1 # SPDX-License-Identifier: GPL-2.0 1 # SPDX-License-Identifier: GPL-2.0 2 # 2 # 3 # Generic algorithms support 3 # Generic algorithms support 4 # 4 # 5 config XOR_BLOCKS 5 config XOR_BLOCKS 6 tristate 6 tristate 7 7 8 # 8 # 9 # async_tx api: hardware offloaded memory tran 9 # async_tx api: hardware offloaded memory transfer/transform support 10 # 10 # 11 source "crypto/async_tx/Kconfig" 11 source "crypto/async_tx/Kconfig" 12 12 13 # 13 # 14 # Cryptographic API Configuration 14 # Cryptographic API Configuration 15 # 15 # 16 menuconfig CRYPTO 16 menuconfig CRYPTO 17 tristate "Cryptographic API" 17 tristate "Cryptographic API" 18 select CRYPTO_LIB_UTILS 18 select CRYPTO_LIB_UTILS 19 help 19 help 20 This option provides the core Crypto 20 This option provides the core Cryptographic API. 21 21 22 if CRYPTO 22 if CRYPTO 23 23 24 menu "Crypto core or helper" 24 menu "Crypto core or helper" 25 25 26 config CRYPTO_FIPS 26 config CRYPTO_FIPS 27 bool "FIPS 200 compliance" 27 bool "FIPS 200 compliance" 28 depends on (CRYPTO_ANSI_CPRNG || CRYPT 28 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 29 depends on (MODULE_SIG || !MODULES) 29 depends on (MODULE_SIG || !MODULES) 30 help 30 help 31 This option enables the fips boot op 31 This option enables the fips boot option which is 32 required if you want the system to o 32 required if you want the system to operate in a FIPS 200 33 certification. You should say no un 33 certification. You should say no unless you know what 34 this is. 34 this is. 35 35 36 config CRYPTO_FIPS_NAME 36 config CRYPTO_FIPS_NAME 37 string "FIPS Module Name" 37 string "FIPS Module Name" 38 default "Linux Kernel Cryptographic AP 38 default "Linux Kernel Cryptographic API" 39 depends on CRYPTO_FIPS 39 depends on CRYPTO_FIPS 40 help 40 help 41 This option sets the FIPS Module nam 41 This option sets the FIPS Module name reported by the Crypto API via 42 the /proc/sys/crypto/fips_name file. 42 the /proc/sys/crypto/fips_name file. 43 43 44 config CRYPTO_FIPS_CUSTOM_VERSION 44 config CRYPTO_FIPS_CUSTOM_VERSION 45 bool "Use Custom FIPS Module Version" 45 bool "Use Custom FIPS Module Version" 46 depends on CRYPTO_FIPS 46 depends on CRYPTO_FIPS 47 default n 47 default n 48 48 49 config CRYPTO_FIPS_VERSION 49 config CRYPTO_FIPS_VERSION 50 string "FIPS Module Version" 50 string "FIPS Module Version" 51 default "(none)" 51 default "(none)" 52 depends on CRYPTO_FIPS_CUSTOM_VERSION 52 depends on CRYPTO_FIPS_CUSTOM_VERSION 53 help 53 help 54 This option provides the ability to 54 This option provides the ability to override the FIPS Module Version. 55 By default the KERNELRELEASE value i 55 By default the KERNELRELEASE value is used. 56 56 57 config CRYPTO_ALGAPI 57 config CRYPTO_ALGAPI 58 tristate 58 tristate 59 select CRYPTO_ALGAPI2 59 select CRYPTO_ALGAPI2 60 help 60 help 61 This option provides the API for cry 61 This option provides the API for cryptographic algorithms. 62 62 63 config CRYPTO_ALGAPI2 63 config CRYPTO_ALGAPI2 64 tristate 64 tristate 65 65 66 config CRYPTO_AEAD 66 config CRYPTO_AEAD 67 tristate 67 tristate 68 select CRYPTO_AEAD2 68 select CRYPTO_AEAD2 69 select CRYPTO_ALGAPI 69 select CRYPTO_ALGAPI 70 70 71 config CRYPTO_AEAD2 71 config CRYPTO_AEAD2 72 tristate 72 tristate 73 select CRYPTO_ALGAPI2 73 select CRYPTO_ALGAPI2 74 74 75 config CRYPTO_SIG 75 config CRYPTO_SIG 76 tristate 76 tristate 77 select CRYPTO_SIG2 77 select CRYPTO_SIG2 78 select CRYPTO_ALGAPI 78 select CRYPTO_ALGAPI 79 79 80 config CRYPTO_SIG2 80 config CRYPTO_SIG2 81 tristate 81 tristate 82 select CRYPTO_ALGAPI2 82 select CRYPTO_ALGAPI2 83 83 84 config CRYPTO_SKCIPHER 84 config CRYPTO_SKCIPHER 85 tristate 85 tristate 86 select CRYPTO_SKCIPHER2 86 select CRYPTO_SKCIPHER2 87 select CRYPTO_ALGAPI 87 select CRYPTO_ALGAPI 88 select CRYPTO_ECB 88 select CRYPTO_ECB 89 89 90 config CRYPTO_SKCIPHER2 90 config CRYPTO_SKCIPHER2 91 tristate 91 tristate 92 select CRYPTO_ALGAPI2 92 select CRYPTO_ALGAPI2 93 93 94 config CRYPTO_HASH 94 config CRYPTO_HASH 95 tristate 95 tristate 96 select CRYPTO_HASH2 96 select CRYPTO_HASH2 97 select CRYPTO_ALGAPI 97 select CRYPTO_ALGAPI 98 98 99 config CRYPTO_HASH2 99 config CRYPTO_HASH2 100 tristate 100 tristate 101 select CRYPTO_ALGAPI2 101 select CRYPTO_ALGAPI2 102 102 103 config CRYPTO_RNG 103 config CRYPTO_RNG 104 tristate 104 tristate 105 select CRYPTO_RNG2 105 select CRYPTO_RNG2 106 select CRYPTO_ALGAPI 106 select CRYPTO_ALGAPI 107 107 108 config CRYPTO_RNG2 108 config CRYPTO_RNG2 109 tristate 109 tristate 110 select CRYPTO_ALGAPI2 110 select CRYPTO_ALGAPI2 111 111 112 config CRYPTO_RNG_DEFAULT 112 config CRYPTO_RNG_DEFAULT 113 tristate 113 tristate 114 select CRYPTO_DRBG_MENU 114 select CRYPTO_DRBG_MENU 115 115 116 config CRYPTO_AKCIPHER2 116 config CRYPTO_AKCIPHER2 117 tristate 117 tristate 118 select CRYPTO_ALGAPI2 118 select CRYPTO_ALGAPI2 119 119 120 config CRYPTO_AKCIPHER 120 config CRYPTO_AKCIPHER 121 tristate 121 tristate 122 select CRYPTO_AKCIPHER2 122 select CRYPTO_AKCIPHER2 123 select CRYPTO_ALGAPI 123 select CRYPTO_ALGAPI 124 124 125 config CRYPTO_KPP2 125 config CRYPTO_KPP2 126 tristate 126 tristate 127 select CRYPTO_ALGAPI2 127 select CRYPTO_ALGAPI2 128 128 129 config CRYPTO_KPP 129 config CRYPTO_KPP 130 tristate 130 tristate 131 select CRYPTO_ALGAPI 131 select CRYPTO_ALGAPI 132 select CRYPTO_KPP2 132 select CRYPTO_KPP2 133 133 134 config CRYPTO_ACOMP2 134 config CRYPTO_ACOMP2 135 tristate 135 tristate 136 select CRYPTO_ALGAPI2 136 select CRYPTO_ALGAPI2 137 select SGL_ALLOC 137 select SGL_ALLOC 138 138 139 config CRYPTO_ACOMP 139 config CRYPTO_ACOMP 140 tristate 140 tristate 141 select CRYPTO_ALGAPI 141 select CRYPTO_ALGAPI 142 select CRYPTO_ACOMP2 142 select CRYPTO_ACOMP2 143 143 144 config CRYPTO_MANAGER 144 config CRYPTO_MANAGER 145 tristate "Cryptographic algorithm mana 145 tristate "Cryptographic algorithm manager" 146 select CRYPTO_MANAGER2 146 select CRYPTO_MANAGER2 147 help 147 help 148 Create default cryptographic templat 148 Create default cryptographic template instantiations such as 149 cbc(aes). 149 cbc(aes). 150 150 151 config CRYPTO_MANAGER2 151 config CRYPTO_MANAGER2 152 def_tristate CRYPTO_MANAGER || (CRYPTO 152 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 153 select CRYPTO_ACOMP2 153 select CRYPTO_ACOMP2 154 select CRYPTO_AEAD2 154 select CRYPTO_AEAD2 155 select CRYPTO_AKCIPHER2 155 select CRYPTO_AKCIPHER2 156 select CRYPTO_SIG2 156 select CRYPTO_SIG2 157 select CRYPTO_HASH2 157 select CRYPTO_HASH2 158 select CRYPTO_KPP2 158 select CRYPTO_KPP2 159 select CRYPTO_RNG2 159 select CRYPTO_RNG2 160 select CRYPTO_SKCIPHER2 160 select CRYPTO_SKCIPHER2 161 161 162 config CRYPTO_USER 162 config CRYPTO_USER 163 tristate "Userspace cryptographic algo 163 tristate "Userspace cryptographic algorithm configuration" 164 depends on NET 164 depends on NET 165 select CRYPTO_MANAGER 165 select CRYPTO_MANAGER 166 help 166 help 167 Userspace configuration for cryptogr 167 Userspace configuration for cryptographic instantiations such as 168 cbc(aes). 168 cbc(aes). 169 169 170 config CRYPTO_MANAGER_DISABLE_TESTS 170 config CRYPTO_MANAGER_DISABLE_TESTS 171 bool "Disable run-time self tests" 171 bool "Disable run-time self tests" 172 default y 172 default y 173 help 173 help 174 Disable run-time self tests that nor 174 Disable run-time self tests that normally take place at 175 algorithm registration. 175 algorithm registration. 176 176 177 config CRYPTO_MANAGER_EXTRA_TESTS 177 config CRYPTO_MANAGER_EXTRA_TESTS 178 bool "Enable extra run-time crypto sel 178 bool "Enable extra run-time crypto self tests" 179 depends on DEBUG_KERNEL && !CRYPTO_MAN 179 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER 180 help 180 help 181 Enable extra run-time self tests of 181 Enable extra run-time self tests of registered crypto algorithms, 182 including randomized fuzz tests. 182 including randomized fuzz tests. 183 183 184 This is intended for developer use o 184 This is intended for developer use only, as these tests take much 185 longer to run than the normal self t 185 longer to run than the normal self tests. 186 186 187 config CRYPTO_NULL 187 config CRYPTO_NULL 188 tristate "Null algorithms" 188 tristate "Null algorithms" 189 select CRYPTO_NULL2 189 select CRYPTO_NULL2 190 help 190 help 191 These are 'Null' algorithms, used by 191 These are 'Null' algorithms, used by IPsec, which do nothing. 192 192 193 config CRYPTO_NULL2 193 config CRYPTO_NULL2 194 tristate 194 tristate 195 select CRYPTO_ALGAPI2 195 select CRYPTO_ALGAPI2 196 select CRYPTO_SKCIPHER2 196 select CRYPTO_SKCIPHER2 197 select CRYPTO_HASH2 197 select CRYPTO_HASH2 198 198 199 config CRYPTO_PCRYPT 199 config CRYPTO_PCRYPT 200 tristate "Parallel crypto engine" 200 tristate "Parallel crypto engine" 201 depends on SMP 201 depends on SMP 202 select PADATA 202 select PADATA 203 select CRYPTO_MANAGER 203 select CRYPTO_MANAGER 204 select CRYPTO_AEAD 204 select CRYPTO_AEAD 205 help 205 help 206 This converts an arbitrary crypto al 206 This converts an arbitrary crypto algorithm into a parallel 207 algorithm that executes in kernel th 207 algorithm that executes in kernel threads. 208 208 209 config CRYPTO_CRYPTD 209 config CRYPTO_CRYPTD 210 tristate "Software async crypto daemon 210 tristate "Software async crypto daemon" 211 select CRYPTO_SKCIPHER 211 select CRYPTO_SKCIPHER 212 select CRYPTO_HASH 212 select CRYPTO_HASH 213 select CRYPTO_MANAGER 213 select CRYPTO_MANAGER 214 help 214 help 215 This is a generic software asynchron 215 This is a generic software asynchronous crypto daemon that 216 converts an arbitrary synchronous so 216 converts an arbitrary synchronous software crypto algorithm 217 into an asynchronous algorithm that 217 into an asynchronous algorithm that executes in a kernel thread. 218 218 219 config CRYPTO_AUTHENC 219 config CRYPTO_AUTHENC 220 tristate "Authenc support" 220 tristate "Authenc support" 221 select CRYPTO_AEAD 221 select CRYPTO_AEAD 222 select CRYPTO_SKCIPHER 222 select CRYPTO_SKCIPHER 223 select CRYPTO_MANAGER 223 select CRYPTO_MANAGER 224 select CRYPTO_HASH 224 select CRYPTO_HASH 225 select CRYPTO_NULL 225 select CRYPTO_NULL 226 help 226 help 227 Authenc: Combined mode wrapper for I 227 Authenc: Combined mode wrapper for IPsec. 228 228 229 This is required for IPSec ESP (XFRM 229 This is required for IPSec ESP (XFRM_ESP). 230 230 231 config CRYPTO_TEST 231 config CRYPTO_TEST 232 tristate "Testing module" 232 tristate "Testing module" 233 depends on m || EXPERT 233 depends on m || EXPERT 234 select CRYPTO_MANAGER 234 select CRYPTO_MANAGER 235 help 235 help 236 Quick & dirty crypto test module. 236 Quick & dirty crypto test module. 237 237 238 config CRYPTO_SIMD 238 config CRYPTO_SIMD 239 tristate 239 tristate 240 select CRYPTO_CRYPTD 240 select CRYPTO_CRYPTD 241 241 242 config CRYPTO_ENGINE 242 config CRYPTO_ENGINE 243 tristate 243 tristate 244 244 245 endmenu 245 endmenu 246 246 247 menu "Public-key cryptography" 247 menu "Public-key cryptography" 248 248 249 config CRYPTO_RSA 249 config CRYPTO_RSA 250 tristate "RSA (Rivest-Shamir-Adleman)" 250 tristate "RSA (Rivest-Shamir-Adleman)" 251 select CRYPTO_AKCIPHER 251 select CRYPTO_AKCIPHER 252 select CRYPTO_MANAGER 252 select CRYPTO_MANAGER 253 select MPILIB 253 select MPILIB 254 select ASN1 254 select ASN1 255 help 255 help 256 RSA (Rivest-Shamir-Adleman) public k 256 RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017) 257 257 258 config CRYPTO_DH 258 config CRYPTO_DH 259 tristate "DH (Diffie-Hellman)" 259 tristate "DH (Diffie-Hellman)" 260 select CRYPTO_KPP 260 select CRYPTO_KPP 261 select MPILIB 261 select MPILIB 262 help 262 help 263 DH (Diffie-Hellman) key exchange alg 263 DH (Diffie-Hellman) key exchange algorithm 264 264 265 config CRYPTO_DH_RFC7919_GROUPS 265 config CRYPTO_DH_RFC7919_GROUPS 266 bool "RFC 7919 FFDHE groups" 266 bool "RFC 7919 FFDHE groups" 267 depends on CRYPTO_DH 267 depends on CRYPTO_DH 268 select CRYPTO_RNG_DEFAULT 268 select CRYPTO_RNG_DEFAULT 269 help 269 help 270 FFDHE (Finite-Field-based Diffie-Hel 270 FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups 271 defined in RFC7919. 271 defined in RFC7919. 272 272 273 Support these finite-field groups in 273 Support these finite-field groups in DH key exchanges: 274 - ffdhe2048, ffdhe3072, ffdhe4096, f 274 - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 275 275 276 If unsure, say N. 276 If unsure, say N. 277 277 278 config CRYPTO_ECC 278 config CRYPTO_ECC 279 tristate 279 tristate 280 select CRYPTO_RNG_DEFAULT 280 select CRYPTO_RNG_DEFAULT 281 281 282 config CRYPTO_ECDH 282 config CRYPTO_ECDH 283 tristate "ECDH (Elliptic Curve Diffie- 283 tristate "ECDH (Elliptic Curve Diffie-Hellman)" 284 select CRYPTO_ECC 284 select CRYPTO_ECC 285 select CRYPTO_KPP 285 select CRYPTO_KPP 286 help 286 help 287 ECDH (Elliptic Curve Diffie-Hellman) 287 ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm 288 using curves P-192, P-256, and P-384 288 using curves P-192, P-256, and P-384 (FIPS 186) 289 289 290 config CRYPTO_ECDSA 290 config CRYPTO_ECDSA 291 tristate "ECDSA (Elliptic Curve Digita 291 tristate "ECDSA (Elliptic Curve Digital Signature Algorithm)" 292 select CRYPTO_ECC 292 select CRYPTO_ECC 293 select CRYPTO_AKCIPHER 293 select CRYPTO_AKCIPHER 294 select ASN1 294 select ASN1 295 help 295 help 296 ECDSA (Elliptic Curve Digital Signat 296 ECDSA (Elliptic Curve Digital Signature Algorithm) (FIPS 186, 297 ISO/IEC 14888-3) 297 ISO/IEC 14888-3) 298 using curves P-192, P-256, and P-384 298 using curves P-192, P-256, and P-384 299 299 300 Only signature verification is imple 300 Only signature verification is implemented. 301 301 302 config CRYPTO_ECRDSA 302 config CRYPTO_ECRDSA 303 tristate "EC-RDSA (Elliptic Curve Russ 303 tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)" 304 select CRYPTO_ECC 304 select CRYPTO_ECC 305 select CRYPTO_AKCIPHER 305 select CRYPTO_AKCIPHER 306 select CRYPTO_STREEBOG 306 select CRYPTO_STREEBOG 307 select OID_REGISTRY 307 select OID_REGISTRY 308 select ASN1 308 select ASN1 309 help 309 help 310 Elliptic Curve Russian Digital Signa 310 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 311 RFC 7091, ISO/IEC 14888-3) 311 RFC 7091, ISO/IEC 14888-3) 312 312 313 One of the Russian cryptographic sta 313 One of the Russian cryptographic standard algorithms (called GOST 314 algorithms). Only signature verifica 314 algorithms). Only signature verification is implemented. 315 315 >> 316 config CRYPTO_SM2 >> 317 tristate "SM2 (ShangMi 2)" >> 318 select CRYPTO_SM3 >> 319 select CRYPTO_AKCIPHER >> 320 select CRYPTO_MANAGER >> 321 select MPILIB >> 322 select ASN1 >> 323 help >> 324 SM2 (ShangMi 2) public key algorithm >> 325 >> 326 Published by State Encryption Management Bureau, China, >> 327 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012. >> 328 >> 329 References: >> 330 https://datatracker.ietf.org/doc/draft-shen-sm2-ecdsa/ >> 331 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml >> 332 http://www.gmbz.org.cn/main/bzlb.html >> 333 316 config CRYPTO_CURVE25519 334 config CRYPTO_CURVE25519 317 tristate "Curve25519" 335 tristate "Curve25519" 318 select CRYPTO_KPP 336 select CRYPTO_KPP 319 select CRYPTO_LIB_CURVE25519_GENERIC 337 select CRYPTO_LIB_CURVE25519_GENERIC 320 help 338 help 321 Curve25519 elliptic curve (RFC7748) 339 Curve25519 elliptic curve (RFC7748) 322 340 323 endmenu 341 endmenu 324 342 325 menu "Block ciphers" 343 menu "Block ciphers" 326 344 327 config CRYPTO_AES 345 config CRYPTO_AES 328 tristate "AES (Advanced Encryption Sta 346 tristate "AES (Advanced Encryption Standard)" 329 select CRYPTO_ALGAPI 347 select CRYPTO_ALGAPI 330 select CRYPTO_LIB_AES 348 select CRYPTO_LIB_AES 331 help 349 help 332 AES cipher algorithms (Rijndael)(FIP 350 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3) 333 351 334 Rijndael appears to be consistently 352 Rijndael appears to be consistently a very good performer in 335 both hardware and software across a 353 both hardware and software across a wide range of computing 336 environments regardless of its use i 354 environments regardless of its use in feedback or non-feedback 337 modes. Its key setup time is excelle 355 modes. Its key setup time is excellent, and its key agility is 338 good. Rijndael's very low memory req 356 good. Rijndael's very low memory requirements make it very well 339 suited for restricted-space environm 357 suited for restricted-space environments, in which it also 340 demonstrates excellent performance. 358 demonstrates excellent performance. Rijndael's operations are 341 among the easiest to defend against 359 among the easiest to defend against power and timing attacks. 342 360 343 The AES specifies three key sizes: 1 361 The AES specifies three key sizes: 128, 192 and 256 bits 344 362 345 config CRYPTO_AES_TI 363 config CRYPTO_AES_TI 346 tristate "AES (Advanced Encryption Sta 364 tristate "AES (Advanced Encryption Standard) (fixed time)" 347 select CRYPTO_ALGAPI 365 select CRYPTO_ALGAPI 348 select CRYPTO_LIB_AES 366 select CRYPTO_LIB_AES 349 help 367 help 350 AES cipher algorithms (Rijndael)(FIP 368 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3) 351 369 352 This is a generic implementation of 370 This is a generic implementation of AES that attempts to eliminate 353 data dependent latencies as much as 371 data dependent latencies as much as possible without affecting 354 performance too much. It is intended 372 performance too much. It is intended for use by the generic CCM 355 and GCM drivers, and other CTR or CM 373 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 356 solely on encryption (although decry 374 solely on encryption (although decryption is supported as well, but 357 with a more dramatic performance hit 375 with a more dramatic performance hit) 358 376 359 Instead of using 16 lookup tables of 377 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 360 8 for decryption), this implementati 378 8 for decryption), this implementation only uses just two S-boxes of 361 256 bytes each, and attempts to elim 379 256 bytes each, and attempts to eliminate data dependent latencies by 362 prefetching the entire table into th 380 prefetching the entire table into the cache at the start of each 363 block. Interrupts are also disabled 381 block. Interrupts are also disabled to avoid races where cachelines 364 are evicted when the CPU is interrup 382 are evicted when the CPU is interrupted to do something else. 365 383 366 config CRYPTO_ANUBIS 384 config CRYPTO_ANUBIS 367 tristate "Anubis" 385 tristate "Anubis" 368 depends on CRYPTO_USER_API_ENABLE_OBSO 386 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 369 select CRYPTO_ALGAPI 387 select CRYPTO_ALGAPI 370 help 388 help 371 Anubis cipher algorithm 389 Anubis cipher algorithm 372 390 373 Anubis is a variable key length ciph 391 Anubis is a variable key length cipher which can use keys from 374 128 bits to 320 bits in length. It 392 128 bits to 320 bits in length. It was evaluated as a entrant 375 in the NESSIE competition. 393 in the NESSIE competition. 376 394 377 See https://web.archive.org/web/2016 395 See https://web.archive.org/web/20160606112246/http://www.larc.usp.br/~pbarreto/AnubisPage.html 378 for further information. 396 for further information. 379 397 380 config CRYPTO_ARIA 398 config CRYPTO_ARIA 381 tristate "ARIA" 399 tristate "ARIA" 382 select CRYPTO_ALGAPI 400 select CRYPTO_ALGAPI 383 help 401 help 384 ARIA cipher algorithm (RFC5794) 402 ARIA cipher algorithm (RFC5794) 385 403 386 ARIA is a standard encryption algori 404 ARIA is a standard encryption algorithm of the Republic of Korea. 387 The ARIA specifies three key sizes a 405 The ARIA specifies three key sizes and rounds. 388 128-bit: 12 rounds. 406 128-bit: 12 rounds. 389 192-bit: 14 rounds. 407 192-bit: 14 rounds. 390 256-bit: 16 rounds. 408 256-bit: 16 rounds. 391 409 392 See: 410 See: 393 https://seed.kisa.or.kr/kisa/algorit 411 https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do 394 412 395 config CRYPTO_BLOWFISH 413 config CRYPTO_BLOWFISH 396 tristate "Blowfish" 414 tristate "Blowfish" 397 select CRYPTO_ALGAPI 415 select CRYPTO_ALGAPI 398 select CRYPTO_BLOWFISH_COMMON 416 select CRYPTO_BLOWFISH_COMMON 399 help 417 help 400 Blowfish cipher algorithm, by Bruce 418 Blowfish cipher algorithm, by Bruce Schneier 401 419 402 This is a variable key length cipher 420 This is a variable key length cipher which can use keys from 32 403 bits to 448 bits in length. It's fa 421 bits to 448 bits in length. It's fast, simple and specifically 404 designed for use on "large microproc 422 designed for use on "large microprocessors". 405 423 406 See https://www.schneier.com/blowfis 424 See https://www.schneier.com/blowfish.html for further information. 407 425 408 config CRYPTO_BLOWFISH_COMMON 426 config CRYPTO_BLOWFISH_COMMON 409 tristate 427 tristate 410 help 428 help 411 Common parts of the Blowfish cipher 429 Common parts of the Blowfish cipher algorithm shared by the 412 generic c and the assembler implemen 430 generic c and the assembler implementations. 413 431 414 config CRYPTO_CAMELLIA 432 config CRYPTO_CAMELLIA 415 tristate "Camellia" 433 tristate "Camellia" 416 select CRYPTO_ALGAPI 434 select CRYPTO_ALGAPI 417 help 435 help 418 Camellia cipher algorithms (ISO/IEC 436 Camellia cipher algorithms (ISO/IEC 18033-3) 419 437 420 Camellia is a symmetric key block ci 438 Camellia is a symmetric key block cipher developed jointly 421 at NTT and Mitsubishi Electric Corpo 439 at NTT and Mitsubishi Electric Corporation. 422 440 423 The Camellia specifies three key siz 441 The Camellia specifies three key sizes: 128, 192 and 256 bits. 424 442 425 See https://info.isl.ntt.co.jp/crypt 443 See https://info.isl.ntt.co.jp/crypt/eng/camellia/ for further information. 426 444 427 config CRYPTO_CAST_COMMON 445 config CRYPTO_CAST_COMMON 428 tristate 446 tristate 429 help 447 help 430 Common parts of the CAST cipher algo 448 Common parts of the CAST cipher algorithms shared by the 431 generic c and the assembler implemen 449 generic c and the assembler implementations. 432 450 433 config CRYPTO_CAST5 451 config CRYPTO_CAST5 434 tristate "CAST5 (CAST-128)" 452 tristate "CAST5 (CAST-128)" 435 select CRYPTO_ALGAPI 453 select CRYPTO_ALGAPI 436 select CRYPTO_CAST_COMMON 454 select CRYPTO_CAST_COMMON 437 help 455 help 438 CAST5 (CAST-128) cipher algorithm (R 456 CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3) 439 457 440 config CRYPTO_CAST6 458 config CRYPTO_CAST6 441 tristate "CAST6 (CAST-256)" 459 tristate "CAST6 (CAST-256)" 442 select CRYPTO_ALGAPI 460 select CRYPTO_ALGAPI 443 select CRYPTO_CAST_COMMON 461 select CRYPTO_CAST_COMMON 444 help 462 help 445 CAST6 (CAST-256) encryption algorith 463 CAST6 (CAST-256) encryption algorithm (RFC2612) 446 464 447 config CRYPTO_DES 465 config CRYPTO_DES 448 tristate "DES and Triple DES EDE" 466 tristate "DES and Triple DES EDE" 449 select CRYPTO_ALGAPI 467 select CRYPTO_ALGAPI 450 select CRYPTO_LIB_DES 468 select CRYPTO_LIB_DES 451 help 469 help 452 DES (Data Encryption Standard)(FIPS 470 DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and 453 Triple DES EDE (Encrypt/Decrypt/Encr 471 Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3) 454 cipher algorithms 472 cipher algorithms 455 473 456 config CRYPTO_FCRYPT 474 config CRYPTO_FCRYPT 457 tristate "FCrypt" 475 tristate "FCrypt" 458 select CRYPTO_ALGAPI 476 select CRYPTO_ALGAPI 459 select CRYPTO_SKCIPHER 477 select CRYPTO_SKCIPHER 460 help 478 help 461 FCrypt algorithm used by RxRPC 479 FCrypt algorithm used by RxRPC 462 480 463 See https://ota.polyonymo.us/fcrypt- 481 See https://ota.polyonymo.us/fcrypt-paper.txt 464 482 465 config CRYPTO_KHAZAD 483 config CRYPTO_KHAZAD 466 tristate "Khazad" 484 tristate "Khazad" 467 depends on CRYPTO_USER_API_ENABLE_OBSO 485 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 468 select CRYPTO_ALGAPI 486 select CRYPTO_ALGAPI 469 help 487 help 470 Khazad cipher algorithm 488 Khazad cipher algorithm 471 489 472 Khazad was a finalist in the initial 490 Khazad was a finalist in the initial NESSIE competition. It is 473 an algorithm optimized for 64-bit pr 491 an algorithm optimized for 64-bit processors with good performance 474 on 32-bit processors. Khazad uses a 492 on 32-bit processors. Khazad uses an 128 bit key size. 475 493 476 See https://web.archive.org/web/2017 494 See https://web.archive.org/web/20171011071731/http://www.larc.usp.br/~pbarreto/KhazadPage.html 477 for further information. 495 for further information. 478 496 479 config CRYPTO_SEED 497 config CRYPTO_SEED 480 tristate "SEED" 498 tristate "SEED" 481 depends on CRYPTO_USER_API_ENABLE_OBSO 499 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 482 select CRYPTO_ALGAPI 500 select CRYPTO_ALGAPI 483 help 501 help 484 SEED cipher algorithm (RFC4269, ISO/ 502 SEED cipher algorithm (RFC4269, ISO/IEC 18033-3) 485 503 486 SEED is a 128-bit symmetric key bloc 504 SEED is a 128-bit symmetric key block cipher that has been 487 developed by KISA (Korea Information 505 developed by KISA (Korea Information Security Agency) as a 488 national standard encryption algorit 506 national standard encryption algorithm of the Republic of Korea. 489 It is a 16 round block cipher with t 507 It is a 16 round block cipher with the key size of 128 bit. 490 508 491 See https://seed.kisa.or.kr/kisa/alg 509 See https://seed.kisa.or.kr/kisa/algorithm/EgovSeedInfo.do 492 for further information. 510 for further information. 493 511 494 config CRYPTO_SERPENT 512 config CRYPTO_SERPENT 495 tristate "Serpent" 513 tristate "Serpent" 496 select CRYPTO_ALGAPI 514 select CRYPTO_ALGAPI 497 help 515 help 498 Serpent cipher algorithm, by Anderso 516 Serpent cipher algorithm, by Anderson, Biham & Knudsen 499 517 500 Keys are allowed to be from 0 to 256 518 Keys are allowed to be from 0 to 256 bits in length, in steps 501 of 8 bits. 519 of 8 bits. 502 520 503 See https://www.cl.cam.ac.uk/~rja14/ 521 See https://www.cl.cam.ac.uk/~rja14/serpent.html for further information. 504 522 505 config CRYPTO_SM4 523 config CRYPTO_SM4 506 tristate 524 tristate 507 525 508 config CRYPTO_SM4_GENERIC 526 config CRYPTO_SM4_GENERIC 509 tristate "SM4 (ShangMi 4)" 527 tristate "SM4 (ShangMi 4)" 510 select CRYPTO_ALGAPI 528 select CRYPTO_ALGAPI 511 select CRYPTO_SM4 529 select CRYPTO_SM4 512 help 530 help 513 SM4 cipher algorithms (OSCCA GB/T 32 531 SM4 cipher algorithms (OSCCA GB/T 32907-2016, 514 ISO/IEC 18033-3:2010/Amd 1:2021) 532 ISO/IEC 18033-3:2010/Amd 1:2021) 515 533 516 SM4 (GBT.32907-2016) is a cryptograp 534 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 517 Organization of State Commercial Adm 535 Organization of State Commercial Administration of China (OSCCA) 518 as an authorized cryptographic algor 536 as an authorized cryptographic algorithms for the use within China. 519 537 520 SMS4 was originally created for use 538 SMS4 was originally created for use in protecting wireless 521 networks, and is mandated in the Chi 539 networks, and is mandated in the Chinese National Standard for 522 Wireless LAN WAPI (Wired Authenticat 540 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 523 (GB.15629.11-2003). 541 (GB.15629.11-2003). 524 542 525 The latest SM4 standard (GBT.32907-2 543 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 526 standardized through TC 260 of the S 544 standardized through TC 260 of the Standardization Administration 527 of the People's Republic of China (S 545 of the People's Republic of China (SAC). 528 546 529 The input, output, and key of SMS4 a 547 The input, output, and key of SMS4 are each 128 bits. 530 548 531 See https://eprint.iacr.org/2008/329 549 See https://eprint.iacr.org/2008/329.pdf for further information. 532 550 533 If unsure, say N. 551 If unsure, say N. 534 552 535 config CRYPTO_TEA 553 config CRYPTO_TEA 536 tristate "TEA, XTEA and XETA" 554 tristate "TEA, XTEA and XETA" 537 depends on CRYPTO_USER_API_ENABLE_OBSO 555 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 538 select CRYPTO_ALGAPI 556 select CRYPTO_ALGAPI 539 help 557 help 540 TEA (Tiny Encryption Algorithm) ciph 558 TEA (Tiny Encryption Algorithm) cipher algorithms 541 559 542 Tiny Encryption Algorithm is a simpl 560 Tiny Encryption Algorithm is a simple cipher that uses 543 many rounds for security. It is ver 561 many rounds for security. It is very fast and uses 544 little memory. 562 little memory. 545 563 546 Xtendend Tiny Encryption Algorithm i 564 Xtendend Tiny Encryption Algorithm is a modification to 547 the TEA algorithm to address a poten 565 the TEA algorithm to address a potential key weakness 548 in the TEA algorithm. 566 in the TEA algorithm. 549 567 550 Xtendend Encryption Tiny Algorithm i 568 Xtendend Encryption Tiny Algorithm is a mis-implementation 551 of the XTEA algorithm for compatibil 569 of the XTEA algorithm for compatibility purposes. 552 570 553 config CRYPTO_TWOFISH 571 config CRYPTO_TWOFISH 554 tristate "Twofish" 572 tristate "Twofish" 555 select CRYPTO_ALGAPI 573 select CRYPTO_ALGAPI 556 select CRYPTO_TWOFISH_COMMON 574 select CRYPTO_TWOFISH_COMMON 557 help 575 help 558 Twofish cipher algorithm 576 Twofish cipher algorithm 559 577 560 Twofish was submitted as an AES (Adv 578 Twofish was submitted as an AES (Advanced Encryption Standard) 561 candidate cipher by researchers at C 579 candidate cipher by researchers at CounterPane Systems. It is a 562 16 round block cipher supporting key 580 16 round block cipher supporting key sizes of 128, 192, and 256 563 bits. 581 bits. 564 582 565 See https://www.schneier.com/twofish 583 See https://www.schneier.com/twofish.html for further information. 566 584 567 config CRYPTO_TWOFISH_COMMON 585 config CRYPTO_TWOFISH_COMMON 568 tristate 586 tristate 569 help 587 help 570 Common parts of the Twofish cipher a 588 Common parts of the Twofish cipher algorithm shared by the 571 generic c and the assembler implemen 589 generic c and the assembler implementations. 572 590 573 endmenu 591 endmenu 574 592 575 menu "Length-preserving ciphers and modes" 593 menu "Length-preserving ciphers and modes" 576 594 577 config CRYPTO_ADIANTUM 595 config CRYPTO_ADIANTUM 578 tristate "Adiantum" 596 tristate "Adiantum" 579 select CRYPTO_CHACHA20 597 select CRYPTO_CHACHA20 580 select CRYPTO_LIB_POLY1305_GENERIC 598 select CRYPTO_LIB_POLY1305_GENERIC 581 select CRYPTO_NHPOLY1305 599 select CRYPTO_NHPOLY1305 582 select CRYPTO_MANAGER 600 select CRYPTO_MANAGER 583 help 601 help 584 Adiantum tweakable, length-preservin 602 Adiantum tweakable, length-preserving encryption mode 585 603 586 Designed for fast and secure disk en 604 Designed for fast and secure disk encryption, especially on 587 CPUs without dedicated crypto instru 605 CPUs without dedicated crypto instructions. It encrypts 588 each sector using the XChaCha12 stre 606 each sector using the XChaCha12 stream cipher, two passes of 589 an ε-almost-∆-universal hash func 607 an ε-almost-∆-universal hash function, and an invocation of 590 the AES-256 block cipher on a single 608 the AES-256 block cipher on a single 16-byte block. On CPUs 591 without AES instructions, Adiantum i 609 without AES instructions, Adiantum is much faster than 592 AES-XTS. 610 AES-XTS. 593 611 594 Adiantum's security is provably redu 612 Adiantum's security is provably reducible to that of its 595 underlying stream and block ciphers, 613 underlying stream and block ciphers, subject to a security 596 bound. Unlike XTS, Adiantum is a tr 614 bound. Unlike XTS, Adiantum is a true wide-block encryption 597 mode, so it actually provides an eve 615 mode, so it actually provides an even stronger notion of 598 security than XTS, subject to the se 616 security than XTS, subject to the security bound. 599 617 600 If unsure, say N. 618 If unsure, say N. 601 619 602 config CRYPTO_ARC4 620 config CRYPTO_ARC4 603 tristate "ARC4 (Alleged Rivest Cipher 621 tristate "ARC4 (Alleged Rivest Cipher 4)" 604 depends on CRYPTO_USER_API_ENABLE_OBSO 622 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 605 select CRYPTO_SKCIPHER 623 select CRYPTO_SKCIPHER 606 select CRYPTO_LIB_ARC4 624 select CRYPTO_LIB_ARC4 607 help 625 help 608 ARC4 cipher algorithm 626 ARC4 cipher algorithm 609 627 610 ARC4 is a stream cipher using keys r 628 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 611 bits in length. This algorithm is r 629 bits in length. This algorithm is required for driver-based 612 WEP, but it should not be for other 630 WEP, but it should not be for other purposes because of the 613 weakness of the algorithm. 631 weakness of the algorithm. 614 632 615 config CRYPTO_CHACHA20 633 config CRYPTO_CHACHA20 616 tristate "ChaCha" 634 tristate "ChaCha" 617 select CRYPTO_LIB_CHACHA_GENERIC 635 select CRYPTO_LIB_CHACHA_GENERIC 618 select CRYPTO_SKCIPHER 636 select CRYPTO_SKCIPHER 619 help 637 help 620 The ChaCha20, XChaCha20, and XChaCha 638 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms 621 639 622 ChaCha20 is a 256-bit high-speed str 640 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 623 Bernstein and further specified in R 641 Bernstein and further specified in RFC7539 for use in IETF protocols. 624 This is the portable C implementatio 642 This is the portable C implementation of ChaCha20. See 625 https://cr.yp.to/chacha/chacha-20080 643 https://cr.yp.to/chacha/chacha-20080128.pdf for further information. 626 644 627 XChaCha20 is the application of the 645 XChaCha20 is the application of the XSalsa20 construction to ChaCha20 628 rather than to Salsa20. XChaCha20 e 646 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 629 from 64 bits (or 96 bits using the R 647 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 630 while provably retaining ChaCha20's 648 while provably retaining ChaCha20's security. See 631 https://cr.yp.to/snuffle/xsalsa-2008 649 https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information. 632 650 633 XChaCha12 is XChaCha20 reduced to 12 651 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 634 reduced security margin but increase 652 reduced security margin but increased performance. It can be needed 635 in some performance-sensitive scenar 653 in some performance-sensitive scenarios. 636 654 637 config CRYPTO_CBC 655 config CRYPTO_CBC 638 tristate "CBC (Cipher Block Chaining)" 656 tristate "CBC (Cipher Block Chaining)" 639 select CRYPTO_SKCIPHER 657 select CRYPTO_SKCIPHER 640 select CRYPTO_MANAGER 658 select CRYPTO_MANAGER 641 help 659 help 642 CBC (Cipher Block Chaining) mode (NI 660 CBC (Cipher Block Chaining) mode (NIST SP800-38A) 643 661 644 This block cipher mode is required f 662 This block cipher mode is required for IPSec ESP (XFRM_ESP). 645 663 >> 664 config CRYPTO_CFB >> 665 tristate "CFB (Cipher Feedback)" >> 666 select CRYPTO_SKCIPHER >> 667 select CRYPTO_MANAGER >> 668 help >> 669 CFB (Cipher Feedback) mode (NIST SP800-38A) >> 670 >> 671 This block cipher mode is required for TPM2 Cryptography. >> 672 646 config CRYPTO_CTR 673 config CRYPTO_CTR 647 tristate "CTR (Counter)" 674 tristate "CTR (Counter)" 648 select CRYPTO_SKCIPHER 675 select CRYPTO_SKCIPHER 649 select CRYPTO_MANAGER 676 select CRYPTO_MANAGER 650 help 677 help 651 CTR (Counter) mode (NIST SP800-38A) 678 CTR (Counter) mode (NIST SP800-38A) 652 679 653 config CRYPTO_CTS 680 config CRYPTO_CTS 654 tristate "CTS (Cipher Text Stealing)" 681 tristate "CTS (Cipher Text Stealing)" 655 select CRYPTO_SKCIPHER 682 select CRYPTO_SKCIPHER 656 select CRYPTO_MANAGER 683 select CRYPTO_MANAGER 657 help 684 help 658 CBC-CS3 variant of CTS (Cipher Text 685 CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST 659 Addendum to SP800-38A (October 2010) 686 Addendum to SP800-38A (October 2010)) 660 687 661 This mode is required for Kerberos g 688 This mode is required for Kerberos gss mechanism support 662 for AES encryption. 689 for AES encryption. 663 690 664 config CRYPTO_ECB 691 config CRYPTO_ECB 665 tristate "ECB (Electronic Codebook)" 692 tristate "ECB (Electronic Codebook)" 666 select CRYPTO_SKCIPHER2 693 select CRYPTO_SKCIPHER2 667 select CRYPTO_MANAGER 694 select CRYPTO_MANAGER 668 help 695 help 669 ECB (Electronic Codebook) mode (NIST 696 ECB (Electronic Codebook) mode (NIST SP800-38A) 670 697 671 config CRYPTO_HCTR2 698 config CRYPTO_HCTR2 672 tristate "HCTR2" 699 tristate "HCTR2" 673 select CRYPTO_XCTR 700 select CRYPTO_XCTR 674 select CRYPTO_POLYVAL 701 select CRYPTO_POLYVAL 675 select CRYPTO_MANAGER 702 select CRYPTO_MANAGER 676 help 703 help 677 HCTR2 length-preserving encryption m 704 HCTR2 length-preserving encryption mode 678 705 679 A mode for storage encryption that i 706 A mode for storage encryption that is efficient on processors with 680 instructions to accelerate AES and c 707 instructions to accelerate AES and carryless multiplication, e.g. 681 x86 processors with AES-NI and CLMUL 708 x86 processors with AES-NI and CLMUL, and ARM processors with the 682 ARMv8 crypto extensions. 709 ARMv8 crypto extensions. 683 710 684 See https://eprint.iacr.org/2021/144 711 See https://eprint.iacr.org/2021/1441 685 712 686 config CRYPTO_KEYWRAP 713 config CRYPTO_KEYWRAP 687 tristate "KW (AES Key Wrap)" 714 tristate "KW (AES Key Wrap)" 688 select CRYPTO_SKCIPHER 715 select CRYPTO_SKCIPHER 689 select CRYPTO_MANAGER 716 select CRYPTO_MANAGER 690 help 717 help 691 KW (AES Key Wrap) authenticated encr 718 KW (AES Key Wrap) authenticated encryption mode (NIST SP800-38F 692 and RFC3394) without padding. 719 and RFC3394) without padding. 693 720 694 config CRYPTO_LRW 721 config CRYPTO_LRW 695 tristate "LRW (Liskov Rivest Wagner)" 722 tristate "LRW (Liskov Rivest Wagner)" 696 select CRYPTO_LIB_GF128MUL 723 select CRYPTO_LIB_GF128MUL 697 select CRYPTO_SKCIPHER 724 select CRYPTO_SKCIPHER 698 select CRYPTO_MANAGER 725 select CRYPTO_MANAGER 699 select CRYPTO_ECB 726 select CRYPTO_ECB 700 help 727 help 701 LRW (Liskov Rivest Wagner) mode 728 LRW (Liskov Rivest Wagner) mode 702 729 703 A tweakable, non malleable, non mova 730 A tweakable, non malleable, non movable 704 narrow block cipher mode for dm-cryp 731 narrow block cipher mode for dm-crypt. Use it with cipher 705 specification string aes-lrw-benbi, 732 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 706 The first 128, 192 or 256 bits in th 733 The first 128, 192 or 256 bits in the key are used for AES and the 707 rest is used to tie each cipher bloc 734 rest is used to tie each cipher block to its logical position. 708 735 709 See https://people.csail.mit.edu/riv 736 See https://people.csail.mit.edu/rivest/pubs/LRW02.pdf 710 737 >> 738 config CRYPTO_OFB >> 739 tristate "OFB (Output Feedback)" >> 740 select CRYPTO_SKCIPHER >> 741 select CRYPTO_MANAGER >> 742 help >> 743 OFB (Output Feedback) mode (NIST SP800-38A) >> 744 >> 745 This mode makes a block cipher into a synchronous >> 746 stream cipher. It generates keystream blocks, which are then XORed >> 747 with the plaintext blocks to get the ciphertext. Flipping a bit in the >> 748 ciphertext produces a flipped bit in the plaintext at the same >> 749 location. This property allows many error correcting codes to function >> 750 normally even when applied before encryption. >> 751 711 config CRYPTO_PCBC 752 config CRYPTO_PCBC 712 tristate "PCBC (Propagating Cipher Blo 753 tristate "PCBC (Propagating Cipher Block Chaining)" 713 select CRYPTO_SKCIPHER 754 select CRYPTO_SKCIPHER 714 select CRYPTO_MANAGER 755 select CRYPTO_MANAGER 715 help 756 help 716 PCBC (Propagating Cipher Block Chain 757 PCBC (Propagating Cipher Block Chaining) mode 717 758 718 This block cipher mode is required f 759 This block cipher mode is required for RxRPC. 719 760 720 config CRYPTO_XCTR 761 config CRYPTO_XCTR 721 tristate 762 tristate 722 select CRYPTO_SKCIPHER 763 select CRYPTO_SKCIPHER 723 select CRYPTO_MANAGER 764 select CRYPTO_MANAGER 724 help 765 help 725 XCTR (XOR Counter) mode for HCTR2 766 XCTR (XOR Counter) mode for HCTR2 726 767 727 This blockcipher mode is a variant o 768 This blockcipher mode is a variant of CTR mode using XORs and little-endian 728 addition rather than big-endian arit 769 addition rather than big-endian arithmetic. 729 770 730 XCTR mode is used to implement HCTR2 771 XCTR mode is used to implement HCTR2. 731 772 732 config CRYPTO_XTS 773 config CRYPTO_XTS 733 tristate "XTS (XOR Encrypt XOR with ci 774 tristate "XTS (XOR Encrypt XOR with ciphertext stealing)" 734 select CRYPTO_SKCIPHER 775 select CRYPTO_SKCIPHER 735 select CRYPTO_MANAGER 776 select CRYPTO_MANAGER 736 select CRYPTO_ECB 777 select CRYPTO_ECB 737 help 778 help 738 XTS (XOR Encrypt XOR with ciphertext 779 XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E 739 and IEEE 1619) 780 and IEEE 1619) 740 781 741 Use with aes-xts-plain, key size 256 782 Use with aes-xts-plain, key size 256, 384 or 512 bits. This 742 implementation currently can't handl 783 implementation currently can't handle a sectorsize which is not a 743 multiple of 16 bytes. 784 multiple of 16 bytes. 744 785 745 config CRYPTO_NHPOLY1305 786 config CRYPTO_NHPOLY1305 746 tristate 787 tristate 747 select CRYPTO_HASH 788 select CRYPTO_HASH 748 select CRYPTO_LIB_POLY1305_GENERIC 789 select CRYPTO_LIB_POLY1305_GENERIC 749 790 750 endmenu 791 endmenu 751 792 752 menu "AEAD (authenticated encryption with asso 793 menu "AEAD (authenticated encryption with associated data) ciphers" 753 794 754 config CRYPTO_AEGIS128 795 config CRYPTO_AEGIS128 755 tristate "AEGIS-128" 796 tristate "AEGIS-128" 756 select CRYPTO_AEAD 797 select CRYPTO_AEAD 757 select CRYPTO_AES # for AES S-box tab 798 select CRYPTO_AES # for AES S-box tables 758 help 799 help 759 AEGIS-128 AEAD algorithm 800 AEGIS-128 AEAD algorithm 760 801 761 config CRYPTO_AEGIS128_SIMD 802 config CRYPTO_AEGIS128_SIMD 762 bool "AEGIS-128 (arm NEON, arm64 NEON) 803 bool "AEGIS-128 (arm NEON, arm64 NEON)" 763 depends on CRYPTO_AEGIS128 && ((ARM || 804 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) 764 default y 805 default y 765 help 806 help 766 AEGIS-128 AEAD algorithm 807 AEGIS-128 AEAD algorithm 767 808 768 Architecture: arm or arm64 using: 809 Architecture: arm or arm64 using: 769 - NEON (Advanced SIMD) extension 810 - NEON (Advanced SIMD) extension 770 811 771 config CRYPTO_CHACHA20POLY1305 812 config CRYPTO_CHACHA20POLY1305 772 tristate "ChaCha20-Poly1305" 813 tristate "ChaCha20-Poly1305" 773 select CRYPTO_CHACHA20 814 select CRYPTO_CHACHA20 774 select CRYPTO_POLY1305 815 select CRYPTO_POLY1305 775 select CRYPTO_AEAD 816 select CRYPTO_AEAD 776 select CRYPTO_MANAGER 817 select CRYPTO_MANAGER 777 help 818 help 778 ChaCha20 stream cipher and Poly1305 819 ChaCha20 stream cipher and Poly1305 authenticator combined 779 mode (RFC8439) 820 mode (RFC8439) 780 821 781 config CRYPTO_CCM 822 config CRYPTO_CCM 782 tristate "CCM (Counter with Cipher Blo 823 tristate "CCM (Counter with Cipher Block Chaining-MAC)" 783 select CRYPTO_CTR 824 select CRYPTO_CTR 784 select CRYPTO_HASH 825 select CRYPTO_HASH 785 select CRYPTO_AEAD 826 select CRYPTO_AEAD 786 select CRYPTO_MANAGER 827 select CRYPTO_MANAGER 787 help 828 help 788 CCM (Counter with Cipher Block Chain 829 CCM (Counter with Cipher Block Chaining-Message Authentication Code) 789 authenticated encryption mode (NIST 830 authenticated encryption mode (NIST SP800-38C) 790 831 791 config CRYPTO_GCM 832 config CRYPTO_GCM 792 tristate "GCM (Galois/Counter Mode) an 833 tristate "GCM (Galois/Counter Mode) and GMAC (GCM MAC)" 793 select CRYPTO_CTR 834 select CRYPTO_CTR 794 select CRYPTO_AEAD 835 select CRYPTO_AEAD 795 select CRYPTO_GHASH 836 select CRYPTO_GHASH 796 select CRYPTO_NULL 837 select CRYPTO_NULL 797 select CRYPTO_MANAGER 838 select CRYPTO_MANAGER 798 help 839 help 799 GCM (Galois/Counter Mode) authentica 840 GCM (Galois/Counter Mode) authenticated encryption mode and GMAC 800 (GCM Message Authentication Code) (N 841 (GCM Message Authentication Code) (NIST SP800-38D) 801 842 802 This is required for IPSec ESP (XFRM 843 This is required for IPSec ESP (XFRM_ESP). 803 844 804 config CRYPTO_GENIV 845 config CRYPTO_GENIV 805 tristate 846 tristate 806 select CRYPTO_AEAD 847 select CRYPTO_AEAD 807 select CRYPTO_NULL 848 select CRYPTO_NULL 808 select CRYPTO_MANAGER 849 select CRYPTO_MANAGER 809 select CRYPTO_RNG_DEFAULT 850 select CRYPTO_RNG_DEFAULT 810 851 811 config CRYPTO_SEQIV 852 config CRYPTO_SEQIV 812 tristate "Sequence Number IV Generator 853 tristate "Sequence Number IV Generator" 813 select CRYPTO_GENIV 854 select CRYPTO_GENIV 814 help 855 help 815 Sequence Number IV generator 856 Sequence Number IV generator 816 857 817 This IV generator generates an IV ba 858 This IV generator generates an IV based on a sequence number by 818 xoring it with a salt. This algorit 859 xoring it with a salt. This algorithm is mainly useful for CTR. 819 860 820 This is required for IPsec ESP (XFRM 861 This is required for IPsec ESP (XFRM_ESP). 821 862 822 config CRYPTO_ECHAINIV 863 config CRYPTO_ECHAINIV 823 tristate "Encrypted Chain IV Generator 864 tristate "Encrypted Chain IV Generator" 824 select CRYPTO_GENIV 865 select CRYPTO_GENIV 825 help 866 help 826 Encrypted Chain IV generator 867 Encrypted Chain IV generator 827 868 828 This IV generator generates an IV ba 869 This IV generator generates an IV based on the encryption of 829 a sequence number xored with a salt. 870 a sequence number xored with a salt. This is the default 830 algorithm for CBC. 871 algorithm for CBC. 831 872 832 config CRYPTO_ESSIV 873 config CRYPTO_ESSIV 833 tristate "Encrypted Salt-Sector IV Gen 874 tristate "Encrypted Salt-Sector IV Generator" 834 select CRYPTO_AUTHENC 875 select CRYPTO_AUTHENC 835 help 876 help 836 Encrypted Salt-Sector IV generator 877 Encrypted Salt-Sector IV generator 837 878 838 This IV generator is used in some ca 879 This IV generator is used in some cases by fscrypt and/or 839 dm-crypt. It uses the hash of the bl 880 dm-crypt. It uses the hash of the block encryption key as the 840 symmetric key for a block encryption 881 symmetric key for a block encryption pass applied to the input 841 IV, making low entropy IV sources mo 882 IV, making low entropy IV sources more suitable for block 842 encryption. 883 encryption. 843 884 844 This driver implements a crypto API 885 This driver implements a crypto API template that can be 845 instantiated either as an skcipher o 886 instantiated either as an skcipher or as an AEAD (depending on the 846 type of the first template argument) 887 type of the first template argument), and which defers encryption 847 and decryption requests to the encap 888 and decryption requests to the encapsulated cipher after applying 848 ESSIV to the input IV. Note that in 889 ESSIV to the input IV. Note that in the AEAD case, it is assumed 849 that the keys are presented in the s 890 that the keys are presented in the same format used by the authenc 850 template, and that the IV appears at 891 template, and that the IV appears at the end of the authenticated 851 associated data (AAD) region (which 892 associated data (AAD) region (which is how dm-crypt uses it.) 852 893 853 Note that the use of ESSIV is not re 894 Note that the use of ESSIV is not recommended for new deployments, 854 and so this only needs to be enabled 895 and so this only needs to be enabled when interoperability with 855 existing encrypted volumes of filesy 896 existing encrypted volumes of filesystems is required, or when 856 building for a particular system tha 897 building for a particular system that requires it (e.g., when 857 the SoC in question has accelerated 898 the SoC in question has accelerated CBC but not XTS, making CBC 858 combined with ESSIV the only feasibl 899 combined with ESSIV the only feasible mode for h/w accelerated 859 block encryption) 900 block encryption) 860 901 861 endmenu 902 endmenu 862 903 863 menu "Hashes, digests, and MACs" 904 menu "Hashes, digests, and MACs" 864 905 865 config CRYPTO_BLAKE2B 906 config CRYPTO_BLAKE2B 866 tristate "BLAKE2b" 907 tristate "BLAKE2b" 867 select CRYPTO_HASH 908 select CRYPTO_HASH 868 help 909 help 869 BLAKE2b cryptographic hash function 910 BLAKE2b cryptographic hash function (RFC 7693) 870 911 871 BLAKE2b is optimized for 64-bit plat 912 BLAKE2b is optimized for 64-bit platforms and can produce digests 872 of any size between 1 and 64 bytes. 913 of any size between 1 and 64 bytes. The keyed hash is also implemented. 873 914 874 This module provides the following a 915 This module provides the following algorithms: 875 - blake2b-160 916 - blake2b-160 876 - blake2b-256 917 - blake2b-256 877 - blake2b-384 918 - blake2b-384 878 - blake2b-512 919 - blake2b-512 879 920 880 Used by the btrfs filesystem. 921 Used by the btrfs filesystem. 881 922 882 See https://blake2.net for further i 923 See https://blake2.net for further information. 883 924 884 config CRYPTO_CMAC 925 config CRYPTO_CMAC 885 tristate "CMAC (Cipher-based MAC)" 926 tristate "CMAC (Cipher-based MAC)" 886 select CRYPTO_HASH 927 select CRYPTO_HASH 887 select CRYPTO_MANAGER 928 select CRYPTO_MANAGER 888 help 929 help 889 CMAC (Cipher-based Message Authentic 930 CMAC (Cipher-based Message Authentication Code) authentication 890 mode (NIST SP800-38B and IETF RFC449 931 mode (NIST SP800-38B and IETF RFC4493) 891 932 892 config CRYPTO_GHASH 933 config CRYPTO_GHASH 893 tristate "GHASH" 934 tristate "GHASH" 894 select CRYPTO_HASH 935 select CRYPTO_HASH 895 select CRYPTO_LIB_GF128MUL 936 select CRYPTO_LIB_GF128MUL 896 help 937 help 897 GCM GHASH function (NIST SP800-38D) 938 GCM GHASH function (NIST SP800-38D) 898 939 899 config CRYPTO_HMAC 940 config CRYPTO_HMAC 900 tristate "HMAC (Keyed-Hash MAC)" 941 tristate "HMAC (Keyed-Hash MAC)" 901 select CRYPTO_HASH 942 select CRYPTO_HASH 902 select CRYPTO_MANAGER 943 select CRYPTO_MANAGER 903 help 944 help 904 HMAC (Keyed-Hash Message Authenticat 945 HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and 905 RFC2104) 946 RFC2104) 906 947 907 This is required for IPsec AH (XFRM_ 948 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP). 908 949 909 config CRYPTO_MD4 950 config CRYPTO_MD4 910 tristate "MD4" 951 tristate "MD4" 911 select CRYPTO_HASH 952 select CRYPTO_HASH 912 help 953 help 913 MD4 message digest algorithm (RFC132 954 MD4 message digest algorithm (RFC1320) 914 955 915 config CRYPTO_MD5 956 config CRYPTO_MD5 916 tristate "MD5" 957 tristate "MD5" 917 select CRYPTO_HASH 958 select CRYPTO_HASH 918 help 959 help 919 MD5 message digest algorithm (RFC132 960 MD5 message digest algorithm (RFC1321) 920 961 921 config CRYPTO_MICHAEL_MIC 962 config CRYPTO_MICHAEL_MIC 922 tristate "Michael MIC" 963 tristate "Michael MIC" 923 select CRYPTO_HASH 964 select CRYPTO_HASH 924 help 965 help 925 Michael MIC (Message Integrity Code) 966 Michael MIC (Message Integrity Code) (IEEE 802.11i) 926 967 927 Defined by the IEEE 802.11i TKIP (Te 968 Defined by the IEEE 802.11i TKIP (Temporal Key Integrity Protocol), 928 known as WPA (Wif-Fi Protected Acces 969 known as WPA (Wif-Fi Protected Access). 929 970 930 This algorithm is required for TKIP, 971 This algorithm is required for TKIP, but it should not be used for 931 other purposes because of the weakne 972 other purposes because of the weakness of the algorithm. 932 973 933 config CRYPTO_POLYVAL 974 config CRYPTO_POLYVAL 934 tristate 975 tristate 935 select CRYPTO_HASH 976 select CRYPTO_HASH 936 select CRYPTO_LIB_GF128MUL 977 select CRYPTO_LIB_GF128MUL 937 help 978 help 938 POLYVAL hash function for HCTR2 979 POLYVAL hash function for HCTR2 939 980 940 This is used in HCTR2. It is not a 981 This is used in HCTR2. It is not a general-purpose 941 cryptographic hash function. 982 cryptographic hash function. 942 983 943 config CRYPTO_POLY1305 984 config CRYPTO_POLY1305 944 tristate "Poly1305" 985 tristate "Poly1305" 945 select CRYPTO_HASH 986 select CRYPTO_HASH 946 select CRYPTO_LIB_POLY1305_GENERIC 987 select CRYPTO_LIB_POLY1305_GENERIC 947 help 988 help 948 Poly1305 authenticator algorithm (RF 989 Poly1305 authenticator algorithm (RFC7539) 949 990 950 Poly1305 is an authenticator algorit 991 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 951 It is used for the ChaCha20-Poly1305 992 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 952 in IETF protocols. This is the porta 993 in IETF protocols. This is the portable C implementation of Poly1305. 953 994 954 config CRYPTO_RMD160 995 config CRYPTO_RMD160 955 tristate "RIPEMD-160" 996 tristate "RIPEMD-160" 956 select CRYPTO_HASH 997 select CRYPTO_HASH 957 help 998 help 958 RIPEMD-160 hash function (ISO/IEC 10 999 RIPEMD-160 hash function (ISO/IEC 10118-3) 959 1000 960 RIPEMD-160 is a 160-bit cryptographi 1001 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 961 to be used as a secure replacement f 1002 to be used as a secure replacement for the 128-bit hash functions 962 MD4, MD5 and its predecessor RIPEMD 1003 MD4, MD5 and its predecessor RIPEMD 963 (not to be confused with RIPEMD-128) 1004 (not to be confused with RIPEMD-128). 964 1005 965 Its speed is comparable to SHA-1 and 1006 Its speed is comparable to SHA-1 and there are no known attacks 966 against RIPEMD-160. 1007 against RIPEMD-160. 967 1008 968 Developed by Hans Dobbertin, Antoon 1009 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 969 See https://homes.esat.kuleuven.be/~ 1010 See https://homes.esat.kuleuven.be/~bosselae/ripemd160.html 970 for further information. 1011 for further information. 971 1012 972 config CRYPTO_SHA1 1013 config CRYPTO_SHA1 973 tristate "SHA-1" 1014 tristate "SHA-1" 974 select CRYPTO_HASH 1015 select CRYPTO_HASH 975 select CRYPTO_LIB_SHA1 1016 select CRYPTO_LIB_SHA1 976 help 1017 help 977 SHA-1 secure hash algorithm (FIPS 18 1018 SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3) 978 1019 979 config CRYPTO_SHA256 1020 config CRYPTO_SHA256 980 tristate "SHA-224 and SHA-256" 1021 tristate "SHA-224 and SHA-256" 981 select CRYPTO_HASH 1022 select CRYPTO_HASH 982 select CRYPTO_LIB_SHA256 1023 select CRYPTO_LIB_SHA256 983 help 1024 help 984 SHA-224 and SHA-256 secure hash algo 1025 SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 10118-3) 985 1026 986 This is required for IPsec AH (XFRM_ 1027 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP). 987 Used by the btrfs filesystem, Ceph, 1028 Used by the btrfs filesystem, Ceph, NFS, and SMB. 988 1029 989 config CRYPTO_SHA512 1030 config CRYPTO_SHA512 990 tristate "SHA-384 and SHA-512" 1031 tristate "SHA-384 and SHA-512" 991 select CRYPTO_HASH 1032 select CRYPTO_HASH 992 help 1033 help 993 SHA-384 and SHA-512 secure hash algo 1034 SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 10118-3) 994 1035 995 config CRYPTO_SHA3 1036 config CRYPTO_SHA3 996 tristate "SHA-3" 1037 tristate "SHA-3" 997 select CRYPTO_HASH 1038 select CRYPTO_HASH 998 help 1039 help 999 SHA-3 secure hash algorithms (FIPS 2 1040 SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3) 1000 1041 1001 config CRYPTO_SM3 1042 config CRYPTO_SM3 1002 tristate 1043 tristate 1003 1044 1004 config CRYPTO_SM3_GENERIC 1045 config CRYPTO_SM3_GENERIC 1005 tristate "SM3 (ShangMi 3)" 1046 tristate "SM3 (ShangMi 3)" 1006 select CRYPTO_HASH 1047 select CRYPTO_HASH 1007 select CRYPTO_SM3 1048 select CRYPTO_SM3 1008 help 1049 help 1009 SM3 (ShangMi 3) secure hash functio 1050 SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3) 1010 1051 1011 This is part of the Chinese Commerc 1052 This is part of the Chinese Commercial Cryptography suite. 1012 1053 1013 References: 1054 References: 1014 http://www.oscca.gov.cn/UpFile/2010 1055 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 1015 https://datatracker.ietf.org/doc/ht 1056 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 1016 1057 1017 config CRYPTO_STREEBOG 1058 config CRYPTO_STREEBOG 1018 tristate "Streebog" 1059 tristate "Streebog" 1019 select CRYPTO_HASH 1060 select CRYPTO_HASH 1020 help 1061 help 1021 Streebog Hash Function (GOST R 34.1 1062 Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3) 1022 1063 1023 This is one of the Russian cryptogr 1064 This is one of the Russian cryptographic standard algorithms (called 1024 GOST algorithms). This setting enab 1065 GOST algorithms). This setting enables two hash algorithms with 1025 256 and 512 bits output. 1066 256 and 512 bits output. 1026 1067 1027 References: 1068 References: 1028 https://tc26.ru/upload/iblock/fed/f 1069 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 1029 https://tools.ietf.org/html/rfc6986 1070 https://tools.ietf.org/html/rfc6986 1030 1071 1031 config CRYPTO_VMAC 1072 config CRYPTO_VMAC 1032 tristate "VMAC" 1073 tristate "VMAC" 1033 select CRYPTO_HASH 1074 select CRYPTO_HASH 1034 select CRYPTO_MANAGER 1075 select CRYPTO_MANAGER 1035 help 1076 help 1036 VMAC is a message authentication al 1077 VMAC is a message authentication algorithm designed for 1037 very high speed on 64-bit architect 1078 very high speed on 64-bit architectures. 1038 1079 1039 See https://fastcrypto.org/vmac for 1080 See https://fastcrypto.org/vmac for further information. 1040 1081 1041 config CRYPTO_WP512 1082 config CRYPTO_WP512 1042 tristate "Whirlpool" 1083 tristate "Whirlpool" 1043 select CRYPTO_HASH 1084 select CRYPTO_HASH 1044 help 1085 help 1045 Whirlpool hash function (ISO/IEC 10 1086 Whirlpool hash function (ISO/IEC 10118-3) 1046 1087 1047 512, 384 and 256-bit hashes. 1088 512, 384 and 256-bit hashes. 1048 1089 1049 Whirlpool-512 is part of the NESSIE 1090 Whirlpool-512 is part of the NESSIE cryptographic primitives. 1050 1091 1051 See https://web.archive.org/web/201 1092 See https://web.archive.org/web/20171129084214/http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html 1052 for further information. 1093 for further information. 1053 1094 1054 config CRYPTO_XCBC 1095 config CRYPTO_XCBC 1055 tristate "XCBC-MAC (Extended Cipher B 1096 tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)" 1056 select CRYPTO_HASH 1097 select CRYPTO_HASH 1057 select CRYPTO_MANAGER 1098 select CRYPTO_MANAGER 1058 help 1099 help 1059 XCBC-MAC (Extended Cipher Block Cha 1100 XCBC-MAC (Extended Cipher Block Chaining Message Authentication 1060 Code) (RFC3566) 1101 Code) (RFC3566) 1061 1102 1062 config CRYPTO_XXHASH 1103 config CRYPTO_XXHASH 1063 tristate "xxHash" 1104 tristate "xxHash" 1064 select CRYPTO_HASH 1105 select CRYPTO_HASH 1065 select XXHASH 1106 select XXHASH 1066 help 1107 help 1067 xxHash non-cryptographic hash algor 1108 xxHash non-cryptographic hash algorithm 1068 1109 1069 Extremely fast, working at speeds c 1110 Extremely fast, working at speeds close to RAM limits. 1070 1111 1071 Used by the btrfs filesystem. 1112 Used by the btrfs filesystem. 1072 1113 1073 endmenu 1114 endmenu 1074 1115 1075 menu "CRCs (cyclic redundancy checks)" 1116 menu "CRCs (cyclic redundancy checks)" 1076 1117 1077 config CRYPTO_CRC32C 1118 config CRYPTO_CRC32C 1078 tristate "CRC32c" 1119 tristate "CRC32c" 1079 select CRYPTO_HASH 1120 select CRYPTO_HASH 1080 select CRC32 1121 select CRC32 1081 help 1122 help 1082 CRC32c CRC algorithm with the iSCSI 1123 CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720) 1083 1124 1084 A 32-bit CRC (cyclic redundancy che 1125 A 32-bit CRC (cyclic redundancy check) with a polynomial defined 1085 by G. Castagnoli, S. Braeuer and M. 1126 by G. Castagnoli, S. Braeuer and M. Herrman in "Optimization of Cyclic 1086 Redundancy-Check Codes with 24 and 1127 Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions 1087 on Communications, Vol. 41, No. 6, 1128 on Communications, Vol. 41, No. 6, June 1993, selected for use with 1088 iSCSI. 1129 iSCSI. 1089 1130 1090 Used by btrfs, ext4, jbd2, NVMeoF/T 1131 Used by btrfs, ext4, jbd2, NVMeoF/TCP, and iSCSI. 1091 1132 1092 config CRYPTO_CRC32 1133 config CRYPTO_CRC32 1093 tristate "CRC32" 1134 tristate "CRC32" 1094 select CRYPTO_HASH 1135 select CRYPTO_HASH 1095 select CRC32 1136 select CRC32 1096 help 1137 help 1097 CRC32 CRC algorithm (IEEE 802.3) 1138 CRC32 CRC algorithm (IEEE 802.3) 1098 1139 1099 Used by RoCEv2 and f2fs. 1140 Used by RoCEv2 and f2fs. 1100 1141 1101 config CRYPTO_CRCT10DIF 1142 config CRYPTO_CRCT10DIF 1102 tristate "CRCT10DIF" 1143 tristate "CRCT10DIF" 1103 select CRYPTO_HASH 1144 select CRYPTO_HASH 1104 help 1145 help 1105 CRC16 CRC algorithm used for the T1 1146 CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF) 1106 1147 1107 CRC algorithm used by the SCSI Bloc 1148 CRC algorithm used by the SCSI Block Commands standard. 1108 1149 1109 config CRYPTO_CRC64_ROCKSOFT 1150 config CRYPTO_CRC64_ROCKSOFT 1110 tristate "CRC64 based on Rocksoft Mod 1151 tristate "CRC64 based on Rocksoft Model algorithm" 1111 depends on CRC64 1152 depends on CRC64 1112 select CRYPTO_HASH 1153 select CRYPTO_HASH 1113 help 1154 help 1114 CRC64 CRC algorithm based on the Ro 1155 CRC64 CRC algorithm based on the Rocksoft Model CRC Algorithm 1115 1156 1116 Used by the NVMe implementation of 1157 Used by the NVMe implementation of T10 DIF (BLK_DEV_INTEGRITY) 1117 1158 1118 See https://zlib.net/crc_v3.txt 1159 See https://zlib.net/crc_v3.txt 1119 1160 1120 endmenu 1161 endmenu 1121 1162 1122 menu "Compression" 1163 menu "Compression" 1123 1164 1124 config CRYPTO_DEFLATE 1165 config CRYPTO_DEFLATE 1125 tristate "Deflate" 1166 tristate "Deflate" 1126 select CRYPTO_ALGAPI 1167 select CRYPTO_ALGAPI 1127 select CRYPTO_ACOMP2 1168 select CRYPTO_ACOMP2 1128 select ZLIB_INFLATE 1169 select ZLIB_INFLATE 1129 select ZLIB_DEFLATE 1170 select ZLIB_DEFLATE 1130 help 1171 help 1131 Deflate compression algorithm (RFC1 1172 Deflate compression algorithm (RFC1951) 1132 1173 1133 Used by IPSec with the IPCOMP proto 1174 Used by IPSec with the IPCOMP protocol (RFC3173, RFC2394) 1134 1175 1135 config CRYPTO_LZO 1176 config CRYPTO_LZO 1136 tristate "LZO" 1177 tristate "LZO" 1137 select CRYPTO_ALGAPI 1178 select CRYPTO_ALGAPI 1138 select CRYPTO_ACOMP2 1179 select CRYPTO_ACOMP2 1139 select LZO_COMPRESS 1180 select LZO_COMPRESS 1140 select LZO_DECOMPRESS 1181 select LZO_DECOMPRESS 1141 help 1182 help 1142 LZO compression algorithm 1183 LZO compression algorithm 1143 1184 1144 See https://www.oberhumer.com/opens 1185 See https://www.oberhumer.com/opensource/lzo/ for further information. 1145 1186 1146 config CRYPTO_842 1187 config CRYPTO_842 1147 tristate "842" 1188 tristate "842" 1148 select CRYPTO_ALGAPI 1189 select CRYPTO_ALGAPI 1149 select CRYPTO_ACOMP2 1190 select CRYPTO_ACOMP2 1150 select 842_COMPRESS 1191 select 842_COMPRESS 1151 select 842_DECOMPRESS 1192 select 842_DECOMPRESS 1152 help 1193 help 1153 842 compression algorithm by IBM 1194 842 compression algorithm by IBM 1154 1195 1155 See https://github.com/plauth/lib84 1196 See https://github.com/plauth/lib842 for further information. 1156 1197 1157 config CRYPTO_LZ4 1198 config CRYPTO_LZ4 1158 tristate "LZ4" 1199 tristate "LZ4" 1159 select CRYPTO_ALGAPI 1200 select CRYPTO_ALGAPI 1160 select CRYPTO_ACOMP2 1201 select CRYPTO_ACOMP2 1161 select LZ4_COMPRESS 1202 select LZ4_COMPRESS 1162 select LZ4_DECOMPRESS 1203 select LZ4_DECOMPRESS 1163 help 1204 help 1164 LZ4 compression algorithm 1205 LZ4 compression algorithm 1165 1206 1166 See https://github.com/lz4/lz4 for 1207 See https://github.com/lz4/lz4 for further information. 1167 1208 1168 config CRYPTO_LZ4HC 1209 config CRYPTO_LZ4HC 1169 tristate "LZ4HC" 1210 tristate "LZ4HC" 1170 select CRYPTO_ALGAPI 1211 select CRYPTO_ALGAPI 1171 select CRYPTO_ACOMP2 1212 select CRYPTO_ACOMP2 1172 select LZ4HC_COMPRESS 1213 select LZ4HC_COMPRESS 1173 select LZ4_DECOMPRESS 1214 select LZ4_DECOMPRESS 1174 help 1215 help 1175 LZ4 high compression mode algorithm 1216 LZ4 high compression mode algorithm 1176 1217 1177 See https://github.com/lz4/lz4 for 1218 See https://github.com/lz4/lz4 for further information. 1178 1219 1179 config CRYPTO_ZSTD 1220 config CRYPTO_ZSTD 1180 tristate "Zstd" 1221 tristate "Zstd" 1181 select CRYPTO_ALGAPI 1222 select CRYPTO_ALGAPI 1182 select CRYPTO_ACOMP2 1223 select CRYPTO_ACOMP2 1183 select ZSTD_COMPRESS 1224 select ZSTD_COMPRESS 1184 select ZSTD_DECOMPRESS 1225 select ZSTD_DECOMPRESS 1185 help 1226 help 1186 zstd compression algorithm 1227 zstd compression algorithm 1187 1228 1188 See https://github.com/facebook/zst 1229 See https://github.com/facebook/zstd for further information. 1189 1230 1190 endmenu 1231 endmenu 1191 1232 1192 menu "Random number generation" 1233 menu "Random number generation" 1193 1234 1194 config CRYPTO_ANSI_CPRNG 1235 config CRYPTO_ANSI_CPRNG 1195 tristate "ANSI PRNG (Pseudo Random Nu 1236 tristate "ANSI PRNG (Pseudo Random Number Generator)" 1196 select CRYPTO_AES 1237 select CRYPTO_AES 1197 select CRYPTO_RNG 1238 select CRYPTO_RNG 1198 help 1239 help 1199 Pseudo RNG (random number generator 1240 Pseudo RNG (random number generator) (ANSI X9.31 Appendix A.2.4) 1200 1241 1201 This uses the AES cipher algorithm. 1242 This uses the AES cipher algorithm. 1202 1243 1203 Note that this option must be enabl 1244 Note that this option must be enabled if CRYPTO_FIPS is selected 1204 1245 1205 menuconfig CRYPTO_DRBG_MENU 1246 menuconfig CRYPTO_DRBG_MENU 1206 tristate "NIST SP800-90A DRBG (Determ 1247 tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)" 1207 help 1248 help 1208 DRBG (Deterministic Random Bit Gene 1249 DRBG (Deterministic Random Bit Generator) (NIST SP800-90A) 1209 1250 1210 In the following submenu, one or mo 1251 In the following submenu, one or more of the DRBG types must be selected. 1211 1252 1212 if CRYPTO_DRBG_MENU 1253 if CRYPTO_DRBG_MENU 1213 1254 1214 config CRYPTO_DRBG_HMAC 1255 config CRYPTO_DRBG_HMAC 1215 bool 1256 bool 1216 default y 1257 default y 1217 select CRYPTO_HMAC 1258 select CRYPTO_HMAC 1218 select CRYPTO_SHA512 1259 select CRYPTO_SHA512 1219 1260 1220 config CRYPTO_DRBG_HASH 1261 config CRYPTO_DRBG_HASH 1221 bool "Hash_DRBG" 1262 bool "Hash_DRBG" 1222 select CRYPTO_SHA256 1263 select CRYPTO_SHA256 1223 help 1264 help 1224 Hash_DRBG variant as defined in NIS 1265 Hash_DRBG variant as defined in NIST SP800-90A. 1225 1266 1226 This uses the SHA-1, SHA-256, SHA-3 1267 This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms. 1227 1268 1228 config CRYPTO_DRBG_CTR 1269 config CRYPTO_DRBG_CTR 1229 bool "CTR_DRBG" 1270 bool "CTR_DRBG" 1230 select CRYPTO_AES 1271 select CRYPTO_AES 1231 select CRYPTO_CTR 1272 select CRYPTO_CTR 1232 help 1273 help 1233 CTR_DRBG variant as defined in NIST 1274 CTR_DRBG variant as defined in NIST SP800-90A. 1234 1275 1235 This uses the AES cipher algorithm 1276 This uses the AES cipher algorithm with the counter block mode. 1236 1277 1237 config CRYPTO_DRBG 1278 config CRYPTO_DRBG 1238 tristate 1279 tristate 1239 default CRYPTO_DRBG_MENU 1280 default CRYPTO_DRBG_MENU 1240 select CRYPTO_RNG 1281 select CRYPTO_RNG 1241 select CRYPTO_JITTERENTROPY 1282 select CRYPTO_JITTERENTROPY 1242 1283 1243 endif # if CRYPTO_DRBG_MENU 1284 endif # if CRYPTO_DRBG_MENU 1244 1285 1245 config CRYPTO_JITTERENTROPY 1286 config CRYPTO_JITTERENTROPY 1246 tristate "CPU Jitter Non-Deterministi 1287 tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)" 1247 select CRYPTO_RNG 1288 select CRYPTO_RNG 1248 select CRYPTO_SHA3 1289 select CRYPTO_SHA3 1249 help 1290 help 1250 CPU Jitter RNG (Random Number Gener 1291 CPU Jitter RNG (Random Number Generator) from the Jitterentropy library 1251 1292 1252 A non-physical non-deterministic (" 1293 A non-physical non-deterministic ("true") RNG (e.g., an entropy source 1253 compliant with NIST SP800-90B) inte 1294 compliant with NIST SP800-90B) intended to provide a seed to a 1254 deterministic RNG (e.g., per NIST S 1295 deterministic RNG (e.g., per NIST SP800-90C). 1255 This RNG does not perform any crypt 1296 This RNG does not perform any cryptographic whitening of the generated 1256 random numbers. 1297 random numbers. 1257 1298 1258 See https://www.chronox.de/jent/ 1299 See https://www.chronox.de/jent/ 1259 1300 1260 if CRYPTO_JITTERENTROPY 1301 if CRYPTO_JITTERENTROPY 1261 if CRYPTO_FIPS && EXPERT 1302 if CRYPTO_FIPS && EXPERT 1262 1303 1263 choice 1304 choice 1264 prompt "CPU Jitter RNG Memory Size" 1305 prompt "CPU Jitter RNG Memory Size" 1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ 1306 default CRYPTO_JITTERENTROPY_MEMSIZE_2 1266 help 1307 help 1267 The Jitter RNG measures the executi 1308 The Jitter RNG measures the execution time of memory accesses. 1268 Multiple consecutive memory accesse 1309 Multiple consecutive memory accesses are performed. If the memory 1269 size fits into a cache (e.g. L1), o 1310 size fits into a cache (e.g. L1), only the memory access timing 1270 to that cache is measured. The clos 1311 to that cache is measured. The closer the cache is to the CPU 1271 the less variations are measured an 1312 the less variations are measured and thus the less entropy is 1272 obtained. Thus, if the memory size 1313 obtained. Thus, if the memory size fits into the L1 cache, the 1273 obtained entropy is less than if th 1314 obtained entropy is less than if the memory size fits within 1274 L1 + L2, which in turn is less if t 1315 L1 + L2, which in turn is less if the memory fits into 1275 L1 + L2 + L3. Thus, by selecting a 1316 L1 + L2 + L3. Thus, by selecting a different memory size, 1276 the entropy rate produced by the Ji 1317 the entropy rate produced by the Jitter RNG can be modified. 1277 1318 1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 1319 config CRYPTO_JITTERENTROPY_MEMSIZE_2 1279 bool "2048 Bytes (default)" 1320 bool "2048 Bytes (default)" 1280 1321 1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 1322 config CRYPTO_JITTERENTROPY_MEMSIZE_128 1282 bool "128 kBytes" 1323 bool "128 kBytes" 1283 1324 1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 1325 config CRYPTO_JITTERENTROPY_MEMSIZE_1024 1285 bool "1024 kBytes" 1326 bool "1024 kBytes" 1286 1327 1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 1328 config CRYPTO_JITTERENTROPY_MEMSIZE_8192 1288 bool "8192 kBytes" 1329 bool "8192 kBytes" 1289 endchoice 1330 endchoice 1290 1331 1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS 1332 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS 1292 int 1333 int 1293 default 64 if CRYPTO_JITTERENTROPY_ME 1334 default 64 if CRYPTO_JITTERENTROPY_MEMSIZE_2 1294 default 512 if CRYPTO_JITTERENTROPY_M 1335 default 512 if CRYPTO_JITTERENTROPY_MEMSIZE_128 1295 default 1024 if CRYPTO_JITTERENTROPY_ 1336 default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_1024 1296 default 4096 if CRYPTO_JITTERENTROPY_ 1337 default 4096 if CRYPTO_JITTERENTROPY_MEMSIZE_8192 1297 1338 1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE 1339 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE 1299 int 1340 int 1300 default 32 if CRYPTO_JITTERENTROPY_ME 1341 default 32 if CRYPTO_JITTERENTROPY_MEMSIZE_2 1301 default 256 if CRYPTO_JITTERENTROPY_M 1342 default 256 if CRYPTO_JITTERENTROPY_MEMSIZE_128 1302 default 1024 if CRYPTO_JITTERENTROPY_ 1343 default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_1024 1303 default 2048 if CRYPTO_JITTERENTROPY_ 1344 default 2048 if CRYPTO_JITTERENTROPY_MEMSIZE_8192 1304 1345 1305 config CRYPTO_JITTERENTROPY_OSR 1346 config CRYPTO_JITTERENTROPY_OSR 1306 int "CPU Jitter RNG Oversampling Rate 1347 int "CPU Jitter RNG Oversampling Rate" 1307 range 1 15 1348 range 1 15 1308 default 3 !! 1349 default 1 1309 help 1350 help 1310 The Jitter RNG allows the specifica 1351 The Jitter RNG allows the specification of an oversampling rate (OSR). 1311 The Jitter RNG operation requires a 1352 The Jitter RNG operation requires a fixed amount of timing 1312 measurements to produce one output 1353 measurements to produce one output block of random numbers. The 1313 OSR value is multiplied with the am 1354 OSR value is multiplied with the amount of timing measurements to 1314 generate one output block. Thus, th 1355 generate one output block. Thus, the timing measurement is oversampled 1315 by the OSR factor. The oversampling 1356 by the OSR factor. The oversampling allows the Jitter RNG to operate 1316 on hardware whose timers deliver li 1357 on hardware whose timers deliver limited amount of entropy (e.g. 1317 the timer is coarse) by setting the 1358 the timer is coarse) by setting the OSR to a higher value. The 1318 trade-off, however, is that the Jit 1359 trade-off, however, is that the Jitter RNG now requires more time 1319 to generate random numbers. 1360 to generate random numbers. 1320 1361 1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE 1362 config CRYPTO_JITTERENTROPY_TESTINTERFACE 1322 bool "CPU Jitter RNG Test Interface" 1363 bool "CPU Jitter RNG Test Interface" 1323 help 1364 help 1324 The test interface allows a privile 1365 The test interface allows a privileged process to capture 1325 the raw unconditioned high resoluti 1366 the raw unconditioned high resolution time stamp noise that 1326 is collected by the Jitter RNG for 1367 is collected by the Jitter RNG for statistical analysis. As 1327 this data is used at the same time 1368 this data is used at the same time to generate random bits, 1328 the Jitter RNG operates in an insec 1369 the Jitter RNG operates in an insecure mode as long as the 1329 recording is enabled. This interfac 1370 recording is enabled. This interface therefore is only 1330 intended for testing purposes and i 1371 intended for testing purposes and is not suitable for 1331 production systems. 1372 production systems. 1332 1373 1333 The raw noise data can be obtained 1374 The raw noise data can be obtained using the jent_raw_hires 1334 debugfs file. Using the option 1375 debugfs file. Using the option 1335 jitterentropy_testing.boot_raw_hire 1376 jitterentropy_testing.boot_raw_hires_test=1 the raw noise of 1336 the first 1000 entropy events since 1377 the first 1000 entropy events since boot can be sampled. 1337 1378 1338 If unsure, select N. 1379 If unsure, select N. 1339 1380 1340 endif # if CRYPTO_FIPS && EXPERT 1381 endif # if CRYPTO_FIPS && EXPERT 1341 1382 1342 if !(CRYPTO_FIPS && EXPERT) 1383 if !(CRYPTO_FIPS && EXPERT) 1343 1384 1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS 1385 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS 1345 int 1386 int 1346 default 64 1387 default 64 1347 1388 1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE 1389 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE 1349 int 1390 int 1350 default 32 1391 default 32 1351 1392 1352 config CRYPTO_JITTERENTROPY_OSR 1393 config CRYPTO_JITTERENTROPY_OSR 1353 int 1394 int 1354 default 1 1395 default 1 1355 1396 1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE 1397 config CRYPTO_JITTERENTROPY_TESTINTERFACE 1357 bool 1398 bool 1358 1399 1359 endif # if !(CRYPTO_FIPS && EXPERT) 1400 endif # if !(CRYPTO_FIPS && EXPERT) 1360 endif # if CRYPTO_JITTERENTROPY 1401 endif # if CRYPTO_JITTERENTROPY 1361 1402 1362 config CRYPTO_KDF800108_CTR 1403 config CRYPTO_KDF800108_CTR 1363 tristate 1404 tristate 1364 select CRYPTO_HMAC 1405 select CRYPTO_HMAC 1365 select CRYPTO_SHA256 1406 select CRYPTO_SHA256 1366 1407 1367 endmenu 1408 endmenu 1368 menu "Userspace interface" 1409 menu "Userspace interface" 1369 1410 1370 config CRYPTO_USER_API 1411 config CRYPTO_USER_API 1371 tristate 1412 tristate 1372 1413 1373 config CRYPTO_USER_API_HASH 1414 config CRYPTO_USER_API_HASH 1374 tristate "Hash algorithms" 1415 tristate "Hash algorithms" 1375 depends on NET 1416 depends on NET 1376 select CRYPTO_HASH 1417 select CRYPTO_HASH 1377 select CRYPTO_USER_API 1418 select CRYPTO_USER_API 1378 help 1419 help 1379 Enable the userspace interface for 1420 Enable the userspace interface for hash algorithms. 1380 1421 1381 See Documentation/crypto/userspace- 1422 See Documentation/crypto/userspace-if.rst and 1382 https://www.chronox.de/libkcapi/htm 1423 https://www.chronox.de/libkcapi/html/index.html 1383 1424 1384 config CRYPTO_USER_API_SKCIPHER 1425 config CRYPTO_USER_API_SKCIPHER 1385 tristate "Symmetric key cipher algori 1426 tristate "Symmetric key cipher algorithms" 1386 depends on NET 1427 depends on NET 1387 select CRYPTO_SKCIPHER 1428 select CRYPTO_SKCIPHER 1388 select CRYPTO_USER_API 1429 select CRYPTO_USER_API 1389 help 1430 help 1390 Enable the userspace interface for 1431 Enable the userspace interface for symmetric key cipher algorithms. 1391 1432 1392 See Documentation/crypto/userspace- 1433 See Documentation/crypto/userspace-if.rst and 1393 https://www.chronox.de/libkcapi/htm 1434 https://www.chronox.de/libkcapi/html/index.html 1394 1435 1395 config CRYPTO_USER_API_RNG 1436 config CRYPTO_USER_API_RNG 1396 tristate "RNG (random number generato 1437 tristate "RNG (random number generator) algorithms" 1397 depends on NET 1438 depends on NET 1398 select CRYPTO_RNG 1439 select CRYPTO_RNG 1399 select CRYPTO_USER_API 1440 select CRYPTO_USER_API 1400 help 1441 help 1401 Enable the userspace interface for 1442 Enable the userspace interface for RNG (random number generator) 1402 algorithms. 1443 algorithms. 1403 1444 1404 See Documentation/crypto/userspace- 1445 See Documentation/crypto/userspace-if.rst and 1405 https://www.chronox.de/libkcapi/htm 1446 https://www.chronox.de/libkcapi/html/index.html 1406 1447 1407 config CRYPTO_USER_API_RNG_CAVP 1448 config CRYPTO_USER_API_RNG_CAVP 1408 bool "Enable CAVP testing of DRBG" 1449 bool "Enable CAVP testing of DRBG" 1409 depends on CRYPTO_USER_API_RNG && CRY 1450 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG 1410 help 1451 help 1411 Enable extra APIs in the userspace 1452 Enable extra APIs in the userspace interface for NIST CAVP 1412 (Cryptographic Algorithm Validation 1453 (Cryptographic Algorithm Validation Program) testing: 1413 - resetting DRBG entropy 1454 - resetting DRBG entropy 1414 - providing Additional Data 1455 - providing Additional Data 1415 1456 1416 This should only be enabled for CAV 1457 This should only be enabled for CAVP testing. You should say 1417 no unless you know what this is. 1458 no unless you know what this is. 1418 1459 1419 config CRYPTO_USER_API_AEAD 1460 config CRYPTO_USER_API_AEAD 1420 tristate "AEAD cipher algorithms" 1461 tristate "AEAD cipher algorithms" 1421 depends on NET 1462 depends on NET 1422 select CRYPTO_AEAD 1463 select CRYPTO_AEAD 1423 select CRYPTO_SKCIPHER 1464 select CRYPTO_SKCIPHER 1424 select CRYPTO_NULL 1465 select CRYPTO_NULL 1425 select CRYPTO_USER_API 1466 select CRYPTO_USER_API 1426 help 1467 help 1427 Enable the userspace interface for 1468 Enable the userspace interface for AEAD cipher algorithms. 1428 1469 1429 See Documentation/crypto/userspace- 1470 See Documentation/crypto/userspace-if.rst and 1430 https://www.chronox.de/libkcapi/htm 1471 https://www.chronox.de/libkcapi/html/index.html 1431 1472 1432 config CRYPTO_USER_API_ENABLE_OBSOLETE 1473 config CRYPTO_USER_API_ENABLE_OBSOLETE 1433 bool "Obsolete cryptographic algorith 1474 bool "Obsolete cryptographic algorithms" 1434 depends on CRYPTO_USER_API 1475 depends on CRYPTO_USER_API 1435 default y 1476 default y 1436 help 1477 help 1437 Allow obsolete cryptographic algori 1478 Allow obsolete cryptographic algorithms to be selected that have 1438 already been phased out from intern 1479 already been phased out from internal use by the kernel, and are 1439 only useful for userspace clients t 1480 only useful for userspace clients that still rely on them. 1440 1481 >> 1482 config CRYPTO_STATS >> 1483 bool "Crypto usage statistics" >> 1484 depends on CRYPTO_USER >> 1485 help >> 1486 Enable the gathering of crypto stats. >> 1487 >> 1488 Enabling this option reduces the performance of the crypto API. It >> 1489 should only be enabled when there is actually a use case for it. >> 1490 >> 1491 This collects data sizes, numbers of requests, and numbers >> 1492 of errors processed by: >> 1493 - AEAD ciphers (encrypt, decrypt) >> 1494 - asymmetric key ciphers (encrypt, decrypt, verify, sign) >> 1495 - symmetric key ciphers (encrypt, decrypt) >> 1496 - compression algorithms (compress, decompress) >> 1497 - hash algorithms (hash) >> 1498 - key-agreement protocol primitives (setsecret, generate >> 1499 public key, compute shared secret) >> 1500 - RNG (generate, seed) >> 1501 1441 endmenu 1502 endmenu 1442 1503 1443 config CRYPTO_HASH_INFO 1504 config CRYPTO_HASH_INFO 1444 bool 1505 bool 1445 1506 1446 if !KMSAN # avoid false positives from assemb 1507 if !KMSAN # avoid false positives from assembly 1447 if ARM 1508 if ARM 1448 source "arch/arm/crypto/Kconfig" 1509 source "arch/arm/crypto/Kconfig" 1449 endif 1510 endif 1450 if ARM64 1511 if ARM64 1451 source "arch/arm64/crypto/Kconfig" 1512 source "arch/arm64/crypto/Kconfig" 1452 endif 1513 endif 1453 if LOONGARCH 1514 if LOONGARCH 1454 source "arch/loongarch/crypto/Kconfig" 1515 source "arch/loongarch/crypto/Kconfig" 1455 endif 1516 endif 1456 if MIPS 1517 if MIPS 1457 source "arch/mips/crypto/Kconfig" 1518 source "arch/mips/crypto/Kconfig" 1458 endif 1519 endif 1459 if PPC 1520 if PPC 1460 source "arch/powerpc/crypto/Kconfig" 1521 source "arch/powerpc/crypto/Kconfig" 1461 endif << 1462 if RISCV << 1463 source "arch/riscv/crypto/Kconfig" << 1464 endif 1522 endif 1465 if S390 1523 if S390 1466 source "arch/s390/crypto/Kconfig" 1524 source "arch/s390/crypto/Kconfig" 1467 endif 1525 endif 1468 if SPARC 1526 if SPARC 1469 source "arch/sparc/crypto/Kconfig" 1527 source "arch/sparc/crypto/Kconfig" 1470 endif 1528 endif 1471 if X86 1529 if X86 1472 source "arch/x86/crypto/Kconfig" 1530 source "arch/x86/crypto/Kconfig" 1473 endif 1531 endif 1474 endif 1532 endif 1475 1533 1476 source "drivers/crypto/Kconfig" 1534 source "drivers/crypto/Kconfig" 1477 source "crypto/asymmetric_keys/Kconfig" 1535 source "crypto/asymmetric_keys/Kconfig" 1478 source "certs/Kconfig" 1536 source "certs/Kconfig" 1479 1537 1480 endif # if CRYPTO 1538 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.