1 # SPDX-License-Identifier: GPL-2.0 1 # SPDX-License-Identifier: GPL-2.0
2 # 2 #
3 # Generic algorithms support 3 # Generic algorithms support
4 # 4 #
5 config XOR_BLOCKS 5 config XOR_BLOCKS
6 tristate 6 tristate
7 7
8 # 8 #
9 # async_tx api: hardware offloaded memory tran 9 # async_tx api: hardware offloaded memory transfer/transform support
10 # 10 #
11 source "crypto/async_tx/Kconfig" 11 source "crypto/async_tx/Kconfig"
12 12
13 # 13 #
14 # Cryptographic API Configuration 14 # Cryptographic API Configuration
15 # 15 #
16 menuconfig CRYPTO 16 menuconfig CRYPTO
17 tristate "Cryptographic API" 17 tristate "Cryptographic API"
18 select CRYPTO_LIB_UTILS <<
19 help 18 help
20 This option provides the core Crypto 19 This option provides the core Cryptographic API.
21 20
22 if CRYPTO 21 if CRYPTO
23 22
24 menu "Crypto core or helper" !! 23 comment "Crypto core or helper"
25 24
26 config CRYPTO_FIPS 25 config CRYPTO_FIPS
27 bool "FIPS 200 compliance" 26 bool "FIPS 200 compliance"
28 depends on (CRYPTO_ANSI_CPRNG || CRYPT 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
29 depends on (MODULE_SIG || !MODULES) 28 depends on (MODULE_SIG || !MODULES)
30 help 29 help
31 This option enables the fips boot op 30 This option enables the fips boot option which is
32 required if you want the system to o 31 required if you want the system to operate in a FIPS 200
33 certification. You should say no un 32 certification. You should say no unless you know what
34 this is. 33 this is.
35 34
36 config CRYPTO_FIPS_NAME <<
37 string "FIPS Module Name" <<
38 default "Linux Kernel Cryptographic AP <<
39 depends on CRYPTO_FIPS <<
40 help <<
41 This option sets the FIPS Module nam <<
42 the /proc/sys/crypto/fips_name file. <<
43 <<
44 config CRYPTO_FIPS_CUSTOM_VERSION <<
45 bool "Use Custom FIPS Module Version" <<
46 depends on CRYPTO_FIPS <<
47 default n <<
48 <<
49 config CRYPTO_FIPS_VERSION <<
50 string "FIPS Module Version" <<
51 default "(none)" <<
52 depends on CRYPTO_FIPS_CUSTOM_VERSION <<
53 help <<
54 This option provides the ability to <<
55 By default the KERNELRELEASE value i <<
56 <<
57 config CRYPTO_ALGAPI 35 config CRYPTO_ALGAPI
58 tristate 36 tristate
59 select CRYPTO_ALGAPI2 37 select CRYPTO_ALGAPI2
60 help 38 help
61 This option provides the API for cry 39 This option provides the API for cryptographic algorithms.
62 40
63 config CRYPTO_ALGAPI2 41 config CRYPTO_ALGAPI2
64 tristate 42 tristate
65 43
66 config CRYPTO_AEAD 44 config CRYPTO_AEAD
67 tristate 45 tristate
68 select CRYPTO_AEAD2 46 select CRYPTO_AEAD2
69 select CRYPTO_ALGAPI 47 select CRYPTO_ALGAPI
70 48
71 config CRYPTO_AEAD2 49 config CRYPTO_AEAD2
72 tristate 50 tristate
73 select CRYPTO_ALGAPI2 51 select CRYPTO_ALGAPI2
>> 52 select CRYPTO_NULL2
>> 53 select CRYPTO_RNG2
74 54
75 config CRYPTO_SIG !! 55 config CRYPTO_BLKCIPHER
76 tristate <<
77 select CRYPTO_SIG2 <<
78 select CRYPTO_ALGAPI <<
79 <<
80 config CRYPTO_SIG2 <<
81 tristate <<
82 select CRYPTO_ALGAPI2 <<
83 <<
84 config CRYPTO_SKCIPHER <<
85 tristate 56 tristate
86 select CRYPTO_SKCIPHER2 !! 57 select CRYPTO_BLKCIPHER2
87 select CRYPTO_ALGAPI 58 select CRYPTO_ALGAPI
88 select CRYPTO_ECB <<
89 59
90 config CRYPTO_SKCIPHER2 !! 60 config CRYPTO_BLKCIPHER2
91 tristate 61 tristate
92 select CRYPTO_ALGAPI2 62 select CRYPTO_ALGAPI2
>> 63 select CRYPTO_RNG2
93 64
94 config CRYPTO_HASH 65 config CRYPTO_HASH
95 tristate 66 tristate
96 select CRYPTO_HASH2 67 select CRYPTO_HASH2
97 select CRYPTO_ALGAPI 68 select CRYPTO_ALGAPI
98 69
99 config CRYPTO_HASH2 70 config CRYPTO_HASH2
100 tristate 71 tristate
101 select CRYPTO_ALGAPI2 72 select CRYPTO_ALGAPI2
102 73
103 config CRYPTO_RNG 74 config CRYPTO_RNG
104 tristate 75 tristate
105 select CRYPTO_RNG2 76 select CRYPTO_RNG2
106 select CRYPTO_ALGAPI 77 select CRYPTO_ALGAPI
107 78
108 config CRYPTO_RNG2 79 config CRYPTO_RNG2
109 tristate 80 tristate
110 select CRYPTO_ALGAPI2 81 select CRYPTO_ALGAPI2
111 82
112 config CRYPTO_RNG_DEFAULT 83 config CRYPTO_RNG_DEFAULT
113 tristate 84 tristate
114 select CRYPTO_DRBG_MENU 85 select CRYPTO_DRBG_MENU
115 86
116 config CRYPTO_AKCIPHER2 87 config CRYPTO_AKCIPHER2
117 tristate 88 tristate
118 select CRYPTO_ALGAPI2 89 select CRYPTO_ALGAPI2
119 90
120 config CRYPTO_AKCIPHER 91 config CRYPTO_AKCIPHER
121 tristate 92 tristate
122 select CRYPTO_AKCIPHER2 93 select CRYPTO_AKCIPHER2
123 select CRYPTO_ALGAPI 94 select CRYPTO_ALGAPI
124 95
125 config CRYPTO_KPP2 96 config CRYPTO_KPP2
126 tristate 97 tristate
127 select CRYPTO_ALGAPI2 98 select CRYPTO_ALGAPI2
128 99
129 config CRYPTO_KPP 100 config CRYPTO_KPP
130 tristate 101 tristate
131 select CRYPTO_ALGAPI 102 select CRYPTO_ALGAPI
132 select CRYPTO_KPP2 103 select CRYPTO_KPP2
133 104
134 config CRYPTO_ACOMP2 105 config CRYPTO_ACOMP2
135 tristate 106 tristate
136 select CRYPTO_ALGAPI2 107 select CRYPTO_ALGAPI2
137 select SGL_ALLOC 108 select SGL_ALLOC
138 109
139 config CRYPTO_ACOMP 110 config CRYPTO_ACOMP
140 tristate 111 tristate
141 select CRYPTO_ALGAPI 112 select CRYPTO_ALGAPI
142 select CRYPTO_ACOMP2 113 select CRYPTO_ACOMP2
143 114
144 config CRYPTO_MANAGER 115 config CRYPTO_MANAGER
145 tristate "Cryptographic algorithm mana 116 tristate "Cryptographic algorithm manager"
146 select CRYPTO_MANAGER2 117 select CRYPTO_MANAGER2
147 help 118 help
148 Create default cryptographic templat 119 Create default cryptographic template instantiations such as
149 cbc(aes). 120 cbc(aes).
150 121
151 config CRYPTO_MANAGER2 122 config CRYPTO_MANAGER2
152 def_tristate CRYPTO_MANAGER || (CRYPTO 123 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153 select CRYPTO_ACOMP2 <<
154 select CRYPTO_AEAD2 124 select CRYPTO_AEAD2
155 select CRYPTO_AKCIPHER2 <<
156 select CRYPTO_SIG2 <<
157 select CRYPTO_HASH2 125 select CRYPTO_HASH2
>> 126 select CRYPTO_BLKCIPHER2
>> 127 select CRYPTO_AKCIPHER2
158 select CRYPTO_KPP2 128 select CRYPTO_KPP2
159 select CRYPTO_RNG2 !! 129 select CRYPTO_ACOMP2
160 select CRYPTO_SKCIPHER2 <<
161 130
162 config CRYPTO_USER 131 config CRYPTO_USER
163 tristate "Userspace cryptographic algo 132 tristate "Userspace cryptographic algorithm configuration"
164 depends on NET 133 depends on NET
165 select CRYPTO_MANAGER 134 select CRYPTO_MANAGER
166 help 135 help
167 Userspace configuration for cryptogr 136 Userspace configuration for cryptographic instantiations such as
168 cbc(aes). 137 cbc(aes).
169 138
>> 139 if CRYPTO_MANAGER2
>> 140
170 config CRYPTO_MANAGER_DISABLE_TESTS 141 config CRYPTO_MANAGER_DISABLE_TESTS
171 bool "Disable run-time self tests" 142 bool "Disable run-time self tests"
172 default y 143 default y
173 help 144 help
174 Disable run-time self tests that nor 145 Disable run-time self tests that normally take place at
175 algorithm registration. 146 algorithm registration.
176 147
177 config CRYPTO_MANAGER_EXTRA_TESTS 148 config CRYPTO_MANAGER_EXTRA_TESTS
178 bool "Enable extra run-time crypto sel 149 bool "Enable extra run-time crypto self tests"
179 depends on DEBUG_KERNEL && !CRYPTO_MAN !! 150 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS
180 help 151 help
181 Enable extra run-time self tests of 152 Enable extra run-time self tests of registered crypto algorithms,
182 including randomized fuzz tests. 153 including randomized fuzz tests.
183 154
184 This is intended for developer use o 155 This is intended for developer use only, as these tests take much
185 longer to run than the normal self t 156 longer to run than the normal self tests.
186 157
>> 158 endif # if CRYPTO_MANAGER2
>> 159
>> 160 config CRYPTO_GF128MUL
>> 161 tristate
>> 162
187 config CRYPTO_NULL 163 config CRYPTO_NULL
188 tristate "Null algorithms" 164 tristate "Null algorithms"
189 select CRYPTO_NULL2 165 select CRYPTO_NULL2
190 help 166 help
191 These are 'Null' algorithms, used by 167 These are 'Null' algorithms, used by IPsec, which do nothing.
192 168
193 config CRYPTO_NULL2 169 config CRYPTO_NULL2
194 tristate 170 tristate
195 select CRYPTO_ALGAPI2 171 select CRYPTO_ALGAPI2
196 select CRYPTO_SKCIPHER2 !! 172 select CRYPTO_BLKCIPHER2
197 select CRYPTO_HASH2 173 select CRYPTO_HASH2
198 174
199 config CRYPTO_PCRYPT 175 config CRYPTO_PCRYPT
200 tristate "Parallel crypto engine" 176 tristate "Parallel crypto engine"
201 depends on SMP 177 depends on SMP
202 select PADATA 178 select PADATA
203 select CRYPTO_MANAGER 179 select CRYPTO_MANAGER
204 select CRYPTO_AEAD 180 select CRYPTO_AEAD
205 help 181 help
206 This converts an arbitrary crypto al 182 This converts an arbitrary crypto algorithm into a parallel
207 algorithm that executes in kernel th 183 algorithm that executes in kernel threads.
208 184
209 config CRYPTO_CRYPTD 185 config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon 186 tristate "Software async crypto daemon"
211 select CRYPTO_SKCIPHER !! 187 select CRYPTO_BLKCIPHER
212 select CRYPTO_HASH 188 select CRYPTO_HASH
213 select CRYPTO_MANAGER 189 select CRYPTO_MANAGER
214 help 190 help
215 This is a generic software asynchron 191 This is a generic software asynchronous crypto daemon that
216 converts an arbitrary synchronous so 192 converts an arbitrary synchronous software crypto algorithm
217 into an asynchronous algorithm that 193 into an asynchronous algorithm that executes in a kernel thread.
218 194
219 config CRYPTO_AUTHENC 195 config CRYPTO_AUTHENC
220 tristate "Authenc support" 196 tristate "Authenc support"
221 select CRYPTO_AEAD 197 select CRYPTO_AEAD
222 select CRYPTO_SKCIPHER !! 198 select CRYPTO_BLKCIPHER
223 select CRYPTO_MANAGER 199 select CRYPTO_MANAGER
224 select CRYPTO_HASH 200 select CRYPTO_HASH
225 select CRYPTO_NULL 201 select CRYPTO_NULL
226 help 202 help
227 Authenc: Combined mode wrapper for I 203 Authenc: Combined mode wrapper for IPsec.
228 !! 204 This is required for IPSec.
229 This is required for IPSec ESP (XFRM <<
230 205
231 config CRYPTO_TEST 206 config CRYPTO_TEST
232 tristate "Testing module" 207 tristate "Testing module"
233 depends on m || EXPERT !! 208 depends on m
234 select CRYPTO_MANAGER 209 select CRYPTO_MANAGER
235 help 210 help
236 Quick & dirty crypto test module. 211 Quick & dirty crypto test module.
237 212
238 config CRYPTO_SIMD 213 config CRYPTO_SIMD
239 tristate 214 tristate
240 select CRYPTO_CRYPTD 215 select CRYPTO_CRYPTD
241 216
242 config CRYPTO_ENGINE !! 217 config CRYPTO_GLUE_HELPER_X86
243 tristate 218 tristate
>> 219 depends on X86
>> 220 select CRYPTO_BLKCIPHER
244 221
245 endmenu !! 222 config CRYPTO_ENGINE
>> 223 tristate
246 224
247 menu "Public-key cryptography" !! 225 comment "Public-key cryptography"
248 226
249 config CRYPTO_RSA 227 config CRYPTO_RSA
250 tristate "RSA (Rivest-Shamir-Adleman)" !! 228 tristate "RSA algorithm"
251 select CRYPTO_AKCIPHER 229 select CRYPTO_AKCIPHER
252 select CRYPTO_MANAGER 230 select CRYPTO_MANAGER
253 select MPILIB 231 select MPILIB
254 select ASN1 232 select ASN1
255 help 233 help
256 RSA (Rivest-Shamir-Adleman) public k !! 234 Generic implementation of the RSA public key algorithm.
257 235
258 config CRYPTO_DH 236 config CRYPTO_DH
259 tristate "DH (Diffie-Hellman)" !! 237 tristate "Diffie-Hellman algorithm"
260 select CRYPTO_KPP 238 select CRYPTO_KPP
261 select MPILIB 239 select MPILIB
262 help 240 help
263 DH (Diffie-Hellman) key exchange alg !! 241 Generic implementation of the Diffie-Hellman algorithm.
264 <<
265 config CRYPTO_DH_RFC7919_GROUPS <<
266 bool "RFC 7919 FFDHE groups" <<
267 depends on CRYPTO_DH <<
268 select CRYPTO_RNG_DEFAULT <<
269 help <<
270 FFDHE (Finite-Field-based Diffie-Hel <<
271 defined in RFC7919. <<
272 <<
273 Support these finite-field groups in <<
274 - ffdhe2048, ffdhe3072, ffdhe4096, f <<
275 <<
276 If unsure, say N. <<
277 242
278 config CRYPTO_ECC 243 config CRYPTO_ECC
279 tristate 244 tristate
280 select CRYPTO_RNG_DEFAULT <<
281 245
282 config CRYPTO_ECDH 246 config CRYPTO_ECDH
283 tristate "ECDH (Elliptic Curve Diffie- !! 247 tristate "ECDH algorithm"
284 select CRYPTO_ECC 248 select CRYPTO_ECC
285 select CRYPTO_KPP 249 select CRYPTO_KPP
>> 250 select CRYPTO_RNG_DEFAULT
286 help 251 help
287 ECDH (Elliptic Curve Diffie-Hellman) !! 252 Generic implementation of the ECDH algorithm
288 using curves P-192, P-256, and P-384 <<
289 <<
290 config CRYPTO_ECDSA <<
291 tristate "ECDSA (Elliptic Curve Digita <<
292 select CRYPTO_ECC <<
293 select CRYPTO_AKCIPHER <<
294 select ASN1 <<
295 help <<
296 ECDSA (Elliptic Curve Digital Signat <<
297 ISO/IEC 14888-3) <<
298 using curves P-192, P-256, and P-384 <<
299 <<
300 Only signature verification is imple <<
301 253
302 config CRYPTO_ECRDSA 254 config CRYPTO_ECRDSA
303 tristate "EC-RDSA (Elliptic Curve Russ !! 255 tristate "EC-RDSA (GOST 34.10) algorithm"
304 select CRYPTO_ECC 256 select CRYPTO_ECC
305 select CRYPTO_AKCIPHER 257 select CRYPTO_AKCIPHER
306 select CRYPTO_STREEBOG 258 select CRYPTO_STREEBOG
307 select OID_REGISTRY 259 select OID_REGISTRY
308 select ASN1 260 select ASN1
309 help 261 help
310 Elliptic Curve Russian Digital Signa 262 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
311 RFC 7091, ISO/IEC 14888-3) !! 263 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
>> 264 standard algorithms (called GOST algorithms). Only signature verification
>> 265 is implemented.
312 266
313 One of the Russian cryptographic sta !! 267 comment "Authenticated Encryption with Associated Data"
314 algorithms). Only signature verifica <<
315 268
316 config CRYPTO_CURVE25519 !! 269 config CRYPTO_CCM
317 tristate "Curve25519" !! 270 tristate "CCM support"
318 select CRYPTO_KPP !! 271 select CRYPTO_CTR
319 select CRYPTO_LIB_CURVE25519_GENERIC !! 272 select CRYPTO_HASH
>> 273 select CRYPTO_AEAD
>> 274 select CRYPTO_MANAGER
320 help 275 help
321 Curve25519 elliptic curve (RFC7748) !! 276 Support for Counter with CBC MAC. Required for IPsec.
322 <<
323 endmenu <<
324 <<
325 menu "Block ciphers" <<
326 277
327 config CRYPTO_AES !! 278 config CRYPTO_GCM
328 tristate "AES (Advanced Encryption Sta !! 279 tristate "GCM/GMAC support"
329 select CRYPTO_ALGAPI !! 280 select CRYPTO_CTR
330 select CRYPTO_LIB_AES !! 281 select CRYPTO_AEAD
>> 282 select CRYPTO_GHASH
>> 283 select CRYPTO_NULL
>> 284 select CRYPTO_MANAGER
331 help 285 help
332 AES cipher algorithms (Rijndael)(FIP !! 286 Support for Galois/Counter Mode (GCM) and Galois Message
>> 287 Authentication Code (GMAC). Required for IPSec.
333 288
334 Rijndael appears to be consistently !! 289 config CRYPTO_CHACHA20POLY1305
335 both hardware and software across a !! 290 tristate "ChaCha20-Poly1305 AEAD support"
336 environments regardless of its use i !! 291 select CRYPTO_CHACHA20
337 modes. Its key setup time is excelle !! 292 select CRYPTO_POLY1305
338 good. Rijndael's very low memory req !! 293 select CRYPTO_AEAD
339 suited for restricted-space environm !! 294 select CRYPTO_MANAGER
340 demonstrates excellent performance. <<
341 among the easiest to defend against <<
342 <<
343 The AES specifies three key sizes: 1 <<
344 <<
345 config CRYPTO_AES_TI <<
346 tristate "AES (Advanced Encryption Sta <<
347 select CRYPTO_ALGAPI <<
348 select CRYPTO_LIB_AES <<
349 help 295 help
350 AES cipher algorithms (Rijndael)(FIP !! 296 ChaCha20-Poly1305 AEAD support, RFC7539.
351 <<
352 This is a generic implementation of <<
353 data dependent latencies as much as <<
354 performance too much. It is intended <<
355 and GCM drivers, and other CTR or CM <<
356 solely on encryption (although decry <<
357 with a more dramatic performance hit <<
358 297
359 Instead of using 16 lookup tables of !! 298 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
360 8 for decryption), this implementati !! 299 with the Poly1305 authenticator. It is defined in RFC7539 for use in
361 256 bytes each, and attempts to elim !! 300 IETF protocols.
362 prefetching the entire table into th <<
363 block. Interrupts are also disabled <<
364 are evicted when the CPU is interrup <<
365 301
366 config CRYPTO_ANUBIS !! 302 config CRYPTO_AEGIS128
367 tristate "Anubis" !! 303 tristate "AEGIS-128 AEAD algorithm"
368 depends on CRYPTO_USER_API_ENABLE_OBSO !! 304 select CRYPTO_AEAD
369 select CRYPTO_ALGAPI !! 305 select CRYPTO_AES # for AES S-box tables
370 help 306 help
371 Anubis cipher algorithm !! 307 Support for the AEGIS-128 dedicated AEAD algorithm.
372 <<
373 Anubis is a variable key length ciph <<
374 128 bits to 320 bits in length. It <<
375 in the NESSIE competition. <<
376 <<
377 See https://web.archive.org/web/2016 <<
378 for further information. <<
379 308
380 config CRYPTO_ARIA !! 309 config CRYPTO_AEGIS128L
381 tristate "ARIA" !! 310 tristate "AEGIS-128L AEAD algorithm"
382 select CRYPTO_ALGAPI !! 311 select CRYPTO_AEAD
>> 312 select CRYPTO_AES # for AES S-box tables
383 help 313 help
384 ARIA cipher algorithm (RFC5794) !! 314 Support for the AEGIS-128L dedicated AEAD algorithm.
385 315
386 ARIA is a standard encryption algori !! 316 config CRYPTO_AEGIS256
387 The ARIA specifies three key sizes a !! 317 tristate "AEGIS-256 AEAD algorithm"
388 128-bit: 12 rounds. !! 318 select CRYPTO_AEAD
389 192-bit: 14 rounds. !! 319 select CRYPTO_AES # for AES S-box tables
390 256-bit: 16 rounds. !! 320 help
>> 321 Support for the AEGIS-256 dedicated AEAD algorithm.
391 322
392 See: !! 323 config CRYPTO_AEGIS128_AESNI_SSE2
393 https://seed.kisa.or.kr/kisa/algorit !! 324 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
>> 325 depends on X86 && 64BIT
>> 326 select CRYPTO_AEAD
>> 327 select CRYPTO_SIMD
>> 328 help
>> 329 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
394 330
395 config CRYPTO_BLOWFISH !! 331 config CRYPTO_AEGIS128L_AESNI_SSE2
396 tristate "Blowfish" !! 332 tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
397 select CRYPTO_ALGAPI !! 333 depends on X86 && 64BIT
398 select CRYPTO_BLOWFISH_COMMON !! 334 select CRYPTO_AEAD
>> 335 select CRYPTO_SIMD
399 help 336 help
400 Blowfish cipher algorithm, by Bruce !! 337 AESNI+SSE2 implementation of the AEGIS-128L dedicated AEAD algorithm.
401 338
402 This is a variable key length cipher !! 339 config CRYPTO_AEGIS256_AESNI_SSE2
403 bits to 448 bits in length. It's fa !! 340 tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
404 designed for use on "large microproc !! 341 depends on X86 && 64BIT
>> 342 select CRYPTO_AEAD
>> 343 select CRYPTO_SIMD
>> 344 help
>> 345 AESNI+SSE2 implementation of the AEGIS-256 dedicated AEAD algorithm.
405 346
406 See https://www.schneier.com/blowfis !! 347 config CRYPTO_MORUS640
>> 348 tristate "MORUS-640 AEAD algorithm"
>> 349 select CRYPTO_AEAD
>> 350 help
>> 351 Support for the MORUS-640 dedicated AEAD algorithm.
407 352
408 config CRYPTO_BLOWFISH_COMMON !! 353 config CRYPTO_MORUS640_GLUE
409 tristate 354 tristate
>> 355 depends on X86
>> 356 select CRYPTO_AEAD
>> 357 select CRYPTO_SIMD
410 help 358 help
411 Common parts of the Blowfish cipher !! 359 Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
412 generic c and the assembler implemen !! 360 algorithm.
413 361
414 config CRYPTO_CAMELLIA !! 362 config CRYPTO_MORUS640_SSE2
415 tristate "Camellia" !! 363 tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
416 select CRYPTO_ALGAPI !! 364 depends on X86 && 64BIT
>> 365 select CRYPTO_AEAD
>> 366 select CRYPTO_MORUS640_GLUE
417 help 367 help
418 Camellia cipher algorithms (ISO/IEC !! 368 SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
419 <<
420 Camellia is a symmetric key block ci <<
421 at NTT and Mitsubishi Electric Corpo <<
422 369
423 The Camellia specifies three key siz !! 370 config CRYPTO_MORUS1280
424 !! 371 tristate "MORUS-1280 AEAD algorithm"
425 See https://info.isl.ntt.co.jp/crypt !! 372 select CRYPTO_AEAD
>> 373 help
>> 374 Support for the MORUS-1280 dedicated AEAD algorithm.
426 375
427 config CRYPTO_CAST_COMMON !! 376 config CRYPTO_MORUS1280_GLUE
428 tristate 377 tristate
>> 378 depends on X86
>> 379 select CRYPTO_AEAD
>> 380 select CRYPTO_SIMD
429 help 381 help
430 Common parts of the CAST cipher algo !! 382 Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
431 generic c and the assembler implemen !! 383 algorithm.
432 384
433 config CRYPTO_CAST5 !! 385 config CRYPTO_MORUS1280_SSE2
434 tristate "CAST5 (CAST-128)" !! 386 tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
435 select CRYPTO_ALGAPI !! 387 depends on X86 && 64BIT
436 select CRYPTO_CAST_COMMON !! 388 select CRYPTO_AEAD
>> 389 select CRYPTO_MORUS1280_GLUE
437 help 390 help
438 CAST5 (CAST-128) cipher algorithm (R !! 391 SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
>> 392 algorithm.
439 393
440 config CRYPTO_CAST6 !! 394 config CRYPTO_MORUS1280_AVX2
441 tristate "CAST6 (CAST-256)" !! 395 tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
442 select CRYPTO_ALGAPI !! 396 depends on X86 && 64BIT
443 select CRYPTO_CAST_COMMON !! 397 select CRYPTO_AEAD
>> 398 select CRYPTO_MORUS1280_GLUE
444 help 399 help
445 CAST6 (CAST-256) encryption algorith !! 400 AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
>> 401 algorithm.
446 402
447 config CRYPTO_DES !! 403 config CRYPTO_SEQIV
448 tristate "DES and Triple DES EDE" !! 404 tristate "Sequence Number IV Generator"
449 select CRYPTO_ALGAPI !! 405 select CRYPTO_AEAD
450 select CRYPTO_LIB_DES !! 406 select CRYPTO_BLKCIPHER
>> 407 select CRYPTO_NULL
>> 408 select CRYPTO_RNG_DEFAULT
>> 409 select CRYPTO_MANAGER
451 help 410 help
452 DES (Data Encryption Standard)(FIPS !! 411 This IV generator generates an IV based on a sequence number by
453 Triple DES EDE (Encrypt/Decrypt/Encr !! 412 xoring it with a salt. This algorithm is mainly useful for CTR
454 cipher algorithms <<
455 413
456 config CRYPTO_FCRYPT !! 414 config CRYPTO_ECHAINIV
457 tristate "FCrypt" !! 415 tristate "Encrypted Chain IV Generator"
458 select CRYPTO_ALGAPI !! 416 select CRYPTO_AEAD
459 select CRYPTO_SKCIPHER !! 417 select CRYPTO_NULL
>> 418 select CRYPTO_RNG_DEFAULT
>> 419 select CRYPTO_MANAGER
460 help 420 help
461 FCrypt algorithm used by RxRPC !! 421 This IV generator generates an IV based on the encryption of
>> 422 a sequence number xored with a salt. This is the default
>> 423 algorithm for CBC.
462 424
463 See https://ota.polyonymo.us/fcrypt- !! 425 comment "Block modes"
464 426
465 config CRYPTO_KHAZAD !! 427 config CRYPTO_CBC
466 tristate "Khazad" !! 428 tristate "CBC support"
467 depends on CRYPTO_USER_API_ENABLE_OBSO !! 429 select CRYPTO_BLKCIPHER
468 select CRYPTO_ALGAPI !! 430 select CRYPTO_MANAGER
469 help 431 help
470 Khazad cipher algorithm !! 432 CBC: Cipher Block Chaining mode
471 !! 433 This block cipher algorithm is required for IPSec.
472 Khazad was a finalist in the initial <<
473 an algorithm optimized for 64-bit pr <<
474 on 32-bit processors. Khazad uses a <<
475 <<
476 See https://web.archive.org/web/2017 <<
477 for further information. <<
478 434
479 config CRYPTO_SEED !! 435 config CRYPTO_CFB
480 tristate "SEED" !! 436 tristate "CFB support"
481 depends on CRYPTO_USER_API_ENABLE_OBSO !! 437 select CRYPTO_BLKCIPHER
482 select CRYPTO_ALGAPI !! 438 select CRYPTO_MANAGER
483 help 439 help
484 SEED cipher algorithm (RFC4269, ISO/ !! 440 CFB: Cipher FeedBack mode
485 !! 441 This block cipher algorithm is required for TPM2 Cryptography.
486 SEED is a 128-bit symmetric key bloc <<
487 developed by KISA (Korea Information <<
488 national standard encryption algorit <<
489 It is a 16 round block cipher with t <<
490 <<
491 See https://seed.kisa.or.kr/kisa/alg <<
492 for further information. <<
493 442
494 config CRYPTO_SERPENT !! 443 config CRYPTO_CTR
495 tristate "Serpent" !! 444 tristate "CTR support"
496 select CRYPTO_ALGAPI !! 445 select CRYPTO_BLKCIPHER
>> 446 select CRYPTO_SEQIV
>> 447 select CRYPTO_MANAGER
497 help 448 help
498 Serpent cipher algorithm, by Anderso !! 449 CTR: Counter mode
499 !! 450 This block cipher algorithm is required for IPSec.
500 Keys are allowed to be from 0 to 256 <<
501 of 8 bits. <<
502 451
503 See https://www.cl.cam.ac.uk/~rja14/ !! 452 config CRYPTO_CTS
504 !! 453 tristate "CTS support"
505 config CRYPTO_SM4 !! 454 select CRYPTO_BLKCIPHER
506 tristate !! 455 select CRYPTO_MANAGER
507 <<
508 config CRYPTO_SM4_GENERIC <<
509 tristate "SM4 (ShangMi 4)" <<
510 select CRYPTO_ALGAPI <<
511 select CRYPTO_SM4 <<
512 help 456 help
513 SM4 cipher algorithms (OSCCA GB/T 32 !! 457 CTS: Cipher Text Stealing
514 ISO/IEC 18033-3:2010/Amd 1:2021) !! 458 This is the Cipher Text Stealing mode as described by
515 !! 459 Section 8 of rfc2040 and referenced by rfc3962
516 SM4 (GBT.32907-2016) is a cryptograp !! 460 (rfc3962 includes errata information in its Appendix A) or
517 Organization of State Commercial Adm !! 461 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
518 as an authorized cryptographic algor !! 462 This mode is required for Kerberos gss mechanism support
519 !! 463 for AES encryption.
520 SMS4 was originally created for use <<
521 networks, and is mandated in the Chi <<
522 Wireless LAN WAPI (Wired Authenticat <<
523 (GB.15629.11-2003). <<
524 <<
525 The latest SM4 standard (GBT.32907-2 <<
526 standardized through TC 260 of the S <<
527 of the People's Republic of China (S <<
528 <<
529 The input, output, and key of SMS4 a <<
530 <<
531 See https://eprint.iacr.org/2008/329 <<
532 464
533 If unsure, say N. !! 465 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
534 466
535 config CRYPTO_TEA !! 467 config CRYPTO_ECB
536 tristate "TEA, XTEA and XETA" !! 468 tristate "ECB support"
537 depends on CRYPTO_USER_API_ENABLE_OBSO !! 469 select CRYPTO_BLKCIPHER
538 select CRYPTO_ALGAPI !! 470 select CRYPTO_MANAGER
539 help 471 help
540 TEA (Tiny Encryption Algorithm) ciph !! 472 ECB: Electronic CodeBook mode
541 !! 473 This is the simplest block cipher algorithm. It simply encrypts
542 Tiny Encryption Algorithm is a simpl !! 474 the input block by block.
543 many rounds for security. It is ver <<
544 little memory. <<
545 475
546 Xtendend Tiny Encryption Algorithm i !! 476 config CRYPTO_LRW
547 the TEA algorithm to address a poten !! 477 tristate "LRW support"
548 in the TEA algorithm. !! 478 select CRYPTO_BLKCIPHER
>> 479 select CRYPTO_MANAGER
>> 480 select CRYPTO_GF128MUL
>> 481 help
>> 482 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
>> 483 narrow block cipher mode for dm-crypt. Use it with cipher
>> 484 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
>> 485 The first 128, 192 or 256 bits in the key are used for AES and the
>> 486 rest is used to tie each cipher block to its logical position.
549 487
550 Xtendend Encryption Tiny Algorithm i !! 488 config CRYPTO_OFB
551 of the XTEA algorithm for compatibil !! 489 tristate "OFB support"
>> 490 select CRYPTO_BLKCIPHER
>> 491 select CRYPTO_MANAGER
>> 492 help
>> 493 OFB: the Output Feedback mode makes a block cipher into a synchronous
>> 494 stream cipher. It generates keystream blocks, which are then XORed
>> 495 with the plaintext blocks to get the ciphertext. Flipping a bit in the
>> 496 ciphertext produces a flipped bit in the plaintext at the same
>> 497 location. This property allows many error correcting codes to function
>> 498 normally even when applied before encryption.
552 499
553 config CRYPTO_TWOFISH !! 500 config CRYPTO_PCBC
554 tristate "Twofish" !! 501 tristate "PCBC support"
555 select CRYPTO_ALGAPI !! 502 select CRYPTO_BLKCIPHER
556 select CRYPTO_TWOFISH_COMMON !! 503 select CRYPTO_MANAGER
557 help 504 help
558 Twofish cipher algorithm !! 505 PCBC: Propagating Cipher Block Chaining mode
>> 506 This block cipher algorithm is required for RxRPC.
559 507
560 Twofish was submitted as an AES (Adv !! 508 config CRYPTO_XTS
561 candidate cipher by researchers at C !! 509 tristate "XTS support"
562 16 round block cipher supporting key !! 510 select CRYPTO_BLKCIPHER
563 bits. !! 511 select CRYPTO_MANAGER
>> 512 select CRYPTO_ECB
>> 513 help
>> 514 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
>> 515 key size 256, 384 or 512 bits. This implementation currently
>> 516 can't handle a sectorsize which is not a multiple of 16 bytes.
564 517
565 See https://www.schneier.com/twofish !! 518 config CRYPTO_KEYWRAP
>> 519 tristate "Key wrapping support"
>> 520 select CRYPTO_BLKCIPHER
>> 521 select CRYPTO_MANAGER
>> 522 help
>> 523 Support for key wrapping (NIST SP800-38F / RFC3394) without
>> 524 padding.
566 525
567 config CRYPTO_TWOFISH_COMMON !! 526 config CRYPTO_NHPOLY1305
568 tristate 527 tristate
569 help !! 528 select CRYPTO_HASH
570 Common parts of the Twofish cipher a !! 529 select CRYPTO_POLY1305
571 generic c and the assembler implemen <<
572 530
573 endmenu !! 531 config CRYPTO_NHPOLY1305_SSE2
>> 532 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
>> 533 depends on X86 && 64BIT
>> 534 select CRYPTO_NHPOLY1305
>> 535 help
>> 536 SSE2 optimized implementation of the hash function used by the
>> 537 Adiantum encryption mode.
574 538
575 menu "Length-preserving ciphers and modes" !! 539 config CRYPTO_NHPOLY1305_AVX2
>> 540 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
>> 541 depends on X86 && 64BIT
>> 542 select CRYPTO_NHPOLY1305
>> 543 help
>> 544 AVX2 optimized implementation of the hash function used by the
>> 545 Adiantum encryption mode.
576 546
577 config CRYPTO_ADIANTUM 547 config CRYPTO_ADIANTUM
578 tristate "Adiantum" !! 548 tristate "Adiantum support"
579 select CRYPTO_CHACHA20 549 select CRYPTO_CHACHA20
580 select CRYPTO_LIB_POLY1305_GENERIC !! 550 select CRYPTO_POLY1305
581 select CRYPTO_NHPOLY1305 551 select CRYPTO_NHPOLY1305
582 select CRYPTO_MANAGER 552 select CRYPTO_MANAGER
583 help 553 help
584 Adiantum tweakable, length-preservin !! 554 Adiantum is a tweakable, length-preserving encryption mode
585 !! 555 designed for fast and secure disk encryption, especially on
586 Designed for fast and secure disk en <<
587 CPUs without dedicated crypto instru 556 CPUs without dedicated crypto instructions. It encrypts
588 each sector using the XChaCha12 stre 557 each sector using the XChaCha12 stream cipher, two passes of
589 an ε-almost-∆-universal hash func 558 an ε-almost-∆-universal hash function, and an invocation of
590 the AES-256 block cipher on a single 559 the AES-256 block cipher on a single 16-byte block. On CPUs
591 without AES instructions, Adiantum i 560 without AES instructions, Adiantum is much faster than
592 AES-XTS. 561 AES-XTS.
593 562
594 Adiantum's security is provably redu 563 Adiantum's security is provably reducible to that of its
595 underlying stream and block ciphers, 564 underlying stream and block ciphers, subject to a security
596 bound. Unlike XTS, Adiantum is a tr 565 bound. Unlike XTS, Adiantum is a true wide-block encryption
597 mode, so it actually provides an eve 566 mode, so it actually provides an even stronger notion of
598 security than XTS, subject to the se 567 security than XTS, subject to the security bound.
599 568
600 If unsure, say N. 569 If unsure, say N.
601 570
602 config CRYPTO_ARC4 !! 571 comment "Hash modes"
603 tristate "ARC4 (Alleged Rivest Cipher <<
604 depends on CRYPTO_USER_API_ENABLE_OBSO <<
605 select CRYPTO_SKCIPHER <<
606 select CRYPTO_LIB_ARC4 <<
607 help <<
608 ARC4 cipher algorithm <<
609 <<
610 ARC4 is a stream cipher using keys r <<
611 bits in length. This algorithm is r <<
612 WEP, but it should not be for other <<
613 weakness of the algorithm. <<
614 <<
615 config CRYPTO_CHACHA20 <<
616 tristate "ChaCha" <<
617 select CRYPTO_LIB_CHACHA_GENERIC <<
618 select CRYPTO_SKCIPHER <<
619 help <<
620 The ChaCha20, XChaCha20, and XChaCha <<
621 <<
622 ChaCha20 is a 256-bit high-speed str <<
623 Bernstein and further specified in R <<
624 This is the portable C implementatio <<
625 https://cr.yp.to/chacha/chacha-20080 <<
626 <<
627 XChaCha20 is the application of the <<
628 rather than to Salsa20. XChaCha20 e <<
629 from 64 bits (or 96 bits using the R <<
630 while provably retaining ChaCha20's <<
631 https://cr.yp.to/snuffle/xsalsa-2008 <<
632 572
633 XChaCha12 is XChaCha20 reduced to 12 !! 573 config CRYPTO_CMAC
634 reduced security margin but increase !! 574 tristate "CMAC support"
635 in some performance-sensitive scenar !! 575 select CRYPTO_HASH
636 <<
637 config CRYPTO_CBC <<
638 tristate "CBC (Cipher Block Chaining)" <<
639 select CRYPTO_SKCIPHER <<
640 select CRYPTO_MANAGER 576 select CRYPTO_MANAGER
641 help 577 help
642 CBC (Cipher Block Chaining) mode (NI !! 578 Cipher-based Message Authentication Code (CMAC) specified by
643 !! 579 The National Institute of Standards and Technology (NIST).
644 This block cipher mode is required f <<
645 580
646 config CRYPTO_CTR !! 581 https://tools.ietf.org/html/rfc4493
647 tristate "CTR (Counter)" !! 582 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
648 select CRYPTO_SKCIPHER <<
649 select CRYPTO_MANAGER <<
650 help <<
651 CTR (Counter) mode (NIST SP800-38A) <<
652 583
653 config CRYPTO_CTS !! 584 config CRYPTO_HMAC
654 tristate "CTS (Cipher Text Stealing)" !! 585 tristate "HMAC support"
655 select CRYPTO_SKCIPHER !! 586 select CRYPTO_HASH
656 select CRYPTO_MANAGER 587 select CRYPTO_MANAGER
657 help 588 help
658 CBC-CS3 variant of CTS (Cipher Text !! 589 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
659 Addendum to SP800-38A (October 2010) !! 590 This is required for IPSec.
660 <<
661 This mode is required for Kerberos g <<
662 for AES encryption. <<
663 591
664 config CRYPTO_ECB !! 592 config CRYPTO_XCBC
665 tristate "ECB (Electronic Codebook)" !! 593 tristate "XCBC support"
666 select CRYPTO_SKCIPHER2 !! 594 select CRYPTO_HASH
667 select CRYPTO_MANAGER 595 select CRYPTO_MANAGER
668 help 596 help
669 ECB (Electronic Codebook) mode (NIST !! 597 XCBC: Keyed-Hashing with encryption algorithm
>> 598 http://www.ietf.org/rfc/rfc3566.txt
>> 599 http://csrc.nist.gov/encryption/modes/proposedmodes/
>> 600 xcbc-mac/xcbc-mac-spec.pdf
670 601
671 config CRYPTO_HCTR2 !! 602 config CRYPTO_VMAC
672 tristate "HCTR2" !! 603 tristate "VMAC support"
673 select CRYPTO_XCTR !! 604 select CRYPTO_HASH
674 select CRYPTO_POLYVAL <<
675 select CRYPTO_MANAGER 605 select CRYPTO_MANAGER
676 help 606 help
677 HCTR2 length-preserving encryption m !! 607 VMAC is a message authentication algorithm designed for
>> 608 very high speed on 64-bit architectures.
678 609
679 A mode for storage encryption that i !! 610 See also:
680 instructions to accelerate AES and c !! 611 <http://fastcrypto.org/vmac>
681 x86 processors with AES-NI and CLMUL <<
682 ARMv8 crypto extensions. <<
683 612
684 See https://eprint.iacr.org/2021/144 !! 613 comment "Digest"
685 614
686 config CRYPTO_KEYWRAP !! 615 config CRYPTO_CRC32C
687 tristate "KW (AES Key Wrap)" !! 616 tristate "CRC32c CRC algorithm"
688 select CRYPTO_SKCIPHER !! 617 select CRYPTO_HASH
689 select CRYPTO_MANAGER !! 618 select CRC32
690 help 619 help
691 KW (AES Key Wrap) authenticated encr !! 620 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
692 and RFC3394) without padding. !! 621 by iSCSI for header and data digests and by others.
693 !! 622 See Castagnoli93. Module will be crc32c.
694 config CRYPTO_LRW !! 623
695 tristate "LRW (Liskov Rivest Wagner)" !! 624 config CRYPTO_CRC32C_INTEL
696 select CRYPTO_LIB_GF128MUL !! 625 tristate "CRC32c INTEL hardware acceleration"
697 select CRYPTO_SKCIPHER !! 626 depends on X86
698 select CRYPTO_MANAGER !! 627 select CRYPTO_HASH
699 select CRYPTO_ECB !! 628 help
>> 629 In Intel processor with SSE4.2 supported, the processor will
>> 630 support CRC32C implementation using hardware accelerated CRC32
>> 631 instruction. This option will create 'crc32c-intel' module,
>> 632 which will enable any routine to use the CRC32 instruction to
>> 633 gain performance compared with software implementation.
>> 634 Module will be crc32c-intel.
>> 635
>> 636 config CRYPTO_CRC32C_VPMSUM
>> 637 tristate "CRC32c CRC algorithm (powerpc64)"
>> 638 depends on PPC64 && ALTIVEC
>> 639 select CRYPTO_HASH
>> 640 select CRC32
700 help 641 help
701 LRW (Liskov Rivest Wagner) mode !! 642 CRC32c algorithm implemented using vector polynomial multiply-sum
702 !! 643 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
703 A tweakable, non malleable, non mova !! 644 and newer processors for improved performance.
704 narrow block cipher mode for dm-cryp <<
705 specification string aes-lrw-benbi, <<
706 The first 128, 192 or 256 bits in th <<
707 rest is used to tie each cipher bloc <<
708 645
709 See https://people.csail.mit.edu/riv <<
710 646
711 config CRYPTO_PCBC !! 647 config CRYPTO_CRC32C_SPARC64
712 tristate "PCBC (Propagating Cipher Blo !! 648 tristate "CRC32c CRC algorithm (SPARC64)"
713 select CRYPTO_SKCIPHER !! 649 depends on SPARC64
714 select CRYPTO_MANAGER !! 650 select CRYPTO_HASH
>> 651 select CRC32
715 help 652 help
716 PCBC (Propagating Cipher Block Chain !! 653 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
>> 654 when available.
717 655
718 This block cipher mode is required f !! 656 config CRYPTO_CRC32
719 !! 657 tristate "CRC32 CRC algorithm"
720 config CRYPTO_XCTR !! 658 select CRYPTO_HASH
721 tristate !! 659 select CRC32
722 select CRYPTO_SKCIPHER <<
723 select CRYPTO_MANAGER <<
724 help 660 help
725 XCTR (XOR Counter) mode for HCTR2 !! 661 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
>> 662 Shash crypto api wrappers to crc32_le function.
726 663
727 This blockcipher mode is a variant o !! 664 config CRYPTO_CRC32_PCLMUL
728 addition rather than big-endian arit !! 665 tristate "CRC32 PCLMULQDQ hardware acceleration"
>> 666 depends on X86
>> 667 select CRYPTO_HASH
>> 668 select CRC32
>> 669 help
>> 670 From Intel Westmere and AMD Bulldozer processor with SSE4.2
>> 671 and PCLMULQDQ supported, the processor will support
>> 672 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
>> 673 instruction. This option will create 'crc32-pclmul' module,
>> 674 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
>> 675 and gain better performance as compared with the table implementation.
>> 676
>> 677 config CRYPTO_CRC32_MIPS
>> 678 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
>> 679 depends on MIPS_CRC_SUPPORT
>> 680 select CRYPTO_HASH
>> 681 help
>> 682 CRC32c and CRC32 CRC algorithms implemented using mips crypto
>> 683 instructions, when available.
729 684
730 XCTR mode is used to implement HCTR2 <<
731 685
732 config CRYPTO_XTS !! 686 config CRYPTO_XXHASH
733 tristate "XTS (XOR Encrypt XOR with ci !! 687 tristate "xxHash hash algorithm"
734 select CRYPTO_SKCIPHER !! 688 select CRYPTO_HASH
735 select CRYPTO_MANAGER !! 689 select XXHASH
736 select CRYPTO_ECB <<
737 help 690 help
738 XTS (XOR Encrypt XOR with ciphertext !! 691 xxHash non-cryptographic hash algorithm. Extremely fast, working at
739 and IEEE 1619) !! 692 speeds close to RAM limits.
740 693
741 Use with aes-xts-plain, key size 256 !! 694 config CRYPTO_CRCT10DIF
742 implementation currently can't handl !! 695 tristate "CRCT10DIF algorithm"
743 multiple of 16 bytes. !! 696 select CRYPTO_HASH
>> 697 help
>> 698 CRC T10 Data Integrity Field computation is being cast as
>> 699 a crypto transform. This allows for faster crc t10 diff
>> 700 transforms to be used if they are available.
744 701
745 config CRYPTO_NHPOLY1305 !! 702 config CRYPTO_CRCT10DIF_PCLMUL
746 tristate !! 703 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
>> 704 depends on X86 && 64BIT && CRC_T10DIF
747 select CRYPTO_HASH 705 select CRYPTO_HASH
748 select CRYPTO_LIB_POLY1305_GENERIC !! 706 help
>> 707 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
>> 708 CRC T10 DIF PCLMULQDQ computation can be hardware
>> 709 accelerated PCLMULQDQ instruction. This option will create
>> 710 'crct10dif-pclmul' module, which is faster when computing the
>> 711 crct10dif checksum as compared with the generic table implementation.
749 712
750 endmenu !! 713 config CRYPTO_CRCT10DIF_VPMSUM
>> 714 tristate "CRC32T10DIF powerpc64 hardware acceleration"
>> 715 depends on PPC64 && ALTIVEC && CRC_T10DIF
>> 716 select CRYPTO_HASH
>> 717 help
>> 718 CRC10T10DIF algorithm implemented using vector polynomial
>> 719 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
>> 720 POWER8 and newer processors for improved performance.
751 721
752 menu "AEAD (authenticated encryption with asso !! 722 config CRYPTO_VPMSUM_TESTER
>> 723 tristate "Powerpc64 vpmsum hardware acceleration tester"
>> 724 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
>> 725 help
>> 726 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
>> 727 POWER8 vpmsum instructions.
>> 728 Unless you are testing these algorithms, you don't need this.
753 729
754 config CRYPTO_AEGIS128 !! 730 config CRYPTO_GHASH
755 tristate "AEGIS-128" !! 731 tristate "GHASH digest algorithm"
756 select CRYPTO_AEAD !! 732 select CRYPTO_GF128MUL
757 select CRYPTO_AES # for AES S-box tab !! 733 select CRYPTO_HASH
758 help 734 help
759 AEGIS-128 AEAD algorithm !! 735 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
760 736
761 config CRYPTO_AEGIS128_SIMD !! 737 config CRYPTO_POLY1305
762 bool "AEGIS-128 (arm NEON, arm64 NEON) !! 738 tristate "Poly1305 authenticator algorithm"
763 depends on CRYPTO_AEGIS128 && ((ARM || !! 739 select CRYPTO_HASH
764 default y <<
765 help 740 help
766 AEGIS-128 AEAD algorithm !! 741 Poly1305 authenticator algorithm, RFC7539.
767 742
768 Architecture: arm or arm64 using: !! 743 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
769 - NEON (Advanced SIMD) extension !! 744 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
>> 745 in IETF protocols. This is the portable C implementation of Poly1305.
770 746
771 config CRYPTO_CHACHA20POLY1305 !! 747 config CRYPTO_POLY1305_X86_64
772 tristate "ChaCha20-Poly1305" !! 748 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
773 select CRYPTO_CHACHA20 !! 749 depends on X86 && 64BIT
774 select CRYPTO_POLY1305 750 select CRYPTO_POLY1305
775 select CRYPTO_AEAD <<
776 select CRYPTO_MANAGER <<
777 help 751 help
778 ChaCha20 stream cipher and Poly1305 !! 752 Poly1305 authenticator algorithm, RFC7539.
779 mode (RFC8439) <<
780 753
781 config CRYPTO_CCM !! 754 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
782 tristate "CCM (Counter with Cipher Blo !! 755 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
783 select CRYPTO_CTR !! 756 in IETF protocols. This is the x86_64 assembler implementation using SIMD
>> 757 instructions.
>> 758
>> 759 config CRYPTO_MD4
>> 760 tristate "MD4 digest algorithm"
784 select CRYPTO_HASH 761 select CRYPTO_HASH
785 select CRYPTO_AEAD <<
786 select CRYPTO_MANAGER <<
787 help 762 help
788 CCM (Counter with Cipher Block Chain !! 763 MD4 message digest algorithm (RFC1320).
789 authenticated encryption mode (NIST <<
790 764
791 config CRYPTO_GCM !! 765 config CRYPTO_MD5
792 tristate "GCM (Galois/Counter Mode) an !! 766 tristate "MD5 digest algorithm"
793 select CRYPTO_CTR !! 767 select CRYPTO_HASH
794 select CRYPTO_AEAD <<
795 select CRYPTO_GHASH <<
796 select CRYPTO_NULL <<
797 select CRYPTO_MANAGER <<
798 help 768 help
799 GCM (Galois/Counter Mode) authentica !! 769 MD5 message digest algorithm (RFC1321).
800 (GCM Message Authentication Code) (N <<
801 770
802 This is required for IPSec ESP (XFRM !! 771 config CRYPTO_MD5_OCTEON
803 !! 772 tristate "MD5 digest algorithm (OCTEON)"
804 config CRYPTO_GENIV !! 773 depends on CPU_CAVIUM_OCTEON
805 tristate !! 774 select CRYPTO_MD5
806 select CRYPTO_AEAD !! 775 select CRYPTO_HASH
807 select CRYPTO_NULL <<
808 select CRYPTO_MANAGER <<
809 select CRYPTO_RNG_DEFAULT <<
810 <<
811 config CRYPTO_SEQIV <<
812 tristate "Sequence Number IV Generator <<
813 select CRYPTO_GENIV <<
814 help 776 help
815 Sequence Number IV generator !! 777 MD5 message digest algorithm (RFC1321) implemented
>> 778 using OCTEON crypto instructions, when available.
816 779
817 This IV generator generates an IV ba !! 780 config CRYPTO_MD5_PPC
818 xoring it with a salt. This algorit !! 781 tristate "MD5 digest algorithm (PPC)"
819 !! 782 depends on PPC
820 This is required for IPsec ESP (XFRM !! 783 select CRYPTO_HASH
>> 784 help
>> 785 MD5 message digest algorithm (RFC1321) implemented
>> 786 in PPC assembler.
821 787
822 config CRYPTO_ECHAINIV !! 788 config CRYPTO_MD5_SPARC64
823 tristate "Encrypted Chain IV Generator !! 789 tristate "MD5 digest algorithm (SPARC64)"
824 select CRYPTO_GENIV !! 790 depends on SPARC64
>> 791 select CRYPTO_MD5
>> 792 select CRYPTO_HASH
825 help 793 help
826 Encrypted Chain IV generator !! 794 MD5 message digest algorithm (RFC1321) implemented
>> 795 using sparc64 crypto instructions, when available.
827 796
828 This IV generator generates an IV ba !! 797 config CRYPTO_MICHAEL_MIC
829 a sequence number xored with a salt. !! 798 tristate "Michael MIC keyed digest algorithm"
830 algorithm for CBC. !! 799 select CRYPTO_HASH
>> 800 help
>> 801 Michael MIC is used for message integrity protection in TKIP
>> 802 (IEEE 802.11i). This algorithm is required for TKIP, but it
>> 803 should not be used for other purposes because of the weakness
>> 804 of the algorithm.
831 805
832 config CRYPTO_ESSIV !! 806 config CRYPTO_RMD128
833 tristate "Encrypted Salt-Sector IV Gen !! 807 tristate "RIPEMD-128 digest algorithm"
834 select CRYPTO_AUTHENC !! 808 select CRYPTO_HASH
835 help 809 help
836 Encrypted Salt-Sector IV generator !! 810 RIPEMD-128 (ISO/IEC 10118-3:2004).
837 811
838 This IV generator is used in some ca !! 812 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
839 dm-crypt. It uses the hash of the bl !! 813 be used as a secure replacement for RIPEMD. For other use cases,
840 symmetric key for a block encryption !! 814 RIPEMD-160 should be used.
841 IV, making low entropy IV sources mo <<
842 encryption. <<
843 815
844 This driver implements a crypto API !! 816 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
845 instantiated either as an skcipher o !! 817 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
846 type of the first template argument) !! 818
847 and decryption requests to the encap !! 819 config CRYPTO_RMD160
848 ESSIV to the input IV. Note that in !! 820 tristate "RIPEMD-160 digest algorithm"
849 that the keys are presented in the s !! 821 select CRYPTO_HASH
850 template, and that the IV appears at !! 822 help
851 associated data (AAD) region (which !! 823 RIPEMD-160 (ISO/IEC 10118-3:2004).
852 824
853 Note that the use of ESSIV is not re !! 825 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
854 and so this only needs to be enabled !! 826 to be used as a secure replacement for the 128-bit hash functions
855 existing encrypted volumes of filesy !! 827 MD4, MD5 and it's predecessor RIPEMD
856 building for a particular system tha !! 828 (not to be confused with RIPEMD-128).
857 the SoC in question has accelerated <<
858 combined with ESSIV the only feasibl <<
859 block encryption) <<
860 829
861 endmenu !! 830 It's speed is comparable to SHA1 and there are no known attacks
>> 831 against RIPEMD-160.
862 832
863 menu "Hashes, digests, and MACs" !! 833 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
>> 834 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
864 835
865 config CRYPTO_BLAKE2B !! 836 config CRYPTO_RMD256
866 tristate "BLAKE2b" !! 837 tristate "RIPEMD-256 digest algorithm"
867 select CRYPTO_HASH 838 select CRYPTO_HASH
868 help 839 help
869 BLAKE2b cryptographic hash function !! 840 RIPEMD-256 is an optional extension of RIPEMD-128 with a
870 !! 841 256 bit hash. It is intended for applications that require
871 BLAKE2b is optimized for 64-bit plat !! 842 longer hash-results, without needing a larger security level
872 of any size between 1 and 64 bytes. !! 843 (than RIPEMD-128).
873 844
874 This module provides the following a !! 845 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
875 - blake2b-160 !! 846 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
876 - blake2b-256 <<
877 - blake2b-384 <<
878 - blake2b-512 <<
879 847
880 Used by the btrfs filesystem. !! 848 config CRYPTO_RMD320
>> 849 tristate "RIPEMD-320 digest algorithm"
>> 850 select CRYPTO_HASH
>> 851 help
>> 852 RIPEMD-320 is an optional extension of RIPEMD-160 with a
>> 853 320 bit hash. It is intended for applications that require
>> 854 longer hash-results, without needing a larger security level
>> 855 (than RIPEMD-160).
881 856
882 See https://blake2.net for further i !! 857 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
>> 858 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
883 859
884 config CRYPTO_CMAC !! 860 config CRYPTO_SHA1
885 tristate "CMAC (Cipher-based MAC)" !! 861 tristate "SHA1 digest algorithm"
886 select CRYPTO_HASH 862 select CRYPTO_HASH
887 select CRYPTO_MANAGER <<
888 help 863 help
889 CMAC (Cipher-based Message Authentic !! 864 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
890 mode (NIST SP800-38B and IETF RFC449 <<
891 865
892 config CRYPTO_GHASH !! 866 config CRYPTO_SHA1_SSSE3
893 tristate "GHASH" !! 867 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
>> 868 depends on X86 && 64BIT
>> 869 select CRYPTO_SHA1
894 select CRYPTO_HASH 870 select CRYPTO_HASH
895 select CRYPTO_LIB_GF128MUL <<
896 help 871 help
897 GCM GHASH function (NIST SP800-38D) !! 872 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 873 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
>> 874 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
>> 875 when available.
898 876
899 config CRYPTO_HMAC !! 877 config CRYPTO_SHA256_SSSE3
900 tristate "HMAC (Keyed-Hash MAC)" !! 878 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
>> 879 depends on X86 && 64BIT
>> 880 select CRYPTO_SHA256
901 select CRYPTO_HASH 881 select CRYPTO_HASH
902 select CRYPTO_MANAGER <<
903 help 882 help
904 HMAC (Keyed-Hash Message Authenticat !! 883 SHA-256 secure hash standard (DFIPS 180-2) implemented
905 RFC2104) !! 884 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
906 !! 885 Extensions version 1 (AVX1), or Advanced Vector Extensions
907 This is required for IPsec AH (XFRM_ !! 886 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
908 !! 887 Instructions) when available.
909 config CRYPTO_MD4 !! 888
910 tristate "MD4" !! 889 config CRYPTO_SHA512_SSSE3
>> 890 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
>> 891 depends on X86 && 64BIT
>> 892 select CRYPTO_SHA512
911 select CRYPTO_HASH 893 select CRYPTO_HASH
912 help 894 help
913 MD4 message digest algorithm (RFC132 !! 895 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 896 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 897 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 898 version 2 (AVX2) instructions, when available.
914 899
915 config CRYPTO_MD5 !! 900 config CRYPTO_SHA1_OCTEON
916 tristate "MD5" !! 901 tristate "SHA1 digest algorithm (OCTEON)"
>> 902 depends on CPU_CAVIUM_OCTEON
>> 903 select CRYPTO_SHA1
917 select CRYPTO_HASH 904 select CRYPTO_HASH
918 help 905 help
919 MD5 message digest algorithm (RFC132 !! 906 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 907 using OCTEON crypto instructions, when available.
920 908
921 config CRYPTO_MICHAEL_MIC !! 909 config CRYPTO_SHA1_SPARC64
922 tristate "Michael MIC" !! 910 tristate "SHA1 digest algorithm (SPARC64)"
>> 911 depends on SPARC64
>> 912 select CRYPTO_SHA1
923 select CRYPTO_HASH 913 select CRYPTO_HASH
924 help 914 help
925 Michael MIC (Message Integrity Code) !! 915 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 916 using sparc64 crypto instructions, when available.
926 917
927 Defined by the IEEE 802.11i TKIP (Te !! 918 config CRYPTO_SHA1_PPC
928 known as WPA (Wif-Fi Protected Acces !! 919 tristate "SHA1 digest algorithm (powerpc)"
>> 920 depends on PPC
>> 921 help
>> 922 This is the powerpc hardware accelerated implementation of the
>> 923 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
929 924
930 This algorithm is required for TKIP, !! 925 config CRYPTO_SHA1_PPC_SPE
931 other purposes because of the weakne !! 926 tristate "SHA1 digest algorithm (PPC SPE)"
>> 927 depends on PPC && SPE
>> 928 help
>> 929 SHA-1 secure hash standard (DFIPS 180-4) implemented
>> 930 using powerpc SPE SIMD instruction set.
932 931
933 config CRYPTO_POLYVAL !! 932 config CRYPTO_SHA256
934 tristate !! 933 tristate "SHA224 and SHA256 digest algorithm"
935 select CRYPTO_HASH 934 select CRYPTO_HASH
936 select CRYPTO_LIB_GF128MUL <<
937 help 935 help
938 POLYVAL hash function for HCTR2 !! 936 SHA256 secure hash standard (DFIPS 180-2).
939 937
940 This is used in HCTR2. It is not a !! 938 This version of SHA implements a 256 bit hash with 128 bits of
941 cryptographic hash function. !! 939 security against collision attacks.
942 940
943 config CRYPTO_POLY1305 !! 941 This code also includes SHA-224, a 224 bit hash with 112 bits
944 tristate "Poly1305" !! 942 of security against collision attacks.
>> 943
>> 944 config CRYPTO_SHA256_PPC_SPE
>> 945 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
>> 946 depends on PPC && SPE
>> 947 select CRYPTO_SHA256
945 select CRYPTO_HASH 948 select CRYPTO_HASH
946 select CRYPTO_LIB_POLY1305_GENERIC <<
947 help 949 help
948 Poly1305 authenticator algorithm (RF !! 950 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
949 !! 951 implemented using powerpc SPE SIMD instruction set.
950 Poly1305 is an authenticator algorit <<
951 It is used for the ChaCha20-Poly1305 <<
952 in IETF protocols. This is the porta <<
953 952
954 config CRYPTO_RMD160 !! 953 config CRYPTO_SHA256_OCTEON
955 tristate "RIPEMD-160" !! 954 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
>> 955 depends on CPU_CAVIUM_OCTEON
>> 956 select CRYPTO_SHA256
956 select CRYPTO_HASH 957 select CRYPTO_HASH
957 help 958 help
958 RIPEMD-160 hash function (ISO/IEC 10 !! 959 SHA-256 secure hash standard (DFIPS 180-2) implemented
959 !! 960 using OCTEON crypto instructions, when available.
960 RIPEMD-160 is a 160-bit cryptographi <<
961 to be used as a secure replacement f <<
962 MD4, MD5 and its predecessor RIPEMD <<
963 (not to be confused with RIPEMD-128) <<
964 <<
965 Its speed is comparable to SHA-1 and <<
966 against RIPEMD-160. <<
967 <<
968 Developed by Hans Dobbertin, Antoon <<
969 See https://homes.esat.kuleuven.be/~ <<
970 for further information. <<
971 961
972 config CRYPTO_SHA1 !! 962 config CRYPTO_SHA256_SPARC64
973 tristate "SHA-1" !! 963 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
>> 964 depends on SPARC64
>> 965 select CRYPTO_SHA256
974 select CRYPTO_HASH 966 select CRYPTO_HASH
975 select CRYPTO_LIB_SHA1 <<
976 help 967 help
977 SHA-1 secure hash algorithm (FIPS 18 !! 968 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 969 using sparc64 crypto instructions, when available.
978 970
979 config CRYPTO_SHA256 !! 971 config CRYPTO_SHA512
980 tristate "SHA-224 and SHA-256" !! 972 tristate "SHA384 and SHA512 digest algorithms"
981 select CRYPTO_HASH 973 select CRYPTO_HASH
982 select CRYPTO_LIB_SHA256 <<
983 help 974 help
984 SHA-224 and SHA-256 secure hash algo !! 975 SHA512 secure hash standard (DFIPS 180-2).
985 976
986 This is required for IPsec AH (XFRM_ !! 977 This version of SHA implements a 512 bit hash with 256 bits of
987 Used by the btrfs filesystem, Ceph, !! 978 security against collision attacks.
988 979
989 config CRYPTO_SHA512 !! 980 This code also includes SHA-384, a 384 bit hash with 192 bits
990 tristate "SHA-384 and SHA-512" !! 981 of security against collision attacks.
>> 982
>> 983 config CRYPTO_SHA512_OCTEON
>> 984 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
>> 985 depends on CPU_CAVIUM_OCTEON
>> 986 select CRYPTO_SHA512
991 select CRYPTO_HASH 987 select CRYPTO_HASH
992 help 988 help
993 SHA-384 and SHA-512 secure hash algo !! 989 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 990 using OCTEON crypto instructions, when available.
>> 991
>> 992 config CRYPTO_SHA512_SPARC64
>> 993 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
>> 994 depends on SPARC64
>> 995 select CRYPTO_SHA512
>> 996 select CRYPTO_HASH
>> 997 help
>> 998 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 999 using sparc64 crypto instructions, when available.
994 1000
995 config CRYPTO_SHA3 1001 config CRYPTO_SHA3
996 tristate "SHA-3" !! 1002 tristate "SHA3 digest algorithm"
997 select CRYPTO_HASH 1003 select CRYPTO_HASH
998 help 1004 help
999 SHA-3 secure hash algorithms (FIPS 2 !! 1005 SHA-3 secure hash standard (DFIPS 202). It's based on
>> 1006 cryptographic sponge function family called Keccak.
1000 1007
1001 config CRYPTO_SM3 !! 1008 References:
1002 tristate !! 1009 http://keccak.noekeon.org/
1003 1010
1004 config CRYPTO_SM3_GENERIC !! 1011 config CRYPTO_SM3
1005 tristate "SM3 (ShangMi 3)" !! 1012 tristate "SM3 digest algorithm"
1006 select CRYPTO_HASH 1013 select CRYPTO_HASH
1007 select CRYPTO_SM3 <<
1008 help 1014 help
1009 SM3 (ShangMi 3) secure hash functio !! 1015 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1010 !! 1016 It is part of the Chinese Commercial Cryptography suite.
1011 This is part of the Chinese Commerc <<
1012 1017
1013 References: 1018 References:
1014 http://www.oscca.gov.cn/UpFile/2010 1019 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1015 https://datatracker.ietf.org/doc/ht 1020 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1016 1021
1017 config CRYPTO_STREEBOG 1022 config CRYPTO_STREEBOG
1018 tristate "Streebog" !! 1023 tristate "Streebog Hash Function"
1019 select CRYPTO_HASH 1024 select CRYPTO_HASH
1020 help 1025 help
1021 Streebog Hash Function (GOST R 34.1 !! 1026 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1022 !! 1027 cryptographic standard algorithms (called GOST algorithms).
1023 This is one of the Russian cryptogr !! 1028 This setting enables two hash algorithms with 256 and 512 bits output.
1024 GOST algorithms). This setting enab <<
1025 256 and 512 bits output. <<
1026 1029
1027 References: 1030 References:
1028 https://tc26.ru/upload/iblock/fed/f 1031 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1029 https://tools.ietf.org/html/rfc6986 1032 https://tools.ietf.org/html/rfc6986
1030 1033
1031 config CRYPTO_VMAC !! 1034 config CRYPTO_TGR192
1032 tristate "VMAC" !! 1035 tristate "Tiger digest algorithms"
1033 select CRYPTO_HASH 1036 select CRYPTO_HASH
1034 select CRYPTO_MANAGER <<
1035 help 1037 help
1036 VMAC is a message authentication al !! 1038 Tiger hash algorithm 192, 160 and 128-bit hashes
1037 very high speed on 64-bit architect <<
1038 1039
1039 See https://fastcrypto.org/vmac for !! 1040 Tiger is a hash function optimized for 64-bit processors while
>> 1041 still having decent performance on 32-bit processors.
>> 1042 Tiger was developed by Ross Anderson and Eli Biham.
>> 1043
>> 1044 See also:
>> 1045 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
1040 1046
1041 config CRYPTO_WP512 1047 config CRYPTO_WP512
1042 tristate "Whirlpool" !! 1048 tristate "Whirlpool digest algorithms"
1043 select CRYPTO_HASH 1049 select CRYPTO_HASH
1044 help 1050 help
1045 Whirlpool hash function (ISO/IEC 10 !! 1051 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1046 <<
1047 512, 384 and 256-bit hashes. <<
1048 1052
1049 Whirlpool-512 is part of the NESSIE 1053 Whirlpool-512 is part of the NESSIE cryptographic primitives.
>> 1054 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1050 1055
1051 See https://web.archive.org/web/201 !! 1056 See also:
1052 for further information. !! 1057 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1053 1058
1054 config CRYPTO_XCBC !! 1059 config CRYPTO_GHASH_CLMUL_NI_INTEL
1055 tristate "XCBC-MAC (Extended Cipher B !! 1060 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
1056 select CRYPTO_HASH !! 1061 depends on X86 && 64BIT
1057 select CRYPTO_MANAGER !! 1062 select CRYPTO_CRYPTD
1058 help 1063 help
1059 XCBC-MAC (Extended Cipher Block Cha !! 1064 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
1060 Code) (RFC3566) !! 1065 The implementation is accelerated by CLMUL-NI of Intel.
1061 1066
1062 config CRYPTO_XXHASH !! 1067 comment "Ciphers"
1063 tristate "xxHash" !! 1068
1064 select CRYPTO_HASH !! 1069 config CRYPTO_AES
1065 select XXHASH !! 1070 tristate "AES cipher algorithms"
>> 1071 select CRYPTO_ALGAPI
1066 help 1072 help
1067 xxHash non-cryptographic hash algor !! 1073 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1074 algorithm.
1068 1075
1069 Extremely fast, working at speeds c !! 1076 Rijndael appears to be consistently a very good performer in
>> 1077 both hardware and software across a wide range of computing
>> 1078 environments regardless of its use in feedback or non-feedback
>> 1079 modes. Its key setup time is excellent, and its key agility is
>> 1080 good. Rijndael's very low memory requirements make it very well
>> 1081 suited for restricted-space environments, in which it also
>> 1082 demonstrates excellent performance. Rijndael's operations are
>> 1083 among the easiest to defend against power and timing attacks.
1070 1084
1071 Used by the btrfs filesystem. !! 1085 The AES specifies three key sizes: 128, 192 and 256 bits
1072 1086
1073 endmenu !! 1087 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1074 1088
1075 menu "CRCs (cyclic redundancy checks)" !! 1089 config CRYPTO_AES_TI
>> 1090 tristate "Fixed time AES cipher"
>> 1091 select CRYPTO_ALGAPI
>> 1092 help
>> 1093 This is a generic implementation of AES that attempts to eliminate
>> 1094 data dependent latencies as much as possible without affecting
>> 1095 performance too much. It is intended for use by the generic CCM
>> 1096 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
>> 1097 solely on encryption (although decryption is supported as well, but
>> 1098 with a more dramatic performance hit)
1076 1099
1077 config CRYPTO_CRC32C !! 1100 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1078 tristate "CRC32c" !! 1101 8 for decryption), this implementation only uses just two S-boxes of
1079 select CRYPTO_HASH !! 1102 256 bytes each, and attempts to eliminate data dependent latencies by
1080 select CRC32 !! 1103 prefetching the entire table into the cache at the start of each
>> 1104 block. Interrupts are also disabled to avoid races where cachelines
>> 1105 are evicted when the CPU is interrupted to do something else.
>> 1106
>> 1107 config CRYPTO_AES_586
>> 1108 tristate "AES cipher algorithms (i586)"
>> 1109 depends on (X86 || UML_X86) && !64BIT
>> 1110 select CRYPTO_ALGAPI
>> 1111 select CRYPTO_AES
1081 help 1112 help
1082 CRC32c CRC algorithm with the iSCSI !! 1113 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1114 algorithm.
>> 1115
>> 1116 Rijndael appears to be consistently a very good performer in
>> 1117 both hardware and software across a wide range of computing
>> 1118 environments regardless of its use in feedback or non-feedback
>> 1119 modes. Its key setup time is excellent, and its key agility is
>> 1120 good. Rijndael's very low memory requirements make it very well
>> 1121 suited for restricted-space environments, in which it also
>> 1122 demonstrates excellent performance. Rijndael's operations are
>> 1123 among the easiest to defend against power and timing attacks.
1083 1124
1084 A 32-bit CRC (cyclic redundancy che !! 1125 The AES specifies three key sizes: 128, 192 and 256 bits
1085 by G. Castagnoli, S. Braeuer and M. <<
1086 Redundancy-Check Codes with 24 and <<
1087 on Communications, Vol. 41, No. 6, <<
1088 iSCSI. <<
1089 1126
1090 Used by btrfs, ext4, jbd2, NVMeoF/T !! 1127 See <http://csrc.nist.gov/encryption/aes/> for more information.
1091 1128
1092 config CRYPTO_CRC32 !! 1129 config CRYPTO_AES_X86_64
1093 tristate "CRC32" !! 1130 tristate "AES cipher algorithms (x86_64)"
1094 select CRYPTO_HASH !! 1131 depends on (X86 || UML_X86) && 64BIT
1095 select CRC32 !! 1132 select CRYPTO_ALGAPI
>> 1133 select CRYPTO_AES
1096 help 1134 help
1097 CRC32 CRC algorithm (IEEE 802.3) !! 1135 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1136 algorithm.
>> 1137
>> 1138 Rijndael appears to be consistently a very good performer in
>> 1139 both hardware and software across a wide range of computing
>> 1140 environments regardless of its use in feedback or non-feedback
>> 1141 modes. Its key setup time is excellent, and its key agility is
>> 1142 good. Rijndael's very low memory requirements make it very well
>> 1143 suited for restricted-space environments, in which it also
>> 1144 demonstrates excellent performance. Rijndael's operations are
>> 1145 among the easiest to defend against power and timing attacks.
1098 1146
1099 Used by RoCEv2 and f2fs. !! 1147 The AES specifies three key sizes: 128, 192 and 256 bits
1100 1148
1101 config CRYPTO_CRCT10DIF !! 1149 See <http://csrc.nist.gov/encryption/aes/> for more information.
1102 tristate "CRCT10DIF" !! 1150
1103 select CRYPTO_HASH !! 1151 config CRYPTO_AES_NI_INTEL
>> 1152 tristate "AES cipher algorithms (AES-NI)"
>> 1153 depends on X86
>> 1154 select CRYPTO_AEAD
>> 1155 select CRYPTO_AES_X86_64 if 64BIT
>> 1156 select CRYPTO_AES_586 if !64BIT
>> 1157 select CRYPTO_ALGAPI
>> 1158 select CRYPTO_BLKCIPHER
>> 1159 select CRYPTO_GLUE_HELPER_X86 if 64BIT
>> 1160 select CRYPTO_SIMD
1104 help 1161 help
1105 CRC16 CRC algorithm used for the T1 !! 1162 Use Intel AES-NI instructions for AES algorithm.
1106 1163
1107 CRC algorithm used by the SCSI Bloc !! 1164 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1165 algorithm.
1108 1166
1109 config CRYPTO_CRC64_ROCKSOFT !! 1167 Rijndael appears to be consistently a very good performer in
1110 tristate "CRC64 based on Rocksoft Mod !! 1168 both hardware and software across a wide range of computing
1111 depends on CRC64 !! 1169 environments regardless of its use in feedback or non-feedback
1112 select CRYPTO_HASH !! 1170 modes. Its key setup time is excellent, and its key agility is
>> 1171 good. Rijndael's very low memory requirements make it very well
>> 1172 suited for restricted-space environments, in which it also
>> 1173 demonstrates excellent performance. Rijndael's operations are
>> 1174 among the easiest to defend against power and timing attacks.
>> 1175
>> 1176 The AES specifies three key sizes: 128, 192 and 256 bits
>> 1177
>> 1178 See <http://csrc.nist.gov/encryption/aes/> for more information.
>> 1179
>> 1180 In addition to AES cipher algorithm support, the acceleration
>> 1181 for some popular block cipher mode is supported too, including
>> 1182 ECB, CBC, LRW, XTS. The 64 bit version has additional
>> 1183 acceleration for CTR.
>> 1184
>> 1185 config CRYPTO_AES_SPARC64
>> 1186 tristate "AES cipher algorithms (SPARC64)"
>> 1187 depends on SPARC64
>> 1188 select CRYPTO_CRYPTD
>> 1189 select CRYPTO_ALGAPI
>> 1190 help
>> 1191 Use SPARC64 crypto opcodes for AES algorithm.
>> 1192
>> 1193 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1194 algorithm.
>> 1195
>> 1196 Rijndael appears to be consistently a very good performer in
>> 1197 both hardware and software across a wide range of computing
>> 1198 environments regardless of its use in feedback or non-feedback
>> 1199 modes. Its key setup time is excellent, and its key agility is
>> 1200 good. Rijndael's very low memory requirements make it very well
>> 1201 suited for restricted-space environments, in which it also
>> 1202 demonstrates excellent performance. Rijndael's operations are
>> 1203 among the easiest to defend against power and timing attacks.
>> 1204
>> 1205 The AES specifies three key sizes: 128, 192 and 256 bits
>> 1206
>> 1207 See <http://csrc.nist.gov/encryption/aes/> for more information.
>> 1208
>> 1209 In addition to AES cipher algorithm support, the acceleration
>> 1210 for some popular block cipher mode is supported too, including
>> 1211 ECB and CBC.
>> 1212
>> 1213 config CRYPTO_AES_PPC_SPE
>> 1214 tristate "AES cipher algorithms (PPC SPE)"
>> 1215 depends on PPC && SPE
>> 1216 help
>> 1217 AES cipher algorithms (FIPS-197). Additionally the acceleration
>> 1218 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
>> 1219 This module should only be used for low power (router) devices
>> 1220 without hardware AES acceleration (e.g. caam crypto). It reduces the
>> 1221 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
>> 1222 timining attacks. Nevertheless it might be not as secure as other
>> 1223 architecture specific assembler implementations that work on 1KB
>> 1224 tables or 256 bytes S-boxes.
>> 1225
>> 1226 config CRYPTO_ANUBIS
>> 1227 tristate "Anubis cipher algorithm"
>> 1228 select CRYPTO_ALGAPI
>> 1229 help
>> 1230 Anubis cipher algorithm.
>> 1231
>> 1232 Anubis is a variable key length cipher which can use keys from
>> 1233 128 bits to 320 bits in length. It was evaluated as a entrant
>> 1234 in the NESSIE competition.
>> 1235
>> 1236 See also:
>> 1237 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
>> 1238 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
>> 1239
>> 1240 config CRYPTO_LIB_ARC4
>> 1241 tristate
>> 1242
>> 1243 config CRYPTO_ARC4
>> 1244 tristate "ARC4 cipher algorithm"
>> 1245 select CRYPTO_BLKCIPHER
>> 1246 select CRYPTO_LIB_ARC4
>> 1247 help
>> 1248 ARC4 cipher algorithm.
>> 1249
>> 1250 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
>> 1251 bits in length. This algorithm is required for driver-based
>> 1252 WEP, but it should not be for other purposes because of the
>> 1253 weakness of the algorithm.
>> 1254
>> 1255 config CRYPTO_BLOWFISH
>> 1256 tristate "Blowfish cipher algorithm"
>> 1257 select CRYPTO_ALGAPI
>> 1258 select CRYPTO_BLOWFISH_COMMON
>> 1259 help
>> 1260 Blowfish cipher algorithm, by Bruce Schneier.
>> 1261
>> 1262 This is a variable key length cipher which can use keys from 32
>> 1263 bits to 448 bits in length. It's fast, simple and specifically
>> 1264 designed for use on "large microprocessors".
>> 1265
>> 1266 See also:
>> 1267 <http://www.schneier.com/blowfish.html>
>> 1268
>> 1269 config CRYPTO_BLOWFISH_COMMON
>> 1270 tristate
>> 1271 help
>> 1272 Common parts of the Blowfish cipher algorithm shared by the
>> 1273 generic c and the assembler implementations.
>> 1274
>> 1275 See also:
>> 1276 <http://www.schneier.com/blowfish.html>
>> 1277
>> 1278 config CRYPTO_BLOWFISH_X86_64
>> 1279 tristate "Blowfish cipher algorithm (x86_64)"
>> 1280 depends on X86 && 64BIT
>> 1281 select CRYPTO_BLKCIPHER
>> 1282 select CRYPTO_BLOWFISH_COMMON
>> 1283 help
>> 1284 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
>> 1285
>> 1286 This is a variable key length cipher which can use keys from 32
>> 1287 bits to 448 bits in length. It's fast, simple and specifically
>> 1288 designed for use on "large microprocessors".
>> 1289
>> 1290 See also:
>> 1291 <http://www.schneier.com/blowfish.html>
>> 1292
>> 1293 config CRYPTO_CAMELLIA
>> 1294 tristate "Camellia cipher algorithms"
>> 1295 depends on CRYPTO
>> 1296 select CRYPTO_ALGAPI
>> 1297 help
>> 1298 Camellia cipher algorithms module.
>> 1299
>> 1300 Camellia is a symmetric key block cipher developed jointly
>> 1301 at NTT and Mitsubishi Electric Corporation.
>> 1302
>> 1303 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1304
>> 1305 See also:
>> 1306 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1307
>> 1308 config CRYPTO_CAMELLIA_X86_64
>> 1309 tristate "Camellia cipher algorithm (x86_64)"
>> 1310 depends on X86 && 64BIT
>> 1311 depends on CRYPTO
>> 1312 select CRYPTO_BLKCIPHER
>> 1313 select CRYPTO_GLUE_HELPER_X86
>> 1314 help
>> 1315 Camellia cipher algorithm module (x86_64).
>> 1316
>> 1317 Camellia is a symmetric key block cipher developed jointly
>> 1318 at NTT and Mitsubishi Electric Corporation.
>> 1319
>> 1320 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1321
>> 1322 See also:
>> 1323 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1324
>> 1325 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1326 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
>> 1327 depends on X86 && 64BIT
>> 1328 depends on CRYPTO
>> 1329 select CRYPTO_BLKCIPHER
>> 1330 select CRYPTO_CAMELLIA_X86_64
>> 1331 select CRYPTO_GLUE_HELPER_X86
>> 1332 select CRYPTO_SIMD
>> 1333 select CRYPTO_XTS
>> 1334 help
>> 1335 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
>> 1336
>> 1337 Camellia is a symmetric key block cipher developed jointly
>> 1338 at NTT and Mitsubishi Electric Corporation.
>> 1339
>> 1340 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1341
>> 1342 See also:
>> 1343 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1344
>> 1345 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
>> 1346 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
>> 1347 depends on X86 && 64BIT
>> 1348 depends on CRYPTO
>> 1349 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1350 help
>> 1351 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
>> 1352
>> 1353 Camellia is a symmetric key block cipher developed jointly
>> 1354 at NTT and Mitsubishi Electric Corporation.
>> 1355
>> 1356 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1357
>> 1358 See also:
>> 1359 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1360
>> 1361 config CRYPTO_CAMELLIA_SPARC64
>> 1362 tristate "Camellia cipher algorithm (SPARC64)"
>> 1363 depends on SPARC64
>> 1364 depends on CRYPTO
>> 1365 select CRYPTO_ALGAPI
>> 1366 help
>> 1367 Camellia cipher algorithm module (SPARC64).
>> 1368
>> 1369 Camellia is a symmetric key block cipher developed jointly
>> 1370 at NTT and Mitsubishi Electric Corporation.
>> 1371
>> 1372 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1373
>> 1374 See also:
>> 1375 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1376
>> 1377 config CRYPTO_CAST_COMMON
>> 1378 tristate
>> 1379 help
>> 1380 Common parts of the CAST cipher algorithms shared by the
>> 1381 generic c and the assembler implementations.
>> 1382
>> 1383 config CRYPTO_CAST5
>> 1384 tristate "CAST5 (CAST-128) cipher algorithm"
>> 1385 select CRYPTO_ALGAPI
>> 1386 select CRYPTO_CAST_COMMON
>> 1387 help
>> 1388 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1389 described in RFC2144.
>> 1390
>> 1391 config CRYPTO_CAST5_AVX_X86_64
>> 1392 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
>> 1393 depends on X86 && 64BIT
>> 1394 select CRYPTO_BLKCIPHER
>> 1395 select CRYPTO_CAST5
>> 1396 select CRYPTO_CAST_COMMON
>> 1397 select CRYPTO_SIMD
>> 1398 help
>> 1399 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1400 described in RFC2144.
>> 1401
>> 1402 This module provides the Cast5 cipher algorithm that processes
>> 1403 sixteen blocks parallel using the AVX instruction set.
>> 1404
>> 1405 config CRYPTO_CAST6
>> 1406 tristate "CAST6 (CAST-256) cipher algorithm"
>> 1407 select CRYPTO_ALGAPI
>> 1408 select CRYPTO_CAST_COMMON
>> 1409 help
>> 1410 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1411 described in RFC2612.
>> 1412
>> 1413 config CRYPTO_CAST6_AVX_X86_64
>> 1414 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
>> 1415 depends on X86 && 64BIT
>> 1416 select CRYPTO_BLKCIPHER
>> 1417 select CRYPTO_CAST6
>> 1418 select CRYPTO_CAST_COMMON
>> 1419 select CRYPTO_GLUE_HELPER_X86
>> 1420 select CRYPTO_SIMD
>> 1421 select CRYPTO_XTS
>> 1422 help
>> 1423 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1424 described in RFC2612.
>> 1425
>> 1426 This module provides the Cast6 cipher algorithm that processes
>> 1427 eight blocks parallel using the AVX instruction set.
>> 1428
>> 1429 config CRYPTO_DES
>> 1430 tristate "DES and Triple DES EDE cipher algorithms"
>> 1431 select CRYPTO_ALGAPI
>> 1432 help
>> 1433 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
>> 1434
>> 1435 config CRYPTO_DES_SPARC64
>> 1436 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
>> 1437 depends on SPARC64
>> 1438 select CRYPTO_ALGAPI
>> 1439 select CRYPTO_DES
>> 1440 help
>> 1441 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
>> 1442 optimized using SPARC64 crypto opcodes.
>> 1443
>> 1444 config CRYPTO_DES3_EDE_X86_64
>> 1445 tristate "Triple DES EDE cipher algorithm (x86-64)"
>> 1446 depends on X86 && 64BIT
>> 1447 select CRYPTO_BLKCIPHER
>> 1448 select CRYPTO_DES
>> 1449 help
>> 1450 Triple DES EDE (FIPS 46-3) algorithm.
>> 1451
>> 1452 This module provides implementation of the Triple DES EDE cipher
>> 1453 algorithm that is optimized for x86-64 processors. Two versions of
>> 1454 algorithm are provided; regular processing one input block and
>> 1455 one that processes three blocks parallel.
>> 1456
>> 1457 config CRYPTO_FCRYPT
>> 1458 tristate "FCrypt cipher algorithm"
>> 1459 select CRYPTO_ALGAPI
>> 1460 select CRYPTO_BLKCIPHER
>> 1461 help
>> 1462 FCrypt algorithm used by RxRPC.
>> 1463
>> 1464 config CRYPTO_KHAZAD
>> 1465 tristate "Khazad cipher algorithm"
>> 1466 select CRYPTO_ALGAPI
>> 1467 help
>> 1468 Khazad cipher algorithm.
>> 1469
>> 1470 Khazad was a finalist in the initial NESSIE competition. It is
>> 1471 an algorithm optimized for 64-bit processors with good performance
>> 1472 on 32-bit processors. Khazad uses an 128 bit key size.
>> 1473
>> 1474 See also:
>> 1475 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
>> 1476
>> 1477 config CRYPTO_SALSA20
>> 1478 tristate "Salsa20 stream cipher algorithm"
>> 1479 select CRYPTO_BLKCIPHER
>> 1480 help
>> 1481 Salsa20 stream cipher algorithm.
>> 1482
>> 1483 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
>> 1484 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
>> 1485
>> 1486 The Salsa20 stream cipher algorithm is designed by Daniel J.
>> 1487 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
>> 1488
>> 1489 config CRYPTO_CHACHA20
>> 1490 tristate "ChaCha stream cipher algorithms"
>> 1491 select CRYPTO_BLKCIPHER
>> 1492 help
>> 1493 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
>> 1494
>> 1495 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
>> 1496 Bernstein and further specified in RFC7539 for use in IETF protocols.
>> 1497 This is the portable C implementation of ChaCha20. See also:
>> 1498 <http://cr.yp.to/chacha/chacha-20080128.pdf>
>> 1499
>> 1500 XChaCha20 is the application of the XSalsa20 construction to ChaCha20
>> 1501 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
>> 1502 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
>> 1503 while provably retaining ChaCha20's security. See also:
>> 1504 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
>> 1505
>> 1506 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
>> 1507 reduced security margin but increased performance. It can be needed
>> 1508 in some performance-sensitive scenarios.
>> 1509
>> 1510 config CRYPTO_CHACHA20_X86_64
>> 1511 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
>> 1512 depends on X86 && 64BIT
>> 1513 select CRYPTO_BLKCIPHER
>> 1514 select CRYPTO_CHACHA20
>> 1515 help
>> 1516 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
>> 1517 XChaCha20, and XChaCha12 stream ciphers.
>> 1518
>> 1519 config CRYPTO_SEED
>> 1520 tristate "SEED cipher algorithm"
>> 1521 select CRYPTO_ALGAPI
>> 1522 help
>> 1523 SEED cipher algorithm (RFC4269).
>> 1524
>> 1525 SEED is a 128-bit symmetric key block cipher that has been
>> 1526 developed by KISA (Korea Information Security Agency) as a
>> 1527 national standard encryption algorithm of the Republic of Korea.
>> 1528 It is a 16 round block cipher with the key size of 128 bit.
>> 1529
>> 1530 See also:
>> 1531 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
>> 1532
>> 1533 config CRYPTO_SERPENT
>> 1534 tristate "Serpent cipher algorithm"
>> 1535 select CRYPTO_ALGAPI
>> 1536 help
>> 1537 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1538
>> 1539 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1540 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
>> 1541 variant of Serpent for compatibility with old kerneli.org code.
>> 1542
>> 1543 See also:
>> 1544 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1545
>> 1546 config CRYPTO_SERPENT_SSE2_X86_64
>> 1547 tristate "Serpent cipher algorithm (x86_64/SSE2)"
>> 1548 depends on X86 && 64BIT
>> 1549 select CRYPTO_BLKCIPHER
>> 1550 select CRYPTO_GLUE_HELPER_X86
>> 1551 select CRYPTO_SERPENT
>> 1552 select CRYPTO_SIMD
>> 1553 help
>> 1554 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1555
>> 1556 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1557 of 8 bits.
>> 1558
>> 1559 This module provides Serpent cipher algorithm that processes eight
>> 1560 blocks parallel using SSE2 instruction set.
>> 1561
>> 1562 See also:
>> 1563 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1564
>> 1565 config CRYPTO_SERPENT_SSE2_586
>> 1566 tristate "Serpent cipher algorithm (i586/SSE2)"
>> 1567 depends on X86 && !64BIT
>> 1568 select CRYPTO_BLKCIPHER
>> 1569 select CRYPTO_GLUE_HELPER_X86
>> 1570 select CRYPTO_SERPENT
>> 1571 select CRYPTO_SIMD
>> 1572 help
>> 1573 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1574
>> 1575 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1576 of 8 bits.
>> 1577
>> 1578 This module provides Serpent cipher algorithm that processes four
>> 1579 blocks parallel using SSE2 instruction set.
>> 1580
>> 1581 See also:
>> 1582 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1583
>> 1584 config CRYPTO_SERPENT_AVX_X86_64
>> 1585 tristate "Serpent cipher algorithm (x86_64/AVX)"
>> 1586 depends on X86 && 64BIT
>> 1587 select CRYPTO_BLKCIPHER
>> 1588 select CRYPTO_GLUE_HELPER_X86
>> 1589 select CRYPTO_SERPENT
>> 1590 select CRYPTO_SIMD
>> 1591 select CRYPTO_XTS
>> 1592 help
>> 1593 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1594
>> 1595 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1596 of 8 bits.
>> 1597
>> 1598 This module provides the Serpent cipher algorithm that processes
>> 1599 eight blocks parallel using the AVX instruction set.
>> 1600
>> 1601 See also:
>> 1602 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1603
>> 1604 config CRYPTO_SERPENT_AVX2_X86_64
>> 1605 tristate "Serpent cipher algorithm (x86_64/AVX2)"
>> 1606 depends on X86 && 64BIT
>> 1607 select CRYPTO_SERPENT_AVX_X86_64
>> 1608 help
>> 1609 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1610
>> 1611 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1612 of 8 bits.
>> 1613
>> 1614 This module provides Serpent cipher algorithm that processes 16
>> 1615 blocks parallel using AVX2 instruction set.
>> 1616
>> 1617 See also:
>> 1618 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1619
>> 1620 config CRYPTO_SM4
>> 1621 tristate "SM4 cipher algorithm"
>> 1622 select CRYPTO_ALGAPI
>> 1623 help
>> 1624 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
>> 1625
>> 1626 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
>> 1627 Organization of State Commercial Administration of China (OSCCA)
>> 1628 as an authorized cryptographic algorithms for the use within China.
>> 1629
>> 1630 SMS4 was originally created for use in protecting wireless
>> 1631 networks, and is mandated in the Chinese National Standard for
>> 1632 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
>> 1633 (GB.15629.11-2003).
>> 1634
>> 1635 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
>> 1636 standardized through TC 260 of the Standardization Administration
>> 1637 of the People's Republic of China (SAC).
>> 1638
>> 1639 The input, output, and key of SMS4 are each 128 bits.
>> 1640
>> 1641 See also: <https://eprint.iacr.org/2008/329.pdf>
>> 1642
>> 1643 If unsure, say N.
>> 1644
>> 1645 config CRYPTO_TEA
>> 1646 tristate "TEA, XTEA and XETA cipher algorithms"
>> 1647 select CRYPTO_ALGAPI
1113 help 1648 help
1114 CRC64 CRC algorithm based on the Ro !! 1649 TEA cipher algorithm.
1115 1650
1116 Used by the NVMe implementation of !! 1651 Tiny Encryption Algorithm is a simple cipher that uses
>> 1652 many rounds for security. It is very fast and uses
>> 1653 little memory.
>> 1654
>> 1655 Xtendend Tiny Encryption Algorithm is a modification to
>> 1656 the TEA algorithm to address a potential key weakness
>> 1657 in the TEA algorithm.
>> 1658
>> 1659 Xtendend Encryption Tiny Algorithm is a mis-implementation
>> 1660 of the XTEA algorithm for compatibility purposes.
1117 1661
1118 See https://zlib.net/crc_v3.txt !! 1662 config CRYPTO_TWOFISH
>> 1663 tristate "Twofish cipher algorithm"
>> 1664 select CRYPTO_ALGAPI
>> 1665 select CRYPTO_TWOFISH_COMMON
>> 1666 help
>> 1667 Twofish cipher algorithm.
1119 1668
1120 endmenu !! 1669 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1670 candidate cipher by researchers at CounterPane Systems. It is a
>> 1671 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1672 bits.
>> 1673
>> 1674 See also:
>> 1675 <http://www.schneier.com/twofish.html>
>> 1676
>> 1677 config CRYPTO_TWOFISH_COMMON
>> 1678 tristate
>> 1679 help
>> 1680 Common parts of the Twofish cipher algorithm shared by the
>> 1681 generic c and the assembler implementations.
>> 1682
>> 1683 config CRYPTO_TWOFISH_586
>> 1684 tristate "Twofish cipher algorithms (i586)"
>> 1685 depends on (X86 || UML_X86) && !64BIT
>> 1686 select CRYPTO_ALGAPI
>> 1687 select CRYPTO_TWOFISH_COMMON
>> 1688 help
>> 1689 Twofish cipher algorithm.
>> 1690
>> 1691 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1692 candidate cipher by researchers at CounterPane Systems. It is a
>> 1693 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1694 bits.
>> 1695
>> 1696 See also:
>> 1697 <http://www.schneier.com/twofish.html>
>> 1698
>> 1699 config CRYPTO_TWOFISH_X86_64
>> 1700 tristate "Twofish cipher algorithm (x86_64)"
>> 1701 depends on (X86 || UML_X86) && 64BIT
>> 1702 select CRYPTO_ALGAPI
>> 1703 select CRYPTO_TWOFISH_COMMON
>> 1704 help
>> 1705 Twofish cipher algorithm (x86_64).
>> 1706
>> 1707 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1708 candidate cipher by researchers at CounterPane Systems. It is a
>> 1709 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1710 bits.
1121 1711
1122 menu "Compression" !! 1712 See also:
>> 1713 <http://www.schneier.com/twofish.html>
>> 1714
>> 1715 config CRYPTO_TWOFISH_X86_64_3WAY
>> 1716 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
>> 1717 depends on X86 && 64BIT
>> 1718 select CRYPTO_BLKCIPHER
>> 1719 select CRYPTO_TWOFISH_COMMON
>> 1720 select CRYPTO_TWOFISH_X86_64
>> 1721 select CRYPTO_GLUE_HELPER_X86
>> 1722 help
>> 1723 Twofish cipher algorithm (x86_64, 3-way parallel).
>> 1724
>> 1725 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1726 candidate cipher by researchers at CounterPane Systems. It is a
>> 1727 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1728 bits.
>> 1729
>> 1730 This module provides Twofish cipher algorithm that processes three
>> 1731 blocks parallel, utilizing resources of out-of-order CPUs better.
>> 1732
>> 1733 See also:
>> 1734 <http://www.schneier.com/twofish.html>
>> 1735
>> 1736 config CRYPTO_TWOFISH_AVX_X86_64
>> 1737 tristate "Twofish cipher algorithm (x86_64/AVX)"
>> 1738 depends on X86 && 64BIT
>> 1739 select CRYPTO_BLKCIPHER
>> 1740 select CRYPTO_GLUE_HELPER_X86
>> 1741 select CRYPTO_SIMD
>> 1742 select CRYPTO_TWOFISH_COMMON
>> 1743 select CRYPTO_TWOFISH_X86_64
>> 1744 select CRYPTO_TWOFISH_X86_64_3WAY
>> 1745 help
>> 1746 Twofish cipher algorithm (x86_64/AVX).
>> 1747
>> 1748 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1749 candidate cipher by researchers at CounterPane Systems. It is a
>> 1750 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1751 bits.
>> 1752
>> 1753 This module provides the Twofish cipher algorithm that processes
>> 1754 eight blocks parallel using the AVX Instruction Set.
>> 1755
>> 1756 See also:
>> 1757 <http://www.schneier.com/twofish.html>
>> 1758
>> 1759 comment "Compression"
1123 1760
1124 config CRYPTO_DEFLATE 1761 config CRYPTO_DEFLATE
1125 tristate "Deflate" !! 1762 tristate "Deflate compression algorithm"
1126 select CRYPTO_ALGAPI 1763 select CRYPTO_ALGAPI
1127 select CRYPTO_ACOMP2 1764 select CRYPTO_ACOMP2
1128 select ZLIB_INFLATE 1765 select ZLIB_INFLATE
1129 select ZLIB_DEFLATE 1766 select ZLIB_DEFLATE
1130 help 1767 help
1131 Deflate compression algorithm (RFC1 !! 1768 This is the Deflate algorithm (RFC1951), specified for use in
>> 1769 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1132 1770
1133 Used by IPSec with the IPCOMP proto !! 1771 You will most probably want this if using IPSec.
1134 1772
1135 config CRYPTO_LZO 1773 config CRYPTO_LZO
1136 tristate "LZO" !! 1774 tristate "LZO compression algorithm"
1137 select CRYPTO_ALGAPI 1775 select CRYPTO_ALGAPI
1138 select CRYPTO_ACOMP2 1776 select CRYPTO_ACOMP2
1139 select LZO_COMPRESS 1777 select LZO_COMPRESS
1140 select LZO_DECOMPRESS 1778 select LZO_DECOMPRESS
1141 help 1779 help
1142 LZO compression algorithm !! 1780 This is the LZO algorithm.
1143 <<
1144 See https://www.oberhumer.com/opens <<
1145 1781
1146 config CRYPTO_842 1782 config CRYPTO_842
1147 tristate "842" !! 1783 tristate "842 compression algorithm"
1148 select CRYPTO_ALGAPI 1784 select CRYPTO_ALGAPI
1149 select CRYPTO_ACOMP2 1785 select CRYPTO_ACOMP2
1150 select 842_COMPRESS 1786 select 842_COMPRESS
1151 select 842_DECOMPRESS 1787 select 842_DECOMPRESS
1152 help 1788 help
1153 842 compression algorithm by IBM !! 1789 This is the 842 algorithm.
1154 <<
1155 See https://github.com/plauth/lib84 <<
1156 1790
1157 config CRYPTO_LZ4 1791 config CRYPTO_LZ4
1158 tristate "LZ4" !! 1792 tristate "LZ4 compression algorithm"
1159 select CRYPTO_ALGAPI 1793 select CRYPTO_ALGAPI
1160 select CRYPTO_ACOMP2 1794 select CRYPTO_ACOMP2
1161 select LZ4_COMPRESS 1795 select LZ4_COMPRESS
1162 select LZ4_DECOMPRESS 1796 select LZ4_DECOMPRESS
1163 help 1797 help
1164 LZ4 compression algorithm !! 1798 This is the LZ4 algorithm.
1165 <<
1166 See https://github.com/lz4/lz4 for <<
1167 1799
1168 config CRYPTO_LZ4HC 1800 config CRYPTO_LZ4HC
1169 tristate "LZ4HC" !! 1801 tristate "LZ4HC compression algorithm"
1170 select CRYPTO_ALGAPI 1802 select CRYPTO_ALGAPI
1171 select CRYPTO_ACOMP2 1803 select CRYPTO_ACOMP2
1172 select LZ4HC_COMPRESS 1804 select LZ4HC_COMPRESS
1173 select LZ4_DECOMPRESS 1805 select LZ4_DECOMPRESS
1174 help 1806 help
1175 LZ4 high compression mode algorithm !! 1807 This is the LZ4 high compression mode algorithm.
1176 <<
1177 See https://github.com/lz4/lz4 for <<
1178 1808
1179 config CRYPTO_ZSTD 1809 config CRYPTO_ZSTD
1180 tristate "Zstd" !! 1810 tristate "Zstd compression algorithm"
1181 select CRYPTO_ALGAPI 1811 select CRYPTO_ALGAPI
1182 select CRYPTO_ACOMP2 1812 select CRYPTO_ACOMP2
1183 select ZSTD_COMPRESS 1813 select ZSTD_COMPRESS
1184 select ZSTD_DECOMPRESS 1814 select ZSTD_DECOMPRESS
1185 help 1815 help
1186 zstd compression algorithm !! 1816 This is the zstd algorithm.
1187 1817
1188 See https://github.com/facebook/zst !! 1818 comment "Random Number Generation"
1189 <<
1190 endmenu <<
1191 <<
1192 menu "Random number generation" <<
1193 1819
1194 config CRYPTO_ANSI_CPRNG 1820 config CRYPTO_ANSI_CPRNG
1195 tristate "ANSI PRNG (Pseudo Random Nu !! 1821 tristate "Pseudo Random Number Generation for Cryptographic modules"
1196 select CRYPTO_AES 1822 select CRYPTO_AES
1197 select CRYPTO_RNG 1823 select CRYPTO_RNG
1198 help 1824 help
1199 Pseudo RNG (random number generator !! 1825 This option enables the generic pseudo random number generator
1200 !! 1826 for cryptographic modules. Uses the Algorithm specified in
1201 This uses the AES cipher algorithm. !! 1827 ANSI X9.31 A.2.4. Note that this option must be enabled if
1202 !! 1828 CRYPTO_FIPS is selected
1203 Note that this option must be enabl <<
1204 1829
1205 menuconfig CRYPTO_DRBG_MENU 1830 menuconfig CRYPTO_DRBG_MENU
1206 tristate "NIST SP800-90A DRBG (Determ !! 1831 tristate "NIST SP800-90A DRBG"
1207 help 1832 help
1208 DRBG (Deterministic Random Bit Gene !! 1833 NIST SP800-90A compliant DRBG. In the following submenu, one or
1209 !! 1834 more of the DRBG types must be selected.
1210 In the following submenu, one or mo <<
1211 1835
1212 if CRYPTO_DRBG_MENU 1836 if CRYPTO_DRBG_MENU
1213 1837
1214 config CRYPTO_DRBG_HMAC 1838 config CRYPTO_DRBG_HMAC
1215 bool 1839 bool
1216 default y 1840 default y
1217 select CRYPTO_HMAC 1841 select CRYPTO_HMAC
1218 select CRYPTO_SHA512 !! 1842 select CRYPTO_SHA256
1219 1843
1220 config CRYPTO_DRBG_HASH 1844 config CRYPTO_DRBG_HASH
1221 bool "Hash_DRBG" !! 1845 bool "Enable Hash DRBG"
1222 select CRYPTO_SHA256 1846 select CRYPTO_SHA256
1223 help 1847 help
1224 Hash_DRBG variant as defined in NIS !! 1848 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1225 <<
1226 This uses the SHA-1, SHA-256, SHA-3 <<
1227 1849
1228 config CRYPTO_DRBG_CTR 1850 config CRYPTO_DRBG_CTR
1229 bool "CTR_DRBG" !! 1851 bool "Enable CTR DRBG"
1230 select CRYPTO_AES 1852 select CRYPTO_AES
1231 select CRYPTO_CTR !! 1853 depends on CRYPTO_CTR
1232 help 1854 help
1233 CTR_DRBG variant as defined in NIST !! 1855 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1234 <<
1235 This uses the AES cipher algorithm <<
1236 1856
1237 config CRYPTO_DRBG 1857 config CRYPTO_DRBG
1238 tristate 1858 tristate
1239 default CRYPTO_DRBG_MENU 1859 default CRYPTO_DRBG_MENU
1240 select CRYPTO_RNG 1860 select CRYPTO_RNG
1241 select CRYPTO_JITTERENTROPY 1861 select CRYPTO_JITTERENTROPY
1242 1862
1243 endif # if CRYPTO_DRBG_MENU 1863 endif # if CRYPTO_DRBG_MENU
1244 1864
1245 config CRYPTO_JITTERENTROPY 1865 config CRYPTO_JITTERENTROPY
1246 tristate "CPU Jitter Non-Deterministi !! 1866 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1247 select CRYPTO_RNG 1867 select CRYPTO_RNG
1248 select CRYPTO_SHA3 <<
1249 help 1868 help
1250 CPU Jitter RNG (Random Number Gener !! 1869 The Jitterentropy RNG is a noise that is intended
1251 !! 1870 to provide seed to another RNG. The RNG does not
1252 A non-physical non-deterministic (" !! 1871 perform any cryptographic whitening of the generated
1253 compliant with NIST SP800-90B) inte !! 1872 random numbers. This Jitterentropy RNG registers with
1254 deterministic RNG (e.g., per NIST S !! 1873 the kernel crypto API and can be used by any caller.
1255 This RNG does not perform any crypt <<
1256 random numbers. <<
1257 <<
1258 See https://www.chronox.de/jent/ <<
1259 <<
1260 if CRYPTO_JITTERENTROPY <<
1261 if CRYPTO_FIPS && EXPERT <<
1262 <<
1263 choice <<
1264 prompt "CPU Jitter RNG Memory Size" <<
1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ <<
1266 help <<
1267 The Jitter RNG measures the executi <<
1268 Multiple consecutive memory accesse <<
1269 size fits into a cache (e.g. L1), o <<
1270 to that cache is measured. The clos <<
1271 the less variations are measured an <<
1272 obtained. Thus, if the memory size <<
1273 obtained entropy is less than if th <<
1274 L1 + L2, which in turn is less if t <<
1275 L1 + L2 + L3. Thus, by selecting a <<
1276 the entropy rate produced by the Ji <<
1277 <<
1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 <<
1279 bool "2048 Bytes (default)" <<
1280 <<
1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1282 bool "128 kBytes" <<
1283 <<
1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1285 bool "1024 kBytes" <<
1286 <<
1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 <<
1288 bool "8192 kBytes" <<
1289 endchoice <<
1290 <<
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1292 int <<
1293 default 64 if CRYPTO_JITTERENTROPY_ME <<
1294 default 512 if CRYPTO_JITTERENTROPY_M <<
1295 default 1024 if CRYPTO_JITTERENTROPY_ <<
1296 default 4096 if CRYPTO_JITTERENTROPY_ <<
1297 <<
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1299 int <<
1300 default 32 if CRYPTO_JITTERENTROPY_ME <<
1301 default 256 if CRYPTO_JITTERENTROPY_M <<
1302 default 1024 if CRYPTO_JITTERENTROPY_ <<
1303 default 2048 if CRYPTO_JITTERENTROPY_ <<
1304 <<
1305 config CRYPTO_JITTERENTROPY_OSR <<
1306 int "CPU Jitter RNG Oversampling Rate <<
1307 range 1 15 <<
1308 default 3 <<
1309 help <<
1310 The Jitter RNG allows the specifica <<
1311 The Jitter RNG operation requires a <<
1312 measurements to produce one output <<
1313 OSR value is multiplied with the am <<
1314 generate one output block. Thus, th <<
1315 by the OSR factor. The oversampling <<
1316 on hardware whose timers deliver li <<
1317 the timer is coarse) by setting the <<
1318 trade-off, however, is that the Jit <<
1319 to generate random numbers. <<
1320 <<
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1322 bool "CPU Jitter RNG Test Interface" <<
1323 help <<
1324 The test interface allows a privile <<
1325 the raw unconditioned high resoluti <<
1326 is collected by the Jitter RNG for <<
1327 this data is used at the same time <<
1328 the Jitter RNG operates in an insec <<
1329 recording is enabled. This interfac <<
1330 intended for testing purposes and i <<
1331 production systems. <<
1332 <<
1333 The raw noise data can be obtained <<
1334 debugfs file. Using the option <<
1335 jitterentropy_testing.boot_raw_hire <<
1336 the first 1000 entropy events since <<
1337 <<
1338 If unsure, select N. <<
1339 <<
1340 endif # if CRYPTO_FIPS && EXPERT <<
1341 <<
1342 if !(CRYPTO_FIPS && EXPERT) <<
1343 <<
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1345 int <<
1346 default 64 <<
1347 <<
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1349 int <<
1350 default 32 <<
1351 <<
1352 config CRYPTO_JITTERENTROPY_OSR <<
1353 int <<
1354 default 1 <<
1355 <<
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1357 bool <<
1358 <<
1359 endif # if !(CRYPTO_FIPS && EXPERT) <<
1360 endif # if CRYPTO_JITTERENTROPY <<
1361 <<
1362 config CRYPTO_KDF800108_CTR <<
1363 tristate <<
1364 select CRYPTO_HMAC <<
1365 select CRYPTO_SHA256 <<
1366 <<
1367 endmenu <<
1368 menu "Userspace interface" <<
1369 1874
1370 config CRYPTO_USER_API 1875 config CRYPTO_USER_API
1371 tristate 1876 tristate
1372 1877
1373 config CRYPTO_USER_API_HASH 1878 config CRYPTO_USER_API_HASH
1374 tristate "Hash algorithms" !! 1879 tristate "User-space interface for hash algorithms"
1375 depends on NET 1880 depends on NET
1376 select CRYPTO_HASH 1881 select CRYPTO_HASH
1377 select CRYPTO_USER_API 1882 select CRYPTO_USER_API
1378 help 1883 help
1379 Enable the userspace interface for !! 1884 This option enables the user-spaces interface for hash
1380 !! 1885 algorithms.
1381 See Documentation/crypto/userspace- <<
1382 https://www.chronox.de/libkcapi/htm <<
1383 1886
1384 config CRYPTO_USER_API_SKCIPHER 1887 config CRYPTO_USER_API_SKCIPHER
1385 tristate "Symmetric key cipher algori !! 1888 tristate "User-space interface for symmetric key cipher algorithms"
1386 depends on NET 1889 depends on NET
1387 select CRYPTO_SKCIPHER !! 1890 select CRYPTO_BLKCIPHER
1388 select CRYPTO_USER_API 1891 select CRYPTO_USER_API
1389 help 1892 help
1390 Enable the userspace interface for !! 1893 This option enables the user-spaces interface for symmetric
1391 !! 1894 key cipher algorithms.
1392 See Documentation/crypto/userspace- <<
1393 https://www.chronox.de/libkcapi/htm <<
1394 1895
1395 config CRYPTO_USER_API_RNG 1896 config CRYPTO_USER_API_RNG
1396 tristate "RNG (random number generato !! 1897 tristate "User-space interface for random number generator algorithms"
1397 depends on NET 1898 depends on NET
1398 select CRYPTO_RNG 1899 select CRYPTO_RNG
1399 select CRYPTO_USER_API 1900 select CRYPTO_USER_API
1400 help 1901 help
1401 Enable the userspace interface for !! 1902 This option enables the user-spaces interface for random
1402 algorithms. !! 1903 number generator algorithms.
1403 <<
1404 See Documentation/crypto/userspace- <<
1405 https://www.chronox.de/libkcapi/htm <<
1406 <<
1407 config CRYPTO_USER_API_RNG_CAVP <<
1408 bool "Enable CAVP testing of DRBG" <<
1409 depends on CRYPTO_USER_API_RNG && CRY <<
1410 help <<
1411 Enable extra APIs in the userspace <<
1412 (Cryptographic Algorithm Validation <<
1413 - resetting DRBG entropy <<
1414 - providing Additional Data <<
1415 <<
1416 This should only be enabled for CAV <<
1417 no unless you know what this is. <<
1418 1904
1419 config CRYPTO_USER_API_AEAD 1905 config CRYPTO_USER_API_AEAD
1420 tristate "AEAD cipher algorithms" !! 1906 tristate "User-space interface for AEAD cipher algorithms"
1421 depends on NET 1907 depends on NET
1422 select CRYPTO_AEAD 1908 select CRYPTO_AEAD
1423 select CRYPTO_SKCIPHER !! 1909 select CRYPTO_BLKCIPHER
1424 select CRYPTO_NULL 1910 select CRYPTO_NULL
1425 select CRYPTO_USER_API 1911 select CRYPTO_USER_API
1426 help 1912 help
1427 Enable the userspace interface for !! 1913 This option enables the user-spaces interface for AEAD
>> 1914 cipher algorithms.
1428 1915
1429 See Documentation/crypto/userspace- !! 1916 config CRYPTO_STATS
1430 https://www.chronox.de/libkcapi/htm !! 1917 bool "Crypto usage statistics for User-space"
1431 !! 1918 depends on CRYPTO_USER
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE !! 1919 help
1433 bool "Obsolete cryptographic algorith !! 1920 This option enables the gathering of crypto stats.
1434 depends on CRYPTO_USER_API !! 1921 This will collect:
1435 default y !! 1922 - encrypt/decrypt size and numbers of symmeric operations
1436 help !! 1923 - compress/decompress size and numbers of compress operations
1437 Allow obsolete cryptographic algori !! 1924 - size and numbers of hash operations
1438 already been phased out from intern !! 1925 - encrypt/decrypt/sign/verify numbers for asymmetric operations
1439 only useful for userspace clients t !! 1926 - generate/seed numbers for rng operations
1440 <<
1441 endmenu <<
1442 1927
1443 config CRYPTO_HASH_INFO 1928 config CRYPTO_HASH_INFO
1444 bool 1929 bool
1445 <<
1446 if !KMSAN # avoid false positives from assemb <<
1447 if ARM <<
1448 source "arch/arm/crypto/Kconfig" <<
1449 endif <<
1450 if ARM64 <<
1451 source "arch/arm64/crypto/Kconfig" <<
1452 endif <<
1453 if LOONGARCH <<
1454 source "arch/loongarch/crypto/Kconfig" <<
1455 endif <<
1456 if MIPS <<
1457 source "arch/mips/crypto/Kconfig" <<
1458 endif <<
1459 if PPC <<
1460 source "arch/powerpc/crypto/Kconfig" <<
1461 endif <<
1462 if RISCV <<
1463 source "arch/riscv/crypto/Kconfig" <<
1464 endif <<
1465 if S390 <<
1466 source "arch/s390/crypto/Kconfig" <<
1467 endif <<
1468 if SPARC <<
1469 source "arch/sparc/crypto/Kconfig" <<
1470 endif <<
1471 if X86 <<
1472 source "arch/x86/crypto/Kconfig" <<
1473 endif <<
1474 endif <<
1475 1930
1476 source "drivers/crypto/Kconfig" 1931 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig" 1932 source "crypto/asymmetric_keys/Kconfig"
1478 source "certs/Kconfig" 1933 source "certs/Kconfig"
1479 1934
1480 endif # if CRYPTO 1935 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.