1 # SPDX-License-Identifier: GPL-2.0 1 # SPDX-License-Identifier: GPL-2.0
2 # 2 #
3 # Generic algorithms support 3 # Generic algorithms support
4 # 4 #
5 config XOR_BLOCKS 5 config XOR_BLOCKS
6 tristate 6 tristate
7 7
8 # 8 #
9 # async_tx api: hardware offloaded memory tran 9 # async_tx api: hardware offloaded memory transfer/transform support
10 # 10 #
11 source "crypto/async_tx/Kconfig" 11 source "crypto/async_tx/Kconfig"
12 12
13 # 13 #
14 # Cryptographic API Configuration 14 # Cryptographic API Configuration
15 # 15 #
16 menuconfig CRYPTO 16 menuconfig CRYPTO
17 tristate "Cryptographic API" 17 tristate "Cryptographic API"
18 select CRYPTO_LIB_UTILS <<
19 help 18 help
20 This option provides the core Crypto 19 This option provides the core Cryptographic API.
21 20
22 if CRYPTO 21 if CRYPTO
23 22
24 menu "Crypto core or helper" !! 23 comment "Crypto core or helper"
25 24
26 config CRYPTO_FIPS 25 config CRYPTO_FIPS
27 bool "FIPS 200 compliance" 26 bool "FIPS 200 compliance"
28 depends on (CRYPTO_ANSI_CPRNG || CRYPT 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
29 depends on (MODULE_SIG || !MODULES) 28 depends on (MODULE_SIG || !MODULES)
30 help 29 help
31 This option enables the fips boot op 30 This option enables the fips boot option which is
32 required if you want the system to o 31 required if you want the system to operate in a FIPS 200
33 certification. You should say no un 32 certification. You should say no unless you know what
34 this is. 33 this is.
35 34
36 config CRYPTO_FIPS_NAME <<
37 string "FIPS Module Name" <<
38 default "Linux Kernel Cryptographic AP <<
39 depends on CRYPTO_FIPS <<
40 help <<
41 This option sets the FIPS Module nam <<
42 the /proc/sys/crypto/fips_name file. <<
43 <<
44 config CRYPTO_FIPS_CUSTOM_VERSION <<
45 bool "Use Custom FIPS Module Version" <<
46 depends on CRYPTO_FIPS <<
47 default n <<
48 <<
49 config CRYPTO_FIPS_VERSION <<
50 string "FIPS Module Version" <<
51 default "(none)" <<
52 depends on CRYPTO_FIPS_CUSTOM_VERSION <<
53 help <<
54 This option provides the ability to <<
55 By default the KERNELRELEASE value i <<
56 <<
57 config CRYPTO_ALGAPI 35 config CRYPTO_ALGAPI
58 tristate 36 tristate
59 select CRYPTO_ALGAPI2 37 select CRYPTO_ALGAPI2
60 help 38 help
61 This option provides the API for cry 39 This option provides the API for cryptographic algorithms.
62 40
63 config CRYPTO_ALGAPI2 41 config CRYPTO_ALGAPI2
64 tristate 42 tristate
65 43
66 config CRYPTO_AEAD 44 config CRYPTO_AEAD
67 tristate 45 tristate
68 select CRYPTO_AEAD2 46 select CRYPTO_AEAD2
69 select CRYPTO_ALGAPI 47 select CRYPTO_ALGAPI
70 48
71 config CRYPTO_AEAD2 49 config CRYPTO_AEAD2
72 tristate 50 tristate
73 select CRYPTO_ALGAPI2 51 select CRYPTO_ALGAPI2
>> 52 select CRYPTO_NULL2
>> 53 select CRYPTO_RNG2
74 54
75 config CRYPTO_SIG !! 55 config CRYPTO_BLKCIPHER
76 tristate <<
77 select CRYPTO_SIG2 <<
78 select CRYPTO_ALGAPI <<
79 <<
80 config CRYPTO_SIG2 <<
81 tristate <<
82 select CRYPTO_ALGAPI2 <<
83 <<
84 config CRYPTO_SKCIPHER <<
85 tristate 56 tristate
86 select CRYPTO_SKCIPHER2 !! 57 select CRYPTO_BLKCIPHER2
87 select CRYPTO_ALGAPI 58 select CRYPTO_ALGAPI
88 select CRYPTO_ECB <<
89 59
90 config CRYPTO_SKCIPHER2 !! 60 config CRYPTO_BLKCIPHER2
91 tristate 61 tristate
92 select CRYPTO_ALGAPI2 62 select CRYPTO_ALGAPI2
>> 63 select CRYPTO_RNG2
93 64
94 config CRYPTO_HASH 65 config CRYPTO_HASH
95 tristate 66 tristate
96 select CRYPTO_HASH2 67 select CRYPTO_HASH2
97 select CRYPTO_ALGAPI 68 select CRYPTO_ALGAPI
98 69
99 config CRYPTO_HASH2 70 config CRYPTO_HASH2
100 tristate 71 tristate
101 select CRYPTO_ALGAPI2 72 select CRYPTO_ALGAPI2
102 73
103 config CRYPTO_RNG 74 config CRYPTO_RNG
104 tristate 75 tristate
105 select CRYPTO_RNG2 76 select CRYPTO_RNG2
106 select CRYPTO_ALGAPI 77 select CRYPTO_ALGAPI
107 78
108 config CRYPTO_RNG2 79 config CRYPTO_RNG2
109 tristate 80 tristate
110 select CRYPTO_ALGAPI2 81 select CRYPTO_ALGAPI2
111 82
112 config CRYPTO_RNG_DEFAULT 83 config CRYPTO_RNG_DEFAULT
113 tristate 84 tristate
114 select CRYPTO_DRBG_MENU 85 select CRYPTO_DRBG_MENU
115 86
116 config CRYPTO_AKCIPHER2 87 config CRYPTO_AKCIPHER2
117 tristate 88 tristate
118 select CRYPTO_ALGAPI2 89 select CRYPTO_ALGAPI2
119 90
120 config CRYPTO_AKCIPHER 91 config CRYPTO_AKCIPHER
121 tristate 92 tristate
122 select CRYPTO_AKCIPHER2 93 select CRYPTO_AKCIPHER2
123 select CRYPTO_ALGAPI 94 select CRYPTO_ALGAPI
124 95
125 config CRYPTO_KPP2 96 config CRYPTO_KPP2
126 tristate 97 tristate
127 select CRYPTO_ALGAPI2 98 select CRYPTO_ALGAPI2
128 99
129 config CRYPTO_KPP 100 config CRYPTO_KPP
130 tristate 101 tristate
131 select CRYPTO_ALGAPI 102 select CRYPTO_ALGAPI
132 select CRYPTO_KPP2 103 select CRYPTO_KPP2
133 104
134 config CRYPTO_ACOMP2 105 config CRYPTO_ACOMP2
135 tristate 106 tristate
136 select CRYPTO_ALGAPI2 107 select CRYPTO_ALGAPI2
137 select SGL_ALLOC 108 select SGL_ALLOC
138 109
139 config CRYPTO_ACOMP 110 config CRYPTO_ACOMP
140 tristate 111 tristate
141 select CRYPTO_ALGAPI 112 select CRYPTO_ALGAPI
142 select CRYPTO_ACOMP2 113 select CRYPTO_ACOMP2
143 114
144 config CRYPTO_MANAGER 115 config CRYPTO_MANAGER
145 tristate "Cryptographic algorithm mana 116 tristate "Cryptographic algorithm manager"
146 select CRYPTO_MANAGER2 117 select CRYPTO_MANAGER2
147 help 118 help
148 Create default cryptographic templat 119 Create default cryptographic template instantiations such as
149 cbc(aes). 120 cbc(aes).
150 121
151 config CRYPTO_MANAGER2 122 config CRYPTO_MANAGER2
152 def_tristate CRYPTO_MANAGER || (CRYPTO 123 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153 select CRYPTO_ACOMP2 <<
154 select CRYPTO_AEAD2 124 select CRYPTO_AEAD2
155 select CRYPTO_AKCIPHER2 <<
156 select CRYPTO_SIG2 <<
157 select CRYPTO_HASH2 125 select CRYPTO_HASH2
>> 126 select CRYPTO_BLKCIPHER2
>> 127 select CRYPTO_AKCIPHER2
158 select CRYPTO_KPP2 128 select CRYPTO_KPP2
159 select CRYPTO_RNG2 !! 129 select CRYPTO_ACOMP2
160 select CRYPTO_SKCIPHER2 <<
161 130
162 config CRYPTO_USER 131 config CRYPTO_USER
163 tristate "Userspace cryptographic algo 132 tristate "Userspace cryptographic algorithm configuration"
164 depends on NET 133 depends on NET
165 select CRYPTO_MANAGER 134 select CRYPTO_MANAGER
166 help 135 help
167 Userspace configuration for cryptogr 136 Userspace configuration for cryptographic instantiations such as
168 cbc(aes). 137 cbc(aes).
169 138
>> 139 if CRYPTO_MANAGER2
>> 140
170 config CRYPTO_MANAGER_DISABLE_TESTS 141 config CRYPTO_MANAGER_DISABLE_TESTS
171 bool "Disable run-time self tests" 142 bool "Disable run-time self tests"
172 default y 143 default y
173 help 144 help
174 Disable run-time self tests that nor 145 Disable run-time self tests that normally take place at
175 algorithm registration. 146 algorithm registration.
176 147
177 config CRYPTO_MANAGER_EXTRA_TESTS 148 config CRYPTO_MANAGER_EXTRA_TESTS
178 bool "Enable extra run-time crypto sel 149 bool "Enable extra run-time crypto self tests"
179 depends on DEBUG_KERNEL && !CRYPTO_MAN !! 150 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS
180 help 151 help
181 Enable extra run-time self tests of 152 Enable extra run-time self tests of registered crypto algorithms,
182 including randomized fuzz tests. 153 including randomized fuzz tests.
183 154
184 This is intended for developer use o 155 This is intended for developer use only, as these tests take much
185 longer to run than the normal self t 156 longer to run than the normal self tests.
186 157
>> 158 endif # if CRYPTO_MANAGER2
>> 159
>> 160 config CRYPTO_GF128MUL
>> 161 tristate
>> 162
187 config CRYPTO_NULL 163 config CRYPTO_NULL
188 tristate "Null algorithms" 164 tristate "Null algorithms"
189 select CRYPTO_NULL2 165 select CRYPTO_NULL2
190 help 166 help
191 These are 'Null' algorithms, used by 167 These are 'Null' algorithms, used by IPsec, which do nothing.
192 168
193 config CRYPTO_NULL2 169 config CRYPTO_NULL2
194 tristate 170 tristate
195 select CRYPTO_ALGAPI2 171 select CRYPTO_ALGAPI2
196 select CRYPTO_SKCIPHER2 !! 172 select CRYPTO_BLKCIPHER2
197 select CRYPTO_HASH2 173 select CRYPTO_HASH2
198 174
199 config CRYPTO_PCRYPT 175 config CRYPTO_PCRYPT
200 tristate "Parallel crypto engine" 176 tristate "Parallel crypto engine"
201 depends on SMP 177 depends on SMP
202 select PADATA 178 select PADATA
203 select CRYPTO_MANAGER 179 select CRYPTO_MANAGER
204 select CRYPTO_AEAD 180 select CRYPTO_AEAD
205 help 181 help
206 This converts an arbitrary crypto al 182 This converts an arbitrary crypto algorithm into a parallel
207 algorithm that executes in kernel th 183 algorithm that executes in kernel threads.
208 184
209 config CRYPTO_CRYPTD 185 config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon 186 tristate "Software async crypto daemon"
211 select CRYPTO_SKCIPHER !! 187 select CRYPTO_BLKCIPHER
212 select CRYPTO_HASH 188 select CRYPTO_HASH
213 select CRYPTO_MANAGER 189 select CRYPTO_MANAGER
214 help 190 help
215 This is a generic software asynchron 191 This is a generic software asynchronous crypto daemon that
216 converts an arbitrary synchronous so 192 converts an arbitrary synchronous software crypto algorithm
217 into an asynchronous algorithm that 193 into an asynchronous algorithm that executes in a kernel thread.
218 194
219 config CRYPTO_AUTHENC 195 config CRYPTO_AUTHENC
220 tristate "Authenc support" 196 tristate "Authenc support"
221 select CRYPTO_AEAD 197 select CRYPTO_AEAD
222 select CRYPTO_SKCIPHER !! 198 select CRYPTO_BLKCIPHER
223 select CRYPTO_MANAGER 199 select CRYPTO_MANAGER
224 select CRYPTO_HASH 200 select CRYPTO_HASH
225 select CRYPTO_NULL 201 select CRYPTO_NULL
226 help 202 help
227 Authenc: Combined mode wrapper for I 203 Authenc: Combined mode wrapper for IPsec.
228 !! 204 This is required for IPSec.
229 This is required for IPSec ESP (XFRM <<
230 205
231 config CRYPTO_TEST 206 config CRYPTO_TEST
232 tristate "Testing module" 207 tristate "Testing module"
233 depends on m || EXPERT !! 208 depends on m
234 select CRYPTO_MANAGER 209 select CRYPTO_MANAGER
235 help 210 help
236 Quick & dirty crypto test module. 211 Quick & dirty crypto test module.
237 212
238 config CRYPTO_SIMD 213 config CRYPTO_SIMD
239 tristate 214 tristate
240 select CRYPTO_CRYPTD 215 select CRYPTO_CRYPTD
241 216
242 config CRYPTO_ENGINE !! 217 config CRYPTO_GLUE_HELPER_X86
243 tristate 218 tristate
>> 219 depends on X86
>> 220 select CRYPTO_BLKCIPHER
244 221
245 endmenu !! 222 config CRYPTO_ENGINE
>> 223 tristate
246 224
247 menu "Public-key cryptography" !! 225 comment "Public-key cryptography"
248 226
249 config CRYPTO_RSA 227 config CRYPTO_RSA
250 tristate "RSA (Rivest-Shamir-Adleman)" !! 228 tristate "RSA algorithm"
251 select CRYPTO_AKCIPHER 229 select CRYPTO_AKCIPHER
252 select CRYPTO_MANAGER 230 select CRYPTO_MANAGER
253 select MPILIB 231 select MPILIB
254 select ASN1 232 select ASN1
255 help 233 help
256 RSA (Rivest-Shamir-Adleman) public k !! 234 Generic implementation of the RSA public key algorithm.
257 235
258 config CRYPTO_DH 236 config CRYPTO_DH
259 tristate "DH (Diffie-Hellman)" !! 237 tristate "Diffie-Hellman algorithm"
260 select CRYPTO_KPP 238 select CRYPTO_KPP
261 select MPILIB 239 select MPILIB
262 help 240 help
263 DH (Diffie-Hellman) key exchange alg !! 241 Generic implementation of the Diffie-Hellman algorithm.
264 <<
265 config CRYPTO_DH_RFC7919_GROUPS <<
266 bool "RFC 7919 FFDHE groups" <<
267 depends on CRYPTO_DH <<
268 select CRYPTO_RNG_DEFAULT <<
269 help <<
270 FFDHE (Finite-Field-based Diffie-Hel <<
271 defined in RFC7919. <<
272 <<
273 Support these finite-field groups in <<
274 - ffdhe2048, ffdhe3072, ffdhe4096, f <<
275 <<
276 If unsure, say N. <<
277 242
278 config CRYPTO_ECC 243 config CRYPTO_ECC
279 tristate 244 tristate
280 select CRYPTO_RNG_DEFAULT 245 select CRYPTO_RNG_DEFAULT
281 246
282 config CRYPTO_ECDH 247 config CRYPTO_ECDH
283 tristate "ECDH (Elliptic Curve Diffie- !! 248 tristate "ECDH algorithm"
284 select CRYPTO_ECC 249 select CRYPTO_ECC
285 select CRYPTO_KPP 250 select CRYPTO_KPP
286 help 251 help
287 ECDH (Elliptic Curve Diffie-Hellman) !! 252 Generic implementation of the ECDH algorithm
288 using curves P-192, P-256, and P-384 <<
289 <<
290 config CRYPTO_ECDSA <<
291 tristate "ECDSA (Elliptic Curve Digita <<
292 select CRYPTO_ECC <<
293 select CRYPTO_AKCIPHER <<
294 select ASN1 <<
295 help <<
296 ECDSA (Elliptic Curve Digital Signat <<
297 ISO/IEC 14888-3) <<
298 using curves P-192, P-256, and P-384 <<
299 <<
300 Only signature verification is imple <<
301 253
302 config CRYPTO_ECRDSA 254 config CRYPTO_ECRDSA
303 tristate "EC-RDSA (Elliptic Curve Russ !! 255 tristate "EC-RDSA (GOST 34.10) algorithm"
304 select CRYPTO_ECC 256 select CRYPTO_ECC
305 select CRYPTO_AKCIPHER 257 select CRYPTO_AKCIPHER
306 select CRYPTO_STREEBOG 258 select CRYPTO_STREEBOG
307 select OID_REGISTRY 259 select OID_REGISTRY
308 select ASN1 260 select ASN1
309 help 261 help
310 Elliptic Curve Russian Digital Signa 262 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
311 RFC 7091, ISO/IEC 14888-3) !! 263 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
>> 264 standard algorithms (called GOST algorithms). Only signature verification
>> 265 is implemented.
312 266
313 One of the Russian cryptographic sta !! 267 comment "Authenticated Encryption with Associated Data"
314 algorithms). Only signature verifica <<
315 268
316 config CRYPTO_CURVE25519 !! 269 config CRYPTO_CCM
317 tristate "Curve25519" !! 270 tristate "CCM support"
318 select CRYPTO_KPP !! 271 select CRYPTO_CTR
319 select CRYPTO_LIB_CURVE25519_GENERIC !! 272 select CRYPTO_HASH
>> 273 select CRYPTO_AEAD
>> 274 select CRYPTO_MANAGER
320 help 275 help
321 Curve25519 elliptic curve (RFC7748) !! 276 Support for Counter with CBC MAC. Required for IPsec.
322 277
323 endmenu !! 278 config CRYPTO_GCM
>> 279 tristate "GCM/GMAC support"
>> 280 select CRYPTO_CTR
>> 281 select CRYPTO_AEAD
>> 282 select CRYPTO_GHASH
>> 283 select CRYPTO_NULL
>> 284 select CRYPTO_MANAGER
>> 285 help
>> 286 Support for Galois/Counter Mode (GCM) and Galois Message
>> 287 Authentication Code (GMAC). Required for IPSec.
324 288
325 menu "Block ciphers" !! 289 config CRYPTO_CHACHA20POLY1305
>> 290 tristate "ChaCha20-Poly1305 AEAD support"
>> 291 select CRYPTO_CHACHA20
>> 292 select CRYPTO_POLY1305
>> 293 select CRYPTO_AEAD
>> 294 select CRYPTO_MANAGER
>> 295 help
>> 296 ChaCha20-Poly1305 AEAD support, RFC7539.
326 297
327 config CRYPTO_AES !! 298 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
328 tristate "AES (Advanced Encryption Sta !! 299 with the Poly1305 authenticator. It is defined in RFC7539 for use in
329 select CRYPTO_ALGAPI !! 300 IETF protocols.
330 select CRYPTO_LIB_AES !! 301
>> 302 config CRYPTO_AEGIS128
>> 303 tristate "AEGIS-128 AEAD algorithm"
>> 304 select CRYPTO_AEAD
>> 305 select CRYPTO_AES # for AES S-box tables
331 help 306 help
332 AES cipher algorithms (Rijndael)(FIP !! 307 Support for the AEGIS-128 dedicated AEAD algorithm.
333 308
334 Rijndael appears to be consistently !! 309 config CRYPTO_AEGIS128_SIMD
335 both hardware and software across a !! 310 bool "Support SIMD acceleration for AEGIS-128"
336 environments regardless of its use i !! 311 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
337 modes. Its key setup time is excelle !! 312 depends on !ARM || CC_IS_CLANG || GCC_VERSION >= 40800
338 good. Rijndael's very low memory req !! 313 default y
339 suited for restricted-space environm <<
340 demonstrates excellent performance. <<
341 among the easiest to defend against <<
342 314
343 The AES specifies three key sizes: 1 !! 315 config CRYPTO_AEGIS128_AESNI_SSE2
>> 316 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
>> 317 depends on X86 && 64BIT
>> 318 select CRYPTO_AEAD
>> 319 select CRYPTO_SIMD
>> 320 help
>> 321 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
344 322
345 config CRYPTO_AES_TI !! 323 config CRYPTO_SEQIV
346 tristate "AES (Advanced Encryption Sta !! 324 tristate "Sequence Number IV Generator"
347 select CRYPTO_ALGAPI !! 325 select CRYPTO_AEAD
348 select CRYPTO_LIB_AES !! 326 select CRYPTO_BLKCIPHER
>> 327 select CRYPTO_NULL
>> 328 select CRYPTO_RNG_DEFAULT
>> 329 select CRYPTO_MANAGER
349 help 330 help
350 AES cipher algorithms (Rijndael)(FIP !! 331 This IV generator generates an IV based on a sequence number by
>> 332 xoring it with a salt. This algorithm is mainly useful for CTR
351 333
352 This is a generic implementation of !! 334 config CRYPTO_ECHAINIV
353 data dependent latencies as much as !! 335 tristate "Encrypted Chain IV Generator"
354 performance too much. It is intended !! 336 select CRYPTO_AEAD
355 and GCM drivers, and other CTR or CM !! 337 select CRYPTO_NULL
356 solely on encryption (although decry !! 338 select CRYPTO_RNG_DEFAULT
357 with a more dramatic performance hit !! 339 select CRYPTO_MANAGER
>> 340 help
>> 341 This IV generator generates an IV based on the encryption of
>> 342 a sequence number xored with a salt. This is the default
>> 343 algorithm for CBC.
358 344
359 Instead of using 16 lookup tables of !! 345 comment "Block modes"
360 8 for decryption), this implementati <<
361 256 bytes each, and attempts to elim <<
362 prefetching the entire table into th <<
363 block. Interrupts are also disabled <<
364 are evicted when the CPU is interrup <<
365 346
366 config CRYPTO_ANUBIS !! 347 config CRYPTO_CBC
367 tristate "Anubis" !! 348 tristate "CBC support"
368 depends on CRYPTO_USER_API_ENABLE_OBSO !! 349 select CRYPTO_BLKCIPHER
369 select CRYPTO_ALGAPI !! 350 select CRYPTO_MANAGER
370 help 351 help
371 Anubis cipher algorithm !! 352 CBC: Cipher Block Chaining mode
>> 353 This block cipher algorithm is required for IPSec.
372 354
373 Anubis is a variable key length ciph !! 355 config CRYPTO_CFB
374 128 bits to 320 bits in length. It !! 356 tristate "CFB support"
375 in the NESSIE competition. !! 357 select CRYPTO_BLKCIPHER
>> 358 select CRYPTO_MANAGER
>> 359 help
>> 360 CFB: Cipher FeedBack mode
>> 361 This block cipher algorithm is required for TPM2 Cryptography.
376 362
377 See https://web.archive.org/web/2016 !! 363 config CRYPTO_CTR
378 for further information. !! 364 tristate "CTR support"
>> 365 select CRYPTO_BLKCIPHER
>> 366 select CRYPTO_SEQIV
>> 367 select CRYPTO_MANAGER
>> 368 help
>> 369 CTR: Counter mode
>> 370 This block cipher algorithm is required for IPSec.
379 371
380 config CRYPTO_ARIA !! 372 config CRYPTO_CTS
381 tristate "ARIA" !! 373 tristate "CTS support"
382 select CRYPTO_ALGAPI !! 374 select CRYPTO_BLKCIPHER
>> 375 select CRYPTO_MANAGER
383 help 376 help
384 ARIA cipher algorithm (RFC5794) !! 377 CTS: Cipher Text Stealing
>> 378 This is the Cipher Text Stealing mode as described by
>> 379 Section 8 of rfc2040 and referenced by rfc3962
>> 380 (rfc3962 includes errata information in its Appendix A) or
>> 381 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
>> 382 This mode is required for Kerberos gss mechanism support
>> 383 for AES encryption.
385 384
386 ARIA is a standard encryption algori !! 385 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
387 The ARIA specifies three key sizes a <<
388 128-bit: 12 rounds. <<
389 192-bit: 14 rounds. <<
390 256-bit: 16 rounds. <<
391 386
392 See: !! 387 config CRYPTO_ECB
393 https://seed.kisa.or.kr/kisa/algorit !! 388 tristate "ECB support"
>> 389 select CRYPTO_BLKCIPHER
>> 390 select CRYPTO_MANAGER
>> 391 help
>> 392 ECB: Electronic CodeBook mode
>> 393 This is the simplest block cipher algorithm. It simply encrypts
>> 394 the input block by block.
394 395
395 config CRYPTO_BLOWFISH !! 396 config CRYPTO_LRW
396 tristate "Blowfish" !! 397 tristate "LRW support"
397 select CRYPTO_ALGAPI !! 398 select CRYPTO_BLKCIPHER
398 select CRYPTO_BLOWFISH_COMMON !! 399 select CRYPTO_MANAGER
>> 400 select CRYPTO_GF128MUL
399 help 401 help
400 Blowfish cipher algorithm, by Bruce !! 402 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
>> 403 narrow block cipher mode for dm-crypt. Use it with cipher
>> 404 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
>> 405 The first 128, 192 or 256 bits in the key are used for AES and the
>> 406 rest is used to tie each cipher block to its logical position.
401 407
402 This is a variable key length cipher !! 408 config CRYPTO_OFB
403 bits to 448 bits in length. It's fa !! 409 tristate "OFB support"
404 designed for use on "large microproc !! 410 select CRYPTO_BLKCIPHER
>> 411 select CRYPTO_MANAGER
>> 412 help
>> 413 OFB: the Output Feedback mode makes a block cipher into a synchronous
>> 414 stream cipher. It generates keystream blocks, which are then XORed
>> 415 with the plaintext blocks to get the ciphertext. Flipping a bit in the
>> 416 ciphertext produces a flipped bit in the plaintext at the same
>> 417 location. This property allows many error correcting codes to function
>> 418 normally even when applied before encryption.
405 419
406 See https://www.schneier.com/blowfis !! 420 config CRYPTO_PCBC
>> 421 tristate "PCBC support"
>> 422 select CRYPTO_BLKCIPHER
>> 423 select CRYPTO_MANAGER
>> 424 help
>> 425 PCBC: Propagating Cipher Block Chaining mode
>> 426 This block cipher algorithm is required for RxRPC.
407 427
408 config CRYPTO_BLOWFISH_COMMON !! 428 config CRYPTO_XTS
>> 429 tristate "XTS support"
>> 430 select CRYPTO_BLKCIPHER
>> 431 select CRYPTO_MANAGER
>> 432 select CRYPTO_ECB
>> 433 help
>> 434 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
>> 435 key size 256, 384 or 512 bits. This implementation currently
>> 436 can't handle a sectorsize which is not a multiple of 16 bytes.
>> 437
>> 438 config CRYPTO_KEYWRAP
>> 439 tristate "Key wrapping support"
>> 440 select CRYPTO_BLKCIPHER
>> 441 select CRYPTO_MANAGER
>> 442 help
>> 443 Support for key wrapping (NIST SP800-38F / RFC3394) without
>> 444 padding.
>> 445
>> 446 config CRYPTO_NHPOLY1305
409 tristate 447 tristate
>> 448 select CRYPTO_HASH
>> 449 select CRYPTO_POLY1305
>> 450
>> 451 config CRYPTO_NHPOLY1305_SSE2
>> 452 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
>> 453 depends on X86 && 64BIT
>> 454 select CRYPTO_NHPOLY1305
410 help 455 help
411 Common parts of the Blowfish cipher !! 456 SSE2 optimized implementation of the hash function used by the
412 generic c and the assembler implemen !! 457 Adiantum encryption mode.
413 458
414 config CRYPTO_CAMELLIA !! 459 config CRYPTO_NHPOLY1305_AVX2
415 tristate "Camellia" !! 460 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
416 select CRYPTO_ALGAPI !! 461 depends on X86 && 64BIT
>> 462 select CRYPTO_NHPOLY1305
417 help 463 help
418 Camellia cipher algorithms (ISO/IEC !! 464 AVX2 optimized implementation of the hash function used by the
>> 465 Adiantum encryption mode.
419 466
420 Camellia is a symmetric key block ci !! 467 config CRYPTO_ADIANTUM
421 at NTT and Mitsubishi Electric Corpo !! 468 tristate "Adiantum support"
>> 469 select CRYPTO_CHACHA20
>> 470 select CRYPTO_POLY1305
>> 471 select CRYPTO_NHPOLY1305
>> 472 select CRYPTO_MANAGER
>> 473 help
>> 474 Adiantum is a tweakable, length-preserving encryption mode
>> 475 designed for fast and secure disk encryption, especially on
>> 476 CPUs without dedicated crypto instructions. It encrypts
>> 477 each sector using the XChaCha12 stream cipher, two passes of
>> 478 an ε-almost-∆-universal hash function, and an invocation of
>> 479 the AES-256 block cipher on a single 16-byte block. On CPUs
>> 480 without AES instructions, Adiantum is much faster than
>> 481 AES-XTS.
422 482
423 The Camellia specifies three key siz !! 483 Adiantum's security is provably reducible to that of its
>> 484 underlying stream and block ciphers, subject to a security
>> 485 bound. Unlike XTS, Adiantum is a true wide-block encryption
>> 486 mode, so it actually provides an even stronger notion of
>> 487 security than XTS, subject to the security bound.
424 488
425 See https://info.isl.ntt.co.jp/crypt !! 489 If unsure, say N.
426 490
427 config CRYPTO_CAST_COMMON !! 491 config CRYPTO_ESSIV
428 tristate !! 492 tristate "ESSIV support for block encryption"
>> 493 select CRYPTO_AUTHENC
429 help 494 help
430 Common parts of the CAST cipher algo !! 495 Encrypted salt-sector initialization vector (ESSIV) is an IV
431 generic c and the assembler implemen !! 496 generation method that is used in some cases by fscrypt and/or
>> 497 dm-crypt. It uses the hash of the block encryption key as the
>> 498 symmetric key for a block encryption pass applied to the input
>> 499 IV, making low entropy IV sources more suitable for block
>> 500 encryption.
432 501
433 config CRYPTO_CAST5 !! 502 This driver implements a crypto API template that can be
434 tristate "CAST5 (CAST-128)" !! 503 instantiated either as an skcipher or as an AEAD (depending on the
435 select CRYPTO_ALGAPI !! 504 type of the first template argument), and which defers encryption
436 select CRYPTO_CAST_COMMON !! 505 and decryption requests to the encapsulated cipher after applying
>> 506 ESSIV to the input IV. Note that in the AEAD case, it is assumed
>> 507 that the keys are presented in the same format used by the authenc
>> 508 template, and that the IV appears at the end of the authenticated
>> 509 associated data (AAD) region (which is how dm-crypt uses it.)
>> 510
>> 511 Note that the use of ESSIV is not recommended for new deployments,
>> 512 and so this only needs to be enabled when interoperability with
>> 513 existing encrypted volumes of filesystems is required, or when
>> 514 building for a particular system that requires it (e.g., when
>> 515 the SoC in question has accelerated CBC but not XTS, making CBC
>> 516 combined with ESSIV the only feasible mode for h/w accelerated
>> 517 block encryption)
>> 518
>> 519 comment "Hash modes"
>> 520
>> 521 config CRYPTO_CMAC
>> 522 tristate "CMAC support"
>> 523 select CRYPTO_HASH
>> 524 select CRYPTO_MANAGER
437 help 525 help
438 CAST5 (CAST-128) cipher algorithm (R !! 526 Cipher-based Message Authentication Code (CMAC) specified by
>> 527 The National Institute of Standards and Technology (NIST).
439 528
440 config CRYPTO_CAST6 !! 529 https://tools.ietf.org/html/rfc4493
441 tristate "CAST6 (CAST-256)" !! 530 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
442 select CRYPTO_ALGAPI !! 531
443 select CRYPTO_CAST_COMMON !! 532 config CRYPTO_HMAC
>> 533 tristate "HMAC support"
>> 534 select CRYPTO_HASH
>> 535 select CRYPTO_MANAGER
444 help 536 help
445 CAST6 (CAST-256) encryption algorith !! 537 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
>> 538 This is required for IPSec.
446 539
447 config CRYPTO_DES !! 540 config CRYPTO_XCBC
448 tristate "DES and Triple DES EDE" !! 541 tristate "XCBC support"
449 select CRYPTO_ALGAPI !! 542 select CRYPTO_HASH
450 select CRYPTO_LIB_DES !! 543 select CRYPTO_MANAGER
451 help 544 help
452 DES (Data Encryption Standard)(FIPS !! 545 XCBC: Keyed-Hashing with encryption algorithm
453 Triple DES EDE (Encrypt/Decrypt/Encr !! 546 http://www.ietf.org/rfc/rfc3566.txt
454 cipher algorithms !! 547 http://csrc.nist.gov/encryption/modes/proposedmodes/
>> 548 xcbc-mac/xcbc-mac-spec.pdf
455 549
456 config CRYPTO_FCRYPT !! 550 config CRYPTO_VMAC
457 tristate "FCrypt" !! 551 tristate "VMAC support"
458 select CRYPTO_ALGAPI !! 552 select CRYPTO_HASH
459 select CRYPTO_SKCIPHER !! 553 select CRYPTO_MANAGER
460 help 554 help
461 FCrypt algorithm used by RxRPC !! 555 VMAC is a message authentication algorithm designed for
>> 556 very high speed on 64-bit architectures.
462 557
463 See https://ota.polyonymo.us/fcrypt- !! 558 See also:
>> 559 <http://fastcrypto.org/vmac>
464 560
465 config CRYPTO_KHAZAD !! 561 comment "Digest"
466 tristate "Khazad" !! 562
467 depends on CRYPTO_USER_API_ENABLE_OBSO !! 563 config CRYPTO_CRC32C
468 select CRYPTO_ALGAPI !! 564 tristate "CRC32c CRC algorithm"
>> 565 select CRYPTO_HASH
>> 566 select CRC32
>> 567 help
>> 568 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
>> 569 by iSCSI for header and data digests and by others.
>> 570 See Castagnoli93. Module will be crc32c.
>> 571
>> 572 config CRYPTO_CRC32C_INTEL
>> 573 tristate "CRC32c INTEL hardware acceleration"
>> 574 depends on X86
>> 575 select CRYPTO_HASH
>> 576 help
>> 577 In Intel processor with SSE4.2 supported, the processor will
>> 578 support CRC32C implementation using hardware accelerated CRC32
>> 579 instruction. This option will create 'crc32c-intel' module,
>> 580 which will enable any routine to use the CRC32 instruction to
>> 581 gain performance compared with software implementation.
>> 582 Module will be crc32c-intel.
>> 583
>> 584 config CRYPTO_CRC32C_VPMSUM
>> 585 tristate "CRC32c CRC algorithm (powerpc64)"
>> 586 depends on PPC64 && ALTIVEC
>> 587 select CRYPTO_HASH
>> 588 select CRC32
469 help 589 help
470 Khazad cipher algorithm !! 590 CRC32c algorithm implemented using vector polynomial multiply-sum
>> 591 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
>> 592 and newer processors for improved performance.
471 593
472 Khazad was a finalist in the initial <<
473 an algorithm optimized for 64-bit pr <<
474 on 32-bit processors. Khazad uses a <<
475 594
476 See https://web.archive.org/web/2017 !! 595 config CRYPTO_CRC32C_SPARC64
477 for further information. !! 596 tristate "CRC32c CRC algorithm (SPARC64)"
>> 597 depends on SPARC64
>> 598 select CRYPTO_HASH
>> 599 select CRC32
>> 600 help
>> 601 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
>> 602 when available.
478 603
479 config CRYPTO_SEED !! 604 config CRYPTO_CRC32
480 tristate "SEED" !! 605 tristate "CRC32 CRC algorithm"
481 depends on CRYPTO_USER_API_ENABLE_OBSO !! 606 select CRYPTO_HASH
482 select CRYPTO_ALGAPI !! 607 select CRC32
483 help 608 help
484 SEED cipher algorithm (RFC4269, ISO/ !! 609 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
>> 610 Shash crypto api wrappers to crc32_le function.
485 611
486 SEED is a 128-bit symmetric key bloc !! 612 config CRYPTO_CRC32_PCLMUL
487 developed by KISA (Korea Information !! 613 tristate "CRC32 PCLMULQDQ hardware acceleration"
488 national standard encryption algorit !! 614 depends on X86
489 It is a 16 round block cipher with t !! 615 select CRYPTO_HASH
>> 616 select CRC32
>> 617 help
>> 618 From Intel Westmere and AMD Bulldozer processor with SSE4.2
>> 619 and PCLMULQDQ supported, the processor will support
>> 620 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
>> 621 instruction. This option will create 'crc32-pclmul' module,
>> 622 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
>> 623 and gain better performance as compared with the table implementation.
>> 624
>> 625 config CRYPTO_CRC32_MIPS
>> 626 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
>> 627 depends on MIPS_CRC_SUPPORT
>> 628 select CRYPTO_HASH
>> 629 help
>> 630 CRC32c and CRC32 CRC algorithms implemented using mips crypto
>> 631 instructions, when available.
490 632
491 See https://seed.kisa.or.kr/kisa/alg <<
492 for further information. <<
493 633
494 config CRYPTO_SERPENT !! 634 config CRYPTO_XXHASH
495 tristate "Serpent" !! 635 tristate "xxHash hash algorithm"
496 select CRYPTO_ALGAPI !! 636 select CRYPTO_HASH
>> 637 select XXHASH
497 help 638 help
498 Serpent cipher algorithm, by Anderso !! 639 xxHash non-cryptographic hash algorithm. Extremely fast, working at
>> 640 speeds close to RAM limits.
499 641
500 Keys are allowed to be from 0 to 256 !! 642 config CRYPTO_CRCT10DIF
501 of 8 bits. !! 643 tristate "CRCT10DIF algorithm"
>> 644 select CRYPTO_HASH
>> 645 help
>> 646 CRC T10 Data Integrity Field computation is being cast as
>> 647 a crypto transform. This allows for faster crc t10 diff
>> 648 transforms to be used if they are available.
502 649
503 See https://www.cl.cam.ac.uk/~rja14/ !! 650 config CRYPTO_CRCT10DIF_PCLMUL
>> 651 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
>> 652 depends on X86 && 64BIT && CRC_T10DIF
>> 653 select CRYPTO_HASH
>> 654 help
>> 655 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
>> 656 CRC T10 DIF PCLMULQDQ computation can be hardware
>> 657 accelerated PCLMULQDQ instruction. This option will create
>> 658 'crct10dif-pclmul' module, which is faster when computing the
>> 659 crct10dif checksum as compared with the generic table implementation.
504 660
505 config CRYPTO_SM4 !! 661 config CRYPTO_CRCT10DIF_VPMSUM
506 tristate !! 662 tristate "CRC32T10DIF powerpc64 hardware acceleration"
>> 663 depends on PPC64 && ALTIVEC && CRC_T10DIF
>> 664 select CRYPTO_HASH
>> 665 help
>> 666 CRC10T10DIF algorithm implemented using vector polynomial
>> 667 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
>> 668 POWER8 and newer processors for improved performance.
507 669
508 config CRYPTO_SM4_GENERIC !! 670 config CRYPTO_VPMSUM_TESTER
509 tristate "SM4 (ShangMi 4)" !! 671 tristate "Powerpc64 vpmsum hardware acceleration tester"
510 select CRYPTO_ALGAPI !! 672 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
511 select CRYPTO_SM4 <<
512 help 673 help
513 SM4 cipher algorithms (OSCCA GB/T 32 !! 674 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
514 ISO/IEC 18033-3:2010/Amd 1:2021) !! 675 POWER8 vpmsum instructions.
>> 676 Unless you are testing these algorithms, you don't need this.
515 677
516 SM4 (GBT.32907-2016) is a cryptograp !! 678 config CRYPTO_GHASH
517 Organization of State Commercial Adm !! 679 tristate "GHASH hash function"
518 as an authorized cryptographic algor !! 680 select CRYPTO_GF128MUL
>> 681 select CRYPTO_HASH
>> 682 help
>> 683 GHASH is the hash function used in GCM (Galois/Counter Mode).
>> 684 It is not a general-purpose cryptographic hash function.
519 685
520 SMS4 was originally created for use !! 686 config CRYPTO_POLY1305
521 networks, and is mandated in the Chi !! 687 tristate "Poly1305 authenticator algorithm"
522 Wireless LAN WAPI (Wired Authenticat !! 688 select CRYPTO_HASH
523 (GB.15629.11-2003). !! 689 help
>> 690 Poly1305 authenticator algorithm, RFC7539.
524 691
525 The latest SM4 standard (GBT.32907-2 !! 692 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
526 standardized through TC 260 of the S !! 693 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
527 of the People's Republic of China (S !! 694 in IETF protocols. This is the portable C implementation of Poly1305.
528 695
529 The input, output, and key of SMS4 a !! 696 config CRYPTO_POLY1305_X86_64
>> 697 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
>> 698 depends on X86 && 64BIT
>> 699 select CRYPTO_POLY1305
>> 700 help
>> 701 Poly1305 authenticator algorithm, RFC7539.
530 702
531 See https://eprint.iacr.org/2008/329 !! 703 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
>> 704 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
>> 705 in IETF protocols. This is the x86_64 assembler implementation using SIMD
>> 706 instructions.
532 707
533 If unsure, say N. !! 708 config CRYPTO_MD4
>> 709 tristate "MD4 digest algorithm"
>> 710 select CRYPTO_HASH
>> 711 help
>> 712 MD4 message digest algorithm (RFC1320).
534 713
535 config CRYPTO_TEA !! 714 config CRYPTO_MD5
536 tristate "TEA, XTEA and XETA" !! 715 tristate "MD5 digest algorithm"
537 depends on CRYPTO_USER_API_ENABLE_OBSO !! 716 select CRYPTO_HASH
538 select CRYPTO_ALGAPI <<
539 help 717 help
540 TEA (Tiny Encryption Algorithm) ciph !! 718 MD5 message digest algorithm (RFC1321).
541 719
542 Tiny Encryption Algorithm is a simpl !! 720 config CRYPTO_MD5_OCTEON
543 many rounds for security. It is ver !! 721 tristate "MD5 digest algorithm (OCTEON)"
544 little memory. !! 722 depends on CPU_CAVIUM_OCTEON
>> 723 select CRYPTO_MD5
>> 724 select CRYPTO_HASH
>> 725 help
>> 726 MD5 message digest algorithm (RFC1321) implemented
>> 727 using OCTEON crypto instructions, when available.
545 728
546 Xtendend Tiny Encryption Algorithm i !! 729 config CRYPTO_MD5_PPC
547 the TEA algorithm to address a poten !! 730 tristate "MD5 digest algorithm (PPC)"
548 in the TEA algorithm. !! 731 depends on PPC
>> 732 select CRYPTO_HASH
>> 733 help
>> 734 MD5 message digest algorithm (RFC1321) implemented
>> 735 in PPC assembler.
549 736
550 Xtendend Encryption Tiny Algorithm i !! 737 config CRYPTO_MD5_SPARC64
551 of the XTEA algorithm for compatibil !! 738 tristate "MD5 digest algorithm (SPARC64)"
>> 739 depends on SPARC64
>> 740 select CRYPTO_MD5
>> 741 select CRYPTO_HASH
>> 742 help
>> 743 MD5 message digest algorithm (RFC1321) implemented
>> 744 using sparc64 crypto instructions, when available.
552 745
553 config CRYPTO_TWOFISH !! 746 config CRYPTO_MICHAEL_MIC
554 tristate "Twofish" !! 747 tristate "Michael MIC keyed digest algorithm"
555 select CRYPTO_ALGAPI !! 748 select CRYPTO_HASH
556 select CRYPTO_TWOFISH_COMMON <<
557 help 749 help
558 Twofish cipher algorithm !! 750 Michael MIC is used for message integrity protection in TKIP
>> 751 (IEEE 802.11i). This algorithm is required for TKIP, but it
>> 752 should not be used for other purposes because of the weakness
>> 753 of the algorithm.
559 754
560 Twofish was submitted as an AES (Adv !! 755 config CRYPTO_RMD128
561 candidate cipher by researchers at C !! 756 tristate "RIPEMD-128 digest algorithm"
562 16 round block cipher supporting key !! 757 select CRYPTO_HASH
563 bits. !! 758 help
>> 759 RIPEMD-128 (ISO/IEC 10118-3:2004).
564 760
565 See https://www.schneier.com/twofish !! 761 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
>> 762 be used as a secure replacement for RIPEMD. For other use cases,
>> 763 RIPEMD-160 should be used.
566 764
567 config CRYPTO_TWOFISH_COMMON !! 765 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
568 tristate !! 766 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
>> 767
>> 768 config CRYPTO_RMD160
>> 769 tristate "RIPEMD-160 digest algorithm"
>> 770 select CRYPTO_HASH
569 help 771 help
570 Common parts of the Twofish cipher a !! 772 RIPEMD-160 (ISO/IEC 10118-3:2004).
571 generic c and the assembler implemen <<
572 773
573 endmenu !! 774 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
>> 775 to be used as a secure replacement for the 128-bit hash functions
>> 776 MD4, MD5 and it's predecessor RIPEMD
>> 777 (not to be confused with RIPEMD-128).
574 778
575 menu "Length-preserving ciphers and modes" !! 779 It's speed is comparable to SHA1 and there are no known attacks
>> 780 against RIPEMD-160.
576 781
577 config CRYPTO_ADIANTUM !! 782 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
578 tristate "Adiantum" !! 783 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
579 select CRYPTO_CHACHA20 !! 784
580 select CRYPTO_LIB_POLY1305_GENERIC !! 785 config CRYPTO_RMD256
581 select CRYPTO_NHPOLY1305 !! 786 tristate "RIPEMD-256 digest algorithm"
582 select CRYPTO_MANAGER !! 787 select CRYPTO_HASH
583 help 788 help
584 Adiantum tweakable, length-preservin !! 789 RIPEMD-256 is an optional extension of RIPEMD-128 with a
>> 790 256 bit hash. It is intended for applications that require
>> 791 longer hash-results, without needing a larger security level
>> 792 (than RIPEMD-128).
585 793
586 Designed for fast and secure disk en !! 794 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
587 CPUs without dedicated crypto instru !! 795 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
588 each sector using the XChaCha12 stre <<
589 an ε-almost-∆-universal hash func <<
590 the AES-256 block cipher on a single <<
591 without AES instructions, Adiantum i <<
592 AES-XTS. <<
593 796
594 Adiantum's security is provably redu !! 797 config CRYPTO_RMD320
595 underlying stream and block ciphers, !! 798 tristate "RIPEMD-320 digest algorithm"
596 bound. Unlike XTS, Adiantum is a tr !! 799 select CRYPTO_HASH
597 mode, so it actually provides an eve !! 800 help
598 security than XTS, subject to the se !! 801 RIPEMD-320 is an optional extension of RIPEMD-160 with a
>> 802 320 bit hash. It is intended for applications that require
>> 803 longer hash-results, without needing a larger security level
>> 804 (than RIPEMD-160).
599 805
600 If unsure, say N. !! 806 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
>> 807 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
601 808
602 config CRYPTO_ARC4 !! 809 config CRYPTO_SHA1
603 tristate "ARC4 (Alleged Rivest Cipher !! 810 tristate "SHA1 digest algorithm"
604 depends on CRYPTO_USER_API_ENABLE_OBSO !! 811 select CRYPTO_HASH
605 select CRYPTO_SKCIPHER <<
606 select CRYPTO_LIB_ARC4 <<
607 help 812 help
608 ARC4 cipher algorithm !! 813 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
609 814
610 ARC4 is a stream cipher using keys r !! 815 config CRYPTO_SHA1_SSSE3
611 bits in length. This algorithm is r !! 816 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
612 WEP, but it should not be for other !! 817 depends on X86 && 64BIT
613 weakness of the algorithm. !! 818 select CRYPTO_SHA1
>> 819 select CRYPTO_HASH
>> 820 help
>> 821 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 822 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
>> 823 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
>> 824 when available.
614 825
615 config CRYPTO_CHACHA20 !! 826 config CRYPTO_SHA256_SSSE3
616 tristate "ChaCha" !! 827 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
617 select CRYPTO_LIB_CHACHA_GENERIC !! 828 depends on X86 && 64BIT
618 select CRYPTO_SKCIPHER !! 829 select CRYPTO_SHA256
>> 830 select CRYPTO_HASH
619 help 831 help
620 The ChaCha20, XChaCha20, and XChaCha !! 832 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 833 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 834 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 835 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
>> 836 Instructions) when available.
>> 837
>> 838 config CRYPTO_SHA512_SSSE3
>> 839 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
>> 840 depends on X86 && 64BIT
>> 841 select CRYPTO_SHA512
>> 842 select CRYPTO_HASH
>> 843 help
>> 844 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 845 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 846 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 847 version 2 (AVX2) instructions, when available.
621 848
622 ChaCha20 is a 256-bit high-speed str !! 849 config CRYPTO_SHA1_OCTEON
623 Bernstein and further specified in R !! 850 tristate "SHA1 digest algorithm (OCTEON)"
624 This is the portable C implementatio !! 851 depends on CPU_CAVIUM_OCTEON
625 https://cr.yp.to/chacha/chacha-20080 !! 852 select CRYPTO_SHA1
>> 853 select CRYPTO_HASH
>> 854 help
>> 855 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 856 using OCTEON crypto instructions, when available.
626 857
627 XChaCha20 is the application of the !! 858 config CRYPTO_SHA1_SPARC64
628 rather than to Salsa20. XChaCha20 e !! 859 tristate "SHA1 digest algorithm (SPARC64)"
629 from 64 bits (or 96 bits using the R !! 860 depends on SPARC64
630 while provably retaining ChaCha20's !! 861 select CRYPTO_SHA1
631 https://cr.yp.to/snuffle/xsalsa-2008 !! 862 select CRYPTO_HASH
>> 863 help
>> 864 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 865 using sparc64 crypto instructions, when available.
632 866
633 XChaCha12 is XChaCha20 reduced to 12 !! 867 config CRYPTO_SHA1_PPC
634 reduced security margin but increase !! 868 tristate "SHA1 digest algorithm (powerpc)"
635 in some performance-sensitive scenar !! 869 depends on PPC
>> 870 help
>> 871 This is the powerpc hardware accelerated implementation of the
>> 872 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
636 873
637 config CRYPTO_CBC !! 874 config CRYPTO_SHA1_PPC_SPE
638 tristate "CBC (Cipher Block Chaining)" !! 875 tristate "SHA1 digest algorithm (PPC SPE)"
639 select CRYPTO_SKCIPHER !! 876 depends on PPC && SPE
640 select CRYPTO_MANAGER <<
641 help 877 help
642 CBC (Cipher Block Chaining) mode (NI !! 878 SHA-1 secure hash standard (DFIPS 180-4) implemented
>> 879 using powerpc SPE SIMD instruction set.
643 880
644 This block cipher mode is required f !! 881 config CRYPTO_LIB_SHA256
>> 882 tristate
645 883
646 config CRYPTO_CTR !! 884 config CRYPTO_SHA256
647 tristate "CTR (Counter)" !! 885 tristate "SHA224 and SHA256 digest algorithm"
648 select CRYPTO_SKCIPHER !! 886 select CRYPTO_HASH
649 select CRYPTO_MANAGER !! 887 select CRYPTO_LIB_SHA256
650 help 888 help
651 CTR (Counter) mode (NIST SP800-38A) !! 889 SHA256 secure hash standard (DFIPS 180-2).
652 890
653 config CRYPTO_CTS !! 891 This version of SHA implements a 256 bit hash with 128 bits of
654 tristate "CTS (Cipher Text Stealing)" !! 892 security against collision attacks.
655 select CRYPTO_SKCIPHER !! 893
656 select CRYPTO_MANAGER !! 894 This code also includes SHA-224, a 224 bit hash with 112 bits
>> 895 of security against collision attacks.
>> 896
>> 897 config CRYPTO_SHA256_PPC_SPE
>> 898 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
>> 899 depends on PPC && SPE
>> 900 select CRYPTO_SHA256
>> 901 select CRYPTO_HASH
657 help 902 help
658 CBC-CS3 variant of CTS (Cipher Text !! 903 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
659 Addendum to SP800-38A (October 2010) !! 904 implemented using powerpc SPE SIMD instruction set.
660 905
661 This mode is required for Kerberos g !! 906 config CRYPTO_SHA256_OCTEON
662 for AES encryption. !! 907 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
>> 908 depends on CPU_CAVIUM_OCTEON
>> 909 select CRYPTO_SHA256
>> 910 select CRYPTO_HASH
>> 911 help
>> 912 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 913 using OCTEON crypto instructions, when available.
663 914
664 config CRYPTO_ECB !! 915 config CRYPTO_SHA256_SPARC64
665 tristate "ECB (Electronic Codebook)" !! 916 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
666 select CRYPTO_SKCIPHER2 !! 917 depends on SPARC64
667 select CRYPTO_MANAGER !! 918 select CRYPTO_SHA256
>> 919 select CRYPTO_HASH
668 help 920 help
669 ECB (Electronic Codebook) mode (NIST !! 921 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 922 using sparc64 crypto instructions, when available.
670 923
671 config CRYPTO_HCTR2 !! 924 config CRYPTO_SHA512
672 tristate "HCTR2" !! 925 tristate "SHA384 and SHA512 digest algorithms"
673 select CRYPTO_XCTR !! 926 select CRYPTO_HASH
674 select CRYPTO_POLYVAL <<
675 select CRYPTO_MANAGER <<
676 help 927 help
677 HCTR2 length-preserving encryption m !! 928 SHA512 secure hash standard (DFIPS 180-2).
678 929
679 A mode for storage encryption that i !! 930 This version of SHA implements a 512 bit hash with 256 bits of
680 instructions to accelerate AES and c !! 931 security against collision attacks.
681 x86 processors with AES-NI and CLMUL <<
682 ARMv8 crypto extensions. <<
683 932
684 See https://eprint.iacr.org/2021/144 !! 933 This code also includes SHA-384, a 384 bit hash with 192 bits
>> 934 of security against collision attacks.
685 935
686 config CRYPTO_KEYWRAP !! 936 config CRYPTO_SHA512_OCTEON
687 tristate "KW (AES Key Wrap)" !! 937 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
688 select CRYPTO_SKCIPHER !! 938 depends on CPU_CAVIUM_OCTEON
689 select CRYPTO_MANAGER !! 939 select CRYPTO_SHA512
>> 940 select CRYPTO_HASH
690 help 941 help
691 KW (AES Key Wrap) authenticated encr !! 942 SHA-512 secure hash standard (DFIPS 180-2) implemented
692 and RFC3394) without padding. !! 943 using OCTEON crypto instructions, when available.
693 944
694 config CRYPTO_LRW !! 945 config CRYPTO_SHA512_SPARC64
695 tristate "LRW (Liskov Rivest Wagner)" !! 946 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
696 select CRYPTO_LIB_GF128MUL !! 947 depends on SPARC64
697 select CRYPTO_SKCIPHER !! 948 select CRYPTO_SHA512
698 select CRYPTO_MANAGER !! 949 select CRYPTO_HASH
699 select CRYPTO_ECB <<
700 help 950 help
701 LRW (Liskov Rivest Wagner) mode !! 951 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 952 using sparc64 crypto instructions, when available.
702 953
703 A tweakable, non malleable, non mova !! 954 config CRYPTO_SHA3
704 narrow block cipher mode for dm-cryp !! 955 tristate "SHA3 digest algorithm"
705 specification string aes-lrw-benbi, !! 956 select CRYPTO_HASH
706 The first 128, 192 or 256 bits in th !! 957 help
707 rest is used to tie each cipher bloc !! 958 SHA-3 secure hash standard (DFIPS 202). It's based on
>> 959 cryptographic sponge function family called Keccak.
708 960
709 See https://people.csail.mit.edu/riv !! 961 References:
>> 962 http://keccak.noekeon.org/
710 963
711 config CRYPTO_PCBC !! 964 config CRYPTO_SM3
712 tristate "PCBC (Propagating Cipher Blo !! 965 tristate "SM3 digest algorithm"
713 select CRYPTO_SKCIPHER !! 966 select CRYPTO_HASH
714 select CRYPTO_MANAGER <<
715 help 967 help
716 PCBC (Propagating Cipher Block Chain !! 968 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
>> 969 It is part of the Chinese Commercial Cryptography suite.
717 970
718 This block cipher mode is required f !! 971 References:
>> 972 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
>> 973 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
719 974
720 config CRYPTO_XCTR !! 975 config CRYPTO_STREEBOG
721 tristate !! 976 tristate "Streebog Hash Function"
722 select CRYPTO_SKCIPHER !! 977 select CRYPTO_HASH
723 select CRYPTO_MANAGER <<
724 help 978 help
725 XCTR (XOR Counter) mode for HCTR2 !! 979 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
>> 980 cryptographic standard algorithms (called GOST algorithms).
>> 981 This setting enables two hash algorithms with 256 and 512 bits output.
726 982
727 This blockcipher mode is a variant o !! 983 References:
728 addition rather than big-endian arit !! 984 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
729 !! 985 https://tools.ietf.org/html/rfc6986
730 XCTR mode is used to implement HCTR2 <<
731 986
732 config CRYPTO_XTS !! 987 config CRYPTO_TGR192
733 tristate "XTS (XOR Encrypt XOR with ci !! 988 tristate "Tiger digest algorithms"
734 select CRYPTO_SKCIPHER !! 989 select CRYPTO_HASH
735 select CRYPTO_MANAGER <<
736 select CRYPTO_ECB <<
737 help 990 help
738 XTS (XOR Encrypt XOR with ciphertext !! 991 Tiger hash algorithm 192, 160 and 128-bit hashes
739 and IEEE 1619) <<
740 992
741 Use with aes-xts-plain, key size 256 !! 993 Tiger is a hash function optimized for 64-bit processors while
742 implementation currently can't handl !! 994 still having decent performance on 32-bit processors.
743 multiple of 16 bytes. !! 995 Tiger was developed by Ross Anderson and Eli Biham.
744 996
745 config CRYPTO_NHPOLY1305 !! 997 See also:
746 tristate !! 998 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
>> 999
>> 1000 config CRYPTO_WP512
>> 1001 tristate "Whirlpool digest algorithms"
747 select CRYPTO_HASH 1002 select CRYPTO_HASH
748 select CRYPTO_LIB_POLY1305_GENERIC !! 1003 help
>> 1004 Whirlpool hash algorithm 512, 384 and 256-bit hashes
749 1005
750 endmenu !! 1006 Whirlpool-512 is part of the NESSIE cryptographic primitives.
>> 1007 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
751 1008
752 menu "AEAD (authenticated encryption with asso !! 1009 See also:
>> 1010 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
753 1011
754 config CRYPTO_AEGIS128 !! 1012 config CRYPTO_GHASH_CLMUL_NI_INTEL
755 tristate "AEGIS-128" !! 1013 tristate "GHASH hash function (CLMUL-NI accelerated)"
756 select CRYPTO_AEAD !! 1014 depends on X86 && 64BIT
757 select CRYPTO_AES # for AES S-box tab !! 1015 select CRYPTO_CRYPTD
758 help 1016 help
759 AEGIS-128 AEAD algorithm !! 1017 This is the x86_64 CLMUL-NI accelerated implementation of
>> 1018 GHASH, the hash function used in GCM (Galois/Counter mode).
760 1019
761 config CRYPTO_AEGIS128_SIMD !! 1020 comment "Ciphers"
762 bool "AEGIS-128 (arm NEON, arm64 NEON) !! 1021
763 depends on CRYPTO_AEGIS128 && ((ARM || !! 1022 config CRYPTO_LIB_AES
764 default y !! 1023 tristate
>> 1024
>> 1025 config CRYPTO_AES
>> 1026 tristate "AES cipher algorithms"
>> 1027 select CRYPTO_ALGAPI
>> 1028 select CRYPTO_LIB_AES
765 help 1029 help
766 AEGIS-128 AEAD algorithm !! 1030 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1031 algorithm.
>> 1032
>> 1033 Rijndael appears to be consistently a very good performer in
>> 1034 both hardware and software across a wide range of computing
>> 1035 environments regardless of its use in feedback or non-feedback
>> 1036 modes. Its key setup time is excellent, and its key agility is
>> 1037 good. Rijndael's very low memory requirements make it very well
>> 1038 suited for restricted-space environments, in which it also
>> 1039 demonstrates excellent performance. Rijndael's operations are
>> 1040 among the easiest to defend against power and timing attacks.
767 1041
768 Architecture: arm or arm64 using: !! 1042 The AES specifies three key sizes: 128, 192 and 256 bits
769 - NEON (Advanced SIMD) extension <<
770 1043
771 config CRYPTO_CHACHA20POLY1305 !! 1044 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
772 tristate "ChaCha20-Poly1305" !! 1045
773 select CRYPTO_CHACHA20 !! 1046 config CRYPTO_AES_TI
774 select CRYPTO_POLY1305 !! 1047 tristate "Fixed time AES cipher"
775 select CRYPTO_AEAD !! 1048 select CRYPTO_ALGAPI
776 select CRYPTO_MANAGER !! 1049 select CRYPTO_LIB_AES
777 help 1050 help
778 ChaCha20 stream cipher and Poly1305 !! 1051 This is a generic implementation of AES that attempts to eliminate
779 mode (RFC8439) !! 1052 data dependent latencies as much as possible without affecting
>> 1053 performance too much. It is intended for use by the generic CCM
>> 1054 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
>> 1055 solely on encryption (although decryption is supported as well, but
>> 1056 with a more dramatic performance hit)
780 1057
781 config CRYPTO_CCM !! 1058 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
782 tristate "CCM (Counter with Cipher Blo !! 1059 8 for decryption), this implementation only uses just two S-boxes of
783 select CRYPTO_CTR !! 1060 256 bytes each, and attempts to eliminate data dependent latencies by
784 select CRYPTO_HASH !! 1061 prefetching the entire table into the cache at the start of each
>> 1062 block. Interrupts are also disabled to avoid races where cachelines
>> 1063 are evicted when the CPU is interrupted to do something else.
>> 1064
>> 1065 config CRYPTO_AES_NI_INTEL
>> 1066 tristate "AES cipher algorithms (AES-NI)"
>> 1067 depends on X86
785 select CRYPTO_AEAD 1068 select CRYPTO_AEAD
786 select CRYPTO_MANAGER !! 1069 select CRYPTO_LIB_AES
>> 1070 select CRYPTO_ALGAPI
>> 1071 select CRYPTO_BLKCIPHER
>> 1072 select CRYPTO_GLUE_HELPER_X86 if 64BIT
>> 1073 select CRYPTO_SIMD
787 help 1074 help
788 CCM (Counter with Cipher Block Chain !! 1075 Use Intel AES-NI instructions for AES algorithm.
789 authenticated encryption mode (NIST <<
790 1076
791 config CRYPTO_GCM !! 1077 AES cipher algorithms (FIPS-197). AES uses the Rijndael
792 tristate "GCM (Galois/Counter Mode) an !! 1078 algorithm.
793 select CRYPTO_CTR !! 1079
794 select CRYPTO_AEAD !! 1080 Rijndael appears to be consistently a very good performer in
795 select CRYPTO_GHASH !! 1081 both hardware and software across a wide range of computing
796 select CRYPTO_NULL !! 1082 environments regardless of its use in feedback or non-feedback
797 select CRYPTO_MANAGER !! 1083 modes. Its key setup time is excellent, and its key agility is
>> 1084 good. Rijndael's very low memory requirements make it very well
>> 1085 suited for restricted-space environments, in which it also
>> 1086 demonstrates excellent performance. Rijndael's operations are
>> 1087 among the easiest to defend against power and timing attacks.
>> 1088
>> 1089 The AES specifies three key sizes: 128, 192 and 256 bits
>> 1090
>> 1091 See <http://csrc.nist.gov/encryption/aes/> for more information.
>> 1092
>> 1093 In addition to AES cipher algorithm support, the acceleration
>> 1094 for some popular block cipher mode is supported too, including
>> 1095 ECB, CBC, LRW, XTS. The 64 bit version has additional
>> 1096 acceleration for CTR.
>> 1097
>> 1098 config CRYPTO_AES_SPARC64
>> 1099 tristate "AES cipher algorithms (SPARC64)"
>> 1100 depends on SPARC64
>> 1101 select CRYPTO_CRYPTD
>> 1102 select CRYPTO_ALGAPI
798 help 1103 help
799 GCM (Galois/Counter Mode) authentica !! 1104 Use SPARC64 crypto opcodes for AES algorithm.
800 (GCM Message Authentication Code) (N <<
801 1105
802 This is required for IPSec ESP (XFRM !! 1106 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1107 algorithm.
803 1108
804 config CRYPTO_GENIV !! 1109 Rijndael appears to be consistently a very good performer in
805 tristate !! 1110 both hardware and software across a wide range of computing
806 select CRYPTO_AEAD !! 1111 environments regardless of its use in feedback or non-feedback
807 select CRYPTO_NULL !! 1112 modes. Its key setup time is excellent, and its key agility is
808 select CRYPTO_MANAGER !! 1113 good. Rijndael's very low memory requirements make it very well
809 select CRYPTO_RNG_DEFAULT !! 1114 suited for restricted-space environments, in which it also
>> 1115 demonstrates excellent performance. Rijndael's operations are
>> 1116 among the easiest to defend against power and timing attacks.
810 1117
811 config CRYPTO_SEQIV !! 1118 The AES specifies three key sizes: 128, 192 and 256 bits
812 tristate "Sequence Number IV Generator !! 1119
813 select CRYPTO_GENIV !! 1120 See <http://csrc.nist.gov/encryption/aes/> for more information.
>> 1121
>> 1122 In addition to AES cipher algorithm support, the acceleration
>> 1123 for some popular block cipher mode is supported too, including
>> 1124 ECB and CBC.
>> 1125
>> 1126 config CRYPTO_AES_PPC_SPE
>> 1127 tristate "AES cipher algorithms (PPC SPE)"
>> 1128 depends on PPC && SPE
>> 1129 help
>> 1130 AES cipher algorithms (FIPS-197). Additionally the acceleration
>> 1131 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
>> 1132 This module should only be used for low power (router) devices
>> 1133 without hardware AES acceleration (e.g. caam crypto). It reduces the
>> 1134 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
>> 1135 timining attacks. Nevertheless it might be not as secure as other
>> 1136 architecture specific assembler implementations that work on 1KB
>> 1137 tables or 256 bytes S-boxes.
>> 1138
>> 1139 config CRYPTO_ANUBIS
>> 1140 tristate "Anubis cipher algorithm"
>> 1141 select CRYPTO_ALGAPI
814 help 1142 help
815 Sequence Number IV generator !! 1143 Anubis cipher algorithm.
816 1144
817 This IV generator generates an IV ba !! 1145 Anubis is a variable key length cipher which can use keys from
818 xoring it with a salt. This algorit !! 1146 128 bits to 320 bits in length. It was evaluated as a entrant
>> 1147 in the NESSIE competition.
819 1148
820 This is required for IPsec ESP (XFRM !! 1149 See also:
>> 1150 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
>> 1151 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
821 1152
822 config CRYPTO_ECHAINIV !! 1153 config CRYPTO_LIB_ARC4
823 tristate "Encrypted Chain IV Generator !! 1154 tristate
824 select CRYPTO_GENIV !! 1155
>> 1156 config CRYPTO_ARC4
>> 1157 tristate "ARC4 cipher algorithm"
>> 1158 select CRYPTO_BLKCIPHER
>> 1159 select CRYPTO_LIB_ARC4
825 help 1160 help
826 Encrypted Chain IV generator !! 1161 ARC4 cipher algorithm.
827 1162
828 This IV generator generates an IV ba !! 1163 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
829 a sequence number xored with a salt. !! 1164 bits in length. This algorithm is required for driver-based
830 algorithm for CBC. !! 1165 WEP, but it should not be for other purposes because of the
>> 1166 weakness of the algorithm.
831 1167
832 config CRYPTO_ESSIV !! 1168 config CRYPTO_BLOWFISH
833 tristate "Encrypted Salt-Sector IV Gen !! 1169 tristate "Blowfish cipher algorithm"
834 select CRYPTO_AUTHENC !! 1170 select CRYPTO_ALGAPI
>> 1171 select CRYPTO_BLOWFISH_COMMON
835 help 1172 help
836 Encrypted Salt-Sector IV generator !! 1173 Blowfish cipher algorithm, by Bruce Schneier.
837 1174
838 This IV generator is used in some ca !! 1175 This is a variable key length cipher which can use keys from 32
839 dm-crypt. It uses the hash of the bl !! 1176 bits to 448 bits in length. It's fast, simple and specifically
840 symmetric key for a block encryption !! 1177 designed for use on "large microprocessors".
841 IV, making low entropy IV sources mo <<
842 encryption. <<
843 1178
844 This driver implements a crypto API !! 1179 See also:
845 instantiated either as an skcipher o !! 1180 <http://www.schneier.com/blowfish.html>
846 type of the first template argument) <<
847 and decryption requests to the encap <<
848 ESSIV to the input IV. Note that in <<
849 that the keys are presented in the s <<
850 template, and that the IV appears at <<
851 associated data (AAD) region (which <<
852 1181
853 Note that the use of ESSIV is not re !! 1182 config CRYPTO_BLOWFISH_COMMON
854 and so this only needs to be enabled !! 1183 tristate
855 existing encrypted volumes of filesy !! 1184 help
856 building for a particular system tha !! 1185 Common parts of the Blowfish cipher algorithm shared by the
857 the SoC in question has accelerated !! 1186 generic c and the assembler implementations.
858 combined with ESSIV the only feasibl <<
859 block encryption) <<
860 1187
861 endmenu !! 1188 See also:
>> 1189 <http://www.schneier.com/blowfish.html>
862 1190
863 menu "Hashes, digests, and MACs" !! 1191 config CRYPTO_BLOWFISH_X86_64
>> 1192 tristate "Blowfish cipher algorithm (x86_64)"
>> 1193 depends on X86 && 64BIT
>> 1194 select CRYPTO_BLKCIPHER
>> 1195 select CRYPTO_BLOWFISH_COMMON
>> 1196 help
>> 1197 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
864 1198
865 config CRYPTO_BLAKE2B !! 1199 This is a variable key length cipher which can use keys from 32
866 tristate "BLAKE2b" !! 1200 bits to 448 bits in length. It's fast, simple and specifically
867 select CRYPTO_HASH !! 1201 designed for use on "large microprocessors".
>> 1202
>> 1203 See also:
>> 1204 <http://www.schneier.com/blowfish.html>
>> 1205
>> 1206 config CRYPTO_CAMELLIA
>> 1207 tristate "Camellia cipher algorithms"
>> 1208 depends on CRYPTO
>> 1209 select CRYPTO_ALGAPI
868 help 1210 help
869 BLAKE2b cryptographic hash function !! 1211 Camellia cipher algorithms module.
870 1212
871 BLAKE2b is optimized for 64-bit plat !! 1213 Camellia is a symmetric key block cipher developed jointly
872 of any size between 1 and 64 bytes. !! 1214 at NTT and Mitsubishi Electric Corporation.
873 1215
874 This module provides the following a !! 1216 The Camellia specifies three key sizes: 128, 192 and 256 bits.
875 - blake2b-160 <<
876 - blake2b-256 <<
877 - blake2b-384 <<
878 - blake2b-512 <<
879 1217
880 Used by the btrfs filesystem. !! 1218 See also:
>> 1219 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
881 1220
882 See https://blake2.net for further i !! 1221 config CRYPTO_CAMELLIA_X86_64
>> 1222 tristate "Camellia cipher algorithm (x86_64)"
>> 1223 depends on X86 && 64BIT
>> 1224 depends on CRYPTO
>> 1225 select CRYPTO_BLKCIPHER
>> 1226 select CRYPTO_GLUE_HELPER_X86
>> 1227 help
>> 1228 Camellia cipher algorithm module (x86_64).
883 1229
884 config CRYPTO_CMAC !! 1230 Camellia is a symmetric key block cipher developed jointly
885 tristate "CMAC (Cipher-based MAC)" !! 1231 at NTT and Mitsubishi Electric Corporation.
886 select CRYPTO_HASH !! 1232
887 select CRYPTO_MANAGER !! 1233 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1234
>> 1235 See also:
>> 1236 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1237
>> 1238 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1239 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
>> 1240 depends on X86 && 64BIT
>> 1241 depends on CRYPTO
>> 1242 select CRYPTO_BLKCIPHER
>> 1243 select CRYPTO_CAMELLIA_X86_64
>> 1244 select CRYPTO_GLUE_HELPER_X86
>> 1245 select CRYPTO_SIMD
>> 1246 select CRYPTO_XTS
888 help 1247 help
889 CMAC (Cipher-based Message Authentic !! 1248 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
890 mode (NIST SP800-38B and IETF RFC449 <<
891 1249
892 config CRYPTO_GHASH !! 1250 Camellia is a symmetric key block cipher developed jointly
893 tristate "GHASH" !! 1251 at NTT and Mitsubishi Electric Corporation.
894 select CRYPTO_HASH !! 1252
895 select CRYPTO_LIB_GF128MUL !! 1253 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1254
>> 1255 See also:
>> 1256 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1257
>> 1258 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
>> 1259 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
>> 1260 depends on X86 && 64BIT
>> 1261 depends on CRYPTO
>> 1262 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
896 help 1263 help
897 GCM GHASH function (NIST SP800-38D) !! 1264 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
898 1265
899 config CRYPTO_HMAC !! 1266 Camellia is a symmetric key block cipher developed jointly
900 tristate "HMAC (Keyed-Hash MAC)" !! 1267 at NTT and Mitsubishi Electric Corporation.
901 select CRYPTO_HASH !! 1268
902 select CRYPTO_MANAGER !! 1269 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1270
>> 1271 See also:
>> 1272 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1273
>> 1274 config CRYPTO_CAMELLIA_SPARC64
>> 1275 tristate "Camellia cipher algorithm (SPARC64)"
>> 1276 depends on SPARC64
>> 1277 depends on CRYPTO
>> 1278 select CRYPTO_ALGAPI
903 help 1279 help
904 HMAC (Keyed-Hash Message Authenticat !! 1280 Camellia cipher algorithm module (SPARC64).
905 RFC2104) <<
906 1281
907 This is required for IPsec AH (XFRM_ !! 1282 Camellia is a symmetric key block cipher developed jointly
>> 1283 at NTT and Mitsubishi Electric Corporation.
908 1284
909 config CRYPTO_MD4 !! 1285 The Camellia specifies three key sizes: 128, 192 and 256 bits.
910 tristate "MD4" !! 1286
911 select CRYPTO_HASH !! 1287 See also:
>> 1288 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1289
>> 1290 config CRYPTO_CAST_COMMON
>> 1291 tristate
912 help 1292 help
913 MD4 message digest algorithm (RFC132 !! 1293 Common parts of the CAST cipher algorithms shared by the
>> 1294 generic c and the assembler implementations.
914 1295
915 config CRYPTO_MD5 !! 1296 config CRYPTO_CAST5
916 tristate "MD5" !! 1297 tristate "CAST5 (CAST-128) cipher algorithm"
917 select CRYPTO_HASH !! 1298 select CRYPTO_ALGAPI
>> 1299 select CRYPTO_CAST_COMMON
918 help 1300 help
919 MD5 message digest algorithm (RFC132 !! 1301 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1302 described in RFC2144.
920 1303
921 config CRYPTO_MICHAEL_MIC !! 1304 config CRYPTO_CAST5_AVX_X86_64
922 tristate "Michael MIC" !! 1305 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
923 select CRYPTO_HASH !! 1306 depends on X86 && 64BIT
>> 1307 select CRYPTO_BLKCIPHER
>> 1308 select CRYPTO_CAST5
>> 1309 select CRYPTO_CAST_COMMON
>> 1310 select CRYPTO_SIMD
924 help 1311 help
925 Michael MIC (Message Integrity Code) !! 1312 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1313 described in RFC2144.
926 1314
927 Defined by the IEEE 802.11i TKIP (Te !! 1315 This module provides the Cast5 cipher algorithm that processes
928 known as WPA (Wif-Fi Protected Acces !! 1316 sixteen blocks parallel using the AVX instruction set.
929 1317
930 This algorithm is required for TKIP, !! 1318 config CRYPTO_CAST6
931 other purposes because of the weakne !! 1319 tristate "CAST6 (CAST-256) cipher algorithm"
>> 1320 select CRYPTO_ALGAPI
>> 1321 select CRYPTO_CAST_COMMON
>> 1322 help
>> 1323 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1324 described in RFC2612.
>> 1325
>> 1326 config CRYPTO_CAST6_AVX_X86_64
>> 1327 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
>> 1328 depends on X86 && 64BIT
>> 1329 select CRYPTO_BLKCIPHER
>> 1330 select CRYPTO_CAST6
>> 1331 select CRYPTO_CAST_COMMON
>> 1332 select CRYPTO_GLUE_HELPER_X86
>> 1333 select CRYPTO_SIMD
>> 1334 select CRYPTO_XTS
>> 1335 help
>> 1336 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1337 described in RFC2612.
>> 1338
>> 1339 This module provides the Cast6 cipher algorithm that processes
>> 1340 eight blocks parallel using the AVX instruction set.
932 1341
933 config CRYPTO_POLYVAL !! 1342 config CRYPTO_LIB_DES
934 tristate 1343 tristate
935 select CRYPTO_HASH !! 1344
936 select CRYPTO_LIB_GF128MUL !! 1345 config CRYPTO_DES
>> 1346 tristate "DES and Triple DES EDE cipher algorithms"
>> 1347 select CRYPTO_ALGAPI
>> 1348 select CRYPTO_LIB_DES
937 help 1349 help
938 POLYVAL hash function for HCTR2 !! 1350 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
939 1351
940 This is used in HCTR2. It is not a !! 1352 config CRYPTO_DES_SPARC64
941 cryptographic hash function. !! 1353 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
>> 1354 depends on SPARC64
>> 1355 select CRYPTO_ALGAPI
>> 1356 select CRYPTO_LIB_DES
>> 1357 help
>> 1358 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
>> 1359 optimized using SPARC64 crypto opcodes.
942 1360
943 config CRYPTO_POLY1305 !! 1361 config CRYPTO_DES3_EDE_X86_64
944 tristate "Poly1305" !! 1362 tristate "Triple DES EDE cipher algorithm (x86-64)"
945 select CRYPTO_HASH !! 1363 depends on X86 && 64BIT
946 select CRYPTO_LIB_POLY1305_GENERIC !! 1364 select CRYPTO_BLKCIPHER
>> 1365 select CRYPTO_LIB_DES
947 help 1366 help
948 Poly1305 authenticator algorithm (RF !! 1367 Triple DES EDE (FIPS 46-3) algorithm.
949 1368
950 Poly1305 is an authenticator algorit !! 1369 This module provides implementation of the Triple DES EDE cipher
951 It is used for the ChaCha20-Poly1305 !! 1370 algorithm that is optimized for x86-64 processors. Two versions of
952 in IETF protocols. This is the porta !! 1371 algorithm are provided; regular processing one input block and
>> 1372 one that processes three blocks parallel.
953 1373
954 config CRYPTO_RMD160 !! 1374 config CRYPTO_FCRYPT
955 tristate "RIPEMD-160" !! 1375 tristate "FCrypt cipher algorithm"
956 select CRYPTO_HASH !! 1376 select CRYPTO_ALGAPI
>> 1377 select CRYPTO_BLKCIPHER
957 help 1378 help
958 RIPEMD-160 hash function (ISO/IEC 10 !! 1379 FCrypt algorithm used by RxRPC.
959 1380
960 RIPEMD-160 is a 160-bit cryptographi !! 1381 config CRYPTO_KHAZAD
961 to be used as a secure replacement f !! 1382 tristate "Khazad cipher algorithm"
962 MD4, MD5 and its predecessor RIPEMD !! 1383 select CRYPTO_ALGAPI
963 (not to be confused with RIPEMD-128) !! 1384 help
>> 1385 Khazad cipher algorithm.
964 1386
965 Its speed is comparable to SHA-1 and !! 1387 Khazad was a finalist in the initial NESSIE competition. It is
966 against RIPEMD-160. !! 1388 an algorithm optimized for 64-bit processors with good performance
>> 1389 on 32-bit processors. Khazad uses an 128 bit key size.
967 1390
968 Developed by Hans Dobbertin, Antoon !! 1391 See also:
969 See https://homes.esat.kuleuven.be/~ !! 1392 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
970 for further information. <<
971 1393
972 config CRYPTO_SHA1 !! 1394 config CRYPTO_SALSA20
973 tristate "SHA-1" !! 1395 tristate "Salsa20 stream cipher algorithm"
974 select CRYPTO_HASH !! 1396 select CRYPTO_BLKCIPHER
975 select CRYPTO_LIB_SHA1 <<
976 help 1397 help
977 SHA-1 secure hash algorithm (FIPS 18 !! 1398 Salsa20 stream cipher algorithm.
978 1399
979 config CRYPTO_SHA256 !! 1400 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
980 tristate "SHA-224 and SHA-256" !! 1401 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
981 select CRYPTO_HASH !! 1402
982 select CRYPTO_LIB_SHA256 !! 1403 The Salsa20 stream cipher algorithm is designed by Daniel J.
>> 1404 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
>> 1405
>> 1406 config CRYPTO_CHACHA20
>> 1407 tristate "ChaCha stream cipher algorithms"
>> 1408 select CRYPTO_BLKCIPHER
983 help 1409 help
984 SHA-224 and SHA-256 secure hash algo !! 1410 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
985 1411
986 This is required for IPsec AH (XFRM_ !! 1412 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
987 Used by the btrfs filesystem, Ceph, !! 1413 Bernstein and further specified in RFC7539 for use in IETF protocols.
>> 1414 This is the portable C implementation of ChaCha20. See also:
>> 1415 <http://cr.yp.to/chacha/chacha-20080128.pdf>
988 1416
989 config CRYPTO_SHA512 !! 1417 XChaCha20 is the application of the XSalsa20 construction to ChaCha20
990 tristate "SHA-384 and SHA-512" !! 1418 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
991 select CRYPTO_HASH !! 1419 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
>> 1420 while provably retaining ChaCha20's security. See also:
>> 1421 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
>> 1422
>> 1423 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
>> 1424 reduced security margin but increased performance. It can be needed
>> 1425 in some performance-sensitive scenarios.
>> 1426
>> 1427 config CRYPTO_CHACHA20_X86_64
>> 1428 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
>> 1429 depends on X86 && 64BIT
>> 1430 select CRYPTO_BLKCIPHER
>> 1431 select CRYPTO_CHACHA20
992 help 1432 help
993 SHA-384 and SHA-512 secure hash algo !! 1433 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
>> 1434 XChaCha20, and XChaCha12 stream ciphers.
994 1435
995 config CRYPTO_SHA3 !! 1436 config CRYPTO_SEED
996 tristate "SHA-3" !! 1437 tristate "SEED cipher algorithm"
997 select CRYPTO_HASH !! 1438 select CRYPTO_ALGAPI
998 help 1439 help
999 SHA-3 secure hash algorithms (FIPS 2 !! 1440 SEED cipher algorithm (RFC4269).
1000 1441
1001 config CRYPTO_SM3 !! 1442 SEED is a 128-bit symmetric key block cipher that has been
1002 tristate !! 1443 developed by KISA (Korea Information Security Agency) as a
>> 1444 national standard encryption algorithm of the Republic of Korea.
>> 1445 It is a 16 round block cipher with the key size of 128 bit.
1003 1446
1004 config CRYPTO_SM3_GENERIC !! 1447 See also:
1005 tristate "SM3 (ShangMi 3)" !! 1448 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1006 select CRYPTO_HASH !! 1449
1007 select CRYPTO_SM3 !! 1450 config CRYPTO_SERPENT
>> 1451 tristate "Serpent cipher algorithm"
>> 1452 select CRYPTO_ALGAPI
1008 help 1453 help
1009 SM3 (ShangMi 3) secure hash functio !! 1454 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1010 1455
1011 This is part of the Chinese Commerc !! 1456 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1457 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
>> 1458 variant of Serpent for compatibility with old kerneli.org code.
1012 1459
1013 References: !! 1460 See also:
1014 http://www.oscca.gov.cn/UpFile/2010 !! 1461 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1015 https://datatracker.ietf.org/doc/ht <<
1016 1462
1017 config CRYPTO_STREEBOG !! 1463 config CRYPTO_SERPENT_SSE2_X86_64
1018 tristate "Streebog" !! 1464 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1019 select CRYPTO_HASH !! 1465 depends on X86 && 64BIT
>> 1466 select CRYPTO_BLKCIPHER
>> 1467 select CRYPTO_GLUE_HELPER_X86
>> 1468 select CRYPTO_SERPENT
>> 1469 select CRYPTO_SIMD
1020 help 1470 help
1021 Streebog Hash Function (GOST R 34.1 !! 1471 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1022 1472
1023 This is one of the Russian cryptogr !! 1473 Keys are allowed to be from 0 to 256 bits in length, in steps
1024 GOST algorithms). This setting enab !! 1474 of 8 bits.
1025 256 and 512 bits output. <<
1026 1475
1027 References: !! 1476 This module provides Serpent cipher algorithm that processes eight
1028 https://tc26.ru/upload/iblock/fed/f !! 1477 blocks parallel using SSE2 instruction set.
1029 https://tools.ietf.org/html/rfc6986 <<
1030 1478
1031 config CRYPTO_VMAC !! 1479 See also:
1032 tristate "VMAC" !! 1480 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1033 select CRYPTO_HASH !! 1481
1034 select CRYPTO_MANAGER !! 1482 config CRYPTO_SERPENT_SSE2_586
>> 1483 tristate "Serpent cipher algorithm (i586/SSE2)"
>> 1484 depends on X86 && !64BIT
>> 1485 select CRYPTO_BLKCIPHER
>> 1486 select CRYPTO_GLUE_HELPER_X86
>> 1487 select CRYPTO_SERPENT
>> 1488 select CRYPTO_SIMD
1035 help 1489 help
1036 VMAC is a message authentication al !! 1490 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1037 very high speed on 64-bit architect <<
1038 1491
1039 See https://fastcrypto.org/vmac for !! 1492 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1493 of 8 bits.
1040 1494
1041 config CRYPTO_WP512 !! 1495 This module provides Serpent cipher algorithm that processes four
1042 tristate "Whirlpool" !! 1496 blocks parallel using SSE2 instruction set.
1043 select CRYPTO_HASH !! 1497
>> 1498 See also:
>> 1499 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1500
>> 1501 config CRYPTO_SERPENT_AVX_X86_64
>> 1502 tristate "Serpent cipher algorithm (x86_64/AVX)"
>> 1503 depends on X86 && 64BIT
>> 1504 select CRYPTO_BLKCIPHER
>> 1505 select CRYPTO_GLUE_HELPER_X86
>> 1506 select CRYPTO_SERPENT
>> 1507 select CRYPTO_SIMD
>> 1508 select CRYPTO_XTS
1044 help 1509 help
1045 Whirlpool hash function (ISO/IEC 10 !! 1510 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1046 1511
1047 512, 384 and 256-bit hashes. !! 1512 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1513 of 8 bits.
1048 1514
1049 Whirlpool-512 is part of the NESSIE !! 1515 This module provides the Serpent cipher algorithm that processes
>> 1516 eight blocks parallel using the AVX instruction set.
1050 1517
1051 See https://web.archive.org/web/201 !! 1518 See also:
1052 for further information. !! 1519 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1053 1520
1054 config CRYPTO_XCBC !! 1521 config CRYPTO_SERPENT_AVX2_X86_64
1055 tristate "XCBC-MAC (Extended Cipher B !! 1522 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1056 select CRYPTO_HASH !! 1523 depends on X86 && 64BIT
1057 select CRYPTO_MANAGER !! 1524 select CRYPTO_SERPENT_AVX_X86_64
1058 help 1525 help
1059 XCBC-MAC (Extended Cipher Block Cha !! 1526 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1060 Code) (RFC3566) <<
1061 1527
1062 config CRYPTO_XXHASH !! 1528 Keys are allowed to be from 0 to 256 bits in length, in steps
1063 tristate "xxHash" !! 1529 of 8 bits.
1064 select CRYPTO_HASH !! 1530
1065 select XXHASH !! 1531 This module provides Serpent cipher algorithm that processes 16
>> 1532 blocks parallel using AVX2 instruction set.
>> 1533
>> 1534 See also:
>> 1535 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1536
>> 1537 config CRYPTO_SM4
>> 1538 tristate "SM4 cipher algorithm"
>> 1539 select CRYPTO_ALGAPI
>> 1540 help
>> 1541 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
>> 1542
>> 1543 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
>> 1544 Organization of State Commercial Administration of China (OSCCA)
>> 1545 as an authorized cryptographic algorithms for the use within China.
>> 1546
>> 1547 SMS4 was originally created for use in protecting wireless
>> 1548 networks, and is mandated in the Chinese National Standard for
>> 1549 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
>> 1550 (GB.15629.11-2003).
>> 1551
>> 1552 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
>> 1553 standardized through TC 260 of the Standardization Administration
>> 1554 of the People's Republic of China (SAC).
>> 1555
>> 1556 The input, output, and key of SMS4 are each 128 bits.
>> 1557
>> 1558 See also: <https://eprint.iacr.org/2008/329.pdf>
>> 1559
>> 1560 If unsure, say N.
>> 1561
>> 1562 config CRYPTO_TEA
>> 1563 tristate "TEA, XTEA and XETA cipher algorithms"
>> 1564 select CRYPTO_ALGAPI
1066 help 1565 help
1067 xxHash non-cryptographic hash algor !! 1566 TEA cipher algorithm.
1068 1567
1069 Extremely fast, working at speeds c !! 1568 Tiny Encryption Algorithm is a simple cipher that uses
>> 1569 many rounds for security. It is very fast and uses
>> 1570 little memory.
1070 1571
1071 Used by the btrfs filesystem. !! 1572 Xtendend Tiny Encryption Algorithm is a modification to
>> 1573 the TEA algorithm to address a potential key weakness
>> 1574 in the TEA algorithm.
1072 1575
1073 endmenu !! 1576 Xtendend Encryption Tiny Algorithm is a mis-implementation
>> 1577 of the XTEA algorithm for compatibility purposes.
1074 1578
1075 menu "CRCs (cyclic redundancy checks)" !! 1579 config CRYPTO_TWOFISH
>> 1580 tristate "Twofish cipher algorithm"
>> 1581 select CRYPTO_ALGAPI
>> 1582 select CRYPTO_TWOFISH_COMMON
>> 1583 help
>> 1584 Twofish cipher algorithm.
1076 1585
1077 config CRYPTO_CRC32C !! 1586 Twofish was submitted as an AES (Advanced Encryption Standard)
1078 tristate "CRC32c" !! 1587 candidate cipher by researchers at CounterPane Systems. It is a
1079 select CRYPTO_HASH !! 1588 16 round block cipher supporting key sizes of 128, 192, and 256
1080 select CRC32 !! 1589 bits.
>> 1590
>> 1591 See also:
>> 1592 <http://www.schneier.com/twofish.html>
>> 1593
>> 1594 config CRYPTO_TWOFISH_COMMON
>> 1595 tristate
1081 help 1596 help
1082 CRC32c CRC algorithm with the iSCSI !! 1597 Common parts of the Twofish cipher algorithm shared by the
>> 1598 generic c and the assembler implementations.
1083 1599
1084 A 32-bit CRC (cyclic redundancy che !! 1600 config CRYPTO_TWOFISH_586
1085 by G. Castagnoli, S. Braeuer and M. !! 1601 tristate "Twofish cipher algorithms (i586)"
1086 Redundancy-Check Codes with 24 and !! 1602 depends on (X86 || UML_X86) && !64BIT
1087 on Communications, Vol. 41, No. 6, !! 1603 select CRYPTO_ALGAPI
1088 iSCSI. !! 1604 select CRYPTO_TWOFISH_COMMON
>> 1605 help
>> 1606 Twofish cipher algorithm.
>> 1607
>> 1608 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1609 candidate cipher by researchers at CounterPane Systems. It is a
>> 1610 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1611 bits.
1089 1612
1090 Used by btrfs, ext4, jbd2, NVMeoF/T !! 1613 See also:
>> 1614 <http://www.schneier.com/twofish.html>
1091 1615
1092 config CRYPTO_CRC32 !! 1616 config CRYPTO_TWOFISH_X86_64
1093 tristate "CRC32" !! 1617 tristate "Twofish cipher algorithm (x86_64)"
1094 select CRYPTO_HASH !! 1618 depends on (X86 || UML_X86) && 64BIT
1095 select CRC32 !! 1619 select CRYPTO_ALGAPI
>> 1620 select CRYPTO_TWOFISH_COMMON
1096 help 1621 help
1097 CRC32 CRC algorithm (IEEE 802.3) !! 1622 Twofish cipher algorithm (x86_64).
1098 1623
1099 Used by RoCEv2 and f2fs. !! 1624 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1625 candidate cipher by researchers at CounterPane Systems. It is a
>> 1626 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1627 bits.
1100 1628
1101 config CRYPTO_CRCT10DIF !! 1629 See also:
1102 tristate "CRCT10DIF" !! 1630 <http://www.schneier.com/twofish.html>
1103 select CRYPTO_HASH !! 1631
>> 1632 config CRYPTO_TWOFISH_X86_64_3WAY
>> 1633 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
>> 1634 depends on X86 && 64BIT
>> 1635 select CRYPTO_BLKCIPHER
>> 1636 select CRYPTO_TWOFISH_COMMON
>> 1637 select CRYPTO_TWOFISH_X86_64
>> 1638 select CRYPTO_GLUE_HELPER_X86
1104 help 1639 help
1105 CRC16 CRC algorithm used for the T1 !! 1640 Twofish cipher algorithm (x86_64, 3-way parallel).
1106 1641
1107 CRC algorithm used by the SCSI Bloc !! 1642 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1643 candidate cipher by researchers at CounterPane Systems. It is a
>> 1644 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1645 bits.
1108 1646
1109 config CRYPTO_CRC64_ROCKSOFT !! 1647 This module provides Twofish cipher algorithm that processes three
1110 tristate "CRC64 based on Rocksoft Mod !! 1648 blocks parallel, utilizing resources of out-of-order CPUs better.
1111 depends on CRC64 !! 1649
1112 select CRYPTO_HASH !! 1650 See also:
>> 1651 <http://www.schneier.com/twofish.html>
>> 1652
>> 1653 config CRYPTO_TWOFISH_AVX_X86_64
>> 1654 tristate "Twofish cipher algorithm (x86_64/AVX)"
>> 1655 depends on X86 && 64BIT
>> 1656 select CRYPTO_BLKCIPHER
>> 1657 select CRYPTO_GLUE_HELPER_X86
>> 1658 select CRYPTO_SIMD
>> 1659 select CRYPTO_TWOFISH_COMMON
>> 1660 select CRYPTO_TWOFISH_X86_64
>> 1661 select CRYPTO_TWOFISH_X86_64_3WAY
1113 help 1662 help
1114 CRC64 CRC algorithm based on the Ro !! 1663 Twofish cipher algorithm (x86_64/AVX).
1115 1664
1116 Used by the NVMe implementation of !! 1665 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1666 candidate cipher by researchers at CounterPane Systems. It is a
>> 1667 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1668 bits.
1117 1669
1118 See https://zlib.net/crc_v3.txt !! 1670 This module provides the Twofish cipher algorithm that processes
>> 1671 eight blocks parallel using the AVX Instruction Set.
1119 1672
1120 endmenu !! 1673 See also:
>> 1674 <http://www.schneier.com/twofish.html>
1121 1675
1122 menu "Compression" !! 1676 comment "Compression"
1123 1677
1124 config CRYPTO_DEFLATE 1678 config CRYPTO_DEFLATE
1125 tristate "Deflate" !! 1679 tristate "Deflate compression algorithm"
1126 select CRYPTO_ALGAPI 1680 select CRYPTO_ALGAPI
1127 select CRYPTO_ACOMP2 1681 select CRYPTO_ACOMP2
1128 select ZLIB_INFLATE 1682 select ZLIB_INFLATE
1129 select ZLIB_DEFLATE 1683 select ZLIB_DEFLATE
1130 help 1684 help
1131 Deflate compression algorithm (RFC1 !! 1685 This is the Deflate algorithm (RFC1951), specified for use in
>> 1686 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1132 1687
1133 Used by IPSec with the IPCOMP proto !! 1688 You will most probably want this if using IPSec.
1134 1689
1135 config CRYPTO_LZO 1690 config CRYPTO_LZO
1136 tristate "LZO" !! 1691 tristate "LZO compression algorithm"
1137 select CRYPTO_ALGAPI 1692 select CRYPTO_ALGAPI
1138 select CRYPTO_ACOMP2 1693 select CRYPTO_ACOMP2
1139 select LZO_COMPRESS 1694 select LZO_COMPRESS
1140 select LZO_DECOMPRESS 1695 select LZO_DECOMPRESS
1141 help 1696 help
1142 LZO compression algorithm !! 1697 This is the LZO algorithm.
1143 <<
1144 See https://www.oberhumer.com/opens <<
1145 1698
1146 config CRYPTO_842 1699 config CRYPTO_842
1147 tristate "842" !! 1700 tristate "842 compression algorithm"
1148 select CRYPTO_ALGAPI 1701 select CRYPTO_ALGAPI
1149 select CRYPTO_ACOMP2 1702 select CRYPTO_ACOMP2
1150 select 842_COMPRESS 1703 select 842_COMPRESS
1151 select 842_DECOMPRESS 1704 select 842_DECOMPRESS
1152 help 1705 help
1153 842 compression algorithm by IBM !! 1706 This is the 842 algorithm.
1154 <<
1155 See https://github.com/plauth/lib84 <<
1156 1707
1157 config CRYPTO_LZ4 1708 config CRYPTO_LZ4
1158 tristate "LZ4" !! 1709 tristate "LZ4 compression algorithm"
1159 select CRYPTO_ALGAPI 1710 select CRYPTO_ALGAPI
1160 select CRYPTO_ACOMP2 1711 select CRYPTO_ACOMP2
1161 select LZ4_COMPRESS 1712 select LZ4_COMPRESS
1162 select LZ4_DECOMPRESS 1713 select LZ4_DECOMPRESS
1163 help 1714 help
1164 LZ4 compression algorithm !! 1715 This is the LZ4 algorithm.
1165 <<
1166 See https://github.com/lz4/lz4 for <<
1167 1716
1168 config CRYPTO_LZ4HC 1717 config CRYPTO_LZ4HC
1169 tristate "LZ4HC" !! 1718 tristate "LZ4HC compression algorithm"
1170 select CRYPTO_ALGAPI 1719 select CRYPTO_ALGAPI
1171 select CRYPTO_ACOMP2 1720 select CRYPTO_ACOMP2
1172 select LZ4HC_COMPRESS 1721 select LZ4HC_COMPRESS
1173 select LZ4_DECOMPRESS 1722 select LZ4_DECOMPRESS
1174 help 1723 help
1175 LZ4 high compression mode algorithm !! 1724 This is the LZ4 high compression mode algorithm.
1176 <<
1177 See https://github.com/lz4/lz4 for <<
1178 1725
1179 config CRYPTO_ZSTD 1726 config CRYPTO_ZSTD
1180 tristate "Zstd" !! 1727 tristate "Zstd compression algorithm"
1181 select CRYPTO_ALGAPI 1728 select CRYPTO_ALGAPI
1182 select CRYPTO_ACOMP2 1729 select CRYPTO_ACOMP2
1183 select ZSTD_COMPRESS 1730 select ZSTD_COMPRESS
1184 select ZSTD_DECOMPRESS 1731 select ZSTD_DECOMPRESS
1185 help 1732 help
1186 zstd compression algorithm !! 1733 This is the zstd algorithm.
1187 1734
1188 See https://github.com/facebook/zst !! 1735 comment "Random Number Generation"
1189 <<
1190 endmenu <<
1191 <<
1192 menu "Random number generation" <<
1193 1736
1194 config CRYPTO_ANSI_CPRNG 1737 config CRYPTO_ANSI_CPRNG
1195 tristate "ANSI PRNG (Pseudo Random Nu !! 1738 tristate "Pseudo Random Number Generation for Cryptographic modules"
1196 select CRYPTO_AES 1739 select CRYPTO_AES
1197 select CRYPTO_RNG 1740 select CRYPTO_RNG
1198 help 1741 help
1199 Pseudo RNG (random number generator !! 1742 This option enables the generic pseudo random number generator
1200 !! 1743 for cryptographic modules. Uses the Algorithm specified in
1201 This uses the AES cipher algorithm. !! 1744 ANSI X9.31 A.2.4. Note that this option must be enabled if
1202 !! 1745 CRYPTO_FIPS is selected
1203 Note that this option must be enabl <<
1204 1746
1205 menuconfig CRYPTO_DRBG_MENU 1747 menuconfig CRYPTO_DRBG_MENU
1206 tristate "NIST SP800-90A DRBG (Determ !! 1748 tristate "NIST SP800-90A DRBG"
1207 help 1749 help
1208 DRBG (Deterministic Random Bit Gene !! 1750 NIST SP800-90A compliant DRBG. In the following submenu, one or
1209 !! 1751 more of the DRBG types must be selected.
1210 In the following submenu, one or mo <<
1211 1752
1212 if CRYPTO_DRBG_MENU 1753 if CRYPTO_DRBG_MENU
1213 1754
1214 config CRYPTO_DRBG_HMAC 1755 config CRYPTO_DRBG_HMAC
1215 bool 1756 bool
1216 default y 1757 default y
1217 select CRYPTO_HMAC 1758 select CRYPTO_HMAC
1218 select CRYPTO_SHA512 !! 1759 select CRYPTO_SHA256
1219 1760
1220 config CRYPTO_DRBG_HASH 1761 config CRYPTO_DRBG_HASH
1221 bool "Hash_DRBG" !! 1762 bool "Enable Hash DRBG"
1222 select CRYPTO_SHA256 1763 select CRYPTO_SHA256
1223 help 1764 help
1224 Hash_DRBG variant as defined in NIS !! 1765 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1225 <<
1226 This uses the SHA-1, SHA-256, SHA-3 <<
1227 1766
1228 config CRYPTO_DRBG_CTR 1767 config CRYPTO_DRBG_CTR
1229 bool "CTR_DRBG" !! 1768 bool "Enable CTR DRBG"
1230 select CRYPTO_AES 1769 select CRYPTO_AES
1231 select CRYPTO_CTR !! 1770 depends on CRYPTO_CTR
1232 help 1771 help
1233 CTR_DRBG variant as defined in NIST !! 1772 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1234 <<
1235 This uses the AES cipher algorithm <<
1236 1773
1237 config CRYPTO_DRBG 1774 config CRYPTO_DRBG
1238 tristate 1775 tristate
1239 default CRYPTO_DRBG_MENU 1776 default CRYPTO_DRBG_MENU
1240 select CRYPTO_RNG 1777 select CRYPTO_RNG
1241 select CRYPTO_JITTERENTROPY 1778 select CRYPTO_JITTERENTROPY
1242 1779
1243 endif # if CRYPTO_DRBG_MENU 1780 endif # if CRYPTO_DRBG_MENU
1244 1781
1245 config CRYPTO_JITTERENTROPY 1782 config CRYPTO_JITTERENTROPY
1246 tristate "CPU Jitter Non-Deterministi !! 1783 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1247 select CRYPTO_RNG 1784 select CRYPTO_RNG
1248 select CRYPTO_SHA3 <<
1249 help 1785 help
1250 CPU Jitter RNG (Random Number Gener !! 1786 The Jitterentropy RNG is a noise that is intended
1251 !! 1787 to provide seed to another RNG. The RNG does not
1252 A non-physical non-deterministic (" !! 1788 perform any cryptographic whitening of the generated
1253 compliant with NIST SP800-90B) inte !! 1789 random numbers. This Jitterentropy RNG registers with
1254 deterministic RNG (e.g., per NIST S !! 1790 the kernel crypto API and can be used by any caller.
1255 This RNG does not perform any crypt <<
1256 random numbers. <<
1257 <<
1258 See https://www.chronox.de/jent/ <<
1259 <<
1260 if CRYPTO_JITTERENTROPY <<
1261 if CRYPTO_FIPS && EXPERT <<
1262 <<
1263 choice <<
1264 prompt "CPU Jitter RNG Memory Size" <<
1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ <<
1266 help <<
1267 The Jitter RNG measures the executi <<
1268 Multiple consecutive memory accesse <<
1269 size fits into a cache (e.g. L1), o <<
1270 to that cache is measured. The clos <<
1271 the less variations are measured an <<
1272 obtained. Thus, if the memory size <<
1273 obtained entropy is less than if th <<
1274 L1 + L2, which in turn is less if t <<
1275 L1 + L2 + L3. Thus, by selecting a <<
1276 the entropy rate produced by the Ji <<
1277 <<
1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 <<
1279 bool "2048 Bytes (default)" <<
1280 <<
1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1282 bool "128 kBytes" <<
1283 <<
1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1285 bool "1024 kBytes" <<
1286 <<
1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 <<
1288 bool "8192 kBytes" <<
1289 endchoice <<
1290 <<
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1292 int <<
1293 default 64 if CRYPTO_JITTERENTROPY_ME <<
1294 default 512 if CRYPTO_JITTERENTROPY_M <<
1295 default 1024 if CRYPTO_JITTERENTROPY_ <<
1296 default 4096 if CRYPTO_JITTERENTROPY_ <<
1297 <<
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1299 int <<
1300 default 32 if CRYPTO_JITTERENTROPY_ME <<
1301 default 256 if CRYPTO_JITTERENTROPY_M <<
1302 default 1024 if CRYPTO_JITTERENTROPY_ <<
1303 default 2048 if CRYPTO_JITTERENTROPY_ <<
1304 <<
1305 config CRYPTO_JITTERENTROPY_OSR <<
1306 int "CPU Jitter RNG Oversampling Rate <<
1307 range 1 15 <<
1308 default 3 <<
1309 help <<
1310 The Jitter RNG allows the specifica <<
1311 The Jitter RNG operation requires a <<
1312 measurements to produce one output <<
1313 OSR value is multiplied with the am <<
1314 generate one output block. Thus, th <<
1315 by the OSR factor. The oversampling <<
1316 on hardware whose timers deliver li <<
1317 the timer is coarse) by setting the <<
1318 trade-off, however, is that the Jit <<
1319 to generate random numbers. <<
1320 <<
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1322 bool "CPU Jitter RNG Test Interface" <<
1323 help <<
1324 The test interface allows a privile <<
1325 the raw unconditioned high resoluti <<
1326 is collected by the Jitter RNG for <<
1327 this data is used at the same time <<
1328 the Jitter RNG operates in an insec <<
1329 recording is enabled. This interfac <<
1330 intended for testing purposes and i <<
1331 production systems. <<
1332 <<
1333 The raw noise data can be obtained <<
1334 debugfs file. Using the option <<
1335 jitterentropy_testing.boot_raw_hire <<
1336 the first 1000 entropy events since <<
1337 <<
1338 If unsure, select N. <<
1339 <<
1340 endif # if CRYPTO_FIPS && EXPERT <<
1341 <<
1342 if !(CRYPTO_FIPS && EXPERT) <<
1343 <<
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1345 int <<
1346 default 64 <<
1347 <<
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1349 int <<
1350 default 32 <<
1351 <<
1352 config CRYPTO_JITTERENTROPY_OSR <<
1353 int <<
1354 default 1 <<
1355 <<
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1357 bool <<
1358 <<
1359 endif # if !(CRYPTO_FIPS && EXPERT) <<
1360 endif # if CRYPTO_JITTERENTROPY <<
1361 <<
1362 config CRYPTO_KDF800108_CTR <<
1363 tristate <<
1364 select CRYPTO_HMAC <<
1365 select CRYPTO_SHA256 <<
1366 <<
1367 endmenu <<
1368 menu "Userspace interface" <<
1369 1791
1370 config CRYPTO_USER_API 1792 config CRYPTO_USER_API
1371 tristate 1793 tristate
1372 1794
1373 config CRYPTO_USER_API_HASH 1795 config CRYPTO_USER_API_HASH
1374 tristate "Hash algorithms" !! 1796 tristate "User-space interface for hash algorithms"
1375 depends on NET 1797 depends on NET
1376 select CRYPTO_HASH 1798 select CRYPTO_HASH
1377 select CRYPTO_USER_API 1799 select CRYPTO_USER_API
1378 help 1800 help
1379 Enable the userspace interface for !! 1801 This option enables the user-spaces interface for hash
1380 !! 1802 algorithms.
1381 See Documentation/crypto/userspace- <<
1382 https://www.chronox.de/libkcapi/htm <<
1383 1803
1384 config CRYPTO_USER_API_SKCIPHER 1804 config CRYPTO_USER_API_SKCIPHER
1385 tristate "Symmetric key cipher algori !! 1805 tristate "User-space interface for symmetric key cipher algorithms"
1386 depends on NET 1806 depends on NET
1387 select CRYPTO_SKCIPHER !! 1807 select CRYPTO_BLKCIPHER
1388 select CRYPTO_USER_API 1808 select CRYPTO_USER_API
1389 help 1809 help
1390 Enable the userspace interface for !! 1810 This option enables the user-spaces interface for symmetric
1391 !! 1811 key cipher algorithms.
1392 See Documentation/crypto/userspace- <<
1393 https://www.chronox.de/libkcapi/htm <<
1394 1812
1395 config CRYPTO_USER_API_RNG 1813 config CRYPTO_USER_API_RNG
1396 tristate "RNG (random number generato !! 1814 tristate "User-space interface for random number generator algorithms"
1397 depends on NET 1815 depends on NET
1398 select CRYPTO_RNG 1816 select CRYPTO_RNG
1399 select CRYPTO_USER_API 1817 select CRYPTO_USER_API
1400 help 1818 help
1401 Enable the userspace interface for !! 1819 This option enables the user-spaces interface for random
1402 algorithms. !! 1820 number generator algorithms.
1403 <<
1404 See Documentation/crypto/userspace- <<
1405 https://www.chronox.de/libkcapi/htm <<
1406 <<
1407 config CRYPTO_USER_API_RNG_CAVP <<
1408 bool "Enable CAVP testing of DRBG" <<
1409 depends on CRYPTO_USER_API_RNG && CRY <<
1410 help <<
1411 Enable extra APIs in the userspace <<
1412 (Cryptographic Algorithm Validation <<
1413 - resetting DRBG entropy <<
1414 - providing Additional Data <<
1415 <<
1416 This should only be enabled for CAV <<
1417 no unless you know what this is. <<
1418 1821
1419 config CRYPTO_USER_API_AEAD 1822 config CRYPTO_USER_API_AEAD
1420 tristate "AEAD cipher algorithms" !! 1823 tristate "User-space interface for AEAD cipher algorithms"
1421 depends on NET 1824 depends on NET
1422 select CRYPTO_AEAD 1825 select CRYPTO_AEAD
1423 select CRYPTO_SKCIPHER !! 1826 select CRYPTO_BLKCIPHER
1424 select CRYPTO_NULL 1827 select CRYPTO_NULL
1425 select CRYPTO_USER_API 1828 select CRYPTO_USER_API
1426 help 1829 help
1427 Enable the userspace interface for !! 1830 This option enables the user-spaces interface for AEAD
>> 1831 cipher algorithms.
1428 1832
1429 See Documentation/crypto/userspace- !! 1833 config CRYPTO_STATS
1430 https://www.chronox.de/libkcapi/htm !! 1834 bool "Crypto usage statistics for User-space"
1431 !! 1835 depends on CRYPTO_USER
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE !! 1836 help
1433 bool "Obsolete cryptographic algorith !! 1837 This option enables the gathering of crypto stats.
1434 depends on CRYPTO_USER_API !! 1838 This will collect:
1435 default y !! 1839 - encrypt/decrypt size and numbers of symmeric operations
1436 help !! 1840 - compress/decompress size and numbers of compress operations
1437 Allow obsolete cryptographic algori !! 1841 - size and numbers of hash operations
1438 already been phased out from intern !! 1842 - encrypt/decrypt/sign/verify numbers for asymmetric operations
1439 only useful for userspace clients t !! 1843 - generate/seed numbers for rng operations
1440 <<
1441 endmenu <<
1442 1844
1443 config CRYPTO_HASH_INFO 1845 config CRYPTO_HASH_INFO
1444 bool 1846 bool
1445 <<
1446 if !KMSAN # avoid false positives from assemb <<
1447 if ARM <<
1448 source "arch/arm/crypto/Kconfig" <<
1449 endif <<
1450 if ARM64 <<
1451 source "arch/arm64/crypto/Kconfig" <<
1452 endif <<
1453 if LOONGARCH <<
1454 source "arch/loongarch/crypto/Kconfig" <<
1455 endif <<
1456 if MIPS <<
1457 source "arch/mips/crypto/Kconfig" <<
1458 endif <<
1459 if PPC <<
1460 source "arch/powerpc/crypto/Kconfig" <<
1461 endif <<
1462 if RISCV <<
1463 source "arch/riscv/crypto/Kconfig" <<
1464 endif <<
1465 if S390 <<
1466 source "arch/s390/crypto/Kconfig" <<
1467 endif <<
1468 if SPARC <<
1469 source "arch/sparc/crypto/Kconfig" <<
1470 endif <<
1471 if X86 <<
1472 source "arch/x86/crypto/Kconfig" <<
1473 endif <<
1474 endif <<
1475 1847
1476 source "drivers/crypto/Kconfig" 1848 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig" 1849 source "crypto/asymmetric_keys/Kconfig"
1478 source "certs/Kconfig" 1850 source "certs/Kconfig"
1479 1851
1480 endif # if CRYPTO 1852 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.