
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1292 int <<
1293 default 64 if CRYPTO_JITTERENTROPY_ME <<
1294 default 512 if CRYPTO_JITTERENTROPY_M <<
1295 default 1024 if CRYPTO_JITTERENTROPY_ <<
1296 default 4096 if CRYPTO_JITTERENTROPY_ <<
1297 <<
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1299 int <<
1300 default 32 if CRYPTO_JITTERENTROPY_ME <<
1301 default 256 if CRYPTO_JITTERENTROPY_M <<
1302 default 1024 if CRYPTO_JITTERENTROPY_ <<
1303 default 2048 if CRYPTO_JITTERENTROPY_ <<
1304 <<
1305 config CRYPTO_JITTERENTROPY_OSR <<
1306 int "CPU Jitter RNG Oversampling Rate <<
1307 range 1 15 <<
1308 default 3 <<
1309 help <<
1310 The Jitter RNG allows the specifica <<
1311 The Jitter RNG operation requires a <<
1312 measurements to produce one output <<
1313 OSR value is multiplied with the am <<
1314 generate one output block. Thus, th <<
1315 by the OSR factor. The oversampling <<
1316 on hardware whose timers deliver li <<
1317 the timer is coarse) by setting the <<
1318 trade-off, however, is that the Jit <<
1319 to generate random numbers. <<
1320 <<
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1322 bool "CPU Jitter RNG Test Interface" <<
1323 help <<
1324 The test interface allows a privile <<
1325 the raw unconditioned high resoluti <<
1326 is collected by the Jitter RNG for <<
1327 this data is used at the same time <<
1328 the Jitter RNG operates in an insec <<
1329 recording is enabled. This interfac <<
1330 intended for testing purposes and i <<
1331 production systems. <<
1332 <<
1333 The raw noise data can be obtained <<
1334 debugfs file. Using the option <<
1335 jitterentropy_testing.boot_raw_hire <<
1336 the first 1000 entropy events since <<
1337 <<
1338 If unsure, select N. <<
1339 <<
1340 endif # if CRYPTO_FIPS && EXPERT <<
1341 <<
1342 if !(CRYPTO_FIPS && EXPERT) <<
1343 <<
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1345 int <<
1346 default 64 <<
1347 <<
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1349 int <<
1350 default 32 <<
1351 <<
1352 config CRYPTO_JITTERENTROPY_OSR <<
1353 int <<
1354 default 1 <<
1355 <<
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1357 bool <<
1358 <<
1359 endif # if !(CRYPTO_FIPS && EXPERT) <<
1360 endif # if CRYPTO_JITTERENTROPY <<
1361 1977
1362 config CRYPTO_KDF800108_CTR 1978 config CRYPTO_KDF800108_CTR
1363 tristate 1979 tristate
1364 select CRYPTO_HMAC 1980 select CRYPTO_HMAC
1365 select CRYPTO_SHA256 1981 select CRYPTO_SHA256
1366 1982
1367 endmenu <<
1368 menu "Userspace interface" <<
1369 <<
1370 config CRYPTO_USER_API 1983 config CRYPTO_USER_API
1371 tristate 1984 tristate
1372 1985
1373 config CRYPTO_USER_API_HASH 1986 config CRYPTO_USER_API_HASH
1374 tristate "Hash algorithms" !! 1987 tristate "User-space interface for hash algorithms"
1375 depends on NET 1988 depends on NET
1376 select CRYPTO_HASH 1989 select CRYPTO_HASH
1377 select CRYPTO_USER_API 1990 select CRYPTO_USER_API
1378 help 1991 help
1379 Enable the userspace interface for !! 1992 This option enables the user-spaces interface for hash
1380 !! 1993 algorithms.
1381 See Documentation/crypto/userspace- <<
1382 https://www.chronox.de/libkcapi/htm <<
1383 1994
1384 config CRYPTO_USER_API_SKCIPHER 1995 config CRYPTO_USER_API_SKCIPHER
1385 tristate "Symmetric key cipher algori !! 1996 tristate "User-space interface for symmetric key cipher algorithms"
1386 depends on NET 1997 depends on NET
1387 select CRYPTO_SKCIPHER 1998 select CRYPTO_SKCIPHER
1388 select CRYPTO_USER_API 1999 select CRYPTO_USER_API
1389 help 2000 help
1390 Enable the userspace interface for !! 2001 This option enables the user-spaces interface for symmetric
1391 !! 2002 key cipher algorithms.
1392 See Documentation/crypto/userspace- <<
1393 https://www.chronox.de/libkcapi/htm <<
1394 2003
1395 config CRYPTO_USER_API_RNG 2004 config CRYPTO_USER_API_RNG
1396 tristate "RNG (random number generato !! 2005 tristate "User-space interface for random number generator algorithms"
1397 depends on NET 2006 depends on NET
1398 select CRYPTO_RNG 2007 select CRYPTO_RNG
1399 select CRYPTO_USER_API 2008 select CRYPTO_USER_API
1400 help 2009 help
1401 Enable the userspace interface for !! 2010 This option enables the user-spaces interface for random
1402 algorithms. !! 2011 number generator algorithms.
1403 <<
1404 See Documentation/crypto/userspace- <<
1405 https://www.chronox.de/libkcapi/htm <<
1406 2012
1407 config CRYPTO_USER_API_RNG_CAVP 2013 config CRYPTO_USER_API_RNG_CAVP
1408 bool "Enable CAVP testing of DRBG" 2014 bool "Enable CAVP testing of DRBG"
1409 depends on CRYPTO_USER_API_RNG && CRY 2015 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
1410 help 2016 help
1411 Enable extra APIs in the userspace !! 2017 This option enables extra API for CAVP testing via the user-space
1412 (Cryptographic Algorithm Validation !! 2018 interface: resetting of DRBG entropy, and providing Additional Data.
1413 - resetting DRBG entropy <<
1414 - providing Additional Data <<
1415 <<
1416 This should only be enabled for CAV 2019 This should only be enabled for CAVP testing. You should say
1417 no unless you know what this is. 2020 no unless you know what this is.
1418 2021
1419 config CRYPTO_USER_API_AEAD 2022 config CRYPTO_USER_API_AEAD
1420 tristate "AEAD cipher algorithms" !! 2023 tristate "User-space interface for AEAD cipher algorithms"
1421 depends on NET 2024 depends on NET
1422 select CRYPTO_AEAD 2025 select CRYPTO_AEAD
1423 select CRYPTO_SKCIPHER 2026 select CRYPTO_SKCIPHER
1424 select CRYPTO_NULL 2027 select CRYPTO_NULL
1425 select CRYPTO_USER_API 2028 select CRYPTO_USER_API
1426 help 2029 help
1427 Enable the userspace interface for !! 2030 This option enables the user-spaces interface for AEAD
1428 !! 2031 cipher algorithms.
1429 See Documentation/crypto/userspace- <<
1430 https://www.chronox.de/libkcapi/htm <<
1431 2032
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE 2033 config CRYPTO_USER_API_ENABLE_OBSOLETE
1433 bool "Obsolete cryptographic algorith !! 2034 bool "Enable obsolete cryptographic algorithms for userspace"
1434 depends on CRYPTO_USER_API 2035 depends on CRYPTO_USER_API
1435 default y 2036 default y
1436 help 2037 help
1437 Allow obsolete cryptographic algori 2038 Allow obsolete cryptographic algorithms to be selected that have
1438 already been phased out from intern 2039 already been phased out from internal use by the kernel, and are
1439 only useful for userspace clients t 2040 only useful for userspace clients that still rely on them.
1440 2041
1441 endmenu !! 2042 config CRYPTO_STATS
>> 2043 bool "Crypto usage statistics for User-space"
>> 2044 depends on CRYPTO_USER
>> 2045 help
>> 2046 This option enables the gathering of crypto stats.
>> 2047 This will collect:
>> 2048 - encrypt/decrypt size and numbers of symmeric operations
>> 2049 - compress/decompress size and numbers of compress operations
>> 2050 - size and numbers of hash operations
>> 2051 - encrypt/decrypt/sign/verify numbers for asymmetric operations
>> 2052 - generate/seed numbers for rng operations
1442 2053
1443 config CRYPTO_HASH_INFO 2054 config CRYPTO_HASH_INFO
1444 bool 2055 bool
1445 <<
1446 if !KMSAN # avoid false positives from assemb <<
1447 if ARM <<
1448 source "arch/arm/crypto/Kconfig" <<
1449 endif <<
1450 if ARM64 <<
1451 source "arch/arm64/crypto/Kconfig" <<
1452 endif <<
1453 if LOONGARCH <<
1454 source "arch/loongarch/crypto/Kconfig" <<
1455 endif <<
1456 if MIPS <<
1457 source "arch/mips/crypto/Kconfig" <<
1458 endif <<
1459 if PPC <<
1460 source "arch/powerpc/crypto/Kconfig" <<
1461 endif <<
1462 if RISCV <<
1463 source "arch/riscv/crypto/Kconfig" <<
1464 endif <<
1465 if S390 <<
1466 source "arch/s390/crypto/Kconfig" <<
1467 endif <<
1468 if SPARC <<
1469 source "arch/sparc/crypto/Kconfig" <<
1470 endif <<
1471 if X86 <<
1472 source "arch/x86/crypto/Kconfig" <<
1473 endif <<
1474 endif <<
1475 2056
1476 source "drivers/crypto/Kconfig" 2057 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig" 2058 source "crypto/asymmetric_keys/Kconfig"
1478 source "certs/Kconfig" 2059 source "certs/Kconfig"
1479 2060
1480 endif # if CRYPTO 2061 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.