1 # SPDX-License-Identifier: GPL-2.0 1 # SPDX-License-Identifier: GPL-2.0
2 # 2 #
3 # Generic algorithms support 3 # Generic algorithms support
4 # 4 #
5 config XOR_BLOCKS 5 config XOR_BLOCKS
6 tristate 6 tristate
7 7
8 # 8 #
9 # async_tx api: hardware offloaded memory tran 9 # async_tx api: hardware offloaded memory transfer/transform support
10 # 10 #
11 source "crypto/async_tx/Kconfig" 11 source "crypto/async_tx/Kconfig"
12 12
13 # 13 #
14 # Cryptographic API Configuration 14 # Cryptographic API Configuration
15 # 15 #
16 menuconfig CRYPTO 16 menuconfig CRYPTO
17 tristate "Cryptographic API" 17 tristate "Cryptographic API"
18 select CRYPTO_LIB_UTILS <<
19 help 18 help
20 This option provides the core Crypto 19 This option provides the core Cryptographic API.
21 20
22 if CRYPTO 21 if CRYPTO
23 22
24 menu "Crypto core or helper" !! 23 comment "Crypto core or helper"
25 24
26 config CRYPTO_FIPS 25 config CRYPTO_FIPS
27 bool "FIPS 200 compliance" 26 bool "FIPS 200 compliance"
28 depends on (CRYPTO_ANSI_CPRNG || CRYPT 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
29 depends on (MODULE_SIG || !MODULES) 28 depends on (MODULE_SIG || !MODULES)
30 help 29 help
31 This option enables the fips boot op !! 30 This options enables the fips boot option which is
32 required if you want the system to o !! 31 required if you want to system to operate in a FIPS 200
33 certification. You should say no un 32 certification. You should say no unless you know what
34 this is. 33 this is.
35 34
36 config CRYPTO_FIPS_NAME <<
37 string "FIPS Module Name" <<
38 default "Linux Kernel Cryptographic AP <<
39 depends on CRYPTO_FIPS <<
40 help <<
41 This option sets the FIPS Module nam <<
42 the /proc/sys/crypto/fips_name file. <<
43 <<
44 config CRYPTO_FIPS_CUSTOM_VERSION <<
45 bool "Use Custom FIPS Module Version" <<
46 depends on CRYPTO_FIPS <<
47 default n <<
48 <<
49 config CRYPTO_FIPS_VERSION <<
50 string "FIPS Module Version" <<
51 default "(none)" <<
52 depends on CRYPTO_FIPS_CUSTOM_VERSION <<
53 help <<
54 This option provides the ability to <<
55 By default the KERNELRELEASE value i <<
56 <<
57 config CRYPTO_ALGAPI 35 config CRYPTO_ALGAPI
58 tristate 36 tristate
59 select CRYPTO_ALGAPI2 37 select CRYPTO_ALGAPI2
60 help 38 help
61 This option provides the API for cry 39 This option provides the API for cryptographic algorithms.
62 40
63 config CRYPTO_ALGAPI2 41 config CRYPTO_ALGAPI2
64 tristate 42 tristate
65 43
66 config CRYPTO_AEAD 44 config CRYPTO_AEAD
67 tristate 45 tristate
68 select CRYPTO_AEAD2 46 select CRYPTO_AEAD2
69 select CRYPTO_ALGAPI 47 select CRYPTO_ALGAPI
70 48
71 config CRYPTO_AEAD2 49 config CRYPTO_AEAD2
72 tristate 50 tristate
73 select CRYPTO_ALGAPI2 51 select CRYPTO_ALGAPI2
>> 52 select CRYPTO_NULL2
>> 53 select CRYPTO_RNG2
74 54
75 config CRYPTO_SIG !! 55 config CRYPTO_BLKCIPHER
76 tristate <<
77 select CRYPTO_SIG2 <<
78 select CRYPTO_ALGAPI <<
79 <<
80 config CRYPTO_SIG2 <<
81 tristate <<
82 select CRYPTO_ALGAPI2 <<
83 <<
84 config CRYPTO_SKCIPHER <<
85 tristate 56 tristate
86 select CRYPTO_SKCIPHER2 !! 57 select CRYPTO_BLKCIPHER2
87 select CRYPTO_ALGAPI 58 select CRYPTO_ALGAPI
88 select CRYPTO_ECB <<
89 59
90 config CRYPTO_SKCIPHER2 !! 60 config CRYPTO_BLKCIPHER2
91 tristate 61 tristate
92 select CRYPTO_ALGAPI2 62 select CRYPTO_ALGAPI2
>> 63 select CRYPTO_RNG2
>> 64 select CRYPTO_WORKQUEUE
93 65
94 config CRYPTO_HASH 66 config CRYPTO_HASH
95 tristate 67 tristate
96 select CRYPTO_HASH2 68 select CRYPTO_HASH2
97 select CRYPTO_ALGAPI 69 select CRYPTO_ALGAPI
98 70
99 config CRYPTO_HASH2 71 config CRYPTO_HASH2
100 tristate 72 tristate
101 select CRYPTO_ALGAPI2 73 select CRYPTO_ALGAPI2
102 74
103 config CRYPTO_RNG 75 config CRYPTO_RNG
104 tristate 76 tristate
105 select CRYPTO_RNG2 77 select CRYPTO_RNG2
106 select CRYPTO_ALGAPI 78 select CRYPTO_ALGAPI
107 79
108 config CRYPTO_RNG2 80 config CRYPTO_RNG2
109 tristate 81 tristate
110 select CRYPTO_ALGAPI2 82 select CRYPTO_ALGAPI2
111 83
112 config CRYPTO_RNG_DEFAULT 84 config CRYPTO_RNG_DEFAULT
113 tristate 85 tristate
114 select CRYPTO_DRBG_MENU 86 select CRYPTO_DRBG_MENU
115 87
116 config CRYPTO_AKCIPHER2 88 config CRYPTO_AKCIPHER2
117 tristate 89 tristate
118 select CRYPTO_ALGAPI2 90 select CRYPTO_ALGAPI2
119 91
120 config CRYPTO_AKCIPHER 92 config CRYPTO_AKCIPHER
121 tristate 93 tristate
122 select CRYPTO_AKCIPHER2 94 select CRYPTO_AKCIPHER2
123 select CRYPTO_ALGAPI 95 select CRYPTO_ALGAPI
124 96
125 config CRYPTO_KPP2 97 config CRYPTO_KPP2
126 tristate 98 tristate
127 select CRYPTO_ALGAPI2 99 select CRYPTO_ALGAPI2
128 100
129 config CRYPTO_KPP 101 config CRYPTO_KPP
130 tristate 102 tristate
131 select CRYPTO_ALGAPI 103 select CRYPTO_ALGAPI
132 select CRYPTO_KPP2 104 select CRYPTO_KPP2
133 105
134 config CRYPTO_ACOMP2 106 config CRYPTO_ACOMP2
135 tristate 107 tristate
136 select CRYPTO_ALGAPI2 108 select CRYPTO_ALGAPI2
137 select SGL_ALLOC 109 select SGL_ALLOC
138 110
139 config CRYPTO_ACOMP 111 config CRYPTO_ACOMP
140 tristate 112 tristate
141 select CRYPTO_ALGAPI 113 select CRYPTO_ALGAPI
142 select CRYPTO_ACOMP2 114 select CRYPTO_ACOMP2
143 115
>> 116 config CRYPTO_RSA
>> 117 tristate "RSA algorithm"
>> 118 select CRYPTO_AKCIPHER
>> 119 select CRYPTO_MANAGER
>> 120 select MPILIB
>> 121 select ASN1
>> 122 help
>> 123 Generic implementation of the RSA public key algorithm.
>> 124
>> 125 config CRYPTO_DH
>> 126 tristate "Diffie-Hellman algorithm"
>> 127 select CRYPTO_KPP
>> 128 select MPILIB
>> 129 help
>> 130 Generic implementation of the Diffie-Hellman algorithm.
>> 131
>> 132 config CRYPTO_ECDH
>> 133 tristate "ECDH algorithm"
>> 134 select CRYPTO_KPP
>> 135 select CRYPTO_RNG_DEFAULT
>> 136 help
>> 137 Generic implementation of the ECDH algorithm
>> 138
144 config CRYPTO_MANAGER 139 config CRYPTO_MANAGER
145 tristate "Cryptographic algorithm mana 140 tristate "Cryptographic algorithm manager"
146 select CRYPTO_MANAGER2 141 select CRYPTO_MANAGER2
147 help 142 help
148 Create default cryptographic templat 143 Create default cryptographic template instantiations such as
149 cbc(aes). 144 cbc(aes).
150 145
151 config CRYPTO_MANAGER2 146 config CRYPTO_MANAGER2
152 def_tristate CRYPTO_MANAGER || (CRYPTO 147 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153 select CRYPTO_ACOMP2 <<
154 select CRYPTO_AEAD2 148 select CRYPTO_AEAD2
155 select CRYPTO_AKCIPHER2 <<
156 select CRYPTO_SIG2 <<
157 select CRYPTO_HASH2 149 select CRYPTO_HASH2
>> 150 select CRYPTO_BLKCIPHER2
>> 151 select CRYPTO_AKCIPHER2
158 select CRYPTO_KPP2 152 select CRYPTO_KPP2
159 select CRYPTO_RNG2 !! 153 select CRYPTO_ACOMP2
160 select CRYPTO_SKCIPHER2 <<
161 154
162 config CRYPTO_USER 155 config CRYPTO_USER
163 tristate "Userspace cryptographic algo 156 tristate "Userspace cryptographic algorithm configuration"
164 depends on NET 157 depends on NET
165 select CRYPTO_MANAGER 158 select CRYPTO_MANAGER
166 help 159 help
167 Userspace configuration for cryptogr 160 Userspace configuration for cryptographic instantiations such as
168 cbc(aes). 161 cbc(aes).
169 162
170 config CRYPTO_MANAGER_DISABLE_TESTS 163 config CRYPTO_MANAGER_DISABLE_TESTS
171 bool "Disable run-time self tests" 164 bool "Disable run-time self tests"
172 default y 165 default y
>> 166 depends on CRYPTO_MANAGER2
173 help 167 help
174 Disable run-time self tests that nor 168 Disable run-time self tests that normally take place at
175 algorithm registration. 169 algorithm registration.
176 170
177 config CRYPTO_MANAGER_EXTRA_TESTS !! 171 config CRYPTO_GF128MUL
178 bool "Enable extra run-time crypto sel !! 172 tristate "GF(2^128) multiplication functions"
179 depends on DEBUG_KERNEL && !CRYPTO_MAN <<
180 help 173 help
181 Enable extra run-time self tests of !! 174 Efficient table driven implementation of multiplications in the
182 including randomized fuzz tests. !! 175 field GF(2^128). This is needed by some cypher modes. This
183 !! 176 option will be selected automatically if you select such a
184 This is intended for developer use o !! 177 cipher mode. Only select this option by hand if you expect to load
185 longer to run than the normal self t !! 178 an external module that requires these functions.
186 179
187 config CRYPTO_NULL 180 config CRYPTO_NULL
188 tristate "Null algorithms" 181 tristate "Null algorithms"
189 select CRYPTO_NULL2 182 select CRYPTO_NULL2
190 help 183 help
191 These are 'Null' algorithms, used by 184 These are 'Null' algorithms, used by IPsec, which do nothing.
192 185
193 config CRYPTO_NULL2 186 config CRYPTO_NULL2
194 tristate 187 tristate
195 select CRYPTO_ALGAPI2 188 select CRYPTO_ALGAPI2
196 select CRYPTO_SKCIPHER2 !! 189 select CRYPTO_BLKCIPHER2
197 select CRYPTO_HASH2 190 select CRYPTO_HASH2
198 191
199 config CRYPTO_PCRYPT 192 config CRYPTO_PCRYPT
200 tristate "Parallel crypto engine" 193 tristate "Parallel crypto engine"
201 depends on SMP 194 depends on SMP
202 select PADATA 195 select PADATA
203 select CRYPTO_MANAGER 196 select CRYPTO_MANAGER
204 select CRYPTO_AEAD 197 select CRYPTO_AEAD
205 help 198 help
206 This converts an arbitrary crypto al 199 This converts an arbitrary crypto algorithm into a parallel
207 algorithm that executes in kernel th 200 algorithm that executes in kernel threads.
208 201
>> 202 config CRYPTO_WORKQUEUE
>> 203 tristate
>> 204
209 config CRYPTO_CRYPTD 205 config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon 206 tristate "Software async crypto daemon"
211 select CRYPTO_SKCIPHER !! 207 select CRYPTO_BLKCIPHER
212 select CRYPTO_HASH 208 select CRYPTO_HASH
213 select CRYPTO_MANAGER 209 select CRYPTO_MANAGER
>> 210 select CRYPTO_WORKQUEUE
214 help 211 help
215 This is a generic software asynchron 212 This is a generic software asynchronous crypto daemon that
216 converts an arbitrary synchronous so 213 converts an arbitrary synchronous software crypto algorithm
217 into an asynchronous algorithm that 214 into an asynchronous algorithm that executes in a kernel thread.
218 215
>> 216 config CRYPTO_MCRYPTD
>> 217 tristate "Software async multi-buffer crypto daemon"
>> 218 select CRYPTO_BLKCIPHER
>> 219 select CRYPTO_HASH
>> 220 select CRYPTO_MANAGER
>> 221 select CRYPTO_WORKQUEUE
>> 222 help
>> 223 This is a generic software asynchronous crypto daemon that
>> 224 provides the kernel thread to assist multi-buffer crypto
>> 225 algorithms for submitting jobs and flushing jobs in multi-buffer
>> 226 crypto algorithms. Multi-buffer crypto algorithms are executed
>> 227 in the context of this kernel thread and drivers can post
>> 228 their crypto request asynchronously to be processed by this daemon.
>> 229
219 config CRYPTO_AUTHENC 230 config CRYPTO_AUTHENC
220 tristate "Authenc support" 231 tristate "Authenc support"
221 select CRYPTO_AEAD 232 select CRYPTO_AEAD
222 select CRYPTO_SKCIPHER !! 233 select CRYPTO_BLKCIPHER
223 select CRYPTO_MANAGER 234 select CRYPTO_MANAGER
224 select CRYPTO_HASH 235 select CRYPTO_HASH
225 select CRYPTO_NULL 236 select CRYPTO_NULL
226 help 237 help
227 Authenc: Combined mode wrapper for I 238 Authenc: Combined mode wrapper for IPsec.
228 !! 239 This is required for IPSec.
229 This is required for IPSec ESP (XFRM <<
230 240
231 config CRYPTO_TEST 241 config CRYPTO_TEST
232 tristate "Testing module" 242 tristate "Testing module"
233 depends on m || EXPERT !! 243 depends on m
234 select CRYPTO_MANAGER 244 select CRYPTO_MANAGER
235 help 245 help
236 Quick & dirty crypto test module. 246 Quick & dirty crypto test module.
237 247
238 config CRYPTO_SIMD 248 config CRYPTO_SIMD
239 tristate 249 tristate
240 select CRYPTO_CRYPTD 250 select CRYPTO_CRYPTD
241 251
>> 252 config CRYPTO_GLUE_HELPER_X86
>> 253 tristate
>> 254 depends on X86
>> 255 select CRYPTO_BLKCIPHER
>> 256
242 config CRYPTO_ENGINE 257 config CRYPTO_ENGINE
243 tristate 258 tristate
244 259
245 endmenu !! 260 comment "Authenticated Encryption with Associated Data"
246 261
247 menu "Public-key cryptography" !! 262 config CRYPTO_CCM
>> 263 tristate "CCM support"
>> 264 select CRYPTO_CTR
>> 265 select CRYPTO_HASH
>> 266 select CRYPTO_AEAD
>> 267 help
>> 268 Support for Counter with CBC MAC. Required for IPsec.
248 269
249 config CRYPTO_RSA !! 270 config CRYPTO_GCM
250 tristate "RSA (Rivest-Shamir-Adleman)" !! 271 tristate "GCM/GMAC support"
251 select CRYPTO_AKCIPHER !! 272 select CRYPTO_CTR
252 select CRYPTO_MANAGER !! 273 select CRYPTO_AEAD
253 select MPILIB !! 274 select CRYPTO_GHASH
254 select ASN1 !! 275 select CRYPTO_NULL
255 help 276 help
256 RSA (Rivest-Shamir-Adleman) public k !! 277 Support for Galois/Counter Mode (GCM) and Galois Message
>> 278 Authentication Code (GMAC). Required for IPSec.
257 279
258 config CRYPTO_DH !! 280 config CRYPTO_CHACHA20POLY1305
259 tristate "DH (Diffie-Hellman)" !! 281 tristate "ChaCha20-Poly1305 AEAD support"
260 select CRYPTO_KPP !! 282 select CRYPTO_CHACHA20
261 select MPILIB !! 283 select CRYPTO_POLY1305
>> 284 select CRYPTO_AEAD
262 help 285 help
263 DH (Diffie-Hellman) key exchange alg !! 286 ChaCha20-Poly1305 AEAD support, RFC7539.
264 287
265 config CRYPTO_DH_RFC7919_GROUPS !! 288 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
266 bool "RFC 7919 FFDHE groups" !! 289 with the Poly1305 authenticator. It is defined in RFC7539 for use in
267 depends on CRYPTO_DH !! 290 IETF protocols.
268 select CRYPTO_RNG_DEFAULT !! 291
>> 292 config CRYPTO_AEGIS128
>> 293 tristate "AEGIS-128 AEAD algorithm"
>> 294 select CRYPTO_AEAD
>> 295 select CRYPTO_AES # for AES S-box tables
269 help 296 help
270 FFDHE (Finite-Field-based Diffie-Hel !! 297 Support for the AEGIS-128 dedicated AEAD algorithm.
271 defined in RFC7919. <<
272 298
273 Support these finite-field groups in !! 299 config CRYPTO_AEGIS128L
274 - ffdhe2048, ffdhe3072, ffdhe4096, f !! 300 tristate "AEGIS-128L AEAD algorithm"
>> 301 select CRYPTO_AEAD
>> 302 select CRYPTO_AES # for AES S-box tables
>> 303 help
>> 304 Support for the AEGIS-128L dedicated AEAD algorithm.
275 305
276 If unsure, say N. !! 306 config CRYPTO_AEGIS256
>> 307 tristate "AEGIS-256 AEAD algorithm"
>> 308 select CRYPTO_AEAD
>> 309 select CRYPTO_AES # for AES S-box tables
>> 310 help
>> 311 Support for the AEGIS-256 dedicated AEAD algorithm.
277 312
278 config CRYPTO_ECC !! 313 config CRYPTO_AEGIS128_AESNI_SSE2
279 tristate !! 314 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
280 select CRYPTO_RNG_DEFAULT !! 315 depends on X86 && 64BIT
>> 316 select CRYPTO_AEAD
>> 317 select CRYPTO_CRYPTD
>> 318 help
>> 319 AESNI+SSE2 implementation of the AEGSI-128 dedicated AEAD algorithm.
281 320
282 config CRYPTO_ECDH !! 321 config CRYPTO_AEGIS128L_AESNI_SSE2
283 tristate "ECDH (Elliptic Curve Diffie- !! 322 tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
284 select CRYPTO_ECC !! 323 depends on X86 && 64BIT
285 select CRYPTO_KPP !! 324 select CRYPTO_AEAD
>> 325 select CRYPTO_CRYPTD
286 help 326 help
287 ECDH (Elliptic Curve Diffie-Hellman) !! 327 AESNI+SSE2 implementation of the AEGSI-128L dedicated AEAD algorithm.
288 using curves P-192, P-256, and P-384 <<
289 328
290 config CRYPTO_ECDSA !! 329 config CRYPTO_AEGIS256_AESNI_SSE2
291 tristate "ECDSA (Elliptic Curve Digita !! 330 tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
292 select CRYPTO_ECC !! 331 depends on X86 && 64BIT
293 select CRYPTO_AKCIPHER !! 332 select CRYPTO_AEAD
294 select ASN1 !! 333 select CRYPTO_CRYPTD
295 help 334 help
296 ECDSA (Elliptic Curve Digital Signat !! 335 AESNI+SSE2 implementation of the AEGSI-256 dedicated AEAD algorithm.
297 ISO/IEC 14888-3) !! 336
298 using curves P-192, P-256, and P-384 !! 337 config CRYPTO_MORUS640
299 !! 338 tristate "MORUS-640 AEAD algorithm"
300 Only signature verification is imple !! 339 select CRYPTO_AEAD
301 <<
302 config CRYPTO_ECRDSA <<
303 tristate "EC-RDSA (Elliptic Curve Russ <<
304 select CRYPTO_ECC <<
305 select CRYPTO_AKCIPHER <<
306 select CRYPTO_STREEBOG <<
307 select OID_REGISTRY <<
308 select ASN1 <<
309 help 340 help
310 Elliptic Curve Russian Digital Signa !! 341 Support for the MORUS-640 dedicated AEAD algorithm.
311 RFC 7091, ISO/IEC 14888-3) <<
312 342
313 One of the Russian cryptographic sta !! 343 config CRYPTO_MORUS640_GLUE
314 algorithms). Only signature verifica !! 344 tristate
>> 345 depends on X86
>> 346 select CRYPTO_AEAD
>> 347 select CRYPTO_CRYPTD
>> 348 help
>> 349 Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
>> 350 algorithm.
315 351
316 config CRYPTO_CURVE25519 !! 352 config CRYPTO_MORUS640_SSE2
317 tristate "Curve25519" !! 353 tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
318 select CRYPTO_KPP !! 354 depends on X86 && 64BIT
319 select CRYPTO_LIB_CURVE25519_GENERIC !! 355 select CRYPTO_AEAD
>> 356 select CRYPTO_MORUS640_GLUE
320 help 357 help
321 Curve25519 elliptic curve (RFC7748) !! 358 SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
322 359
323 endmenu !! 360 config CRYPTO_MORUS1280
>> 361 tristate "MORUS-1280 AEAD algorithm"
>> 362 select CRYPTO_AEAD
>> 363 help
>> 364 Support for the MORUS-1280 dedicated AEAD algorithm.
324 365
325 menu "Block ciphers" !! 366 config CRYPTO_MORUS1280_GLUE
>> 367 tristate
>> 368 depends on X86
>> 369 select CRYPTO_AEAD
>> 370 select CRYPTO_CRYPTD
>> 371 help
>> 372 Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
>> 373 algorithm.
326 374
327 config CRYPTO_AES !! 375 config CRYPTO_MORUS1280_SSE2
328 tristate "AES (Advanced Encryption Sta !! 376 tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
329 select CRYPTO_ALGAPI !! 377 depends on X86 && 64BIT
330 select CRYPTO_LIB_AES !! 378 select CRYPTO_AEAD
>> 379 select CRYPTO_MORUS1280_GLUE
331 help 380 help
332 AES cipher algorithms (Rijndael)(FIP !! 381 SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
>> 382 algorithm.
333 383
334 Rijndael appears to be consistently !! 384 config CRYPTO_MORUS1280_AVX2
335 both hardware and software across a !! 385 tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
336 environments regardless of its use i !! 386 depends on X86 && 64BIT
337 modes. Its key setup time is excelle !! 387 select CRYPTO_AEAD
338 good. Rijndael's very low memory req !! 388 select CRYPTO_MORUS1280_GLUE
339 suited for restricted-space environm !! 389 help
340 demonstrates excellent performance. !! 390 AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
341 among the easiest to defend against !! 391 algorithm.
342 392
343 The AES specifies three key sizes: 1 !! 393 config CRYPTO_SEQIV
>> 394 tristate "Sequence Number IV Generator"
>> 395 select CRYPTO_AEAD
>> 396 select CRYPTO_BLKCIPHER
>> 397 select CRYPTO_NULL
>> 398 select CRYPTO_RNG_DEFAULT
>> 399 help
>> 400 This IV generator generates an IV based on a sequence number by
>> 401 xoring it with a salt. This algorithm is mainly useful for CTR
344 402
345 config CRYPTO_AES_TI !! 403 config CRYPTO_ECHAINIV
346 tristate "AES (Advanced Encryption Sta !! 404 tristate "Encrypted Chain IV Generator"
347 select CRYPTO_ALGAPI !! 405 select CRYPTO_AEAD
348 select CRYPTO_LIB_AES !! 406 select CRYPTO_NULL
>> 407 select CRYPTO_RNG_DEFAULT
>> 408 default m
349 help 409 help
350 AES cipher algorithms (Rijndael)(FIP !! 410 This IV generator generates an IV based on the encryption of
>> 411 a sequence number xored with a salt. This is the default
>> 412 algorithm for CBC.
351 413
352 This is a generic implementation of !! 414 comment "Block modes"
353 data dependent latencies as much as <<
354 performance too much. It is intended <<
355 and GCM drivers, and other CTR or CM <<
356 solely on encryption (although decry <<
357 with a more dramatic performance hit <<
358 415
359 Instead of using 16 lookup tables of !! 416 config CRYPTO_CBC
360 8 for decryption), this implementati !! 417 tristate "CBC support"
361 256 bytes each, and attempts to elim !! 418 select CRYPTO_BLKCIPHER
362 prefetching the entire table into th !! 419 select CRYPTO_MANAGER
363 block. Interrupts are also disabled !! 420 help
364 are evicted when the CPU is interrup !! 421 CBC: Cipher Block Chaining mode
>> 422 This block cipher algorithm is required for IPSec.
365 423
366 config CRYPTO_ANUBIS !! 424 config CRYPTO_CFB
367 tristate "Anubis" !! 425 tristate "CFB support"
368 depends on CRYPTO_USER_API_ENABLE_OBSO !! 426 select CRYPTO_BLKCIPHER
369 select CRYPTO_ALGAPI !! 427 select CRYPTO_MANAGER
370 help 428 help
371 Anubis cipher algorithm !! 429 CFB: Cipher FeedBack mode
>> 430 This block cipher algorithm is required for TPM2 Cryptography.
372 431
373 Anubis is a variable key length ciph !! 432 config CRYPTO_CTR
374 128 bits to 320 bits in length. It !! 433 tristate "CTR support"
375 in the NESSIE competition. !! 434 select CRYPTO_BLKCIPHER
>> 435 select CRYPTO_SEQIV
>> 436 select CRYPTO_MANAGER
>> 437 help
>> 438 CTR: Counter mode
>> 439 This block cipher algorithm is required for IPSec.
376 440
377 See https://web.archive.org/web/2016 !! 441 config CRYPTO_CTS
378 for further information. !! 442 tristate "CTS support"
>> 443 select CRYPTO_BLKCIPHER
>> 444 help
>> 445 CTS: Cipher Text Stealing
>> 446 This is the Cipher Text Stealing mode as described by
>> 447 Section 8 of rfc2040 and referenced by rfc3962.
>> 448 (rfc3962 includes errata information in its Appendix A)
>> 449 This mode is required for Kerberos gss mechanism support
>> 450 for AES encryption.
379 451
380 config CRYPTO_ARIA !! 452 config CRYPTO_ECB
381 tristate "ARIA" !! 453 tristate "ECB support"
382 select CRYPTO_ALGAPI !! 454 select CRYPTO_BLKCIPHER
>> 455 select CRYPTO_MANAGER
383 help 456 help
384 ARIA cipher algorithm (RFC5794) !! 457 ECB: Electronic CodeBook mode
>> 458 This is the simplest block cipher algorithm. It simply encrypts
>> 459 the input block by block.
385 460
386 ARIA is a standard encryption algori !! 461 config CRYPTO_LRW
387 The ARIA specifies three key sizes a !! 462 tristate "LRW support"
388 128-bit: 12 rounds. !! 463 select CRYPTO_BLKCIPHER
389 192-bit: 14 rounds. !! 464 select CRYPTO_MANAGER
390 256-bit: 16 rounds. !! 465 select CRYPTO_GF128MUL
>> 466 help
>> 467 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
>> 468 narrow block cipher mode for dm-crypt. Use it with cipher
>> 469 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
>> 470 The first 128, 192 or 256 bits in the key are used for AES and the
>> 471 rest is used to tie each cipher block to its logical position.
391 472
392 See: !! 473 config CRYPTO_PCBC
393 https://seed.kisa.or.kr/kisa/algorit !! 474 tristate "PCBC support"
>> 475 select CRYPTO_BLKCIPHER
>> 476 select CRYPTO_MANAGER
>> 477 help
>> 478 PCBC: Propagating Cipher Block Chaining mode
>> 479 This block cipher algorithm is required for RxRPC.
394 480
395 config CRYPTO_BLOWFISH !! 481 config CRYPTO_XTS
396 tristate "Blowfish" !! 482 tristate "XTS support"
397 select CRYPTO_ALGAPI !! 483 select CRYPTO_BLKCIPHER
398 select CRYPTO_BLOWFISH_COMMON !! 484 select CRYPTO_MANAGER
>> 485 select CRYPTO_ECB
399 help 486 help
400 Blowfish cipher algorithm, by Bruce !! 487 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
>> 488 key size 256, 384 or 512 bits. This implementation currently
>> 489 can't handle a sectorsize which is not a multiple of 16 bytes.
401 490
402 This is a variable key length cipher !! 491 config CRYPTO_KEYWRAP
403 bits to 448 bits in length. It's fa !! 492 tristate "Key wrapping support"
404 designed for use on "large microproc !! 493 select CRYPTO_BLKCIPHER
>> 494 help
>> 495 Support for key wrapping (NIST SP800-38F / RFC3394) without
>> 496 padding.
405 497
406 See https://www.schneier.com/blowfis !! 498 comment "Hash modes"
407 499
408 config CRYPTO_BLOWFISH_COMMON !! 500 config CRYPTO_CMAC
409 tristate !! 501 tristate "CMAC support"
>> 502 select CRYPTO_HASH
>> 503 select CRYPTO_MANAGER
410 help 504 help
411 Common parts of the Blowfish cipher !! 505 Cipher-based Message Authentication Code (CMAC) specified by
412 generic c and the assembler implemen !! 506 The National Institute of Standards and Technology (NIST).
413 507
414 config CRYPTO_CAMELLIA !! 508 https://tools.ietf.org/html/rfc4493
415 tristate "Camellia" !! 509 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
416 select CRYPTO_ALGAPI !! 510
>> 511 config CRYPTO_HMAC
>> 512 tristate "HMAC support"
>> 513 select CRYPTO_HASH
>> 514 select CRYPTO_MANAGER
417 help 515 help
418 Camellia cipher algorithms (ISO/IEC !! 516 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
>> 517 This is required for IPSec.
419 518
420 Camellia is a symmetric key block ci !! 519 config CRYPTO_XCBC
421 at NTT and Mitsubishi Electric Corpo !! 520 tristate "XCBC support"
>> 521 select CRYPTO_HASH
>> 522 select CRYPTO_MANAGER
>> 523 help
>> 524 XCBC: Keyed-Hashing with encryption algorithm
>> 525 http://www.ietf.org/rfc/rfc3566.txt
>> 526 http://csrc.nist.gov/encryption/modes/proposedmodes/
>> 527 xcbc-mac/xcbc-mac-spec.pdf
422 528
423 The Camellia specifies three key siz !! 529 config CRYPTO_VMAC
>> 530 tristate "VMAC support"
>> 531 select CRYPTO_HASH
>> 532 select CRYPTO_MANAGER
>> 533 help
>> 534 VMAC is a message authentication algorithm designed for
>> 535 very high speed on 64-bit architectures.
424 536
425 See https://info.isl.ntt.co.jp/crypt !! 537 See also:
>> 538 <http://fastcrypto.org/vmac>
426 539
427 config CRYPTO_CAST_COMMON !! 540 comment "Digest"
428 tristate <<
429 help <<
430 Common parts of the CAST cipher algo <<
431 generic c and the assembler implemen <<
432 541
433 config CRYPTO_CAST5 !! 542 config CRYPTO_CRC32C
434 tristate "CAST5 (CAST-128)" !! 543 tristate "CRC32c CRC algorithm"
435 select CRYPTO_ALGAPI !! 544 select CRYPTO_HASH
436 select CRYPTO_CAST_COMMON !! 545 select CRC32
>> 546 help
>> 547 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
>> 548 by iSCSI for header and data digests and by others.
>> 549 See Castagnoli93. Module will be crc32c.
>> 550
>> 551 config CRYPTO_CRC32C_INTEL
>> 552 tristate "CRC32c INTEL hardware acceleration"
>> 553 depends on X86
>> 554 select CRYPTO_HASH
>> 555 help
>> 556 In Intel processor with SSE4.2 supported, the processor will
>> 557 support CRC32C implementation using hardware accelerated CRC32
>> 558 instruction. This option will create 'crc32c-intel' module,
>> 559 which will enable any routine to use the CRC32 instruction to
>> 560 gain performance compared with software implementation.
>> 561 Module will be crc32c-intel.
>> 562
>> 563 config CRYPTO_CRC32C_VPMSUM
>> 564 tristate "CRC32c CRC algorithm (powerpc64)"
>> 565 depends on PPC64 && ALTIVEC
>> 566 select CRYPTO_HASH
>> 567 select CRC32
437 help 568 help
438 CAST5 (CAST-128) cipher algorithm (R !! 569 CRC32c algorithm implemented using vector polynomial multiply-sum
>> 570 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
>> 571 and newer processors for improved performance.
439 572
440 config CRYPTO_CAST6 !! 573
441 tristate "CAST6 (CAST-256)" !! 574 config CRYPTO_CRC32C_SPARC64
442 select CRYPTO_ALGAPI !! 575 tristate "CRC32c CRC algorithm (SPARC64)"
443 select CRYPTO_CAST_COMMON !! 576 depends on SPARC64
>> 577 select CRYPTO_HASH
>> 578 select CRC32
444 help 579 help
445 CAST6 (CAST-256) encryption algorith !! 580 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
>> 581 when available.
446 582
447 config CRYPTO_DES !! 583 config CRYPTO_CRC32
448 tristate "DES and Triple DES EDE" !! 584 tristate "CRC32 CRC algorithm"
449 select CRYPTO_ALGAPI !! 585 select CRYPTO_HASH
450 select CRYPTO_LIB_DES !! 586 select CRC32
451 help 587 help
452 DES (Data Encryption Standard)(FIPS !! 588 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
453 Triple DES EDE (Encrypt/Decrypt/Encr !! 589 Shash crypto api wrappers to crc32_le function.
454 cipher algorithms <<
455 590
456 config CRYPTO_FCRYPT !! 591 config CRYPTO_CRC32_PCLMUL
457 tristate "FCrypt" !! 592 tristate "CRC32 PCLMULQDQ hardware acceleration"
458 select CRYPTO_ALGAPI !! 593 depends on X86
459 select CRYPTO_SKCIPHER !! 594 select CRYPTO_HASH
>> 595 select CRC32
>> 596 help
>> 597 From Intel Westmere and AMD Bulldozer processor with SSE4.2
>> 598 and PCLMULQDQ supported, the processor will support
>> 599 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
>> 600 instruction. This option will create 'crc32-plcmul' module,
>> 601 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
>> 602 and gain better performance as compared with the table implementation.
>> 603
>> 604 config CRYPTO_CRC32_MIPS
>> 605 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
>> 606 depends on MIPS_CRC_SUPPORT
>> 607 select CRYPTO_HASH
460 help 608 help
461 FCrypt algorithm used by RxRPC !! 609 CRC32c and CRC32 CRC algorithms implemented using mips crypto
>> 610 instructions, when available.
462 611
463 See https://ota.polyonymo.us/fcrypt- <<
464 612
465 config CRYPTO_KHAZAD !! 613 config CRYPTO_CRCT10DIF
466 tristate "Khazad" !! 614 tristate "CRCT10DIF algorithm"
467 depends on CRYPTO_USER_API_ENABLE_OBSO !! 615 select CRYPTO_HASH
468 select CRYPTO_ALGAPI <<
469 help 616 help
470 Khazad cipher algorithm !! 617 CRC T10 Data Integrity Field computation is being cast as
>> 618 a crypto transform. This allows for faster crc t10 diff
>> 619 transforms to be used if they are available.
471 620
472 Khazad was a finalist in the initial !! 621 config CRYPTO_CRCT10DIF_PCLMUL
473 an algorithm optimized for 64-bit pr !! 622 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
474 on 32-bit processors. Khazad uses a !! 623 depends on X86 && 64BIT && CRC_T10DIF
>> 624 select CRYPTO_HASH
>> 625 help
>> 626 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
>> 627 CRC T10 DIF PCLMULQDQ computation can be hardware
>> 628 accelerated PCLMULQDQ instruction. This option will create
>> 629 'crct10dif-plcmul' module, which is faster when computing the
>> 630 crct10dif checksum as compared with the generic table implementation.
475 631
476 See https://web.archive.org/web/2017 !! 632 config CRYPTO_CRCT10DIF_VPMSUM
477 for further information. !! 633 tristate "CRC32T10DIF powerpc64 hardware acceleration"
>> 634 depends on PPC64 && ALTIVEC && CRC_T10DIF
>> 635 select CRYPTO_HASH
>> 636 help
>> 637 CRC10T10DIF algorithm implemented using vector polynomial
>> 638 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
>> 639 POWER8 and newer processors for improved performance.
478 640
479 config CRYPTO_SEED !! 641 config CRYPTO_VPMSUM_TESTER
480 tristate "SEED" !! 642 tristate "Powerpc64 vpmsum hardware acceleration tester"
481 depends on CRYPTO_USER_API_ENABLE_OBSO !! 643 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
482 select CRYPTO_ALGAPI <<
483 help 644 help
484 SEED cipher algorithm (RFC4269, ISO/ !! 645 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
>> 646 POWER8 vpmsum instructions.
>> 647 Unless you are testing these algorithms, you don't need this.
485 648
486 SEED is a 128-bit symmetric key bloc !! 649 config CRYPTO_GHASH
487 developed by KISA (Korea Information !! 650 tristate "GHASH digest algorithm"
488 national standard encryption algorit !! 651 select CRYPTO_GF128MUL
489 It is a 16 round block cipher with t !! 652 select CRYPTO_HASH
>> 653 help
>> 654 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
490 655
491 See https://seed.kisa.or.kr/kisa/alg !! 656 config CRYPTO_POLY1305
492 for further information. !! 657 tristate "Poly1305 authenticator algorithm"
>> 658 select CRYPTO_HASH
>> 659 help
>> 660 Poly1305 authenticator algorithm, RFC7539.
493 661
494 config CRYPTO_SERPENT !! 662 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
495 tristate "Serpent" !! 663 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
496 select CRYPTO_ALGAPI !! 664 in IETF protocols. This is the portable C implementation of Poly1305.
>> 665
>> 666 config CRYPTO_POLY1305_X86_64
>> 667 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
>> 668 depends on X86 && 64BIT
>> 669 select CRYPTO_POLY1305
497 help 670 help
498 Serpent cipher algorithm, by Anderso !! 671 Poly1305 authenticator algorithm, RFC7539.
499 672
500 Keys are allowed to be from 0 to 256 !! 673 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
501 of 8 bits. !! 674 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
>> 675 in IETF protocols. This is the x86_64 assembler implementation using SIMD
>> 676 instructions.
502 677
503 See https://www.cl.cam.ac.uk/~rja14/ !! 678 config CRYPTO_MD4
>> 679 tristate "MD4 digest algorithm"
>> 680 select CRYPTO_HASH
>> 681 help
>> 682 MD4 message digest algorithm (RFC1320).
504 683
505 config CRYPTO_SM4 !! 684 config CRYPTO_MD5
506 tristate !! 685 tristate "MD5 digest algorithm"
>> 686 select CRYPTO_HASH
>> 687 help
>> 688 MD5 message digest algorithm (RFC1321).
507 689
508 config CRYPTO_SM4_GENERIC !! 690 config CRYPTO_MD5_OCTEON
509 tristate "SM4 (ShangMi 4)" !! 691 tristate "MD5 digest algorithm (OCTEON)"
510 select CRYPTO_ALGAPI !! 692 depends on CPU_CAVIUM_OCTEON
511 select CRYPTO_SM4 !! 693 select CRYPTO_MD5
>> 694 select CRYPTO_HASH
512 help 695 help
513 SM4 cipher algorithms (OSCCA GB/T 32 !! 696 MD5 message digest algorithm (RFC1321) implemented
514 ISO/IEC 18033-3:2010/Amd 1:2021) !! 697 using OCTEON crypto instructions, when available.
515 698
516 SM4 (GBT.32907-2016) is a cryptograp !! 699 config CRYPTO_MD5_PPC
517 Organization of State Commercial Adm !! 700 tristate "MD5 digest algorithm (PPC)"
518 as an authorized cryptographic algor !! 701 depends on PPC
>> 702 select CRYPTO_HASH
>> 703 help
>> 704 MD5 message digest algorithm (RFC1321) implemented
>> 705 in PPC assembler.
519 706
520 SMS4 was originally created for use !! 707 config CRYPTO_MD5_SPARC64
521 networks, and is mandated in the Chi !! 708 tristate "MD5 digest algorithm (SPARC64)"
522 Wireless LAN WAPI (Wired Authenticat !! 709 depends on SPARC64
523 (GB.15629.11-2003). !! 710 select CRYPTO_MD5
>> 711 select CRYPTO_HASH
>> 712 help
>> 713 MD5 message digest algorithm (RFC1321) implemented
>> 714 using sparc64 crypto instructions, when available.
524 715
525 The latest SM4 standard (GBT.32907-2 !! 716 config CRYPTO_MICHAEL_MIC
526 standardized through TC 260 of the S !! 717 tristate "Michael MIC keyed digest algorithm"
527 of the People's Republic of China (S !! 718 select CRYPTO_HASH
>> 719 help
>> 720 Michael MIC is used for message integrity protection in TKIP
>> 721 (IEEE 802.11i). This algorithm is required for TKIP, but it
>> 722 should not be used for other purposes because of the weakness
>> 723 of the algorithm.
528 724
529 The input, output, and key of SMS4 a !! 725 config CRYPTO_RMD128
>> 726 tristate "RIPEMD-128 digest algorithm"
>> 727 select CRYPTO_HASH
>> 728 help
>> 729 RIPEMD-128 (ISO/IEC 10118-3:2004).
530 730
531 See https://eprint.iacr.org/2008/329 !! 731 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
>> 732 be used as a secure replacement for RIPEMD. For other use cases,
>> 733 RIPEMD-160 should be used.
532 734
533 If unsure, say N. !! 735 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
>> 736 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
534 737
535 config CRYPTO_TEA !! 738 config CRYPTO_RMD160
536 tristate "TEA, XTEA and XETA" !! 739 tristate "RIPEMD-160 digest algorithm"
537 depends on CRYPTO_USER_API_ENABLE_OBSO !! 740 select CRYPTO_HASH
538 select CRYPTO_ALGAPI <<
539 help 741 help
540 TEA (Tiny Encryption Algorithm) ciph !! 742 RIPEMD-160 (ISO/IEC 10118-3:2004).
541 743
542 Tiny Encryption Algorithm is a simpl !! 744 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
543 many rounds for security. It is ver !! 745 to be used as a secure replacement for the 128-bit hash functions
544 little memory. !! 746 MD4, MD5 and it's predecessor RIPEMD
>> 747 (not to be confused with RIPEMD-128).
545 748
546 Xtendend Tiny Encryption Algorithm i !! 749 It's speed is comparable to SHA1 and there are no known attacks
547 the TEA algorithm to address a poten !! 750 against RIPEMD-160.
548 in the TEA algorithm. <<
549 751
550 Xtendend Encryption Tiny Algorithm i !! 752 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
551 of the XTEA algorithm for compatibil !! 753 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
552 754
553 config CRYPTO_TWOFISH !! 755 config CRYPTO_RMD256
554 tristate "Twofish" !! 756 tristate "RIPEMD-256 digest algorithm"
555 select CRYPTO_ALGAPI !! 757 select CRYPTO_HASH
556 select CRYPTO_TWOFISH_COMMON <<
557 help 758 help
558 Twofish cipher algorithm !! 759 RIPEMD-256 is an optional extension of RIPEMD-128 with a
>> 760 256 bit hash. It is intended for applications that require
>> 761 longer hash-results, without needing a larger security level
>> 762 (than RIPEMD-128).
559 763
560 Twofish was submitted as an AES (Adv !! 764 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
561 candidate cipher by researchers at C !! 765 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
562 16 round block cipher supporting key !! 766
563 bits. !! 767 config CRYPTO_RMD320
>> 768 tristate "RIPEMD-320 digest algorithm"
>> 769 select CRYPTO_HASH
>> 770 help
>> 771 RIPEMD-320 is an optional extension of RIPEMD-160 with a
>> 772 320 bit hash. It is intended for applications that require
>> 773 longer hash-results, without needing a larger security level
>> 774 (than RIPEMD-160).
564 775
565 See https://www.schneier.com/twofish !! 776 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
>> 777 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
566 778
567 config CRYPTO_TWOFISH_COMMON !! 779 config CRYPTO_SHA1
568 tristate !! 780 tristate "SHA1 digest algorithm"
>> 781 select CRYPTO_HASH
569 help 782 help
570 Common parts of the Twofish cipher a !! 783 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
571 generic c and the assembler implemen <<
572 784
573 endmenu !! 785 config CRYPTO_SHA1_SSSE3
>> 786 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
>> 787 depends on X86 && 64BIT
>> 788 select CRYPTO_SHA1
>> 789 select CRYPTO_HASH
>> 790 help
>> 791 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 792 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
>> 793 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
>> 794 when available.
574 795
575 menu "Length-preserving ciphers and modes" !! 796 config CRYPTO_SHA256_SSSE3
>> 797 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
>> 798 depends on X86 && 64BIT
>> 799 select CRYPTO_SHA256
>> 800 select CRYPTO_HASH
>> 801 help
>> 802 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 803 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 804 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 805 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
>> 806 Instructions) when available.
>> 807
>> 808 config CRYPTO_SHA512_SSSE3
>> 809 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
>> 810 depends on X86 && 64BIT
>> 811 select CRYPTO_SHA512
>> 812 select CRYPTO_HASH
>> 813 help
>> 814 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 815 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 816 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 817 version 2 (AVX2) instructions, when available.
>> 818
>> 819 config CRYPTO_SHA1_OCTEON
>> 820 tristate "SHA1 digest algorithm (OCTEON)"
>> 821 depends on CPU_CAVIUM_OCTEON
>> 822 select CRYPTO_SHA1
>> 823 select CRYPTO_HASH
>> 824 help
>> 825 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 826 using OCTEON crypto instructions, when available.
>> 827
>> 828 config CRYPTO_SHA1_SPARC64
>> 829 tristate "SHA1 digest algorithm (SPARC64)"
>> 830 depends on SPARC64
>> 831 select CRYPTO_SHA1
>> 832 select CRYPTO_HASH
>> 833 help
>> 834 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 835 using sparc64 crypto instructions, when available.
>> 836
>> 837 config CRYPTO_SHA1_PPC
>> 838 tristate "SHA1 digest algorithm (powerpc)"
>> 839 depends on PPC
>> 840 help
>> 841 This is the powerpc hardware accelerated implementation of the
>> 842 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
>> 843
>> 844 config CRYPTO_SHA1_PPC_SPE
>> 845 tristate "SHA1 digest algorithm (PPC SPE)"
>> 846 depends on PPC && SPE
>> 847 help
>> 848 SHA-1 secure hash standard (DFIPS 180-4) implemented
>> 849 using powerpc SPE SIMD instruction set.
>> 850
>> 851 config CRYPTO_SHA1_MB
>> 852 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
>> 853 depends on X86 && 64BIT
>> 854 select CRYPTO_SHA1
>> 855 select CRYPTO_HASH
>> 856 select CRYPTO_MCRYPTD
>> 857 help
>> 858 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 859 using multi-buffer technique. This algorithm computes on
>> 860 multiple data lanes concurrently with SIMD instructions for
>> 861 better throughput. It should not be enabled by default but
>> 862 used when there is significant amount of work to keep the keep
>> 863 the data lanes filled to get performance benefit. If the data
>> 864 lanes remain unfilled, a flush operation will be initiated to
>> 865 process the crypto jobs, adding a slight latency.
>> 866
>> 867 config CRYPTO_SHA256_MB
>> 868 tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)"
>> 869 depends on X86 && 64BIT
>> 870 select CRYPTO_SHA256
>> 871 select CRYPTO_HASH
>> 872 select CRYPTO_MCRYPTD
>> 873 help
>> 874 SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 875 using multi-buffer technique. This algorithm computes on
>> 876 multiple data lanes concurrently with SIMD instructions for
>> 877 better throughput. It should not be enabled by default but
>> 878 used when there is significant amount of work to keep the keep
>> 879 the data lanes filled to get performance benefit. If the data
>> 880 lanes remain unfilled, a flush operation will be initiated to
>> 881 process the crypto jobs, adding a slight latency.
>> 882
>> 883 config CRYPTO_SHA512_MB
>> 884 tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)"
>> 885 depends on X86 && 64BIT
>> 886 select CRYPTO_SHA512
>> 887 select CRYPTO_HASH
>> 888 select CRYPTO_MCRYPTD
>> 889 help
>> 890 SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 891 using multi-buffer technique. This algorithm computes on
>> 892 multiple data lanes concurrently with SIMD instructions for
>> 893 better throughput. It should not be enabled by default but
>> 894 used when there is significant amount of work to keep the keep
>> 895 the data lanes filled to get performance benefit. If the data
>> 896 lanes remain unfilled, a flush operation will be initiated to
>> 897 process the crypto jobs, adding a slight latency.
576 898
577 config CRYPTO_ADIANTUM !! 899 config CRYPTO_SHA256
578 tristate "Adiantum" !! 900 tristate "SHA224 and SHA256 digest algorithm"
579 select CRYPTO_CHACHA20 !! 901 select CRYPTO_HASH
580 select CRYPTO_LIB_POLY1305_GENERIC <<
581 select CRYPTO_NHPOLY1305 <<
582 select CRYPTO_MANAGER <<
583 help 902 help
584 Adiantum tweakable, length-preservin !! 903 SHA256 secure hash standard (DFIPS 180-2).
585 904
586 Designed for fast and secure disk en !! 905 This version of SHA implements a 256 bit hash with 128 bits of
587 CPUs without dedicated crypto instru !! 906 security against collision attacks.
588 each sector using the XChaCha12 stre <<
589 an ε-almost-∆-universal hash func <<
590 the AES-256 block cipher on a single <<
591 without AES instructions, Adiantum i <<
592 AES-XTS. <<
593 <<
594 Adiantum's security is provably redu <<
595 underlying stream and block ciphers, <<
596 bound. Unlike XTS, Adiantum is a tr <<
597 mode, so it actually provides an eve <<
598 security than XTS, subject to the se <<
599 907
600 If unsure, say N. !! 908 This code also includes SHA-224, a 224 bit hash with 112 bits
>> 909 of security against collision attacks.
601 910
602 config CRYPTO_ARC4 !! 911 config CRYPTO_SHA256_PPC_SPE
603 tristate "ARC4 (Alleged Rivest Cipher !! 912 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
604 depends on CRYPTO_USER_API_ENABLE_OBSO !! 913 depends on PPC && SPE
605 select CRYPTO_SKCIPHER !! 914 select CRYPTO_SHA256
606 select CRYPTO_LIB_ARC4 !! 915 select CRYPTO_HASH
607 help 916 help
608 ARC4 cipher algorithm !! 917 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
>> 918 implemented using powerpc SPE SIMD instruction set.
609 919
610 ARC4 is a stream cipher using keys r !! 920 config CRYPTO_SHA256_OCTEON
611 bits in length. This algorithm is r !! 921 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
612 WEP, but it should not be for other !! 922 depends on CPU_CAVIUM_OCTEON
613 weakness of the algorithm. !! 923 select CRYPTO_SHA256
>> 924 select CRYPTO_HASH
>> 925 help
>> 926 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 927 using OCTEON crypto instructions, when available.
614 928
615 config CRYPTO_CHACHA20 !! 929 config CRYPTO_SHA256_SPARC64
616 tristate "ChaCha" !! 930 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
617 select CRYPTO_LIB_CHACHA_GENERIC !! 931 depends on SPARC64
618 select CRYPTO_SKCIPHER !! 932 select CRYPTO_SHA256
>> 933 select CRYPTO_HASH
619 help 934 help
620 The ChaCha20, XChaCha20, and XChaCha !! 935 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 936 using sparc64 crypto instructions, when available.
621 937
622 ChaCha20 is a 256-bit high-speed str !! 938 config CRYPTO_SHA512
623 Bernstein and further specified in R !! 939 tristate "SHA384 and SHA512 digest algorithms"
624 This is the portable C implementatio !! 940 select CRYPTO_HASH
625 https://cr.yp.to/chacha/chacha-20080 !! 941 help
>> 942 SHA512 secure hash standard (DFIPS 180-2).
626 943
627 XChaCha20 is the application of the !! 944 This version of SHA implements a 512 bit hash with 256 bits of
628 rather than to Salsa20. XChaCha20 e !! 945 security against collision attacks.
629 from 64 bits (or 96 bits using the R <<
630 while provably retaining ChaCha20's <<
631 https://cr.yp.to/snuffle/xsalsa-2008 <<
632 <<
633 XChaCha12 is XChaCha20 reduced to 12 <<
634 reduced security margin but increase <<
635 in some performance-sensitive scenar <<
636 946
637 config CRYPTO_CBC !! 947 This code also includes SHA-384, a 384 bit hash with 192 bits
638 tristate "CBC (Cipher Block Chaining)" !! 948 of security against collision attacks.
639 select CRYPTO_SKCIPHER !! 949
640 select CRYPTO_MANAGER !! 950 config CRYPTO_SHA512_OCTEON
>> 951 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
>> 952 depends on CPU_CAVIUM_OCTEON
>> 953 select CRYPTO_SHA512
>> 954 select CRYPTO_HASH
641 help 955 help
642 CBC (Cipher Block Chaining) mode (NI !! 956 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 957 using OCTEON crypto instructions, when available.
643 958
644 This block cipher mode is required f !! 959 config CRYPTO_SHA512_SPARC64
>> 960 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
>> 961 depends on SPARC64
>> 962 select CRYPTO_SHA512
>> 963 select CRYPTO_HASH
>> 964 help
>> 965 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 966 using sparc64 crypto instructions, when available.
645 967
646 config CRYPTO_CTR !! 968 config CRYPTO_SHA3
647 tristate "CTR (Counter)" !! 969 tristate "SHA3 digest algorithm"
648 select CRYPTO_SKCIPHER !! 970 select CRYPTO_HASH
649 select CRYPTO_MANAGER <<
650 help 971 help
651 CTR (Counter) mode (NIST SP800-38A) !! 972 SHA-3 secure hash standard (DFIPS 202). It's based on
>> 973 cryptographic sponge function family called Keccak.
652 974
653 config CRYPTO_CTS !! 975 References:
654 tristate "CTS (Cipher Text Stealing)" !! 976 http://keccak.noekeon.org/
655 select CRYPTO_SKCIPHER !! 977
656 select CRYPTO_MANAGER !! 978 config CRYPTO_SM3
>> 979 tristate "SM3 digest algorithm"
>> 980 select CRYPTO_HASH
657 help 981 help
658 CBC-CS3 variant of CTS (Cipher Text !! 982 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
659 Addendum to SP800-38A (October 2010) !! 983 It is part of the Chinese Commercial Cryptography suite.
660 984
661 This mode is required for Kerberos g !! 985 References:
662 for AES encryption. !! 986 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
>> 987 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
663 988
664 config CRYPTO_ECB !! 989 config CRYPTO_TGR192
665 tristate "ECB (Electronic Codebook)" !! 990 tristate "Tiger digest algorithms"
666 select CRYPTO_SKCIPHER2 !! 991 select CRYPTO_HASH
667 select CRYPTO_MANAGER <<
668 help 992 help
669 ECB (Electronic Codebook) mode (NIST !! 993 Tiger hash algorithm 192, 160 and 128-bit hashes
670 994
671 config CRYPTO_HCTR2 !! 995 Tiger is a hash function optimized for 64-bit processors while
672 tristate "HCTR2" !! 996 still having decent performance on 32-bit processors.
673 select CRYPTO_XCTR !! 997 Tiger was developed by Ross Anderson and Eli Biham.
674 select CRYPTO_POLYVAL !! 998
675 select CRYPTO_MANAGER !! 999 See also:
>> 1000 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
>> 1001
>> 1002 config CRYPTO_WP512
>> 1003 tristate "Whirlpool digest algorithms"
>> 1004 select CRYPTO_HASH
676 help 1005 help
677 HCTR2 length-preserving encryption m !! 1006 Whirlpool hash algorithm 512, 384 and 256-bit hashes
678 1007
679 A mode for storage encryption that i !! 1008 Whirlpool-512 is part of the NESSIE cryptographic primitives.
680 instructions to accelerate AES and c !! 1009 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
681 x86 processors with AES-NI and CLMUL <<
682 ARMv8 crypto extensions. <<
683 1010
684 See https://eprint.iacr.org/2021/144 !! 1011 See also:
>> 1012 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
685 1013
686 config CRYPTO_KEYWRAP !! 1014 config CRYPTO_GHASH_CLMUL_NI_INTEL
687 tristate "KW (AES Key Wrap)" !! 1015 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
688 select CRYPTO_SKCIPHER !! 1016 depends on X86 && 64BIT
689 select CRYPTO_MANAGER !! 1017 select CRYPTO_CRYPTD
690 help 1018 help
691 KW (AES Key Wrap) authenticated encr !! 1019 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
692 and RFC3394) without padding. !! 1020 The implementation is accelerated by CLMUL-NI of Intel.
693 1021
694 config CRYPTO_LRW !! 1022 comment "Ciphers"
695 tristate "LRW (Liskov Rivest Wagner)" !! 1023
696 select CRYPTO_LIB_GF128MUL !! 1024 config CRYPTO_AES
697 select CRYPTO_SKCIPHER !! 1025 tristate "AES cipher algorithms"
698 select CRYPTO_MANAGER !! 1026 select CRYPTO_ALGAPI
699 select CRYPTO_ECB <<
700 help 1027 help
701 LRW (Liskov Rivest Wagner) mode !! 1028 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1029 algorithm.
702 1030
703 A tweakable, non malleable, non mova !! 1031 Rijndael appears to be consistently a very good performer in
704 narrow block cipher mode for dm-cryp !! 1032 both hardware and software across a wide range of computing
705 specification string aes-lrw-benbi, !! 1033 environments regardless of its use in feedback or non-feedback
706 The first 128, 192 or 256 bits in th !! 1034 modes. Its key setup time is excellent, and its key agility is
707 rest is used to tie each cipher bloc !! 1035 good. Rijndael's very low memory requirements make it very well
>> 1036 suited for restricted-space environments, in which it also
>> 1037 demonstrates excellent performance. Rijndael's operations are
>> 1038 among the easiest to defend against power and timing attacks.
708 1039
709 See https://people.csail.mit.edu/riv !! 1040 The AES specifies three key sizes: 128, 192 and 256 bits
710 1041
711 config CRYPTO_PCBC !! 1042 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
712 tristate "PCBC (Propagating Cipher Blo !! 1043
713 select CRYPTO_SKCIPHER !! 1044 config CRYPTO_AES_TI
714 select CRYPTO_MANAGER !! 1045 tristate "Fixed time AES cipher"
>> 1046 select CRYPTO_ALGAPI
715 help 1047 help
716 PCBC (Propagating Cipher Block Chain !! 1048 This is a generic implementation of AES that attempts to eliminate
>> 1049 data dependent latencies as much as possible without affecting
>> 1050 performance too much. It is intended for use by the generic CCM
>> 1051 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
>> 1052 solely on encryption (although decryption is supported as well, but
>> 1053 with a more dramatic performance hit)
717 1054
718 This block cipher mode is required f !! 1055 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
>> 1056 8 for decryption), this implementation only uses just two S-boxes of
>> 1057 256 bytes each, and attempts to eliminate data dependent latencies by
>> 1058 prefetching the entire table into the cache at the start of each
>> 1059 block.
719 1060
720 config CRYPTO_XCTR !! 1061 config CRYPTO_AES_586
721 tristate !! 1062 tristate "AES cipher algorithms (i586)"
722 select CRYPTO_SKCIPHER !! 1063 depends on (X86 || UML_X86) && !64BIT
723 select CRYPTO_MANAGER !! 1064 select CRYPTO_ALGAPI
>> 1065 select CRYPTO_AES
724 help 1066 help
725 XCTR (XOR Counter) mode for HCTR2 !! 1067 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1068 algorithm.
726 1069
727 This blockcipher mode is a variant o !! 1070 Rijndael appears to be consistently a very good performer in
728 addition rather than big-endian arit !! 1071 both hardware and software across a wide range of computing
>> 1072 environments regardless of its use in feedback or non-feedback
>> 1073 modes. Its key setup time is excellent, and its key agility is
>> 1074 good. Rijndael's very low memory requirements make it very well
>> 1075 suited for restricted-space environments, in which it also
>> 1076 demonstrates excellent performance. Rijndael's operations are
>> 1077 among the easiest to defend against power and timing attacks.
729 1078
730 XCTR mode is used to implement HCTR2 !! 1079 The AES specifies three key sizes: 128, 192 and 256 bits
731 1080
732 config CRYPTO_XTS !! 1081 See <http://csrc.nist.gov/encryption/aes/> for more information.
733 tristate "XTS (XOR Encrypt XOR with ci <<
734 select CRYPTO_SKCIPHER <<
735 select CRYPTO_MANAGER <<
736 select CRYPTO_ECB <<
737 help <<
738 XTS (XOR Encrypt XOR with ciphertext <<
739 and IEEE 1619) <<
740 1082
741 Use with aes-xts-plain, key size 256 !! 1083 config CRYPTO_AES_X86_64
742 implementation currently can't handl !! 1084 tristate "AES cipher algorithms (x86_64)"
743 multiple of 16 bytes. !! 1085 depends on (X86 || UML_X86) && 64BIT
>> 1086 select CRYPTO_ALGAPI
>> 1087 select CRYPTO_AES
>> 1088 help
>> 1089 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1090 algorithm.
744 1091
745 config CRYPTO_NHPOLY1305 !! 1092 Rijndael appears to be consistently a very good performer in
746 tristate !! 1093 both hardware and software across a wide range of computing
747 select CRYPTO_HASH !! 1094 environments regardless of its use in feedback or non-feedback
748 select CRYPTO_LIB_POLY1305_GENERIC !! 1095 modes. Its key setup time is excellent, and its key agility is
>> 1096 good. Rijndael's very low memory requirements make it very well
>> 1097 suited for restricted-space environments, in which it also
>> 1098 demonstrates excellent performance. Rijndael's operations are
>> 1099 among the easiest to defend against power and timing attacks.
749 1100
750 endmenu !! 1101 The AES specifies three key sizes: 128, 192 and 256 bits
751 1102
752 menu "AEAD (authenticated encryption with asso !! 1103 See <http://csrc.nist.gov/encryption/aes/> for more information.
753 1104
754 config CRYPTO_AEGIS128 !! 1105 config CRYPTO_AES_NI_INTEL
755 tristate "AEGIS-128" !! 1106 tristate "AES cipher algorithms (AES-NI)"
>> 1107 depends on X86
756 select CRYPTO_AEAD 1108 select CRYPTO_AEAD
757 select CRYPTO_AES # for AES S-box tab !! 1109 select CRYPTO_AES_X86_64 if 64BIT
>> 1110 select CRYPTO_AES_586 if !64BIT
>> 1111 select CRYPTO_ALGAPI
>> 1112 select CRYPTO_BLKCIPHER
>> 1113 select CRYPTO_GLUE_HELPER_X86 if 64BIT
>> 1114 select CRYPTO_SIMD
758 help 1115 help
759 AEGIS-128 AEAD algorithm !! 1116 Use Intel AES-NI instructions for AES algorithm.
760 1117
761 config CRYPTO_AEGIS128_SIMD !! 1118 AES cipher algorithms (FIPS-197). AES uses the Rijndael
762 bool "AEGIS-128 (arm NEON, arm64 NEON) !! 1119 algorithm.
763 depends on CRYPTO_AEGIS128 && ((ARM || !! 1120
764 default y !! 1121 Rijndael appears to be consistently a very good performer in
>> 1122 both hardware and software across a wide range of computing
>> 1123 environments regardless of its use in feedback or non-feedback
>> 1124 modes. Its key setup time is excellent, and its key agility is
>> 1125 good. Rijndael's very low memory requirements make it very well
>> 1126 suited for restricted-space environments, in which it also
>> 1127 demonstrates excellent performance. Rijndael's operations are
>> 1128 among the easiest to defend against power and timing attacks.
>> 1129
>> 1130 The AES specifies three key sizes: 128, 192 and 256 bits
>> 1131
>> 1132 See <http://csrc.nist.gov/encryption/aes/> for more information.
>> 1133
>> 1134 In addition to AES cipher algorithm support, the acceleration
>> 1135 for some popular block cipher mode is supported too, including
>> 1136 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
>> 1137 acceleration for CTR.
>> 1138
>> 1139 config CRYPTO_AES_SPARC64
>> 1140 tristate "AES cipher algorithms (SPARC64)"
>> 1141 depends on SPARC64
>> 1142 select CRYPTO_CRYPTD
>> 1143 select CRYPTO_ALGAPI
765 help 1144 help
766 AEGIS-128 AEAD algorithm !! 1145 Use SPARC64 crypto opcodes for AES algorithm.
767 1146
768 Architecture: arm or arm64 using: !! 1147 AES cipher algorithms (FIPS-197). AES uses the Rijndael
769 - NEON (Advanced SIMD) extension !! 1148 algorithm.
770 1149
771 config CRYPTO_CHACHA20POLY1305 !! 1150 Rijndael appears to be consistently a very good performer in
772 tristate "ChaCha20-Poly1305" !! 1151 both hardware and software across a wide range of computing
773 select CRYPTO_CHACHA20 !! 1152 environments regardless of its use in feedback or non-feedback
774 select CRYPTO_POLY1305 !! 1153 modes. Its key setup time is excellent, and its key agility is
775 select CRYPTO_AEAD !! 1154 good. Rijndael's very low memory requirements make it very well
776 select CRYPTO_MANAGER !! 1155 suited for restricted-space environments, in which it also
>> 1156 demonstrates excellent performance. Rijndael's operations are
>> 1157 among the easiest to defend against power and timing attacks.
>> 1158
>> 1159 The AES specifies three key sizes: 128, 192 and 256 bits
>> 1160
>> 1161 See <http://csrc.nist.gov/encryption/aes/> for more information.
>> 1162
>> 1163 In addition to AES cipher algorithm support, the acceleration
>> 1164 for some popular block cipher mode is supported too, including
>> 1165 ECB and CBC.
>> 1166
>> 1167 config CRYPTO_AES_PPC_SPE
>> 1168 tristate "AES cipher algorithms (PPC SPE)"
>> 1169 depends on PPC && SPE
>> 1170 help
>> 1171 AES cipher algorithms (FIPS-197). Additionally the acceleration
>> 1172 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
>> 1173 This module should only be used for low power (router) devices
>> 1174 without hardware AES acceleration (e.g. caam crypto). It reduces the
>> 1175 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
>> 1176 timining attacks. Nevertheless it might be not as secure as other
>> 1177 architecture specific assembler implementations that work on 1KB
>> 1178 tables or 256 bytes S-boxes.
>> 1179
>> 1180 config CRYPTO_ANUBIS
>> 1181 tristate "Anubis cipher algorithm"
>> 1182 select CRYPTO_ALGAPI
777 help 1183 help
778 ChaCha20 stream cipher and Poly1305 !! 1184 Anubis cipher algorithm.
779 mode (RFC8439) <<
780 1185
781 config CRYPTO_CCM !! 1186 Anubis is a variable key length cipher which can use keys from
782 tristate "CCM (Counter with Cipher Blo !! 1187 128 bits to 320 bits in length. It was evaluated as a entrant
783 select CRYPTO_CTR !! 1188 in the NESSIE competition.
784 select CRYPTO_HASH !! 1189
785 select CRYPTO_AEAD !! 1190 See also:
786 select CRYPTO_MANAGER !! 1191 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
>> 1192 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
>> 1193
>> 1194 config CRYPTO_ARC4
>> 1195 tristate "ARC4 cipher algorithm"
>> 1196 select CRYPTO_BLKCIPHER
787 help 1197 help
788 CCM (Counter with Cipher Block Chain !! 1198 ARC4 cipher algorithm.
789 authenticated encryption mode (NIST <<
790 1199
791 config CRYPTO_GCM !! 1200 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
792 tristate "GCM (Galois/Counter Mode) an !! 1201 bits in length. This algorithm is required for driver-based
793 select CRYPTO_CTR !! 1202 WEP, but it should not be for other purposes because of the
794 select CRYPTO_AEAD !! 1203 weakness of the algorithm.
795 select CRYPTO_GHASH !! 1204
796 select CRYPTO_NULL !! 1205 config CRYPTO_BLOWFISH
797 select CRYPTO_MANAGER !! 1206 tristate "Blowfish cipher algorithm"
>> 1207 select CRYPTO_ALGAPI
>> 1208 select CRYPTO_BLOWFISH_COMMON
798 help 1209 help
799 GCM (Galois/Counter Mode) authentica !! 1210 Blowfish cipher algorithm, by Bruce Schneier.
800 (GCM Message Authentication Code) (N !! 1211
>> 1212 This is a variable key length cipher which can use keys from 32
>> 1213 bits to 448 bits in length. It's fast, simple and specifically
>> 1214 designed for use on "large microprocessors".
801 1215
802 This is required for IPSec ESP (XFRM !! 1216 See also:
>> 1217 <http://www.schneier.com/blowfish.html>
803 1218
804 config CRYPTO_GENIV !! 1219 config CRYPTO_BLOWFISH_COMMON
805 tristate 1220 tristate
806 select CRYPTO_AEAD !! 1221 help
807 select CRYPTO_NULL !! 1222 Common parts of the Blowfish cipher algorithm shared by the
808 select CRYPTO_MANAGER !! 1223 generic c and the assembler implementations.
809 select CRYPTO_RNG_DEFAULT <<
810 1224
811 config CRYPTO_SEQIV !! 1225 See also:
812 tristate "Sequence Number IV Generator !! 1226 <http://www.schneier.com/blowfish.html>
813 select CRYPTO_GENIV !! 1227
>> 1228 config CRYPTO_BLOWFISH_X86_64
>> 1229 tristate "Blowfish cipher algorithm (x86_64)"
>> 1230 depends on X86 && 64BIT
>> 1231 select CRYPTO_BLKCIPHER
>> 1232 select CRYPTO_BLOWFISH_COMMON
814 help 1233 help
815 Sequence Number IV generator !! 1234 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
816 1235
817 This IV generator generates an IV ba !! 1236 This is a variable key length cipher which can use keys from 32
818 xoring it with a salt. This algorit !! 1237 bits to 448 bits in length. It's fast, simple and specifically
>> 1238 designed for use on "large microprocessors".
819 1239
820 This is required for IPsec ESP (XFRM !! 1240 See also:
>> 1241 <http://www.schneier.com/blowfish.html>
821 1242
822 config CRYPTO_ECHAINIV !! 1243 config CRYPTO_CAMELLIA
823 tristate "Encrypted Chain IV Generator !! 1244 tristate "Camellia cipher algorithms"
824 select CRYPTO_GENIV !! 1245 depends on CRYPTO
>> 1246 select CRYPTO_ALGAPI
825 help 1247 help
826 Encrypted Chain IV generator !! 1248 Camellia cipher algorithms module.
827 1249
828 This IV generator generates an IV ba !! 1250 Camellia is a symmetric key block cipher developed jointly
829 a sequence number xored with a salt. !! 1251 at NTT and Mitsubishi Electric Corporation.
830 algorithm for CBC. !! 1252
>> 1253 The Camellia specifies three key sizes: 128, 192 and 256 bits.
831 1254
832 config CRYPTO_ESSIV !! 1255 See also:
833 tristate "Encrypted Salt-Sector IV Gen !! 1256 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
834 select CRYPTO_AUTHENC !! 1257
>> 1258 config CRYPTO_CAMELLIA_X86_64
>> 1259 tristate "Camellia cipher algorithm (x86_64)"
>> 1260 depends on X86 && 64BIT
>> 1261 depends on CRYPTO
>> 1262 select CRYPTO_BLKCIPHER
>> 1263 select CRYPTO_GLUE_HELPER_X86
835 help 1264 help
836 Encrypted Salt-Sector IV generator !! 1265 Camellia cipher algorithm module (x86_64).
837 1266
838 This IV generator is used in some ca !! 1267 Camellia is a symmetric key block cipher developed jointly
839 dm-crypt. It uses the hash of the bl !! 1268 at NTT and Mitsubishi Electric Corporation.
840 symmetric key for a block encryption <<
841 IV, making low entropy IV sources mo <<
842 encryption. <<
843 1269
844 This driver implements a crypto API !! 1270 The Camellia specifies three key sizes: 128, 192 and 256 bits.
845 instantiated either as an skcipher o <<
846 type of the first template argument) <<
847 and decryption requests to the encap <<
848 ESSIV to the input IV. Note that in <<
849 that the keys are presented in the s <<
850 template, and that the IV appears at <<
851 associated data (AAD) region (which <<
852 1271
853 Note that the use of ESSIV is not re !! 1272 See also:
854 and so this only needs to be enabled !! 1273 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
855 existing encrypted volumes of filesy <<
856 building for a particular system tha <<
857 the SoC in question has accelerated <<
858 combined with ESSIV the only feasibl <<
859 block encryption) <<
860 1274
861 endmenu !! 1275 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1276 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
>> 1277 depends on X86 && 64BIT
>> 1278 depends on CRYPTO
>> 1279 select CRYPTO_BLKCIPHER
>> 1280 select CRYPTO_CAMELLIA_X86_64
>> 1281 select CRYPTO_GLUE_HELPER_X86
>> 1282 select CRYPTO_SIMD
>> 1283 select CRYPTO_XTS
>> 1284 help
>> 1285 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
862 1286
863 menu "Hashes, digests, and MACs" !! 1287 Camellia is a symmetric key block cipher developed jointly
>> 1288 at NTT and Mitsubishi Electric Corporation.
864 1289
865 config CRYPTO_BLAKE2B !! 1290 The Camellia specifies three key sizes: 128, 192 and 256 bits.
866 tristate "BLAKE2b" !! 1291
867 select CRYPTO_HASH !! 1292 See also:
>> 1293 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1294
>> 1295 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
>> 1296 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
>> 1297 depends on X86 && 64BIT
>> 1298 depends on CRYPTO
>> 1299 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
868 help 1300 help
869 BLAKE2b cryptographic hash function !! 1301 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
870 1302
871 BLAKE2b is optimized for 64-bit plat !! 1303 Camellia is a symmetric key block cipher developed jointly
872 of any size between 1 and 64 bytes. !! 1304 at NTT and Mitsubishi Electric Corporation.
873 1305
874 This module provides the following a !! 1306 The Camellia specifies three key sizes: 128, 192 and 256 bits.
875 - blake2b-160 <<
876 - blake2b-256 <<
877 - blake2b-384 <<
878 - blake2b-512 <<
879 1307
880 Used by the btrfs filesystem. !! 1308 See also:
>> 1309 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
881 1310
882 See https://blake2.net for further i !! 1311 config CRYPTO_CAMELLIA_SPARC64
>> 1312 tristate "Camellia cipher algorithm (SPARC64)"
>> 1313 depends on SPARC64
>> 1314 depends on CRYPTO
>> 1315 select CRYPTO_ALGAPI
>> 1316 help
>> 1317 Camellia cipher algorithm module (SPARC64).
883 1318
884 config CRYPTO_CMAC !! 1319 Camellia is a symmetric key block cipher developed jointly
885 tristate "CMAC (Cipher-based MAC)" !! 1320 at NTT and Mitsubishi Electric Corporation.
886 select CRYPTO_HASH !! 1321
887 select CRYPTO_MANAGER !! 1322 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1323
>> 1324 See also:
>> 1325 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1326
>> 1327 config CRYPTO_CAST_COMMON
>> 1328 tristate
888 help 1329 help
889 CMAC (Cipher-based Message Authentic !! 1330 Common parts of the CAST cipher algorithms shared by the
890 mode (NIST SP800-38B and IETF RFC449 !! 1331 generic c and the assembler implementations.
891 1332
892 config CRYPTO_GHASH !! 1333 config CRYPTO_CAST5
893 tristate "GHASH" !! 1334 tristate "CAST5 (CAST-128) cipher algorithm"
894 select CRYPTO_HASH !! 1335 select CRYPTO_ALGAPI
895 select CRYPTO_LIB_GF128MUL !! 1336 select CRYPTO_CAST_COMMON
896 help 1337 help
897 GCM GHASH function (NIST SP800-38D) !! 1338 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1339 described in RFC2144.
898 1340
899 config CRYPTO_HMAC !! 1341 config CRYPTO_CAST5_AVX_X86_64
900 tristate "HMAC (Keyed-Hash MAC)" !! 1342 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
901 select CRYPTO_HASH !! 1343 depends on X86 && 64BIT
902 select CRYPTO_MANAGER !! 1344 select CRYPTO_BLKCIPHER
>> 1345 select CRYPTO_CAST5
>> 1346 select CRYPTO_CAST_COMMON
>> 1347 select CRYPTO_SIMD
903 help 1348 help
904 HMAC (Keyed-Hash Message Authenticat !! 1349 The CAST5 encryption algorithm (synonymous with CAST-128) is
905 RFC2104) !! 1350 described in RFC2144.
906 1351
907 This is required for IPsec AH (XFRM_ !! 1352 This module provides the Cast5 cipher algorithm that processes
>> 1353 sixteen blocks parallel using the AVX instruction set.
908 1354
909 config CRYPTO_MD4 !! 1355 config CRYPTO_CAST6
910 tristate "MD4" !! 1356 tristate "CAST6 (CAST-256) cipher algorithm"
911 select CRYPTO_HASH !! 1357 select CRYPTO_ALGAPI
>> 1358 select CRYPTO_CAST_COMMON
912 help 1359 help
913 MD4 message digest algorithm (RFC132 !! 1360 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1361 described in RFC2612.
914 1362
915 config CRYPTO_MD5 !! 1363 config CRYPTO_CAST6_AVX_X86_64
916 tristate "MD5" !! 1364 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
917 select CRYPTO_HASH !! 1365 depends on X86 && 64BIT
>> 1366 select CRYPTO_BLKCIPHER
>> 1367 select CRYPTO_CAST6
>> 1368 select CRYPTO_CAST_COMMON
>> 1369 select CRYPTO_GLUE_HELPER_X86
>> 1370 select CRYPTO_SIMD
>> 1371 select CRYPTO_XTS
918 help 1372 help
919 MD5 message digest algorithm (RFC132 !! 1373 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1374 described in RFC2612.
920 1375
921 config CRYPTO_MICHAEL_MIC !! 1376 This module provides the Cast6 cipher algorithm that processes
922 tristate "Michael MIC" !! 1377 eight blocks parallel using the AVX instruction set.
923 select CRYPTO_HASH <<
924 help <<
925 Michael MIC (Message Integrity Code) <<
926 1378
927 Defined by the IEEE 802.11i TKIP (Te !! 1379 config CRYPTO_DES
928 known as WPA (Wif-Fi Protected Acces !! 1380 tristate "DES and Triple DES EDE cipher algorithms"
>> 1381 select CRYPTO_ALGAPI
>> 1382 help
>> 1383 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
929 1384
930 This algorithm is required for TKIP, !! 1385 config CRYPTO_DES_SPARC64
931 other purposes because of the weakne !! 1386 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
>> 1387 depends on SPARC64
>> 1388 select CRYPTO_ALGAPI
>> 1389 select CRYPTO_DES
>> 1390 help
>> 1391 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
>> 1392 optimized using SPARC64 crypto opcodes.
932 1393
933 config CRYPTO_POLYVAL !! 1394 config CRYPTO_DES3_EDE_X86_64
934 tristate !! 1395 tristate "Triple DES EDE cipher algorithm (x86-64)"
935 select CRYPTO_HASH !! 1396 depends on X86 && 64BIT
936 select CRYPTO_LIB_GF128MUL !! 1397 select CRYPTO_BLKCIPHER
>> 1398 select CRYPTO_DES
937 help 1399 help
938 POLYVAL hash function for HCTR2 !! 1400 Triple DES EDE (FIPS 46-3) algorithm.
939 1401
940 This is used in HCTR2. It is not a !! 1402 This module provides implementation of the Triple DES EDE cipher
941 cryptographic hash function. !! 1403 algorithm that is optimized for x86-64 processors. Two versions of
>> 1404 algorithm are provided; regular processing one input block and
>> 1405 one that processes three blocks parallel.
942 1406
943 config CRYPTO_POLY1305 !! 1407 config CRYPTO_FCRYPT
944 tristate "Poly1305" !! 1408 tristate "FCrypt cipher algorithm"
945 select CRYPTO_HASH !! 1409 select CRYPTO_ALGAPI
946 select CRYPTO_LIB_POLY1305_GENERIC !! 1410 select CRYPTO_BLKCIPHER
947 help 1411 help
948 Poly1305 authenticator algorithm (RF !! 1412 FCrypt algorithm used by RxRPC.
949 <<
950 Poly1305 is an authenticator algorit <<
951 It is used for the ChaCha20-Poly1305 <<
952 in IETF protocols. This is the porta <<
953 1413
954 config CRYPTO_RMD160 !! 1414 config CRYPTO_KHAZAD
955 tristate "RIPEMD-160" !! 1415 tristate "Khazad cipher algorithm"
956 select CRYPTO_HASH !! 1416 select CRYPTO_ALGAPI
957 help 1417 help
958 RIPEMD-160 hash function (ISO/IEC 10 !! 1418 Khazad cipher algorithm.
959 1419
960 RIPEMD-160 is a 160-bit cryptographi !! 1420 Khazad was a finalist in the initial NESSIE competition. It is
961 to be used as a secure replacement f !! 1421 an algorithm optimized for 64-bit processors with good performance
962 MD4, MD5 and its predecessor RIPEMD !! 1422 on 32-bit processors. Khazad uses an 128 bit key size.
963 (not to be confused with RIPEMD-128) <<
964 1423
965 Its speed is comparable to SHA-1 and !! 1424 See also:
966 against RIPEMD-160. !! 1425 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
967 1426
968 Developed by Hans Dobbertin, Antoon !! 1427 config CRYPTO_SALSA20
969 See https://homes.esat.kuleuven.be/~ !! 1428 tristate "Salsa20 stream cipher algorithm"
970 for further information. !! 1429 select CRYPTO_BLKCIPHER
>> 1430 help
>> 1431 Salsa20 stream cipher algorithm.
971 1432
972 config CRYPTO_SHA1 !! 1433 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
973 tristate "SHA-1" !! 1434 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
974 select CRYPTO_HASH !! 1435
975 select CRYPTO_LIB_SHA1 !! 1436 The Salsa20 stream cipher algorithm is designed by Daniel J.
>> 1437 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
>> 1438
>> 1439 config CRYPTO_CHACHA20
>> 1440 tristate "ChaCha20 cipher algorithm"
>> 1441 select CRYPTO_BLKCIPHER
976 help 1442 help
977 SHA-1 secure hash algorithm (FIPS 18 !! 1443 ChaCha20 cipher algorithm, RFC7539.
978 1444
979 config CRYPTO_SHA256 !! 1445 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
980 tristate "SHA-224 and SHA-256" !! 1446 Bernstein and further specified in RFC7539 for use in IETF protocols.
981 select CRYPTO_HASH !! 1447 This is the portable C implementation of ChaCha20.
982 select CRYPTO_LIB_SHA256 !! 1448
>> 1449 See also:
>> 1450 <http://cr.yp.to/chacha/chacha-20080128.pdf>
>> 1451
>> 1452 config CRYPTO_CHACHA20_X86_64
>> 1453 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
>> 1454 depends on X86 && 64BIT
>> 1455 select CRYPTO_BLKCIPHER
>> 1456 select CRYPTO_CHACHA20
983 help 1457 help
984 SHA-224 and SHA-256 secure hash algo !! 1458 ChaCha20 cipher algorithm, RFC7539.
985 1459
986 This is required for IPsec AH (XFRM_ !! 1460 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
987 Used by the btrfs filesystem, Ceph, !! 1461 Bernstein and further specified in RFC7539 for use in IETF protocols.
>> 1462 This is the x86_64 assembler implementation using SIMD instructions.
988 1463
989 config CRYPTO_SHA512 !! 1464 See also:
990 tristate "SHA-384 and SHA-512" !! 1465 <http://cr.yp.to/chacha/chacha-20080128.pdf>
991 select CRYPTO_HASH !! 1466
>> 1467 config CRYPTO_SEED
>> 1468 tristate "SEED cipher algorithm"
>> 1469 select CRYPTO_ALGAPI
992 help 1470 help
993 SHA-384 and SHA-512 secure hash algo !! 1471 SEED cipher algorithm (RFC4269).
994 1472
995 config CRYPTO_SHA3 !! 1473 SEED is a 128-bit symmetric key block cipher that has been
996 tristate "SHA-3" !! 1474 developed by KISA (Korea Information Security Agency) as a
997 select CRYPTO_HASH !! 1475 national standard encryption algorithm of the Republic of Korea.
>> 1476 It is a 16 round block cipher with the key size of 128 bit.
>> 1477
>> 1478 See also:
>> 1479 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
>> 1480
>> 1481 config CRYPTO_SERPENT
>> 1482 tristate "Serpent cipher algorithm"
>> 1483 select CRYPTO_ALGAPI
998 help 1484 help
999 SHA-3 secure hash algorithms (FIPS 2 !! 1485 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1000 1486
1001 config CRYPTO_SM3 !! 1487 Keys are allowed to be from 0 to 256 bits in length, in steps
1002 tristate !! 1488 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
>> 1489 variant of Serpent for compatibility with old kerneli.org code.
1003 1490
1004 config CRYPTO_SM3_GENERIC !! 1491 See also:
1005 tristate "SM3 (ShangMi 3)" !! 1492 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1006 select CRYPTO_HASH !! 1493
1007 select CRYPTO_SM3 !! 1494 config CRYPTO_SERPENT_SSE2_X86_64
>> 1495 tristate "Serpent cipher algorithm (x86_64/SSE2)"
>> 1496 depends on X86 && 64BIT
>> 1497 select CRYPTO_BLKCIPHER
>> 1498 select CRYPTO_GLUE_HELPER_X86
>> 1499 select CRYPTO_SERPENT
>> 1500 select CRYPTO_SIMD
1008 help 1501 help
1009 SM3 (ShangMi 3) secure hash functio !! 1502 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1503
>> 1504 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1505 of 8 bits.
1010 1506
1011 This is part of the Chinese Commerc !! 1507 This module provides Serpent cipher algorithm that processes eight
>> 1508 blocks parallel using SSE2 instruction set.
1012 1509
1013 References: !! 1510 See also:
1014 http://www.oscca.gov.cn/UpFile/2010 !! 1511 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1015 https://datatracker.ietf.org/doc/ht <<
1016 1512
1017 config CRYPTO_STREEBOG !! 1513 config CRYPTO_SERPENT_SSE2_586
1018 tristate "Streebog" !! 1514 tristate "Serpent cipher algorithm (i586/SSE2)"
1019 select CRYPTO_HASH !! 1515 depends on X86 && !64BIT
>> 1516 select CRYPTO_BLKCIPHER
>> 1517 select CRYPTO_GLUE_HELPER_X86
>> 1518 select CRYPTO_SERPENT
>> 1519 select CRYPTO_SIMD
1020 help 1520 help
1021 Streebog Hash Function (GOST R 34.1 !! 1521 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1022 1522
1023 This is one of the Russian cryptogr !! 1523 Keys are allowed to be from 0 to 256 bits in length, in steps
1024 GOST algorithms). This setting enab !! 1524 of 8 bits.
1025 256 and 512 bits output. <<
1026 1525
1027 References: !! 1526 This module provides Serpent cipher algorithm that processes four
1028 https://tc26.ru/upload/iblock/fed/f !! 1527 blocks parallel using SSE2 instruction set.
1029 https://tools.ietf.org/html/rfc6986 <<
1030 1528
1031 config CRYPTO_VMAC !! 1529 See also:
1032 tristate "VMAC" !! 1530 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1033 select CRYPTO_HASH !! 1531
1034 select CRYPTO_MANAGER !! 1532 config CRYPTO_SERPENT_AVX_X86_64
>> 1533 tristate "Serpent cipher algorithm (x86_64/AVX)"
>> 1534 depends on X86 && 64BIT
>> 1535 select CRYPTO_BLKCIPHER
>> 1536 select CRYPTO_GLUE_HELPER_X86
>> 1537 select CRYPTO_SERPENT
>> 1538 select CRYPTO_SIMD
>> 1539 select CRYPTO_XTS
1035 help 1540 help
1036 VMAC is a message authentication al !! 1541 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1037 very high speed on 64-bit architect <<
1038 1542
1039 See https://fastcrypto.org/vmac for !! 1543 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1544 of 8 bits.
1040 1545
1041 config CRYPTO_WP512 !! 1546 This module provides the Serpent cipher algorithm that processes
1042 tristate "Whirlpool" !! 1547 eight blocks parallel using the AVX instruction set.
1043 select CRYPTO_HASH !! 1548
>> 1549 See also:
>> 1550 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1551
>> 1552 config CRYPTO_SERPENT_AVX2_X86_64
>> 1553 tristate "Serpent cipher algorithm (x86_64/AVX2)"
>> 1554 depends on X86 && 64BIT
>> 1555 select CRYPTO_SERPENT_AVX_X86_64
1044 help 1556 help
1045 Whirlpool hash function (ISO/IEC 10 !! 1557 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1046 1558
1047 512, 384 and 256-bit hashes. !! 1559 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1560 of 8 bits.
1048 1561
1049 Whirlpool-512 is part of the NESSIE !! 1562 This module provides Serpent cipher algorithm that processes 16
>> 1563 blocks parallel using AVX2 instruction set.
1050 1564
1051 See https://web.archive.org/web/201 !! 1565 See also:
1052 for further information. !! 1566 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1053 1567
1054 config CRYPTO_XCBC !! 1568 config CRYPTO_SM4
1055 tristate "XCBC-MAC (Extended Cipher B !! 1569 tristate "SM4 cipher algorithm"
1056 select CRYPTO_HASH !! 1570 select CRYPTO_ALGAPI
1057 select CRYPTO_MANAGER <<
1058 help 1571 help
1059 XCBC-MAC (Extended Cipher Block Cha !! 1572 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1060 Code) (RFC3566) <<
1061 1573
1062 config CRYPTO_XXHASH !! 1574 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1063 tristate "xxHash" !! 1575 Organization of State Commercial Administration of China (OSCCA)
1064 select CRYPTO_HASH !! 1576 as an authorized cryptographic algorithms for the use within China.
1065 select XXHASH !! 1577
>> 1578 SMS4 was originally created for use in protecting wireless
>> 1579 networks, and is mandated in the Chinese National Standard for
>> 1580 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
>> 1581 (GB.15629.11-2003).
>> 1582
>> 1583 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
>> 1584 standardized through TC 260 of the Standardization Administration
>> 1585 of the People's Republic of China (SAC).
>> 1586
>> 1587 The input, output, and key of SMS4 are each 128 bits.
>> 1588
>> 1589 See also: <https://eprint.iacr.org/2008/329.pdf>
>> 1590
>> 1591 If unsure, say N.
>> 1592
>> 1593 config CRYPTO_TEA
>> 1594 tristate "TEA, XTEA and XETA cipher algorithms"
>> 1595 select CRYPTO_ALGAPI
1066 help 1596 help
1067 xxHash non-cryptographic hash algor !! 1597 TEA cipher algorithm.
1068 1598
1069 Extremely fast, working at speeds c !! 1599 Tiny Encryption Algorithm is a simple cipher that uses
>> 1600 many rounds for security. It is very fast and uses
>> 1601 little memory.
1070 1602
1071 Used by the btrfs filesystem. !! 1603 Xtendend Tiny Encryption Algorithm is a modification to
>> 1604 the TEA algorithm to address a potential key weakness
>> 1605 in the TEA algorithm.
1072 1606
1073 endmenu !! 1607 Xtendend Encryption Tiny Algorithm is a mis-implementation
>> 1608 of the XTEA algorithm for compatibility purposes.
1074 1609
1075 menu "CRCs (cyclic redundancy checks)" !! 1610 config CRYPTO_TWOFISH
>> 1611 tristate "Twofish cipher algorithm"
>> 1612 select CRYPTO_ALGAPI
>> 1613 select CRYPTO_TWOFISH_COMMON
>> 1614 help
>> 1615 Twofish cipher algorithm.
1076 1616
1077 config CRYPTO_CRC32C !! 1617 Twofish was submitted as an AES (Advanced Encryption Standard)
1078 tristate "CRC32c" !! 1618 candidate cipher by researchers at CounterPane Systems. It is a
1079 select CRYPTO_HASH !! 1619 16 round block cipher supporting key sizes of 128, 192, and 256
1080 select CRC32 !! 1620 bits.
>> 1621
>> 1622 See also:
>> 1623 <http://www.schneier.com/twofish.html>
>> 1624
>> 1625 config CRYPTO_TWOFISH_COMMON
>> 1626 tristate
>> 1627 help
>> 1628 Common parts of the Twofish cipher algorithm shared by the
>> 1629 generic c and the assembler implementations.
>> 1630
>> 1631 config CRYPTO_TWOFISH_586
>> 1632 tristate "Twofish cipher algorithms (i586)"
>> 1633 depends on (X86 || UML_X86) && !64BIT
>> 1634 select CRYPTO_ALGAPI
>> 1635 select CRYPTO_TWOFISH_COMMON
1081 help 1636 help
1082 CRC32c CRC algorithm with the iSCSI !! 1637 Twofish cipher algorithm.
1083 1638
1084 A 32-bit CRC (cyclic redundancy che !! 1639 Twofish was submitted as an AES (Advanced Encryption Standard)
1085 by G. Castagnoli, S. Braeuer and M. !! 1640 candidate cipher by researchers at CounterPane Systems. It is a
1086 Redundancy-Check Codes with 24 and !! 1641 16 round block cipher supporting key sizes of 128, 192, and 256
1087 on Communications, Vol. 41, No. 6, !! 1642 bits.
1088 iSCSI. <<
1089 1643
1090 Used by btrfs, ext4, jbd2, NVMeoF/T !! 1644 See also:
>> 1645 <http://www.schneier.com/twofish.html>
1091 1646
1092 config CRYPTO_CRC32 !! 1647 config CRYPTO_TWOFISH_X86_64
1093 tristate "CRC32" !! 1648 tristate "Twofish cipher algorithm (x86_64)"
1094 select CRYPTO_HASH !! 1649 depends on (X86 || UML_X86) && 64BIT
1095 select CRC32 !! 1650 select CRYPTO_ALGAPI
>> 1651 select CRYPTO_TWOFISH_COMMON
1096 help 1652 help
1097 CRC32 CRC algorithm (IEEE 802.3) !! 1653 Twofish cipher algorithm (x86_64).
>> 1654
>> 1655 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1656 candidate cipher by researchers at CounterPane Systems. It is a
>> 1657 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1658 bits.
1098 1659
1099 Used by RoCEv2 and f2fs. !! 1660 See also:
>> 1661 <http://www.schneier.com/twofish.html>
1100 1662
1101 config CRYPTO_CRCT10DIF !! 1663 config CRYPTO_TWOFISH_X86_64_3WAY
1102 tristate "CRCT10DIF" !! 1664 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1103 select CRYPTO_HASH !! 1665 depends on X86 && 64BIT
>> 1666 select CRYPTO_BLKCIPHER
>> 1667 select CRYPTO_TWOFISH_COMMON
>> 1668 select CRYPTO_TWOFISH_X86_64
>> 1669 select CRYPTO_GLUE_HELPER_X86
1104 help 1670 help
1105 CRC16 CRC algorithm used for the T1 !! 1671 Twofish cipher algorithm (x86_64, 3-way parallel).
1106 1672
1107 CRC algorithm used by the SCSI Bloc !! 1673 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1674 candidate cipher by researchers at CounterPane Systems. It is a
>> 1675 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1676 bits.
1108 1677
1109 config CRYPTO_CRC64_ROCKSOFT !! 1678 This module provides Twofish cipher algorithm that processes three
1110 tristate "CRC64 based on Rocksoft Mod !! 1679 blocks parallel, utilizing resources of out-of-order CPUs better.
1111 depends on CRC64 !! 1680
1112 select CRYPTO_HASH !! 1681 See also:
>> 1682 <http://www.schneier.com/twofish.html>
>> 1683
>> 1684 config CRYPTO_TWOFISH_AVX_X86_64
>> 1685 tristate "Twofish cipher algorithm (x86_64/AVX)"
>> 1686 depends on X86 && 64BIT
>> 1687 select CRYPTO_BLKCIPHER
>> 1688 select CRYPTO_GLUE_HELPER_X86
>> 1689 select CRYPTO_SIMD
>> 1690 select CRYPTO_TWOFISH_COMMON
>> 1691 select CRYPTO_TWOFISH_X86_64
>> 1692 select CRYPTO_TWOFISH_X86_64_3WAY
1113 help 1693 help
1114 CRC64 CRC algorithm based on the Ro !! 1694 Twofish cipher algorithm (x86_64/AVX).
1115 1695
1116 Used by the NVMe implementation of !! 1696 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1697 candidate cipher by researchers at CounterPane Systems. It is a
>> 1698 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1699 bits.
1117 1700
1118 See https://zlib.net/crc_v3.txt !! 1701 This module provides the Twofish cipher algorithm that processes
>> 1702 eight blocks parallel using the AVX Instruction Set.
1119 1703
1120 endmenu !! 1704 See also:
>> 1705 <http://www.schneier.com/twofish.html>
1121 1706
1122 menu "Compression" !! 1707 comment "Compression"
1123 1708
1124 config CRYPTO_DEFLATE 1709 config CRYPTO_DEFLATE
1125 tristate "Deflate" !! 1710 tristate "Deflate compression algorithm"
1126 select CRYPTO_ALGAPI 1711 select CRYPTO_ALGAPI
1127 select CRYPTO_ACOMP2 1712 select CRYPTO_ACOMP2
1128 select ZLIB_INFLATE 1713 select ZLIB_INFLATE
1129 select ZLIB_DEFLATE 1714 select ZLIB_DEFLATE
1130 help 1715 help
1131 Deflate compression algorithm (RFC1 !! 1716 This is the Deflate algorithm (RFC1951), specified for use in
>> 1717 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1132 1718
1133 Used by IPSec with the IPCOMP proto !! 1719 You will most probably want this if using IPSec.
1134 1720
1135 config CRYPTO_LZO 1721 config CRYPTO_LZO
1136 tristate "LZO" !! 1722 tristate "LZO compression algorithm"
1137 select CRYPTO_ALGAPI 1723 select CRYPTO_ALGAPI
1138 select CRYPTO_ACOMP2 1724 select CRYPTO_ACOMP2
1139 select LZO_COMPRESS 1725 select LZO_COMPRESS
1140 select LZO_DECOMPRESS 1726 select LZO_DECOMPRESS
1141 help 1727 help
1142 LZO compression algorithm !! 1728 This is the LZO algorithm.
1143 <<
1144 See https://www.oberhumer.com/opens <<
1145 1729
1146 config CRYPTO_842 1730 config CRYPTO_842
1147 tristate "842" !! 1731 tristate "842 compression algorithm"
1148 select CRYPTO_ALGAPI 1732 select CRYPTO_ALGAPI
1149 select CRYPTO_ACOMP2 1733 select CRYPTO_ACOMP2
1150 select 842_COMPRESS 1734 select 842_COMPRESS
1151 select 842_DECOMPRESS 1735 select 842_DECOMPRESS
1152 help 1736 help
1153 842 compression algorithm by IBM !! 1737 This is the 842 algorithm.
1154 <<
1155 See https://github.com/plauth/lib84 <<
1156 1738
1157 config CRYPTO_LZ4 1739 config CRYPTO_LZ4
1158 tristate "LZ4" !! 1740 tristate "LZ4 compression algorithm"
1159 select CRYPTO_ALGAPI 1741 select CRYPTO_ALGAPI
1160 select CRYPTO_ACOMP2 1742 select CRYPTO_ACOMP2
1161 select LZ4_COMPRESS 1743 select LZ4_COMPRESS
1162 select LZ4_DECOMPRESS 1744 select LZ4_DECOMPRESS
1163 help 1745 help
1164 LZ4 compression algorithm !! 1746 This is the LZ4 algorithm.
1165 <<
1166 See https://github.com/lz4/lz4 for <<
1167 1747
1168 config CRYPTO_LZ4HC 1748 config CRYPTO_LZ4HC
1169 tristate "LZ4HC" !! 1749 tristate "LZ4HC compression algorithm"
1170 select CRYPTO_ALGAPI 1750 select CRYPTO_ALGAPI
1171 select CRYPTO_ACOMP2 1751 select CRYPTO_ACOMP2
1172 select LZ4HC_COMPRESS 1752 select LZ4HC_COMPRESS
1173 select LZ4_DECOMPRESS 1753 select LZ4_DECOMPRESS
1174 help 1754 help
1175 LZ4 high compression mode algorithm !! 1755 This is the LZ4 high compression mode algorithm.
1176 <<
1177 See https://github.com/lz4/lz4 for <<
1178 1756
1179 config CRYPTO_ZSTD 1757 config CRYPTO_ZSTD
1180 tristate "Zstd" !! 1758 tristate "Zstd compression algorithm"
1181 select CRYPTO_ALGAPI 1759 select CRYPTO_ALGAPI
1182 select CRYPTO_ACOMP2 1760 select CRYPTO_ACOMP2
1183 select ZSTD_COMPRESS 1761 select ZSTD_COMPRESS
1184 select ZSTD_DECOMPRESS 1762 select ZSTD_DECOMPRESS
1185 help 1763 help
1186 zstd compression algorithm !! 1764 This is the zstd algorithm.
1187 1765
1188 See https://github.com/facebook/zst !! 1766 comment "Random Number Generation"
1189 <<
1190 endmenu <<
1191 <<
1192 menu "Random number generation" <<
1193 1767
1194 config CRYPTO_ANSI_CPRNG 1768 config CRYPTO_ANSI_CPRNG
1195 tristate "ANSI PRNG (Pseudo Random Nu !! 1769 tristate "Pseudo Random Number Generation for Cryptographic modules"
1196 select CRYPTO_AES 1770 select CRYPTO_AES
1197 select CRYPTO_RNG 1771 select CRYPTO_RNG
1198 help 1772 help
1199 Pseudo RNG (random number generator !! 1773 This option enables the generic pseudo random number generator
1200 !! 1774 for cryptographic modules. Uses the Algorithm specified in
1201 This uses the AES cipher algorithm. !! 1775 ANSI X9.31 A.2.4. Note that this option must be enabled if
1202 !! 1776 CRYPTO_FIPS is selected
1203 Note that this option must be enabl <<
1204 1777
1205 menuconfig CRYPTO_DRBG_MENU 1778 menuconfig CRYPTO_DRBG_MENU
1206 tristate "NIST SP800-90A DRBG (Determ !! 1779 tristate "NIST SP800-90A DRBG"
1207 help 1780 help
1208 DRBG (Deterministic Random Bit Gene !! 1781 NIST SP800-90A compliant DRBG. In the following submenu, one or
1209 !! 1782 more of the DRBG types must be selected.
1210 In the following submenu, one or mo <<
1211 1783
1212 if CRYPTO_DRBG_MENU 1784 if CRYPTO_DRBG_MENU
1213 1785
1214 config CRYPTO_DRBG_HMAC 1786 config CRYPTO_DRBG_HMAC
1215 bool 1787 bool
1216 default y 1788 default y
1217 select CRYPTO_HMAC 1789 select CRYPTO_HMAC
1218 select CRYPTO_SHA512 !! 1790 select CRYPTO_SHA256
1219 1791
1220 config CRYPTO_DRBG_HASH 1792 config CRYPTO_DRBG_HASH
1221 bool "Hash_DRBG" !! 1793 bool "Enable Hash DRBG"
1222 select CRYPTO_SHA256 1794 select CRYPTO_SHA256
1223 help 1795 help
1224 Hash_DRBG variant as defined in NIS !! 1796 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1225 <<
1226 This uses the SHA-1, SHA-256, SHA-3 <<
1227 1797
1228 config CRYPTO_DRBG_CTR 1798 config CRYPTO_DRBG_CTR
1229 bool "CTR_DRBG" !! 1799 bool "Enable CTR DRBG"
1230 select CRYPTO_AES 1800 select CRYPTO_AES
1231 select CRYPTO_CTR !! 1801 depends on CRYPTO_CTR
1232 help 1802 help
1233 CTR_DRBG variant as defined in NIST !! 1803 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1234 <<
1235 This uses the AES cipher algorithm <<
1236 1804
1237 config CRYPTO_DRBG 1805 config CRYPTO_DRBG
1238 tristate 1806 tristate
1239 default CRYPTO_DRBG_MENU 1807 default CRYPTO_DRBG_MENU
1240 select CRYPTO_RNG 1808 select CRYPTO_RNG
1241 select CRYPTO_JITTERENTROPY 1809 select CRYPTO_JITTERENTROPY
1242 1810
1243 endif # if CRYPTO_DRBG_MENU 1811 endif # if CRYPTO_DRBG_MENU
1244 1812
1245 config CRYPTO_JITTERENTROPY 1813 config CRYPTO_JITTERENTROPY
1246 tristate "CPU Jitter Non-Deterministi !! 1814 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1247 select CRYPTO_RNG 1815 select CRYPTO_RNG
1248 select CRYPTO_SHA3 <<
1249 help 1816 help
1250 CPU Jitter RNG (Random Number Gener !! 1817 The Jitterentropy RNG is a noise that is intended
1251 !! 1818 to provide seed to another RNG. The RNG does not
1252 A non-physical non-deterministic (" !! 1819 perform any cryptographic whitening of the generated
1253 compliant with NIST SP800-90B) inte !! 1820 random numbers. This Jitterentropy RNG registers with
1254 deterministic RNG (e.g., per NIST S !! 1821 the kernel crypto API and can be used by any caller.
1255 This RNG does not perform any crypt <<
1256 random numbers. <<
1257 <<
1258 See https://www.chronox.de/jent/ <<
1259 <<
1260 if CRYPTO_JITTERENTROPY <<
1261 if CRYPTO_FIPS && EXPERT <<
1262 <<
1263 choice <<
1264 prompt "CPU Jitter RNG Memory Size" <<
1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ <<
1266 help <<
1267 The Jitter RNG measures the executi <<
1268 Multiple consecutive memory accesse <<
1269 size fits into a cache (e.g. L1), o <<
1270 to that cache is measured. The clos <<
1271 the less variations are measured an <<
1272 obtained. Thus, if the memory size <<
1273 obtained entropy is less than if th <<
1274 L1 + L2, which in turn is less if t <<
1275 L1 + L2 + L3. Thus, by selecting a <<
1276 the entropy rate produced by the Ji <<
1277 <<
1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 <<
1279 bool "2048 Bytes (default)" <<
1280 <<
1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1282 bool "128 kBytes" <<
1283 <<
1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1285 bool "1024 kBytes" <<
1286 <<
1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 <<
1288 bool "8192 kBytes" <<
1289 endchoice <<
1290 <<
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1292 int <<
1293 default 64 if CRYPTO_JITTERENTROPY_ME <<
1294 default 512 if CRYPTO_JITTERENTROPY_M <<
1295 default 1024 if CRYPTO_JITTERENTROPY_ <<
1296 default 4096 if CRYPTO_JITTERENTROPY_ <<
1297 <<
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1299 int <<
1300 default 32 if CRYPTO_JITTERENTROPY_ME <<
1301 default 256 if CRYPTO_JITTERENTROPY_M <<
1302 default 1024 if CRYPTO_JITTERENTROPY_ <<
1303 default 2048 if CRYPTO_JITTERENTROPY_ <<
1304 <<
1305 config CRYPTO_JITTERENTROPY_OSR <<
1306 int "CPU Jitter RNG Oversampling Rate <<
1307 range 1 15 <<
1308 default 3 <<
1309 help <<
1310 The Jitter RNG allows the specifica <<
1311 The Jitter RNG operation requires a <<
1312 measurements to produce one output <<
1313 OSR value is multiplied with the am <<
1314 generate one output block. Thus, th <<
1315 by the OSR factor. The oversampling <<
1316 on hardware whose timers deliver li <<
1317 the timer is coarse) by setting the <<
1318 trade-off, however, is that the Jit <<
1319 to generate random numbers. <<
1320 <<
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1322 bool "CPU Jitter RNG Test Interface" <<
1323 help <<
1324 The test interface allows a privile <<
1325 the raw unconditioned high resoluti <<
1326 is collected by the Jitter RNG for <<
1327 this data is used at the same time <<
1328 the Jitter RNG operates in an insec <<
1329 recording is enabled. This interfac <<
1330 intended for testing purposes and i <<
1331 production systems. <<
1332 <<
1333 The raw noise data can be obtained <<
1334 debugfs file. Using the option <<
1335 jitterentropy_testing.boot_raw_hire <<
1336 the first 1000 entropy events since <<
1337 <<
1338 If unsure, select N. <<
1339 <<
1340 endif # if CRYPTO_FIPS && EXPERT <<
1341 <<
1342 if !(CRYPTO_FIPS && EXPERT) <<
1343 <<
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1345 int <<
1346 default 64 <<
1347 <<
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1349 int <<
1350 default 32 <<
1351 <<
1352 config CRYPTO_JITTERENTROPY_OSR <<
1353 int <<
1354 default 1 <<
1355 <<
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1357 bool <<
1358 <<
1359 endif # if !(CRYPTO_FIPS && EXPERT) <<
1360 endif # if CRYPTO_JITTERENTROPY <<
1361 <<
1362 config CRYPTO_KDF800108_CTR <<
1363 tristate <<
1364 select CRYPTO_HMAC <<
1365 select CRYPTO_SHA256 <<
1366 <<
1367 endmenu <<
1368 menu "Userspace interface" <<
1369 1822
1370 config CRYPTO_USER_API 1823 config CRYPTO_USER_API
1371 tristate 1824 tristate
1372 1825
1373 config CRYPTO_USER_API_HASH 1826 config CRYPTO_USER_API_HASH
1374 tristate "Hash algorithms" !! 1827 tristate "User-space interface for hash algorithms"
1375 depends on NET 1828 depends on NET
1376 select CRYPTO_HASH 1829 select CRYPTO_HASH
1377 select CRYPTO_USER_API 1830 select CRYPTO_USER_API
1378 help 1831 help
1379 Enable the userspace interface for !! 1832 This option enables the user-spaces interface for hash
1380 !! 1833 algorithms.
1381 See Documentation/crypto/userspace- <<
1382 https://www.chronox.de/libkcapi/htm <<
1383 1834
1384 config CRYPTO_USER_API_SKCIPHER 1835 config CRYPTO_USER_API_SKCIPHER
1385 tristate "Symmetric key cipher algori !! 1836 tristate "User-space interface for symmetric key cipher algorithms"
1386 depends on NET 1837 depends on NET
1387 select CRYPTO_SKCIPHER !! 1838 select CRYPTO_BLKCIPHER
1388 select CRYPTO_USER_API 1839 select CRYPTO_USER_API
1389 help 1840 help
1390 Enable the userspace interface for !! 1841 This option enables the user-spaces interface for symmetric
1391 !! 1842 key cipher algorithms.
1392 See Documentation/crypto/userspace- <<
1393 https://www.chronox.de/libkcapi/htm <<
1394 1843
1395 config CRYPTO_USER_API_RNG 1844 config CRYPTO_USER_API_RNG
1396 tristate "RNG (random number generato !! 1845 tristate "User-space interface for random number generator algorithms"
1397 depends on NET 1846 depends on NET
1398 select CRYPTO_RNG 1847 select CRYPTO_RNG
1399 select CRYPTO_USER_API 1848 select CRYPTO_USER_API
1400 help 1849 help
1401 Enable the userspace interface for !! 1850 This option enables the user-spaces interface for random
1402 algorithms. !! 1851 number generator algorithms.
1403 <<
1404 See Documentation/crypto/userspace- <<
1405 https://www.chronox.de/libkcapi/htm <<
1406 <<
1407 config CRYPTO_USER_API_RNG_CAVP <<
1408 bool "Enable CAVP testing of DRBG" <<
1409 depends on CRYPTO_USER_API_RNG && CRY <<
1410 help <<
1411 Enable extra APIs in the userspace <<
1412 (Cryptographic Algorithm Validation <<
1413 - resetting DRBG entropy <<
1414 - providing Additional Data <<
1415 <<
1416 This should only be enabled for CAV <<
1417 no unless you know what this is. <<
1418 1852
1419 config CRYPTO_USER_API_AEAD 1853 config CRYPTO_USER_API_AEAD
1420 tristate "AEAD cipher algorithms" !! 1854 tristate "User-space interface for AEAD cipher algorithms"
1421 depends on NET 1855 depends on NET
1422 select CRYPTO_AEAD 1856 select CRYPTO_AEAD
1423 select CRYPTO_SKCIPHER !! 1857 select CRYPTO_BLKCIPHER
1424 select CRYPTO_NULL 1858 select CRYPTO_NULL
1425 select CRYPTO_USER_API 1859 select CRYPTO_USER_API
1426 help 1860 help
1427 Enable the userspace interface for !! 1861 This option enables the user-spaces interface for AEAD
1428 !! 1862 cipher algorithms.
1429 See Documentation/crypto/userspace- <<
1430 https://www.chronox.de/libkcapi/htm <<
1431 <<
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE <<
1433 bool "Obsolete cryptographic algorith <<
1434 depends on CRYPTO_USER_API <<
1435 default y <<
1436 help <<
1437 Allow obsolete cryptographic algori <<
1438 already been phased out from intern <<
1439 only useful for userspace clients t <<
1440 <<
1441 endmenu <<
1442 1863
1443 config CRYPTO_HASH_INFO 1864 config CRYPTO_HASH_INFO
1444 bool 1865 bool
1445 1866
1446 if !KMSAN # avoid false positives from assemb <<
1447 if ARM <<
1448 source "arch/arm/crypto/Kconfig" <<
1449 endif <<
1450 if ARM64 <<
1451 source "arch/arm64/crypto/Kconfig" <<
1452 endif <<
1453 if LOONGARCH <<
1454 source "arch/loongarch/crypto/Kconfig" <<
1455 endif <<
1456 if MIPS <<
1457 source "arch/mips/crypto/Kconfig" <<
1458 endif <<
1459 if PPC <<
1460 source "arch/powerpc/crypto/Kconfig" <<
1461 endif <<
1462 if RISCV <<
1463 source "arch/riscv/crypto/Kconfig" <<
1464 endif <<
1465 if S390 <<
1466 source "arch/s390/crypto/Kconfig" <<
1467 endif <<
1468 if SPARC <<
1469 source "arch/sparc/crypto/Kconfig" <<
1470 endif <<
1471 if X86 <<
1472 source "arch/x86/crypto/Kconfig" <<
1473 endif <<
1474 endif <<
1475 <<
1476 source "drivers/crypto/Kconfig" 1867 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig" !! 1868 source crypto/asymmetric_keys/Kconfig
1478 source "certs/Kconfig" !! 1869 source certs/Kconfig
1479 1870
1480 endif # if CRYPTO 1871 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.