~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/crypto/Kconfig

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /crypto/Kconfig (Architecture mips) and /crypto/Kconfig (Architecture ppc)


  1 # SPDX-License-Identifier: GPL-2.0                  1 # SPDX-License-Identifier: GPL-2.0
  2 #                                                   2 #
  3 # Generic algorithms support                        3 # Generic algorithms support
  4 #                                                   4 #
  5 config XOR_BLOCKS                                   5 config XOR_BLOCKS
  6         tristate                                    6         tristate
  7                                                     7 
  8 #                                                   8 #
  9 # async_tx api: hardware offloaded memory tran      9 # async_tx api: hardware offloaded memory transfer/transform support
 10 #                                                  10 #
 11 source "crypto/async_tx/Kconfig"                   11 source "crypto/async_tx/Kconfig"
 12                                                    12 
 13 #                                                  13 #
 14 # Cryptographic API Configuration                  14 # Cryptographic API Configuration
 15 #                                                  15 #
 16 menuconfig CRYPTO                                  16 menuconfig CRYPTO
 17         tristate "Cryptographic API"               17         tristate "Cryptographic API"
 18         select CRYPTO_LIB_UTILS                    18         select CRYPTO_LIB_UTILS
 19         help                                       19         help
 20           This option provides the core Crypto     20           This option provides the core Cryptographic API.
 21                                                    21 
 22 if CRYPTO                                          22 if CRYPTO
 23                                                    23 
 24 menu "Crypto core or helper"                       24 menu "Crypto core or helper"
 25                                                    25 
 26 config CRYPTO_FIPS                                 26 config CRYPTO_FIPS
 27         bool "FIPS 200 compliance"                 27         bool "FIPS 200 compliance"
 28         depends on (CRYPTO_ANSI_CPRNG || CRYPT     28         depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
 29         depends on (MODULE_SIG || !MODULES)        29         depends on (MODULE_SIG || !MODULES)
 30         help                                       30         help
 31           This option enables the fips boot op     31           This option enables the fips boot option which is
 32           required if you want the system to o     32           required if you want the system to operate in a FIPS 200
 33           certification.  You should say no un     33           certification.  You should say no unless you know what
 34           this is.                                 34           this is.
 35                                                    35 
 36 config CRYPTO_FIPS_NAME                            36 config CRYPTO_FIPS_NAME
 37         string "FIPS Module Name"                  37         string "FIPS Module Name"
 38         default "Linux Kernel Cryptographic AP     38         default "Linux Kernel Cryptographic API"
 39         depends on CRYPTO_FIPS                     39         depends on CRYPTO_FIPS
 40         help                                       40         help
 41           This option sets the FIPS Module nam     41           This option sets the FIPS Module name reported by the Crypto API via
 42           the /proc/sys/crypto/fips_name file.     42           the /proc/sys/crypto/fips_name file.
 43                                                    43 
 44 config CRYPTO_FIPS_CUSTOM_VERSION                  44 config CRYPTO_FIPS_CUSTOM_VERSION
 45         bool "Use Custom FIPS Module Version"      45         bool "Use Custom FIPS Module Version"
 46         depends on CRYPTO_FIPS                     46         depends on CRYPTO_FIPS
 47         default n                                  47         default n
 48                                                    48 
 49 config CRYPTO_FIPS_VERSION                         49 config CRYPTO_FIPS_VERSION
 50         string "FIPS Module Version"               50         string "FIPS Module Version"
 51         default "(none)"                           51         default "(none)"
 52         depends on CRYPTO_FIPS_CUSTOM_VERSION      52         depends on CRYPTO_FIPS_CUSTOM_VERSION
 53         help                                       53         help
 54           This option provides the ability to      54           This option provides the ability to override the FIPS Module Version.
 55           By default the KERNELRELEASE value i     55           By default the KERNELRELEASE value is used.
 56                                                    56 
 57 config CRYPTO_ALGAPI                               57 config CRYPTO_ALGAPI
 58         tristate                                   58         tristate
 59         select CRYPTO_ALGAPI2                      59         select CRYPTO_ALGAPI2
 60         help                                       60         help
 61           This option provides the API for cry     61           This option provides the API for cryptographic algorithms.
 62                                                    62 
 63 config CRYPTO_ALGAPI2                              63 config CRYPTO_ALGAPI2
 64         tristate                                   64         tristate
 65                                                    65 
 66 config CRYPTO_AEAD                                 66 config CRYPTO_AEAD
 67         tristate                                   67         tristate
 68         select CRYPTO_AEAD2                        68         select CRYPTO_AEAD2
 69         select CRYPTO_ALGAPI                       69         select CRYPTO_ALGAPI
 70                                                    70 
 71 config CRYPTO_AEAD2                                71 config CRYPTO_AEAD2
 72         tristate                                   72         tristate
 73         select CRYPTO_ALGAPI2                      73         select CRYPTO_ALGAPI2
 74                                                    74 
 75 config CRYPTO_SIG                                  75 config CRYPTO_SIG
 76         tristate                                   76         tristate
 77         select CRYPTO_SIG2                         77         select CRYPTO_SIG2
 78         select CRYPTO_ALGAPI                       78         select CRYPTO_ALGAPI
 79                                                    79 
 80 config CRYPTO_SIG2                                 80 config CRYPTO_SIG2
 81         tristate                                   81         tristate
 82         select CRYPTO_ALGAPI2                      82         select CRYPTO_ALGAPI2
 83                                                    83 
 84 config CRYPTO_SKCIPHER                             84 config CRYPTO_SKCIPHER
 85         tristate                                   85         tristate
 86         select CRYPTO_SKCIPHER2                    86         select CRYPTO_SKCIPHER2
 87         select CRYPTO_ALGAPI                       87         select CRYPTO_ALGAPI
 88         select CRYPTO_ECB                          88         select CRYPTO_ECB
 89                                                    89 
 90 config CRYPTO_SKCIPHER2                            90 config CRYPTO_SKCIPHER2
 91         tristate                                   91         tristate
 92         select CRYPTO_ALGAPI2                      92         select CRYPTO_ALGAPI2
 93                                                    93 
 94 config CRYPTO_HASH                                 94 config CRYPTO_HASH
 95         tristate                                   95         tristate
 96         select CRYPTO_HASH2                        96         select CRYPTO_HASH2
 97         select CRYPTO_ALGAPI                       97         select CRYPTO_ALGAPI
 98                                                    98 
 99 config CRYPTO_HASH2                                99 config CRYPTO_HASH2
100         tristate                                  100         tristate
101         select CRYPTO_ALGAPI2                     101         select CRYPTO_ALGAPI2
102                                                   102 
103 config CRYPTO_RNG                                 103 config CRYPTO_RNG
104         tristate                                  104         tristate
105         select CRYPTO_RNG2                        105         select CRYPTO_RNG2
106         select CRYPTO_ALGAPI                      106         select CRYPTO_ALGAPI
107                                                   107 
108 config CRYPTO_RNG2                                108 config CRYPTO_RNG2
109         tristate                                  109         tristate
110         select CRYPTO_ALGAPI2                     110         select CRYPTO_ALGAPI2
111                                                   111 
112 config CRYPTO_RNG_DEFAULT                         112 config CRYPTO_RNG_DEFAULT
113         tristate                                  113         tristate
114         select CRYPTO_DRBG_MENU                   114         select CRYPTO_DRBG_MENU
115                                                   115 
116 config CRYPTO_AKCIPHER2                           116 config CRYPTO_AKCIPHER2
117         tristate                                  117         tristate
118         select CRYPTO_ALGAPI2                     118         select CRYPTO_ALGAPI2
119                                                   119 
120 config CRYPTO_AKCIPHER                            120 config CRYPTO_AKCIPHER
121         tristate                                  121         tristate
122         select CRYPTO_AKCIPHER2                   122         select CRYPTO_AKCIPHER2
123         select CRYPTO_ALGAPI                      123         select CRYPTO_ALGAPI
124                                                   124 
125 config CRYPTO_KPP2                                125 config CRYPTO_KPP2
126         tristate                                  126         tristate
127         select CRYPTO_ALGAPI2                     127         select CRYPTO_ALGAPI2
128                                                   128 
129 config CRYPTO_KPP                                 129 config CRYPTO_KPP
130         tristate                                  130         tristate
131         select CRYPTO_ALGAPI                      131         select CRYPTO_ALGAPI
132         select CRYPTO_KPP2                        132         select CRYPTO_KPP2
133                                                   133 
134 config CRYPTO_ACOMP2                              134 config CRYPTO_ACOMP2
135         tristate                                  135         tristate
136         select CRYPTO_ALGAPI2                     136         select CRYPTO_ALGAPI2
137         select SGL_ALLOC                          137         select SGL_ALLOC
138                                                   138 
139 config CRYPTO_ACOMP                               139 config CRYPTO_ACOMP
140         tristate                                  140         tristate
141         select CRYPTO_ALGAPI                      141         select CRYPTO_ALGAPI
142         select CRYPTO_ACOMP2                      142         select CRYPTO_ACOMP2
143                                                   143 
144 config CRYPTO_MANAGER                             144 config CRYPTO_MANAGER
145         tristate "Cryptographic algorithm mana    145         tristate "Cryptographic algorithm manager"
146         select CRYPTO_MANAGER2                    146         select CRYPTO_MANAGER2
147         help                                      147         help
148           Create default cryptographic templat    148           Create default cryptographic template instantiations such as
149           cbc(aes).                               149           cbc(aes).
150                                                   150 
151 config CRYPTO_MANAGER2                            151 config CRYPTO_MANAGER2
152         def_tristate CRYPTO_MANAGER || (CRYPTO    152         def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153         select CRYPTO_ACOMP2                      153         select CRYPTO_ACOMP2
154         select CRYPTO_AEAD2                       154         select CRYPTO_AEAD2
155         select CRYPTO_AKCIPHER2                   155         select CRYPTO_AKCIPHER2
156         select CRYPTO_SIG2                        156         select CRYPTO_SIG2
157         select CRYPTO_HASH2                       157         select CRYPTO_HASH2
158         select CRYPTO_KPP2                        158         select CRYPTO_KPP2
159         select CRYPTO_RNG2                        159         select CRYPTO_RNG2
160         select CRYPTO_SKCIPHER2                   160         select CRYPTO_SKCIPHER2
161                                                   161 
162 config CRYPTO_USER                                162 config CRYPTO_USER
163         tristate "Userspace cryptographic algo    163         tristate "Userspace cryptographic algorithm configuration"
164         depends on NET                            164         depends on NET
165         select CRYPTO_MANAGER                     165         select CRYPTO_MANAGER
166         help                                      166         help
167           Userspace configuration for cryptogr    167           Userspace configuration for cryptographic instantiations such as
168           cbc(aes).                               168           cbc(aes).
169                                                   169 
170 config CRYPTO_MANAGER_DISABLE_TESTS               170 config CRYPTO_MANAGER_DISABLE_TESTS
171         bool "Disable run-time self tests"        171         bool "Disable run-time self tests"
172         default y                                 172         default y
173         help                                      173         help
174           Disable run-time self tests that nor    174           Disable run-time self tests that normally take place at
175           algorithm registration.                 175           algorithm registration.
176                                                   176 
177 config CRYPTO_MANAGER_EXTRA_TESTS                 177 config CRYPTO_MANAGER_EXTRA_TESTS
178         bool "Enable extra run-time crypto sel    178         bool "Enable extra run-time crypto self tests"
179         depends on DEBUG_KERNEL && !CRYPTO_MAN    179         depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
180         help                                      180         help
181           Enable extra run-time self tests of     181           Enable extra run-time self tests of registered crypto algorithms,
182           including randomized fuzz tests.        182           including randomized fuzz tests.
183                                                   183 
184           This is intended for developer use o    184           This is intended for developer use only, as these tests take much
185           longer to run than the normal self t    185           longer to run than the normal self tests.
186                                                   186 
187 config CRYPTO_NULL                                187 config CRYPTO_NULL
188         tristate "Null algorithms"                188         tristate "Null algorithms"
189         select CRYPTO_NULL2                       189         select CRYPTO_NULL2
190         help                                      190         help
191           These are 'Null' algorithms, used by    191           These are 'Null' algorithms, used by IPsec, which do nothing.
192                                                   192 
193 config CRYPTO_NULL2                               193 config CRYPTO_NULL2
194         tristate                                  194         tristate
195         select CRYPTO_ALGAPI2                     195         select CRYPTO_ALGAPI2
196         select CRYPTO_SKCIPHER2                   196         select CRYPTO_SKCIPHER2
197         select CRYPTO_HASH2                       197         select CRYPTO_HASH2
198                                                   198 
199 config CRYPTO_PCRYPT                              199 config CRYPTO_PCRYPT
200         tristate "Parallel crypto engine"         200         tristate "Parallel crypto engine"
201         depends on SMP                            201         depends on SMP
202         select PADATA                             202         select PADATA
203         select CRYPTO_MANAGER                     203         select CRYPTO_MANAGER
204         select CRYPTO_AEAD                        204         select CRYPTO_AEAD
205         help                                      205         help
206           This converts an arbitrary crypto al    206           This converts an arbitrary crypto algorithm into a parallel
207           algorithm that executes in kernel th    207           algorithm that executes in kernel threads.
208                                                   208 
209 config CRYPTO_CRYPTD                              209 config CRYPTO_CRYPTD
210         tristate "Software async crypto daemon    210         tristate "Software async crypto daemon"
211         select CRYPTO_SKCIPHER                    211         select CRYPTO_SKCIPHER
212         select CRYPTO_HASH                        212         select CRYPTO_HASH
213         select CRYPTO_MANAGER                     213         select CRYPTO_MANAGER
214         help                                      214         help
215           This is a generic software asynchron    215           This is a generic software asynchronous crypto daemon that
216           converts an arbitrary synchronous so    216           converts an arbitrary synchronous software crypto algorithm
217           into an asynchronous algorithm that     217           into an asynchronous algorithm that executes in a kernel thread.
218                                                   218 
219 config CRYPTO_AUTHENC                             219 config CRYPTO_AUTHENC
220         tristate "Authenc support"                220         tristate "Authenc support"
221         select CRYPTO_AEAD                        221         select CRYPTO_AEAD
222         select CRYPTO_SKCIPHER                    222         select CRYPTO_SKCIPHER
223         select CRYPTO_MANAGER                     223         select CRYPTO_MANAGER
224         select CRYPTO_HASH                        224         select CRYPTO_HASH
225         select CRYPTO_NULL                        225         select CRYPTO_NULL
226         help                                      226         help
227           Authenc: Combined mode wrapper for I    227           Authenc: Combined mode wrapper for IPsec.
228                                                   228 
229           This is required for IPSec ESP (XFRM    229           This is required for IPSec ESP (XFRM_ESP).
230                                                   230 
231 config CRYPTO_TEST                                231 config CRYPTO_TEST
232         tristate "Testing module"                 232         tristate "Testing module"
233         depends on m || EXPERT                    233         depends on m || EXPERT
234         select CRYPTO_MANAGER                     234         select CRYPTO_MANAGER
235         help                                      235         help
236           Quick & dirty crypto test module.       236           Quick & dirty crypto test module.
237                                                   237 
238 config CRYPTO_SIMD                                238 config CRYPTO_SIMD
239         tristate                                  239         tristate
240         select CRYPTO_CRYPTD                      240         select CRYPTO_CRYPTD
241                                                   241 
242 config CRYPTO_ENGINE                              242 config CRYPTO_ENGINE
243         tristate                                  243         tristate
244                                                   244 
245 endmenu                                           245 endmenu
246                                                   246 
247 menu "Public-key cryptography"                    247 menu "Public-key cryptography"
248                                                   248 
249 config CRYPTO_RSA                                 249 config CRYPTO_RSA
250         tristate "RSA (Rivest-Shamir-Adleman)"    250         tristate "RSA (Rivest-Shamir-Adleman)"
251         select CRYPTO_AKCIPHER                    251         select CRYPTO_AKCIPHER
252         select CRYPTO_MANAGER                     252         select CRYPTO_MANAGER
253         select MPILIB                             253         select MPILIB
254         select ASN1                               254         select ASN1
255         help                                      255         help
256           RSA (Rivest-Shamir-Adleman) public k    256           RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017)
257                                                   257 
258 config CRYPTO_DH                                  258 config CRYPTO_DH
259         tristate "DH (Diffie-Hellman)"            259         tristate "DH (Diffie-Hellman)"
260         select CRYPTO_KPP                         260         select CRYPTO_KPP
261         select MPILIB                             261         select MPILIB
262         help                                      262         help
263           DH (Diffie-Hellman) key exchange alg    263           DH (Diffie-Hellman) key exchange algorithm
264                                                   264 
265 config CRYPTO_DH_RFC7919_GROUPS                   265 config CRYPTO_DH_RFC7919_GROUPS
266         bool "RFC 7919 FFDHE groups"              266         bool "RFC 7919 FFDHE groups"
267         depends on CRYPTO_DH                      267         depends on CRYPTO_DH
268         select CRYPTO_RNG_DEFAULT                 268         select CRYPTO_RNG_DEFAULT
269         help                                      269         help
270           FFDHE (Finite-Field-based Diffie-Hel    270           FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups
271           defined in RFC7919.                     271           defined in RFC7919.
272                                                   272 
273           Support these finite-field groups in    273           Support these finite-field groups in DH key exchanges:
274           - ffdhe2048, ffdhe3072, ffdhe4096, f    274           - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
275                                                   275 
276           If unsure, say N.                       276           If unsure, say N.
277                                                   277 
278 config CRYPTO_ECC                                 278 config CRYPTO_ECC
279         tristate                                  279         tristate
280         select CRYPTO_RNG_DEFAULT                 280         select CRYPTO_RNG_DEFAULT
281                                                   281 
282 config CRYPTO_ECDH                                282 config CRYPTO_ECDH
283         tristate "ECDH (Elliptic Curve Diffie-    283         tristate "ECDH (Elliptic Curve Diffie-Hellman)"
284         select CRYPTO_ECC                         284         select CRYPTO_ECC
285         select CRYPTO_KPP                         285         select CRYPTO_KPP
286         help                                      286         help
287           ECDH (Elliptic Curve Diffie-Hellman)    287           ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm
288           using curves P-192, P-256, and P-384    288           using curves P-192, P-256, and P-384 (FIPS 186)
289                                                   289 
290 config CRYPTO_ECDSA                               290 config CRYPTO_ECDSA
291         tristate "ECDSA (Elliptic Curve Digita    291         tristate "ECDSA (Elliptic Curve Digital Signature Algorithm)"
292         select CRYPTO_ECC                         292         select CRYPTO_ECC
293         select CRYPTO_AKCIPHER                    293         select CRYPTO_AKCIPHER
294         select ASN1                               294         select ASN1
295         help                                      295         help
296           ECDSA (Elliptic Curve Digital Signat    296           ECDSA (Elliptic Curve Digital Signature Algorithm) (FIPS 186,
297           ISO/IEC 14888-3)                        297           ISO/IEC 14888-3)
298           using curves P-192, P-256, and P-384    298           using curves P-192, P-256, and P-384
299                                                   299 
300           Only signature verification is imple    300           Only signature verification is implemented.
301                                                   301 
302 config CRYPTO_ECRDSA                              302 config CRYPTO_ECRDSA
303         tristate "EC-RDSA (Elliptic Curve Russ    303         tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)"
304         select CRYPTO_ECC                         304         select CRYPTO_ECC
305         select CRYPTO_AKCIPHER                    305         select CRYPTO_AKCIPHER
306         select CRYPTO_STREEBOG                    306         select CRYPTO_STREEBOG
307         select OID_REGISTRY                       307         select OID_REGISTRY
308         select ASN1                               308         select ASN1
309         help                                      309         help
310           Elliptic Curve Russian Digital Signa    310           Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
311           RFC 7091, ISO/IEC 14888-3)              311           RFC 7091, ISO/IEC 14888-3)
312                                                   312 
313           One of the Russian cryptographic sta    313           One of the Russian cryptographic standard algorithms (called GOST
314           algorithms). Only signature verifica    314           algorithms). Only signature verification is implemented.
315                                                   315 
316 config CRYPTO_CURVE25519                          316 config CRYPTO_CURVE25519
317         tristate "Curve25519"                     317         tristate "Curve25519"
318         select CRYPTO_KPP                         318         select CRYPTO_KPP
319         select CRYPTO_LIB_CURVE25519_GENERIC      319         select CRYPTO_LIB_CURVE25519_GENERIC
320         help                                      320         help
321           Curve25519 elliptic curve (RFC7748)     321           Curve25519 elliptic curve (RFC7748)
322                                                   322 
323 endmenu                                           323 endmenu
324                                                   324 
325 menu "Block ciphers"                              325 menu "Block ciphers"
326                                                   326 
327 config CRYPTO_AES                                 327 config CRYPTO_AES
328         tristate "AES (Advanced Encryption Sta    328         tristate "AES (Advanced Encryption Standard)"
329         select CRYPTO_ALGAPI                      329         select CRYPTO_ALGAPI
330         select CRYPTO_LIB_AES                     330         select CRYPTO_LIB_AES
331         help                                      331         help
332           AES cipher algorithms (Rijndael)(FIP    332           AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
333                                                   333 
334           Rijndael appears to be consistently     334           Rijndael appears to be consistently a very good performer in
335           both hardware and software across a     335           both hardware and software across a wide range of computing
336           environments regardless of its use i    336           environments regardless of its use in feedback or non-feedback
337           modes. Its key setup time is excelle    337           modes. Its key setup time is excellent, and its key agility is
338           good. Rijndael's very low memory req    338           good. Rijndael's very low memory requirements make it very well
339           suited for restricted-space environm    339           suited for restricted-space environments, in which it also
340           demonstrates excellent performance.     340           demonstrates excellent performance. Rijndael's operations are
341           among the easiest to defend against     341           among the easiest to defend against power and timing attacks.
342                                                   342 
343           The AES specifies three key sizes: 1    343           The AES specifies three key sizes: 128, 192 and 256 bits
344                                                   344 
345 config CRYPTO_AES_TI                              345 config CRYPTO_AES_TI
346         tristate "AES (Advanced Encryption Sta    346         tristate "AES (Advanced Encryption Standard) (fixed time)"
347         select CRYPTO_ALGAPI                      347         select CRYPTO_ALGAPI
348         select CRYPTO_LIB_AES                     348         select CRYPTO_LIB_AES
349         help                                      349         help
350           AES cipher algorithms (Rijndael)(FIP    350           AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
351                                                   351 
352           This is a generic implementation of     352           This is a generic implementation of AES that attempts to eliminate
353           data dependent latencies as much as     353           data dependent latencies as much as possible without affecting
354           performance too much. It is intended    354           performance too much. It is intended for use by the generic CCM
355           and GCM drivers, and other CTR or CM    355           and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
356           solely on encryption (although decry    356           solely on encryption (although decryption is supported as well, but
357           with a more dramatic performance hit    357           with a more dramatic performance hit)
358                                                   358 
359           Instead of using 16 lookup tables of    359           Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
360           8 for decryption), this implementati    360           8 for decryption), this implementation only uses just two S-boxes of
361           256 bytes each, and attempts to elim    361           256 bytes each, and attempts to eliminate data dependent latencies by
362           prefetching the entire table into th    362           prefetching the entire table into the cache at the start of each
363           block. Interrupts are also disabled     363           block. Interrupts are also disabled to avoid races where cachelines
364           are evicted when the CPU is interrup    364           are evicted when the CPU is interrupted to do something else.
365                                                   365 
366 config CRYPTO_ANUBIS                              366 config CRYPTO_ANUBIS
367         tristate "Anubis"                         367         tristate "Anubis"
368         depends on CRYPTO_USER_API_ENABLE_OBSO    368         depends on CRYPTO_USER_API_ENABLE_OBSOLETE
369         select CRYPTO_ALGAPI                      369         select CRYPTO_ALGAPI
370         help                                      370         help
371           Anubis cipher algorithm                 371           Anubis cipher algorithm
372                                                   372 
373           Anubis is a variable key length ciph    373           Anubis is a variable key length cipher which can use keys from
374           128 bits to 320 bits in length.  It     374           128 bits to 320 bits in length.  It was evaluated as a entrant
375           in the NESSIE competition.              375           in the NESSIE competition.
376                                                   376 
377           See https://web.archive.org/web/2016    377           See https://web.archive.org/web/20160606112246/http://www.larc.usp.br/~pbarreto/AnubisPage.html
378           for further information.                378           for further information.
379                                                   379 
380 config CRYPTO_ARIA                                380 config CRYPTO_ARIA
381         tristate "ARIA"                           381         tristate "ARIA"
382         select CRYPTO_ALGAPI                      382         select CRYPTO_ALGAPI
383         help                                      383         help
384           ARIA cipher algorithm (RFC5794)         384           ARIA cipher algorithm (RFC5794)
385                                                   385 
386           ARIA is a standard encryption algori    386           ARIA is a standard encryption algorithm of the Republic of Korea.
387           The ARIA specifies three key sizes a    387           The ARIA specifies three key sizes and rounds.
388           128-bit: 12 rounds.                     388           128-bit: 12 rounds.
389           192-bit: 14 rounds.                     389           192-bit: 14 rounds.
390           256-bit: 16 rounds.                     390           256-bit: 16 rounds.
391                                                   391 
392           See:                                    392           See:
393           https://seed.kisa.or.kr/kisa/algorit    393           https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do
394                                                   394 
395 config CRYPTO_BLOWFISH                            395 config CRYPTO_BLOWFISH
396         tristate "Blowfish"                       396         tristate "Blowfish"
397         select CRYPTO_ALGAPI                      397         select CRYPTO_ALGAPI
398         select CRYPTO_BLOWFISH_COMMON             398         select CRYPTO_BLOWFISH_COMMON
399         help                                      399         help
400           Blowfish cipher algorithm, by Bruce     400           Blowfish cipher algorithm, by Bruce Schneier
401                                                   401 
402           This is a variable key length cipher    402           This is a variable key length cipher which can use keys from 32
403           bits to 448 bits in length.  It's fa    403           bits to 448 bits in length.  It's fast, simple and specifically
404           designed for use on "large microproc    404           designed for use on "large microprocessors".
405                                                   405 
406           See https://www.schneier.com/blowfis    406           See https://www.schneier.com/blowfish.html for further information.
407                                                   407 
408 config CRYPTO_BLOWFISH_COMMON                     408 config CRYPTO_BLOWFISH_COMMON
409         tristate                                  409         tristate
410         help                                      410         help
411           Common parts of the Blowfish cipher     411           Common parts of the Blowfish cipher algorithm shared by the
412           generic c and the assembler implemen    412           generic c and the assembler implementations.
413                                                   413 
414 config CRYPTO_CAMELLIA                            414 config CRYPTO_CAMELLIA
415         tristate "Camellia"                       415         tristate "Camellia"
416         select CRYPTO_ALGAPI                      416         select CRYPTO_ALGAPI
417         help                                      417         help
418           Camellia cipher algorithms (ISO/IEC     418           Camellia cipher algorithms (ISO/IEC 18033-3)
419                                                   419 
420           Camellia is a symmetric key block ci    420           Camellia is a symmetric key block cipher developed jointly
421           at NTT and Mitsubishi Electric Corpo    421           at NTT and Mitsubishi Electric Corporation.
422                                                   422 
423           The Camellia specifies three key siz    423           The Camellia specifies three key sizes: 128, 192 and 256 bits.
424                                                   424 
425           See https://info.isl.ntt.co.jp/crypt    425           See https://info.isl.ntt.co.jp/crypt/eng/camellia/ for further information.
426                                                   426 
427 config CRYPTO_CAST_COMMON                         427 config CRYPTO_CAST_COMMON
428         tristate                                  428         tristate
429         help                                      429         help
430           Common parts of the CAST cipher algo    430           Common parts of the CAST cipher algorithms shared by the
431           generic c and the assembler implemen    431           generic c and the assembler implementations.
432                                                   432 
433 config CRYPTO_CAST5                               433 config CRYPTO_CAST5
434         tristate "CAST5 (CAST-128)"               434         tristate "CAST5 (CAST-128)"
435         select CRYPTO_ALGAPI                      435         select CRYPTO_ALGAPI
436         select CRYPTO_CAST_COMMON                 436         select CRYPTO_CAST_COMMON
437         help                                      437         help
438           CAST5 (CAST-128) cipher algorithm (R    438           CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3)
439                                                   439 
440 config CRYPTO_CAST6                               440 config CRYPTO_CAST6
441         tristate "CAST6 (CAST-256)"               441         tristate "CAST6 (CAST-256)"
442         select CRYPTO_ALGAPI                      442         select CRYPTO_ALGAPI
443         select CRYPTO_CAST_COMMON                 443         select CRYPTO_CAST_COMMON
444         help                                      444         help
445           CAST6 (CAST-256) encryption algorith    445           CAST6 (CAST-256) encryption algorithm (RFC2612)
446                                                   446 
447 config CRYPTO_DES                                 447 config CRYPTO_DES
448         tristate "DES and Triple DES EDE"         448         tristate "DES and Triple DES EDE"
449         select CRYPTO_ALGAPI                      449         select CRYPTO_ALGAPI
450         select CRYPTO_LIB_DES                     450         select CRYPTO_LIB_DES
451         help                                      451         help
452           DES (Data Encryption Standard)(FIPS     452           DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and
453           Triple DES EDE (Encrypt/Decrypt/Encr    453           Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3)
454           cipher algorithms                       454           cipher algorithms
455                                                   455 
456 config CRYPTO_FCRYPT                              456 config CRYPTO_FCRYPT
457         tristate "FCrypt"                         457         tristate "FCrypt"
458         select CRYPTO_ALGAPI                      458         select CRYPTO_ALGAPI
459         select CRYPTO_SKCIPHER                    459         select CRYPTO_SKCIPHER
460         help                                      460         help
461           FCrypt algorithm used by RxRPC          461           FCrypt algorithm used by RxRPC
462                                                   462 
463           See https://ota.polyonymo.us/fcrypt-    463           See https://ota.polyonymo.us/fcrypt-paper.txt
464                                                   464 
465 config CRYPTO_KHAZAD                              465 config CRYPTO_KHAZAD
466         tristate "Khazad"                         466         tristate "Khazad"
467         depends on CRYPTO_USER_API_ENABLE_OBSO    467         depends on CRYPTO_USER_API_ENABLE_OBSOLETE
468         select CRYPTO_ALGAPI                      468         select CRYPTO_ALGAPI
469         help                                      469         help
470           Khazad cipher algorithm                 470           Khazad cipher algorithm
471                                                   471 
472           Khazad was a finalist in the initial    472           Khazad was a finalist in the initial NESSIE competition.  It is
473           an algorithm optimized for 64-bit pr    473           an algorithm optimized for 64-bit processors with good performance
474           on 32-bit processors.  Khazad uses a    474           on 32-bit processors.  Khazad uses an 128 bit key size.
475                                                   475 
476           See https://web.archive.org/web/2017    476           See https://web.archive.org/web/20171011071731/http://www.larc.usp.br/~pbarreto/KhazadPage.html
477           for further information.                477           for further information.
478                                                   478 
479 config CRYPTO_SEED                                479 config CRYPTO_SEED
480         tristate "SEED"                           480         tristate "SEED"
481         depends on CRYPTO_USER_API_ENABLE_OBSO    481         depends on CRYPTO_USER_API_ENABLE_OBSOLETE
482         select CRYPTO_ALGAPI                      482         select CRYPTO_ALGAPI
483         help                                      483         help
484           SEED cipher algorithm (RFC4269, ISO/    484           SEED cipher algorithm (RFC4269, ISO/IEC 18033-3)
485                                                   485 
486           SEED is a 128-bit symmetric key bloc    486           SEED is a 128-bit symmetric key block cipher that has been
487           developed by KISA (Korea Information    487           developed by KISA (Korea Information Security Agency) as a
488           national standard encryption algorit    488           national standard encryption algorithm of the Republic of Korea.
489           It is a 16 round block cipher with t    489           It is a 16 round block cipher with the key size of 128 bit.
490                                                   490 
491           See https://seed.kisa.or.kr/kisa/alg    491           See https://seed.kisa.or.kr/kisa/algorithm/EgovSeedInfo.do
492           for further information.                492           for further information.
493                                                   493 
494 config CRYPTO_SERPENT                             494 config CRYPTO_SERPENT
495         tristate "Serpent"                        495         tristate "Serpent"
496         select CRYPTO_ALGAPI                      496         select CRYPTO_ALGAPI
497         help                                      497         help
498           Serpent cipher algorithm, by Anderso    498           Serpent cipher algorithm, by Anderson, Biham & Knudsen
499                                                   499 
500           Keys are allowed to be from 0 to 256    500           Keys are allowed to be from 0 to 256 bits in length, in steps
501           of 8 bits.                              501           of 8 bits.
502                                                   502 
503           See https://www.cl.cam.ac.uk/~rja14/    503           See https://www.cl.cam.ac.uk/~rja14/serpent.html for further information.
504                                                   504 
505 config CRYPTO_SM4                                 505 config CRYPTO_SM4
506         tristate                                  506         tristate
507                                                   507 
508 config CRYPTO_SM4_GENERIC                         508 config CRYPTO_SM4_GENERIC
509         tristate "SM4 (ShangMi 4)"                509         tristate "SM4 (ShangMi 4)"
510         select CRYPTO_ALGAPI                      510         select CRYPTO_ALGAPI
511         select CRYPTO_SM4                         511         select CRYPTO_SM4
512         help                                      512         help
513           SM4 cipher algorithms (OSCCA GB/T 32    513           SM4 cipher algorithms (OSCCA GB/T 32907-2016,
514           ISO/IEC 18033-3:2010/Amd 1:2021)        514           ISO/IEC 18033-3:2010/Amd 1:2021)
515                                                   515 
516           SM4 (GBT.32907-2016) is a cryptograp    516           SM4 (GBT.32907-2016) is a cryptographic standard issued by the
517           Organization of State Commercial Adm    517           Organization of State Commercial Administration of China (OSCCA)
518           as an authorized cryptographic algor    518           as an authorized cryptographic algorithms for the use within China.
519                                                   519 
520           SMS4 was originally created for use     520           SMS4 was originally created for use in protecting wireless
521           networks, and is mandated in the Chi    521           networks, and is mandated in the Chinese National Standard for
522           Wireless LAN WAPI (Wired Authenticat    522           Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
523           (GB.15629.11-2003).                     523           (GB.15629.11-2003).
524                                                   524 
525           The latest SM4 standard (GBT.32907-2    525           The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
526           standardized through TC 260 of the S    526           standardized through TC 260 of the Standardization Administration
527           of the People's Republic of China (S    527           of the People's Republic of China (SAC).
528                                                   528 
529           The input, output, and key of SMS4 a    529           The input, output, and key of SMS4 are each 128 bits.
530                                                   530 
531           See https://eprint.iacr.org/2008/329    531           See https://eprint.iacr.org/2008/329.pdf for further information.
532                                                   532 
533           If unsure, say N.                       533           If unsure, say N.
534                                                   534 
535 config CRYPTO_TEA                                 535 config CRYPTO_TEA
536         tristate "TEA, XTEA and XETA"             536         tristate "TEA, XTEA and XETA"
537         depends on CRYPTO_USER_API_ENABLE_OBSO    537         depends on CRYPTO_USER_API_ENABLE_OBSOLETE
538         select CRYPTO_ALGAPI                      538         select CRYPTO_ALGAPI
539         help                                      539         help
540           TEA (Tiny Encryption Algorithm) ciph    540           TEA (Tiny Encryption Algorithm) cipher algorithms
541                                                   541 
542           Tiny Encryption Algorithm is a simpl    542           Tiny Encryption Algorithm is a simple cipher that uses
543           many rounds for security.  It is ver    543           many rounds for security.  It is very fast and uses
544           little memory.                          544           little memory.
545                                                   545 
546           Xtendend Tiny Encryption Algorithm i    546           Xtendend Tiny Encryption Algorithm is a modification to
547           the TEA algorithm to address a poten    547           the TEA algorithm to address a potential key weakness
548           in the TEA algorithm.                   548           in the TEA algorithm.
549                                                   549 
550           Xtendend Encryption Tiny Algorithm i    550           Xtendend Encryption Tiny Algorithm is a mis-implementation
551           of the XTEA algorithm for compatibil    551           of the XTEA algorithm for compatibility purposes.
552                                                   552 
553 config CRYPTO_TWOFISH                             553 config CRYPTO_TWOFISH
554         tristate "Twofish"                        554         tristate "Twofish"
555         select CRYPTO_ALGAPI                      555         select CRYPTO_ALGAPI
556         select CRYPTO_TWOFISH_COMMON              556         select CRYPTO_TWOFISH_COMMON
557         help                                      557         help
558           Twofish cipher algorithm                558           Twofish cipher algorithm
559                                                   559 
560           Twofish was submitted as an AES (Adv    560           Twofish was submitted as an AES (Advanced Encryption Standard)
561           candidate cipher by researchers at C    561           candidate cipher by researchers at CounterPane Systems.  It is a
562           16 round block cipher supporting key    562           16 round block cipher supporting key sizes of 128, 192, and 256
563           bits.                                   563           bits.
564                                                   564 
565           See https://www.schneier.com/twofish    565           See https://www.schneier.com/twofish.html for further information.
566                                                   566 
567 config CRYPTO_TWOFISH_COMMON                      567 config CRYPTO_TWOFISH_COMMON
568         tristate                                  568         tristate
569         help                                      569         help
570           Common parts of the Twofish cipher a    570           Common parts of the Twofish cipher algorithm shared by the
571           generic c and the assembler implemen    571           generic c and the assembler implementations.
572                                                   572 
573 endmenu                                           573 endmenu
574                                                   574 
575 menu "Length-preserving ciphers and modes"        575 menu "Length-preserving ciphers and modes"
576                                                   576 
577 config CRYPTO_ADIANTUM                            577 config CRYPTO_ADIANTUM
578         tristate "Adiantum"                       578         tristate "Adiantum"
579         select CRYPTO_CHACHA20                    579         select CRYPTO_CHACHA20
580         select CRYPTO_LIB_POLY1305_GENERIC        580         select CRYPTO_LIB_POLY1305_GENERIC
581         select CRYPTO_NHPOLY1305                  581         select CRYPTO_NHPOLY1305
582         select CRYPTO_MANAGER                     582         select CRYPTO_MANAGER
583         help                                      583         help
584           Adiantum tweakable, length-preservin    584           Adiantum tweakable, length-preserving encryption mode
585                                                   585 
586           Designed for fast and secure disk en    586           Designed for fast and secure disk encryption, especially on
587           CPUs without dedicated crypto instru    587           CPUs without dedicated crypto instructions.  It encrypts
588           each sector using the XChaCha12 stre    588           each sector using the XChaCha12 stream cipher, two passes of
589           an ε-almost-∆-universal hash func    589           an ε-almost-∆-universal hash function, and an invocation of
590           the AES-256 block cipher on a single    590           the AES-256 block cipher on a single 16-byte block.  On CPUs
591           without AES instructions, Adiantum i    591           without AES instructions, Adiantum is much faster than
592           AES-XTS.                                592           AES-XTS.
593                                                   593 
594           Adiantum's security is provably redu    594           Adiantum's security is provably reducible to that of its
595           underlying stream and block ciphers,    595           underlying stream and block ciphers, subject to a security
596           bound.  Unlike XTS, Adiantum is a tr    596           bound.  Unlike XTS, Adiantum is a true wide-block encryption
597           mode, so it actually provides an eve    597           mode, so it actually provides an even stronger notion of
598           security than XTS, subject to the se    598           security than XTS, subject to the security bound.
599                                                   599 
600           If unsure, say N.                       600           If unsure, say N.
601                                                   601 
602 config CRYPTO_ARC4                                602 config CRYPTO_ARC4
603         tristate "ARC4 (Alleged Rivest Cipher     603         tristate "ARC4 (Alleged Rivest Cipher 4)"
604         depends on CRYPTO_USER_API_ENABLE_OBSO    604         depends on CRYPTO_USER_API_ENABLE_OBSOLETE
605         select CRYPTO_SKCIPHER                    605         select CRYPTO_SKCIPHER
606         select CRYPTO_LIB_ARC4                    606         select CRYPTO_LIB_ARC4
607         help                                      607         help
608           ARC4 cipher algorithm                   608           ARC4 cipher algorithm
609                                                   609 
610           ARC4 is a stream cipher using keys r    610           ARC4 is a stream cipher using keys ranging from 8 bits to 2048
611           bits in length.  This algorithm is r    611           bits in length.  This algorithm is required for driver-based
612           WEP, but it should not be for other     612           WEP, but it should not be for other purposes because of the
613           weakness of the algorithm.              613           weakness of the algorithm.
614                                                   614 
615 config CRYPTO_CHACHA20                            615 config CRYPTO_CHACHA20
616         tristate "ChaCha"                         616         tristate "ChaCha"
617         select CRYPTO_LIB_CHACHA_GENERIC          617         select CRYPTO_LIB_CHACHA_GENERIC
618         select CRYPTO_SKCIPHER                    618         select CRYPTO_SKCIPHER
619         help                                      619         help
620           The ChaCha20, XChaCha20, and XChaCha    620           The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms
621                                                   621 
622           ChaCha20 is a 256-bit high-speed str    622           ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
623           Bernstein and further specified in R    623           Bernstein and further specified in RFC7539 for use in IETF protocols.
624           This is the portable C implementatio    624           This is the portable C implementation of ChaCha20.  See
625           https://cr.yp.to/chacha/chacha-20080    625           https://cr.yp.to/chacha/chacha-20080128.pdf for further information.
626                                                   626 
627           XChaCha20 is the application of the     627           XChaCha20 is the application of the XSalsa20 construction to ChaCha20
628           rather than to Salsa20.  XChaCha20 e    628           rather than to Salsa20.  XChaCha20 extends ChaCha20's nonce length
629           from 64 bits (or 96 bits using the R    629           from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
630           while provably retaining ChaCha20's     630           while provably retaining ChaCha20's security.  See
631           https://cr.yp.to/snuffle/xsalsa-2008    631           https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information.
632                                                   632 
633           XChaCha12 is XChaCha20 reduced to 12    633           XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
634           reduced security margin but increase    634           reduced security margin but increased performance.  It can be needed
635           in some performance-sensitive scenar    635           in some performance-sensitive scenarios.
636                                                   636 
637 config CRYPTO_CBC                                 637 config CRYPTO_CBC
638         tristate "CBC (Cipher Block Chaining)"    638         tristate "CBC (Cipher Block Chaining)"
639         select CRYPTO_SKCIPHER                    639         select CRYPTO_SKCIPHER
640         select CRYPTO_MANAGER                     640         select CRYPTO_MANAGER
641         help                                      641         help
642           CBC (Cipher Block Chaining) mode (NI    642           CBC (Cipher Block Chaining) mode (NIST SP800-38A)
643                                                   643 
644           This block cipher mode is required f    644           This block cipher mode is required for IPSec ESP (XFRM_ESP).
645                                                   645 
646 config CRYPTO_CTR                                 646 config CRYPTO_CTR
647         tristate "CTR (Counter)"                  647         tristate "CTR (Counter)"
648         select CRYPTO_SKCIPHER                    648         select CRYPTO_SKCIPHER
649         select CRYPTO_MANAGER                     649         select CRYPTO_MANAGER
650         help                                      650         help
651           CTR (Counter) mode (NIST SP800-38A)     651           CTR (Counter) mode (NIST SP800-38A)
652                                                   652 
653 config CRYPTO_CTS                                 653 config CRYPTO_CTS
654         tristate "CTS (Cipher Text Stealing)"     654         tristate "CTS (Cipher Text Stealing)"
655         select CRYPTO_SKCIPHER                    655         select CRYPTO_SKCIPHER
656         select CRYPTO_MANAGER                     656         select CRYPTO_MANAGER
657         help                                      657         help
658           CBC-CS3 variant of CTS (Cipher Text     658           CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST
659           Addendum to SP800-38A (October 2010)    659           Addendum to SP800-38A (October 2010))
660                                                   660 
661           This mode is required for Kerberos g    661           This mode is required for Kerberos gss mechanism support
662           for AES encryption.                     662           for AES encryption.
663                                                   663 
664 config CRYPTO_ECB                                 664 config CRYPTO_ECB
665         tristate "ECB (Electronic Codebook)"      665         tristate "ECB (Electronic Codebook)"
666         select CRYPTO_SKCIPHER2                   666         select CRYPTO_SKCIPHER2
667         select CRYPTO_MANAGER                     667         select CRYPTO_MANAGER
668         help                                      668         help
669           ECB (Electronic Codebook) mode (NIST    669           ECB (Electronic Codebook) mode (NIST SP800-38A)
670                                                   670 
671 config CRYPTO_HCTR2                               671 config CRYPTO_HCTR2
672         tristate "HCTR2"                          672         tristate "HCTR2"
673         select CRYPTO_XCTR                        673         select CRYPTO_XCTR
674         select CRYPTO_POLYVAL                     674         select CRYPTO_POLYVAL
675         select CRYPTO_MANAGER                     675         select CRYPTO_MANAGER
676         help                                      676         help
677           HCTR2 length-preserving encryption m    677           HCTR2 length-preserving encryption mode
678                                                   678 
679           A mode for storage encryption that i    679           A mode for storage encryption that is efficient on processors with
680           instructions to accelerate AES and c    680           instructions to accelerate AES and carryless multiplication, e.g.
681           x86 processors with AES-NI and CLMUL    681           x86 processors with AES-NI and CLMUL, and ARM processors with the
682           ARMv8 crypto extensions.                682           ARMv8 crypto extensions.
683                                                   683 
684           See https://eprint.iacr.org/2021/144    684           See https://eprint.iacr.org/2021/1441
685                                                   685 
686 config CRYPTO_KEYWRAP                             686 config CRYPTO_KEYWRAP
687         tristate "KW (AES Key Wrap)"              687         tristate "KW (AES Key Wrap)"
688         select CRYPTO_SKCIPHER                    688         select CRYPTO_SKCIPHER
689         select CRYPTO_MANAGER                     689         select CRYPTO_MANAGER
690         help                                      690         help
691           KW (AES Key Wrap) authenticated encr    691           KW (AES Key Wrap) authenticated encryption mode (NIST SP800-38F
692           and RFC3394) without padding.           692           and RFC3394) without padding.
693                                                   693 
694 config CRYPTO_LRW                                 694 config CRYPTO_LRW
695         tristate "LRW (Liskov Rivest Wagner)"     695         tristate "LRW (Liskov Rivest Wagner)"
696         select CRYPTO_LIB_GF128MUL                696         select CRYPTO_LIB_GF128MUL
697         select CRYPTO_SKCIPHER                    697         select CRYPTO_SKCIPHER
698         select CRYPTO_MANAGER                     698         select CRYPTO_MANAGER
699         select CRYPTO_ECB                         699         select CRYPTO_ECB
700         help                                      700         help
701           LRW (Liskov Rivest Wagner) mode         701           LRW (Liskov Rivest Wagner) mode
702                                                   702 
703           A tweakable, non malleable, non mova    703           A tweakable, non malleable, non movable
704           narrow block cipher mode for dm-cryp    704           narrow block cipher mode for dm-crypt.  Use it with cipher
705           specification string aes-lrw-benbi,     705           specification string aes-lrw-benbi, the key must be 256, 320 or 384.
706           The first 128, 192 or 256 bits in th    706           The first 128, 192 or 256 bits in the key are used for AES and the
707           rest is used to tie each cipher bloc    707           rest is used to tie each cipher block to its logical position.
708                                                   708 
709           See https://people.csail.mit.edu/riv    709           See https://people.csail.mit.edu/rivest/pubs/LRW02.pdf
710                                                   710 
711 config CRYPTO_PCBC                                711 config CRYPTO_PCBC
712         tristate "PCBC (Propagating Cipher Blo    712         tristate "PCBC (Propagating Cipher Block Chaining)"
713         select CRYPTO_SKCIPHER                    713         select CRYPTO_SKCIPHER
714         select CRYPTO_MANAGER                     714         select CRYPTO_MANAGER
715         help                                      715         help
716           PCBC (Propagating Cipher Block Chain    716           PCBC (Propagating Cipher Block Chaining) mode
717                                                   717 
718           This block cipher mode is required f    718           This block cipher mode is required for RxRPC.
719                                                   719 
720 config CRYPTO_XCTR                                720 config CRYPTO_XCTR
721         tristate                                  721         tristate
722         select CRYPTO_SKCIPHER                    722         select CRYPTO_SKCIPHER
723         select CRYPTO_MANAGER                     723         select CRYPTO_MANAGER
724         help                                      724         help
725           XCTR (XOR Counter) mode for HCTR2       725           XCTR (XOR Counter) mode for HCTR2
726                                                   726 
727           This blockcipher mode is a variant o    727           This blockcipher mode is a variant of CTR mode using XORs and little-endian
728           addition rather than big-endian arit    728           addition rather than big-endian arithmetic.
729                                                   729 
730           XCTR mode is used to implement HCTR2    730           XCTR mode is used to implement HCTR2.
731                                                   731 
732 config CRYPTO_XTS                                 732 config CRYPTO_XTS
733         tristate "XTS (XOR Encrypt XOR with ci    733         tristate "XTS (XOR Encrypt XOR with ciphertext stealing)"
734         select CRYPTO_SKCIPHER                    734         select CRYPTO_SKCIPHER
735         select CRYPTO_MANAGER                     735         select CRYPTO_MANAGER
736         select CRYPTO_ECB                         736         select CRYPTO_ECB
737         help                                      737         help
738           XTS (XOR Encrypt XOR with ciphertext    738           XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
739           and IEEE 1619)                          739           and IEEE 1619)
740                                                   740 
741           Use with aes-xts-plain, key size 256    741           Use with aes-xts-plain, key size 256, 384 or 512 bits. This
742           implementation currently can't handl    742           implementation currently can't handle a sectorsize which is not a
743           multiple of 16 bytes.                   743           multiple of 16 bytes.
744                                                   744 
745 config CRYPTO_NHPOLY1305                          745 config CRYPTO_NHPOLY1305
746         tristate                                  746         tristate
747         select CRYPTO_HASH                        747         select CRYPTO_HASH
748         select CRYPTO_LIB_POLY1305_GENERIC        748         select CRYPTO_LIB_POLY1305_GENERIC
749                                                   749 
750 endmenu                                           750 endmenu
751                                                   751 
752 menu "AEAD (authenticated encryption with asso    752 menu "AEAD (authenticated encryption with associated data) ciphers"
753                                                   753 
754 config CRYPTO_AEGIS128                            754 config CRYPTO_AEGIS128
755         tristate "AEGIS-128"                      755         tristate "AEGIS-128"
756         select CRYPTO_AEAD                        756         select CRYPTO_AEAD
757         select CRYPTO_AES  # for AES S-box tab    757         select CRYPTO_AES  # for AES S-box tables
758         help                                      758         help
759           AEGIS-128 AEAD algorithm                759           AEGIS-128 AEAD algorithm
760                                                   760 
761 config CRYPTO_AEGIS128_SIMD                       761 config CRYPTO_AEGIS128_SIMD
762         bool "AEGIS-128 (arm NEON, arm64 NEON)    762         bool "AEGIS-128 (arm NEON, arm64 NEON)"
763         depends on CRYPTO_AEGIS128 && ((ARM ||    763         depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
764         default y                                 764         default y
765         help                                      765         help
766           AEGIS-128 AEAD algorithm                766           AEGIS-128 AEAD algorithm
767                                                   767 
768           Architecture: arm or arm64 using:       768           Architecture: arm or arm64 using:
769           - NEON (Advanced SIMD) extension        769           - NEON (Advanced SIMD) extension
770                                                   770 
771 config CRYPTO_CHACHA20POLY1305                    771 config CRYPTO_CHACHA20POLY1305
772         tristate "ChaCha20-Poly1305"              772         tristate "ChaCha20-Poly1305"
773         select CRYPTO_CHACHA20                    773         select CRYPTO_CHACHA20
774         select CRYPTO_POLY1305                    774         select CRYPTO_POLY1305
775         select CRYPTO_AEAD                        775         select CRYPTO_AEAD
776         select CRYPTO_MANAGER                     776         select CRYPTO_MANAGER
777         help                                      777         help
778           ChaCha20 stream cipher and Poly1305     778           ChaCha20 stream cipher and Poly1305 authenticator combined
779           mode (RFC8439)                          779           mode (RFC8439)
780                                                   780 
781 config CRYPTO_CCM                                 781 config CRYPTO_CCM
782         tristate "CCM (Counter with Cipher Blo    782         tristate "CCM (Counter with Cipher Block Chaining-MAC)"
783         select CRYPTO_CTR                         783         select CRYPTO_CTR
784         select CRYPTO_HASH                        784         select CRYPTO_HASH
785         select CRYPTO_AEAD                        785         select CRYPTO_AEAD
786         select CRYPTO_MANAGER                     786         select CRYPTO_MANAGER
787         help                                      787         help
788           CCM (Counter with Cipher Block Chain    788           CCM (Counter with Cipher Block Chaining-Message Authentication Code)
789           authenticated encryption mode (NIST     789           authenticated encryption mode (NIST SP800-38C)
790                                                   790 
791 config CRYPTO_GCM                                 791 config CRYPTO_GCM
792         tristate "GCM (Galois/Counter Mode) an    792         tristate "GCM (Galois/Counter Mode) and GMAC (GCM MAC)"
793         select CRYPTO_CTR                         793         select CRYPTO_CTR
794         select CRYPTO_AEAD                        794         select CRYPTO_AEAD
795         select CRYPTO_GHASH                       795         select CRYPTO_GHASH
796         select CRYPTO_NULL                        796         select CRYPTO_NULL
797         select CRYPTO_MANAGER                     797         select CRYPTO_MANAGER
798         help                                      798         help
799           GCM (Galois/Counter Mode) authentica    799           GCM (Galois/Counter Mode) authenticated encryption mode and GMAC
800           (GCM Message Authentication Code) (N    800           (GCM Message Authentication Code) (NIST SP800-38D)
801                                                   801 
802           This is required for IPSec ESP (XFRM    802           This is required for IPSec ESP (XFRM_ESP).
803                                                   803 
804 config CRYPTO_GENIV                               804 config CRYPTO_GENIV
805         tristate                                  805         tristate
806         select CRYPTO_AEAD                        806         select CRYPTO_AEAD
807         select CRYPTO_NULL                        807         select CRYPTO_NULL
808         select CRYPTO_MANAGER                     808         select CRYPTO_MANAGER
809         select CRYPTO_RNG_DEFAULT                 809         select CRYPTO_RNG_DEFAULT
810                                                   810 
811 config CRYPTO_SEQIV                               811 config CRYPTO_SEQIV
812         tristate "Sequence Number IV Generator    812         tristate "Sequence Number IV Generator"
813         select CRYPTO_GENIV                       813         select CRYPTO_GENIV
814         help                                      814         help
815           Sequence Number IV generator            815           Sequence Number IV generator
816                                                   816 
817           This IV generator generates an IV ba    817           This IV generator generates an IV based on a sequence number by
818           xoring it with a salt.  This algorit    818           xoring it with a salt.  This algorithm is mainly useful for CTR.
819                                                   819 
820           This is required for IPsec ESP (XFRM    820           This is required for IPsec ESP (XFRM_ESP).
821                                                   821 
822 config CRYPTO_ECHAINIV                            822 config CRYPTO_ECHAINIV
823         tristate "Encrypted Chain IV Generator    823         tristate "Encrypted Chain IV Generator"
824         select CRYPTO_GENIV                       824         select CRYPTO_GENIV
825         help                                      825         help
826           Encrypted Chain IV generator            826           Encrypted Chain IV generator
827                                                   827 
828           This IV generator generates an IV ba    828           This IV generator generates an IV based on the encryption of
829           a sequence number xored with a salt.    829           a sequence number xored with a salt.  This is the default
830           algorithm for CBC.                      830           algorithm for CBC.
831                                                   831 
832 config CRYPTO_ESSIV                               832 config CRYPTO_ESSIV
833         tristate "Encrypted Salt-Sector IV Gen    833         tristate "Encrypted Salt-Sector IV Generator"
834         select CRYPTO_AUTHENC                     834         select CRYPTO_AUTHENC
835         help                                      835         help
836           Encrypted Salt-Sector IV generator      836           Encrypted Salt-Sector IV generator
837                                                   837 
838           This IV generator is used in some ca    838           This IV generator is used in some cases by fscrypt and/or
839           dm-crypt. It uses the hash of the bl    839           dm-crypt. It uses the hash of the block encryption key as the
840           symmetric key for a block encryption    840           symmetric key for a block encryption pass applied to the input
841           IV, making low entropy IV sources mo    841           IV, making low entropy IV sources more suitable for block
842           encryption.                             842           encryption.
843                                                   843 
844           This driver implements a crypto API     844           This driver implements a crypto API template that can be
845           instantiated either as an skcipher o    845           instantiated either as an skcipher or as an AEAD (depending on the
846           type of the first template argument)    846           type of the first template argument), and which defers encryption
847           and decryption requests to the encap    847           and decryption requests to the encapsulated cipher after applying
848           ESSIV to the input IV. Note that in     848           ESSIV to the input IV. Note that in the AEAD case, it is assumed
849           that the keys are presented in the s    849           that the keys are presented in the same format used by the authenc
850           template, and that the IV appears at    850           template, and that the IV appears at the end of the authenticated
851           associated data (AAD) region (which     851           associated data (AAD) region (which is how dm-crypt uses it.)
852                                                   852 
853           Note that the use of ESSIV is not re    853           Note that the use of ESSIV is not recommended for new deployments,
854           and so this only needs to be enabled    854           and so this only needs to be enabled when interoperability with
855           existing encrypted volumes of filesy    855           existing encrypted volumes of filesystems is required, or when
856           building for a particular system tha    856           building for a particular system that requires it (e.g., when
857           the SoC in question has accelerated     857           the SoC in question has accelerated CBC but not XTS, making CBC
858           combined with ESSIV the only feasibl    858           combined with ESSIV the only feasible mode for h/w accelerated
859           block encryption)                       859           block encryption)
860                                                   860 
861 endmenu                                           861 endmenu
862                                                   862 
863 menu "Hashes, digests, and MACs"                  863 menu "Hashes, digests, and MACs"
864                                                   864 
865 config CRYPTO_BLAKE2B                             865 config CRYPTO_BLAKE2B
866         tristate "BLAKE2b"                        866         tristate "BLAKE2b"
867         select CRYPTO_HASH                        867         select CRYPTO_HASH
868         help                                      868         help
869           BLAKE2b cryptographic hash function     869           BLAKE2b cryptographic hash function (RFC 7693)
870                                                   870 
871           BLAKE2b is optimized for 64-bit plat    871           BLAKE2b is optimized for 64-bit platforms and can produce digests
872           of any size between 1 and 64 bytes.     872           of any size between 1 and 64 bytes. The keyed hash is also implemented.
873                                                   873 
874           This module provides the following a    874           This module provides the following algorithms:
875           - blake2b-160                           875           - blake2b-160
876           - blake2b-256                           876           - blake2b-256
877           - blake2b-384                           877           - blake2b-384
878           - blake2b-512                           878           - blake2b-512
879                                                   879 
880           Used by the btrfs filesystem.           880           Used by the btrfs filesystem.
881                                                   881 
882           See https://blake2.net for further i    882           See https://blake2.net for further information.
883                                                   883 
884 config CRYPTO_CMAC                                884 config CRYPTO_CMAC
885         tristate "CMAC (Cipher-based MAC)"        885         tristate "CMAC (Cipher-based MAC)"
886         select CRYPTO_HASH                        886         select CRYPTO_HASH
887         select CRYPTO_MANAGER                     887         select CRYPTO_MANAGER
888         help                                      888         help
889           CMAC (Cipher-based Message Authentic    889           CMAC (Cipher-based Message Authentication Code) authentication
890           mode (NIST SP800-38B and IETF RFC449    890           mode (NIST SP800-38B and IETF RFC4493)
891                                                   891 
892 config CRYPTO_GHASH                               892 config CRYPTO_GHASH
893         tristate "GHASH"                          893         tristate "GHASH"
894         select CRYPTO_HASH                        894         select CRYPTO_HASH
895         select CRYPTO_LIB_GF128MUL                895         select CRYPTO_LIB_GF128MUL
896         help                                      896         help
897           GCM GHASH function (NIST SP800-38D)     897           GCM GHASH function (NIST SP800-38D)
898                                                   898 
899 config CRYPTO_HMAC                                899 config CRYPTO_HMAC
900         tristate "HMAC (Keyed-Hash MAC)"          900         tristate "HMAC (Keyed-Hash MAC)"
901         select CRYPTO_HASH                        901         select CRYPTO_HASH
902         select CRYPTO_MANAGER                     902         select CRYPTO_MANAGER
903         help                                      903         help
904           HMAC (Keyed-Hash Message Authenticat    904           HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and
905           RFC2104)                                905           RFC2104)
906                                                   906 
907           This is required for IPsec AH (XFRM_    907           This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
908                                                   908 
909 config CRYPTO_MD4                                 909 config CRYPTO_MD4
910         tristate "MD4"                            910         tristate "MD4"
911         select CRYPTO_HASH                        911         select CRYPTO_HASH
912         help                                      912         help
913           MD4 message digest algorithm (RFC132    913           MD4 message digest algorithm (RFC1320)
914                                                   914 
915 config CRYPTO_MD5                                 915 config CRYPTO_MD5
916         tristate "MD5"                            916         tristate "MD5"
917         select CRYPTO_HASH                        917         select CRYPTO_HASH
918         help                                      918         help
919           MD5 message digest algorithm (RFC132    919           MD5 message digest algorithm (RFC1321)
920                                                   920 
921 config CRYPTO_MICHAEL_MIC                         921 config CRYPTO_MICHAEL_MIC
922         tristate "Michael MIC"                    922         tristate "Michael MIC"
923         select CRYPTO_HASH                        923         select CRYPTO_HASH
924         help                                      924         help
925           Michael MIC (Message Integrity Code)    925           Michael MIC (Message Integrity Code) (IEEE 802.11i)
926                                                   926 
927           Defined by the IEEE 802.11i TKIP (Te    927           Defined by the IEEE 802.11i TKIP (Temporal Key Integrity Protocol),
928           known as WPA (Wif-Fi Protected Acces    928           known as WPA (Wif-Fi Protected Access).
929                                                   929 
930           This algorithm is required for TKIP,    930           This algorithm is required for TKIP, but it should not be used for
931           other purposes because of the weakne    931           other purposes because of the weakness of the algorithm.
932                                                   932 
933 config CRYPTO_POLYVAL                             933 config CRYPTO_POLYVAL
934         tristate                                  934         tristate
935         select CRYPTO_HASH                        935         select CRYPTO_HASH
936         select CRYPTO_LIB_GF128MUL                936         select CRYPTO_LIB_GF128MUL
937         help                                      937         help
938           POLYVAL hash function for HCTR2         938           POLYVAL hash function for HCTR2
939                                                   939 
940           This is used in HCTR2.  It is not a     940           This is used in HCTR2.  It is not a general-purpose
941           cryptographic hash function.            941           cryptographic hash function.
942                                                   942 
943 config CRYPTO_POLY1305                            943 config CRYPTO_POLY1305
944         tristate "Poly1305"                       944         tristate "Poly1305"
945         select CRYPTO_HASH                        945         select CRYPTO_HASH
946         select CRYPTO_LIB_POLY1305_GENERIC        946         select CRYPTO_LIB_POLY1305_GENERIC
947         help                                      947         help
948           Poly1305 authenticator algorithm (RF    948           Poly1305 authenticator algorithm (RFC7539)
949                                                   949 
950           Poly1305 is an authenticator algorit    950           Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
951           It is used for the ChaCha20-Poly1305    951           It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
952           in IETF protocols. This is the porta    952           in IETF protocols. This is the portable C implementation of Poly1305.
953                                                   953 
954 config CRYPTO_RMD160                              954 config CRYPTO_RMD160
955         tristate "RIPEMD-160"                     955         tristate "RIPEMD-160"
956         select CRYPTO_HASH                        956         select CRYPTO_HASH
957         help                                      957         help
958           RIPEMD-160 hash function (ISO/IEC 10    958           RIPEMD-160 hash function (ISO/IEC 10118-3)
959                                                   959 
960           RIPEMD-160 is a 160-bit cryptographi    960           RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
961           to be used as a secure replacement f    961           to be used as a secure replacement for the 128-bit hash functions
962           MD4, MD5 and its predecessor RIPEMD     962           MD4, MD5 and its predecessor RIPEMD
963           (not to be confused with RIPEMD-128)    963           (not to be confused with RIPEMD-128).
964                                                   964 
965           Its speed is comparable to SHA-1 and    965           Its speed is comparable to SHA-1 and there are no known attacks
966           against RIPEMD-160.                     966           against RIPEMD-160.
967                                                   967 
968           Developed by Hans Dobbertin, Antoon     968           Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
969           See https://homes.esat.kuleuven.be/~    969           See https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
970           for further information.                970           for further information.
971                                                   971 
972 config CRYPTO_SHA1                                972 config CRYPTO_SHA1
973         tristate "SHA-1"                          973         tristate "SHA-1"
974         select CRYPTO_HASH                        974         select CRYPTO_HASH
975         select CRYPTO_LIB_SHA1                    975         select CRYPTO_LIB_SHA1
976         help                                      976         help
977           SHA-1 secure hash algorithm (FIPS 18    977           SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3)
978                                                   978 
979 config CRYPTO_SHA256                              979 config CRYPTO_SHA256
980         tristate "SHA-224 and SHA-256"            980         tristate "SHA-224 and SHA-256"
981         select CRYPTO_HASH                        981         select CRYPTO_HASH
982         select CRYPTO_LIB_SHA256                  982         select CRYPTO_LIB_SHA256
983         help                                      983         help
984           SHA-224 and SHA-256 secure hash algo    984           SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
985                                                   985 
986           This is required for IPsec AH (XFRM_    986           This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
987           Used by the btrfs filesystem, Ceph,     987           Used by the btrfs filesystem, Ceph, NFS, and SMB.
988                                                   988 
989 config CRYPTO_SHA512                              989 config CRYPTO_SHA512
990         tristate "SHA-384 and SHA-512"            990         tristate "SHA-384 and SHA-512"
991         select CRYPTO_HASH                        991         select CRYPTO_HASH
992         help                                      992         help
993           SHA-384 and SHA-512 secure hash algo    993           SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
994                                                   994 
995 config CRYPTO_SHA3                                995 config CRYPTO_SHA3
996         tristate "SHA-3"                          996         tristate "SHA-3"
997         select CRYPTO_HASH                        997         select CRYPTO_HASH
998         help                                      998         help
999           SHA-3 secure hash algorithms (FIPS 2    999           SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3)
1000                                                  1000 
1001 config CRYPTO_SM3                                1001 config CRYPTO_SM3
1002         tristate                                 1002         tristate
1003                                                  1003 
1004 config CRYPTO_SM3_GENERIC                        1004 config CRYPTO_SM3_GENERIC
1005         tristate "SM3 (ShangMi 3)"               1005         tristate "SM3 (ShangMi 3)"
1006         select CRYPTO_HASH                       1006         select CRYPTO_HASH
1007         select CRYPTO_SM3                        1007         select CRYPTO_SM3
1008         help                                     1008         help
1009           SM3 (ShangMi 3) secure hash functio    1009           SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3)
1010                                                  1010 
1011           This is part of the Chinese Commerc    1011           This is part of the Chinese Commercial Cryptography suite.
1012                                                  1012 
1013           References:                            1013           References:
1014           http://www.oscca.gov.cn/UpFile/2010    1014           http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1015           https://datatracker.ietf.org/doc/ht    1015           https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1016                                                  1016 
1017 config CRYPTO_STREEBOG                           1017 config CRYPTO_STREEBOG
1018         tristate "Streebog"                      1018         tristate "Streebog"
1019         select CRYPTO_HASH                       1019         select CRYPTO_HASH
1020         help                                     1020         help
1021           Streebog Hash Function (GOST R 34.1    1021           Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3)
1022                                                  1022 
1023           This is one of the Russian cryptogr    1023           This is one of the Russian cryptographic standard algorithms (called
1024           GOST algorithms). This setting enab    1024           GOST algorithms). This setting enables two hash algorithms with
1025           256 and 512 bits output.               1025           256 and 512 bits output.
1026                                                  1026 
1027           References:                            1027           References:
1028           https://tc26.ru/upload/iblock/fed/f    1028           https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1029           https://tools.ietf.org/html/rfc6986    1029           https://tools.ietf.org/html/rfc6986
1030                                                  1030 
1031 config CRYPTO_VMAC                               1031 config CRYPTO_VMAC
1032         tristate "VMAC"                          1032         tristate "VMAC"
1033         select CRYPTO_HASH                       1033         select CRYPTO_HASH
1034         select CRYPTO_MANAGER                    1034         select CRYPTO_MANAGER
1035         help                                     1035         help
1036           VMAC is a message authentication al    1036           VMAC is a message authentication algorithm designed for
1037           very high speed on 64-bit architect    1037           very high speed on 64-bit architectures.
1038                                                  1038 
1039           See https://fastcrypto.org/vmac for    1039           See https://fastcrypto.org/vmac for further information.
1040                                                  1040 
1041 config CRYPTO_WP512                              1041 config CRYPTO_WP512
1042         tristate "Whirlpool"                     1042         tristate "Whirlpool"
1043         select CRYPTO_HASH                       1043         select CRYPTO_HASH
1044         help                                     1044         help
1045           Whirlpool hash function (ISO/IEC 10    1045           Whirlpool hash function (ISO/IEC 10118-3)
1046                                                  1046 
1047           512, 384 and 256-bit hashes.           1047           512, 384 and 256-bit hashes.
1048                                                  1048 
1049           Whirlpool-512 is part of the NESSIE    1049           Whirlpool-512 is part of the NESSIE cryptographic primitives.
1050                                                  1050 
1051           See https://web.archive.org/web/201    1051           See https://web.archive.org/web/20171129084214/http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
1052           for further information.               1052           for further information.
1053                                                  1053 
1054 config CRYPTO_XCBC                               1054 config CRYPTO_XCBC
1055         tristate "XCBC-MAC (Extended Cipher B    1055         tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)"
1056         select CRYPTO_HASH                       1056         select CRYPTO_HASH
1057         select CRYPTO_MANAGER                    1057         select CRYPTO_MANAGER
1058         help                                     1058         help
1059           XCBC-MAC (Extended Cipher Block Cha    1059           XCBC-MAC (Extended Cipher Block Chaining Message Authentication
1060           Code) (RFC3566)                        1060           Code) (RFC3566)
1061                                                  1061 
1062 config CRYPTO_XXHASH                             1062 config CRYPTO_XXHASH
1063         tristate "xxHash"                        1063         tristate "xxHash"
1064         select CRYPTO_HASH                       1064         select CRYPTO_HASH
1065         select XXHASH                            1065         select XXHASH
1066         help                                     1066         help
1067           xxHash non-cryptographic hash algor    1067           xxHash non-cryptographic hash algorithm
1068                                                  1068 
1069           Extremely fast, working at speeds c    1069           Extremely fast, working at speeds close to RAM limits.
1070                                                  1070 
1071           Used by the btrfs filesystem.          1071           Used by the btrfs filesystem.
1072                                                  1072 
1073 endmenu                                          1073 endmenu
1074                                                  1074 
1075 menu "CRCs (cyclic redundancy checks)"           1075 menu "CRCs (cyclic redundancy checks)"
1076                                                  1076 
1077 config CRYPTO_CRC32C                             1077 config CRYPTO_CRC32C
1078         tristate "CRC32c"                        1078         tristate "CRC32c"
1079         select CRYPTO_HASH                       1079         select CRYPTO_HASH
1080         select CRC32                             1080         select CRC32
1081         help                                     1081         help
1082           CRC32c CRC algorithm with the iSCSI    1082           CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720)
1083                                                  1083 
1084           A 32-bit CRC (cyclic redundancy che    1084           A 32-bit CRC (cyclic redundancy check) with a polynomial defined
1085           by G. Castagnoli, S. Braeuer and M.    1085           by G. Castagnoli, S. Braeuer and M. Herrman in "Optimization of Cyclic
1086           Redundancy-Check Codes with 24 and     1086           Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions
1087           on Communications, Vol. 41, No. 6,     1087           on Communications, Vol. 41, No. 6, June 1993, selected for use with
1088           iSCSI.                                 1088           iSCSI.
1089                                                  1089 
1090           Used by btrfs, ext4, jbd2, NVMeoF/T    1090           Used by btrfs, ext4, jbd2, NVMeoF/TCP, and iSCSI.
1091                                                  1091 
1092 config CRYPTO_CRC32                              1092 config CRYPTO_CRC32
1093         tristate "CRC32"                         1093         tristate "CRC32"
1094         select CRYPTO_HASH                       1094         select CRYPTO_HASH
1095         select CRC32                             1095         select CRC32
1096         help                                     1096         help
1097           CRC32 CRC algorithm (IEEE 802.3)       1097           CRC32 CRC algorithm (IEEE 802.3)
1098                                                  1098 
1099           Used by RoCEv2 and f2fs.               1099           Used by RoCEv2 and f2fs.
1100                                                  1100 
1101 config CRYPTO_CRCT10DIF                          1101 config CRYPTO_CRCT10DIF
1102         tristate "CRCT10DIF"                     1102         tristate "CRCT10DIF"
1103         select CRYPTO_HASH                       1103         select CRYPTO_HASH
1104         help                                     1104         help
1105           CRC16 CRC algorithm used for the T1    1105           CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF)
1106                                                  1106 
1107           CRC algorithm used by the SCSI Bloc    1107           CRC algorithm used by the SCSI Block Commands standard.
1108                                                  1108 
1109 config CRYPTO_CRC64_ROCKSOFT                     1109 config CRYPTO_CRC64_ROCKSOFT
1110         tristate "CRC64 based on Rocksoft Mod    1110         tristate "CRC64 based on Rocksoft Model algorithm"
1111         depends on CRC64                         1111         depends on CRC64
1112         select CRYPTO_HASH                       1112         select CRYPTO_HASH
1113         help                                     1113         help
1114           CRC64 CRC algorithm based on the Ro    1114           CRC64 CRC algorithm based on the Rocksoft Model CRC Algorithm
1115                                                  1115 
1116           Used by the NVMe implementation of     1116           Used by the NVMe implementation of T10 DIF (BLK_DEV_INTEGRITY)
1117                                                  1117 
1118           See https://zlib.net/crc_v3.txt        1118           See https://zlib.net/crc_v3.txt
1119                                                  1119 
1120 endmenu                                          1120 endmenu
1121                                                  1121 
1122 menu "Compression"                               1122 menu "Compression"
1123                                                  1123 
1124 config CRYPTO_DEFLATE                            1124 config CRYPTO_DEFLATE
1125         tristate "Deflate"                       1125         tristate "Deflate"
1126         select CRYPTO_ALGAPI                     1126         select CRYPTO_ALGAPI
1127         select CRYPTO_ACOMP2                     1127         select CRYPTO_ACOMP2
1128         select ZLIB_INFLATE                      1128         select ZLIB_INFLATE
1129         select ZLIB_DEFLATE                      1129         select ZLIB_DEFLATE
1130         help                                     1130         help
1131           Deflate compression algorithm (RFC1    1131           Deflate compression algorithm (RFC1951)
1132                                                  1132 
1133           Used by IPSec with the IPCOMP proto    1133           Used by IPSec with the IPCOMP protocol (RFC3173, RFC2394)
1134                                                  1134 
1135 config CRYPTO_LZO                                1135 config CRYPTO_LZO
1136         tristate "LZO"                           1136         tristate "LZO"
1137         select CRYPTO_ALGAPI                     1137         select CRYPTO_ALGAPI
1138         select CRYPTO_ACOMP2                     1138         select CRYPTO_ACOMP2
1139         select LZO_COMPRESS                      1139         select LZO_COMPRESS
1140         select LZO_DECOMPRESS                    1140         select LZO_DECOMPRESS
1141         help                                     1141         help
1142           LZO compression algorithm              1142           LZO compression algorithm
1143                                                  1143 
1144           See https://www.oberhumer.com/opens    1144           See https://www.oberhumer.com/opensource/lzo/ for further information.
1145                                                  1145 
1146 config CRYPTO_842                                1146 config CRYPTO_842
1147         tristate "842"                           1147         tristate "842"
1148         select CRYPTO_ALGAPI                     1148         select CRYPTO_ALGAPI
1149         select CRYPTO_ACOMP2                     1149         select CRYPTO_ACOMP2
1150         select 842_COMPRESS                      1150         select 842_COMPRESS
1151         select 842_DECOMPRESS                    1151         select 842_DECOMPRESS
1152         help                                     1152         help
1153           842 compression algorithm by IBM       1153           842 compression algorithm by IBM
1154                                                  1154 
1155           See https://github.com/plauth/lib84    1155           See https://github.com/plauth/lib842 for further information.
1156                                                  1156 
1157 config CRYPTO_LZ4                                1157 config CRYPTO_LZ4
1158         tristate "LZ4"                           1158         tristate "LZ4"
1159         select CRYPTO_ALGAPI                     1159         select CRYPTO_ALGAPI
1160         select CRYPTO_ACOMP2                     1160         select CRYPTO_ACOMP2
1161         select LZ4_COMPRESS                      1161         select LZ4_COMPRESS
1162         select LZ4_DECOMPRESS                    1162         select LZ4_DECOMPRESS
1163         help                                     1163         help
1164           LZ4 compression algorithm              1164           LZ4 compression algorithm
1165                                                  1165 
1166           See https://github.com/lz4/lz4 for     1166           See https://github.com/lz4/lz4 for further information.
1167                                                  1167 
1168 config CRYPTO_LZ4HC                              1168 config CRYPTO_LZ4HC
1169         tristate "LZ4HC"                         1169         tristate "LZ4HC"
1170         select CRYPTO_ALGAPI                     1170         select CRYPTO_ALGAPI
1171         select CRYPTO_ACOMP2                     1171         select CRYPTO_ACOMP2
1172         select LZ4HC_COMPRESS                    1172         select LZ4HC_COMPRESS
1173         select LZ4_DECOMPRESS                    1173         select LZ4_DECOMPRESS
1174         help                                     1174         help
1175           LZ4 high compression mode algorithm    1175           LZ4 high compression mode algorithm
1176                                                  1176 
1177           See https://github.com/lz4/lz4 for     1177           See https://github.com/lz4/lz4 for further information.
1178                                                  1178 
1179 config CRYPTO_ZSTD                               1179 config CRYPTO_ZSTD
1180         tristate "Zstd"                          1180         tristate "Zstd"
1181         select CRYPTO_ALGAPI                     1181         select CRYPTO_ALGAPI
1182         select CRYPTO_ACOMP2                     1182         select CRYPTO_ACOMP2
1183         select ZSTD_COMPRESS                     1183         select ZSTD_COMPRESS
1184         select ZSTD_DECOMPRESS                   1184         select ZSTD_DECOMPRESS
1185         help                                     1185         help
1186           zstd compression algorithm             1186           zstd compression algorithm
1187                                                  1187 
1188           See https://github.com/facebook/zst    1188           See https://github.com/facebook/zstd for further information.
1189                                                  1189 
1190 endmenu                                          1190 endmenu
1191                                                  1191 
1192 menu "Random number generation"                  1192 menu "Random number generation"
1193                                                  1193 
1194 config CRYPTO_ANSI_CPRNG                         1194 config CRYPTO_ANSI_CPRNG
1195         tristate "ANSI PRNG (Pseudo Random Nu    1195         tristate "ANSI PRNG (Pseudo Random Number Generator)"
1196         select CRYPTO_AES                        1196         select CRYPTO_AES
1197         select CRYPTO_RNG                        1197         select CRYPTO_RNG
1198         help                                     1198         help
1199           Pseudo RNG (random number generator    1199           Pseudo RNG (random number generator) (ANSI X9.31 Appendix A.2.4)
1200                                                  1200 
1201           This uses the AES cipher algorithm.    1201           This uses the AES cipher algorithm.
1202                                                  1202 
1203           Note that this option must be enabl    1203           Note that this option must be enabled if CRYPTO_FIPS is selected
1204                                                  1204 
1205 menuconfig CRYPTO_DRBG_MENU                      1205 menuconfig CRYPTO_DRBG_MENU
1206         tristate "NIST SP800-90A DRBG (Determ    1206         tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)"
1207         help                                     1207         help
1208           DRBG (Deterministic Random Bit Gene    1208           DRBG (Deterministic Random Bit Generator) (NIST SP800-90A)
1209                                                  1209 
1210           In the following submenu, one or mo    1210           In the following submenu, one or more of the DRBG types must be selected.
1211                                                  1211 
1212 if CRYPTO_DRBG_MENU                              1212 if CRYPTO_DRBG_MENU
1213                                                  1213 
1214 config CRYPTO_DRBG_HMAC                          1214 config CRYPTO_DRBG_HMAC
1215         bool                                     1215         bool
1216         default y                                1216         default y
1217         select CRYPTO_HMAC                       1217         select CRYPTO_HMAC
1218         select CRYPTO_SHA512                     1218         select CRYPTO_SHA512
1219                                                  1219 
1220 config CRYPTO_DRBG_HASH                          1220 config CRYPTO_DRBG_HASH
1221         bool "Hash_DRBG"                         1221         bool "Hash_DRBG"
1222         select CRYPTO_SHA256                     1222         select CRYPTO_SHA256
1223         help                                     1223         help
1224           Hash_DRBG variant as defined in NIS    1224           Hash_DRBG variant as defined in NIST SP800-90A.
1225                                                  1225 
1226           This uses the SHA-1, SHA-256, SHA-3    1226           This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms.
1227                                                  1227 
1228 config CRYPTO_DRBG_CTR                           1228 config CRYPTO_DRBG_CTR
1229         bool "CTR_DRBG"                          1229         bool "CTR_DRBG"
1230         select CRYPTO_AES                        1230         select CRYPTO_AES
1231         select CRYPTO_CTR                        1231         select CRYPTO_CTR
1232         help                                     1232         help
1233           CTR_DRBG variant as defined in NIST    1233           CTR_DRBG variant as defined in NIST SP800-90A.
1234                                                  1234 
1235           This uses the AES cipher algorithm     1235           This uses the AES cipher algorithm with the counter block mode.
1236                                                  1236 
1237 config CRYPTO_DRBG                               1237 config CRYPTO_DRBG
1238         tristate                                 1238         tristate
1239         default CRYPTO_DRBG_MENU                 1239         default CRYPTO_DRBG_MENU
1240         select CRYPTO_RNG                        1240         select CRYPTO_RNG
1241         select CRYPTO_JITTERENTROPY              1241         select CRYPTO_JITTERENTROPY
1242                                                  1242 
1243 endif   # if CRYPTO_DRBG_MENU                    1243 endif   # if CRYPTO_DRBG_MENU
1244                                                  1244 
1245 config CRYPTO_JITTERENTROPY                      1245 config CRYPTO_JITTERENTROPY
1246         tristate "CPU Jitter Non-Deterministi    1246         tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)"
1247         select CRYPTO_RNG                        1247         select CRYPTO_RNG
1248         select CRYPTO_SHA3                       1248         select CRYPTO_SHA3
1249         help                                     1249         help
1250           CPU Jitter RNG (Random Number Gener    1250           CPU Jitter RNG (Random Number Generator) from the Jitterentropy library
1251                                                  1251 
1252           A non-physical non-deterministic ("    1252           A non-physical non-deterministic ("true") RNG (e.g., an entropy source
1253           compliant with NIST SP800-90B) inte    1253           compliant with NIST SP800-90B) intended to provide a seed to a
1254           deterministic RNG (e.g., per NIST S    1254           deterministic RNG (e.g., per NIST SP800-90C).
1255           This RNG does not perform any crypt    1255           This RNG does not perform any cryptographic whitening of the generated
1256           random numbers.                        1256           random numbers.
1257                                                  1257 
1258           See https://www.chronox.de/jent/       1258           See https://www.chronox.de/jent/
1259                                                  1259 
1260 if CRYPTO_JITTERENTROPY                          1260 if CRYPTO_JITTERENTROPY
1261 if CRYPTO_FIPS && EXPERT                         1261 if CRYPTO_FIPS && EXPERT
1262                                                  1262 
1263 choice                                           1263 choice
1264         prompt "CPU Jitter RNG Memory Size"      1264         prompt "CPU Jitter RNG Memory Size"
1265         default CRYPTO_JITTERENTROPY_MEMSIZE_    1265         default CRYPTO_JITTERENTROPY_MEMSIZE_2
1266         help                                     1266         help
1267           The Jitter RNG measures the executi    1267           The Jitter RNG measures the execution time of memory accesses.
1268           Multiple consecutive memory accesse    1268           Multiple consecutive memory accesses are performed. If the memory
1269           size fits into a cache (e.g. L1), o    1269           size fits into a cache (e.g. L1), only the memory access timing
1270           to that cache is measured. The clos    1270           to that cache is measured. The closer the cache is to the CPU
1271           the less variations are measured an    1271           the less variations are measured and thus the less entropy is
1272           obtained. Thus, if the memory size     1272           obtained. Thus, if the memory size fits into the L1 cache, the
1273           obtained entropy is less than if th    1273           obtained entropy is less than if the memory size fits within
1274           L1 + L2, which in turn is less if t    1274           L1 + L2, which in turn is less if the memory fits into
1275           L1 + L2 + L3. Thus, by selecting a     1275           L1 + L2 + L3. Thus, by selecting a different memory size,
1276           the entropy rate produced by the Ji    1276           the entropy rate produced by the Jitter RNG can be modified.
1277                                                  1277 
1278         config CRYPTO_JITTERENTROPY_MEMSIZE_2    1278         config CRYPTO_JITTERENTROPY_MEMSIZE_2
1279                 bool "2048 Bytes (default)"      1279                 bool "2048 Bytes (default)"
1280                                                  1280 
1281         config CRYPTO_JITTERENTROPY_MEMSIZE_1    1281         config CRYPTO_JITTERENTROPY_MEMSIZE_128
1282                 bool "128 kBytes"                1282                 bool "128 kBytes"
1283                                                  1283 
1284         config CRYPTO_JITTERENTROPY_MEMSIZE_1    1284         config CRYPTO_JITTERENTROPY_MEMSIZE_1024
1285                 bool "1024 kBytes"               1285                 bool "1024 kBytes"
1286                                                  1286 
1287         config CRYPTO_JITTERENTROPY_MEMSIZE_8    1287         config CRYPTO_JITTERENTROPY_MEMSIZE_8192
1288                 bool "8192 kBytes"               1288                 bool "8192 kBytes"
1289 endchoice                                        1289 endchoice
1290                                                  1290 
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS        1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS
1292         int                                      1292         int
1293         default 64 if CRYPTO_JITTERENTROPY_ME    1293         default 64 if CRYPTO_JITTERENTROPY_MEMSIZE_2
1294         default 512 if CRYPTO_JITTERENTROPY_M    1294         default 512 if CRYPTO_JITTERENTROPY_MEMSIZE_128
1295         default 1024 if CRYPTO_JITTERENTROPY_    1295         default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_1024
1296         default 4096 if CRYPTO_JITTERENTROPY_    1296         default 4096 if CRYPTO_JITTERENTROPY_MEMSIZE_8192
1297                                                  1297 
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE     1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE
1299         int                                      1299         int
1300         default 32 if CRYPTO_JITTERENTROPY_ME    1300         default 32 if CRYPTO_JITTERENTROPY_MEMSIZE_2
1301         default 256 if CRYPTO_JITTERENTROPY_M    1301         default 256 if CRYPTO_JITTERENTROPY_MEMSIZE_128
1302         default 1024 if CRYPTO_JITTERENTROPY_    1302         default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_1024
1303         default 2048 if CRYPTO_JITTERENTROPY_    1303         default 2048 if CRYPTO_JITTERENTROPY_MEMSIZE_8192
1304                                                  1304 
1305 config CRYPTO_JITTERENTROPY_OSR                  1305 config CRYPTO_JITTERENTROPY_OSR
1306         int "CPU Jitter RNG Oversampling Rate    1306         int "CPU Jitter RNG Oversampling Rate"
1307         range 1 15                               1307         range 1 15
1308         default 3                                1308         default 3
1309         help                                     1309         help
1310           The Jitter RNG allows the specifica    1310           The Jitter RNG allows the specification of an oversampling rate (OSR).
1311           The Jitter RNG operation requires a    1311           The Jitter RNG operation requires a fixed amount of timing
1312           measurements to produce one output     1312           measurements to produce one output block of random numbers. The
1313           OSR value is multiplied with the am    1313           OSR value is multiplied with the amount of timing measurements to
1314           generate one output block. Thus, th    1314           generate one output block. Thus, the timing measurement is oversampled
1315           by the OSR factor. The oversampling    1315           by the OSR factor. The oversampling allows the Jitter RNG to operate
1316           on hardware whose timers deliver li    1316           on hardware whose timers deliver limited amount of entropy (e.g.
1317           the timer is coarse) by setting the    1317           the timer is coarse) by setting the OSR to a higher value. The
1318           trade-off, however, is that the Jit    1318           trade-off, however, is that the Jitter RNG now requires more time
1319           to generate random numbers.            1319           to generate random numbers.
1320                                                  1320 
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE        1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE
1322         bool "CPU Jitter RNG Test Interface"     1322         bool "CPU Jitter RNG Test Interface"
1323         help                                     1323         help
1324           The test interface allows a privile    1324           The test interface allows a privileged process to capture
1325           the raw unconditioned high resoluti    1325           the raw unconditioned high resolution time stamp noise that
1326           is collected by the Jitter RNG for     1326           is collected by the Jitter RNG for statistical analysis. As
1327           this data is used at the same time     1327           this data is used at the same time to generate random bits,
1328           the Jitter RNG operates in an insec    1328           the Jitter RNG operates in an insecure mode as long as the
1329           recording is enabled. This interfac    1329           recording is enabled. This interface therefore is only
1330           intended for testing purposes and i    1330           intended for testing purposes and is not suitable for
1331           production systems.                    1331           production systems.
1332                                                  1332 
1333           The raw noise data can be obtained     1333           The raw noise data can be obtained using the jent_raw_hires
1334           debugfs file. Using the option         1334           debugfs file. Using the option
1335           jitterentropy_testing.boot_raw_hire    1335           jitterentropy_testing.boot_raw_hires_test=1 the raw noise of
1336           the first 1000 entropy events since    1336           the first 1000 entropy events since boot can be sampled.
1337                                                  1337 
1338           If unsure, select N.                   1338           If unsure, select N.
1339                                                  1339 
1340 endif   # if CRYPTO_FIPS && EXPERT               1340 endif   # if CRYPTO_FIPS && EXPERT
1341                                                  1341 
1342 if !(CRYPTO_FIPS && EXPERT)                      1342 if !(CRYPTO_FIPS && EXPERT)
1343                                                  1343 
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS        1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS
1345         int                                      1345         int
1346         default 64                               1346         default 64
1347                                                  1347 
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE     1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE
1349         int                                      1349         int
1350         default 32                               1350         default 32
1351                                                  1351 
1352 config CRYPTO_JITTERENTROPY_OSR                  1352 config CRYPTO_JITTERENTROPY_OSR
1353         int                                      1353         int
1354         default 1                                1354         default 1
1355                                                  1355 
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE        1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE
1357         bool                                     1357         bool
1358                                                  1358 
1359 endif   # if !(CRYPTO_FIPS && EXPERT)            1359 endif   # if !(CRYPTO_FIPS && EXPERT)
1360 endif   # if CRYPTO_JITTERENTROPY                1360 endif   # if CRYPTO_JITTERENTROPY
1361                                                  1361 
1362 config CRYPTO_KDF800108_CTR                      1362 config CRYPTO_KDF800108_CTR
1363         tristate                                 1363         tristate
1364         select CRYPTO_HMAC                       1364         select CRYPTO_HMAC
1365         select CRYPTO_SHA256                     1365         select CRYPTO_SHA256
1366                                                  1366 
1367 endmenu                                          1367 endmenu
1368 menu "Userspace interface"                       1368 menu "Userspace interface"
1369                                                  1369 
1370 config CRYPTO_USER_API                           1370 config CRYPTO_USER_API
1371         tristate                                 1371         tristate
1372                                                  1372 
1373 config CRYPTO_USER_API_HASH                      1373 config CRYPTO_USER_API_HASH
1374         tristate "Hash algorithms"               1374         tristate "Hash algorithms"
1375         depends on NET                           1375         depends on NET
1376         select CRYPTO_HASH                       1376         select CRYPTO_HASH
1377         select CRYPTO_USER_API                   1377         select CRYPTO_USER_API
1378         help                                     1378         help
1379           Enable the userspace interface for     1379           Enable the userspace interface for hash algorithms.
1380                                                  1380 
1381           See Documentation/crypto/userspace-    1381           See Documentation/crypto/userspace-if.rst and
1382           https://www.chronox.de/libkcapi/htm    1382           https://www.chronox.de/libkcapi/html/index.html
1383                                                  1383 
1384 config CRYPTO_USER_API_SKCIPHER                  1384 config CRYPTO_USER_API_SKCIPHER
1385         tristate "Symmetric key cipher algori    1385         tristate "Symmetric key cipher algorithms"
1386         depends on NET                           1386         depends on NET
1387         select CRYPTO_SKCIPHER                   1387         select CRYPTO_SKCIPHER
1388         select CRYPTO_USER_API                   1388         select CRYPTO_USER_API
1389         help                                     1389         help
1390           Enable the userspace interface for     1390           Enable the userspace interface for symmetric key cipher algorithms.
1391                                                  1391 
1392           See Documentation/crypto/userspace-    1392           See Documentation/crypto/userspace-if.rst and
1393           https://www.chronox.de/libkcapi/htm    1393           https://www.chronox.de/libkcapi/html/index.html
1394                                                  1394 
1395 config CRYPTO_USER_API_RNG                       1395 config CRYPTO_USER_API_RNG
1396         tristate "RNG (random number generato    1396         tristate "RNG (random number generator) algorithms"
1397         depends on NET                           1397         depends on NET
1398         select CRYPTO_RNG                        1398         select CRYPTO_RNG
1399         select CRYPTO_USER_API                   1399         select CRYPTO_USER_API
1400         help                                     1400         help
1401           Enable the userspace interface for     1401           Enable the userspace interface for RNG (random number generator)
1402           algorithms.                            1402           algorithms.
1403                                                  1403 
1404           See Documentation/crypto/userspace-    1404           See Documentation/crypto/userspace-if.rst and
1405           https://www.chronox.de/libkcapi/htm    1405           https://www.chronox.de/libkcapi/html/index.html
1406                                                  1406 
1407 config CRYPTO_USER_API_RNG_CAVP                  1407 config CRYPTO_USER_API_RNG_CAVP
1408         bool "Enable CAVP testing of DRBG"       1408         bool "Enable CAVP testing of DRBG"
1409         depends on CRYPTO_USER_API_RNG && CRY    1409         depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
1410         help                                     1410         help
1411           Enable extra APIs in the userspace     1411           Enable extra APIs in the userspace interface for NIST CAVP
1412           (Cryptographic Algorithm Validation    1412           (Cryptographic Algorithm Validation Program) testing:
1413           - resetting DRBG entropy               1413           - resetting DRBG entropy
1414           - providing Additional Data            1414           - providing Additional Data
1415                                                  1415 
1416           This should only be enabled for CAV    1416           This should only be enabled for CAVP testing. You should say
1417           no unless you know what this is.       1417           no unless you know what this is.
1418                                                  1418 
1419 config CRYPTO_USER_API_AEAD                      1419 config CRYPTO_USER_API_AEAD
1420         tristate "AEAD cipher algorithms"        1420         tristate "AEAD cipher algorithms"
1421         depends on NET                           1421         depends on NET
1422         select CRYPTO_AEAD                       1422         select CRYPTO_AEAD
1423         select CRYPTO_SKCIPHER                   1423         select CRYPTO_SKCIPHER
1424         select CRYPTO_NULL                       1424         select CRYPTO_NULL
1425         select CRYPTO_USER_API                   1425         select CRYPTO_USER_API
1426         help                                     1426         help
1427           Enable the userspace interface for     1427           Enable the userspace interface for AEAD cipher algorithms.
1428                                                  1428 
1429           See Documentation/crypto/userspace-    1429           See Documentation/crypto/userspace-if.rst and
1430           https://www.chronox.de/libkcapi/htm    1430           https://www.chronox.de/libkcapi/html/index.html
1431                                                  1431 
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE           1432 config CRYPTO_USER_API_ENABLE_OBSOLETE
1433         bool "Obsolete cryptographic algorith    1433         bool "Obsolete cryptographic algorithms"
1434         depends on CRYPTO_USER_API               1434         depends on CRYPTO_USER_API
1435         default y                                1435         default y
1436         help                                     1436         help
1437           Allow obsolete cryptographic algori    1437           Allow obsolete cryptographic algorithms to be selected that have
1438           already been phased out from intern    1438           already been phased out from internal use by the kernel, and are
1439           only useful for userspace clients t    1439           only useful for userspace clients that still rely on them.
1440                                                  1440 
1441 endmenu                                          1441 endmenu
1442                                                  1442 
1443 config CRYPTO_HASH_INFO                          1443 config CRYPTO_HASH_INFO
1444         bool                                     1444         bool
1445                                                  1445 
1446 if !KMSAN # avoid false positives from assemb    1446 if !KMSAN # avoid false positives from assembly
1447 if ARM                                           1447 if ARM
1448 source "arch/arm/crypto/Kconfig"                 1448 source "arch/arm/crypto/Kconfig"
1449 endif                                            1449 endif
1450 if ARM64                                         1450 if ARM64
1451 source "arch/arm64/crypto/Kconfig"               1451 source "arch/arm64/crypto/Kconfig"
1452 endif                                            1452 endif
1453 if LOONGARCH                                     1453 if LOONGARCH
1454 source "arch/loongarch/crypto/Kconfig"           1454 source "arch/loongarch/crypto/Kconfig"
1455 endif                                            1455 endif
1456 if MIPS                                          1456 if MIPS
1457 source "arch/mips/crypto/Kconfig"                1457 source "arch/mips/crypto/Kconfig"
1458 endif                                            1458 endif
1459 if PPC                                           1459 if PPC
1460 source "arch/powerpc/crypto/Kconfig"             1460 source "arch/powerpc/crypto/Kconfig"
1461 endif                                            1461 endif
1462 if RISCV                                         1462 if RISCV
1463 source "arch/riscv/crypto/Kconfig"               1463 source "arch/riscv/crypto/Kconfig"
1464 endif                                            1464 endif
1465 if S390                                          1465 if S390
1466 source "arch/s390/crypto/Kconfig"                1466 source "arch/s390/crypto/Kconfig"
1467 endif                                            1467 endif
1468 if SPARC                                         1468 if SPARC
1469 source "arch/sparc/crypto/Kconfig"               1469 source "arch/sparc/crypto/Kconfig"
1470 endif                                            1470 endif
1471 if X86                                           1471 if X86
1472 source "arch/x86/crypto/Kconfig"                 1472 source "arch/x86/crypto/Kconfig"
1473 endif                                            1473 endif
1474 endif                                            1474 endif
1475                                                  1475 
1476 source "drivers/crypto/Kconfig"                  1476 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig"          1477 source "crypto/asymmetric_keys/Kconfig"
1478 source "certs/Kconfig"                           1478 source "certs/Kconfig"
1479                                                  1479 
1480 endif   # if CRYPTO                              1480 endif   # if CRYPTO
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php