1 # SPDX-License-Identifier: GPL-2.0 1 # SPDX-License-Identifier: GPL-2.0
2 # 2 #
3 # Generic algorithms support 3 # Generic algorithms support
4 # 4 #
5 config XOR_BLOCKS 5 config XOR_BLOCKS
6 tristate 6 tristate
7 7
8 # 8 #
9 # async_tx api: hardware offloaded memory tran 9 # async_tx api: hardware offloaded memory transfer/transform support
10 # 10 #
11 source "crypto/async_tx/Kconfig" 11 source "crypto/async_tx/Kconfig"
12 12
13 # 13 #
14 # Cryptographic API Configuration 14 # Cryptographic API Configuration
15 # 15 #
16 menuconfig CRYPTO 16 menuconfig CRYPTO
17 tristate "Cryptographic API" 17 tristate "Cryptographic API"
18 select CRYPTO_LIB_UTILS <<
19 help 18 help
20 This option provides the core Crypto 19 This option provides the core Cryptographic API.
21 20
22 if CRYPTO 21 if CRYPTO
23 22
24 menu "Crypto core or helper" !! 23 comment "Crypto core or helper"
25 24
26 config CRYPTO_FIPS 25 config CRYPTO_FIPS
27 bool "FIPS 200 compliance" 26 bool "FIPS 200 compliance"
28 depends on (CRYPTO_ANSI_CPRNG || CRYPT 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
29 depends on (MODULE_SIG || !MODULES) 28 depends on (MODULE_SIG || !MODULES)
30 help 29 help
31 This option enables the fips boot op !! 30 This options enables the fips boot option which is
32 required if you want the system to o !! 31 required if you want to system to operate in a FIPS 200
33 certification. You should say no un 32 certification. You should say no unless you know what
34 this is. 33 this is.
35 34
36 config CRYPTO_FIPS_NAME <<
37 string "FIPS Module Name" <<
38 default "Linux Kernel Cryptographic AP <<
39 depends on CRYPTO_FIPS <<
40 help <<
41 This option sets the FIPS Module nam <<
42 the /proc/sys/crypto/fips_name file. <<
43 <<
44 config CRYPTO_FIPS_CUSTOM_VERSION <<
45 bool "Use Custom FIPS Module Version" <<
46 depends on CRYPTO_FIPS <<
47 default n <<
48 <<
49 config CRYPTO_FIPS_VERSION <<
50 string "FIPS Module Version" <<
51 default "(none)" <<
52 depends on CRYPTO_FIPS_CUSTOM_VERSION <<
53 help <<
54 This option provides the ability to <<
55 By default the KERNELRELEASE value i <<
56 <<
57 config CRYPTO_ALGAPI 35 config CRYPTO_ALGAPI
58 tristate 36 tristate
59 select CRYPTO_ALGAPI2 37 select CRYPTO_ALGAPI2
60 help 38 help
61 This option provides the API for cry 39 This option provides the API for cryptographic algorithms.
62 40
63 config CRYPTO_ALGAPI2 41 config CRYPTO_ALGAPI2
64 tristate 42 tristate
65 43
66 config CRYPTO_AEAD 44 config CRYPTO_AEAD
67 tristate 45 tristate
68 select CRYPTO_AEAD2 46 select CRYPTO_AEAD2
69 select CRYPTO_ALGAPI 47 select CRYPTO_ALGAPI
70 48
71 config CRYPTO_AEAD2 49 config CRYPTO_AEAD2
72 tristate 50 tristate
73 select CRYPTO_ALGAPI2 51 select CRYPTO_ALGAPI2
>> 52 select CRYPTO_NULL2
>> 53 select CRYPTO_RNG2
74 54
75 config CRYPTO_SIG !! 55 config CRYPTO_BLKCIPHER
76 tristate <<
77 select CRYPTO_SIG2 <<
78 select CRYPTO_ALGAPI <<
79 <<
80 config CRYPTO_SIG2 <<
81 tristate <<
82 select CRYPTO_ALGAPI2 <<
83 <<
84 config CRYPTO_SKCIPHER <<
85 tristate 56 tristate
86 select CRYPTO_SKCIPHER2 !! 57 select CRYPTO_BLKCIPHER2
87 select CRYPTO_ALGAPI 58 select CRYPTO_ALGAPI
88 select CRYPTO_ECB <<
89 59
90 config CRYPTO_SKCIPHER2 !! 60 config CRYPTO_BLKCIPHER2
91 tristate 61 tristate
92 select CRYPTO_ALGAPI2 62 select CRYPTO_ALGAPI2
>> 63 select CRYPTO_RNG2
>> 64 select CRYPTO_WORKQUEUE
93 65
94 config CRYPTO_HASH 66 config CRYPTO_HASH
95 tristate 67 tristate
96 select CRYPTO_HASH2 68 select CRYPTO_HASH2
97 select CRYPTO_ALGAPI 69 select CRYPTO_ALGAPI
98 70
99 config CRYPTO_HASH2 71 config CRYPTO_HASH2
100 tristate 72 tristate
101 select CRYPTO_ALGAPI2 73 select CRYPTO_ALGAPI2
102 74
103 config CRYPTO_RNG 75 config CRYPTO_RNG
104 tristate 76 tristate
105 select CRYPTO_RNG2 77 select CRYPTO_RNG2
106 select CRYPTO_ALGAPI 78 select CRYPTO_ALGAPI
107 79
108 config CRYPTO_RNG2 80 config CRYPTO_RNG2
109 tristate 81 tristate
110 select CRYPTO_ALGAPI2 82 select CRYPTO_ALGAPI2
111 83
112 config CRYPTO_RNG_DEFAULT 84 config CRYPTO_RNG_DEFAULT
113 tristate 85 tristate
114 select CRYPTO_DRBG_MENU 86 select CRYPTO_DRBG_MENU
115 87
116 config CRYPTO_AKCIPHER2 88 config CRYPTO_AKCIPHER2
117 tristate 89 tristate
118 select CRYPTO_ALGAPI2 90 select CRYPTO_ALGAPI2
119 91
120 config CRYPTO_AKCIPHER 92 config CRYPTO_AKCIPHER
121 tristate 93 tristate
122 select CRYPTO_AKCIPHER2 94 select CRYPTO_AKCIPHER2
123 select CRYPTO_ALGAPI 95 select CRYPTO_ALGAPI
124 96
125 config CRYPTO_KPP2 97 config CRYPTO_KPP2
126 tristate 98 tristate
127 select CRYPTO_ALGAPI2 99 select CRYPTO_ALGAPI2
128 100
129 config CRYPTO_KPP 101 config CRYPTO_KPP
130 tristate 102 tristate
131 select CRYPTO_ALGAPI 103 select CRYPTO_ALGAPI
132 select CRYPTO_KPP2 104 select CRYPTO_KPP2
133 105
134 config CRYPTO_ACOMP2 106 config CRYPTO_ACOMP2
135 tristate 107 tristate
136 select CRYPTO_ALGAPI2 108 select CRYPTO_ALGAPI2
137 select SGL_ALLOC 109 select SGL_ALLOC
138 110
139 config CRYPTO_ACOMP 111 config CRYPTO_ACOMP
140 tristate 112 tristate
141 select CRYPTO_ALGAPI 113 select CRYPTO_ALGAPI
142 select CRYPTO_ACOMP2 114 select CRYPTO_ACOMP2
143 115
>> 116 config CRYPTO_RSA
>> 117 tristate "RSA algorithm"
>> 118 select CRYPTO_AKCIPHER
>> 119 select CRYPTO_MANAGER
>> 120 select MPILIB
>> 121 select ASN1
>> 122 help
>> 123 Generic implementation of the RSA public key algorithm.
>> 124
>> 125 config CRYPTO_DH
>> 126 tristate "Diffie-Hellman algorithm"
>> 127 select CRYPTO_KPP
>> 128 select MPILIB
>> 129 help
>> 130 Generic implementation of the Diffie-Hellman algorithm.
>> 131
>> 132 config CRYPTO_ECDH
>> 133 tristate "ECDH algorithm"
>> 134 select CRYPTO_KPP
>> 135 select CRYPTO_RNG_DEFAULT
>> 136 help
>> 137 Generic implementation of the ECDH algorithm
>> 138
144 config CRYPTO_MANAGER 139 config CRYPTO_MANAGER
145 tristate "Cryptographic algorithm mana 140 tristate "Cryptographic algorithm manager"
146 select CRYPTO_MANAGER2 141 select CRYPTO_MANAGER2
147 help 142 help
148 Create default cryptographic templat 143 Create default cryptographic template instantiations such as
149 cbc(aes). 144 cbc(aes).
150 145
151 config CRYPTO_MANAGER2 146 config CRYPTO_MANAGER2
152 def_tristate CRYPTO_MANAGER || (CRYPTO 147 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153 select CRYPTO_ACOMP2 <<
154 select CRYPTO_AEAD2 148 select CRYPTO_AEAD2
155 select CRYPTO_AKCIPHER2 <<
156 select CRYPTO_SIG2 <<
157 select CRYPTO_HASH2 149 select CRYPTO_HASH2
>> 150 select CRYPTO_BLKCIPHER2
>> 151 select CRYPTO_AKCIPHER2
158 select CRYPTO_KPP2 152 select CRYPTO_KPP2
159 select CRYPTO_RNG2 !! 153 select CRYPTO_ACOMP2
160 select CRYPTO_SKCIPHER2 <<
161 154
162 config CRYPTO_USER 155 config CRYPTO_USER
163 tristate "Userspace cryptographic algo 156 tristate "Userspace cryptographic algorithm configuration"
164 depends on NET 157 depends on NET
165 select CRYPTO_MANAGER 158 select CRYPTO_MANAGER
166 help 159 help
167 Userspace configuration for cryptogr 160 Userspace configuration for cryptographic instantiations such as
168 cbc(aes). 161 cbc(aes).
169 162
170 config CRYPTO_MANAGER_DISABLE_TESTS 163 config CRYPTO_MANAGER_DISABLE_TESTS
171 bool "Disable run-time self tests" 164 bool "Disable run-time self tests"
172 default y 165 default y
>> 166 depends on CRYPTO_MANAGER2
173 help 167 help
174 Disable run-time self tests that nor 168 Disable run-time self tests that normally take place at
175 algorithm registration. 169 algorithm registration.
176 170
177 config CRYPTO_MANAGER_EXTRA_TESTS 171 config CRYPTO_MANAGER_EXTRA_TESTS
178 bool "Enable extra run-time crypto sel 172 bool "Enable extra run-time crypto self tests"
179 depends on DEBUG_KERNEL && !CRYPTO_MAN !! 173 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS
180 help 174 help
181 Enable extra run-time self tests of 175 Enable extra run-time self tests of registered crypto algorithms,
182 including randomized fuzz tests. 176 including randomized fuzz tests.
183 177
184 This is intended for developer use o 178 This is intended for developer use only, as these tests take much
185 longer to run than the normal self t 179 longer to run than the normal self tests.
186 180
>> 181 config CRYPTO_GF128MUL
>> 182 tristate "GF(2^128) multiplication functions"
>> 183 help
>> 184 Efficient table driven implementation of multiplications in the
>> 185 field GF(2^128). This is needed by some cypher modes. This
>> 186 option will be selected automatically if you select such a
>> 187 cipher mode. Only select this option by hand if you expect to load
>> 188 an external module that requires these functions.
>> 189
187 config CRYPTO_NULL 190 config CRYPTO_NULL
188 tristate "Null algorithms" 191 tristate "Null algorithms"
189 select CRYPTO_NULL2 192 select CRYPTO_NULL2
190 help 193 help
191 These are 'Null' algorithms, used by 194 These are 'Null' algorithms, used by IPsec, which do nothing.
192 195
193 config CRYPTO_NULL2 196 config CRYPTO_NULL2
194 tristate 197 tristate
195 select CRYPTO_ALGAPI2 198 select CRYPTO_ALGAPI2
196 select CRYPTO_SKCIPHER2 !! 199 select CRYPTO_BLKCIPHER2
197 select CRYPTO_HASH2 200 select CRYPTO_HASH2
198 201
199 config CRYPTO_PCRYPT 202 config CRYPTO_PCRYPT
200 tristate "Parallel crypto engine" 203 tristate "Parallel crypto engine"
201 depends on SMP 204 depends on SMP
202 select PADATA 205 select PADATA
203 select CRYPTO_MANAGER 206 select CRYPTO_MANAGER
204 select CRYPTO_AEAD 207 select CRYPTO_AEAD
205 help 208 help
206 This converts an arbitrary crypto al 209 This converts an arbitrary crypto algorithm into a parallel
207 algorithm that executes in kernel th 210 algorithm that executes in kernel threads.
208 211
>> 212 config CRYPTO_WORKQUEUE
>> 213 tristate
>> 214
209 config CRYPTO_CRYPTD 215 config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon 216 tristate "Software async crypto daemon"
211 select CRYPTO_SKCIPHER !! 217 select CRYPTO_BLKCIPHER
212 select CRYPTO_HASH 218 select CRYPTO_HASH
213 select CRYPTO_MANAGER 219 select CRYPTO_MANAGER
>> 220 select CRYPTO_WORKQUEUE
214 help 221 help
215 This is a generic software asynchron 222 This is a generic software asynchronous crypto daemon that
216 converts an arbitrary synchronous so 223 converts an arbitrary synchronous software crypto algorithm
217 into an asynchronous algorithm that 224 into an asynchronous algorithm that executes in a kernel thread.
218 225
219 config CRYPTO_AUTHENC 226 config CRYPTO_AUTHENC
220 tristate "Authenc support" 227 tristate "Authenc support"
221 select CRYPTO_AEAD 228 select CRYPTO_AEAD
222 select CRYPTO_SKCIPHER !! 229 select CRYPTO_BLKCIPHER
223 select CRYPTO_MANAGER 230 select CRYPTO_MANAGER
224 select CRYPTO_HASH 231 select CRYPTO_HASH
225 select CRYPTO_NULL 232 select CRYPTO_NULL
226 help 233 help
227 Authenc: Combined mode wrapper for I 234 Authenc: Combined mode wrapper for IPsec.
228 !! 235 This is required for IPSec.
229 This is required for IPSec ESP (XFRM <<
230 236
231 config CRYPTO_TEST 237 config CRYPTO_TEST
232 tristate "Testing module" 238 tristate "Testing module"
233 depends on m || EXPERT !! 239 depends on m
234 select CRYPTO_MANAGER 240 select CRYPTO_MANAGER
235 help 241 help
236 Quick & dirty crypto test module. 242 Quick & dirty crypto test module.
237 243
238 config CRYPTO_SIMD 244 config CRYPTO_SIMD
239 tristate 245 tristate
240 select CRYPTO_CRYPTD 246 select CRYPTO_CRYPTD
241 247
>> 248 config CRYPTO_GLUE_HELPER_X86
>> 249 tristate
>> 250 depends on X86
>> 251 select CRYPTO_BLKCIPHER
>> 252
242 config CRYPTO_ENGINE 253 config CRYPTO_ENGINE
243 tristate 254 tristate
244 255
245 endmenu !! 256 comment "Authenticated Encryption with Associated Data"
246 257
247 menu "Public-key cryptography" !! 258 config CRYPTO_CCM
>> 259 tristate "CCM support"
>> 260 select CRYPTO_CTR
>> 261 select CRYPTO_HASH
>> 262 select CRYPTO_AEAD
>> 263 help
>> 264 Support for Counter with CBC MAC. Required for IPsec.
248 265
249 config CRYPTO_RSA !! 266 config CRYPTO_GCM
250 tristate "RSA (Rivest-Shamir-Adleman)" !! 267 tristate "GCM/GMAC support"
251 select CRYPTO_AKCIPHER !! 268 select CRYPTO_CTR
252 select CRYPTO_MANAGER !! 269 select CRYPTO_AEAD
253 select MPILIB !! 270 select CRYPTO_GHASH
254 select ASN1 !! 271 select CRYPTO_NULL
255 help 272 help
256 RSA (Rivest-Shamir-Adleman) public k !! 273 Support for Galois/Counter Mode (GCM) and Galois Message
>> 274 Authentication Code (GMAC). Required for IPSec.
257 275
258 config CRYPTO_DH !! 276 config CRYPTO_CHACHA20POLY1305
259 tristate "DH (Diffie-Hellman)" !! 277 tristate "ChaCha20-Poly1305 AEAD support"
260 select CRYPTO_KPP !! 278 select CRYPTO_CHACHA20
261 select MPILIB !! 279 select CRYPTO_POLY1305
>> 280 select CRYPTO_AEAD
262 help 281 help
263 DH (Diffie-Hellman) key exchange alg !! 282 ChaCha20-Poly1305 AEAD support, RFC7539.
264 283
265 config CRYPTO_DH_RFC7919_GROUPS !! 284 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
266 bool "RFC 7919 FFDHE groups" !! 285 with the Poly1305 authenticator. It is defined in RFC7539 for use in
267 depends on CRYPTO_DH !! 286 IETF protocols.
268 select CRYPTO_RNG_DEFAULT !! 287
>> 288 config CRYPTO_AEGIS128
>> 289 tristate "AEGIS-128 AEAD algorithm"
>> 290 select CRYPTO_AEAD
>> 291 select CRYPTO_AES # for AES S-box tables
269 help 292 help
270 FFDHE (Finite-Field-based Diffie-Hel !! 293 Support for the AEGIS-128 dedicated AEAD algorithm.
271 defined in RFC7919. <<
272 294
273 Support these finite-field groups in !! 295 config CRYPTO_AEGIS128L
274 - ffdhe2048, ffdhe3072, ffdhe4096, f !! 296 tristate "AEGIS-128L AEAD algorithm"
>> 297 select CRYPTO_AEAD
>> 298 select CRYPTO_AES # for AES S-box tables
>> 299 help
>> 300 Support for the AEGIS-128L dedicated AEAD algorithm.
275 301
276 If unsure, say N. !! 302 config CRYPTO_AEGIS256
>> 303 tristate "AEGIS-256 AEAD algorithm"
>> 304 select CRYPTO_AEAD
>> 305 select CRYPTO_AES # for AES S-box tables
>> 306 help
>> 307 Support for the AEGIS-256 dedicated AEAD algorithm.
277 308
278 config CRYPTO_ECC !! 309 config CRYPTO_AEGIS128_AESNI_SSE2
279 tristate !! 310 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
280 select CRYPTO_RNG_DEFAULT !! 311 depends on X86 && 64BIT
>> 312 select CRYPTO_AEAD
>> 313 select CRYPTO_CRYPTD
>> 314 help
>> 315 AESNI+SSE2 implementation of the AEGSI-128 dedicated AEAD algorithm.
281 316
282 config CRYPTO_ECDH !! 317 config CRYPTO_AEGIS128L_AESNI_SSE2
283 tristate "ECDH (Elliptic Curve Diffie- !! 318 tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
284 select CRYPTO_ECC !! 319 depends on X86 && 64BIT
285 select CRYPTO_KPP !! 320 select CRYPTO_AEAD
>> 321 select CRYPTO_CRYPTD
286 help 322 help
287 ECDH (Elliptic Curve Diffie-Hellman) !! 323 AESNI+SSE2 implementation of the AEGSI-128L dedicated AEAD algorithm.
288 using curves P-192, P-256, and P-384 <<
289 324
290 config CRYPTO_ECDSA !! 325 config CRYPTO_AEGIS256_AESNI_SSE2
291 tristate "ECDSA (Elliptic Curve Digita !! 326 tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
292 select CRYPTO_ECC !! 327 depends on X86 && 64BIT
293 select CRYPTO_AKCIPHER !! 328 select CRYPTO_AEAD
294 select ASN1 !! 329 select CRYPTO_CRYPTD
295 help 330 help
296 ECDSA (Elliptic Curve Digital Signat !! 331 AESNI+SSE2 implementation of the AEGSI-256 dedicated AEAD algorithm.
297 ISO/IEC 14888-3) !! 332
298 using curves P-192, P-256, and P-384 !! 333 config CRYPTO_MORUS640
299 !! 334 tristate "MORUS-640 AEAD algorithm"
300 Only signature verification is imple !! 335 select CRYPTO_AEAD
301 <<
302 config CRYPTO_ECRDSA <<
303 tristate "EC-RDSA (Elliptic Curve Russ <<
304 select CRYPTO_ECC <<
305 select CRYPTO_AKCIPHER <<
306 select CRYPTO_STREEBOG <<
307 select OID_REGISTRY <<
308 select ASN1 <<
309 help 336 help
310 Elliptic Curve Russian Digital Signa !! 337 Support for the MORUS-640 dedicated AEAD algorithm.
311 RFC 7091, ISO/IEC 14888-3) <<
312 338
313 One of the Russian cryptographic sta !! 339 config CRYPTO_MORUS640_GLUE
314 algorithms). Only signature verifica !! 340 tristate
>> 341 depends on X86
>> 342 select CRYPTO_AEAD
>> 343 select CRYPTO_CRYPTD
>> 344 help
>> 345 Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
>> 346 algorithm.
315 347
316 config CRYPTO_CURVE25519 !! 348 config CRYPTO_MORUS640_SSE2
317 tristate "Curve25519" !! 349 tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
318 select CRYPTO_KPP !! 350 depends on X86 && 64BIT
319 select CRYPTO_LIB_CURVE25519_GENERIC !! 351 select CRYPTO_AEAD
>> 352 select CRYPTO_MORUS640_GLUE
320 help 353 help
321 Curve25519 elliptic curve (RFC7748) !! 354 SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
322 355
323 endmenu !! 356 config CRYPTO_MORUS1280
>> 357 tristate "MORUS-1280 AEAD algorithm"
>> 358 select CRYPTO_AEAD
>> 359 help
>> 360 Support for the MORUS-1280 dedicated AEAD algorithm.
324 361
325 menu "Block ciphers" !! 362 config CRYPTO_MORUS1280_GLUE
>> 363 tristate
>> 364 depends on X86
>> 365 select CRYPTO_AEAD
>> 366 select CRYPTO_CRYPTD
>> 367 help
>> 368 Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
>> 369 algorithm.
326 370
327 config CRYPTO_AES !! 371 config CRYPTO_MORUS1280_SSE2
328 tristate "AES (Advanced Encryption Sta !! 372 tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
329 select CRYPTO_ALGAPI !! 373 depends on X86 && 64BIT
330 select CRYPTO_LIB_AES !! 374 select CRYPTO_AEAD
>> 375 select CRYPTO_MORUS1280_GLUE
331 help 376 help
332 AES cipher algorithms (Rijndael)(FIP !! 377 SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
>> 378 algorithm.
333 379
334 Rijndael appears to be consistently !! 380 config CRYPTO_MORUS1280_AVX2
335 both hardware and software across a !! 381 tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
336 environments regardless of its use i !! 382 depends on X86 && 64BIT
337 modes. Its key setup time is excelle !! 383 select CRYPTO_AEAD
338 good. Rijndael's very low memory req !! 384 select CRYPTO_MORUS1280_GLUE
339 suited for restricted-space environm !! 385 help
340 demonstrates excellent performance. !! 386 AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
341 among the easiest to defend against !! 387 algorithm.
342 388
343 The AES specifies three key sizes: 1 !! 389 config CRYPTO_SEQIV
>> 390 tristate "Sequence Number IV Generator"
>> 391 select CRYPTO_AEAD
>> 392 select CRYPTO_BLKCIPHER
>> 393 select CRYPTO_NULL
>> 394 select CRYPTO_RNG_DEFAULT
>> 395 help
>> 396 This IV generator generates an IV based on a sequence number by
>> 397 xoring it with a salt. This algorithm is mainly useful for CTR
344 398
345 config CRYPTO_AES_TI !! 399 config CRYPTO_ECHAINIV
346 tristate "AES (Advanced Encryption Sta !! 400 tristate "Encrypted Chain IV Generator"
347 select CRYPTO_ALGAPI !! 401 select CRYPTO_AEAD
348 select CRYPTO_LIB_AES !! 402 select CRYPTO_NULL
>> 403 select CRYPTO_RNG_DEFAULT
>> 404 default m
349 help 405 help
350 AES cipher algorithms (Rijndael)(FIP !! 406 This IV generator generates an IV based on the encryption of
>> 407 a sequence number xored with a salt. This is the default
>> 408 algorithm for CBC.
351 409
352 This is a generic implementation of !! 410 comment "Block modes"
353 data dependent latencies as much as <<
354 performance too much. It is intended <<
355 and GCM drivers, and other CTR or CM <<
356 solely on encryption (although decry <<
357 with a more dramatic performance hit <<
358 411
359 Instead of using 16 lookup tables of !! 412 config CRYPTO_CBC
360 8 for decryption), this implementati !! 413 tristate "CBC support"
361 256 bytes each, and attempts to elim !! 414 select CRYPTO_BLKCIPHER
362 prefetching the entire table into th !! 415 select CRYPTO_MANAGER
363 block. Interrupts are also disabled !! 416 help
364 are evicted when the CPU is interrup !! 417 CBC: Cipher Block Chaining mode
>> 418 This block cipher algorithm is required for IPSec.
365 419
366 config CRYPTO_ANUBIS !! 420 config CRYPTO_CFB
367 tristate "Anubis" !! 421 tristate "CFB support"
368 depends on CRYPTO_USER_API_ENABLE_OBSO !! 422 select CRYPTO_BLKCIPHER
369 select CRYPTO_ALGAPI !! 423 select CRYPTO_MANAGER
370 help 424 help
371 Anubis cipher algorithm !! 425 CFB: Cipher FeedBack mode
>> 426 This block cipher algorithm is required for TPM2 Cryptography.
372 427
373 Anubis is a variable key length ciph !! 428 config CRYPTO_CTR
374 128 bits to 320 bits in length. It !! 429 tristate "CTR support"
375 in the NESSIE competition. !! 430 select CRYPTO_BLKCIPHER
>> 431 select CRYPTO_SEQIV
>> 432 select CRYPTO_MANAGER
>> 433 help
>> 434 CTR: Counter mode
>> 435 This block cipher algorithm is required for IPSec.
>> 436
>> 437 config CRYPTO_CTS
>> 438 tristate "CTS support"
>> 439 select CRYPTO_BLKCIPHER
>> 440 help
>> 441 CTS: Cipher Text Stealing
>> 442 This is the Cipher Text Stealing mode as described by
>> 443 Section 8 of rfc2040 and referenced by rfc3962
>> 444 (rfc3962 includes errata information in its Appendix A) or
>> 445 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
>> 446 This mode is required for Kerberos gss mechanism support
>> 447 for AES encryption.
376 448
377 See https://web.archive.org/web/2016 !! 449 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
378 for further information. <<
379 450
380 config CRYPTO_ARIA !! 451 config CRYPTO_ECB
381 tristate "ARIA" !! 452 tristate "ECB support"
382 select CRYPTO_ALGAPI !! 453 select CRYPTO_BLKCIPHER
>> 454 select CRYPTO_MANAGER
383 help 455 help
384 ARIA cipher algorithm (RFC5794) !! 456 ECB: Electronic CodeBook mode
>> 457 This is the simplest block cipher algorithm. It simply encrypts
>> 458 the input block by block.
385 459
386 ARIA is a standard encryption algori !! 460 config CRYPTO_LRW
387 The ARIA specifies three key sizes a !! 461 tristate "LRW support"
388 128-bit: 12 rounds. !! 462 select CRYPTO_BLKCIPHER
389 192-bit: 14 rounds. !! 463 select CRYPTO_MANAGER
390 256-bit: 16 rounds. !! 464 select CRYPTO_GF128MUL
>> 465 help
>> 466 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
>> 467 narrow block cipher mode for dm-crypt. Use it with cipher
>> 468 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
>> 469 The first 128, 192 or 256 bits in the key are used for AES and the
>> 470 rest is used to tie each cipher block to its logical position.
391 471
392 See: !! 472 config CRYPTO_OFB
393 https://seed.kisa.or.kr/kisa/algorit !! 473 tristate "OFB support"
>> 474 select CRYPTO_BLKCIPHER
>> 475 select CRYPTO_MANAGER
>> 476 help
>> 477 OFB: the Output Feedback mode makes a block cipher into a synchronous
>> 478 stream cipher. It generates keystream blocks, which are then XORed
>> 479 with the plaintext blocks to get the ciphertext. Flipping a bit in the
>> 480 ciphertext produces a flipped bit in the plaintext at the same
>> 481 location. This property allows many error correcting codes to function
>> 482 normally even when applied before encryption.
394 483
395 config CRYPTO_BLOWFISH !! 484 config CRYPTO_PCBC
396 tristate "Blowfish" !! 485 tristate "PCBC support"
397 select CRYPTO_ALGAPI !! 486 select CRYPTO_BLKCIPHER
398 select CRYPTO_BLOWFISH_COMMON !! 487 select CRYPTO_MANAGER
399 help 488 help
400 Blowfish cipher algorithm, by Bruce !! 489 PCBC: Propagating Cipher Block Chaining mode
>> 490 This block cipher algorithm is required for RxRPC.
401 491
402 This is a variable key length cipher !! 492 config CRYPTO_XTS
403 bits to 448 bits in length. It's fa !! 493 tristate "XTS support"
404 designed for use on "large microproc !! 494 select CRYPTO_BLKCIPHER
>> 495 select CRYPTO_MANAGER
>> 496 select CRYPTO_ECB
>> 497 help
>> 498 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
>> 499 key size 256, 384 or 512 bits. This implementation currently
>> 500 can't handle a sectorsize which is not a multiple of 16 bytes.
405 501
406 See https://www.schneier.com/blowfis !! 502 config CRYPTO_KEYWRAP
>> 503 tristate "Key wrapping support"
>> 504 select CRYPTO_BLKCIPHER
>> 505 help
>> 506 Support for key wrapping (NIST SP800-38F / RFC3394) without
>> 507 padding.
407 508
408 config CRYPTO_BLOWFISH_COMMON !! 509 config CRYPTO_NHPOLY1305
409 tristate 510 tristate
>> 511 select CRYPTO_HASH
>> 512 select CRYPTO_POLY1305
>> 513
>> 514 config CRYPTO_NHPOLY1305_SSE2
>> 515 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
>> 516 depends on X86 && 64BIT
>> 517 select CRYPTO_NHPOLY1305
410 help 518 help
411 Common parts of the Blowfish cipher !! 519 SSE2 optimized implementation of the hash function used by the
412 generic c and the assembler implemen !! 520 Adiantum encryption mode.
413 521
414 config CRYPTO_CAMELLIA !! 522 config CRYPTO_NHPOLY1305_AVX2
415 tristate "Camellia" !! 523 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
416 select CRYPTO_ALGAPI !! 524 depends on X86 && 64BIT
>> 525 select CRYPTO_NHPOLY1305
417 help 526 help
418 Camellia cipher algorithms (ISO/IEC !! 527 AVX2 optimized implementation of the hash function used by the
>> 528 Adiantum encryption mode.
419 529
420 Camellia is a symmetric key block ci !! 530 config CRYPTO_ADIANTUM
421 at NTT and Mitsubishi Electric Corpo !! 531 tristate "Adiantum support"
>> 532 select CRYPTO_CHACHA20
>> 533 select CRYPTO_POLY1305
>> 534 select CRYPTO_NHPOLY1305
>> 535 help
>> 536 Adiantum is a tweakable, length-preserving encryption mode
>> 537 designed for fast and secure disk encryption, especially on
>> 538 CPUs without dedicated crypto instructions. It encrypts
>> 539 each sector using the XChaCha12 stream cipher, two passes of
>> 540 an ε-almost-∆-universal hash function, and an invocation of
>> 541 the AES-256 block cipher on a single 16-byte block. On CPUs
>> 542 without AES instructions, Adiantum is much faster than
>> 543 AES-XTS.
422 544
423 The Camellia specifies three key siz !! 545 Adiantum's security is provably reducible to that of its
>> 546 underlying stream and block ciphers, subject to a security
>> 547 bound. Unlike XTS, Adiantum is a true wide-block encryption
>> 548 mode, so it actually provides an even stronger notion of
>> 549 security than XTS, subject to the security bound.
424 550
425 See https://info.isl.ntt.co.jp/crypt !! 551 If unsure, say N.
426 552
427 config CRYPTO_CAST_COMMON !! 553 comment "Hash modes"
428 tristate !! 554
>> 555 config CRYPTO_CMAC
>> 556 tristate "CMAC support"
>> 557 select CRYPTO_HASH
>> 558 select CRYPTO_MANAGER
429 help 559 help
430 Common parts of the CAST cipher algo !! 560 Cipher-based Message Authentication Code (CMAC) specified by
431 generic c and the assembler implemen !! 561 The National Institute of Standards and Technology (NIST).
432 562
433 config CRYPTO_CAST5 !! 563 https://tools.ietf.org/html/rfc4493
434 tristate "CAST5 (CAST-128)" !! 564 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
435 select CRYPTO_ALGAPI !! 565
436 select CRYPTO_CAST_COMMON !! 566 config CRYPTO_HMAC
>> 567 tristate "HMAC support"
>> 568 select CRYPTO_HASH
>> 569 select CRYPTO_MANAGER
437 help 570 help
438 CAST5 (CAST-128) cipher algorithm (R !! 571 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
>> 572 This is required for IPSec.
439 573
440 config CRYPTO_CAST6 !! 574 config CRYPTO_XCBC
441 tristate "CAST6 (CAST-256)" !! 575 tristate "XCBC support"
442 select CRYPTO_ALGAPI !! 576 select CRYPTO_HASH
443 select CRYPTO_CAST_COMMON !! 577 select CRYPTO_MANAGER
444 help 578 help
445 CAST6 (CAST-256) encryption algorith !! 579 XCBC: Keyed-Hashing with encryption algorithm
>> 580 http://www.ietf.org/rfc/rfc3566.txt
>> 581 http://csrc.nist.gov/encryption/modes/proposedmodes/
>> 582 xcbc-mac/xcbc-mac-spec.pdf
446 583
447 config CRYPTO_DES !! 584 config CRYPTO_VMAC
448 tristate "DES and Triple DES EDE" !! 585 tristate "VMAC support"
449 select CRYPTO_ALGAPI !! 586 select CRYPTO_HASH
450 select CRYPTO_LIB_DES !! 587 select CRYPTO_MANAGER
451 help 588 help
452 DES (Data Encryption Standard)(FIPS !! 589 VMAC is a message authentication algorithm designed for
453 Triple DES EDE (Encrypt/Decrypt/Encr !! 590 very high speed on 64-bit architectures.
454 cipher algorithms <<
455 591
456 config CRYPTO_FCRYPT !! 592 See also:
457 tristate "FCrypt" !! 593 <http://fastcrypto.org/vmac>
458 select CRYPTO_ALGAPI !! 594
459 select CRYPTO_SKCIPHER !! 595 comment "Digest"
>> 596
>> 597 config CRYPTO_CRC32C
>> 598 tristate "CRC32c CRC algorithm"
>> 599 select CRYPTO_HASH
>> 600 select CRC32
460 help 601 help
461 FCrypt algorithm used by RxRPC !! 602 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
>> 603 by iSCSI for header and data digests and by others.
>> 604 See Castagnoli93. Module will be crc32c.
>> 605
>> 606 config CRYPTO_CRC32C_INTEL
>> 607 tristate "CRC32c INTEL hardware acceleration"
>> 608 depends on X86
>> 609 select CRYPTO_HASH
>> 610 help
>> 611 In Intel processor with SSE4.2 supported, the processor will
>> 612 support CRC32C implementation using hardware accelerated CRC32
>> 613 instruction. This option will create 'crc32c-intel' module,
>> 614 which will enable any routine to use the CRC32 instruction to
>> 615 gain performance compared with software implementation.
>> 616 Module will be crc32c-intel.
>> 617
>> 618 config CRYPTO_CRC32C_VPMSUM
>> 619 tristate "CRC32c CRC algorithm (powerpc64)"
>> 620 depends on PPC64 && ALTIVEC
>> 621 select CRYPTO_HASH
>> 622 select CRC32
>> 623 help
>> 624 CRC32c algorithm implemented using vector polynomial multiply-sum
>> 625 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
>> 626 and newer processors for improved performance.
462 627
463 See https://ota.polyonymo.us/fcrypt- <<
464 628
465 config CRYPTO_KHAZAD !! 629 config CRYPTO_CRC32C_SPARC64
466 tristate "Khazad" !! 630 tristate "CRC32c CRC algorithm (SPARC64)"
467 depends on CRYPTO_USER_API_ENABLE_OBSO !! 631 depends on SPARC64
468 select CRYPTO_ALGAPI !! 632 select CRYPTO_HASH
>> 633 select CRC32
469 help 634 help
470 Khazad cipher algorithm !! 635 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
>> 636 when available.
471 637
472 Khazad was a finalist in the initial !! 638 config CRYPTO_CRC32
473 an algorithm optimized for 64-bit pr !! 639 tristate "CRC32 CRC algorithm"
474 on 32-bit processors. Khazad uses a !! 640 select CRYPTO_HASH
>> 641 select CRC32
>> 642 help
>> 643 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
>> 644 Shash crypto api wrappers to crc32_le function.
>> 645
>> 646 config CRYPTO_CRC32_PCLMUL
>> 647 tristate "CRC32 PCLMULQDQ hardware acceleration"
>> 648 depends on X86
>> 649 select CRYPTO_HASH
>> 650 select CRC32
>> 651 help
>> 652 From Intel Westmere and AMD Bulldozer processor with SSE4.2
>> 653 and PCLMULQDQ supported, the processor will support
>> 654 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
>> 655 instruction. This option will create 'crc32-pclmul' module,
>> 656 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
>> 657 and gain better performance as compared with the table implementation.
>> 658
>> 659 config CRYPTO_CRC32_MIPS
>> 660 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
>> 661 depends on MIPS_CRC_SUPPORT
>> 662 select CRYPTO_HASH
>> 663 help
>> 664 CRC32c and CRC32 CRC algorithms implemented using mips crypto
>> 665 instructions, when available.
475 666
476 See https://web.archive.org/web/2017 <<
477 for further information. <<
478 667
479 config CRYPTO_SEED !! 668 config CRYPTO_CRCT10DIF
480 tristate "SEED" !! 669 tristate "CRCT10DIF algorithm"
481 depends on CRYPTO_USER_API_ENABLE_OBSO !! 670 select CRYPTO_HASH
482 select CRYPTO_ALGAPI <<
483 help 671 help
484 SEED cipher algorithm (RFC4269, ISO/ !! 672 CRC T10 Data Integrity Field computation is being cast as
>> 673 a crypto transform. This allows for faster crc t10 diff
>> 674 transforms to be used if they are available.
485 675
486 SEED is a 128-bit symmetric key bloc !! 676 config CRYPTO_CRCT10DIF_PCLMUL
487 developed by KISA (Korea Information !! 677 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
488 national standard encryption algorit !! 678 depends on X86 && 64BIT && CRC_T10DIF
489 It is a 16 round block cipher with t !! 679 select CRYPTO_HASH
>> 680 help
>> 681 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
>> 682 CRC T10 DIF PCLMULQDQ computation can be hardware
>> 683 accelerated PCLMULQDQ instruction. This option will create
>> 684 'crct10dif-pclmul' module, which is faster when computing the
>> 685 crct10dif checksum as compared with the generic table implementation.
490 686
491 See https://seed.kisa.or.kr/kisa/alg !! 687 config CRYPTO_CRCT10DIF_VPMSUM
492 for further information. !! 688 tristate "CRC32T10DIF powerpc64 hardware acceleration"
>> 689 depends on PPC64 && ALTIVEC && CRC_T10DIF
>> 690 select CRYPTO_HASH
>> 691 help
>> 692 CRC10T10DIF algorithm implemented using vector polynomial
>> 693 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
>> 694 POWER8 and newer processors for improved performance.
493 695
494 config CRYPTO_SERPENT !! 696 config CRYPTO_VPMSUM_TESTER
495 tristate "Serpent" !! 697 tristate "Powerpc64 vpmsum hardware acceleration tester"
496 select CRYPTO_ALGAPI !! 698 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
497 help 699 help
498 Serpent cipher algorithm, by Anderso !! 700 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
>> 701 POWER8 vpmsum instructions.
>> 702 Unless you are testing these algorithms, you don't need this.
499 703
500 Keys are allowed to be from 0 to 256 !! 704 config CRYPTO_GHASH
501 of 8 bits. !! 705 tristate "GHASH digest algorithm"
>> 706 select CRYPTO_GF128MUL
>> 707 select CRYPTO_HASH
>> 708 help
>> 709 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
502 710
503 See https://www.cl.cam.ac.uk/~rja14/ !! 711 config CRYPTO_POLY1305
>> 712 tristate "Poly1305 authenticator algorithm"
>> 713 select CRYPTO_HASH
>> 714 help
>> 715 Poly1305 authenticator algorithm, RFC7539.
504 716
505 config CRYPTO_SM4 !! 717 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
506 tristate !! 718 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
>> 719 in IETF protocols. This is the portable C implementation of Poly1305.
507 720
508 config CRYPTO_SM4_GENERIC !! 721 config CRYPTO_POLY1305_X86_64
509 tristate "SM4 (ShangMi 4)" !! 722 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
510 select CRYPTO_ALGAPI !! 723 depends on X86 && 64BIT
511 select CRYPTO_SM4 !! 724 select CRYPTO_POLY1305
512 help 725 help
513 SM4 cipher algorithms (OSCCA GB/T 32 !! 726 Poly1305 authenticator algorithm, RFC7539.
514 ISO/IEC 18033-3:2010/Amd 1:2021) <<
515 727
516 SM4 (GBT.32907-2016) is a cryptograp !! 728 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
517 Organization of State Commercial Adm !! 729 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
518 as an authorized cryptographic algor !! 730 in IETF protocols. This is the x86_64 assembler implementation using SIMD
>> 731 instructions.
519 732
520 SMS4 was originally created for use !! 733 config CRYPTO_MD4
521 networks, and is mandated in the Chi !! 734 tristate "MD4 digest algorithm"
522 Wireless LAN WAPI (Wired Authenticat !! 735 select CRYPTO_HASH
523 (GB.15629.11-2003). !! 736 help
>> 737 MD4 message digest algorithm (RFC1320).
524 738
525 The latest SM4 standard (GBT.32907-2 !! 739 config CRYPTO_MD5
526 standardized through TC 260 of the S !! 740 tristate "MD5 digest algorithm"
527 of the People's Republic of China (S !! 741 select CRYPTO_HASH
>> 742 help
>> 743 MD5 message digest algorithm (RFC1321).
528 744
529 The input, output, and key of SMS4 a !! 745 config CRYPTO_MD5_OCTEON
>> 746 tristate "MD5 digest algorithm (OCTEON)"
>> 747 depends on CPU_CAVIUM_OCTEON
>> 748 select CRYPTO_MD5
>> 749 select CRYPTO_HASH
>> 750 help
>> 751 MD5 message digest algorithm (RFC1321) implemented
>> 752 using OCTEON crypto instructions, when available.
530 753
531 See https://eprint.iacr.org/2008/329 !! 754 config CRYPTO_MD5_PPC
>> 755 tristate "MD5 digest algorithm (PPC)"
>> 756 depends on PPC
>> 757 select CRYPTO_HASH
>> 758 help
>> 759 MD5 message digest algorithm (RFC1321) implemented
>> 760 in PPC assembler.
532 761
533 If unsure, say N. !! 762 config CRYPTO_MD5_SPARC64
>> 763 tristate "MD5 digest algorithm (SPARC64)"
>> 764 depends on SPARC64
>> 765 select CRYPTO_MD5
>> 766 select CRYPTO_HASH
>> 767 help
>> 768 MD5 message digest algorithm (RFC1321) implemented
>> 769 using sparc64 crypto instructions, when available.
534 770
535 config CRYPTO_TEA !! 771 config CRYPTO_MICHAEL_MIC
536 tristate "TEA, XTEA and XETA" !! 772 tristate "Michael MIC keyed digest algorithm"
537 depends on CRYPTO_USER_API_ENABLE_OBSO !! 773 select CRYPTO_HASH
538 select CRYPTO_ALGAPI <<
539 help 774 help
540 TEA (Tiny Encryption Algorithm) ciph !! 775 Michael MIC is used for message integrity protection in TKIP
>> 776 (IEEE 802.11i). This algorithm is required for TKIP, but it
>> 777 should not be used for other purposes because of the weakness
>> 778 of the algorithm.
541 779
542 Tiny Encryption Algorithm is a simpl !! 780 config CRYPTO_RMD128
543 many rounds for security. It is ver !! 781 tristate "RIPEMD-128 digest algorithm"
544 little memory. !! 782 select CRYPTO_HASH
>> 783 help
>> 784 RIPEMD-128 (ISO/IEC 10118-3:2004).
545 785
546 Xtendend Tiny Encryption Algorithm i !! 786 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
547 the TEA algorithm to address a poten !! 787 be used as a secure replacement for RIPEMD. For other use cases,
548 in the TEA algorithm. !! 788 RIPEMD-160 should be used.
549 789
550 Xtendend Encryption Tiny Algorithm i !! 790 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
551 of the XTEA algorithm for compatibil !! 791 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
552 792
553 config CRYPTO_TWOFISH !! 793 config CRYPTO_RMD160
554 tristate "Twofish" !! 794 tristate "RIPEMD-160 digest algorithm"
555 select CRYPTO_ALGAPI !! 795 select CRYPTO_HASH
556 select CRYPTO_TWOFISH_COMMON <<
557 help 796 help
558 Twofish cipher algorithm !! 797 RIPEMD-160 (ISO/IEC 10118-3:2004).
559 798
560 Twofish was submitted as an AES (Adv !! 799 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
561 candidate cipher by researchers at C !! 800 to be used as a secure replacement for the 128-bit hash functions
562 16 round block cipher supporting key !! 801 MD4, MD5 and it's predecessor RIPEMD
563 bits. !! 802 (not to be confused with RIPEMD-128).
>> 803
>> 804 It's speed is comparable to SHA1 and there are no known attacks
>> 805 against RIPEMD-160.
564 806
565 See https://www.schneier.com/twofish !! 807 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
>> 808 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
566 809
567 config CRYPTO_TWOFISH_COMMON !! 810 config CRYPTO_RMD256
568 tristate !! 811 tristate "RIPEMD-256 digest algorithm"
>> 812 select CRYPTO_HASH
569 help 813 help
570 Common parts of the Twofish cipher a !! 814 RIPEMD-256 is an optional extension of RIPEMD-128 with a
571 generic c and the assembler implemen !! 815 256 bit hash. It is intended for applications that require
>> 816 longer hash-results, without needing a larger security level
>> 817 (than RIPEMD-128).
572 818
573 endmenu !! 819 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
>> 820 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
574 821
575 menu "Length-preserving ciphers and modes" !! 822 config CRYPTO_RMD320
>> 823 tristate "RIPEMD-320 digest algorithm"
>> 824 select CRYPTO_HASH
>> 825 help
>> 826 RIPEMD-320 is an optional extension of RIPEMD-160 with a
>> 827 320 bit hash. It is intended for applications that require
>> 828 longer hash-results, without needing a larger security level
>> 829 (than RIPEMD-160).
576 830
577 config CRYPTO_ADIANTUM !! 831 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
578 tristate "Adiantum" !! 832 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
579 select CRYPTO_CHACHA20 !! 833
580 select CRYPTO_LIB_POLY1305_GENERIC !! 834 config CRYPTO_SHA1
581 select CRYPTO_NHPOLY1305 !! 835 tristate "SHA1 digest algorithm"
582 select CRYPTO_MANAGER !! 836 select CRYPTO_HASH
583 help 837 help
584 Adiantum tweakable, length-preservin !! 838 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
585 839
586 Designed for fast and secure disk en !! 840 config CRYPTO_SHA1_SSSE3
587 CPUs without dedicated crypto instru !! 841 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
588 each sector using the XChaCha12 stre !! 842 depends on X86 && 64BIT
589 an ε-almost-∆-universal hash func !! 843 select CRYPTO_SHA1
590 the AES-256 block cipher on a single !! 844 select CRYPTO_HASH
591 without AES instructions, Adiantum i !! 845 help
592 AES-XTS. !! 846 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 847 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
>> 848 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
>> 849 when available.
593 850
594 Adiantum's security is provably redu !! 851 config CRYPTO_SHA256_SSSE3
595 underlying stream and block ciphers, !! 852 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
596 bound. Unlike XTS, Adiantum is a tr !! 853 depends on X86 && 64BIT
597 mode, so it actually provides an eve !! 854 select CRYPTO_SHA256
598 security than XTS, subject to the se !! 855 select CRYPTO_HASH
>> 856 help
>> 857 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 858 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 859 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 860 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
>> 861 Instructions) when available.
>> 862
>> 863 config CRYPTO_SHA512_SSSE3
>> 864 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
>> 865 depends on X86 && 64BIT
>> 866 select CRYPTO_SHA512
>> 867 select CRYPTO_HASH
>> 868 help
>> 869 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 870 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 871 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 872 version 2 (AVX2) instructions, when available.
599 873
600 If unsure, say N. !! 874 config CRYPTO_SHA1_OCTEON
>> 875 tristate "SHA1 digest algorithm (OCTEON)"
>> 876 depends on CPU_CAVIUM_OCTEON
>> 877 select CRYPTO_SHA1
>> 878 select CRYPTO_HASH
>> 879 help
>> 880 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 881 using OCTEON crypto instructions, when available.
601 882
602 config CRYPTO_ARC4 !! 883 config CRYPTO_SHA1_SPARC64
603 tristate "ARC4 (Alleged Rivest Cipher !! 884 tristate "SHA1 digest algorithm (SPARC64)"
604 depends on CRYPTO_USER_API_ENABLE_OBSO !! 885 depends on SPARC64
605 select CRYPTO_SKCIPHER !! 886 select CRYPTO_SHA1
606 select CRYPTO_LIB_ARC4 !! 887 select CRYPTO_HASH
607 help 888 help
608 ARC4 cipher algorithm !! 889 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 890 using sparc64 crypto instructions, when available.
609 891
610 ARC4 is a stream cipher using keys r !! 892 config CRYPTO_SHA1_PPC
611 bits in length. This algorithm is r !! 893 tristate "SHA1 digest algorithm (powerpc)"
612 WEP, but it should not be for other !! 894 depends on PPC
613 weakness of the algorithm. !! 895 help
>> 896 This is the powerpc hardware accelerated implementation of the
>> 897 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
614 898
615 config CRYPTO_CHACHA20 !! 899 config CRYPTO_SHA1_PPC_SPE
616 tristate "ChaCha" !! 900 tristate "SHA1 digest algorithm (PPC SPE)"
617 select CRYPTO_LIB_CHACHA_GENERIC !! 901 depends on PPC && SPE
618 select CRYPTO_SKCIPHER <<
619 help 902 help
620 The ChaCha20, XChaCha20, and XChaCha !! 903 SHA-1 secure hash standard (DFIPS 180-4) implemented
>> 904 using powerpc SPE SIMD instruction set.
621 905
622 ChaCha20 is a 256-bit high-speed str !! 906 config CRYPTO_SHA256
623 Bernstein and further specified in R !! 907 tristate "SHA224 and SHA256 digest algorithm"
624 This is the portable C implementatio !! 908 select CRYPTO_HASH
625 https://cr.yp.to/chacha/chacha-20080 !! 909 help
>> 910 SHA256 secure hash standard (DFIPS 180-2).
626 911
627 XChaCha20 is the application of the !! 912 This version of SHA implements a 256 bit hash with 128 bits of
628 rather than to Salsa20. XChaCha20 e !! 913 security against collision attacks.
629 from 64 bits (or 96 bits using the R <<
630 while provably retaining ChaCha20's <<
631 https://cr.yp.to/snuffle/xsalsa-2008 <<
632 914
633 XChaCha12 is XChaCha20 reduced to 12 !! 915 This code also includes SHA-224, a 224 bit hash with 112 bits
634 reduced security margin but increase !! 916 of security against collision attacks.
635 in some performance-sensitive scenar <<
636 917
637 config CRYPTO_CBC !! 918 config CRYPTO_SHA256_PPC_SPE
638 tristate "CBC (Cipher Block Chaining)" !! 919 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
639 select CRYPTO_SKCIPHER !! 920 depends on PPC && SPE
640 select CRYPTO_MANAGER !! 921 select CRYPTO_SHA256
>> 922 select CRYPTO_HASH
641 help 923 help
642 CBC (Cipher Block Chaining) mode (NI !! 924 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
>> 925 implemented using powerpc SPE SIMD instruction set.
643 926
644 This block cipher mode is required f !! 927 config CRYPTO_SHA256_OCTEON
>> 928 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
>> 929 depends on CPU_CAVIUM_OCTEON
>> 930 select CRYPTO_SHA256
>> 931 select CRYPTO_HASH
>> 932 help
>> 933 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 934 using OCTEON crypto instructions, when available.
645 935
646 config CRYPTO_CTR !! 936 config CRYPTO_SHA256_SPARC64
647 tristate "CTR (Counter)" !! 937 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
648 select CRYPTO_SKCIPHER !! 938 depends on SPARC64
649 select CRYPTO_MANAGER !! 939 select CRYPTO_SHA256
>> 940 select CRYPTO_HASH
650 help 941 help
651 CTR (Counter) mode (NIST SP800-38A) !! 942 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 943 using sparc64 crypto instructions, when available.
652 944
653 config CRYPTO_CTS !! 945 config CRYPTO_SHA512
654 tristate "CTS (Cipher Text Stealing)" !! 946 tristate "SHA384 and SHA512 digest algorithms"
655 select CRYPTO_SKCIPHER !! 947 select CRYPTO_HASH
656 select CRYPTO_MANAGER <<
657 help 948 help
658 CBC-CS3 variant of CTS (Cipher Text !! 949 SHA512 secure hash standard (DFIPS 180-2).
659 Addendum to SP800-38A (October 2010) <<
660 950
661 This mode is required for Kerberos g !! 951 This version of SHA implements a 512 bit hash with 256 bits of
662 for AES encryption. !! 952 security against collision attacks.
663 953
664 config CRYPTO_ECB !! 954 This code also includes SHA-384, a 384 bit hash with 192 bits
665 tristate "ECB (Electronic Codebook)" !! 955 of security against collision attacks.
666 select CRYPTO_SKCIPHER2 !! 956
667 select CRYPTO_MANAGER !! 957 config CRYPTO_SHA512_OCTEON
>> 958 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
>> 959 depends on CPU_CAVIUM_OCTEON
>> 960 select CRYPTO_SHA512
>> 961 select CRYPTO_HASH
668 help 962 help
669 ECB (Electronic Codebook) mode (NIST !! 963 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 964 using OCTEON crypto instructions, when available.
670 965
671 config CRYPTO_HCTR2 !! 966 config CRYPTO_SHA512_SPARC64
672 tristate "HCTR2" !! 967 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
673 select CRYPTO_XCTR !! 968 depends on SPARC64
674 select CRYPTO_POLYVAL !! 969 select CRYPTO_SHA512
675 select CRYPTO_MANAGER !! 970 select CRYPTO_HASH
676 help 971 help
677 HCTR2 length-preserving encryption m !! 972 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 973 using sparc64 crypto instructions, when available.
678 974
679 A mode for storage encryption that i !! 975 config CRYPTO_SHA3
680 instructions to accelerate AES and c !! 976 tristate "SHA3 digest algorithm"
681 x86 processors with AES-NI and CLMUL !! 977 select CRYPTO_HASH
682 ARMv8 crypto extensions. !! 978 help
>> 979 SHA-3 secure hash standard (DFIPS 202). It's based on
>> 980 cryptographic sponge function family called Keccak.
683 981
684 See https://eprint.iacr.org/2021/144 !! 982 References:
>> 983 http://keccak.noekeon.org/
685 984
686 config CRYPTO_KEYWRAP !! 985 config CRYPTO_SM3
687 tristate "KW (AES Key Wrap)" !! 986 tristate "SM3 digest algorithm"
688 select CRYPTO_SKCIPHER !! 987 select CRYPTO_HASH
689 select CRYPTO_MANAGER <<
690 help 988 help
691 KW (AES Key Wrap) authenticated encr !! 989 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
692 and RFC3394) without padding. !! 990 It is part of the Chinese Commercial Cryptography suite.
693 991
694 config CRYPTO_LRW !! 992 References:
695 tristate "LRW (Liskov Rivest Wagner)" !! 993 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
696 select CRYPTO_LIB_GF128MUL !! 994 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
697 select CRYPTO_SKCIPHER !! 995
698 select CRYPTO_MANAGER !! 996 config CRYPTO_STREEBOG
699 select CRYPTO_ECB !! 997 tristate "Streebog Hash Function"
>> 998 select CRYPTO_HASH
700 help 999 help
701 LRW (Liskov Rivest Wagner) mode !! 1000 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
>> 1001 cryptographic standard algorithms (called GOST algorithms).
>> 1002 This setting enables two hash algorithms with 256 and 512 bits output.
702 1003
703 A tweakable, non malleable, non mova !! 1004 References:
704 narrow block cipher mode for dm-cryp !! 1005 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
705 specification string aes-lrw-benbi, !! 1006 https://tools.ietf.org/html/rfc6986
706 The first 128, 192 or 256 bits in th <<
707 rest is used to tie each cipher bloc <<
708 1007
709 See https://people.csail.mit.edu/riv !! 1008 config CRYPTO_TGR192
>> 1009 tristate "Tiger digest algorithms"
>> 1010 select CRYPTO_HASH
>> 1011 help
>> 1012 Tiger hash algorithm 192, 160 and 128-bit hashes
710 1013
711 config CRYPTO_PCBC !! 1014 Tiger is a hash function optimized for 64-bit processors while
712 tristate "PCBC (Propagating Cipher Blo !! 1015 still having decent performance on 32-bit processors.
713 select CRYPTO_SKCIPHER !! 1016 Tiger was developed by Ross Anderson and Eli Biham.
714 select CRYPTO_MANAGER !! 1017
>> 1018 See also:
>> 1019 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
>> 1020
>> 1021 config CRYPTO_WP512
>> 1022 tristate "Whirlpool digest algorithms"
>> 1023 select CRYPTO_HASH
715 help 1024 help
716 PCBC (Propagating Cipher Block Chain !! 1025 Whirlpool hash algorithm 512, 384 and 256-bit hashes
717 1026
718 This block cipher mode is required f !! 1027 Whirlpool-512 is part of the NESSIE cryptographic primitives.
>> 1028 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
719 1029
720 config CRYPTO_XCTR !! 1030 See also:
721 tristate !! 1031 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
722 select CRYPTO_SKCIPHER !! 1032
723 select CRYPTO_MANAGER !! 1033 config CRYPTO_GHASH_CLMUL_NI_INTEL
>> 1034 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
>> 1035 depends on X86 && 64BIT
>> 1036 select CRYPTO_CRYPTD
724 help 1037 help
725 XCTR (XOR Counter) mode for HCTR2 !! 1038 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
>> 1039 The implementation is accelerated by CLMUL-NI of Intel.
726 1040
727 This blockcipher mode is a variant o !! 1041 comment "Ciphers"
728 addition rather than big-endian arit <<
729 1042
730 XCTR mode is used to implement HCTR2 !! 1043 config CRYPTO_AES
>> 1044 tristate "AES cipher algorithms"
>> 1045 select CRYPTO_ALGAPI
>> 1046 help
>> 1047 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1048 algorithm.
731 1049
732 config CRYPTO_XTS !! 1050 Rijndael appears to be consistently a very good performer in
733 tristate "XTS (XOR Encrypt XOR with ci !! 1051 both hardware and software across a wide range of computing
734 select CRYPTO_SKCIPHER !! 1052 environments regardless of its use in feedback or non-feedback
735 select CRYPTO_MANAGER !! 1053 modes. Its key setup time is excellent, and its key agility is
736 select CRYPTO_ECB !! 1054 good. Rijndael's very low memory requirements make it very well
>> 1055 suited for restricted-space environments, in which it also
>> 1056 demonstrates excellent performance. Rijndael's operations are
>> 1057 among the easiest to defend against power and timing attacks.
>> 1058
>> 1059 The AES specifies three key sizes: 128, 192 and 256 bits
>> 1060
>> 1061 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
>> 1062
>> 1063 config CRYPTO_AES_TI
>> 1064 tristate "Fixed time AES cipher"
>> 1065 select CRYPTO_ALGAPI
>> 1066 help
>> 1067 This is a generic implementation of AES that attempts to eliminate
>> 1068 data dependent latencies as much as possible without affecting
>> 1069 performance too much. It is intended for use by the generic CCM
>> 1070 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
>> 1071 solely on encryption (although decryption is supported as well, but
>> 1072 with a more dramatic performance hit)
>> 1073
>> 1074 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
>> 1075 8 for decryption), this implementation only uses just two S-boxes of
>> 1076 256 bytes each, and attempts to eliminate data dependent latencies by
>> 1077 prefetching the entire table into the cache at the start of each
>> 1078 block. Interrupts are also disabled to avoid races where cachelines
>> 1079 are evicted when the CPU is interrupted to do something else.
>> 1080
>> 1081 config CRYPTO_AES_586
>> 1082 tristate "AES cipher algorithms (i586)"
>> 1083 depends on (X86 || UML_X86) && !64BIT
>> 1084 select CRYPTO_ALGAPI
>> 1085 select CRYPTO_AES
737 help 1086 help
738 XTS (XOR Encrypt XOR with ciphertext !! 1087 AES cipher algorithms (FIPS-197). AES uses the Rijndael
739 and IEEE 1619) !! 1088 algorithm.
740 1089
741 Use with aes-xts-plain, key size 256 !! 1090 Rijndael appears to be consistently a very good performer in
742 implementation currently can't handl !! 1091 both hardware and software across a wide range of computing
743 multiple of 16 bytes. !! 1092 environments regardless of its use in feedback or non-feedback
>> 1093 modes. Its key setup time is excellent, and its key agility is
>> 1094 good. Rijndael's very low memory requirements make it very well
>> 1095 suited for restricted-space environments, in which it also
>> 1096 demonstrates excellent performance. Rijndael's operations are
>> 1097 among the easiest to defend against power and timing attacks.
744 1098
745 config CRYPTO_NHPOLY1305 !! 1099 The AES specifies three key sizes: 128, 192 and 256 bits
746 tristate <<
747 select CRYPTO_HASH <<
748 select CRYPTO_LIB_POLY1305_GENERIC <<
749 1100
750 endmenu !! 1101 See <http://csrc.nist.gov/encryption/aes/> for more information.
751 1102
752 menu "AEAD (authenticated encryption with asso !! 1103 config CRYPTO_AES_X86_64
>> 1104 tristate "AES cipher algorithms (x86_64)"
>> 1105 depends on (X86 || UML_X86) && 64BIT
>> 1106 select CRYPTO_ALGAPI
>> 1107 select CRYPTO_AES
>> 1108 help
>> 1109 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1110 algorithm.
753 1111
754 config CRYPTO_AEGIS128 !! 1112 Rijndael appears to be consistently a very good performer in
755 tristate "AEGIS-128" !! 1113 both hardware and software across a wide range of computing
>> 1114 environments regardless of its use in feedback or non-feedback
>> 1115 modes. Its key setup time is excellent, and its key agility is
>> 1116 good. Rijndael's very low memory requirements make it very well
>> 1117 suited for restricted-space environments, in which it also
>> 1118 demonstrates excellent performance. Rijndael's operations are
>> 1119 among the easiest to defend against power and timing attacks.
>> 1120
>> 1121 The AES specifies three key sizes: 128, 192 and 256 bits
>> 1122
>> 1123 See <http://csrc.nist.gov/encryption/aes/> for more information.
>> 1124
>> 1125 config CRYPTO_AES_NI_INTEL
>> 1126 tristate "AES cipher algorithms (AES-NI)"
>> 1127 depends on X86
756 select CRYPTO_AEAD 1128 select CRYPTO_AEAD
757 select CRYPTO_AES # for AES S-box tab !! 1129 select CRYPTO_AES_X86_64 if 64BIT
>> 1130 select CRYPTO_AES_586 if !64BIT
>> 1131 select CRYPTO_ALGAPI
>> 1132 select CRYPTO_BLKCIPHER
>> 1133 select CRYPTO_GLUE_HELPER_X86 if 64BIT
>> 1134 select CRYPTO_SIMD
758 help 1135 help
759 AEGIS-128 AEAD algorithm !! 1136 Use Intel AES-NI instructions for AES algorithm.
760 1137
761 config CRYPTO_AEGIS128_SIMD !! 1138 AES cipher algorithms (FIPS-197). AES uses the Rijndael
762 bool "AEGIS-128 (arm NEON, arm64 NEON) !! 1139 algorithm.
763 depends on CRYPTO_AEGIS128 && ((ARM || !! 1140
764 default y !! 1141 Rijndael appears to be consistently a very good performer in
>> 1142 both hardware and software across a wide range of computing
>> 1143 environments regardless of its use in feedback or non-feedback
>> 1144 modes. Its key setup time is excellent, and its key agility is
>> 1145 good. Rijndael's very low memory requirements make it very well
>> 1146 suited for restricted-space environments, in which it also
>> 1147 demonstrates excellent performance. Rijndael's operations are
>> 1148 among the easiest to defend against power and timing attacks.
>> 1149
>> 1150 The AES specifies three key sizes: 128, 192 and 256 bits
>> 1151
>> 1152 See <http://csrc.nist.gov/encryption/aes/> for more information.
>> 1153
>> 1154 In addition to AES cipher algorithm support, the acceleration
>> 1155 for some popular block cipher mode is supported too, including
>> 1156 ECB, CBC, LRW, XTS. The 64 bit version has additional
>> 1157 acceleration for CTR.
>> 1158
>> 1159 config CRYPTO_AES_SPARC64
>> 1160 tristate "AES cipher algorithms (SPARC64)"
>> 1161 depends on SPARC64
>> 1162 select CRYPTO_CRYPTD
>> 1163 select CRYPTO_ALGAPI
765 help 1164 help
766 AEGIS-128 AEAD algorithm !! 1165 Use SPARC64 crypto opcodes for AES algorithm.
767 1166
768 Architecture: arm or arm64 using: !! 1167 AES cipher algorithms (FIPS-197). AES uses the Rijndael
769 - NEON (Advanced SIMD) extension !! 1168 algorithm.
770 1169
771 config CRYPTO_CHACHA20POLY1305 !! 1170 Rijndael appears to be consistently a very good performer in
772 tristate "ChaCha20-Poly1305" !! 1171 both hardware and software across a wide range of computing
773 select CRYPTO_CHACHA20 !! 1172 environments regardless of its use in feedback or non-feedback
774 select CRYPTO_POLY1305 !! 1173 modes. Its key setup time is excellent, and its key agility is
775 select CRYPTO_AEAD !! 1174 good. Rijndael's very low memory requirements make it very well
776 select CRYPTO_MANAGER !! 1175 suited for restricted-space environments, in which it also
>> 1176 demonstrates excellent performance. Rijndael's operations are
>> 1177 among the easiest to defend against power and timing attacks.
>> 1178
>> 1179 The AES specifies three key sizes: 128, 192 and 256 bits
>> 1180
>> 1181 See <http://csrc.nist.gov/encryption/aes/> for more information.
>> 1182
>> 1183 In addition to AES cipher algorithm support, the acceleration
>> 1184 for some popular block cipher mode is supported too, including
>> 1185 ECB and CBC.
>> 1186
>> 1187 config CRYPTO_AES_PPC_SPE
>> 1188 tristate "AES cipher algorithms (PPC SPE)"
>> 1189 depends on PPC && SPE
>> 1190 help
>> 1191 AES cipher algorithms (FIPS-197). Additionally the acceleration
>> 1192 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
>> 1193 This module should only be used for low power (router) devices
>> 1194 without hardware AES acceleration (e.g. caam crypto). It reduces the
>> 1195 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
>> 1196 timining attacks. Nevertheless it might be not as secure as other
>> 1197 architecture specific assembler implementations that work on 1KB
>> 1198 tables or 256 bytes S-boxes.
>> 1199
>> 1200 config CRYPTO_ANUBIS
>> 1201 tristate "Anubis cipher algorithm"
>> 1202 select CRYPTO_ALGAPI
777 help 1203 help
778 ChaCha20 stream cipher and Poly1305 !! 1204 Anubis cipher algorithm.
779 mode (RFC8439) <<
780 1205
781 config CRYPTO_CCM !! 1206 Anubis is a variable key length cipher which can use keys from
782 tristate "CCM (Counter with Cipher Blo !! 1207 128 bits to 320 bits in length. It was evaluated as a entrant
783 select CRYPTO_CTR !! 1208 in the NESSIE competition.
784 select CRYPTO_HASH !! 1209
785 select CRYPTO_AEAD !! 1210 See also:
786 select CRYPTO_MANAGER !! 1211 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
>> 1212 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
>> 1213
>> 1214 config CRYPTO_ARC4
>> 1215 tristate "ARC4 cipher algorithm"
>> 1216 select CRYPTO_BLKCIPHER
787 help 1217 help
788 CCM (Counter with Cipher Block Chain !! 1218 ARC4 cipher algorithm.
789 authenticated encryption mode (NIST <<
790 1219
791 config CRYPTO_GCM !! 1220 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
792 tristate "GCM (Galois/Counter Mode) an !! 1221 bits in length. This algorithm is required for driver-based
793 select CRYPTO_CTR !! 1222 WEP, but it should not be for other purposes because of the
794 select CRYPTO_AEAD !! 1223 weakness of the algorithm.
795 select CRYPTO_GHASH !! 1224
796 select CRYPTO_NULL !! 1225 config CRYPTO_BLOWFISH
797 select CRYPTO_MANAGER !! 1226 tristate "Blowfish cipher algorithm"
>> 1227 select CRYPTO_ALGAPI
>> 1228 select CRYPTO_BLOWFISH_COMMON
798 help 1229 help
799 GCM (Galois/Counter Mode) authentica !! 1230 Blowfish cipher algorithm, by Bruce Schneier.
800 (GCM Message Authentication Code) (N !! 1231
>> 1232 This is a variable key length cipher which can use keys from 32
>> 1233 bits to 448 bits in length. It's fast, simple and specifically
>> 1234 designed for use on "large microprocessors".
801 1235
802 This is required for IPSec ESP (XFRM !! 1236 See also:
>> 1237 <http://www.schneier.com/blowfish.html>
803 1238
804 config CRYPTO_GENIV !! 1239 config CRYPTO_BLOWFISH_COMMON
805 tristate 1240 tristate
806 select CRYPTO_AEAD !! 1241 help
807 select CRYPTO_NULL !! 1242 Common parts of the Blowfish cipher algorithm shared by the
808 select CRYPTO_MANAGER !! 1243 generic c and the assembler implementations.
809 select CRYPTO_RNG_DEFAULT <<
810 1244
811 config CRYPTO_SEQIV !! 1245 See also:
812 tristate "Sequence Number IV Generator !! 1246 <http://www.schneier.com/blowfish.html>
813 select CRYPTO_GENIV !! 1247
>> 1248 config CRYPTO_BLOWFISH_X86_64
>> 1249 tristate "Blowfish cipher algorithm (x86_64)"
>> 1250 depends on X86 && 64BIT
>> 1251 select CRYPTO_BLKCIPHER
>> 1252 select CRYPTO_BLOWFISH_COMMON
814 help 1253 help
815 Sequence Number IV generator !! 1254 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
816 1255
817 This IV generator generates an IV ba !! 1256 This is a variable key length cipher which can use keys from 32
818 xoring it with a salt. This algorit !! 1257 bits to 448 bits in length. It's fast, simple and specifically
>> 1258 designed for use on "large microprocessors".
819 1259
820 This is required for IPsec ESP (XFRM !! 1260 See also:
>> 1261 <http://www.schneier.com/blowfish.html>
821 1262
822 config CRYPTO_ECHAINIV !! 1263 config CRYPTO_CAMELLIA
823 tristate "Encrypted Chain IV Generator !! 1264 tristate "Camellia cipher algorithms"
824 select CRYPTO_GENIV !! 1265 depends on CRYPTO
>> 1266 select CRYPTO_ALGAPI
825 help 1267 help
826 Encrypted Chain IV generator !! 1268 Camellia cipher algorithms module.
827 1269
828 This IV generator generates an IV ba !! 1270 Camellia is a symmetric key block cipher developed jointly
829 a sequence number xored with a salt. !! 1271 at NTT and Mitsubishi Electric Corporation.
830 algorithm for CBC. !! 1272
>> 1273 The Camellia specifies three key sizes: 128, 192 and 256 bits.
831 1274
832 config CRYPTO_ESSIV !! 1275 See also:
833 tristate "Encrypted Salt-Sector IV Gen !! 1276 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
834 select CRYPTO_AUTHENC !! 1277
>> 1278 config CRYPTO_CAMELLIA_X86_64
>> 1279 tristate "Camellia cipher algorithm (x86_64)"
>> 1280 depends on X86 && 64BIT
>> 1281 depends on CRYPTO
>> 1282 select CRYPTO_BLKCIPHER
>> 1283 select CRYPTO_GLUE_HELPER_X86
835 help 1284 help
836 Encrypted Salt-Sector IV generator !! 1285 Camellia cipher algorithm module (x86_64).
837 1286
838 This IV generator is used in some ca !! 1287 Camellia is a symmetric key block cipher developed jointly
839 dm-crypt. It uses the hash of the bl !! 1288 at NTT and Mitsubishi Electric Corporation.
840 symmetric key for a block encryption <<
841 IV, making low entropy IV sources mo <<
842 encryption. <<
843 1289
844 This driver implements a crypto API !! 1290 The Camellia specifies three key sizes: 128, 192 and 256 bits.
845 instantiated either as an skcipher o !! 1291
846 type of the first template argument) !! 1292 See also:
847 and decryption requests to the encap !! 1293 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
848 ESSIV to the input IV. Note that in !! 1294
849 that the keys are presented in the s !! 1295 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
850 template, and that the IV appears at !! 1296 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
851 associated data (AAD) region (which !! 1297 depends on X86 && 64BIT
>> 1298 depends on CRYPTO
>> 1299 select CRYPTO_BLKCIPHER
>> 1300 select CRYPTO_CAMELLIA_X86_64
>> 1301 select CRYPTO_GLUE_HELPER_X86
>> 1302 select CRYPTO_SIMD
>> 1303 select CRYPTO_XTS
>> 1304 help
>> 1305 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
852 1306
853 Note that the use of ESSIV is not re !! 1307 Camellia is a symmetric key block cipher developed jointly
854 and so this only needs to be enabled !! 1308 at NTT and Mitsubishi Electric Corporation.
855 existing encrypted volumes of filesy <<
856 building for a particular system tha <<
857 the SoC in question has accelerated <<
858 combined with ESSIV the only feasibl <<
859 block encryption) <<
860 1309
861 endmenu !! 1310 The Camellia specifies three key sizes: 128, 192 and 256 bits.
862 1311
863 menu "Hashes, digests, and MACs" !! 1312 See also:
>> 1313 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
864 1314
865 config CRYPTO_BLAKE2B !! 1315 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
866 tristate "BLAKE2b" !! 1316 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
867 select CRYPTO_HASH !! 1317 depends on X86 && 64BIT
>> 1318 depends on CRYPTO
>> 1319 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
868 help 1320 help
869 BLAKE2b cryptographic hash function !! 1321 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
870 1322
871 BLAKE2b is optimized for 64-bit plat !! 1323 Camellia is a symmetric key block cipher developed jointly
872 of any size between 1 and 64 bytes. !! 1324 at NTT and Mitsubishi Electric Corporation.
873 1325
874 This module provides the following a !! 1326 The Camellia specifies three key sizes: 128, 192 and 256 bits.
875 - blake2b-160 <<
876 - blake2b-256 <<
877 - blake2b-384 <<
878 - blake2b-512 <<
879 1327
880 Used by the btrfs filesystem. !! 1328 See also:
>> 1329 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
881 1330
882 See https://blake2.net for further i !! 1331 config CRYPTO_CAMELLIA_SPARC64
>> 1332 tristate "Camellia cipher algorithm (SPARC64)"
>> 1333 depends on SPARC64
>> 1334 depends on CRYPTO
>> 1335 select CRYPTO_ALGAPI
>> 1336 help
>> 1337 Camellia cipher algorithm module (SPARC64).
883 1338
884 config CRYPTO_CMAC !! 1339 Camellia is a symmetric key block cipher developed jointly
885 tristate "CMAC (Cipher-based MAC)" !! 1340 at NTT and Mitsubishi Electric Corporation.
886 select CRYPTO_HASH !! 1341
887 select CRYPTO_MANAGER !! 1342 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1343
>> 1344 See also:
>> 1345 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1346
>> 1347 config CRYPTO_CAST_COMMON
>> 1348 tristate
888 help 1349 help
889 CMAC (Cipher-based Message Authentic !! 1350 Common parts of the CAST cipher algorithms shared by the
890 mode (NIST SP800-38B and IETF RFC449 !! 1351 generic c and the assembler implementations.
891 1352
892 config CRYPTO_GHASH !! 1353 config CRYPTO_CAST5
893 tristate "GHASH" !! 1354 tristate "CAST5 (CAST-128) cipher algorithm"
894 select CRYPTO_HASH !! 1355 select CRYPTO_ALGAPI
895 select CRYPTO_LIB_GF128MUL !! 1356 select CRYPTO_CAST_COMMON
896 help 1357 help
897 GCM GHASH function (NIST SP800-38D) !! 1358 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1359 described in RFC2144.
898 1360
899 config CRYPTO_HMAC !! 1361 config CRYPTO_CAST5_AVX_X86_64
900 tristate "HMAC (Keyed-Hash MAC)" !! 1362 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
901 select CRYPTO_HASH !! 1363 depends on X86 && 64BIT
902 select CRYPTO_MANAGER !! 1364 select CRYPTO_BLKCIPHER
>> 1365 select CRYPTO_CAST5
>> 1366 select CRYPTO_CAST_COMMON
>> 1367 select CRYPTO_SIMD
903 help 1368 help
904 HMAC (Keyed-Hash Message Authenticat !! 1369 The CAST5 encryption algorithm (synonymous with CAST-128) is
905 RFC2104) !! 1370 described in RFC2144.
906 1371
907 This is required for IPsec AH (XFRM_ !! 1372 This module provides the Cast5 cipher algorithm that processes
>> 1373 sixteen blocks parallel using the AVX instruction set.
908 1374
909 config CRYPTO_MD4 !! 1375 config CRYPTO_CAST6
910 tristate "MD4" !! 1376 tristate "CAST6 (CAST-256) cipher algorithm"
911 select CRYPTO_HASH !! 1377 select CRYPTO_ALGAPI
>> 1378 select CRYPTO_CAST_COMMON
912 help 1379 help
913 MD4 message digest algorithm (RFC132 !! 1380 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1381 described in RFC2612.
914 1382
915 config CRYPTO_MD5 !! 1383 config CRYPTO_CAST6_AVX_X86_64
916 tristate "MD5" !! 1384 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
917 select CRYPTO_HASH !! 1385 depends on X86 && 64BIT
>> 1386 select CRYPTO_BLKCIPHER
>> 1387 select CRYPTO_CAST6
>> 1388 select CRYPTO_CAST_COMMON
>> 1389 select CRYPTO_GLUE_HELPER_X86
>> 1390 select CRYPTO_SIMD
>> 1391 select CRYPTO_XTS
918 help 1392 help
919 MD5 message digest algorithm (RFC132 !! 1393 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1394 described in RFC2612.
920 1395
921 config CRYPTO_MICHAEL_MIC !! 1396 This module provides the Cast6 cipher algorithm that processes
922 tristate "Michael MIC" !! 1397 eight blocks parallel using the AVX instruction set.
923 select CRYPTO_HASH !! 1398
>> 1399 config CRYPTO_DES
>> 1400 tristate "DES and Triple DES EDE cipher algorithms"
>> 1401 select CRYPTO_ALGAPI
924 help 1402 help
925 Michael MIC (Message Integrity Code) !! 1403 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
926 1404
927 Defined by the IEEE 802.11i TKIP (Te !! 1405 config CRYPTO_DES_SPARC64
928 known as WPA (Wif-Fi Protected Acces !! 1406 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
>> 1407 depends on SPARC64
>> 1408 select CRYPTO_ALGAPI
>> 1409 select CRYPTO_DES
>> 1410 help
>> 1411 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
>> 1412 optimized using SPARC64 crypto opcodes.
929 1413
930 This algorithm is required for TKIP, !! 1414 config CRYPTO_DES3_EDE_X86_64
931 other purposes because of the weakne !! 1415 tristate "Triple DES EDE cipher algorithm (x86-64)"
>> 1416 depends on X86 && 64BIT
>> 1417 select CRYPTO_BLKCIPHER
>> 1418 select CRYPTO_DES
>> 1419 help
>> 1420 Triple DES EDE (FIPS 46-3) algorithm.
932 1421
933 config CRYPTO_POLYVAL !! 1422 This module provides implementation of the Triple DES EDE cipher
934 tristate !! 1423 algorithm that is optimized for x86-64 processors. Two versions of
935 select CRYPTO_HASH !! 1424 algorithm are provided; regular processing one input block and
936 select CRYPTO_LIB_GF128MUL !! 1425 one that processes three blocks parallel.
>> 1426
>> 1427 config CRYPTO_FCRYPT
>> 1428 tristate "FCrypt cipher algorithm"
>> 1429 select CRYPTO_ALGAPI
>> 1430 select CRYPTO_BLKCIPHER
937 help 1431 help
938 POLYVAL hash function for HCTR2 !! 1432 FCrypt algorithm used by RxRPC.
939 1433
940 This is used in HCTR2. It is not a !! 1434 config CRYPTO_KHAZAD
941 cryptographic hash function. !! 1435 tristate "Khazad cipher algorithm"
>> 1436 select CRYPTO_ALGAPI
>> 1437 help
>> 1438 Khazad cipher algorithm.
942 1439
943 config CRYPTO_POLY1305 !! 1440 Khazad was a finalist in the initial NESSIE competition. It is
944 tristate "Poly1305" !! 1441 an algorithm optimized for 64-bit processors with good performance
945 select CRYPTO_HASH !! 1442 on 32-bit processors. Khazad uses an 128 bit key size.
946 select CRYPTO_LIB_POLY1305_GENERIC !! 1443
>> 1444 See also:
>> 1445 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
>> 1446
>> 1447 config CRYPTO_SALSA20
>> 1448 tristate "Salsa20 stream cipher algorithm"
>> 1449 select CRYPTO_BLKCIPHER
947 help 1450 help
948 Poly1305 authenticator algorithm (RF !! 1451 Salsa20 stream cipher algorithm.
949 1452
950 Poly1305 is an authenticator algorit !! 1453 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
951 It is used for the ChaCha20-Poly1305 !! 1454 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
952 in IETF protocols. This is the porta <<
953 1455
954 config CRYPTO_RMD160 !! 1456 The Salsa20 stream cipher algorithm is designed by Daniel J.
955 tristate "RIPEMD-160" !! 1457 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
956 select CRYPTO_HASH !! 1458
>> 1459 config CRYPTO_CHACHA20
>> 1460 tristate "ChaCha stream cipher algorithms"
>> 1461 select CRYPTO_BLKCIPHER
957 help 1462 help
958 RIPEMD-160 hash function (ISO/IEC 10 !! 1463 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
959 1464
960 RIPEMD-160 is a 160-bit cryptographi !! 1465 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
961 to be used as a secure replacement f !! 1466 Bernstein and further specified in RFC7539 for use in IETF protocols.
962 MD4, MD5 and its predecessor RIPEMD !! 1467 This is the portable C implementation of ChaCha20. See also:
963 (not to be confused with RIPEMD-128) !! 1468 <http://cr.yp.to/chacha/chacha-20080128.pdf>
964 1469
965 Its speed is comparable to SHA-1 and !! 1470 XChaCha20 is the application of the XSalsa20 construction to ChaCha20
966 against RIPEMD-160. !! 1471 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
>> 1472 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
>> 1473 while provably retaining ChaCha20's security. See also:
>> 1474 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
967 1475
968 Developed by Hans Dobbertin, Antoon !! 1476 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
969 See https://homes.esat.kuleuven.be/~ !! 1477 reduced security margin but increased performance. It can be needed
970 for further information. !! 1478 in some performance-sensitive scenarios.
971 1479
972 config CRYPTO_SHA1 !! 1480 config CRYPTO_CHACHA20_X86_64
973 tristate "SHA-1" !! 1481 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
974 select CRYPTO_HASH !! 1482 depends on X86 && 64BIT
975 select CRYPTO_LIB_SHA1 !! 1483 select CRYPTO_BLKCIPHER
>> 1484 select CRYPTO_CHACHA20
976 help 1485 help
977 SHA-1 secure hash algorithm (FIPS 18 !! 1486 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
>> 1487 XChaCha20, and XChaCha12 stream ciphers.
978 1488
979 config CRYPTO_SHA256 !! 1489 config CRYPTO_SEED
980 tristate "SHA-224 and SHA-256" !! 1490 tristate "SEED cipher algorithm"
981 select CRYPTO_HASH !! 1491 select CRYPTO_ALGAPI
982 select CRYPTO_LIB_SHA256 <<
983 help 1492 help
984 SHA-224 and SHA-256 secure hash algo !! 1493 SEED cipher algorithm (RFC4269).
985 1494
986 This is required for IPsec AH (XFRM_ !! 1495 SEED is a 128-bit symmetric key block cipher that has been
987 Used by the btrfs filesystem, Ceph, !! 1496 developed by KISA (Korea Information Security Agency) as a
>> 1497 national standard encryption algorithm of the Republic of Korea.
>> 1498 It is a 16 round block cipher with the key size of 128 bit.
988 1499
989 config CRYPTO_SHA512 !! 1500 See also:
990 tristate "SHA-384 and SHA-512" !! 1501 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
991 select CRYPTO_HASH <<
992 help <<
993 SHA-384 and SHA-512 secure hash algo <<
994 1502
995 config CRYPTO_SHA3 !! 1503 config CRYPTO_SERPENT
996 tristate "SHA-3" !! 1504 tristate "Serpent cipher algorithm"
997 select CRYPTO_HASH !! 1505 select CRYPTO_ALGAPI
998 help 1506 help
999 SHA-3 secure hash algorithms (FIPS 2 !! 1507 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1000 1508
1001 config CRYPTO_SM3 !! 1509 Keys are allowed to be from 0 to 256 bits in length, in steps
1002 tristate !! 1510 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
>> 1511 variant of Serpent for compatibility with old kerneli.org code.
1003 1512
1004 config CRYPTO_SM3_GENERIC !! 1513 See also:
1005 tristate "SM3 (ShangMi 3)" !! 1514 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1006 select CRYPTO_HASH !! 1515
1007 select CRYPTO_SM3 !! 1516 config CRYPTO_SERPENT_SSE2_X86_64
>> 1517 tristate "Serpent cipher algorithm (x86_64/SSE2)"
>> 1518 depends on X86 && 64BIT
>> 1519 select CRYPTO_BLKCIPHER
>> 1520 select CRYPTO_GLUE_HELPER_X86
>> 1521 select CRYPTO_SERPENT
>> 1522 select CRYPTO_SIMD
1008 help 1523 help
1009 SM3 (ShangMi 3) secure hash functio !! 1524 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1010 1525
1011 This is part of the Chinese Commerc !! 1526 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1527 of 8 bits.
1012 1528
1013 References: !! 1529 This module provides Serpent cipher algorithm that processes eight
1014 http://www.oscca.gov.cn/UpFile/2010 !! 1530 blocks parallel using SSE2 instruction set.
1015 https://datatracker.ietf.org/doc/ht <<
1016 1531
1017 config CRYPTO_STREEBOG !! 1532 See also:
1018 tristate "Streebog" !! 1533 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1019 select CRYPTO_HASH !! 1534
>> 1535 config CRYPTO_SERPENT_SSE2_586
>> 1536 tristate "Serpent cipher algorithm (i586/SSE2)"
>> 1537 depends on X86 && !64BIT
>> 1538 select CRYPTO_BLKCIPHER
>> 1539 select CRYPTO_GLUE_HELPER_X86
>> 1540 select CRYPTO_SERPENT
>> 1541 select CRYPTO_SIMD
1020 help 1542 help
1021 Streebog Hash Function (GOST R 34.1 !! 1543 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1022 1544
1023 This is one of the Russian cryptogr !! 1545 Keys are allowed to be from 0 to 256 bits in length, in steps
1024 GOST algorithms). This setting enab !! 1546 of 8 bits.
1025 256 and 512 bits output. <<
1026 1547
1027 References: !! 1548 This module provides Serpent cipher algorithm that processes four
1028 https://tc26.ru/upload/iblock/fed/f !! 1549 blocks parallel using SSE2 instruction set.
1029 https://tools.ietf.org/html/rfc6986 <<
1030 1550
1031 config CRYPTO_VMAC !! 1551 See also:
1032 tristate "VMAC" !! 1552 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1033 select CRYPTO_HASH !! 1553
1034 select CRYPTO_MANAGER !! 1554 config CRYPTO_SERPENT_AVX_X86_64
>> 1555 tristate "Serpent cipher algorithm (x86_64/AVX)"
>> 1556 depends on X86 && 64BIT
>> 1557 select CRYPTO_BLKCIPHER
>> 1558 select CRYPTO_GLUE_HELPER_X86
>> 1559 select CRYPTO_SERPENT
>> 1560 select CRYPTO_SIMD
>> 1561 select CRYPTO_XTS
1035 help 1562 help
1036 VMAC is a message authentication al !! 1563 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1037 very high speed on 64-bit architect !! 1564
>> 1565 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1566 of 8 bits.
1038 1567
1039 See https://fastcrypto.org/vmac for !! 1568 This module provides the Serpent cipher algorithm that processes
>> 1569 eight blocks parallel using the AVX instruction set.
1040 1570
1041 config CRYPTO_WP512 !! 1571 See also:
1042 tristate "Whirlpool" !! 1572 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1043 select CRYPTO_HASH !! 1573
>> 1574 config CRYPTO_SERPENT_AVX2_X86_64
>> 1575 tristate "Serpent cipher algorithm (x86_64/AVX2)"
>> 1576 depends on X86 && 64BIT
>> 1577 select CRYPTO_SERPENT_AVX_X86_64
1044 help 1578 help
1045 Whirlpool hash function (ISO/IEC 10 !! 1579 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1046 1580
1047 512, 384 and 256-bit hashes. !! 1581 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1582 of 8 bits.
1048 1583
1049 Whirlpool-512 is part of the NESSIE !! 1584 This module provides Serpent cipher algorithm that processes 16
>> 1585 blocks parallel using AVX2 instruction set.
1050 1586
1051 See https://web.archive.org/web/201 !! 1587 See also:
1052 for further information. !! 1588 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1053 1589
1054 config CRYPTO_XCBC !! 1590 config CRYPTO_SM4
1055 tristate "XCBC-MAC (Extended Cipher B !! 1591 tristate "SM4 cipher algorithm"
1056 select CRYPTO_HASH !! 1592 select CRYPTO_ALGAPI
1057 select CRYPTO_MANAGER <<
1058 help 1593 help
1059 XCBC-MAC (Extended Cipher Block Cha !! 1594 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1060 Code) (RFC3566) <<
1061 1595
1062 config CRYPTO_XXHASH !! 1596 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1063 tristate "xxHash" !! 1597 Organization of State Commercial Administration of China (OSCCA)
1064 select CRYPTO_HASH !! 1598 as an authorized cryptographic algorithms for the use within China.
1065 select XXHASH !! 1599
>> 1600 SMS4 was originally created for use in protecting wireless
>> 1601 networks, and is mandated in the Chinese National Standard for
>> 1602 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
>> 1603 (GB.15629.11-2003).
>> 1604
>> 1605 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
>> 1606 standardized through TC 260 of the Standardization Administration
>> 1607 of the People's Republic of China (SAC).
>> 1608
>> 1609 The input, output, and key of SMS4 are each 128 bits.
>> 1610
>> 1611 See also: <https://eprint.iacr.org/2008/329.pdf>
>> 1612
>> 1613 If unsure, say N.
>> 1614
>> 1615 config CRYPTO_TEA
>> 1616 tristate "TEA, XTEA and XETA cipher algorithms"
>> 1617 select CRYPTO_ALGAPI
1066 help 1618 help
1067 xxHash non-cryptographic hash algor !! 1619 TEA cipher algorithm.
>> 1620
>> 1621 Tiny Encryption Algorithm is a simple cipher that uses
>> 1622 many rounds for security. It is very fast and uses
>> 1623 little memory.
>> 1624
>> 1625 Xtendend Tiny Encryption Algorithm is a modification to
>> 1626 the TEA algorithm to address a potential key weakness
>> 1627 in the TEA algorithm.
>> 1628
>> 1629 Xtendend Encryption Tiny Algorithm is a mis-implementation
>> 1630 of the XTEA algorithm for compatibility purposes.
1068 1631
1069 Extremely fast, working at speeds c !! 1632 config CRYPTO_TWOFISH
>> 1633 tristate "Twofish cipher algorithm"
>> 1634 select CRYPTO_ALGAPI
>> 1635 select CRYPTO_TWOFISH_COMMON
>> 1636 help
>> 1637 Twofish cipher algorithm.
1070 1638
1071 Used by the btrfs filesystem. !! 1639 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1640 candidate cipher by researchers at CounterPane Systems. It is a
>> 1641 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1642 bits.
1072 1643
1073 endmenu !! 1644 See also:
>> 1645 <http://www.schneier.com/twofish.html>
1074 1646
1075 menu "CRCs (cyclic redundancy checks)" !! 1647 config CRYPTO_TWOFISH_COMMON
>> 1648 tristate
>> 1649 help
>> 1650 Common parts of the Twofish cipher algorithm shared by the
>> 1651 generic c and the assembler implementations.
1076 1652
1077 config CRYPTO_CRC32C !! 1653 config CRYPTO_TWOFISH_586
1078 tristate "CRC32c" !! 1654 tristate "Twofish cipher algorithms (i586)"
1079 select CRYPTO_HASH !! 1655 depends on (X86 || UML_X86) && !64BIT
1080 select CRC32 !! 1656 select CRYPTO_ALGAPI
>> 1657 select CRYPTO_TWOFISH_COMMON
1081 help 1658 help
1082 CRC32c CRC algorithm with the iSCSI !! 1659 Twofish cipher algorithm.
1083 1660
1084 A 32-bit CRC (cyclic redundancy che !! 1661 Twofish was submitted as an AES (Advanced Encryption Standard)
1085 by G. Castagnoli, S. Braeuer and M. !! 1662 candidate cipher by researchers at CounterPane Systems. It is a
1086 Redundancy-Check Codes with 24 and !! 1663 16 round block cipher supporting key sizes of 128, 192, and 256
1087 on Communications, Vol. 41, No. 6, !! 1664 bits.
1088 iSCSI. <<
1089 1665
1090 Used by btrfs, ext4, jbd2, NVMeoF/T !! 1666 See also:
>> 1667 <http://www.schneier.com/twofish.html>
1091 1668
1092 config CRYPTO_CRC32 !! 1669 config CRYPTO_TWOFISH_X86_64
1093 tristate "CRC32" !! 1670 tristate "Twofish cipher algorithm (x86_64)"
1094 select CRYPTO_HASH !! 1671 depends on (X86 || UML_X86) && 64BIT
1095 select CRC32 !! 1672 select CRYPTO_ALGAPI
>> 1673 select CRYPTO_TWOFISH_COMMON
1096 help 1674 help
1097 CRC32 CRC algorithm (IEEE 802.3) !! 1675 Twofish cipher algorithm (x86_64).
1098 1676
1099 Used by RoCEv2 and f2fs. !! 1677 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1678 candidate cipher by researchers at CounterPane Systems. It is a
>> 1679 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1680 bits.
1100 1681
1101 config CRYPTO_CRCT10DIF !! 1682 See also:
1102 tristate "CRCT10DIF" !! 1683 <http://www.schneier.com/twofish.html>
1103 select CRYPTO_HASH !! 1684
>> 1685 config CRYPTO_TWOFISH_X86_64_3WAY
>> 1686 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
>> 1687 depends on X86 && 64BIT
>> 1688 select CRYPTO_BLKCIPHER
>> 1689 select CRYPTO_TWOFISH_COMMON
>> 1690 select CRYPTO_TWOFISH_X86_64
>> 1691 select CRYPTO_GLUE_HELPER_X86
1104 help 1692 help
1105 CRC16 CRC algorithm used for the T1 !! 1693 Twofish cipher algorithm (x86_64, 3-way parallel).
1106 1694
1107 CRC algorithm used by the SCSI Bloc !! 1695 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1696 candidate cipher by researchers at CounterPane Systems. It is a
>> 1697 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1698 bits.
1108 1699
1109 config CRYPTO_CRC64_ROCKSOFT !! 1700 This module provides Twofish cipher algorithm that processes three
1110 tristate "CRC64 based on Rocksoft Mod !! 1701 blocks parallel, utilizing resources of out-of-order CPUs better.
1111 depends on CRC64 !! 1702
1112 select CRYPTO_HASH !! 1703 See also:
>> 1704 <http://www.schneier.com/twofish.html>
>> 1705
>> 1706 config CRYPTO_TWOFISH_AVX_X86_64
>> 1707 tristate "Twofish cipher algorithm (x86_64/AVX)"
>> 1708 depends on X86 && 64BIT
>> 1709 select CRYPTO_BLKCIPHER
>> 1710 select CRYPTO_GLUE_HELPER_X86
>> 1711 select CRYPTO_SIMD
>> 1712 select CRYPTO_TWOFISH_COMMON
>> 1713 select CRYPTO_TWOFISH_X86_64
>> 1714 select CRYPTO_TWOFISH_X86_64_3WAY
1113 help 1715 help
1114 CRC64 CRC algorithm based on the Ro !! 1716 Twofish cipher algorithm (x86_64/AVX).
1115 1717
1116 Used by the NVMe implementation of !! 1718 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1719 candidate cipher by researchers at CounterPane Systems. It is a
>> 1720 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1721 bits.
1117 1722
1118 See https://zlib.net/crc_v3.txt !! 1723 This module provides the Twofish cipher algorithm that processes
>> 1724 eight blocks parallel using the AVX Instruction Set.
1119 1725
1120 endmenu !! 1726 See also:
>> 1727 <http://www.schneier.com/twofish.html>
1121 1728
1122 menu "Compression" !! 1729 comment "Compression"
1123 1730
1124 config CRYPTO_DEFLATE 1731 config CRYPTO_DEFLATE
1125 tristate "Deflate" !! 1732 tristate "Deflate compression algorithm"
1126 select CRYPTO_ALGAPI 1733 select CRYPTO_ALGAPI
1127 select CRYPTO_ACOMP2 1734 select CRYPTO_ACOMP2
1128 select ZLIB_INFLATE 1735 select ZLIB_INFLATE
1129 select ZLIB_DEFLATE 1736 select ZLIB_DEFLATE
1130 help 1737 help
1131 Deflate compression algorithm (RFC1 !! 1738 This is the Deflate algorithm (RFC1951), specified for use in
>> 1739 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1132 1740
1133 Used by IPSec with the IPCOMP proto !! 1741 You will most probably want this if using IPSec.
1134 1742
1135 config CRYPTO_LZO 1743 config CRYPTO_LZO
1136 tristate "LZO" !! 1744 tristate "LZO compression algorithm"
1137 select CRYPTO_ALGAPI 1745 select CRYPTO_ALGAPI
1138 select CRYPTO_ACOMP2 1746 select CRYPTO_ACOMP2
1139 select LZO_COMPRESS 1747 select LZO_COMPRESS
1140 select LZO_DECOMPRESS 1748 select LZO_DECOMPRESS
1141 help 1749 help
1142 LZO compression algorithm !! 1750 This is the LZO algorithm.
1143 <<
1144 See https://www.oberhumer.com/opens <<
1145 1751
1146 config CRYPTO_842 1752 config CRYPTO_842
1147 tristate "842" !! 1753 tristate "842 compression algorithm"
1148 select CRYPTO_ALGAPI 1754 select CRYPTO_ALGAPI
1149 select CRYPTO_ACOMP2 1755 select CRYPTO_ACOMP2
1150 select 842_COMPRESS 1756 select 842_COMPRESS
1151 select 842_DECOMPRESS 1757 select 842_DECOMPRESS
1152 help 1758 help
1153 842 compression algorithm by IBM !! 1759 This is the 842 algorithm.
1154 <<
1155 See https://github.com/plauth/lib84 <<
1156 1760
1157 config CRYPTO_LZ4 1761 config CRYPTO_LZ4
1158 tristate "LZ4" !! 1762 tristate "LZ4 compression algorithm"
1159 select CRYPTO_ALGAPI 1763 select CRYPTO_ALGAPI
1160 select CRYPTO_ACOMP2 1764 select CRYPTO_ACOMP2
1161 select LZ4_COMPRESS 1765 select LZ4_COMPRESS
1162 select LZ4_DECOMPRESS 1766 select LZ4_DECOMPRESS
1163 help 1767 help
1164 LZ4 compression algorithm !! 1768 This is the LZ4 algorithm.
1165 <<
1166 See https://github.com/lz4/lz4 for <<
1167 1769
1168 config CRYPTO_LZ4HC 1770 config CRYPTO_LZ4HC
1169 tristate "LZ4HC" !! 1771 tristate "LZ4HC compression algorithm"
1170 select CRYPTO_ALGAPI 1772 select CRYPTO_ALGAPI
1171 select CRYPTO_ACOMP2 1773 select CRYPTO_ACOMP2
1172 select LZ4HC_COMPRESS 1774 select LZ4HC_COMPRESS
1173 select LZ4_DECOMPRESS 1775 select LZ4_DECOMPRESS
1174 help 1776 help
1175 LZ4 high compression mode algorithm !! 1777 This is the LZ4 high compression mode algorithm.
1176 <<
1177 See https://github.com/lz4/lz4 for <<
1178 1778
1179 config CRYPTO_ZSTD 1779 config CRYPTO_ZSTD
1180 tristate "Zstd" !! 1780 tristate "Zstd compression algorithm"
1181 select CRYPTO_ALGAPI 1781 select CRYPTO_ALGAPI
1182 select CRYPTO_ACOMP2 1782 select CRYPTO_ACOMP2
1183 select ZSTD_COMPRESS 1783 select ZSTD_COMPRESS
1184 select ZSTD_DECOMPRESS 1784 select ZSTD_DECOMPRESS
1185 help 1785 help
1186 zstd compression algorithm !! 1786 This is the zstd algorithm.
1187 1787
1188 See https://github.com/facebook/zst !! 1788 comment "Random Number Generation"
1189 <<
1190 endmenu <<
1191 <<
1192 menu "Random number generation" <<
1193 1789
1194 config CRYPTO_ANSI_CPRNG 1790 config CRYPTO_ANSI_CPRNG
1195 tristate "ANSI PRNG (Pseudo Random Nu !! 1791 tristate "Pseudo Random Number Generation for Cryptographic modules"
1196 select CRYPTO_AES 1792 select CRYPTO_AES
1197 select CRYPTO_RNG 1793 select CRYPTO_RNG
1198 help 1794 help
1199 Pseudo RNG (random number generator !! 1795 This option enables the generic pseudo random number generator
1200 !! 1796 for cryptographic modules. Uses the Algorithm specified in
1201 This uses the AES cipher algorithm. !! 1797 ANSI X9.31 A.2.4. Note that this option must be enabled if
1202 !! 1798 CRYPTO_FIPS is selected
1203 Note that this option must be enabl <<
1204 1799
1205 menuconfig CRYPTO_DRBG_MENU 1800 menuconfig CRYPTO_DRBG_MENU
1206 tristate "NIST SP800-90A DRBG (Determ !! 1801 tristate "NIST SP800-90A DRBG"
1207 help 1802 help
1208 DRBG (Deterministic Random Bit Gene !! 1803 NIST SP800-90A compliant DRBG. In the following submenu, one or
1209 !! 1804 more of the DRBG types must be selected.
1210 In the following submenu, one or mo <<
1211 1805
1212 if CRYPTO_DRBG_MENU 1806 if CRYPTO_DRBG_MENU
1213 1807
1214 config CRYPTO_DRBG_HMAC 1808 config CRYPTO_DRBG_HMAC
1215 bool 1809 bool
1216 default y 1810 default y
1217 select CRYPTO_HMAC 1811 select CRYPTO_HMAC
1218 select CRYPTO_SHA512 !! 1812 select CRYPTO_SHA256
1219 1813
1220 config CRYPTO_DRBG_HASH 1814 config CRYPTO_DRBG_HASH
1221 bool "Hash_DRBG" !! 1815 bool "Enable Hash DRBG"
1222 select CRYPTO_SHA256 1816 select CRYPTO_SHA256
1223 help 1817 help
1224 Hash_DRBG variant as defined in NIS !! 1818 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1225 <<
1226 This uses the SHA-1, SHA-256, SHA-3 <<
1227 1819
1228 config CRYPTO_DRBG_CTR 1820 config CRYPTO_DRBG_CTR
1229 bool "CTR_DRBG" !! 1821 bool "Enable CTR DRBG"
1230 select CRYPTO_AES 1822 select CRYPTO_AES
1231 select CRYPTO_CTR !! 1823 depends on CRYPTO_CTR
1232 help 1824 help
1233 CTR_DRBG variant as defined in NIST !! 1825 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1234 <<
1235 This uses the AES cipher algorithm <<
1236 1826
1237 config CRYPTO_DRBG 1827 config CRYPTO_DRBG
1238 tristate 1828 tristate
1239 default CRYPTO_DRBG_MENU 1829 default CRYPTO_DRBG_MENU
1240 select CRYPTO_RNG 1830 select CRYPTO_RNG
1241 select CRYPTO_JITTERENTROPY 1831 select CRYPTO_JITTERENTROPY
1242 1832
1243 endif # if CRYPTO_DRBG_MENU 1833 endif # if CRYPTO_DRBG_MENU
1244 1834
1245 config CRYPTO_JITTERENTROPY 1835 config CRYPTO_JITTERENTROPY
1246 tristate "CPU Jitter Non-Deterministi !! 1836 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1247 select CRYPTO_RNG 1837 select CRYPTO_RNG
1248 select CRYPTO_SHA3 <<
1249 help 1838 help
1250 CPU Jitter RNG (Random Number Gener !! 1839 The Jitterentropy RNG is a noise that is intended
1251 !! 1840 to provide seed to another RNG. The RNG does not
1252 A non-physical non-deterministic (" !! 1841 perform any cryptographic whitening of the generated
1253 compliant with NIST SP800-90B) inte !! 1842 random numbers. This Jitterentropy RNG registers with
1254 deterministic RNG (e.g., per NIST S !! 1843 the kernel crypto API and can be used by any caller.
1255 This RNG does not perform any crypt <<
1256 random numbers. <<
1257 <<
1258 See https://www.chronox.de/jent/ <<
1259 <<
1260 if CRYPTO_JITTERENTROPY <<
1261 if CRYPTO_FIPS && EXPERT <<
1262 <<
1263 choice <<
1264 prompt "CPU Jitter RNG Memory Size" <<
1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ <<
1266 help <<
1267 The Jitter RNG measures the executi <<
1268 Multiple consecutive memory accesse <<
1269 size fits into a cache (e.g. L1), o <<
1270 to that cache is measured. The clos <<
1271 the less variations are measured an <<
1272 obtained. Thus, if the memory size <<
1273 obtained entropy is less than if th <<
1274 L1 + L2, which in turn is less if t <<
1275 L1 + L2 + L3. Thus, by selecting a <<
1276 the entropy rate produced by the Ji <<
1277 <<
1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 <<
1279 bool "2048 Bytes (default)" <<
1280 <<
1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1282 bool "128 kBytes" <<
1283 <<
1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1285 bool "1024 kBytes" <<
1286 <<
1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 <<
1288 bool "8192 kBytes" <<
1289 endchoice <<
1290 <<
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1292 int <<
1293 default 64 if CRYPTO_JITTERENTROPY_ME <<
1294 default 512 if CRYPTO_JITTERENTROPY_M <<
1295 default 1024 if CRYPTO_JITTERENTROPY_ <<
1296 default 4096 if CRYPTO_JITTERENTROPY_ <<
1297 <<
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1299 int <<
1300 default 32 if CRYPTO_JITTERENTROPY_ME <<
1301 default 256 if CRYPTO_JITTERENTROPY_M <<
1302 default 1024 if CRYPTO_JITTERENTROPY_ <<
1303 default 2048 if CRYPTO_JITTERENTROPY_ <<
1304 <<
1305 config CRYPTO_JITTERENTROPY_OSR <<
1306 int "CPU Jitter RNG Oversampling Rate <<
1307 range 1 15 <<
1308 default 3 <<
1309 help <<
1310 The Jitter RNG allows the specifica <<
1311 The Jitter RNG operation requires a <<
1312 measurements to produce one output <<
1313 OSR value is multiplied with the am <<
1314 generate one output block. Thus, th <<
1315 by the OSR factor. The oversampling <<
1316 on hardware whose timers deliver li <<
1317 the timer is coarse) by setting the <<
1318 trade-off, however, is that the Jit <<
1319 to generate random numbers. <<
1320 <<
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1322 bool "CPU Jitter RNG Test Interface" <<
1323 help <<
1324 The test interface allows a privile <<
1325 the raw unconditioned high resoluti <<
1326 is collected by the Jitter RNG for <<
1327 this data is used at the same time <<
1328 the Jitter RNG operates in an insec <<
1329 recording is enabled. This interfac <<
1330 intended for testing purposes and i <<
1331 production systems. <<
1332 <<
1333 The raw noise data can be obtained <<
1334 debugfs file. Using the option <<
1335 jitterentropy_testing.boot_raw_hire <<
1336 the first 1000 entropy events since <<
1337 <<
1338 If unsure, select N. <<
1339 <<
1340 endif # if CRYPTO_FIPS && EXPERT <<
1341 <<
1342 if !(CRYPTO_FIPS && EXPERT) <<
1343 <<
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1345 int <<
1346 default 64 <<
1347 <<
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1349 int <<
1350 default 32 <<
1351 <<
1352 config CRYPTO_JITTERENTROPY_OSR <<
1353 int <<
1354 default 1 <<
1355 <<
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1357 bool <<
1358 <<
1359 endif # if !(CRYPTO_FIPS && EXPERT) <<
1360 endif # if CRYPTO_JITTERENTROPY <<
1361 <<
1362 config CRYPTO_KDF800108_CTR <<
1363 tristate <<
1364 select CRYPTO_HMAC <<
1365 select CRYPTO_SHA256 <<
1366 <<
1367 endmenu <<
1368 menu "Userspace interface" <<
1369 1844
1370 config CRYPTO_USER_API 1845 config CRYPTO_USER_API
1371 tristate 1846 tristate
1372 1847
1373 config CRYPTO_USER_API_HASH 1848 config CRYPTO_USER_API_HASH
1374 tristate "Hash algorithms" !! 1849 tristate "User-space interface for hash algorithms"
1375 depends on NET 1850 depends on NET
1376 select CRYPTO_HASH 1851 select CRYPTO_HASH
1377 select CRYPTO_USER_API 1852 select CRYPTO_USER_API
1378 help 1853 help
1379 Enable the userspace interface for !! 1854 This option enables the user-spaces interface for hash
1380 !! 1855 algorithms.
1381 See Documentation/crypto/userspace- <<
1382 https://www.chronox.de/libkcapi/htm <<
1383 1856
1384 config CRYPTO_USER_API_SKCIPHER 1857 config CRYPTO_USER_API_SKCIPHER
1385 tristate "Symmetric key cipher algori !! 1858 tristate "User-space interface for symmetric key cipher algorithms"
1386 depends on NET 1859 depends on NET
1387 select CRYPTO_SKCIPHER !! 1860 select CRYPTO_BLKCIPHER
1388 select CRYPTO_USER_API 1861 select CRYPTO_USER_API
1389 help 1862 help
1390 Enable the userspace interface for !! 1863 This option enables the user-spaces interface for symmetric
1391 !! 1864 key cipher algorithms.
1392 See Documentation/crypto/userspace- <<
1393 https://www.chronox.de/libkcapi/htm <<
1394 1865
1395 config CRYPTO_USER_API_RNG 1866 config CRYPTO_USER_API_RNG
1396 tristate "RNG (random number generato !! 1867 tristate "User-space interface for random number generator algorithms"
1397 depends on NET 1868 depends on NET
1398 select CRYPTO_RNG 1869 select CRYPTO_RNG
1399 select CRYPTO_USER_API 1870 select CRYPTO_USER_API
1400 help 1871 help
1401 Enable the userspace interface for !! 1872 This option enables the user-spaces interface for random
1402 algorithms. !! 1873 number generator algorithms.
1403 <<
1404 See Documentation/crypto/userspace- <<
1405 https://www.chronox.de/libkcapi/htm <<
1406 <<
1407 config CRYPTO_USER_API_RNG_CAVP <<
1408 bool "Enable CAVP testing of DRBG" <<
1409 depends on CRYPTO_USER_API_RNG && CRY <<
1410 help <<
1411 Enable extra APIs in the userspace <<
1412 (Cryptographic Algorithm Validation <<
1413 - resetting DRBG entropy <<
1414 - providing Additional Data <<
1415 <<
1416 This should only be enabled for CAV <<
1417 no unless you know what this is. <<
1418 1874
1419 config CRYPTO_USER_API_AEAD 1875 config CRYPTO_USER_API_AEAD
1420 tristate "AEAD cipher algorithms" !! 1876 tristate "User-space interface for AEAD cipher algorithms"
1421 depends on NET 1877 depends on NET
1422 select CRYPTO_AEAD 1878 select CRYPTO_AEAD
1423 select CRYPTO_SKCIPHER !! 1879 select CRYPTO_BLKCIPHER
1424 select CRYPTO_NULL 1880 select CRYPTO_NULL
1425 select CRYPTO_USER_API 1881 select CRYPTO_USER_API
1426 help 1882 help
1427 Enable the userspace interface for !! 1883 This option enables the user-spaces interface for AEAD
>> 1884 cipher algorithms.
1428 1885
1429 See Documentation/crypto/userspace- !! 1886 config CRYPTO_STATS
1430 https://www.chronox.de/libkcapi/htm !! 1887 bool "Crypto usage statistics for User-space"
1431 !! 1888 depends on CRYPTO_USER
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE !! 1889 help
1433 bool "Obsolete cryptographic algorith !! 1890 This option enables the gathering of crypto stats.
1434 depends on CRYPTO_USER_API !! 1891 This will collect:
1435 default y !! 1892 - encrypt/decrypt size and numbers of symmeric operations
1436 help !! 1893 - compress/decompress size and numbers of compress operations
1437 Allow obsolete cryptographic algori !! 1894 - size and numbers of hash operations
1438 already been phased out from intern !! 1895 - encrypt/decrypt/sign/verify numbers for asymmetric operations
1439 only useful for userspace clients t !! 1896 - generate/seed numbers for rng operations
1440 <<
1441 endmenu <<
1442 1897
1443 config CRYPTO_HASH_INFO 1898 config CRYPTO_HASH_INFO
1444 bool 1899 bool
1445 <<
1446 if !KMSAN # avoid false positives from assemb <<
1447 if ARM <<
1448 source "arch/arm/crypto/Kconfig" <<
1449 endif <<
1450 if ARM64 <<
1451 source "arch/arm64/crypto/Kconfig" <<
1452 endif <<
1453 if LOONGARCH <<
1454 source "arch/loongarch/crypto/Kconfig" <<
1455 endif <<
1456 if MIPS <<
1457 source "arch/mips/crypto/Kconfig" <<
1458 endif <<
1459 if PPC <<
1460 source "arch/powerpc/crypto/Kconfig" <<
1461 endif <<
1462 if RISCV <<
1463 source "arch/riscv/crypto/Kconfig" <<
1464 endif <<
1465 if S390 <<
1466 source "arch/s390/crypto/Kconfig" <<
1467 endif <<
1468 if SPARC <<
1469 source "arch/sparc/crypto/Kconfig" <<
1470 endif <<
1471 if X86 <<
1472 source "arch/x86/crypto/Kconfig" <<
1473 endif <<
1474 endif <<
1475 1900
1476 source "drivers/crypto/Kconfig" 1901 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig" 1902 source "crypto/asymmetric_keys/Kconfig"
1478 source "certs/Kconfig" 1903 source "certs/Kconfig"
1479 1904
1480 endif # if CRYPTO 1905 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.