1 # SPDX-License-Identifier: GPL-2.0 1 # SPDX-License-Identifier: GPL-2.0
2 # 2 #
3 # Generic algorithms support 3 # Generic algorithms support
4 # 4 #
5 config XOR_BLOCKS 5 config XOR_BLOCKS
6 tristate 6 tristate
7 7
8 # 8 #
9 # async_tx api: hardware offloaded memory tran 9 # async_tx api: hardware offloaded memory transfer/transform support
10 # 10 #
11 source "crypto/async_tx/Kconfig" 11 source "crypto/async_tx/Kconfig"
12 12
13 # 13 #
14 # Cryptographic API Configuration 14 # Cryptographic API Configuration
15 # 15 #
16 menuconfig CRYPTO 16 menuconfig CRYPTO
17 tristate "Cryptographic API" 17 tristate "Cryptographic API"
18 select CRYPTO_LIB_UTILS <<
19 help 18 help
20 This option provides the core Crypto 19 This option provides the core Cryptographic API.
21 20
22 if CRYPTO 21 if CRYPTO
23 22
24 menu "Crypto core or helper" !! 23 comment "Crypto core or helper"
25 24
26 config CRYPTO_FIPS 25 config CRYPTO_FIPS
27 bool "FIPS 200 compliance" 26 bool "FIPS 200 compliance"
28 depends on (CRYPTO_ANSI_CPRNG || CRYPT 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
29 depends on (MODULE_SIG || !MODULES) 28 depends on (MODULE_SIG || !MODULES)
30 help 29 help
31 This option enables the fips boot op !! 30 This options enables the fips boot option which is
32 required if you want the system to o !! 31 required if you want to system to operate in a FIPS 200
33 certification. You should say no un 32 certification. You should say no unless you know what
34 this is. 33 this is.
35 34
36 config CRYPTO_FIPS_NAME <<
37 string "FIPS Module Name" <<
38 default "Linux Kernel Cryptographic AP <<
39 depends on CRYPTO_FIPS <<
40 help <<
41 This option sets the FIPS Module nam <<
42 the /proc/sys/crypto/fips_name file. <<
43 <<
44 config CRYPTO_FIPS_CUSTOM_VERSION <<
45 bool "Use Custom FIPS Module Version" <<
46 depends on CRYPTO_FIPS <<
47 default n <<
48 <<
49 config CRYPTO_FIPS_VERSION <<
50 string "FIPS Module Version" <<
51 default "(none)" <<
52 depends on CRYPTO_FIPS_CUSTOM_VERSION <<
53 help <<
54 This option provides the ability to <<
55 By default the KERNELRELEASE value i <<
56 <<
57 config CRYPTO_ALGAPI 35 config CRYPTO_ALGAPI
58 tristate 36 tristate
59 select CRYPTO_ALGAPI2 37 select CRYPTO_ALGAPI2
60 help 38 help
61 This option provides the API for cry 39 This option provides the API for cryptographic algorithms.
62 40
63 config CRYPTO_ALGAPI2 41 config CRYPTO_ALGAPI2
64 tristate 42 tristate
65 43
66 config CRYPTO_AEAD 44 config CRYPTO_AEAD
67 tristate 45 tristate
68 select CRYPTO_AEAD2 46 select CRYPTO_AEAD2
69 select CRYPTO_ALGAPI 47 select CRYPTO_ALGAPI
70 48
71 config CRYPTO_AEAD2 49 config CRYPTO_AEAD2
72 tristate 50 tristate
73 select CRYPTO_ALGAPI2 51 select CRYPTO_ALGAPI2
>> 52 select CRYPTO_NULL2
>> 53 select CRYPTO_RNG2
74 54
75 config CRYPTO_SIG !! 55 config CRYPTO_BLKCIPHER
76 tristate <<
77 select CRYPTO_SIG2 <<
78 select CRYPTO_ALGAPI <<
79 <<
80 config CRYPTO_SIG2 <<
81 tristate <<
82 select CRYPTO_ALGAPI2 <<
83 <<
84 config CRYPTO_SKCIPHER <<
85 tristate 56 tristate
86 select CRYPTO_SKCIPHER2 !! 57 select CRYPTO_BLKCIPHER2
87 select CRYPTO_ALGAPI 58 select CRYPTO_ALGAPI
88 select CRYPTO_ECB <<
89 59
90 config CRYPTO_SKCIPHER2 !! 60 config CRYPTO_BLKCIPHER2
91 tristate 61 tristate
92 select CRYPTO_ALGAPI2 62 select CRYPTO_ALGAPI2
>> 63 select CRYPTO_RNG2
>> 64 select CRYPTO_WORKQUEUE
93 65
94 config CRYPTO_HASH 66 config CRYPTO_HASH
95 tristate 67 tristate
96 select CRYPTO_HASH2 68 select CRYPTO_HASH2
97 select CRYPTO_ALGAPI 69 select CRYPTO_ALGAPI
98 70
99 config CRYPTO_HASH2 71 config CRYPTO_HASH2
100 tristate 72 tristate
101 select CRYPTO_ALGAPI2 73 select CRYPTO_ALGAPI2
102 74
103 config CRYPTO_RNG 75 config CRYPTO_RNG
104 tristate 76 tristate
105 select CRYPTO_RNG2 77 select CRYPTO_RNG2
106 select CRYPTO_ALGAPI 78 select CRYPTO_ALGAPI
107 79
108 config CRYPTO_RNG2 80 config CRYPTO_RNG2
109 tristate 81 tristate
110 select CRYPTO_ALGAPI2 82 select CRYPTO_ALGAPI2
111 83
112 config CRYPTO_RNG_DEFAULT 84 config CRYPTO_RNG_DEFAULT
113 tristate 85 tristate
114 select CRYPTO_DRBG_MENU 86 select CRYPTO_DRBG_MENU
115 87
116 config CRYPTO_AKCIPHER2 88 config CRYPTO_AKCIPHER2
117 tristate 89 tristate
118 select CRYPTO_ALGAPI2 90 select CRYPTO_ALGAPI2
119 91
120 config CRYPTO_AKCIPHER 92 config CRYPTO_AKCIPHER
121 tristate 93 tristate
122 select CRYPTO_AKCIPHER2 94 select CRYPTO_AKCIPHER2
123 select CRYPTO_ALGAPI 95 select CRYPTO_ALGAPI
124 96
125 config CRYPTO_KPP2 97 config CRYPTO_KPP2
126 tristate 98 tristate
127 select CRYPTO_ALGAPI2 99 select CRYPTO_ALGAPI2
128 100
129 config CRYPTO_KPP 101 config CRYPTO_KPP
130 tristate 102 tristate
131 select CRYPTO_ALGAPI 103 select CRYPTO_ALGAPI
132 select CRYPTO_KPP2 104 select CRYPTO_KPP2
133 105
134 config CRYPTO_ACOMP2 106 config CRYPTO_ACOMP2
135 tristate 107 tristate
136 select CRYPTO_ALGAPI2 108 select CRYPTO_ALGAPI2
137 select SGL_ALLOC 109 select SGL_ALLOC
138 110
139 config CRYPTO_ACOMP 111 config CRYPTO_ACOMP
140 tristate 112 tristate
141 select CRYPTO_ALGAPI 113 select CRYPTO_ALGAPI
142 select CRYPTO_ACOMP2 114 select CRYPTO_ACOMP2
143 115
>> 116 config CRYPTO_RSA
>> 117 tristate "RSA algorithm"
>> 118 select CRYPTO_AKCIPHER
>> 119 select CRYPTO_MANAGER
>> 120 select MPILIB
>> 121 select ASN1
>> 122 help
>> 123 Generic implementation of the RSA public key algorithm.
>> 124
>> 125 config CRYPTO_DH
>> 126 tristate "Diffie-Hellman algorithm"
>> 127 select CRYPTO_KPP
>> 128 select MPILIB
>> 129 help
>> 130 Generic implementation of the Diffie-Hellman algorithm.
>> 131
>> 132 config CRYPTO_ECDH
>> 133 tristate "ECDH algorithm"
>> 134 select CRYPTO_KPP
>> 135 select CRYPTO_RNG_DEFAULT
>> 136 help
>> 137 Generic implementation of the ECDH algorithm
>> 138
144 config CRYPTO_MANAGER 139 config CRYPTO_MANAGER
145 tristate "Cryptographic algorithm mana 140 tristate "Cryptographic algorithm manager"
146 select CRYPTO_MANAGER2 141 select CRYPTO_MANAGER2
147 help 142 help
148 Create default cryptographic templat 143 Create default cryptographic template instantiations such as
149 cbc(aes). 144 cbc(aes).
150 145
151 config CRYPTO_MANAGER2 146 config CRYPTO_MANAGER2
152 def_tristate CRYPTO_MANAGER || (CRYPTO 147 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153 select CRYPTO_ACOMP2 <<
154 select CRYPTO_AEAD2 148 select CRYPTO_AEAD2
155 select CRYPTO_AKCIPHER2 <<
156 select CRYPTO_SIG2 <<
157 select CRYPTO_HASH2 149 select CRYPTO_HASH2
>> 150 select CRYPTO_BLKCIPHER2
>> 151 select CRYPTO_AKCIPHER2
158 select CRYPTO_KPP2 152 select CRYPTO_KPP2
159 select CRYPTO_RNG2 !! 153 select CRYPTO_ACOMP2
160 select CRYPTO_SKCIPHER2 <<
161 154
162 config CRYPTO_USER 155 config CRYPTO_USER
163 tristate "Userspace cryptographic algo 156 tristate "Userspace cryptographic algorithm configuration"
164 depends on NET 157 depends on NET
165 select CRYPTO_MANAGER 158 select CRYPTO_MANAGER
166 help 159 help
167 Userspace configuration for cryptogr 160 Userspace configuration for cryptographic instantiations such as
168 cbc(aes). 161 cbc(aes).
169 162
170 config CRYPTO_MANAGER_DISABLE_TESTS 163 config CRYPTO_MANAGER_DISABLE_TESTS
171 bool "Disable run-time self tests" 164 bool "Disable run-time self tests"
172 default y 165 default y
>> 166 depends on CRYPTO_MANAGER2
173 help 167 help
174 Disable run-time self tests that nor 168 Disable run-time self tests that normally take place at
175 algorithm registration. 169 algorithm registration.
176 170
177 config CRYPTO_MANAGER_EXTRA_TESTS !! 171 config CRYPTO_GF128MUL
178 bool "Enable extra run-time crypto sel !! 172 tristate "GF(2^128) multiplication functions"
179 depends on DEBUG_KERNEL && !CRYPTO_MAN <<
180 help 173 help
181 Enable extra run-time self tests of !! 174 Efficient table driven implementation of multiplications in the
182 including randomized fuzz tests. !! 175 field GF(2^128). This is needed by some cypher modes. This
183 !! 176 option will be selected automatically if you select such a
184 This is intended for developer use o !! 177 cipher mode. Only select this option by hand if you expect to load
185 longer to run than the normal self t !! 178 an external module that requires these functions.
186 179
187 config CRYPTO_NULL 180 config CRYPTO_NULL
188 tristate "Null algorithms" 181 tristate "Null algorithms"
189 select CRYPTO_NULL2 182 select CRYPTO_NULL2
190 help 183 help
191 These are 'Null' algorithms, used by 184 These are 'Null' algorithms, used by IPsec, which do nothing.
192 185
193 config CRYPTO_NULL2 186 config CRYPTO_NULL2
194 tristate 187 tristate
195 select CRYPTO_ALGAPI2 188 select CRYPTO_ALGAPI2
196 select CRYPTO_SKCIPHER2 !! 189 select CRYPTO_BLKCIPHER2
197 select CRYPTO_HASH2 190 select CRYPTO_HASH2
198 191
199 config CRYPTO_PCRYPT 192 config CRYPTO_PCRYPT
200 tristate "Parallel crypto engine" 193 tristate "Parallel crypto engine"
201 depends on SMP 194 depends on SMP
202 select PADATA 195 select PADATA
203 select CRYPTO_MANAGER 196 select CRYPTO_MANAGER
204 select CRYPTO_AEAD 197 select CRYPTO_AEAD
205 help 198 help
206 This converts an arbitrary crypto al 199 This converts an arbitrary crypto algorithm into a parallel
207 algorithm that executes in kernel th 200 algorithm that executes in kernel threads.
208 201
>> 202 config CRYPTO_WORKQUEUE
>> 203 tristate
>> 204
209 config CRYPTO_CRYPTD 205 config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon 206 tristate "Software async crypto daemon"
211 select CRYPTO_SKCIPHER !! 207 select CRYPTO_BLKCIPHER
212 select CRYPTO_HASH 208 select CRYPTO_HASH
213 select CRYPTO_MANAGER 209 select CRYPTO_MANAGER
>> 210 select CRYPTO_WORKQUEUE
214 help 211 help
215 This is a generic software asynchron 212 This is a generic software asynchronous crypto daemon that
216 converts an arbitrary synchronous so 213 converts an arbitrary synchronous software crypto algorithm
217 into an asynchronous algorithm that 214 into an asynchronous algorithm that executes in a kernel thread.
218 215
219 config CRYPTO_AUTHENC 216 config CRYPTO_AUTHENC
220 tristate "Authenc support" 217 tristate "Authenc support"
221 select CRYPTO_AEAD 218 select CRYPTO_AEAD
222 select CRYPTO_SKCIPHER !! 219 select CRYPTO_BLKCIPHER
223 select CRYPTO_MANAGER 220 select CRYPTO_MANAGER
224 select CRYPTO_HASH 221 select CRYPTO_HASH
225 select CRYPTO_NULL 222 select CRYPTO_NULL
226 help 223 help
227 Authenc: Combined mode wrapper for I 224 Authenc: Combined mode wrapper for IPsec.
228 !! 225 This is required for IPSec.
229 This is required for IPSec ESP (XFRM <<
230 226
231 config CRYPTO_TEST 227 config CRYPTO_TEST
232 tristate "Testing module" 228 tristate "Testing module"
233 depends on m || EXPERT !! 229 depends on m
234 select CRYPTO_MANAGER 230 select CRYPTO_MANAGER
235 help 231 help
236 Quick & dirty crypto test module. 232 Quick & dirty crypto test module.
237 233
238 config CRYPTO_SIMD 234 config CRYPTO_SIMD
239 tristate 235 tristate
240 select CRYPTO_CRYPTD 236 select CRYPTO_CRYPTD
241 237
>> 238 config CRYPTO_GLUE_HELPER_X86
>> 239 tristate
>> 240 depends on X86
>> 241 select CRYPTO_BLKCIPHER
>> 242
242 config CRYPTO_ENGINE 243 config CRYPTO_ENGINE
243 tristate 244 tristate
244 245
245 endmenu !! 246 comment "Authenticated Encryption with Associated Data"
246 247
247 menu "Public-key cryptography" !! 248 config CRYPTO_CCM
>> 249 tristate "CCM support"
>> 250 select CRYPTO_CTR
>> 251 select CRYPTO_HASH
>> 252 select CRYPTO_AEAD
>> 253 help
>> 254 Support for Counter with CBC MAC. Required for IPsec.
248 255
249 config CRYPTO_RSA !! 256 config CRYPTO_GCM
250 tristate "RSA (Rivest-Shamir-Adleman)" !! 257 tristate "GCM/GMAC support"
251 select CRYPTO_AKCIPHER !! 258 select CRYPTO_CTR
252 select CRYPTO_MANAGER !! 259 select CRYPTO_AEAD
253 select MPILIB !! 260 select CRYPTO_GHASH
254 select ASN1 !! 261 select CRYPTO_NULL
255 help 262 help
256 RSA (Rivest-Shamir-Adleman) public k !! 263 Support for Galois/Counter Mode (GCM) and Galois Message
>> 264 Authentication Code (GMAC). Required for IPSec.
257 265
258 config CRYPTO_DH !! 266 config CRYPTO_CHACHA20POLY1305
259 tristate "DH (Diffie-Hellman)" !! 267 tristate "ChaCha20-Poly1305 AEAD support"
260 select CRYPTO_KPP !! 268 select CRYPTO_CHACHA20
261 select MPILIB !! 269 select CRYPTO_POLY1305
>> 270 select CRYPTO_AEAD
262 help 271 help
263 DH (Diffie-Hellman) key exchange alg !! 272 ChaCha20-Poly1305 AEAD support, RFC7539.
264 273
265 config CRYPTO_DH_RFC7919_GROUPS !! 274 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
266 bool "RFC 7919 FFDHE groups" !! 275 with the Poly1305 authenticator. It is defined in RFC7539 for use in
267 depends on CRYPTO_DH !! 276 IETF protocols.
268 select CRYPTO_RNG_DEFAULT !! 277
>> 278 config CRYPTO_AEGIS128
>> 279 tristate "AEGIS-128 AEAD algorithm"
>> 280 select CRYPTO_AEAD
>> 281 select CRYPTO_AES # for AES S-box tables
269 help 282 help
270 FFDHE (Finite-Field-based Diffie-Hel !! 283 Support for the AEGIS-128 dedicated AEAD algorithm.
271 defined in RFC7919. <<
272 284
273 Support these finite-field groups in !! 285 config CRYPTO_AEGIS128L
274 - ffdhe2048, ffdhe3072, ffdhe4096, f !! 286 tristate "AEGIS-128L AEAD algorithm"
>> 287 select CRYPTO_AEAD
>> 288 select CRYPTO_AES # for AES S-box tables
>> 289 help
>> 290 Support for the AEGIS-128L dedicated AEAD algorithm.
275 291
276 If unsure, say N. !! 292 config CRYPTO_AEGIS256
>> 293 tristate "AEGIS-256 AEAD algorithm"
>> 294 select CRYPTO_AEAD
>> 295 select CRYPTO_AES # for AES S-box tables
>> 296 help
>> 297 Support for the AEGIS-256 dedicated AEAD algorithm.
277 298
278 config CRYPTO_ECC !! 299 config CRYPTO_AEGIS128_AESNI_SSE2
279 tristate !! 300 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
280 select CRYPTO_RNG_DEFAULT !! 301 depends on X86 && 64BIT
>> 302 select CRYPTO_AEAD
>> 303 select CRYPTO_CRYPTD
>> 304 help
>> 305 AESNI+SSE2 implementation of the AEGSI-128 dedicated AEAD algorithm.
281 306
282 config CRYPTO_ECDH !! 307 config CRYPTO_AEGIS128L_AESNI_SSE2
283 tristate "ECDH (Elliptic Curve Diffie- !! 308 tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
284 select CRYPTO_ECC !! 309 depends on X86 && 64BIT
285 select CRYPTO_KPP !! 310 select CRYPTO_AEAD
>> 311 select CRYPTO_CRYPTD
286 help 312 help
287 ECDH (Elliptic Curve Diffie-Hellman) !! 313 AESNI+SSE2 implementation of the AEGSI-128L dedicated AEAD algorithm.
288 using curves P-192, P-256, and P-384 <<
289 314
290 config CRYPTO_ECDSA !! 315 config CRYPTO_AEGIS256_AESNI_SSE2
291 tristate "ECDSA (Elliptic Curve Digita !! 316 tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
292 select CRYPTO_ECC !! 317 depends on X86 && 64BIT
293 select CRYPTO_AKCIPHER !! 318 select CRYPTO_AEAD
294 select ASN1 !! 319 select CRYPTO_CRYPTD
295 help 320 help
296 ECDSA (Elliptic Curve Digital Signat !! 321 AESNI+SSE2 implementation of the AEGSI-256 dedicated AEAD algorithm.
297 ISO/IEC 14888-3) !! 322
298 using curves P-192, P-256, and P-384 !! 323 config CRYPTO_MORUS640
299 !! 324 tristate "MORUS-640 AEAD algorithm"
300 Only signature verification is imple !! 325 select CRYPTO_AEAD
301 <<
302 config CRYPTO_ECRDSA <<
303 tristate "EC-RDSA (Elliptic Curve Russ <<
304 select CRYPTO_ECC <<
305 select CRYPTO_AKCIPHER <<
306 select CRYPTO_STREEBOG <<
307 select OID_REGISTRY <<
308 select ASN1 <<
309 help 326 help
310 Elliptic Curve Russian Digital Signa !! 327 Support for the MORUS-640 dedicated AEAD algorithm.
311 RFC 7091, ISO/IEC 14888-3) <<
312 328
313 One of the Russian cryptographic sta !! 329 config CRYPTO_MORUS640_GLUE
314 algorithms). Only signature verifica !! 330 tristate
>> 331 depends on X86
>> 332 select CRYPTO_AEAD
>> 333 select CRYPTO_CRYPTD
>> 334 help
>> 335 Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
>> 336 algorithm.
315 337
316 config CRYPTO_CURVE25519 !! 338 config CRYPTO_MORUS640_SSE2
317 tristate "Curve25519" !! 339 tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
318 select CRYPTO_KPP !! 340 depends on X86 && 64BIT
319 select CRYPTO_LIB_CURVE25519_GENERIC !! 341 select CRYPTO_AEAD
>> 342 select CRYPTO_MORUS640_GLUE
320 help 343 help
321 Curve25519 elliptic curve (RFC7748) !! 344 SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
322 345
323 endmenu !! 346 config CRYPTO_MORUS1280
>> 347 tristate "MORUS-1280 AEAD algorithm"
>> 348 select CRYPTO_AEAD
>> 349 help
>> 350 Support for the MORUS-1280 dedicated AEAD algorithm.
324 351
325 menu "Block ciphers" !! 352 config CRYPTO_MORUS1280_GLUE
>> 353 tristate
>> 354 depends on X86
>> 355 select CRYPTO_AEAD
>> 356 select CRYPTO_CRYPTD
>> 357 help
>> 358 Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
>> 359 algorithm.
326 360
327 config CRYPTO_AES !! 361 config CRYPTO_MORUS1280_SSE2
328 tristate "AES (Advanced Encryption Sta !! 362 tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
329 select CRYPTO_ALGAPI !! 363 depends on X86 && 64BIT
330 select CRYPTO_LIB_AES !! 364 select CRYPTO_AEAD
>> 365 select CRYPTO_MORUS1280_GLUE
331 help 366 help
332 AES cipher algorithms (Rijndael)(FIP !! 367 SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
>> 368 algorithm.
333 369
334 Rijndael appears to be consistently !! 370 config CRYPTO_MORUS1280_AVX2
335 both hardware and software across a !! 371 tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
336 environments regardless of its use i !! 372 depends on X86 && 64BIT
337 modes. Its key setup time is excelle !! 373 select CRYPTO_AEAD
338 good. Rijndael's very low memory req !! 374 select CRYPTO_MORUS1280_GLUE
339 suited for restricted-space environm !! 375 help
340 demonstrates excellent performance. !! 376 AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
341 among the easiest to defend against !! 377 algorithm.
342 378
343 The AES specifies three key sizes: 1 !! 379 config CRYPTO_SEQIV
>> 380 tristate "Sequence Number IV Generator"
>> 381 select CRYPTO_AEAD
>> 382 select CRYPTO_BLKCIPHER
>> 383 select CRYPTO_NULL
>> 384 select CRYPTO_RNG_DEFAULT
>> 385 help
>> 386 This IV generator generates an IV based on a sequence number by
>> 387 xoring it with a salt. This algorithm is mainly useful for CTR
344 388
345 config CRYPTO_AES_TI !! 389 config CRYPTO_ECHAINIV
346 tristate "AES (Advanced Encryption Sta !! 390 tristate "Encrypted Chain IV Generator"
347 select CRYPTO_ALGAPI !! 391 select CRYPTO_AEAD
348 select CRYPTO_LIB_AES !! 392 select CRYPTO_NULL
>> 393 select CRYPTO_RNG_DEFAULT
>> 394 default m
349 help 395 help
350 AES cipher algorithms (Rijndael)(FIP !! 396 This IV generator generates an IV based on the encryption of
>> 397 a sequence number xored with a salt. This is the default
>> 398 algorithm for CBC.
351 399
352 This is a generic implementation of !! 400 comment "Block modes"
353 data dependent latencies as much as <<
354 performance too much. It is intended <<
355 and GCM drivers, and other CTR or CM <<
356 solely on encryption (although decry <<
357 with a more dramatic performance hit <<
358 401
359 Instead of using 16 lookup tables of !! 402 config CRYPTO_CBC
360 8 for decryption), this implementati !! 403 tristate "CBC support"
361 256 bytes each, and attempts to elim !! 404 select CRYPTO_BLKCIPHER
362 prefetching the entire table into th !! 405 select CRYPTO_MANAGER
363 block. Interrupts are also disabled !! 406 help
364 are evicted when the CPU is interrup !! 407 CBC: Cipher Block Chaining mode
>> 408 This block cipher algorithm is required for IPSec.
365 409
366 config CRYPTO_ANUBIS !! 410 config CRYPTO_CFB
367 tristate "Anubis" !! 411 tristate "CFB support"
368 depends on CRYPTO_USER_API_ENABLE_OBSO !! 412 select CRYPTO_BLKCIPHER
369 select CRYPTO_ALGAPI !! 413 select CRYPTO_MANAGER
370 help 414 help
371 Anubis cipher algorithm !! 415 CFB: Cipher FeedBack mode
>> 416 This block cipher algorithm is required for TPM2 Cryptography.
372 417
373 Anubis is a variable key length ciph !! 418 config CRYPTO_CTR
374 128 bits to 320 bits in length. It !! 419 tristate "CTR support"
375 in the NESSIE competition. !! 420 select CRYPTO_BLKCIPHER
>> 421 select CRYPTO_SEQIV
>> 422 select CRYPTO_MANAGER
>> 423 help
>> 424 CTR: Counter mode
>> 425 This block cipher algorithm is required for IPSec.
376 426
377 See https://web.archive.org/web/2016 !! 427 config CRYPTO_CTS
378 for further information. !! 428 tristate "CTS support"
>> 429 select CRYPTO_BLKCIPHER
>> 430 help
>> 431 CTS: Cipher Text Stealing
>> 432 This is the Cipher Text Stealing mode as described by
>> 433 Section 8 of rfc2040 and referenced by rfc3962.
>> 434 (rfc3962 includes errata information in its Appendix A)
>> 435 This mode is required for Kerberos gss mechanism support
>> 436 for AES encryption.
379 437
380 config CRYPTO_ARIA !! 438 config CRYPTO_ECB
381 tristate "ARIA" !! 439 tristate "ECB support"
382 select CRYPTO_ALGAPI !! 440 select CRYPTO_BLKCIPHER
>> 441 select CRYPTO_MANAGER
383 help 442 help
384 ARIA cipher algorithm (RFC5794) !! 443 ECB: Electronic CodeBook mode
>> 444 This is the simplest block cipher algorithm. It simply encrypts
>> 445 the input block by block.
385 446
386 ARIA is a standard encryption algori !! 447 config CRYPTO_LRW
387 The ARIA specifies three key sizes a !! 448 tristate "LRW support"
388 128-bit: 12 rounds. !! 449 select CRYPTO_BLKCIPHER
389 192-bit: 14 rounds. !! 450 select CRYPTO_MANAGER
390 256-bit: 16 rounds. !! 451 select CRYPTO_GF128MUL
>> 452 help
>> 453 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
>> 454 narrow block cipher mode for dm-crypt. Use it with cipher
>> 455 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
>> 456 The first 128, 192 or 256 bits in the key are used for AES and the
>> 457 rest is used to tie each cipher block to its logical position.
391 458
392 See: !! 459 config CRYPTO_OFB
393 https://seed.kisa.or.kr/kisa/algorit !! 460 tristate "OFB support"
>> 461 select CRYPTO_BLKCIPHER
>> 462 select CRYPTO_MANAGER
>> 463 help
>> 464 OFB: the Output Feedback mode makes a block cipher into a synchronous
>> 465 stream cipher. It generates keystream blocks, which are then XORed
>> 466 with the plaintext blocks to get the ciphertext. Flipping a bit in the
>> 467 ciphertext produces a flipped bit in the plaintext at the same
>> 468 location. This property allows many error correcting codes to function
>> 469 normally even when applied before encryption.
394 470
395 config CRYPTO_BLOWFISH !! 471 config CRYPTO_PCBC
396 tristate "Blowfish" !! 472 tristate "PCBC support"
397 select CRYPTO_ALGAPI !! 473 select CRYPTO_BLKCIPHER
398 select CRYPTO_BLOWFISH_COMMON !! 474 select CRYPTO_MANAGER
399 help 475 help
400 Blowfish cipher algorithm, by Bruce !! 476 PCBC: Propagating Cipher Block Chaining mode
>> 477 This block cipher algorithm is required for RxRPC.
401 478
402 This is a variable key length cipher !! 479 config CRYPTO_XTS
403 bits to 448 bits in length. It's fa !! 480 tristate "XTS support"
404 designed for use on "large microproc !! 481 select CRYPTO_BLKCIPHER
>> 482 select CRYPTO_MANAGER
>> 483 select CRYPTO_ECB
>> 484 help
>> 485 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
>> 486 key size 256, 384 or 512 bits. This implementation currently
>> 487 can't handle a sectorsize which is not a multiple of 16 bytes.
405 488
406 See https://www.schneier.com/blowfis !! 489 config CRYPTO_KEYWRAP
>> 490 tristate "Key wrapping support"
>> 491 select CRYPTO_BLKCIPHER
>> 492 help
>> 493 Support for key wrapping (NIST SP800-38F / RFC3394) without
>> 494 padding.
407 495
408 config CRYPTO_BLOWFISH_COMMON !! 496 comment "Hash modes"
409 tristate !! 497
>> 498 config CRYPTO_CMAC
>> 499 tristate "CMAC support"
>> 500 select CRYPTO_HASH
>> 501 select CRYPTO_MANAGER
410 help 502 help
411 Common parts of the Blowfish cipher !! 503 Cipher-based Message Authentication Code (CMAC) specified by
412 generic c and the assembler implemen !! 504 The National Institute of Standards and Technology (NIST).
413 505
414 config CRYPTO_CAMELLIA !! 506 https://tools.ietf.org/html/rfc4493
415 tristate "Camellia" !! 507 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
416 select CRYPTO_ALGAPI !! 508
>> 509 config CRYPTO_HMAC
>> 510 tristate "HMAC support"
>> 511 select CRYPTO_HASH
>> 512 select CRYPTO_MANAGER
417 help 513 help
418 Camellia cipher algorithms (ISO/IEC !! 514 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
>> 515 This is required for IPSec.
419 516
420 Camellia is a symmetric key block ci !! 517 config CRYPTO_XCBC
421 at NTT and Mitsubishi Electric Corpo !! 518 tristate "XCBC support"
>> 519 select CRYPTO_HASH
>> 520 select CRYPTO_MANAGER
>> 521 help
>> 522 XCBC: Keyed-Hashing with encryption algorithm
>> 523 http://www.ietf.org/rfc/rfc3566.txt
>> 524 http://csrc.nist.gov/encryption/modes/proposedmodes/
>> 525 xcbc-mac/xcbc-mac-spec.pdf
422 526
423 The Camellia specifies three key siz !! 527 config CRYPTO_VMAC
>> 528 tristate "VMAC support"
>> 529 select CRYPTO_HASH
>> 530 select CRYPTO_MANAGER
>> 531 help
>> 532 VMAC is a message authentication algorithm designed for
>> 533 very high speed on 64-bit architectures.
424 534
425 See https://info.isl.ntt.co.jp/crypt !! 535 See also:
>> 536 <http://fastcrypto.org/vmac>
426 537
427 config CRYPTO_CAST_COMMON !! 538 comment "Digest"
428 tristate !! 539
>> 540 config CRYPTO_CRC32C
>> 541 tristate "CRC32c CRC algorithm"
>> 542 select CRYPTO_HASH
>> 543 select CRC32
429 help 544 help
430 Common parts of the CAST cipher algo !! 545 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
431 generic c and the assembler implemen !! 546 by iSCSI for header and data digests and by others.
>> 547 See Castagnoli93. Module will be crc32c.
>> 548
>> 549 config CRYPTO_CRC32C_INTEL
>> 550 tristate "CRC32c INTEL hardware acceleration"
>> 551 depends on X86
>> 552 select CRYPTO_HASH
>> 553 help
>> 554 In Intel processor with SSE4.2 supported, the processor will
>> 555 support CRC32C implementation using hardware accelerated CRC32
>> 556 instruction. This option will create 'crc32c-intel' module,
>> 557 which will enable any routine to use the CRC32 instruction to
>> 558 gain performance compared with software implementation.
>> 559 Module will be crc32c-intel.
>> 560
>> 561 config CRYPTO_CRC32C_VPMSUM
>> 562 tristate "CRC32c CRC algorithm (powerpc64)"
>> 563 depends on PPC64 && ALTIVEC
>> 564 select CRYPTO_HASH
>> 565 select CRC32
>> 566 help
>> 567 CRC32c algorithm implemented using vector polynomial multiply-sum
>> 568 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
>> 569 and newer processors for improved performance.
432 570
433 config CRYPTO_CAST5 !! 571
434 tristate "CAST5 (CAST-128)" !! 572 config CRYPTO_CRC32C_SPARC64
435 select CRYPTO_ALGAPI !! 573 tristate "CRC32c CRC algorithm (SPARC64)"
436 select CRYPTO_CAST_COMMON !! 574 depends on SPARC64
>> 575 select CRYPTO_HASH
>> 576 select CRC32
437 help 577 help
438 CAST5 (CAST-128) cipher algorithm (R !! 578 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
>> 579 when available.
439 580
440 config CRYPTO_CAST6 !! 581 config CRYPTO_CRC32
441 tristate "CAST6 (CAST-256)" !! 582 tristate "CRC32 CRC algorithm"
442 select CRYPTO_ALGAPI !! 583 select CRYPTO_HASH
443 select CRYPTO_CAST_COMMON !! 584 select CRC32
444 help 585 help
445 CAST6 (CAST-256) encryption algorith !! 586 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
>> 587 Shash crypto api wrappers to crc32_le function.
446 588
447 config CRYPTO_DES !! 589 config CRYPTO_CRC32_PCLMUL
448 tristate "DES and Triple DES EDE" !! 590 tristate "CRC32 PCLMULQDQ hardware acceleration"
449 select CRYPTO_ALGAPI !! 591 depends on X86
450 select CRYPTO_LIB_DES !! 592 select CRYPTO_HASH
>> 593 select CRC32
451 help 594 help
452 DES (Data Encryption Standard)(FIPS !! 595 From Intel Westmere and AMD Bulldozer processor with SSE4.2
453 Triple DES EDE (Encrypt/Decrypt/Encr !! 596 and PCLMULQDQ supported, the processor will support
454 cipher algorithms !! 597 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
>> 598 instruction. This option will create 'crc32-plcmul' module,
>> 599 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
>> 600 and gain better performance as compared with the table implementation.
>> 601
>> 602 config CRYPTO_CRC32_MIPS
>> 603 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
>> 604 depends on MIPS_CRC_SUPPORT
>> 605 select CRYPTO_HASH
>> 606 help
>> 607 CRC32c and CRC32 CRC algorithms implemented using mips crypto
>> 608 instructions, when available.
455 609
456 config CRYPTO_FCRYPT !! 610
457 tristate "FCrypt" !! 611 config CRYPTO_CRCT10DIF
458 select CRYPTO_ALGAPI !! 612 tristate "CRCT10DIF algorithm"
459 select CRYPTO_SKCIPHER !! 613 select CRYPTO_HASH
460 help 614 help
461 FCrypt algorithm used by RxRPC !! 615 CRC T10 Data Integrity Field computation is being cast as
>> 616 a crypto transform. This allows for faster crc t10 diff
>> 617 transforms to be used if they are available.
462 618
463 See https://ota.polyonymo.us/fcrypt- !! 619 config CRYPTO_CRCT10DIF_PCLMUL
>> 620 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
>> 621 depends on X86 && 64BIT && CRC_T10DIF
>> 622 select CRYPTO_HASH
>> 623 help
>> 624 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
>> 625 CRC T10 DIF PCLMULQDQ computation can be hardware
>> 626 accelerated PCLMULQDQ instruction. This option will create
>> 627 'crct10dif-plcmul' module, which is faster when computing the
>> 628 crct10dif checksum as compared with the generic table implementation.
464 629
465 config CRYPTO_KHAZAD !! 630 config CRYPTO_CRCT10DIF_VPMSUM
466 tristate "Khazad" !! 631 tristate "CRC32T10DIF powerpc64 hardware acceleration"
467 depends on CRYPTO_USER_API_ENABLE_OBSO !! 632 depends on PPC64 && ALTIVEC && CRC_T10DIF
468 select CRYPTO_ALGAPI !! 633 select CRYPTO_HASH
469 help 634 help
470 Khazad cipher algorithm !! 635 CRC10T10DIF algorithm implemented using vector polynomial
>> 636 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
>> 637 POWER8 and newer processors for improved performance.
471 638
472 Khazad was a finalist in the initial !! 639 config CRYPTO_VPMSUM_TESTER
473 an algorithm optimized for 64-bit pr !! 640 tristate "Powerpc64 vpmsum hardware acceleration tester"
474 on 32-bit processors. Khazad uses a !! 641 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
>> 642 help
>> 643 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
>> 644 POWER8 vpmsum instructions.
>> 645 Unless you are testing these algorithms, you don't need this.
475 646
476 See https://web.archive.org/web/2017 !! 647 config CRYPTO_GHASH
477 for further information. !! 648 tristate "GHASH digest algorithm"
>> 649 select CRYPTO_GF128MUL
>> 650 select CRYPTO_HASH
>> 651 help
>> 652 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
478 653
479 config CRYPTO_SEED !! 654 config CRYPTO_POLY1305
480 tristate "SEED" !! 655 tristate "Poly1305 authenticator algorithm"
481 depends on CRYPTO_USER_API_ENABLE_OBSO !! 656 select CRYPTO_HASH
482 select CRYPTO_ALGAPI <<
483 help 657 help
484 SEED cipher algorithm (RFC4269, ISO/ !! 658 Poly1305 authenticator algorithm, RFC7539.
485 659
486 SEED is a 128-bit symmetric key bloc !! 660 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
487 developed by KISA (Korea Information !! 661 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
488 national standard encryption algorit !! 662 in IETF protocols. This is the portable C implementation of Poly1305.
489 It is a 16 round block cipher with t <<
490 663
491 See https://seed.kisa.or.kr/kisa/alg !! 664 config CRYPTO_POLY1305_X86_64
492 for further information. !! 665 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
>> 666 depends on X86 && 64BIT
>> 667 select CRYPTO_POLY1305
>> 668 help
>> 669 Poly1305 authenticator algorithm, RFC7539.
493 670
494 config CRYPTO_SERPENT !! 671 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
495 tristate "Serpent" !! 672 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
496 select CRYPTO_ALGAPI !! 673 in IETF protocols. This is the x86_64 assembler implementation using SIMD
>> 674 instructions.
>> 675
>> 676 config CRYPTO_MD4
>> 677 tristate "MD4 digest algorithm"
>> 678 select CRYPTO_HASH
497 help 679 help
498 Serpent cipher algorithm, by Anderso !! 680 MD4 message digest algorithm (RFC1320).
499 681
500 Keys are allowed to be from 0 to 256 !! 682 config CRYPTO_MD5
501 of 8 bits. !! 683 tristate "MD5 digest algorithm"
>> 684 select CRYPTO_HASH
>> 685 help
>> 686 MD5 message digest algorithm (RFC1321).
502 687
503 See https://www.cl.cam.ac.uk/~rja14/ !! 688 config CRYPTO_MD5_OCTEON
>> 689 tristate "MD5 digest algorithm (OCTEON)"
>> 690 depends on CPU_CAVIUM_OCTEON
>> 691 select CRYPTO_MD5
>> 692 select CRYPTO_HASH
>> 693 help
>> 694 MD5 message digest algorithm (RFC1321) implemented
>> 695 using OCTEON crypto instructions, when available.
504 696
505 config CRYPTO_SM4 !! 697 config CRYPTO_MD5_PPC
506 tristate !! 698 tristate "MD5 digest algorithm (PPC)"
>> 699 depends on PPC
>> 700 select CRYPTO_HASH
>> 701 help
>> 702 MD5 message digest algorithm (RFC1321) implemented
>> 703 in PPC assembler.
507 704
508 config CRYPTO_SM4_GENERIC !! 705 config CRYPTO_MD5_SPARC64
509 tristate "SM4 (ShangMi 4)" !! 706 tristate "MD5 digest algorithm (SPARC64)"
510 select CRYPTO_ALGAPI !! 707 depends on SPARC64
511 select CRYPTO_SM4 !! 708 select CRYPTO_MD5
>> 709 select CRYPTO_HASH
512 help 710 help
513 SM4 cipher algorithms (OSCCA GB/T 32 !! 711 MD5 message digest algorithm (RFC1321) implemented
514 ISO/IEC 18033-3:2010/Amd 1:2021) !! 712 using sparc64 crypto instructions, when available.
515 713
516 SM4 (GBT.32907-2016) is a cryptograp !! 714 config CRYPTO_MICHAEL_MIC
517 Organization of State Commercial Adm !! 715 tristate "Michael MIC keyed digest algorithm"
518 as an authorized cryptographic algor !! 716 select CRYPTO_HASH
>> 717 help
>> 718 Michael MIC is used for message integrity protection in TKIP
>> 719 (IEEE 802.11i). This algorithm is required for TKIP, but it
>> 720 should not be used for other purposes because of the weakness
>> 721 of the algorithm.
519 722
520 SMS4 was originally created for use !! 723 config CRYPTO_RMD128
521 networks, and is mandated in the Chi !! 724 tristate "RIPEMD-128 digest algorithm"
522 Wireless LAN WAPI (Wired Authenticat !! 725 select CRYPTO_HASH
523 (GB.15629.11-2003). !! 726 help
>> 727 RIPEMD-128 (ISO/IEC 10118-3:2004).
524 728
525 The latest SM4 standard (GBT.32907-2 !! 729 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
526 standardized through TC 260 of the S !! 730 be used as a secure replacement for RIPEMD. For other use cases,
527 of the People's Republic of China (S !! 731 RIPEMD-160 should be used.
528 732
529 The input, output, and key of SMS4 a !! 733 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
>> 734 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
530 735
531 See https://eprint.iacr.org/2008/329 !! 736 config CRYPTO_RMD160
>> 737 tristate "RIPEMD-160 digest algorithm"
>> 738 select CRYPTO_HASH
>> 739 help
>> 740 RIPEMD-160 (ISO/IEC 10118-3:2004).
532 741
533 If unsure, say N. !! 742 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
>> 743 to be used as a secure replacement for the 128-bit hash functions
>> 744 MD4, MD5 and it's predecessor RIPEMD
>> 745 (not to be confused with RIPEMD-128).
534 746
535 config CRYPTO_TEA !! 747 It's speed is comparable to SHA1 and there are no known attacks
536 tristate "TEA, XTEA and XETA" !! 748 against RIPEMD-160.
537 depends on CRYPTO_USER_API_ENABLE_OBSO !! 749
538 select CRYPTO_ALGAPI !! 750 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
>> 751 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
>> 752
>> 753 config CRYPTO_RMD256
>> 754 tristate "RIPEMD-256 digest algorithm"
>> 755 select CRYPTO_HASH
539 help 756 help
540 TEA (Tiny Encryption Algorithm) ciph !! 757 RIPEMD-256 is an optional extension of RIPEMD-128 with a
>> 758 256 bit hash. It is intended for applications that require
>> 759 longer hash-results, without needing a larger security level
>> 760 (than RIPEMD-128).
541 761
542 Tiny Encryption Algorithm is a simpl !! 762 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
543 many rounds for security. It is ver !! 763 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
544 little memory. <<
545 764
546 Xtendend Tiny Encryption Algorithm i !! 765 config CRYPTO_RMD320
547 the TEA algorithm to address a poten !! 766 tristate "RIPEMD-320 digest algorithm"
548 in the TEA algorithm. !! 767 select CRYPTO_HASH
>> 768 help
>> 769 RIPEMD-320 is an optional extension of RIPEMD-160 with a
>> 770 320 bit hash. It is intended for applications that require
>> 771 longer hash-results, without needing a larger security level
>> 772 (than RIPEMD-160).
549 773
550 Xtendend Encryption Tiny Algorithm i !! 774 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
551 of the XTEA algorithm for compatibil !! 775 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
552 776
553 config CRYPTO_TWOFISH !! 777 config CRYPTO_SHA1
554 tristate "Twofish" !! 778 tristate "SHA1 digest algorithm"
555 select CRYPTO_ALGAPI !! 779 select CRYPTO_HASH
556 select CRYPTO_TWOFISH_COMMON <<
557 help 780 help
558 Twofish cipher algorithm !! 781 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
559 782
560 Twofish was submitted as an AES (Adv !! 783 config CRYPTO_SHA1_SSSE3
561 candidate cipher by researchers at C !! 784 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
562 16 round block cipher supporting key !! 785 depends on X86 && 64BIT
563 bits. !! 786 select CRYPTO_SHA1
>> 787 select CRYPTO_HASH
>> 788 help
>> 789 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 790 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
>> 791 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
>> 792 when available.
564 793
565 See https://www.schneier.com/twofish !! 794 config CRYPTO_SHA256_SSSE3
>> 795 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
>> 796 depends on X86 && 64BIT
>> 797 select CRYPTO_SHA256
>> 798 select CRYPTO_HASH
>> 799 help
>> 800 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 801 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 802 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 803 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
>> 804 Instructions) when available.
>> 805
>> 806 config CRYPTO_SHA512_SSSE3
>> 807 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
>> 808 depends on X86 && 64BIT
>> 809 select CRYPTO_SHA512
>> 810 select CRYPTO_HASH
>> 811 help
>> 812 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 813 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 814 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 815 version 2 (AVX2) instructions, when available.
566 816
567 config CRYPTO_TWOFISH_COMMON !! 817 config CRYPTO_SHA1_OCTEON
568 tristate !! 818 tristate "SHA1 digest algorithm (OCTEON)"
>> 819 depends on CPU_CAVIUM_OCTEON
>> 820 select CRYPTO_SHA1
>> 821 select CRYPTO_HASH
569 help 822 help
570 Common parts of the Twofish cipher a !! 823 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
571 generic c and the assembler implemen !! 824 using OCTEON crypto instructions, when available.
572 825
573 endmenu !! 826 config CRYPTO_SHA1_SPARC64
>> 827 tristate "SHA1 digest algorithm (SPARC64)"
>> 828 depends on SPARC64
>> 829 select CRYPTO_SHA1
>> 830 select CRYPTO_HASH
>> 831 help
>> 832 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 833 using sparc64 crypto instructions, when available.
574 834
575 menu "Length-preserving ciphers and modes" !! 835 config CRYPTO_SHA1_PPC
>> 836 tristate "SHA1 digest algorithm (powerpc)"
>> 837 depends on PPC
>> 838 help
>> 839 This is the powerpc hardware accelerated implementation of the
>> 840 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
576 841
577 config CRYPTO_ADIANTUM !! 842 config CRYPTO_SHA1_PPC_SPE
578 tristate "Adiantum" !! 843 tristate "SHA1 digest algorithm (PPC SPE)"
579 select CRYPTO_CHACHA20 !! 844 depends on PPC && SPE
580 select CRYPTO_LIB_POLY1305_GENERIC <<
581 select CRYPTO_NHPOLY1305 <<
582 select CRYPTO_MANAGER <<
583 help 845 help
584 Adiantum tweakable, length-preservin !! 846 SHA-1 secure hash standard (DFIPS 180-4) implemented
>> 847 using powerpc SPE SIMD instruction set.
585 848
586 Designed for fast and secure disk en !! 849 config CRYPTO_SHA256
587 CPUs without dedicated crypto instru !! 850 tristate "SHA224 and SHA256 digest algorithm"
588 each sector using the XChaCha12 stre !! 851 select CRYPTO_HASH
589 an ε-almost-∆-universal hash func !! 852 help
590 the AES-256 block cipher on a single !! 853 SHA256 secure hash standard (DFIPS 180-2).
591 without AES instructions, Adiantum i <<
592 AES-XTS. <<
593 <<
594 Adiantum's security is provably redu <<
595 underlying stream and block ciphers, <<
596 bound. Unlike XTS, Adiantum is a tr <<
597 mode, so it actually provides an eve <<
598 security than XTS, subject to the se <<
599 854
600 If unsure, say N. !! 855 This version of SHA implements a 256 bit hash with 128 bits of
>> 856 security against collision attacks.
601 857
602 config CRYPTO_ARC4 !! 858 This code also includes SHA-224, a 224 bit hash with 112 bits
603 tristate "ARC4 (Alleged Rivest Cipher !! 859 of security against collision attacks.
604 depends on CRYPTO_USER_API_ENABLE_OBSO !! 860
605 select CRYPTO_SKCIPHER !! 861 config CRYPTO_SHA256_PPC_SPE
606 select CRYPTO_LIB_ARC4 !! 862 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
>> 863 depends on PPC && SPE
>> 864 select CRYPTO_SHA256
>> 865 select CRYPTO_HASH
607 help 866 help
608 ARC4 cipher algorithm !! 867 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
>> 868 implemented using powerpc SPE SIMD instruction set.
609 869
610 ARC4 is a stream cipher using keys r !! 870 config CRYPTO_SHA256_OCTEON
611 bits in length. This algorithm is r !! 871 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
612 WEP, but it should not be for other !! 872 depends on CPU_CAVIUM_OCTEON
613 weakness of the algorithm. !! 873 select CRYPTO_SHA256
>> 874 select CRYPTO_HASH
>> 875 help
>> 876 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 877 using OCTEON crypto instructions, when available.
614 878
615 config CRYPTO_CHACHA20 !! 879 config CRYPTO_SHA256_SPARC64
616 tristate "ChaCha" !! 880 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
617 select CRYPTO_LIB_CHACHA_GENERIC !! 881 depends on SPARC64
618 select CRYPTO_SKCIPHER !! 882 select CRYPTO_SHA256
>> 883 select CRYPTO_HASH
619 help 884 help
620 The ChaCha20, XChaCha20, and XChaCha !! 885 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 886 using sparc64 crypto instructions, when available.
621 887
622 ChaCha20 is a 256-bit high-speed str !! 888 config CRYPTO_SHA512
623 Bernstein and further specified in R !! 889 tristate "SHA384 and SHA512 digest algorithms"
624 This is the portable C implementatio !! 890 select CRYPTO_HASH
625 https://cr.yp.to/chacha/chacha-20080 !! 891 help
>> 892 SHA512 secure hash standard (DFIPS 180-2).
626 893
627 XChaCha20 is the application of the !! 894 This version of SHA implements a 512 bit hash with 256 bits of
628 rather than to Salsa20. XChaCha20 e !! 895 security against collision attacks.
629 from 64 bits (or 96 bits using the R <<
630 while provably retaining ChaCha20's <<
631 https://cr.yp.to/snuffle/xsalsa-2008 <<
632 <<
633 XChaCha12 is XChaCha20 reduced to 12 <<
634 reduced security margin but increase <<
635 in some performance-sensitive scenar <<
636 896
637 config CRYPTO_CBC !! 897 This code also includes SHA-384, a 384 bit hash with 192 bits
638 tristate "CBC (Cipher Block Chaining)" !! 898 of security against collision attacks.
639 select CRYPTO_SKCIPHER !! 899
640 select CRYPTO_MANAGER !! 900 config CRYPTO_SHA512_OCTEON
>> 901 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
>> 902 depends on CPU_CAVIUM_OCTEON
>> 903 select CRYPTO_SHA512
>> 904 select CRYPTO_HASH
641 help 905 help
642 CBC (Cipher Block Chaining) mode (NI !! 906 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 907 using OCTEON crypto instructions, when available.
643 908
644 This block cipher mode is required f !! 909 config CRYPTO_SHA512_SPARC64
>> 910 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
>> 911 depends on SPARC64
>> 912 select CRYPTO_SHA512
>> 913 select CRYPTO_HASH
>> 914 help
>> 915 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 916 using sparc64 crypto instructions, when available.
645 917
646 config CRYPTO_CTR !! 918 config CRYPTO_SHA3
647 tristate "CTR (Counter)" !! 919 tristate "SHA3 digest algorithm"
648 select CRYPTO_SKCIPHER !! 920 select CRYPTO_HASH
649 select CRYPTO_MANAGER <<
650 help 921 help
651 CTR (Counter) mode (NIST SP800-38A) !! 922 SHA-3 secure hash standard (DFIPS 202). It's based on
>> 923 cryptographic sponge function family called Keccak.
652 924
653 config CRYPTO_CTS !! 925 References:
654 tristate "CTS (Cipher Text Stealing)" !! 926 http://keccak.noekeon.org/
655 select CRYPTO_SKCIPHER !! 927
656 select CRYPTO_MANAGER !! 928 config CRYPTO_SM3
>> 929 tristate "SM3 digest algorithm"
>> 930 select CRYPTO_HASH
657 help 931 help
658 CBC-CS3 variant of CTS (Cipher Text !! 932 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
659 Addendum to SP800-38A (October 2010) !! 933 It is part of the Chinese Commercial Cryptography suite.
660 934
661 This mode is required for Kerberos g !! 935 References:
662 for AES encryption. !! 936 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
>> 937 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
663 938
664 config CRYPTO_ECB !! 939 config CRYPTO_TGR192
665 tristate "ECB (Electronic Codebook)" !! 940 tristate "Tiger digest algorithms"
666 select CRYPTO_SKCIPHER2 !! 941 select CRYPTO_HASH
667 select CRYPTO_MANAGER <<
668 help 942 help
669 ECB (Electronic Codebook) mode (NIST !! 943 Tiger hash algorithm 192, 160 and 128-bit hashes
670 944
671 config CRYPTO_HCTR2 !! 945 Tiger is a hash function optimized for 64-bit processors while
672 tristate "HCTR2" !! 946 still having decent performance on 32-bit processors.
673 select CRYPTO_XCTR !! 947 Tiger was developed by Ross Anderson and Eli Biham.
674 select CRYPTO_POLYVAL !! 948
675 select CRYPTO_MANAGER !! 949 See also:
>> 950 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
>> 951
>> 952 config CRYPTO_WP512
>> 953 tristate "Whirlpool digest algorithms"
>> 954 select CRYPTO_HASH
676 help 955 help
677 HCTR2 length-preserving encryption m !! 956 Whirlpool hash algorithm 512, 384 and 256-bit hashes
678 957
679 A mode for storage encryption that i !! 958 Whirlpool-512 is part of the NESSIE cryptographic primitives.
680 instructions to accelerate AES and c !! 959 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
681 x86 processors with AES-NI and CLMUL <<
682 ARMv8 crypto extensions. <<
683 960
684 See https://eprint.iacr.org/2021/144 !! 961 See also:
>> 962 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
685 963
686 config CRYPTO_KEYWRAP !! 964 config CRYPTO_GHASH_CLMUL_NI_INTEL
687 tristate "KW (AES Key Wrap)" !! 965 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
688 select CRYPTO_SKCIPHER !! 966 depends on X86 && 64BIT
689 select CRYPTO_MANAGER !! 967 select CRYPTO_CRYPTD
690 help 968 help
691 KW (AES Key Wrap) authenticated encr !! 969 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
692 and RFC3394) without padding. !! 970 The implementation is accelerated by CLMUL-NI of Intel.
693 971
694 config CRYPTO_LRW !! 972 comment "Ciphers"
695 tristate "LRW (Liskov Rivest Wagner)" !! 973
696 select CRYPTO_LIB_GF128MUL !! 974 config CRYPTO_AES
697 select CRYPTO_SKCIPHER !! 975 tristate "AES cipher algorithms"
698 select CRYPTO_MANAGER !! 976 select CRYPTO_ALGAPI
699 select CRYPTO_ECB <<
700 help 977 help
701 LRW (Liskov Rivest Wagner) mode !! 978 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 979 algorithm.
702 980
703 A tweakable, non malleable, non mova !! 981 Rijndael appears to be consistently a very good performer in
704 narrow block cipher mode for dm-cryp !! 982 both hardware and software across a wide range of computing
705 specification string aes-lrw-benbi, !! 983 environments regardless of its use in feedback or non-feedback
706 The first 128, 192 or 256 bits in th !! 984 modes. Its key setup time is excellent, and its key agility is
707 rest is used to tie each cipher bloc !! 985 good. Rijndael's very low memory requirements make it very well
>> 986 suited for restricted-space environments, in which it also
>> 987 demonstrates excellent performance. Rijndael's operations are
>> 988 among the easiest to defend against power and timing attacks.
708 989
709 See https://people.csail.mit.edu/riv !! 990 The AES specifies three key sizes: 128, 192 and 256 bits
710 991
711 config CRYPTO_PCBC !! 992 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
712 tristate "PCBC (Propagating Cipher Blo !! 993
713 select CRYPTO_SKCIPHER !! 994 config CRYPTO_AES_TI
714 select CRYPTO_MANAGER !! 995 tristate "Fixed time AES cipher"
>> 996 select CRYPTO_ALGAPI
715 help 997 help
716 PCBC (Propagating Cipher Block Chain !! 998 This is a generic implementation of AES that attempts to eliminate
>> 999 data dependent latencies as much as possible without affecting
>> 1000 performance too much. It is intended for use by the generic CCM
>> 1001 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
>> 1002 solely on encryption (although decryption is supported as well, but
>> 1003 with a more dramatic performance hit)
717 1004
718 This block cipher mode is required f !! 1005 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
>> 1006 8 for decryption), this implementation only uses just two S-boxes of
>> 1007 256 bytes each, and attempts to eliminate data dependent latencies by
>> 1008 prefetching the entire table into the cache at the start of each
>> 1009 block. Interrupts are also disabled to avoid races where cachelines
>> 1010 are evicted when the CPU is interrupted to do something else.
719 1011
720 config CRYPTO_XCTR !! 1012 config CRYPTO_AES_586
721 tristate !! 1013 tristate "AES cipher algorithms (i586)"
722 select CRYPTO_SKCIPHER !! 1014 depends on (X86 || UML_X86) && !64BIT
723 select CRYPTO_MANAGER !! 1015 select CRYPTO_ALGAPI
>> 1016 select CRYPTO_AES
724 help 1017 help
725 XCTR (XOR Counter) mode for HCTR2 !! 1018 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1019 algorithm.
726 1020
727 This blockcipher mode is a variant o !! 1021 Rijndael appears to be consistently a very good performer in
728 addition rather than big-endian arit !! 1022 both hardware and software across a wide range of computing
>> 1023 environments regardless of its use in feedback or non-feedback
>> 1024 modes. Its key setup time is excellent, and its key agility is
>> 1025 good. Rijndael's very low memory requirements make it very well
>> 1026 suited for restricted-space environments, in which it also
>> 1027 demonstrates excellent performance. Rijndael's operations are
>> 1028 among the easiest to defend against power and timing attacks.
729 1029
730 XCTR mode is used to implement HCTR2 !! 1030 The AES specifies three key sizes: 128, 192 and 256 bits
731 1031
732 config CRYPTO_XTS !! 1032 See <http://csrc.nist.gov/encryption/aes/> for more information.
733 tristate "XTS (XOR Encrypt XOR with ci <<
734 select CRYPTO_SKCIPHER <<
735 select CRYPTO_MANAGER <<
736 select CRYPTO_ECB <<
737 help <<
738 XTS (XOR Encrypt XOR with ciphertext <<
739 and IEEE 1619) <<
740 1033
741 Use with aes-xts-plain, key size 256 !! 1034 config CRYPTO_AES_X86_64
742 implementation currently can't handl !! 1035 tristate "AES cipher algorithms (x86_64)"
743 multiple of 16 bytes. !! 1036 depends on (X86 || UML_X86) && 64BIT
>> 1037 select CRYPTO_ALGAPI
>> 1038 select CRYPTO_AES
>> 1039 help
>> 1040 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1041 algorithm.
744 1042
745 config CRYPTO_NHPOLY1305 !! 1043 Rijndael appears to be consistently a very good performer in
746 tristate !! 1044 both hardware and software across a wide range of computing
747 select CRYPTO_HASH !! 1045 environments regardless of its use in feedback or non-feedback
748 select CRYPTO_LIB_POLY1305_GENERIC !! 1046 modes. Its key setup time is excellent, and its key agility is
>> 1047 good. Rijndael's very low memory requirements make it very well
>> 1048 suited for restricted-space environments, in which it also
>> 1049 demonstrates excellent performance. Rijndael's operations are
>> 1050 among the easiest to defend against power and timing attacks.
749 1051
750 endmenu !! 1052 The AES specifies three key sizes: 128, 192 and 256 bits
751 1053
752 menu "AEAD (authenticated encryption with asso !! 1054 See <http://csrc.nist.gov/encryption/aes/> for more information.
753 1055
754 config CRYPTO_AEGIS128 !! 1056 config CRYPTO_AES_NI_INTEL
755 tristate "AEGIS-128" !! 1057 tristate "AES cipher algorithms (AES-NI)"
>> 1058 depends on X86
756 select CRYPTO_AEAD 1059 select CRYPTO_AEAD
757 select CRYPTO_AES # for AES S-box tab !! 1060 select CRYPTO_AES_X86_64 if 64BIT
>> 1061 select CRYPTO_AES_586 if !64BIT
>> 1062 select CRYPTO_ALGAPI
>> 1063 select CRYPTO_BLKCIPHER
>> 1064 select CRYPTO_GLUE_HELPER_X86 if 64BIT
>> 1065 select CRYPTO_SIMD
758 help 1066 help
759 AEGIS-128 AEAD algorithm !! 1067 Use Intel AES-NI instructions for AES algorithm.
760 1068
761 config CRYPTO_AEGIS128_SIMD !! 1069 AES cipher algorithms (FIPS-197). AES uses the Rijndael
762 bool "AEGIS-128 (arm NEON, arm64 NEON) !! 1070 algorithm.
763 depends on CRYPTO_AEGIS128 && ((ARM || !! 1071
764 default y !! 1072 Rijndael appears to be consistently a very good performer in
>> 1073 both hardware and software across a wide range of computing
>> 1074 environments regardless of its use in feedback or non-feedback
>> 1075 modes. Its key setup time is excellent, and its key agility is
>> 1076 good. Rijndael's very low memory requirements make it very well
>> 1077 suited for restricted-space environments, in which it also
>> 1078 demonstrates excellent performance. Rijndael's operations are
>> 1079 among the easiest to defend against power and timing attacks.
>> 1080
>> 1081 The AES specifies three key sizes: 128, 192 and 256 bits
>> 1082
>> 1083 See <http://csrc.nist.gov/encryption/aes/> for more information.
>> 1084
>> 1085 In addition to AES cipher algorithm support, the acceleration
>> 1086 for some popular block cipher mode is supported too, including
>> 1087 ECB, CBC, LRW, XTS. The 64 bit version has additional
>> 1088 acceleration for CTR.
>> 1089
>> 1090 config CRYPTO_AES_SPARC64
>> 1091 tristate "AES cipher algorithms (SPARC64)"
>> 1092 depends on SPARC64
>> 1093 select CRYPTO_CRYPTD
>> 1094 select CRYPTO_ALGAPI
765 help 1095 help
766 AEGIS-128 AEAD algorithm !! 1096 Use SPARC64 crypto opcodes for AES algorithm.
767 1097
768 Architecture: arm or arm64 using: !! 1098 AES cipher algorithms (FIPS-197). AES uses the Rijndael
769 - NEON (Advanced SIMD) extension !! 1099 algorithm.
770 1100
771 config CRYPTO_CHACHA20POLY1305 !! 1101 Rijndael appears to be consistently a very good performer in
772 tristate "ChaCha20-Poly1305" !! 1102 both hardware and software across a wide range of computing
773 select CRYPTO_CHACHA20 !! 1103 environments regardless of its use in feedback or non-feedback
774 select CRYPTO_POLY1305 !! 1104 modes. Its key setup time is excellent, and its key agility is
775 select CRYPTO_AEAD !! 1105 good. Rijndael's very low memory requirements make it very well
776 select CRYPTO_MANAGER !! 1106 suited for restricted-space environments, in which it also
>> 1107 demonstrates excellent performance. Rijndael's operations are
>> 1108 among the easiest to defend against power and timing attacks.
>> 1109
>> 1110 The AES specifies three key sizes: 128, 192 and 256 bits
>> 1111
>> 1112 See <http://csrc.nist.gov/encryption/aes/> for more information.
>> 1113
>> 1114 In addition to AES cipher algorithm support, the acceleration
>> 1115 for some popular block cipher mode is supported too, including
>> 1116 ECB and CBC.
>> 1117
>> 1118 config CRYPTO_AES_PPC_SPE
>> 1119 tristate "AES cipher algorithms (PPC SPE)"
>> 1120 depends on PPC && SPE
>> 1121 help
>> 1122 AES cipher algorithms (FIPS-197). Additionally the acceleration
>> 1123 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
>> 1124 This module should only be used for low power (router) devices
>> 1125 without hardware AES acceleration (e.g. caam crypto). It reduces the
>> 1126 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
>> 1127 timining attacks. Nevertheless it might be not as secure as other
>> 1128 architecture specific assembler implementations that work on 1KB
>> 1129 tables or 256 bytes S-boxes.
>> 1130
>> 1131 config CRYPTO_ANUBIS
>> 1132 tristate "Anubis cipher algorithm"
>> 1133 select CRYPTO_ALGAPI
777 help 1134 help
778 ChaCha20 stream cipher and Poly1305 !! 1135 Anubis cipher algorithm.
779 mode (RFC8439) <<
780 1136
781 config CRYPTO_CCM !! 1137 Anubis is a variable key length cipher which can use keys from
782 tristate "CCM (Counter with Cipher Blo !! 1138 128 bits to 320 bits in length. It was evaluated as a entrant
783 select CRYPTO_CTR !! 1139 in the NESSIE competition.
784 select CRYPTO_HASH !! 1140
785 select CRYPTO_AEAD !! 1141 See also:
786 select CRYPTO_MANAGER !! 1142 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
>> 1143 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
>> 1144
>> 1145 config CRYPTO_ARC4
>> 1146 tristate "ARC4 cipher algorithm"
>> 1147 select CRYPTO_BLKCIPHER
787 help 1148 help
788 CCM (Counter with Cipher Block Chain !! 1149 ARC4 cipher algorithm.
789 authenticated encryption mode (NIST <<
790 1150
791 config CRYPTO_GCM !! 1151 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
792 tristate "GCM (Galois/Counter Mode) an !! 1152 bits in length. This algorithm is required for driver-based
793 select CRYPTO_CTR !! 1153 WEP, but it should not be for other purposes because of the
794 select CRYPTO_AEAD !! 1154 weakness of the algorithm.
795 select CRYPTO_GHASH !! 1155
796 select CRYPTO_NULL !! 1156 config CRYPTO_BLOWFISH
797 select CRYPTO_MANAGER !! 1157 tristate "Blowfish cipher algorithm"
>> 1158 select CRYPTO_ALGAPI
>> 1159 select CRYPTO_BLOWFISH_COMMON
798 help 1160 help
799 GCM (Galois/Counter Mode) authentica !! 1161 Blowfish cipher algorithm, by Bruce Schneier.
800 (GCM Message Authentication Code) (N <<
801 1162
802 This is required for IPSec ESP (XFRM !! 1163 This is a variable key length cipher which can use keys from 32
>> 1164 bits to 448 bits in length. It's fast, simple and specifically
>> 1165 designed for use on "large microprocessors".
803 1166
804 config CRYPTO_GENIV !! 1167 See also:
>> 1168 <http://www.schneier.com/blowfish.html>
>> 1169
>> 1170 config CRYPTO_BLOWFISH_COMMON
805 tristate 1171 tristate
806 select CRYPTO_AEAD !! 1172 help
807 select CRYPTO_NULL !! 1173 Common parts of the Blowfish cipher algorithm shared by the
808 select CRYPTO_MANAGER !! 1174 generic c and the assembler implementations.
809 select CRYPTO_RNG_DEFAULT <<
810 1175
811 config CRYPTO_SEQIV !! 1176 See also:
812 tristate "Sequence Number IV Generator !! 1177 <http://www.schneier.com/blowfish.html>
813 select CRYPTO_GENIV !! 1178
>> 1179 config CRYPTO_BLOWFISH_X86_64
>> 1180 tristate "Blowfish cipher algorithm (x86_64)"
>> 1181 depends on X86 && 64BIT
>> 1182 select CRYPTO_BLKCIPHER
>> 1183 select CRYPTO_BLOWFISH_COMMON
814 help 1184 help
815 Sequence Number IV generator !! 1185 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
816 1186
817 This IV generator generates an IV ba !! 1187 This is a variable key length cipher which can use keys from 32
818 xoring it with a salt. This algorit !! 1188 bits to 448 bits in length. It's fast, simple and specifically
>> 1189 designed for use on "large microprocessors".
819 1190
820 This is required for IPsec ESP (XFRM !! 1191 See also:
>> 1192 <http://www.schneier.com/blowfish.html>
821 1193
822 config CRYPTO_ECHAINIV !! 1194 config CRYPTO_CAMELLIA
823 tristate "Encrypted Chain IV Generator !! 1195 tristate "Camellia cipher algorithms"
824 select CRYPTO_GENIV !! 1196 depends on CRYPTO
>> 1197 select CRYPTO_ALGAPI
825 help 1198 help
826 Encrypted Chain IV generator !! 1199 Camellia cipher algorithms module.
827 1200
828 This IV generator generates an IV ba !! 1201 Camellia is a symmetric key block cipher developed jointly
829 a sequence number xored with a salt. !! 1202 at NTT and Mitsubishi Electric Corporation.
830 algorithm for CBC. !! 1203
>> 1204 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1205
>> 1206 See also:
>> 1207 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
831 1208
832 config CRYPTO_ESSIV !! 1209 config CRYPTO_CAMELLIA_X86_64
833 tristate "Encrypted Salt-Sector IV Gen !! 1210 tristate "Camellia cipher algorithm (x86_64)"
834 select CRYPTO_AUTHENC !! 1211 depends on X86 && 64BIT
>> 1212 depends on CRYPTO
>> 1213 select CRYPTO_BLKCIPHER
>> 1214 select CRYPTO_GLUE_HELPER_X86
835 help 1215 help
836 Encrypted Salt-Sector IV generator !! 1216 Camellia cipher algorithm module (x86_64).
837 1217
838 This IV generator is used in some ca !! 1218 Camellia is a symmetric key block cipher developed jointly
839 dm-crypt. It uses the hash of the bl !! 1219 at NTT and Mitsubishi Electric Corporation.
840 symmetric key for a block encryption !! 1220
841 IV, making low entropy IV sources mo !! 1221 The Camellia specifies three key sizes: 128, 192 and 256 bits.
842 encryption. !! 1222
>> 1223 See also:
>> 1224 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
843 1225
844 This driver implements a crypto API !! 1226 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
845 instantiated either as an skcipher o !! 1227 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
846 type of the first template argument) !! 1228 depends on X86 && 64BIT
847 and decryption requests to the encap !! 1229 depends on CRYPTO
848 ESSIV to the input IV. Note that in !! 1230 select CRYPTO_BLKCIPHER
849 that the keys are presented in the s !! 1231 select CRYPTO_CAMELLIA_X86_64
850 template, and that the IV appears at !! 1232 select CRYPTO_GLUE_HELPER_X86
851 associated data (AAD) region (which !! 1233 select CRYPTO_SIMD
>> 1234 select CRYPTO_XTS
>> 1235 help
>> 1236 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
852 1237
853 Note that the use of ESSIV is not re !! 1238 Camellia is a symmetric key block cipher developed jointly
854 and so this only needs to be enabled !! 1239 at NTT and Mitsubishi Electric Corporation.
855 existing encrypted volumes of filesy <<
856 building for a particular system tha <<
857 the SoC in question has accelerated <<
858 combined with ESSIV the only feasibl <<
859 block encryption) <<
860 1240
861 endmenu !! 1241 The Camellia specifies three key sizes: 128, 192 and 256 bits.
862 1242
863 menu "Hashes, digests, and MACs" !! 1243 See also:
>> 1244 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
864 1245
865 config CRYPTO_BLAKE2B !! 1246 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
866 tristate "BLAKE2b" !! 1247 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
867 select CRYPTO_HASH !! 1248 depends on X86 && 64BIT
>> 1249 depends on CRYPTO
>> 1250 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
868 help 1251 help
869 BLAKE2b cryptographic hash function !! 1252 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
870 1253
871 BLAKE2b is optimized for 64-bit plat !! 1254 Camellia is a symmetric key block cipher developed jointly
872 of any size between 1 and 64 bytes. !! 1255 at NTT and Mitsubishi Electric Corporation.
873 1256
874 This module provides the following a !! 1257 The Camellia specifies three key sizes: 128, 192 and 256 bits.
875 - blake2b-160 <<
876 - blake2b-256 <<
877 - blake2b-384 <<
878 - blake2b-512 <<
879 1258
880 Used by the btrfs filesystem. !! 1259 See also:
>> 1260 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
881 1261
882 See https://blake2.net for further i !! 1262 config CRYPTO_CAMELLIA_SPARC64
>> 1263 tristate "Camellia cipher algorithm (SPARC64)"
>> 1264 depends on SPARC64
>> 1265 depends on CRYPTO
>> 1266 select CRYPTO_ALGAPI
>> 1267 help
>> 1268 Camellia cipher algorithm module (SPARC64).
883 1269
884 config CRYPTO_CMAC !! 1270 Camellia is a symmetric key block cipher developed jointly
885 tristate "CMAC (Cipher-based MAC)" !! 1271 at NTT and Mitsubishi Electric Corporation.
886 select CRYPTO_HASH !! 1272
887 select CRYPTO_MANAGER !! 1273 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1274
>> 1275 See also:
>> 1276 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1277
>> 1278 config CRYPTO_CAST_COMMON
>> 1279 tristate
888 help 1280 help
889 CMAC (Cipher-based Message Authentic !! 1281 Common parts of the CAST cipher algorithms shared by the
890 mode (NIST SP800-38B and IETF RFC449 !! 1282 generic c and the assembler implementations.
891 1283
892 config CRYPTO_GHASH !! 1284 config CRYPTO_CAST5
893 tristate "GHASH" !! 1285 tristate "CAST5 (CAST-128) cipher algorithm"
894 select CRYPTO_HASH !! 1286 select CRYPTO_ALGAPI
895 select CRYPTO_LIB_GF128MUL !! 1287 select CRYPTO_CAST_COMMON
896 help 1288 help
897 GCM GHASH function (NIST SP800-38D) !! 1289 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1290 described in RFC2144.
898 1291
899 config CRYPTO_HMAC !! 1292 config CRYPTO_CAST5_AVX_X86_64
900 tristate "HMAC (Keyed-Hash MAC)" !! 1293 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
901 select CRYPTO_HASH !! 1294 depends on X86 && 64BIT
902 select CRYPTO_MANAGER !! 1295 select CRYPTO_BLKCIPHER
>> 1296 select CRYPTO_CAST5
>> 1297 select CRYPTO_CAST_COMMON
>> 1298 select CRYPTO_SIMD
903 help 1299 help
904 HMAC (Keyed-Hash Message Authenticat !! 1300 The CAST5 encryption algorithm (synonymous with CAST-128) is
905 RFC2104) !! 1301 described in RFC2144.
906 1302
907 This is required for IPsec AH (XFRM_ !! 1303 This module provides the Cast5 cipher algorithm that processes
>> 1304 sixteen blocks parallel using the AVX instruction set.
908 1305
909 config CRYPTO_MD4 !! 1306 config CRYPTO_CAST6
910 tristate "MD4" !! 1307 tristate "CAST6 (CAST-256) cipher algorithm"
911 select CRYPTO_HASH !! 1308 select CRYPTO_ALGAPI
>> 1309 select CRYPTO_CAST_COMMON
912 help 1310 help
913 MD4 message digest algorithm (RFC132 !! 1311 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1312 described in RFC2612.
914 1313
915 config CRYPTO_MD5 !! 1314 config CRYPTO_CAST6_AVX_X86_64
916 tristate "MD5" !! 1315 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
917 select CRYPTO_HASH !! 1316 depends on X86 && 64BIT
>> 1317 select CRYPTO_BLKCIPHER
>> 1318 select CRYPTO_CAST6
>> 1319 select CRYPTO_CAST_COMMON
>> 1320 select CRYPTO_GLUE_HELPER_X86
>> 1321 select CRYPTO_SIMD
>> 1322 select CRYPTO_XTS
918 help 1323 help
919 MD5 message digest algorithm (RFC132 !! 1324 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1325 described in RFC2612.
920 1326
921 config CRYPTO_MICHAEL_MIC !! 1327 This module provides the Cast6 cipher algorithm that processes
922 tristate "Michael MIC" !! 1328 eight blocks parallel using the AVX instruction set.
923 select CRYPTO_HASH <<
924 help <<
925 Michael MIC (Message Integrity Code) <<
926 1329
927 Defined by the IEEE 802.11i TKIP (Te !! 1330 config CRYPTO_DES
928 known as WPA (Wif-Fi Protected Acces !! 1331 tristate "DES and Triple DES EDE cipher algorithms"
>> 1332 select CRYPTO_ALGAPI
>> 1333 help
>> 1334 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
929 1335
930 This algorithm is required for TKIP, !! 1336 config CRYPTO_DES_SPARC64
931 other purposes because of the weakne !! 1337 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
>> 1338 depends on SPARC64
>> 1339 select CRYPTO_ALGAPI
>> 1340 select CRYPTO_DES
>> 1341 help
>> 1342 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
>> 1343 optimized using SPARC64 crypto opcodes.
932 1344
933 config CRYPTO_POLYVAL !! 1345 config CRYPTO_DES3_EDE_X86_64
934 tristate !! 1346 tristate "Triple DES EDE cipher algorithm (x86-64)"
935 select CRYPTO_HASH !! 1347 depends on X86 && 64BIT
936 select CRYPTO_LIB_GF128MUL !! 1348 select CRYPTO_BLKCIPHER
>> 1349 select CRYPTO_DES
937 help 1350 help
938 POLYVAL hash function for HCTR2 !! 1351 Triple DES EDE (FIPS 46-3) algorithm.
939 1352
940 This is used in HCTR2. It is not a !! 1353 This module provides implementation of the Triple DES EDE cipher
941 cryptographic hash function. !! 1354 algorithm that is optimized for x86-64 processors. Two versions of
>> 1355 algorithm are provided; regular processing one input block and
>> 1356 one that processes three blocks parallel.
942 1357
943 config CRYPTO_POLY1305 !! 1358 config CRYPTO_FCRYPT
944 tristate "Poly1305" !! 1359 tristate "FCrypt cipher algorithm"
945 select CRYPTO_HASH !! 1360 select CRYPTO_ALGAPI
946 select CRYPTO_LIB_POLY1305_GENERIC !! 1361 select CRYPTO_BLKCIPHER
947 help 1362 help
948 Poly1305 authenticator algorithm (RF !! 1363 FCrypt algorithm used by RxRPC.
949 1364
950 Poly1305 is an authenticator algorit !! 1365 config CRYPTO_KHAZAD
951 It is used for the ChaCha20-Poly1305 !! 1366 tristate "Khazad cipher algorithm"
952 in IETF protocols. This is the porta !! 1367 select CRYPTO_ALGAPI
953 <<
954 config CRYPTO_RMD160 <<
955 tristate "RIPEMD-160" <<
956 select CRYPTO_HASH <<
957 help 1368 help
958 RIPEMD-160 hash function (ISO/IEC 10 !! 1369 Khazad cipher algorithm.
959 1370
960 RIPEMD-160 is a 160-bit cryptographi !! 1371 Khazad was a finalist in the initial NESSIE competition. It is
961 to be used as a secure replacement f !! 1372 an algorithm optimized for 64-bit processors with good performance
962 MD4, MD5 and its predecessor RIPEMD !! 1373 on 32-bit processors. Khazad uses an 128 bit key size.
963 (not to be confused with RIPEMD-128) <<
964 1374
965 Its speed is comparable to SHA-1 and !! 1375 See also:
966 against RIPEMD-160. !! 1376 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
967 1377
968 Developed by Hans Dobbertin, Antoon !! 1378 config CRYPTO_SALSA20
969 See https://homes.esat.kuleuven.be/~ !! 1379 tristate "Salsa20 stream cipher algorithm"
970 for further information. !! 1380 select CRYPTO_BLKCIPHER
>> 1381 help
>> 1382 Salsa20 stream cipher algorithm.
971 1383
972 config CRYPTO_SHA1 !! 1384 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
973 tristate "SHA-1" !! 1385 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
974 select CRYPTO_HASH !! 1386
975 select CRYPTO_LIB_SHA1 !! 1387 The Salsa20 stream cipher algorithm is designed by Daniel J.
>> 1388 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
>> 1389
>> 1390 config CRYPTO_CHACHA20
>> 1391 tristate "ChaCha20 cipher algorithm"
>> 1392 select CRYPTO_BLKCIPHER
976 help 1393 help
977 SHA-1 secure hash algorithm (FIPS 18 !! 1394 ChaCha20 cipher algorithm, RFC7539.
978 1395
979 config CRYPTO_SHA256 !! 1396 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
980 tristate "SHA-224 and SHA-256" !! 1397 Bernstein and further specified in RFC7539 for use in IETF protocols.
981 select CRYPTO_HASH !! 1398 This is the portable C implementation of ChaCha20.
982 select CRYPTO_LIB_SHA256 !! 1399
>> 1400 See also:
>> 1401 <http://cr.yp.to/chacha/chacha-20080128.pdf>
>> 1402
>> 1403 config CRYPTO_CHACHA20_X86_64
>> 1404 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
>> 1405 depends on X86 && 64BIT
>> 1406 select CRYPTO_BLKCIPHER
>> 1407 select CRYPTO_CHACHA20
983 help 1408 help
984 SHA-224 and SHA-256 secure hash algo !! 1409 ChaCha20 cipher algorithm, RFC7539.
985 1410
986 This is required for IPsec AH (XFRM_ !! 1411 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
987 Used by the btrfs filesystem, Ceph, !! 1412 Bernstein and further specified in RFC7539 for use in IETF protocols.
>> 1413 This is the x86_64 assembler implementation using SIMD instructions.
988 1414
989 config CRYPTO_SHA512 !! 1415 See also:
990 tristate "SHA-384 and SHA-512" !! 1416 <http://cr.yp.to/chacha/chacha-20080128.pdf>
991 select CRYPTO_HASH !! 1417
>> 1418 config CRYPTO_SEED
>> 1419 tristate "SEED cipher algorithm"
>> 1420 select CRYPTO_ALGAPI
992 help 1421 help
993 SHA-384 and SHA-512 secure hash algo !! 1422 SEED cipher algorithm (RFC4269).
994 1423
995 config CRYPTO_SHA3 !! 1424 SEED is a 128-bit symmetric key block cipher that has been
996 tristate "SHA-3" !! 1425 developed by KISA (Korea Information Security Agency) as a
997 select CRYPTO_HASH !! 1426 national standard encryption algorithm of the Republic of Korea.
>> 1427 It is a 16 round block cipher with the key size of 128 bit.
>> 1428
>> 1429 See also:
>> 1430 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
>> 1431
>> 1432 config CRYPTO_SERPENT
>> 1433 tristate "Serpent cipher algorithm"
>> 1434 select CRYPTO_ALGAPI
998 help 1435 help
999 SHA-3 secure hash algorithms (FIPS 2 !! 1436 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1000 1437
1001 config CRYPTO_SM3 !! 1438 Keys are allowed to be from 0 to 256 bits in length, in steps
1002 tristate !! 1439 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
>> 1440 variant of Serpent for compatibility with old kerneli.org code.
1003 1441
1004 config CRYPTO_SM3_GENERIC !! 1442 See also:
1005 tristate "SM3 (ShangMi 3)" !! 1443 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1006 select CRYPTO_HASH !! 1444
1007 select CRYPTO_SM3 !! 1445 config CRYPTO_SERPENT_SSE2_X86_64
>> 1446 tristate "Serpent cipher algorithm (x86_64/SSE2)"
>> 1447 depends on X86 && 64BIT
>> 1448 select CRYPTO_BLKCIPHER
>> 1449 select CRYPTO_GLUE_HELPER_X86
>> 1450 select CRYPTO_SERPENT
>> 1451 select CRYPTO_SIMD
1008 help 1452 help
1009 SM3 (ShangMi 3) secure hash functio !! 1453 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1454
>> 1455 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1456 of 8 bits.
1010 1457
1011 This is part of the Chinese Commerc !! 1458 This module provides Serpent cipher algorithm that processes eight
>> 1459 blocks parallel using SSE2 instruction set.
1012 1460
1013 References: !! 1461 See also:
1014 http://www.oscca.gov.cn/UpFile/2010 !! 1462 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1015 https://datatracker.ietf.org/doc/ht <<
1016 1463
1017 config CRYPTO_STREEBOG !! 1464 config CRYPTO_SERPENT_SSE2_586
1018 tristate "Streebog" !! 1465 tristate "Serpent cipher algorithm (i586/SSE2)"
1019 select CRYPTO_HASH !! 1466 depends on X86 && !64BIT
>> 1467 select CRYPTO_BLKCIPHER
>> 1468 select CRYPTO_GLUE_HELPER_X86
>> 1469 select CRYPTO_SERPENT
>> 1470 select CRYPTO_SIMD
1020 help 1471 help
1021 Streebog Hash Function (GOST R 34.1 !! 1472 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1022 1473
1023 This is one of the Russian cryptogr !! 1474 Keys are allowed to be from 0 to 256 bits in length, in steps
1024 GOST algorithms). This setting enab !! 1475 of 8 bits.
1025 256 and 512 bits output. <<
1026 1476
1027 References: !! 1477 This module provides Serpent cipher algorithm that processes four
1028 https://tc26.ru/upload/iblock/fed/f !! 1478 blocks parallel using SSE2 instruction set.
1029 https://tools.ietf.org/html/rfc6986 <<
1030 1479
1031 config CRYPTO_VMAC !! 1480 See also:
1032 tristate "VMAC" !! 1481 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1033 select CRYPTO_HASH !! 1482
1034 select CRYPTO_MANAGER !! 1483 config CRYPTO_SERPENT_AVX_X86_64
>> 1484 tristate "Serpent cipher algorithm (x86_64/AVX)"
>> 1485 depends on X86 && 64BIT
>> 1486 select CRYPTO_BLKCIPHER
>> 1487 select CRYPTO_GLUE_HELPER_X86
>> 1488 select CRYPTO_SERPENT
>> 1489 select CRYPTO_SIMD
>> 1490 select CRYPTO_XTS
1035 help 1491 help
1036 VMAC is a message authentication al !! 1492 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1037 very high speed on 64-bit architect <<
1038 1493
1039 See https://fastcrypto.org/vmac for !! 1494 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1495 of 8 bits.
1040 1496
1041 config CRYPTO_WP512 !! 1497 This module provides the Serpent cipher algorithm that processes
1042 tristate "Whirlpool" !! 1498 eight blocks parallel using the AVX instruction set.
1043 select CRYPTO_HASH !! 1499
>> 1500 See also:
>> 1501 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1502
>> 1503 config CRYPTO_SERPENT_AVX2_X86_64
>> 1504 tristate "Serpent cipher algorithm (x86_64/AVX2)"
>> 1505 depends on X86 && 64BIT
>> 1506 select CRYPTO_SERPENT_AVX_X86_64
1044 help 1507 help
1045 Whirlpool hash function (ISO/IEC 10 !! 1508 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1046 1509
1047 512, 384 and 256-bit hashes. !! 1510 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1511 of 8 bits.
1048 1512
1049 Whirlpool-512 is part of the NESSIE !! 1513 This module provides Serpent cipher algorithm that processes 16
>> 1514 blocks parallel using AVX2 instruction set.
1050 1515
1051 See https://web.archive.org/web/201 !! 1516 See also:
1052 for further information. !! 1517 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1053 1518
1054 config CRYPTO_XCBC !! 1519 config CRYPTO_SM4
1055 tristate "XCBC-MAC (Extended Cipher B !! 1520 tristate "SM4 cipher algorithm"
1056 select CRYPTO_HASH !! 1521 select CRYPTO_ALGAPI
1057 select CRYPTO_MANAGER <<
1058 help 1522 help
1059 XCBC-MAC (Extended Cipher Block Cha !! 1523 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1060 Code) (RFC3566) <<
1061 1524
1062 config CRYPTO_XXHASH !! 1525 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1063 tristate "xxHash" !! 1526 Organization of State Commercial Administration of China (OSCCA)
1064 select CRYPTO_HASH !! 1527 as an authorized cryptographic algorithms for the use within China.
1065 select XXHASH !! 1528
>> 1529 SMS4 was originally created for use in protecting wireless
>> 1530 networks, and is mandated in the Chinese National Standard for
>> 1531 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
>> 1532 (GB.15629.11-2003).
>> 1533
>> 1534 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
>> 1535 standardized through TC 260 of the Standardization Administration
>> 1536 of the People's Republic of China (SAC).
>> 1537
>> 1538 The input, output, and key of SMS4 are each 128 bits.
>> 1539
>> 1540 See also: <https://eprint.iacr.org/2008/329.pdf>
>> 1541
>> 1542 If unsure, say N.
>> 1543
>> 1544 config CRYPTO_TEA
>> 1545 tristate "TEA, XTEA and XETA cipher algorithms"
>> 1546 select CRYPTO_ALGAPI
1066 help 1547 help
1067 xxHash non-cryptographic hash algor !! 1548 TEA cipher algorithm.
1068 1549
1069 Extremely fast, working at speeds c !! 1550 Tiny Encryption Algorithm is a simple cipher that uses
>> 1551 many rounds for security. It is very fast and uses
>> 1552 little memory.
1070 1553
1071 Used by the btrfs filesystem. !! 1554 Xtendend Tiny Encryption Algorithm is a modification to
>> 1555 the TEA algorithm to address a potential key weakness
>> 1556 in the TEA algorithm.
1072 1557
1073 endmenu !! 1558 Xtendend Encryption Tiny Algorithm is a mis-implementation
>> 1559 of the XTEA algorithm for compatibility purposes.
1074 1560
1075 menu "CRCs (cyclic redundancy checks)" !! 1561 config CRYPTO_TWOFISH
>> 1562 tristate "Twofish cipher algorithm"
>> 1563 select CRYPTO_ALGAPI
>> 1564 select CRYPTO_TWOFISH_COMMON
>> 1565 help
>> 1566 Twofish cipher algorithm.
1076 1567
1077 config CRYPTO_CRC32C !! 1568 Twofish was submitted as an AES (Advanced Encryption Standard)
1078 tristate "CRC32c" !! 1569 candidate cipher by researchers at CounterPane Systems. It is a
1079 select CRYPTO_HASH !! 1570 16 round block cipher supporting key sizes of 128, 192, and 256
1080 select CRC32 !! 1571 bits.
>> 1572
>> 1573 See also:
>> 1574 <http://www.schneier.com/twofish.html>
>> 1575
>> 1576 config CRYPTO_TWOFISH_COMMON
>> 1577 tristate
>> 1578 help
>> 1579 Common parts of the Twofish cipher algorithm shared by the
>> 1580 generic c and the assembler implementations.
>> 1581
>> 1582 config CRYPTO_TWOFISH_586
>> 1583 tristate "Twofish cipher algorithms (i586)"
>> 1584 depends on (X86 || UML_X86) && !64BIT
>> 1585 select CRYPTO_ALGAPI
>> 1586 select CRYPTO_TWOFISH_COMMON
1081 help 1587 help
1082 CRC32c CRC algorithm with the iSCSI !! 1588 Twofish cipher algorithm.
1083 1589
1084 A 32-bit CRC (cyclic redundancy che !! 1590 Twofish was submitted as an AES (Advanced Encryption Standard)
1085 by G. Castagnoli, S. Braeuer and M. !! 1591 candidate cipher by researchers at CounterPane Systems. It is a
1086 Redundancy-Check Codes with 24 and !! 1592 16 round block cipher supporting key sizes of 128, 192, and 256
1087 on Communications, Vol. 41, No. 6, !! 1593 bits.
1088 iSCSI. <<
1089 1594
1090 Used by btrfs, ext4, jbd2, NVMeoF/T !! 1595 See also:
>> 1596 <http://www.schneier.com/twofish.html>
1091 1597
1092 config CRYPTO_CRC32 !! 1598 config CRYPTO_TWOFISH_X86_64
1093 tristate "CRC32" !! 1599 tristate "Twofish cipher algorithm (x86_64)"
1094 select CRYPTO_HASH !! 1600 depends on (X86 || UML_X86) && 64BIT
1095 select CRC32 !! 1601 select CRYPTO_ALGAPI
>> 1602 select CRYPTO_TWOFISH_COMMON
1096 help 1603 help
1097 CRC32 CRC algorithm (IEEE 802.3) !! 1604 Twofish cipher algorithm (x86_64).
>> 1605
>> 1606 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1607 candidate cipher by researchers at CounterPane Systems. It is a
>> 1608 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1609 bits.
1098 1610
1099 Used by RoCEv2 and f2fs. !! 1611 See also:
>> 1612 <http://www.schneier.com/twofish.html>
1100 1613
1101 config CRYPTO_CRCT10DIF !! 1614 config CRYPTO_TWOFISH_X86_64_3WAY
1102 tristate "CRCT10DIF" !! 1615 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1103 select CRYPTO_HASH !! 1616 depends on X86 && 64BIT
>> 1617 select CRYPTO_BLKCIPHER
>> 1618 select CRYPTO_TWOFISH_COMMON
>> 1619 select CRYPTO_TWOFISH_X86_64
>> 1620 select CRYPTO_GLUE_HELPER_X86
1104 help 1621 help
1105 CRC16 CRC algorithm used for the T1 !! 1622 Twofish cipher algorithm (x86_64, 3-way parallel).
1106 1623
1107 CRC algorithm used by the SCSI Bloc !! 1624 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1625 candidate cipher by researchers at CounterPane Systems. It is a
>> 1626 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1627 bits.
1108 1628
1109 config CRYPTO_CRC64_ROCKSOFT !! 1629 This module provides Twofish cipher algorithm that processes three
1110 tristate "CRC64 based on Rocksoft Mod !! 1630 blocks parallel, utilizing resources of out-of-order CPUs better.
1111 depends on CRC64 !! 1631
1112 select CRYPTO_HASH !! 1632 See also:
>> 1633 <http://www.schneier.com/twofish.html>
>> 1634
>> 1635 config CRYPTO_TWOFISH_AVX_X86_64
>> 1636 tristate "Twofish cipher algorithm (x86_64/AVX)"
>> 1637 depends on X86 && 64BIT
>> 1638 select CRYPTO_BLKCIPHER
>> 1639 select CRYPTO_GLUE_HELPER_X86
>> 1640 select CRYPTO_SIMD
>> 1641 select CRYPTO_TWOFISH_COMMON
>> 1642 select CRYPTO_TWOFISH_X86_64
>> 1643 select CRYPTO_TWOFISH_X86_64_3WAY
1113 help 1644 help
1114 CRC64 CRC algorithm based on the Ro !! 1645 Twofish cipher algorithm (x86_64/AVX).
1115 1646
1116 Used by the NVMe implementation of !! 1647 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1648 candidate cipher by researchers at CounterPane Systems. It is a
>> 1649 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1650 bits.
1117 1651
1118 See https://zlib.net/crc_v3.txt !! 1652 This module provides the Twofish cipher algorithm that processes
>> 1653 eight blocks parallel using the AVX Instruction Set.
1119 1654
1120 endmenu !! 1655 See also:
>> 1656 <http://www.schneier.com/twofish.html>
1121 1657
1122 menu "Compression" !! 1658 comment "Compression"
1123 1659
1124 config CRYPTO_DEFLATE 1660 config CRYPTO_DEFLATE
1125 tristate "Deflate" !! 1661 tristate "Deflate compression algorithm"
1126 select CRYPTO_ALGAPI 1662 select CRYPTO_ALGAPI
1127 select CRYPTO_ACOMP2 1663 select CRYPTO_ACOMP2
1128 select ZLIB_INFLATE 1664 select ZLIB_INFLATE
1129 select ZLIB_DEFLATE 1665 select ZLIB_DEFLATE
1130 help 1666 help
1131 Deflate compression algorithm (RFC1 !! 1667 This is the Deflate algorithm (RFC1951), specified for use in
>> 1668 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1132 1669
1133 Used by IPSec with the IPCOMP proto !! 1670 You will most probably want this if using IPSec.
1134 1671
1135 config CRYPTO_LZO 1672 config CRYPTO_LZO
1136 tristate "LZO" !! 1673 tristate "LZO compression algorithm"
1137 select CRYPTO_ALGAPI 1674 select CRYPTO_ALGAPI
1138 select CRYPTO_ACOMP2 1675 select CRYPTO_ACOMP2
1139 select LZO_COMPRESS 1676 select LZO_COMPRESS
1140 select LZO_DECOMPRESS 1677 select LZO_DECOMPRESS
1141 help 1678 help
1142 LZO compression algorithm !! 1679 This is the LZO algorithm.
1143 <<
1144 See https://www.oberhumer.com/opens <<
1145 1680
1146 config CRYPTO_842 1681 config CRYPTO_842
1147 tristate "842" !! 1682 tristate "842 compression algorithm"
1148 select CRYPTO_ALGAPI 1683 select CRYPTO_ALGAPI
1149 select CRYPTO_ACOMP2 1684 select CRYPTO_ACOMP2
1150 select 842_COMPRESS 1685 select 842_COMPRESS
1151 select 842_DECOMPRESS 1686 select 842_DECOMPRESS
1152 help 1687 help
1153 842 compression algorithm by IBM !! 1688 This is the 842 algorithm.
1154 <<
1155 See https://github.com/plauth/lib84 <<
1156 1689
1157 config CRYPTO_LZ4 1690 config CRYPTO_LZ4
1158 tristate "LZ4" !! 1691 tristate "LZ4 compression algorithm"
1159 select CRYPTO_ALGAPI 1692 select CRYPTO_ALGAPI
1160 select CRYPTO_ACOMP2 1693 select CRYPTO_ACOMP2
1161 select LZ4_COMPRESS 1694 select LZ4_COMPRESS
1162 select LZ4_DECOMPRESS 1695 select LZ4_DECOMPRESS
1163 help 1696 help
1164 LZ4 compression algorithm !! 1697 This is the LZ4 algorithm.
1165 <<
1166 See https://github.com/lz4/lz4 for <<
1167 1698
1168 config CRYPTO_LZ4HC 1699 config CRYPTO_LZ4HC
1169 tristate "LZ4HC" !! 1700 tristate "LZ4HC compression algorithm"
1170 select CRYPTO_ALGAPI 1701 select CRYPTO_ALGAPI
1171 select CRYPTO_ACOMP2 1702 select CRYPTO_ACOMP2
1172 select LZ4HC_COMPRESS 1703 select LZ4HC_COMPRESS
1173 select LZ4_DECOMPRESS 1704 select LZ4_DECOMPRESS
1174 help 1705 help
1175 LZ4 high compression mode algorithm !! 1706 This is the LZ4 high compression mode algorithm.
1176 <<
1177 See https://github.com/lz4/lz4 for <<
1178 1707
1179 config CRYPTO_ZSTD 1708 config CRYPTO_ZSTD
1180 tristate "Zstd" !! 1709 tristate "Zstd compression algorithm"
1181 select CRYPTO_ALGAPI 1710 select CRYPTO_ALGAPI
1182 select CRYPTO_ACOMP2 1711 select CRYPTO_ACOMP2
1183 select ZSTD_COMPRESS 1712 select ZSTD_COMPRESS
1184 select ZSTD_DECOMPRESS 1713 select ZSTD_DECOMPRESS
1185 help 1714 help
1186 zstd compression algorithm !! 1715 This is the zstd algorithm.
1187 <<
1188 See https://github.com/facebook/zst <<
1189 <<
1190 endmenu <<
1191 1716
1192 menu "Random number generation" !! 1717 comment "Random Number Generation"
1193 1718
1194 config CRYPTO_ANSI_CPRNG 1719 config CRYPTO_ANSI_CPRNG
1195 tristate "ANSI PRNG (Pseudo Random Nu !! 1720 tristate "Pseudo Random Number Generation for Cryptographic modules"
1196 select CRYPTO_AES 1721 select CRYPTO_AES
1197 select CRYPTO_RNG 1722 select CRYPTO_RNG
1198 help 1723 help
1199 Pseudo RNG (random number generator !! 1724 This option enables the generic pseudo random number generator
1200 !! 1725 for cryptographic modules. Uses the Algorithm specified in
1201 This uses the AES cipher algorithm. !! 1726 ANSI X9.31 A.2.4. Note that this option must be enabled if
1202 !! 1727 CRYPTO_FIPS is selected
1203 Note that this option must be enabl <<
1204 1728
1205 menuconfig CRYPTO_DRBG_MENU 1729 menuconfig CRYPTO_DRBG_MENU
1206 tristate "NIST SP800-90A DRBG (Determ !! 1730 tristate "NIST SP800-90A DRBG"
1207 help 1731 help
1208 DRBG (Deterministic Random Bit Gene !! 1732 NIST SP800-90A compliant DRBG. In the following submenu, one or
1209 !! 1733 more of the DRBG types must be selected.
1210 In the following submenu, one or mo <<
1211 1734
1212 if CRYPTO_DRBG_MENU 1735 if CRYPTO_DRBG_MENU
1213 1736
1214 config CRYPTO_DRBG_HMAC 1737 config CRYPTO_DRBG_HMAC
1215 bool 1738 bool
1216 default y 1739 default y
1217 select CRYPTO_HMAC 1740 select CRYPTO_HMAC
1218 select CRYPTO_SHA512 !! 1741 select CRYPTO_SHA256
1219 1742
1220 config CRYPTO_DRBG_HASH 1743 config CRYPTO_DRBG_HASH
1221 bool "Hash_DRBG" !! 1744 bool "Enable Hash DRBG"
1222 select CRYPTO_SHA256 1745 select CRYPTO_SHA256
1223 help 1746 help
1224 Hash_DRBG variant as defined in NIS !! 1747 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1225 <<
1226 This uses the SHA-1, SHA-256, SHA-3 <<
1227 1748
1228 config CRYPTO_DRBG_CTR 1749 config CRYPTO_DRBG_CTR
1229 bool "CTR_DRBG" !! 1750 bool "Enable CTR DRBG"
1230 select CRYPTO_AES 1751 select CRYPTO_AES
1231 select CRYPTO_CTR !! 1752 depends on CRYPTO_CTR
1232 help 1753 help
1233 CTR_DRBG variant as defined in NIST !! 1754 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1234 <<
1235 This uses the AES cipher algorithm <<
1236 1755
1237 config CRYPTO_DRBG 1756 config CRYPTO_DRBG
1238 tristate 1757 tristate
1239 default CRYPTO_DRBG_MENU 1758 default CRYPTO_DRBG_MENU
1240 select CRYPTO_RNG 1759 select CRYPTO_RNG
1241 select CRYPTO_JITTERENTROPY 1760 select CRYPTO_JITTERENTROPY
1242 1761
1243 endif # if CRYPTO_DRBG_MENU 1762 endif # if CRYPTO_DRBG_MENU
1244 1763
1245 config CRYPTO_JITTERENTROPY 1764 config CRYPTO_JITTERENTROPY
1246 tristate "CPU Jitter Non-Deterministi !! 1765 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1247 select CRYPTO_RNG 1766 select CRYPTO_RNG
1248 select CRYPTO_SHA3 <<
1249 help 1767 help
1250 CPU Jitter RNG (Random Number Gener !! 1768 The Jitterentropy RNG is a noise that is intended
1251 !! 1769 to provide seed to another RNG. The RNG does not
1252 A non-physical non-deterministic (" !! 1770 perform any cryptographic whitening of the generated
1253 compliant with NIST SP800-90B) inte !! 1771 random numbers. This Jitterentropy RNG registers with
1254 deterministic RNG (e.g., per NIST S !! 1772 the kernel crypto API and can be used by any caller.
1255 This RNG does not perform any crypt <<
1256 random numbers. <<
1257 <<
1258 See https://www.chronox.de/jent/ <<
1259 <<
1260 if CRYPTO_JITTERENTROPY <<
1261 if CRYPTO_FIPS && EXPERT <<
1262 <<
1263 choice <<
1264 prompt "CPU Jitter RNG Memory Size" <<
1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ <<
1266 help <<
1267 The Jitter RNG measures the executi <<
1268 Multiple consecutive memory accesse <<
1269 size fits into a cache (e.g. L1), o <<
1270 to that cache is measured. The clos <<
1271 the less variations are measured an <<
1272 obtained. Thus, if the memory size <<
1273 obtained entropy is less than if th <<
1274 L1 + L2, which in turn is less if t <<
1275 L1 + L2 + L3. Thus, by selecting a <<
1276 the entropy rate produced by the Ji <<
1277 <<
1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 <<
1279 bool "2048 Bytes (default)" <<
1280 <<
1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1282 bool "128 kBytes" <<
1283 <<
1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1285 bool "1024 kBytes" <<
1286 <<
1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 <<
1288 bool "8192 kBytes" <<
1289 endchoice <<
1290 <<
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1292 int <<
1293 default 64 if CRYPTO_JITTERENTROPY_ME <<
1294 default 512 if CRYPTO_JITTERENTROPY_M <<
1295 default 1024 if CRYPTO_JITTERENTROPY_ <<
1296 default 4096 if CRYPTO_JITTERENTROPY_ <<
1297 <<
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1299 int <<
1300 default 32 if CRYPTO_JITTERENTROPY_ME <<
1301 default 256 if CRYPTO_JITTERENTROPY_M <<
1302 default 1024 if CRYPTO_JITTERENTROPY_ <<
1303 default 2048 if CRYPTO_JITTERENTROPY_ <<
1304 <<
1305 config CRYPTO_JITTERENTROPY_OSR <<
1306 int "CPU Jitter RNG Oversampling Rate <<
1307 range 1 15 <<
1308 default 3 <<
1309 help <<
1310 The Jitter RNG allows the specifica <<
1311 The Jitter RNG operation requires a <<
1312 measurements to produce one output <<
1313 OSR value is multiplied with the am <<
1314 generate one output block. Thus, th <<
1315 by the OSR factor. The oversampling <<
1316 on hardware whose timers deliver li <<
1317 the timer is coarse) by setting the <<
1318 trade-off, however, is that the Jit <<
1319 to generate random numbers. <<
1320 <<
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1322 bool "CPU Jitter RNG Test Interface" <<
1323 help <<
1324 The test interface allows a privile <<
1325 the raw unconditioned high resoluti <<
1326 is collected by the Jitter RNG for <<
1327 this data is used at the same time <<
1328 the Jitter RNG operates in an insec <<
1329 recording is enabled. This interfac <<
1330 intended for testing purposes and i <<
1331 production systems. <<
1332 <<
1333 The raw noise data can be obtained <<
1334 debugfs file. Using the option <<
1335 jitterentropy_testing.boot_raw_hire <<
1336 the first 1000 entropy events since <<
1337 <<
1338 If unsure, select N. <<
1339 <<
1340 endif # if CRYPTO_FIPS && EXPERT <<
1341 <<
1342 if !(CRYPTO_FIPS && EXPERT) <<
1343 <<
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1345 int <<
1346 default 64 <<
1347 <<
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1349 int <<
1350 default 32 <<
1351 <<
1352 config CRYPTO_JITTERENTROPY_OSR <<
1353 int <<
1354 default 1 <<
1355 <<
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1357 bool <<
1358 <<
1359 endif # if !(CRYPTO_FIPS && EXPERT) <<
1360 endif # if CRYPTO_JITTERENTROPY <<
1361 <<
1362 config CRYPTO_KDF800108_CTR <<
1363 tristate <<
1364 select CRYPTO_HMAC <<
1365 select CRYPTO_SHA256 <<
1366 <<
1367 endmenu <<
1368 menu "Userspace interface" <<
1369 1773
1370 config CRYPTO_USER_API 1774 config CRYPTO_USER_API
1371 tristate 1775 tristate
1372 1776
1373 config CRYPTO_USER_API_HASH 1777 config CRYPTO_USER_API_HASH
1374 tristate "Hash algorithms" !! 1778 tristate "User-space interface for hash algorithms"
1375 depends on NET 1779 depends on NET
1376 select CRYPTO_HASH 1780 select CRYPTO_HASH
1377 select CRYPTO_USER_API 1781 select CRYPTO_USER_API
1378 help 1782 help
1379 Enable the userspace interface for !! 1783 This option enables the user-spaces interface for hash
1380 !! 1784 algorithms.
1381 See Documentation/crypto/userspace- <<
1382 https://www.chronox.de/libkcapi/htm <<
1383 1785
1384 config CRYPTO_USER_API_SKCIPHER 1786 config CRYPTO_USER_API_SKCIPHER
1385 tristate "Symmetric key cipher algori !! 1787 tristate "User-space interface for symmetric key cipher algorithms"
1386 depends on NET 1788 depends on NET
1387 select CRYPTO_SKCIPHER !! 1789 select CRYPTO_BLKCIPHER
1388 select CRYPTO_USER_API 1790 select CRYPTO_USER_API
1389 help 1791 help
1390 Enable the userspace interface for !! 1792 This option enables the user-spaces interface for symmetric
1391 !! 1793 key cipher algorithms.
1392 See Documentation/crypto/userspace- <<
1393 https://www.chronox.de/libkcapi/htm <<
1394 1794
1395 config CRYPTO_USER_API_RNG 1795 config CRYPTO_USER_API_RNG
1396 tristate "RNG (random number generato !! 1796 tristate "User-space interface for random number generator algorithms"
1397 depends on NET 1797 depends on NET
1398 select CRYPTO_RNG 1798 select CRYPTO_RNG
1399 select CRYPTO_USER_API 1799 select CRYPTO_USER_API
1400 help 1800 help
1401 Enable the userspace interface for !! 1801 This option enables the user-spaces interface for random
1402 algorithms. !! 1802 number generator algorithms.
1403 <<
1404 See Documentation/crypto/userspace- <<
1405 https://www.chronox.de/libkcapi/htm <<
1406 <<
1407 config CRYPTO_USER_API_RNG_CAVP <<
1408 bool "Enable CAVP testing of DRBG" <<
1409 depends on CRYPTO_USER_API_RNG && CRY <<
1410 help <<
1411 Enable extra APIs in the userspace <<
1412 (Cryptographic Algorithm Validation <<
1413 - resetting DRBG entropy <<
1414 - providing Additional Data <<
1415 <<
1416 This should only be enabled for CAV <<
1417 no unless you know what this is. <<
1418 1803
1419 config CRYPTO_USER_API_AEAD 1804 config CRYPTO_USER_API_AEAD
1420 tristate "AEAD cipher algorithms" !! 1805 tristate "User-space interface for AEAD cipher algorithms"
1421 depends on NET 1806 depends on NET
1422 select CRYPTO_AEAD 1807 select CRYPTO_AEAD
1423 select CRYPTO_SKCIPHER !! 1808 select CRYPTO_BLKCIPHER
1424 select CRYPTO_NULL 1809 select CRYPTO_NULL
1425 select CRYPTO_USER_API 1810 select CRYPTO_USER_API
1426 help 1811 help
1427 Enable the userspace interface for !! 1812 This option enables the user-spaces interface for AEAD
1428 !! 1813 cipher algorithms.
1429 See Documentation/crypto/userspace- <<
1430 https://www.chronox.de/libkcapi/htm <<
1431 1814
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE !! 1815 config CRYPTO_STATS
1433 bool "Obsolete cryptographic algorith !! 1816 bool
1434 depends on CRYPTO_USER_API <<
1435 default y <<
1436 help 1817 help
1437 Allow obsolete cryptographic algori !! 1818 This option enables the gathering of crypto stats.
1438 already been phased out from intern !! 1819 This will collect:
1439 only useful for userspace clients t !! 1820 - encrypt/decrypt size and numbers of symmeric operations
1440 !! 1821 - compress/decompress size and numbers of compress operations
1441 endmenu !! 1822 - size and numbers of hash operations
>> 1823 - encrypt/decrypt/sign/verify numbers for asymmetric operations
>> 1824 - generate/seed numbers for rng operations
1442 1825
1443 config CRYPTO_HASH_INFO 1826 config CRYPTO_HASH_INFO
1444 bool 1827 bool
1445 1828
1446 if !KMSAN # avoid false positives from assemb <<
1447 if ARM <<
1448 source "arch/arm/crypto/Kconfig" <<
1449 endif <<
1450 if ARM64 <<
1451 source "arch/arm64/crypto/Kconfig" <<
1452 endif <<
1453 if LOONGARCH <<
1454 source "arch/loongarch/crypto/Kconfig" <<
1455 endif <<
1456 if MIPS <<
1457 source "arch/mips/crypto/Kconfig" <<
1458 endif <<
1459 if PPC <<
1460 source "arch/powerpc/crypto/Kconfig" <<
1461 endif <<
1462 if RISCV <<
1463 source "arch/riscv/crypto/Kconfig" <<
1464 endif <<
1465 if S390 <<
1466 source "arch/s390/crypto/Kconfig" <<
1467 endif <<
1468 if SPARC <<
1469 source "arch/sparc/crypto/Kconfig" <<
1470 endif <<
1471 if X86 <<
1472 source "arch/x86/crypto/Kconfig" <<
1473 endif <<
1474 endif <<
1475 <<
1476 source "drivers/crypto/Kconfig" 1829 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig" !! 1830 source crypto/asymmetric_keys/Kconfig
1478 source "certs/Kconfig" !! 1831 source certs/Kconfig
1479 1832
1480 endif # if CRYPTO 1833 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.