1 # SPDX-License-Identifier: GPL-2.0 2 # 3 # Generic algorithms support 4 # 5 config XOR_BLOCKS 6 tristate 7 8 # 9 # async_tx api: hardware offloaded memory transfer/transform support 10 # 11 source "crypto/async_tx/Kconfig" 12 13 # 14 # Cryptographic API Configuration 15 # 16 menuconfig CRYPTO 17 tristate "Cryptographic API" 18 select CRYPTO_LIB_UTILS 19 help 20 This option provides the core Cryptographic API. 21 22 if CRYPTO 23 24 menu "Crypto core or helper" 25 26 config CRYPTO_FIPS 27 bool "FIPS 200 compliance" 28 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 29 depends on (MODULE_SIG || !MODULES) 30 help 31 This option enables the fips boot option which is 32 required if you want the system to operate in a FIPS 200 33 certification. You should say no unless you know what 34 this is. 35 36 config CRYPTO_FIPS_NAME 37 string "FIPS Module Name" 38 default "Linux Kernel Cryptographic API" 39 depends on CRYPTO_FIPS 40 help 41 This option sets the FIPS Module name reported by the Crypto API via 42 the /proc/sys/crypto/fips_name file. 43 44 config CRYPTO_FIPS_CUSTOM_VERSION 45 bool "Use Custom FIPS Module Version" 46 depends on CRYPTO_FIPS 47 default n 48 49 config CRYPTO_FIPS_VERSION 50 string "FIPS Module Version" 51 default "(none)" 52 depends on CRYPTO_FIPS_CUSTOM_VERSION 53 help 54 This option provides the ability to override the FIPS Module Version. 55 By default the KERNELRELEASE value is used. 56 57 config CRYPTO_ALGAPI 58 tristate 59 select CRYPTO_ALGAPI2 60 help 61 This option provides the API for cryptographic algorithms. 62 63 config CRYPTO_ALGAPI2 64 tristate 65 66 config CRYPTO_AEAD 67 tristate 68 select CRYPTO_AEAD2 69 select CRYPTO_ALGAPI 70 71 config CRYPTO_AEAD2 72 tristate 73 select CRYPTO_ALGAPI2 74 75 config CRYPTO_SIG 76 tristate 77 select CRYPTO_SIG2 78 select CRYPTO_ALGAPI 79 80 config CRYPTO_SIG2 81 tristate 82 select CRYPTO_ALGAPI2 83 84 config CRYPTO_SKCIPHER 85 tristate 86 select CRYPTO_SKCIPHER2 87 select CRYPTO_ALGAPI 88 89 config CRYPTO_SKCIPHER2 90 tristate 91 select CRYPTO_ALGAPI2 92 93 config CRYPTO_HASH 94 tristate 95 select CRYPTO_HASH2 96 select CRYPTO_ALGAPI 97 98 config CRYPTO_HASH2 99 tristate 100 select CRYPTO_ALGAPI2 101 102 config CRYPTO_RNG 103 tristate 104 select CRYPTO_RNG2 105 select CRYPTO_ALGAPI 106 107 config CRYPTO_RNG2 108 tristate 109 select CRYPTO_ALGAPI2 110 111 config CRYPTO_RNG_DEFAULT 112 tristate 113 select CRYPTO_DRBG_MENU 114 115 config CRYPTO_AKCIPHER2 116 tristate 117 select CRYPTO_ALGAPI2 118 119 config CRYPTO_AKCIPHER 120 tristate 121 select CRYPTO_AKCIPHER2 122 select CRYPTO_ALGAPI 123 124 config CRYPTO_KPP2 125 tristate 126 select CRYPTO_ALGAPI2 127 128 config CRYPTO_KPP 129 tristate 130 select CRYPTO_ALGAPI 131 select CRYPTO_KPP2 132 133 config CRYPTO_ACOMP2 134 tristate 135 select CRYPTO_ALGAPI2 136 select SGL_ALLOC 137 138 config CRYPTO_ACOMP 139 tristate 140 select CRYPTO_ALGAPI 141 select CRYPTO_ACOMP2 142 143 config CRYPTO_MANAGER 144 tristate "Cryptographic algorithm manager" 145 select CRYPTO_MANAGER2 146 help 147 Create default cryptographic template instantiations such as 148 cbc(aes). 149 150 config CRYPTO_MANAGER2 151 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 152 select CRYPTO_ACOMP2 153 select CRYPTO_AEAD2 154 select CRYPTO_AKCIPHER2 155 select CRYPTO_SIG2 156 select CRYPTO_HASH2 157 select CRYPTO_KPP2 158 select CRYPTO_RNG2 159 select CRYPTO_SKCIPHER2 160 161 config CRYPTO_USER 162 tristate "Userspace cryptographic algorithm configuration" 163 depends on NET 164 select CRYPTO_MANAGER 165 help 166 Userspace configuration for cryptographic instantiations such as 167 cbc(aes). 168 169 config CRYPTO_MANAGER_DISABLE_TESTS 170 bool "Disable run-time self tests" 171 default y 172 help 173 Disable run-time self tests that normally take place at 174 algorithm registration. 175 176 config CRYPTO_MANAGER_EXTRA_TESTS 177 bool "Enable extra run-time crypto self tests" 178 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER 179 help 180 Enable extra run-time self tests of registered crypto algorithms, 181 including randomized fuzz tests. 182 183 This is intended for developer use only, as these tests take much 184 longer to run than the normal self tests. 185 186 config CRYPTO_NULL 187 tristate "Null algorithms" 188 select CRYPTO_NULL2 189 help 190 These are 'Null' algorithms, used by IPsec, which do nothing. 191 192 config CRYPTO_NULL2 193 tristate 194 select CRYPTO_ALGAPI2 195 select CRYPTO_SKCIPHER2 196 select CRYPTO_HASH2 197 198 config CRYPTO_PCRYPT 199 tristate "Parallel crypto engine" 200 depends on SMP 201 select PADATA 202 select CRYPTO_MANAGER 203 select CRYPTO_AEAD 204 help 205 This converts an arbitrary crypto algorithm into a parallel 206 algorithm that executes in kernel threads. 207 208 config CRYPTO_CRYPTD 209 tristate "Software async crypto daemon" 210 select CRYPTO_SKCIPHER 211 select CRYPTO_HASH 212 select CRYPTO_MANAGER 213 help 214 This is a generic software asynchronous crypto daemon that 215 converts an arbitrary synchronous software crypto algorithm 216 into an asynchronous algorithm that executes in a kernel thread. 217 218 config CRYPTO_AUTHENC 219 tristate "Authenc support" 220 select CRYPTO_AEAD 221 select CRYPTO_SKCIPHER 222 select CRYPTO_MANAGER 223 select CRYPTO_HASH 224 select CRYPTO_NULL 225 help 226 Authenc: Combined mode wrapper for IPsec. 227 228 This is required for IPSec ESP (XFRM_ESP). 229 230 config CRYPTO_TEST 231 tristate "Testing module" 232 depends on m || EXPERT 233 select CRYPTO_MANAGER 234 help 235 Quick & dirty crypto test module. 236 237 config CRYPTO_SIMD 238 tristate 239 select CRYPTO_CRYPTD 240 241 config CRYPTO_ENGINE 242 tristate 243 244 endmenu 245 246 menu "Public-key cryptography" 247 248 config CRYPTO_RSA 249 tristate "RSA (Rivest-Shamir-Adleman)" 250 select CRYPTO_AKCIPHER 251 select CRYPTO_MANAGER 252 select MPILIB 253 select ASN1 254 help 255 RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017) 256 257 config CRYPTO_DH 258 tristate "DH (Diffie-Hellman)" 259 select CRYPTO_KPP 260 select MPILIB 261 help 262 DH (Diffie-Hellman) key exchange algorithm 263 264 config CRYPTO_DH_RFC7919_GROUPS 265 bool "RFC 7919 FFDHE groups" 266 depends on CRYPTO_DH 267 select CRYPTO_RNG_DEFAULT 268 help 269 FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups 270 defined in RFC7919. 271 272 Support these finite-field groups in DH key exchanges: 273 - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 274 275 If unsure, say N. 276 277 config CRYPTO_ECC 278 tristate 279 select CRYPTO_RNG_DEFAULT 280 281 config CRYPTO_ECDH 282 tristate "ECDH (Elliptic Curve Diffie-Hellman)" 283 select CRYPTO_ECC 284 select CRYPTO_KPP 285 help 286 ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm 287 using curves P-192, P-256, and P-384 (FIPS 186) 288 289 config CRYPTO_ECDSA 290 tristate "ECDSA (Elliptic Curve Digital Signature Algorithm)" 291 select CRYPTO_ECC 292 select CRYPTO_AKCIPHER 293 select ASN1 294 help 295 ECDSA (Elliptic Curve Digital Signature Algorithm) (FIPS 186, 296 ISO/IEC 14888-3) 297 using curves P-192, P-256, and P-384 298 299 Only signature verification is implemented. 300 301 config CRYPTO_ECRDSA 302 tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)" 303 select CRYPTO_ECC 304 select CRYPTO_AKCIPHER 305 select CRYPTO_STREEBOG 306 select OID_REGISTRY 307 select ASN1 308 help 309 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 310 RFC 7091, ISO/IEC 14888-3) 311 312 One of the Russian cryptographic standard algorithms (called GOST 313 algorithms). Only signature verification is implemented. 314 315 config CRYPTO_SM2 316 tristate "SM2 (ShangMi 2)" 317 select CRYPTO_SM3 318 select CRYPTO_AKCIPHER 319 select CRYPTO_MANAGER 320 select MPILIB 321 select ASN1 322 help 323 SM2 (ShangMi 2) public key algorithm 324 325 Published by State Encryption Management Bureau, China, 326 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012. 327 328 References: 329 https://datatracker.ietf.org/doc/draft-shen-sm2-ecdsa/ 330 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml 331 http://www.gmbz.org.cn/main/bzlb.html 332 333 config CRYPTO_CURVE25519 334 tristate "Curve25519" 335 select CRYPTO_KPP 336 select CRYPTO_LIB_CURVE25519_GENERIC 337 help 338 Curve25519 elliptic curve (RFC7748) 339 340 endmenu 341 342 menu "Block ciphers" 343 344 config CRYPTO_AES 345 tristate "AES (Advanced Encryption Standard)" 346 select CRYPTO_ALGAPI 347 select CRYPTO_LIB_AES 348 help 349 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3) 350 351 Rijndael appears to be consistently a very good performer in 352 both hardware and software across a wide range of computing 353 environments regardless of its use in feedback or non-feedback 354 modes. Its key setup time is excellent, and its key agility is 355 good. Rijndael's very low memory requirements make it very well 356 suited for restricted-space environments, in which it also 357 demonstrates excellent performance. Rijndael's operations are 358 among the easiest to defend against power and timing attacks. 359 360 The AES specifies three key sizes: 128, 192 and 256 bits 361 362 config CRYPTO_AES_TI 363 tristate "AES (Advanced Encryption Standard) (fixed time)" 364 select CRYPTO_ALGAPI 365 select CRYPTO_LIB_AES 366 help 367 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3) 368 369 This is a generic implementation of AES that attempts to eliminate 370 data dependent latencies as much as possible without affecting 371 performance too much. It is intended for use by the generic CCM 372 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 373 solely on encryption (although decryption is supported as well, but 374 with a more dramatic performance hit) 375 376 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 377 8 for decryption), this implementation only uses just two S-boxes of 378 256 bytes each, and attempts to eliminate data dependent latencies by 379 prefetching the entire table into the cache at the start of each 380 block. Interrupts are also disabled to avoid races where cachelines 381 are evicted when the CPU is interrupted to do something else. 382 383 config CRYPTO_ANUBIS 384 tristate "Anubis" 385 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 386 select CRYPTO_ALGAPI 387 help 388 Anubis cipher algorithm 389 390 Anubis is a variable key length cipher which can use keys from 391 128 bits to 320 bits in length. It was evaluated as a entrant 392 in the NESSIE competition. 393 394 See https://web.archive.org/web/20160606112246/http://www.larc.usp.br/~pbarreto/AnubisPage.html 395 for further information. 396 397 config CRYPTO_ARIA 398 tristate "ARIA" 399 select CRYPTO_ALGAPI 400 help 401 ARIA cipher algorithm (RFC5794) 402 403 ARIA is a standard encryption algorithm of the Republic of Korea. 404 The ARIA specifies three key sizes and rounds. 405 128-bit: 12 rounds. 406 192-bit: 14 rounds. 407 256-bit: 16 rounds. 408 409 See: 410 https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do 411 412 config CRYPTO_BLOWFISH 413 tristate "Blowfish" 414 select CRYPTO_ALGAPI 415 select CRYPTO_BLOWFISH_COMMON 416 help 417 Blowfish cipher algorithm, by Bruce Schneier 418 419 This is a variable key length cipher which can use keys from 32 420 bits to 448 bits in length. It's fast, simple and specifically 421 designed for use on "large microprocessors". 422 423 See https://www.schneier.com/blowfish.html for further information. 424 425 config CRYPTO_BLOWFISH_COMMON 426 tristate 427 help 428 Common parts of the Blowfish cipher algorithm shared by the 429 generic c and the assembler implementations. 430 431 config CRYPTO_CAMELLIA 432 tristate "Camellia" 433 select CRYPTO_ALGAPI 434 help 435 Camellia cipher algorithms (ISO/IEC 18033-3) 436 437 Camellia is a symmetric key block cipher developed jointly 438 at NTT and Mitsubishi Electric Corporation. 439 440 The Camellia specifies three key sizes: 128, 192 and 256 bits. 441 442 See https://info.isl.ntt.co.jp/crypt/eng/camellia/ for further information. 443 444 config CRYPTO_CAST_COMMON 445 tristate 446 help 447 Common parts of the CAST cipher algorithms shared by the 448 generic c and the assembler implementations. 449 450 config CRYPTO_CAST5 451 tristate "CAST5 (CAST-128)" 452 select CRYPTO_ALGAPI 453 select CRYPTO_CAST_COMMON 454 help 455 CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3) 456 457 config CRYPTO_CAST6 458 tristate "CAST6 (CAST-256)" 459 select CRYPTO_ALGAPI 460 select CRYPTO_CAST_COMMON 461 help 462 CAST6 (CAST-256) encryption algorithm (RFC2612) 463 464 config CRYPTO_DES 465 tristate "DES and Triple DES EDE" 466 select CRYPTO_ALGAPI 467 select CRYPTO_LIB_DES 468 help 469 DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and 470 Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3) 471 cipher algorithms 472 473 config CRYPTO_FCRYPT 474 tristate "FCrypt" 475 select CRYPTO_ALGAPI 476 select CRYPTO_SKCIPHER 477 help 478 FCrypt algorithm used by RxRPC 479 480 See https://ota.polyonymo.us/fcrypt-paper.txt 481 482 config CRYPTO_KHAZAD 483 tristate "Khazad" 484 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 485 select CRYPTO_ALGAPI 486 help 487 Khazad cipher algorithm 488 489 Khazad was a finalist in the initial NESSIE competition. It is 490 an algorithm optimized for 64-bit processors with good performance 491 on 32-bit processors. Khazad uses an 128 bit key size. 492 493 See https://web.archive.org/web/20171011071731/http://www.larc.usp.br/~pbarreto/KhazadPage.html 494 for further information. 495 496 config CRYPTO_SEED 497 tristate "SEED" 498 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 499 select CRYPTO_ALGAPI 500 help 501 SEED cipher algorithm (RFC4269, ISO/IEC 18033-3) 502 503 SEED is a 128-bit symmetric key block cipher that has been 504 developed by KISA (Korea Information Security Agency) as a 505 national standard encryption algorithm of the Republic of Korea. 506 It is a 16 round block cipher with the key size of 128 bit. 507 508 See https://seed.kisa.or.kr/kisa/algorithm/EgovSeedInfo.do 509 for further information. 510 511 config CRYPTO_SERPENT 512 tristate "Serpent" 513 select CRYPTO_ALGAPI 514 help 515 Serpent cipher algorithm, by Anderson, Biham & Knudsen 516 517 Keys are allowed to be from 0 to 256 bits in length, in steps 518 of 8 bits. 519 520 See https://www.cl.cam.ac.uk/~rja14/serpent.html for further information. 521 522 config CRYPTO_SM4 523 tristate 524 525 config CRYPTO_SM4_GENERIC 526 tristate "SM4 (ShangMi 4)" 527 select CRYPTO_ALGAPI 528 select CRYPTO_SM4 529 help 530 SM4 cipher algorithms (OSCCA GB/T 32907-2016, 531 ISO/IEC 18033-3:2010/Amd 1:2021) 532 533 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 534 Organization of State Commercial Administration of China (OSCCA) 535 as an authorized cryptographic algorithms for the use within China. 536 537 SMS4 was originally created for use in protecting wireless 538 networks, and is mandated in the Chinese National Standard for 539 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 540 (GB.15629.11-2003). 541 542 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 543 standardized through TC 260 of the Standardization Administration 544 of the People's Republic of China (SAC). 545 546 The input, output, and key of SMS4 are each 128 bits. 547 548 See https://eprint.iacr.org/2008/329.pdf for further information. 549 550 If unsure, say N. 551 552 config CRYPTO_TEA 553 tristate "TEA, XTEA and XETA" 554 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 555 select CRYPTO_ALGAPI 556 help 557 TEA (Tiny Encryption Algorithm) cipher algorithms 558 559 Tiny Encryption Algorithm is a simple cipher that uses 560 many rounds for security. It is very fast and uses 561 little memory. 562 563 Xtendend Tiny Encryption Algorithm is a modification to 564 the TEA algorithm to address a potential key weakness 565 in the TEA algorithm. 566 567 Xtendend Encryption Tiny Algorithm is a mis-implementation 568 of the XTEA algorithm for compatibility purposes. 569 570 config CRYPTO_TWOFISH 571 tristate "Twofish" 572 select CRYPTO_ALGAPI 573 select CRYPTO_TWOFISH_COMMON 574 help 575 Twofish cipher algorithm 576 577 Twofish was submitted as an AES (Advanced Encryption Standard) 578 candidate cipher by researchers at CounterPane Systems. It is a 579 16 round block cipher supporting key sizes of 128, 192, and 256 580 bits. 581 582 See https://www.schneier.com/twofish.html for further information. 583 584 config CRYPTO_TWOFISH_COMMON 585 tristate 586 help 587 Common parts of the Twofish cipher algorithm shared by the 588 generic c and the assembler implementations. 589 590 endmenu 591 592 menu "Length-preserving ciphers and modes" 593 594 config CRYPTO_ADIANTUM 595 tristate "Adiantum" 596 select CRYPTO_CHACHA20 597 select CRYPTO_LIB_POLY1305_GENERIC 598 select CRYPTO_NHPOLY1305 599 select CRYPTO_MANAGER 600 help 601 Adiantum tweakable, length-preserving encryption mode 602 603 Designed for fast and secure disk encryption, especially on 604 CPUs without dedicated crypto instructions. It encrypts 605 each sector using the XChaCha12 stream cipher, two passes of 606 an ε-almost-∆-universal hash function, and an invocation of 607 the AES-256 block cipher on a single 16-byte block. On CPUs 608 without AES instructions, Adiantum is much faster than 609 AES-XTS. 610 611 Adiantum's security is provably reducible to that of its 612 underlying stream and block ciphers, subject to a security 613 bound. Unlike XTS, Adiantum is a true wide-block encryption 614 mode, so it actually provides an even stronger notion of 615 security than XTS, subject to the security bound. 616 617 If unsure, say N. 618 619 config CRYPTO_ARC4 620 tristate "ARC4 (Alleged Rivest Cipher 4)" 621 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 622 select CRYPTO_SKCIPHER 623 select CRYPTO_LIB_ARC4 624 help 625 ARC4 cipher algorithm 626 627 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 628 bits in length. This algorithm is required for driver-based 629 WEP, but it should not be for other purposes because of the 630 weakness of the algorithm. 631 632 config CRYPTO_CHACHA20 633 tristate "ChaCha" 634 select CRYPTO_LIB_CHACHA_GENERIC 635 select CRYPTO_SKCIPHER 636 help 637 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms 638 639 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 640 Bernstein and further specified in RFC7539 for use in IETF protocols. 641 This is the portable C implementation of ChaCha20. See 642 https://cr.yp.to/chacha/chacha-20080128.pdf for further information. 643 644 XChaCha20 is the application of the XSalsa20 construction to ChaCha20 645 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 646 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 647 while provably retaining ChaCha20's security. See 648 https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information. 649 650 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 651 reduced security margin but increased performance. It can be needed 652 in some performance-sensitive scenarios. 653 654 config CRYPTO_CBC 655 tristate "CBC (Cipher Block Chaining)" 656 select CRYPTO_SKCIPHER 657 select CRYPTO_MANAGER 658 help 659 CBC (Cipher Block Chaining) mode (NIST SP800-38A) 660 661 This block cipher mode is required for IPSec ESP (XFRM_ESP). 662 663 config CRYPTO_CFB 664 tristate "CFB (Cipher Feedback)" 665 select CRYPTO_SKCIPHER 666 select CRYPTO_MANAGER 667 help 668 CFB (Cipher Feedback) mode (NIST SP800-38A) 669 670 This block cipher mode is required for TPM2 Cryptography. 671 672 config CRYPTO_CTR 673 tristate "CTR (Counter)" 674 select CRYPTO_SKCIPHER 675 select CRYPTO_MANAGER 676 help 677 CTR (Counter) mode (NIST SP800-38A) 678 679 config CRYPTO_CTS 680 tristate "CTS (Cipher Text Stealing)" 681 select CRYPTO_SKCIPHER 682 select CRYPTO_MANAGER 683 help 684 CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST 685 Addendum to SP800-38A (October 2010)) 686 687 This mode is required for Kerberos gss mechanism support 688 for AES encryption. 689 690 config CRYPTO_ECB 691 tristate "ECB (Electronic Codebook)" 692 select CRYPTO_SKCIPHER 693 select CRYPTO_MANAGER 694 help 695 ECB (Electronic Codebook) mode (NIST SP800-38A) 696 697 config CRYPTO_HCTR2 698 tristate "HCTR2" 699 select CRYPTO_XCTR 700 select CRYPTO_POLYVAL 701 select CRYPTO_MANAGER 702 help 703 HCTR2 length-preserving encryption mode 704 705 A mode for storage encryption that is efficient on processors with 706 instructions to accelerate AES and carryless multiplication, e.g. 707 x86 processors with AES-NI and CLMUL, and ARM processors with the 708 ARMv8 crypto extensions. 709 710 See https://eprint.iacr.org/2021/1441 711 712 config CRYPTO_KEYWRAP 713 tristate "KW (AES Key Wrap)" 714 select CRYPTO_SKCIPHER 715 select CRYPTO_MANAGER 716 help 717 KW (AES Key Wrap) authenticated encryption mode (NIST SP800-38F 718 and RFC3394) without padding. 719 720 config CRYPTO_LRW 721 tristate "LRW (Liskov Rivest Wagner)" 722 select CRYPTO_LIB_GF128MUL 723 select CRYPTO_SKCIPHER 724 select CRYPTO_MANAGER 725 select CRYPTO_ECB 726 help 727 LRW (Liskov Rivest Wagner) mode 728 729 A tweakable, non malleable, non movable 730 narrow block cipher mode for dm-crypt. Use it with cipher 731 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 732 The first 128, 192 or 256 bits in the key are used for AES and the 733 rest is used to tie each cipher block to its logical position. 734 735 See https://people.csail.mit.edu/rivest/pubs/LRW02.pdf 736 737 config CRYPTO_OFB 738 tristate "OFB (Output Feedback)" 739 select CRYPTO_SKCIPHER 740 select CRYPTO_MANAGER 741 help 742 OFB (Output Feedback) mode (NIST SP800-38A) 743 744 This mode makes a block cipher into a synchronous 745 stream cipher. It generates keystream blocks, which are then XORed 746 with the plaintext blocks to get the ciphertext. Flipping a bit in the 747 ciphertext produces a flipped bit in the plaintext at the same 748 location. This property allows many error correcting codes to function 749 normally even when applied before encryption. 750 751 config CRYPTO_PCBC 752 tristate "PCBC (Propagating Cipher Block Chaining)" 753 select CRYPTO_SKCIPHER 754 select CRYPTO_MANAGER 755 help 756 PCBC (Propagating Cipher Block Chaining) mode 757 758 This block cipher mode is required for RxRPC. 759 760 config CRYPTO_XCTR 761 tristate 762 select CRYPTO_SKCIPHER 763 select CRYPTO_MANAGER 764 help 765 XCTR (XOR Counter) mode for HCTR2 766 767 This blockcipher mode is a variant of CTR mode using XORs and little-endian 768 addition rather than big-endian arithmetic. 769 770 XCTR mode is used to implement HCTR2. 771 772 config CRYPTO_XTS 773 tristate "XTS (XOR Encrypt XOR with ciphertext stealing)" 774 select CRYPTO_SKCIPHER 775 select CRYPTO_MANAGER 776 select CRYPTO_ECB 777 help 778 XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E 779 and IEEE 1619) 780 781 Use with aes-xts-plain, key size 256, 384 or 512 bits. This 782 implementation currently can't handle a sectorsize which is not a 783 multiple of 16 bytes. 784 785 config CRYPTO_NHPOLY1305 786 tristate 787 select CRYPTO_HASH 788 select CRYPTO_LIB_POLY1305_GENERIC 789 790 endmenu 791 792 menu "AEAD (authenticated encryption with associated data) ciphers" 793 794 config CRYPTO_AEGIS128 795 tristate "AEGIS-128" 796 select CRYPTO_AEAD 797 select CRYPTO_AES # for AES S-box tables 798 help 799 AEGIS-128 AEAD algorithm 800 801 config CRYPTO_AEGIS128_SIMD 802 bool "AEGIS-128 (arm NEON, arm64 NEON)" 803 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) 804 default y 805 help 806 AEGIS-128 AEAD algorithm 807 808 Architecture: arm or arm64 using: 809 - NEON (Advanced SIMD) extension 810 811 config CRYPTO_CHACHA20POLY1305 812 tristate "ChaCha20-Poly1305" 813 select CRYPTO_CHACHA20 814 select CRYPTO_POLY1305 815 select CRYPTO_AEAD 816 select CRYPTO_MANAGER 817 help 818 ChaCha20 stream cipher and Poly1305 authenticator combined 819 mode (RFC8439) 820 821 config CRYPTO_CCM 822 tristate "CCM (Counter with Cipher Block Chaining-MAC)" 823 select CRYPTO_CTR 824 select CRYPTO_HASH 825 select CRYPTO_AEAD 826 select CRYPTO_MANAGER 827 help 828 CCM (Counter with Cipher Block Chaining-Message Authentication Code) 829 authenticated encryption mode (NIST SP800-38C) 830 831 config CRYPTO_GCM 832 tristate "GCM (Galois/Counter Mode) and GMAC (GCM MAC)" 833 select CRYPTO_CTR 834 select CRYPTO_AEAD 835 select CRYPTO_GHASH 836 select CRYPTO_NULL 837 select CRYPTO_MANAGER 838 help 839 GCM (Galois/Counter Mode) authenticated encryption mode and GMAC 840 (GCM Message Authentication Code) (NIST SP800-38D) 841 842 This is required for IPSec ESP (XFRM_ESP). 843 844 config CRYPTO_GENIV 845 tristate 846 select CRYPTO_AEAD 847 select CRYPTO_NULL 848 select CRYPTO_MANAGER 849 select CRYPTO_RNG_DEFAULT 850 851 config CRYPTO_SEQIV 852 tristate "Sequence Number IV Generator" 853 select CRYPTO_GENIV 854 help 855 Sequence Number IV generator 856 857 This IV generator generates an IV based on a sequence number by 858 xoring it with a salt. This algorithm is mainly useful for CTR. 859 860 This is required for IPsec ESP (XFRM_ESP). 861 862 config CRYPTO_ECHAINIV 863 tristate "Encrypted Chain IV Generator" 864 select CRYPTO_GENIV 865 help 866 Encrypted Chain IV generator 867 868 This IV generator generates an IV based on the encryption of 869 a sequence number xored with a salt. This is the default 870 algorithm for CBC. 871 872 config CRYPTO_ESSIV 873 tristate "Encrypted Salt-Sector IV Generator" 874 select CRYPTO_AUTHENC 875 help 876 Encrypted Salt-Sector IV generator 877 878 This IV generator is used in some cases by fscrypt and/or 879 dm-crypt. It uses the hash of the block encryption key as the 880 symmetric key for a block encryption pass applied to the input 881 IV, making low entropy IV sources more suitable for block 882 encryption. 883 884 This driver implements a crypto API template that can be 885 instantiated either as an skcipher or as an AEAD (depending on the 886 type of the first template argument), and which defers encryption 887 and decryption requests to the encapsulated cipher after applying 888 ESSIV to the input IV. Note that in the AEAD case, it is assumed 889 that the keys are presented in the same format used by the authenc 890 template, and that the IV appears at the end of the authenticated 891 associated data (AAD) region (which is how dm-crypt uses it.) 892 893 Note that the use of ESSIV is not recommended for new deployments, 894 and so this only needs to be enabled when interoperability with 895 existing encrypted volumes of filesystems is required, or when 896 building for a particular system that requires it (e.g., when 897 the SoC in question has accelerated CBC but not XTS, making CBC 898 combined with ESSIV the only feasible mode for h/w accelerated 899 block encryption) 900 901 endmenu 902 903 menu "Hashes, digests, and MACs" 904 905 config CRYPTO_BLAKE2B 906 tristate "BLAKE2b" 907 select CRYPTO_HASH 908 help 909 BLAKE2b cryptographic hash function (RFC 7693) 910 911 BLAKE2b is optimized for 64-bit platforms and can produce digests 912 of any size between 1 and 64 bytes. The keyed hash is also implemented. 913 914 This module provides the following algorithms: 915 - blake2b-160 916 - blake2b-256 917 - blake2b-384 918 - blake2b-512 919 920 Used by the btrfs filesystem. 921 922 See https://blake2.net for further information. 923 924 config CRYPTO_CMAC 925 tristate "CMAC (Cipher-based MAC)" 926 select CRYPTO_HASH 927 select CRYPTO_MANAGER 928 help 929 CMAC (Cipher-based Message Authentication Code) authentication 930 mode (NIST SP800-38B and IETF RFC4493) 931 932 config CRYPTO_GHASH 933 tristate "GHASH" 934 select CRYPTO_HASH 935 select CRYPTO_LIB_GF128MUL 936 help 937 GCM GHASH function (NIST SP800-38D) 938 939 config CRYPTO_HMAC 940 tristate "HMAC (Keyed-Hash MAC)" 941 select CRYPTO_HASH 942 select CRYPTO_MANAGER 943 help 944 HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and 945 RFC2104) 946 947 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP). 948 949 config CRYPTO_MD4 950 tristate "MD4" 951 select CRYPTO_HASH 952 help 953 MD4 message digest algorithm (RFC1320) 954 955 config CRYPTO_MD5 956 tristate "MD5" 957 select CRYPTO_HASH 958 help 959 MD5 message digest algorithm (RFC1321) 960 961 config CRYPTO_MICHAEL_MIC 962 tristate "Michael MIC" 963 select CRYPTO_HASH 964 help 965 Michael MIC (Message Integrity Code) (IEEE 802.11i) 966 967 Defined by the IEEE 802.11i TKIP (Temporal Key Integrity Protocol), 968 known as WPA (Wif-Fi Protected Access). 969 970 This algorithm is required for TKIP, but it should not be used for 971 other purposes because of the weakness of the algorithm. 972 973 config CRYPTO_POLYVAL 974 tristate 975 select CRYPTO_HASH 976 select CRYPTO_LIB_GF128MUL 977 help 978 POLYVAL hash function for HCTR2 979 980 This is used in HCTR2. It is not a general-purpose 981 cryptographic hash function. 982 983 config CRYPTO_POLY1305 984 tristate "Poly1305" 985 select CRYPTO_HASH 986 select CRYPTO_LIB_POLY1305_GENERIC 987 help 988 Poly1305 authenticator algorithm (RFC7539) 989 990 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 991 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 992 in IETF protocols. This is the portable C implementation of Poly1305. 993 994 config CRYPTO_RMD160 995 tristate "RIPEMD-160" 996 select CRYPTO_HASH 997 help 998 RIPEMD-160 hash function (ISO/IEC 10118-3) 999 1000 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 1001 to be used as a secure replacement for the 128-bit hash functions 1002 MD4, MD5 and its predecessor RIPEMD 1003 (not to be confused with RIPEMD-128). 1004 1005 Its speed is comparable to SHA-1 and there are no known attacks 1006 against RIPEMD-160. 1007 1008 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 1009 See https://homes.esat.kuleuven.be/~bosselae/ripemd160.html 1010 for further information. 1011 1012 config CRYPTO_SHA1 1013 tristate "SHA-1" 1014 select CRYPTO_HASH 1015 select CRYPTO_LIB_SHA1 1016 help 1017 SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3) 1018 1019 config CRYPTO_SHA256 1020 tristate "SHA-224 and SHA-256" 1021 select CRYPTO_HASH 1022 select CRYPTO_LIB_SHA256 1023 help 1024 SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 10118-3) 1025 1026 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP). 1027 Used by the btrfs filesystem, Ceph, NFS, and SMB. 1028 1029 config CRYPTO_SHA512 1030 tristate "SHA-384 and SHA-512" 1031 select CRYPTO_HASH 1032 help 1033 SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 10118-3) 1034 1035 config CRYPTO_SHA3 1036 tristate "SHA-3" 1037 select CRYPTO_HASH 1038 help 1039 SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3) 1040 1041 config CRYPTO_SM3 1042 tristate 1043 1044 config CRYPTO_SM3_GENERIC 1045 tristate "SM3 (ShangMi 3)" 1046 select CRYPTO_HASH 1047 select CRYPTO_SM3 1048 help 1049 SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3) 1050 1051 This is part of the Chinese Commercial Cryptography suite. 1052 1053 References: 1054 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 1055 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 1056 1057 config CRYPTO_STREEBOG 1058 tristate "Streebog" 1059 select CRYPTO_HASH 1060 help 1061 Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3) 1062 1063 This is one of the Russian cryptographic standard algorithms (called 1064 GOST algorithms). This setting enables two hash algorithms with 1065 256 and 512 bits output. 1066 1067 References: 1068 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 1069 https://tools.ietf.org/html/rfc6986 1070 1071 config CRYPTO_VMAC 1072 tristate "VMAC" 1073 select CRYPTO_HASH 1074 select CRYPTO_MANAGER 1075 help 1076 VMAC is a message authentication algorithm designed for 1077 very high speed on 64-bit architectures. 1078 1079 See https://fastcrypto.org/vmac for further information. 1080 1081 config CRYPTO_WP512 1082 tristate "Whirlpool" 1083 select CRYPTO_HASH 1084 help 1085 Whirlpool hash function (ISO/IEC 10118-3) 1086 1087 512, 384 and 256-bit hashes. 1088 1089 Whirlpool-512 is part of the NESSIE cryptographic primitives. 1090 1091 See https://web.archive.org/web/20171129084214/http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html 1092 for further information. 1093 1094 config CRYPTO_XCBC 1095 tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)" 1096 select CRYPTO_HASH 1097 select CRYPTO_MANAGER 1098 help 1099 XCBC-MAC (Extended Cipher Block Chaining Message Authentication 1100 Code) (RFC3566) 1101 1102 config CRYPTO_XXHASH 1103 tristate "xxHash" 1104 select CRYPTO_HASH 1105 select XXHASH 1106 help 1107 xxHash non-cryptographic hash algorithm 1108 1109 Extremely fast, working at speeds close to RAM limits. 1110 1111 Used by the btrfs filesystem. 1112 1113 endmenu 1114 1115 menu "CRCs (cyclic redundancy checks)" 1116 1117 config CRYPTO_CRC32C 1118 tristate "CRC32c" 1119 select CRYPTO_HASH 1120 select CRC32 1121 help 1122 CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720) 1123 1124 A 32-bit CRC (cyclic redundancy check) with a polynomial defined 1125 by G. Castagnoli, S. Braeuer and M. Herrman in "Optimization of Cyclic 1126 Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions 1127 on Communications, Vol. 41, No. 6, June 1993, selected for use with 1128 iSCSI. 1129 1130 Used by btrfs, ext4, jbd2, NVMeoF/TCP, and iSCSI. 1131 1132 config CRYPTO_CRC32 1133 tristate "CRC32" 1134 select CRYPTO_HASH 1135 select CRC32 1136 help 1137 CRC32 CRC algorithm (IEEE 802.3) 1138 1139 Used by RoCEv2 and f2fs. 1140 1141 config CRYPTO_CRCT10DIF 1142 tristate "CRCT10DIF" 1143 select CRYPTO_HASH 1144 help 1145 CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF) 1146 1147 CRC algorithm used by the SCSI Block Commands standard. 1148 1149 config CRYPTO_CRC64_ROCKSOFT 1150 tristate "CRC64 based on Rocksoft Model algorithm" 1151 depends on CRC64 1152 select CRYPTO_HASH 1153 help 1154 CRC64 CRC algorithm based on the Rocksoft Model CRC Algorithm 1155 1156 Used by the NVMe implementation of T10 DIF (BLK_DEV_INTEGRITY) 1157 1158 See https://zlib.net/crc_v3.txt 1159 1160 endmenu 1161 1162 menu "Compression" 1163 1164 config CRYPTO_DEFLATE 1165 tristate "Deflate" 1166 select CRYPTO_ALGAPI 1167 select CRYPTO_ACOMP2 1168 select ZLIB_INFLATE 1169 select ZLIB_DEFLATE 1170 help 1171 Deflate compression algorithm (RFC1951) 1172 1173 Used by IPSec with the IPCOMP protocol (RFC3173, RFC2394) 1174 1175 config CRYPTO_LZO 1176 tristate "LZO" 1177 select CRYPTO_ALGAPI 1178 select CRYPTO_ACOMP2 1179 select LZO_COMPRESS 1180 select LZO_DECOMPRESS 1181 help 1182 LZO compression algorithm 1183 1184 See https://www.oberhumer.com/opensource/lzo/ for further information. 1185 1186 config CRYPTO_842 1187 tristate "842" 1188 select CRYPTO_ALGAPI 1189 select CRYPTO_ACOMP2 1190 select 842_COMPRESS 1191 select 842_DECOMPRESS 1192 help 1193 842 compression algorithm by IBM 1194 1195 See https://github.com/plauth/lib842 for further information. 1196 1197 config CRYPTO_LZ4 1198 tristate "LZ4" 1199 select CRYPTO_ALGAPI 1200 select CRYPTO_ACOMP2 1201 select LZ4_COMPRESS 1202 select LZ4_DECOMPRESS 1203 help 1204 LZ4 compression algorithm 1205 1206 See https://github.com/lz4/lz4 for further information. 1207 1208 config CRYPTO_LZ4HC 1209 tristate "LZ4HC" 1210 select CRYPTO_ALGAPI 1211 select CRYPTO_ACOMP2 1212 select LZ4HC_COMPRESS 1213 select LZ4_DECOMPRESS 1214 help 1215 LZ4 high compression mode algorithm 1216 1217 See https://github.com/lz4/lz4 for further information. 1218 1219 config CRYPTO_ZSTD 1220 tristate "Zstd" 1221 select CRYPTO_ALGAPI 1222 select CRYPTO_ACOMP2 1223 select ZSTD_COMPRESS 1224 select ZSTD_DECOMPRESS 1225 help 1226 zstd compression algorithm 1227 1228 See https://github.com/facebook/zstd for further information. 1229 1230 endmenu 1231 1232 menu "Random number generation" 1233 1234 config CRYPTO_ANSI_CPRNG 1235 tristate "ANSI PRNG (Pseudo Random Number Generator)" 1236 select CRYPTO_AES 1237 select CRYPTO_RNG 1238 help 1239 Pseudo RNG (random number generator) (ANSI X9.31 Appendix A.2.4) 1240 1241 This uses the AES cipher algorithm. 1242 1243 Note that this option must be enabled if CRYPTO_FIPS is selected 1244 1245 menuconfig CRYPTO_DRBG_MENU 1246 tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)" 1247 help 1248 DRBG (Deterministic Random Bit Generator) (NIST SP800-90A) 1249 1250 In the following submenu, one or more of the DRBG types must be selected. 1251 1252 if CRYPTO_DRBG_MENU 1253 1254 config CRYPTO_DRBG_HMAC 1255 bool 1256 default y 1257 select CRYPTO_HMAC 1258 select CRYPTO_SHA512 1259 1260 config CRYPTO_DRBG_HASH 1261 bool "Hash_DRBG" 1262 select CRYPTO_SHA256 1263 help 1264 Hash_DRBG variant as defined in NIST SP800-90A. 1265 1266 This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms. 1267 1268 config CRYPTO_DRBG_CTR 1269 bool "CTR_DRBG" 1270 select CRYPTO_AES 1271 select CRYPTO_CTR 1272 help 1273 CTR_DRBG variant as defined in NIST SP800-90A. 1274 1275 This uses the AES cipher algorithm with the counter block mode. 1276 1277 config CRYPTO_DRBG 1278 tristate 1279 default CRYPTO_DRBG_MENU 1280 select CRYPTO_RNG 1281 select CRYPTO_JITTERENTROPY 1282 1283 endif # if CRYPTO_DRBG_MENU 1284 1285 config CRYPTO_JITTERENTROPY 1286 tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)" 1287 select CRYPTO_RNG 1288 select CRYPTO_SHA3 1289 help 1290 CPU Jitter RNG (Random Number Generator) from the Jitterentropy library 1291 1292 A non-physical non-deterministic ("true") RNG (e.g., an entropy source 1293 compliant with NIST SP800-90B) intended to provide a seed to a 1294 deterministic RNG (e.g., per NIST SP800-90C). 1295 This RNG does not perform any cryptographic whitening of the generated 1296 random numbers. 1297 1298 See https://www.chronox.de/jent/ 1299 1300 config CRYPTO_JITTERENTROPY_TESTINTERFACE 1301 bool "CPU Jitter RNG Test Interface" 1302 depends on CRYPTO_JITTERENTROPY 1303 help 1304 The test interface allows a privileged process to capture 1305 the raw unconditioned high resolution time stamp noise that 1306 is collected by the Jitter RNG for statistical analysis. As 1307 this data is used at the same time to generate random bits, 1308 the Jitter RNG operates in an insecure mode as long as the 1309 recording is enabled. This interface therefore is only 1310 intended for testing purposes and is not suitable for 1311 production systems. 1312 1313 The raw noise data can be obtained using the jent_raw_hires 1314 debugfs file. Using the option 1315 jitterentropy_testing.boot_raw_hires_test=1 the raw noise of 1316 the first 1000 entropy events since boot can be sampled. 1317 1318 If unsure, select N. 1319 1320 config CRYPTO_KDF800108_CTR 1321 tristate 1322 select CRYPTO_HMAC 1323 select CRYPTO_SHA256 1324 1325 endmenu 1326 menu "Userspace interface" 1327 1328 config CRYPTO_USER_API 1329 tristate 1330 1331 config CRYPTO_USER_API_HASH 1332 tristate "Hash algorithms" 1333 depends on NET 1334 select CRYPTO_HASH 1335 select CRYPTO_USER_API 1336 help 1337 Enable the userspace interface for hash algorithms. 1338 1339 See Documentation/crypto/userspace-if.rst and 1340 https://www.chronox.de/libkcapi/html/index.html 1341 1342 config CRYPTO_USER_API_SKCIPHER 1343 tristate "Symmetric key cipher algorithms" 1344 depends on NET 1345 select CRYPTO_SKCIPHER 1346 select CRYPTO_USER_API 1347 help 1348 Enable the userspace interface for symmetric key cipher algorithms. 1349 1350 See Documentation/crypto/userspace-if.rst and 1351 https://www.chronox.de/libkcapi/html/index.html 1352 1353 config CRYPTO_USER_API_RNG 1354 tristate "RNG (random number generator) algorithms" 1355 depends on NET 1356 select CRYPTO_RNG 1357 select CRYPTO_USER_API 1358 help 1359 Enable the userspace interface for RNG (random number generator) 1360 algorithms. 1361 1362 See Documentation/crypto/userspace-if.rst and 1363 https://www.chronox.de/libkcapi/html/index.html 1364 1365 config CRYPTO_USER_API_RNG_CAVP 1366 bool "Enable CAVP testing of DRBG" 1367 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG 1368 help 1369 Enable extra APIs in the userspace interface for NIST CAVP 1370 (Cryptographic Algorithm Validation Program) testing: 1371 - resetting DRBG entropy 1372 - providing Additional Data 1373 1374 This should only be enabled for CAVP testing. You should say 1375 no unless you know what this is. 1376 1377 config CRYPTO_USER_API_AEAD 1378 tristate "AEAD cipher algorithms" 1379 depends on NET 1380 select CRYPTO_AEAD 1381 select CRYPTO_SKCIPHER 1382 select CRYPTO_NULL 1383 select CRYPTO_USER_API 1384 help 1385 Enable the userspace interface for AEAD cipher algorithms. 1386 1387 See Documentation/crypto/userspace-if.rst and 1388 https://www.chronox.de/libkcapi/html/index.html 1389 1390 config CRYPTO_USER_API_ENABLE_OBSOLETE 1391 bool "Obsolete cryptographic algorithms" 1392 depends on CRYPTO_USER_API 1393 default y 1394 help 1395 Allow obsolete cryptographic algorithms to be selected that have 1396 already been phased out from internal use by the kernel, and are 1397 only useful for userspace clients that still rely on them. 1398 1399 config CRYPTO_STATS 1400 bool "Crypto usage statistics" 1401 depends on CRYPTO_USER 1402 help 1403 Enable the gathering of crypto stats. 1404 1405 Enabling this option reduces the performance of the crypto API. It 1406 should only be enabled when there is actually a use case for it. 1407 1408 This collects data sizes, numbers of requests, and numbers 1409 of errors processed by: 1410 - AEAD ciphers (encrypt, decrypt) 1411 - asymmetric key ciphers (encrypt, decrypt, verify, sign) 1412 - symmetric key ciphers (encrypt, decrypt) 1413 - compression algorithms (compress, decompress) 1414 - hash algorithms (hash) 1415 - key-agreement protocol primitives (setsecret, generate 1416 public key, compute shared secret) 1417 - RNG (generate, seed) 1418 1419 endmenu 1420 1421 config CRYPTO_HASH_INFO 1422 bool 1423 1424 if !KMSAN # avoid false positives from assembly 1425 if ARM 1426 source "arch/arm/crypto/Kconfig" 1427 endif 1428 if ARM64 1429 source "arch/arm64/crypto/Kconfig" 1430 endif 1431 if LOONGARCH 1432 source "arch/loongarch/crypto/Kconfig" 1433 endif 1434 if MIPS 1435 source "arch/mips/crypto/Kconfig" 1436 endif 1437 if PPC 1438 source "arch/powerpc/crypto/Kconfig" 1439 endif 1440 if S390 1441 source "arch/s390/crypto/Kconfig" 1442 endif 1443 if SPARC 1444 source "arch/sparc/crypto/Kconfig" 1445 endif 1446 if X86 1447 source "arch/x86/crypto/Kconfig" 1448 endif 1449 endif 1450 1451 source "drivers/crypto/Kconfig" 1452 source "crypto/asymmetric_keys/Kconfig" 1453 source "certs/Kconfig" 1454 1455 endif # if CRYPTO 1456