1 # SPDX-License-Identifier: GPL-2.0 1 # SPDX-License-Identifier: GPL-2.0
2 # 2 #
3 # Generic algorithms support 3 # Generic algorithms support
4 # 4 #
5 config XOR_BLOCKS 5 config XOR_BLOCKS
6 tristate 6 tristate
7 7
8 # 8 #
9 # async_tx api: hardware offloaded memory tran 9 # async_tx api: hardware offloaded memory transfer/transform support
10 # 10 #
11 source "crypto/async_tx/Kconfig" 11 source "crypto/async_tx/Kconfig"
12 12
13 # 13 #
14 # Cryptographic API Configuration 14 # Cryptographic API Configuration
15 # 15 #
16 menuconfig CRYPTO 16 menuconfig CRYPTO
17 tristate "Cryptographic API" 17 tristate "Cryptographic API"
18 select CRYPTO_LIB_UTILS 18 select CRYPTO_LIB_UTILS
19 help 19 help
20 This option provides the core Crypto 20 This option provides the core Cryptographic API.
21 21
22 if CRYPTO 22 if CRYPTO
23 23
24 menu "Crypto core or helper" 24 menu "Crypto core or helper"
25 25
26 config CRYPTO_FIPS 26 config CRYPTO_FIPS
27 bool "FIPS 200 compliance" 27 bool "FIPS 200 compliance"
28 depends on (CRYPTO_ANSI_CPRNG || CRYPT 28 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
29 depends on (MODULE_SIG || !MODULES) 29 depends on (MODULE_SIG || !MODULES)
30 help 30 help
31 This option enables the fips boot op 31 This option enables the fips boot option which is
32 required if you want the system to o 32 required if you want the system to operate in a FIPS 200
33 certification. You should say no un 33 certification. You should say no unless you know what
34 this is. 34 this is.
35 35
36 config CRYPTO_FIPS_NAME 36 config CRYPTO_FIPS_NAME
37 string "FIPS Module Name" 37 string "FIPS Module Name"
38 default "Linux Kernel Cryptographic AP 38 default "Linux Kernel Cryptographic API"
39 depends on CRYPTO_FIPS 39 depends on CRYPTO_FIPS
40 help 40 help
41 This option sets the FIPS Module nam 41 This option sets the FIPS Module name reported by the Crypto API via
42 the /proc/sys/crypto/fips_name file. 42 the /proc/sys/crypto/fips_name file.
43 43
44 config CRYPTO_FIPS_CUSTOM_VERSION 44 config CRYPTO_FIPS_CUSTOM_VERSION
45 bool "Use Custom FIPS Module Version" 45 bool "Use Custom FIPS Module Version"
46 depends on CRYPTO_FIPS 46 depends on CRYPTO_FIPS
47 default n 47 default n
48 48
49 config CRYPTO_FIPS_VERSION 49 config CRYPTO_FIPS_VERSION
50 string "FIPS Module Version" 50 string "FIPS Module Version"
51 default "(none)" 51 default "(none)"
52 depends on CRYPTO_FIPS_CUSTOM_VERSION 52 depends on CRYPTO_FIPS_CUSTOM_VERSION
53 help 53 help
54 This option provides the ability to 54 This option provides the ability to override the FIPS Module Version.
55 By default the KERNELRELEASE value i 55 By default the KERNELRELEASE value is used.
56 56
57 config CRYPTO_ALGAPI 57 config CRYPTO_ALGAPI
58 tristate 58 tristate
59 select CRYPTO_ALGAPI2 59 select CRYPTO_ALGAPI2
60 help 60 help
61 This option provides the API for cry 61 This option provides the API for cryptographic algorithms.
62 62
63 config CRYPTO_ALGAPI2 63 config CRYPTO_ALGAPI2
64 tristate 64 tristate
65 65
66 config CRYPTO_AEAD 66 config CRYPTO_AEAD
67 tristate 67 tristate
68 select CRYPTO_AEAD2 68 select CRYPTO_AEAD2
69 select CRYPTO_ALGAPI 69 select CRYPTO_ALGAPI
70 70
71 config CRYPTO_AEAD2 71 config CRYPTO_AEAD2
72 tristate 72 tristate
73 select CRYPTO_ALGAPI2 73 select CRYPTO_ALGAPI2
74 74
75 config CRYPTO_SIG 75 config CRYPTO_SIG
76 tristate 76 tristate
77 select CRYPTO_SIG2 77 select CRYPTO_SIG2
78 select CRYPTO_ALGAPI 78 select CRYPTO_ALGAPI
79 79
80 config CRYPTO_SIG2 80 config CRYPTO_SIG2
81 tristate 81 tristate
82 select CRYPTO_ALGAPI2 82 select CRYPTO_ALGAPI2
83 83
84 config CRYPTO_SKCIPHER 84 config CRYPTO_SKCIPHER
85 tristate 85 tristate
86 select CRYPTO_SKCIPHER2 86 select CRYPTO_SKCIPHER2
87 select CRYPTO_ALGAPI 87 select CRYPTO_ALGAPI
88 select CRYPTO_ECB 88 select CRYPTO_ECB
89 89
90 config CRYPTO_SKCIPHER2 90 config CRYPTO_SKCIPHER2
91 tristate 91 tristate
92 select CRYPTO_ALGAPI2 92 select CRYPTO_ALGAPI2
93 93
94 config CRYPTO_HASH 94 config CRYPTO_HASH
95 tristate 95 tristate
96 select CRYPTO_HASH2 96 select CRYPTO_HASH2
97 select CRYPTO_ALGAPI 97 select CRYPTO_ALGAPI
98 98
99 config CRYPTO_HASH2 99 config CRYPTO_HASH2
100 tristate 100 tristate
101 select CRYPTO_ALGAPI2 101 select CRYPTO_ALGAPI2
102 102
103 config CRYPTO_RNG 103 config CRYPTO_RNG
104 tristate 104 tristate
105 select CRYPTO_RNG2 105 select CRYPTO_RNG2
106 select CRYPTO_ALGAPI 106 select CRYPTO_ALGAPI
107 107
108 config CRYPTO_RNG2 108 config CRYPTO_RNG2
109 tristate 109 tristate
110 select CRYPTO_ALGAPI2 110 select CRYPTO_ALGAPI2
111 111
112 config CRYPTO_RNG_DEFAULT 112 config CRYPTO_RNG_DEFAULT
113 tristate 113 tristate
114 select CRYPTO_DRBG_MENU 114 select CRYPTO_DRBG_MENU
115 115
116 config CRYPTO_AKCIPHER2 116 config CRYPTO_AKCIPHER2
117 tristate 117 tristate
118 select CRYPTO_ALGAPI2 118 select CRYPTO_ALGAPI2
119 119
120 config CRYPTO_AKCIPHER 120 config CRYPTO_AKCIPHER
121 tristate 121 tristate
122 select CRYPTO_AKCIPHER2 122 select CRYPTO_AKCIPHER2
123 select CRYPTO_ALGAPI 123 select CRYPTO_ALGAPI
124 124
125 config CRYPTO_KPP2 125 config CRYPTO_KPP2
126 tristate 126 tristate
127 select CRYPTO_ALGAPI2 127 select CRYPTO_ALGAPI2
128 128
129 config CRYPTO_KPP 129 config CRYPTO_KPP
130 tristate 130 tristate
131 select CRYPTO_ALGAPI 131 select CRYPTO_ALGAPI
132 select CRYPTO_KPP2 132 select CRYPTO_KPP2
133 133
134 config CRYPTO_ACOMP2 134 config CRYPTO_ACOMP2
135 tristate 135 tristate
136 select CRYPTO_ALGAPI2 136 select CRYPTO_ALGAPI2
137 select SGL_ALLOC 137 select SGL_ALLOC
138 138
139 config CRYPTO_ACOMP 139 config CRYPTO_ACOMP
140 tristate 140 tristate
141 select CRYPTO_ALGAPI 141 select CRYPTO_ALGAPI
142 select CRYPTO_ACOMP2 142 select CRYPTO_ACOMP2
143 143
144 config CRYPTO_MANAGER 144 config CRYPTO_MANAGER
145 tristate "Cryptographic algorithm mana 145 tristate "Cryptographic algorithm manager"
146 select CRYPTO_MANAGER2 146 select CRYPTO_MANAGER2
147 help 147 help
148 Create default cryptographic templat 148 Create default cryptographic template instantiations such as
149 cbc(aes). 149 cbc(aes).
150 150
151 config CRYPTO_MANAGER2 151 config CRYPTO_MANAGER2
152 def_tristate CRYPTO_MANAGER || (CRYPTO 152 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153 select CRYPTO_ACOMP2 153 select CRYPTO_ACOMP2
154 select CRYPTO_AEAD2 154 select CRYPTO_AEAD2
155 select CRYPTO_AKCIPHER2 155 select CRYPTO_AKCIPHER2
156 select CRYPTO_SIG2 156 select CRYPTO_SIG2
157 select CRYPTO_HASH2 157 select CRYPTO_HASH2
158 select CRYPTO_KPP2 158 select CRYPTO_KPP2
159 select CRYPTO_RNG2 159 select CRYPTO_RNG2
160 select CRYPTO_SKCIPHER2 160 select CRYPTO_SKCIPHER2
161 161
162 config CRYPTO_USER 162 config CRYPTO_USER
163 tristate "Userspace cryptographic algo 163 tristate "Userspace cryptographic algorithm configuration"
164 depends on NET 164 depends on NET
165 select CRYPTO_MANAGER 165 select CRYPTO_MANAGER
166 help 166 help
167 Userspace configuration for cryptogr 167 Userspace configuration for cryptographic instantiations such as
168 cbc(aes). 168 cbc(aes).
169 169
170 config CRYPTO_MANAGER_DISABLE_TESTS 170 config CRYPTO_MANAGER_DISABLE_TESTS
171 bool "Disable run-time self tests" 171 bool "Disable run-time self tests"
172 default y 172 default y
173 help 173 help
174 Disable run-time self tests that nor 174 Disable run-time self tests that normally take place at
175 algorithm registration. 175 algorithm registration.
176 176
177 config CRYPTO_MANAGER_EXTRA_TESTS 177 config CRYPTO_MANAGER_EXTRA_TESTS
178 bool "Enable extra run-time crypto sel 178 bool "Enable extra run-time crypto self tests"
179 depends on DEBUG_KERNEL && !CRYPTO_MAN 179 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
180 help 180 help
181 Enable extra run-time self tests of 181 Enable extra run-time self tests of registered crypto algorithms,
182 including randomized fuzz tests. 182 including randomized fuzz tests.
183 183
184 This is intended for developer use o 184 This is intended for developer use only, as these tests take much
185 longer to run than the normal self t 185 longer to run than the normal self tests.
186 186
187 config CRYPTO_NULL 187 config CRYPTO_NULL
188 tristate "Null algorithms" 188 tristate "Null algorithms"
189 select CRYPTO_NULL2 189 select CRYPTO_NULL2
190 help 190 help
191 These are 'Null' algorithms, used by 191 These are 'Null' algorithms, used by IPsec, which do nothing.
192 192
193 config CRYPTO_NULL2 193 config CRYPTO_NULL2
194 tristate 194 tristate
195 select CRYPTO_ALGAPI2 195 select CRYPTO_ALGAPI2
196 select CRYPTO_SKCIPHER2 196 select CRYPTO_SKCIPHER2
197 select CRYPTO_HASH2 197 select CRYPTO_HASH2
198 198
199 config CRYPTO_PCRYPT 199 config CRYPTO_PCRYPT
200 tristate "Parallel crypto engine" 200 tristate "Parallel crypto engine"
201 depends on SMP 201 depends on SMP
202 select PADATA 202 select PADATA
203 select CRYPTO_MANAGER 203 select CRYPTO_MANAGER
204 select CRYPTO_AEAD 204 select CRYPTO_AEAD
205 help 205 help
206 This converts an arbitrary crypto al 206 This converts an arbitrary crypto algorithm into a parallel
207 algorithm that executes in kernel th 207 algorithm that executes in kernel threads.
208 208
209 config CRYPTO_CRYPTD 209 config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon 210 tristate "Software async crypto daemon"
211 select CRYPTO_SKCIPHER 211 select CRYPTO_SKCIPHER
212 select CRYPTO_HASH 212 select CRYPTO_HASH
213 select CRYPTO_MANAGER 213 select CRYPTO_MANAGER
214 help 214 help
215 This is a generic software asynchron 215 This is a generic software asynchronous crypto daemon that
216 converts an arbitrary synchronous so 216 converts an arbitrary synchronous software crypto algorithm
217 into an asynchronous algorithm that 217 into an asynchronous algorithm that executes in a kernel thread.
218 218
219 config CRYPTO_AUTHENC 219 config CRYPTO_AUTHENC
220 tristate "Authenc support" 220 tristate "Authenc support"
221 select CRYPTO_AEAD 221 select CRYPTO_AEAD
222 select CRYPTO_SKCIPHER 222 select CRYPTO_SKCIPHER
223 select CRYPTO_MANAGER 223 select CRYPTO_MANAGER
224 select CRYPTO_HASH 224 select CRYPTO_HASH
225 select CRYPTO_NULL 225 select CRYPTO_NULL
226 help 226 help
227 Authenc: Combined mode wrapper for I 227 Authenc: Combined mode wrapper for IPsec.
228 228
229 This is required for IPSec ESP (XFRM 229 This is required for IPSec ESP (XFRM_ESP).
230 230
231 config CRYPTO_TEST 231 config CRYPTO_TEST
232 tristate "Testing module" 232 tristate "Testing module"
233 depends on m || EXPERT 233 depends on m || EXPERT
234 select CRYPTO_MANAGER 234 select CRYPTO_MANAGER
235 help 235 help
236 Quick & dirty crypto test module. 236 Quick & dirty crypto test module.
237 237
238 config CRYPTO_SIMD 238 config CRYPTO_SIMD
239 tristate 239 tristate
240 select CRYPTO_CRYPTD 240 select CRYPTO_CRYPTD
241 241
242 config CRYPTO_ENGINE 242 config CRYPTO_ENGINE
243 tristate 243 tristate
244 244
245 endmenu 245 endmenu
246 246
247 menu "Public-key cryptography" 247 menu "Public-key cryptography"
248 248
249 config CRYPTO_RSA 249 config CRYPTO_RSA
250 tristate "RSA (Rivest-Shamir-Adleman)" 250 tristate "RSA (Rivest-Shamir-Adleman)"
251 select CRYPTO_AKCIPHER 251 select CRYPTO_AKCIPHER
252 select CRYPTO_MANAGER 252 select CRYPTO_MANAGER
253 select MPILIB 253 select MPILIB
254 select ASN1 254 select ASN1
255 help 255 help
256 RSA (Rivest-Shamir-Adleman) public k 256 RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017)
257 257
258 config CRYPTO_DH 258 config CRYPTO_DH
259 tristate "DH (Diffie-Hellman)" 259 tristate "DH (Diffie-Hellman)"
260 select CRYPTO_KPP 260 select CRYPTO_KPP
261 select MPILIB 261 select MPILIB
262 help 262 help
263 DH (Diffie-Hellman) key exchange alg 263 DH (Diffie-Hellman) key exchange algorithm
264 264
265 config CRYPTO_DH_RFC7919_GROUPS 265 config CRYPTO_DH_RFC7919_GROUPS
266 bool "RFC 7919 FFDHE groups" 266 bool "RFC 7919 FFDHE groups"
267 depends on CRYPTO_DH 267 depends on CRYPTO_DH
268 select CRYPTO_RNG_DEFAULT 268 select CRYPTO_RNG_DEFAULT
269 help 269 help
270 FFDHE (Finite-Field-based Diffie-Hel 270 FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups
271 defined in RFC7919. 271 defined in RFC7919.
272 272
273 Support these finite-field groups in 273 Support these finite-field groups in DH key exchanges:
274 - ffdhe2048, ffdhe3072, ffdhe4096, f 274 - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
275 275
276 If unsure, say N. 276 If unsure, say N.
277 277
278 config CRYPTO_ECC 278 config CRYPTO_ECC
279 tristate 279 tristate
280 select CRYPTO_RNG_DEFAULT 280 select CRYPTO_RNG_DEFAULT
281 281
282 config CRYPTO_ECDH 282 config CRYPTO_ECDH
283 tristate "ECDH (Elliptic Curve Diffie- 283 tristate "ECDH (Elliptic Curve Diffie-Hellman)"
284 select CRYPTO_ECC 284 select CRYPTO_ECC
285 select CRYPTO_KPP 285 select CRYPTO_KPP
286 help 286 help
287 ECDH (Elliptic Curve Diffie-Hellman) 287 ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm
288 using curves P-192, P-256, and P-384 288 using curves P-192, P-256, and P-384 (FIPS 186)
289 289
290 config CRYPTO_ECDSA 290 config CRYPTO_ECDSA
291 tristate "ECDSA (Elliptic Curve Digita 291 tristate "ECDSA (Elliptic Curve Digital Signature Algorithm)"
292 select CRYPTO_ECC 292 select CRYPTO_ECC
293 select CRYPTO_AKCIPHER 293 select CRYPTO_AKCIPHER
294 select ASN1 294 select ASN1
295 help 295 help
296 ECDSA (Elliptic Curve Digital Signat 296 ECDSA (Elliptic Curve Digital Signature Algorithm) (FIPS 186,
297 ISO/IEC 14888-3) 297 ISO/IEC 14888-3)
298 using curves P-192, P-256, and P-384 298 using curves P-192, P-256, and P-384
299 299
300 Only signature verification is imple 300 Only signature verification is implemented.
301 301
302 config CRYPTO_ECRDSA 302 config CRYPTO_ECRDSA
303 tristate "EC-RDSA (Elliptic Curve Russ 303 tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)"
304 select CRYPTO_ECC 304 select CRYPTO_ECC
305 select CRYPTO_AKCIPHER 305 select CRYPTO_AKCIPHER
306 select CRYPTO_STREEBOG 306 select CRYPTO_STREEBOG
307 select OID_REGISTRY 307 select OID_REGISTRY
308 select ASN1 308 select ASN1
309 help 309 help
310 Elliptic Curve Russian Digital Signa 310 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
311 RFC 7091, ISO/IEC 14888-3) 311 RFC 7091, ISO/IEC 14888-3)
312 312
313 One of the Russian cryptographic sta 313 One of the Russian cryptographic standard algorithms (called GOST
314 algorithms). Only signature verifica 314 algorithms). Only signature verification is implemented.
315 315
>> 316 config CRYPTO_SM2
>> 317 tristate "SM2 (ShangMi 2)"
>> 318 select CRYPTO_SM3
>> 319 select CRYPTO_AKCIPHER
>> 320 select CRYPTO_MANAGER
>> 321 select MPILIB
>> 322 select ASN1
>> 323 help
>> 324 SM2 (ShangMi 2) public key algorithm
>> 325
>> 326 Published by State Encryption Management Bureau, China,
>> 327 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
>> 328
>> 329 References:
>> 330 https://datatracker.ietf.org/doc/draft-shen-sm2-ecdsa/
>> 331 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
>> 332 http://www.gmbz.org.cn/main/bzlb.html
>> 333
316 config CRYPTO_CURVE25519 334 config CRYPTO_CURVE25519
317 tristate "Curve25519" 335 tristate "Curve25519"
318 select CRYPTO_KPP 336 select CRYPTO_KPP
319 select CRYPTO_LIB_CURVE25519_GENERIC 337 select CRYPTO_LIB_CURVE25519_GENERIC
320 help 338 help
321 Curve25519 elliptic curve (RFC7748) 339 Curve25519 elliptic curve (RFC7748)
322 340
323 endmenu 341 endmenu
324 342
325 menu "Block ciphers" 343 menu "Block ciphers"
326 344
327 config CRYPTO_AES 345 config CRYPTO_AES
328 tristate "AES (Advanced Encryption Sta 346 tristate "AES (Advanced Encryption Standard)"
329 select CRYPTO_ALGAPI 347 select CRYPTO_ALGAPI
330 select CRYPTO_LIB_AES 348 select CRYPTO_LIB_AES
331 help 349 help
332 AES cipher algorithms (Rijndael)(FIP 350 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
333 351
334 Rijndael appears to be consistently 352 Rijndael appears to be consistently a very good performer in
335 both hardware and software across a 353 both hardware and software across a wide range of computing
336 environments regardless of its use i 354 environments regardless of its use in feedback or non-feedback
337 modes. Its key setup time is excelle 355 modes. Its key setup time is excellent, and its key agility is
338 good. Rijndael's very low memory req 356 good. Rijndael's very low memory requirements make it very well
339 suited for restricted-space environm 357 suited for restricted-space environments, in which it also
340 demonstrates excellent performance. 358 demonstrates excellent performance. Rijndael's operations are
341 among the easiest to defend against 359 among the easiest to defend against power and timing attacks.
342 360
343 The AES specifies three key sizes: 1 361 The AES specifies three key sizes: 128, 192 and 256 bits
344 362
345 config CRYPTO_AES_TI 363 config CRYPTO_AES_TI
346 tristate "AES (Advanced Encryption Sta 364 tristate "AES (Advanced Encryption Standard) (fixed time)"
347 select CRYPTO_ALGAPI 365 select CRYPTO_ALGAPI
348 select CRYPTO_LIB_AES 366 select CRYPTO_LIB_AES
349 help 367 help
350 AES cipher algorithms (Rijndael)(FIP 368 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
351 369
352 This is a generic implementation of 370 This is a generic implementation of AES that attempts to eliminate
353 data dependent latencies as much as 371 data dependent latencies as much as possible without affecting
354 performance too much. It is intended 372 performance too much. It is intended for use by the generic CCM
355 and GCM drivers, and other CTR or CM 373 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
356 solely on encryption (although decry 374 solely on encryption (although decryption is supported as well, but
357 with a more dramatic performance hit 375 with a more dramatic performance hit)
358 376
359 Instead of using 16 lookup tables of 377 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
360 8 for decryption), this implementati 378 8 for decryption), this implementation only uses just two S-boxes of
361 256 bytes each, and attempts to elim 379 256 bytes each, and attempts to eliminate data dependent latencies by
362 prefetching the entire table into th 380 prefetching the entire table into the cache at the start of each
363 block. Interrupts are also disabled 381 block. Interrupts are also disabled to avoid races where cachelines
364 are evicted when the CPU is interrup 382 are evicted when the CPU is interrupted to do something else.
365 383
366 config CRYPTO_ANUBIS 384 config CRYPTO_ANUBIS
367 tristate "Anubis" 385 tristate "Anubis"
368 depends on CRYPTO_USER_API_ENABLE_OBSO 386 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
369 select CRYPTO_ALGAPI 387 select CRYPTO_ALGAPI
370 help 388 help
371 Anubis cipher algorithm 389 Anubis cipher algorithm
372 390
373 Anubis is a variable key length ciph 391 Anubis is a variable key length cipher which can use keys from
374 128 bits to 320 bits in length. It 392 128 bits to 320 bits in length. It was evaluated as a entrant
375 in the NESSIE competition. 393 in the NESSIE competition.
376 394
377 See https://web.archive.org/web/2016 395 See https://web.archive.org/web/20160606112246/http://www.larc.usp.br/~pbarreto/AnubisPage.html
378 for further information. 396 for further information.
379 397
380 config CRYPTO_ARIA 398 config CRYPTO_ARIA
381 tristate "ARIA" 399 tristate "ARIA"
382 select CRYPTO_ALGAPI 400 select CRYPTO_ALGAPI
383 help 401 help
384 ARIA cipher algorithm (RFC5794) 402 ARIA cipher algorithm (RFC5794)
385 403
386 ARIA is a standard encryption algori 404 ARIA is a standard encryption algorithm of the Republic of Korea.
387 The ARIA specifies three key sizes a 405 The ARIA specifies three key sizes and rounds.
388 128-bit: 12 rounds. 406 128-bit: 12 rounds.
389 192-bit: 14 rounds. 407 192-bit: 14 rounds.
390 256-bit: 16 rounds. 408 256-bit: 16 rounds.
391 409
392 See: 410 See:
393 https://seed.kisa.or.kr/kisa/algorit 411 https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do
394 412
395 config CRYPTO_BLOWFISH 413 config CRYPTO_BLOWFISH
396 tristate "Blowfish" 414 tristate "Blowfish"
397 select CRYPTO_ALGAPI 415 select CRYPTO_ALGAPI
398 select CRYPTO_BLOWFISH_COMMON 416 select CRYPTO_BLOWFISH_COMMON
399 help 417 help
400 Blowfish cipher algorithm, by Bruce 418 Blowfish cipher algorithm, by Bruce Schneier
401 419
402 This is a variable key length cipher 420 This is a variable key length cipher which can use keys from 32
403 bits to 448 bits in length. It's fa 421 bits to 448 bits in length. It's fast, simple and specifically
404 designed for use on "large microproc 422 designed for use on "large microprocessors".
405 423
406 See https://www.schneier.com/blowfis 424 See https://www.schneier.com/blowfish.html for further information.
407 425
408 config CRYPTO_BLOWFISH_COMMON 426 config CRYPTO_BLOWFISH_COMMON
409 tristate 427 tristate
410 help 428 help
411 Common parts of the Blowfish cipher 429 Common parts of the Blowfish cipher algorithm shared by the
412 generic c and the assembler implemen 430 generic c and the assembler implementations.
413 431
414 config CRYPTO_CAMELLIA 432 config CRYPTO_CAMELLIA
415 tristate "Camellia" 433 tristate "Camellia"
416 select CRYPTO_ALGAPI 434 select CRYPTO_ALGAPI
417 help 435 help
418 Camellia cipher algorithms (ISO/IEC 436 Camellia cipher algorithms (ISO/IEC 18033-3)
419 437
420 Camellia is a symmetric key block ci 438 Camellia is a symmetric key block cipher developed jointly
421 at NTT and Mitsubishi Electric Corpo 439 at NTT and Mitsubishi Electric Corporation.
422 440
423 The Camellia specifies three key siz 441 The Camellia specifies three key sizes: 128, 192 and 256 bits.
424 442
425 See https://info.isl.ntt.co.jp/crypt 443 See https://info.isl.ntt.co.jp/crypt/eng/camellia/ for further information.
426 444
427 config CRYPTO_CAST_COMMON 445 config CRYPTO_CAST_COMMON
428 tristate 446 tristate
429 help 447 help
430 Common parts of the CAST cipher algo 448 Common parts of the CAST cipher algorithms shared by the
431 generic c and the assembler implemen 449 generic c and the assembler implementations.
432 450
433 config CRYPTO_CAST5 451 config CRYPTO_CAST5
434 tristate "CAST5 (CAST-128)" 452 tristate "CAST5 (CAST-128)"
435 select CRYPTO_ALGAPI 453 select CRYPTO_ALGAPI
436 select CRYPTO_CAST_COMMON 454 select CRYPTO_CAST_COMMON
437 help 455 help
438 CAST5 (CAST-128) cipher algorithm (R 456 CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3)
439 457
440 config CRYPTO_CAST6 458 config CRYPTO_CAST6
441 tristate "CAST6 (CAST-256)" 459 tristate "CAST6 (CAST-256)"
442 select CRYPTO_ALGAPI 460 select CRYPTO_ALGAPI
443 select CRYPTO_CAST_COMMON 461 select CRYPTO_CAST_COMMON
444 help 462 help
445 CAST6 (CAST-256) encryption algorith 463 CAST6 (CAST-256) encryption algorithm (RFC2612)
446 464
447 config CRYPTO_DES 465 config CRYPTO_DES
448 tristate "DES and Triple DES EDE" 466 tristate "DES and Triple DES EDE"
449 select CRYPTO_ALGAPI 467 select CRYPTO_ALGAPI
450 select CRYPTO_LIB_DES 468 select CRYPTO_LIB_DES
451 help 469 help
452 DES (Data Encryption Standard)(FIPS 470 DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and
453 Triple DES EDE (Encrypt/Decrypt/Encr 471 Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3)
454 cipher algorithms 472 cipher algorithms
455 473
456 config CRYPTO_FCRYPT 474 config CRYPTO_FCRYPT
457 tristate "FCrypt" 475 tristate "FCrypt"
458 select CRYPTO_ALGAPI 476 select CRYPTO_ALGAPI
459 select CRYPTO_SKCIPHER 477 select CRYPTO_SKCIPHER
460 help 478 help
461 FCrypt algorithm used by RxRPC 479 FCrypt algorithm used by RxRPC
462 480
463 See https://ota.polyonymo.us/fcrypt- 481 See https://ota.polyonymo.us/fcrypt-paper.txt
464 482
465 config CRYPTO_KHAZAD 483 config CRYPTO_KHAZAD
466 tristate "Khazad" 484 tristate "Khazad"
467 depends on CRYPTO_USER_API_ENABLE_OBSO 485 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
468 select CRYPTO_ALGAPI 486 select CRYPTO_ALGAPI
469 help 487 help
470 Khazad cipher algorithm 488 Khazad cipher algorithm
471 489
472 Khazad was a finalist in the initial 490 Khazad was a finalist in the initial NESSIE competition. It is
473 an algorithm optimized for 64-bit pr 491 an algorithm optimized for 64-bit processors with good performance
474 on 32-bit processors. Khazad uses a 492 on 32-bit processors. Khazad uses an 128 bit key size.
475 493
476 See https://web.archive.org/web/2017 494 See https://web.archive.org/web/20171011071731/http://www.larc.usp.br/~pbarreto/KhazadPage.html
477 for further information. 495 for further information.
478 496
479 config CRYPTO_SEED 497 config CRYPTO_SEED
480 tristate "SEED" 498 tristate "SEED"
481 depends on CRYPTO_USER_API_ENABLE_OBSO 499 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
482 select CRYPTO_ALGAPI 500 select CRYPTO_ALGAPI
483 help 501 help
484 SEED cipher algorithm (RFC4269, ISO/ 502 SEED cipher algorithm (RFC4269, ISO/IEC 18033-3)
485 503
486 SEED is a 128-bit symmetric key bloc 504 SEED is a 128-bit symmetric key block cipher that has been
487 developed by KISA (Korea Information 505 developed by KISA (Korea Information Security Agency) as a
488 national standard encryption algorit 506 national standard encryption algorithm of the Republic of Korea.
489 It is a 16 round block cipher with t 507 It is a 16 round block cipher with the key size of 128 bit.
490 508
491 See https://seed.kisa.or.kr/kisa/alg 509 See https://seed.kisa.or.kr/kisa/algorithm/EgovSeedInfo.do
492 for further information. 510 for further information.
493 511
494 config CRYPTO_SERPENT 512 config CRYPTO_SERPENT
495 tristate "Serpent" 513 tristate "Serpent"
496 select CRYPTO_ALGAPI 514 select CRYPTO_ALGAPI
497 help 515 help
498 Serpent cipher algorithm, by Anderso 516 Serpent cipher algorithm, by Anderson, Biham & Knudsen
499 517
500 Keys are allowed to be from 0 to 256 518 Keys are allowed to be from 0 to 256 bits in length, in steps
501 of 8 bits. 519 of 8 bits.
502 520
503 See https://www.cl.cam.ac.uk/~rja14/ 521 See https://www.cl.cam.ac.uk/~rja14/serpent.html for further information.
504 522
505 config CRYPTO_SM4 523 config CRYPTO_SM4
506 tristate 524 tristate
507 525
508 config CRYPTO_SM4_GENERIC 526 config CRYPTO_SM4_GENERIC
509 tristate "SM4 (ShangMi 4)" 527 tristate "SM4 (ShangMi 4)"
510 select CRYPTO_ALGAPI 528 select CRYPTO_ALGAPI
511 select CRYPTO_SM4 529 select CRYPTO_SM4
512 help 530 help
513 SM4 cipher algorithms (OSCCA GB/T 32 531 SM4 cipher algorithms (OSCCA GB/T 32907-2016,
514 ISO/IEC 18033-3:2010/Amd 1:2021) 532 ISO/IEC 18033-3:2010/Amd 1:2021)
515 533
516 SM4 (GBT.32907-2016) is a cryptograp 534 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
517 Organization of State Commercial Adm 535 Organization of State Commercial Administration of China (OSCCA)
518 as an authorized cryptographic algor 536 as an authorized cryptographic algorithms for the use within China.
519 537
520 SMS4 was originally created for use 538 SMS4 was originally created for use in protecting wireless
521 networks, and is mandated in the Chi 539 networks, and is mandated in the Chinese National Standard for
522 Wireless LAN WAPI (Wired Authenticat 540 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
523 (GB.15629.11-2003). 541 (GB.15629.11-2003).
524 542
525 The latest SM4 standard (GBT.32907-2 543 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
526 standardized through TC 260 of the S 544 standardized through TC 260 of the Standardization Administration
527 of the People's Republic of China (S 545 of the People's Republic of China (SAC).
528 546
529 The input, output, and key of SMS4 a 547 The input, output, and key of SMS4 are each 128 bits.
530 548
531 See https://eprint.iacr.org/2008/329 549 See https://eprint.iacr.org/2008/329.pdf for further information.
532 550
533 If unsure, say N. 551 If unsure, say N.
534 552
535 config CRYPTO_TEA 553 config CRYPTO_TEA
536 tristate "TEA, XTEA and XETA" 554 tristate "TEA, XTEA and XETA"
537 depends on CRYPTO_USER_API_ENABLE_OBSO 555 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
538 select CRYPTO_ALGAPI 556 select CRYPTO_ALGAPI
539 help 557 help
540 TEA (Tiny Encryption Algorithm) ciph 558 TEA (Tiny Encryption Algorithm) cipher algorithms
541 559
542 Tiny Encryption Algorithm is a simpl 560 Tiny Encryption Algorithm is a simple cipher that uses
543 many rounds for security. It is ver 561 many rounds for security. It is very fast and uses
544 little memory. 562 little memory.
545 563
546 Xtendend Tiny Encryption Algorithm i 564 Xtendend Tiny Encryption Algorithm is a modification to
547 the TEA algorithm to address a poten 565 the TEA algorithm to address a potential key weakness
548 in the TEA algorithm. 566 in the TEA algorithm.
549 567
550 Xtendend Encryption Tiny Algorithm i 568 Xtendend Encryption Tiny Algorithm is a mis-implementation
551 of the XTEA algorithm for compatibil 569 of the XTEA algorithm for compatibility purposes.
552 570
553 config CRYPTO_TWOFISH 571 config CRYPTO_TWOFISH
554 tristate "Twofish" 572 tristate "Twofish"
555 select CRYPTO_ALGAPI 573 select CRYPTO_ALGAPI
556 select CRYPTO_TWOFISH_COMMON 574 select CRYPTO_TWOFISH_COMMON
557 help 575 help
558 Twofish cipher algorithm 576 Twofish cipher algorithm
559 577
560 Twofish was submitted as an AES (Adv 578 Twofish was submitted as an AES (Advanced Encryption Standard)
561 candidate cipher by researchers at C 579 candidate cipher by researchers at CounterPane Systems. It is a
562 16 round block cipher supporting key 580 16 round block cipher supporting key sizes of 128, 192, and 256
563 bits. 581 bits.
564 582
565 See https://www.schneier.com/twofish 583 See https://www.schneier.com/twofish.html for further information.
566 584
567 config CRYPTO_TWOFISH_COMMON 585 config CRYPTO_TWOFISH_COMMON
568 tristate 586 tristate
569 help 587 help
570 Common parts of the Twofish cipher a 588 Common parts of the Twofish cipher algorithm shared by the
571 generic c and the assembler implemen 589 generic c and the assembler implementations.
572 590
573 endmenu 591 endmenu
574 592
575 menu "Length-preserving ciphers and modes" 593 menu "Length-preserving ciphers and modes"
576 594
577 config CRYPTO_ADIANTUM 595 config CRYPTO_ADIANTUM
578 tristate "Adiantum" 596 tristate "Adiantum"
579 select CRYPTO_CHACHA20 597 select CRYPTO_CHACHA20
580 select CRYPTO_LIB_POLY1305_GENERIC 598 select CRYPTO_LIB_POLY1305_GENERIC
581 select CRYPTO_NHPOLY1305 599 select CRYPTO_NHPOLY1305
582 select CRYPTO_MANAGER 600 select CRYPTO_MANAGER
583 help 601 help
584 Adiantum tweakable, length-preservin 602 Adiantum tweakable, length-preserving encryption mode
585 603
586 Designed for fast and secure disk en 604 Designed for fast and secure disk encryption, especially on
587 CPUs without dedicated crypto instru 605 CPUs without dedicated crypto instructions. It encrypts
588 each sector using the XChaCha12 stre 606 each sector using the XChaCha12 stream cipher, two passes of
589 an ε-almost-∆-universal hash func 607 an ε-almost-∆-universal hash function, and an invocation of
590 the AES-256 block cipher on a single 608 the AES-256 block cipher on a single 16-byte block. On CPUs
591 without AES instructions, Adiantum i 609 without AES instructions, Adiantum is much faster than
592 AES-XTS. 610 AES-XTS.
593 611
594 Adiantum's security is provably redu 612 Adiantum's security is provably reducible to that of its
595 underlying stream and block ciphers, 613 underlying stream and block ciphers, subject to a security
596 bound. Unlike XTS, Adiantum is a tr 614 bound. Unlike XTS, Adiantum is a true wide-block encryption
597 mode, so it actually provides an eve 615 mode, so it actually provides an even stronger notion of
598 security than XTS, subject to the se 616 security than XTS, subject to the security bound.
599 617
600 If unsure, say N. 618 If unsure, say N.
601 619
602 config CRYPTO_ARC4 620 config CRYPTO_ARC4
603 tristate "ARC4 (Alleged Rivest Cipher 621 tristate "ARC4 (Alleged Rivest Cipher 4)"
604 depends on CRYPTO_USER_API_ENABLE_OBSO 622 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
605 select CRYPTO_SKCIPHER 623 select CRYPTO_SKCIPHER
606 select CRYPTO_LIB_ARC4 624 select CRYPTO_LIB_ARC4
607 help 625 help
608 ARC4 cipher algorithm 626 ARC4 cipher algorithm
609 627
610 ARC4 is a stream cipher using keys r 628 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
611 bits in length. This algorithm is r 629 bits in length. This algorithm is required for driver-based
612 WEP, but it should not be for other 630 WEP, but it should not be for other purposes because of the
613 weakness of the algorithm. 631 weakness of the algorithm.
614 632
615 config CRYPTO_CHACHA20 633 config CRYPTO_CHACHA20
616 tristate "ChaCha" 634 tristate "ChaCha"
617 select CRYPTO_LIB_CHACHA_GENERIC 635 select CRYPTO_LIB_CHACHA_GENERIC
618 select CRYPTO_SKCIPHER 636 select CRYPTO_SKCIPHER
619 help 637 help
620 The ChaCha20, XChaCha20, and XChaCha 638 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms
621 639
622 ChaCha20 is a 256-bit high-speed str 640 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
623 Bernstein and further specified in R 641 Bernstein and further specified in RFC7539 for use in IETF protocols.
624 This is the portable C implementatio 642 This is the portable C implementation of ChaCha20. See
625 https://cr.yp.to/chacha/chacha-20080 643 https://cr.yp.to/chacha/chacha-20080128.pdf for further information.
626 644
627 XChaCha20 is the application of the 645 XChaCha20 is the application of the XSalsa20 construction to ChaCha20
628 rather than to Salsa20. XChaCha20 e 646 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
629 from 64 bits (or 96 bits using the R 647 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
630 while provably retaining ChaCha20's 648 while provably retaining ChaCha20's security. See
631 https://cr.yp.to/snuffle/xsalsa-2008 649 https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information.
632 650
633 XChaCha12 is XChaCha20 reduced to 12 651 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
634 reduced security margin but increase 652 reduced security margin but increased performance. It can be needed
635 in some performance-sensitive scenar 653 in some performance-sensitive scenarios.
636 654
637 config CRYPTO_CBC 655 config CRYPTO_CBC
638 tristate "CBC (Cipher Block Chaining)" 656 tristate "CBC (Cipher Block Chaining)"
639 select CRYPTO_SKCIPHER 657 select CRYPTO_SKCIPHER
640 select CRYPTO_MANAGER 658 select CRYPTO_MANAGER
641 help 659 help
642 CBC (Cipher Block Chaining) mode (NI 660 CBC (Cipher Block Chaining) mode (NIST SP800-38A)
643 661
644 This block cipher mode is required f 662 This block cipher mode is required for IPSec ESP (XFRM_ESP).
645 663
646 config CRYPTO_CTR 664 config CRYPTO_CTR
647 tristate "CTR (Counter)" 665 tristate "CTR (Counter)"
648 select CRYPTO_SKCIPHER 666 select CRYPTO_SKCIPHER
649 select CRYPTO_MANAGER 667 select CRYPTO_MANAGER
650 help 668 help
651 CTR (Counter) mode (NIST SP800-38A) 669 CTR (Counter) mode (NIST SP800-38A)
652 670
653 config CRYPTO_CTS 671 config CRYPTO_CTS
654 tristate "CTS (Cipher Text Stealing)" 672 tristate "CTS (Cipher Text Stealing)"
655 select CRYPTO_SKCIPHER 673 select CRYPTO_SKCIPHER
656 select CRYPTO_MANAGER 674 select CRYPTO_MANAGER
657 help 675 help
658 CBC-CS3 variant of CTS (Cipher Text 676 CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST
659 Addendum to SP800-38A (October 2010) 677 Addendum to SP800-38A (October 2010))
660 678
661 This mode is required for Kerberos g 679 This mode is required for Kerberos gss mechanism support
662 for AES encryption. 680 for AES encryption.
663 681
664 config CRYPTO_ECB 682 config CRYPTO_ECB
665 tristate "ECB (Electronic Codebook)" 683 tristate "ECB (Electronic Codebook)"
666 select CRYPTO_SKCIPHER2 684 select CRYPTO_SKCIPHER2
667 select CRYPTO_MANAGER 685 select CRYPTO_MANAGER
668 help 686 help
669 ECB (Electronic Codebook) mode (NIST 687 ECB (Electronic Codebook) mode (NIST SP800-38A)
670 688
671 config CRYPTO_HCTR2 689 config CRYPTO_HCTR2
672 tristate "HCTR2" 690 tristate "HCTR2"
673 select CRYPTO_XCTR 691 select CRYPTO_XCTR
674 select CRYPTO_POLYVAL 692 select CRYPTO_POLYVAL
675 select CRYPTO_MANAGER 693 select CRYPTO_MANAGER
676 help 694 help
677 HCTR2 length-preserving encryption m 695 HCTR2 length-preserving encryption mode
678 696
679 A mode for storage encryption that i 697 A mode for storage encryption that is efficient on processors with
680 instructions to accelerate AES and c 698 instructions to accelerate AES and carryless multiplication, e.g.
681 x86 processors with AES-NI and CLMUL 699 x86 processors with AES-NI and CLMUL, and ARM processors with the
682 ARMv8 crypto extensions. 700 ARMv8 crypto extensions.
683 701
684 See https://eprint.iacr.org/2021/144 702 See https://eprint.iacr.org/2021/1441
685 703
686 config CRYPTO_KEYWRAP 704 config CRYPTO_KEYWRAP
687 tristate "KW (AES Key Wrap)" 705 tristate "KW (AES Key Wrap)"
688 select CRYPTO_SKCIPHER 706 select CRYPTO_SKCIPHER
689 select CRYPTO_MANAGER 707 select CRYPTO_MANAGER
690 help 708 help
691 KW (AES Key Wrap) authenticated encr 709 KW (AES Key Wrap) authenticated encryption mode (NIST SP800-38F
692 and RFC3394) without padding. 710 and RFC3394) without padding.
693 711
694 config CRYPTO_LRW 712 config CRYPTO_LRW
695 tristate "LRW (Liskov Rivest Wagner)" 713 tristate "LRW (Liskov Rivest Wagner)"
696 select CRYPTO_LIB_GF128MUL 714 select CRYPTO_LIB_GF128MUL
697 select CRYPTO_SKCIPHER 715 select CRYPTO_SKCIPHER
698 select CRYPTO_MANAGER 716 select CRYPTO_MANAGER
699 select CRYPTO_ECB 717 select CRYPTO_ECB
700 help 718 help
701 LRW (Liskov Rivest Wagner) mode 719 LRW (Liskov Rivest Wagner) mode
702 720
703 A tweakable, non malleable, non mova 721 A tweakable, non malleable, non movable
704 narrow block cipher mode for dm-cryp 722 narrow block cipher mode for dm-crypt. Use it with cipher
705 specification string aes-lrw-benbi, 723 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
706 The first 128, 192 or 256 bits in th 724 The first 128, 192 or 256 bits in the key are used for AES and the
707 rest is used to tie each cipher bloc 725 rest is used to tie each cipher block to its logical position.
708 726
709 See https://people.csail.mit.edu/riv 727 See https://people.csail.mit.edu/rivest/pubs/LRW02.pdf
710 728
711 config CRYPTO_PCBC 729 config CRYPTO_PCBC
712 tristate "PCBC (Propagating Cipher Blo 730 tristate "PCBC (Propagating Cipher Block Chaining)"
713 select CRYPTO_SKCIPHER 731 select CRYPTO_SKCIPHER
714 select CRYPTO_MANAGER 732 select CRYPTO_MANAGER
715 help 733 help
716 PCBC (Propagating Cipher Block Chain 734 PCBC (Propagating Cipher Block Chaining) mode
717 735
718 This block cipher mode is required f 736 This block cipher mode is required for RxRPC.
719 737
720 config CRYPTO_XCTR 738 config CRYPTO_XCTR
721 tristate 739 tristate
722 select CRYPTO_SKCIPHER 740 select CRYPTO_SKCIPHER
723 select CRYPTO_MANAGER 741 select CRYPTO_MANAGER
724 help 742 help
725 XCTR (XOR Counter) mode for HCTR2 743 XCTR (XOR Counter) mode for HCTR2
726 744
727 This blockcipher mode is a variant o 745 This blockcipher mode is a variant of CTR mode using XORs and little-endian
728 addition rather than big-endian arit 746 addition rather than big-endian arithmetic.
729 747
730 XCTR mode is used to implement HCTR2 748 XCTR mode is used to implement HCTR2.
731 749
732 config CRYPTO_XTS 750 config CRYPTO_XTS
733 tristate "XTS (XOR Encrypt XOR with ci 751 tristate "XTS (XOR Encrypt XOR with ciphertext stealing)"
734 select CRYPTO_SKCIPHER 752 select CRYPTO_SKCIPHER
735 select CRYPTO_MANAGER 753 select CRYPTO_MANAGER
736 select CRYPTO_ECB 754 select CRYPTO_ECB
737 help 755 help
738 XTS (XOR Encrypt XOR with ciphertext 756 XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
739 and IEEE 1619) 757 and IEEE 1619)
740 758
741 Use with aes-xts-plain, key size 256 759 Use with aes-xts-plain, key size 256, 384 or 512 bits. This
742 implementation currently can't handl 760 implementation currently can't handle a sectorsize which is not a
743 multiple of 16 bytes. 761 multiple of 16 bytes.
744 762
745 config CRYPTO_NHPOLY1305 763 config CRYPTO_NHPOLY1305
746 tristate 764 tristate
747 select CRYPTO_HASH 765 select CRYPTO_HASH
748 select CRYPTO_LIB_POLY1305_GENERIC 766 select CRYPTO_LIB_POLY1305_GENERIC
749 767
750 endmenu 768 endmenu
751 769
752 menu "AEAD (authenticated encryption with asso 770 menu "AEAD (authenticated encryption with associated data) ciphers"
753 771
754 config CRYPTO_AEGIS128 772 config CRYPTO_AEGIS128
755 tristate "AEGIS-128" 773 tristate "AEGIS-128"
756 select CRYPTO_AEAD 774 select CRYPTO_AEAD
757 select CRYPTO_AES # for AES S-box tab 775 select CRYPTO_AES # for AES S-box tables
758 help 776 help
759 AEGIS-128 AEAD algorithm 777 AEGIS-128 AEAD algorithm
760 778
761 config CRYPTO_AEGIS128_SIMD 779 config CRYPTO_AEGIS128_SIMD
762 bool "AEGIS-128 (arm NEON, arm64 NEON) 780 bool "AEGIS-128 (arm NEON, arm64 NEON)"
763 depends on CRYPTO_AEGIS128 && ((ARM || 781 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
764 default y 782 default y
765 help 783 help
766 AEGIS-128 AEAD algorithm 784 AEGIS-128 AEAD algorithm
767 785
768 Architecture: arm or arm64 using: 786 Architecture: arm or arm64 using:
769 - NEON (Advanced SIMD) extension 787 - NEON (Advanced SIMD) extension
770 788
771 config CRYPTO_CHACHA20POLY1305 789 config CRYPTO_CHACHA20POLY1305
772 tristate "ChaCha20-Poly1305" 790 tristate "ChaCha20-Poly1305"
773 select CRYPTO_CHACHA20 791 select CRYPTO_CHACHA20
774 select CRYPTO_POLY1305 792 select CRYPTO_POLY1305
775 select CRYPTO_AEAD 793 select CRYPTO_AEAD
776 select CRYPTO_MANAGER 794 select CRYPTO_MANAGER
777 help 795 help
778 ChaCha20 stream cipher and Poly1305 796 ChaCha20 stream cipher and Poly1305 authenticator combined
779 mode (RFC8439) 797 mode (RFC8439)
780 798
781 config CRYPTO_CCM 799 config CRYPTO_CCM
782 tristate "CCM (Counter with Cipher Blo 800 tristate "CCM (Counter with Cipher Block Chaining-MAC)"
783 select CRYPTO_CTR 801 select CRYPTO_CTR
784 select CRYPTO_HASH 802 select CRYPTO_HASH
785 select CRYPTO_AEAD 803 select CRYPTO_AEAD
786 select CRYPTO_MANAGER 804 select CRYPTO_MANAGER
787 help 805 help
788 CCM (Counter with Cipher Block Chain 806 CCM (Counter with Cipher Block Chaining-Message Authentication Code)
789 authenticated encryption mode (NIST 807 authenticated encryption mode (NIST SP800-38C)
790 808
791 config CRYPTO_GCM 809 config CRYPTO_GCM
792 tristate "GCM (Galois/Counter Mode) an 810 tristate "GCM (Galois/Counter Mode) and GMAC (GCM MAC)"
793 select CRYPTO_CTR 811 select CRYPTO_CTR
794 select CRYPTO_AEAD 812 select CRYPTO_AEAD
795 select CRYPTO_GHASH 813 select CRYPTO_GHASH
796 select CRYPTO_NULL 814 select CRYPTO_NULL
797 select CRYPTO_MANAGER 815 select CRYPTO_MANAGER
798 help 816 help
799 GCM (Galois/Counter Mode) authentica 817 GCM (Galois/Counter Mode) authenticated encryption mode and GMAC
800 (GCM Message Authentication Code) (N 818 (GCM Message Authentication Code) (NIST SP800-38D)
801 819
802 This is required for IPSec ESP (XFRM 820 This is required for IPSec ESP (XFRM_ESP).
803 821
804 config CRYPTO_GENIV 822 config CRYPTO_GENIV
805 tristate 823 tristate
806 select CRYPTO_AEAD 824 select CRYPTO_AEAD
807 select CRYPTO_NULL 825 select CRYPTO_NULL
808 select CRYPTO_MANAGER 826 select CRYPTO_MANAGER
809 select CRYPTO_RNG_DEFAULT 827 select CRYPTO_RNG_DEFAULT
810 828
811 config CRYPTO_SEQIV 829 config CRYPTO_SEQIV
812 tristate "Sequence Number IV Generator 830 tristate "Sequence Number IV Generator"
813 select CRYPTO_GENIV 831 select CRYPTO_GENIV
814 help 832 help
815 Sequence Number IV generator 833 Sequence Number IV generator
816 834
817 This IV generator generates an IV ba 835 This IV generator generates an IV based on a sequence number by
818 xoring it with a salt. This algorit 836 xoring it with a salt. This algorithm is mainly useful for CTR.
819 837
820 This is required for IPsec ESP (XFRM 838 This is required for IPsec ESP (XFRM_ESP).
821 839
822 config CRYPTO_ECHAINIV 840 config CRYPTO_ECHAINIV
823 tristate "Encrypted Chain IV Generator 841 tristate "Encrypted Chain IV Generator"
824 select CRYPTO_GENIV 842 select CRYPTO_GENIV
825 help 843 help
826 Encrypted Chain IV generator 844 Encrypted Chain IV generator
827 845
828 This IV generator generates an IV ba 846 This IV generator generates an IV based on the encryption of
829 a sequence number xored with a salt. 847 a sequence number xored with a salt. This is the default
830 algorithm for CBC. 848 algorithm for CBC.
831 849
832 config CRYPTO_ESSIV 850 config CRYPTO_ESSIV
833 tristate "Encrypted Salt-Sector IV Gen 851 tristate "Encrypted Salt-Sector IV Generator"
834 select CRYPTO_AUTHENC 852 select CRYPTO_AUTHENC
835 help 853 help
836 Encrypted Salt-Sector IV generator 854 Encrypted Salt-Sector IV generator
837 855
838 This IV generator is used in some ca 856 This IV generator is used in some cases by fscrypt and/or
839 dm-crypt. It uses the hash of the bl 857 dm-crypt. It uses the hash of the block encryption key as the
840 symmetric key for a block encryption 858 symmetric key for a block encryption pass applied to the input
841 IV, making low entropy IV sources mo 859 IV, making low entropy IV sources more suitable for block
842 encryption. 860 encryption.
843 861
844 This driver implements a crypto API 862 This driver implements a crypto API template that can be
845 instantiated either as an skcipher o 863 instantiated either as an skcipher or as an AEAD (depending on the
846 type of the first template argument) 864 type of the first template argument), and which defers encryption
847 and decryption requests to the encap 865 and decryption requests to the encapsulated cipher after applying
848 ESSIV to the input IV. Note that in 866 ESSIV to the input IV. Note that in the AEAD case, it is assumed
849 that the keys are presented in the s 867 that the keys are presented in the same format used by the authenc
850 template, and that the IV appears at 868 template, and that the IV appears at the end of the authenticated
851 associated data (AAD) region (which 869 associated data (AAD) region (which is how dm-crypt uses it.)
852 870
853 Note that the use of ESSIV is not re 871 Note that the use of ESSIV is not recommended for new deployments,
854 and so this only needs to be enabled 872 and so this only needs to be enabled when interoperability with
855 existing encrypted volumes of filesy 873 existing encrypted volumes of filesystems is required, or when
856 building for a particular system tha 874 building for a particular system that requires it (e.g., when
857 the SoC in question has accelerated 875 the SoC in question has accelerated CBC but not XTS, making CBC
858 combined with ESSIV the only feasibl 876 combined with ESSIV the only feasible mode for h/w accelerated
859 block encryption) 877 block encryption)
860 878
861 endmenu 879 endmenu
862 880
863 menu "Hashes, digests, and MACs" 881 menu "Hashes, digests, and MACs"
864 882
865 config CRYPTO_BLAKE2B 883 config CRYPTO_BLAKE2B
866 tristate "BLAKE2b" 884 tristate "BLAKE2b"
867 select CRYPTO_HASH 885 select CRYPTO_HASH
868 help 886 help
869 BLAKE2b cryptographic hash function 887 BLAKE2b cryptographic hash function (RFC 7693)
870 888
871 BLAKE2b is optimized for 64-bit plat 889 BLAKE2b is optimized for 64-bit platforms and can produce digests
872 of any size between 1 and 64 bytes. 890 of any size between 1 and 64 bytes. The keyed hash is also implemented.
873 891
874 This module provides the following a 892 This module provides the following algorithms:
875 - blake2b-160 893 - blake2b-160
876 - blake2b-256 894 - blake2b-256
877 - blake2b-384 895 - blake2b-384
878 - blake2b-512 896 - blake2b-512
879 897
880 Used by the btrfs filesystem. 898 Used by the btrfs filesystem.
881 899
882 See https://blake2.net for further i 900 See https://blake2.net for further information.
883 901
884 config CRYPTO_CMAC 902 config CRYPTO_CMAC
885 tristate "CMAC (Cipher-based MAC)" 903 tristate "CMAC (Cipher-based MAC)"
886 select CRYPTO_HASH 904 select CRYPTO_HASH
887 select CRYPTO_MANAGER 905 select CRYPTO_MANAGER
888 help 906 help
889 CMAC (Cipher-based Message Authentic 907 CMAC (Cipher-based Message Authentication Code) authentication
890 mode (NIST SP800-38B and IETF RFC449 908 mode (NIST SP800-38B and IETF RFC4493)
891 909
892 config CRYPTO_GHASH 910 config CRYPTO_GHASH
893 tristate "GHASH" 911 tristate "GHASH"
894 select CRYPTO_HASH 912 select CRYPTO_HASH
895 select CRYPTO_LIB_GF128MUL 913 select CRYPTO_LIB_GF128MUL
896 help 914 help
897 GCM GHASH function (NIST SP800-38D) 915 GCM GHASH function (NIST SP800-38D)
898 916
899 config CRYPTO_HMAC 917 config CRYPTO_HMAC
900 tristate "HMAC (Keyed-Hash MAC)" 918 tristate "HMAC (Keyed-Hash MAC)"
901 select CRYPTO_HASH 919 select CRYPTO_HASH
902 select CRYPTO_MANAGER 920 select CRYPTO_MANAGER
903 help 921 help
904 HMAC (Keyed-Hash Message Authenticat 922 HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and
905 RFC2104) 923 RFC2104)
906 924
907 This is required for IPsec AH (XFRM_ 925 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
908 926
909 config CRYPTO_MD4 927 config CRYPTO_MD4
910 tristate "MD4" 928 tristate "MD4"
911 select CRYPTO_HASH 929 select CRYPTO_HASH
912 help 930 help
913 MD4 message digest algorithm (RFC132 931 MD4 message digest algorithm (RFC1320)
914 932
915 config CRYPTO_MD5 933 config CRYPTO_MD5
916 tristate "MD5" 934 tristate "MD5"
917 select CRYPTO_HASH 935 select CRYPTO_HASH
918 help 936 help
919 MD5 message digest algorithm (RFC132 937 MD5 message digest algorithm (RFC1321)
920 938
921 config CRYPTO_MICHAEL_MIC 939 config CRYPTO_MICHAEL_MIC
922 tristate "Michael MIC" 940 tristate "Michael MIC"
923 select CRYPTO_HASH 941 select CRYPTO_HASH
924 help 942 help
925 Michael MIC (Message Integrity Code) 943 Michael MIC (Message Integrity Code) (IEEE 802.11i)
926 944
927 Defined by the IEEE 802.11i TKIP (Te 945 Defined by the IEEE 802.11i TKIP (Temporal Key Integrity Protocol),
928 known as WPA (Wif-Fi Protected Acces 946 known as WPA (Wif-Fi Protected Access).
929 947
930 This algorithm is required for TKIP, 948 This algorithm is required for TKIP, but it should not be used for
931 other purposes because of the weakne 949 other purposes because of the weakness of the algorithm.
932 950
933 config CRYPTO_POLYVAL 951 config CRYPTO_POLYVAL
934 tristate 952 tristate
935 select CRYPTO_HASH 953 select CRYPTO_HASH
936 select CRYPTO_LIB_GF128MUL 954 select CRYPTO_LIB_GF128MUL
937 help 955 help
938 POLYVAL hash function for HCTR2 956 POLYVAL hash function for HCTR2
939 957
940 This is used in HCTR2. It is not a 958 This is used in HCTR2. It is not a general-purpose
941 cryptographic hash function. 959 cryptographic hash function.
942 960
943 config CRYPTO_POLY1305 961 config CRYPTO_POLY1305
944 tristate "Poly1305" 962 tristate "Poly1305"
945 select CRYPTO_HASH 963 select CRYPTO_HASH
946 select CRYPTO_LIB_POLY1305_GENERIC 964 select CRYPTO_LIB_POLY1305_GENERIC
947 help 965 help
948 Poly1305 authenticator algorithm (RF 966 Poly1305 authenticator algorithm (RFC7539)
949 967
950 Poly1305 is an authenticator algorit 968 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
951 It is used for the ChaCha20-Poly1305 969 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
952 in IETF protocols. This is the porta 970 in IETF protocols. This is the portable C implementation of Poly1305.
953 971
954 config CRYPTO_RMD160 972 config CRYPTO_RMD160
955 tristate "RIPEMD-160" 973 tristate "RIPEMD-160"
956 select CRYPTO_HASH 974 select CRYPTO_HASH
957 help 975 help
958 RIPEMD-160 hash function (ISO/IEC 10 976 RIPEMD-160 hash function (ISO/IEC 10118-3)
959 977
960 RIPEMD-160 is a 160-bit cryptographi 978 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
961 to be used as a secure replacement f 979 to be used as a secure replacement for the 128-bit hash functions
962 MD4, MD5 and its predecessor RIPEMD 980 MD4, MD5 and its predecessor RIPEMD
963 (not to be confused with RIPEMD-128) 981 (not to be confused with RIPEMD-128).
964 982
965 Its speed is comparable to SHA-1 and 983 Its speed is comparable to SHA-1 and there are no known attacks
966 against RIPEMD-160. 984 against RIPEMD-160.
967 985
968 Developed by Hans Dobbertin, Antoon 986 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
969 See https://homes.esat.kuleuven.be/~ 987 See https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
970 for further information. 988 for further information.
971 989
972 config CRYPTO_SHA1 990 config CRYPTO_SHA1
973 tristate "SHA-1" 991 tristate "SHA-1"
974 select CRYPTO_HASH 992 select CRYPTO_HASH
975 select CRYPTO_LIB_SHA1 993 select CRYPTO_LIB_SHA1
976 help 994 help
977 SHA-1 secure hash algorithm (FIPS 18 995 SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3)
978 996
979 config CRYPTO_SHA256 997 config CRYPTO_SHA256
980 tristate "SHA-224 and SHA-256" 998 tristate "SHA-224 and SHA-256"
981 select CRYPTO_HASH 999 select CRYPTO_HASH
982 select CRYPTO_LIB_SHA256 1000 select CRYPTO_LIB_SHA256
983 help 1001 help
984 SHA-224 and SHA-256 secure hash algo 1002 SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
985 1003
986 This is required for IPsec AH (XFRM_ 1004 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
987 Used by the btrfs filesystem, Ceph, 1005 Used by the btrfs filesystem, Ceph, NFS, and SMB.
988 1006
989 config CRYPTO_SHA512 1007 config CRYPTO_SHA512
990 tristate "SHA-384 and SHA-512" 1008 tristate "SHA-384 and SHA-512"
991 select CRYPTO_HASH 1009 select CRYPTO_HASH
992 help 1010 help
993 SHA-384 and SHA-512 secure hash algo 1011 SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
994 1012
995 config CRYPTO_SHA3 1013 config CRYPTO_SHA3
996 tristate "SHA-3" 1014 tristate "SHA-3"
997 select CRYPTO_HASH 1015 select CRYPTO_HASH
998 help 1016 help
999 SHA-3 secure hash algorithms (FIPS 2 1017 SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3)
1000 1018
1001 config CRYPTO_SM3 1019 config CRYPTO_SM3
1002 tristate 1020 tristate
1003 1021
1004 config CRYPTO_SM3_GENERIC 1022 config CRYPTO_SM3_GENERIC
1005 tristate "SM3 (ShangMi 3)" 1023 tristate "SM3 (ShangMi 3)"
1006 select CRYPTO_HASH 1024 select CRYPTO_HASH
1007 select CRYPTO_SM3 1025 select CRYPTO_SM3
1008 help 1026 help
1009 SM3 (ShangMi 3) secure hash functio 1027 SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3)
1010 1028
1011 This is part of the Chinese Commerc 1029 This is part of the Chinese Commercial Cryptography suite.
1012 1030
1013 References: 1031 References:
1014 http://www.oscca.gov.cn/UpFile/2010 1032 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1015 https://datatracker.ietf.org/doc/ht 1033 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1016 1034
1017 config CRYPTO_STREEBOG 1035 config CRYPTO_STREEBOG
1018 tristate "Streebog" 1036 tristate "Streebog"
1019 select CRYPTO_HASH 1037 select CRYPTO_HASH
1020 help 1038 help
1021 Streebog Hash Function (GOST R 34.1 1039 Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3)
1022 1040
1023 This is one of the Russian cryptogr 1041 This is one of the Russian cryptographic standard algorithms (called
1024 GOST algorithms). This setting enab 1042 GOST algorithms). This setting enables two hash algorithms with
1025 256 and 512 bits output. 1043 256 and 512 bits output.
1026 1044
1027 References: 1045 References:
1028 https://tc26.ru/upload/iblock/fed/f 1046 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1029 https://tools.ietf.org/html/rfc6986 1047 https://tools.ietf.org/html/rfc6986
1030 1048
1031 config CRYPTO_VMAC 1049 config CRYPTO_VMAC
1032 tristate "VMAC" 1050 tristate "VMAC"
1033 select CRYPTO_HASH 1051 select CRYPTO_HASH
1034 select CRYPTO_MANAGER 1052 select CRYPTO_MANAGER
1035 help 1053 help
1036 VMAC is a message authentication al 1054 VMAC is a message authentication algorithm designed for
1037 very high speed on 64-bit architect 1055 very high speed on 64-bit architectures.
1038 1056
1039 See https://fastcrypto.org/vmac for 1057 See https://fastcrypto.org/vmac for further information.
1040 1058
1041 config CRYPTO_WP512 1059 config CRYPTO_WP512
1042 tristate "Whirlpool" 1060 tristate "Whirlpool"
1043 select CRYPTO_HASH 1061 select CRYPTO_HASH
1044 help 1062 help
1045 Whirlpool hash function (ISO/IEC 10 1063 Whirlpool hash function (ISO/IEC 10118-3)
1046 1064
1047 512, 384 and 256-bit hashes. 1065 512, 384 and 256-bit hashes.
1048 1066
1049 Whirlpool-512 is part of the NESSIE 1067 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1050 1068
1051 See https://web.archive.org/web/201 1069 See https://web.archive.org/web/20171129084214/http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
1052 for further information. 1070 for further information.
1053 1071
1054 config CRYPTO_XCBC 1072 config CRYPTO_XCBC
1055 tristate "XCBC-MAC (Extended Cipher B 1073 tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)"
1056 select CRYPTO_HASH 1074 select CRYPTO_HASH
1057 select CRYPTO_MANAGER 1075 select CRYPTO_MANAGER
1058 help 1076 help
1059 XCBC-MAC (Extended Cipher Block Cha 1077 XCBC-MAC (Extended Cipher Block Chaining Message Authentication
1060 Code) (RFC3566) 1078 Code) (RFC3566)
1061 1079
1062 config CRYPTO_XXHASH 1080 config CRYPTO_XXHASH
1063 tristate "xxHash" 1081 tristate "xxHash"
1064 select CRYPTO_HASH 1082 select CRYPTO_HASH
1065 select XXHASH 1083 select XXHASH
1066 help 1084 help
1067 xxHash non-cryptographic hash algor 1085 xxHash non-cryptographic hash algorithm
1068 1086
1069 Extremely fast, working at speeds c 1087 Extremely fast, working at speeds close to RAM limits.
1070 1088
1071 Used by the btrfs filesystem. 1089 Used by the btrfs filesystem.
1072 1090
1073 endmenu 1091 endmenu
1074 1092
1075 menu "CRCs (cyclic redundancy checks)" 1093 menu "CRCs (cyclic redundancy checks)"
1076 1094
1077 config CRYPTO_CRC32C 1095 config CRYPTO_CRC32C
1078 tristate "CRC32c" 1096 tristate "CRC32c"
1079 select CRYPTO_HASH 1097 select CRYPTO_HASH
1080 select CRC32 1098 select CRC32
1081 help 1099 help
1082 CRC32c CRC algorithm with the iSCSI 1100 CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720)
1083 1101
1084 A 32-bit CRC (cyclic redundancy che 1102 A 32-bit CRC (cyclic redundancy check) with a polynomial defined
1085 by G. Castagnoli, S. Braeuer and M. 1103 by G. Castagnoli, S. Braeuer and M. Herrman in "Optimization of Cyclic
1086 Redundancy-Check Codes with 24 and 1104 Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions
1087 on Communications, Vol. 41, No. 6, 1105 on Communications, Vol. 41, No. 6, June 1993, selected for use with
1088 iSCSI. 1106 iSCSI.
1089 1107
1090 Used by btrfs, ext4, jbd2, NVMeoF/T 1108 Used by btrfs, ext4, jbd2, NVMeoF/TCP, and iSCSI.
1091 1109
1092 config CRYPTO_CRC32 1110 config CRYPTO_CRC32
1093 tristate "CRC32" 1111 tristate "CRC32"
1094 select CRYPTO_HASH 1112 select CRYPTO_HASH
1095 select CRC32 1113 select CRC32
1096 help 1114 help
1097 CRC32 CRC algorithm (IEEE 802.3) 1115 CRC32 CRC algorithm (IEEE 802.3)
1098 1116
1099 Used by RoCEv2 and f2fs. 1117 Used by RoCEv2 and f2fs.
1100 1118
1101 config CRYPTO_CRCT10DIF 1119 config CRYPTO_CRCT10DIF
1102 tristate "CRCT10DIF" 1120 tristate "CRCT10DIF"
1103 select CRYPTO_HASH 1121 select CRYPTO_HASH
1104 help 1122 help
1105 CRC16 CRC algorithm used for the T1 1123 CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF)
1106 1124
1107 CRC algorithm used by the SCSI Bloc 1125 CRC algorithm used by the SCSI Block Commands standard.
1108 1126
1109 config CRYPTO_CRC64_ROCKSOFT 1127 config CRYPTO_CRC64_ROCKSOFT
1110 tristate "CRC64 based on Rocksoft Mod 1128 tristate "CRC64 based on Rocksoft Model algorithm"
1111 depends on CRC64 1129 depends on CRC64
1112 select CRYPTO_HASH 1130 select CRYPTO_HASH
1113 help 1131 help
1114 CRC64 CRC algorithm based on the Ro 1132 CRC64 CRC algorithm based on the Rocksoft Model CRC Algorithm
1115 1133
1116 Used by the NVMe implementation of 1134 Used by the NVMe implementation of T10 DIF (BLK_DEV_INTEGRITY)
1117 1135
1118 See https://zlib.net/crc_v3.txt 1136 See https://zlib.net/crc_v3.txt
1119 1137
1120 endmenu 1138 endmenu
1121 1139
1122 menu "Compression" 1140 menu "Compression"
1123 1141
1124 config CRYPTO_DEFLATE 1142 config CRYPTO_DEFLATE
1125 tristate "Deflate" 1143 tristate "Deflate"
1126 select CRYPTO_ALGAPI 1144 select CRYPTO_ALGAPI
1127 select CRYPTO_ACOMP2 1145 select CRYPTO_ACOMP2
1128 select ZLIB_INFLATE 1146 select ZLIB_INFLATE
1129 select ZLIB_DEFLATE 1147 select ZLIB_DEFLATE
1130 help 1148 help
1131 Deflate compression algorithm (RFC1 1149 Deflate compression algorithm (RFC1951)
1132 1150
1133 Used by IPSec with the IPCOMP proto 1151 Used by IPSec with the IPCOMP protocol (RFC3173, RFC2394)
1134 1152
1135 config CRYPTO_LZO 1153 config CRYPTO_LZO
1136 tristate "LZO" 1154 tristate "LZO"
1137 select CRYPTO_ALGAPI 1155 select CRYPTO_ALGAPI
1138 select CRYPTO_ACOMP2 1156 select CRYPTO_ACOMP2
1139 select LZO_COMPRESS 1157 select LZO_COMPRESS
1140 select LZO_DECOMPRESS 1158 select LZO_DECOMPRESS
1141 help 1159 help
1142 LZO compression algorithm 1160 LZO compression algorithm
1143 1161
1144 See https://www.oberhumer.com/opens 1162 See https://www.oberhumer.com/opensource/lzo/ for further information.
1145 1163
1146 config CRYPTO_842 1164 config CRYPTO_842
1147 tristate "842" 1165 tristate "842"
1148 select CRYPTO_ALGAPI 1166 select CRYPTO_ALGAPI
1149 select CRYPTO_ACOMP2 1167 select CRYPTO_ACOMP2
1150 select 842_COMPRESS 1168 select 842_COMPRESS
1151 select 842_DECOMPRESS 1169 select 842_DECOMPRESS
1152 help 1170 help
1153 842 compression algorithm by IBM 1171 842 compression algorithm by IBM
1154 1172
1155 See https://github.com/plauth/lib84 1173 See https://github.com/plauth/lib842 for further information.
1156 1174
1157 config CRYPTO_LZ4 1175 config CRYPTO_LZ4
1158 tristate "LZ4" 1176 tristate "LZ4"
1159 select CRYPTO_ALGAPI 1177 select CRYPTO_ALGAPI
1160 select CRYPTO_ACOMP2 1178 select CRYPTO_ACOMP2
1161 select LZ4_COMPRESS 1179 select LZ4_COMPRESS
1162 select LZ4_DECOMPRESS 1180 select LZ4_DECOMPRESS
1163 help 1181 help
1164 LZ4 compression algorithm 1182 LZ4 compression algorithm
1165 1183
1166 See https://github.com/lz4/lz4 for 1184 See https://github.com/lz4/lz4 for further information.
1167 1185
1168 config CRYPTO_LZ4HC 1186 config CRYPTO_LZ4HC
1169 tristate "LZ4HC" 1187 tristate "LZ4HC"
1170 select CRYPTO_ALGAPI 1188 select CRYPTO_ALGAPI
1171 select CRYPTO_ACOMP2 1189 select CRYPTO_ACOMP2
1172 select LZ4HC_COMPRESS 1190 select LZ4HC_COMPRESS
1173 select LZ4_DECOMPRESS 1191 select LZ4_DECOMPRESS
1174 help 1192 help
1175 LZ4 high compression mode algorithm 1193 LZ4 high compression mode algorithm
1176 1194
1177 See https://github.com/lz4/lz4 for 1195 See https://github.com/lz4/lz4 for further information.
1178 1196
1179 config CRYPTO_ZSTD 1197 config CRYPTO_ZSTD
1180 tristate "Zstd" 1198 tristate "Zstd"
1181 select CRYPTO_ALGAPI 1199 select CRYPTO_ALGAPI
1182 select CRYPTO_ACOMP2 1200 select CRYPTO_ACOMP2
1183 select ZSTD_COMPRESS 1201 select ZSTD_COMPRESS
1184 select ZSTD_DECOMPRESS 1202 select ZSTD_DECOMPRESS
1185 help 1203 help
1186 zstd compression algorithm 1204 zstd compression algorithm
1187 1205
1188 See https://github.com/facebook/zst 1206 See https://github.com/facebook/zstd for further information.
1189 1207
1190 endmenu 1208 endmenu
1191 1209
1192 menu "Random number generation" 1210 menu "Random number generation"
1193 1211
1194 config CRYPTO_ANSI_CPRNG 1212 config CRYPTO_ANSI_CPRNG
1195 tristate "ANSI PRNG (Pseudo Random Nu 1213 tristate "ANSI PRNG (Pseudo Random Number Generator)"
1196 select CRYPTO_AES 1214 select CRYPTO_AES
1197 select CRYPTO_RNG 1215 select CRYPTO_RNG
1198 help 1216 help
1199 Pseudo RNG (random number generator 1217 Pseudo RNG (random number generator) (ANSI X9.31 Appendix A.2.4)
1200 1218
1201 This uses the AES cipher algorithm. 1219 This uses the AES cipher algorithm.
1202 1220
1203 Note that this option must be enabl 1221 Note that this option must be enabled if CRYPTO_FIPS is selected
1204 1222
1205 menuconfig CRYPTO_DRBG_MENU 1223 menuconfig CRYPTO_DRBG_MENU
1206 tristate "NIST SP800-90A DRBG (Determ 1224 tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)"
1207 help 1225 help
1208 DRBG (Deterministic Random Bit Gene 1226 DRBG (Deterministic Random Bit Generator) (NIST SP800-90A)
1209 1227
1210 In the following submenu, one or mo 1228 In the following submenu, one or more of the DRBG types must be selected.
1211 1229
1212 if CRYPTO_DRBG_MENU 1230 if CRYPTO_DRBG_MENU
1213 1231
1214 config CRYPTO_DRBG_HMAC 1232 config CRYPTO_DRBG_HMAC
1215 bool 1233 bool
1216 default y 1234 default y
1217 select CRYPTO_HMAC 1235 select CRYPTO_HMAC
1218 select CRYPTO_SHA512 1236 select CRYPTO_SHA512
1219 1237
1220 config CRYPTO_DRBG_HASH 1238 config CRYPTO_DRBG_HASH
1221 bool "Hash_DRBG" 1239 bool "Hash_DRBG"
1222 select CRYPTO_SHA256 1240 select CRYPTO_SHA256
1223 help 1241 help
1224 Hash_DRBG variant as defined in NIS 1242 Hash_DRBG variant as defined in NIST SP800-90A.
1225 1243
1226 This uses the SHA-1, SHA-256, SHA-3 1244 This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms.
1227 1245
1228 config CRYPTO_DRBG_CTR 1246 config CRYPTO_DRBG_CTR
1229 bool "CTR_DRBG" 1247 bool "CTR_DRBG"
1230 select CRYPTO_AES 1248 select CRYPTO_AES
1231 select CRYPTO_CTR 1249 select CRYPTO_CTR
1232 help 1250 help
1233 CTR_DRBG variant as defined in NIST 1251 CTR_DRBG variant as defined in NIST SP800-90A.
1234 1252
1235 This uses the AES cipher algorithm 1253 This uses the AES cipher algorithm with the counter block mode.
1236 1254
1237 config CRYPTO_DRBG 1255 config CRYPTO_DRBG
1238 tristate 1256 tristate
1239 default CRYPTO_DRBG_MENU 1257 default CRYPTO_DRBG_MENU
1240 select CRYPTO_RNG 1258 select CRYPTO_RNG
1241 select CRYPTO_JITTERENTROPY 1259 select CRYPTO_JITTERENTROPY
1242 1260
1243 endif # if CRYPTO_DRBG_MENU 1261 endif # if CRYPTO_DRBG_MENU
1244 1262
1245 config CRYPTO_JITTERENTROPY 1263 config CRYPTO_JITTERENTROPY
1246 tristate "CPU Jitter Non-Deterministi 1264 tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)"
1247 select CRYPTO_RNG 1265 select CRYPTO_RNG
1248 select CRYPTO_SHA3 1266 select CRYPTO_SHA3
1249 help 1267 help
1250 CPU Jitter RNG (Random Number Gener 1268 CPU Jitter RNG (Random Number Generator) from the Jitterentropy library
1251 1269
1252 A non-physical non-deterministic (" 1270 A non-physical non-deterministic ("true") RNG (e.g., an entropy source
1253 compliant with NIST SP800-90B) inte 1271 compliant with NIST SP800-90B) intended to provide a seed to a
1254 deterministic RNG (e.g., per NIST S 1272 deterministic RNG (e.g., per NIST SP800-90C).
1255 This RNG does not perform any crypt 1273 This RNG does not perform any cryptographic whitening of the generated
1256 random numbers. 1274 random numbers.
1257 1275
1258 See https://www.chronox.de/jent/ 1276 See https://www.chronox.de/jent/
1259 1277
1260 if CRYPTO_JITTERENTROPY 1278 if CRYPTO_JITTERENTROPY
1261 if CRYPTO_FIPS && EXPERT 1279 if CRYPTO_FIPS && EXPERT
1262 1280
1263 choice 1281 choice
1264 prompt "CPU Jitter RNG Memory Size" 1282 prompt "CPU Jitter RNG Memory Size"
1265 default CRYPTO_JITTERENTROPY_MEMSIZE_ 1283 default CRYPTO_JITTERENTROPY_MEMSIZE_2
1266 help 1284 help
1267 The Jitter RNG measures the executi 1285 The Jitter RNG measures the execution time of memory accesses.
1268 Multiple consecutive memory accesse 1286 Multiple consecutive memory accesses are performed. If the memory
1269 size fits into a cache (e.g. L1), o 1287 size fits into a cache (e.g. L1), only the memory access timing
1270 to that cache is measured. The clos 1288 to that cache is measured. The closer the cache is to the CPU
1271 the less variations are measured an 1289 the less variations are measured and thus the less entropy is
1272 obtained. Thus, if the memory size 1290 obtained. Thus, if the memory size fits into the L1 cache, the
1273 obtained entropy is less than if th 1291 obtained entropy is less than if the memory size fits within
1274 L1 + L2, which in turn is less if t 1292 L1 + L2, which in turn is less if the memory fits into
1275 L1 + L2 + L3. Thus, by selecting a 1293 L1 + L2 + L3. Thus, by selecting a different memory size,
1276 the entropy rate produced by the Ji 1294 the entropy rate produced by the Jitter RNG can be modified.
1277 1295
1278 config CRYPTO_JITTERENTROPY_MEMSIZE_2 1296 config CRYPTO_JITTERENTROPY_MEMSIZE_2
1279 bool "2048 Bytes (default)" 1297 bool "2048 Bytes (default)"
1280 1298
1281 config CRYPTO_JITTERENTROPY_MEMSIZE_1 1299 config CRYPTO_JITTERENTROPY_MEMSIZE_128
1282 bool "128 kBytes" 1300 bool "128 kBytes"
1283 1301
1284 config CRYPTO_JITTERENTROPY_MEMSIZE_1 1302 config CRYPTO_JITTERENTROPY_MEMSIZE_1024
1285 bool "1024 kBytes" 1303 bool "1024 kBytes"
1286 1304
1287 config CRYPTO_JITTERENTROPY_MEMSIZE_8 1305 config CRYPTO_JITTERENTROPY_MEMSIZE_8192
1288 bool "8192 kBytes" 1306 bool "8192 kBytes"
1289 endchoice 1307 endchoice
1290 1308
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS 1309 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS
1292 int 1310 int
1293 default 64 if CRYPTO_JITTERENTROPY_ME 1311 default 64 if CRYPTO_JITTERENTROPY_MEMSIZE_2
1294 default 512 if CRYPTO_JITTERENTROPY_M 1312 default 512 if CRYPTO_JITTERENTROPY_MEMSIZE_128
1295 default 1024 if CRYPTO_JITTERENTROPY_ 1313 default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_1024
1296 default 4096 if CRYPTO_JITTERENTROPY_ 1314 default 4096 if CRYPTO_JITTERENTROPY_MEMSIZE_8192
1297 1315
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE 1316 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE
1299 int 1317 int
1300 default 32 if CRYPTO_JITTERENTROPY_ME 1318 default 32 if CRYPTO_JITTERENTROPY_MEMSIZE_2
1301 default 256 if CRYPTO_JITTERENTROPY_M 1319 default 256 if CRYPTO_JITTERENTROPY_MEMSIZE_128
1302 default 1024 if CRYPTO_JITTERENTROPY_ 1320 default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_1024
1303 default 2048 if CRYPTO_JITTERENTROPY_ 1321 default 2048 if CRYPTO_JITTERENTROPY_MEMSIZE_8192
1304 1322
1305 config CRYPTO_JITTERENTROPY_OSR 1323 config CRYPTO_JITTERENTROPY_OSR
1306 int "CPU Jitter RNG Oversampling Rate 1324 int "CPU Jitter RNG Oversampling Rate"
1307 range 1 15 1325 range 1 15
1308 default 3 !! 1326 default 1
1309 help 1327 help
1310 The Jitter RNG allows the specifica 1328 The Jitter RNG allows the specification of an oversampling rate (OSR).
1311 The Jitter RNG operation requires a 1329 The Jitter RNG operation requires a fixed amount of timing
1312 measurements to produce one output 1330 measurements to produce one output block of random numbers. The
1313 OSR value is multiplied with the am 1331 OSR value is multiplied with the amount of timing measurements to
1314 generate one output block. Thus, th 1332 generate one output block. Thus, the timing measurement is oversampled
1315 by the OSR factor. The oversampling 1333 by the OSR factor. The oversampling allows the Jitter RNG to operate
1316 on hardware whose timers deliver li 1334 on hardware whose timers deliver limited amount of entropy (e.g.
1317 the timer is coarse) by setting the 1335 the timer is coarse) by setting the OSR to a higher value. The
1318 trade-off, however, is that the Jit 1336 trade-off, however, is that the Jitter RNG now requires more time
1319 to generate random numbers. 1337 to generate random numbers.
1320 1338
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE 1339 config CRYPTO_JITTERENTROPY_TESTINTERFACE
1322 bool "CPU Jitter RNG Test Interface" 1340 bool "CPU Jitter RNG Test Interface"
1323 help 1341 help
1324 The test interface allows a privile 1342 The test interface allows a privileged process to capture
1325 the raw unconditioned high resoluti 1343 the raw unconditioned high resolution time stamp noise that
1326 is collected by the Jitter RNG for 1344 is collected by the Jitter RNG for statistical analysis. As
1327 this data is used at the same time 1345 this data is used at the same time to generate random bits,
1328 the Jitter RNG operates in an insec 1346 the Jitter RNG operates in an insecure mode as long as the
1329 recording is enabled. This interfac 1347 recording is enabled. This interface therefore is only
1330 intended for testing purposes and i 1348 intended for testing purposes and is not suitable for
1331 production systems. 1349 production systems.
1332 1350
1333 The raw noise data can be obtained 1351 The raw noise data can be obtained using the jent_raw_hires
1334 debugfs file. Using the option 1352 debugfs file. Using the option
1335 jitterentropy_testing.boot_raw_hire 1353 jitterentropy_testing.boot_raw_hires_test=1 the raw noise of
1336 the first 1000 entropy events since 1354 the first 1000 entropy events since boot can be sampled.
1337 1355
1338 If unsure, select N. 1356 If unsure, select N.
1339 1357
1340 endif # if CRYPTO_FIPS && EXPERT 1358 endif # if CRYPTO_FIPS && EXPERT
1341 1359
1342 if !(CRYPTO_FIPS && EXPERT) 1360 if !(CRYPTO_FIPS && EXPERT)
1343 1361
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS 1362 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS
1345 int 1363 int
1346 default 64 1364 default 64
1347 1365
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE 1366 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE
1349 int 1367 int
1350 default 32 1368 default 32
1351 1369
1352 config CRYPTO_JITTERENTROPY_OSR 1370 config CRYPTO_JITTERENTROPY_OSR
1353 int 1371 int
1354 default 1 1372 default 1
1355 1373
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE 1374 config CRYPTO_JITTERENTROPY_TESTINTERFACE
1357 bool 1375 bool
1358 1376
1359 endif # if !(CRYPTO_FIPS && EXPERT) 1377 endif # if !(CRYPTO_FIPS && EXPERT)
1360 endif # if CRYPTO_JITTERENTROPY 1378 endif # if CRYPTO_JITTERENTROPY
1361 1379
1362 config CRYPTO_KDF800108_CTR 1380 config CRYPTO_KDF800108_CTR
1363 tristate 1381 tristate
1364 select CRYPTO_HMAC 1382 select CRYPTO_HMAC
1365 select CRYPTO_SHA256 1383 select CRYPTO_SHA256
1366 1384
1367 endmenu 1385 endmenu
1368 menu "Userspace interface" 1386 menu "Userspace interface"
1369 1387
1370 config CRYPTO_USER_API 1388 config CRYPTO_USER_API
1371 tristate 1389 tristate
1372 1390
1373 config CRYPTO_USER_API_HASH 1391 config CRYPTO_USER_API_HASH
1374 tristate "Hash algorithms" 1392 tristate "Hash algorithms"
1375 depends on NET 1393 depends on NET
1376 select CRYPTO_HASH 1394 select CRYPTO_HASH
1377 select CRYPTO_USER_API 1395 select CRYPTO_USER_API
1378 help 1396 help
1379 Enable the userspace interface for 1397 Enable the userspace interface for hash algorithms.
1380 1398
1381 See Documentation/crypto/userspace- 1399 See Documentation/crypto/userspace-if.rst and
1382 https://www.chronox.de/libkcapi/htm 1400 https://www.chronox.de/libkcapi/html/index.html
1383 1401
1384 config CRYPTO_USER_API_SKCIPHER 1402 config CRYPTO_USER_API_SKCIPHER
1385 tristate "Symmetric key cipher algori 1403 tristate "Symmetric key cipher algorithms"
1386 depends on NET 1404 depends on NET
1387 select CRYPTO_SKCIPHER 1405 select CRYPTO_SKCIPHER
1388 select CRYPTO_USER_API 1406 select CRYPTO_USER_API
1389 help 1407 help
1390 Enable the userspace interface for 1408 Enable the userspace interface for symmetric key cipher algorithms.
1391 1409
1392 See Documentation/crypto/userspace- 1410 See Documentation/crypto/userspace-if.rst and
1393 https://www.chronox.de/libkcapi/htm 1411 https://www.chronox.de/libkcapi/html/index.html
1394 1412
1395 config CRYPTO_USER_API_RNG 1413 config CRYPTO_USER_API_RNG
1396 tristate "RNG (random number generato 1414 tristate "RNG (random number generator) algorithms"
1397 depends on NET 1415 depends on NET
1398 select CRYPTO_RNG 1416 select CRYPTO_RNG
1399 select CRYPTO_USER_API 1417 select CRYPTO_USER_API
1400 help 1418 help
1401 Enable the userspace interface for 1419 Enable the userspace interface for RNG (random number generator)
1402 algorithms. 1420 algorithms.
1403 1421
1404 See Documentation/crypto/userspace- 1422 See Documentation/crypto/userspace-if.rst and
1405 https://www.chronox.de/libkcapi/htm 1423 https://www.chronox.de/libkcapi/html/index.html
1406 1424
1407 config CRYPTO_USER_API_RNG_CAVP 1425 config CRYPTO_USER_API_RNG_CAVP
1408 bool "Enable CAVP testing of DRBG" 1426 bool "Enable CAVP testing of DRBG"
1409 depends on CRYPTO_USER_API_RNG && CRY 1427 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
1410 help 1428 help
1411 Enable extra APIs in the userspace 1429 Enable extra APIs in the userspace interface for NIST CAVP
1412 (Cryptographic Algorithm Validation 1430 (Cryptographic Algorithm Validation Program) testing:
1413 - resetting DRBG entropy 1431 - resetting DRBG entropy
1414 - providing Additional Data 1432 - providing Additional Data
1415 1433
1416 This should only be enabled for CAV 1434 This should only be enabled for CAVP testing. You should say
1417 no unless you know what this is. 1435 no unless you know what this is.
1418 1436
1419 config CRYPTO_USER_API_AEAD 1437 config CRYPTO_USER_API_AEAD
1420 tristate "AEAD cipher algorithms" 1438 tristate "AEAD cipher algorithms"
1421 depends on NET 1439 depends on NET
1422 select CRYPTO_AEAD 1440 select CRYPTO_AEAD
1423 select CRYPTO_SKCIPHER 1441 select CRYPTO_SKCIPHER
1424 select CRYPTO_NULL 1442 select CRYPTO_NULL
1425 select CRYPTO_USER_API 1443 select CRYPTO_USER_API
1426 help 1444 help
1427 Enable the userspace interface for 1445 Enable the userspace interface for AEAD cipher algorithms.
1428 1446
1429 See Documentation/crypto/userspace- 1447 See Documentation/crypto/userspace-if.rst and
1430 https://www.chronox.de/libkcapi/htm 1448 https://www.chronox.de/libkcapi/html/index.html
1431 1449
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE 1450 config CRYPTO_USER_API_ENABLE_OBSOLETE
1433 bool "Obsolete cryptographic algorith 1451 bool "Obsolete cryptographic algorithms"
1434 depends on CRYPTO_USER_API 1452 depends on CRYPTO_USER_API
1435 default y 1453 default y
1436 help 1454 help
1437 Allow obsolete cryptographic algori 1455 Allow obsolete cryptographic algorithms to be selected that have
1438 already been phased out from intern 1456 already been phased out from internal use by the kernel, and are
1439 only useful for userspace clients t 1457 only useful for userspace clients that still rely on them.
>> 1458
>> 1459 config CRYPTO_STATS
>> 1460 bool "Crypto usage statistics"
>> 1461 depends on CRYPTO_USER
>> 1462 help
>> 1463 Enable the gathering of crypto stats.
>> 1464
>> 1465 Enabling this option reduces the performance of the crypto API. It
>> 1466 should only be enabled when there is actually a use case for it.
>> 1467
>> 1468 This collects data sizes, numbers of requests, and numbers
>> 1469 of errors processed by:
>> 1470 - AEAD ciphers (encrypt, decrypt)
>> 1471 - asymmetric key ciphers (encrypt, decrypt, verify, sign)
>> 1472 - symmetric key ciphers (encrypt, decrypt)
>> 1473 - compression algorithms (compress, decompress)
>> 1474 - hash algorithms (hash)
>> 1475 - key-agreement protocol primitives (setsecret, generate
>> 1476 public key, compute shared secret)
>> 1477 - RNG (generate, seed)
1440 1478
1441 endmenu 1479 endmenu
1442 1480
1443 config CRYPTO_HASH_INFO 1481 config CRYPTO_HASH_INFO
1444 bool 1482 bool
1445 1483
1446 if !KMSAN # avoid false positives from assemb 1484 if !KMSAN # avoid false positives from assembly
1447 if ARM 1485 if ARM
1448 source "arch/arm/crypto/Kconfig" 1486 source "arch/arm/crypto/Kconfig"
1449 endif 1487 endif
1450 if ARM64 1488 if ARM64
1451 source "arch/arm64/crypto/Kconfig" 1489 source "arch/arm64/crypto/Kconfig"
1452 endif 1490 endif
1453 if LOONGARCH 1491 if LOONGARCH
1454 source "arch/loongarch/crypto/Kconfig" 1492 source "arch/loongarch/crypto/Kconfig"
1455 endif 1493 endif
1456 if MIPS 1494 if MIPS
1457 source "arch/mips/crypto/Kconfig" 1495 source "arch/mips/crypto/Kconfig"
1458 endif 1496 endif
1459 if PPC 1497 if PPC
1460 source "arch/powerpc/crypto/Kconfig" 1498 source "arch/powerpc/crypto/Kconfig"
1461 endif 1499 endif
1462 if RISCV 1500 if RISCV
1463 source "arch/riscv/crypto/Kconfig" 1501 source "arch/riscv/crypto/Kconfig"
1464 endif 1502 endif
1465 if S390 1503 if S390
1466 source "arch/s390/crypto/Kconfig" 1504 source "arch/s390/crypto/Kconfig"
1467 endif 1505 endif
1468 if SPARC 1506 if SPARC
1469 source "arch/sparc/crypto/Kconfig" 1507 source "arch/sparc/crypto/Kconfig"
1470 endif 1508 endif
1471 if X86 1509 if X86
1472 source "arch/x86/crypto/Kconfig" 1510 source "arch/x86/crypto/Kconfig"
1473 endif 1511 endif
1474 endif 1512 endif
1475 1513
1476 source "drivers/crypto/Kconfig" 1514 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig" 1515 source "crypto/asymmetric_keys/Kconfig"
1478 source "certs/Kconfig" 1516 source "certs/Kconfig"
1479 1517
1480 endif # if CRYPTO 1518 endif # if CRYPTO
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.