1 # SPDX-License-Identifier: GPL-2.0 1 # SPDX-License-Identifier: GPL-2.0
2 # 2 #
3 # Generic algorithms support 3 # Generic algorithms support
4 # 4 #
5 config XOR_BLOCKS 5 config XOR_BLOCKS
6 tristate 6 tristate
7 7
8 # 8 #
9 # async_tx api: hardware offloaded memory tran 9 # async_tx api: hardware offloaded memory transfer/transform support
10 # 10 #
11 source "crypto/async_tx/Kconfig" 11 source "crypto/async_tx/Kconfig"
12 12
13 # 13 #
14 # Cryptographic API Configuration 14 # Cryptographic API Configuration
15 # 15 #
16 menuconfig CRYPTO 16 menuconfig CRYPTO
17 tristate "Cryptographic API" 17 tristate "Cryptographic API"
18 select CRYPTO_LIB_UTILS <<
19 help 18 help
20 This option provides the core Crypto 19 This option provides the core Cryptographic API.
21 20
22 if CRYPTO 21 if CRYPTO
23 22
24 menu "Crypto core or helper" !! 23 comment "Crypto core or helper"
25 24
26 config CRYPTO_FIPS 25 config CRYPTO_FIPS
27 bool "FIPS 200 compliance" 26 bool "FIPS 200 compliance"
28 depends on (CRYPTO_ANSI_CPRNG || CRYPT 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
29 depends on (MODULE_SIG || !MODULES) 28 depends on (MODULE_SIG || !MODULES)
30 help 29 help
31 This option enables the fips boot op 30 This option enables the fips boot option which is
32 required if you want the system to o 31 required if you want the system to operate in a FIPS 200
33 certification. You should say no un 32 certification. You should say no unless you know what
34 this is. 33 this is.
35 34
36 config CRYPTO_FIPS_NAME <<
37 string "FIPS Module Name" <<
38 default "Linux Kernel Cryptographic AP <<
39 depends on CRYPTO_FIPS <<
40 help <<
41 This option sets the FIPS Module nam <<
42 the /proc/sys/crypto/fips_name file. <<
43 <<
44 config CRYPTO_FIPS_CUSTOM_VERSION <<
45 bool "Use Custom FIPS Module Version" <<
46 depends on CRYPTO_FIPS <<
47 default n <<
48 <<
49 config CRYPTO_FIPS_VERSION <<
50 string "FIPS Module Version" <<
51 default "(none)" <<
52 depends on CRYPTO_FIPS_CUSTOM_VERSION <<
53 help <<
54 This option provides the ability to <<
55 By default the KERNELRELEASE value i <<
56 <<
57 config CRYPTO_ALGAPI 35 config CRYPTO_ALGAPI
58 tristate 36 tristate
59 select CRYPTO_ALGAPI2 37 select CRYPTO_ALGAPI2
60 help 38 help
61 This option provides the API for cry 39 This option provides the API for cryptographic algorithms.
62 40
63 config CRYPTO_ALGAPI2 41 config CRYPTO_ALGAPI2
64 tristate 42 tristate
65 43
66 config CRYPTO_AEAD 44 config CRYPTO_AEAD
67 tristate 45 tristate
68 select CRYPTO_AEAD2 46 select CRYPTO_AEAD2
69 select CRYPTO_ALGAPI 47 select CRYPTO_ALGAPI
70 48
71 config CRYPTO_AEAD2 49 config CRYPTO_AEAD2
72 tristate 50 tristate
73 select CRYPTO_ALGAPI2 51 select CRYPTO_ALGAPI2
>> 52 select CRYPTO_NULL2
>> 53 select CRYPTO_RNG2
74 54
75 config CRYPTO_SIG !! 55 config CRYPTO_BLKCIPHER
76 tristate <<
77 select CRYPTO_SIG2 <<
78 select CRYPTO_ALGAPI <<
79 <<
80 config CRYPTO_SIG2 <<
81 tristate <<
82 select CRYPTO_ALGAPI2 <<
83 <<
84 config CRYPTO_SKCIPHER <<
85 tristate 56 tristate
86 select CRYPTO_SKCIPHER2 !! 57 select CRYPTO_BLKCIPHER2
87 select CRYPTO_ALGAPI 58 select CRYPTO_ALGAPI
88 select CRYPTO_ECB <<
89 59
90 config CRYPTO_SKCIPHER2 !! 60 config CRYPTO_BLKCIPHER2
91 tristate 61 tristate
92 select CRYPTO_ALGAPI2 62 select CRYPTO_ALGAPI2
>> 63 select CRYPTO_RNG2
>> 64 select CRYPTO_WORKQUEUE
93 65
94 config CRYPTO_HASH 66 config CRYPTO_HASH
95 tristate 67 tristate
96 select CRYPTO_HASH2 68 select CRYPTO_HASH2
97 select CRYPTO_ALGAPI 69 select CRYPTO_ALGAPI
98 70
99 config CRYPTO_HASH2 71 config CRYPTO_HASH2
100 tristate 72 tristate
101 select CRYPTO_ALGAPI2 73 select CRYPTO_ALGAPI2
102 74
103 config CRYPTO_RNG 75 config CRYPTO_RNG
104 tristate 76 tristate
105 select CRYPTO_RNG2 77 select CRYPTO_RNG2
106 select CRYPTO_ALGAPI 78 select CRYPTO_ALGAPI
107 79
108 config CRYPTO_RNG2 80 config CRYPTO_RNG2
109 tristate 81 tristate
110 select CRYPTO_ALGAPI2 82 select CRYPTO_ALGAPI2
111 83
112 config CRYPTO_RNG_DEFAULT 84 config CRYPTO_RNG_DEFAULT
113 tristate 85 tristate
114 select CRYPTO_DRBG_MENU 86 select CRYPTO_DRBG_MENU
115 87
116 config CRYPTO_AKCIPHER2 88 config CRYPTO_AKCIPHER2
117 tristate 89 tristate
118 select CRYPTO_ALGAPI2 90 select CRYPTO_ALGAPI2
119 91
120 config CRYPTO_AKCIPHER 92 config CRYPTO_AKCIPHER
121 tristate 93 tristate
122 select CRYPTO_AKCIPHER2 94 select CRYPTO_AKCIPHER2
123 select CRYPTO_ALGAPI 95 select CRYPTO_ALGAPI
124 96
125 config CRYPTO_KPP2 97 config CRYPTO_KPP2
126 tristate 98 tristate
127 select CRYPTO_ALGAPI2 99 select CRYPTO_ALGAPI2
128 100
129 config CRYPTO_KPP 101 config CRYPTO_KPP
130 tristate 102 tristate
131 select CRYPTO_ALGAPI 103 select CRYPTO_ALGAPI
132 select CRYPTO_KPP2 104 select CRYPTO_KPP2
133 105
134 config CRYPTO_ACOMP2 106 config CRYPTO_ACOMP2
135 tristate 107 tristate
136 select CRYPTO_ALGAPI2 108 select CRYPTO_ALGAPI2
137 select SGL_ALLOC 109 select SGL_ALLOC
138 110
139 config CRYPTO_ACOMP 111 config CRYPTO_ACOMP
140 tristate 112 tristate
141 select CRYPTO_ALGAPI 113 select CRYPTO_ALGAPI
142 select CRYPTO_ACOMP2 114 select CRYPTO_ACOMP2
143 115
144 config CRYPTO_MANAGER 116 config CRYPTO_MANAGER
145 tristate "Cryptographic algorithm mana 117 tristate "Cryptographic algorithm manager"
146 select CRYPTO_MANAGER2 118 select CRYPTO_MANAGER2
147 help 119 help
148 Create default cryptographic templat 120 Create default cryptographic template instantiations such as
149 cbc(aes). 121 cbc(aes).
150 122
151 config CRYPTO_MANAGER2 123 config CRYPTO_MANAGER2
152 def_tristate CRYPTO_MANAGER || (CRYPTO 124 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153 select CRYPTO_ACOMP2 <<
154 select CRYPTO_AEAD2 125 select CRYPTO_AEAD2
155 select CRYPTO_AKCIPHER2 <<
156 select CRYPTO_SIG2 <<
157 select CRYPTO_HASH2 126 select CRYPTO_HASH2
>> 127 select CRYPTO_BLKCIPHER2
>> 128 select CRYPTO_AKCIPHER2
158 select CRYPTO_KPP2 129 select CRYPTO_KPP2
159 select CRYPTO_RNG2 !! 130 select CRYPTO_ACOMP2
160 select CRYPTO_SKCIPHER2 <<
161 131
162 config CRYPTO_USER 132 config CRYPTO_USER
163 tristate "Userspace cryptographic algo 133 tristate "Userspace cryptographic algorithm configuration"
164 depends on NET 134 depends on NET
165 select CRYPTO_MANAGER 135 select CRYPTO_MANAGER
166 help 136 help
167 Userspace configuration for cryptogr 137 Userspace configuration for cryptographic instantiations such as
168 cbc(aes). 138 cbc(aes).
169 139
170 config CRYPTO_MANAGER_DISABLE_TESTS 140 config CRYPTO_MANAGER_DISABLE_TESTS
171 bool "Disable run-time self tests" 141 bool "Disable run-time self tests"
172 default y 142 default y
>> 143 depends on CRYPTO_MANAGER2
173 help 144 help
174 Disable run-time self tests that nor 145 Disable run-time self tests that normally take place at
175 algorithm registration. 146 algorithm registration.
176 147
177 config CRYPTO_MANAGER_EXTRA_TESTS 148 config CRYPTO_MANAGER_EXTRA_TESTS
178 bool "Enable extra run-time crypto sel 149 bool "Enable extra run-time crypto self tests"
179 depends on DEBUG_KERNEL && !CRYPTO_MAN !! 150 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS
180 help 151 help
181 Enable extra run-time self tests of 152 Enable extra run-time self tests of registered crypto algorithms,
182 including randomized fuzz tests. 153 including randomized fuzz tests.
183 154
184 This is intended for developer use o 155 This is intended for developer use only, as these tests take much
185 longer to run than the normal self t 156 longer to run than the normal self tests.
186 157
>> 158 config CRYPTO_GF128MUL
>> 159 tristate "GF(2^128) multiplication functions"
>> 160 help
>> 161 Efficient table driven implementation of multiplications in the
>> 162 field GF(2^128). This is needed by some cypher modes. This
>> 163 option will be selected automatically if you select such a
>> 164 cipher mode. Only select this option by hand if you expect to load
>> 165 an external module that requires these functions.
>> 166
187 config CRYPTO_NULL 167 config CRYPTO_NULL
188 tristate "Null algorithms" 168 tristate "Null algorithms"
189 select CRYPTO_NULL2 169 select CRYPTO_NULL2
190 help 170 help
191 These are 'Null' algorithms, used by 171 These are 'Null' algorithms, used by IPsec, which do nothing.
192 172
193 config CRYPTO_NULL2 173 config CRYPTO_NULL2
194 tristate 174 tristate
195 select CRYPTO_ALGAPI2 175 select CRYPTO_ALGAPI2
196 select CRYPTO_SKCIPHER2 !! 176 select CRYPTO_BLKCIPHER2
197 select CRYPTO_HASH2 177 select CRYPTO_HASH2
198 178
199 config CRYPTO_PCRYPT 179 config CRYPTO_PCRYPT
200 tristate "Parallel crypto engine" 180 tristate "Parallel crypto engine"
201 depends on SMP 181 depends on SMP
202 select PADATA 182 select PADATA
203 select CRYPTO_MANAGER 183 select CRYPTO_MANAGER
204 select CRYPTO_AEAD 184 select CRYPTO_AEAD
205 help 185 help
206 This converts an arbitrary crypto al 186 This converts an arbitrary crypto algorithm into a parallel
207 algorithm that executes in kernel th 187 algorithm that executes in kernel threads.
208 188
>> 189 config CRYPTO_WORKQUEUE
>> 190 tristate
>> 191
209 config CRYPTO_CRYPTD 192 config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon 193 tristate "Software async crypto daemon"
211 select CRYPTO_SKCIPHER !! 194 select CRYPTO_BLKCIPHER
212 select CRYPTO_HASH 195 select CRYPTO_HASH
213 select CRYPTO_MANAGER 196 select CRYPTO_MANAGER
>> 197 select CRYPTO_WORKQUEUE
214 help 198 help
215 This is a generic software asynchron 199 This is a generic software asynchronous crypto daemon that
216 converts an arbitrary synchronous so 200 converts an arbitrary synchronous software crypto algorithm
217 into an asynchronous algorithm that 201 into an asynchronous algorithm that executes in a kernel thread.
218 202
219 config CRYPTO_AUTHENC 203 config CRYPTO_AUTHENC
220 tristate "Authenc support" 204 tristate "Authenc support"
221 select CRYPTO_AEAD 205 select CRYPTO_AEAD
222 select CRYPTO_SKCIPHER !! 206 select CRYPTO_BLKCIPHER
223 select CRYPTO_MANAGER 207 select CRYPTO_MANAGER
224 select CRYPTO_HASH 208 select CRYPTO_HASH
225 select CRYPTO_NULL 209 select CRYPTO_NULL
226 help 210 help
227 Authenc: Combined mode wrapper for I 211 Authenc: Combined mode wrapper for IPsec.
228 !! 212 This is required for IPSec.
229 This is required for IPSec ESP (XFRM <<
230 213
231 config CRYPTO_TEST 214 config CRYPTO_TEST
232 tristate "Testing module" 215 tristate "Testing module"
233 depends on m || EXPERT !! 216 depends on m
234 select CRYPTO_MANAGER 217 select CRYPTO_MANAGER
235 help 218 help
236 Quick & dirty crypto test module. 219 Quick & dirty crypto test module.
237 220
238 config CRYPTO_SIMD 221 config CRYPTO_SIMD
239 tristate 222 tristate
240 select CRYPTO_CRYPTD 223 select CRYPTO_CRYPTD
241 224
242 config CRYPTO_ENGINE !! 225 config CRYPTO_GLUE_HELPER_X86
243 tristate 226 tristate
>> 227 depends on X86
>> 228 select CRYPTO_BLKCIPHER
244 229
245 endmenu !! 230 config CRYPTO_ENGINE
>> 231 tristate
246 232
247 menu "Public-key cryptography" !! 233 comment "Public-key cryptography"
248 234
249 config CRYPTO_RSA 235 config CRYPTO_RSA
250 tristate "RSA (Rivest-Shamir-Adleman)" !! 236 tristate "RSA algorithm"
251 select CRYPTO_AKCIPHER 237 select CRYPTO_AKCIPHER
252 select CRYPTO_MANAGER 238 select CRYPTO_MANAGER
253 select MPILIB 239 select MPILIB
254 select ASN1 240 select ASN1
255 help 241 help
256 RSA (Rivest-Shamir-Adleman) public k !! 242 Generic implementation of the RSA public key algorithm.
257 243
258 config CRYPTO_DH 244 config CRYPTO_DH
259 tristate "DH (Diffie-Hellman)" !! 245 tristate "Diffie-Hellman algorithm"
260 select CRYPTO_KPP 246 select CRYPTO_KPP
261 select MPILIB 247 select MPILIB
262 help 248 help
263 DH (Diffie-Hellman) key exchange alg !! 249 Generic implementation of the Diffie-Hellman algorithm.
264 <<
265 config CRYPTO_DH_RFC7919_GROUPS <<
266 bool "RFC 7919 FFDHE groups" <<
267 depends on CRYPTO_DH <<
268 select CRYPTO_RNG_DEFAULT <<
269 help <<
270 FFDHE (Finite-Field-based Diffie-Hel <<
271 defined in RFC7919. <<
272 <<
273 Support these finite-field groups in <<
274 - ffdhe2048, ffdhe3072, ffdhe4096, f <<
275 <<
276 If unsure, say N. <<
277 250
278 config CRYPTO_ECC 251 config CRYPTO_ECC
279 tristate 252 tristate
280 select CRYPTO_RNG_DEFAULT <<
281 253
282 config CRYPTO_ECDH 254 config CRYPTO_ECDH
283 tristate "ECDH (Elliptic Curve Diffie- !! 255 tristate "ECDH algorithm"
284 select CRYPTO_ECC 256 select CRYPTO_ECC
285 select CRYPTO_KPP 257 select CRYPTO_KPP
>> 258 select CRYPTO_RNG_DEFAULT
286 help 259 help
287 ECDH (Elliptic Curve Diffie-Hellman) !! 260 Generic implementation of the ECDH algorithm
288 using curves P-192, P-256, and P-384 <<
289 <<
290 config CRYPTO_ECDSA <<
291 tristate "ECDSA (Elliptic Curve Digita <<
292 select CRYPTO_ECC <<
293 select CRYPTO_AKCIPHER <<
294 select ASN1 <<
295 help <<
296 ECDSA (Elliptic Curve Digital Signat <<
297 ISO/IEC 14888-3) <<
298 using curves P-192, P-256, and P-384 <<
299 <<
300 Only signature verification is imple <<
301 261
302 config CRYPTO_ECRDSA 262 config CRYPTO_ECRDSA
303 tristate "EC-RDSA (Elliptic Curve Russ !! 263 tristate "EC-RDSA (GOST 34.10) algorithm"
304 select CRYPTO_ECC 264 select CRYPTO_ECC
305 select CRYPTO_AKCIPHER 265 select CRYPTO_AKCIPHER
306 select CRYPTO_STREEBOG 266 select CRYPTO_STREEBOG
307 select OID_REGISTRY 267 select OID_REGISTRY
308 select ASN1 268 select ASN1
309 help 269 help
310 Elliptic Curve Russian Digital Signa 270 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
311 RFC 7091, ISO/IEC 14888-3) !! 271 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
>> 272 standard algorithms (called GOST algorithms). Only signature verification
>> 273 is implemented.
312 274
313 One of the Russian cryptographic sta !! 275 comment "Authenticated Encryption with Associated Data"
314 algorithms). Only signature verifica <<
315 276
316 config CRYPTO_CURVE25519 !! 277 config CRYPTO_CCM
317 tristate "Curve25519" !! 278 tristate "CCM support"
318 select CRYPTO_KPP !! 279 select CRYPTO_CTR
319 select CRYPTO_LIB_CURVE25519_GENERIC !! 280 select CRYPTO_HASH
>> 281 select CRYPTO_AEAD
320 help 282 help
321 Curve25519 elliptic curve (RFC7748) !! 283 Support for Counter with CBC MAC. Required for IPsec.
322 <<
323 endmenu <<
324 284
325 menu "Block ciphers" !! 285 config CRYPTO_GCM
326 !! 286 tristate "GCM/GMAC support"
327 config CRYPTO_AES !! 287 select CRYPTO_CTR
328 tristate "AES (Advanced Encryption Sta !! 288 select CRYPTO_AEAD
329 select CRYPTO_ALGAPI !! 289 select CRYPTO_GHASH
330 select CRYPTO_LIB_AES !! 290 select CRYPTO_NULL
331 help 291 help
332 AES cipher algorithms (Rijndael)(FIP !! 292 Support for Galois/Counter Mode (GCM) and Galois Message
>> 293 Authentication Code (GMAC). Required for IPSec.
333 294
334 Rijndael appears to be consistently !! 295 config CRYPTO_CHACHA20POLY1305
335 both hardware and software across a !! 296 tristate "ChaCha20-Poly1305 AEAD support"
336 environments regardless of its use i !! 297 select CRYPTO_CHACHA20
337 modes. Its key setup time is excelle !! 298 select CRYPTO_POLY1305
338 good. Rijndael's very low memory req !! 299 select CRYPTO_AEAD
339 suited for restricted-space environm <<
340 demonstrates excellent performance. <<
341 among the easiest to defend against <<
342 <<
343 The AES specifies three key sizes: 1 <<
344 <<
345 config CRYPTO_AES_TI <<
346 tristate "AES (Advanced Encryption Sta <<
347 select CRYPTO_ALGAPI <<
348 select CRYPTO_LIB_AES <<
349 help 300 help
350 AES cipher algorithms (Rijndael)(FIP !! 301 ChaCha20-Poly1305 AEAD support, RFC7539.
351 <<
352 This is a generic implementation of <<
353 data dependent latencies as much as <<
354 performance too much. It is intended <<
355 and GCM drivers, and other CTR or CM <<
356 solely on encryption (although decry <<
357 with a more dramatic performance hit <<
358 302
359 Instead of using 16 lookup tables of !! 303 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
360 8 for decryption), this implementati !! 304 with the Poly1305 authenticator. It is defined in RFC7539 for use in
361 256 bytes each, and attempts to elim !! 305 IETF protocols.
362 prefetching the entire table into th <<
363 block. Interrupts are also disabled <<
364 are evicted when the CPU is interrup <<
365 306
366 config CRYPTO_ANUBIS !! 307 config CRYPTO_AEGIS128
367 tristate "Anubis" !! 308 tristate "AEGIS-128 AEAD algorithm"
368 depends on CRYPTO_USER_API_ENABLE_OBSO !! 309 select CRYPTO_AEAD
369 select CRYPTO_ALGAPI !! 310 select CRYPTO_AES # for AES S-box tables
370 help 311 help
371 Anubis cipher algorithm !! 312 Support for the AEGIS-128 dedicated AEAD algorithm.
372 <<
373 Anubis is a variable key length ciph <<
374 128 bits to 320 bits in length. It <<
375 in the NESSIE competition. <<
376 313
377 See https://web.archive.org/web/2016 !! 314 config CRYPTO_AEGIS128L
378 for further information. !! 315 tristate "AEGIS-128L AEAD algorithm"
379 !! 316 select CRYPTO_AEAD
380 config CRYPTO_ARIA !! 317 select CRYPTO_AES # for AES S-box tables
381 tristate "ARIA" <<
382 select CRYPTO_ALGAPI <<
383 help 318 help
384 ARIA cipher algorithm (RFC5794) !! 319 Support for the AEGIS-128L dedicated AEAD algorithm.
385 320
386 ARIA is a standard encryption algori !! 321 config CRYPTO_AEGIS256
387 The ARIA specifies three key sizes a !! 322 tristate "AEGIS-256 AEAD algorithm"
388 128-bit: 12 rounds. !! 323 select CRYPTO_AEAD
389 192-bit: 14 rounds. !! 324 select CRYPTO_AES # for AES S-box tables
390 256-bit: 16 rounds. !! 325 help
>> 326 Support for the AEGIS-256 dedicated AEAD algorithm.
391 327
392 See: !! 328 config CRYPTO_AEGIS128_AESNI_SSE2
393 https://seed.kisa.or.kr/kisa/algorit !! 329 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
>> 330 depends on X86 && 64BIT
>> 331 select CRYPTO_AEAD
>> 332 select CRYPTO_SIMD
>> 333 help
>> 334 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
394 335
395 config CRYPTO_BLOWFISH !! 336 config CRYPTO_AEGIS128L_AESNI_SSE2
396 tristate "Blowfish" !! 337 tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
397 select CRYPTO_ALGAPI !! 338 depends on X86 && 64BIT
398 select CRYPTO_BLOWFISH_COMMON !! 339 select CRYPTO_AEAD
>> 340 select CRYPTO_SIMD
399 help 341 help
400 Blowfish cipher algorithm, by Bruce !! 342 AESNI+SSE2 implementation of the AEGIS-128L dedicated AEAD algorithm.
401 343
402 This is a variable key length cipher !! 344 config CRYPTO_AEGIS256_AESNI_SSE2
403 bits to 448 bits in length. It's fa !! 345 tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
404 designed for use on "large microproc !! 346 depends on X86 && 64BIT
>> 347 select CRYPTO_AEAD
>> 348 select CRYPTO_SIMD
>> 349 help
>> 350 AESNI+SSE2 implementation of the AEGIS-256 dedicated AEAD algorithm.
405 351
406 See https://www.schneier.com/blowfis !! 352 config CRYPTO_MORUS640
>> 353 tristate "MORUS-640 AEAD algorithm"
>> 354 select CRYPTO_AEAD
>> 355 help
>> 356 Support for the MORUS-640 dedicated AEAD algorithm.
407 357
408 config CRYPTO_BLOWFISH_COMMON !! 358 config CRYPTO_MORUS640_GLUE
409 tristate 359 tristate
>> 360 depends on X86
>> 361 select CRYPTO_AEAD
>> 362 select CRYPTO_SIMD
410 help 363 help
411 Common parts of the Blowfish cipher !! 364 Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
412 generic c and the assembler implemen !! 365 algorithm.
413 366
414 config CRYPTO_CAMELLIA !! 367 config CRYPTO_MORUS640_SSE2
415 tristate "Camellia" !! 368 tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
416 select CRYPTO_ALGAPI !! 369 depends on X86 && 64BIT
>> 370 select CRYPTO_AEAD
>> 371 select CRYPTO_MORUS640_GLUE
417 help 372 help
418 Camellia cipher algorithms (ISO/IEC !! 373 SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
419 374
420 Camellia is a symmetric key block ci !! 375 config CRYPTO_MORUS1280
421 at NTT and Mitsubishi Electric Corpo !! 376 tristate "MORUS-1280 AEAD algorithm"
422 !! 377 select CRYPTO_AEAD
423 The Camellia specifies three key siz !! 378 help
424 !! 379 Support for the MORUS-1280 dedicated AEAD algorithm.
425 See https://info.isl.ntt.co.jp/crypt <<
426 380
427 config CRYPTO_CAST_COMMON !! 381 config CRYPTO_MORUS1280_GLUE
428 tristate 382 tristate
>> 383 depends on X86
>> 384 select CRYPTO_AEAD
>> 385 select CRYPTO_SIMD
429 help 386 help
430 Common parts of the CAST cipher algo !! 387 Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
431 generic c and the assembler implemen !! 388 algorithm.
432 389
433 config CRYPTO_CAST5 !! 390 config CRYPTO_MORUS1280_SSE2
434 tristate "CAST5 (CAST-128)" !! 391 tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
435 select CRYPTO_ALGAPI !! 392 depends on X86 && 64BIT
436 select CRYPTO_CAST_COMMON !! 393 select CRYPTO_AEAD
>> 394 select CRYPTO_MORUS1280_GLUE
437 help 395 help
438 CAST5 (CAST-128) cipher algorithm (R !! 396 SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
>> 397 algorithm.
439 398
440 config CRYPTO_CAST6 !! 399 config CRYPTO_MORUS1280_AVX2
441 tristate "CAST6 (CAST-256)" !! 400 tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
442 select CRYPTO_ALGAPI !! 401 depends on X86 && 64BIT
443 select CRYPTO_CAST_COMMON !! 402 select CRYPTO_AEAD
>> 403 select CRYPTO_MORUS1280_GLUE
444 help 404 help
445 CAST6 (CAST-256) encryption algorith !! 405 AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
>> 406 algorithm.
446 407
447 config CRYPTO_DES !! 408 config CRYPTO_SEQIV
448 tristate "DES and Triple DES EDE" !! 409 tristate "Sequence Number IV Generator"
449 select CRYPTO_ALGAPI !! 410 select CRYPTO_AEAD
450 select CRYPTO_LIB_DES !! 411 select CRYPTO_BLKCIPHER
>> 412 select CRYPTO_NULL
>> 413 select CRYPTO_RNG_DEFAULT
451 help 414 help
452 DES (Data Encryption Standard)(FIPS !! 415 This IV generator generates an IV based on a sequence number by
453 Triple DES EDE (Encrypt/Decrypt/Encr !! 416 xoring it with a salt. This algorithm is mainly useful for CTR
454 cipher algorithms <<
455 417
456 config CRYPTO_FCRYPT !! 418 config CRYPTO_ECHAINIV
457 tristate "FCrypt" !! 419 tristate "Encrypted Chain IV Generator"
458 select CRYPTO_ALGAPI !! 420 select CRYPTO_AEAD
459 select CRYPTO_SKCIPHER !! 421 select CRYPTO_NULL
>> 422 select CRYPTO_RNG_DEFAULT
>> 423 default m
460 help 424 help
461 FCrypt algorithm used by RxRPC !! 425 This IV generator generates an IV based on the encryption of
>> 426 a sequence number xored with a salt. This is the default
>> 427 algorithm for CBC.
462 428
463 See https://ota.polyonymo.us/fcrypt- !! 429 comment "Block modes"
464 430
465 config CRYPTO_KHAZAD !! 431 config CRYPTO_CBC
466 tristate "Khazad" !! 432 tristate "CBC support"
467 depends on CRYPTO_USER_API_ENABLE_OBSO !! 433 select CRYPTO_BLKCIPHER
468 select CRYPTO_ALGAPI !! 434 select CRYPTO_MANAGER
469 help 435 help
470 Khazad cipher algorithm !! 436 CBC: Cipher Block Chaining mode
471 !! 437 This block cipher algorithm is required for IPSec.
472 Khazad was a finalist in the initial <<
473 an algorithm optimized for 64-bit pr <<
474 on 32-bit processors. Khazad uses a <<
475 <<
476 See https://web.archive.org/web/2017 <<
477 for further information. <<
478 438
479 config CRYPTO_SEED !! 439 config CRYPTO_CFB
480 tristate "SEED" !! 440 tristate "CFB support"
481 depends on CRYPTO_USER_API_ENABLE_OBSO !! 441 select CRYPTO_BLKCIPHER
482 select CRYPTO_ALGAPI !! 442 select CRYPTO_MANAGER
483 help 443 help
484 SEED cipher algorithm (RFC4269, ISO/ !! 444 CFB: Cipher FeedBack mode
>> 445 This block cipher algorithm is required for TPM2 Cryptography.
485 446
486 SEED is a 128-bit symmetric key bloc !! 447 config CRYPTO_CTR
487 developed by KISA (Korea Information !! 448 tristate "CTR support"
488 national standard encryption algorit !! 449 select CRYPTO_BLKCIPHER
489 It is a 16 round block cipher with t !! 450 select CRYPTO_SEQIV
490 !! 451 select CRYPTO_MANAGER
491 See https://seed.kisa.or.kr/kisa/alg <<
492 for further information. <<
493 <<
494 config CRYPTO_SERPENT <<
495 tristate "Serpent" <<
496 select CRYPTO_ALGAPI <<
497 help 452 help
498 Serpent cipher algorithm, by Anderso !! 453 CTR: Counter mode
499 !! 454 This block cipher algorithm is required for IPSec.
500 Keys are allowed to be from 0 to 256 <<
501 of 8 bits. <<
502 <<
503 See https://www.cl.cam.ac.uk/~rja14/ <<
504 455
505 config CRYPTO_SM4 !! 456 config CRYPTO_CTS
506 tristate !! 457 tristate "CTS support"
507 !! 458 select CRYPTO_BLKCIPHER
508 config CRYPTO_SM4_GENERIC <<
509 tristate "SM4 (ShangMi 4)" <<
510 select CRYPTO_ALGAPI <<
511 select CRYPTO_SM4 <<
512 help 459 help
513 SM4 cipher algorithms (OSCCA GB/T 32 !! 460 CTS: Cipher Text Stealing
514 ISO/IEC 18033-3:2010/Amd 1:2021) !! 461 This is the Cipher Text Stealing mode as described by
515 !! 462 Section 8 of rfc2040 and referenced by rfc3962
516 SM4 (GBT.32907-2016) is a cryptograp !! 463 (rfc3962 includes errata information in its Appendix A) or
517 Organization of State Commercial Adm !! 464 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
518 as an authorized cryptographic algor !! 465 This mode is required for Kerberos gss mechanism support
519 !! 466 for AES encryption.
520 SMS4 was originally created for use <<
521 networks, and is mandated in the Chi <<
522 Wireless LAN WAPI (Wired Authenticat <<
523 (GB.15629.11-2003). <<
524 <<
525 The latest SM4 standard (GBT.32907-2 <<
526 standardized through TC 260 of the S <<
527 of the People's Republic of China (S <<
528 <<
529 The input, output, and key of SMS4 a <<
530 <<
531 See https://eprint.iacr.org/2008/329 <<
532 467
533 If unsure, say N. !! 468 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
534 469
535 config CRYPTO_TEA !! 470 config CRYPTO_ECB
536 tristate "TEA, XTEA and XETA" !! 471 tristate "ECB support"
537 depends on CRYPTO_USER_API_ENABLE_OBSO !! 472 select CRYPTO_BLKCIPHER
538 select CRYPTO_ALGAPI !! 473 select CRYPTO_MANAGER
539 help 474 help
540 TEA (Tiny Encryption Algorithm) ciph !! 475 ECB: Electronic CodeBook mode
>> 476 This is the simplest block cipher algorithm. It simply encrypts
>> 477 the input block by block.
541 478
542 Tiny Encryption Algorithm is a simpl !! 479 config CRYPTO_LRW
543 many rounds for security. It is ver !! 480 tristate "LRW support"
544 little memory. !! 481 select CRYPTO_BLKCIPHER
545 !! 482 select CRYPTO_MANAGER
546 Xtendend Tiny Encryption Algorithm i !! 483 select CRYPTO_GF128MUL
547 the TEA algorithm to address a poten !! 484 help
548 in the TEA algorithm. !! 485 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
>> 486 narrow block cipher mode for dm-crypt. Use it with cipher
>> 487 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
>> 488 The first 128, 192 or 256 bits in the key are used for AES and the
>> 489 rest is used to tie each cipher block to its logical position.
549 490
550 Xtendend Encryption Tiny Algorithm i !! 491 config CRYPTO_OFB
551 of the XTEA algorithm for compatibil !! 492 tristate "OFB support"
>> 493 select CRYPTO_BLKCIPHER
>> 494 select CRYPTO_MANAGER
>> 495 help
>> 496 OFB: the Output Feedback mode makes a block cipher into a synchronous
>> 497 stream cipher. It generates keystream blocks, which are then XORed
>> 498 with the plaintext blocks to get the ciphertext. Flipping a bit in the
>> 499 ciphertext produces a flipped bit in the plaintext at the same
>> 500 location. This property allows many error correcting codes to function
>> 501 normally even when applied before encryption.
552 502
553 config CRYPTO_TWOFISH !! 503 config CRYPTO_PCBC
554 tristate "Twofish" !! 504 tristate "PCBC support"
555 select CRYPTO_ALGAPI !! 505 select CRYPTO_BLKCIPHER
556 select CRYPTO_TWOFISH_COMMON !! 506 select CRYPTO_MANAGER
557 help 507 help
558 Twofish cipher algorithm !! 508 PCBC: Propagating Cipher Block Chaining mode
>> 509 This block cipher algorithm is required for RxRPC.
559 510
560 Twofish was submitted as an AES (Adv !! 511 config CRYPTO_XTS
561 candidate cipher by researchers at C !! 512 tristate "XTS support"
562 16 round block cipher supporting key !! 513 select CRYPTO_BLKCIPHER
563 bits. !! 514 select CRYPTO_MANAGER
>> 515 select CRYPTO_ECB
>> 516 help
>> 517 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
>> 518 key size 256, 384 or 512 bits. This implementation currently
>> 519 can't handle a sectorsize which is not a multiple of 16 bytes.
564 520
565 See https://www.schneier.com/twofish !! 521 config CRYPTO_KEYWRAP
>> 522 tristate "Key wrapping support"
>> 523 select CRYPTO_BLKCIPHER
>> 524 help
>> 525 Support for key wrapping (NIST SP800-38F / RFC3394) without
>> 526 padding.
566 527
567 config CRYPTO_TWOFISH_COMMON !! 528 config CRYPTO_NHPOLY1305
568 tristate 529 tristate
569 help !! 530 select CRYPTO_HASH
570 Common parts of the Twofish cipher a !! 531 select CRYPTO_POLY1305
571 generic c and the assembler implemen <<
572 532
573 endmenu !! 533 config CRYPTO_NHPOLY1305_SSE2
>> 534 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
>> 535 depends on X86 && 64BIT
>> 536 select CRYPTO_NHPOLY1305
>> 537 help
>> 538 SSE2 optimized implementation of the hash function used by the
>> 539 Adiantum encryption mode.
574 540
575 menu "Length-preserving ciphers and modes" !! 541 config CRYPTO_NHPOLY1305_AVX2
>> 542 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
>> 543 depends on X86 && 64BIT
>> 544 select CRYPTO_NHPOLY1305
>> 545 help
>> 546 AVX2 optimized implementation of the hash function used by the
>> 547 Adiantum encryption mode.
576 548
577 config CRYPTO_ADIANTUM 549 config CRYPTO_ADIANTUM
578 tristate "Adiantum" !! 550 tristate "Adiantum support"
579 select CRYPTO_CHACHA20 551 select CRYPTO_CHACHA20
580 select CRYPTO_LIB_POLY1305_GENERIC !! 552 select CRYPTO_POLY1305
581 select CRYPTO_NHPOLY1305 553 select CRYPTO_NHPOLY1305
582 select CRYPTO_MANAGER <<
583 help 554 help
584 Adiantum tweakable, length-preservin !! 555 Adiantum is a tweakable, length-preserving encryption mode
585 !! 556 designed for fast and secure disk encryption, especially on
586 Designed for fast and secure disk en <<
587 CPUs without dedicated crypto instru 557 CPUs without dedicated crypto instructions. It encrypts
588 each sector using the XChaCha12 stre 558 each sector using the XChaCha12 stream cipher, two passes of
589 an ε-almost-∆-universal hash func 559 an ε-almost-∆-universal hash function, and an invocation of
590 the AES-256 block cipher on a single 560 the AES-256 block cipher on a single 16-byte block. On CPUs
591 without AES instructions, Adiantum i 561 without AES instructions, Adiantum is much faster than
592 AES-XTS. 562 AES-XTS.
593 563
594 Adiantum's security is provably redu 564 Adiantum's security is provably reducible to that of its
595 underlying stream and block ciphers, 565 underlying stream and block ciphers, subject to a security
596 bound. Unlike XTS, Adiantum is a tr 566 bound. Unlike XTS, Adiantum is a true wide-block encryption
597 mode, so it actually provides an eve 567 mode, so it actually provides an even stronger notion of
598 security than XTS, subject to the se 568 security than XTS, subject to the security bound.
599 569
600 If unsure, say N. 570 If unsure, say N.
601 571
602 config CRYPTO_ARC4 !! 572 comment "Hash modes"
603 tristate "ARC4 (Alleged Rivest Cipher <<
604 depends on CRYPTO_USER_API_ENABLE_OBSO <<
605 select CRYPTO_SKCIPHER <<
606 select CRYPTO_LIB_ARC4 <<
607 help <<
608 ARC4 cipher algorithm <<
609 <<
610 ARC4 is a stream cipher using keys r <<
611 bits in length. This algorithm is r <<
612 WEP, but it should not be for other <<
613 weakness of the algorithm. <<
614 <<
615 config CRYPTO_CHACHA20 <<
616 tristate "ChaCha" <<
617 select CRYPTO_LIB_CHACHA_GENERIC <<
618 select CRYPTO_SKCIPHER <<
619 help <<
620 The ChaCha20, XChaCha20, and XChaCha <<
621 <<
622 ChaCha20 is a 256-bit high-speed str <<
623 Bernstein and further specified in R <<
624 This is the portable C implementatio <<
625 https://cr.yp.to/chacha/chacha-20080 <<
626 <<
627 XChaCha20 is the application of the <<
628 rather than to Salsa20. XChaCha20 e <<
629 from 64 bits (or 96 bits using the R <<
630 while provably retaining ChaCha20's <<
631 https://cr.yp.to/snuffle/xsalsa-2008 <<
632 573
633 XChaCha12 is XChaCha20 reduced to 12 !! 574 config CRYPTO_CMAC
634 reduced security margin but increase !! 575 tristate "CMAC support"
635 in some performance-sensitive scenar !! 576 select CRYPTO_HASH
636 <<
637 config CRYPTO_CBC <<
638 tristate "CBC (Cipher Block Chaining)" <<
639 select CRYPTO_SKCIPHER <<
640 select CRYPTO_MANAGER 577 select CRYPTO_MANAGER
641 help 578 help
642 CBC (Cipher Block Chaining) mode (NI !! 579 Cipher-based Message Authentication Code (CMAC) specified by
>> 580 The National Institute of Standards and Technology (NIST).
643 581
644 This block cipher mode is required f !! 582 https://tools.ietf.org/html/rfc4493
>> 583 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
645 584
646 config CRYPTO_CTR !! 585 config CRYPTO_HMAC
647 tristate "CTR (Counter)" !! 586 tristate "HMAC support"
648 select CRYPTO_SKCIPHER !! 587 select CRYPTO_HASH
649 select CRYPTO_MANAGER <<
650 help <<
651 CTR (Counter) mode (NIST SP800-38A) <<
652 <<
653 config CRYPTO_CTS <<
654 tristate "CTS (Cipher Text Stealing)" <<
655 select CRYPTO_SKCIPHER <<
656 select CRYPTO_MANAGER 588 select CRYPTO_MANAGER
657 help 589 help
658 CBC-CS3 variant of CTS (Cipher Text !! 590 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
659 Addendum to SP800-38A (October 2010) !! 591 This is required for IPSec.
660 592
661 This mode is required for Kerberos g !! 593 config CRYPTO_XCBC
662 for AES encryption. !! 594 tristate "XCBC support"
663 !! 595 select CRYPTO_HASH
664 config CRYPTO_ECB <<
665 tristate "ECB (Electronic Codebook)" <<
666 select CRYPTO_SKCIPHER2 <<
667 select CRYPTO_MANAGER 596 select CRYPTO_MANAGER
668 help 597 help
669 ECB (Electronic Codebook) mode (NIST !! 598 XCBC: Keyed-Hashing with encryption algorithm
>> 599 http://www.ietf.org/rfc/rfc3566.txt
>> 600 http://csrc.nist.gov/encryption/modes/proposedmodes/
>> 601 xcbc-mac/xcbc-mac-spec.pdf
670 602
671 config CRYPTO_HCTR2 !! 603 config CRYPTO_VMAC
672 tristate "HCTR2" !! 604 tristate "VMAC support"
673 select CRYPTO_XCTR !! 605 select CRYPTO_HASH
674 select CRYPTO_POLYVAL <<
675 select CRYPTO_MANAGER 606 select CRYPTO_MANAGER
676 help 607 help
677 HCTR2 length-preserving encryption m !! 608 VMAC is a message authentication algorithm designed for
>> 609 very high speed on 64-bit architectures.
678 610
679 A mode for storage encryption that i !! 611 See also:
680 instructions to accelerate AES and c !! 612 <http://fastcrypto.org/vmac>
681 x86 processors with AES-NI and CLMUL <<
682 ARMv8 crypto extensions. <<
683 613
684 See https://eprint.iacr.org/2021/144 !! 614 comment "Digest"
685 615
686 config CRYPTO_KEYWRAP !! 616 config CRYPTO_CRC32C
687 tristate "KW (AES Key Wrap)" !! 617 tristate "CRC32c CRC algorithm"
688 select CRYPTO_SKCIPHER !! 618 select CRYPTO_HASH
689 select CRYPTO_MANAGER !! 619 select CRC32
690 help 620 help
691 KW (AES Key Wrap) authenticated encr !! 621 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
692 and RFC3394) without padding. !! 622 by iSCSI for header and data digests and by others.
693 !! 623 See Castagnoli93. Module will be crc32c.
694 config CRYPTO_LRW !! 624
695 tristate "LRW (Liskov Rivest Wagner)" !! 625 config CRYPTO_CRC32C_INTEL
696 select CRYPTO_LIB_GF128MUL !! 626 tristate "CRC32c INTEL hardware acceleration"
697 select CRYPTO_SKCIPHER !! 627 depends on X86
698 select CRYPTO_MANAGER !! 628 select CRYPTO_HASH
699 select CRYPTO_ECB !! 629 help
>> 630 In Intel processor with SSE4.2 supported, the processor will
>> 631 support CRC32C implementation using hardware accelerated CRC32
>> 632 instruction. This option will create 'crc32c-intel' module,
>> 633 which will enable any routine to use the CRC32 instruction to
>> 634 gain performance compared with software implementation.
>> 635 Module will be crc32c-intel.
>> 636
>> 637 config CRYPTO_CRC32C_VPMSUM
>> 638 tristate "CRC32c CRC algorithm (powerpc64)"
>> 639 depends on PPC64 && ALTIVEC
>> 640 select CRYPTO_HASH
>> 641 select CRC32
700 help 642 help
701 LRW (Liskov Rivest Wagner) mode !! 643 CRC32c algorithm implemented using vector polynomial multiply-sum
702 !! 644 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
703 A tweakable, non malleable, non mova !! 645 and newer processors for improved performance.
704 narrow block cipher mode for dm-cryp <<
705 specification string aes-lrw-benbi, <<
706 The first 128, 192 or 256 bits in th <<
707 rest is used to tie each cipher bloc <<
708 646
709 See https://people.csail.mit.edu/riv <<
710 647
711 config CRYPTO_PCBC !! 648 config CRYPTO_CRC32C_SPARC64
712 tristate "PCBC (Propagating Cipher Blo !! 649 tristate "CRC32c CRC algorithm (SPARC64)"
713 select CRYPTO_SKCIPHER !! 650 depends on SPARC64
714 select CRYPTO_MANAGER !! 651 select CRYPTO_HASH
>> 652 select CRC32
715 help 653 help
716 PCBC (Propagating Cipher Block Chain !! 654 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
>> 655 when available.
717 656
718 This block cipher mode is required f !! 657 config CRYPTO_CRC32
719 !! 658 tristate "CRC32 CRC algorithm"
720 config CRYPTO_XCTR !! 659 select CRYPTO_HASH
721 tristate !! 660 select CRC32
722 select CRYPTO_SKCIPHER <<
723 select CRYPTO_MANAGER <<
724 help 661 help
725 XCTR (XOR Counter) mode for HCTR2 !! 662 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
>> 663 Shash crypto api wrappers to crc32_le function.
726 664
727 This blockcipher mode is a variant o !! 665 config CRYPTO_CRC32_PCLMUL
728 addition rather than big-endian arit !! 666 tristate "CRC32 PCLMULQDQ hardware acceleration"
>> 667 depends on X86
>> 668 select CRYPTO_HASH
>> 669 select CRC32
>> 670 help
>> 671 From Intel Westmere and AMD Bulldozer processor with SSE4.2
>> 672 and PCLMULQDQ supported, the processor will support
>> 673 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
>> 674 instruction. This option will create 'crc32-pclmul' module,
>> 675 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
>> 676 and gain better performance as compared with the table implementation.
>> 677
>> 678 config CRYPTO_CRC32_MIPS
>> 679 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
>> 680 depends on MIPS_CRC_SUPPORT
>> 681 select CRYPTO_HASH
>> 682 help
>> 683 CRC32c and CRC32 CRC algorithms implemented using mips crypto
>> 684 instructions, when available.
729 685
730 XCTR mode is used to implement HCTR2 <<
731 686
732 config CRYPTO_XTS !! 687 config CRYPTO_CRCT10DIF
733 tristate "XTS (XOR Encrypt XOR with ci !! 688 tristate "CRCT10DIF algorithm"
734 select CRYPTO_SKCIPHER !! 689 select CRYPTO_HASH
735 select CRYPTO_MANAGER <<
736 select CRYPTO_ECB <<
737 help 690 help
738 XTS (XOR Encrypt XOR with ciphertext !! 691 CRC T10 Data Integrity Field computation is being cast as
739 and IEEE 1619) !! 692 a crypto transform. This allows for faster crc t10 diff
>> 693 transforms to be used if they are available.
740 694
741 Use with aes-xts-plain, key size 256 !! 695 config CRYPTO_CRCT10DIF_PCLMUL
742 implementation currently can't handl !! 696 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
743 multiple of 16 bytes. !! 697 depends on X86 && 64BIT && CRC_T10DIF
744 <<
745 config CRYPTO_NHPOLY1305 <<
746 tristate <<
747 select CRYPTO_HASH 698 select CRYPTO_HASH
748 select CRYPTO_LIB_POLY1305_GENERIC !! 699 help
>> 700 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
>> 701 CRC T10 DIF PCLMULQDQ computation can be hardware
>> 702 accelerated PCLMULQDQ instruction. This option will create
>> 703 'crct10dif-pclmul' module, which is faster when computing the
>> 704 crct10dif checksum as compared with the generic table implementation.
749 705
750 endmenu !! 706 config CRYPTO_CRCT10DIF_VPMSUM
>> 707 tristate "CRC32T10DIF powerpc64 hardware acceleration"
>> 708 depends on PPC64 && ALTIVEC && CRC_T10DIF
>> 709 select CRYPTO_HASH
>> 710 help
>> 711 CRC10T10DIF algorithm implemented using vector polynomial
>> 712 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
>> 713 POWER8 and newer processors for improved performance.
751 714
752 menu "AEAD (authenticated encryption with asso !! 715 config CRYPTO_VPMSUM_TESTER
>> 716 tristate "Powerpc64 vpmsum hardware acceleration tester"
>> 717 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
>> 718 help
>> 719 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
>> 720 POWER8 vpmsum instructions.
>> 721 Unless you are testing these algorithms, you don't need this.
753 722
754 config CRYPTO_AEGIS128 !! 723 config CRYPTO_GHASH
755 tristate "AEGIS-128" !! 724 tristate "GHASH digest algorithm"
756 select CRYPTO_AEAD !! 725 select CRYPTO_GF128MUL
757 select CRYPTO_AES # for AES S-box tab !! 726 select CRYPTO_HASH
758 help 727 help
759 AEGIS-128 AEAD algorithm !! 728 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
760 729
761 config CRYPTO_AEGIS128_SIMD !! 730 config CRYPTO_POLY1305
762 bool "AEGIS-128 (arm NEON, arm64 NEON) !! 731 tristate "Poly1305 authenticator algorithm"
763 depends on CRYPTO_AEGIS128 && ((ARM || !! 732 select CRYPTO_HASH
764 default y <<
765 help 733 help
766 AEGIS-128 AEAD algorithm !! 734 Poly1305 authenticator algorithm, RFC7539.
767 735
768 Architecture: arm or arm64 using: !! 736 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
769 - NEON (Advanced SIMD) extension !! 737 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
>> 738 in IETF protocols. This is the portable C implementation of Poly1305.
770 739
771 config CRYPTO_CHACHA20POLY1305 !! 740 config CRYPTO_POLY1305_X86_64
772 tristate "ChaCha20-Poly1305" !! 741 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
773 select CRYPTO_CHACHA20 !! 742 depends on X86 && 64BIT
774 select CRYPTO_POLY1305 743 select CRYPTO_POLY1305
775 select CRYPTO_AEAD <<
776 select CRYPTO_MANAGER <<
777 help 744 help
778 ChaCha20 stream cipher and Poly1305 !! 745 Poly1305 authenticator algorithm, RFC7539.
779 mode (RFC8439) <<
780 746
781 config CRYPTO_CCM !! 747 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
782 tristate "CCM (Counter with Cipher Blo !! 748 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
783 select CRYPTO_CTR !! 749 in IETF protocols. This is the x86_64 assembler implementation using SIMD
>> 750 instructions.
>> 751
>> 752 config CRYPTO_MD4
>> 753 tristate "MD4 digest algorithm"
784 select CRYPTO_HASH 754 select CRYPTO_HASH
785 select CRYPTO_AEAD <<
786 select CRYPTO_MANAGER <<
787 help 755 help
788 CCM (Counter with Cipher Block Chain !! 756 MD4 message digest algorithm (RFC1320).
789 authenticated encryption mode (NIST <<
790 757
791 config CRYPTO_GCM !! 758 config CRYPTO_MD5
792 tristate "GCM (Galois/Counter Mode) an !! 759 tristate "MD5 digest algorithm"
793 select CRYPTO_CTR !! 760 select CRYPTO_HASH
794 select CRYPTO_AEAD <<
795 select CRYPTO_GHASH <<
796 select CRYPTO_NULL <<
797 select CRYPTO_MANAGER <<
798 help 761 help
799 GCM (Galois/Counter Mode) authentica !! 762 MD5 message digest algorithm (RFC1321).
800 (GCM Message Authentication Code) (N <<
801 <<
802 This is required for IPSec ESP (XFRM <<
803 <<
804 config CRYPTO_GENIV <<
805 tristate <<
806 select CRYPTO_AEAD <<
807 select CRYPTO_NULL <<
808 select CRYPTO_MANAGER <<
809 select CRYPTO_RNG_DEFAULT <<
810 763
811 config CRYPTO_SEQIV !! 764 config CRYPTO_MD5_OCTEON
812 tristate "Sequence Number IV Generator !! 765 tristate "MD5 digest algorithm (OCTEON)"
813 select CRYPTO_GENIV !! 766 depends on CPU_CAVIUM_OCTEON
>> 767 select CRYPTO_MD5
>> 768 select CRYPTO_HASH
814 help 769 help
815 Sequence Number IV generator !! 770 MD5 message digest algorithm (RFC1321) implemented
816 !! 771 using OCTEON crypto instructions, when available.
817 This IV generator generates an IV ba <<
818 xoring it with a salt. This algorit <<
819 772
820 This is required for IPsec ESP (XFRM !! 773 config CRYPTO_MD5_PPC
>> 774 tristate "MD5 digest algorithm (PPC)"
>> 775 depends on PPC
>> 776 select CRYPTO_HASH
>> 777 help
>> 778 MD5 message digest algorithm (RFC1321) implemented
>> 779 in PPC assembler.
821 780
822 config CRYPTO_ECHAINIV !! 781 config CRYPTO_MD5_SPARC64
823 tristate "Encrypted Chain IV Generator !! 782 tristate "MD5 digest algorithm (SPARC64)"
824 select CRYPTO_GENIV !! 783 depends on SPARC64
>> 784 select CRYPTO_MD5
>> 785 select CRYPTO_HASH
825 help 786 help
826 Encrypted Chain IV generator !! 787 MD5 message digest algorithm (RFC1321) implemented
>> 788 using sparc64 crypto instructions, when available.
827 789
828 This IV generator generates an IV ba !! 790 config CRYPTO_MICHAEL_MIC
829 a sequence number xored with a salt. !! 791 tristate "Michael MIC keyed digest algorithm"
830 algorithm for CBC. !! 792 select CRYPTO_HASH
>> 793 help
>> 794 Michael MIC is used for message integrity protection in TKIP
>> 795 (IEEE 802.11i). This algorithm is required for TKIP, but it
>> 796 should not be used for other purposes because of the weakness
>> 797 of the algorithm.
831 798
832 config CRYPTO_ESSIV !! 799 config CRYPTO_RMD128
833 tristate "Encrypted Salt-Sector IV Gen !! 800 tristate "RIPEMD-128 digest algorithm"
834 select CRYPTO_AUTHENC !! 801 select CRYPTO_HASH
835 help 802 help
836 Encrypted Salt-Sector IV generator !! 803 RIPEMD-128 (ISO/IEC 10118-3:2004).
>> 804
>> 805 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
>> 806 be used as a secure replacement for RIPEMD. For other use cases,
>> 807 RIPEMD-160 should be used.
837 808
838 This IV generator is used in some ca !! 809 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
839 dm-crypt. It uses the hash of the bl !! 810 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
840 symmetric key for a block encryption <<
841 IV, making low entropy IV sources mo <<
842 encryption. <<
843 811
844 This driver implements a crypto API !! 812 config CRYPTO_RMD160
845 instantiated either as an skcipher o !! 813 tristate "RIPEMD-160 digest algorithm"
846 type of the first template argument) !! 814 select CRYPTO_HASH
847 and decryption requests to the encap !! 815 help
848 ESSIV to the input IV. Note that in !! 816 RIPEMD-160 (ISO/IEC 10118-3:2004).
849 that the keys are presented in the s <<
850 template, and that the IV appears at <<
851 associated data (AAD) region (which <<
852 817
853 Note that the use of ESSIV is not re !! 818 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
854 and so this only needs to be enabled !! 819 to be used as a secure replacement for the 128-bit hash functions
855 existing encrypted volumes of filesy !! 820 MD4, MD5 and it's predecessor RIPEMD
856 building for a particular system tha !! 821 (not to be confused with RIPEMD-128).
857 the SoC in question has accelerated <<
858 combined with ESSIV the only feasibl <<
859 block encryption) <<
860 822
861 endmenu !! 823 It's speed is comparable to SHA1 and there are no known attacks
>> 824 against RIPEMD-160.
862 825
863 menu "Hashes, digests, and MACs" !! 826 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
>> 827 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
864 828
865 config CRYPTO_BLAKE2B !! 829 config CRYPTO_RMD256
866 tristate "BLAKE2b" !! 830 tristate "RIPEMD-256 digest algorithm"
867 select CRYPTO_HASH 831 select CRYPTO_HASH
868 help 832 help
869 BLAKE2b cryptographic hash function !! 833 RIPEMD-256 is an optional extension of RIPEMD-128 with a
>> 834 256 bit hash. It is intended for applications that require
>> 835 longer hash-results, without needing a larger security level
>> 836 (than RIPEMD-128).
870 837
871 BLAKE2b is optimized for 64-bit plat !! 838 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
872 of any size between 1 and 64 bytes. !! 839 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
873 <<
874 This module provides the following a <<
875 - blake2b-160 <<
876 - blake2b-256 <<
877 - blake2b-384 <<
878 - blake2b-512 <<
879 840
880 Used by the btrfs filesystem. !! 841 config CRYPTO_RMD320
>> 842 tristate "RIPEMD-320 digest algorithm"
>> 843 select CRYPTO_HASH
>> 844 help
>> 845 RIPEMD-320 is an optional extension of RIPEMD-160 with a
>> 846 320 bit hash. It is intended for applications that require
>> 847 longer hash-results, without needing a larger security level
>> 848 (than RIPEMD-160).
881 849
882 See https://blake2.net for further i !! 850 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
>> 851 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
883 852
884 config CRYPTO_CMAC !! 853 config CRYPTO_SHA1
885 tristate "CMAC (Cipher-based MAC)" !! 854 tristate "SHA1 digest algorithm"
886 select CRYPTO_HASH 855 select CRYPTO_HASH
887 select CRYPTO_MANAGER <<
888 help 856 help
889 CMAC (Cipher-based Message Authentic !! 857 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
890 mode (NIST SP800-38B and IETF RFC449 <<
891 858
892 config CRYPTO_GHASH !! 859 config CRYPTO_SHA1_SSSE3
893 tristate "GHASH" !! 860 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
>> 861 depends on X86 && 64BIT
>> 862 select CRYPTO_SHA1
894 select CRYPTO_HASH 863 select CRYPTO_HASH
895 select CRYPTO_LIB_GF128MUL <<
896 help 864 help
897 GCM GHASH function (NIST SP800-38D) !! 865 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 866 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
>> 867 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
>> 868 when available.
898 869
899 config CRYPTO_HMAC !! 870 config CRYPTO_SHA256_SSSE3
900 tristate "HMAC (Keyed-Hash MAC)" !! 871 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
>> 872 depends on X86 && 64BIT
>> 873 select CRYPTO_SHA256
901 select CRYPTO_HASH 874 select CRYPTO_HASH
902 select CRYPTO_MANAGER <<
903 help 875 help
904 HMAC (Keyed-Hash Message Authenticat !! 876 SHA-256 secure hash standard (DFIPS 180-2) implemented
905 RFC2104) !! 877 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
906 !! 878 Extensions version 1 (AVX1), or Advanced Vector Extensions
907 This is required for IPsec AH (XFRM_ !! 879 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
908 !! 880 Instructions) when available.
909 config CRYPTO_MD4 !! 881
910 tristate "MD4" !! 882 config CRYPTO_SHA512_SSSE3
>> 883 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
>> 884 depends on X86 && 64BIT
>> 885 select CRYPTO_SHA512
911 select CRYPTO_HASH 886 select CRYPTO_HASH
912 help 887 help
913 MD4 message digest algorithm (RFC132 !! 888 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 889 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 890 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 891 version 2 (AVX2) instructions, when available.
914 892
915 config CRYPTO_MD5 !! 893 config CRYPTO_SHA1_OCTEON
916 tristate "MD5" !! 894 tristate "SHA1 digest algorithm (OCTEON)"
>> 895 depends on CPU_CAVIUM_OCTEON
>> 896 select CRYPTO_SHA1
917 select CRYPTO_HASH 897 select CRYPTO_HASH
918 help 898 help
919 MD5 message digest algorithm (RFC132 !! 899 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 900 using OCTEON crypto instructions, when available.
920 901
921 config CRYPTO_MICHAEL_MIC !! 902 config CRYPTO_SHA1_SPARC64
922 tristate "Michael MIC" !! 903 tristate "SHA1 digest algorithm (SPARC64)"
>> 904 depends on SPARC64
>> 905 select CRYPTO_SHA1
923 select CRYPTO_HASH 906 select CRYPTO_HASH
924 help 907 help
925 Michael MIC (Message Integrity Code) !! 908 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 909 using sparc64 crypto instructions, when available.
926 910
927 Defined by the IEEE 802.11i TKIP (Te !! 911 config CRYPTO_SHA1_PPC
928 known as WPA (Wif-Fi Protected Acces !! 912 tristate "SHA1 digest algorithm (powerpc)"
>> 913 depends on PPC
>> 914 help
>> 915 This is the powerpc hardware accelerated implementation of the
>> 916 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
929 917
930 This algorithm is required for TKIP, !! 918 config CRYPTO_SHA1_PPC_SPE
931 other purposes because of the weakne !! 919 tristate "SHA1 digest algorithm (PPC SPE)"
>> 920 depends on PPC && SPE
>> 921 help
>> 922 SHA-1 secure hash standard (DFIPS 180-4) implemented
>> 923 using powerpc SPE SIMD instruction set.
932 924
933 config CRYPTO_POLYVAL !! 925 config CRYPTO_SHA256
934 tristate !! 926 tristate "SHA224 and SHA256 digest algorithm"
935 select CRYPTO_HASH 927 select CRYPTO_HASH
936 select CRYPTO_LIB_GF128MUL <<
937 help 928 help
938 POLYVAL hash function for HCTR2 !! 929 SHA256 secure hash standard (DFIPS 180-2).
939 930
940 This is used in HCTR2. It is not a !! 931 This version of SHA implements a 256 bit hash with 128 bits of
941 cryptographic hash function. !! 932 security against collision attacks.
942 933
943 config CRYPTO_POLY1305 !! 934 This code also includes SHA-224, a 224 bit hash with 112 bits
944 tristate "Poly1305" !! 935 of security against collision attacks.
>> 936
>> 937 config CRYPTO_SHA256_PPC_SPE
>> 938 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
>> 939 depends on PPC && SPE
>> 940 select CRYPTO_SHA256
945 select CRYPTO_HASH 941 select CRYPTO_HASH
946 select CRYPTO_LIB_POLY1305_GENERIC <<
947 help 942 help
948 Poly1305 authenticator algorithm (RF !! 943 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
>> 944 implemented using powerpc SPE SIMD instruction set.
949 945
950 Poly1305 is an authenticator algorit !! 946 config CRYPTO_SHA256_OCTEON
951 It is used for the ChaCha20-Poly1305 !! 947 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
952 in IETF protocols. This is the porta !! 948 depends on CPU_CAVIUM_OCTEON
953 !! 949 select CRYPTO_SHA256
954 config CRYPTO_RMD160 <<
955 tristate "RIPEMD-160" <<
956 select CRYPTO_HASH 950 select CRYPTO_HASH
957 help 951 help
958 RIPEMD-160 hash function (ISO/IEC 10 !! 952 SHA-256 secure hash standard (DFIPS 180-2) implemented
959 !! 953 using OCTEON crypto instructions, when available.
960 RIPEMD-160 is a 160-bit cryptographi <<
961 to be used as a secure replacement f <<
962 MD4, MD5 and its predecessor RIPEMD <<
963 (not to be confused with RIPEMD-128) <<
964 <<
965 Its speed is comparable to SHA-1 and <<
966 against RIPEMD-160. <<
967 <<
968 Developed by Hans Dobbertin, Antoon <<
969 See https://homes.esat.kuleuven.be/~ <<
970 for further information. <<
971 954
972 config CRYPTO_SHA1 !! 955 config CRYPTO_SHA256_SPARC64
973 tristate "SHA-1" !! 956 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
>> 957 depends on SPARC64
>> 958 select CRYPTO_SHA256
974 select CRYPTO_HASH 959 select CRYPTO_HASH
975 select CRYPTO_LIB_SHA1 <<
976 help 960 help
977 SHA-1 secure hash algorithm (FIPS 18 !! 961 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 962 using sparc64 crypto instructions, when available.
978 963
979 config CRYPTO_SHA256 !! 964 config CRYPTO_SHA512
980 tristate "SHA-224 and SHA-256" !! 965 tristate "SHA384 and SHA512 digest algorithms"
981 select CRYPTO_HASH 966 select CRYPTO_HASH
982 select CRYPTO_LIB_SHA256 <<
983 help 967 help
984 SHA-224 and SHA-256 secure hash algo !! 968 SHA512 secure hash standard (DFIPS 180-2).
985 969
986 This is required for IPsec AH (XFRM_ !! 970 This version of SHA implements a 512 bit hash with 256 bits of
987 Used by the btrfs filesystem, Ceph, !! 971 security against collision attacks.
988 972
989 config CRYPTO_SHA512 !! 973 This code also includes SHA-384, a 384 bit hash with 192 bits
990 tristate "SHA-384 and SHA-512" !! 974 of security against collision attacks.
>> 975
>> 976 config CRYPTO_SHA512_OCTEON
>> 977 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
>> 978 depends on CPU_CAVIUM_OCTEON
>> 979 select CRYPTO_SHA512
991 select CRYPTO_HASH 980 select CRYPTO_HASH
992 help 981 help
993 SHA-384 and SHA-512 secure hash algo !! 982 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 983 using OCTEON crypto instructions, when available.
>> 984
>> 985 config CRYPTO_SHA512_SPARC64
>> 986 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
>> 987 depends on SPARC64
>> 988 select CRYPTO_SHA512
>> 989 select CRYPTO_HASH
>> 990 help
>> 991 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 992 using sparc64 crypto instructions, when available.
994 993
995 config CRYPTO_SHA3 994 config CRYPTO_SHA3
996 tristate "SHA-3" !! 995 tristate "SHA3 digest algorithm"
997 select CRYPTO_HASH 996 select CRYPTO_HASH
998 help 997 help
999 SHA-3 secure hash algorithms (FIPS 2 !! 998 SHA-3 secure hash standard (DFIPS 202). It's based on
>> 999 cryptographic sponge function family called Keccak.
1000 1000
1001 config CRYPTO_SM3 !! 1001 References:
1002 tristate !! 1002 http://keccak.noekeon.org/
1003 1003
1004 config CRYPTO_SM3_GENERIC !! 1004 config CRYPTO_SM3
1005 tristate "SM3 (ShangMi 3)" !! 1005 tristate "SM3 digest algorithm"
1006 select CRYPTO_HASH 1006 select CRYPTO_HASH
1007 select CRYPTO_SM3 <<
1008 help 1007 help
1009 SM3 (ShangMi 3) secure hash functio !! 1008 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1010 !! 1009 It is part of the Chinese Commercial Cryptography suite.
1011 This is part of the Chinese Commerc <<
1012 1010
1013 References: 1011 References:
1014 http://www.oscca.gov.cn/UpFile/2010 1012 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1015 https://datatracker.ietf.org/doc/ht 1013 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1016 1014
1017 config CRYPTO_STREEBOG 1015 config CRYPTO_STREEBOG
1018 tristate "Streebog" !! 1016 tristate "Streebog Hash Function"
1019 select CRYPTO_HASH 1017 select CRYPTO_HASH
1020 help 1018 help
1021 Streebog Hash Function (GOST R 34.1 !! 1019 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1022 !! 1020 cryptographic standard algorithms (called GOST algorithms).
1023 This is one of the Russian cryptogr !! 1021 This setting enables two hash algorithms with 256 and 512 bits output.
1024 GOST algorithms). This setting enab <<
1025 256 and 512 bits output. <<
1026 1022
1027 References: 1023 References:
1028 https://tc26.ru/upload/iblock/fed/f 1024 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1029 https://tools.ietf.org/html/rfc6986 1025 https://tools.ietf.org/html/rfc6986
1030 1026
1031 config CRYPTO_VMAC !! 1027 config CRYPTO_TGR192
1032 tristate "VMAC" !! 1028 tristate "Tiger digest algorithms"
1033 select CRYPTO_HASH 1029 select CRYPTO_HASH
1034 select CRYPTO_MANAGER <<
1035 help 1030 help
1036 VMAC is a message authentication al !! 1031 Tiger hash algorithm 192, 160 and 128-bit hashes
1037 very high speed on 64-bit architect <<
1038 1032
1039 See https://fastcrypto.org/vmac for !! 1033 Tiger is a hash function optimized for 64-bit processors while
>> 1034 still having decent performance on 32-bit processors.
>> 1035 Tiger was developed by Ross Anderson and Eli Biham.
>> 1036
>> 1037 See also:
>> 1038 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
1040 1039
1041 config CRYPTO_WP512 1040 config CRYPTO_WP512
1042 tristate "Whirlpool" !! 1041 tristate "Whirlpool digest algorithms"
1043 select CRYPTO_HASH 1042 select CRYPTO_HASH
1044 help 1043 help
1045 Whirlpool hash function (ISO/IEC 10 !! 1044 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1046 <<
1047 512, 384 and 256-bit hashes. <<
1048 1045
1049 Whirlpool-512 is part of the NESSIE 1046 Whirlpool-512 is part of the NESSIE cryptographic primitives.
>> 1047 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1050 1048
1051 See https://web.archive.org/web/201 !! 1049 See also:
1052 for further information. !! 1050 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1053 1051
1054 config CRYPTO_XCBC !! 1052 config CRYPTO_GHASH_CLMUL_NI_INTEL
1055 tristate "XCBC-MAC (Extended Cipher B !! 1053 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
1056 select CRYPTO_HASH !! 1054 depends on X86 && 64BIT
1057 select CRYPTO_MANAGER !! 1055 select CRYPTO_CRYPTD
1058 help 1056 help
1059 XCBC-MAC (Extended Cipher Block Cha !! 1057 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
1060 Code) (RFC3566) !! 1058 The implementation is accelerated by CLMUL-NI of Intel.
1061 1059
1062 config CRYPTO_XXHASH !! 1060 comment "Ciphers"
1063 tristate "xxHash" !! 1061
1064 select CRYPTO_HASH !! 1062 config CRYPTO_AES
1065 select XXHASH !! 1063 tristate "AES cipher algorithms"
>> 1064 select CRYPTO_ALGAPI
1066 help 1065 help
1067 xxHash non-cryptographic hash algor !! 1066 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1067 algorithm.
1068 1068
1069 Extremely fast, working at speeds c !! 1069 Rijndael appears to be consistently a very good performer in
>> 1070 both hardware and software across a wide range of computing
>> 1071 environments regardless of its use in feedback or non-feedback
>> 1072 modes. Its key setup time is excellent, and its key agility is
>> 1073 good. Rijndael's very low memory requirements make it very well
>> 1074 suited for restricted-space environments, in which it also
>> 1075 demonstrates excellent performance. Rijndael's operations are
>> 1076 among the easiest to defend against power and timing attacks.
1070 1077
1071 Used by the btrfs filesystem. !! 1078 The AES specifies three key sizes: 128, 192 and 256 bits
1072 1079
1073 endmenu !! 1080 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1074 1081
1075 menu "CRCs (cyclic redundancy checks)" !! 1082 config CRYPTO_AES_TI
>> 1083 tristate "Fixed time AES cipher"
>> 1084 select CRYPTO_ALGAPI
>> 1085 help
>> 1086 This is a generic implementation of AES that attempts to eliminate
>> 1087 data dependent latencies as much as possible without affecting
>> 1088 performance too much. It is intended for use by the generic CCM
>> 1089 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
>> 1090 solely on encryption (although decryption is supported as well, but
>> 1091 with a more dramatic performance hit)
1076 1092
1077 config CRYPTO_CRC32C !! 1093 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1078 tristate "CRC32c" !! 1094 8 for decryption), this implementation only uses just two S-boxes of
1079 select CRYPTO_HASH !! 1095 256 bytes each, and attempts to eliminate data dependent latencies by
1080 select CRC32 !! 1096 prefetching the entire table into the cache at the start of each
>> 1097 block. Interrupts are also disabled to avoid races where cachelines
>> 1098 are evicted when the CPU is interrupted to do something else.
>> 1099
>> 1100 config CRYPTO_AES_586
>> 1101 tristate "AES cipher algorithms (i586)"
>> 1102 depends on (X86 || UML_X86) && !64BIT
>> 1103 select CRYPTO_ALGAPI
>> 1104 select CRYPTO_AES
1081 help 1105 help
1082 CRC32c CRC algorithm with the iSCSI !! 1106 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1107 algorithm.
>> 1108
>> 1109 Rijndael appears to be consistently a very good performer in
>> 1110 both hardware and software across a wide range of computing
>> 1111 environments regardless of its use in feedback or non-feedback
>> 1112 modes. Its key setup time is excellent, and its key agility is
>> 1113 good. Rijndael's very low memory requirements make it very well
>> 1114 suited for restricted-space environments, in which it also
>> 1115 demonstrates excellent performance. Rijndael's operations are
>> 1116 among the easiest to defend against power and timing attacks.
1083 1117
1084 A 32-bit CRC (cyclic redundancy che !! 1118 The AES specifies three key sizes: 128, 192 and 256 bits
1085 by G. Castagnoli, S. Braeuer and M. <<
1086 Redundancy-Check Codes with 24 and <<
1087 on Communications, Vol. 41, No. 6, <<
1088 iSCSI. <<
1089 1119
1090 Used by btrfs, ext4, jbd2, NVMeoF/T !! 1120 See <http://csrc.nist.gov/encryption/aes/> for more information.
1091 1121
1092 config CRYPTO_CRC32 !! 1122 config CRYPTO_AES_X86_64
1093 tristate "CRC32" !! 1123 tristate "AES cipher algorithms (x86_64)"
1094 select CRYPTO_HASH !! 1124 depends on (X86 || UML_X86) && 64BIT
1095 select CRC32 !! 1125 select CRYPTO_ALGAPI
>> 1126 select CRYPTO_AES
1096 help 1127 help
1097 CRC32 CRC algorithm (IEEE 802.3) !! 1128 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1129 algorithm.
1098 1130
1099 Used by RoCEv2 and f2fs. !! 1131 Rijndael appears to be consistently a very good performer in
>> 1132 both hardware and software across a wide range of computing
>> 1133 environments regardless of its use in feedback or non-feedback
>> 1134 modes. Its key setup time is excellent, and its key agility is
>> 1135 good. Rijndael's very low memory requirements make it very well
>> 1136 suited for restricted-space environments, in which it also
>> 1137 demonstrates excellent performance. Rijndael's operations are
>> 1138 among the easiest to defend against power and timing attacks.
1100 1139
1101 config CRYPTO_CRCT10DIF !! 1140 The AES specifies three key sizes: 128, 192 and 256 bits
1102 tristate "CRCT10DIF" !! 1141
1103 select CRYPTO_HASH !! 1142 See <http://csrc.nist.gov/encryption/aes/> for more information.
>> 1143
>> 1144 config CRYPTO_AES_NI_INTEL
>> 1145 tristate "AES cipher algorithms (AES-NI)"
>> 1146 depends on X86
>> 1147 select CRYPTO_AEAD
>> 1148 select CRYPTO_AES_X86_64 if 64BIT
>> 1149 select CRYPTO_AES_586 if !64BIT
>> 1150 select CRYPTO_ALGAPI
>> 1151 select CRYPTO_BLKCIPHER
>> 1152 select CRYPTO_GLUE_HELPER_X86 if 64BIT
>> 1153 select CRYPTO_SIMD
1104 help 1154 help
1105 CRC16 CRC algorithm used for the T1 !! 1155 Use Intel AES-NI instructions for AES algorithm.
1106 1156
1107 CRC algorithm used by the SCSI Bloc !! 1157 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1158 algorithm.
1108 1159
1109 config CRYPTO_CRC64_ROCKSOFT !! 1160 Rijndael appears to be consistently a very good performer in
1110 tristate "CRC64 based on Rocksoft Mod !! 1161 both hardware and software across a wide range of computing
1111 depends on CRC64 !! 1162 environments regardless of its use in feedback or non-feedback
1112 select CRYPTO_HASH !! 1163 modes. Its key setup time is excellent, and its key agility is
>> 1164 good. Rijndael's very low memory requirements make it very well
>> 1165 suited for restricted-space environments, in which it also
>> 1166 demonstrates excellent performance. Rijndael's operations are
>> 1167 among the easiest to defend against power and timing attacks.
>> 1168
>> 1169 The AES specifies three key sizes: 128, 192 and 256 bits
>> 1170
>> 1171 See <http://csrc.nist.gov/encryption/aes/> for more information.
>> 1172
>> 1173 In addition to AES cipher algorithm support, the acceleration
>> 1174 for some popular block cipher mode is supported too, including
>> 1175 ECB, CBC, LRW, XTS. The 64 bit version has additional
>> 1176 acceleration for CTR.
>> 1177
>> 1178 config CRYPTO_AES_SPARC64
>> 1179 tristate "AES cipher algorithms (SPARC64)"
>> 1180 depends on SPARC64
>> 1181 select CRYPTO_CRYPTD
>> 1182 select CRYPTO_ALGAPI
>> 1183 help
>> 1184 Use SPARC64 crypto opcodes for AES algorithm.
>> 1185
>> 1186 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1187 algorithm.
>> 1188
>> 1189 Rijndael appears to be consistently a very good performer in
>> 1190 both hardware and software across a wide range of computing
>> 1191 environments regardless of its use in feedback or non-feedback
>> 1192 modes. Its key setup time is excellent, and its key agility is
>> 1193 good. Rijndael's very low memory requirements make it very well
>> 1194 suited for restricted-space environments, in which it also
>> 1195 demonstrates excellent performance. Rijndael's operations are
>> 1196 among the easiest to defend against power and timing attacks.
>> 1197
>> 1198 The AES specifies three key sizes: 128, 192 and 256 bits
>> 1199
>> 1200 See <http://csrc.nist.gov/encryption/aes/> for more information.
>> 1201
>> 1202 In addition to AES cipher algorithm support, the acceleration
>> 1203 for some popular block cipher mode is supported too, including
>> 1204 ECB and CBC.
>> 1205
>> 1206 config CRYPTO_AES_PPC_SPE
>> 1207 tristate "AES cipher algorithms (PPC SPE)"
>> 1208 depends on PPC && SPE
>> 1209 help
>> 1210 AES cipher algorithms (FIPS-197). Additionally the acceleration
>> 1211 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
>> 1212 This module should only be used for low power (router) devices
>> 1213 without hardware AES acceleration (e.g. caam crypto). It reduces the
>> 1214 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
>> 1215 timining attacks. Nevertheless it might be not as secure as other
>> 1216 architecture specific assembler implementations that work on 1KB
>> 1217 tables or 256 bytes S-boxes.
>> 1218
>> 1219 config CRYPTO_ANUBIS
>> 1220 tristate "Anubis cipher algorithm"
>> 1221 select CRYPTO_ALGAPI
>> 1222 help
>> 1223 Anubis cipher algorithm.
>> 1224
>> 1225 Anubis is a variable key length cipher which can use keys from
>> 1226 128 bits to 320 bits in length. It was evaluated as a entrant
>> 1227 in the NESSIE competition.
>> 1228
>> 1229 See also:
>> 1230 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
>> 1231 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
>> 1232
>> 1233 config CRYPTO_ARC4
>> 1234 tristate "ARC4 cipher algorithm"
>> 1235 select CRYPTO_BLKCIPHER
>> 1236 help
>> 1237 ARC4 cipher algorithm.
>> 1238
>> 1239 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
>> 1240 bits in length. This algorithm is required for driver-based
>> 1241 WEP, but it should not be for other purposes because of the
>> 1242 weakness of the algorithm.
>> 1243
>> 1244 config CRYPTO_BLOWFISH
>> 1245 tristate "Blowfish cipher algorithm"
>> 1246 select CRYPTO_ALGAPI
>> 1247 select CRYPTO_BLOWFISH_COMMON
>> 1248 help
>> 1249 Blowfish cipher algorithm, by Bruce Schneier.
>> 1250
>> 1251 This is a variable key length cipher which can use keys from 32
>> 1252 bits to 448 bits in length. It's fast, simple and specifically
>> 1253 designed for use on "large microprocessors".
>> 1254
>> 1255 See also:
>> 1256 <http://www.schneier.com/blowfish.html>
>> 1257
>> 1258 config CRYPTO_BLOWFISH_COMMON
>> 1259 tristate
>> 1260 help
>> 1261 Common parts of the Blowfish cipher algorithm shared by the
>> 1262 generic c and the assembler implementations.
>> 1263
>> 1264 See also:
>> 1265 <http://www.schneier.com/blowfish.html>
>> 1266
>> 1267 config CRYPTO_BLOWFISH_X86_64
>> 1268 tristate "Blowfish cipher algorithm (x86_64)"
>> 1269 depends on X86 && 64BIT
>> 1270 select CRYPTO_BLKCIPHER
>> 1271 select CRYPTO_BLOWFISH_COMMON
>> 1272 help
>> 1273 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
>> 1274
>> 1275 This is a variable key length cipher which can use keys from 32
>> 1276 bits to 448 bits in length. It's fast, simple and specifically
>> 1277 designed for use on "large microprocessors".
>> 1278
>> 1279 See also:
>> 1280 <http://www.schneier.com/blowfish.html>
>> 1281
>> 1282 config CRYPTO_CAMELLIA
>> 1283 tristate "Camellia cipher algorithms"
>> 1284 depends on CRYPTO
>> 1285 select CRYPTO_ALGAPI
>> 1286 help
>> 1287 Camellia cipher algorithms module.
>> 1288
>> 1289 Camellia is a symmetric key block cipher developed jointly
>> 1290 at NTT and Mitsubishi Electric Corporation.
>> 1291
>> 1292 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1293
>> 1294 See also:
>> 1295 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1296
>> 1297 config CRYPTO_CAMELLIA_X86_64
>> 1298 tristate "Camellia cipher algorithm (x86_64)"
>> 1299 depends on X86 && 64BIT
>> 1300 depends on CRYPTO
>> 1301 select CRYPTO_BLKCIPHER
>> 1302 select CRYPTO_GLUE_HELPER_X86
>> 1303 help
>> 1304 Camellia cipher algorithm module (x86_64).
>> 1305
>> 1306 Camellia is a symmetric key block cipher developed jointly
>> 1307 at NTT and Mitsubishi Electric Corporation.
>> 1308
>> 1309 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1310
>> 1311 See also:
>> 1312 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1313
>> 1314 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1315 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
>> 1316 depends on X86 && 64BIT
>> 1317 depends on CRYPTO
>> 1318 select CRYPTO_BLKCIPHER
>> 1319 select CRYPTO_CAMELLIA_X86_64
>> 1320 select CRYPTO_GLUE_HELPER_X86
>> 1321 select CRYPTO_SIMD
>> 1322 select CRYPTO_XTS
>> 1323 help
>> 1324 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
>> 1325
>> 1326 Camellia is a symmetric key block cipher developed jointly
>> 1327 at NTT and Mitsubishi Electric Corporation.
>> 1328
>> 1329 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1330
>> 1331 See also:
>> 1332 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1333
>> 1334 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
>> 1335 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
>> 1336 depends on X86 && 64BIT
>> 1337 depends on CRYPTO
>> 1338 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1339 help
>> 1340 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
>> 1341
>> 1342 Camellia is a symmetric key block cipher developed jointly
>> 1343 at NTT and Mitsubishi Electric Corporation.
>> 1344
>> 1345 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1346
>> 1347 See also:
>> 1348 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1349
>> 1350 config CRYPTO_CAMELLIA_SPARC64
>> 1351 tristate "Camellia cipher algorithm (SPARC64)"
>> 1352 depends on SPARC64
>> 1353 depends on CRYPTO
>> 1354 select CRYPTO_ALGAPI
>> 1355 help
>> 1356 Camellia cipher algorithm module (SPARC64).
>> 1357
>> 1358 Camellia is a symmetric key block cipher developed jointly
>> 1359 at NTT and Mitsubishi Electric Corporation.
>> 1360
>> 1361 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1362
>> 1363 See also:
>> 1364 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1365
>> 1366 config CRYPTO_CAST_COMMON
>> 1367 tristate
>> 1368 help
>> 1369 Common parts of the CAST cipher algorithms shared by the
>> 1370 generic c and the assembler implementations.
>> 1371
>> 1372 config CRYPTO_CAST5
>> 1373 tristate "CAST5 (CAST-128) cipher algorithm"
>> 1374 select CRYPTO_ALGAPI
>> 1375 select CRYPTO_CAST_COMMON
>> 1376 help
>> 1377 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1378 described in RFC2144.
>> 1379
>> 1380 config CRYPTO_CAST5_AVX_X86_64
>> 1381 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
>> 1382 depends on X86 && 64BIT
>> 1383 select CRYPTO_BLKCIPHER
>> 1384 select CRYPTO_CAST5
>> 1385 select CRYPTO_CAST_COMMON
>> 1386 select CRYPTO_SIMD
>> 1387 help
>> 1388 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1389 described in RFC2144.
>> 1390
>> 1391 This module provides the Cast5 cipher algorithm that processes
>> 1392 sixteen blocks parallel using the AVX instruction set.
>> 1393
>> 1394 config CRYPTO_CAST6
>> 1395 tristate "CAST6 (CAST-256) cipher algorithm"
>> 1396 select CRYPTO_ALGAPI
>> 1397 select CRYPTO_CAST_COMMON
>> 1398 help
>> 1399 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1400 described in RFC2612.
>> 1401
>> 1402 config CRYPTO_CAST6_AVX_X86_64
>> 1403 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
>> 1404 depends on X86 && 64BIT
>> 1405 select CRYPTO_BLKCIPHER
>> 1406 select CRYPTO_CAST6
>> 1407 select CRYPTO_CAST_COMMON
>> 1408 select CRYPTO_GLUE_HELPER_X86
>> 1409 select CRYPTO_SIMD
>> 1410 select CRYPTO_XTS
>> 1411 help
>> 1412 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1413 described in RFC2612.
>> 1414
>> 1415 This module provides the Cast6 cipher algorithm that processes
>> 1416 eight blocks parallel using the AVX instruction set.
>> 1417
>> 1418 config CRYPTO_DES
>> 1419 tristate "DES and Triple DES EDE cipher algorithms"
>> 1420 select CRYPTO_ALGAPI
>> 1421 help
>> 1422 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
>> 1423
>> 1424 config CRYPTO_DES_SPARC64
>> 1425 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
>> 1426 depends on SPARC64
>> 1427 select CRYPTO_ALGAPI
>> 1428 select CRYPTO_DES
>> 1429 help
>> 1430 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
>> 1431 optimized using SPARC64 crypto opcodes.
>> 1432
>> 1433 config CRYPTO_DES3_EDE_X86_64
>> 1434 tristate "Triple DES EDE cipher algorithm (x86-64)"
>> 1435 depends on X86 && 64BIT
>> 1436 select CRYPTO_BLKCIPHER
>> 1437 select CRYPTO_DES
>> 1438 help
>> 1439 Triple DES EDE (FIPS 46-3) algorithm.
>> 1440
>> 1441 This module provides implementation of the Triple DES EDE cipher
>> 1442 algorithm that is optimized for x86-64 processors. Two versions of
>> 1443 algorithm are provided; regular processing one input block and
>> 1444 one that processes three blocks parallel.
>> 1445
>> 1446 config CRYPTO_FCRYPT
>> 1447 tristate "FCrypt cipher algorithm"
>> 1448 select CRYPTO_ALGAPI
>> 1449 select CRYPTO_BLKCIPHER
>> 1450 help
>> 1451 FCrypt algorithm used by RxRPC.
>> 1452
>> 1453 config CRYPTO_KHAZAD
>> 1454 tristate "Khazad cipher algorithm"
>> 1455 select CRYPTO_ALGAPI
>> 1456 help
>> 1457 Khazad cipher algorithm.
>> 1458
>> 1459 Khazad was a finalist in the initial NESSIE competition. It is
>> 1460 an algorithm optimized for 64-bit processors with good performance
>> 1461 on 32-bit processors. Khazad uses an 128 bit key size.
>> 1462
>> 1463 See also:
>> 1464 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
>> 1465
>> 1466 config CRYPTO_SALSA20
>> 1467 tristate "Salsa20 stream cipher algorithm"
>> 1468 select CRYPTO_BLKCIPHER
>> 1469 help
>> 1470 Salsa20 stream cipher algorithm.
>> 1471
>> 1472 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
>> 1473 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
>> 1474
>> 1475 The Salsa20 stream cipher algorithm is designed by Daniel J.
>> 1476 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
>> 1477
>> 1478 config CRYPTO_CHACHA20
>> 1479 tristate "ChaCha stream cipher algorithms"
>> 1480 select CRYPTO_BLKCIPHER
>> 1481 help
>> 1482 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
>> 1483
>> 1484 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
>> 1485 Bernstein and further specified in RFC7539 for use in IETF protocols.
>> 1486 This is the portable C implementation of ChaCha20. See also:
>> 1487 <http://cr.yp.to/chacha/chacha-20080128.pdf>
>> 1488
>> 1489 XChaCha20 is the application of the XSalsa20 construction to ChaCha20
>> 1490 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
>> 1491 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
>> 1492 while provably retaining ChaCha20's security. See also:
>> 1493 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
>> 1494
>> 1495 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
>> 1496 reduced security margin but increased performance. It can be needed
>> 1497 in some performance-sensitive scenarios.
>> 1498
>> 1499 config CRYPTO_CHACHA20_X86_64
>> 1500 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
>> 1501 depends on X86 && 64BIT
>> 1502 select CRYPTO_BLKCIPHER
>> 1503 select CRYPTO_CHACHA20
>> 1504 help
>> 1505 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
>> 1506 XChaCha20, and XChaCha12 stream ciphers.
>> 1507
>> 1508 config CRYPTO_SEED
>> 1509 tristate "SEED cipher algorithm"
>> 1510 select CRYPTO_ALGAPI
>> 1511 help
>> 1512 SEED cipher algorithm (RFC4269).
>> 1513
>> 1514 SEED is a 128-bit symmetric key block cipher that has been
>> 1515 developed by KISA (Korea Information Security Agency) as a
>> 1516 national standard encryption algorithm of the Republic of Korea.
>> 1517 It is a 16 round block cipher with the key size of 128 bit.
>> 1518
>> 1519 See also:
>> 1520 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
>> 1521
>> 1522 config CRYPTO_SERPENT
>> 1523 tristate "Serpent cipher algorithm"
>> 1524 select CRYPTO_ALGAPI
>> 1525 help
>> 1526 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1527
>> 1528 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1529 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
>> 1530 variant of Serpent for compatibility with old kerneli.org code.
>> 1531
>> 1532 See also:
>> 1533 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1534
>> 1535 config CRYPTO_SERPENT_SSE2_X86_64
>> 1536 tristate "Serpent cipher algorithm (x86_64/SSE2)"
>> 1537 depends on X86 && 64BIT
>> 1538 select CRYPTO_BLKCIPHER
>> 1539 select CRYPTO_GLUE_HELPER_X86
>> 1540 select CRYPTO_SERPENT
>> 1541 select CRYPTO_SIMD
>> 1542 help
>> 1543 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1544
>> 1545 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1546 of 8 bits.
>> 1547
>> 1548 This module provides Serpent cipher algorithm that processes eight
>> 1549 blocks parallel using SSE2 instruction set.
>> 1550
>> 1551 See also:
>> 1552 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1553
>> 1554 config CRYPTO_SERPENT_SSE2_586
>> 1555 tristate "Serpent cipher algorithm (i586/SSE2)"
>> 1556 depends on X86 && !64BIT
>> 1557 select CRYPTO_BLKCIPHER
>> 1558 select CRYPTO_GLUE_HELPER_X86
>> 1559 select CRYPTO_SERPENT
>> 1560 select CRYPTO_SIMD
>> 1561 help
>> 1562 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1563
>> 1564 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1565 of 8 bits.
>> 1566
>> 1567 This module provides Serpent cipher algorithm that processes four
>> 1568 blocks parallel using SSE2 instruction set.
>> 1569
>> 1570 See also:
>> 1571 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1572
>> 1573 config CRYPTO_SERPENT_AVX_X86_64
>> 1574 tristate "Serpent cipher algorithm (x86_64/AVX)"
>> 1575 depends on X86 && 64BIT
>> 1576 select CRYPTO_BLKCIPHER
>> 1577 select CRYPTO_GLUE_HELPER_X86
>> 1578 select CRYPTO_SERPENT
>> 1579 select CRYPTO_SIMD
>> 1580 select CRYPTO_XTS
>> 1581 help
>> 1582 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1583
>> 1584 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1585 of 8 bits.
>> 1586
>> 1587 This module provides the Serpent cipher algorithm that processes
>> 1588 eight blocks parallel using the AVX instruction set.
>> 1589
>> 1590 See also:
>> 1591 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1592
>> 1593 config CRYPTO_SERPENT_AVX2_X86_64
>> 1594 tristate "Serpent cipher algorithm (x86_64/AVX2)"
>> 1595 depends on X86 && 64BIT
>> 1596 select CRYPTO_SERPENT_AVX_X86_64
>> 1597 help
>> 1598 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1599
>> 1600 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1601 of 8 bits.
>> 1602
>> 1603 This module provides Serpent cipher algorithm that processes 16
>> 1604 blocks parallel using AVX2 instruction set.
>> 1605
>> 1606 See also:
>> 1607 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1608
>> 1609 config CRYPTO_SM4
>> 1610 tristate "SM4 cipher algorithm"
>> 1611 select CRYPTO_ALGAPI
>> 1612 help
>> 1613 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
>> 1614
>> 1615 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
>> 1616 Organization of State Commercial Administration of China (OSCCA)
>> 1617 as an authorized cryptographic algorithms for the use within China.
>> 1618
>> 1619 SMS4 was originally created for use in protecting wireless
>> 1620 networks, and is mandated in the Chinese National Standard for
>> 1621 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
>> 1622 (GB.15629.11-2003).
>> 1623
>> 1624 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
>> 1625 standardized through TC 260 of the Standardization Administration
>> 1626 of the People's Republic of China (SAC).
>> 1627
>> 1628 The input, output, and key of SMS4 are each 128 bits.
>> 1629
>> 1630 See also: <https://eprint.iacr.org/2008/329.pdf>
>> 1631
>> 1632 If unsure, say N.
>> 1633
>> 1634 config CRYPTO_TEA
>> 1635 tristate "TEA, XTEA and XETA cipher algorithms"
>> 1636 select CRYPTO_ALGAPI
>> 1637 help
>> 1638 TEA cipher algorithm.
>> 1639
>> 1640 Tiny Encryption Algorithm is a simple cipher that uses
>> 1641 many rounds for security. It is very fast and uses
>> 1642 little memory.
>> 1643
>> 1644 Xtendend Tiny Encryption Algorithm is a modification to
>> 1645 the TEA algorithm to address a potential key weakness
>> 1646 in the TEA algorithm.
>> 1647
>> 1648 Xtendend Encryption Tiny Algorithm is a mis-implementation
>> 1649 of the XTEA algorithm for compatibility purposes.
>> 1650
>> 1651 config CRYPTO_TWOFISH
>> 1652 tristate "Twofish cipher algorithm"
>> 1653 select CRYPTO_ALGAPI
>> 1654 select CRYPTO_TWOFISH_COMMON
>> 1655 help
>> 1656 Twofish cipher algorithm.
>> 1657
>> 1658 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1659 candidate cipher by researchers at CounterPane Systems. It is a
>> 1660 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1661 bits.
>> 1662
>> 1663 See also:
>> 1664 <http://www.schneier.com/twofish.html>
>> 1665
>> 1666 config CRYPTO_TWOFISH_COMMON
>> 1667 tristate
>> 1668 help
>> 1669 Common parts of the Twofish cipher algorithm shared by the
>> 1670 generic c and the assembler implementations.
>> 1671
>> 1672 config CRYPTO_TWOFISH_586
>> 1673 tristate "Twofish cipher algorithms (i586)"
>> 1674 depends on (X86 || UML_X86) && !64BIT
>> 1675 select CRYPTO_ALGAPI
>> 1676 select CRYPTO_TWOFISH_COMMON
1113 help 1677 help
1114 CRC64 CRC algorithm based on the Ro !! 1678 Twofish cipher algorithm.
1115 1679
1116 Used by the NVMe implementation of !! 1680 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1681 candidate cipher by researchers at CounterPane Systems. It is a
>> 1682 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1683 bits.
>> 1684
>> 1685 See also:
>> 1686 <http://www.schneier.com/twofish.html>
1117 1687
1118 See https://zlib.net/crc_v3.txt !! 1688 config CRYPTO_TWOFISH_X86_64
>> 1689 tristate "Twofish cipher algorithm (x86_64)"
>> 1690 depends on (X86 || UML_X86) && 64BIT
>> 1691 select CRYPTO_ALGAPI
>> 1692 select CRYPTO_TWOFISH_COMMON
>> 1693 help
>> 1694 Twofish cipher algorithm (x86_64).
1119 1695
1120 endmenu !! 1696 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1697 candidate cipher by researchers at CounterPane Systems. It is a
>> 1698 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1699 bits.
1121 1700
1122 menu "Compression" !! 1701 See also:
>> 1702 <http://www.schneier.com/twofish.html>
>> 1703
>> 1704 config CRYPTO_TWOFISH_X86_64_3WAY
>> 1705 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
>> 1706 depends on X86 && 64BIT
>> 1707 select CRYPTO_BLKCIPHER
>> 1708 select CRYPTO_TWOFISH_COMMON
>> 1709 select CRYPTO_TWOFISH_X86_64
>> 1710 select CRYPTO_GLUE_HELPER_X86
>> 1711 help
>> 1712 Twofish cipher algorithm (x86_64, 3-way parallel).
>> 1713
>> 1714 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1715 candidate cipher by researchers at CounterPane Systems. It is a
>> 1716 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1717 bits.
>> 1718
>> 1719 This module provides Twofish cipher algorithm that processes three
>> 1720 blocks parallel, utilizing resources of out-of-order CPUs better.
>> 1721
>> 1722 See also:
>> 1723 <http://www.schneier.com/twofish.html>
>> 1724
>> 1725 config CRYPTO_TWOFISH_AVX_X86_64
>> 1726 tristate "Twofish cipher algorithm (x86_64/AVX)"
>> 1727 depends on X86 && 64BIT
>> 1728 select CRYPTO_BLKCIPHER
>> 1729 select CRYPTO_GLUE_HELPER_X86
>> 1730 select CRYPTO_SIMD
>> 1731 select CRYPTO_TWOFISH_COMMON
>> 1732 select CRYPTO_TWOFISH_X86_64
>> 1733 select CRYPTO_TWOFISH_X86_64_3WAY
>> 1734 help
>> 1735 Twofish cipher algorithm (x86_64/AVX).
>> 1736
>> 1737 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1738 candidate cipher by researchers at CounterPane Systems. It is a
>> 1739 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1740 bits.
>> 1741
>> 1742 This module provides the Twofish cipher algorithm that processes
>> 1743 eight blocks parallel using the AVX Instruction Set.
>> 1744
>> 1745 See also:
>> 1746 <http://www.schneier.com/twofish.html>
>> 1747
>> 1748 comment "Compression"
1123 1749
1124 config CRYPTO_DEFLATE 1750 config CRYPTO_DEFLATE
1125 tristate "Deflate" !! 1751 tristate "Deflate compression algorithm"
1126 select CRYPTO_ALGAPI 1752 select CRYPTO_ALGAPI
1127 select CRYPTO_ACOMP2 1753 select CRYPTO_ACOMP2
1128 select ZLIB_INFLATE 1754 select ZLIB_INFLATE
1129 select ZLIB_DEFLATE 1755 select ZLIB_DEFLATE
1130 help 1756 help
1131 Deflate compression algorithm (RFC1 !! 1757 This is the Deflate algorithm (RFC1951), specified for use in
>> 1758 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1132 1759
1133 Used by IPSec with the IPCOMP proto !! 1760 You will most probably want this if using IPSec.
1134 1761
1135 config CRYPTO_LZO 1762 config CRYPTO_LZO
1136 tristate "LZO" !! 1763 tristate "LZO compression algorithm"
1137 select CRYPTO_ALGAPI 1764 select CRYPTO_ALGAPI
1138 select CRYPTO_ACOMP2 1765 select CRYPTO_ACOMP2
1139 select LZO_COMPRESS 1766 select LZO_COMPRESS
1140 select LZO_DECOMPRESS 1767 select LZO_DECOMPRESS
1141 help 1768 help
1142 LZO compression algorithm !! 1769 This is the LZO algorithm.
1143 <<
1144 See https://www.oberhumer.com/opens <<
1145 1770
1146 config CRYPTO_842 1771 config CRYPTO_842
1147 tristate "842" !! 1772 tristate "842 compression algorithm"
1148 select CRYPTO_ALGAPI 1773 select CRYPTO_ALGAPI
1149 select CRYPTO_ACOMP2 1774 select CRYPTO_ACOMP2
1150 select 842_COMPRESS 1775 select 842_COMPRESS
1151 select 842_DECOMPRESS 1776 select 842_DECOMPRESS
1152 help 1777 help
1153 842 compression algorithm by IBM !! 1778 This is the 842 algorithm.
1154 <<
1155 See https://github.com/plauth/lib84 <<
1156 1779
1157 config CRYPTO_LZ4 1780 config CRYPTO_LZ4
1158 tristate "LZ4" !! 1781 tristate "LZ4 compression algorithm"
1159 select CRYPTO_ALGAPI 1782 select CRYPTO_ALGAPI
1160 select CRYPTO_ACOMP2 1783 select CRYPTO_ACOMP2
1161 select LZ4_COMPRESS 1784 select LZ4_COMPRESS
1162 select LZ4_DECOMPRESS 1785 select LZ4_DECOMPRESS
1163 help 1786 help
1164 LZ4 compression algorithm !! 1787 This is the LZ4 algorithm.
1165 <<
1166 See https://github.com/lz4/lz4 for <<
1167 1788
1168 config CRYPTO_LZ4HC 1789 config CRYPTO_LZ4HC
1169 tristate "LZ4HC" !! 1790 tristate "LZ4HC compression algorithm"
1170 select CRYPTO_ALGAPI 1791 select CRYPTO_ALGAPI
1171 select CRYPTO_ACOMP2 1792 select CRYPTO_ACOMP2
1172 select LZ4HC_COMPRESS 1793 select LZ4HC_COMPRESS
1173 select LZ4_DECOMPRESS 1794 select LZ4_DECOMPRESS
1174 help 1795 help
1175 LZ4 high compression mode algorithm !! 1796 This is the LZ4 high compression mode algorithm.
1176 <<
1177 See https://github.com/lz4/lz4 for <<
1178 1797
1179 config CRYPTO_ZSTD 1798 config CRYPTO_ZSTD
1180 tristate "Zstd" !! 1799 tristate "Zstd compression algorithm"
1181 select CRYPTO_ALGAPI 1800 select CRYPTO_ALGAPI
1182 select CRYPTO_ACOMP2 1801 select CRYPTO_ACOMP2
1183 select ZSTD_COMPRESS 1802 select ZSTD_COMPRESS
1184 select ZSTD_DECOMPRESS 1803 select ZSTD_DECOMPRESS
1185 help 1804 help
1186 zstd compression algorithm !! 1805 This is the zstd algorithm.
1187 <<
1188 See https://github.com/facebook/zst <<
1189 1806
1190 endmenu !! 1807 comment "Random Number Generation"
1191 <<
1192 menu "Random number generation" <<
1193 1808
1194 config CRYPTO_ANSI_CPRNG 1809 config CRYPTO_ANSI_CPRNG
1195 tristate "ANSI PRNG (Pseudo Random Nu !! 1810 tristate "Pseudo Random Number Generation for Cryptographic modules"
1196 select CRYPTO_AES 1811 select CRYPTO_AES
1197 select CRYPTO_RNG 1812 select CRYPTO_RNG
1198 help 1813 help
1199 Pseudo RNG (random number generator !! 1814 This option enables the generic pseudo random number generator
1200 !! 1815 for cryptographic modules. Uses the Algorithm specified in
1201 This uses the AES cipher algorithm. !! 1816 ANSI X9.31 A.2.4. Note that this option must be enabled if
1202 !! 1817 CRYPTO_FIPS is selected
1203 Note that this option must be enabl <<
1204 1818
1205 menuconfig CRYPTO_DRBG_MENU 1819 menuconfig CRYPTO_DRBG_MENU
1206 tristate "NIST SP800-90A DRBG (Determ !! 1820 tristate "NIST SP800-90A DRBG"
1207 help 1821 help
1208 DRBG (Deterministic Random Bit Gene !! 1822 NIST SP800-90A compliant DRBG. In the following submenu, one or
1209 !! 1823 more of the DRBG types must be selected.
1210 In the following submenu, one or mo <<
1211 1824
1212 if CRYPTO_DRBG_MENU 1825 if CRYPTO_DRBG_MENU
1213 1826
1214 config CRYPTO_DRBG_HMAC 1827 config CRYPTO_DRBG_HMAC
1215 bool 1828 bool
1216 default y 1829 default y
1217 select CRYPTO_HMAC 1830 select CRYPTO_HMAC
1218 select CRYPTO_SHA512 !! 1831 select CRYPTO_SHA256
1219 1832
1220 config CRYPTO_DRBG_HASH 1833 config CRYPTO_DRBG_HASH
1221 bool "Hash_DRBG" !! 1834 bool "Enable Hash DRBG"
1222 select CRYPTO_SHA256 1835 select CRYPTO_SHA256
1223 help 1836 help
1224 Hash_DRBG variant as defined in NIS !! 1837 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1225 <<
1226 This uses the SHA-1, SHA-256, SHA-3 <<
1227 1838
1228 config CRYPTO_DRBG_CTR 1839 config CRYPTO_DRBG_CTR
1229 bool "CTR_DRBG" !! 1840 bool "Enable CTR DRBG"
1230 select CRYPTO_AES 1841 select CRYPTO_AES
1231 select CRYPTO_CTR !! 1842 depends on CRYPTO_CTR
1232 help 1843 help
1233 CTR_DRBG variant as defined in NIST !! 1844 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1234 <<
1235 This uses the AES cipher algorithm <<
1236 1845
1237 config CRYPTO_DRBG 1846 config CRYPTO_DRBG
1238 tristate 1847 tristate
1239 default CRYPTO_DRBG_MENU 1848 default CRYPTO_DRBG_MENU
1240 select CRYPTO_RNG 1849 select CRYPTO_RNG
1241 select CRYPTO_JITTERENTROPY 1850 select CRYPTO_JITTERENTROPY
1242 1851
1243 endif # if CRYPTO_DRBG_MENU 1852 endif # if CRYPTO_DRBG_MENU
1244 1853
1245 config CRYPTO_JITTERENTROPY 1854 config CRYPTO_JITTERENTROPY
1246 tristate "CPU Jitter Non-Deterministi !! 1855 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1247 select CRYPTO_RNG 1856 select CRYPTO_RNG
1248 select CRYPTO_SHA3 <<
1249 help 1857 help
1250 CPU Jitter RNG (Random Number Gener !! 1858 The Jitterentropy RNG is a noise that is intended
1251 !! 1859 to provide seed to another RNG. The RNG does not
1252 A non-physical non-deterministic (" !! 1860 perform any cryptographic whitening of the generated
1253 compliant with NIST SP800-90B) inte !! 1861 random numbers. This Jitterentropy RNG registers with
1254 deterministic RNG (e.g., per NIST S !! 1862 the kernel crypto API and can be used by any caller.
1255 This RNG does not perform any crypt <<
1256 random numbers. <<
1257 <<
1258 See https://www.chronox.de/jent/ <<
1259 <<
1260 if CRYPTO_JITTERENTROPY <<
1261 if CRYPTO_FIPS && EXPERT <<
1262 <<
1263 choice <<
1264 prompt "CPU Jitter RNG Memory Size" <<
1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ <<
1266 help <<
1267 The Jitter RNG measures the executi <<
1268 Multiple consecutive memory accesse <<
1269 size fits into a cache (e.g. L1), o <<
1270 to that cache is measured. The clos <<
1271 the less variations are measured an <<
1272 obtained. Thus, if the memory size <<
1273 obtained entropy is less than if th <<
1274 L1 + L2, which in turn is less if t <<
1275 L1 + L2 + L3. Thus, by selecting a <<
1276 the entropy rate produced by the Ji <<
1277 <<
1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 <<
1279 bool "2048 Bytes (default)" <<
1280 <<
1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1282 bool "128 kBytes" <<
1283 <<
1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1285 bool "1024 kBytes" <<
1286 <<
1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 <<
1288 bool "8192 kBytes" <<
1289 endchoice <<
1290 <<
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1292 int <<
1293 default 64 if CRYPTO_JITTERENTROPY_ME <<
1294 default 512 if CRYPTO_JITTERENTROPY_M <<
1295 default 1024 if CRYPTO_JITTERENTROPY_ <<
1296 default 4096 if CRYPTO_JITTERENTROPY_ <<
1297 <<
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1299 int <<
1300 default 32 if CRYPTO_JITTERENTROPY_ME <<
1301 default 256 if CRYPTO_JITTERENTROPY_M <<
1302 default 1024 if CRYPTO_JITTERENTROPY_ <<
1303 default 2048 if CRYPTO_JITTERENTROPY_ <<
1304 <<
1305 config CRYPTO_JITTERENTROPY_OSR <<
1306 int "CPU Jitter RNG Oversampling Rate <<
1307 range 1 15 <<
1308 default 3 <<
1309 help <<
1310 The Jitter RNG allows the specifica <<
1311 The Jitter RNG operation requires a <<
1312 measurements to produce one output <<
1313 OSR value is multiplied with the am <<
1314 generate one output block. Thus, th <<
1315 by the OSR factor. The oversampling <<
1316 on hardware whose timers deliver li <<
1317 the timer is coarse) by setting the <<
1318 trade-off, however, is that the Jit <<
1319 to generate random numbers. <<
1320 <<
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1322 bool "CPU Jitter RNG Test Interface" <<
1323 help <<
1324 The test interface allows a privile <<
1325 the raw unconditioned high resoluti <<
1326 is collected by the Jitter RNG for <<
1327 this data is used at the same time <<
1328 the Jitter RNG operates in an insec <<
1329 recording is enabled. This interfac <<
1330 intended for testing purposes and i <<
1331 production systems. <<
1332 <<
1333 The raw noise data can be obtained <<
1334 debugfs file. Using the option <<
1335 jitterentropy_testing.boot_raw_hire <<
1336 the first 1000 entropy events since <<
1337 <<
1338 If unsure, select N. <<
1339 <<
1340 endif # if CRYPTO_FIPS && EXPERT <<
1341 <<
1342 if !(CRYPTO_FIPS && EXPERT) <<
1343 <<
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1345 int <<
1346 default 64 <<
1347 <<
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1349 int <<
1350 default 32 <<
1351 <<
1352 config CRYPTO_JITTERENTROPY_OSR <<
1353 int <<
1354 default 1 <<
1355 <<
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1357 bool <<
1358 <<
1359 endif # if !(CRYPTO_FIPS && EXPERT) <<
1360 endif # if CRYPTO_JITTERENTROPY <<
1361 <<
1362 config CRYPTO_KDF800108_CTR <<
1363 tristate <<
1364 select CRYPTO_HMAC <<
1365 select CRYPTO_SHA256 <<
1366 <<
1367 endmenu <<
1368 menu "Userspace interface" <<
1369 1863
1370 config CRYPTO_USER_API 1864 config CRYPTO_USER_API
1371 tristate 1865 tristate
1372 1866
1373 config CRYPTO_USER_API_HASH 1867 config CRYPTO_USER_API_HASH
1374 tristate "Hash algorithms" !! 1868 tristate "User-space interface for hash algorithms"
1375 depends on NET 1869 depends on NET
1376 select CRYPTO_HASH 1870 select CRYPTO_HASH
1377 select CRYPTO_USER_API 1871 select CRYPTO_USER_API
1378 help 1872 help
1379 Enable the userspace interface for !! 1873 This option enables the user-spaces interface for hash
1380 !! 1874 algorithms.
1381 See Documentation/crypto/userspace- <<
1382 https://www.chronox.de/libkcapi/htm <<
1383 1875
1384 config CRYPTO_USER_API_SKCIPHER 1876 config CRYPTO_USER_API_SKCIPHER
1385 tristate "Symmetric key cipher algori !! 1877 tristate "User-space interface for symmetric key cipher algorithms"
1386 depends on NET 1878 depends on NET
1387 select CRYPTO_SKCIPHER !! 1879 select CRYPTO_BLKCIPHER
1388 select CRYPTO_USER_API 1880 select CRYPTO_USER_API
1389 help 1881 help
1390 Enable the userspace interface for !! 1882 This option enables the user-spaces interface for symmetric
1391 !! 1883 key cipher algorithms.
1392 See Documentation/crypto/userspace- <<
1393 https://www.chronox.de/libkcapi/htm <<
1394 1884
1395 config CRYPTO_USER_API_RNG 1885 config CRYPTO_USER_API_RNG
1396 tristate "RNG (random number generato !! 1886 tristate "User-space interface for random number generator algorithms"
1397 depends on NET 1887 depends on NET
1398 select CRYPTO_RNG 1888 select CRYPTO_RNG
1399 select CRYPTO_USER_API 1889 select CRYPTO_USER_API
1400 help 1890 help
1401 Enable the userspace interface for !! 1891 This option enables the user-spaces interface for random
1402 algorithms. !! 1892 number generator algorithms.
1403 <<
1404 See Documentation/crypto/userspace- <<
1405 https://www.chronox.de/libkcapi/htm <<
1406 <<
1407 config CRYPTO_USER_API_RNG_CAVP <<
1408 bool "Enable CAVP testing of DRBG" <<
1409 depends on CRYPTO_USER_API_RNG && CRY <<
1410 help <<
1411 Enable extra APIs in the userspace <<
1412 (Cryptographic Algorithm Validation <<
1413 - resetting DRBG entropy <<
1414 - providing Additional Data <<
1415 <<
1416 This should only be enabled for CAV <<
1417 no unless you know what this is. <<
1418 1893
1419 config CRYPTO_USER_API_AEAD 1894 config CRYPTO_USER_API_AEAD
1420 tristate "AEAD cipher algorithms" !! 1895 tristate "User-space interface for AEAD cipher algorithms"
1421 depends on NET 1896 depends on NET
1422 select CRYPTO_AEAD 1897 select CRYPTO_AEAD
1423 select CRYPTO_SKCIPHER !! 1898 select CRYPTO_BLKCIPHER
1424 select CRYPTO_NULL 1899 select CRYPTO_NULL
1425 select CRYPTO_USER_API 1900 select CRYPTO_USER_API
1426 help 1901 help
1427 Enable the userspace interface for !! 1902 This option enables the user-spaces interface for AEAD
1428 !! 1903 cipher algorithms.
1429 See Documentation/crypto/userspace- <<
1430 https://www.chronox.de/libkcapi/htm <<
1431 <<
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE <<
1433 bool "Obsolete cryptographic algorith <<
1434 depends on CRYPTO_USER_API <<
1435 default y <<
1436 help <<
1437 Allow obsolete cryptographic algori <<
1438 already been phased out from intern <<
1439 only useful for userspace clients t <<
1440 1904
1441 endmenu !! 1905 config CRYPTO_STATS
>> 1906 bool "Crypto usage statistics for User-space"
>> 1907 depends on CRYPTO_USER
>> 1908 help
>> 1909 This option enables the gathering of crypto stats.
>> 1910 This will collect:
>> 1911 - encrypt/decrypt size and numbers of symmeric operations
>> 1912 - compress/decompress size and numbers of compress operations
>> 1913 - size and numbers of hash operations
>> 1914 - encrypt/decrypt/sign/verify numbers for asymmetric operations
>> 1915 - generate/seed numbers for rng operations
1442 1916
1443 config CRYPTO_HASH_INFO 1917 config CRYPTO_HASH_INFO
1444 bool 1918 bool
1445 <<
1446 if !KMSAN # avoid false positives from assemb <<
1447 if ARM <<
1448 source "arch/arm/crypto/Kconfig" <<
1449 endif <<
1450 if ARM64 <<
1451 source "arch/arm64/crypto/Kconfig" <<
1452 endif <<
1453 if LOONGARCH <<
1454 source "arch/loongarch/crypto/Kconfig" <<
1455 endif <<
1456 if MIPS <<
1457 source "arch/mips/crypto/Kconfig" <<
1458 endif <<
1459 if PPC <<
1460 source "arch/powerpc/crypto/Kconfig" <<
1461 endif <<
1462 if RISCV <<
1463 source "arch/riscv/crypto/Kconfig" <<
1464 endif <<
1465 if S390 <<
1466 source "arch/s390/crypto/Kconfig" <<
1467 endif <<
1468 if SPARC <<
1469 source "arch/sparc/crypto/Kconfig" <<
1470 endif <<
1471 if X86 <<
1472 source "arch/x86/crypto/Kconfig" <<
1473 endif <<
1474 endif <<
1475 1919
1476 source "drivers/crypto/Kconfig" 1920 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig" 1921 source "crypto/asymmetric_keys/Kconfig"
1478 source "certs/Kconfig" 1922 source "certs/Kconfig"
1479 1923
1480 endif # if CRYPTO 1924 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.