1# SPDX-License-Identifier: GPL-2.0 2# 3# Generic algorithms support 4# 5config XOR_BLOCKS 6 tristate 7 8# 9# async_tx api: hardware offloaded memory transfer/transform support 10# 11source "crypto/async_tx/Kconfig" 12 13# 14# Cryptographic API Configuration 15# 16menuconfig CRYPTO 17 tristate "Cryptographic API" 18 help 19 This option provides the core Cryptographic API. 20 21if CRYPTO 22 23comment "Crypto core or helper" 24 25config CRYPTO_FIPS 26 bool "FIPS 200 compliance" 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 28 depends on (MODULE_SIG || !MODULES) 29 help 30 This option enables the fips boot option which is 31 required if you want the system to operate in a FIPS 200 32 certification. You should say no unless you know what 33 this is. 34 35config CRYPTO_ALGAPI 36 tristate 37 select CRYPTO_ALGAPI2 38 help 39 This option provides the API for cryptographic algorithms. 40 41config CRYPTO_ALGAPI2 42 tristate 43 44config CRYPTO_AEAD 45 tristate 46 select CRYPTO_AEAD2 47 select CRYPTO_ALGAPI 48 49config CRYPTO_AEAD2 50 tristate 51 select CRYPTO_ALGAPI2 52 select CRYPTO_NULL2 53 select CRYPTO_RNG2 54 55config CRYPTO_SKCIPHER 56 tristate 57 select CRYPTO_SKCIPHER2 58 select CRYPTO_ALGAPI 59 60config CRYPTO_SKCIPHER2 61 tristate 62 select CRYPTO_ALGAPI2 63 select CRYPTO_RNG2 64 65config CRYPTO_HASH 66 tristate 67 select CRYPTO_HASH2 68 select CRYPTO_ALGAPI 69 70config CRYPTO_HASH2 71 tristate 72 select CRYPTO_ALGAPI2 73 74config CRYPTO_RNG 75 tristate 76 select CRYPTO_RNG2 77 select CRYPTO_ALGAPI 78 79config CRYPTO_RNG2 80 tristate 81 select CRYPTO_ALGAPI2 82 83config CRYPTO_RNG_DEFAULT 84 tristate 85 select CRYPTO_DRBG_MENU 86 87config CRYPTO_AKCIPHER2 88 tristate 89 select CRYPTO_ALGAPI2 90 91config CRYPTO_AKCIPHER 92 tristate 93 select CRYPTO_AKCIPHER2 94 select CRYPTO_ALGAPI 95 96config CRYPTO_KPP2 97 tristate 98 select CRYPTO_ALGAPI2 99 100config CRYPTO_KPP 101 tristate 102 select CRYPTO_ALGAPI 103 select CRYPTO_KPP2 104 105config CRYPTO_ACOMP2 106 tristate 107 select CRYPTO_ALGAPI2 108 select SGL_ALLOC 109 110config CRYPTO_ACOMP 111 tristate 112 select CRYPTO_ALGAPI 113 select CRYPTO_ACOMP2 114 115config CRYPTO_MANAGER 116 tristate "Cryptographic algorithm manager" 117 select CRYPTO_MANAGER2 118 help 119 Create default cryptographic template instantiations such as 120 cbc(aes). 121 122config CRYPTO_MANAGER2 123 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 124 select CRYPTO_AEAD2 125 select CRYPTO_HASH2 126 select CRYPTO_SKCIPHER2 127 select CRYPTO_AKCIPHER2 128 select CRYPTO_KPP2 129 select CRYPTO_ACOMP2 130 131config CRYPTO_USER 132 tristate "Userspace cryptographic algorithm configuration" 133 depends on NET 134 select CRYPTO_MANAGER 135 help 136 Userspace configuration for cryptographic instantiations such as 137 cbc(aes). 138 139config CRYPTO_MANAGER_DISABLE_TESTS 140 bool "Disable run-time self tests" 141 default y 142 help 143 Disable run-time self tests that normally take place at 144 algorithm registration. 145 146config CRYPTO_MANAGER_EXTRA_TESTS 147 bool "Enable extra run-time crypto self tests" 148 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS 149 help 150 Enable extra run-time self tests of registered crypto algorithms, 151 including randomized fuzz tests. 152 153 This is intended for developer use only, as these tests take much 154 longer to run than the normal self tests. 155 156config CRYPTO_GF128MUL 157 tristate 158 159config CRYPTO_NULL 160 tristate "Null algorithms" 161 select CRYPTO_NULL2 162 help 163 These are 'Null' algorithms, used by IPsec, which do nothing. 164 165config CRYPTO_NULL2 166 tristate 167 select CRYPTO_ALGAPI2 168 select CRYPTO_SKCIPHER2 169 select CRYPTO_HASH2 170 171config CRYPTO_PCRYPT 172 tristate "Parallel crypto engine" 173 depends on SMP 174 select PADATA 175 select CRYPTO_MANAGER 176 select CRYPTO_AEAD 177 help 178 This converts an arbitrary crypto algorithm into a parallel 179 algorithm that executes in kernel threads. 180 181config CRYPTO_CRYPTD 182 tristate "Software async crypto daemon" 183 select CRYPTO_SKCIPHER 184 select CRYPTO_HASH 185 select CRYPTO_MANAGER 186 help 187 This is a generic software asynchronous crypto daemon that 188 converts an arbitrary synchronous software crypto algorithm 189 into an asynchronous algorithm that executes in a kernel thread. 190 191config CRYPTO_AUTHENC 192 tristate "Authenc support" 193 select CRYPTO_AEAD 194 select CRYPTO_SKCIPHER 195 select CRYPTO_MANAGER 196 select CRYPTO_HASH 197 select CRYPTO_NULL 198 help 199 Authenc: Combined mode wrapper for IPsec. 200 This is required for IPSec. 201 202config CRYPTO_TEST 203 tristate "Testing module" 204 depends on m 205 select CRYPTO_MANAGER 206 help 207 Quick & dirty crypto test module. 208 209config CRYPTO_SIMD 210 tristate 211 select CRYPTO_CRYPTD 212 213config CRYPTO_GLUE_HELPER_X86 214 tristate 215 depends on X86 216 select CRYPTO_SKCIPHER 217 218config CRYPTO_ENGINE 219 tristate 220 221comment "Public-key cryptography" 222 223config CRYPTO_RSA 224 tristate "RSA algorithm" 225 select CRYPTO_AKCIPHER 226 select CRYPTO_MANAGER 227 select MPILIB 228 select ASN1 229 help 230 Generic implementation of the RSA public key algorithm. 231 232config CRYPTO_DH 233 tristate "Diffie-Hellman algorithm" 234 select CRYPTO_KPP 235 select MPILIB 236 help 237 Generic implementation of the Diffie-Hellman algorithm. 238 239config CRYPTO_ECC 240 tristate 241 242config CRYPTO_ECDH 243 tristate "ECDH algorithm" 244 select CRYPTO_ECC 245 select CRYPTO_KPP 246 select CRYPTO_RNG_DEFAULT 247 help 248 Generic implementation of the ECDH algorithm 249 250config CRYPTO_ECRDSA 251 tristate "EC-RDSA (GOST 34.10) algorithm" 252 select CRYPTO_ECC 253 select CRYPTO_AKCIPHER 254 select CRYPTO_STREEBOG 255 select OID_REGISTRY 256 select ASN1 257 help 258 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 259 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic 260 standard algorithms (called GOST algorithms). Only signature verification 261 is implemented. 262 263config CRYPTO_CURVE25519 264 tristate "Curve25519 algorithm" 265 select CRYPTO_KPP 266 select CRYPTO_LIB_CURVE25519_GENERIC 267 268config CRYPTO_CURVE25519_X86 269 tristate "x86_64 accelerated Curve25519 scalar multiplication library" 270 depends on X86 && 64BIT 271 select CRYPTO_LIB_CURVE25519_GENERIC 272 select CRYPTO_ARCH_HAVE_LIB_CURVE25519 273 274comment "Authenticated Encryption with Associated Data" 275 276config CRYPTO_CCM 277 tristate "CCM support" 278 select CRYPTO_CTR 279 select CRYPTO_HASH 280 select CRYPTO_AEAD 281 select CRYPTO_MANAGER 282 help 283 Support for Counter with CBC MAC. Required for IPsec. 284 285config CRYPTO_GCM 286 tristate "GCM/GMAC support" 287 select CRYPTO_CTR 288 select CRYPTO_AEAD 289 select CRYPTO_GHASH 290 select CRYPTO_NULL 291 select CRYPTO_MANAGER 292 help 293 Support for Galois/Counter Mode (GCM) and Galois Message 294 Authentication Code (GMAC). Required for IPSec. 295 296config CRYPTO_CHACHA20POLY1305 297 tristate "ChaCha20-Poly1305 AEAD support" 298 select CRYPTO_CHACHA20 299 select CRYPTO_POLY1305 300 select CRYPTO_AEAD 301 select CRYPTO_MANAGER 302 help 303 ChaCha20-Poly1305 AEAD support, RFC7539. 304 305 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 306 with the Poly1305 authenticator. It is defined in RFC7539 for use in 307 IETF protocols. 308 309config CRYPTO_AEGIS128 310 tristate "AEGIS-128 AEAD algorithm" 311 select CRYPTO_AEAD 312 select CRYPTO_AES # for AES S-box tables 313 help 314 Support for the AEGIS-128 dedicated AEAD algorithm. 315 316config CRYPTO_AEGIS128_SIMD 317 bool "Support SIMD acceleration for AEGIS-128" 318 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) 319 depends on !ARM || CC_IS_CLANG || GCC_VERSION >= 40800 320 default y 321 322config CRYPTO_AEGIS128_AESNI_SSE2 323 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 324 depends on X86 && 64BIT 325 select CRYPTO_AEAD 326 select CRYPTO_SIMD 327 help 328 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm. 329 330config CRYPTO_SEQIV 331 tristate "Sequence Number IV Generator" 332 select CRYPTO_AEAD 333 select CRYPTO_SKCIPHER 334 select CRYPTO_NULL 335 select CRYPTO_RNG_DEFAULT 336 select CRYPTO_MANAGER 337 help 338 This IV generator generates an IV based on a sequence number by 339 xoring it with a salt. This algorithm is mainly useful for CTR 340 341config CRYPTO_ECHAINIV 342 tristate "Encrypted Chain IV Generator" 343 select CRYPTO_AEAD 344 select CRYPTO_NULL 345 select CRYPTO_RNG_DEFAULT 346 select CRYPTO_MANAGER 347 help 348 This IV generator generates an IV based on the encryption of 349 a sequence number xored with a salt. This is the default 350 algorithm for CBC. 351 352comment "Block modes" 353 354config CRYPTO_CBC 355 tristate "CBC support" 356 select CRYPTO_SKCIPHER 357 select CRYPTO_MANAGER 358 help 359 CBC: Cipher Block Chaining mode 360 This block cipher algorithm is required for IPSec. 361 362config CRYPTO_CFB 363 tristate "CFB support" 364 select CRYPTO_SKCIPHER 365 select CRYPTO_MANAGER 366 help 367 CFB: Cipher FeedBack mode 368 This block cipher algorithm is required for TPM2 Cryptography. 369 370config CRYPTO_CTR 371 tristate "CTR support" 372 select CRYPTO_SKCIPHER 373 select CRYPTO_MANAGER 374 help 375 CTR: Counter mode 376 This block cipher algorithm is required for IPSec. 377 378config CRYPTO_CTS 379 tristate "CTS support" 380 select CRYPTO_SKCIPHER 381 select CRYPTO_MANAGER 382 help 383 CTS: Cipher Text Stealing 384 This is the Cipher Text Stealing mode as described by 385 Section 8 of rfc2040 and referenced by rfc3962 386 (rfc3962 includes errata information in its Appendix A) or 387 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. 388 This mode is required for Kerberos gss mechanism support 389 for AES encryption. 390 391 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final 392 393config CRYPTO_ECB 394 tristate "ECB support" 395 select CRYPTO_SKCIPHER 396 select CRYPTO_MANAGER 397 help 398 ECB: Electronic CodeBook mode 399 This is the simplest block cipher algorithm. It simply encrypts 400 the input block by block. 401 402config CRYPTO_LRW 403 tristate "LRW support" 404 select CRYPTO_SKCIPHER 405 select CRYPTO_MANAGER 406 select CRYPTO_GF128MUL 407 help 408 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 409 narrow block cipher mode for dm-crypt. Use it with cipher 410 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 411 The first 128, 192 or 256 bits in the key are used for AES and the 412 rest is used to tie each cipher block to its logical position. 413 414config CRYPTO_OFB 415 tristate "OFB support" 416 select CRYPTO_SKCIPHER 417 select CRYPTO_MANAGER 418 help 419 OFB: the Output Feedback mode makes a block cipher into a synchronous 420 stream cipher. It generates keystream blocks, which are then XORed 421 with the plaintext blocks to get the ciphertext. Flipping a bit in the 422 ciphertext produces a flipped bit in the plaintext at the same 423 location. This property allows many error correcting codes to function 424 normally even when applied before encryption. 425 426config CRYPTO_PCBC 427 tristate "PCBC support" 428 select CRYPTO_SKCIPHER 429 select CRYPTO_MANAGER 430 help 431 PCBC: Propagating Cipher Block Chaining mode 432 This block cipher algorithm is required for RxRPC. 433 434config CRYPTO_XTS 435 tristate "XTS support" 436 select CRYPTO_SKCIPHER 437 select CRYPTO_MANAGER 438 select CRYPTO_ECB 439 help 440 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 441 key size 256, 384 or 512 bits. This implementation currently 442 can't handle a sectorsize which is not a multiple of 16 bytes. 443 444config CRYPTO_KEYWRAP 445 tristate "Key wrapping support" 446 select CRYPTO_SKCIPHER 447 select CRYPTO_MANAGER 448 help 449 Support for key wrapping (NIST SP800-38F / RFC3394) without 450 padding. 451 452config CRYPTO_NHPOLY1305 453 tristate 454 select CRYPTO_HASH 455 select CRYPTO_LIB_POLY1305_GENERIC 456 457config CRYPTO_NHPOLY1305_SSE2 458 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)" 459 depends on X86 && 64BIT 460 select CRYPTO_NHPOLY1305 461 help 462 SSE2 optimized implementation of the hash function used by the 463 Adiantum encryption mode. 464 465config CRYPTO_NHPOLY1305_AVX2 466 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)" 467 depends on X86 && 64BIT 468 select CRYPTO_NHPOLY1305 469 help 470 AVX2 optimized implementation of the hash function used by the 471 Adiantum encryption mode. 472 473config CRYPTO_ADIANTUM 474 tristate "Adiantum support" 475 select CRYPTO_CHACHA20 476 select CRYPTO_LIB_POLY1305_GENERIC 477 select CRYPTO_NHPOLY1305 478 select CRYPTO_MANAGER 479 help 480 Adiantum is a tweakable, length-preserving encryption mode 481 designed for fast and secure disk encryption, especially on 482 CPUs without dedicated crypto instructions. It encrypts 483 each sector using the XChaCha12 stream cipher, two passes of 484 an ε-almost-∆-universal hash function, and an invocation of 485 the AES-256 block cipher on a single 16-byte block. On CPUs 486 without AES instructions, Adiantum is much faster than 487 AES-XTS. 488 489 Adiantum's security is provably reducible to that of its 490 underlying stream and block ciphers, subject to a security 491 bound. Unlike XTS, Adiantum is a true wide-block encryption 492 mode, so it actually provides an even stronger notion of 493 security than XTS, subject to the security bound. 494 495 If unsure, say N. 496 497config CRYPTO_ESSIV 498 tristate "ESSIV support for block encryption" 499 select CRYPTO_AUTHENC 500 help 501 Encrypted salt-sector initialization vector (ESSIV) is an IV 502 generation method that is used in some cases by fscrypt and/or 503 dm-crypt. It uses the hash of the block encryption key as the 504 symmetric key for a block encryption pass applied to the input 505 IV, making low entropy IV sources more suitable for block 506 encryption. 507 508 This driver implements a crypto API template that can be 509 instantiated either as an skcipher or as an AEAD (depending on the 510 type of the first template argument), and which defers encryption 511 and decryption requests to the encapsulated cipher after applying 512 ESSIV to the input IV. Note that in the AEAD case, it is assumed 513 that the keys are presented in the same format used by the authenc 514 template, and that the IV appears at the end of the authenticated 515 associated data (AAD) region (which is how dm-crypt uses it.) 516 517 Note that the use of ESSIV is not recommended for new deployments, 518 and so this only needs to be enabled when interoperability with 519 existing encrypted volumes of filesystems is required, or when 520 building for a particular system that requires it (e.g., when 521 the SoC in question has accelerated CBC but not XTS, making CBC 522 combined with ESSIV the only feasible mode for h/w accelerated 523 block encryption) 524 525comment "Hash modes" 526 527config CRYPTO_CMAC 528 tristate "CMAC support" 529 select CRYPTO_HASH 530 select CRYPTO_MANAGER 531 help 532 Cipher-based Message Authentication Code (CMAC) specified by 533 The National Institute of Standards and Technology (NIST). 534 535 https://tools.ietf.org/html/rfc4493 536 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 537 538config CRYPTO_HMAC 539 tristate "HMAC support" 540 select CRYPTO_HASH 541 select CRYPTO_MANAGER 542 help 543 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 544 This is required for IPSec. 545 546config CRYPTO_XCBC 547 tristate "XCBC support" 548 select CRYPTO_HASH 549 select CRYPTO_MANAGER 550 help 551 XCBC: Keyed-Hashing with encryption algorithm 552 http://www.ietf.org/rfc/rfc3566.txt 553 http://csrc.nist.gov/encryption/modes/proposedmodes/ 554 xcbc-mac/xcbc-mac-spec.pdf 555 556config CRYPTO_VMAC 557 tristate "VMAC support" 558 select CRYPTO_HASH 559 select CRYPTO_MANAGER 560 help 561 VMAC is a message authentication algorithm designed for 562 very high speed on 64-bit architectures. 563 564 See also: 565 <http://fastcrypto.org/vmac> 566 567comment "Digest" 568 569config CRYPTO_CRC32C 570 tristate "CRC32c CRC algorithm" 571 select CRYPTO_HASH 572 select CRC32 573 help 574 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 575 by iSCSI for header and data digests and by others. 576 See Castagnoli93. Module will be crc32c. 577 578config CRYPTO_CRC32C_INTEL 579 tristate "CRC32c INTEL hardware acceleration" 580 depends on X86 581 select CRYPTO_HASH 582 help 583 In Intel processor with SSE4.2 supported, the processor will 584 support CRC32C implementation using hardware accelerated CRC32 585 instruction. This option will create 'crc32c-intel' module, 586 which will enable any routine to use the CRC32 instruction to 587 gain performance compared with software implementation. 588 Module will be crc32c-intel. 589 590config CRYPTO_CRC32C_VPMSUM 591 tristate "CRC32c CRC algorithm (powerpc64)" 592 depends on PPC64 && ALTIVEC 593 select CRYPTO_HASH 594 select CRC32 595 help 596 CRC32c algorithm implemented using vector polynomial multiply-sum 597 (vpmsum) instructions, introduced in POWER8. Enable on POWER8 598 and newer processors for improved performance. 599 600 601config CRYPTO_CRC32C_SPARC64 602 tristate "CRC32c CRC algorithm (SPARC64)" 603 depends on SPARC64 604 select CRYPTO_HASH 605 select CRC32 606 help 607 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 608 when available. 609 610config CRYPTO_CRC32 611 tristate "CRC32 CRC algorithm" 612 select CRYPTO_HASH 613 select CRC32 614 help 615 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 616 Shash crypto api wrappers to crc32_le function. 617 618config CRYPTO_CRC32_PCLMUL 619 tristate "CRC32 PCLMULQDQ hardware acceleration" 620 depends on X86 621 select CRYPTO_HASH 622 select CRC32 623 help 624 From Intel Westmere and AMD Bulldozer processor with SSE4.2 625 and PCLMULQDQ supported, the processor will support 626 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 627 instruction. This option will create 'crc32-pclmul' module, 628 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 629 and gain better performance as compared with the table implementation. 630 631config CRYPTO_CRC32_MIPS 632 tristate "CRC32c and CRC32 CRC algorithm (MIPS)" 633 depends on MIPS_CRC_SUPPORT 634 select CRYPTO_HASH 635 help 636 CRC32c and CRC32 CRC algorithms implemented using mips crypto 637 instructions, when available. 638 639 640config CRYPTO_XXHASH 641 tristate "xxHash hash algorithm" 642 select CRYPTO_HASH 643 select XXHASH 644 help 645 xxHash non-cryptographic hash algorithm. Extremely fast, working at 646 speeds close to RAM limits. 647 648config CRYPTO_BLAKE2B 649 tristate "BLAKE2b digest algorithm" 650 select CRYPTO_HASH 651 help 652 Implementation of cryptographic hash function BLAKE2b (or just BLAKE2), 653 optimized for 64bit platforms and can produce digests of any size 654 between 1 to 64. The keyed hash is also implemented. 655 656 This module provides the following algorithms: 657 658 - blake2b-160 659 - blake2b-256 660 - blake2b-384 661 - blake2b-512 662 663 See https://blake2.net for further information. 664 665config CRYPTO_BLAKE2S 666 tristate "BLAKE2s digest algorithm" 667 select CRYPTO_LIB_BLAKE2S_GENERIC 668 select CRYPTO_HASH 669 help 670 Implementation of cryptographic hash function BLAKE2s 671 optimized for 8-32bit platforms and can produce digests of any size 672 between 1 to 32. The keyed hash is also implemented. 673 674 This module provides the following algorithms: 675 676 - blake2s-128 677 - blake2s-160 678 - blake2s-224 679 - blake2s-256 680 681 See https://blake2.net for further information. 682 683config CRYPTO_BLAKE2S_X86 684 tristate "BLAKE2s digest algorithm (x86 accelerated version)" 685 depends on X86 && 64BIT 686 select CRYPTO_LIB_BLAKE2S_GENERIC 687 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S 688 689config CRYPTO_CRCT10DIF 690 tristate "CRCT10DIF algorithm" 691 select CRYPTO_HASH 692 help 693 CRC T10 Data Integrity Field computation is being cast as 694 a crypto transform. This allows for faster crc t10 diff 695 transforms to be used if they are available. 696 697config CRYPTO_CRCT10DIF_PCLMUL 698 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 699 depends on X86 && 64BIT && CRC_T10DIF 700 select CRYPTO_HASH 701 help 702 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 703 CRC T10 DIF PCLMULQDQ computation can be hardware 704 accelerated PCLMULQDQ instruction. This option will create 705 'crct10dif-pclmul' module, which is faster when computing the 706 crct10dif checksum as compared with the generic table implementation. 707 708config CRYPTO_CRCT10DIF_VPMSUM 709 tristate "CRC32T10DIF powerpc64 hardware acceleration" 710 depends on PPC64 && ALTIVEC && CRC_T10DIF 711 select CRYPTO_HASH 712 help 713 CRC10T10DIF algorithm implemented using vector polynomial 714 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 715 POWER8 and newer processors for improved performance. 716 717config CRYPTO_VPMSUM_TESTER 718 tristate "Powerpc64 vpmsum hardware acceleration tester" 719 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 720 help 721 Stress test for CRC32c and CRC-T10DIF algorithms implemented with 722 POWER8 vpmsum instructions. 723 Unless you are testing these algorithms, you don't need this. 724 725config CRYPTO_GHASH 726 tristate "GHASH hash function" 727 select CRYPTO_GF128MUL 728 select CRYPTO_HASH 729 help 730 GHASH is the hash function used in GCM (Galois/Counter Mode). 731 It is not a general-purpose cryptographic hash function. 732 733config CRYPTO_POLY1305 734 tristate "Poly1305 authenticator algorithm" 735 select CRYPTO_HASH 736 select CRYPTO_LIB_POLY1305_GENERIC 737 help 738 Poly1305 authenticator algorithm, RFC7539. 739 740 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 741 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 742 in IETF protocols. This is the portable C implementation of Poly1305. 743 744config CRYPTO_POLY1305_X86_64 745 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 746 depends on X86 && 64BIT 747 select CRYPTO_LIB_POLY1305_GENERIC 748 select CRYPTO_ARCH_HAVE_LIB_POLY1305 749 help 750 Poly1305 authenticator algorithm, RFC7539. 751 752 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 753 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 754 in IETF protocols. This is the x86_64 assembler implementation using SIMD 755 instructions. 756 757config CRYPTO_POLY1305_MIPS 758 tristate "Poly1305 authenticator algorithm (MIPS optimized)" 759 depends on CPU_MIPS32 || (CPU_MIPS64 && 64BIT) 760 select CRYPTO_ARCH_HAVE_LIB_POLY1305 761 762config CRYPTO_MD4 763 tristate "MD4 digest algorithm" 764 select CRYPTO_HASH 765 help 766 MD4 message digest algorithm (RFC1320). 767 768config CRYPTO_MD5 769 tristate "MD5 digest algorithm" 770 select CRYPTO_HASH 771 help 772 MD5 message digest algorithm (RFC1321). 773 774config CRYPTO_MD5_OCTEON 775 tristate "MD5 digest algorithm (OCTEON)" 776 depends on CPU_CAVIUM_OCTEON 777 select CRYPTO_MD5 778 select CRYPTO_HASH 779 help 780 MD5 message digest algorithm (RFC1321) implemented 781 using OCTEON crypto instructions, when available. 782 783config CRYPTO_MD5_PPC 784 tristate "MD5 digest algorithm (PPC)" 785 depends on PPC 786 select CRYPTO_HASH 787 help 788 MD5 message digest algorithm (RFC1321) implemented 789 in PPC assembler. 790 791config CRYPTO_MD5_SPARC64 792 tristate "MD5 digest algorithm (SPARC64)" 793 depends on SPARC64 794 select CRYPTO_MD5 795 select CRYPTO_HASH 796 help 797 MD5 message digest algorithm (RFC1321) implemented 798 using sparc64 crypto instructions, when available. 799 800config CRYPTO_MICHAEL_MIC 801 tristate "Michael MIC keyed digest algorithm" 802 select CRYPTO_HASH 803 help 804 Michael MIC is used for message integrity protection in TKIP 805 (IEEE 802.11i). This algorithm is required for TKIP, but it 806 should not be used for other purposes because of the weakness 807 of the algorithm. 808 809config CRYPTO_RMD128 810 tristate "RIPEMD-128 digest algorithm" 811 select CRYPTO_HASH 812 help 813 RIPEMD-128 (ISO/IEC 10118-3:2004). 814 815 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 816 be used as a secure replacement for RIPEMD. For other use cases, 817 RIPEMD-160 should be used. 818 819 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 820 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 821 822config CRYPTO_RMD160 823 tristate "RIPEMD-160 digest algorithm" 824 select CRYPTO_HASH 825 help 826 RIPEMD-160 (ISO/IEC 10118-3:2004). 827 828 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 829 to be used as a secure replacement for the 128-bit hash functions 830 MD4, MD5 and it's predecessor RIPEMD 831 (not to be confused with RIPEMD-128). 832 833 It's speed is comparable to SHA1 and there are no known attacks 834 against RIPEMD-160. 835 836 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 837 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 838 839config CRYPTO_RMD256 840 tristate "RIPEMD-256 digest algorithm" 841 select CRYPTO_HASH 842 help 843 RIPEMD-256 is an optional extension of RIPEMD-128 with a 844 256 bit hash. It is intended for applications that require 845 longer hash-results, without needing a larger security level 846 (than RIPEMD-128). 847 848 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 849 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 850 851config CRYPTO_RMD320 852 tristate "RIPEMD-320 digest algorithm" 853 select CRYPTO_HASH 854 help 855 RIPEMD-320 is an optional extension of RIPEMD-160 with a 856 320 bit hash. It is intended for applications that require 857 longer hash-results, without needing a larger security level 858 (than RIPEMD-160). 859 860 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 861 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 862 863config CRYPTO_SHA1 864 tristate "SHA1 digest algorithm" 865 select CRYPTO_HASH 866 help 867 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 868 869config CRYPTO_SHA1_SSSE3 870 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 871 depends on X86 && 64BIT 872 select CRYPTO_SHA1 873 select CRYPTO_HASH 874 help 875 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 876 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 877 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 878 when available. 879 880config CRYPTO_SHA256_SSSE3 881 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 882 depends on X86 && 64BIT 883 select CRYPTO_SHA256 884 select CRYPTO_HASH 885 help 886 SHA-256 secure hash standard (DFIPS 180-2) implemented 887 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 888 Extensions version 1 (AVX1), or Advanced Vector Extensions 889 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 890 Instructions) when available. 891 892config CRYPTO_SHA512_SSSE3 893 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 894 depends on X86 && 64BIT 895 select CRYPTO_SHA512 896 select CRYPTO_HASH 897 help 898 SHA-512 secure hash standard (DFIPS 180-2) implemented 899 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 900 Extensions version 1 (AVX1), or Advanced Vector Extensions 901 version 2 (AVX2) instructions, when available. 902 903config CRYPTO_SHA1_OCTEON 904 tristate "SHA1 digest algorithm (OCTEON)" 905 depends on CPU_CAVIUM_OCTEON 906 select CRYPTO_SHA1 907 select CRYPTO_HASH 908 help 909 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 910 using OCTEON crypto instructions, when available. 911 912config CRYPTO_SHA1_SPARC64 913 tristate "SHA1 digest algorithm (SPARC64)" 914 depends on SPARC64 915 select CRYPTO_SHA1 916 select CRYPTO_HASH 917 help 918 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 919 using sparc64 crypto instructions, when available. 920 921config CRYPTO_SHA1_PPC 922 tristate "SHA1 digest algorithm (powerpc)" 923 depends on PPC 924 help 925 This is the powerpc hardware accelerated implementation of the 926 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 927 928config CRYPTO_SHA1_PPC_SPE 929 tristate "SHA1 digest algorithm (PPC SPE)" 930 depends on PPC && SPE 931 help 932 SHA-1 secure hash standard (DFIPS 180-4) implemented 933 using powerpc SPE SIMD instruction set. 934 935config CRYPTO_SHA256 936 tristate "SHA224 and SHA256 digest algorithm" 937 select CRYPTO_HASH 938 select CRYPTO_LIB_SHA256 939 help 940 SHA256 secure hash standard (DFIPS 180-2). 941 942 This version of SHA implements a 256 bit hash with 128 bits of 943 security against collision attacks. 944 945 This code also includes SHA-224, a 224 bit hash with 112 bits 946 of security against collision attacks. 947 948config CRYPTO_SHA256_PPC_SPE 949 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 950 depends on PPC && SPE 951 select CRYPTO_SHA256 952 select CRYPTO_HASH 953 help 954 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 955 implemented using powerpc SPE SIMD instruction set. 956 957config CRYPTO_SHA256_OCTEON 958 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 959 depends on CPU_CAVIUM_OCTEON 960 select CRYPTO_SHA256 961 select CRYPTO_HASH 962 help 963 SHA-256 secure hash standard (DFIPS 180-2) implemented 964 using OCTEON crypto instructions, when available. 965 966config CRYPTO_SHA256_SPARC64 967 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 968 depends on SPARC64 969 select CRYPTO_SHA256 970 select CRYPTO_HASH 971 help 972 SHA-256 secure hash standard (DFIPS 180-2) implemented 973 using sparc64 crypto instructions, when available. 974 975config CRYPTO_SHA512 976 tristate "SHA384 and SHA512 digest algorithms" 977 select CRYPTO_HASH 978 help 979 SHA512 secure hash standard (DFIPS 180-2). 980 981 This version of SHA implements a 512 bit hash with 256 bits of 982 security against collision attacks. 983 984 This code also includes SHA-384, a 384 bit hash with 192 bits 985 of security against collision attacks. 986 987config CRYPTO_SHA512_OCTEON 988 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 989 depends on CPU_CAVIUM_OCTEON 990 select CRYPTO_SHA512 991 select CRYPTO_HASH 992 help 993 SHA-512 secure hash standard (DFIPS 180-2) implemented 994 using OCTEON crypto instructions, when available. 995 996config CRYPTO_SHA512_SPARC64 997 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 998 depends on SPARC64 999 select CRYPTO_SHA512 1000 select CRYPTO_HASH 1001 help 1002 SHA-512 secure hash standard (DFIPS 180-2) implemented 1003 using sparc64 crypto instructions, when available. 1004 1005config CRYPTO_SHA3 1006 tristate "SHA3 digest algorithm" 1007 select CRYPTO_HASH 1008 help 1009 SHA-3 secure hash standard (DFIPS 202). It's based on 1010 cryptographic sponge function family called Keccak. 1011 1012 References: 1013 http://keccak.noekeon.org/ 1014 1015config CRYPTO_SM3 1016 tristate "SM3 digest algorithm" 1017 select CRYPTO_HASH 1018 help 1019 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 1020 It is part of the Chinese Commercial Cryptography suite. 1021 1022 References: 1023 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 1024 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 1025 1026config CRYPTO_STREEBOG 1027 tristate "Streebog Hash Function" 1028 select CRYPTO_HASH 1029 help 1030 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian 1031 cryptographic standard algorithms (called GOST algorithms). 1032 This setting enables two hash algorithms with 256 and 512 bits output. 1033 1034 References: 1035 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 1036 https://tools.ietf.org/html/rfc6986 1037 1038config CRYPTO_TGR192 1039 tristate "Tiger digest algorithms" 1040 select CRYPTO_HASH 1041 help 1042 Tiger hash algorithm 192, 160 and 128-bit hashes 1043 1044 Tiger is a hash function optimized for 64-bit processors while 1045 still having decent performance on 32-bit processors. 1046 Tiger was developed by Ross Anderson and Eli Biham. 1047 1048 See also: 1049 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 1050 1051config CRYPTO_WP512 1052 tristate "Whirlpool digest algorithms" 1053 select CRYPTO_HASH 1054 help 1055 Whirlpool hash algorithm 512, 384 and 256-bit hashes 1056 1057 Whirlpool-512 is part of the NESSIE cryptographic primitives. 1058 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 1059 1060 See also: 1061 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 1062 1063config CRYPTO_GHASH_CLMUL_NI_INTEL 1064 tristate "GHASH hash function (CLMUL-NI accelerated)" 1065 depends on X86 && 64BIT 1066 select CRYPTO_CRYPTD 1067 help 1068 This is the x86_64 CLMUL-NI accelerated implementation of 1069 GHASH, the hash function used in GCM (Galois/Counter mode). 1070 1071comment "Ciphers" 1072 1073config CRYPTO_AES 1074 tristate "AES cipher algorithms" 1075 select CRYPTO_ALGAPI 1076 select CRYPTO_LIB_AES 1077 help 1078 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1079 algorithm. 1080 1081 Rijndael appears to be consistently a very good performer in 1082 both hardware and software across a wide range of computing 1083 environments regardless of its use in feedback or non-feedback 1084 modes. Its key setup time is excellent, and its key agility is 1085 good. Rijndael's very low memory requirements make it very well 1086 suited for restricted-space environments, in which it also 1087 demonstrates excellent performance. Rijndael's operations are 1088 among the easiest to defend against power and timing attacks. 1089 1090 The AES specifies three key sizes: 128, 192 and 256 bits 1091 1092 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 1093 1094config CRYPTO_AES_TI 1095 tristate "Fixed time AES cipher" 1096 select CRYPTO_ALGAPI 1097 select CRYPTO_LIB_AES 1098 help 1099 This is a generic implementation of AES that attempts to eliminate 1100 data dependent latencies as much as possible without affecting 1101 performance too much. It is intended for use by the generic CCM 1102 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 1103 solely on encryption (although decryption is supported as well, but 1104 with a more dramatic performance hit) 1105 1106 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 1107 8 for decryption), this implementation only uses just two S-boxes of 1108 256 bytes each, and attempts to eliminate data dependent latencies by 1109 prefetching the entire table into the cache at the start of each 1110 block. Interrupts are also disabled to avoid races where cachelines 1111 are evicted when the CPU is interrupted to do something else. 1112 1113config CRYPTO_AES_NI_INTEL 1114 tristate "AES cipher algorithms (AES-NI)" 1115 depends on X86 1116 select CRYPTO_AEAD 1117 select CRYPTO_LIB_AES 1118 select CRYPTO_ALGAPI 1119 select CRYPTO_SKCIPHER 1120 select CRYPTO_GLUE_HELPER_X86 if 64BIT 1121 select CRYPTO_SIMD 1122 help 1123 Use Intel AES-NI instructions for AES algorithm. 1124 1125 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1126 algorithm. 1127 1128 Rijndael appears to be consistently a very good performer in 1129 both hardware and software across a wide range of computing 1130 environments regardless of its use in feedback or non-feedback 1131 modes. Its key setup time is excellent, and its key agility is 1132 good. Rijndael's very low memory requirements make it very well 1133 suited for restricted-space environments, in which it also 1134 demonstrates excellent performance. Rijndael's operations are 1135 among the easiest to defend against power and timing attacks. 1136 1137 The AES specifies three key sizes: 128, 192 and 256 bits 1138 1139 See <http://csrc.nist.gov/encryption/aes/> for more information. 1140 1141 In addition to AES cipher algorithm support, the acceleration 1142 for some popular block cipher mode is supported too, including 1143 ECB, CBC, LRW, XTS. The 64 bit version has additional 1144 acceleration for CTR. 1145 1146config CRYPTO_AES_SPARC64 1147 tristate "AES cipher algorithms (SPARC64)" 1148 depends on SPARC64 1149 select CRYPTO_SKCIPHER 1150 help 1151 Use SPARC64 crypto opcodes for AES algorithm. 1152 1153 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1154 algorithm. 1155 1156 Rijndael appears to be consistently a very good performer in 1157 both hardware and software across a wide range of computing 1158 environments regardless of its use in feedback or non-feedback 1159 modes. Its key setup time is excellent, and its key agility is 1160 good. Rijndael's very low memory requirements make it very well 1161 suited for restricted-space environments, in which it also 1162 demonstrates excellent performance. Rijndael's operations are 1163 among the easiest to defend against power and timing attacks. 1164 1165 The AES specifies three key sizes: 128, 192 and 256 bits 1166 1167 See <http://csrc.nist.gov/encryption/aes/> for more information. 1168 1169 In addition to AES cipher algorithm support, the acceleration 1170 for some popular block cipher mode is supported too, including 1171 ECB and CBC. 1172 1173config CRYPTO_AES_PPC_SPE 1174 tristate "AES cipher algorithms (PPC SPE)" 1175 depends on PPC && SPE 1176 select CRYPTO_SKCIPHER 1177 help 1178 AES cipher algorithms (FIPS-197). Additionally the acceleration 1179 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1180 This module should only be used for low power (router) devices 1181 without hardware AES acceleration (e.g. caam crypto). It reduces the 1182 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1183 timining attacks. Nevertheless it might be not as secure as other 1184 architecture specific assembler implementations that work on 1KB 1185 tables or 256 bytes S-boxes. 1186 1187config CRYPTO_ANUBIS 1188 tristate "Anubis cipher algorithm" 1189 select CRYPTO_ALGAPI 1190 help 1191 Anubis cipher algorithm. 1192 1193 Anubis is a variable key length cipher which can use keys from 1194 128 bits to 320 bits in length. It was evaluated as a entrant 1195 in the NESSIE competition. 1196 1197 See also: 1198 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 1199 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 1200 1201config CRYPTO_ARC4 1202 tristate "ARC4 cipher algorithm" 1203 select CRYPTO_SKCIPHER 1204 select CRYPTO_LIB_ARC4 1205 help 1206 ARC4 cipher algorithm. 1207 1208 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1209 bits in length. This algorithm is required for driver-based 1210 WEP, but it should not be for other purposes because of the 1211 weakness of the algorithm. 1212 1213config CRYPTO_BLOWFISH 1214 tristate "Blowfish cipher algorithm" 1215 select CRYPTO_ALGAPI 1216 select CRYPTO_BLOWFISH_COMMON 1217 help 1218 Blowfish cipher algorithm, by Bruce Schneier. 1219 1220 This is a variable key length cipher which can use keys from 32 1221 bits to 448 bits in length. It's fast, simple and specifically 1222 designed for use on "large microprocessors". 1223 1224 See also: 1225 <http://www.schneier.com/blowfish.html> 1226 1227config CRYPTO_BLOWFISH_COMMON 1228 tristate 1229 help 1230 Common parts of the Blowfish cipher algorithm shared by the 1231 generic c and the assembler implementations. 1232 1233 See also: 1234 <http://www.schneier.com/blowfish.html> 1235 1236config CRYPTO_BLOWFISH_X86_64 1237 tristate "Blowfish cipher algorithm (x86_64)" 1238 depends on X86 && 64BIT 1239 select CRYPTO_SKCIPHER 1240 select CRYPTO_BLOWFISH_COMMON 1241 help 1242 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 1243 1244 This is a variable key length cipher which can use keys from 32 1245 bits to 448 bits in length. It's fast, simple and specifically 1246 designed for use on "large microprocessors". 1247 1248 See also: 1249 <http://www.schneier.com/blowfish.html> 1250 1251config CRYPTO_CAMELLIA 1252 tristate "Camellia cipher algorithms" 1253 depends on CRYPTO 1254 select CRYPTO_ALGAPI 1255 help 1256 Camellia cipher algorithms module. 1257 1258 Camellia is a symmetric key block cipher developed jointly 1259 at NTT and Mitsubishi Electric Corporation. 1260 1261 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1262 1263 See also: 1264 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1265 1266config CRYPTO_CAMELLIA_X86_64 1267 tristate "Camellia cipher algorithm (x86_64)" 1268 depends on X86 && 64BIT 1269 depends on CRYPTO 1270 select CRYPTO_SKCIPHER 1271 select CRYPTO_GLUE_HELPER_X86 1272 help 1273 Camellia cipher algorithm module (x86_64). 1274 1275 Camellia is a symmetric key block cipher developed jointly 1276 at NTT and Mitsubishi Electric Corporation. 1277 1278 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1279 1280 See also: 1281 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1282 1283config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1284 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1285 depends on X86 && 64BIT 1286 depends on CRYPTO 1287 select CRYPTO_SKCIPHER 1288 select CRYPTO_CAMELLIA_X86_64 1289 select CRYPTO_GLUE_HELPER_X86 1290 select CRYPTO_SIMD 1291 select CRYPTO_XTS 1292 help 1293 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1294 1295 Camellia is a symmetric key block cipher developed jointly 1296 at NTT and Mitsubishi Electric Corporation. 1297 1298 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1299 1300 See also: 1301 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1302 1303config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1304 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1305 depends on X86 && 64BIT 1306 depends on CRYPTO 1307 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1308 help 1309 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1310 1311 Camellia is a symmetric key block cipher developed jointly 1312 at NTT and Mitsubishi Electric Corporation. 1313 1314 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1315 1316 See also: 1317 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1318 1319config CRYPTO_CAMELLIA_SPARC64 1320 tristate "Camellia cipher algorithm (SPARC64)" 1321 depends on SPARC64 1322 depends on CRYPTO 1323 select CRYPTO_ALGAPI 1324 select CRYPTO_SKCIPHER 1325 help 1326 Camellia cipher algorithm module (SPARC64). 1327 1328 Camellia is a symmetric key block cipher developed jointly 1329 at NTT and Mitsubishi Electric Corporation. 1330 1331 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1332 1333 See also: 1334 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1335 1336config CRYPTO_CAST_COMMON 1337 tristate 1338 help 1339 Common parts of the CAST cipher algorithms shared by the 1340 generic c and the assembler implementations. 1341 1342config CRYPTO_CAST5 1343 tristate "CAST5 (CAST-128) cipher algorithm" 1344 select CRYPTO_ALGAPI 1345 select CRYPTO_CAST_COMMON 1346 help 1347 The CAST5 encryption algorithm (synonymous with CAST-128) is 1348 described in RFC2144. 1349 1350config CRYPTO_CAST5_AVX_X86_64 1351 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1352 depends on X86 && 64BIT 1353 select CRYPTO_SKCIPHER 1354 select CRYPTO_CAST5 1355 select CRYPTO_CAST_COMMON 1356 select CRYPTO_SIMD 1357 help 1358 The CAST5 encryption algorithm (synonymous with CAST-128) is 1359 described in RFC2144. 1360 1361 This module provides the Cast5 cipher algorithm that processes 1362 sixteen blocks parallel using the AVX instruction set. 1363 1364config CRYPTO_CAST6 1365 tristate "CAST6 (CAST-256) cipher algorithm" 1366 select CRYPTO_ALGAPI 1367 select CRYPTO_CAST_COMMON 1368 help 1369 The CAST6 encryption algorithm (synonymous with CAST-256) is 1370 described in RFC2612. 1371 1372config CRYPTO_CAST6_AVX_X86_64 1373 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1374 depends on X86 && 64BIT 1375 select CRYPTO_SKCIPHER 1376 select CRYPTO_CAST6 1377 select CRYPTO_CAST_COMMON 1378 select CRYPTO_GLUE_HELPER_X86 1379 select CRYPTO_SIMD 1380 select CRYPTO_XTS 1381 help 1382 The CAST6 encryption algorithm (synonymous with CAST-256) is 1383 described in RFC2612. 1384 1385 This module provides the Cast6 cipher algorithm that processes 1386 eight blocks parallel using the AVX instruction set. 1387 1388config CRYPTO_DES 1389 tristate "DES and Triple DES EDE cipher algorithms" 1390 select CRYPTO_ALGAPI 1391 select CRYPTO_LIB_DES 1392 help 1393 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1394 1395config CRYPTO_DES_SPARC64 1396 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1397 depends on SPARC64 1398 select CRYPTO_ALGAPI 1399 select CRYPTO_LIB_DES 1400 select CRYPTO_SKCIPHER 1401 help 1402 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1403 optimized using SPARC64 crypto opcodes. 1404 1405config CRYPTO_DES3_EDE_X86_64 1406 tristate "Triple DES EDE cipher algorithm (x86-64)" 1407 depends on X86 && 64BIT 1408 select CRYPTO_SKCIPHER 1409 select CRYPTO_LIB_DES 1410 help 1411 Triple DES EDE (FIPS 46-3) algorithm. 1412 1413 This module provides implementation of the Triple DES EDE cipher 1414 algorithm that is optimized for x86-64 processors. Two versions of 1415 algorithm are provided; regular processing one input block and 1416 one that processes three blocks parallel. 1417 1418config CRYPTO_FCRYPT 1419 tristate "FCrypt cipher algorithm" 1420 select CRYPTO_ALGAPI 1421 select CRYPTO_SKCIPHER 1422 help 1423 FCrypt algorithm used by RxRPC. 1424 1425config CRYPTO_KHAZAD 1426 tristate "Khazad cipher algorithm" 1427 select CRYPTO_ALGAPI 1428 help 1429 Khazad cipher algorithm. 1430 1431 Khazad was a finalist in the initial NESSIE competition. It is 1432 an algorithm optimized for 64-bit processors with good performance 1433 on 32-bit processors. Khazad uses an 128 bit key size. 1434 1435 See also: 1436 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1437 1438config CRYPTO_SALSA20 1439 tristate "Salsa20 stream cipher algorithm" 1440 select CRYPTO_SKCIPHER 1441 help 1442 Salsa20 stream cipher algorithm. 1443 1444 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1445 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1446 1447 The Salsa20 stream cipher algorithm is designed by Daniel J. 1448 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1449 1450config CRYPTO_CHACHA20 1451 tristate "ChaCha stream cipher algorithms" 1452 select CRYPTO_LIB_CHACHA_GENERIC 1453 select CRYPTO_SKCIPHER 1454 help 1455 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms. 1456 1457 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1458 Bernstein and further specified in RFC7539 for use in IETF protocols. 1459 This is the portable C implementation of ChaCha20. See also: 1460 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1461 1462 XChaCha20 is the application of the XSalsa20 construction to ChaCha20 1463 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 1464 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 1465 while provably retaining ChaCha20's security. See also: 1466 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf> 1467 1468 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 1469 reduced security margin but increased performance. It can be needed 1470 in some performance-sensitive scenarios. 1471 1472config CRYPTO_CHACHA20_X86_64 1473 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)" 1474 depends on X86 && 64BIT 1475 select CRYPTO_SKCIPHER 1476 select CRYPTO_LIB_CHACHA_GENERIC 1477 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1478 help 1479 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20, 1480 XChaCha20, and XChaCha12 stream ciphers. 1481 1482config CRYPTO_CHACHA_MIPS 1483 tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)" 1484 depends on CPU_MIPS32_R2 1485 select CRYPTO_SKCIPHER 1486 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1487 1488config CRYPTO_SEED 1489 tristate "SEED cipher algorithm" 1490 select CRYPTO_ALGAPI 1491 help 1492 SEED cipher algorithm (RFC4269). 1493 1494 SEED is a 128-bit symmetric key block cipher that has been 1495 developed by KISA (Korea Information Security Agency) as a 1496 national standard encryption algorithm of the Republic of Korea. 1497 It is a 16 round block cipher with the key size of 128 bit. 1498 1499 See also: 1500 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1501 1502config CRYPTO_SERPENT 1503 tristate "Serpent cipher algorithm" 1504 select CRYPTO_ALGAPI 1505 help 1506 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1507 1508 Keys are allowed to be from 0 to 256 bits in length, in steps 1509 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 1510 variant of Serpent for compatibility with old kerneli.org code. 1511 1512 See also: 1513 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1514 1515config CRYPTO_SERPENT_SSE2_X86_64 1516 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1517 depends on X86 && 64BIT 1518 select CRYPTO_SKCIPHER 1519 select CRYPTO_GLUE_HELPER_X86 1520 select CRYPTO_SERPENT 1521 select CRYPTO_SIMD 1522 help 1523 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1524 1525 Keys are allowed to be from 0 to 256 bits in length, in steps 1526 of 8 bits. 1527 1528 This module provides Serpent cipher algorithm that processes eight 1529 blocks parallel using SSE2 instruction set. 1530 1531 See also: 1532 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1533 1534config CRYPTO_SERPENT_SSE2_586 1535 tristate "Serpent cipher algorithm (i586/SSE2)" 1536 depends on X86 && !64BIT 1537 select CRYPTO_SKCIPHER 1538 select CRYPTO_GLUE_HELPER_X86 1539 select CRYPTO_SERPENT 1540 select CRYPTO_SIMD 1541 help 1542 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1543 1544 Keys are allowed to be from 0 to 256 bits in length, in steps 1545 of 8 bits. 1546 1547 This module provides Serpent cipher algorithm that processes four 1548 blocks parallel using SSE2 instruction set. 1549 1550 See also: 1551 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1552 1553config CRYPTO_SERPENT_AVX_X86_64 1554 tristate "Serpent cipher algorithm (x86_64/AVX)" 1555 depends on X86 && 64BIT 1556 select CRYPTO_SKCIPHER 1557 select CRYPTO_GLUE_HELPER_X86 1558 select CRYPTO_SERPENT 1559 select CRYPTO_SIMD 1560 select CRYPTO_XTS 1561 help 1562 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1563 1564 Keys are allowed to be from 0 to 256 bits in length, in steps 1565 of 8 bits. 1566 1567 This module provides the Serpent cipher algorithm that processes 1568 eight blocks parallel using the AVX instruction set. 1569 1570 See also: 1571 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1572 1573config CRYPTO_SERPENT_AVX2_X86_64 1574 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1575 depends on X86 && 64BIT 1576 select CRYPTO_SERPENT_AVX_X86_64 1577 help 1578 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1579 1580 Keys are allowed to be from 0 to 256 bits in length, in steps 1581 of 8 bits. 1582 1583 This module provides Serpent cipher algorithm that processes 16 1584 blocks parallel using AVX2 instruction set. 1585 1586 See also: 1587 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1588 1589config CRYPTO_SM4 1590 tristate "SM4 cipher algorithm" 1591 select CRYPTO_ALGAPI 1592 help 1593 SM4 cipher algorithms (OSCCA GB/T 32907-2016). 1594 1595 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1596 Organization of State Commercial Administration of China (OSCCA) 1597 as an authorized cryptographic algorithms for the use within China. 1598 1599 SMS4 was originally created for use in protecting wireless 1600 networks, and is mandated in the Chinese National Standard for 1601 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 1602 (GB.15629.11-2003). 1603 1604 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 1605 standardized through TC 260 of the Standardization Administration 1606 of the People's Republic of China (SAC). 1607 1608 The input, output, and key of SMS4 are each 128 bits. 1609 1610 See also: <https://eprint.iacr.org/2008/329.pdf> 1611 1612 If unsure, say N. 1613 1614config CRYPTO_TEA 1615 tristate "TEA, XTEA and XETA cipher algorithms" 1616 select CRYPTO_ALGAPI 1617 help 1618 TEA cipher algorithm. 1619 1620 Tiny Encryption Algorithm is a simple cipher that uses 1621 many rounds for security. It is very fast and uses 1622 little memory. 1623 1624 Xtendend Tiny Encryption Algorithm is a modification to 1625 the TEA algorithm to address a potential key weakness 1626 in the TEA algorithm. 1627 1628 Xtendend Encryption Tiny Algorithm is a mis-implementation 1629 of the XTEA algorithm for compatibility purposes. 1630 1631config CRYPTO_TWOFISH 1632 tristate "Twofish cipher algorithm" 1633 select CRYPTO_ALGAPI 1634 select CRYPTO_TWOFISH_COMMON 1635 help 1636 Twofish cipher algorithm. 1637 1638 Twofish was submitted as an AES (Advanced Encryption Standard) 1639 candidate cipher by researchers at CounterPane Systems. It is a 1640 16 round block cipher supporting key sizes of 128, 192, and 256 1641 bits. 1642 1643 See also: 1644 <http://www.schneier.com/twofish.html> 1645 1646config CRYPTO_TWOFISH_COMMON 1647 tristate 1648 help 1649 Common parts of the Twofish cipher algorithm shared by the 1650 generic c and the assembler implementations. 1651 1652config CRYPTO_TWOFISH_586 1653 tristate "Twofish cipher algorithms (i586)" 1654 depends on (X86 || UML_X86) && !64BIT 1655 select CRYPTO_ALGAPI 1656 select CRYPTO_TWOFISH_COMMON 1657 help 1658 Twofish cipher algorithm. 1659 1660 Twofish was submitted as an AES (Advanced Encryption Standard) 1661 candidate cipher by researchers at CounterPane Systems. It is a 1662 16 round block cipher supporting key sizes of 128, 192, and 256 1663 bits. 1664 1665 See also: 1666 <http://www.schneier.com/twofish.html> 1667 1668config CRYPTO_TWOFISH_X86_64 1669 tristate "Twofish cipher algorithm (x86_64)" 1670 depends on (X86 || UML_X86) && 64BIT 1671 select CRYPTO_ALGAPI 1672 select CRYPTO_TWOFISH_COMMON 1673 help 1674 Twofish cipher algorithm (x86_64). 1675 1676 Twofish was submitted as an AES (Advanced Encryption Standard) 1677 candidate cipher by researchers at CounterPane Systems. It is a 1678 16 round block cipher supporting key sizes of 128, 192, and 256 1679 bits. 1680 1681 See also: 1682 <http://www.schneier.com/twofish.html> 1683 1684config CRYPTO_TWOFISH_X86_64_3WAY 1685 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1686 depends on X86 && 64BIT 1687 select CRYPTO_SKCIPHER 1688 select CRYPTO_TWOFISH_COMMON 1689 select CRYPTO_TWOFISH_X86_64 1690 select CRYPTO_GLUE_HELPER_X86 1691 help 1692 Twofish cipher algorithm (x86_64, 3-way parallel). 1693 1694 Twofish was submitted as an AES (Advanced Encryption Standard) 1695 candidate cipher by researchers at CounterPane Systems. It is a 1696 16 round block cipher supporting key sizes of 128, 192, and 256 1697 bits. 1698 1699 This module provides Twofish cipher algorithm that processes three 1700 blocks parallel, utilizing resources of out-of-order CPUs better. 1701 1702 See also: 1703 <http://www.schneier.com/twofish.html> 1704 1705config CRYPTO_TWOFISH_AVX_X86_64 1706 tristate "Twofish cipher algorithm (x86_64/AVX)" 1707 depends on X86 && 64BIT 1708 select CRYPTO_SKCIPHER 1709 select CRYPTO_GLUE_HELPER_X86 1710 select CRYPTO_SIMD 1711 select CRYPTO_TWOFISH_COMMON 1712 select CRYPTO_TWOFISH_X86_64 1713 select CRYPTO_TWOFISH_X86_64_3WAY 1714 help 1715 Twofish cipher algorithm (x86_64/AVX). 1716 1717 Twofish was submitted as an AES (Advanced Encryption Standard) 1718 candidate cipher by researchers at CounterPane Systems. It is a 1719 16 round block cipher supporting key sizes of 128, 192, and 256 1720 bits. 1721 1722 This module provides the Twofish cipher algorithm that processes 1723 eight blocks parallel using the AVX Instruction Set. 1724 1725 See also: 1726 <http://www.schneier.com/twofish.html> 1727 1728comment "Compression" 1729 1730config CRYPTO_DEFLATE 1731 tristate "Deflate compression algorithm" 1732 select CRYPTO_ALGAPI 1733 select CRYPTO_ACOMP2 1734 select ZLIB_INFLATE 1735 select ZLIB_DEFLATE 1736 help 1737 This is the Deflate algorithm (RFC1951), specified for use in 1738 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1739 1740 You will most probably want this if using IPSec. 1741 1742config CRYPTO_LZO 1743 tristate "LZO compression algorithm" 1744 select CRYPTO_ALGAPI 1745 select CRYPTO_ACOMP2 1746 select LZO_COMPRESS 1747 select LZO_DECOMPRESS 1748 help 1749 This is the LZO algorithm. 1750 1751config CRYPTO_842 1752 tristate "842 compression algorithm" 1753 select CRYPTO_ALGAPI 1754 select CRYPTO_ACOMP2 1755 select 842_COMPRESS 1756 select 842_DECOMPRESS 1757 help 1758 This is the 842 algorithm. 1759 1760config CRYPTO_LZ4 1761 tristate "LZ4 compression algorithm" 1762 select CRYPTO_ALGAPI 1763 select CRYPTO_ACOMP2 1764 select LZ4_COMPRESS 1765 select LZ4_DECOMPRESS 1766 help 1767 This is the LZ4 algorithm. 1768 1769config CRYPTO_LZ4HC 1770 tristate "LZ4HC compression algorithm" 1771 select CRYPTO_ALGAPI 1772 select CRYPTO_ACOMP2 1773 select LZ4HC_COMPRESS 1774 select LZ4_DECOMPRESS 1775 help 1776 This is the LZ4 high compression mode algorithm. 1777 1778config CRYPTO_ZSTD 1779 tristate "Zstd compression algorithm" 1780 select CRYPTO_ALGAPI 1781 select CRYPTO_ACOMP2 1782 select ZSTD_COMPRESS 1783 select ZSTD_DECOMPRESS 1784 help 1785 This is the zstd algorithm. 1786 1787comment "Random Number Generation" 1788 1789config CRYPTO_ANSI_CPRNG 1790 tristate "Pseudo Random Number Generation for Cryptographic modules" 1791 select CRYPTO_AES 1792 select CRYPTO_RNG 1793 help 1794 This option enables the generic pseudo random number generator 1795 for cryptographic modules. Uses the Algorithm specified in 1796 ANSI X9.31 A.2.4. Note that this option must be enabled if 1797 CRYPTO_FIPS is selected 1798 1799menuconfig CRYPTO_DRBG_MENU 1800 tristate "NIST SP800-90A DRBG" 1801 help 1802 NIST SP800-90A compliant DRBG. In the following submenu, one or 1803 more of the DRBG types must be selected. 1804 1805if CRYPTO_DRBG_MENU 1806 1807config CRYPTO_DRBG_HMAC 1808 bool 1809 default y 1810 select CRYPTO_HMAC 1811 select CRYPTO_SHA256 1812 1813config CRYPTO_DRBG_HASH 1814 bool "Enable Hash DRBG" 1815 select CRYPTO_SHA256 1816 help 1817 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1818 1819config CRYPTO_DRBG_CTR 1820 bool "Enable CTR DRBG" 1821 select CRYPTO_AES 1822 select CRYPTO_CTR 1823 help 1824 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1825 1826config CRYPTO_DRBG 1827 tristate 1828 default CRYPTO_DRBG_MENU 1829 select CRYPTO_RNG 1830 select CRYPTO_JITTERENTROPY 1831 1832endif # if CRYPTO_DRBG_MENU 1833 1834config CRYPTO_JITTERENTROPY 1835 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1836 select CRYPTO_RNG 1837 help 1838 The Jitterentropy RNG is a noise that is intended 1839 to provide seed to another RNG. The RNG does not 1840 perform any cryptographic whitening of the generated 1841 random numbers. This Jitterentropy RNG registers with 1842 the kernel crypto API and can be used by any caller. 1843 1844config CRYPTO_USER_API 1845 tristate 1846 1847config CRYPTO_USER_API_HASH 1848 tristate "User-space interface for hash algorithms" 1849 depends on NET 1850 select CRYPTO_HASH 1851 select CRYPTO_USER_API 1852 help 1853 This option enables the user-spaces interface for hash 1854 algorithms. 1855 1856config CRYPTO_USER_API_SKCIPHER 1857 tristate "User-space interface for symmetric key cipher algorithms" 1858 depends on NET 1859 select CRYPTO_SKCIPHER 1860 select CRYPTO_USER_API 1861 help 1862 This option enables the user-spaces interface for symmetric 1863 key cipher algorithms. 1864 1865config CRYPTO_USER_API_RNG 1866 tristate "User-space interface for random number generator algorithms" 1867 depends on NET 1868 select CRYPTO_RNG 1869 select CRYPTO_USER_API 1870 help 1871 This option enables the user-spaces interface for random 1872 number generator algorithms. 1873 1874config CRYPTO_USER_API_AEAD 1875 tristate "User-space interface for AEAD cipher algorithms" 1876 depends on NET 1877 select CRYPTO_AEAD 1878 select CRYPTO_SKCIPHER 1879 select CRYPTO_NULL 1880 select CRYPTO_USER_API 1881 help 1882 This option enables the user-spaces interface for AEAD 1883 cipher algorithms. 1884 1885config CRYPTO_STATS 1886 bool "Crypto usage statistics for User-space" 1887 depends on CRYPTO_USER 1888 help 1889 This option enables the gathering of crypto stats. 1890 This will collect: 1891 - encrypt/decrypt size and numbers of symmeric operations 1892 - compress/decompress size and numbers of compress operations 1893 - size and numbers of hash operations 1894 - encrypt/decrypt/sign/verify numbers for asymmetric operations 1895 - generate/seed numbers for rng operations 1896 1897config CRYPTO_HASH_INFO 1898 bool 1899 1900source "lib/crypto/Kconfig" 1901source "drivers/crypto/Kconfig" 1902source "crypto/asymmetric_keys/Kconfig" 1903source "certs/Kconfig" 1904 1905endif # if CRYPTO 1906