1 # SPDX-License-Identifier: GPL-2.0 <<
2 # 1 #
3 # Generic algorithms support 2 # Generic algorithms support
4 # 3 #
5 config XOR_BLOCKS 4 config XOR_BLOCKS
6 tristate 5 tristate
7 6
8 # 7 #
9 # async_tx api: hardware offloaded memory tran 8 # async_tx api: hardware offloaded memory transfer/transform support
10 # 9 #
11 source "crypto/async_tx/Kconfig" 10 source "crypto/async_tx/Kconfig"
12 11
13 # 12 #
14 # Cryptographic API Configuration 13 # Cryptographic API Configuration
15 # 14 #
16 menuconfig CRYPTO 15 menuconfig CRYPTO
17 tristate "Cryptographic API" 16 tristate "Cryptographic API"
18 select CRYPTO_LIB_UTILS <<
19 help 17 help
20 This option provides the core Crypto 18 This option provides the core Cryptographic API.
21 19
22 if CRYPTO 20 if CRYPTO
23 21
24 menu "Crypto core or helper" !! 22 comment "Crypto core or helper"
25 23
26 config CRYPTO_FIPS 24 config CRYPTO_FIPS
27 bool "FIPS 200 compliance" 25 bool "FIPS 200 compliance"
28 depends on (CRYPTO_ANSI_CPRNG || CRYPT !! 26 depends on CRYPTO_ANSI_CPRNG
29 depends on (MODULE_SIG || !MODULES) <<
30 help 27 help
31 This option enables the fips boot op !! 28 This options enables the fips boot option which is
32 required if you want the system to o !! 29 required if you want to system to operate in a FIPS 200
33 certification. You should say no un 30 certification. You should say no unless you know what
34 this is. !! 31 this is. Note that CRYPTO_ANSI_CPRNG is requred if this
35 !! 32 option is selected
36 config CRYPTO_FIPS_NAME <<
37 string "FIPS Module Name" <<
38 default "Linux Kernel Cryptographic AP <<
39 depends on CRYPTO_FIPS <<
40 help <<
41 This option sets the FIPS Module nam <<
42 the /proc/sys/crypto/fips_name file. <<
43 <<
44 config CRYPTO_FIPS_CUSTOM_VERSION <<
45 bool "Use Custom FIPS Module Version" <<
46 depends on CRYPTO_FIPS <<
47 default n <<
48 <<
49 config CRYPTO_FIPS_VERSION <<
50 string "FIPS Module Version" <<
51 default "(none)" <<
52 depends on CRYPTO_FIPS_CUSTOM_VERSION <<
53 help <<
54 This option provides the ability to <<
55 By default the KERNELRELEASE value i <<
56 33
57 config CRYPTO_ALGAPI 34 config CRYPTO_ALGAPI
58 tristate 35 tristate
59 select CRYPTO_ALGAPI2 36 select CRYPTO_ALGAPI2
60 help 37 help
61 This option provides the API for cry 38 This option provides the API for cryptographic algorithms.
62 39
63 config CRYPTO_ALGAPI2 40 config CRYPTO_ALGAPI2
64 tristate 41 tristate
65 42
66 config CRYPTO_AEAD 43 config CRYPTO_AEAD
67 tristate 44 tristate
68 select CRYPTO_AEAD2 45 select CRYPTO_AEAD2
69 select CRYPTO_ALGAPI 46 select CRYPTO_ALGAPI
70 47
71 config CRYPTO_AEAD2 48 config CRYPTO_AEAD2
72 tristate 49 tristate
73 select CRYPTO_ALGAPI2 50 select CRYPTO_ALGAPI2
74 51
75 config CRYPTO_SIG !! 52 config CRYPTO_BLKCIPHER
76 tristate 53 tristate
77 select CRYPTO_SIG2 !! 54 select CRYPTO_BLKCIPHER2
78 select CRYPTO_ALGAPI 55 select CRYPTO_ALGAPI
79 56
80 config CRYPTO_SIG2 !! 57 config CRYPTO_BLKCIPHER2
81 tristate <<
82 select CRYPTO_ALGAPI2 <<
83 <<
84 config CRYPTO_SKCIPHER <<
85 tristate <<
86 select CRYPTO_SKCIPHER2 <<
87 select CRYPTO_ALGAPI <<
88 select CRYPTO_ECB <<
89 <<
90 config CRYPTO_SKCIPHER2 <<
91 tristate 58 tristate
92 select CRYPTO_ALGAPI2 59 select CRYPTO_ALGAPI2
>> 60 select CRYPTO_RNG2
>> 61 select CRYPTO_WORKQUEUE
93 62
94 config CRYPTO_HASH 63 config CRYPTO_HASH
95 tristate 64 tristate
96 select CRYPTO_HASH2 65 select CRYPTO_HASH2
97 select CRYPTO_ALGAPI 66 select CRYPTO_ALGAPI
98 67
99 config CRYPTO_HASH2 68 config CRYPTO_HASH2
100 tristate 69 tristate
101 select CRYPTO_ALGAPI2 70 select CRYPTO_ALGAPI2
102 71
103 config CRYPTO_RNG 72 config CRYPTO_RNG
104 tristate 73 tristate
105 select CRYPTO_RNG2 74 select CRYPTO_RNG2
106 select CRYPTO_ALGAPI 75 select CRYPTO_ALGAPI
107 76
108 config CRYPTO_RNG2 77 config CRYPTO_RNG2
109 tristate 78 tristate
110 select CRYPTO_ALGAPI2 79 select CRYPTO_ALGAPI2
111 80
112 config CRYPTO_RNG_DEFAULT !! 81 config CRYPTO_PCOMP
113 tristate <<
114 select CRYPTO_DRBG_MENU <<
115 <<
116 config CRYPTO_AKCIPHER2 <<
117 tristate <<
118 select CRYPTO_ALGAPI2 <<
119 <<
120 config CRYPTO_AKCIPHER <<
121 tristate <<
122 select CRYPTO_AKCIPHER2 <<
123 select CRYPTO_ALGAPI <<
124 <<
125 config CRYPTO_KPP2 <<
126 tristate 82 tristate
127 select CRYPTO_ALGAPI2 83 select CRYPTO_ALGAPI2
128 84
129 config CRYPTO_KPP <<
130 tristate <<
131 select CRYPTO_ALGAPI <<
132 select CRYPTO_KPP2 <<
133 <<
134 config CRYPTO_ACOMP2 <<
135 tristate <<
136 select CRYPTO_ALGAPI2 <<
137 select SGL_ALLOC <<
138 <<
139 config CRYPTO_ACOMP <<
140 tristate <<
141 select CRYPTO_ALGAPI <<
142 select CRYPTO_ACOMP2 <<
143 <<
144 config CRYPTO_MANAGER 85 config CRYPTO_MANAGER
145 tristate "Cryptographic algorithm mana 86 tristate "Cryptographic algorithm manager"
146 select CRYPTO_MANAGER2 87 select CRYPTO_MANAGER2
147 help 88 help
148 Create default cryptographic templat 89 Create default cryptographic template instantiations such as
149 cbc(aes). 90 cbc(aes).
150 91
151 config CRYPTO_MANAGER2 92 config CRYPTO_MANAGER2
152 def_tristate CRYPTO_MANAGER || (CRYPTO 93 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153 select CRYPTO_ACOMP2 <<
154 select CRYPTO_AEAD2 94 select CRYPTO_AEAD2
155 select CRYPTO_AKCIPHER2 <<
156 select CRYPTO_SIG2 <<
157 select CRYPTO_HASH2 95 select CRYPTO_HASH2
158 select CRYPTO_KPP2 !! 96 select CRYPTO_BLKCIPHER2
159 select CRYPTO_RNG2 !! 97 select CRYPTO_PCOMP
160 select CRYPTO_SKCIPHER2 <<
161 <<
162 config CRYPTO_USER <<
163 tristate "Userspace cryptographic algo <<
164 depends on NET <<
165 select CRYPTO_MANAGER <<
166 help <<
167 Userspace configuration for cryptogr <<
168 cbc(aes). <<
169 <<
170 config CRYPTO_MANAGER_DISABLE_TESTS <<
171 bool "Disable run-time self tests" <<
172 default y <<
173 help <<
174 Disable run-time self tests that nor <<
175 algorithm registration. <<
176 <<
177 config CRYPTO_MANAGER_EXTRA_TESTS <<
178 bool "Enable extra run-time crypto sel <<
179 depends on DEBUG_KERNEL && !CRYPTO_MAN <<
180 help <<
181 Enable extra run-time self tests of <<
182 including randomized fuzz tests. <<
183 98
184 This is intended for developer use o !! 99 config CRYPTO_GF128MUL
185 longer to run than the normal self t !! 100 tristate "GF(2^128) multiplication functions (EXPERIMENTAL)"
>> 101 depends on EXPERIMENTAL
>> 102 help
>> 103 Efficient table driven implementation of multiplications in the
>> 104 field GF(2^128). This is needed by some cypher modes. This
>> 105 option will be selected automatically if you select such a
>> 106 cipher mode. Only select this option by hand if you expect to load
>> 107 an external module that requires these functions.
186 108
187 config CRYPTO_NULL 109 config CRYPTO_NULL
188 tristate "Null algorithms" 110 tristate "Null algorithms"
189 select CRYPTO_NULL2 !! 111 select CRYPTO_ALGAPI
>> 112 select CRYPTO_BLKCIPHER
>> 113 select CRYPTO_HASH
190 help 114 help
191 These are 'Null' algorithms, used by 115 These are 'Null' algorithms, used by IPsec, which do nothing.
192 116
193 config CRYPTO_NULL2 !! 117 config CRYPTO_WORKQUEUE
194 tristate !! 118 tristate
195 select CRYPTO_ALGAPI2 <<
196 select CRYPTO_SKCIPHER2 <<
197 select CRYPTO_HASH2 <<
198 <<
199 config CRYPTO_PCRYPT <<
200 tristate "Parallel crypto engine" <<
201 depends on SMP <<
202 select PADATA <<
203 select CRYPTO_MANAGER <<
204 select CRYPTO_AEAD <<
205 help <<
206 This converts an arbitrary crypto al <<
207 algorithm that executes in kernel th <<
208 119
209 config CRYPTO_CRYPTD 120 config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon 121 tristate "Software async crypto daemon"
211 select CRYPTO_SKCIPHER !! 122 select CRYPTO_BLKCIPHER
212 select CRYPTO_HASH 123 select CRYPTO_HASH
213 select CRYPTO_MANAGER 124 select CRYPTO_MANAGER
>> 125 select CRYPTO_WORKQUEUE
214 help 126 help
215 This is a generic software asynchron 127 This is a generic software asynchronous crypto daemon that
216 converts an arbitrary synchronous so 128 converts an arbitrary synchronous software crypto algorithm
217 into an asynchronous algorithm that 129 into an asynchronous algorithm that executes in a kernel thread.
218 130
219 config CRYPTO_AUTHENC 131 config CRYPTO_AUTHENC
220 tristate "Authenc support" 132 tristate "Authenc support"
221 select CRYPTO_AEAD 133 select CRYPTO_AEAD
222 select CRYPTO_SKCIPHER !! 134 select CRYPTO_BLKCIPHER
223 select CRYPTO_MANAGER 135 select CRYPTO_MANAGER
224 select CRYPTO_HASH 136 select CRYPTO_HASH
225 select CRYPTO_NULL <<
226 help 137 help
227 Authenc: Combined mode wrapper for I 138 Authenc: Combined mode wrapper for IPsec.
228 !! 139 This is required for IPSec.
229 This is required for IPSec ESP (XFRM <<
230 140
231 config CRYPTO_TEST 141 config CRYPTO_TEST
232 tristate "Testing module" 142 tristate "Testing module"
233 depends on m || EXPERT !! 143 depends on m
234 select CRYPTO_MANAGER 144 select CRYPTO_MANAGER
235 help 145 help
236 Quick & dirty crypto test module. 146 Quick & dirty crypto test module.
237 147
238 config CRYPTO_SIMD !! 148 comment "Authenticated Encryption with Associated Data"
239 tristate <<
240 select CRYPTO_CRYPTD <<
241 <<
242 config CRYPTO_ENGINE <<
243 tristate <<
244 <<
245 endmenu <<
246 <<
247 menu "Public-key cryptography" <<
248 <<
249 config CRYPTO_RSA <<
250 tristate "RSA (Rivest-Shamir-Adleman)" <<
251 select CRYPTO_AKCIPHER <<
252 select CRYPTO_MANAGER <<
253 select MPILIB <<
254 select ASN1 <<
255 help <<
256 RSA (Rivest-Shamir-Adleman) public k <<
257 <<
258 config CRYPTO_DH <<
259 tristate "DH (Diffie-Hellman)" <<
260 select CRYPTO_KPP <<
261 select MPILIB <<
262 help <<
263 DH (Diffie-Hellman) key exchange alg <<
264 <<
265 config CRYPTO_DH_RFC7919_GROUPS <<
266 bool "RFC 7919 FFDHE groups" <<
267 depends on CRYPTO_DH <<
268 select CRYPTO_RNG_DEFAULT <<
269 help <<
270 FFDHE (Finite-Field-based Diffie-Hel <<
271 defined in RFC7919. <<
272 <<
273 Support these finite-field groups in <<
274 - ffdhe2048, ffdhe3072, ffdhe4096, f <<
275 <<
276 If unsure, say N. <<
277 <<
278 config CRYPTO_ECC <<
279 tristate <<
280 select CRYPTO_RNG_DEFAULT <<
281 <<
282 config CRYPTO_ECDH <<
283 tristate "ECDH (Elliptic Curve Diffie- <<
284 select CRYPTO_ECC <<
285 select CRYPTO_KPP <<
286 help <<
287 ECDH (Elliptic Curve Diffie-Hellman) <<
288 using curves P-192, P-256, and P-384 <<
289 <<
290 config CRYPTO_ECDSA <<
291 tristate "ECDSA (Elliptic Curve Digita <<
292 select CRYPTO_ECC <<
293 select CRYPTO_AKCIPHER <<
294 select ASN1 <<
295 help <<
296 ECDSA (Elliptic Curve Digital Signat <<
297 ISO/IEC 14888-3) <<
298 using curves P-192, P-256, and P-384 <<
299 <<
300 Only signature verification is imple <<
301 149
302 config CRYPTO_ECRDSA !! 150 config CRYPTO_CCM
303 tristate "EC-RDSA (Elliptic Curve Russ !! 151 tristate "CCM support"
304 select CRYPTO_ECC !! 152 select CRYPTO_CTR
305 select CRYPTO_AKCIPHER !! 153 select CRYPTO_AEAD
306 select CRYPTO_STREEBOG <<
307 select OID_REGISTRY <<
308 select ASN1 <<
309 help <<
310 Elliptic Curve Russian Digital Signa <<
311 RFC 7091, ISO/IEC 14888-3) <<
312 <<
313 One of the Russian cryptographic sta <<
314 algorithms). Only signature verifica <<
315 <<
316 config CRYPTO_CURVE25519 <<
317 tristate "Curve25519" <<
318 select CRYPTO_KPP <<
319 select CRYPTO_LIB_CURVE25519_GENERIC <<
320 help <<
321 Curve25519 elliptic curve (RFC7748) <<
322 <<
323 endmenu <<
324 <<
325 menu "Block ciphers" <<
326 <<
327 config CRYPTO_AES <<
328 tristate "AES (Advanced Encryption Sta <<
329 select CRYPTO_ALGAPI <<
330 select CRYPTO_LIB_AES <<
331 help <<
332 AES cipher algorithms (Rijndael)(FIP <<
333 <<
334 Rijndael appears to be consistently <<
335 both hardware and software across a <<
336 environments regardless of its use i <<
337 modes. Its key setup time is excelle <<
338 good. Rijndael's very low memory req <<
339 suited for restricted-space environm <<
340 demonstrates excellent performance. <<
341 among the easiest to defend against <<
342 <<
343 The AES specifies three key sizes: 1 <<
344 <<
345 config CRYPTO_AES_TI <<
346 tristate "AES (Advanced Encryption Sta <<
347 select CRYPTO_ALGAPI <<
348 select CRYPTO_LIB_AES <<
349 help <<
350 AES cipher algorithms (Rijndael)(FIP <<
351 <<
352 This is a generic implementation of <<
353 data dependent latencies as much as <<
354 performance too much. It is intended <<
355 and GCM drivers, and other CTR or CM <<
356 solely on encryption (although decry <<
357 with a more dramatic performance hit <<
358 <<
359 Instead of using 16 lookup tables of <<
360 8 for decryption), this implementati <<
361 256 bytes each, and attempts to elim <<
362 prefetching the entire table into th <<
363 block. Interrupts are also disabled <<
364 are evicted when the CPU is interrup <<
365 <<
366 config CRYPTO_ANUBIS <<
367 tristate "Anubis" <<
368 depends on CRYPTO_USER_API_ENABLE_OBSO <<
369 select CRYPTO_ALGAPI <<
370 help <<
371 Anubis cipher algorithm <<
372 <<
373 Anubis is a variable key length ciph <<
374 128 bits to 320 bits in length. It <<
375 in the NESSIE competition. <<
376 <<
377 See https://web.archive.org/web/2016 <<
378 for further information. <<
379 <<
380 config CRYPTO_ARIA <<
381 tristate "ARIA" <<
382 select CRYPTO_ALGAPI <<
383 help <<
384 ARIA cipher algorithm (RFC5794) <<
385 <<
386 ARIA is a standard encryption algori <<
387 The ARIA specifies three key sizes a <<
388 128-bit: 12 rounds. <<
389 192-bit: 14 rounds. <<
390 256-bit: 16 rounds. <<
391 <<
392 See: <<
393 https://seed.kisa.or.kr/kisa/algorit <<
394 <<
395 config CRYPTO_BLOWFISH <<
396 tristate "Blowfish" <<
397 select CRYPTO_ALGAPI <<
398 select CRYPTO_BLOWFISH_COMMON <<
399 help <<
400 Blowfish cipher algorithm, by Bruce <<
401 <<
402 This is a variable key length cipher <<
403 bits to 448 bits in length. It's fa <<
404 designed for use on "large microproc <<
405 <<
406 See https://www.schneier.com/blowfis <<
407 <<
408 config CRYPTO_BLOWFISH_COMMON <<
409 tristate <<
410 help <<
411 Common parts of the Blowfish cipher <<
412 generic c and the assembler implemen <<
413 <<
414 config CRYPTO_CAMELLIA <<
415 tristate "Camellia" <<
416 select CRYPTO_ALGAPI <<
417 help <<
418 Camellia cipher algorithms (ISO/IEC <<
419 <<
420 Camellia is a symmetric key block ci <<
421 at NTT and Mitsubishi Electric Corpo <<
422 <<
423 The Camellia specifies three key siz <<
424 <<
425 See https://info.isl.ntt.co.jp/crypt <<
426 <<
427 config CRYPTO_CAST_COMMON <<
428 tristate <<
429 help <<
430 Common parts of the CAST cipher algo <<
431 generic c and the assembler implemen <<
432 <<
433 config CRYPTO_CAST5 <<
434 tristate "CAST5 (CAST-128)" <<
435 select CRYPTO_ALGAPI <<
436 select CRYPTO_CAST_COMMON <<
437 help <<
438 CAST5 (CAST-128) cipher algorithm (R <<
439 <<
440 config CRYPTO_CAST6 <<
441 tristate "CAST6 (CAST-256)" <<
442 select CRYPTO_ALGAPI <<
443 select CRYPTO_CAST_COMMON <<
444 help <<
445 CAST6 (CAST-256) encryption algorith <<
446 <<
447 config CRYPTO_DES <<
448 tristate "DES and Triple DES EDE" <<
449 select CRYPTO_ALGAPI <<
450 select CRYPTO_LIB_DES <<
451 help <<
452 DES (Data Encryption Standard)(FIPS <<
453 Triple DES EDE (Encrypt/Decrypt/Encr <<
454 cipher algorithms <<
455 <<
456 config CRYPTO_FCRYPT <<
457 tristate "FCrypt" <<
458 select CRYPTO_ALGAPI <<
459 select CRYPTO_SKCIPHER <<
460 help <<
461 FCrypt algorithm used by RxRPC <<
462 <<
463 See https://ota.polyonymo.us/fcrypt- <<
464 <<
465 config CRYPTO_KHAZAD <<
466 tristate "Khazad" <<
467 depends on CRYPTO_USER_API_ENABLE_OBSO <<
468 select CRYPTO_ALGAPI <<
469 help <<
470 Khazad cipher algorithm <<
471 <<
472 Khazad was a finalist in the initial <<
473 an algorithm optimized for 64-bit pr <<
474 on 32-bit processors. Khazad uses a <<
475 <<
476 See https://web.archive.org/web/2017 <<
477 for further information. <<
478 <<
479 config CRYPTO_SEED <<
480 tristate "SEED" <<
481 depends on CRYPTO_USER_API_ENABLE_OBSO <<
482 select CRYPTO_ALGAPI <<
483 help <<
484 SEED cipher algorithm (RFC4269, ISO/ <<
485 <<
486 SEED is a 128-bit symmetric key bloc <<
487 developed by KISA (Korea Information <<
488 national standard encryption algorit <<
489 It is a 16 round block cipher with t <<
490 <<
491 See https://seed.kisa.or.kr/kisa/alg <<
492 for further information. <<
493 <<
494 config CRYPTO_SERPENT <<
495 tristate "Serpent" <<
496 select CRYPTO_ALGAPI <<
497 help <<
498 Serpent cipher algorithm, by Anderso <<
499 <<
500 Keys are allowed to be from 0 to 256 <<
501 of 8 bits. <<
502 <<
503 See https://www.cl.cam.ac.uk/~rja14/ <<
504 <<
505 config CRYPTO_SM4 <<
506 tristate <<
507 <<
508 config CRYPTO_SM4_GENERIC <<
509 tristate "SM4 (ShangMi 4)" <<
510 select CRYPTO_ALGAPI <<
511 select CRYPTO_SM4 <<
512 help <<
513 SM4 cipher algorithms (OSCCA GB/T 32 <<
514 ISO/IEC 18033-3:2010/Amd 1:2021) <<
515 <<
516 SM4 (GBT.32907-2016) is a cryptograp <<
517 Organization of State Commercial Adm <<
518 as an authorized cryptographic algor <<
519 <<
520 SMS4 was originally created for use <<
521 networks, and is mandated in the Chi <<
522 Wireless LAN WAPI (Wired Authenticat <<
523 (GB.15629.11-2003). <<
524 <<
525 The latest SM4 standard (GBT.32907-2 <<
526 standardized through TC 260 of the S <<
527 of the People's Republic of China (S <<
528 <<
529 The input, output, and key of SMS4 a <<
530 <<
531 See https://eprint.iacr.org/2008/329 <<
532 <<
533 If unsure, say N. <<
534 <<
535 config CRYPTO_TEA <<
536 tristate "TEA, XTEA and XETA" <<
537 depends on CRYPTO_USER_API_ENABLE_OBSO <<
538 select CRYPTO_ALGAPI <<
539 help <<
540 TEA (Tiny Encryption Algorithm) ciph <<
541 <<
542 Tiny Encryption Algorithm is a simpl <<
543 many rounds for security. It is ver <<
544 little memory. <<
545 <<
546 Xtendend Tiny Encryption Algorithm i <<
547 the TEA algorithm to address a poten <<
548 in the TEA algorithm. <<
549 <<
550 Xtendend Encryption Tiny Algorithm i <<
551 of the XTEA algorithm for compatibil <<
552 <<
553 config CRYPTO_TWOFISH <<
554 tristate "Twofish" <<
555 select CRYPTO_ALGAPI <<
556 select CRYPTO_TWOFISH_COMMON <<
557 help <<
558 Twofish cipher algorithm <<
559 <<
560 Twofish was submitted as an AES (Adv <<
561 candidate cipher by researchers at C <<
562 16 round block cipher supporting key <<
563 bits. <<
564 <<
565 See https://www.schneier.com/twofish <<
566 <<
567 config CRYPTO_TWOFISH_COMMON <<
568 tristate <<
569 help 154 help
570 Common parts of the Twofish cipher a !! 155 Support for Counter with CBC MAC. Required for IPsec.
571 generic c and the assembler implemen <<
572 <<
573 endmenu <<
574 <<
575 menu "Length-preserving ciphers and modes" <<
576 156
577 config CRYPTO_ADIANTUM !! 157 config CRYPTO_GCM
578 tristate "Adiantum" !! 158 tristate "GCM/GMAC support"
579 select CRYPTO_CHACHA20 !! 159 select CRYPTO_CTR
580 select CRYPTO_LIB_POLY1305_GENERIC !! 160 select CRYPTO_AEAD
581 select CRYPTO_NHPOLY1305 !! 161 select CRYPTO_GHASH
582 select CRYPTO_MANAGER <<
583 help 162 help
584 Adiantum tweakable, length-preservin !! 163 Support for Galois/Counter Mode (GCM) and Galois Message
585 !! 164 Authentication Code (GMAC). Required for IPSec.
586 Designed for fast and secure disk en <<
587 CPUs without dedicated crypto instru <<
588 each sector using the XChaCha12 stre <<
589 an ε-almost-∆-universal hash func <<
590 the AES-256 block cipher on a single <<
591 without AES instructions, Adiantum i <<
592 AES-XTS. <<
593 <<
594 Adiantum's security is provably redu <<
595 underlying stream and block ciphers, <<
596 bound. Unlike XTS, Adiantum is a tr <<
597 mode, so it actually provides an eve <<
598 security than XTS, subject to the se <<
599 165
600 If unsure, say N. !! 166 config CRYPTO_SEQIV
601 !! 167 tristate "Sequence Number IV Generator"
602 config CRYPTO_ARC4 !! 168 select CRYPTO_AEAD
603 tristate "ARC4 (Alleged Rivest Cipher !! 169 select CRYPTO_BLKCIPHER
604 depends on CRYPTO_USER_API_ENABLE_OBSO !! 170 select CRYPTO_RNG
605 select CRYPTO_SKCIPHER <<
606 select CRYPTO_LIB_ARC4 <<
607 help 171 help
608 ARC4 cipher algorithm !! 172 This IV generator generates an IV based on a sequence number by
609 !! 173 xoring it with a salt. This algorithm is mainly useful for CTR
610 ARC4 is a stream cipher using keys r <<
611 bits in length. This algorithm is r <<
612 WEP, but it should not be for other <<
613 weakness of the algorithm. <<
614 174
615 config CRYPTO_CHACHA20 !! 175 comment "Block modes"
616 tristate "ChaCha" <<
617 select CRYPTO_LIB_CHACHA_GENERIC <<
618 select CRYPTO_SKCIPHER <<
619 help <<
620 The ChaCha20, XChaCha20, and XChaCha <<
621 <<
622 ChaCha20 is a 256-bit high-speed str <<
623 Bernstein and further specified in R <<
624 This is the portable C implementatio <<
625 https://cr.yp.to/chacha/chacha-20080 <<
626 <<
627 XChaCha20 is the application of the <<
628 rather than to Salsa20. XChaCha20 e <<
629 from 64 bits (or 96 bits using the R <<
630 while provably retaining ChaCha20's <<
631 https://cr.yp.to/snuffle/xsalsa-2008 <<
632 <<
633 XChaCha12 is XChaCha20 reduced to 12 <<
634 reduced security margin but increase <<
635 in some performance-sensitive scenar <<
636 176
637 config CRYPTO_CBC 177 config CRYPTO_CBC
638 tristate "CBC (Cipher Block Chaining)" !! 178 tristate "CBC support"
639 select CRYPTO_SKCIPHER !! 179 select CRYPTO_BLKCIPHER
640 select CRYPTO_MANAGER 180 select CRYPTO_MANAGER
641 help 181 help
642 CBC (Cipher Block Chaining) mode (NI !! 182 CBC: Cipher Block Chaining mode
643 !! 183 This block cipher algorithm is required for IPSec.
644 This block cipher mode is required f <<
645 184
646 config CRYPTO_CTR 185 config CRYPTO_CTR
647 tristate "CTR (Counter)" !! 186 tristate "CTR support"
648 select CRYPTO_SKCIPHER !! 187 select CRYPTO_BLKCIPHER
>> 188 select CRYPTO_SEQIV
649 select CRYPTO_MANAGER 189 select CRYPTO_MANAGER
650 help 190 help
651 CTR (Counter) mode (NIST SP800-38A) !! 191 CTR: Counter mode
>> 192 This block cipher algorithm is required for IPSec.
652 193
653 config CRYPTO_CTS 194 config CRYPTO_CTS
654 tristate "CTS (Cipher Text Stealing)" !! 195 tristate "CTS support"
655 select CRYPTO_SKCIPHER !! 196 select CRYPTO_BLKCIPHER
656 select CRYPTO_MANAGER <<
657 help 197 help
658 CBC-CS3 variant of CTS (Cipher Text !! 198 CTS: Cipher Text Stealing
659 Addendum to SP800-38A (October 2010) !! 199 This is the Cipher Text Stealing mode as described by
660 !! 200 Section 8 of rfc2040 and referenced by rfc3962.
>> 201 (rfc3962 includes errata information in its Appendix A)
661 This mode is required for Kerberos g 202 This mode is required for Kerberos gss mechanism support
662 for AES encryption. 203 for AES encryption.
663 204
664 config CRYPTO_ECB 205 config CRYPTO_ECB
665 tristate "ECB (Electronic Codebook)" !! 206 tristate "ECB support"
666 select CRYPTO_SKCIPHER2 !! 207 select CRYPTO_BLKCIPHER
667 select CRYPTO_MANAGER <<
668 help <<
669 ECB (Electronic Codebook) mode (NIST <<
670 <<
671 config CRYPTO_HCTR2 <<
672 tristate "HCTR2" <<
673 select CRYPTO_XCTR <<
674 select CRYPTO_POLYVAL <<
675 select CRYPTO_MANAGER 208 select CRYPTO_MANAGER
676 help 209 help
677 HCTR2 length-preserving encryption m !! 210 ECB: Electronic CodeBook mode
678 !! 211 This is the simplest block cipher algorithm. It simply encrypts
679 A mode for storage encryption that i !! 212 the input block by block.
680 instructions to accelerate AES and c <<
681 x86 processors with AES-NI and CLMUL <<
682 ARMv8 crypto extensions. <<
683 <<
684 See https://eprint.iacr.org/2021/144 <<
685 <<
686 config CRYPTO_KEYWRAP <<
687 tristate "KW (AES Key Wrap)" <<
688 select CRYPTO_SKCIPHER <<
689 select CRYPTO_MANAGER <<
690 help <<
691 KW (AES Key Wrap) authenticated encr <<
692 and RFC3394) without padding. <<
693 213
694 config CRYPTO_LRW 214 config CRYPTO_LRW
695 tristate "LRW (Liskov Rivest Wagner)" !! 215 tristate "LRW support (EXPERIMENTAL)"
696 select CRYPTO_LIB_GF128MUL !! 216 depends on EXPERIMENTAL
697 select CRYPTO_SKCIPHER !! 217 select CRYPTO_BLKCIPHER
698 select CRYPTO_MANAGER 218 select CRYPTO_MANAGER
699 select CRYPTO_ECB !! 219 select CRYPTO_GF128MUL
700 help 220 help
701 LRW (Liskov Rivest Wagner) mode !! 221 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
702 <<
703 A tweakable, non malleable, non mova <<
704 narrow block cipher mode for dm-cryp 222 narrow block cipher mode for dm-crypt. Use it with cipher
705 specification string aes-lrw-benbi, 223 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
706 The first 128, 192 or 256 bits in th 224 The first 128, 192 or 256 bits in the key are used for AES and the
707 rest is used to tie each cipher bloc 225 rest is used to tie each cipher block to its logical position.
708 226
709 See https://people.csail.mit.edu/riv <<
710 <<
711 config CRYPTO_PCBC 227 config CRYPTO_PCBC
712 tristate "PCBC (Propagating Cipher Blo !! 228 tristate "PCBC support"
713 select CRYPTO_SKCIPHER !! 229 select CRYPTO_BLKCIPHER
714 select CRYPTO_MANAGER <<
715 help <<
716 PCBC (Propagating Cipher Block Chain <<
717 <<
718 This block cipher mode is required f <<
719 <<
720 config CRYPTO_XCTR <<
721 tristate <<
722 select CRYPTO_SKCIPHER <<
723 select CRYPTO_MANAGER 230 select CRYPTO_MANAGER
724 help 231 help
725 XCTR (XOR Counter) mode for HCTR2 !! 232 PCBC: Propagating Cipher Block Chaining mode
726 !! 233 This block cipher algorithm is required for RxRPC.
727 This blockcipher mode is a variant o <<
728 addition rather than big-endian arit <<
729 <<
730 XCTR mode is used to implement HCTR2 <<
731 234
732 config CRYPTO_XTS 235 config CRYPTO_XTS
733 tristate "XTS (XOR Encrypt XOR with ci !! 236 tristate "XTS support (EXPERIMENTAL)"
734 select CRYPTO_SKCIPHER !! 237 depends on EXPERIMENTAL
>> 238 select CRYPTO_BLKCIPHER
735 select CRYPTO_MANAGER 239 select CRYPTO_MANAGER
736 select CRYPTO_ECB !! 240 select CRYPTO_GF128MUL
737 help 241 help
738 XTS (XOR Encrypt XOR with ciphertext !! 242 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
739 and IEEE 1619) !! 243 key size 256, 384 or 512 bits. This implementation currently
>> 244 can't handle a sectorsize which is not a multiple of 16 bytes.
740 245
741 Use with aes-xts-plain, key size 256 !! 246 config CRYPTO_FPU
742 implementation currently can't handl <<
743 multiple of 16 bytes. <<
744 <<
745 config CRYPTO_NHPOLY1305 <<
746 tristate 247 tristate
747 select CRYPTO_HASH !! 248 select CRYPTO_BLKCIPHER
748 select CRYPTO_LIB_POLY1305_GENERIC <<
749 <<
750 endmenu <<
751 <<
752 menu "AEAD (authenticated encryption with asso <<
753 <<
754 config CRYPTO_AEGIS128 <<
755 tristate "AEGIS-128" <<
756 select CRYPTO_AEAD <<
757 select CRYPTO_AES # for AES S-box tab <<
758 help <<
759 AEGIS-128 AEAD algorithm <<
760 <<
761 config CRYPTO_AEGIS128_SIMD <<
762 bool "AEGIS-128 (arm NEON, arm64 NEON) <<
763 depends on CRYPTO_AEGIS128 && ((ARM || <<
764 default y <<
765 help <<
766 AEGIS-128 AEAD algorithm <<
767 <<
768 Architecture: arm or arm64 using: <<
769 - NEON (Advanced SIMD) extension <<
770 <<
771 config CRYPTO_CHACHA20POLY1305 <<
772 tristate "ChaCha20-Poly1305" <<
773 select CRYPTO_CHACHA20 <<
774 select CRYPTO_POLY1305 <<
775 select CRYPTO_AEAD <<
776 select CRYPTO_MANAGER 249 select CRYPTO_MANAGER
777 help <<
778 ChaCha20 stream cipher and Poly1305 <<
779 mode (RFC8439) <<
780 250
781 config CRYPTO_CCM !! 251 comment "Hash modes"
782 tristate "CCM (Counter with Cipher Blo !! 252
783 select CRYPTO_CTR !! 253 config CRYPTO_HMAC
>> 254 tristate "HMAC support"
784 select CRYPTO_HASH 255 select CRYPTO_HASH
785 select CRYPTO_AEAD <<
786 select CRYPTO_MANAGER 256 select CRYPTO_MANAGER
787 help 257 help
788 CCM (Counter with Cipher Block Chain !! 258 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
789 authenticated encryption mode (NIST !! 259 This is required for IPSec.
790 260
791 config CRYPTO_GCM !! 261 config CRYPTO_XCBC
792 tristate "GCM (Galois/Counter Mode) an !! 262 tristate "XCBC support"
793 select CRYPTO_CTR !! 263 depends on EXPERIMENTAL
794 select CRYPTO_AEAD !! 264 select CRYPTO_HASH
795 select CRYPTO_GHASH <<
796 select CRYPTO_NULL <<
797 select CRYPTO_MANAGER 265 select CRYPTO_MANAGER
798 help 266 help
799 GCM (Galois/Counter Mode) authentica !! 267 XCBC: Keyed-Hashing with encryption algorithm
800 (GCM Message Authentication Code) (N !! 268 http://www.ietf.org/rfc/rfc3566.txt
801 !! 269 http://csrc.nist.gov/encryption/modes/proposedmodes/
802 This is required for IPSec ESP (XFRM !! 270 xcbc-mac/xcbc-mac-spec.pdf
803 271
804 config CRYPTO_GENIV !! 272 config CRYPTO_VMAC
805 tristate !! 273 tristate "VMAC support"
806 select CRYPTO_AEAD !! 274 depends on EXPERIMENTAL
807 select CRYPTO_NULL !! 275 select CRYPTO_HASH
808 select CRYPTO_MANAGER 276 select CRYPTO_MANAGER
809 select CRYPTO_RNG_DEFAULT <<
810 <<
811 config CRYPTO_SEQIV <<
812 tristate "Sequence Number IV Generator <<
813 select CRYPTO_GENIV <<
814 help 277 help
815 Sequence Number IV generator !! 278 VMAC is a message authentication algorithm designed for
816 !! 279 very high speed on 64-bit architectures.
817 This IV generator generates an IV ba <<
818 xoring it with a salt. This algorit <<
819 <<
820 This is required for IPsec ESP (XFRM <<
821 <<
822 config CRYPTO_ECHAINIV <<
823 tristate "Encrypted Chain IV Generator <<
824 select CRYPTO_GENIV <<
825 help <<
826 Encrypted Chain IV generator <<
827 <<
828 This IV generator generates an IV ba <<
829 a sequence number xored with a salt. <<
830 algorithm for CBC. <<
831 <<
832 config CRYPTO_ESSIV <<
833 tristate "Encrypted Salt-Sector IV Gen <<
834 select CRYPTO_AUTHENC <<
835 help <<
836 Encrypted Salt-Sector IV generator <<
837 <<
838 This IV generator is used in some ca <<
839 dm-crypt. It uses the hash of the bl <<
840 symmetric key for a block encryption <<
841 IV, making low entropy IV sources mo <<
842 encryption. <<
843 <<
844 This driver implements a crypto API <<
845 instantiated either as an skcipher o <<
846 type of the first template argument) <<
847 and decryption requests to the encap <<
848 ESSIV to the input IV. Note that in <<
849 that the keys are presented in the s <<
850 template, and that the IV appears at <<
851 associated data (AAD) region (which <<
852 <<
853 Note that the use of ESSIV is not re <<
854 and so this only needs to be enabled <<
855 existing encrypted volumes of filesy <<
856 building for a particular system tha <<
857 the SoC in question has accelerated <<
858 combined with ESSIV the only feasibl <<
859 block encryption) <<
860 280
861 endmenu !! 281 See also:
>> 282 <http://fastcrypto.org/vmac>
862 283
863 menu "Hashes, digests, and MACs" !! 284 comment "Digest"
864 285
865 config CRYPTO_BLAKE2B !! 286 config CRYPTO_CRC32C
866 tristate "BLAKE2b" !! 287 tristate "CRC32c CRC algorithm"
867 select CRYPTO_HASH 288 select CRYPTO_HASH
868 help 289 help
869 BLAKE2b cryptographic hash function !! 290 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
870 !! 291 by iSCSI for header and data digests and by others.
871 BLAKE2b is optimized for 64-bit plat !! 292 See Castagnoli93. Module will be crc32c.
872 of any size between 1 and 64 bytes. <<
873 <<
874 This module provides the following a <<
875 - blake2b-160 <<
876 - blake2b-256 <<
877 - blake2b-384 <<
878 - blake2b-512 <<
879 293
880 Used by the btrfs filesystem. !! 294 config CRYPTO_CRC32C_INTEL
881 !! 295 tristate "CRC32c INTEL hardware acceleration"
882 See https://blake2.net for further i !! 296 depends on X86
883 <<
884 config CRYPTO_CMAC <<
885 tristate "CMAC (Cipher-based MAC)" <<
886 select CRYPTO_HASH 297 select CRYPTO_HASH
887 select CRYPTO_MANAGER <<
888 help 298 help
889 CMAC (Cipher-based Message Authentic !! 299 In Intel processor with SSE4.2 supported, the processor will
890 mode (NIST SP800-38B and IETF RFC449 !! 300 support CRC32C implementation using hardware accelerated CRC32
>> 301 instruction. This option will create 'crc32c-intel' module,
>> 302 which will enable any routine to use the CRC32 instruction to
>> 303 gain performance compared with software implementation.
>> 304 Module will be crc32c-intel.
891 305
892 config CRYPTO_GHASH 306 config CRYPTO_GHASH
893 tristate "GHASH" !! 307 tristate "GHASH digest algorithm"
894 select CRYPTO_HASH !! 308 select CRYPTO_SHASH
895 select CRYPTO_LIB_GF128MUL !! 309 select CRYPTO_GF128MUL
896 help <<
897 GCM GHASH function (NIST SP800-38D) <<
898 <<
899 config CRYPTO_HMAC <<
900 tristate "HMAC (Keyed-Hash MAC)" <<
901 select CRYPTO_HASH <<
902 select CRYPTO_MANAGER <<
903 help 310 help
904 HMAC (Keyed-Hash Message Authenticat !! 311 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
905 RFC2104) <<
906 <<
907 This is required for IPsec AH (XFRM_ <<
908 312
909 config CRYPTO_MD4 313 config CRYPTO_MD4
910 tristate "MD4" !! 314 tristate "MD4 digest algorithm"
911 select CRYPTO_HASH 315 select CRYPTO_HASH
912 help 316 help
913 MD4 message digest algorithm (RFC132 !! 317 MD4 message digest algorithm (RFC1320).
914 318
915 config CRYPTO_MD5 319 config CRYPTO_MD5
916 tristate "MD5" !! 320 tristate "MD5 digest algorithm"
917 select CRYPTO_HASH 321 select CRYPTO_HASH
918 help 322 help
919 MD5 message digest algorithm (RFC132 !! 323 MD5 message digest algorithm (RFC1321).
920 324
921 config CRYPTO_MICHAEL_MIC 325 config CRYPTO_MICHAEL_MIC
922 tristate "Michael MIC" !! 326 tristate "Michael MIC keyed digest algorithm"
923 select CRYPTO_HASH 327 select CRYPTO_HASH
924 help 328 help
925 Michael MIC (Message Integrity Code) !! 329 Michael MIC is used for message integrity protection in TKIP
926 !! 330 (IEEE 802.11i). This algorithm is required for TKIP, but it
927 Defined by the IEEE 802.11i TKIP (Te !! 331 should not be used for other purposes because of the weakness
928 known as WPA (Wif-Fi Protected Acces !! 332 of the algorithm.
929 <<
930 This algorithm is required for TKIP, <<
931 other purposes because of the weakne <<
932 333
933 config CRYPTO_POLYVAL !! 334 config CRYPTO_RMD128
934 tristate !! 335 tristate "RIPEMD-128 digest algorithm"
935 select CRYPTO_HASH 336 select CRYPTO_HASH
936 select CRYPTO_LIB_GF128MUL <<
937 help 337 help
938 POLYVAL hash function for HCTR2 !! 338 RIPEMD-128 (ISO/IEC 10118-3:2004).
939 <<
940 This is used in HCTR2. It is not a <<
941 cryptographic hash function. <<
942 339
943 config CRYPTO_POLY1305 !! 340 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
944 tristate "Poly1305" !! 341 to be used as a secure replacement for RIPEMD. For other use cases
945 select CRYPTO_HASH !! 342 RIPEMD-160 should be used.
946 select CRYPTO_LIB_POLY1305_GENERIC <<
947 help <<
948 Poly1305 authenticator algorithm (RF <<
949 343
950 Poly1305 is an authenticator algorit !! 344 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
951 It is used for the ChaCha20-Poly1305 !! 345 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
952 in IETF protocols. This is the porta <<
953 346
954 config CRYPTO_RMD160 347 config CRYPTO_RMD160
955 tristate "RIPEMD-160" !! 348 tristate "RIPEMD-160 digest algorithm"
956 select CRYPTO_HASH 349 select CRYPTO_HASH
957 help 350 help
958 RIPEMD-160 hash function (ISO/IEC 10 !! 351 RIPEMD-160 (ISO/IEC 10118-3:2004).
959 352
960 RIPEMD-160 is a 160-bit cryptographi 353 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
961 to be used as a secure replacement f 354 to be used as a secure replacement for the 128-bit hash functions
962 MD4, MD5 and its predecessor RIPEMD !! 355 MD4, MD5 and it's predecessor RIPEMD
963 (not to be confused with RIPEMD-128) 356 (not to be confused with RIPEMD-128).
964 357
965 Its speed is comparable to SHA-1 and !! 358 It's speed is comparable to SHA1 and there are no known attacks
966 against RIPEMD-160. 359 against RIPEMD-160.
967 360
968 Developed by Hans Dobbertin, Antoon 361 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
969 See https://homes.esat.kuleuven.be/~ !! 362 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
970 for further information. <<
971 363
972 config CRYPTO_SHA1 !! 364 config CRYPTO_RMD256
973 tristate "SHA-1" !! 365 tristate "RIPEMD-256 digest algorithm"
974 select CRYPTO_HASH 366 select CRYPTO_HASH
975 select CRYPTO_LIB_SHA1 <<
976 help 367 help
977 SHA-1 secure hash algorithm (FIPS 18 !! 368 RIPEMD-256 is an optional extension of RIPEMD-128 with a
>> 369 256 bit hash. It is intended for applications that require
>> 370 longer hash-results, without needing a larger security level
>> 371 (than RIPEMD-128).
978 372
979 config CRYPTO_SHA256 !! 373 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
980 tristate "SHA-224 and SHA-256" !! 374 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
>> 375
>> 376 config CRYPTO_RMD320
>> 377 tristate "RIPEMD-320 digest algorithm"
981 select CRYPTO_HASH 378 select CRYPTO_HASH
982 select CRYPTO_LIB_SHA256 <<
983 help 379 help
984 SHA-224 and SHA-256 secure hash algo !! 380 RIPEMD-320 is an optional extension of RIPEMD-160 with a
>> 381 320 bit hash. It is intended for applications that require
>> 382 longer hash-results, without needing a larger security level
>> 383 (than RIPEMD-160).
985 384
986 This is required for IPsec AH (XFRM_ !! 385 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
987 Used by the btrfs filesystem, Ceph, !! 386 See <http://home.esat.kuleuven.be/~bosselae/ripemd160.html>
988 387
989 config CRYPTO_SHA512 !! 388 config CRYPTO_SHA1
990 tristate "SHA-384 and SHA-512" !! 389 tristate "SHA1 digest algorithm"
991 select CRYPTO_HASH 390 select CRYPTO_HASH
992 help 391 help
993 SHA-384 and SHA-512 secure hash algo !! 392 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
994 393
995 config CRYPTO_SHA3 !! 394 config CRYPTO_SHA256
996 tristate "SHA-3" !! 395 tristate "SHA224 and SHA256 digest algorithm"
997 select CRYPTO_HASH 396 select CRYPTO_HASH
998 help 397 help
999 SHA-3 secure hash algorithms (FIPS 2 !! 398 SHA256 secure hash standard (DFIPS 180-2).
1000 399
1001 config CRYPTO_SM3 !! 400 This version of SHA implements a 256 bit hash with 128 bits of
1002 tristate !! 401 security against collision attacks.
1003 402
1004 config CRYPTO_SM3_GENERIC !! 403 This code also includes SHA-224, a 224 bit hash with 112 bits
1005 tristate "SM3 (ShangMi 3)" !! 404 of security against collision attacks.
>> 405
>> 406 config CRYPTO_SHA512
>> 407 tristate "SHA384 and SHA512 digest algorithms"
1006 select CRYPTO_HASH 408 select CRYPTO_HASH
1007 select CRYPTO_SM3 <<
1008 help 409 help
1009 SM3 (ShangMi 3) secure hash functio !! 410 SHA512 secure hash standard (DFIPS 180-2).
1010 411
1011 This is part of the Chinese Commerc !! 412 This version of SHA implements a 512 bit hash with 256 bits of
>> 413 security against collision attacks.
1012 414
1013 References: !! 415 This code also includes SHA-384, a 384 bit hash with 192 bits
1014 http://www.oscca.gov.cn/UpFile/2010 !! 416 of security against collision attacks.
1015 https://datatracker.ietf.org/doc/ht <<
1016 417
1017 config CRYPTO_STREEBOG !! 418 config CRYPTO_TGR192
1018 tristate "Streebog" !! 419 tristate "Tiger digest algorithms"
1019 select CRYPTO_HASH 420 select CRYPTO_HASH
1020 help 421 help
1021 Streebog Hash Function (GOST R 34.1 !! 422 Tiger hash algorithm 192, 160 and 128-bit hashes
1022 423
1023 This is one of the Russian cryptogr !! 424 Tiger is a hash function optimized for 64-bit processors while
1024 GOST algorithms). This setting enab !! 425 still having decent performance on 32-bit processors.
1025 256 and 512 bits output. !! 426 Tiger was developed by Ross Anderson and Eli Biham.
1026 <<
1027 References: <<
1028 https://tc26.ru/upload/iblock/fed/f <<
1029 https://tools.ietf.org/html/rfc6986 <<
1030 <<
1031 config CRYPTO_VMAC <<
1032 tristate "VMAC" <<
1033 select CRYPTO_HASH <<
1034 select CRYPTO_MANAGER <<
1035 help <<
1036 VMAC is a message authentication al <<
1037 very high speed on 64-bit architect <<
1038 427
1039 See https://fastcrypto.org/vmac for !! 428 See also:
>> 429 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
1040 430
1041 config CRYPTO_WP512 431 config CRYPTO_WP512
1042 tristate "Whirlpool" !! 432 tristate "Whirlpool digest algorithms"
1043 select CRYPTO_HASH 433 select CRYPTO_HASH
1044 help 434 help
1045 Whirlpool hash function (ISO/IEC 10 !! 435 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1046 <<
1047 512, 384 and 256-bit hashes. <<
1048 436
1049 Whirlpool-512 is part of the NESSIE 437 Whirlpool-512 is part of the NESSIE cryptographic primitives.
>> 438 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1050 439
1051 See https://web.archive.org/web/201 !! 440 See also:
1052 for further information. !! 441 <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html>
1053 442
1054 config CRYPTO_XCBC !! 443 comment "Ciphers"
1055 tristate "XCBC-MAC (Extended Cipher B <<
1056 select CRYPTO_HASH <<
1057 select CRYPTO_MANAGER <<
1058 help <<
1059 XCBC-MAC (Extended Cipher Block Cha <<
1060 Code) (RFC3566) <<
1061 444
1062 config CRYPTO_XXHASH !! 445 config CRYPTO_AES
1063 tristate "xxHash" !! 446 tristate "AES cipher algorithms"
1064 select CRYPTO_HASH !! 447 select CRYPTO_ALGAPI
1065 select XXHASH <<
1066 help 448 help
1067 xxHash non-cryptographic hash algor !! 449 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1068 !! 450 algorithm.
1069 Extremely fast, working at speeds c <<
1070 451
1071 Used by the btrfs filesystem. !! 452 Rijndael appears to be consistently a very good performer in
>> 453 both hardware and software across a wide range of computing
>> 454 environments regardless of its use in feedback or non-feedback
>> 455 modes. Its key setup time is excellent, and its key agility is
>> 456 good. Rijndael's very low memory requirements make it very well
>> 457 suited for restricted-space environments, in which it also
>> 458 demonstrates excellent performance. Rijndael's operations are
>> 459 among the easiest to defend against power and timing attacks.
1072 460
1073 endmenu !! 461 The AES specifies three key sizes: 128, 192 and 256 bits
1074 462
1075 menu "CRCs (cyclic redundancy checks)" !! 463 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1076 464
1077 config CRYPTO_CRC32C !! 465 config CRYPTO_AES_586
1078 tristate "CRC32c" !! 466 tristate "AES cipher algorithms (i586)"
1079 select CRYPTO_HASH !! 467 depends on (X86 || UML_X86) && !64BIT
1080 select CRC32 !! 468 select CRYPTO_ALGAPI
>> 469 select CRYPTO_AES
1081 help 470 help
1082 CRC32c CRC algorithm with the iSCSI !! 471 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 472 algorithm.
>> 473
>> 474 Rijndael appears to be consistently a very good performer in
>> 475 both hardware and software across a wide range of computing
>> 476 environments regardless of its use in feedback or non-feedback
>> 477 modes. Its key setup time is excellent, and its key agility is
>> 478 good. Rijndael's very low memory requirements make it very well
>> 479 suited for restricted-space environments, in which it also
>> 480 demonstrates excellent performance. Rijndael's operations are
>> 481 among the easiest to defend against power and timing attacks.
1083 482
1084 A 32-bit CRC (cyclic redundancy che !! 483 The AES specifies three key sizes: 128, 192 and 256 bits
1085 by G. Castagnoli, S. Braeuer and M. <<
1086 Redundancy-Check Codes with 24 and <<
1087 on Communications, Vol. 41, No. 6, <<
1088 iSCSI. <<
1089 484
1090 Used by btrfs, ext4, jbd2, NVMeoF/T !! 485 See <http://csrc.nist.gov/encryption/aes/> for more information.
1091 486
1092 config CRYPTO_CRC32 !! 487 config CRYPTO_AES_X86_64
1093 tristate "CRC32" !! 488 tristate "AES cipher algorithms (x86_64)"
1094 select CRYPTO_HASH !! 489 depends on (X86 || UML_X86) && 64BIT
1095 select CRC32 !! 490 select CRYPTO_ALGAPI
>> 491 select CRYPTO_AES
1096 help 492 help
1097 CRC32 CRC algorithm (IEEE 802.3) !! 493 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 494 algorithm.
1098 495
1099 Used by RoCEv2 and f2fs. !! 496 Rijndael appears to be consistently a very good performer in
>> 497 both hardware and software across a wide range of computing
>> 498 environments regardless of its use in feedback or non-feedback
>> 499 modes. Its key setup time is excellent, and its key agility is
>> 500 good. Rijndael's very low memory requirements make it very well
>> 501 suited for restricted-space environments, in which it also
>> 502 demonstrates excellent performance. Rijndael's operations are
>> 503 among the easiest to defend against power and timing attacks.
1100 504
1101 config CRYPTO_CRCT10DIF !! 505 The AES specifies three key sizes: 128, 192 and 256 bits
1102 tristate "CRCT10DIF" <<
1103 select CRYPTO_HASH <<
1104 help <<
1105 CRC16 CRC algorithm used for the T1 <<
1106 506
1107 CRC algorithm used by the SCSI Bloc !! 507 See <http://csrc.nist.gov/encryption/aes/> for more information.
1108 508
1109 config CRYPTO_CRC64_ROCKSOFT !! 509 config CRYPTO_AES_NI_INTEL
1110 tristate "CRC64 based on Rocksoft Mod !! 510 tristate "AES cipher algorithms (AES-NI)"
1111 depends on CRC64 !! 511 depends on (X86 || UML_X86) && 64BIT
1112 select CRYPTO_HASH !! 512 select CRYPTO_AES_X86_64
>> 513 select CRYPTO_CRYPTD
>> 514 select CRYPTO_ALGAPI
>> 515 select CRYPTO_FPU
1113 help 516 help
1114 CRC64 CRC algorithm based on the Ro !! 517 Use Intel AES-NI instructions for AES algorithm.
1115 518
1116 Used by the NVMe implementation of !! 519 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 520 algorithm.
1117 521
1118 See https://zlib.net/crc_v3.txt !! 522 Rijndael appears to be consistently a very good performer in
>> 523 both hardware and software across a wide range of computing
>> 524 environments regardless of its use in feedback or non-feedback
>> 525 modes. Its key setup time is excellent, and its key agility is
>> 526 good. Rijndael's very low memory requirements make it very well
>> 527 suited for restricted-space environments, in which it also
>> 528 demonstrates excellent performance. Rijndael's operations are
>> 529 among the easiest to defend against power and timing attacks.
1119 530
1120 endmenu !! 531 The AES specifies three key sizes: 128, 192 and 256 bits
1121 532
1122 menu "Compression" !! 533 See <http://csrc.nist.gov/encryption/aes/> for more information.
1123 534
1124 config CRYPTO_DEFLATE !! 535 In addition to AES cipher algorithm support, the
1125 tristate "Deflate" !! 536 acceleration for some popular block cipher mode is supported
>> 537 too, including ECB, CBC, CTR, LRW, PCBC, XTS.
>> 538
>> 539 config CRYPTO_ANUBIS
>> 540 tristate "Anubis cipher algorithm"
1126 select CRYPTO_ALGAPI 541 select CRYPTO_ALGAPI
1127 select CRYPTO_ACOMP2 <<
1128 select ZLIB_INFLATE <<
1129 select ZLIB_DEFLATE <<
1130 help 542 help
1131 Deflate compression algorithm (RFC1 !! 543 Anubis cipher algorithm.
>> 544
>> 545 Anubis is a variable key length cipher which can use keys from
>> 546 128 bits to 320 bits in length. It was evaluated as a entrant
>> 547 in the NESSIE competition.
1132 548
1133 Used by IPSec with the IPCOMP proto !! 549 See also:
>> 550 <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
>> 551 <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
1134 552
1135 config CRYPTO_LZO !! 553 config CRYPTO_ARC4
1136 tristate "LZO" !! 554 tristate "ARC4 cipher algorithm"
1137 select CRYPTO_ALGAPI 555 select CRYPTO_ALGAPI
1138 select CRYPTO_ACOMP2 <<
1139 select LZO_COMPRESS <<
1140 select LZO_DECOMPRESS <<
1141 help 556 help
1142 LZO compression algorithm !! 557 ARC4 cipher algorithm.
1143 558
1144 See https://www.oberhumer.com/opens !! 559 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
>> 560 bits in length. This algorithm is required for driver-based
>> 561 WEP, but it should not be for other purposes because of the
>> 562 weakness of the algorithm.
1145 563
1146 config CRYPTO_842 !! 564 config CRYPTO_BLOWFISH
1147 tristate "842" !! 565 tristate "Blowfish cipher algorithm"
1148 select CRYPTO_ALGAPI 566 select CRYPTO_ALGAPI
1149 select CRYPTO_ACOMP2 <<
1150 select 842_COMPRESS <<
1151 select 842_DECOMPRESS <<
1152 help 567 help
1153 842 compression algorithm by IBM !! 568 Blowfish cipher algorithm, by Bruce Schneier.
>> 569
>> 570 This is a variable key length cipher which can use keys from 32
>> 571 bits to 448 bits in length. It's fast, simple and specifically
>> 572 designed for use on "large microprocessors".
1154 573
1155 See https://github.com/plauth/lib84 !! 574 See also:
>> 575 <http://www.schneier.com/blowfish.html>
1156 576
1157 config CRYPTO_LZ4 !! 577 config CRYPTO_CAMELLIA
1158 tristate "LZ4" !! 578 tristate "Camellia cipher algorithms"
>> 579 depends on CRYPTO
1159 select CRYPTO_ALGAPI 580 select CRYPTO_ALGAPI
1160 select CRYPTO_ACOMP2 <<
1161 select LZ4_COMPRESS <<
1162 select LZ4_DECOMPRESS <<
1163 help 581 help
1164 LZ4 compression algorithm !! 582 Camellia cipher algorithms module.
>> 583
>> 584 Camellia is a symmetric key block cipher developed jointly
>> 585 at NTT and Mitsubishi Electric Corporation.
>> 586
>> 587 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1165 588
1166 See https://github.com/lz4/lz4 for !! 589 See also:
>> 590 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1167 591
1168 config CRYPTO_LZ4HC !! 592 config CRYPTO_CAST5
1169 tristate "LZ4HC" !! 593 tristate "CAST5 (CAST-128) cipher algorithm"
1170 select CRYPTO_ALGAPI 594 select CRYPTO_ALGAPI
1171 select CRYPTO_ACOMP2 <<
1172 select LZ4HC_COMPRESS <<
1173 select LZ4_DECOMPRESS <<
1174 help 595 help
1175 LZ4 high compression mode algorithm !! 596 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 597 described in RFC2144.
1176 598
1177 See https://github.com/lz4/lz4 for !! 599 config CRYPTO_CAST6
>> 600 tristate "CAST6 (CAST-256) cipher algorithm"
>> 601 select CRYPTO_ALGAPI
>> 602 help
>> 603 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 604 described in RFC2612.
1178 605
1179 config CRYPTO_ZSTD !! 606 config CRYPTO_DES
1180 tristate "Zstd" !! 607 tristate "DES and Triple DES EDE cipher algorithms"
1181 select CRYPTO_ALGAPI 608 select CRYPTO_ALGAPI
1182 select CRYPTO_ACOMP2 <<
1183 select ZSTD_COMPRESS <<
1184 select ZSTD_DECOMPRESS <<
1185 help 609 help
1186 zstd compression algorithm !! 610 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1187 611
1188 See https://github.com/facebook/zst !! 612 config CRYPTO_FCRYPT
>> 613 tristate "FCrypt cipher algorithm"
>> 614 select CRYPTO_ALGAPI
>> 615 select CRYPTO_BLKCIPHER
>> 616 help
>> 617 FCrypt algorithm used by RxRPC.
1189 618
1190 endmenu !! 619 config CRYPTO_KHAZAD
>> 620 tristate "Khazad cipher algorithm"
>> 621 select CRYPTO_ALGAPI
>> 622 help
>> 623 Khazad cipher algorithm.
1191 624
1192 menu "Random number generation" !! 625 Khazad was a finalist in the initial NESSIE competition. It is
>> 626 an algorithm optimized for 64-bit processors with good performance
>> 627 on 32-bit processors. Khazad uses an 128 bit key size.
1193 628
1194 config CRYPTO_ANSI_CPRNG !! 629 See also:
1195 tristate "ANSI PRNG (Pseudo Random Nu !! 630 <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html>
1196 select CRYPTO_AES !! 631
1197 select CRYPTO_RNG !! 632 config CRYPTO_SALSA20
>> 633 tristate "Salsa20 stream cipher algorithm (EXPERIMENTAL)"
>> 634 depends on EXPERIMENTAL
>> 635 select CRYPTO_BLKCIPHER
1198 help 636 help
1199 Pseudo RNG (random number generator !! 637 Salsa20 stream cipher algorithm.
1200 638
1201 This uses the AES cipher algorithm. !! 639 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
>> 640 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1202 641
1203 Note that this option must be enabl !! 642 The Salsa20 stream cipher algorithm is designed by Daniel J.
>> 643 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1204 644
1205 menuconfig CRYPTO_DRBG_MENU !! 645 config CRYPTO_SALSA20_586
1206 tristate "NIST SP800-90A DRBG (Determ !! 646 tristate "Salsa20 stream cipher algorithm (i586) (EXPERIMENTAL)"
>> 647 depends on (X86 || UML_X86) && !64BIT
>> 648 depends on EXPERIMENTAL
>> 649 select CRYPTO_BLKCIPHER
1207 help 650 help
1208 DRBG (Deterministic Random Bit Gene !! 651 Salsa20 stream cipher algorithm.
1209 <<
1210 In the following submenu, one or mo <<
1211 652
1212 if CRYPTO_DRBG_MENU !! 653 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
>> 654 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1213 655
1214 config CRYPTO_DRBG_HMAC !! 656 The Salsa20 stream cipher algorithm is designed by Daniel J.
1215 bool !! 657 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1216 default y <<
1217 select CRYPTO_HMAC <<
1218 select CRYPTO_SHA512 <<
1219 658
1220 config CRYPTO_DRBG_HASH !! 659 config CRYPTO_SALSA20_X86_64
1221 bool "Hash_DRBG" !! 660 tristate "Salsa20 stream cipher algorithm (x86_64) (EXPERIMENTAL)"
1222 select CRYPTO_SHA256 !! 661 depends on (X86 || UML_X86) && 64BIT
>> 662 depends on EXPERIMENTAL
>> 663 select CRYPTO_BLKCIPHER
1223 help 664 help
1224 Hash_DRBG variant as defined in NIS !! 665 Salsa20 stream cipher algorithm.
1225 666
1226 This uses the SHA-1, SHA-256, SHA-3 !! 667 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
>> 668 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1227 669
1228 config CRYPTO_DRBG_CTR !! 670 The Salsa20 stream cipher algorithm is designed by Daniel J.
1229 bool "CTR_DRBG" !! 671 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1230 select CRYPTO_AES !! 672
1231 select CRYPTO_CTR !! 673 config CRYPTO_SEED
>> 674 tristate "SEED cipher algorithm"
>> 675 select CRYPTO_ALGAPI
1232 help 676 help
1233 CTR_DRBG variant as defined in NIST !! 677 SEED cipher algorithm (RFC4269).
>> 678
>> 679 SEED is a 128-bit symmetric key block cipher that has been
>> 680 developed by KISA (Korea Information Security Agency) as a
>> 681 national standard encryption algorithm of the Republic of Korea.
>> 682 It is a 16 round block cipher with the key size of 128 bit.
1234 683
1235 This uses the AES cipher algorithm !! 684 See also:
>> 685 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1236 686
1237 config CRYPTO_DRBG !! 687 config CRYPTO_SERPENT
1238 tristate !! 688 tristate "Serpent cipher algorithm"
1239 default CRYPTO_DRBG_MENU !! 689 select CRYPTO_ALGAPI
1240 select CRYPTO_RNG !! 690 help
1241 select CRYPTO_JITTERENTROPY !! 691 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 692
>> 693 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 694 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
>> 695 variant of Serpent for compatibility with old kerneli.org code.
1242 696
1243 endif # if CRYPTO_DRBG_MENU !! 697 See also:
>> 698 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1244 699
1245 config CRYPTO_JITTERENTROPY !! 700 config CRYPTO_TEA
1246 tristate "CPU Jitter Non-Deterministi !! 701 tristate "TEA, XTEA and XETA cipher algorithms"
1247 select CRYPTO_RNG !! 702 select CRYPTO_ALGAPI
1248 select CRYPTO_SHA3 <<
1249 help 703 help
1250 CPU Jitter RNG (Random Number Gener !! 704 TEA cipher algorithm.
1251 705
1252 A non-physical non-deterministic (" !! 706 Tiny Encryption Algorithm is a simple cipher that uses
1253 compliant with NIST SP800-90B) inte !! 707 many rounds for security. It is very fast and uses
1254 deterministic RNG (e.g., per NIST S !! 708 little memory.
1255 This RNG does not perform any crypt !! 709
1256 random numbers. !! 710 Xtendend Tiny Encryption Algorithm is a modification to
1257 !! 711 the TEA algorithm to address a potential key weakness
1258 See https://www.chronox.de/jent/ !! 712 in the TEA algorithm.
1259 <<
1260 if CRYPTO_JITTERENTROPY <<
1261 if CRYPTO_FIPS && EXPERT <<
1262 <<
1263 choice <<
1264 prompt "CPU Jitter RNG Memory Size" <<
1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ <<
1266 help <<
1267 The Jitter RNG measures the executi <<
1268 Multiple consecutive memory accesse <<
1269 size fits into a cache (e.g. L1), o <<
1270 to that cache is measured. The clos <<
1271 the less variations are measured an <<
1272 obtained. Thus, if the memory size <<
1273 obtained entropy is less than if th <<
1274 L1 + L2, which in turn is less if t <<
1275 L1 + L2 + L3. Thus, by selecting a <<
1276 the entropy rate produced by the Ji <<
1277 <<
1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 <<
1279 bool "2048 Bytes (default)" <<
1280 <<
1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1282 bool "128 kBytes" <<
1283 <<
1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1285 bool "1024 kBytes" <<
1286 <<
1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 <<
1288 bool "8192 kBytes" <<
1289 endchoice <<
1290 <<
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1292 int <<
1293 default 64 if CRYPTO_JITTERENTROPY_ME <<
1294 default 512 if CRYPTO_JITTERENTROPY_M <<
1295 default 1024 if CRYPTO_JITTERENTROPY_ <<
1296 default 4096 if CRYPTO_JITTERENTROPY_ <<
1297 <<
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1299 int <<
1300 default 32 if CRYPTO_JITTERENTROPY_ME <<
1301 default 256 if CRYPTO_JITTERENTROPY_M <<
1302 default 1024 if CRYPTO_JITTERENTROPY_ <<
1303 default 2048 if CRYPTO_JITTERENTROPY_ <<
1304 <<
1305 config CRYPTO_JITTERENTROPY_OSR <<
1306 int "CPU Jitter RNG Oversampling Rate <<
1307 range 1 15 <<
1308 default 3 <<
1309 help <<
1310 The Jitter RNG allows the specifica <<
1311 The Jitter RNG operation requires a <<
1312 measurements to produce one output <<
1313 OSR value is multiplied with the am <<
1314 generate one output block. Thus, th <<
1315 by the OSR factor. The oversampling <<
1316 on hardware whose timers deliver li <<
1317 the timer is coarse) by setting the <<
1318 trade-off, however, is that the Jit <<
1319 to generate random numbers. <<
1320 <<
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1322 bool "CPU Jitter RNG Test Interface" <<
1323 help <<
1324 The test interface allows a privile <<
1325 the raw unconditioned high resoluti <<
1326 is collected by the Jitter RNG for <<
1327 this data is used at the same time <<
1328 the Jitter RNG operates in an insec <<
1329 recording is enabled. This interfac <<
1330 intended for testing purposes and i <<
1331 production systems. <<
1332 <<
1333 The raw noise data can be obtained <<
1334 debugfs file. Using the option <<
1335 jitterentropy_testing.boot_raw_hire <<
1336 the first 1000 entropy events since <<
1337 <<
1338 If unsure, select N. <<
1339 <<
1340 endif # if CRYPTO_FIPS && EXPERT <<
1341 <<
1342 if !(CRYPTO_FIPS && EXPERT) <<
1343 <<
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1345 int <<
1346 default 64 <<
1347 <<
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1349 int <<
1350 default 32 <<
1351 <<
1352 config CRYPTO_JITTERENTROPY_OSR <<
1353 int <<
1354 default 1 <<
1355 713
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE !! 714 Xtendend Encryption Tiny Algorithm is a mis-implementation
1357 bool !! 715 of the XTEA algorithm for compatibility purposes.
1358 716
1359 endif # if !(CRYPTO_FIPS && EXPERT) !! 717 config CRYPTO_TWOFISH
1360 endif # if CRYPTO_JITTERENTROPY !! 718 tristate "Twofish cipher algorithm"
>> 719 select CRYPTO_ALGAPI
>> 720 select CRYPTO_TWOFISH_COMMON
>> 721 help
>> 722 Twofish cipher algorithm.
1361 723
1362 config CRYPTO_KDF800108_CTR !! 724 Twofish was submitted as an AES (Advanced Encryption Standard)
1363 tristate !! 725 candidate cipher by researchers at CounterPane Systems. It is a
1364 select CRYPTO_HMAC !! 726 16 round block cipher supporting key sizes of 128, 192, and 256
1365 select CRYPTO_SHA256 !! 727 bits.
1366 728
1367 endmenu !! 729 See also:
1368 menu "Userspace interface" !! 730 <http://www.schneier.com/twofish.html>
1369 731
1370 config CRYPTO_USER_API !! 732 config CRYPTO_TWOFISH_COMMON
1371 tristate 733 tristate
>> 734 help
>> 735 Common parts of the Twofish cipher algorithm shared by the
>> 736 generic c and the assembler implementations.
1372 737
1373 config CRYPTO_USER_API_HASH !! 738 config CRYPTO_TWOFISH_586
1374 tristate "Hash algorithms" !! 739 tristate "Twofish cipher algorithms (i586)"
1375 depends on NET !! 740 depends on (X86 || UML_X86) && !64BIT
1376 select CRYPTO_HASH !! 741 select CRYPTO_ALGAPI
1377 select CRYPTO_USER_API !! 742 select CRYPTO_TWOFISH_COMMON
1378 help 743 help
1379 Enable the userspace interface for !! 744 Twofish cipher algorithm.
>> 745
>> 746 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 747 candidate cipher by researchers at CounterPane Systems. It is a
>> 748 16 round block cipher supporting key sizes of 128, 192, and 256
>> 749 bits.
1380 750
1381 See Documentation/crypto/userspace- !! 751 See also:
1382 https://www.chronox.de/libkcapi/htm !! 752 <http://www.schneier.com/twofish.html>
1383 753
1384 config CRYPTO_USER_API_SKCIPHER !! 754 config CRYPTO_TWOFISH_X86_64
1385 tristate "Symmetric key cipher algori !! 755 tristate "Twofish cipher algorithm (x86_64)"
1386 depends on NET !! 756 depends on (X86 || UML_X86) && 64BIT
1387 select CRYPTO_SKCIPHER !! 757 select CRYPTO_ALGAPI
1388 select CRYPTO_USER_API !! 758 select CRYPTO_TWOFISH_COMMON
1389 help 759 help
1390 Enable the userspace interface for !! 760 Twofish cipher algorithm (x86_64).
1391 761
1392 See Documentation/crypto/userspace- !! 762 Twofish was submitted as an AES (Advanced Encryption Standard)
1393 https://www.chronox.de/libkcapi/htm !! 763 candidate cipher by researchers at CounterPane Systems. It is a
>> 764 16 round block cipher supporting key sizes of 128, 192, and 256
>> 765 bits.
1394 766
1395 config CRYPTO_USER_API_RNG !! 767 See also:
1396 tristate "RNG (random number generato !! 768 <http://www.schneier.com/twofish.html>
1397 depends on NET !! 769
1398 select CRYPTO_RNG !! 770 comment "Compression"
1399 select CRYPTO_USER_API !! 771
>> 772 config CRYPTO_DEFLATE
>> 773 tristate "Deflate compression algorithm"
>> 774 select CRYPTO_ALGAPI
>> 775 select ZLIB_INFLATE
>> 776 select ZLIB_DEFLATE
1400 help 777 help
1401 Enable the userspace interface for !! 778 This is the Deflate algorithm (RFC1951), specified for use in
1402 algorithms. !! 779 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
>> 780
>> 781 You will most probably want this if using IPSec.
1403 782
1404 See Documentation/crypto/userspace- !! 783 config CRYPTO_ZLIB
1405 https://www.chronox.de/libkcapi/htm !! 784 tristate "Zlib compression algorithm"
>> 785 select CRYPTO_PCOMP
>> 786 select ZLIB_INFLATE
>> 787 select ZLIB_DEFLATE
>> 788 select NLATTR
>> 789 help
>> 790 This is the zlib algorithm.
1406 791
1407 config CRYPTO_USER_API_RNG_CAVP !! 792 config CRYPTO_LZO
1408 bool "Enable CAVP testing of DRBG" !! 793 tristate "LZO compression algorithm"
1409 depends on CRYPTO_USER_API_RNG && CRY !! 794 select CRYPTO_ALGAPI
>> 795 select LZO_COMPRESS
>> 796 select LZO_DECOMPRESS
1410 help 797 help
1411 Enable extra APIs in the userspace !! 798 This is the LZO algorithm.
1412 (Cryptographic Algorithm Validation <<
1413 - resetting DRBG entropy <<
1414 - providing Additional Data <<
1415 799
1416 This should only be enabled for CAV !! 800 comment "Random Number Generation"
1417 no unless you know what this is. <<
1418 801
1419 config CRYPTO_USER_API_AEAD !! 802 config CRYPTO_ANSI_CPRNG
1420 tristate "AEAD cipher algorithms" !! 803 tristate "Pseudo Random Number Generation for Cryptographic modules"
1421 depends on NET !! 804 default m
1422 select CRYPTO_AEAD !! 805 select CRYPTO_AES
1423 select CRYPTO_SKCIPHER !! 806 select CRYPTO_RNG
1424 select CRYPTO_NULL !! 807 help
1425 select CRYPTO_USER_API !! 808 This option enables the generic pseudo random number generator
1426 help !! 809 for cryptographic modules. Uses the Algorithm specified in
1427 Enable the userspace interface for !! 810 ANSI X9.31 A.2.4. Not this option must be enabled if CRYPTO_FIPS
1428 !! 811 is selected
1429 See Documentation/crypto/userspace- <<
1430 https://www.chronox.de/libkcapi/htm <<
1431 <<
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE <<
1433 bool "Obsolete cryptographic algorith <<
1434 depends on CRYPTO_USER_API <<
1435 default y <<
1436 help <<
1437 Allow obsolete cryptographic algori <<
1438 already been phased out from intern <<
1439 only useful for userspace clients t <<
1440 <<
1441 endmenu <<
1442 <<
1443 config CRYPTO_HASH_INFO <<
1444 bool <<
1445 <<
1446 if !KMSAN # avoid false positives from assemb <<
1447 if ARM <<
1448 source "arch/arm/crypto/Kconfig" <<
1449 endif <<
1450 if ARM64 <<
1451 source "arch/arm64/crypto/Kconfig" <<
1452 endif <<
1453 if LOONGARCH <<
1454 source "arch/loongarch/crypto/Kconfig" <<
1455 endif <<
1456 if MIPS <<
1457 source "arch/mips/crypto/Kconfig" <<
1458 endif <<
1459 if PPC <<
1460 source "arch/powerpc/crypto/Kconfig" <<
1461 endif <<
1462 if RISCV <<
1463 source "arch/riscv/crypto/Kconfig" <<
1464 endif <<
1465 if S390 <<
1466 source "arch/s390/crypto/Kconfig" <<
1467 endif <<
1468 if SPARC <<
1469 source "arch/sparc/crypto/Kconfig" <<
1470 endif <<
1471 if X86 <<
1472 source "arch/x86/crypto/Kconfig" <<
1473 endif <<
1474 endif <<
1475 812
1476 source "drivers/crypto/Kconfig" 813 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig" <<
1478 source "certs/Kconfig" <<
1479 814
1480 endif # if CRYPTO 815 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.