1 # SPDX-License-Identifier: GPL-2.0 1 # SPDX-License-Identifier: GPL-2.0
2 # 2 #
3 # Generic algorithms support 3 # Generic algorithms support
4 # 4 #
5 config XOR_BLOCKS 5 config XOR_BLOCKS
6 tristate 6 tristate
7 7
8 # 8 #
9 # async_tx api: hardware offloaded memory tran 9 # async_tx api: hardware offloaded memory transfer/transform support
10 # 10 #
11 source "crypto/async_tx/Kconfig" 11 source "crypto/async_tx/Kconfig"
12 12
13 # 13 #
14 # Cryptographic API Configuration 14 # Cryptographic API Configuration
15 # 15 #
16 menuconfig CRYPTO 16 menuconfig CRYPTO
17 tristate "Cryptographic API" 17 tristate "Cryptographic API"
18 select CRYPTO_LIB_UTILS <<
19 help 18 help
20 This option provides the core Crypto 19 This option provides the core Cryptographic API.
21 20
22 if CRYPTO 21 if CRYPTO
23 22
24 menu "Crypto core or helper" !! 23 comment "Crypto core or helper"
25 24
26 config CRYPTO_FIPS 25 config CRYPTO_FIPS
27 bool "FIPS 200 compliance" 26 bool "FIPS 200 compliance"
28 depends on (CRYPTO_ANSI_CPRNG || CRYPT 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
29 depends on (MODULE_SIG || !MODULES) 28 depends on (MODULE_SIG || !MODULES)
30 help 29 help
31 This option enables the fips boot op !! 30 This options enables the fips boot option which is
32 required if you want the system to o !! 31 required if you want to system to operate in a FIPS 200
33 certification. You should say no un 32 certification. You should say no unless you know what
34 this is. 33 this is.
35 34
36 config CRYPTO_FIPS_NAME <<
37 string "FIPS Module Name" <<
38 default "Linux Kernel Cryptographic AP <<
39 depends on CRYPTO_FIPS <<
40 help <<
41 This option sets the FIPS Module nam <<
42 the /proc/sys/crypto/fips_name file. <<
43 <<
44 config CRYPTO_FIPS_CUSTOM_VERSION <<
45 bool "Use Custom FIPS Module Version" <<
46 depends on CRYPTO_FIPS <<
47 default n <<
48 <<
49 config CRYPTO_FIPS_VERSION <<
50 string "FIPS Module Version" <<
51 default "(none)" <<
52 depends on CRYPTO_FIPS_CUSTOM_VERSION <<
53 help <<
54 This option provides the ability to <<
55 By default the KERNELRELEASE value i <<
56 <<
57 config CRYPTO_ALGAPI 35 config CRYPTO_ALGAPI
58 tristate 36 tristate
59 select CRYPTO_ALGAPI2 37 select CRYPTO_ALGAPI2
60 help 38 help
61 This option provides the API for cry 39 This option provides the API for cryptographic algorithms.
62 40
63 config CRYPTO_ALGAPI2 41 config CRYPTO_ALGAPI2
64 tristate 42 tristate
65 43
66 config CRYPTO_AEAD 44 config CRYPTO_AEAD
67 tristate 45 tristate
68 select CRYPTO_AEAD2 46 select CRYPTO_AEAD2
69 select CRYPTO_ALGAPI 47 select CRYPTO_ALGAPI
70 48
71 config CRYPTO_AEAD2 49 config CRYPTO_AEAD2
72 tristate 50 tristate
73 select CRYPTO_ALGAPI2 51 select CRYPTO_ALGAPI2
>> 52 select CRYPTO_NULL2
>> 53 select CRYPTO_RNG2
74 54
75 config CRYPTO_SIG !! 55 config CRYPTO_BLKCIPHER
76 tristate <<
77 select CRYPTO_SIG2 <<
78 select CRYPTO_ALGAPI <<
79 <<
80 config CRYPTO_SIG2 <<
81 tristate <<
82 select CRYPTO_ALGAPI2 <<
83 <<
84 config CRYPTO_SKCIPHER <<
85 tristate 56 tristate
86 select CRYPTO_SKCIPHER2 !! 57 select CRYPTO_BLKCIPHER2
87 select CRYPTO_ALGAPI 58 select CRYPTO_ALGAPI
88 select CRYPTO_ECB <<
89 59
90 config CRYPTO_SKCIPHER2 !! 60 config CRYPTO_BLKCIPHER2
91 tristate 61 tristate
92 select CRYPTO_ALGAPI2 62 select CRYPTO_ALGAPI2
>> 63 select CRYPTO_RNG2
>> 64 select CRYPTO_WORKQUEUE
93 65
94 config CRYPTO_HASH 66 config CRYPTO_HASH
95 tristate 67 tristate
96 select CRYPTO_HASH2 68 select CRYPTO_HASH2
97 select CRYPTO_ALGAPI 69 select CRYPTO_ALGAPI
98 70
99 config CRYPTO_HASH2 71 config CRYPTO_HASH2
100 tristate 72 tristate
101 select CRYPTO_ALGAPI2 73 select CRYPTO_ALGAPI2
102 74
103 config CRYPTO_RNG 75 config CRYPTO_RNG
104 tristate 76 tristate
105 select CRYPTO_RNG2 77 select CRYPTO_RNG2
106 select CRYPTO_ALGAPI 78 select CRYPTO_ALGAPI
107 79
108 config CRYPTO_RNG2 80 config CRYPTO_RNG2
109 tristate 81 tristate
110 select CRYPTO_ALGAPI2 82 select CRYPTO_ALGAPI2
111 83
112 config CRYPTO_RNG_DEFAULT 84 config CRYPTO_RNG_DEFAULT
113 tristate 85 tristate
114 select CRYPTO_DRBG_MENU 86 select CRYPTO_DRBG_MENU
115 87
116 config CRYPTO_AKCIPHER2 88 config CRYPTO_AKCIPHER2
117 tristate 89 tristate
118 select CRYPTO_ALGAPI2 90 select CRYPTO_ALGAPI2
119 91
120 config CRYPTO_AKCIPHER 92 config CRYPTO_AKCIPHER
121 tristate 93 tristate
122 select CRYPTO_AKCIPHER2 94 select CRYPTO_AKCIPHER2
123 select CRYPTO_ALGAPI 95 select CRYPTO_ALGAPI
124 96
125 config CRYPTO_KPP2 97 config CRYPTO_KPP2
126 tristate 98 tristate
127 select CRYPTO_ALGAPI2 99 select CRYPTO_ALGAPI2
128 100
129 config CRYPTO_KPP 101 config CRYPTO_KPP
130 tristate 102 tristate
131 select CRYPTO_ALGAPI 103 select CRYPTO_ALGAPI
132 select CRYPTO_KPP2 104 select CRYPTO_KPP2
133 105
134 config CRYPTO_ACOMP2 106 config CRYPTO_ACOMP2
135 tristate 107 tristate
136 select CRYPTO_ALGAPI2 108 select CRYPTO_ALGAPI2
137 select SGL_ALLOC <<
138 109
139 config CRYPTO_ACOMP 110 config CRYPTO_ACOMP
140 tristate 111 tristate
141 select CRYPTO_ALGAPI 112 select CRYPTO_ALGAPI
142 select CRYPTO_ACOMP2 113 select CRYPTO_ACOMP2
143 114
>> 115 config CRYPTO_RSA
>> 116 tristate "RSA algorithm"
>> 117 select CRYPTO_AKCIPHER
>> 118 select CRYPTO_MANAGER
>> 119 select MPILIB
>> 120 select ASN1
>> 121 help
>> 122 Generic implementation of the RSA public key algorithm.
>> 123
>> 124 config CRYPTO_DH
>> 125 tristate "Diffie-Hellman algorithm"
>> 126 select CRYPTO_KPP
>> 127 select MPILIB
>> 128 help
>> 129 Generic implementation of the Diffie-Hellman algorithm.
>> 130
>> 131 config CRYPTO_ECDH
>> 132 tristate "ECDH algorithm"
>> 133 select CRYPTO_KPP
>> 134 select CRYPTO_RNG_DEFAULT
>> 135 help
>> 136 Generic implementation of the ECDH algorithm
>> 137
144 config CRYPTO_MANAGER 138 config CRYPTO_MANAGER
145 tristate "Cryptographic algorithm mana 139 tristate "Cryptographic algorithm manager"
146 select CRYPTO_MANAGER2 140 select CRYPTO_MANAGER2
147 help 141 help
148 Create default cryptographic templat 142 Create default cryptographic template instantiations such as
149 cbc(aes). 143 cbc(aes).
150 144
151 config CRYPTO_MANAGER2 145 config CRYPTO_MANAGER2
152 def_tristate CRYPTO_MANAGER || (CRYPTO 146 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153 select CRYPTO_ACOMP2 <<
154 select CRYPTO_AEAD2 147 select CRYPTO_AEAD2
155 select CRYPTO_AKCIPHER2 <<
156 select CRYPTO_SIG2 <<
157 select CRYPTO_HASH2 148 select CRYPTO_HASH2
>> 149 select CRYPTO_BLKCIPHER2
>> 150 select CRYPTO_AKCIPHER2
158 select CRYPTO_KPP2 151 select CRYPTO_KPP2
159 select CRYPTO_RNG2 !! 152 select CRYPTO_ACOMP2
160 select CRYPTO_SKCIPHER2 <<
161 153
162 config CRYPTO_USER 154 config CRYPTO_USER
163 tristate "Userspace cryptographic algo 155 tristate "Userspace cryptographic algorithm configuration"
164 depends on NET 156 depends on NET
165 select CRYPTO_MANAGER 157 select CRYPTO_MANAGER
166 help 158 help
167 Userspace configuration for cryptogr 159 Userspace configuration for cryptographic instantiations such as
168 cbc(aes). 160 cbc(aes).
169 161
170 config CRYPTO_MANAGER_DISABLE_TESTS 162 config CRYPTO_MANAGER_DISABLE_TESTS
171 bool "Disable run-time self tests" 163 bool "Disable run-time self tests"
172 default y 164 default y
>> 165 depends on CRYPTO_MANAGER2
173 help 166 help
174 Disable run-time self tests that nor 167 Disable run-time self tests that normally take place at
175 algorithm registration. 168 algorithm registration.
176 169
177 config CRYPTO_MANAGER_EXTRA_TESTS !! 170 config CRYPTO_GF128MUL
178 bool "Enable extra run-time crypto sel !! 171 tristate "GF(2^128) multiplication functions"
179 depends on DEBUG_KERNEL && !CRYPTO_MAN <<
180 help 172 help
181 Enable extra run-time self tests of !! 173 Efficient table driven implementation of multiplications in the
182 including randomized fuzz tests. !! 174 field GF(2^128). This is needed by some cypher modes. This
183 !! 175 option will be selected automatically if you select such a
184 This is intended for developer use o !! 176 cipher mode. Only select this option by hand if you expect to load
185 longer to run than the normal self t !! 177 an external module that requires these functions.
186 178
187 config CRYPTO_NULL 179 config CRYPTO_NULL
188 tristate "Null algorithms" 180 tristate "Null algorithms"
189 select CRYPTO_NULL2 181 select CRYPTO_NULL2
190 help 182 help
191 These are 'Null' algorithms, used by 183 These are 'Null' algorithms, used by IPsec, which do nothing.
192 184
193 config CRYPTO_NULL2 185 config CRYPTO_NULL2
194 tristate 186 tristate
195 select CRYPTO_ALGAPI2 187 select CRYPTO_ALGAPI2
196 select CRYPTO_SKCIPHER2 !! 188 select CRYPTO_BLKCIPHER2
197 select CRYPTO_HASH2 189 select CRYPTO_HASH2
198 190
199 config CRYPTO_PCRYPT 191 config CRYPTO_PCRYPT
200 tristate "Parallel crypto engine" 192 tristate "Parallel crypto engine"
201 depends on SMP 193 depends on SMP
202 select PADATA 194 select PADATA
203 select CRYPTO_MANAGER 195 select CRYPTO_MANAGER
204 select CRYPTO_AEAD 196 select CRYPTO_AEAD
205 help 197 help
206 This converts an arbitrary crypto al 198 This converts an arbitrary crypto algorithm into a parallel
207 algorithm that executes in kernel th 199 algorithm that executes in kernel threads.
208 200
>> 201 config CRYPTO_WORKQUEUE
>> 202 tristate
>> 203
209 config CRYPTO_CRYPTD 204 config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon 205 tristate "Software async crypto daemon"
211 select CRYPTO_SKCIPHER !! 206 select CRYPTO_BLKCIPHER
212 select CRYPTO_HASH 207 select CRYPTO_HASH
213 select CRYPTO_MANAGER 208 select CRYPTO_MANAGER
>> 209 select CRYPTO_WORKQUEUE
214 help 210 help
215 This is a generic software asynchron 211 This is a generic software asynchronous crypto daemon that
216 converts an arbitrary synchronous so 212 converts an arbitrary synchronous software crypto algorithm
217 into an asynchronous algorithm that 213 into an asynchronous algorithm that executes in a kernel thread.
218 214
>> 215 config CRYPTO_MCRYPTD
>> 216 tristate "Software async multi-buffer crypto daemon"
>> 217 select CRYPTO_BLKCIPHER
>> 218 select CRYPTO_HASH
>> 219 select CRYPTO_MANAGER
>> 220 select CRYPTO_WORKQUEUE
>> 221 help
>> 222 This is a generic software asynchronous crypto daemon that
>> 223 provides the kernel thread to assist multi-buffer crypto
>> 224 algorithms for submitting jobs and flushing jobs in multi-buffer
>> 225 crypto algorithms. Multi-buffer crypto algorithms are executed
>> 226 in the context of this kernel thread and drivers can post
>> 227 their crypto request asynchronously to be processed by this daemon.
>> 228
219 config CRYPTO_AUTHENC 229 config CRYPTO_AUTHENC
220 tristate "Authenc support" 230 tristate "Authenc support"
221 select CRYPTO_AEAD 231 select CRYPTO_AEAD
222 select CRYPTO_SKCIPHER !! 232 select CRYPTO_BLKCIPHER
223 select CRYPTO_MANAGER 233 select CRYPTO_MANAGER
224 select CRYPTO_HASH 234 select CRYPTO_HASH
225 select CRYPTO_NULL 235 select CRYPTO_NULL
226 help 236 help
227 Authenc: Combined mode wrapper for I 237 Authenc: Combined mode wrapper for IPsec.
228 !! 238 This is required for IPSec.
229 This is required for IPSec ESP (XFRM <<
230 239
231 config CRYPTO_TEST 240 config CRYPTO_TEST
232 tristate "Testing module" 241 tristate "Testing module"
233 depends on m || EXPERT !! 242 depends on m
234 select CRYPTO_MANAGER 243 select CRYPTO_MANAGER
235 help 244 help
236 Quick & dirty crypto test module. 245 Quick & dirty crypto test module.
237 246
>> 247 config CRYPTO_ABLK_HELPER
>> 248 tristate
>> 249 select CRYPTO_CRYPTD
>> 250
238 config CRYPTO_SIMD 251 config CRYPTO_SIMD
239 tristate 252 tristate
240 select CRYPTO_CRYPTD 253 select CRYPTO_CRYPTD
241 254
>> 255 config CRYPTO_GLUE_HELPER_X86
>> 256 tristate
>> 257 depends on X86
>> 258 select CRYPTO_BLKCIPHER
>> 259
242 config CRYPTO_ENGINE 260 config CRYPTO_ENGINE
243 tristate 261 tristate
244 262
245 endmenu !! 263 comment "Authenticated Encryption with Associated Data"
246 264
247 menu "Public-key cryptography" !! 265 config CRYPTO_CCM
>> 266 tristate "CCM support"
>> 267 select CRYPTO_CTR
>> 268 select CRYPTO_HASH
>> 269 select CRYPTO_AEAD
>> 270 help
>> 271 Support for Counter with CBC MAC. Required for IPsec.
248 272
249 config CRYPTO_RSA !! 273 config CRYPTO_GCM
250 tristate "RSA (Rivest-Shamir-Adleman)" !! 274 tristate "GCM/GMAC support"
251 select CRYPTO_AKCIPHER !! 275 select CRYPTO_CTR
252 select CRYPTO_MANAGER !! 276 select CRYPTO_AEAD
253 select MPILIB !! 277 select CRYPTO_GHASH
254 select ASN1 !! 278 select CRYPTO_NULL
255 help 279 help
256 RSA (Rivest-Shamir-Adleman) public k !! 280 Support for Galois/Counter Mode (GCM) and Galois Message
>> 281 Authentication Code (GMAC). Required for IPSec.
257 282
258 config CRYPTO_DH !! 283 config CRYPTO_CHACHA20POLY1305
259 tristate "DH (Diffie-Hellman)" !! 284 tristate "ChaCha20-Poly1305 AEAD support"
260 select CRYPTO_KPP !! 285 select CRYPTO_CHACHA20
261 select MPILIB !! 286 select CRYPTO_POLY1305
>> 287 select CRYPTO_AEAD
262 help 288 help
263 DH (Diffie-Hellman) key exchange alg !! 289 ChaCha20-Poly1305 AEAD support, RFC7539.
>> 290
>> 291 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
>> 292 with the Poly1305 authenticator. It is defined in RFC7539 for use in
>> 293 IETF protocols.
264 294
265 config CRYPTO_DH_RFC7919_GROUPS !! 295 config CRYPTO_SEQIV
266 bool "RFC 7919 FFDHE groups" !! 296 tristate "Sequence Number IV Generator"
267 depends on CRYPTO_DH !! 297 select CRYPTO_AEAD
>> 298 select CRYPTO_BLKCIPHER
>> 299 select CRYPTO_NULL
268 select CRYPTO_RNG_DEFAULT 300 select CRYPTO_RNG_DEFAULT
269 help 301 help
270 FFDHE (Finite-Field-based Diffie-Hel !! 302 This IV generator generates an IV based on a sequence number by
271 defined in RFC7919. !! 303 xoring it with a salt. This algorithm is mainly useful for CTR
272 304
273 Support these finite-field groups in !! 305 config CRYPTO_ECHAINIV
274 - ffdhe2048, ffdhe3072, ffdhe4096, f !! 306 tristate "Encrypted Chain IV Generator"
>> 307 select CRYPTO_AEAD
>> 308 select CRYPTO_NULL
>> 309 select CRYPTO_RNG_DEFAULT
>> 310 default m
>> 311 help
>> 312 This IV generator generates an IV based on the encryption of
>> 313 a sequence number xored with a salt. This is the default
>> 314 algorithm for CBC.
275 315
276 If unsure, say N. !! 316 comment "Block modes"
277 317
278 config CRYPTO_ECC !! 318 config CRYPTO_CBC
279 tristate !! 319 tristate "CBC support"
280 select CRYPTO_RNG_DEFAULT !! 320 select CRYPTO_BLKCIPHER
>> 321 select CRYPTO_MANAGER
>> 322 help
>> 323 CBC: Cipher Block Chaining mode
>> 324 This block cipher algorithm is required for IPSec.
281 325
282 config CRYPTO_ECDH !! 326 config CRYPTO_CTR
283 tristate "ECDH (Elliptic Curve Diffie- !! 327 tristate "CTR support"
284 select CRYPTO_ECC !! 328 select CRYPTO_BLKCIPHER
285 select CRYPTO_KPP !! 329 select CRYPTO_SEQIV
>> 330 select CRYPTO_MANAGER
286 help 331 help
287 ECDH (Elliptic Curve Diffie-Hellman) !! 332 CTR: Counter mode
288 using curves P-192, P-256, and P-384 !! 333 This block cipher algorithm is required for IPSec.
289 334
290 config CRYPTO_ECDSA !! 335 config CRYPTO_CTS
291 tristate "ECDSA (Elliptic Curve Digita !! 336 tristate "CTS support"
292 select CRYPTO_ECC !! 337 select CRYPTO_BLKCIPHER
293 select CRYPTO_AKCIPHER <<
294 select ASN1 <<
295 help 338 help
296 ECDSA (Elliptic Curve Digital Signat !! 339 CTS: Cipher Text Stealing
297 ISO/IEC 14888-3) !! 340 This is the Cipher Text Stealing mode as described by
298 using curves P-192, P-256, and P-384 !! 341 Section 8 of rfc2040 and referenced by rfc3962.
299 !! 342 (rfc3962 includes errata information in its Appendix A)
300 Only signature verification is imple !! 343 This mode is required for Kerberos gss mechanism support
301 !! 344 for AES encryption.
302 config CRYPTO_ECRDSA !! 345
303 tristate "EC-RDSA (Elliptic Curve Russ !! 346 config CRYPTO_ECB
304 select CRYPTO_ECC !! 347 tristate "ECB support"
305 select CRYPTO_AKCIPHER !! 348 select CRYPTO_BLKCIPHER
306 select CRYPTO_STREEBOG !! 349 select CRYPTO_MANAGER
307 select OID_REGISTRY <<
308 select ASN1 <<
309 help 350 help
310 Elliptic Curve Russian Digital Signa !! 351 ECB: Electronic CodeBook mode
311 RFC 7091, ISO/IEC 14888-3) !! 352 This is the simplest block cipher algorithm. It simply encrypts
>> 353 the input block by block.
312 354
313 One of the Russian cryptographic sta !! 355 config CRYPTO_LRW
314 algorithms). Only signature verifica !! 356 tristate "LRW support"
>> 357 select CRYPTO_BLKCIPHER
>> 358 select CRYPTO_MANAGER
>> 359 select CRYPTO_GF128MUL
>> 360 help
>> 361 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
>> 362 narrow block cipher mode for dm-crypt. Use it with cipher
>> 363 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
>> 364 The first 128, 192 or 256 bits in the key are used for AES and the
>> 365 rest is used to tie each cipher block to its logical position.
315 366
316 config CRYPTO_CURVE25519 !! 367 config CRYPTO_PCBC
317 tristate "Curve25519" !! 368 tristate "PCBC support"
318 select CRYPTO_KPP !! 369 select CRYPTO_BLKCIPHER
319 select CRYPTO_LIB_CURVE25519_GENERIC !! 370 select CRYPTO_MANAGER
320 help 371 help
321 Curve25519 elliptic curve (RFC7748) !! 372 PCBC: Propagating Cipher Block Chaining mode
>> 373 This block cipher algorithm is required for RxRPC.
322 374
323 endmenu !! 375 config CRYPTO_XTS
>> 376 tristate "XTS support"
>> 377 select CRYPTO_BLKCIPHER
>> 378 select CRYPTO_MANAGER
>> 379 select CRYPTO_ECB
>> 380 help
>> 381 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
>> 382 key size 256, 384 or 512 bits. This implementation currently
>> 383 can't handle a sectorsize which is not a multiple of 16 bytes.
324 384
325 menu "Block ciphers" !! 385 config CRYPTO_KEYWRAP
>> 386 tristate "Key wrapping support"
>> 387 select CRYPTO_BLKCIPHER
>> 388 help
>> 389 Support for key wrapping (NIST SP800-38F / RFC3394) without
>> 390 padding.
326 391
327 config CRYPTO_AES !! 392 comment "Hash modes"
328 tristate "AES (Advanced Encryption Sta !! 393
329 select CRYPTO_ALGAPI !! 394 config CRYPTO_CMAC
330 select CRYPTO_LIB_AES !! 395 tristate "CMAC support"
>> 396 select CRYPTO_HASH
>> 397 select CRYPTO_MANAGER
331 help 398 help
332 AES cipher algorithms (Rijndael)(FIP !! 399 Cipher-based Message Authentication Code (CMAC) specified by
>> 400 The National Institute of Standards and Technology (NIST).
333 401
334 Rijndael appears to be consistently !! 402 https://tools.ietf.org/html/rfc4493
335 both hardware and software across a !! 403 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
336 environments regardless of its use i <<
337 modes. Its key setup time is excelle <<
338 good. Rijndael's very low memory req <<
339 suited for restricted-space environm <<
340 demonstrates excellent performance. <<
341 among the easiest to defend against <<
342 404
343 The AES specifies three key sizes: 1 !! 405 config CRYPTO_HMAC
>> 406 tristate "HMAC support"
>> 407 select CRYPTO_HASH
>> 408 select CRYPTO_MANAGER
>> 409 help
>> 410 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
>> 411 This is required for IPSec.
344 412
345 config CRYPTO_AES_TI !! 413 config CRYPTO_XCBC
346 tristate "AES (Advanced Encryption Sta !! 414 tristate "XCBC support"
347 select CRYPTO_ALGAPI !! 415 select CRYPTO_HASH
348 select CRYPTO_LIB_AES !! 416 select CRYPTO_MANAGER
349 help 417 help
350 AES cipher algorithms (Rijndael)(FIP !! 418 XCBC: Keyed-Hashing with encryption algorithm
>> 419 http://www.ietf.org/rfc/rfc3566.txt
>> 420 http://csrc.nist.gov/encryption/modes/proposedmodes/
>> 421 xcbc-mac/xcbc-mac-spec.pdf
351 422
352 This is a generic implementation of !! 423 config CRYPTO_VMAC
353 data dependent latencies as much as !! 424 tristate "VMAC support"
354 performance too much. It is intended !! 425 select CRYPTO_HASH
355 and GCM drivers, and other CTR or CM !! 426 select CRYPTO_MANAGER
356 solely on encryption (although decry !! 427 help
357 with a more dramatic performance hit !! 428 VMAC is a message authentication algorithm designed for
>> 429 very high speed on 64-bit architectures.
358 430
359 Instead of using 16 lookup tables of !! 431 See also:
360 8 for decryption), this implementati !! 432 <http://fastcrypto.org/vmac>
361 256 bytes each, and attempts to elim <<
362 prefetching the entire table into th <<
363 block. Interrupts are also disabled <<
364 are evicted when the CPU is interrup <<
365 433
366 config CRYPTO_ANUBIS !! 434 comment "Digest"
367 tristate "Anubis" !! 435
368 depends on CRYPTO_USER_API_ENABLE_OBSO !! 436 config CRYPTO_CRC32C
369 select CRYPTO_ALGAPI !! 437 tristate "CRC32c CRC algorithm"
>> 438 select CRYPTO_HASH
>> 439 select CRC32
>> 440 help
>> 441 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
>> 442 by iSCSI for header and data digests and by others.
>> 443 See Castagnoli93. Module will be crc32c.
>> 444
>> 445 config CRYPTO_CRC32C_INTEL
>> 446 tristate "CRC32c INTEL hardware acceleration"
>> 447 depends on X86
>> 448 select CRYPTO_HASH
>> 449 help
>> 450 In Intel processor with SSE4.2 supported, the processor will
>> 451 support CRC32C implementation using hardware accelerated CRC32
>> 452 instruction. This option will create 'crc32c-intel' module,
>> 453 which will enable any routine to use the CRC32 instruction to
>> 454 gain performance compared with software implementation.
>> 455 Module will be crc32c-intel.
>> 456
>> 457 config CRYPTO_CRC32C_VPMSUM
>> 458 tristate "CRC32c CRC algorithm (powerpc64)"
>> 459 depends on PPC64 && ALTIVEC
>> 460 select CRYPTO_HASH
>> 461 select CRC32
370 help 462 help
371 Anubis cipher algorithm !! 463 CRC32c algorithm implemented using vector polynomial multiply-sum
>> 464 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
>> 465 and newer processors for improved performance.
372 466
373 Anubis is a variable key length ciph <<
374 128 bits to 320 bits in length. It <<
375 in the NESSIE competition. <<
376 467
377 See https://web.archive.org/web/2016 !! 468 config CRYPTO_CRC32C_SPARC64
378 for further information. !! 469 tristate "CRC32c CRC algorithm (SPARC64)"
>> 470 depends on SPARC64
>> 471 select CRYPTO_HASH
>> 472 select CRC32
>> 473 help
>> 474 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
>> 475 when available.
379 476
380 config CRYPTO_ARIA !! 477 config CRYPTO_CRC32
381 tristate "ARIA" !! 478 tristate "CRC32 CRC algorithm"
382 select CRYPTO_ALGAPI !! 479 select CRYPTO_HASH
>> 480 select CRC32
383 help 481 help
384 ARIA cipher algorithm (RFC5794) !! 482 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
>> 483 Shash crypto api wrappers to crc32_le function.
385 484
386 ARIA is a standard encryption algori !! 485 config CRYPTO_CRC32_PCLMUL
387 The ARIA specifies three key sizes a !! 486 tristate "CRC32 PCLMULQDQ hardware acceleration"
388 128-bit: 12 rounds. !! 487 depends on X86
389 192-bit: 14 rounds. !! 488 select CRYPTO_HASH
390 256-bit: 16 rounds. !! 489 select CRC32
>> 490 help
>> 491 From Intel Westmere and AMD Bulldozer processor with SSE4.2
>> 492 and PCLMULQDQ supported, the processor will support
>> 493 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
>> 494 instruction. This option will create 'crc32-plcmul' module,
>> 495 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
>> 496 and gain better performance as compared with the table implementation.
391 497
392 See: !! 498 config CRYPTO_CRCT10DIF
393 https://seed.kisa.or.kr/kisa/algorit !! 499 tristate "CRCT10DIF algorithm"
>> 500 select CRYPTO_HASH
>> 501 help
>> 502 CRC T10 Data Integrity Field computation is being cast as
>> 503 a crypto transform. This allows for faster crc t10 diff
>> 504 transforms to be used if they are available.
394 505
395 config CRYPTO_BLOWFISH !! 506 config CRYPTO_CRCT10DIF_PCLMUL
396 tristate "Blowfish" !! 507 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
397 select CRYPTO_ALGAPI !! 508 depends on X86 && 64BIT && CRC_T10DIF
398 select CRYPTO_BLOWFISH_COMMON !! 509 select CRYPTO_HASH
399 help 510 help
400 Blowfish cipher algorithm, by Bruce !! 511 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
>> 512 CRC T10 DIF PCLMULQDQ computation can be hardware
>> 513 accelerated PCLMULQDQ instruction. This option will create
>> 514 'crct10dif-plcmul' module, which is faster when computing the
>> 515 crct10dif checksum as compared with the generic table implementation.
401 516
402 This is a variable key length cipher !! 517 config CRYPTO_CRCT10DIF_VPMSUM
403 bits to 448 bits in length. It's fa !! 518 tristate "CRC32T10DIF powerpc64 hardware acceleration"
404 designed for use on "large microproc !! 519 depends on PPC64 && ALTIVEC && CRC_T10DIF
>> 520 select CRYPTO_HASH
>> 521 help
>> 522 CRC10T10DIF algorithm implemented using vector polynomial
>> 523 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
>> 524 POWER8 and newer processors for improved performance.
405 525
406 See https://www.schneier.com/blowfis !! 526 config CRYPTO_VPMSUM_TESTER
>> 527 tristate "Powerpc64 vpmsum hardware acceleration tester"
>> 528 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
>> 529 help
>> 530 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
>> 531 POWER8 vpmsum instructions.
>> 532 Unless you are testing these algorithms, you don't need this.
407 533
408 config CRYPTO_BLOWFISH_COMMON !! 534 config CRYPTO_GHASH
409 tristate !! 535 tristate "GHASH digest algorithm"
>> 536 select CRYPTO_GF128MUL
>> 537 select CRYPTO_HASH
410 help 538 help
411 Common parts of the Blowfish cipher !! 539 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
412 generic c and the assembler implemen <<
413 540
414 config CRYPTO_CAMELLIA !! 541 config CRYPTO_POLY1305
415 tristate "Camellia" !! 542 tristate "Poly1305 authenticator algorithm"
416 select CRYPTO_ALGAPI !! 543 select CRYPTO_HASH
417 help 544 help
418 Camellia cipher algorithms (ISO/IEC !! 545 Poly1305 authenticator algorithm, RFC7539.
419 546
420 Camellia is a symmetric key block ci !! 547 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
421 at NTT and Mitsubishi Electric Corpo !! 548 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
>> 549 in IETF protocols. This is the portable C implementation of Poly1305.
422 550
423 The Camellia specifies three key siz !! 551 config CRYPTO_POLY1305_X86_64
>> 552 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
>> 553 depends on X86 && 64BIT
>> 554 select CRYPTO_POLY1305
>> 555 help
>> 556 Poly1305 authenticator algorithm, RFC7539.
424 557
425 See https://info.isl.ntt.co.jp/crypt !! 558 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
>> 559 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
>> 560 in IETF protocols. This is the x86_64 assembler implementation using SIMD
>> 561 instructions.
426 562
427 config CRYPTO_CAST_COMMON !! 563 config CRYPTO_MD4
428 tristate !! 564 tristate "MD4 digest algorithm"
>> 565 select CRYPTO_HASH
429 help 566 help
430 Common parts of the CAST cipher algo !! 567 MD4 message digest algorithm (RFC1320).
431 generic c and the assembler implemen <<
432 568
433 config CRYPTO_CAST5 !! 569 config CRYPTO_MD5
434 tristate "CAST5 (CAST-128)" !! 570 tristate "MD5 digest algorithm"
435 select CRYPTO_ALGAPI !! 571 select CRYPTO_HASH
436 select CRYPTO_CAST_COMMON <<
437 help 572 help
438 CAST5 (CAST-128) cipher algorithm (R !! 573 MD5 message digest algorithm (RFC1321).
439 574
440 config CRYPTO_CAST6 !! 575 config CRYPTO_MD5_OCTEON
441 tristate "CAST6 (CAST-256)" !! 576 tristate "MD5 digest algorithm (OCTEON)"
442 select CRYPTO_ALGAPI !! 577 depends on CPU_CAVIUM_OCTEON
443 select CRYPTO_CAST_COMMON !! 578 select CRYPTO_MD5
>> 579 select CRYPTO_HASH
444 help 580 help
445 CAST6 (CAST-256) encryption algorith !! 581 MD5 message digest algorithm (RFC1321) implemented
>> 582 using OCTEON crypto instructions, when available.
446 583
447 config CRYPTO_DES !! 584 config CRYPTO_MD5_PPC
448 tristate "DES and Triple DES EDE" !! 585 tristate "MD5 digest algorithm (PPC)"
449 select CRYPTO_ALGAPI !! 586 depends on PPC
450 select CRYPTO_LIB_DES !! 587 select CRYPTO_HASH
451 help 588 help
452 DES (Data Encryption Standard)(FIPS !! 589 MD5 message digest algorithm (RFC1321) implemented
453 Triple DES EDE (Encrypt/Decrypt/Encr !! 590 in PPC assembler.
454 cipher algorithms <<
455 591
456 config CRYPTO_FCRYPT !! 592 config CRYPTO_MD5_SPARC64
457 tristate "FCrypt" !! 593 tristate "MD5 digest algorithm (SPARC64)"
458 select CRYPTO_ALGAPI !! 594 depends on SPARC64
459 select CRYPTO_SKCIPHER !! 595 select CRYPTO_MD5
>> 596 select CRYPTO_HASH
460 help 597 help
461 FCrypt algorithm used by RxRPC !! 598 MD5 message digest algorithm (RFC1321) implemented
>> 599 using sparc64 crypto instructions, when available.
462 600
463 See https://ota.polyonymo.us/fcrypt- !! 601 config CRYPTO_MICHAEL_MIC
>> 602 tristate "Michael MIC keyed digest algorithm"
>> 603 select CRYPTO_HASH
>> 604 help
>> 605 Michael MIC is used for message integrity protection in TKIP
>> 606 (IEEE 802.11i). This algorithm is required for TKIP, but it
>> 607 should not be used for other purposes because of the weakness
>> 608 of the algorithm.
464 609
465 config CRYPTO_KHAZAD !! 610 config CRYPTO_RMD128
466 tristate "Khazad" !! 611 tristate "RIPEMD-128 digest algorithm"
467 depends on CRYPTO_USER_API_ENABLE_OBSO !! 612 select CRYPTO_HASH
468 select CRYPTO_ALGAPI <<
469 help 613 help
470 Khazad cipher algorithm !! 614 RIPEMD-128 (ISO/IEC 10118-3:2004).
471 615
472 Khazad was a finalist in the initial !! 616 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
473 an algorithm optimized for 64-bit pr !! 617 be used as a secure replacement for RIPEMD. For other use cases,
474 on 32-bit processors. Khazad uses a !! 618 RIPEMD-160 should be used.
475 619
476 See https://web.archive.org/web/2017 !! 620 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
477 for further information. !! 621 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
478 622
479 config CRYPTO_SEED !! 623 config CRYPTO_RMD160
480 tristate "SEED" !! 624 tristate "RIPEMD-160 digest algorithm"
481 depends on CRYPTO_USER_API_ENABLE_OBSO !! 625 select CRYPTO_HASH
482 select CRYPTO_ALGAPI <<
483 help 626 help
484 SEED cipher algorithm (RFC4269, ISO/ !! 627 RIPEMD-160 (ISO/IEC 10118-3:2004).
485 628
486 SEED is a 128-bit symmetric key bloc !! 629 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
487 developed by KISA (Korea Information !! 630 to be used as a secure replacement for the 128-bit hash functions
488 national standard encryption algorit !! 631 MD4, MD5 and it's predecessor RIPEMD
489 It is a 16 round block cipher with t !! 632 (not to be confused with RIPEMD-128).
>> 633
>> 634 It's speed is comparable to SHA1 and there are no known attacks
>> 635 against RIPEMD-160.
490 636
491 See https://seed.kisa.or.kr/kisa/alg !! 637 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
492 for further information. !! 638 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
493 639
494 config CRYPTO_SERPENT !! 640 config CRYPTO_RMD256
495 tristate "Serpent" !! 641 tristate "RIPEMD-256 digest algorithm"
496 select CRYPTO_ALGAPI !! 642 select CRYPTO_HASH
497 help 643 help
498 Serpent cipher algorithm, by Anderso !! 644 RIPEMD-256 is an optional extension of RIPEMD-128 with a
>> 645 256 bit hash. It is intended for applications that require
>> 646 longer hash-results, without needing a larger security level
>> 647 (than RIPEMD-128).
499 648
500 Keys are allowed to be from 0 to 256 !! 649 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
501 of 8 bits. !! 650 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
502 651
503 See https://www.cl.cam.ac.uk/~rja14/ !! 652 config CRYPTO_RMD320
>> 653 tristate "RIPEMD-320 digest algorithm"
>> 654 select CRYPTO_HASH
>> 655 help
>> 656 RIPEMD-320 is an optional extension of RIPEMD-160 with a
>> 657 320 bit hash. It is intended for applications that require
>> 658 longer hash-results, without needing a larger security level
>> 659 (than RIPEMD-160).
504 660
505 config CRYPTO_SM4 !! 661 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
506 tristate !! 662 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
507 663
508 config CRYPTO_SM4_GENERIC !! 664 config CRYPTO_SHA1
509 tristate "SM4 (ShangMi 4)" !! 665 tristate "SHA1 digest algorithm"
510 select CRYPTO_ALGAPI !! 666 select CRYPTO_HASH
511 select CRYPTO_SM4 !! 667 help
>> 668 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
>> 669
>> 670 config CRYPTO_SHA1_SSSE3
>> 671 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
>> 672 depends on X86 && 64BIT
>> 673 select CRYPTO_SHA1
>> 674 select CRYPTO_HASH
512 help 675 help
513 SM4 cipher algorithms (OSCCA GB/T 32 !! 676 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
514 ISO/IEC 18033-3:2010/Amd 1:2021) !! 677 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
>> 678 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
>> 679 when available.
515 680
516 SM4 (GBT.32907-2016) is a cryptograp !! 681 config CRYPTO_SHA256_SSSE3
517 Organization of State Commercial Adm !! 682 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
518 as an authorized cryptographic algor !! 683 depends on X86 && 64BIT
>> 684 select CRYPTO_SHA256
>> 685 select CRYPTO_HASH
>> 686 help
>> 687 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 688 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 689 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 690 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
>> 691 Instructions) when available.
>> 692
>> 693 config CRYPTO_SHA512_SSSE3
>> 694 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
>> 695 depends on X86 && 64BIT
>> 696 select CRYPTO_SHA512
>> 697 select CRYPTO_HASH
>> 698 help
>> 699 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 700 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 701 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 702 version 2 (AVX2) instructions, when available.
>> 703
>> 704 config CRYPTO_SHA1_OCTEON
>> 705 tristate "SHA1 digest algorithm (OCTEON)"
>> 706 depends on CPU_CAVIUM_OCTEON
>> 707 select CRYPTO_SHA1
>> 708 select CRYPTO_HASH
>> 709 help
>> 710 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 711 using OCTEON crypto instructions, when available.
>> 712
>> 713 config CRYPTO_SHA1_SPARC64
>> 714 tristate "SHA1 digest algorithm (SPARC64)"
>> 715 depends on SPARC64
>> 716 select CRYPTO_SHA1
>> 717 select CRYPTO_HASH
>> 718 help
>> 719 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 720 using sparc64 crypto instructions, when available.
>> 721
>> 722 config CRYPTO_SHA1_PPC
>> 723 tristate "SHA1 digest algorithm (powerpc)"
>> 724 depends on PPC
>> 725 help
>> 726 This is the powerpc hardware accelerated implementation of the
>> 727 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
>> 728
>> 729 config CRYPTO_SHA1_PPC_SPE
>> 730 tristate "SHA1 digest algorithm (PPC SPE)"
>> 731 depends on PPC && SPE
>> 732 help
>> 733 SHA-1 secure hash standard (DFIPS 180-4) implemented
>> 734 using powerpc SPE SIMD instruction set.
>> 735
>> 736 config CRYPTO_SHA1_MB
>> 737 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
>> 738 depends on X86 && 64BIT
>> 739 select CRYPTO_SHA1
>> 740 select CRYPTO_HASH
>> 741 select CRYPTO_MCRYPTD
>> 742 help
>> 743 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 744 using multi-buffer technique. This algorithm computes on
>> 745 multiple data lanes concurrently with SIMD instructions for
>> 746 better throughput. It should not be enabled by default but
>> 747 used when there is significant amount of work to keep the keep
>> 748 the data lanes filled to get performance benefit. If the data
>> 749 lanes remain unfilled, a flush operation will be initiated to
>> 750 process the crypto jobs, adding a slight latency.
>> 751
>> 752 config CRYPTO_SHA256_MB
>> 753 tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)"
>> 754 depends on X86 && 64BIT
>> 755 select CRYPTO_SHA256
>> 756 select CRYPTO_HASH
>> 757 select CRYPTO_MCRYPTD
>> 758 help
>> 759 SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 760 using multi-buffer technique. This algorithm computes on
>> 761 multiple data lanes concurrently with SIMD instructions for
>> 762 better throughput. It should not be enabled by default but
>> 763 used when there is significant amount of work to keep the keep
>> 764 the data lanes filled to get performance benefit. If the data
>> 765 lanes remain unfilled, a flush operation will be initiated to
>> 766 process the crypto jobs, adding a slight latency.
>> 767
>> 768 config CRYPTO_SHA512_MB
>> 769 tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)"
>> 770 depends on X86 && 64BIT
>> 771 select CRYPTO_SHA512
>> 772 select CRYPTO_HASH
>> 773 select CRYPTO_MCRYPTD
>> 774 help
>> 775 SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 776 using multi-buffer technique. This algorithm computes on
>> 777 multiple data lanes concurrently with SIMD instructions for
>> 778 better throughput. It should not be enabled by default but
>> 779 used when there is significant amount of work to keep the keep
>> 780 the data lanes filled to get performance benefit. If the data
>> 781 lanes remain unfilled, a flush operation will be initiated to
>> 782 process the crypto jobs, adding a slight latency.
>> 783
>> 784 config CRYPTO_SHA256
>> 785 tristate "SHA224 and SHA256 digest algorithm"
>> 786 select CRYPTO_HASH
>> 787 help
>> 788 SHA256 secure hash standard (DFIPS 180-2).
519 789
520 SMS4 was originally created for use !! 790 This version of SHA implements a 256 bit hash with 128 bits of
521 networks, and is mandated in the Chi !! 791 security against collision attacks.
522 Wireless LAN WAPI (Wired Authenticat <<
523 (GB.15629.11-2003). <<
524 792
525 The latest SM4 standard (GBT.32907-2 !! 793 This code also includes SHA-224, a 224 bit hash with 112 bits
526 standardized through TC 260 of the S !! 794 of security against collision attacks.
527 of the People's Republic of China (S <<
528 795
529 The input, output, and key of SMS4 a !! 796 config CRYPTO_SHA256_PPC_SPE
>> 797 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
>> 798 depends on PPC && SPE
>> 799 select CRYPTO_SHA256
>> 800 select CRYPTO_HASH
>> 801 help
>> 802 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
>> 803 implemented using powerpc SPE SIMD instruction set.
530 804
531 See https://eprint.iacr.org/2008/329 !! 805 config CRYPTO_SHA256_OCTEON
>> 806 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
>> 807 depends on CPU_CAVIUM_OCTEON
>> 808 select CRYPTO_SHA256
>> 809 select CRYPTO_HASH
>> 810 help
>> 811 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 812 using OCTEON crypto instructions, when available.
532 813
533 If unsure, say N. !! 814 config CRYPTO_SHA256_SPARC64
>> 815 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
>> 816 depends on SPARC64
>> 817 select CRYPTO_SHA256
>> 818 select CRYPTO_HASH
>> 819 help
>> 820 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 821 using sparc64 crypto instructions, when available.
534 822
535 config CRYPTO_TEA !! 823 config CRYPTO_SHA512
536 tristate "TEA, XTEA and XETA" !! 824 tristate "SHA384 and SHA512 digest algorithms"
537 depends on CRYPTO_USER_API_ENABLE_OBSO !! 825 select CRYPTO_HASH
538 select CRYPTO_ALGAPI <<
539 help 826 help
540 TEA (Tiny Encryption Algorithm) ciph !! 827 SHA512 secure hash standard (DFIPS 180-2).
541 828
542 Tiny Encryption Algorithm is a simpl !! 829 This version of SHA implements a 512 bit hash with 256 bits of
543 many rounds for security. It is ver !! 830 security against collision attacks.
544 little memory. <<
545 831
546 Xtendend Tiny Encryption Algorithm i !! 832 This code also includes SHA-384, a 384 bit hash with 192 bits
547 the TEA algorithm to address a poten !! 833 of security against collision attacks.
548 in the TEA algorithm. <<
549 834
550 Xtendend Encryption Tiny Algorithm i !! 835 config CRYPTO_SHA512_OCTEON
551 of the XTEA algorithm for compatibil !! 836 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
>> 837 depends on CPU_CAVIUM_OCTEON
>> 838 select CRYPTO_SHA512
>> 839 select CRYPTO_HASH
>> 840 help
>> 841 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 842 using OCTEON crypto instructions, when available.
552 843
553 config CRYPTO_TWOFISH !! 844 config CRYPTO_SHA512_SPARC64
554 tristate "Twofish" !! 845 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
555 select CRYPTO_ALGAPI !! 846 depends on SPARC64
556 select CRYPTO_TWOFISH_COMMON !! 847 select CRYPTO_SHA512
>> 848 select CRYPTO_HASH
557 help 849 help
558 Twofish cipher algorithm !! 850 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 851 using sparc64 crypto instructions, when available.
559 852
560 Twofish was submitted as an AES (Adv !! 853 config CRYPTO_SHA3
561 candidate cipher by researchers at C !! 854 tristate "SHA3 digest algorithm"
562 16 round block cipher supporting key !! 855 select CRYPTO_HASH
563 bits. !! 856 help
>> 857 SHA-3 secure hash standard (DFIPS 202). It's based on
>> 858 cryptographic sponge function family called Keccak.
564 859
565 See https://www.schneier.com/twofish !! 860 References:
>> 861 http://keccak.noekeon.org/
566 862
567 config CRYPTO_TWOFISH_COMMON !! 863 config CRYPTO_TGR192
568 tristate !! 864 tristate "Tiger digest algorithms"
>> 865 select CRYPTO_HASH
569 help 866 help
570 Common parts of the Twofish cipher a !! 867 Tiger hash algorithm 192, 160 and 128-bit hashes
571 generic c and the assembler implemen <<
572 868
573 endmenu !! 869 Tiger is a hash function optimized for 64-bit processors while
>> 870 still having decent performance on 32-bit processors.
>> 871 Tiger was developed by Ross Anderson and Eli Biham.
574 872
575 menu "Length-preserving ciphers and modes" !! 873 See also:
>> 874 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
576 875
577 config CRYPTO_ADIANTUM !! 876 config CRYPTO_WP512
578 tristate "Adiantum" !! 877 tristate "Whirlpool digest algorithms"
579 select CRYPTO_CHACHA20 !! 878 select CRYPTO_HASH
580 select CRYPTO_LIB_POLY1305_GENERIC <<
581 select CRYPTO_NHPOLY1305 <<
582 select CRYPTO_MANAGER <<
583 help 879 help
584 Adiantum tweakable, length-preservin !! 880 Whirlpool hash algorithm 512, 384 and 256-bit hashes
585 881
586 Designed for fast and secure disk en !! 882 Whirlpool-512 is part of the NESSIE cryptographic primitives.
587 CPUs without dedicated crypto instru !! 883 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
588 each sector using the XChaCha12 stre <<
589 an ε-almost-∆-universal hash func <<
590 the AES-256 block cipher on a single <<
591 without AES instructions, Adiantum i <<
592 AES-XTS. <<
593 <<
594 Adiantum's security is provably redu <<
595 underlying stream and block ciphers, <<
596 bound. Unlike XTS, Adiantum is a tr <<
597 mode, so it actually provides an eve <<
598 security than XTS, subject to the se <<
599 884
600 If unsure, say N. !! 885 See also:
>> 886 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
601 887
602 config CRYPTO_ARC4 !! 888 config CRYPTO_GHASH_CLMUL_NI_INTEL
603 tristate "ARC4 (Alleged Rivest Cipher !! 889 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
604 depends on CRYPTO_USER_API_ENABLE_OBSO !! 890 depends on X86 && 64BIT
605 select CRYPTO_SKCIPHER !! 891 select CRYPTO_CRYPTD
606 select CRYPTO_LIB_ARC4 <<
607 help 892 help
608 ARC4 cipher algorithm !! 893 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
>> 894 The implementation is accelerated by CLMUL-NI of Intel.
609 895
610 ARC4 is a stream cipher using keys r !! 896 comment "Ciphers"
611 bits in length. This algorithm is r <<
612 WEP, but it should not be for other <<
613 weakness of the algorithm. <<
614 897
615 config CRYPTO_CHACHA20 !! 898 config CRYPTO_AES
616 tristate "ChaCha" !! 899 tristate "AES cipher algorithms"
617 select CRYPTO_LIB_CHACHA_GENERIC !! 900 select CRYPTO_ALGAPI
618 select CRYPTO_SKCIPHER <<
619 help 901 help
620 The ChaCha20, XChaCha20, and XChaCha !! 902 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 903 algorithm.
621 904
622 ChaCha20 is a 256-bit high-speed str !! 905 Rijndael appears to be consistently a very good performer in
623 Bernstein and further specified in R !! 906 both hardware and software across a wide range of computing
624 This is the portable C implementatio !! 907 environments regardless of its use in feedback or non-feedback
625 https://cr.yp.to/chacha/chacha-20080 !! 908 modes. Its key setup time is excellent, and its key agility is
>> 909 good. Rijndael's very low memory requirements make it very well
>> 910 suited for restricted-space environments, in which it also
>> 911 demonstrates excellent performance. Rijndael's operations are
>> 912 among the easiest to defend against power and timing attacks.
626 913
627 XChaCha20 is the application of the !! 914 The AES specifies three key sizes: 128, 192 and 256 bits
628 rather than to Salsa20. XChaCha20 e <<
629 from 64 bits (or 96 bits using the R <<
630 while provably retaining ChaCha20's <<
631 https://cr.yp.to/snuffle/xsalsa-2008 <<
632 <<
633 XChaCha12 is XChaCha20 reduced to 12 <<
634 reduced security margin but increase <<
635 in some performance-sensitive scenar <<
636 915
637 config CRYPTO_CBC !! 916 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
638 tristate "CBC (Cipher Block Chaining)" !! 917
639 select CRYPTO_SKCIPHER !! 918 config CRYPTO_AES_TI
640 select CRYPTO_MANAGER !! 919 tristate "Fixed time AES cipher"
>> 920 select CRYPTO_ALGAPI
641 help 921 help
642 CBC (Cipher Block Chaining) mode (NI !! 922 This is a generic implementation of AES that attempts to eliminate
>> 923 data dependent latencies as much as possible without affecting
>> 924 performance too much. It is intended for use by the generic CCM
>> 925 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
>> 926 solely on encryption (although decryption is supported as well, but
>> 927 with a more dramatic performance hit)
643 928
644 This block cipher mode is required f !! 929 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
>> 930 8 for decryption), this implementation only uses just two S-boxes of
>> 931 256 bytes each, and attempts to eliminate data dependent latencies by
>> 932 prefetching the entire table into the cache at the start of each
>> 933 block. Interrupts are also disabled to avoid races where cachelines
>> 934 are evicted when the CPU is interrupted to do something else.
645 935
646 config CRYPTO_CTR !! 936 config CRYPTO_AES_586
647 tristate "CTR (Counter)" !! 937 tristate "AES cipher algorithms (i586)"
648 select CRYPTO_SKCIPHER !! 938 depends on (X86 || UML_X86) && !64BIT
649 select CRYPTO_MANAGER !! 939 select CRYPTO_ALGAPI
>> 940 select CRYPTO_AES
650 help 941 help
651 CTR (Counter) mode (NIST SP800-38A) !! 942 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 943 algorithm.
652 944
653 config CRYPTO_CTS !! 945 Rijndael appears to be consistently a very good performer in
654 tristate "CTS (Cipher Text Stealing)" !! 946 both hardware and software across a wide range of computing
655 select CRYPTO_SKCIPHER !! 947 environments regardless of its use in feedback or non-feedback
656 select CRYPTO_MANAGER !! 948 modes. Its key setup time is excellent, and its key agility is
657 help !! 949 good. Rijndael's very low memory requirements make it very well
658 CBC-CS3 variant of CTS (Cipher Text !! 950 suited for restricted-space environments, in which it also
659 Addendum to SP800-38A (October 2010) !! 951 demonstrates excellent performance. Rijndael's operations are
>> 952 among the easiest to defend against power and timing attacks.
660 953
661 This mode is required for Kerberos g !! 954 The AES specifies three key sizes: 128, 192 and 256 bits
662 for AES encryption. <<
663 955
664 config CRYPTO_ECB !! 956 See <http://csrc.nist.gov/encryption/aes/> for more information.
665 tristate "ECB (Electronic Codebook)" <<
666 select CRYPTO_SKCIPHER2 <<
667 select CRYPTO_MANAGER <<
668 help <<
669 ECB (Electronic Codebook) mode (NIST <<
670 957
671 config CRYPTO_HCTR2 !! 958 config CRYPTO_AES_X86_64
672 tristate "HCTR2" !! 959 tristate "AES cipher algorithms (x86_64)"
673 select CRYPTO_XCTR !! 960 depends on (X86 || UML_X86) && 64BIT
674 select CRYPTO_POLYVAL !! 961 select CRYPTO_ALGAPI
675 select CRYPTO_MANAGER !! 962 select CRYPTO_AES
676 help 963 help
677 HCTR2 length-preserving encryption m !! 964 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 965 algorithm.
678 966
679 A mode for storage encryption that i !! 967 Rijndael appears to be consistently a very good performer in
680 instructions to accelerate AES and c !! 968 both hardware and software across a wide range of computing
681 x86 processors with AES-NI and CLMUL !! 969 environments regardless of its use in feedback or non-feedback
682 ARMv8 crypto extensions. !! 970 modes. Its key setup time is excellent, and its key agility is
>> 971 good. Rijndael's very low memory requirements make it very well
>> 972 suited for restricted-space environments, in which it also
>> 973 demonstrates excellent performance. Rijndael's operations are
>> 974 among the easiest to defend against power and timing attacks.
683 975
684 See https://eprint.iacr.org/2021/144 !! 976 The AES specifies three key sizes: 128, 192 and 256 bits
685 977
686 config CRYPTO_KEYWRAP !! 978 See <http://csrc.nist.gov/encryption/aes/> for more information.
687 tristate "KW (AES Key Wrap)" <<
688 select CRYPTO_SKCIPHER <<
689 select CRYPTO_MANAGER <<
690 help <<
691 KW (AES Key Wrap) authenticated encr <<
692 and RFC3394) without padding. <<
693 979
694 config CRYPTO_LRW !! 980 config CRYPTO_AES_NI_INTEL
695 tristate "LRW (Liskov Rivest Wagner)" !! 981 tristate "AES cipher algorithms (AES-NI)"
696 select CRYPTO_LIB_GF128MUL !! 982 depends on X86
697 select CRYPTO_SKCIPHER !! 983 select CRYPTO_AEAD
698 select CRYPTO_MANAGER !! 984 select CRYPTO_AES_X86_64 if 64BIT
699 select CRYPTO_ECB !! 985 select CRYPTO_AES_586 if !64BIT
>> 986 select CRYPTO_ALGAPI
>> 987 select CRYPTO_BLKCIPHER
>> 988 select CRYPTO_GLUE_HELPER_X86 if 64BIT
>> 989 select CRYPTO_SIMD
700 help 990 help
701 LRW (Liskov Rivest Wagner) mode !! 991 Use Intel AES-NI instructions for AES algorithm.
702 992
703 A tweakable, non malleable, non mova !! 993 AES cipher algorithms (FIPS-197). AES uses the Rijndael
704 narrow block cipher mode for dm-cryp !! 994 algorithm.
705 specification string aes-lrw-benbi, <<
706 The first 128, 192 or 256 bits in th <<
707 rest is used to tie each cipher bloc <<
708 995
709 See https://people.csail.mit.edu/riv !! 996 Rijndael appears to be consistently a very good performer in
>> 997 both hardware and software across a wide range of computing
>> 998 environments regardless of its use in feedback or non-feedback
>> 999 modes. Its key setup time is excellent, and its key agility is
>> 1000 good. Rijndael's very low memory requirements make it very well
>> 1001 suited for restricted-space environments, in which it also
>> 1002 demonstrates excellent performance. Rijndael's operations are
>> 1003 among the easiest to defend against power and timing attacks.
710 1004
711 config CRYPTO_PCBC !! 1005 The AES specifies three key sizes: 128, 192 and 256 bits
712 tristate "PCBC (Propagating Cipher Blo <<
713 select CRYPTO_SKCIPHER <<
714 select CRYPTO_MANAGER <<
715 help <<
716 PCBC (Propagating Cipher Block Chain <<
717 1006
718 This block cipher mode is required f !! 1007 See <http://csrc.nist.gov/encryption/aes/> for more information.
719 1008
720 config CRYPTO_XCTR !! 1009 In addition to AES cipher algorithm support, the acceleration
721 tristate !! 1010 for some popular block cipher mode is supported too, including
722 select CRYPTO_SKCIPHER !! 1011 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
723 select CRYPTO_MANAGER !! 1012 acceleration for CTR.
>> 1013
>> 1014 config CRYPTO_AES_SPARC64
>> 1015 tristate "AES cipher algorithms (SPARC64)"
>> 1016 depends on SPARC64
>> 1017 select CRYPTO_CRYPTD
>> 1018 select CRYPTO_ALGAPI
724 help 1019 help
725 XCTR (XOR Counter) mode for HCTR2 !! 1020 Use SPARC64 crypto opcodes for AES algorithm.
726 1021
727 This blockcipher mode is a variant o !! 1022 AES cipher algorithms (FIPS-197). AES uses the Rijndael
728 addition rather than big-endian arit !! 1023 algorithm.
729 1024
730 XCTR mode is used to implement HCTR2 !! 1025 Rijndael appears to be consistently a very good performer in
>> 1026 both hardware and software across a wide range of computing
>> 1027 environments regardless of its use in feedback or non-feedback
>> 1028 modes. Its key setup time is excellent, and its key agility is
>> 1029 good. Rijndael's very low memory requirements make it very well
>> 1030 suited for restricted-space environments, in which it also
>> 1031 demonstrates excellent performance. Rijndael's operations are
>> 1032 among the easiest to defend against power and timing attacks.
731 1033
732 config CRYPTO_XTS !! 1034 The AES specifies three key sizes: 128, 192 and 256 bits
733 tristate "XTS (XOR Encrypt XOR with ci <<
734 select CRYPTO_SKCIPHER <<
735 select CRYPTO_MANAGER <<
736 select CRYPTO_ECB <<
737 help <<
738 XTS (XOR Encrypt XOR with ciphertext <<
739 and IEEE 1619) <<
740 1035
741 Use with aes-xts-plain, key size 256 !! 1036 See <http://csrc.nist.gov/encryption/aes/> for more information.
742 implementation currently can't handl <<
743 multiple of 16 bytes. <<
744 1037
745 config CRYPTO_NHPOLY1305 !! 1038 In addition to AES cipher algorithm support, the acceleration
746 tristate !! 1039 for some popular block cipher mode is supported too, including
747 select CRYPTO_HASH !! 1040 ECB and CBC.
748 select CRYPTO_LIB_POLY1305_GENERIC !! 1041
>> 1042 config CRYPTO_AES_PPC_SPE
>> 1043 tristate "AES cipher algorithms (PPC SPE)"
>> 1044 depends on PPC && SPE
>> 1045 help
>> 1046 AES cipher algorithms (FIPS-197). Additionally the acceleration
>> 1047 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
>> 1048 This module should only be used for low power (router) devices
>> 1049 without hardware AES acceleration (e.g. caam crypto). It reduces the
>> 1050 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
>> 1051 timining attacks. Nevertheless it might be not as secure as other
>> 1052 architecture specific assembler implementations that work on 1KB
>> 1053 tables or 256 bytes S-boxes.
749 1054
750 endmenu !! 1055 config CRYPTO_ANUBIS
>> 1056 tristate "Anubis cipher algorithm"
>> 1057 select CRYPTO_ALGAPI
>> 1058 help
>> 1059 Anubis cipher algorithm.
751 1060
752 menu "AEAD (authenticated encryption with asso !! 1061 Anubis is a variable key length cipher which can use keys from
>> 1062 128 bits to 320 bits in length. It was evaluated as a entrant
>> 1063 in the NESSIE competition.
753 1064
754 config CRYPTO_AEGIS128 !! 1065 See also:
755 tristate "AEGIS-128" !! 1066 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
756 select CRYPTO_AEAD !! 1067 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
757 select CRYPTO_AES # for AES S-box tab <<
758 help <<
759 AEGIS-128 AEAD algorithm <<
760 1068
761 config CRYPTO_AEGIS128_SIMD !! 1069 config CRYPTO_ARC4
762 bool "AEGIS-128 (arm NEON, arm64 NEON) !! 1070 tristate "ARC4 cipher algorithm"
763 depends on CRYPTO_AEGIS128 && ((ARM || !! 1071 select CRYPTO_BLKCIPHER
764 default y <<
765 help 1072 help
766 AEGIS-128 AEAD algorithm !! 1073 ARC4 cipher algorithm.
767 1074
768 Architecture: arm or arm64 using: !! 1075 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
769 - NEON (Advanced SIMD) extension !! 1076 bits in length. This algorithm is required for driver-based
>> 1077 WEP, but it should not be for other purposes because of the
>> 1078 weakness of the algorithm.
770 1079
771 config CRYPTO_CHACHA20POLY1305 !! 1080 config CRYPTO_BLOWFISH
772 tristate "ChaCha20-Poly1305" !! 1081 tristate "Blowfish cipher algorithm"
773 select CRYPTO_CHACHA20 !! 1082 select CRYPTO_ALGAPI
774 select CRYPTO_POLY1305 !! 1083 select CRYPTO_BLOWFISH_COMMON
775 select CRYPTO_AEAD <<
776 select CRYPTO_MANAGER <<
777 help 1084 help
778 ChaCha20 stream cipher and Poly1305 !! 1085 Blowfish cipher algorithm, by Bruce Schneier.
779 mode (RFC8439) <<
780 1086
781 config CRYPTO_CCM !! 1087 This is a variable key length cipher which can use keys from 32
782 tristate "CCM (Counter with Cipher Blo !! 1088 bits to 448 bits in length. It's fast, simple and specifically
783 select CRYPTO_CTR !! 1089 designed for use on "large microprocessors".
784 select CRYPTO_HASH !! 1090
785 select CRYPTO_AEAD !! 1091 See also:
786 select CRYPTO_MANAGER !! 1092 <http://www.schneier.com/blowfish.html>
>> 1093
>> 1094 config CRYPTO_BLOWFISH_COMMON
>> 1095 tristate
787 help 1096 help
788 CCM (Counter with Cipher Block Chain !! 1097 Common parts of the Blowfish cipher algorithm shared by the
789 authenticated encryption mode (NIST !! 1098 generic c and the assembler implementations.
790 1099
791 config CRYPTO_GCM !! 1100 See also:
792 tristate "GCM (Galois/Counter Mode) an !! 1101 <http://www.schneier.com/blowfish.html>
793 select CRYPTO_CTR !! 1102
794 select CRYPTO_AEAD !! 1103 config CRYPTO_BLOWFISH_X86_64
795 select CRYPTO_GHASH !! 1104 tristate "Blowfish cipher algorithm (x86_64)"
796 select CRYPTO_NULL !! 1105 depends on X86 && 64BIT
797 select CRYPTO_MANAGER !! 1106 select CRYPTO_ALGAPI
>> 1107 select CRYPTO_BLOWFISH_COMMON
798 help 1108 help
799 GCM (Galois/Counter Mode) authentica !! 1109 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
800 (GCM Message Authentication Code) (N <<
801 1110
802 This is required for IPSec ESP (XFRM !! 1111 This is a variable key length cipher which can use keys from 32
>> 1112 bits to 448 bits in length. It's fast, simple and specifically
>> 1113 designed for use on "large microprocessors".
803 1114
804 config CRYPTO_GENIV !! 1115 See also:
805 tristate !! 1116 <http://www.schneier.com/blowfish.html>
806 select CRYPTO_AEAD <<
807 select CRYPTO_NULL <<
808 select CRYPTO_MANAGER <<
809 select CRYPTO_RNG_DEFAULT <<
810 1117
811 config CRYPTO_SEQIV !! 1118 config CRYPTO_CAMELLIA
812 tristate "Sequence Number IV Generator !! 1119 tristate "Camellia cipher algorithms"
813 select CRYPTO_GENIV !! 1120 depends on CRYPTO
>> 1121 select CRYPTO_ALGAPI
814 help 1122 help
815 Sequence Number IV generator !! 1123 Camellia cipher algorithms module.
816 1124
817 This IV generator generates an IV ba !! 1125 Camellia is a symmetric key block cipher developed jointly
818 xoring it with a salt. This algorit !! 1126 at NTT and Mitsubishi Electric Corporation.
819 1127
820 This is required for IPsec ESP (XFRM !! 1128 The Camellia specifies three key sizes: 128, 192 and 256 bits.
821 1129
822 config CRYPTO_ECHAINIV !! 1130 See also:
823 tristate "Encrypted Chain IV Generator !! 1131 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
824 select CRYPTO_GENIV !! 1132
>> 1133 config CRYPTO_CAMELLIA_X86_64
>> 1134 tristate "Camellia cipher algorithm (x86_64)"
>> 1135 depends on X86 && 64BIT
>> 1136 depends on CRYPTO
>> 1137 select CRYPTO_ALGAPI
>> 1138 select CRYPTO_GLUE_HELPER_X86
>> 1139 select CRYPTO_LRW
>> 1140 select CRYPTO_XTS
825 help 1141 help
826 Encrypted Chain IV generator !! 1142 Camellia cipher algorithm module (x86_64).
827 1143
828 This IV generator generates an IV ba !! 1144 Camellia is a symmetric key block cipher developed jointly
829 a sequence number xored with a salt. !! 1145 at NTT and Mitsubishi Electric Corporation.
830 algorithm for CBC. !! 1146
>> 1147 The Camellia specifies three key sizes: 128, 192 and 256 bits.
831 1148
832 config CRYPTO_ESSIV !! 1149 See also:
833 tristate "Encrypted Salt-Sector IV Gen !! 1150 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
834 select CRYPTO_AUTHENC !! 1151
>> 1152 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1153 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
>> 1154 depends on X86 && 64BIT
>> 1155 depends on CRYPTO
>> 1156 select CRYPTO_ALGAPI
>> 1157 select CRYPTO_CRYPTD
>> 1158 select CRYPTO_ABLK_HELPER
>> 1159 select CRYPTO_GLUE_HELPER_X86
>> 1160 select CRYPTO_CAMELLIA_X86_64
>> 1161 select CRYPTO_LRW
>> 1162 select CRYPTO_XTS
835 help 1163 help
836 Encrypted Salt-Sector IV generator !! 1164 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
837 1165
838 This IV generator is used in some ca !! 1166 Camellia is a symmetric key block cipher developed jointly
839 dm-crypt. It uses the hash of the bl !! 1167 at NTT and Mitsubishi Electric Corporation.
840 symmetric key for a block encryption !! 1168
841 IV, making low entropy IV sources mo !! 1169 The Camellia specifies three key sizes: 128, 192 and 256 bits.
842 encryption. !! 1170
>> 1171 See also:
>> 1172 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
843 1173
844 This driver implements a crypto API !! 1174 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
845 instantiated either as an skcipher o !! 1175 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
846 type of the first template argument) !! 1176 depends on X86 && 64BIT
847 and decryption requests to the encap !! 1177 depends on CRYPTO
848 ESSIV to the input IV. Note that in !! 1178 select CRYPTO_ALGAPI
849 that the keys are presented in the s !! 1179 select CRYPTO_CRYPTD
850 template, and that the IV appears at !! 1180 select CRYPTO_ABLK_HELPER
851 associated data (AAD) region (which !! 1181 select CRYPTO_GLUE_HELPER_X86
>> 1182 select CRYPTO_CAMELLIA_X86_64
>> 1183 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1184 select CRYPTO_LRW
>> 1185 select CRYPTO_XTS
>> 1186 help
>> 1187 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
852 1188
853 Note that the use of ESSIV is not re !! 1189 Camellia is a symmetric key block cipher developed jointly
854 and so this only needs to be enabled !! 1190 at NTT and Mitsubishi Electric Corporation.
855 existing encrypted volumes of filesy <<
856 building for a particular system tha <<
857 the SoC in question has accelerated <<
858 combined with ESSIV the only feasibl <<
859 block encryption) <<
860 1191
861 endmenu !! 1192 The Camellia specifies three key sizes: 128, 192 and 256 bits.
862 1193
863 menu "Hashes, digests, and MACs" !! 1194 See also:
>> 1195 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
864 1196
865 config CRYPTO_BLAKE2B !! 1197 config CRYPTO_CAMELLIA_SPARC64
866 tristate "BLAKE2b" !! 1198 tristate "Camellia cipher algorithm (SPARC64)"
867 select CRYPTO_HASH !! 1199 depends on SPARC64
>> 1200 depends on CRYPTO
>> 1201 select CRYPTO_ALGAPI
868 help 1202 help
869 BLAKE2b cryptographic hash function !! 1203 Camellia cipher algorithm module (SPARC64).
870 1204
871 BLAKE2b is optimized for 64-bit plat !! 1205 Camellia is a symmetric key block cipher developed jointly
872 of any size between 1 and 64 bytes. !! 1206 at NTT and Mitsubishi Electric Corporation.
873 1207
874 This module provides the following a !! 1208 The Camellia specifies three key sizes: 128, 192 and 256 bits.
875 - blake2b-160 <<
876 - blake2b-256 <<
877 - blake2b-384 <<
878 - blake2b-512 <<
879 1209
880 Used by the btrfs filesystem. !! 1210 See also:
>> 1211 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
881 1212
882 See https://blake2.net for further i !! 1213 config CRYPTO_CAST_COMMON
>> 1214 tristate
>> 1215 help
>> 1216 Common parts of the CAST cipher algorithms shared by the
>> 1217 generic c and the assembler implementations.
883 1218
884 config CRYPTO_CMAC !! 1219 config CRYPTO_CAST5
885 tristate "CMAC (Cipher-based MAC)" !! 1220 tristate "CAST5 (CAST-128) cipher algorithm"
886 select CRYPTO_HASH !! 1221 select CRYPTO_ALGAPI
887 select CRYPTO_MANAGER !! 1222 select CRYPTO_CAST_COMMON
888 help 1223 help
889 CMAC (Cipher-based Message Authentic !! 1224 The CAST5 encryption algorithm (synonymous with CAST-128) is
890 mode (NIST SP800-38B and IETF RFC449 !! 1225 described in RFC2144.
891 1226
892 config CRYPTO_GHASH !! 1227 config CRYPTO_CAST5_AVX_X86_64
893 tristate "GHASH" !! 1228 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
894 select CRYPTO_HASH !! 1229 depends on X86 && 64BIT
895 select CRYPTO_LIB_GF128MUL !! 1230 select CRYPTO_ALGAPI
>> 1231 select CRYPTO_CRYPTD
>> 1232 select CRYPTO_ABLK_HELPER
>> 1233 select CRYPTO_CAST_COMMON
>> 1234 select CRYPTO_CAST5
896 help 1235 help
897 GCM GHASH function (NIST SP800-38D) !! 1236 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1237 described in RFC2144.
898 1238
899 config CRYPTO_HMAC !! 1239 This module provides the Cast5 cipher algorithm that processes
900 tristate "HMAC (Keyed-Hash MAC)" !! 1240 sixteen blocks parallel using the AVX instruction set.
901 select CRYPTO_HASH !! 1241
902 select CRYPTO_MANAGER !! 1242 config CRYPTO_CAST6
>> 1243 tristate "CAST6 (CAST-256) cipher algorithm"
>> 1244 select CRYPTO_ALGAPI
>> 1245 select CRYPTO_CAST_COMMON
>> 1246 help
>> 1247 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1248 described in RFC2612.
>> 1249
>> 1250 config CRYPTO_CAST6_AVX_X86_64
>> 1251 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
>> 1252 depends on X86 && 64BIT
>> 1253 select CRYPTO_ALGAPI
>> 1254 select CRYPTO_CRYPTD
>> 1255 select CRYPTO_ABLK_HELPER
>> 1256 select CRYPTO_GLUE_HELPER_X86
>> 1257 select CRYPTO_CAST_COMMON
>> 1258 select CRYPTO_CAST6
>> 1259 select CRYPTO_LRW
>> 1260 select CRYPTO_XTS
903 help 1261 help
904 HMAC (Keyed-Hash Message Authenticat !! 1262 The CAST6 encryption algorithm (synonymous with CAST-256) is
905 RFC2104) !! 1263 described in RFC2612.
906 1264
907 This is required for IPsec AH (XFRM_ !! 1265 This module provides the Cast6 cipher algorithm that processes
>> 1266 eight blocks parallel using the AVX instruction set.
908 1267
909 config CRYPTO_MD4 !! 1268 config CRYPTO_DES
910 tristate "MD4" !! 1269 tristate "DES and Triple DES EDE cipher algorithms"
911 select CRYPTO_HASH !! 1270 select CRYPTO_ALGAPI
912 help 1271 help
913 MD4 message digest algorithm (RFC132 !! 1272 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
914 1273
915 config CRYPTO_MD5 !! 1274 config CRYPTO_DES_SPARC64
916 tristate "MD5" !! 1275 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
917 select CRYPTO_HASH !! 1276 depends on SPARC64
>> 1277 select CRYPTO_ALGAPI
>> 1278 select CRYPTO_DES
918 help 1279 help
919 MD5 message digest algorithm (RFC132 !! 1280 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
>> 1281 optimized using SPARC64 crypto opcodes.
920 1282
921 config CRYPTO_MICHAEL_MIC !! 1283 config CRYPTO_DES3_EDE_X86_64
922 tristate "Michael MIC" !! 1284 tristate "Triple DES EDE cipher algorithm (x86-64)"
923 select CRYPTO_HASH !! 1285 depends on X86 && 64BIT
>> 1286 select CRYPTO_ALGAPI
>> 1287 select CRYPTO_DES
924 help 1288 help
925 Michael MIC (Message Integrity Code) !! 1289 Triple DES EDE (FIPS 46-3) algorithm.
926 1290
927 Defined by the IEEE 802.11i TKIP (Te !! 1291 This module provides implementation of the Triple DES EDE cipher
928 known as WPA (Wif-Fi Protected Acces !! 1292 algorithm that is optimized for x86-64 processors. Two versions of
>> 1293 algorithm are provided; regular processing one input block and
>> 1294 one that processes three blocks parallel.
929 1295
930 This algorithm is required for TKIP, !! 1296 config CRYPTO_FCRYPT
931 other purposes because of the weakne !! 1297 tristate "FCrypt cipher algorithm"
>> 1298 select CRYPTO_ALGAPI
>> 1299 select CRYPTO_BLKCIPHER
>> 1300 help
>> 1301 FCrypt algorithm used by RxRPC.
932 1302
933 config CRYPTO_POLYVAL !! 1303 config CRYPTO_KHAZAD
934 tristate !! 1304 tristate "Khazad cipher algorithm"
935 select CRYPTO_HASH !! 1305 select CRYPTO_ALGAPI
936 select CRYPTO_LIB_GF128MUL <<
937 help 1306 help
938 POLYVAL hash function for HCTR2 !! 1307 Khazad cipher algorithm.
939 1308
940 This is used in HCTR2. It is not a !! 1309 Khazad was a finalist in the initial NESSIE competition. It is
941 cryptographic hash function. !! 1310 an algorithm optimized for 64-bit processors with good performance
>> 1311 on 32-bit processors. Khazad uses an 128 bit key size.
942 1312
943 config CRYPTO_POLY1305 !! 1313 See also:
944 tristate "Poly1305" !! 1314 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
945 select CRYPTO_HASH !! 1315
946 select CRYPTO_LIB_POLY1305_GENERIC !! 1316 config CRYPTO_SALSA20
>> 1317 tristate "Salsa20 stream cipher algorithm"
>> 1318 select CRYPTO_BLKCIPHER
947 help 1319 help
948 Poly1305 authenticator algorithm (RF !! 1320 Salsa20 stream cipher algorithm.
949 1321
950 Poly1305 is an authenticator algorit !! 1322 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
951 It is used for the ChaCha20-Poly1305 !! 1323 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
952 in IETF protocols. This is the porta <<
953 1324
954 config CRYPTO_RMD160 !! 1325 The Salsa20 stream cipher algorithm is designed by Daniel J.
955 tristate "RIPEMD-160" !! 1326 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
956 select CRYPTO_HASH <<
957 help <<
958 RIPEMD-160 hash function (ISO/IEC 10 <<
959 1327
960 RIPEMD-160 is a 160-bit cryptographi !! 1328 config CRYPTO_CHACHA20
961 to be used as a secure replacement f !! 1329 tristate "ChaCha20 cipher algorithm"
962 MD4, MD5 and its predecessor RIPEMD !! 1330 select CRYPTO_BLKCIPHER
963 (not to be confused with RIPEMD-128) !! 1331 help
>> 1332 ChaCha20 cipher algorithm, RFC7539.
964 1333
965 Its speed is comparable to SHA-1 and !! 1334 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
966 against RIPEMD-160. !! 1335 Bernstein and further specified in RFC7539 for use in IETF protocols.
>> 1336 This is the portable C implementation of ChaCha20.
967 1337
968 Developed by Hans Dobbertin, Antoon !! 1338 See also:
969 See https://homes.esat.kuleuven.be/~ !! 1339 <http://cr.yp.to/chacha/chacha-20080128.pdf>
970 for further information. <<
971 1340
972 config CRYPTO_SHA1 !! 1341 config CRYPTO_CHACHA20_X86_64
973 tristate "SHA-1" !! 1342 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
974 select CRYPTO_HASH !! 1343 depends on X86 && 64BIT
975 select CRYPTO_LIB_SHA1 !! 1344 select CRYPTO_BLKCIPHER
>> 1345 select CRYPTO_CHACHA20
976 help 1346 help
977 SHA-1 secure hash algorithm (FIPS 18 !! 1347 ChaCha20 cipher algorithm, RFC7539.
978 1348
979 config CRYPTO_SHA256 !! 1349 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
980 tristate "SHA-224 and SHA-256" !! 1350 Bernstein and further specified in RFC7539 for use in IETF protocols.
981 select CRYPTO_HASH !! 1351 This is the x86_64 assembler implementation using SIMD instructions.
982 select CRYPTO_LIB_SHA256 <<
983 help <<
984 SHA-224 and SHA-256 secure hash algo <<
985 1352
986 This is required for IPsec AH (XFRM_ !! 1353 See also:
987 Used by the btrfs filesystem, Ceph, !! 1354 <http://cr.yp.to/chacha/chacha-20080128.pdf>
988 1355
989 config CRYPTO_SHA512 !! 1356 config CRYPTO_SEED
990 tristate "SHA-384 and SHA-512" !! 1357 tristate "SEED cipher algorithm"
991 select CRYPTO_HASH !! 1358 select CRYPTO_ALGAPI
992 help 1359 help
993 SHA-384 and SHA-512 secure hash algo !! 1360 SEED cipher algorithm (RFC4269).
994 1361
995 config CRYPTO_SHA3 !! 1362 SEED is a 128-bit symmetric key block cipher that has been
996 tristate "SHA-3" !! 1363 developed by KISA (Korea Information Security Agency) as a
997 select CRYPTO_HASH !! 1364 national standard encryption algorithm of the Republic of Korea.
998 help !! 1365 It is a 16 round block cipher with the key size of 128 bit.
999 SHA-3 secure hash algorithms (FIPS 2 <<
1000 1366
1001 config CRYPTO_SM3 !! 1367 See also:
1002 tristate !! 1368 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1003 1369
1004 config CRYPTO_SM3_GENERIC !! 1370 config CRYPTO_SERPENT
1005 tristate "SM3 (ShangMi 3)" !! 1371 tristate "Serpent cipher algorithm"
1006 select CRYPTO_HASH !! 1372 select CRYPTO_ALGAPI
1007 select CRYPTO_SM3 <<
1008 help 1373 help
1009 SM3 (ShangMi 3) secure hash functio !! 1374 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1010 1375
1011 This is part of the Chinese Commerc !! 1376 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1377 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
>> 1378 variant of Serpent for compatibility with old kerneli.org code.
1012 1379
1013 References: !! 1380 See also:
1014 http://www.oscca.gov.cn/UpFile/2010 !! 1381 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1015 https://datatracker.ietf.org/doc/ht <<
1016 1382
1017 config CRYPTO_STREEBOG !! 1383 config CRYPTO_SERPENT_SSE2_X86_64
1018 tristate "Streebog" !! 1384 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1019 select CRYPTO_HASH !! 1385 depends on X86 && 64BIT
>> 1386 select CRYPTO_ALGAPI
>> 1387 select CRYPTO_CRYPTD
>> 1388 select CRYPTO_ABLK_HELPER
>> 1389 select CRYPTO_GLUE_HELPER_X86
>> 1390 select CRYPTO_SERPENT
>> 1391 select CRYPTO_LRW
>> 1392 select CRYPTO_XTS
1020 help 1393 help
1021 Streebog Hash Function (GOST R 34.1 !! 1394 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1022 1395
1023 This is one of the Russian cryptogr !! 1396 Keys are allowed to be from 0 to 256 bits in length, in steps
1024 GOST algorithms). This setting enab !! 1397 of 8 bits.
1025 256 and 512 bits output. <<
1026 1398
1027 References: !! 1399 This module provides Serpent cipher algorithm that processes eight
1028 https://tc26.ru/upload/iblock/fed/f !! 1400 blocks parallel using SSE2 instruction set.
1029 https://tools.ietf.org/html/rfc6986 <<
1030 1401
1031 config CRYPTO_VMAC !! 1402 See also:
1032 tristate "VMAC" !! 1403 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1033 select CRYPTO_HASH !! 1404
1034 select CRYPTO_MANAGER !! 1405 config CRYPTO_SERPENT_SSE2_586
>> 1406 tristate "Serpent cipher algorithm (i586/SSE2)"
>> 1407 depends on X86 && !64BIT
>> 1408 select CRYPTO_ALGAPI
>> 1409 select CRYPTO_CRYPTD
>> 1410 select CRYPTO_ABLK_HELPER
>> 1411 select CRYPTO_GLUE_HELPER_X86
>> 1412 select CRYPTO_SERPENT
>> 1413 select CRYPTO_LRW
>> 1414 select CRYPTO_XTS
1035 help 1415 help
1036 VMAC is a message authentication al !! 1416 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1037 very high speed on 64-bit architect !! 1417
>> 1418 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1419 of 8 bits.
1038 1420
1039 See https://fastcrypto.org/vmac for !! 1421 This module provides Serpent cipher algorithm that processes four
>> 1422 blocks parallel using SSE2 instruction set.
1040 1423
1041 config CRYPTO_WP512 !! 1424 See also:
1042 tristate "Whirlpool" !! 1425 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1043 select CRYPTO_HASH !! 1426
>> 1427 config CRYPTO_SERPENT_AVX_X86_64
>> 1428 tristate "Serpent cipher algorithm (x86_64/AVX)"
>> 1429 depends on X86 && 64BIT
>> 1430 select CRYPTO_ALGAPI
>> 1431 select CRYPTO_CRYPTD
>> 1432 select CRYPTO_ABLK_HELPER
>> 1433 select CRYPTO_GLUE_HELPER_X86
>> 1434 select CRYPTO_SERPENT
>> 1435 select CRYPTO_LRW
>> 1436 select CRYPTO_XTS
1044 help 1437 help
1045 Whirlpool hash function (ISO/IEC 10 !! 1438 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1046 1439
1047 512, 384 and 256-bit hashes. !! 1440 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1441 of 8 bits.
1048 1442
1049 Whirlpool-512 is part of the NESSIE !! 1443 This module provides the Serpent cipher algorithm that processes
>> 1444 eight blocks parallel using the AVX instruction set.
1050 1445
1051 See https://web.archive.org/web/201 !! 1446 See also:
1052 for further information. !! 1447 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1053 1448
1054 config CRYPTO_XCBC !! 1449 config CRYPTO_SERPENT_AVX2_X86_64
1055 tristate "XCBC-MAC (Extended Cipher B !! 1450 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1056 select CRYPTO_HASH !! 1451 depends on X86 && 64BIT
1057 select CRYPTO_MANAGER !! 1452 select CRYPTO_ALGAPI
>> 1453 select CRYPTO_CRYPTD
>> 1454 select CRYPTO_ABLK_HELPER
>> 1455 select CRYPTO_GLUE_HELPER_X86
>> 1456 select CRYPTO_SERPENT
>> 1457 select CRYPTO_SERPENT_AVX_X86_64
>> 1458 select CRYPTO_LRW
>> 1459 select CRYPTO_XTS
1058 help 1460 help
1059 XCBC-MAC (Extended Cipher Block Cha !! 1461 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1060 Code) (RFC3566) <<
1061 1462
1062 config CRYPTO_XXHASH !! 1463 Keys are allowed to be from 0 to 256 bits in length, in steps
1063 tristate "xxHash" !! 1464 of 8 bits.
1064 select CRYPTO_HASH !! 1465
1065 select XXHASH !! 1466 This module provides Serpent cipher algorithm that processes 16
>> 1467 blocks parallel using AVX2 instruction set.
>> 1468
>> 1469 See also:
>> 1470 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1471
>> 1472 config CRYPTO_TEA
>> 1473 tristate "TEA, XTEA and XETA cipher algorithms"
>> 1474 select CRYPTO_ALGAPI
1066 help 1475 help
1067 xxHash non-cryptographic hash algor !! 1476 TEA cipher algorithm.
>> 1477
>> 1478 Tiny Encryption Algorithm is a simple cipher that uses
>> 1479 many rounds for security. It is very fast and uses
>> 1480 little memory.
>> 1481
>> 1482 Xtendend Tiny Encryption Algorithm is a modification to
>> 1483 the TEA algorithm to address a potential key weakness
>> 1484 in the TEA algorithm.
>> 1485
>> 1486 Xtendend Encryption Tiny Algorithm is a mis-implementation
>> 1487 of the XTEA algorithm for compatibility purposes.
1068 1488
1069 Extremely fast, working at speeds c !! 1489 config CRYPTO_TWOFISH
>> 1490 tristate "Twofish cipher algorithm"
>> 1491 select CRYPTO_ALGAPI
>> 1492 select CRYPTO_TWOFISH_COMMON
>> 1493 help
>> 1494 Twofish cipher algorithm.
1070 1495
1071 Used by the btrfs filesystem. !! 1496 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1497 candidate cipher by researchers at CounterPane Systems. It is a
>> 1498 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1499 bits.
1072 1500
1073 endmenu !! 1501 See also:
>> 1502 <http://www.schneier.com/twofish.html>
1074 1503
1075 menu "CRCs (cyclic redundancy checks)" !! 1504 config CRYPTO_TWOFISH_COMMON
>> 1505 tristate
>> 1506 help
>> 1507 Common parts of the Twofish cipher algorithm shared by the
>> 1508 generic c and the assembler implementations.
1076 1509
1077 config CRYPTO_CRC32C !! 1510 config CRYPTO_TWOFISH_586
1078 tristate "CRC32c" !! 1511 tristate "Twofish cipher algorithms (i586)"
1079 select CRYPTO_HASH !! 1512 depends on (X86 || UML_X86) && !64BIT
1080 select CRC32 !! 1513 select CRYPTO_ALGAPI
>> 1514 select CRYPTO_TWOFISH_COMMON
1081 help 1515 help
1082 CRC32c CRC algorithm with the iSCSI !! 1516 Twofish cipher algorithm.
1083 1517
1084 A 32-bit CRC (cyclic redundancy che !! 1518 Twofish was submitted as an AES (Advanced Encryption Standard)
1085 by G. Castagnoli, S. Braeuer and M. !! 1519 candidate cipher by researchers at CounterPane Systems. It is a
1086 Redundancy-Check Codes with 24 and !! 1520 16 round block cipher supporting key sizes of 128, 192, and 256
1087 on Communications, Vol. 41, No. 6, !! 1521 bits.
1088 iSCSI. <<
1089 1522
1090 Used by btrfs, ext4, jbd2, NVMeoF/T !! 1523 See also:
>> 1524 <http://www.schneier.com/twofish.html>
1091 1525
1092 config CRYPTO_CRC32 !! 1526 config CRYPTO_TWOFISH_X86_64
1093 tristate "CRC32" !! 1527 tristate "Twofish cipher algorithm (x86_64)"
1094 select CRYPTO_HASH !! 1528 depends on (X86 || UML_X86) && 64BIT
1095 select CRC32 !! 1529 select CRYPTO_ALGAPI
>> 1530 select CRYPTO_TWOFISH_COMMON
1096 help 1531 help
1097 CRC32 CRC algorithm (IEEE 802.3) !! 1532 Twofish cipher algorithm (x86_64).
>> 1533
>> 1534 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1535 candidate cipher by researchers at CounterPane Systems. It is a
>> 1536 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1537 bits.
1098 1538
1099 Used by RoCEv2 and f2fs. !! 1539 See also:
>> 1540 <http://www.schneier.com/twofish.html>
1100 1541
1101 config CRYPTO_CRCT10DIF !! 1542 config CRYPTO_TWOFISH_X86_64_3WAY
1102 tristate "CRCT10DIF" !! 1543 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1103 select CRYPTO_HASH !! 1544 depends on X86 && 64BIT
>> 1545 select CRYPTO_ALGAPI
>> 1546 select CRYPTO_TWOFISH_COMMON
>> 1547 select CRYPTO_TWOFISH_X86_64
>> 1548 select CRYPTO_GLUE_HELPER_X86
>> 1549 select CRYPTO_LRW
>> 1550 select CRYPTO_XTS
1104 help 1551 help
1105 CRC16 CRC algorithm used for the T1 !! 1552 Twofish cipher algorithm (x86_64, 3-way parallel).
1106 1553
1107 CRC algorithm used by the SCSI Bloc !! 1554 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1555 candidate cipher by researchers at CounterPane Systems. It is a
>> 1556 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1557 bits.
1108 1558
1109 config CRYPTO_CRC64_ROCKSOFT !! 1559 This module provides Twofish cipher algorithm that processes three
1110 tristate "CRC64 based on Rocksoft Mod !! 1560 blocks parallel, utilizing resources of out-of-order CPUs better.
1111 depends on CRC64 !! 1561
1112 select CRYPTO_HASH !! 1562 See also:
>> 1563 <http://www.schneier.com/twofish.html>
>> 1564
>> 1565 config CRYPTO_TWOFISH_AVX_X86_64
>> 1566 tristate "Twofish cipher algorithm (x86_64/AVX)"
>> 1567 depends on X86 && 64BIT
>> 1568 select CRYPTO_ALGAPI
>> 1569 select CRYPTO_CRYPTD
>> 1570 select CRYPTO_ABLK_HELPER
>> 1571 select CRYPTO_GLUE_HELPER_X86
>> 1572 select CRYPTO_TWOFISH_COMMON
>> 1573 select CRYPTO_TWOFISH_X86_64
>> 1574 select CRYPTO_TWOFISH_X86_64_3WAY
>> 1575 select CRYPTO_LRW
>> 1576 select CRYPTO_XTS
1113 help 1577 help
1114 CRC64 CRC algorithm based on the Ro !! 1578 Twofish cipher algorithm (x86_64/AVX).
1115 1579
1116 Used by the NVMe implementation of !! 1580 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1581 candidate cipher by researchers at CounterPane Systems. It is a
>> 1582 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1583 bits.
1117 1584
1118 See https://zlib.net/crc_v3.txt !! 1585 This module provides the Twofish cipher algorithm that processes
>> 1586 eight blocks parallel using the AVX Instruction Set.
1119 1587
1120 endmenu !! 1588 See also:
>> 1589 <http://www.schneier.com/twofish.html>
1121 1590
1122 menu "Compression" !! 1591 comment "Compression"
1123 1592
1124 config CRYPTO_DEFLATE 1593 config CRYPTO_DEFLATE
1125 tristate "Deflate" !! 1594 tristate "Deflate compression algorithm"
1126 select CRYPTO_ALGAPI 1595 select CRYPTO_ALGAPI
1127 select CRYPTO_ACOMP2 1596 select CRYPTO_ACOMP2
1128 select ZLIB_INFLATE 1597 select ZLIB_INFLATE
1129 select ZLIB_DEFLATE 1598 select ZLIB_DEFLATE
1130 help 1599 help
1131 Deflate compression algorithm (RFC1 !! 1600 This is the Deflate algorithm (RFC1951), specified for use in
>> 1601 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1132 1602
1133 Used by IPSec with the IPCOMP proto !! 1603 You will most probably want this if using IPSec.
1134 1604
1135 config CRYPTO_LZO 1605 config CRYPTO_LZO
1136 tristate "LZO" !! 1606 tristate "LZO compression algorithm"
1137 select CRYPTO_ALGAPI 1607 select CRYPTO_ALGAPI
1138 select CRYPTO_ACOMP2 1608 select CRYPTO_ACOMP2
1139 select LZO_COMPRESS 1609 select LZO_COMPRESS
1140 select LZO_DECOMPRESS 1610 select LZO_DECOMPRESS
1141 help 1611 help
1142 LZO compression algorithm !! 1612 This is the LZO algorithm.
1143 <<
1144 See https://www.oberhumer.com/opens <<
1145 1613
1146 config CRYPTO_842 1614 config CRYPTO_842
1147 tristate "842" !! 1615 tristate "842 compression algorithm"
1148 select CRYPTO_ALGAPI 1616 select CRYPTO_ALGAPI
1149 select CRYPTO_ACOMP2 1617 select CRYPTO_ACOMP2
1150 select 842_COMPRESS 1618 select 842_COMPRESS
1151 select 842_DECOMPRESS 1619 select 842_DECOMPRESS
1152 help 1620 help
1153 842 compression algorithm by IBM !! 1621 This is the 842 algorithm.
1154 <<
1155 See https://github.com/plauth/lib84 <<
1156 1622
1157 config CRYPTO_LZ4 1623 config CRYPTO_LZ4
1158 tristate "LZ4" !! 1624 tristate "LZ4 compression algorithm"
1159 select CRYPTO_ALGAPI 1625 select CRYPTO_ALGAPI
1160 select CRYPTO_ACOMP2 1626 select CRYPTO_ACOMP2
1161 select LZ4_COMPRESS 1627 select LZ4_COMPRESS
1162 select LZ4_DECOMPRESS 1628 select LZ4_DECOMPRESS
1163 help 1629 help
1164 LZ4 compression algorithm !! 1630 This is the LZ4 algorithm.
1165 <<
1166 See https://github.com/lz4/lz4 for <<
1167 1631
1168 config CRYPTO_LZ4HC 1632 config CRYPTO_LZ4HC
1169 tristate "LZ4HC" !! 1633 tristate "LZ4HC compression algorithm"
1170 select CRYPTO_ALGAPI 1634 select CRYPTO_ALGAPI
1171 select CRYPTO_ACOMP2 1635 select CRYPTO_ACOMP2
1172 select LZ4HC_COMPRESS 1636 select LZ4HC_COMPRESS
1173 select LZ4_DECOMPRESS 1637 select LZ4_DECOMPRESS
1174 help 1638 help
1175 LZ4 high compression mode algorithm !! 1639 This is the LZ4 high compression mode algorithm.
1176 <<
1177 See https://github.com/lz4/lz4 for <<
1178 <<
1179 config CRYPTO_ZSTD <<
1180 tristate "Zstd" <<
1181 select CRYPTO_ALGAPI <<
1182 select CRYPTO_ACOMP2 <<
1183 select ZSTD_COMPRESS <<
1184 select ZSTD_DECOMPRESS <<
1185 help <<
1186 zstd compression algorithm <<
1187 <<
1188 See https://github.com/facebook/zst <<
1189 <<
1190 endmenu <<
1191 1640
1192 menu "Random number generation" !! 1641 comment "Random Number Generation"
1193 1642
1194 config CRYPTO_ANSI_CPRNG 1643 config CRYPTO_ANSI_CPRNG
1195 tristate "ANSI PRNG (Pseudo Random Nu !! 1644 tristate "Pseudo Random Number Generation for Cryptographic modules"
1196 select CRYPTO_AES 1645 select CRYPTO_AES
1197 select CRYPTO_RNG 1646 select CRYPTO_RNG
1198 help 1647 help
1199 Pseudo RNG (random number generator !! 1648 This option enables the generic pseudo random number generator
1200 !! 1649 for cryptographic modules. Uses the Algorithm specified in
1201 This uses the AES cipher algorithm. !! 1650 ANSI X9.31 A.2.4. Note that this option must be enabled if
1202 !! 1651 CRYPTO_FIPS is selected
1203 Note that this option must be enabl <<
1204 1652
1205 menuconfig CRYPTO_DRBG_MENU 1653 menuconfig CRYPTO_DRBG_MENU
1206 tristate "NIST SP800-90A DRBG (Determ !! 1654 tristate "NIST SP800-90A DRBG"
1207 help 1655 help
1208 DRBG (Deterministic Random Bit Gene !! 1656 NIST SP800-90A compliant DRBG. In the following submenu, one or
1209 !! 1657 more of the DRBG types must be selected.
1210 In the following submenu, one or mo <<
1211 1658
1212 if CRYPTO_DRBG_MENU 1659 if CRYPTO_DRBG_MENU
1213 1660
1214 config CRYPTO_DRBG_HMAC 1661 config CRYPTO_DRBG_HMAC
1215 bool 1662 bool
1216 default y 1663 default y
1217 select CRYPTO_HMAC 1664 select CRYPTO_HMAC
1218 select CRYPTO_SHA512 !! 1665 select CRYPTO_SHA256
1219 1666
1220 config CRYPTO_DRBG_HASH 1667 config CRYPTO_DRBG_HASH
1221 bool "Hash_DRBG" !! 1668 bool "Enable Hash DRBG"
1222 select CRYPTO_SHA256 1669 select CRYPTO_SHA256
1223 help 1670 help
1224 Hash_DRBG variant as defined in NIS !! 1671 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1225 <<
1226 This uses the SHA-1, SHA-256, SHA-3 <<
1227 1672
1228 config CRYPTO_DRBG_CTR 1673 config CRYPTO_DRBG_CTR
1229 bool "CTR_DRBG" !! 1674 bool "Enable CTR DRBG"
1230 select CRYPTO_AES 1675 select CRYPTO_AES
1231 select CRYPTO_CTR !! 1676 depends on CRYPTO_CTR
1232 help 1677 help
1233 CTR_DRBG variant as defined in NIST !! 1678 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1234 <<
1235 This uses the AES cipher algorithm <<
1236 1679
1237 config CRYPTO_DRBG 1680 config CRYPTO_DRBG
1238 tristate 1681 tristate
1239 default CRYPTO_DRBG_MENU 1682 default CRYPTO_DRBG_MENU
1240 select CRYPTO_RNG 1683 select CRYPTO_RNG
1241 select CRYPTO_JITTERENTROPY 1684 select CRYPTO_JITTERENTROPY
1242 1685
1243 endif # if CRYPTO_DRBG_MENU 1686 endif # if CRYPTO_DRBG_MENU
1244 1687
1245 config CRYPTO_JITTERENTROPY 1688 config CRYPTO_JITTERENTROPY
1246 tristate "CPU Jitter Non-Deterministi !! 1689 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1247 select CRYPTO_RNG 1690 select CRYPTO_RNG
1248 select CRYPTO_SHA3 <<
1249 help 1691 help
1250 CPU Jitter RNG (Random Number Gener !! 1692 The Jitterentropy RNG is a noise that is intended
1251 !! 1693 to provide seed to another RNG. The RNG does not
1252 A non-physical non-deterministic (" !! 1694 perform any cryptographic whitening of the generated
1253 compliant with NIST SP800-90B) inte !! 1695 random numbers. This Jitterentropy RNG registers with
1254 deterministic RNG (e.g., per NIST S !! 1696 the kernel crypto API and can be used by any caller.
1255 This RNG does not perform any crypt <<
1256 random numbers. <<
1257 <<
1258 See https://www.chronox.de/jent/ <<
1259 <<
1260 if CRYPTO_JITTERENTROPY <<
1261 if CRYPTO_FIPS && EXPERT <<
1262 <<
1263 choice <<
1264 prompt "CPU Jitter RNG Memory Size" <<
1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ <<
1266 help <<
1267 The Jitter RNG measures the executi <<
1268 Multiple consecutive memory accesse <<
1269 size fits into a cache (e.g. L1), o <<
1270 to that cache is measured. The clos <<
1271 the less variations are measured an <<
1272 obtained. Thus, if the memory size <<
1273 obtained entropy is less than if th <<
1274 L1 + L2, which in turn is less if t <<
1275 L1 + L2 + L3. Thus, by selecting a <<
1276 the entropy rate produced by the Ji <<
1277 <<
1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 <<
1279 bool "2048 Bytes (default)" <<
1280 <<
1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1282 bool "128 kBytes" <<
1283 <<
1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1285 bool "1024 kBytes" <<
1286 <<
1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 <<
1288 bool "8192 kBytes" <<
1289 endchoice <<
1290 <<
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1292 int <<
1293 default 64 if CRYPTO_JITTERENTROPY_ME <<
1294 default 512 if CRYPTO_JITTERENTROPY_M <<
1295 default 1024 if CRYPTO_JITTERENTROPY_ <<
1296 default 4096 if CRYPTO_JITTERENTROPY_ <<
1297 <<
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1299 int <<
1300 default 32 if CRYPTO_JITTERENTROPY_ME <<
1301 default 256 if CRYPTO_JITTERENTROPY_M <<
1302 default 1024 if CRYPTO_JITTERENTROPY_ <<
1303 default 2048 if CRYPTO_JITTERENTROPY_ <<
1304 <<
1305 config CRYPTO_JITTERENTROPY_OSR <<
1306 int "CPU Jitter RNG Oversampling Rate <<
1307 range 1 15 <<
1308 default 3 <<
1309 help <<
1310 The Jitter RNG allows the specifica <<
1311 The Jitter RNG operation requires a <<
1312 measurements to produce one output <<
1313 OSR value is multiplied with the am <<
1314 generate one output block. Thus, th <<
1315 by the OSR factor. The oversampling <<
1316 on hardware whose timers deliver li <<
1317 the timer is coarse) by setting the <<
1318 trade-off, however, is that the Jit <<
1319 to generate random numbers. <<
1320 <<
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1322 bool "CPU Jitter RNG Test Interface" <<
1323 help <<
1324 The test interface allows a privile <<
1325 the raw unconditioned high resoluti <<
1326 is collected by the Jitter RNG for <<
1327 this data is used at the same time <<
1328 the Jitter RNG operates in an insec <<
1329 recording is enabled. This interfac <<
1330 intended for testing purposes and i <<
1331 production systems. <<
1332 <<
1333 The raw noise data can be obtained <<
1334 debugfs file. Using the option <<
1335 jitterentropy_testing.boot_raw_hire <<
1336 the first 1000 entropy events since <<
1337 <<
1338 If unsure, select N. <<
1339 <<
1340 endif # if CRYPTO_FIPS && EXPERT <<
1341 <<
1342 if !(CRYPTO_FIPS && EXPERT) <<
1343 <<
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1345 int <<
1346 default 64 <<
1347 <<
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1349 int <<
1350 default 32 <<
1351 <<
1352 config CRYPTO_JITTERENTROPY_OSR <<
1353 int <<
1354 default 1 <<
1355 <<
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1357 bool <<
1358 <<
1359 endif # if !(CRYPTO_FIPS && EXPERT) <<
1360 endif # if CRYPTO_JITTERENTROPY <<
1361 <<
1362 config CRYPTO_KDF800108_CTR <<
1363 tristate <<
1364 select CRYPTO_HMAC <<
1365 select CRYPTO_SHA256 <<
1366 <<
1367 endmenu <<
1368 menu "Userspace interface" <<
1369 1697
1370 config CRYPTO_USER_API 1698 config CRYPTO_USER_API
1371 tristate 1699 tristate
1372 1700
1373 config CRYPTO_USER_API_HASH 1701 config CRYPTO_USER_API_HASH
1374 tristate "Hash algorithms" !! 1702 tristate "User-space interface for hash algorithms"
1375 depends on NET 1703 depends on NET
1376 select CRYPTO_HASH 1704 select CRYPTO_HASH
1377 select CRYPTO_USER_API 1705 select CRYPTO_USER_API
1378 help 1706 help
1379 Enable the userspace interface for !! 1707 This option enables the user-spaces interface for hash
1380 !! 1708 algorithms.
1381 See Documentation/crypto/userspace- <<
1382 https://www.chronox.de/libkcapi/htm <<
1383 1709
1384 config CRYPTO_USER_API_SKCIPHER 1710 config CRYPTO_USER_API_SKCIPHER
1385 tristate "Symmetric key cipher algori !! 1711 tristate "User-space interface for symmetric key cipher algorithms"
1386 depends on NET 1712 depends on NET
1387 select CRYPTO_SKCIPHER !! 1713 select CRYPTO_BLKCIPHER
1388 select CRYPTO_USER_API 1714 select CRYPTO_USER_API
1389 help 1715 help
1390 Enable the userspace interface for !! 1716 This option enables the user-spaces interface for symmetric
1391 !! 1717 key cipher algorithms.
1392 See Documentation/crypto/userspace- <<
1393 https://www.chronox.de/libkcapi/htm <<
1394 1718
1395 config CRYPTO_USER_API_RNG 1719 config CRYPTO_USER_API_RNG
1396 tristate "RNG (random number generato !! 1720 tristate "User-space interface for random number generator algorithms"
1397 depends on NET 1721 depends on NET
1398 select CRYPTO_RNG 1722 select CRYPTO_RNG
1399 select CRYPTO_USER_API 1723 select CRYPTO_USER_API
1400 help 1724 help
1401 Enable the userspace interface for !! 1725 This option enables the user-spaces interface for random
1402 algorithms. !! 1726 number generator algorithms.
1403 <<
1404 See Documentation/crypto/userspace- <<
1405 https://www.chronox.de/libkcapi/htm <<
1406 <<
1407 config CRYPTO_USER_API_RNG_CAVP <<
1408 bool "Enable CAVP testing of DRBG" <<
1409 depends on CRYPTO_USER_API_RNG && CRY <<
1410 help <<
1411 Enable extra APIs in the userspace <<
1412 (Cryptographic Algorithm Validation <<
1413 - resetting DRBG entropy <<
1414 - providing Additional Data <<
1415 <<
1416 This should only be enabled for CAV <<
1417 no unless you know what this is. <<
1418 1727
1419 config CRYPTO_USER_API_AEAD 1728 config CRYPTO_USER_API_AEAD
1420 tristate "AEAD cipher algorithms" !! 1729 tristate "User-space interface for AEAD cipher algorithms"
1421 depends on NET 1730 depends on NET
1422 select CRYPTO_AEAD 1731 select CRYPTO_AEAD
1423 select CRYPTO_SKCIPHER !! 1732 select CRYPTO_BLKCIPHER
1424 select CRYPTO_NULL 1733 select CRYPTO_NULL
1425 select CRYPTO_USER_API 1734 select CRYPTO_USER_API
1426 help 1735 help
1427 Enable the userspace interface for !! 1736 This option enables the user-spaces interface for AEAD
1428 !! 1737 cipher algorithms.
1429 See Documentation/crypto/userspace- <<
1430 https://www.chronox.de/libkcapi/htm <<
1431 <<
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE <<
1433 bool "Obsolete cryptographic algorith <<
1434 depends on CRYPTO_USER_API <<
1435 default y <<
1436 help <<
1437 Allow obsolete cryptographic algori <<
1438 already been phased out from intern <<
1439 only useful for userspace clients t <<
1440 <<
1441 endmenu <<
1442 1738
1443 config CRYPTO_HASH_INFO 1739 config CRYPTO_HASH_INFO
1444 bool 1740 bool
1445 1741
1446 if !KMSAN # avoid false positives from assemb <<
1447 if ARM <<
1448 source "arch/arm/crypto/Kconfig" <<
1449 endif <<
1450 if ARM64 <<
1451 source "arch/arm64/crypto/Kconfig" <<
1452 endif <<
1453 if LOONGARCH <<
1454 source "arch/loongarch/crypto/Kconfig" <<
1455 endif <<
1456 if MIPS <<
1457 source "arch/mips/crypto/Kconfig" <<
1458 endif <<
1459 if PPC <<
1460 source "arch/powerpc/crypto/Kconfig" <<
1461 endif <<
1462 if RISCV <<
1463 source "arch/riscv/crypto/Kconfig" <<
1464 endif <<
1465 if S390 <<
1466 source "arch/s390/crypto/Kconfig" <<
1467 endif <<
1468 if SPARC <<
1469 source "arch/sparc/crypto/Kconfig" <<
1470 endif <<
1471 if X86 <<
1472 source "arch/x86/crypto/Kconfig" <<
1473 endif <<
1474 endif <<
1475 <<
1476 source "drivers/crypto/Kconfig" 1742 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig" !! 1743 source crypto/asymmetric_keys/Kconfig
1478 source "certs/Kconfig" !! 1744 source certs/Kconfig
1479 1745
1480 endif # if CRYPTO 1746 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.