1 # SPDX-License-Identifier: GPL-2.0 1 # SPDX-License-Identifier: GPL-2.0
2 # 2 #
3 # Generic algorithms support 3 # Generic algorithms support
4 # 4 #
5 config XOR_BLOCKS 5 config XOR_BLOCKS
6 tristate 6 tristate
7 7
8 # 8 #
9 # async_tx api: hardware offloaded memory tran 9 # async_tx api: hardware offloaded memory transfer/transform support
10 # 10 #
11 source "crypto/async_tx/Kconfig" 11 source "crypto/async_tx/Kconfig"
12 12
13 # 13 #
14 # Cryptographic API Configuration 14 # Cryptographic API Configuration
15 # 15 #
16 menuconfig CRYPTO 16 menuconfig CRYPTO
17 tristate "Cryptographic API" 17 tristate "Cryptographic API"
18 select CRYPTO_LIB_UTILS !! 18 select LIB_MEMNEQ
19 help 19 help
20 This option provides the core Crypto 20 This option provides the core Cryptographic API.
21 21
22 if CRYPTO 22 if CRYPTO
23 23
24 menu "Crypto core or helper" !! 24 comment "Crypto core or helper"
25 25
26 config CRYPTO_FIPS 26 config CRYPTO_FIPS
27 bool "FIPS 200 compliance" 27 bool "FIPS 200 compliance"
28 depends on (CRYPTO_ANSI_CPRNG || CRYPT 28 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
29 depends on (MODULE_SIG || !MODULES) 29 depends on (MODULE_SIG || !MODULES)
30 help 30 help
31 This option enables the fips boot op 31 This option enables the fips boot option which is
32 required if you want the system to o 32 required if you want the system to operate in a FIPS 200
33 certification. You should say no un 33 certification. You should say no unless you know what
34 this is. 34 this is.
35 35
36 config CRYPTO_FIPS_NAME 36 config CRYPTO_FIPS_NAME
37 string "FIPS Module Name" 37 string "FIPS Module Name"
38 default "Linux Kernel Cryptographic AP 38 default "Linux Kernel Cryptographic API"
39 depends on CRYPTO_FIPS 39 depends on CRYPTO_FIPS
40 help 40 help
41 This option sets the FIPS Module nam 41 This option sets the FIPS Module name reported by the Crypto API via
42 the /proc/sys/crypto/fips_name file. 42 the /proc/sys/crypto/fips_name file.
43 43
44 config CRYPTO_FIPS_CUSTOM_VERSION 44 config CRYPTO_FIPS_CUSTOM_VERSION
45 bool "Use Custom FIPS Module Version" 45 bool "Use Custom FIPS Module Version"
46 depends on CRYPTO_FIPS 46 depends on CRYPTO_FIPS
47 default n 47 default n
48 48
49 config CRYPTO_FIPS_VERSION 49 config CRYPTO_FIPS_VERSION
50 string "FIPS Module Version" 50 string "FIPS Module Version"
51 default "(none)" 51 default "(none)"
52 depends on CRYPTO_FIPS_CUSTOM_VERSION 52 depends on CRYPTO_FIPS_CUSTOM_VERSION
53 help 53 help
54 This option provides the ability to 54 This option provides the ability to override the FIPS Module Version.
55 By default the KERNELRELEASE value i 55 By default the KERNELRELEASE value is used.
56 56
57 config CRYPTO_ALGAPI 57 config CRYPTO_ALGAPI
58 tristate 58 tristate
59 select CRYPTO_ALGAPI2 59 select CRYPTO_ALGAPI2
60 help 60 help
61 This option provides the API for cry 61 This option provides the API for cryptographic algorithms.
62 62
63 config CRYPTO_ALGAPI2 63 config CRYPTO_ALGAPI2
64 tristate 64 tristate
65 65
66 config CRYPTO_AEAD 66 config CRYPTO_AEAD
67 tristate 67 tristate
68 select CRYPTO_AEAD2 68 select CRYPTO_AEAD2
69 select CRYPTO_ALGAPI 69 select CRYPTO_ALGAPI
70 70
71 config CRYPTO_AEAD2 71 config CRYPTO_AEAD2
72 tristate 72 tristate
73 select CRYPTO_ALGAPI2 73 select CRYPTO_ALGAPI2
74 !! 74 select CRYPTO_NULL2
75 config CRYPTO_SIG !! 75 select CRYPTO_RNG2
76 tristate <<
77 select CRYPTO_SIG2 <<
78 select CRYPTO_ALGAPI <<
79 <<
80 config CRYPTO_SIG2 <<
81 tristate <<
82 select CRYPTO_ALGAPI2 <<
83 76
84 config CRYPTO_SKCIPHER 77 config CRYPTO_SKCIPHER
85 tristate 78 tristate
86 select CRYPTO_SKCIPHER2 79 select CRYPTO_SKCIPHER2
87 select CRYPTO_ALGAPI 80 select CRYPTO_ALGAPI
88 select CRYPTO_ECB <<
89 81
90 config CRYPTO_SKCIPHER2 82 config CRYPTO_SKCIPHER2
91 tristate 83 tristate
92 select CRYPTO_ALGAPI2 84 select CRYPTO_ALGAPI2
>> 85 select CRYPTO_RNG2
93 86
94 config CRYPTO_HASH 87 config CRYPTO_HASH
95 tristate 88 tristate
96 select CRYPTO_HASH2 89 select CRYPTO_HASH2
97 select CRYPTO_ALGAPI 90 select CRYPTO_ALGAPI
98 91
99 config CRYPTO_HASH2 92 config CRYPTO_HASH2
100 tristate 93 tristate
101 select CRYPTO_ALGAPI2 94 select CRYPTO_ALGAPI2
102 95
103 config CRYPTO_RNG 96 config CRYPTO_RNG
104 tristate 97 tristate
105 select CRYPTO_RNG2 98 select CRYPTO_RNG2
106 select CRYPTO_ALGAPI 99 select CRYPTO_ALGAPI
107 100
108 config CRYPTO_RNG2 101 config CRYPTO_RNG2
109 tristate 102 tristate
110 select CRYPTO_ALGAPI2 103 select CRYPTO_ALGAPI2
111 104
112 config CRYPTO_RNG_DEFAULT 105 config CRYPTO_RNG_DEFAULT
113 tristate 106 tristate
114 select CRYPTO_DRBG_MENU 107 select CRYPTO_DRBG_MENU
115 108
116 config CRYPTO_AKCIPHER2 109 config CRYPTO_AKCIPHER2
117 tristate 110 tristate
118 select CRYPTO_ALGAPI2 111 select CRYPTO_ALGAPI2
119 112
120 config CRYPTO_AKCIPHER 113 config CRYPTO_AKCIPHER
121 tristate 114 tristate
122 select CRYPTO_AKCIPHER2 115 select CRYPTO_AKCIPHER2
123 select CRYPTO_ALGAPI 116 select CRYPTO_ALGAPI
124 117
125 config CRYPTO_KPP2 118 config CRYPTO_KPP2
126 tristate 119 tristate
127 select CRYPTO_ALGAPI2 120 select CRYPTO_ALGAPI2
128 121
129 config CRYPTO_KPP 122 config CRYPTO_KPP
130 tristate 123 tristate
131 select CRYPTO_ALGAPI 124 select CRYPTO_ALGAPI
132 select CRYPTO_KPP2 125 select CRYPTO_KPP2
133 126
134 config CRYPTO_ACOMP2 127 config CRYPTO_ACOMP2
135 tristate 128 tristate
136 select CRYPTO_ALGAPI2 129 select CRYPTO_ALGAPI2
137 select SGL_ALLOC 130 select SGL_ALLOC
138 131
139 config CRYPTO_ACOMP 132 config CRYPTO_ACOMP
140 tristate 133 tristate
141 select CRYPTO_ALGAPI 134 select CRYPTO_ALGAPI
142 select CRYPTO_ACOMP2 135 select CRYPTO_ACOMP2
143 136
144 config CRYPTO_MANAGER 137 config CRYPTO_MANAGER
145 tristate "Cryptographic algorithm mana 138 tristate "Cryptographic algorithm manager"
146 select CRYPTO_MANAGER2 139 select CRYPTO_MANAGER2
147 help 140 help
148 Create default cryptographic templat 141 Create default cryptographic template instantiations such as
149 cbc(aes). 142 cbc(aes).
150 143
151 config CRYPTO_MANAGER2 144 config CRYPTO_MANAGER2
152 def_tristate CRYPTO_MANAGER || (CRYPTO 145 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153 select CRYPTO_ACOMP2 <<
154 select CRYPTO_AEAD2 146 select CRYPTO_AEAD2
155 select CRYPTO_AKCIPHER2 <<
156 select CRYPTO_SIG2 <<
157 select CRYPTO_HASH2 147 select CRYPTO_HASH2
158 select CRYPTO_KPP2 <<
159 select CRYPTO_RNG2 <<
160 select CRYPTO_SKCIPHER2 148 select CRYPTO_SKCIPHER2
>> 149 select CRYPTO_AKCIPHER2
>> 150 select CRYPTO_KPP2
>> 151 select CRYPTO_ACOMP2
161 152
162 config CRYPTO_USER 153 config CRYPTO_USER
163 tristate "Userspace cryptographic algo 154 tristate "Userspace cryptographic algorithm configuration"
164 depends on NET 155 depends on NET
165 select CRYPTO_MANAGER 156 select CRYPTO_MANAGER
166 help 157 help
167 Userspace configuration for cryptogr 158 Userspace configuration for cryptographic instantiations such as
168 cbc(aes). 159 cbc(aes).
169 160
170 config CRYPTO_MANAGER_DISABLE_TESTS 161 config CRYPTO_MANAGER_DISABLE_TESTS
171 bool "Disable run-time self tests" 162 bool "Disable run-time self tests"
172 default y 163 default y
173 help 164 help
174 Disable run-time self tests that nor 165 Disable run-time self tests that normally take place at
175 algorithm registration. 166 algorithm registration.
176 167
177 config CRYPTO_MANAGER_EXTRA_TESTS 168 config CRYPTO_MANAGER_EXTRA_TESTS
178 bool "Enable extra run-time crypto sel 169 bool "Enable extra run-time crypto self tests"
179 depends on DEBUG_KERNEL && !CRYPTO_MAN 170 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
180 help 171 help
181 Enable extra run-time self tests of 172 Enable extra run-time self tests of registered crypto algorithms,
182 including randomized fuzz tests. 173 including randomized fuzz tests.
183 174
184 This is intended for developer use o 175 This is intended for developer use only, as these tests take much
185 longer to run than the normal self t 176 longer to run than the normal self tests.
186 177
>> 178 config CRYPTO_GF128MUL
>> 179 tristate
>> 180
187 config CRYPTO_NULL 181 config CRYPTO_NULL
188 tristate "Null algorithms" 182 tristate "Null algorithms"
189 select CRYPTO_NULL2 183 select CRYPTO_NULL2
190 help 184 help
191 These are 'Null' algorithms, used by 185 These are 'Null' algorithms, used by IPsec, which do nothing.
192 186
193 config CRYPTO_NULL2 187 config CRYPTO_NULL2
194 tristate 188 tristate
195 select CRYPTO_ALGAPI2 189 select CRYPTO_ALGAPI2
196 select CRYPTO_SKCIPHER2 190 select CRYPTO_SKCIPHER2
197 select CRYPTO_HASH2 191 select CRYPTO_HASH2
198 192
199 config CRYPTO_PCRYPT 193 config CRYPTO_PCRYPT
200 tristate "Parallel crypto engine" 194 tristate "Parallel crypto engine"
201 depends on SMP 195 depends on SMP
202 select PADATA 196 select PADATA
203 select CRYPTO_MANAGER 197 select CRYPTO_MANAGER
204 select CRYPTO_AEAD 198 select CRYPTO_AEAD
205 help 199 help
206 This converts an arbitrary crypto al 200 This converts an arbitrary crypto algorithm into a parallel
207 algorithm that executes in kernel th 201 algorithm that executes in kernel threads.
208 202
209 config CRYPTO_CRYPTD 203 config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon 204 tristate "Software async crypto daemon"
211 select CRYPTO_SKCIPHER 205 select CRYPTO_SKCIPHER
212 select CRYPTO_HASH 206 select CRYPTO_HASH
213 select CRYPTO_MANAGER 207 select CRYPTO_MANAGER
214 help 208 help
215 This is a generic software asynchron 209 This is a generic software asynchronous crypto daemon that
216 converts an arbitrary synchronous so 210 converts an arbitrary synchronous software crypto algorithm
217 into an asynchronous algorithm that 211 into an asynchronous algorithm that executes in a kernel thread.
218 212
219 config CRYPTO_AUTHENC 213 config CRYPTO_AUTHENC
220 tristate "Authenc support" 214 tristate "Authenc support"
221 select CRYPTO_AEAD 215 select CRYPTO_AEAD
222 select CRYPTO_SKCIPHER 216 select CRYPTO_SKCIPHER
223 select CRYPTO_MANAGER 217 select CRYPTO_MANAGER
224 select CRYPTO_HASH 218 select CRYPTO_HASH
225 select CRYPTO_NULL 219 select CRYPTO_NULL
226 help 220 help
227 Authenc: Combined mode wrapper for I 221 Authenc: Combined mode wrapper for IPsec.
228 !! 222 This is required for IPSec.
229 This is required for IPSec ESP (XFRM <<
230 223
231 config CRYPTO_TEST 224 config CRYPTO_TEST
232 tristate "Testing module" 225 tristate "Testing module"
233 depends on m || EXPERT 226 depends on m || EXPERT
234 select CRYPTO_MANAGER 227 select CRYPTO_MANAGER
235 help 228 help
236 Quick & dirty crypto test module. 229 Quick & dirty crypto test module.
237 230
238 config CRYPTO_SIMD 231 config CRYPTO_SIMD
239 tristate 232 tristate
240 select CRYPTO_CRYPTD 233 select CRYPTO_CRYPTD
241 234
242 config CRYPTO_ENGINE 235 config CRYPTO_ENGINE
243 tristate 236 tristate
244 237
245 endmenu !! 238 comment "Public-key cryptography"
246 <<
247 menu "Public-key cryptography" <<
248 239
249 config CRYPTO_RSA 240 config CRYPTO_RSA
250 tristate "RSA (Rivest-Shamir-Adleman)" !! 241 tristate "RSA algorithm"
251 select CRYPTO_AKCIPHER 242 select CRYPTO_AKCIPHER
252 select CRYPTO_MANAGER 243 select CRYPTO_MANAGER
253 select MPILIB 244 select MPILIB
254 select ASN1 245 select ASN1
255 help 246 help
256 RSA (Rivest-Shamir-Adleman) public k !! 247 Generic implementation of the RSA public key algorithm.
257 248
258 config CRYPTO_DH 249 config CRYPTO_DH
259 tristate "DH (Diffie-Hellman)" !! 250 tristate "Diffie-Hellman algorithm"
260 select CRYPTO_KPP 251 select CRYPTO_KPP
261 select MPILIB 252 select MPILIB
262 help 253 help
263 DH (Diffie-Hellman) key exchange alg !! 254 Generic implementation of the Diffie-Hellman algorithm.
264 255
265 config CRYPTO_DH_RFC7919_GROUPS 256 config CRYPTO_DH_RFC7919_GROUPS
266 bool "RFC 7919 FFDHE groups" !! 257 bool "Support for RFC 7919 FFDHE group parameters"
267 depends on CRYPTO_DH 258 depends on CRYPTO_DH
268 select CRYPTO_RNG_DEFAULT 259 select CRYPTO_RNG_DEFAULT
269 help 260 help
270 FFDHE (Finite-Field-based Diffie-Hel !! 261 Provide support for RFC 7919 FFDHE group parameters. If unsure, say N.
271 defined in RFC7919. <<
272 <<
273 Support these finite-field groups in <<
274 - ffdhe2048, ffdhe3072, ffdhe4096, f <<
275 <<
276 If unsure, say N. <<
277 262
278 config CRYPTO_ECC 263 config CRYPTO_ECC
279 tristate 264 tristate
280 select CRYPTO_RNG_DEFAULT 265 select CRYPTO_RNG_DEFAULT
281 266
282 config CRYPTO_ECDH 267 config CRYPTO_ECDH
283 tristate "ECDH (Elliptic Curve Diffie- !! 268 tristate "ECDH algorithm"
284 select CRYPTO_ECC 269 select CRYPTO_ECC
285 select CRYPTO_KPP 270 select CRYPTO_KPP
286 help 271 help
287 ECDH (Elliptic Curve Diffie-Hellman) !! 272 Generic implementation of the ECDH algorithm
288 using curves P-192, P-256, and P-384 <<
289 273
290 config CRYPTO_ECDSA 274 config CRYPTO_ECDSA
291 tristate "ECDSA (Elliptic Curve Digita !! 275 tristate "ECDSA (NIST P192, P256 etc.) algorithm"
292 select CRYPTO_ECC 276 select CRYPTO_ECC
293 select CRYPTO_AKCIPHER 277 select CRYPTO_AKCIPHER
294 select ASN1 278 select ASN1
295 help 279 help
296 ECDSA (Elliptic Curve Digital Signat !! 280 Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
297 ISO/IEC 14888-3) !! 281 is A NIST cryptographic standard algorithm. Only signature verification
298 using curves P-192, P-256, and P-384 !! 282 is implemented.
299 <<
300 Only signature verification is imple <<
301 283
302 config CRYPTO_ECRDSA 284 config CRYPTO_ECRDSA
303 tristate "EC-RDSA (Elliptic Curve Russ !! 285 tristate "EC-RDSA (GOST 34.10) algorithm"
304 select CRYPTO_ECC 286 select CRYPTO_ECC
305 select CRYPTO_AKCIPHER 287 select CRYPTO_AKCIPHER
306 select CRYPTO_STREEBOG 288 select CRYPTO_STREEBOG
307 select OID_REGISTRY 289 select OID_REGISTRY
308 select ASN1 290 select ASN1
309 help 291 help
310 Elliptic Curve Russian Digital Signa 292 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
311 RFC 7091, ISO/IEC 14888-3) !! 293 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
>> 294 standard algorithms (called GOST algorithms). Only signature verification
>> 295 is implemented.
312 296
313 One of the Russian cryptographic sta !! 297 config CRYPTO_SM2
314 algorithms). Only signature verifica !! 298 tristate "SM2 algorithm"
>> 299 select CRYPTO_SM3
>> 300 select CRYPTO_AKCIPHER
>> 301 select CRYPTO_MANAGER
>> 302 select MPILIB
>> 303 select ASN1
>> 304 help
>> 305 Generic implementation of the SM2 public key algorithm. It was
>> 306 published by State Encryption Management Bureau, China.
>> 307 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
>> 308
>> 309 References:
>> 310 https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
>> 311 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
>> 312 http://www.gmbz.org.cn/main/bzlb.html
315 313
316 config CRYPTO_CURVE25519 314 config CRYPTO_CURVE25519
317 tristate "Curve25519" !! 315 tristate "Curve25519 algorithm"
318 select CRYPTO_KPP 316 select CRYPTO_KPP
319 select CRYPTO_LIB_CURVE25519_GENERIC 317 select CRYPTO_LIB_CURVE25519_GENERIC
320 help <<
321 Curve25519 elliptic curve (RFC7748) <<
322 <<
323 endmenu <<
324 <<
325 menu "Block ciphers" <<
326 <<
327 config CRYPTO_AES <<
328 tristate "AES (Advanced Encryption Sta <<
329 select CRYPTO_ALGAPI <<
330 select CRYPTO_LIB_AES <<
331 help <<
332 AES cipher algorithms (Rijndael)(FIP <<
333 <<
334 Rijndael appears to be consistently <<
335 both hardware and software across a <<
336 environments regardless of its use i <<
337 modes. Its key setup time is excelle <<
338 good. Rijndael's very low memory req <<
339 suited for restricted-space environm <<
340 demonstrates excellent performance. <<
341 among the easiest to defend against <<
342 318
343 The AES specifies three key sizes: 1 !! 319 config CRYPTO_CURVE25519_X86
344 !! 320 tristate "x86_64 accelerated Curve25519 scalar multiplication library"
345 config CRYPTO_AES_TI !! 321 depends on X86 && 64BIT
346 tristate "AES (Advanced Encryption Sta !! 322 select CRYPTO_LIB_CURVE25519_GENERIC
347 select CRYPTO_ALGAPI !! 323 select CRYPTO_ARCH_HAVE_LIB_CURVE25519
348 select CRYPTO_LIB_AES <<
349 help <<
350 AES cipher algorithms (Rijndael)(FIP <<
351 <<
352 This is a generic implementation of <<
353 data dependent latencies as much as <<
354 performance too much. It is intended <<
355 and GCM drivers, and other CTR or CM <<
356 solely on encryption (although decry <<
357 with a more dramatic performance hit <<
358 <<
359 Instead of using 16 lookup tables of <<
360 8 for decryption), this implementati <<
361 256 bytes each, and attempts to elim <<
362 prefetching the entire table into th <<
363 block. Interrupts are also disabled <<
364 are evicted when the CPU is interrup <<
365 <<
366 config CRYPTO_ANUBIS <<
367 tristate "Anubis" <<
368 depends on CRYPTO_USER_API_ENABLE_OBSO <<
369 select CRYPTO_ALGAPI <<
370 help <<
371 Anubis cipher algorithm <<
372 <<
373 Anubis is a variable key length ciph <<
374 128 bits to 320 bits in length. It <<
375 in the NESSIE competition. <<
376 <<
377 See https://web.archive.org/web/2016 <<
378 for further information. <<
379 <<
380 config CRYPTO_ARIA <<
381 tristate "ARIA" <<
382 select CRYPTO_ALGAPI <<
383 help <<
384 ARIA cipher algorithm (RFC5794) <<
385 <<
386 ARIA is a standard encryption algori <<
387 The ARIA specifies three key sizes a <<
388 128-bit: 12 rounds. <<
389 192-bit: 14 rounds. <<
390 256-bit: 16 rounds. <<
391 324
392 See: !! 325 comment "Authenticated Encryption with Associated Data"
393 https://seed.kisa.or.kr/kisa/algorit <<
394 326
395 config CRYPTO_BLOWFISH !! 327 config CRYPTO_CCM
396 tristate "Blowfish" !! 328 tristate "CCM support"
397 select CRYPTO_ALGAPI !! 329 select CRYPTO_CTR
398 select CRYPTO_BLOWFISH_COMMON !! 330 select CRYPTO_HASH
>> 331 select CRYPTO_AEAD
>> 332 select CRYPTO_MANAGER
399 help 333 help
400 Blowfish cipher algorithm, by Bruce !! 334 Support for Counter with CBC MAC. Required for IPsec.
401 335
402 This is a variable key length cipher !! 336 config CRYPTO_GCM
403 bits to 448 bits in length. It's fa !! 337 tristate "GCM/GMAC support"
404 designed for use on "large microproc !! 338 select CRYPTO_CTR
405 !! 339 select CRYPTO_AEAD
406 See https://www.schneier.com/blowfis !! 340 select CRYPTO_GHASH
407 !! 341 select CRYPTO_NULL
408 config CRYPTO_BLOWFISH_COMMON !! 342 select CRYPTO_MANAGER
409 tristate <<
410 help 343 help
411 Common parts of the Blowfish cipher !! 344 Support for Galois/Counter Mode (GCM) and Galois Message
412 generic c and the assembler implemen !! 345 Authentication Code (GMAC). Required for IPSec.
413 346
414 config CRYPTO_CAMELLIA !! 347 config CRYPTO_CHACHA20POLY1305
415 tristate "Camellia" !! 348 tristate "ChaCha20-Poly1305 AEAD support"
416 select CRYPTO_ALGAPI !! 349 select CRYPTO_CHACHA20
>> 350 select CRYPTO_POLY1305
>> 351 select CRYPTO_AEAD
>> 352 select CRYPTO_MANAGER
417 help 353 help
418 Camellia cipher algorithms (ISO/IEC !! 354 ChaCha20-Poly1305 AEAD support, RFC7539.
419 <<
420 Camellia is a symmetric key block ci <<
421 at NTT and Mitsubishi Electric Corpo <<
422 <<
423 The Camellia specifies three key siz <<
424 355
425 See https://info.isl.ntt.co.jp/crypt !! 356 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
>> 357 with the Poly1305 authenticator. It is defined in RFC7539 for use in
>> 358 IETF protocols.
426 359
427 config CRYPTO_CAST_COMMON !! 360 config CRYPTO_AEGIS128
428 tristate !! 361 tristate "AEGIS-128 AEAD algorithm"
429 help !! 362 select CRYPTO_AEAD
430 Common parts of the CAST cipher algo !! 363 select CRYPTO_AES # for AES S-box tables
431 generic c and the assembler implemen <<
432 <<
433 config CRYPTO_CAST5 <<
434 tristate "CAST5 (CAST-128)" <<
435 select CRYPTO_ALGAPI <<
436 select CRYPTO_CAST_COMMON <<
437 help 364 help
438 CAST5 (CAST-128) cipher algorithm (R !! 365 Support for the AEGIS-128 dedicated AEAD algorithm.
439 366
440 config CRYPTO_CAST6 !! 367 config CRYPTO_AEGIS128_SIMD
441 tristate "CAST6 (CAST-256)" !! 368 bool "Support SIMD acceleration for AEGIS-128"
442 select CRYPTO_ALGAPI !! 369 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
443 select CRYPTO_CAST_COMMON !! 370 default y
444 help <<
445 CAST6 (CAST-256) encryption algorith <<
446 371
447 config CRYPTO_DES !! 372 config CRYPTO_AEGIS128_AESNI_SSE2
448 tristate "DES and Triple DES EDE" !! 373 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
449 select CRYPTO_ALGAPI !! 374 depends on X86 && 64BIT
450 select CRYPTO_LIB_DES !! 375 select CRYPTO_AEAD
>> 376 select CRYPTO_SIMD
451 help 377 help
452 DES (Data Encryption Standard)(FIPS !! 378 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
453 Triple DES EDE (Encrypt/Decrypt/Encr <<
454 cipher algorithms <<
455 379
456 config CRYPTO_FCRYPT !! 380 config CRYPTO_SEQIV
457 tristate "FCrypt" !! 381 tristate "Sequence Number IV Generator"
458 select CRYPTO_ALGAPI !! 382 select CRYPTO_AEAD
459 select CRYPTO_SKCIPHER 383 select CRYPTO_SKCIPHER
460 help !! 384 select CRYPTO_NULL
461 FCrypt algorithm used by RxRPC !! 385 select CRYPTO_RNG_DEFAULT
462 <<
463 See https://ota.polyonymo.us/fcrypt- <<
464 <<
465 config CRYPTO_KHAZAD <<
466 tristate "Khazad" <<
467 depends on CRYPTO_USER_API_ENABLE_OBSO <<
468 select CRYPTO_ALGAPI <<
469 help <<
470 Khazad cipher algorithm <<
471 <<
472 Khazad was a finalist in the initial <<
473 an algorithm optimized for 64-bit pr <<
474 on 32-bit processors. Khazad uses a <<
475 <<
476 See https://web.archive.org/web/2017 <<
477 for further information. <<
478 <<
479 config CRYPTO_SEED <<
480 tristate "SEED" <<
481 depends on CRYPTO_USER_API_ENABLE_OBSO <<
482 select CRYPTO_ALGAPI <<
483 help <<
484 SEED cipher algorithm (RFC4269, ISO/ <<
485 <<
486 SEED is a 128-bit symmetric key bloc <<
487 developed by KISA (Korea Information <<
488 national standard encryption algorit <<
489 It is a 16 round block cipher with t <<
490 <<
491 See https://seed.kisa.or.kr/kisa/alg <<
492 for further information. <<
493 <<
494 config CRYPTO_SERPENT <<
495 tristate "Serpent" <<
496 select CRYPTO_ALGAPI <<
497 help <<
498 Serpent cipher algorithm, by Anderso <<
499 <<
500 Keys are allowed to be from 0 to 256 <<
501 of 8 bits. <<
502 <<
503 See https://www.cl.cam.ac.uk/~rja14/ <<
504 <<
505 config CRYPTO_SM4 <<
506 tristate <<
507 <<
508 config CRYPTO_SM4_GENERIC <<
509 tristate "SM4 (ShangMi 4)" <<
510 select CRYPTO_ALGAPI <<
511 select CRYPTO_SM4 <<
512 help <<
513 SM4 cipher algorithms (OSCCA GB/T 32 <<
514 ISO/IEC 18033-3:2010/Amd 1:2021) <<
515 <<
516 SM4 (GBT.32907-2016) is a cryptograp <<
517 Organization of State Commercial Adm <<
518 as an authorized cryptographic algor <<
519 <<
520 SMS4 was originally created for use <<
521 networks, and is mandated in the Chi <<
522 Wireless LAN WAPI (Wired Authenticat <<
523 (GB.15629.11-2003). <<
524 <<
525 The latest SM4 standard (GBT.32907-2 <<
526 standardized through TC 260 of the S <<
527 of the People's Republic of China (S <<
528 <<
529 The input, output, and key of SMS4 a <<
530 <<
531 See https://eprint.iacr.org/2008/329 <<
532 <<
533 If unsure, say N. <<
534 <<
535 config CRYPTO_TEA <<
536 tristate "TEA, XTEA and XETA" <<
537 depends on CRYPTO_USER_API_ENABLE_OBSO <<
538 select CRYPTO_ALGAPI <<
539 help <<
540 TEA (Tiny Encryption Algorithm) ciph <<
541 <<
542 Tiny Encryption Algorithm is a simpl <<
543 many rounds for security. It is ver <<
544 little memory. <<
545 <<
546 Xtendend Tiny Encryption Algorithm i <<
547 the TEA algorithm to address a poten <<
548 in the TEA algorithm. <<
549 <<
550 Xtendend Encryption Tiny Algorithm i <<
551 of the XTEA algorithm for compatibil <<
552 <<
553 config CRYPTO_TWOFISH <<
554 tristate "Twofish" <<
555 select CRYPTO_ALGAPI <<
556 select CRYPTO_TWOFISH_COMMON <<
557 help <<
558 Twofish cipher algorithm <<
559 <<
560 Twofish was submitted as an AES (Adv <<
561 candidate cipher by researchers at C <<
562 16 round block cipher supporting key <<
563 bits. <<
564 <<
565 See https://www.schneier.com/twofish <<
566 <<
567 config CRYPTO_TWOFISH_COMMON <<
568 tristate <<
569 help <<
570 Common parts of the Twofish cipher a <<
571 generic c and the assembler implemen <<
572 <<
573 endmenu <<
574 <<
575 menu "Length-preserving ciphers and modes" <<
576 <<
577 config CRYPTO_ADIANTUM <<
578 tristate "Adiantum" <<
579 select CRYPTO_CHACHA20 <<
580 select CRYPTO_LIB_POLY1305_GENERIC <<
581 select CRYPTO_NHPOLY1305 <<
582 select CRYPTO_MANAGER 386 select CRYPTO_MANAGER
583 help 387 help
584 Adiantum tweakable, length-preservin !! 388 This IV generator generates an IV based on a sequence number by
585 !! 389 xoring it with a salt. This algorithm is mainly useful for CTR
586 Designed for fast and secure disk en <<
587 CPUs without dedicated crypto instru <<
588 each sector using the XChaCha12 stre <<
589 an ε-almost-∆-universal hash func <<
590 the AES-256 block cipher on a single <<
591 without AES instructions, Adiantum i <<
592 AES-XTS. <<
593 <<
594 Adiantum's security is provably redu <<
595 underlying stream and block ciphers, <<
596 bound. Unlike XTS, Adiantum is a tr <<
597 mode, so it actually provides an eve <<
598 security than XTS, subject to the se <<
599 <<
600 If unsure, say N. <<
601 390
602 config CRYPTO_ARC4 !! 391 config CRYPTO_ECHAINIV
603 tristate "ARC4 (Alleged Rivest Cipher !! 392 tristate "Encrypted Chain IV Generator"
604 depends on CRYPTO_USER_API_ENABLE_OBSO !! 393 select CRYPTO_AEAD
605 select CRYPTO_SKCIPHER !! 394 select CRYPTO_NULL
606 select CRYPTO_LIB_ARC4 !! 395 select CRYPTO_RNG_DEFAULT
>> 396 select CRYPTO_MANAGER
607 help 397 help
608 ARC4 cipher algorithm !! 398 This IV generator generates an IV based on the encryption of
>> 399 a sequence number xored with a salt. This is the default
>> 400 algorithm for CBC.
609 401
610 ARC4 is a stream cipher using keys r !! 402 comment "Block modes"
611 bits in length. This algorithm is r <<
612 WEP, but it should not be for other <<
613 weakness of the algorithm. <<
614 403
615 config CRYPTO_CHACHA20 !! 404 config CRYPTO_CBC
616 tristate "ChaCha" !! 405 tristate "CBC support"
617 select CRYPTO_LIB_CHACHA_GENERIC <<
618 select CRYPTO_SKCIPHER 406 select CRYPTO_SKCIPHER
>> 407 select CRYPTO_MANAGER
619 help 408 help
620 The ChaCha20, XChaCha20, and XChaCha !! 409 CBC: Cipher Block Chaining mode
621 !! 410 This block cipher algorithm is required for IPSec.
622 ChaCha20 is a 256-bit high-speed str <<
623 Bernstein and further specified in R <<
624 This is the portable C implementatio <<
625 https://cr.yp.to/chacha/chacha-20080 <<
626 <<
627 XChaCha20 is the application of the <<
628 rather than to Salsa20. XChaCha20 e <<
629 from 64 bits (or 96 bits using the R <<
630 while provably retaining ChaCha20's <<
631 https://cr.yp.to/snuffle/xsalsa-2008 <<
632 411
633 XChaCha12 is XChaCha20 reduced to 12 !! 412 config CRYPTO_CFB
634 reduced security margin but increase !! 413 tristate "CFB support"
635 in some performance-sensitive scenar <<
636 <<
637 config CRYPTO_CBC <<
638 tristate "CBC (Cipher Block Chaining)" <<
639 select CRYPTO_SKCIPHER 414 select CRYPTO_SKCIPHER
640 select CRYPTO_MANAGER 415 select CRYPTO_MANAGER
641 help 416 help
642 CBC (Cipher Block Chaining) mode (NI !! 417 CFB: Cipher FeedBack mode
643 !! 418 This block cipher algorithm is required for TPM2 Cryptography.
644 This block cipher mode is required f <<
645 419
646 config CRYPTO_CTR 420 config CRYPTO_CTR
647 tristate "CTR (Counter)" !! 421 tristate "CTR support"
648 select CRYPTO_SKCIPHER 422 select CRYPTO_SKCIPHER
649 select CRYPTO_MANAGER 423 select CRYPTO_MANAGER
650 help 424 help
651 CTR (Counter) mode (NIST SP800-38A) !! 425 CTR: Counter mode
>> 426 This block cipher algorithm is required for IPSec.
652 427
653 config CRYPTO_CTS 428 config CRYPTO_CTS
654 tristate "CTS (Cipher Text Stealing)" !! 429 tristate "CTS support"
655 select CRYPTO_SKCIPHER 430 select CRYPTO_SKCIPHER
656 select CRYPTO_MANAGER 431 select CRYPTO_MANAGER
657 help 432 help
658 CBC-CS3 variant of CTS (Cipher Text !! 433 CTS: Cipher Text Stealing
659 Addendum to SP800-38A (October 2010) !! 434 This is the Cipher Text Stealing mode as described by
660 !! 435 Section 8 of rfc2040 and referenced by rfc3962
>> 436 (rfc3962 includes errata information in its Appendix A) or
>> 437 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
661 This mode is required for Kerberos g 438 This mode is required for Kerberos gss mechanism support
662 for AES encryption. 439 for AES encryption.
663 440
664 config CRYPTO_ECB !! 441 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
665 tristate "ECB (Electronic Codebook)" <<
666 select CRYPTO_SKCIPHER2 <<
667 select CRYPTO_MANAGER <<
668 help <<
669 ECB (Electronic Codebook) mode (NIST <<
670 442
671 config CRYPTO_HCTR2 !! 443 config CRYPTO_ECB
672 tristate "HCTR2" !! 444 tristate "ECB support"
673 select CRYPTO_XCTR <<
674 select CRYPTO_POLYVAL <<
675 select CRYPTO_MANAGER <<
676 help <<
677 HCTR2 length-preserving encryption m <<
678 <<
679 A mode for storage encryption that i <<
680 instructions to accelerate AES and c <<
681 x86 processors with AES-NI and CLMUL <<
682 ARMv8 crypto extensions. <<
683 <<
684 See https://eprint.iacr.org/2021/144 <<
685 <<
686 config CRYPTO_KEYWRAP <<
687 tristate "KW (AES Key Wrap)" <<
688 select CRYPTO_SKCIPHER 445 select CRYPTO_SKCIPHER
689 select CRYPTO_MANAGER 446 select CRYPTO_MANAGER
690 help 447 help
691 KW (AES Key Wrap) authenticated encr !! 448 ECB: Electronic CodeBook mode
692 and RFC3394) without padding. !! 449 This is the simplest block cipher algorithm. It simply encrypts
>> 450 the input block by block.
693 451
694 config CRYPTO_LRW 452 config CRYPTO_LRW
695 tristate "LRW (Liskov Rivest Wagner)" !! 453 tristate "LRW support"
696 select CRYPTO_LIB_GF128MUL <<
697 select CRYPTO_SKCIPHER 454 select CRYPTO_SKCIPHER
698 select CRYPTO_MANAGER 455 select CRYPTO_MANAGER
>> 456 select CRYPTO_GF128MUL
699 select CRYPTO_ECB 457 select CRYPTO_ECB
700 help 458 help
701 LRW (Liskov Rivest Wagner) mode !! 459 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
702 <<
703 A tweakable, non malleable, non mova <<
704 narrow block cipher mode for dm-cryp 460 narrow block cipher mode for dm-crypt. Use it with cipher
705 specification string aes-lrw-benbi, 461 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
706 The first 128, 192 or 256 bits in th 462 The first 128, 192 or 256 bits in the key are used for AES and the
707 rest is used to tie each cipher bloc 463 rest is used to tie each cipher block to its logical position.
708 464
709 See https://people.csail.mit.edu/riv !! 465 config CRYPTO_OFB
>> 466 tristate "OFB support"
>> 467 select CRYPTO_SKCIPHER
>> 468 select CRYPTO_MANAGER
>> 469 help
>> 470 OFB: the Output Feedback mode makes a block cipher into a synchronous
>> 471 stream cipher. It generates keystream blocks, which are then XORed
>> 472 with the plaintext blocks to get the ciphertext. Flipping a bit in the
>> 473 ciphertext produces a flipped bit in the plaintext at the same
>> 474 location. This property allows many error correcting codes to function
>> 475 normally even when applied before encryption.
710 476
711 config CRYPTO_PCBC 477 config CRYPTO_PCBC
712 tristate "PCBC (Propagating Cipher Blo !! 478 tristate "PCBC support"
713 select CRYPTO_SKCIPHER 479 select CRYPTO_SKCIPHER
714 select CRYPTO_MANAGER 480 select CRYPTO_MANAGER
715 help 481 help
716 PCBC (Propagating Cipher Block Chain !! 482 PCBC: Propagating Cipher Block Chaining mode
717 !! 483 This block cipher algorithm is required for RxRPC.
718 This block cipher mode is required f <<
719 484
720 config CRYPTO_XCTR 485 config CRYPTO_XCTR
721 tristate 486 tristate
722 select CRYPTO_SKCIPHER 487 select CRYPTO_SKCIPHER
723 select CRYPTO_MANAGER 488 select CRYPTO_MANAGER
724 help 489 help
725 XCTR (XOR Counter) mode for HCTR2 !! 490 XCTR: XOR Counter mode. This blockcipher mode is a variant of CTR mode
726 !! 491 using XORs and little-endian addition rather than big-endian arithmetic.
727 This blockcipher mode is a variant o <<
728 addition rather than big-endian arit <<
729 <<
730 XCTR mode is used to implement HCTR2 492 XCTR mode is used to implement HCTR2.
731 493
732 config CRYPTO_XTS 494 config CRYPTO_XTS
733 tristate "XTS (XOR Encrypt XOR with ci !! 495 tristate "XTS support"
734 select CRYPTO_SKCIPHER 496 select CRYPTO_SKCIPHER
735 select CRYPTO_MANAGER 497 select CRYPTO_MANAGER
736 select CRYPTO_ECB 498 select CRYPTO_ECB
737 help 499 help
738 XTS (XOR Encrypt XOR with ciphertext !! 500 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
739 and IEEE 1619) !! 501 key size 256, 384 or 512 bits. This implementation currently
>> 502 can't handle a sectorsize which is not a multiple of 16 bytes.
740 503
741 Use with aes-xts-plain, key size 256 !! 504 config CRYPTO_KEYWRAP
742 implementation currently can't handl !! 505 tristate "Key wrapping support"
743 multiple of 16 bytes. !! 506 select CRYPTO_SKCIPHER
>> 507 select CRYPTO_MANAGER
>> 508 help
>> 509 Support for key wrapping (NIST SP800-38F / RFC3394) without
>> 510 padding.
744 511
745 config CRYPTO_NHPOLY1305 512 config CRYPTO_NHPOLY1305
746 tristate 513 tristate
747 select CRYPTO_HASH 514 select CRYPTO_HASH
748 select CRYPTO_LIB_POLY1305_GENERIC 515 select CRYPTO_LIB_POLY1305_GENERIC
749 516
750 endmenu !! 517 config CRYPTO_NHPOLY1305_SSE2
751 !! 518 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
752 menu "AEAD (authenticated encryption with asso !! 519 depends on X86 && 64BIT
753 !! 520 select CRYPTO_NHPOLY1305
754 config CRYPTO_AEGIS128 <<
755 tristate "AEGIS-128" <<
756 select CRYPTO_AEAD <<
757 select CRYPTO_AES # for AES S-box tab <<
758 help 521 help
759 AEGIS-128 AEAD algorithm !! 522 SSE2 optimized implementation of the hash function used by the
>> 523 Adiantum encryption mode.
760 524
761 config CRYPTO_AEGIS128_SIMD !! 525 config CRYPTO_NHPOLY1305_AVX2
762 bool "AEGIS-128 (arm NEON, arm64 NEON) !! 526 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
763 depends on CRYPTO_AEGIS128 && ((ARM || !! 527 depends on X86 && 64BIT
764 default y !! 528 select CRYPTO_NHPOLY1305
765 help 529 help
766 AEGIS-128 AEAD algorithm !! 530 AVX2 optimized implementation of the hash function used by the
767 !! 531 Adiantum encryption mode.
768 Architecture: arm or arm64 using: <<
769 - NEON (Advanced SIMD) extension <<
770 532
771 config CRYPTO_CHACHA20POLY1305 !! 533 config CRYPTO_ADIANTUM
772 tristate "ChaCha20-Poly1305" !! 534 tristate "Adiantum support"
773 select CRYPTO_CHACHA20 535 select CRYPTO_CHACHA20
774 select CRYPTO_POLY1305 !! 536 select CRYPTO_LIB_POLY1305_GENERIC
775 select CRYPTO_AEAD !! 537 select CRYPTO_NHPOLY1305
776 select CRYPTO_MANAGER <<
777 help <<
778 ChaCha20 stream cipher and Poly1305 <<
779 mode (RFC8439) <<
780 <<
781 config CRYPTO_CCM <<
782 tristate "CCM (Counter with Cipher Blo <<
783 select CRYPTO_CTR <<
784 select CRYPTO_HASH <<
785 select CRYPTO_AEAD <<
786 select CRYPTO_MANAGER 538 select CRYPTO_MANAGER
787 help 539 help
788 CCM (Counter with Cipher Block Chain !! 540 Adiantum is a tweakable, length-preserving encryption mode
789 authenticated encryption mode (NIST !! 541 designed for fast and secure disk encryption, especially on
>> 542 CPUs without dedicated crypto instructions. It encrypts
>> 543 each sector using the XChaCha12 stream cipher, two passes of
>> 544 an ε-almost-∆-universal hash function, and an invocation of
>> 545 the AES-256 block cipher on a single 16-byte block. On CPUs
>> 546 without AES instructions, Adiantum is much faster than
>> 547 AES-XTS.
790 548
791 config CRYPTO_GCM !! 549 Adiantum's security is provably reducible to that of its
792 tristate "GCM (Galois/Counter Mode) an !! 550 underlying stream and block ciphers, subject to a security
793 select CRYPTO_CTR !! 551 bound. Unlike XTS, Adiantum is a true wide-block encryption
794 select CRYPTO_AEAD !! 552 mode, so it actually provides an even stronger notion of
795 select CRYPTO_GHASH !! 553 security than XTS, subject to the security bound.
796 select CRYPTO_NULL <<
797 select CRYPTO_MANAGER <<
798 help <<
799 GCM (Galois/Counter Mode) authentica <<
800 (GCM Message Authentication Code) (N <<
801 554
802 This is required for IPSec ESP (XFRM !! 555 If unsure, say N.
803 556
804 config CRYPTO_GENIV !! 557 config CRYPTO_HCTR2
805 tristate !! 558 tristate "HCTR2 support"
806 select CRYPTO_AEAD !! 559 select CRYPTO_XCTR
807 select CRYPTO_NULL !! 560 select CRYPTO_POLYVAL
808 select CRYPTO_MANAGER 561 select CRYPTO_MANAGER
809 select CRYPTO_RNG_DEFAULT <<
810 <<
811 config CRYPTO_SEQIV <<
812 tristate "Sequence Number IV Generator <<
813 select CRYPTO_GENIV <<
814 help <<
815 Sequence Number IV generator <<
816 <<
817 This IV generator generates an IV ba <<
818 xoring it with a salt. This algorit <<
819 <<
820 This is required for IPsec ESP (XFRM <<
821 <<
822 config CRYPTO_ECHAINIV <<
823 tristate "Encrypted Chain IV Generator <<
824 select CRYPTO_GENIV <<
825 help 562 help
826 Encrypted Chain IV generator !! 563 HCTR2 is a length-preserving encryption mode for storage encryption that
827 !! 564 is efficient on processors with instructions to accelerate AES and
828 This IV generator generates an IV ba !! 565 carryless multiplication, e.g. x86 processors with AES-NI and CLMUL, and
829 a sequence number xored with a salt. !! 566 ARM processors with the ARMv8 crypto extensions.
830 algorithm for CBC. <<
831 567
832 config CRYPTO_ESSIV 568 config CRYPTO_ESSIV
833 tristate "Encrypted Salt-Sector IV Gen !! 569 tristate "ESSIV support for block encryption"
834 select CRYPTO_AUTHENC 570 select CRYPTO_AUTHENC
835 help 571 help
836 Encrypted Salt-Sector IV generator !! 572 Encrypted salt-sector initialization vector (ESSIV) is an IV
837 !! 573 generation method that is used in some cases by fscrypt and/or
838 This IV generator is used in some ca <<
839 dm-crypt. It uses the hash of the bl 574 dm-crypt. It uses the hash of the block encryption key as the
840 symmetric key for a block encryption 575 symmetric key for a block encryption pass applied to the input
841 IV, making low entropy IV sources mo 576 IV, making low entropy IV sources more suitable for block
842 encryption. 577 encryption.
843 578
844 This driver implements a crypto API 579 This driver implements a crypto API template that can be
845 instantiated either as an skcipher o 580 instantiated either as an skcipher or as an AEAD (depending on the
846 type of the first template argument) 581 type of the first template argument), and which defers encryption
847 and decryption requests to the encap 582 and decryption requests to the encapsulated cipher after applying
848 ESSIV to the input IV. Note that in 583 ESSIV to the input IV. Note that in the AEAD case, it is assumed
849 that the keys are presented in the s 584 that the keys are presented in the same format used by the authenc
850 template, and that the IV appears at 585 template, and that the IV appears at the end of the authenticated
851 associated data (AAD) region (which 586 associated data (AAD) region (which is how dm-crypt uses it.)
852 587
853 Note that the use of ESSIV is not re 588 Note that the use of ESSIV is not recommended for new deployments,
854 and so this only needs to be enabled 589 and so this only needs to be enabled when interoperability with
855 existing encrypted volumes of filesy 590 existing encrypted volumes of filesystems is required, or when
856 building for a particular system tha 591 building for a particular system that requires it (e.g., when
857 the SoC in question has accelerated 592 the SoC in question has accelerated CBC but not XTS, making CBC
858 combined with ESSIV the only feasibl 593 combined with ESSIV the only feasible mode for h/w accelerated
859 block encryption) 594 block encryption)
860 595
861 endmenu !! 596 comment "Hash modes"
862 597
863 menu "Hashes, digests, and MACs" !! 598 config CRYPTO_CMAC
>> 599 tristate "CMAC support"
>> 600 select CRYPTO_HASH
>> 601 select CRYPTO_MANAGER
>> 602 help
>> 603 Cipher-based Message Authentication Code (CMAC) specified by
>> 604 The National Institute of Standards and Technology (NIST).
864 605
865 config CRYPTO_BLAKE2B !! 606 https://tools.ietf.org/html/rfc4493
866 tristate "BLAKE2b" !! 607 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
>> 608
>> 609 config CRYPTO_HMAC
>> 610 tristate "HMAC support"
867 select CRYPTO_HASH 611 select CRYPTO_HASH
>> 612 select CRYPTO_MANAGER
868 help 613 help
869 BLAKE2b cryptographic hash function !! 614 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
>> 615 This is required for IPSec.
870 616
871 BLAKE2b is optimized for 64-bit plat !! 617 config CRYPTO_XCBC
872 of any size between 1 and 64 bytes. !! 618 tristate "XCBC support"
>> 619 select CRYPTO_HASH
>> 620 select CRYPTO_MANAGER
>> 621 help
>> 622 XCBC: Keyed-Hashing with encryption algorithm
>> 623 https://www.ietf.org/rfc/rfc3566.txt
>> 624 http://csrc.nist.gov/encryption/modes/proposedmodes/
>> 625 xcbc-mac/xcbc-mac-spec.pdf
873 626
874 This module provides the following a !! 627 config CRYPTO_VMAC
875 - blake2b-160 !! 628 tristate "VMAC support"
876 - blake2b-256 !! 629 select CRYPTO_HASH
877 - blake2b-384 !! 630 select CRYPTO_MANAGER
878 - blake2b-512 !! 631 help
>> 632 VMAC is a message authentication algorithm designed for
>> 633 very high speed on 64-bit architectures.
879 634
880 Used by the btrfs filesystem. !! 635 See also:
>> 636 <https://fastcrypto.org/vmac>
881 637
882 See https://blake2.net for further i !! 638 comment "Digest"
883 639
884 config CRYPTO_CMAC !! 640 config CRYPTO_CRC32C
885 tristate "CMAC (Cipher-based MAC)" !! 641 tristate "CRC32c CRC algorithm"
886 select CRYPTO_HASH 642 select CRYPTO_HASH
887 select CRYPTO_MANAGER !! 643 select CRC32
>> 644 help
>> 645 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
>> 646 by iSCSI for header and data digests and by others.
>> 647 See Castagnoli93. Module will be crc32c.
>> 648
>> 649 config CRYPTO_CRC32C_INTEL
>> 650 tristate "CRC32c INTEL hardware acceleration"
>> 651 depends on X86
>> 652 select CRYPTO_HASH
>> 653 help
>> 654 In Intel processor with SSE4.2 supported, the processor will
>> 655 support CRC32C implementation using hardware accelerated CRC32
>> 656 instruction. This option will create 'crc32c-intel' module,
>> 657 which will enable any routine to use the CRC32 instruction to
>> 658 gain performance compared with software implementation.
>> 659 Module will be crc32c-intel.
>> 660
>> 661 config CRYPTO_CRC32C_VPMSUM
>> 662 tristate "CRC32c CRC algorithm (powerpc64)"
>> 663 depends on PPC64 && ALTIVEC
>> 664 select CRYPTO_HASH
>> 665 select CRC32
888 help 666 help
889 CMAC (Cipher-based Message Authentic !! 667 CRC32c algorithm implemented using vector polynomial multiply-sum
890 mode (NIST SP800-38B and IETF RFC449 !! 668 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
>> 669 and newer processors for improved performance.
891 670
892 config CRYPTO_GHASH !! 671
893 tristate "GHASH" !! 672 config CRYPTO_CRC32C_SPARC64
>> 673 tristate "CRC32c CRC algorithm (SPARC64)"
>> 674 depends on SPARC64
894 select CRYPTO_HASH 675 select CRYPTO_HASH
895 select CRYPTO_LIB_GF128MUL !! 676 select CRC32
896 help 677 help
897 GCM GHASH function (NIST SP800-38D) !! 678 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
>> 679 when available.
898 680
899 config CRYPTO_HMAC !! 681 config CRYPTO_CRC32
900 tristate "HMAC (Keyed-Hash MAC)" !! 682 tristate "CRC32 CRC algorithm"
901 select CRYPTO_HASH 683 select CRYPTO_HASH
902 select CRYPTO_MANAGER !! 684 select CRC32
>> 685 help
>> 686 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
>> 687 Shash crypto api wrappers to crc32_le function.
>> 688
>> 689 config CRYPTO_CRC32_PCLMUL
>> 690 tristate "CRC32 PCLMULQDQ hardware acceleration"
>> 691 depends on X86
>> 692 select CRYPTO_HASH
>> 693 select CRC32
>> 694 help
>> 695 From Intel Westmere and AMD Bulldozer processor with SSE4.2
>> 696 and PCLMULQDQ supported, the processor will support
>> 697 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
>> 698 instruction. This option will create 'crc32-pclmul' module,
>> 699 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
>> 700 and gain better performance as compared with the table implementation.
>> 701
>> 702 config CRYPTO_CRC32_MIPS
>> 703 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
>> 704 depends on MIPS_CRC_SUPPORT
>> 705 select CRYPTO_HASH
>> 706 help
>> 707 CRC32c and CRC32 CRC algorithms implemented using mips crypto
>> 708 instructions, when available.
>> 709
>> 710 config CRYPTO_CRC32_S390
>> 711 tristate "CRC-32 algorithms"
>> 712 depends on S390
>> 713 select CRYPTO_HASH
>> 714 select CRC32
903 help 715 help
904 HMAC (Keyed-Hash Message Authenticat !! 716 Select this option if you want to use hardware accelerated
905 RFC2104) !! 717 implementations of CRC algorithms. With this option, you
>> 718 can optimize the computation of CRC-32 (IEEE 802.3 Ethernet)
>> 719 and CRC-32C (Castagnoli).
906 720
907 This is required for IPsec AH (XFRM_ !! 721 It is available with IBM z13 or later.
908 722
909 config CRYPTO_MD4 !! 723 config CRYPTO_XXHASH
910 tristate "MD4" !! 724 tristate "xxHash hash algorithm"
911 select CRYPTO_HASH 725 select CRYPTO_HASH
>> 726 select XXHASH
912 help 727 help
913 MD4 message digest algorithm (RFC132 !! 728 xxHash non-cryptographic hash algorithm. Extremely fast, working at
>> 729 speeds close to RAM limits.
914 730
915 config CRYPTO_MD5 !! 731 config CRYPTO_BLAKE2B
916 tristate "MD5" !! 732 tristate "BLAKE2b digest algorithm"
917 select CRYPTO_HASH 733 select CRYPTO_HASH
918 help 734 help
919 MD5 message digest algorithm (RFC132 !! 735 Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
>> 736 optimized for 64bit platforms and can produce digests of any size
>> 737 between 1 to 64. The keyed hash is also implemented.
920 738
921 config CRYPTO_MICHAEL_MIC !! 739 This module provides the following algorithms:
922 tristate "Michael MIC" !! 740
>> 741 - blake2b-160
>> 742 - blake2b-256
>> 743 - blake2b-384
>> 744 - blake2b-512
>> 745
>> 746 See https://blake2.net for further information.
>> 747
>> 748 config CRYPTO_BLAKE2S_X86
>> 749 bool "BLAKE2s digest algorithm (x86 accelerated version)"
>> 750 depends on X86 && 64BIT
>> 751 select CRYPTO_LIB_BLAKE2S_GENERIC
>> 752 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
>> 753
>> 754 config CRYPTO_CRCT10DIF
>> 755 tristate "CRCT10DIF algorithm"
>> 756 select CRYPTO_HASH
>> 757 help
>> 758 CRC T10 Data Integrity Field computation is being cast as
>> 759 a crypto transform. This allows for faster crc t10 diff
>> 760 transforms to be used if they are available.
>> 761
>> 762 config CRYPTO_CRCT10DIF_PCLMUL
>> 763 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
>> 764 depends on X86 && 64BIT && CRC_T10DIF
923 select CRYPTO_HASH 765 select CRYPTO_HASH
924 help 766 help
925 Michael MIC (Message Integrity Code) !! 767 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
>> 768 CRC T10 DIF PCLMULQDQ computation can be hardware
>> 769 accelerated PCLMULQDQ instruction. This option will create
>> 770 'crct10dif-pclmul' module, which is faster when computing the
>> 771 crct10dif checksum as compared with the generic table implementation.
926 772
927 Defined by the IEEE 802.11i TKIP (Te !! 773 config CRYPTO_CRCT10DIF_VPMSUM
928 known as WPA (Wif-Fi Protected Acces !! 774 tristate "CRC32T10DIF powerpc64 hardware acceleration"
>> 775 depends on PPC64 && ALTIVEC && CRC_T10DIF
>> 776 select CRYPTO_HASH
>> 777 help
>> 778 CRC10T10DIF algorithm implemented using vector polynomial
>> 779 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
>> 780 POWER8 and newer processors for improved performance.
929 781
930 This algorithm is required for TKIP, !! 782 config CRYPTO_CRC64_ROCKSOFT
931 other purposes because of the weakne !! 783 tristate "Rocksoft Model CRC64 algorithm"
>> 784 depends on CRC64
>> 785 select CRYPTO_HASH
>> 786
>> 787 config CRYPTO_VPMSUM_TESTER
>> 788 tristate "Powerpc64 vpmsum hardware acceleration tester"
>> 789 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
>> 790 help
>> 791 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
>> 792 POWER8 vpmsum instructions.
>> 793 Unless you are testing these algorithms, you don't need this.
>> 794
>> 795 config CRYPTO_GHASH
>> 796 tristate "GHASH hash function"
>> 797 select CRYPTO_GF128MUL
>> 798 select CRYPTO_HASH
>> 799 help
>> 800 GHASH is the hash function used in GCM (Galois/Counter Mode).
>> 801 It is not a general-purpose cryptographic hash function.
932 802
933 config CRYPTO_POLYVAL 803 config CRYPTO_POLYVAL
934 tristate 804 tristate
>> 805 select CRYPTO_GF128MUL
935 select CRYPTO_HASH 806 select CRYPTO_HASH
936 select CRYPTO_LIB_GF128MUL <<
937 help 807 help
938 POLYVAL hash function for HCTR2 !! 808 POLYVAL is the hash function used in HCTR2. It is not a general-purpose
939 <<
940 This is used in HCTR2. It is not a <<
941 cryptographic hash function. 809 cryptographic hash function.
942 810
>> 811 config CRYPTO_POLYVAL_CLMUL_NI
>> 812 tristate "POLYVAL hash function (CLMUL-NI accelerated)"
>> 813 depends on X86 && 64BIT
>> 814 select CRYPTO_POLYVAL
>> 815 help
>> 816 This is the x86_64 CLMUL-NI accelerated implementation of POLYVAL. It is
>> 817 used to efficiently implement HCTR2 on x86-64 processors that support
>> 818 carry-less multiplication instructions.
>> 819
943 config CRYPTO_POLY1305 820 config CRYPTO_POLY1305
944 tristate "Poly1305" !! 821 tristate "Poly1305 authenticator algorithm"
945 select CRYPTO_HASH 822 select CRYPTO_HASH
946 select CRYPTO_LIB_POLY1305_GENERIC 823 select CRYPTO_LIB_POLY1305_GENERIC
947 help 824 help
948 Poly1305 authenticator algorithm (RF !! 825 Poly1305 authenticator algorithm, RFC7539.
949 826
950 Poly1305 is an authenticator algorit 827 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
951 It is used for the ChaCha20-Poly1305 828 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
952 in IETF protocols. This is the porta 829 in IETF protocols. This is the portable C implementation of Poly1305.
953 830
>> 831 config CRYPTO_POLY1305_X86_64
>> 832 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
>> 833 depends on X86 && 64BIT
>> 834 select CRYPTO_LIB_POLY1305_GENERIC
>> 835 select CRYPTO_ARCH_HAVE_LIB_POLY1305
>> 836 help
>> 837 Poly1305 authenticator algorithm, RFC7539.
>> 838
>> 839 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
>> 840 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
>> 841 in IETF protocols. This is the x86_64 assembler implementation using SIMD
>> 842 instructions.
>> 843
>> 844 config CRYPTO_POLY1305_MIPS
>> 845 tristate "Poly1305 authenticator algorithm (MIPS optimized)"
>> 846 depends on MIPS
>> 847 select CRYPTO_ARCH_HAVE_LIB_POLY1305
>> 848
>> 849 config CRYPTO_MD4
>> 850 tristate "MD4 digest algorithm"
>> 851 select CRYPTO_HASH
>> 852 help
>> 853 MD4 message digest algorithm (RFC1320).
>> 854
>> 855 config CRYPTO_MD5
>> 856 tristate "MD5 digest algorithm"
>> 857 select CRYPTO_HASH
>> 858 help
>> 859 MD5 message digest algorithm (RFC1321).
>> 860
>> 861 config CRYPTO_MD5_OCTEON
>> 862 tristate "MD5 digest algorithm (OCTEON)"
>> 863 depends on CPU_CAVIUM_OCTEON
>> 864 select CRYPTO_MD5
>> 865 select CRYPTO_HASH
>> 866 help
>> 867 MD5 message digest algorithm (RFC1321) implemented
>> 868 using OCTEON crypto instructions, when available.
>> 869
>> 870 config CRYPTO_MD5_PPC
>> 871 tristate "MD5 digest algorithm (PPC)"
>> 872 depends on PPC
>> 873 select CRYPTO_HASH
>> 874 help
>> 875 MD5 message digest algorithm (RFC1321) implemented
>> 876 in PPC assembler.
>> 877
>> 878 config CRYPTO_MD5_SPARC64
>> 879 tristate "MD5 digest algorithm (SPARC64)"
>> 880 depends on SPARC64
>> 881 select CRYPTO_MD5
>> 882 select CRYPTO_HASH
>> 883 help
>> 884 MD5 message digest algorithm (RFC1321) implemented
>> 885 using sparc64 crypto instructions, when available.
>> 886
>> 887 config CRYPTO_MICHAEL_MIC
>> 888 tristate "Michael MIC keyed digest algorithm"
>> 889 select CRYPTO_HASH
>> 890 help
>> 891 Michael MIC is used for message integrity protection in TKIP
>> 892 (IEEE 802.11i). This algorithm is required for TKIP, but it
>> 893 should not be used for other purposes because of the weakness
>> 894 of the algorithm.
>> 895
954 config CRYPTO_RMD160 896 config CRYPTO_RMD160
955 tristate "RIPEMD-160" !! 897 tristate "RIPEMD-160 digest algorithm"
956 select CRYPTO_HASH 898 select CRYPTO_HASH
957 help 899 help
958 RIPEMD-160 hash function (ISO/IEC 10 !! 900 RIPEMD-160 (ISO/IEC 10118-3:2004).
959 901
960 RIPEMD-160 is a 160-bit cryptographi 902 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
961 to be used as a secure replacement f 903 to be used as a secure replacement for the 128-bit hash functions
962 MD4, MD5 and its predecessor RIPEMD 904 MD4, MD5 and its predecessor RIPEMD
963 (not to be confused with RIPEMD-128) 905 (not to be confused with RIPEMD-128).
964 906
965 Its speed is comparable to SHA-1 and !! 907 It's speed is comparable to SHA1 and there are no known attacks
966 against RIPEMD-160. 908 against RIPEMD-160.
967 909
968 Developed by Hans Dobbertin, Antoon 910 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
969 See https://homes.esat.kuleuven.be/~ !! 911 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
970 for further information. <<
971 912
972 config CRYPTO_SHA1 913 config CRYPTO_SHA1
973 tristate "SHA-1" !! 914 tristate "SHA1 digest algorithm"
974 select CRYPTO_HASH 915 select CRYPTO_HASH
975 select CRYPTO_LIB_SHA1 916 select CRYPTO_LIB_SHA1
976 help 917 help
977 SHA-1 secure hash algorithm (FIPS 18 !! 918 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
>> 919
>> 920 config CRYPTO_SHA1_SSSE3
>> 921 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
>> 922 depends on X86 && 64BIT
>> 923 select CRYPTO_SHA1
>> 924 select CRYPTO_HASH
>> 925 help
>> 926 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 927 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
>> 928 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
>> 929 when available.
>> 930
>> 931 config CRYPTO_SHA256_SSSE3
>> 932 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
>> 933 depends on X86 && 64BIT
>> 934 select CRYPTO_SHA256
>> 935 select CRYPTO_HASH
>> 936 help
>> 937 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 938 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 939 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 940 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
>> 941 Instructions) when available.
>> 942
>> 943 config CRYPTO_SHA512_SSSE3
>> 944 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
>> 945 depends on X86 && 64BIT
>> 946 select CRYPTO_SHA512
>> 947 select CRYPTO_HASH
>> 948 help
>> 949 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 950 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
>> 951 Extensions version 1 (AVX1), or Advanced Vector Extensions
>> 952 version 2 (AVX2) instructions, when available.
>> 953
>> 954 config CRYPTO_SHA512_S390
>> 955 tristate "SHA384 and SHA512 digest algorithm"
>> 956 depends on S390
>> 957 select CRYPTO_HASH
>> 958 help
>> 959 This is the s390 hardware accelerated implementation of the
>> 960 SHA512 secure hash standard.
>> 961
>> 962 It is available as of z10.
>> 963
>> 964 config CRYPTO_SHA1_OCTEON
>> 965 tristate "SHA1 digest algorithm (OCTEON)"
>> 966 depends on CPU_CAVIUM_OCTEON
>> 967 select CRYPTO_SHA1
>> 968 select CRYPTO_HASH
>> 969 help
>> 970 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 971 using OCTEON crypto instructions, when available.
>> 972
>> 973 config CRYPTO_SHA1_SPARC64
>> 974 tristate "SHA1 digest algorithm (SPARC64)"
>> 975 depends on SPARC64
>> 976 select CRYPTO_SHA1
>> 977 select CRYPTO_HASH
>> 978 help
>> 979 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
>> 980 using sparc64 crypto instructions, when available.
>> 981
>> 982 config CRYPTO_SHA1_PPC
>> 983 tristate "SHA1 digest algorithm (powerpc)"
>> 984 depends on PPC
>> 985 help
>> 986 This is the powerpc hardware accelerated implementation of the
>> 987 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
>> 988
>> 989 config CRYPTO_SHA1_PPC_SPE
>> 990 tristate "SHA1 digest algorithm (PPC SPE)"
>> 991 depends on PPC && SPE
>> 992 help
>> 993 SHA-1 secure hash standard (DFIPS 180-4) implemented
>> 994 using powerpc SPE SIMD instruction set.
>> 995
>> 996 config CRYPTO_SHA1_S390
>> 997 tristate "SHA1 digest algorithm"
>> 998 depends on S390
>> 999 select CRYPTO_HASH
>> 1000 help
>> 1001 This is the s390 hardware accelerated implementation of the
>> 1002 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
>> 1003
>> 1004 It is available as of z990.
978 1005
979 config CRYPTO_SHA256 1006 config CRYPTO_SHA256
980 tristate "SHA-224 and SHA-256" !! 1007 tristate "SHA224 and SHA256 digest algorithm"
981 select CRYPTO_HASH 1008 select CRYPTO_HASH
982 select CRYPTO_LIB_SHA256 1009 select CRYPTO_LIB_SHA256
983 help 1010 help
984 SHA-224 and SHA-256 secure hash algo !! 1011 SHA256 secure hash standard (DFIPS 180-2).
>> 1012
>> 1013 This version of SHA implements a 256 bit hash with 128 bits of
>> 1014 security against collision attacks.
985 1015
986 This is required for IPsec AH (XFRM_ !! 1016 This code also includes SHA-224, a 224 bit hash with 112 bits
987 Used by the btrfs filesystem, Ceph, !! 1017 of security against collision attacks.
>> 1018
>> 1019 config CRYPTO_SHA256_PPC_SPE
>> 1020 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
>> 1021 depends on PPC && SPE
>> 1022 select CRYPTO_SHA256
>> 1023 select CRYPTO_HASH
>> 1024 help
>> 1025 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
>> 1026 implemented using powerpc SPE SIMD instruction set.
>> 1027
>> 1028 config CRYPTO_SHA256_OCTEON
>> 1029 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
>> 1030 depends on CPU_CAVIUM_OCTEON
>> 1031 select CRYPTO_SHA256
>> 1032 select CRYPTO_HASH
>> 1033 help
>> 1034 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 1035 using OCTEON crypto instructions, when available.
>> 1036
>> 1037 config CRYPTO_SHA256_SPARC64
>> 1038 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
>> 1039 depends on SPARC64
>> 1040 select CRYPTO_SHA256
>> 1041 select CRYPTO_HASH
>> 1042 help
>> 1043 SHA-256 secure hash standard (DFIPS 180-2) implemented
>> 1044 using sparc64 crypto instructions, when available.
>> 1045
>> 1046 config CRYPTO_SHA256_S390
>> 1047 tristate "SHA256 digest algorithm"
>> 1048 depends on S390
>> 1049 select CRYPTO_HASH
>> 1050 help
>> 1051 This is the s390 hardware accelerated implementation of the
>> 1052 SHA256 secure hash standard (DFIPS 180-2).
>> 1053
>> 1054 It is available as of z9.
988 1055
989 config CRYPTO_SHA512 1056 config CRYPTO_SHA512
990 tristate "SHA-384 and SHA-512" !! 1057 tristate "SHA384 and SHA512 digest algorithms"
>> 1058 select CRYPTO_HASH
>> 1059 help
>> 1060 SHA512 secure hash standard (DFIPS 180-2).
>> 1061
>> 1062 This version of SHA implements a 512 bit hash with 256 bits of
>> 1063 security against collision attacks.
>> 1064
>> 1065 This code also includes SHA-384, a 384 bit hash with 192 bits
>> 1066 of security against collision attacks.
>> 1067
>> 1068 config CRYPTO_SHA512_OCTEON
>> 1069 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
>> 1070 depends on CPU_CAVIUM_OCTEON
>> 1071 select CRYPTO_SHA512
>> 1072 select CRYPTO_HASH
>> 1073 help
>> 1074 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 1075 using OCTEON crypto instructions, when available.
>> 1076
>> 1077 config CRYPTO_SHA512_SPARC64
>> 1078 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
>> 1079 depends on SPARC64
>> 1080 select CRYPTO_SHA512
991 select CRYPTO_HASH 1081 select CRYPTO_HASH
992 help 1082 help
993 SHA-384 and SHA-512 secure hash algo !! 1083 SHA-512 secure hash standard (DFIPS 180-2) implemented
>> 1084 using sparc64 crypto instructions, when available.
994 1085
995 config CRYPTO_SHA3 1086 config CRYPTO_SHA3
996 tristate "SHA-3" !! 1087 tristate "SHA3 digest algorithm"
>> 1088 select CRYPTO_HASH
>> 1089 help
>> 1090 SHA-3 secure hash standard (DFIPS 202). It's based on
>> 1091 cryptographic sponge function family called Keccak.
>> 1092
>> 1093 References:
>> 1094 http://keccak.noekeon.org/
>> 1095
>> 1096 config CRYPTO_SHA3_256_S390
>> 1097 tristate "SHA3_224 and SHA3_256 digest algorithm"
>> 1098 depends on S390
997 select CRYPTO_HASH 1099 select CRYPTO_HASH
998 help 1100 help
999 SHA-3 secure hash algorithms (FIPS 2 !! 1101 This is the s390 hardware accelerated implementation of the
>> 1102 SHA3_256 secure hash standard.
>> 1103
>> 1104 It is available as of z14.
>> 1105
>> 1106 config CRYPTO_SHA3_512_S390
>> 1107 tristate "SHA3_384 and SHA3_512 digest algorithm"
>> 1108 depends on S390
>> 1109 select CRYPTO_HASH
>> 1110 help
>> 1111 This is the s390 hardware accelerated implementation of the
>> 1112 SHA3_512 secure hash standard.
>> 1113
>> 1114 It is available as of z14.
1000 1115
1001 config CRYPTO_SM3 1116 config CRYPTO_SM3
1002 tristate 1117 tristate
1003 1118
1004 config CRYPTO_SM3_GENERIC 1119 config CRYPTO_SM3_GENERIC
1005 tristate "SM3 (ShangMi 3)" !! 1120 tristate "SM3 digest algorithm"
1006 select CRYPTO_HASH 1121 select CRYPTO_HASH
1007 select CRYPTO_SM3 1122 select CRYPTO_SM3
1008 help 1123 help
1009 SM3 (ShangMi 3) secure hash functio !! 1124 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1010 !! 1125 It is part of the Chinese Commercial Cryptography suite.
1011 This is part of the Chinese Commerc <<
1012 1126
1013 References: 1127 References:
1014 http://www.oscca.gov.cn/UpFile/2010 1128 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1015 https://datatracker.ietf.org/doc/ht 1129 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1016 1130
1017 config CRYPTO_STREEBOG !! 1131 config CRYPTO_SM3_AVX_X86_64
1018 tristate "Streebog" !! 1132 tristate "SM3 digest algorithm (x86_64/AVX)"
>> 1133 depends on X86 && 64BIT
1019 select CRYPTO_HASH 1134 select CRYPTO_HASH
>> 1135 select CRYPTO_SM3
1020 help 1136 help
1021 Streebog Hash Function (GOST R 34.1 !! 1137 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
>> 1138 It is part of the Chinese Commercial Cryptography suite. This is
>> 1139 SM3 optimized implementation using Advanced Vector Extensions (AVX)
>> 1140 when available.
>> 1141
>> 1142 If unsure, say N.
1022 1143
1023 This is one of the Russian cryptogr !! 1144 config CRYPTO_STREEBOG
1024 GOST algorithms). This setting enab !! 1145 tristate "Streebog Hash Function"
1025 256 and 512 bits output. !! 1146 select CRYPTO_HASH
>> 1147 help
>> 1148 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
>> 1149 cryptographic standard algorithms (called GOST algorithms).
>> 1150 This setting enables two hash algorithms with 256 and 512 bits output.
1026 1151
1027 References: 1152 References:
1028 https://tc26.ru/upload/iblock/fed/f 1153 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1029 https://tools.ietf.org/html/rfc6986 1154 https://tools.ietf.org/html/rfc6986
1030 1155
1031 config CRYPTO_VMAC !! 1156 config CRYPTO_WP512
1032 tristate "VMAC" !! 1157 tristate "Whirlpool digest algorithms"
1033 select CRYPTO_HASH 1158 select CRYPTO_HASH
1034 select CRYPTO_MANAGER <<
1035 help 1159 help
1036 VMAC is a message authentication al !! 1160 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1037 very high speed on 64-bit architect <<
1038 1161
1039 See https://fastcrypto.org/vmac for !! 1162 Whirlpool-512 is part of the NESSIE cryptographic primitives.
>> 1163 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1040 1164
1041 config CRYPTO_WP512 !! 1165 See also:
1042 tristate "Whirlpool" !! 1166 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
>> 1167
>> 1168 config CRYPTO_GHASH_CLMUL_NI_INTEL
>> 1169 tristate "GHASH hash function (CLMUL-NI accelerated)"
>> 1170 depends on X86 && 64BIT
>> 1171 select CRYPTO_CRYPTD
>> 1172 help
>> 1173 This is the x86_64 CLMUL-NI accelerated implementation of
>> 1174 GHASH, the hash function used in GCM (Galois/Counter mode).
>> 1175
>> 1176 config CRYPTO_GHASH_S390
>> 1177 tristate "GHASH hash function"
>> 1178 depends on S390
1043 select CRYPTO_HASH 1179 select CRYPTO_HASH
1044 help 1180 help
1045 Whirlpool hash function (ISO/IEC 10 !! 1181 This is the s390 hardware accelerated implementation of GHASH,
>> 1182 the hash function used in GCM (Galois/Counter mode).
1046 1183
1047 512, 384 and 256-bit hashes. !! 1184 It is available as of z196.
1048 1185
1049 Whirlpool-512 is part of the NESSIE !! 1186 comment "Ciphers"
1050 1187
1051 See https://web.archive.org/web/201 !! 1188 config CRYPTO_AES
1052 for further information. !! 1189 tristate "AES cipher algorithms"
>> 1190 select CRYPTO_ALGAPI
>> 1191 select CRYPTO_LIB_AES
>> 1192 help
>> 1193 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1194 algorithm.
1053 1195
1054 config CRYPTO_XCBC !! 1196 Rijndael appears to be consistently a very good performer in
1055 tristate "XCBC-MAC (Extended Cipher B !! 1197 both hardware and software across a wide range of computing
1056 select CRYPTO_HASH !! 1198 environments regardless of its use in feedback or non-feedback
1057 select CRYPTO_MANAGER !! 1199 modes. Its key setup time is excellent, and its key agility is
>> 1200 good. Rijndael's very low memory requirements make it very well
>> 1201 suited for restricted-space environments, in which it also
>> 1202 demonstrates excellent performance. Rijndael's operations are
>> 1203 among the easiest to defend against power and timing attacks.
>> 1204
>> 1205 The AES specifies three key sizes: 128, 192 and 256 bits
>> 1206
>> 1207 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
>> 1208
>> 1209 config CRYPTO_AES_TI
>> 1210 tristate "Fixed time AES cipher"
>> 1211 select CRYPTO_ALGAPI
>> 1212 select CRYPTO_LIB_AES
1058 help 1213 help
1059 XCBC-MAC (Extended Cipher Block Cha !! 1214 This is a generic implementation of AES that attempts to eliminate
1060 Code) (RFC3566) !! 1215 data dependent latencies as much as possible without affecting
>> 1216 performance too much. It is intended for use by the generic CCM
>> 1217 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
>> 1218 solely on encryption (although decryption is supported as well, but
>> 1219 with a more dramatic performance hit)
1061 1220
1062 config CRYPTO_XXHASH !! 1221 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1063 tristate "xxHash" !! 1222 8 for decryption), this implementation only uses just two S-boxes of
1064 select CRYPTO_HASH !! 1223 256 bytes each, and attempts to eliminate data dependent latencies by
1065 select XXHASH !! 1224 prefetching the entire table into the cache at the start of each
>> 1225 block. Interrupts are also disabled to avoid races where cachelines
>> 1226 are evicted when the CPU is interrupted to do something else.
>> 1227
>> 1228 config CRYPTO_AES_NI_INTEL
>> 1229 tristate "AES cipher algorithms (AES-NI)"
>> 1230 depends on X86
>> 1231 select CRYPTO_AEAD
>> 1232 select CRYPTO_LIB_AES
>> 1233 select CRYPTO_ALGAPI
>> 1234 select CRYPTO_SKCIPHER
>> 1235 select CRYPTO_SIMD
1066 help 1236 help
1067 xxHash non-cryptographic hash algor !! 1237 Use Intel AES-NI instructions for AES algorithm.
1068 1238
1069 Extremely fast, working at speeds c !! 1239 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1240 algorithm.
1070 1241
1071 Used by the btrfs filesystem. !! 1242 Rijndael appears to be consistently a very good performer in
>> 1243 both hardware and software across a wide range of computing
>> 1244 environments regardless of its use in feedback or non-feedback
>> 1245 modes. Its key setup time is excellent, and its key agility is
>> 1246 good. Rijndael's very low memory requirements make it very well
>> 1247 suited for restricted-space environments, in which it also
>> 1248 demonstrates excellent performance. Rijndael's operations are
>> 1249 among the easiest to defend against power and timing attacks.
1072 1250
1073 endmenu !! 1251 The AES specifies three key sizes: 128, 192 and 256 bits
1074 1252
1075 menu "CRCs (cyclic redundancy checks)" !! 1253 See <http://csrc.nist.gov/encryption/aes/> for more information.
1076 1254
1077 config CRYPTO_CRC32C !! 1255 In addition to AES cipher algorithm support, the acceleration
1078 tristate "CRC32c" !! 1256 for some popular block cipher mode is supported too, including
1079 select CRYPTO_HASH !! 1257 ECB, CBC, LRW, XTS. The 64 bit version has additional
1080 select CRC32 !! 1258 acceleration for CTR and XCTR.
>> 1259
>> 1260 config CRYPTO_AES_SPARC64
>> 1261 tristate "AES cipher algorithms (SPARC64)"
>> 1262 depends on SPARC64
>> 1263 select CRYPTO_SKCIPHER
1081 help 1264 help
1082 CRC32c CRC algorithm with the iSCSI !! 1265 Use SPARC64 crypto opcodes for AES algorithm.
>> 1266
>> 1267 AES cipher algorithms (FIPS-197). AES uses the Rijndael
>> 1268 algorithm.
>> 1269
>> 1270 Rijndael appears to be consistently a very good performer in
>> 1271 both hardware and software across a wide range of computing
>> 1272 environments regardless of its use in feedback or non-feedback
>> 1273 modes. Its key setup time is excellent, and its key agility is
>> 1274 good. Rijndael's very low memory requirements make it very well
>> 1275 suited for restricted-space environments, in which it also
>> 1276 demonstrates excellent performance. Rijndael's operations are
>> 1277 among the easiest to defend against power and timing attacks.
1083 1278
1084 A 32-bit CRC (cyclic redundancy che !! 1279 The AES specifies three key sizes: 128, 192 and 256 bits
1085 by G. Castagnoli, S. Braeuer and M. <<
1086 Redundancy-Check Codes with 24 and <<
1087 on Communications, Vol. 41, No. 6, <<
1088 iSCSI. <<
1089 1280
1090 Used by btrfs, ext4, jbd2, NVMeoF/T !! 1281 See <http://csrc.nist.gov/encryption/aes/> for more information.
1091 1282
1092 config CRYPTO_CRC32 !! 1283 In addition to AES cipher algorithm support, the acceleration
1093 tristate "CRC32" !! 1284 for some popular block cipher mode is supported too, including
1094 select CRYPTO_HASH !! 1285 ECB and CBC.
1095 select CRC32 !! 1286
>> 1287 config CRYPTO_AES_PPC_SPE
>> 1288 tristate "AES cipher algorithms (PPC SPE)"
>> 1289 depends on PPC && SPE
>> 1290 select CRYPTO_SKCIPHER
1096 help 1291 help
1097 CRC32 CRC algorithm (IEEE 802.3) !! 1292 AES cipher algorithms (FIPS-197). Additionally the acceleration
>> 1293 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
>> 1294 This module should only be used for low power (router) devices
>> 1295 without hardware AES acceleration (e.g. caam crypto). It reduces the
>> 1296 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
>> 1297 timining attacks. Nevertheless it might be not as secure as other
>> 1298 architecture specific assembler implementations that work on 1KB
>> 1299 tables or 256 bytes S-boxes.
>> 1300
>> 1301 config CRYPTO_AES_S390
>> 1302 tristate "AES cipher algorithms"
>> 1303 depends on S390
>> 1304 select CRYPTO_ALGAPI
>> 1305 select CRYPTO_SKCIPHER
>> 1306 help
>> 1307 This is the s390 hardware accelerated implementation of the
>> 1308 AES cipher algorithms (FIPS-197).
1098 1309
1099 Used by RoCEv2 and f2fs. !! 1310 As of z9 the ECB and CBC modes are hardware accelerated
>> 1311 for 128 bit keys.
>> 1312 As of z10 the ECB and CBC modes are hardware accelerated
>> 1313 for all AES key sizes.
>> 1314 As of z196 the CTR mode is hardware accelerated for all AES
>> 1315 key sizes and XTS mode is hardware accelerated for 256 and
>> 1316 512 bit keys.
1100 1317
1101 config CRYPTO_CRCT10DIF !! 1318 config CRYPTO_ANUBIS
1102 tristate "CRCT10DIF" !! 1319 tristate "Anubis cipher algorithm"
1103 select CRYPTO_HASH !! 1320 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
>> 1321 select CRYPTO_ALGAPI
1104 help 1322 help
1105 CRC16 CRC algorithm used for the T1 !! 1323 Anubis cipher algorithm.
1106 1324
1107 CRC algorithm used by the SCSI Bloc !! 1325 Anubis is a variable key length cipher which can use keys from
>> 1326 128 bits to 320 bits in length. It was evaluated as a entrant
>> 1327 in the NESSIE competition.
1108 1328
1109 config CRYPTO_CRC64_ROCKSOFT !! 1329 See also:
1110 tristate "CRC64 based on Rocksoft Mod !! 1330 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1111 depends on CRC64 !! 1331 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1112 select CRYPTO_HASH !! 1332
>> 1333 config CRYPTO_ARC4
>> 1334 tristate "ARC4 cipher algorithm"
>> 1335 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
>> 1336 select CRYPTO_SKCIPHER
>> 1337 select CRYPTO_LIB_ARC4
>> 1338 help
>> 1339 ARC4 cipher algorithm.
>> 1340
>> 1341 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
>> 1342 bits in length. This algorithm is required for driver-based
>> 1343 WEP, but it should not be for other purposes because of the
>> 1344 weakness of the algorithm.
>> 1345
>> 1346 config CRYPTO_BLOWFISH
>> 1347 tristate "Blowfish cipher algorithm"
>> 1348 select CRYPTO_ALGAPI
>> 1349 select CRYPTO_BLOWFISH_COMMON
>> 1350 help
>> 1351 Blowfish cipher algorithm, by Bruce Schneier.
>> 1352
>> 1353 This is a variable key length cipher which can use keys from 32
>> 1354 bits to 448 bits in length. It's fast, simple and specifically
>> 1355 designed for use on "large microprocessors".
>> 1356
>> 1357 See also:
>> 1358 <https://www.schneier.com/blowfish.html>
>> 1359
>> 1360 config CRYPTO_BLOWFISH_COMMON
>> 1361 tristate
>> 1362 help
>> 1363 Common parts of the Blowfish cipher algorithm shared by the
>> 1364 generic c and the assembler implementations.
>> 1365
>> 1366 See also:
>> 1367 <https://www.schneier.com/blowfish.html>
>> 1368
>> 1369 config CRYPTO_BLOWFISH_X86_64
>> 1370 tristate "Blowfish cipher algorithm (x86_64)"
>> 1371 depends on X86 && 64BIT
>> 1372 select CRYPTO_SKCIPHER
>> 1373 select CRYPTO_BLOWFISH_COMMON
>> 1374 imply CRYPTO_CTR
>> 1375 help
>> 1376 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
>> 1377
>> 1378 This is a variable key length cipher which can use keys from 32
>> 1379 bits to 448 bits in length. It's fast, simple and specifically
>> 1380 designed for use on "large microprocessors".
>> 1381
>> 1382 See also:
>> 1383 <https://www.schneier.com/blowfish.html>
>> 1384
>> 1385 config CRYPTO_CAMELLIA
>> 1386 tristate "Camellia cipher algorithms"
>> 1387 select CRYPTO_ALGAPI
>> 1388 help
>> 1389 Camellia cipher algorithms module.
>> 1390
>> 1391 Camellia is a symmetric key block cipher developed jointly
>> 1392 at NTT and Mitsubishi Electric Corporation.
>> 1393
>> 1394 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1395
>> 1396 See also:
>> 1397 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1398
>> 1399 config CRYPTO_CAMELLIA_X86_64
>> 1400 tristate "Camellia cipher algorithm (x86_64)"
>> 1401 depends on X86 && 64BIT
>> 1402 select CRYPTO_SKCIPHER
>> 1403 imply CRYPTO_CTR
>> 1404 help
>> 1405 Camellia cipher algorithm module (x86_64).
>> 1406
>> 1407 Camellia is a symmetric key block cipher developed jointly
>> 1408 at NTT and Mitsubishi Electric Corporation.
>> 1409
>> 1410 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1411
>> 1412 See also:
>> 1413 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1414
>> 1415 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1416 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
>> 1417 depends on X86 && 64BIT
>> 1418 select CRYPTO_SKCIPHER
>> 1419 select CRYPTO_CAMELLIA_X86_64
>> 1420 select CRYPTO_SIMD
>> 1421 imply CRYPTO_XTS
>> 1422 help
>> 1423 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
>> 1424
>> 1425 Camellia is a symmetric key block cipher developed jointly
>> 1426 at NTT and Mitsubishi Electric Corporation.
>> 1427
>> 1428 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1429
>> 1430 See also:
>> 1431 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1432
>> 1433 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
>> 1434 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
>> 1435 depends on X86 && 64BIT
>> 1436 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
>> 1437 help
>> 1438 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
>> 1439
>> 1440 Camellia is a symmetric key block cipher developed jointly
>> 1441 at NTT and Mitsubishi Electric Corporation.
>> 1442
>> 1443 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1444
>> 1445 See also:
>> 1446 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1447
>> 1448 config CRYPTO_CAMELLIA_SPARC64
>> 1449 tristate "Camellia cipher algorithm (SPARC64)"
>> 1450 depends on SPARC64
>> 1451 select CRYPTO_ALGAPI
>> 1452 select CRYPTO_SKCIPHER
>> 1453 help
>> 1454 Camellia cipher algorithm module (SPARC64).
>> 1455
>> 1456 Camellia is a symmetric key block cipher developed jointly
>> 1457 at NTT and Mitsubishi Electric Corporation.
>> 1458
>> 1459 The Camellia specifies three key sizes: 128, 192 and 256 bits.
>> 1460
>> 1461 See also:
>> 1462 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
>> 1463
>> 1464 config CRYPTO_CAST_COMMON
>> 1465 tristate
>> 1466 help
>> 1467 Common parts of the CAST cipher algorithms shared by the
>> 1468 generic c and the assembler implementations.
>> 1469
>> 1470 config CRYPTO_CAST5
>> 1471 tristate "CAST5 (CAST-128) cipher algorithm"
>> 1472 select CRYPTO_ALGAPI
>> 1473 select CRYPTO_CAST_COMMON
>> 1474 help
>> 1475 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1476 described in RFC2144.
>> 1477
>> 1478 config CRYPTO_CAST5_AVX_X86_64
>> 1479 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
>> 1480 depends on X86 && 64BIT
>> 1481 select CRYPTO_SKCIPHER
>> 1482 select CRYPTO_CAST5
>> 1483 select CRYPTO_CAST_COMMON
>> 1484 select CRYPTO_SIMD
>> 1485 imply CRYPTO_CTR
>> 1486 help
>> 1487 The CAST5 encryption algorithm (synonymous with CAST-128) is
>> 1488 described in RFC2144.
>> 1489
>> 1490 This module provides the Cast5 cipher algorithm that processes
>> 1491 sixteen blocks parallel using the AVX instruction set.
>> 1492
>> 1493 config CRYPTO_CAST6
>> 1494 tristate "CAST6 (CAST-256) cipher algorithm"
>> 1495 select CRYPTO_ALGAPI
>> 1496 select CRYPTO_CAST_COMMON
>> 1497 help
>> 1498 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1499 described in RFC2612.
>> 1500
>> 1501 config CRYPTO_CAST6_AVX_X86_64
>> 1502 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
>> 1503 depends on X86 && 64BIT
>> 1504 select CRYPTO_SKCIPHER
>> 1505 select CRYPTO_CAST6
>> 1506 select CRYPTO_CAST_COMMON
>> 1507 select CRYPTO_SIMD
>> 1508 imply CRYPTO_XTS
>> 1509 imply CRYPTO_CTR
>> 1510 help
>> 1511 The CAST6 encryption algorithm (synonymous with CAST-256) is
>> 1512 described in RFC2612.
>> 1513
>> 1514 This module provides the Cast6 cipher algorithm that processes
>> 1515 eight blocks parallel using the AVX instruction set.
>> 1516
>> 1517 config CRYPTO_DES
>> 1518 tristate "DES and Triple DES EDE cipher algorithms"
>> 1519 select CRYPTO_ALGAPI
>> 1520 select CRYPTO_LIB_DES
>> 1521 help
>> 1522 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
>> 1523
>> 1524 config CRYPTO_DES_SPARC64
>> 1525 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
>> 1526 depends on SPARC64
>> 1527 select CRYPTO_ALGAPI
>> 1528 select CRYPTO_LIB_DES
>> 1529 select CRYPTO_SKCIPHER
>> 1530 help
>> 1531 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
>> 1532 optimized using SPARC64 crypto opcodes.
>> 1533
>> 1534 config CRYPTO_DES3_EDE_X86_64
>> 1535 tristate "Triple DES EDE cipher algorithm (x86-64)"
>> 1536 depends on X86 && 64BIT
>> 1537 select CRYPTO_SKCIPHER
>> 1538 select CRYPTO_LIB_DES
>> 1539 imply CRYPTO_CTR
>> 1540 help
>> 1541 Triple DES EDE (FIPS 46-3) algorithm.
>> 1542
>> 1543 This module provides implementation of the Triple DES EDE cipher
>> 1544 algorithm that is optimized for x86-64 processors. Two versions of
>> 1545 algorithm are provided; regular processing one input block and
>> 1546 one that processes three blocks parallel.
>> 1547
>> 1548 config CRYPTO_DES_S390
>> 1549 tristate "DES and Triple DES cipher algorithms"
>> 1550 depends on S390
>> 1551 select CRYPTO_ALGAPI
>> 1552 select CRYPTO_SKCIPHER
>> 1553 select CRYPTO_LIB_DES
>> 1554 help
>> 1555 This is the s390 hardware accelerated implementation of the
>> 1556 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
>> 1557
>> 1558 As of z990 the ECB and CBC mode are hardware accelerated.
>> 1559 As of z196 the CTR mode is hardware accelerated.
>> 1560
>> 1561 config CRYPTO_FCRYPT
>> 1562 tristate "FCrypt cipher algorithm"
>> 1563 select CRYPTO_ALGAPI
>> 1564 select CRYPTO_SKCIPHER
>> 1565 help
>> 1566 FCrypt algorithm used by RxRPC.
>> 1567
>> 1568 config CRYPTO_KHAZAD
>> 1569 tristate "Khazad cipher algorithm"
>> 1570 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
>> 1571 select CRYPTO_ALGAPI
>> 1572 help
>> 1573 Khazad cipher algorithm.
>> 1574
>> 1575 Khazad was a finalist in the initial NESSIE competition. It is
>> 1576 an algorithm optimized for 64-bit processors with good performance
>> 1577 on 32-bit processors. Khazad uses an 128 bit key size.
>> 1578
>> 1579 See also:
>> 1580 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
>> 1581
>> 1582 config CRYPTO_CHACHA20
>> 1583 tristate "ChaCha stream cipher algorithms"
>> 1584 select CRYPTO_LIB_CHACHA_GENERIC
>> 1585 select CRYPTO_SKCIPHER
>> 1586 help
>> 1587 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
>> 1588
>> 1589 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
>> 1590 Bernstein and further specified in RFC7539 for use in IETF protocols.
>> 1591 This is the portable C implementation of ChaCha20. See also:
>> 1592 <https://cr.yp.to/chacha/chacha-20080128.pdf>
>> 1593
>> 1594 XChaCha20 is the application of the XSalsa20 construction to ChaCha20
>> 1595 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
>> 1596 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
>> 1597 while provably retaining ChaCha20's security. See also:
>> 1598 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
>> 1599
>> 1600 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
>> 1601 reduced security margin but increased performance. It can be needed
>> 1602 in some performance-sensitive scenarios.
>> 1603
>> 1604 config CRYPTO_CHACHA20_X86_64
>> 1605 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
>> 1606 depends on X86 && 64BIT
>> 1607 select CRYPTO_SKCIPHER
>> 1608 select CRYPTO_LIB_CHACHA_GENERIC
>> 1609 select CRYPTO_ARCH_HAVE_LIB_CHACHA
1113 help 1610 help
1114 CRC64 CRC algorithm based on the Ro !! 1611 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
>> 1612 XChaCha20, and XChaCha12 stream ciphers.
1115 1613
1116 Used by the NVMe implementation of !! 1614 config CRYPTO_CHACHA_MIPS
>> 1615 tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)"
>> 1616 depends on CPU_MIPS32_R2
>> 1617 select CRYPTO_SKCIPHER
>> 1618 select CRYPTO_ARCH_HAVE_LIB_CHACHA
1117 1619
1118 See https://zlib.net/crc_v3.txt !! 1620 config CRYPTO_CHACHA_S390
>> 1621 tristate "ChaCha20 stream cipher"
>> 1622 depends on S390
>> 1623 select CRYPTO_SKCIPHER
>> 1624 select CRYPTO_LIB_CHACHA_GENERIC
>> 1625 select CRYPTO_ARCH_HAVE_LIB_CHACHA
>> 1626 help
>> 1627 This is the s390 SIMD implementation of the ChaCha20 stream
>> 1628 cipher (RFC 7539).
>> 1629
>> 1630 It is available as of z13.
>> 1631
>> 1632 config CRYPTO_SEED
>> 1633 tristate "SEED cipher algorithm"
>> 1634 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
>> 1635 select CRYPTO_ALGAPI
>> 1636 help
>> 1637 SEED cipher algorithm (RFC4269).
>> 1638
>> 1639 SEED is a 128-bit symmetric key block cipher that has been
>> 1640 developed by KISA (Korea Information Security Agency) as a
>> 1641 national standard encryption algorithm of the Republic of Korea.
>> 1642 It is a 16 round block cipher with the key size of 128 bit.
1119 1643
1120 endmenu !! 1644 See also:
>> 1645 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1121 1646
1122 menu "Compression" !! 1647 config CRYPTO_ARIA
>> 1648 tristate "ARIA cipher algorithm"
>> 1649 select CRYPTO_ALGAPI
>> 1650 help
>> 1651 ARIA cipher algorithm (RFC5794).
>> 1652
>> 1653 ARIA is a standard encryption algorithm of the Republic of Korea.
>> 1654 The ARIA specifies three key sizes and rounds.
>> 1655 128-bit: 12 rounds.
>> 1656 192-bit: 14 rounds.
>> 1657 256-bit: 16 rounds.
>> 1658
>> 1659 See also:
>> 1660 <https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do>
>> 1661
>> 1662 config CRYPTO_SERPENT
>> 1663 tristate "Serpent cipher algorithm"
>> 1664 select CRYPTO_ALGAPI
>> 1665 help
>> 1666 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1667
>> 1668 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1669 of 8 bits.
>> 1670
>> 1671 See also:
>> 1672 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1673
>> 1674 config CRYPTO_SERPENT_SSE2_X86_64
>> 1675 tristate "Serpent cipher algorithm (x86_64/SSE2)"
>> 1676 depends on X86 && 64BIT
>> 1677 select CRYPTO_SKCIPHER
>> 1678 select CRYPTO_SERPENT
>> 1679 select CRYPTO_SIMD
>> 1680 imply CRYPTO_CTR
>> 1681 help
>> 1682 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1683
>> 1684 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1685 of 8 bits.
>> 1686
>> 1687 This module provides Serpent cipher algorithm that processes eight
>> 1688 blocks parallel using SSE2 instruction set.
>> 1689
>> 1690 See also:
>> 1691 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1692
>> 1693 config CRYPTO_SERPENT_SSE2_586
>> 1694 tristate "Serpent cipher algorithm (i586/SSE2)"
>> 1695 depends on X86 && !64BIT
>> 1696 select CRYPTO_SKCIPHER
>> 1697 select CRYPTO_SERPENT
>> 1698 select CRYPTO_SIMD
>> 1699 imply CRYPTO_CTR
>> 1700 help
>> 1701 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1702
>> 1703 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1704 of 8 bits.
>> 1705
>> 1706 This module provides Serpent cipher algorithm that processes four
>> 1707 blocks parallel using SSE2 instruction set.
>> 1708
>> 1709 See also:
>> 1710 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1711
>> 1712 config CRYPTO_SERPENT_AVX_X86_64
>> 1713 tristate "Serpent cipher algorithm (x86_64/AVX)"
>> 1714 depends on X86 && 64BIT
>> 1715 select CRYPTO_SKCIPHER
>> 1716 select CRYPTO_SERPENT
>> 1717 select CRYPTO_SIMD
>> 1718 imply CRYPTO_XTS
>> 1719 imply CRYPTO_CTR
>> 1720 help
>> 1721 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1722
>> 1723 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1724 of 8 bits.
>> 1725
>> 1726 This module provides the Serpent cipher algorithm that processes
>> 1727 eight blocks parallel using the AVX instruction set.
>> 1728
>> 1729 See also:
>> 1730 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1731
>> 1732 config CRYPTO_SERPENT_AVX2_X86_64
>> 1733 tristate "Serpent cipher algorithm (x86_64/AVX2)"
>> 1734 depends on X86 && 64BIT
>> 1735 select CRYPTO_SERPENT_AVX_X86_64
>> 1736 help
>> 1737 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
>> 1738
>> 1739 Keys are allowed to be from 0 to 256 bits in length, in steps
>> 1740 of 8 bits.
>> 1741
>> 1742 This module provides Serpent cipher algorithm that processes 16
>> 1743 blocks parallel using AVX2 instruction set.
>> 1744
>> 1745 See also:
>> 1746 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
>> 1747
>> 1748 config CRYPTO_SM4
>> 1749 tristate
>> 1750
>> 1751 config CRYPTO_SM4_GENERIC
>> 1752 tristate "SM4 cipher algorithm"
>> 1753 select CRYPTO_ALGAPI
>> 1754 select CRYPTO_SM4
>> 1755 help
>> 1756 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
>> 1757
>> 1758 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
>> 1759 Organization of State Commercial Administration of China (OSCCA)
>> 1760 as an authorized cryptographic algorithms for the use within China.
>> 1761
>> 1762 SMS4 was originally created for use in protecting wireless
>> 1763 networks, and is mandated in the Chinese National Standard for
>> 1764 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
>> 1765 (GB.15629.11-2003).
>> 1766
>> 1767 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
>> 1768 standardized through TC 260 of the Standardization Administration
>> 1769 of the People's Republic of China (SAC).
>> 1770
>> 1771 The input, output, and key of SMS4 are each 128 bits.
>> 1772
>> 1773 See also: <https://eprint.iacr.org/2008/329.pdf>
>> 1774
>> 1775 If unsure, say N.
>> 1776
>> 1777 config CRYPTO_SM4_AESNI_AVX_X86_64
>> 1778 tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX)"
>> 1779 depends on X86 && 64BIT
>> 1780 select CRYPTO_SKCIPHER
>> 1781 select CRYPTO_SIMD
>> 1782 select CRYPTO_ALGAPI
>> 1783 select CRYPTO_SM4
>> 1784 help
>> 1785 SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX).
>> 1786
>> 1787 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
>> 1788 Organization of State Commercial Administration of China (OSCCA)
>> 1789 as an authorized cryptographic algorithms for the use within China.
>> 1790
>> 1791 This is SM4 optimized implementation using AES-NI/AVX/x86_64
>> 1792 instruction set for block cipher. Through two affine transforms,
>> 1793 we can use the AES S-Box to simulate the SM4 S-Box to achieve the
>> 1794 effect of instruction acceleration.
>> 1795
>> 1796 If unsure, say N.
>> 1797
>> 1798 config CRYPTO_SM4_AESNI_AVX2_X86_64
>> 1799 tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX2)"
>> 1800 depends on X86 && 64BIT
>> 1801 select CRYPTO_SKCIPHER
>> 1802 select CRYPTO_SIMD
>> 1803 select CRYPTO_ALGAPI
>> 1804 select CRYPTO_SM4
>> 1805 select CRYPTO_SM4_AESNI_AVX_X86_64
>> 1806 help
>> 1807 SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX2).
>> 1808
>> 1809 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
>> 1810 Organization of State Commercial Administration of China (OSCCA)
>> 1811 as an authorized cryptographic algorithms for the use within China.
>> 1812
>> 1813 This is SM4 optimized implementation using AES-NI/AVX2/x86_64
>> 1814 instruction set for block cipher. Through two affine transforms,
>> 1815 we can use the AES S-Box to simulate the SM4 S-Box to achieve the
>> 1816 effect of instruction acceleration.
>> 1817
>> 1818 If unsure, say N.
>> 1819
>> 1820 config CRYPTO_TEA
>> 1821 tristate "TEA, XTEA and XETA cipher algorithms"
>> 1822 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
>> 1823 select CRYPTO_ALGAPI
>> 1824 help
>> 1825 TEA cipher algorithm.
>> 1826
>> 1827 Tiny Encryption Algorithm is a simple cipher that uses
>> 1828 many rounds for security. It is very fast and uses
>> 1829 little memory.
>> 1830
>> 1831 Xtendend Tiny Encryption Algorithm is a modification to
>> 1832 the TEA algorithm to address a potential key weakness
>> 1833 in the TEA algorithm.
>> 1834
>> 1835 Xtendend Encryption Tiny Algorithm is a mis-implementation
>> 1836 of the XTEA algorithm for compatibility purposes.
>> 1837
>> 1838 config CRYPTO_TWOFISH
>> 1839 tristate "Twofish cipher algorithm"
>> 1840 select CRYPTO_ALGAPI
>> 1841 select CRYPTO_TWOFISH_COMMON
>> 1842 help
>> 1843 Twofish cipher algorithm.
>> 1844
>> 1845 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1846 candidate cipher by researchers at CounterPane Systems. It is a
>> 1847 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1848 bits.
>> 1849
>> 1850 See also:
>> 1851 <https://www.schneier.com/twofish.html>
>> 1852
>> 1853 config CRYPTO_TWOFISH_COMMON
>> 1854 tristate
>> 1855 help
>> 1856 Common parts of the Twofish cipher algorithm shared by the
>> 1857 generic c and the assembler implementations.
>> 1858
>> 1859 config CRYPTO_TWOFISH_586
>> 1860 tristate "Twofish cipher algorithms (i586)"
>> 1861 depends on (X86 || UML_X86) && !64BIT
>> 1862 select CRYPTO_ALGAPI
>> 1863 select CRYPTO_TWOFISH_COMMON
>> 1864 imply CRYPTO_CTR
>> 1865 help
>> 1866 Twofish cipher algorithm.
>> 1867
>> 1868 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1869 candidate cipher by researchers at CounterPane Systems. It is a
>> 1870 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1871 bits.
>> 1872
>> 1873 See also:
>> 1874 <https://www.schneier.com/twofish.html>
>> 1875
>> 1876 config CRYPTO_TWOFISH_X86_64
>> 1877 tristate "Twofish cipher algorithm (x86_64)"
>> 1878 depends on (X86 || UML_X86) && 64BIT
>> 1879 select CRYPTO_ALGAPI
>> 1880 select CRYPTO_TWOFISH_COMMON
>> 1881 imply CRYPTO_CTR
>> 1882 help
>> 1883 Twofish cipher algorithm (x86_64).
>> 1884
>> 1885 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1886 candidate cipher by researchers at CounterPane Systems. It is a
>> 1887 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1888 bits.
>> 1889
>> 1890 See also:
>> 1891 <https://www.schneier.com/twofish.html>
>> 1892
>> 1893 config CRYPTO_TWOFISH_X86_64_3WAY
>> 1894 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
>> 1895 depends on X86 && 64BIT
>> 1896 select CRYPTO_SKCIPHER
>> 1897 select CRYPTO_TWOFISH_COMMON
>> 1898 select CRYPTO_TWOFISH_X86_64
>> 1899 help
>> 1900 Twofish cipher algorithm (x86_64, 3-way parallel).
>> 1901
>> 1902 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1903 candidate cipher by researchers at CounterPane Systems. It is a
>> 1904 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1905 bits.
>> 1906
>> 1907 This module provides Twofish cipher algorithm that processes three
>> 1908 blocks parallel, utilizing resources of out-of-order CPUs better.
>> 1909
>> 1910 See also:
>> 1911 <https://www.schneier.com/twofish.html>
>> 1912
>> 1913 config CRYPTO_TWOFISH_AVX_X86_64
>> 1914 tristate "Twofish cipher algorithm (x86_64/AVX)"
>> 1915 depends on X86 && 64BIT
>> 1916 select CRYPTO_SKCIPHER
>> 1917 select CRYPTO_SIMD
>> 1918 select CRYPTO_TWOFISH_COMMON
>> 1919 select CRYPTO_TWOFISH_X86_64
>> 1920 select CRYPTO_TWOFISH_X86_64_3WAY
>> 1921 imply CRYPTO_XTS
>> 1922 help
>> 1923 Twofish cipher algorithm (x86_64/AVX).
>> 1924
>> 1925 Twofish was submitted as an AES (Advanced Encryption Standard)
>> 1926 candidate cipher by researchers at CounterPane Systems. It is a
>> 1927 16 round block cipher supporting key sizes of 128, 192, and 256
>> 1928 bits.
>> 1929
>> 1930 This module provides the Twofish cipher algorithm that processes
>> 1931 eight blocks parallel using the AVX Instruction Set.
>> 1932
>> 1933 See also:
>> 1934 <https://www.schneier.com/twofish.html>
>> 1935
>> 1936 comment "Compression"
1123 1937
1124 config CRYPTO_DEFLATE 1938 config CRYPTO_DEFLATE
1125 tristate "Deflate" !! 1939 tristate "Deflate compression algorithm"
1126 select CRYPTO_ALGAPI 1940 select CRYPTO_ALGAPI
1127 select CRYPTO_ACOMP2 1941 select CRYPTO_ACOMP2
1128 select ZLIB_INFLATE 1942 select ZLIB_INFLATE
1129 select ZLIB_DEFLATE 1943 select ZLIB_DEFLATE
1130 help 1944 help
1131 Deflate compression algorithm (RFC1 !! 1945 This is the Deflate algorithm (RFC1951), specified for use in
>> 1946 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1132 1947
1133 Used by IPSec with the IPCOMP proto !! 1948 You will most probably want this if using IPSec.
1134 1949
1135 config CRYPTO_LZO 1950 config CRYPTO_LZO
1136 tristate "LZO" !! 1951 tristate "LZO compression algorithm"
1137 select CRYPTO_ALGAPI 1952 select CRYPTO_ALGAPI
1138 select CRYPTO_ACOMP2 1953 select CRYPTO_ACOMP2
1139 select LZO_COMPRESS 1954 select LZO_COMPRESS
1140 select LZO_DECOMPRESS 1955 select LZO_DECOMPRESS
1141 help 1956 help
1142 LZO compression algorithm !! 1957 This is the LZO algorithm.
1143 <<
1144 See https://www.oberhumer.com/opens <<
1145 1958
1146 config CRYPTO_842 1959 config CRYPTO_842
1147 tristate "842" !! 1960 tristate "842 compression algorithm"
1148 select CRYPTO_ALGAPI 1961 select CRYPTO_ALGAPI
1149 select CRYPTO_ACOMP2 1962 select CRYPTO_ACOMP2
1150 select 842_COMPRESS 1963 select 842_COMPRESS
1151 select 842_DECOMPRESS 1964 select 842_DECOMPRESS
1152 help 1965 help
1153 842 compression algorithm by IBM !! 1966 This is the 842 algorithm.
1154 <<
1155 See https://github.com/plauth/lib84 <<
1156 1967
1157 config CRYPTO_LZ4 1968 config CRYPTO_LZ4
1158 tristate "LZ4" !! 1969 tristate "LZ4 compression algorithm"
1159 select CRYPTO_ALGAPI 1970 select CRYPTO_ALGAPI
1160 select CRYPTO_ACOMP2 1971 select CRYPTO_ACOMP2
1161 select LZ4_COMPRESS 1972 select LZ4_COMPRESS
1162 select LZ4_DECOMPRESS 1973 select LZ4_DECOMPRESS
1163 help 1974 help
1164 LZ4 compression algorithm !! 1975 This is the LZ4 algorithm.
1165 <<
1166 See https://github.com/lz4/lz4 for <<
1167 1976
1168 config CRYPTO_LZ4HC 1977 config CRYPTO_LZ4HC
1169 tristate "LZ4HC" !! 1978 tristate "LZ4HC compression algorithm"
1170 select CRYPTO_ALGAPI 1979 select CRYPTO_ALGAPI
1171 select CRYPTO_ACOMP2 1980 select CRYPTO_ACOMP2
1172 select LZ4HC_COMPRESS 1981 select LZ4HC_COMPRESS
1173 select LZ4_DECOMPRESS 1982 select LZ4_DECOMPRESS
1174 help 1983 help
1175 LZ4 high compression mode algorithm !! 1984 This is the LZ4 high compression mode algorithm.
1176 <<
1177 See https://github.com/lz4/lz4 for <<
1178 1985
1179 config CRYPTO_ZSTD 1986 config CRYPTO_ZSTD
1180 tristate "Zstd" !! 1987 tristate "Zstd compression algorithm"
1181 select CRYPTO_ALGAPI 1988 select CRYPTO_ALGAPI
1182 select CRYPTO_ACOMP2 1989 select CRYPTO_ACOMP2
1183 select ZSTD_COMPRESS 1990 select ZSTD_COMPRESS
1184 select ZSTD_DECOMPRESS 1991 select ZSTD_DECOMPRESS
1185 help 1992 help
1186 zstd compression algorithm !! 1993 This is the zstd algorithm.
1187 1994
1188 See https://github.com/facebook/zst !! 1995 comment "Random Number Generation"
1189 <<
1190 endmenu <<
1191 <<
1192 menu "Random number generation" <<
1193 1996
1194 config CRYPTO_ANSI_CPRNG 1997 config CRYPTO_ANSI_CPRNG
1195 tristate "ANSI PRNG (Pseudo Random Nu !! 1998 tristate "Pseudo Random Number Generation for Cryptographic modules"
1196 select CRYPTO_AES 1999 select CRYPTO_AES
1197 select CRYPTO_RNG 2000 select CRYPTO_RNG
1198 help 2001 help
1199 Pseudo RNG (random number generator !! 2002 This option enables the generic pseudo random number generator
1200 !! 2003 for cryptographic modules. Uses the Algorithm specified in
1201 This uses the AES cipher algorithm. !! 2004 ANSI X9.31 A.2.4. Note that this option must be enabled if
1202 !! 2005 CRYPTO_FIPS is selected
1203 Note that this option must be enabl <<
1204 2006
1205 menuconfig CRYPTO_DRBG_MENU 2007 menuconfig CRYPTO_DRBG_MENU
1206 tristate "NIST SP800-90A DRBG (Determ !! 2008 tristate "NIST SP800-90A DRBG"
1207 help 2009 help
1208 DRBG (Deterministic Random Bit Gene !! 2010 NIST SP800-90A compliant DRBG. In the following submenu, one or
1209 !! 2011 more of the DRBG types must be selected.
1210 In the following submenu, one or mo <<
1211 2012
1212 if CRYPTO_DRBG_MENU 2013 if CRYPTO_DRBG_MENU
1213 2014
1214 config CRYPTO_DRBG_HMAC 2015 config CRYPTO_DRBG_HMAC
1215 bool 2016 bool
1216 default y 2017 default y
1217 select CRYPTO_HMAC 2018 select CRYPTO_HMAC
1218 select CRYPTO_SHA512 2019 select CRYPTO_SHA512
1219 2020
1220 config CRYPTO_DRBG_HASH 2021 config CRYPTO_DRBG_HASH
1221 bool "Hash_DRBG" !! 2022 bool "Enable Hash DRBG"
1222 select CRYPTO_SHA256 2023 select CRYPTO_SHA256
1223 help 2024 help
1224 Hash_DRBG variant as defined in NIS !! 2025 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1225 <<
1226 This uses the SHA-1, SHA-256, SHA-3 <<
1227 2026
1228 config CRYPTO_DRBG_CTR 2027 config CRYPTO_DRBG_CTR
1229 bool "CTR_DRBG" !! 2028 bool "Enable CTR DRBG"
1230 select CRYPTO_AES 2029 select CRYPTO_AES
1231 select CRYPTO_CTR 2030 select CRYPTO_CTR
1232 help 2031 help
1233 CTR_DRBG variant as defined in NIST !! 2032 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1234 <<
1235 This uses the AES cipher algorithm <<
1236 2033
1237 config CRYPTO_DRBG 2034 config CRYPTO_DRBG
1238 tristate 2035 tristate
1239 default CRYPTO_DRBG_MENU 2036 default CRYPTO_DRBG_MENU
1240 select CRYPTO_RNG 2037 select CRYPTO_RNG
1241 select CRYPTO_JITTERENTROPY 2038 select CRYPTO_JITTERENTROPY
1242 2039
1243 endif # if CRYPTO_DRBG_MENU 2040 endif # if CRYPTO_DRBG_MENU
1244 2041
1245 config CRYPTO_JITTERENTROPY 2042 config CRYPTO_JITTERENTROPY
1246 tristate "CPU Jitter Non-Deterministi !! 2043 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1247 select CRYPTO_RNG 2044 select CRYPTO_RNG
1248 select CRYPTO_SHA3 <<
1249 help 2045 help
1250 CPU Jitter RNG (Random Number Gener !! 2046 The Jitterentropy RNG is a noise that is intended
1251 !! 2047 to provide seed to another RNG. The RNG does not
1252 A non-physical non-deterministic (" !! 2048 perform any cryptographic whitening of the generated
1253 compliant with NIST SP800-90B) inte !! 2049 random numbers. This Jitterentropy RNG registers with
1254 deterministic RNG (e.g., per NIST S !! 2050 the kernel crypto API and can be used by any caller.
1255 This RNG does not perform any crypt <<
1256 random numbers. <<
1257 <<
1258 See https://www.chronox.de/jent/ <<
1259 <<
1260 if CRYPTO_JITTERENTROPY <<
1261 if CRYPTO_FIPS && EXPERT <<
1262 <<
1263 choice <<
1264 prompt "CPU Jitter RNG Memory Size" <<
1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ <<
1266 help <<
1267 The Jitter RNG measures the executi <<
1268 Multiple consecutive memory accesse <<
1269 size fits into a cache (e.g. L1), o <<
1270 to that cache is measured. The clos <<
1271 the less variations are measured an <<
1272 obtained. Thus, if the memory size <<
1273 obtained entropy is less than if th <<
1274 L1 + L2, which in turn is less if t <<
1275 L1 + L2 + L3. Thus, by selecting a <<
1276 the entropy rate produced by the Ji <<
1277 <<
1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 <<
1279 bool "2048 Bytes (default)" <<
1280 <<
1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1282 bool "128 kBytes" <<
1283 <<
1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 <<
1285 bool "1024 kBytes" <<
1286 <<
1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 <<
1288 bool "8192 kBytes" <<
1289 endchoice <<
1290 <<
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1292 int <<
1293 default 64 if CRYPTO_JITTERENTROPY_ME <<
1294 default 512 if CRYPTO_JITTERENTROPY_M <<
1295 default 1024 if CRYPTO_JITTERENTROPY_ <<
1296 default 4096 if CRYPTO_JITTERENTROPY_ <<
1297 <<
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1299 int <<
1300 default 32 if CRYPTO_JITTERENTROPY_ME <<
1301 default 256 if CRYPTO_JITTERENTROPY_M <<
1302 default 1024 if CRYPTO_JITTERENTROPY_ <<
1303 default 2048 if CRYPTO_JITTERENTROPY_ <<
1304 <<
1305 config CRYPTO_JITTERENTROPY_OSR <<
1306 int "CPU Jitter RNG Oversampling Rate <<
1307 range 1 15 <<
1308 default 3 <<
1309 help <<
1310 The Jitter RNG allows the specifica <<
1311 The Jitter RNG operation requires a <<
1312 measurements to produce one output <<
1313 OSR value is multiplied with the am <<
1314 generate one output block. Thus, th <<
1315 by the OSR factor. The oversampling <<
1316 on hardware whose timers deliver li <<
1317 the timer is coarse) by setting the <<
1318 trade-off, however, is that the Jit <<
1319 to generate random numbers. <<
1320 <<
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1322 bool "CPU Jitter RNG Test Interface" <<
1323 help <<
1324 The test interface allows a privile <<
1325 the raw unconditioned high resoluti <<
1326 is collected by the Jitter RNG for <<
1327 this data is used at the same time <<
1328 the Jitter RNG operates in an insec <<
1329 recording is enabled. This interfac <<
1330 intended for testing purposes and i <<
1331 production systems. <<
1332 <<
1333 The raw noise data can be obtained <<
1334 debugfs file. Using the option <<
1335 jitterentropy_testing.boot_raw_hire <<
1336 the first 1000 entropy events since <<
1337 <<
1338 If unsure, select N. <<
1339 <<
1340 endif # if CRYPTO_FIPS && EXPERT <<
1341 <<
1342 if !(CRYPTO_FIPS && EXPERT) <<
1343 <<
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS <<
1345 int <<
1346 default 64 <<
1347 <<
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE <<
1349 int <<
1350 default 32 <<
1351 <<
1352 config CRYPTO_JITTERENTROPY_OSR <<
1353 int <<
1354 default 1 <<
1355 <<
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE <<
1357 bool <<
1358 <<
1359 endif # if !(CRYPTO_FIPS && EXPERT) <<
1360 endif # if CRYPTO_JITTERENTROPY <<
1361 2051
1362 config CRYPTO_KDF800108_CTR 2052 config CRYPTO_KDF800108_CTR
1363 tristate 2053 tristate
1364 select CRYPTO_HMAC 2054 select CRYPTO_HMAC
1365 select CRYPTO_SHA256 2055 select CRYPTO_SHA256
1366 2056
1367 endmenu <<
1368 menu "Userspace interface" <<
1369 <<
1370 config CRYPTO_USER_API 2057 config CRYPTO_USER_API
1371 tristate 2058 tristate
1372 2059
1373 config CRYPTO_USER_API_HASH 2060 config CRYPTO_USER_API_HASH
1374 tristate "Hash algorithms" !! 2061 tristate "User-space interface for hash algorithms"
1375 depends on NET 2062 depends on NET
1376 select CRYPTO_HASH 2063 select CRYPTO_HASH
1377 select CRYPTO_USER_API 2064 select CRYPTO_USER_API
1378 help 2065 help
1379 Enable the userspace interface for !! 2066 This option enables the user-spaces interface for hash
1380 !! 2067 algorithms.
1381 See Documentation/crypto/userspace- <<
1382 https://www.chronox.de/libkcapi/htm <<
1383 2068
1384 config CRYPTO_USER_API_SKCIPHER 2069 config CRYPTO_USER_API_SKCIPHER
1385 tristate "Symmetric key cipher algori !! 2070 tristate "User-space interface for symmetric key cipher algorithms"
1386 depends on NET 2071 depends on NET
1387 select CRYPTO_SKCIPHER 2072 select CRYPTO_SKCIPHER
1388 select CRYPTO_USER_API 2073 select CRYPTO_USER_API
1389 help 2074 help
1390 Enable the userspace interface for !! 2075 This option enables the user-spaces interface for symmetric
1391 !! 2076 key cipher algorithms.
1392 See Documentation/crypto/userspace- <<
1393 https://www.chronox.de/libkcapi/htm <<
1394 2077
1395 config CRYPTO_USER_API_RNG 2078 config CRYPTO_USER_API_RNG
1396 tristate "RNG (random number generato !! 2079 tristate "User-space interface for random number generator algorithms"
1397 depends on NET 2080 depends on NET
1398 select CRYPTO_RNG 2081 select CRYPTO_RNG
1399 select CRYPTO_USER_API 2082 select CRYPTO_USER_API
1400 help 2083 help
1401 Enable the userspace interface for !! 2084 This option enables the user-spaces interface for random
1402 algorithms. !! 2085 number generator algorithms.
1403 <<
1404 See Documentation/crypto/userspace- <<
1405 https://www.chronox.de/libkcapi/htm <<
1406 2086
1407 config CRYPTO_USER_API_RNG_CAVP 2087 config CRYPTO_USER_API_RNG_CAVP
1408 bool "Enable CAVP testing of DRBG" 2088 bool "Enable CAVP testing of DRBG"
1409 depends on CRYPTO_USER_API_RNG && CRY 2089 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
1410 help 2090 help
1411 Enable extra APIs in the userspace !! 2091 This option enables extra API for CAVP testing via the user-space
1412 (Cryptographic Algorithm Validation !! 2092 interface: resetting of DRBG entropy, and providing Additional Data.
1413 - resetting DRBG entropy <<
1414 - providing Additional Data <<
1415 <<
1416 This should only be enabled for CAV 2093 This should only be enabled for CAVP testing. You should say
1417 no unless you know what this is. 2094 no unless you know what this is.
1418 2095
1419 config CRYPTO_USER_API_AEAD 2096 config CRYPTO_USER_API_AEAD
1420 tristate "AEAD cipher algorithms" !! 2097 tristate "User-space interface for AEAD cipher algorithms"
1421 depends on NET 2098 depends on NET
1422 select CRYPTO_AEAD 2099 select CRYPTO_AEAD
1423 select CRYPTO_SKCIPHER 2100 select CRYPTO_SKCIPHER
1424 select CRYPTO_NULL 2101 select CRYPTO_NULL
1425 select CRYPTO_USER_API 2102 select CRYPTO_USER_API
1426 help 2103 help
1427 Enable the userspace interface for !! 2104 This option enables the user-spaces interface for AEAD
1428 !! 2105 cipher algorithms.
1429 See Documentation/crypto/userspace- <<
1430 https://www.chronox.de/libkcapi/htm <<
1431 2106
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE 2107 config CRYPTO_USER_API_ENABLE_OBSOLETE
1433 bool "Obsolete cryptographic algorith !! 2108 bool "Enable obsolete cryptographic algorithms for userspace"
1434 depends on CRYPTO_USER_API 2109 depends on CRYPTO_USER_API
1435 default y 2110 default y
1436 help 2111 help
1437 Allow obsolete cryptographic algori 2112 Allow obsolete cryptographic algorithms to be selected that have
1438 already been phased out from intern 2113 already been phased out from internal use by the kernel, and are
1439 only useful for userspace clients t 2114 only useful for userspace clients that still rely on them.
1440 2115
1441 endmenu !! 2116 config CRYPTO_STATS
>> 2117 bool "Crypto usage statistics for User-space"
>> 2118 depends on CRYPTO_USER
>> 2119 help
>> 2120 This option enables the gathering of crypto stats.
>> 2121 This will collect:
>> 2122 - encrypt/decrypt size and numbers of symmeric operations
>> 2123 - compress/decompress size and numbers of compress operations
>> 2124 - size and numbers of hash operations
>> 2125 - encrypt/decrypt/sign/verify numbers for asymmetric operations
>> 2126 - generate/seed numbers for rng operations
1442 2127
1443 config CRYPTO_HASH_INFO 2128 config CRYPTO_HASH_INFO
1444 bool 2129 bool
1445 <<
1446 if !KMSAN # avoid false positives from assemb <<
1447 if ARM <<
1448 source "arch/arm/crypto/Kconfig" <<
1449 endif <<
1450 if ARM64 <<
1451 source "arch/arm64/crypto/Kconfig" <<
1452 endif <<
1453 if LOONGARCH <<
1454 source "arch/loongarch/crypto/Kconfig" <<
1455 endif <<
1456 if MIPS <<
1457 source "arch/mips/crypto/Kconfig" <<
1458 endif <<
1459 if PPC <<
1460 source "arch/powerpc/crypto/Kconfig" <<
1461 endif <<
1462 if RISCV <<
1463 source "arch/riscv/crypto/Kconfig" <<
1464 endif <<
1465 if S390 <<
1466 source "arch/s390/crypto/Kconfig" <<
1467 endif <<
1468 if SPARC <<
1469 source "arch/sparc/crypto/Kconfig" <<
1470 endif <<
1471 if X86 <<
1472 source "arch/x86/crypto/Kconfig" <<
1473 endif <<
1474 endif <<
1475 2130
1476 source "drivers/crypto/Kconfig" 2131 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig" 2132 source "crypto/asymmetric_keys/Kconfig"
1478 source "certs/Kconfig" 2133 source "certs/Kconfig"
1479 2134
1480 endif # if CRYPTO 2135 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.