1 # SPDX-License-Identifier: GPL-2.0 1 # SPDX-License-Identifier: GPL-2.0
2 # 2 #
3 # Generic algorithms support 3 # Generic algorithms support
4 # 4 #
5 config XOR_BLOCKS 5 config XOR_BLOCKS
6 tristate 6 tristate
7 7
8 # 8 #
9 # async_tx api: hardware offloaded memory tran 9 # async_tx api: hardware offloaded memory transfer/transform support
10 # 10 #
11 source "crypto/async_tx/Kconfig" 11 source "crypto/async_tx/Kconfig"
12 12
13 # 13 #
14 # Cryptographic API Configuration 14 # Cryptographic API Configuration
15 # 15 #
16 menuconfig CRYPTO 16 menuconfig CRYPTO
17 tristate "Cryptographic API" 17 tristate "Cryptographic API"
18 select CRYPTO_LIB_UTILS <<
19 help 18 help
20 This option provides the core Crypto 19 This option provides the core Cryptographic API.
21 20
22 if CRYPTO 21 if CRYPTO
23 22
24 menu "Crypto core or helper" !! 23 comment "Crypto core or helper"
25 24
26 config CRYPTO_FIPS 25 config CRYPTO_FIPS
27 bool "FIPS 200 compliance" 26 bool "FIPS 200 compliance"
28 depends on (CRYPTO_ANSI_CPRNG || CRYPT 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
29 depends on (MODULE_SIG || !MODULES) 28 depends on (MODULE_SIG || !MODULES)
30 help 29 help
31 This option enables the fips boot op 30 This option enables the fips boot option which is
32 required if you want the system to o 31 required if you want the system to operate in a FIPS 200
33 certification. You should say no un 32 certification. You should say no unless you know what
34 this is. 33 this is.
35 34
36 config CRYPTO_FIPS_NAME <<
37 string "FIPS Module Name" <<
38 default "Linux Kernel Cryptographic AP <<
39 depends on CRYPTO_FIPS <<
40 help <<
41 This option sets the FIPS Module nam <<
42 the /proc/sys/crypto/fips_name file. <<
43 <<
44 config CRYPTO_FIPS_CUSTOM_VERSION <<
45 bool "Use Custom FIPS Module Version" <<
46 depends on CRYPTO_FIPS <<
47 default n <<
48 <<
49 config CRYPTO_FIPS_VERSION <<
50 string "FIPS Module Version" <<
51 default "(none)" <<
52 depends on CRYPTO_FIPS_CUSTOM_VERSION <<
53 help <<
54 This option provides the ability to <<
55 By default the KERNELRELEASE value i <<
56 <<
57 config CRYPTO_ALGAPI 35 config CRYPTO_ALGAPI
58 tristate 36 tristate
59 select CRYPTO_ALGAPI2 37 select CRYPTO_ALGAPI2
60 help 38 help
61 This option provides the API for cry 39 This option provides the API for cryptographic algorithms.
62 40
63 config CRYPTO_ALGAPI2 41 config CRYPTO_ALGAPI2
64 tristate 42 tristate
65 43
66 config CRYPTO_AEAD 44 config CRYPTO_AEAD
67 tristate 45 tristate
68 select CRYPTO_AEAD2 46 select CRYPTO_AEAD2
69 select CRYPTO_ALGAPI 47 select CRYPTO_ALGAPI
70 48
71 config CRYPTO_AEAD2 49 config CRYPTO_AEAD2
72 tristate 50 tristate
73 select CRYPTO_ALGAPI2 51 select CRYPTO_ALGAPI2
74 !! 52 select CRYPTO_NULL2
75 config CRYPTO_SIG !! 53 select CRYPTO_RNG2
76 tristate <<
77 select CRYPTO_SIG2 <<
78 select CRYPTO_ALGAPI <<
79 <<
80 config CRYPTO_SIG2 <<
81 tristate <<
82 select CRYPTO_ALGAPI2 <<
83 54
84 config CRYPTO_SKCIPHER 55 config CRYPTO_SKCIPHER
85 tristate 56 tristate
86 select CRYPTO_SKCIPHER2 57 select CRYPTO_SKCIPHER2
87 select CRYPTO_ALGAPI 58 select CRYPTO_ALGAPI
88 select CRYPTO_ECB <<
89 59
90 config CRYPTO_SKCIPHER2 60 config CRYPTO_SKCIPHER2
91 tristate 61 tristate
92 select CRYPTO_ALGAPI2 62 select CRYPTO_ALGAPI2
>> 63 select CRYPTO_RNG2
93 64
94 config CRYPTO_HASH 65 config CRYPTO_HASH
95 tristate 66 tristate
96 select CRYPTO_HASH2 67 select CRYPTO_HASH2
97 select CRYPTO_ALGAPI 68 select CRYPTO_ALGAPI
98 69
99 config CRYPTO_HASH2 70 config CRYPTO_HASH2
100 tristate 71 tristate
101 select CRYPTO_ALGAPI2 72 select CRYPTO_ALGAPI2
102 73
103 config CRYPTO_RNG 74 config CRYPTO_RNG
104 tristate 75 tristate
105 select CRYPTO_RNG2 76 select CRYPTO_RNG2
106 select CRYPTO_ALGAPI 77 select CRYPTO_ALGAPI
107 78
108 config CRYPTO_RNG2 79 config CRYPTO_RNG2
109 tristate 80 tristate
110 select CRYPTO_ALGAPI2 81 select CRYPTO_ALGAPI2
111 82
112 config CRYPTO_RNG_DEFAULT 83 config CRYPTO_RNG_DEFAULT
113 tristate 84 tristate
114 select CRYPTO_DRBG_MENU 85 select CRYPTO_DRBG_MENU
115 86
116 config CRYPTO_AKCIPHER2 87 config CRYPTO_AKCIPHER2
117 tristate 88 tristate
118 select CRYPTO_ALGAPI2 89 select CRYPTO_ALGAPI2
119 90
120 config CRYPTO_AKCIPHER 91 config CRYPTO_AKCIPHER
121 tristate 92 tristate
122 select CRYPTO_AKCIPHER2 93 select CRYPTO_AKCIPHER2
123 select CRYPTO_ALGAPI 94 select CRYPTO_ALGAPI
124 95
125 config CRYPTO_KPP2 96 config CRYPTO_KPP2
126 tristate 97 tristate
127 select CRYPTO_ALGAPI2 98 select CRYPTO_ALGAPI2
128 99
129 config CRYPTO_KPP 100 config CRYPTO_KPP
130 tristate 101 tristate
131 select CRYPTO_ALGAPI 102 select CRYPTO_ALGAPI
132 select CRYPTO_KPP2 103 select CRYPTO_KPP2
133 104
134 config CRYPTO_ACOMP2 105 config CRYPTO_ACOMP2
135 tristate 106 tristate
136 select CRYPTO_ALGAPI2 107 select CRYPTO_ALGAPI2
137 select SGL_ALLOC 108 select SGL_ALLOC
138 109
139 config CRYPTO_ACOMP 110 config CRYPTO_ACOMP
140 tristate 111 tristate
141 select CRYPTO_ALGAPI 112 select CRYPTO_ALGAPI
142 select CRYPTO_ACOMP2 113 select CRYPTO_ACOMP2
143 114
144 config CRYPTO_MANAGER 115 config CRYPTO_MANAGER
145 tristate "Cryptographic algorithm mana 116 tristate "Cryptographic algorithm manager"
146 select CRYPTO_MANAGER2 117 select CRYPTO_MANAGER2
147 help 118 help
148 Create default cryptographic templat 119 Create default cryptographic template instantiations such as
149 cbc(aes). 120 cbc(aes).
150 121
151 config CRYPTO_MANAGER2 122 config CRYPTO_MANAGER2
152 def_tristate CRYPTO_MANAGER || (CRYPTO 123 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153 select CRYPTO_ACOMP2 <<
154 select CRYPTO_AEAD2 124 select CRYPTO_AEAD2
155 select CRYPTO_AKCIPHER2 <<
156 select CRYPTO_SIG2 <<
157 select CRYPTO_HASH2 125 select CRYPTO_HASH2
158 select CRYPTO_KPP2 <<
159 select CRYPTO_RNG2 <<
160 select CRYPTO_SKCIPHER2 126 select CRYPTO_SKCIPHER2
>> 127 select CRYPTO_AKCIPHER2
>> 128 select CRYPTO_KPP2
>> 129 select CRYPTO_ACOMP2
161 130
162 config CRYPTO_USER 131 config CRYPTO_USER
163 tristate "Userspace cryptographic algo 132 tristate "Userspace cryptographic algorithm configuration"
164 depends on NET 133 depends on NET
165 select CRYPTO_MANAGER 134 select CRYPTO_MANAGER
166 help 135 help
167 Userspace configuration for cryptogr 136 Userspace configuration for cryptographic instantiations such as
168 cbc(aes). 137 cbc(aes).
169 138
>> 139 if CRYPTO_MANAGER2
>> 140
170 config CRYPTO_MANAGER_DISABLE_TESTS 141 config CRYPTO_MANAGER_DISABLE_TESTS
171 bool "Disable run-time self tests" 142 bool "Disable run-time self tests"
172 default y 143 default y
173 help 144 help
174 Disable run-time self tests that nor 145 Disable run-time self tests that normally take place at
175 algorithm registration. 146 algorithm registration.
176 147
177 config CRYPTO_MANAGER_EXTRA_TESTS 148 config CRYPTO_MANAGER_EXTRA_TESTS
178 bool "Enable extra run-time crypto sel 149 bool "Enable extra run-time crypto self tests"
179 depends on DEBUG_KERNEL && !CRYPTO_MAN !! 150 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS
180 help 151 help
181 Enable extra run-time self tests of 152 Enable extra run-time self tests of registered crypto algorithms,
182 including randomized fuzz tests. 153 including randomized fuzz tests.
183 154
184 This is intended for developer use o 155 This is intended for developer use only, as these tests take much
185 longer to run than the normal self t 156 longer to run than the normal self tests.
186 157
>> 158 endif # if CRYPTO_MANAGER2
>> 159
>> 160 config CRYPTO_GF128MUL
>> 161 tristate
>> 162
187 config CRYPTO_NULL 163 config CRYPTO_NULL
188 tristate "Null algorithms" 164 tristate "Null algorithms"
189 select CRYPTO_NULL2 165 select CRYPTO_NULL2
190 help 166 help
191 These are 'Null' algorithms, used by 167 These are 'Null' algorithms, used by IPsec, which do nothing.
192 168
193 config CRYPTO_NULL2 169 config CRYPTO_NULL2
194 tristate 170 tristate
195 select CRYPTO_ALGAPI2 171 select CRYPTO_ALGAPI2
196 select CRYPTO_SKCIPHER2 172 select CRYPTO_SKCIPHER2
197 select CRYPTO_HASH2 173 select CRYPTO_HASH2
198 174
199 config CRYPTO_PCRYPT 175 config CRYPTO_PCRYPT
200 tristate "Parallel crypto engine" 176 tristate "Parallel crypto engine"
201 depends on SMP 177 depends on SMP
202 select PADATA 178 select PADATA
203 select CRYPTO_MANAGER 179 select CRYPTO_MANAGER
204 select CRYPTO_AEAD 180 select CRYPTO_AEAD
205 help 181 help
206 This converts an arbitrary crypto al 182 This converts an arbitrary crypto algorithm into a parallel
207 algorithm that executes in kernel th 183 algorithm that executes in kernel threads.
208 184
209 config CRYPTO_CRYPTD 185 config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon 186 tristate "Software async crypto daemon"
211 select CRYPTO_SKCIPHER 187 select CRYPTO_SKCIPHER
212 select CRYPTO_HASH 188 select CRYPTO_HASH
213 select CRYPTO_MANAGER 189 select CRYPTO_MANAGER
214 help 190 help
215 This is a generic software asynchron 191 This is a generic software asynchronous crypto daemon that
216 converts an arbitrary synchronous so 192 converts an arbitrary synchronous software crypto algorithm
217 into an asynchronous algorithm that 193 into an asynchronous algorithm that executes in a kernel thread.
218 194
219 config CRYPTO_AUTHENC 195 config CRYPTO_AUTHENC
220 tristate "Authenc support" 196 tristate "Authenc support"
221 select CRYPTO_AEAD 197 select CRYPTO_AEAD
222 select CRYPTO_SKCIPHER 198 select CRYPTO_SKCIPHER
223 select CRYPTO_MANAGER 199 select CRYPTO_MANAGER
224 select CRYPTO_HASH 200 select CRYPTO_HASH
225 select CRYPTO_NULL 201 select CRYPTO_NULL
226 help 202 help
227 Authenc: Combined mode wrapper for I 203 Authenc: Combined mode wrapper for IPsec.
228 !! 204 This is required for IPSec.
229 This is required for IPSec ESP (XFRM <<
230 205
231 config CRYPTO_TEST 206 config CRYPTO_TEST
232 tristate "Testing module" 207 tristate "Testing module"
233 depends on m || EXPERT !! 208 depends on m
234 select CRYPTO_MANAGER 209 select CRYPTO_MANAGER
235 help 210 help
236 Quick & dirty crypto test module. 211 Quick & dirty crypto test module.
237 212
238 config CRYPTO_SIMD 213 config CRYPTO_SIMD
239 tristate 214 tristate
240 select CRYPTO_CRYPTD 215 select CRYPTO_CRYPTD
241 216
242 config CRYPTO_ENGINE !! 217 config CRYPTO_GLUE_HELPER_X86
243 tristate 218 tristate
>> 219 depends on X86
>> 220 select CRYPTO_SKCIPHER
244 221
245 endmenu !! 222 config CRYPTO_ENGINE
>> 223 tristate
246 224
247 menu "Public-key cryptography" !! 225 comment "Public-key cryptography"
248 226
249 config CRYPTO_RSA 227 config CRYPTO_RSA
250 tristate "RSA (Rivest-Shamir-Adleman)" !! 228 tristate "RSA algorithm"
251 select CRYPTO_AKCIPHER 229 select CRYPTO_AKCIPHER
252 select CRYPTO_MANAGER 230 select CRYPTO_MANAGER
253 select MPILIB 231 select MPILIB
254 select ASN1 232 select ASN1
255 help 233 help
256 RSA (Rivest-Shamir-Adleman) public k !! 234 Generic implementation of the RSA public key algorithm.
257 235
258 config CRYPTO_DH 236 config CRYPTO_DH
259 tristate "DH (Diffie-Hellman)" !! 237 tristate "Diffie-Hellman algorithm"
260 select CRYPTO_KPP 238 select CRYPTO_KPP
261 select MPILIB 239 select MPILIB
262 help 240 help
263 DH (Diffie-Hellman) key exchange alg !! 241 Generic implementation of the Diffie-Hellman algorithm.
264 <<
265 config CRYPTO_DH_RFC7919_GROUPS <<
266 bool "RFC 7919 FFDHE groups" <<
267 depends on CRYPTO_DH <<
268 select CRYPTO_RNG_DEFAULT <<
269 help <<
270 FFDHE (Finite-Field-based Diffie-Hel <<
271 defined in RFC7919. <<
272 <<
273 Support these finite-field groups in <<
274 - ffdhe2048, ffdhe3072, ffdhe4096, f <<
275 <<
276 If unsure, say N. <<
277 242
278 config CRYPTO_ECC 243 config CRYPTO_ECC
279 tristate 244 tristate
280 select CRYPTO_RNG_DEFAULT <<
281 245
282 config CRYPTO_ECDH 246 config CRYPTO_ECDH
283 tristate "ECDH (Elliptic Curve Diffie- !! 247 tristate "ECDH algorithm"
284 select CRYPTO_ECC 248 select CRYPTO_ECC
285 select CRYPTO_KPP 249 select CRYPTO_KPP
>> 250 select CRYPTO_RNG_DEFAULT
286 help 251 help
287 ECDH (Elliptic Curve Diffie-Hellman) !! 252 Generic implementation of the ECDH algorithm
288 using curves P-192, P-256, and P-384 <<
289 <<
290 config CRYPTO_ECDSA <<
291 tristate "ECDSA (Elliptic Curve Digita <<
292 select CRYPTO_ECC <<
293 select CRYPTO_AKCIPHER <<
294 select ASN1 <<
295 help <<
296 ECDSA (Elliptic Curve Digital Signat <<
297 ISO/IEC 14888-3) <<
298 using curves P-192, P-256, and P-384 <<
299 <<
300 Only signature verification is imple <<
301 253
302 config CRYPTO_ECRDSA 254 config CRYPTO_ECRDSA
303 tristate "EC-RDSA (Elliptic Curve Russ !! 255 tristate "EC-RDSA (GOST 34.10) algorithm"
304 select CRYPTO_ECC 256 select CRYPTO_ECC
305 select CRYPTO_AKCIPHER 257 select CRYPTO_AKCIPHER
306 select CRYPTO_STREEBOG 258 select CRYPTO_STREEBOG
307 select OID_REGISTRY 259 select OID_REGISTRY
308 select ASN1 260 select ASN1
309 help 261 help
310 Elliptic Curve Russian Digital Signa 262 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
311 RFC 7091, ISO/IEC 14888-3) !! 263 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
312 !! 264 standard algorithms (called GOST algorithms). Only signature verification
313 One of the Russian cryptographic sta !! 265 is implemented.
314 algorithms). Only signature verifica <<
315 266
316 config CRYPTO_CURVE25519 267 config CRYPTO_CURVE25519
317 tristate "Curve25519" !! 268 tristate "Curve25519 algorithm"
318 select CRYPTO_KPP 269 select CRYPTO_KPP
319 select CRYPTO_LIB_CURVE25519_GENERIC 270 select CRYPTO_LIB_CURVE25519_GENERIC
320 help <<
321 Curve25519 elliptic curve (RFC7748) <<
322 <<
323 endmenu <<
324 <<
325 menu "Block ciphers" <<
326 <<
327 config CRYPTO_AES <<
328 tristate "AES (Advanced Encryption Sta <<
329 select CRYPTO_ALGAPI <<
330 select CRYPTO_LIB_AES <<
331 help <<
332 AES cipher algorithms (Rijndael)(FIP <<
333 <<
334 Rijndael appears to be consistently <<
335 both hardware and software across a <<
336 environments regardless of its use i <<
337 modes. Its key setup time is excelle <<
338 good. Rijndael's very low memory req <<
339 suited for restricted-space environm <<
340 demonstrates excellent performance. <<
341 among the easiest to defend against <<
342 <<
343 The AES specifies three key sizes: 1 <<
344 271
345 config CRYPTO_AES_TI !! 272 config CRYPTO_CURVE25519_X86
346 tristate "AES (Advanced Encryption Sta !! 273 tristate "x86_64 accelerated Curve25519 scalar multiplication library"
347 select CRYPTO_ALGAPI !! 274 depends on X86 && 64BIT
348 select CRYPTO_LIB_AES !! 275 select CRYPTO_LIB_CURVE25519_GENERIC
349 help !! 276 select CRYPTO_ARCH_HAVE_LIB_CURVE25519
350 AES cipher algorithms (Rijndael)(FIP <<
351 <<
352 This is a generic implementation of <<
353 data dependent latencies as much as <<
354 performance too much. It is intended <<
355 and GCM drivers, and other CTR or CM <<
356 solely on encryption (although decry <<
357 with a more dramatic performance hit <<
358 <<
359 Instead of using 16 lookup tables of <<
360 8 for decryption), this implementati <<
361 256 bytes each, and attempts to elim <<
362 prefetching the entire table into th <<
363 block. Interrupts are also disabled <<
364 are evicted when the CPU is interrup <<
365 <<
366 config CRYPTO_ANUBIS <<
367 tristate "Anubis" <<
368 depends on CRYPTO_USER_API_ENABLE_OBSO <<
369 select CRYPTO_ALGAPI <<
370 help <<
371 Anubis cipher algorithm <<
372 <<
373 Anubis is a variable key length ciph <<
374 128 bits to 320 bits in length. It <<
375 in the NESSIE competition. <<
376 <<
377 See https://web.archive.org/web/2016 <<
378 for further information. <<
379 <<
380 config CRYPTO_ARIA <<
381 tristate "ARIA" <<
382 select CRYPTO_ALGAPI <<
383 help <<
384 ARIA cipher algorithm (RFC5794) <<
385 <<
386 ARIA is a standard encryption algori <<
387 The ARIA specifies three key sizes a <<
388 128-bit: 12 rounds. <<
389 192-bit: 14 rounds. <<
390 256-bit: 16 rounds. <<
391 277
392 See: !! 278 comment "Authenticated Encryption with Associated Data"
393 https://seed.kisa.or.kr/kisa/algorit <<
394 279
395 config CRYPTO_BLOWFISH !! 280 config CRYPTO_CCM
396 tristate "Blowfish" !! 281 tristate "CCM support"
397 select CRYPTO_ALGAPI !! 282 select CRYPTO_CTR
398 select CRYPTO_BLOWFISH_COMMON !! 283 select CRYPTO_HASH
>> 284 select CRYPTO_AEAD
>> 285 select CRYPTO_MANAGER
399 help 286 help
400 Blowfish cipher algorithm, by Bruce !! 287 Support for Counter with CBC MAC. Required for IPsec.
401 288
402 This is a variable key length cipher !! 289 config CRYPTO_GCM
403 bits to 448 bits in length. It's fa !! 290 tristate "GCM/GMAC support"
404 designed for use on "large microproc !! 291 select CRYPTO_CTR
405 !! 292 select CRYPTO_AEAD
406 See https://www.schneier.com/blowfis !! 293 select CRYPTO_GHASH
407 !! 294 select CRYPTO_NULL
408 config CRYPTO_BLOWFISH_COMMON !! 295 select CRYPTO_MANAGER
409 tristate <<
410 help 296 help
411 Common parts of the Blowfish cipher !! 297 Support for Galois/Counter Mode (GCM) and Galois Message
412 generic c and the assembler implemen !! 298 Authentication Code (GMAC). Required for IPSec.
413 299
414 config CRYPTO_CAMELLIA !! 300 config CRYPTO_CHACHA20POLY1305
415 tristate "Camellia" !! 301 tristate "ChaCha20-Poly1305 AEAD support"
416 select CRYPTO_ALGAPI !! 302 select CRYPTO_CHACHA20
>> 303 select CRYPTO_POLY1305
>> 304 select CRYPTO_AEAD
>> 305 select CRYPTO_MANAGER
417 help 306 help
418 Camellia cipher algorithms (ISO/IEC !! 307 ChaCha20-Poly1305 AEAD support, RFC7539.
419 <<
420 Camellia is a symmetric key block ci <<
421 at NTT and Mitsubishi Electric Corpo <<
422 308
423 The Camellia specifies three key siz !! 309 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
424 !! 310 with the Poly1305 authenticator. It is defined in RFC7539 for use in
425 See https://info.isl.ntt.co.jp/crypt !! 311 IETF protocols.
426 <<
427 config CRYPTO_CAST_COMMON <<
428 tristate <<
429 help <<
430 Common parts of the CAST cipher algo <<
431 generic c and the assembler implemen <<
432 312
433 config CRYPTO_CAST5 !! 313 config CRYPTO_AEGIS128
434 tristate "CAST5 (CAST-128)" !! 314 tristate "AEGIS-128 AEAD algorithm"
435 select CRYPTO_ALGAPI !! 315 select CRYPTO_AEAD
436 select CRYPTO_CAST_COMMON !! 316 select CRYPTO_AES # for AES S-box tables
437 help 317 help
438 CAST5 (CAST-128) cipher algorithm (R !! 318 Support for the AEGIS-128 dedicated AEAD algorithm.
439 319
440 config CRYPTO_CAST6 !! 320 config CRYPTO_AEGIS128_SIMD
441 tristate "CAST6 (CAST-256)" !! 321 bool "Support SIMD acceleration for AEGIS-128"
442 select CRYPTO_ALGAPI !! 322 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
443 select CRYPTO_CAST_COMMON !! 323 depends on !ARM || CC_IS_CLANG || GCC_VERSION >= 40800
444 help !! 324 default y
445 CAST6 (CAST-256) encryption algorith <<
446 325
447 config CRYPTO_DES !! 326 config CRYPTO_AEGIS128_AESNI_SSE2
448 tristate "DES and Triple DES EDE" !! 327 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
449 select CRYPTO_ALGAPI !! 328 depends on X86 && 64BIT
450 select CRYPTO_LIB_DES !! 329 select CRYPTO_AEAD
>> 330 select CRYPTO_SIMD
451 help 331 help
452 DES (Data Encryption Standard)(FIPS !! 332 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
453 Triple DES EDE (Encrypt/Decrypt/Encr <<
454 cipher algorithms <<
455 333
456 config CRYPTO_FCRYPT !! 334 config CRYPTO_SEQIV
457 tristate "FCrypt" !! 335 tristate "Sequence Number IV Generator"
458 select CRYPTO_ALGAPI !! 336 select CRYPTO_AEAD
459 select CRYPTO_SKCIPHER 337 select CRYPTO_SKCIPHER
460 help !! 338 select CRYPTO_NULL
461 FCrypt algorithm used by RxRPC !! 339 select CRYPTO_RNG_DEFAULT
462 <<
463 See https://ota.polyonymo.us/fcrypt- <<
464 <<
465 config CRYPTO_KHAZAD <<
466 tristate "Khazad" <<
467 depends on CRYPTO_USER_API_ENABLE_OBSO <<
468 select CRYPTO_ALGAPI <<
469 help <<
470 Khazad cipher algorithm <<
471 <<
472 Khazad was a finalist in the initial <<
473 an algorithm optimized for 64-bit pr <<
474 on 32-bit processors. Khazad uses a <<
475 <<
476 See https://web.archive.org/web/2017 <<
477 for further information. <<
478 <<
479 config CRYPTO_SEED <<
480 tristate "SEED" <<
481 depends on CRYPTO_USER_API_ENABLE_OBSO <<
482 select CRYPTO_ALGAPI <<
483 help <<
484 SEED cipher algorithm (RFC4269, ISO/ <<
485 <<
486 SEED is a 128-bit symmetric key bloc <<
487 developed by KISA (Korea Information <<
488 national standard encryption algorit <<
489 It is a 16 round block cipher with t <<
490 <<
491 See https://seed.kisa.or.kr/kisa/alg <<
492 for further information. <<
493 <<
494 config CRYPTO_SERPENT <<
495 tristate "Serpent" <<
496 select CRYPTO_ALGAPI <<
497 help <<
498 Serpent cipher algorithm, by Anderso <<
499 <<
500 Keys are allowed to be from 0 to 256 <<
501 of 8 bits. <<
502 <<
503 See https://www.cl.cam.ac.uk/~rja14/ <<
504 <<
505 config CRYPTO_SM4 <<
506 tristate <<
507 <<
508 config CRYPTO_SM4_GENERIC <<
509 tristate "SM4 (ShangMi 4)" <<
510 select CRYPTO_ALGAPI <<
511 select CRYPTO_SM4 <<
512 help <<
513 SM4 cipher algorithms (OSCCA GB/T 32 <<
514 ISO/IEC 18033-3:2010/Amd 1:2021) <<
515 <<
516 SM4 (GBT.32907-2016) is a cryptograp <<
517 Organization of State Commercial Adm <<
518 as an authorized cryptographic algor <<
519 <<
520 SMS4 was originally created for use <<
521 networks, and is mandated in the Chi <<
522 Wireless LAN WAPI (Wired Authenticat <<
523 (GB.15629.11-2003). <<
524 <<
525 The latest SM4 standard (GBT.32907-2 <<
526 standardized through TC 260 of the S <<
527 of the People's Republic of China (S <<
528 <<
529 The input, output, and key of SMS4 a <<
530 <<
531 See https://eprint.iacr.org/2008/329 <<
532 <<
533 If unsure, say N. <<
534 <<
535 config CRYPTO_TEA <<
536 tristate "TEA, XTEA and XETA" <<
537 depends on CRYPTO_USER_API_ENABLE_OBSO <<
538 select CRYPTO_ALGAPI <<
539 help <<
540 TEA (Tiny Encryption Algorithm) ciph <<
541 <<
542 Tiny Encryption Algorithm is a simpl <<
543 many rounds for security. It is ver <<
544 little memory. <<
545 <<
546 Xtendend Tiny Encryption Algorithm i <<
547 the TEA algorithm to address a poten <<
548 in the TEA algorithm. <<
549 <<
550 Xtendend Encryption Tiny Algorithm i <<
551 of the XTEA algorithm for compatibil <<
552 <<
553 config CRYPTO_TWOFISH <<
554 tristate "Twofish" <<
555 select CRYPTO_ALGAPI <<
556 select CRYPTO_TWOFISH_COMMON <<
557 help <<
558 Twofish cipher algorithm <<
559 <<
560 Twofish was submitted as an AES (Adv <<
561 candidate cipher by researchers at C <<
562 16 round block cipher supporting key <<
563 bits. <<
564 <<
565 See https://www.schneier.com/twofish <<
566 <<
567 config CRYPTO_TWOFISH_COMMON <<
568 tristate <<
569 help <<
570 Common parts of the Twofish cipher a <<
571 generic c and the assembler implemen <<
572 <<
573 endmenu <<
574 <<
575 menu "Length-preserving ciphers and modes" <<
576 <<
577 config CRYPTO_ADIANTUM <<
578 tristate "Adiantum" <<
579 select CRYPTO_CHACHA20 <<
580 select CRYPTO_LIB_POLY1305_GENERIC <<
581 select CRYPTO_NHPOLY1305 <<
582 select CRYPTO_MANAGER 340 select CRYPTO_MANAGER
583 help 341 help
584 Adiantum tweakable, length-preservin !! 342 This IV generator generates an IV based on a sequence number by
585 !! 343 xoring it with a salt. This algorithm is mainly useful for CTR
586 Designed for fast and secure disk en <<
587 CPUs without dedicated crypto instru <<
588 each sector using the XChaCha12 stre <<
589 an ε-almost-∆-universal hash func <<
590 the AES-256 block cipher on a single <<
591 without AES instructions, Adiantum i <<
592 AES-XTS. <<
593 <<
594 Adiantum's security is provably redu <<
595 underlying stream and block ciphers, <<
596 bound. Unlike XTS, Adiantum is a tr <<
597 mode, so it actually provides an eve <<
598 security than XTS, subject to the se <<
599 <<
600 If unsure, say N. <<
601 344
602 config CRYPTO_ARC4 !! 345 config CRYPTO_ECHAINIV
603 tristate "ARC4 (Alleged Rivest Cipher !! 346 tristate "Encrypted Chain IV Generator"
604 depends on CRYPTO_USER_API_ENABLE_OBSO !! 347 select CRYPTO_AEAD
605 select CRYPTO_SKCIPHER !! 348 select CRYPTO_NULL
606 select CRYPTO_LIB_ARC4 !! 349 select CRYPTO_RNG_DEFAULT
>> 350 select CRYPTO_MANAGER
607 help 351 help
608 ARC4 cipher algorithm !! 352 This IV generator generates an IV based on the encryption of
>> 353 a sequence number xored with a salt. This is the default
>> 354 algorithm for CBC.
609 355
610 ARC4 is a stream cipher using keys r !! 356 comment "Block modes"
611 bits in length. This algorithm is r <<
612 WEP, but it should not be for other <<
613 weakness of the algorithm. <<
614 357
615 config CRYPTO_CHACHA20 !! 358 config CRYPTO_CBC
616 tristate "ChaCha" !! 359 tristate "CBC support"
617 select CRYPTO_LIB_CHACHA_GENERIC <<
618 select CRYPTO_SKCIPHER 360 select CRYPTO_SKCIPHER
>> 361 select CRYPTO_MANAGER
619 help 362 help
620 The ChaCha20, XChaCha20, and XChaCha !! 363 CBC: Cipher Block Chaining mode
621 !! 364 This block cipher algorithm is required for IPSec.
622 ChaCha20 is a 256-bit high-speed str <<
623 Bernstein and further specified in R <<
624 This is the portable C implementatio <<
625 https://cr.yp.to/chacha/chacha-20080 <<
626 365
627 XChaCha20 is the application of the !! 366 config CRYPTO_CFB
628 rather than to Salsa20. XChaCha20 e !! 367 tristate "CFB support"
629 from 64 bits (or 96 bits using the R <<
630 while provably retaining ChaCha20's <<
631 https://cr.yp.to/snuffle/xsalsa-2008 <<
632 <<
633 XChaCha12 is XChaCha20 reduced to 12 <<
634 reduced security margin but increase <<
635 in some performance-sensitive scenar <<
636 <<
637 config CRYPTO_CBC <<
638 tristate "CBC (Cipher Block Chaining)" <<
639 select CRYPTO_SKCIPHER 368 select CRYPTO_SKCIPHER
640 select CRYPTO_MANAGER 369 select CRYPTO_MANAGER
641 help 370 help
642 CBC (Cipher Block Chaining) mode (NI !! 371 CFB: Cipher FeedBack mode
643 !! 372 This block cipher algorithm is required for TPM2 Cryptography.
644 This block cipher mode is required f <<
645 373
646 config CRYPTO_CTR 374 config CRYPTO_CTR
647 tristate "CTR (Counter)" !! 375 tristate "CTR support"
648 select CRYPTO_SKCIPHER 376 select CRYPTO_SKCIPHER
>> 377 select CRYPTO_SEQIV
649 select CRYPTO_MANAGER 378 select CRYPTO_MANAGER
650 help 379 help
651 CTR (Counter) mode (NIST SP800-38A) !! 380 CTR: Counter mode
>> 381 This block cipher algorithm is required for IPSec.
652 382
653 config CRYPTO_CTS 383 config CRYPTO_CTS
654 tristate "CTS (Cipher Text Stealing)" !! 384 tristate "CTS support"
655 select CRYPTO_SKCIPHER 385 select CRYPTO_SKCIPHER
656 select CRYPTO_MANAGER 386 select CRYPTO_MANAGER
657 help 387 help
658 CBC-CS3 variant of CTS (Cipher Text !! 388 CTS: Cipher Text Stealing
659 Addendum to SP800-38A (October 2010) !! 389 This is the Cipher Text Stealing mode as described by
660 !! 390 Section 8 of rfc2040 and referenced by rfc3962
>> 391 (rfc3962 includes errata information in its Appendix A) or
>> 392 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
661 This mode is required for Kerberos g 393 This mode is required for Kerberos gss mechanism support
662 for AES encryption. 394 for AES encryption.
663 395
664 config CRYPTO_ECB !! 396 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
665 tristate "ECB (Electronic Codebook)" <<
666 select CRYPTO_SKCIPHER2 <<
667 select CRYPTO_MANAGER <<
668 help <<
669 ECB (Electronic Codebook) mode (NIST <<
670 397
671 config CRYPTO_HCTR2 !! 398 config CRYPTO_ECB
672 tristate "HCTR2" !! 399 tristate "ECB support"
673 select CRYPTO_XCTR <<
674 select CRYPTO_POLYVAL <<
675 select CRYPTO_MANAGER <<
676 help <<
677 HCTR2 length-preserving encryption m <<
678 <<
679 A mode for storage encryption that i <<
680 instructions to accelerate AES and c <<
681 x86 processors with AES-NI and CLMUL <<
682 ARMv8 crypto extensions. <<
683 <<
684 See https://eprint.iacr.org/2021/144 <<
685 <<
686 config CRYPTO_KEYWRAP <<
687 tristate "KW (AES Key Wrap)" <<
688 select CRYPTO_SKCIPHER 400 select CRYPTO_SKCIPHER
689 select CRYPTO_MANAGER 401 select CRYPTO_MANAGER
690 help 402 help
691 KW (AES Key Wrap) authenticated encr !! 403 ECB: Electronic CodeBook mode
692 and RFC3394) without padding. !! 404 This is the simplest block cipher algorithm. It simply encrypts
>> 405 the input block by block.
693 406
694 config CRYPTO_LRW 407 config CRYPTO_LRW
695 tristate "LRW (Liskov Rivest Wagner)" !! 408 tristate "LRW support"
696 select CRYPTO_LIB_GF128MUL <<
697 select CRYPTO_SKCIPHER 409 select CRYPTO_SKCIPHER
698 select CRYPTO_MANAGER 410 select CRYPTO_MANAGER
699 select CRYPTO_ECB !! 411 select CRYPTO_GF128MUL
700 help 412 help
701 LRW (Liskov Rivest Wagner) mode !! 413 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
702 <<
703 A tweakable, non malleable, non mova <<
704 narrow block cipher mode for dm-cryp 414 narrow block cipher mode for dm-crypt. Use it with cipher
705 specification string aes-lrw-benbi, 415 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
706 The first 128, 192 or 256 bits in th 416 The first 128, 192 or 256 bits in the key are used for AES and the
707 rest is used to tie each cipher bloc 417 rest is used to tie each cipher block to its logical position.
708 418
709 See https://people.csail.mit.edu/riv !! 419 config CRYPTO_OFB
710 !! 420 tristate "OFB support"
711 config CRYPTO_PCBC <<
712 tristate "PCBC (Propagating Cipher Blo <<
713 select CRYPTO_SKCIPHER 421 select CRYPTO_SKCIPHER
714 select CRYPTO_MANAGER 422 select CRYPTO_MANAGER
715 help 423 help
716 PCBC (Propagating Cipher Block Chain !! 424 OFB: the Output Feedback mode makes a block cipher into a synchronous
717 !! 425 stream cipher. It generates keystream blocks, which are then XORed
718 This block cipher mode is required f !! 426 with the plaintext blocks to get the ciphertext. Flipping a bit in the
>> 427 ciphertext produces a flipped bit in the plaintext at the same
>> 428 location. This property allows many error correcting codes to function
>> 429 normally even when applied before encryption.
719 430
720 config CRYPTO_XCTR !! 431 config CRYPTO_PCBC
721 tristate !! 432 tristate "PCBC support"
722 select CRYPTO_SKCIPHER 433 select CRYPTO_SKCIPHER
723 select CRYPTO_MANAGER 434 select CRYPTO_MANAGER
724 help 435 help
725 XCTR (XOR Counter) mode for HCTR2 !! 436 PCBC: Propagating Cipher Block Chaining mode
726 !! 437 This block cipher algorithm is required for RxRPC.
727 This blockcipher mode is a variant o <<
728 addition rather than big-endian arit <<
729 <<
730 XCTR mode is used to implement HCTR2 <<
731 438
732 config CRYPTO_XTS 439 config CRYPTO_XTS
733 tristate "XTS (XOR Encrypt XOR with ci !! 440 tristate "XTS support"
734 select CRYPTO_SKCIPHER 441 select CRYPTO_SKCIPHER
735 select CRYPTO_MANAGER 442 select CRYPTO_MANAGER
736 select CRYPTO_ECB 443 select CRYPTO_ECB
737 help 444 help
738 XTS (XOR Encrypt XOR with ciphertext !! 445 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
739 and IEEE 1619) !! 446 key size 256, 384 or 512 bits. This implementation currently
>> 447 can't handle a sectorsize which is not a multiple of 16 bytes.
740 448
741 Use with aes-xts-plain, key size 256 !! 449 config CRYPTO_KEYWRAP
742 implementation currently can't handl !! 450 tristate "Key wrapping support"
743 multiple of 16 bytes. !! 451 select CRYPTO_SKCIPHER
>> 452 select CRYPTO_MANAGER
>> 453 help
>> 454 Support for key wrapping (NIST SP800-38F / RFC3394) without
>> 455 padding.
744 456
745 config CRYPTO_NHPOLY1305 457 config CRYPTO_NHPOLY1305
746 tristate 458 tristate
747 select CRYPTO_HASH 459 select CRYPTO_HASH
748 select CRYPTO_LIB_POLY1305_GENERIC 460 select CRYPTO_LIB_POLY1305_GENERIC
749 461
750 endmenu !! 462 config CRYPTO_NHPOLY1305_SSE2
751 !! 463 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
752 menu "AEAD (authenticated encryption with asso !! 464 depends on X86 && 64BIT
753 !! 465 select CRYPTO_NHPOLY1305
754 config CRYPTO_AEGIS128 <<
755 tristate "AEGIS-128" <<
756 select CRYPTO_AEAD <<
757 select CRYPTO_AES # for AES S-box tab <<
758 help 466 help
759 AEGIS-128 AEAD algorithm !! 467 SSE2 optimized implementation of the hash function used by the
>> 468 Adiantum encryption mode.
760 469
761 config CRYPTO_AEGIS128_SIMD !! 470 config CRYPTO_NHPOLY1305_AVX2
762 bool "AEGIS-128 (arm NEON, arm64 NEON) !! 471 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
763 depends on CRYPTO_AEGIS128 && ((ARM || !! 472 depends on X86 && 64BIT
764 default y !! 473 select CRYPTO_NHPOLY1305
765 help 474 help
766 AEGIS-128 AEAD algorithm !! 475 AVX2 optimized implementation of the hash function used by the
>> 476 Adiantum encryption mode.
767 477
768 Architecture: arm or arm64 using: !! 478 config CRYPTO_ADIANTUM
769 - NEON (Advanced SIMD) extension !! 479 tristate "Adiantum support"
770 <<
771 config CRYPTO_CHACHA20POLY1305 <<
772 tristate "ChaCha20-Poly1305" <<
773 select CRYPTO_CHACHA20 480 select CRYPTO_CHACHA20
774 select CRYPTO_POLY1305 !! 481 select CRYPTO_LIB_POLY1305_GENERIC
775 select CRYPTO_AEAD !! 482 select CRYPTO_NHPOLY1305
776 select CRYPTO_MANAGER <<
777 help <<
778 ChaCha20 stream cipher and Poly1305 <<
779 mode (RFC8439) <<
780 <<
781 config CRYPTO_CCM <<
782 tristate "CCM (Counter with Cipher Blo <<
783 select CRYPTO_CTR <<
784 select CRYPTO_HASH <<
785 select CRYPTO_AEAD <<
786 select CRYPTO_MANAGER <<
787 help <<
788 CCM (Counter with Cipher Block Chain <<
789 authenticated encryption mode (NIST <<
790 <<
791 config CRYPTO_GCM <<
792 tristate "GCM (Galois/Counter Mode) an <<
793 select CRYPTO_CTR <<
794 select CRYPTO_AEAD <<
795 select CRYPTO_GHASH <<
796 select CRYPTO_NULL <<
797 select CRYPTO_MANAGER <<
798 help <<
799 GCM (Galois/Counter Mode) authentica <<
800 (GCM Message Authentication Code) (N <<
801 <<
802 This is required for IPSec ESP (XFRM <<
803 <<
804 config CRYPTO_GENIV <<
805 tristate <<
806 select CRYPTO_AEAD <<
807 select CRYPTO_NULL <<
808 select CRYPTO_MANAGER 483 select CRYPTO_MANAGER
809 select CRYPTO_RNG_DEFAULT <<
810 <<
811 config CRYPTO_SEQIV <<
812 tristate "Sequence Number IV Generator <<
813 select CRYPTO_GENIV <<
814 help 484 help
815 Sequence Number IV generator !! 485 Adiantum is a tweakable, length-preserving encryption mode
816 !! 486 designed for fast and secure disk encryption, especially on
817 This IV generator generates an IV ba !! 487 CPUs without dedicated crypto instructions. It encrypts
818 xoring it with a salt. This algorit !! 488 each sector using the XChaCha12 stream cipher, two passes of
819 !! 489 an ε-almost-∆-universal hash function, and an invocation of
820 This is required for IPsec ESP (XFRM !! 490 the AES-256 block cipher on a single 16-byte block. On CPUs
>> 491 without AES instructions, Adiantum is much faster than
>> 492 AES-XTS.
821 493
822 config CRYPTO_ECHAINIV !! 494 Adiantum's security is provably reducible to that of its
823 tristate "Encrypted Chain IV Generator !! 495 underlying stream and block ciphers, subject to a security
824 select CRYPTO_GENIV !! 496 bound. Unlike XTS, Adiantum is a true wide-block encryption
825 help !! 497 mode, so it actually provides an even stronger notion of
826 Encrypted Chain IV generator !! 498 security than XTS, subject to the security bound.
827 499
828 This IV generator generates an IV ba !! 500 If unsure, say N.
829 a sequence number xored with a salt. <<
830 algorithm for CBC. <<
831 501
832 config CRYPTO_ESSIV 502 config CRYPTO_ESSIV
833 tristate "Encrypted Salt-Sector IV Gen !! 503 tristate "ESSIV support for block encryption"
834 select CRYPTO_AUTHENC 504 select CRYPTO_AUTHENC
835 help 505 help
836 Encrypted Salt-Sector IV generator !! 506 Encrypted salt-sector initialization vector (ESSIV) is an IV
837 !! 507 generation method that is used in some cases by fscrypt and/or
838 This IV generator is used in some ca <<
839 dm-crypt. It uses the hash of the bl 508 dm-crypt. It uses the hash of the block encryption key as the
840 symmetric key for a block encryption 509 symmetric key for a block encryption pass applied to the input
841 IV, making low entropy IV sources mo 510 IV, making low entropy IV sources more suitable for block
842 encryption. 511 encryption.
843 512
844 This driver implements a crypto API 513 This driver implements a crypto API template that can be
845 instantiated either as an skcipher o 514 instantiated either as an skcipher or as an AEAD (depending on the
846 type of the first template argument) 515 type of the first template argument), and which defers encryption
847 and decryption requests to the encap 516 and decryption requests to the encapsulated cipher after applying
848 ESSIV to the input IV. Note that in 517 ESSIV to the input IV. Note that in the AEAD case, it is assumed
849 that the keys are presented in the s 518 that the keys are presented in the same format used by the authenc
850 template, and that the IV appears at 519 template, and that the IV appears at the end of the authenticated
851 associated data (AAD) region (which 520 associated data (AAD) region (which is how dm-crypt uses it.)
852 521
853 Note that the use of ESSIV is not re 522 Note that the use of ESSIV is not recommended for new deployments,
854 and so this only needs to be enabled 523 and so this only needs to be enabled when interoperability with
855 existing encrypted volumes of filesy 524 existing encrypted volumes of filesystems is required, or when
856 building for a particular system tha 525 building for a particular system that requires it (e.g., when
857 the SoC in question has accelerated 526 the SoC in question has accelerated CBC but not XTS, making CBC
858 combined with ESSIV the only feasibl 527 combined with ESSIV the only feasible mode for h/w accelerated
859 block encryption) 528 block encryption)
860 529
861 endmenu !! 530 comment "Hash modes"
862 531
863 menu "Hashes, digests, and MACs" !! 532 config CRYPTO_CMAC
>> 533 tristate "CMAC support"
>> 534 select CRYPTO_HASH
>> 535 select CRYPTO_MANAGER
>> 536 help
>> 537 Cipher-based Message Authentication Code (CMAC) specified by
>> 538 The National Institute of Standards and Technology (NIST).
864 539
865 config CRYPTO_BLAKE2B !! 540 https://tools.ietf.org/html/rfc4493
866 tristate "BLAKE2b" !! 541 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
>> 542
>> 543 config CRYPTO_HMAC
>> 544 tristate "HMAC support"
>> 545 select CRYPTO_HASH
>> 546 select CRYPTO_MANAGER
>> 547 help
>> 548 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
>> 549 This is required for IPSec.
>> 550
>> 551 config CRYPTO_XCBC
>> 552 tristate "XCBC support"
>> 553 select CRYPTO_HASH
>> 554 select CRYPTO_MANAGER
>> 555 help
>> 556 XCBC: Keyed-Hashing with encryption algorithm
>> 557 http://www.ietf.org/rfc/rfc3566.txt
>> 558 http://csrc.nist.gov/encryption/modes/proposedmodes/
>> 559 xcbc-mac/xcbc-mac-spec.pdf
>> 560
>> 561 config CRYPTO_VMAC
>> 562 tristate "VMAC support"
>> 563 select CRYPTO_HASH
>> 564 select CRYPTO_MANAGER
>> 565 help
>> 566 VMAC is a message authentication algorithm designed for
>> 567 very high speed on 64-bit architectures.
>> 568
>> 569 See also:
>> 570 <http://fastcrypto.org/vmac>
>> 571
>> 572 comment "Digest"
>> 573
>> 574 config CRYPTO_CRC32C
>> 575 tristate "CRC32c CRC algorithm"
>> 576 select CRYPTO_HASH
>> 577 select CRC32
>> 578 help
>> 579 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
>> 580 by iSCSI for header and data digests and by others.
>> 581 See Castagnoli93. Module will be crc32c.
>> 582
>> 583 config CRYPTO_CRC32C_INTEL
>> 584 tristate "CRC32c INTEL hardware acceleration"
>> 585 depends on X86
>> 586 select CRYPTO_HASH
>> 587 help
>> 588 In Intel processor with SSE4.2 supported, the processor will
>> 589 support CRC32C implementation using hardware accelerated CRC32
>> 590 instruction. This option will create 'crc32c-intel' module,
>> 591 which will enable any routine to use the CRC32 instruction to
>> 592 gain performance compared with software implementation.
>> 593 Module will be crc32c-intel.
>> 594
>> 595 config CRYPTO_CRC32C_VPMSUM
>> 596 tristate "CRC32c CRC algorithm (powerpc64)"
>> 597 depends on PPC64 && ALTIVEC
>> 598 select CRYPTO_HASH
>> 599 select CRC32
>> 600 help
>> 601 CRC32c algorithm implemented using vector polynomial multiply-sum
>> 602 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
>> 603 and newer processors for improved performance.
>> 604
>> 605
>> 606 config CRYPTO_CRC32C_SPARC64
>> 607 tristate "CRC32c CRC algorithm (SPARC64)"
>> 608 depends on SPARC64
>> 609 select CRYPTO_HASH
>> 610 select CRC32
>> 611 help
>> 612 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
>> 613 when available.
>> 614
>> 615 config CRYPTO_CRC32
>> 616 tristate "CRC32 CRC algorithm"
867 select CRYPTO_HASH 617 select CRYPTO_HASH
>> 618 select CRC32
>> 619 help
>> 620 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
>> 621 Shash crypto api wrappers to crc32_le function.
>> 622
>> 623 config CRYPTO_CRC32_PCLMUL
>> 624 tristate "CRC32 PCLMULQDQ hardware acceleration"
>> 625 depends on X86
>> 626 select CRYPTO_HASH
>> 627 select CRC32
>> 628 help
>> 629 From Intel Westmere and AMD Bulldozer processor with SSE4.2
>> 630 and PCLMULQDQ supported, the processor will support
>> 631 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
>> 632 instruction. This option will create 'crc32-pclmul' module,
>> 633 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
>> 634 and gain better performance as compared with the table implementation.
>> 635
>> 636 config CRYPTO_CRC32_MIPS
>> 637 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
>> 638 depends on MIPS_CRC_SUPPORT
>> 639 select CRYPTO_HASH
>> 640 help
>> 641 CRC32c and CRC32 CRC algorithms implemented using mips crypto
>> 642 instructions, when available.
>> 643
>> 644
>> 645 config CRYPTO_XXHASH
>> 646 tristate "xxHash hash algorithm"
>> 647 select CRYPTO_HASH
>> 648 select XXHASH
868 help 649 help
869 BLAKE2b cryptographic hash function !! 650 xxHash non-cryptographic hash algorithm. Extremely fast, working at
>> 651 speeds close to RAM limits.
870 652
871 BLAKE2b is optimized for 64-bit plat !! 653 config CRYPTO_BLAKE2B
872 of any size between 1 and 64 bytes. !! 654 tristate "BLAKE2b digest algorithm"
>> 655 select CRYPTO_HASH
>> 656 help
>> 657 Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
>> 658 optimized for 64bit platforms and can produce digests of any size
>> 659 between 1 to 64. The keyed hash is also implemented.
873 660
874 This module provides the following a 661 This module provides the following algorithms:
>> 662
875 - blake2b-160 663 - blake2b-160
876 - blake2b-256 664 - blake2b-256
877 - blake2b-384 665 - blake2b-384
878 - blake2b-512 666 - blake2b-512
879 667
880 Used by the btrfs filesystem. !! 668 See https://blake2.net for further information.
>> 669
>> 670 config CRYPTO_BLAKE2S
>> 671 tristate "BLAKE2s digest algorithm"
>> 672 select CRYPTO_LIB_BLAKE2S_GENERIC
>> 673 select CRYPTO_HASH
>> 674 help
>> 675 Implementation of cryptographic hash function BLAKE2s
>> 676 optimized for 8-32bit platforms and can produce digests of any size
>> 677 between 1 to 32. The keyed hash is also implemented.
>> 678
>> 679 This module provides the following algorithms:
>> 680
>> 681 - blake2s-128
>> 682 - blake2s-160
>> 683 - blake2s-224
>> 684 - blake2s-256
881 685
882 See https://blake2.net for further i 686 See https://blake2.net for further information.
883 687
884 config CRYPTO_CMAC !! 688 config CRYPTO_BLAKE2S_X86
885 tristate "CMAC (Cipher-based MAC)" !! 689 tristate "BLAKE2s digest algorithm (x86 accelerated version)"
>> 690 depends on X86 && 64BIT
>> 691 select CRYPTO_LIB_BLAKE2S_GENERIC
>> 692 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
>> 693
>> 694 config CRYPTO_CRCT10DIF
>> 695 tristate "CRCT10DIF algorithm"
>> 696 select CRYPTO_HASH
>> 697 help
>> 698 CRC T10 Data Integrity Field computation is being cast as
>> 699 a crypto transform. This allows for faster crc t10 diff
>> 700 transforms to be used if they are available.
>> 701
>> 702 config CRYPTO_CRCT10DIF_PCLMUL
>> 703 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
>> 704 depends on X86 && 64BIT && CRC_T10DIF
886 select CRYPTO_HASH 705 select CRYPTO_HASH
887 select CRYPTO_MANAGER <<
888 help 706 help
889 CMAC (Cipher-based Message Authentic !! 707 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
890 mode (NIST SP800-38B and IETF RFC449 !! 708 CRC T10 DIF PCLMULQDQ computation can be hardware
>> 709 accelerated PCLMULQDQ instruction. This option will create
>> 710 'crct10dif-pclmul' module, which is faster when computing the
>> 711 crct10dif checksum as compared with the generic table implementation.
>> 712
>> 713 config CRYPTO_CRCT10DIF_VPMSUM
>> 714 tristate "CRC32T10DIF powerpc64 hardware acceleration"
>> 715 depends on PPC64 && ALTIVEC && CRC_T10DIF
>> 716 select CRYPTO_HASH
>> 717 help
>> 718 CRC10T10DIF algorithm implemented using vector polynomial
>> 719 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
>> 720 POWER8 and newer processors for improved performance.
>> 721
>> 722 config CRYPTO_VPMSUM_TESTER
>> 723 tristate "Powerpc64 vpmsum hardware acceleration tester"
>> 724 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
>> 725 help
>> 726 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
>> 727 POWER8 vpmsum instructions.
>> 728 Unless you are testing these algorithms, you don't need this.
891 729
892 config CRYPTO_GHASH 730 config CRYPTO_GHASH
893 tristate "GHASH" !! 731 tristate "GHASH hash function"
>> 732 select CRYPTO_GF128MUL
894 select CRYPTO_HASH 733 select CRYPTO_HASH
895 select CRYPTO_LIB_GF128MUL <<
896 help 734 help
897 GCM GHASH function (NIST SP800-38D) !! 735 GHASH is the hash function used in GCM (Galois/Counter Mode).
>> 736 It is not a general-purpose cryptographic hash function.
898 737
899 config CRYPTO_HMAC !! 738 config CRYPTO_POLY1305
900 tristate "HMAC (Keyed-Hash MAC)" !! 739 tristate "Poly1305 authenticator algorithm"
901 select CRYPTO_HASH 740 select CRYPTO_HASH
902 select CRYPTO_MANAGER !! 741 select CRYPTO_LIB_POLY1305_GENERIC
>> 742 help
>> 743 Poly1305 authenticator algorithm, RFC7539.
>> 744
>> 745 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
>> 746 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
>> 747 in IETF protocols. This is the portable C implementation of Poly1305.
>> 748
>> 749 config CRYPTO_POLY1305_X86_64
>> 750 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
>> 751 depends on X86 && 64BIT
>> 752 select CRYPTO_LIB_POLY1305_GENERIC
>> 753 select CRYPTO_ARCH_HAVE_LIB_POLY1305
903 help 754 help
904 HMAC (Keyed-Hash Message Authenticat !! 755 Poly1305 authenticator algorithm, RFC7539.
905 RFC2104) !! 756
>> 757 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
>> 758 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
>> 759 in IETF protocols. This is the x86_64 assembler implementation using SIMD
>> 760 instructions.
906 761
907 This is required for IPsec AH (XFRM_ !! 762 config CRYPTO_POLY1305_MIPS
>> 763 tristate "Poly1305 authenticator algorithm (MIPS optimized)"
>> 764 depends on CPU_MIPS32 || (CPU_MIPS64 && 64BIT)
>> 765 select CRYPTO_ARCH_HAVE_LIB_POLY1305
908 766
909 config CRYPTO_MD4 767 config CRYPTO_MD4
910 tristate "MD4" !! 768 tristate "MD4 digest algorithm"
911 select CRYPTO_HASH 769 select CRYPTO_HASH
912 help 770 help
913 MD4 message digest algorithm (RFC132 !! 771 MD4 message digest algorithm (RFC1320).
914 772
915 config CRYPTO_MD5 773 config CRYPTO_MD5
916 tristate "MD5" !! 774 tristate "MD5 digest algorithm"
917 select CRYPTO_HASH 775 select CRYPTO_HASH
918 help 776 help
919 MD5 message digest algorithm (RFC132 !! 777 MD5 message digest algorithm (RFC1321).
920 778
921 config CRYPTO_MICHAEL_MIC !! 779 config CRYPTO_MD5_OCTEON
922 tristate "Michael MIC" !! 780 tristate "MD5 digest algorithm (OCTEON)"
>> 781 depends on CPU_CAVIUM_OCTEON
>> 782 select CRYPTO_MD5
923 select CRYPTO_HASH 783 select CRYPTO_HASH
924 help 784 help
925 Michael MIC (Message Integrity Code) !! 785 MD5 message digest algorithm (RFC1321) implemented
926 !! 786 using OCTEON crypto instructions, when available.
927 Defined by the IEEE 802.11i TKIP (Te <<
928 known as WPA (Wif-Fi Protected Acces <<
929 787
930 This algorithm is required for TKIP, !! 788 config CRYPTO_MD5_PPC
931 other purposes because of the weakne !! 789 tristate "MD5 digest algorithm (PPC)"
>> 790 depends on PPC
>> 791 select CRYPTO_HASH
>> 792 help
>> 793 MD5 message digest algorithm (RFC1321) implemented
>> 794 in PPC assembler.
932 795
933 config CRYPTO_POLYVAL !! 796 config CRYPTO_MD5_SPARC64
934 tristate !! 797 tristate "MD5 digest algorithm (SPARC64)"
>> 798 depends on SPARC64
>> 799 select CRYPTO_MD5
935 select CRYPTO_HASH 800 select CRYPTO_HASH
936 select CRYPTO_LIB_GF128MUL <<
937 help 801 help
938 POLYVAL hash function for HCTR2 !! 802 MD5 message digest algorithm (RFC1321) implemented
>> 803 using sparc64 crypto instructions, when available.
939 804
940 This is used in HCTR2. It is not a !! 805 config CRYPTO_MICHAEL_MIC
941 cryptographic hash function. !! 806 tristate "Michael MIC keyed digest algorithm"
>> 807 select CRYPTO_HASH
>> 808 help
>> 809 Michael MIC is used for message integrity protection in TKIP
>> 810 (IEEE 802.11i). This algorithm is required for TKIP, but it
>> 811 should not be used for other purposes because of the weakness
>> 812 of the algorithm.
942 813
943 config CRYPTO_POLY1305 !! 814 config CRYPTO_RMD128
944 tristate "Poly1305" !! 815 tristate "RIPEMD-128 digest algorithm"
945 select CRYPTO_HASH 816 select CRYPTO_HASH
946 select CRYPTO_LIB_POLY1305_GENERIC <<
947 help 817 help
948 Poly1305 authenticator algorithm (RF !! 818 RIPEMD-128 (ISO/IEC 10118-3:2004).
949 819
950 Poly1305 is an authenticator algorit !! 820 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
951 It is used for the ChaCha20-Poly1305 !! 821 be used as a secure replacement for RIPEMD. For other use cases,
952 in IETF protocols. This is the porta !! 822 RIPEMD-160 should be used.
>> 823
>> 824 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
>> 825 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
953 826
954 config CRYPTO_RMD160 827 config CRYPTO_RMD160
955 tristate "RIPEMD-160" !! 828 tristate "RIPEMD-160 digest algorithm"
956 select CRYPTO_HASH 829 select CRYPTO_HASH
957 help 830 help
958 RIPEMD-160 hash function (ISO/IEC 10 !! 831 RIPEMD-160 (ISO/IEC 10118-3:2004).
959 832
960 RIPEMD-160 is a 160-bit cryptographi 833 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
961 to be used as a secure replacement f 834 to be used as a secure replacement for the 128-bit hash functions
962 MD4, MD5 and its predecessor RIPEMD !! 835 MD4, MD5 and it's predecessor RIPEMD
963 (not to be confused with RIPEMD-128) 836 (not to be confused with RIPEMD-128).
964 837
965 Its speed is comparable to SHA-1 and !! 838 It's speed is comparable to SHA1 and there are no known attacks
966 against RIPEMD-160. 839 against RIPEMD-160.
967 840
968 Developed by Hans Dobbertin, Antoon 841 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
969 See https://homes.esat.kuleuven.be/~ !! 842 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
970 for further information. !! 843
>> 844 config CRYPTO_RMD256
>> 845 tristate "RIPEMD-256 digest algorithm"
>> 846 select CRYPTO_HASH
>> 847 help
>> 848 RIPEMD-256 is an optional extension of RIPEMD-128 with a
>> 849 256 bit hash. It is intended for applications that require
>> 850 longer hash-results, without needing a larger security level
>> 851 (than RIPEMD-128).
>> 852
>> 853 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
>> 854 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
>> 855
>> 856 config CRYPTO_RMD320
>> 857 tristate "RIPEMD-320 digest algorithm"
>> 858 select CRYPTO_HASH
>> 859 help
>> 860 RIPEMD-320 is an optional extension of RIPEMD-160 with a
>> 861 320 bit hash. It is intended for applications that require
>> 862 longer hash-results, without needing a larger security level
>> 863 (than RIPEMD-160).
>> 864
>> 865 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
>> 866 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
971 867
972 config CRYPTO_SHA1 868 config CRYPTO_SHA1
973 tristate "SHA-1" !! 869 tristate "SHA1 digest algorithm"
974 select CRYPTO_HASH 870 select CRYPTO_HASH
975 select CRYPTO_LIB_SHA1 <<
976 help 871 help
977 SHA-1 secure hash algorithm (FIPS 18 !! 872 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
>> 873
>> 874 config CRYPTO_SHA1_SSSE3
>> 875 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
>> 876 depends on X86 && 64BIT
>> 877 select CRYPTO_SHA1
>> 878 select CRYPTO_HASH
>> 879 help
>> 880 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 881 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
>> 882 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
>> 883 when available.
>> 884
>> 885 config CRYPTO_SHA256_SSSE3
>> 886 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
>> 887 depends on X86 && 64BIT
>> 888 select CRYPTO_SHA256
>> 889 select CRYPTO_HASH
>> 890 help
>> 891 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 892 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 893 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 894 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
>> 895 Instructions) when available.
>> 896
>> 897 config CRYPTO_SHA512_SSSE3
>> 898 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
>> 899 depends on X86 && 64BIT
>> 900 select CRYPTO_SHA512
>> 901 select CRYPTO_HASH
>> 902 help
>> 903 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 904 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 905 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 906 version 2 (AVX2) instructions, when available.
>> 907
>> 908 config CRYPTO_SHA1_OCTEON
>> 909 tristate "SHA1 digest algorithm (OCTEON)"
>> 910 depends on CPU_CAVIUM_OCTEON
>> 911 select CRYPTO_SHA1
>> 912 select CRYPTO_HASH
>> 913 help
>> 914 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 915 using OCTEON crypto instructions, when available.
>> 916
>> 917 config CRYPTO_SHA1_SPARC64
>> 918 tristate "SHA1 digest algorithm (SPARC64)"
>> 919 depends on SPARC64
>> 920 select CRYPTO_SHA1
>> 921 select CRYPTO_HASH
>> 922 help
>> 923 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 924 using sparc64 crypto instructions, when available.
>> 925
>> 926 config CRYPTO_SHA1_PPC
>> 927 tristate "SHA1 digest algorithm (powerpc)"
>> 928 depends on PPC
>> 929 help
>> 930 This is the powerpc hardware accelerated implementation of the
>> 931 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
>> 932
>> 933 config CRYPTO_SHA1_PPC_SPE
>> 934 tristate "SHA1 digest algorithm (PPC SPE)"
>> 935 depends on PPC && SPE
>> 936 help
>> 937 SHA-1 secure hash standard (DFIPS 180-4) implemented
>> 938 using powerpc SPE SIMD instruction set.
978 939
979 config CRYPTO_SHA256 940 config CRYPTO_SHA256
980 tristate "SHA-224 and SHA-256" !! 941 tristate "SHA224 and SHA256 digest algorithm"
981 select CRYPTO_HASH 942 select CRYPTO_HASH
982 select CRYPTO_LIB_SHA256 943 select CRYPTO_LIB_SHA256
983 help 944 help
984 SHA-224 and SHA-256 secure hash algo !! 945 SHA256 secure hash standard (DFIPS 180-2).
>> 946
>> 947 This version of SHA implements a 256 bit hash with 128 bits of
>> 948 security against collision attacks.
>> 949
>> 950 This code also includes SHA-224, a 224 bit hash with 112 bits
>> 951 of security against collision attacks.
>> 952
>> 953 config CRYPTO_SHA256_PPC_SPE
>> 954 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
>> 955 depends on PPC && SPE
>> 956 select CRYPTO_SHA256
>> 957 select CRYPTO_HASH
>> 958 help
>> 959 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
>> 960 implemented using powerpc SPE SIMD instruction set.
>> 961
>> 962 config CRYPTO_SHA256_OCTEON
>> 963 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
>> 964 depends on CPU_CAVIUM_OCTEON
>> 965 select CRYPTO_SHA256
>> 966 select CRYPTO_HASH
>> 967 help
>> 968 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 969 using OCTEON crypto instructions, when available.
985 970
986 This is required for IPsec AH (XFRM_ !! 971 config CRYPTO_SHA256_SPARC64
987 Used by the btrfs filesystem, Ceph, !! 972 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
>> 973 depends on SPARC64
>> 974 select CRYPTO_SHA256
>> 975 select CRYPTO_HASH
>> 976 help
>> 977 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 978 using sparc64 crypto instructions, when available.
988 979
989 config CRYPTO_SHA512 980 config CRYPTO_SHA512
990 tristate "SHA-384 and SHA-512" !! 981 tristate "SHA384 and SHA512 digest algorithms"
991 select CRYPTO_HASH 982 select CRYPTO_HASH
992 help 983 help
993 SHA-384 and SHA-512 secure hash algo !! 984 SHA512 secure hash standard (DFIPS 180-2).
994 985
995 config CRYPTO_SHA3 !! 986 This version of SHA implements a 512 bit hash with 256 bits of
996 tristate "SHA-3" !! 987 security against collision attacks.
>> 988
>> 989 This code also includes SHA-384, a 384 bit hash with 192 bits
>> 990 of security against collision attacks.
>> 991
>> 992 config CRYPTO_SHA512_OCTEON
>> 993 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
>> 994 depends on CPU_CAVIUM_OCTEON
>> 995 select CRYPTO_SHA512
997 select CRYPTO_HASH 996 select CRYPTO_HASH
998 help 997 help
999 SHA-3 secure hash algorithms (FIPS 2 !! 998 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 999 using OCTEON crypto instructions, when available.
1000 1000
1001 config CRYPTO_SM3 !! 1001 config CRYPTO_SHA512_SPARC64
1002 tristate !! 1002 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
>> 1003 depends on SPARC64
>> 1004 select CRYPTO_SHA512
>> 1005 select CRYPTO_HASH
>> 1006 help
>> 1007 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 1008 using sparc64 crypto instructions, when available.
1003 1009
1004 config CRYPTO_SM3_GENERIC !! 1010 config CRYPTO_SHA3
1005 tristate "SM3 (ShangMi 3)" !! 1011 tristate "SHA3 digest algorithm"
1006 select CRYPTO_HASH 1012 select CRYPTO_HASH
1007 select CRYPTO_SM3 <<
1008 help 1013 help
1009 SM3 (ShangMi 3) secure hash functio !! 1014 SHA-3 secure hash standard (DFIPS 202). It's based on
>> 1015 cryptographic sponge function family called Keccak.
>> 1016
>> 1017 References:
>> 1018 http://keccak.noekeon.org/
1010 1019
1011 This is part of the Chinese Commerc !! 1020 config CRYPTO_SM3
>> 1021 tristate "SM3 digest algorithm"
>> 1022 select CRYPTO_HASH
>> 1023 help
>> 1024 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
>> 1025 It is part of the Chinese Commercial Cryptography suite.
1012 1026
1013 References: 1027 References:
1014 http://www.oscca.gov.cn/UpFile/2010 1028 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1015 https://datatracker.ietf.org/doc/ht 1029 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1016 1030
1017 config CRYPTO_STREEBOG 1031 config CRYPTO_STREEBOG
1018 tristate "Streebog" !! 1032 tristate "Streebog Hash Function"
1019 select CRYPTO_HASH 1033 select CRYPTO_HASH
1020 help 1034 help
1021 Streebog Hash Function (GOST R 34.1 !! 1035 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1022 !! 1036 cryptographic standard algorithms (called GOST algorithms).
1023 This is one of the Russian cryptogr !! 1037 This setting enables two hash algorithms with 256 and 512 bits output.
1024 GOST algorithms). This setting enab <<
1025 256 and 512 bits output. <<
1026 1038
1027 References: 1039 References:
1028 https://tc26.ru/upload/iblock/fed/f 1040 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1029 https://tools.ietf.org/html/rfc6986 1041 https://tools.ietf.org/html/rfc6986
1030 1042
1031 config CRYPTO_VMAC !! 1043 config CRYPTO_TGR192
1032 tristate "VMAC" !! 1044 tristate "Tiger digest algorithms"
1033 select CRYPTO_HASH 1045 select CRYPTO_HASH
1034 select CRYPTO_MANAGER <<
1035 help 1046 help
1036 VMAC is a message authentication al !! 1047 Tiger hash algorithm 192, 160 and 128-bit hashes
1037 very high speed on 64-bit architect !! 1048
>> 1049 Tiger is a hash function optimized for 64-bit processors while
>> 1050 still having decent performance on 32-bit processors.
>> 1051 Tiger was developed by Ross Anderson and Eli Biham.
1038 1052
1039 See https://fastcrypto.org/vmac for !! 1053 See also:
>> 1054 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
1040 1055
1041 config CRYPTO_WP512 1056 config CRYPTO_WP512
1042 tristate "Whirlpool" !! 1057 tristate "Whirlpool digest algorithms"
1043 select CRYPTO_HASH 1058 select CRYPTO_HASH
1044 help 1059 help
1045 Whirlpool hash function (ISO/IEC 10 !! 1060 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1046 <<
1047 512, 384 and 256-bit hashes. <<
1048 1061
1049 Whirlpool-512 is part of the NESSIE 1062 Whirlpool-512 is part of the NESSIE cryptographic primitives.
>> 1063 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1050 1064
1051 See https://web.archive.org/web/201 !! 1065 See also:
1052 for further information. !! 1066 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1053 1067
1054 config CRYPTO_XCBC !! 1068 config CRYPTO_GHASH_CLMUL_NI_INTEL
1055 tristate "XCBC-MAC (Extended Cipher B !! 1069 tristate "GHASH hash function (CLMUL-NI accelerated)"
1056 select CRYPTO_HASH !! 1070 depends on X86 && 64BIT
1057 select CRYPTO_MANAGER !! 1071 select CRYPTO_CRYPTD
1058 help 1072 help
1059 XCBC-MAC (Extended Cipher Block Cha !! 1073 This is the x86_64 CLMUL-NI accelerated implementation of
1060 Code) (RFC3566) !! 1074 GHASH, the hash function used in GCM (Galois/Counter mode).
1061 1075
1062 config CRYPTO_XXHASH !! 1076 comment "Ciphers"
1063 tristate "xxHash" !! 1077
1064 select CRYPTO_HASH !! 1078 config CRYPTO_AES
1065 select XXHASH !! 1079 tristate "AES cipher algorithms"
>> 1080 select CRYPTO_ALGAPI
>> 1081 select CRYPTO_LIB_AES
1066 help 1082 help
1067 xxHash non-cryptographic hash algor !! 1083 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1084 algorithm.
1068 1085
1069 Extremely fast, working at speeds c !! 1086 Rijndael appears to be consistently a very good performer in
>> 1087 both hardware and software across a wide range of computing
>> 1088 environments regardless of its use in feedback or non-feedback
>> 1089 modes. Its key setup time is excellent, and its key agility is
>> 1090 good. Rijndael's very low memory requirements make it very well
>> 1091 suited for restricted-space environments, in which it also
>> 1092 demonstrates excellent performance. Rijndael's operations are
>> 1093 among the easiest to defend against power and timing attacks.
1070 1094
1071 Used by the btrfs filesystem. !! 1095 The AES specifies three key sizes: 128, 192 and 256 bits
1072 1096
1073 endmenu !! 1097 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1074 1098
1075 menu "CRCs (cyclic redundancy checks)" !! 1099 config CRYPTO_AES_TI
>> 1100 tristate "Fixed time AES cipher"
>> 1101 select CRYPTO_ALGAPI
>> 1102 select CRYPTO_LIB_AES
>> 1103 help
>> 1104 This is a generic implementation of AES that attempts to eliminate
>> 1105 data dependent latencies as much as possible without affecting
>> 1106 performance too much. It is intended for use by the generic CCM
>> 1107 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
>> 1108 solely on encryption (although decryption is supported as well, but
>> 1109 with a more dramatic performance hit)
1076 1110
1077 config CRYPTO_CRC32C !! 1111 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1078 tristate "CRC32c" !! 1112 8 for decryption), this implementation only uses just two S-boxes of
1079 select CRYPTO_HASH !! 1113 256 bytes each, and attempts to eliminate data dependent latencies by
1080 select CRC32 !! 1114 prefetching the entire table into the cache at the start of each
>> 1115 block. Interrupts are also disabled to avoid races where cachelines
>> 1116 are evicted when the CPU is interrupted to do something else.
>> 1117
>> 1118 config CRYPTO_AES_NI_INTEL
>> 1119 tristate "AES cipher algorithms (AES-NI)"
>> 1120 depends on X86
>> 1121 select CRYPTO_AEAD
>> 1122 select CRYPTO_LIB_AES
>> 1123 select CRYPTO_ALGAPI
>> 1124 select CRYPTO_SKCIPHER
>> 1125 select CRYPTO_GLUE_HELPER_X86 if 64BIT
>> 1126 select CRYPTO_SIMD
1081 help 1127 help
1082 CRC32c CRC algorithm with the iSCSI !! 1128 Use Intel AES-NI instructions for AES algorithm.
1083 1129
1084 A 32-bit CRC (cyclic redundancy che !! 1130 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1085 by G. Castagnoli, S. Braeuer and M. !! 1131 algorithm.
1086 Redundancy-Check Codes with 24 and <<
1087 on Communications, Vol. 41, No. 6, <<
1088 iSCSI. <<
1089 1132
1090 Used by btrfs, ext4, jbd2, NVMeoF/T !! 1133 Rijndael appears to be consistently a very good performer in
>> 1134 both hardware and software across a wide range of computing
>> 1135 environments regardless of its use in feedback or non-feedback
>> 1136 modes. Its key setup time is excellent, and its key agility is
>> 1137 good. Rijndael's very low memory requirements make it very well
>> 1138 suited for restricted-space environments, in which it also
>> 1139 demonstrates excellent performance. Rijndael's operations are
>> 1140 among the easiest to defend against power and timing attacks.
1091 1141
1092 config CRYPTO_CRC32 !! 1142 The AES specifies three key sizes: 128, 192 and 256 bits
1093 tristate "CRC32" !! 1143
1094 select CRYPTO_HASH !! 1144 See <http://csrc.nist.gov/encryption/aes/> for more information.
1095 select CRC32 !! 1145
>> 1146 In addition to AES cipher algorithm support, the acceleration
>> 1147 for some popular block cipher mode is supported too, including
>> 1148 ECB, CBC, LRW, XTS. The 64 bit version has additional
>> 1149 acceleration for CTR.
>> 1150
>> 1151 config CRYPTO_AES_SPARC64
>> 1152 tristate "AES cipher algorithms (SPARC64)"
>> 1153 depends on SPARC64
>> 1154 select CRYPTO_SKCIPHER
1096 help 1155 help
1097 CRC32 CRC algorithm (IEEE 802.3) !! 1156 Use SPARC64 crypto opcodes for AES algorithm.
1098 1157
1099 Used by RoCEv2 and f2fs. !! 1158 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1159 algorithm.
1100 1160
1101 config CRYPTO_CRCT10DIF !! 1161 Rijndael appears to be consistently a very good performer in
1102 tristate "CRCT10DIF" !! 1162 both hardware and software across a wide range of computing
1103 select CRYPTO_HASH !! 1163 environments regardless of its use in feedback or non-feedback
>> 1164 modes. Its key setup time is excellent, and its key agility is
>> 1165 good. Rijndael's very low memory requirements make it very well
>> 1166 suited for restricted-space environments, in which it also
>> 1167 demonstrates excellent performance. Rijndael's operations are
>> 1168 among the easiest to defend against power and timing attacks.
>> 1169
>> 1170 The AES specifies three key sizes: 128, 192 and 256 bits
>> 1171
>> 1172 See <http://csrc.nist.gov/encryption/aes/> for more information.
>> 1173
>> 1174 In addition to AES cipher algorithm support, the acceleration
>> 1175 for some popular block cipher mode is supported too, including
>> 1176 ECB and CBC.
>> 1177
>> 1178 config CRYPTO_AES_PPC_SPE
>> 1179 tristate "AES cipher algorithms (PPC SPE)"
>> 1180 depends on PPC && SPE
>> 1181 select CRYPTO_SKCIPHER
1104 help 1182 help
1105 CRC16 CRC algorithm used for the T1 !! 1183 AES cipher algorithms (FIPS-197). Additionally the acceleration
>> 1184 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
>> 1185 This module should only be used for low power (router) devices
>> 1186 without hardware AES acceleration (e.g. caam crypto). It reduces the
>> 1187 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
>> 1188 timining attacks. Nevertheless it might be not as secure as other
>> 1189 architecture specific assembler implementations that work on 1KB
>> 1190 tables or 256 bytes S-boxes.
1106 1191
1107 CRC algorithm used by the SCSI Bloc !! 1192 config CRYPTO_ANUBIS
>> 1193 tristate "Anubis cipher algorithm"
>> 1194 select CRYPTO_ALGAPI
>> 1195 help
>> 1196 Anubis cipher algorithm.
1108 1197
1109 config CRYPTO_CRC64_ROCKSOFT !! 1198 Anubis is a variable key length cipher which can use keys from
1110 tristate "CRC64 based on Rocksoft Mod !! 1199 128 bits to 320 bits in length. It was evaluated as a entrant
1111 depends on CRC64 !! 1200 in the NESSIE competition.
1112 select CRYPTO_HASH !! 1201
>> 1202 See also:
>> 1203 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
>> 1204 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
>> 1205
>> 1206 config CRYPTO_ARC4
>> 1207 tristate "ARC4 cipher algorithm"
>> 1208 select CRYPTO_SKCIPHER
>> 1209 select CRYPTO_LIB_ARC4
>> 1210 help
>> 1211 ARC4 cipher algorithm.
>> 1212
>> 1213 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
>> 1214 bits in length. This algorithm is required for driver-based
>> 1215 WEP, but it should not be for other purposes because of the
>> 1216 weakness of the algorithm.
>> 1217
>> 1218 config CRYPTO_BLOWFISH
>> 1219 tristate "Blowfish cipher algorithm"
>> 1220 select CRYPTO_ALGAPI
>> 1221 select CRYPTO_BLOWFISH_COMMON
>> 1222 help
>> 1223 Blowfish cipher algorithm, by Bruce Schneier.
>> 1224
>> 1225 This is a variable key length cipher which can use keys from 32
>> 1226 bits to 448 bits in length. It's fast, simple and specifically
>> 1227 designed for use on "large microprocessors".
>> 1228
>> 1229 See also:
>> 1230 <http://www.schneier.com/blowfish.html>
>> 1231
>> 1232 config CRYPTO_BLOWFISH_COMMON
>> 1233 tristate
>> 1234 help
>> 1235 Common parts of the Blowfish cipher algorithm shared by the
>> 1236 generic c and the assembler implementations.
>> 1237
>> 1238 See also:
>> 1239 <http://www.schneier.com/blowfish.html>
>> 1240
>> 1241 config CRYPTO_BLOWFISH_X86_64
>> 1242 tristate "Blowfish cipher algorithm (x86_64)"
>> 1243 depends on X86 && 64BIT
>> 1244 select CRYPTO_SKCIPHER
>> 1245 select CRYPTO_BLOWFISH_COMMON
>> 1246 help
>> 1247 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
>> 1248
>> 1249 This is a variable key length cipher which can use keys from 32
>> 1250 bits to 448 bits in length. It's fast, simple and specifically
>> 1251 designed for use on "large microprocessors".
>> 1252
>> 1253 See also:
>> 1254 <http://www.schneier.com/blowfish.html>
>> 1255
>> 1256 config CRYPTO_CAMELLIA
>> 1257 tristate "Camellia cipher algorithms"
>> 1258 depends on CRYPTO
>> 1259 select CRYPTO_ALGAPI
>> 1260 help
>> 1261 Camellia cipher algorithms module.
>> 1262
>> 1263 Camellia is a symmetric key block cipher developed jointly
>> 1264 at NTT and Mitsubishi Electric Corporation.
>> 1265
>> 1266 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1267
>> 1268 See also:
>> 1269 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1270
>> 1271 config CRYPTO_CAMELLIA_X86_64
>> 1272 tristate "Camellia cipher algorithm (x86_64)"
>> 1273 depends on X86 && 64BIT
>> 1274 depends on CRYPTO
>> 1275 select CRYPTO_SKCIPHER
>> 1276 select CRYPTO_GLUE_HELPER_X86
>> 1277 help
>> 1278 Camellia cipher algorithm module (x86_64).
>> 1279
>> 1280 Camellia is a symmetric key block cipher developed jointly
>> 1281 at NTT and Mitsubishi Electric Corporation.
>> 1282
>> 1283 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1284
>> 1285 See also:
>> 1286 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1287
>> 1288 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1289 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
>> 1290 depends on X86 && 64BIT
>> 1291 depends on CRYPTO
>> 1292 select CRYPTO_SKCIPHER
>> 1293 select CRYPTO_CAMELLIA_X86_64
>> 1294 select CRYPTO_GLUE_HELPER_X86
>> 1295 select CRYPTO_SIMD
>> 1296 select CRYPTO_XTS
>> 1297 help
>> 1298 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
>> 1299
>> 1300 Camellia is a symmetric key block cipher developed jointly
>> 1301 at NTT and Mitsubishi Electric Corporation.
>> 1302
>> 1303 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1304
>> 1305 See also:
>> 1306 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1307
>> 1308 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
>> 1309 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
>> 1310 depends on X86 && 64BIT
>> 1311 depends on CRYPTO
>> 1312 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1313 help
>> 1314 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
>> 1315
>> 1316 Camellia is a symmetric key block cipher developed jointly
>> 1317 at NTT and Mitsubishi Electric Corporation.
>> 1318
>> 1319 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1320
>> 1321 See also:
>> 1322 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1323
>> 1324 config CRYPTO_CAMELLIA_SPARC64
>> 1325 tristate "Camellia cipher algorithm (SPARC64)"
>> 1326 depends on SPARC64
>> 1327 depends on CRYPTO
>> 1328 select CRYPTO_ALGAPI
>> 1329 select CRYPTO_SKCIPHER
>> 1330 help
>> 1331 Camellia cipher algorithm module (SPARC64).
>> 1332
>> 1333 Camellia is a symmetric key block cipher developed jointly
>> 1334 at NTT and Mitsubishi Electric Corporation.
>> 1335
>> 1336 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1337
>> 1338 See also:
>> 1339 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1340
>> 1341 config CRYPTO_CAST_COMMON
>> 1342 tristate
>> 1343 help
>> 1344 Common parts of the CAST cipher algorithms shared by the
>> 1345 generic c and the assembler implementations.
>> 1346
>> 1347 config CRYPTO_CAST5
>> 1348 tristate "CAST5 (CAST-128) cipher algorithm"
>> 1349 select CRYPTO_ALGAPI
>> 1350 select CRYPTO_CAST_COMMON
>> 1351 help
>> 1352 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1353 described in RFC2144.
>> 1354
>> 1355 config CRYPTO_CAST5_AVX_X86_64
>> 1356 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
>> 1357 depends on X86 && 64BIT
>> 1358 select CRYPTO_SKCIPHER
>> 1359 select CRYPTO_CAST5
>> 1360 select CRYPTO_CAST_COMMON
>> 1361 select CRYPTO_SIMD
>> 1362 help
>> 1363 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1364 described in RFC2144.
>> 1365
>> 1366 This module provides the Cast5 cipher algorithm that processes
>> 1367 sixteen blocks parallel using the AVX instruction set.
>> 1368
>> 1369 config CRYPTO_CAST6
>> 1370 tristate "CAST6 (CAST-256) cipher algorithm"
>> 1371 select CRYPTO_ALGAPI
>> 1372 select CRYPTO_CAST_COMMON
>> 1373 help
>> 1374 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1375 described in RFC2612.
>> 1376
>> 1377 config CRYPTO_CAST6_AVX_X86_64
>> 1378 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
>> 1379 depends on X86 && 64BIT
>> 1380 select CRYPTO_SKCIPHER
>> 1381 select CRYPTO_CAST6
>> 1382 select CRYPTO_CAST_COMMON
>> 1383 select CRYPTO_GLUE_HELPER_X86
>> 1384 select CRYPTO_SIMD
>> 1385 select CRYPTO_XTS
>> 1386 help
>> 1387 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1388 described in RFC2612.
>> 1389
>> 1390 This module provides the Cast6 cipher algorithm that processes
>> 1391 eight blocks parallel using the AVX instruction set.
>> 1392
>> 1393 config CRYPTO_DES
>> 1394 tristate "DES and Triple DES EDE cipher algorithms"
>> 1395 select CRYPTO_ALGAPI
>> 1396 select CRYPTO_LIB_DES
>> 1397 help
>> 1398 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
>> 1399
>> 1400 config CRYPTO_DES_SPARC64
>> 1401 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
>> 1402 depends on SPARC64
>> 1403 select CRYPTO_ALGAPI
>> 1404 select CRYPTO_LIB_DES
>> 1405 select CRYPTO_SKCIPHER
>> 1406 help
>> 1407 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
>> 1408 optimized using SPARC64 crypto opcodes.
>> 1409
>> 1410 config CRYPTO_DES3_EDE_X86_64
>> 1411 tristate "Triple DES EDE cipher algorithm (x86-64)"
>> 1412 depends on X86 && 64BIT
>> 1413 select CRYPTO_SKCIPHER
>> 1414 select CRYPTO_LIB_DES
>> 1415 help
>> 1416 Triple DES EDE (FIPS 46-3) algorithm.
>> 1417
>> 1418 This module provides implementation of the Triple DES EDE cipher
>> 1419 algorithm that is optimized for x86-64 processors. Two versions of
>> 1420 algorithm are provided; regular processing one input block and
>> 1421 one that processes three blocks parallel.
>> 1422
>> 1423 config CRYPTO_FCRYPT
>> 1424 tristate "FCrypt cipher algorithm"
>> 1425 select CRYPTO_ALGAPI
>> 1426 select CRYPTO_SKCIPHER
>> 1427 help
>> 1428 FCrypt algorithm used by RxRPC.
>> 1429
>> 1430 config CRYPTO_KHAZAD
>> 1431 tristate "Khazad cipher algorithm"
>> 1432 select CRYPTO_ALGAPI
1113 help 1433 help
1114 CRC64 CRC algorithm based on the Ro !! 1434 Khazad cipher algorithm.
>> 1435
>> 1436 Khazad was a finalist in the initial NESSIE competition. It is
>> 1437 an algorithm optimized for 64-bit processors with good performance
>> 1438 on 32-bit processors. Khazad uses an 128 bit key size.
1115 1439
1116 Used by the NVMe implementation of !! 1440 See also:
>> 1441 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1117 1442
1118 See https://zlib.net/crc_v3.txt !! 1443 config CRYPTO_SALSA20
>> 1444 tristate "Salsa20 stream cipher algorithm"
>> 1445 select CRYPTO_SKCIPHER
>> 1446 help
>> 1447 Salsa20 stream cipher algorithm.
1119 1448
1120 endmenu !! 1449 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
>> 1450 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1121 1451
1122 menu "Compression" !! 1452 The Salsa20 stream cipher algorithm is designed by Daniel J.
>> 1453 Bernstein <http://cr.yp.to/snuffle.html">djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
>> 1454
>> 1455 config CRYPTO_CHACHA20
>> 1456 tristate "ChaCha stream cipher algorithms"
>> 1457 select CRYPTO_LIB_CHACHA_GENERIC
>> 1458 select CRYPTO_SKCIPHER
>> 1459 help
>> 1460 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
>> 1461
>> 1462 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
>> 1463 Bernstein and further specified in RFC7539 for use in IETF protocols.
>> 1464 This is the portable C implementation of ChaCha20. See also:
>> 1465 <http://cr.yp.to/chacha/chacha-20080128.pdf>
>> 1466
>> 1467 XChaCha20 is the application of the XSalsa20 construction to ChaCha20
>> 1468 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
>> 1469 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
>> 1470 while provably retaining ChaCha20's security. See also:
>> 1471 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
>> 1472
>> 1473 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
>> 1474 reduced security margin but increased performance. It can be needed
>> 1475 in some performance-sensitive scenarios.
>> 1476
>> 1477 config CRYPTO_CHACHA20_X86_64
>> 1478 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
>> 1479 depends on X86 && 64BIT
>> 1480 select CRYPTO_SKCIPHER
>> 1481 select CRYPTO_LIB_CHACHA_GENERIC
>> 1482 select CRYPTO_ARCH_HAVE_LIB_CHACHA
>> 1483 help
>> 1484 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
>> 1485 XChaCha20, and XChaCha12 stream ciphers.
>> 1486
>> 1487 config CRYPTO_CHACHA_MIPS
>> 1488 tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)"
>> 1489 depends on CPU_MIPS32_R2
>> 1490 select CRYPTO_SKCIPHER
>> 1491 select CRYPTO_ARCH_HAVE_LIB_CHACHA
>> 1492
>> 1493 config CRYPTO_SEED
>> 1494 tristate "SEED cipher algorithm"
>> 1495 select CRYPTO_ALGAPI
>> 1496 help
>> 1497 SEED cipher algorithm (RFC4269).
>> 1498
>> 1499 SEED is a 128-bit symmetric key block cipher that has been
>> 1500 developed by KISA (Korea Information Security Agency) as a
>> 1501 national standard encryption algorithm of the Republic of Korea.
>> 1502 It is a 16 round block cipher with the key size of 128 bit.
>> 1503
>> 1504 See also:
>> 1505 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
>> 1506
>> 1507 config CRYPTO_SERPENT
>> 1508 tristate "Serpent cipher algorithm"
>> 1509 select CRYPTO_ALGAPI
>> 1510 help
>> 1511 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1512
>> 1513 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1514 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
>> 1515 variant of Serpent for compatibility with old kerneli.org code.
>> 1516
>> 1517 See also:
>> 1518 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1519
>> 1520 config CRYPTO_SERPENT_SSE2_X86_64
>> 1521 tristate "Serpent cipher algorithm (x86_64/SSE2)"
>> 1522 depends on X86 && 64BIT
>> 1523 select CRYPTO_SKCIPHER
>> 1524 select CRYPTO_GLUE_HELPER_X86
>> 1525 select CRYPTO_SERPENT
>> 1526 select CRYPTO_SIMD
>> 1527 help
>> 1528 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1529
>> 1530 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1531 of 8 bits.
>> 1532
>> 1533 This module provides Serpent cipher algorithm that processes eight
>> 1534 blocks parallel using SSE2 instruction set.
>> 1535
>> 1536 See also:
>> 1537 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1538
>> 1539 config CRYPTO_SERPENT_SSE2_586
>> 1540 tristate "Serpent cipher algorithm (i586/SSE2)"
>> 1541 depends on X86 && !64BIT
>> 1542 select CRYPTO_SKCIPHER
>> 1543 select CRYPTO_GLUE_HELPER_X86
>> 1544 select CRYPTO_SERPENT
>> 1545 select CRYPTO_SIMD
>> 1546 help
>> 1547 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1548
>> 1549 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1550 of 8 bits.
>> 1551
>> 1552 This module provides Serpent cipher algorithm that processes four
>> 1553 blocks parallel using SSE2 instruction set.
>> 1554
>> 1555 See also:
>> 1556 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1557
>> 1558 config CRYPTO_SERPENT_AVX_X86_64
>> 1559 tristate "Serpent cipher algorithm (x86_64/AVX)"
>> 1560 depends on X86 && 64BIT
>> 1561 select CRYPTO_SKCIPHER
>> 1562 select CRYPTO_GLUE_HELPER_X86
>> 1563 select CRYPTO_SERPENT
>> 1564 select CRYPTO_SIMD
>> 1565 select CRYPTO_XTS
>> 1566 help
>> 1567 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1568
>> 1569 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1570 of 8 bits.
>> 1571
>> 1572 This module provides the Serpent cipher algorithm that processes
>> 1573 eight blocks parallel using the AVX instruction set.
>> 1574
>> 1575 See also:
>> 1576 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1577
>> 1578 config CRYPTO_SERPENT_AVX2_X86_64
>> 1579 tristate "Serpent cipher algorithm (x86_64/AVX2)"
>> 1580 depends on X86 && 64BIT
>> 1581 select CRYPTO_SERPENT_AVX_X86_64
>> 1582 help
>> 1583 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1584
>> 1585 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1586 of 8 bits.
>> 1587
>> 1588 This module provides Serpent cipher algorithm that processes 16
>> 1589 blocks parallel using AVX2 instruction set.
>> 1590
>> 1591 See also:
>> 1592 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1593
>> 1594 config CRYPTO_SM4
>> 1595 tristate "SM4 cipher algorithm"
>> 1596 select CRYPTO_ALGAPI
>> 1597 help
>> 1598 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
>> 1599
>> 1600 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
>> 1601 Organization of State Commercial Administration of China (OSCCA)
>> 1602 as an authorized cryptographic algorithms for the use within China.
>> 1603
>> 1604 SMS4 was originally created for use in protecting wireless
>> 1605 networks, and is mandated in the Chinese National Standard for
>> 1606 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
>> 1607 (GB.15629.11-2003).
>> 1608
>> 1609 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
>> 1610 standardized through TC 260 of the Standardization Administration
>> 1611 of the People's Republic of China (SAC).
>> 1612
>> 1613 The input, output, and key of SMS4 are each 128 bits.
>> 1614
>> 1615 See also: <https://eprint.iacr.org/2008/329.pdf>
>> 1616
>> 1617 If unsure, say N.
>> 1618
>> 1619 config CRYPTO_TEA
>> 1620 tristate "TEA, XTEA and XETA cipher algorithms"
>> 1621 select CRYPTO_ALGAPI
>> 1622 help
>> 1623 TEA cipher algorithm.
>> 1624
>> 1625 Tiny Encryption Algorithm is a simple cipher that uses
>> 1626 many rounds for security. It is very fast and uses
>> 1627 little memory.
>> 1628
>> 1629 Xtendend Tiny Encryption Algorithm is a modification to
>> 1630 the TEA algorithm to address a potential key weakness
>> 1631 in the TEA algorithm.
>> 1632
>> 1633 Xtendend Encryption Tiny Algorithm is a mis-implementation
>> 1634 of the XTEA algorithm for compatibility purposes.
>> 1635
>> 1636 config CRYPTO_TWOFISH
>> 1637 tristate "Twofish cipher algorithm"
>> 1638 select CRYPTO_ALGAPI
>> 1639 select CRYPTO_TWOFISH_COMMON
>> 1640 help
>> 1641 Twofish cipher algorithm.
>> 1642
>> 1643 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1644 candidate cipher by researchers at CounterPane Systems. It is a
>> 1645 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1646 bits.
>> 1647
>> 1648 See also:
>> 1649 <http://www.schneier.com/twofish.html>
>> 1650
>> 1651 config CRYPTO_TWOFISH_COMMON
>> 1652 tristate
>> 1653 help
>> 1654 Common parts of the Twofish cipher algorithm shared by the
>> 1655 generic c and the assembler implementations.
>> 1656
>> 1657 config CRYPTO_TWOFISH_586
>> 1658 tristate "Twofish cipher algorithms (i586)"
>> 1659 depends on (X86 || UML_X86) && !64BIT
>> 1660 select CRYPTO_ALGAPI
>> 1661 select CRYPTO_TWOFISH_COMMON
>> 1662 help
>> 1663 Twofish cipher algorithm.
>> 1664
>> 1665 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1666 candidate cipher by researchers at CounterPane Systems. It is a
>> 1667 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1668 bits.
>> 1669
>> 1670 See also:
>> 1671 <http://www.schneier.com/twofish.html>
>> 1672
>> 1673 config CRYPTO_TWOFISH_X86_64
>> 1674 tristate "Twofish cipher algorithm (x86_64)"
>> 1675 depends on (X86 || UML_X86) && 64BIT
>> 1676 select CRYPTO_ALGAPI
>> 1677 select CRYPTO_TWOFISH_COMMON
>> 1678 help
>> 1679 Twofish cipher algorithm (x86_64).
>> 1680
>> 1681 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1682 candidate cipher by researchers at CounterPane Systems. It is a
>> 1683 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1684 bits.
>> 1685
>> 1686 See also:
>> 1687 <http://www.schneier.com/twofish.html>
>> 1688
>> 1689 config CRYPTO_TWOFISH_X86_64_3WAY
>> 1690 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
>> 1691 depends on X86 && 64BIT
>> 1692 select CRYPTO_SKCIPHER
>> 1693 select CRYPTO_TWOFISH_COMMON
>> 1694 select CRYPTO_TWOFISH_X86_64
>> 1695 select CRYPTO_GLUE_HELPER_X86
>> 1696 help
>> 1697 Twofish cipher algorithm (x86_64, 3-way parallel).
>> 1698
>> 1699 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1700 candidate cipher by researchers at CounterPane Systems. It is a
>> 1701 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1702 bits.
>> 1703
>> 1704 This module provides Twofish cipher algorithm that processes three
>> 1705 blocks parallel, utilizing resources of out-of-order CPUs better.
>> 1706
>> 1707 See also:
>> 1708 <http://www.schneier.com/twofish.html>
>> 1709
>> 1710 config CRYPTO_TWOFISH_AVX_X86_64
>> 1711 tristate "Twofish cipher algorithm (x86_64/AVX)"
>> 1712 depends on X86 && 64BIT
>> 1713 select CRYPTO_SKCIPHER
>> 1714 select CRYPTO_GLUE_HELPER_X86
>> 1715 select CRYPTO_SIMD
>> 1716 select CRYPTO_TWOFISH_COMMON
>> 1717 select CRYPTO_TWOFISH_X86_64
>> 1718 select CRYPTO_TWOFISH_X86_64_3WAY
>> 1719 help
>> 1720 Twofish cipher algorithm (x86_64/AVX).
>> 1721
>> 1722 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1723 candidate cipher by researchers at CounterPane Systems. It is a
>> 1724 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1725 bits.
>> 1726
>> 1727 This module provides the Twofish cipher algorithm that processes
>> 1728 eight blocks parallel using the AVX Instruction Set.
>> 1729
>> 1730 See also:
>> 1731 <http://www.schneier.com/twofish.html>
>> 1732
>> 1733 comment "Compression"
1123 1734
1124 config CRYPTO_DEFLATE 1735 config CRYPTO_DEFLATE
1125 tristate "Deflate" !! 1736 tristate "Deflate compression algorithm"
1126 select CRYPTO_ALGAPI 1737 select CRYPTO_ALGAPI
1127 select CRYPTO_ACOMP2 1738 select CRYPTO_ACOMP2
1128 select ZLIB_INFLATE 1739 select ZLIB_INFLATE
1129 select ZLIB_DEFLATE 1740 select ZLIB_DEFLATE
1130 help 1741 help
1131 Deflate compression algorithm (RFC1 !! 1742 This is the Deflate algorithm (RFC1951), specified for use in
>> 1743 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1132 1744
1133 Used by IPSec with the IPCOMP proto !! 1745 You will most probably want this if using IPSec.
1134 1746
1135 config CRYPTO_LZO 1747 config CRYPTO_LZO
1136 tristate "LZO" !! 1748 tristate "LZO compression algorithm"
1137 select CRYPTO_ALGAPI 1749 select CRYPTO_ALGAPI
1138 select CRYPTO_ACOMP2 1750 select CRYPTO_ACOMP2
1139 select LZO_COMPRESS 1751 select LZO_COMPRESS
1140 select LZO_DECOMPRESS 1752 select LZO_DECOMPRESS
1141 help 1753 help
1142 LZO compression algorithm !! 1754 This is the LZO algorithm.
1143 <<
1144 See https://www.oberhumer.com/opens <<
1145 1755
1146 config CRYPTO_842 1756 config CRYPTO_842
1147 tristate "842" !! 1757 tristate "842 compression algorithm"
1148 select CRYPTO_ALGAPI 1758 select CRYPTO_ALGAPI
1149 select CRYPTO_ACOMP2 1759 select CRYPTO_ACOMP2
1150 select 842_COMPRESS 1760 select 842_COMPRESS
1151 select 842_DECOMPRESS 1761 select 842_DECOMPRESS
1152 help 1762 help
1153 842 compression algorithm by IBM !! 1763 This is the 842 algorithm.
1154 <<
1155 See https://github.com/plauth/lib84 <<
1156 1764
1157 config CRYPTO_LZ4 1765 config CRYPTO_LZ4
1158 tristate "LZ4" !! 1766 tristate "LZ4 compression algorithm"
1159 select CRYPTO_ALGAPI 1767 select CRYPTO_ALGAPI
1160 select CRYPTO_ACOMP2 1768 select CRYPTO_ACOMP2
1161 select LZ4_COMPRESS 1769 select LZ4_COMPRESS
1162 select LZ4_DECOMPRESS 1770 select LZ4_DECOMPRESS
1163 help 1771 help
1164 LZ4 compression algorithm !! 1772 This is the LZ4 algorithm.
1165 <<
1166 See https://github.com/lz4/lz4 for <<
1167 1773
1168 config CRYPTO_LZ4HC 1774 config CRYPTO_LZ4HC
1169 tristate "LZ4HC" !! 1775 tristate "LZ4HC compression algorithm"
1170 select CRYPTO_ALGAPI 1776 select CRYPTO_ALGAPI
1171 select CRYPTO_ACOMP2 1777 select CRYPTO_ACOMP2
1172 select LZ4HC_COMPRESS 1778 select LZ4HC_COMPRESS
1173 select LZ4_DECOMPRESS 1779 select LZ4_DECOMPRESS
1174 help 1780 help
1175 LZ4 high compression mode algorithm !! 1781 This is the LZ4 high compression mode algorithm.
1176 <<
1177 See https://github.com/lz4/lz4 for <<
1178 1782
1179 config CRYPTO_ZSTD 1783 config CRYPTO_ZSTD
1180 tristate "Zstd" !! 1784 tristate "Zstd compression algorithm"
1181 select CRYPTO_ALGAPI 1785 select CRYPTO_ALGAPI
1182 select CRYPTO_ACOMP2 1786 select CRYPTO_ACOMP2
1183 select ZSTD_COMPRESS 1787 select ZSTD_COMPRESS
1184 select ZSTD_DECOMPRESS 1788 select ZSTD_DECOMPRESS
1185 help 1789 help
1186 zstd compression algorithm !! 1790 This is the zstd algorithm.
1187 <<
1188 See https://github.com/facebook/zst <<
1189 1791
1190 endmenu !! 1792 comment "Random Number Generation"
1191 <<
1192 menu "Random number generation" <<
1193 1793
1194 config CRYPTO_ANSI_CPRNG 1794 config CRYPTO_ANSI_CPRNG
1195 tristate "ANSI PRNG (Pseudo Random Nu !! 1795 tristate "Pseudo Random Number Generation for Cryptographic modules"
1196 select CRYPTO_AES 1796 select CRYPTO_AES
1197 select CRYPTO_RNG 1797 select CRYPTO_RNG
1198 help 1798 help
1199 Pseudo RNG (random number generator !! 1799 This option enables the generic pseudo random number generator
1200 !! 1800 for cryptographic modules. Uses the Algorithm specified in
1201 This uses the AES cipher algorithm. !! 1801 ANSI X9.31 A.2.4. Note that this option must be enabled if
1202 !! 1802 CRYPTO_FIPS is selected
1203 Note that this option must be enabl <<
1204 1803
1205 menuconfig CRYPTO_DRBG_MENU 1804 menuconfig CRYPTO_DRBG_MENU
1206 tristate "NIST SP800-90A DRBG (Determ !! 1805 tristate "NIST SP800-90A DRBG"
1207 help 1806 help
1208 DRBG (Deterministic Random Bit Gene !! 1807 NIST SP800-90A compliant DRBG. In the following submenu, one or
1209 !! 1808 more of the DRBG types must be selected.
1210 In the following submenu, one or mo <<
1211 1809
1212 if CRYPTO_DRBG_MENU 1810 if CRYPTO_DRBG_MENU
1213 1811
1214 config CRYPTO_DRBG_HMAC 1812 config CRYPTO_DRBG_HMAC
1215 bool 1813 bool
1216 default y 1814 default y
1217 select CRYPTO_HMAC 1815 select CRYPTO_HMAC
1218 select CRYPTO_SHA512 !! 1816 select CRYPTO_SHA256
1219 1817
1220 config CRYPTO_DRBG_HASH 1818 config CRYPTO_DRBG_HASH
1221 bool "Hash_DRBG" !! 1819 bool "Enable Hash DRBG"
1222 select CRYPTO_SHA256 1820 select CRYPTO_SHA256
1223 help 1821 help
1224 Hash_DRBG variant as defined in NIS !! 1822 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1225 <<
1226 This uses the SHA-1, SHA-256, SHA-3 <<
1227 1823
1228 config CRYPTO_DRBG_CTR 1824 config CRYPTO_DRBG_CTR
1229 bool "CTR_DRBG" !! 1825 bool "Enable CTR DRBG"
1230 select CRYPTO_AES 1826 select CRYPTO_AES
1231 select CRYPTO_CTR !! 1827 depends on CRYPTO_CTR
1232 help 1828 help
1233 CTR_DRBG variant as defined in NIST !! 1829 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1234 <<
1235 This uses the AES cipher algorithm <<
1236 1830
1237 config CRYPTO_DRBG 1831 config CRYPTO_DRBG
1238 tristate 1832 tristate
1239 default CRYPTO_DRBG_MENU 1833 default CRYPTO_DRBG_MENU
1240 select CRYPTO_RNG 1834 select CRYPTO_RNG
1241 select CRYPTO_JITTERENTROPY 1835 select CRYPTO_JITTERENTROPY
1242 1836
1243 endif # if CRYPTO_DRBG_MENU 1837 endif # if CRYPTO_DRBG_MENU
1244 1838
1245 config CRYPTO_JITTERENTROPY 1839 config CRYPTO_JITTERENTROPY
1246 tristate "CPU Jitter Non-Deterministi !! 1840 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1247 select CRYPTO_RNG 1841 select CRYPTO_RNG
1248 select CRYPTO_SHA3 <<
1249 help 1842 help
1250 CPU Jitter RNG (Random Number Gener !! 1843 The Jitterentropy RNG is a noise that is intended
1251 !! 1844 to provide seed to another RNG. The RNG does not
1252 A non-physical non-deterministic (" !! 1845 perform any cryptographic whitening of the generated
1253 compliant with NIST SP800-90B) inte !! 1846 random numbers. This Jitterentropy RNG registers with
1254 deterministic RNG (e.g., per NIST S !! 1847 the kernel crypto API and can be used by any caller.
1255 This RNG does not perform any crypt <<
1256 random numbers. <<
1257 <<
1258 See https://www.chronox.de/jent/ <<
1259 <<
1260 if CRYPTO_JITTERENTROPY <<
1261 if CRYPTO_FIPS && EXPERT <<
1262 <<
1263 choice <<
1264 prompt "CPU Jitter RNG Memory Size" <<
1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ <<
1266 help <<
1267 The Jitter RNG measures the executi <<
1268 Multiple consecutive memory accesse <<
1269 size fits into a cache (e.g. L1), o <<
1270 to that cache is measured. The clos <<
1271 the less variations are measured an <<
1272 obtained. Thus, if the memory size <<
1273 obtained entropy is less than if th <<
1274 L1 + L2, which in turn is less if t <<
1275 L1 + L2 + L3. Thus, by selecting a <<
1276 the entropy rate produced by the Ji <<
1277 <<
1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 <<
1279 bool "2048 Bytes (default)" <<
1280 <<
1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1282 bool "128 kBytes" <<
1283 <<
1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1285 bool "1024 kBytes" <<
1286 <<
1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 <<
1288 bool "8192 kBytes" <<
1289 endchoice <<
1290 <<
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1292 int <<
1293 default 64 if CRYPTO_JITTERENTROPY_ME <<
1294 default 512 if CRYPTO_JITTERENTROPY_M <<
1295 default 1024 if CRYPTO_JITTERENTROPY_ <<
1296 default 4096 if CRYPTO_JITTERENTROPY_ <<
1297 <<
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1299 int <<
1300 default 32 if CRYPTO_JITTERENTROPY_ME <<
1301 default 256 if CRYPTO_JITTERENTROPY_M <<
1302 default 1024 if CRYPTO_JITTERENTROPY_ <<
1303 default 2048 if CRYPTO_JITTERENTROPY_ <<
1304 <<
1305 config CRYPTO_JITTERENTROPY_OSR <<
1306 int "CPU Jitter RNG Oversampling Rate <<
1307 range 1 15 <<
1308 default 3 <<
1309 help <<
1310 The Jitter RNG allows the specifica <<
1311 The Jitter RNG operation requires a <<
1312 measurements to produce one output <<
1313 OSR value is multiplied with the am <<
1314 generate one output block. Thus, th <<
1315 by the OSR factor. The oversampling <<
1316 on hardware whose timers deliver li <<
1317 the timer is coarse) by setting the <<
1318 trade-off, however, is that the Jit <<
1319 to generate random numbers. <<
1320 <<
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1322 bool "CPU Jitter RNG Test Interface" <<
1323 help <<
1324 The test interface allows a privile <<
1325 the raw unconditioned high resoluti <<
1326 is collected by the Jitter RNG for <<
1327 this data is used at the same time <<
1328 the Jitter RNG operates in an insec <<
1329 recording is enabled. This interfac <<
1330 intended for testing purposes and i <<
1331 production systems. <<
1332 <<
1333 The raw noise data can be obtained <<
1334 debugfs file. Using the option <<
1335 jitterentropy_testing.boot_raw_hire <<
1336 the first 1000 entropy events since <<
1337 <<
1338 If unsure, select N. <<
1339 <<
1340 endif # if CRYPTO_FIPS && EXPERT <<
1341 <<
1342 if !(CRYPTO_FIPS && EXPERT) <<
1343 <<
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1345 int <<
1346 default 64 <<
1347 <<
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1349 int <<
1350 default 32 <<
1351 <<
1352 config CRYPTO_JITTERENTROPY_OSR <<
1353 int <<
1354 default 1 <<
1355 <<
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1357 bool <<
1358 <<
1359 endif # if !(CRYPTO_FIPS && EXPERT) <<
1360 endif # if CRYPTO_JITTERENTROPY <<
1361 <<
1362 config CRYPTO_KDF800108_CTR <<
1363 tristate <<
1364 select CRYPTO_HMAC <<
1365 select CRYPTO_SHA256 <<
1366 <<
1367 endmenu <<
1368 menu "Userspace interface" <<
1369 1848
1370 config CRYPTO_USER_API 1849 config CRYPTO_USER_API
1371 tristate 1850 tristate
1372 1851
1373 config CRYPTO_USER_API_HASH 1852 config CRYPTO_USER_API_HASH
1374 tristate "Hash algorithms" !! 1853 tristate "User-space interface for hash algorithms"
1375 depends on NET 1854 depends on NET
1376 select CRYPTO_HASH 1855 select CRYPTO_HASH
1377 select CRYPTO_USER_API 1856 select CRYPTO_USER_API
1378 help 1857 help
1379 Enable the userspace interface for !! 1858 This option enables the user-spaces interface for hash
1380 !! 1859 algorithms.
1381 See Documentation/crypto/userspace- <<
1382 https://www.chronox.de/libkcapi/htm <<
1383 1860
1384 config CRYPTO_USER_API_SKCIPHER 1861 config CRYPTO_USER_API_SKCIPHER
1385 tristate "Symmetric key cipher algori !! 1862 tristate "User-space interface for symmetric key cipher algorithms"
1386 depends on NET 1863 depends on NET
1387 select CRYPTO_SKCIPHER 1864 select CRYPTO_SKCIPHER
1388 select CRYPTO_USER_API 1865 select CRYPTO_USER_API
1389 help 1866 help
1390 Enable the userspace interface for !! 1867 This option enables the user-spaces interface for symmetric
1391 !! 1868 key cipher algorithms.
1392 See Documentation/crypto/userspace- <<
1393 https://www.chronox.de/libkcapi/htm <<
1394 1869
1395 config CRYPTO_USER_API_RNG 1870 config CRYPTO_USER_API_RNG
1396 tristate "RNG (random number generato !! 1871 tristate "User-space interface for random number generator algorithms"
1397 depends on NET 1872 depends on NET
1398 select CRYPTO_RNG 1873 select CRYPTO_RNG
1399 select CRYPTO_USER_API 1874 select CRYPTO_USER_API
1400 help 1875 help
1401 Enable the userspace interface for !! 1876 This option enables the user-spaces interface for random
1402 algorithms. !! 1877 number generator algorithms.
1403 <<
1404 See Documentation/crypto/userspace- <<
1405 https://www.chronox.de/libkcapi/htm <<
1406 <<
1407 config CRYPTO_USER_API_RNG_CAVP <<
1408 bool "Enable CAVP testing of DRBG" <<
1409 depends on CRYPTO_USER_API_RNG && CRY <<
1410 help <<
1411 Enable extra APIs in the userspace <<
1412 (Cryptographic Algorithm Validation <<
1413 - resetting DRBG entropy <<
1414 - providing Additional Data <<
1415 <<
1416 This should only be enabled for CAV <<
1417 no unless you know what this is. <<
1418 1878
1419 config CRYPTO_USER_API_AEAD 1879 config CRYPTO_USER_API_AEAD
1420 tristate "AEAD cipher algorithms" !! 1880 tristate "User-space interface for AEAD cipher algorithms"
1421 depends on NET 1881 depends on NET
1422 select CRYPTO_AEAD 1882 select CRYPTO_AEAD
1423 select CRYPTO_SKCIPHER 1883 select CRYPTO_SKCIPHER
1424 select CRYPTO_NULL 1884 select CRYPTO_NULL
1425 select CRYPTO_USER_API 1885 select CRYPTO_USER_API
1426 help 1886 help
1427 Enable the userspace interface for !! 1887 This option enables the user-spaces interface for AEAD
>> 1888 cipher algorithms.
1428 1889
1429 See Documentation/crypto/userspace- !! 1890 config CRYPTO_STATS
1430 https://www.chronox.de/libkcapi/htm !! 1891 bool "Crypto usage statistics for User-space"
1431 !! 1892 depends on CRYPTO_USER
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE !! 1893 help
1433 bool "Obsolete cryptographic algorith !! 1894 This option enables the gathering of crypto stats.
1434 depends on CRYPTO_USER_API !! 1895 This will collect:
1435 default y !! 1896 - encrypt/decrypt size and numbers of symmeric operations
1436 help !! 1897 - compress/decompress size and numbers of compress operations
1437 Allow obsolete cryptographic algori !! 1898 - size and numbers of hash operations
1438 already been phased out from intern !! 1899 - encrypt/decrypt/sign/verify numbers for asymmetric operations
1439 only useful for userspace clients t !! 1900 - generate/seed numbers for rng operations
1440 <<
1441 endmenu <<
1442 1901
1443 config CRYPTO_HASH_INFO 1902 config CRYPTO_HASH_INFO
1444 bool 1903 bool
1445 1904
1446 if !KMSAN # avoid false positives from assemb !! 1905 source "lib/crypto/Kconfig"
1447 if ARM <<
1448 source "arch/arm/crypto/Kconfig" <<
1449 endif <<
1450 if ARM64 <<
1451 source "arch/arm64/crypto/Kconfig" <<
1452 endif <<
1453 if LOONGARCH <<
1454 source "arch/loongarch/crypto/Kconfig" <<
1455 endif <<
1456 if MIPS <<
1457 source "arch/mips/crypto/Kconfig" <<
1458 endif <<
1459 if PPC <<
1460 source "arch/powerpc/crypto/Kconfig" <<
1461 endif <<
1462 if RISCV <<
1463 source "arch/riscv/crypto/Kconfig" <<
1464 endif <<
1465 if S390 <<
1466 source "arch/s390/crypto/Kconfig" <<
1467 endif <<
1468 if SPARC <<
1469 source "arch/sparc/crypto/Kconfig" <<
1470 endif <<
1471 if X86 <<
1472 source "arch/x86/crypto/Kconfig" <<
1473 endif <<
1474 endif <<
1475 <<
1476 source "drivers/crypto/Kconfig" 1906 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig" 1907 source "crypto/asymmetric_keys/Kconfig"
1478 source "certs/Kconfig" 1908 source "certs/Kconfig"
1479 1909
1480 endif # if CRYPTO 1910 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.