~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/crypto/Kconfig

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 # SPDX-License-Identifier: GPL-2.0
  2 #
  3 # Generic algorithms support
  4 #
  5 config XOR_BLOCKS
  6         tristate
  7 
  8 #
  9 # async_tx api: hardware offloaded memory transfer/transform support
 10 #
 11 source "crypto/async_tx/Kconfig"
 12 
 13 #
 14 # Cryptographic API Configuration
 15 #
 16 menuconfig CRYPTO
 17         tristate "Cryptographic API"
 18         select CRYPTO_LIB_UTILS
 19         help
 20           This option provides the core Cryptographic API.
 21 
 22 if CRYPTO
 23 
 24 menu "Crypto core or helper"
 25 
 26 config CRYPTO_FIPS
 27         bool "FIPS 200 compliance"
 28         depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
 29         depends on (MODULE_SIG || !MODULES)
 30         help
 31           This option enables the fips boot option which is
 32           required if you want the system to operate in a FIPS 200
 33           certification.  You should say no unless you know what
 34           this is.
 35 
 36 config CRYPTO_FIPS_NAME
 37         string "FIPS Module Name"
 38         default "Linux Kernel Cryptographic API"
 39         depends on CRYPTO_FIPS
 40         help
 41           This option sets the FIPS Module name reported by the Crypto API via
 42           the /proc/sys/crypto/fips_name file.
 43 
 44 config CRYPTO_FIPS_CUSTOM_VERSION
 45         bool "Use Custom FIPS Module Version"
 46         depends on CRYPTO_FIPS
 47         default n
 48 
 49 config CRYPTO_FIPS_VERSION
 50         string "FIPS Module Version"
 51         default "(none)"
 52         depends on CRYPTO_FIPS_CUSTOM_VERSION
 53         help
 54           This option provides the ability to override the FIPS Module Version.
 55           By default the KERNELRELEASE value is used.
 56 
 57 config CRYPTO_ALGAPI
 58         tristate
 59         select CRYPTO_ALGAPI2
 60         help
 61           This option provides the API for cryptographic algorithms.
 62 
 63 config CRYPTO_ALGAPI2
 64         tristate
 65 
 66 config CRYPTO_AEAD
 67         tristate
 68         select CRYPTO_AEAD2
 69         select CRYPTO_ALGAPI
 70 
 71 config CRYPTO_AEAD2
 72         tristate
 73         select CRYPTO_ALGAPI2
 74 
 75 config CRYPTO_SIG
 76         tristate
 77         select CRYPTO_SIG2
 78         select CRYPTO_ALGAPI
 79 
 80 config CRYPTO_SIG2
 81         tristate
 82         select CRYPTO_ALGAPI2
 83 
 84 config CRYPTO_SKCIPHER
 85         tristate
 86         select CRYPTO_SKCIPHER2
 87         select CRYPTO_ALGAPI
 88         select CRYPTO_ECB
 89 
 90 config CRYPTO_SKCIPHER2
 91         tristate
 92         select CRYPTO_ALGAPI2
 93 
 94 config CRYPTO_HASH
 95         tristate
 96         select CRYPTO_HASH2
 97         select CRYPTO_ALGAPI
 98 
 99 config CRYPTO_HASH2
100         tristate
101         select CRYPTO_ALGAPI2
102 
103 config CRYPTO_RNG
104         tristate
105         select CRYPTO_RNG2
106         select CRYPTO_ALGAPI
107 
108 config CRYPTO_RNG2
109         tristate
110         select CRYPTO_ALGAPI2
111 
112 config CRYPTO_RNG_DEFAULT
113         tristate
114         select CRYPTO_DRBG_MENU
115 
116 config CRYPTO_AKCIPHER2
117         tristate
118         select CRYPTO_ALGAPI2
119 
120 config CRYPTO_AKCIPHER
121         tristate
122         select CRYPTO_AKCIPHER2
123         select CRYPTO_ALGAPI
124 
125 config CRYPTO_KPP2
126         tristate
127         select CRYPTO_ALGAPI2
128 
129 config CRYPTO_KPP
130         tristate
131         select CRYPTO_ALGAPI
132         select CRYPTO_KPP2
133 
134 config CRYPTO_ACOMP2
135         tristate
136         select CRYPTO_ALGAPI2
137         select SGL_ALLOC
138 
139 config CRYPTO_ACOMP
140         tristate
141         select CRYPTO_ALGAPI
142         select CRYPTO_ACOMP2
143 
144 config CRYPTO_MANAGER
145         tristate "Cryptographic algorithm manager"
146         select CRYPTO_MANAGER2
147         help
148           Create default cryptographic template instantiations such as
149           cbc(aes).
150 
151 config CRYPTO_MANAGER2
152         def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
153         select CRYPTO_ACOMP2
154         select CRYPTO_AEAD2
155         select CRYPTO_AKCIPHER2
156         select CRYPTO_SIG2
157         select CRYPTO_HASH2
158         select CRYPTO_KPP2
159         select CRYPTO_RNG2
160         select CRYPTO_SKCIPHER2
161 
162 config CRYPTO_USER
163         tristate "Userspace cryptographic algorithm configuration"
164         depends on NET
165         select CRYPTO_MANAGER
166         help
167           Userspace configuration for cryptographic instantiations such as
168           cbc(aes).
169 
170 config CRYPTO_MANAGER_DISABLE_TESTS
171         bool "Disable run-time self tests"
172         default y
173         help
174           Disable run-time self tests that normally take place at
175           algorithm registration.
176 
177 config CRYPTO_MANAGER_EXTRA_TESTS
178         bool "Enable extra run-time crypto self tests"
179         depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
180         help
181           Enable extra run-time self tests of registered crypto algorithms,
182           including randomized fuzz tests.
183 
184           This is intended for developer use only, as these tests take much
185           longer to run than the normal self tests.
186 
187 config CRYPTO_NULL
188         tristate "Null algorithms"
189         select CRYPTO_NULL2
190         help
191           These are 'Null' algorithms, used by IPsec, which do nothing.
192 
193 config CRYPTO_NULL2
194         tristate
195         select CRYPTO_ALGAPI2
196         select CRYPTO_SKCIPHER2
197         select CRYPTO_HASH2
198 
199 config CRYPTO_PCRYPT
200         tristate "Parallel crypto engine"
201         depends on SMP
202         select PADATA
203         select CRYPTO_MANAGER
204         select CRYPTO_AEAD
205         help
206           This converts an arbitrary crypto algorithm into a parallel
207           algorithm that executes in kernel threads.
208 
209 config CRYPTO_CRYPTD
210         tristate "Software async crypto daemon"
211         select CRYPTO_SKCIPHER
212         select CRYPTO_HASH
213         select CRYPTO_MANAGER
214         help
215           This is a generic software asynchronous crypto daemon that
216           converts an arbitrary synchronous software crypto algorithm
217           into an asynchronous algorithm that executes in a kernel thread.
218 
219 config CRYPTO_AUTHENC
220         tristate "Authenc support"
221         select CRYPTO_AEAD
222         select CRYPTO_SKCIPHER
223         select CRYPTO_MANAGER
224         select CRYPTO_HASH
225         select CRYPTO_NULL
226         help
227           Authenc: Combined mode wrapper for IPsec.
228 
229           This is required for IPSec ESP (XFRM_ESP).
230 
231 config CRYPTO_TEST
232         tristate "Testing module"
233         depends on m || EXPERT
234         select CRYPTO_MANAGER
235         help
236           Quick & dirty crypto test module.
237 
238 config CRYPTO_SIMD
239         tristate
240         select CRYPTO_CRYPTD
241 
242 config CRYPTO_ENGINE
243         tristate
244 
245 endmenu
246 
247 menu "Public-key cryptography"
248 
249 config CRYPTO_RSA
250         tristate "RSA (Rivest-Shamir-Adleman)"
251         select CRYPTO_AKCIPHER
252         select CRYPTO_MANAGER
253         select MPILIB
254         select ASN1
255         help
256           RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017)
257 
258 config CRYPTO_DH
259         tristate "DH (Diffie-Hellman)"
260         select CRYPTO_KPP
261         select MPILIB
262         help
263           DH (Diffie-Hellman) key exchange algorithm
264 
265 config CRYPTO_DH_RFC7919_GROUPS
266         bool "RFC 7919 FFDHE groups"
267         depends on CRYPTO_DH
268         select CRYPTO_RNG_DEFAULT
269         help
270           FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups
271           defined in RFC7919.
272 
273           Support these finite-field groups in DH key exchanges:
274           - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
275 
276           If unsure, say N.
277 
278 config CRYPTO_ECC
279         tristate
280         select CRYPTO_RNG_DEFAULT
281 
282 config CRYPTO_ECDH
283         tristate "ECDH (Elliptic Curve Diffie-Hellman)"
284         select CRYPTO_ECC
285         select CRYPTO_KPP
286         help
287           ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm
288           using curves P-192, P-256, and P-384 (FIPS 186)
289 
290 config CRYPTO_ECDSA
291         tristate "ECDSA (Elliptic Curve Digital Signature Algorithm)"
292         select CRYPTO_ECC
293         select CRYPTO_AKCIPHER
294         select ASN1
295         help
296           ECDSA (Elliptic Curve Digital Signature Algorithm) (FIPS 186,
297           ISO/IEC 14888-3)
298           using curves P-192, P-256, and P-384
299 
300           Only signature verification is implemented.
301 
302 config CRYPTO_ECRDSA
303         tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)"
304         select CRYPTO_ECC
305         select CRYPTO_AKCIPHER
306         select CRYPTO_STREEBOG
307         select OID_REGISTRY
308         select ASN1
309         help
310           Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
311           RFC 7091, ISO/IEC 14888-3)
312 
313           One of the Russian cryptographic standard algorithms (called GOST
314           algorithms). Only signature verification is implemented.
315 
316 config CRYPTO_CURVE25519
317         tristate "Curve25519"
318         select CRYPTO_KPP
319         select CRYPTO_LIB_CURVE25519_GENERIC
320         help
321           Curve25519 elliptic curve (RFC7748)
322 
323 endmenu
324 
325 menu "Block ciphers"
326 
327 config CRYPTO_AES
328         tristate "AES (Advanced Encryption Standard)"
329         select CRYPTO_ALGAPI
330         select CRYPTO_LIB_AES
331         help
332           AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
333 
334           Rijndael appears to be consistently a very good performer in
335           both hardware and software across a wide range of computing
336           environments regardless of its use in feedback or non-feedback
337           modes. Its key setup time is excellent, and its key agility is
338           good. Rijndael's very low memory requirements make it very well
339           suited for restricted-space environments, in which it also
340           demonstrates excellent performance. Rijndael's operations are
341           among the easiest to defend against power and timing attacks.
342 
343           The AES specifies three key sizes: 128, 192 and 256 bits
344 
345 config CRYPTO_AES_TI
346         tristate "AES (Advanced Encryption Standard) (fixed time)"
347         select CRYPTO_ALGAPI
348         select CRYPTO_LIB_AES
349         help
350           AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
351 
352           This is a generic implementation of AES that attempts to eliminate
353           data dependent latencies as much as possible without affecting
354           performance too much. It is intended for use by the generic CCM
355           and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
356           solely on encryption (although decryption is supported as well, but
357           with a more dramatic performance hit)
358 
359           Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
360           8 for decryption), this implementation only uses just two S-boxes of
361           256 bytes each, and attempts to eliminate data dependent latencies by
362           prefetching the entire table into the cache at the start of each
363           block. Interrupts are also disabled to avoid races where cachelines
364           are evicted when the CPU is interrupted to do something else.
365 
366 config CRYPTO_ANUBIS
367         tristate "Anubis"
368         depends on CRYPTO_USER_API_ENABLE_OBSOLETE
369         select CRYPTO_ALGAPI
370         help
371           Anubis cipher algorithm
372 
373           Anubis is a variable key length cipher which can use keys from
374           128 bits to 320 bits in length.  It was evaluated as a entrant
375           in the NESSIE competition.
376 
377           See https://web.archive.org/web/20160606112246/http://www.larc.usp.br/~pbarreto/AnubisPage.html
378           for further information.
379 
380 config CRYPTO_ARIA
381         tristate "ARIA"
382         select CRYPTO_ALGAPI
383         help
384           ARIA cipher algorithm (RFC5794)
385 
386           ARIA is a standard encryption algorithm of the Republic of Korea.
387           The ARIA specifies three key sizes and rounds.
388           128-bit: 12 rounds.
389           192-bit: 14 rounds.
390           256-bit: 16 rounds.
391 
392           See:
393           https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do
394 
395 config CRYPTO_BLOWFISH
396         tristate "Blowfish"
397         select CRYPTO_ALGAPI
398         select CRYPTO_BLOWFISH_COMMON
399         help
400           Blowfish cipher algorithm, by Bruce Schneier
401 
402           This is a variable key length cipher which can use keys from 32
403           bits to 448 bits in length.  It's fast, simple and specifically
404           designed for use on "large microprocessors".
405 
406           See https://www.schneier.com/blowfish.html for further information.
407 
408 config CRYPTO_BLOWFISH_COMMON
409         tristate
410         help
411           Common parts of the Blowfish cipher algorithm shared by the
412           generic c and the assembler implementations.
413 
414 config CRYPTO_CAMELLIA
415         tristate "Camellia"
416         select CRYPTO_ALGAPI
417         help
418           Camellia cipher algorithms (ISO/IEC 18033-3)
419 
420           Camellia is a symmetric key block cipher developed jointly
421           at NTT and Mitsubishi Electric Corporation.
422 
423           The Camellia specifies three key sizes: 128, 192 and 256 bits.
424 
425           See https://info.isl.ntt.co.jp/crypt/eng/camellia/ for further information.
426 
427 config CRYPTO_CAST_COMMON
428         tristate
429         help
430           Common parts of the CAST cipher algorithms shared by the
431           generic c and the assembler implementations.
432 
433 config CRYPTO_CAST5
434         tristate "CAST5 (CAST-128)"
435         select CRYPTO_ALGAPI
436         select CRYPTO_CAST_COMMON
437         help
438           CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3)
439 
440 config CRYPTO_CAST6
441         tristate "CAST6 (CAST-256)"
442         select CRYPTO_ALGAPI
443         select CRYPTO_CAST_COMMON
444         help
445           CAST6 (CAST-256) encryption algorithm (RFC2612)
446 
447 config CRYPTO_DES
448         tristate "DES and Triple DES EDE"
449         select CRYPTO_ALGAPI
450         select CRYPTO_LIB_DES
451         help
452           DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and
453           Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3)
454           cipher algorithms
455 
456 config CRYPTO_FCRYPT
457         tristate "FCrypt"
458         select CRYPTO_ALGAPI
459         select CRYPTO_SKCIPHER
460         help
461           FCrypt algorithm used by RxRPC
462 
463           See https://ota.polyonymo.us/fcrypt-paper.txt
464 
465 config CRYPTO_KHAZAD
466         tristate "Khazad"
467         depends on CRYPTO_USER_API_ENABLE_OBSOLETE
468         select CRYPTO_ALGAPI
469         help
470           Khazad cipher algorithm
471 
472           Khazad was a finalist in the initial NESSIE competition.  It is
473           an algorithm optimized for 64-bit processors with good performance
474           on 32-bit processors.  Khazad uses an 128 bit key size.
475 
476           See https://web.archive.org/web/20171011071731/http://www.larc.usp.br/~pbarreto/KhazadPage.html
477           for further information.
478 
479 config CRYPTO_SEED
480         tristate "SEED"
481         depends on CRYPTO_USER_API_ENABLE_OBSOLETE
482         select CRYPTO_ALGAPI
483         help
484           SEED cipher algorithm (RFC4269, ISO/IEC 18033-3)
485 
486           SEED is a 128-bit symmetric key block cipher that has been
487           developed by KISA (Korea Information Security Agency) as a
488           national standard encryption algorithm of the Republic of Korea.
489           It is a 16 round block cipher with the key size of 128 bit.
490 
491           See https://seed.kisa.or.kr/kisa/algorithm/EgovSeedInfo.do
492           for further information.
493 
494 config CRYPTO_SERPENT
495         tristate "Serpent"
496         select CRYPTO_ALGAPI
497         help
498           Serpent cipher algorithm, by Anderson, Biham & Knudsen
499 
500           Keys are allowed to be from 0 to 256 bits in length, in steps
501           of 8 bits.
502 
503           See https://www.cl.cam.ac.uk/~rja14/serpent.html for further information.
504 
505 config CRYPTO_SM4
506         tristate
507 
508 config CRYPTO_SM4_GENERIC
509         tristate "SM4 (ShangMi 4)"
510         select CRYPTO_ALGAPI
511         select CRYPTO_SM4
512         help
513           SM4 cipher algorithms (OSCCA GB/T 32907-2016,
514           ISO/IEC 18033-3:2010/Amd 1:2021)
515 
516           SM4 (GBT.32907-2016) is a cryptographic standard issued by the
517           Organization of State Commercial Administration of China (OSCCA)
518           as an authorized cryptographic algorithms for the use within China.
519 
520           SMS4 was originally created for use in protecting wireless
521           networks, and is mandated in the Chinese National Standard for
522           Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
523           (GB.15629.11-2003).
524 
525           The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
526           standardized through TC 260 of the Standardization Administration
527           of the People's Republic of China (SAC).
528 
529           The input, output, and key of SMS4 are each 128 bits.
530 
531           See https://eprint.iacr.org/2008/329.pdf for further information.
532 
533           If unsure, say N.
534 
535 config CRYPTO_TEA
536         tristate "TEA, XTEA and XETA"
537         depends on CRYPTO_USER_API_ENABLE_OBSOLETE
538         select CRYPTO_ALGAPI
539         help
540           TEA (Tiny Encryption Algorithm) cipher algorithms
541 
542           Tiny Encryption Algorithm is a simple cipher that uses
543           many rounds for security.  It is very fast and uses
544           little memory.
545 
546           Xtendend Tiny Encryption Algorithm is a modification to
547           the TEA algorithm to address a potential key weakness
548           in the TEA algorithm.
549 
550           Xtendend Encryption Tiny Algorithm is a mis-implementation
551           of the XTEA algorithm for compatibility purposes.
552 
553 config CRYPTO_TWOFISH
554         tristate "Twofish"
555         select CRYPTO_ALGAPI
556         select CRYPTO_TWOFISH_COMMON
557         help
558           Twofish cipher algorithm
559 
560           Twofish was submitted as an AES (Advanced Encryption Standard)
561           candidate cipher by researchers at CounterPane Systems.  It is a
562           16 round block cipher supporting key sizes of 128, 192, and 256
563           bits.
564 
565           See https://www.schneier.com/twofish.html for further information.
566 
567 config CRYPTO_TWOFISH_COMMON
568         tristate
569         help
570           Common parts of the Twofish cipher algorithm shared by the
571           generic c and the assembler implementations.
572 
573 endmenu
574 
575 menu "Length-preserving ciphers and modes"
576 
577 config CRYPTO_ADIANTUM
578         tristate "Adiantum"
579         select CRYPTO_CHACHA20
580         select CRYPTO_LIB_POLY1305_GENERIC
581         select CRYPTO_NHPOLY1305
582         select CRYPTO_MANAGER
583         help
584           Adiantum tweakable, length-preserving encryption mode
585 
586           Designed for fast and secure disk encryption, especially on
587           CPUs without dedicated crypto instructions.  It encrypts
588           each sector using the XChaCha12 stream cipher, two passes of
589           an ε-almost-∆-universal hash function, and an invocation of
590           the AES-256 block cipher on a single 16-byte block.  On CPUs
591           without AES instructions, Adiantum is much faster than
592           AES-XTS.
593 
594           Adiantum's security is provably reducible to that of its
595           underlying stream and block ciphers, subject to a security
596           bound.  Unlike XTS, Adiantum is a true wide-block encryption
597           mode, so it actually provides an even stronger notion of
598           security than XTS, subject to the security bound.
599 
600           If unsure, say N.
601 
602 config CRYPTO_ARC4
603         tristate "ARC4 (Alleged Rivest Cipher 4)"
604         depends on CRYPTO_USER_API_ENABLE_OBSOLETE
605         select CRYPTO_SKCIPHER
606         select CRYPTO_LIB_ARC4
607         help
608           ARC4 cipher algorithm
609 
610           ARC4 is a stream cipher using keys ranging from 8 bits to 2048
611           bits in length.  This algorithm is required for driver-based
612           WEP, but it should not be for other purposes because of the
613           weakness of the algorithm.
614 
615 config CRYPTO_CHACHA20
616         tristate "ChaCha"
617         select CRYPTO_LIB_CHACHA_GENERIC
618         select CRYPTO_SKCIPHER
619         help
620           The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms
621 
622           ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
623           Bernstein and further specified in RFC7539 for use in IETF protocols.
624           This is the portable C implementation of ChaCha20.  See
625           https://cr.yp.to/chacha/chacha-20080128.pdf for further information.
626 
627           XChaCha20 is the application of the XSalsa20 construction to ChaCha20
628           rather than to Salsa20.  XChaCha20 extends ChaCha20's nonce length
629           from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
630           while provably retaining ChaCha20's security.  See
631           https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information.
632 
633           XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
634           reduced security margin but increased performance.  It can be needed
635           in some performance-sensitive scenarios.
636 
637 config CRYPTO_CBC
638         tristate "CBC (Cipher Block Chaining)"
639         select CRYPTO_SKCIPHER
640         select CRYPTO_MANAGER
641         help
642           CBC (Cipher Block Chaining) mode (NIST SP800-38A)
643 
644           This block cipher mode is required for IPSec ESP (XFRM_ESP).
645 
646 config CRYPTO_CTR
647         tristate "CTR (Counter)"
648         select CRYPTO_SKCIPHER
649         select CRYPTO_MANAGER
650         help
651           CTR (Counter) mode (NIST SP800-38A)
652 
653 config CRYPTO_CTS
654         tristate "CTS (Cipher Text Stealing)"
655         select CRYPTO_SKCIPHER
656         select CRYPTO_MANAGER
657         help
658           CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST
659           Addendum to SP800-38A (October 2010))
660 
661           This mode is required for Kerberos gss mechanism support
662           for AES encryption.
663 
664 config CRYPTO_ECB
665         tristate "ECB (Electronic Codebook)"
666         select CRYPTO_SKCIPHER2
667         select CRYPTO_MANAGER
668         help
669           ECB (Electronic Codebook) mode (NIST SP800-38A)
670 
671 config CRYPTO_HCTR2
672         tristate "HCTR2"
673         select CRYPTO_XCTR
674         select CRYPTO_POLYVAL
675         select CRYPTO_MANAGER
676         help
677           HCTR2 length-preserving encryption mode
678 
679           A mode for storage encryption that is efficient on processors with
680           instructions to accelerate AES and carryless multiplication, e.g.
681           x86 processors with AES-NI and CLMUL, and ARM processors with the
682           ARMv8 crypto extensions.
683 
684           See https://eprint.iacr.org/2021/1441
685 
686 config CRYPTO_KEYWRAP
687         tristate "KW (AES Key Wrap)"
688         select CRYPTO_SKCIPHER
689         select CRYPTO_MANAGER
690         help
691           KW (AES Key Wrap) authenticated encryption mode (NIST SP800-38F
692           and RFC3394) without padding.
693 
694 config CRYPTO_LRW
695         tristate "LRW (Liskov Rivest Wagner)"
696         select CRYPTO_LIB_GF128MUL
697         select CRYPTO_SKCIPHER
698         select CRYPTO_MANAGER
699         select CRYPTO_ECB
700         help
701           LRW (Liskov Rivest Wagner) mode
702 
703           A tweakable, non malleable, non movable
704           narrow block cipher mode for dm-crypt.  Use it with cipher
705           specification string aes-lrw-benbi, the key must be 256, 320 or 384.
706           The first 128, 192 or 256 bits in the key are used for AES and the
707           rest is used to tie each cipher block to its logical position.
708 
709           See https://people.csail.mit.edu/rivest/pubs/LRW02.pdf
710 
711 config CRYPTO_PCBC
712         tristate "PCBC (Propagating Cipher Block Chaining)"
713         select CRYPTO_SKCIPHER
714         select CRYPTO_MANAGER
715         help
716           PCBC (Propagating Cipher Block Chaining) mode
717 
718           This block cipher mode is required for RxRPC.
719 
720 config CRYPTO_XCTR
721         tristate
722         select CRYPTO_SKCIPHER
723         select CRYPTO_MANAGER
724         help
725           XCTR (XOR Counter) mode for HCTR2
726 
727           This blockcipher mode is a variant of CTR mode using XORs and little-endian
728           addition rather than big-endian arithmetic.
729 
730           XCTR mode is used to implement HCTR2.
731 
732 config CRYPTO_XTS
733         tristate "XTS (XOR Encrypt XOR with ciphertext stealing)"
734         select CRYPTO_SKCIPHER
735         select CRYPTO_MANAGER
736         select CRYPTO_ECB
737         help
738           XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
739           and IEEE 1619)
740 
741           Use with aes-xts-plain, key size 256, 384 or 512 bits. This
742           implementation currently can't handle a sectorsize which is not a
743           multiple of 16 bytes.
744 
745 config CRYPTO_NHPOLY1305
746         tristate
747         select CRYPTO_HASH
748         select CRYPTO_LIB_POLY1305_GENERIC
749 
750 endmenu
751 
752 menu "AEAD (authenticated encryption with associated data) ciphers"
753 
754 config CRYPTO_AEGIS128
755         tristate "AEGIS-128"
756         select CRYPTO_AEAD
757         select CRYPTO_AES  # for AES S-box tables
758         help
759           AEGIS-128 AEAD algorithm
760 
761 config CRYPTO_AEGIS128_SIMD
762         bool "AEGIS-128 (arm NEON, arm64 NEON)"
763         depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
764         default y
765         help
766           AEGIS-128 AEAD algorithm
767 
768           Architecture: arm or arm64 using:
769           - NEON (Advanced SIMD) extension
770 
771 config CRYPTO_CHACHA20POLY1305
772         tristate "ChaCha20-Poly1305"
773         select CRYPTO_CHACHA20
774         select CRYPTO_POLY1305
775         select CRYPTO_AEAD
776         select CRYPTO_MANAGER
777         help
778           ChaCha20 stream cipher and Poly1305 authenticator combined
779           mode (RFC8439)
780 
781 config CRYPTO_CCM
782         tristate "CCM (Counter with Cipher Block Chaining-MAC)"
783         select CRYPTO_CTR
784         select CRYPTO_HASH
785         select CRYPTO_AEAD
786         select CRYPTO_MANAGER
787         help
788           CCM (Counter with Cipher Block Chaining-Message Authentication Code)
789           authenticated encryption mode (NIST SP800-38C)
790 
791 config CRYPTO_GCM
792         tristate "GCM (Galois/Counter Mode) and GMAC (GCM MAC)"
793         select CRYPTO_CTR
794         select CRYPTO_AEAD
795         select CRYPTO_GHASH
796         select CRYPTO_NULL
797         select CRYPTO_MANAGER
798         help
799           GCM (Galois/Counter Mode) authenticated encryption mode and GMAC
800           (GCM Message Authentication Code) (NIST SP800-38D)
801 
802           This is required for IPSec ESP (XFRM_ESP).
803 
804 config CRYPTO_GENIV
805         tristate
806         select CRYPTO_AEAD
807         select CRYPTO_NULL
808         select CRYPTO_MANAGER
809         select CRYPTO_RNG_DEFAULT
810 
811 config CRYPTO_SEQIV
812         tristate "Sequence Number IV Generator"
813         select CRYPTO_GENIV
814         help
815           Sequence Number IV generator
816 
817           This IV generator generates an IV based on a sequence number by
818           xoring it with a salt.  This algorithm is mainly useful for CTR.
819 
820           This is required for IPsec ESP (XFRM_ESP).
821 
822 config CRYPTO_ECHAINIV
823         tristate "Encrypted Chain IV Generator"
824         select CRYPTO_GENIV
825         help
826           Encrypted Chain IV generator
827 
828           This IV generator generates an IV based on the encryption of
829           a sequence number xored with a salt.  This is the default
830           algorithm for CBC.
831 
832 config CRYPTO_ESSIV
833         tristate "Encrypted Salt-Sector IV Generator"
834         select CRYPTO_AUTHENC
835         help
836           Encrypted Salt-Sector IV generator
837 
838           This IV generator is used in some cases by fscrypt and/or
839           dm-crypt. It uses the hash of the block encryption key as the
840           symmetric key for a block encryption pass applied to the input
841           IV, making low entropy IV sources more suitable for block
842           encryption.
843 
844           This driver implements a crypto API template that can be
845           instantiated either as an skcipher or as an AEAD (depending on the
846           type of the first template argument), and which defers encryption
847           and decryption requests to the encapsulated cipher after applying
848           ESSIV to the input IV. Note that in the AEAD case, it is assumed
849           that the keys are presented in the same format used by the authenc
850           template, and that the IV appears at the end of the authenticated
851           associated data (AAD) region (which is how dm-crypt uses it.)
852 
853           Note that the use of ESSIV is not recommended for new deployments,
854           and so this only needs to be enabled when interoperability with
855           existing encrypted volumes of filesystems is required, or when
856           building for a particular system that requires it (e.g., when
857           the SoC in question has accelerated CBC but not XTS, making CBC
858           combined with ESSIV the only feasible mode for h/w accelerated
859           block encryption)
860 
861 endmenu
862 
863 menu "Hashes, digests, and MACs"
864 
865 config CRYPTO_BLAKE2B
866         tristate "BLAKE2b"
867         select CRYPTO_HASH
868         help
869           BLAKE2b cryptographic hash function (RFC 7693)
870 
871           BLAKE2b is optimized for 64-bit platforms and can produce digests
872           of any size between 1 and 64 bytes. The keyed hash is also implemented.
873 
874           This module provides the following algorithms:
875           - blake2b-160
876           - blake2b-256
877           - blake2b-384
878           - blake2b-512
879 
880           Used by the btrfs filesystem.
881 
882           See https://blake2.net for further information.
883 
884 config CRYPTO_CMAC
885         tristate "CMAC (Cipher-based MAC)"
886         select CRYPTO_HASH
887         select CRYPTO_MANAGER
888         help
889           CMAC (Cipher-based Message Authentication Code) authentication
890           mode (NIST SP800-38B and IETF RFC4493)
891 
892 config CRYPTO_GHASH
893         tristate "GHASH"
894         select CRYPTO_HASH
895         select CRYPTO_LIB_GF128MUL
896         help
897           GCM GHASH function (NIST SP800-38D)
898 
899 config CRYPTO_HMAC
900         tristate "HMAC (Keyed-Hash MAC)"
901         select CRYPTO_HASH
902         select CRYPTO_MANAGER
903         help
904           HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and
905           RFC2104)
906 
907           This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
908 
909 config CRYPTO_MD4
910         tristate "MD4"
911         select CRYPTO_HASH
912         help
913           MD4 message digest algorithm (RFC1320)
914 
915 config CRYPTO_MD5
916         tristate "MD5"
917         select CRYPTO_HASH
918         help
919           MD5 message digest algorithm (RFC1321)
920 
921 config CRYPTO_MICHAEL_MIC
922         tristate "Michael MIC"
923         select CRYPTO_HASH
924         help
925           Michael MIC (Message Integrity Code) (IEEE 802.11i)
926 
927           Defined by the IEEE 802.11i TKIP (Temporal Key Integrity Protocol),
928           known as WPA (Wif-Fi Protected Access).
929 
930           This algorithm is required for TKIP, but it should not be used for
931           other purposes because of the weakness of the algorithm.
932 
933 config CRYPTO_POLYVAL
934         tristate
935         select CRYPTO_HASH
936         select CRYPTO_LIB_GF128MUL
937         help
938           POLYVAL hash function for HCTR2
939 
940           This is used in HCTR2.  It is not a general-purpose
941           cryptographic hash function.
942 
943 config CRYPTO_POLY1305
944         tristate "Poly1305"
945         select CRYPTO_HASH
946         select CRYPTO_LIB_POLY1305_GENERIC
947         help
948           Poly1305 authenticator algorithm (RFC7539)
949 
950           Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
951           It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
952           in IETF protocols. This is the portable C implementation of Poly1305.
953 
954 config CRYPTO_RMD160
955         tristate "RIPEMD-160"
956         select CRYPTO_HASH
957         help
958           RIPEMD-160 hash function (ISO/IEC 10118-3)
959 
960           RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
961           to be used as a secure replacement for the 128-bit hash functions
962           MD4, MD5 and its predecessor RIPEMD
963           (not to be confused with RIPEMD-128).
964 
965           Its speed is comparable to SHA-1 and there are no known attacks
966           against RIPEMD-160.
967 
968           Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
969           See https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
970           for further information.
971 
972 config CRYPTO_SHA1
973         tristate "SHA-1"
974         select CRYPTO_HASH
975         select CRYPTO_LIB_SHA1
976         help
977           SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3)
978 
979 config CRYPTO_SHA256
980         tristate "SHA-224 and SHA-256"
981         select CRYPTO_HASH
982         select CRYPTO_LIB_SHA256
983         help
984           SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
985 
986           This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
987           Used by the btrfs filesystem, Ceph, NFS, and SMB.
988 
989 config CRYPTO_SHA512
990         tristate "SHA-384 and SHA-512"
991         select CRYPTO_HASH
992         help
993           SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
994 
995 config CRYPTO_SHA3
996         tristate "SHA-3"
997         select CRYPTO_HASH
998         help
999           SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3)
1000 
1001 config CRYPTO_SM3
1002         tristate
1003 
1004 config CRYPTO_SM3_GENERIC
1005         tristate "SM3 (ShangMi 3)"
1006         select CRYPTO_HASH
1007         select CRYPTO_SM3
1008         help
1009           SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3)
1010 
1011           This is part of the Chinese Commercial Cryptography suite.
1012 
1013           References:
1014           http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1015           https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1016 
1017 config CRYPTO_STREEBOG
1018         tristate "Streebog"
1019         select CRYPTO_HASH
1020         help
1021           Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3)
1022 
1023           This is one of the Russian cryptographic standard algorithms (called
1024           GOST algorithms). This setting enables two hash algorithms with
1025           256 and 512 bits output.
1026 
1027           References:
1028           https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1029           https://tools.ietf.org/html/rfc6986
1030 
1031 config CRYPTO_VMAC
1032         tristate "VMAC"
1033         select CRYPTO_HASH
1034         select CRYPTO_MANAGER
1035         help
1036           VMAC is a message authentication algorithm designed for
1037           very high speed on 64-bit architectures.
1038 
1039           See https://fastcrypto.org/vmac for further information.
1040 
1041 config CRYPTO_WP512
1042         tristate "Whirlpool"
1043         select CRYPTO_HASH
1044         help
1045           Whirlpool hash function (ISO/IEC 10118-3)
1046 
1047           512, 384 and 256-bit hashes.
1048 
1049           Whirlpool-512 is part of the NESSIE cryptographic primitives.
1050 
1051           See https://web.archive.org/web/20171129084214/http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
1052           for further information.
1053 
1054 config CRYPTO_XCBC
1055         tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)"
1056         select CRYPTO_HASH
1057         select CRYPTO_MANAGER
1058         help
1059           XCBC-MAC (Extended Cipher Block Chaining Message Authentication
1060           Code) (RFC3566)
1061 
1062 config CRYPTO_XXHASH
1063         tristate "xxHash"
1064         select CRYPTO_HASH
1065         select XXHASH
1066         help
1067           xxHash non-cryptographic hash algorithm
1068 
1069           Extremely fast, working at speeds close to RAM limits.
1070 
1071           Used by the btrfs filesystem.
1072 
1073 endmenu
1074 
1075 menu "CRCs (cyclic redundancy checks)"
1076 
1077 config CRYPTO_CRC32C
1078         tristate "CRC32c"
1079         select CRYPTO_HASH
1080         select CRC32
1081         help
1082           CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720)
1083 
1084           A 32-bit CRC (cyclic redundancy check) with a polynomial defined
1085           by G. Castagnoli, S. Braeuer and M. Herrman in "Optimization of Cyclic
1086           Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions
1087           on Communications, Vol. 41, No. 6, June 1993, selected for use with
1088           iSCSI.
1089 
1090           Used by btrfs, ext4, jbd2, NVMeoF/TCP, and iSCSI.
1091 
1092 config CRYPTO_CRC32
1093         tristate "CRC32"
1094         select CRYPTO_HASH
1095         select CRC32
1096         help
1097           CRC32 CRC algorithm (IEEE 802.3)
1098 
1099           Used by RoCEv2 and f2fs.
1100 
1101 config CRYPTO_CRCT10DIF
1102         tristate "CRCT10DIF"
1103         select CRYPTO_HASH
1104         help
1105           CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF)
1106 
1107           CRC algorithm used by the SCSI Block Commands standard.
1108 
1109 config CRYPTO_CRC64_ROCKSOFT
1110         tristate "CRC64 based on Rocksoft Model algorithm"
1111         depends on CRC64
1112         select CRYPTO_HASH
1113         help
1114           CRC64 CRC algorithm based on the Rocksoft Model CRC Algorithm
1115 
1116           Used by the NVMe implementation of T10 DIF (BLK_DEV_INTEGRITY)
1117 
1118           See https://zlib.net/crc_v3.txt
1119 
1120 endmenu
1121 
1122 menu "Compression"
1123 
1124 config CRYPTO_DEFLATE
1125         tristate "Deflate"
1126         select CRYPTO_ALGAPI
1127         select CRYPTO_ACOMP2
1128         select ZLIB_INFLATE
1129         select ZLIB_DEFLATE
1130         help
1131           Deflate compression algorithm (RFC1951)
1132 
1133           Used by IPSec with the IPCOMP protocol (RFC3173, RFC2394)
1134 
1135 config CRYPTO_LZO
1136         tristate "LZO"
1137         select CRYPTO_ALGAPI
1138         select CRYPTO_ACOMP2
1139         select LZO_COMPRESS
1140         select LZO_DECOMPRESS
1141         help
1142           LZO compression algorithm
1143 
1144           See https://www.oberhumer.com/opensource/lzo/ for further information.
1145 
1146 config CRYPTO_842
1147         tristate "842"
1148         select CRYPTO_ALGAPI
1149         select CRYPTO_ACOMP2
1150         select 842_COMPRESS
1151         select 842_DECOMPRESS
1152         help
1153           842 compression algorithm by IBM
1154 
1155           See https://github.com/plauth/lib842 for further information.
1156 
1157 config CRYPTO_LZ4
1158         tristate "LZ4"
1159         select CRYPTO_ALGAPI
1160         select CRYPTO_ACOMP2
1161         select LZ4_COMPRESS
1162         select LZ4_DECOMPRESS
1163         help
1164           LZ4 compression algorithm
1165 
1166           See https://github.com/lz4/lz4 for further information.
1167 
1168 config CRYPTO_LZ4HC
1169         tristate "LZ4HC"
1170         select CRYPTO_ALGAPI
1171         select CRYPTO_ACOMP2
1172         select LZ4HC_COMPRESS
1173         select LZ4_DECOMPRESS
1174         help
1175           LZ4 high compression mode algorithm
1176 
1177           See https://github.com/lz4/lz4 for further information.
1178 
1179 config CRYPTO_ZSTD
1180         tristate "Zstd"
1181         select CRYPTO_ALGAPI
1182         select CRYPTO_ACOMP2
1183         select ZSTD_COMPRESS
1184         select ZSTD_DECOMPRESS
1185         help
1186           zstd compression algorithm
1187 
1188           See https://github.com/facebook/zstd for further information.
1189 
1190 endmenu
1191 
1192 menu "Random number generation"
1193 
1194 config CRYPTO_ANSI_CPRNG
1195         tristate "ANSI PRNG (Pseudo Random Number Generator)"
1196         select CRYPTO_AES
1197         select CRYPTO_RNG
1198         help
1199           Pseudo RNG (random number generator) (ANSI X9.31 Appendix A.2.4)
1200 
1201           This uses the AES cipher algorithm.
1202 
1203           Note that this option must be enabled if CRYPTO_FIPS is selected
1204 
1205 menuconfig CRYPTO_DRBG_MENU
1206         tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)"
1207         help
1208           DRBG (Deterministic Random Bit Generator) (NIST SP800-90A)
1209 
1210           In the following submenu, one or more of the DRBG types must be selected.
1211 
1212 if CRYPTO_DRBG_MENU
1213 
1214 config CRYPTO_DRBG_HMAC
1215         bool
1216         default y
1217         select CRYPTO_HMAC
1218         select CRYPTO_SHA512
1219 
1220 config CRYPTO_DRBG_HASH
1221         bool "Hash_DRBG"
1222         select CRYPTO_SHA256
1223         help
1224           Hash_DRBG variant as defined in NIST SP800-90A.
1225 
1226           This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms.
1227 
1228 config CRYPTO_DRBG_CTR
1229         bool "CTR_DRBG"
1230         select CRYPTO_AES
1231         select CRYPTO_CTR
1232         help
1233           CTR_DRBG variant as defined in NIST SP800-90A.
1234 
1235           This uses the AES cipher algorithm with the counter block mode.
1236 
1237 config CRYPTO_DRBG
1238         tristate
1239         default CRYPTO_DRBG_MENU
1240         select CRYPTO_RNG
1241         select CRYPTO_JITTERENTROPY
1242 
1243 endif   # if CRYPTO_DRBG_MENU
1244 
1245 config CRYPTO_JITTERENTROPY
1246         tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)"
1247         select CRYPTO_RNG
1248         select CRYPTO_SHA3
1249         help
1250           CPU Jitter RNG (Random Number Generator) from the Jitterentropy library
1251 
1252           A non-physical non-deterministic ("true") RNG (e.g., an entropy source
1253           compliant with NIST SP800-90B) intended to provide a seed to a
1254           deterministic RNG (e.g., per NIST SP800-90C).
1255           This RNG does not perform any cryptographic whitening of the generated
1256           random numbers.
1257 
1258           See https://www.chronox.de/jent/
1259 
1260 if CRYPTO_JITTERENTROPY
1261 if CRYPTO_FIPS && EXPERT
1262 
1263 choice
1264         prompt "CPU Jitter RNG Memory Size"
1265         default CRYPTO_JITTERENTROPY_MEMSIZE_2
1266         help
1267           The Jitter RNG measures the execution time of memory accesses.
1268           Multiple consecutive memory accesses are performed. If the memory
1269           size fits into a cache (e.g. L1), only the memory access timing
1270           to that cache is measured. The closer the cache is to the CPU
1271           the less variations are measured and thus the less entropy is
1272           obtained. Thus, if the memory size fits into the L1 cache, the
1273           obtained entropy is less than if the memory size fits within
1274           L1 + L2, which in turn is less if the memory fits into
1275           L1 + L2 + L3. Thus, by selecting a different memory size,
1276           the entropy rate produced by the Jitter RNG can be modified.
1277 
1278         config CRYPTO_JITTERENTROPY_MEMSIZE_2
1279                 bool "2048 Bytes (default)"
1280 
1281         config CRYPTO_JITTERENTROPY_MEMSIZE_128
1282                 bool "128 kBytes"
1283 
1284         config CRYPTO_JITTERENTROPY_MEMSIZE_1024
1285                 bool "1024 kBytes"
1286 
1287         config CRYPTO_JITTERENTROPY_MEMSIZE_8192
1288                 bool "8192 kBytes"
1289 endchoice
1290 
1291 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS
1292         int
1293         default 64 if CRYPTO_JITTERENTROPY_MEMSIZE_2
1294         default 512 if CRYPTO_JITTERENTROPY_MEMSIZE_128
1295         default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_1024
1296         default 4096 if CRYPTO_JITTERENTROPY_MEMSIZE_8192
1297 
1298 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE
1299         int
1300         default 32 if CRYPTO_JITTERENTROPY_MEMSIZE_2
1301         default 256 if CRYPTO_JITTERENTROPY_MEMSIZE_128
1302         default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_1024
1303         default 2048 if CRYPTO_JITTERENTROPY_MEMSIZE_8192
1304 
1305 config CRYPTO_JITTERENTROPY_OSR
1306         int "CPU Jitter RNG Oversampling Rate"
1307         range 1 15
1308         default 3
1309         help
1310           The Jitter RNG allows the specification of an oversampling rate (OSR).
1311           The Jitter RNG operation requires a fixed amount of timing
1312           measurements to produce one output block of random numbers. The
1313           OSR value is multiplied with the amount of timing measurements to
1314           generate one output block. Thus, the timing measurement is oversampled
1315           by the OSR factor. The oversampling allows the Jitter RNG to operate
1316           on hardware whose timers deliver limited amount of entropy (e.g.
1317           the timer is coarse) by setting the OSR to a higher value. The
1318           trade-off, however, is that the Jitter RNG now requires more time
1319           to generate random numbers.
1320 
1321 config CRYPTO_JITTERENTROPY_TESTINTERFACE
1322         bool "CPU Jitter RNG Test Interface"
1323         help
1324           The test interface allows a privileged process to capture
1325           the raw unconditioned high resolution time stamp noise that
1326           is collected by the Jitter RNG for statistical analysis. As
1327           this data is used at the same time to generate random bits,
1328           the Jitter RNG operates in an insecure mode as long as the
1329           recording is enabled. This interface therefore is only
1330           intended for testing purposes and is not suitable for
1331           production systems.
1332 
1333           The raw noise data can be obtained using the jent_raw_hires
1334           debugfs file. Using the option
1335           jitterentropy_testing.boot_raw_hires_test=1 the raw noise of
1336           the first 1000 entropy events since boot can be sampled.
1337 
1338           If unsure, select N.
1339 
1340 endif   # if CRYPTO_FIPS && EXPERT
1341 
1342 if !(CRYPTO_FIPS && EXPERT)
1343 
1344 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS
1345         int
1346         default 64
1347 
1348 config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE
1349         int
1350         default 32
1351 
1352 config CRYPTO_JITTERENTROPY_OSR
1353         int
1354         default 1
1355 
1356 config CRYPTO_JITTERENTROPY_TESTINTERFACE
1357         bool
1358 
1359 endif   # if !(CRYPTO_FIPS && EXPERT)
1360 endif   # if CRYPTO_JITTERENTROPY
1361 
1362 config CRYPTO_KDF800108_CTR
1363         tristate
1364         select CRYPTO_HMAC
1365         select CRYPTO_SHA256
1366 
1367 endmenu
1368 menu "Userspace interface"
1369 
1370 config CRYPTO_USER_API
1371         tristate
1372 
1373 config CRYPTO_USER_API_HASH
1374         tristate "Hash algorithms"
1375         depends on NET
1376         select CRYPTO_HASH
1377         select CRYPTO_USER_API
1378         help
1379           Enable the userspace interface for hash algorithms.
1380 
1381           See Documentation/crypto/userspace-if.rst and
1382           https://www.chronox.de/libkcapi/html/index.html
1383 
1384 config CRYPTO_USER_API_SKCIPHER
1385         tristate "Symmetric key cipher algorithms"
1386         depends on NET
1387         select CRYPTO_SKCIPHER
1388         select CRYPTO_USER_API
1389         help
1390           Enable the userspace interface for symmetric key cipher algorithms.
1391 
1392           See Documentation/crypto/userspace-if.rst and
1393           https://www.chronox.de/libkcapi/html/index.html
1394 
1395 config CRYPTO_USER_API_RNG
1396         tristate "RNG (random number generator) algorithms"
1397         depends on NET
1398         select CRYPTO_RNG
1399         select CRYPTO_USER_API
1400         help
1401           Enable the userspace interface for RNG (random number generator)
1402           algorithms.
1403 
1404           See Documentation/crypto/userspace-if.rst and
1405           https://www.chronox.de/libkcapi/html/index.html
1406 
1407 config CRYPTO_USER_API_RNG_CAVP
1408         bool "Enable CAVP testing of DRBG"
1409         depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
1410         help
1411           Enable extra APIs in the userspace interface for NIST CAVP
1412           (Cryptographic Algorithm Validation Program) testing:
1413           - resetting DRBG entropy
1414           - providing Additional Data
1415 
1416           This should only be enabled for CAVP testing. You should say
1417           no unless you know what this is.
1418 
1419 config CRYPTO_USER_API_AEAD
1420         tristate "AEAD cipher algorithms"
1421         depends on NET
1422         select CRYPTO_AEAD
1423         select CRYPTO_SKCIPHER
1424         select CRYPTO_NULL
1425         select CRYPTO_USER_API
1426         help
1427           Enable the userspace interface for AEAD cipher algorithms.
1428 
1429           See Documentation/crypto/userspace-if.rst and
1430           https://www.chronox.de/libkcapi/html/index.html
1431 
1432 config CRYPTO_USER_API_ENABLE_OBSOLETE
1433         bool "Obsolete cryptographic algorithms"
1434         depends on CRYPTO_USER_API
1435         default y
1436         help
1437           Allow obsolete cryptographic algorithms to be selected that have
1438           already been phased out from internal use by the kernel, and are
1439           only useful for userspace clients that still rely on them.
1440 
1441 endmenu
1442 
1443 config CRYPTO_HASH_INFO
1444         bool
1445 
1446 if !KMSAN # avoid false positives from assembly
1447 if ARM
1448 source "arch/arm/crypto/Kconfig"
1449 endif
1450 if ARM64
1451 source "arch/arm64/crypto/Kconfig"
1452 endif
1453 if LOONGARCH
1454 source "arch/loongarch/crypto/Kconfig"
1455 endif
1456 if MIPS
1457 source "arch/mips/crypto/Kconfig"
1458 endif
1459 if PPC
1460 source "arch/powerpc/crypto/Kconfig"
1461 endif
1462 if RISCV
1463 source "arch/riscv/crypto/Kconfig"
1464 endif
1465 if S390
1466 source "arch/s390/crypto/Kconfig"
1467 endif
1468 if SPARC
1469 source "arch/sparc/crypto/Kconfig"
1470 endif
1471 if X86
1472 source "arch/x86/crypto/Kconfig"
1473 endif
1474 endif
1475 
1476 source "drivers/crypto/Kconfig"
1477 source "crypto/asymmetric_keys/Kconfig"
1478 source "certs/Kconfig"
1479 
1480 endif   # if CRYPTO

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php