1 # SPDX-License-Identifier: GPL-2.0 1 # SPDX-License-Identifier: GPL-2.0
2 # 2 #
3 # Generic algorithms support 3 # Generic algorithms support
4 # 4 #
5 config XOR_BLOCKS 5 config XOR_BLOCKS
6 tristate 6 tristate
7 7
8 # 8 #
9 # async_tx api: hardware offloaded memory tran 9 # async_tx api: hardware offloaded memory transfer/transform support
10 # 10 #
11 source "crypto/async_tx/Kconfig" 11 source "crypto/async_tx/Kconfig"
12 12
13 # 13 #
14 # Cryptographic API Configuration 14 # Cryptographic API Configuration
15 # 15 #
16 menuconfig CRYPTO 16 menuconfig CRYPTO
17 tristate "Cryptographic API" 17 tristate "Cryptographic API"
18 select CRYPTO_LIB_UTILS !! 18 select LIB_MEMNEQ
19 help 19 help
20 This option provides the core Crypto 20 This option provides the core Cryptographic API.
21 21
22 if CRYPTO 22 if CRYPTO
23 23
24 menu "Crypto core or helper" !! 24 comment "Crypto core or helper"
25 25
26 config CRYPTO_FIPS 26 config CRYPTO_FIPS
27 bool "FIPS 200 compliance" 27 bool "FIPS 200 compliance"
28 depends on (CRYPTO_ANSI_CPRNG || CRYPT 28 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
29 depends on (MODULE_SIG || !MODULES) 29 depends on (MODULE_SIG || !MODULES)
30 help 30 help
31 This option enables the fips boot op 31 This option enables the fips boot option which is
32 required if you want the system to o 32 required if you want the system to operate in a FIPS 200
33 certification. You should say no un 33 certification. You should say no unless you know what
34 this is. 34 this is.
35 35
36 config CRYPTO_FIPS_NAME <<
37 string "FIPS Module Name" <<
38 default "Linux Kernel Cryptographic AP <<
39 depends on CRYPTO_FIPS <<
40 help <<
41 This option sets the FIPS Module nam <<
42 the /proc/sys/crypto/fips_name file. <<
43 <<
44 config CRYPTO_FIPS_CUSTOM_VERSION <<
45 bool "Use Custom FIPS Module Version" <<
46 depends on CRYPTO_FIPS <<
47 default n <<
48 <<
49 config CRYPTO_FIPS_VERSION <<
50 string "FIPS Module Version" <<
51 default "(none)" <<
52 depends on CRYPTO_FIPS_CUSTOM_VERSION <<
53 help <<
54 This option provides the ability to <<
55 By default the KERNELRELEASE value i <<
56 <<
57 config CRYPTO_ALGAPI 36 config CRYPTO_ALGAPI
58 tristate 37 tristate
59 select CRYPTO_ALGAPI2 38 select CRYPTO_ALGAPI2
60 help 39 help
61 This option provides the API for cry 40 This option provides the API for cryptographic algorithms.
62 41
63 config CRYPTO_ALGAPI2 42 config CRYPTO_ALGAPI2
64 tristate 43 tristate
65 44
66 config CRYPTO_AEAD 45 config CRYPTO_AEAD
67 tristate 46 tristate
68 select CRYPTO_AEAD2 47 select CRYPTO_AEAD2
69 select CRYPTO_ALGAPI 48 select CRYPTO_ALGAPI
70 49
71 config CRYPTO_AEAD2 50 config CRYPTO_AEAD2
72 tristate 51 tristate
73 select CRYPTO_ALGAPI2 52 select CRYPTO_ALGAPI2
74 !! 53 select CRYPTO_NULL2
75 config CRYPTO_SIG !! 54 select CRYPTO_RNG2
76 tristate <<
77 select CRYPTO_SIG2 <<
78 select CRYPTO_ALGAPI <<
79 <<
80 config CRYPTO_SIG2 <<
81 tristate <<
82 select CRYPTO_ALGAPI2 <<
83 55
84 config CRYPTO_SKCIPHER 56 config CRYPTO_SKCIPHER
85 tristate 57 tristate
86 select CRYPTO_SKCIPHER2 58 select CRYPTO_SKCIPHER2
87 select CRYPTO_ALGAPI 59 select CRYPTO_ALGAPI
88 select CRYPTO_ECB <<
89 60
90 config CRYPTO_SKCIPHER2 61 config CRYPTO_SKCIPHER2
91 tristate 62 tristate
92 select CRYPTO_ALGAPI2 63 select CRYPTO_ALGAPI2
>> 64 select CRYPTO_RNG2
93 65
94 config CRYPTO_HASH 66 config CRYPTO_HASH
95 tristate 67 tristate
96 select CRYPTO_HASH2 68 select CRYPTO_HASH2
97 select CRYPTO_ALGAPI 69 select CRYPTO_ALGAPI
98 70
99 config CRYPTO_HASH2 71 config CRYPTO_HASH2
100 tristate 72 tristate
101 select CRYPTO_ALGAPI2 73 select CRYPTO_ALGAPI2
102 74
103 config CRYPTO_RNG 75 config CRYPTO_RNG
104 tristate 76 tristate
105 select CRYPTO_RNG2 77 select CRYPTO_RNG2
106 select CRYPTO_ALGAPI 78 select CRYPTO_ALGAPI
107 79
108 config CRYPTO_RNG2 80 config CRYPTO_RNG2
109 tristate 81 tristate
110 select CRYPTO_ALGAPI2 82 select CRYPTO_ALGAPI2
111 83
112 config CRYPTO_RNG_DEFAULT 84 config CRYPTO_RNG_DEFAULT
113 tristate 85 tristate
114 select CRYPTO_DRBG_MENU 86 select CRYPTO_DRBG_MENU
115 87
116 config CRYPTO_AKCIPHER2 88 config CRYPTO_AKCIPHER2
117 tristate 89 tristate
118 select CRYPTO_ALGAPI2 90 select CRYPTO_ALGAPI2
119 91
120 config CRYPTO_AKCIPHER 92 config CRYPTO_AKCIPHER
121 tristate 93 tristate
122 select CRYPTO_AKCIPHER2 94 select CRYPTO_AKCIPHER2
123 select CRYPTO_ALGAPI 95 select CRYPTO_ALGAPI
124 96
125 config CRYPTO_KPP2 97 config CRYPTO_KPP2
126 tristate 98 tristate
127 select CRYPTO_ALGAPI2 99 select CRYPTO_ALGAPI2
128 100
129 config CRYPTO_KPP 101 config CRYPTO_KPP
130 tristate 102 tristate
131 select CRYPTO_ALGAPI 103 select CRYPTO_ALGAPI
132 select CRYPTO_KPP2 104 select CRYPTO_KPP2
133 105
134 config CRYPTO_ACOMP2 106 config CRYPTO_ACOMP2
135 tristate 107 tristate
136 select CRYPTO_ALGAPI2 108 select CRYPTO_ALGAPI2
137 select SGL_ALLOC 109 select SGL_ALLOC
138 110
139 config CRYPTO_ACOMP 111 config CRYPTO_ACOMP
140 tristate 112 tristate
141 select CRYPTO_ALGAPI 113 select CRYPTO_ALGAPI
142 select CRYPTO_ACOMP2 114 select CRYPTO_ACOMP2
143 115
144 config CRYPTO_MANAGER 116 config CRYPTO_MANAGER
145 tristate "Cryptographic algorithm mana 117 tristate "Cryptographic algorithm manager"
146 select CRYPTO_MANAGER2 118 select CRYPTO_MANAGER2
147 help 119 help
148 Create default cryptographic templat 120 Create default cryptographic template instantiations such as
149 cbc(aes). 121 cbc(aes).
150 122
151 config CRYPTO_MANAGER2 123 config CRYPTO_MANAGER2
152 def_tristate CRYPTO_MANAGER || (CRYPTO 124 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153 select CRYPTO_ACOMP2 <<
154 select CRYPTO_AEAD2 125 select CRYPTO_AEAD2
155 select CRYPTO_AKCIPHER2 <<
156 select CRYPTO_SIG2 <<
157 select CRYPTO_HASH2 126 select CRYPTO_HASH2
158 select CRYPTO_KPP2 <<
159 select CRYPTO_RNG2 <<
160 select CRYPTO_SKCIPHER2 127 select CRYPTO_SKCIPHER2
>> 128 select CRYPTO_AKCIPHER2
>> 129 select CRYPTO_KPP2
>> 130 select CRYPTO_ACOMP2
161 131
162 config CRYPTO_USER 132 config CRYPTO_USER
163 tristate "Userspace cryptographic algo 133 tristate "Userspace cryptographic algorithm configuration"
164 depends on NET 134 depends on NET
165 select CRYPTO_MANAGER 135 select CRYPTO_MANAGER
166 help 136 help
167 Userspace configuration for cryptogr 137 Userspace configuration for cryptographic instantiations such as
168 cbc(aes). 138 cbc(aes).
169 139
170 config CRYPTO_MANAGER_DISABLE_TESTS 140 config CRYPTO_MANAGER_DISABLE_TESTS
171 bool "Disable run-time self tests" 141 bool "Disable run-time self tests"
172 default y 142 default y
173 help 143 help
174 Disable run-time self tests that nor 144 Disable run-time self tests that normally take place at
175 algorithm registration. 145 algorithm registration.
176 146
177 config CRYPTO_MANAGER_EXTRA_TESTS 147 config CRYPTO_MANAGER_EXTRA_TESTS
178 bool "Enable extra run-time crypto sel 148 bool "Enable extra run-time crypto self tests"
179 depends on DEBUG_KERNEL && !CRYPTO_MAN 149 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
180 help 150 help
181 Enable extra run-time self tests of 151 Enable extra run-time self tests of registered crypto algorithms,
182 including randomized fuzz tests. 152 including randomized fuzz tests.
183 153
184 This is intended for developer use o 154 This is intended for developer use only, as these tests take much
185 longer to run than the normal self t 155 longer to run than the normal self tests.
186 156
>> 157 config CRYPTO_GF128MUL
>> 158 tristate
>> 159
187 config CRYPTO_NULL 160 config CRYPTO_NULL
188 tristate "Null algorithms" 161 tristate "Null algorithms"
189 select CRYPTO_NULL2 162 select CRYPTO_NULL2
190 help 163 help
191 These are 'Null' algorithms, used by 164 These are 'Null' algorithms, used by IPsec, which do nothing.
192 165
193 config CRYPTO_NULL2 166 config CRYPTO_NULL2
194 tristate 167 tristate
195 select CRYPTO_ALGAPI2 168 select CRYPTO_ALGAPI2
196 select CRYPTO_SKCIPHER2 169 select CRYPTO_SKCIPHER2
197 select CRYPTO_HASH2 170 select CRYPTO_HASH2
198 171
199 config CRYPTO_PCRYPT 172 config CRYPTO_PCRYPT
200 tristate "Parallel crypto engine" 173 tristate "Parallel crypto engine"
201 depends on SMP 174 depends on SMP
202 select PADATA 175 select PADATA
203 select CRYPTO_MANAGER 176 select CRYPTO_MANAGER
204 select CRYPTO_AEAD 177 select CRYPTO_AEAD
205 help 178 help
206 This converts an arbitrary crypto al 179 This converts an arbitrary crypto algorithm into a parallel
207 algorithm that executes in kernel th 180 algorithm that executes in kernel threads.
208 181
209 config CRYPTO_CRYPTD 182 config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon 183 tristate "Software async crypto daemon"
211 select CRYPTO_SKCIPHER 184 select CRYPTO_SKCIPHER
212 select CRYPTO_HASH 185 select CRYPTO_HASH
213 select CRYPTO_MANAGER 186 select CRYPTO_MANAGER
214 help 187 help
215 This is a generic software asynchron 188 This is a generic software asynchronous crypto daemon that
216 converts an arbitrary synchronous so 189 converts an arbitrary synchronous software crypto algorithm
217 into an asynchronous algorithm that 190 into an asynchronous algorithm that executes in a kernel thread.
218 191
219 config CRYPTO_AUTHENC 192 config CRYPTO_AUTHENC
220 tristate "Authenc support" 193 tristate "Authenc support"
221 select CRYPTO_AEAD 194 select CRYPTO_AEAD
222 select CRYPTO_SKCIPHER 195 select CRYPTO_SKCIPHER
223 select CRYPTO_MANAGER 196 select CRYPTO_MANAGER
224 select CRYPTO_HASH 197 select CRYPTO_HASH
225 select CRYPTO_NULL 198 select CRYPTO_NULL
226 help 199 help
227 Authenc: Combined mode wrapper for I 200 Authenc: Combined mode wrapper for IPsec.
228 !! 201 This is required for IPSec.
229 This is required for IPSec ESP (XFRM <<
230 202
231 config CRYPTO_TEST 203 config CRYPTO_TEST
232 tristate "Testing module" 204 tristate "Testing module"
233 depends on m || EXPERT 205 depends on m || EXPERT
234 select CRYPTO_MANAGER 206 select CRYPTO_MANAGER
235 help 207 help
236 Quick & dirty crypto test module. 208 Quick & dirty crypto test module.
237 209
238 config CRYPTO_SIMD 210 config CRYPTO_SIMD
239 tristate 211 tristate
240 select CRYPTO_CRYPTD 212 select CRYPTO_CRYPTD
241 213
242 config CRYPTO_ENGINE 214 config CRYPTO_ENGINE
243 tristate 215 tristate
244 216
245 endmenu !! 217 comment "Public-key cryptography"
246 <<
247 menu "Public-key cryptography" <<
248 218
249 config CRYPTO_RSA 219 config CRYPTO_RSA
250 tristate "RSA (Rivest-Shamir-Adleman)" !! 220 tristate "RSA algorithm"
251 select CRYPTO_AKCIPHER 221 select CRYPTO_AKCIPHER
252 select CRYPTO_MANAGER 222 select CRYPTO_MANAGER
253 select MPILIB 223 select MPILIB
254 select ASN1 224 select ASN1
255 help 225 help
256 RSA (Rivest-Shamir-Adleman) public k !! 226 Generic implementation of the RSA public key algorithm.
257 227
258 config CRYPTO_DH 228 config CRYPTO_DH
259 tristate "DH (Diffie-Hellman)" !! 229 tristate "Diffie-Hellman algorithm"
260 select CRYPTO_KPP 230 select CRYPTO_KPP
261 select MPILIB 231 select MPILIB
262 help 232 help
263 DH (Diffie-Hellman) key exchange alg !! 233 Generic implementation of the Diffie-Hellman algorithm.
264 <<
265 config CRYPTO_DH_RFC7919_GROUPS <<
266 bool "RFC 7919 FFDHE groups" <<
267 depends on CRYPTO_DH <<
268 select CRYPTO_RNG_DEFAULT <<
269 help <<
270 FFDHE (Finite-Field-based Diffie-Hel <<
271 defined in RFC7919. <<
272 <<
273 Support these finite-field groups in <<
274 - ffdhe2048, ffdhe3072, ffdhe4096, f <<
275 <<
276 If unsure, say N. <<
277 234
278 config CRYPTO_ECC 235 config CRYPTO_ECC
279 tristate 236 tristate
280 select CRYPTO_RNG_DEFAULT 237 select CRYPTO_RNG_DEFAULT
281 238
282 config CRYPTO_ECDH 239 config CRYPTO_ECDH
283 tristate "ECDH (Elliptic Curve Diffie- !! 240 tristate "ECDH algorithm"
284 select CRYPTO_ECC 241 select CRYPTO_ECC
285 select CRYPTO_KPP 242 select CRYPTO_KPP
286 help 243 help
287 ECDH (Elliptic Curve Diffie-Hellman) !! 244 Generic implementation of the ECDH algorithm
288 using curves P-192, P-256, and P-384 <<
289 245
290 config CRYPTO_ECDSA 246 config CRYPTO_ECDSA
291 tristate "ECDSA (Elliptic Curve Digita !! 247 tristate "ECDSA (NIST P192, P256 etc.) algorithm"
292 select CRYPTO_ECC 248 select CRYPTO_ECC
293 select CRYPTO_AKCIPHER 249 select CRYPTO_AKCIPHER
294 select ASN1 250 select ASN1
295 help 251 help
296 ECDSA (Elliptic Curve Digital Signat !! 252 Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
297 ISO/IEC 14888-3) !! 253 is A NIST cryptographic standard algorithm. Only signature verification
298 using curves P-192, P-256, and P-384 !! 254 is implemented.
299 <<
300 Only signature verification is imple <<
301 255
302 config CRYPTO_ECRDSA 256 config CRYPTO_ECRDSA
303 tristate "EC-RDSA (Elliptic Curve Russ !! 257 tristate "EC-RDSA (GOST 34.10) algorithm"
304 select CRYPTO_ECC 258 select CRYPTO_ECC
305 select CRYPTO_AKCIPHER 259 select CRYPTO_AKCIPHER
306 select CRYPTO_STREEBOG 260 select CRYPTO_STREEBOG
307 select OID_REGISTRY 261 select OID_REGISTRY
308 select ASN1 262 select ASN1
309 help 263 help
310 Elliptic Curve Russian Digital Signa 264 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
311 RFC 7091, ISO/IEC 14888-3) !! 265 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
>> 266 standard algorithms (called GOST algorithms). Only signature verification
>> 267 is implemented.
312 268
313 One of the Russian cryptographic sta !! 269 config CRYPTO_SM2
314 algorithms). Only signature verifica !! 270 tristate "SM2 algorithm"
>> 271 select CRYPTO_SM3
>> 272 select CRYPTO_AKCIPHER
>> 273 select CRYPTO_MANAGER
>> 274 select MPILIB
>> 275 select ASN1
>> 276 help
>> 277 Generic implementation of the SM2 public key algorithm. It was
>> 278 published by State Encryption Management Bureau, China.
>> 279 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
>> 280
>> 281 References:
>> 282 https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
>> 283 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
>> 284 http://www.gmbz.org.cn/main/bzlb.html
315 285
316 config CRYPTO_CURVE25519 286 config CRYPTO_CURVE25519
317 tristate "Curve25519" !! 287 tristate "Curve25519 algorithm"
318 select CRYPTO_KPP 288 select CRYPTO_KPP
319 select CRYPTO_LIB_CURVE25519_GENERIC 289 select CRYPTO_LIB_CURVE25519_GENERIC
>> 290
>> 291 config CRYPTO_CURVE25519_X86
>> 292 tristate "x86_64 accelerated Curve25519 scalar multiplication library"
>> 293 depends on X86 && 64BIT
>> 294 select CRYPTO_LIB_CURVE25519_GENERIC
>> 295 select CRYPTO_ARCH_HAVE_LIB_CURVE25519
>> 296
>> 297 comment "Authenticated Encryption with Associated Data"
>> 298
>> 299 config CRYPTO_CCM
>> 300 tristate "CCM support"
>> 301 select CRYPTO_CTR
>> 302 select CRYPTO_HASH
>> 303 select CRYPTO_AEAD
>> 304 select CRYPTO_MANAGER
320 help 305 help
321 Curve25519 elliptic curve (RFC7748) !! 306 Support for Counter with CBC MAC. Required for IPsec.
322 307
323 endmenu !! 308 config CRYPTO_GCM
>> 309 tristate "GCM/GMAC support"
>> 310 select CRYPTO_CTR
>> 311 select CRYPTO_AEAD
>> 312 select CRYPTO_GHASH
>> 313 select CRYPTO_NULL
>> 314 select CRYPTO_MANAGER
>> 315 help
>> 316 Support for Galois/Counter Mode (GCM) and Galois Message
>> 317 Authentication Code (GMAC). Required for IPSec.
324 318
325 menu "Block ciphers" !! 319 config CRYPTO_CHACHA20POLY1305
>> 320 tristate "ChaCha20-Poly1305 AEAD support"
>> 321 select CRYPTO_CHACHA20
>> 322 select CRYPTO_POLY1305
>> 323 select CRYPTO_AEAD
>> 324 select CRYPTO_MANAGER
>> 325 help
>> 326 ChaCha20-Poly1305 AEAD support, RFC7539.
326 327
327 config CRYPTO_AES !! 328 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
328 tristate "AES (Advanced Encryption Sta !! 329 with the Poly1305 authenticator. It is defined in RFC7539 for use in
329 select CRYPTO_ALGAPI !! 330 IETF protocols.
330 select CRYPTO_LIB_AES !! 331
>> 332 config CRYPTO_AEGIS128
>> 333 tristate "AEGIS-128 AEAD algorithm"
>> 334 select CRYPTO_AEAD
>> 335 select CRYPTO_AES # for AES S-box tables
331 help 336 help
332 AES cipher algorithms (Rijndael)(FIP !! 337 Support for the AEGIS-128 dedicated AEAD algorithm.
333 338
334 Rijndael appears to be consistently !! 339 config CRYPTO_AEGIS128_SIMD
335 both hardware and software across a !! 340 bool "Support SIMD acceleration for AEGIS-128"
336 environments regardless of its use i !! 341 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
337 modes. Its key setup time is excelle !! 342 default y
338 good. Rijndael's very low memory req <<
339 suited for restricted-space environm <<
340 demonstrates excellent performance. <<
341 among the easiest to defend against <<
342 343
343 The AES specifies three key sizes: 1 !! 344 config CRYPTO_AEGIS128_AESNI_SSE2
>> 345 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
>> 346 depends on X86 && 64BIT
>> 347 select CRYPTO_AEAD
>> 348 select CRYPTO_SIMD
>> 349 help
>> 350 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
344 351
345 config CRYPTO_AES_TI !! 352 config CRYPTO_SEQIV
346 tristate "AES (Advanced Encryption Sta !! 353 tristate "Sequence Number IV Generator"
347 select CRYPTO_ALGAPI !! 354 select CRYPTO_AEAD
348 select CRYPTO_LIB_AES !! 355 select CRYPTO_SKCIPHER
>> 356 select CRYPTO_NULL
>> 357 select CRYPTO_RNG_DEFAULT
>> 358 select CRYPTO_MANAGER
349 help 359 help
350 AES cipher algorithms (Rijndael)(FIP !! 360 This IV generator generates an IV based on a sequence number by
>> 361 xoring it with a salt. This algorithm is mainly useful for CTR
351 362
352 This is a generic implementation of !! 363 config CRYPTO_ECHAINIV
353 data dependent latencies as much as !! 364 tristate "Encrypted Chain IV Generator"
354 performance too much. It is intended !! 365 select CRYPTO_AEAD
355 and GCM drivers, and other CTR or CM !! 366 select CRYPTO_NULL
356 solely on encryption (although decry !! 367 select CRYPTO_RNG_DEFAULT
357 with a more dramatic performance hit !! 368 select CRYPTO_MANAGER
>> 369 help
>> 370 This IV generator generates an IV based on the encryption of
>> 371 a sequence number xored with a salt. This is the default
>> 372 algorithm for CBC.
358 373
359 Instead of using 16 lookup tables of !! 374 comment "Block modes"
360 8 for decryption), this implementati <<
361 256 bytes each, and attempts to elim <<
362 prefetching the entire table into th <<
363 block. Interrupts are also disabled <<
364 are evicted when the CPU is interrup <<
365 375
366 config CRYPTO_ANUBIS !! 376 config CRYPTO_CBC
367 tristate "Anubis" !! 377 tristate "CBC support"
368 depends on CRYPTO_USER_API_ENABLE_OBSO !! 378 select CRYPTO_SKCIPHER
369 select CRYPTO_ALGAPI !! 379 select CRYPTO_MANAGER
370 help 380 help
371 Anubis cipher algorithm !! 381 CBC: Cipher Block Chaining mode
>> 382 This block cipher algorithm is required for IPSec.
372 383
373 Anubis is a variable key length ciph !! 384 config CRYPTO_CFB
374 128 bits to 320 bits in length. It !! 385 tristate "CFB support"
375 in the NESSIE competition. !! 386 select CRYPTO_SKCIPHER
>> 387 select CRYPTO_MANAGER
>> 388 help
>> 389 CFB: Cipher FeedBack mode
>> 390 This block cipher algorithm is required for TPM2 Cryptography.
376 391
377 See https://web.archive.org/web/2016 !! 392 config CRYPTO_CTR
378 for further information. !! 393 tristate "CTR support"
>> 394 select CRYPTO_SKCIPHER
>> 395 select CRYPTO_MANAGER
>> 396 help
>> 397 CTR: Counter mode
>> 398 This block cipher algorithm is required for IPSec.
379 399
380 config CRYPTO_ARIA !! 400 config CRYPTO_CTS
381 tristate "ARIA" !! 401 tristate "CTS support"
382 select CRYPTO_ALGAPI !! 402 select CRYPTO_SKCIPHER
>> 403 select CRYPTO_MANAGER
383 help 404 help
384 ARIA cipher algorithm (RFC5794) !! 405 CTS: Cipher Text Stealing
>> 406 This is the Cipher Text Stealing mode as described by
>> 407 Section 8 of rfc2040 and referenced by rfc3962
>> 408 (rfc3962 includes errata information in its Appendix A) or
>> 409 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
>> 410 This mode is required for Kerberos gss mechanism support
>> 411 for AES encryption.
385 412
386 ARIA is a standard encryption algori !! 413 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
387 The ARIA specifies three key sizes a <<
388 128-bit: 12 rounds. <<
389 192-bit: 14 rounds. <<
390 256-bit: 16 rounds. <<
391 414
392 See: !! 415 config CRYPTO_ECB
393 https://seed.kisa.or.kr/kisa/algorit !! 416 tristate "ECB support"
>> 417 select CRYPTO_SKCIPHER
>> 418 select CRYPTO_MANAGER
>> 419 help
>> 420 ECB: Electronic CodeBook mode
>> 421 This is the simplest block cipher algorithm. It simply encrypts
>> 422 the input block by block.
394 423
395 config CRYPTO_BLOWFISH !! 424 config CRYPTO_LRW
396 tristate "Blowfish" !! 425 tristate "LRW support"
397 select CRYPTO_ALGAPI !! 426 select CRYPTO_SKCIPHER
398 select CRYPTO_BLOWFISH_COMMON !! 427 select CRYPTO_MANAGER
>> 428 select CRYPTO_GF128MUL
399 help 429 help
400 Blowfish cipher algorithm, by Bruce !! 430 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
>> 431 narrow block cipher mode for dm-crypt. Use it with cipher
>> 432 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
>> 433 The first 128, 192 or 256 bits in the key are used for AES and the
>> 434 rest is used to tie each cipher block to its logical position.
401 435
402 This is a variable key length cipher !! 436 config CRYPTO_OFB
403 bits to 448 bits in length. It's fa !! 437 tristate "OFB support"
404 designed for use on "large microproc !! 438 select CRYPTO_SKCIPHER
>> 439 select CRYPTO_MANAGER
>> 440 help
>> 441 OFB: the Output Feedback mode makes a block cipher into a synchronous
>> 442 stream cipher. It generates keystream blocks, which are then XORed
>> 443 with the plaintext blocks to get the ciphertext. Flipping a bit in the
>> 444 ciphertext produces a flipped bit in the plaintext at the same
>> 445 location. This property allows many error correcting codes to function
>> 446 normally even when applied before encryption.
405 447
406 See https://www.schneier.com/blowfis !! 448 config CRYPTO_PCBC
>> 449 tristate "PCBC support"
>> 450 select CRYPTO_SKCIPHER
>> 451 select CRYPTO_MANAGER
>> 452 help
>> 453 PCBC: Propagating Cipher Block Chaining mode
>> 454 This block cipher algorithm is required for RxRPC.
407 455
408 config CRYPTO_BLOWFISH_COMMON !! 456 config CRYPTO_XTS
>> 457 tristate "XTS support"
>> 458 select CRYPTO_SKCIPHER
>> 459 select CRYPTO_MANAGER
>> 460 select CRYPTO_ECB
>> 461 help
>> 462 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
>> 463 key size 256, 384 or 512 bits. This implementation currently
>> 464 can't handle a sectorsize which is not a multiple of 16 bytes.
>> 465
>> 466 config CRYPTO_KEYWRAP
>> 467 tristate "Key wrapping support"
>> 468 select CRYPTO_SKCIPHER
>> 469 select CRYPTO_MANAGER
>> 470 help
>> 471 Support for key wrapping (NIST SP800-38F / RFC3394) without
>> 472 padding.
>> 473
>> 474 config CRYPTO_NHPOLY1305
409 tristate 475 tristate
>> 476 select CRYPTO_HASH
>> 477 select CRYPTO_LIB_POLY1305_GENERIC
>> 478
>> 479 config CRYPTO_NHPOLY1305_SSE2
>> 480 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
>> 481 depends on X86 && 64BIT
>> 482 select CRYPTO_NHPOLY1305
410 help 483 help
411 Common parts of the Blowfish cipher !! 484 SSE2 optimized implementation of the hash function used by the
412 generic c and the assembler implemen !! 485 Adiantum encryption mode.
413 486
414 config CRYPTO_CAMELLIA !! 487 config CRYPTO_NHPOLY1305_AVX2
415 tristate "Camellia" !! 488 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
416 select CRYPTO_ALGAPI !! 489 depends on X86 && 64BIT
>> 490 select CRYPTO_NHPOLY1305
417 help 491 help
418 Camellia cipher algorithms (ISO/IEC !! 492 AVX2 optimized implementation of the hash function used by the
>> 493 Adiantum encryption mode.
419 494
420 Camellia is a symmetric key block ci !! 495 config CRYPTO_ADIANTUM
421 at NTT and Mitsubishi Electric Corpo !! 496 tristate "Adiantum support"
>> 497 select CRYPTO_CHACHA20
>> 498 select CRYPTO_LIB_POLY1305_GENERIC
>> 499 select CRYPTO_NHPOLY1305
>> 500 select CRYPTO_MANAGER
>> 501 help
>> 502 Adiantum is a tweakable, length-preserving encryption mode
>> 503 designed for fast and secure disk encryption, especially on
>> 504 CPUs without dedicated crypto instructions. It encrypts
>> 505 each sector using the XChaCha12 stream cipher, two passes of
>> 506 an ε-almost-∆-universal hash function, and an invocation of
>> 507 the AES-256 block cipher on a single 16-byte block. On CPUs
>> 508 without AES instructions, Adiantum is much faster than
>> 509 AES-XTS.
422 510
423 The Camellia specifies three key siz !! 511 Adiantum's security is provably reducible to that of its
>> 512 underlying stream and block ciphers, subject to a security
>> 513 bound. Unlike XTS, Adiantum is a true wide-block encryption
>> 514 mode, so it actually provides an even stronger notion of
>> 515 security than XTS, subject to the security bound.
424 516
425 See https://info.isl.ntt.co.jp/crypt !! 517 If unsure, say N.
426 518
427 config CRYPTO_CAST_COMMON !! 519 config CRYPTO_ESSIV
428 tristate !! 520 tristate "ESSIV support for block encryption"
>> 521 select CRYPTO_AUTHENC
429 help 522 help
430 Common parts of the CAST cipher algo !! 523 Encrypted salt-sector initialization vector (ESSIV) is an IV
431 generic c and the assembler implemen !! 524 generation method that is used in some cases by fscrypt and/or
>> 525 dm-crypt. It uses the hash of the block encryption key as the
>> 526 symmetric key for a block encryption pass applied to the input
>> 527 IV, making low entropy IV sources more suitable for block
>> 528 encryption.
432 529
433 config CRYPTO_CAST5 !! 530 This driver implements a crypto API template that can be
434 tristate "CAST5 (CAST-128)" !! 531 instantiated either as an skcipher or as an AEAD (depending on the
435 select CRYPTO_ALGAPI !! 532 type of the first template argument), and which defers encryption
436 select CRYPTO_CAST_COMMON !! 533 and decryption requests to the encapsulated cipher after applying
>> 534 ESSIV to the input IV. Note that in the AEAD case, it is assumed
>> 535 that the keys are presented in the same format used by the authenc
>> 536 template, and that the IV appears at the end of the authenticated
>> 537 associated data (AAD) region (which is how dm-crypt uses it.)
>> 538
>> 539 Note that the use of ESSIV is not recommended for new deployments,
>> 540 and so this only needs to be enabled when interoperability with
>> 541 existing encrypted volumes of filesystems is required, or when
>> 542 building for a particular system that requires it (e.g., when
>> 543 the SoC in question has accelerated CBC but not XTS, making CBC
>> 544 combined with ESSIV the only feasible mode for h/w accelerated
>> 545 block encryption)
>> 546
>> 547 comment "Hash modes"
>> 548
>> 549 config CRYPTO_CMAC
>> 550 tristate "CMAC support"
>> 551 select CRYPTO_HASH
>> 552 select CRYPTO_MANAGER
437 help 553 help
438 CAST5 (CAST-128) cipher algorithm (R !! 554 Cipher-based Message Authentication Code (CMAC) specified by
>> 555 The National Institute of Standards and Technology (NIST).
439 556
440 config CRYPTO_CAST6 !! 557 https://tools.ietf.org/html/rfc4493
441 tristate "CAST6 (CAST-256)" !! 558 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
442 select CRYPTO_ALGAPI !! 559
443 select CRYPTO_CAST_COMMON !! 560 config CRYPTO_HMAC
>> 561 tristate "HMAC support"
>> 562 select CRYPTO_HASH
>> 563 select CRYPTO_MANAGER
444 help 564 help
445 CAST6 (CAST-256) encryption algorith !! 565 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
>> 566 This is required for IPSec.
446 567
447 config CRYPTO_DES !! 568 config CRYPTO_XCBC
448 tristate "DES and Triple DES EDE" !! 569 tristate "XCBC support"
449 select CRYPTO_ALGAPI !! 570 select CRYPTO_HASH
450 select CRYPTO_LIB_DES !! 571 select CRYPTO_MANAGER
451 help 572 help
452 DES (Data Encryption Standard)(FIPS !! 573 XCBC: Keyed-Hashing with encryption algorithm
453 Triple DES EDE (Encrypt/Decrypt/Encr !! 574 https://www.ietf.org/rfc/rfc3566.txt
454 cipher algorithms !! 575 http://csrc.nist.gov/encryption/modes/proposedmodes/
>> 576 xcbc-mac/xcbc-mac-spec.pdf
455 577
456 config CRYPTO_FCRYPT !! 578 config CRYPTO_VMAC
457 tristate "FCrypt" !! 579 tristate "VMAC support"
458 select CRYPTO_ALGAPI !! 580 select CRYPTO_HASH
459 select CRYPTO_SKCIPHER !! 581 select CRYPTO_MANAGER
460 help 582 help
461 FCrypt algorithm used by RxRPC !! 583 VMAC is a message authentication algorithm designed for
>> 584 very high speed on 64-bit architectures.
462 585
463 See https://ota.polyonymo.us/fcrypt- !! 586 See also:
>> 587 <https://fastcrypto.org/vmac>
464 588
465 config CRYPTO_KHAZAD !! 589 comment "Digest"
466 tristate "Khazad" !! 590
467 depends on CRYPTO_USER_API_ENABLE_OBSO !! 591 config CRYPTO_CRC32C
468 select CRYPTO_ALGAPI !! 592 tristate "CRC32c CRC algorithm"
>> 593 select CRYPTO_HASH
>> 594 select CRC32
>> 595 help
>> 596 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
>> 597 by iSCSI for header and data digests and by others.
>> 598 See Castagnoli93. Module will be crc32c.
>> 599
>> 600 config CRYPTO_CRC32C_INTEL
>> 601 tristate "CRC32c INTEL hardware acceleration"
>> 602 depends on X86
>> 603 select CRYPTO_HASH
>> 604 help
>> 605 In Intel processor with SSE4.2 supported, the processor will
>> 606 support CRC32C implementation using hardware accelerated CRC32
>> 607 instruction. This option will create 'crc32c-intel' module,
>> 608 which will enable any routine to use the CRC32 instruction to
>> 609 gain performance compared with software implementation.
>> 610 Module will be crc32c-intel.
>> 611
>> 612 config CRYPTO_CRC32C_VPMSUM
>> 613 tristate "CRC32c CRC algorithm (powerpc64)"
>> 614 depends on PPC64 && ALTIVEC
>> 615 select CRYPTO_HASH
>> 616 select CRC32
469 help 617 help
470 Khazad cipher algorithm !! 618 CRC32c algorithm implemented using vector polynomial multiply-sum
>> 619 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
>> 620 and newer processors for improved performance.
471 621
472 Khazad was a finalist in the initial <<
473 an algorithm optimized for 64-bit pr <<
474 on 32-bit processors. Khazad uses a <<
475 622
476 See https://web.archive.org/web/2017 !! 623 config CRYPTO_CRC32C_SPARC64
477 for further information. !! 624 tristate "CRC32c CRC algorithm (SPARC64)"
>> 625 depends on SPARC64
>> 626 select CRYPTO_HASH
>> 627 select CRC32
>> 628 help
>> 629 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
>> 630 when available.
478 631
479 config CRYPTO_SEED !! 632 config CRYPTO_CRC32
480 tristate "SEED" !! 633 tristate "CRC32 CRC algorithm"
481 depends on CRYPTO_USER_API_ENABLE_OBSO !! 634 select CRYPTO_HASH
482 select CRYPTO_ALGAPI !! 635 select CRC32
483 help 636 help
484 SEED cipher algorithm (RFC4269, ISO/ !! 637 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
>> 638 Shash crypto api wrappers to crc32_le function.
485 639
486 SEED is a 128-bit symmetric key bloc !! 640 config CRYPTO_CRC32_PCLMUL
487 developed by KISA (Korea Information !! 641 tristate "CRC32 PCLMULQDQ hardware acceleration"
488 national standard encryption algorit !! 642 depends on X86
489 It is a 16 round block cipher with t !! 643 select CRYPTO_HASH
>> 644 select CRC32
>> 645 help
>> 646 From Intel Westmere and AMD Bulldozer processor with SSE4.2
>> 647 and PCLMULQDQ supported, the processor will support
>> 648 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
>> 649 instruction. This option will create 'crc32-pclmul' module,
>> 650 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
>> 651 and gain better performance as compared with the table implementation.
>> 652
>> 653 config CRYPTO_CRC32_MIPS
>> 654 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
>> 655 depends on MIPS_CRC_SUPPORT
>> 656 select CRYPTO_HASH
>> 657 help
>> 658 CRC32c and CRC32 CRC algorithms implemented using mips crypto
>> 659 instructions, when available.
490 660
491 See https://seed.kisa.or.kr/kisa/alg <<
492 for further information. <<
493 661
494 config CRYPTO_SERPENT !! 662 config CRYPTO_XXHASH
495 tristate "Serpent" !! 663 tristate "xxHash hash algorithm"
496 select CRYPTO_ALGAPI !! 664 select CRYPTO_HASH
>> 665 select XXHASH
497 help 666 help
498 Serpent cipher algorithm, by Anderso !! 667 xxHash non-cryptographic hash algorithm. Extremely fast, working at
>> 668 speeds close to RAM limits.
499 669
500 Keys are allowed to be from 0 to 256 !! 670 config CRYPTO_BLAKE2B
501 of 8 bits. !! 671 tristate "BLAKE2b digest algorithm"
>> 672 select CRYPTO_HASH
>> 673 help
>> 674 Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
>> 675 optimized for 64bit platforms and can produce digests of any size
>> 676 between 1 to 64. The keyed hash is also implemented.
502 677
503 See https://www.cl.cam.ac.uk/~rja14/ !! 678 This module provides the following algorithms:
504 679
505 config CRYPTO_SM4 !! 680 - blake2b-160
506 tristate !! 681 - blake2b-256
>> 682 - blake2b-384
>> 683 - blake2b-512
507 684
508 config CRYPTO_SM4_GENERIC !! 685 See https://blake2.net for further information.
509 tristate "SM4 (ShangMi 4)" !! 686
510 select CRYPTO_ALGAPI !! 687 config CRYPTO_BLAKE2S_X86
511 select CRYPTO_SM4 !! 688 bool "BLAKE2s digest algorithm (x86 accelerated version)"
>> 689 depends on X86 && 64BIT
>> 690 select CRYPTO_LIB_BLAKE2S_GENERIC
>> 691 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
>> 692
>> 693 config CRYPTO_CRCT10DIF
>> 694 tristate "CRCT10DIF algorithm"
>> 695 select CRYPTO_HASH
512 help 696 help
513 SM4 cipher algorithms (OSCCA GB/T 32 !! 697 CRC T10 Data Integrity Field computation is being cast as
514 ISO/IEC 18033-3:2010/Amd 1:2021) !! 698 a crypto transform. This allows for faster crc t10 diff
>> 699 transforms to be used if they are available.
515 700
516 SM4 (GBT.32907-2016) is a cryptograp !! 701 config CRYPTO_CRCT10DIF_PCLMUL
517 Organization of State Commercial Adm !! 702 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
518 as an authorized cryptographic algor !! 703 depends on X86 && 64BIT && CRC_T10DIF
>> 704 select CRYPTO_HASH
>> 705 help
>> 706 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
>> 707 CRC T10 DIF PCLMULQDQ computation can be hardware
>> 708 accelerated PCLMULQDQ instruction. This option will create
>> 709 'crct10dif-pclmul' module, which is faster when computing the
>> 710 crct10dif checksum as compared with the generic table implementation.
519 711
520 SMS4 was originally created for use !! 712 config CRYPTO_CRCT10DIF_VPMSUM
521 networks, and is mandated in the Chi !! 713 tristate "CRC32T10DIF powerpc64 hardware acceleration"
522 Wireless LAN WAPI (Wired Authenticat !! 714 depends on PPC64 && ALTIVEC && CRC_T10DIF
523 (GB.15629.11-2003). !! 715 select CRYPTO_HASH
>> 716 help
>> 717 CRC10T10DIF algorithm implemented using vector polynomial
>> 718 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
>> 719 POWER8 and newer processors for improved performance.
524 720
525 The latest SM4 standard (GBT.32907-2 !! 721 config CRYPTO_VPMSUM_TESTER
526 standardized through TC 260 of the S !! 722 tristate "Powerpc64 vpmsum hardware acceleration tester"
527 of the People's Republic of China (S !! 723 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
>> 724 help
>> 725 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
>> 726 POWER8 vpmsum instructions.
>> 727 Unless you are testing these algorithms, you don't need this.
528 728
529 The input, output, and key of SMS4 a !! 729 config CRYPTO_GHASH
>> 730 tristate "GHASH hash function"
>> 731 select CRYPTO_GF128MUL
>> 732 select CRYPTO_HASH
>> 733 help
>> 734 GHASH is the hash function used in GCM (Galois/Counter Mode).
>> 735 It is not a general-purpose cryptographic hash function.
530 736
531 See https://eprint.iacr.org/2008/329 !! 737 config CRYPTO_POLY1305
>> 738 tristate "Poly1305 authenticator algorithm"
>> 739 select CRYPTO_HASH
>> 740 select CRYPTO_LIB_POLY1305_GENERIC
>> 741 help
>> 742 Poly1305 authenticator algorithm, RFC7539.
532 743
533 If unsure, say N. !! 744 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
>> 745 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
>> 746 in IETF protocols. This is the portable C implementation of Poly1305.
534 747
535 config CRYPTO_TEA !! 748 config CRYPTO_POLY1305_X86_64
536 tristate "TEA, XTEA and XETA" !! 749 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
537 depends on CRYPTO_USER_API_ENABLE_OBSO !! 750 depends on X86 && 64BIT
538 select CRYPTO_ALGAPI !! 751 select CRYPTO_LIB_POLY1305_GENERIC
>> 752 select CRYPTO_ARCH_HAVE_LIB_POLY1305
539 help 753 help
540 TEA (Tiny Encryption Algorithm) ciph !! 754 Poly1305 authenticator algorithm, RFC7539.
541 755
542 Tiny Encryption Algorithm is a simpl !! 756 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
543 many rounds for security. It is ver !! 757 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
544 little memory. !! 758 in IETF protocols. This is the x86_64 assembler implementation using SIMD
>> 759 instructions.
545 760
546 Xtendend Tiny Encryption Algorithm i !! 761 config CRYPTO_POLY1305_MIPS
547 the TEA algorithm to address a poten !! 762 tristate "Poly1305 authenticator algorithm (MIPS optimized)"
548 in the TEA algorithm. !! 763 depends on MIPS
>> 764 select CRYPTO_ARCH_HAVE_LIB_POLY1305
549 765
550 Xtendend Encryption Tiny Algorithm i !! 766 config CRYPTO_MD4
551 of the XTEA algorithm for compatibil !! 767 tristate "MD4 digest algorithm"
>> 768 select CRYPTO_HASH
>> 769 help
>> 770 MD4 message digest algorithm (RFC1320).
552 771
553 config CRYPTO_TWOFISH !! 772 config CRYPTO_MD5
554 tristate "Twofish" !! 773 tristate "MD5 digest algorithm"
555 select CRYPTO_ALGAPI !! 774 select CRYPTO_HASH
556 select CRYPTO_TWOFISH_COMMON <<
557 help 775 help
558 Twofish cipher algorithm !! 776 MD5 message digest algorithm (RFC1321).
559 777
560 Twofish was submitted as an AES (Adv !! 778 config CRYPTO_MD5_OCTEON
561 candidate cipher by researchers at C !! 779 tristate "MD5 digest algorithm (OCTEON)"
562 16 round block cipher supporting key !! 780 depends on CPU_CAVIUM_OCTEON
563 bits. !! 781 select CRYPTO_MD5
>> 782 select CRYPTO_HASH
>> 783 help
>> 784 MD5 message digest algorithm (RFC1321) implemented
>> 785 using OCTEON crypto instructions, when available.
564 786
565 See https://www.schneier.com/twofish !! 787 config CRYPTO_MD5_PPC
>> 788 tristate "MD5 digest algorithm (PPC)"
>> 789 depends on PPC
>> 790 select CRYPTO_HASH
>> 791 help
>> 792 MD5 message digest algorithm (RFC1321) implemented
>> 793 in PPC assembler.
566 794
567 config CRYPTO_TWOFISH_COMMON !! 795 config CRYPTO_MD5_SPARC64
568 tristate !! 796 tristate "MD5 digest algorithm (SPARC64)"
>> 797 depends on SPARC64
>> 798 select CRYPTO_MD5
>> 799 select CRYPTO_HASH
569 help 800 help
570 Common parts of the Twofish cipher a !! 801 MD5 message digest algorithm (RFC1321) implemented
571 generic c and the assembler implemen !! 802 using sparc64 crypto instructions, when available.
572 803
573 endmenu !! 804 config CRYPTO_MICHAEL_MIC
>> 805 tristate "Michael MIC keyed digest algorithm"
>> 806 select CRYPTO_HASH
>> 807 help
>> 808 Michael MIC is used for message integrity protection in TKIP
>> 809 (IEEE 802.11i). This algorithm is required for TKIP, but it
>> 810 should not be used for other purposes because of the weakness
>> 811 of the algorithm.
574 812
575 menu "Length-preserving ciphers and modes" !! 813 config CRYPTO_RMD160
>> 814 tristate "RIPEMD-160 digest algorithm"
>> 815 select CRYPTO_HASH
>> 816 help
>> 817 RIPEMD-160 (ISO/IEC 10118-3:2004).
576 818
577 config CRYPTO_ADIANTUM !! 819 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
578 tristate "Adiantum" !! 820 to be used as a secure replacement for the 128-bit hash functions
579 select CRYPTO_CHACHA20 !! 821 MD4, MD5 and it's predecessor RIPEMD
580 select CRYPTO_LIB_POLY1305_GENERIC !! 822 (not to be confused with RIPEMD-128).
581 select CRYPTO_NHPOLY1305 !! 823
582 select CRYPTO_MANAGER !! 824 It's speed is comparable to SHA1 and there are no known attacks
>> 825 against RIPEMD-160.
>> 826
>> 827 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
>> 828 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
>> 829
>> 830 config CRYPTO_SHA1
>> 831 tristate "SHA1 digest algorithm"
>> 832 select CRYPTO_HASH
583 help 833 help
584 Adiantum tweakable, length-preservin !! 834 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
585 835
586 Designed for fast and secure disk en !! 836 config CRYPTO_SHA1_SSSE3
587 CPUs without dedicated crypto instru !! 837 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
588 each sector using the XChaCha12 stre !! 838 depends on X86 && 64BIT
589 an ε-almost-∆-universal hash func !! 839 select CRYPTO_SHA1
590 the AES-256 block cipher on a single !! 840 select CRYPTO_HASH
591 without AES instructions, Adiantum i !! 841 help
592 AES-XTS. !! 842 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 843 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
>> 844 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
>> 845 when available.
593 846
594 Adiantum's security is provably redu !! 847 config CRYPTO_SHA256_SSSE3
595 underlying stream and block ciphers, !! 848 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
596 bound. Unlike XTS, Adiantum is a tr !! 849 depends on X86 && 64BIT
597 mode, so it actually provides an eve !! 850 select CRYPTO_SHA256
598 security than XTS, subject to the se !! 851 select CRYPTO_HASH
>> 852 help
>> 853 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 854 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 855 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 856 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
>> 857 Instructions) when available.
>> 858
>> 859 config CRYPTO_SHA512_SSSE3
>> 860 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
>> 861 depends on X86 && 64BIT
>> 862 select CRYPTO_SHA512
>> 863 select CRYPTO_HASH
>> 864 help
>> 865 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 866 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 867 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 868 version 2 (AVX2) instructions, when available.
599 869
600 If unsure, say N. !! 870 config CRYPTO_SHA1_OCTEON
>> 871 tristate "SHA1 digest algorithm (OCTEON)"
>> 872 depends on CPU_CAVIUM_OCTEON
>> 873 select CRYPTO_SHA1
>> 874 select CRYPTO_HASH
>> 875 help
>> 876 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 877 using OCTEON crypto instructions, when available.
601 878
602 config CRYPTO_ARC4 !! 879 config CRYPTO_SHA1_SPARC64
603 tristate "ARC4 (Alleged Rivest Cipher !! 880 tristate "SHA1 digest algorithm (SPARC64)"
604 depends on CRYPTO_USER_API_ENABLE_OBSO !! 881 depends on SPARC64
605 select CRYPTO_SKCIPHER !! 882 select CRYPTO_SHA1
606 select CRYPTO_LIB_ARC4 !! 883 select CRYPTO_HASH
607 help 884 help
608 ARC4 cipher algorithm !! 885 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 886 using sparc64 crypto instructions, when available.
609 887
610 ARC4 is a stream cipher using keys r !! 888 config CRYPTO_SHA1_PPC
611 bits in length. This algorithm is r !! 889 tristate "SHA1 digest algorithm (powerpc)"
612 WEP, but it should not be for other !! 890 depends on PPC
613 weakness of the algorithm. !! 891 help
>> 892 This is the powerpc hardware accelerated implementation of the
>> 893 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
614 894
615 config CRYPTO_CHACHA20 !! 895 config CRYPTO_SHA1_PPC_SPE
616 tristate "ChaCha" !! 896 tristate "SHA1 digest algorithm (PPC SPE)"
617 select CRYPTO_LIB_CHACHA_GENERIC !! 897 depends on PPC && SPE
618 select CRYPTO_SKCIPHER <<
619 help 898 help
620 The ChaCha20, XChaCha20, and XChaCha !! 899 SHA-1 secure hash standard (DFIPS 180-4) implemented
>> 900 using powerpc SPE SIMD instruction set.
621 901
622 ChaCha20 is a 256-bit high-speed str !! 902 config CRYPTO_SHA256
623 Bernstein and further specified in R !! 903 tristate "SHA224 and SHA256 digest algorithm"
624 This is the portable C implementatio !! 904 select CRYPTO_HASH
625 https://cr.yp.to/chacha/chacha-20080 !! 905 select CRYPTO_LIB_SHA256
>> 906 help
>> 907 SHA256 secure hash standard (DFIPS 180-2).
626 908
627 XChaCha20 is the application of the !! 909 This version of SHA implements a 256 bit hash with 128 bits of
628 rather than to Salsa20. XChaCha20 e !! 910 security against collision attacks.
629 from 64 bits (or 96 bits using the R <<
630 while provably retaining ChaCha20's <<
631 https://cr.yp.to/snuffle/xsalsa-2008 <<
632 911
633 XChaCha12 is XChaCha20 reduced to 12 !! 912 This code also includes SHA-224, a 224 bit hash with 112 bits
634 reduced security margin but increase !! 913 of security against collision attacks.
635 in some performance-sensitive scenar <<
636 914
637 config CRYPTO_CBC !! 915 config CRYPTO_SHA256_PPC_SPE
638 tristate "CBC (Cipher Block Chaining)" !! 916 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
639 select CRYPTO_SKCIPHER !! 917 depends on PPC && SPE
640 select CRYPTO_MANAGER !! 918 select CRYPTO_SHA256
>> 919 select CRYPTO_HASH
641 help 920 help
642 CBC (Cipher Block Chaining) mode (NI !! 921 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
>> 922 implemented using powerpc SPE SIMD instruction set.
643 923
644 This block cipher mode is required f !! 924 config CRYPTO_SHA256_OCTEON
>> 925 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
>> 926 depends on CPU_CAVIUM_OCTEON
>> 927 select CRYPTO_SHA256
>> 928 select CRYPTO_HASH
>> 929 help
>> 930 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 931 using OCTEON crypto instructions, when available.
645 932
646 config CRYPTO_CTR !! 933 config CRYPTO_SHA256_SPARC64
647 tristate "CTR (Counter)" !! 934 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
648 select CRYPTO_SKCIPHER !! 935 depends on SPARC64
649 select CRYPTO_MANAGER !! 936 select CRYPTO_SHA256
>> 937 select CRYPTO_HASH
650 help 938 help
651 CTR (Counter) mode (NIST SP800-38A) !! 939 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 940 using sparc64 crypto instructions, when available.
652 941
653 config CRYPTO_CTS !! 942 config CRYPTO_SHA512
654 tristate "CTS (Cipher Text Stealing)" !! 943 tristate "SHA384 and SHA512 digest algorithms"
655 select CRYPTO_SKCIPHER !! 944 select CRYPTO_HASH
656 select CRYPTO_MANAGER <<
657 help 945 help
658 CBC-CS3 variant of CTS (Cipher Text !! 946 SHA512 secure hash standard (DFIPS 180-2).
659 Addendum to SP800-38A (October 2010) <<
660 947
661 This mode is required for Kerberos g !! 948 This version of SHA implements a 512 bit hash with 256 bits of
662 for AES encryption. !! 949 security against collision attacks.
663 950
664 config CRYPTO_ECB !! 951 This code also includes SHA-384, a 384 bit hash with 192 bits
665 tristate "ECB (Electronic Codebook)" !! 952 of security against collision attacks.
666 select CRYPTO_SKCIPHER2 !! 953
667 select CRYPTO_MANAGER !! 954 config CRYPTO_SHA512_OCTEON
>> 955 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
>> 956 depends on CPU_CAVIUM_OCTEON
>> 957 select CRYPTO_SHA512
>> 958 select CRYPTO_HASH
668 help 959 help
669 ECB (Electronic Codebook) mode (NIST !! 960 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 961 using OCTEON crypto instructions, when available.
670 962
671 config CRYPTO_HCTR2 !! 963 config CRYPTO_SHA512_SPARC64
672 tristate "HCTR2" !! 964 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
673 select CRYPTO_XCTR !! 965 depends on SPARC64
674 select CRYPTO_POLYVAL !! 966 select CRYPTO_SHA512
675 select CRYPTO_MANAGER !! 967 select CRYPTO_HASH
676 help 968 help
677 HCTR2 length-preserving encryption m !! 969 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 970 using sparc64 crypto instructions, when available.
678 971
679 A mode for storage encryption that i !! 972 config CRYPTO_SHA3
680 instructions to accelerate AES and c !! 973 tristate "SHA3 digest algorithm"
681 x86 processors with AES-NI and CLMUL !! 974 select CRYPTO_HASH
682 ARMv8 crypto extensions. !! 975 help
>> 976 SHA-3 secure hash standard (DFIPS 202). It's based on
>> 977 cryptographic sponge function family called Keccak.
683 978
684 See https://eprint.iacr.org/2021/144 !! 979 References:
>> 980 http://keccak.noekeon.org/
685 981
686 config CRYPTO_KEYWRAP !! 982 config CRYPTO_SM3
687 tristate "KW (AES Key Wrap)" !! 983 tristate "SM3 digest algorithm"
688 select CRYPTO_SKCIPHER !! 984 select CRYPTO_HASH
689 select CRYPTO_MANAGER <<
690 help 985 help
691 KW (AES Key Wrap) authenticated encr !! 986 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
692 and RFC3394) without padding. !! 987 It is part of the Chinese Commercial Cryptography suite.
693 988
694 config CRYPTO_LRW !! 989 References:
695 tristate "LRW (Liskov Rivest Wagner)" !! 990 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
696 select CRYPTO_LIB_GF128MUL !! 991 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
697 select CRYPTO_SKCIPHER !! 992
698 select CRYPTO_MANAGER !! 993 config CRYPTO_STREEBOG
699 select CRYPTO_ECB !! 994 tristate "Streebog Hash Function"
>> 995 select CRYPTO_HASH
700 help 996 help
701 LRW (Liskov Rivest Wagner) mode !! 997 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
>> 998 cryptographic standard algorithms (called GOST algorithms).
>> 999 This setting enables two hash algorithms with 256 and 512 bits output.
702 1000
703 A tweakable, non malleable, non mova !! 1001 References:
704 narrow block cipher mode for dm-cryp !! 1002 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
705 specification string aes-lrw-benbi, !! 1003 https://tools.ietf.org/html/rfc6986
706 The first 128, 192 or 256 bits in th <<
707 rest is used to tie each cipher bloc <<
708 1004
709 See https://people.csail.mit.edu/riv !! 1005 config CRYPTO_WP512
>> 1006 tristate "Whirlpool digest algorithms"
>> 1007 select CRYPTO_HASH
>> 1008 help
>> 1009 Whirlpool hash algorithm 512, 384 and 256-bit hashes
710 1010
711 config CRYPTO_PCBC !! 1011 Whirlpool-512 is part of the NESSIE cryptographic primitives.
712 tristate "PCBC (Propagating Cipher Blo !! 1012 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
713 select CRYPTO_SKCIPHER !! 1013
714 select CRYPTO_MANAGER !! 1014 See also:
>> 1015 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
>> 1016
>> 1017 config CRYPTO_GHASH_CLMUL_NI_INTEL
>> 1018 tristate "GHASH hash function (CLMUL-NI accelerated)"
>> 1019 depends on X86 && 64BIT
>> 1020 select CRYPTO_CRYPTD
715 help 1021 help
716 PCBC (Propagating Cipher Block Chain !! 1022 This is the x86_64 CLMUL-NI accelerated implementation of
>> 1023 GHASH, the hash function used in GCM (Galois/Counter mode).
717 1024
718 This block cipher mode is required f !! 1025 comment "Ciphers"
719 1026
720 config CRYPTO_XCTR !! 1027 config CRYPTO_AES
721 tristate !! 1028 tristate "AES cipher algorithms"
>> 1029 select CRYPTO_ALGAPI
>> 1030 select CRYPTO_LIB_AES
>> 1031 help
>> 1032 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1033 algorithm.
>> 1034
>> 1035 Rijndael appears to be consistently a very good performer in
>> 1036 both hardware and software across a wide range of computing
>> 1037 environments regardless of its use in feedback or non-feedback
>> 1038 modes. Its key setup time is excellent, and its key agility is
>> 1039 good. Rijndael's very low memory requirements make it very well
>> 1040 suited for restricted-space environments, in which it also
>> 1041 demonstrates excellent performance. Rijndael's operations are
>> 1042 among the easiest to defend against power and timing attacks.
>> 1043
>> 1044 The AES specifies three key sizes: 128, 192 and 256 bits
>> 1045
>> 1046 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
>> 1047
>> 1048 config CRYPTO_AES_TI
>> 1049 tristate "Fixed time AES cipher"
>> 1050 select CRYPTO_ALGAPI
>> 1051 select CRYPTO_LIB_AES
>> 1052 help
>> 1053 This is a generic implementation of AES that attempts to eliminate
>> 1054 data dependent latencies as much as possible without affecting
>> 1055 performance too much. It is intended for use by the generic CCM
>> 1056 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
>> 1057 solely on encryption (although decryption is supported as well, but
>> 1058 with a more dramatic performance hit)
>> 1059
>> 1060 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
>> 1061 8 for decryption), this implementation only uses just two S-boxes of
>> 1062 256 bytes each, and attempts to eliminate data dependent latencies by
>> 1063 prefetching the entire table into the cache at the start of each
>> 1064 block. Interrupts are also disabled to avoid races where cachelines
>> 1065 are evicted when the CPU is interrupted to do something else.
>> 1066
>> 1067 config CRYPTO_AES_NI_INTEL
>> 1068 tristate "AES cipher algorithms (AES-NI)"
>> 1069 depends on X86
>> 1070 select CRYPTO_AEAD
>> 1071 select CRYPTO_LIB_AES
>> 1072 select CRYPTO_ALGAPI
722 select CRYPTO_SKCIPHER 1073 select CRYPTO_SKCIPHER
723 select CRYPTO_MANAGER !! 1074 select CRYPTO_SIMD
724 help 1075 help
725 XCTR (XOR Counter) mode for HCTR2 !! 1076 Use Intel AES-NI instructions for AES algorithm.
>> 1077
>> 1078 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1079 algorithm.
>> 1080
>> 1081 Rijndael appears to be consistently a very good performer in
>> 1082 both hardware and software across a wide range of computing
>> 1083 environments regardless of its use in feedback or non-feedback
>> 1084 modes. Its key setup time is excellent, and its key agility is
>> 1085 good. Rijndael's very low memory requirements make it very well
>> 1086 suited for restricted-space environments, in which it also
>> 1087 demonstrates excellent performance. Rijndael's operations are
>> 1088 among the easiest to defend against power and timing attacks.
726 1089
727 This blockcipher mode is a variant o !! 1090 The AES specifies three key sizes: 128, 192 and 256 bits
728 addition rather than big-endian arit <<
729 1091
730 XCTR mode is used to implement HCTR2 !! 1092 See <http://csrc.nist.gov/encryption/aes/> for more information.
731 1093
732 config CRYPTO_XTS !! 1094 In addition to AES cipher algorithm support, the acceleration
733 tristate "XTS (XOR Encrypt XOR with ci !! 1095 for some popular block cipher mode is supported too, including
>> 1096 ECB, CBC, LRW, XTS. The 64 bit version has additional
>> 1097 acceleration for CTR.
>> 1098
>> 1099 config CRYPTO_AES_SPARC64
>> 1100 tristate "AES cipher algorithms (SPARC64)"
>> 1101 depends on SPARC64
734 select CRYPTO_SKCIPHER 1102 select CRYPTO_SKCIPHER
735 select CRYPTO_MANAGER <<
736 select CRYPTO_ECB <<
737 help 1103 help
738 XTS (XOR Encrypt XOR with ciphertext !! 1104 Use SPARC64 crypto opcodes for AES algorithm.
739 and IEEE 1619) <<
740 1105
741 Use with aes-xts-plain, key size 256 !! 1106 AES cipher algorithms (FIPS-197). AES uses the Rijndael
742 implementation currently can't handl !! 1107 algorithm.
743 multiple of 16 bytes. <<
744 1108
745 config CRYPTO_NHPOLY1305 !! 1109 Rijndael appears to be consistently a very good performer in
746 tristate !! 1110 both hardware and software across a wide range of computing
747 select CRYPTO_HASH !! 1111 environments regardless of its use in feedback or non-feedback
748 select CRYPTO_LIB_POLY1305_GENERIC !! 1112 modes. Its key setup time is excellent, and its key agility is
>> 1113 good. Rijndael's very low memory requirements make it very well
>> 1114 suited for restricted-space environments, in which it also
>> 1115 demonstrates excellent performance. Rijndael's operations are
>> 1116 among the easiest to defend against power and timing attacks.
749 1117
750 endmenu !! 1118 The AES specifies three key sizes: 128, 192 and 256 bits
751 1119
752 menu "AEAD (authenticated encryption with asso !! 1120 See <http://csrc.nist.gov/encryption/aes/> for more information.
753 1121
754 config CRYPTO_AEGIS128 !! 1122 In addition to AES cipher algorithm support, the acceleration
755 tristate "AEGIS-128" !! 1123 for some popular block cipher mode is supported too, including
756 select CRYPTO_AEAD !! 1124 ECB and CBC.
757 select CRYPTO_AES # for AES S-box tab !! 1125
>> 1126 config CRYPTO_AES_PPC_SPE
>> 1127 tristate "AES cipher algorithms (PPC SPE)"
>> 1128 depends on PPC && SPE
>> 1129 select CRYPTO_SKCIPHER
758 help 1130 help
759 AEGIS-128 AEAD algorithm !! 1131 AES cipher algorithms (FIPS-197). Additionally the acceleration
>> 1132 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
>> 1133 This module should only be used for low power (router) devices
>> 1134 without hardware AES acceleration (e.g. caam crypto). It reduces the
>> 1135 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
>> 1136 timining attacks. Nevertheless it might be not as secure as other
>> 1137 architecture specific assembler implementations that work on 1KB
>> 1138 tables or 256 bytes S-boxes.
760 1139
761 config CRYPTO_AEGIS128_SIMD !! 1140 config CRYPTO_ANUBIS
762 bool "AEGIS-128 (arm NEON, arm64 NEON) !! 1141 tristate "Anubis cipher algorithm"
763 depends on CRYPTO_AEGIS128 && ((ARM || !! 1142 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
764 default y !! 1143 select CRYPTO_ALGAPI
765 help 1144 help
766 AEGIS-128 AEAD algorithm !! 1145 Anubis cipher algorithm.
767 1146
768 Architecture: arm or arm64 using: !! 1147 Anubis is a variable key length cipher which can use keys from
769 - NEON (Advanced SIMD) extension !! 1148 128 bits to 320 bits in length. It was evaluated as a entrant
>> 1149 in the NESSIE competition.
770 1150
771 config CRYPTO_CHACHA20POLY1305 !! 1151 See also:
772 tristate "ChaCha20-Poly1305" !! 1152 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
773 select CRYPTO_CHACHA20 !! 1153 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
774 select CRYPTO_POLY1305 <<
775 select CRYPTO_AEAD <<
776 select CRYPTO_MANAGER <<
777 help <<
778 ChaCha20 stream cipher and Poly1305 <<
779 mode (RFC8439) <<
780 1154
781 config CRYPTO_CCM !! 1155 config CRYPTO_ARC4
782 tristate "CCM (Counter with Cipher Blo !! 1156 tristate "ARC4 cipher algorithm"
783 select CRYPTO_CTR !! 1157 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
784 select CRYPTO_HASH !! 1158 select CRYPTO_SKCIPHER
785 select CRYPTO_AEAD !! 1159 select CRYPTO_LIB_ARC4
786 select CRYPTO_MANAGER <<
787 help 1160 help
788 CCM (Counter with Cipher Block Chain !! 1161 ARC4 cipher algorithm.
789 authenticated encryption mode (NIST <<
790 1162
791 config CRYPTO_GCM !! 1163 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
792 tristate "GCM (Galois/Counter Mode) an !! 1164 bits in length. This algorithm is required for driver-based
793 select CRYPTO_CTR !! 1165 WEP, but it should not be for other purposes because of the
794 select CRYPTO_AEAD !! 1166 weakness of the algorithm.
795 select CRYPTO_GHASH !! 1167
796 select CRYPTO_NULL !! 1168 config CRYPTO_BLOWFISH
797 select CRYPTO_MANAGER !! 1169 tristate "Blowfish cipher algorithm"
>> 1170 select CRYPTO_ALGAPI
>> 1171 select CRYPTO_BLOWFISH_COMMON
798 help 1172 help
799 GCM (Galois/Counter Mode) authentica !! 1173 Blowfish cipher algorithm, by Bruce Schneier.
800 (GCM Message Authentication Code) (N !! 1174
>> 1175 This is a variable key length cipher which can use keys from 32
>> 1176 bits to 448 bits in length. It's fast, simple and specifically
>> 1177 designed for use on "large microprocessors".
801 1178
802 This is required for IPSec ESP (XFRM !! 1179 See also:
>> 1180 <https://www.schneier.com/blowfish.html>
803 1181
804 config CRYPTO_GENIV !! 1182 config CRYPTO_BLOWFISH_COMMON
805 tristate 1183 tristate
806 select CRYPTO_AEAD !! 1184 help
807 select CRYPTO_NULL !! 1185 Common parts of the Blowfish cipher algorithm shared by the
808 select CRYPTO_MANAGER !! 1186 generic c and the assembler implementations.
809 select CRYPTO_RNG_DEFAULT <<
810 1187
811 config CRYPTO_SEQIV !! 1188 See also:
812 tristate "Sequence Number IV Generator !! 1189 <https://www.schneier.com/blowfish.html>
813 select CRYPTO_GENIV !! 1190
>> 1191 config CRYPTO_BLOWFISH_X86_64
>> 1192 tristate "Blowfish cipher algorithm (x86_64)"
>> 1193 depends on X86 && 64BIT
>> 1194 select CRYPTO_SKCIPHER
>> 1195 select CRYPTO_BLOWFISH_COMMON
>> 1196 imply CRYPTO_CTR
814 help 1197 help
815 Sequence Number IV generator !! 1198 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
816 1199
817 This IV generator generates an IV ba !! 1200 This is a variable key length cipher which can use keys from 32
818 xoring it with a salt. This algorit !! 1201 bits to 448 bits in length. It's fast, simple and specifically
>> 1202 designed for use on "large microprocessors".
819 1203
820 This is required for IPsec ESP (XFRM !! 1204 See also:
>> 1205 <https://www.schneier.com/blowfish.html>
821 1206
822 config CRYPTO_ECHAINIV !! 1207 config CRYPTO_CAMELLIA
823 tristate "Encrypted Chain IV Generator !! 1208 tristate "Camellia cipher algorithms"
824 select CRYPTO_GENIV !! 1209 select CRYPTO_ALGAPI
825 help 1210 help
826 Encrypted Chain IV generator !! 1211 Camellia cipher algorithms module.
827 1212
828 This IV generator generates an IV ba !! 1213 Camellia is a symmetric key block cipher developed jointly
829 a sequence number xored with a salt. !! 1214 at NTT and Mitsubishi Electric Corporation.
830 algorithm for CBC. <<
831 1215
832 config CRYPTO_ESSIV !! 1216 The Camellia specifies three key sizes: 128, 192 and 256 bits.
833 tristate "Encrypted Salt-Sector IV Gen !! 1217
834 select CRYPTO_AUTHENC !! 1218 See also:
>> 1219 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1220
>> 1221 config CRYPTO_CAMELLIA_X86_64
>> 1222 tristate "Camellia cipher algorithm (x86_64)"
>> 1223 depends on X86 && 64BIT
>> 1224 select CRYPTO_SKCIPHER
>> 1225 imply CRYPTO_CTR
835 help 1226 help
836 Encrypted Salt-Sector IV generator !! 1227 Camellia cipher algorithm module (x86_64).
837 1228
838 This IV generator is used in some ca !! 1229 Camellia is a symmetric key block cipher developed jointly
839 dm-crypt. It uses the hash of the bl !! 1230 at NTT and Mitsubishi Electric Corporation.
840 symmetric key for a block encryption <<
841 IV, making low entropy IV sources mo <<
842 encryption. <<
843 1231
844 This driver implements a crypto API !! 1232 The Camellia specifies three key sizes: 128, 192 and 256 bits.
845 instantiated either as an skcipher o <<
846 type of the first template argument) <<
847 and decryption requests to the encap <<
848 ESSIV to the input IV. Note that in <<
849 that the keys are presented in the s <<
850 template, and that the IV appears at <<
851 associated data (AAD) region (which <<
852 1233
853 Note that the use of ESSIV is not re !! 1234 See also:
854 and so this only needs to be enabled !! 1235 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
855 existing encrypted volumes of filesy <<
856 building for a particular system tha <<
857 the SoC in question has accelerated <<
858 combined with ESSIV the only feasibl <<
859 block encryption) <<
860 1236
861 endmenu !! 1237 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1238 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
>> 1239 depends on X86 && 64BIT
>> 1240 select CRYPTO_SKCIPHER
>> 1241 select CRYPTO_CAMELLIA_X86_64
>> 1242 select CRYPTO_SIMD
>> 1243 imply CRYPTO_XTS
>> 1244 help
>> 1245 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
862 1246
863 menu "Hashes, digests, and MACs" !! 1247 Camellia is a symmetric key block cipher developed jointly
>> 1248 at NTT and Mitsubishi Electric Corporation.
864 1249
865 config CRYPTO_BLAKE2B !! 1250 The Camellia specifies three key sizes: 128, 192 and 256 bits.
866 tristate "BLAKE2b" !! 1251
867 select CRYPTO_HASH !! 1252 See also:
>> 1253 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1254
>> 1255 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
>> 1256 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
>> 1257 depends on X86 && 64BIT
>> 1258 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
868 help 1259 help
869 BLAKE2b cryptographic hash function !! 1260 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
870 1261
871 BLAKE2b is optimized for 64-bit plat !! 1262 Camellia is a symmetric key block cipher developed jointly
872 of any size between 1 and 64 bytes. !! 1263 at NTT and Mitsubishi Electric Corporation.
873 1264
874 This module provides the following a !! 1265 The Camellia specifies three key sizes: 128, 192 and 256 bits.
875 - blake2b-160 <<
876 - blake2b-256 <<
877 - blake2b-384 <<
878 - blake2b-512 <<
879 1266
880 Used by the btrfs filesystem. !! 1267 See also:
>> 1268 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
881 1269
882 See https://blake2.net for further i !! 1270 config CRYPTO_CAMELLIA_SPARC64
>> 1271 tristate "Camellia cipher algorithm (SPARC64)"
>> 1272 depends on SPARC64
>> 1273 select CRYPTO_ALGAPI
>> 1274 select CRYPTO_SKCIPHER
>> 1275 help
>> 1276 Camellia cipher algorithm module (SPARC64).
883 1277
884 config CRYPTO_CMAC !! 1278 Camellia is a symmetric key block cipher developed jointly
885 tristate "CMAC (Cipher-based MAC)" !! 1279 at NTT and Mitsubishi Electric Corporation.
886 select CRYPTO_HASH !! 1280
887 select CRYPTO_MANAGER !! 1281 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1282
>> 1283 See also:
>> 1284 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1285
>> 1286 config CRYPTO_CAST_COMMON
>> 1287 tristate
888 help 1288 help
889 CMAC (Cipher-based Message Authentic !! 1289 Common parts of the CAST cipher algorithms shared by the
890 mode (NIST SP800-38B and IETF RFC449 !! 1290 generic c and the assembler implementations.
891 1291
892 config CRYPTO_GHASH !! 1292 config CRYPTO_CAST5
893 tristate "GHASH" !! 1293 tristate "CAST5 (CAST-128) cipher algorithm"
894 select CRYPTO_HASH !! 1294 select CRYPTO_ALGAPI
895 select CRYPTO_LIB_GF128MUL !! 1295 select CRYPTO_CAST_COMMON
896 help 1296 help
897 GCM GHASH function (NIST SP800-38D) !! 1297 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1298 described in RFC2144.
898 1299
899 config CRYPTO_HMAC !! 1300 config CRYPTO_CAST5_AVX_X86_64
900 tristate "HMAC (Keyed-Hash MAC)" !! 1301 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
901 select CRYPTO_HASH !! 1302 depends on X86 && 64BIT
902 select CRYPTO_MANAGER !! 1303 select CRYPTO_SKCIPHER
>> 1304 select CRYPTO_CAST5
>> 1305 select CRYPTO_CAST_COMMON
>> 1306 select CRYPTO_SIMD
>> 1307 imply CRYPTO_CTR
903 help 1308 help
904 HMAC (Keyed-Hash Message Authenticat !! 1309 The CAST5 encryption algorithm (synonymous with CAST-128) is
905 RFC2104) !! 1310 described in RFC2144.
906 1311
907 This is required for IPsec AH (XFRM_ !! 1312 This module provides the Cast5 cipher algorithm that processes
>> 1313 sixteen blocks parallel using the AVX instruction set.
908 1314
909 config CRYPTO_MD4 !! 1315 config CRYPTO_CAST6
910 tristate "MD4" !! 1316 tristate "CAST6 (CAST-256) cipher algorithm"
911 select CRYPTO_HASH !! 1317 select CRYPTO_ALGAPI
>> 1318 select CRYPTO_CAST_COMMON
912 help 1319 help
913 MD4 message digest algorithm (RFC132 !! 1320 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1321 described in RFC2612.
914 1322
915 config CRYPTO_MD5 !! 1323 config CRYPTO_CAST6_AVX_X86_64
916 tristate "MD5" !! 1324 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
917 select CRYPTO_HASH !! 1325 depends on X86 && 64BIT
>> 1326 select CRYPTO_SKCIPHER
>> 1327 select CRYPTO_CAST6
>> 1328 select CRYPTO_CAST_COMMON
>> 1329 select CRYPTO_SIMD
>> 1330 imply CRYPTO_XTS
>> 1331 imply CRYPTO_CTR
918 help 1332 help
919 MD5 message digest algorithm (RFC132 !! 1333 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1334 described in RFC2612.
920 1335
921 config CRYPTO_MICHAEL_MIC !! 1336 This module provides the Cast6 cipher algorithm that processes
922 tristate "Michael MIC" !! 1337 eight blocks parallel using the AVX instruction set.
923 select CRYPTO_HASH <<
924 help <<
925 Michael MIC (Message Integrity Code) <<
926 1338
927 Defined by the IEEE 802.11i TKIP (Te !! 1339 config CRYPTO_DES
928 known as WPA (Wif-Fi Protected Acces !! 1340 tristate "DES and Triple DES EDE cipher algorithms"
>> 1341 select CRYPTO_ALGAPI
>> 1342 select CRYPTO_LIB_DES
>> 1343 help
>> 1344 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
929 1345
930 This algorithm is required for TKIP, !! 1346 config CRYPTO_DES_SPARC64
931 other purposes because of the weakne !! 1347 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
>> 1348 depends on SPARC64
>> 1349 select CRYPTO_ALGAPI
>> 1350 select CRYPTO_LIB_DES
>> 1351 select CRYPTO_SKCIPHER
>> 1352 help
>> 1353 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
>> 1354 optimized using SPARC64 crypto opcodes.
932 1355
933 config CRYPTO_POLYVAL !! 1356 config CRYPTO_DES3_EDE_X86_64
934 tristate !! 1357 tristate "Triple DES EDE cipher algorithm (x86-64)"
935 select CRYPTO_HASH !! 1358 depends on X86 && 64BIT
936 select CRYPTO_LIB_GF128MUL !! 1359 select CRYPTO_SKCIPHER
>> 1360 select CRYPTO_LIB_DES
>> 1361 imply CRYPTO_CTR
937 help 1362 help
938 POLYVAL hash function for HCTR2 !! 1363 Triple DES EDE (FIPS 46-3) algorithm.
939 1364
940 This is used in HCTR2. It is not a !! 1365 This module provides implementation of the Triple DES EDE cipher
941 cryptographic hash function. !! 1366 algorithm that is optimized for x86-64 processors. Two versions of
>> 1367 algorithm are provided; regular processing one input block and
>> 1368 one that processes three blocks parallel.
942 1369
943 config CRYPTO_POLY1305 !! 1370 config CRYPTO_FCRYPT
944 tristate "Poly1305" !! 1371 tristate "FCrypt cipher algorithm"
945 select CRYPTO_HASH !! 1372 select CRYPTO_ALGAPI
946 select CRYPTO_LIB_POLY1305_GENERIC !! 1373 select CRYPTO_SKCIPHER
947 help 1374 help
948 Poly1305 authenticator algorithm (RF !! 1375 FCrypt algorithm used by RxRPC.
949 1376
950 Poly1305 is an authenticator algorit !! 1377 config CRYPTO_KHAZAD
951 It is used for the ChaCha20-Poly1305 !! 1378 tristate "Khazad cipher algorithm"
952 in IETF protocols. This is the porta !! 1379 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
>> 1380 select CRYPTO_ALGAPI
>> 1381 help
>> 1382 Khazad cipher algorithm.
953 1383
954 config CRYPTO_RMD160 !! 1384 Khazad was a finalist in the initial NESSIE competition. It is
955 tristate "RIPEMD-160" !! 1385 an algorithm optimized for 64-bit processors with good performance
956 select CRYPTO_HASH !! 1386 on 32-bit processors. Khazad uses an 128 bit key size.
>> 1387
>> 1388 See also:
>> 1389 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
>> 1390
>> 1391 config CRYPTO_CHACHA20
>> 1392 tristate "ChaCha stream cipher algorithms"
>> 1393 select CRYPTO_LIB_CHACHA_GENERIC
>> 1394 select CRYPTO_SKCIPHER
957 help 1395 help
958 RIPEMD-160 hash function (ISO/IEC 10 !! 1396 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
959 1397
960 RIPEMD-160 is a 160-bit cryptographi !! 1398 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
961 to be used as a secure replacement f !! 1399 Bernstein and further specified in RFC7539 for use in IETF protocols.
962 MD4, MD5 and its predecessor RIPEMD !! 1400 This is the portable C implementation of ChaCha20. See also:
963 (not to be confused with RIPEMD-128) !! 1401 <https://cr.yp.to/chacha/chacha-20080128.pdf>
964 1402
965 Its speed is comparable to SHA-1 and !! 1403 XChaCha20 is the application of the XSalsa20 construction to ChaCha20
966 against RIPEMD-160. !! 1404 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
>> 1405 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
>> 1406 while provably retaining ChaCha20's security. See also:
>> 1407 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
967 1408
968 Developed by Hans Dobbertin, Antoon !! 1409 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
969 See https://homes.esat.kuleuven.be/~ !! 1410 reduced security margin but increased performance. It can be needed
970 for further information. !! 1411 in some performance-sensitive scenarios.
971 1412
972 config CRYPTO_SHA1 !! 1413 config CRYPTO_CHACHA20_X86_64
973 tristate "SHA-1" !! 1414 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
974 select CRYPTO_HASH !! 1415 depends on X86 && 64BIT
975 select CRYPTO_LIB_SHA1 !! 1416 select CRYPTO_SKCIPHER
>> 1417 select CRYPTO_LIB_CHACHA_GENERIC
>> 1418 select CRYPTO_ARCH_HAVE_LIB_CHACHA
976 help 1419 help
977 SHA-1 secure hash algorithm (FIPS 18 !! 1420 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
>> 1421 XChaCha20, and XChaCha12 stream ciphers.
978 1422
979 config CRYPTO_SHA256 !! 1423 config CRYPTO_CHACHA_MIPS
980 tristate "SHA-224 and SHA-256" !! 1424 tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)"
981 select CRYPTO_HASH !! 1425 depends on CPU_MIPS32_R2
982 select CRYPTO_LIB_SHA256 !! 1426 select CRYPTO_SKCIPHER
>> 1427 select CRYPTO_ARCH_HAVE_LIB_CHACHA
>> 1428
>> 1429 config CRYPTO_SEED
>> 1430 tristate "SEED cipher algorithm"
>> 1431 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
>> 1432 select CRYPTO_ALGAPI
983 help 1433 help
984 SHA-224 and SHA-256 secure hash algo !! 1434 SEED cipher algorithm (RFC4269).
>> 1435
>> 1436 SEED is a 128-bit symmetric key block cipher that has been
>> 1437 developed by KISA (Korea Information Security Agency) as a
>> 1438 national standard encryption algorithm of the Republic of Korea.
>> 1439 It is a 16 round block cipher with the key size of 128 bit.
985 1440
986 This is required for IPsec AH (XFRM_ !! 1441 See also:
987 Used by the btrfs filesystem, Ceph, !! 1442 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
988 1443
989 config CRYPTO_SHA512 !! 1444 config CRYPTO_SERPENT
990 tristate "SHA-384 and SHA-512" !! 1445 tristate "Serpent cipher algorithm"
991 select CRYPTO_HASH !! 1446 select CRYPTO_ALGAPI
992 help 1447 help
993 SHA-384 and SHA-512 secure hash algo !! 1448 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
994 1449
995 config CRYPTO_SHA3 !! 1450 Keys are allowed to be from 0 to 256 bits in length, in steps
996 tristate "SHA-3" !! 1451 of 8 bits.
997 select CRYPTO_HASH !! 1452
>> 1453 See also:
>> 1454 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1455
>> 1456 config CRYPTO_SERPENT_SSE2_X86_64
>> 1457 tristate "Serpent cipher algorithm (x86_64/SSE2)"
>> 1458 depends on X86 && 64BIT
>> 1459 select CRYPTO_SKCIPHER
>> 1460 select CRYPTO_SERPENT
>> 1461 select CRYPTO_SIMD
>> 1462 imply CRYPTO_CTR
998 help 1463 help
999 SHA-3 secure hash algorithms (FIPS 2 !! 1464 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1000 1465
1001 config CRYPTO_SM3 !! 1466 Keys are allowed to be from 0 to 256 bits in length, in steps
1002 tristate !! 1467 of 8 bits.
1003 1468
1004 config CRYPTO_SM3_GENERIC !! 1469 This module provides Serpent cipher algorithm that processes eight
1005 tristate "SM3 (ShangMi 3)" !! 1470 blocks parallel using SSE2 instruction set.
1006 select CRYPTO_HASH !! 1471
1007 select CRYPTO_SM3 !! 1472 See also:
>> 1473 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1474
>> 1475 config CRYPTO_SERPENT_SSE2_586
>> 1476 tristate "Serpent cipher algorithm (i586/SSE2)"
>> 1477 depends on X86 && !64BIT
>> 1478 select CRYPTO_SKCIPHER
>> 1479 select CRYPTO_SERPENT
>> 1480 select CRYPTO_SIMD
>> 1481 imply CRYPTO_CTR
1008 help 1482 help
1009 SM3 (ShangMi 3) secure hash functio !! 1483 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1010 1484
1011 This is part of the Chinese Commerc !! 1485 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1486 of 8 bits.
1012 1487
1013 References: !! 1488 This module provides Serpent cipher algorithm that processes four
1014 http://www.oscca.gov.cn/UpFile/2010 !! 1489 blocks parallel using SSE2 instruction set.
1015 https://datatracker.ietf.org/doc/ht <<
1016 1490
1017 config CRYPTO_STREEBOG !! 1491 See also:
1018 tristate "Streebog" !! 1492 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1019 select CRYPTO_HASH !! 1493
>> 1494 config CRYPTO_SERPENT_AVX_X86_64
>> 1495 tristate "Serpent cipher algorithm (x86_64/AVX)"
>> 1496 depends on X86 && 64BIT
>> 1497 select CRYPTO_SKCIPHER
>> 1498 select CRYPTO_SERPENT
>> 1499 select CRYPTO_SIMD
>> 1500 imply CRYPTO_XTS
>> 1501 imply CRYPTO_CTR
1020 help 1502 help
1021 Streebog Hash Function (GOST R 34.1 !! 1503 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1022 1504
1023 This is one of the Russian cryptogr !! 1505 Keys are allowed to be from 0 to 256 bits in length, in steps
1024 GOST algorithms). This setting enab !! 1506 of 8 bits.
1025 256 and 512 bits output. <<
1026 1507
1027 References: !! 1508 This module provides the Serpent cipher algorithm that processes
1028 https://tc26.ru/upload/iblock/fed/f !! 1509 eight blocks parallel using the AVX instruction set.
1029 https://tools.ietf.org/html/rfc6986 <<
1030 1510
1031 config CRYPTO_VMAC !! 1511 See also:
1032 tristate "VMAC" !! 1512 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1033 select CRYPTO_HASH !! 1513
1034 select CRYPTO_MANAGER !! 1514 config CRYPTO_SERPENT_AVX2_X86_64
>> 1515 tristate "Serpent cipher algorithm (x86_64/AVX2)"
>> 1516 depends on X86 && 64BIT
>> 1517 select CRYPTO_SERPENT_AVX_X86_64
1035 help 1518 help
1036 VMAC is a message authentication al !! 1519 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1037 very high speed on 64-bit architect <<
1038 1520
1039 See https://fastcrypto.org/vmac for !! 1521 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1522 of 8 bits.
1040 1523
1041 config CRYPTO_WP512 !! 1524 This module provides Serpent cipher algorithm that processes 16
1042 tristate "Whirlpool" !! 1525 blocks parallel using AVX2 instruction set.
1043 select CRYPTO_HASH !! 1526
>> 1527 See also:
>> 1528 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1529
>> 1530 config CRYPTO_SM4
>> 1531 tristate "SM4 cipher algorithm"
>> 1532 select CRYPTO_ALGAPI
>> 1533 select CRYPTO_LIB_SM4
1044 help 1534 help
1045 Whirlpool hash function (ISO/IEC 10 !! 1535 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1046 1536
1047 512, 384 and 256-bit hashes. !! 1537 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
>> 1538 Organization of State Commercial Administration of China (OSCCA)
>> 1539 as an authorized cryptographic algorithms for the use within China.
1048 1540
1049 Whirlpool-512 is part of the NESSIE !! 1541 SMS4 was originally created for use in protecting wireless
>> 1542 networks, and is mandated in the Chinese National Standard for
>> 1543 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
>> 1544 (GB.15629.11-2003).
>> 1545
>> 1546 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
>> 1547 standardized through TC 260 of the Standardization Administration
>> 1548 of the People's Republic of China (SAC).
1050 1549
1051 See https://web.archive.org/web/201 !! 1550 The input, output, and key of SMS4 are each 128 bits.
1052 for further information. <<
1053 1551
1054 config CRYPTO_XCBC !! 1552 See also: <https://eprint.iacr.org/2008/329.pdf>
1055 tristate "XCBC-MAC (Extended Cipher B !! 1553
1056 select CRYPTO_HASH !! 1554 If unsure, say N.
1057 select CRYPTO_MANAGER !! 1555
>> 1556 config CRYPTO_SM4_AESNI_AVX_X86_64
>> 1557 tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX)"
>> 1558 depends on X86 && 64BIT
>> 1559 select CRYPTO_SKCIPHER
>> 1560 select CRYPTO_SIMD
>> 1561 select CRYPTO_ALGAPI
>> 1562 select CRYPTO_LIB_SM4
1058 help 1563 help
1059 XCBC-MAC (Extended Cipher Block Cha !! 1564 SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX).
1060 Code) (RFC3566) <<
1061 1565
1062 config CRYPTO_XXHASH !! 1566 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1063 tristate "xxHash" !! 1567 Organization of State Commercial Administration of China (OSCCA)
1064 select CRYPTO_HASH !! 1568 as an authorized cryptographic algorithms for the use within China.
1065 select XXHASH !! 1569
>> 1570 This is SM4 optimized implementation using AES-NI/AVX/x86_64
>> 1571 instruction set for block cipher. Through two affine transforms,
>> 1572 we can use the AES S-Box to simulate the SM4 S-Box to achieve the
>> 1573 effect of instruction acceleration.
>> 1574
>> 1575 If unsure, say N.
>> 1576
>> 1577 config CRYPTO_SM4_AESNI_AVX2_X86_64
>> 1578 tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX2)"
>> 1579 depends on X86 && 64BIT
>> 1580 select CRYPTO_SKCIPHER
>> 1581 select CRYPTO_SIMD
>> 1582 select CRYPTO_ALGAPI
>> 1583 select CRYPTO_LIB_SM4
>> 1584 select CRYPTO_SM4_AESNI_AVX_X86_64
1066 help 1585 help
1067 xxHash non-cryptographic hash algor !! 1586 SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX2).
1068 1587
1069 Extremely fast, working at speeds c !! 1588 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
>> 1589 Organization of State Commercial Administration of China (OSCCA)
>> 1590 as an authorized cryptographic algorithms for the use within China.
1070 1591
1071 Used by the btrfs filesystem. !! 1592 This is SM4 optimized implementation using AES-NI/AVX2/x86_64
>> 1593 instruction set for block cipher. Through two affine transforms,
>> 1594 we can use the AES S-Box to simulate the SM4 S-Box to achieve the
>> 1595 effect of instruction acceleration.
1072 1596
1073 endmenu !! 1597 If unsure, say N.
1074 1598
1075 menu "CRCs (cyclic redundancy checks)" !! 1599 config CRYPTO_TEA
>> 1600 tristate "TEA, XTEA and XETA cipher algorithms"
>> 1601 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
>> 1602 select CRYPTO_ALGAPI
>> 1603 help
>> 1604 TEA cipher algorithm.
1076 1605
1077 config CRYPTO_CRC32C !! 1606 Tiny Encryption Algorithm is a simple cipher that uses
1078 tristate "CRC32c" !! 1607 many rounds for security. It is very fast and uses
1079 select CRYPTO_HASH !! 1608 little memory.
1080 select CRC32 !! 1609
>> 1610 Xtendend Tiny Encryption Algorithm is a modification to
>> 1611 the TEA algorithm to address a potential key weakness
>> 1612 in the TEA algorithm.
>> 1613
>> 1614 Xtendend Encryption Tiny Algorithm is a mis-implementation
>> 1615 of the XTEA algorithm for compatibility purposes.
>> 1616
>> 1617 config CRYPTO_TWOFISH
>> 1618 tristate "Twofish cipher algorithm"
>> 1619 select CRYPTO_ALGAPI
>> 1620 select CRYPTO_TWOFISH_COMMON
1081 help 1621 help
1082 CRC32c CRC algorithm with the iSCSI !! 1622 Twofish cipher algorithm.
1083 1623
1084 A 32-bit CRC (cyclic redundancy che !! 1624 Twofish was submitted as an AES (Advanced Encryption Standard)
1085 by G. Castagnoli, S. Braeuer and M. !! 1625 candidate cipher by researchers at CounterPane Systems. It is a
1086 Redundancy-Check Codes with 24 and !! 1626 16 round block cipher supporting key sizes of 128, 192, and 256
1087 on Communications, Vol. 41, No. 6, !! 1627 bits.
1088 iSCSI. <<
1089 1628
1090 Used by btrfs, ext4, jbd2, NVMeoF/T !! 1629 See also:
>> 1630 <https://www.schneier.com/twofish.html>
1091 1631
1092 config CRYPTO_CRC32 !! 1632 config CRYPTO_TWOFISH_COMMON
1093 tristate "CRC32" !! 1633 tristate
1094 select CRYPTO_HASH !! 1634 help
1095 select CRC32 !! 1635 Common parts of the Twofish cipher algorithm shared by the
>> 1636 generic c and the assembler implementations.
>> 1637
>> 1638 config CRYPTO_TWOFISH_586
>> 1639 tristate "Twofish cipher algorithms (i586)"
>> 1640 depends on (X86 || UML_X86) && !64BIT
>> 1641 select CRYPTO_ALGAPI
>> 1642 select CRYPTO_TWOFISH_COMMON
>> 1643 imply CRYPTO_CTR
1096 help 1644 help
1097 CRC32 CRC algorithm (IEEE 802.3) !! 1645 Twofish cipher algorithm.
>> 1646
>> 1647 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1648 candidate cipher by researchers at CounterPane Systems. It is a
>> 1649 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1650 bits.
1098 1651
1099 Used by RoCEv2 and f2fs. !! 1652 See also:
>> 1653 <https://www.schneier.com/twofish.html>
1100 1654
1101 config CRYPTO_CRCT10DIF !! 1655 config CRYPTO_TWOFISH_X86_64
1102 tristate "CRCT10DIF" !! 1656 tristate "Twofish cipher algorithm (x86_64)"
1103 select CRYPTO_HASH !! 1657 depends on (X86 || UML_X86) && 64BIT
>> 1658 select CRYPTO_ALGAPI
>> 1659 select CRYPTO_TWOFISH_COMMON
>> 1660 imply CRYPTO_CTR
1104 help 1661 help
1105 CRC16 CRC algorithm used for the T1 !! 1662 Twofish cipher algorithm (x86_64).
>> 1663
>> 1664 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1665 candidate cipher by researchers at CounterPane Systems. It is a
>> 1666 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1667 bits.
1106 1668
1107 CRC algorithm used by the SCSI Bloc !! 1669 See also:
>> 1670 <https://www.schneier.com/twofish.html>
1108 1671
1109 config CRYPTO_CRC64_ROCKSOFT !! 1672 config CRYPTO_TWOFISH_X86_64_3WAY
1110 tristate "CRC64 based on Rocksoft Mod !! 1673 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1111 depends on CRC64 !! 1674 depends on X86 && 64BIT
1112 select CRYPTO_HASH !! 1675 select CRYPTO_SKCIPHER
>> 1676 select CRYPTO_TWOFISH_COMMON
>> 1677 select CRYPTO_TWOFISH_X86_64
1113 help 1678 help
1114 CRC64 CRC algorithm based on the Ro !! 1679 Twofish cipher algorithm (x86_64, 3-way parallel).
>> 1680
>> 1681 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1682 candidate cipher by researchers at CounterPane Systems. It is a
>> 1683 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1684 bits.
1115 1685
1116 Used by the NVMe implementation of !! 1686 This module provides Twofish cipher algorithm that processes three
>> 1687 blocks parallel, utilizing resources of out-of-order CPUs better.
1117 1688
1118 See https://zlib.net/crc_v3.txt !! 1689 See also:
>> 1690 <https://www.schneier.com/twofish.html>
1119 1691
1120 endmenu !! 1692 config CRYPTO_TWOFISH_AVX_X86_64
>> 1693 tristate "Twofish cipher algorithm (x86_64/AVX)"
>> 1694 depends on X86 && 64BIT
>> 1695 select CRYPTO_SKCIPHER
>> 1696 select CRYPTO_SIMD
>> 1697 select CRYPTO_TWOFISH_COMMON
>> 1698 select CRYPTO_TWOFISH_X86_64
>> 1699 select CRYPTO_TWOFISH_X86_64_3WAY
>> 1700 imply CRYPTO_XTS
>> 1701 help
>> 1702 Twofish cipher algorithm (x86_64/AVX).
>> 1703
>> 1704 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1705 candidate cipher by researchers at CounterPane Systems. It is a
>> 1706 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1707 bits.
1121 1708
1122 menu "Compression" !! 1709 This module provides the Twofish cipher algorithm that processes
>> 1710 eight blocks parallel using the AVX Instruction Set.
>> 1711
>> 1712 See also:
>> 1713 <https://www.schneier.com/twofish.html>
>> 1714
>> 1715 comment "Compression"
1123 1716
1124 config CRYPTO_DEFLATE 1717 config CRYPTO_DEFLATE
1125 tristate "Deflate" !! 1718 tristate "Deflate compression algorithm"
1126 select CRYPTO_ALGAPI 1719 select CRYPTO_ALGAPI
1127 select CRYPTO_ACOMP2 1720 select CRYPTO_ACOMP2
1128 select ZLIB_INFLATE 1721 select ZLIB_INFLATE
1129 select ZLIB_DEFLATE 1722 select ZLIB_DEFLATE
1130 help 1723 help
1131 Deflate compression algorithm (RFC1 !! 1724 This is the Deflate algorithm (RFC1951), specified for use in
>> 1725 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1132 1726
1133 Used by IPSec with the IPCOMP proto !! 1727 You will most probably want this if using IPSec.
1134 1728
1135 config CRYPTO_LZO 1729 config CRYPTO_LZO
1136 tristate "LZO" !! 1730 tristate "LZO compression algorithm"
1137 select CRYPTO_ALGAPI 1731 select CRYPTO_ALGAPI
1138 select CRYPTO_ACOMP2 1732 select CRYPTO_ACOMP2
1139 select LZO_COMPRESS 1733 select LZO_COMPRESS
1140 select LZO_DECOMPRESS 1734 select LZO_DECOMPRESS
1141 help 1735 help
1142 LZO compression algorithm !! 1736 This is the LZO algorithm.
1143 <<
1144 See https://www.oberhumer.com/opens <<
1145 1737
1146 config CRYPTO_842 1738 config CRYPTO_842
1147 tristate "842" !! 1739 tristate "842 compression algorithm"
1148 select CRYPTO_ALGAPI 1740 select CRYPTO_ALGAPI
1149 select CRYPTO_ACOMP2 1741 select CRYPTO_ACOMP2
1150 select 842_COMPRESS 1742 select 842_COMPRESS
1151 select 842_DECOMPRESS 1743 select 842_DECOMPRESS
1152 help 1744 help
1153 842 compression algorithm by IBM !! 1745 This is the 842 algorithm.
1154 <<
1155 See https://github.com/plauth/lib84 <<
1156 1746
1157 config CRYPTO_LZ4 1747 config CRYPTO_LZ4
1158 tristate "LZ4" !! 1748 tristate "LZ4 compression algorithm"
1159 select CRYPTO_ALGAPI 1749 select CRYPTO_ALGAPI
1160 select CRYPTO_ACOMP2 1750 select CRYPTO_ACOMP2
1161 select LZ4_COMPRESS 1751 select LZ4_COMPRESS
1162 select LZ4_DECOMPRESS 1752 select LZ4_DECOMPRESS
1163 help 1753 help
1164 LZ4 compression algorithm !! 1754 This is the LZ4 algorithm.
1165 <<
1166 See https://github.com/lz4/lz4 for <<
1167 1755
1168 config CRYPTO_LZ4HC 1756 config CRYPTO_LZ4HC
1169 tristate "LZ4HC" !! 1757 tristate "LZ4HC compression algorithm"
1170 select CRYPTO_ALGAPI 1758 select CRYPTO_ALGAPI
1171 select CRYPTO_ACOMP2 1759 select CRYPTO_ACOMP2
1172 select LZ4HC_COMPRESS 1760 select LZ4HC_COMPRESS
1173 select LZ4_DECOMPRESS 1761 select LZ4_DECOMPRESS
1174 help 1762 help
1175 LZ4 high compression mode algorithm !! 1763 This is the LZ4 high compression mode algorithm.
1176 <<
1177 See https://github.com/lz4/lz4 for <<
1178 1764
1179 config CRYPTO_ZSTD 1765 config CRYPTO_ZSTD
1180 tristate "Zstd" !! 1766 tristate "Zstd compression algorithm"
1181 select CRYPTO_ALGAPI 1767 select CRYPTO_ALGAPI
1182 select CRYPTO_ACOMP2 1768 select CRYPTO_ACOMP2
1183 select ZSTD_COMPRESS 1769 select ZSTD_COMPRESS
1184 select ZSTD_DECOMPRESS 1770 select ZSTD_DECOMPRESS
1185 help 1771 help
1186 zstd compression algorithm !! 1772 This is the zstd algorithm.
1187 <<
1188 See https://github.com/facebook/zst <<
1189 <<
1190 endmenu <<
1191 1773
1192 menu "Random number generation" !! 1774 comment "Random Number Generation"
1193 1775
1194 config CRYPTO_ANSI_CPRNG 1776 config CRYPTO_ANSI_CPRNG
1195 tristate "ANSI PRNG (Pseudo Random Nu !! 1777 tristate "Pseudo Random Number Generation for Cryptographic modules"
1196 select CRYPTO_AES 1778 select CRYPTO_AES
1197 select CRYPTO_RNG 1779 select CRYPTO_RNG
1198 help 1780 help
1199 Pseudo RNG (random number generator !! 1781 This option enables the generic pseudo random number generator
1200 !! 1782 for cryptographic modules. Uses the Algorithm specified in
1201 This uses the AES cipher algorithm. !! 1783 ANSI X9.31 A.2.4. Note that this option must be enabled if
1202 !! 1784 CRYPTO_FIPS is selected
1203 Note that this option must be enabl <<
1204 1785
1205 menuconfig CRYPTO_DRBG_MENU 1786 menuconfig CRYPTO_DRBG_MENU
1206 tristate "NIST SP800-90A DRBG (Determ !! 1787 tristate "NIST SP800-90A DRBG"
1207 help 1788 help
1208 DRBG (Deterministic Random Bit Gene !! 1789 NIST SP800-90A compliant DRBG. In the following submenu, one or
1209 !! 1790 more of the DRBG types must be selected.
1210 In the following submenu, one or mo <<
1211 1791
1212 if CRYPTO_DRBG_MENU 1792 if CRYPTO_DRBG_MENU
1213 1793
1214 config CRYPTO_DRBG_HMAC 1794 config CRYPTO_DRBG_HMAC
1215 bool 1795 bool
1216 default y 1796 default y
1217 select CRYPTO_HMAC 1797 select CRYPTO_HMAC
1218 select CRYPTO_SHA512 1798 select CRYPTO_SHA512
1219 1799
1220 config CRYPTO_DRBG_HASH 1800 config CRYPTO_DRBG_HASH
1221 bool "Hash_DRBG" !! 1801 bool "Enable Hash DRBG"
1222 select CRYPTO_SHA256 1802 select CRYPTO_SHA256
1223 help 1803 help
1224 Hash_DRBG variant as defined in NIS !! 1804 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1225 <<
1226 This uses the SHA-1, SHA-256, SHA-3 <<
1227 1805
1228 config CRYPTO_DRBG_CTR 1806 config CRYPTO_DRBG_CTR
1229 bool "CTR_DRBG" !! 1807 bool "Enable CTR DRBG"
1230 select CRYPTO_AES 1808 select CRYPTO_AES
1231 select CRYPTO_CTR 1809 select CRYPTO_CTR
1232 help 1810 help
1233 CTR_DRBG variant as defined in NIST !! 1811 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1234 <<
1235 This uses the AES cipher algorithm <<
1236 1812
1237 config CRYPTO_DRBG 1813 config CRYPTO_DRBG
1238 tristate 1814 tristate
1239 default CRYPTO_DRBG_MENU 1815 default CRYPTO_DRBG_MENU
1240 select CRYPTO_RNG 1816 select CRYPTO_RNG
1241 select CRYPTO_JITTERENTROPY 1817 select CRYPTO_JITTERENTROPY
1242 1818
1243 endif # if CRYPTO_DRBG_MENU 1819 endif # if CRYPTO_DRBG_MENU
1244 1820
1245 config CRYPTO_JITTERENTROPY 1821 config CRYPTO_JITTERENTROPY
1246 tristate "CPU Jitter Non-Deterministi !! 1822 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1247 select CRYPTO_RNG 1823 select CRYPTO_RNG
1248 select CRYPTO_SHA3 <<
1249 help 1824 help
1250 CPU Jitter RNG (Random Number Gener !! 1825 The Jitterentropy RNG is a noise that is intended
1251 !! 1826 to provide seed to another RNG. The RNG does not
1252 A non-physical non-deterministic (" !! 1827 perform any cryptographic whitening of the generated
1253 compliant with NIST SP800-90B) inte !! 1828 random numbers. This Jitterentropy RNG registers with
1254 deterministic RNG (e.g., per NIST S !! 1829 the kernel crypto API and can be used by any caller.
1255 This RNG does not perform any crypt <<
1256 random numbers. <<
1257 <<
1258 See https://www.chronox.de/jent/ <<
1259 <<
1260 if CRYPTO_JITTERENTROPY <<
1261 if CRYPTO_FIPS && EXPERT <<
1262 <<
1263 choice <<
1264 prompt "CPU Jitter RNG Memory Size" <<
1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ <<
1266 help <<
1267 The Jitter RNG measures the executi <<
1268 Multiple consecutive memory accesse <<
1269 size fits into a cache (e.g. L1), o <<
1270 to that cache is measured. The clos <<
1271 the less variations are measured an <<
1272 obtained. Thus, if the memory size <<
1273 obtained entropy is less than if th <<
1274 L1 + L2, which in turn is less if t <<
1275 L1 + L2 + L3. Thus, by selecting a <<
1276 the entropy rate produced by the Ji <<
1277 <<
1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 <<
1279 bool "2048 Bytes (default)" <<
1280 <<
1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1282 bool "128 kBytes" <<
1283 <<
1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1285 bool "1024 kBytes" <<
1286 <<
1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 <<
1288 bool "8192 kBytes" <<
1289 endchoice <<
1290 <<
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1292 int <<
1293 default 64 if CRYPTO_JITTERENTROPY_ME <<
1294 default 512 if CRYPTO_JITTERENTROPY_M <<
1295 default 1024 if CRYPTO_JITTERENTROPY_ <<
1296 default 4096 if CRYPTO_JITTERENTROPY_ <<
1297 <<
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1299 int <<
1300 default 32 if CRYPTO_JITTERENTROPY_ME <<
1301 default 256 if CRYPTO_JITTERENTROPY_M <<
1302 default 1024 if CRYPTO_JITTERENTROPY_ <<
1303 default 2048 if CRYPTO_JITTERENTROPY_ <<
1304 <<
1305 config CRYPTO_JITTERENTROPY_OSR <<
1306 int "CPU Jitter RNG Oversampling Rate <<
1307 range 1 15 <<
1308 default 3 <<
1309 help <<
1310 The Jitter RNG allows the specifica <<
1311 The Jitter RNG operation requires a <<
1312 measurements to produce one output <<
1313 OSR value is multiplied with the am <<
1314 generate one output block. Thus, th <<
1315 by the OSR factor. The oversampling <<
1316 on hardware whose timers deliver li <<
1317 the timer is coarse) by setting the <<
1318 trade-off, however, is that the Jit <<
1319 to generate random numbers. <<
1320 <<
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1322 bool "CPU Jitter RNG Test Interface" <<
1323 help <<
1324 The test interface allows a privile <<
1325 the raw unconditioned high resoluti <<
1326 is collected by the Jitter RNG for <<
1327 this data is used at the same time <<
1328 the Jitter RNG operates in an insec <<
1329 recording is enabled. This interfac <<
1330 intended for testing purposes and i <<
1331 production systems. <<
1332 <<
1333 The raw noise data can be obtained <<
1334 debugfs file. Using the option <<
1335 jitterentropy_testing.boot_raw_hire <<
1336 the first 1000 entropy events since <<
1337 <<
1338 If unsure, select N. <<
1339 <<
1340 endif # if CRYPTO_FIPS && EXPERT <<
1341 <<
1342 if !(CRYPTO_FIPS && EXPERT) <<
1343 <<
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1345 int <<
1346 default 64 <<
1347 <<
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1349 int <<
1350 default 32 <<
1351 <<
1352 config CRYPTO_JITTERENTROPY_OSR <<
1353 int <<
1354 default 1 <<
1355 <<
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1357 bool <<
1358 <<
1359 endif # if !(CRYPTO_FIPS && EXPERT) <<
1360 endif # if CRYPTO_JITTERENTROPY <<
1361 <<
1362 config CRYPTO_KDF800108_CTR <<
1363 tristate <<
1364 select CRYPTO_HMAC <<
1365 select CRYPTO_SHA256 <<
1366 <<
1367 endmenu <<
1368 menu "Userspace interface" <<
1369 1830
1370 config CRYPTO_USER_API 1831 config CRYPTO_USER_API
1371 tristate 1832 tristate
1372 1833
1373 config CRYPTO_USER_API_HASH 1834 config CRYPTO_USER_API_HASH
1374 tristate "Hash algorithms" !! 1835 tristate "User-space interface for hash algorithms"
1375 depends on NET 1836 depends on NET
1376 select CRYPTO_HASH 1837 select CRYPTO_HASH
1377 select CRYPTO_USER_API 1838 select CRYPTO_USER_API
1378 help 1839 help
1379 Enable the userspace interface for !! 1840 This option enables the user-spaces interface for hash
1380 !! 1841 algorithms.
1381 See Documentation/crypto/userspace- <<
1382 https://www.chronox.de/libkcapi/htm <<
1383 1842
1384 config CRYPTO_USER_API_SKCIPHER 1843 config CRYPTO_USER_API_SKCIPHER
1385 tristate "Symmetric key cipher algori !! 1844 tristate "User-space interface for symmetric key cipher algorithms"
1386 depends on NET 1845 depends on NET
1387 select CRYPTO_SKCIPHER 1846 select CRYPTO_SKCIPHER
1388 select CRYPTO_USER_API 1847 select CRYPTO_USER_API
1389 help 1848 help
1390 Enable the userspace interface for !! 1849 This option enables the user-spaces interface for symmetric
1391 !! 1850 key cipher algorithms.
1392 See Documentation/crypto/userspace- <<
1393 https://www.chronox.de/libkcapi/htm <<
1394 1851
1395 config CRYPTO_USER_API_RNG 1852 config CRYPTO_USER_API_RNG
1396 tristate "RNG (random number generato !! 1853 tristate "User-space interface for random number generator algorithms"
1397 depends on NET 1854 depends on NET
1398 select CRYPTO_RNG 1855 select CRYPTO_RNG
1399 select CRYPTO_USER_API 1856 select CRYPTO_USER_API
1400 help 1857 help
1401 Enable the userspace interface for !! 1858 This option enables the user-spaces interface for random
1402 algorithms. !! 1859 number generator algorithms.
1403 <<
1404 See Documentation/crypto/userspace- <<
1405 https://www.chronox.de/libkcapi/htm <<
1406 1860
1407 config CRYPTO_USER_API_RNG_CAVP 1861 config CRYPTO_USER_API_RNG_CAVP
1408 bool "Enable CAVP testing of DRBG" 1862 bool "Enable CAVP testing of DRBG"
1409 depends on CRYPTO_USER_API_RNG && CRY 1863 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
1410 help 1864 help
1411 Enable extra APIs in the userspace !! 1865 This option enables extra API for CAVP testing via the user-space
1412 (Cryptographic Algorithm Validation !! 1866 interface: resetting of DRBG entropy, and providing Additional Data.
1413 - resetting DRBG entropy <<
1414 - providing Additional Data <<
1415 <<
1416 This should only be enabled for CAV 1867 This should only be enabled for CAVP testing. You should say
1417 no unless you know what this is. 1868 no unless you know what this is.
1418 1869
1419 config CRYPTO_USER_API_AEAD 1870 config CRYPTO_USER_API_AEAD
1420 tristate "AEAD cipher algorithms" !! 1871 tristate "User-space interface for AEAD cipher algorithms"
1421 depends on NET 1872 depends on NET
1422 select CRYPTO_AEAD 1873 select CRYPTO_AEAD
1423 select CRYPTO_SKCIPHER 1874 select CRYPTO_SKCIPHER
1424 select CRYPTO_NULL 1875 select CRYPTO_NULL
1425 select CRYPTO_USER_API 1876 select CRYPTO_USER_API
1426 help 1877 help
1427 Enable the userspace interface for !! 1878 This option enables the user-spaces interface for AEAD
1428 !! 1879 cipher algorithms.
1429 See Documentation/crypto/userspace- <<
1430 https://www.chronox.de/libkcapi/htm <<
1431 1880
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE 1881 config CRYPTO_USER_API_ENABLE_OBSOLETE
1433 bool "Obsolete cryptographic algorith !! 1882 bool "Enable obsolete cryptographic algorithms for userspace"
1434 depends on CRYPTO_USER_API 1883 depends on CRYPTO_USER_API
1435 default y 1884 default y
1436 help 1885 help
1437 Allow obsolete cryptographic algori 1886 Allow obsolete cryptographic algorithms to be selected that have
1438 already been phased out from intern 1887 already been phased out from internal use by the kernel, and are
1439 only useful for userspace clients t 1888 only useful for userspace clients that still rely on them.
1440 1889
1441 endmenu !! 1890 config CRYPTO_STATS
>> 1891 bool "Crypto usage statistics for User-space"
>> 1892 depends on CRYPTO_USER
>> 1893 help
>> 1894 This option enables the gathering of crypto stats.
>> 1895 This will collect:
>> 1896 - encrypt/decrypt size and numbers of symmeric operations
>> 1897 - compress/decompress size and numbers of compress operations
>> 1898 - size and numbers of hash operations
>> 1899 - encrypt/decrypt/sign/verify numbers for asymmetric operations
>> 1900 - generate/seed numbers for rng operations
1442 1901
1443 config CRYPTO_HASH_INFO 1902 config CRYPTO_HASH_INFO
1444 bool 1903 bool
1445 <<
1446 if !KMSAN # avoid false positives from assemb <<
1447 if ARM <<
1448 source "arch/arm/crypto/Kconfig" <<
1449 endif <<
1450 if ARM64 <<
1451 source "arch/arm64/crypto/Kconfig" <<
1452 endif <<
1453 if LOONGARCH <<
1454 source "arch/loongarch/crypto/Kconfig" <<
1455 endif <<
1456 if MIPS <<
1457 source "arch/mips/crypto/Kconfig" <<
1458 endif <<
1459 if PPC <<
1460 source "arch/powerpc/crypto/Kconfig" <<
1461 endif <<
1462 if RISCV <<
1463 source "arch/riscv/crypto/Kconfig" <<
1464 endif <<
1465 if S390 <<
1466 source "arch/s390/crypto/Kconfig" <<
1467 endif <<
1468 if SPARC <<
1469 source "arch/sparc/crypto/Kconfig" <<
1470 endif <<
1471 if X86 <<
1472 source "arch/x86/crypto/Kconfig" <<
1473 endif <<
1474 endif <<
1475 1904
1476 source "drivers/crypto/Kconfig" 1905 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig" 1906 source "crypto/asymmetric_keys/Kconfig"
1478 source "certs/Kconfig" 1907 source "certs/Kconfig"
1479 1908
1480 endif # if CRYPTO 1909 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.