1# SPDX-License-Identifier: GPL-2.0 2# 3# Generic algorithms support 4# 5config XOR_BLOCKS 6 tristate 7 8# 9# async_tx api: hardware offloaded memory transfer/transform support 10# 11source "crypto/async_tx/Kconfig" 12 13# 14# Cryptographic API Configuration 15# 16menuconfig CRYPTO 17 tristate "Cryptographic API" 18 help 19 This option provides the core Cryptographic API. 20 21if CRYPTO 22 23comment "Crypto core or helper" 24 25config CRYPTO_FIPS 26 bool "FIPS 200 compliance" 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 28 depends on (MODULE_SIG || !MODULES) 29 help 30 This option enables the fips boot option which is 31 required if you want the system to operate in a FIPS 200 32 certification. You should say no unless you know what 33 this is. 34 35config CRYPTO_ALGAPI 36 tristate 37 select CRYPTO_ALGAPI2 38 help 39 This option provides the API for cryptographic algorithms. 40 41config CRYPTO_ALGAPI2 42 tristate 43 44config CRYPTO_AEAD 45 tristate 46 select CRYPTO_AEAD2 47 select CRYPTO_ALGAPI 48 49config CRYPTO_AEAD2 50 tristate 51 select CRYPTO_ALGAPI2 52 select CRYPTO_NULL2 53 select CRYPTO_RNG2 54 55config CRYPTO_SKCIPHER 56 tristate 57 select CRYPTO_SKCIPHER2 58 select CRYPTO_ALGAPI 59 60config CRYPTO_SKCIPHER2 61 tristate 62 select CRYPTO_ALGAPI2 63 select CRYPTO_RNG2 64 65config CRYPTO_HASH 66 tristate 67 select CRYPTO_HASH2 68 select CRYPTO_ALGAPI 69 70config CRYPTO_HASH2 71 tristate 72 select CRYPTO_ALGAPI2 73 74config CRYPTO_RNG 75 tristate 76 select CRYPTO_RNG2 77 select CRYPTO_ALGAPI 78 79config CRYPTO_RNG2 80 tristate 81 select CRYPTO_ALGAPI2 82 83config CRYPTO_RNG_DEFAULT 84 tristate 85 select CRYPTO_DRBG_MENU 86 87config CRYPTO_AKCIPHER2 88 tristate 89 select CRYPTO_ALGAPI2 90 91config CRYPTO_AKCIPHER 92 tristate 93 select CRYPTO_AKCIPHER2 94 select CRYPTO_ALGAPI 95 96config CRYPTO_KPP2 97 tristate 98 select CRYPTO_ALGAPI2 99 100config CRYPTO_KPP 101 tristate 102 select CRYPTO_ALGAPI 103 select CRYPTO_KPP2 104 105config CRYPTO_ACOMP2 106 tristate 107 select CRYPTO_ALGAPI2 108 select SGL_ALLOC 109 110config CRYPTO_ACOMP 111 tristate 112 select CRYPTO_ALGAPI 113 select CRYPTO_ACOMP2 114 115config CRYPTO_MANAGER 116 tristate "Cryptographic algorithm manager" 117 select CRYPTO_MANAGER2 118 help 119 Create default cryptographic template instantiations such as 120 cbc(aes). 121 122config CRYPTO_MANAGER2 123 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 124 select CRYPTO_AEAD2 125 select CRYPTO_HASH2 126 select CRYPTO_SKCIPHER2 127 select CRYPTO_AKCIPHER2 128 select CRYPTO_KPP2 129 select CRYPTO_ACOMP2 130 131config CRYPTO_USER 132 tristate "Userspace cryptographic algorithm configuration" 133 depends on NET 134 select CRYPTO_MANAGER 135 help 136 Userspace configuration for cryptographic instantiations such as 137 cbc(aes). 138 139if CRYPTO_MANAGER2 140 141config CRYPTO_MANAGER_DISABLE_TESTS 142 bool "Disable run-time self tests" 143 default y 144 help 145 Disable run-time self tests that normally take place at 146 algorithm registration. 147 148config CRYPTO_MANAGER_EXTRA_TESTS 149 bool "Enable extra run-time crypto self tests" 150 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS 151 help 152 Enable extra run-time self tests of registered crypto algorithms, 153 including randomized fuzz tests. 154 155 This is intended for developer use only, as these tests take much 156 longer to run than the normal self tests. 157 158endif # if CRYPTO_MANAGER2 159 160config CRYPTO_GF128MUL 161 tristate 162 163config CRYPTO_NULL 164 tristate "Null algorithms" 165 select CRYPTO_NULL2 166 help 167 These are 'Null' algorithms, used by IPsec, which do nothing. 168 169config CRYPTO_NULL2 170 tristate 171 select CRYPTO_ALGAPI2 172 select CRYPTO_SKCIPHER2 173 select CRYPTO_HASH2 174 175config CRYPTO_PCRYPT 176 tristate "Parallel crypto engine" 177 depends on SMP 178 select PADATA 179 select CRYPTO_MANAGER 180 select CRYPTO_AEAD 181 help 182 This converts an arbitrary crypto algorithm into a parallel 183 algorithm that executes in kernel threads. 184 185config CRYPTO_CRYPTD 186 tristate "Software async crypto daemon" 187 select CRYPTO_SKCIPHER 188 select CRYPTO_HASH 189 select CRYPTO_MANAGER 190 help 191 This is a generic software asynchronous crypto daemon that 192 converts an arbitrary synchronous software crypto algorithm 193 into an asynchronous algorithm that executes in a kernel thread. 194 195config CRYPTO_AUTHENC 196 tristate "Authenc support" 197 select CRYPTO_AEAD 198 select CRYPTO_SKCIPHER 199 select CRYPTO_MANAGER 200 select CRYPTO_HASH 201 select CRYPTO_NULL 202 help 203 Authenc: Combined mode wrapper for IPsec. 204 This is required for IPSec. 205 206config CRYPTO_TEST 207 tristate "Testing module" 208 depends on m 209 select CRYPTO_MANAGER 210 help 211 Quick & dirty crypto test module. 212 213config CRYPTO_SIMD 214 tristate 215 select CRYPTO_CRYPTD 216 217config CRYPTO_GLUE_HELPER_X86 218 tristate 219 depends on X86 220 select CRYPTO_SKCIPHER 221 222config CRYPTO_ENGINE 223 tristate 224 225comment "Public-key cryptography" 226 227config CRYPTO_RSA 228 tristate "RSA algorithm" 229 select CRYPTO_AKCIPHER 230 select CRYPTO_MANAGER 231 select MPILIB 232 select ASN1 233 help 234 Generic implementation of the RSA public key algorithm. 235 236config CRYPTO_DH 237 tristate "Diffie-Hellman algorithm" 238 select CRYPTO_KPP 239 select MPILIB 240 help 241 Generic implementation of the Diffie-Hellman algorithm. 242 243config CRYPTO_ECC 244 tristate 245 246config CRYPTO_ECDH 247 tristate "ECDH algorithm" 248 select CRYPTO_ECC 249 select CRYPTO_KPP 250 select CRYPTO_RNG_DEFAULT 251 help 252 Generic implementation of the ECDH algorithm 253 254config CRYPTO_ECRDSA 255 tristate "EC-RDSA (GOST 34.10) algorithm" 256 select CRYPTO_ECC 257 select CRYPTO_AKCIPHER 258 select CRYPTO_STREEBOG 259 select OID_REGISTRY 260 select ASN1 261 help 262 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 263 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic 264 standard algorithms (called GOST algorithms). Only signature verification 265 is implemented. 266 267config CRYPTO_CURVE25519 268 tristate "Curve25519 algorithm" 269 select CRYPTO_KPP 270 select CRYPTO_LIB_CURVE25519_GENERIC 271 272config CRYPTO_CURVE25519_X86 273 tristate "x86_64 accelerated Curve25519 scalar multiplication library" 274 depends on X86 && 64BIT 275 select CRYPTO_LIB_CURVE25519_GENERIC 276 select CRYPTO_ARCH_HAVE_LIB_CURVE25519 277 278comment "Authenticated Encryption with Associated Data" 279 280config CRYPTO_CCM 281 tristate "CCM support" 282 select CRYPTO_CTR 283 select CRYPTO_HASH 284 select CRYPTO_AEAD 285 select CRYPTO_MANAGER 286 help 287 Support for Counter with CBC MAC. Required for IPsec. 288 289config CRYPTO_GCM 290 tristate "GCM/GMAC support" 291 select CRYPTO_CTR 292 select CRYPTO_AEAD 293 select CRYPTO_GHASH 294 select CRYPTO_NULL 295 select CRYPTO_MANAGER 296 help 297 Support for Galois/Counter Mode (GCM) and Galois Message 298 Authentication Code (GMAC). Required for IPSec. 299 300config CRYPTO_CHACHA20POLY1305 301 tristate "ChaCha20-Poly1305 AEAD support" 302 select CRYPTO_CHACHA20 303 select CRYPTO_POLY1305 304 select CRYPTO_AEAD 305 select CRYPTO_MANAGER 306 help 307 ChaCha20-Poly1305 AEAD support, RFC7539. 308 309 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 310 with the Poly1305 authenticator. It is defined in RFC7539 for use in 311 IETF protocols. 312 313config CRYPTO_AEGIS128 314 tristate "AEGIS-128 AEAD algorithm" 315 select CRYPTO_AEAD 316 select CRYPTO_AES # for AES S-box tables 317 help 318 Support for the AEGIS-128 dedicated AEAD algorithm. 319 320config CRYPTO_AEGIS128_SIMD 321 bool "Support SIMD acceleration for AEGIS-128" 322 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) 323 depends on !ARM || CC_IS_CLANG || GCC_VERSION >= 40800 324 default y 325 326config CRYPTO_AEGIS128_AESNI_SSE2 327 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 328 depends on X86 && 64BIT 329 select CRYPTO_AEAD 330 select CRYPTO_SIMD 331 help 332 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm. 333 334config CRYPTO_SEQIV 335 tristate "Sequence Number IV Generator" 336 select CRYPTO_AEAD 337 select CRYPTO_SKCIPHER 338 select CRYPTO_NULL 339 select CRYPTO_RNG_DEFAULT 340 select CRYPTO_MANAGER 341 help 342 This IV generator generates an IV based on a sequence number by 343 xoring it with a salt. This algorithm is mainly useful for CTR 344 345config CRYPTO_ECHAINIV 346 tristate "Encrypted Chain IV Generator" 347 select CRYPTO_AEAD 348 select CRYPTO_NULL 349 select CRYPTO_RNG_DEFAULT 350 select CRYPTO_MANAGER 351 help 352 This IV generator generates an IV based on the encryption of 353 a sequence number xored with a salt. This is the default 354 algorithm for CBC. 355 356comment "Block modes" 357 358config CRYPTO_CBC 359 tristate "CBC support" 360 select CRYPTO_SKCIPHER 361 select CRYPTO_MANAGER 362 help 363 CBC: Cipher Block Chaining mode 364 This block cipher algorithm is required for IPSec. 365 366config CRYPTO_CFB 367 tristate "CFB support" 368 select CRYPTO_SKCIPHER 369 select CRYPTO_MANAGER 370 help 371 CFB: Cipher FeedBack mode 372 This block cipher algorithm is required for TPM2 Cryptography. 373 374config CRYPTO_CTR 375 tristate "CTR support" 376 select CRYPTO_SKCIPHER 377 select CRYPTO_SEQIV 378 select CRYPTO_MANAGER 379 help 380 CTR: Counter mode 381 This block cipher algorithm is required for IPSec. 382 383config CRYPTO_CTS 384 tristate "CTS support" 385 select CRYPTO_SKCIPHER 386 select CRYPTO_MANAGER 387 help 388 CTS: Cipher Text Stealing 389 This is the Cipher Text Stealing mode as described by 390 Section 8 of rfc2040 and referenced by rfc3962 391 (rfc3962 includes errata information in its Appendix A) or 392 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. 393 This mode is required for Kerberos gss mechanism support 394 for AES encryption. 395 396 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final 397 398config CRYPTO_ECB 399 tristate "ECB support" 400 select CRYPTO_SKCIPHER 401 select CRYPTO_MANAGER 402 help 403 ECB: Electronic CodeBook mode 404 This is the simplest block cipher algorithm. It simply encrypts 405 the input block by block. 406 407config CRYPTO_LRW 408 tristate "LRW support" 409 select CRYPTO_SKCIPHER 410 select CRYPTO_MANAGER 411 select CRYPTO_GF128MUL 412 help 413 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 414 narrow block cipher mode for dm-crypt. Use it with cipher 415 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 416 The first 128, 192 or 256 bits in the key are used for AES and the 417 rest is used to tie each cipher block to its logical position. 418 419config CRYPTO_OFB 420 tristate "OFB support" 421 select CRYPTO_SKCIPHER 422 select CRYPTO_MANAGER 423 help 424 OFB: the Output Feedback mode makes a block cipher into a synchronous 425 stream cipher. It generates keystream blocks, which are then XORed 426 with the plaintext blocks to get the ciphertext. Flipping a bit in the 427 ciphertext produces a flipped bit in the plaintext at the same 428 location. This property allows many error correcting codes to function 429 normally even when applied before encryption. 430 431config CRYPTO_PCBC 432 tristate "PCBC support" 433 select CRYPTO_SKCIPHER 434 select CRYPTO_MANAGER 435 help 436 PCBC: Propagating Cipher Block Chaining mode 437 This block cipher algorithm is required for RxRPC. 438 439config CRYPTO_XTS 440 tristate "XTS support" 441 select CRYPTO_SKCIPHER 442 select CRYPTO_MANAGER 443 select CRYPTO_ECB 444 help 445 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 446 key size 256, 384 or 512 bits. This implementation currently 447 can't handle a sectorsize which is not a multiple of 16 bytes. 448 449config CRYPTO_KEYWRAP 450 tristate "Key wrapping support" 451 select CRYPTO_SKCIPHER 452 select CRYPTO_MANAGER 453 help 454 Support for key wrapping (NIST SP800-38F / RFC3394) without 455 padding. 456 457config CRYPTO_NHPOLY1305 458 tristate 459 select CRYPTO_HASH 460 select CRYPTO_LIB_POLY1305_GENERIC 461 462config CRYPTO_NHPOLY1305_SSE2 463 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)" 464 depends on X86 && 64BIT 465 select CRYPTO_NHPOLY1305 466 help 467 SSE2 optimized implementation of the hash function used by the 468 Adiantum encryption mode. 469 470config CRYPTO_NHPOLY1305_AVX2 471 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)" 472 depends on X86 && 64BIT 473 select CRYPTO_NHPOLY1305 474 help 475 AVX2 optimized implementation of the hash function used by the 476 Adiantum encryption mode. 477 478config CRYPTO_ADIANTUM 479 tristate "Adiantum support" 480 select CRYPTO_CHACHA20 481 select CRYPTO_LIB_POLY1305_GENERIC 482 select CRYPTO_NHPOLY1305 483 select CRYPTO_MANAGER 484 help 485 Adiantum is a tweakable, length-preserving encryption mode 486 designed for fast and secure disk encryption, especially on 487 CPUs without dedicated crypto instructions. It encrypts 488 each sector using the XChaCha12 stream cipher, two passes of 489 an ε-almost-∆-universal hash function, and an invocation of 490 the AES-256 block cipher on a single 16-byte block. On CPUs 491 without AES instructions, Adiantum is much faster than 492 AES-XTS. 493 494 Adiantum's security is provably reducible to that of its 495 underlying stream and block ciphers, subject to a security 496 bound. Unlike XTS, Adiantum is a true wide-block encryption 497 mode, so it actually provides an even stronger notion of 498 security than XTS, subject to the security bound. 499 500 If unsure, say N. 501 502config CRYPTO_ESSIV 503 tristate "ESSIV support for block encryption" 504 select CRYPTO_AUTHENC 505 help 506 Encrypted salt-sector initialization vector (ESSIV) is an IV 507 generation method that is used in some cases by fscrypt and/or 508 dm-crypt. It uses the hash of the block encryption key as the 509 symmetric key for a block encryption pass applied to the input 510 IV, making low entropy IV sources more suitable for block 511 encryption. 512 513 This driver implements a crypto API template that can be 514 instantiated either as an skcipher or as an AEAD (depending on the 515 type of the first template argument), and which defers encryption 516 and decryption requests to the encapsulated cipher after applying 517 ESSIV to the input IV. Note that in the AEAD case, it is assumed 518 that the keys are presented in the same format used by the authenc 519 template, and that the IV appears at the end of the authenticated 520 associated data (AAD) region (which is how dm-crypt uses it.) 521 522 Note that the use of ESSIV is not recommended for new deployments, 523 and so this only needs to be enabled when interoperability with 524 existing encrypted volumes of filesystems is required, or when 525 building for a particular system that requires it (e.g., when 526 the SoC in question has accelerated CBC but not XTS, making CBC 527 combined with ESSIV the only feasible mode for h/w accelerated 528 block encryption) 529 530comment "Hash modes" 531 532config CRYPTO_CMAC 533 tristate "CMAC support" 534 select CRYPTO_HASH 535 select CRYPTO_MANAGER 536 help 537 Cipher-based Message Authentication Code (CMAC) specified by 538 The National Institute of Standards and Technology (NIST). 539 540 https://tools.ietf.org/html/rfc4493 541 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 542 543config CRYPTO_HMAC 544 tristate "HMAC support" 545 select CRYPTO_HASH 546 select CRYPTO_MANAGER 547 help 548 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 549 This is required for IPSec. 550 551config CRYPTO_XCBC 552 tristate "XCBC support" 553 select CRYPTO_HASH 554 select CRYPTO_MANAGER 555 help 556 XCBC: Keyed-Hashing with encryption algorithm 557 http://www.ietf.org/rfc/rfc3566.txt 558 http://csrc.nist.gov/encryption/modes/proposedmodes/ 559 xcbc-mac/xcbc-mac-spec.pdf 560 561config CRYPTO_VMAC 562 tristate "VMAC support" 563 select CRYPTO_HASH 564 select CRYPTO_MANAGER 565 help 566 VMAC is a message authentication algorithm designed for 567 very high speed on 64-bit architectures. 568 569 See also: 570 <http://fastcrypto.org/vmac> 571 572comment "Digest" 573 574config CRYPTO_CRC32C 575 tristate "CRC32c CRC algorithm" 576 select CRYPTO_HASH 577 select CRC32 578 help 579 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 580 by iSCSI for header and data digests and by others. 581 See Castagnoli93. Module will be crc32c. 582 583config CRYPTO_CRC32C_INTEL 584 tristate "CRC32c INTEL hardware acceleration" 585 depends on X86 586 select CRYPTO_HASH 587 help 588 In Intel processor with SSE4.2 supported, the processor will 589 support CRC32C implementation using hardware accelerated CRC32 590 instruction. This option will create 'crc32c-intel' module, 591 which will enable any routine to use the CRC32 instruction to 592 gain performance compared with software implementation. 593 Module will be crc32c-intel. 594 595config CRYPTO_CRC32C_VPMSUM 596 tristate "CRC32c CRC algorithm (powerpc64)" 597 depends on PPC64 && ALTIVEC 598 select CRYPTO_HASH 599 select CRC32 600 help 601 CRC32c algorithm implemented using vector polynomial multiply-sum 602 (vpmsum) instructions, introduced in POWER8. Enable on POWER8 603 and newer processors for improved performance. 604 605 606config CRYPTO_CRC32C_SPARC64 607 tristate "CRC32c CRC algorithm (SPARC64)" 608 depends on SPARC64 609 select CRYPTO_HASH 610 select CRC32 611 help 612 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 613 when available. 614 615config CRYPTO_CRC32 616 tristate "CRC32 CRC algorithm" 617 select CRYPTO_HASH 618 select CRC32 619 help 620 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 621 Shash crypto api wrappers to crc32_le function. 622 623config CRYPTO_CRC32_PCLMUL 624 tristate "CRC32 PCLMULQDQ hardware acceleration" 625 depends on X86 626 select CRYPTO_HASH 627 select CRC32 628 help 629 From Intel Westmere and AMD Bulldozer processor with SSE4.2 630 and PCLMULQDQ supported, the processor will support 631 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 632 instruction. This option will create 'crc32-pclmul' module, 633 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 634 and gain better performance as compared with the table implementation. 635 636config CRYPTO_CRC32_MIPS 637 tristate "CRC32c and CRC32 CRC algorithm (MIPS)" 638 depends on MIPS_CRC_SUPPORT 639 select CRYPTO_HASH 640 help 641 CRC32c and CRC32 CRC algorithms implemented using mips crypto 642 instructions, when available. 643 644 645config CRYPTO_XXHASH 646 tristate "xxHash hash algorithm" 647 select CRYPTO_HASH 648 select XXHASH 649 help 650 xxHash non-cryptographic hash algorithm. Extremely fast, working at 651 speeds close to RAM limits. 652 653config CRYPTO_BLAKE2B 654 tristate "BLAKE2b digest algorithm" 655 select CRYPTO_HASH 656 help 657 Implementation of cryptographic hash function BLAKE2b (or just BLAKE2), 658 optimized for 64bit platforms and can produce digests of any size 659 between 1 to 64. The keyed hash is also implemented. 660 661 This module provides the following algorithms: 662 663 - blake2b-160 664 - blake2b-256 665 - blake2b-384 666 - blake2b-512 667 668 See https://blake2.net for further information. 669 670config CRYPTO_BLAKE2S 671 tristate "BLAKE2s digest algorithm" 672 select CRYPTO_LIB_BLAKE2S_GENERIC 673 select CRYPTO_HASH 674 help 675 Implementation of cryptographic hash function BLAKE2s 676 optimized for 8-32bit platforms and can produce digests of any size 677 between 1 to 32. The keyed hash is also implemented. 678 679 This module provides the following algorithms: 680 681 - blake2s-128 682 - blake2s-160 683 - blake2s-224 684 - blake2s-256 685 686 See https://blake2.net for further information. 687 688config CRYPTO_BLAKE2S_X86 689 tristate "BLAKE2s digest algorithm (x86 accelerated version)" 690 depends on X86 && 64BIT 691 select CRYPTO_LIB_BLAKE2S_GENERIC 692 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S 693 694config CRYPTO_CRCT10DIF 695 tristate "CRCT10DIF algorithm" 696 select CRYPTO_HASH 697 help 698 CRC T10 Data Integrity Field computation is being cast as 699 a crypto transform. This allows for faster crc t10 diff 700 transforms to be used if they are available. 701 702config CRYPTO_CRCT10DIF_PCLMUL 703 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 704 depends on X86 && 64BIT && CRC_T10DIF 705 select CRYPTO_HASH 706 help 707 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 708 CRC T10 DIF PCLMULQDQ computation can be hardware 709 accelerated PCLMULQDQ instruction. This option will create 710 'crct10dif-pclmul' module, which is faster when computing the 711 crct10dif checksum as compared with the generic table implementation. 712 713config CRYPTO_CRCT10DIF_VPMSUM 714 tristate "CRC32T10DIF powerpc64 hardware acceleration" 715 depends on PPC64 && ALTIVEC && CRC_T10DIF 716 select CRYPTO_HASH 717 help 718 CRC10T10DIF algorithm implemented using vector polynomial 719 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 720 POWER8 and newer processors for improved performance. 721 722config CRYPTO_VPMSUM_TESTER 723 tristate "Powerpc64 vpmsum hardware acceleration tester" 724 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 725 help 726 Stress test for CRC32c and CRC-T10DIF algorithms implemented with 727 POWER8 vpmsum instructions. 728 Unless you are testing these algorithms, you don't need this. 729 730config CRYPTO_GHASH 731 tristate "GHASH hash function" 732 select CRYPTO_GF128MUL 733 select CRYPTO_HASH 734 help 735 GHASH is the hash function used in GCM (Galois/Counter Mode). 736 It is not a general-purpose cryptographic hash function. 737 738config CRYPTO_POLY1305 739 tristate "Poly1305 authenticator algorithm" 740 select CRYPTO_HASH 741 select CRYPTO_LIB_POLY1305_GENERIC 742 help 743 Poly1305 authenticator algorithm, RFC7539. 744 745 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 746 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 747 in IETF protocols. This is the portable C implementation of Poly1305. 748 749config CRYPTO_POLY1305_X86_64 750 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 751 depends on X86 && 64BIT 752 select CRYPTO_LIB_POLY1305_GENERIC 753 select CRYPTO_ARCH_HAVE_LIB_POLY1305 754 help 755 Poly1305 authenticator algorithm, RFC7539. 756 757 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 758 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 759 in IETF protocols. This is the x86_64 assembler implementation using SIMD 760 instructions. 761 762config CRYPTO_POLY1305_MIPS 763 tristate "Poly1305 authenticator algorithm (MIPS optimized)" 764 depends on CPU_MIPS32 || (CPU_MIPS64 && 64BIT) 765 select CRYPTO_ARCH_HAVE_LIB_POLY1305 766 767config CRYPTO_MD4 768 tristate "MD4 digest algorithm" 769 select CRYPTO_HASH 770 help 771 MD4 message digest algorithm (RFC1320). 772 773config CRYPTO_MD5 774 tristate "MD5 digest algorithm" 775 select CRYPTO_HASH 776 help 777 MD5 message digest algorithm (RFC1321). 778 779config CRYPTO_MD5_OCTEON 780 tristate "MD5 digest algorithm (OCTEON)" 781 depends on CPU_CAVIUM_OCTEON 782 select CRYPTO_MD5 783 select CRYPTO_HASH 784 help 785 MD5 message digest algorithm (RFC1321) implemented 786 using OCTEON crypto instructions, when available. 787 788config CRYPTO_MD5_PPC 789 tristate "MD5 digest algorithm (PPC)" 790 depends on PPC 791 select CRYPTO_HASH 792 help 793 MD5 message digest algorithm (RFC1321) implemented 794 in PPC assembler. 795 796config CRYPTO_MD5_SPARC64 797 tristate "MD5 digest algorithm (SPARC64)" 798 depends on SPARC64 799 select CRYPTO_MD5 800 select CRYPTO_HASH 801 help 802 MD5 message digest algorithm (RFC1321) implemented 803 using sparc64 crypto instructions, when available. 804 805config CRYPTO_MICHAEL_MIC 806 tristate "Michael MIC keyed digest algorithm" 807 select CRYPTO_HASH 808 help 809 Michael MIC is used for message integrity protection in TKIP 810 (IEEE 802.11i). This algorithm is required for TKIP, but it 811 should not be used for other purposes because of the weakness 812 of the algorithm. 813 814config CRYPTO_RMD128 815 tristate "RIPEMD-128 digest algorithm" 816 select CRYPTO_HASH 817 help 818 RIPEMD-128 (ISO/IEC 10118-3:2004). 819 820 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 821 be used as a secure replacement for RIPEMD. For other use cases, 822 RIPEMD-160 should be used. 823 824 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 825 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 826 827config CRYPTO_RMD160 828 tristate "RIPEMD-160 digest algorithm" 829 select CRYPTO_HASH 830 help 831 RIPEMD-160 (ISO/IEC 10118-3:2004). 832 833 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 834 to be used as a secure replacement for the 128-bit hash functions 835 MD4, MD5 and it's predecessor RIPEMD 836 (not to be confused with RIPEMD-128). 837 838 It's speed is comparable to SHA1 and there are no known attacks 839 against RIPEMD-160. 840 841 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 842 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 843 844config CRYPTO_RMD256 845 tristate "RIPEMD-256 digest algorithm" 846 select CRYPTO_HASH 847 help 848 RIPEMD-256 is an optional extension of RIPEMD-128 with a 849 256 bit hash. It is intended for applications that require 850 longer hash-results, without needing a larger security level 851 (than RIPEMD-128). 852 853 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 854 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 855 856config CRYPTO_RMD320 857 tristate "RIPEMD-320 digest algorithm" 858 select CRYPTO_HASH 859 help 860 RIPEMD-320 is an optional extension of RIPEMD-160 with a 861 320 bit hash. It is intended for applications that require 862 longer hash-results, without needing a larger security level 863 (than RIPEMD-160). 864 865 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 866 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 867 868config CRYPTO_SHA1 869 tristate "SHA1 digest algorithm" 870 select CRYPTO_HASH 871 help 872 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 873 874config CRYPTO_SHA1_SSSE3 875 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 876 depends on X86 && 64BIT 877 select CRYPTO_SHA1 878 select CRYPTO_HASH 879 help 880 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 881 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 882 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 883 when available. 884 885config CRYPTO_SHA256_SSSE3 886 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 887 depends on X86 && 64BIT 888 select CRYPTO_SHA256 889 select CRYPTO_HASH 890 help 891 SHA-256 secure hash standard (DFIPS 180-2) implemented 892 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 893 Extensions version 1 (AVX1), or Advanced Vector Extensions 894 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 895 Instructions) when available. 896 897config CRYPTO_SHA512_SSSE3 898 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 899 depends on X86 && 64BIT 900 select CRYPTO_SHA512 901 select CRYPTO_HASH 902 help 903 SHA-512 secure hash standard (DFIPS 180-2) implemented 904 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 905 Extensions version 1 (AVX1), or Advanced Vector Extensions 906 version 2 (AVX2) instructions, when available. 907 908config CRYPTO_SHA1_OCTEON 909 tristate "SHA1 digest algorithm (OCTEON)" 910 depends on CPU_CAVIUM_OCTEON 911 select CRYPTO_SHA1 912 select CRYPTO_HASH 913 help 914 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 915 using OCTEON crypto instructions, when available. 916 917config CRYPTO_SHA1_SPARC64 918 tristate "SHA1 digest algorithm (SPARC64)" 919 depends on SPARC64 920 select CRYPTO_SHA1 921 select CRYPTO_HASH 922 help 923 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 924 using sparc64 crypto instructions, when available. 925 926config CRYPTO_SHA1_PPC 927 tristate "SHA1 digest algorithm (powerpc)" 928 depends on PPC 929 help 930 This is the powerpc hardware accelerated implementation of the 931 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 932 933config CRYPTO_SHA1_PPC_SPE 934 tristate "SHA1 digest algorithm (PPC SPE)" 935 depends on PPC && SPE 936 help 937 SHA-1 secure hash standard (DFIPS 180-4) implemented 938 using powerpc SPE SIMD instruction set. 939 940config CRYPTO_SHA256 941 tristate "SHA224 and SHA256 digest algorithm" 942 select CRYPTO_HASH 943 select CRYPTO_LIB_SHA256 944 help 945 SHA256 secure hash standard (DFIPS 180-2). 946 947 This version of SHA implements a 256 bit hash with 128 bits of 948 security against collision attacks. 949 950 This code also includes SHA-224, a 224 bit hash with 112 bits 951 of security against collision attacks. 952 953config CRYPTO_SHA256_PPC_SPE 954 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 955 depends on PPC && SPE 956 select CRYPTO_SHA256 957 select CRYPTO_HASH 958 help 959 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 960 implemented using powerpc SPE SIMD instruction set. 961 962config CRYPTO_SHA256_OCTEON 963 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 964 depends on CPU_CAVIUM_OCTEON 965 select CRYPTO_SHA256 966 select CRYPTO_HASH 967 help 968 SHA-256 secure hash standard (DFIPS 180-2) implemented 969 using OCTEON crypto instructions, when available. 970 971config CRYPTO_SHA256_SPARC64 972 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 973 depends on SPARC64 974 select CRYPTO_SHA256 975 select CRYPTO_HASH 976 help 977 SHA-256 secure hash standard (DFIPS 180-2) implemented 978 using sparc64 crypto instructions, when available. 979 980config CRYPTO_SHA512 981 tristate "SHA384 and SHA512 digest algorithms" 982 select CRYPTO_HASH 983 help 984 SHA512 secure hash standard (DFIPS 180-2). 985 986 This version of SHA implements a 512 bit hash with 256 bits of 987 security against collision attacks. 988 989 This code also includes SHA-384, a 384 bit hash with 192 bits 990 of security against collision attacks. 991 992config CRYPTO_SHA512_OCTEON 993 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 994 depends on CPU_CAVIUM_OCTEON 995 select CRYPTO_SHA512 996 select CRYPTO_HASH 997 help 998 SHA-512 secure hash standard (DFIPS 180-2) implemented 999 using OCTEON crypto instructions, when available. 1000 1001config CRYPTO_SHA512_SPARC64 1002 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 1003 depends on SPARC64 1004 select CRYPTO_SHA512 1005 select CRYPTO_HASH 1006 help 1007 SHA-512 secure hash standard (DFIPS 180-2) implemented 1008 using sparc64 crypto instructions, when available. 1009 1010config CRYPTO_SHA3 1011 tristate "SHA3 digest algorithm" 1012 select CRYPTO_HASH 1013 help 1014 SHA-3 secure hash standard (DFIPS 202). It's based on 1015 cryptographic sponge function family called Keccak. 1016 1017 References: 1018 http://keccak.noekeon.org/ 1019 1020config CRYPTO_SM3 1021 tristate "SM3 digest algorithm" 1022 select CRYPTO_HASH 1023 help 1024 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 1025 It is part of the Chinese Commercial Cryptography suite. 1026 1027 References: 1028 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 1029 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 1030 1031config CRYPTO_STREEBOG 1032 tristate "Streebog Hash Function" 1033 select CRYPTO_HASH 1034 help 1035 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian 1036 cryptographic standard algorithms (called GOST algorithms). 1037 This setting enables two hash algorithms with 256 and 512 bits output. 1038 1039 References: 1040 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 1041 https://tools.ietf.org/html/rfc6986 1042 1043config CRYPTO_TGR192 1044 tristate "Tiger digest algorithms" 1045 select CRYPTO_HASH 1046 help 1047 Tiger hash algorithm 192, 160 and 128-bit hashes 1048 1049 Tiger is a hash function optimized for 64-bit processors while 1050 still having decent performance on 32-bit processors. 1051 Tiger was developed by Ross Anderson and Eli Biham. 1052 1053 See also: 1054 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 1055 1056config CRYPTO_WP512 1057 tristate "Whirlpool digest algorithms" 1058 select CRYPTO_HASH 1059 help 1060 Whirlpool hash algorithm 512, 384 and 256-bit hashes 1061 1062 Whirlpool-512 is part of the NESSIE cryptographic primitives. 1063 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 1064 1065 See also: 1066 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 1067 1068config CRYPTO_GHASH_CLMUL_NI_INTEL 1069 tristate "GHASH hash function (CLMUL-NI accelerated)" 1070 depends on X86 && 64BIT 1071 select CRYPTO_CRYPTD 1072 help 1073 This is the x86_64 CLMUL-NI accelerated implementation of 1074 GHASH, the hash function used in GCM (Galois/Counter mode). 1075 1076comment "Ciphers" 1077 1078config CRYPTO_AES 1079 tristate "AES cipher algorithms" 1080 select CRYPTO_ALGAPI 1081 select CRYPTO_LIB_AES 1082 help 1083 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1084 algorithm. 1085 1086 Rijndael appears to be consistently a very good performer in 1087 both hardware and software across a wide range of computing 1088 environments regardless of its use in feedback or non-feedback 1089 modes. Its key setup time is excellent, and its key agility is 1090 good. Rijndael's very low memory requirements make it very well 1091 suited for restricted-space environments, in which it also 1092 demonstrates excellent performance. Rijndael's operations are 1093 among the easiest to defend against power and timing attacks. 1094 1095 The AES specifies three key sizes: 128, 192 and 256 bits 1096 1097 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 1098 1099config CRYPTO_AES_TI 1100 tristate "Fixed time AES cipher" 1101 select CRYPTO_ALGAPI 1102 select CRYPTO_LIB_AES 1103 help 1104 This is a generic implementation of AES that attempts to eliminate 1105 data dependent latencies as much as possible without affecting 1106 performance too much. It is intended for use by the generic CCM 1107 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 1108 solely on encryption (although decryption is supported as well, but 1109 with a more dramatic performance hit) 1110 1111 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 1112 8 for decryption), this implementation only uses just two S-boxes of 1113 256 bytes each, and attempts to eliminate data dependent latencies by 1114 prefetching the entire table into the cache at the start of each 1115 block. Interrupts are also disabled to avoid races where cachelines 1116 are evicted when the CPU is interrupted to do something else. 1117 1118config CRYPTO_AES_NI_INTEL 1119 tristate "AES cipher algorithms (AES-NI)" 1120 depends on X86 1121 select CRYPTO_AEAD 1122 select CRYPTO_LIB_AES 1123 select CRYPTO_ALGAPI 1124 select CRYPTO_SKCIPHER 1125 select CRYPTO_GLUE_HELPER_X86 if 64BIT 1126 select CRYPTO_SIMD 1127 help 1128 Use Intel AES-NI instructions for AES algorithm. 1129 1130 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1131 algorithm. 1132 1133 Rijndael appears to be consistently a very good performer in 1134 both hardware and software across a wide range of computing 1135 environments regardless of its use in feedback or non-feedback 1136 modes. Its key setup time is excellent, and its key agility is 1137 good. Rijndael's very low memory requirements make it very well 1138 suited for restricted-space environments, in which it also 1139 demonstrates excellent performance. Rijndael's operations are 1140 among the easiest to defend against power and timing attacks. 1141 1142 The AES specifies three key sizes: 128, 192 and 256 bits 1143 1144 See <http://csrc.nist.gov/encryption/aes/> for more information. 1145 1146 In addition to AES cipher algorithm support, the acceleration 1147 for some popular block cipher mode is supported too, including 1148 ECB, CBC, LRW, XTS. The 64 bit version has additional 1149 acceleration for CTR. 1150 1151config CRYPTO_AES_SPARC64 1152 tristate "AES cipher algorithms (SPARC64)" 1153 depends on SPARC64 1154 select CRYPTO_SKCIPHER 1155 help 1156 Use SPARC64 crypto opcodes for AES algorithm. 1157 1158 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1159 algorithm. 1160 1161 Rijndael appears to be consistently a very good performer in 1162 both hardware and software across a wide range of computing 1163 environments regardless of its use in feedback or non-feedback 1164 modes. Its key setup time is excellent, and its key agility is 1165 good. Rijndael's very low memory requirements make it very well 1166 suited for restricted-space environments, in which it also 1167 demonstrates excellent performance. Rijndael's operations are 1168 among the easiest to defend against power and timing attacks. 1169 1170 The AES specifies three key sizes: 128, 192 and 256 bits 1171 1172 See <http://csrc.nist.gov/encryption/aes/> for more information. 1173 1174 In addition to AES cipher algorithm support, the acceleration 1175 for some popular block cipher mode is supported too, including 1176 ECB and CBC. 1177 1178config CRYPTO_AES_PPC_SPE 1179 tristate "AES cipher algorithms (PPC SPE)" 1180 depends on PPC && SPE 1181 select CRYPTO_SKCIPHER 1182 help 1183 AES cipher algorithms (FIPS-197). Additionally the acceleration 1184 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1185 This module should only be used for low power (router) devices 1186 without hardware AES acceleration (e.g. caam crypto). It reduces the 1187 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1188 timining attacks. Nevertheless it might be not as secure as other 1189 architecture specific assembler implementations that work on 1KB 1190 tables or 256 bytes S-boxes. 1191 1192config CRYPTO_ANUBIS 1193 tristate "Anubis cipher algorithm" 1194 select CRYPTO_ALGAPI 1195 help 1196 Anubis cipher algorithm. 1197 1198 Anubis is a variable key length cipher which can use keys from 1199 128 bits to 320 bits in length. It was evaluated as a entrant 1200 in the NESSIE competition. 1201 1202 See also: 1203 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 1204 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 1205 1206config CRYPTO_ARC4 1207 tristate "ARC4 cipher algorithm" 1208 select CRYPTO_SKCIPHER 1209 select CRYPTO_LIB_ARC4 1210 help 1211 ARC4 cipher algorithm. 1212 1213 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1214 bits in length. This algorithm is required for driver-based 1215 WEP, but it should not be for other purposes because of the 1216 weakness of the algorithm. 1217 1218config CRYPTO_BLOWFISH 1219 tristate "Blowfish cipher algorithm" 1220 select CRYPTO_ALGAPI 1221 select CRYPTO_BLOWFISH_COMMON 1222 help 1223 Blowfish cipher algorithm, by Bruce Schneier. 1224 1225 This is a variable key length cipher which can use keys from 32 1226 bits to 448 bits in length. It's fast, simple and specifically 1227 designed for use on "large microprocessors". 1228 1229 See also: 1230 <http://www.schneier.com/blowfish.html> 1231 1232config CRYPTO_BLOWFISH_COMMON 1233 tristate 1234 help 1235 Common parts of the Blowfish cipher algorithm shared by the 1236 generic c and the assembler implementations. 1237 1238 See also: 1239 <http://www.schneier.com/blowfish.html> 1240 1241config CRYPTO_BLOWFISH_X86_64 1242 tristate "Blowfish cipher algorithm (x86_64)" 1243 depends on X86 && 64BIT 1244 select CRYPTO_SKCIPHER 1245 select CRYPTO_BLOWFISH_COMMON 1246 help 1247 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 1248 1249 This is a variable key length cipher which can use keys from 32 1250 bits to 448 bits in length. It's fast, simple and specifically 1251 designed for use on "large microprocessors". 1252 1253 See also: 1254 <http://www.schneier.com/blowfish.html> 1255 1256config CRYPTO_CAMELLIA 1257 tristate "Camellia cipher algorithms" 1258 depends on CRYPTO 1259 select CRYPTO_ALGAPI 1260 help 1261 Camellia cipher algorithms module. 1262 1263 Camellia is a symmetric key block cipher developed jointly 1264 at NTT and Mitsubishi Electric Corporation. 1265 1266 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1267 1268 See also: 1269 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1270 1271config CRYPTO_CAMELLIA_X86_64 1272 tristate "Camellia cipher algorithm (x86_64)" 1273 depends on X86 && 64BIT 1274 depends on CRYPTO 1275 select CRYPTO_SKCIPHER 1276 select CRYPTO_GLUE_HELPER_X86 1277 help 1278 Camellia cipher algorithm module (x86_64). 1279 1280 Camellia is a symmetric key block cipher developed jointly 1281 at NTT and Mitsubishi Electric Corporation. 1282 1283 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1284 1285 See also: 1286 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1287 1288config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1289 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1290 depends on X86 && 64BIT 1291 depends on CRYPTO 1292 select CRYPTO_SKCIPHER 1293 select CRYPTO_CAMELLIA_X86_64 1294 select CRYPTO_GLUE_HELPER_X86 1295 select CRYPTO_SIMD 1296 select CRYPTO_XTS 1297 help 1298 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1299 1300 Camellia is a symmetric key block cipher developed jointly 1301 at NTT and Mitsubishi Electric Corporation. 1302 1303 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1304 1305 See also: 1306 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1307 1308config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1309 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1310 depends on X86 && 64BIT 1311 depends on CRYPTO 1312 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1313 help 1314 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1315 1316 Camellia is a symmetric key block cipher developed jointly 1317 at NTT and Mitsubishi Electric Corporation. 1318 1319 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1320 1321 See also: 1322 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1323 1324config CRYPTO_CAMELLIA_SPARC64 1325 tristate "Camellia cipher algorithm (SPARC64)" 1326 depends on SPARC64 1327 depends on CRYPTO 1328 select CRYPTO_ALGAPI 1329 select CRYPTO_SKCIPHER 1330 help 1331 Camellia cipher algorithm module (SPARC64). 1332 1333 Camellia is a symmetric key block cipher developed jointly 1334 at NTT and Mitsubishi Electric Corporation. 1335 1336 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1337 1338 See also: 1339 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1340 1341config CRYPTO_CAST_COMMON 1342 tristate 1343 help 1344 Common parts of the CAST cipher algorithms shared by the 1345 generic c and the assembler implementations. 1346 1347config CRYPTO_CAST5 1348 tristate "CAST5 (CAST-128) cipher algorithm" 1349 select CRYPTO_ALGAPI 1350 select CRYPTO_CAST_COMMON 1351 help 1352 The CAST5 encryption algorithm (synonymous with CAST-128) is 1353 described in RFC2144. 1354 1355config CRYPTO_CAST5_AVX_X86_64 1356 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1357 depends on X86 && 64BIT 1358 select CRYPTO_SKCIPHER 1359 select CRYPTO_CAST5 1360 select CRYPTO_CAST_COMMON 1361 select CRYPTO_SIMD 1362 help 1363 The CAST5 encryption algorithm (synonymous with CAST-128) is 1364 described in RFC2144. 1365 1366 This module provides the Cast5 cipher algorithm that processes 1367 sixteen blocks parallel using the AVX instruction set. 1368 1369config CRYPTO_CAST6 1370 tristate "CAST6 (CAST-256) cipher algorithm" 1371 select CRYPTO_ALGAPI 1372 select CRYPTO_CAST_COMMON 1373 help 1374 The CAST6 encryption algorithm (synonymous with CAST-256) is 1375 described in RFC2612. 1376 1377config CRYPTO_CAST6_AVX_X86_64 1378 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1379 depends on X86 && 64BIT 1380 select CRYPTO_SKCIPHER 1381 select CRYPTO_CAST6 1382 select CRYPTO_CAST_COMMON 1383 select CRYPTO_GLUE_HELPER_X86 1384 select CRYPTO_SIMD 1385 select CRYPTO_XTS 1386 help 1387 The CAST6 encryption algorithm (synonymous with CAST-256) is 1388 described in RFC2612. 1389 1390 This module provides the Cast6 cipher algorithm that processes 1391 eight blocks parallel using the AVX instruction set. 1392 1393config CRYPTO_DES 1394 tristate "DES and Triple DES EDE cipher algorithms" 1395 select CRYPTO_ALGAPI 1396 select CRYPTO_LIB_DES 1397 help 1398 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1399 1400config CRYPTO_DES_SPARC64 1401 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1402 depends on SPARC64 1403 select CRYPTO_ALGAPI 1404 select CRYPTO_LIB_DES 1405 select CRYPTO_SKCIPHER 1406 help 1407 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1408 optimized using SPARC64 crypto opcodes. 1409 1410config CRYPTO_DES3_EDE_X86_64 1411 tristate "Triple DES EDE cipher algorithm (x86-64)" 1412 depends on X86 && 64BIT 1413 select CRYPTO_SKCIPHER 1414 select CRYPTO_LIB_DES 1415 help 1416 Triple DES EDE (FIPS 46-3) algorithm. 1417 1418 This module provides implementation of the Triple DES EDE cipher 1419 algorithm that is optimized for x86-64 processors. Two versions of 1420 algorithm are provided; regular processing one input block and 1421 one that processes three blocks parallel. 1422 1423config CRYPTO_FCRYPT 1424 tristate "FCrypt cipher algorithm" 1425 select CRYPTO_ALGAPI 1426 select CRYPTO_SKCIPHER 1427 help 1428 FCrypt algorithm used by RxRPC. 1429 1430config CRYPTO_KHAZAD 1431 tristate "Khazad cipher algorithm" 1432 select CRYPTO_ALGAPI 1433 help 1434 Khazad cipher algorithm. 1435 1436 Khazad was a finalist in the initial NESSIE competition. It is 1437 an algorithm optimized for 64-bit processors with good performance 1438 on 32-bit processors. Khazad uses an 128 bit key size. 1439 1440 See also: 1441 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1442 1443config CRYPTO_SALSA20 1444 tristate "Salsa20 stream cipher algorithm" 1445 select CRYPTO_SKCIPHER 1446 help 1447 Salsa20 stream cipher algorithm. 1448 1449 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1450 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1451 1452 The Salsa20 stream cipher algorithm is designed by Daniel J. 1453 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1454 1455config CRYPTO_CHACHA20 1456 tristate "ChaCha stream cipher algorithms" 1457 select CRYPTO_LIB_CHACHA_GENERIC 1458 select CRYPTO_SKCIPHER 1459 help 1460 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms. 1461 1462 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1463 Bernstein and further specified in RFC7539 for use in IETF protocols. 1464 This is the portable C implementation of ChaCha20. See also: 1465 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1466 1467 XChaCha20 is the application of the XSalsa20 construction to ChaCha20 1468 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 1469 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 1470 while provably retaining ChaCha20's security. See also: 1471 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf> 1472 1473 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 1474 reduced security margin but increased performance. It can be needed 1475 in some performance-sensitive scenarios. 1476 1477config CRYPTO_CHACHA20_X86_64 1478 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)" 1479 depends on X86 && 64BIT 1480 select CRYPTO_SKCIPHER 1481 select CRYPTO_LIB_CHACHA_GENERIC 1482 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1483 help 1484 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20, 1485 XChaCha20, and XChaCha12 stream ciphers. 1486 1487config CRYPTO_CHACHA_MIPS 1488 tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)" 1489 depends on CPU_MIPS32_R2 1490 select CRYPTO_SKCIPHER 1491 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1492 1493config CRYPTO_SEED 1494 tristate "SEED cipher algorithm" 1495 select CRYPTO_ALGAPI 1496 help 1497 SEED cipher algorithm (RFC4269). 1498 1499 SEED is a 128-bit symmetric key block cipher that has been 1500 developed by KISA (Korea Information Security Agency) as a 1501 national standard encryption algorithm of the Republic of Korea. 1502 It is a 16 round block cipher with the key size of 128 bit. 1503 1504 See also: 1505 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1506 1507config CRYPTO_SERPENT 1508 tristate "Serpent cipher algorithm" 1509 select CRYPTO_ALGAPI 1510 help 1511 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1512 1513 Keys are allowed to be from 0 to 256 bits in length, in steps 1514 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 1515 variant of Serpent for compatibility with old kerneli.org code. 1516 1517 See also: 1518 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1519 1520config CRYPTO_SERPENT_SSE2_X86_64 1521 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1522 depends on X86 && 64BIT 1523 select CRYPTO_SKCIPHER 1524 select CRYPTO_GLUE_HELPER_X86 1525 select CRYPTO_SERPENT 1526 select CRYPTO_SIMD 1527 help 1528 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1529 1530 Keys are allowed to be from 0 to 256 bits in length, in steps 1531 of 8 bits. 1532 1533 This module provides Serpent cipher algorithm that processes eight 1534 blocks parallel using SSE2 instruction set. 1535 1536 See also: 1537 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1538 1539config CRYPTO_SERPENT_SSE2_586 1540 tristate "Serpent cipher algorithm (i586/SSE2)" 1541 depends on X86 && !64BIT 1542 select CRYPTO_SKCIPHER 1543 select CRYPTO_GLUE_HELPER_X86 1544 select CRYPTO_SERPENT 1545 select CRYPTO_SIMD 1546 help 1547 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1548 1549 Keys are allowed to be from 0 to 256 bits in length, in steps 1550 of 8 bits. 1551 1552 This module provides Serpent cipher algorithm that processes four 1553 blocks parallel using SSE2 instruction set. 1554 1555 See also: 1556 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1557 1558config CRYPTO_SERPENT_AVX_X86_64 1559 tristate "Serpent cipher algorithm (x86_64/AVX)" 1560 depends on X86 && 64BIT 1561 select CRYPTO_SKCIPHER 1562 select CRYPTO_GLUE_HELPER_X86 1563 select CRYPTO_SERPENT 1564 select CRYPTO_SIMD 1565 select CRYPTO_XTS 1566 help 1567 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1568 1569 Keys are allowed to be from 0 to 256 bits in length, in steps 1570 of 8 bits. 1571 1572 This module provides the Serpent cipher algorithm that processes 1573 eight blocks parallel using the AVX instruction set. 1574 1575 See also: 1576 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1577 1578config CRYPTO_SERPENT_AVX2_X86_64 1579 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1580 depends on X86 && 64BIT 1581 select CRYPTO_SERPENT_AVX_X86_64 1582 help 1583 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1584 1585 Keys are allowed to be from 0 to 256 bits in length, in steps 1586 of 8 bits. 1587 1588 This module provides Serpent cipher algorithm that processes 16 1589 blocks parallel using AVX2 instruction set. 1590 1591 See also: 1592 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1593 1594config CRYPTO_SM4 1595 tristate "SM4 cipher algorithm" 1596 select CRYPTO_ALGAPI 1597 help 1598 SM4 cipher algorithms (OSCCA GB/T 32907-2016). 1599 1600 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1601 Organization of State Commercial Administration of China (OSCCA) 1602 as an authorized cryptographic algorithms for the use within China. 1603 1604 SMS4 was originally created for use in protecting wireless 1605 networks, and is mandated in the Chinese National Standard for 1606 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 1607 (GB.15629.11-2003). 1608 1609 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 1610 standardized through TC 260 of the Standardization Administration 1611 of the People's Republic of China (SAC). 1612 1613 The input, output, and key of SMS4 are each 128 bits. 1614 1615 See also: <https://eprint.iacr.org/2008/329.pdf> 1616 1617 If unsure, say N. 1618 1619config CRYPTO_TEA 1620 tristate "TEA, XTEA and XETA cipher algorithms" 1621 select CRYPTO_ALGAPI 1622 help 1623 TEA cipher algorithm. 1624 1625 Tiny Encryption Algorithm is a simple cipher that uses 1626 many rounds for security. It is very fast and uses 1627 little memory. 1628 1629 Xtendend Tiny Encryption Algorithm is a modification to 1630 the TEA algorithm to address a potential key weakness 1631 in the TEA algorithm. 1632 1633 Xtendend Encryption Tiny Algorithm is a mis-implementation 1634 of the XTEA algorithm for compatibility purposes. 1635 1636config CRYPTO_TWOFISH 1637 tristate "Twofish cipher algorithm" 1638 select CRYPTO_ALGAPI 1639 select CRYPTO_TWOFISH_COMMON 1640 help 1641 Twofish cipher algorithm. 1642 1643 Twofish was submitted as an AES (Advanced Encryption Standard) 1644 candidate cipher by researchers at CounterPane Systems. It is a 1645 16 round block cipher supporting key sizes of 128, 192, and 256 1646 bits. 1647 1648 See also: 1649 <http://www.schneier.com/twofish.html> 1650 1651config CRYPTO_TWOFISH_COMMON 1652 tristate 1653 help 1654 Common parts of the Twofish cipher algorithm shared by the 1655 generic c and the assembler implementations. 1656 1657config CRYPTO_TWOFISH_586 1658 tristate "Twofish cipher algorithms (i586)" 1659 depends on (X86 || UML_X86) && !64BIT 1660 select CRYPTO_ALGAPI 1661 select CRYPTO_TWOFISH_COMMON 1662 help 1663 Twofish cipher algorithm. 1664 1665 Twofish was submitted as an AES (Advanced Encryption Standard) 1666 candidate cipher by researchers at CounterPane Systems. It is a 1667 16 round block cipher supporting key sizes of 128, 192, and 256 1668 bits. 1669 1670 See also: 1671 <http://www.schneier.com/twofish.html> 1672 1673config CRYPTO_TWOFISH_X86_64 1674 tristate "Twofish cipher algorithm (x86_64)" 1675 depends on (X86 || UML_X86) && 64BIT 1676 select CRYPTO_ALGAPI 1677 select CRYPTO_TWOFISH_COMMON 1678 help 1679 Twofish cipher algorithm (x86_64). 1680 1681 Twofish was submitted as an AES (Advanced Encryption Standard) 1682 candidate cipher by researchers at CounterPane Systems. It is a 1683 16 round block cipher supporting key sizes of 128, 192, and 256 1684 bits. 1685 1686 See also: 1687 <http://www.schneier.com/twofish.html> 1688 1689config CRYPTO_TWOFISH_X86_64_3WAY 1690 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1691 depends on X86 && 64BIT 1692 select CRYPTO_SKCIPHER 1693 select CRYPTO_TWOFISH_COMMON 1694 select CRYPTO_TWOFISH_X86_64 1695 select CRYPTO_GLUE_HELPER_X86 1696 help 1697 Twofish cipher algorithm (x86_64, 3-way parallel). 1698 1699 Twofish was submitted as an AES (Advanced Encryption Standard) 1700 candidate cipher by researchers at CounterPane Systems. It is a 1701 16 round block cipher supporting key sizes of 128, 192, and 256 1702 bits. 1703 1704 This module provides Twofish cipher algorithm that processes three 1705 blocks parallel, utilizing resources of out-of-order CPUs better. 1706 1707 See also: 1708 <http://www.schneier.com/twofish.html> 1709 1710config CRYPTO_TWOFISH_AVX_X86_64 1711 tristate "Twofish cipher algorithm (x86_64/AVX)" 1712 depends on X86 && 64BIT 1713 select CRYPTO_SKCIPHER 1714 select CRYPTO_GLUE_HELPER_X86 1715 select CRYPTO_SIMD 1716 select CRYPTO_TWOFISH_COMMON 1717 select CRYPTO_TWOFISH_X86_64 1718 select CRYPTO_TWOFISH_X86_64_3WAY 1719 help 1720 Twofish cipher algorithm (x86_64/AVX). 1721 1722 Twofish was submitted as an AES (Advanced Encryption Standard) 1723 candidate cipher by researchers at CounterPane Systems. It is a 1724 16 round block cipher supporting key sizes of 128, 192, and 256 1725 bits. 1726 1727 This module provides the Twofish cipher algorithm that processes 1728 eight blocks parallel using the AVX Instruction Set. 1729 1730 See also: 1731 <http://www.schneier.com/twofish.html> 1732 1733comment "Compression" 1734 1735config CRYPTO_DEFLATE 1736 tristate "Deflate compression algorithm" 1737 select CRYPTO_ALGAPI 1738 select CRYPTO_ACOMP2 1739 select ZLIB_INFLATE 1740 select ZLIB_DEFLATE 1741 help 1742 This is the Deflate algorithm (RFC1951), specified for use in 1743 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1744 1745 You will most probably want this if using IPSec. 1746 1747config CRYPTO_LZO 1748 tristate "LZO compression algorithm" 1749 select CRYPTO_ALGAPI 1750 select CRYPTO_ACOMP2 1751 select LZO_COMPRESS 1752 select LZO_DECOMPRESS 1753 help 1754 This is the LZO algorithm. 1755 1756config CRYPTO_842 1757 tristate "842 compression algorithm" 1758 select CRYPTO_ALGAPI 1759 select CRYPTO_ACOMP2 1760 select 842_COMPRESS 1761 select 842_DECOMPRESS 1762 help 1763 This is the 842 algorithm. 1764 1765config CRYPTO_LZ4 1766 tristate "LZ4 compression algorithm" 1767 select CRYPTO_ALGAPI 1768 select CRYPTO_ACOMP2 1769 select LZ4_COMPRESS 1770 select LZ4_DECOMPRESS 1771 help 1772 This is the LZ4 algorithm. 1773 1774config CRYPTO_LZ4HC 1775 tristate "LZ4HC compression algorithm" 1776 select CRYPTO_ALGAPI 1777 select CRYPTO_ACOMP2 1778 select LZ4HC_COMPRESS 1779 select LZ4_DECOMPRESS 1780 help 1781 This is the LZ4 high compression mode algorithm. 1782 1783config CRYPTO_ZSTD 1784 tristate "Zstd compression algorithm" 1785 select CRYPTO_ALGAPI 1786 select CRYPTO_ACOMP2 1787 select ZSTD_COMPRESS 1788 select ZSTD_DECOMPRESS 1789 help 1790 This is the zstd algorithm. 1791 1792comment "Random Number Generation" 1793 1794config CRYPTO_ANSI_CPRNG 1795 tristate "Pseudo Random Number Generation for Cryptographic modules" 1796 select CRYPTO_AES 1797 select CRYPTO_RNG 1798 help 1799 This option enables the generic pseudo random number generator 1800 for cryptographic modules. Uses the Algorithm specified in 1801 ANSI X9.31 A.2.4. Note that this option must be enabled if 1802 CRYPTO_FIPS is selected 1803 1804menuconfig CRYPTO_DRBG_MENU 1805 tristate "NIST SP800-90A DRBG" 1806 help 1807 NIST SP800-90A compliant DRBG. In the following submenu, one or 1808 more of the DRBG types must be selected. 1809 1810if CRYPTO_DRBG_MENU 1811 1812config CRYPTO_DRBG_HMAC 1813 bool 1814 default y 1815 select CRYPTO_HMAC 1816 select CRYPTO_SHA256 1817 1818config CRYPTO_DRBG_HASH 1819 bool "Enable Hash DRBG" 1820 select CRYPTO_SHA256 1821 help 1822 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1823 1824config CRYPTO_DRBG_CTR 1825 bool "Enable CTR DRBG" 1826 select CRYPTO_AES 1827 depends on CRYPTO_CTR 1828 help 1829 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1830 1831config CRYPTO_DRBG 1832 tristate 1833 default CRYPTO_DRBG_MENU 1834 select CRYPTO_RNG 1835 select CRYPTO_JITTERENTROPY 1836 1837endif # if CRYPTO_DRBG_MENU 1838 1839config CRYPTO_JITTERENTROPY 1840 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1841 select CRYPTO_RNG 1842 help 1843 The Jitterentropy RNG is a noise that is intended 1844 to provide seed to another RNG. The RNG does not 1845 perform any cryptographic whitening of the generated 1846 random numbers. This Jitterentropy RNG registers with 1847 the kernel crypto API and can be used by any caller. 1848 1849config CRYPTO_USER_API 1850 tristate 1851 1852config CRYPTO_USER_API_HASH 1853 tristate "User-space interface for hash algorithms" 1854 depends on NET 1855 select CRYPTO_HASH 1856 select CRYPTO_USER_API 1857 help 1858 This option enables the user-spaces interface for hash 1859 algorithms. 1860 1861config CRYPTO_USER_API_SKCIPHER 1862 tristate "User-space interface for symmetric key cipher algorithms" 1863 depends on NET 1864 select CRYPTO_SKCIPHER 1865 select CRYPTO_USER_API 1866 help 1867 This option enables the user-spaces interface for symmetric 1868 key cipher algorithms. 1869 1870config CRYPTO_USER_API_RNG 1871 tristate "User-space interface for random number generator algorithms" 1872 depends on NET 1873 select CRYPTO_RNG 1874 select CRYPTO_USER_API 1875 help 1876 This option enables the user-spaces interface for random 1877 number generator algorithms. 1878 1879config CRYPTO_USER_API_AEAD 1880 tristate "User-space interface for AEAD cipher algorithms" 1881 depends on NET 1882 select CRYPTO_AEAD 1883 select CRYPTO_SKCIPHER 1884 select CRYPTO_NULL 1885 select CRYPTO_USER_API 1886 help 1887 This option enables the user-spaces interface for AEAD 1888 cipher algorithms. 1889 1890config CRYPTO_STATS 1891 bool "Crypto usage statistics for User-space" 1892 depends on CRYPTO_USER 1893 help 1894 This option enables the gathering of crypto stats. 1895 This will collect: 1896 - encrypt/decrypt size and numbers of symmeric operations 1897 - compress/decompress size and numbers of compress operations 1898 - size and numbers of hash operations 1899 - encrypt/decrypt/sign/verify numbers for asymmetric operations 1900 - generate/seed numbers for rng operations 1901 1902config CRYPTO_HASH_INFO 1903 bool 1904 1905source "lib/crypto/Kconfig" 1906source "drivers/crypto/Kconfig" 1907source "crypto/asymmetric_keys/Kconfig" 1908source "certs/Kconfig" 1909 1910endif # if CRYPTO 1911