1 # SPDX-License-Identifier: GPL-2.0 <<
2 # 1 #
3 # Generic algorithms support 2 # Generic algorithms support
4 # 3 #
5 config XOR_BLOCKS 4 config XOR_BLOCKS
6 tristate 5 tristate
7 6
8 # 7 #
9 # async_tx api: hardware offloaded memory tran 8 # async_tx api: hardware offloaded memory transfer/transform support
10 # 9 #
11 source "crypto/async_tx/Kconfig" 10 source "crypto/async_tx/Kconfig"
12 11
13 # 12 #
14 # Cryptographic API Configuration 13 # Cryptographic API Configuration
15 # 14 #
16 menuconfig CRYPTO 15 menuconfig CRYPTO
17 tristate "Cryptographic API" 16 tristate "Cryptographic API"
18 select CRYPTO_LIB_UTILS <<
19 help 17 help
20 This option provides the core Crypto 18 This option provides the core Cryptographic API.
21 19
22 if CRYPTO 20 if CRYPTO
23 21
24 menu "Crypto core or helper" !! 22 comment "Crypto core or helper"
25 23
26 config CRYPTO_FIPS 24 config CRYPTO_FIPS
27 bool "FIPS 200 compliance" 25 bool "FIPS 200 compliance"
28 depends on (CRYPTO_ANSI_CPRNG || CRYPT 26 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
29 depends on (MODULE_SIG || !MODULES) 27 depends on (MODULE_SIG || !MODULES)
30 help 28 help
31 This option enables the fips boot op !! 29 This options enables the fips boot option which is
32 required if you want the system to o !! 30 required if you want to system to operate in a FIPS 200
33 certification. You should say no un 31 certification. You should say no unless you know what
34 this is. 32 this is.
35 33
36 config CRYPTO_FIPS_NAME <<
37 string "FIPS Module Name" <<
38 default "Linux Kernel Cryptographic AP <<
39 depends on CRYPTO_FIPS <<
40 help <<
41 This option sets the FIPS Module nam <<
42 the /proc/sys/crypto/fips_name file. <<
43 <<
44 config CRYPTO_FIPS_CUSTOM_VERSION <<
45 bool "Use Custom FIPS Module Version" <<
46 depends on CRYPTO_FIPS <<
47 default n <<
48 <<
49 config CRYPTO_FIPS_VERSION <<
50 string "FIPS Module Version" <<
51 default "(none)" <<
52 depends on CRYPTO_FIPS_CUSTOM_VERSION <<
53 help <<
54 This option provides the ability to <<
55 By default the KERNELRELEASE value i <<
56 <<
57 config CRYPTO_ALGAPI 34 config CRYPTO_ALGAPI
58 tristate 35 tristate
59 select CRYPTO_ALGAPI2 36 select CRYPTO_ALGAPI2
60 help 37 help
61 This option provides the API for cry 38 This option provides the API for cryptographic algorithms.
62 39
63 config CRYPTO_ALGAPI2 40 config CRYPTO_ALGAPI2
64 tristate 41 tristate
65 42
66 config CRYPTO_AEAD 43 config CRYPTO_AEAD
67 tristate 44 tristate
68 select CRYPTO_AEAD2 45 select CRYPTO_AEAD2
69 select CRYPTO_ALGAPI 46 select CRYPTO_ALGAPI
70 47
71 config CRYPTO_AEAD2 48 config CRYPTO_AEAD2
72 tristate 49 tristate
73 select CRYPTO_ALGAPI2 50 select CRYPTO_ALGAPI2
>> 51 select CRYPTO_NULL2
>> 52 select CRYPTO_RNG2
74 53
75 config CRYPTO_SIG !! 54 config CRYPTO_BLKCIPHER
76 tristate <<
77 select CRYPTO_SIG2 <<
78 select CRYPTO_ALGAPI <<
79 <<
80 config CRYPTO_SIG2 <<
81 tristate <<
82 select CRYPTO_ALGAPI2 <<
83 <<
84 config CRYPTO_SKCIPHER <<
85 tristate 55 tristate
86 select CRYPTO_SKCIPHER2 !! 56 select CRYPTO_BLKCIPHER2
87 select CRYPTO_ALGAPI 57 select CRYPTO_ALGAPI
88 select CRYPTO_ECB <<
89 58
90 config CRYPTO_SKCIPHER2 !! 59 config CRYPTO_BLKCIPHER2
91 tristate 60 tristate
92 select CRYPTO_ALGAPI2 61 select CRYPTO_ALGAPI2
>> 62 select CRYPTO_RNG2
>> 63 select CRYPTO_WORKQUEUE
93 64
94 config CRYPTO_HASH 65 config CRYPTO_HASH
95 tristate 66 tristate
96 select CRYPTO_HASH2 67 select CRYPTO_HASH2
97 select CRYPTO_ALGAPI 68 select CRYPTO_ALGAPI
98 69
99 config CRYPTO_HASH2 70 config CRYPTO_HASH2
100 tristate 71 tristate
101 select CRYPTO_ALGAPI2 72 select CRYPTO_ALGAPI2
102 73
103 config CRYPTO_RNG 74 config CRYPTO_RNG
104 tristate 75 tristate
105 select CRYPTO_RNG2 76 select CRYPTO_RNG2
106 select CRYPTO_ALGAPI 77 select CRYPTO_ALGAPI
107 78
108 config CRYPTO_RNG2 79 config CRYPTO_RNG2
109 tristate 80 tristate
110 select CRYPTO_ALGAPI2 81 select CRYPTO_ALGAPI2
111 82
112 config CRYPTO_RNG_DEFAULT 83 config CRYPTO_RNG_DEFAULT
113 tristate 84 tristate
114 select CRYPTO_DRBG_MENU 85 select CRYPTO_DRBG_MENU
115 86
116 config CRYPTO_AKCIPHER2 87 config CRYPTO_AKCIPHER2
117 tristate 88 tristate
118 select CRYPTO_ALGAPI2 89 select CRYPTO_ALGAPI2
119 90
120 config CRYPTO_AKCIPHER 91 config CRYPTO_AKCIPHER
121 tristate 92 tristate
122 select CRYPTO_AKCIPHER2 93 select CRYPTO_AKCIPHER2
123 select CRYPTO_ALGAPI 94 select CRYPTO_ALGAPI
124 95
125 config CRYPTO_KPP2 96 config CRYPTO_KPP2
126 tristate 97 tristate
127 select CRYPTO_ALGAPI2 98 select CRYPTO_ALGAPI2
128 99
129 config CRYPTO_KPP 100 config CRYPTO_KPP
130 tristate 101 tristate
131 select CRYPTO_ALGAPI 102 select CRYPTO_ALGAPI
132 select CRYPTO_KPP2 103 select CRYPTO_KPP2
133 104
134 config CRYPTO_ACOMP2 105 config CRYPTO_ACOMP2
135 tristate 106 tristate
136 select CRYPTO_ALGAPI2 107 select CRYPTO_ALGAPI2
137 select SGL_ALLOC <<
138 108
139 config CRYPTO_ACOMP 109 config CRYPTO_ACOMP
140 tristate 110 tristate
141 select CRYPTO_ALGAPI 111 select CRYPTO_ALGAPI
142 select CRYPTO_ACOMP2 112 select CRYPTO_ACOMP2
143 113
>> 114 config CRYPTO_RSA
>> 115 tristate "RSA algorithm"
>> 116 select CRYPTO_AKCIPHER
>> 117 select CRYPTO_MANAGER
>> 118 select MPILIB
>> 119 select ASN1
>> 120 help
>> 121 Generic implementation of the RSA public key algorithm.
>> 122
>> 123 config CRYPTO_DH
>> 124 tristate "Diffie-Hellman algorithm"
>> 125 select CRYPTO_KPP
>> 126 select MPILIB
>> 127 help
>> 128 Generic implementation of the Diffie-Hellman algorithm.
>> 129
>> 130 config CRYPTO_ECDH
>> 131 tristate "ECDH algorithm"
>> 132 select CRYTPO_KPP
>> 133 select CRYPTO_RNG_DEFAULT
>> 134 help
>> 135 Generic implementation of the ECDH algorithm
>> 136
144 config CRYPTO_MANAGER 137 config CRYPTO_MANAGER
145 tristate "Cryptographic algorithm mana 138 tristate "Cryptographic algorithm manager"
146 select CRYPTO_MANAGER2 139 select CRYPTO_MANAGER2
147 help 140 help
148 Create default cryptographic templat 141 Create default cryptographic template instantiations such as
149 cbc(aes). 142 cbc(aes).
150 143
151 config CRYPTO_MANAGER2 144 config CRYPTO_MANAGER2
152 def_tristate CRYPTO_MANAGER || (CRYPTO 145 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153 select CRYPTO_ACOMP2 <<
154 select CRYPTO_AEAD2 146 select CRYPTO_AEAD2
155 select CRYPTO_AKCIPHER2 <<
156 select CRYPTO_SIG2 <<
157 select CRYPTO_HASH2 147 select CRYPTO_HASH2
>> 148 select CRYPTO_BLKCIPHER2
>> 149 select CRYPTO_AKCIPHER2
158 select CRYPTO_KPP2 150 select CRYPTO_KPP2
159 select CRYPTO_RNG2 !! 151 select CRYPTO_ACOMP2
160 select CRYPTO_SKCIPHER2 <<
161 152
162 config CRYPTO_USER 153 config CRYPTO_USER
163 tristate "Userspace cryptographic algo 154 tristate "Userspace cryptographic algorithm configuration"
164 depends on NET 155 depends on NET
165 select CRYPTO_MANAGER 156 select CRYPTO_MANAGER
166 help 157 help
167 Userspace configuration for cryptogr 158 Userspace configuration for cryptographic instantiations such as
168 cbc(aes). 159 cbc(aes).
169 160
170 config CRYPTO_MANAGER_DISABLE_TESTS 161 config CRYPTO_MANAGER_DISABLE_TESTS
171 bool "Disable run-time self tests" 162 bool "Disable run-time self tests"
172 default y 163 default y
>> 164 depends on CRYPTO_MANAGER2
173 help 165 help
174 Disable run-time self tests that nor 166 Disable run-time self tests that normally take place at
175 algorithm registration. 167 algorithm registration.
176 168
177 config CRYPTO_MANAGER_EXTRA_TESTS !! 169 config CRYPTO_GF128MUL
178 bool "Enable extra run-time crypto sel !! 170 tristate "GF(2^128) multiplication functions"
179 depends on DEBUG_KERNEL && !CRYPTO_MAN <<
180 help 171 help
181 Enable extra run-time self tests of !! 172 Efficient table driven implementation of multiplications in the
182 including randomized fuzz tests. !! 173 field GF(2^128). This is needed by some cypher modes. This
183 !! 174 option will be selected automatically if you select such a
184 This is intended for developer use o !! 175 cipher mode. Only select this option by hand if you expect to load
185 longer to run than the normal self t !! 176 an external module that requires these functions.
186 177
187 config CRYPTO_NULL 178 config CRYPTO_NULL
188 tristate "Null algorithms" 179 tristate "Null algorithms"
189 select CRYPTO_NULL2 180 select CRYPTO_NULL2
190 help 181 help
191 These are 'Null' algorithms, used by 182 These are 'Null' algorithms, used by IPsec, which do nothing.
192 183
193 config CRYPTO_NULL2 184 config CRYPTO_NULL2
194 tristate 185 tristate
195 select CRYPTO_ALGAPI2 186 select CRYPTO_ALGAPI2
196 select CRYPTO_SKCIPHER2 !! 187 select CRYPTO_BLKCIPHER2
197 select CRYPTO_HASH2 188 select CRYPTO_HASH2
198 189
199 config CRYPTO_PCRYPT 190 config CRYPTO_PCRYPT
200 tristate "Parallel crypto engine" 191 tristate "Parallel crypto engine"
201 depends on SMP 192 depends on SMP
202 select PADATA 193 select PADATA
203 select CRYPTO_MANAGER 194 select CRYPTO_MANAGER
204 select CRYPTO_AEAD 195 select CRYPTO_AEAD
205 help 196 help
206 This converts an arbitrary crypto al 197 This converts an arbitrary crypto algorithm into a parallel
207 algorithm that executes in kernel th 198 algorithm that executes in kernel threads.
208 199
>> 200 config CRYPTO_WORKQUEUE
>> 201 tristate
>> 202
209 config CRYPTO_CRYPTD 203 config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon 204 tristate "Software async crypto daemon"
211 select CRYPTO_SKCIPHER !! 205 select CRYPTO_BLKCIPHER
212 select CRYPTO_HASH 206 select CRYPTO_HASH
213 select CRYPTO_MANAGER 207 select CRYPTO_MANAGER
>> 208 select CRYPTO_WORKQUEUE
214 help 209 help
215 This is a generic software asynchron 210 This is a generic software asynchronous crypto daemon that
216 converts an arbitrary synchronous so 211 converts an arbitrary synchronous software crypto algorithm
217 into an asynchronous algorithm that 212 into an asynchronous algorithm that executes in a kernel thread.
218 213
>> 214 config CRYPTO_MCRYPTD
>> 215 tristate "Software async multi-buffer crypto daemon"
>> 216 select CRYPTO_BLKCIPHER
>> 217 select CRYPTO_HASH
>> 218 select CRYPTO_MANAGER
>> 219 select CRYPTO_WORKQUEUE
>> 220 help
>> 221 This is a generic software asynchronous crypto daemon that
>> 222 provides the kernel thread to assist multi-buffer crypto
>> 223 algorithms for submitting jobs and flushing jobs in multi-buffer
>> 224 crypto algorithms. Multi-buffer crypto algorithms are executed
>> 225 in the context of this kernel thread and drivers can post
>> 226 their crypto request asynchronously to be processed by this daemon.
>> 227
219 config CRYPTO_AUTHENC 228 config CRYPTO_AUTHENC
220 tristate "Authenc support" 229 tristate "Authenc support"
221 select CRYPTO_AEAD 230 select CRYPTO_AEAD
222 select CRYPTO_SKCIPHER !! 231 select CRYPTO_BLKCIPHER
223 select CRYPTO_MANAGER 232 select CRYPTO_MANAGER
224 select CRYPTO_HASH 233 select CRYPTO_HASH
225 select CRYPTO_NULL 234 select CRYPTO_NULL
226 help 235 help
227 Authenc: Combined mode wrapper for I 236 Authenc: Combined mode wrapper for IPsec.
228 !! 237 This is required for IPSec.
229 This is required for IPSec ESP (XFRM <<
230 238
231 config CRYPTO_TEST 239 config CRYPTO_TEST
232 tristate "Testing module" 240 tristate "Testing module"
233 depends on m || EXPERT !! 241 depends on m
234 select CRYPTO_MANAGER 242 select CRYPTO_MANAGER
235 help 243 help
236 Quick & dirty crypto test module. 244 Quick & dirty crypto test module.
237 245
>> 246 config CRYPTO_ABLK_HELPER
>> 247 tristate
>> 248 select CRYPTO_CRYPTD
>> 249
238 config CRYPTO_SIMD 250 config CRYPTO_SIMD
239 tristate 251 tristate
240 select CRYPTO_CRYPTD 252 select CRYPTO_CRYPTD
241 253
>> 254 config CRYPTO_GLUE_HELPER_X86
>> 255 tristate
>> 256 depends on X86
>> 257 select CRYPTO_BLKCIPHER
>> 258
242 config CRYPTO_ENGINE 259 config CRYPTO_ENGINE
243 tristate 260 tristate
244 261
245 endmenu !! 262 comment "Authenticated Encryption with Associated Data"
246 263
247 menu "Public-key cryptography" !! 264 config CRYPTO_CCM
>> 265 tristate "CCM support"
>> 266 select CRYPTO_CTR
>> 267 select CRYPTO_HASH
>> 268 select CRYPTO_AEAD
>> 269 help
>> 270 Support for Counter with CBC MAC. Required for IPsec.
248 271
249 config CRYPTO_RSA !! 272 config CRYPTO_GCM
250 tristate "RSA (Rivest-Shamir-Adleman)" !! 273 tristate "GCM/GMAC support"
251 select CRYPTO_AKCIPHER !! 274 select CRYPTO_CTR
252 select CRYPTO_MANAGER !! 275 select CRYPTO_AEAD
253 select MPILIB !! 276 select CRYPTO_GHASH
254 select ASN1 !! 277 select CRYPTO_NULL
255 help 278 help
256 RSA (Rivest-Shamir-Adleman) public k !! 279 Support for Galois/Counter Mode (GCM) and Galois Message
>> 280 Authentication Code (GMAC). Required for IPSec.
257 281
258 config CRYPTO_DH !! 282 config CRYPTO_CHACHA20POLY1305
259 tristate "DH (Diffie-Hellman)" !! 283 tristate "ChaCha20-Poly1305 AEAD support"
260 select CRYPTO_KPP !! 284 select CRYPTO_CHACHA20
261 select MPILIB !! 285 select CRYPTO_POLY1305
>> 286 select CRYPTO_AEAD
262 help 287 help
263 DH (Diffie-Hellman) key exchange alg !! 288 ChaCha20-Poly1305 AEAD support, RFC7539.
>> 289
>> 290 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
>> 291 with the Poly1305 authenticator. It is defined in RFC7539 for use in
>> 292 IETF protocols.
264 293
265 config CRYPTO_DH_RFC7919_GROUPS !! 294 config CRYPTO_SEQIV
266 bool "RFC 7919 FFDHE groups" !! 295 tristate "Sequence Number IV Generator"
267 depends on CRYPTO_DH !! 296 select CRYPTO_AEAD
>> 297 select CRYPTO_BLKCIPHER
>> 298 select CRYPTO_NULL
268 select CRYPTO_RNG_DEFAULT 299 select CRYPTO_RNG_DEFAULT
269 help 300 help
270 FFDHE (Finite-Field-based Diffie-Hel !! 301 This IV generator generates an IV based on a sequence number by
271 defined in RFC7919. !! 302 xoring it with a salt. This algorithm is mainly useful for CTR
272 303
273 Support these finite-field groups in !! 304 config CRYPTO_ECHAINIV
274 - ffdhe2048, ffdhe3072, ffdhe4096, f !! 305 tristate "Encrypted Chain IV Generator"
>> 306 select CRYPTO_AEAD
>> 307 select CRYPTO_NULL
>> 308 select CRYPTO_RNG_DEFAULT
>> 309 default m
>> 310 help
>> 311 This IV generator generates an IV based on the encryption of
>> 312 a sequence number xored with a salt. This is the default
>> 313 algorithm for CBC.
275 314
276 If unsure, say N. !! 315 comment "Block modes"
277 316
278 config CRYPTO_ECC !! 317 config CRYPTO_CBC
279 tristate !! 318 tristate "CBC support"
280 select CRYPTO_RNG_DEFAULT !! 319 select CRYPTO_BLKCIPHER
>> 320 select CRYPTO_MANAGER
>> 321 help
>> 322 CBC: Cipher Block Chaining mode
>> 323 This block cipher algorithm is required for IPSec.
281 324
282 config CRYPTO_ECDH !! 325 config CRYPTO_CTR
283 tristate "ECDH (Elliptic Curve Diffie- !! 326 tristate "CTR support"
284 select CRYPTO_ECC !! 327 select CRYPTO_BLKCIPHER
285 select CRYPTO_KPP !! 328 select CRYPTO_SEQIV
>> 329 select CRYPTO_MANAGER
286 help 330 help
287 ECDH (Elliptic Curve Diffie-Hellman) !! 331 CTR: Counter mode
288 using curves P-192, P-256, and P-384 !! 332 This block cipher algorithm is required for IPSec.
289 333
290 config CRYPTO_ECDSA !! 334 config CRYPTO_CTS
291 tristate "ECDSA (Elliptic Curve Digita !! 335 tristate "CTS support"
292 select CRYPTO_ECC !! 336 select CRYPTO_BLKCIPHER
293 select CRYPTO_AKCIPHER <<
294 select ASN1 <<
295 help 337 help
296 ECDSA (Elliptic Curve Digital Signat !! 338 CTS: Cipher Text Stealing
297 ISO/IEC 14888-3) !! 339 This is the Cipher Text Stealing mode as described by
298 using curves P-192, P-256, and P-384 !! 340 Section 8 of rfc2040 and referenced by rfc3962.
299 !! 341 (rfc3962 includes errata information in its Appendix A)
300 Only signature verification is imple !! 342 This mode is required for Kerberos gss mechanism support
301 !! 343 for AES encryption.
302 config CRYPTO_ECRDSA !! 344
303 tristate "EC-RDSA (Elliptic Curve Russ !! 345 config CRYPTO_ECB
304 select CRYPTO_ECC !! 346 tristate "ECB support"
305 select CRYPTO_AKCIPHER !! 347 select CRYPTO_BLKCIPHER
306 select CRYPTO_STREEBOG !! 348 select CRYPTO_MANAGER
307 select OID_REGISTRY !! 349 help
308 select ASN1 !! 350 ECB: Electronic CodeBook mode
>> 351 This is the simplest block cipher algorithm. It simply encrypts
>> 352 the input block by block.
>> 353
>> 354 config CRYPTO_LRW
>> 355 tristate "LRW support"
>> 356 select CRYPTO_BLKCIPHER
>> 357 select CRYPTO_MANAGER
>> 358 select CRYPTO_GF128MUL
309 help 359 help
310 Elliptic Curve Russian Digital Signa !! 360 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
311 RFC 7091, ISO/IEC 14888-3) !! 361 narrow block cipher mode for dm-crypt. Use it with cipher
>> 362 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
>> 363 The first 128, 192 or 256 bits in the key are used for AES and the
>> 364 rest is used to tie each cipher block to its logical position.
312 365
313 One of the Russian cryptographic sta !! 366 config CRYPTO_PCBC
314 algorithms). Only signature verifica !! 367 tristate "PCBC support"
>> 368 select CRYPTO_BLKCIPHER
>> 369 select CRYPTO_MANAGER
>> 370 help
>> 371 PCBC: Propagating Cipher Block Chaining mode
>> 372 This block cipher algorithm is required for RxRPC.
315 373
316 config CRYPTO_CURVE25519 !! 374 config CRYPTO_XTS
317 tristate "Curve25519" !! 375 tristate "XTS support"
318 select CRYPTO_KPP !! 376 select CRYPTO_BLKCIPHER
319 select CRYPTO_LIB_CURVE25519_GENERIC !! 377 select CRYPTO_MANAGER
>> 378 select CRYPTO_ECB
320 help 379 help
321 Curve25519 elliptic curve (RFC7748) !! 380 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
>> 381 key size 256, 384 or 512 bits. This implementation currently
>> 382 can't handle a sectorsize which is not a multiple of 16 bytes.
322 383
323 endmenu !! 384 config CRYPTO_KEYWRAP
>> 385 tristate "Key wrapping support"
>> 386 select CRYPTO_BLKCIPHER
>> 387 help
>> 388 Support for key wrapping (NIST SP800-38F / RFC3394) without
>> 389 padding.
324 390
325 menu "Block ciphers" !! 391 comment "Hash modes"
326 392
327 config CRYPTO_AES !! 393 config CRYPTO_CMAC
328 tristate "AES (Advanced Encryption Sta !! 394 tristate "CMAC support"
329 select CRYPTO_ALGAPI !! 395 select CRYPTO_HASH
330 select CRYPTO_LIB_AES !! 396 select CRYPTO_MANAGER
331 help 397 help
332 AES cipher algorithms (Rijndael)(FIP !! 398 Cipher-based Message Authentication Code (CMAC) specified by
>> 399 The National Institute of Standards and Technology (NIST).
333 400
334 Rijndael appears to be consistently !! 401 https://tools.ietf.org/html/rfc4493
335 both hardware and software across a !! 402 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
336 environments regardless of its use i <<
337 modes. Its key setup time is excelle <<
338 good. Rijndael's very low memory req <<
339 suited for restricted-space environm <<
340 demonstrates excellent performance. <<
341 among the easiest to defend against <<
342 403
343 The AES specifies three key sizes: 1 !! 404 config CRYPTO_HMAC
>> 405 tristate "HMAC support"
>> 406 select CRYPTO_HASH
>> 407 select CRYPTO_MANAGER
>> 408 help
>> 409 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
>> 410 This is required for IPSec.
344 411
345 config CRYPTO_AES_TI !! 412 config CRYPTO_XCBC
346 tristate "AES (Advanced Encryption Sta !! 413 tristate "XCBC support"
347 select CRYPTO_ALGAPI !! 414 select CRYPTO_HASH
348 select CRYPTO_LIB_AES !! 415 select CRYPTO_MANAGER
349 help 416 help
350 AES cipher algorithms (Rijndael)(FIP !! 417 XCBC: Keyed-Hashing with encryption algorithm
>> 418 http://www.ietf.org/rfc/rfc3566.txt
>> 419 http://csrc.nist.gov/encryption/modes/proposedmodes/
>> 420 xcbc-mac/xcbc-mac-spec.pdf
351 421
352 This is a generic implementation of !! 422 config CRYPTO_VMAC
353 data dependent latencies as much as !! 423 tristate "VMAC support"
354 performance too much. It is intended !! 424 select CRYPTO_HASH
355 and GCM drivers, and other CTR or CM !! 425 select CRYPTO_MANAGER
356 solely on encryption (although decry !! 426 help
357 with a more dramatic performance hit !! 427 VMAC is a message authentication algorithm designed for
>> 428 very high speed on 64-bit architectures.
358 429
359 Instead of using 16 lookup tables of !! 430 See also:
360 8 for decryption), this implementati !! 431 <http://fastcrypto.org/vmac>
361 256 bytes each, and attempts to elim <<
362 prefetching the entire table into th <<
363 block. Interrupts are also disabled <<
364 are evicted when the CPU is interrup <<
365 432
366 config CRYPTO_ANUBIS !! 433 comment "Digest"
367 tristate "Anubis" !! 434
368 depends on CRYPTO_USER_API_ENABLE_OBSO !! 435 config CRYPTO_CRC32C
369 select CRYPTO_ALGAPI !! 436 tristate "CRC32c CRC algorithm"
>> 437 select CRYPTO_HASH
>> 438 select CRC32
>> 439 help
>> 440 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
>> 441 by iSCSI for header and data digests and by others.
>> 442 See Castagnoli93. Module will be crc32c.
>> 443
>> 444 config CRYPTO_CRC32C_INTEL
>> 445 tristate "CRC32c INTEL hardware acceleration"
>> 446 depends on X86
>> 447 select CRYPTO_HASH
>> 448 help
>> 449 In Intel processor with SSE4.2 supported, the processor will
>> 450 support CRC32C implementation using hardware accelerated CRC32
>> 451 instruction. This option will create 'crc32c-intel' module,
>> 452 which will enable any routine to use the CRC32 instruction to
>> 453 gain performance compared with software implementation.
>> 454 Module will be crc32c-intel.
>> 455
>> 456 config CRYPTO_CRC32C_VPMSUM
>> 457 tristate "CRC32c CRC algorithm (powerpc64)"
>> 458 depends on PPC64 && ALTIVEC
>> 459 select CRYPTO_HASH
>> 460 select CRC32
370 help 461 help
371 Anubis cipher algorithm !! 462 CRC32c algorithm implemented using vector polynomial multiply-sum
>> 463 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
>> 464 and newer processors for improved performance.
372 465
373 Anubis is a variable key length ciph <<
374 128 bits to 320 bits in length. It <<
375 in the NESSIE competition. <<
376 466
377 See https://web.archive.org/web/2016 !! 467 config CRYPTO_CRC32C_SPARC64
378 for further information. !! 468 tristate "CRC32c CRC algorithm (SPARC64)"
>> 469 depends on SPARC64
>> 470 select CRYPTO_HASH
>> 471 select CRC32
>> 472 help
>> 473 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
>> 474 when available.
379 475
380 config CRYPTO_ARIA !! 476 config CRYPTO_CRC32
381 tristate "ARIA" !! 477 tristate "CRC32 CRC algorithm"
382 select CRYPTO_ALGAPI !! 478 select CRYPTO_HASH
>> 479 select CRC32
383 help 480 help
384 ARIA cipher algorithm (RFC5794) !! 481 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
>> 482 Shash crypto api wrappers to crc32_le function.
385 483
386 ARIA is a standard encryption algori !! 484 config CRYPTO_CRC32_PCLMUL
387 The ARIA specifies three key sizes a !! 485 tristate "CRC32 PCLMULQDQ hardware acceleration"
388 128-bit: 12 rounds. !! 486 depends on X86
389 192-bit: 14 rounds. !! 487 select CRYPTO_HASH
390 256-bit: 16 rounds. !! 488 select CRC32
>> 489 help
>> 490 From Intel Westmere and AMD Bulldozer processor with SSE4.2
>> 491 and PCLMULQDQ supported, the processor will support
>> 492 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
>> 493 instruction. This option will create 'crc32-plcmul' module,
>> 494 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
>> 495 and gain better performance as compared with the table implementation.
391 496
392 See: !! 497 config CRYPTO_CRCT10DIF
393 https://seed.kisa.or.kr/kisa/algorit !! 498 tristate "CRCT10DIF algorithm"
>> 499 select CRYPTO_HASH
>> 500 help
>> 501 CRC T10 Data Integrity Field computation is being cast as
>> 502 a crypto transform. This allows for faster crc t10 diff
>> 503 transforms to be used if they are available.
394 504
395 config CRYPTO_BLOWFISH !! 505 config CRYPTO_CRCT10DIF_PCLMUL
396 tristate "Blowfish" !! 506 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
397 select CRYPTO_ALGAPI !! 507 depends on X86 && 64BIT && CRC_T10DIF
398 select CRYPTO_BLOWFISH_COMMON !! 508 select CRYPTO_HASH
399 help 509 help
400 Blowfish cipher algorithm, by Bruce !! 510 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
>> 511 CRC T10 DIF PCLMULQDQ computation can be hardware
>> 512 accelerated PCLMULQDQ instruction. This option will create
>> 513 'crct10dif-plcmul' module, which is faster when computing the
>> 514 crct10dif checksum as compared with the generic table implementation.
401 515
402 This is a variable key length cipher !! 516 config CRYPTO_CRCT10DIF_VPMSUM
403 bits to 448 bits in length. It's fa !! 517 tristate "CRC32T10DIF powerpc64 hardware acceleration"
404 designed for use on "large microproc !! 518 depends on PPC64 && ALTIVEC && CRC_T10DIF
>> 519 select CRYPTO_HASH
>> 520 help
>> 521 CRC10T10DIF algorithm implemented using vector polynomial
>> 522 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
>> 523 POWER8 and newer processors for improved performance.
405 524
406 See https://www.schneier.com/blowfis !! 525 config CRYPTO_VPMSUM_TESTER
>> 526 tristate "Powerpc64 vpmsum hardware acceleration tester"
>> 527 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
>> 528 help
>> 529 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
>> 530 POWER8 vpmsum instructions.
>> 531 Unless you are testing these algorithms, you don't need this.
407 532
408 config CRYPTO_BLOWFISH_COMMON !! 533 config CRYPTO_GHASH
409 tristate !! 534 tristate "GHASH digest algorithm"
>> 535 select CRYPTO_GF128MUL
>> 536 select CRYPTO_HASH
410 help 537 help
411 Common parts of the Blowfish cipher !! 538 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
412 generic c and the assembler implemen <<
413 539
414 config CRYPTO_CAMELLIA !! 540 config CRYPTO_POLY1305
415 tristate "Camellia" !! 541 tristate "Poly1305 authenticator algorithm"
416 select CRYPTO_ALGAPI !! 542 select CRYPTO_HASH
417 help 543 help
418 Camellia cipher algorithms (ISO/IEC !! 544 Poly1305 authenticator algorithm, RFC7539.
419 545
420 Camellia is a symmetric key block ci !! 546 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
421 at NTT and Mitsubishi Electric Corpo !! 547 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
>> 548 in IETF protocols. This is the portable C implementation of Poly1305.
422 549
423 The Camellia specifies three key siz !! 550 config CRYPTO_POLY1305_X86_64
>> 551 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
>> 552 depends on X86 && 64BIT
>> 553 select CRYPTO_POLY1305
>> 554 help
>> 555 Poly1305 authenticator algorithm, RFC7539.
424 556
425 See https://info.isl.ntt.co.jp/crypt !! 557 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
>> 558 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
>> 559 in IETF protocols. This is the x86_64 assembler implementation using SIMD
>> 560 instructions.
426 561
427 config CRYPTO_CAST_COMMON !! 562 config CRYPTO_MD4
428 tristate !! 563 tristate "MD4 digest algorithm"
>> 564 select CRYPTO_HASH
429 help 565 help
430 Common parts of the CAST cipher algo !! 566 MD4 message digest algorithm (RFC1320).
431 generic c and the assembler implemen <<
432 567
433 config CRYPTO_CAST5 !! 568 config CRYPTO_MD5
434 tristate "CAST5 (CAST-128)" !! 569 tristate "MD5 digest algorithm"
435 select CRYPTO_ALGAPI !! 570 select CRYPTO_HASH
436 select CRYPTO_CAST_COMMON <<
437 help 571 help
438 CAST5 (CAST-128) cipher algorithm (R !! 572 MD5 message digest algorithm (RFC1321).
439 573
440 config CRYPTO_CAST6 !! 574 config CRYPTO_MD5_OCTEON
441 tristate "CAST6 (CAST-256)" !! 575 tristate "MD5 digest algorithm (OCTEON)"
442 select CRYPTO_ALGAPI !! 576 depends on CPU_CAVIUM_OCTEON
443 select CRYPTO_CAST_COMMON !! 577 select CRYPTO_MD5
>> 578 select CRYPTO_HASH
444 help 579 help
445 CAST6 (CAST-256) encryption algorith !! 580 MD5 message digest algorithm (RFC1321) implemented
>> 581 using OCTEON crypto instructions, when available.
446 582
447 config CRYPTO_DES !! 583 config CRYPTO_MD5_PPC
448 tristate "DES and Triple DES EDE" !! 584 tristate "MD5 digest algorithm (PPC)"
449 select CRYPTO_ALGAPI !! 585 depends on PPC
450 select CRYPTO_LIB_DES !! 586 select CRYPTO_HASH
451 help 587 help
452 DES (Data Encryption Standard)(FIPS !! 588 MD5 message digest algorithm (RFC1321) implemented
453 Triple DES EDE (Encrypt/Decrypt/Encr !! 589 in PPC assembler.
454 cipher algorithms <<
455 590
456 config CRYPTO_FCRYPT !! 591 config CRYPTO_MD5_SPARC64
457 tristate "FCrypt" !! 592 tristate "MD5 digest algorithm (SPARC64)"
458 select CRYPTO_ALGAPI !! 593 depends on SPARC64
459 select CRYPTO_SKCIPHER !! 594 select CRYPTO_MD5
>> 595 select CRYPTO_HASH
460 help 596 help
461 FCrypt algorithm used by RxRPC !! 597 MD5 message digest algorithm (RFC1321) implemented
>> 598 using sparc64 crypto instructions, when available.
462 599
463 See https://ota.polyonymo.us/fcrypt- !! 600 config CRYPTO_MICHAEL_MIC
>> 601 tristate "Michael MIC keyed digest algorithm"
>> 602 select CRYPTO_HASH
>> 603 help
>> 604 Michael MIC is used for message integrity protection in TKIP
>> 605 (IEEE 802.11i). This algorithm is required for TKIP, but it
>> 606 should not be used for other purposes because of the weakness
>> 607 of the algorithm.
464 608
465 config CRYPTO_KHAZAD !! 609 config CRYPTO_RMD128
466 tristate "Khazad" !! 610 tristate "RIPEMD-128 digest algorithm"
467 depends on CRYPTO_USER_API_ENABLE_OBSO !! 611 select CRYPTO_HASH
468 select CRYPTO_ALGAPI <<
469 help 612 help
470 Khazad cipher algorithm !! 613 RIPEMD-128 (ISO/IEC 10118-3:2004).
471 614
472 Khazad was a finalist in the initial !! 615 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
473 an algorithm optimized for 64-bit pr !! 616 be used as a secure replacement for RIPEMD. For other use cases,
474 on 32-bit processors. Khazad uses a !! 617 RIPEMD-160 should be used.
475 618
476 See https://web.archive.org/web/2017 !! 619 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
477 for further information. !! 620 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
478 621
479 config CRYPTO_SEED !! 622 config CRYPTO_RMD160
480 tristate "SEED" !! 623 tristate "RIPEMD-160 digest algorithm"
481 depends on CRYPTO_USER_API_ENABLE_OBSO !! 624 select CRYPTO_HASH
482 select CRYPTO_ALGAPI <<
483 help 625 help
484 SEED cipher algorithm (RFC4269, ISO/ !! 626 RIPEMD-160 (ISO/IEC 10118-3:2004).
485 627
486 SEED is a 128-bit symmetric key bloc !! 628 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
487 developed by KISA (Korea Information !! 629 to be used as a secure replacement for the 128-bit hash functions
488 national standard encryption algorit !! 630 MD4, MD5 and it's predecessor RIPEMD
489 It is a 16 round block cipher with t !! 631 (not to be confused with RIPEMD-128).
490 632
491 See https://seed.kisa.or.kr/kisa/alg !! 633 It's speed is comparable to SHA1 and there are no known attacks
492 for further information. !! 634 against RIPEMD-160.
493 635
494 config CRYPTO_SERPENT !! 636 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
495 tristate "Serpent" !! 637 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
496 select CRYPTO_ALGAPI !! 638
>> 639 config CRYPTO_RMD256
>> 640 tristate "RIPEMD-256 digest algorithm"
>> 641 select CRYPTO_HASH
497 help 642 help
498 Serpent cipher algorithm, by Anderso !! 643 RIPEMD-256 is an optional extension of RIPEMD-128 with a
>> 644 256 bit hash. It is intended for applications that require
>> 645 longer hash-results, without needing a larger security level
>> 646 (than RIPEMD-128).
499 647
500 Keys are allowed to be from 0 to 256 !! 648 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
501 of 8 bits. !! 649 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
502 650
503 See https://www.cl.cam.ac.uk/~rja14/ !! 651 config CRYPTO_RMD320
>> 652 tristate "RIPEMD-320 digest algorithm"
>> 653 select CRYPTO_HASH
>> 654 help
>> 655 RIPEMD-320 is an optional extension of RIPEMD-160 with a
>> 656 320 bit hash. It is intended for applications that require
>> 657 longer hash-results, without needing a larger security level
>> 658 (than RIPEMD-160).
504 659
505 config CRYPTO_SM4 !! 660 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
506 tristate !! 661 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
507 662
508 config CRYPTO_SM4_GENERIC !! 663 config CRYPTO_SHA1
509 tristate "SM4 (ShangMi 4)" !! 664 tristate "SHA1 digest algorithm"
510 select CRYPTO_ALGAPI !! 665 select CRYPTO_HASH
511 select CRYPTO_SM4 <<
512 help 666 help
513 SM4 cipher algorithms (OSCCA GB/T 32 !! 667 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
514 ISO/IEC 18033-3:2010/Amd 1:2021) <<
515 668
516 SM4 (GBT.32907-2016) is a cryptograp !! 669 config CRYPTO_SHA1_SSSE3
517 Organization of State Commercial Adm !! 670 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
518 as an authorized cryptographic algor !! 671 depends on X86 && 64BIT
>> 672 select CRYPTO_SHA1
>> 673 select CRYPTO_HASH
>> 674 help
>> 675 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 676 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
>> 677 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
>> 678 when available.
519 679
520 SMS4 was originally created for use !! 680 config CRYPTO_SHA256_SSSE3
521 networks, and is mandated in the Chi !! 681 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
522 Wireless LAN WAPI (Wired Authenticat !! 682 depends on X86 && 64BIT
523 (GB.15629.11-2003). !! 683 select CRYPTO_SHA256
>> 684 select CRYPTO_HASH
>> 685 help
>> 686 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 687 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 688 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 689 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
>> 690 Instructions) when available.
>> 691
>> 692 config CRYPTO_SHA512_SSSE3
>> 693 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
>> 694 depends on X86 && 64BIT
>> 695 select CRYPTO_SHA512
>> 696 select CRYPTO_HASH
>> 697 help
>> 698 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 699 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 700 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 701 version 2 (AVX2) instructions, when available.
>> 702
>> 703 config CRYPTO_SHA1_OCTEON
>> 704 tristate "SHA1 digest algorithm (OCTEON)"
>> 705 depends on CPU_CAVIUM_OCTEON
>> 706 select CRYPTO_SHA1
>> 707 select CRYPTO_HASH
>> 708 help
>> 709 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 710 using OCTEON crypto instructions, when available.
>> 711
>> 712 config CRYPTO_SHA1_SPARC64
>> 713 tristate "SHA1 digest algorithm (SPARC64)"
>> 714 depends on SPARC64
>> 715 select CRYPTO_SHA1
>> 716 select CRYPTO_HASH
>> 717 help
>> 718 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 719 using sparc64 crypto instructions, when available.
>> 720
>> 721 config CRYPTO_SHA1_PPC
>> 722 tristate "SHA1 digest algorithm (powerpc)"
>> 723 depends on PPC
>> 724 help
>> 725 This is the powerpc hardware accelerated implementation of the
>> 726 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
>> 727
>> 728 config CRYPTO_SHA1_PPC_SPE
>> 729 tristate "SHA1 digest algorithm (PPC SPE)"
>> 730 depends on PPC && SPE
>> 731 help
>> 732 SHA-1 secure hash standard (DFIPS 180-4) implemented
>> 733 using powerpc SPE SIMD instruction set.
>> 734
>> 735 config CRYPTO_SHA1_MB
>> 736 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
>> 737 depends on X86 && 64BIT
>> 738 select CRYPTO_SHA1
>> 739 select CRYPTO_HASH
>> 740 select CRYPTO_MCRYPTD
>> 741 help
>> 742 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 743 using multi-buffer technique. This algorithm computes on
>> 744 multiple data lanes concurrently with SIMD instructions for
>> 745 better throughput. It should not be enabled by default but
>> 746 used when there is significant amount of work to keep the keep
>> 747 the data lanes filled to get performance benefit. If the data
>> 748 lanes remain unfilled, a flush operation will be initiated to
>> 749 process the crypto jobs, adding a slight latency.
>> 750
>> 751 config CRYPTO_SHA256_MB
>> 752 tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)"
>> 753 depends on X86 && 64BIT
>> 754 select CRYPTO_SHA256
>> 755 select CRYPTO_HASH
>> 756 select CRYPTO_MCRYPTD
>> 757 help
>> 758 SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 759 using multi-buffer technique. This algorithm computes on
>> 760 multiple data lanes concurrently with SIMD instructions for
>> 761 better throughput. It should not be enabled by default but
>> 762 used when there is significant amount of work to keep the keep
>> 763 the data lanes filled to get performance benefit. If the data
>> 764 lanes remain unfilled, a flush operation will be initiated to
>> 765 process the crypto jobs, adding a slight latency.
>> 766
>> 767 config CRYPTO_SHA512_MB
>> 768 tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)"
>> 769 depends on X86 && 64BIT
>> 770 select CRYPTO_SHA512
>> 771 select CRYPTO_HASH
>> 772 select CRYPTO_MCRYPTD
>> 773 help
>> 774 SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 775 using multi-buffer technique. This algorithm computes on
>> 776 multiple data lanes concurrently with SIMD instructions for
>> 777 better throughput. It should not be enabled by default but
>> 778 used when there is significant amount of work to keep the keep
>> 779 the data lanes filled to get performance benefit. If the data
>> 780 lanes remain unfilled, a flush operation will be initiated to
>> 781 process the crypto jobs, adding a slight latency.
524 782
525 The latest SM4 standard (GBT.32907-2 !! 783 config CRYPTO_SHA256
526 standardized through TC 260 of the S !! 784 tristate "SHA224 and SHA256 digest algorithm"
527 of the People's Republic of China (S !! 785 select CRYPTO_HASH
>> 786 help
>> 787 SHA256 secure hash standard (DFIPS 180-2).
528 788
529 The input, output, and key of SMS4 a !! 789 This version of SHA implements a 256 bit hash with 128 bits of
>> 790 security against collision attacks.
530 791
531 See https://eprint.iacr.org/2008/329 !! 792 This code also includes SHA-224, a 224 bit hash with 112 bits
>> 793 of security against collision attacks.
532 794
533 If unsure, say N. !! 795 config CRYPTO_SHA256_PPC_SPE
>> 796 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
>> 797 depends on PPC && SPE
>> 798 select CRYPTO_SHA256
>> 799 select CRYPTO_HASH
>> 800 help
>> 801 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
>> 802 implemented using powerpc SPE SIMD instruction set.
534 803
535 config CRYPTO_TEA !! 804 config CRYPTO_SHA256_OCTEON
536 tristate "TEA, XTEA and XETA" !! 805 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
537 depends on CRYPTO_USER_API_ENABLE_OBSO !! 806 depends on CPU_CAVIUM_OCTEON
538 select CRYPTO_ALGAPI !! 807 select CRYPTO_SHA256
>> 808 select CRYPTO_HASH
539 help 809 help
540 TEA (Tiny Encryption Algorithm) ciph !! 810 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 811 using OCTEON crypto instructions, when available.
541 812
542 Tiny Encryption Algorithm is a simpl !! 813 config CRYPTO_SHA256_SPARC64
543 many rounds for security. It is ver !! 814 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
544 little memory. !! 815 depends on SPARC64
>> 816 select CRYPTO_SHA256
>> 817 select CRYPTO_HASH
>> 818 help
>> 819 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 820 using sparc64 crypto instructions, when available.
545 821
546 Xtendend Tiny Encryption Algorithm i !! 822 config CRYPTO_SHA512
547 the TEA algorithm to address a poten !! 823 tristate "SHA384 and SHA512 digest algorithms"
548 in the TEA algorithm. !! 824 select CRYPTO_HASH
>> 825 help
>> 826 SHA512 secure hash standard (DFIPS 180-2).
549 827
550 Xtendend Encryption Tiny Algorithm i !! 828 This version of SHA implements a 512 bit hash with 256 bits of
551 of the XTEA algorithm for compatibil !! 829 security against collision attacks.
552 830
553 config CRYPTO_TWOFISH !! 831 This code also includes SHA-384, a 384 bit hash with 192 bits
554 tristate "Twofish" !! 832 of security against collision attacks.
555 select CRYPTO_ALGAPI !! 833
556 select CRYPTO_TWOFISH_COMMON !! 834 config CRYPTO_SHA512_OCTEON
>> 835 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
>> 836 depends on CPU_CAVIUM_OCTEON
>> 837 select CRYPTO_SHA512
>> 838 select CRYPTO_HASH
557 help 839 help
558 Twofish cipher algorithm !! 840 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 841 using OCTEON crypto instructions, when available.
559 842
560 Twofish was submitted as an AES (Adv !! 843 config CRYPTO_SHA512_SPARC64
561 candidate cipher by researchers at C !! 844 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
562 16 round block cipher supporting key !! 845 depends on SPARC64
563 bits. !! 846 select CRYPTO_SHA512
>> 847 select CRYPTO_HASH
>> 848 help
>> 849 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 850 using sparc64 crypto instructions, when available.
564 851
565 See https://www.schneier.com/twofish !! 852 config CRYPTO_SHA3
>> 853 tristate "SHA3 digest algorithm"
>> 854 select CRYPTO_HASH
>> 855 help
>> 856 SHA-3 secure hash standard (DFIPS 202). It's based on
>> 857 cryptographic sponge function family called Keccak.
566 858
567 config CRYPTO_TWOFISH_COMMON !! 859 References:
568 tristate !! 860 http://keccak.noekeon.org/
>> 861
>> 862 config CRYPTO_TGR192
>> 863 tristate "Tiger digest algorithms"
>> 864 select CRYPTO_HASH
569 help 865 help
570 Common parts of the Twofish cipher a !! 866 Tiger hash algorithm 192, 160 and 128-bit hashes
571 generic c and the assembler implemen <<
572 867
573 endmenu !! 868 Tiger is a hash function optimized for 64-bit processors while
>> 869 still having decent performance on 32-bit processors.
>> 870 Tiger was developed by Ross Anderson and Eli Biham.
574 871
575 menu "Length-preserving ciphers and modes" !! 872 See also:
>> 873 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
576 874
577 config CRYPTO_ADIANTUM !! 875 config CRYPTO_WP512
578 tristate "Adiantum" !! 876 tristate "Whirlpool digest algorithms"
579 select CRYPTO_CHACHA20 !! 877 select CRYPTO_HASH
580 select CRYPTO_LIB_POLY1305_GENERIC <<
581 select CRYPTO_NHPOLY1305 <<
582 select CRYPTO_MANAGER <<
583 help 878 help
584 Adiantum tweakable, length-preservin !! 879 Whirlpool hash algorithm 512, 384 and 256-bit hashes
585 880
586 Designed for fast and secure disk en !! 881 Whirlpool-512 is part of the NESSIE cryptographic primitives.
587 CPUs without dedicated crypto instru !! 882 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
588 each sector using the XChaCha12 stre <<
589 an ε-almost-∆-universal hash func <<
590 the AES-256 block cipher on a single <<
591 without AES instructions, Adiantum i <<
592 AES-XTS. <<
593 <<
594 Adiantum's security is provably redu <<
595 underlying stream and block ciphers, <<
596 bound. Unlike XTS, Adiantum is a tr <<
597 mode, so it actually provides an eve <<
598 security than XTS, subject to the se <<
599 883
600 If unsure, say N. !! 884 See also:
>> 885 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
601 886
602 config CRYPTO_ARC4 !! 887 config CRYPTO_GHASH_CLMUL_NI_INTEL
603 tristate "ARC4 (Alleged Rivest Cipher !! 888 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
604 depends on CRYPTO_USER_API_ENABLE_OBSO !! 889 depends on X86 && 64BIT
605 select CRYPTO_SKCIPHER !! 890 select CRYPTO_CRYPTD
606 select CRYPTO_LIB_ARC4 <<
607 help 891 help
608 ARC4 cipher algorithm !! 892 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
>> 893 The implementation is accelerated by CLMUL-NI of Intel.
609 894
610 ARC4 is a stream cipher using keys r !! 895 comment "Ciphers"
611 bits in length. This algorithm is r <<
612 WEP, but it should not be for other <<
613 weakness of the algorithm. <<
614 896
615 config CRYPTO_CHACHA20 !! 897 config CRYPTO_AES
616 tristate "ChaCha" !! 898 tristate "AES cipher algorithms"
617 select CRYPTO_LIB_CHACHA_GENERIC !! 899 select CRYPTO_ALGAPI
618 select CRYPTO_SKCIPHER <<
619 help 900 help
620 The ChaCha20, XChaCha20, and XChaCha !! 901 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 902 algorithm.
621 903
622 ChaCha20 is a 256-bit high-speed str !! 904 Rijndael appears to be consistently a very good performer in
623 Bernstein and further specified in R !! 905 both hardware and software across a wide range of computing
624 This is the portable C implementatio !! 906 environments regardless of its use in feedback or non-feedback
625 https://cr.yp.to/chacha/chacha-20080 !! 907 modes. Its key setup time is excellent, and its key agility is
>> 908 good. Rijndael's very low memory requirements make it very well
>> 909 suited for restricted-space environments, in which it also
>> 910 demonstrates excellent performance. Rijndael's operations are
>> 911 among the easiest to defend against power and timing attacks.
626 912
627 XChaCha20 is the application of the !! 913 The AES specifies three key sizes: 128, 192 and 256 bits
628 rather than to Salsa20. XChaCha20 e <<
629 from 64 bits (or 96 bits using the R <<
630 while provably retaining ChaCha20's <<
631 https://cr.yp.to/snuffle/xsalsa-2008 <<
632 <<
633 XChaCha12 is XChaCha20 reduced to 12 <<
634 reduced security margin but increase <<
635 in some performance-sensitive scenar <<
636 914
637 config CRYPTO_CBC !! 915 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
638 tristate "CBC (Cipher Block Chaining)" !! 916
639 select CRYPTO_SKCIPHER !! 917 config CRYPTO_AES_TI
640 select CRYPTO_MANAGER !! 918 tristate "Fixed time AES cipher"
>> 919 select CRYPTO_ALGAPI
641 help 920 help
642 CBC (Cipher Block Chaining) mode (NI !! 921 This is a generic implementation of AES that attempts to eliminate
>> 922 data dependent latencies as much as possible without affecting
>> 923 performance too much. It is intended for use by the generic CCM
>> 924 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
>> 925 solely on encryption (although decryption is supported as well, but
>> 926 with a more dramatic performance hit)
643 927
644 This block cipher mode is required f !! 928 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
>> 929 8 for decryption), this implementation only uses just two S-boxes of
>> 930 256 bytes each, and attempts to eliminate data dependent latencies by
>> 931 prefetching the entire table into the cache at the start of each
>> 932 block.
645 933
646 config CRYPTO_CTR !! 934 config CRYPTO_AES_586
647 tristate "CTR (Counter)" !! 935 tristate "AES cipher algorithms (i586)"
648 select CRYPTO_SKCIPHER !! 936 depends on (X86 || UML_X86) && !64BIT
649 select CRYPTO_MANAGER !! 937 select CRYPTO_ALGAPI
>> 938 select CRYPTO_AES
650 help 939 help
651 CTR (Counter) mode (NIST SP800-38A) !! 940 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 941 algorithm.
652 942
653 config CRYPTO_CTS !! 943 Rijndael appears to be consistently a very good performer in
654 tristate "CTS (Cipher Text Stealing)" !! 944 both hardware and software across a wide range of computing
655 select CRYPTO_SKCIPHER !! 945 environments regardless of its use in feedback or non-feedback
656 select CRYPTO_MANAGER !! 946 modes. Its key setup time is excellent, and its key agility is
657 help !! 947 good. Rijndael's very low memory requirements make it very well
658 CBC-CS3 variant of CTS (Cipher Text !! 948 suited for restricted-space environments, in which it also
659 Addendum to SP800-38A (October 2010) !! 949 demonstrates excellent performance. Rijndael's operations are
>> 950 among the easiest to defend against power and timing attacks.
660 951
661 This mode is required for Kerberos g !! 952 The AES specifies three key sizes: 128, 192 and 256 bits
662 for AES encryption. <<
663 953
664 config CRYPTO_ECB !! 954 See <http://csrc.nist.gov/encryption/aes/> for more information.
665 tristate "ECB (Electronic Codebook)" <<
666 select CRYPTO_SKCIPHER2 <<
667 select CRYPTO_MANAGER <<
668 help <<
669 ECB (Electronic Codebook) mode (NIST <<
670 955
671 config CRYPTO_HCTR2 !! 956 config CRYPTO_AES_X86_64
672 tristate "HCTR2" !! 957 tristate "AES cipher algorithms (x86_64)"
673 select CRYPTO_XCTR !! 958 depends on (X86 || UML_X86) && 64BIT
674 select CRYPTO_POLYVAL !! 959 select CRYPTO_ALGAPI
675 select CRYPTO_MANAGER !! 960 select CRYPTO_AES
676 help 961 help
677 HCTR2 length-preserving encryption m !! 962 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 963 algorithm.
678 964
679 A mode for storage encryption that i !! 965 Rijndael appears to be consistently a very good performer in
680 instructions to accelerate AES and c !! 966 both hardware and software across a wide range of computing
681 x86 processors with AES-NI and CLMUL !! 967 environments regardless of its use in feedback or non-feedback
682 ARMv8 crypto extensions. !! 968 modes. Its key setup time is excellent, and its key agility is
>> 969 good. Rijndael's very low memory requirements make it very well
>> 970 suited for restricted-space environments, in which it also
>> 971 demonstrates excellent performance. Rijndael's operations are
>> 972 among the easiest to defend against power and timing attacks.
683 973
684 See https://eprint.iacr.org/2021/144 !! 974 The AES specifies three key sizes: 128, 192 and 256 bits
685 975
686 config CRYPTO_KEYWRAP !! 976 See <http://csrc.nist.gov/encryption/aes/> for more information.
687 tristate "KW (AES Key Wrap)" <<
688 select CRYPTO_SKCIPHER <<
689 select CRYPTO_MANAGER <<
690 help <<
691 KW (AES Key Wrap) authenticated encr <<
692 and RFC3394) without padding. <<
693 977
694 config CRYPTO_LRW !! 978 config CRYPTO_AES_NI_INTEL
695 tristate "LRW (Liskov Rivest Wagner)" !! 979 tristate "AES cipher algorithms (AES-NI)"
696 select CRYPTO_LIB_GF128MUL !! 980 depends on X86
697 select CRYPTO_SKCIPHER !! 981 select CRYPTO_AEAD
698 select CRYPTO_MANAGER !! 982 select CRYPTO_AES_X86_64 if 64BIT
699 select CRYPTO_ECB !! 983 select CRYPTO_AES_586 if !64BIT
>> 984 select CRYPTO_ALGAPI
>> 985 select CRYPTO_BLKCIPHER
>> 986 select CRYPTO_GLUE_HELPER_X86 if 64BIT
>> 987 select CRYPTO_SIMD
700 help 988 help
701 LRW (Liskov Rivest Wagner) mode !! 989 Use Intel AES-NI instructions for AES algorithm.
702 990
703 A tweakable, non malleable, non mova !! 991 AES cipher algorithms (FIPS-197). AES uses the Rijndael
704 narrow block cipher mode for dm-cryp !! 992 algorithm.
705 specification string aes-lrw-benbi, <<
706 The first 128, 192 or 256 bits in th <<
707 rest is used to tie each cipher bloc <<
708 993
709 See https://people.csail.mit.edu/riv !! 994 Rijndael appears to be consistently a very good performer in
>> 995 both hardware and software across a wide range of computing
>> 996 environments regardless of its use in feedback or non-feedback
>> 997 modes. Its key setup time is excellent, and its key agility is
>> 998 good. Rijndael's very low memory requirements make it very well
>> 999 suited for restricted-space environments, in which it also
>> 1000 demonstrates excellent performance. Rijndael's operations are
>> 1001 among the easiest to defend against power and timing attacks.
710 1002
711 config CRYPTO_PCBC !! 1003 The AES specifies three key sizes: 128, 192 and 256 bits
712 tristate "PCBC (Propagating Cipher Blo <<
713 select CRYPTO_SKCIPHER <<
714 select CRYPTO_MANAGER <<
715 help <<
716 PCBC (Propagating Cipher Block Chain <<
717 1004
718 This block cipher mode is required f !! 1005 See <http://csrc.nist.gov/encryption/aes/> for more information.
719 1006
720 config CRYPTO_XCTR !! 1007 In addition to AES cipher algorithm support, the acceleration
721 tristate !! 1008 for some popular block cipher mode is supported too, including
722 select CRYPTO_SKCIPHER !! 1009 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
723 select CRYPTO_MANAGER !! 1010 acceleration for CTR.
>> 1011
>> 1012 config CRYPTO_AES_SPARC64
>> 1013 tristate "AES cipher algorithms (SPARC64)"
>> 1014 depends on SPARC64
>> 1015 select CRYPTO_CRYPTD
>> 1016 select CRYPTO_ALGAPI
724 help 1017 help
725 XCTR (XOR Counter) mode for HCTR2 !! 1018 Use SPARC64 crypto opcodes for AES algorithm.
726 1019
727 This blockcipher mode is a variant o !! 1020 AES cipher algorithms (FIPS-197). AES uses the Rijndael
728 addition rather than big-endian arit !! 1021 algorithm.
729 1022
730 XCTR mode is used to implement HCTR2 !! 1023 Rijndael appears to be consistently a very good performer in
>> 1024 both hardware and software across a wide range of computing
>> 1025 environments regardless of its use in feedback or non-feedback
>> 1026 modes. Its key setup time is excellent, and its key agility is
>> 1027 good. Rijndael's very low memory requirements make it very well
>> 1028 suited for restricted-space environments, in which it also
>> 1029 demonstrates excellent performance. Rijndael's operations are
>> 1030 among the easiest to defend against power and timing attacks.
731 1031
732 config CRYPTO_XTS !! 1032 The AES specifies three key sizes: 128, 192 and 256 bits
733 tristate "XTS (XOR Encrypt XOR with ci <<
734 select CRYPTO_SKCIPHER <<
735 select CRYPTO_MANAGER <<
736 select CRYPTO_ECB <<
737 help <<
738 XTS (XOR Encrypt XOR with ciphertext <<
739 and IEEE 1619) <<
740 1033
741 Use with aes-xts-plain, key size 256 !! 1034 See <http://csrc.nist.gov/encryption/aes/> for more information.
742 implementation currently can't handl <<
743 multiple of 16 bytes. <<
744 1035
745 config CRYPTO_NHPOLY1305 !! 1036 In addition to AES cipher algorithm support, the acceleration
746 tristate !! 1037 for some popular block cipher mode is supported too, including
747 select CRYPTO_HASH !! 1038 ECB and CBC.
748 select CRYPTO_LIB_POLY1305_GENERIC !! 1039
>> 1040 config CRYPTO_AES_PPC_SPE
>> 1041 tristate "AES cipher algorithms (PPC SPE)"
>> 1042 depends on PPC && SPE
>> 1043 help
>> 1044 AES cipher algorithms (FIPS-197). Additionally the acceleration
>> 1045 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
>> 1046 This module should only be used for low power (router) devices
>> 1047 without hardware AES acceleration (e.g. caam crypto). It reduces the
>> 1048 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
>> 1049 timining attacks. Nevertheless it might be not as secure as other
>> 1050 architecture specific assembler implementations that work on 1KB
>> 1051 tables or 256 bytes S-boxes.
749 1052
750 endmenu !! 1053 config CRYPTO_ANUBIS
>> 1054 tristate "Anubis cipher algorithm"
>> 1055 select CRYPTO_ALGAPI
>> 1056 help
>> 1057 Anubis cipher algorithm.
751 1058
752 menu "AEAD (authenticated encryption with asso !! 1059 Anubis is a variable key length cipher which can use keys from
>> 1060 128 bits to 320 bits in length. It was evaluated as a entrant
>> 1061 in the NESSIE competition.
753 1062
754 config CRYPTO_AEGIS128 !! 1063 See also:
755 tristate "AEGIS-128" !! 1064 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
756 select CRYPTO_AEAD !! 1065 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
757 select CRYPTO_AES # for AES S-box tab <<
758 help <<
759 AEGIS-128 AEAD algorithm <<
760 1066
761 config CRYPTO_AEGIS128_SIMD !! 1067 config CRYPTO_ARC4
762 bool "AEGIS-128 (arm NEON, arm64 NEON) !! 1068 tristate "ARC4 cipher algorithm"
763 depends on CRYPTO_AEGIS128 && ((ARM || !! 1069 select CRYPTO_BLKCIPHER
764 default y <<
765 help 1070 help
766 AEGIS-128 AEAD algorithm !! 1071 ARC4 cipher algorithm.
767 1072
768 Architecture: arm or arm64 using: !! 1073 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
769 - NEON (Advanced SIMD) extension !! 1074 bits in length. This algorithm is required for driver-based
>> 1075 WEP, but it should not be for other purposes because of the
>> 1076 weakness of the algorithm.
770 1077
771 config CRYPTO_CHACHA20POLY1305 !! 1078 config CRYPTO_BLOWFISH
772 tristate "ChaCha20-Poly1305" !! 1079 tristate "Blowfish cipher algorithm"
773 select CRYPTO_CHACHA20 !! 1080 select CRYPTO_ALGAPI
774 select CRYPTO_POLY1305 !! 1081 select CRYPTO_BLOWFISH_COMMON
775 select CRYPTO_AEAD <<
776 select CRYPTO_MANAGER <<
777 help 1082 help
778 ChaCha20 stream cipher and Poly1305 !! 1083 Blowfish cipher algorithm, by Bruce Schneier.
779 mode (RFC8439) <<
780 1084
781 config CRYPTO_CCM !! 1085 This is a variable key length cipher which can use keys from 32
782 tristate "CCM (Counter with Cipher Blo !! 1086 bits to 448 bits in length. It's fast, simple and specifically
783 select CRYPTO_CTR !! 1087 designed for use on "large microprocessors".
784 select CRYPTO_HASH !! 1088
785 select CRYPTO_AEAD !! 1089 See also:
786 select CRYPTO_MANAGER !! 1090 <http://www.schneier.com/blowfish.html>
>> 1091
>> 1092 config CRYPTO_BLOWFISH_COMMON
>> 1093 tristate
787 help 1094 help
788 CCM (Counter with Cipher Block Chain !! 1095 Common parts of the Blowfish cipher algorithm shared by the
789 authenticated encryption mode (NIST !! 1096 generic c and the assembler implementations.
790 1097
791 config CRYPTO_GCM !! 1098 See also:
792 tristate "GCM (Galois/Counter Mode) an !! 1099 <http://www.schneier.com/blowfish.html>
793 select CRYPTO_CTR !! 1100
794 select CRYPTO_AEAD !! 1101 config CRYPTO_BLOWFISH_X86_64
795 select CRYPTO_GHASH !! 1102 tristate "Blowfish cipher algorithm (x86_64)"
796 select CRYPTO_NULL !! 1103 depends on X86 && 64BIT
797 select CRYPTO_MANAGER !! 1104 select CRYPTO_ALGAPI
>> 1105 select CRYPTO_BLOWFISH_COMMON
798 help 1106 help
799 GCM (Galois/Counter Mode) authentica !! 1107 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
800 (GCM Message Authentication Code) (N <<
801 1108
802 This is required for IPSec ESP (XFRM !! 1109 This is a variable key length cipher which can use keys from 32
>> 1110 bits to 448 bits in length. It's fast, simple and specifically
>> 1111 designed for use on "large microprocessors".
803 1112
804 config CRYPTO_GENIV !! 1113 See also:
805 tristate !! 1114 <http://www.schneier.com/blowfish.html>
806 select CRYPTO_AEAD <<
807 select CRYPTO_NULL <<
808 select CRYPTO_MANAGER <<
809 select CRYPTO_RNG_DEFAULT <<
810 1115
811 config CRYPTO_SEQIV !! 1116 config CRYPTO_CAMELLIA
812 tristate "Sequence Number IV Generator !! 1117 tristate "Camellia cipher algorithms"
813 select CRYPTO_GENIV !! 1118 depends on CRYPTO
>> 1119 select CRYPTO_ALGAPI
814 help 1120 help
815 Sequence Number IV generator !! 1121 Camellia cipher algorithms module.
816 1122
817 This IV generator generates an IV ba !! 1123 Camellia is a symmetric key block cipher developed jointly
818 xoring it with a salt. This algorit !! 1124 at NTT and Mitsubishi Electric Corporation.
>> 1125
>> 1126 The Camellia specifies three key sizes: 128, 192 and 256 bits.
819 1127
820 This is required for IPsec ESP (XFRM !! 1128 See also:
>> 1129 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
821 1130
822 config CRYPTO_ECHAINIV !! 1131 config CRYPTO_CAMELLIA_X86_64
823 tristate "Encrypted Chain IV Generator !! 1132 tristate "Camellia cipher algorithm (x86_64)"
824 select CRYPTO_GENIV !! 1133 depends on X86 && 64BIT
>> 1134 depends on CRYPTO
>> 1135 select CRYPTO_ALGAPI
>> 1136 select CRYPTO_GLUE_HELPER_X86
>> 1137 select CRYPTO_LRW
>> 1138 select CRYPTO_XTS
825 help 1139 help
826 Encrypted Chain IV generator !! 1140 Camellia cipher algorithm module (x86_64).
827 1141
828 This IV generator generates an IV ba !! 1142 Camellia is a symmetric key block cipher developed jointly
829 a sequence number xored with a salt. !! 1143 at NTT and Mitsubishi Electric Corporation.
830 algorithm for CBC. !! 1144
>> 1145 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1146
>> 1147 See also:
>> 1148 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
831 1149
832 config CRYPTO_ESSIV !! 1150 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
833 tristate "Encrypted Salt-Sector IV Gen !! 1151 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
834 select CRYPTO_AUTHENC !! 1152 depends on X86 && 64BIT
>> 1153 depends on CRYPTO
>> 1154 select CRYPTO_ALGAPI
>> 1155 select CRYPTO_CRYPTD
>> 1156 select CRYPTO_ABLK_HELPER
>> 1157 select CRYPTO_GLUE_HELPER_X86
>> 1158 select CRYPTO_CAMELLIA_X86_64
>> 1159 select CRYPTO_LRW
>> 1160 select CRYPTO_XTS
835 help 1161 help
836 Encrypted Salt-Sector IV generator !! 1162 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
>> 1163
>> 1164 Camellia is a symmetric key block cipher developed jointly
>> 1165 at NTT and Mitsubishi Electric Corporation.
837 1166
838 This IV generator is used in some ca !! 1167 The Camellia specifies three key sizes: 128, 192 and 256 bits.
839 dm-crypt. It uses the hash of the bl <<
840 symmetric key for a block encryption <<
841 IV, making low entropy IV sources mo <<
842 encryption. <<
843 1168
844 This driver implements a crypto API !! 1169 See also:
845 instantiated either as an skcipher o !! 1170 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
846 type of the first template argument) <<
847 and decryption requests to the encap <<
848 ESSIV to the input IV. Note that in <<
849 that the keys are presented in the s <<
850 template, and that the IV appears at <<
851 associated data (AAD) region (which <<
852 1171
853 Note that the use of ESSIV is not re !! 1172 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
854 and so this only needs to be enabled !! 1173 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
855 existing encrypted volumes of filesy !! 1174 depends on X86 && 64BIT
856 building for a particular system tha !! 1175 depends on CRYPTO
857 the SoC in question has accelerated !! 1176 select CRYPTO_ALGAPI
858 combined with ESSIV the only feasibl !! 1177 select CRYPTO_CRYPTD
859 block encryption) !! 1178 select CRYPTO_ABLK_HELPER
>> 1179 select CRYPTO_GLUE_HELPER_X86
>> 1180 select CRYPTO_CAMELLIA_X86_64
>> 1181 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1182 select CRYPTO_LRW
>> 1183 select CRYPTO_XTS
>> 1184 help
>> 1185 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
860 1186
861 endmenu !! 1187 Camellia is a symmetric key block cipher developed jointly
>> 1188 at NTT and Mitsubishi Electric Corporation.
862 1189
863 menu "Hashes, digests, and MACs" !! 1190 The Camellia specifies three key sizes: 128, 192 and 256 bits.
864 1191
865 config CRYPTO_BLAKE2B !! 1192 See also:
866 tristate "BLAKE2b" !! 1193 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
867 select CRYPTO_HASH !! 1194
>> 1195 config CRYPTO_CAMELLIA_SPARC64
>> 1196 tristate "Camellia cipher algorithm (SPARC64)"
>> 1197 depends on SPARC64
>> 1198 depends on CRYPTO
>> 1199 select CRYPTO_ALGAPI
868 help 1200 help
869 BLAKE2b cryptographic hash function !! 1201 Camellia cipher algorithm module (SPARC64).
870 1202
871 BLAKE2b is optimized for 64-bit plat !! 1203 Camellia is a symmetric key block cipher developed jointly
872 of any size between 1 and 64 bytes. !! 1204 at NTT and Mitsubishi Electric Corporation.
873 1205
874 This module provides the following a !! 1206 The Camellia specifies three key sizes: 128, 192 and 256 bits.
875 - blake2b-160 <<
876 - blake2b-256 <<
877 - blake2b-384 <<
878 - blake2b-512 <<
879 1207
880 Used by the btrfs filesystem. !! 1208 See also:
>> 1209 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
881 1210
882 See https://blake2.net for further i !! 1211 config CRYPTO_CAST_COMMON
>> 1212 tristate
>> 1213 help
>> 1214 Common parts of the CAST cipher algorithms shared by the
>> 1215 generic c and the assembler implementations.
883 1216
884 config CRYPTO_CMAC !! 1217 config CRYPTO_CAST5
885 tristate "CMAC (Cipher-based MAC)" !! 1218 tristate "CAST5 (CAST-128) cipher algorithm"
886 select CRYPTO_HASH !! 1219 select CRYPTO_ALGAPI
887 select CRYPTO_MANAGER !! 1220 select CRYPTO_CAST_COMMON
888 help 1221 help
889 CMAC (Cipher-based Message Authentic !! 1222 The CAST5 encryption algorithm (synonymous with CAST-128) is
890 mode (NIST SP800-38B and IETF RFC449 !! 1223 described in RFC2144.
891 1224
892 config CRYPTO_GHASH !! 1225 config CRYPTO_CAST5_AVX_X86_64
893 tristate "GHASH" !! 1226 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
894 select CRYPTO_HASH !! 1227 depends on X86 && 64BIT
895 select CRYPTO_LIB_GF128MUL !! 1228 select CRYPTO_ALGAPI
>> 1229 select CRYPTO_CRYPTD
>> 1230 select CRYPTO_ABLK_HELPER
>> 1231 select CRYPTO_CAST_COMMON
>> 1232 select CRYPTO_CAST5
896 help 1233 help
897 GCM GHASH function (NIST SP800-38D) !! 1234 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1235 described in RFC2144.
898 1236
899 config CRYPTO_HMAC !! 1237 This module provides the Cast5 cipher algorithm that processes
900 tristate "HMAC (Keyed-Hash MAC)" !! 1238 sixteen blocks parallel using the AVX instruction set.
901 select CRYPTO_HASH !! 1239
902 select CRYPTO_MANAGER !! 1240 config CRYPTO_CAST6
>> 1241 tristate "CAST6 (CAST-256) cipher algorithm"
>> 1242 select CRYPTO_ALGAPI
>> 1243 select CRYPTO_CAST_COMMON
>> 1244 help
>> 1245 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1246 described in RFC2612.
>> 1247
>> 1248 config CRYPTO_CAST6_AVX_X86_64
>> 1249 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
>> 1250 depends on X86 && 64BIT
>> 1251 select CRYPTO_ALGAPI
>> 1252 select CRYPTO_CRYPTD
>> 1253 select CRYPTO_ABLK_HELPER
>> 1254 select CRYPTO_GLUE_HELPER_X86
>> 1255 select CRYPTO_CAST_COMMON
>> 1256 select CRYPTO_CAST6
>> 1257 select CRYPTO_LRW
>> 1258 select CRYPTO_XTS
903 help 1259 help
904 HMAC (Keyed-Hash Message Authenticat !! 1260 The CAST6 encryption algorithm (synonymous with CAST-256) is
905 RFC2104) !! 1261 described in RFC2612.
906 1262
907 This is required for IPsec AH (XFRM_ !! 1263 This module provides the Cast6 cipher algorithm that processes
>> 1264 eight blocks parallel using the AVX instruction set.
908 1265
909 config CRYPTO_MD4 !! 1266 config CRYPTO_DES
910 tristate "MD4" !! 1267 tristate "DES and Triple DES EDE cipher algorithms"
911 select CRYPTO_HASH !! 1268 select CRYPTO_ALGAPI
912 help 1269 help
913 MD4 message digest algorithm (RFC132 !! 1270 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
914 1271
915 config CRYPTO_MD5 !! 1272 config CRYPTO_DES_SPARC64
916 tristate "MD5" !! 1273 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
917 select CRYPTO_HASH !! 1274 depends on SPARC64
>> 1275 select CRYPTO_ALGAPI
>> 1276 select CRYPTO_DES
918 help 1277 help
919 MD5 message digest algorithm (RFC132 !! 1278 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
>> 1279 optimized using SPARC64 crypto opcodes.
920 1280
921 config CRYPTO_MICHAEL_MIC !! 1281 config CRYPTO_DES3_EDE_X86_64
922 tristate "Michael MIC" !! 1282 tristate "Triple DES EDE cipher algorithm (x86-64)"
923 select CRYPTO_HASH !! 1283 depends on X86 && 64BIT
>> 1284 select CRYPTO_ALGAPI
>> 1285 select CRYPTO_DES
924 help 1286 help
925 Michael MIC (Message Integrity Code) !! 1287 Triple DES EDE (FIPS 46-3) algorithm.
926 1288
927 Defined by the IEEE 802.11i TKIP (Te !! 1289 This module provides implementation of the Triple DES EDE cipher
928 known as WPA (Wif-Fi Protected Acces !! 1290 algorithm that is optimized for x86-64 processors. Two versions of
>> 1291 algorithm are provided; regular processing one input block and
>> 1292 one that processes three blocks parallel.
929 1293
930 This algorithm is required for TKIP, !! 1294 config CRYPTO_FCRYPT
931 other purposes because of the weakne !! 1295 tristate "FCrypt cipher algorithm"
>> 1296 select CRYPTO_ALGAPI
>> 1297 select CRYPTO_BLKCIPHER
>> 1298 help
>> 1299 FCrypt algorithm used by RxRPC.
932 1300
933 config CRYPTO_POLYVAL !! 1301 config CRYPTO_KHAZAD
934 tristate !! 1302 tristate "Khazad cipher algorithm"
935 select CRYPTO_HASH !! 1303 select CRYPTO_ALGAPI
936 select CRYPTO_LIB_GF128MUL <<
937 help 1304 help
938 POLYVAL hash function for HCTR2 !! 1305 Khazad cipher algorithm.
939 1306
940 This is used in HCTR2. It is not a !! 1307 Khazad was a finalist in the initial NESSIE competition. It is
941 cryptographic hash function. !! 1308 an algorithm optimized for 64-bit processors with good performance
>> 1309 on 32-bit processors. Khazad uses an 128 bit key size.
942 1310
943 config CRYPTO_POLY1305 !! 1311 See also:
944 tristate "Poly1305" !! 1312 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
945 select CRYPTO_HASH !! 1313
946 select CRYPTO_LIB_POLY1305_GENERIC !! 1314 config CRYPTO_SALSA20
>> 1315 tristate "Salsa20 stream cipher algorithm"
>> 1316 select CRYPTO_BLKCIPHER
947 help 1317 help
948 Poly1305 authenticator algorithm (RF !! 1318 Salsa20 stream cipher algorithm.
949 1319
950 Poly1305 is an authenticator algorit !! 1320 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
951 It is used for the ChaCha20-Poly1305 !! 1321 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
952 in IETF protocols. This is the porta <<
953 1322
954 config CRYPTO_RMD160 !! 1323 The Salsa20 stream cipher algorithm is designed by Daniel J.
955 tristate "RIPEMD-160" !! 1324 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
956 select CRYPTO_HASH <<
957 help <<
958 RIPEMD-160 hash function (ISO/IEC 10 <<
959 1325
960 RIPEMD-160 is a 160-bit cryptographi !! 1326 config CRYPTO_SALSA20_586
961 to be used as a secure replacement f !! 1327 tristate "Salsa20 stream cipher algorithm (i586)"
962 MD4, MD5 and its predecessor RIPEMD !! 1328 depends on (X86 || UML_X86) && !64BIT
963 (not to be confused with RIPEMD-128) !! 1329 select CRYPTO_BLKCIPHER
>> 1330 help
>> 1331 Salsa20 stream cipher algorithm.
964 1332
965 Its speed is comparable to SHA-1 and !! 1333 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
966 against RIPEMD-160. !! 1334 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
967 1335
968 Developed by Hans Dobbertin, Antoon !! 1336 The Salsa20 stream cipher algorithm is designed by Daniel J.
969 See https://homes.esat.kuleuven.be/~ !! 1337 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
970 for further information. <<
971 1338
972 config CRYPTO_SHA1 !! 1339 config CRYPTO_SALSA20_X86_64
973 tristate "SHA-1" !! 1340 tristate "Salsa20 stream cipher algorithm (x86_64)"
974 select CRYPTO_HASH !! 1341 depends on (X86 || UML_X86) && 64BIT
975 select CRYPTO_LIB_SHA1 !! 1342 select CRYPTO_BLKCIPHER
976 help 1343 help
977 SHA-1 secure hash algorithm (FIPS 18 !! 1344 Salsa20 stream cipher algorithm.
978 1345
979 config CRYPTO_SHA256 !! 1346 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
980 tristate "SHA-224 and SHA-256" !! 1347 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
981 select CRYPTO_HASH !! 1348
982 select CRYPTO_LIB_SHA256 !! 1349 The Salsa20 stream cipher algorithm is designed by Daniel J.
>> 1350 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
>> 1351
>> 1352 config CRYPTO_CHACHA20
>> 1353 tristate "ChaCha20 cipher algorithm"
>> 1354 select CRYPTO_BLKCIPHER
983 help 1355 help
984 SHA-224 and SHA-256 secure hash algo !! 1356 ChaCha20 cipher algorithm, RFC7539.
985 1357
986 This is required for IPsec AH (XFRM_ !! 1358 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
987 Used by the btrfs filesystem, Ceph, !! 1359 Bernstein and further specified in RFC7539 for use in IETF protocols.
>> 1360 This is the portable C implementation of ChaCha20.
988 1361
989 config CRYPTO_SHA512 !! 1362 See also:
990 tristate "SHA-384 and SHA-512" !! 1363 <http://cr.yp.to/chacha/chacha-20080128.pdf>
991 select CRYPTO_HASH !! 1364
>> 1365 config CRYPTO_CHACHA20_X86_64
>> 1366 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
>> 1367 depends on X86 && 64BIT
>> 1368 select CRYPTO_BLKCIPHER
>> 1369 select CRYPTO_CHACHA20
992 help 1370 help
993 SHA-384 and SHA-512 secure hash algo !! 1371 ChaCha20 cipher algorithm, RFC7539.
994 1372
995 config CRYPTO_SHA3 !! 1373 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
996 tristate "SHA-3" !! 1374 Bernstein and further specified in RFC7539 for use in IETF protocols.
997 select CRYPTO_HASH !! 1375 This is the x86_64 assembler implementation using SIMD instructions.
>> 1376
>> 1377 See also:
>> 1378 <http://cr.yp.to/chacha/chacha-20080128.pdf>
>> 1379
>> 1380 config CRYPTO_SEED
>> 1381 tristate "SEED cipher algorithm"
>> 1382 select CRYPTO_ALGAPI
998 help 1383 help
999 SHA-3 secure hash algorithms (FIPS 2 !! 1384 SEED cipher algorithm (RFC4269).
1000 1385
1001 config CRYPTO_SM3 !! 1386 SEED is a 128-bit symmetric key block cipher that has been
1002 tristate !! 1387 developed by KISA (Korea Information Security Agency) as a
>> 1388 national standard encryption algorithm of the Republic of Korea.
>> 1389 It is a 16 round block cipher with the key size of 128 bit.
1003 1390
1004 config CRYPTO_SM3_GENERIC !! 1391 See also:
1005 tristate "SM3 (ShangMi 3)" !! 1392 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1006 select CRYPTO_HASH !! 1393
1007 select CRYPTO_SM3 !! 1394 config CRYPTO_SERPENT
>> 1395 tristate "Serpent cipher algorithm"
>> 1396 select CRYPTO_ALGAPI
1008 help 1397 help
1009 SM3 (ShangMi 3) secure hash functio !! 1398 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1010 1399
1011 This is part of the Chinese Commerc !! 1400 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1401 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
>> 1402 variant of Serpent for compatibility with old kerneli.org code.
1012 1403
1013 References: !! 1404 See also:
1014 http://www.oscca.gov.cn/UpFile/2010 !! 1405 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1015 https://datatracker.ietf.org/doc/ht <<
1016 1406
1017 config CRYPTO_STREEBOG !! 1407 config CRYPTO_SERPENT_SSE2_X86_64
1018 tristate "Streebog" !! 1408 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1019 select CRYPTO_HASH !! 1409 depends on X86 && 64BIT
>> 1410 select CRYPTO_ALGAPI
>> 1411 select CRYPTO_CRYPTD
>> 1412 select CRYPTO_ABLK_HELPER
>> 1413 select CRYPTO_GLUE_HELPER_X86
>> 1414 select CRYPTO_SERPENT
>> 1415 select CRYPTO_LRW
>> 1416 select CRYPTO_XTS
1020 help 1417 help
1021 Streebog Hash Function (GOST R 34.1 !! 1418 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1022 1419
1023 This is one of the Russian cryptogr !! 1420 Keys are allowed to be from 0 to 256 bits in length, in steps
1024 GOST algorithms). This setting enab !! 1421 of 8 bits.
1025 256 and 512 bits output. <<
1026 1422
1027 References: !! 1423 This module provides Serpent cipher algorithm that processes eight
1028 https://tc26.ru/upload/iblock/fed/f !! 1424 blocks parallel using SSE2 instruction set.
1029 https://tools.ietf.org/html/rfc6986 <<
1030 1425
1031 config CRYPTO_VMAC !! 1426 See also:
1032 tristate "VMAC" !! 1427 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1033 select CRYPTO_HASH !! 1428
1034 select CRYPTO_MANAGER !! 1429 config CRYPTO_SERPENT_SSE2_586
>> 1430 tristate "Serpent cipher algorithm (i586/SSE2)"
>> 1431 depends on X86 && !64BIT
>> 1432 select CRYPTO_ALGAPI
>> 1433 select CRYPTO_CRYPTD
>> 1434 select CRYPTO_ABLK_HELPER
>> 1435 select CRYPTO_GLUE_HELPER_X86
>> 1436 select CRYPTO_SERPENT
>> 1437 select CRYPTO_LRW
>> 1438 select CRYPTO_XTS
1035 help 1439 help
1036 VMAC is a message authentication al !! 1440 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1037 very high speed on 64-bit architect <<
1038 1441
1039 See https://fastcrypto.org/vmac for !! 1442 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1443 of 8 bits.
1040 1444
1041 config CRYPTO_WP512 !! 1445 This module provides Serpent cipher algorithm that processes four
1042 tristate "Whirlpool" !! 1446 blocks parallel using SSE2 instruction set.
1043 select CRYPTO_HASH !! 1447
>> 1448 See also:
>> 1449 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1450
>> 1451 config CRYPTO_SERPENT_AVX_X86_64
>> 1452 tristate "Serpent cipher algorithm (x86_64/AVX)"
>> 1453 depends on X86 && 64BIT
>> 1454 select CRYPTO_ALGAPI
>> 1455 select CRYPTO_CRYPTD
>> 1456 select CRYPTO_ABLK_HELPER
>> 1457 select CRYPTO_GLUE_HELPER_X86
>> 1458 select CRYPTO_SERPENT
>> 1459 select CRYPTO_LRW
>> 1460 select CRYPTO_XTS
1044 help 1461 help
1045 Whirlpool hash function (ISO/IEC 10 !! 1462 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1046 1463
1047 512, 384 and 256-bit hashes. !! 1464 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1465 of 8 bits.
1048 1466
1049 Whirlpool-512 is part of the NESSIE !! 1467 This module provides the Serpent cipher algorithm that processes
>> 1468 eight blocks parallel using the AVX instruction set.
1050 1469
1051 See https://web.archive.org/web/201 !! 1470 See also:
1052 for further information. !! 1471 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1053 1472
1054 config CRYPTO_XCBC !! 1473 config CRYPTO_SERPENT_AVX2_X86_64
1055 tristate "XCBC-MAC (Extended Cipher B !! 1474 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1056 select CRYPTO_HASH !! 1475 depends on X86 && 64BIT
1057 select CRYPTO_MANAGER !! 1476 select CRYPTO_ALGAPI
>> 1477 select CRYPTO_CRYPTD
>> 1478 select CRYPTO_ABLK_HELPER
>> 1479 select CRYPTO_GLUE_HELPER_X86
>> 1480 select CRYPTO_SERPENT
>> 1481 select CRYPTO_SERPENT_AVX_X86_64
>> 1482 select CRYPTO_LRW
>> 1483 select CRYPTO_XTS
1058 help 1484 help
1059 XCBC-MAC (Extended Cipher Block Cha !! 1485 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1060 Code) (RFC3566) <<
1061 1486
1062 config CRYPTO_XXHASH !! 1487 Keys are allowed to be from 0 to 256 bits in length, in steps
1063 tristate "xxHash" !! 1488 of 8 bits.
1064 select CRYPTO_HASH !! 1489
1065 select XXHASH !! 1490 This module provides Serpent cipher algorithm that processes 16
>> 1491 blocks parallel using AVX2 instruction set.
>> 1492
>> 1493 See also:
>> 1494 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1495
>> 1496 config CRYPTO_TEA
>> 1497 tristate "TEA, XTEA and XETA cipher algorithms"
>> 1498 select CRYPTO_ALGAPI
1066 help 1499 help
1067 xxHash non-cryptographic hash algor !! 1500 TEA cipher algorithm.
>> 1501
>> 1502 Tiny Encryption Algorithm is a simple cipher that uses
>> 1503 many rounds for security. It is very fast and uses
>> 1504 little memory.
>> 1505
>> 1506 Xtendend Tiny Encryption Algorithm is a modification to
>> 1507 the TEA algorithm to address a potential key weakness
>> 1508 in the TEA algorithm.
>> 1509
>> 1510 Xtendend Encryption Tiny Algorithm is a mis-implementation
>> 1511 of the XTEA algorithm for compatibility purposes.
1068 1512
1069 Extremely fast, working at speeds c !! 1513 config CRYPTO_TWOFISH
>> 1514 tristate "Twofish cipher algorithm"
>> 1515 select CRYPTO_ALGAPI
>> 1516 select CRYPTO_TWOFISH_COMMON
>> 1517 help
>> 1518 Twofish cipher algorithm.
1070 1519
1071 Used by the btrfs filesystem. !! 1520 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1521 candidate cipher by researchers at CounterPane Systems. It is a
>> 1522 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1523 bits.
1072 1524
1073 endmenu !! 1525 See also:
>> 1526 <http://www.schneier.com/twofish.html>
1074 1527
1075 menu "CRCs (cyclic redundancy checks)" !! 1528 config CRYPTO_TWOFISH_COMMON
>> 1529 tristate
>> 1530 help
>> 1531 Common parts of the Twofish cipher algorithm shared by the
>> 1532 generic c and the assembler implementations.
1076 1533
1077 config CRYPTO_CRC32C !! 1534 config CRYPTO_TWOFISH_586
1078 tristate "CRC32c" !! 1535 tristate "Twofish cipher algorithms (i586)"
1079 select CRYPTO_HASH !! 1536 depends on (X86 || UML_X86) && !64BIT
1080 select CRC32 !! 1537 select CRYPTO_ALGAPI
>> 1538 select CRYPTO_TWOFISH_COMMON
1081 help 1539 help
1082 CRC32c CRC algorithm with the iSCSI !! 1540 Twofish cipher algorithm.
1083 1541
1084 A 32-bit CRC (cyclic redundancy che !! 1542 Twofish was submitted as an AES (Advanced Encryption Standard)
1085 by G. Castagnoli, S. Braeuer and M. !! 1543 candidate cipher by researchers at CounterPane Systems. It is a
1086 Redundancy-Check Codes with 24 and !! 1544 16 round block cipher supporting key sizes of 128, 192, and 256
1087 on Communications, Vol. 41, No. 6, !! 1545 bits.
1088 iSCSI. <<
1089 1546
1090 Used by btrfs, ext4, jbd2, NVMeoF/T !! 1547 See also:
>> 1548 <http://www.schneier.com/twofish.html>
1091 1549
1092 config CRYPTO_CRC32 !! 1550 config CRYPTO_TWOFISH_X86_64
1093 tristate "CRC32" !! 1551 tristate "Twofish cipher algorithm (x86_64)"
1094 select CRYPTO_HASH !! 1552 depends on (X86 || UML_X86) && 64BIT
1095 select CRC32 !! 1553 select CRYPTO_ALGAPI
>> 1554 select CRYPTO_TWOFISH_COMMON
1096 help 1555 help
1097 CRC32 CRC algorithm (IEEE 802.3) !! 1556 Twofish cipher algorithm (x86_64).
>> 1557
>> 1558 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1559 candidate cipher by researchers at CounterPane Systems. It is a
>> 1560 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1561 bits.
1098 1562
1099 Used by RoCEv2 and f2fs. !! 1563 See also:
>> 1564 <http://www.schneier.com/twofish.html>
1100 1565
1101 config CRYPTO_CRCT10DIF !! 1566 config CRYPTO_TWOFISH_X86_64_3WAY
1102 tristate "CRCT10DIF" !! 1567 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1103 select CRYPTO_HASH !! 1568 depends on X86 && 64BIT
>> 1569 select CRYPTO_ALGAPI
>> 1570 select CRYPTO_TWOFISH_COMMON
>> 1571 select CRYPTO_TWOFISH_X86_64
>> 1572 select CRYPTO_GLUE_HELPER_X86
>> 1573 select CRYPTO_LRW
>> 1574 select CRYPTO_XTS
1104 help 1575 help
1105 CRC16 CRC algorithm used for the T1 !! 1576 Twofish cipher algorithm (x86_64, 3-way parallel).
>> 1577
>> 1578 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1579 candidate cipher by researchers at CounterPane Systems. It is a
>> 1580 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1581 bits.
1106 1582
1107 CRC algorithm used by the SCSI Bloc !! 1583 This module provides Twofish cipher algorithm that processes three
>> 1584 blocks parallel, utilizing resources of out-of-order CPUs better.
1108 1585
1109 config CRYPTO_CRC64_ROCKSOFT !! 1586 See also:
1110 tristate "CRC64 based on Rocksoft Mod !! 1587 <http://www.schneier.com/twofish.html>
1111 depends on CRC64 !! 1588
1112 select CRYPTO_HASH !! 1589 config CRYPTO_TWOFISH_AVX_X86_64
>> 1590 tristate "Twofish cipher algorithm (x86_64/AVX)"
>> 1591 depends on X86 && 64BIT
>> 1592 select CRYPTO_ALGAPI
>> 1593 select CRYPTO_CRYPTD
>> 1594 select CRYPTO_ABLK_HELPER
>> 1595 select CRYPTO_GLUE_HELPER_X86
>> 1596 select CRYPTO_TWOFISH_COMMON
>> 1597 select CRYPTO_TWOFISH_X86_64
>> 1598 select CRYPTO_TWOFISH_X86_64_3WAY
>> 1599 select CRYPTO_LRW
>> 1600 select CRYPTO_XTS
1113 help 1601 help
1114 CRC64 CRC algorithm based on the Ro !! 1602 Twofish cipher algorithm (x86_64/AVX).
1115 1603
1116 Used by the NVMe implementation of !! 1604 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1605 candidate cipher by researchers at CounterPane Systems. It is a
>> 1606 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1607 bits.
1117 1608
1118 See https://zlib.net/crc_v3.txt !! 1609 This module provides the Twofish cipher algorithm that processes
>> 1610 eight blocks parallel using the AVX Instruction Set.
1119 1611
1120 endmenu !! 1612 See also:
>> 1613 <http://www.schneier.com/twofish.html>
1121 1614
1122 menu "Compression" !! 1615 comment "Compression"
1123 1616
1124 config CRYPTO_DEFLATE 1617 config CRYPTO_DEFLATE
1125 tristate "Deflate" !! 1618 tristate "Deflate compression algorithm"
1126 select CRYPTO_ALGAPI 1619 select CRYPTO_ALGAPI
1127 select CRYPTO_ACOMP2 1620 select CRYPTO_ACOMP2
1128 select ZLIB_INFLATE 1621 select ZLIB_INFLATE
1129 select ZLIB_DEFLATE 1622 select ZLIB_DEFLATE
1130 help 1623 help
1131 Deflate compression algorithm (RFC1 !! 1624 This is the Deflate algorithm (RFC1951), specified for use in
>> 1625 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1132 1626
1133 Used by IPSec with the IPCOMP proto !! 1627 You will most probably want this if using IPSec.
1134 1628
1135 config CRYPTO_LZO 1629 config CRYPTO_LZO
1136 tristate "LZO" !! 1630 tristate "LZO compression algorithm"
1137 select CRYPTO_ALGAPI 1631 select CRYPTO_ALGAPI
1138 select CRYPTO_ACOMP2 1632 select CRYPTO_ACOMP2
1139 select LZO_COMPRESS 1633 select LZO_COMPRESS
1140 select LZO_DECOMPRESS 1634 select LZO_DECOMPRESS
1141 help 1635 help
1142 LZO compression algorithm !! 1636 This is the LZO algorithm.
1143 <<
1144 See https://www.oberhumer.com/opens <<
1145 1637
1146 config CRYPTO_842 1638 config CRYPTO_842
1147 tristate "842" !! 1639 tristate "842 compression algorithm"
1148 select CRYPTO_ALGAPI 1640 select CRYPTO_ALGAPI
1149 select CRYPTO_ACOMP2 1641 select CRYPTO_ACOMP2
1150 select 842_COMPRESS 1642 select 842_COMPRESS
1151 select 842_DECOMPRESS 1643 select 842_DECOMPRESS
1152 help 1644 help
1153 842 compression algorithm by IBM !! 1645 This is the 842 algorithm.
1154 <<
1155 See https://github.com/plauth/lib84 <<
1156 1646
1157 config CRYPTO_LZ4 1647 config CRYPTO_LZ4
1158 tristate "LZ4" !! 1648 tristate "LZ4 compression algorithm"
1159 select CRYPTO_ALGAPI 1649 select CRYPTO_ALGAPI
1160 select CRYPTO_ACOMP2 1650 select CRYPTO_ACOMP2
1161 select LZ4_COMPRESS 1651 select LZ4_COMPRESS
1162 select LZ4_DECOMPRESS 1652 select LZ4_DECOMPRESS
1163 help 1653 help
1164 LZ4 compression algorithm !! 1654 This is the LZ4 algorithm.
1165 <<
1166 See https://github.com/lz4/lz4 for <<
1167 1655
1168 config CRYPTO_LZ4HC 1656 config CRYPTO_LZ4HC
1169 tristate "LZ4HC" !! 1657 tristate "LZ4HC compression algorithm"
1170 select CRYPTO_ALGAPI 1658 select CRYPTO_ALGAPI
1171 select CRYPTO_ACOMP2 1659 select CRYPTO_ACOMP2
1172 select LZ4HC_COMPRESS 1660 select LZ4HC_COMPRESS
1173 select LZ4_DECOMPRESS 1661 select LZ4_DECOMPRESS
1174 help 1662 help
1175 LZ4 high compression mode algorithm !! 1663 This is the LZ4 high compression mode algorithm.
1176 <<
1177 See https://github.com/lz4/lz4 for <<
1178 <<
1179 config CRYPTO_ZSTD <<
1180 tristate "Zstd" <<
1181 select CRYPTO_ALGAPI <<
1182 select CRYPTO_ACOMP2 <<
1183 select ZSTD_COMPRESS <<
1184 select ZSTD_DECOMPRESS <<
1185 help <<
1186 zstd compression algorithm <<
1187 1664
1188 See https://github.com/facebook/zst !! 1665 comment "Random Number Generation"
1189 <<
1190 endmenu <<
1191 <<
1192 menu "Random number generation" <<
1193 1666
1194 config CRYPTO_ANSI_CPRNG 1667 config CRYPTO_ANSI_CPRNG
1195 tristate "ANSI PRNG (Pseudo Random Nu !! 1668 tristate "Pseudo Random Number Generation for Cryptographic modules"
1196 select CRYPTO_AES 1669 select CRYPTO_AES
1197 select CRYPTO_RNG 1670 select CRYPTO_RNG
1198 help 1671 help
1199 Pseudo RNG (random number generator !! 1672 This option enables the generic pseudo random number generator
1200 !! 1673 for cryptographic modules. Uses the Algorithm specified in
1201 This uses the AES cipher algorithm. !! 1674 ANSI X9.31 A.2.4. Note that this option must be enabled if
1202 !! 1675 CRYPTO_FIPS is selected
1203 Note that this option must be enabl <<
1204 1676
1205 menuconfig CRYPTO_DRBG_MENU 1677 menuconfig CRYPTO_DRBG_MENU
1206 tristate "NIST SP800-90A DRBG (Determ !! 1678 tristate "NIST SP800-90A DRBG"
1207 help 1679 help
1208 DRBG (Deterministic Random Bit Gene !! 1680 NIST SP800-90A compliant DRBG. In the following submenu, one or
1209 !! 1681 more of the DRBG types must be selected.
1210 In the following submenu, one or mo <<
1211 1682
1212 if CRYPTO_DRBG_MENU 1683 if CRYPTO_DRBG_MENU
1213 1684
1214 config CRYPTO_DRBG_HMAC 1685 config CRYPTO_DRBG_HMAC
1215 bool 1686 bool
1216 default y 1687 default y
1217 select CRYPTO_HMAC 1688 select CRYPTO_HMAC
1218 select CRYPTO_SHA512 !! 1689 select CRYPTO_SHA256
1219 1690
1220 config CRYPTO_DRBG_HASH 1691 config CRYPTO_DRBG_HASH
1221 bool "Hash_DRBG" !! 1692 bool "Enable Hash DRBG"
1222 select CRYPTO_SHA256 1693 select CRYPTO_SHA256
1223 help 1694 help
1224 Hash_DRBG variant as defined in NIS !! 1695 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1225 <<
1226 This uses the SHA-1, SHA-256, SHA-3 <<
1227 1696
1228 config CRYPTO_DRBG_CTR 1697 config CRYPTO_DRBG_CTR
1229 bool "CTR_DRBG" !! 1698 bool "Enable CTR DRBG"
1230 select CRYPTO_AES 1699 select CRYPTO_AES
1231 select CRYPTO_CTR !! 1700 depends on CRYPTO_CTR
1232 help 1701 help
1233 CTR_DRBG variant as defined in NIST !! 1702 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1234 <<
1235 This uses the AES cipher algorithm <<
1236 1703
1237 config CRYPTO_DRBG 1704 config CRYPTO_DRBG
1238 tristate 1705 tristate
1239 default CRYPTO_DRBG_MENU 1706 default CRYPTO_DRBG_MENU
1240 select CRYPTO_RNG 1707 select CRYPTO_RNG
1241 select CRYPTO_JITTERENTROPY 1708 select CRYPTO_JITTERENTROPY
1242 1709
1243 endif # if CRYPTO_DRBG_MENU 1710 endif # if CRYPTO_DRBG_MENU
1244 1711
1245 config CRYPTO_JITTERENTROPY 1712 config CRYPTO_JITTERENTROPY
1246 tristate "CPU Jitter Non-Deterministi !! 1713 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1247 select CRYPTO_RNG 1714 select CRYPTO_RNG
1248 select CRYPTO_SHA3 <<
1249 help 1715 help
1250 CPU Jitter RNG (Random Number Gener !! 1716 The Jitterentropy RNG is a noise that is intended
1251 !! 1717 to provide seed to another RNG. The RNG does not
1252 A non-physical non-deterministic (" !! 1718 perform any cryptographic whitening of the generated
1253 compliant with NIST SP800-90B) inte !! 1719 random numbers. This Jitterentropy RNG registers with
1254 deterministic RNG (e.g., per NIST S !! 1720 the kernel crypto API and can be used by any caller.
1255 This RNG does not perform any crypt <<
1256 random numbers. <<
1257 <<
1258 See https://www.chronox.de/jent/ <<
1259 <<
1260 if CRYPTO_JITTERENTROPY <<
1261 if CRYPTO_FIPS && EXPERT <<
1262 <<
1263 choice <<
1264 prompt "CPU Jitter RNG Memory Size" <<
1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ <<
1266 help <<
1267 The Jitter RNG measures the executi <<
1268 Multiple consecutive memory accesse <<
1269 size fits into a cache (e.g. L1), o <<
1270 to that cache is measured. The clos <<
1271 the less variations are measured an <<
1272 obtained. Thus, if the memory size <<
1273 obtained entropy is less than if th <<
1274 L1 + L2, which in turn is less if t <<
1275 L1 + L2 + L3. Thus, by selecting a <<
1276 the entropy rate produced by the Ji <<
1277 <<
1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 <<
1279 bool "2048 Bytes (default)" <<
1280 <<
1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1282 bool "128 kBytes" <<
1283 <<
1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1285 bool "1024 kBytes" <<
1286 <<
1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 <<
1288 bool "8192 kBytes" <<
1289 endchoice <<
1290 <<
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1292 int <<
1293 default 64 if CRYPTO_JITTERENTROPY_ME <<
1294 default 512 if CRYPTO_JITTERENTROPY_M <<
1295 default 1024 if CRYPTO_JITTERENTROPY_ <<
1296 default 4096 if CRYPTO_JITTERENTROPY_ <<
1297 <<
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1299 int <<
1300 default 32 if CRYPTO_JITTERENTROPY_ME <<
1301 default 256 if CRYPTO_JITTERENTROPY_M <<
1302 default 1024 if CRYPTO_JITTERENTROPY_ <<
1303 default 2048 if CRYPTO_JITTERENTROPY_ <<
1304 <<
1305 config CRYPTO_JITTERENTROPY_OSR <<
1306 int "CPU Jitter RNG Oversampling Rate <<
1307 range 1 15 <<
1308 default 3 <<
1309 help <<
1310 The Jitter RNG allows the specifica <<
1311 The Jitter RNG operation requires a <<
1312 measurements to produce one output <<
1313 OSR value is multiplied with the am <<
1314 generate one output block. Thus, th <<
1315 by the OSR factor. The oversampling <<
1316 on hardware whose timers deliver li <<
1317 the timer is coarse) by setting the <<
1318 trade-off, however, is that the Jit <<
1319 to generate random numbers. <<
1320 <<
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1322 bool "CPU Jitter RNG Test Interface" <<
1323 help <<
1324 The test interface allows a privile <<
1325 the raw unconditioned high resoluti <<
1326 is collected by the Jitter RNG for <<
1327 this data is used at the same time <<
1328 the Jitter RNG operates in an insec <<
1329 recording is enabled. This interfac <<
1330 intended for testing purposes and i <<
1331 production systems. <<
1332 <<
1333 The raw noise data can be obtained <<
1334 debugfs file. Using the option <<
1335 jitterentropy_testing.boot_raw_hire <<
1336 the first 1000 entropy events since <<
1337 <<
1338 If unsure, select N. <<
1339 <<
1340 endif # if CRYPTO_FIPS && EXPERT <<
1341 <<
1342 if !(CRYPTO_FIPS && EXPERT) <<
1343 <<
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1345 int <<
1346 default 64 <<
1347 <<
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1349 int <<
1350 default 32 <<
1351 <<
1352 config CRYPTO_JITTERENTROPY_OSR <<
1353 int <<
1354 default 1 <<
1355 <<
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1357 bool <<
1358 <<
1359 endif # if !(CRYPTO_FIPS && EXPERT) <<
1360 endif # if CRYPTO_JITTERENTROPY <<
1361 <<
1362 config CRYPTO_KDF800108_CTR <<
1363 tristate <<
1364 select CRYPTO_HMAC <<
1365 select CRYPTO_SHA256 <<
1366 <<
1367 endmenu <<
1368 menu "Userspace interface" <<
1369 1721
1370 config CRYPTO_USER_API 1722 config CRYPTO_USER_API
1371 tristate 1723 tristate
1372 1724
1373 config CRYPTO_USER_API_HASH 1725 config CRYPTO_USER_API_HASH
1374 tristate "Hash algorithms" !! 1726 tristate "User-space interface for hash algorithms"
1375 depends on NET 1727 depends on NET
1376 select CRYPTO_HASH 1728 select CRYPTO_HASH
1377 select CRYPTO_USER_API 1729 select CRYPTO_USER_API
1378 help 1730 help
1379 Enable the userspace interface for !! 1731 This option enables the user-spaces interface for hash
1380 !! 1732 algorithms.
1381 See Documentation/crypto/userspace- <<
1382 https://www.chronox.de/libkcapi/htm <<
1383 1733
1384 config CRYPTO_USER_API_SKCIPHER 1734 config CRYPTO_USER_API_SKCIPHER
1385 tristate "Symmetric key cipher algori !! 1735 tristate "User-space interface for symmetric key cipher algorithms"
1386 depends on NET 1736 depends on NET
1387 select CRYPTO_SKCIPHER !! 1737 select CRYPTO_BLKCIPHER
1388 select CRYPTO_USER_API 1738 select CRYPTO_USER_API
1389 help 1739 help
1390 Enable the userspace interface for !! 1740 This option enables the user-spaces interface for symmetric
1391 !! 1741 key cipher algorithms.
1392 See Documentation/crypto/userspace- <<
1393 https://www.chronox.de/libkcapi/htm <<
1394 1742
1395 config CRYPTO_USER_API_RNG 1743 config CRYPTO_USER_API_RNG
1396 tristate "RNG (random number generato !! 1744 tristate "User-space interface for random number generator algorithms"
1397 depends on NET 1745 depends on NET
1398 select CRYPTO_RNG 1746 select CRYPTO_RNG
1399 select CRYPTO_USER_API 1747 select CRYPTO_USER_API
1400 help 1748 help
1401 Enable the userspace interface for !! 1749 This option enables the user-spaces interface for random
1402 algorithms. !! 1750 number generator algorithms.
1403 <<
1404 See Documentation/crypto/userspace- <<
1405 https://www.chronox.de/libkcapi/htm <<
1406 <<
1407 config CRYPTO_USER_API_RNG_CAVP <<
1408 bool "Enable CAVP testing of DRBG" <<
1409 depends on CRYPTO_USER_API_RNG && CRY <<
1410 help <<
1411 Enable extra APIs in the userspace <<
1412 (Cryptographic Algorithm Validation <<
1413 - resetting DRBG entropy <<
1414 - providing Additional Data <<
1415 <<
1416 This should only be enabled for CAV <<
1417 no unless you know what this is. <<
1418 1751
1419 config CRYPTO_USER_API_AEAD 1752 config CRYPTO_USER_API_AEAD
1420 tristate "AEAD cipher algorithms" !! 1753 tristate "User-space interface for AEAD cipher algorithms"
1421 depends on NET 1754 depends on NET
1422 select CRYPTO_AEAD 1755 select CRYPTO_AEAD
1423 select CRYPTO_SKCIPHER <<
1424 select CRYPTO_NULL <<
1425 select CRYPTO_USER_API 1756 select CRYPTO_USER_API
1426 help 1757 help
1427 Enable the userspace interface for !! 1758 This option enables the user-spaces interface for AEAD
1428 !! 1759 cipher algorithms.
1429 See Documentation/crypto/userspace- <<
1430 https://www.chronox.de/libkcapi/htm <<
1431 <<
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE <<
1433 bool "Obsolete cryptographic algorith <<
1434 depends on CRYPTO_USER_API <<
1435 default y <<
1436 help <<
1437 Allow obsolete cryptographic algori <<
1438 already been phased out from intern <<
1439 only useful for userspace clients t <<
1440 <<
1441 endmenu <<
1442 1760
1443 config CRYPTO_HASH_INFO 1761 config CRYPTO_HASH_INFO
1444 bool 1762 bool
1445 1763
1446 if !KMSAN # avoid false positives from assemb <<
1447 if ARM <<
1448 source "arch/arm/crypto/Kconfig" <<
1449 endif <<
1450 if ARM64 <<
1451 source "arch/arm64/crypto/Kconfig" <<
1452 endif <<
1453 if LOONGARCH <<
1454 source "arch/loongarch/crypto/Kconfig" <<
1455 endif <<
1456 if MIPS <<
1457 source "arch/mips/crypto/Kconfig" <<
1458 endif <<
1459 if PPC <<
1460 source "arch/powerpc/crypto/Kconfig" <<
1461 endif <<
1462 if RISCV <<
1463 source "arch/riscv/crypto/Kconfig" <<
1464 endif <<
1465 if S390 <<
1466 source "arch/s390/crypto/Kconfig" <<
1467 endif <<
1468 if SPARC <<
1469 source "arch/sparc/crypto/Kconfig" <<
1470 endif <<
1471 if X86 <<
1472 source "arch/x86/crypto/Kconfig" <<
1473 endif <<
1474 endif <<
1475 <<
1476 source "drivers/crypto/Kconfig" 1764 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig" !! 1765 source crypto/asymmetric_keys/Kconfig
1478 source "certs/Kconfig" !! 1766 source certs/Kconfig
1479 1767
1480 endif # if CRYPTO 1768 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.