1 # SPDX-License-Identifier: GPL-2.0 <<
2 # 1 #
3 # Generic algorithms support 2 # Generic algorithms support
4 # 3 #
5 config XOR_BLOCKS 4 config XOR_BLOCKS
6 tristate 5 tristate
7 6
8 # 7 #
9 # async_tx api: hardware offloaded memory tran 8 # async_tx api: hardware offloaded memory transfer/transform support
10 # 9 #
11 source "crypto/async_tx/Kconfig" 10 source "crypto/async_tx/Kconfig"
12 11
13 # 12 #
14 # Cryptographic API Configuration 13 # Cryptographic API Configuration
15 # 14 #
16 menuconfig CRYPTO 15 menuconfig CRYPTO
17 tristate "Cryptographic API" 16 tristate "Cryptographic API"
18 select CRYPTO_LIB_UTILS <<
19 help 17 help
20 This option provides the core Crypto 18 This option provides the core Cryptographic API.
21 19
22 if CRYPTO 20 if CRYPTO
23 21
24 menu "Crypto core or helper" !! 22 comment "Crypto core or helper"
25 23
26 config CRYPTO_FIPS 24 config CRYPTO_FIPS
27 bool "FIPS 200 compliance" 25 bool "FIPS 200 compliance"
28 depends on (CRYPTO_ANSI_CPRNG || CRYPT 26 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
29 depends on (MODULE_SIG || !MODULES) !! 27 depends on MODULE_SIG
30 help 28 help
31 This option enables the fips boot op !! 29 This options enables the fips boot option which is
32 required if you want the system to o !! 30 required if you want to system to operate in a FIPS 200
33 certification. You should say no un 31 certification. You should say no unless you know what
34 this is. 32 this is.
35 33
36 config CRYPTO_FIPS_NAME <<
37 string "FIPS Module Name" <<
38 default "Linux Kernel Cryptographic AP <<
39 depends on CRYPTO_FIPS <<
40 help <<
41 This option sets the FIPS Module nam <<
42 the /proc/sys/crypto/fips_name file. <<
43 <<
44 config CRYPTO_FIPS_CUSTOM_VERSION <<
45 bool "Use Custom FIPS Module Version" <<
46 depends on CRYPTO_FIPS <<
47 default n <<
48 <<
49 config CRYPTO_FIPS_VERSION <<
50 string "FIPS Module Version" <<
51 default "(none)" <<
52 depends on CRYPTO_FIPS_CUSTOM_VERSION <<
53 help <<
54 This option provides the ability to <<
55 By default the KERNELRELEASE value i <<
56 <<
57 config CRYPTO_ALGAPI 34 config CRYPTO_ALGAPI
58 tristate 35 tristate
59 select CRYPTO_ALGAPI2 36 select CRYPTO_ALGAPI2
60 help 37 help
61 This option provides the API for cry 38 This option provides the API for cryptographic algorithms.
62 39
63 config CRYPTO_ALGAPI2 40 config CRYPTO_ALGAPI2
64 tristate 41 tristate
65 42
66 config CRYPTO_AEAD 43 config CRYPTO_AEAD
67 tristate 44 tristate
68 select CRYPTO_AEAD2 45 select CRYPTO_AEAD2
69 select CRYPTO_ALGAPI 46 select CRYPTO_ALGAPI
70 47
71 config CRYPTO_AEAD2 48 config CRYPTO_AEAD2
72 tristate 49 tristate
73 select CRYPTO_ALGAPI2 50 select CRYPTO_ALGAPI2
>> 51 select CRYPTO_NULL2
>> 52 select CRYPTO_RNG2
74 53
75 config CRYPTO_SIG !! 54 config CRYPTO_BLKCIPHER
76 tristate <<
77 select CRYPTO_SIG2 <<
78 select CRYPTO_ALGAPI <<
79 <<
80 config CRYPTO_SIG2 <<
81 tristate <<
82 select CRYPTO_ALGAPI2 <<
83 <<
84 config CRYPTO_SKCIPHER <<
85 tristate 55 tristate
86 select CRYPTO_SKCIPHER2 !! 56 select CRYPTO_BLKCIPHER2
87 select CRYPTO_ALGAPI 57 select CRYPTO_ALGAPI
88 select CRYPTO_ECB <<
89 58
90 config CRYPTO_SKCIPHER2 !! 59 config CRYPTO_BLKCIPHER2
91 tristate 60 tristate
92 select CRYPTO_ALGAPI2 61 select CRYPTO_ALGAPI2
>> 62 select CRYPTO_RNG2
>> 63 select CRYPTO_WORKQUEUE
93 64
94 config CRYPTO_HASH 65 config CRYPTO_HASH
95 tristate 66 tristate
96 select CRYPTO_HASH2 67 select CRYPTO_HASH2
97 select CRYPTO_ALGAPI 68 select CRYPTO_ALGAPI
98 69
99 config CRYPTO_HASH2 70 config CRYPTO_HASH2
100 tristate 71 tristate
101 select CRYPTO_ALGAPI2 72 select CRYPTO_ALGAPI2
102 73
103 config CRYPTO_RNG 74 config CRYPTO_RNG
104 tristate 75 tristate
105 select CRYPTO_RNG2 76 select CRYPTO_RNG2
106 select CRYPTO_ALGAPI 77 select CRYPTO_ALGAPI
107 78
108 config CRYPTO_RNG2 79 config CRYPTO_RNG2
109 tristate 80 tristate
110 select CRYPTO_ALGAPI2 81 select CRYPTO_ALGAPI2
111 82
112 config CRYPTO_RNG_DEFAULT 83 config CRYPTO_RNG_DEFAULT
113 tristate 84 tristate
114 select CRYPTO_DRBG_MENU 85 select CRYPTO_DRBG_MENU
115 86
116 config CRYPTO_AKCIPHER2 !! 87 config CRYPTO_PCOMP
117 tristate 88 tristate
118 select CRYPTO_ALGAPI2 !! 89 select CRYPTO_PCOMP2
119 <<
120 config CRYPTO_AKCIPHER <<
121 tristate <<
122 select CRYPTO_AKCIPHER2 <<
123 select CRYPTO_ALGAPI 90 select CRYPTO_ALGAPI
124 91
125 config CRYPTO_KPP2 !! 92 config CRYPTO_PCOMP2
126 tristate 93 tristate
127 select CRYPTO_ALGAPI2 94 select CRYPTO_ALGAPI2
128 95
129 config CRYPTO_KPP !! 96 config CRYPTO_AKCIPHER2
130 tristate <<
131 select CRYPTO_ALGAPI <<
132 select CRYPTO_KPP2 <<
133 <<
134 config CRYPTO_ACOMP2 <<
135 tristate 97 tristate
136 select CRYPTO_ALGAPI2 98 select CRYPTO_ALGAPI2
137 select SGL_ALLOC <<
138 99
139 config CRYPTO_ACOMP !! 100 config CRYPTO_AKCIPHER
140 tristate 101 tristate
>> 102 select CRYPTO_AKCIPHER2
141 select CRYPTO_ALGAPI 103 select CRYPTO_ALGAPI
142 select CRYPTO_ACOMP2 !! 104
>> 105 config CRYPTO_RSA
>> 106 tristate "RSA algorithm"
>> 107 select CRYPTO_AKCIPHER
>> 108 select MPILIB
>> 109 select ASN1
>> 110 help
>> 111 Generic implementation of the RSA public key algorithm.
143 112
144 config CRYPTO_MANAGER 113 config CRYPTO_MANAGER
145 tristate "Cryptographic algorithm mana 114 tristate "Cryptographic algorithm manager"
146 select CRYPTO_MANAGER2 115 select CRYPTO_MANAGER2
147 help 116 help
148 Create default cryptographic templat 117 Create default cryptographic template instantiations such as
149 cbc(aes). 118 cbc(aes).
150 119
151 config CRYPTO_MANAGER2 120 config CRYPTO_MANAGER2
152 def_tristate CRYPTO_MANAGER || (CRYPTO 121 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153 select CRYPTO_ACOMP2 <<
154 select CRYPTO_AEAD2 122 select CRYPTO_AEAD2
155 select CRYPTO_AKCIPHER2 <<
156 select CRYPTO_SIG2 <<
157 select CRYPTO_HASH2 123 select CRYPTO_HASH2
158 select CRYPTO_KPP2 !! 124 select CRYPTO_BLKCIPHER2
159 select CRYPTO_RNG2 !! 125 select CRYPTO_PCOMP2
160 select CRYPTO_SKCIPHER2 !! 126 select CRYPTO_AKCIPHER2
161 127
162 config CRYPTO_USER 128 config CRYPTO_USER
163 tristate "Userspace cryptographic algo 129 tristate "Userspace cryptographic algorithm configuration"
164 depends on NET 130 depends on NET
165 select CRYPTO_MANAGER 131 select CRYPTO_MANAGER
166 help 132 help
167 Userspace configuration for cryptogr 133 Userspace configuration for cryptographic instantiations such as
168 cbc(aes). 134 cbc(aes).
169 135
170 config CRYPTO_MANAGER_DISABLE_TESTS 136 config CRYPTO_MANAGER_DISABLE_TESTS
171 bool "Disable run-time self tests" 137 bool "Disable run-time self tests"
172 default y 138 default y
>> 139 depends on CRYPTO_MANAGER2
173 help 140 help
174 Disable run-time self tests that nor 141 Disable run-time self tests that normally take place at
175 algorithm registration. 142 algorithm registration.
176 143
177 config CRYPTO_MANAGER_EXTRA_TESTS !! 144 config CRYPTO_GF128MUL
178 bool "Enable extra run-time crypto sel !! 145 tristate "GF(2^128) multiplication functions"
179 depends on DEBUG_KERNEL && !CRYPTO_MAN <<
180 help 146 help
181 Enable extra run-time self tests of !! 147 Efficient table driven implementation of multiplications in the
182 including randomized fuzz tests. !! 148 field GF(2^128). This is needed by some cypher modes. This
183 !! 149 option will be selected automatically if you select such a
184 This is intended for developer use o !! 150 cipher mode. Only select this option by hand if you expect to load
185 longer to run than the normal self t !! 151 an external module that requires these functions.
186 152
187 config CRYPTO_NULL 153 config CRYPTO_NULL
188 tristate "Null algorithms" 154 tristate "Null algorithms"
189 select CRYPTO_NULL2 155 select CRYPTO_NULL2
190 help 156 help
191 These are 'Null' algorithms, used by 157 These are 'Null' algorithms, used by IPsec, which do nothing.
192 158
193 config CRYPTO_NULL2 159 config CRYPTO_NULL2
194 tristate 160 tristate
195 select CRYPTO_ALGAPI2 161 select CRYPTO_ALGAPI2
196 select CRYPTO_SKCIPHER2 !! 162 select CRYPTO_BLKCIPHER2
197 select CRYPTO_HASH2 163 select CRYPTO_HASH2
198 164
199 config CRYPTO_PCRYPT 165 config CRYPTO_PCRYPT
200 tristate "Parallel crypto engine" 166 tristate "Parallel crypto engine"
201 depends on SMP 167 depends on SMP
202 select PADATA 168 select PADATA
203 select CRYPTO_MANAGER 169 select CRYPTO_MANAGER
204 select CRYPTO_AEAD 170 select CRYPTO_AEAD
205 help 171 help
206 This converts an arbitrary crypto al 172 This converts an arbitrary crypto algorithm into a parallel
207 algorithm that executes in kernel th 173 algorithm that executes in kernel threads.
208 174
>> 175 config CRYPTO_WORKQUEUE
>> 176 tristate
>> 177
209 config CRYPTO_CRYPTD 178 config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon 179 tristate "Software async crypto daemon"
211 select CRYPTO_SKCIPHER !! 180 select CRYPTO_BLKCIPHER
212 select CRYPTO_HASH 181 select CRYPTO_HASH
213 select CRYPTO_MANAGER 182 select CRYPTO_MANAGER
>> 183 select CRYPTO_WORKQUEUE
214 help 184 help
215 This is a generic software asynchron 185 This is a generic software asynchronous crypto daemon that
216 converts an arbitrary synchronous so 186 converts an arbitrary synchronous software crypto algorithm
217 into an asynchronous algorithm that 187 into an asynchronous algorithm that executes in a kernel thread.
218 188
>> 189 config CRYPTO_MCRYPTD
>> 190 tristate "Software async multi-buffer crypto daemon"
>> 191 select CRYPTO_BLKCIPHER
>> 192 select CRYPTO_HASH
>> 193 select CRYPTO_MANAGER
>> 194 select CRYPTO_WORKQUEUE
>> 195 help
>> 196 This is a generic software asynchronous crypto daemon that
>> 197 provides the kernel thread to assist multi-buffer crypto
>> 198 algorithms for submitting jobs and flushing jobs in multi-buffer
>> 199 crypto algorithms. Multi-buffer crypto algorithms are executed
>> 200 in the context of this kernel thread and drivers can post
>> 201 their crypto request asynchronously to be processed by this daemon.
>> 202
219 config CRYPTO_AUTHENC 203 config CRYPTO_AUTHENC
220 tristate "Authenc support" 204 tristate "Authenc support"
221 select CRYPTO_AEAD 205 select CRYPTO_AEAD
222 select CRYPTO_SKCIPHER !! 206 select CRYPTO_BLKCIPHER
223 select CRYPTO_MANAGER 207 select CRYPTO_MANAGER
224 select CRYPTO_HASH 208 select CRYPTO_HASH
225 select CRYPTO_NULL 209 select CRYPTO_NULL
226 help 210 help
227 Authenc: Combined mode wrapper for I 211 Authenc: Combined mode wrapper for IPsec.
228 !! 212 This is required for IPSec.
229 This is required for IPSec ESP (XFRM <<
230 213
231 config CRYPTO_TEST 214 config CRYPTO_TEST
232 tristate "Testing module" 215 tristate "Testing module"
233 depends on m || EXPERT !! 216 depends on m
234 select CRYPTO_MANAGER 217 select CRYPTO_MANAGER
235 help 218 help
236 Quick & dirty crypto test module. 219 Quick & dirty crypto test module.
237 220
238 config CRYPTO_SIMD !! 221 config CRYPTO_ABLK_HELPER
239 tristate 222 tristate
240 select CRYPTO_CRYPTD 223 select CRYPTO_CRYPTD
241 224
242 config CRYPTO_ENGINE !! 225 config CRYPTO_GLUE_HELPER_X86
243 tristate 226 tristate
>> 227 depends on X86
>> 228 select CRYPTO_ALGAPI
244 229
245 endmenu !! 230 comment "Authenticated Encryption with Associated Data"
246 231
247 menu "Public-key cryptography" !! 232 config CRYPTO_CCM
>> 233 tristate "CCM support"
>> 234 select CRYPTO_CTR
>> 235 select CRYPTO_AEAD
>> 236 help
>> 237 Support for Counter with CBC MAC. Required for IPsec.
248 238
249 config CRYPTO_RSA !! 239 config CRYPTO_GCM
250 tristate "RSA (Rivest-Shamir-Adleman)" !! 240 tristate "GCM/GMAC support"
251 select CRYPTO_AKCIPHER !! 241 select CRYPTO_CTR
252 select CRYPTO_MANAGER !! 242 select CRYPTO_AEAD
253 select MPILIB !! 243 select CRYPTO_GHASH
254 select ASN1 !! 244 select CRYPTO_NULL
255 help 245 help
256 RSA (Rivest-Shamir-Adleman) public k !! 246 Support for Galois/Counter Mode (GCM) and Galois Message
>> 247 Authentication Code (GMAC). Required for IPSec.
257 248
258 config CRYPTO_DH !! 249 config CRYPTO_CHACHA20POLY1305
259 tristate "DH (Diffie-Hellman)" !! 250 tristate "ChaCha20-Poly1305 AEAD support"
260 select CRYPTO_KPP !! 251 select CRYPTO_CHACHA20
261 select MPILIB !! 252 select CRYPTO_POLY1305
>> 253 select CRYPTO_AEAD
262 help 254 help
263 DH (Diffie-Hellman) key exchange alg !! 255 ChaCha20-Poly1305 AEAD support, RFC7539.
264 256
265 config CRYPTO_DH_RFC7919_GROUPS !! 257 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
266 bool "RFC 7919 FFDHE groups" !! 258 with the Poly1305 authenticator. It is defined in RFC7539 for use in
267 depends on CRYPTO_DH !! 259 IETF protocols.
>> 260
>> 261 config CRYPTO_SEQIV
>> 262 tristate "Sequence Number IV Generator"
>> 263 select CRYPTO_AEAD
>> 264 select CRYPTO_BLKCIPHER
>> 265 select CRYPTO_NULL
268 select CRYPTO_RNG_DEFAULT 266 select CRYPTO_RNG_DEFAULT
269 help 267 help
270 FFDHE (Finite-Field-based Diffie-Hel !! 268 This IV generator generates an IV based on a sequence number by
271 defined in RFC7919. !! 269 xoring it with a salt. This algorithm is mainly useful for CTR
272 270
273 Support these finite-field groups in !! 271 config CRYPTO_ECHAINIV
274 - ffdhe2048, ffdhe3072, ffdhe4096, f !! 272 tristate "Encrypted Chain IV Generator"
>> 273 select CRYPTO_AEAD
>> 274 select CRYPTO_NULL
>> 275 select CRYPTO_RNG_DEFAULT
>> 276 default m
>> 277 help
>> 278 This IV generator generates an IV based on the encryption of
>> 279 a sequence number xored with a salt. This is the default
>> 280 algorithm for CBC.
275 281
276 If unsure, say N. !! 282 comment "Block modes"
277 283
278 config CRYPTO_ECC !! 284 config CRYPTO_CBC
279 tristate !! 285 tristate "CBC support"
280 select CRYPTO_RNG_DEFAULT !! 286 select CRYPTO_BLKCIPHER
>> 287 select CRYPTO_MANAGER
>> 288 help
>> 289 CBC: Cipher Block Chaining mode
>> 290 This block cipher algorithm is required for IPSec.
281 291
282 config CRYPTO_ECDH !! 292 config CRYPTO_CTR
283 tristate "ECDH (Elliptic Curve Diffie- !! 293 tristate "CTR support"
284 select CRYPTO_ECC !! 294 select CRYPTO_BLKCIPHER
285 select CRYPTO_KPP !! 295 select CRYPTO_SEQIV
286 help !! 296 select CRYPTO_MANAGER
287 ECDH (Elliptic Curve Diffie-Hellman) <<
288 using curves P-192, P-256, and P-384 <<
289 <<
290 config CRYPTO_ECDSA <<
291 tristate "ECDSA (Elliptic Curve Digita <<
292 select CRYPTO_ECC <<
293 select CRYPTO_AKCIPHER <<
294 select ASN1 <<
295 help 297 help
296 ECDSA (Elliptic Curve Digital Signat !! 298 CTR: Counter mode
297 ISO/IEC 14888-3) !! 299 This block cipher algorithm is required for IPSec.
298 using curves P-192, P-256, and P-384 !! 300
299 !! 301 config CRYPTO_CTS
300 Only signature verification is imple !! 302 tristate "CTS support"
301 !! 303 select CRYPTO_BLKCIPHER
302 config CRYPTO_ECRDSA <<
303 tristate "EC-RDSA (Elliptic Curve Russ <<
304 select CRYPTO_ECC <<
305 select CRYPTO_AKCIPHER <<
306 select CRYPTO_STREEBOG <<
307 select OID_REGISTRY <<
308 select ASN1 <<
309 help 304 help
310 Elliptic Curve Russian Digital Signa !! 305 CTS: Cipher Text Stealing
311 RFC 7091, ISO/IEC 14888-3) !! 306 This is the Cipher Text Stealing mode as described by
>> 307 Section 8 of rfc2040 and referenced by rfc3962.
>> 308 (rfc3962 includes errata information in its Appendix A)
>> 309 This mode is required for Kerberos gss mechanism support
>> 310 for AES encryption.
312 311
313 One of the Russian cryptographic sta !! 312 config CRYPTO_ECB
314 algorithms). Only signature verifica !! 313 tristate "ECB support"
>> 314 select CRYPTO_BLKCIPHER
>> 315 select CRYPTO_MANAGER
>> 316 help
>> 317 ECB: Electronic CodeBook mode
>> 318 This is the simplest block cipher algorithm. It simply encrypts
>> 319 the input block by block.
315 320
316 config CRYPTO_CURVE25519 !! 321 config CRYPTO_LRW
317 tristate "Curve25519" !! 322 tristate "LRW support"
318 select CRYPTO_KPP !! 323 select CRYPTO_BLKCIPHER
319 select CRYPTO_LIB_CURVE25519_GENERIC !! 324 select CRYPTO_MANAGER
>> 325 select CRYPTO_GF128MUL
320 help 326 help
321 Curve25519 elliptic curve (RFC7748) !! 327 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
>> 328 narrow block cipher mode for dm-crypt. Use it with cipher
>> 329 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
>> 330 The first 128, 192 or 256 bits in the key are used for AES and the
>> 331 rest is used to tie each cipher block to its logical position.
322 332
323 endmenu !! 333 config CRYPTO_PCBC
>> 334 tristate "PCBC support"
>> 335 select CRYPTO_BLKCIPHER
>> 336 select CRYPTO_MANAGER
>> 337 help
>> 338 PCBC: Propagating Cipher Block Chaining mode
>> 339 This block cipher algorithm is required for RxRPC.
324 340
325 menu "Block ciphers" !! 341 config CRYPTO_XTS
>> 342 tristate "XTS support"
>> 343 select CRYPTO_BLKCIPHER
>> 344 select CRYPTO_MANAGER
>> 345 select CRYPTO_GF128MUL
>> 346 help
>> 347 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
>> 348 key size 256, 384 or 512 bits. This implementation currently
>> 349 can't handle a sectorsize which is not a multiple of 16 bytes.
326 350
327 config CRYPTO_AES !! 351 config CRYPTO_KEYWRAP
328 tristate "AES (Advanced Encryption Sta !! 352 tristate "Key wrapping support"
329 select CRYPTO_ALGAPI !! 353 select CRYPTO_BLKCIPHER
330 select CRYPTO_LIB_AES <<
331 help 354 help
332 AES cipher algorithms (Rijndael)(FIP !! 355 Support for key wrapping (NIST SP800-38F / RFC3394) without
>> 356 padding.
333 357
334 Rijndael appears to be consistently !! 358 comment "Hash modes"
335 both hardware and software across a <<
336 environments regardless of its use i <<
337 modes. Its key setup time is excelle <<
338 good. Rijndael's very low memory req <<
339 suited for restricted-space environm <<
340 demonstrates excellent performance. <<
341 among the easiest to defend against <<
342 359
343 The AES specifies three key sizes: 1 !! 360 config CRYPTO_CMAC
>> 361 tristate "CMAC support"
>> 362 select CRYPTO_HASH
>> 363 select CRYPTO_MANAGER
>> 364 help
>> 365 Cipher-based Message Authentication Code (CMAC) specified by
>> 366 The National Institute of Standards and Technology (NIST).
344 367
345 config CRYPTO_AES_TI !! 368 https://tools.ietf.org/html/rfc4493
346 tristate "AES (Advanced Encryption Sta !! 369 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
347 select CRYPTO_ALGAPI !! 370
348 select CRYPTO_LIB_AES !! 371 config CRYPTO_HMAC
>> 372 tristate "HMAC support"
>> 373 select CRYPTO_HASH
>> 374 select CRYPTO_MANAGER
349 help 375 help
350 AES cipher algorithms (Rijndael)(FIP !! 376 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
>> 377 This is required for IPSec.
351 378
352 This is a generic implementation of !! 379 config CRYPTO_XCBC
353 data dependent latencies as much as !! 380 tristate "XCBC support"
354 performance too much. It is intended !! 381 select CRYPTO_HASH
355 and GCM drivers, and other CTR or CM !! 382 select CRYPTO_MANAGER
356 solely on encryption (although decry !! 383 help
357 with a more dramatic performance hit !! 384 XCBC: Keyed-Hashing with encryption algorithm
358 !! 385 http://www.ietf.org/rfc/rfc3566.txt
359 Instead of using 16 lookup tables of !! 386 http://csrc.nist.gov/encryption/modes/proposedmodes/
360 8 for decryption), this implementati !! 387 xcbc-mac/xcbc-mac-spec.pdf
361 256 bytes each, and attempts to elim <<
362 prefetching the entire table into th <<
363 block. Interrupts are also disabled <<
364 are evicted when the CPU is interrup <<
365 388
366 config CRYPTO_ANUBIS !! 389 config CRYPTO_VMAC
367 tristate "Anubis" !! 390 tristate "VMAC support"
368 depends on CRYPTO_USER_API_ENABLE_OBSO !! 391 select CRYPTO_HASH
369 select CRYPTO_ALGAPI !! 392 select CRYPTO_MANAGER
370 help 393 help
371 Anubis cipher algorithm !! 394 VMAC is a message authentication algorithm designed for
>> 395 very high speed on 64-bit architectures.
372 396
373 Anubis is a variable key length ciph !! 397 See also:
374 128 bits to 320 bits in length. It !! 398 <http://fastcrypto.org/vmac>
375 in the NESSIE competition. <<
376 399
377 See https://web.archive.org/web/2016 !! 400 comment "Digest"
378 for further information. <<
379 401
380 config CRYPTO_ARIA !! 402 config CRYPTO_CRC32C
381 tristate "ARIA" !! 403 tristate "CRC32c CRC algorithm"
382 select CRYPTO_ALGAPI !! 404 select CRYPTO_HASH
>> 405 select CRC32
383 help 406 help
384 ARIA cipher algorithm (RFC5794) !! 407 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
385 !! 408 by iSCSI for header and data digests and by others.
386 ARIA is a standard encryption algori !! 409 See Castagnoli93. Module will be crc32c.
387 The ARIA specifies three key sizes a !! 410
388 128-bit: 12 rounds. !! 411 config CRYPTO_CRC32C_INTEL
389 192-bit: 14 rounds. !! 412 tristate "CRC32c INTEL hardware acceleration"
390 256-bit: 16 rounds. !! 413 depends on X86
>> 414 select CRYPTO_HASH
>> 415 help
>> 416 In Intel processor with SSE4.2 supported, the processor will
>> 417 support CRC32C implementation using hardware accelerated CRC32
>> 418 instruction. This option will create 'crc32c-intel' module,
>> 419 which will enable any routine to use the CRC32 instruction to
>> 420 gain performance compared with software implementation.
>> 421 Module will be crc32c-intel.
>> 422
>> 423 config CRYPTO_CRC32C_SPARC64
>> 424 tristate "CRC32c CRC algorithm (SPARC64)"
>> 425 depends on SPARC64
>> 426 select CRYPTO_HASH
>> 427 select CRC32
>> 428 help
>> 429 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
>> 430 when available.
391 431
392 See: !! 432 config CRYPTO_CRC32
393 https://seed.kisa.or.kr/kisa/algorit !! 433 tristate "CRC32 CRC algorithm"
>> 434 select CRYPTO_HASH
>> 435 select CRC32
>> 436 help
>> 437 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
>> 438 Shash crypto api wrappers to crc32_le function.
394 439
395 config CRYPTO_BLOWFISH !! 440 config CRYPTO_CRC32_PCLMUL
396 tristate "Blowfish" !! 441 tristate "CRC32 PCLMULQDQ hardware acceleration"
397 select CRYPTO_ALGAPI !! 442 depends on X86
398 select CRYPTO_BLOWFISH_COMMON !! 443 select CRYPTO_HASH
>> 444 select CRC32
399 help 445 help
400 Blowfish cipher algorithm, by Bruce !! 446 From Intel Westmere and AMD Bulldozer processor with SSE4.2
>> 447 and PCLMULQDQ supported, the processor will support
>> 448 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
>> 449 instruction. This option will create 'crc32-plcmul' module,
>> 450 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
>> 451 and gain better performance as compared with the table implementation.
401 452
402 This is a variable key length cipher !! 453 config CRYPTO_CRCT10DIF
403 bits to 448 bits in length. It's fa !! 454 tristate "CRCT10DIF algorithm"
404 designed for use on "large microproc !! 455 select CRYPTO_HASH
>> 456 help
>> 457 CRC T10 Data Integrity Field computation is being cast as
>> 458 a crypto transform. This allows for faster crc t10 diff
>> 459 transforms to be used if they are available.
405 460
406 See https://www.schneier.com/blowfis !! 461 config CRYPTO_CRCT10DIF_PCLMUL
>> 462 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
>> 463 depends on X86 && 64BIT && CRC_T10DIF
>> 464 select CRYPTO_HASH
>> 465 help
>> 466 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
>> 467 CRC T10 DIF PCLMULQDQ computation can be hardware
>> 468 accelerated PCLMULQDQ instruction. This option will create
>> 469 'crct10dif-plcmul' module, which is faster when computing the
>> 470 crct10dif checksum as compared with the generic table implementation.
407 471
408 config CRYPTO_BLOWFISH_COMMON !! 472 config CRYPTO_GHASH
409 tristate !! 473 tristate "GHASH digest algorithm"
>> 474 select CRYPTO_GF128MUL
410 help 475 help
411 Common parts of the Blowfish cipher !! 476 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
412 generic c and the assembler implemen <<
413 477
414 config CRYPTO_CAMELLIA !! 478 config CRYPTO_POLY1305
415 tristate "Camellia" !! 479 tristate "Poly1305 authenticator algorithm"
416 select CRYPTO_ALGAPI <<
417 help 480 help
418 Camellia cipher algorithms (ISO/IEC !! 481 Poly1305 authenticator algorithm, RFC7539.
419 482
420 Camellia is a symmetric key block ci !! 483 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
421 at NTT and Mitsubishi Electric Corpo !! 484 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
>> 485 in IETF protocols. This is the portable C implementation of Poly1305.
422 486
423 The Camellia specifies three key siz !! 487 config CRYPTO_POLY1305_X86_64
>> 488 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
>> 489 depends on X86 && 64BIT
>> 490 select CRYPTO_POLY1305
>> 491 help
>> 492 Poly1305 authenticator algorithm, RFC7539.
424 493
425 See https://info.isl.ntt.co.jp/crypt !! 494 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
>> 495 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
>> 496 in IETF protocols. This is the x86_64 assembler implementation using SIMD
>> 497 instructions.
426 498
427 config CRYPTO_CAST_COMMON !! 499 config CRYPTO_MD4
428 tristate !! 500 tristate "MD4 digest algorithm"
>> 501 select CRYPTO_HASH
429 help 502 help
430 Common parts of the CAST cipher algo !! 503 MD4 message digest algorithm (RFC1320).
431 generic c and the assembler implemen <<
432 504
433 config CRYPTO_CAST5 !! 505 config CRYPTO_MD5
434 tristate "CAST5 (CAST-128)" !! 506 tristate "MD5 digest algorithm"
435 select CRYPTO_ALGAPI !! 507 select CRYPTO_HASH
436 select CRYPTO_CAST_COMMON <<
437 help 508 help
438 CAST5 (CAST-128) cipher algorithm (R !! 509 MD5 message digest algorithm (RFC1321).
439 510
440 config CRYPTO_CAST6 !! 511 config CRYPTO_MD5_OCTEON
441 tristate "CAST6 (CAST-256)" !! 512 tristate "MD5 digest algorithm (OCTEON)"
442 select CRYPTO_ALGAPI !! 513 depends on CPU_CAVIUM_OCTEON
443 select CRYPTO_CAST_COMMON !! 514 select CRYPTO_MD5
>> 515 select CRYPTO_HASH
444 help 516 help
445 CAST6 (CAST-256) encryption algorith !! 517 MD5 message digest algorithm (RFC1321) implemented
>> 518 using OCTEON crypto instructions, when available.
446 519
447 config CRYPTO_DES !! 520 config CRYPTO_MD5_PPC
448 tristate "DES and Triple DES EDE" !! 521 tristate "MD5 digest algorithm (PPC)"
449 select CRYPTO_ALGAPI !! 522 depends on PPC
450 select CRYPTO_LIB_DES !! 523 select CRYPTO_HASH
451 help 524 help
452 DES (Data Encryption Standard)(FIPS !! 525 MD5 message digest algorithm (RFC1321) implemented
453 Triple DES EDE (Encrypt/Decrypt/Encr !! 526 in PPC assembler.
454 cipher algorithms <<
455 527
456 config CRYPTO_FCRYPT !! 528 config CRYPTO_MD5_SPARC64
457 tristate "FCrypt" !! 529 tristate "MD5 digest algorithm (SPARC64)"
458 select CRYPTO_ALGAPI !! 530 depends on SPARC64
459 select CRYPTO_SKCIPHER !! 531 select CRYPTO_MD5
>> 532 select CRYPTO_HASH
460 help 533 help
461 FCrypt algorithm used by RxRPC !! 534 MD5 message digest algorithm (RFC1321) implemented
>> 535 using sparc64 crypto instructions, when available.
462 536
463 See https://ota.polyonymo.us/fcrypt- !! 537 config CRYPTO_MICHAEL_MIC
>> 538 tristate "Michael MIC keyed digest algorithm"
>> 539 select CRYPTO_HASH
>> 540 help
>> 541 Michael MIC is used for message integrity protection in TKIP
>> 542 (IEEE 802.11i). This algorithm is required for TKIP, but it
>> 543 should not be used for other purposes because of the weakness
>> 544 of the algorithm.
464 545
465 config CRYPTO_KHAZAD !! 546 config CRYPTO_RMD128
466 tristate "Khazad" !! 547 tristate "RIPEMD-128 digest algorithm"
467 depends on CRYPTO_USER_API_ENABLE_OBSO !! 548 select CRYPTO_HASH
468 select CRYPTO_ALGAPI <<
469 help 549 help
470 Khazad cipher algorithm !! 550 RIPEMD-128 (ISO/IEC 10118-3:2004).
471 551
472 Khazad was a finalist in the initial !! 552 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
473 an algorithm optimized for 64-bit pr !! 553 be used as a secure replacement for RIPEMD. For other use cases,
474 on 32-bit processors. Khazad uses a !! 554 RIPEMD-160 should be used.
475 555
476 See https://web.archive.org/web/2017 !! 556 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
477 for further information. !! 557 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
478 558
479 config CRYPTO_SEED !! 559 config CRYPTO_RMD160
480 tristate "SEED" !! 560 tristate "RIPEMD-160 digest algorithm"
481 depends on CRYPTO_USER_API_ENABLE_OBSO !! 561 select CRYPTO_HASH
482 select CRYPTO_ALGAPI <<
483 help 562 help
484 SEED cipher algorithm (RFC4269, ISO/ !! 563 RIPEMD-160 (ISO/IEC 10118-3:2004).
485 564
486 SEED is a 128-bit symmetric key bloc !! 565 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
487 developed by KISA (Korea Information !! 566 to be used as a secure replacement for the 128-bit hash functions
488 national standard encryption algorit !! 567 MD4, MD5 and it's predecessor RIPEMD
489 It is a 16 round block cipher with t !! 568 (not to be confused with RIPEMD-128).
490 569
491 See https://seed.kisa.or.kr/kisa/alg !! 570 It's speed is comparable to SHA1 and there are no known attacks
492 for further information. !! 571 against RIPEMD-160.
493 572
494 config CRYPTO_SERPENT !! 573 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
495 tristate "Serpent" !! 574 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
496 select CRYPTO_ALGAPI !! 575
>> 576 config CRYPTO_RMD256
>> 577 tristate "RIPEMD-256 digest algorithm"
>> 578 select CRYPTO_HASH
497 help 579 help
498 Serpent cipher algorithm, by Anderso !! 580 RIPEMD-256 is an optional extension of RIPEMD-128 with a
>> 581 256 bit hash. It is intended for applications that require
>> 582 longer hash-results, without needing a larger security level
>> 583 (than RIPEMD-128).
499 584
500 Keys are allowed to be from 0 to 256 !! 585 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
501 of 8 bits. !! 586 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
502 587
503 See https://www.cl.cam.ac.uk/~rja14/ !! 588 config CRYPTO_RMD320
>> 589 tristate "RIPEMD-320 digest algorithm"
>> 590 select CRYPTO_HASH
>> 591 help
>> 592 RIPEMD-320 is an optional extension of RIPEMD-160 with a
>> 593 320 bit hash. It is intended for applications that require
>> 594 longer hash-results, without needing a larger security level
>> 595 (than RIPEMD-160).
504 596
505 config CRYPTO_SM4 !! 597 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
506 tristate !! 598 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
507 599
508 config CRYPTO_SM4_GENERIC !! 600 config CRYPTO_SHA1
509 tristate "SM4 (ShangMi 4)" !! 601 tristate "SHA1 digest algorithm"
510 select CRYPTO_ALGAPI !! 602 select CRYPTO_HASH
511 select CRYPTO_SM4 <<
512 help 603 help
513 SM4 cipher algorithms (OSCCA GB/T 32 !! 604 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
514 ISO/IEC 18033-3:2010/Amd 1:2021) <<
515 605
516 SM4 (GBT.32907-2016) is a cryptograp !! 606 config CRYPTO_SHA1_SSSE3
517 Organization of State Commercial Adm !! 607 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
518 as an authorized cryptographic algor !! 608 depends on X86 && 64BIT
>> 609 select CRYPTO_SHA1
>> 610 select CRYPTO_HASH
>> 611 help
>> 612 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 613 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
>> 614 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
>> 615 when available.
519 616
520 SMS4 was originally created for use !! 617 config CRYPTO_SHA256_SSSE3
521 networks, and is mandated in the Chi !! 618 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
522 Wireless LAN WAPI (Wired Authenticat !! 619 depends on X86 && 64BIT
523 (GB.15629.11-2003). !! 620 select CRYPTO_SHA256
>> 621 select CRYPTO_HASH
>> 622 help
>> 623 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 624 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 625 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 626 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
>> 627 Instructions) when available.
>> 628
>> 629 config CRYPTO_SHA512_SSSE3
>> 630 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
>> 631 depends on X86 && 64BIT
>> 632 select CRYPTO_SHA512
>> 633 select CRYPTO_HASH
>> 634 help
>> 635 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 636 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 637 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 638 version 2 (AVX2) instructions, when available.
>> 639
>> 640 config CRYPTO_SHA1_OCTEON
>> 641 tristate "SHA1 digest algorithm (OCTEON)"
>> 642 depends on CPU_CAVIUM_OCTEON
>> 643 select CRYPTO_SHA1
>> 644 select CRYPTO_HASH
>> 645 help
>> 646 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 647 using OCTEON crypto instructions, when available.
>> 648
>> 649 config CRYPTO_SHA1_SPARC64
>> 650 tristate "SHA1 digest algorithm (SPARC64)"
>> 651 depends on SPARC64
>> 652 select CRYPTO_SHA1
>> 653 select CRYPTO_HASH
>> 654 help
>> 655 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 656 using sparc64 crypto instructions, when available.
>> 657
>> 658 config CRYPTO_SHA1_PPC
>> 659 tristate "SHA1 digest algorithm (powerpc)"
>> 660 depends on PPC
>> 661 help
>> 662 This is the powerpc hardware accelerated implementation of the
>> 663 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
>> 664
>> 665 config CRYPTO_SHA1_PPC_SPE
>> 666 tristate "SHA1 digest algorithm (PPC SPE)"
>> 667 depends on PPC && SPE
>> 668 help
>> 669 SHA-1 secure hash standard (DFIPS 180-4) implemented
>> 670 using powerpc SPE SIMD instruction set.
>> 671
>> 672 config CRYPTO_SHA1_MB
>> 673 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
>> 674 depends on X86 && 64BIT
>> 675 select CRYPTO_SHA1
>> 676 select CRYPTO_HASH
>> 677 select CRYPTO_MCRYPTD
>> 678 help
>> 679 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 680 using multi-buffer technique. This algorithm computes on
>> 681 multiple data lanes concurrently with SIMD instructions for
>> 682 better throughput. It should not be enabled by default but
>> 683 used when there is significant amount of work to keep the keep
>> 684 the data lanes filled to get performance benefit. If the data
>> 685 lanes remain unfilled, a flush operation will be initiated to
>> 686 process the crypto jobs, adding a slight latency.
524 687
525 The latest SM4 standard (GBT.32907-2 !! 688 config CRYPTO_SHA256
526 standardized through TC 260 of the S !! 689 tristate "SHA224 and SHA256 digest algorithm"
527 of the People's Republic of China (S !! 690 select CRYPTO_HASH
>> 691 help
>> 692 SHA256 secure hash standard (DFIPS 180-2).
528 693
529 The input, output, and key of SMS4 a !! 694 This version of SHA implements a 256 bit hash with 128 bits of
>> 695 security against collision attacks.
530 696
531 See https://eprint.iacr.org/2008/329 !! 697 This code also includes SHA-224, a 224 bit hash with 112 bits
>> 698 of security against collision attacks.
532 699
533 If unsure, say N. !! 700 config CRYPTO_SHA256_PPC_SPE
>> 701 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
>> 702 depends on PPC && SPE
>> 703 select CRYPTO_SHA256
>> 704 select CRYPTO_HASH
>> 705 help
>> 706 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
>> 707 implemented using powerpc SPE SIMD instruction set.
534 708
535 config CRYPTO_TEA !! 709 config CRYPTO_SHA256_OCTEON
536 tristate "TEA, XTEA and XETA" !! 710 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
537 depends on CRYPTO_USER_API_ENABLE_OBSO !! 711 depends on CPU_CAVIUM_OCTEON
538 select CRYPTO_ALGAPI !! 712 select CRYPTO_SHA256
>> 713 select CRYPTO_HASH
539 help 714 help
540 TEA (Tiny Encryption Algorithm) ciph !! 715 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 716 using OCTEON crypto instructions, when available.
541 717
542 Tiny Encryption Algorithm is a simpl !! 718 config CRYPTO_SHA256_SPARC64
543 many rounds for security. It is ver !! 719 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
544 little memory. !! 720 depends on SPARC64
>> 721 select CRYPTO_SHA256
>> 722 select CRYPTO_HASH
>> 723 help
>> 724 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 725 using sparc64 crypto instructions, when available.
545 726
546 Xtendend Tiny Encryption Algorithm i !! 727 config CRYPTO_SHA512
547 the TEA algorithm to address a poten !! 728 tristate "SHA384 and SHA512 digest algorithms"
548 in the TEA algorithm. !! 729 select CRYPTO_HASH
>> 730 help
>> 731 SHA512 secure hash standard (DFIPS 180-2).
549 732
550 Xtendend Encryption Tiny Algorithm i !! 733 This version of SHA implements a 512 bit hash with 256 bits of
551 of the XTEA algorithm for compatibil !! 734 security against collision attacks.
552 735
553 config CRYPTO_TWOFISH !! 736 This code also includes SHA-384, a 384 bit hash with 192 bits
554 tristate "Twofish" !! 737 of security against collision attacks.
555 select CRYPTO_ALGAPI <<
556 select CRYPTO_TWOFISH_COMMON <<
557 help <<
558 Twofish cipher algorithm <<
559 738
560 Twofish was submitted as an AES (Adv !! 739 config CRYPTO_SHA512_OCTEON
561 candidate cipher by researchers at C !! 740 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
562 16 round block cipher supporting key !! 741 depends on CPU_CAVIUM_OCTEON
563 bits. !! 742 select CRYPTO_SHA512
>> 743 select CRYPTO_HASH
>> 744 help
>> 745 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 746 using OCTEON crypto instructions, when available.
564 747
565 See https://www.schneier.com/twofish !! 748 config CRYPTO_SHA512_SPARC64
>> 749 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
>> 750 depends on SPARC64
>> 751 select CRYPTO_SHA512
>> 752 select CRYPTO_HASH
>> 753 help
>> 754 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 755 using sparc64 crypto instructions, when available.
566 756
567 config CRYPTO_TWOFISH_COMMON !! 757 config CRYPTO_TGR192
568 tristate !! 758 tristate "Tiger digest algorithms"
>> 759 select CRYPTO_HASH
569 help 760 help
570 Common parts of the Twofish cipher a !! 761 Tiger hash algorithm 192, 160 and 128-bit hashes
571 generic c and the assembler implemen <<
572 762
573 endmenu !! 763 Tiger is a hash function optimized for 64-bit processors while
>> 764 still having decent performance on 32-bit processors.
>> 765 Tiger was developed by Ross Anderson and Eli Biham.
574 766
575 menu "Length-preserving ciphers and modes" !! 767 See also:
>> 768 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
576 769
577 config CRYPTO_ADIANTUM !! 770 config CRYPTO_WP512
578 tristate "Adiantum" !! 771 tristate "Whirlpool digest algorithms"
579 select CRYPTO_CHACHA20 !! 772 select CRYPTO_HASH
580 select CRYPTO_LIB_POLY1305_GENERIC <<
581 select CRYPTO_NHPOLY1305 <<
582 select CRYPTO_MANAGER <<
583 help 773 help
584 Adiantum tweakable, length-preservin !! 774 Whirlpool hash algorithm 512, 384 and 256-bit hashes
585 775
586 Designed for fast and secure disk en !! 776 Whirlpool-512 is part of the NESSIE cryptographic primitives.
587 CPUs without dedicated crypto instru !! 777 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
588 each sector using the XChaCha12 stre <<
589 an ε-almost-∆-universal hash func <<
590 the AES-256 block cipher on a single <<
591 without AES instructions, Adiantum i <<
592 AES-XTS. <<
593 <<
594 Adiantum's security is provably redu <<
595 underlying stream and block ciphers, <<
596 bound. Unlike XTS, Adiantum is a tr <<
597 mode, so it actually provides an eve <<
598 security than XTS, subject to the se <<
599 778
600 If unsure, say N. !! 779 See also:
>> 780 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
601 781
602 config CRYPTO_ARC4 !! 782 config CRYPTO_GHASH_CLMUL_NI_INTEL
603 tristate "ARC4 (Alleged Rivest Cipher !! 783 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
604 depends on CRYPTO_USER_API_ENABLE_OBSO !! 784 depends on X86 && 64BIT
605 select CRYPTO_SKCIPHER !! 785 select CRYPTO_CRYPTD
606 select CRYPTO_LIB_ARC4 <<
607 help 786 help
608 ARC4 cipher algorithm !! 787 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
>> 788 The implementation is accelerated by CLMUL-NI of Intel.
609 789
610 ARC4 is a stream cipher using keys r !! 790 comment "Ciphers"
611 bits in length. This algorithm is r <<
612 WEP, but it should not be for other <<
613 weakness of the algorithm. <<
614 791
615 config CRYPTO_CHACHA20 !! 792 config CRYPTO_AES
616 tristate "ChaCha" !! 793 tristate "AES cipher algorithms"
617 select CRYPTO_LIB_CHACHA_GENERIC !! 794 select CRYPTO_ALGAPI
618 select CRYPTO_SKCIPHER <<
619 help 795 help
620 The ChaCha20, XChaCha20, and XChaCha !! 796 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 797 algorithm.
621 798
622 ChaCha20 is a 256-bit high-speed str !! 799 Rijndael appears to be consistently a very good performer in
623 Bernstein and further specified in R !! 800 both hardware and software across a wide range of computing
624 This is the portable C implementatio !! 801 environments regardless of its use in feedback or non-feedback
625 https://cr.yp.to/chacha/chacha-20080 !! 802 modes. Its key setup time is excellent, and its key agility is
>> 803 good. Rijndael's very low memory requirements make it very well
>> 804 suited for restricted-space environments, in which it also
>> 805 demonstrates excellent performance. Rijndael's operations are
>> 806 among the easiest to defend against power and timing attacks.
626 807
627 XChaCha20 is the application of the !! 808 The AES specifies three key sizes: 128, 192 and 256 bits
628 rather than to Salsa20. XChaCha20 e <<
629 from 64 bits (or 96 bits using the R <<
630 while provably retaining ChaCha20's <<
631 https://cr.yp.to/snuffle/xsalsa-2008 <<
632 <<
633 XChaCha12 is XChaCha20 reduced to 12 <<
634 reduced security margin but increase <<
635 in some performance-sensitive scenar <<
636 809
637 config CRYPTO_CBC !! 810 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
638 tristate "CBC (Cipher Block Chaining)" !! 811
639 select CRYPTO_SKCIPHER !! 812 config CRYPTO_AES_586
640 select CRYPTO_MANAGER !! 813 tristate "AES cipher algorithms (i586)"
>> 814 depends on (X86 || UML_X86) && !64BIT
>> 815 select CRYPTO_ALGAPI
>> 816 select CRYPTO_AES
641 help 817 help
642 CBC (Cipher Block Chaining) mode (NI !! 818 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 819 algorithm.
643 820
644 This block cipher mode is required f !! 821 Rijndael appears to be consistently a very good performer in
>> 822 both hardware and software across a wide range of computing
>> 823 environments regardless of its use in feedback or non-feedback
>> 824 modes. Its key setup time is excellent, and its key agility is
>> 825 good. Rijndael's very low memory requirements make it very well
>> 826 suited for restricted-space environments, in which it also
>> 827 demonstrates excellent performance. Rijndael's operations are
>> 828 among the easiest to defend against power and timing attacks.
645 829
646 config CRYPTO_CTR !! 830 The AES specifies three key sizes: 128, 192 and 256 bits
647 tristate "CTR (Counter)" <<
648 select CRYPTO_SKCIPHER <<
649 select CRYPTO_MANAGER <<
650 help <<
651 CTR (Counter) mode (NIST SP800-38A) <<
652 831
653 config CRYPTO_CTS !! 832 See <http://csrc.nist.gov/encryption/aes/> for more information.
654 tristate "CTS (Cipher Text Stealing)" !! 833
655 select CRYPTO_SKCIPHER !! 834 config CRYPTO_AES_X86_64
656 select CRYPTO_MANAGER !! 835 tristate "AES cipher algorithms (x86_64)"
>> 836 depends on (X86 || UML_X86) && 64BIT
>> 837 select CRYPTO_ALGAPI
>> 838 select CRYPTO_AES
657 help 839 help
658 CBC-CS3 variant of CTS (Cipher Text !! 840 AES cipher algorithms (FIPS-197). AES uses the Rijndael
659 Addendum to SP800-38A (October 2010) !! 841 algorithm.
660 842
661 This mode is required for Kerberos g !! 843 Rijndael appears to be consistently a very good performer in
662 for AES encryption. !! 844 both hardware and software across a wide range of computing
>> 845 environments regardless of its use in feedback or non-feedback
>> 846 modes. Its key setup time is excellent, and its key agility is
>> 847 good. Rijndael's very low memory requirements make it very well
>> 848 suited for restricted-space environments, in which it also
>> 849 demonstrates excellent performance. Rijndael's operations are
>> 850 among the easiest to defend against power and timing attacks.
663 851
664 config CRYPTO_ECB !! 852 The AES specifies three key sizes: 128, 192 and 256 bits
665 tristate "ECB (Electronic Codebook)" <<
666 select CRYPTO_SKCIPHER2 <<
667 select CRYPTO_MANAGER <<
668 help <<
669 ECB (Electronic Codebook) mode (NIST <<
670 853
671 config CRYPTO_HCTR2 !! 854 See <http://csrc.nist.gov/encryption/aes/> for more information.
672 tristate "HCTR2" !! 855
673 select CRYPTO_XCTR !! 856 config CRYPTO_AES_NI_INTEL
674 select CRYPTO_POLYVAL !! 857 tristate "AES cipher algorithms (AES-NI)"
675 select CRYPTO_MANAGER !! 858 depends on X86
>> 859 select CRYPTO_AES_X86_64 if 64BIT
>> 860 select CRYPTO_AES_586 if !64BIT
>> 861 select CRYPTO_CRYPTD
>> 862 select CRYPTO_ABLK_HELPER
>> 863 select CRYPTO_ALGAPI
>> 864 select CRYPTO_GLUE_HELPER_X86 if 64BIT
>> 865 select CRYPTO_LRW
>> 866 select CRYPTO_XTS
676 help 867 help
677 HCTR2 length-preserving encryption m !! 868 Use Intel AES-NI instructions for AES algorithm.
678 869
679 A mode for storage encryption that i !! 870 AES cipher algorithms (FIPS-197). AES uses the Rijndael
680 instructions to accelerate AES and c !! 871 algorithm.
681 x86 processors with AES-NI and CLMUL <<
682 ARMv8 crypto extensions. <<
683 872
684 See https://eprint.iacr.org/2021/144 !! 873 Rijndael appears to be consistently a very good performer in
>> 874 both hardware and software across a wide range of computing
>> 875 environments regardless of its use in feedback or non-feedback
>> 876 modes. Its key setup time is excellent, and its key agility is
>> 877 good. Rijndael's very low memory requirements make it very well
>> 878 suited for restricted-space environments, in which it also
>> 879 demonstrates excellent performance. Rijndael's operations are
>> 880 among the easiest to defend against power and timing attacks.
685 881
686 config CRYPTO_KEYWRAP !! 882 The AES specifies three key sizes: 128, 192 and 256 bits
687 tristate "KW (AES Key Wrap)" <<
688 select CRYPTO_SKCIPHER <<
689 select CRYPTO_MANAGER <<
690 help <<
691 KW (AES Key Wrap) authenticated encr <<
692 and RFC3394) without padding. <<
693 883
694 config CRYPTO_LRW !! 884 See <http://csrc.nist.gov/encryption/aes/> for more information.
695 tristate "LRW (Liskov Rivest Wagner)" !! 885
696 select CRYPTO_LIB_GF128MUL !! 886 In addition to AES cipher algorithm support, the acceleration
697 select CRYPTO_SKCIPHER !! 887 for some popular block cipher mode is supported too, including
698 select CRYPTO_MANAGER !! 888 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
699 select CRYPTO_ECB !! 889 acceleration for CTR.
>> 890
>> 891 config CRYPTO_AES_SPARC64
>> 892 tristate "AES cipher algorithms (SPARC64)"
>> 893 depends on SPARC64
>> 894 select CRYPTO_CRYPTD
>> 895 select CRYPTO_ALGAPI
700 help 896 help
701 LRW (Liskov Rivest Wagner) mode !! 897 Use SPARC64 crypto opcodes for AES algorithm.
702 898
703 A tweakable, non malleable, non mova !! 899 AES cipher algorithms (FIPS-197). AES uses the Rijndael
704 narrow block cipher mode for dm-cryp !! 900 algorithm.
705 specification string aes-lrw-benbi, <<
706 The first 128, 192 or 256 bits in th <<
707 rest is used to tie each cipher bloc <<
708 901
709 See https://people.csail.mit.edu/riv !! 902 Rijndael appears to be consistently a very good performer in
>> 903 both hardware and software across a wide range of computing
>> 904 environments regardless of its use in feedback or non-feedback
>> 905 modes. Its key setup time is excellent, and its key agility is
>> 906 good. Rijndael's very low memory requirements make it very well
>> 907 suited for restricted-space environments, in which it also
>> 908 demonstrates excellent performance. Rijndael's operations are
>> 909 among the easiest to defend against power and timing attacks.
710 910
711 config CRYPTO_PCBC !! 911 The AES specifies three key sizes: 128, 192 and 256 bits
712 tristate "PCBC (Propagating Cipher Blo <<
713 select CRYPTO_SKCIPHER <<
714 select CRYPTO_MANAGER <<
715 help <<
716 PCBC (Propagating Cipher Block Chain <<
717 912
718 This block cipher mode is required f !! 913 See <http://csrc.nist.gov/encryption/aes/> for more information.
719 914
720 config CRYPTO_XCTR !! 915 In addition to AES cipher algorithm support, the acceleration
721 tristate !! 916 for some popular block cipher mode is supported too, including
722 select CRYPTO_SKCIPHER !! 917 ECB and CBC.
723 select CRYPTO_MANAGER !! 918
>> 919 config CRYPTO_AES_PPC_SPE
>> 920 tristate "AES cipher algorithms (PPC SPE)"
>> 921 depends on PPC && SPE
>> 922 help
>> 923 AES cipher algorithms (FIPS-197). Additionally the acceleration
>> 924 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
>> 925 This module should only be used for low power (router) devices
>> 926 without hardware AES acceleration (e.g. caam crypto). It reduces the
>> 927 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
>> 928 timining attacks. Nevertheless it might be not as secure as other
>> 929 architecture specific assembler implementations that work on 1KB
>> 930 tables or 256 bytes S-boxes.
>> 931
>> 932 config CRYPTO_ANUBIS
>> 933 tristate "Anubis cipher algorithm"
>> 934 select CRYPTO_ALGAPI
724 help 935 help
725 XCTR (XOR Counter) mode for HCTR2 !! 936 Anubis cipher algorithm.
726 937
727 This blockcipher mode is a variant o !! 938 Anubis is a variable key length cipher which can use keys from
728 addition rather than big-endian arit !! 939 128 bits to 320 bits in length. It was evaluated as a entrant
>> 940 in the NESSIE competition.
729 941
730 XCTR mode is used to implement HCTR2 !! 942 See also:
>> 943 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
>> 944 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
731 945
732 config CRYPTO_XTS !! 946 config CRYPTO_ARC4
733 tristate "XTS (XOR Encrypt XOR with ci !! 947 tristate "ARC4 cipher algorithm"
734 select CRYPTO_SKCIPHER !! 948 select CRYPTO_BLKCIPHER
735 select CRYPTO_MANAGER <<
736 select CRYPTO_ECB <<
737 help 949 help
738 XTS (XOR Encrypt XOR with ciphertext !! 950 ARC4 cipher algorithm.
739 and IEEE 1619) <<
740 951
741 Use with aes-xts-plain, key size 256 !! 952 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
742 implementation currently can't handl !! 953 bits in length. This algorithm is required for driver-based
743 multiple of 16 bytes. !! 954 WEP, but it should not be for other purposes because of the
>> 955 weakness of the algorithm.
744 956
745 config CRYPTO_NHPOLY1305 !! 957 config CRYPTO_BLOWFISH
746 tristate !! 958 tristate "Blowfish cipher algorithm"
747 select CRYPTO_HASH !! 959 select CRYPTO_ALGAPI
748 select CRYPTO_LIB_POLY1305_GENERIC !! 960 select CRYPTO_BLOWFISH_COMMON
>> 961 help
>> 962 Blowfish cipher algorithm, by Bruce Schneier.
749 963
750 endmenu !! 964 This is a variable key length cipher which can use keys from 32
>> 965 bits to 448 bits in length. It's fast, simple and specifically
>> 966 designed for use on "large microprocessors".
751 967
752 menu "AEAD (authenticated encryption with asso !! 968 See also:
>> 969 <http://www.schneier.com/blowfish.html>
753 970
754 config CRYPTO_AEGIS128 !! 971 config CRYPTO_BLOWFISH_COMMON
755 tristate "AEGIS-128" !! 972 tristate
756 select CRYPTO_AEAD <<
757 select CRYPTO_AES # for AES S-box tab <<
758 help 973 help
759 AEGIS-128 AEAD algorithm !! 974 Common parts of the Blowfish cipher algorithm shared by the
>> 975 generic c and the assembler implementations.
760 976
761 config CRYPTO_AEGIS128_SIMD !! 977 See also:
762 bool "AEGIS-128 (arm NEON, arm64 NEON) !! 978 <http://www.schneier.com/blowfish.html>
763 depends on CRYPTO_AEGIS128 && ((ARM || !! 979
764 default y !! 980 config CRYPTO_BLOWFISH_X86_64
>> 981 tristate "Blowfish cipher algorithm (x86_64)"
>> 982 depends on X86 && 64BIT
>> 983 select CRYPTO_ALGAPI
>> 984 select CRYPTO_BLOWFISH_COMMON
765 help 985 help
766 AEGIS-128 AEAD algorithm !! 986 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
767 987
768 Architecture: arm or arm64 using: !! 988 This is a variable key length cipher which can use keys from 32
769 - NEON (Advanced SIMD) extension !! 989 bits to 448 bits in length. It's fast, simple and specifically
>> 990 designed for use on "large microprocessors".
770 991
771 config CRYPTO_CHACHA20POLY1305 !! 992 See also:
772 tristate "ChaCha20-Poly1305" !! 993 <http://www.schneier.com/blowfish.html>
773 select CRYPTO_CHACHA20 <<
774 select CRYPTO_POLY1305 <<
775 select CRYPTO_AEAD <<
776 select CRYPTO_MANAGER <<
777 help <<
778 ChaCha20 stream cipher and Poly1305 <<
779 mode (RFC8439) <<
780 994
781 config CRYPTO_CCM !! 995 config CRYPTO_CAMELLIA
782 tristate "CCM (Counter with Cipher Blo !! 996 tristate "Camellia cipher algorithms"
783 select CRYPTO_CTR !! 997 depends on CRYPTO
784 select CRYPTO_HASH !! 998 select CRYPTO_ALGAPI
785 select CRYPTO_AEAD <<
786 select CRYPTO_MANAGER <<
787 help 999 help
788 CCM (Counter with Cipher Block Chain !! 1000 Camellia cipher algorithms module.
789 authenticated encryption mode (NIST <<
790 1001
791 config CRYPTO_GCM !! 1002 Camellia is a symmetric key block cipher developed jointly
792 tristate "GCM (Galois/Counter Mode) an !! 1003 at NTT and Mitsubishi Electric Corporation.
793 select CRYPTO_CTR <<
794 select CRYPTO_AEAD <<
795 select CRYPTO_GHASH <<
796 select CRYPTO_NULL <<
797 select CRYPTO_MANAGER <<
798 help <<
799 GCM (Galois/Counter Mode) authentica <<
800 (GCM Message Authentication Code) (N <<
801 1004
802 This is required for IPSec ESP (XFRM !! 1005 The Camellia specifies three key sizes: 128, 192 and 256 bits.
803 1006
804 config CRYPTO_GENIV !! 1007 See also:
805 tristate !! 1008 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
806 select CRYPTO_AEAD <<
807 select CRYPTO_NULL <<
808 select CRYPTO_MANAGER <<
809 select CRYPTO_RNG_DEFAULT <<
810 1009
811 config CRYPTO_SEQIV !! 1010 config CRYPTO_CAMELLIA_X86_64
812 tristate "Sequence Number IV Generator !! 1011 tristate "Camellia cipher algorithm (x86_64)"
813 select CRYPTO_GENIV !! 1012 depends on X86 && 64BIT
>> 1013 depends on CRYPTO
>> 1014 select CRYPTO_ALGAPI
>> 1015 select CRYPTO_GLUE_HELPER_X86
>> 1016 select CRYPTO_LRW
>> 1017 select CRYPTO_XTS
814 help 1018 help
815 Sequence Number IV generator !! 1019 Camellia cipher algorithm module (x86_64).
816 1020
817 This IV generator generates an IV ba !! 1021 Camellia is a symmetric key block cipher developed jointly
818 xoring it with a salt. This algorit !! 1022 at NTT and Mitsubishi Electric Corporation.
819 1023
820 This is required for IPsec ESP (XFRM !! 1024 The Camellia specifies three key sizes: 128, 192 and 256 bits.
821 1025
822 config CRYPTO_ECHAINIV !! 1026 See also:
823 tristate "Encrypted Chain IV Generator !! 1027 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
824 select CRYPTO_GENIV !! 1028
>> 1029 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1030 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
>> 1031 depends on X86 && 64BIT
>> 1032 depends on CRYPTO
>> 1033 select CRYPTO_ALGAPI
>> 1034 select CRYPTO_CRYPTD
>> 1035 select CRYPTO_ABLK_HELPER
>> 1036 select CRYPTO_GLUE_HELPER_X86
>> 1037 select CRYPTO_CAMELLIA_X86_64
>> 1038 select CRYPTO_LRW
>> 1039 select CRYPTO_XTS
825 help 1040 help
826 Encrypted Chain IV generator !! 1041 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
827 1042
828 This IV generator generates an IV ba !! 1043 Camellia is a symmetric key block cipher developed jointly
829 a sequence number xored with a salt. !! 1044 at NTT and Mitsubishi Electric Corporation.
830 algorithm for CBC. <<
831 1045
832 config CRYPTO_ESSIV !! 1046 The Camellia specifies three key sizes: 128, 192 and 256 bits.
833 tristate "Encrypted Salt-Sector IV Gen <<
834 select CRYPTO_AUTHENC <<
835 help <<
836 Encrypted Salt-Sector IV generator <<
837 1047
838 This IV generator is used in some ca !! 1048 See also:
839 dm-crypt. It uses the hash of the bl !! 1049 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
840 symmetric key for a block encryption <<
841 IV, making low entropy IV sources mo <<
842 encryption. <<
843 1050
844 This driver implements a crypto API !! 1051 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
845 instantiated either as an skcipher o !! 1052 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
846 type of the first template argument) !! 1053 depends on X86 && 64BIT
847 and decryption requests to the encap !! 1054 depends on CRYPTO
848 ESSIV to the input IV. Note that in !! 1055 select CRYPTO_ALGAPI
849 that the keys are presented in the s !! 1056 select CRYPTO_CRYPTD
850 template, and that the IV appears at !! 1057 select CRYPTO_ABLK_HELPER
851 associated data (AAD) region (which !! 1058 select CRYPTO_GLUE_HELPER_X86
>> 1059 select CRYPTO_CAMELLIA_X86_64
>> 1060 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1061 select CRYPTO_LRW
>> 1062 select CRYPTO_XTS
>> 1063 help
>> 1064 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
852 1065
853 Note that the use of ESSIV is not re !! 1066 Camellia is a symmetric key block cipher developed jointly
854 and so this only needs to be enabled !! 1067 at NTT and Mitsubishi Electric Corporation.
855 existing encrypted volumes of filesy <<
856 building for a particular system tha <<
857 the SoC in question has accelerated <<
858 combined with ESSIV the only feasibl <<
859 block encryption) <<
860 1068
861 endmenu !! 1069 The Camellia specifies three key sizes: 128, 192 and 256 bits.
862 1070
863 menu "Hashes, digests, and MACs" !! 1071 See also:
>> 1072 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
864 1073
865 config CRYPTO_BLAKE2B !! 1074 config CRYPTO_CAMELLIA_SPARC64
866 tristate "BLAKE2b" !! 1075 tristate "Camellia cipher algorithm (SPARC64)"
867 select CRYPTO_HASH !! 1076 depends on SPARC64
>> 1077 depends on CRYPTO
>> 1078 select CRYPTO_ALGAPI
868 help 1079 help
869 BLAKE2b cryptographic hash function !! 1080 Camellia cipher algorithm module (SPARC64).
870 1081
871 BLAKE2b is optimized for 64-bit plat !! 1082 Camellia is a symmetric key block cipher developed jointly
872 of any size between 1 and 64 bytes. !! 1083 at NTT and Mitsubishi Electric Corporation.
873 1084
874 This module provides the following a !! 1085 The Camellia specifies three key sizes: 128, 192 and 256 bits.
875 - blake2b-160 <<
876 - blake2b-256 <<
877 - blake2b-384 <<
878 - blake2b-512 <<
879 1086
880 Used by the btrfs filesystem. !! 1087 See also:
>> 1088 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
881 1089
882 See https://blake2.net for further i !! 1090 config CRYPTO_CAST_COMMON
>> 1091 tristate
>> 1092 help
>> 1093 Common parts of the CAST cipher algorithms shared by the
>> 1094 generic c and the assembler implementations.
883 1095
884 config CRYPTO_CMAC !! 1096 config CRYPTO_CAST5
885 tristate "CMAC (Cipher-based MAC)" !! 1097 tristate "CAST5 (CAST-128) cipher algorithm"
886 select CRYPTO_HASH !! 1098 select CRYPTO_ALGAPI
887 select CRYPTO_MANAGER !! 1099 select CRYPTO_CAST_COMMON
888 help 1100 help
889 CMAC (Cipher-based Message Authentic !! 1101 The CAST5 encryption algorithm (synonymous with CAST-128) is
890 mode (NIST SP800-38B and IETF RFC449 !! 1102 described in RFC2144.
891 1103
892 config CRYPTO_GHASH !! 1104 config CRYPTO_CAST5_AVX_X86_64
893 tristate "GHASH" !! 1105 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
894 select CRYPTO_HASH !! 1106 depends on X86 && 64BIT
895 select CRYPTO_LIB_GF128MUL !! 1107 select CRYPTO_ALGAPI
>> 1108 select CRYPTO_CRYPTD
>> 1109 select CRYPTO_ABLK_HELPER
>> 1110 select CRYPTO_CAST_COMMON
>> 1111 select CRYPTO_CAST5
896 help 1112 help
897 GCM GHASH function (NIST SP800-38D) !! 1113 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1114 described in RFC2144.
898 1115
899 config CRYPTO_HMAC !! 1116 This module provides the Cast5 cipher algorithm that processes
900 tristate "HMAC (Keyed-Hash MAC)" !! 1117 sixteen blocks parallel using the AVX instruction set.
901 select CRYPTO_HASH !! 1118
902 select CRYPTO_MANAGER !! 1119 config CRYPTO_CAST6
>> 1120 tristate "CAST6 (CAST-256) cipher algorithm"
>> 1121 select CRYPTO_ALGAPI
>> 1122 select CRYPTO_CAST_COMMON
903 help 1123 help
904 HMAC (Keyed-Hash Message Authenticat !! 1124 The CAST6 encryption algorithm (synonymous with CAST-256) is
905 RFC2104) !! 1125 described in RFC2612.
906 1126
907 This is required for IPsec AH (XFRM_ !! 1127 config CRYPTO_CAST6_AVX_X86_64
>> 1128 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
>> 1129 depends on X86 && 64BIT
>> 1130 select CRYPTO_ALGAPI
>> 1131 select CRYPTO_CRYPTD
>> 1132 select CRYPTO_ABLK_HELPER
>> 1133 select CRYPTO_GLUE_HELPER_X86
>> 1134 select CRYPTO_CAST_COMMON
>> 1135 select CRYPTO_CAST6
>> 1136 select CRYPTO_LRW
>> 1137 select CRYPTO_XTS
>> 1138 help
>> 1139 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1140 described in RFC2612.
908 1141
909 config CRYPTO_MD4 !! 1142 This module provides the Cast6 cipher algorithm that processes
910 tristate "MD4" !! 1143 eight blocks parallel using the AVX instruction set.
911 select CRYPTO_HASH !! 1144
>> 1145 config CRYPTO_DES
>> 1146 tristate "DES and Triple DES EDE cipher algorithms"
>> 1147 select CRYPTO_ALGAPI
912 help 1148 help
913 MD4 message digest algorithm (RFC132 !! 1149 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
914 1150
915 config CRYPTO_MD5 !! 1151 config CRYPTO_DES_SPARC64
916 tristate "MD5" !! 1152 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
917 select CRYPTO_HASH !! 1153 depends on SPARC64
>> 1154 select CRYPTO_ALGAPI
>> 1155 select CRYPTO_DES
918 help 1156 help
919 MD5 message digest algorithm (RFC132 !! 1157 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
>> 1158 optimized using SPARC64 crypto opcodes.
920 1159
921 config CRYPTO_MICHAEL_MIC !! 1160 config CRYPTO_DES3_EDE_X86_64
922 tristate "Michael MIC" !! 1161 tristate "Triple DES EDE cipher algorithm (x86-64)"
923 select CRYPTO_HASH !! 1162 depends on X86 && 64BIT
>> 1163 select CRYPTO_ALGAPI
>> 1164 select CRYPTO_DES
924 help 1165 help
925 Michael MIC (Message Integrity Code) !! 1166 Triple DES EDE (FIPS 46-3) algorithm.
926 1167
927 Defined by the IEEE 802.11i TKIP (Te !! 1168 This module provides implementation of the Triple DES EDE cipher
928 known as WPA (Wif-Fi Protected Acces !! 1169 algorithm that is optimized for x86-64 processors. Two versions of
>> 1170 algorithm are provided; regular processing one input block and
>> 1171 one that processes three blocks parallel.
929 1172
930 This algorithm is required for TKIP, !! 1173 config CRYPTO_FCRYPT
931 other purposes because of the weakne !! 1174 tristate "FCrypt cipher algorithm"
>> 1175 select CRYPTO_ALGAPI
>> 1176 select CRYPTO_BLKCIPHER
>> 1177 help
>> 1178 FCrypt algorithm used by RxRPC.
932 1179
933 config CRYPTO_POLYVAL !! 1180 config CRYPTO_KHAZAD
934 tristate !! 1181 tristate "Khazad cipher algorithm"
935 select CRYPTO_HASH !! 1182 select CRYPTO_ALGAPI
936 select CRYPTO_LIB_GF128MUL <<
937 help 1183 help
938 POLYVAL hash function for HCTR2 !! 1184 Khazad cipher algorithm.
>> 1185
>> 1186 Khazad was a finalist in the initial NESSIE competition. It is
>> 1187 an algorithm optimized for 64-bit processors with good performance
>> 1188 on 32-bit processors. Khazad uses an 128 bit key size.
939 1189
940 This is used in HCTR2. It is not a !! 1190 See also:
941 cryptographic hash function. !! 1191 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
942 1192
943 config CRYPTO_POLY1305 !! 1193 config CRYPTO_SALSA20
944 tristate "Poly1305" !! 1194 tristate "Salsa20 stream cipher algorithm"
945 select CRYPTO_HASH !! 1195 select CRYPTO_BLKCIPHER
946 select CRYPTO_LIB_POLY1305_GENERIC <<
947 help 1196 help
948 Poly1305 authenticator algorithm (RF !! 1197 Salsa20 stream cipher algorithm.
949 1198
950 Poly1305 is an authenticator algorit !! 1199 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
951 It is used for the ChaCha20-Poly1305 !! 1200 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
952 in IETF protocols. This is the porta <<
953 1201
954 config CRYPTO_RMD160 !! 1202 The Salsa20 stream cipher algorithm is designed by Daniel J.
955 tristate "RIPEMD-160" !! 1203 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
956 select CRYPTO_HASH <<
957 help <<
958 RIPEMD-160 hash function (ISO/IEC 10 <<
959 1204
960 RIPEMD-160 is a 160-bit cryptographi !! 1205 config CRYPTO_SALSA20_586
961 to be used as a secure replacement f !! 1206 tristate "Salsa20 stream cipher algorithm (i586)"
962 MD4, MD5 and its predecessor RIPEMD !! 1207 depends on (X86 || UML_X86) && !64BIT
963 (not to be confused with RIPEMD-128) !! 1208 select CRYPTO_BLKCIPHER
>> 1209 help
>> 1210 Salsa20 stream cipher algorithm.
964 1211
965 Its speed is comparable to SHA-1 and !! 1212 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
966 against RIPEMD-160. !! 1213 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
967 1214
968 Developed by Hans Dobbertin, Antoon !! 1215 The Salsa20 stream cipher algorithm is designed by Daniel J.
969 See https://homes.esat.kuleuven.be/~ !! 1216 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
970 for further information. <<
971 1217
972 config CRYPTO_SHA1 !! 1218 config CRYPTO_SALSA20_X86_64
973 tristate "SHA-1" !! 1219 tristate "Salsa20 stream cipher algorithm (x86_64)"
974 select CRYPTO_HASH !! 1220 depends on (X86 || UML_X86) && 64BIT
975 select CRYPTO_LIB_SHA1 !! 1221 select CRYPTO_BLKCIPHER
976 help 1222 help
977 SHA-1 secure hash algorithm (FIPS 18 !! 1223 Salsa20 stream cipher algorithm.
978 1224
979 config CRYPTO_SHA256 !! 1225 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
980 tristate "SHA-224 and SHA-256" !! 1226 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
981 select CRYPTO_HASH !! 1227
982 select CRYPTO_LIB_SHA256 !! 1228 The Salsa20 stream cipher algorithm is designed by Daniel J.
>> 1229 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
>> 1230
>> 1231 config CRYPTO_CHACHA20
>> 1232 tristate "ChaCha20 cipher algorithm"
>> 1233 select CRYPTO_BLKCIPHER
983 help 1234 help
984 SHA-224 and SHA-256 secure hash algo !! 1235 ChaCha20 cipher algorithm, RFC7539.
>> 1236
>> 1237 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
>> 1238 Bernstein and further specified in RFC7539 for use in IETF protocols.
>> 1239 This is the portable C implementation of ChaCha20.
985 1240
986 This is required for IPsec AH (XFRM_ !! 1241 See also:
987 Used by the btrfs filesystem, Ceph, !! 1242 <http://cr.yp.to/chacha/chacha-20080128.pdf>
988 1243
989 config CRYPTO_SHA512 !! 1244 config CRYPTO_CHACHA20_X86_64
990 tristate "SHA-384 and SHA-512" !! 1245 tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
991 select CRYPTO_HASH !! 1246 depends on X86 && 64BIT
>> 1247 select CRYPTO_BLKCIPHER
>> 1248 select CRYPTO_CHACHA20
992 help 1249 help
993 SHA-384 and SHA-512 secure hash algo !! 1250 ChaCha20 cipher algorithm, RFC7539.
994 1251
995 config CRYPTO_SHA3 !! 1252 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
996 tristate "SHA-3" !! 1253 Bernstein and further specified in RFC7539 for use in IETF protocols.
997 select CRYPTO_HASH !! 1254 This is the x86_64 assembler implementation using SIMD instructions.
>> 1255
>> 1256 See also:
>> 1257 <http://cr.yp.to/chacha/chacha-20080128.pdf>
>> 1258
>> 1259 config CRYPTO_SEED
>> 1260 tristate "SEED cipher algorithm"
>> 1261 select CRYPTO_ALGAPI
998 help 1262 help
999 SHA-3 secure hash algorithms (FIPS 2 !! 1263 SEED cipher algorithm (RFC4269).
1000 1264
1001 config CRYPTO_SM3 !! 1265 SEED is a 128-bit symmetric key block cipher that has been
1002 tristate !! 1266 developed by KISA (Korea Information Security Agency) as a
>> 1267 national standard encryption algorithm of the Republic of Korea.
>> 1268 It is a 16 round block cipher with the key size of 128 bit.
1003 1269
1004 config CRYPTO_SM3_GENERIC !! 1270 See also:
1005 tristate "SM3 (ShangMi 3)" !! 1271 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1006 select CRYPTO_HASH !! 1272
1007 select CRYPTO_SM3 !! 1273 config CRYPTO_SERPENT
>> 1274 tristate "Serpent cipher algorithm"
>> 1275 select CRYPTO_ALGAPI
1008 help 1276 help
1009 SM3 (ShangMi 3) secure hash functio !! 1277 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1010 1278
1011 This is part of the Chinese Commerc !! 1279 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1280 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
>> 1281 variant of Serpent for compatibility with old kerneli.org code.
1012 1282
1013 References: !! 1283 See also:
1014 http://www.oscca.gov.cn/UpFile/2010 !! 1284 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1015 https://datatracker.ietf.org/doc/ht <<
1016 1285
1017 config CRYPTO_STREEBOG !! 1286 config CRYPTO_SERPENT_SSE2_X86_64
1018 tristate "Streebog" !! 1287 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1019 select CRYPTO_HASH !! 1288 depends on X86 && 64BIT
>> 1289 select CRYPTO_ALGAPI
>> 1290 select CRYPTO_CRYPTD
>> 1291 select CRYPTO_ABLK_HELPER
>> 1292 select CRYPTO_GLUE_HELPER_X86
>> 1293 select CRYPTO_SERPENT
>> 1294 select CRYPTO_LRW
>> 1295 select CRYPTO_XTS
1020 help 1296 help
1021 Streebog Hash Function (GOST R 34.1 !! 1297 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1022 1298
1023 This is one of the Russian cryptogr !! 1299 Keys are allowed to be from 0 to 256 bits in length, in steps
1024 GOST algorithms). This setting enab !! 1300 of 8 bits.
1025 256 and 512 bits output. <<
1026 1301
1027 References: !! 1302 This module provides Serpent cipher algorithm that processes eight
1028 https://tc26.ru/upload/iblock/fed/f !! 1303 blocks parallel using SSE2 instruction set.
1029 https://tools.ietf.org/html/rfc6986 <<
1030 1304
1031 config CRYPTO_VMAC !! 1305 See also:
1032 tristate "VMAC" !! 1306 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1033 select CRYPTO_HASH !! 1307
1034 select CRYPTO_MANAGER !! 1308 config CRYPTO_SERPENT_SSE2_586
>> 1309 tristate "Serpent cipher algorithm (i586/SSE2)"
>> 1310 depends on X86 && !64BIT
>> 1311 select CRYPTO_ALGAPI
>> 1312 select CRYPTO_CRYPTD
>> 1313 select CRYPTO_ABLK_HELPER
>> 1314 select CRYPTO_GLUE_HELPER_X86
>> 1315 select CRYPTO_SERPENT
>> 1316 select CRYPTO_LRW
>> 1317 select CRYPTO_XTS
1035 help 1318 help
1036 VMAC is a message authentication al !! 1319 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1037 very high speed on 64-bit architect !! 1320
>> 1321 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1322 of 8 bits.
1038 1323
1039 See https://fastcrypto.org/vmac for !! 1324 This module provides Serpent cipher algorithm that processes four
>> 1325 blocks parallel using SSE2 instruction set.
1040 1326
1041 config CRYPTO_WP512 !! 1327 See also:
1042 tristate "Whirlpool" !! 1328 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1043 select CRYPTO_HASH !! 1329
>> 1330 config CRYPTO_SERPENT_AVX_X86_64
>> 1331 tristate "Serpent cipher algorithm (x86_64/AVX)"
>> 1332 depends on X86 && 64BIT
>> 1333 select CRYPTO_ALGAPI
>> 1334 select CRYPTO_CRYPTD
>> 1335 select CRYPTO_ABLK_HELPER
>> 1336 select CRYPTO_GLUE_HELPER_X86
>> 1337 select CRYPTO_SERPENT
>> 1338 select CRYPTO_LRW
>> 1339 select CRYPTO_XTS
1044 help 1340 help
1045 Whirlpool hash function (ISO/IEC 10 !! 1341 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1046 1342
1047 512, 384 and 256-bit hashes. !! 1343 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1344 of 8 bits.
1048 1345
1049 Whirlpool-512 is part of the NESSIE !! 1346 This module provides the Serpent cipher algorithm that processes
>> 1347 eight blocks parallel using the AVX instruction set.
1050 1348
1051 See https://web.archive.org/web/201 !! 1349 See also:
1052 for further information. !! 1350 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1053 1351
1054 config CRYPTO_XCBC !! 1352 config CRYPTO_SERPENT_AVX2_X86_64
1055 tristate "XCBC-MAC (Extended Cipher B !! 1353 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1056 select CRYPTO_HASH !! 1354 depends on X86 && 64BIT
1057 select CRYPTO_MANAGER !! 1355 select CRYPTO_ALGAPI
>> 1356 select CRYPTO_CRYPTD
>> 1357 select CRYPTO_ABLK_HELPER
>> 1358 select CRYPTO_GLUE_HELPER_X86
>> 1359 select CRYPTO_SERPENT
>> 1360 select CRYPTO_SERPENT_AVX_X86_64
>> 1361 select CRYPTO_LRW
>> 1362 select CRYPTO_XTS
1058 help 1363 help
1059 XCBC-MAC (Extended Cipher Block Cha !! 1364 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1060 Code) (RFC3566) <<
1061 1365
1062 config CRYPTO_XXHASH !! 1366 Keys are allowed to be from 0 to 256 bits in length, in steps
1063 tristate "xxHash" !! 1367 of 8 bits.
1064 select CRYPTO_HASH !! 1368
1065 select XXHASH !! 1369 This module provides Serpent cipher algorithm that processes 16
>> 1370 blocks parallel using AVX2 instruction set.
>> 1371
>> 1372 See also:
>> 1373 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1374
>> 1375 config CRYPTO_TEA
>> 1376 tristate "TEA, XTEA and XETA cipher algorithms"
>> 1377 select CRYPTO_ALGAPI
1066 help 1378 help
1067 xxHash non-cryptographic hash algor !! 1379 TEA cipher algorithm.
1068 1380
1069 Extremely fast, working at speeds c !! 1381 Tiny Encryption Algorithm is a simple cipher that uses
>> 1382 many rounds for security. It is very fast and uses
>> 1383 little memory.
1070 1384
1071 Used by the btrfs filesystem. !! 1385 Xtendend Tiny Encryption Algorithm is a modification to
>> 1386 the TEA algorithm to address a potential key weakness
>> 1387 in the TEA algorithm.
1072 1388
1073 endmenu !! 1389 Xtendend Encryption Tiny Algorithm is a mis-implementation
>> 1390 of the XTEA algorithm for compatibility purposes.
1074 1391
1075 menu "CRCs (cyclic redundancy checks)" !! 1392 config CRYPTO_TWOFISH
>> 1393 tristate "Twofish cipher algorithm"
>> 1394 select CRYPTO_ALGAPI
>> 1395 select CRYPTO_TWOFISH_COMMON
>> 1396 help
>> 1397 Twofish cipher algorithm.
1076 1398
1077 config CRYPTO_CRC32C !! 1399 Twofish was submitted as an AES (Advanced Encryption Standard)
1078 tristate "CRC32c" !! 1400 candidate cipher by researchers at CounterPane Systems. It is a
1079 select CRYPTO_HASH !! 1401 16 round block cipher supporting key sizes of 128, 192, and 256
1080 select CRC32 !! 1402 bits.
>> 1403
>> 1404 See also:
>> 1405 <http://www.schneier.com/twofish.html>
>> 1406
>> 1407 config CRYPTO_TWOFISH_COMMON
>> 1408 tristate
1081 help 1409 help
1082 CRC32c CRC algorithm with the iSCSI !! 1410 Common parts of the Twofish cipher algorithm shared by the
>> 1411 generic c and the assembler implementations.
1083 1412
1084 A 32-bit CRC (cyclic redundancy che !! 1413 config CRYPTO_TWOFISH_586
1085 by G. Castagnoli, S. Braeuer and M. !! 1414 tristate "Twofish cipher algorithms (i586)"
1086 Redundancy-Check Codes with 24 and !! 1415 depends on (X86 || UML_X86) && !64BIT
1087 on Communications, Vol. 41, No. 6, !! 1416 select CRYPTO_ALGAPI
1088 iSCSI. !! 1417 select CRYPTO_TWOFISH_COMMON
>> 1418 help
>> 1419 Twofish cipher algorithm.
1089 1420
1090 Used by btrfs, ext4, jbd2, NVMeoF/T !! 1421 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1422 candidate cipher by researchers at CounterPane Systems. It is a
>> 1423 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1424 bits.
1091 1425
1092 config CRYPTO_CRC32 !! 1426 See also:
1093 tristate "CRC32" !! 1427 <http://www.schneier.com/twofish.html>
1094 select CRYPTO_HASH !! 1428
1095 select CRC32 !! 1429 config CRYPTO_TWOFISH_X86_64
>> 1430 tristate "Twofish cipher algorithm (x86_64)"
>> 1431 depends on (X86 || UML_X86) && 64BIT
>> 1432 select CRYPTO_ALGAPI
>> 1433 select CRYPTO_TWOFISH_COMMON
1096 help 1434 help
1097 CRC32 CRC algorithm (IEEE 802.3) !! 1435 Twofish cipher algorithm (x86_64).
1098 1436
1099 Used by RoCEv2 and f2fs. !! 1437 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1438 candidate cipher by researchers at CounterPane Systems. It is a
>> 1439 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1440 bits.
1100 1441
1101 config CRYPTO_CRCT10DIF !! 1442 See also:
1102 tristate "CRCT10DIF" !! 1443 <http://www.schneier.com/twofish.html>
1103 select CRYPTO_HASH !! 1444
>> 1445 config CRYPTO_TWOFISH_X86_64_3WAY
>> 1446 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
>> 1447 depends on X86 && 64BIT
>> 1448 select CRYPTO_ALGAPI
>> 1449 select CRYPTO_TWOFISH_COMMON
>> 1450 select CRYPTO_TWOFISH_X86_64
>> 1451 select CRYPTO_GLUE_HELPER_X86
>> 1452 select CRYPTO_LRW
>> 1453 select CRYPTO_XTS
1104 help 1454 help
1105 CRC16 CRC algorithm used for the T1 !! 1455 Twofish cipher algorithm (x86_64, 3-way parallel).
>> 1456
>> 1457 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1458 candidate cipher by researchers at CounterPane Systems. It is a
>> 1459 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1460 bits.
1106 1461
1107 CRC algorithm used by the SCSI Bloc !! 1462 This module provides Twofish cipher algorithm that processes three
>> 1463 blocks parallel, utilizing resources of out-of-order CPUs better.
1108 1464
1109 config CRYPTO_CRC64_ROCKSOFT !! 1465 See also:
1110 tristate "CRC64 based on Rocksoft Mod !! 1466 <http://www.schneier.com/twofish.html>
1111 depends on CRC64 !! 1467
1112 select CRYPTO_HASH !! 1468 config CRYPTO_TWOFISH_AVX_X86_64
>> 1469 tristate "Twofish cipher algorithm (x86_64/AVX)"
>> 1470 depends on X86 && 64BIT
>> 1471 select CRYPTO_ALGAPI
>> 1472 select CRYPTO_CRYPTD
>> 1473 select CRYPTO_ABLK_HELPER
>> 1474 select CRYPTO_GLUE_HELPER_X86
>> 1475 select CRYPTO_TWOFISH_COMMON
>> 1476 select CRYPTO_TWOFISH_X86_64
>> 1477 select CRYPTO_TWOFISH_X86_64_3WAY
>> 1478 select CRYPTO_LRW
>> 1479 select CRYPTO_XTS
1113 help 1480 help
1114 CRC64 CRC algorithm based on the Ro !! 1481 Twofish cipher algorithm (x86_64/AVX).
1115 1482
1116 Used by the NVMe implementation of !! 1483 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1484 candidate cipher by researchers at CounterPane Systems. It is a
>> 1485 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1486 bits.
1117 1487
1118 See https://zlib.net/crc_v3.txt !! 1488 This module provides the Twofish cipher algorithm that processes
>> 1489 eight blocks parallel using the AVX Instruction Set.
1119 1490
1120 endmenu !! 1491 See also:
>> 1492 <http://www.schneier.com/twofish.html>
1121 1493
1122 menu "Compression" !! 1494 comment "Compression"
1123 1495
1124 config CRYPTO_DEFLATE 1496 config CRYPTO_DEFLATE
1125 tristate "Deflate" !! 1497 tristate "Deflate compression algorithm"
1126 select CRYPTO_ALGAPI 1498 select CRYPTO_ALGAPI
1127 select CRYPTO_ACOMP2 <<
1128 select ZLIB_INFLATE 1499 select ZLIB_INFLATE
1129 select ZLIB_DEFLATE 1500 select ZLIB_DEFLATE
1130 help 1501 help
1131 Deflate compression algorithm (RFC1 !! 1502 This is the Deflate algorithm (RFC1951), specified for use in
>> 1503 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1132 1504
1133 Used by IPSec with the IPCOMP proto !! 1505 You will most probably want this if using IPSec.
>> 1506
>> 1507 config CRYPTO_ZLIB
>> 1508 tristate "Zlib compression algorithm"
>> 1509 select CRYPTO_PCOMP
>> 1510 select ZLIB_INFLATE
>> 1511 select ZLIB_DEFLATE
>> 1512 select NLATTR
>> 1513 help
>> 1514 This is the zlib algorithm.
1134 1515
1135 config CRYPTO_LZO 1516 config CRYPTO_LZO
1136 tristate "LZO" !! 1517 tristate "LZO compression algorithm"
1137 select CRYPTO_ALGAPI 1518 select CRYPTO_ALGAPI
1138 select CRYPTO_ACOMP2 <<
1139 select LZO_COMPRESS 1519 select LZO_COMPRESS
1140 select LZO_DECOMPRESS 1520 select LZO_DECOMPRESS
1141 help 1521 help
1142 LZO compression algorithm !! 1522 This is the LZO algorithm.
1143 <<
1144 See https://www.oberhumer.com/opens <<
1145 1523
1146 config CRYPTO_842 1524 config CRYPTO_842
1147 tristate "842" !! 1525 tristate "842 compression algorithm"
1148 select CRYPTO_ALGAPI 1526 select CRYPTO_ALGAPI
1149 select CRYPTO_ACOMP2 <<
1150 select 842_COMPRESS 1527 select 842_COMPRESS
1151 select 842_DECOMPRESS 1528 select 842_DECOMPRESS
1152 help 1529 help
1153 842 compression algorithm by IBM !! 1530 This is the 842 algorithm.
1154 <<
1155 See https://github.com/plauth/lib84 <<
1156 1531
1157 config CRYPTO_LZ4 1532 config CRYPTO_LZ4
1158 tristate "LZ4" !! 1533 tristate "LZ4 compression algorithm"
1159 select CRYPTO_ALGAPI 1534 select CRYPTO_ALGAPI
1160 select CRYPTO_ACOMP2 <<
1161 select LZ4_COMPRESS 1535 select LZ4_COMPRESS
1162 select LZ4_DECOMPRESS 1536 select LZ4_DECOMPRESS
1163 help 1537 help
1164 LZ4 compression algorithm !! 1538 This is the LZ4 algorithm.
1165 <<
1166 See https://github.com/lz4/lz4 for <<
1167 1539
1168 config CRYPTO_LZ4HC 1540 config CRYPTO_LZ4HC
1169 tristate "LZ4HC" !! 1541 tristate "LZ4HC compression algorithm"
1170 select CRYPTO_ALGAPI 1542 select CRYPTO_ALGAPI
1171 select CRYPTO_ACOMP2 <<
1172 select LZ4HC_COMPRESS 1543 select LZ4HC_COMPRESS
1173 select LZ4_DECOMPRESS 1544 select LZ4_DECOMPRESS
1174 help 1545 help
1175 LZ4 high compression mode algorithm !! 1546 This is the LZ4 high compression mode algorithm.
1176 <<
1177 See https://github.com/lz4/lz4 for <<
1178 <<
1179 config CRYPTO_ZSTD <<
1180 tristate "Zstd" <<
1181 select CRYPTO_ALGAPI <<
1182 select CRYPTO_ACOMP2 <<
1183 select ZSTD_COMPRESS <<
1184 select ZSTD_DECOMPRESS <<
1185 help <<
1186 zstd compression algorithm <<
1187 <<
1188 See https://github.com/facebook/zst <<
1189 1547
1190 endmenu !! 1548 comment "Random Number Generation"
1191 <<
1192 menu "Random number generation" <<
1193 1549
1194 config CRYPTO_ANSI_CPRNG 1550 config CRYPTO_ANSI_CPRNG
1195 tristate "ANSI PRNG (Pseudo Random Nu !! 1551 tristate "Pseudo Random Number Generation for Cryptographic modules"
1196 select CRYPTO_AES 1552 select CRYPTO_AES
1197 select CRYPTO_RNG 1553 select CRYPTO_RNG
1198 help 1554 help
1199 Pseudo RNG (random number generator !! 1555 This option enables the generic pseudo random number generator
1200 !! 1556 for cryptographic modules. Uses the Algorithm specified in
1201 This uses the AES cipher algorithm. !! 1557 ANSI X9.31 A.2.4. Note that this option must be enabled if
1202 !! 1558 CRYPTO_FIPS is selected
1203 Note that this option must be enabl <<
1204 1559
1205 menuconfig CRYPTO_DRBG_MENU 1560 menuconfig CRYPTO_DRBG_MENU
1206 tristate "NIST SP800-90A DRBG (Determ !! 1561 tristate "NIST SP800-90A DRBG"
1207 help 1562 help
1208 DRBG (Deterministic Random Bit Gene !! 1563 NIST SP800-90A compliant DRBG. In the following submenu, one or
1209 !! 1564 more of the DRBG types must be selected.
1210 In the following submenu, one or mo <<
1211 1565
1212 if CRYPTO_DRBG_MENU 1566 if CRYPTO_DRBG_MENU
1213 1567
1214 config CRYPTO_DRBG_HMAC 1568 config CRYPTO_DRBG_HMAC
1215 bool 1569 bool
1216 default y 1570 default y
1217 select CRYPTO_HMAC 1571 select CRYPTO_HMAC
1218 select CRYPTO_SHA512 !! 1572 select CRYPTO_SHA256
1219 1573
1220 config CRYPTO_DRBG_HASH 1574 config CRYPTO_DRBG_HASH
1221 bool "Hash_DRBG" !! 1575 bool "Enable Hash DRBG"
1222 select CRYPTO_SHA256 1576 select CRYPTO_SHA256
1223 help 1577 help
1224 Hash_DRBG variant as defined in NIS !! 1578 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1225 <<
1226 This uses the SHA-1, SHA-256, SHA-3 <<
1227 1579
1228 config CRYPTO_DRBG_CTR 1580 config CRYPTO_DRBG_CTR
1229 bool "CTR_DRBG" !! 1581 bool "Enable CTR DRBG"
1230 select CRYPTO_AES 1582 select CRYPTO_AES
1231 select CRYPTO_CTR <<
1232 help 1583 help
1233 CTR_DRBG variant as defined in NIST !! 1584 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1234 <<
1235 This uses the AES cipher algorithm <<
1236 1585
1237 config CRYPTO_DRBG 1586 config CRYPTO_DRBG
1238 tristate 1587 tristate
1239 default CRYPTO_DRBG_MENU 1588 default CRYPTO_DRBG_MENU
1240 select CRYPTO_RNG 1589 select CRYPTO_RNG
1241 select CRYPTO_JITTERENTROPY 1590 select CRYPTO_JITTERENTROPY
1242 1591
1243 endif # if CRYPTO_DRBG_MENU 1592 endif # if CRYPTO_DRBG_MENU
1244 1593
1245 config CRYPTO_JITTERENTROPY 1594 config CRYPTO_JITTERENTROPY
1246 tristate "CPU Jitter Non-Deterministi !! 1595 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1247 select CRYPTO_RNG <<
1248 select CRYPTO_SHA3 <<
1249 help 1596 help
1250 CPU Jitter RNG (Random Number Gener !! 1597 The Jitterentropy RNG is a noise that is intended
1251 !! 1598 to provide seed to another RNG. The RNG does not
1252 A non-physical non-deterministic (" !! 1599 perform any cryptographic whitening of the generated
1253 compliant with NIST SP800-90B) inte !! 1600 random numbers. This Jitterentropy RNG registers with
1254 deterministic RNG (e.g., per NIST S !! 1601 the kernel crypto API and can be used by any caller.
1255 This RNG does not perform any crypt <<
1256 random numbers. <<
1257 <<
1258 See https://www.chronox.de/jent/ <<
1259 <<
1260 if CRYPTO_JITTERENTROPY <<
1261 if CRYPTO_FIPS && EXPERT <<
1262 <<
1263 choice <<
1264 prompt "CPU Jitter RNG Memory Size" <<
1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ <<
1266 help <<
1267 The Jitter RNG measures the executi <<
1268 Multiple consecutive memory accesse <<
1269 size fits into a cache (e.g. L1), o <<
1270 to that cache is measured. The clos <<
1271 the less variations are measured an <<
1272 obtained. Thus, if the memory size <<
1273 obtained entropy is less than if th <<
1274 L1 + L2, which in turn is less if t <<
1275 L1 + L2 + L3. Thus, by selecting a <<
1276 the entropy rate produced by the Ji <<
1277 <<
1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 <<
1279 bool "2048 Bytes (default)" <<
1280 <<
1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1282 bool "128 kBytes" <<
1283 <<
1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1285 bool "1024 kBytes" <<
1286 <<
1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 <<
1288 bool "8192 kBytes" <<
1289 endchoice <<
1290 <<
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1292 int <<
1293 default 64 if CRYPTO_JITTERENTROPY_ME <<
1294 default 512 if CRYPTO_JITTERENTROPY_M <<
1295 default 1024 if CRYPTO_JITTERENTROPY_ <<
1296 default 4096 if CRYPTO_JITTERENTROPY_ <<
1297 <<
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1299 int <<
1300 default 32 if CRYPTO_JITTERENTROPY_ME <<
1301 default 256 if CRYPTO_JITTERENTROPY_M <<
1302 default 1024 if CRYPTO_JITTERENTROPY_ <<
1303 default 2048 if CRYPTO_JITTERENTROPY_ <<
1304 <<
1305 config CRYPTO_JITTERENTROPY_OSR <<
1306 int "CPU Jitter RNG Oversampling Rate <<
1307 range 1 15 <<
1308 default 3 <<
1309 help <<
1310 The Jitter RNG allows the specifica <<
1311 The Jitter RNG operation requires a <<
1312 measurements to produce one output <<
1313 OSR value is multiplied with the am <<
1314 generate one output block. Thus, th <<
1315 by the OSR factor. The oversampling <<
1316 on hardware whose timers deliver li <<
1317 the timer is coarse) by setting the <<
1318 trade-off, however, is that the Jit <<
1319 to generate random numbers. <<
1320 <<
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1322 bool "CPU Jitter RNG Test Interface" <<
1323 help <<
1324 The test interface allows a privile <<
1325 the raw unconditioned high resoluti <<
1326 is collected by the Jitter RNG for <<
1327 this data is used at the same time <<
1328 the Jitter RNG operates in an insec <<
1329 recording is enabled. This interfac <<
1330 intended for testing purposes and i <<
1331 production systems. <<
1332 <<
1333 The raw noise data can be obtained <<
1334 debugfs file. Using the option <<
1335 jitterentropy_testing.boot_raw_hire <<
1336 the first 1000 entropy events since <<
1337 <<
1338 If unsure, select N. <<
1339 <<
1340 endif # if CRYPTO_FIPS && EXPERT <<
1341 <<
1342 if !(CRYPTO_FIPS && EXPERT) <<
1343 <<
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1345 int <<
1346 default 64 <<
1347 <<
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1349 int <<
1350 default 32 <<
1351 <<
1352 config CRYPTO_JITTERENTROPY_OSR <<
1353 int <<
1354 default 1 <<
1355 <<
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1357 bool <<
1358 <<
1359 endif # if !(CRYPTO_FIPS && EXPERT) <<
1360 endif # if CRYPTO_JITTERENTROPY <<
1361 <<
1362 config CRYPTO_KDF800108_CTR <<
1363 tristate <<
1364 select CRYPTO_HMAC <<
1365 select CRYPTO_SHA256 <<
1366 <<
1367 endmenu <<
1368 menu "Userspace interface" <<
1369 1602
1370 config CRYPTO_USER_API 1603 config CRYPTO_USER_API
1371 tristate 1604 tristate
1372 1605
1373 config CRYPTO_USER_API_HASH 1606 config CRYPTO_USER_API_HASH
1374 tristate "Hash algorithms" !! 1607 tristate "User-space interface for hash algorithms"
1375 depends on NET 1608 depends on NET
1376 select CRYPTO_HASH 1609 select CRYPTO_HASH
1377 select CRYPTO_USER_API 1610 select CRYPTO_USER_API
1378 help 1611 help
1379 Enable the userspace interface for !! 1612 This option enables the user-spaces interface for hash
1380 !! 1613 algorithms.
1381 See Documentation/crypto/userspace- <<
1382 https://www.chronox.de/libkcapi/htm <<
1383 1614
1384 config CRYPTO_USER_API_SKCIPHER 1615 config CRYPTO_USER_API_SKCIPHER
1385 tristate "Symmetric key cipher algori !! 1616 tristate "User-space interface for symmetric key cipher algorithms"
1386 depends on NET 1617 depends on NET
1387 select CRYPTO_SKCIPHER !! 1618 select CRYPTO_BLKCIPHER
1388 select CRYPTO_USER_API 1619 select CRYPTO_USER_API
1389 help 1620 help
1390 Enable the userspace interface for !! 1621 This option enables the user-spaces interface for symmetric
1391 !! 1622 key cipher algorithms.
1392 See Documentation/crypto/userspace- <<
1393 https://www.chronox.de/libkcapi/htm <<
1394 1623
1395 config CRYPTO_USER_API_RNG 1624 config CRYPTO_USER_API_RNG
1396 tristate "RNG (random number generato !! 1625 tristate "User-space interface for random number generator algorithms"
1397 depends on NET 1626 depends on NET
1398 select CRYPTO_RNG 1627 select CRYPTO_RNG
1399 select CRYPTO_USER_API 1628 select CRYPTO_USER_API
1400 help 1629 help
1401 Enable the userspace interface for !! 1630 This option enables the user-spaces interface for random
1402 algorithms. !! 1631 number generator algorithms.
1403 <<
1404 See Documentation/crypto/userspace- <<
1405 https://www.chronox.de/libkcapi/htm <<
1406 <<
1407 config CRYPTO_USER_API_RNG_CAVP <<
1408 bool "Enable CAVP testing of DRBG" <<
1409 depends on CRYPTO_USER_API_RNG && CRY <<
1410 help <<
1411 Enable extra APIs in the userspace <<
1412 (Cryptographic Algorithm Validation <<
1413 - resetting DRBG entropy <<
1414 - providing Additional Data <<
1415 <<
1416 This should only be enabled for CAV <<
1417 no unless you know what this is. <<
1418 1632
1419 config CRYPTO_USER_API_AEAD 1633 config CRYPTO_USER_API_AEAD
1420 tristate "AEAD cipher algorithms" !! 1634 tristate "User-space interface for AEAD cipher algorithms"
1421 depends on NET 1635 depends on NET
1422 select CRYPTO_AEAD 1636 select CRYPTO_AEAD
1423 select CRYPTO_SKCIPHER <<
1424 select CRYPTO_NULL <<
1425 select CRYPTO_USER_API 1637 select CRYPTO_USER_API
1426 help 1638 help
1427 Enable the userspace interface for !! 1639 This option enables the user-spaces interface for AEAD
1428 !! 1640 cipher algorithms.
1429 See Documentation/crypto/userspace- <<
1430 https://www.chronox.de/libkcapi/htm <<
1431 <<
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE <<
1433 bool "Obsolete cryptographic algorith <<
1434 depends on CRYPTO_USER_API <<
1435 default y <<
1436 help <<
1437 Allow obsolete cryptographic algori <<
1438 already been phased out from intern <<
1439 only useful for userspace clients t <<
1440 <<
1441 endmenu <<
1442 1641
1443 config CRYPTO_HASH_INFO 1642 config CRYPTO_HASH_INFO
1444 bool 1643 bool
1445 1644
1446 if !KMSAN # avoid false positives from assemb <<
1447 if ARM <<
1448 source "arch/arm/crypto/Kconfig" <<
1449 endif <<
1450 if ARM64 <<
1451 source "arch/arm64/crypto/Kconfig" <<
1452 endif <<
1453 if LOONGARCH <<
1454 source "arch/loongarch/crypto/Kconfig" <<
1455 endif <<
1456 if MIPS <<
1457 source "arch/mips/crypto/Kconfig" <<
1458 endif <<
1459 if PPC <<
1460 source "arch/powerpc/crypto/Kconfig" <<
1461 endif <<
1462 if RISCV <<
1463 source "arch/riscv/crypto/Kconfig" <<
1464 endif <<
1465 if S390 <<
1466 source "arch/s390/crypto/Kconfig" <<
1467 endif <<
1468 if SPARC <<
1469 source "arch/sparc/crypto/Kconfig" <<
1470 endif <<
1471 if X86 <<
1472 source "arch/x86/crypto/Kconfig" <<
1473 endif <<
1474 endif <<
1475 <<
1476 source "drivers/crypto/Kconfig" 1645 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig" !! 1646 source crypto/asymmetric_keys/Kconfig
1478 source "certs/Kconfig" !! 1647 source certs/Kconfig
1479 1648
1480 endif # if CRYPTO 1649 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.