~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/crypto/Kconfig

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /crypto/Kconfig (Version linux-6.12-rc7) and /crypto/Kconfig (Version linux-4.19.323)


  1 # SPDX-License-Identifier: GPL-2.0                  1 # SPDX-License-Identifier: GPL-2.0
  2 #                                                   2 #
  3 # Generic algorithms support                        3 # Generic algorithms support
  4 #                                                   4 #
  5 config XOR_BLOCKS                                   5 config XOR_BLOCKS
  6         tristate                                    6         tristate
  7                                                     7 
  8 #                                                   8 #
  9 # async_tx api: hardware offloaded memory tran      9 # async_tx api: hardware offloaded memory transfer/transform support
 10 #                                                  10 #
 11 source "crypto/async_tx/Kconfig"                   11 source "crypto/async_tx/Kconfig"
 12                                                    12 
 13 #                                                  13 #
 14 # Cryptographic API Configuration                  14 # Cryptographic API Configuration
 15 #                                                  15 #
 16 menuconfig CRYPTO                                  16 menuconfig CRYPTO
 17         tristate "Cryptographic API"               17         tristate "Cryptographic API"
 18         select CRYPTO_LIB_UTILS                << 
 19         help                                       18         help
 20           This option provides the core Crypto     19           This option provides the core Cryptographic API.
 21                                                    20 
 22 if CRYPTO                                          21 if CRYPTO
 23                                                    22 
 24 menu "Crypto core or helper"                   !!  23 comment "Crypto core or helper"
 25                                                    24 
 26 config CRYPTO_FIPS                                 25 config CRYPTO_FIPS
 27         bool "FIPS 200 compliance"                 26         bool "FIPS 200 compliance"
 28         depends on (CRYPTO_ANSI_CPRNG || CRYPT     27         depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
 29         depends on (MODULE_SIG || !MODULES)        28         depends on (MODULE_SIG || !MODULES)
 30         help                                       29         help
 31           This option enables the fips boot op !!  30           This options enables the fips boot option which is
 32           required if you want the system to o !!  31           required if you want to system to operate in a FIPS 200
 33           certification.  You should say no un     32           certification.  You should say no unless you know what
 34           this is.                                 33           this is.
 35                                                    34 
 36 config CRYPTO_FIPS_NAME                        << 
 37         string "FIPS Module Name"              << 
 38         default "Linux Kernel Cryptographic AP << 
 39         depends on CRYPTO_FIPS                 << 
 40         help                                   << 
 41           This option sets the FIPS Module nam << 
 42           the /proc/sys/crypto/fips_name file. << 
 43                                                << 
 44 config CRYPTO_FIPS_CUSTOM_VERSION              << 
 45         bool "Use Custom FIPS Module Version"  << 
 46         depends on CRYPTO_FIPS                 << 
 47         default n                              << 
 48                                                << 
 49 config CRYPTO_FIPS_VERSION                     << 
 50         string "FIPS Module Version"           << 
 51         default "(none)"                       << 
 52         depends on CRYPTO_FIPS_CUSTOM_VERSION  << 
 53         help                                   << 
 54           This option provides the ability to  << 
 55           By default the KERNELRELEASE value i << 
 56                                                << 
 57 config CRYPTO_ALGAPI                               35 config CRYPTO_ALGAPI
 58         tristate                                   36         tristate
 59         select CRYPTO_ALGAPI2                      37         select CRYPTO_ALGAPI2
 60         help                                       38         help
 61           This option provides the API for cry     39           This option provides the API for cryptographic algorithms.
 62                                                    40 
 63 config CRYPTO_ALGAPI2                              41 config CRYPTO_ALGAPI2
 64         tristate                                   42         tristate
 65                                                    43 
 66 config CRYPTO_AEAD                                 44 config CRYPTO_AEAD
 67         tristate                                   45         tristate
 68         select CRYPTO_AEAD2                        46         select CRYPTO_AEAD2
 69         select CRYPTO_ALGAPI                       47         select CRYPTO_ALGAPI
 70                                                    48 
 71 config CRYPTO_AEAD2                                49 config CRYPTO_AEAD2
 72         tristate                                   50         tristate
 73         select CRYPTO_ALGAPI2                      51         select CRYPTO_ALGAPI2
                                                   >>  52         select CRYPTO_NULL2
                                                   >>  53         select CRYPTO_RNG2
 74                                                    54 
 75 config CRYPTO_SIG                              !!  55 config CRYPTO_BLKCIPHER
 76         tristate                               << 
 77         select CRYPTO_SIG2                     << 
 78         select CRYPTO_ALGAPI                   << 
 79                                                << 
 80 config CRYPTO_SIG2                             << 
 81         tristate                               << 
 82         select CRYPTO_ALGAPI2                  << 
 83                                                << 
 84 config CRYPTO_SKCIPHER                         << 
 85         tristate                                   56         tristate
 86         select CRYPTO_SKCIPHER2                !!  57         select CRYPTO_BLKCIPHER2
 87         select CRYPTO_ALGAPI                       58         select CRYPTO_ALGAPI
 88         select CRYPTO_ECB                      << 
 89                                                    59 
 90 config CRYPTO_SKCIPHER2                        !!  60 config CRYPTO_BLKCIPHER2
 91         tristate                                   61         tristate
 92         select CRYPTO_ALGAPI2                      62         select CRYPTO_ALGAPI2
                                                   >>  63         select CRYPTO_RNG2
                                                   >>  64         select CRYPTO_WORKQUEUE
 93                                                    65 
 94 config CRYPTO_HASH                                 66 config CRYPTO_HASH
 95         tristate                                   67         tristate
 96         select CRYPTO_HASH2                        68         select CRYPTO_HASH2
 97         select CRYPTO_ALGAPI                       69         select CRYPTO_ALGAPI
 98                                                    70 
 99 config CRYPTO_HASH2                                71 config CRYPTO_HASH2
100         tristate                                   72         tristate
101         select CRYPTO_ALGAPI2                      73         select CRYPTO_ALGAPI2
102                                                    74 
103 config CRYPTO_RNG                                  75 config CRYPTO_RNG
104         tristate                                   76         tristate
105         select CRYPTO_RNG2                         77         select CRYPTO_RNG2
106         select CRYPTO_ALGAPI                       78         select CRYPTO_ALGAPI
107                                                    79 
108 config CRYPTO_RNG2                                 80 config CRYPTO_RNG2
109         tristate                                   81         tristate
110         select CRYPTO_ALGAPI2                      82         select CRYPTO_ALGAPI2
111                                                    83 
112 config CRYPTO_RNG_DEFAULT                          84 config CRYPTO_RNG_DEFAULT
113         tristate                                   85         tristate
114         select CRYPTO_DRBG_MENU                    86         select CRYPTO_DRBG_MENU
115                                                    87 
116 config CRYPTO_AKCIPHER2                            88 config CRYPTO_AKCIPHER2
117         tristate                                   89         tristate
118         select CRYPTO_ALGAPI2                      90         select CRYPTO_ALGAPI2
119                                                    91 
120 config CRYPTO_AKCIPHER                             92 config CRYPTO_AKCIPHER
121         tristate                                   93         tristate
122         select CRYPTO_AKCIPHER2                    94         select CRYPTO_AKCIPHER2
123         select CRYPTO_ALGAPI                       95         select CRYPTO_ALGAPI
124                                                    96 
125 config CRYPTO_KPP2                                 97 config CRYPTO_KPP2
126         tristate                                   98         tristate
127         select CRYPTO_ALGAPI2                      99         select CRYPTO_ALGAPI2
128                                                   100 
129 config CRYPTO_KPP                                 101 config CRYPTO_KPP
130         tristate                                  102         tristate
131         select CRYPTO_ALGAPI                      103         select CRYPTO_ALGAPI
132         select CRYPTO_KPP2                        104         select CRYPTO_KPP2
133                                                   105 
134 config CRYPTO_ACOMP2                              106 config CRYPTO_ACOMP2
135         tristate                                  107         tristate
136         select CRYPTO_ALGAPI2                     108         select CRYPTO_ALGAPI2
137         select SGL_ALLOC                          109         select SGL_ALLOC
138                                                   110 
139 config CRYPTO_ACOMP                               111 config CRYPTO_ACOMP
140         tristate                                  112         tristate
141         select CRYPTO_ALGAPI                      113         select CRYPTO_ALGAPI
142         select CRYPTO_ACOMP2                      114         select CRYPTO_ACOMP2
143                                                   115 
                                                   >> 116 config CRYPTO_RSA
                                                   >> 117         tristate "RSA algorithm"
                                                   >> 118         select CRYPTO_AKCIPHER
                                                   >> 119         select CRYPTO_MANAGER
                                                   >> 120         select MPILIB
                                                   >> 121         select ASN1
                                                   >> 122         help
                                                   >> 123           Generic implementation of the RSA public key algorithm.
                                                   >> 124 
                                                   >> 125 config CRYPTO_DH
                                                   >> 126         tristate "Diffie-Hellman algorithm"
                                                   >> 127         select CRYPTO_KPP
                                                   >> 128         select MPILIB
                                                   >> 129         help
                                                   >> 130           Generic implementation of the Diffie-Hellman algorithm.
                                                   >> 131 
                                                   >> 132 config CRYPTO_ECDH
                                                   >> 133         tristate "ECDH algorithm"
                                                   >> 134         select CRYPTO_KPP
                                                   >> 135         select CRYPTO_RNG_DEFAULT
                                                   >> 136         help
                                                   >> 137           Generic implementation of the ECDH algorithm
                                                   >> 138 
144 config CRYPTO_MANAGER                             139 config CRYPTO_MANAGER
145         tristate "Cryptographic algorithm mana    140         tristate "Cryptographic algorithm manager"
146         select CRYPTO_MANAGER2                    141         select CRYPTO_MANAGER2
147         help                                      142         help
148           Create default cryptographic templat    143           Create default cryptographic template instantiations such as
149           cbc(aes).                               144           cbc(aes).
150                                                   145 
151 config CRYPTO_MANAGER2                            146 config CRYPTO_MANAGER2
152         def_tristate CRYPTO_MANAGER || (CRYPTO    147         def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153         select CRYPTO_ACOMP2                   << 
154         select CRYPTO_AEAD2                       148         select CRYPTO_AEAD2
155         select CRYPTO_AKCIPHER2                << 
156         select CRYPTO_SIG2                     << 
157         select CRYPTO_HASH2                       149         select CRYPTO_HASH2
                                                   >> 150         select CRYPTO_BLKCIPHER2
                                                   >> 151         select CRYPTO_AKCIPHER2
158         select CRYPTO_KPP2                        152         select CRYPTO_KPP2
159         select CRYPTO_RNG2                     !! 153         select CRYPTO_ACOMP2
160         select CRYPTO_SKCIPHER2                << 
161                                                   154 
162 config CRYPTO_USER                                155 config CRYPTO_USER
163         tristate "Userspace cryptographic algo    156         tristate "Userspace cryptographic algorithm configuration"
164         depends on NET                            157         depends on NET
165         select CRYPTO_MANAGER                     158         select CRYPTO_MANAGER
166         help                                      159         help
167           Userspace configuration for cryptogr    160           Userspace configuration for cryptographic instantiations such as
168           cbc(aes).                               161           cbc(aes).
169                                                   162 
170 config CRYPTO_MANAGER_DISABLE_TESTS               163 config CRYPTO_MANAGER_DISABLE_TESTS
171         bool "Disable run-time self tests"        164         bool "Disable run-time self tests"
172         default y                                 165         default y
                                                   >> 166         depends on CRYPTO_MANAGER2
173         help                                      167         help
174           Disable run-time self tests that nor    168           Disable run-time self tests that normally take place at
175           algorithm registration.                 169           algorithm registration.
176                                                   170 
177 config CRYPTO_MANAGER_EXTRA_TESTS              !! 171 config CRYPTO_GF128MUL
178         bool "Enable extra run-time crypto sel !! 172         tristate "GF(2^128) multiplication functions"
179         depends on DEBUG_KERNEL && !CRYPTO_MAN << 
180         help                                      173         help
181           Enable extra run-time self tests of  !! 174           Efficient table driven implementation of multiplications in the
182           including randomized fuzz tests.     !! 175           field GF(2^128).  This is needed by some cypher modes. This
183                                                !! 176           option will be selected automatically if you select such a
184           This is intended for developer use o !! 177           cipher mode.  Only select this option by hand if you expect to load
185           longer to run than the normal self t !! 178           an external module that requires these functions.
186                                                   179 
187 config CRYPTO_NULL                                180 config CRYPTO_NULL
188         tristate "Null algorithms"                181         tristate "Null algorithms"
189         select CRYPTO_NULL2                       182         select CRYPTO_NULL2
190         help                                      183         help
191           These are 'Null' algorithms, used by    184           These are 'Null' algorithms, used by IPsec, which do nothing.
192                                                   185 
193 config CRYPTO_NULL2                               186 config CRYPTO_NULL2
194         tristate                                  187         tristate
195         select CRYPTO_ALGAPI2                     188         select CRYPTO_ALGAPI2
196         select CRYPTO_SKCIPHER2                !! 189         select CRYPTO_BLKCIPHER2
197         select CRYPTO_HASH2                       190         select CRYPTO_HASH2
198                                                   191 
199 config CRYPTO_PCRYPT                              192 config CRYPTO_PCRYPT
200         tristate "Parallel crypto engine"         193         tristate "Parallel crypto engine"
201         depends on SMP                            194         depends on SMP
202         select PADATA                             195         select PADATA
203         select CRYPTO_MANAGER                     196         select CRYPTO_MANAGER
204         select CRYPTO_AEAD                        197         select CRYPTO_AEAD
205         help                                      198         help
206           This converts an arbitrary crypto al    199           This converts an arbitrary crypto algorithm into a parallel
207           algorithm that executes in kernel th    200           algorithm that executes in kernel threads.
208                                                   201 
                                                   >> 202 config CRYPTO_WORKQUEUE
                                                   >> 203        tristate
                                                   >> 204 
209 config CRYPTO_CRYPTD                              205 config CRYPTO_CRYPTD
210         tristate "Software async crypto daemon    206         tristate "Software async crypto daemon"
211         select CRYPTO_SKCIPHER                 !! 207         select CRYPTO_BLKCIPHER
212         select CRYPTO_HASH                        208         select CRYPTO_HASH
213         select CRYPTO_MANAGER                     209         select CRYPTO_MANAGER
                                                   >> 210         select CRYPTO_WORKQUEUE
214         help                                      211         help
215           This is a generic software asynchron    212           This is a generic software asynchronous crypto daemon that
216           converts an arbitrary synchronous so    213           converts an arbitrary synchronous software crypto algorithm
217           into an asynchronous algorithm that     214           into an asynchronous algorithm that executes in a kernel thread.
218                                                   215 
                                                   >> 216 config CRYPTO_MCRYPTD
                                                   >> 217         tristate "Software async multi-buffer crypto daemon"
                                                   >> 218         select CRYPTO_BLKCIPHER
                                                   >> 219         select CRYPTO_HASH
                                                   >> 220         select CRYPTO_MANAGER
                                                   >> 221         select CRYPTO_WORKQUEUE
                                                   >> 222         help
                                                   >> 223           This is a generic software asynchronous crypto daemon that
                                                   >> 224           provides the kernel thread to assist multi-buffer crypto
                                                   >> 225           algorithms for submitting jobs and flushing jobs in multi-buffer
                                                   >> 226           crypto algorithms.  Multi-buffer crypto algorithms are executed
                                                   >> 227           in the context of this kernel thread and drivers can post
                                                   >> 228           their crypto request asynchronously to be processed by this daemon.
                                                   >> 229 
219 config CRYPTO_AUTHENC                             230 config CRYPTO_AUTHENC
220         tristate "Authenc support"                231         tristate "Authenc support"
221         select CRYPTO_AEAD                        232         select CRYPTO_AEAD
222         select CRYPTO_SKCIPHER                 !! 233         select CRYPTO_BLKCIPHER
223         select CRYPTO_MANAGER                     234         select CRYPTO_MANAGER
224         select CRYPTO_HASH                        235         select CRYPTO_HASH
225         select CRYPTO_NULL                        236         select CRYPTO_NULL
226         help                                      237         help
227           Authenc: Combined mode wrapper for I    238           Authenc: Combined mode wrapper for IPsec.
228                                                !! 239           This is required for IPSec.
229           This is required for IPSec ESP (XFRM << 
230                                                   240 
231 config CRYPTO_TEST                                241 config CRYPTO_TEST
232         tristate "Testing module"                 242         tristate "Testing module"
233         depends on m || EXPERT                 !! 243         depends on m
234         select CRYPTO_MANAGER                     244         select CRYPTO_MANAGER
235         help                                      245         help
236           Quick & dirty crypto test module.       246           Quick & dirty crypto test module.
237                                                   247 
238 config CRYPTO_SIMD                                248 config CRYPTO_SIMD
239         tristate                                  249         tristate
240         select CRYPTO_CRYPTD                      250         select CRYPTO_CRYPTD
241                                                   251 
                                                   >> 252 config CRYPTO_GLUE_HELPER_X86
                                                   >> 253         tristate
                                                   >> 254         depends on X86
                                                   >> 255         select CRYPTO_BLKCIPHER
                                                   >> 256 
242 config CRYPTO_ENGINE                              257 config CRYPTO_ENGINE
243         tristate                                  258         tristate
244                                                   259 
245 endmenu                                        !! 260 comment "Authenticated Encryption with Associated Data"
246                                                   261 
247 menu "Public-key cryptography"                 !! 262 config CRYPTO_CCM
                                                   >> 263         tristate "CCM support"
                                                   >> 264         select CRYPTO_CTR
                                                   >> 265         select CRYPTO_HASH
                                                   >> 266         select CRYPTO_AEAD
                                                   >> 267         help
                                                   >> 268           Support for Counter with CBC MAC. Required for IPsec.
248                                                   269 
249 config CRYPTO_RSA                              !! 270 config CRYPTO_GCM
250         tristate "RSA (Rivest-Shamir-Adleman)" !! 271         tristate "GCM/GMAC support"
251         select CRYPTO_AKCIPHER                 !! 272         select CRYPTO_CTR
252         select CRYPTO_MANAGER                  !! 273         select CRYPTO_AEAD
253         select MPILIB                          !! 274         select CRYPTO_GHASH
254         select ASN1                            !! 275         select CRYPTO_NULL
255         help                                      276         help
256           RSA (Rivest-Shamir-Adleman) public k !! 277           Support for Galois/Counter Mode (GCM) and Galois Message
                                                   >> 278           Authentication Code (GMAC). Required for IPSec.
257                                                   279 
258 config CRYPTO_DH                               !! 280 config CRYPTO_CHACHA20POLY1305
259         tristate "DH (Diffie-Hellman)"         !! 281         tristate "ChaCha20-Poly1305 AEAD support"
260         select CRYPTO_KPP                      !! 282         select CRYPTO_CHACHA20
261         select MPILIB                          !! 283         select CRYPTO_POLY1305
                                                   >> 284         select CRYPTO_AEAD
262         help                                      285         help
263           DH (Diffie-Hellman) key exchange alg !! 286           ChaCha20-Poly1305 AEAD support, RFC7539.
264                                                   287 
265 config CRYPTO_DH_RFC7919_GROUPS                !! 288           Support for the AEAD wrapper using the ChaCha20 stream cipher combined
266         bool "RFC 7919 FFDHE groups"           !! 289           with the Poly1305 authenticator. It is defined in RFC7539 for use in
267         depends on CRYPTO_DH                   !! 290           IETF protocols.
268         select CRYPTO_RNG_DEFAULT              !! 291 
                                                   >> 292 config CRYPTO_AEGIS128
                                                   >> 293         tristate "AEGIS-128 AEAD algorithm"
                                                   >> 294         select CRYPTO_AEAD
                                                   >> 295         select CRYPTO_AES  # for AES S-box tables
269         help                                      296         help
270           FFDHE (Finite-Field-based Diffie-Hel !! 297          Support for the AEGIS-128 dedicated AEAD algorithm.
271           defined in RFC7919.                  << 
272                                                   298 
273           Support these finite-field groups in !! 299 config CRYPTO_AEGIS128L
274           - ffdhe2048, ffdhe3072, ffdhe4096, f !! 300         tristate "AEGIS-128L AEAD algorithm"
                                                   >> 301         select CRYPTO_AEAD
                                                   >> 302         select CRYPTO_AES  # for AES S-box tables
                                                   >> 303         help
                                                   >> 304          Support for the AEGIS-128L dedicated AEAD algorithm.
275                                                   305 
276           If unsure, say N.                    !! 306 config CRYPTO_AEGIS256
                                                   >> 307         tristate "AEGIS-256 AEAD algorithm"
                                                   >> 308         select CRYPTO_AEAD
                                                   >> 309         select CRYPTO_AES  # for AES S-box tables
                                                   >> 310         help
                                                   >> 311          Support for the AEGIS-256 dedicated AEAD algorithm.
277                                                   312 
278 config CRYPTO_ECC                              !! 313 config CRYPTO_AEGIS128_AESNI_SSE2
279         tristate                               !! 314         tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
280         select CRYPTO_RNG_DEFAULT              !! 315         depends on X86 && 64BIT
                                                   >> 316         select CRYPTO_AEAD
                                                   >> 317         select CRYPTO_CRYPTD
                                                   >> 318         help
                                                   >> 319          AESNI+SSE2 implementation of the AEGSI-128 dedicated AEAD algorithm.
281                                                   320 
282 config CRYPTO_ECDH                             !! 321 config CRYPTO_AEGIS128L_AESNI_SSE2
283         tristate "ECDH (Elliptic Curve Diffie- !! 322         tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
284         select CRYPTO_ECC                      !! 323         depends on X86 && 64BIT
285         select CRYPTO_KPP                      !! 324         select CRYPTO_AEAD
                                                   >> 325         select CRYPTO_CRYPTD
286         help                                      326         help
287           ECDH (Elliptic Curve Diffie-Hellman) !! 327          AESNI+SSE2 implementation of the AEGSI-128L dedicated AEAD algorithm.
288           using curves P-192, P-256, and P-384 << 
289                                                   328 
290 config CRYPTO_ECDSA                            !! 329 config CRYPTO_AEGIS256_AESNI_SSE2
291         tristate "ECDSA (Elliptic Curve Digita !! 330         tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
292         select CRYPTO_ECC                      !! 331         depends on X86 && 64BIT
293         select CRYPTO_AKCIPHER                 !! 332         select CRYPTO_AEAD
294         select ASN1                            !! 333         select CRYPTO_CRYPTD
295         help                                      334         help
296           ECDSA (Elliptic Curve Digital Signat !! 335          AESNI+SSE2 implementation of the AEGSI-256 dedicated AEAD algorithm.
297           ISO/IEC 14888-3)                     !! 336 
298           using curves P-192, P-256, and P-384 !! 337 config CRYPTO_MORUS640
299                                                !! 338         tristate "MORUS-640 AEAD algorithm"
300           Only signature verification is imple !! 339         select CRYPTO_AEAD
301                                                << 
302 config CRYPTO_ECRDSA                           << 
303         tristate "EC-RDSA (Elliptic Curve Russ << 
304         select CRYPTO_ECC                      << 
305         select CRYPTO_AKCIPHER                 << 
306         select CRYPTO_STREEBOG                 << 
307         select OID_REGISTRY                    << 
308         select ASN1                            << 
309         help                                      340         help
310           Elliptic Curve Russian Digital Signa !! 341           Support for the MORUS-640 dedicated AEAD algorithm.
311           RFC 7091, ISO/IEC 14888-3)           << 
312                                                   342 
313           One of the Russian cryptographic sta !! 343 config CRYPTO_MORUS640_GLUE
314           algorithms). Only signature verifica !! 344         tristate
                                                   >> 345         depends on X86
                                                   >> 346         select CRYPTO_AEAD
                                                   >> 347         select CRYPTO_CRYPTD
                                                   >> 348         help
                                                   >> 349           Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
                                                   >> 350           algorithm.
315                                                   351 
316 config CRYPTO_CURVE25519                       !! 352 config CRYPTO_MORUS640_SSE2
317         tristate "Curve25519"                  !! 353         tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
318         select CRYPTO_KPP                      !! 354         depends on X86 && 64BIT
319         select CRYPTO_LIB_CURVE25519_GENERIC   !! 355         select CRYPTO_AEAD
                                                   >> 356         select CRYPTO_MORUS640_GLUE
320         help                                      357         help
321           Curve25519 elliptic curve (RFC7748)  !! 358           SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
322                                                   359 
323 endmenu                                        !! 360 config CRYPTO_MORUS1280
                                                   >> 361         tristate "MORUS-1280 AEAD algorithm"
                                                   >> 362         select CRYPTO_AEAD
                                                   >> 363         help
                                                   >> 364           Support for the MORUS-1280 dedicated AEAD algorithm.
324                                                   365 
325 menu "Block ciphers"                           !! 366 config CRYPTO_MORUS1280_GLUE
                                                   >> 367         tristate
                                                   >> 368         depends on X86
                                                   >> 369         select CRYPTO_AEAD
                                                   >> 370         select CRYPTO_CRYPTD
                                                   >> 371         help
                                                   >> 372           Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
                                                   >> 373           algorithm.
326                                                   374 
327 config CRYPTO_AES                              !! 375 config CRYPTO_MORUS1280_SSE2
328         tristate "AES (Advanced Encryption Sta !! 376         tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
329         select CRYPTO_ALGAPI                   !! 377         depends on X86 && 64BIT
330         select CRYPTO_LIB_AES                  !! 378         select CRYPTO_AEAD
                                                   >> 379         select CRYPTO_MORUS1280_GLUE
331         help                                      380         help
332           AES cipher algorithms (Rijndael)(FIP !! 381           SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
                                                   >> 382           algorithm.
333                                                   383 
334           Rijndael appears to be consistently  !! 384 config CRYPTO_MORUS1280_AVX2
335           both hardware and software across a  !! 385         tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
336           environments regardless of its use i !! 386         depends on X86 && 64BIT
337           modes. Its key setup time is excelle !! 387         select CRYPTO_AEAD
338           good. Rijndael's very low memory req !! 388         select CRYPTO_MORUS1280_GLUE
339           suited for restricted-space environm !! 389         help
340           demonstrates excellent performance.  !! 390           AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
341           among the easiest to defend against  !! 391           algorithm.
342                                                   392 
343           The AES specifies three key sizes: 1 !! 393 config CRYPTO_SEQIV
                                                   >> 394         tristate "Sequence Number IV Generator"
                                                   >> 395         select CRYPTO_AEAD
                                                   >> 396         select CRYPTO_BLKCIPHER
                                                   >> 397         select CRYPTO_NULL
                                                   >> 398         select CRYPTO_RNG_DEFAULT
                                                   >> 399         help
                                                   >> 400           This IV generator generates an IV based on a sequence number by
                                                   >> 401           xoring it with a salt.  This algorithm is mainly useful for CTR
344                                                   402 
345 config CRYPTO_AES_TI                           !! 403 config CRYPTO_ECHAINIV
346         tristate "AES (Advanced Encryption Sta !! 404         tristate "Encrypted Chain IV Generator"
347         select CRYPTO_ALGAPI                   !! 405         select CRYPTO_AEAD
348         select CRYPTO_LIB_AES                  !! 406         select CRYPTO_NULL
                                                   >> 407         select CRYPTO_RNG_DEFAULT
                                                   >> 408         default m
349         help                                      409         help
350           AES cipher algorithms (Rijndael)(FIP !! 410           This IV generator generates an IV based on the encryption of
                                                   >> 411           a sequence number xored with a salt.  This is the default
                                                   >> 412           algorithm for CBC.
351                                                   413 
352           This is a generic implementation of  !! 414 comment "Block modes"
353           data dependent latencies as much as  << 
354           performance too much. It is intended << 
355           and GCM drivers, and other CTR or CM << 
356           solely on encryption (although decry << 
357           with a more dramatic performance hit << 
358                                                   415 
359           Instead of using 16 lookup tables of !! 416 config CRYPTO_CBC
360           8 for decryption), this implementati !! 417         tristate "CBC support"
361           256 bytes each, and attempts to elim !! 418         select CRYPTO_BLKCIPHER
362           prefetching the entire table into th !! 419         select CRYPTO_MANAGER
363           block. Interrupts are also disabled  !! 420         help
364           are evicted when the CPU is interrup !! 421           CBC: Cipher Block Chaining mode
                                                   >> 422           This block cipher algorithm is required for IPSec.
365                                                   423 
366 config CRYPTO_ANUBIS                           !! 424 config CRYPTO_CFB
367         tristate "Anubis"                      !! 425         tristate "CFB support"
368         depends on CRYPTO_USER_API_ENABLE_OBSO !! 426         select CRYPTO_BLKCIPHER
369         select CRYPTO_ALGAPI                   !! 427         select CRYPTO_MANAGER
370         help                                      428         help
371           Anubis cipher algorithm              !! 429           CFB: Cipher FeedBack mode
                                                   >> 430           This block cipher algorithm is required for TPM2 Cryptography.
372                                                   431 
373           Anubis is a variable key length ciph !! 432 config CRYPTO_CTR
374           128 bits to 320 bits in length.  It  !! 433         tristate "CTR support"
375           in the NESSIE competition.           !! 434         select CRYPTO_BLKCIPHER
                                                   >> 435         select CRYPTO_SEQIV
                                                   >> 436         select CRYPTO_MANAGER
                                                   >> 437         help
                                                   >> 438           CTR: Counter mode
                                                   >> 439           This block cipher algorithm is required for IPSec.
376                                                   440 
377           See https://web.archive.org/web/2016 !! 441 config CRYPTO_CTS
378           for further information.             !! 442         tristate "CTS support"
                                                   >> 443         select CRYPTO_BLKCIPHER
                                                   >> 444         help
                                                   >> 445           CTS: Cipher Text Stealing
                                                   >> 446           This is the Cipher Text Stealing mode as described by
                                                   >> 447           Section 8 of rfc2040 and referenced by rfc3962.
                                                   >> 448           (rfc3962 includes errata information in its Appendix A)
                                                   >> 449           This mode is required for Kerberos gss mechanism support
                                                   >> 450           for AES encryption.
379                                                   451 
380 config CRYPTO_ARIA                             !! 452 config CRYPTO_ECB
381         tristate "ARIA"                        !! 453         tristate "ECB support"
382         select CRYPTO_ALGAPI                   !! 454         select CRYPTO_BLKCIPHER
                                                   >> 455         select CRYPTO_MANAGER
383         help                                      456         help
384           ARIA cipher algorithm (RFC5794)      !! 457           ECB: Electronic CodeBook mode
                                                   >> 458           This is the simplest block cipher algorithm.  It simply encrypts
                                                   >> 459           the input block by block.
385                                                   460 
386           ARIA is a standard encryption algori !! 461 config CRYPTO_LRW
387           The ARIA specifies three key sizes a !! 462         tristate "LRW support"
388           128-bit: 12 rounds.                  !! 463         select CRYPTO_BLKCIPHER
389           192-bit: 14 rounds.                  !! 464         select CRYPTO_MANAGER
390           256-bit: 16 rounds.                  !! 465         select CRYPTO_GF128MUL
                                                   >> 466         help
                                                   >> 467           LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
                                                   >> 468           narrow block cipher mode for dm-crypt.  Use it with cipher
                                                   >> 469           specification string aes-lrw-benbi, the key must be 256, 320 or 384.
                                                   >> 470           The first 128, 192 or 256 bits in the key are used for AES and the
                                                   >> 471           rest is used to tie each cipher block to its logical position.
391                                                   472 
392           See:                                 !! 473 config CRYPTO_PCBC
393           https://seed.kisa.or.kr/kisa/algorit !! 474         tristate "PCBC support"
                                                   >> 475         select CRYPTO_BLKCIPHER
                                                   >> 476         select CRYPTO_MANAGER
                                                   >> 477         help
                                                   >> 478           PCBC: Propagating Cipher Block Chaining mode
                                                   >> 479           This block cipher algorithm is required for RxRPC.
394                                                   480 
395 config CRYPTO_BLOWFISH                         !! 481 config CRYPTO_XTS
396         tristate "Blowfish"                    !! 482         tristate "XTS support"
397         select CRYPTO_ALGAPI                   !! 483         select CRYPTO_BLKCIPHER
398         select CRYPTO_BLOWFISH_COMMON          !! 484         select CRYPTO_MANAGER
                                                   >> 485         select CRYPTO_ECB
399         help                                      486         help
400           Blowfish cipher algorithm, by Bruce  !! 487           XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
                                                   >> 488           key size 256, 384 or 512 bits. This implementation currently
                                                   >> 489           can't handle a sectorsize which is not a multiple of 16 bytes.
401                                                   490 
402           This is a variable key length cipher !! 491 config CRYPTO_KEYWRAP
403           bits to 448 bits in length.  It's fa !! 492         tristate "Key wrapping support"
404           designed for use on "large microproc !! 493         select CRYPTO_BLKCIPHER
                                                   >> 494         help
                                                   >> 495           Support for key wrapping (NIST SP800-38F / RFC3394) without
                                                   >> 496           padding.
405                                                   497 
406           See https://www.schneier.com/blowfis !! 498 comment "Hash modes"
407                                                   499 
408 config CRYPTO_BLOWFISH_COMMON                  !! 500 config CRYPTO_CMAC
409         tristate                               !! 501         tristate "CMAC support"
                                                   >> 502         select CRYPTO_HASH
                                                   >> 503         select CRYPTO_MANAGER
410         help                                      504         help
411           Common parts of the Blowfish cipher  !! 505           Cipher-based Message Authentication Code (CMAC) specified by
412           generic c and the assembler implemen !! 506           The National Institute of Standards and Technology (NIST).
413                                                   507 
414 config CRYPTO_CAMELLIA                         !! 508           https://tools.ietf.org/html/rfc4493
415         tristate "Camellia"                    !! 509           http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
416         select CRYPTO_ALGAPI                   !! 510 
                                                   >> 511 config CRYPTO_HMAC
                                                   >> 512         tristate "HMAC support"
                                                   >> 513         select CRYPTO_HASH
                                                   >> 514         select CRYPTO_MANAGER
417         help                                      515         help
418           Camellia cipher algorithms (ISO/IEC  !! 516           HMAC: Keyed-Hashing for Message Authentication (RFC2104).
                                                   >> 517           This is required for IPSec.
419                                                   518 
420           Camellia is a symmetric key block ci !! 519 config CRYPTO_XCBC
421           at NTT and Mitsubishi Electric Corpo !! 520         tristate "XCBC support"
                                                   >> 521         select CRYPTO_HASH
                                                   >> 522         select CRYPTO_MANAGER
                                                   >> 523         help
                                                   >> 524           XCBC: Keyed-Hashing with encryption algorithm
                                                   >> 525                 http://www.ietf.org/rfc/rfc3566.txt
                                                   >> 526                 http://csrc.nist.gov/encryption/modes/proposedmodes/
                                                   >> 527                  xcbc-mac/xcbc-mac-spec.pdf
422                                                   528 
423           The Camellia specifies three key siz !! 529 config CRYPTO_VMAC
                                                   >> 530         tristate "VMAC support"
                                                   >> 531         select CRYPTO_HASH
                                                   >> 532         select CRYPTO_MANAGER
                                                   >> 533         help
                                                   >> 534           VMAC is a message authentication algorithm designed for
                                                   >> 535           very high speed on 64-bit architectures.
424                                                   536 
425           See https://info.isl.ntt.co.jp/crypt !! 537           See also:
                                                   >> 538           <http://fastcrypto.org/vmac>
426                                                   539 
427 config CRYPTO_CAST_COMMON                      !! 540 comment "Digest"
428         tristate                               << 
429         help                                   << 
430           Common parts of the CAST cipher algo << 
431           generic c and the assembler implemen << 
432                                                   541 
433 config CRYPTO_CAST5                            !! 542 config CRYPTO_CRC32C
434         tristate "CAST5 (CAST-128)"            !! 543         tristate "CRC32c CRC algorithm"
435         select CRYPTO_ALGAPI                   !! 544         select CRYPTO_HASH
436         select CRYPTO_CAST_COMMON              !! 545         select CRC32
                                                   >> 546         help
                                                   >> 547           Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
                                                   >> 548           by iSCSI for header and data digests and by others.
                                                   >> 549           See Castagnoli93.  Module will be crc32c.
                                                   >> 550 
                                                   >> 551 config CRYPTO_CRC32C_INTEL
                                                   >> 552         tristate "CRC32c INTEL hardware acceleration"
                                                   >> 553         depends on X86
                                                   >> 554         select CRYPTO_HASH
                                                   >> 555         help
                                                   >> 556           In Intel processor with SSE4.2 supported, the processor will
                                                   >> 557           support CRC32C implementation using hardware accelerated CRC32
                                                   >> 558           instruction. This option will create 'crc32c-intel' module,
                                                   >> 559           which will enable any routine to use the CRC32 instruction to
                                                   >> 560           gain performance compared with software implementation.
                                                   >> 561           Module will be crc32c-intel.
                                                   >> 562 
                                                   >> 563 config CRYPTO_CRC32C_VPMSUM
                                                   >> 564         tristate "CRC32c CRC algorithm (powerpc64)"
                                                   >> 565         depends on PPC64 && ALTIVEC
                                                   >> 566         select CRYPTO_HASH
                                                   >> 567         select CRC32
437         help                                      568         help
438           CAST5 (CAST-128) cipher algorithm (R !! 569           CRC32c algorithm implemented using vector polynomial multiply-sum
                                                   >> 570           (vpmsum) instructions, introduced in POWER8. Enable on POWER8
                                                   >> 571           and newer processors for improved performance.
439                                                   572 
440 config CRYPTO_CAST6                            !! 573 
441         tristate "CAST6 (CAST-256)"            !! 574 config CRYPTO_CRC32C_SPARC64
442         select CRYPTO_ALGAPI                   !! 575         tristate "CRC32c CRC algorithm (SPARC64)"
443         select CRYPTO_CAST_COMMON              !! 576         depends on SPARC64
                                                   >> 577         select CRYPTO_HASH
                                                   >> 578         select CRC32
444         help                                      579         help
445           CAST6 (CAST-256) encryption algorith !! 580           CRC32c CRC algorithm implemented using sparc64 crypto instructions,
                                                   >> 581           when available.
446                                                   582 
447 config CRYPTO_DES                              !! 583 config CRYPTO_CRC32
448         tristate "DES and Triple DES EDE"      !! 584         tristate "CRC32 CRC algorithm"
449         select CRYPTO_ALGAPI                   !! 585         select CRYPTO_HASH
450         select CRYPTO_LIB_DES                  !! 586         select CRC32
451         help                                      587         help
452           DES (Data Encryption Standard)(FIPS  !! 588           CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
453           Triple DES EDE (Encrypt/Decrypt/Encr !! 589           Shash crypto api wrappers to crc32_le function.
454           cipher algorithms                    << 
455                                                   590 
456 config CRYPTO_FCRYPT                           !! 591 config CRYPTO_CRC32_PCLMUL
457         tristate "FCrypt"                      !! 592         tristate "CRC32 PCLMULQDQ hardware acceleration"
458         select CRYPTO_ALGAPI                   !! 593         depends on X86
459         select CRYPTO_SKCIPHER                 !! 594         select CRYPTO_HASH
                                                   >> 595         select CRC32
                                                   >> 596         help
                                                   >> 597           From Intel Westmere and AMD Bulldozer processor with SSE4.2
                                                   >> 598           and PCLMULQDQ supported, the processor will support
                                                   >> 599           CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
                                                   >> 600           instruction. This option will create 'crc32-plcmul' module,
                                                   >> 601           which will enable any routine to use the CRC-32-IEEE 802.3 checksum
                                                   >> 602           and gain better performance as compared with the table implementation.
                                                   >> 603 
                                                   >> 604 config CRYPTO_CRC32_MIPS
                                                   >> 605         tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
                                                   >> 606         depends on MIPS_CRC_SUPPORT
                                                   >> 607         select CRYPTO_HASH
460         help                                      608         help
461           FCrypt algorithm used by RxRPC       !! 609           CRC32c and CRC32 CRC algorithms implemented using mips crypto
                                                   >> 610           instructions, when available.
462                                                   611 
463           See https://ota.polyonymo.us/fcrypt- << 
464                                                   612 
465 config CRYPTO_KHAZAD                           !! 613 config CRYPTO_CRCT10DIF
466         tristate "Khazad"                      !! 614         tristate "CRCT10DIF algorithm"
467         depends on CRYPTO_USER_API_ENABLE_OBSO !! 615         select CRYPTO_HASH
468         select CRYPTO_ALGAPI                   << 
469         help                                      616         help
470           Khazad cipher algorithm              !! 617           CRC T10 Data Integrity Field computation is being cast as
                                                   >> 618           a crypto transform.  This allows for faster crc t10 diff
                                                   >> 619           transforms to be used if they are available.
471                                                   620 
472           Khazad was a finalist in the initial !! 621 config CRYPTO_CRCT10DIF_PCLMUL
473           an algorithm optimized for 64-bit pr !! 622         tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
474           on 32-bit processors.  Khazad uses a !! 623         depends on X86 && 64BIT && CRC_T10DIF
                                                   >> 624         select CRYPTO_HASH
                                                   >> 625         help
                                                   >> 626           For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
                                                   >> 627           CRC T10 DIF PCLMULQDQ computation can be hardware
                                                   >> 628           accelerated PCLMULQDQ instruction. This option will create
                                                   >> 629           'crct10dif-plcmul' module, which is faster when computing the
                                                   >> 630           crct10dif checksum as compared with the generic table implementation.
475                                                   631 
476           See https://web.archive.org/web/2017 !! 632 config CRYPTO_CRCT10DIF_VPMSUM
477           for further information.             !! 633         tristate "CRC32T10DIF powerpc64 hardware acceleration"
                                                   >> 634         depends on PPC64 && ALTIVEC && CRC_T10DIF
                                                   >> 635         select CRYPTO_HASH
                                                   >> 636         help
                                                   >> 637           CRC10T10DIF algorithm implemented using vector polynomial
                                                   >> 638           multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
                                                   >> 639           POWER8 and newer processors for improved performance.
478                                                   640 
479 config CRYPTO_SEED                             !! 641 config CRYPTO_VPMSUM_TESTER
480         tristate "SEED"                        !! 642         tristate "Powerpc64 vpmsum hardware acceleration tester"
481         depends on CRYPTO_USER_API_ENABLE_OBSO !! 643         depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
482         select CRYPTO_ALGAPI                   << 
483         help                                      644         help
484           SEED cipher algorithm (RFC4269, ISO/ !! 645           Stress test for CRC32c and CRC-T10DIF algorithms implemented with
                                                   >> 646           POWER8 vpmsum instructions.
                                                   >> 647           Unless you are testing these algorithms, you don't need this.
485                                                   648 
486           SEED is a 128-bit symmetric key bloc !! 649 config CRYPTO_GHASH
487           developed by KISA (Korea Information !! 650         tristate "GHASH digest algorithm"
488           national standard encryption algorit !! 651         select CRYPTO_GF128MUL
489           It is a 16 round block cipher with t !! 652         select CRYPTO_HASH
                                                   >> 653         help
                                                   >> 654           GHASH is message digest algorithm for GCM (Galois/Counter Mode).
490                                                   655 
491           See https://seed.kisa.or.kr/kisa/alg !! 656 config CRYPTO_POLY1305
492           for further information.             !! 657         tristate "Poly1305 authenticator algorithm"
                                                   >> 658         select CRYPTO_HASH
                                                   >> 659         help
                                                   >> 660           Poly1305 authenticator algorithm, RFC7539.
493                                                   661 
494 config CRYPTO_SERPENT                          !! 662           Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
495         tristate "Serpent"                     !! 663           It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
496         select CRYPTO_ALGAPI                   !! 664           in IETF protocols. This is the portable C implementation of Poly1305.
                                                   >> 665 
                                                   >> 666 config CRYPTO_POLY1305_X86_64
                                                   >> 667         tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
                                                   >> 668         depends on X86 && 64BIT
                                                   >> 669         select CRYPTO_POLY1305
497         help                                      670         help
498           Serpent cipher algorithm, by Anderso !! 671           Poly1305 authenticator algorithm, RFC7539.
499                                                   672 
500           Keys are allowed to be from 0 to 256 !! 673           Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
501           of 8 bits.                           !! 674           It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
                                                   >> 675           in IETF protocols. This is the x86_64 assembler implementation using SIMD
                                                   >> 676           instructions.
502                                                   677 
503           See https://www.cl.cam.ac.uk/~rja14/ !! 678 config CRYPTO_MD4
                                                   >> 679         tristate "MD4 digest algorithm"
                                                   >> 680         select CRYPTO_HASH
                                                   >> 681         help
                                                   >> 682           MD4 message digest algorithm (RFC1320).
504                                                   683 
505 config CRYPTO_SM4                              !! 684 config CRYPTO_MD5
506         tristate                               !! 685         tristate "MD5 digest algorithm"
                                                   >> 686         select CRYPTO_HASH
                                                   >> 687         help
                                                   >> 688           MD5 message digest algorithm (RFC1321).
507                                                   689 
508 config CRYPTO_SM4_GENERIC                      !! 690 config CRYPTO_MD5_OCTEON
509         tristate "SM4 (ShangMi 4)"             !! 691         tristate "MD5 digest algorithm (OCTEON)"
510         select CRYPTO_ALGAPI                   !! 692         depends on CPU_CAVIUM_OCTEON
511         select CRYPTO_SM4                      !! 693         select CRYPTO_MD5
                                                   >> 694         select CRYPTO_HASH
512         help                                      695         help
513           SM4 cipher algorithms (OSCCA GB/T 32 !! 696           MD5 message digest algorithm (RFC1321) implemented
514           ISO/IEC 18033-3:2010/Amd 1:2021)     !! 697           using OCTEON crypto instructions, when available.
515                                                   698 
516           SM4 (GBT.32907-2016) is a cryptograp !! 699 config CRYPTO_MD5_PPC
517           Organization of State Commercial Adm !! 700         tristate "MD5 digest algorithm (PPC)"
518           as an authorized cryptographic algor !! 701         depends on PPC
                                                   >> 702         select CRYPTO_HASH
                                                   >> 703         help
                                                   >> 704           MD5 message digest algorithm (RFC1321) implemented
                                                   >> 705           in PPC assembler.
519                                                   706 
520           SMS4 was originally created for use  !! 707 config CRYPTO_MD5_SPARC64
521           networks, and is mandated in the Chi !! 708         tristate "MD5 digest algorithm (SPARC64)"
522           Wireless LAN WAPI (Wired Authenticat !! 709         depends on SPARC64
523           (GB.15629.11-2003).                  !! 710         select CRYPTO_MD5
                                                   >> 711         select CRYPTO_HASH
                                                   >> 712         help
                                                   >> 713           MD5 message digest algorithm (RFC1321) implemented
                                                   >> 714           using sparc64 crypto instructions, when available.
524                                                   715 
525           The latest SM4 standard (GBT.32907-2 !! 716 config CRYPTO_MICHAEL_MIC
526           standardized through TC 260 of the S !! 717         tristate "Michael MIC keyed digest algorithm"
527           of the People's Republic of China (S !! 718         select CRYPTO_HASH
                                                   >> 719         help
                                                   >> 720           Michael MIC is used for message integrity protection in TKIP
                                                   >> 721           (IEEE 802.11i). This algorithm is required for TKIP, but it
                                                   >> 722           should not be used for other purposes because of the weakness
                                                   >> 723           of the algorithm.
528                                                   724 
529           The input, output, and key of SMS4 a !! 725 config CRYPTO_RMD128
                                                   >> 726         tristate "RIPEMD-128 digest algorithm"
                                                   >> 727         select CRYPTO_HASH
                                                   >> 728         help
                                                   >> 729           RIPEMD-128 (ISO/IEC 10118-3:2004).
530                                                   730 
531           See https://eprint.iacr.org/2008/329 !! 731           RIPEMD-128 is a 128-bit cryptographic hash function. It should only
                                                   >> 732           be used as a secure replacement for RIPEMD. For other use cases,
                                                   >> 733           RIPEMD-160 should be used.
532                                                   734 
533           If unsure, say N.                    !! 735           Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
                                                   >> 736           See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534                                                   737 
535 config CRYPTO_TEA                              !! 738 config CRYPTO_RMD160
536         tristate "TEA, XTEA and XETA"          !! 739         tristate "RIPEMD-160 digest algorithm"
537         depends on CRYPTO_USER_API_ENABLE_OBSO !! 740         select CRYPTO_HASH
538         select CRYPTO_ALGAPI                   << 
539         help                                      741         help
540           TEA (Tiny Encryption Algorithm) ciph !! 742           RIPEMD-160 (ISO/IEC 10118-3:2004).
541                                                   743 
542           Tiny Encryption Algorithm is a simpl !! 744           RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
543           many rounds for security.  It is ver !! 745           to be used as a secure replacement for the 128-bit hash functions
544           little memory.                       !! 746           MD4, MD5 and it's predecessor RIPEMD
                                                   >> 747           (not to be confused with RIPEMD-128).
545                                                   748 
546           Xtendend Tiny Encryption Algorithm i !! 749           It's speed is comparable to SHA1 and there are no known attacks
547           the TEA algorithm to address a poten !! 750           against RIPEMD-160.
548           in the TEA algorithm.                << 
549                                                   751 
550           Xtendend Encryption Tiny Algorithm i !! 752           Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
551           of the XTEA algorithm for compatibil !! 753           See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
552                                                   754 
553 config CRYPTO_TWOFISH                          !! 755 config CRYPTO_RMD256
554         tristate "Twofish"                     !! 756         tristate "RIPEMD-256 digest algorithm"
555         select CRYPTO_ALGAPI                   !! 757         select CRYPTO_HASH
556         select CRYPTO_TWOFISH_COMMON           << 
557         help                                      758         help
558           Twofish cipher algorithm             !! 759           RIPEMD-256 is an optional extension of RIPEMD-128 with a
                                                   >> 760           256 bit hash. It is intended for applications that require
                                                   >> 761           longer hash-results, without needing a larger security level
                                                   >> 762           (than RIPEMD-128).
559                                                   763 
560           Twofish was submitted as an AES (Adv !! 764           Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
561           candidate cipher by researchers at C !! 765           See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
562           16 round block cipher supporting key !! 766 
563           bits.                                !! 767 config CRYPTO_RMD320
                                                   >> 768         tristate "RIPEMD-320 digest algorithm"
                                                   >> 769         select CRYPTO_HASH
                                                   >> 770         help
                                                   >> 771           RIPEMD-320 is an optional extension of RIPEMD-160 with a
                                                   >> 772           320 bit hash. It is intended for applications that require
                                                   >> 773           longer hash-results, without needing a larger security level
                                                   >> 774           (than RIPEMD-160).
564                                                   775 
565           See https://www.schneier.com/twofish !! 776           Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
                                                   >> 777           See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
566                                                   778 
567 config CRYPTO_TWOFISH_COMMON                   !! 779 config CRYPTO_SHA1
568         tristate                               !! 780         tristate "SHA1 digest algorithm"
                                                   >> 781         select CRYPTO_HASH
569         help                                      782         help
570           Common parts of the Twofish cipher a !! 783           SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
571           generic c and the assembler implemen << 
572                                                   784 
573 endmenu                                        !! 785 config CRYPTO_SHA1_SSSE3
                                                   >> 786         tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
                                                   >> 787         depends on X86 && 64BIT
                                                   >> 788         select CRYPTO_SHA1
                                                   >> 789         select CRYPTO_HASH
                                                   >> 790         help
                                                   >> 791           SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
                                                   >> 792           using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
                                                   >> 793           Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
                                                   >> 794           when available.
574                                                   795 
575 menu "Length-preserving ciphers and modes"     !! 796 config CRYPTO_SHA256_SSSE3
                                                   >> 797         tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
                                                   >> 798         depends on X86 && 64BIT
                                                   >> 799         select CRYPTO_SHA256
                                                   >> 800         select CRYPTO_HASH
                                                   >> 801         help
                                                   >> 802           SHA-256 secure hash standard (DFIPS 180-2) implemented
                                                   >> 803           using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
                                                   >> 804           Extensions version 1 (AVX1), or Advanced Vector Extensions
                                                   >> 805           version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
                                                   >> 806           Instructions) when available.
                                                   >> 807 
                                                   >> 808 config CRYPTO_SHA512_SSSE3
                                                   >> 809         tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
                                                   >> 810         depends on X86 && 64BIT
                                                   >> 811         select CRYPTO_SHA512
                                                   >> 812         select CRYPTO_HASH
                                                   >> 813         help
                                                   >> 814           SHA-512 secure hash standard (DFIPS 180-2) implemented
                                                   >> 815           using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
                                                   >> 816           Extensions version 1 (AVX1), or Advanced Vector Extensions
                                                   >> 817           version 2 (AVX2) instructions, when available.
                                                   >> 818 
                                                   >> 819 config CRYPTO_SHA1_OCTEON
                                                   >> 820         tristate "SHA1 digest algorithm (OCTEON)"
                                                   >> 821         depends on CPU_CAVIUM_OCTEON
                                                   >> 822         select CRYPTO_SHA1
                                                   >> 823         select CRYPTO_HASH
                                                   >> 824         help
                                                   >> 825           SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
                                                   >> 826           using OCTEON crypto instructions, when available.
                                                   >> 827 
                                                   >> 828 config CRYPTO_SHA1_SPARC64
                                                   >> 829         tristate "SHA1 digest algorithm (SPARC64)"
                                                   >> 830         depends on SPARC64
                                                   >> 831         select CRYPTO_SHA1
                                                   >> 832         select CRYPTO_HASH
                                                   >> 833         help
                                                   >> 834           SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
                                                   >> 835           using sparc64 crypto instructions, when available.
                                                   >> 836 
                                                   >> 837 config CRYPTO_SHA1_PPC
                                                   >> 838         tristate "SHA1 digest algorithm (powerpc)"
                                                   >> 839         depends on PPC
                                                   >> 840         help
                                                   >> 841           This is the powerpc hardware accelerated implementation of the
                                                   >> 842           SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
                                                   >> 843 
                                                   >> 844 config CRYPTO_SHA1_PPC_SPE
                                                   >> 845         tristate "SHA1 digest algorithm (PPC SPE)"
                                                   >> 846         depends on PPC && SPE
                                                   >> 847         help
                                                   >> 848           SHA-1 secure hash standard (DFIPS 180-4) implemented
                                                   >> 849           using powerpc SPE SIMD instruction set.
                                                   >> 850 
                                                   >> 851 config CRYPTO_SHA1_MB
                                                   >> 852         tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
                                                   >> 853         depends on X86 && 64BIT
                                                   >> 854         select CRYPTO_SHA1
                                                   >> 855         select CRYPTO_HASH
                                                   >> 856         select CRYPTO_MCRYPTD
                                                   >> 857         help
                                                   >> 858           SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
                                                   >> 859           using multi-buffer technique.  This algorithm computes on
                                                   >> 860           multiple data lanes concurrently with SIMD instructions for
                                                   >> 861           better throughput.  It should not be enabled by default but
                                                   >> 862           used when there is significant amount of work to keep the keep
                                                   >> 863           the data lanes filled to get performance benefit.  If the data
                                                   >> 864           lanes remain unfilled, a flush operation will be initiated to
                                                   >> 865           process the crypto jobs, adding a slight latency.
                                                   >> 866 
                                                   >> 867 config CRYPTO_SHA256_MB
                                                   >> 868         tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)"
                                                   >> 869         depends on X86 && 64BIT
                                                   >> 870         select CRYPTO_SHA256
                                                   >> 871         select CRYPTO_HASH
                                                   >> 872         select CRYPTO_MCRYPTD
                                                   >> 873         help
                                                   >> 874           SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
                                                   >> 875           using multi-buffer technique.  This algorithm computes on
                                                   >> 876           multiple data lanes concurrently with SIMD instructions for
                                                   >> 877           better throughput.  It should not be enabled by default but
                                                   >> 878           used when there is significant amount of work to keep the keep
                                                   >> 879           the data lanes filled to get performance benefit.  If the data
                                                   >> 880           lanes remain unfilled, a flush operation will be initiated to
                                                   >> 881           process the crypto jobs, adding a slight latency.
                                                   >> 882 
                                                   >> 883 config CRYPTO_SHA512_MB
                                                   >> 884         tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)"
                                                   >> 885         depends on X86 && 64BIT
                                                   >> 886         select CRYPTO_SHA512
                                                   >> 887         select CRYPTO_HASH
                                                   >> 888         select CRYPTO_MCRYPTD
                                                   >> 889         help
                                                   >> 890           SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
                                                   >> 891           using multi-buffer technique.  This algorithm computes on
                                                   >> 892           multiple data lanes concurrently with SIMD instructions for
                                                   >> 893           better throughput.  It should not be enabled by default but
                                                   >> 894           used when there is significant amount of work to keep the keep
                                                   >> 895           the data lanes filled to get performance benefit.  If the data
                                                   >> 896           lanes remain unfilled, a flush operation will be initiated to
                                                   >> 897           process the crypto jobs, adding a slight latency.
576                                                   898 
577 config CRYPTO_ADIANTUM                         !! 899 config CRYPTO_SHA256
578         tristate "Adiantum"                    !! 900         tristate "SHA224 and SHA256 digest algorithm"
579         select CRYPTO_CHACHA20                 !! 901         select CRYPTO_HASH
580         select CRYPTO_LIB_POLY1305_GENERIC     << 
581         select CRYPTO_NHPOLY1305               << 
582         select CRYPTO_MANAGER                  << 
583         help                                      902         help
584           Adiantum tweakable, length-preservin !! 903           SHA256 secure hash standard (DFIPS 180-2).
585                                                   904 
586           Designed for fast and secure disk en !! 905           This version of SHA implements a 256 bit hash with 128 bits of
587           CPUs without dedicated crypto instru !! 906           security against collision attacks.
588           each sector using the XChaCha12 stre << 
589           an ε-almost-∆-universal hash func << 
590           the AES-256 block cipher on a single << 
591           without AES instructions, Adiantum i << 
592           AES-XTS.                             << 
593                                                << 
594           Adiantum's security is provably redu << 
595           underlying stream and block ciphers, << 
596           bound.  Unlike XTS, Adiantum is a tr << 
597           mode, so it actually provides an eve << 
598           security than XTS, subject to the se << 
599                                                   907 
600           If unsure, say N.                    !! 908           This code also includes SHA-224, a 224 bit hash with 112 bits
                                                   >> 909           of security against collision attacks.
601                                                   910 
602 config CRYPTO_ARC4                             !! 911 config CRYPTO_SHA256_PPC_SPE
603         tristate "ARC4 (Alleged Rivest Cipher  !! 912         tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
604         depends on CRYPTO_USER_API_ENABLE_OBSO !! 913         depends on PPC && SPE
605         select CRYPTO_SKCIPHER                 !! 914         select CRYPTO_SHA256
606         select CRYPTO_LIB_ARC4                 !! 915         select CRYPTO_HASH
607         help                                      916         help
608           ARC4 cipher algorithm                !! 917           SHA224 and SHA256 secure hash standard (DFIPS 180-2)
                                                   >> 918           implemented using powerpc SPE SIMD instruction set.
609                                                   919 
610           ARC4 is a stream cipher using keys r !! 920 config CRYPTO_SHA256_OCTEON
611           bits in length.  This algorithm is r !! 921         tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
612           WEP, but it should not be for other  !! 922         depends on CPU_CAVIUM_OCTEON
613           weakness of the algorithm.           !! 923         select CRYPTO_SHA256
                                                   >> 924         select CRYPTO_HASH
                                                   >> 925         help
                                                   >> 926           SHA-256 secure hash standard (DFIPS 180-2) implemented
                                                   >> 927           using OCTEON crypto instructions, when available.
614                                                   928 
615 config CRYPTO_CHACHA20                         !! 929 config CRYPTO_SHA256_SPARC64
616         tristate "ChaCha"                      !! 930         tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
617         select CRYPTO_LIB_CHACHA_GENERIC       !! 931         depends on SPARC64
618         select CRYPTO_SKCIPHER                 !! 932         select CRYPTO_SHA256
                                                   >> 933         select CRYPTO_HASH
619         help                                      934         help
620           The ChaCha20, XChaCha20, and XChaCha !! 935           SHA-256 secure hash standard (DFIPS 180-2) implemented
                                                   >> 936           using sparc64 crypto instructions, when available.
621                                                   937 
622           ChaCha20 is a 256-bit high-speed str !! 938 config CRYPTO_SHA512
623           Bernstein and further specified in R !! 939         tristate "SHA384 and SHA512 digest algorithms"
624           This is the portable C implementatio !! 940         select CRYPTO_HASH
625           https://cr.yp.to/chacha/chacha-20080 !! 941         help
                                                   >> 942           SHA512 secure hash standard (DFIPS 180-2).
626                                                   943 
627           XChaCha20 is the application of the  !! 944           This version of SHA implements a 512 bit hash with 256 bits of
628           rather than to Salsa20.  XChaCha20 e !! 945           security against collision attacks.
629           from 64 bits (or 96 bits using the R << 
630           while provably retaining ChaCha20's  << 
631           https://cr.yp.to/snuffle/xsalsa-2008 << 
632                                                << 
633           XChaCha12 is XChaCha20 reduced to 12 << 
634           reduced security margin but increase << 
635           in some performance-sensitive scenar << 
636                                                   946 
637 config CRYPTO_CBC                              !! 947           This code also includes SHA-384, a 384 bit hash with 192 bits
638         tristate "CBC (Cipher Block Chaining)" !! 948           of security against collision attacks.
639         select CRYPTO_SKCIPHER                 !! 949 
640         select CRYPTO_MANAGER                  !! 950 config CRYPTO_SHA512_OCTEON
                                                   >> 951         tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
                                                   >> 952         depends on CPU_CAVIUM_OCTEON
                                                   >> 953         select CRYPTO_SHA512
                                                   >> 954         select CRYPTO_HASH
641         help                                      955         help
642           CBC (Cipher Block Chaining) mode (NI !! 956           SHA-512 secure hash standard (DFIPS 180-2) implemented
                                                   >> 957           using OCTEON crypto instructions, when available.
643                                                   958 
644           This block cipher mode is required f !! 959 config CRYPTO_SHA512_SPARC64
                                                   >> 960         tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
                                                   >> 961         depends on SPARC64
                                                   >> 962         select CRYPTO_SHA512
                                                   >> 963         select CRYPTO_HASH
                                                   >> 964         help
                                                   >> 965           SHA-512 secure hash standard (DFIPS 180-2) implemented
                                                   >> 966           using sparc64 crypto instructions, when available.
645                                                   967 
646 config CRYPTO_CTR                              !! 968 config CRYPTO_SHA3
647         tristate "CTR (Counter)"               !! 969         tristate "SHA3 digest algorithm"
648         select CRYPTO_SKCIPHER                 !! 970         select CRYPTO_HASH
649         select CRYPTO_MANAGER                  << 
650         help                                      971         help
651           CTR (Counter) mode (NIST SP800-38A)  !! 972           SHA-3 secure hash standard (DFIPS 202). It's based on
                                                   >> 973           cryptographic sponge function family called Keccak.
652                                                   974 
653 config CRYPTO_CTS                              !! 975           References:
654         tristate "CTS (Cipher Text Stealing)"  !! 976           http://keccak.noekeon.org/
655         select CRYPTO_SKCIPHER                 !! 977 
656         select CRYPTO_MANAGER                  !! 978 config CRYPTO_SM3
                                                   >> 979         tristate "SM3 digest algorithm"
                                                   >> 980         select CRYPTO_HASH
657         help                                      981         help
658           CBC-CS3 variant of CTS (Cipher Text  !! 982           SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
659           Addendum to SP800-38A (October 2010) !! 983           It is part of the Chinese Commercial Cryptography suite.
660                                                   984 
661           This mode is required for Kerberos g !! 985           References:
662           for AES encryption.                  !! 986           http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
                                                   >> 987           https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
663                                                   988 
664 config CRYPTO_ECB                              !! 989 config CRYPTO_TGR192
665         tristate "ECB (Electronic Codebook)"   !! 990         tristate "Tiger digest algorithms"
666         select CRYPTO_SKCIPHER2                !! 991         select CRYPTO_HASH
667         select CRYPTO_MANAGER                  << 
668         help                                      992         help
669           ECB (Electronic Codebook) mode (NIST !! 993           Tiger hash algorithm 192, 160 and 128-bit hashes
670                                                   994 
671 config CRYPTO_HCTR2                            !! 995           Tiger is a hash function optimized for 64-bit processors while
672         tristate "HCTR2"                       !! 996           still having decent performance on 32-bit processors.
673         select CRYPTO_XCTR                     !! 997           Tiger was developed by Ross Anderson and Eli Biham.
674         select CRYPTO_POLYVAL                  !! 998 
675         select CRYPTO_MANAGER                  !! 999           See also:
                                                   >> 1000           <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
                                                   >> 1001 
                                                   >> 1002 config CRYPTO_WP512
                                                   >> 1003         tristate "Whirlpool digest algorithms"
                                                   >> 1004         select CRYPTO_HASH
676         help                                      1005         help
677           HCTR2 length-preserving encryption m !! 1006           Whirlpool hash algorithm 512, 384 and 256-bit hashes
678                                                   1007 
679           A mode for storage encryption that i !! 1008           Whirlpool-512 is part of the NESSIE cryptographic primitives.
680           instructions to accelerate AES and c !! 1009           Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
681           x86 processors with AES-NI and CLMUL << 
682           ARMv8 crypto extensions.             << 
683                                                   1010 
684           See https://eprint.iacr.org/2021/144 !! 1011           See also:
                                                   >> 1012           <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
685                                                   1013 
686 config CRYPTO_KEYWRAP                          !! 1014 config CRYPTO_GHASH_CLMUL_NI_INTEL
687         tristate "KW (AES Key Wrap)"           !! 1015         tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
688         select CRYPTO_SKCIPHER                 !! 1016         depends on X86 && 64BIT
689         select CRYPTO_MANAGER                  !! 1017         select CRYPTO_CRYPTD
690         help                                      1018         help
691           KW (AES Key Wrap) authenticated encr !! 1019           GHASH is message digest algorithm for GCM (Galois/Counter Mode).
692           and RFC3394) without padding.        !! 1020           The implementation is accelerated by CLMUL-NI of Intel.
693                                                   1021 
694 config CRYPTO_LRW                              !! 1022 comment "Ciphers"
695         tristate "LRW (Liskov Rivest Wagner)"  !! 1023 
696         select CRYPTO_LIB_GF128MUL             !! 1024 config CRYPTO_AES
697         select CRYPTO_SKCIPHER                 !! 1025         tristate "AES cipher algorithms"
698         select CRYPTO_MANAGER                  !! 1026         select CRYPTO_ALGAPI
699         select CRYPTO_ECB                      << 
700         help                                      1027         help
701           LRW (Liskov Rivest Wagner) mode      !! 1028           AES cipher algorithms (FIPS-197). AES uses the Rijndael
                                                   >> 1029           algorithm.
702                                                   1030 
703           A tweakable, non malleable, non mova !! 1031           Rijndael appears to be consistently a very good performer in
704           narrow block cipher mode for dm-cryp !! 1032           both hardware and software across a wide range of computing
705           specification string aes-lrw-benbi,  !! 1033           environments regardless of its use in feedback or non-feedback
706           The first 128, 192 or 256 bits in th !! 1034           modes. Its key setup time is excellent, and its key agility is
707           rest is used to tie each cipher bloc !! 1035           good. Rijndael's very low memory requirements make it very well
                                                   >> 1036           suited for restricted-space environments, in which it also
                                                   >> 1037           demonstrates excellent performance. Rijndael's operations are
                                                   >> 1038           among the easiest to defend against power and timing attacks.
708                                                   1039 
709           See https://people.csail.mit.edu/riv !! 1040           The AES specifies three key sizes: 128, 192 and 256 bits
710                                                   1041 
711 config CRYPTO_PCBC                             !! 1042           See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
712         tristate "PCBC (Propagating Cipher Blo !! 1043 
713         select CRYPTO_SKCIPHER                 !! 1044 config CRYPTO_AES_TI
714         select CRYPTO_MANAGER                  !! 1045         tristate "Fixed time AES cipher"
                                                   >> 1046         select CRYPTO_ALGAPI
715         help                                      1047         help
716           PCBC (Propagating Cipher Block Chain !! 1048           This is a generic implementation of AES that attempts to eliminate
                                                   >> 1049           data dependent latencies as much as possible without affecting
                                                   >> 1050           performance too much. It is intended for use by the generic CCM
                                                   >> 1051           and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
                                                   >> 1052           solely on encryption (although decryption is supported as well, but
                                                   >> 1053           with a more dramatic performance hit)
717                                                   1054 
718           This block cipher mode is required f !! 1055           Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
                                                   >> 1056           8 for decryption), this implementation only uses just two S-boxes of
                                                   >> 1057           256 bytes each, and attempts to eliminate data dependent latencies by
                                                   >> 1058           prefetching the entire table into the cache at the start of each
                                                   >> 1059           block. Interrupts are also disabled to avoid races where cachelines
                                                   >> 1060           are evicted when the CPU is interrupted to do something else.
719                                                   1061 
720 config CRYPTO_XCTR                             !! 1062 config CRYPTO_AES_586
721         tristate                               !! 1063         tristate "AES cipher algorithms (i586)"
722         select CRYPTO_SKCIPHER                 !! 1064         depends on (X86 || UML_X86) && !64BIT
723         select CRYPTO_MANAGER                  !! 1065         select CRYPTO_ALGAPI
                                                   >> 1066         select CRYPTO_AES
724         help                                      1067         help
725           XCTR (XOR Counter) mode for HCTR2    !! 1068           AES cipher algorithms (FIPS-197). AES uses the Rijndael
                                                   >> 1069           algorithm.
726                                                   1070 
727           This blockcipher mode is a variant o !! 1071           Rijndael appears to be consistently a very good performer in
728           addition rather than big-endian arit !! 1072           both hardware and software across a wide range of computing
                                                   >> 1073           environments regardless of its use in feedback or non-feedback
                                                   >> 1074           modes. Its key setup time is excellent, and its key agility is
                                                   >> 1075           good. Rijndael's very low memory requirements make it very well
                                                   >> 1076           suited for restricted-space environments, in which it also
                                                   >> 1077           demonstrates excellent performance. Rijndael's operations are
                                                   >> 1078           among the easiest to defend against power and timing attacks.
729                                                   1079 
730           XCTR mode is used to implement HCTR2 !! 1080           The AES specifies three key sizes: 128, 192 and 256 bits
731                                                   1081 
732 config CRYPTO_XTS                              !! 1082           See <http://csrc.nist.gov/encryption/aes/> for more information.
733         tristate "XTS (XOR Encrypt XOR with ci << 
734         select CRYPTO_SKCIPHER                 << 
735         select CRYPTO_MANAGER                  << 
736         select CRYPTO_ECB                      << 
737         help                                   << 
738           XTS (XOR Encrypt XOR with ciphertext << 
739           and IEEE 1619)                       << 
740                                                   1083 
741           Use with aes-xts-plain, key size 256 !! 1084 config CRYPTO_AES_X86_64
742           implementation currently can't handl !! 1085         tristate "AES cipher algorithms (x86_64)"
743           multiple of 16 bytes.                !! 1086         depends on (X86 || UML_X86) && 64BIT
                                                   >> 1087         select CRYPTO_ALGAPI
                                                   >> 1088         select CRYPTO_AES
                                                   >> 1089         help
                                                   >> 1090           AES cipher algorithms (FIPS-197). AES uses the Rijndael
                                                   >> 1091           algorithm.
744                                                   1092 
745 config CRYPTO_NHPOLY1305                       !! 1093           Rijndael appears to be consistently a very good performer in
746         tristate                               !! 1094           both hardware and software across a wide range of computing
747         select CRYPTO_HASH                     !! 1095           environments regardless of its use in feedback or non-feedback
748         select CRYPTO_LIB_POLY1305_GENERIC     !! 1096           modes. Its key setup time is excellent, and its key agility is
                                                   >> 1097           good. Rijndael's very low memory requirements make it very well
                                                   >> 1098           suited for restricted-space environments, in which it also
                                                   >> 1099           demonstrates excellent performance. Rijndael's operations are
                                                   >> 1100           among the easiest to defend against power and timing attacks.
749                                                   1101 
750 endmenu                                        !! 1102           The AES specifies three key sizes: 128, 192 and 256 bits
751                                                   1103 
752 menu "AEAD (authenticated encryption with asso !! 1104           See <http://csrc.nist.gov/encryption/aes/> for more information.
753                                                   1105 
754 config CRYPTO_AEGIS128                         !! 1106 config CRYPTO_AES_NI_INTEL
755         tristate "AEGIS-128"                   !! 1107         tristate "AES cipher algorithms (AES-NI)"
                                                   >> 1108         depends on X86
756         select CRYPTO_AEAD                        1109         select CRYPTO_AEAD
757         select CRYPTO_AES  # for AES S-box tab !! 1110         select CRYPTO_AES_X86_64 if 64BIT
                                                   >> 1111         select CRYPTO_AES_586 if !64BIT
                                                   >> 1112         select CRYPTO_ALGAPI
                                                   >> 1113         select CRYPTO_BLKCIPHER
                                                   >> 1114         select CRYPTO_GLUE_HELPER_X86 if 64BIT
                                                   >> 1115         select CRYPTO_SIMD
758         help                                      1116         help
759           AEGIS-128 AEAD algorithm             !! 1117           Use Intel AES-NI instructions for AES algorithm.
760                                                   1118 
761 config CRYPTO_AEGIS128_SIMD                    !! 1119           AES cipher algorithms (FIPS-197). AES uses the Rijndael
762         bool "AEGIS-128 (arm NEON, arm64 NEON) !! 1120           algorithm.
763         depends on CRYPTO_AEGIS128 && ((ARM || !! 1121 
764         default y                              !! 1122           Rijndael appears to be consistently a very good performer in
                                                   >> 1123           both hardware and software across a wide range of computing
                                                   >> 1124           environments regardless of its use in feedback or non-feedback
                                                   >> 1125           modes. Its key setup time is excellent, and its key agility is
                                                   >> 1126           good. Rijndael's very low memory requirements make it very well
                                                   >> 1127           suited for restricted-space environments, in which it also
                                                   >> 1128           demonstrates excellent performance. Rijndael's operations are
                                                   >> 1129           among the easiest to defend against power and timing attacks.
                                                   >> 1130 
                                                   >> 1131           The AES specifies three key sizes: 128, 192 and 256 bits
                                                   >> 1132 
                                                   >> 1133           See <http://csrc.nist.gov/encryption/aes/> for more information.
                                                   >> 1134 
                                                   >> 1135           In addition to AES cipher algorithm support, the acceleration
                                                   >> 1136           for some popular block cipher mode is supported too, including
                                                   >> 1137           ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
                                                   >> 1138           acceleration for CTR.
                                                   >> 1139 
                                                   >> 1140 config CRYPTO_AES_SPARC64
                                                   >> 1141         tristate "AES cipher algorithms (SPARC64)"
                                                   >> 1142         depends on SPARC64
                                                   >> 1143         select CRYPTO_CRYPTD
                                                   >> 1144         select CRYPTO_ALGAPI
765         help                                      1145         help
766           AEGIS-128 AEAD algorithm             !! 1146           Use SPARC64 crypto opcodes for AES algorithm.
767                                                   1147 
768           Architecture: arm or arm64 using:    !! 1148           AES cipher algorithms (FIPS-197). AES uses the Rijndael
769           - NEON (Advanced SIMD) extension     !! 1149           algorithm.
770                                                   1150 
771 config CRYPTO_CHACHA20POLY1305                 !! 1151           Rijndael appears to be consistently a very good performer in
772         tristate "ChaCha20-Poly1305"           !! 1152           both hardware and software across a wide range of computing
773         select CRYPTO_CHACHA20                 !! 1153           environments regardless of its use in feedback or non-feedback
774         select CRYPTO_POLY1305                 !! 1154           modes. Its key setup time is excellent, and its key agility is
775         select CRYPTO_AEAD                     !! 1155           good. Rijndael's very low memory requirements make it very well
776         select CRYPTO_MANAGER                  !! 1156           suited for restricted-space environments, in which it also
                                                   >> 1157           demonstrates excellent performance. Rijndael's operations are
                                                   >> 1158           among the easiest to defend against power and timing attacks.
                                                   >> 1159 
                                                   >> 1160           The AES specifies three key sizes: 128, 192 and 256 bits
                                                   >> 1161 
                                                   >> 1162           See <http://csrc.nist.gov/encryption/aes/> for more information.
                                                   >> 1163 
                                                   >> 1164           In addition to AES cipher algorithm support, the acceleration
                                                   >> 1165           for some popular block cipher mode is supported too, including
                                                   >> 1166           ECB and CBC.
                                                   >> 1167 
                                                   >> 1168 config CRYPTO_AES_PPC_SPE
                                                   >> 1169         tristate "AES cipher algorithms (PPC SPE)"
                                                   >> 1170         depends on PPC && SPE
                                                   >> 1171         help
                                                   >> 1172           AES cipher algorithms (FIPS-197). Additionally the acceleration
                                                   >> 1173           for popular block cipher modes ECB, CBC, CTR and XTS is supported.
                                                   >> 1174           This module should only be used for low power (router) devices
                                                   >> 1175           without hardware AES acceleration (e.g. caam crypto). It reduces the
                                                   >> 1176           size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
                                                   >> 1177           timining attacks. Nevertheless it might be not as secure as other
                                                   >> 1178           architecture specific assembler implementations that work on 1KB
                                                   >> 1179           tables or 256 bytes S-boxes.
                                                   >> 1180 
                                                   >> 1181 config CRYPTO_ANUBIS
                                                   >> 1182         tristate "Anubis cipher algorithm"
                                                   >> 1183         select CRYPTO_ALGAPI
777         help                                      1184         help
778           ChaCha20 stream cipher and Poly1305  !! 1185           Anubis cipher algorithm.
779           mode (RFC8439)                       << 
780                                                   1186 
781 config CRYPTO_CCM                              !! 1187           Anubis is a variable key length cipher which can use keys from
782         tristate "CCM (Counter with Cipher Blo !! 1188           128 bits to 320 bits in length.  It was evaluated as a entrant
783         select CRYPTO_CTR                      !! 1189           in the NESSIE competition.
784         select CRYPTO_HASH                     !! 1190 
785         select CRYPTO_AEAD                     !! 1191           See also:
786         select CRYPTO_MANAGER                  !! 1192           <https://www.cosic.esat.kuleuven.be/nessie/reports/>
                                                   >> 1193           <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
                                                   >> 1194 
                                                   >> 1195 config CRYPTO_ARC4
                                                   >> 1196         tristate "ARC4 cipher algorithm"
                                                   >> 1197         select CRYPTO_BLKCIPHER
787         help                                      1198         help
788           CCM (Counter with Cipher Block Chain !! 1199           ARC4 cipher algorithm.
789           authenticated encryption mode (NIST  << 
790                                                   1200 
791 config CRYPTO_GCM                              !! 1201           ARC4 is a stream cipher using keys ranging from 8 bits to 2048
792         tristate "GCM (Galois/Counter Mode) an !! 1202           bits in length.  This algorithm is required for driver-based
793         select CRYPTO_CTR                      !! 1203           WEP, but it should not be for other purposes because of the
794         select CRYPTO_AEAD                     !! 1204           weakness of the algorithm.
795         select CRYPTO_GHASH                    !! 1205 
796         select CRYPTO_NULL                     !! 1206 config CRYPTO_BLOWFISH
797         select CRYPTO_MANAGER                  !! 1207         tristate "Blowfish cipher algorithm"
                                                   >> 1208         select CRYPTO_ALGAPI
                                                   >> 1209         select CRYPTO_BLOWFISH_COMMON
798         help                                      1210         help
799           GCM (Galois/Counter Mode) authentica !! 1211           Blowfish cipher algorithm, by Bruce Schneier.
800           (GCM Message Authentication Code) (N << 
801                                                   1212 
802           This is required for IPSec ESP (XFRM !! 1213           This is a variable key length cipher which can use keys from 32
                                                   >> 1214           bits to 448 bits in length.  It's fast, simple and specifically
                                                   >> 1215           designed for use on "large microprocessors".
                                                   >> 1216 
                                                   >> 1217           See also:
                                                   >> 1218           <http://www.schneier.com/blowfish.html>
803                                                   1219 
804 config CRYPTO_GENIV                            !! 1220 config CRYPTO_BLOWFISH_COMMON
805         tristate                                  1221         tristate
806         select CRYPTO_AEAD                     !! 1222         help
807         select CRYPTO_NULL                     !! 1223           Common parts of the Blowfish cipher algorithm shared by the
808         select CRYPTO_MANAGER                  !! 1224           generic c and the assembler implementations.
809         select CRYPTO_RNG_DEFAULT              << 
810                                                   1225 
811 config CRYPTO_SEQIV                            !! 1226           See also:
812         tristate "Sequence Number IV Generator !! 1227           <http://www.schneier.com/blowfish.html>
813         select CRYPTO_GENIV                    !! 1228 
                                                   >> 1229 config CRYPTO_BLOWFISH_X86_64
                                                   >> 1230         tristate "Blowfish cipher algorithm (x86_64)"
                                                   >> 1231         depends on X86 && 64BIT
                                                   >> 1232         select CRYPTO_BLKCIPHER
                                                   >> 1233         select CRYPTO_BLOWFISH_COMMON
814         help                                      1234         help
815           Sequence Number IV generator         !! 1235           Blowfish cipher algorithm (x86_64), by Bruce Schneier.
816                                                   1236 
817           This IV generator generates an IV ba !! 1237           This is a variable key length cipher which can use keys from 32
818           xoring it with a salt.  This algorit !! 1238           bits to 448 bits in length.  It's fast, simple and specifically
                                                   >> 1239           designed for use on "large microprocessors".
819                                                   1240 
820           This is required for IPsec ESP (XFRM !! 1241           See also:
                                                   >> 1242           <http://www.schneier.com/blowfish.html>
821                                                   1243 
822 config CRYPTO_ECHAINIV                         !! 1244 config CRYPTO_CAMELLIA
823         tristate "Encrypted Chain IV Generator !! 1245         tristate "Camellia cipher algorithms"
824         select CRYPTO_GENIV                    !! 1246         depends on CRYPTO
                                                   >> 1247         select CRYPTO_ALGAPI
825         help                                      1248         help
826           Encrypted Chain IV generator         !! 1249           Camellia cipher algorithms module.
827                                                   1250 
828           This IV generator generates an IV ba !! 1251           Camellia is a symmetric key block cipher developed jointly
829           a sequence number xored with a salt. !! 1252           at NTT and Mitsubishi Electric Corporation.
830           algorithm for CBC.                   << 
831                                                   1253 
832 config CRYPTO_ESSIV                            !! 1254           The Camellia specifies three key sizes: 128, 192 and 256 bits.
833         tristate "Encrypted Salt-Sector IV Gen !! 1255 
834         select CRYPTO_AUTHENC                  !! 1256           See also:
                                                   >> 1257           <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
                                                   >> 1258 
                                                   >> 1259 config CRYPTO_CAMELLIA_X86_64
                                                   >> 1260         tristate "Camellia cipher algorithm (x86_64)"
                                                   >> 1261         depends on X86 && 64BIT
                                                   >> 1262         depends on CRYPTO
                                                   >> 1263         select CRYPTO_BLKCIPHER
                                                   >> 1264         select CRYPTO_GLUE_HELPER_X86
835         help                                      1265         help
836           Encrypted Salt-Sector IV generator   !! 1266           Camellia cipher algorithm module (x86_64).
837                                                   1267 
838           This IV generator is used in some ca !! 1268           Camellia is a symmetric key block cipher developed jointly
839           dm-crypt. It uses the hash of the bl !! 1269           at NTT and Mitsubishi Electric Corporation.
840           symmetric key for a block encryption << 
841           IV, making low entropy IV sources mo << 
842           encryption.                          << 
843                                                   1270 
844           This driver implements a crypto API  !! 1271           The Camellia specifies three key sizes: 128, 192 and 256 bits.
845           instantiated either as an skcipher o << 
846           type of the first template argument) << 
847           and decryption requests to the encap << 
848           ESSIV to the input IV. Note that in  << 
849           that the keys are presented in the s << 
850           template, and that the IV appears at << 
851           associated data (AAD) region (which  << 
852                                                   1272 
853           Note that the use of ESSIV is not re !! 1273           See also:
854           and so this only needs to be enabled !! 1274           <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
855           existing encrypted volumes of filesy << 
856           building for a particular system tha << 
857           the SoC in question has accelerated  << 
858           combined with ESSIV the only feasibl << 
859           block encryption)                    << 
860                                                   1275 
861 endmenu                                        !! 1276 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
                                                   >> 1277         tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
                                                   >> 1278         depends on X86 && 64BIT
                                                   >> 1279         depends on CRYPTO
                                                   >> 1280         select CRYPTO_BLKCIPHER
                                                   >> 1281         select CRYPTO_CAMELLIA_X86_64
                                                   >> 1282         select CRYPTO_GLUE_HELPER_X86
                                                   >> 1283         select CRYPTO_SIMD
                                                   >> 1284         select CRYPTO_XTS
                                                   >> 1285         help
                                                   >> 1286           Camellia cipher algorithm module (x86_64/AES-NI/AVX).
862                                                   1287 
863 menu "Hashes, digests, and MACs"               !! 1288           Camellia is a symmetric key block cipher developed jointly
                                                   >> 1289           at NTT and Mitsubishi Electric Corporation.
864                                                   1290 
865 config CRYPTO_BLAKE2B                          !! 1291           The Camellia specifies three key sizes: 128, 192 and 256 bits.
866         tristate "BLAKE2b"                     !! 1292 
867         select CRYPTO_HASH                     !! 1293           See also:
                                                   >> 1294           <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
                                                   >> 1295 
                                                   >> 1296 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
                                                   >> 1297         tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
                                                   >> 1298         depends on X86 && 64BIT
                                                   >> 1299         depends on CRYPTO
                                                   >> 1300         select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
868         help                                      1301         help
869           BLAKE2b cryptographic hash function  !! 1302           Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
870                                                   1303 
871           BLAKE2b is optimized for 64-bit plat !! 1304           Camellia is a symmetric key block cipher developed jointly
872           of any size between 1 and 64 bytes.  !! 1305           at NTT and Mitsubishi Electric Corporation.
873                                                   1306 
874           This module provides the following a !! 1307           The Camellia specifies three key sizes: 128, 192 and 256 bits.
875           - blake2b-160                        << 
876           - blake2b-256                        << 
877           - blake2b-384                        << 
878           - blake2b-512                        << 
879                                                   1308 
880           Used by the btrfs filesystem.        !! 1309           See also:
                                                   >> 1310           <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
881                                                   1311 
882           See https://blake2.net for further i !! 1312 config CRYPTO_CAMELLIA_SPARC64
                                                   >> 1313         tristate "Camellia cipher algorithm (SPARC64)"
                                                   >> 1314         depends on SPARC64
                                                   >> 1315         depends on CRYPTO
                                                   >> 1316         select CRYPTO_ALGAPI
                                                   >> 1317         help
                                                   >> 1318           Camellia cipher algorithm module (SPARC64).
883                                                   1319 
884 config CRYPTO_CMAC                             !! 1320           Camellia is a symmetric key block cipher developed jointly
885         tristate "CMAC (Cipher-based MAC)"     !! 1321           at NTT and Mitsubishi Electric Corporation.
886         select CRYPTO_HASH                     !! 1322 
887         select CRYPTO_MANAGER                  !! 1323           The Camellia specifies three key sizes: 128, 192 and 256 bits.
                                                   >> 1324 
                                                   >> 1325           See also:
                                                   >> 1326           <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
                                                   >> 1327 
                                                   >> 1328 config CRYPTO_CAST_COMMON
                                                   >> 1329         tristate
888         help                                      1330         help
889           CMAC (Cipher-based Message Authentic !! 1331           Common parts of the CAST cipher algorithms shared by the
890           mode (NIST SP800-38B and IETF RFC449 !! 1332           generic c and the assembler implementations.
891                                                   1333 
892 config CRYPTO_GHASH                            !! 1334 config CRYPTO_CAST5
893         tristate "GHASH"                       !! 1335         tristate "CAST5 (CAST-128) cipher algorithm"
894         select CRYPTO_HASH                     !! 1336         select CRYPTO_ALGAPI
895         select CRYPTO_LIB_GF128MUL             !! 1337         select CRYPTO_CAST_COMMON
896         help                                      1338         help
897           GCM GHASH function (NIST SP800-38D)  !! 1339           The CAST5 encryption algorithm (synonymous with CAST-128) is
                                                   >> 1340           described in RFC2144.
898                                                   1341 
899 config CRYPTO_HMAC                             !! 1342 config CRYPTO_CAST5_AVX_X86_64
900         tristate "HMAC (Keyed-Hash MAC)"       !! 1343         tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
901         select CRYPTO_HASH                     !! 1344         depends on X86 && 64BIT
902         select CRYPTO_MANAGER                  !! 1345         select CRYPTO_BLKCIPHER
                                                   >> 1346         select CRYPTO_CAST5
                                                   >> 1347         select CRYPTO_CAST_COMMON
                                                   >> 1348         select CRYPTO_SIMD
903         help                                      1349         help
904           HMAC (Keyed-Hash Message Authenticat !! 1350           The CAST5 encryption algorithm (synonymous with CAST-128) is
905           RFC2104)                             !! 1351           described in RFC2144.
906                                                   1352 
907           This is required for IPsec AH (XFRM_ !! 1353           This module provides the Cast5 cipher algorithm that processes
                                                   >> 1354           sixteen blocks parallel using the AVX instruction set.
908                                                   1355 
909 config CRYPTO_MD4                              !! 1356 config CRYPTO_CAST6
910         tristate "MD4"                         !! 1357         tristate "CAST6 (CAST-256) cipher algorithm"
911         select CRYPTO_HASH                     !! 1358         select CRYPTO_ALGAPI
                                                   >> 1359         select CRYPTO_CAST_COMMON
912         help                                      1360         help
913           MD4 message digest algorithm (RFC132 !! 1361           The CAST6 encryption algorithm (synonymous with CAST-256) is
                                                   >> 1362           described in RFC2612.
914                                                   1363 
915 config CRYPTO_MD5                              !! 1364 config CRYPTO_CAST6_AVX_X86_64
916         tristate "MD5"                         !! 1365         tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
917         select CRYPTO_HASH                     !! 1366         depends on X86 && 64BIT
                                                   >> 1367         select CRYPTO_BLKCIPHER
                                                   >> 1368         select CRYPTO_CAST6
                                                   >> 1369         select CRYPTO_CAST_COMMON
                                                   >> 1370         select CRYPTO_GLUE_HELPER_X86
                                                   >> 1371         select CRYPTO_SIMD
                                                   >> 1372         select CRYPTO_XTS
918         help                                      1373         help
919           MD5 message digest algorithm (RFC132 !! 1374           The CAST6 encryption algorithm (synonymous with CAST-256) is
                                                   >> 1375           described in RFC2612.
920                                                   1376 
921 config CRYPTO_MICHAEL_MIC                      !! 1377           This module provides the Cast6 cipher algorithm that processes
922         tristate "Michael MIC"                 !! 1378           eight blocks parallel using the AVX instruction set.
923         select CRYPTO_HASH                     << 
924         help                                   << 
925           Michael MIC (Message Integrity Code) << 
926                                                   1379 
927           Defined by the IEEE 802.11i TKIP (Te !! 1380 config CRYPTO_DES
928           known as WPA (Wif-Fi Protected Acces !! 1381         tristate "DES and Triple DES EDE cipher algorithms"
                                                   >> 1382         select CRYPTO_ALGAPI
                                                   >> 1383         help
                                                   >> 1384           DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
929                                                   1385 
930           This algorithm is required for TKIP, !! 1386 config CRYPTO_DES_SPARC64
931           other purposes because of the weakne !! 1387         tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
                                                   >> 1388         depends on SPARC64
                                                   >> 1389         select CRYPTO_ALGAPI
                                                   >> 1390         select CRYPTO_DES
                                                   >> 1391         help
                                                   >> 1392           DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
                                                   >> 1393           optimized using SPARC64 crypto opcodes.
932                                                   1394 
933 config CRYPTO_POLYVAL                          !! 1395 config CRYPTO_DES3_EDE_X86_64
934         tristate                               !! 1396         tristate "Triple DES EDE cipher algorithm (x86-64)"
935         select CRYPTO_HASH                     !! 1397         depends on X86 && 64BIT
936         select CRYPTO_LIB_GF128MUL             !! 1398         select CRYPTO_BLKCIPHER
                                                   >> 1399         select CRYPTO_DES
937         help                                      1400         help
938           POLYVAL hash function for HCTR2      !! 1401           Triple DES EDE (FIPS 46-3) algorithm.
939                                                   1402 
940           This is used in HCTR2.  It is not a  !! 1403           This module provides implementation of the Triple DES EDE cipher
941           cryptographic hash function.         !! 1404           algorithm that is optimized for x86-64 processors. Two versions of
                                                   >> 1405           algorithm are provided; regular processing one input block and
                                                   >> 1406           one that processes three blocks parallel.
942                                                   1407 
943 config CRYPTO_POLY1305                         !! 1408 config CRYPTO_FCRYPT
944         tristate "Poly1305"                    !! 1409         tristate "FCrypt cipher algorithm"
945         select CRYPTO_HASH                     !! 1410         select CRYPTO_ALGAPI
946         select CRYPTO_LIB_POLY1305_GENERIC     !! 1411         select CRYPTO_BLKCIPHER
947         help                                      1412         help
948           Poly1305 authenticator algorithm (RF !! 1413           FCrypt algorithm used by RxRPC.
949                                                   1414 
950           Poly1305 is an authenticator algorit !! 1415 config CRYPTO_KHAZAD
951           It is used for the ChaCha20-Poly1305 !! 1416         tristate "Khazad cipher algorithm"
952           in IETF protocols. This is the porta !! 1417         select CRYPTO_ALGAPI
953                                                << 
954 config CRYPTO_RMD160                           << 
955         tristate "RIPEMD-160"                  << 
956         select CRYPTO_HASH                     << 
957         help                                      1418         help
958           RIPEMD-160 hash function (ISO/IEC 10 !! 1419           Khazad cipher algorithm.
959                                                   1420 
960           RIPEMD-160 is a 160-bit cryptographi !! 1421           Khazad was a finalist in the initial NESSIE competition.  It is
961           to be used as a secure replacement f !! 1422           an algorithm optimized for 64-bit processors with good performance
962           MD4, MD5 and its predecessor RIPEMD  !! 1423           on 32-bit processors.  Khazad uses an 128 bit key size.
963           (not to be confused with RIPEMD-128) << 
964                                                   1424 
965           Its speed is comparable to SHA-1 and !! 1425           See also:
966           against RIPEMD-160.                  !! 1426           <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
967                                                   1427 
968           Developed by Hans Dobbertin, Antoon  !! 1428 config CRYPTO_SALSA20
969           See https://homes.esat.kuleuven.be/~ !! 1429         tristate "Salsa20 stream cipher algorithm"
970           for further information.             !! 1430         select CRYPTO_BLKCIPHER
                                                   >> 1431         help
                                                   >> 1432           Salsa20 stream cipher algorithm.
971                                                   1433 
972 config CRYPTO_SHA1                             !! 1434           Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
973         tristate "SHA-1"                       !! 1435           Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
974         select CRYPTO_HASH                     !! 1436 
975         select CRYPTO_LIB_SHA1                 !! 1437           The Salsa20 stream cipher algorithm is designed by Daniel J.
                                                   >> 1438           Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
                                                   >> 1439 
                                                   >> 1440 config CRYPTO_CHACHA20
                                                   >> 1441         tristate "ChaCha20 cipher algorithm"
                                                   >> 1442         select CRYPTO_BLKCIPHER
976         help                                      1443         help
977           SHA-1 secure hash algorithm (FIPS 18 !! 1444           ChaCha20 cipher algorithm, RFC7539.
978                                                   1445 
979 config CRYPTO_SHA256                           !! 1446           ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
980         tristate "SHA-224 and SHA-256"         !! 1447           Bernstein and further specified in RFC7539 for use in IETF protocols.
981         select CRYPTO_HASH                     !! 1448           This is the portable C implementation of ChaCha20.
982         select CRYPTO_LIB_SHA256               !! 1449 
                                                   >> 1450           See also:
                                                   >> 1451           <http://cr.yp.to/chacha/chacha-20080128.pdf>
                                                   >> 1452 
                                                   >> 1453 config CRYPTO_CHACHA20_X86_64
                                                   >> 1454         tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
                                                   >> 1455         depends on X86 && 64BIT
                                                   >> 1456         select CRYPTO_BLKCIPHER
                                                   >> 1457         select CRYPTO_CHACHA20
983         help                                      1458         help
984           SHA-224 and SHA-256 secure hash algo !! 1459           ChaCha20 cipher algorithm, RFC7539.
985                                                   1460 
986           This is required for IPsec AH (XFRM_ !! 1461           ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
987           Used by the btrfs filesystem, Ceph,  !! 1462           Bernstein and further specified in RFC7539 for use in IETF protocols.
                                                   >> 1463           This is the x86_64 assembler implementation using SIMD instructions.
988                                                   1464 
989 config CRYPTO_SHA512                           !! 1465           See also:
990         tristate "SHA-384 and SHA-512"         !! 1466           <http://cr.yp.to/chacha/chacha-20080128.pdf>
991         select CRYPTO_HASH                     !! 1467 
                                                   >> 1468 config CRYPTO_SEED
                                                   >> 1469         tristate "SEED cipher algorithm"
                                                   >> 1470         select CRYPTO_ALGAPI
992         help                                      1471         help
993           SHA-384 and SHA-512 secure hash algo !! 1472           SEED cipher algorithm (RFC4269).
994                                                   1473 
995 config CRYPTO_SHA3                             !! 1474           SEED is a 128-bit symmetric key block cipher that has been
996         tristate "SHA-3"                       !! 1475           developed by KISA (Korea Information Security Agency) as a
997         select CRYPTO_HASH                     !! 1476           national standard encryption algorithm of the Republic of Korea.
                                                   >> 1477           It is a 16 round block cipher with the key size of 128 bit.
                                                   >> 1478 
                                                   >> 1479           See also:
                                                   >> 1480           <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
                                                   >> 1481 
                                                   >> 1482 config CRYPTO_SERPENT
                                                   >> 1483         tristate "Serpent cipher algorithm"
                                                   >> 1484         select CRYPTO_ALGAPI
998         help                                      1485         help
999           SHA-3 secure hash algorithms (FIPS 2 !! 1486           Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1000                                                  1487 
1001 config CRYPTO_SM3                             !! 1488           Keys are allowed to be from 0 to 256 bits in length, in steps
1002         tristate                              !! 1489           of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
                                                   >> 1490           variant of Serpent for compatibility with old kerneli.org code.
1003                                                  1491 
1004 config CRYPTO_SM3_GENERIC                     !! 1492           See also:
1005         tristate "SM3 (ShangMi 3)"            !! 1493           <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1006         select CRYPTO_HASH                    !! 1494 
1007         select CRYPTO_SM3                     !! 1495 config CRYPTO_SERPENT_SSE2_X86_64
                                                   >> 1496         tristate "Serpent cipher algorithm (x86_64/SSE2)"
                                                   >> 1497         depends on X86 && 64BIT
                                                   >> 1498         select CRYPTO_BLKCIPHER
                                                   >> 1499         select CRYPTO_GLUE_HELPER_X86
                                                   >> 1500         select CRYPTO_SERPENT
                                                   >> 1501         select CRYPTO_SIMD
1008         help                                     1502         help
1009           SM3 (ShangMi 3) secure hash functio !! 1503           Serpent cipher algorithm, by Anderson, Biham & Knudsen.
                                                   >> 1504 
                                                   >> 1505           Keys are allowed to be from 0 to 256 bits in length, in steps
                                                   >> 1506           of 8 bits.
1010                                                  1507 
1011           This is part of the Chinese Commerc !! 1508           This module provides Serpent cipher algorithm that processes eight
                                                   >> 1509           blocks parallel using SSE2 instruction set.
1012                                                  1510 
1013           References:                         !! 1511           See also:
1014           http://www.oscca.gov.cn/UpFile/2010 !! 1512           <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1015           https://datatracker.ietf.org/doc/ht << 
1016                                                  1513 
1017 config CRYPTO_STREEBOG                        !! 1514 config CRYPTO_SERPENT_SSE2_586
1018         tristate "Streebog"                   !! 1515         tristate "Serpent cipher algorithm (i586/SSE2)"
1019         select CRYPTO_HASH                    !! 1516         depends on X86 && !64BIT
                                                   >> 1517         select CRYPTO_BLKCIPHER
                                                   >> 1518         select CRYPTO_GLUE_HELPER_X86
                                                   >> 1519         select CRYPTO_SERPENT
                                                   >> 1520         select CRYPTO_SIMD
1020         help                                     1521         help
1021           Streebog Hash Function (GOST R 34.1 !! 1522           Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1022                                                  1523 
1023           This is one of the Russian cryptogr !! 1524           Keys are allowed to be from 0 to 256 bits in length, in steps
1024           GOST algorithms). This setting enab !! 1525           of 8 bits.
1025           256 and 512 bits output.            << 
1026                                                  1526 
1027           References:                         !! 1527           This module provides Serpent cipher algorithm that processes four
1028           https://tc26.ru/upload/iblock/fed/f !! 1528           blocks parallel using SSE2 instruction set.
1029           https://tools.ietf.org/html/rfc6986 << 
1030                                                  1529 
1031 config CRYPTO_VMAC                            !! 1530           See also:
1032         tristate "VMAC"                       !! 1531           <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1033         select CRYPTO_HASH                    !! 1532 
1034         select CRYPTO_MANAGER                 !! 1533 config CRYPTO_SERPENT_AVX_X86_64
                                                   >> 1534         tristate "Serpent cipher algorithm (x86_64/AVX)"
                                                   >> 1535         depends on X86 && 64BIT
                                                   >> 1536         select CRYPTO_BLKCIPHER
                                                   >> 1537         select CRYPTO_GLUE_HELPER_X86
                                                   >> 1538         select CRYPTO_SERPENT
                                                   >> 1539         select CRYPTO_SIMD
                                                   >> 1540         select CRYPTO_XTS
1035         help                                     1541         help
1036           VMAC is a message authentication al !! 1542           Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1037           very high speed on 64-bit architect << 
1038                                                  1543 
1039           See https://fastcrypto.org/vmac for !! 1544           Keys are allowed to be from 0 to 256 bits in length, in steps
                                                   >> 1545           of 8 bits.
1040                                                  1546 
1041 config CRYPTO_WP512                           !! 1547           This module provides the Serpent cipher algorithm that processes
1042         tristate "Whirlpool"                  !! 1548           eight blocks parallel using the AVX instruction set.
1043         select CRYPTO_HASH                    !! 1549 
                                                   >> 1550           See also:
                                                   >> 1551           <http://www.cl.cam.ac.uk/~rja14/serpent.html>
                                                   >> 1552 
                                                   >> 1553 config CRYPTO_SERPENT_AVX2_X86_64
                                                   >> 1554         tristate "Serpent cipher algorithm (x86_64/AVX2)"
                                                   >> 1555         depends on X86 && 64BIT
                                                   >> 1556         select CRYPTO_SERPENT_AVX_X86_64
1044         help                                     1557         help
1045           Whirlpool hash function (ISO/IEC 10 !! 1558           Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1046                                                  1559 
1047           512, 384 and 256-bit hashes.        !! 1560           Keys are allowed to be from 0 to 256 bits in length, in steps
                                                   >> 1561           of 8 bits.
1048                                                  1562 
1049           Whirlpool-512 is part of the NESSIE !! 1563           This module provides Serpent cipher algorithm that processes 16
                                                   >> 1564           blocks parallel using AVX2 instruction set.
1050                                                  1565 
1051           See https://web.archive.org/web/201 !! 1566           See also:
1052           for further information.            !! 1567           <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1053                                                  1568 
1054 config CRYPTO_XCBC                            !! 1569 config CRYPTO_SM4
1055         tristate "XCBC-MAC (Extended Cipher B !! 1570         tristate "SM4 cipher algorithm"
1056         select CRYPTO_HASH                    !! 1571         select CRYPTO_ALGAPI
1057         select CRYPTO_MANAGER                 << 
1058         help                                     1572         help
1059           XCBC-MAC (Extended Cipher Block Cha !! 1573           SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1060           Code) (RFC3566)                     << 
1061                                                  1574 
1062 config CRYPTO_XXHASH                          !! 1575           SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1063         tristate "xxHash"                     !! 1576           Organization of State Commercial Administration of China (OSCCA)
1064         select CRYPTO_HASH                    !! 1577           as an authorized cryptographic algorithms for the use within China.
1065         select XXHASH                         !! 1578 
                                                   >> 1579           SMS4 was originally created for use in protecting wireless
                                                   >> 1580           networks, and is mandated in the Chinese National Standard for
                                                   >> 1581           Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
                                                   >> 1582           (GB.15629.11-2003).
                                                   >> 1583 
                                                   >> 1584           The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
                                                   >> 1585           standardized through TC 260 of the Standardization Administration
                                                   >> 1586           of the People's Republic of China (SAC).
                                                   >> 1587 
                                                   >> 1588           The input, output, and key of SMS4 are each 128 bits.
                                                   >> 1589 
                                                   >> 1590           See also: <https://eprint.iacr.org/2008/329.pdf>
                                                   >> 1591 
                                                   >> 1592           If unsure, say N.
                                                   >> 1593 
                                                   >> 1594 config CRYPTO_TEA
                                                   >> 1595         tristate "TEA, XTEA and XETA cipher algorithms"
                                                   >> 1596         select CRYPTO_ALGAPI
1066         help                                     1597         help
1067           xxHash non-cryptographic hash algor !! 1598           TEA cipher algorithm.
1068                                                  1599 
1069           Extremely fast, working at speeds c !! 1600           Tiny Encryption Algorithm is a simple cipher that uses
                                                   >> 1601           many rounds for security.  It is very fast and uses
                                                   >> 1602           little memory.
1070                                                  1603 
1071           Used by the btrfs filesystem.       !! 1604           Xtendend Tiny Encryption Algorithm is a modification to
                                                   >> 1605           the TEA algorithm to address a potential key weakness
                                                   >> 1606           in the TEA algorithm.
1072                                                  1607 
1073 endmenu                                       !! 1608           Xtendend Encryption Tiny Algorithm is a mis-implementation
                                                   >> 1609           of the XTEA algorithm for compatibility purposes.
1074                                                  1610 
1075 menu "CRCs (cyclic redundancy checks)"        !! 1611 config CRYPTO_TWOFISH
                                                   >> 1612         tristate "Twofish cipher algorithm"
                                                   >> 1613         select CRYPTO_ALGAPI
                                                   >> 1614         select CRYPTO_TWOFISH_COMMON
                                                   >> 1615         help
                                                   >> 1616           Twofish cipher algorithm.
1076                                                  1617 
1077 config CRYPTO_CRC32C                          !! 1618           Twofish was submitted as an AES (Advanced Encryption Standard)
1078         tristate "CRC32c"                     !! 1619           candidate cipher by researchers at CounterPane Systems.  It is a
1079         select CRYPTO_HASH                    !! 1620           16 round block cipher supporting key sizes of 128, 192, and 256
1080         select CRC32                          !! 1621           bits.
                                                   >> 1622 
                                                   >> 1623           See also:
                                                   >> 1624           <http://www.schneier.com/twofish.html>
                                                   >> 1625 
                                                   >> 1626 config CRYPTO_TWOFISH_COMMON
                                                   >> 1627         tristate
                                                   >> 1628         help
                                                   >> 1629           Common parts of the Twofish cipher algorithm shared by the
                                                   >> 1630           generic c and the assembler implementations.
                                                   >> 1631 
                                                   >> 1632 config CRYPTO_TWOFISH_586
                                                   >> 1633         tristate "Twofish cipher algorithms (i586)"
                                                   >> 1634         depends on (X86 || UML_X86) && !64BIT
                                                   >> 1635         select CRYPTO_ALGAPI
                                                   >> 1636         select CRYPTO_TWOFISH_COMMON
1081         help                                     1637         help
1082           CRC32c CRC algorithm with the iSCSI !! 1638           Twofish cipher algorithm.
1083                                                  1639 
1084           A 32-bit CRC (cyclic redundancy che !! 1640           Twofish was submitted as an AES (Advanced Encryption Standard)
1085           by G. Castagnoli, S. Braeuer and M. !! 1641           candidate cipher by researchers at CounterPane Systems.  It is a
1086           Redundancy-Check Codes with 24 and  !! 1642           16 round block cipher supporting key sizes of 128, 192, and 256
1087           on Communications, Vol. 41, No. 6,  !! 1643           bits.
1088           iSCSI.                              << 
1089                                                  1644 
1090           Used by btrfs, ext4, jbd2, NVMeoF/T !! 1645           See also:
                                                   >> 1646           <http://www.schneier.com/twofish.html>
1091                                                  1647 
1092 config CRYPTO_CRC32                           !! 1648 config CRYPTO_TWOFISH_X86_64
1093         tristate "CRC32"                      !! 1649         tristate "Twofish cipher algorithm (x86_64)"
1094         select CRYPTO_HASH                    !! 1650         depends on (X86 || UML_X86) && 64BIT
1095         select CRC32                          !! 1651         select CRYPTO_ALGAPI
                                                   >> 1652         select CRYPTO_TWOFISH_COMMON
1096         help                                     1653         help
1097           CRC32 CRC algorithm (IEEE 802.3)    !! 1654           Twofish cipher algorithm (x86_64).
                                                   >> 1655 
                                                   >> 1656           Twofish was submitted as an AES (Advanced Encryption Standard)
                                                   >> 1657           candidate cipher by researchers at CounterPane Systems.  It is a
                                                   >> 1658           16 round block cipher supporting key sizes of 128, 192, and 256
                                                   >> 1659           bits.
1098                                                  1660 
1099           Used by RoCEv2 and f2fs.            !! 1661           See also:
                                                   >> 1662           <http://www.schneier.com/twofish.html>
1100                                                  1663 
1101 config CRYPTO_CRCT10DIF                       !! 1664 config CRYPTO_TWOFISH_X86_64_3WAY
1102         tristate "CRCT10DIF"                  !! 1665         tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1103         select CRYPTO_HASH                    !! 1666         depends on X86 && 64BIT
                                                   >> 1667         select CRYPTO_BLKCIPHER
                                                   >> 1668         select CRYPTO_TWOFISH_COMMON
                                                   >> 1669         select CRYPTO_TWOFISH_X86_64
                                                   >> 1670         select CRYPTO_GLUE_HELPER_X86
1104         help                                     1671         help
1105           CRC16 CRC algorithm used for the T1 !! 1672           Twofish cipher algorithm (x86_64, 3-way parallel).
1106                                                  1673 
1107           CRC algorithm used by the SCSI Bloc !! 1674           Twofish was submitted as an AES (Advanced Encryption Standard)
                                                   >> 1675           candidate cipher by researchers at CounterPane Systems.  It is a
                                                   >> 1676           16 round block cipher supporting key sizes of 128, 192, and 256
                                                   >> 1677           bits.
1108                                                  1678 
1109 config CRYPTO_CRC64_ROCKSOFT                  !! 1679           This module provides Twofish cipher algorithm that processes three
1110         tristate "CRC64 based on Rocksoft Mod !! 1680           blocks parallel, utilizing resources of out-of-order CPUs better.
1111         depends on CRC64                      !! 1681 
1112         select CRYPTO_HASH                    !! 1682           See also:
                                                   >> 1683           <http://www.schneier.com/twofish.html>
                                                   >> 1684 
                                                   >> 1685 config CRYPTO_TWOFISH_AVX_X86_64
                                                   >> 1686         tristate "Twofish cipher algorithm (x86_64/AVX)"
                                                   >> 1687         depends on X86 && 64BIT
                                                   >> 1688         select CRYPTO_BLKCIPHER
                                                   >> 1689         select CRYPTO_GLUE_HELPER_X86
                                                   >> 1690         select CRYPTO_SIMD
                                                   >> 1691         select CRYPTO_TWOFISH_COMMON
                                                   >> 1692         select CRYPTO_TWOFISH_X86_64
                                                   >> 1693         select CRYPTO_TWOFISH_X86_64_3WAY
1113         help                                     1694         help
1114           CRC64 CRC algorithm based on the Ro !! 1695           Twofish cipher algorithm (x86_64/AVX).
1115                                                  1696 
1116           Used by the NVMe implementation of  !! 1697           Twofish was submitted as an AES (Advanced Encryption Standard)
                                                   >> 1698           candidate cipher by researchers at CounterPane Systems.  It is a
                                                   >> 1699           16 round block cipher supporting key sizes of 128, 192, and 256
                                                   >> 1700           bits.
1117                                                  1701 
1118           See https://zlib.net/crc_v3.txt     !! 1702           This module provides the Twofish cipher algorithm that processes
                                                   >> 1703           eight blocks parallel using the AVX Instruction Set.
1119                                                  1704 
1120 endmenu                                       !! 1705           See also:
                                                   >> 1706           <http://www.schneier.com/twofish.html>
1121                                                  1707 
1122 menu "Compression"                            !! 1708 comment "Compression"
1123                                                  1709 
1124 config CRYPTO_DEFLATE                            1710 config CRYPTO_DEFLATE
1125         tristate "Deflate"                    !! 1711         tristate "Deflate compression algorithm"
1126         select CRYPTO_ALGAPI                     1712         select CRYPTO_ALGAPI
1127         select CRYPTO_ACOMP2                     1713         select CRYPTO_ACOMP2
1128         select ZLIB_INFLATE                      1714         select ZLIB_INFLATE
1129         select ZLIB_DEFLATE                      1715         select ZLIB_DEFLATE
1130         help                                     1716         help
1131           Deflate compression algorithm (RFC1 !! 1717           This is the Deflate algorithm (RFC1951), specified for use in
                                                   >> 1718           IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1132                                                  1719 
1133           Used by IPSec with the IPCOMP proto !! 1720           You will most probably want this if using IPSec.
1134                                                  1721 
1135 config CRYPTO_LZO                                1722 config CRYPTO_LZO
1136         tristate "LZO"                        !! 1723         tristate "LZO compression algorithm"
1137         select CRYPTO_ALGAPI                     1724         select CRYPTO_ALGAPI
1138         select CRYPTO_ACOMP2                     1725         select CRYPTO_ACOMP2
1139         select LZO_COMPRESS                      1726         select LZO_COMPRESS
1140         select LZO_DECOMPRESS                    1727         select LZO_DECOMPRESS
1141         help                                     1728         help
1142           LZO compression algorithm           !! 1729           This is the LZO algorithm.
1143                                               << 
1144           See https://www.oberhumer.com/opens << 
1145                                                  1730 
1146 config CRYPTO_842                                1731 config CRYPTO_842
1147         tristate "842"                        !! 1732         tristate "842 compression algorithm"
1148         select CRYPTO_ALGAPI                     1733         select CRYPTO_ALGAPI
1149         select CRYPTO_ACOMP2                     1734         select CRYPTO_ACOMP2
1150         select 842_COMPRESS                      1735         select 842_COMPRESS
1151         select 842_DECOMPRESS                    1736         select 842_DECOMPRESS
1152         help                                     1737         help
1153           842 compression algorithm by IBM    !! 1738           This is the 842 algorithm.
1154                                               << 
1155           See https://github.com/plauth/lib84 << 
1156                                                  1739 
1157 config CRYPTO_LZ4                                1740 config CRYPTO_LZ4
1158         tristate "LZ4"                        !! 1741         tristate "LZ4 compression algorithm"
1159         select CRYPTO_ALGAPI                     1742         select CRYPTO_ALGAPI
1160         select CRYPTO_ACOMP2                     1743         select CRYPTO_ACOMP2
1161         select LZ4_COMPRESS                      1744         select LZ4_COMPRESS
1162         select LZ4_DECOMPRESS                    1745         select LZ4_DECOMPRESS
1163         help                                     1746         help
1164           LZ4 compression algorithm           !! 1747           This is the LZ4 algorithm.
1165                                               << 
1166           See https://github.com/lz4/lz4 for  << 
1167                                                  1748 
1168 config CRYPTO_LZ4HC                              1749 config CRYPTO_LZ4HC
1169         tristate "LZ4HC"                      !! 1750         tristate "LZ4HC compression algorithm"
1170         select CRYPTO_ALGAPI                     1751         select CRYPTO_ALGAPI
1171         select CRYPTO_ACOMP2                     1752         select CRYPTO_ACOMP2
1172         select LZ4HC_COMPRESS                    1753         select LZ4HC_COMPRESS
1173         select LZ4_DECOMPRESS                    1754         select LZ4_DECOMPRESS
1174         help                                     1755         help
1175           LZ4 high compression mode algorithm !! 1756           This is the LZ4 high compression mode algorithm.
1176                                               << 
1177           See https://github.com/lz4/lz4 for  << 
1178                                                  1757 
1179 config CRYPTO_ZSTD                               1758 config CRYPTO_ZSTD
1180         tristate "Zstd"                       !! 1759         tristate "Zstd compression algorithm"
1181         select CRYPTO_ALGAPI                     1760         select CRYPTO_ALGAPI
1182         select CRYPTO_ACOMP2                     1761         select CRYPTO_ACOMP2
1183         select ZSTD_COMPRESS                     1762         select ZSTD_COMPRESS
1184         select ZSTD_DECOMPRESS                   1763         select ZSTD_DECOMPRESS
1185         help                                     1764         help
1186           zstd compression algorithm          !! 1765           This is the zstd algorithm.
1187                                                  1766 
1188           See https://github.com/facebook/zst !! 1767 comment "Random Number Generation"
1189                                               << 
1190 endmenu                                       << 
1191                                               << 
1192 menu "Random number generation"               << 
1193                                                  1768 
1194 config CRYPTO_ANSI_CPRNG                         1769 config CRYPTO_ANSI_CPRNG
1195         tristate "ANSI PRNG (Pseudo Random Nu !! 1770         tristate "Pseudo Random Number Generation for Cryptographic modules"
1196         select CRYPTO_AES                        1771         select CRYPTO_AES
1197         select CRYPTO_RNG                        1772         select CRYPTO_RNG
1198         help                                     1773         help
1199           Pseudo RNG (random number generator !! 1774           This option enables the generic pseudo random number generator
1200                                               !! 1775           for cryptographic modules.  Uses the Algorithm specified in
1201           This uses the AES cipher algorithm. !! 1776           ANSI X9.31 A.2.4. Note that this option must be enabled if
1202                                               !! 1777           CRYPTO_FIPS is selected
1203           Note that this option must be enabl << 
1204                                                  1778 
1205 menuconfig CRYPTO_DRBG_MENU                      1779 menuconfig CRYPTO_DRBG_MENU
1206         tristate "NIST SP800-90A DRBG (Determ !! 1780         tristate "NIST SP800-90A DRBG"
1207         help                                     1781         help
1208           DRBG (Deterministic Random Bit Gene !! 1782           NIST SP800-90A compliant DRBG. In the following submenu, one or
1209                                               !! 1783           more of the DRBG types must be selected.
1210           In the following submenu, one or mo << 
1211                                                  1784 
1212 if CRYPTO_DRBG_MENU                              1785 if CRYPTO_DRBG_MENU
1213                                                  1786 
1214 config CRYPTO_DRBG_HMAC                          1787 config CRYPTO_DRBG_HMAC
1215         bool                                     1788         bool
1216         default y                                1789         default y
1217         select CRYPTO_HMAC                       1790         select CRYPTO_HMAC
1218         select CRYPTO_SHA512                  !! 1791         select CRYPTO_SHA256
1219                                                  1792 
1220 config CRYPTO_DRBG_HASH                          1793 config CRYPTO_DRBG_HASH
1221         bool "Hash_DRBG"                      !! 1794         bool "Enable Hash DRBG"
1222         select CRYPTO_SHA256                     1795         select CRYPTO_SHA256
1223         help                                     1796         help
1224           Hash_DRBG variant as defined in NIS !! 1797           Enable the Hash DRBG variant as defined in NIST SP800-90A.
1225                                               << 
1226           This uses the SHA-1, SHA-256, SHA-3 << 
1227                                                  1798 
1228 config CRYPTO_DRBG_CTR                           1799 config CRYPTO_DRBG_CTR
1229         bool "CTR_DRBG"                       !! 1800         bool "Enable CTR DRBG"
1230         select CRYPTO_AES                        1801         select CRYPTO_AES
1231         select CRYPTO_CTR                     !! 1802         depends on CRYPTO_CTR
1232         help                                     1803         help
1233           CTR_DRBG variant as defined in NIST !! 1804           Enable the CTR DRBG variant as defined in NIST SP800-90A.
1234                                               << 
1235           This uses the AES cipher algorithm  << 
1236                                                  1805 
1237 config CRYPTO_DRBG                               1806 config CRYPTO_DRBG
1238         tristate                                 1807         tristate
1239         default CRYPTO_DRBG_MENU                 1808         default CRYPTO_DRBG_MENU
1240         select CRYPTO_RNG                        1809         select CRYPTO_RNG
1241         select CRYPTO_JITTERENTROPY              1810         select CRYPTO_JITTERENTROPY
1242                                                  1811 
1243 endif   # if CRYPTO_DRBG_MENU                    1812 endif   # if CRYPTO_DRBG_MENU
1244                                                  1813 
1245 config CRYPTO_JITTERENTROPY                      1814 config CRYPTO_JITTERENTROPY
1246         tristate "CPU Jitter Non-Deterministi !! 1815         tristate "Jitterentropy Non-Deterministic Random Number Generator"
1247         select CRYPTO_RNG                        1816         select CRYPTO_RNG
1248         select CRYPTO_SHA3                    << 
1249         help                                     1817         help
1250           CPU Jitter RNG (Random Number Gener !! 1818           The Jitterentropy RNG is a noise that is intended
1251                                               !! 1819           to provide seed to another RNG. The RNG does not
1252           A non-physical non-deterministic (" !! 1820           perform any cryptographic whitening of the generated
1253           compliant with NIST SP800-90B) inte !! 1821           random numbers. This Jitterentropy RNG registers with
1254           deterministic RNG (e.g., per NIST S !! 1822           the kernel crypto API and can be used by any caller.
1255           This RNG does not perform any crypt << 
1256           random numbers.                     << 
1257                                               << 
1258           See https://www.chronox.de/jent/    << 
1259                                               << 
1260 if CRYPTO_JITTERENTROPY                       << 
1261 if CRYPTO_FIPS && EXPERT                      << 
1262                                               << 
1263 choice                                        << 
1264         prompt "CPU Jitter RNG Memory Size"   << 
1265         default CRYPTO_JITTERENTROPY_MEMSIZE_ << 
1266         help                                  << 
1267           The Jitter RNG measures the executi << 
1268           Multiple consecutive memory accesse << 
1269           size fits into a cache (e.g. L1), o << 
1270           to that cache is measured. The clos << 
1271           the less variations are measured an << 
1272           obtained. Thus, if the memory size  << 
1273           obtained entropy is less than if th << 
1274           L1 + L2, which in turn is less if t << 
1275           L1 + L2 + L3. Thus, by selecting a  << 
1276           the entropy rate produced by the Ji << 
1277                                               << 
1278         config CRYPTO_JITTERENTROPY_MEMSIZE_2 << 
1279                 bool "2048 Bytes (default)"   << 
1280                                               << 
1281         config CRYPTO_JITTERENTROPY_MEMSIZE_1 << 
1282                 bool "128 kBytes"             << 
1283                                               << 
1284         config CRYPTO_JITTERENTROPY_MEMSIZE_1 << 
1285                 bool "1024 kBytes"            << 
1286                                               << 
1287         config CRYPTO_JITTERENTROPY_MEMSIZE_8 << 
1288                 bool "8192 kBytes"            << 
1289 endchoice                                     << 
1290                                               << 
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS     << 
1292         int                                   << 
1293         default 64 if CRYPTO_JITTERENTROPY_ME << 
1294         default 512 if CRYPTO_JITTERENTROPY_M << 
1295         default 1024 if CRYPTO_JITTERENTROPY_ << 
1296         default 4096 if CRYPTO_JITTERENTROPY_ << 
1297                                               << 
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE  << 
1299         int                                   << 
1300         default 32 if CRYPTO_JITTERENTROPY_ME << 
1301         default 256 if CRYPTO_JITTERENTROPY_M << 
1302         default 1024 if CRYPTO_JITTERENTROPY_ << 
1303         default 2048 if CRYPTO_JITTERENTROPY_ << 
1304                                               << 
1305 config CRYPTO_JITTERENTROPY_OSR               << 
1306         int "CPU Jitter RNG Oversampling Rate << 
1307         range 1 15                            << 
1308         default 3                             << 
1309         help                                  << 
1310           The Jitter RNG allows the specifica << 
1311           The Jitter RNG operation requires a << 
1312           measurements to produce one output  << 
1313           OSR value is multiplied with the am << 
1314           generate one output block. Thus, th << 
1315           by the OSR factor. The oversampling << 
1316           on hardware whose timers deliver li << 
1317           the timer is coarse) by setting the << 
1318           trade-off, however, is that the Jit << 
1319           to generate random numbers.         << 
1320                                               << 
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE     << 
1322         bool "CPU Jitter RNG Test Interface"  << 
1323         help                                  << 
1324           The test interface allows a privile << 
1325           the raw unconditioned high resoluti << 
1326           is collected by the Jitter RNG for  << 
1327           this data is used at the same time  << 
1328           the Jitter RNG operates in an insec << 
1329           recording is enabled. This interfac << 
1330           intended for testing purposes and i << 
1331           production systems.                 << 
1332                                               << 
1333           The raw noise data can be obtained  << 
1334           debugfs file. Using the option      << 
1335           jitterentropy_testing.boot_raw_hire << 
1336           the first 1000 entropy events since << 
1337                                               << 
1338           If unsure, select N.                << 
1339                                               << 
1340 endif   # if CRYPTO_FIPS && EXPERT            << 
1341                                               << 
1342 if !(CRYPTO_FIPS && EXPERT)                   << 
1343                                               << 
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS     << 
1345         int                                   << 
1346         default 64                            << 
1347                                               << 
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE  << 
1349         int                                   << 
1350         default 32                            << 
1351                                               << 
1352 config CRYPTO_JITTERENTROPY_OSR               << 
1353         int                                   << 
1354         default 1                             << 
1355                                               << 
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE     << 
1357         bool                                  << 
1358                                               << 
1359 endif   # if !(CRYPTO_FIPS && EXPERT)         << 
1360 endif   # if CRYPTO_JITTERENTROPY             << 
1361                                               << 
1362 config CRYPTO_KDF800108_CTR                   << 
1363         tristate                              << 
1364         select CRYPTO_HMAC                    << 
1365         select CRYPTO_SHA256                  << 
1366                                               << 
1367 endmenu                                       << 
1368 menu "Userspace interface"                    << 
1369                                                  1823 
1370 config CRYPTO_USER_API                           1824 config CRYPTO_USER_API
1371         tristate                                 1825         tristate
1372                                                  1826 
1373 config CRYPTO_USER_API_HASH                      1827 config CRYPTO_USER_API_HASH
1374         tristate "Hash algorithms"            !! 1828         tristate "User-space interface for hash algorithms"
1375         depends on NET                           1829         depends on NET
1376         select CRYPTO_HASH                       1830         select CRYPTO_HASH
1377         select CRYPTO_USER_API                   1831         select CRYPTO_USER_API
1378         help                                     1832         help
1379           Enable the userspace interface for  !! 1833           This option enables the user-spaces interface for hash
1380                                               !! 1834           algorithms.
1381           See Documentation/crypto/userspace- << 
1382           https://www.chronox.de/libkcapi/htm << 
1383                                                  1835 
1384 config CRYPTO_USER_API_SKCIPHER                  1836 config CRYPTO_USER_API_SKCIPHER
1385         tristate "Symmetric key cipher algori !! 1837         tristate "User-space interface for symmetric key cipher algorithms"
1386         depends on NET                           1838         depends on NET
1387         select CRYPTO_SKCIPHER                !! 1839         select CRYPTO_BLKCIPHER
1388         select CRYPTO_USER_API                   1840         select CRYPTO_USER_API
1389         help                                     1841         help
1390           Enable the userspace interface for  !! 1842           This option enables the user-spaces interface for symmetric
1391                                               !! 1843           key cipher algorithms.
1392           See Documentation/crypto/userspace- << 
1393           https://www.chronox.de/libkcapi/htm << 
1394                                                  1844 
1395 config CRYPTO_USER_API_RNG                       1845 config CRYPTO_USER_API_RNG
1396         tristate "RNG (random number generato !! 1846         tristate "User-space interface for random number generator algorithms"
1397         depends on NET                           1847         depends on NET
1398         select CRYPTO_RNG                        1848         select CRYPTO_RNG
1399         select CRYPTO_USER_API                   1849         select CRYPTO_USER_API
1400         help                                     1850         help
1401           Enable the userspace interface for  !! 1851           This option enables the user-spaces interface for random
1402           algorithms.                         !! 1852           number generator algorithms.
1403                                               << 
1404           See Documentation/crypto/userspace- << 
1405           https://www.chronox.de/libkcapi/htm << 
1406                                               << 
1407 config CRYPTO_USER_API_RNG_CAVP               << 
1408         bool "Enable CAVP testing of DRBG"    << 
1409         depends on CRYPTO_USER_API_RNG && CRY << 
1410         help                                  << 
1411           Enable extra APIs in the userspace  << 
1412           (Cryptographic Algorithm Validation << 
1413           - resetting DRBG entropy            << 
1414           - providing Additional Data         << 
1415                                               << 
1416           This should only be enabled for CAV << 
1417           no unless you know what this is.    << 
1418                                                  1853 
1419 config CRYPTO_USER_API_AEAD                      1854 config CRYPTO_USER_API_AEAD
1420         tristate "AEAD cipher algorithms"     !! 1855         tristate "User-space interface for AEAD cipher algorithms"
1421         depends on NET                           1856         depends on NET
1422         select CRYPTO_AEAD                       1857         select CRYPTO_AEAD
1423         select CRYPTO_SKCIPHER                !! 1858         select CRYPTO_BLKCIPHER
1424         select CRYPTO_NULL                       1859         select CRYPTO_NULL
1425         select CRYPTO_USER_API                   1860         select CRYPTO_USER_API
1426         help                                     1861         help
1427           Enable the userspace interface for  !! 1862           This option enables the user-spaces interface for AEAD
1428                                               !! 1863           cipher algorithms.
1429           See Documentation/crypto/userspace- << 
1430           https://www.chronox.de/libkcapi/htm << 
1431                                               << 
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE        << 
1433         bool "Obsolete cryptographic algorith << 
1434         depends on CRYPTO_USER_API            << 
1435         default y                             << 
1436         help                                  << 
1437           Allow obsolete cryptographic algori << 
1438           already been phased out from intern << 
1439           only useful for userspace clients t << 
1440                                               << 
1441 endmenu                                       << 
1442                                                  1864 
1443 config CRYPTO_HASH_INFO                          1865 config CRYPTO_HASH_INFO
1444         bool                                     1866         bool
1445                                                  1867 
1446 if !KMSAN # avoid false positives from assemb << 
1447 if ARM                                        << 
1448 source "arch/arm/crypto/Kconfig"              << 
1449 endif                                         << 
1450 if ARM64                                      << 
1451 source "arch/arm64/crypto/Kconfig"            << 
1452 endif                                         << 
1453 if LOONGARCH                                  << 
1454 source "arch/loongarch/crypto/Kconfig"        << 
1455 endif                                         << 
1456 if MIPS                                       << 
1457 source "arch/mips/crypto/Kconfig"             << 
1458 endif                                         << 
1459 if PPC                                        << 
1460 source "arch/powerpc/crypto/Kconfig"          << 
1461 endif                                         << 
1462 if RISCV                                      << 
1463 source "arch/riscv/crypto/Kconfig"            << 
1464 endif                                         << 
1465 if S390                                       << 
1466 source "arch/s390/crypto/Kconfig"             << 
1467 endif                                         << 
1468 if SPARC                                      << 
1469 source "arch/sparc/crypto/Kconfig"            << 
1470 endif                                         << 
1471 if X86                                        << 
1472 source "arch/x86/crypto/Kconfig"              << 
1473 endif                                         << 
1474 endif                                         << 
1475                                               << 
1476 source "drivers/crypto/Kconfig"                  1868 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig"       !! 1869 source crypto/asymmetric_keys/Kconfig
1478 source "certs/Kconfig"                        !! 1870 source certs/Kconfig
1479                                                  1871 
1480 endif   # if CRYPTO                              1872 endif   # if CRYPTO
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php