1 # SPDX-License-Identifier: GPL-2.0 1 # SPDX-License-Identifier: GPL-2.0 2 # 2 # 3 # Generic algorithms support 3 # Generic algorithms support 4 # 4 # 5 config XOR_BLOCKS 5 config XOR_BLOCKS 6 tristate 6 tristate 7 7 8 # 8 # 9 # async_tx api: hardware offloaded memory tran 9 # async_tx api: hardware offloaded memory transfer/transform support 10 # 10 # 11 source "crypto/async_tx/Kconfig" 11 source "crypto/async_tx/Kconfig" 12 12 13 # 13 # 14 # Cryptographic API Configuration 14 # Cryptographic API Configuration 15 # 15 # 16 menuconfig CRYPTO 16 menuconfig CRYPTO 17 tristate "Cryptographic API" 17 tristate "Cryptographic API" 18 select CRYPTO_LIB_UTILS << 19 help 18 help 20 This option provides the core Crypto 19 This option provides the core Cryptographic API. 21 20 22 if CRYPTO 21 if CRYPTO 23 22 24 menu "Crypto core or helper" !! 23 comment "Crypto core or helper" 25 24 26 config CRYPTO_FIPS 25 config CRYPTO_FIPS 27 bool "FIPS 200 compliance" 26 bool "FIPS 200 compliance" 28 depends on (CRYPTO_ANSI_CPRNG || CRYPT 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 29 depends on (MODULE_SIG || !MODULES) 28 depends on (MODULE_SIG || !MODULES) 30 help 29 help 31 This option enables the fips boot op 30 This option enables the fips boot option which is 32 required if you want the system to o 31 required if you want the system to operate in a FIPS 200 33 certification. You should say no un 32 certification. You should say no unless you know what 34 this is. 33 this is. 35 34 36 config CRYPTO_FIPS_NAME << 37 string "FIPS Module Name" << 38 default "Linux Kernel Cryptographic AP << 39 depends on CRYPTO_FIPS << 40 help << 41 This option sets the FIPS Module nam << 42 the /proc/sys/crypto/fips_name file. << 43 << 44 config CRYPTO_FIPS_CUSTOM_VERSION << 45 bool "Use Custom FIPS Module Version" << 46 depends on CRYPTO_FIPS << 47 default n << 48 << 49 config CRYPTO_FIPS_VERSION << 50 string "FIPS Module Version" << 51 default "(none)" << 52 depends on CRYPTO_FIPS_CUSTOM_VERSION << 53 help << 54 This option provides the ability to << 55 By default the KERNELRELEASE value i << 56 << 57 config CRYPTO_ALGAPI 35 config CRYPTO_ALGAPI 58 tristate 36 tristate 59 select CRYPTO_ALGAPI2 37 select CRYPTO_ALGAPI2 60 help 38 help 61 This option provides the API for cry 39 This option provides the API for cryptographic algorithms. 62 40 63 config CRYPTO_ALGAPI2 41 config CRYPTO_ALGAPI2 64 tristate 42 tristate 65 43 66 config CRYPTO_AEAD 44 config CRYPTO_AEAD 67 tristate 45 tristate 68 select CRYPTO_AEAD2 46 select CRYPTO_AEAD2 69 select CRYPTO_ALGAPI 47 select CRYPTO_ALGAPI 70 48 71 config CRYPTO_AEAD2 49 config CRYPTO_AEAD2 72 tristate 50 tristate 73 select CRYPTO_ALGAPI2 51 select CRYPTO_ALGAPI2 74 !! 52 select CRYPTO_NULL2 75 config CRYPTO_SIG !! 53 select CRYPTO_RNG2 76 tristate << 77 select CRYPTO_SIG2 << 78 select CRYPTO_ALGAPI << 79 << 80 config CRYPTO_SIG2 << 81 tristate << 82 select CRYPTO_ALGAPI2 << 83 54 84 config CRYPTO_SKCIPHER 55 config CRYPTO_SKCIPHER 85 tristate 56 tristate 86 select CRYPTO_SKCIPHER2 57 select CRYPTO_SKCIPHER2 87 select CRYPTO_ALGAPI 58 select CRYPTO_ALGAPI 88 select CRYPTO_ECB << 89 59 90 config CRYPTO_SKCIPHER2 60 config CRYPTO_SKCIPHER2 91 tristate 61 tristate 92 select CRYPTO_ALGAPI2 62 select CRYPTO_ALGAPI2 >> 63 select CRYPTO_RNG2 93 64 94 config CRYPTO_HASH 65 config CRYPTO_HASH 95 tristate 66 tristate 96 select CRYPTO_HASH2 67 select CRYPTO_HASH2 97 select CRYPTO_ALGAPI 68 select CRYPTO_ALGAPI 98 69 99 config CRYPTO_HASH2 70 config CRYPTO_HASH2 100 tristate 71 tristate 101 select CRYPTO_ALGAPI2 72 select CRYPTO_ALGAPI2 102 73 103 config CRYPTO_RNG 74 config CRYPTO_RNG 104 tristate 75 tristate 105 select CRYPTO_RNG2 76 select CRYPTO_RNG2 106 select CRYPTO_ALGAPI 77 select CRYPTO_ALGAPI 107 78 108 config CRYPTO_RNG2 79 config CRYPTO_RNG2 109 tristate 80 tristate 110 select CRYPTO_ALGAPI2 81 select CRYPTO_ALGAPI2 111 82 112 config CRYPTO_RNG_DEFAULT 83 config CRYPTO_RNG_DEFAULT 113 tristate 84 tristate 114 select CRYPTO_DRBG_MENU 85 select CRYPTO_DRBG_MENU 115 86 116 config CRYPTO_AKCIPHER2 87 config CRYPTO_AKCIPHER2 117 tristate 88 tristate 118 select CRYPTO_ALGAPI2 89 select CRYPTO_ALGAPI2 119 90 120 config CRYPTO_AKCIPHER 91 config CRYPTO_AKCIPHER 121 tristate 92 tristate 122 select CRYPTO_AKCIPHER2 93 select CRYPTO_AKCIPHER2 123 select CRYPTO_ALGAPI 94 select CRYPTO_ALGAPI 124 95 125 config CRYPTO_KPP2 96 config CRYPTO_KPP2 126 tristate 97 tristate 127 select CRYPTO_ALGAPI2 98 select CRYPTO_ALGAPI2 128 99 129 config CRYPTO_KPP 100 config CRYPTO_KPP 130 tristate 101 tristate 131 select CRYPTO_ALGAPI 102 select CRYPTO_ALGAPI 132 select CRYPTO_KPP2 103 select CRYPTO_KPP2 133 104 134 config CRYPTO_ACOMP2 105 config CRYPTO_ACOMP2 135 tristate 106 tristate 136 select CRYPTO_ALGAPI2 107 select CRYPTO_ALGAPI2 137 select SGL_ALLOC 108 select SGL_ALLOC 138 109 139 config CRYPTO_ACOMP 110 config CRYPTO_ACOMP 140 tristate 111 tristate 141 select CRYPTO_ALGAPI 112 select CRYPTO_ALGAPI 142 select CRYPTO_ACOMP2 113 select CRYPTO_ACOMP2 143 114 144 config CRYPTO_MANAGER 115 config CRYPTO_MANAGER 145 tristate "Cryptographic algorithm mana 116 tristate "Cryptographic algorithm manager" 146 select CRYPTO_MANAGER2 117 select CRYPTO_MANAGER2 147 help 118 help 148 Create default cryptographic templat 119 Create default cryptographic template instantiations such as 149 cbc(aes). 120 cbc(aes). 150 121 151 config CRYPTO_MANAGER2 122 config CRYPTO_MANAGER2 152 def_tristate CRYPTO_MANAGER || (CRYPTO 123 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 153 select CRYPTO_ACOMP2 << 154 select CRYPTO_AEAD2 124 select CRYPTO_AEAD2 155 select CRYPTO_AKCIPHER2 << 156 select CRYPTO_SIG2 << 157 select CRYPTO_HASH2 125 select CRYPTO_HASH2 158 select CRYPTO_KPP2 << 159 select CRYPTO_RNG2 << 160 select CRYPTO_SKCIPHER2 126 select CRYPTO_SKCIPHER2 >> 127 select CRYPTO_AKCIPHER2 >> 128 select CRYPTO_KPP2 >> 129 select CRYPTO_ACOMP2 161 130 162 config CRYPTO_USER 131 config CRYPTO_USER 163 tristate "Userspace cryptographic algo 132 tristate "Userspace cryptographic algorithm configuration" 164 depends on NET 133 depends on NET 165 select CRYPTO_MANAGER 134 select CRYPTO_MANAGER 166 help 135 help 167 Userspace configuration for cryptogr 136 Userspace configuration for cryptographic instantiations such as 168 cbc(aes). 137 cbc(aes). 169 138 170 config CRYPTO_MANAGER_DISABLE_TESTS 139 config CRYPTO_MANAGER_DISABLE_TESTS 171 bool "Disable run-time self tests" 140 bool "Disable run-time self tests" 172 default y 141 default y 173 help 142 help 174 Disable run-time self tests that nor 143 Disable run-time self tests that normally take place at 175 algorithm registration. 144 algorithm registration. 176 145 177 config CRYPTO_MANAGER_EXTRA_TESTS 146 config CRYPTO_MANAGER_EXTRA_TESTS 178 bool "Enable extra run-time crypto sel 147 bool "Enable extra run-time crypto self tests" 179 depends on DEBUG_KERNEL && !CRYPTO_MAN !! 148 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS 180 help 149 help 181 Enable extra run-time self tests of 150 Enable extra run-time self tests of registered crypto algorithms, 182 including randomized fuzz tests. 151 including randomized fuzz tests. 183 152 184 This is intended for developer use o 153 This is intended for developer use only, as these tests take much 185 longer to run than the normal self t 154 longer to run than the normal self tests. 186 155 >> 156 config CRYPTO_GF128MUL >> 157 tristate >> 158 187 config CRYPTO_NULL 159 config CRYPTO_NULL 188 tristate "Null algorithms" 160 tristate "Null algorithms" 189 select CRYPTO_NULL2 161 select CRYPTO_NULL2 190 help 162 help 191 These are 'Null' algorithms, used by 163 These are 'Null' algorithms, used by IPsec, which do nothing. 192 164 193 config CRYPTO_NULL2 165 config CRYPTO_NULL2 194 tristate 166 tristate 195 select CRYPTO_ALGAPI2 167 select CRYPTO_ALGAPI2 196 select CRYPTO_SKCIPHER2 168 select CRYPTO_SKCIPHER2 197 select CRYPTO_HASH2 169 select CRYPTO_HASH2 198 170 199 config CRYPTO_PCRYPT 171 config CRYPTO_PCRYPT 200 tristate "Parallel crypto engine" 172 tristate "Parallel crypto engine" 201 depends on SMP 173 depends on SMP 202 select PADATA 174 select PADATA 203 select CRYPTO_MANAGER 175 select CRYPTO_MANAGER 204 select CRYPTO_AEAD 176 select CRYPTO_AEAD 205 help 177 help 206 This converts an arbitrary crypto al 178 This converts an arbitrary crypto algorithm into a parallel 207 algorithm that executes in kernel th 179 algorithm that executes in kernel threads. 208 180 209 config CRYPTO_CRYPTD 181 config CRYPTO_CRYPTD 210 tristate "Software async crypto daemon 182 tristate "Software async crypto daemon" 211 select CRYPTO_SKCIPHER 183 select CRYPTO_SKCIPHER 212 select CRYPTO_HASH 184 select CRYPTO_HASH 213 select CRYPTO_MANAGER 185 select CRYPTO_MANAGER 214 help 186 help 215 This is a generic software asynchron 187 This is a generic software asynchronous crypto daemon that 216 converts an arbitrary synchronous so 188 converts an arbitrary synchronous software crypto algorithm 217 into an asynchronous algorithm that 189 into an asynchronous algorithm that executes in a kernel thread. 218 190 219 config CRYPTO_AUTHENC 191 config CRYPTO_AUTHENC 220 tristate "Authenc support" 192 tristate "Authenc support" 221 select CRYPTO_AEAD 193 select CRYPTO_AEAD 222 select CRYPTO_SKCIPHER 194 select CRYPTO_SKCIPHER 223 select CRYPTO_MANAGER 195 select CRYPTO_MANAGER 224 select CRYPTO_HASH 196 select CRYPTO_HASH 225 select CRYPTO_NULL 197 select CRYPTO_NULL 226 help 198 help 227 Authenc: Combined mode wrapper for I 199 Authenc: Combined mode wrapper for IPsec. 228 !! 200 This is required for IPSec. 229 This is required for IPSec ESP (XFRM << 230 201 231 config CRYPTO_TEST 202 config CRYPTO_TEST 232 tristate "Testing module" 203 tristate "Testing module" 233 depends on m || EXPERT !! 204 depends on m 234 select CRYPTO_MANAGER 205 select CRYPTO_MANAGER 235 help 206 help 236 Quick & dirty crypto test module. 207 Quick & dirty crypto test module. 237 208 238 config CRYPTO_SIMD 209 config CRYPTO_SIMD 239 tristate 210 tristate 240 select CRYPTO_CRYPTD 211 select CRYPTO_CRYPTD 241 212 242 config CRYPTO_ENGINE !! 213 config CRYPTO_GLUE_HELPER_X86 243 tristate 214 tristate >> 215 depends on X86 >> 216 select CRYPTO_SKCIPHER 244 217 245 endmenu !! 218 config CRYPTO_ENGINE >> 219 tristate 246 220 247 menu "Public-key cryptography" !! 221 comment "Public-key cryptography" 248 222 249 config CRYPTO_RSA 223 config CRYPTO_RSA 250 tristate "RSA (Rivest-Shamir-Adleman)" !! 224 tristate "RSA algorithm" 251 select CRYPTO_AKCIPHER 225 select CRYPTO_AKCIPHER 252 select CRYPTO_MANAGER 226 select CRYPTO_MANAGER 253 select MPILIB 227 select MPILIB 254 select ASN1 228 select ASN1 255 help 229 help 256 RSA (Rivest-Shamir-Adleman) public k !! 230 Generic implementation of the RSA public key algorithm. 257 231 258 config CRYPTO_DH 232 config CRYPTO_DH 259 tristate "DH (Diffie-Hellman)" !! 233 tristate "Diffie-Hellman algorithm" 260 select CRYPTO_KPP 234 select CRYPTO_KPP 261 select MPILIB 235 select MPILIB 262 help 236 help 263 DH (Diffie-Hellman) key exchange alg !! 237 Generic implementation of the Diffie-Hellman algorithm. 264 << 265 config CRYPTO_DH_RFC7919_GROUPS << 266 bool "RFC 7919 FFDHE groups" << 267 depends on CRYPTO_DH << 268 select CRYPTO_RNG_DEFAULT << 269 help << 270 FFDHE (Finite-Field-based Diffie-Hel << 271 defined in RFC7919. << 272 << 273 Support these finite-field groups in << 274 - ffdhe2048, ffdhe3072, ffdhe4096, f << 275 << 276 If unsure, say N. << 277 238 278 config CRYPTO_ECC 239 config CRYPTO_ECC 279 tristate 240 tristate 280 select CRYPTO_RNG_DEFAULT << 281 241 282 config CRYPTO_ECDH 242 config CRYPTO_ECDH 283 tristate "ECDH (Elliptic Curve Diffie- !! 243 tristate "ECDH algorithm" 284 select CRYPTO_ECC 244 select CRYPTO_ECC 285 select CRYPTO_KPP 245 select CRYPTO_KPP >> 246 select CRYPTO_RNG_DEFAULT 286 help 247 help 287 ECDH (Elliptic Curve Diffie-Hellman) !! 248 Generic implementation of the ECDH algorithm 288 using curves P-192, P-256, and P-384 << 289 << 290 config CRYPTO_ECDSA << 291 tristate "ECDSA (Elliptic Curve Digita << 292 select CRYPTO_ECC << 293 select CRYPTO_AKCIPHER << 294 select ASN1 << 295 help << 296 ECDSA (Elliptic Curve Digital Signat << 297 ISO/IEC 14888-3) << 298 using curves P-192, P-256, and P-384 << 299 << 300 Only signature verification is imple << 301 249 302 config CRYPTO_ECRDSA 250 config CRYPTO_ECRDSA 303 tristate "EC-RDSA (Elliptic Curve Russ !! 251 tristate "EC-RDSA (GOST 34.10) algorithm" 304 select CRYPTO_ECC 252 select CRYPTO_ECC 305 select CRYPTO_AKCIPHER 253 select CRYPTO_AKCIPHER 306 select CRYPTO_STREEBOG 254 select CRYPTO_STREEBOG 307 select OID_REGISTRY 255 select OID_REGISTRY 308 select ASN1 256 select ASN1 309 help 257 help 310 Elliptic Curve Russian Digital Signa 258 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 311 RFC 7091, ISO/IEC 14888-3) !! 259 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic 312 !! 260 standard algorithms (called GOST algorithms). Only signature verification 313 One of the Russian cryptographic sta !! 261 is implemented. 314 algorithms). Only signature verifica << 315 262 316 config CRYPTO_CURVE25519 263 config CRYPTO_CURVE25519 317 tristate "Curve25519" !! 264 tristate "Curve25519 algorithm" 318 select CRYPTO_KPP 265 select CRYPTO_KPP 319 select CRYPTO_LIB_CURVE25519_GENERIC 266 select CRYPTO_LIB_CURVE25519_GENERIC 320 help << 321 Curve25519 elliptic curve (RFC7748) << 322 << 323 endmenu << 324 267 325 menu "Block ciphers" !! 268 config CRYPTO_CURVE25519_X86 326 !! 269 tristate "x86_64 accelerated Curve25519 scalar multiplication library" 327 config CRYPTO_AES !! 270 depends on X86 && 64BIT 328 tristate "AES (Advanced Encryption Sta !! 271 select CRYPTO_LIB_CURVE25519_GENERIC 329 select CRYPTO_ALGAPI !! 272 select CRYPTO_ARCH_HAVE_LIB_CURVE25519 330 select CRYPTO_LIB_AES << 331 help << 332 AES cipher algorithms (Rijndael)(FIP << 333 << 334 Rijndael appears to be consistently << 335 both hardware and software across a << 336 environments regardless of its use i << 337 modes. Its key setup time is excelle << 338 good. Rijndael's very low memory req << 339 suited for restricted-space environm << 340 demonstrates excellent performance. << 341 among the easiest to defend against << 342 << 343 The AES specifies three key sizes: 1 << 344 << 345 config CRYPTO_AES_TI << 346 tristate "AES (Advanced Encryption Sta << 347 select CRYPTO_ALGAPI << 348 select CRYPTO_LIB_AES << 349 help << 350 AES cipher algorithms (Rijndael)(FIP << 351 << 352 This is a generic implementation of << 353 data dependent latencies as much as << 354 performance too much. It is intended << 355 and GCM drivers, and other CTR or CM << 356 solely on encryption (although decry << 357 with a more dramatic performance hit << 358 << 359 Instead of using 16 lookup tables of << 360 8 for decryption), this implementati << 361 256 bytes each, and attempts to elim << 362 prefetching the entire table into th << 363 block. Interrupts are also disabled << 364 are evicted when the CPU is interrup << 365 << 366 config CRYPTO_ANUBIS << 367 tristate "Anubis" << 368 depends on CRYPTO_USER_API_ENABLE_OBSO << 369 select CRYPTO_ALGAPI << 370 help << 371 Anubis cipher algorithm << 372 << 373 Anubis is a variable key length ciph << 374 128 bits to 320 bits in length. It << 375 in the NESSIE competition. << 376 273 377 See https://web.archive.org/web/2016 !! 274 comment "Authenticated Encryption with Associated Data" 378 for further information. << 379 275 380 config CRYPTO_ARIA !! 276 config CRYPTO_CCM 381 tristate "ARIA" !! 277 tristate "CCM support" 382 select CRYPTO_ALGAPI !! 278 select CRYPTO_CTR >> 279 select CRYPTO_HASH >> 280 select CRYPTO_AEAD >> 281 select CRYPTO_MANAGER 383 help 282 help 384 ARIA cipher algorithm (RFC5794) !! 283 Support for Counter with CBC MAC. Required for IPsec. 385 284 386 ARIA is a standard encryption algori !! 285 config CRYPTO_GCM 387 The ARIA specifies three key sizes a !! 286 tristate "GCM/GMAC support" 388 128-bit: 12 rounds. !! 287 select CRYPTO_CTR 389 192-bit: 14 rounds. !! 288 select CRYPTO_AEAD 390 256-bit: 16 rounds. !! 289 select CRYPTO_GHASH 391 !! 290 select CRYPTO_NULL 392 See: !! 291 select CRYPTO_MANAGER 393 https://seed.kisa.or.kr/kisa/algorit << 394 << 395 config CRYPTO_BLOWFISH << 396 tristate "Blowfish" << 397 select CRYPTO_ALGAPI << 398 select CRYPTO_BLOWFISH_COMMON << 399 help 292 help 400 Blowfish cipher algorithm, by Bruce !! 293 Support for Galois/Counter Mode (GCM) and Galois Message 401 !! 294 Authentication Code (GMAC). Required for IPSec. 402 This is a variable key length cipher << 403 bits to 448 bits in length. It's fa << 404 designed for use on "large microproc << 405 295 406 See https://www.schneier.com/blowfis !! 296 config CRYPTO_CHACHA20POLY1305 407 !! 297 tristate "ChaCha20-Poly1305 AEAD support" 408 config CRYPTO_BLOWFISH_COMMON !! 298 select CRYPTO_CHACHA20 409 tristate !! 299 select CRYPTO_POLY1305 >> 300 select CRYPTO_AEAD >> 301 select CRYPTO_MANAGER 410 help 302 help 411 Common parts of the Blowfish cipher !! 303 ChaCha20-Poly1305 AEAD support, RFC7539. 412 generic c and the assembler implemen << 413 304 414 config CRYPTO_CAMELLIA !! 305 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 415 tristate "Camellia" !! 306 with the Poly1305 authenticator. It is defined in RFC7539 for use in 416 select CRYPTO_ALGAPI !! 307 IETF protocols. 417 help << 418 Camellia cipher algorithms (ISO/IEC << 419 308 420 Camellia is a symmetric key block ci !! 309 config CRYPTO_AEGIS128 421 at NTT and Mitsubishi Electric Corpo !! 310 tristate "AEGIS-128 AEAD algorithm" 422 !! 311 select CRYPTO_AEAD 423 The Camellia specifies three key siz !! 312 select CRYPTO_AES # for AES S-box tables 424 << 425 See https://info.isl.ntt.co.jp/crypt << 426 << 427 config CRYPTO_CAST_COMMON << 428 tristate << 429 help << 430 Common parts of the CAST cipher algo << 431 generic c and the assembler implemen << 432 << 433 config CRYPTO_CAST5 << 434 tristate "CAST5 (CAST-128)" << 435 select CRYPTO_ALGAPI << 436 select CRYPTO_CAST_COMMON << 437 help 313 help 438 CAST5 (CAST-128) cipher algorithm (R !! 314 Support for the AEGIS-128 dedicated AEAD algorithm. 439 315 440 config CRYPTO_CAST6 !! 316 config CRYPTO_AEGIS128_SIMD 441 tristate "CAST6 (CAST-256)" !! 317 bool "Support SIMD acceleration for AEGIS-128" 442 select CRYPTO_ALGAPI !! 318 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) 443 select CRYPTO_CAST_COMMON !! 319 default y 444 help << 445 CAST6 (CAST-256) encryption algorith << 446 320 447 config CRYPTO_DES !! 321 config CRYPTO_AEGIS128_AESNI_SSE2 448 tristate "DES and Triple DES EDE" !! 322 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 449 select CRYPTO_ALGAPI !! 323 depends on X86 && 64BIT 450 select CRYPTO_LIB_DES !! 324 select CRYPTO_AEAD >> 325 select CRYPTO_SIMD 451 help 326 help 452 DES (Data Encryption Standard)(FIPS !! 327 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm. 453 Triple DES EDE (Encrypt/Decrypt/Encr << 454 cipher algorithms << 455 328 456 config CRYPTO_FCRYPT !! 329 config CRYPTO_SEQIV 457 tristate "FCrypt" !! 330 tristate "Sequence Number IV Generator" 458 select CRYPTO_ALGAPI !! 331 select CRYPTO_AEAD 459 select CRYPTO_SKCIPHER 332 select CRYPTO_SKCIPHER 460 help !! 333 select CRYPTO_NULL 461 FCrypt algorithm used by RxRPC !! 334 select CRYPTO_RNG_DEFAULT 462 << 463 See https://ota.polyonymo.us/fcrypt- << 464 << 465 config CRYPTO_KHAZAD << 466 tristate "Khazad" << 467 depends on CRYPTO_USER_API_ENABLE_OBSO << 468 select CRYPTO_ALGAPI << 469 help << 470 Khazad cipher algorithm << 471 << 472 Khazad was a finalist in the initial << 473 an algorithm optimized for 64-bit pr << 474 on 32-bit processors. Khazad uses a << 475 << 476 See https://web.archive.org/web/2017 << 477 for further information. << 478 << 479 config CRYPTO_SEED << 480 tristate "SEED" << 481 depends on CRYPTO_USER_API_ENABLE_OBSO << 482 select CRYPTO_ALGAPI << 483 help << 484 SEED cipher algorithm (RFC4269, ISO/ << 485 << 486 SEED is a 128-bit symmetric key bloc << 487 developed by KISA (Korea Information << 488 national standard encryption algorit << 489 It is a 16 round block cipher with t << 490 << 491 See https://seed.kisa.or.kr/kisa/alg << 492 for further information. << 493 << 494 config CRYPTO_SERPENT << 495 tristate "Serpent" << 496 select CRYPTO_ALGAPI << 497 help << 498 Serpent cipher algorithm, by Anderso << 499 << 500 Keys are allowed to be from 0 to 256 << 501 of 8 bits. << 502 << 503 See https://www.cl.cam.ac.uk/~rja14/ << 504 << 505 config CRYPTO_SM4 << 506 tristate << 507 << 508 config CRYPTO_SM4_GENERIC << 509 tristate "SM4 (ShangMi 4)" << 510 select CRYPTO_ALGAPI << 511 select CRYPTO_SM4 << 512 help << 513 SM4 cipher algorithms (OSCCA GB/T 32 << 514 ISO/IEC 18033-3:2010/Amd 1:2021) << 515 << 516 SM4 (GBT.32907-2016) is a cryptograp << 517 Organization of State Commercial Adm << 518 as an authorized cryptographic algor << 519 << 520 SMS4 was originally created for use << 521 networks, and is mandated in the Chi << 522 Wireless LAN WAPI (Wired Authenticat << 523 (GB.15629.11-2003). << 524 << 525 The latest SM4 standard (GBT.32907-2 << 526 standardized through TC 260 of the S << 527 of the People's Republic of China (S << 528 << 529 The input, output, and key of SMS4 a << 530 << 531 See https://eprint.iacr.org/2008/329 << 532 << 533 If unsure, say N. << 534 << 535 config CRYPTO_TEA << 536 tristate "TEA, XTEA and XETA" << 537 depends on CRYPTO_USER_API_ENABLE_OBSO << 538 select CRYPTO_ALGAPI << 539 help << 540 TEA (Tiny Encryption Algorithm) ciph << 541 << 542 Tiny Encryption Algorithm is a simpl << 543 many rounds for security. It is ver << 544 little memory. << 545 << 546 Xtendend Tiny Encryption Algorithm i << 547 the TEA algorithm to address a poten << 548 in the TEA algorithm. << 549 << 550 Xtendend Encryption Tiny Algorithm i << 551 of the XTEA algorithm for compatibil << 552 << 553 config CRYPTO_TWOFISH << 554 tristate "Twofish" << 555 select CRYPTO_ALGAPI << 556 select CRYPTO_TWOFISH_COMMON << 557 help << 558 Twofish cipher algorithm << 559 << 560 Twofish was submitted as an AES (Adv << 561 candidate cipher by researchers at C << 562 16 round block cipher supporting key << 563 bits. << 564 << 565 See https://www.schneier.com/twofish << 566 << 567 config CRYPTO_TWOFISH_COMMON << 568 tristate << 569 help << 570 Common parts of the Twofish cipher a << 571 generic c and the assembler implemen << 572 << 573 endmenu << 574 << 575 menu "Length-preserving ciphers and modes" << 576 << 577 config CRYPTO_ADIANTUM << 578 tristate "Adiantum" << 579 select CRYPTO_CHACHA20 << 580 select CRYPTO_LIB_POLY1305_GENERIC << 581 select CRYPTO_NHPOLY1305 << 582 select CRYPTO_MANAGER 335 select CRYPTO_MANAGER 583 help 336 help 584 Adiantum tweakable, length-preservin !! 337 This IV generator generates an IV based on a sequence number by 585 !! 338 xoring it with a salt. This algorithm is mainly useful for CTR 586 Designed for fast and secure disk en << 587 CPUs without dedicated crypto instru << 588 each sector using the XChaCha12 stre << 589 an ε-almost-∆-universal hash func << 590 the AES-256 block cipher on a single << 591 without AES instructions, Adiantum i << 592 AES-XTS. << 593 << 594 Adiantum's security is provably redu << 595 underlying stream and block ciphers, << 596 bound. Unlike XTS, Adiantum is a tr << 597 mode, so it actually provides an eve << 598 security than XTS, subject to the se << 599 << 600 If unsure, say N. << 601 339 602 config CRYPTO_ARC4 !! 340 config CRYPTO_ECHAINIV 603 tristate "ARC4 (Alleged Rivest Cipher !! 341 tristate "Encrypted Chain IV Generator" 604 depends on CRYPTO_USER_API_ENABLE_OBSO !! 342 select CRYPTO_AEAD 605 select CRYPTO_SKCIPHER !! 343 select CRYPTO_NULL 606 select CRYPTO_LIB_ARC4 !! 344 select CRYPTO_RNG_DEFAULT >> 345 select CRYPTO_MANAGER 607 help 346 help 608 ARC4 cipher algorithm !! 347 This IV generator generates an IV based on the encryption of >> 348 a sequence number xored with a salt. This is the default >> 349 algorithm for CBC. 609 350 610 ARC4 is a stream cipher using keys r !! 351 comment "Block modes" 611 bits in length. This algorithm is r << 612 WEP, but it should not be for other << 613 weakness of the algorithm. << 614 352 615 config CRYPTO_CHACHA20 !! 353 config CRYPTO_CBC 616 tristate "ChaCha" !! 354 tristate "CBC support" 617 select CRYPTO_LIB_CHACHA_GENERIC << 618 select CRYPTO_SKCIPHER 355 select CRYPTO_SKCIPHER >> 356 select CRYPTO_MANAGER 619 help 357 help 620 The ChaCha20, XChaCha20, and XChaCha !! 358 CBC: Cipher Block Chaining mode 621 !! 359 This block cipher algorithm is required for IPSec. 622 ChaCha20 is a 256-bit high-speed str << 623 Bernstein and further specified in R << 624 This is the portable C implementatio << 625 https://cr.yp.to/chacha/chacha-20080 << 626 << 627 XChaCha20 is the application of the << 628 rather than to Salsa20. XChaCha20 e << 629 from 64 bits (or 96 bits using the R << 630 while provably retaining ChaCha20's << 631 https://cr.yp.to/snuffle/xsalsa-2008 << 632 << 633 XChaCha12 is XChaCha20 reduced to 12 << 634 reduced security margin but increase << 635 in some performance-sensitive scenar << 636 360 637 config CRYPTO_CBC !! 361 config CRYPTO_CFB 638 tristate "CBC (Cipher Block Chaining)" !! 362 tristate "CFB support" 639 select CRYPTO_SKCIPHER 363 select CRYPTO_SKCIPHER 640 select CRYPTO_MANAGER 364 select CRYPTO_MANAGER 641 help 365 help 642 CBC (Cipher Block Chaining) mode (NI !! 366 CFB: Cipher FeedBack mode 643 !! 367 This block cipher algorithm is required for TPM2 Cryptography. 644 This block cipher mode is required f << 645 368 646 config CRYPTO_CTR 369 config CRYPTO_CTR 647 tristate "CTR (Counter)" !! 370 tristate "CTR support" 648 select CRYPTO_SKCIPHER 371 select CRYPTO_SKCIPHER 649 select CRYPTO_MANAGER 372 select CRYPTO_MANAGER 650 help 373 help 651 CTR (Counter) mode (NIST SP800-38A) !! 374 CTR: Counter mode >> 375 This block cipher algorithm is required for IPSec. 652 376 653 config CRYPTO_CTS 377 config CRYPTO_CTS 654 tristate "CTS (Cipher Text Stealing)" !! 378 tristate "CTS support" 655 select CRYPTO_SKCIPHER 379 select CRYPTO_SKCIPHER 656 select CRYPTO_MANAGER 380 select CRYPTO_MANAGER 657 help 381 help 658 CBC-CS3 variant of CTS (Cipher Text !! 382 CTS: Cipher Text Stealing 659 Addendum to SP800-38A (October 2010) !! 383 This is the Cipher Text Stealing mode as described by 660 !! 384 Section 8 of rfc2040 and referenced by rfc3962 >> 385 (rfc3962 includes errata information in its Appendix A) or >> 386 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. 661 This mode is required for Kerberos g 387 This mode is required for Kerberos gss mechanism support 662 for AES encryption. 388 for AES encryption. 663 389 664 config CRYPTO_ECB !! 390 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final 665 tristate "ECB (Electronic Codebook)" << 666 select CRYPTO_SKCIPHER2 << 667 select CRYPTO_MANAGER << 668 help << 669 ECB (Electronic Codebook) mode (NIST << 670 << 671 config CRYPTO_HCTR2 << 672 tristate "HCTR2" << 673 select CRYPTO_XCTR << 674 select CRYPTO_POLYVAL << 675 select CRYPTO_MANAGER << 676 help << 677 HCTR2 length-preserving encryption m << 678 << 679 A mode for storage encryption that i << 680 instructions to accelerate AES and c << 681 x86 processors with AES-NI and CLMUL << 682 ARMv8 crypto extensions. << 683 << 684 See https://eprint.iacr.org/2021/144 << 685 391 686 config CRYPTO_KEYWRAP !! 392 config CRYPTO_ECB 687 tristate "KW (AES Key Wrap)" !! 393 tristate "ECB support" 688 select CRYPTO_SKCIPHER 394 select CRYPTO_SKCIPHER 689 select CRYPTO_MANAGER 395 select CRYPTO_MANAGER 690 help 396 help 691 KW (AES Key Wrap) authenticated encr !! 397 ECB: Electronic CodeBook mode 692 and RFC3394) without padding. !! 398 This is the simplest block cipher algorithm. It simply encrypts >> 399 the input block by block. 693 400 694 config CRYPTO_LRW 401 config CRYPTO_LRW 695 tristate "LRW (Liskov Rivest Wagner)" !! 402 tristate "LRW support" 696 select CRYPTO_LIB_GF128MUL << 697 select CRYPTO_SKCIPHER 403 select CRYPTO_SKCIPHER 698 select CRYPTO_MANAGER 404 select CRYPTO_MANAGER 699 select CRYPTO_ECB !! 405 select CRYPTO_GF128MUL 700 help 406 help 701 LRW (Liskov Rivest Wagner) mode !! 407 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 702 << 703 A tweakable, non malleable, non mova << 704 narrow block cipher mode for dm-cryp 408 narrow block cipher mode for dm-crypt. Use it with cipher 705 specification string aes-lrw-benbi, 409 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 706 The first 128, 192 or 256 bits in th 410 The first 128, 192 or 256 bits in the key are used for AES and the 707 rest is used to tie each cipher bloc 411 rest is used to tie each cipher block to its logical position. 708 412 709 See https://people.csail.mit.edu/riv !! 413 config CRYPTO_OFB 710 !! 414 tristate "OFB support" 711 config CRYPTO_PCBC << 712 tristate "PCBC (Propagating Cipher Blo << 713 select CRYPTO_SKCIPHER 415 select CRYPTO_SKCIPHER 714 select CRYPTO_MANAGER 416 select CRYPTO_MANAGER 715 help 417 help 716 PCBC (Propagating Cipher Block Chain !! 418 OFB: the Output Feedback mode makes a block cipher into a synchronous >> 419 stream cipher. It generates keystream blocks, which are then XORed >> 420 with the plaintext blocks to get the ciphertext. Flipping a bit in the >> 421 ciphertext produces a flipped bit in the plaintext at the same >> 422 location. This property allows many error correcting codes to function >> 423 normally even when applied before encryption. 717 424 718 This block cipher mode is required f !! 425 config CRYPTO_PCBC 719 !! 426 tristate "PCBC support" 720 config CRYPTO_XCTR << 721 tristate << 722 select CRYPTO_SKCIPHER 427 select CRYPTO_SKCIPHER 723 select CRYPTO_MANAGER 428 select CRYPTO_MANAGER 724 help 429 help 725 XCTR (XOR Counter) mode for HCTR2 !! 430 PCBC: Propagating Cipher Block Chaining mode 726 !! 431 This block cipher algorithm is required for RxRPC. 727 This blockcipher mode is a variant o << 728 addition rather than big-endian arit << 729 << 730 XCTR mode is used to implement HCTR2 << 731 432 732 config CRYPTO_XTS 433 config CRYPTO_XTS 733 tristate "XTS (XOR Encrypt XOR with ci !! 434 tristate "XTS support" 734 select CRYPTO_SKCIPHER 435 select CRYPTO_SKCIPHER 735 select CRYPTO_MANAGER 436 select CRYPTO_MANAGER 736 select CRYPTO_ECB 437 select CRYPTO_ECB 737 help 438 help 738 XTS (XOR Encrypt XOR with ciphertext !! 439 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 739 and IEEE 1619) !! 440 key size 256, 384 or 512 bits. This implementation currently >> 441 can't handle a sectorsize which is not a multiple of 16 bytes. 740 442 741 Use with aes-xts-plain, key size 256 !! 443 config CRYPTO_KEYWRAP 742 implementation currently can't handl !! 444 tristate "Key wrapping support" 743 multiple of 16 bytes. !! 445 select CRYPTO_SKCIPHER >> 446 select CRYPTO_MANAGER >> 447 help >> 448 Support for key wrapping (NIST SP800-38F / RFC3394) without >> 449 padding. 744 450 745 config CRYPTO_NHPOLY1305 451 config CRYPTO_NHPOLY1305 746 tristate 452 tristate 747 select CRYPTO_HASH 453 select CRYPTO_HASH 748 select CRYPTO_LIB_POLY1305_GENERIC 454 select CRYPTO_LIB_POLY1305_GENERIC 749 455 750 endmenu !! 456 config CRYPTO_NHPOLY1305_SSE2 751 !! 457 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)" 752 menu "AEAD (authenticated encryption with asso !! 458 depends on X86 && 64BIT 753 !! 459 select CRYPTO_NHPOLY1305 754 config CRYPTO_AEGIS128 << 755 tristate "AEGIS-128" << 756 select CRYPTO_AEAD << 757 select CRYPTO_AES # for AES S-box tab << 758 help 460 help 759 AEGIS-128 AEAD algorithm !! 461 SSE2 optimized implementation of the hash function used by the >> 462 Adiantum encryption mode. 760 463 761 config CRYPTO_AEGIS128_SIMD !! 464 config CRYPTO_NHPOLY1305_AVX2 762 bool "AEGIS-128 (arm NEON, arm64 NEON) !! 465 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)" 763 depends on CRYPTO_AEGIS128 && ((ARM || !! 466 depends on X86 && 64BIT 764 default y !! 467 select CRYPTO_NHPOLY1305 765 help 468 help 766 AEGIS-128 AEAD algorithm !! 469 AVX2 optimized implementation of the hash function used by the 767 !! 470 Adiantum encryption mode. 768 Architecture: arm or arm64 using: << 769 - NEON (Advanced SIMD) extension << 770 471 771 config CRYPTO_CHACHA20POLY1305 !! 472 config CRYPTO_ADIANTUM 772 tristate "ChaCha20-Poly1305" !! 473 tristate "Adiantum support" 773 select CRYPTO_CHACHA20 474 select CRYPTO_CHACHA20 774 select CRYPTO_POLY1305 !! 475 select CRYPTO_LIB_POLY1305_GENERIC 775 select CRYPTO_AEAD !! 476 select CRYPTO_NHPOLY1305 776 select CRYPTO_MANAGER << 777 help << 778 ChaCha20 stream cipher and Poly1305 << 779 mode (RFC8439) << 780 << 781 config CRYPTO_CCM << 782 tristate "CCM (Counter with Cipher Blo << 783 select CRYPTO_CTR << 784 select CRYPTO_HASH << 785 select CRYPTO_AEAD << 786 select CRYPTO_MANAGER << 787 help << 788 CCM (Counter with Cipher Block Chain << 789 authenticated encryption mode (NIST << 790 << 791 config CRYPTO_GCM << 792 tristate "GCM (Galois/Counter Mode) an << 793 select CRYPTO_CTR << 794 select CRYPTO_AEAD << 795 select CRYPTO_GHASH << 796 select CRYPTO_NULL << 797 select CRYPTO_MANAGER << 798 help << 799 GCM (Galois/Counter Mode) authentica << 800 (GCM Message Authentication Code) (N << 801 << 802 This is required for IPSec ESP (XFRM << 803 << 804 config CRYPTO_GENIV << 805 tristate << 806 select CRYPTO_AEAD << 807 select CRYPTO_NULL << 808 select CRYPTO_MANAGER 477 select CRYPTO_MANAGER 809 select CRYPTO_RNG_DEFAULT << 810 << 811 config CRYPTO_SEQIV << 812 tristate "Sequence Number IV Generator << 813 select CRYPTO_GENIV << 814 help 478 help 815 Sequence Number IV generator !! 479 Adiantum is a tweakable, length-preserving encryption mode 816 !! 480 designed for fast and secure disk encryption, especially on 817 This IV generator generates an IV ba !! 481 CPUs without dedicated crypto instructions. It encrypts 818 xoring it with a salt. This algorit !! 482 each sector using the XChaCha12 stream cipher, two passes of 819 !! 483 an ε-almost-∆-universal hash function, and an invocation of 820 This is required for IPsec ESP (XFRM !! 484 the AES-256 block cipher on a single 16-byte block. On CPUs >> 485 without AES instructions, Adiantum is much faster than >> 486 AES-XTS. 821 487 822 config CRYPTO_ECHAINIV !! 488 Adiantum's security is provably reducible to that of its 823 tristate "Encrypted Chain IV Generator !! 489 underlying stream and block ciphers, subject to a security 824 select CRYPTO_GENIV !! 490 bound. Unlike XTS, Adiantum is a true wide-block encryption 825 help !! 491 mode, so it actually provides an even stronger notion of 826 Encrypted Chain IV generator !! 492 security than XTS, subject to the security bound. 827 493 828 This IV generator generates an IV ba !! 494 If unsure, say N. 829 a sequence number xored with a salt. << 830 algorithm for CBC. << 831 495 832 config CRYPTO_ESSIV 496 config CRYPTO_ESSIV 833 tristate "Encrypted Salt-Sector IV Gen !! 497 tristate "ESSIV support for block encryption" 834 select CRYPTO_AUTHENC 498 select CRYPTO_AUTHENC 835 help 499 help 836 Encrypted Salt-Sector IV generator !! 500 Encrypted salt-sector initialization vector (ESSIV) is an IV 837 !! 501 generation method that is used in some cases by fscrypt and/or 838 This IV generator is used in some ca << 839 dm-crypt. It uses the hash of the bl 502 dm-crypt. It uses the hash of the block encryption key as the 840 symmetric key for a block encryption 503 symmetric key for a block encryption pass applied to the input 841 IV, making low entropy IV sources mo 504 IV, making low entropy IV sources more suitable for block 842 encryption. 505 encryption. 843 506 844 This driver implements a crypto API 507 This driver implements a crypto API template that can be 845 instantiated either as an skcipher o 508 instantiated either as an skcipher or as an AEAD (depending on the 846 type of the first template argument) 509 type of the first template argument), and which defers encryption 847 and decryption requests to the encap 510 and decryption requests to the encapsulated cipher after applying 848 ESSIV to the input IV. Note that in 511 ESSIV to the input IV. Note that in the AEAD case, it is assumed 849 that the keys are presented in the s 512 that the keys are presented in the same format used by the authenc 850 template, and that the IV appears at 513 template, and that the IV appears at the end of the authenticated 851 associated data (AAD) region (which 514 associated data (AAD) region (which is how dm-crypt uses it.) 852 515 853 Note that the use of ESSIV is not re 516 Note that the use of ESSIV is not recommended for new deployments, 854 and so this only needs to be enabled 517 and so this only needs to be enabled when interoperability with 855 existing encrypted volumes of filesy 518 existing encrypted volumes of filesystems is required, or when 856 building for a particular system tha 519 building for a particular system that requires it (e.g., when 857 the SoC in question has accelerated 520 the SoC in question has accelerated CBC but not XTS, making CBC 858 combined with ESSIV the only feasibl 521 combined with ESSIV the only feasible mode for h/w accelerated 859 block encryption) 522 block encryption) 860 523 861 endmenu !! 524 comment "Hash modes" 862 525 863 menu "Hashes, digests, and MACs" !! 526 config CRYPTO_CMAC >> 527 tristate "CMAC support" >> 528 select CRYPTO_HASH >> 529 select CRYPTO_MANAGER >> 530 help >> 531 Cipher-based Message Authentication Code (CMAC) specified by >> 532 The National Institute of Standards and Technology (NIST). 864 533 865 config CRYPTO_BLAKE2B !! 534 https://tools.ietf.org/html/rfc4493 866 tristate "BLAKE2b" !! 535 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf >> 536 >> 537 config CRYPTO_HMAC >> 538 tristate "HMAC support" >> 539 select CRYPTO_HASH >> 540 select CRYPTO_MANAGER >> 541 help >> 542 HMAC: Keyed-Hashing for Message Authentication (RFC2104). >> 543 This is required for IPSec. >> 544 >> 545 config CRYPTO_XCBC >> 546 tristate "XCBC support" >> 547 select CRYPTO_HASH >> 548 select CRYPTO_MANAGER >> 549 help >> 550 XCBC: Keyed-Hashing with encryption algorithm >> 551 https://www.ietf.org/rfc/rfc3566.txt >> 552 http://csrc.nist.gov/encryption/modes/proposedmodes/ >> 553 xcbc-mac/xcbc-mac-spec.pdf >> 554 >> 555 config CRYPTO_VMAC >> 556 tristate "VMAC support" >> 557 select CRYPTO_HASH >> 558 select CRYPTO_MANAGER >> 559 help >> 560 VMAC is a message authentication algorithm designed for >> 561 very high speed on 64-bit architectures. >> 562 >> 563 See also: >> 564 <https://fastcrypto.org/vmac> >> 565 >> 566 comment "Digest" >> 567 >> 568 config CRYPTO_CRC32C >> 569 tristate "CRC32c CRC algorithm" >> 570 select CRYPTO_HASH >> 571 select CRC32 >> 572 help >> 573 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used >> 574 by iSCSI for header and data digests and by others. >> 575 See Castagnoli93. Module will be crc32c. >> 576 >> 577 config CRYPTO_CRC32C_INTEL >> 578 tristate "CRC32c INTEL hardware acceleration" >> 579 depends on X86 >> 580 select CRYPTO_HASH >> 581 help >> 582 In Intel processor with SSE4.2 supported, the processor will >> 583 support CRC32C implementation using hardware accelerated CRC32 >> 584 instruction. This option will create 'crc32c-intel' module, >> 585 which will enable any routine to use the CRC32 instruction to >> 586 gain performance compared with software implementation. >> 587 Module will be crc32c-intel. >> 588 >> 589 config CRYPTO_CRC32C_VPMSUM >> 590 tristate "CRC32c CRC algorithm (powerpc64)" >> 591 depends on PPC64 && ALTIVEC >> 592 select CRYPTO_HASH >> 593 select CRC32 >> 594 help >> 595 CRC32c algorithm implemented using vector polynomial multiply-sum >> 596 (vpmsum) instructions, introduced in POWER8. Enable on POWER8 >> 597 and newer processors for improved performance. >> 598 >> 599 >> 600 config CRYPTO_CRC32C_SPARC64 >> 601 tristate "CRC32c CRC algorithm (SPARC64)" >> 602 depends on SPARC64 >> 603 select CRYPTO_HASH >> 604 select CRC32 >> 605 help >> 606 CRC32c CRC algorithm implemented using sparc64 crypto instructions, >> 607 when available. >> 608 >> 609 config CRYPTO_CRC32 >> 610 tristate "CRC32 CRC algorithm" >> 611 select CRYPTO_HASH >> 612 select CRC32 >> 613 help >> 614 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. >> 615 Shash crypto api wrappers to crc32_le function. >> 616 >> 617 config CRYPTO_CRC32_PCLMUL >> 618 tristate "CRC32 PCLMULQDQ hardware acceleration" >> 619 depends on X86 >> 620 select CRYPTO_HASH >> 621 select CRC32 >> 622 help >> 623 From Intel Westmere and AMD Bulldozer processor with SSE4.2 >> 624 and PCLMULQDQ supported, the processor will support >> 625 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ >> 626 instruction. This option will create 'crc32-pclmul' module, >> 627 which will enable any routine to use the CRC-32-IEEE 802.3 checksum >> 628 and gain better performance as compared with the table implementation. >> 629 >> 630 config CRYPTO_CRC32_MIPS >> 631 tristate "CRC32c and CRC32 CRC algorithm (MIPS)" >> 632 depends on MIPS_CRC_SUPPORT >> 633 select CRYPTO_HASH >> 634 help >> 635 CRC32c and CRC32 CRC algorithms implemented using mips crypto >> 636 instructions, when available. >> 637 >> 638 >> 639 config CRYPTO_XXHASH >> 640 tristate "xxHash hash algorithm" 867 select CRYPTO_HASH 641 select CRYPTO_HASH >> 642 select XXHASH 868 help 643 help 869 BLAKE2b cryptographic hash function !! 644 xxHash non-cryptographic hash algorithm. Extremely fast, working at >> 645 speeds close to RAM limits. 870 646 871 BLAKE2b is optimized for 64-bit plat !! 647 config CRYPTO_BLAKE2B 872 of any size between 1 and 64 bytes. !! 648 tristate "BLAKE2b digest algorithm" >> 649 select CRYPTO_HASH >> 650 help >> 651 Implementation of cryptographic hash function BLAKE2b (or just BLAKE2), >> 652 optimized for 64bit platforms and can produce digests of any size >> 653 between 1 to 64. The keyed hash is also implemented. 873 654 874 This module provides the following a 655 This module provides the following algorithms: >> 656 875 - blake2b-160 657 - blake2b-160 876 - blake2b-256 658 - blake2b-256 877 - blake2b-384 659 - blake2b-384 878 - blake2b-512 660 - blake2b-512 879 661 880 Used by the btrfs filesystem. !! 662 See https://blake2.net for further information. >> 663 >> 664 config CRYPTO_BLAKE2S >> 665 tristate "BLAKE2s digest algorithm" >> 666 select CRYPTO_LIB_BLAKE2S_GENERIC >> 667 select CRYPTO_HASH >> 668 help >> 669 Implementation of cryptographic hash function BLAKE2s >> 670 optimized for 8-32bit platforms and can produce digests of any size >> 671 between 1 to 32. The keyed hash is also implemented. >> 672 >> 673 This module provides the following algorithms: >> 674 >> 675 - blake2s-128 >> 676 - blake2s-160 >> 677 - blake2s-224 >> 678 - blake2s-256 881 679 882 See https://blake2.net for further i 680 See https://blake2.net for further information. 883 681 884 config CRYPTO_CMAC !! 682 config CRYPTO_BLAKE2S_X86 885 tristate "CMAC (Cipher-based MAC)" !! 683 tristate "BLAKE2s digest algorithm (x86 accelerated version)" >> 684 depends on X86 && 64BIT >> 685 select CRYPTO_LIB_BLAKE2S_GENERIC >> 686 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S >> 687 >> 688 config CRYPTO_CRCT10DIF >> 689 tristate "CRCT10DIF algorithm" 886 select CRYPTO_HASH 690 select CRYPTO_HASH 887 select CRYPTO_MANAGER << 888 help 691 help 889 CMAC (Cipher-based Message Authentic !! 692 CRC T10 Data Integrity Field computation is being cast as 890 mode (NIST SP800-38B and IETF RFC449 !! 693 a crypto transform. This allows for faster crc t10 diff >> 694 transforms to be used if they are available. >> 695 >> 696 config CRYPTO_CRCT10DIF_PCLMUL >> 697 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" >> 698 depends on X86 && 64BIT && CRC_T10DIF >> 699 select CRYPTO_HASH >> 700 help >> 701 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, >> 702 CRC T10 DIF PCLMULQDQ computation can be hardware >> 703 accelerated PCLMULQDQ instruction. This option will create >> 704 'crct10dif-pclmul' module, which is faster when computing the >> 705 crct10dif checksum as compared with the generic table implementation. >> 706 >> 707 config CRYPTO_CRCT10DIF_VPMSUM >> 708 tristate "CRC32T10DIF powerpc64 hardware acceleration" >> 709 depends on PPC64 && ALTIVEC && CRC_T10DIF >> 710 select CRYPTO_HASH >> 711 help >> 712 CRC10T10DIF algorithm implemented using vector polynomial >> 713 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on >> 714 POWER8 and newer processors for improved performance. >> 715 >> 716 config CRYPTO_VPMSUM_TESTER >> 717 tristate "Powerpc64 vpmsum hardware acceleration tester" >> 718 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM >> 719 help >> 720 Stress test for CRC32c and CRC-T10DIF algorithms implemented with >> 721 POWER8 vpmsum instructions. >> 722 Unless you are testing these algorithms, you don't need this. 891 723 892 config CRYPTO_GHASH 724 config CRYPTO_GHASH 893 tristate "GHASH" !! 725 tristate "GHASH hash function" >> 726 select CRYPTO_GF128MUL 894 select CRYPTO_HASH 727 select CRYPTO_HASH 895 select CRYPTO_LIB_GF128MUL << 896 help 728 help 897 GCM GHASH function (NIST SP800-38D) !! 729 GHASH is the hash function used in GCM (Galois/Counter Mode). >> 730 It is not a general-purpose cryptographic hash function. 898 731 899 config CRYPTO_HMAC !! 732 config CRYPTO_POLY1305 900 tristate "HMAC (Keyed-Hash MAC)" !! 733 tristate "Poly1305 authenticator algorithm" 901 select CRYPTO_HASH 734 select CRYPTO_HASH 902 select CRYPTO_MANAGER !! 735 select CRYPTO_LIB_POLY1305_GENERIC >> 736 help >> 737 Poly1305 authenticator algorithm, RFC7539. >> 738 >> 739 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. >> 740 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use >> 741 in IETF protocols. This is the portable C implementation of Poly1305. >> 742 >> 743 config CRYPTO_POLY1305_X86_64 >> 744 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" >> 745 depends on X86 && 64BIT >> 746 select CRYPTO_LIB_POLY1305_GENERIC >> 747 select CRYPTO_ARCH_HAVE_LIB_POLY1305 903 help 748 help 904 HMAC (Keyed-Hash Message Authenticat !! 749 Poly1305 authenticator algorithm, RFC7539. 905 RFC2104) << 906 750 907 This is required for IPsec AH (XFRM_ !! 751 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. >> 752 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use >> 753 in IETF protocols. This is the x86_64 assembler implementation using SIMD >> 754 instructions. >> 755 >> 756 config CRYPTO_POLY1305_MIPS >> 757 tristate "Poly1305 authenticator algorithm (MIPS optimized)" >> 758 depends on CPU_MIPS32 || (CPU_MIPS64 && 64BIT) >> 759 select CRYPTO_ARCH_HAVE_LIB_POLY1305 908 760 909 config CRYPTO_MD4 761 config CRYPTO_MD4 910 tristate "MD4" !! 762 tristate "MD4 digest algorithm" 911 select CRYPTO_HASH 763 select CRYPTO_HASH 912 help 764 help 913 MD4 message digest algorithm (RFC132 !! 765 MD4 message digest algorithm (RFC1320). 914 766 915 config CRYPTO_MD5 767 config CRYPTO_MD5 916 tristate "MD5" !! 768 tristate "MD5 digest algorithm" 917 select CRYPTO_HASH 769 select CRYPTO_HASH 918 help 770 help 919 MD5 message digest algorithm (RFC132 !! 771 MD5 message digest algorithm (RFC1321). 920 772 921 config CRYPTO_MICHAEL_MIC !! 773 config CRYPTO_MD5_OCTEON 922 tristate "Michael MIC" !! 774 tristate "MD5 digest algorithm (OCTEON)" >> 775 depends on CPU_CAVIUM_OCTEON >> 776 select CRYPTO_MD5 923 select CRYPTO_HASH 777 select CRYPTO_HASH 924 help 778 help 925 Michael MIC (Message Integrity Code) !! 779 MD5 message digest algorithm (RFC1321) implemented >> 780 using OCTEON crypto instructions, when available. 926 781 927 Defined by the IEEE 802.11i TKIP (Te !! 782 config CRYPTO_MD5_PPC 928 known as WPA (Wif-Fi Protected Acces !! 783 tristate "MD5 digest algorithm (PPC)" 929 !! 784 depends on PPC 930 This algorithm is required for TKIP, !! 785 select CRYPTO_HASH 931 other purposes because of the weakne !! 786 help >> 787 MD5 message digest algorithm (RFC1321) implemented >> 788 in PPC assembler. 932 789 933 config CRYPTO_POLYVAL !! 790 config CRYPTO_MD5_SPARC64 934 tristate !! 791 tristate "MD5 digest algorithm (SPARC64)" >> 792 depends on SPARC64 >> 793 select CRYPTO_MD5 935 select CRYPTO_HASH 794 select CRYPTO_HASH 936 select CRYPTO_LIB_GF128MUL << 937 help 795 help 938 POLYVAL hash function for HCTR2 !! 796 MD5 message digest algorithm (RFC1321) implemented >> 797 using sparc64 crypto instructions, when available. 939 798 940 This is used in HCTR2. It is not a !! 799 config CRYPTO_MICHAEL_MIC 941 cryptographic hash function. !! 800 tristate "Michael MIC keyed digest algorithm" >> 801 select CRYPTO_HASH >> 802 help >> 803 Michael MIC is used for message integrity protection in TKIP >> 804 (IEEE 802.11i). This algorithm is required for TKIP, but it >> 805 should not be used for other purposes because of the weakness >> 806 of the algorithm. 942 807 943 config CRYPTO_POLY1305 !! 808 config CRYPTO_RMD128 944 tristate "Poly1305" !! 809 tristate "RIPEMD-128 digest algorithm" 945 select CRYPTO_HASH 810 select CRYPTO_HASH 946 select CRYPTO_LIB_POLY1305_GENERIC << 947 help 811 help 948 Poly1305 authenticator algorithm (RF !! 812 RIPEMD-128 (ISO/IEC 10118-3:2004). 949 813 950 Poly1305 is an authenticator algorit !! 814 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 951 It is used for the ChaCha20-Poly1305 !! 815 be used as a secure replacement for RIPEMD. For other use cases, 952 in IETF protocols. This is the porta !! 816 RIPEMD-160 should be used. >> 817 >> 818 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. >> 819 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 953 820 954 config CRYPTO_RMD160 821 config CRYPTO_RMD160 955 tristate "RIPEMD-160" !! 822 tristate "RIPEMD-160 digest algorithm" 956 select CRYPTO_HASH 823 select CRYPTO_HASH 957 help 824 help 958 RIPEMD-160 hash function (ISO/IEC 10 !! 825 RIPEMD-160 (ISO/IEC 10118-3:2004). 959 826 960 RIPEMD-160 is a 160-bit cryptographi 827 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 961 to be used as a secure replacement f 828 to be used as a secure replacement for the 128-bit hash functions 962 MD4, MD5 and its predecessor RIPEMD !! 829 MD4, MD5 and it's predecessor RIPEMD 963 (not to be confused with RIPEMD-128) 830 (not to be confused with RIPEMD-128). 964 831 965 Its speed is comparable to SHA-1 and !! 832 It's speed is comparable to SHA1 and there are no known attacks 966 against RIPEMD-160. 833 against RIPEMD-160. 967 834 968 Developed by Hans Dobbertin, Antoon 835 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 969 See https://homes.esat.kuleuven.be/~ !! 836 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 970 for further information. !! 837 >> 838 config CRYPTO_RMD256 >> 839 tristate "RIPEMD-256 digest algorithm" >> 840 select CRYPTO_HASH >> 841 help >> 842 RIPEMD-256 is an optional extension of RIPEMD-128 with a >> 843 256 bit hash. It is intended for applications that require >> 844 longer hash-results, without needing a larger security level >> 845 (than RIPEMD-128). >> 846 >> 847 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. >> 848 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> >> 849 >> 850 config CRYPTO_RMD320 >> 851 tristate "RIPEMD-320 digest algorithm" >> 852 select CRYPTO_HASH >> 853 help >> 854 RIPEMD-320 is an optional extension of RIPEMD-160 with a >> 855 320 bit hash. It is intended for applications that require >> 856 longer hash-results, without needing a larger security level >> 857 (than RIPEMD-160). >> 858 >> 859 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. >> 860 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 971 861 972 config CRYPTO_SHA1 862 config CRYPTO_SHA1 973 tristate "SHA-1" !! 863 tristate "SHA1 digest algorithm" >> 864 select CRYPTO_HASH >> 865 help >> 866 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). >> 867 >> 868 config CRYPTO_SHA1_SSSE3 >> 869 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" >> 870 depends on X86 && 64BIT >> 871 select CRYPTO_SHA1 974 select CRYPTO_HASH 872 select CRYPTO_HASH 975 select CRYPTO_LIB_SHA1 << 976 help 873 help 977 SHA-1 secure hash algorithm (FIPS 18 !! 874 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented >> 875 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector >> 876 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), >> 877 when available. >> 878 >> 879 config CRYPTO_SHA256_SSSE3 >> 880 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" >> 881 depends on X86 && 64BIT >> 882 select CRYPTO_SHA256 >> 883 select CRYPTO_HASH >> 884 help >> 885 SHA-256 secure hash standard (DFIPS 180-2) implemented >> 886 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector >> 887 Extensions version 1 (AVX1), or Advanced Vector Extensions >> 888 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New >> 889 Instructions) when available. >> 890 >> 891 config CRYPTO_SHA512_SSSE3 >> 892 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" >> 893 depends on X86 && 64BIT >> 894 select CRYPTO_SHA512 >> 895 select CRYPTO_HASH >> 896 help >> 897 SHA-512 secure hash standard (DFIPS 180-2) implemented >> 898 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector >> 899 Extensions version 1 (AVX1), or Advanced Vector Extensions >> 900 version 2 (AVX2) instructions, when available. >> 901 >> 902 config CRYPTO_SHA1_OCTEON >> 903 tristate "SHA1 digest algorithm (OCTEON)" >> 904 depends on CPU_CAVIUM_OCTEON >> 905 select CRYPTO_SHA1 >> 906 select CRYPTO_HASH >> 907 help >> 908 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented >> 909 using OCTEON crypto instructions, when available. >> 910 >> 911 config CRYPTO_SHA1_SPARC64 >> 912 tristate "SHA1 digest algorithm (SPARC64)" >> 913 depends on SPARC64 >> 914 select CRYPTO_SHA1 >> 915 select CRYPTO_HASH >> 916 help >> 917 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented >> 918 using sparc64 crypto instructions, when available. >> 919 >> 920 config CRYPTO_SHA1_PPC >> 921 tristate "SHA1 digest algorithm (powerpc)" >> 922 depends on PPC >> 923 help >> 924 This is the powerpc hardware accelerated implementation of the >> 925 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). >> 926 >> 927 config CRYPTO_SHA1_PPC_SPE >> 928 tristate "SHA1 digest algorithm (PPC SPE)" >> 929 depends on PPC && SPE >> 930 help >> 931 SHA-1 secure hash standard (DFIPS 180-4) implemented >> 932 using powerpc SPE SIMD instruction set. 978 933 979 config CRYPTO_SHA256 934 config CRYPTO_SHA256 980 tristate "SHA-224 and SHA-256" !! 935 tristate "SHA224 and SHA256 digest algorithm" 981 select CRYPTO_HASH 936 select CRYPTO_HASH 982 select CRYPTO_LIB_SHA256 937 select CRYPTO_LIB_SHA256 983 help 938 help 984 SHA-224 and SHA-256 secure hash algo !! 939 SHA256 secure hash standard (DFIPS 180-2). >> 940 >> 941 This version of SHA implements a 256 bit hash with 128 bits of >> 942 security against collision attacks. >> 943 >> 944 This code also includes SHA-224, a 224 bit hash with 112 bits >> 945 of security against collision attacks. >> 946 >> 947 config CRYPTO_SHA256_PPC_SPE >> 948 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" >> 949 depends on PPC && SPE >> 950 select CRYPTO_SHA256 >> 951 select CRYPTO_HASH >> 952 help >> 953 SHA224 and SHA256 secure hash standard (DFIPS 180-2) >> 954 implemented using powerpc SPE SIMD instruction set. 985 955 986 This is required for IPsec AH (XFRM_ !! 956 config CRYPTO_SHA256_OCTEON 987 Used by the btrfs filesystem, Ceph, !! 957 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" >> 958 depends on CPU_CAVIUM_OCTEON >> 959 select CRYPTO_SHA256 >> 960 select CRYPTO_HASH >> 961 help >> 962 SHA-256 secure hash standard (DFIPS 180-2) implemented >> 963 using OCTEON crypto instructions, when available. >> 964 >> 965 config CRYPTO_SHA256_SPARC64 >> 966 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" >> 967 depends on SPARC64 >> 968 select CRYPTO_SHA256 >> 969 select CRYPTO_HASH >> 970 help >> 971 SHA-256 secure hash standard (DFIPS 180-2) implemented >> 972 using sparc64 crypto instructions, when available. 988 973 989 config CRYPTO_SHA512 974 config CRYPTO_SHA512 990 tristate "SHA-384 and SHA-512" !! 975 tristate "SHA384 and SHA512 digest algorithms" 991 select CRYPTO_HASH 976 select CRYPTO_HASH 992 help 977 help 993 SHA-384 and SHA-512 secure hash algo !! 978 SHA512 secure hash standard (DFIPS 180-2). 994 979 995 config CRYPTO_SHA3 !! 980 This version of SHA implements a 512 bit hash with 256 bits of 996 tristate "SHA-3" !! 981 security against collision attacks. >> 982 >> 983 This code also includes SHA-384, a 384 bit hash with 192 bits >> 984 of security against collision attacks. >> 985 >> 986 config CRYPTO_SHA512_OCTEON >> 987 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" >> 988 depends on CPU_CAVIUM_OCTEON >> 989 select CRYPTO_SHA512 997 select CRYPTO_HASH 990 select CRYPTO_HASH 998 help 991 help 999 SHA-3 secure hash algorithms (FIPS 2 !! 992 SHA-512 secure hash standard (DFIPS 180-2) implemented >> 993 using OCTEON crypto instructions, when available. 1000 994 1001 config CRYPTO_SM3 !! 995 config CRYPTO_SHA512_SPARC64 1002 tristate !! 996 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" >> 997 depends on SPARC64 >> 998 select CRYPTO_SHA512 >> 999 select CRYPTO_HASH >> 1000 help >> 1001 SHA-512 secure hash standard (DFIPS 180-2) implemented >> 1002 using sparc64 crypto instructions, when available. 1003 1003 1004 config CRYPTO_SM3_GENERIC !! 1004 config CRYPTO_SHA3 1005 tristate "SM3 (ShangMi 3)" !! 1005 tristate "SHA3 digest algorithm" 1006 select CRYPTO_HASH 1006 select CRYPTO_HASH 1007 select CRYPTO_SM3 << 1008 help 1007 help 1009 SM3 (ShangMi 3) secure hash functio !! 1008 SHA-3 secure hash standard (DFIPS 202). It's based on >> 1009 cryptographic sponge function family called Keccak. >> 1010 >> 1011 References: >> 1012 http://keccak.noekeon.org/ 1010 1013 1011 This is part of the Chinese Commerc !! 1014 config CRYPTO_SM3 >> 1015 tristate "SM3 digest algorithm" >> 1016 select CRYPTO_HASH >> 1017 help >> 1018 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). >> 1019 It is part of the Chinese Commercial Cryptography suite. 1012 1020 1013 References: 1021 References: 1014 http://www.oscca.gov.cn/UpFile/2010 1022 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 1015 https://datatracker.ietf.org/doc/ht 1023 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 1016 1024 1017 config CRYPTO_STREEBOG 1025 config CRYPTO_STREEBOG 1018 tristate "Streebog" !! 1026 tristate "Streebog Hash Function" 1019 select CRYPTO_HASH 1027 select CRYPTO_HASH 1020 help 1028 help 1021 Streebog Hash Function (GOST R 34.1 !! 1029 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian 1022 !! 1030 cryptographic standard algorithms (called GOST algorithms). 1023 This is one of the Russian cryptogr !! 1031 This setting enables two hash algorithms with 256 and 512 bits output. 1024 GOST algorithms). This setting enab << 1025 256 and 512 bits output. << 1026 1032 1027 References: 1033 References: 1028 https://tc26.ru/upload/iblock/fed/f 1034 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 1029 https://tools.ietf.org/html/rfc6986 1035 https://tools.ietf.org/html/rfc6986 1030 1036 1031 config CRYPTO_VMAC !! 1037 config CRYPTO_TGR192 1032 tristate "VMAC" !! 1038 tristate "Tiger digest algorithms" 1033 select CRYPTO_HASH 1039 select CRYPTO_HASH 1034 select CRYPTO_MANAGER << 1035 help 1040 help 1036 VMAC is a message authentication al !! 1041 Tiger hash algorithm 192, 160 and 128-bit hashes 1037 very high speed on 64-bit architect !! 1042 >> 1043 Tiger is a hash function optimized for 64-bit processors while >> 1044 still having decent performance on 32-bit processors. >> 1045 Tiger was developed by Ross Anderson and Eli Biham. 1038 1046 1039 See https://fastcrypto.org/vmac for !! 1047 See also: >> 1048 <https://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 1040 1049 1041 config CRYPTO_WP512 1050 config CRYPTO_WP512 1042 tristate "Whirlpool" !! 1051 tristate "Whirlpool digest algorithms" 1043 select CRYPTO_HASH 1052 select CRYPTO_HASH 1044 help 1053 help 1045 Whirlpool hash function (ISO/IEC 10 !! 1054 Whirlpool hash algorithm 512, 384 and 256-bit hashes 1046 << 1047 512, 384 and 256-bit hashes. << 1048 1055 1049 Whirlpool-512 is part of the NESSIE 1056 Whirlpool-512 is part of the NESSIE cryptographic primitives. >> 1057 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 1050 1058 1051 See https://web.archive.org/web/201 !! 1059 See also: 1052 for further information. !! 1060 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 1053 1061 1054 config CRYPTO_XCBC !! 1062 config CRYPTO_GHASH_CLMUL_NI_INTEL 1055 tristate "XCBC-MAC (Extended Cipher B !! 1063 tristate "GHASH hash function (CLMUL-NI accelerated)" 1056 select CRYPTO_HASH !! 1064 depends on X86 && 64BIT 1057 select CRYPTO_MANAGER !! 1065 select CRYPTO_CRYPTD 1058 help 1066 help 1059 XCBC-MAC (Extended Cipher Block Cha !! 1067 This is the x86_64 CLMUL-NI accelerated implementation of 1060 Code) (RFC3566) !! 1068 GHASH, the hash function used in GCM (Galois/Counter mode). 1061 1069 1062 config CRYPTO_XXHASH !! 1070 comment "Ciphers" 1063 tristate "xxHash" !! 1071 1064 select CRYPTO_HASH !! 1072 config CRYPTO_AES 1065 select XXHASH !! 1073 tristate "AES cipher algorithms" >> 1074 select CRYPTO_ALGAPI >> 1075 select CRYPTO_LIB_AES 1066 help 1076 help 1067 xxHash non-cryptographic hash algor !! 1077 AES cipher algorithms (FIPS-197). AES uses the Rijndael >> 1078 algorithm. 1068 1079 1069 Extremely fast, working at speeds c !! 1080 Rijndael appears to be consistently a very good performer in >> 1081 both hardware and software across a wide range of computing >> 1082 environments regardless of its use in feedback or non-feedback >> 1083 modes. Its key setup time is excellent, and its key agility is >> 1084 good. Rijndael's very low memory requirements make it very well >> 1085 suited for restricted-space environments, in which it also >> 1086 demonstrates excellent performance. Rijndael's operations are >> 1087 among the easiest to defend against power and timing attacks. 1070 1088 1071 Used by the btrfs filesystem. !! 1089 The AES specifies three key sizes: 128, 192 and 256 bits 1072 1090 1073 endmenu !! 1091 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 1074 1092 1075 menu "CRCs (cyclic redundancy checks)" !! 1093 config CRYPTO_AES_TI >> 1094 tristate "Fixed time AES cipher" >> 1095 select CRYPTO_ALGAPI >> 1096 select CRYPTO_LIB_AES >> 1097 help >> 1098 This is a generic implementation of AES that attempts to eliminate >> 1099 data dependent latencies as much as possible without affecting >> 1100 performance too much. It is intended for use by the generic CCM >> 1101 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely >> 1102 solely on encryption (although decryption is supported as well, but >> 1103 with a more dramatic performance hit) 1076 1104 1077 config CRYPTO_CRC32C !! 1105 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 1078 tristate "CRC32c" !! 1106 8 for decryption), this implementation only uses just two S-boxes of 1079 select CRYPTO_HASH !! 1107 256 bytes each, and attempts to eliminate data dependent latencies by 1080 select CRC32 !! 1108 prefetching the entire table into the cache at the start of each >> 1109 block. Interrupts are also disabled to avoid races where cachelines >> 1110 are evicted when the CPU is interrupted to do something else. >> 1111 >> 1112 config CRYPTO_AES_NI_INTEL >> 1113 tristate "AES cipher algorithms (AES-NI)" >> 1114 depends on X86 >> 1115 select CRYPTO_AEAD >> 1116 select CRYPTO_LIB_AES >> 1117 select CRYPTO_ALGAPI >> 1118 select CRYPTO_SKCIPHER >> 1119 select CRYPTO_GLUE_HELPER_X86 if 64BIT >> 1120 select CRYPTO_SIMD 1081 help 1121 help 1082 CRC32c CRC algorithm with the iSCSI !! 1122 Use Intel AES-NI instructions for AES algorithm. 1083 1123 1084 A 32-bit CRC (cyclic redundancy che !! 1124 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1085 by G. Castagnoli, S. Braeuer and M. !! 1125 algorithm. 1086 Redundancy-Check Codes with 24 and << 1087 on Communications, Vol. 41, No. 6, << 1088 iSCSI. << 1089 1126 1090 Used by btrfs, ext4, jbd2, NVMeoF/T !! 1127 Rijndael appears to be consistently a very good performer in >> 1128 both hardware and software across a wide range of computing >> 1129 environments regardless of its use in feedback or non-feedback >> 1130 modes. Its key setup time is excellent, and its key agility is >> 1131 good. Rijndael's very low memory requirements make it very well >> 1132 suited for restricted-space environments, in which it also >> 1133 demonstrates excellent performance. Rijndael's operations are >> 1134 among the easiest to defend against power and timing attacks. 1091 1135 1092 config CRYPTO_CRC32 !! 1136 The AES specifies three key sizes: 128, 192 and 256 bits 1093 tristate "CRC32" !! 1137 1094 select CRYPTO_HASH !! 1138 See <http://csrc.nist.gov/encryption/aes/> for more information. 1095 select CRC32 !! 1139 >> 1140 In addition to AES cipher algorithm support, the acceleration >> 1141 for some popular block cipher mode is supported too, including >> 1142 ECB, CBC, LRW, XTS. The 64 bit version has additional >> 1143 acceleration for CTR. >> 1144 >> 1145 config CRYPTO_AES_SPARC64 >> 1146 tristate "AES cipher algorithms (SPARC64)" >> 1147 depends on SPARC64 >> 1148 select CRYPTO_SKCIPHER 1096 help 1149 help 1097 CRC32 CRC algorithm (IEEE 802.3) !! 1150 Use SPARC64 crypto opcodes for AES algorithm. 1098 1151 1099 Used by RoCEv2 and f2fs. !! 1152 AES cipher algorithms (FIPS-197). AES uses the Rijndael >> 1153 algorithm. 1100 1154 1101 config CRYPTO_CRCT10DIF !! 1155 Rijndael appears to be consistently a very good performer in 1102 tristate "CRCT10DIF" !! 1156 both hardware and software across a wide range of computing 1103 select CRYPTO_HASH !! 1157 environments regardless of its use in feedback or non-feedback >> 1158 modes. Its key setup time is excellent, and its key agility is >> 1159 good. Rijndael's very low memory requirements make it very well >> 1160 suited for restricted-space environments, in which it also >> 1161 demonstrates excellent performance. Rijndael's operations are >> 1162 among the easiest to defend against power and timing attacks. >> 1163 >> 1164 The AES specifies three key sizes: 128, 192 and 256 bits >> 1165 >> 1166 See <http://csrc.nist.gov/encryption/aes/> for more information. >> 1167 >> 1168 In addition to AES cipher algorithm support, the acceleration >> 1169 for some popular block cipher mode is supported too, including >> 1170 ECB and CBC. >> 1171 >> 1172 config CRYPTO_AES_PPC_SPE >> 1173 tristate "AES cipher algorithms (PPC SPE)" >> 1174 depends on PPC && SPE >> 1175 select CRYPTO_SKCIPHER 1104 help 1176 help 1105 CRC16 CRC algorithm used for the T1 !! 1177 AES cipher algorithms (FIPS-197). Additionally the acceleration >> 1178 for popular block cipher modes ECB, CBC, CTR and XTS is supported. >> 1179 This module should only be used for low power (router) devices >> 1180 without hardware AES acceleration (e.g. caam crypto). It reduces the >> 1181 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates >> 1182 timining attacks. Nevertheless it might be not as secure as other >> 1183 architecture specific assembler implementations that work on 1KB >> 1184 tables or 256 bytes S-boxes. 1106 1185 1107 CRC algorithm used by the SCSI Bloc !! 1186 config CRYPTO_ANUBIS >> 1187 tristate "Anubis cipher algorithm" >> 1188 select CRYPTO_ALGAPI >> 1189 help >> 1190 Anubis cipher algorithm. 1108 1191 1109 config CRYPTO_CRC64_ROCKSOFT !! 1192 Anubis is a variable key length cipher which can use keys from 1110 tristate "CRC64 based on Rocksoft Mod !! 1193 128 bits to 320 bits in length. It was evaluated as a entrant 1111 depends on CRC64 !! 1194 in the NESSIE competition. 1112 select CRYPTO_HASH !! 1195 >> 1196 See also: >> 1197 <https://www.cosic.esat.kuleuven.be/nessie/reports/> >> 1198 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> >> 1199 >> 1200 config CRYPTO_ARC4 >> 1201 tristate "ARC4 cipher algorithm" >> 1202 select CRYPTO_SKCIPHER >> 1203 select CRYPTO_LIB_ARC4 >> 1204 help >> 1205 ARC4 cipher algorithm. >> 1206 >> 1207 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 >> 1208 bits in length. This algorithm is required for driver-based >> 1209 WEP, but it should not be for other purposes because of the >> 1210 weakness of the algorithm. >> 1211 >> 1212 config CRYPTO_BLOWFISH >> 1213 tristate "Blowfish cipher algorithm" >> 1214 select CRYPTO_ALGAPI >> 1215 select CRYPTO_BLOWFISH_COMMON >> 1216 help >> 1217 Blowfish cipher algorithm, by Bruce Schneier. >> 1218 >> 1219 This is a variable key length cipher which can use keys from 32 >> 1220 bits to 448 bits in length. It's fast, simple and specifically >> 1221 designed for use on "large microprocessors". >> 1222 >> 1223 See also: >> 1224 <https://www.schneier.com/blowfish.html> >> 1225 >> 1226 config CRYPTO_BLOWFISH_COMMON >> 1227 tristate >> 1228 help >> 1229 Common parts of the Blowfish cipher algorithm shared by the >> 1230 generic c and the assembler implementations. >> 1231 >> 1232 See also: >> 1233 <https://www.schneier.com/blowfish.html> >> 1234 >> 1235 config CRYPTO_BLOWFISH_X86_64 >> 1236 tristate "Blowfish cipher algorithm (x86_64)" >> 1237 depends on X86 && 64BIT >> 1238 select CRYPTO_SKCIPHER >> 1239 select CRYPTO_BLOWFISH_COMMON >> 1240 help >> 1241 Blowfish cipher algorithm (x86_64), by Bruce Schneier. >> 1242 >> 1243 This is a variable key length cipher which can use keys from 32 >> 1244 bits to 448 bits in length. It's fast, simple and specifically >> 1245 designed for use on "large microprocessors". >> 1246 >> 1247 See also: >> 1248 <https://www.schneier.com/blowfish.html> >> 1249 >> 1250 config CRYPTO_CAMELLIA >> 1251 tristate "Camellia cipher algorithms" >> 1252 depends on CRYPTO >> 1253 select CRYPTO_ALGAPI >> 1254 help >> 1255 Camellia cipher algorithms module. >> 1256 >> 1257 Camellia is a symmetric key block cipher developed jointly >> 1258 at NTT and Mitsubishi Electric Corporation. >> 1259 >> 1260 The Camellia specifies three key sizes: 128, 192 and 256 bits. >> 1261 >> 1262 See also: >> 1263 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> >> 1264 >> 1265 config CRYPTO_CAMELLIA_X86_64 >> 1266 tristate "Camellia cipher algorithm (x86_64)" >> 1267 depends on X86 && 64BIT >> 1268 depends on CRYPTO >> 1269 select CRYPTO_SKCIPHER >> 1270 select CRYPTO_GLUE_HELPER_X86 >> 1271 help >> 1272 Camellia cipher algorithm module (x86_64). >> 1273 >> 1274 Camellia is a symmetric key block cipher developed jointly >> 1275 at NTT and Mitsubishi Electric Corporation. >> 1276 >> 1277 The Camellia specifies three key sizes: 128, 192 and 256 bits. >> 1278 >> 1279 See also: >> 1280 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> >> 1281 >> 1282 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 >> 1283 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" >> 1284 depends on X86 && 64BIT >> 1285 depends on CRYPTO >> 1286 select CRYPTO_SKCIPHER >> 1287 select CRYPTO_CAMELLIA_X86_64 >> 1288 select CRYPTO_GLUE_HELPER_X86 >> 1289 select CRYPTO_SIMD >> 1290 select CRYPTO_XTS >> 1291 help >> 1292 Camellia cipher algorithm module (x86_64/AES-NI/AVX). >> 1293 >> 1294 Camellia is a symmetric key block cipher developed jointly >> 1295 at NTT and Mitsubishi Electric Corporation. >> 1296 >> 1297 The Camellia specifies three key sizes: 128, 192 and 256 bits. >> 1298 >> 1299 See also: >> 1300 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> >> 1301 >> 1302 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 >> 1303 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" >> 1304 depends on X86 && 64BIT >> 1305 depends on CRYPTO >> 1306 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 >> 1307 help >> 1308 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). >> 1309 >> 1310 Camellia is a symmetric key block cipher developed jointly >> 1311 at NTT and Mitsubishi Electric Corporation. >> 1312 >> 1313 The Camellia specifies three key sizes: 128, 192 and 256 bits. >> 1314 >> 1315 See also: >> 1316 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> >> 1317 >> 1318 config CRYPTO_CAMELLIA_SPARC64 >> 1319 tristate "Camellia cipher algorithm (SPARC64)" >> 1320 depends on SPARC64 >> 1321 depends on CRYPTO >> 1322 select CRYPTO_ALGAPI >> 1323 select CRYPTO_SKCIPHER >> 1324 help >> 1325 Camellia cipher algorithm module (SPARC64). >> 1326 >> 1327 Camellia is a symmetric key block cipher developed jointly >> 1328 at NTT and Mitsubishi Electric Corporation. >> 1329 >> 1330 The Camellia specifies three key sizes: 128, 192 and 256 bits. >> 1331 >> 1332 See also: >> 1333 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> >> 1334 >> 1335 config CRYPTO_CAST_COMMON >> 1336 tristate >> 1337 help >> 1338 Common parts of the CAST cipher algorithms shared by the >> 1339 generic c and the assembler implementations. >> 1340 >> 1341 config CRYPTO_CAST5 >> 1342 tristate "CAST5 (CAST-128) cipher algorithm" >> 1343 select CRYPTO_ALGAPI >> 1344 select CRYPTO_CAST_COMMON >> 1345 help >> 1346 The CAST5 encryption algorithm (synonymous with CAST-128) is >> 1347 described in RFC2144. >> 1348 >> 1349 config CRYPTO_CAST5_AVX_X86_64 >> 1350 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" >> 1351 depends on X86 && 64BIT >> 1352 select CRYPTO_SKCIPHER >> 1353 select CRYPTO_CAST5 >> 1354 select CRYPTO_CAST_COMMON >> 1355 select CRYPTO_SIMD >> 1356 help >> 1357 The CAST5 encryption algorithm (synonymous with CAST-128) is >> 1358 described in RFC2144. >> 1359 >> 1360 This module provides the Cast5 cipher algorithm that processes >> 1361 sixteen blocks parallel using the AVX instruction set. >> 1362 >> 1363 config CRYPTO_CAST6 >> 1364 tristate "CAST6 (CAST-256) cipher algorithm" >> 1365 select CRYPTO_ALGAPI >> 1366 select CRYPTO_CAST_COMMON >> 1367 help >> 1368 The CAST6 encryption algorithm (synonymous with CAST-256) is >> 1369 described in RFC2612. >> 1370 >> 1371 config CRYPTO_CAST6_AVX_X86_64 >> 1372 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" >> 1373 depends on X86 && 64BIT >> 1374 select CRYPTO_SKCIPHER >> 1375 select CRYPTO_CAST6 >> 1376 select CRYPTO_CAST_COMMON >> 1377 select CRYPTO_GLUE_HELPER_X86 >> 1378 select CRYPTO_SIMD >> 1379 select CRYPTO_XTS >> 1380 help >> 1381 The CAST6 encryption algorithm (synonymous with CAST-256) is >> 1382 described in RFC2612. >> 1383 >> 1384 This module provides the Cast6 cipher algorithm that processes >> 1385 eight blocks parallel using the AVX instruction set. >> 1386 >> 1387 config CRYPTO_DES >> 1388 tristate "DES and Triple DES EDE cipher algorithms" >> 1389 select CRYPTO_ALGAPI >> 1390 select CRYPTO_LIB_DES >> 1391 help >> 1392 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). >> 1393 >> 1394 config CRYPTO_DES_SPARC64 >> 1395 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" >> 1396 depends on SPARC64 >> 1397 select CRYPTO_ALGAPI >> 1398 select CRYPTO_LIB_DES >> 1399 select CRYPTO_SKCIPHER >> 1400 help >> 1401 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), >> 1402 optimized using SPARC64 crypto opcodes. >> 1403 >> 1404 config CRYPTO_DES3_EDE_X86_64 >> 1405 tristate "Triple DES EDE cipher algorithm (x86-64)" >> 1406 depends on X86 && 64BIT >> 1407 select CRYPTO_SKCIPHER >> 1408 select CRYPTO_LIB_DES >> 1409 help >> 1410 Triple DES EDE (FIPS 46-3) algorithm. >> 1411 >> 1412 This module provides implementation of the Triple DES EDE cipher >> 1413 algorithm that is optimized for x86-64 processors. Two versions of >> 1414 algorithm are provided; regular processing one input block and >> 1415 one that processes three blocks parallel. >> 1416 >> 1417 config CRYPTO_FCRYPT >> 1418 tristate "FCrypt cipher algorithm" >> 1419 select CRYPTO_ALGAPI >> 1420 select CRYPTO_SKCIPHER >> 1421 help >> 1422 FCrypt algorithm used by RxRPC. >> 1423 >> 1424 config CRYPTO_KHAZAD >> 1425 tristate "Khazad cipher algorithm" >> 1426 select CRYPTO_ALGAPI >> 1427 help >> 1428 Khazad cipher algorithm. >> 1429 >> 1430 Khazad was a finalist in the initial NESSIE competition. It is >> 1431 an algorithm optimized for 64-bit processors with good performance >> 1432 on 32-bit processors. Khazad uses an 128 bit key size. >> 1433 >> 1434 See also: >> 1435 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> >> 1436 >> 1437 config CRYPTO_SALSA20 >> 1438 tristate "Salsa20 stream cipher algorithm" >> 1439 select CRYPTO_SKCIPHER >> 1440 help >> 1441 Salsa20 stream cipher algorithm. >> 1442 >> 1443 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT >> 1444 Stream Cipher Project. See <https://www.ecrypt.eu.org/stream/> >> 1445 >> 1446 The Salsa20 stream cipher algorithm is designed by Daniel J. >> 1447 Bernstein <https://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <https://cr.yp.to/snuffle.html> >> 1448 >> 1449 config CRYPTO_CHACHA20 >> 1450 tristate "ChaCha stream cipher algorithms" >> 1451 select CRYPTO_LIB_CHACHA_GENERIC >> 1452 select CRYPTO_SKCIPHER >> 1453 help >> 1454 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms. >> 1455 >> 1456 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. >> 1457 Bernstein and further specified in RFC7539 for use in IETF protocols. >> 1458 This is the portable C implementation of ChaCha20. See also: >> 1459 <https://cr.yp.to/chacha/chacha-20080128.pdf> >> 1460 >> 1461 XChaCha20 is the application of the XSalsa20 construction to ChaCha20 >> 1462 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length >> 1463 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, >> 1464 while provably retaining ChaCha20's security. See also: >> 1465 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf> >> 1466 >> 1467 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly >> 1468 reduced security margin but increased performance. It can be needed >> 1469 in some performance-sensitive scenarios. >> 1470 >> 1471 config CRYPTO_CHACHA20_X86_64 >> 1472 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)" >> 1473 depends on X86 && 64BIT >> 1474 select CRYPTO_SKCIPHER >> 1475 select CRYPTO_LIB_CHACHA_GENERIC >> 1476 select CRYPTO_ARCH_HAVE_LIB_CHACHA >> 1477 help >> 1478 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20, >> 1479 XChaCha20, and XChaCha12 stream ciphers. >> 1480 >> 1481 config CRYPTO_CHACHA_MIPS >> 1482 tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)" >> 1483 depends on CPU_MIPS32_R2 >> 1484 select CRYPTO_SKCIPHER >> 1485 select CRYPTO_ARCH_HAVE_LIB_CHACHA >> 1486 >> 1487 config CRYPTO_SEED >> 1488 tristate "SEED cipher algorithm" >> 1489 select CRYPTO_ALGAPI >> 1490 help >> 1491 SEED cipher algorithm (RFC4269). >> 1492 >> 1493 SEED is a 128-bit symmetric key block cipher that has been >> 1494 developed by KISA (Korea Information Security Agency) as a >> 1495 national standard encryption algorithm of the Republic of Korea. >> 1496 It is a 16 round block cipher with the key size of 128 bit. >> 1497 >> 1498 See also: >> 1499 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> >> 1500 >> 1501 config CRYPTO_SERPENT >> 1502 tristate "Serpent cipher algorithm" >> 1503 select CRYPTO_ALGAPI >> 1504 help >> 1505 Serpent cipher algorithm, by Anderson, Biham & Knudsen. >> 1506 >> 1507 Keys are allowed to be from 0 to 256 bits in length, in steps >> 1508 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed >> 1509 variant of Serpent for compatibility with old kerneli.org code. >> 1510 >> 1511 See also: >> 1512 <https://www.cl.cam.ac.uk/~rja14/serpent.html> >> 1513 >> 1514 config CRYPTO_SERPENT_SSE2_X86_64 >> 1515 tristate "Serpent cipher algorithm (x86_64/SSE2)" >> 1516 depends on X86 && 64BIT >> 1517 select CRYPTO_SKCIPHER >> 1518 select CRYPTO_GLUE_HELPER_X86 >> 1519 select CRYPTO_SERPENT >> 1520 select CRYPTO_SIMD >> 1521 help >> 1522 Serpent cipher algorithm, by Anderson, Biham & Knudsen. >> 1523 >> 1524 Keys are allowed to be from 0 to 256 bits in length, in steps >> 1525 of 8 bits. >> 1526 >> 1527 This module provides Serpent cipher algorithm that processes eight >> 1528 blocks parallel using SSE2 instruction set. >> 1529 >> 1530 See also: >> 1531 <https://www.cl.cam.ac.uk/~rja14/serpent.html> >> 1532 >> 1533 config CRYPTO_SERPENT_SSE2_586 >> 1534 tristate "Serpent cipher algorithm (i586/SSE2)" >> 1535 depends on X86 && !64BIT >> 1536 select CRYPTO_SKCIPHER >> 1537 select CRYPTO_GLUE_HELPER_X86 >> 1538 select CRYPTO_SERPENT >> 1539 select CRYPTO_SIMD >> 1540 help >> 1541 Serpent cipher algorithm, by Anderson, Biham & Knudsen. >> 1542 >> 1543 Keys are allowed to be from 0 to 256 bits in length, in steps >> 1544 of 8 bits. >> 1545 >> 1546 This module provides Serpent cipher algorithm that processes four >> 1547 blocks parallel using SSE2 instruction set. >> 1548 >> 1549 See also: >> 1550 <https://www.cl.cam.ac.uk/~rja14/serpent.html> >> 1551 >> 1552 config CRYPTO_SERPENT_AVX_X86_64 >> 1553 tristate "Serpent cipher algorithm (x86_64/AVX)" >> 1554 depends on X86 && 64BIT >> 1555 select CRYPTO_SKCIPHER >> 1556 select CRYPTO_GLUE_HELPER_X86 >> 1557 select CRYPTO_SERPENT >> 1558 select CRYPTO_SIMD >> 1559 select CRYPTO_XTS >> 1560 help >> 1561 Serpent cipher algorithm, by Anderson, Biham & Knudsen. >> 1562 >> 1563 Keys are allowed to be from 0 to 256 bits in length, in steps >> 1564 of 8 bits. >> 1565 >> 1566 This module provides the Serpent cipher algorithm that processes >> 1567 eight blocks parallel using the AVX instruction set. >> 1568 >> 1569 See also: >> 1570 <https://www.cl.cam.ac.uk/~rja14/serpent.html> >> 1571 >> 1572 config CRYPTO_SERPENT_AVX2_X86_64 >> 1573 tristate "Serpent cipher algorithm (x86_64/AVX2)" >> 1574 depends on X86 && 64BIT >> 1575 select CRYPTO_SERPENT_AVX_X86_64 >> 1576 help >> 1577 Serpent cipher algorithm, by Anderson, Biham & Knudsen. >> 1578 >> 1579 Keys are allowed to be from 0 to 256 bits in length, in steps >> 1580 of 8 bits. >> 1581 >> 1582 This module provides Serpent cipher algorithm that processes 16 >> 1583 blocks parallel using AVX2 instruction set. >> 1584 >> 1585 See also: >> 1586 <https://www.cl.cam.ac.uk/~rja14/serpent.html> >> 1587 >> 1588 config CRYPTO_SM4 >> 1589 tristate "SM4 cipher algorithm" >> 1590 select CRYPTO_ALGAPI >> 1591 help >> 1592 SM4 cipher algorithms (OSCCA GB/T 32907-2016). >> 1593 >> 1594 SM4 (GBT.32907-2016) is a cryptographic standard issued by the >> 1595 Organization of State Commercial Administration of China (OSCCA) >> 1596 as an authorized cryptographic algorithms for the use within China. >> 1597 >> 1598 SMS4 was originally created for use in protecting wireless >> 1599 networks, and is mandated in the Chinese National Standard for >> 1600 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) >> 1601 (GB.15629.11-2003). >> 1602 >> 1603 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and >> 1604 standardized through TC 260 of the Standardization Administration >> 1605 of the People's Republic of China (SAC). >> 1606 >> 1607 The input, output, and key of SMS4 are each 128 bits. >> 1608 >> 1609 See also: <https://eprint.iacr.org/2008/329.pdf> >> 1610 >> 1611 If unsure, say N. >> 1612 >> 1613 config CRYPTO_TEA >> 1614 tristate "TEA, XTEA and XETA cipher algorithms" >> 1615 select CRYPTO_ALGAPI >> 1616 help >> 1617 TEA cipher algorithm. >> 1618 >> 1619 Tiny Encryption Algorithm is a simple cipher that uses >> 1620 many rounds for security. It is very fast and uses >> 1621 little memory. >> 1622 >> 1623 Xtendend Tiny Encryption Algorithm is a modification to >> 1624 the TEA algorithm to address a potential key weakness >> 1625 in the TEA algorithm. >> 1626 >> 1627 Xtendend Encryption Tiny Algorithm is a mis-implementation >> 1628 of the XTEA algorithm for compatibility purposes. >> 1629 >> 1630 config CRYPTO_TWOFISH >> 1631 tristate "Twofish cipher algorithm" >> 1632 select CRYPTO_ALGAPI >> 1633 select CRYPTO_TWOFISH_COMMON >> 1634 help >> 1635 Twofish cipher algorithm. >> 1636 >> 1637 Twofish was submitted as an AES (Advanced Encryption Standard) >> 1638 candidate cipher by researchers at CounterPane Systems. It is a >> 1639 16 round block cipher supporting key sizes of 128, 192, and 256 >> 1640 bits. >> 1641 >> 1642 See also: >> 1643 <https://www.schneier.com/twofish.html> >> 1644 >> 1645 config CRYPTO_TWOFISH_COMMON >> 1646 tristate >> 1647 help >> 1648 Common parts of the Twofish cipher algorithm shared by the >> 1649 generic c and the assembler implementations. >> 1650 >> 1651 config CRYPTO_TWOFISH_586 >> 1652 tristate "Twofish cipher algorithms (i586)" >> 1653 depends on (X86 || UML_X86) && !64BIT >> 1654 select CRYPTO_ALGAPI >> 1655 select CRYPTO_TWOFISH_COMMON >> 1656 help >> 1657 Twofish cipher algorithm. >> 1658 >> 1659 Twofish was submitted as an AES (Advanced Encryption Standard) >> 1660 candidate cipher by researchers at CounterPane Systems. It is a >> 1661 16 round block cipher supporting key sizes of 128, 192, and 256 >> 1662 bits. >> 1663 >> 1664 See also: >> 1665 <https://www.schneier.com/twofish.html> >> 1666 >> 1667 config CRYPTO_TWOFISH_X86_64 >> 1668 tristate "Twofish cipher algorithm (x86_64)" >> 1669 depends on (X86 || UML_X86) && 64BIT >> 1670 select CRYPTO_ALGAPI >> 1671 select CRYPTO_TWOFISH_COMMON 1113 help 1672 help 1114 CRC64 CRC algorithm based on the Ro !! 1673 Twofish cipher algorithm (x86_64). >> 1674 >> 1675 Twofish was submitted as an AES (Advanced Encryption Standard) >> 1676 candidate cipher by researchers at CounterPane Systems. It is a >> 1677 16 round block cipher supporting key sizes of 128, 192, and 256 >> 1678 bits. >> 1679 >> 1680 See also: >> 1681 <https://www.schneier.com/twofish.html> 1115 1682 1116 Used by the NVMe implementation of !! 1683 config CRYPTO_TWOFISH_X86_64_3WAY >> 1684 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" >> 1685 depends on X86 && 64BIT >> 1686 select CRYPTO_SKCIPHER >> 1687 select CRYPTO_TWOFISH_COMMON >> 1688 select CRYPTO_TWOFISH_X86_64 >> 1689 select CRYPTO_GLUE_HELPER_X86 >> 1690 help >> 1691 Twofish cipher algorithm (x86_64, 3-way parallel). 1117 1692 1118 See https://zlib.net/crc_v3.txt !! 1693 Twofish was submitted as an AES (Advanced Encryption Standard) >> 1694 candidate cipher by researchers at CounterPane Systems. It is a >> 1695 16 round block cipher supporting key sizes of 128, 192, and 256 >> 1696 bits. 1119 1697 1120 endmenu !! 1698 This module provides Twofish cipher algorithm that processes three >> 1699 blocks parallel, utilizing resources of out-of-order CPUs better. 1121 1700 1122 menu "Compression" !! 1701 See also: >> 1702 <https://www.schneier.com/twofish.html> >> 1703 >> 1704 config CRYPTO_TWOFISH_AVX_X86_64 >> 1705 tristate "Twofish cipher algorithm (x86_64/AVX)" >> 1706 depends on X86 && 64BIT >> 1707 select CRYPTO_SKCIPHER >> 1708 select CRYPTO_GLUE_HELPER_X86 >> 1709 select CRYPTO_SIMD >> 1710 select CRYPTO_TWOFISH_COMMON >> 1711 select CRYPTO_TWOFISH_X86_64 >> 1712 select CRYPTO_TWOFISH_X86_64_3WAY >> 1713 help >> 1714 Twofish cipher algorithm (x86_64/AVX). >> 1715 >> 1716 Twofish was submitted as an AES (Advanced Encryption Standard) >> 1717 candidate cipher by researchers at CounterPane Systems. It is a >> 1718 16 round block cipher supporting key sizes of 128, 192, and 256 >> 1719 bits. >> 1720 >> 1721 This module provides the Twofish cipher algorithm that processes >> 1722 eight blocks parallel using the AVX Instruction Set. >> 1723 >> 1724 See also: >> 1725 <https://www.schneier.com/twofish.html> >> 1726 >> 1727 comment "Compression" 1123 1728 1124 config CRYPTO_DEFLATE 1729 config CRYPTO_DEFLATE 1125 tristate "Deflate" !! 1730 tristate "Deflate compression algorithm" 1126 select CRYPTO_ALGAPI 1731 select CRYPTO_ALGAPI 1127 select CRYPTO_ACOMP2 1732 select CRYPTO_ACOMP2 1128 select ZLIB_INFLATE 1733 select ZLIB_INFLATE 1129 select ZLIB_DEFLATE 1734 select ZLIB_DEFLATE 1130 help 1735 help 1131 Deflate compression algorithm (RFC1 !! 1736 This is the Deflate algorithm (RFC1951), specified for use in >> 1737 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1132 1738 1133 Used by IPSec with the IPCOMP proto !! 1739 You will most probably want this if using IPSec. 1134 1740 1135 config CRYPTO_LZO 1741 config CRYPTO_LZO 1136 tristate "LZO" !! 1742 tristate "LZO compression algorithm" 1137 select CRYPTO_ALGAPI 1743 select CRYPTO_ALGAPI 1138 select CRYPTO_ACOMP2 1744 select CRYPTO_ACOMP2 1139 select LZO_COMPRESS 1745 select LZO_COMPRESS 1140 select LZO_DECOMPRESS 1746 select LZO_DECOMPRESS 1141 help 1747 help 1142 LZO compression algorithm !! 1748 This is the LZO algorithm. 1143 << 1144 See https://www.oberhumer.com/opens << 1145 1749 1146 config CRYPTO_842 1750 config CRYPTO_842 1147 tristate "842" !! 1751 tristate "842 compression algorithm" 1148 select CRYPTO_ALGAPI 1752 select CRYPTO_ALGAPI 1149 select CRYPTO_ACOMP2 1753 select CRYPTO_ACOMP2 1150 select 842_COMPRESS 1754 select 842_COMPRESS 1151 select 842_DECOMPRESS 1755 select 842_DECOMPRESS 1152 help 1756 help 1153 842 compression algorithm by IBM !! 1757 This is the 842 algorithm. 1154 << 1155 See https://github.com/plauth/lib84 << 1156 1758 1157 config CRYPTO_LZ4 1759 config CRYPTO_LZ4 1158 tristate "LZ4" !! 1760 tristate "LZ4 compression algorithm" 1159 select CRYPTO_ALGAPI 1761 select CRYPTO_ALGAPI 1160 select CRYPTO_ACOMP2 1762 select CRYPTO_ACOMP2 1161 select LZ4_COMPRESS 1763 select LZ4_COMPRESS 1162 select LZ4_DECOMPRESS 1764 select LZ4_DECOMPRESS 1163 help 1765 help 1164 LZ4 compression algorithm !! 1766 This is the LZ4 algorithm. 1165 << 1166 See https://github.com/lz4/lz4 for << 1167 1767 1168 config CRYPTO_LZ4HC 1768 config CRYPTO_LZ4HC 1169 tristate "LZ4HC" !! 1769 tristate "LZ4HC compression algorithm" 1170 select CRYPTO_ALGAPI 1770 select CRYPTO_ALGAPI 1171 select CRYPTO_ACOMP2 1771 select CRYPTO_ACOMP2 1172 select LZ4HC_COMPRESS 1772 select LZ4HC_COMPRESS 1173 select LZ4_DECOMPRESS 1773 select LZ4_DECOMPRESS 1174 help 1774 help 1175 LZ4 high compression mode algorithm !! 1775 This is the LZ4 high compression mode algorithm. 1176 << 1177 See https://github.com/lz4/lz4 for << 1178 1776 1179 config CRYPTO_ZSTD 1777 config CRYPTO_ZSTD 1180 tristate "Zstd" !! 1778 tristate "Zstd compression algorithm" 1181 select CRYPTO_ALGAPI 1779 select CRYPTO_ALGAPI 1182 select CRYPTO_ACOMP2 1780 select CRYPTO_ACOMP2 1183 select ZSTD_COMPRESS 1781 select ZSTD_COMPRESS 1184 select ZSTD_DECOMPRESS 1782 select ZSTD_DECOMPRESS 1185 help 1783 help 1186 zstd compression algorithm !! 1784 This is the zstd algorithm. 1187 1785 1188 See https://github.com/facebook/zst !! 1786 comment "Random Number Generation" 1189 << 1190 endmenu << 1191 << 1192 menu "Random number generation" << 1193 1787 1194 config CRYPTO_ANSI_CPRNG 1788 config CRYPTO_ANSI_CPRNG 1195 tristate "ANSI PRNG (Pseudo Random Nu !! 1789 tristate "Pseudo Random Number Generation for Cryptographic modules" 1196 select CRYPTO_AES 1790 select CRYPTO_AES 1197 select CRYPTO_RNG 1791 select CRYPTO_RNG 1198 help 1792 help 1199 Pseudo RNG (random number generator !! 1793 This option enables the generic pseudo random number generator 1200 !! 1794 for cryptographic modules. Uses the Algorithm specified in 1201 This uses the AES cipher algorithm. !! 1795 ANSI X9.31 A.2.4. Note that this option must be enabled if 1202 !! 1796 CRYPTO_FIPS is selected 1203 Note that this option must be enabl << 1204 1797 1205 menuconfig CRYPTO_DRBG_MENU 1798 menuconfig CRYPTO_DRBG_MENU 1206 tristate "NIST SP800-90A DRBG (Determ !! 1799 tristate "NIST SP800-90A DRBG" 1207 help 1800 help 1208 DRBG (Deterministic Random Bit Gene !! 1801 NIST SP800-90A compliant DRBG. In the following submenu, one or 1209 !! 1802 more of the DRBG types must be selected. 1210 In the following submenu, one or mo << 1211 1803 1212 if CRYPTO_DRBG_MENU 1804 if CRYPTO_DRBG_MENU 1213 1805 1214 config CRYPTO_DRBG_HMAC 1806 config CRYPTO_DRBG_HMAC 1215 bool 1807 bool 1216 default y 1808 default y 1217 select CRYPTO_HMAC 1809 select CRYPTO_HMAC 1218 select CRYPTO_SHA512 !! 1810 select CRYPTO_SHA256 1219 1811 1220 config CRYPTO_DRBG_HASH 1812 config CRYPTO_DRBG_HASH 1221 bool "Hash_DRBG" !! 1813 bool "Enable Hash DRBG" 1222 select CRYPTO_SHA256 1814 select CRYPTO_SHA256 1223 help 1815 help 1224 Hash_DRBG variant as defined in NIS !! 1816 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1225 << 1226 This uses the SHA-1, SHA-256, SHA-3 << 1227 1817 1228 config CRYPTO_DRBG_CTR 1818 config CRYPTO_DRBG_CTR 1229 bool "CTR_DRBG" !! 1819 bool "Enable CTR DRBG" 1230 select CRYPTO_AES 1820 select CRYPTO_AES 1231 select CRYPTO_CTR 1821 select CRYPTO_CTR 1232 help 1822 help 1233 CTR_DRBG variant as defined in NIST !! 1823 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1234 << 1235 This uses the AES cipher algorithm << 1236 1824 1237 config CRYPTO_DRBG 1825 config CRYPTO_DRBG 1238 tristate 1826 tristate 1239 default CRYPTO_DRBG_MENU 1827 default CRYPTO_DRBG_MENU 1240 select CRYPTO_RNG 1828 select CRYPTO_RNG 1241 select CRYPTO_JITTERENTROPY 1829 select CRYPTO_JITTERENTROPY 1242 1830 1243 endif # if CRYPTO_DRBG_MENU 1831 endif # if CRYPTO_DRBG_MENU 1244 1832 1245 config CRYPTO_JITTERENTROPY 1833 config CRYPTO_JITTERENTROPY 1246 tristate "CPU Jitter Non-Deterministi !! 1834 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1247 select CRYPTO_RNG 1835 select CRYPTO_RNG 1248 select CRYPTO_SHA3 << 1249 help 1836 help 1250 CPU Jitter RNG (Random Number Gener !! 1837 The Jitterentropy RNG is a noise that is intended 1251 !! 1838 to provide seed to another RNG. The RNG does not 1252 A non-physical non-deterministic (" !! 1839 perform any cryptographic whitening of the generated 1253 compliant with NIST SP800-90B) inte !! 1840 random numbers. This Jitterentropy RNG registers with 1254 deterministic RNG (e.g., per NIST S !! 1841 the kernel crypto API and can be used by any caller. 1255 This RNG does not perform any crypt << 1256 random numbers. << 1257 << 1258 See https://www.chronox.de/jent/ << 1259 << 1260 if CRYPTO_JITTERENTROPY << 1261 if CRYPTO_FIPS && EXPERT << 1262 << 1263 choice << 1264 prompt "CPU Jitter RNG Memory Size" << 1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ << 1266 help << 1267 The Jitter RNG measures the executi << 1268 Multiple consecutive memory accesse << 1269 size fits into a cache (e.g. L1), o << 1270 to that cache is measured. The clos << 1271 the less variations are measured an << 1272 obtained. Thus, if the memory size << 1273 obtained entropy is less than if th << 1274 L1 + L2, which in turn is less if t << 1275 L1 + L2 + L3. Thus, by selecting a << 1276 the entropy rate produced by the Ji << 1277 << 1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 << 1279 bool "2048 Bytes (default)" << 1280 << 1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 << 1282 bool "128 kBytes" << 1283 << 1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 << 1285 bool "1024 kBytes" << 1286 << 1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 << 1288 bool "8192 kBytes" << 1289 endchoice << 1290 << 1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS << 1292 int << 1293 default 64 if CRYPTO_JITTERENTROPY_ME << 1294 default 512 if CRYPTO_JITTERENTROPY_M << 1295 default 1024 if CRYPTO_JITTERENTROPY_ << 1296 default 4096 if CRYPTO_JITTERENTROPY_ << 1297 << 1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE << 1299 int << 1300 default 32 if CRYPTO_JITTERENTROPY_ME << 1301 default 256 if CRYPTO_JITTERENTROPY_M << 1302 default 1024 if CRYPTO_JITTERENTROPY_ << 1303 default 2048 if CRYPTO_JITTERENTROPY_ << 1304 << 1305 config CRYPTO_JITTERENTROPY_OSR << 1306 int "CPU Jitter RNG Oversampling Rate << 1307 range 1 15 << 1308 default 3 << 1309 help << 1310 The Jitter RNG allows the specifica << 1311 The Jitter RNG operation requires a << 1312 measurements to produce one output << 1313 OSR value is multiplied with the am << 1314 generate one output block. Thus, th << 1315 by the OSR factor. The oversampling << 1316 on hardware whose timers deliver li << 1317 the timer is coarse) by setting the << 1318 trade-off, however, is that the Jit << 1319 to generate random numbers. << 1320 << 1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE << 1322 bool "CPU Jitter RNG Test Interface" << 1323 help << 1324 The test interface allows a privile << 1325 the raw unconditioned high resoluti << 1326 is collected by the Jitter RNG for << 1327 this data is used at the same time << 1328 the Jitter RNG operates in an insec << 1329 recording is enabled. This interfac << 1330 intended for testing purposes and i << 1331 production systems. << 1332 << 1333 The raw noise data can be obtained << 1334 debugfs file. Using the option << 1335 jitterentropy_testing.boot_raw_hire << 1336 the first 1000 entropy events since << 1337 << 1338 If unsure, select N. << 1339 << 1340 endif # if CRYPTO_FIPS && EXPERT << 1341 << 1342 if !(CRYPTO_FIPS && EXPERT) << 1343 << 1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS << 1345 int << 1346 default 64 << 1347 << 1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE << 1349 int << 1350 default 32 << 1351 << 1352 config CRYPTO_JITTERENTROPY_OSR << 1353 int << 1354 default 1 << 1355 << 1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE << 1357 bool << 1358 << 1359 endif # if !(CRYPTO_FIPS && EXPERT) << 1360 endif # if CRYPTO_JITTERENTROPY << 1361 << 1362 config CRYPTO_KDF800108_CTR << 1363 tristate << 1364 select CRYPTO_HMAC << 1365 select CRYPTO_SHA256 << 1366 << 1367 endmenu << 1368 menu "Userspace interface" << 1369 1842 1370 config CRYPTO_USER_API 1843 config CRYPTO_USER_API 1371 tristate 1844 tristate 1372 1845 1373 config CRYPTO_USER_API_HASH 1846 config CRYPTO_USER_API_HASH 1374 tristate "Hash algorithms" !! 1847 tristate "User-space interface for hash algorithms" 1375 depends on NET 1848 depends on NET 1376 select CRYPTO_HASH 1849 select CRYPTO_HASH 1377 select CRYPTO_USER_API 1850 select CRYPTO_USER_API 1378 help 1851 help 1379 Enable the userspace interface for !! 1852 This option enables the user-spaces interface for hash 1380 !! 1853 algorithms. 1381 See Documentation/crypto/userspace- << 1382 https://www.chronox.de/libkcapi/htm << 1383 1854 1384 config CRYPTO_USER_API_SKCIPHER 1855 config CRYPTO_USER_API_SKCIPHER 1385 tristate "Symmetric key cipher algori !! 1856 tristate "User-space interface for symmetric key cipher algorithms" 1386 depends on NET 1857 depends on NET 1387 select CRYPTO_SKCIPHER 1858 select CRYPTO_SKCIPHER 1388 select CRYPTO_USER_API 1859 select CRYPTO_USER_API 1389 help 1860 help 1390 Enable the userspace interface for !! 1861 This option enables the user-spaces interface for symmetric 1391 !! 1862 key cipher algorithms. 1392 See Documentation/crypto/userspace- << 1393 https://www.chronox.de/libkcapi/htm << 1394 1863 1395 config CRYPTO_USER_API_RNG 1864 config CRYPTO_USER_API_RNG 1396 tristate "RNG (random number generato !! 1865 tristate "User-space interface for random number generator algorithms" 1397 depends on NET 1866 depends on NET 1398 select CRYPTO_RNG 1867 select CRYPTO_RNG 1399 select CRYPTO_USER_API 1868 select CRYPTO_USER_API 1400 help 1869 help 1401 Enable the userspace interface for !! 1870 This option enables the user-spaces interface for random 1402 algorithms. !! 1871 number generator algorithms. 1403 << 1404 See Documentation/crypto/userspace- << 1405 https://www.chronox.de/libkcapi/htm << 1406 << 1407 config CRYPTO_USER_API_RNG_CAVP << 1408 bool "Enable CAVP testing of DRBG" << 1409 depends on CRYPTO_USER_API_RNG && CRY << 1410 help << 1411 Enable extra APIs in the userspace << 1412 (Cryptographic Algorithm Validation << 1413 - resetting DRBG entropy << 1414 - providing Additional Data << 1415 << 1416 This should only be enabled for CAV << 1417 no unless you know what this is. << 1418 1872 1419 config CRYPTO_USER_API_AEAD 1873 config CRYPTO_USER_API_AEAD 1420 tristate "AEAD cipher algorithms" !! 1874 tristate "User-space interface for AEAD cipher algorithms" 1421 depends on NET 1875 depends on NET 1422 select CRYPTO_AEAD 1876 select CRYPTO_AEAD 1423 select CRYPTO_SKCIPHER 1877 select CRYPTO_SKCIPHER 1424 select CRYPTO_NULL 1878 select CRYPTO_NULL 1425 select CRYPTO_USER_API 1879 select CRYPTO_USER_API 1426 help 1880 help 1427 Enable the userspace interface for !! 1881 This option enables the user-spaces interface for AEAD >> 1882 cipher algorithms. 1428 1883 1429 See Documentation/crypto/userspace- !! 1884 config CRYPTO_STATS 1430 https://www.chronox.de/libkcapi/htm !! 1885 bool "Crypto usage statistics for User-space" 1431 !! 1886 depends on CRYPTO_USER 1432 config CRYPTO_USER_API_ENABLE_OBSOLETE !! 1887 help 1433 bool "Obsolete cryptographic algorith !! 1888 This option enables the gathering of crypto stats. 1434 depends on CRYPTO_USER_API !! 1889 This will collect: 1435 default y !! 1890 - encrypt/decrypt size and numbers of symmeric operations 1436 help !! 1891 - compress/decompress size and numbers of compress operations 1437 Allow obsolete cryptographic algori !! 1892 - size and numbers of hash operations 1438 already been phased out from intern !! 1893 - encrypt/decrypt/sign/verify numbers for asymmetric operations 1439 only useful for userspace clients t !! 1894 - generate/seed numbers for rng operations 1440 << 1441 endmenu << 1442 1895 1443 config CRYPTO_HASH_INFO 1896 config CRYPTO_HASH_INFO 1444 bool 1897 bool 1445 1898 1446 if !KMSAN # avoid false positives from assemb !! 1899 source "lib/crypto/Kconfig" 1447 if ARM << 1448 source "arch/arm/crypto/Kconfig" << 1449 endif << 1450 if ARM64 << 1451 source "arch/arm64/crypto/Kconfig" << 1452 endif << 1453 if LOONGARCH << 1454 source "arch/loongarch/crypto/Kconfig" << 1455 endif << 1456 if MIPS << 1457 source "arch/mips/crypto/Kconfig" << 1458 endif << 1459 if PPC << 1460 source "arch/powerpc/crypto/Kconfig" << 1461 endif << 1462 if RISCV << 1463 source "arch/riscv/crypto/Kconfig" << 1464 endif << 1465 if S390 << 1466 source "arch/s390/crypto/Kconfig" << 1467 endif << 1468 if SPARC << 1469 source "arch/sparc/crypto/Kconfig" << 1470 endif << 1471 if X86 << 1472 source "arch/x86/crypto/Kconfig" << 1473 endif << 1474 endif << 1475 << 1476 source "drivers/crypto/Kconfig" 1900 source "drivers/crypto/Kconfig" 1477 source "crypto/asymmetric_keys/Kconfig" 1901 source "crypto/asymmetric_keys/Kconfig" 1478 source "certs/Kconfig" 1902 source "certs/Kconfig" 1479 1903 1480 endif # if CRYPTO 1904 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.