1 # SPDX-License-Identifier: GPL-2.0 <<
2 # <<
3 # Generic algorithms support <<
4 # <<
5 config XOR_BLOCKS <<
6 tristate <<
7 <<
8 # <<
9 # async_tx api: hardware offloaded memory tran <<
10 # <<
11 source "crypto/async_tx/Kconfig" <<
12 <<
13 # 1 #
14 # Cryptographic API Configuration 2 # Cryptographic API Configuration
15 # 3 #
16 menuconfig CRYPTO <<
17 tristate "Cryptographic API" <<
18 select CRYPTO_LIB_UTILS <<
19 help <<
20 This option provides the core Crypto <<
21 <<
22 if CRYPTO <<
23 <<
24 menu "Crypto core or helper" <<
25 <<
26 config CRYPTO_FIPS <<
27 bool "FIPS 200 compliance" <<
28 depends on (CRYPTO_ANSI_CPRNG || CRYPT <<
29 depends on (MODULE_SIG || !MODULES) <<
30 help <<
31 This option enables the fips boot op <<
32 required if you want the system to o <<
33 certification. You should say no un <<
34 this is. <<
35 <<
36 config CRYPTO_FIPS_NAME <<
37 string "FIPS Module Name" <<
38 default "Linux Kernel Cryptographic AP <<
39 depends on CRYPTO_FIPS <<
40 help <<
41 This option sets the FIPS Module nam <<
42 the /proc/sys/crypto/fips_name file. <<
43 <<
44 config CRYPTO_FIPS_CUSTOM_VERSION <<
45 bool "Use Custom FIPS Module Version" <<
46 depends on CRYPTO_FIPS <<
47 default n <<
48 <<
49 config CRYPTO_FIPS_VERSION <<
50 string "FIPS Module Version" <<
51 default "(none)" <<
52 depends on CRYPTO_FIPS_CUSTOM_VERSION <<
53 help <<
54 This option provides the ability to <<
55 By default the KERNELRELEASE value i <<
56 <<
57 config CRYPTO_ALGAPI <<
58 tristate <<
59 select CRYPTO_ALGAPI2 <<
60 help <<
61 This option provides the API for cry <<
62 <<
63 config CRYPTO_ALGAPI2 <<
64 tristate <<
65 <<
66 config CRYPTO_AEAD <<
67 tristate <<
68 select CRYPTO_AEAD2 <<
69 select CRYPTO_ALGAPI <<
70 <<
71 config CRYPTO_AEAD2 <<
72 tristate <<
73 select CRYPTO_ALGAPI2 <<
74 <<
75 config CRYPTO_SIG <<
76 tristate <<
77 select CRYPTO_SIG2 <<
78 select CRYPTO_ALGAPI <<
79 <<
80 config CRYPTO_SIG2 <<
81 tristate <<
82 select CRYPTO_ALGAPI2 <<
83 <<
84 config CRYPTO_SKCIPHER <<
85 tristate <<
86 select CRYPTO_SKCIPHER2 <<
87 select CRYPTO_ALGAPI <<
88 select CRYPTO_ECB <<
89 <<
90 config CRYPTO_SKCIPHER2 <<
91 tristate <<
92 select CRYPTO_ALGAPI2 <<
93 <<
94 config CRYPTO_HASH <<
95 tristate <<
96 select CRYPTO_HASH2 <<
97 select CRYPTO_ALGAPI <<
98 <<
99 config CRYPTO_HASH2 <<
100 tristate <<
101 select CRYPTO_ALGAPI2 <<
102 <<
103 config CRYPTO_RNG <<
104 tristate <<
105 select CRYPTO_RNG2 <<
106 select CRYPTO_ALGAPI <<
107 <<
108 config CRYPTO_RNG2 <<
109 tristate <<
110 select CRYPTO_ALGAPI2 <<
111 <<
112 config CRYPTO_RNG_DEFAULT <<
113 tristate <<
114 select CRYPTO_DRBG_MENU <<
115 <<
116 config CRYPTO_AKCIPHER2 <<
117 tristate <<
118 select CRYPTO_ALGAPI2 <<
119 <<
120 config CRYPTO_AKCIPHER <<
121 tristate <<
122 select CRYPTO_AKCIPHER2 <<
123 select CRYPTO_ALGAPI <<
124 <<
125 config CRYPTO_KPP2 <<
126 tristate <<
127 select CRYPTO_ALGAPI2 <<
128 <<
129 config CRYPTO_KPP <<
130 tristate <<
131 select CRYPTO_ALGAPI <<
132 select CRYPTO_KPP2 <<
133 <<
134 config CRYPTO_ACOMP2 <<
135 tristate <<
136 select CRYPTO_ALGAPI2 <<
137 select SGL_ALLOC <<
138 <<
139 config CRYPTO_ACOMP <<
140 tristate <<
141 select CRYPTO_ALGAPI <<
142 select CRYPTO_ACOMP2 <<
143 <<
144 config CRYPTO_MANAGER <<
145 tristate "Cryptographic algorithm mana <<
146 select CRYPTO_MANAGER2 <<
147 help <<
148 Create default cryptographic templat <<
149 cbc(aes). <<
150 4
151 config CRYPTO_MANAGER2 !! 5 menu "Cryptographic options"
152 def_tristate CRYPTO_MANAGER || (CRYPTO <<
153 select CRYPTO_ACOMP2 <<
154 select CRYPTO_AEAD2 <<
155 select CRYPTO_AKCIPHER2 <<
156 select CRYPTO_SIG2 <<
157 select CRYPTO_HASH2 <<
158 select CRYPTO_KPP2 <<
159 select CRYPTO_RNG2 <<
160 select CRYPTO_SKCIPHER2 <<
161 <<
162 config CRYPTO_USER <<
163 tristate "Userspace cryptographic algo <<
164 depends on NET <<
165 select CRYPTO_MANAGER <<
166 help <<
167 Userspace configuration for cryptogr <<
168 cbc(aes). <<
169 6
170 config CRYPTO_MANAGER_DISABLE_TESTS !! 7 config CRYPTO
171 bool "Disable run-time self tests" !! 8 bool "Cryptographic API"
172 default y <<
173 help 9 help
174 Disable run-time self tests that nor !! 10 This option provides the core Cryptographic API.
175 algorithm registration. <<
176 11
177 config CRYPTO_MANAGER_EXTRA_TESTS !! 12 config CRYPTO_HMAC
178 bool "Enable extra run-time crypto sel !! 13 bool "HMAC support"
179 depends on DEBUG_KERNEL && !CRYPTO_MAN !! 14 depends on CRYPTO
180 help 15 help
181 Enable extra run-time self tests of !! 16 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
182 including randomized fuzz tests. !! 17 This is required for IPSec.
183 <<
184 This is intended for developer use o <<
185 longer to run than the normal self t <<
186 18
187 config CRYPTO_NULL 19 config CRYPTO_NULL
188 tristate "Null algorithms" 20 tristate "Null algorithms"
189 select CRYPTO_NULL2 !! 21 depends on CRYPTO
190 help 22 help
191 These are 'Null' algorithms, used by 23 These are 'Null' algorithms, used by IPsec, which do nothing.
192 24
193 config CRYPTO_NULL2 !! 25 config CRYPTO_MD4
194 tristate !! 26 tristate "MD4 digest algorithm"
195 select CRYPTO_ALGAPI2 !! 27 depends on CRYPTO
196 select CRYPTO_SKCIPHER2 <<
197 select CRYPTO_HASH2 <<
198 <<
199 config CRYPTO_PCRYPT <<
200 tristate "Parallel crypto engine" <<
201 depends on SMP <<
202 select PADATA <<
203 select CRYPTO_MANAGER <<
204 select CRYPTO_AEAD <<
205 help <<
206 This converts an arbitrary crypto al <<
207 algorithm that executes in kernel th <<
208 <<
209 config CRYPTO_CRYPTD <<
210 tristate "Software async crypto daemon <<
211 select CRYPTO_SKCIPHER <<
212 select CRYPTO_HASH <<
213 select CRYPTO_MANAGER <<
214 help <<
215 This is a generic software asynchron <<
216 converts an arbitrary synchronous so <<
217 into an asynchronous algorithm that <<
218 <<
219 config CRYPTO_AUTHENC <<
220 tristate "Authenc support" <<
221 select CRYPTO_AEAD <<
222 select CRYPTO_SKCIPHER <<
223 select CRYPTO_MANAGER <<
224 select CRYPTO_HASH <<
225 select CRYPTO_NULL <<
226 help <<
227 Authenc: Combined mode wrapper for I <<
228 <<
229 This is required for IPSec ESP (XFRM <<
230 <<
231 config CRYPTO_TEST <<
232 tristate "Testing module" <<
233 depends on m || EXPERT <<
234 select CRYPTO_MANAGER <<
235 help <<
236 Quick & dirty crypto test module. <<
237 <<
238 config CRYPTO_SIMD <<
239 tristate <<
240 select CRYPTO_CRYPTD <<
241 <<
242 config CRYPTO_ENGINE <<
243 tristate <<
244 <<
245 endmenu <<
246 <<
247 menu "Public-key cryptography" <<
248 <<
249 config CRYPTO_RSA <<
250 tristate "RSA (Rivest-Shamir-Adleman)" <<
251 select CRYPTO_AKCIPHER <<
252 select CRYPTO_MANAGER <<
253 select MPILIB <<
254 select ASN1 <<
255 help <<
256 RSA (Rivest-Shamir-Adleman) public k <<
257 <<
258 config CRYPTO_DH <<
259 tristate "DH (Diffie-Hellman)" <<
260 select CRYPTO_KPP <<
261 select MPILIB <<
262 help <<
263 DH (Diffie-Hellman) key exchange alg <<
264 <<
265 config CRYPTO_DH_RFC7919_GROUPS <<
266 bool "RFC 7919 FFDHE groups" <<
267 depends on CRYPTO_DH <<
268 select CRYPTO_RNG_DEFAULT <<
269 help <<
270 FFDHE (Finite-Field-based Diffie-Hel <<
271 defined in RFC7919. <<
272 <<
273 Support these finite-field groups in <<
274 - ffdhe2048, ffdhe3072, ffdhe4096, f <<
275 <<
276 If unsure, say N. <<
277 <<
278 config CRYPTO_ECC <<
279 tristate <<
280 select CRYPTO_RNG_DEFAULT <<
281 <<
282 config CRYPTO_ECDH <<
283 tristate "ECDH (Elliptic Curve Diffie- <<
284 select CRYPTO_ECC <<
285 select CRYPTO_KPP <<
286 help 28 help
287 ECDH (Elliptic Curve Diffie-Hellman) !! 29 MD4 message digest algorithm (RFC1320).
288 using curves P-192, P-256, and P-384 <<
289 30
290 config CRYPTO_ECDSA !! 31 config CRYPTO_MD5
291 tristate "ECDSA (Elliptic Curve Digita !! 32 tristate "MD5 digest algorithm"
292 select CRYPTO_ECC !! 33 depends on CRYPTO
293 select CRYPTO_AKCIPHER <<
294 select ASN1 <<
295 help <<
296 ECDSA (Elliptic Curve Digital Signat <<
297 ISO/IEC 14888-3) <<
298 using curves P-192, P-256, and P-384 <<
299 <<
300 Only signature verification is imple <<
301 <<
302 config CRYPTO_ECRDSA <<
303 tristate "EC-RDSA (Elliptic Curve Russ <<
304 select CRYPTO_ECC <<
305 select CRYPTO_AKCIPHER <<
306 select CRYPTO_STREEBOG <<
307 select OID_REGISTRY <<
308 select ASN1 <<
309 help 34 help
310 Elliptic Curve Russian Digital Signa !! 35 MD5 message digest algorithm (RFC1321).
311 RFC 7091, ISO/IEC 14888-3) <<
312 <<
313 One of the Russian cryptographic sta <<
314 algorithms). Only signature verifica <<
315 36
316 config CRYPTO_CURVE25519 !! 37 config CRYPTO_SHA1
317 tristate "Curve25519" !! 38 tristate "SHA1 digest algorithm"
318 select CRYPTO_KPP !! 39 depends on CRYPTO
319 select CRYPTO_LIB_CURVE25519_GENERIC <<
320 help 40 help
321 Curve25519 elliptic curve (RFC7748) !! 41 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
322 <<
323 endmenu <<
324 42
325 menu "Block ciphers" !! 43 config CRYPTO_SHA256
326 !! 44 tristate "SHA256 digest algorithm"
327 config CRYPTO_AES !! 45 depends on CRYPTO
328 tristate "AES (Advanced Encryption Sta <<
329 select CRYPTO_ALGAPI <<
330 select CRYPTO_LIB_AES <<
331 help 46 help
332 AES cipher algorithms (Rijndael)(FIP !! 47 SHA256 secure hash standard (DFIPS 180-2).
>> 48
>> 49 This version of SHA implements a 256 bit hash with 128 bits of
>> 50 security against collision attacks.
333 51
334 Rijndael appears to be consistently !! 52 config CRYPTO_SHA512
335 both hardware and software across a !! 53 tristate "SHA384 and SHA512 digest algorithms"
336 environments regardless of its use i !! 54 depends on CRYPTO
337 modes. Its key setup time is excelle <<
338 good. Rijndael's very low memory req <<
339 suited for restricted-space environm <<
340 demonstrates excellent performance. <<
341 among the easiest to defend against <<
342 <<
343 The AES specifies three key sizes: 1 <<
344 <<
345 config CRYPTO_AES_TI <<
346 tristate "AES (Advanced Encryption Sta <<
347 select CRYPTO_ALGAPI <<
348 select CRYPTO_LIB_AES <<
349 help 55 help
350 AES cipher algorithms (Rijndael)(FIP !! 56 SHA512 secure hash standard (DFIPS 180-2).
>> 57
>> 58 This version of SHA implements a 512 bit hash with 256 bits of
>> 59 security against collision attacks.
351 60
352 This is a generic implementation of !! 61 This code also includes SHA-384, a 384 bit hash with 192 bits
353 data dependent latencies as much as !! 62 of security against collision attacks.
354 performance too much. It is intended <<
355 and GCM drivers, and other CTR or CM <<
356 solely on encryption (although decry <<
357 with a more dramatic performance hit <<
358 <<
359 Instead of using 16 lookup tables of <<
360 8 for decryption), this implementati <<
361 256 bytes each, and attempts to elim <<
362 prefetching the entire table into th <<
363 block. Interrupts are also disabled <<
364 are evicted when the CPU is interrup <<
365 <<
366 config CRYPTO_ANUBIS <<
367 tristate "Anubis" <<
368 depends on CRYPTO_USER_API_ENABLE_OBSO <<
369 select CRYPTO_ALGAPI <<
370 help <<
371 Anubis cipher algorithm <<
372 63
373 Anubis is a variable key length ciph !! 64 config CRYPTO_DES
374 128 bits to 320 bits in length. It !! 65 tristate "DES and Triple DES EDE cipher algorithms"
375 in the NESSIE competition. !! 66 depends on CRYPTO
376 <<
377 See https://web.archive.org/web/2016 <<
378 for further information. <<
379 <<
380 config CRYPTO_ARIA <<
381 tristate "ARIA" <<
382 select CRYPTO_ALGAPI <<
383 help 67 help
384 ARIA cipher algorithm (RFC5794) !! 68 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
385 <<
386 ARIA is a standard encryption algori <<
387 The ARIA specifies three key sizes a <<
388 128-bit: 12 rounds. <<
389 192-bit: 14 rounds. <<
390 256-bit: 16 rounds. <<
391 <<
392 See: <<
393 https://seed.kisa.or.kr/kisa/algorit <<
394 69
395 config CRYPTO_BLOWFISH 70 config CRYPTO_BLOWFISH
396 tristate "Blowfish" !! 71 tristate "Blowfish cipher algorithm"
397 select CRYPTO_ALGAPI !! 72 depends on CRYPTO
398 select CRYPTO_BLOWFISH_COMMON <<
399 help 73 help
400 Blowfish cipher algorithm, by Bruce !! 74 Blowfish cipher algorithm, by Bruce Schneier.
401 !! 75
402 This is a variable key length cipher 76 This is a variable key length cipher which can use keys from 32
403 bits to 448 bits in length. It's fa 77 bits to 448 bits in length. It's fast, simple and specifically
404 designed for use on "large microproc 78 designed for use on "large microprocessors".
405 !! 79
406 See https://www.schneier.com/blowfis !! 80 See also:
407 !! 81 http://www.schneier.com/blowfish.html
408 config CRYPTO_BLOWFISH_COMMON <<
409 tristate <<
410 help <<
411 Common parts of the Blowfish cipher <<
412 generic c and the assembler implemen <<
413 <<
414 config CRYPTO_CAMELLIA <<
415 tristate "Camellia" <<
416 select CRYPTO_ALGAPI <<
417 help <<
418 Camellia cipher algorithms (ISO/IEC <<
419 <<
420 Camellia is a symmetric key block ci <<
421 at NTT and Mitsubishi Electric Corpo <<
422 <<
423 The Camellia specifies three key siz <<
424 <<
425 See https://info.isl.ntt.co.jp/crypt <<
426 <<
427 config CRYPTO_CAST_COMMON <<
428 tristate <<
429 help <<
430 Common parts of the CAST cipher algo <<
431 generic c and the assembler implemen <<
432 <<
433 config CRYPTO_CAST5 <<
434 tristate "CAST5 (CAST-128)" <<
435 select CRYPTO_ALGAPI <<
436 select CRYPTO_CAST_COMMON <<
437 help <<
438 CAST5 (CAST-128) cipher algorithm (R <<
439 <<
440 config CRYPTO_CAST6 <<
441 tristate "CAST6 (CAST-256)" <<
442 select CRYPTO_ALGAPI <<
443 select CRYPTO_CAST_COMMON <<
444 help <<
445 CAST6 (CAST-256) encryption algorith <<
446 <<
447 config CRYPTO_DES <<
448 tristate "DES and Triple DES EDE" <<
449 select CRYPTO_ALGAPI <<
450 select CRYPTO_LIB_DES <<
451 help <<
452 DES (Data Encryption Standard)(FIPS <<
453 Triple DES EDE (Encrypt/Decrypt/Encr <<
454 cipher algorithms <<
455 <<
456 config CRYPTO_FCRYPT <<
457 tristate "FCrypt" <<
458 select CRYPTO_ALGAPI <<
459 select CRYPTO_SKCIPHER <<
460 help <<
461 FCrypt algorithm used by RxRPC <<
462 <<
463 See https://ota.polyonymo.us/fcrypt- <<
464 <<
465 config CRYPTO_KHAZAD <<
466 tristate "Khazad" <<
467 depends on CRYPTO_USER_API_ENABLE_OBSO <<
468 select CRYPTO_ALGAPI <<
469 help <<
470 Khazad cipher algorithm <<
471 <<
472 Khazad was a finalist in the initial <<
473 an algorithm optimized for 64-bit pr <<
474 on 32-bit processors. Khazad uses a <<
475 <<
476 See https://web.archive.org/web/2017 <<
477 for further information. <<
478 <<
479 config CRYPTO_SEED <<
480 tristate "SEED" <<
481 depends on CRYPTO_USER_API_ENABLE_OBSO <<
482 select CRYPTO_ALGAPI <<
483 help <<
484 SEED cipher algorithm (RFC4269, ISO/ <<
485 <<
486 SEED is a 128-bit symmetric key bloc <<
487 developed by KISA (Korea Information <<
488 national standard encryption algorit <<
489 It is a 16 round block cipher with t <<
490 <<
491 See https://seed.kisa.or.kr/kisa/alg <<
492 for further information. <<
493 <<
494 config CRYPTO_SERPENT <<
495 tristate "Serpent" <<
496 select CRYPTO_ALGAPI <<
497 help <<
498 Serpent cipher algorithm, by Anderso <<
499 <<
500 Keys are allowed to be from 0 to 256 <<
501 of 8 bits. <<
502 <<
503 See https://www.cl.cam.ac.uk/~rja14/ <<
504 <<
505 config CRYPTO_SM4 <<
506 tristate <<
507 <<
508 config CRYPTO_SM4_GENERIC <<
509 tristate "SM4 (ShangMi 4)" <<
510 select CRYPTO_ALGAPI <<
511 select CRYPTO_SM4 <<
512 help <<
513 SM4 cipher algorithms (OSCCA GB/T 32 <<
514 ISO/IEC 18033-3:2010/Amd 1:2021) <<
515 <<
516 SM4 (GBT.32907-2016) is a cryptograp <<
517 Organization of State Commercial Adm <<
518 as an authorized cryptographic algor <<
519 <<
520 SMS4 was originally created for use <<
521 networks, and is mandated in the Chi <<
522 Wireless LAN WAPI (Wired Authenticat <<
523 (GB.15629.11-2003). <<
524 <<
525 The latest SM4 standard (GBT.32907-2 <<
526 standardized through TC 260 of the S <<
527 of the People's Republic of China (S <<
528 <<
529 The input, output, and key of SMS4 a <<
530 <<
531 See https://eprint.iacr.org/2008/329 <<
532 <<
533 If unsure, say N. <<
534 <<
535 config CRYPTO_TEA <<
536 tristate "TEA, XTEA and XETA" <<
537 depends on CRYPTO_USER_API_ENABLE_OBSO <<
538 select CRYPTO_ALGAPI <<
539 help <<
540 TEA (Tiny Encryption Algorithm) ciph <<
541 <<
542 Tiny Encryption Algorithm is a simpl <<
543 many rounds for security. It is ver <<
544 little memory. <<
545 <<
546 Xtendend Tiny Encryption Algorithm i <<
547 the TEA algorithm to address a poten <<
548 in the TEA algorithm. <<
549 <<
550 Xtendend Encryption Tiny Algorithm i <<
551 of the XTEA algorithm for compatibil <<
552 82
553 config CRYPTO_TWOFISH 83 config CRYPTO_TWOFISH
554 tristate "Twofish" !! 84 tristate "Twofish cipher algorithm"
555 select CRYPTO_ALGAPI !! 85 depends on CRYPTO
556 select CRYPTO_TWOFISH_COMMON <<
557 help 86 help
558 Twofish cipher algorithm !! 87 Twofish cipher algorithm.
559 !! 88
560 Twofish was submitted as an AES (Adv 89 Twofish was submitted as an AES (Advanced Encryption Standard)
561 candidate cipher by researchers at C 90 candidate cipher by researchers at CounterPane Systems. It is a
562 16 round block cipher supporting key 91 16 round block cipher supporting key sizes of 128, 192, and 256
563 bits. 92 bits.
>> 93
>> 94 See also:
>> 95 http://www.schneier.com/twofish.html
564 96
565 See https://www.schneier.com/twofish !! 97 config CRYPTO_SERPENT
566 !! 98 tristate "Serpent cipher algorithm"
567 config CRYPTO_TWOFISH_COMMON !! 99 depends on CRYPTO
568 tristate <<
569 help <<
570 Common parts of the Twofish cipher a <<
571 generic c and the assembler implemen <<
572 <<
573 endmenu <<
574 <<
575 menu "Length-preserving ciphers and modes" <<
576 <<
577 config CRYPTO_ADIANTUM <<
578 tristate "Adiantum" <<
579 select CRYPTO_CHACHA20 <<
580 select CRYPTO_LIB_POLY1305_GENERIC <<
581 select CRYPTO_NHPOLY1305 <<
582 select CRYPTO_MANAGER <<
583 help <<
584 Adiantum tweakable, length-preservin <<
585 <<
586 Designed for fast and secure disk en <<
587 CPUs without dedicated crypto instru <<
588 each sector using the XChaCha12 stre <<
589 an ε-almost-∆-universal hash func <<
590 the AES-256 block cipher on a single <<
591 without AES instructions, Adiantum i <<
592 AES-XTS. <<
593 <<
594 Adiantum's security is provably redu <<
595 underlying stream and block ciphers, <<
596 bound. Unlike XTS, Adiantum is a tr <<
597 mode, so it actually provides an eve <<
598 security than XTS, subject to the se <<
599 <<
600 If unsure, say N. <<
601 <<
602 config CRYPTO_ARC4 <<
603 tristate "ARC4 (Alleged Rivest Cipher <<
604 depends on CRYPTO_USER_API_ENABLE_OBSO <<
605 select CRYPTO_SKCIPHER <<
606 select CRYPTO_LIB_ARC4 <<
607 help <<
608 ARC4 cipher algorithm <<
609 <<
610 ARC4 is a stream cipher using keys r <<
611 bits in length. This algorithm is r <<
612 WEP, but it should not be for other <<
613 weakness of the algorithm. <<
614 <<
615 config CRYPTO_CHACHA20 <<
616 tristate "ChaCha" <<
617 select CRYPTO_LIB_CHACHA_GENERIC <<
618 select CRYPTO_SKCIPHER <<
619 help <<
620 The ChaCha20, XChaCha20, and XChaCha <<
621 <<
622 ChaCha20 is a 256-bit high-speed str <<
623 Bernstein and further specified in R <<
624 This is the portable C implementatio <<
625 https://cr.yp.to/chacha/chacha-20080 <<
626 <<
627 XChaCha20 is the application of the <<
628 rather than to Salsa20. XChaCha20 e <<
629 from 64 bits (or 96 bits using the R <<
630 while provably retaining ChaCha20's <<
631 https://cr.yp.to/snuffle/xsalsa-2008 <<
632 <<
633 XChaCha12 is XChaCha20 reduced to 12 <<
634 reduced security margin but increase <<
635 in some performance-sensitive scenar <<
636 <<
637 config CRYPTO_CBC <<
638 tristate "CBC (Cipher Block Chaining)" <<
639 select CRYPTO_SKCIPHER <<
640 select CRYPTO_MANAGER <<
641 help <<
642 CBC (Cipher Block Chaining) mode (NI <<
643 <<
644 This block cipher mode is required f <<
645 <<
646 config CRYPTO_CTR <<
647 tristate "CTR (Counter)" <<
648 select CRYPTO_SKCIPHER <<
649 select CRYPTO_MANAGER <<
650 help <<
651 CTR (Counter) mode (NIST SP800-38A) <<
652 <<
653 config CRYPTO_CTS <<
654 tristate "CTS (Cipher Text Stealing)" <<
655 select CRYPTO_SKCIPHER <<
656 select CRYPTO_MANAGER <<
657 help <<
658 CBC-CS3 variant of CTS (Cipher Text <<
659 Addendum to SP800-38A (October 2010) <<
660 <<
661 This mode is required for Kerberos g <<
662 for AES encryption. <<
663 <<
664 config CRYPTO_ECB <<
665 tristate "ECB (Electronic Codebook)" <<
666 select CRYPTO_SKCIPHER2 <<
667 select CRYPTO_MANAGER <<
668 help <<
669 ECB (Electronic Codebook) mode (NIST <<
670 <<
671 config CRYPTO_HCTR2 <<
672 tristate "HCTR2" <<
673 select CRYPTO_XCTR <<
674 select CRYPTO_POLYVAL <<
675 select CRYPTO_MANAGER <<
676 help <<
677 HCTR2 length-preserving encryption m <<
678 <<
679 A mode for storage encryption that i <<
680 instructions to accelerate AES and c <<
681 x86 processors with AES-NI and CLMUL <<
682 ARMv8 crypto extensions. <<
683 <<
684 See https://eprint.iacr.org/2021/144 <<
685 <<
686 config CRYPTO_KEYWRAP <<
687 tristate "KW (AES Key Wrap)" <<
688 select CRYPTO_SKCIPHER <<
689 select CRYPTO_MANAGER <<
690 help <<
691 KW (AES Key Wrap) authenticated encr <<
692 and RFC3394) without padding. <<
693 <<
694 config CRYPTO_LRW <<
695 tristate "LRW (Liskov Rivest Wagner)" <<
696 select CRYPTO_LIB_GF128MUL <<
697 select CRYPTO_SKCIPHER <<
698 select CRYPTO_MANAGER <<
699 select CRYPTO_ECB <<
700 help <<
701 LRW (Liskov Rivest Wagner) mode <<
702 <<
703 A tweakable, non malleable, non mova <<
704 narrow block cipher mode for dm-cryp <<
705 specification string aes-lrw-benbi, <<
706 The first 128, 192 or 256 bits in th <<
707 rest is used to tie each cipher bloc <<
708 <<
709 See https://people.csail.mit.edu/riv <<
710 <<
711 config CRYPTO_PCBC <<
712 tristate "PCBC (Propagating Cipher Blo <<
713 select CRYPTO_SKCIPHER <<
714 select CRYPTO_MANAGER <<
715 help <<
716 PCBC (Propagating Cipher Block Chain <<
717 <<
718 This block cipher mode is required f <<
719 <<
720 config CRYPTO_XCTR <<
721 tristate <<
722 select CRYPTO_SKCIPHER <<
723 select CRYPTO_MANAGER <<
724 help <<
725 XCTR (XOR Counter) mode for HCTR2 <<
726 <<
727 This blockcipher mode is a variant o <<
728 addition rather than big-endian arit <<
729 <<
730 XCTR mode is used to implement HCTR2 <<
731 <<
732 config CRYPTO_XTS <<
733 tristate "XTS (XOR Encrypt XOR with ci <<
734 select CRYPTO_SKCIPHER <<
735 select CRYPTO_MANAGER <<
736 select CRYPTO_ECB <<
737 help <<
738 XTS (XOR Encrypt XOR with ciphertext <<
739 and IEEE 1619) <<
740 <<
741 Use with aes-xts-plain, key size 256 <<
742 implementation currently can't handl <<
743 multiple of 16 bytes. <<
744 <<
745 config CRYPTO_NHPOLY1305 <<
746 tristate <<
747 select CRYPTO_HASH <<
748 select CRYPTO_LIB_POLY1305_GENERIC <<
749 <<
750 endmenu <<
751 <<
752 menu "AEAD (authenticated encryption with asso <<
753 <<
754 config CRYPTO_AEGIS128 <<
755 tristate "AEGIS-128" <<
756 select CRYPTO_AEAD <<
757 select CRYPTO_AES # for AES S-box tab <<
758 help <<
759 AEGIS-128 AEAD algorithm <<
760 <<
761 config CRYPTO_AEGIS128_SIMD <<
762 bool "AEGIS-128 (arm NEON, arm64 NEON) <<
763 depends on CRYPTO_AEGIS128 && ((ARM || <<
764 default y <<
765 help <<
766 AEGIS-128 AEAD algorithm <<
767 <<
768 Architecture: arm or arm64 using: <<
769 - NEON (Advanced SIMD) extension <<
770 <<
771 config CRYPTO_CHACHA20POLY1305 <<
772 tristate "ChaCha20-Poly1305" <<
773 select CRYPTO_CHACHA20 <<
774 select CRYPTO_POLY1305 <<
775 select CRYPTO_AEAD <<
776 select CRYPTO_MANAGER <<
777 help <<
778 ChaCha20 stream cipher and Poly1305 <<
779 mode (RFC8439) <<
780 <<
781 config CRYPTO_CCM <<
782 tristate "CCM (Counter with Cipher Blo <<
783 select CRYPTO_CTR <<
784 select CRYPTO_HASH <<
785 select CRYPTO_AEAD <<
786 select CRYPTO_MANAGER <<
787 help <<
788 CCM (Counter with Cipher Block Chain <<
789 authenticated encryption mode (NIST <<
790 <<
791 config CRYPTO_GCM <<
792 tristate "GCM (Galois/Counter Mode) an <<
793 select CRYPTO_CTR <<
794 select CRYPTO_AEAD <<
795 select CRYPTO_GHASH <<
796 select CRYPTO_NULL <<
797 select CRYPTO_MANAGER <<
798 help <<
799 GCM (Galois/Counter Mode) authentica <<
800 (GCM Message Authentication Code) (N <<
801 <<
802 This is required for IPSec ESP (XFRM <<
803 <<
804 config CRYPTO_GENIV <<
805 tristate <<
806 select CRYPTO_AEAD <<
807 select CRYPTO_NULL <<
808 select CRYPTO_MANAGER <<
809 select CRYPTO_RNG_DEFAULT <<
810 <<
811 config CRYPTO_SEQIV <<
812 tristate "Sequence Number IV Generator <<
813 select CRYPTO_GENIV <<
814 help <<
815 Sequence Number IV generator <<
816 <<
817 This IV generator generates an IV ba <<
818 xoring it with a salt. This algorit <<
819 <<
820 This is required for IPsec ESP (XFRM <<
821 <<
822 config CRYPTO_ECHAINIV <<
823 tristate "Encrypted Chain IV Generator <<
824 select CRYPTO_GENIV <<
825 help <<
826 Encrypted Chain IV generator <<
827 <<
828 This IV generator generates an IV ba <<
829 a sequence number xored with a salt. <<
830 algorithm for CBC. <<
831 <<
832 config CRYPTO_ESSIV <<
833 tristate "Encrypted Salt-Sector IV Gen <<
834 select CRYPTO_AUTHENC <<
835 help <<
836 Encrypted Salt-Sector IV generator <<
837 <<
838 This IV generator is used in some ca <<
839 dm-crypt. It uses the hash of the bl <<
840 symmetric key for a block encryption <<
841 IV, making low entropy IV sources mo <<
842 encryption. <<
843 <<
844 This driver implements a crypto API <<
845 instantiated either as an skcipher o <<
846 type of the first template argument) <<
847 and decryption requests to the encap <<
848 ESSIV to the input IV. Note that in <<
849 that the keys are presented in the s <<
850 template, and that the IV appears at <<
851 associated data (AAD) region (which <<
852 <<
853 Note that the use of ESSIV is not re <<
854 and so this only needs to be enabled <<
855 existing encrypted volumes of filesy <<
856 building for a particular system tha <<
857 the SoC in question has accelerated <<
858 combined with ESSIV the only feasibl <<
859 block encryption) <<
860 <<
861 endmenu <<
862 <<
863 menu "Hashes, digests, and MACs" <<
864 <<
865 config CRYPTO_BLAKE2B <<
866 tristate "BLAKE2b" <<
867 select CRYPTO_HASH <<
868 help <<
869 BLAKE2b cryptographic hash function <<
870 <<
871 BLAKE2b is optimized for 64-bit plat <<
872 of any size between 1 and 64 bytes. <<
873 <<
874 This module provides the following a <<
875 - blake2b-160 <<
876 - blake2b-256 <<
877 - blake2b-384 <<
878 - blake2b-512 <<
879 <<
880 Used by the btrfs filesystem. <<
881 <<
882 See https://blake2.net for further i <<
883 <<
884 config CRYPTO_CMAC <<
885 tristate "CMAC (Cipher-based MAC)" <<
886 select CRYPTO_HASH <<
887 select CRYPTO_MANAGER <<
888 help <<
889 CMAC (Cipher-based Message Authentic <<
890 mode (NIST SP800-38B and IETF RFC449 <<
891 <<
892 config CRYPTO_GHASH <<
893 tristate "GHASH" <<
894 select CRYPTO_HASH <<
895 select CRYPTO_LIB_GF128MUL <<
896 help <<
897 GCM GHASH function (NIST SP800-38D) <<
898 <<
899 config CRYPTO_HMAC <<
900 tristate "HMAC (Keyed-Hash MAC)" <<
901 select CRYPTO_HASH <<
902 select CRYPTO_MANAGER <<
903 help <<
904 HMAC (Keyed-Hash Message Authenticat <<
905 RFC2104) <<
906 <<
907 This is required for IPsec AH (XFRM_ <<
908 <<
909 config CRYPTO_MD4 <<
910 tristate "MD4" <<
911 select CRYPTO_HASH <<
912 help <<
913 MD4 message digest algorithm (RFC132 <<
914 <<
915 config CRYPTO_MD5 <<
916 tristate "MD5" <<
917 select CRYPTO_HASH <<
918 help <<
919 MD5 message digest algorithm (RFC132 <<
920 <<
921 config CRYPTO_MICHAEL_MIC <<
922 tristate "Michael MIC" <<
923 select CRYPTO_HASH <<
924 help <<
925 Michael MIC (Message Integrity Code) <<
926 <<
927 Defined by the IEEE 802.11i TKIP (Te <<
928 known as WPA (Wif-Fi Protected Acces <<
929 <<
930 This algorithm is required for TKIP, <<
931 other purposes because of the weakne <<
932 <<
933 config CRYPTO_POLYVAL <<
934 tristate <<
935 select CRYPTO_HASH <<
936 select CRYPTO_LIB_GF128MUL <<
937 help <<
938 POLYVAL hash function for HCTR2 <<
939 <<
940 This is used in HCTR2. It is not a <<
941 cryptographic hash function. <<
942 <<
943 config CRYPTO_POLY1305 <<
944 tristate "Poly1305" <<
945 select CRYPTO_HASH <<
946 select CRYPTO_LIB_POLY1305_GENERIC <<
947 help <<
948 Poly1305 authenticator algorithm (RF <<
949 <<
950 Poly1305 is an authenticator algorit <<
951 It is used for the ChaCha20-Poly1305 <<
952 in IETF protocols. This is the porta <<
953 <<
954 config CRYPTO_RMD160 <<
955 tristate "RIPEMD-160" <<
956 select CRYPTO_HASH <<
957 help <<
958 RIPEMD-160 hash function (ISO/IEC 10 <<
959 <<
960 RIPEMD-160 is a 160-bit cryptographi <<
961 to be used as a secure replacement f <<
962 MD4, MD5 and its predecessor RIPEMD <<
963 (not to be confused with RIPEMD-128) <<
964 <<
965 Its speed is comparable to SHA-1 and <<
966 against RIPEMD-160. <<
967 <<
968 Developed by Hans Dobbertin, Antoon <<
969 See https://homes.esat.kuleuven.be/~ <<
970 for further information. <<
971 <<
972 config CRYPTO_SHA1 <<
973 tristate "SHA-1" <<
974 select CRYPTO_HASH <<
975 select CRYPTO_LIB_SHA1 <<
976 help <<
977 SHA-1 secure hash algorithm (FIPS 18 <<
978 <<
979 config CRYPTO_SHA256 <<
980 tristate "SHA-224 and SHA-256" <<
981 select CRYPTO_HASH <<
982 select CRYPTO_LIB_SHA256 <<
983 help <<
984 SHA-224 and SHA-256 secure hash algo <<
985 <<
986 This is required for IPsec AH (XFRM_ <<
987 Used by the btrfs filesystem, Ceph, <<
988 <<
989 config CRYPTO_SHA512 <<
990 tristate "SHA-384 and SHA-512" <<
991 select CRYPTO_HASH <<
992 help <<
993 SHA-384 and SHA-512 secure hash algo <<
994 <<
995 config CRYPTO_SHA3 <<
996 tristate "SHA-3" <<
997 select CRYPTO_HASH <<
998 help <<
999 SHA-3 secure hash algorithms (FIPS 2 <<
1000 <<
1001 config CRYPTO_SM3 <<
1002 tristate <<
1003 <<
1004 config CRYPTO_SM3_GENERIC <<
1005 tristate "SM3 (ShangMi 3)" <<
1006 select CRYPTO_HASH <<
1007 select CRYPTO_SM3 <<
1008 help <<
1009 SM3 (ShangMi 3) secure hash functio <<
1010 <<
1011 This is part of the Chinese Commerc <<
1012 <<
1013 References: <<
1014 http://www.oscca.gov.cn/UpFile/2010 <<
1015 https://datatracker.ietf.org/doc/ht <<
1016 <<
1017 config CRYPTO_STREEBOG <<
1018 tristate "Streebog" <<
1019 select CRYPTO_HASH <<
1020 help <<
1021 Streebog Hash Function (GOST R 34.1 <<
1022 <<
1023 This is one of the Russian cryptogr <<
1024 GOST algorithms). This setting enab <<
1025 256 and 512 bits output. <<
1026 <<
1027 References: <<
1028 https://tc26.ru/upload/iblock/fed/f <<
1029 https://tools.ietf.org/html/rfc6986 <<
1030 <<
1031 config CRYPTO_VMAC <<
1032 tristate "VMAC" <<
1033 select CRYPTO_HASH <<
1034 select CRYPTO_MANAGER <<
1035 help <<
1036 VMAC is a message authentication al <<
1037 very high speed on 64-bit architect <<
1038 <<
1039 See https://fastcrypto.org/vmac for <<
1040 <<
1041 config CRYPTO_WP512 <<
1042 tristate "Whirlpool" <<
1043 select CRYPTO_HASH <<
1044 help 100 help
1045 Whirlpool hash function (ISO/IEC 10 !! 101 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1046 <<
1047 512, 384 and 256-bit hashes. <<
1048 102
1049 Whirlpool-512 is part of the NESSIE !! 103 Keys are allowed to be from 0 to 256 bits in length, in steps
1050 !! 104 of 8 bits.
1051 See https://web.archive.org/web/201 <<
1052 for further information. <<
1053 105
1054 config CRYPTO_XCBC !! 106 See also:
1055 tristate "XCBC-MAC (Extended Cipher B !! 107 http://www.cl.cam.ac.uk/~rja14/serpent.html
1056 select CRYPTO_HASH <<
1057 select CRYPTO_MANAGER <<
1058 help <<
1059 XCBC-MAC (Extended Cipher Block Cha <<
1060 Code) (RFC3566) <<
1061 108
1062 config CRYPTO_XXHASH !! 109 config CRYPTO_AES
1063 tristate "xxHash" !! 110 tristate "AES cipher algorithms"
1064 select CRYPTO_HASH !! 111 depends on CRYPTO
1065 select XXHASH <<
1066 help 112 help
1067 xxHash non-cryptographic hash algor !! 113 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1068 !! 114 algorithm.
1069 Extremely fast, working at speeds c <<
1070 <<
1071 Used by the btrfs filesystem. <<
1072 <<
1073 endmenu <<
1074 115
1075 menu "CRCs (cyclic redundancy checks)" !! 116 Rijndael appears to be consistently a very good performer in
>> 117 both hardware and software across a wide range of computing
>> 118 environments regardless of its use in feedback or non-feedback
>> 119 modes. Its key setup time is excellent, and its key agility is
>> 120 good. Rijndael's very low memory requirements make it very well
>> 121 suited for restricted-space environments, in which it also
>> 122 demonstrates excellent performance. Rijndael's operations are
>> 123 among the easiest to defend against power and timing attacks.
1076 124
1077 config CRYPTO_CRC32C !! 125 The AES specifies three key sizes: 128, 192 and 256 bits
1078 tristate "CRC32c" <<
1079 select CRYPTO_HASH <<
1080 select CRC32 <<
1081 help <<
1082 CRC32c CRC algorithm with the iSCSI <<
1083 126
1084 A 32-bit CRC (cyclic redundancy che !! 127 See http://csrc.nist.gov/CryptoToolkit/aes/ for more information.
1085 by G. Castagnoli, S. Braeuer and M. <<
1086 Redundancy-Check Codes with 24 and <<
1087 on Communications, Vol. 41, No. 6, <<
1088 iSCSI. <<
1089 <<
1090 Used by btrfs, ext4, jbd2, NVMeoF/T <<
1091 <<
1092 config CRYPTO_CRC32 <<
1093 tristate "CRC32" <<
1094 select CRYPTO_HASH <<
1095 select CRC32 <<
1096 help <<
1097 CRC32 CRC algorithm (IEEE 802.3) <<
1098 128
1099 Used by RoCEv2 and f2fs. !! 129 config CRYPTO_CAST5
1100 !! 130 tristate "CAST5 (CAST-128) cipher algorithm"
1101 config CRYPTO_CRCT10DIF !! 131 depends on CRYPTO
1102 tristate "CRCT10DIF" <<
1103 select CRYPTO_HASH <<
1104 help 132 help
1105 CRC16 CRC algorithm used for the T1 !! 133 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 134 described in RFC2144.
1106 135
1107 CRC algorithm used by the SCSI Bloc !! 136 config CRYPTO_CAST6
1108 !! 137 tristate "CAST6 (CAST-256) cipher algorithm"
1109 config CRYPTO_CRC64_ROCKSOFT !! 138 depends on CRYPTO
1110 tristate "CRC64 based on Rocksoft Mod <<
1111 depends on CRC64 <<
1112 select CRYPTO_HASH <<
1113 help 139 help
1114 CRC64 CRC algorithm based on the Ro !! 140 The CAST6 encryption algorithm (synonymous with CAST-256) is
1115 !! 141 described in RFC2612.
1116 Used by the NVMe implementation of <<
1117 <<
1118 See https://zlib.net/crc_v3.txt <<
1119 <<
1120 endmenu <<
1121 <<
1122 menu "Compression" <<
1123 142
1124 config CRYPTO_DEFLATE 143 config CRYPTO_DEFLATE
1125 tristate "Deflate" !! 144 tristate "Deflate compression algorithm"
1126 select CRYPTO_ALGAPI !! 145 depends on CRYPTO
1127 select CRYPTO_ACOMP2 <<
1128 select ZLIB_INFLATE 146 select ZLIB_INFLATE
1129 select ZLIB_DEFLATE 147 select ZLIB_DEFLATE
1130 help 148 help
1131 Deflate compression algorithm (RFC1 !! 149 This is the Deflate algorithm (RFC1951), specified for use in
1132 !! 150 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1133 Used by IPSec with the IPCOMP proto !! 151
1134 !! 152 You will most probably want this if using IPSec.
1135 config CRYPTO_LZO <<
1136 tristate "LZO" <<
1137 select CRYPTO_ALGAPI <<
1138 select CRYPTO_ACOMP2 <<
1139 select LZO_COMPRESS <<
1140 select LZO_DECOMPRESS <<
1141 help <<
1142 LZO compression algorithm <<
1143 <<
1144 See https://www.oberhumer.com/opens <<
1145 <<
1146 config CRYPTO_842 <<
1147 tristate "842" <<
1148 select CRYPTO_ALGAPI <<
1149 select CRYPTO_ACOMP2 <<
1150 select 842_COMPRESS <<
1151 select 842_DECOMPRESS <<
1152 help <<
1153 842 compression algorithm by IBM <<
1154 <<
1155 See https://github.com/plauth/lib84 <<
1156 <<
1157 config CRYPTO_LZ4 <<
1158 tristate "LZ4" <<
1159 select CRYPTO_ALGAPI <<
1160 select CRYPTO_ACOMP2 <<
1161 select LZ4_COMPRESS <<
1162 select LZ4_DECOMPRESS <<
1163 help <<
1164 LZ4 compression algorithm <<
1165 <<
1166 See https://github.com/lz4/lz4 for <<
1167 <<
1168 config CRYPTO_LZ4HC <<
1169 tristate "LZ4HC" <<
1170 select CRYPTO_ALGAPI <<
1171 select CRYPTO_ACOMP2 <<
1172 select LZ4HC_COMPRESS <<
1173 select LZ4_DECOMPRESS <<
1174 help <<
1175 LZ4 high compression mode algorithm <<
1176 <<
1177 See https://github.com/lz4/lz4 for <<
1178 <<
1179 config CRYPTO_ZSTD <<
1180 tristate "Zstd" <<
1181 select CRYPTO_ALGAPI <<
1182 select CRYPTO_ACOMP2 <<
1183 select ZSTD_COMPRESS <<
1184 select ZSTD_DECOMPRESS <<
1185 help <<
1186 zstd compression algorithm <<
1187 <<
1188 See https://github.com/facebook/zst <<
1189 <<
1190 endmenu <<
1191 <<
1192 menu "Random number generation" <<
1193 <<
1194 config CRYPTO_ANSI_CPRNG <<
1195 tristate "ANSI PRNG (Pseudo Random Nu <<
1196 select CRYPTO_AES <<
1197 select CRYPTO_RNG <<
1198 help <<
1199 Pseudo RNG (random number generator <<
1200 <<
1201 This uses the AES cipher algorithm. <<
1202 <<
1203 Note that this option must be enabl <<
1204 153
1205 menuconfig CRYPTO_DRBG_MENU !! 154 config CRYPTO_TEST
1206 tristate "NIST SP800-90A DRBG (Determ !! 155 tristate "Testing module"
1207 help !! 156 depends on CRYPTO
1208 DRBG (Deterministic Random Bit Gene <<
1209 <<
1210 In the following submenu, one or mo <<
1211 <<
1212 if CRYPTO_DRBG_MENU <<
1213 <<
1214 config CRYPTO_DRBG_HMAC <<
1215 bool <<
1216 default y <<
1217 select CRYPTO_HMAC <<
1218 select CRYPTO_SHA512 <<
1219 <<
1220 config CRYPTO_DRBG_HASH <<
1221 bool "Hash_DRBG" <<
1222 select CRYPTO_SHA256 <<
1223 help <<
1224 Hash_DRBG variant as defined in NIS <<
1225 <<
1226 This uses the SHA-1, SHA-256, SHA-3 <<
1227 <<
1228 config CRYPTO_DRBG_CTR <<
1229 bool "CTR_DRBG" <<
1230 select CRYPTO_AES <<
1231 select CRYPTO_CTR <<
1232 help <<
1233 CTR_DRBG variant as defined in NIST <<
1234 <<
1235 This uses the AES cipher algorithm <<
1236 <<
1237 config CRYPTO_DRBG <<
1238 tristate <<
1239 default CRYPTO_DRBG_MENU <<
1240 select CRYPTO_RNG <<
1241 select CRYPTO_JITTERENTROPY <<
1242 <<
1243 endif # if CRYPTO_DRBG_MENU <<
1244 <<
1245 config CRYPTO_JITTERENTROPY <<
1246 tristate "CPU Jitter Non-Deterministi <<
1247 select CRYPTO_RNG <<
1248 select CRYPTO_SHA3 <<
1249 help <<
1250 CPU Jitter RNG (Random Number Gener <<
1251 <<
1252 A non-physical non-deterministic (" <<
1253 compliant with NIST SP800-90B) inte <<
1254 deterministic RNG (e.g., per NIST S <<
1255 This RNG does not perform any crypt <<
1256 random numbers. <<
1257 <<
1258 See https://www.chronox.de/jent/ <<
1259 <<
1260 if CRYPTO_JITTERENTROPY <<
1261 if CRYPTO_FIPS && EXPERT <<
1262 <<
1263 choice <<
1264 prompt "CPU Jitter RNG Memory Size" <<
1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ <<
1266 help <<
1267 The Jitter RNG measures the executi <<
1268 Multiple consecutive memory accesse <<
1269 size fits into a cache (e.g. L1), o <<
1270 to that cache is measured. The clos <<
1271 the less variations are measured an <<
1272 obtained. Thus, if the memory size <<
1273 obtained entropy is less than if th <<
1274 L1 + L2, which in turn is less if t <<
1275 L1 + L2 + L3. Thus, by selecting a <<
1276 the entropy rate produced by the Ji <<
1277 <<
1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 <<
1279 bool "2048 Bytes (default)" <<
1280 <<
1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1282 bool "128 kBytes" <<
1283 <<
1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1285 bool "1024 kBytes" <<
1286 <<
1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 <<
1288 bool "8192 kBytes" <<
1289 endchoice <<
1290 <<
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1292 int <<
1293 default 64 if CRYPTO_JITTERENTROPY_ME <<
1294 default 512 if CRYPTO_JITTERENTROPY_M <<
1295 default 1024 if CRYPTO_JITTERENTROPY_ <<
1296 default 4096 if CRYPTO_JITTERENTROPY_ <<
1297 <<
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1299 int <<
1300 default 32 if CRYPTO_JITTERENTROPY_ME <<
1301 default 256 if CRYPTO_JITTERENTROPY_M <<
1302 default 1024 if CRYPTO_JITTERENTROPY_ <<
1303 default 2048 if CRYPTO_JITTERENTROPY_ <<
1304 <<
1305 config CRYPTO_JITTERENTROPY_OSR <<
1306 int "CPU Jitter RNG Oversampling Rate <<
1307 range 1 15 <<
1308 default 3 <<
1309 help <<
1310 The Jitter RNG allows the specifica <<
1311 The Jitter RNG operation requires a <<
1312 measurements to produce one output <<
1313 OSR value is multiplied with the am <<
1314 generate one output block. Thus, th <<
1315 by the OSR factor. The oversampling <<
1316 on hardware whose timers deliver li <<
1317 the timer is coarse) by setting the <<
1318 trade-off, however, is that the Jit <<
1319 to generate random numbers. <<
1320 <<
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1322 bool "CPU Jitter RNG Test Interface" <<
1323 help <<
1324 The test interface allows a privile <<
1325 the raw unconditioned high resoluti <<
1326 is collected by the Jitter RNG for <<
1327 this data is used at the same time <<
1328 the Jitter RNG operates in an insec <<
1329 recording is enabled. This interfac <<
1330 intended for testing purposes and i <<
1331 production systems. <<
1332 <<
1333 The raw noise data can be obtained <<
1334 debugfs file. Using the option <<
1335 jitterentropy_testing.boot_raw_hire <<
1336 the first 1000 entropy events since <<
1337 <<
1338 If unsure, select N. <<
1339 <<
1340 endif # if CRYPTO_FIPS && EXPERT <<
1341 <<
1342 if !(CRYPTO_FIPS && EXPERT) <<
1343 <<
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1345 int <<
1346 default 64 <<
1347 <<
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1349 int <<
1350 default 32 <<
1351 <<
1352 config CRYPTO_JITTERENTROPY_OSR <<
1353 int <<
1354 default 1 <<
1355 <<
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1357 bool <<
1358 <<
1359 endif # if !(CRYPTO_FIPS && EXPERT) <<
1360 endif # if CRYPTO_JITTERENTROPY <<
1361 <<
1362 config CRYPTO_KDF800108_CTR <<
1363 tristate <<
1364 select CRYPTO_HMAC <<
1365 select CRYPTO_SHA256 <<
1366 <<
1367 endmenu <<
1368 menu "Userspace interface" <<
1369 <<
1370 config CRYPTO_USER_API <<
1371 tristate <<
1372 <<
1373 config CRYPTO_USER_API_HASH <<
1374 tristate "Hash algorithms" <<
1375 depends on NET <<
1376 select CRYPTO_HASH <<
1377 select CRYPTO_USER_API <<
1378 help <<
1379 Enable the userspace interface for <<
1380 <<
1381 See Documentation/crypto/userspace- <<
1382 https://www.chronox.de/libkcapi/htm <<
1383 <<
1384 config CRYPTO_USER_API_SKCIPHER <<
1385 tristate "Symmetric key cipher algori <<
1386 depends on NET <<
1387 select CRYPTO_SKCIPHER <<
1388 select CRYPTO_USER_API <<
1389 help <<
1390 Enable the userspace interface for <<
1391 <<
1392 See Documentation/crypto/userspace- <<
1393 https://www.chronox.de/libkcapi/htm <<
1394 <<
1395 config CRYPTO_USER_API_RNG <<
1396 tristate "RNG (random number generato <<
1397 depends on NET <<
1398 select CRYPTO_RNG <<
1399 select CRYPTO_USER_API <<
1400 help <<
1401 Enable the userspace interface for <<
1402 algorithms. <<
1403 <<
1404 See Documentation/crypto/userspace- <<
1405 https://www.chronox.de/libkcapi/htm <<
1406 <<
1407 config CRYPTO_USER_API_RNG_CAVP <<
1408 bool "Enable CAVP testing of DRBG" <<
1409 depends on CRYPTO_USER_API_RNG && CRY <<
1410 help <<
1411 Enable extra APIs in the userspace <<
1412 (Cryptographic Algorithm Validation <<
1413 - resetting DRBG entropy <<
1414 - providing Additional Data <<
1415 <<
1416 This should only be enabled for CAV <<
1417 no unless you know what this is. <<
1418 <<
1419 config CRYPTO_USER_API_AEAD <<
1420 tristate "AEAD cipher algorithms" <<
1421 depends on NET <<
1422 select CRYPTO_AEAD <<
1423 select CRYPTO_SKCIPHER <<
1424 select CRYPTO_NULL <<
1425 select CRYPTO_USER_API <<
1426 help <<
1427 Enable the userspace interface for <<
1428 <<
1429 See Documentation/crypto/userspace- <<
1430 https://www.chronox.de/libkcapi/htm <<
1431 <<
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE <<
1433 bool "Obsolete cryptographic algorith <<
1434 depends on CRYPTO_USER_API <<
1435 default y <<
1436 help 157 help
1437 Allow obsolete cryptographic algori !! 158 Quick & dirty crypto test module.
1438 already been phased out from intern <<
1439 only useful for userspace clients t <<
1440 159
1441 endmenu 160 endmenu
1442 161
1443 config CRYPTO_HASH_INFO <<
1444 bool <<
1445 <<
1446 if !KMSAN # avoid false positives from assemb <<
1447 if ARM <<
1448 source "arch/arm/crypto/Kconfig" <<
1449 endif <<
1450 if ARM64 <<
1451 source "arch/arm64/crypto/Kconfig" <<
1452 endif <<
1453 if LOONGARCH <<
1454 source "arch/loongarch/crypto/Kconfig" <<
1455 endif <<
1456 if MIPS <<
1457 source "arch/mips/crypto/Kconfig" <<
1458 endif <<
1459 if PPC <<
1460 source "arch/powerpc/crypto/Kconfig" <<
1461 endif <<
1462 if RISCV <<
1463 source "arch/riscv/crypto/Kconfig" <<
1464 endif <<
1465 if S390 <<
1466 source "arch/s390/crypto/Kconfig" <<
1467 endif <<
1468 if SPARC <<
1469 source "arch/sparc/crypto/Kconfig" <<
1470 endif <<
1471 if X86 <<
1472 source "arch/x86/crypto/Kconfig" <<
1473 endif <<
1474 endif <<
1475 <<
1476 source "drivers/crypto/Kconfig" <<
1477 source "crypto/asymmetric_keys/Kconfig" <<
1478 source "certs/Kconfig" <<
1479 <<
1480 endif # if CRYPTO <<
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.