1# SPDX-License-Identifier: GPL-2.0 2# 3# Generic algorithms support 4# 5config XOR_BLOCKS 6 tristate 7 8# 9# async_tx api: hardware offloaded memory transfer/transform support 10# 11source "crypto/async_tx/Kconfig" 12 13# 14# Cryptographic API Configuration 15# 16menuconfig CRYPTO 17 tristate "Cryptographic API" 18 help 19 This option provides the core Cryptographic API. 20 21if CRYPTO 22 23comment "Crypto core or helper" 24 25config CRYPTO_FIPS 26 bool "FIPS 200 compliance" 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 28 depends on (MODULE_SIG || !MODULES) 29 help 30 This option enables the fips boot option which is 31 required if you want the system to operate in a FIPS 200 32 certification. You should say no unless you know what 33 this is. 34 35config CRYPTO_ALGAPI 36 tristate 37 select CRYPTO_ALGAPI2 38 help 39 This option provides the API for cryptographic algorithms. 40 41config CRYPTO_ALGAPI2 42 tristate 43 44config CRYPTO_AEAD 45 tristate 46 select CRYPTO_AEAD2 47 select CRYPTO_ALGAPI 48 49config CRYPTO_AEAD2 50 tristate 51 select CRYPTO_ALGAPI2 52 select CRYPTO_NULL2 53 select CRYPTO_RNG2 54 55config CRYPTO_SKCIPHER 56 tristate 57 select CRYPTO_SKCIPHER2 58 select CRYPTO_ALGAPI 59 60config CRYPTO_SKCIPHER2 61 tristate 62 select CRYPTO_ALGAPI2 63 select CRYPTO_RNG2 64 65config CRYPTO_HASH 66 tristate 67 select CRYPTO_HASH2 68 select CRYPTO_ALGAPI 69 70config CRYPTO_HASH2 71 tristate 72 select CRYPTO_ALGAPI2 73 74config CRYPTO_RNG 75 tristate 76 select CRYPTO_RNG2 77 select CRYPTO_ALGAPI 78 79config CRYPTO_RNG2 80 tristate 81 select CRYPTO_ALGAPI2 82 83config CRYPTO_RNG_DEFAULT 84 tristate 85 select CRYPTO_DRBG_MENU 86 87config CRYPTO_AKCIPHER2 88 tristate 89 select CRYPTO_ALGAPI2 90 91config CRYPTO_AKCIPHER 92 tristate 93 select CRYPTO_AKCIPHER2 94 select CRYPTO_ALGAPI 95 96config CRYPTO_KPP2 97 tristate 98 select CRYPTO_ALGAPI2 99 100config CRYPTO_KPP 101 tristate 102 select CRYPTO_ALGAPI 103 select CRYPTO_KPP2 104 105config CRYPTO_ACOMP2 106 tristate 107 select CRYPTO_ALGAPI2 108 select SGL_ALLOC 109 110config CRYPTO_ACOMP 111 tristate 112 select CRYPTO_ALGAPI 113 select CRYPTO_ACOMP2 114 115config CRYPTO_MANAGER 116 tristate "Cryptographic algorithm manager" 117 select CRYPTO_MANAGER2 118 help 119 Create default cryptographic template instantiations such as 120 cbc(aes). 121 122config CRYPTO_MANAGER2 123 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 124 select CRYPTO_AEAD2 125 select CRYPTO_HASH2 126 select CRYPTO_SKCIPHER2 127 select CRYPTO_AKCIPHER2 128 select CRYPTO_KPP2 129 select CRYPTO_ACOMP2 130 131config CRYPTO_USER 132 tristate "Userspace cryptographic algorithm configuration" 133 depends on NET 134 select CRYPTO_MANAGER 135 help 136 Userspace configuration for cryptographic instantiations such as 137 cbc(aes). 138 139config CRYPTO_MANAGER_DISABLE_TESTS 140 bool "Disable run-time self tests" 141 default y 142 help 143 Disable run-time self tests that normally take place at 144 algorithm registration. 145 146config CRYPTO_MANAGER_EXTRA_TESTS 147 bool "Enable extra run-time crypto self tests" 148 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER 149 help 150 Enable extra run-time self tests of registered crypto algorithms, 151 including randomized fuzz tests. 152 153 This is intended for developer use only, as these tests take much 154 longer to run than the normal self tests. 155 156config CRYPTO_GF128MUL 157 tristate 158 159config CRYPTO_NULL 160 tristate "Null algorithms" 161 select CRYPTO_NULL2 162 help 163 These are 'Null' algorithms, used by IPsec, which do nothing. 164 165config CRYPTO_NULL2 166 tristate 167 select CRYPTO_ALGAPI2 168 select CRYPTO_SKCIPHER2 169 select CRYPTO_HASH2 170 171config CRYPTO_PCRYPT 172 tristate "Parallel crypto engine" 173 depends on SMP 174 select PADATA 175 select CRYPTO_MANAGER 176 select CRYPTO_AEAD 177 help 178 This converts an arbitrary crypto algorithm into a parallel 179 algorithm that executes in kernel threads. 180 181config CRYPTO_CRYPTD 182 tristate "Software async crypto daemon" 183 select CRYPTO_SKCIPHER 184 select CRYPTO_HASH 185 select CRYPTO_MANAGER 186 help 187 This is a generic software asynchronous crypto daemon that 188 converts an arbitrary synchronous software crypto algorithm 189 into an asynchronous algorithm that executes in a kernel thread. 190 191config CRYPTO_AUTHENC 192 tristate "Authenc support" 193 select CRYPTO_AEAD 194 select CRYPTO_SKCIPHER 195 select CRYPTO_MANAGER 196 select CRYPTO_HASH 197 select CRYPTO_NULL 198 help 199 Authenc: Combined mode wrapper for IPsec. 200 This is required for IPSec. 201 202config CRYPTO_TEST 203 tristate "Testing module" 204 depends on m || EXPERT 205 select CRYPTO_MANAGER 206 help 207 Quick & dirty crypto test module. 208 209config CRYPTO_SIMD 210 tristate 211 select CRYPTO_CRYPTD 212 213config CRYPTO_ENGINE 214 tristate 215 216comment "Public-key cryptography" 217 218config CRYPTO_RSA 219 tristate "RSA algorithm" 220 select CRYPTO_AKCIPHER 221 select CRYPTO_MANAGER 222 select MPILIB 223 select ASN1 224 help 225 Generic implementation of the RSA public key algorithm. 226 227config CRYPTO_DH 228 tristate "Diffie-Hellman algorithm" 229 select CRYPTO_KPP 230 select MPILIB 231 help 232 Generic implementation of the Diffie-Hellman algorithm. 233 234config CRYPTO_ECC 235 tristate 236 237config CRYPTO_ECDH 238 tristate "ECDH algorithm" 239 select CRYPTO_ECC 240 select CRYPTO_KPP 241 select CRYPTO_RNG_DEFAULT 242 help 243 Generic implementation of the ECDH algorithm 244 245config CRYPTO_ECDSA 246 tristate "ECDSA (NIST P192, P256 etc.) algorithm" 247 select CRYPTO_ECC 248 select CRYPTO_AKCIPHER 249 select ASN1 250 help 251 Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.) 252 is A NIST cryptographic standard algorithm. Only signature verification 253 is implemented. 254 255config CRYPTO_ECRDSA 256 tristate "EC-RDSA (GOST 34.10) algorithm" 257 select CRYPTO_ECC 258 select CRYPTO_AKCIPHER 259 select CRYPTO_STREEBOG 260 select OID_REGISTRY 261 select ASN1 262 help 263 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 264 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic 265 standard algorithms (called GOST algorithms). Only signature verification 266 is implemented. 267 268config CRYPTO_SM2 269 tristate "SM2 algorithm" 270 select CRYPTO_SM3 271 select CRYPTO_AKCIPHER 272 select CRYPTO_MANAGER 273 select MPILIB 274 select ASN1 275 help 276 Generic implementation of the SM2 public key algorithm. It was 277 published by State Encryption Management Bureau, China. 278 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012. 279 280 References: 281 https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 282 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml 283 http://www.gmbz.org.cn/main/bzlb.html 284 285config CRYPTO_CURVE25519 286 tristate "Curve25519 algorithm" 287 select CRYPTO_KPP 288 select CRYPTO_LIB_CURVE25519_GENERIC 289 290config CRYPTO_CURVE25519_X86 291 tristate "x86_64 accelerated Curve25519 scalar multiplication library" 292 depends on X86 && 64BIT 293 select CRYPTO_LIB_CURVE25519_GENERIC 294 select CRYPTO_ARCH_HAVE_LIB_CURVE25519 295 296comment "Authenticated Encryption with Associated Data" 297 298config CRYPTO_CCM 299 tristate "CCM support" 300 select CRYPTO_CTR 301 select CRYPTO_HASH 302 select CRYPTO_AEAD 303 select CRYPTO_MANAGER 304 help 305 Support for Counter with CBC MAC. Required for IPsec. 306 307config CRYPTO_GCM 308 tristate "GCM/GMAC support" 309 select CRYPTO_CTR 310 select CRYPTO_AEAD 311 select CRYPTO_GHASH 312 select CRYPTO_NULL 313 select CRYPTO_MANAGER 314 help 315 Support for Galois/Counter Mode (GCM) and Galois Message 316 Authentication Code (GMAC). Required for IPSec. 317 318config CRYPTO_CHACHA20POLY1305 319 tristate "ChaCha20-Poly1305 AEAD support" 320 select CRYPTO_CHACHA20 321 select CRYPTO_POLY1305 322 select CRYPTO_AEAD 323 select CRYPTO_MANAGER 324 help 325 ChaCha20-Poly1305 AEAD support, RFC7539. 326 327 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 328 with the Poly1305 authenticator. It is defined in RFC7539 for use in 329 IETF protocols. 330 331config CRYPTO_AEGIS128 332 tristate "AEGIS-128 AEAD algorithm" 333 select CRYPTO_AEAD 334 select CRYPTO_AES # for AES S-box tables 335 help 336 Support for the AEGIS-128 dedicated AEAD algorithm. 337 338config CRYPTO_AEGIS128_SIMD 339 bool "Support SIMD acceleration for AEGIS-128" 340 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) 341 default y 342 343config CRYPTO_AEGIS128_AESNI_SSE2 344 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 345 depends on X86 && 64BIT 346 select CRYPTO_AEAD 347 select CRYPTO_SIMD 348 help 349 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm. 350 351config CRYPTO_SEQIV 352 tristate "Sequence Number IV Generator" 353 select CRYPTO_AEAD 354 select CRYPTO_SKCIPHER 355 select CRYPTO_NULL 356 select CRYPTO_RNG_DEFAULT 357 select CRYPTO_MANAGER 358 help 359 This IV generator generates an IV based on a sequence number by 360 xoring it with a salt. This algorithm is mainly useful for CTR 361 362config CRYPTO_ECHAINIV 363 tristate "Encrypted Chain IV Generator" 364 select CRYPTO_AEAD 365 select CRYPTO_NULL 366 select CRYPTO_RNG_DEFAULT 367 select CRYPTO_MANAGER 368 help 369 This IV generator generates an IV based on the encryption of 370 a sequence number xored with a salt. This is the default 371 algorithm for CBC. 372 373comment "Block modes" 374 375config CRYPTO_CBC 376 tristate "CBC support" 377 select CRYPTO_SKCIPHER 378 select CRYPTO_MANAGER 379 help 380 CBC: Cipher Block Chaining mode 381 This block cipher algorithm is required for IPSec. 382 383config CRYPTO_CFB 384 tristate "CFB support" 385 select CRYPTO_SKCIPHER 386 select CRYPTO_MANAGER 387 help 388 CFB: Cipher FeedBack mode 389 This block cipher algorithm is required for TPM2 Cryptography. 390 391config CRYPTO_CTR 392 tristate "CTR support" 393 select CRYPTO_SKCIPHER 394 select CRYPTO_MANAGER 395 help 396 CTR: Counter mode 397 This block cipher algorithm is required for IPSec. 398 399config CRYPTO_CTS 400 tristate "CTS support" 401 select CRYPTO_SKCIPHER 402 select CRYPTO_MANAGER 403 help 404 CTS: Cipher Text Stealing 405 This is the Cipher Text Stealing mode as described by 406 Section 8 of rfc2040 and referenced by rfc3962 407 (rfc3962 includes errata information in its Appendix A) or 408 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. 409 This mode is required for Kerberos gss mechanism support 410 for AES encryption. 411 412 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final 413 414config CRYPTO_ECB 415 tristate "ECB support" 416 select CRYPTO_SKCIPHER 417 select CRYPTO_MANAGER 418 help 419 ECB: Electronic CodeBook mode 420 This is the simplest block cipher algorithm. It simply encrypts 421 the input block by block. 422 423config CRYPTO_LRW 424 tristate "LRW support" 425 select CRYPTO_SKCIPHER 426 select CRYPTO_MANAGER 427 select CRYPTO_GF128MUL 428 help 429 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 430 narrow block cipher mode for dm-crypt. Use it with cipher 431 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 432 The first 128, 192 or 256 bits in the key are used for AES and the 433 rest is used to tie each cipher block to its logical position. 434 435config CRYPTO_OFB 436 tristate "OFB support" 437 select CRYPTO_SKCIPHER 438 select CRYPTO_MANAGER 439 help 440 OFB: the Output Feedback mode makes a block cipher into a synchronous 441 stream cipher. It generates keystream blocks, which are then XORed 442 with the plaintext blocks to get the ciphertext. Flipping a bit in the 443 ciphertext produces a flipped bit in the plaintext at the same 444 location. This property allows many error correcting codes to function 445 normally even when applied before encryption. 446 447config CRYPTO_PCBC 448 tristate "PCBC support" 449 select CRYPTO_SKCIPHER 450 select CRYPTO_MANAGER 451 help 452 PCBC: Propagating Cipher Block Chaining mode 453 This block cipher algorithm is required for RxRPC. 454 455config CRYPTO_XTS 456 tristate "XTS support" 457 select CRYPTO_SKCIPHER 458 select CRYPTO_MANAGER 459 select CRYPTO_ECB 460 help 461 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 462 key size 256, 384 or 512 bits. This implementation currently 463 can't handle a sectorsize which is not a multiple of 16 bytes. 464 465config CRYPTO_KEYWRAP 466 tristate "Key wrapping support" 467 select CRYPTO_SKCIPHER 468 select CRYPTO_MANAGER 469 help 470 Support for key wrapping (NIST SP800-38F / RFC3394) without 471 padding. 472 473config CRYPTO_NHPOLY1305 474 tristate 475 select CRYPTO_HASH 476 select CRYPTO_LIB_POLY1305_GENERIC 477 478config CRYPTO_NHPOLY1305_SSE2 479 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)" 480 depends on X86 && 64BIT 481 select CRYPTO_NHPOLY1305 482 help 483 SSE2 optimized implementation of the hash function used by the 484 Adiantum encryption mode. 485 486config CRYPTO_NHPOLY1305_AVX2 487 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)" 488 depends on X86 && 64BIT 489 select CRYPTO_NHPOLY1305 490 help 491 AVX2 optimized implementation of the hash function used by the 492 Adiantum encryption mode. 493 494config CRYPTO_ADIANTUM 495 tristate "Adiantum support" 496 select CRYPTO_CHACHA20 497 select CRYPTO_LIB_POLY1305_GENERIC 498 select CRYPTO_NHPOLY1305 499 select CRYPTO_MANAGER 500 help 501 Adiantum is a tweakable, length-preserving encryption mode 502 designed for fast and secure disk encryption, especially on 503 CPUs without dedicated crypto instructions. It encrypts 504 each sector using the XChaCha12 stream cipher, two passes of 505 an ε-almost-∆-universal hash function, and an invocation of 506 the AES-256 block cipher on a single 16-byte block. On CPUs 507 without AES instructions, Adiantum is much faster than 508 AES-XTS. 509 510 Adiantum's security is provably reducible to that of its 511 underlying stream and block ciphers, subject to a security 512 bound. Unlike XTS, Adiantum is a true wide-block encryption 513 mode, so it actually provides an even stronger notion of 514 security than XTS, subject to the security bound. 515 516 If unsure, say N. 517 518config CRYPTO_ESSIV 519 tristate "ESSIV support for block encryption" 520 select CRYPTO_AUTHENC 521 help 522 Encrypted salt-sector initialization vector (ESSIV) is an IV 523 generation method that is used in some cases by fscrypt and/or 524 dm-crypt. It uses the hash of the block encryption key as the 525 symmetric key for a block encryption pass applied to the input 526 IV, making low entropy IV sources more suitable for block 527 encryption. 528 529 This driver implements a crypto API template that can be 530 instantiated either as an skcipher or as an AEAD (depending on the 531 type of the first template argument), and which defers encryption 532 and decryption requests to the encapsulated cipher after applying 533 ESSIV to the input IV. Note that in the AEAD case, it is assumed 534 that the keys are presented in the same format used by the authenc 535 template, and that the IV appears at the end of the authenticated 536 associated data (AAD) region (which is how dm-crypt uses it.) 537 538 Note that the use of ESSIV is not recommended for new deployments, 539 and so this only needs to be enabled when interoperability with 540 existing encrypted volumes of filesystems is required, or when 541 building for a particular system that requires it (e.g., when 542 the SoC in question has accelerated CBC but not XTS, making CBC 543 combined with ESSIV the only feasible mode for h/w accelerated 544 block encryption) 545 546comment "Hash modes" 547 548config CRYPTO_CMAC 549 tristate "CMAC support" 550 select CRYPTO_HASH 551 select CRYPTO_MANAGER 552 help 553 Cipher-based Message Authentication Code (CMAC) specified by 554 The National Institute of Standards and Technology (NIST). 555 556 https://tools.ietf.org/html/rfc4493 557 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 558 559config CRYPTO_HMAC 560 tristate "HMAC support" 561 select CRYPTO_HASH 562 select CRYPTO_MANAGER 563 help 564 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 565 This is required for IPSec. 566 567config CRYPTO_XCBC 568 tristate "XCBC support" 569 select CRYPTO_HASH 570 select CRYPTO_MANAGER 571 help 572 XCBC: Keyed-Hashing with encryption algorithm 573 https://www.ietf.org/rfc/rfc3566.txt 574 http://csrc.nist.gov/encryption/modes/proposedmodes/ 575 xcbc-mac/xcbc-mac-spec.pdf 576 577config CRYPTO_VMAC 578 tristate "VMAC support" 579 select CRYPTO_HASH 580 select CRYPTO_MANAGER 581 help 582 VMAC is a message authentication algorithm designed for 583 very high speed on 64-bit architectures. 584 585 See also: 586 <https://fastcrypto.org/vmac> 587 588comment "Digest" 589 590config CRYPTO_CRC32C 591 tristate "CRC32c CRC algorithm" 592 select CRYPTO_HASH 593 select CRC32 594 help 595 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 596 by iSCSI for header and data digests and by others. 597 See Castagnoli93. Module will be crc32c. 598 599config CRYPTO_CRC32C_INTEL 600 tristate "CRC32c INTEL hardware acceleration" 601 depends on X86 602 select CRYPTO_HASH 603 help 604 In Intel processor with SSE4.2 supported, the processor will 605 support CRC32C implementation using hardware accelerated CRC32 606 instruction. This option will create 'crc32c-intel' module, 607 which will enable any routine to use the CRC32 instruction to 608 gain performance compared with software implementation. 609 Module will be crc32c-intel. 610 611config CRYPTO_CRC32C_VPMSUM 612 tristate "CRC32c CRC algorithm (powerpc64)" 613 depends on PPC64 && ALTIVEC 614 select CRYPTO_HASH 615 select CRC32 616 help 617 CRC32c algorithm implemented using vector polynomial multiply-sum 618 (vpmsum) instructions, introduced in POWER8. Enable on POWER8 619 and newer processors for improved performance. 620 621 622config CRYPTO_CRC32C_SPARC64 623 tristate "CRC32c CRC algorithm (SPARC64)" 624 depends on SPARC64 625 select CRYPTO_HASH 626 select CRC32 627 help 628 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 629 when available. 630 631config CRYPTO_CRC32 632 tristate "CRC32 CRC algorithm" 633 select CRYPTO_HASH 634 select CRC32 635 help 636 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 637 Shash crypto api wrappers to crc32_le function. 638 639config CRYPTO_CRC32_PCLMUL 640 tristate "CRC32 PCLMULQDQ hardware acceleration" 641 depends on X86 642 select CRYPTO_HASH 643 select CRC32 644 help 645 From Intel Westmere and AMD Bulldozer processor with SSE4.2 646 and PCLMULQDQ supported, the processor will support 647 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 648 instruction. This option will create 'crc32-pclmul' module, 649 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 650 and gain better performance as compared with the table implementation. 651 652config CRYPTO_CRC32_MIPS 653 tristate "CRC32c and CRC32 CRC algorithm (MIPS)" 654 depends on MIPS_CRC_SUPPORT 655 select CRYPTO_HASH 656 help 657 CRC32c and CRC32 CRC algorithms implemented using mips crypto 658 instructions, when available. 659 660 661config CRYPTO_XXHASH 662 tristate "xxHash hash algorithm" 663 select CRYPTO_HASH 664 select XXHASH 665 help 666 xxHash non-cryptographic hash algorithm. Extremely fast, working at 667 speeds close to RAM limits. 668 669config CRYPTO_BLAKE2B 670 tristate "BLAKE2b digest algorithm" 671 select CRYPTO_HASH 672 help 673 Implementation of cryptographic hash function BLAKE2b (or just BLAKE2), 674 optimized for 64bit platforms and can produce digests of any size 675 between 1 to 64. The keyed hash is also implemented. 676 677 This module provides the following algorithms: 678 679 - blake2b-160 680 - blake2b-256 681 - blake2b-384 682 - blake2b-512 683 684 See https://blake2.net for further information. 685 686config CRYPTO_BLAKE2S 687 tristate "BLAKE2s digest algorithm" 688 select CRYPTO_LIB_BLAKE2S_GENERIC 689 select CRYPTO_HASH 690 help 691 Implementation of cryptographic hash function BLAKE2s 692 optimized for 8-32bit platforms and can produce digests of any size 693 between 1 to 32. The keyed hash is also implemented. 694 695 This module provides the following algorithms: 696 697 - blake2s-128 698 - blake2s-160 699 - blake2s-224 700 - blake2s-256 701 702 See https://blake2.net for further information. 703 704config CRYPTO_BLAKE2S_X86 705 tristate "BLAKE2s digest algorithm (x86 accelerated version)" 706 depends on X86 && 64BIT 707 select CRYPTO_LIB_BLAKE2S_GENERIC 708 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S 709 710config CRYPTO_CRCT10DIF 711 tristate "CRCT10DIF algorithm" 712 select CRYPTO_HASH 713 help 714 CRC T10 Data Integrity Field computation is being cast as 715 a crypto transform. This allows for faster crc t10 diff 716 transforms to be used if they are available. 717 718config CRYPTO_CRCT10DIF_PCLMUL 719 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 720 depends on X86 && 64BIT && CRC_T10DIF 721 select CRYPTO_HASH 722 help 723 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 724 CRC T10 DIF PCLMULQDQ computation can be hardware 725 accelerated PCLMULQDQ instruction. This option will create 726 'crct10dif-pclmul' module, which is faster when computing the 727 crct10dif checksum as compared with the generic table implementation. 728 729config CRYPTO_CRCT10DIF_VPMSUM 730 tristate "CRC32T10DIF powerpc64 hardware acceleration" 731 depends on PPC64 && ALTIVEC && CRC_T10DIF 732 select CRYPTO_HASH 733 help 734 CRC10T10DIF algorithm implemented using vector polynomial 735 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 736 POWER8 and newer processors for improved performance. 737 738config CRYPTO_VPMSUM_TESTER 739 tristate "Powerpc64 vpmsum hardware acceleration tester" 740 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 741 help 742 Stress test for CRC32c and CRC-T10DIF algorithms implemented with 743 POWER8 vpmsum instructions. 744 Unless you are testing these algorithms, you don't need this. 745 746config CRYPTO_GHASH 747 tristate "GHASH hash function" 748 select CRYPTO_GF128MUL 749 select CRYPTO_HASH 750 help 751 GHASH is the hash function used in GCM (Galois/Counter Mode). 752 It is not a general-purpose cryptographic hash function. 753 754config CRYPTO_POLY1305 755 tristate "Poly1305 authenticator algorithm" 756 select CRYPTO_HASH 757 select CRYPTO_LIB_POLY1305_GENERIC 758 help 759 Poly1305 authenticator algorithm, RFC7539. 760 761 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 762 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 763 in IETF protocols. This is the portable C implementation of Poly1305. 764 765config CRYPTO_POLY1305_X86_64 766 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 767 depends on X86 && 64BIT 768 select CRYPTO_LIB_POLY1305_GENERIC 769 select CRYPTO_ARCH_HAVE_LIB_POLY1305 770 help 771 Poly1305 authenticator algorithm, RFC7539. 772 773 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 774 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 775 in IETF protocols. This is the x86_64 assembler implementation using SIMD 776 instructions. 777 778config CRYPTO_POLY1305_MIPS 779 tristate "Poly1305 authenticator algorithm (MIPS optimized)" 780 depends on CPU_MIPS32 || (CPU_MIPS64 && 64BIT) 781 select CRYPTO_ARCH_HAVE_LIB_POLY1305 782 783config CRYPTO_MD4 784 tristate "MD4 digest algorithm" 785 select CRYPTO_HASH 786 help 787 MD4 message digest algorithm (RFC1320). 788 789config CRYPTO_MD5 790 tristate "MD5 digest algorithm" 791 select CRYPTO_HASH 792 help 793 MD5 message digest algorithm (RFC1321). 794 795config CRYPTO_MD5_OCTEON 796 tristate "MD5 digest algorithm (OCTEON)" 797 depends on CPU_CAVIUM_OCTEON 798 select CRYPTO_MD5 799 select CRYPTO_HASH 800 help 801 MD5 message digest algorithm (RFC1321) implemented 802 using OCTEON crypto instructions, when available. 803 804config CRYPTO_MD5_PPC 805 tristate "MD5 digest algorithm (PPC)" 806 depends on PPC 807 select CRYPTO_HASH 808 help 809 MD5 message digest algorithm (RFC1321) implemented 810 in PPC assembler. 811 812config CRYPTO_MD5_SPARC64 813 tristate "MD5 digest algorithm (SPARC64)" 814 depends on SPARC64 815 select CRYPTO_MD5 816 select CRYPTO_HASH 817 help 818 MD5 message digest algorithm (RFC1321) implemented 819 using sparc64 crypto instructions, when available. 820 821config CRYPTO_MICHAEL_MIC 822 tristate "Michael MIC keyed digest algorithm" 823 select CRYPTO_HASH 824 help 825 Michael MIC is used for message integrity protection in TKIP 826 (IEEE 802.11i). This algorithm is required for TKIP, but it 827 should not be used for other purposes because of the weakness 828 of the algorithm. 829 830config CRYPTO_RMD160 831 tristate "RIPEMD-160 digest algorithm" 832 select CRYPTO_HASH 833 help 834 RIPEMD-160 (ISO/IEC 10118-3:2004). 835 836 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 837 to be used as a secure replacement for the 128-bit hash functions 838 MD4, MD5 and it's predecessor RIPEMD 839 (not to be confused with RIPEMD-128). 840 841 It's speed is comparable to SHA1 and there are no known attacks 842 against RIPEMD-160. 843 844 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 845 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 846 847config CRYPTO_SHA1 848 tristate "SHA1 digest algorithm" 849 select CRYPTO_HASH 850 help 851 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 852 853config CRYPTO_SHA1_SSSE3 854 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 855 depends on X86 && 64BIT 856 select CRYPTO_SHA1 857 select CRYPTO_HASH 858 help 859 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 860 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 861 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 862 when available. 863 864config CRYPTO_SHA256_SSSE3 865 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 866 depends on X86 && 64BIT 867 select CRYPTO_SHA256 868 select CRYPTO_HASH 869 help 870 SHA-256 secure hash standard (DFIPS 180-2) implemented 871 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 872 Extensions version 1 (AVX1), or Advanced Vector Extensions 873 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 874 Instructions) when available. 875 876config CRYPTO_SHA512_SSSE3 877 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 878 depends on X86 && 64BIT 879 select CRYPTO_SHA512 880 select CRYPTO_HASH 881 help 882 SHA-512 secure hash standard (DFIPS 180-2) implemented 883 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 884 Extensions version 1 (AVX1), or Advanced Vector Extensions 885 version 2 (AVX2) instructions, when available. 886 887config CRYPTO_SHA1_OCTEON 888 tristate "SHA1 digest algorithm (OCTEON)" 889 depends on CPU_CAVIUM_OCTEON 890 select CRYPTO_SHA1 891 select CRYPTO_HASH 892 help 893 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 894 using OCTEON crypto instructions, when available. 895 896config CRYPTO_SHA1_SPARC64 897 tristate "SHA1 digest algorithm (SPARC64)" 898 depends on SPARC64 899 select CRYPTO_SHA1 900 select CRYPTO_HASH 901 help 902 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 903 using sparc64 crypto instructions, when available. 904 905config CRYPTO_SHA1_PPC 906 tristate "SHA1 digest algorithm (powerpc)" 907 depends on PPC 908 help 909 This is the powerpc hardware accelerated implementation of the 910 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 911 912config CRYPTO_SHA1_PPC_SPE 913 tristate "SHA1 digest algorithm (PPC SPE)" 914 depends on PPC && SPE 915 help 916 SHA-1 secure hash standard (DFIPS 180-4) implemented 917 using powerpc SPE SIMD instruction set. 918 919config CRYPTO_SHA256 920 tristate "SHA224 and SHA256 digest algorithm" 921 select CRYPTO_HASH 922 select CRYPTO_LIB_SHA256 923 help 924 SHA256 secure hash standard (DFIPS 180-2). 925 926 This version of SHA implements a 256 bit hash with 128 bits of 927 security against collision attacks. 928 929 This code also includes SHA-224, a 224 bit hash with 112 bits 930 of security against collision attacks. 931 932config CRYPTO_SHA256_PPC_SPE 933 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 934 depends on PPC && SPE 935 select CRYPTO_SHA256 936 select CRYPTO_HASH 937 help 938 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 939 implemented using powerpc SPE SIMD instruction set. 940 941config CRYPTO_SHA256_OCTEON 942 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 943 depends on CPU_CAVIUM_OCTEON 944 select CRYPTO_SHA256 945 select CRYPTO_HASH 946 help 947 SHA-256 secure hash standard (DFIPS 180-2) implemented 948 using OCTEON crypto instructions, when available. 949 950config CRYPTO_SHA256_SPARC64 951 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 952 depends on SPARC64 953 select CRYPTO_SHA256 954 select CRYPTO_HASH 955 help 956 SHA-256 secure hash standard (DFIPS 180-2) implemented 957 using sparc64 crypto instructions, when available. 958 959config CRYPTO_SHA512 960 tristate "SHA384 and SHA512 digest algorithms" 961 select CRYPTO_HASH 962 help 963 SHA512 secure hash standard (DFIPS 180-2). 964 965 This version of SHA implements a 512 bit hash with 256 bits of 966 security against collision attacks. 967 968 This code also includes SHA-384, a 384 bit hash with 192 bits 969 of security against collision attacks. 970 971config CRYPTO_SHA512_OCTEON 972 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 973 depends on CPU_CAVIUM_OCTEON 974 select CRYPTO_SHA512 975 select CRYPTO_HASH 976 help 977 SHA-512 secure hash standard (DFIPS 180-2) implemented 978 using OCTEON crypto instructions, when available. 979 980config CRYPTO_SHA512_SPARC64 981 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 982 depends on SPARC64 983 select CRYPTO_SHA512 984 select CRYPTO_HASH 985 help 986 SHA-512 secure hash standard (DFIPS 180-2) implemented 987 using sparc64 crypto instructions, when available. 988 989config CRYPTO_SHA3 990 tristate "SHA3 digest algorithm" 991 select CRYPTO_HASH 992 help 993 SHA-3 secure hash standard (DFIPS 202). It's based on 994 cryptographic sponge function family called Keccak. 995 996 References: 997 http://keccak.noekeon.org/ 998 999config CRYPTO_SM3 1000 tristate "SM3 digest algorithm" 1001 select CRYPTO_HASH 1002 help 1003 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 1004 It is part of the Chinese Commercial Cryptography suite. 1005 1006 References: 1007 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 1008 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 1009 1010config CRYPTO_STREEBOG 1011 tristate "Streebog Hash Function" 1012 select CRYPTO_HASH 1013 help 1014 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian 1015 cryptographic standard algorithms (called GOST algorithms). 1016 This setting enables two hash algorithms with 256 and 512 bits output. 1017 1018 References: 1019 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 1020 https://tools.ietf.org/html/rfc6986 1021 1022config CRYPTO_WP512 1023 tristate "Whirlpool digest algorithms" 1024 select CRYPTO_HASH 1025 help 1026 Whirlpool hash algorithm 512, 384 and 256-bit hashes 1027 1028 Whirlpool-512 is part of the NESSIE cryptographic primitives. 1029 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 1030 1031 See also: 1032 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 1033 1034config CRYPTO_GHASH_CLMUL_NI_INTEL 1035 tristate "GHASH hash function (CLMUL-NI accelerated)" 1036 depends on X86 && 64BIT 1037 select CRYPTO_CRYPTD 1038 help 1039 This is the x86_64 CLMUL-NI accelerated implementation of 1040 GHASH, the hash function used in GCM (Galois/Counter mode). 1041 1042comment "Ciphers" 1043 1044config CRYPTO_AES 1045 tristate "AES cipher algorithms" 1046 select CRYPTO_ALGAPI 1047 select CRYPTO_LIB_AES 1048 help 1049 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1050 algorithm. 1051 1052 Rijndael appears to be consistently a very good performer in 1053 both hardware and software across a wide range of computing 1054 environments regardless of its use in feedback or non-feedback 1055 modes. Its key setup time is excellent, and its key agility is 1056 good. Rijndael's very low memory requirements make it very well 1057 suited for restricted-space environments, in which it also 1058 demonstrates excellent performance. Rijndael's operations are 1059 among the easiest to defend against power and timing attacks. 1060 1061 The AES specifies three key sizes: 128, 192 and 256 bits 1062 1063 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 1064 1065config CRYPTO_AES_TI 1066 tristate "Fixed time AES cipher" 1067 select CRYPTO_ALGAPI 1068 select CRYPTO_LIB_AES 1069 help 1070 This is a generic implementation of AES that attempts to eliminate 1071 data dependent latencies as much as possible without affecting 1072 performance too much. It is intended for use by the generic CCM 1073 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 1074 solely on encryption (although decryption is supported as well, but 1075 with a more dramatic performance hit) 1076 1077 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 1078 8 for decryption), this implementation only uses just two S-boxes of 1079 256 bytes each, and attempts to eliminate data dependent latencies by 1080 prefetching the entire table into the cache at the start of each 1081 block. Interrupts are also disabled to avoid races where cachelines 1082 are evicted when the CPU is interrupted to do something else. 1083 1084config CRYPTO_AES_NI_INTEL 1085 tristate "AES cipher algorithms (AES-NI)" 1086 depends on X86 1087 select CRYPTO_AEAD 1088 select CRYPTO_LIB_AES 1089 select CRYPTO_ALGAPI 1090 select CRYPTO_SKCIPHER 1091 select CRYPTO_SIMD 1092 help 1093 Use Intel AES-NI instructions for AES algorithm. 1094 1095 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1096 algorithm. 1097 1098 Rijndael appears to be consistently a very good performer in 1099 both hardware and software across a wide range of computing 1100 environments regardless of its use in feedback or non-feedback 1101 modes. Its key setup time is excellent, and its key agility is 1102 good. Rijndael's very low memory requirements make it very well 1103 suited for restricted-space environments, in which it also 1104 demonstrates excellent performance. Rijndael's operations are 1105 among the easiest to defend against power and timing attacks. 1106 1107 The AES specifies three key sizes: 128, 192 and 256 bits 1108 1109 See <http://csrc.nist.gov/encryption/aes/> for more information. 1110 1111 In addition to AES cipher algorithm support, the acceleration 1112 for some popular block cipher mode is supported too, including 1113 ECB, CBC, LRW, XTS. The 64 bit version has additional 1114 acceleration for CTR. 1115 1116config CRYPTO_AES_SPARC64 1117 tristate "AES cipher algorithms (SPARC64)" 1118 depends on SPARC64 1119 select CRYPTO_SKCIPHER 1120 help 1121 Use SPARC64 crypto opcodes for AES algorithm. 1122 1123 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1124 algorithm. 1125 1126 Rijndael appears to be consistently a very good performer in 1127 both hardware and software across a wide range of computing 1128 environments regardless of its use in feedback or non-feedback 1129 modes. Its key setup time is excellent, and its key agility is 1130 good. Rijndael's very low memory requirements make it very well 1131 suited for restricted-space environments, in which it also 1132 demonstrates excellent performance. Rijndael's operations are 1133 among the easiest to defend against power and timing attacks. 1134 1135 The AES specifies three key sizes: 128, 192 and 256 bits 1136 1137 See <http://csrc.nist.gov/encryption/aes/> for more information. 1138 1139 In addition to AES cipher algorithm support, the acceleration 1140 for some popular block cipher mode is supported too, including 1141 ECB and CBC. 1142 1143config CRYPTO_AES_PPC_SPE 1144 tristate "AES cipher algorithms (PPC SPE)" 1145 depends on PPC && SPE 1146 select CRYPTO_SKCIPHER 1147 help 1148 AES cipher algorithms (FIPS-197). Additionally the acceleration 1149 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1150 This module should only be used for low power (router) devices 1151 without hardware AES acceleration (e.g. caam crypto). It reduces the 1152 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1153 timining attacks. Nevertheless it might be not as secure as other 1154 architecture specific assembler implementations that work on 1KB 1155 tables or 256 bytes S-boxes. 1156 1157config CRYPTO_ANUBIS 1158 tristate "Anubis cipher algorithm" 1159 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1160 select CRYPTO_ALGAPI 1161 help 1162 Anubis cipher algorithm. 1163 1164 Anubis is a variable key length cipher which can use keys from 1165 128 bits to 320 bits in length. It was evaluated as a entrant 1166 in the NESSIE competition. 1167 1168 See also: 1169 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 1170 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 1171 1172config CRYPTO_ARC4 1173 tristate "ARC4 cipher algorithm" 1174 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1175 select CRYPTO_SKCIPHER 1176 select CRYPTO_LIB_ARC4 1177 help 1178 ARC4 cipher algorithm. 1179 1180 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1181 bits in length. This algorithm is required for driver-based 1182 WEP, but it should not be for other purposes because of the 1183 weakness of the algorithm. 1184 1185config CRYPTO_BLOWFISH 1186 tristate "Blowfish cipher algorithm" 1187 select CRYPTO_ALGAPI 1188 select CRYPTO_BLOWFISH_COMMON 1189 help 1190 Blowfish cipher algorithm, by Bruce Schneier. 1191 1192 This is a variable key length cipher which can use keys from 32 1193 bits to 448 bits in length. It's fast, simple and specifically 1194 designed for use on "large microprocessors". 1195 1196 See also: 1197 <https://www.schneier.com/blowfish.html> 1198 1199config CRYPTO_BLOWFISH_COMMON 1200 tristate 1201 help 1202 Common parts of the Blowfish cipher algorithm shared by the 1203 generic c and the assembler implementations. 1204 1205 See also: 1206 <https://www.schneier.com/blowfish.html> 1207 1208config CRYPTO_BLOWFISH_X86_64 1209 tristate "Blowfish cipher algorithm (x86_64)" 1210 depends on X86 && 64BIT 1211 select CRYPTO_SKCIPHER 1212 select CRYPTO_BLOWFISH_COMMON 1213 imply CRYPTO_CTR 1214 help 1215 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 1216 1217 This is a variable key length cipher which can use keys from 32 1218 bits to 448 bits in length. It's fast, simple and specifically 1219 designed for use on "large microprocessors". 1220 1221 See also: 1222 <https://www.schneier.com/blowfish.html> 1223 1224config CRYPTO_CAMELLIA 1225 tristate "Camellia cipher algorithms" 1226 depends on CRYPTO 1227 select CRYPTO_ALGAPI 1228 help 1229 Camellia cipher algorithms module. 1230 1231 Camellia is a symmetric key block cipher developed jointly 1232 at NTT and Mitsubishi Electric Corporation. 1233 1234 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1235 1236 See also: 1237 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1238 1239config CRYPTO_CAMELLIA_X86_64 1240 tristate "Camellia cipher algorithm (x86_64)" 1241 depends on X86 && 64BIT 1242 depends on CRYPTO 1243 select CRYPTO_SKCIPHER 1244 imply CRYPTO_CTR 1245 help 1246 Camellia cipher algorithm module (x86_64). 1247 1248 Camellia is a symmetric key block cipher developed jointly 1249 at NTT and Mitsubishi Electric Corporation. 1250 1251 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1252 1253 See also: 1254 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1255 1256config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1257 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1258 depends on X86 && 64BIT 1259 depends on CRYPTO 1260 select CRYPTO_SKCIPHER 1261 select CRYPTO_CAMELLIA_X86_64 1262 select CRYPTO_SIMD 1263 imply CRYPTO_XTS 1264 help 1265 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1266 1267 Camellia is a symmetric key block cipher developed jointly 1268 at NTT and Mitsubishi Electric Corporation. 1269 1270 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1271 1272 See also: 1273 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1274 1275config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1276 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1277 depends on X86 && 64BIT 1278 depends on CRYPTO 1279 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1280 help 1281 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1282 1283 Camellia is a symmetric key block cipher developed jointly 1284 at NTT and Mitsubishi Electric Corporation. 1285 1286 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1287 1288 See also: 1289 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1290 1291config CRYPTO_CAMELLIA_SPARC64 1292 tristate "Camellia cipher algorithm (SPARC64)" 1293 depends on SPARC64 1294 depends on CRYPTO 1295 select CRYPTO_ALGAPI 1296 select CRYPTO_SKCIPHER 1297 help 1298 Camellia cipher algorithm module (SPARC64). 1299 1300 Camellia is a symmetric key block cipher developed jointly 1301 at NTT and Mitsubishi Electric Corporation. 1302 1303 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1304 1305 See also: 1306 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1307 1308config CRYPTO_CAST_COMMON 1309 tristate 1310 help 1311 Common parts of the CAST cipher algorithms shared by the 1312 generic c and the assembler implementations. 1313 1314config CRYPTO_CAST5 1315 tristate "CAST5 (CAST-128) cipher algorithm" 1316 select CRYPTO_ALGAPI 1317 select CRYPTO_CAST_COMMON 1318 help 1319 The CAST5 encryption algorithm (synonymous with CAST-128) is 1320 described in RFC2144. 1321 1322config CRYPTO_CAST5_AVX_X86_64 1323 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1324 depends on X86 && 64BIT 1325 select CRYPTO_SKCIPHER 1326 select CRYPTO_CAST5 1327 select CRYPTO_CAST_COMMON 1328 select CRYPTO_SIMD 1329 imply CRYPTO_CTR 1330 help 1331 The CAST5 encryption algorithm (synonymous with CAST-128) is 1332 described in RFC2144. 1333 1334 This module provides the Cast5 cipher algorithm that processes 1335 sixteen blocks parallel using the AVX instruction set. 1336 1337config CRYPTO_CAST6 1338 tristate "CAST6 (CAST-256) cipher algorithm" 1339 select CRYPTO_ALGAPI 1340 select CRYPTO_CAST_COMMON 1341 help 1342 The CAST6 encryption algorithm (synonymous with CAST-256) is 1343 described in RFC2612. 1344 1345config CRYPTO_CAST6_AVX_X86_64 1346 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1347 depends on X86 && 64BIT 1348 select CRYPTO_SKCIPHER 1349 select CRYPTO_CAST6 1350 select CRYPTO_CAST_COMMON 1351 select CRYPTO_SIMD 1352 imply CRYPTO_XTS 1353 imply CRYPTO_CTR 1354 help 1355 The CAST6 encryption algorithm (synonymous with CAST-256) is 1356 described in RFC2612. 1357 1358 This module provides the Cast6 cipher algorithm that processes 1359 eight blocks parallel using the AVX instruction set. 1360 1361config CRYPTO_DES 1362 tristate "DES and Triple DES EDE cipher algorithms" 1363 select CRYPTO_ALGAPI 1364 select CRYPTO_LIB_DES 1365 help 1366 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1367 1368config CRYPTO_DES_SPARC64 1369 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1370 depends on SPARC64 1371 select CRYPTO_ALGAPI 1372 select CRYPTO_LIB_DES 1373 select CRYPTO_SKCIPHER 1374 help 1375 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1376 optimized using SPARC64 crypto opcodes. 1377 1378config CRYPTO_DES3_EDE_X86_64 1379 tristate "Triple DES EDE cipher algorithm (x86-64)" 1380 depends on X86 && 64BIT 1381 select CRYPTO_SKCIPHER 1382 select CRYPTO_LIB_DES 1383 imply CRYPTO_CTR 1384 help 1385 Triple DES EDE (FIPS 46-3) algorithm. 1386 1387 This module provides implementation of the Triple DES EDE cipher 1388 algorithm that is optimized for x86-64 processors. Two versions of 1389 algorithm are provided; regular processing one input block and 1390 one that processes three blocks parallel. 1391 1392config CRYPTO_FCRYPT 1393 tristate "FCrypt cipher algorithm" 1394 select CRYPTO_ALGAPI 1395 select CRYPTO_SKCIPHER 1396 help 1397 FCrypt algorithm used by RxRPC. 1398 1399config CRYPTO_KHAZAD 1400 tristate "Khazad cipher algorithm" 1401 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1402 select CRYPTO_ALGAPI 1403 help 1404 Khazad cipher algorithm. 1405 1406 Khazad was a finalist in the initial NESSIE competition. It is 1407 an algorithm optimized for 64-bit processors with good performance 1408 on 32-bit processors. Khazad uses an 128 bit key size. 1409 1410 See also: 1411 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1412 1413config CRYPTO_CHACHA20 1414 tristate "ChaCha stream cipher algorithms" 1415 select CRYPTO_LIB_CHACHA_GENERIC 1416 select CRYPTO_SKCIPHER 1417 help 1418 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms. 1419 1420 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1421 Bernstein and further specified in RFC7539 for use in IETF protocols. 1422 This is the portable C implementation of ChaCha20. See also: 1423 <https://cr.yp.to/chacha/chacha-20080128.pdf> 1424 1425 XChaCha20 is the application of the XSalsa20 construction to ChaCha20 1426 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 1427 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 1428 while provably retaining ChaCha20's security. See also: 1429 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf> 1430 1431 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 1432 reduced security margin but increased performance. It can be needed 1433 in some performance-sensitive scenarios. 1434 1435config CRYPTO_CHACHA20_X86_64 1436 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)" 1437 depends on X86 && 64BIT 1438 select CRYPTO_SKCIPHER 1439 select CRYPTO_LIB_CHACHA_GENERIC 1440 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1441 help 1442 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20, 1443 XChaCha20, and XChaCha12 stream ciphers. 1444 1445config CRYPTO_CHACHA_MIPS 1446 tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)" 1447 depends on CPU_MIPS32_R2 1448 select CRYPTO_SKCIPHER 1449 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1450 1451config CRYPTO_SEED 1452 tristate "SEED cipher algorithm" 1453 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1454 select CRYPTO_ALGAPI 1455 help 1456 SEED cipher algorithm (RFC4269). 1457 1458 SEED is a 128-bit symmetric key block cipher that has been 1459 developed by KISA (Korea Information Security Agency) as a 1460 national standard encryption algorithm of the Republic of Korea. 1461 It is a 16 round block cipher with the key size of 128 bit. 1462 1463 See also: 1464 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1465 1466config CRYPTO_SERPENT 1467 tristate "Serpent cipher algorithm" 1468 select CRYPTO_ALGAPI 1469 help 1470 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1471 1472 Keys are allowed to be from 0 to 256 bits in length, in steps 1473 of 8 bits. 1474 1475 See also: 1476 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1477 1478config CRYPTO_SERPENT_SSE2_X86_64 1479 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1480 depends on X86 && 64BIT 1481 select CRYPTO_SKCIPHER 1482 select CRYPTO_SERPENT 1483 select CRYPTO_SIMD 1484 imply CRYPTO_CTR 1485 help 1486 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1487 1488 Keys are allowed to be from 0 to 256 bits in length, in steps 1489 of 8 bits. 1490 1491 This module provides Serpent cipher algorithm that processes eight 1492 blocks parallel using SSE2 instruction set. 1493 1494 See also: 1495 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1496 1497config CRYPTO_SERPENT_SSE2_586 1498 tristate "Serpent cipher algorithm (i586/SSE2)" 1499 depends on X86 && !64BIT 1500 select CRYPTO_SKCIPHER 1501 select CRYPTO_SERPENT 1502 select CRYPTO_SIMD 1503 imply CRYPTO_CTR 1504 help 1505 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1506 1507 Keys are allowed to be from 0 to 256 bits in length, in steps 1508 of 8 bits. 1509 1510 This module provides Serpent cipher algorithm that processes four 1511 blocks parallel using SSE2 instruction set. 1512 1513 See also: 1514 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1515 1516config CRYPTO_SERPENT_AVX_X86_64 1517 tristate "Serpent cipher algorithm (x86_64/AVX)" 1518 depends on X86 && 64BIT 1519 select CRYPTO_SKCIPHER 1520 select CRYPTO_SERPENT 1521 select CRYPTO_SIMD 1522 imply CRYPTO_XTS 1523 imply CRYPTO_CTR 1524 help 1525 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1526 1527 Keys are allowed to be from 0 to 256 bits in length, in steps 1528 of 8 bits. 1529 1530 This module provides the Serpent cipher algorithm that processes 1531 eight blocks parallel using the AVX instruction set. 1532 1533 See also: 1534 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1535 1536config CRYPTO_SERPENT_AVX2_X86_64 1537 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1538 depends on X86 && 64BIT 1539 select CRYPTO_SERPENT_AVX_X86_64 1540 help 1541 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1542 1543 Keys are allowed to be from 0 to 256 bits in length, in steps 1544 of 8 bits. 1545 1546 This module provides Serpent cipher algorithm that processes 16 1547 blocks parallel using AVX2 instruction set. 1548 1549 See also: 1550 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1551 1552config CRYPTO_SM4 1553 tristate "SM4 cipher algorithm" 1554 select CRYPTO_ALGAPI 1555 help 1556 SM4 cipher algorithms (OSCCA GB/T 32907-2016). 1557 1558 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1559 Organization of State Commercial Administration of China (OSCCA) 1560 as an authorized cryptographic algorithms for the use within China. 1561 1562 SMS4 was originally created for use in protecting wireless 1563 networks, and is mandated in the Chinese National Standard for 1564 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 1565 (GB.15629.11-2003). 1566 1567 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 1568 standardized through TC 260 of the Standardization Administration 1569 of the People's Republic of China (SAC). 1570 1571 The input, output, and key of SMS4 are each 128 bits. 1572 1573 See also: <https://eprint.iacr.org/2008/329.pdf> 1574 1575 If unsure, say N. 1576 1577config CRYPTO_TEA 1578 tristate "TEA, XTEA and XETA cipher algorithms" 1579 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1580 select CRYPTO_ALGAPI 1581 help 1582 TEA cipher algorithm. 1583 1584 Tiny Encryption Algorithm is a simple cipher that uses 1585 many rounds for security. It is very fast and uses 1586 little memory. 1587 1588 Xtendend Tiny Encryption Algorithm is a modification to 1589 the TEA algorithm to address a potential key weakness 1590 in the TEA algorithm. 1591 1592 Xtendend Encryption Tiny Algorithm is a mis-implementation 1593 of the XTEA algorithm for compatibility purposes. 1594 1595config CRYPTO_TWOFISH 1596 tristate "Twofish cipher algorithm" 1597 select CRYPTO_ALGAPI 1598 select CRYPTO_TWOFISH_COMMON 1599 help 1600 Twofish cipher algorithm. 1601 1602 Twofish was submitted as an AES (Advanced Encryption Standard) 1603 candidate cipher by researchers at CounterPane Systems. It is a 1604 16 round block cipher supporting key sizes of 128, 192, and 256 1605 bits. 1606 1607 See also: 1608 <https://www.schneier.com/twofish.html> 1609 1610config CRYPTO_TWOFISH_COMMON 1611 tristate 1612 help 1613 Common parts of the Twofish cipher algorithm shared by the 1614 generic c and the assembler implementations. 1615 1616config CRYPTO_TWOFISH_586 1617 tristate "Twofish cipher algorithms (i586)" 1618 depends on (X86 || UML_X86) && !64BIT 1619 select CRYPTO_ALGAPI 1620 select CRYPTO_TWOFISH_COMMON 1621 imply CRYPTO_CTR 1622 help 1623 Twofish cipher algorithm. 1624 1625 Twofish was submitted as an AES (Advanced Encryption Standard) 1626 candidate cipher by researchers at CounterPane Systems. It is a 1627 16 round block cipher supporting key sizes of 128, 192, and 256 1628 bits. 1629 1630 See also: 1631 <https://www.schneier.com/twofish.html> 1632 1633config CRYPTO_TWOFISH_X86_64 1634 tristate "Twofish cipher algorithm (x86_64)" 1635 depends on (X86 || UML_X86) && 64BIT 1636 select CRYPTO_ALGAPI 1637 select CRYPTO_TWOFISH_COMMON 1638 imply CRYPTO_CTR 1639 help 1640 Twofish cipher algorithm (x86_64). 1641 1642 Twofish was submitted as an AES (Advanced Encryption Standard) 1643 candidate cipher by researchers at CounterPane Systems. It is a 1644 16 round block cipher supporting key sizes of 128, 192, and 256 1645 bits. 1646 1647 See also: 1648 <https://www.schneier.com/twofish.html> 1649 1650config CRYPTO_TWOFISH_X86_64_3WAY 1651 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1652 depends on X86 && 64BIT 1653 select CRYPTO_SKCIPHER 1654 select CRYPTO_TWOFISH_COMMON 1655 select CRYPTO_TWOFISH_X86_64 1656 help 1657 Twofish cipher algorithm (x86_64, 3-way parallel). 1658 1659 Twofish was submitted as an AES (Advanced Encryption Standard) 1660 candidate cipher by researchers at CounterPane Systems. It is a 1661 16 round block cipher supporting key sizes of 128, 192, and 256 1662 bits. 1663 1664 This module provides Twofish cipher algorithm that processes three 1665 blocks parallel, utilizing resources of out-of-order CPUs better. 1666 1667 See also: 1668 <https://www.schneier.com/twofish.html> 1669 1670config CRYPTO_TWOFISH_AVX_X86_64 1671 tristate "Twofish cipher algorithm (x86_64/AVX)" 1672 depends on X86 && 64BIT 1673 select CRYPTO_SKCIPHER 1674 select CRYPTO_SIMD 1675 select CRYPTO_TWOFISH_COMMON 1676 select CRYPTO_TWOFISH_X86_64 1677 select CRYPTO_TWOFISH_X86_64_3WAY 1678 imply CRYPTO_XTS 1679 help 1680 Twofish cipher algorithm (x86_64/AVX). 1681 1682 Twofish was submitted as an AES (Advanced Encryption Standard) 1683 candidate cipher by researchers at CounterPane Systems. It is a 1684 16 round block cipher supporting key sizes of 128, 192, and 256 1685 bits. 1686 1687 This module provides the Twofish cipher algorithm that processes 1688 eight blocks parallel using the AVX Instruction Set. 1689 1690 See also: 1691 <https://www.schneier.com/twofish.html> 1692 1693comment "Compression" 1694 1695config CRYPTO_DEFLATE 1696 tristate "Deflate compression algorithm" 1697 select CRYPTO_ALGAPI 1698 select CRYPTO_ACOMP2 1699 select ZLIB_INFLATE 1700 select ZLIB_DEFLATE 1701 help 1702 This is the Deflate algorithm (RFC1951), specified for use in 1703 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1704 1705 You will most probably want this if using IPSec. 1706 1707config CRYPTO_LZO 1708 tristate "LZO compression algorithm" 1709 select CRYPTO_ALGAPI 1710 select CRYPTO_ACOMP2 1711 select LZO_COMPRESS 1712 select LZO_DECOMPRESS 1713 help 1714 This is the LZO algorithm. 1715 1716config CRYPTO_842 1717 tristate "842 compression algorithm" 1718 select CRYPTO_ALGAPI 1719 select CRYPTO_ACOMP2 1720 select 842_COMPRESS 1721 select 842_DECOMPRESS 1722 help 1723 This is the 842 algorithm. 1724 1725config CRYPTO_LZ4 1726 tristate "LZ4 compression algorithm" 1727 select CRYPTO_ALGAPI 1728 select CRYPTO_ACOMP2 1729 select LZ4_COMPRESS 1730 select LZ4_DECOMPRESS 1731 help 1732 This is the LZ4 algorithm. 1733 1734config CRYPTO_LZ4HC 1735 tristate "LZ4HC compression algorithm" 1736 select CRYPTO_ALGAPI 1737 select CRYPTO_ACOMP2 1738 select LZ4HC_COMPRESS 1739 select LZ4_DECOMPRESS 1740 help 1741 This is the LZ4 high compression mode algorithm. 1742 1743config CRYPTO_ZSTD 1744 tristate "Zstd compression algorithm" 1745 select CRYPTO_ALGAPI 1746 select CRYPTO_ACOMP2 1747 select ZSTD_COMPRESS 1748 select ZSTD_DECOMPRESS 1749 help 1750 This is the zstd algorithm. 1751 1752comment "Random Number Generation" 1753 1754config CRYPTO_ANSI_CPRNG 1755 tristate "Pseudo Random Number Generation for Cryptographic modules" 1756 select CRYPTO_AES 1757 select CRYPTO_RNG 1758 help 1759 This option enables the generic pseudo random number generator 1760 for cryptographic modules. Uses the Algorithm specified in 1761 ANSI X9.31 A.2.4. Note that this option must be enabled if 1762 CRYPTO_FIPS is selected 1763 1764menuconfig CRYPTO_DRBG_MENU 1765 tristate "NIST SP800-90A DRBG" 1766 help 1767 NIST SP800-90A compliant DRBG. In the following submenu, one or 1768 more of the DRBG types must be selected. 1769 1770if CRYPTO_DRBG_MENU 1771 1772config CRYPTO_DRBG_HMAC 1773 bool 1774 default y 1775 select CRYPTO_HMAC 1776 select CRYPTO_SHA256 1777 1778config CRYPTO_DRBG_HASH 1779 bool "Enable Hash DRBG" 1780 select CRYPTO_SHA256 1781 help 1782 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1783 1784config CRYPTO_DRBG_CTR 1785 bool "Enable CTR DRBG" 1786 select CRYPTO_AES 1787 select CRYPTO_CTR 1788 help 1789 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1790 1791config CRYPTO_DRBG 1792 tristate 1793 default CRYPTO_DRBG_MENU 1794 select CRYPTO_RNG 1795 select CRYPTO_JITTERENTROPY 1796 1797endif # if CRYPTO_DRBG_MENU 1798 1799config CRYPTO_JITTERENTROPY 1800 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1801 select CRYPTO_RNG 1802 help 1803 The Jitterentropy RNG is a noise that is intended 1804 to provide seed to another RNG. The RNG does not 1805 perform any cryptographic whitening of the generated 1806 random numbers. This Jitterentropy RNG registers with 1807 the kernel crypto API and can be used by any caller. 1808 1809config CRYPTO_USER_API 1810 tristate 1811 1812config CRYPTO_USER_API_HASH 1813 tristate "User-space interface for hash algorithms" 1814 depends on NET 1815 select CRYPTO_HASH 1816 select CRYPTO_USER_API 1817 help 1818 This option enables the user-spaces interface for hash 1819 algorithms. 1820 1821config CRYPTO_USER_API_SKCIPHER 1822 tristate "User-space interface for symmetric key cipher algorithms" 1823 depends on NET 1824 select CRYPTO_SKCIPHER 1825 select CRYPTO_USER_API 1826 help 1827 This option enables the user-spaces interface for symmetric 1828 key cipher algorithms. 1829 1830config CRYPTO_USER_API_RNG 1831 tristate "User-space interface for random number generator algorithms" 1832 depends on NET 1833 select CRYPTO_RNG 1834 select CRYPTO_USER_API 1835 help 1836 This option enables the user-spaces interface for random 1837 number generator algorithms. 1838 1839config CRYPTO_USER_API_RNG_CAVP 1840 bool "Enable CAVP testing of DRBG" 1841 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG 1842 help 1843 This option enables extra API for CAVP testing via the user-space 1844 interface: resetting of DRBG entropy, and providing Additional Data. 1845 This should only be enabled for CAVP testing. You should say 1846 no unless you know what this is. 1847 1848config CRYPTO_USER_API_AEAD 1849 tristate "User-space interface for AEAD cipher algorithms" 1850 depends on NET 1851 select CRYPTO_AEAD 1852 select CRYPTO_SKCIPHER 1853 select CRYPTO_NULL 1854 select CRYPTO_USER_API 1855 help 1856 This option enables the user-spaces interface for AEAD 1857 cipher algorithms. 1858 1859config CRYPTO_USER_API_ENABLE_OBSOLETE 1860 bool "Enable obsolete cryptographic algorithms for userspace" 1861 depends on CRYPTO_USER_API 1862 default y 1863 help 1864 Allow obsolete cryptographic algorithms to be selected that have 1865 already been phased out from internal use by the kernel, and are 1866 only useful for userspace clients that still rely on them. 1867 1868config CRYPTO_STATS 1869 bool "Crypto usage statistics for User-space" 1870 depends on CRYPTO_USER 1871 help 1872 This option enables the gathering of crypto stats. 1873 This will collect: 1874 - encrypt/decrypt size and numbers of symmeric operations 1875 - compress/decompress size and numbers of compress operations 1876 - size and numbers of hash operations 1877 - encrypt/decrypt/sign/verify numbers for asymmetric operations 1878 - generate/seed numbers for rng operations 1879 1880config CRYPTO_HASH_INFO 1881 bool 1882 1883source "lib/crypto/Kconfig" 1884source "drivers/crypto/Kconfig" 1885source "crypto/asymmetric_keys/Kconfig" 1886source "certs/Kconfig" 1887 1888endif # if CRYPTO 1889