1 # SPDX-License-Identifier: GPL-2.0
2 #
3 # Generic algorithms support
4 #
5 config XOR_BLOCKS
6 tristate
7
8 #
9 # async_tx api: hardware offloaded memory tran
10 #
11 source "crypto/async_tx/Kconfig"
12
13 #
14 # Cryptographic API Configuration
15 #
16 menuconfig CRYPTO
17 tristate "Cryptographic API"
18 select CRYPTO_LIB_UTILS
19 help
20 This option provides the core Crypto
21
22 if CRYPTO
23
24 menu "Crypto core or helper"
25
26 config CRYPTO_FIPS
27 bool "FIPS 200 compliance"
28 depends on (CRYPTO_ANSI_CPRNG || CRYPT
29 depends on (MODULE_SIG || !MODULES)
30 help
31 This option enables the fips boot op
32 required if you want the system to o
33 certification. You should say no un
34 this is.
35
36 config CRYPTO_FIPS_NAME
37 string "FIPS Module Name"
38 default "Linux Kernel Cryptographic AP
39 depends on CRYPTO_FIPS
40 help
41 This option sets the FIPS Module nam
42 the /proc/sys/crypto/fips_name file.
43
44 config CRYPTO_FIPS_CUSTOM_VERSION
45 bool "Use Custom FIPS Module Version"
46 depends on CRYPTO_FIPS
47 default n
48
49 config CRYPTO_FIPS_VERSION
50 string "FIPS Module Version"
51 default "(none)"
52 depends on CRYPTO_FIPS_CUSTOM_VERSION
53 help
54 This option provides the ability to
55 By default the KERNELRELEASE value i
56
57 config CRYPTO_ALGAPI
58 tristate
59 select CRYPTO_ALGAPI2
60 help
61 This option provides the API for cry
62
63 config CRYPTO_ALGAPI2
64 tristate
65
66 config CRYPTO_AEAD
67 tristate
68 select CRYPTO_AEAD2
69 select CRYPTO_ALGAPI
70
71 config CRYPTO_AEAD2
72 tristate
73 select CRYPTO_ALGAPI2
74
75 config CRYPTO_SIG
76 tristate
77 select CRYPTO_SIG2
78 select CRYPTO_ALGAPI
79
80 config CRYPTO_SIG2
81 tristate
82 select CRYPTO_ALGAPI2
83
84 config CRYPTO_SKCIPHER
85 tristate
86 select CRYPTO_SKCIPHER2
87 select CRYPTO_ALGAPI
88 select CRYPTO_ECB
89
90 config CRYPTO_SKCIPHER2
91 tristate
92 select CRYPTO_ALGAPI2
93
94 config CRYPTO_HASH
95 tristate
96 select CRYPTO_HASH2
97 select CRYPTO_ALGAPI
98
99 config CRYPTO_HASH2
100 tristate
101 select CRYPTO_ALGAPI2
102
103 config CRYPTO_RNG
104 tristate
105 select CRYPTO_RNG2
106 select CRYPTO_ALGAPI
107
108 config CRYPTO_RNG2
109 tristate
110 select CRYPTO_ALGAPI2
111
112 config CRYPTO_RNG_DEFAULT
113 tristate
114 select CRYPTO_DRBG_MENU
115
116 config CRYPTO_AKCIPHER2
117 tristate
118 select CRYPTO_ALGAPI2
119
120 config CRYPTO_AKCIPHER
121 tristate
122 select CRYPTO_AKCIPHER2
123 select CRYPTO_ALGAPI
124
125 config CRYPTO_KPP2
126 tristate
127 select CRYPTO_ALGAPI2
128
129 config CRYPTO_KPP
130 tristate
131 select CRYPTO_ALGAPI
132 select CRYPTO_KPP2
133
134 config CRYPTO_ACOMP2
135 tristate
136 select CRYPTO_ALGAPI2
137 select SGL_ALLOC
138
139 config CRYPTO_ACOMP
140 tristate
141 select CRYPTO_ALGAPI
142 select CRYPTO_ACOMP2
143
144 config CRYPTO_MANAGER
145 tristate "Cryptographic algorithm mana
146 select CRYPTO_MANAGER2
147 help
148 Create default cryptographic templat
149 cbc(aes).
150
151 config CRYPTO_MANAGER2
152 def_tristate CRYPTO_MANAGER || (CRYPTO
153 select CRYPTO_ACOMP2
154 select CRYPTO_AEAD2
155 select CRYPTO_AKCIPHER2
156 select CRYPTO_SIG2
157 select CRYPTO_HASH2
158 select CRYPTO_KPP2
159 select CRYPTO_RNG2
160 select CRYPTO_SKCIPHER2
161
162 config CRYPTO_USER
163 tristate "Userspace cryptographic algo
164 depends on NET
165 select CRYPTO_MANAGER
166 help
167 Userspace configuration for cryptogr
168 cbc(aes).
169
170 config CRYPTO_MANAGER_DISABLE_TESTS
171 bool "Disable run-time self tests"
172 default y
173 help
174 Disable run-time self tests that nor
175 algorithm registration.
176
177 config CRYPTO_MANAGER_EXTRA_TESTS
178 bool "Enable extra run-time crypto sel
179 depends on DEBUG_KERNEL && !CRYPTO_MAN
180 help
181 Enable extra run-time self tests of
182 including randomized fuzz tests.
183
184 This is intended for developer use o
185 longer to run than the normal self t
186
187 config CRYPTO_NULL
188 tristate "Null algorithms"
189 select CRYPTO_NULL2
190 help
191 These are 'Null' algorithms, used by
192
193 config CRYPTO_NULL2
194 tristate
195 select CRYPTO_ALGAPI2
196 select CRYPTO_SKCIPHER2
197 select CRYPTO_HASH2
198
199 config CRYPTO_PCRYPT
200 tristate "Parallel crypto engine"
201 depends on SMP
202 select PADATA
203 select CRYPTO_MANAGER
204 select CRYPTO_AEAD
205 help
206 This converts an arbitrary crypto al
207 algorithm that executes in kernel th
208
209 config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon
211 select CRYPTO_SKCIPHER
212 select CRYPTO_HASH
213 select CRYPTO_MANAGER
214 help
215 This is a generic software asynchron
216 converts an arbitrary synchronous so
217 into an asynchronous algorithm that
218
219 config CRYPTO_AUTHENC
220 tristate "Authenc support"
221 select CRYPTO_AEAD
222 select CRYPTO_SKCIPHER
223 select CRYPTO_MANAGER
224 select CRYPTO_HASH
225 select CRYPTO_NULL
226 help
227 Authenc: Combined mode wrapper for I
228
229 This is required for IPSec ESP (XFRM
230
231 config CRYPTO_TEST
232 tristate "Testing module"
233 depends on m || EXPERT
234 select CRYPTO_MANAGER
235 help
236 Quick & dirty crypto test module.
237
238 config CRYPTO_SIMD
239 tristate
240 select CRYPTO_CRYPTD
241
242 config CRYPTO_ENGINE
243 tristate
244
245 endmenu
246
247 menu "Public-key cryptography"
248
249 config CRYPTO_RSA
250 tristate "RSA (Rivest-Shamir-Adleman)"
251 select CRYPTO_AKCIPHER
252 select CRYPTO_MANAGER
253 select MPILIB
254 select ASN1
255 help
256 RSA (Rivest-Shamir-Adleman) public k
257
258 config CRYPTO_DH
259 tristate "DH (Diffie-Hellman)"
260 select CRYPTO_KPP
261 select MPILIB
262 help
263 DH (Diffie-Hellman) key exchange alg
264
265 config CRYPTO_DH_RFC7919_GROUPS
266 bool "RFC 7919 FFDHE groups"
267 depends on CRYPTO_DH
268 select CRYPTO_RNG_DEFAULT
269 help
270 FFDHE (Finite-Field-based Diffie-Hel
271 defined in RFC7919.
272
273 Support these finite-field groups in
274 - ffdhe2048, ffdhe3072, ffdhe4096, f
275
276 If unsure, say N.
277
278 config CRYPTO_ECC
279 tristate
280 select CRYPTO_RNG_DEFAULT
281
282 config CRYPTO_ECDH
283 tristate "ECDH (Elliptic Curve Diffie-
284 select CRYPTO_ECC
285 select CRYPTO_KPP
286 help
287 ECDH (Elliptic Curve Diffie-Hellman)
288 using curves P-192, P-256, and P-384
289
290 config CRYPTO_ECDSA
291 tristate "ECDSA (Elliptic Curve Digita
292 select CRYPTO_ECC
293 select CRYPTO_AKCIPHER
294 select ASN1
295 help
296 ECDSA (Elliptic Curve Digital Signat
297 ISO/IEC 14888-3)
298 using curves P-192, P-256, and P-384
299
300 Only signature verification is imple
301
302 config CRYPTO_ECRDSA
303 tristate "EC-RDSA (Elliptic Curve Russ
304 select CRYPTO_ECC
305 select CRYPTO_AKCIPHER
306 select CRYPTO_STREEBOG
307 select OID_REGISTRY
308 select ASN1
309 help
310 Elliptic Curve Russian Digital Signa
311 RFC 7091, ISO/IEC 14888-3)
312
313 One of the Russian cryptographic sta
314 algorithms). Only signature verifica
315
316 config CRYPTO_CURVE25519
317 tristate "Curve25519"
318 select CRYPTO_KPP
319 select CRYPTO_LIB_CURVE25519_GENERIC
320 help
321 Curve25519 elliptic curve (RFC7748)
322
323 endmenu
324
325 menu "Block ciphers"
326
327 config CRYPTO_AES
328 tristate "AES (Advanced Encryption Sta
329 select CRYPTO_ALGAPI
330 select CRYPTO_LIB_AES
331 help
332 AES cipher algorithms (Rijndael)(FIP
333
334 Rijndael appears to be consistently
335 both hardware and software across a
336 environments regardless of its use i
337 modes. Its key setup time is excelle
338 good. Rijndael's very low memory req
339 suited for restricted-space environm
340 demonstrates excellent performance.
341 among the easiest to defend against
342
343 The AES specifies three key sizes: 1
344
345 config CRYPTO_AES_TI
346 tristate "AES (Advanced Encryption Sta
347 select CRYPTO_ALGAPI
348 select CRYPTO_LIB_AES
349 help
350 AES cipher algorithms (Rijndael)(FIP
351
352 This is a generic implementation of
353 data dependent latencies as much as
354 performance too much. It is intended
355 and GCM drivers, and other CTR or CM
356 solely on encryption (although decry
357 with a more dramatic performance hit
358
359 Instead of using 16 lookup tables of
360 8 for decryption), this implementati
361 256 bytes each, and attempts to elim
362 prefetching the entire table into th
363 block. Interrupts are also disabled
364 are evicted when the CPU is interrup
365
366 config CRYPTO_ANUBIS
367 tristate "Anubis"
368 depends on CRYPTO_USER_API_ENABLE_OBSO
369 select CRYPTO_ALGAPI
370 help
371 Anubis cipher algorithm
372
373 Anubis is a variable key length ciph
374 128 bits to 320 bits in length. It
375 in the NESSIE competition.
376
377 See https://web.archive.org/web/2016
378 for further information.
379
380 config CRYPTO_ARIA
381 tristate "ARIA"
382 select CRYPTO_ALGAPI
383 help
384 ARIA cipher algorithm (RFC5794)
385
386 ARIA is a standard encryption algori
387 The ARIA specifies three key sizes a
388 128-bit: 12 rounds.
389 192-bit: 14 rounds.
390 256-bit: 16 rounds.
391
392 See:
393 https://seed.kisa.or.kr/kisa/algorit
394
395 config CRYPTO_BLOWFISH
396 tristate "Blowfish"
397 select CRYPTO_ALGAPI
398 select CRYPTO_BLOWFISH_COMMON
399 help
400 Blowfish cipher algorithm, by Bruce
401
402 This is a variable key length cipher
403 bits to 448 bits in length. It's fa
404 designed for use on "large microproc
405
406 See https://www.schneier.com/blowfis
407
408 config CRYPTO_BLOWFISH_COMMON
409 tristate
410 help
411 Common parts of the Blowfish cipher
412 generic c and the assembler implemen
413
414 config CRYPTO_CAMELLIA
415 tristate "Camellia"
416 select CRYPTO_ALGAPI
417 help
418 Camellia cipher algorithms (ISO/IEC
419
420 Camellia is a symmetric key block ci
421 at NTT and Mitsubishi Electric Corpo
422
423 The Camellia specifies three key siz
424
425 See https://info.isl.ntt.co.jp/crypt
426
427 config CRYPTO_CAST_COMMON
428 tristate
429 help
430 Common parts of the CAST cipher algo
431 generic c and the assembler implemen
432
433 config CRYPTO_CAST5
434 tristate "CAST5 (CAST-128)"
435 select CRYPTO_ALGAPI
436 select CRYPTO_CAST_COMMON
437 help
438 CAST5 (CAST-128) cipher algorithm (R
439
440 config CRYPTO_CAST6
441 tristate "CAST6 (CAST-256)"
442 select CRYPTO_ALGAPI
443 select CRYPTO_CAST_COMMON
444 help
445 CAST6 (CAST-256) encryption algorith
446
447 config CRYPTO_DES
448 tristate "DES and Triple DES EDE"
449 select CRYPTO_ALGAPI
450 select CRYPTO_LIB_DES
451 help
452 DES (Data Encryption Standard)(FIPS
453 Triple DES EDE (Encrypt/Decrypt/Encr
454 cipher algorithms
455
456 config CRYPTO_FCRYPT
457 tristate "FCrypt"
458 select CRYPTO_ALGAPI
459 select CRYPTO_SKCIPHER
460 help
461 FCrypt algorithm used by RxRPC
462
463 See https://ota.polyonymo.us/fcrypt-
464
465 config CRYPTO_KHAZAD
466 tristate "Khazad"
467 depends on CRYPTO_USER_API_ENABLE_OBSO
468 select CRYPTO_ALGAPI
469 help
470 Khazad cipher algorithm
471
472 Khazad was a finalist in the initial
473 an algorithm optimized for 64-bit pr
474 on 32-bit processors. Khazad uses a
475
476 See https://web.archive.org/web/2017
477 for further information.
478
479 config CRYPTO_SEED
480 tristate "SEED"
481 depends on CRYPTO_USER_API_ENABLE_OBSO
482 select CRYPTO_ALGAPI
483 help
484 SEED cipher algorithm (RFC4269, ISO/
485
486 SEED is a 128-bit symmetric key bloc
487 developed by KISA (Korea Information
488 national standard encryption algorit
489 It is a 16 round block cipher with t
490
491 See https://seed.kisa.or.kr/kisa/alg
492 for further information.
493
494 config CRYPTO_SERPENT
495 tristate "Serpent"
496 select CRYPTO_ALGAPI
497 help
498 Serpent cipher algorithm, by Anderso
499
500 Keys are allowed to be from 0 to 256
501 of 8 bits.
502
503 See https://www.cl.cam.ac.uk/~rja14/
504
505 config CRYPTO_SM4
506 tristate
507
508 config CRYPTO_SM4_GENERIC
509 tristate "SM4 (ShangMi 4)"
510 select CRYPTO_ALGAPI
511 select CRYPTO_SM4
512 help
513 SM4 cipher algorithms (OSCCA GB/T 32
514 ISO/IEC 18033-3:2010/Amd 1:2021)
515
516 SM4 (GBT.32907-2016) is a cryptograp
517 Organization of State Commercial Adm
518 as an authorized cryptographic algor
519
520 SMS4 was originally created for use
521 networks, and is mandated in the Chi
522 Wireless LAN WAPI (Wired Authenticat
523 (GB.15629.11-2003).
524
525 The latest SM4 standard (GBT.32907-2
526 standardized through TC 260 of the S
527 of the People's Republic of China (S
528
529 The input, output, and key of SMS4 a
530
531 See https://eprint.iacr.org/2008/329
532
533 If unsure, say N.
534
535 config CRYPTO_TEA
536 tristate "TEA, XTEA and XETA"
537 depends on CRYPTO_USER_API_ENABLE_OBSO
538 select CRYPTO_ALGAPI
539 help
540 TEA (Tiny Encryption Algorithm) ciph
541
542 Tiny Encryption Algorithm is a simpl
543 many rounds for security. It is ver
544 little memory.
545
546 Xtendend Tiny Encryption Algorithm i
547 the TEA algorithm to address a poten
548 in the TEA algorithm.
549
550 Xtendend Encryption Tiny Algorithm i
551 of the XTEA algorithm for compatibil
552
553 config CRYPTO_TWOFISH
554 tristate "Twofish"
555 select CRYPTO_ALGAPI
556 select CRYPTO_TWOFISH_COMMON
557 help
558 Twofish cipher algorithm
559
560 Twofish was submitted as an AES (Adv
561 candidate cipher by researchers at C
562 16 round block cipher supporting key
563 bits.
564
565 See https://www.schneier.com/twofish
566
567 config CRYPTO_TWOFISH_COMMON
568 tristate
569 help
570 Common parts of the Twofish cipher a
571 generic c and the assembler implemen
572
573 endmenu
574
575 menu "Length-preserving ciphers and modes"
576
577 config CRYPTO_ADIANTUM
578 tristate "Adiantum"
579 select CRYPTO_CHACHA20
580 select CRYPTO_LIB_POLY1305_GENERIC
581 select CRYPTO_NHPOLY1305
582 select CRYPTO_MANAGER
583 help
584 Adiantum tweakable, length-preservin
585
586 Designed for fast and secure disk en
587 CPUs without dedicated crypto instru
588 each sector using the XChaCha12 stre
589 an ε-almost-∆-universal hash func
590 the AES-256 block cipher on a single
591 without AES instructions, Adiantum i
592 AES-XTS.
593
594 Adiantum's security is provably redu
595 underlying stream and block ciphers,
596 bound. Unlike XTS, Adiantum is a tr
597 mode, so it actually provides an eve
598 security than XTS, subject to the se
599
600 If unsure, say N.
601
602 config CRYPTO_ARC4
603 tristate "ARC4 (Alleged Rivest Cipher
604 depends on CRYPTO_USER_API_ENABLE_OBSO
605 select CRYPTO_SKCIPHER
606 select CRYPTO_LIB_ARC4
607 help
608 ARC4 cipher algorithm
609
610 ARC4 is a stream cipher using keys r
611 bits in length. This algorithm is r
612 WEP, but it should not be for other
613 weakness of the algorithm.
614
615 config CRYPTO_CHACHA20
616 tristate "ChaCha"
617 select CRYPTO_LIB_CHACHA_GENERIC
618 select CRYPTO_SKCIPHER
619 help
620 The ChaCha20, XChaCha20, and XChaCha
621
622 ChaCha20 is a 256-bit high-speed str
623 Bernstein and further specified in R
624 This is the portable C implementatio
625 https://cr.yp.to/chacha/chacha-20080
626
627 XChaCha20 is the application of the
628 rather than to Salsa20. XChaCha20 e
629 from 64 bits (or 96 bits using the R
630 while provably retaining ChaCha20's
631 https://cr.yp.to/snuffle/xsalsa-2008
632
633 XChaCha12 is XChaCha20 reduced to 12
634 reduced security margin but increase
635 in some performance-sensitive scenar
636
637 config CRYPTO_CBC
638 tristate "CBC (Cipher Block Chaining)"
639 select CRYPTO_SKCIPHER
640 select CRYPTO_MANAGER
641 help
642 CBC (Cipher Block Chaining) mode (NI
643
644 This block cipher mode is required f
645
646 config CRYPTO_CTR
647 tristate "CTR (Counter)"
648 select CRYPTO_SKCIPHER
649 select CRYPTO_MANAGER
650 help
651 CTR (Counter) mode (NIST SP800-38A)
652
653 config CRYPTO_CTS
654 tristate "CTS (Cipher Text Stealing)"
655 select CRYPTO_SKCIPHER
656 select CRYPTO_MANAGER
657 help
658 CBC-CS3 variant of CTS (Cipher Text
659 Addendum to SP800-38A (October 2010)
660
661 This mode is required for Kerberos g
662 for AES encryption.
663
664 config CRYPTO_ECB
665 tristate "ECB (Electronic Codebook)"
666 select CRYPTO_SKCIPHER2
667 select CRYPTO_MANAGER
668 help
669 ECB (Electronic Codebook) mode (NIST
670
671 config CRYPTO_HCTR2
672 tristate "HCTR2"
673 select CRYPTO_XCTR
674 select CRYPTO_POLYVAL
675 select CRYPTO_MANAGER
676 help
677 HCTR2 length-preserving encryption m
678
679 A mode for storage encryption that i
680 instructions to accelerate AES and c
681 x86 processors with AES-NI and CLMUL
682 ARMv8 crypto extensions.
683
684 See https://eprint.iacr.org/2021/144
685
686 config CRYPTO_KEYWRAP
687 tristate "KW (AES Key Wrap)"
688 select CRYPTO_SKCIPHER
689 select CRYPTO_MANAGER
690 help
691 KW (AES Key Wrap) authenticated encr
692 and RFC3394) without padding.
693
694 config CRYPTO_LRW
695 tristate "LRW (Liskov Rivest Wagner)"
696 select CRYPTO_LIB_GF128MUL
697 select CRYPTO_SKCIPHER
698 select CRYPTO_MANAGER
699 select CRYPTO_ECB
700 help
701 LRW (Liskov Rivest Wagner) mode
702
703 A tweakable, non malleable, non mova
704 narrow block cipher mode for dm-cryp
705 specification string aes-lrw-benbi,
706 The first 128, 192 or 256 bits in th
707 rest is used to tie each cipher bloc
708
709 See https://people.csail.mit.edu/riv
710
711 config CRYPTO_PCBC
712 tristate "PCBC (Propagating Cipher Blo
713 select CRYPTO_SKCIPHER
714 select CRYPTO_MANAGER
715 help
716 PCBC (Propagating Cipher Block Chain
717
718 This block cipher mode is required f
719
720 config CRYPTO_XCTR
721 tristate
722 select CRYPTO_SKCIPHER
723 select CRYPTO_MANAGER
724 help
725 XCTR (XOR Counter) mode for HCTR2
726
727 This blockcipher mode is a variant o
728 addition rather than big-endian arit
729
730 XCTR mode is used to implement HCTR2
731
732 config CRYPTO_XTS
733 tristate "XTS (XOR Encrypt XOR with ci
734 select CRYPTO_SKCIPHER
735 select CRYPTO_MANAGER
736 select CRYPTO_ECB
737 help
738 XTS (XOR Encrypt XOR with ciphertext
739 and IEEE 1619)
740
741 Use with aes-xts-plain, key size 256
742 implementation currently can't handl
743 multiple of 16 bytes.
744
745 config CRYPTO_NHPOLY1305
746 tristate
747 select CRYPTO_HASH
748 select CRYPTO_LIB_POLY1305_GENERIC
749
750 endmenu
751
752 menu "AEAD (authenticated encryption with asso
753
754 config CRYPTO_AEGIS128
755 tristate "AEGIS-128"
756 select CRYPTO_AEAD
757 select CRYPTO_AES # for AES S-box tab
758 help
759 AEGIS-128 AEAD algorithm
760
761 config CRYPTO_AEGIS128_SIMD
762 bool "AEGIS-128 (arm NEON, arm64 NEON)
763 depends on CRYPTO_AEGIS128 && ((ARM ||
764 default y
765 help
766 AEGIS-128 AEAD algorithm
767
768 Architecture: arm or arm64 using:
769 - NEON (Advanced SIMD) extension
770
771 config CRYPTO_CHACHA20POLY1305
772 tristate "ChaCha20-Poly1305"
773 select CRYPTO_CHACHA20
774 select CRYPTO_POLY1305
775 select CRYPTO_AEAD
776 select CRYPTO_MANAGER
777 help
778 ChaCha20 stream cipher and Poly1305
779 mode (RFC8439)
780
781 config CRYPTO_CCM
782 tristate "CCM (Counter with Cipher Blo
783 select CRYPTO_CTR
784 select CRYPTO_HASH
785 select CRYPTO_AEAD
786 select CRYPTO_MANAGER
787 help
788 CCM (Counter with Cipher Block Chain
789 authenticated encryption mode (NIST
790
791 config CRYPTO_GCM
792 tristate "GCM (Galois/Counter Mode) an
793 select CRYPTO_CTR
794 select CRYPTO_AEAD
795 select CRYPTO_GHASH
796 select CRYPTO_NULL
797 select CRYPTO_MANAGER
798 help
799 GCM (Galois/Counter Mode) authentica
800 (GCM Message Authentication Code) (N
801
802 This is required for IPSec ESP (XFRM
803
804 config CRYPTO_GENIV
805 tristate
806 select CRYPTO_AEAD
807 select CRYPTO_NULL
808 select CRYPTO_MANAGER
809 select CRYPTO_RNG_DEFAULT
810
811 config CRYPTO_SEQIV
812 tristate "Sequence Number IV Generator
813 select CRYPTO_GENIV
814 help
815 Sequence Number IV generator
816
817 This IV generator generates an IV ba
818 xoring it with a salt. This algorit
819
820 This is required for IPsec ESP (XFRM
821
822 config CRYPTO_ECHAINIV
823 tristate "Encrypted Chain IV Generator
824 select CRYPTO_GENIV
825 help
826 Encrypted Chain IV generator
827
828 This IV generator generates an IV ba
829 a sequence number xored with a salt.
830 algorithm for CBC.
831
832 config CRYPTO_ESSIV
833 tristate "Encrypted Salt-Sector IV Gen
834 select CRYPTO_AUTHENC
835 help
836 Encrypted Salt-Sector IV generator
837
838 This IV generator is used in some ca
839 dm-crypt. It uses the hash of the bl
840 symmetric key for a block encryption
841 IV, making low entropy IV sources mo
842 encryption.
843
844 This driver implements a crypto API
845 instantiated either as an skcipher o
846 type of the first template argument)
847 and decryption requests to the encap
848 ESSIV to the input IV. Note that in
849 that the keys are presented in the s
850 template, and that the IV appears at
851 associated data (AAD) region (which
852
853 Note that the use of ESSIV is not re
854 and so this only needs to be enabled
855 existing encrypted volumes of filesy
856 building for a particular system tha
857 the SoC in question has accelerated
858 combined with ESSIV the only feasibl
859 block encryption)
860
861 endmenu
862
863 menu "Hashes, digests, and MACs"
864
865 config CRYPTO_BLAKE2B
866 tristate "BLAKE2b"
867 select CRYPTO_HASH
868 help
869 BLAKE2b cryptographic hash function
870
871 BLAKE2b is optimized for 64-bit plat
872 of any size between 1 and 64 bytes.
873
874 This module provides the following a
875 - blake2b-160
876 - blake2b-256
877 - blake2b-384
878 - blake2b-512
879
880 Used by the btrfs filesystem.
881
882 See https://blake2.net for further i
883
884 config CRYPTO_CMAC
885 tristate "CMAC (Cipher-based MAC)"
886 select CRYPTO_HASH
887 select CRYPTO_MANAGER
888 help
889 CMAC (Cipher-based Message Authentic
890 mode (NIST SP800-38B and IETF RFC449
891
892 config CRYPTO_GHASH
893 tristate "GHASH"
894 select CRYPTO_HASH
895 select CRYPTO_LIB_GF128MUL
896 help
897 GCM GHASH function (NIST SP800-38D)
898
899 config CRYPTO_HMAC
900 tristate "HMAC (Keyed-Hash MAC)"
901 select CRYPTO_HASH
902 select CRYPTO_MANAGER
903 help
904 HMAC (Keyed-Hash Message Authenticat
905 RFC2104)
906
907 This is required for IPsec AH (XFRM_
908
909 config CRYPTO_MD4
910 tristate "MD4"
911 select CRYPTO_HASH
912 help
913 MD4 message digest algorithm (RFC132
914
915 config CRYPTO_MD5
916 tristate "MD5"
917 select CRYPTO_HASH
918 help
919 MD5 message digest algorithm (RFC132
920
921 config CRYPTO_MICHAEL_MIC
922 tristate "Michael MIC"
923 select CRYPTO_HASH
924 help
925 Michael MIC (Message Integrity Code)
926
927 Defined by the IEEE 802.11i TKIP (Te
928 known as WPA (Wif-Fi Protected Acces
929
930 This algorithm is required for TKIP,
931 other purposes because of the weakne
932
933 config CRYPTO_POLYVAL
934 tristate
935 select CRYPTO_HASH
936 select CRYPTO_LIB_GF128MUL
937 help
938 POLYVAL hash function for HCTR2
939
940 This is used in HCTR2. It is not a
941 cryptographic hash function.
942
943 config CRYPTO_POLY1305
944 tristate "Poly1305"
945 select CRYPTO_HASH
946 select CRYPTO_LIB_POLY1305_GENERIC
947 help
948 Poly1305 authenticator algorithm (RF
949
950 Poly1305 is an authenticator algorit
951 It is used for the ChaCha20-Poly1305
952 in IETF protocols. This is the porta
953
954 config CRYPTO_RMD160
955 tristate "RIPEMD-160"
956 select CRYPTO_HASH
957 help
958 RIPEMD-160 hash function (ISO/IEC 10
959
960 RIPEMD-160 is a 160-bit cryptographi
961 to be used as a secure replacement f
962 MD4, MD5 and its predecessor RIPEMD
963 (not to be confused with RIPEMD-128)
964
965 Its speed is comparable to SHA-1 and
966 against RIPEMD-160.
967
968 Developed by Hans Dobbertin, Antoon
969 See https://homes.esat.kuleuven.be/~
970 for further information.
971
972 config CRYPTO_SHA1
973 tristate "SHA-1"
974 select CRYPTO_HASH
975 select CRYPTO_LIB_SHA1
976 help
977 SHA-1 secure hash algorithm (FIPS 18
978
979 config CRYPTO_SHA256
980 tristate "SHA-224 and SHA-256"
981 select CRYPTO_HASH
982 select CRYPTO_LIB_SHA256
983 help
984 SHA-224 and SHA-256 secure hash algo
985
986 This is required for IPsec AH (XFRM_
987 Used by the btrfs filesystem, Ceph,
988
989 config CRYPTO_SHA512
990 tristate "SHA-384 and SHA-512"
991 select CRYPTO_HASH
992 help
993 SHA-384 and SHA-512 secure hash algo
994
995 config CRYPTO_SHA3
996 tristate "SHA-3"
997 select CRYPTO_HASH
998 help
999 SHA-3 secure hash algorithms (FIPS 2
1000
1001 config CRYPTO_SM3
1002 tristate
1003
1004 config CRYPTO_SM3_GENERIC
1005 tristate "SM3 (ShangMi 3)"
1006 select CRYPTO_HASH
1007 select CRYPTO_SM3
1008 help
1009 SM3 (ShangMi 3) secure hash functio
1010
1011 This is part of the Chinese Commerc
1012
1013 References:
1014 http://www.oscca.gov.cn/UpFile/2010
1015 https://datatracker.ietf.org/doc/ht
1016
1017 config CRYPTO_STREEBOG
1018 tristate "Streebog"
1019 select CRYPTO_HASH
1020 help
1021 Streebog Hash Function (GOST R 34.1
1022
1023 This is one of the Russian cryptogr
1024 GOST algorithms). This setting enab
1025 256 and 512 bits output.
1026
1027 References:
1028 https://tc26.ru/upload/iblock/fed/f
1029 https://tools.ietf.org/html/rfc6986
1030
1031 config CRYPTO_VMAC
1032 tristate "VMAC"
1033 select CRYPTO_HASH
1034 select CRYPTO_MANAGER
1035 help
1036 VMAC is a message authentication al
1037 very high speed on 64-bit architect
1038
1039 See https://fastcrypto.org/vmac for
1040
1041 config CRYPTO_WP512
1042 tristate "Whirlpool"
1043 select CRYPTO_HASH
1044 help
1045 Whirlpool hash function (ISO/IEC 10
1046
1047 512, 384 and 256-bit hashes.
1048
1049 Whirlpool-512 is part of the NESSIE
1050
1051 See https://web.archive.org/web/201
1052 for further information.
1053
1054 config CRYPTO_XCBC
1055 tristate "XCBC-MAC (Extended Cipher B
1056 select CRYPTO_HASH
1057 select CRYPTO_MANAGER
1058 help
1059 XCBC-MAC (Extended Cipher Block Cha
1060 Code) (RFC3566)
1061
1062 config CRYPTO_XXHASH
1063 tristate "xxHash"
1064 select CRYPTO_HASH
1065 select XXHASH
1066 help
1067 xxHash non-cryptographic hash algor
1068
1069 Extremely fast, working at speeds c
1070
1071 Used by the btrfs filesystem.
1072
1073 endmenu
1074
1075 menu "CRCs (cyclic redundancy checks)"
1076
1077 config CRYPTO_CRC32C
1078 tristate "CRC32c"
1079 select CRYPTO_HASH
1080 select CRC32
1081 help
1082 CRC32c CRC algorithm with the iSCSI
1083
1084 A 32-bit CRC (cyclic redundancy che
1085 by G. Castagnoli, S. Braeuer and M.
1086 Redundancy-Check Codes with 24 and
1087 on Communications, Vol. 41, No. 6,
1088 iSCSI.
1089
1090 Used by btrfs, ext4, jbd2, NVMeoF/T
1091
1092 config CRYPTO_CRC32
1093 tristate "CRC32"
1094 select CRYPTO_HASH
1095 select CRC32
1096 help
1097 CRC32 CRC algorithm (IEEE 802.3)
1098
1099 Used by RoCEv2 and f2fs.
1100
1101 config CRYPTO_CRCT10DIF
1102 tristate "CRCT10DIF"
1103 select CRYPTO_HASH
1104 help
1105 CRC16 CRC algorithm used for the T1
1106
1107 CRC algorithm used by the SCSI Bloc
1108
1109 config CRYPTO_CRC64_ROCKSOFT
1110 tristate "CRC64 based on Rocksoft Mod
1111 depends on CRC64
1112 select CRYPTO_HASH
1113 help
1114 CRC64 CRC algorithm based on the Ro
1115
1116 Used by the NVMe implementation of
1117
1118 See https://zlib.net/crc_v3.txt
1119
1120 endmenu
1121
1122 menu "Compression"
1123
1124 config CRYPTO_DEFLATE
1125 tristate "Deflate"
1126 select CRYPTO_ALGAPI
1127 select CRYPTO_ACOMP2
1128 select ZLIB_INFLATE
1129 select ZLIB_DEFLATE
1130 help
1131 Deflate compression algorithm (RFC1
1132
1133 Used by IPSec with the IPCOMP proto
1134
1135 config CRYPTO_LZO
1136 tristate "LZO"
1137 select CRYPTO_ALGAPI
1138 select CRYPTO_ACOMP2
1139 select LZO_COMPRESS
1140 select LZO_DECOMPRESS
1141 help
1142 LZO compression algorithm
1143
1144 See https://www.oberhumer.com/opens
1145
1146 config CRYPTO_842
1147 tristate "842"
1148 select CRYPTO_ALGAPI
1149 select CRYPTO_ACOMP2
1150 select 842_COMPRESS
1151 select 842_DECOMPRESS
1152 help
1153 842 compression algorithm by IBM
1154
1155 See https://github.com/plauth/lib84
1156
1157 config CRYPTO_LZ4
1158 tristate "LZ4"
1159 select CRYPTO_ALGAPI
1160 select CRYPTO_ACOMP2
1161 select LZ4_COMPRESS
1162 select LZ4_DECOMPRESS
1163 help
1164 LZ4 compression algorithm
1165
1166 See https://github.com/lz4/lz4 for
1167
1168 config CRYPTO_LZ4HC
1169 tristate "LZ4HC"
1170 select CRYPTO_ALGAPI
1171 select CRYPTO_ACOMP2
1172 select LZ4HC_COMPRESS
1173 select LZ4_DECOMPRESS
1174 help
1175 LZ4 high compression mode algorithm
1176
1177 See https://github.com/lz4/lz4 for
1178
1179 config CRYPTO_ZSTD
1180 tristate "Zstd"
1181 select CRYPTO_ALGAPI
1182 select CRYPTO_ACOMP2
1183 select ZSTD_COMPRESS
1184 select ZSTD_DECOMPRESS
1185 help
1186 zstd compression algorithm
1187
1188 See https://github.com/facebook/zst
1189
1190 endmenu
1191
1192 menu "Random number generation"
1193
1194 config CRYPTO_ANSI_CPRNG
1195 tristate "ANSI PRNG (Pseudo Random Nu
1196 select CRYPTO_AES
1197 select CRYPTO_RNG
1198 help
1199 Pseudo RNG (random number generator
1200
1201 This uses the AES cipher algorithm.
1202
1203 Note that this option must be enabl
1204
1205 menuconfig CRYPTO_DRBG_MENU
1206 tristate "NIST SP800-90A DRBG (Determ
1207 help
1208 DRBG (Deterministic Random Bit Gene
1209
1210 In the following submenu, one or mo
1211
1212 if CRYPTO_DRBG_MENU
1213
1214 config CRYPTO_DRBG_HMAC
1215 bool
1216 default y
1217 select CRYPTO_HMAC
1218 select CRYPTO_SHA512
1219
1220 config CRYPTO_DRBG_HASH
1221 bool "Hash_DRBG"
1222 select CRYPTO_SHA256
1223 help
1224 Hash_DRBG variant as defined in NIS
1225
1226 This uses the SHA-1, SHA-256, SHA-3
1227
1228 config CRYPTO_DRBG_CTR
1229 bool "CTR_DRBG"
1230 select CRYPTO_AES
1231 select CRYPTO_CTR
1232 help
1233 CTR_DRBG variant as defined in NIST
1234
1235 This uses the AES cipher algorithm
1236
1237 config CRYPTO_DRBG
1238 tristate
1239 default CRYPTO_DRBG_MENU
1240 select CRYPTO_RNG
1241 select CRYPTO_JITTERENTROPY
1242
1243 endif # if CRYPTO_DRBG_MENU
1244
1245 config CRYPTO_JITTERENTROPY
1246 tristate "CPU Jitter Non-Deterministi
1247 select CRYPTO_RNG
1248 select CRYPTO_SHA3
1249 help
1250 CPU Jitter RNG (Random Number Gener
1251
1252 A non-physical non-deterministic ("
1253 compliant with NIST SP800-90B) inte
1254 deterministic RNG (e.g., per NIST S
1255 This RNG does not perform any crypt
1256 random numbers.
1257
1258 See https://www.chronox.de/jent/
1259
1260 if CRYPTO_JITTERENTROPY
1261 if CRYPTO_FIPS && EXPERT
1262
1263 choice
1264 prompt "CPU Jitter RNG Memory Size"
1265 default CRYPTO_JITTERENTROPY_MEMSIZE_
1266 help
1267 The Jitter RNG measures the executi
1268 Multiple consecutive memory accesse
1269 size fits into a cache (e.g. L1), o
1270 to that cache is measured. The clos
1271 the less variations are measured an
1272 obtained. Thus, if the memory size
1273 obtained entropy is less than if th
1274 L1 + L2, which in turn is less if t
1275 L1 + L2 + L3. Thus, by selecting a
1276 the entropy rate produced by the Ji
1277
1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2
1279 bool "2048 Bytes (default)"
1280
1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1
1282 bool "128 kBytes"
1283
1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1
1285 bool "1024 kBytes"
1286
1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8
1288 bool "8192 kBytes"
1289 endchoice
1290
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS
1292 int
1293 default 64 if CRYPTO_JITTERENTROPY_ME
1294 default 512 if CRYPTO_JITTERENTROPY_M
1295 default 1024 if CRYPTO_JITTERENTROPY_
1296 default 4096 if CRYPTO_JITTERENTROPY_
1297
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE
1299 int
1300 default 32 if CRYPTO_JITTERENTROPY_ME
1301 default 256 if CRYPTO_JITTERENTROPY_M
1302 default 1024 if CRYPTO_JITTERENTROPY_
1303 default 2048 if CRYPTO_JITTERENTROPY_
1304
1305 config CRYPTO_JITTERENTROPY_OSR
1306 int "CPU Jitter RNG Oversampling Rate
1307 range 1 15
1308 default 3
1309 help
1310 The Jitter RNG allows the specifica
1311 The Jitter RNG operation requires a
1312 measurements to produce one output
1313 OSR value is multiplied with the am
1314 generate one output block. Thus, th
1315 by the OSR factor. The oversampling
1316 on hardware whose timers deliver li
1317 the timer is coarse) by setting the
1318 trade-off, however, is that the Jit
1319 to generate random numbers.
1320
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE
1322 bool "CPU Jitter RNG Test Interface"
1323 help
1324 The test interface allows a privile
1325 the raw unconditioned high resoluti
1326 is collected by the Jitter RNG for
1327 this data is used at the same time
1328 the Jitter RNG operates in an insec
1329 recording is enabled. This interfac
1330 intended for testing purposes and i
1331 production systems.
1332
1333 The raw noise data can be obtained
1334 debugfs file. Using the option
1335 jitterentropy_testing.boot_raw_hire
1336 the first 1000 entropy events since
1337
1338 If unsure, select N.
1339
1340 endif # if CRYPTO_FIPS && EXPERT
1341
1342 if !(CRYPTO_FIPS && EXPERT)
1343
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS
1345 int
1346 default 64
1347
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE
1349 int
1350 default 32
1351
1352 config CRYPTO_JITTERENTROPY_OSR
1353 int
1354 default 1
1355
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE
1357 bool
1358
1359 endif # if !(CRYPTO_FIPS && EXPERT)
1360 endif # if CRYPTO_JITTERENTROPY
1361
1362 config CRYPTO_KDF800108_CTR
1363 tristate
1364 select CRYPTO_HMAC
1365 select CRYPTO_SHA256
1366
1367 endmenu
1368 menu "Userspace interface"
1369
1370 config CRYPTO_USER_API
1371 tristate
1372
1373 config CRYPTO_USER_API_HASH
1374 tristate "Hash algorithms"
1375 depends on NET
1376 select CRYPTO_HASH
1377 select CRYPTO_USER_API
1378 help
1379 Enable the userspace interface for
1380
1381 See Documentation/crypto/userspace-
1382 https://www.chronox.de/libkcapi/htm
1383
1384 config CRYPTO_USER_API_SKCIPHER
1385 tristate "Symmetric key cipher algori
1386 depends on NET
1387 select CRYPTO_SKCIPHER
1388 select CRYPTO_USER_API
1389 help
1390 Enable the userspace interface for
1391
1392 See Documentation/crypto/userspace-
1393 https://www.chronox.de/libkcapi/htm
1394
1395 config CRYPTO_USER_API_RNG
1396 tristate "RNG (random number generato
1397 depends on NET
1398 select CRYPTO_RNG
1399 select CRYPTO_USER_API
1400 help
1401 Enable the userspace interface for
1402 algorithms.
1403
1404 See Documentation/crypto/userspace-
1405 https://www.chronox.de/libkcapi/htm
1406
1407 config CRYPTO_USER_API_RNG_CAVP
1408 bool "Enable CAVP testing of DRBG"
1409 depends on CRYPTO_USER_API_RNG && CRY
1410 help
1411 Enable extra APIs in the userspace
1412 (Cryptographic Algorithm Validation
1413 - resetting DRBG entropy
1414 - providing Additional Data
1415
1416 This should only be enabled for CAV
1417 no unless you know what this is.
1418
1419 config CRYPTO_USER_API_AEAD
1420 tristate "AEAD cipher algorithms"
1421 depends on NET
1422 select CRYPTO_AEAD
1423 select CRYPTO_SKCIPHER
1424 select CRYPTO_NULL
1425 select CRYPTO_USER_API
1426 help
1427 Enable the userspace interface for
1428
1429 See Documentation/crypto/userspace-
1430 https://www.chronox.de/libkcapi/htm
1431
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE
1433 bool "Obsolete cryptographic algorith
1434 depends on CRYPTO_USER_API
1435 default y
1436 help
1437 Allow obsolete cryptographic algori
1438 already been phased out from intern
1439 only useful for userspace clients t
1440
1441 endmenu
1442
1443 config CRYPTO_HASH_INFO
1444 bool
1445
1446 if !KMSAN # avoid false positives from assemb
1447 if ARM
1448 source "arch/arm/crypto/Kconfig"
1449 endif
1450 if ARM64
1451 source "arch/arm64/crypto/Kconfig"
1452 endif
1453 if LOONGARCH
1454 source "arch/loongarch/crypto/Kconfig"
1455 endif
1456 if MIPS
1457 source "arch/mips/crypto/Kconfig"
1458 endif
1459 if PPC
1460 source "arch/powerpc/crypto/Kconfig"
1461 endif
1462 if RISCV
1463 source "arch/riscv/crypto/Kconfig"
1464 endif
1465 if S390
1466 source "arch/s390/crypto/Kconfig"
1467 endif
1468 if SPARC
1469 source "arch/sparc/crypto/Kconfig"
1470 endif
1471 if X86
1472 source "arch/x86/crypto/Kconfig"
1473 endif
1474 endif
1475
1476 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig"
1478 source "certs/Kconfig"
1479
1480 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.