1 # SPDX-License-Identifier: GPL-2.0 <<
2 # 1 #
3 # Generic algorithms support 2 # Generic algorithms support
4 # 3 #
5 config XOR_BLOCKS 4 config XOR_BLOCKS
6 tristate 5 tristate
7 6
8 # 7 #
9 # async_tx api: hardware offloaded memory tran 8 # async_tx api: hardware offloaded memory transfer/transform support
10 # 9 #
11 source "crypto/async_tx/Kconfig" 10 source "crypto/async_tx/Kconfig"
12 11
13 # 12 #
14 # Cryptographic API Configuration 13 # Cryptographic API Configuration
15 # 14 #
16 menuconfig CRYPTO 15 menuconfig CRYPTO
17 tristate "Cryptographic API" 16 tristate "Cryptographic API"
18 select CRYPTO_LIB_UTILS <<
19 help 17 help
20 This option provides the core Crypto 18 This option provides the core Cryptographic API.
21 19
22 if CRYPTO 20 if CRYPTO
23 21
24 menu "Crypto core or helper" !! 22 comment "Crypto core or helper"
25 23
26 config CRYPTO_FIPS 24 config CRYPTO_FIPS
27 bool "FIPS 200 compliance" 25 bool "FIPS 200 compliance"
28 depends on (CRYPTO_ANSI_CPRNG || CRYPT !! 26 depends on CRYPTO_ANSI_CPRNG && !CRYPTO_MANAGER_DISABLE_TESTS
29 depends on (MODULE_SIG || !MODULES) <<
30 help 27 help
31 This option enables the fips boot op !! 28 This options enables the fips boot option which is
32 required if you want the system to o !! 29 required if you want to system to operate in a FIPS 200
33 certification. You should say no un 30 certification. You should say no unless you know what
34 this is. 31 this is.
35 32
36 config CRYPTO_FIPS_NAME <<
37 string "FIPS Module Name" <<
38 default "Linux Kernel Cryptographic AP <<
39 depends on CRYPTO_FIPS <<
40 help <<
41 This option sets the FIPS Module nam <<
42 the /proc/sys/crypto/fips_name file. <<
43 <<
44 config CRYPTO_FIPS_CUSTOM_VERSION <<
45 bool "Use Custom FIPS Module Version" <<
46 depends on CRYPTO_FIPS <<
47 default n <<
48 <<
49 config CRYPTO_FIPS_VERSION <<
50 string "FIPS Module Version" <<
51 default "(none)" <<
52 depends on CRYPTO_FIPS_CUSTOM_VERSION <<
53 help <<
54 This option provides the ability to <<
55 By default the KERNELRELEASE value i <<
56 <<
57 config CRYPTO_ALGAPI 33 config CRYPTO_ALGAPI
58 tristate 34 tristate
59 select CRYPTO_ALGAPI2 35 select CRYPTO_ALGAPI2
60 help 36 help
61 This option provides the API for cry 37 This option provides the API for cryptographic algorithms.
62 38
63 config CRYPTO_ALGAPI2 39 config CRYPTO_ALGAPI2
64 tristate 40 tristate
65 41
66 config CRYPTO_AEAD 42 config CRYPTO_AEAD
67 tristate 43 tristate
68 select CRYPTO_AEAD2 44 select CRYPTO_AEAD2
69 select CRYPTO_ALGAPI 45 select CRYPTO_ALGAPI
70 46
71 config CRYPTO_AEAD2 47 config CRYPTO_AEAD2
72 tristate 48 tristate
73 select CRYPTO_ALGAPI2 49 select CRYPTO_ALGAPI2
74 50
75 config CRYPTO_SIG !! 51 config CRYPTO_BLKCIPHER
76 tristate 52 tristate
77 select CRYPTO_SIG2 !! 53 select CRYPTO_BLKCIPHER2
78 select CRYPTO_ALGAPI 54 select CRYPTO_ALGAPI
79 55
80 config CRYPTO_SIG2 !! 56 config CRYPTO_BLKCIPHER2
81 tristate <<
82 select CRYPTO_ALGAPI2 <<
83 <<
84 config CRYPTO_SKCIPHER <<
85 tristate <<
86 select CRYPTO_SKCIPHER2 <<
87 select CRYPTO_ALGAPI <<
88 select CRYPTO_ECB <<
89 <<
90 config CRYPTO_SKCIPHER2 <<
91 tristate 57 tristate
92 select CRYPTO_ALGAPI2 58 select CRYPTO_ALGAPI2
>> 59 select CRYPTO_RNG2
>> 60 select CRYPTO_WORKQUEUE
93 61
94 config CRYPTO_HASH 62 config CRYPTO_HASH
95 tristate 63 tristate
96 select CRYPTO_HASH2 64 select CRYPTO_HASH2
97 select CRYPTO_ALGAPI 65 select CRYPTO_ALGAPI
98 66
99 config CRYPTO_HASH2 67 config CRYPTO_HASH2
100 tristate 68 tristate
101 select CRYPTO_ALGAPI2 69 select CRYPTO_ALGAPI2
102 70
103 config CRYPTO_RNG 71 config CRYPTO_RNG
104 tristate 72 tristate
105 select CRYPTO_RNG2 73 select CRYPTO_RNG2
106 select CRYPTO_ALGAPI 74 select CRYPTO_ALGAPI
107 75
108 config CRYPTO_RNG2 76 config CRYPTO_RNG2
109 tristate 77 tristate
110 select CRYPTO_ALGAPI2 78 select CRYPTO_ALGAPI2
111 79
112 config CRYPTO_RNG_DEFAULT !! 80 config CRYPTO_PCOMP
113 tristate <<
114 select CRYPTO_DRBG_MENU <<
115 <<
116 config CRYPTO_AKCIPHER2 <<
117 tristate <<
118 select CRYPTO_ALGAPI2 <<
119 <<
120 config CRYPTO_AKCIPHER <<
121 tristate 81 tristate
122 select CRYPTO_AKCIPHER2 !! 82 select CRYPTO_PCOMP2
123 select CRYPTO_ALGAPI 83 select CRYPTO_ALGAPI
124 84
125 config CRYPTO_KPP2 !! 85 config CRYPTO_PCOMP2
126 tristate 86 tristate
127 select CRYPTO_ALGAPI2 87 select CRYPTO_ALGAPI2
128 88
129 config CRYPTO_KPP <<
130 tristate <<
131 select CRYPTO_ALGAPI <<
132 select CRYPTO_KPP2 <<
133 <<
134 config CRYPTO_ACOMP2 <<
135 tristate <<
136 select CRYPTO_ALGAPI2 <<
137 select SGL_ALLOC <<
138 <<
139 config CRYPTO_ACOMP <<
140 tristate <<
141 select CRYPTO_ALGAPI <<
142 select CRYPTO_ACOMP2 <<
143 <<
144 config CRYPTO_MANAGER 89 config CRYPTO_MANAGER
145 tristate "Cryptographic algorithm mana 90 tristate "Cryptographic algorithm manager"
146 select CRYPTO_MANAGER2 91 select CRYPTO_MANAGER2
147 help 92 help
148 Create default cryptographic templat 93 Create default cryptographic template instantiations such as
149 cbc(aes). 94 cbc(aes).
150 95
151 config CRYPTO_MANAGER2 96 config CRYPTO_MANAGER2
152 def_tristate CRYPTO_MANAGER || (CRYPTO 97 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153 select CRYPTO_ACOMP2 <<
154 select CRYPTO_AEAD2 98 select CRYPTO_AEAD2
155 select CRYPTO_AKCIPHER2 <<
156 select CRYPTO_SIG2 <<
157 select CRYPTO_HASH2 99 select CRYPTO_HASH2
158 select CRYPTO_KPP2 !! 100 select CRYPTO_BLKCIPHER2
159 select CRYPTO_RNG2 !! 101 select CRYPTO_PCOMP2
160 select CRYPTO_SKCIPHER2 <<
161 102
162 config CRYPTO_USER 103 config CRYPTO_USER
163 tristate "Userspace cryptographic algo 104 tristate "Userspace cryptographic algorithm configuration"
164 depends on NET 105 depends on NET
165 select CRYPTO_MANAGER 106 select CRYPTO_MANAGER
166 help 107 help
167 Userspace configuration for cryptogr 108 Userspace configuration for cryptographic instantiations such as
168 cbc(aes). 109 cbc(aes).
169 110
170 config CRYPTO_MANAGER_DISABLE_TESTS 111 config CRYPTO_MANAGER_DISABLE_TESTS
171 bool "Disable run-time self tests" 112 bool "Disable run-time self tests"
172 default y 113 default y
>> 114 depends on CRYPTO_MANAGER2
173 help 115 help
174 Disable run-time self tests that nor 116 Disable run-time self tests that normally take place at
175 algorithm registration. 117 algorithm registration.
176 118
177 config CRYPTO_MANAGER_EXTRA_TESTS !! 119 config CRYPTO_GF128MUL
178 bool "Enable extra run-time crypto sel !! 120 tristate "GF(2^128) multiplication functions"
179 depends on DEBUG_KERNEL && !CRYPTO_MAN <<
180 help 121 help
181 Enable extra run-time self tests of !! 122 Efficient table driven implementation of multiplications in the
182 including randomized fuzz tests. !! 123 field GF(2^128). This is needed by some cypher modes. This
183 !! 124 option will be selected automatically if you select such a
184 This is intended for developer use o !! 125 cipher mode. Only select this option by hand if you expect to load
185 longer to run than the normal self t !! 126 an external module that requires these functions.
186 127
187 config CRYPTO_NULL 128 config CRYPTO_NULL
188 tristate "Null algorithms" 129 tristate "Null algorithms"
189 select CRYPTO_NULL2 !! 130 select CRYPTO_ALGAPI
>> 131 select CRYPTO_BLKCIPHER
>> 132 select CRYPTO_HASH
190 help 133 help
191 These are 'Null' algorithms, used by 134 These are 'Null' algorithms, used by IPsec, which do nothing.
192 135
193 config CRYPTO_NULL2 <<
194 tristate <<
195 select CRYPTO_ALGAPI2 <<
196 select CRYPTO_SKCIPHER2 <<
197 select CRYPTO_HASH2 <<
198 <<
199 config CRYPTO_PCRYPT 136 config CRYPTO_PCRYPT
200 tristate "Parallel crypto engine" 137 tristate "Parallel crypto engine"
201 depends on SMP 138 depends on SMP
202 select PADATA 139 select PADATA
203 select CRYPTO_MANAGER 140 select CRYPTO_MANAGER
204 select CRYPTO_AEAD 141 select CRYPTO_AEAD
205 help 142 help
206 This converts an arbitrary crypto al 143 This converts an arbitrary crypto algorithm into a parallel
207 algorithm that executes in kernel th 144 algorithm that executes in kernel threads.
208 145
>> 146 config CRYPTO_WORKQUEUE
>> 147 tristate
>> 148
209 config CRYPTO_CRYPTD 149 config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon 150 tristate "Software async crypto daemon"
211 select CRYPTO_SKCIPHER !! 151 select CRYPTO_BLKCIPHER
212 select CRYPTO_HASH 152 select CRYPTO_HASH
213 select CRYPTO_MANAGER 153 select CRYPTO_MANAGER
>> 154 select CRYPTO_WORKQUEUE
214 help 155 help
215 This is a generic software asynchron 156 This is a generic software asynchronous crypto daemon that
216 converts an arbitrary synchronous so 157 converts an arbitrary synchronous software crypto algorithm
217 into an asynchronous algorithm that 158 into an asynchronous algorithm that executes in a kernel thread.
218 159
219 config CRYPTO_AUTHENC 160 config CRYPTO_AUTHENC
220 tristate "Authenc support" 161 tristate "Authenc support"
221 select CRYPTO_AEAD 162 select CRYPTO_AEAD
222 select CRYPTO_SKCIPHER !! 163 select CRYPTO_BLKCIPHER
223 select CRYPTO_MANAGER 164 select CRYPTO_MANAGER
224 select CRYPTO_HASH 165 select CRYPTO_HASH
225 select CRYPTO_NULL <<
226 help 166 help
227 Authenc: Combined mode wrapper for I 167 Authenc: Combined mode wrapper for IPsec.
228 !! 168 This is required for IPSec.
229 This is required for IPSec ESP (XFRM <<
230 169
231 config CRYPTO_TEST 170 config CRYPTO_TEST
232 tristate "Testing module" 171 tristate "Testing module"
233 depends on m || EXPERT !! 172 depends on m
234 select CRYPTO_MANAGER 173 select CRYPTO_MANAGER
235 help 174 help
236 Quick & dirty crypto test module. 175 Quick & dirty crypto test module.
237 176
238 config CRYPTO_SIMD !! 177 config CRYPTO_ABLK_HELPER_X86
239 tristate 178 tristate
>> 179 depends on X86
240 select CRYPTO_CRYPTD 180 select CRYPTO_CRYPTD
241 181
242 config CRYPTO_ENGINE !! 182 config CRYPTO_GLUE_HELPER_X86
243 tristate 183 tristate
>> 184 depends on X86
>> 185 select CRYPTO_ALGAPI
244 186
245 endmenu !! 187 comment "Authenticated Encryption with Associated Data"
246 188
247 menu "Public-key cryptography" !! 189 config CRYPTO_CCM
>> 190 tristate "CCM support"
>> 191 select CRYPTO_CTR
>> 192 select CRYPTO_AEAD
>> 193 help
>> 194 Support for Counter with CBC MAC. Required for IPsec.
248 195
249 config CRYPTO_RSA !! 196 config CRYPTO_GCM
250 tristate "RSA (Rivest-Shamir-Adleman)" !! 197 tristate "GCM/GMAC support"
251 select CRYPTO_AKCIPHER !! 198 select CRYPTO_CTR
>> 199 select CRYPTO_AEAD
>> 200 select CRYPTO_GHASH
>> 201 select CRYPTO_NULL
>> 202 help
>> 203 Support for Galois/Counter Mode (GCM) and Galois Message
>> 204 Authentication Code (GMAC). Required for IPSec.
>> 205
>> 206 config CRYPTO_SEQIV
>> 207 tristate "Sequence Number IV Generator"
>> 208 select CRYPTO_AEAD
>> 209 select CRYPTO_BLKCIPHER
>> 210 select CRYPTO_RNG
>> 211 help
>> 212 This IV generator generates an IV based on a sequence number by
>> 213 xoring it with a salt. This algorithm is mainly useful for CTR
>> 214
>> 215 comment "Block modes"
>> 216
>> 217 config CRYPTO_CBC
>> 218 tristate "CBC support"
>> 219 select CRYPTO_BLKCIPHER
252 select CRYPTO_MANAGER 220 select CRYPTO_MANAGER
253 select MPILIB <<
254 select ASN1 <<
255 help 221 help
256 RSA (Rivest-Shamir-Adleman) public k !! 222 CBC: Cipher Block Chaining mode
>> 223 This block cipher algorithm is required for IPSec.
257 224
258 config CRYPTO_DH !! 225 config CRYPTO_CTR
259 tristate "DH (Diffie-Hellman)" !! 226 tristate "CTR support"
260 select CRYPTO_KPP !! 227 select CRYPTO_BLKCIPHER
261 select MPILIB !! 228 select CRYPTO_SEQIV
>> 229 select CRYPTO_MANAGER
262 help 230 help
263 DH (Diffie-Hellman) key exchange alg !! 231 CTR: Counter mode
>> 232 This block cipher algorithm is required for IPSec.
264 233
265 config CRYPTO_DH_RFC7919_GROUPS !! 234 config CRYPTO_CTS
266 bool "RFC 7919 FFDHE groups" !! 235 tristate "CTS support"
267 depends on CRYPTO_DH !! 236 select CRYPTO_BLKCIPHER
268 select CRYPTO_RNG_DEFAULT <<
269 help 237 help
270 FFDHE (Finite-Field-based Diffie-Hel !! 238 CTS: Cipher Text Stealing
271 defined in RFC7919. !! 239 This is the Cipher Text Stealing mode as described by
>> 240 Section 8 of rfc2040 and referenced by rfc3962.
>> 241 (rfc3962 includes errata information in its Appendix A)
>> 242 This mode is required for Kerberos gss mechanism support
>> 243 for AES encryption.
272 244
273 Support these finite-field groups in !! 245 config CRYPTO_ECB
274 - ffdhe2048, ffdhe3072, ffdhe4096, f !! 246 tristate "ECB support"
>> 247 select CRYPTO_BLKCIPHER
>> 248 select CRYPTO_MANAGER
>> 249 help
>> 250 ECB: Electronic CodeBook mode
>> 251 This is the simplest block cipher algorithm. It simply encrypts
>> 252 the input block by block.
275 253
276 If unsure, say N. !! 254 config CRYPTO_LRW
>> 255 tristate "LRW support"
>> 256 select CRYPTO_BLKCIPHER
>> 257 select CRYPTO_MANAGER
>> 258 select CRYPTO_GF128MUL
>> 259 help
>> 260 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
>> 261 narrow block cipher mode for dm-crypt. Use it with cipher
>> 262 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
>> 263 The first 128, 192 or 256 bits in the key are used for AES and the
>> 264 rest is used to tie each cipher block to its logical position.
277 265
278 config CRYPTO_ECC !! 266 config CRYPTO_PCBC
279 tristate !! 267 tristate "PCBC support"
280 select CRYPTO_RNG_DEFAULT !! 268 select CRYPTO_BLKCIPHER
>> 269 select CRYPTO_MANAGER
>> 270 help
>> 271 PCBC: Propagating Cipher Block Chaining mode
>> 272 This block cipher algorithm is required for RxRPC.
281 273
282 config CRYPTO_ECDH !! 274 config CRYPTO_XTS
283 tristate "ECDH (Elliptic Curve Diffie- !! 275 tristate "XTS support"
284 select CRYPTO_ECC !! 276 select CRYPTO_BLKCIPHER
285 select CRYPTO_KPP !! 277 select CRYPTO_MANAGER
>> 278 select CRYPTO_GF128MUL
286 help 279 help
287 ECDH (Elliptic Curve Diffie-Hellman) !! 280 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
288 using curves P-192, P-256, and P-384 !! 281 key size 256, 384 or 512 bits. This implementation currently
>> 282 can't handle a sectorsize which is not a multiple of 16 bytes.
>> 283
>> 284 comment "Hash modes"
289 285
290 config CRYPTO_ECDSA !! 286 config CRYPTO_CMAC
291 tristate "ECDSA (Elliptic Curve Digita !! 287 tristate "CMAC support"
292 select CRYPTO_ECC !! 288 select CRYPTO_HASH
293 select CRYPTO_AKCIPHER !! 289 select CRYPTO_MANAGER
294 select ASN1 <<
295 help 290 help
296 ECDSA (Elliptic Curve Digital Signat !! 291 Cipher-based Message Authentication Code (CMAC) specified by
297 ISO/IEC 14888-3) !! 292 The National Institute of Standards and Technology (NIST).
298 using curves P-192, P-256, and P-384 <<
299 293
300 Only signature verification is imple !! 294 https://tools.ietf.org/html/rfc4493
>> 295 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
301 296
302 config CRYPTO_ECRDSA !! 297 config CRYPTO_HMAC
303 tristate "EC-RDSA (Elliptic Curve Russ !! 298 tristate "HMAC support"
304 select CRYPTO_ECC !! 299 select CRYPTO_HASH
305 select CRYPTO_AKCIPHER !! 300 select CRYPTO_MANAGER
306 select CRYPTO_STREEBOG <<
307 select OID_REGISTRY <<
308 select ASN1 <<
309 help 301 help
310 Elliptic Curve Russian Digital Signa !! 302 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
311 RFC 7091, ISO/IEC 14888-3) !! 303 This is required for IPSec.
312 304
313 One of the Russian cryptographic sta !! 305 config CRYPTO_XCBC
314 algorithms). Only signature verifica !! 306 tristate "XCBC support"
>> 307 select CRYPTO_HASH
>> 308 select CRYPTO_MANAGER
>> 309 help
>> 310 XCBC: Keyed-Hashing with encryption algorithm
>> 311 http://www.ietf.org/rfc/rfc3566.txt
>> 312 http://csrc.nist.gov/encryption/modes/proposedmodes/
>> 313 xcbc-mac/xcbc-mac-spec.pdf
315 314
316 config CRYPTO_CURVE25519 !! 315 config CRYPTO_VMAC
317 tristate "Curve25519" !! 316 tristate "VMAC support"
318 select CRYPTO_KPP !! 317 select CRYPTO_HASH
319 select CRYPTO_LIB_CURVE25519_GENERIC !! 318 select CRYPTO_MANAGER
320 help 319 help
321 Curve25519 elliptic curve (RFC7748) !! 320 VMAC is a message authentication algorithm designed for
>> 321 very high speed on 64-bit architectures.
322 322
323 endmenu !! 323 See also:
>> 324 <http://fastcrypto.org/vmac>
324 325
325 menu "Block ciphers" !! 326 comment "Digest"
326 327
327 config CRYPTO_AES !! 328 config CRYPTO_CRC32C
328 tristate "AES (Advanced Encryption Sta !! 329 tristate "CRC32c CRC algorithm"
329 select CRYPTO_ALGAPI !! 330 select CRYPTO_HASH
330 select CRYPTO_LIB_AES !! 331 select CRC32
331 help 332 help
332 AES cipher algorithms (Rijndael)(FIP !! 333 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
>> 334 by iSCSI for header and data digests and by others.
>> 335 See Castagnoli93. Module will be crc32c.
>> 336
>> 337 config CRYPTO_CRC32C_INTEL
>> 338 tristate "CRC32c INTEL hardware acceleration"
>> 339 depends on X86
>> 340 select CRYPTO_HASH
>> 341 help
>> 342 In Intel processor with SSE4.2 supported, the processor will
>> 343 support CRC32C implementation using hardware accelerated CRC32
>> 344 instruction. This option will create 'crc32c-intel' module,
>> 345 which will enable any routine to use the CRC32 instruction to
>> 346 gain performance compared with software implementation.
>> 347 Module will be crc32c-intel.
>> 348
>> 349 config CRYPTO_CRC32C_SPARC64
>> 350 tristate "CRC32c CRC algorithm (SPARC64)"
>> 351 depends on SPARC64
>> 352 select CRYPTO_HASH
>> 353 select CRC32
>> 354 help
>> 355 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
>> 356 when available.
333 357
334 Rijndael appears to be consistently !! 358 config CRYPTO_CRC32
335 both hardware and software across a !! 359 tristate "CRC32 CRC algorithm"
336 environments regardless of its use i !! 360 select CRYPTO_HASH
337 modes. Its key setup time is excelle !! 361 select CRC32
338 good. Rijndael's very low memory req !! 362 help
339 suited for restricted-space environm !! 363 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
340 demonstrates excellent performance. !! 364 Shash crypto api wrappers to crc32_le function.
341 among the easiest to defend against <<
342 365
343 The AES specifies three key sizes: 1 !! 366 config CRYPTO_CRC32_PCLMUL
>> 367 tristate "CRC32 PCLMULQDQ hardware acceleration"
>> 368 depends on X86
>> 369 select CRYPTO_HASH
>> 370 select CRC32
>> 371 help
>> 372 From Intel Westmere and AMD Bulldozer processor with SSE4.2
>> 373 and PCLMULQDQ supported, the processor will support
>> 374 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
>> 375 instruction. This option will create 'crc32-plcmul' module,
>> 376 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
>> 377 and gain better performance as compared with the table implementation.
344 378
345 config CRYPTO_AES_TI !! 379 config CRYPTO_GHASH
346 tristate "AES (Advanced Encryption Sta !! 380 tristate "GHASH digest algorithm"
347 select CRYPTO_ALGAPI !! 381 select CRYPTO_GF128MUL
348 select CRYPTO_LIB_AES <<
349 help 382 help
350 AES cipher algorithms (Rijndael)(FIP !! 383 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
351 384
352 This is a generic implementation of !! 385 config CRYPTO_MD4
353 data dependent latencies as much as !! 386 tristate "MD4 digest algorithm"
354 performance too much. It is intended !! 387 select CRYPTO_HASH
355 and GCM drivers, and other CTR or CM !! 388 help
356 solely on encryption (although decry !! 389 MD4 message digest algorithm (RFC1320).
357 with a more dramatic performance hit <<
358 <<
359 Instead of using 16 lookup tables of <<
360 8 for decryption), this implementati <<
361 256 bytes each, and attempts to elim <<
362 prefetching the entire table into th <<
363 block. Interrupts are also disabled <<
364 are evicted when the CPU is interrup <<
365 390
366 config CRYPTO_ANUBIS !! 391 config CRYPTO_MD5
367 tristate "Anubis" !! 392 tristate "MD5 digest algorithm"
368 depends on CRYPTO_USER_API_ENABLE_OBSO !! 393 select CRYPTO_HASH
369 select CRYPTO_ALGAPI <<
370 help 394 help
371 Anubis cipher algorithm !! 395 MD5 message digest algorithm (RFC1321).
372 396
373 Anubis is a variable key length ciph !! 397 config CRYPTO_MD5_SPARC64
374 128 bits to 320 bits in length. It !! 398 tristate "MD5 digest algorithm (SPARC64)"
375 in the NESSIE competition. !! 399 depends on SPARC64
>> 400 select CRYPTO_MD5
>> 401 select CRYPTO_HASH
>> 402 help
>> 403 MD5 message digest algorithm (RFC1321) implemented
>> 404 using sparc64 crypto instructions, when available.
376 405
377 See https://web.archive.org/web/2016 !! 406 config CRYPTO_MICHAEL_MIC
378 for further information. !! 407 tristate "Michael MIC keyed digest algorithm"
>> 408 select CRYPTO_HASH
>> 409 help
>> 410 Michael MIC is used for message integrity protection in TKIP
>> 411 (IEEE 802.11i). This algorithm is required for TKIP, but it
>> 412 should not be used for other purposes because of the weakness
>> 413 of the algorithm.
379 414
380 config CRYPTO_ARIA !! 415 config CRYPTO_RMD128
381 tristate "ARIA" !! 416 tristate "RIPEMD-128 digest algorithm"
382 select CRYPTO_ALGAPI !! 417 select CRYPTO_HASH
383 help 418 help
384 ARIA cipher algorithm (RFC5794) !! 419 RIPEMD-128 (ISO/IEC 10118-3:2004).
385 420
386 ARIA is a standard encryption algori !! 421 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
387 The ARIA specifies three key sizes a !! 422 be used as a secure replacement for RIPEMD. For other use cases,
388 128-bit: 12 rounds. !! 423 RIPEMD-160 should be used.
389 192-bit: 14 rounds. <<
390 256-bit: 16 rounds. <<
391 424
392 See: !! 425 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
393 https://seed.kisa.or.kr/kisa/algorit !! 426 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
394 427
395 config CRYPTO_BLOWFISH !! 428 config CRYPTO_RMD160
396 tristate "Blowfish" !! 429 tristate "RIPEMD-160 digest algorithm"
397 select CRYPTO_ALGAPI !! 430 select CRYPTO_HASH
398 select CRYPTO_BLOWFISH_COMMON <<
399 help 431 help
400 Blowfish cipher algorithm, by Bruce !! 432 RIPEMD-160 (ISO/IEC 10118-3:2004).
401 433
402 This is a variable key length cipher !! 434 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
403 bits to 448 bits in length. It's fa !! 435 to be used as a secure replacement for the 128-bit hash functions
404 designed for use on "large microproc !! 436 MD4, MD5 and it's predecessor RIPEMD
>> 437 (not to be confused with RIPEMD-128).
405 438
406 See https://www.schneier.com/blowfis !! 439 It's speed is comparable to SHA1 and there are no known attacks
>> 440 against RIPEMD-160.
407 441
408 config CRYPTO_BLOWFISH_COMMON !! 442 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
409 tristate !! 443 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
410 help <<
411 Common parts of the Blowfish cipher <<
412 generic c and the assembler implemen <<
413 444
414 config CRYPTO_CAMELLIA !! 445 config CRYPTO_RMD256
415 tristate "Camellia" !! 446 tristate "RIPEMD-256 digest algorithm"
416 select CRYPTO_ALGAPI !! 447 select CRYPTO_HASH
417 help 448 help
418 Camellia cipher algorithms (ISO/IEC !! 449 RIPEMD-256 is an optional extension of RIPEMD-128 with a
>> 450 256 bit hash. It is intended for applications that require
>> 451 longer hash-results, without needing a larger security level
>> 452 (than RIPEMD-128).
419 453
420 Camellia is a symmetric key block ci !! 454 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
421 at NTT and Mitsubishi Electric Corpo !! 455 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
422 456
423 The Camellia specifies three key siz !! 457 config CRYPTO_RMD320
>> 458 tristate "RIPEMD-320 digest algorithm"
>> 459 select CRYPTO_HASH
>> 460 help
>> 461 RIPEMD-320 is an optional extension of RIPEMD-160 with a
>> 462 320 bit hash. It is intended for applications that require
>> 463 longer hash-results, without needing a larger security level
>> 464 (than RIPEMD-160).
424 465
425 See https://info.isl.ntt.co.jp/crypt !! 466 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
>> 467 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
426 468
427 config CRYPTO_CAST_COMMON !! 469 config CRYPTO_SHA1
428 tristate !! 470 tristate "SHA1 digest algorithm"
>> 471 select CRYPTO_HASH
429 help 472 help
430 Common parts of the CAST cipher algo !! 473 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
431 generic c and the assembler implemen <<
432 474
433 config CRYPTO_CAST5 !! 475 config CRYPTO_SHA1_SSSE3
434 tristate "CAST5 (CAST-128)" !! 476 tristate "SHA1 digest algorithm (SSSE3/AVX)"
435 select CRYPTO_ALGAPI !! 477 depends on X86 && 64BIT
436 select CRYPTO_CAST_COMMON !! 478 select CRYPTO_SHA1
>> 479 select CRYPTO_HASH
437 help 480 help
438 CAST5 (CAST-128) cipher algorithm (R !! 481 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 482 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
>> 483 Extensions (AVX), when available.
439 484
440 config CRYPTO_CAST6 !! 485 config CRYPTO_SHA256_SSSE3
441 tristate "CAST6 (CAST-256)" !! 486 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2)"
442 select CRYPTO_ALGAPI !! 487 depends on X86 && 64BIT
443 select CRYPTO_CAST_COMMON !! 488 select CRYPTO_SHA256
>> 489 select CRYPTO_HASH
>> 490 help
>> 491 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 492 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 493 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 494 version 2 (AVX2) instructions, when available.
>> 495
>> 496 config CRYPTO_SHA512_SSSE3
>> 497 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
>> 498 depends on X86 && 64BIT
>> 499 select CRYPTO_SHA512
>> 500 select CRYPTO_HASH
444 help 501 help
445 CAST6 (CAST-256) encryption algorith !! 502 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 503 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 504 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 505 version 2 (AVX2) instructions, when available.
446 506
447 config CRYPTO_DES !! 507 config CRYPTO_SHA1_SPARC64
448 tristate "DES and Triple DES EDE" !! 508 tristate "SHA1 digest algorithm (SPARC64)"
449 select CRYPTO_ALGAPI !! 509 depends on SPARC64
450 select CRYPTO_LIB_DES !! 510 select CRYPTO_SHA1
>> 511 select CRYPTO_HASH
451 help 512 help
452 DES (Data Encryption Standard)(FIPS !! 513 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
453 Triple DES EDE (Encrypt/Decrypt/Encr !! 514 using sparc64 crypto instructions, when available.
454 cipher algorithms <<
455 515
456 config CRYPTO_FCRYPT !! 516 config CRYPTO_SHA1_ARM
457 tristate "FCrypt" !! 517 tristate "SHA1 digest algorithm (ARM-asm)"
458 select CRYPTO_ALGAPI !! 518 depends on ARM
459 select CRYPTO_SKCIPHER !! 519 select CRYPTO_SHA1
>> 520 select CRYPTO_HASH
460 help 521 help
461 FCrypt algorithm used by RxRPC !! 522 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 523 using optimized ARM assembler.
462 524
463 See https://ota.polyonymo.us/fcrypt- !! 525 config CRYPTO_SHA1_PPC
>> 526 tristate "SHA1 digest algorithm (powerpc)"
>> 527 depends on PPC
>> 528 help
>> 529 This is the powerpc hardware accelerated implementation of the
>> 530 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
464 531
465 config CRYPTO_KHAZAD !! 532 config CRYPTO_SHA256
466 tristate "Khazad" !! 533 tristate "SHA224 and SHA256 digest algorithm"
467 depends on CRYPTO_USER_API_ENABLE_OBSO !! 534 select CRYPTO_HASH
468 select CRYPTO_ALGAPI <<
469 help 535 help
470 Khazad cipher algorithm !! 536 SHA256 secure hash standard (DFIPS 180-2).
471 537
472 Khazad was a finalist in the initial !! 538 This version of SHA implements a 256 bit hash with 128 bits of
473 an algorithm optimized for 64-bit pr !! 539 security against collision attacks.
474 on 32-bit processors. Khazad uses a <<
475 540
476 See https://web.archive.org/web/2017 !! 541 This code also includes SHA-224, a 224 bit hash with 112 bits
477 for further information. !! 542 of security against collision attacks.
478 543
479 config CRYPTO_SEED !! 544 config CRYPTO_SHA256_SPARC64
480 tristate "SEED" !! 545 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
481 depends on CRYPTO_USER_API_ENABLE_OBSO !! 546 depends on SPARC64
482 select CRYPTO_ALGAPI !! 547 select CRYPTO_SHA256
>> 548 select CRYPTO_HASH
483 help 549 help
484 SEED cipher algorithm (RFC4269, ISO/ !! 550 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 551 using sparc64 crypto instructions, when available.
485 552
486 SEED is a 128-bit symmetric key bloc !! 553 config CRYPTO_SHA512
487 developed by KISA (Korea Information !! 554 tristate "SHA384 and SHA512 digest algorithms"
488 national standard encryption algorit !! 555 select CRYPTO_HASH
489 It is a 16 round block cipher with t <<
490 <<
491 See https://seed.kisa.or.kr/kisa/alg <<
492 for further information. <<
493 <<
494 config CRYPTO_SERPENT <<
495 tristate "Serpent" <<
496 select CRYPTO_ALGAPI <<
497 help 556 help
498 Serpent cipher algorithm, by Anderso !! 557 SHA512 secure hash standard (DFIPS 180-2).
499 558
500 Keys are allowed to be from 0 to 256 !! 559 This version of SHA implements a 512 bit hash with 256 bits of
501 of 8 bits. !! 560 security against collision attacks.
502 561
503 See https://www.cl.cam.ac.uk/~rja14/ !! 562 This code also includes SHA-384, a 384 bit hash with 192 bits
>> 563 of security against collision attacks.
504 564
505 config CRYPTO_SM4 !! 565 config CRYPTO_SHA512_SPARC64
506 tristate !! 566 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
>> 567 depends on SPARC64
>> 568 select CRYPTO_SHA512
>> 569 select CRYPTO_HASH
>> 570 help
>> 571 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 572 using sparc64 crypto instructions, when available.
507 573
508 config CRYPTO_SM4_GENERIC !! 574 config CRYPTO_TGR192
509 tristate "SM4 (ShangMi 4)" !! 575 tristate "Tiger digest algorithms"
510 select CRYPTO_ALGAPI !! 576 select CRYPTO_HASH
511 select CRYPTO_SM4 <<
512 help 577 help
513 SM4 cipher algorithms (OSCCA GB/T 32 !! 578 Tiger hash algorithm 192, 160 and 128-bit hashes
514 ISO/IEC 18033-3:2010/Amd 1:2021) <<
515 579
516 SM4 (GBT.32907-2016) is a cryptograp !! 580 Tiger is a hash function optimized for 64-bit processors while
517 Organization of State Commercial Adm !! 581 still having decent performance on 32-bit processors.
518 as an authorized cryptographic algor !! 582 Tiger was developed by Ross Anderson and Eli Biham.
519 583
520 SMS4 was originally created for use !! 584 See also:
521 networks, and is mandated in the Chi !! 585 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
522 Wireless LAN WAPI (Wired Authenticat <<
523 (GB.15629.11-2003). <<
524 586
525 The latest SM4 standard (GBT.32907-2 !! 587 config CRYPTO_WP512
526 standardized through TC 260 of the S !! 588 tristate "Whirlpool digest algorithms"
527 of the People's Republic of China (S !! 589 select CRYPTO_HASH
>> 590 help
>> 591 Whirlpool hash algorithm 512, 384 and 256-bit hashes
528 592
529 The input, output, and key of SMS4 a !! 593 Whirlpool-512 is part of the NESSIE cryptographic primitives.
>> 594 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
530 595
531 See https://eprint.iacr.org/2008/329 !! 596 See also:
>> 597 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
532 598
533 If unsure, say N. !! 599 config CRYPTO_GHASH_CLMUL_NI_INTEL
>> 600 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
>> 601 depends on X86 && 64BIT
>> 602 select CRYPTO_CRYPTD
>> 603 help
>> 604 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
>> 605 The implementation is accelerated by CLMUL-NI of Intel.
534 606
535 config CRYPTO_TEA !! 607 comment "Ciphers"
536 tristate "TEA, XTEA and XETA" !! 608
537 depends on CRYPTO_USER_API_ENABLE_OBSO !! 609 config CRYPTO_AES
>> 610 tristate "AES cipher algorithms"
538 select CRYPTO_ALGAPI 611 select CRYPTO_ALGAPI
539 help 612 help
540 TEA (Tiny Encryption Algorithm) ciph !! 613 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 614 algorithm.
541 615
542 Tiny Encryption Algorithm is a simpl !! 616 Rijndael appears to be consistently a very good performer in
543 many rounds for security. It is ver !! 617 both hardware and software across a wide range of computing
544 little memory. !! 618 environments regardless of its use in feedback or non-feedback
>> 619 modes. Its key setup time is excellent, and its key agility is
>> 620 good. Rijndael's very low memory requirements make it very well
>> 621 suited for restricted-space environments, in which it also
>> 622 demonstrates excellent performance. Rijndael's operations are
>> 623 among the easiest to defend against power and timing attacks.
545 624
546 Xtendend Tiny Encryption Algorithm i !! 625 The AES specifies three key sizes: 128, 192 and 256 bits
547 the TEA algorithm to address a poten <<
548 in the TEA algorithm. <<
549 626
550 Xtendend Encryption Tiny Algorithm i !! 627 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
551 of the XTEA algorithm for compatibil <<
552 628
553 config CRYPTO_TWOFISH !! 629 config CRYPTO_AES_586
554 tristate "Twofish" !! 630 tristate "AES cipher algorithms (i586)"
>> 631 depends on (X86 || UML_X86) && !64BIT
555 select CRYPTO_ALGAPI 632 select CRYPTO_ALGAPI
556 select CRYPTO_TWOFISH_COMMON !! 633 select CRYPTO_AES
557 help 634 help
558 Twofish cipher algorithm !! 635 AES cipher algorithms (FIPS-197). AES uses the Rijndael
559 !! 636 algorithm.
560 Twofish was submitted as an AES (Adv <<
561 candidate cipher by researchers at C <<
562 16 round block cipher supporting key <<
563 bits. <<
564 637
565 See https://www.schneier.com/twofish !! 638 Rijndael appears to be consistently a very good performer in
566 !! 639 both hardware and software across a wide range of computing
567 config CRYPTO_TWOFISH_COMMON !! 640 environments regardless of its use in feedback or non-feedback
568 tristate !! 641 modes. Its key setup time is excellent, and its key agility is
569 help !! 642 good. Rijndael's very low memory requirements make it very well
570 Common parts of the Twofish cipher a !! 643 suited for restricted-space environments, in which it also
571 generic c and the assembler implemen !! 644 demonstrates excellent performance. Rijndael's operations are
>> 645 among the easiest to defend against power and timing attacks.
572 646
573 endmenu !! 647 The AES specifies three key sizes: 128, 192 and 256 bits
574 648
575 menu "Length-preserving ciphers and modes" !! 649 See <http://csrc.nist.gov/encryption/aes/> for more information.
576 650
577 config CRYPTO_ADIANTUM !! 651 config CRYPTO_AES_X86_64
578 tristate "Adiantum" !! 652 tristate "AES cipher algorithms (x86_64)"
579 select CRYPTO_CHACHA20 !! 653 depends on (X86 || UML_X86) && 64BIT
580 select CRYPTO_LIB_POLY1305_GENERIC !! 654 select CRYPTO_ALGAPI
581 select CRYPTO_NHPOLY1305 !! 655 select CRYPTO_AES
582 select CRYPTO_MANAGER <<
583 help 656 help
584 Adiantum tweakable, length-preservin !! 657 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 658 algorithm.
585 659
586 Designed for fast and secure disk en !! 660 Rijndael appears to be consistently a very good performer in
587 CPUs without dedicated crypto instru !! 661 both hardware and software across a wide range of computing
588 each sector using the XChaCha12 stre !! 662 environments regardless of its use in feedback or non-feedback
589 an ε-almost-∆-universal hash func !! 663 modes. Its key setup time is excellent, and its key agility is
590 the AES-256 block cipher on a single !! 664 good. Rijndael's very low memory requirements make it very well
591 without AES instructions, Adiantum i !! 665 suited for restricted-space environments, in which it also
592 AES-XTS. !! 666 demonstrates excellent performance. Rijndael's operations are
593 !! 667 among the easiest to defend against power and timing attacks.
594 Adiantum's security is provably redu <<
595 underlying stream and block ciphers, <<
596 bound. Unlike XTS, Adiantum is a tr <<
597 mode, so it actually provides an eve <<
598 security than XTS, subject to the se <<
599 <<
600 If unsure, say N. <<
601 <<
602 config CRYPTO_ARC4 <<
603 tristate "ARC4 (Alleged Rivest Cipher <<
604 depends on CRYPTO_USER_API_ENABLE_OBSO <<
605 select CRYPTO_SKCIPHER <<
606 select CRYPTO_LIB_ARC4 <<
607 help <<
608 ARC4 cipher algorithm <<
609 668
610 ARC4 is a stream cipher using keys r !! 669 The AES specifies three key sizes: 128, 192 and 256 bits
611 bits in length. This algorithm is r <<
612 WEP, but it should not be for other <<
613 weakness of the algorithm. <<
614 670
615 config CRYPTO_CHACHA20 !! 671 See <http://csrc.nist.gov/encryption/aes/> for more information.
616 tristate "ChaCha" <<
617 select CRYPTO_LIB_CHACHA_GENERIC <<
618 select CRYPTO_SKCIPHER <<
619 help <<
620 The ChaCha20, XChaCha20, and XChaCha <<
621 <<
622 ChaCha20 is a 256-bit high-speed str <<
623 Bernstein and further specified in R <<
624 This is the portable C implementatio <<
625 https://cr.yp.to/chacha/chacha-20080 <<
626 <<
627 XChaCha20 is the application of the <<
628 rather than to Salsa20. XChaCha20 e <<
629 from 64 bits (or 96 bits using the R <<
630 while provably retaining ChaCha20's <<
631 https://cr.yp.to/snuffle/xsalsa-2008 <<
632 <<
633 XChaCha12 is XChaCha20 reduced to 12 <<
634 reduced security margin but increase <<
635 in some performance-sensitive scenar <<
636 672
637 config CRYPTO_CBC !! 673 config CRYPTO_AES_NI_INTEL
638 tristate "CBC (Cipher Block Chaining)" !! 674 tristate "AES cipher algorithms (AES-NI)"
639 select CRYPTO_SKCIPHER !! 675 depends on X86
640 select CRYPTO_MANAGER !! 676 select CRYPTO_AES_X86_64 if 64BIT
>> 677 select CRYPTO_AES_586 if !64BIT
>> 678 select CRYPTO_CRYPTD
>> 679 select CRYPTO_ABLK_HELPER_X86
>> 680 select CRYPTO_ALGAPI
>> 681 select CRYPTO_GLUE_HELPER_X86 if 64BIT
>> 682 select CRYPTO_LRW
>> 683 select CRYPTO_XTS
641 help 684 help
642 CBC (Cipher Block Chaining) mode (NI !! 685 Use Intel AES-NI instructions for AES algorithm.
643 686
644 This block cipher mode is required f !! 687 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 688 algorithm.
645 689
646 config CRYPTO_CTR !! 690 Rijndael appears to be consistently a very good performer in
647 tristate "CTR (Counter)" !! 691 both hardware and software across a wide range of computing
648 select CRYPTO_SKCIPHER !! 692 environments regardless of its use in feedback or non-feedback
649 select CRYPTO_MANAGER !! 693 modes. Its key setup time is excellent, and its key agility is
650 help !! 694 good. Rijndael's very low memory requirements make it very well
651 CTR (Counter) mode (NIST SP800-38A) !! 695 suited for restricted-space environments, in which it also
652 !! 696 demonstrates excellent performance. Rijndael's operations are
653 config CRYPTO_CTS !! 697 among the easiest to defend against power and timing attacks.
654 tristate "CTS (Cipher Text Stealing)" <<
655 select CRYPTO_SKCIPHER <<
656 select CRYPTO_MANAGER <<
657 help <<
658 CBC-CS3 variant of CTS (Cipher Text <<
659 Addendum to SP800-38A (October 2010) <<
660 698
661 This mode is required for Kerberos g !! 699 The AES specifies three key sizes: 128, 192 and 256 bits
662 for AES encryption. <<
663 700
664 config CRYPTO_ECB !! 701 See <http://csrc.nist.gov/encryption/aes/> for more information.
665 tristate "ECB (Electronic Codebook)" <<
666 select CRYPTO_SKCIPHER2 <<
667 select CRYPTO_MANAGER <<
668 help <<
669 ECB (Electronic Codebook) mode (NIST <<
670 702
671 config CRYPTO_HCTR2 !! 703 In addition to AES cipher algorithm support, the acceleration
672 tristate "HCTR2" !! 704 for some popular block cipher mode is supported too, including
673 select CRYPTO_XCTR !! 705 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
674 select CRYPTO_POLYVAL !! 706 acceleration for CTR.
675 select CRYPTO_MANAGER !! 707
>> 708 config CRYPTO_AES_SPARC64
>> 709 tristate "AES cipher algorithms (SPARC64)"
>> 710 depends on SPARC64
>> 711 select CRYPTO_CRYPTD
>> 712 select CRYPTO_ALGAPI
676 help 713 help
677 HCTR2 length-preserving encryption m !! 714 Use SPARC64 crypto opcodes for AES algorithm.
678 715
679 A mode for storage encryption that i !! 716 AES cipher algorithms (FIPS-197). AES uses the Rijndael
680 instructions to accelerate AES and c !! 717 algorithm.
681 x86 processors with AES-NI and CLMUL <<
682 ARMv8 crypto extensions. <<
683 <<
684 See https://eprint.iacr.org/2021/144 <<
685 <<
686 config CRYPTO_KEYWRAP <<
687 tristate "KW (AES Key Wrap)" <<
688 select CRYPTO_SKCIPHER <<
689 select CRYPTO_MANAGER <<
690 help <<
691 KW (AES Key Wrap) authenticated encr <<
692 and RFC3394) without padding. <<
693 718
694 config CRYPTO_LRW !! 719 Rijndael appears to be consistently a very good performer in
695 tristate "LRW (Liskov Rivest Wagner)" !! 720 both hardware and software across a wide range of computing
696 select CRYPTO_LIB_GF128MUL !! 721 environments regardless of its use in feedback or non-feedback
697 select CRYPTO_SKCIPHER !! 722 modes. Its key setup time is excellent, and its key agility is
698 select CRYPTO_MANAGER !! 723 good. Rijndael's very low memory requirements make it very well
699 select CRYPTO_ECB !! 724 suited for restricted-space environments, in which it also
700 help !! 725 demonstrates excellent performance. Rijndael's operations are
701 LRW (Liskov Rivest Wagner) mode !! 726 among the easiest to defend against power and timing attacks.
702 727
703 A tweakable, non malleable, non mova !! 728 The AES specifies three key sizes: 128, 192 and 256 bits
704 narrow block cipher mode for dm-cryp <<
705 specification string aes-lrw-benbi, <<
706 The first 128, 192 or 256 bits in th <<
707 rest is used to tie each cipher bloc <<
708 729
709 See https://people.csail.mit.edu/riv !! 730 See <http://csrc.nist.gov/encryption/aes/> for more information.
710 731
711 config CRYPTO_PCBC !! 732 In addition to AES cipher algorithm support, the acceleration
712 tristate "PCBC (Propagating Cipher Blo !! 733 for some popular block cipher mode is supported too, including
713 select CRYPTO_SKCIPHER !! 734 ECB and CBC.
714 select CRYPTO_MANAGER !! 735
>> 736 config CRYPTO_AES_ARM
>> 737 tristate "AES cipher algorithms (ARM-asm)"
>> 738 depends on ARM
>> 739 select CRYPTO_ALGAPI
>> 740 select CRYPTO_AES
715 help 741 help
716 PCBC (Propagating Cipher Block Chain !! 742 Use optimized AES assembler routines for ARM platforms.
717 743
718 This block cipher mode is required f !! 744 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 745 algorithm.
719 746
720 config CRYPTO_XCTR !! 747 Rijndael appears to be consistently a very good performer in
721 tristate !! 748 both hardware and software across a wide range of computing
722 select CRYPTO_SKCIPHER !! 749 environments regardless of its use in feedback or non-feedback
723 select CRYPTO_MANAGER !! 750 modes. Its key setup time is excellent, and its key agility is
724 help !! 751 good. Rijndael's very low memory requirements make it very well
725 XCTR (XOR Counter) mode for HCTR2 !! 752 suited for restricted-space environments, in which it also
>> 753 demonstrates excellent performance. Rijndael's operations are
>> 754 among the easiest to defend against power and timing attacks.
726 755
727 This blockcipher mode is a variant o !! 756 The AES specifies three key sizes: 128, 192 and 256 bits
728 addition rather than big-endian arit <<
729 757
730 XCTR mode is used to implement HCTR2 !! 758 See <http://csrc.nist.gov/encryption/aes/> for more information.
731 759
732 config CRYPTO_XTS !! 760 config CRYPTO_ANUBIS
733 tristate "XTS (XOR Encrypt XOR with ci !! 761 tristate "Anubis cipher algorithm"
734 select CRYPTO_SKCIPHER !! 762 select CRYPTO_ALGAPI
735 select CRYPTO_MANAGER <<
736 select CRYPTO_ECB <<
737 help 763 help
738 XTS (XOR Encrypt XOR with ciphertext !! 764 Anubis cipher algorithm.
739 and IEEE 1619) <<
740 765
741 Use with aes-xts-plain, key size 256 !! 766 Anubis is a variable key length cipher which can use keys from
742 implementation currently can't handl !! 767 128 bits to 320 bits in length. It was evaluated as a entrant
743 multiple of 16 bytes. !! 768 in the NESSIE competition.
744 769
745 config CRYPTO_NHPOLY1305 !! 770 See also:
746 tristate !! 771 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
747 select CRYPTO_HASH !! 772 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
748 select CRYPTO_LIB_POLY1305_GENERIC <<
749 773
750 endmenu !! 774 config CRYPTO_ARC4
>> 775 tristate "ARC4 cipher algorithm"
>> 776 select CRYPTO_BLKCIPHER
>> 777 help
>> 778 ARC4 cipher algorithm.
751 779
752 menu "AEAD (authenticated encryption with asso !! 780 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
>> 781 bits in length. This algorithm is required for driver-based
>> 782 WEP, but it should not be for other purposes because of the
>> 783 weakness of the algorithm.
753 784
754 config CRYPTO_AEGIS128 !! 785 config CRYPTO_BLOWFISH
755 tristate "AEGIS-128" !! 786 tristate "Blowfish cipher algorithm"
756 select CRYPTO_AEAD !! 787 select CRYPTO_ALGAPI
757 select CRYPTO_AES # for AES S-box tab !! 788 select CRYPTO_BLOWFISH_COMMON
758 help 789 help
759 AEGIS-128 AEAD algorithm !! 790 Blowfish cipher algorithm, by Bruce Schneier.
760 791
761 config CRYPTO_AEGIS128_SIMD !! 792 This is a variable key length cipher which can use keys from 32
762 bool "AEGIS-128 (arm NEON, arm64 NEON) !! 793 bits to 448 bits in length. It's fast, simple and specifically
763 depends on CRYPTO_AEGIS128 && ((ARM || !! 794 designed for use on "large microprocessors".
764 default y <<
765 help <<
766 AEGIS-128 AEAD algorithm <<
767 795
768 Architecture: arm or arm64 using: !! 796 See also:
769 - NEON (Advanced SIMD) extension !! 797 <http://www.schneier.com/blowfish.html>
770 798
771 config CRYPTO_CHACHA20POLY1305 !! 799 config CRYPTO_BLOWFISH_COMMON
772 tristate "ChaCha20-Poly1305" !! 800 tristate
773 select CRYPTO_CHACHA20 <<
774 select CRYPTO_POLY1305 <<
775 select CRYPTO_AEAD <<
776 select CRYPTO_MANAGER <<
777 help 801 help
778 ChaCha20 stream cipher and Poly1305 !! 802 Common parts of the Blowfish cipher algorithm shared by the
779 mode (RFC8439) !! 803 generic c and the assembler implementations.
780 804
781 config CRYPTO_CCM !! 805 See also:
782 tristate "CCM (Counter with Cipher Blo !! 806 <http://www.schneier.com/blowfish.html>
783 select CRYPTO_CTR <<
784 select CRYPTO_HASH <<
785 select CRYPTO_AEAD <<
786 select CRYPTO_MANAGER <<
787 help <<
788 CCM (Counter with Cipher Block Chain <<
789 authenticated encryption mode (NIST <<
790 807
791 config CRYPTO_GCM !! 808 config CRYPTO_BLOWFISH_X86_64
792 tristate "GCM (Galois/Counter Mode) an !! 809 tristate "Blowfish cipher algorithm (x86_64)"
793 select CRYPTO_CTR !! 810 depends on X86 && 64BIT
794 select CRYPTO_AEAD !! 811 select CRYPTO_ALGAPI
795 select CRYPTO_GHASH !! 812 select CRYPTO_BLOWFISH_COMMON
796 select CRYPTO_NULL <<
797 select CRYPTO_MANAGER <<
798 help 813 help
799 GCM (Galois/Counter Mode) authentica !! 814 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
800 (GCM Message Authentication Code) (N <<
801 815
802 This is required for IPSec ESP (XFRM !! 816 This is a variable key length cipher which can use keys from 32
>> 817 bits to 448 bits in length. It's fast, simple and specifically
>> 818 designed for use on "large microprocessors".
803 819
804 config CRYPTO_GENIV !! 820 See also:
805 tristate !! 821 <http://www.schneier.com/blowfish.html>
806 select CRYPTO_AEAD <<
807 select CRYPTO_NULL <<
808 select CRYPTO_MANAGER <<
809 select CRYPTO_RNG_DEFAULT <<
810 822
811 config CRYPTO_SEQIV !! 823 config CRYPTO_BLOWFISH_AVX2_X86_64
812 tristate "Sequence Number IV Generator !! 824 tristate "Blowfish cipher algorithm (x86_64/AVX2)"
813 select CRYPTO_GENIV !! 825 depends on X86 && 64BIT
>> 826 depends on BROKEN
>> 827 select CRYPTO_ALGAPI
>> 828 select CRYPTO_CRYPTD
>> 829 select CRYPTO_ABLK_HELPER_X86
>> 830 select CRYPTO_BLOWFISH_COMMON
>> 831 select CRYPTO_BLOWFISH_X86_64
814 help 832 help
815 Sequence Number IV generator !! 833 Blowfish cipher algorithm (x86_64/AVX2), by Bruce Schneier.
816 834
817 This IV generator generates an IV ba !! 835 This is a variable key length cipher which can use keys from 32
818 xoring it with a salt. This algorit !! 836 bits to 448 bits in length. It's fast, simple and specifically
>> 837 designed for use on "large microprocessors".
819 838
820 This is required for IPsec ESP (XFRM !! 839 See also:
>> 840 <http://www.schneier.com/blowfish.html>
821 841
822 config CRYPTO_ECHAINIV !! 842 config CRYPTO_CAMELLIA
823 tristate "Encrypted Chain IV Generator !! 843 tristate "Camellia cipher algorithms"
824 select CRYPTO_GENIV !! 844 depends on CRYPTO
>> 845 select CRYPTO_ALGAPI
825 help 846 help
826 Encrypted Chain IV generator !! 847 Camellia cipher algorithms module.
827 848
828 This IV generator generates an IV ba !! 849 Camellia is a symmetric key block cipher developed jointly
829 a sequence number xored with a salt. !! 850 at NTT and Mitsubishi Electric Corporation.
830 algorithm for CBC. <<
831 851
832 config CRYPTO_ESSIV !! 852 The Camellia specifies three key sizes: 128, 192 and 256 bits.
833 tristate "Encrypted Salt-Sector IV Gen <<
834 select CRYPTO_AUTHENC <<
835 help <<
836 Encrypted Salt-Sector IV generator <<
837 853
838 This IV generator is used in some ca !! 854 See also:
839 dm-crypt. It uses the hash of the bl !! 855 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
840 symmetric key for a block encryption <<
841 IV, making low entropy IV sources mo <<
842 encryption. <<
843 856
844 This driver implements a crypto API !! 857 config CRYPTO_CAMELLIA_X86_64
845 instantiated either as an skcipher o !! 858 tristate "Camellia cipher algorithm (x86_64)"
846 type of the first template argument) !! 859 depends on X86 && 64BIT
847 and decryption requests to the encap !! 860 depends on CRYPTO
848 ESSIV to the input IV. Note that in !! 861 select CRYPTO_ALGAPI
849 that the keys are presented in the s !! 862 select CRYPTO_GLUE_HELPER_X86
850 template, and that the IV appears at !! 863 select CRYPTO_LRW
851 associated data (AAD) region (which !! 864 select CRYPTO_XTS
>> 865 help
>> 866 Camellia cipher algorithm module (x86_64).
852 867
853 Note that the use of ESSIV is not re !! 868 Camellia is a symmetric key block cipher developed jointly
854 and so this only needs to be enabled !! 869 at NTT and Mitsubishi Electric Corporation.
855 existing encrypted volumes of filesy <<
856 building for a particular system tha <<
857 the SoC in question has accelerated <<
858 combined with ESSIV the only feasibl <<
859 block encryption) <<
860 870
861 endmenu !! 871 The Camellia specifies three key sizes: 128, 192 and 256 bits.
862 872
863 menu "Hashes, digests, and MACs" !! 873 See also:
>> 874 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
864 875
865 config CRYPTO_BLAKE2B !! 876 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
866 tristate "BLAKE2b" !! 877 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
867 select CRYPTO_HASH !! 878 depends on X86 && 64BIT
>> 879 depends on CRYPTO
>> 880 select CRYPTO_ALGAPI
>> 881 select CRYPTO_CRYPTD
>> 882 select CRYPTO_ABLK_HELPER_X86
>> 883 select CRYPTO_GLUE_HELPER_X86
>> 884 select CRYPTO_CAMELLIA_X86_64
>> 885 select CRYPTO_LRW
>> 886 select CRYPTO_XTS
868 help 887 help
869 BLAKE2b cryptographic hash function !! 888 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
870 <<
871 BLAKE2b is optimized for 64-bit plat <<
872 of any size between 1 and 64 bytes. <<
873 889
874 This module provides the following a !! 890 Camellia is a symmetric key block cipher developed jointly
875 - blake2b-160 !! 891 at NTT and Mitsubishi Electric Corporation.
876 - blake2b-256 <<
877 - blake2b-384 <<
878 - blake2b-512 <<
879 892
880 Used by the btrfs filesystem. !! 893 The Camellia specifies three key sizes: 128, 192 and 256 bits.
881 894
882 See https://blake2.net for further i !! 895 See also:
>> 896 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
883 897
884 config CRYPTO_CMAC !! 898 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
885 tristate "CMAC (Cipher-based MAC)" !! 899 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
886 select CRYPTO_HASH !! 900 depends on X86 && 64BIT
887 select CRYPTO_MANAGER !! 901 depends on CRYPTO
888 help !! 902 select CRYPTO_ALGAPI
889 CMAC (Cipher-based Message Authentic !! 903 select CRYPTO_CRYPTD
890 mode (NIST SP800-38B and IETF RFC449 !! 904 select CRYPTO_ABLK_HELPER_X86
891 !! 905 select CRYPTO_GLUE_HELPER_X86
892 config CRYPTO_GHASH !! 906 select CRYPTO_CAMELLIA_X86_64
893 tristate "GHASH" !! 907 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
894 select CRYPTO_HASH !! 908 select CRYPTO_LRW
895 select CRYPTO_LIB_GF128MUL !! 909 select CRYPTO_XTS
896 help 910 help
897 GCM GHASH function (NIST SP800-38D) !! 911 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
898 912
899 config CRYPTO_HMAC !! 913 Camellia is a symmetric key block cipher developed jointly
900 tristate "HMAC (Keyed-Hash MAC)" !! 914 at NTT and Mitsubishi Electric Corporation.
901 select CRYPTO_HASH <<
902 select CRYPTO_MANAGER <<
903 help <<
904 HMAC (Keyed-Hash Message Authenticat <<
905 RFC2104) <<
906 915
907 This is required for IPsec AH (XFRM_ !! 916 The Camellia specifies three key sizes: 128, 192 and 256 bits.
908 917
909 config CRYPTO_MD4 !! 918 See also:
910 tristate "MD4" !! 919 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
911 select CRYPTO_HASH <<
912 help <<
913 MD4 message digest algorithm (RFC132 <<
914 920
915 config CRYPTO_MD5 !! 921 config CRYPTO_CAMELLIA_SPARC64
916 tristate "MD5" !! 922 tristate "Camellia cipher algorithm (SPARC64)"
917 select CRYPTO_HASH !! 923 depends on SPARC64
>> 924 depends on CRYPTO
>> 925 select CRYPTO_ALGAPI
918 help 926 help
919 MD5 message digest algorithm (RFC132 !! 927 Camellia cipher algorithm module (SPARC64).
920 928
921 config CRYPTO_MICHAEL_MIC !! 929 Camellia is a symmetric key block cipher developed jointly
922 tristate "Michael MIC" !! 930 at NTT and Mitsubishi Electric Corporation.
923 select CRYPTO_HASH <<
924 help <<
925 Michael MIC (Message Integrity Code) <<
926 931
927 Defined by the IEEE 802.11i TKIP (Te !! 932 The Camellia specifies three key sizes: 128, 192 and 256 bits.
928 known as WPA (Wif-Fi Protected Acces <<
929 933
930 This algorithm is required for TKIP, !! 934 See also:
931 other purposes because of the weakne !! 935 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
932 936
933 config CRYPTO_POLYVAL !! 937 config CRYPTO_CAST_COMMON
934 tristate 938 tristate
935 select CRYPTO_HASH <<
936 select CRYPTO_LIB_GF128MUL <<
937 help 939 help
938 POLYVAL hash function for HCTR2 !! 940 Common parts of the CAST cipher algorithms shared by the
939 !! 941 generic c and the assembler implementations.
940 This is used in HCTR2. It is not a <<
941 cryptographic hash function. <<
942 942
943 config CRYPTO_POLY1305 !! 943 config CRYPTO_CAST5
944 tristate "Poly1305" !! 944 tristate "CAST5 (CAST-128) cipher algorithm"
945 select CRYPTO_HASH !! 945 select CRYPTO_ALGAPI
946 select CRYPTO_LIB_POLY1305_GENERIC !! 946 select CRYPTO_CAST_COMMON
947 help 947 help
948 Poly1305 authenticator algorithm (RF !! 948 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 949 described in RFC2144.
949 950
950 Poly1305 is an authenticator algorit !! 951 config CRYPTO_CAST5_AVX_X86_64
951 It is used for the ChaCha20-Poly1305 !! 952 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
952 in IETF protocols. This is the porta !! 953 depends on X86 && 64BIT
953 !! 954 select CRYPTO_ALGAPI
954 config CRYPTO_RMD160 !! 955 select CRYPTO_CRYPTD
955 tristate "RIPEMD-160" !! 956 select CRYPTO_ABLK_HELPER_X86
956 select CRYPTO_HASH !! 957 select CRYPTO_CAST_COMMON
>> 958 select CRYPTO_CAST5
957 help 959 help
958 RIPEMD-160 hash function (ISO/IEC 10 !! 960 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 961 described in RFC2144.
959 962
960 RIPEMD-160 is a 160-bit cryptographi !! 963 This module provides the Cast5 cipher algorithm that processes
961 to be used as a secure replacement f !! 964 sixteen blocks parallel using the AVX instruction set.
962 MD4, MD5 and its predecessor RIPEMD <<
963 (not to be confused with RIPEMD-128) <<
964 <<
965 Its speed is comparable to SHA-1 and <<
966 against RIPEMD-160. <<
967 <<
968 Developed by Hans Dobbertin, Antoon <<
969 See https://homes.esat.kuleuven.be/~ <<
970 for further information. <<
971 965
972 config CRYPTO_SHA1 !! 966 config CRYPTO_CAST6
973 tristate "SHA-1" !! 967 tristate "CAST6 (CAST-256) cipher algorithm"
974 select CRYPTO_HASH !! 968 select CRYPTO_ALGAPI
975 select CRYPTO_LIB_SHA1 !! 969 select CRYPTO_CAST_COMMON
976 help 970 help
977 SHA-1 secure hash algorithm (FIPS 18 !! 971 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 972 described in RFC2612.
978 973
979 config CRYPTO_SHA256 !! 974 config CRYPTO_CAST6_AVX_X86_64
980 tristate "SHA-224 and SHA-256" !! 975 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
981 select CRYPTO_HASH !! 976 depends on X86 && 64BIT
982 select CRYPTO_LIB_SHA256 !! 977 select CRYPTO_ALGAPI
>> 978 select CRYPTO_CRYPTD
>> 979 select CRYPTO_ABLK_HELPER_X86
>> 980 select CRYPTO_GLUE_HELPER_X86
>> 981 select CRYPTO_CAST_COMMON
>> 982 select CRYPTO_CAST6
>> 983 select CRYPTO_LRW
>> 984 select CRYPTO_XTS
983 help 985 help
984 SHA-224 and SHA-256 secure hash algo !! 986 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 987 described in RFC2612.
985 988
986 This is required for IPsec AH (XFRM_ !! 989 This module provides the Cast6 cipher algorithm that processes
987 Used by the btrfs filesystem, Ceph, !! 990 eight blocks parallel using the AVX instruction set.
988 991
989 config CRYPTO_SHA512 !! 992 config CRYPTO_DES
990 tristate "SHA-384 and SHA-512" !! 993 tristate "DES and Triple DES EDE cipher algorithms"
991 select CRYPTO_HASH !! 994 select CRYPTO_ALGAPI
992 help 995 help
993 SHA-384 and SHA-512 secure hash algo !! 996 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
994 997
995 config CRYPTO_SHA3 !! 998 config CRYPTO_DES_SPARC64
996 tristate "SHA-3" !! 999 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
997 select CRYPTO_HASH !! 1000 depends on SPARC64
>> 1001 select CRYPTO_ALGAPI
>> 1002 select CRYPTO_DES
998 help 1003 help
999 SHA-3 secure hash algorithms (FIPS 2 !! 1004 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
>> 1005 optimized using SPARC64 crypto opcodes.
1000 1006
1001 config CRYPTO_SM3 !! 1007 config CRYPTO_FCRYPT
1002 tristate !! 1008 tristate "FCrypt cipher algorithm"
>> 1009 select CRYPTO_ALGAPI
>> 1010 select CRYPTO_BLKCIPHER
>> 1011 help
>> 1012 FCrypt algorithm used by RxRPC.
1003 1013
1004 config CRYPTO_SM3_GENERIC !! 1014 config CRYPTO_KHAZAD
1005 tristate "SM3 (ShangMi 3)" !! 1015 tristate "Khazad cipher algorithm"
1006 select CRYPTO_HASH !! 1016 select CRYPTO_ALGAPI
1007 select CRYPTO_SM3 <<
1008 help 1017 help
1009 SM3 (ShangMi 3) secure hash functio !! 1018 Khazad cipher algorithm.
1010 1019
1011 This is part of the Chinese Commerc !! 1020 Khazad was a finalist in the initial NESSIE competition. It is
>> 1021 an algorithm optimized for 64-bit processors with good performance
>> 1022 on 32-bit processors. Khazad uses an 128 bit key size.
1012 1023
1013 References: !! 1024 See also:
1014 http://www.oscca.gov.cn/UpFile/2010 !! 1025 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1015 https://datatracker.ietf.org/doc/ht <<
1016 1026
1017 config CRYPTO_STREEBOG !! 1027 config CRYPTO_SALSA20
1018 tristate "Streebog" !! 1028 tristate "Salsa20 stream cipher algorithm"
1019 select CRYPTO_HASH !! 1029 select CRYPTO_BLKCIPHER
1020 help 1030 help
1021 Streebog Hash Function (GOST R 34.1 !! 1031 Salsa20 stream cipher algorithm.
1022 1032
1023 This is one of the Russian cryptogr !! 1033 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1024 GOST algorithms). This setting enab !! 1034 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1025 256 and 512 bits output. <<
1026 1035
1027 References: !! 1036 The Salsa20 stream cipher algorithm is designed by Daniel J.
1028 https://tc26.ru/upload/iblock/fed/f !! 1037 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1029 https://tools.ietf.org/html/rfc6986 <<
1030 1038
1031 config CRYPTO_VMAC !! 1039 config CRYPTO_SALSA20_586
1032 tristate "VMAC" !! 1040 tristate "Salsa20 stream cipher algorithm (i586)"
1033 select CRYPTO_HASH !! 1041 depends on (X86 || UML_X86) && !64BIT
1034 select CRYPTO_MANAGER !! 1042 select CRYPTO_BLKCIPHER
1035 help 1043 help
1036 VMAC is a message authentication al !! 1044 Salsa20 stream cipher algorithm.
1037 very high speed on 64-bit architect <<
1038 1045
1039 See https://fastcrypto.org/vmac for !! 1046 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
>> 1047 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1040 1048
1041 config CRYPTO_WP512 !! 1049 The Salsa20 stream cipher algorithm is designed by Daniel J.
1042 tristate "Whirlpool" !! 1050 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1043 select CRYPTO_HASH <<
1044 help <<
1045 Whirlpool hash function (ISO/IEC 10 <<
1046 1051
1047 512, 384 and 256-bit hashes. !! 1052 config CRYPTO_SALSA20_X86_64
>> 1053 tristate "Salsa20 stream cipher algorithm (x86_64)"
>> 1054 depends on (X86 || UML_X86) && 64BIT
>> 1055 select CRYPTO_BLKCIPHER
>> 1056 help
>> 1057 Salsa20 stream cipher algorithm.
1048 1058
1049 Whirlpool-512 is part of the NESSIE !! 1059 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
>> 1060 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1050 1061
1051 See https://web.archive.org/web/201 !! 1062 The Salsa20 stream cipher algorithm is designed by Daniel J.
1052 for further information. !! 1063 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1053 1064
1054 config CRYPTO_XCBC !! 1065 config CRYPTO_SEED
1055 tristate "XCBC-MAC (Extended Cipher B !! 1066 tristate "SEED cipher algorithm"
1056 select CRYPTO_HASH !! 1067 select CRYPTO_ALGAPI
1057 select CRYPTO_MANAGER <<
1058 help 1068 help
1059 XCBC-MAC (Extended Cipher Block Cha !! 1069 SEED cipher algorithm (RFC4269).
1060 Code) (RFC3566) <<
1061 1070
1062 config CRYPTO_XXHASH !! 1071 SEED is a 128-bit symmetric key block cipher that has been
1063 tristate "xxHash" !! 1072 developed by KISA (Korea Information Security Agency) as a
1064 select CRYPTO_HASH !! 1073 national standard encryption algorithm of the Republic of Korea.
1065 select XXHASH !! 1074 It is a 16 round block cipher with the key size of 128 bit.
1066 help <<
1067 xxHash non-cryptographic hash algor <<
1068 1075
1069 Extremely fast, working at speeds c !! 1076 See also:
>> 1077 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1070 1078
1071 Used by the btrfs filesystem. !! 1079 config CRYPTO_SERPENT
>> 1080 tristate "Serpent cipher algorithm"
>> 1081 select CRYPTO_ALGAPI
>> 1082 help
>> 1083 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1072 1084
1073 endmenu !! 1085 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1086 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
>> 1087 variant of Serpent for compatibility with old kerneli.org code.
1074 1088
1075 menu "CRCs (cyclic redundancy checks)" !! 1089 See also:
>> 1090 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1076 1091
1077 config CRYPTO_CRC32C !! 1092 config CRYPTO_SERPENT_SSE2_X86_64
1078 tristate "CRC32c" !! 1093 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1079 select CRYPTO_HASH !! 1094 depends on X86 && 64BIT
1080 select CRC32 !! 1095 select CRYPTO_ALGAPI
>> 1096 select CRYPTO_CRYPTD
>> 1097 select CRYPTO_ABLK_HELPER_X86
>> 1098 select CRYPTO_GLUE_HELPER_X86
>> 1099 select CRYPTO_SERPENT
>> 1100 select CRYPTO_LRW
>> 1101 select CRYPTO_XTS
1081 help 1102 help
1082 CRC32c CRC algorithm with the iSCSI !! 1103 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1083 1104
1084 A 32-bit CRC (cyclic redundancy che !! 1105 Keys are allowed to be from 0 to 256 bits in length, in steps
1085 by G. Castagnoli, S. Braeuer and M. !! 1106 of 8 bits.
1086 Redundancy-Check Codes with 24 and <<
1087 on Communications, Vol. 41, No. 6, <<
1088 iSCSI. <<
1089 1107
1090 Used by btrfs, ext4, jbd2, NVMeoF/T !! 1108 This module provides Serpent cipher algorithm that processes eigth
>> 1109 blocks parallel using SSE2 instruction set.
1091 1110
1092 config CRYPTO_CRC32 !! 1111 See also:
1093 tristate "CRC32" !! 1112 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1094 select CRYPTO_HASH !! 1113
1095 select CRC32 !! 1114 config CRYPTO_SERPENT_SSE2_586
>> 1115 tristate "Serpent cipher algorithm (i586/SSE2)"
>> 1116 depends on X86 && !64BIT
>> 1117 select CRYPTO_ALGAPI
>> 1118 select CRYPTO_CRYPTD
>> 1119 select CRYPTO_ABLK_HELPER_X86
>> 1120 select CRYPTO_GLUE_HELPER_X86
>> 1121 select CRYPTO_SERPENT
>> 1122 select CRYPTO_LRW
>> 1123 select CRYPTO_XTS
1096 help 1124 help
1097 CRC32 CRC algorithm (IEEE 802.3) !! 1125 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1098 1126
1099 Used by RoCEv2 and f2fs. !! 1127 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1128 of 8 bits.
1100 1129
1101 config CRYPTO_CRCT10DIF !! 1130 This module provides Serpent cipher algorithm that processes four
1102 tristate "CRCT10DIF" !! 1131 blocks parallel using SSE2 instruction set.
1103 select CRYPTO_HASH <<
1104 help <<
1105 CRC16 CRC algorithm used for the T1 <<
1106 1132
1107 CRC algorithm used by the SCSI Bloc !! 1133 See also:
>> 1134 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1108 1135
1109 config CRYPTO_CRC64_ROCKSOFT !! 1136 config CRYPTO_SERPENT_AVX_X86_64
1110 tristate "CRC64 based on Rocksoft Mod !! 1137 tristate "Serpent cipher algorithm (x86_64/AVX)"
1111 depends on CRC64 !! 1138 depends on X86 && 64BIT
1112 select CRYPTO_HASH !! 1139 select CRYPTO_ALGAPI
>> 1140 select CRYPTO_CRYPTD
>> 1141 select CRYPTO_ABLK_HELPER_X86
>> 1142 select CRYPTO_GLUE_HELPER_X86
>> 1143 select CRYPTO_SERPENT
>> 1144 select CRYPTO_LRW
>> 1145 select CRYPTO_XTS
1113 help 1146 help
1114 CRC64 CRC algorithm based on the Ro !! 1147 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1115 <<
1116 Used by the NVMe implementation of <<
1117 1148
1118 See https://zlib.net/crc_v3.txt !! 1149 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1150 of 8 bits.
1119 1151
1120 endmenu !! 1152 This module provides the Serpent cipher algorithm that processes
>> 1153 eight blocks parallel using the AVX instruction set.
1121 1154
1122 menu "Compression" !! 1155 See also:
>> 1156 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1123 1157
1124 config CRYPTO_DEFLATE !! 1158 config CRYPTO_SERPENT_AVX2_X86_64
1125 tristate "Deflate" !! 1159 tristate "Serpent cipher algorithm (x86_64/AVX2)"
>> 1160 depends on X86 && 64BIT
1126 select CRYPTO_ALGAPI 1161 select CRYPTO_ALGAPI
1127 select CRYPTO_ACOMP2 !! 1162 select CRYPTO_CRYPTD
1128 select ZLIB_INFLATE !! 1163 select CRYPTO_ABLK_HELPER_X86
1129 select ZLIB_DEFLATE !! 1164 select CRYPTO_GLUE_HELPER_X86
>> 1165 select CRYPTO_SERPENT
>> 1166 select CRYPTO_SERPENT_AVX_X86_64
>> 1167 select CRYPTO_LRW
>> 1168 select CRYPTO_XTS
1130 help 1169 help
1131 Deflate compression algorithm (RFC1 !! 1170 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1132 1171
1133 Used by IPSec with the IPCOMP proto !! 1172 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1173 of 8 bits.
1134 1174
1135 config CRYPTO_LZO !! 1175 This module provides Serpent cipher algorithm that processes 16
1136 tristate "LZO" !! 1176 blocks parallel using AVX2 instruction set.
>> 1177
>> 1178 See also:
>> 1179 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1180
>> 1181 config CRYPTO_TEA
>> 1182 tristate "TEA, XTEA and XETA cipher algorithms"
1137 select CRYPTO_ALGAPI 1183 select CRYPTO_ALGAPI
1138 select CRYPTO_ACOMP2 <<
1139 select LZO_COMPRESS <<
1140 select LZO_DECOMPRESS <<
1141 help 1184 help
1142 LZO compression algorithm !! 1185 TEA cipher algorithm.
1143 1186
1144 See https://www.oberhumer.com/opens !! 1187 Tiny Encryption Algorithm is a simple cipher that uses
>> 1188 many rounds for security. It is very fast and uses
>> 1189 little memory.
1145 1190
1146 config CRYPTO_842 !! 1191 Xtendend Tiny Encryption Algorithm is a modification to
1147 tristate "842" !! 1192 the TEA algorithm to address a potential key weakness
>> 1193 in the TEA algorithm.
>> 1194
>> 1195 Xtendend Encryption Tiny Algorithm is a mis-implementation
>> 1196 of the XTEA algorithm for compatibility purposes.
>> 1197
>> 1198 config CRYPTO_TWOFISH
>> 1199 tristate "Twofish cipher algorithm"
1148 select CRYPTO_ALGAPI 1200 select CRYPTO_ALGAPI
1149 select CRYPTO_ACOMP2 !! 1201 select CRYPTO_TWOFISH_COMMON
1150 select 842_COMPRESS <<
1151 select 842_DECOMPRESS <<
1152 help 1202 help
1153 842 compression algorithm by IBM !! 1203 Twofish cipher algorithm.
>> 1204
>> 1205 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1206 candidate cipher by researchers at CounterPane Systems. It is a
>> 1207 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1208 bits.
1154 1209
1155 See https://github.com/plauth/lib84 !! 1210 See also:
>> 1211 <http://www.schneier.com/twofish.html>
1156 1212
1157 config CRYPTO_LZ4 !! 1213 config CRYPTO_TWOFISH_COMMON
1158 tristate "LZ4" !! 1214 tristate
>> 1215 help
>> 1216 Common parts of the Twofish cipher algorithm shared by the
>> 1217 generic c and the assembler implementations.
>> 1218
>> 1219 config CRYPTO_TWOFISH_586
>> 1220 tristate "Twofish cipher algorithms (i586)"
>> 1221 depends on (X86 || UML_X86) && !64BIT
1159 select CRYPTO_ALGAPI 1222 select CRYPTO_ALGAPI
1160 select CRYPTO_ACOMP2 !! 1223 select CRYPTO_TWOFISH_COMMON
1161 select LZ4_COMPRESS <<
1162 select LZ4_DECOMPRESS <<
1163 help 1224 help
1164 LZ4 compression algorithm !! 1225 Twofish cipher algorithm.
>> 1226
>> 1227 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1228 candidate cipher by researchers at CounterPane Systems. It is a
>> 1229 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1230 bits.
1165 1231
1166 See https://github.com/lz4/lz4 for !! 1232 See also:
>> 1233 <http://www.schneier.com/twofish.html>
1167 1234
1168 config CRYPTO_LZ4HC !! 1235 config CRYPTO_TWOFISH_X86_64
1169 tristate "LZ4HC" !! 1236 tristate "Twofish cipher algorithm (x86_64)"
>> 1237 depends on (X86 || UML_X86) && 64BIT
1170 select CRYPTO_ALGAPI 1238 select CRYPTO_ALGAPI
1171 select CRYPTO_ACOMP2 !! 1239 select CRYPTO_TWOFISH_COMMON
1172 select LZ4HC_COMPRESS <<
1173 select LZ4_DECOMPRESS <<
1174 help 1240 help
1175 LZ4 high compression mode algorithm !! 1241 Twofish cipher algorithm (x86_64).
1176 1242
1177 See https://github.com/lz4/lz4 for !! 1243 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1244 candidate cipher by researchers at CounterPane Systems. It is a
>> 1245 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1246 bits.
>> 1247
>> 1248 See also:
>> 1249 <http://www.schneier.com/twofish.html>
1178 1250
1179 config CRYPTO_ZSTD !! 1251 config CRYPTO_TWOFISH_X86_64_3WAY
1180 tristate "Zstd" !! 1252 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
>> 1253 depends on X86 && 64BIT
1181 select CRYPTO_ALGAPI 1254 select CRYPTO_ALGAPI
1182 select CRYPTO_ACOMP2 !! 1255 select CRYPTO_TWOFISH_COMMON
1183 select ZSTD_COMPRESS !! 1256 select CRYPTO_TWOFISH_X86_64
1184 select ZSTD_DECOMPRESS !! 1257 select CRYPTO_GLUE_HELPER_X86
>> 1258 select CRYPTO_LRW
>> 1259 select CRYPTO_XTS
1185 help 1260 help
1186 zstd compression algorithm !! 1261 Twofish cipher algorithm (x86_64, 3-way parallel).
1187 1262
1188 See https://github.com/facebook/zst !! 1263 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1264 candidate cipher by researchers at CounterPane Systems. It is a
>> 1265 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1266 bits.
1189 1267
1190 endmenu !! 1268 This module provides Twofish cipher algorithm that processes three
>> 1269 blocks parallel, utilizing resources of out-of-order CPUs better.
1191 1270
1192 menu "Random number generation" !! 1271 See also:
>> 1272 <http://www.schneier.com/twofish.html>
1193 1273
1194 config CRYPTO_ANSI_CPRNG !! 1274 config CRYPTO_TWOFISH_AVX_X86_64
1195 tristate "ANSI PRNG (Pseudo Random Nu !! 1275 tristate "Twofish cipher algorithm (x86_64/AVX)"
1196 select CRYPTO_AES !! 1276 depends on X86 && 64BIT
1197 select CRYPTO_RNG !! 1277 select CRYPTO_ALGAPI
>> 1278 select CRYPTO_CRYPTD
>> 1279 select CRYPTO_ABLK_HELPER_X86
>> 1280 select CRYPTO_GLUE_HELPER_X86
>> 1281 select CRYPTO_TWOFISH_COMMON
>> 1282 select CRYPTO_TWOFISH_X86_64
>> 1283 select CRYPTO_TWOFISH_X86_64_3WAY
>> 1284 select CRYPTO_LRW
>> 1285 select CRYPTO_XTS
1198 help 1286 help
1199 Pseudo RNG (random number generator !! 1287 Twofish cipher algorithm (x86_64/AVX).
>> 1288
>> 1289 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1290 candidate cipher by researchers at CounterPane Systems. It is a
>> 1291 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1292 bits.
1200 1293
1201 This uses the AES cipher algorithm. !! 1294 This module provides the Twofish cipher algorithm that processes
>> 1295 eight blocks parallel using the AVX Instruction Set.
1202 1296
1203 Note that this option must be enabl !! 1297 See also:
>> 1298 <http://www.schneier.com/twofish.html>
1204 1299
1205 menuconfig CRYPTO_DRBG_MENU !! 1300 config CRYPTO_TWOFISH_AVX2_X86_64
1206 tristate "NIST SP800-90A DRBG (Determ !! 1301 tristate "Twofish cipher algorithm (x86_64/AVX2)"
>> 1302 depends on X86 && 64BIT
>> 1303 depends on BROKEN
>> 1304 select CRYPTO_ALGAPI
>> 1305 select CRYPTO_CRYPTD
>> 1306 select CRYPTO_ABLK_HELPER_X86
>> 1307 select CRYPTO_GLUE_HELPER_X86
>> 1308 select CRYPTO_TWOFISH_COMMON
>> 1309 select CRYPTO_TWOFISH_X86_64
>> 1310 select CRYPTO_TWOFISH_X86_64_3WAY
>> 1311 select CRYPTO_TWOFISH_AVX_X86_64
>> 1312 select CRYPTO_LRW
>> 1313 select CRYPTO_XTS
1207 help 1314 help
1208 DRBG (Deterministic Random Bit Gene !! 1315 Twofish cipher algorithm (x86_64/AVX2).
1209 1316
1210 In the following submenu, one or mo !! 1317 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1318 candidate cipher by researchers at CounterPane Systems. It is a
>> 1319 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1320 bits.
1211 1321
1212 if CRYPTO_DRBG_MENU !! 1322 See also:
>> 1323 <http://www.schneier.com/twofish.html>
1213 1324
1214 config CRYPTO_DRBG_HMAC !! 1325 comment "Compression"
1215 bool <<
1216 default y <<
1217 select CRYPTO_HMAC <<
1218 select CRYPTO_SHA512 <<
1219 1326
1220 config CRYPTO_DRBG_HASH !! 1327 config CRYPTO_DEFLATE
1221 bool "Hash_DRBG" !! 1328 tristate "Deflate compression algorithm"
1222 select CRYPTO_SHA256 !! 1329 select CRYPTO_ALGAPI
>> 1330 select ZLIB_INFLATE
>> 1331 select ZLIB_DEFLATE
1223 help 1332 help
1224 Hash_DRBG variant as defined in NIS !! 1333 This is the Deflate algorithm (RFC1951), specified for use in
>> 1334 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1225 1335
1226 This uses the SHA-1, SHA-256, SHA-3 !! 1336 You will most probably want this if using IPSec.
1227 1337
1228 config CRYPTO_DRBG_CTR !! 1338 config CRYPTO_ZLIB
1229 bool "CTR_DRBG" !! 1339 tristate "Zlib compression algorithm"
1230 select CRYPTO_AES !! 1340 select CRYPTO_PCOMP
1231 select CRYPTO_CTR !! 1341 select ZLIB_INFLATE
>> 1342 select ZLIB_DEFLATE
>> 1343 select NLATTR
1232 help 1344 help
1233 CTR_DRBG variant as defined in NIST !! 1345 This is the zlib algorithm.
1234 1346
1235 This uses the AES cipher algorithm !! 1347 config CRYPTO_LZO
>> 1348 tristate "LZO compression algorithm"
>> 1349 select CRYPTO_ALGAPI
>> 1350 select LZO_COMPRESS
>> 1351 select LZO_DECOMPRESS
>> 1352 help
>> 1353 This is the LZO algorithm.
1236 1354
1237 config CRYPTO_DRBG !! 1355 config CRYPTO_842
1238 tristate !! 1356 tristate "842 compression algorithm"
1239 default CRYPTO_DRBG_MENU !! 1357 depends on CRYPTO_DEV_NX_COMPRESS
1240 select CRYPTO_RNG !! 1358 # 842 uses lzo if the hardware becomes unavailable
1241 select CRYPTO_JITTERENTROPY !! 1359 select LZO_COMPRESS
>> 1360 select LZO_DECOMPRESS
>> 1361 help
>> 1362 This is the 842 algorithm.
1242 1363
1243 endif # if CRYPTO_DRBG_MENU !! 1364 comment "Random Number Generation"
1244 1365
1245 config CRYPTO_JITTERENTROPY !! 1366 config CRYPTO_ANSI_CPRNG
1246 tristate "CPU Jitter Non-Deterministi !! 1367 tristate "Pseudo Random Number Generation for Cryptographic modules"
>> 1368 default m
>> 1369 select CRYPTO_AES
1247 select CRYPTO_RNG 1370 select CRYPTO_RNG
1248 select CRYPTO_SHA3 <<
1249 help 1371 help
1250 CPU Jitter RNG (Random Number Gener !! 1372 This option enables the generic pseudo random number generator
1251 !! 1373 for cryptographic modules. Uses the Algorithm specified in
1252 A non-physical non-deterministic (" !! 1374 ANSI X9.31 A.2.4. Note that this option must be enabled if
1253 compliant with NIST SP800-90B) inte !! 1375 CRYPTO_FIPS is selected
1254 deterministic RNG (e.g., per NIST S <<
1255 This RNG does not perform any crypt <<
1256 random numbers. <<
1257 <<
1258 See https://www.chronox.de/jent/ <<
1259 <<
1260 if CRYPTO_JITTERENTROPY <<
1261 if CRYPTO_FIPS && EXPERT <<
1262 <<
1263 choice <<
1264 prompt "CPU Jitter RNG Memory Size" <<
1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ <<
1266 help <<
1267 The Jitter RNG measures the executi <<
1268 Multiple consecutive memory accesse <<
1269 size fits into a cache (e.g. L1), o <<
1270 to that cache is measured. The clos <<
1271 the less variations are measured an <<
1272 obtained. Thus, if the memory size <<
1273 obtained entropy is less than if th <<
1274 L1 + L2, which in turn is less if t <<
1275 L1 + L2 + L3. Thus, by selecting a <<
1276 the entropy rate produced by the Ji <<
1277 <<
1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 <<
1279 bool "2048 Bytes (default)" <<
1280 <<
1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1282 bool "128 kBytes" <<
1283 <<
1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1285 bool "1024 kBytes" <<
1286 <<
1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 <<
1288 bool "8192 kBytes" <<
1289 endchoice <<
1290 <<
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1292 int <<
1293 default 64 if CRYPTO_JITTERENTROPY_ME <<
1294 default 512 if CRYPTO_JITTERENTROPY_M <<
1295 default 1024 if CRYPTO_JITTERENTROPY_ <<
1296 default 4096 if CRYPTO_JITTERENTROPY_ <<
1297 <<
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1299 int <<
1300 default 32 if CRYPTO_JITTERENTROPY_ME <<
1301 default 256 if CRYPTO_JITTERENTROPY_M <<
1302 default 1024 if CRYPTO_JITTERENTROPY_ <<
1303 default 2048 if CRYPTO_JITTERENTROPY_ <<
1304 <<
1305 config CRYPTO_JITTERENTROPY_OSR <<
1306 int "CPU Jitter RNG Oversampling Rate <<
1307 range 1 15 <<
1308 default 3 <<
1309 help <<
1310 The Jitter RNG allows the specifica <<
1311 The Jitter RNG operation requires a <<
1312 measurements to produce one output <<
1313 OSR value is multiplied with the am <<
1314 generate one output block. Thus, th <<
1315 by the OSR factor. The oversampling <<
1316 on hardware whose timers deliver li <<
1317 the timer is coarse) by setting the <<
1318 trade-off, however, is that the Jit <<
1319 to generate random numbers. <<
1320 <<
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1322 bool "CPU Jitter RNG Test Interface" <<
1323 help <<
1324 The test interface allows a privile <<
1325 the raw unconditioned high resoluti <<
1326 is collected by the Jitter RNG for <<
1327 this data is used at the same time <<
1328 the Jitter RNG operates in an insec <<
1329 recording is enabled. This interfac <<
1330 intended for testing purposes and i <<
1331 production systems. <<
1332 <<
1333 The raw noise data can be obtained <<
1334 debugfs file. Using the option <<
1335 jitterentropy_testing.boot_raw_hire <<
1336 the first 1000 entropy events since <<
1337 <<
1338 If unsure, select N. <<
1339 <<
1340 endif # if CRYPTO_FIPS && EXPERT <<
1341 <<
1342 if !(CRYPTO_FIPS && EXPERT) <<
1343 <<
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1345 int <<
1346 default 64 <<
1347 <<
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1349 int <<
1350 default 32 <<
1351 <<
1352 config CRYPTO_JITTERENTROPY_OSR <<
1353 int <<
1354 default 1 <<
1355 <<
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1357 bool <<
1358 <<
1359 endif # if !(CRYPTO_FIPS && EXPERT) <<
1360 endif # if CRYPTO_JITTERENTROPY <<
1361 <<
1362 config CRYPTO_KDF800108_CTR <<
1363 tristate <<
1364 select CRYPTO_HMAC <<
1365 select CRYPTO_SHA256 <<
1366 <<
1367 endmenu <<
1368 menu "Userspace interface" <<
1369 1376
1370 config CRYPTO_USER_API 1377 config CRYPTO_USER_API
1371 tristate 1378 tristate
1372 1379
1373 config CRYPTO_USER_API_HASH 1380 config CRYPTO_USER_API_HASH
1374 tristate "Hash algorithms" !! 1381 tristate "User-space interface for hash algorithms"
1375 depends on NET 1382 depends on NET
1376 select CRYPTO_HASH 1383 select CRYPTO_HASH
1377 select CRYPTO_USER_API 1384 select CRYPTO_USER_API
1378 help 1385 help
1379 Enable the userspace interface for !! 1386 This option enables the user-spaces interface for hash
1380 <<
1381 See Documentation/crypto/userspace- <<
1382 https://www.chronox.de/libkcapi/htm <<
1383 <<
1384 config CRYPTO_USER_API_SKCIPHER <<
1385 tristate "Symmetric key cipher algori <<
1386 depends on NET <<
1387 select CRYPTO_SKCIPHER <<
1388 select CRYPTO_USER_API <<
1389 help <<
1390 Enable the userspace interface for <<
1391 <<
1392 See Documentation/crypto/userspace- <<
1393 https://www.chronox.de/libkcapi/htm <<
1394 <<
1395 config CRYPTO_USER_API_RNG <<
1396 tristate "RNG (random number generato <<
1397 depends on NET <<
1398 select CRYPTO_RNG <<
1399 select CRYPTO_USER_API <<
1400 help <<
1401 Enable the userspace interface for <<
1402 algorithms. 1387 algorithms.
1403 1388
1404 See Documentation/crypto/userspace- !! 1389 config CRYPTO_USER_API_SKCIPHER
1405 https://www.chronox.de/libkcapi/htm !! 1390 tristate "User-space interface for symmetric key cipher algorithms"
1406 <<
1407 config CRYPTO_USER_API_RNG_CAVP <<
1408 bool "Enable CAVP testing of DRBG" <<
1409 depends on CRYPTO_USER_API_RNG && CRY <<
1410 help <<
1411 Enable extra APIs in the userspace <<
1412 (Cryptographic Algorithm Validation <<
1413 - resetting DRBG entropy <<
1414 - providing Additional Data <<
1415 <<
1416 This should only be enabled for CAV <<
1417 no unless you know what this is. <<
1418 <<
1419 config CRYPTO_USER_API_AEAD <<
1420 tristate "AEAD cipher algorithms" <<
1421 depends on NET 1391 depends on NET
1422 select CRYPTO_AEAD !! 1392 select CRYPTO_BLKCIPHER
1423 select CRYPTO_SKCIPHER <<
1424 select CRYPTO_NULL <<
1425 select CRYPTO_USER_API 1393 select CRYPTO_USER_API
1426 help 1394 help
1427 Enable the userspace interface for !! 1395 This option enables the user-spaces interface for symmetric
1428 !! 1396 key cipher algorithms.
1429 See Documentation/crypto/userspace- <<
1430 https://www.chronox.de/libkcapi/htm <<
1431 <<
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE <<
1433 bool "Obsolete cryptographic algorith <<
1434 depends on CRYPTO_USER_API <<
1435 default y <<
1436 help <<
1437 Allow obsolete cryptographic algori <<
1438 already been phased out from intern <<
1439 only useful for userspace clients t <<
1440 <<
1441 endmenu <<
1442 <<
1443 config CRYPTO_HASH_INFO <<
1444 bool <<
1445 <<
1446 if !KMSAN # avoid false positives from assemb <<
1447 if ARM <<
1448 source "arch/arm/crypto/Kconfig" <<
1449 endif <<
1450 if ARM64 <<
1451 source "arch/arm64/crypto/Kconfig" <<
1452 endif <<
1453 if LOONGARCH <<
1454 source "arch/loongarch/crypto/Kconfig" <<
1455 endif <<
1456 if MIPS <<
1457 source "arch/mips/crypto/Kconfig" <<
1458 endif <<
1459 if PPC <<
1460 source "arch/powerpc/crypto/Kconfig" <<
1461 endif <<
1462 if RISCV <<
1463 source "arch/riscv/crypto/Kconfig" <<
1464 endif <<
1465 if S390 <<
1466 source "arch/s390/crypto/Kconfig" <<
1467 endif <<
1468 if SPARC <<
1469 source "arch/sparc/crypto/Kconfig" <<
1470 endif <<
1471 if X86 <<
1472 source "arch/x86/crypto/Kconfig" <<
1473 endif <<
1474 endif <<
1475 1397
1476 source "drivers/crypto/Kconfig" 1398 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig" !! 1399 source crypto/asymmetric_keys/Kconfig
1478 source "certs/Kconfig" <<
1479 1400
1480 endif # if CRYPTO 1401 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.