1 # SPDX-License-Identifier: GPL-2.0 1 # SPDX-License-Identifier: GPL-2.0
2 # 2 #
3 # Generic algorithms support 3 # Generic algorithms support
4 # 4 #
5 config XOR_BLOCKS 5 config XOR_BLOCKS
6 tristate 6 tristate
7 7
8 # 8 #
9 # async_tx api: hardware offloaded memory tran 9 # async_tx api: hardware offloaded memory transfer/transform support
10 # 10 #
11 source "crypto/async_tx/Kconfig" 11 source "crypto/async_tx/Kconfig"
12 12
13 # 13 #
14 # Cryptographic API Configuration 14 # Cryptographic API Configuration
15 # 15 #
16 menuconfig CRYPTO 16 menuconfig CRYPTO
17 tristate "Cryptographic API" 17 tristate "Cryptographic API"
18 select CRYPTO_LIB_UTILS <<
19 help 18 help
20 This option provides the core Crypto 19 This option provides the core Cryptographic API.
21 20
22 if CRYPTO 21 if CRYPTO
23 22
24 menu "Crypto core or helper" !! 23 comment "Crypto core or helper"
25 24
26 config CRYPTO_FIPS 25 config CRYPTO_FIPS
27 bool "FIPS 200 compliance" 26 bool "FIPS 200 compliance"
28 depends on (CRYPTO_ANSI_CPRNG || CRYPT 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
29 depends on (MODULE_SIG || !MODULES) 28 depends on (MODULE_SIG || !MODULES)
30 help 29 help
31 This option enables the fips boot op !! 30 This options enables the fips boot option which is
32 required if you want the system to o !! 31 required if you want to system to operate in a FIPS 200
33 certification. You should say no un 32 certification. You should say no unless you know what
34 this is. 33 this is.
35 34
36 config CRYPTO_FIPS_NAME <<
37 string "FIPS Module Name" <<
38 default "Linux Kernel Cryptographic AP <<
39 depends on CRYPTO_FIPS <<
40 help <<
41 This option sets the FIPS Module nam <<
42 the /proc/sys/crypto/fips_name file. <<
43 <<
44 config CRYPTO_FIPS_CUSTOM_VERSION <<
45 bool "Use Custom FIPS Module Version" <<
46 depends on CRYPTO_FIPS <<
47 default n <<
48 <<
49 config CRYPTO_FIPS_VERSION <<
50 string "FIPS Module Version" <<
51 default "(none)" <<
52 depends on CRYPTO_FIPS_CUSTOM_VERSION <<
53 help <<
54 This option provides the ability to <<
55 By default the KERNELRELEASE value i <<
56 <<
57 config CRYPTO_ALGAPI 35 config CRYPTO_ALGAPI
58 tristate 36 tristate
59 select CRYPTO_ALGAPI2 37 select CRYPTO_ALGAPI2
60 help 38 help
61 This option provides the API for cry 39 This option provides the API for cryptographic algorithms.
62 40
63 config CRYPTO_ALGAPI2 41 config CRYPTO_ALGAPI2
64 tristate 42 tristate
65 43
66 config CRYPTO_AEAD 44 config CRYPTO_AEAD
67 tristate 45 tristate
68 select CRYPTO_AEAD2 46 select CRYPTO_AEAD2
69 select CRYPTO_ALGAPI 47 select CRYPTO_ALGAPI
70 48
71 config CRYPTO_AEAD2 49 config CRYPTO_AEAD2
72 tristate 50 tristate
73 select CRYPTO_ALGAPI2 51 select CRYPTO_ALGAPI2
>> 52 select CRYPTO_NULL2
>> 53 select CRYPTO_RNG2
74 54
75 config CRYPTO_SIG !! 55 config CRYPTO_BLKCIPHER
76 tristate <<
77 select CRYPTO_SIG2 <<
78 select CRYPTO_ALGAPI <<
79 <<
80 config CRYPTO_SIG2 <<
81 tristate <<
82 select CRYPTO_ALGAPI2 <<
83 <<
84 config CRYPTO_SKCIPHER <<
85 tristate 56 tristate
86 select CRYPTO_SKCIPHER2 !! 57 select CRYPTO_BLKCIPHER2
87 select CRYPTO_ALGAPI 58 select CRYPTO_ALGAPI
88 select CRYPTO_ECB <<
89 59
90 config CRYPTO_SKCIPHER2 !! 60 config CRYPTO_BLKCIPHER2
91 tristate 61 tristate
92 select CRYPTO_ALGAPI2 62 select CRYPTO_ALGAPI2
>> 63 select CRYPTO_RNG2
>> 64 select CRYPTO_WORKQUEUE
93 65
94 config CRYPTO_HASH 66 config CRYPTO_HASH
95 tristate 67 tristate
96 select CRYPTO_HASH2 68 select CRYPTO_HASH2
97 select CRYPTO_ALGAPI 69 select CRYPTO_ALGAPI
98 70
99 config CRYPTO_HASH2 71 config CRYPTO_HASH2
100 tristate 72 tristate
101 select CRYPTO_ALGAPI2 73 select CRYPTO_ALGAPI2
102 74
103 config CRYPTO_RNG 75 config CRYPTO_RNG
104 tristate 76 tristate
105 select CRYPTO_RNG2 77 select CRYPTO_RNG2
106 select CRYPTO_ALGAPI 78 select CRYPTO_ALGAPI
107 79
108 config CRYPTO_RNG2 80 config CRYPTO_RNG2
109 tristate 81 tristate
110 select CRYPTO_ALGAPI2 82 select CRYPTO_ALGAPI2
111 83
112 config CRYPTO_RNG_DEFAULT 84 config CRYPTO_RNG_DEFAULT
113 tristate 85 tristate
114 select CRYPTO_DRBG_MENU 86 select CRYPTO_DRBG_MENU
115 87
116 config CRYPTO_AKCIPHER2 88 config CRYPTO_AKCIPHER2
117 tristate 89 tristate
118 select CRYPTO_ALGAPI2 90 select CRYPTO_ALGAPI2
119 91
120 config CRYPTO_AKCIPHER 92 config CRYPTO_AKCIPHER
121 tristate 93 tristate
122 select CRYPTO_AKCIPHER2 94 select CRYPTO_AKCIPHER2
123 select CRYPTO_ALGAPI 95 select CRYPTO_ALGAPI
124 96
125 config CRYPTO_KPP2 97 config CRYPTO_KPP2
126 tristate 98 tristate
127 select CRYPTO_ALGAPI2 99 select CRYPTO_ALGAPI2
128 100
129 config CRYPTO_KPP 101 config CRYPTO_KPP
130 tristate 102 tristate
131 select CRYPTO_ALGAPI 103 select CRYPTO_ALGAPI
132 select CRYPTO_KPP2 104 select CRYPTO_KPP2
133 105
134 config CRYPTO_ACOMP2 106 config CRYPTO_ACOMP2
135 tristate 107 tristate
136 select CRYPTO_ALGAPI2 108 select CRYPTO_ALGAPI2
137 select SGL_ALLOC 109 select SGL_ALLOC
138 110
139 config CRYPTO_ACOMP 111 config CRYPTO_ACOMP
140 tristate 112 tristate
141 select CRYPTO_ALGAPI 113 select CRYPTO_ALGAPI
142 select CRYPTO_ACOMP2 114 select CRYPTO_ACOMP2
143 115
>> 116 config CRYPTO_RSA
>> 117 tristate "RSA algorithm"
>> 118 select CRYPTO_AKCIPHER
>> 119 select CRYPTO_MANAGER
>> 120 select MPILIB
>> 121 select ASN1
>> 122 help
>> 123 Generic implementation of the RSA public key algorithm.
>> 124
>> 125 config CRYPTO_DH
>> 126 tristate "Diffie-Hellman algorithm"
>> 127 select CRYPTO_KPP
>> 128 select MPILIB
>> 129 help
>> 130 Generic implementation of the Diffie-Hellman algorithm.
>> 131
>> 132 config CRYPTO_ECDH
>> 133 tristate "ECDH algorithm"
>> 134 select CRYPTO_KPP
>> 135 select CRYPTO_RNG_DEFAULT
>> 136 help
>> 137 Generic implementation of the ECDH algorithm
>> 138
144 config CRYPTO_MANAGER 139 config CRYPTO_MANAGER
145 tristate "Cryptographic algorithm mana 140 tristate "Cryptographic algorithm manager"
146 select CRYPTO_MANAGER2 141 select CRYPTO_MANAGER2
147 help 142 help
148 Create default cryptographic templat 143 Create default cryptographic template instantiations such as
149 cbc(aes). 144 cbc(aes).
150 145
151 config CRYPTO_MANAGER2 146 config CRYPTO_MANAGER2
152 def_tristate CRYPTO_MANAGER || (CRYPTO 147 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153 select CRYPTO_ACOMP2 <<
154 select CRYPTO_AEAD2 148 select CRYPTO_AEAD2
155 select CRYPTO_AKCIPHER2 <<
156 select CRYPTO_SIG2 <<
157 select CRYPTO_HASH2 149 select CRYPTO_HASH2
>> 150 select CRYPTO_BLKCIPHER2
>> 151 select CRYPTO_AKCIPHER2
158 select CRYPTO_KPP2 152 select CRYPTO_KPP2
159 select CRYPTO_RNG2 !! 153 select CRYPTO_ACOMP2
160 select CRYPTO_SKCIPHER2 <<
161 154
162 config CRYPTO_USER 155 config CRYPTO_USER
163 tristate "Userspace cryptographic algo 156 tristate "Userspace cryptographic algorithm configuration"
164 depends on NET 157 depends on NET
165 select CRYPTO_MANAGER 158 select CRYPTO_MANAGER
166 help 159 help
167 Userspace configuration for cryptogr 160 Userspace configuration for cryptographic instantiations such as
168 cbc(aes). 161 cbc(aes).
169 162
170 config CRYPTO_MANAGER_DISABLE_TESTS 163 config CRYPTO_MANAGER_DISABLE_TESTS
171 bool "Disable run-time self tests" 164 bool "Disable run-time self tests"
172 default y 165 default y
>> 166 depends on CRYPTO_MANAGER2
173 help 167 help
174 Disable run-time self tests that nor 168 Disable run-time self tests that normally take place at
175 algorithm registration. 169 algorithm registration.
176 170
177 config CRYPTO_MANAGER_EXTRA_TESTS !! 171 config CRYPTO_GF128MUL
178 bool "Enable extra run-time crypto sel !! 172 tristate "GF(2^128) multiplication functions"
179 depends on DEBUG_KERNEL && !CRYPTO_MAN <<
180 help 173 help
181 Enable extra run-time self tests of !! 174 Efficient table driven implementation of multiplications in the
182 including randomized fuzz tests. !! 175 field GF(2^128). This is needed by some cypher modes. This
183 !! 176 option will be selected automatically if you select such a
184 This is intended for developer use o !! 177 cipher mode. Only select this option by hand if you expect to load
185 longer to run than the normal self t !! 178 an external module that requires these functions.
186 179
187 config CRYPTO_NULL 180 config CRYPTO_NULL
188 tristate "Null algorithms" 181 tristate "Null algorithms"
189 select CRYPTO_NULL2 182 select CRYPTO_NULL2
190 help 183 help
191 These are 'Null' algorithms, used by 184 These are 'Null' algorithms, used by IPsec, which do nothing.
192 185
193 config CRYPTO_NULL2 186 config CRYPTO_NULL2
194 tristate 187 tristate
195 select CRYPTO_ALGAPI2 188 select CRYPTO_ALGAPI2
196 select CRYPTO_SKCIPHER2 !! 189 select CRYPTO_BLKCIPHER2
197 select CRYPTO_HASH2 190 select CRYPTO_HASH2
198 191
199 config CRYPTO_PCRYPT 192 config CRYPTO_PCRYPT
200 tristate "Parallel crypto engine" 193 tristate "Parallel crypto engine"
201 depends on SMP 194 depends on SMP
202 select PADATA 195 select PADATA
203 select CRYPTO_MANAGER 196 select CRYPTO_MANAGER
204 select CRYPTO_AEAD 197 select CRYPTO_AEAD
205 help 198 help
206 This converts an arbitrary crypto al 199 This converts an arbitrary crypto algorithm into a parallel
207 algorithm that executes in kernel th 200 algorithm that executes in kernel threads.
208 201
>> 202 config CRYPTO_WORKQUEUE
>> 203 tristate
>> 204
209 config CRYPTO_CRYPTD 205 config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon 206 tristate "Software async crypto daemon"
211 select CRYPTO_SKCIPHER !! 207 select CRYPTO_BLKCIPHER
212 select CRYPTO_HASH 208 select CRYPTO_HASH
213 select CRYPTO_MANAGER 209 select CRYPTO_MANAGER
>> 210 select CRYPTO_WORKQUEUE
214 help 211 help
215 This is a generic software asynchron 212 This is a generic software asynchronous crypto daemon that
216 converts an arbitrary synchronous so 213 converts an arbitrary synchronous software crypto algorithm
217 into an asynchronous algorithm that 214 into an asynchronous algorithm that executes in a kernel thread.
218 215
>> 216 config CRYPTO_MCRYPTD
>> 217 tristate "Software async multi-buffer crypto daemon"
>> 218 select CRYPTO_BLKCIPHER
>> 219 select CRYPTO_HASH
>> 220 select CRYPTO_MANAGER
>> 221 select CRYPTO_WORKQUEUE
>> 222 help
>> 223 This is a generic software asynchronous crypto daemon that
>> 224 provides the kernel thread to assist multi-buffer crypto
>> 225 algorithms for submitting jobs and flushing jobs in multi-buffer
>> 226 crypto algorithms. Multi-buffer crypto algorithms are executed
>> 227 in the context of this kernel thread and drivers can post
>> 228 their crypto request asynchronously to be processed by this daemon.
>> 229
219 config CRYPTO_AUTHENC 230 config CRYPTO_AUTHENC
220 tristate "Authenc support" 231 tristate "Authenc support"
221 select CRYPTO_AEAD 232 select CRYPTO_AEAD
222 select CRYPTO_SKCIPHER !! 233 select CRYPTO_BLKCIPHER
223 select CRYPTO_MANAGER 234 select CRYPTO_MANAGER
224 select CRYPTO_HASH 235 select CRYPTO_HASH
225 select CRYPTO_NULL 236 select CRYPTO_NULL
226 help 237 help
227 Authenc: Combined mode wrapper for I 238 Authenc: Combined mode wrapper for IPsec.
228 !! 239 This is required for IPSec.
229 This is required for IPSec ESP (XFRM <<
230 240
231 config CRYPTO_TEST 241 config CRYPTO_TEST
232 tristate "Testing module" 242 tristate "Testing module"
233 depends on m || EXPERT !! 243 depends on m
234 select CRYPTO_MANAGER 244 select CRYPTO_MANAGER
235 help 245 help
236 Quick & dirty crypto test module. 246 Quick & dirty crypto test module.
237 247
238 config CRYPTO_SIMD 248 config CRYPTO_SIMD
239 tristate 249 tristate
240 select CRYPTO_CRYPTD 250 select CRYPTO_CRYPTD
241 251
242 config CRYPTO_ENGINE !! 252 config CRYPTO_GLUE_HELPER_X86
243 tristate 253 tristate
>> 254 depends on X86
>> 255 select CRYPTO_BLKCIPHER
244 256
245 endmenu !! 257 config CRYPTO_ENGINE
>> 258 tristate
246 259
247 menu "Public-key cryptography" !! 260 comment "Authenticated Encryption with Associated Data"
248 261
249 config CRYPTO_RSA !! 262 config CRYPTO_CCM
250 tristate "RSA (Rivest-Shamir-Adleman)" !! 263 tristate "CCM support"
251 select CRYPTO_AKCIPHER !! 264 select CRYPTO_CTR
252 select CRYPTO_MANAGER !! 265 select CRYPTO_HASH
253 select MPILIB !! 266 select CRYPTO_AEAD
254 select ASN1 <<
255 help 267 help
256 RSA (Rivest-Shamir-Adleman) public k !! 268 Support for Counter with CBC MAC. Required for IPsec.
257 269
258 config CRYPTO_DH !! 270 config CRYPTO_GCM
259 tristate "DH (Diffie-Hellman)" !! 271 tristate "GCM/GMAC support"
260 select CRYPTO_KPP !! 272 select CRYPTO_CTR
261 select MPILIB !! 273 select CRYPTO_AEAD
>> 274 select CRYPTO_GHASH
>> 275 select CRYPTO_NULL
262 help 276 help
263 DH (Diffie-Hellman) key exchange alg !! 277 Support for Galois/Counter Mode (GCM) and Galois Message
>> 278 Authentication Code (GMAC). Required for IPSec.
264 279
265 config CRYPTO_DH_RFC7919_GROUPS !! 280 config CRYPTO_CHACHA20POLY1305
266 bool "RFC 7919 FFDHE groups" !! 281 tristate "ChaCha20-Poly1305 AEAD support"
267 depends on CRYPTO_DH !! 282 select CRYPTO_CHACHA20
268 select CRYPTO_RNG_DEFAULT !! 283 select CRYPTO_POLY1305
>> 284 select CRYPTO_AEAD
269 help 285 help
270 FFDHE (Finite-Field-based Diffie-Hel !! 286 ChaCha20-Poly1305 AEAD support, RFC7539.
271 defined in RFC7919. <<
272 287
273 Support these finite-field groups in !! 288 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
274 - ffdhe2048, ffdhe3072, ffdhe4096, f !! 289 with the Poly1305 authenticator. It is defined in RFC7539 for use in
>> 290 IETF protocols.
275 291
276 If unsure, say N. !! 292 config CRYPTO_SEQIV
>> 293 tristate "Sequence Number IV Generator"
>> 294 select CRYPTO_AEAD
>> 295 select CRYPTO_BLKCIPHER
>> 296 select CRYPTO_NULL
>> 297 select CRYPTO_RNG_DEFAULT
>> 298 help
>> 299 This IV generator generates an IV based on a sequence number by
>> 300 xoring it with a salt. This algorithm is mainly useful for CTR
277 301
278 config CRYPTO_ECC !! 302 config CRYPTO_ECHAINIV
279 tristate !! 303 tristate "Encrypted Chain IV Generator"
>> 304 select CRYPTO_AEAD
>> 305 select CRYPTO_NULL
280 select CRYPTO_RNG_DEFAULT 306 select CRYPTO_RNG_DEFAULT
>> 307 default m
>> 308 help
>> 309 This IV generator generates an IV based on the encryption of
>> 310 a sequence number xored with a salt. This is the default
>> 311 algorithm for CBC.
281 312
282 config CRYPTO_ECDH !! 313 comment "Block modes"
283 tristate "ECDH (Elliptic Curve Diffie- !! 314
284 select CRYPTO_ECC !! 315 config CRYPTO_CBC
285 select CRYPTO_KPP !! 316 tristate "CBC support"
>> 317 select CRYPTO_BLKCIPHER
>> 318 select CRYPTO_MANAGER
286 help 319 help
287 ECDH (Elliptic Curve Diffie-Hellman) !! 320 CBC: Cipher Block Chaining mode
288 using curves P-192, P-256, and P-384 !! 321 This block cipher algorithm is required for IPSec.
289 322
290 config CRYPTO_ECDSA !! 323 config CRYPTO_CFB
291 tristate "ECDSA (Elliptic Curve Digita !! 324 tristate "CFB support"
292 select CRYPTO_ECC !! 325 select CRYPTO_BLKCIPHER
293 select CRYPTO_AKCIPHER !! 326 select CRYPTO_MANAGER
294 select ASN1 <<
295 help 327 help
296 ECDSA (Elliptic Curve Digital Signat !! 328 CFB: Cipher FeedBack mode
297 ISO/IEC 14888-3) !! 329 This block cipher algorithm is required for TPM2 Cryptography.
298 using curves P-192, P-256, and P-384 !! 330
299 !! 331 config CRYPTO_CTR
300 Only signature verification is imple !! 332 tristate "CTR support"
301 !! 333 select CRYPTO_BLKCIPHER
302 config CRYPTO_ECRDSA !! 334 select CRYPTO_SEQIV
303 tristate "EC-RDSA (Elliptic Curve Russ !! 335 select CRYPTO_MANAGER
304 select CRYPTO_ECC <<
305 select CRYPTO_AKCIPHER <<
306 select CRYPTO_STREEBOG <<
307 select OID_REGISTRY <<
308 select ASN1 <<
309 help 336 help
310 Elliptic Curve Russian Digital Signa !! 337 CTR: Counter mode
311 RFC 7091, ISO/IEC 14888-3) !! 338 This block cipher algorithm is required for IPSec.
312 339
313 One of the Russian cryptographic sta !! 340 config CRYPTO_CTS
314 algorithms). Only signature verifica !! 341 tristate "CTS support"
>> 342 select CRYPTO_BLKCIPHER
>> 343 help
>> 344 CTS: Cipher Text Stealing
>> 345 This is the Cipher Text Stealing mode as described by
>> 346 Section 8 of rfc2040 and referenced by rfc3962.
>> 347 (rfc3962 includes errata information in its Appendix A)
>> 348 This mode is required for Kerberos gss mechanism support
>> 349 for AES encryption.
315 350
316 config CRYPTO_CURVE25519 !! 351 config CRYPTO_ECB
317 tristate "Curve25519" !! 352 tristate "ECB support"
318 select CRYPTO_KPP !! 353 select CRYPTO_BLKCIPHER
319 select CRYPTO_LIB_CURVE25519_GENERIC !! 354 select CRYPTO_MANAGER
320 help 355 help
321 Curve25519 elliptic curve (RFC7748) !! 356 ECB: Electronic CodeBook mode
>> 357 This is the simplest block cipher algorithm. It simply encrypts
>> 358 the input block by block.
322 359
323 endmenu !! 360 config CRYPTO_LRW
>> 361 tristate "LRW support"
>> 362 select CRYPTO_BLKCIPHER
>> 363 select CRYPTO_MANAGER
>> 364 select CRYPTO_GF128MUL
>> 365 help
>> 366 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
>> 367 narrow block cipher mode for dm-crypt. Use it with cipher
>> 368 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
>> 369 The first 128, 192 or 256 bits in the key are used for AES and the
>> 370 rest is used to tie each cipher block to its logical position.
324 371
325 menu "Block ciphers" !! 372 config CRYPTO_PCBC
>> 373 tristate "PCBC support"
>> 374 select CRYPTO_BLKCIPHER
>> 375 select CRYPTO_MANAGER
>> 376 help
>> 377 PCBC: Propagating Cipher Block Chaining mode
>> 378 This block cipher algorithm is required for RxRPC.
326 379
327 config CRYPTO_AES !! 380 config CRYPTO_XTS
328 tristate "AES (Advanced Encryption Sta !! 381 tristate "XTS support"
329 select CRYPTO_ALGAPI !! 382 select CRYPTO_BLKCIPHER
330 select CRYPTO_LIB_AES !! 383 select CRYPTO_MANAGER
>> 384 select CRYPTO_ECB
331 help 385 help
332 AES cipher algorithms (Rijndael)(FIP !! 386 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
>> 387 key size 256, 384 or 512 bits. This implementation currently
>> 388 can't handle a sectorsize which is not a multiple of 16 bytes.
333 389
334 Rijndael appears to be consistently !! 390 config CRYPTO_KEYWRAP
335 both hardware and software across a !! 391 tristate "Key wrapping support"
336 environments regardless of its use i !! 392 select CRYPTO_BLKCIPHER
337 modes. Its key setup time is excelle !! 393 help
338 good. Rijndael's very low memory req !! 394 Support for key wrapping (NIST SP800-38F / RFC3394) without
339 suited for restricted-space environm !! 395 padding.
340 demonstrates excellent performance. <<
341 among the easiest to defend against <<
342 396
343 The AES specifies three key sizes: 1 !! 397 comment "Hash modes"
344 398
345 config CRYPTO_AES_TI !! 399 config CRYPTO_CMAC
346 tristate "AES (Advanced Encryption Sta !! 400 tristate "CMAC support"
347 select CRYPTO_ALGAPI !! 401 select CRYPTO_HASH
348 select CRYPTO_LIB_AES !! 402 select CRYPTO_MANAGER
349 help 403 help
350 AES cipher algorithms (Rijndael)(FIP !! 404 Cipher-based Message Authentication Code (CMAC) specified by
>> 405 The National Institute of Standards and Technology (NIST).
351 406
352 This is a generic implementation of !! 407 https://tools.ietf.org/html/rfc4493
353 data dependent latencies as much as !! 408 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
354 performance too much. It is intended <<
355 and GCM drivers, and other CTR or CM <<
356 solely on encryption (although decry <<
357 with a more dramatic performance hit <<
358 409
359 Instead of using 16 lookup tables of !! 410 config CRYPTO_HMAC
360 8 for decryption), this implementati !! 411 tristate "HMAC support"
361 256 bytes each, and attempts to elim !! 412 select CRYPTO_HASH
362 prefetching the entire table into th !! 413 select CRYPTO_MANAGER
363 block. Interrupts are also disabled !! 414 help
364 are evicted when the CPU is interrup !! 415 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
>> 416 This is required for IPSec.
365 417
366 config CRYPTO_ANUBIS !! 418 config CRYPTO_XCBC
367 tristate "Anubis" !! 419 tristate "XCBC support"
368 depends on CRYPTO_USER_API_ENABLE_OBSO !! 420 select CRYPTO_HASH
369 select CRYPTO_ALGAPI !! 421 select CRYPTO_MANAGER
370 help 422 help
371 Anubis cipher algorithm !! 423 XCBC: Keyed-Hashing with encryption algorithm
>> 424 http://www.ietf.org/rfc/rfc3566.txt
>> 425 http://csrc.nist.gov/encryption/modes/proposedmodes/
>> 426 xcbc-mac/xcbc-mac-spec.pdf
372 427
373 Anubis is a variable key length ciph !! 428 config CRYPTO_VMAC
374 128 bits to 320 bits in length. It !! 429 tristate "VMAC support"
375 in the NESSIE competition. !! 430 select CRYPTO_HASH
>> 431 select CRYPTO_MANAGER
>> 432 help
>> 433 VMAC is a message authentication algorithm designed for
>> 434 very high speed on 64-bit architectures.
376 435
377 See https://web.archive.org/web/2016 !! 436 See also:
378 for further information. !! 437 <http://fastcrypto.org/vmac>
379 438
380 config CRYPTO_ARIA !! 439 comment "Digest"
381 tristate "ARIA" !! 440
382 select CRYPTO_ALGAPI !! 441 config CRYPTO_CRC32C
>> 442 tristate "CRC32c CRC algorithm"
>> 443 select CRYPTO_HASH
>> 444 select CRC32
>> 445 help
>> 446 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
>> 447 by iSCSI for header and data digests and by others.
>> 448 See Castagnoli93. Module will be crc32c.
>> 449
>> 450 config CRYPTO_CRC32C_INTEL
>> 451 tristate "CRC32c INTEL hardware acceleration"
>> 452 depends on X86
>> 453 select CRYPTO_HASH
>> 454 help
>> 455 In Intel processor with SSE4.2 supported, the processor will
>> 456 support CRC32C implementation using hardware accelerated CRC32
>> 457 instruction. This option will create 'crc32c-intel' module,
>> 458 which will enable any routine to use the CRC32 instruction to
>> 459 gain performance compared with software implementation.
>> 460 Module will be crc32c-intel.
>> 461
>> 462 config CRYPTO_CRC32C_VPMSUM
>> 463 tristate "CRC32c CRC algorithm (powerpc64)"
>> 464 depends on PPC64 && ALTIVEC
>> 465 select CRYPTO_HASH
>> 466 select CRC32
383 help 467 help
384 ARIA cipher algorithm (RFC5794) !! 468 CRC32c algorithm implemented using vector polynomial multiply-sum
>> 469 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
>> 470 and newer processors for improved performance.
385 471
386 ARIA is a standard encryption algori <<
387 The ARIA specifies three key sizes a <<
388 128-bit: 12 rounds. <<
389 192-bit: 14 rounds. <<
390 256-bit: 16 rounds. <<
391 472
392 See: !! 473 config CRYPTO_CRC32C_SPARC64
393 https://seed.kisa.or.kr/kisa/algorit !! 474 tristate "CRC32c CRC algorithm (SPARC64)"
>> 475 depends on SPARC64
>> 476 select CRYPTO_HASH
>> 477 select CRC32
>> 478 help
>> 479 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
>> 480 when available.
394 481
395 config CRYPTO_BLOWFISH !! 482 config CRYPTO_CRC32
396 tristate "Blowfish" !! 483 tristate "CRC32 CRC algorithm"
397 select CRYPTO_ALGAPI !! 484 select CRYPTO_HASH
398 select CRYPTO_BLOWFISH_COMMON !! 485 select CRC32
399 help 486 help
400 Blowfish cipher algorithm, by Bruce !! 487 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
>> 488 Shash crypto api wrappers to crc32_le function.
401 489
402 This is a variable key length cipher !! 490 config CRYPTO_CRC32_PCLMUL
403 bits to 448 bits in length. It's fa !! 491 tristate "CRC32 PCLMULQDQ hardware acceleration"
404 designed for use on "large microproc !! 492 depends on X86
>> 493 select CRYPTO_HASH
>> 494 select CRC32
>> 495 help
>> 496 From Intel Westmere and AMD Bulldozer processor with SSE4.2
>> 497 and PCLMULQDQ supported, the processor will support
>> 498 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
>> 499 instruction. This option will create 'crc32-plcmul' module,
>> 500 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
>> 501 and gain better performance as compared with the table implementation.
>> 502
>> 503 config CRYPTO_CRC32_MIPS
>> 504 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
>> 505 depends on MIPS_CRC_SUPPORT
>> 506 select CRYPTO_HASH
>> 507 help
>> 508 CRC32c and CRC32 CRC algorithms implemented using mips crypto
>> 509 instructions, when available.
405 510
406 See https://www.schneier.com/blowfis <<
407 511
408 config CRYPTO_BLOWFISH_COMMON !! 512 config CRYPTO_CRCT10DIF
409 tristate !! 513 tristate "CRCT10DIF algorithm"
>> 514 select CRYPTO_HASH
410 help 515 help
411 Common parts of the Blowfish cipher !! 516 CRC T10 Data Integrity Field computation is being cast as
412 generic c and the assembler implemen !! 517 a crypto transform. This allows for faster crc t10 diff
>> 518 transforms to be used if they are available.
413 519
414 config CRYPTO_CAMELLIA !! 520 config CRYPTO_CRCT10DIF_PCLMUL
415 tristate "Camellia" !! 521 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
416 select CRYPTO_ALGAPI !! 522 depends on X86 && 64BIT && CRC_T10DIF
>> 523 select CRYPTO_HASH
417 help 524 help
418 Camellia cipher algorithms (ISO/IEC !! 525 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
419 !! 526 CRC T10 DIF PCLMULQDQ computation can be hardware
420 Camellia is a symmetric key block ci !! 527 accelerated PCLMULQDQ instruction. This option will create
421 at NTT and Mitsubishi Electric Corpo !! 528 'crct10dif-plcmul' module, which is faster when computing the
>> 529 crct10dif checksum as compared with the generic table implementation.
422 530
423 The Camellia specifies three key siz !! 531 config CRYPTO_CRCT10DIF_VPMSUM
>> 532 tristate "CRC32T10DIF powerpc64 hardware acceleration"
>> 533 depends on PPC64 && ALTIVEC && CRC_T10DIF
>> 534 select CRYPTO_HASH
>> 535 help
>> 536 CRC10T10DIF algorithm implemented using vector polynomial
>> 537 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
>> 538 POWER8 and newer processors for improved performance.
424 539
425 See https://info.isl.ntt.co.jp/crypt !! 540 config CRYPTO_VPMSUM_TESTER
>> 541 tristate "Powerpc64 vpmsum hardware acceleration tester"
>> 542 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
>> 543 help
>> 544 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
>> 545 POWER8 vpmsum instructions.
>> 546 Unless you are testing these algorithms, you don't need this.
426 547
427 config CRYPTO_CAST_COMMON !! 548 config CRYPTO_GHASH
428 tristate !! 549 tristate "GHASH digest algorithm"
>> 550 select CRYPTO_GF128MUL
>> 551 select CRYPTO_HASH
429 help 552 help
430 Common parts of the CAST cipher algo !! 553 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
431 generic c and the assembler implemen <<
432 554
433 config CRYPTO_CAST5 !! 555 config CRYPTO_POLY1305
434 tristate "CAST5 (CAST-128)" !! 556 tristate "Poly1305 authenticator algorithm"
435 select CRYPTO_ALGAPI !! 557 select CRYPTO_HASH
436 select CRYPTO_CAST_COMMON <<
437 help 558 help
438 CAST5 (CAST-128) cipher algorithm (R !! 559 Poly1305 authenticator algorithm, RFC7539.
439 560
440 config CRYPTO_CAST6 !! 561 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
441 tristate "CAST6 (CAST-256)" !! 562 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
442 select CRYPTO_ALGAPI !! 563 in IETF protocols. This is the portable C implementation of Poly1305.
443 select CRYPTO_CAST_COMMON !! 564
>> 565 config CRYPTO_POLY1305_X86_64
>> 566 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
>> 567 depends on X86 && 64BIT
>> 568 select CRYPTO_POLY1305
444 help 569 help
445 CAST6 (CAST-256) encryption algorith !! 570 Poly1305 authenticator algorithm, RFC7539.
446 571
447 config CRYPTO_DES !! 572 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
448 tristate "DES and Triple DES EDE" !! 573 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
449 select CRYPTO_ALGAPI !! 574 in IETF protocols. This is the x86_64 assembler implementation using SIMD
450 select CRYPTO_LIB_DES !! 575 instructions.
>> 576
>> 577 config CRYPTO_MD4
>> 578 tristate "MD4 digest algorithm"
>> 579 select CRYPTO_HASH
451 help 580 help
452 DES (Data Encryption Standard)(FIPS !! 581 MD4 message digest algorithm (RFC1320).
453 Triple DES EDE (Encrypt/Decrypt/Encr <<
454 cipher algorithms <<
455 582
456 config CRYPTO_FCRYPT !! 583 config CRYPTO_MD5
457 tristate "FCrypt" !! 584 tristate "MD5 digest algorithm"
458 select CRYPTO_ALGAPI !! 585 select CRYPTO_HASH
459 select CRYPTO_SKCIPHER <<
460 help 586 help
461 FCrypt algorithm used by RxRPC !! 587 MD5 message digest algorithm (RFC1321).
462 588
463 See https://ota.polyonymo.us/fcrypt- !! 589 config CRYPTO_MD5_OCTEON
>> 590 tristate "MD5 digest algorithm (OCTEON)"
>> 591 depends on CPU_CAVIUM_OCTEON
>> 592 select CRYPTO_MD5
>> 593 select CRYPTO_HASH
>> 594 help
>> 595 MD5 message digest algorithm (RFC1321) implemented
>> 596 using OCTEON crypto instructions, when available.
464 597
465 config CRYPTO_KHAZAD !! 598 config CRYPTO_MD5_PPC
466 tristate "Khazad" !! 599 tristate "MD5 digest algorithm (PPC)"
467 depends on CRYPTO_USER_API_ENABLE_OBSO !! 600 depends on PPC
468 select CRYPTO_ALGAPI !! 601 select CRYPTO_HASH
469 help 602 help
470 Khazad cipher algorithm !! 603 MD5 message digest algorithm (RFC1321) implemented
>> 604 in PPC assembler.
471 605
472 Khazad was a finalist in the initial !! 606 config CRYPTO_MD5_SPARC64
473 an algorithm optimized for 64-bit pr !! 607 tristate "MD5 digest algorithm (SPARC64)"
474 on 32-bit processors. Khazad uses a !! 608 depends on SPARC64
>> 609 select CRYPTO_MD5
>> 610 select CRYPTO_HASH
>> 611 help
>> 612 MD5 message digest algorithm (RFC1321) implemented
>> 613 using sparc64 crypto instructions, when available.
475 614
476 See https://web.archive.org/web/2017 !! 615 config CRYPTO_MICHAEL_MIC
477 for further information. !! 616 tristate "Michael MIC keyed digest algorithm"
>> 617 select CRYPTO_HASH
>> 618 help
>> 619 Michael MIC is used for message integrity protection in TKIP
>> 620 (IEEE 802.11i). This algorithm is required for TKIP, but it
>> 621 should not be used for other purposes because of the weakness
>> 622 of the algorithm.
478 623
479 config CRYPTO_SEED !! 624 config CRYPTO_RMD128
480 tristate "SEED" !! 625 tristate "RIPEMD-128 digest algorithm"
481 depends on CRYPTO_USER_API_ENABLE_OBSO !! 626 select CRYPTO_HASH
482 select CRYPTO_ALGAPI <<
483 help 627 help
484 SEED cipher algorithm (RFC4269, ISO/ !! 628 RIPEMD-128 (ISO/IEC 10118-3:2004).
485 629
486 SEED is a 128-bit symmetric key bloc !! 630 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
487 developed by KISA (Korea Information !! 631 be used as a secure replacement for RIPEMD. For other use cases,
488 national standard encryption algorit !! 632 RIPEMD-160 should be used.
489 It is a 16 round block cipher with t <<
490 633
491 See https://seed.kisa.or.kr/kisa/alg !! 634 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
492 for further information. !! 635 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
493 636
494 config CRYPTO_SERPENT !! 637 config CRYPTO_RMD160
495 tristate "Serpent" !! 638 tristate "RIPEMD-160 digest algorithm"
496 select CRYPTO_ALGAPI !! 639 select CRYPTO_HASH
497 help 640 help
498 Serpent cipher algorithm, by Anderso !! 641 RIPEMD-160 (ISO/IEC 10118-3:2004).
499 642
500 Keys are allowed to be from 0 to 256 !! 643 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
501 of 8 bits. !! 644 to be used as a secure replacement for the 128-bit hash functions
>> 645 MD4, MD5 and it's predecessor RIPEMD
>> 646 (not to be confused with RIPEMD-128).
502 647
503 See https://www.cl.cam.ac.uk/~rja14/ !! 648 It's speed is comparable to SHA1 and there are no known attacks
>> 649 against RIPEMD-160.
504 650
505 config CRYPTO_SM4 !! 651 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
506 tristate !! 652 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
507 653
508 config CRYPTO_SM4_GENERIC !! 654 config CRYPTO_RMD256
509 tristate "SM4 (ShangMi 4)" !! 655 tristate "RIPEMD-256 digest algorithm"
510 select CRYPTO_ALGAPI !! 656 select CRYPTO_HASH
511 select CRYPTO_SM4 <<
512 help 657 help
513 SM4 cipher algorithms (OSCCA GB/T 32 !! 658 RIPEMD-256 is an optional extension of RIPEMD-128 with a
514 ISO/IEC 18033-3:2010/Amd 1:2021) !! 659 256 bit hash. It is intended for applications that require
515 !! 660 longer hash-results, without needing a larger security level
516 SM4 (GBT.32907-2016) is a cryptograp !! 661 (than RIPEMD-128).
517 Organization of State Commercial Adm <<
518 as an authorized cryptographic algor <<
519 662
520 SMS4 was originally created for use !! 663 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
521 networks, and is mandated in the Chi !! 664 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
522 Wireless LAN WAPI (Wired Authenticat <<
523 (GB.15629.11-2003). <<
524 665
525 The latest SM4 standard (GBT.32907-2 !! 666 config CRYPTO_RMD320
526 standardized through TC 260 of the S !! 667 tristate "RIPEMD-320 digest algorithm"
527 of the People's Republic of China (S !! 668 select CRYPTO_HASH
>> 669 help
>> 670 RIPEMD-320 is an optional extension of RIPEMD-160 with a
>> 671 320 bit hash. It is intended for applications that require
>> 672 longer hash-results, without needing a larger security level
>> 673 (than RIPEMD-160).
528 674
529 The input, output, and key of SMS4 a !! 675 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
>> 676 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
530 677
531 See https://eprint.iacr.org/2008/329 !! 678 config CRYPTO_SHA1
>> 679 tristate "SHA1 digest algorithm"
>> 680 select CRYPTO_HASH
>> 681 help
>> 682 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
532 683
533 If unsure, say N. !! 684 config CRYPTO_SHA1_SSSE3
>> 685 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
>> 686 depends on X86 && 64BIT
>> 687 select CRYPTO_SHA1
>> 688 select CRYPTO_HASH
>> 689 help
>> 690 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 691 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
>> 692 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
>> 693 when available.
534 694
535 config CRYPTO_TEA !! 695 config CRYPTO_SHA256_SSSE3
536 tristate "TEA, XTEA and XETA" !! 696 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
537 depends on CRYPTO_USER_API_ENABLE_OBSO !! 697 depends on X86 && 64BIT
538 select CRYPTO_ALGAPI !! 698 select CRYPTO_SHA256
>> 699 select CRYPTO_HASH
>> 700 help
>> 701 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 702 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 703 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 704 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
>> 705 Instructions) when available.
>> 706
>> 707 config CRYPTO_SHA512_SSSE3
>> 708 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
>> 709 depends on X86 && 64BIT
>> 710 select CRYPTO_SHA512
>> 711 select CRYPTO_HASH
539 help 712 help
540 TEA (Tiny Encryption Algorithm) ciph !! 713 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 714 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 715 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 716 version 2 (AVX2) instructions, when available.
>> 717
>> 718 config CRYPTO_SHA1_OCTEON
>> 719 tristate "SHA1 digest algorithm (OCTEON)"
>> 720 depends on CPU_CAVIUM_OCTEON
>> 721 select CRYPTO_SHA1
>> 722 select CRYPTO_HASH
>> 723 help
>> 724 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 725 using OCTEON crypto instructions, when available.
>> 726
>> 727 config CRYPTO_SHA1_SPARC64
>> 728 tristate "SHA1 digest algorithm (SPARC64)"
>> 729 depends on SPARC64
>> 730 select CRYPTO_SHA1
>> 731 select CRYPTO_HASH
>> 732 help
>> 733 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 734 using sparc64 crypto instructions, when available.
>> 735
>> 736 config CRYPTO_SHA1_PPC
>> 737 tristate "SHA1 digest algorithm (powerpc)"
>> 738 depends on PPC
>> 739 help
>> 740 This is the powerpc hardware accelerated implementation of the
>> 741 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
>> 742
>> 743 config CRYPTO_SHA1_PPC_SPE
>> 744 tristate "SHA1 digest algorithm (PPC SPE)"
>> 745 depends on PPC && SPE
>> 746 help
>> 747 SHA-1 secure hash standard (DFIPS 180-4) implemented
>> 748 using powerpc SPE SIMD instruction set.
>> 749
>> 750 config CRYPTO_SHA1_MB
>> 751 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
>> 752 depends on X86 && 64BIT
>> 753 select CRYPTO_SHA1
>> 754 select CRYPTO_HASH
>> 755 select CRYPTO_MCRYPTD
>> 756 help
>> 757 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 758 using multi-buffer technique. This algorithm computes on
>> 759 multiple data lanes concurrently with SIMD instructions for
>> 760 better throughput. It should not be enabled by default but
>> 761 used when there is significant amount of work to keep the keep
>> 762 the data lanes filled to get performance benefit. If the data
>> 763 lanes remain unfilled, a flush operation will be initiated to
>> 764 process the crypto jobs, adding a slight latency.
>> 765
>> 766 config CRYPTO_SHA256_MB
>> 767 tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)"
>> 768 depends on X86 && 64BIT
>> 769 select CRYPTO_SHA256
>> 770 select CRYPTO_HASH
>> 771 select CRYPTO_MCRYPTD
>> 772 help
>> 773 SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 774 using multi-buffer technique. This algorithm computes on
>> 775 multiple data lanes concurrently with SIMD instructions for
>> 776 better throughput. It should not be enabled by default but
>> 777 used when there is significant amount of work to keep the keep
>> 778 the data lanes filled to get performance benefit. If the data
>> 779 lanes remain unfilled, a flush operation will be initiated to
>> 780 process the crypto jobs, adding a slight latency.
>> 781
>> 782 config CRYPTO_SHA512_MB
>> 783 tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)"
>> 784 depends on X86 && 64BIT
>> 785 select CRYPTO_SHA512
>> 786 select CRYPTO_HASH
>> 787 select CRYPTO_MCRYPTD
>> 788 help
>> 789 SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 790 using multi-buffer technique. This algorithm computes on
>> 791 multiple data lanes concurrently with SIMD instructions for
>> 792 better throughput. It should not be enabled by default but
>> 793 used when there is significant amount of work to keep the keep
>> 794 the data lanes filled to get performance benefit. If the data
>> 795 lanes remain unfilled, a flush operation will be initiated to
>> 796 process the crypto jobs, adding a slight latency.
541 797
542 Tiny Encryption Algorithm is a simpl !! 798 config CRYPTO_SHA256
543 many rounds for security. It is ver !! 799 tristate "SHA224 and SHA256 digest algorithm"
544 little memory. !! 800 select CRYPTO_HASH
>> 801 help
>> 802 SHA256 secure hash standard (DFIPS 180-2).
545 803
546 Xtendend Tiny Encryption Algorithm i !! 804 This version of SHA implements a 256 bit hash with 128 bits of
547 the TEA algorithm to address a poten !! 805 security against collision attacks.
548 in the TEA algorithm. <<
549 806
550 Xtendend Encryption Tiny Algorithm i !! 807 This code also includes SHA-224, a 224 bit hash with 112 bits
551 of the XTEA algorithm for compatibil !! 808 of security against collision attacks.
552 809
553 config CRYPTO_TWOFISH !! 810 config CRYPTO_SHA256_PPC_SPE
554 tristate "Twofish" !! 811 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
555 select CRYPTO_ALGAPI !! 812 depends on PPC && SPE
556 select CRYPTO_TWOFISH_COMMON !! 813 select CRYPTO_SHA256
>> 814 select CRYPTO_HASH
557 help 815 help
558 Twofish cipher algorithm !! 816 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
>> 817 implemented using powerpc SPE SIMD instruction set.
559 818
560 Twofish was submitted as an AES (Adv !! 819 config CRYPTO_SHA256_OCTEON
561 candidate cipher by researchers at C !! 820 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
562 16 round block cipher supporting key !! 821 depends on CPU_CAVIUM_OCTEON
563 bits. !! 822 select CRYPTO_SHA256
>> 823 select CRYPTO_HASH
>> 824 help
>> 825 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 826 using OCTEON crypto instructions, when available.
564 827
565 See https://www.schneier.com/twofish !! 828 config CRYPTO_SHA256_SPARC64
>> 829 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
>> 830 depends on SPARC64
>> 831 select CRYPTO_SHA256
>> 832 select CRYPTO_HASH
>> 833 help
>> 834 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 835 using sparc64 crypto instructions, when available.
566 836
567 config CRYPTO_TWOFISH_COMMON !! 837 config CRYPTO_SHA512
568 tristate !! 838 tristate "SHA384 and SHA512 digest algorithms"
>> 839 select CRYPTO_HASH
569 help 840 help
570 Common parts of the Twofish cipher a !! 841 SHA512 secure hash standard (DFIPS 180-2).
571 generic c and the assembler implemen <<
572 842
573 endmenu !! 843 This version of SHA implements a 512 bit hash with 256 bits of
>> 844 security against collision attacks.
574 845
575 menu "Length-preserving ciphers and modes" !! 846 This code also includes SHA-384, a 384 bit hash with 192 bits
>> 847 of security against collision attacks.
576 848
577 config CRYPTO_ADIANTUM !! 849 config CRYPTO_SHA512_OCTEON
578 tristate "Adiantum" !! 850 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
579 select CRYPTO_CHACHA20 !! 851 depends on CPU_CAVIUM_OCTEON
580 select CRYPTO_LIB_POLY1305_GENERIC !! 852 select CRYPTO_SHA512
581 select CRYPTO_NHPOLY1305 !! 853 select CRYPTO_HASH
582 select CRYPTO_MANAGER <<
583 help 854 help
584 Adiantum tweakable, length-preservin !! 855 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 856 using OCTEON crypto instructions, when available.
585 857
586 Designed for fast and secure disk en !! 858 config CRYPTO_SHA512_SPARC64
587 CPUs without dedicated crypto instru !! 859 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
588 each sector using the XChaCha12 stre !! 860 depends on SPARC64
589 an ε-almost-∆-universal hash func !! 861 select CRYPTO_SHA512
590 the AES-256 block cipher on a single !! 862 select CRYPTO_HASH
591 without AES instructions, Adiantum i !! 863 help
592 AES-XTS. !! 864 SHA-512 secure hash standard (DFIPS 180-2) implemented
593 !! 865 using sparc64 crypto instructions, when available.
594 Adiantum's security is provably redu <<
595 underlying stream and block ciphers, <<
596 bound. Unlike XTS, Adiantum is a tr <<
597 mode, so it actually provides an eve <<
598 security than XTS, subject to the se <<
599 866
600 If unsure, say N. !! 867 config CRYPTO_SHA3
>> 868 tristate "SHA3 digest algorithm"
>> 869 select CRYPTO_HASH
>> 870 help
>> 871 SHA-3 secure hash standard (DFIPS 202). It's based on
>> 872 cryptographic sponge function family called Keccak.
601 873
602 config CRYPTO_ARC4 !! 874 References:
603 tristate "ARC4 (Alleged Rivest Cipher !! 875 http://keccak.noekeon.org/
604 depends on CRYPTO_USER_API_ENABLE_OBSO !! 876
605 select CRYPTO_SKCIPHER !! 877 config CRYPTO_SM3
606 select CRYPTO_LIB_ARC4 !! 878 tristate "SM3 digest algorithm"
>> 879 select CRYPTO_HASH
607 help 880 help
608 ARC4 cipher algorithm !! 881 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
>> 882 It is part of the Chinese Commercial Cryptography suite.
609 883
610 ARC4 is a stream cipher using keys r !! 884 References:
611 bits in length. This algorithm is r !! 885 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
612 WEP, but it should not be for other !! 886 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
613 weakness of the algorithm. <<
614 887
615 config CRYPTO_CHACHA20 !! 888 config CRYPTO_TGR192
616 tristate "ChaCha" !! 889 tristate "Tiger digest algorithms"
617 select CRYPTO_LIB_CHACHA_GENERIC !! 890 select CRYPTO_HASH
618 select CRYPTO_SKCIPHER <<
619 help 891 help
620 The ChaCha20, XChaCha20, and XChaCha !! 892 Tiger hash algorithm 192, 160 and 128-bit hashes
621 893
622 ChaCha20 is a 256-bit high-speed str !! 894 Tiger is a hash function optimized for 64-bit processors while
623 Bernstein and further specified in R !! 895 still having decent performance on 32-bit processors.
624 This is the portable C implementatio !! 896 Tiger was developed by Ross Anderson and Eli Biham.
625 https://cr.yp.to/chacha/chacha-20080 <<
626 897
627 XChaCha20 is the application of the !! 898 See also:
628 rather than to Salsa20. XChaCha20 e !! 899 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
629 from 64 bits (or 96 bits using the R <<
630 while provably retaining ChaCha20's <<
631 https://cr.yp.to/snuffle/xsalsa-2008 <<
632 <<
633 XChaCha12 is XChaCha20 reduced to 12 <<
634 reduced security margin but increase <<
635 in some performance-sensitive scenar <<
636 900
637 config CRYPTO_CBC !! 901 config CRYPTO_WP512
638 tristate "CBC (Cipher Block Chaining)" !! 902 tristate "Whirlpool digest algorithms"
639 select CRYPTO_SKCIPHER !! 903 select CRYPTO_HASH
640 select CRYPTO_MANAGER <<
641 help 904 help
642 CBC (Cipher Block Chaining) mode (NI !! 905 Whirlpool hash algorithm 512, 384 and 256-bit hashes
643 906
644 This block cipher mode is required f !! 907 Whirlpool-512 is part of the NESSIE cryptographic primitives.
>> 908 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
645 909
646 config CRYPTO_CTR !! 910 See also:
647 tristate "CTR (Counter)" !! 911 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
648 select CRYPTO_SKCIPHER <<
649 select CRYPTO_MANAGER <<
650 help <<
651 CTR (Counter) mode (NIST SP800-38A) <<
652 912
653 config CRYPTO_CTS !! 913 config CRYPTO_GHASH_CLMUL_NI_INTEL
654 tristate "CTS (Cipher Text Stealing)" !! 914 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
655 select CRYPTO_SKCIPHER !! 915 depends on X86 && 64BIT
656 select CRYPTO_MANAGER !! 916 select CRYPTO_CRYPTD
657 help 917 help
658 CBC-CS3 variant of CTS (Cipher Text !! 918 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
659 Addendum to SP800-38A (October 2010) !! 919 The implementation is accelerated by CLMUL-NI of Intel.
660 920
661 This mode is required for Kerberos g !! 921 comment "Ciphers"
662 for AES encryption. <<
663 922
664 config CRYPTO_ECB !! 923 config CRYPTO_AES
665 tristate "ECB (Electronic Codebook)" !! 924 tristate "AES cipher algorithms"
666 select CRYPTO_SKCIPHER2 !! 925 select CRYPTO_ALGAPI
667 select CRYPTO_MANAGER <<
668 help 926 help
669 ECB (Electronic Codebook) mode (NIST !! 927 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 928 algorithm.
670 929
671 config CRYPTO_HCTR2 !! 930 Rijndael appears to be consistently a very good performer in
672 tristate "HCTR2" !! 931 both hardware and software across a wide range of computing
673 select CRYPTO_XCTR !! 932 environments regardless of its use in feedback or non-feedback
674 select CRYPTO_POLYVAL !! 933 modes. Its key setup time is excellent, and its key agility is
675 select CRYPTO_MANAGER !! 934 good. Rijndael's very low memory requirements make it very well
676 help !! 935 suited for restricted-space environments, in which it also
677 HCTR2 length-preserving encryption m !! 936 demonstrates excellent performance. Rijndael's operations are
>> 937 among the easiest to defend against power and timing attacks.
678 938
679 A mode for storage encryption that i !! 939 The AES specifies three key sizes: 128, 192 and 256 bits
680 instructions to accelerate AES and c <<
681 x86 processors with AES-NI and CLMUL <<
682 ARMv8 crypto extensions. <<
683 940
684 See https://eprint.iacr.org/2021/144 !! 941 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
685 942
686 config CRYPTO_KEYWRAP !! 943 config CRYPTO_AES_TI
687 tristate "KW (AES Key Wrap)" !! 944 tristate "Fixed time AES cipher"
688 select CRYPTO_SKCIPHER !! 945 select CRYPTO_ALGAPI
689 select CRYPTO_MANAGER <<
690 help 946 help
691 KW (AES Key Wrap) authenticated encr !! 947 This is a generic implementation of AES that attempts to eliminate
692 and RFC3394) without padding. !! 948 data dependent latencies as much as possible without affecting
>> 949 performance too much. It is intended for use by the generic CCM
>> 950 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
>> 951 solely on encryption (although decryption is supported as well, but
>> 952 with a more dramatic performance hit)
693 953
694 config CRYPTO_LRW !! 954 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
695 tristate "LRW (Liskov Rivest Wagner)" !! 955 8 for decryption), this implementation only uses just two S-boxes of
696 select CRYPTO_LIB_GF128MUL !! 956 256 bytes each, and attempts to eliminate data dependent latencies by
697 select CRYPTO_SKCIPHER !! 957 prefetching the entire table into the cache at the start of each
698 select CRYPTO_MANAGER !! 958 block.
699 select CRYPTO_ECB !! 959
>> 960 config CRYPTO_AES_586
>> 961 tristate "AES cipher algorithms (i586)"
>> 962 depends on (X86 || UML_X86) && !64BIT
>> 963 select CRYPTO_ALGAPI
>> 964 select CRYPTO_AES
700 help 965 help
701 LRW (Liskov Rivest Wagner) mode !! 966 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 967 algorithm.
702 968
703 A tweakable, non malleable, non mova !! 969 Rijndael appears to be consistently a very good performer in
704 narrow block cipher mode for dm-cryp !! 970 both hardware and software across a wide range of computing
705 specification string aes-lrw-benbi, !! 971 environments regardless of its use in feedback or non-feedback
706 The first 128, 192 or 256 bits in th !! 972 modes. Its key setup time is excellent, and its key agility is
707 rest is used to tie each cipher bloc !! 973 good. Rijndael's very low memory requirements make it very well
>> 974 suited for restricted-space environments, in which it also
>> 975 demonstrates excellent performance. Rijndael's operations are
>> 976 among the easiest to defend against power and timing attacks.
708 977
709 See https://people.csail.mit.edu/riv !! 978 The AES specifies three key sizes: 128, 192 and 256 bits
710 979
711 config CRYPTO_PCBC !! 980 See <http://csrc.nist.gov/encryption/aes/> for more information.
712 tristate "PCBC (Propagating Cipher Blo !! 981
713 select CRYPTO_SKCIPHER !! 982 config CRYPTO_AES_X86_64
714 select CRYPTO_MANAGER !! 983 tristate "AES cipher algorithms (x86_64)"
>> 984 depends on (X86 || UML_X86) && 64BIT
>> 985 select CRYPTO_ALGAPI
>> 986 select CRYPTO_AES
715 help 987 help
716 PCBC (Propagating Cipher Block Chain !! 988 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 989 algorithm.
717 990
718 This block cipher mode is required f !! 991 Rijndael appears to be consistently a very good performer in
>> 992 both hardware and software across a wide range of computing
>> 993 environments regardless of its use in feedback or non-feedback
>> 994 modes. Its key setup time is excellent, and its key agility is
>> 995 good. Rijndael's very low memory requirements make it very well
>> 996 suited for restricted-space environments, in which it also
>> 997 demonstrates excellent performance. Rijndael's operations are
>> 998 among the easiest to defend against power and timing attacks.
719 999
720 config CRYPTO_XCTR !! 1000 The AES specifies three key sizes: 128, 192 and 256 bits
721 tristate !! 1001
722 select CRYPTO_SKCIPHER !! 1002 See <http://csrc.nist.gov/encryption/aes/> for more information.
723 select CRYPTO_MANAGER !! 1003
>> 1004 config CRYPTO_AES_NI_INTEL
>> 1005 tristate "AES cipher algorithms (AES-NI)"
>> 1006 depends on X86
>> 1007 select CRYPTO_AEAD
>> 1008 select CRYPTO_AES_X86_64 if 64BIT
>> 1009 select CRYPTO_AES_586 if !64BIT
>> 1010 select CRYPTO_ALGAPI
>> 1011 select CRYPTO_BLKCIPHER
>> 1012 select CRYPTO_GLUE_HELPER_X86 if 64BIT
>> 1013 select CRYPTO_SIMD
724 help 1014 help
725 XCTR (XOR Counter) mode for HCTR2 !! 1015 Use Intel AES-NI instructions for AES algorithm.
>> 1016
>> 1017 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1018 algorithm.
>> 1019
>> 1020 Rijndael appears to be consistently a very good performer in
>> 1021 both hardware and software across a wide range of computing
>> 1022 environments regardless of its use in feedback or non-feedback
>> 1023 modes. Its key setup time is excellent, and its key agility is
>> 1024 good. Rijndael's very low memory requirements make it very well
>> 1025 suited for restricted-space environments, in which it also
>> 1026 demonstrates excellent performance. Rijndael's operations are
>> 1027 among the easiest to defend against power and timing attacks.
726 1028
727 This blockcipher mode is a variant o !! 1029 The AES specifies three key sizes: 128, 192 and 256 bits
728 addition rather than big-endian arit <<
729 1030
730 XCTR mode is used to implement HCTR2 !! 1031 See <http://csrc.nist.gov/encryption/aes/> for more information.
731 1032
732 config CRYPTO_XTS !! 1033 In addition to AES cipher algorithm support, the acceleration
733 tristate "XTS (XOR Encrypt XOR with ci !! 1034 for some popular block cipher mode is supported too, including
734 select CRYPTO_SKCIPHER !! 1035 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
735 select CRYPTO_MANAGER !! 1036 acceleration for CTR.
736 select CRYPTO_ECB !! 1037
>> 1038 config CRYPTO_AES_SPARC64
>> 1039 tristate "AES cipher algorithms (SPARC64)"
>> 1040 depends on SPARC64
>> 1041 select CRYPTO_CRYPTD
>> 1042 select CRYPTO_ALGAPI
737 help 1043 help
738 XTS (XOR Encrypt XOR with ciphertext !! 1044 Use SPARC64 crypto opcodes for AES algorithm.
739 and IEEE 1619) <<
740 1045
741 Use with aes-xts-plain, key size 256 !! 1046 AES cipher algorithms (FIPS-197). AES uses the Rijndael
742 implementation currently can't handl !! 1047 algorithm.
743 multiple of 16 bytes. <<
744 1048
745 config CRYPTO_NHPOLY1305 !! 1049 Rijndael appears to be consistently a very good performer in
746 tristate !! 1050 both hardware and software across a wide range of computing
747 select CRYPTO_HASH !! 1051 environments regardless of its use in feedback or non-feedback
748 select CRYPTO_LIB_POLY1305_GENERIC !! 1052 modes. Its key setup time is excellent, and its key agility is
>> 1053 good. Rijndael's very low memory requirements make it very well
>> 1054 suited for restricted-space environments, in which it also
>> 1055 demonstrates excellent performance. Rijndael's operations are
>> 1056 among the easiest to defend against power and timing attacks.
749 1057
750 endmenu !! 1058 The AES specifies three key sizes: 128, 192 and 256 bits
751 1059
752 menu "AEAD (authenticated encryption with asso !! 1060 See <http://csrc.nist.gov/encryption/aes/> for more information.
753 1061
754 config CRYPTO_AEGIS128 !! 1062 In addition to AES cipher algorithm support, the acceleration
755 tristate "AEGIS-128" !! 1063 for some popular block cipher mode is supported too, including
756 select CRYPTO_AEAD !! 1064 ECB and CBC.
757 select CRYPTO_AES # for AES S-box tab !! 1065
>> 1066 config CRYPTO_AES_PPC_SPE
>> 1067 tristate "AES cipher algorithms (PPC SPE)"
>> 1068 depends on PPC && SPE
>> 1069 help
>> 1070 AES cipher algorithms (FIPS-197). Additionally the acceleration
>> 1071 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
>> 1072 This module should only be used for low power (router) devices
>> 1073 without hardware AES acceleration (e.g. caam crypto). It reduces the
>> 1074 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
>> 1075 timining attacks. Nevertheless it might be not as secure as other
>> 1076 architecture specific assembler implementations that work on 1KB
>> 1077 tables or 256 bytes S-boxes.
>> 1078
>> 1079 config CRYPTO_ANUBIS
>> 1080 tristate "Anubis cipher algorithm"
>> 1081 select CRYPTO_ALGAPI
758 help 1082 help
759 AEGIS-128 AEAD algorithm !! 1083 Anubis cipher algorithm.
760 1084
761 config CRYPTO_AEGIS128_SIMD !! 1085 Anubis is a variable key length cipher which can use keys from
762 bool "AEGIS-128 (arm NEON, arm64 NEON) !! 1086 128 bits to 320 bits in length. It was evaluated as a entrant
763 depends on CRYPTO_AEGIS128 && ((ARM || !! 1087 in the NESSIE competition.
764 default y !! 1088
>> 1089 See also:
>> 1090 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
>> 1091 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
>> 1092
>> 1093 config CRYPTO_ARC4
>> 1094 tristate "ARC4 cipher algorithm"
>> 1095 select CRYPTO_BLKCIPHER
765 help 1096 help
766 AEGIS-128 AEAD algorithm !! 1097 ARC4 cipher algorithm.
767 1098
768 Architecture: arm or arm64 using: !! 1099 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
769 - NEON (Advanced SIMD) extension !! 1100 bits in length. This algorithm is required for driver-based
>> 1101 WEP, but it should not be for other purposes because of the
>> 1102 weakness of the algorithm.
770 1103
771 config CRYPTO_CHACHA20POLY1305 !! 1104 config CRYPTO_BLOWFISH
772 tristate "ChaCha20-Poly1305" !! 1105 tristate "Blowfish cipher algorithm"
773 select CRYPTO_CHACHA20 !! 1106 select CRYPTO_ALGAPI
774 select CRYPTO_POLY1305 !! 1107 select CRYPTO_BLOWFISH_COMMON
775 select CRYPTO_AEAD <<
776 select CRYPTO_MANAGER <<
777 help 1108 help
778 ChaCha20 stream cipher and Poly1305 !! 1109 Blowfish cipher algorithm, by Bruce Schneier.
779 mode (RFC8439) <<
780 1110
781 config CRYPTO_CCM !! 1111 This is a variable key length cipher which can use keys from 32
782 tristate "CCM (Counter with Cipher Blo !! 1112 bits to 448 bits in length. It's fast, simple and specifically
783 select CRYPTO_CTR !! 1113 designed for use on "large microprocessors".
784 select CRYPTO_HASH !! 1114
785 select CRYPTO_AEAD !! 1115 See also:
786 select CRYPTO_MANAGER !! 1116 <http://www.schneier.com/blowfish.html>
>> 1117
>> 1118 config CRYPTO_BLOWFISH_COMMON
>> 1119 tristate
787 help 1120 help
788 CCM (Counter with Cipher Block Chain !! 1121 Common parts of the Blowfish cipher algorithm shared by the
789 authenticated encryption mode (NIST !! 1122 generic c and the assembler implementations.
790 1123
791 config CRYPTO_GCM !! 1124 See also:
792 tristate "GCM (Galois/Counter Mode) an !! 1125 <http://www.schneier.com/blowfish.html>
793 select CRYPTO_CTR !! 1126
794 select CRYPTO_AEAD !! 1127 config CRYPTO_BLOWFISH_X86_64
795 select CRYPTO_GHASH !! 1128 tristate "Blowfish cipher algorithm (x86_64)"
796 select CRYPTO_NULL !! 1129 depends on X86 && 64BIT
797 select CRYPTO_MANAGER !! 1130 select CRYPTO_BLKCIPHER
>> 1131 select CRYPTO_BLOWFISH_COMMON
798 help 1132 help
799 GCM (Galois/Counter Mode) authentica !! 1133 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
800 (GCM Message Authentication Code) (N <<
801 1134
802 This is required for IPSec ESP (XFRM !! 1135 This is a variable key length cipher which can use keys from 32
>> 1136 bits to 448 bits in length. It's fast, simple and specifically
>> 1137 designed for use on "large microprocessors".
803 1138
804 config CRYPTO_GENIV !! 1139 See also:
805 tristate !! 1140 <http://www.schneier.com/blowfish.html>
806 select CRYPTO_AEAD <<
807 select CRYPTO_NULL <<
808 select CRYPTO_MANAGER <<
809 select CRYPTO_RNG_DEFAULT <<
810 1141
811 config CRYPTO_SEQIV !! 1142 config CRYPTO_CAMELLIA
812 tristate "Sequence Number IV Generator !! 1143 tristate "Camellia cipher algorithms"
813 select CRYPTO_GENIV !! 1144 depends on CRYPTO
>> 1145 select CRYPTO_ALGAPI
814 help 1146 help
815 Sequence Number IV generator !! 1147 Camellia cipher algorithms module.
816 1148
817 This IV generator generates an IV ba !! 1149 Camellia is a symmetric key block cipher developed jointly
818 xoring it with a salt. This algorit !! 1150 at NTT and Mitsubishi Electric Corporation.
819 1151
820 This is required for IPsec ESP (XFRM !! 1152 The Camellia specifies three key sizes: 128, 192 and 256 bits.
821 1153
822 config CRYPTO_ECHAINIV !! 1154 See also:
823 tristate "Encrypted Chain IV Generator !! 1155 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
824 select CRYPTO_GENIV !! 1156
>> 1157 config CRYPTO_CAMELLIA_X86_64
>> 1158 tristate "Camellia cipher algorithm (x86_64)"
>> 1159 depends on X86 && 64BIT
>> 1160 depends on CRYPTO
>> 1161 select CRYPTO_BLKCIPHER
>> 1162 select CRYPTO_GLUE_HELPER_X86
825 help 1163 help
826 Encrypted Chain IV generator !! 1164 Camellia cipher algorithm module (x86_64).
827 1165
828 This IV generator generates an IV ba !! 1166 Camellia is a symmetric key block cipher developed jointly
829 a sequence number xored with a salt. !! 1167 at NTT and Mitsubishi Electric Corporation.
830 algorithm for CBC. !! 1168
>> 1169 The Camellia specifies three key sizes: 128, 192 and 256 bits.
831 1170
832 config CRYPTO_ESSIV !! 1171 See also:
833 tristate "Encrypted Salt-Sector IV Gen !! 1172 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
834 select CRYPTO_AUTHENC !! 1173
>> 1174 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1175 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
>> 1176 depends on X86 && 64BIT
>> 1177 depends on CRYPTO
>> 1178 select CRYPTO_BLKCIPHER
>> 1179 select CRYPTO_CAMELLIA_X86_64
>> 1180 select CRYPTO_GLUE_HELPER_X86
>> 1181 select CRYPTO_SIMD
>> 1182 select CRYPTO_XTS
835 help 1183 help
836 Encrypted Salt-Sector IV generator !! 1184 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
837 1185
838 This IV generator is used in some ca !! 1186 Camellia is a symmetric key block cipher developed jointly
839 dm-crypt. It uses the hash of the bl !! 1187 at NTT and Mitsubishi Electric Corporation.
840 symmetric key for a block encryption <<
841 IV, making low entropy IV sources mo <<
842 encryption. <<
843 1188
844 This driver implements a crypto API !! 1189 The Camellia specifies three key sizes: 128, 192 and 256 bits.
845 instantiated either as an skcipher o <<
846 type of the first template argument) <<
847 and decryption requests to the encap <<
848 ESSIV to the input IV. Note that in <<
849 that the keys are presented in the s <<
850 template, and that the IV appears at <<
851 associated data (AAD) region (which <<
852 1190
853 Note that the use of ESSIV is not re !! 1191 See also:
854 and so this only needs to be enabled !! 1192 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
855 existing encrypted volumes of filesy <<
856 building for a particular system tha <<
857 the SoC in question has accelerated <<
858 combined with ESSIV the only feasibl <<
859 block encryption) <<
860 1193
861 endmenu !! 1194 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
>> 1195 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
>> 1196 depends on X86 && 64BIT
>> 1197 depends on CRYPTO
>> 1198 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1199 help
>> 1200 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
862 1201
863 menu "Hashes, digests, and MACs" !! 1202 Camellia is a symmetric key block cipher developed jointly
>> 1203 at NTT and Mitsubishi Electric Corporation.
864 1204
865 config CRYPTO_BLAKE2B !! 1205 The Camellia specifies three key sizes: 128, 192 and 256 bits.
866 tristate "BLAKE2b" !! 1206
867 select CRYPTO_HASH !! 1207 See also:
>> 1208 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1209
>> 1210 config CRYPTO_CAMELLIA_SPARC64
>> 1211 tristate "Camellia cipher algorithm (SPARC64)"
>> 1212 depends on SPARC64
>> 1213 depends on CRYPTO
>> 1214 select CRYPTO_ALGAPI
868 help 1215 help
869 BLAKE2b cryptographic hash function !! 1216 Camellia cipher algorithm module (SPARC64).
870 1217
871 BLAKE2b is optimized for 64-bit plat !! 1218 Camellia is a symmetric key block cipher developed jointly
872 of any size between 1 and 64 bytes. !! 1219 at NTT and Mitsubishi Electric Corporation.
873 1220
874 This module provides the following a !! 1221 The Camellia specifies three key sizes: 128, 192 and 256 bits.
875 - blake2b-160 <<
876 - blake2b-256 <<
877 - blake2b-384 <<
878 - blake2b-512 <<
879 1222
880 Used by the btrfs filesystem. !! 1223 See also:
>> 1224 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
881 1225
882 See https://blake2.net for further i !! 1226 config CRYPTO_CAST_COMMON
>> 1227 tristate
>> 1228 help
>> 1229 Common parts of the CAST cipher algorithms shared by the
>> 1230 generic c and the assembler implementations.
883 1231
884 config CRYPTO_CMAC !! 1232 config CRYPTO_CAST5
885 tristate "CMAC (Cipher-based MAC)" !! 1233 tristate "CAST5 (CAST-128) cipher algorithm"
886 select CRYPTO_HASH !! 1234 select CRYPTO_ALGAPI
887 select CRYPTO_MANAGER !! 1235 select CRYPTO_CAST_COMMON
888 help 1236 help
889 CMAC (Cipher-based Message Authentic !! 1237 The CAST5 encryption algorithm (synonymous with CAST-128) is
890 mode (NIST SP800-38B and IETF RFC449 !! 1238 described in RFC2144.
891 1239
892 config CRYPTO_GHASH !! 1240 config CRYPTO_CAST5_AVX_X86_64
893 tristate "GHASH" !! 1241 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
894 select CRYPTO_HASH !! 1242 depends on X86 && 64BIT
895 select CRYPTO_LIB_GF128MUL !! 1243 select CRYPTO_BLKCIPHER
>> 1244 select CRYPTO_CAST5
>> 1245 select CRYPTO_CAST_COMMON
>> 1246 select CRYPTO_SIMD
896 help 1247 help
897 GCM GHASH function (NIST SP800-38D) !! 1248 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1249 described in RFC2144.
898 1250
899 config CRYPTO_HMAC !! 1251 This module provides the Cast5 cipher algorithm that processes
900 tristate "HMAC (Keyed-Hash MAC)" !! 1252 sixteen blocks parallel using the AVX instruction set.
901 select CRYPTO_HASH !! 1253
902 select CRYPTO_MANAGER !! 1254 config CRYPTO_CAST6
>> 1255 tristate "CAST6 (CAST-256) cipher algorithm"
>> 1256 select CRYPTO_ALGAPI
>> 1257 select CRYPTO_CAST_COMMON
903 help 1258 help
904 HMAC (Keyed-Hash Message Authenticat !! 1259 The CAST6 encryption algorithm (synonymous with CAST-256) is
905 RFC2104) !! 1260 described in RFC2612.
906 1261
907 This is required for IPsec AH (XFRM_ !! 1262 config CRYPTO_CAST6_AVX_X86_64
>> 1263 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
>> 1264 depends on X86 && 64BIT
>> 1265 select CRYPTO_BLKCIPHER
>> 1266 select CRYPTO_CAST6
>> 1267 select CRYPTO_CAST_COMMON
>> 1268 select CRYPTO_GLUE_HELPER_X86
>> 1269 select CRYPTO_SIMD
>> 1270 select CRYPTO_XTS
>> 1271 help
>> 1272 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1273 described in RFC2612.
908 1274
909 config CRYPTO_MD4 !! 1275 This module provides the Cast6 cipher algorithm that processes
910 tristate "MD4" !! 1276 eight blocks parallel using the AVX instruction set.
911 select CRYPTO_HASH !! 1277
>> 1278 config CRYPTO_DES
>> 1279 tristate "DES and Triple DES EDE cipher algorithms"
>> 1280 select CRYPTO_ALGAPI
912 help 1281 help
913 MD4 message digest algorithm (RFC132 !! 1282 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
914 1283
915 config CRYPTO_MD5 !! 1284 config CRYPTO_DES_SPARC64
916 tristate "MD5" !! 1285 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
917 select CRYPTO_HASH !! 1286 depends on SPARC64
>> 1287 select CRYPTO_ALGAPI
>> 1288 select CRYPTO_DES
918 help 1289 help
919 MD5 message digest algorithm (RFC132 !! 1290 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
>> 1291 optimized using SPARC64 crypto opcodes.
920 1292
921 config CRYPTO_MICHAEL_MIC !! 1293 config CRYPTO_DES3_EDE_X86_64
922 tristate "Michael MIC" !! 1294 tristate "Triple DES EDE cipher algorithm (x86-64)"
923 select CRYPTO_HASH !! 1295 depends on X86 && 64BIT
>> 1296 select CRYPTO_BLKCIPHER
>> 1297 select CRYPTO_DES
924 help 1298 help
925 Michael MIC (Message Integrity Code) !! 1299 Triple DES EDE (FIPS 46-3) algorithm.
926 1300
927 Defined by the IEEE 802.11i TKIP (Te !! 1301 This module provides implementation of the Triple DES EDE cipher
928 known as WPA (Wif-Fi Protected Acces !! 1302 algorithm that is optimized for x86-64 processors. Two versions of
>> 1303 algorithm are provided; regular processing one input block and
>> 1304 one that processes three blocks parallel.
929 1305
930 This algorithm is required for TKIP, !! 1306 config CRYPTO_FCRYPT
931 other purposes because of the weakne !! 1307 tristate "FCrypt cipher algorithm"
>> 1308 select CRYPTO_ALGAPI
>> 1309 select CRYPTO_BLKCIPHER
>> 1310 help
>> 1311 FCrypt algorithm used by RxRPC.
932 1312
933 config CRYPTO_POLYVAL !! 1313 config CRYPTO_KHAZAD
934 tristate !! 1314 tristate "Khazad cipher algorithm"
935 select CRYPTO_HASH !! 1315 select CRYPTO_ALGAPI
936 select CRYPTO_LIB_GF128MUL <<
937 help 1316 help
938 POLYVAL hash function for HCTR2 !! 1317 Khazad cipher algorithm.
>> 1318
>> 1319 Khazad was a finalist in the initial NESSIE competition. It is
>> 1320 an algorithm optimized for 64-bit processors with good performance
>> 1321 on 32-bit processors. Khazad uses an 128 bit key size.
939 1322
940 This is used in HCTR2. It is not a !! 1323 See also:
941 cryptographic hash function. !! 1324 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
942 1325
943 config CRYPTO_POLY1305 !! 1326 config CRYPTO_SALSA20
944 tristate "Poly1305" !! 1327 tristate "Salsa20 stream cipher algorithm"
945 select CRYPTO_HASH !! 1328 select CRYPTO_BLKCIPHER
946 select CRYPTO_LIB_POLY1305_GENERIC <<
947 help 1329 help
948 Poly1305 authenticator algorithm (RF !! 1330 Salsa20 stream cipher algorithm.
949 1331
950 Poly1305 is an authenticator algorit !! 1332 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
951 It is used for the ChaCha20-Poly1305 !! 1333 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
952 in IETF protocols. This is the porta <<
953 1334
954 config CRYPTO_RMD160 !! 1335 The Salsa20 stream cipher algorithm is designed by Daniel J.
955 tristate "RIPEMD-160" !! 1336 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
956 select CRYPTO_HASH <<
957 help <<
958 RIPEMD-160 hash function (ISO/IEC 10 <<
959 1337
960 RIPEMD-160 is a 160-bit cryptographi !! 1338 config CRYPTO_CHACHA20
961 to be used as a secure replacement f !! 1339 tristate "ChaCha20 cipher algorithm"
962 MD4, MD5 and its predecessor RIPEMD !! 1340 select CRYPTO_BLKCIPHER
963 (not to be confused with RIPEMD-128) !! 1341 help
>> 1342 ChaCha20 cipher algorithm, RFC7539.
964 1343
965 Its speed is comparable to SHA-1 and !! 1344 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
966 against RIPEMD-160. !! 1345 Bernstein and further specified in RFC7539 for use in IETF protocols.
>> 1346 This is the portable C implementation of ChaCha20.
967 1347
968 Developed by Hans Dobbertin, Antoon !! 1348 See also:
969 See https://homes.esat.kuleuven.be/~ !! 1349 <http://cr.yp.to/chacha/chacha-20080128.pdf>
970 for further information. <<
971 1350
972 config CRYPTO_SHA1 !! 1351 config CRYPTO_CHACHA20_X86_64
973 tristate "SHA-1" !! 1352 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
974 select CRYPTO_HASH !! 1353 depends on X86 && 64BIT
975 select CRYPTO_LIB_SHA1 !! 1354 select CRYPTO_BLKCIPHER
>> 1355 select CRYPTO_CHACHA20
976 help 1356 help
977 SHA-1 secure hash algorithm (FIPS 18 !! 1357 ChaCha20 cipher algorithm, RFC7539.
978 1358
979 config CRYPTO_SHA256 !! 1359 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
980 tristate "SHA-224 and SHA-256" !! 1360 Bernstein and further specified in RFC7539 for use in IETF protocols.
981 select CRYPTO_HASH !! 1361 This is the x86_64 assembler implementation using SIMD instructions.
982 select CRYPTO_LIB_SHA256 !! 1362
>> 1363 See also:
>> 1364 <http://cr.yp.to/chacha/chacha-20080128.pdf>
>> 1365
>> 1366 config CRYPTO_SEED
>> 1367 tristate "SEED cipher algorithm"
>> 1368 select CRYPTO_ALGAPI
983 help 1369 help
984 SHA-224 and SHA-256 secure hash algo !! 1370 SEED cipher algorithm (RFC4269).
985 1371
986 This is required for IPsec AH (XFRM_ !! 1372 SEED is a 128-bit symmetric key block cipher that has been
987 Used by the btrfs filesystem, Ceph, !! 1373 developed by KISA (Korea Information Security Agency) as a
>> 1374 national standard encryption algorithm of the Republic of Korea.
>> 1375 It is a 16 round block cipher with the key size of 128 bit.
988 1376
989 config CRYPTO_SHA512 !! 1377 See also:
990 tristate "SHA-384 and SHA-512" !! 1378 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
991 select CRYPTO_HASH !! 1379
>> 1380 config CRYPTO_SERPENT
>> 1381 tristate "Serpent cipher algorithm"
>> 1382 select CRYPTO_ALGAPI
992 help 1383 help
993 SHA-384 and SHA-512 secure hash algo !! 1384 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
994 1385
995 config CRYPTO_SHA3 !! 1386 Keys are allowed to be from 0 to 256 bits in length, in steps
996 tristate "SHA-3" !! 1387 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
997 select CRYPTO_HASH !! 1388 variant of Serpent for compatibility with old kerneli.org code.
>> 1389
>> 1390 See also:
>> 1391 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1392
>> 1393 config CRYPTO_SERPENT_SSE2_X86_64
>> 1394 tristate "Serpent cipher algorithm (x86_64/SSE2)"
>> 1395 depends on X86 && 64BIT
>> 1396 select CRYPTO_BLKCIPHER
>> 1397 select CRYPTO_GLUE_HELPER_X86
>> 1398 select CRYPTO_SERPENT
>> 1399 select CRYPTO_SIMD
998 help 1400 help
999 SHA-3 secure hash algorithms (FIPS 2 !! 1401 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1000 1402
1001 config CRYPTO_SM3 !! 1403 Keys are allowed to be from 0 to 256 bits in length, in steps
1002 tristate !! 1404 of 8 bits.
1003 1405
1004 config CRYPTO_SM3_GENERIC !! 1406 This module provides Serpent cipher algorithm that processes eight
1005 tristate "SM3 (ShangMi 3)" !! 1407 blocks parallel using SSE2 instruction set.
1006 select CRYPTO_HASH !! 1408
1007 select CRYPTO_SM3 !! 1409 See also:
>> 1410 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1411
>> 1412 config CRYPTO_SERPENT_SSE2_586
>> 1413 tristate "Serpent cipher algorithm (i586/SSE2)"
>> 1414 depends on X86 && !64BIT
>> 1415 select CRYPTO_BLKCIPHER
>> 1416 select CRYPTO_GLUE_HELPER_X86
>> 1417 select CRYPTO_SERPENT
>> 1418 select CRYPTO_SIMD
1008 help 1419 help
1009 SM3 (ShangMi 3) secure hash functio !! 1420 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1010 1421
1011 This is part of the Chinese Commerc !! 1422 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1423 of 8 bits.
1012 1424
1013 References: !! 1425 This module provides Serpent cipher algorithm that processes four
1014 http://www.oscca.gov.cn/UpFile/2010 !! 1426 blocks parallel using SSE2 instruction set.
1015 https://datatracker.ietf.org/doc/ht <<
1016 1427
1017 config CRYPTO_STREEBOG !! 1428 See also:
1018 tristate "Streebog" !! 1429 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1019 select CRYPTO_HASH !! 1430
>> 1431 config CRYPTO_SERPENT_AVX_X86_64
>> 1432 tristate "Serpent cipher algorithm (x86_64/AVX)"
>> 1433 depends on X86 && 64BIT
>> 1434 select CRYPTO_BLKCIPHER
>> 1435 select CRYPTO_GLUE_HELPER_X86
>> 1436 select CRYPTO_SERPENT
>> 1437 select CRYPTO_SIMD
>> 1438 select CRYPTO_XTS
1020 help 1439 help
1021 Streebog Hash Function (GOST R 34.1 !! 1440 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1022 1441
1023 This is one of the Russian cryptogr !! 1442 Keys are allowed to be from 0 to 256 bits in length, in steps
1024 GOST algorithms). This setting enab !! 1443 of 8 bits.
1025 256 and 512 bits output. <<
1026 1444
1027 References: !! 1445 This module provides the Serpent cipher algorithm that processes
1028 https://tc26.ru/upload/iblock/fed/f !! 1446 eight blocks parallel using the AVX instruction set.
1029 https://tools.ietf.org/html/rfc6986 <<
1030 1447
1031 config CRYPTO_VMAC !! 1448 See also:
1032 tristate "VMAC" !! 1449 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1033 select CRYPTO_HASH !! 1450
1034 select CRYPTO_MANAGER !! 1451 config CRYPTO_SERPENT_AVX2_X86_64
>> 1452 tristate "Serpent cipher algorithm (x86_64/AVX2)"
>> 1453 depends on X86 && 64BIT
>> 1454 select CRYPTO_SERPENT_AVX_X86_64
1035 help 1455 help
1036 VMAC is a message authentication al !! 1456 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1037 very high speed on 64-bit architect <<
1038 1457
1039 See https://fastcrypto.org/vmac for !! 1458 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1459 of 8 bits.
1040 1460
1041 config CRYPTO_WP512 !! 1461 This module provides Serpent cipher algorithm that processes 16
1042 tristate "Whirlpool" !! 1462 blocks parallel using AVX2 instruction set.
1043 select CRYPTO_HASH !! 1463
>> 1464 See also:
>> 1465 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1466
>> 1467 config CRYPTO_SM4
>> 1468 tristate "SM4 cipher algorithm"
>> 1469 select CRYPTO_ALGAPI
1044 help 1470 help
1045 Whirlpool hash function (ISO/IEC 10 !! 1471 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
>> 1472
>> 1473 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
>> 1474 Organization of State Commercial Administration of China (OSCCA)
>> 1475 as an authorized cryptographic algorithms for the use within China.
1046 1476
1047 512, 384 and 256-bit hashes. !! 1477 SMS4 was originally created for use in protecting wireless
>> 1478 networks, and is mandated in the Chinese National Standard for
>> 1479 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
>> 1480 (GB.15629.11-2003).
1048 1481
1049 Whirlpool-512 is part of the NESSIE !! 1482 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
>> 1483 standardized through TC 260 of the Standardization Administration
>> 1484 of the People's Republic of China (SAC).
1050 1485
1051 See https://web.archive.org/web/201 !! 1486 The input, output, and key of SMS4 are each 128 bits.
1052 for further information. <<
1053 1487
1054 config CRYPTO_XCBC !! 1488 See also: <https://eprint.iacr.org/2008/329.pdf>
1055 tristate "XCBC-MAC (Extended Cipher B !! 1489
1056 select CRYPTO_HASH !! 1490 If unsure, say N.
1057 select CRYPTO_MANAGER !! 1491
>> 1492 config CRYPTO_SPECK
>> 1493 tristate "Speck cipher algorithm"
>> 1494 select CRYPTO_ALGAPI
1058 help 1495 help
1059 XCBC-MAC (Extended Cipher Block Cha !! 1496 Speck is a lightweight block cipher that is tuned for optimal
1060 Code) (RFC3566) !! 1497 performance in software (rather than hardware).
1061 1498
1062 config CRYPTO_XXHASH !! 1499 Speck may not be as secure as AES, and should only be used on systems
1063 tristate "xxHash" !! 1500 where AES is not fast enough.
1064 select CRYPTO_HASH !! 1501
1065 select XXHASH !! 1502 See also: <https://eprint.iacr.org/2013/404.pdf>
>> 1503
>> 1504 If unsure, say N.
>> 1505
>> 1506 config CRYPTO_TEA
>> 1507 tristate "TEA, XTEA and XETA cipher algorithms"
>> 1508 select CRYPTO_ALGAPI
1066 help 1509 help
1067 xxHash non-cryptographic hash algor !! 1510 TEA cipher algorithm.
1068 1511
1069 Extremely fast, working at speeds c !! 1512 Tiny Encryption Algorithm is a simple cipher that uses
>> 1513 many rounds for security. It is very fast and uses
>> 1514 little memory.
1070 1515
1071 Used by the btrfs filesystem. !! 1516 Xtendend Tiny Encryption Algorithm is a modification to
>> 1517 the TEA algorithm to address a potential key weakness
>> 1518 in the TEA algorithm.
1072 1519
1073 endmenu !! 1520 Xtendend Encryption Tiny Algorithm is a mis-implementation
>> 1521 of the XTEA algorithm for compatibility purposes.
1074 1522
1075 menu "CRCs (cyclic redundancy checks)" !! 1523 config CRYPTO_TWOFISH
>> 1524 tristate "Twofish cipher algorithm"
>> 1525 select CRYPTO_ALGAPI
>> 1526 select CRYPTO_TWOFISH_COMMON
>> 1527 help
>> 1528 Twofish cipher algorithm.
1076 1529
1077 config CRYPTO_CRC32C !! 1530 Twofish was submitted as an AES (Advanced Encryption Standard)
1078 tristate "CRC32c" !! 1531 candidate cipher by researchers at CounterPane Systems. It is a
1079 select CRYPTO_HASH !! 1532 16 round block cipher supporting key sizes of 128, 192, and 256
1080 select CRC32 !! 1533 bits.
>> 1534
>> 1535 See also:
>> 1536 <http://www.schneier.com/twofish.html>
>> 1537
>> 1538 config CRYPTO_TWOFISH_COMMON
>> 1539 tristate
>> 1540 help
>> 1541 Common parts of the Twofish cipher algorithm shared by the
>> 1542 generic c and the assembler implementations.
>> 1543
>> 1544 config CRYPTO_TWOFISH_586
>> 1545 tristate "Twofish cipher algorithms (i586)"
>> 1546 depends on (X86 || UML_X86) && !64BIT
>> 1547 select CRYPTO_ALGAPI
>> 1548 select CRYPTO_TWOFISH_COMMON
1081 help 1549 help
1082 CRC32c CRC algorithm with the iSCSI !! 1550 Twofish cipher algorithm.
1083 1551
1084 A 32-bit CRC (cyclic redundancy che !! 1552 Twofish was submitted as an AES (Advanced Encryption Standard)
1085 by G. Castagnoli, S. Braeuer and M. !! 1553 candidate cipher by researchers at CounterPane Systems. It is a
1086 Redundancy-Check Codes with 24 and !! 1554 16 round block cipher supporting key sizes of 128, 192, and 256
1087 on Communications, Vol. 41, No. 6, !! 1555 bits.
1088 iSCSI. <<
1089 1556
1090 Used by btrfs, ext4, jbd2, NVMeoF/T !! 1557 See also:
>> 1558 <http://www.schneier.com/twofish.html>
1091 1559
1092 config CRYPTO_CRC32 !! 1560 config CRYPTO_TWOFISH_X86_64
1093 tristate "CRC32" !! 1561 tristate "Twofish cipher algorithm (x86_64)"
1094 select CRYPTO_HASH !! 1562 depends on (X86 || UML_X86) && 64BIT
1095 select CRC32 !! 1563 select CRYPTO_ALGAPI
>> 1564 select CRYPTO_TWOFISH_COMMON
1096 help 1565 help
1097 CRC32 CRC algorithm (IEEE 802.3) !! 1566 Twofish cipher algorithm (x86_64).
1098 1567
1099 Used by RoCEv2 and f2fs. !! 1568 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1569 candidate cipher by researchers at CounterPane Systems. It is a
>> 1570 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1571 bits.
1100 1572
1101 config CRYPTO_CRCT10DIF !! 1573 See also:
1102 tristate "CRCT10DIF" !! 1574 <http://www.schneier.com/twofish.html>
1103 select CRYPTO_HASH !! 1575
>> 1576 config CRYPTO_TWOFISH_X86_64_3WAY
>> 1577 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
>> 1578 depends on X86 && 64BIT
>> 1579 select CRYPTO_BLKCIPHER
>> 1580 select CRYPTO_TWOFISH_COMMON
>> 1581 select CRYPTO_TWOFISH_X86_64
>> 1582 select CRYPTO_GLUE_HELPER_X86
1104 help 1583 help
1105 CRC16 CRC algorithm used for the T1 !! 1584 Twofish cipher algorithm (x86_64, 3-way parallel).
1106 1585
1107 CRC algorithm used by the SCSI Bloc !! 1586 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1587 candidate cipher by researchers at CounterPane Systems. It is a
>> 1588 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1589 bits.
1108 1590
1109 config CRYPTO_CRC64_ROCKSOFT !! 1591 This module provides Twofish cipher algorithm that processes three
1110 tristate "CRC64 based on Rocksoft Mod !! 1592 blocks parallel, utilizing resources of out-of-order CPUs better.
1111 depends on CRC64 !! 1593
1112 select CRYPTO_HASH !! 1594 See also:
>> 1595 <http://www.schneier.com/twofish.html>
>> 1596
>> 1597 config CRYPTO_TWOFISH_AVX_X86_64
>> 1598 tristate "Twofish cipher algorithm (x86_64/AVX)"
>> 1599 depends on X86 && 64BIT
>> 1600 select CRYPTO_BLKCIPHER
>> 1601 select CRYPTO_GLUE_HELPER_X86
>> 1602 select CRYPTO_SIMD
>> 1603 select CRYPTO_TWOFISH_COMMON
>> 1604 select CRYPTO_TWOFISH_X86_64
>> 1605 select CRYPTO_TWOFISH_X86_64_3WAY
1113 help 1606 help
1114 CRC64 CRC algorithm based on the Ro !! 1607 Twofish cipher algorithm (x86_64/AVX).
1115 1608
1116 Used by the NVMe implementation of !! 1609 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1610 candidate cipher by researchers at CounterPane Systems. It is a
>> 1611 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1612 bits.
1117 1613
1118 See https://zlib.net/crc_v3.txt !! 1614 This module provides the Twofish cipher algorithm that processes
>> 1615 eight blocks parallel using the AVX Instruction Set.
1119 1616
1120 endmenu !! 1617 See also:
>> 1618 <http://www.schneier.com/twofish.html>
1121 1619
1122 menu "Compression" !! 1620 comment "Compression"
1123 1621
1124 config CRYPTO_DEFLATE 1622 config CRYPTO_DEFLATE
1125 tristate "Deflate" !! 1623 tristate "Deflate compression algorithm"
1126 select CRYPTO_ALGAPI 1624 select CRYPTO_ALGAPI
1127 select CRYPTO_ACOMP2 1625 select CRYPTO_ACOMP2
1128 select ZLIB_INFLATE 1626 select ZLIB_INFLATE
1129 select ZLIB_DEFLATE 1627 select ZLIB_DEFLATE
1130 help 1628 help
1131 Deflate compression algorithm (RFC1 !! 1629 This is the Deflate algorithm (RFC1951), specified for use in
>> 1630 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1132 1631
1133 Used by IPSec with the IPCOMP proto !! 1632 You will most probably want this if using IPSec.
1134 1633
1135 config CRYPTO_LZO 1634 config CRYPTO_LZO
1136 tristate "LZO" !! 1635 tristate "LZO compression algorithm"
1137 select CRYPTO_ALGAPI 1636 select CRYPTO_ALGAPI
1138 select CRYPTO_ACOMP2 1637 select CRYPTO_ACOMP2
1139 select LZO_COMPRESS 1638 select LZO_COMPRESS
1140 select LZO_DECOMPRESS 1639 select LZO_DECOMPRESS
1141 help 1640 help
1142 LZO compression algorithm !! 1641 This is the LZO algorithm.
1143 <<
1144 See https://www.oberhumer.com/opens <<
1145 1642
1146 config CRYPTO_842 1643 config CRYPTO_842
1147 tristate "842" !! 1644 tristate "842 compression algorithm"
1148 select CRYPTO_ALGAPI 1645 select CRYPTO_ALGAPI
1149 select CRYPTO_ACOMP2 1646 select CRYPTO_ACOMP2
1150 select 842_COMPRESS 1647 select 842_COMPRESS
1151 select 842_DECOMPRESS 1648 select 842_DECOMPRESS
1152 help 1649 help
1153 842 compression algorithm by IBM !! 1650 This is the 842 algorithm.
1154 <<
1155 See https://github.com/plauth/lib84 <<
1156 1651
1157 config CRYPTO_LZ4 1652 config CRYPTO_LZ4
1158 tristate "LZ4" !! 1653 tristate "LZ4 compression algorithm"
1159 select CRYPTO_ALGAPI 1654 select CRYPTO_ALGAPI
1160 select CRYPTO_ACOMP2 1655 select CRYPTO_ACOMP2
1161 select LZ4_COMPRESS 1656 select LZ4_COMPRESS
1162 select LZ4_DECOMPRESS 1657 select LZ4_DECOMPRESS
1163 help 1658 help
1164 LZ4 compression algorithm !! 1659 This is the LZ4 algorithm.
1165 <<
1166 See https://github.com/lz4/lz4 for <<
1167 1660
1168 config CRYPTO_LZ4HC 1661 config CRYPTO_LZ4HC
1169 tristate "LZ4HC" !! 1662 tristate "LZ4HC compression algorithm"
1170 select CRYPTO_ALGAPI 1663 select CRYPTO_ALGAPI
1171 select CRYPTO_ACOMP2 1664 select CRYPTO_ACOMP2
1172 select LZ4HC_COMPRESS 1665 select LZ4HC_COMPRESS
1173 select LZ4_DECOMPRESS 1666 select LZ4_DECOMPRESS
1174 help 1667 help
1175 LZ4 high compression mode algorithm !! 1668 This is the LZ4 high compression mode algorithm.
1176 1669
1177 See https://github.com/lz4/lz4 for !! 1670 comment "Random Number Generation"
1178 <<
1179 config CRYPTO_ZSTD <<
1180 tristate "Zstd" <<
1181 select CRYPTO_ALGAPI <<
1182 select CRYPTO_ACOMP2 <<
1183 select ZSTD_COMPRESS <<
1184 select ZSTD_DECOMPRESS <<
1185 help <<
1186 zstd compression algorithm <<
1187 <<
1188 See https://github.com/facebook/zst <<
1189 <<
1190 endmenu <<
1191 <<
1192 menu "Random number generation" <<
1193 1671
1194 config CRYPTO_ANSI_CPRNG 1672 config CRYPTO_ANSI_CPRNG
1195 tristate "ANSI PRNG (Pseudo Random Nu !! 1673 tristate "Pseudo Random Number Generation for Cryptographic modules"
1196 select CRYPTO_AES 1674 select CRYPTO_AES
1197 select CRYPTO_RNG 1675 select CRYPTO_RNG
1198 help 1676 help
1199 Pseudo RNG (random number generator !! 1677 This option enables the generic pseudo random number generator
1200 !! 1678 for cryptographic modules. Uses the Algorithm specified in
1201 This uses the AES cipher algorithm. !! 1679 ANSI X9.31 A.2.4. Note that this option must be enabled if
1202 !! 1680 CRYPTO_FIPS is selected
1203 Note that this option must be enabl <<
1204 1681
1205 menuconfig CRYPTO_DRBG_MENU 1682 menuconfig CRYPTO_DRBG_MENU
1206 tristate "NIST SP800-90A DRBG (Determ !! 1683 tristate "NIST SP800-90A DRBG"
1207 help 1684 help
1208 DRBG (Deterministic Random Bit Gene !! 1685 NIST SP800-90A compliant DRBG. In the following submenu, one or
1209 !! 1686 more of the DRBG types must be selected.
1210 In the following submenu, one or mo <<
1211 1687
1212 if CRYPTO_DRBG_MENU 1688 if CRYPTO_DRBG_MENU
1213 1689
1214 config CRYPTO_DRBG_HMAC 1690 config CRYPTO_DRBG_HMAC
1215 bool 1691 bool
1216 default y 1692 default y
1217 select CRYPTO_HMAC 1693 select CRYPTO_HMAC
1218 select CRYPTO_SHA512 !! 1694 select CRYPTO_SHA256
1219 1695
1220 config CRYPTO_DRBG_HASH 1696 config CRYPTO_DRBG_HASH
1221 bool "Hash_DRBG" !! 1697 bool "Enable Hash DRBG"
1222 select CRYPTO_SHA256 1698 select CRYPTO_SHA256
1223 help 1699 help
1224 Hash_DRBG variant as defined in NIS !! 1700 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1225 <<
1226 This uses the SHA-1, SHA-256, SHA-3 <<
1227 1701
1228 config CRYPTO_DRBG_CTR 1702 config CRYPTO_DRBG_CTR
1229 bool "CTR_DRBG" !! 1703 bool "Enable CTR DRBG"
1230 select CRYPTO_AES 1704 select CRYPTO_AES
1231 select CRYPTO_CTR !! 1705 depends on CRYPTO_CTR
1232 help 1706 help
1233 CTR_DRBG variant as defined in NIST !! 1707 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1234 <<
1235 This uses the AES cipher algorithm <<
1236 1708
1237 config CRYPTO_DRBG 1709 config CRYPTO_DRBG
1238 tristate 1710 tristate
1239 default CRYPTO_DRBG_MENU 1711 default CRYPTO_DRBG_MENU
1240 select CRYPTO_RNG 1712 select CRYPTO_RNG
1241 select CRYPTO_JITTERENTROPY 1713 select CRYPTO_JITTERENTROPY
1242 1714
1243 endif # if CRYPTO_DRBG_MENU 1715 endif # if CRYPTO_DRBG_MENU
1244 1716
1245 config CRYPTO_JITTERENTROPY 1717 config CRYPTO_JITTERENTROPY
1246 tristate "CPU Jitter Non-Deterministi !! 1718 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1247 select CRYPTO_RNG 1719 select CRYPTO_RNG
1248 select CRYPTO_SHA3 <<
1249 help 1720 help
1250 CPU Jitter RNG (Random Number Gener !! 1721 The Jitterentropy RNG is a noise that is intended
1251 !! 1722 to provide seed to another RNG. The RNG does not
1252 A non-physical non-deterministic (" !! 1723 perform any cryptographic whitening of the generated
1253 compliant with NIST SP800-90B) inte !! 1724 random numbers. This Jitterentropy RNG registers with
1254 deterministic RNG (e.g., per NIST S !! 1725 the kernel crypto API and can be used by any caller.
1255 This RNG does not perform any crypt <<
1256 random numbers. <<
1257 <<
1258 See https://www.chronox.de/jent/ <<
1259 <<
1260 if CRYPTO_JITTERENTROPY <<
1261 if CRYPTO_FIPS && EXPERT <<
1262 <<
1263 choice <<
1264 prompt "CPU Jitter RNG Memory Size" <<
1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ <<
1266 help <<
1267 The Jitter RNG measures the executi <<
1268 Multiple consecutive memory accesse <<
1269 size fits into a cache (e.g. L1), o <<
1270 to that cache is measured. The clos <<
1271 the less variations are measured an <<
1272 obtained. Thus, if the memory size <<
1273 obtained entropy is less than if th <<
1274 L1 + L2, which in turn is less if t <<
1275 L1 + L2 + L3. Thus, by selecting a <<
1276 the entropy rate produced by the Ji <<
1277 <<
1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 <<
1279 bool "2048 Bytes (default)" <<
1280 <<
1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1282 bool "128 kBytes" <<
1283 <<
1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1285 bool "1024 kBytes" <<
1286 <<
1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 <<
1288 bool "8192 kBytes" <<
1289 endchoice <<
1290 <<
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1292 int <<
1293 default 64 if CRYPTO_JITTERENTROPY_ME <<
1294 default 512 if CRYPTO_JITTERENTROPY_M <<
1295 default 1024 if CRYPTO_JITTERENTROPY_ <<
1296 default 4096 if CRYPTO_JITTERENTROPY_ <<
1297 <<
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1299 int <<
1300 default 32 if CRYPTO_JITTERENTROPY_ME <<
1301 default 256 if CRYPTO_JITTERENTROPY_M <<
1302 default 1024 if CRYPTO_JITTERENTROPY_ <<
1303 default 2048 if CRYPTO_JITTERENTROPY_ <<
1304 <<
1305 config CRYPTO_JITTERENTROPY_OSR <<
1306 int "CPU Jitter RNG Oversampling Rate <<
1307 range 1 15 <<
1308 default 3 <<
1309 help <<
1310 The Jitter RNG allows the specifica <<
1311 The Jitter RNG operation requires a <<
1312 measurements to produce one output <<
1313 OSR value is multiplied with the am <<
1314 generate one output block. Thus, th <<
1315 by the OSR factor. The oversampling <<
1316 on hardware whose timers deliver li <<
1317 the timer is coarse) by setting the <<
1318 trade-off, however, is that the Jit <<
1319 to generate random numbers. <<
1320 <<
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1322 bool "CPU Jitter RNG Test Interface" <<
1323 help <<
1324 The test interface allows a privile <<
1325 the raw unconditioned high resoluti <<
1326 is collected by the Jitter RNG for <<
1327 this data is used at the same time <<
1328 the Jitter RNG operates in an insec <<
1329 recording is enabled. This interfac <<
1330 intended for testing purposes and i <<
1331 production systems. <<
1332 <<
1333 The raw noise data can be obtained <<
1334 debugfs file. Using the option <<
1335 jitterentropy_testing.boot_raw_hire <<
1336 the first 1000 entropy events since <<
1337 <<
1338 If unsure, select N. <<
1339 <<
1340 endif # if CRYPTO_FIPS && EXPERT <<
1341 <<
1342 if !(CRYPTO_FIPS && EXPERT) <<
1343 <<
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1345 int <<
1346 default 64 <<
1347 <<
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1349 int <<
1350 default 32 <<
1351 <<
1352 config CRYPTO_JITTERENTROPY_OSR <<
1353 int <<
1354 default 1 <<
1355 <<
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1357 bool <<
1358 <<
1359 endif # if !(CRYPTO_FIPS && EXPERT) <<
1360 endif # if CRYPTO_JITTERENTROPY <<
1361 <<
1362 config CRYPTO_KDF800108_CTR <<
1363 tristate <<
1364 select CRYPTO_HMAC <<
1365 select CRYPTO_SHA256 <<
1366 <<
1367 endmenu <<
1368 menu "Userspace interface" <<
1369 1726
1370 config CRYPTO_USER_API 1727 config CRYPTO_USER_API
1371 tristate 1728 tristate
1372 1729
1373 config CRYPTO_USER_API_HASH 1730 config CRYPTO_USER_API_HASH
1374 tristate "Hash algorithms" !! 1731 tristate "User-space interface for hash algorithms"
1375 depends on NET 1732 depends on NET
1376 select CRYPTO_HASH 1733 select CRYPTO_HASH
1377 select CRYPTO_USER_API 1734 select CRYPTO_USER_API
1378 help 1735 help
1379 Enable the userspace interface for !! 1736 This option enables the user-spaces interface for hash
1380 !! 1737 algorithms.
1381 See Documentation/crypto/userspace- <<
1382 https://www.chronox.de/libkcapi/htm <<
1383 1738
1384 config CRYPTO_USER_API_SKCIPHER 1739 config CRYPTO_USER_API_SKCIPHER
1385 tristate "Symmetric key cipher algori !! 1740 tristate "User-space interface for symmetric key cipher algorithms"
1386 depends on NET 1741 depends on NET
1387 select CRYPTO_SKCIPHER !! 1742 select CRYPTO_BLKCIPHER
1388 select CRYPTO_USER_API 1743 select CRYPTO_USER_API
1389 help 1744 help
1390 Enable the userspace interface for !! 1745 This option enables the user-spaces interface for symmetric
1391 !! 1746 key cipher algorithms.
1392 See Documentation/crypto/userspace- <<
1393 https://www.chronox.de/libkcapi/htm <<
1394 1747
1395 config CRYPTO_USER_API_RNG 1748 config CRYPTO_USER_API_RNG
1396 tristate "RNG (random number generato !! 1749 tristate "User-space interface for random number generator algorithms"
1397 depends on NET 1750 depends on NET
1398 select CRYPTO_RNG 1751 select CRYPTO_RNG
1399 select CRYPTO_USER_API 1752 select CRYPTO_USER_API
1400 help 1753 help
1401 Enable the userspace interface for !! 1754 This option enables the user-spaces interface for random
1402 algorithms. !! 1755 number generator algorithms.
1403 <<
1404 See Documentation/crypto/userspace- <<
1405 https://www.chronox.de/libkcapi/htm <<
1406 <<
1407 config CRYPTO_USER_API_RNG_CAVP <<
1408 bool "Enable CAVP testing of DRBG" <<
1409 depends on CRYPTO_USER_API_RNG && CRY <<
1410 help <<
1411 Enable extra APIs in the userspace <<
1412 (Cryptographic Algorithm Validation <<
1413 - resetting DRBG entropy <<
1414 - providing Additional Data <<
1415 <<
1416 This should only be enabled for CAV <<
1417 no unless you know what this is. <<
1418 1756
1419 config CRYPTO_USER_API_AEAD 1757 config CRYPTO_USER_API_AEAD
1420 tristate "AEAD cipher algorithms" !! 1758 tristate "User-space interface for AEAD cipher algorithms"
1421 depends on NET 1759 depends on NET
1422 select CRYPTO_AEAD 1760 select CRYPTO_AEAD
1423 select CRYPTO_SKCIPHER !! 1761 select CRYPTO_BLKCIPHER
1424 select CRYPTO_NULL 1762 select CRYPTO_NULL
1425 select CRYPTO_USER_API 1763 select CRYPTO_USER_API
1426 help 1764 help
1427 Enable the userspace interface for !! 1765 This option enables the user-spaces interface for AEAD
1428 !! 1766 cipher algorithms.
1429 See Documentation/crypto/userspace- <<
1430 https://www.chronox.de/libkcapi/htm <<
1431 <<
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE <<
1433 bool "Obsolete cryptographic algorith <<
1434 depends on CRYPTO_USER_API <<
1435 default y <<
1436 help <<
1437 Allow obsolete cryptographic algori <<
1438 already been phased out from intern <<
1439 only useful for userspace clients t <<
1440 <<
1441 endmenu <<
1442 1767
1443 config CRYPTO_HASH_INFO 1768 config CRYPTO_HASH_INFO
1444 bool 1769 bool
1445 1770
1446 if !KMSAN # avoid false positives from assemb <<
1447 if ARM <<
1448 source "arch/arm/crypto/Kconfig" <<
1449 endif <<
1450 if ARM64 <<
1451 source "arch/arm64/crypto/Kconfig" <<
1452 endif <<
1453 if LOONGARCH <<
1454 source "arch/loongarch/crypto/Kconfig" <<
1455 endif <<
1456 if MIPS <<
1457 source "arch/mips/crypto/Kconfig" <<
1458 endif <<
1459 if PPC <<
1460 source "arch/powerpc/crypto/Kconfig" <<
1461 endif <<
1462 if RISCV <<
1463 source "arch/riscv/crypto/Kconfig" <<
1464 endif <<
1465 if S390 <<
1466 source "arch/s390/crypto/Kconfig" <<
1467 endif <<
1468 if SPARC <<
1469 source "arch/sparc/crypto/Kconfig" <<
1470 endif <<
1471 if X86 <<
1472 source "arch/x86/crypto/Kconfig" <<
1473 endif <<
1474 endif <<
1475 <<
1476 source "drivers/crypto/Kconfig" 1771 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig" !! 1772 source crypto/asymmetric_keys/Kconfig
1478 source "certs/Kconfig" !! 1773 source certs/Kconfig
1479 1774
1480 endif # if CRYPTO 1775 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.