1# SPDX-License-Identifier: GPL-2.0 2# 3# Generic algorithms support 4# 5config XOR_BLOCKS 6 tristate 7 8# 9# async_tx api: hardware offloaded memory transfer/transform support 10# 11source "crypto/async_tx/Kconfig" 12 13# 14# Cryptographic API Configuration 15# 16menuconfig CRYPTO 17 tristate "Cryptographic API" 18 help 19 This option provides the core Cryptographic API. 20 21if CRYPTO 22 23comment "Crypto core or helper" 24 25config CRYPTO_FIPS 26 bool "FIPS 200 compliance" 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 28 depends on (MODULE_SIG || !MODULES) 29 help 30 This option enables the fips boot option which is 31 required if you want the system to operate in a FIPS 200 32 certification. You should say no unless you know what 33 this is. 34 35config CRYPTO_ALGAPI 36 tristate 37 select CRYPTO_ALGAPI2 38 help 39 This option provides the API for cryptographic algorithms. 40 41config CRYPTO_ALGAPI2 42 tristate 43 44config CRYPTO_AEAD 45 tristate 46 select CRYPTO_AEAD2 47 select CRYPTO_ALGAPI 48 49config CRYPTO_AEAD2 50 tristate 51 select CRYPTO_ALGAPI2 52 select CRYPTO_NULL2 53 select CRYPTO_RNG2 54 55config CRYPTO_SKCIPHER 56 tristate 57 select CRYPTO_SKCIPHER2 58 select CRYPTO_ALGAPI 59 60config CRYPTO_SKCIPHER2 61 tristate 62 select CRYPTO_ALGAPI2 63 select CRYPTO_RNG2 64 65config CRYPTO_HASH 66 tristate 67 select CRYPTO_HASH2 68 select CRYPTO_ALGAPI 69 70config CRYPTO_HASH2 71 tristate 72 select CRYPTO_ALGAPI2 73 74config CRYPTO_RNG 75 tristate 76 select CRYPTO_RNG2 77 select CRYPTO_ALGAPI 78 79config CRYPTO_RNG2 80 tristate 81 select CRYPTO_ALGAPI2 82 83config CRYPTO_RNG_DEFAULT 84 tristate 85 select CRYPTO_DRBG_MENU 86 87config CRYPTO_AKCIPHER2 88 tristate 89 select CRYPTO_ALGAPI2 90 91config CRYPTO_AKCIPHER 92 tristate 93 select CRYPTO_AKCIPHER2 94 select CRYPTO_ALGAPI 95 96config CRYPTO_KPP2 97 tristate 98 select CRYPTO_ALGAPI2 99 100config CRYPTO_KPP 101 tristate 102 select CRYPTO_ALGAPI 103 select CRYPTO_KPP2 104 105config CRYPTO_ACOMP2 106 tristate 107 select CRYPTO_ALGAPI2 108 select SGL_ALLOC 109 110config CRYPTO_ACOMP 111 tristate 112 select CRYPTO_ALGAPI 113 select CRYPTO_ACOMP2 114 115config CRYPTO_MANAGER 116 tristate "Cryptographic algorithm manager" 117 select CRYPTO_MANAGER2 118 help 119 Create default cryptographic template instantiations such as 120 cbc(aes). 121 122config CRYPTO_MANAGER2 123 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 124 select CRYPTO_AEAD2 125 select CRYPTO_HASH2 126 select CRYPTO_SKCIPHER2 127 select CRYPTO_AKCIPHER2 128 select CRYPTO_KPP2 129 select CRYPTO_ACOMP2 130 131config CRYPTO_USER 132 tristate "Userspace cryptographic algorithm configuration" 133 depends on NET 134 select CRYPTO_MANAGER 135 help 136 Userspace configuration for cryptographic instantiations such as 137 cbc(aes). 138 139config CRYPTO_MANAGER_DISABLE_TESTS 140 bool "Disable run-time self tests" 141 default y 142 help 143 Disable run-time self tests that normally take place at 144 algorithm registration. 145 146config CRYPTO_MANAGER_EXTRA_TESTS 147 bool "Enable extra run-time crypto self tests" 148 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER 149 help 150 Enable extra run-time self tests of registered crypto algorithms, 151 including randomized fuzz tests. 152 153 This is intended for developer use only, as these tests take much 154 longer to run than the normal self tests. 155 156config CRYPTO_GF128MUL 157 tristate 158 159config CRYPTO_NULL 160 tristate "Null algorithms" 161 select CRYPTO_NULL2 162 help 163 These are 'Null' algorithms, used by IPsec, which do nothing. 164 165config CRYPTO_NULL2 166 tristate 167 select CRYPTO_ALGAPI2 168 select CRYPTO_SKCIPHER2 169 select CRYPTO_HASH2 170 171config CRYPTO_PCRYPT 172 tristate "Parallel crypto engine" 173 depends on SMP 174 select PADATA 175 select CRYPTO_MANAGER 176 select CRYPTO_AEAD 177 help 178 This converts an arbitrary crypto algorithm into a parallel 179 algorithm that executes in kernel threads. 180 181config CRYPTO_CRYPTD 182 tristate "Software async crypto daemon" 183 select CRYPTO_SKCIPHER 184 select CRYPTO_HASH 185 select CRYPTO_MANAGER 186 help 187 This is a generic software asynchronous crypto daemon that 188 converts an arbitrary synchronous software crypto algorithm 189 into an asynchronous algorithm that executes in a kernel thread. 190 191config CRYPTO_AUTHENC 192 tristate "Authenc support" 193 select CRYPTO_AEAD 194 select CRYPTO_SKCIPHER 195 select CRYPTO_MANAGER 196 select CRYPTO_HASH 197 select CRYPTO_NULL 198 help 199 Authenc: Combined mode wrapper for IPsec. 200 This is required for IPSec. 201 202config CRYPTO_TEST 203 tristate "Testing module" 204 depends on m || EXPERT 205 select CRYPTO_MANAGER 206 help 207 Quick & dirty crypto test module. 208 209config CRYPTO_SIMD 210 tristate 211 select CRYPTO_CRYPTD 212 213config CRYPTO_ENGINE 214 tristate 215 216comment "Public-key cryptography" 217 218config CRYPTO_RSA 219 tristate "RSA algorithm" 220 select CRYPTO_AKCIPHER 221 select CRYPTO_MANAGER 222 select MPILIB 223 select ASN1 224 help 225 Generic implementation of the RSA public key algorithm. 226 227config CRYPTO_DH 228 tristate "Diffie-Hellman algorithm" 229 select CRYPTO_KPP 230 select MPILIB 231 help 232 Generic implementation of the Diffie-Hellman algorithm. 233 234config CRYPTO_ECC 235 tristate 236 237config CRYPTO_ECDH 238 tristate "ECDH algorithm" 239 select CRYPTO_ECC 240 select CRYPTO_KPP 241 select CRYPTO_RNG_DEFAULT 242 help 243 Generic implementation of the ECDH algorithm 244 245config CRYPTO_ECRDSA 246 tristate "EC-RDSA (GOST 34.10) algorithm" 247 select CRYPTO_ECC 248 select CRYPTO_AKCIPHER 249 select CRYPTO_STREEBOG 250 select OID_REGISTRY 251 select ASN1 252 help 253 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 254 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic 255 standard algorithms (called GOST algorithms). Only signature verification 256 is implemented. 257 258config CRYPTO_SM2 259 tristate "SM2 algorithm" 260 select CRYPTO_SM3 261 select CRYPTO_AKCIPHER 262 select CRYPTO_MANAGER 263 select MPILIB 264 select ASN1 265 help 266 Generic implementation of the SM2 public key algorithm. It was 267 published by State Encryption Management Bureau, China. 268 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012. 269 270 References: 271 https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 272 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml 273 http://www.gmbz.org.cn/main/bzlb.html 274 275config CRYPTO_CURVE25519 276 tristate "Curve25519 algorithm" 277 select CRYPTO_KPP 278 select CRYPTO_LIB_CURVE25519_GENERIC 279 280config CRYPTO_CURVE25519_X86 281 tristate "x86_64 accelerated Curve25519 scalar multiplication library" 282 depends on X86 && 64BIT 283 select CRYPTO_LIB_CURVE25519_GENERIC 284 select CRYPTO_ARCH_HAVE_LIB_CURVE25519 285 286comment "Authenticated Encryption with Associated Data" 287 288config CRYPTO_CCM 289 tristate "CCM support" 290 select CRYPTO_CTR 291 select CRYPTO_HASH 292 select CRYPTO_AEAD 293 select CRYPTO_MANAGER 294 help 295 Support for Counter with CBC MAC. Required for IPsec. 296 297config CRYPTO_GCM 298 tristate "GCM/GMAC support" 299 select CRYPTO_CTR 300 select CRYPTO_AEAD 301 select CRYPTO_GHASH 302 select CRYPTO_NULL 303 select CRYPTO_MANAGER 304 help 305 Support for Galois/Counter Mode (GCM) and Galois Message 306 Authentication Code (GMAC). Required for IPSec. 307 308config CRYPTO_CHACHA20POLY1305 309 tristate "ChaCha20-Poly1305 AEAD support" 310 select CRYPTO_CHACHA20 311 select CRYPTO_POLY1305 312 select CRYPTO_AEAD 313 select CRYPTO_MANAGER 314 help 315 ChaCha20-Poly1305 AEAD support, RFC7539. 316 317 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 318 with the Poly1305 authenticator. It is defined in RFC7539 for use in 319 IETF protocols. 320 321config CRYPTO_AEGIS128 322 tristate "AEGIS-128 AEAD algorithm" 323 select CRYPTO_AEAD 324 select CRYPTO_AES # for AES S-box tables 325 help 326 Support for the AEGIS-128 dedicated AEAD algorithm. 327 328config CRYPTO_AEGIS128_SIMD 329 bool "Support SIMD acceleration for AEGIS-128" 330 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) 331 default y 332 333config CRYPTO_AEGIS128_AESNI_SSE2 334 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 335 depends on X86 && 64BIT 336 select CRYPTO_AEAD 337 select CRYPTO_SIMD 338 help 339 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm. 340 341config CRYPTO_SEQIV 342 tristate "Sequence Number IV Generator" 343 select CRYPTO_AEAD 344 select CRYPTO_SKCIPHER 345 select CRYPTO_NULL 346 select CRYPTO_RNG_DEFAULT 347 select CRYPTO_MANAGER 348 help 349 This IV generator generates an IV based on a sequence number by 350 xoring it with a salt. This algorithm is mainly useful for CTR 351 352config CRYPTO_ECHAINIV 353 tristate "Encrypted Chain IV Generator" 354 select CRYPTO_AEAD 355 select CRYPTO_NULL 356 select CRYPTO_RNG_DEFAULT 357 select CRYPTO_MANAGER 358 help 359 This IV generator generates an IV based on the encryption of 360 a sequence number xored with a salt. This is the default 361 algorithm for CBC. 362 363comment "Block modes" 364 365config CRYPTO_CBC 366 tristate "CBC support" 367 select CRYPTO_SKCIPHER 368 select CRYPTO_MANAGER 369 help 370 CBC: Cipher Block Chaining mode 371 This block cipher algorithm is required for IPSec. 372 373config CRYPTO_CFB 374 tristate "CFB support" 375 select CRYPTO_SKCIPHER 376 select CRYPTO_MANAGER 377 help 378 CFB: Cipher FeedBack mode 379 This block cipher algorithm is required for TPM2 Cryptography. 380 381config CRYPTO_CTR 382 tristate "CTR support" 383 select CRYPTO_SKCIPHER 384 select CRYPTO_MANAGER 385 help 386 CTR: Counter mode 387 This block cipher algorithm is required for IPSec. 388 389config CRYPTO_CTS 390 tristate "CTS support" 391 select CRYPTO_SKCIPHER 392 select CRYPTO_MANAGER 393 help 394 CTS: Cipher Text Stealing 395 This is the Cipher Text Stealing mode as described by 396 Section 8 of rfc2040 and referenced by rfc3962 397 (rfc3962 includes errata information in its Appendix A) or 398 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. 399 This mode is required for Kerberos gss mechanism support 400 for AES encryption. 401 402 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final 403 404config CRYPTO_ECB 405 tristate "ECB support" 406 select CRYPTO_SKCIPHER 407 select CRYPTO_MANAGER 408 help 409 ECB: Electronic CodeBook mode 410 This is the simplest block cipher algorithm. It simply encrypts 411 the input block by block. 412 413config CRYPTO_LRW 414 tristate "LRW support" 415 select CRYPTO_SKCIPHER 416 select CRYPTO_MANAGER 417 select CRYPTO_GF128MUL 418 help 419 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 420 narrow block cipher mode for dm-crypt. Use it with cipher 421 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 422 The first 128, 192 or 256 bits in the key are used for AES and the 423 rest is used to tie each cipher block to its logical position. 424 425config CRYPTO_OFB 426 tristate "OFB support" 427 select CRYPTO_SKCIPHER 428 select CRYPTO_MANAGER 429 help 430 OFB: the Output Feedback mode makes a block cipher into a synchronous 431 stream cipher. It generates keystream blocks, which are then XORed 432 with the plaintext blocks to get the ciphertext. Flipping a bit in the 433 ciphertext produces a flipped bit in the plaintext at the same 434 location. This property allows many error correcting codes to function 435 normally even when applied before encryption. 436 437config CRYPTO_PCBC 438 tristate "PCBC support" 439 select CRYPTO_SKCIPHER 440 select CRYPTO_MANAGER 441 help 442 PCBC: Propagating Cipher Block Chaining mode 443 This block cipher algorithm is required for RxRPC. 444 445config CRYPTO_XTS 446 tristate "XTS support" 447 select CRYPTO_SKCIPHER 448 select CRYPTO_MANAGER 449 select CRYPTO_ECB 450 help 451 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 452 key size 256, 384 or 512 bits. This implementation currently 453 can't handle a sectorsize which is not a multiple of 16 bytes. 454 455config CRYPTO_KEYWRAP 456 tristate "Key wrapping support" 457 select CRYPTO_SKCIPHER 458 select CRYPTO_MANAGER 459 help 460 Support for key wrapping (NIST SP800-38F / RFC3394) without 461 padding. 462 463config CRYPTO_NHPOLY1305 464 tristate 465 select CRYPTO_HASH 466 select CRYPTO_LIB_POLY1305_GENERIC 467 468config CRYPTO_NHPOLY1305_SSE2 469 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)" 470 depends on X86 && 64BIT 471 select CRYPTO_NHPOLY1305 472 help 473 SSE2 optimized implementation of the hash function used by the 474 Adiantum encryption mode. 475 476config CRYPTO_NHPOLY1305_AVX2 477 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)" 478 depends on X86 && 64BIT 479 select CRYPTO_NHPOLY1305 480 help 481 AVX2 optimized implementation of the hash function used by the 482 Adiantum encryption mode. 483 484config CRYPTO_ADIANTUM 485 tristate "Adiantum support" 486 select CRYPTO_CHACHA20 487 select CRYPTO_LIB_POLY1305_GENERIC 488 select CRYPTO_NHPOLY1305 489 select CRYPTO_MANAGER 490 help 491 Adiantum is a tweakable, length-preserving encryption mode 492 designed for fast and secure disk encryption, especially on 493 CPUs without dedicated crypto instructions. It encrypts 494 each sector using the XChaCha12 stream cipher, two passes of 495 an ε-almost-∆-universal hash function, and an invocation of 496 the AES-256 block cipher on a single 16-byte block. On CPUs 497 without AES instructions, Adiantum is much faster than 498 AES-XTS. 499 500 Adiantum's security is provably reducible to that of its 501 underlying stream and block ciphers, subject to a security 502 bound. Unlike XTS, Adiantum is a true wide-block encryption 503 mode, so it actually provides an even stronger notion of 504 security than XTS, subject to the security bound. 505 506 If unsure, say N. 507 508config CRYPTO_ESSIV 509 tristate "ESSIV support for block encryption" 510 select CRYPTO_AUTHENC 511 help 512 Encrypted salt-sector initialization vector (ESSIV) is an IV 513 generation method that is used in some cases by fscrypt and/or 514 dm-crypt. It uses the hash of the block encryption key as the 515 symmetric key for a block encryption pass applied to the input 516 IV, making low entropy IV sources more suitable for block 517 encryption. 518 519 This driver implements a crypto API template that can be 520 instantiated either as an skcipher or as an AEAD (depending on the 521 type of the first template argument), and which defers encryption 522 and decryption requests to the encapsulated cipher after applying 523 ESSIV to the input IV. Note that in the AEAD case, it is assumed 524 that the keys are presented in the same format used by the authenc 525 template, and that the IV appears at the end of the authenticated 526 associated data (AAD) region (which is how dm-crypt uses it.) 527 528 Note that the use of ESSIV is not recommended for new deployments, 529 and so this only needs to be enabled when interoperability with 530 existing encrypted volumes of filesystems is required, or when 531 building for a particular system that requires it (e.g., when 532 the SoC in question has accelerated CBC but not XTS, making CBC 533 combined with ESSIV the only feasible mode for h/w accelerated 534 block encryption) 535 536comment "Hash modes" 537 538config CRYPTO_CMAC 539 tristate "CMAC support" 540 select CRYPTO_HASH 541 select CRYPTO_MANAGER 542 help 543 Cipher-based Message Authentication Code (CMAC) specified by 544 The National Institute of Standards and Technology (NIST). 545 546 https://tools.ietf.org/html/rfc4493 547 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 548 549config CRYPTO_HMAC 550 tristate "HMAC support" 551 select CRYPTO_HASH 552 select CRYPTO_MANAGER 553 help 554 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 555 This is required for IPSec. 556 557config CRYPTO_XCBC 558 tristate "XCBC support" 559 select CRYPTO_HASH 560 select CRYPTO_MANAGER 561 help 562 XCBC: Keyed-Hashing with encryption algorithm 563 https://www.ietf.org/rfc/rfc3566.txt 564 http://csrc.nist.gov/encryption/modes/proposedmodes/ 565 xcbc-mac/xcbc-mac-spec.pdf 566 567config CRYPTO_VMAC 568 tristate "VMAC support" 569 select CRYPTO_HASH 570 select CRYPTO_MANAGER 571 help 572 VMAC is a message authentication algorithm designed for 573 very high speed on 64-bit architectures. 574 575 See also: 576 <https://fastcrypto.org/vmac> 577 578comment "Digest" 579 580config CRYPTO_CRC32C 581 tristate "CRC32c CRC algorithm" 582 select CRYPTO_HASH 583 select CRC32 584 help 585 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 586 by iSCSI for header and data digests and by others. 587 See Castagnoli93. Module will be crc32c. 588 589config CRYPTO_CRC32C_INTEL 590 tristate "CRC32c INTEL hardware acceleration" 591 depends on X86 592 select CRYPTO_HASH 593 help 594 In Intel processor with SSE4.2 supported, the processor will 595 support CRC32C implementation using hardware accelerated CRC32 596 instruction. This option will create 'crc32c-intel' module, 597 which will enable any routine to use the CRC32 instruction to 598 gain performance compared with software implementation. 599 Module will be crc32c-intel. 600 601config CRYPTO_CRC32C_VPMSUM 602 tristate "CRC32c CRC algorithm (powerpc64)" 603 depends on PPC64 && ALTIVEC 604 select CRYPTO_HASH 605 select CRC32 606 help 607 CRC32c algorithm implemented using vector polynomial multiply-sum 608 (vpmsum) instructions, introduced in POWER8. Enable on POWER8 609 and newer processors for improved performance. 610 611 612config CRYPTO_CRC32C_SPARC64 613 tristate "CRC32c CRC algorithm (SPARC64)" 614 depends on SPARC64 615 select CRYPTO_HASH 616 select CRC32 617 help 618 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 619 when available. 620 621config CRYPTO_CRC32 622 tristate "CRC32 CRC algorithm" 623 select CRYPTO_HASH 624 select CRC32 625 help 626 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 627 Shash crypto api wrappers to crc32_le function. 628 629config CRYPTO_CRC32_PCLMUL 630 tristate "CRC32 PCLMULQDQ hardware acceleration" 631 depends on X86 632 select CRYPTO_HASH 633 select CRC32 634 help 635 From Intel Westmere and AMD Bulldozer processor with SSE4.2 636 and PCLMULQDQ supported, the processor will support 637 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 638 instruction. This option will create 'crc32-pclmul' module, 639 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 640 and gain better performance as compared with the table implementation. 641 642config CRYPTO_CRC32_MIPS 643 tristate "CRC32c and CRC32 CRC algorithm (MIPS)" 644 depends on MIPS_CRC_SUPPORT 645 select CRYPTO_HASH 646 help 647 CRC32c and CRC32 CRC algorithms implemented using mips crypto 648 instructions, when available. 649 650 651config CRYPTO_XXHASH 652 tristate "xxHash hash algorithm" 653 select CRYPTO_HASH 654 select XXHASH 655 help 656 xxHash non-cryptographic hash algorithm. Extremely fast, working at 657 speeds close to RAM limits. 658 659config CRYPTO_BLAKE2B 660 tristate "BLAKE2b digest algorithm" 661 select CRYPTO_HASH 662 help 663 Implementation of cryptographic hash function BLAKE2b (or just BLAKE2), 664 optimized for 64bit platforms and can produce digests of any size 665 between 1 to 64. The keyed hash is also implemented. 666 667 This module provides the following algorithms: 668 669 - blake2b-160 670 - blake2b-256 671 - blake2b-384 672 - blake2b-512 673 674 See https://blake2.net for further information. 675 676config CRYPTO_BLAKE2S 677 tristate "BLAKE2s digest algorithm" 678 select CRYPTO_LIB_BLAKE2S_GENERIC 679 select CRYPTO_HASH 680 help 681 Implementation of cryptographic hash function BLAKE2s 682 optimized for 8-32bit platforms and can produce digests of any size 683 between 1 to 32. The keyed hash is also implemented. 684 685 This module provides the following algorithms: 686 687 - blake2s-128 688 - blake2s-160 689 - blake2s-224 690 - blake2s-256 691 692 See https://blake2.net for further information. 693 694config CRYPTO_BLAKE2S_X86 695 tristate "BLAKE2s digest algorithm (x86 accelerated version)" 696 depends on X86 && 64BIT 697 select CRYPTO_LIB_BLAKE2S_GENERIC 698 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S 699 700config CRYPTO_CRCT10DIF 701 tristate "CRCT10DIF algorithm" 702 select CRYPTO_HASH 703 help 704 CRC T10 Data Integrity Field computation is being cast as 705 a crypto transform. This allows for faster crc t10 diff 706 transforms to be used if they are available. 707 708config CRYPTO_CRCT10DIF_PCLMUL 709 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 710 depends on X86 && 64BIT && CRC_T10DIF 711 select CRYPTO_HASH 712 help 713 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 714 CRC T10 DIF PCLMULQDQ computation can be hardware 715 accelerated PCLMULQDQ instruction. This option will create 716 'crct10dif-pclmul' module, which is faster when computing the 717 crct10dif checksum as compared with the generic table implementation. 718 719config CRYPTO_CRCT10DIF_VPMSUM 720 tristate "CRC32T10DIF powerpc64 hardware acceleration" 721 depends on PPC64 && ALTIVEC && CRC_T10DIF 722 select CRYPTO_HASH 723 help 724 CRC10T10DIF algorithm implemented using vector polynomial 725 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 726 POWER8 and newer processors for improved performance. 727 728config CRYPTO_VPMSUM_TESTER 729 tristate "Powerpc64 vpmsum hardware acceleration tester" 730 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 731 help 732 Stress test for CRC32c and CRC-T10DIF algorithms implemented with 733 POWER8 vpmsum instructions. 734 Unless you are testing these algorithms, you don't need this. 735 736config CRYPTO_GHASH 737 tristate "GHASH hash function" 738 select CRYPTO_GF128MUL 739 select CRYPTO_HASH 740 help 741 GHASH is the hash function used in GCM (Galois/Counter Mode). 742 It is not a general-purpose cryptographic hash function. 743 744config CRYPTO_POLY1305 745 tristate "Poly1305 authenticator algorithm" 746 select CRYPTO_HASH 747 select CRYPTO_LIB_POLY1305_GENERIC 748 help 749 Poly1305 authenticator algorithm, RFC7539. 750 751 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 752 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 753 in IETF protocols. This is the portable C implementation of Poly1305. 754 755config CRYPTO_POLY1305_X86_64 756 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 757 depends on X86 && 64BIT 758 select CRYPTO_LIB_POLY1305_GENERIC 759 select CRYPTO_ARCH_HAVE_LIB_POLY1305 760 help 761 Poly1305 authenticator algorithm, RFC7539. 762 763 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 764 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 765 in IETF protocols. This is the x86_64 assembler implementation using SIMD 766 instructions. 767 768config CRYPTO_POLY1305_MIPS 769 tristate "Poly1305 authenticator algorithm (MIPS optimized)" 770 depends on CPU_MIPS32 || (CPU_MIPS64 && 64BIT) 771 select CRYPTO_ARCH_HAVE_LIB_POLY1305 772 773config CRYPTO_MD4 774 tristate "MD4 digest algorithm" 775 select CRYPTO_HASH 776 help 777 MD4 message digest algorithm (RFC1320). 778 779config CRYPTO_MD5 780 tristate "MD5 digest algorithm" 781 select CRYPTO_HASH 782 help 783 MD5 message digest algorithm (RFC1321). 784 785config CRYPTO_MD5_OCTEON 786 tristate "MD5 digest algorithm (OCTEON)" 787 depends on CPU_CAVIUM_OCTEON 788 select CRYPTO_MD5 789 select CRYPTO_HASH 790 help 791 MD5 message digest algorithm (RFC1321) implemented 792 using OCTEON crypto instructions, when available. 793 794config CRYPTO_MD5_PPC 795 tristate "MD5 digest algorithm (PPC)" 796 depends on PPC 797 select CRYPTO_HASH 798 help 799 MD5 message digest algorithm (RFC1321) implemented 800 in PPC assembler. 801 802config CRYPTO_MD5_SPARC64 803 tristate "MD5 digest algorithm (SPARC64)" 804 depends on SPARC64 805 select CRYPTO_MD5 806 select CRYPTO_HASH 807 help 808 MD5 message digest algorithm (RFC1321) implemented 809 using sparc64 crypto instructions, when available. 810 811config CRYPTO_MICHAEL_MIC 812 tristate "Michael MIC keyed digest algorithm" 813 select CRYPTO_HASH 814 help 815 Michael MIC is used for message integrity protection in TKIP 816 (IEEE 802.11i). This algorithm is required for TKIP, but it 817 should not be used for other purposes because of the weakness 818 of the algorithm. 819 820config CRYPTO_RMD160 821 tristate "RIPEMD-160 digest algorithm" 822 select CRYPTO_HASH 823 help 824 RIPEMD-160 (ISO/IEC 10118-3:2004). 825 826 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 827 to be used as a secure replacement for the 128-bit hash functions 828 MD4, MD5 and it's predecessor RIPEMD 829 (not to be confused with RIPEMD-128). 830 831 It's speed is comparable to SHA1 and there are no known attacks 832 against RIPEMD-160. 833 834 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 835 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 836 837config CRYPTO_SHA1 838 tristate "SHA1 digest algorithm" 839 select CRYPTO_HASH 840 help 841 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 842 843config CRYPTO_SHA1_SSSE3 844 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 845 depends on X86 && 64BIT 846 select CRYPTO_SHA1 847 select CRYPTO_HASH 848 help 849 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 850 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 851 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 852 when available. 853 854config CRYPTO_SHA256_SSSE3 855 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 856 depends on X86 && 64BIT 857 select CRYPTO_SHA256 858 select CRYPTO_HASH 859 help 860 SHA-256 secure hash standard (DFIPS 180-2) implemented 861 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 862 Extensions version 1 (AVX1), or Advanced Vector Extensions 863 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 864 Instructions) when available. 865 866config CRYPTO_SHA512_SSSE3 867 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 868 depends on X86 && 64BIT 869 select CRYPTO_SHA512 870 select CRYPTO_HASH 871 help 872 SHA-512 secure hash standard (DFIPS 180-2) implemented 873 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 874 Extensions version 1 (AVX1), or Advanced Vector Extensions 875 version 2 (AVX2) instructions, when available. 876 877config CRYPTO_SHA1_OCTEON 878 tristate "SHA1 digest algorithm (OCTEON)" 879 depends on CPU_CAVIUM_OCTEON 880 select CRYPTO_SHA1 881 select CRYPTO_HASH 882 help 883 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 884 using OCTEON crypto instructions, when available. 885 886config CRYPTO_SHA1_SPARC64 887 tristate "SHA1 digest algorithm (SPARC64)" 888 depends on SPARC64 889 select CRYPTO_SHA1 890 select CRYPTO_HASH 891 help 892 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 893 using sparc64 crypto instructions, when available. 894 895config CRYPTO_SHA1_PPC 896 tristate "SHA1 digest algorithm (powerpc)" 897 depends on PPC 898 help 899 This is the powerpc hardware accelerated implementation of the 900 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 901 902config CRYPTO_SHA1_PPC_SPE 903 tristate "SHA1 digest algorithm (PPC SPE)" 904 depends on PPC && SPE 905 help 906 SHA-1 secure hash standard (DFIPS 180-4) implemented 907 using powerpc SPE SIMD instruction set. 908 909config CRYPTO_SHA256 910 tristate "SHA224 and SHA256 digest algorithm" 911 select CRYPTO_HASH 912 select CRYPTO_LIB_SHA256 913 help 914 SHA256 secure hash standard (DFIPS 180-2). 915 916 This version of SHA implements a 256 bit hash with 128 bits of 917 security against collision attacks. 918 919 This code also includes SHA-224, a 224 bit hash with 112 bits 920 of security against collision attacks. 921 922config CRYPTO_SHA256_PPC_SPE 923 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 924 depends on PPC && SPE 925 select CRYPTO_SHA256 926 select CRYPTO_HASH 927 help 928 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 929 implemented using powerpc SPE SIMD instruction set. 930 931config CRYPTO_SHA256_OCTEON 932 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 933 depends on CPU_CAVIUM_OCTEON 934 select CRYPTO_SHA256 935 select CRYPTO_HASH 936 help 937 SHA-256 secure hash standard (DFIPS 180-2) implemented 938 using OCTEON crypto instructions, when available. 939 940config CRYPTO_SHA256_SPARC64 941 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 942 depends on SPARC64 943 select CRYPTO_SHA256 944 select CRYPTO_HASH 945 help 946 SHA-256 secure hash standard (DFIPS 180-2) implemented 947 using sparc64 crypto instructions, when available. 948 949config CRYPTO_SHA512 950 tristate "SHA384 and SHA512 digest algorithms" 951 select CRYPTO_HASH 952 help 953 SHA512 secure hash standard (DFIPS 180-2). 954 955 This version of SHA implements a 512 bit hash with 256 bits of 956 security against collision attacks. 957 958 This code also includes SHA-384, a 384 bit hash with 192 bits 959 of security against collision attacks. 960 961config CRYPTO_SHA512_OCTEON 962 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 963 depends on CPU_CAVIUM_OCTEON 964 select CRYPTO_SHA512 965 select CRYPTO_HASH 966 help 967 SHA-512 secure hash standard (DFIPS 180-2) implemented 968 using OCTEON crypto instructions, when available. 969 970config CRYPTO_SHA512_SPARC64 971 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 972 depends on SPARC64 973 select CRYPTO_SHA512 974 select CRYPTO_HASH 975 help 976 SHA-512 secure hash standard (DFIPS 180-2) implemented 977 using sparc64 crypto instructions, when available. 978 979config CRYPTO_SHA3 980 tristate "SHA3 digest algorithm" 981 select CRYPTO_HASH 982 help 983 SHA-3 secure hash standard (DFIPS 202). It's based on 984 cryptographic sponge function family called Keccak. 985 986 References: 987 http://keccak.noekeon.org/ 988 989config CRYPTO_SM3 990 tristate "SM3 digest algorithm" 991 select CRYPTO_HASH 992 help 993 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 994 It is part of the Chinese Commercial Cryptography suite. 995 996 References: 997 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 998 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 999 1000config CRYPTO_STREEBOG 1001 tristate "Streebog Hash Function" 1002 select CRYPTO_HASH 1003 help 1004 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian 1005 cryptographic standard algorithms (called GOST algorithms). 1006 This setting enables two hash algorithms with 256 and 512 bits output. 1007 1008 References: 1009 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 1010 https://tools.ietf.org/html/rfc6986 1011 1012config CRYPTO_WP512 1013 tristate "Whirlpool digest algorithms" 1014 select CRYPTO_HASH 1015 help 1016 Whirlpool hash algorithm 512, 384 and 256-bit hashes 1017 1018 Whirlpool-512 is part of the NESSIE cryptographic primitives. 1019 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 1020 1021 See also: 1022 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 1023 1024config CRYPTO_GHASH_CLMUL_NI_INTEL 1025 tristate "GHASH hash function (CLMUL-NI accelerated)" 1026 depends on X86 && 64BIT 1027 select CRYPTO_CRYPTD 1028 help 1029 This is the x86_64 CLMUL-NI accelerated implementation of 1030 GHASH, the hash function used in GCM (Galois/Counter mode). 1031 1032comment "Ciphers" 1033 1034config CRYPTO_AES 1035 tristate "AES cipher algorithms" 1036 select CRYPTO_ALGAPI 1037 select CRYPTO_LIB_AES 1038 help 1039 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1040 algorithm. 1041 1042 Rijndael appears to be consistently a very good performer in 1043 both hardware and software across a wide range of computing 1044 environments regardless of its use in feedback or non-feedback 1045 modes. Its key setup time is excellent, and its key agility is 1046 good. Rijndael's very low memory requirements make it very well 1047 suited for restricted-space environments, in which it also 1048 demonstrates excellent performance. Rijndael's operations are 1049 among the easiest to defend against power and timing attacks. 1050 1051 The AES specifies three key sizes: 128, 192 and 256 bits 1052 1053 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 1054 1055config CRYPTO_AES_TI 1056 tristate "Fixed time AES cipher" 1057 select CRYPTO_ALGAPI 1058 select CRYPTO_LIB_AES 1059 help 1060 This is a generic implementation of AES that attempts to eliminate 1061 data dependent latencies as much as possible without affecting 1062 performance too much. It is intended for use by the generic CCM 1063 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 1064 solely on encryption (although decryption is supported as well, but 1065 with a more dramatic performance hit) 1066 1067 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 1068 8 for decryption), this implementation only uses just two S-boxes of 1069 256 bytes each, and attempts to eliminate data dependent latencies by 1070 prefetching the entire table into the cache at the start of each 1071 block. Interrupts are also disabled to avoid races where cachelines 1072 are evicted when the CPU is interrupted to do something else. 1073 1074config CRYPTO_AES_NI_INTEL 1075 tristate "AES cipher algorithms (AES-NI)" 1076 depends on X86 1077 select CRYPTO_AEAD 1078 select CRYPTO_LIB_AES 1079 select CRYPTO_ALGAPI 1080 select CRYPTO_SKCIPHER 1081 select CRYPTO_SIMD 1082 help 1083 Use Intel AES-NI instructions for AES algorithm. 1084 1085 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1086 algorithm. 1087 1088 Rijndael appears to be consistently a very good performer in 1089 both hardware and software across a wide range of computing 1090 environments regardless of its use in feedback or non-feedback 1091 modes. Its key setup time is excellent, and its key agility is 1092 good. Rijndael's very low memory requirements make it very well 1093 suited for restricted-space environments, in which it also 1094 demonstrates excellent performance. Rijndael's operations are 1095 among the easiest to defend against power and timing attacks. 1096 1097 The AES specifies three key sizes: 128, 192 and 256 bits 1098 1099 See <http://csrc.nist.gov/encryption/aes/> for more information. 1100 1101 In addition to AES cipher algorithm support, the acceleration 1102 for some popular block cipher mode is supported too, including 1103 ECB, CBC, LRW, XTS. The 64 bit version has additional 1104 acceleration for CTR. 1105 1106config CRYPTO_AES_SPARC64 1107 tristate "AES cipher algorithms (SPARC64)" 1108 depends on SPARC64 1109 select CRYPTO_SKCIPHER 1110 help 1111 Use SPARC64 crypto opcodes for AES algorithm. 1112 1113 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1114 algorithm. 1115 1116 Rijndael appears to be consistently a very good performer in 1117 both hardware and software across a wide range of computing 1118 environments regardless of its use in feedback or non-feedback 1119 modes. Its key setup time is excellent, and its key agility is 1120 good. Rijndael's very low memory requirements make it very well 1121 suited for restricted-space environments, in which it also 1122 demonstrates excellent performance. Rijndael's operations are 1123 among the easiest to defend against power and timing attacks. 1124 1125 The AES specifies three key sizes: 128, 192 and 256 bits 1126 1127 See <http://csrc.nist.gov/encryption/aes/> for more information. 1128 1129 In addition to AES cipher algorithm support, the acceleration 1130 for some popular block cipher mode is supported too, including 1131 ECB and CBC. 1132 1133config CRYPTO_AES_PPC_SPE 1134 tristate "AES cipher algorithms (PPC SPE)" 1135 depends on PPC && SPE 1136 select CRYPTO_SKCIPHER 1137 help 1138 AES cipher algorithms (FIPS-197). Additionally the acceleration 1139 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1140 This module should only be used for low power (router) devices 1141 without hardware AES acceleration (e.g. caam crypto). It reduces the 1142 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1143 timining attacks. Nevertheless it might be not as secure as other 1144 architecture specific assembler implementations that work on 1KB 1145 tables or 256 bytes S-boxes. 1146 1147config CRYPTO_ANUBIS 1148 tristate "Anubis cipher algorithm" 1149 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1150 select CRYPTO_ALGAPI 1151 help 1152 Anubis cipher algorithm. 1153 1154 Anubis is a variable key length cipher which can use keys from 1155 128 bits to 320 bits in length. It was evaluated as a entrant 1156 in the NESSIE competition. 1157 1158 See also: 1159 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 1160 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 1161 1162config CRYPTO_ARC4 1163 tristate "ARC4 cipher algorithm" 1164 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1165 select CRYPTO_SKCIPHER 1166 select CRYPTO_LIB_ARC4 1167 help 1168 ARC4 cipher algorithm. 1169 1170 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1171 bits in length. This algorithm is required for driver-based 1172 WEP, but it should not be for other purposes because of the 1173 weakness of the algorithm. 1174 1175config CRYPTO_BLOWFISH 1176 tristate "Blowfish cipher algorithm" 1177 select CRYPTO_ALGAPI 1178 select CRYPTO_BLOWFISH_COMMON 1179 help 1180 Blowfish cipher algorithm, by Bruce Schneier. 1181 1182 This is a variable key length cipher which can use keys from 32 1183 bits to 448 bits in length. It's fast, simple and specifically 1184 designed for use on "large microprocessors". 1185 1186 See also: 1187 <https://www.schneier.com/blowfish.html> 1188 1189config CRYPTO_BLOWFISH_COMMON 1190 tristate 1191 help 1192 Common parts of the Blowfish cipher algorithm shared by the 1193 generic c and the assembler implementations. 1194 1195 See also: 1196 <https://www.schneier.com/blowfish.html> 1197 1198config CRYPTO_BLOWFISH_X86_64 1199 tristate "Blowfish cipher algorithm (x86_64)" 1200 depends on X86 && 64BIT 1201 select CRYPTO_SKCIPHER 1202 select CRYPTO_BLOWFISH_COMMON 1203 imply CRYPTO_CTR 1204 help 1205 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 1206 1207 This is a variable key length cipher which can use keys from 32 1208 bits to 448 bits in length. It's fast, simple and specifically 1209 designed for use on "large microprocessors". 1210 1211 See also: 1212 <https://www.schneier.com/blowfish.html> 1213 1214config CRYPTO_CAMELLIA 1215 tristate "Camellia cipher algorithms" 1216 depends on CRYPTO 1217 select CRYPTO_ALGAPI 1218 help 1219 Camellia cipher algorithms module. 1220 1221 Camellia is a symmetric key block cipher developed jointly 1222 at NTT and Mitsubishi Electric Corporation. 1223 1224 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1225 1226 See also: 1227 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1228 1229config CRYPTO_CAMELLIA_X86_64 1230 tristate "Camellia cipher algorithm (x86_64)" 1231 depends on X86 && 64BIT 1232 depends on CRYPTO 1233 select CRYPTO_SKCIPHER 1234 imply CRYPTO_CTR 1235 help 1236 Camellia cipher algorithm module (x86_64). 1237 1238 Camellia is a symmetric key block cipher developed jointly 1239 at NTT and Mitsubishi Electric Corporation. 1240 1241 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1242 1243 See also: 1244 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1245 1246config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1247 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1248 depends on X86 && 64BIT 1249 depends on CRYPTO 1250 select CRYPTO_SKCIPHER 1251 select CRYPTO_CAMELLIA_X86_64 1252 select CRYPTO_SIMD 1253 imply CRYPTO_XTS 1254 help 1255 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1256 1257 Camellia is a symmetric key block cipher developed jointly 1258 at NTT and Mitsubishi Electric Corporation. 1259 1260 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1261 1262 See also: 1263 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1264 1265config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1266 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1267 depends on X86 && 64BIT 1268 depends on CRYPTO 1269 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1270 help 1271 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1272 1273 Camellia is a symmetric key block cipher developed jointly 1274 at NTT and Mitsubishi Electric Corporation. 1275 1276 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1277 1278 See also: 1279 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1280 1281config CRYPTO_CAMELLIA_SPARC64 1282 tristate "Camellia cipher algorithm (SPARC64)" 1283 depends on SPARC64 1284 depends on CRYPTO 1285 select CRYPTO_ALGAPI 1286 select CRYPTO_SKCIPHER 1287 help 1288 Camellia cipher algorithm module (SPARC64). 1289 1290 Camellia is a symmetric key block cipher developed jointly 1291 at NTT and Mitsubishi Electric Corporation. 1292 1293 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1294 1295 See also: 1296 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1297 1298config CRYPTO_CAST_COMMON 1299 tristate 1300 help 1301 Common parts of the CAST cipher algorithms shared by the 1302 generic c and the assembler implementations. 1303 1304config CRYPTO_CAST5 1305 tristate "CAST5 (CAST-128) cipher algorithm" 1306 select CRYPTO_ALGAPI 1307 select CRYPTO_CAST_COMMON 1308 help 1309 The CAST5 encryption algorithm (synonymous with CAST-128) is 1310 described in RFC2144. 1311 1312config CRYPTO_CAST5_AVX_X86_64 1313 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1314 depends on X86 && 64BIT 1315 select CRYPTO_SKCIPHER 1316 select CRYPTO_CAST5 1317 select CRYPTO_CAST_COMMON 1318 select CRYPTO_SIMD 1319 imply CRYPTO_CTR 1320 help 1321 The CAST5 encryption algorithm (synonymous with CAST-128) is 1322 described in RFC2144. 1323 1324 This module provides the Cast5 cipher algorithm that processes 1325 sixteen blocks parallel using the AVX instruction set. 1326 1327config CRYPTO_CAST6 1328 tristate "CAST6 (CAST-256) cipher algorithm" 1329 select CRYPTO_ALGAPI 1330 select CRYPTO_CAST_COMMON 1331 help 1332 The CAST6 encryption algorithm (synonymous with CAST-256) is 1333 described in RFC2612. 1334 1335config CRYPTO_CAST6_AVX_X86_64 1336 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1337 depends on X86 && 64BIT 1338 select CRYPTO_SKCIPHER 1339 select CRYPTO_CAST6 1340 select CRYPTO_CAST_COMMON 1341 select CRYPTO_SIMD 1342 imply CRYPTO_XTS 1343 imply CRYPTO_CTR 1344 help 1345 The CAST6 encryption algorithm (synonymous with CAST-256) is 1346 described in RFC2612. 1347 1348 This module provides the Cast6 cipher algorithm that processes 1349 eight blocks parallel using the AVX instruction set. 1350 1351config CRYPTO_DES 1352 tristate "DES and Triple DES EDE cipher algorithms" 1353 select CRYPTO_ALGAPI 1354 select CRYPTO_LIB_DES 1355 help 1356 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1357 1358config CRYPTO_DES_SPARC64 1359 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1360 depends on SPARC64 1361 select CRYPTO_ALGAPI 1362 select CRYPTO_LIB_DES 1363 select CRYPTO_SKCIPHER 1364 help 1365 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1366 optimized using SPARC64 crypto opcodes. 1367 1368config CRYPTO_DES3_EDE_X86_64 1369 tristate "Triple DES EDE cipher algorithm (x86-64)" 1370 depends on X86 && 64BIT 1371 select CRYPTO_SKCIPHER 1372 select CRYPTO_LIB_DES 1373 imply CRYPTO_CTR 1374 help 1375 Triple DES EDE (FIPS 46-3) algorithm. 1376 1377 This module provides implementation of the Triple DES EDE cipher 1378 algorithm that is optimized for x86-64 processors. Two versions of 1379 algorithm are provided; regular processing one input block and 1380 one that processes three blocks parallel. 1381 1382config CRYPTO_FCRYPT 1383 tristate "FCrypt cipher algorithm" 1384 select CRYPTO_ALGAPI 1385 select CRYPTO_SKCIPHER 1386 help 1387 FCrypt algorithm used by RxRPC. 1388 1389config CRYPTO_KHAZAD 1390 tristate "Khazad cipher algorithm" 1391 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1392 select CRYPTO_ALGAPI 1393 help 1394 Khazad cipher algorithm. 1395 1396 Khazad was a finalist in the initial NESSIE competition. It is 1397 an algorithm optimized for 64-bit processors with good performance 1398 on 32-bit processors. Khazad uses an 128 bit key size. 1399 1400 See also: 1401 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1402 1403config CRYPTO_CHACHA20 1404 tristate "ChaCha stream cipher algorithms" 1405 select CRYPTO_LIB_CHACHA_GENERIC 1406 select CRYPTO_SKCIPHER 1407 help 1408 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms. 1409 1410 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1411 Bernstein and further specified in RFC7539 for use in IETF protocols. 1412 This is the portable C implementation of ChaCha20. See also: 1413 <https://cr.yp.to/chacha/chacha-20080128.pdf> 1414 1415 XChaCha20 is the application of the XSalsa20 construction to ChaCha20 1416 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 1417 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 1418 while provably retaining ChaCha20's security. See also: 1419 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf> 1420 1421 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 1422 reduced security margin but increased performance. It can be needed 1423 in some performance-sensitive scenarios. 1424 1425config CRYPTO_CHACHA20_X86_64 1426 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)" 1427 depends on X86 && 64BIT 1428 select CRYPTO_SKCIPHER 1429 select CRYPTO_LIB_CHACHA_GENERIC 1430 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1431 help 1432 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20, 1433 XChaCha20, and XChaCha12 stream ciphers. 1434 1435config CRYPTO_CHACHA_MIPS 1436 tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)" 1437 depends on CPU_MIPS32_R2 1438 select CRYPTO_SKCIPHER 1439 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1440 1441config CRYPTO_SEED 1442 tristate "SEED cipher algorithm" 1443 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1444 select CRYPTO_ALGAPI 1445 help 1446 SEED cipher algorithm (RFC4269). 1447 1448 SEED is a 128-bit symmetric key block cipher that has been 1449 developed by KISA (Korea Information Security Agency) as a 1450 national standard encryption algorithm of the Republic of Korea. 1451 It is a 16 round block cipher with the key size of 128 bit. 1452 1453 See also: 1454 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1455 1456config CRYPTO_SERPENT 1457 tristate "Serpent cipher algorithm" 1458 select CRYPTO_ALGAPI 1459 help 1460 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1461 1462 Keys are allowed to be from 0 to 256 bits in length, in steps 1463 of 8 bits. 1464 1465 See also: 1466 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1467 1468config CRYPTO_SERPENT_SSE2_X86_64 1469 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1470 depends on X86 && 64BIT 1471 select CRYPTO_SKCIPHER 1472 select CRYPTO_SERPENT 1473 select CRYPTO_SIMD 1474 imply CRYPTO_CTR 1475 help 1476 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1477 1478 Keys are allowed to be from 0 to 256 bits in length, in steps 1479 of 8 bits. 1480 1481 This module provides Serpent cipher algorithm that processes eight 1482 blocks parallel using SSE2 instruction set. 1483 1484 See also: 1485 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1486 1487config CRYPTO_SERPENT_SSE2_586 1488 tristate "Serpent cipher algorithm (i586/SSE2)" 1489 depends on X86 && !64BIT 1490 select CRYPTO_SKCIPHER 1491 select CRYPTO_SERPENT 1492 select CRYPTO_SIMD 1493 imply CRYPTO_CTR 1494 help 1495 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1496 1497 Keys are allowed to be from 0 to 256 bits in length, in steps 1498 of 8 bits. 1499 1500 This module provides Serpent cipher algorithm that processes four 1501 blocks parallel using SSE2 instruction set. 1502 1503 See also: 1504 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1505 1506config CRYPTO_SERPENT_AVX_X86_64 1507 tristate "Serpent cipher algorithm (x86_64/AVX)" 1508 depends on X86 && 64BIT 1509 select CRYPTO_SKCIPHER 1510 select CRYPTO_SERPENT 1511 select CRYPTO_SIMD 1512 imply CRYPTO_XTS 1513 imply CRYPTO_CTR 1514 help 1515 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1516 1517 Keys are allowed to be from 0 to 256 bits in length, in steps 1518 of 8 bits. 1519 1520 This module provides the Serpent cipher algorithm that processes 1521 eight blocks parallel using the AVX instruction set. 1522 1523 See also: 1524 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1525 1526config CRYPTO_SERPENT_AVX2_X86_64 1527 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1528 depends on X86 && 64BIT 1529 select CRYPTO_SERPENT_AVX_X86_64 1530 help 1531 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1532 1533 Keys are allowed to be from 0 to 256 bits in length, in steps 1534 of 8 bits. 1535 1536 This module provides Serpent cipher algorithm that processes 16 1537 blocks parallel using AVX2 instruction set. 1538 1539 See also: 1540 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1541 1542config CRYPTO_SM4 1543 tristate "SM4 cipher algorithm" 1544 select CRYPTO_ALGAPI 1545 help 1546 SM4 cipher algorithms (OSCCA GB/T 32907-2016). 1547 1548 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1549 Organization of State Commercial Administration of China (OSCCA) 1550 as an authorized cryptographic algorithms for the use within China. 1551 1552 SMS4 was originally created for use in protecting wireless 1553 networks, and is mandated in the Chinese National Standard for 1554 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 1555 (GB.15629.11-2003). 1556 1557 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 1558 standardized through TC 260 of the Standardization Administration 1559 of the People's Republic of China (SAC). 1560 1561 The input, output, and key of SMS4 are each 128 bits. 1562 1563 See also: <https://eprint.iacr.org/2008/329.pdf> 1564 1565 If unsure, say N. 1566 1567config CRYPTO_TEA 1568 tristate "TEA, XTEA and XETA cipher algorithms" 1569 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1570 select CRYPTO_ALGAPI 1571 help 1572 TEA cipher algorithm. 1573 1574 Tiny Encryption Algorithm is a simple cipher that uses 1575 many rounds for security. It is very fast and uses 1576 little memory. 1577 1578 Xtendend Tiny Encryption Algorithm is a modification to 1579 the TEA algorithm to address a potential key weakness 1580 in the TEA algorithm. 1581 1582 Xtendend Encryption Tiny Algorithm is a mis-implementation 1583 of the XTEA algorithm for compatibility purposes. 1584 1585config CRYPTO_TWOFISH 1586 tristate "Twofish cipher algorithm" 1587 select CRYPTO_ALGAPI 1588 select CRYPTO_TWOFISH_COMMON 1589 help 1590 Twofish cipher algorithm. 1591 1592 Twofish was submitted as an AES (Advanced Encryption Standard) 1593 candidate cipher by researchers at CounterPane Systems. It is a 1594 16 round block cipher supporting key sizes of 128, 192, and 256 1595 bits. 1596 1597 See also: 1598 <https://www.schneier.com/twofish.html> 1599 1600config CRYPTO_TWOFISH_COMMON 1601 tristate 1602 help 1603 Common parts of the Twofish cipher algorithm shared by the 1604 generic c and the assembler implementations. 1605 1606config CRYPTO_TWOFISH_586 1607 tristate "Twofish cipher algorithms (i586)" 1608 depends on (X86 || UML_X86) && !64BIT 1609 select CRYPTO_ALGAPI 1610 select CRYPTO_TWOFISH_COMMON 1611 imply CRYPTO_CTR 1612 help 1613 Twofish cipher algorithm. 1614 1615 Twofish was submitted as an AES (Advanced Encryption Standard) 1616 candidate cipher by researchers at CounterPane Systems. It is a 1617 16 round block cipher supporting key sizes of 128, 192, and 256 1618 bits. 1619 1620 See also: 1621 <https://www.schneier.com/twofish.html> 1622 1623config CRYPTO_TWOFISH_X86_64 1624 tristate "Twofish cipher algorithm (x86_64)" 1625 depends on (X86 || UML_X86) && 64BIT 1626 select CRYPTO_ALGAPI 1627 select CRYPTO_TWOFISH_COMMON 1628 imply CRYPTO_CTR 1629 help 1630 Twofish cipher algorithm (x86_64). 1631 1632 Twofish was submitted as an AES (Advanced Encryption Standard) 1633 candidate cipher by researchers at CounterPane Systems. It is a 1634 16 round block cipher supporting key sizes of 128, 192, and 256 1635 bits. 1636 1637 See also: 1638 <https://www.schneier.com/twofish.html> 1639 1640config CRYPTO_TWOFISH_X86_64_3WAY 1641 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1642 depends on X86 && 64BIT 1643 select CRYPTO_SKCIPHER 1644 select CRYPTO_TWOFISH_COMMON 1645 select CRYPTO_TWOFISH_X86_64 1646 help 1647 Twofish cipher algorithm (x86_64, 3-way parallel). 1648 1649 Twofish was submitted as an AES (Advanced Encryption Standard) 1650 candidate cipher by researchers at CounterPane Systems. It is a 1651 16 round block cipher supporting key sizes of 128, 192, and 256 1652 bits. 1653 1654 This module provides Twofish cipher algorithm that processes three 1655 blocks parallel, utilizing resources of out-of-order CPUs better. 1656 1657 See also: 1658 <https://www.schneier.com/twofish.html> 1659 1660config CRYPTO_TWOFISH_AVX_X86_64 1661 tristate "Twofish cipher algorithm (x86_64/AVX)" 1662 depends on X86 && 64BIT 1663 select CRYPTO_SKCIPHER 1664 select CRYPTO_SIMD 1665 select CRYPTO_TWOFISH_COMMON 1666 select CRYPTO_TWOFISH_X86_64 1667 select CRYPTO_TWOFISH_X86_64_3WAY 1668 imply CRYPTO_XTS 1669 help 1670 Twofish cipher algorithm (x86_64/AVX). 1671 1672 Twofish was submitted as an AES (Advanced Encryption Standard) 1673 candidate cipher by researchers at CounterPane Systems. It is a 1674 16 round block cipher supporting key sizes of 128, 192, and 256 1675 bits. 1676 1677 This module provides the Twofish cipher algorithm that processes 1678 eight blocks parallel using the AVX Instruction Set. 1679 1680 See also: 1681 <https://www.schneier.com/twofish.html> 1682 1683comment "Compression" 1684 1685config CRYPTO_DEFLATE 1686 tristate "Deflate compression algorithm" 1687 select CRYPTO_ALGAPI 1688 select CRYPTO_ACOMP2 1689 select ZLIB_INFLATE 1690 select ZLIB_DEFLATE 1691 help 1692 This is the Deflate algorithm (RFC1951), specified for use in 1693 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1694 1695 You will most probably want this if using IPSec. 1696 1697config CRYPTO_LZO 1698 tristate "LZO compression algorithm" 1699 select CRYPTO_ALGAPI 1700 select CRYPTO_ACOMP2 1701 select LZO_COMPRESS 1702 select LZO_DECOMPRESS 1703 help 1704 This is the LZO algorithm. 1705 1706config CRYPTO_842 1707 tristate "842 compression algorithm" 1708 select CRYPTO_ALGAPI 1709 select CRYPTO_ACOMP2 1710 select 842_COMPRESS 1711 select 842_DECOMPRESS 1712 help 1713 This is the 842 algorithm. 1714 1715config CRYPTO_LZ4 1716 tristate "LZ4 compression algorithm" 1717 select CRYPTO_ALGAPI 1718 select CRYPTO_ACOMP2 1719 select LZ4_COMPRESS 1720 select LZ4_DECOMPRESS 1721 help 1722 This is the LZ4 algorithm. 1723 1724config CRYPTO_LZ4HC 1725 tristate "LZ4HC compression algorithm" 1726 select CRYPTO_ALGAPI 1727 select CRYPTO_ACOMP2 1728 select LZ4HC_COMPRESS 1729 select LZ4_DECOMPRESS 1730 help 1731 This is the LZ4 high compression mode algorithm. 1732 1733config CRYPTO_ZSTD 1734 tristate "Zstd compression algorithm" 1735 select CRYPTO_ALGAPI 1736 select CRYPTO_ACOMP2 1737 select ZSTD_COMPRESS 1738 select ZSTD_DECOMPRESS 1739 help 1740 This is the zstd algorithm. 1741 1742comment "Random Number Generation" 1743 1744config CRYPTO_ANSI_CPRNG 1745 tristate "Pseudo Random Number Generation for Cryptographic modules" 1746 select CRYPTO_AES 1747 select CRYPTO_RNG 1748 help 1749 This option enables the generic pseudo random number generator 1750 for cryptographic modules. Uses the Algorithm specified in 1751 ANSI X9.31 A.2.4. Note that this option must be enabled if 1752 CRYPTO_FIPS is selected 1753 1754menuconfig CRYPTO_DRBG_MENU 1755 tristate "NIST SP800-90A DRBG" 1756 help 1757 NIST SP800-90A compliant DRBG. In the following submenu, one or 1758 more of the DRBG types must be selected. 1759 1760if CRYPTO_DRBG_MENU 1761 1762config CRYPTO_DRBG_HMAC 1763 bool 1764 default y 1765 select CRYPTO_HMAC 1766 select CRYPTO_SHA256 1767 1768config CRYPTO_DRBG_HASH 1769 bool "Enable Hash DRBG" 1770 select CRYPTO_SHA256 1771 help 1772 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1773 1774config CRYPTO_DRBG_CTR 1775 bool "Enable CTR DRBG" 1776 select CRYPTO_AES 1777 select CRYPTO_CTR 1778 help 1779 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1780 1781config CRYPTO_DRBG 1782 tristate 1783 default CRYPTO_DRBG_MENU 1784 select CRYPTO_RNG 1785 select CRYPTO_JITTERENTROPY 1786 1787endif # if CRYPTO_DRBG_MENU 1788 1789config CRYPTO_JITTERENTROPY 1790 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1791 select CRYPTO_RNG 1792 help 1793 The Jitterentropy RNG is a noise that is intended 1794 to provide seed to another RNG. The RNG does not 1795 perform any cryptographic whitening of the generated 1796 random numbers. This Jitterentropy RNG registers with 1797 the kernel crypto API and can be used by any caller. 1798 1799config CRYPTO_USER_API 1800 tristate 1801 1802config CRYPTO_USER_API_HASH 1803 tristate "User-space interface for hash algorithms" 1804 depends on NET 1805 select CRYPTO_HASH 1806 select CRYPTO_USER_API 1807 help 1808 This option enables the user-spaces interface for hash 1809 algorithms. 1810 1811config CRYPTO_USER_API_SKCIPHER 1812 tristate "User-space interface for symmetric key cipher algorithms" 1813 depends on NET 1814 select CRYPTO_SKCIPHER 1815 select CRYPTO_USER_API 1816 help 1817 This option enables the user-spaces interface for symmetric 1818 key cipher algorithms. 1819 1820config CRYPTO_USER_API_RNG 1821 tristate "User-space interface for random number generator algorithms" 1822 depends on NET 1823 select CRYPTO_RNG 1824 select CRYPTO_USER_API 1825 help 1826 This option enables the user-spaces interface for random 1827 number generator algorithms. 1828 1829config CRYPTO_USER_API_RNG_CAVP 1830 bool "Enable CAVP testing of DRBG" 1831 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG 1832 help 1833 This option enables extra API for CAVP testing via the user-space 1834 interface: resetting of DRBG entropy, and providing Additional Data. 1835 This should only be enabled for CAVP testing. You should say 1836 no unless you know what this is. 1837 1838config CRYPTO_USER_API_AEAD 1839 tristate "User-space interface for AEAD cipher algorithms" 1840 depends on NET 1841 select CRYPTO_AEAD 1842 select CRYPTO_SKCIPHER 1843 select CRYPTO_NULL 1844 select CRYPTO_USER_API 1845 help 1846 This option enables the user-spaces interface for AEAD 1847 cipher algorithms. 1848 1849config CRYPTO_USER_API_ENABLE_OBSOLETE 1850 bool "Enable obsolete cryptographic algorithms for userspace" 1851 depends on CRYPTO_USER_API 1852 default y 1853 help 1854 Allow obsolete cryptographic algorithms to be selected that have 1855 already been phased out from internal use by the kernel, and are 1856 only useful for userspace clients that still rely on them. 1857 1858config CRYPTO_STATS 1859 bool "Crypto usage statistics for User-space" 1860 depends on CRYPTO_USER 1861 help 1862 This option enables the gathering of crypto stats. 1863 This will collect: 1864 - encrypt/decrypt size and numbers of symmeric operations 1865 - compress/decompress size and numbers of compress operations 1866 - size and numbers of hash operations 1867 - encrypt/decrypt/sign/verify numbers for asymmetric operations 1868 - generate/seed numbers for rng operations 1869 1870config CRYPTO_HASH_INFO 1871 bool 1872 1873source "lib/crypto/Kconfig" 1874source "drivers/crypto/Kconfig" 1875source "crypto/asymmetric_keys/Kconfig" 1876source "certs/Kconfig" 1877 1878endif # if CRYPTO 1879