1b2441318SGreg Kroah-Hartman# SPDX-License-Identifier: GPL-2.0 21da177e4SLinus Torvalds# 3685784aaSDan Williams# Generic algorithms support 4685784aaSDan Williams# 5685784aaSDan Williamsconfig XOR_BLOCKS 6685784aaSDan Williams tristate 7685784aaSDan Williams 8685784aaSDan Williams# 99bc89cd8SDan Williams# async_tx api: hardware offloaded memory transfer/transform support 109bc89cd8SDan Williams# 119bc89cd8SDan Williamssource "crypto/async_tx/Kconfig" 129bc89cd8SDan Williams 139bc89cd8SDan Williams# 141da177e4SLinus Torvalds# Cryptographic API Configuration 151da177e4SLinus Torvalds# 162e290f43SJan Engelhardtmenuconfig CRYPTO 17c3715cb9SSebastian Siewior tristate "Cryptographic API" 18920b0442SJason A. Donenfeld select LIB_MEMNEQ 191da177e4SLinus Torvalds help 201da177e4SLinus Torvalds This option provides the core Cryptographic API. 211da177e4SLinus Torvalds 22cce9e06dSHerbert Xuif CRYPTO 23cce9e06dSHerbert Xu 24584fffc8SSebastian Siewiorcomment "Crypto core or helper" 25584fffc8SSebastian Siewior 26ccb778e1SNeil Hormanconfig CRYPTO_FIPS 27ccb778e1SNeil Horman bool "FIPS 200 compliance" 28f2c89a10SHerbert Xu depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 291f696097SAlec Ari depends on (MODULE_SIG || !MODULES) 30ccb778e1SNeil Horman help 31d99324c2SGeert Uytterhoeven This option enables the fips boot option which is 32d99324c2SGeert Uytterhoeven required if you want the system to operate in a FIPS 200 33ccb778e1SNeil Horman certification. You should say no unless you know what 34e84c5480SChuck Ebbert this is. 35ccb778e1SNeil Horman 365a44749fSVladis Dronovconfig CRYPTO_FIPS_NAME 375a44749fSVladis Dronov string "FIPS Module Name" 385a44749fSVladis Dronov default "Linux Kernel Cryptographic API" 395a44749fSVladis Dronov depends on CRYPTO_FIPS 405a44749fSVladis Dronov help 415a44749fSVladis Dronov This option sets the FIPS Module name reported by the Crypto API via 425a44749fSVladis Dronov the /proc/sys/crypto/fips_name file. 435a44749fSVladis Dronov 445a44749fSVladis Dronovconfig CRYPTO_FIPS_CUSTOM_VERSION 455a44749fSVladis Dronov bool "Use Custom FIPS Module Version" 465a44749fSVladis Dronov depends on CRYPTO_FIPS 475a44749fSVladis Dronov default n 485a44749fSVladis Dronov 495a44749fSVladis Dronovconfig CRYPTO_FIPS_VERSION 505a44749fSVladis Dronov string "FIPS Module Version" 515a44749fSVladis Dronov default "(none)" 525a44749fSVladis Dronov depends on CRYPTO_FIPS_CUSTOM_VERSION 535a44749fSVladis Dronov help 545a44749fSVladis Dronov This option provides the ability to override the FIPS Module Version. 555a44749fSVladis Dronov By default the KERNELRELEASE value is used. 565a44749fSVladis Dronov 57cce9e06dSHerbert Xuconfig CRYPTO_ALGAPI 58cce9e06dSHerbert Xu tristate 596a0fcbb4SHerbert Xu select CRYPTO_ALGAPI2 60cce9e06dSHerbert Xu help 61cce9e06dSHerbert Xu This option provides the API for cryptographic algorithms. 62cce9e06dSHerbert Xu 636a0fcbb4SHerbert Xuconfig CRYPTO_ALGAPI2 646a0fcbb4SHerbert Xu tristate 656a0fcbb4SHerbert Xu 661ae97820SHerbert Xuconfig CRYPTO_AEAD 671ae97820SHerbert Xu tristate 686a0fcbb4SHerbert Xu select CRYPTO_AEAD2 691ae97820SHerbert Xu select CRYPTO_ALGAPI 701ae97820SHerbert Xu 716a0fcbb4SHerbert Xuconfig CRYPTO_AEAD2 726a0fcbb4SHerbert Xu tristate 736a0fcbb4SHerbert Xu select CRYPTO_ALGAPI2 74149a3971SHerbert Xu select CRYPTO_NULL2 75149a3971SHerbert Xu select CRYPTO_RNG2 766a0fcbb4SHerbert Xu 77b95bba5dSEric Biggersconfig CRYPTO_SKCIPHER 785cde0af2SHerbert Xu tristate 79b95bba5dSEric Biggers select CRYPTO_SKCIPHER2 805cde0af2SHerbert Xu select CRYPTO_ALGAPI 816a0fcbb4SHerbert Xu 82b95bba5dSEric Biggersconfig CRYPTO_SKCIPHER2 836a0fcbb4SHerbert Xu tristate 846a0fcbb4SHerbert Xu select CRYPTO_ALGAPI2 856a0fcbb4SHerbert Xu select CRYPTO_RNG2 865cde0af2SHerbert Xu 87055bcee3SHerbert Xuconfig CRYPTO_HASH 88055bcee3SHerbert Xu tristate 896a0fcbb4SHerbert Xu select CRYPTO_HASH2 90055bcee3SHerbert Xu select CRYPTO_ALGAPI 91055bcee3SHerbert Xu 926a0fcbb4SHerbert Xuconfig CRYPTO_HASH2 936a0fcbb4SHerbert Xu tristate 946a0fcbb4SHerbert Xu select CRYPTO_ALGAPI2 956a0fcbb4SHerbert Xu 9617f0f4a4SNeil Hormanconfig CRYPTO_RNG 9717f0f4a4SNeil Horman tristate 986a0fcbb4SHerbert Xu select CRYPTO_RNG2 9917f0f4a4SNeil Horman select CRYPTO_ALGAPI 10017f0f4a4SNeil Horman 1016a0fcbb4SHerbert Xuconfig CRYPTO_RNG2 1026a0fcbb4SHerbert Xu tristate 1036a0fcbb4SHerbert Xu select CRYPTO_ALGAPI2 1046a0fcbb4SHerbert Xu 105401e4238SHerbert Xuconfig CRYPTO_RNG_DEFAULT 106401e4238SHerbert Xu tristate 107401e4238SHerbert Xu select CRYPTO_DRBG_MENU 108401e4238SHerbert Xu 1093c339ab8STadeusz Strukconfig CRYPTO_AKCIPHER2 1103c339ab8STadeusz Struk tristate 1113c339ab8STadeusz Struk select CRYPTO_ALGAPI2 1123c339ab8STadeusz Struk 1133c339ab8STadeusz Strukconfig CRYPTO_AKCIPHER 1143c339ab8STadeusz Struk tristate 1153c339ab8STadeusz Struk select CRYPTO_AKCIPHER2 1163c339ab8STadeusz Struk select CRYPTO_ALGAPI 1173c339ab8STadeusz Struk 1184e5f2c40SSalvatore Benedettoconfig CRYPTO_KPP2 1194e5f2c40SSalvatore Benedetto tristate 1204e5f2c40SSalvatore Benedetto select CRYPTO_ALGAPI2 1214e5f2c40SSalvatore Benedetto 1224e5f2c40SSalvatore Benedettoconfig CRYPTO_KPP 1234e5f2c40SSalvatore Benedetto tristate 1244e5f2c40SSalvatore Benedetto select CRYPTO_ALGAPI 1254e5f2c40SSalvatore Benedetto select CRYPTO_KPP2 1264e5f2c40SSalvatore Benedetto 1272ebda74fSGiovanni Cabidduconfig CRYPTO_ACOMP2 1282ebda74fSGiovanni Cabiddu tristate 1292ebda74fSGiovanni Cabiddu select CRYPTO_ALGAPI2 1308cd579d2SBart Van Assche select SGL_ALLOC 1312ebda74fSGiovanni Cabiddu 1322ebda74fSGiovanni Cabidduconfig CRYPTO_ACOMP 1332ebda74fSGiovanni Cabiddu tristate 1342ebda74fSGiovanni Cabiddu select CRYPTO_ALGAPI 1352ebda74fSGiovanni Cabiddu select CRYPTO_ACOMP2 1362ebda74fSGiovanni Cabiddu 1372b8c19dbSHerbert Xuconfig CRYPTO_MANAGER 1382b8c19dbSHerbert Xu tristate "Cryptographic algorithm manager" 1396a0fcbb4SHerbert Xu select CRYPTO_MANAGER2 1402b8c19dbSHerbert Xu help 1412b8c19dbSHerbert Xu Create default cryptographic template instantiations such as 1422b8c19dbSHerbert Xu cbc(aes). 1432b8c19dbSHerbert Xu 1446a0fcbb4SHerbert Xuconfig CRYPTO_MANAGER2 1456a0fcbb4SHerbert Xu def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 1466a0fcbb4SHerbert Xu select CRYPTO_AEAD2 1476a0fcbb4SHerbert Xu select CRYPTO_HASH2 148b95bba5dSEric Biggers select CRYPTO_SKCIPHER2 149946cc463STadeusz Struk select CRYPTO_AKCIPHER2 1504e5f2c40SSalvatore Benedetto select CRYPTO_KPP2 1512ebda74fSGiovanni Cabiddu select CRYPTO_ACOMP2 1526a0fcbb4SHerbert Xu 153a38f7907SSteffen Klassertconfig CRYPTO_USER 154a38f7907SSteffen Klassert tristate "Userspace cryptographic algorithm configuration" 1555db017aaSHerbert Xu depends on NET 156a38f7907SSteffen Klassert select CRYPTO_MANAGER 157a38f7907SSteffen Klassert help 158d19978f5SValdis.Kletnieks@vt.edu Userspace configuration for cryptographic instantiations such as 159a38f7907SSteffen Klassert cbc(aes). 160a38f7907SSteffen Klassert 161326a6346SHerbert Xuconfig CRYPTO_MANAGER_DISABLE_TESTS 162326a6346SHerbert Xu bool "Disable run-time self tests" 16300ca28a5SHerbert Xu default y 1640b767f96SAlexander Shishkin help 165326a6346SHerbert Xu Disable run-time self tests that normally take place at 166326a6346SHerbert Xu algorithm registration. 1670b767f96SAlexander Shishkin 1685b2706a4SEric Biggersconfig CRYPTO_MANAGER_EXTRA_TESTS 1695b2706a4SEric Biggers bool "Enable extra run-time crypto self tests" 1706569e309SJason A. Donenfeld depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER 1715b2706a4SEric Biggers help 1725b2706a4SEric Biggers Enable extra run-time self tests of registered crypto algorithms, 1735b2706a4SEric Biggers including randomized fuzz tests. 1745b2706a4SEric Biggers 1755b2706a4SEric Biggers This is intended for developer use only, as these tests take much 1765b2706a4SEric Biggers longer to run than the normal self tests. 1775b2706a4SEric Biggers 178584fffc8SSebastian Siewiorconfig CRYPTO_GF128MUL 179e590e132SEric Biggers tristate 180584fffc8SSebastian Siewior 181584fffc8SSebastian Siewiorconfig CRYPTO_NULL 182584fffc8SSebastian Siewior tristate "Null algorithms" 183149a3971SHerbert Xu select CRYPTO_NULL2 184584fffc8SSebastian Siewior help 185584fffc8SSebastian Siewior These are 'Null' algorithms, used by IPsec, which do nothing. 186584fffc8SSebastian Siewior 187149a3971SHerbert Xuconfig CRYPTO_NULL2 188dd43c4e9SHerbert Xu tristate 189149a3971SHerbert Xu select CRYPTO_ALGAPI2 190b95bba5dSEric Biggers select CRYPTO_SKCIPHER2 191149a3971SHerbert Xu select CRYPTO_HASH2 192149a3971SHerbert Xu 1935068c7a8SSteffen Klassertconfig CRYPTO_PCRYPT 1943b4afaf2SKees Cook tristate "Parallel crypto engine" 1953b4afaf2SKees Cook depends on SMP 1965068c7a8SSteffen Klassert select PADATA 1975068c7a8SSteffen Klassert select CRYPTO_MANAGER 1985068c7a8SSteffen Klassert select CRYPTO_AEAD 1995068c7a8SSteffen Klassert help 2005068c7a8SSteffen Klassert This converts an arbitrary crypto algorithm into a parallel 2015068c7a8SSteffen Klassert algorithm that executes in kernel threads. 2025068c7a8SSteffen Klassert 203584fffc8SSebastian Siewiorconfig CRYPTO_CRYPTD 204584fffc8SSebastian Siewior tristate "Software async crypto daemon" 205b95bba5dSEric Biggers select CRYPTO_SKCIPHER 206b8a28251SLoc Ho select CRYPTO_HASH 207584fffc8SSebastian Siewior select CRYPTO_MANAGER 208584fffc8SSebastian Siewior help 209584fffc8SSebastian Siewior This is a generic software asynchronous crypto daemon that 210584fffc8SSebastian Siewior converts an arbitrary synchronous software crypto algorithm 211584fffc8SSebastian Siewior into an asynchronous algorithm that executes in a kernel thread. 212584fffc8SSebastian Siewior 213584fffc8SSebastian Siewiorconfig CRYPTO_AUTHENC 214584fffc8SSebastian Siewior tristate "Authenc support" 215584fffc8SSebastian Siewior select CRYPTO_AEAD 216b95bba5dSEric Biggers select CRYPTO_SKCIPHER 217584fffc8SSebastian Siewior select CRYPTO_MANAGER 218584fffc8SSebastian Siewior select CRYPTO_HASH 219e94c6a7aSHerbert Xu select CRYPTO_NULL 220584fffc8SSebastian Siewior help 221584fffc8SSebastian Siewior Authenc: Combined mode wrapper for IPsec. 222584fffc8SSebastian Siewior This is required for IPSec. 223584fffc8SSebastian Siewior 224584fffc8SSebastian Siewiorconfig CRYPTO_TEST 225584fffc8SSebastian Siewior tristate "Testing module" 22600ea27f1SArd Biesheuvel depends on m || EXPERT 227da7f033dSHerbert Xu select CRYPTO_MANAGER 228584fffc8SSebastian Siewior help 229584fffc8SSebastian Siewior Quick & dirty crypto test module. 230584fffc8SSebastian Siewior 231266d0516SHerbert Xuconfig CRYPTO_SIMD 232266d0516SHerbert Xu tristate 233266d0516SHerbert Xu select CRYPTO_CRYPTD 234266d0516SHerbert Xu 235735d37b5SBaolin Wangconfig CRYPTO_ENGINE 236735d37b5SBaolin Wang tristate 237735d37b5SBaolin Wang 2383d6228a5SVitaly Chikunovcomment "Public-key cryptography" 2393d6228a5SVitaly Chikunov 2403d6228a5SVitaly Chikunovconfig CRYPTO_RSA 2413d6228a5SVitaly Chikunov tristate "RSA algorithm" 2423d6228a5SVitaly Chikunov select CRYPTO_AKCIPHER 2433d6228a5SVitaly Chikunov select CRYPTO_MANAGER 2443d6228a5SVitaly Chikunov select MPILIB 2453d6228a5SVitaly Chikunov select ASN1 2463d6228a5SVitaly Chikunov help 2473d6228a5SVitaly Chikunov Generic implementation of the RSA public key algorithm. 2483d6228a5SVitaly Chikunov 2493d6228a5SVitaly Chikunovconfig CRYPTO_DH 2503d6228a5SVitaly Chikunov tristate "Diffie-Hellman algorithm" 2513d6228a5SVitaly Chikunov select CRYPTO_KPP 2523d6228a5SVitaly Chikunov select MPILIB 2533d6228a5SVitaly Chikunov help 2543d6228a5SVitaly Chikunov Generic implementation of the Diffie-Hellman algorithm. 2553d6228a5SVitaly Chikunov 2567dce5981SNicolai Stangeconfig CRYPTO_DH_RFC7919_GROUPS 2577dce5981SNicolai Stange bool "Support for RFC 7919 FFDHE group parameters" 2587dce5981SNicolai Stange depends on CRYPTO_DH 2591e207964SNicolai Stange select CRYPTO_RNG_DEFAULT 2607dce5981SNicolai Stange help 2617dce5981SNicolai Stange Provide support for RFC 7919 FFDHE group parameters. If unsure, say N. 2627dce5981SNicolai Stange 2634a2289daSVitaly Chikunovconfig CRYPTO_ECC 2644a2289daSVitaly Chikunov tristate 26538aa192aSArnd Bergmann select CRYPTO_RNG_DEFAULT 2664a2289daSVitaly Chikunov 2673d6228a5SVitaly Chikunovconfig CRYPTO_ECDH 2683d6228a5SVitaly Chikunov tristate "ECDH algorithm" 2694a2289daSVitaly Chikunov select CRYPTO_ECC 2703d6228a5SVitaly Chikunov select CRYPTO_KPP 2713d6228a5SVitaly Chikunov help 2723d6228a5SVitaly Chikunov Generic implementation of the ECDH algorithm 2733d6228a5SVitaly Chikunov 2744e660291SStefan Bergerconfig CRYPTO_ECDSA 2754e660291SStefan Berger tristate "ECDSA (NIST P192, P256 etc.) algorithm" 2764e660291SStefan Berger select CRYPTO_ECC 2774e660291SStefan Berger select CRYPTO_AKCIPHER 2784e660291SStefan Berger select ASN1 2794e660291SStefan Berger help 2804e660291SStefan Berger Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.) 2814e660291SStefan Berger is A NIST cryptographic standard algorithm. Only signature verification 2824e660291SStefan Berger is implemented. 2834e660291SStefan Berger 2840d7a7864SVitaly Chikunovconfig CRYPTO_ECRDSA 2850d7a7864SVitaly Chikunov tristate "EC-RDSA (GOST 34.10) algorithm" 2860d7a7864SVitaly Chikunov select CRYPTO_ECC 2870d7a7864SVitaly Chikunov select CRYPTO_AKCIPHER 2880d7a7864SVitaly Chikunov select CRYPTO_STREEBOG 2891036633eSVitaly Chikunov select OID_REGISTRY 2901036633eSVitaly Chikunov select ASN1 2910d7a7864SVitaly Chikunov help 2920d7a7864SVitaly Chikunov Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 2930d7a7864SVitaly Chikunov RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic 2940d7a7864SVitaly Chikunov standard algorithms (called GOST algorithms). Only signature verification 2950d7a7864SVitaly Chikunov is implemented. 2960d7a7864SVitaly Chikunov 297ea7ecb66STianjia Zhangconfig CRYPTO_SM2 298ea7ecb66STianjia Zhang tristate "SM2 algorithm" 299d2825fa9SJason A. Donenfeld select CRYPTO_SM3 300ea7ecb66STianjia Zhang select CRYPTO_AKCIPHER 301ea7ecb66STianjia Zhang select CRYPTO_MANAGER 302ea7ecb66STianjia Zhang select MPILIB 303ea7ecb66STianjia Zhang select ASN1 304ea7ecb66STianjia Zhang help 305ea7ecb66STianjia Zhang Generic implementation of the SM2 public key algorithm. It was 306ea7ecb66STianjia Zhang published by State Encryption Management Bureau, China. 307ea7ecb66STianjia Zhang as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012. 308ea7ecb66STianjia Zhang 309ea7ecb66STianjia Zhang References: 310ea7ecb66STianjia Zhang https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 311ea7ecb66STianjia Zhang http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml 312ea7ecb66STianjia Zhang http://www.gmbz.org.cn/main/bzlb.html 313ea7ecb66STianjia Zhang 314ee772cb6SArd Biesheuvelconfig CRYPTO_CURVE25519 315ee772cb6SArd Biesheuvel tristate "Curve25519 algorithm" 316ee772cb6SArd Biesheuvel select CRYPTO_KPP 317ee772cb6SArd Biesheuvel select CRYPTO_LIB_CURVE25519_GENERIC 318ee772cb6SArd Biesheuvel 319bb611bdfSJason A. Donenfeldconfig CRYPTO_CURVE25519_X86 320bb611bdfSJason A. Donenfeld tristate "x86_64 accelerated Curve25519 scalar multiplication library" 321bb611bdfSJason A. Donenfeld depends on X86 && 64BIT 322bb611bdfSJason A. Donenfeld select CRYPTO_LIB_CURVE25519_GENERIC 323bb611bdfSJason A. Donenfeld select CRYPTO_ARCH_HAVE_LIB_CURVE25519 324bb611bdfSJason A. Donenfeld 325584fffc8SSebastian Siewiorcomment "Authenticated Encryption with Associated Data" 326584fffc8SSebastian Siewior 327584fffc8SSebastian Siewiorconfig CRYPTO_CCM 328584fffc8SSebastian Siewior tristate "CCM support" 329584fffc8SSebastian Siewior select CRYPTO_CTR 330f15f05b0SArd Biesheuvel select CRYPTO_HASH 331584fffc8SSebastian Siewior select CRYPTO_AEAD 332c8a3315aSEric Biggers select CRYPTO_MANAGER 333584fffc8SSebastian Siewior help 334584fffc8SSebastian Siewior Support for Counter with CBC MAC. Required for IPsec. 335584fffc8SSebastian Siewior 336584fffc8SSebastian Siewiorconfig CRYPTO_GCM 337584fffc8SSebastian Siewior tristate "GCM/GMAC support" 338584fffc8SSebastian Siewior select CRYPTO_CTR 339584fffc8SSebastian Siewior select CRYPTO_AEAD 3409382d97aSHuang Ying select CRYPTO_GHASH 3419489667dSJussi Kivilinna select CRYPTO_NULL 342c8a3315aSEric Biggers select CRYPTO_MANAGER 343584fffc8SSebastian Siewior help 344584fffc8SSebastian Siewior Support for Galois/Counter Mode (GCM) and Galois Message 345584fffc8SSebastian Siewior Authentication Code (GMAC). Required for IPSec. 346584fffc8SSebastian Siewior 34771ebc4d1SMartin Williconfig CRYPTO_CHACHA20POLY1305 34871ebc4d1SMartin Willi tristate "ChaCha20-Poly1305 AEAD support" 34971ebc4d1SMartin Willi select CRYPTO_CHACHA20 35071ebc4d1SMartin Willi select CRYPTO_POLY1305 35171ebc4d1SMartin Willi select CRYPTO_AEAD 352c8a3315aSEric Biggers select CRYPTO_MANAGER 35371ebc4d1SMartin Willi help 35471ebc4d1SMartin Willi ChaCha20-Poly1305 AEAD support, RFC7539. 35571ebc4d1SMartin Willi 35671ebc4d1SMartin Willi Support for the AEAD wrapper using the ChaCha20 stream cipher combined 35771ebc4d1SMartin Willi with the Poly1305 authenticator. It is defined in RFC7539 for use in 35871ebc4d1SMartin Willi IETF protocols. 35971ebc4d1SMartin Willi 360f606a88eSOndrej Mosnacekconfig CRYPTO_AEGIS128 361f606a88eSOndrej Mosnacek tristate "AEGIS-128 AEAD algorithm" 362f606a88eSOndrej Mosnacek select CRYPTO_AEAD 363f606a88eSOndrej Mosnacek select CRYPTO_AES # for AES S-box tables 364f606a88eSOndrej Mosnacek help 365f606a88eSOndrej Mosnacek Support for the AEGIS-128 dedicated AEAD algorithm. 366f606a88eSOndrej Mosnacek 367a4397635SArd Biesheuvelconfig CRYPTO_AEGIS128_SIMD 368a4397635SArd Biesheuvel bool "Support SIMD acceleration for AEGIS-128" 369a4397635SArd Biesheuvel depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) 370a4397635SArd Biesheuvel default y 371a4397635SArd Biesheuvel 3721d373d4eSOndrej Mosnacekconfig CRYPTO_AEGIS128_AESNI_SSE2 3731d373d4eSOndrej Mosnacek tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 3741d373d4eSOndrej Mosnacek depends on X86 && 64BIT 3751d373d4eSOndrej Mosnacek select CRYPTO_AEAD 376de272ca7SEric Biggers select CRYPTO_SIMD 3771d373d4eSOndrej Mosnacek help 3784e5180ebSOndrej Mosnacek AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm. 3791d373d4eSOndrej Mosnacek 380584fffc8SSebastian Siewiorconfig CRYPTO_SEQIV 381584fffc8SSebastian Siewior tristate "Sequence Number IV Generator" 382584fffc8SSebastian Siewior select CRYPTO_AEAD 383b95bba5dSEric Biggers select CRYPTO_SKCIPHER 384856e3f40SHerbert Xu select CRYPTO_NULL 385401e4238SHerbert Xu select CRYPTO_RNG_DEFAULT 386c8a3315aSEric Biggers select CRYPTO_MANAGER 387584fffc8SSebastian Siewior help 388584fffc8SSebastian Siewior This IV generator generates an IV based on a sequence number by 389584fffc8SSebastian Siewior xoring it with a salt. This algorithm is mainly useful for CTR 390584fffc8SSebastian Siewior 391a10f554fSHerbert Xuconfig CRYPTO_ECHAINIV 392a10f554fSHerbert Xu tristate "Encrypted Chain IV Generator" 393a10f554fSHerbert Xu select CRYPTO_AEAD 394a10f554fSHerbert Xu select CRYPTO_NULL 395401e4238SHerbert Xu select CRYPTO_RNG_DEFAULT 396c8a3315aSEric Biggers select CRYPTO_MANAGER 397a10f554fSHerbert Xu help 398a10f554fSHerbert Xu This IV generator generates an IV based on the encryption of 399a10f554fSHerbert Xu a sequence number xored with a salt. This is the default 400a10f554fSHerbert Xu algorithm for CBC. 401a10f554fSHerbert Xu 402584fffc8SSebastian Siewiorcomment "Block modes" 403584fffc8SSebastian Siewior 404584fffc8SSebastian Siewiorconfig CRYPTO_CBC 405584fffc8SSebastian Siewior tristate "CBC support" 406b95bba5dSEric Biggers select CRYPTO_SKCIPHER 407584fffc8SSebastian Siewior select CRYPTO_MANAGER 408584fffc8SSebastian Siewior help 409584fffc8SSebastian Siewior CBC: Cipher Block Chaining mode 410584fffc8SSebastian Siewior This block cipher algorithm is required for IPSec. 411584fffc8SSebastian Siewior 412a7d85e06SJames Bottomleyconfig CRYPTO_CFB 413a7d85e06SJames Bottomley tristate "CFB support" 414b95bba5dSEric Biggers select CRYPTO_SKCIPHER 415a7d85e06SJames Bottomley select CRYPTO_MANAGER 416a7d85e06SJames Bottomley help 417a7d85e06SJames Bottomley CFB: Cipher FeedBack mode 418a7d85e06SJames Bottomley This block cipher algorithm is required for TPM2 Cryptography. 419a7d85e06SJames Bottomley 420584fffc8SSebastian Siewiorconfig CRYPTO_CTR 421584fffc8SSebastian Siewior tristate "CTR support" 422b95bba5dSEric Biggers select CRYPTO_SKCIPHER 423584fffc8SSebastian Siewior select CRYPTO_MANAGER 424584fffc8SSebastian Siewior help 425584fffc8SSebastian Siewior CTR: Counter mode 426584fffc8SSebastian Siewior This block cipher algorithm is required for IPSec. 427584fffc8SSebastian Siewior 428584fffc8SSebastian Siewiorconfig CRYPTO_CTS 429584fffc8SSebastian Siewior tristate "CTS support" 430b95bba5dSEric Biggers select CRYPTO_SKCIPHER 431c8a3315aSEric Biggers select CRYPTO_MANAGER 432584fffc8SSebastian Siewior help 433584fffc8SSebastian Siewior CTS: Cipher Text Stealing 434584fffc8SSebastian Siewior This is the Cipher Text Stealing mode as described by 435ecd6d5c9SGilad Ben-Yossef Section 8 of rfc2040 and referenced by rfc3962 436ecd6d5c9SGilad Ben-Yossef (rfc3962 includes errata information in its Appendix A) or 437ecd6d5c9SGilad Ben-Yossef CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. 438584fffc8SSebastian Siewior This mode is required for Kerberos gss mechanism support 439584fffc8SSebastian Siewior for AES encryption. 440584fffc8SSebastian Siewior 441ecd6d5c9SGilad Ben-Yossef See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final 442ecd6d5c9SGilad Ben-Yossef 443584fffc8SSebastian Siewiorconfig CRYPTO_ECB 444584fffc8SSebastian Siewior tristate "ECB support" 445b95bba5dSEric Biggers select CRYPTO_SKCIPHER 446584fffc8SSebastian Siewior select CRYPTO_MANAGER 447584fffc8SSebastian Siewior help 448584fffc8SSebastian Siewior ECB: Electronic CodeBook mode 449584fffc8SSebastian Siewior This is the simplest block cipher algorithm. It simply encrypts 450584fffc8SSebastian Siewior the input block by block. 451584fffc8SSebastian Siewior 452584fffc8SSebastian Siewiorconfig CRYPTO_LRW 4532470a2b2SJussi Kivilinna tristate "LRW support" 454b95bba5dSEric Biggers select CRYPTO_SKCIPHER 455584fffc8SSebastian Siewior select CRYPTO_MANAGER 456584fffc8SSebastian Siewior select CRYPTO_GF128MUL 457f60bbbbeSHerbert Xu select CRYPTO_ECB 458584fffc8SSebastian Siewior help 459584fffc8SSebastian Siewior LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 460584fffc8SSebastian Siewior narrow block cipher mode for dm-crypt. Use it with cipher 461584fffc8SSebastian Siewior specification string aes-lrw-benbi, the key must be 256, 320 or 384. 462584fffc8SSebastian Siewior The first 128, 192 or 256 bits in the key are used for AES and the 463584fffc8SSebastian Siewior rest is used to tie each cipher block to its logical position. 464584fffc8SSebastian Siewior 465e497c518SGilad Ben-Yossefconfig CRYPTO_OFB 466e497c518SGilad Ben-Yossef tristate "OFB support" 467b95bba5dSEric Biggers select CRYPTO_SKCIPHER 468e497c518SGilad Ben-Yossef select CRYPTO_MANAGER 469e497c518SGilad Ben-Yossef help 470e497c518SGilad Ben-Yossef OFB: the Output Feedback mode makes a block cipher into a synchronous 471e497c518SGilad Ben-Yossef stream cipher. It generates keystream blocks, which are then XORed 472e497c518SGilad Ben-Yossef with the plaintext blocks to get the ciphertext. Flipping a bit in the 473e497c518SGilad Ben-Yossef ciphertext produces a flipped bit in the plaintext at the same 474e497c518SGilad Ben-Yossef location. This property allows many error correcting codes to function 475e497c518SGilad Ben-Yossef normally even when applied before encryption. 476e497c518SGilad Ben-Yossef 477584fffc8SSebastian Siewiorconfig CRYPTO_PCBC 478584fffc8SSebastian Siewior tristate "PCBC support" 479b95bba5dSEric Biggers select CRYPTO_SKCIPHER 480584fffc8SSebastian Siewior select CRYPTO_MANAGER 481584fffc8SSebastian Siewior help 482584fffc8SSebastian Siewior PCBC: Propagating Cipher Block Chaining mode 483584fffc8SSebastian Siewior This block cipher algorithm is required for RxRPC. 484584fffc8SSebastian Siewior 48517fee07aSNathan Huckleberryconfig CRYPTO_XCTR 48617fee07aSNathan Huckleberry tristate 48717fee07aSNathan Huckleberry select CRYPTO_SKCIPHER 48817fee07aSNathan Huckleberry select CRYPTO_MANAGER 48917fee07aSNathan Huckleberry help 49017fee07aSNathan Huckleberry XCTR: XOR Counter mode. This blockcipher mode is a variant of CTR mode 49117fee07aSNathan Huckleberry using XORs and little-endian addition rather than big-endian arithmetic. 49217fee07aSNathan Huckleberry XCTR mode is used to implement HCTR2. 49317fee07aSNathan Huckleberry 494584fffc8SSebastian Siewiorconfig CRYPTO_XTS 4955bcf8e6dSJussi Kivilinna tristate "XTS support" 496b95bba5dSEric Biggers select CRYPTO_SKCIPHER 497584fffc8SSebastian Siewior select CRYPTO_MANAGER 49812cb3a1cSMilan Broz select CRYPTO_ECB 499584fffc8SSebastian Siewior help 500584fffc8SSebastian Siewior XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 501584fffc8SSebastian Siewior key size 256, 384 or 512 bits. This implementation currently 502584fffc8SSebastian Siewior can't handle a sectorsize which is not a multiple of 16 bytes. 503584fffc8SSebastian Siewior 5041c49678eSStephan Muellerconfig CRYPTO_KEYWRAP 5051c49678eSStephan Mueller tristate "Key wrapping support" 506b95bba5dSEric Biggers select CRYPTO_SKCIPHER 507c8a3315aSEric Biggers select CRYPTO_MANAGER 5081c49678eSStephan Mueller help 5091c49678eSStephan Mueller Support for key wrapping (NIST SP800-38F / RFC3394) without 5101c49678eSStephan Mueller padding. 5111c49678eSStephan Mueller 51226609a21SEric Biggersconfig CRYPTO_NHPOLY1305 51326609a21SEric Biggers tristate 51426609a21SEric Biggers select CRYPTO_HASH 51548ea8c6eSArd Biesheuvel select CRYPTO_LIB_POLY1305_GENERIC 51626609a21SEric Biggers 517012c8238SEric Biggersconfig CRYPTO_NHPOLY1305_SSE2 518012c8238SEric Biggers tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)" 519012c8238SEric Biggers depends on X86 && 64BIT 520012c8238SEric Biggers select CRYPTO_NHPOLY1305 521012c8238SEric Biggers help 522012c8238SEric Biggers SSE2 optimized implementation of the hash function used by the 523012c8238SEric Biggers Adiantum encryption mode. 524012c8238SEric Biggers 5250f961f9fSEric Biggersconfig CRYPTO_NHPOLY1305_AVX2 5260f961f9fSEric Biggers tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)" 5270f961f9fSEric Biggers depends on X86 && 64BIT 5280f961f9fSEric Biggers select CRYPTO_NHPOLY1305 5290f961f9fSEric Biggers help 5300f961f9fSEric Biggers AVX2 optimized implementation of the hash function used by the 5310f961f9fSEric Biggers Adiantum encryption mode. 5320f961f9fSEric Biggers 533059c2a4dSEric Biggersconfig CRYPTO_ADIANTUM 534059c2a4dSEric Biggers tristate "Adiantum support" 535059c2a4dSEric Biggers select CRYPTO_CHACHA20 53648ea8c6eSArd Biesheuvel select CRYPTO_LIB_POLY1305_GENERIC 537059c2a4dSEric Biggers select CRYPTO_NHPOLY1305 538c8a3315aSEric Biggers select CRYPTO_MANAGER 539059c2a4dSEric Biggers help 540059c2a4dSEric Biggers Adiantum is a tweakable, length-preserving encryption mode 541059c2a4dSEric Biggers designed for fast and secure disk encryption, especially on 542059c2a4dSEric Biggers CPUs without dedicated crypto instructions. It encrypts 543059c2a4dSEric Biggers each sector using the XChaCha12 stream cipher, two passes of 544059c2a4dSEric Biggers an ε-almost-∆-universal hash function, and an invocation of 545059c2a4dSEric Biggers the AES-256 block cipher on a single 16-byte block. On CPUs 546059c2a4dSEric Biggers without AES instructions, Adiantum is much faster than 547059c2a4dSEric Biggers AES-XTS. 548059c2a4dSEric Biggers 549059c2a4dSEric Biggers Adiantum's security is provably reducible to that of its 550059c2a4dSEric Biggers underlying stream and block ciphers, subject to a security 551059c2a4dSEric Biggers bound. Unlike XTS, Adiantum is a true wide-block encryption 552059c2a4dSEric Biggers mode, so it actually provides an even stronger notion of 553059c2a4dSEric Biggers security than XTS, subject to the security bound. 554059c2a4dSEric Biggers 555059c2a4dSEric Biggers If unsure, say N. 556059c2a4dSEric Biggers 5577ff554ceSNathan Huckleberryconfig CRYPTO_HCTR2 5587ff554ceSNathan Huckleberry tristate "HCTR2 support" 5597ff554ceSNathan Huckleberry select CRYPTO_XCTR 5607ff554ceSNathan Huckleberry select CRYPTO_POLYVAL 5617ff554ceSNathan Huckleberry select CRYPTO_MANAGER 5627ff554ceSNathan Huckleberry help 5637ff554ceSNathan Huckleberry HCTR2 is a length-preserving encryption mode for storage encryption that 5647ff554ceSNathan Huckleberry is efficient on processors with instructions to accelerate AES and 5657ff554ceSNathan Huckleberry carryless multiplication, e.g. x86 processors with AES-NI and CLMUL, and 5667ff554ceSNathan Huckleberry ARM processors with the ARMv8 crypto extensions. 5677ff554ceSNathan Huckleberry 568be1eb7f7SArd Biesheuvelconfig CRYPTO_ESSIV 569be1eb7f7SArd Biesheuvel tristate "ESSIV support for block encryption" 570be1eb7f7SArd Biesheuvel select CRYPTO_AUTHENC 571be1eb7f7SArd Biesheuvel help 572be1eb7f7SArd Biesheuvel Encrypted salt-sector initialization vector (ESSIV) is an IV 573be1eb7f7SArd Biesheuvel generation method that is used in some cases by fscrypt and/or 574be1eb7f7SArd Biesheuvel dm-crypt. It uses the hash of the block encryption key as the 575be1eb7f7SArd Biesheuvel symmetric key for a block encryption pass applied to the input 576be1eb7f7SArd Biesheuvel IV, making low entropy IV sources more suitable for block 577be1eb7f7SArd Biesheuvel encryption. 578be1eb7f7SArd Biesheuvel 579be1eb7f7SArd Biesheuvel This driver implements a crypto API template that can be 580ab3d436bSGeert Uytterhoeven instantiated either as an skcipher or as an AEAD (depending on the 581be1eb7f7SArd Biesheuvel type of the first template argument), and which defers encryption 582be1eb7f7SArd Biesheuvel and decryption requests to the encapsulated cipher after applying 583ab3d436bSGeert Uytterhoeven ESSIV to the input IV. Note that in the AEAD case, it is assumed 584be1eb7f7SArd Biesheuvel that the keys are presented in the same format used by the authenc 585be1eb7f7SArd Biesheuvel template, and that the IV appears at the end of the authenticated 586be1eb7f7SArd Biesheuvel associated data (AAD) region (which is how dm-crypt uses it.) 587be1eb7f7SArd Biesheuvel 588be1eb7f7SArd Biesheuvel Note that the use of ESSIV is not recommended for new deployments, 589be1eb7f7SArd Biesheuvel and so this only needs to be enabled when interoperability with 590be1eb7f7SArd Biesheuvel existing encrypted volumes of filesystems is required, or when 591be1eb7f7SArd Biesheuvel building for a particular system that requires it (e.g., when 592be1eb7f7SArd Biesheuvel the SoC in question has accelerated CBC but not XTS, making CBC 593be1eb7f7SArd Biesheuvel combined with ESSIV the only feasible mode for h/w accelerated 594be1eb7f7SArd Biesheuvel block encryption) 595be1eb7f7SArd Biesheuvel 596584fffc8SSebastian Siewiorcomment "Hash modes" 597584fffc8SSebastian Siewior 59893b5e86aSJussi Kivilinnaconfig CRYPTO_CMAC 59993b5e86aSJussi Kivilinna tristate "CMAC support" 60093b5e86aSJussi Kivilinna select CRYPTO_HASH 60193b5e86aSJussi Kivilinna select CRYPTO_MANAGER 60293b5e86aSJussi Kivilinna help 60393b5e86aSJussi Kivilinna Cipher-based Message Authentication Code (CMAC) specified by 60493b5e86aSJussi Kivilinna The National Institute of Standards and Technology (NIST). 60593b5e86aSJussi Kivilinna 60693b5e86aSJussi Kivilinna https://tools.ietf.org/html/rfc4493 60793b5e86aSJussi Kivilinna http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 60893b5e86aSJussi Kivilinna 6091da177e4SLinus Torvaldsconfig CRYPTO_HMAC 6108425165dSHerbert Xu tristate "HMAC support" 6110796ae06SHerbert Xu select CRYPTO_HASH 61243518407SHerbert Xu select CRYPTO_MANAGER 6131da177e4SLinus Torvalds help 6141da177e4SLinus Torvalds HMAC: Keyed-Hashing for Message Authentication (RFC2104). 6151da177e4SLinus Torvalds This is required for IPSec. 6161da177e4SLinus Torvalds 617333b0d7eSKazunori MIYAZAWAconfig CRYPTO_XCBC 618333b0d7eSKazunori MIYAZAWA tristate "XCBC support" 619333b0d7eSKazunori MIYAZAWA select CRYPTO_HASH 620333b0d7eSKazunori MIYAZAWA select CRYPTO_MANAGER 621333b0d7eSKazunori MIYAZAWA help 622333b0d7eSKazunori MIYAZAWA XCBC: Keyed-Hashing with encryption algorithm 6239332a9e7SAlexander A. Klimov https://www.ietf.org/rfc/rfc3566.txt 624333b0d7eSKazunori MIYAZAWA http://csrc.nist.gov/encryption/modes/proposedmodes/ 625333b0d7eSKazunori MIYAZAWA xcbc-mac/xcbc-mac-spec.pdf 626333b0d7eSKazunori MIYAZAWA 627f1939f7cSShane Wangconfig CRYPTO_VMAC 628f1939f7cSShane Wang tristate "VMAC support" 629f1939f7cSShane Wang select CRYPTO_HASH 630f1939f7cSShane Wang select CRYPTO_MANAGER 631f1939f7cSShane Wang help 632f1939f7cSShane Wang VMAC is a message authentication algorithm designed for 633f1939f7cSShane Wang very high speed on 64-bit architectures. 634f1939f7cSShane Wang 635f1939f7cSShane Wang See also: 6369332a9e7SAlexander A. Klimov <https://fastcrypto.org/vmac> 637f1939f7cSShane Wang 638584fffc8SSebastian Siewiorcomment "Digest" 639584fffc8SSebastian Siewior 640584fffc8SSebastian Siewiorconfig CRYPTO_CRC32C 641584fffc8SSebastian Siewior tristate "CRC32c CRC algorithm" 6425773a3e6SHerbert Xu select CRYPTO_HASH 6436a0962b2SDarrick J. Wong select CRC32 6441da177e4SLinus Torvalds help 645584fffc8SSebastian Siewior Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 646584fffc8SSebastian Siewior by iSCSI for header and data digests and by others. 64769c35efcSHerbert Xu See Castagnoli93. Module will be crc32c. 6481da177e4SLinus Torvalds 6498cb51ba8SAustin Zhangconfig CRYPTO_CRC32C_INTEL 6508cb51ba8SAustin Zhang tristate "CRC32c INTEL hardware acceleration" 6518cb51ba8SAustin Zhang depends on X86 6528cb51ba8SAustin Zhang select CRYPTO_HASH 6538cb51ba8SAustin Zhang help 6548cb51ba8SAustin Zhang In Intel processor with SSE4.2 supported, the processor will 6558cb51ba8SAustin Zhang support CRC32C implementation using hardware accelerated CRC32 6568cb51ba8SAustin Zhang instruction. This option will create 'crc32c-intel' module, 6578cb51ba8SAustin Zhang which will enable any routine to use the CRC32 instruction to 6588cb51ba8SAustin Zhang gain performance compared with software implementation. 6598cb51ba8SAustin Zhang Module will be crc32c-intel. 6608cb51ba8SAustin Zhang 6617cf31864SJean Delvareconfig CRYPTO_CRC32C_VPMSUM 6626dd7a82cSAnton Blanchard tristate "CRC32c CRC algorithm (powerpc64)" 663c12abf34SMichael Ellerman depends on PPC64 && ALTIVEC 6646dd7a82cSAnton Blanchard select CRYPTO_HASH 6656dd7a82cSAnton Blanchard select CRC32 6666dd7a82cSAnton Blanchard help 6676dd7a82cSAnton Blanchard CRC32c algorithm implemented using vector polynomial multiply-sum 6686dd7a82cSAnton Blanchard (vpmsum) instructions, introduced in POWER8. Enable on POWER8 6696dd7a82cSAnton Blanchard and newer processors for improved performance. 6706dd7a82cSAnton Blanchard 6716dd7a82cSAnton Blanchard 672442a7c40SDavid S. Millerconfig CRYPTO_CRC32C_SPARC64 673442a7c40SDavid S. Miller tristate "CRC32c CRC algorithm (SPARC64)" 674442a7c40SDavid S. Miller depends on SPARC64 675442a7c40SDavid S. Miller select CRYPTO_HASH 676442a7c40SDavid S. Miller select CRC32 677442a7c40SDavid S. Miller help 678442a7c40SDavid S. Miller CRC32c CRC algorithm implemented using sparc64 crypto instructions, 679442a7c40SDavid S. Miller when available. 680442a7c40SDavid S. Miller 68178c37d19SAlexander Boykoconfig CRYPTO_CRC32 68278c37d19SAlexander Boyko tristate "CRC32 CRC algorithm" 68378c37d19SAlexander Boyko select CRYPTO_HASH 68478c37d19SAlexander Boyko select CRC32 68578c37d19SAlexander Boyko help 68678c37d19SAlexander Boyko CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 68778c37d19SAlexander Boyko Shash crypto api wrappers to crc32_le function. 68878c37d19SAlexander Boyko 68978c37d19SAlexander Boykoconfig CRYPTO_CRC32_PCLMUL 69078c37d19SAlexander Boyko tristate "CRC32 PCLMULQDQ hardware acceleration" 69178c37d19SAlexander Boyko depends on X86 69278c37d19SAlexander Boyko select CRYPTO_HASH 69378c37d19SAlexander Boyko select CRC32 69478c37d19SAlexander Boyko help 69578c37d19SAlexander Boyko From Intel Westmere and AMD Bulldozer processor with SSE4.2 69678c37d19SAlexander Boyko and PCLMULQDQ supported, the processor will support 69778c37d19SAlexander Boyko CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 698af8cb01fShaco instruction. This option will create 'crc32-pclmul' module, 69978c37d19SAlexander Boyko which will enable any routine to use the CRC-32-IEEE 802.3 checksum 70078c37d19SAlexander Boyko and gain better performance as compared with the table implementation. 70178c37d19SAlexander Boyko 7024a5dc51eSMarcin Nowakowskiconfig CRYPTO_CRC32_MIPS 7034a5dc51eSMarcin Nowakowski tristate "CRC32c and CRC32 CRC algorithm (MIPS)" 7044a5dc51eSMarcin Nowakowski depends on MIPS_CRC_SUPPORT 7054a5dc51eSMarcin Nowakowski select CRYPTO_HASH 7064a5dc51eSMarcin Nowakowski help 7074a5dc51eSMarcin Nowakowski CRC32c and CRC32 CRC algorithms implemented using mips crypto 7084a5dc51eSMarcin Nowakowski instructions, when available. 7094a5dc51eSMarcin Nowakowski 7104a5dc51eSMarcin Nowakowski 71167882e76SNikolay Borisovconfig CRYPTO_XXHASH 71267882e76SNikolay Borisov tristate "xxHash hash algorithm" 71367882e76SNikolay Borisov select CRYPTO_HASH 71467882e76SNikolay Borisov select XXHASH 71567882e76SNikolay Borisov help 71667882e76SNikolay Borisov xxHash non-cryptographic hash algorithm. Extremely fast, working at 71767882e76SNikolay Borisov speeds close to RAM limits. 71867882e76SNikolay Borisov 71991d68933SDavid Sterbaconfig CRYPTO_BLAKE2B 72091d68933SDavid Sterba tristate "BLAKE2b digest algorithm" 72191d68933SDavid Sterba select CRYPTO_HASH 72291d68933SDavid Sterba help 72391d68933SDavid Sterba Implementation of cryptographic hash function BLAKE2b (or just BLAKE2), 72491d68933SDavid Sterba optimized for 64bit platforms and can produce digests of any size 72591d68933SDavid Sterba between 1 to 64. The keyed hash is also implemented. 72691d68933SDavid Sterba 72791d68933SDavid Sterba This module provides the following algorithms: 72891d68933SDavid Sterba 72991d68933SDavid Sterba - blake2b-160 73091d68933SDavid Sterba - blake2b-256 73191d68933SDavid Sterba - blake2b-384 73291d68933SDavid Sterba - blake2b-512 73391d68933SDavid Sterba 73491d68933SDavid Sterba See https://blake2.net for further information. 73591d68933SDavid Sterba 736ed0356edSJason A. Donenfeldconfig CRYPTO_BLAKE2S_X86 7372d16803cSJason A. Donenfeld bool "BLAKE2s digest algorithm (x86 accelerated version)" 738ed0356edSJason A. Donenfeld depends on X86 && 64BIT 739ed0356edSJason A. Donenfeld select CRYPTO_LIB_BLAKE2S_GENERIC 740ed0356edSJason A. Donenfeld select CRYPTO_ARCH_HAVE_LIB_BLAKE2S 741ed0356edSJason A. Donenfeld 74268411521SHerbert Xuconfig CRYPTO_CRCT10DIF 74368411521SHerbert Xu tristate "CRCT10DIF algorithm" 74468411521SHerbert Xu select CRYPTO_HASH 74568411521SHerbert Xu help 74668411521SHerbert Xu CRC T10 Data Integrity Field computation is being cast as 74768411521SHerbert Xu a crypto transform. This allows for faster crc t10 diff 74868411521SHerbert Xu transforms to be used if they are available. 74968411521SHerbert Xu 75068411521SHerbert Xuconfig CRYPTO_CRCT10DIF_PCLMUL 75168411521SHerbert Xu tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 75268411521SHerbert Xu depends on X86 && 64BIT && CRC_T10DIF 75368411521SHerbert Xu select CRYPTO_HASH 75468411521SHerbert Xu help 75568411521SHerbert Xu For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 75668411521SHerbert Xu CRC T10 DIF PCLMULQDQ computation can be hardware 75768411521SHerbert Xu accelerated PCLMULQDQ instruction. This option will create 758af8cb01fShaco 'crct10dif-pclmul' module, which is faster when computing the 75968411521SHerbert Xu crct10dif checksum as compared with the generic table implementation. 76068411521SHerbert Xu 761b01df1c1SDaniel Axtensconfig CRYPTO_CRCT10DIF_VPMSUM 762b01df1c1SDaniel Axtens tristate "CRC32T10DIF powerpc64 hardware acceleration" 763b01df1c1SDaniel Axtens depends on PPC64 && ALTIVEC && CRC_T10DIF 764b01df1c1SDaniel Axtens select CRYPTO_HASH 765b01df1c1SDaniel Axtens help 766b01df1c1SDaniel Axtens CRC10T10DIF algorithm implemented using vector polynomial 767b01df1c1SDaniel Axtens multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 768b01df1c1SDaniel Axtens POWER8 and newer processors for improved performance. 769b01df1c1SDaniel Axtens 770f3813f4bSKeith Buschconfig CRYPTO_CRC64_ROCKSOFT 771f3813f4bSKeith Busch tristate "Rocksoft Model CRC64 algorithm" 772f3813f4bSKeith Busch depends on CRC64 773f3813f4bSKeith Busch select CRYPTO_HASH 774f3813f4bSKeith Busch 775146c8688SDaniel Axtensconfig CRYPTO_VPMSUM_TESTER 776146c8688SDaniel Axtens tristate "Powerpc64 vpmsum hardware acceleration tester" 777146c8688SDaniel Axtens depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 778146c8688SDaniel Axtens help 779146c8688SDaniel Axtens Stress test for CRC32c and CRC-T10DIF algorithms implemented with 780146c8688SDaniel Axtens POWER8 vpmsum instructions. 781146c8688SDaniel Axtens Unless you are testing these algorithms, you don't need this. 782146c8688SDaniel Axtens 7832cdc6899SHuang Yingconfig CRYPTO_GHASH 7848dfa20fcSEric Biggers tristate "GHASH hash function" 7852cdc6899SHuang Ying select CRYPTO_GF128MUL 786578c60fbSArnd Bergmann select CRYPTO_HASH 7872cdc6899SHuang Ying help 7888dfa20fcSEric Biggers GHASH is the hash function used in GCM (Galois/Counter Mode). 7898dfa20fcSEric Biggers It is not a general-purpose cryptographic hash function. 7902cdc6899SHuang Ying 791f3c923a0SNathan Huckleberryconfig CRYPTO_POLYVAL 792f3c923a0SNathan Huckleberry tristate 793f3c923a0SNathan Huckleberry select CRYPTO_GF128MUL 794f3c923a0SNathan Huckleberry select CRYPTO_HASH 795f3c923a0SNathan Huckleberry help 796f3c923a0SNathan Huckleberry POLYVAL is the hash function used in HCTR2. It is not a general-purpose 797f3c923a0SNathan Huckleberry cryptographic hash function. 798f3c923a0SNathan Huckleberry 79934f7f6c3SNathan Huckleberryconfig CRYPTO_POLYVAL_CLMUL_NI 80034f7f6c3SNathan Huckleberry tristate "POLYVAL hash function (CLMUL-NI accelerated)" 80134f7f6c3SNathan Huckleberry depends on X86 && 64BIT 80234f7f6c3SNathan Huckleberry select CRYPTO_POLYVAL 80334f7f6c3SNathan Huckleberry help 80434f7f6c3SNathan Huckleberry This is the x86_64 CLMUL-NI accelerated implementation of POLYVAL. It is 80534f7f6c3SNathan Huckleberry used to efficiently implement HCTR2 on x86-64 processors that support 80634f7f6c3SNathan Huckleberry carry-less multiplication instructions. 80734f7f6c3SNathan Huckleberry 808f979e014SMartin Williconfig CRYPTO_POLY1305 809f979e014SMartin Willi tristate "Poly1305 authenticator algorithm" 810578c60fbSArnd Bergmann select CRYPTO_HASH 81148ea8c6eSArd Biesheuvel select CRYPTO_LIB_POLY1305_GENERIC 812f979e014SMartin Willi help 813f979e014SMartin Willi Poly1305 authenticator algorithm, RFC7539. 814f979e014SMartin Willi 815f979e014SMartin Willi Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 816f979e014SMartin Willi It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 817f979e014SMartin Willi in IETF protocols. This is the portable C implementation of Poly1305. 818f979e014SMartin Willi 819c70f4abeSMartin Williconfig CRYPTO_POLY1305_X86_64 820b1ccc8f4SMartin Willi tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 821c70f4abeSMartin Willi depends on X86 && 64BIT 8221b2c6a51SArd Biesheuvel select CRYPTO_LIB_POLY1305_GENERIC 823f0e89bcfSArd Biesheuvel select CRYPTO_ARCH_HAVE_LIB_POLY1305 824c70f4abeSMartin Willi help 825c70f4abeSMartin Willi Poly1305 authenticator algorithm, RFC7539. 826c70f4abeSMartin Willi 827c70f4abeSMartin Willi Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 828c70f4abeSMartin Willi It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 829c70f4abeSMartin Willi in IETF protocols. This is the x86_64 assembler implementation using SIMD 830c70f4abeSMartin Willi instructions. 831c70f4abeSMartin Willi 832a11d055eSArd Biesheuvelconfig CRYPTO_POLY1305_MIPS 833a11d055eSArd Biesheuvel tristate "Poly1305 authenticator algorithm (MIPS optimized)" 8346c810cf2SMaciej W. Rozycki depends on MIPS 835a11d055eSArd Biesheuvel select CRYPTO_ARCH_HAVE_LIB_POLY1305 836a11d055eSArd Biesheuvel 8371da177e4SLinus Torvaldsconfig CRYPTO_MD4 8381da177e4SLinus Torvalds tristate "MD4 digest algorithm" 839808a1763SAdrian-Ken Rueegsegger select CRYPTO_HASH 8401da177e4SLinus Torvalds help 8411da177e4SLinus Torvalds MD4 message digest algorithm (RFC1320). 8421da177e4SLinus Torvalds 8431da177e4SLinus Torvaldsconfig CRYPTO_MD5 8441da177e4SLinus Torvalds tristate "MD5 digest algorithm" 84514b75ba7SAdrian-Ken Rueegsegger select CRYPTO_HASH 8461da177e4SLinus Torvalds help 8471da177e4SLinus Torvalds MD5 message digest algorithm (RFC1321). 8481da177e4SLinus Torvalds 849d69e75deSAaro Koskinenconfig CRYPTO_MD5_OCTEON 850d69e75deSAaro Koskinen tristate "MD5 digest algorithm (OCTEON)" 851d69e75deSAaro Koskinen depends on CPU_CAVIUM_OCTEON 852d69e75deSAaro Koskinen select CRYPTO_MD5 853d69e75deSAaro Koskinen select CRYPTO_HASH 854d69e75deSAaro Koskinen help 855d69e75deSAaro Koskinen MD5 message digest algorithm (RFC1321) implemented 856d69e75deSAaro Koskinen using OCTEON crypto instructions, when available. 857d69e75deSAaro Koskinen 858e8e59953SMarkus Stockhausenconfig CRYPTO_MD5_PPC 859e8e59953SMarkus Stockhausen tristate "MD5 digest algorithm (PPC)" 860e8e59953SMarkus Stockhausen depends on PPC 861e8e59953SMarkus Stockhausen select CRYPTO_HASH 862e8e59953SMarkus Stockhausen help 863e8e59953SMarkus Stockhausen MD5 message digest algorithm (RFC1321) implemented 864e8e59953SMarkus Stockhausen in PPC assembler. 865e8e59953SMarkus Stockhausen 866fa4dfedcSDavid S. Millerconfig CRYPTO_MD5_SPARC64 867fa4dfedcSDavid S. Miller tristate "MD5 digest algorithm (SPARC64)" 868fa4dfedcSDavid S. Miller depends on SPARC64 869fa4dfedcSDavid S. Miller select CRYPTO_MD5 870fa4dfedcSDavid S. Miller select CRYPTO_HASH 871fa4dfedcSDavid S. Miller help 872fa4dfedcSDavid S. Miller MD5 message digest algorithm (RFC1321) implemented 873fa4dfedcSDavid S. Miller using sparc64 crypto instructions, when available. 874fa4dfedcSDavid S. Miller 875584fffc8SSebastian Siewiorconfig CRYPTO_MICHAEL_MIC 876584fffc8SSebastian Siewior tristate "Michael MIC keyed digest algorithm" 87719e2bf14SAdrian-Ken Rueegsegger select CRYPTO_HASH 878584fffc8SSebastian Siewior help 879584fffc8SSebastian Siewior Michael MIC is used for message integrity protection in TKIP 880584fffc8SSebastian Siewior (IEEE 802.11i). This algorithm is required for TKIP, but it 881584fffc8SSebastian Siewior should not be used for other purposes because of the weakness 882584fffc8SSebastian Siewior of the algorithm. 883584fffc8SSebastian Siewior 88482798f90SAdrian-Ken Rueegseggerconfig CRYPTO_RMD160 88582798f90SAdrian-Ken Rueegsegger tristate "RIPEMD-160 digest algorithm" 886e5835fbaSHerbert Xu select CRYPTO_HASH 88782798f90SAdrian-Ken Rueegsegger help 88882798f90SAdrian-Ken Rueegsegger RIPEMD-160 (ISO/IEC 10118-3:2004). 88982798f90SAdrian-Ken Rueegsegger 89082798f90SAdrian-Ken Rueegsegger RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 89182798f90SAdrian-Ken Rueegsegger to be used as a secure replacement for the 128-bit hash functions 892*4cbdecd0SRandy Dunlap MD4, MD5 and its predecessor RIPEMD 893b6d44341SAdrian Bunk (not to be confused with RIPEMD-128). 89482798f90SAdrian-Ken Rueegsegger 895b6d44341SAdrian Bunk It's speed is comparable to SHA1 and there are no known attacks 896b6d44341SAdrian Bunk against RIPEMD-160. 897534fe2c1SAdrian-Ken Rueegsegger 898534fe2c1SAdrian-Ken Rueegsegger Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 8999332a9e7SAlexander A. Klimov See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 900534fe2c1SAdrian-Ken Rueegsegger 9011da177e4SLinus Torvaldsconfig CRYPTO_SHA1 9021da177e4SLinus Torvalds tristate "SHA1 digest algorithm" 90354ccb367SAdrian-Ken Rueegsegger select CRYPTO_HASH 904ec8f7f48SEric Biggers select CRYPTO_LIB_SHA1 9051da177e4SLinus Torvalds help 9061da177e4SLinus Torvalds SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 9071da177e4SLinus Torvalds 90866be8951SMathias Krauseconfig CRYPTO_SHA1_SSSE3 909e38b6b7fStim tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 91066be8951SMathias Krause depends on X86 && 64BIT 91166be8951SMathias Krause select CRYPTO_SHA1 91266be8951SMathias Krause select CRYPTO_HASH 91366be8951SMathias Krause help 91466be8951SMathias Krause SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 91566be8951SMathias Krause using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 916e38b6b7fStim Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 917e38b6b7fStim when available. 91866be8951SMathias Krause 9198275d1aaSTim Chenconfig CRYPTO_SHA256_SSSE3 920e38b6b7fStim tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 9218275d1aaSTim Chen depends on X86 && 64BIT 9228275d1aaSTim Chen select CRYPTO_SHA256 9238275d1aaSTim Chen select CRYPTO_HASH 9248275d1aaSTim Chen help 9258275d1aaSTim Chen SHA-256 secure hash standard (DFIPS 180-2) implemented 9268275d1aaSTim Chen using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 9278275d1aaSTim Chen Extensions version 1 (AVX1), or Advanced Vector Extensions 928e38b6b7fStim version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 929e38b6b7fStim Instructions) when available. 9308275d1aaSTim Chen 93187de4579STim Chenconfig CRYPTO_SHA512_SSSE3 93287de4579STim Chen tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 93387de4579STim Chen depends on X86 && 64BIT 93487de4579STim Chen select CRYPTO_SHA512 93587de4579STim Chen select CRYPTO_HASH 93687de4579STim Chen help 93787de4579STim Chen SHA-512 secure hash standard (DFIPS 180-2) implemented 93887de4579STim Chen using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 93987de4579STim Chen Extensions version 1 (AVX1), or Advanced Vector Extensions 94087de4579STim Chen version 2 (AVX2) instructions, when available. 94187de4579STim Chen 942efdb6f6eSAaro Koskinenconfig CRYPTO_SHA1_OCTEON 943efdb6f6eSAaro Koskinen tristate "SHA1 digest algorithm (OCTEON)" 944efdb6f6eSAaro Koskinen depends on CPU_CAVIUM_OCTEON 945efdb6f6eSAaro Koskinen select CRYPTO_SHA1 946efdb6f6eSAaro Koskinen select CRYPTO_HASH 947efdb6f6eSAaro Koskinen help 948efdb6f6eSAaro Koskinen SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 949efdb6f6eSAaro Koskinen using OCTEON crypto instructions, when available. 950efdb6f6eSAaro Koskinen 9514ff28d4cSDavid S. Millerconfig CRYPTO_SHA1_SPARC64 9524ff28d4cSDavid S. Miller tristate "SHA1 digest algorithm (SPARC64)" 9534ff28d4cSDavid S. Miller depends on SPARC64 9544ff28d4cSDavid S. Miller select CRYPTO_SHA1 9554ff28d4cSDavid S. Miller select CRYPTO_HASH 9564ff28d4cSDavid S. Miller help 9574ff28d4cSDavid S. Miller SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 9584ff28d4cSDavid S. Miller using sparc64 crypto instructions, when available. 9594ff28d4cSDavid S. Miller 960323a6bf1SMichael Ellermanconfig CRYPTO_SHA1_PPC 961323a6bf1SMichael Ellerman tristate "SHA1 digest algorithm (powerpc)" 962323a6bf1SMichael Ellerman depends on PPC 963323a6bf1SMichael Ellerman help 964323a6bf1SMichael Ellerman This is the powerpc hardware accelerated implementation of the 965323a6bf1SMichael Ellerman SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 966323a6bf1SMichael Ellerman 967d9850fc5SMarkus Stockhausenconfig CRYPTO_SHA1_PPC_SPE 968d9850fc5SMarkus Stockhausen tristate "SHA1 digest algorithm (PPC SPE)" 969d9850fc5SMarkus Stockhausen depends on PPC && SPE 970d9850fc5SMarkus Stockhausen help 971d9850fc5SMarkus Stockhausen SHA-1 secure hash standard (DFIPS 180-4) implemented 972d9850fc5SMarkus Stockhausen using powerpc SPE SIMD instruction set. 973d9850fc5SMarkus Stockhausen 9741da177e4SLinus Torvaldsconfig CRYPTO_SHA256 975cd12fb90SJonathan Lynch tristate "SHA224 and SHA256 digest algorithm" 97650e109b5SAdrian-Ken Rueegsegger select CRYPTO_HASH 97708c327f6SHans de Goede select CRYPTO_LIB_SHA256 9781da177e4SLinus Torvalds help 9791da177e4SLinus Torvalds SHA256 secure hash standard (DFIPS 180-2). 9801da177e4SLinus Torvalds 9811da177e4SLinus Torvalds This version of SHA implements a 256 bit hash with 128 bits of 9821da177e4SLinus Torvalds security against collision attacks. 9831da177e4SLinus Torvalds 984cd12fb90SJonathan Lynch This code also includes SHA-224, a 224 bit hash with 112 bits 985cd12fb90SJonathan Lynch of security against collision attacks. 986cd12fb90SJonathan Lynch 9872ecc1e95SMarkus Stockhausenconfig CRYPTO_SHA256_PPC_SPE 9882ecc1e95SMarkus Stockhausen tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 9892ecc1e95SMarkus Stockhausen depends on PPC && SPE 9902ecc1e95SMarkus Stockhausen select CRYPTO_SHA256 9912ecc1e95SMarkus Stockhausen select CRYPTO_HASH 9922ecc1e95SMarkus Stockhausen help 9932ecc1e95SMarkus Stockhausen SHA224 and SHA256 secure hash standard (DFIPS 180-2) 9942ecc1e95SMarkus Stockhausen implemented using powerpc SPE SIMD instruction set. 9952ecc1e95SMarkus Stockhausen 996efdb6f6eSAaro Koskinenconfig CRYPTO_SHA256_OCTEON 997efdb6f6eSAaro Koskinen tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 998efdb6f6eSAaro Koskinen depends on CPU_CAVIUM_OCTEON 999efdb6f6eSAaro Koskinen select CRYPTO_SHA256 1000efdb6f6eSAaro Koskinen select CRYPTO_HASH 1001efdb6f6eSAaro Koskinen help 1002efdb6f6eSAaro Koskinen SHA-256 secure hash standard (DFIPS 180-2) implemented 1003efdb6f6eSAaro Koskinen using OCTEON crypto instructions, when available. 1004efdb6f6eSAaro Koskinen 100586c93b24SDavid S. Millerconfig CRYPTO_SHA256_SPARC64 100686c93b24SDavid S. Miller tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 100786c93b24SDavid S. Miller depends on SPARC64 100886c93b24SDavid S. Miller select CRYPTO_SHA256 100986c93b24SDavid S. Miller select CRYPTO_HASH 101086c93b24SDavid S. Miller help 101186c93b24SDavid S. Miller SHA-256 secure hash standard (DFIPS 180-2) implemented 101286c93b24SDavid S. Miller using sparc64 crypto instructions, when available. 101386c93b24SDavid S. Miller 10141da177e4SLinus Torvaldsconfig CRYPTO_SHA512 10151da177e4SLinus Torvalds tristate "SHA384 and SHA512 digest algorithms" 1016bd9d20dbSAdrian-Ken Rueegsegger select CRYPTO_HASH 10171da177e4SLinus Torvalds help 10181da177e4SLinus Torvalds SHA512 secure hash standard (DFIPS 180-2). 10191da177e4SLinus Torvalds 10201da177e4SLinus Torvalds This version of SHA implements a 512 bit hash with 256 bits of 10211da177e4SLinus Torvalds security against collision attacks. 10221da177e4SLinus Torvalds 10231da177e4SLinus Torvalds This code also includes SHA-384, a 384 bit hash with 192 bits 10241da177e4SLinus Torvalds of security against collision attacks. 10251da177e4SLinus Torvalds 1026efdb6f6eSAaro Koskinenconfig CRYPTO_SHA512_OCTEON 1027efdb6f6eSAaro Koskinen tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 1028efdb6f6eSAaro Koskinen depends on CPU_CAVIUM_OCTEON 1029efdb6f6eSAaro Koskinen select CRYPTO_SHA512 1030efdb6f6eSAaro Koskinen select CRYPTO_HASH 1031efdb6f6eSAaro Koskinen help 1032efdb6f6eSAaro Koskinen SHA-512 secure hash standard (DFIPS 180-2) implemented 1033efdb6f6eSAaro Koskinen using OCTEON crypto instructions, when available. 1034efdb6f6eSAaro Koskinen 1035775e0c69SDavid S. Millerconfig CRYPTO_SHA512_SPARC64 1036775e0c69SDavid S. Miller tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 1037775e0c69SDavid S. Miller depends on SPARC64 1038775e0c69SDavid S. Miller select CRYPTO_SHA512 1039775e0c69SDavid S. Miller select CRYPTO_HASH 1040775e0c69SDavid S. Miller help 1041775e0c69SDavid S. Miller SHA-512 secure hash standard (DFIPS 180-2) implemented 1042775e0c69SDavid S. Miller using sparc64 crypto instructions, when available. 1043775e0c69SDavid S. Miller 104453964b9eSJeff Garzikconfig CRYPTO_SHA3 104553964b9eSJeff Garzik tristate "SHA3 digest algorithm" 104653964b9eSJeff Garzik select CRYPTO_HASH 104753964b9eSJeff Garzik help 104853964b9eSJeff Garzik SHA-3 secure hash standard (DFIPS 202). It's based on 104953964b9eSJeff Garzik cryptographic sponge function family called Keccak. 105053964b9eSJeff Garzik 105153964b9eSJeff Garzik References: 105253964b9eSJeff Garzik http://keccak.noekeon.org/ 105353964b9eSJeff Garzik 10544f0fc160SGilad Ben-Yossefconfig CRYPTO_SM3 1055d2825fa9SJason A. Donenfeld tristate 1056d2825fa9SJason A. Donenfeld 1057d2825fa9SJason A. Donenfeldconfig CRYPTO_SM3_GENERIC 10584f0fc160SGilad Ben-Yossef tristate "SM3 digest algorithm" 10594f0fc160SGilad Ben-Yossef select CRYPTO_HASH 1060d2825fa9SJason A. Donenfeld select CRYPTO_SM3 10614f0fc160SGilad Ben-Yossef help 10624f0fc160SGilad Ben-Yossef SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 10634f0fc160SGilad Ben-Yossef It is part of the Chinese Commercial Cryptography suite. 10644f0fc160SGilad Ben-Yossef 10654f0fc160SGilad Ben-Yossef References: 10664f0fc160SGilad Ben-Yossef http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 10674f0fc160SGilad Ben-Yossef https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 10684f0fc160SGilad Ben-Yossef 1069930ab34dSTianjia Zhangconfig CRYPTO_SM3_AVX_X86_64 1070930ab34dSTianjia Zhang tristate "SM3 digest algorithm (x86_64/AVX)" 1071930ab34dSTianjia Zhang depends on X86 && 64BIT 1072930ab34dSTianjia Zhang select CRYPTO_HASH 1073d2825fa9SJason A. Donenfeld select CRYPTO_SM3 1074930ab34dSTianjia Zhang help 1075930ab34dSTianjia Zhang SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 1076930ab34dSTianjia Zhang It is part of the Chinese Commercial Cryptography suite. This is 1077930ab34dSTianjia Zhang SM3 optimized implementation using Advanced Vector Extensions (AVX) 1078930ab34dSTianjia Zhang when available. 1079930ab34dSTianjia Zhang 1080930ab34dSTianjia Zhang If unsure, say N. 1081930ab34dSTianjia Zhang 1082fe18957eSVitaly Chikunovconfig CRYPTO_STREEBOG 1083fe18957eSVitaly Chikunov tristate "Streebog Hash Function" 1084fe18957eSVitaly Chikunov select CRYPTO_HASH 1085fe18957eSVitaly Chikunov help 1086fe18957eSVitaly Chikunov Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian 1087fe18957eSVitaly Chikunov cryptographic standard algorithms (called GOST algorithms). 1088fe18957eSVitaly Chikunov This setting enables two hash algorithms with 256 and 512 bits output. 1089fe18957eSVitaly Chikunov 1090fe18957eSVitaly Chikunov References: 1091fe18957eSVitaly Chikunov https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 1092fe18957eSVitaly Chikunov https://tools.ietf.org/html/rfc6986 1093fe18957eSVitaly Chikunov 1094584fffc8SSebastian Siewiorconfig CRYPTO_WP512 1095584fffc8SSebastian Siewior tristate "Whirlpool digest algorithms" 10964946510bSAdrian-Ken Rueegsegger select CRYPTO_HASH 10971da177e4SLinus Torvalds help 1098584fffc8SSebastian Siewior Whirlpool hash algorithm 512, 384 and 256-bit hashes 10991da177e4SLinus Torvalds 1100584fffc8SSebastian Siewior Whirlpool-512 is part of the NESSIE cryptographic primitives. 1101584fffc8SSebastian Siewior Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 11021da177e4SLinus Torvalds 11031da177e4SLinus Torvalds See also: 11046d8de74cSJustin P. Mattock <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 11051da177e4SLinus Torvalds 11060e1227d3SHuang Yingconfig CRYPTO_GHASH_CLMUL_NI_INTEL 11078dfa20fcSEric Biggers tristate "GHASH hash function (CLMUL-NI accelerated)" 11088af00860SRichard Weinberger depends on X86 && 64BIT 11090e1227d3SHuang Ying select CRYPTO_CRYPTD 11100e1227d3SHuang Ying help 11118dfa20fcSEric Biggers This is the x86_64 CLMUL-NI accelerated implementation of 11128dfa20fcSEric Biggers GHASH, the hash function used in GCM (Galois/Counter mode). 11130e1227d3SHuang Ying 1114584fffc8SSebastian Siewiorcomment "Ciphers" 11151da177e4SLinus Torvalds 11161da177e4SLinus Torvaldsconfig CRYPTO_AES 11171da177e4SLinus Torvalds tristate "AES cipher algorithms" 1118cce9e06dSHerbert Xu select CRYPTO_ALGAPI 11195bb12d78SArd Biesheuvel select CRYPTO_LIB_AES 11201da177e4SLinus Torvalds help 11211da177e4SLinus Torvalds AES cipher algorithms (FIPS-197). AES uses the Rijndael 11221da177e4SLinus Torvalds algorithm. 11231da177e4SLinus Torvalds 11241da177e4SLinus Torvalds Rijndael appears to be consistently a very good performer in 11251da177e4SLinus Torvalds both hardware and software across a wide range of computing 11261da177e4SLinus Torvalds environments regardless of its use in feedback or non-feedback 11271da177e4SLinus Torvalds modes. Its key setup time is excellent, and its key agility is 11281da177e4SLinus Torvalds good. Rijndael's very low memory requirements make it very well 11291da177e4SLinus Torvalds suited for restricted-space environments, in which it also 11301da177e4SLinus Torvalds demonstrates excellent performance. Rijndael's operations are 11311da177e4SLinus Torvalds among the easiest to defend against power and timing attacks. 11321da177e4SLinus Torvalds 11331da177e4SLinus Torvalds The AES specifies three key sizes: 128, 192 and 256 bits 11341da177e4SLinus Torvalds 11351da177e4SLinus Torvalds See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 11361da177e4SLinus Torvalds 1137b5e0b032SArd Biesheuvelconfig CRYPTO_AES_TI 1138b5e0b032SArd Biesheuvel tristate "Fixed time AES cipher" 1139b5e0b032SArd Biesheuvel select CRYPTO_ALGAPI 1140e59c1c98SArd Biesheuvel select CRYPTO_LIB_AES 1141b5e0b032SArd Biesheuvel help 1142b5e0b032SArd Biesheuvel This is a generic implementation of AES that attempts to eliminate 1143b5e0b032SArd Biesheuvel data dependent latencies as much as possible without affecting 1144b5e0b032SArd Biesheuvel performance too much. It is intended for use by the generic CCM 1145b5e0b032SArd Biesheuvel and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 1146b5e0b032SArd Biesheuvel solely on encryption (although decryption is supported as well, but 1147b5e0b032SArd Biesheuvel with a more dramatic performance hit) 1148b5e0b032SArd Biesheuvel 1149b5e0b032SArd Biesheuvel Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 1150b5e0b032SArd Biesheuvel 8 for decryption), this implementation only uses just two S-boxes of 1151b5e0b032SArd Biesheuvel 256 bytes each, and attempts to eliminate data dependent latencies by 1152b5e0b032SArd Biesheuvel prefetching the entire table into the cache at the start of each 11530a6a40c2SEric Biggers block. Interrupts are also disabled to avoid races where cachelines 11540a6a40c2SEric Biggers are evicted when the CPU is interrupted to do something else. 1155b5e0b032SArd Biesheuvel 115654b6a1bdSHuang Yingconfig CRYPTO_AES_NI_INTEL 115754b6a1bdSHuang Ying tristate "AES cipher algorithms (AES-NI)" 11588af00860SRichard Weinberger depends on X86 115985671860SHerbert Xu select CRYPTO_AEAD 11602c53fd11SArd Biesheuvel select CRYPTO_LIB_AES 116154b6a1bdSHuang Ying select CRYPTO_ALGAPI 1162b95bba5dSEric Biggers select CRYPTO_SKCIPHER 116385671860SHerbert Xu select CRYPTO_SIMD 116454b6a1bdSHuang Ying help 116554b6a1bdSHuang Ying Use Intel AES-NI instructions for AES algorithm. 116654b6a1bdSHuang Ying 116754b6a1bdSHuang Ying AES cipher algorithms (FIPS-197). AES uses the Rijndael 116854b6a1bdSHuang Ying algorithm. 116954b6a1bdSHuang Ying 117054b6a1bdSHuang Ying Rijndael appears to be consistently a very good performer in 117154b6a1bdSHuang Ying both hardware and software across a wide range of computing 117254b6a1bdSHuang Ying environments regardless of its use in feedback or non-feedback 117354b6a1bdSHuang Ying modes. Its key setup time is excellent, and its key agility is 117454b6a1bdSHuang Ying good. Rijndael's very low memory requirements make it very well 117554b6a1bdSHuang Ying suited for restricted-space environments, in which it also 117654b6a1bdSHuang Ying demonstrates excellent performance. Rijndael's operations are 117754b6a1bdSHuang Ying among the easiest to defend against power and timing attacks. 117854b6a1bdSHuang Ying 117954b6a1bdSHuang Ying The AES specifies three key sizes: 128, 192 and 256 bits 118054b6a1bdSHuang Ying 118154b6a1bdSHuang Ying See <http://csrc.nist.gov/encryption/aes/> for more information. 118254b6a1bdSHuang Ying 11830d258efbSMathias Krause In addition to AES cipher algorithm support, the acceleration 11840d258efbSMathias Krause for some popular block cipher mode is supported too, including 1185944585a6SArd Biesheuvel ECB, CBC, LRW, XTS. The 64 bit version has additional 1186fd94fcf0SNathan Huckleberry acceleration for CTR and XCTR. 11872cf4ac8bSHuang Ying 11889bf4852dSDavid S. Millerconfig CRYPTO_AES_SPARC64 11899bf4852dSDavid S. Miller tristate "AES cipher algorithms (SPARC64)" 11909bf4852dSDavid S. Miller depends on SPARC64 1191b95bba5dSEric Biggers select CRYPTO_SKCIPHER 11929bf4852dSDavid S. Miller help 11939bf4852dSDavid S. Miller Use SPARC64 crypto opcodes for AES algorithm. 11949bf4852dSDavid S. Miller 11959bf4852dSDavid S. Miller AES cipher algorithms (FIPS-197). AES uses the Rijndael 11969bf4852dSDavid S. Miller algorithm. 11979bf4852dSDavid S. Miller 11989bf4852dSDavid S. Miller Rijndael appears to be consistently a very good performer in 11999bf4852dSDavid S. Miller both hardware and software across a wide range of computing 12009bf4852dSDavid S. Miller environments regardless of its use in feedback or non-feedback 12019bf4852dSDavid S. Miller modes. Its key setup time is excellent, and its key agility is 12029bf4852dSDavid S. Miller good. Rijndael's very low memory requirements make it very well 12039bf4852dSDavid S. Miller suited for restricted-space environments, in which it also 12049bf4852dSDavid S. Miller demonstrates excellent performance. Rijndael's operations are 12059bf4852dSDavid S. Miller among the easiest to defend against power and timing attacks. 12069bf4852dSDavid S. Miller 12079bf4852dSDavid S. Miller The AES specifies three key sizes: 128, 192 and 256 bits 12089bf4852dSDavid S. Miller 12099bf4852dSDavid S. Miller See <http://csrc.nist.gov/encryption/aes/> for more information. 12109bf4852dSDavid S. Miller 12119bf4852dSDavid S. Miller In addition to AES cipher algorithm support, the acceleration 12129bf4852dSDavid S. Miller for some popular block cipher mode is supported too, including 12139bf4852dSDavid S. Miller ECB and CBC. 12149bf4852dSDavid S. Miller 1215504c6143SMarkus Stockhausenconfig CRYPTO_AES_PPC_SPE 1216504c6143SMarkus Stockhausen tristate "AES cipher algorithms (PPC SPE)" 1217504c6143SMarkus Stockhausen depends on PPC && SPE 1218b95bba5dSEric Biggers select CRYPTO_SKCIPHER 1219504c6143SMarkus Stockhausen help 1220504c6143SMarkus Stockhausen AES cipher algorithms (FIPS-197). Additionally the acceleration 1221504c6143SMarkus Stockhausen for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1222504c6143SMarkus Stockhausen This module should only be used for low power (router) devices 1223504c6143SMarkus Stockhausen without hardware AES acceleration (e.g. caam crypto). It reduces the 1224504c6143SMarkus Stockhausen size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1225504c6143SMarkus Stockhausen timining attacks. Nevertheless it might be not as secure as other 1226504c6143SMarkus Stockhausen architecture specific assembler implementations that work on 1KB 1227504c6143SMarkus Stockhausen tables or 256 bytes S-boxes. 1228504c6143SMarkus Stockhausen 12291da177e4SLinus Torvaldsconfig CRYPTO_ANUBIS 12301da177e4SLinus Torvalds tristate "Anubis cipher algorithm" 12311674aea5SArd Biesheuvel depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1232cce9e06dSHerbert Xu select CRYPTO_ALGAPI 12331da177e4SLinus Torvalds help 12341da177e4SLinus Torvalds Anubis cipher algorithm. 12351da177e4SLinus Torvalds 12361da177e4SLinus Torvalds Anubis is a variable key length cipher which can use keys from 12371da177e4SLinus Torvalds 128 bits to 320 bits in length. It was evaluated as a entrant 12381da177e4SLinus Torvalds in the NESSIE competition. 12391da177e4SLinus Torvalds 12401da177e4SLinus Torvalds See also: 12416d8de74cSJustin P. Mattock <https://www.cosic.esat.kuleuven.be/nessie/reports/> 12426d8de74cSJustin P. Mattock <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 12431da177e4SLinus Torvalds 1244584fffc8SSebastian Siewiorconfig CRYPTO_ARC4 1245584fffc8SSebastian Siewior tristate "ARC4 cipher algorithm" 12469ace6771SArd Biesheuvel depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1247b95bba5dSEric Biggers select CRYPTO_SKCIPHER 1248dc51f257SArd Biesheuvel select CRYPTO_LIB_ARC4 1249e2ee95b8SHye-Shik Chang help 1250584fffc8SSebastian Siewior ARC4 cipher algorithm. 1251e2ee95b8SHye-Shik Chang 1252584fffc8SSebastian Siewior ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1253584fffc8SSebastian Siewior bits in length. This algorithm is required for driver-based 1254584fffc8SSebastian Siewior WEP, but it should not be for other purposes because of the 1255584fffc8SSebastian Siewior weakness of the algorithm. 1256584fffc8SSebastian Siewior 1257584fffc8SSebastian Siewiorconfig CRYPTO_BLOWFISH 1258584fffc8SSebastian Siewior tristate "Blowfish cipher algorithm" 1259584fffc8SSebastian Siewior select CRYPTO_ALGAPI 126052ba867cSJussi Kivilinna select CRYPTO_BLOWFISH_COMMON 1261584fffc8SSebastian Siewior help 1262584fffc8SSebastian Siewior Blowfish cipher algorithm, by Bruce Schneier. 1263584fffc8SSebastian Siewior 1264584fffc8SSebastian Siewior This is a variable key length cipher which can use keys from 32 1265584fffc8SSebastian Siewior bits to 448 bits in length. It's fast, simple and specifically 1266584fffc8SSebastian Siewior designed for use on "large microprocessors". 1267e2ee95b8SHye-Shik Chang 1268e2ee95b8SHye-Shik Chang See also: 12699332a9e7SAlexander A. Klimov <https://www.schneier.com/blowfish.html> 1270584fffc8SSebastian Siewior 127152ba867cSJussi Kivilinnaconfig CRYPTO_BLOWFISH_COMMON 127252ba867cSJussi Kivilinna tristate 127352ba867cSJussi Kivilinna help 127452ba867cSJussi Kivilinna Common parts of the Blowfish cipher algorithm shared by the 127552ba867cSJussi Kivilinna generic c and the assembler implementations. 127652ba867cSJussi Kivilinna 127752ba867cSJussi Kivilinna See also: 12789332a9e7SAlexander A. Klimov <https://www.schneier.com/blowfish.html> 127952ba867cSJussi Kivilinna 128064b94ceaSJussi Kivilinnaconfig CRYPTO_BLOWFISH_X86_64 128164b94ceaSJussi Kivilinna tristate "Blowfish cipher algorithm (x86_64)" 1282f21a7c19SAl Viro depends on X86 && 64BIT 1283b95bba5dSEric Biggers select CRYPTO_SKCIPHER 128464b94ceaSJussi Kivilinna select CRYPTO_BLOWFISH_COMMON 1285c0a64926SArd Biesheuvel imply CRYPTO_CTR 128664b94ceaSJussi Kivilinna help 128764b94ceaSJussi Kivilinna Blowfish cipher algorithm (x86_64), by Bruce Schneier. 128864b94ceaSJussi Kivilinna 128964b94ceaSJussi Kivilinna This is a variable key length cipher which can use keys from 32 129064b94ceaSJussi Kivilinna bits to 448 bits in length. It's fast, simple and specifically 129164b94ceaSJussi Kivilinna designed for use on "large microprocessors". 129264b94ceaSJussi Kivilinna 129364b94ceaSJussi Kivilinna See also: 12949332a9e7SAlexander A. Klimov <https://www.schneier.com/blowfish.html> 129564b94ceaSJussi Kivilinna 1296584fffc8SSebastian Siewiorconfig CRYPTO_CAMELLIA 1297584fffc8SSebastian Siewior tristate "Camellia cipher algorithms" 1298584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1299584fffc8SSebastian Siewior help 1300584fffc8SSebastian Siewior Camellia cipher algorithms module. 1301584fffc8SSebastian Siewior 1302584fffc8SSebastian Siewior Camellia is a symmetric key block cipher developed jointly 1303584fffc8SSebastian Siewior at NTT and Mitsubishi Electric Corporation. 1304584fffc8SSebastian Siewior 1305584fffc8SSebastian Siewior The Camellia specifies three key sizes: 128, 192 and 256 bits. 1306584fffc8SSebastian Siewior 1307584fffc8SSebastian Siewior See also: 1308584fffc8SSebastian Siewior <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1309584fffc8SSebastian Siewior 13100b95ec56SJussi Kivilinnaconfig CRYPTO_CAMELLIA_X86_64 13110b95ec56SJussi Kivilinna tristate "Camellia cipher algorithm (x86_64)" 1312f21a7c19SAl Viro depends on X86 && 64BIT 1313b95bba5dSEric Biggers select CRYPTO_SKCIPHER 1314a1f91ecfSArd Biesheuvel imply CRYPTO_CTR 13150b95ec56SJussi Kivilinna help 13160b95ec56SJussi Kivilinna Camellia cipher algorithm module (x86_64). 13170b95ec56SJussi Kivilinna 13180b95ec56SJussi Kivilinna Camellia is a symmetric key block cipher developed jointly 13190b95ec56SJussi Kivilinna at NTT and Mitsubishi Electric Corporation. 13200b95ec56SJussi Kivilinna 13210b95ec56SJussi Kivilinna The Camellia specifies three key sizes: 128, 192 and 256 bits. 13220b95ec56SJussi Kivilinna 13230b95ec56SJussi Kivilinna See also: 13240b95ec56SJussi Kivilinna <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 13250b95ec56SJussi Kivilinna 1326d9b1d2e7SJussi Kivilinnaconfig CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1327d9b1d2e7SJussi Kivilinna tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1328d9b1d2e7SJussi Kivilinna depends on X86 && 64BIT 1329b95bba5dSEric Biggers select CRYPTO_SKCIPHER 1330d9b1d2e7SJussi Kivilinna select CRYPTO_CAMELLIA_X86_64 133144893bc2SEric Biggers select CRYPTO_SIMD 133255a7e88fSArd Biesheuvel imply CRYPTO_XTS 1333d9b1d2e7SJussi Kivilinna help 1334d9b1d2e7SJussi Kivilinna Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1335d9b1d2e7SJussi Kivilinna 1336d9b1d2e7SJussi Kivilinna Camellia is a symmetric key block cipher developed jointly 1337d9b1d2e7SJussi Kivilinna at NTT and Mitsubishi Electric Corporation. 1338d9b1d2e7SJussi Kivilinna 1339d9b1d2e7SJussi Kivilinna The Camellia specifies three key sizes: 128, 192 and 256 bits. 1340d9b1d2e7SJussi Kivilinna 1341d9b1d2e7SJussi Kivilinna See also: 1342d9b1d2e7SJussi Kivilinna <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1343d9b1d2e7SJussi Kivilinna 1344f3f935a7SJussi Kivilinnaconfig CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1345f3f935a7SJussi Kivilinna tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1346f3f935a7SJussi Kivilinna depends on X86 && 64BIT 1347f3f935a7SJussi Kivilinna select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1348f3f935a7SJussi Kivilinna help 1349f3f935a7SJussi Kivilinna Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1350f3f935a7SJussi Kivilinna 1351f3f935a7SJussi Kivilinna Camellia is a symmetric key block cipher developed jointly 1352f3f935a7SJussi Kivilinna at NTT and Mitsubishi Electric Corporation. 1353f3f935a7SJussi Kivilinna 1354f3f935a7SJussi Kivilinna The Camellia specifies three key sizes: 128, 192 and 256 bits. 1355f3f935a7SJussi Kivilinna 1356f3f935a7SJussi Kivilinna See also: 1357f3f935a7SJussi Kivilinna <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1358f3f935a7SJussi Kivilinna 135981658ad0SDavid S. Millerconfig CRYPTO_CAMELLIA_SPARC64 136081658ad0SDavid S. Miller tristate "Camellia cipher algorithm (SPARC64)" 136181658ad0SDavid S. Miller depends on SPARC64 136281658ad0SDavid S. Miller select CRYPTO_ALGAPI 1363b95bba5dSEric Biggers select CRYPTO_SKCIPHER 136481658ad0SDavid S. Miller help 136581658ad0SDavid S. Miller Camellia cipher algorithm module (SPARC64). 136681658ad0SDavid S. Miller 136781658ad0SDavid S. Miller Camellia is a symmetric key block cipher developed jointly 136881658ad0SDavid S. Miller at NTT and Mitsubishi Electric Corporation. 136981658ad0SDavid S. Miller 137081658ad0SDavid S. Miller The Camellia specifies three key sizes: 128, 192 and 256 bits. 137181658ad0SDavid S. Miller 137281658ad0SDavid S. Miller See also: 137381658ad0SDavid S. Miller <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 137481658ad0SDavid S. Miller 1375044ab525SJussi Kivilinnaconfig CRYPTO_CAST_COMMON 1376044ab525SJussi Kivilinna tristate 1377044ab525SJussi Kivilinna help 1378044ab525SJussi Kivilinna Common parts of the CAST cipher algorithms shared by the 1379044ab525SJussi Kivilinna generic c and the assembler implementations. 1380044ab525SJussi Kivilinna 1381584fffc8SSebastian Siewiorconfig CRYPTO_CAST5 1382584fffc8SSebastian Siewior tristate "CAST5 (CAST-128) cipher algorithm" 1383584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1384044ab525SJussi Kivilinna select CRYPTO_CAST_COMMON 1385584fffc8SSebastian Siewior help 1386584fffc8SSebastian Siewior The CAST5 encryption algorithm (synonymous with CAST-128) is 1387584fffc8SSebastian Siewior described in RFC2144. 1388584fffc8SSebastian Siewior 13894d6d6a2cSJohannes Goetzfriedconfig CRYPTO_CAST5_AVX_X86_64 13904d6d6a2cSJohannes Goetzfried tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 13914d6d6a2cSJohannes Goetzfried depends on X86 && 64BIT 1392b95bba5dSEric Biggers select CRYPTO_SKCIPHER 13934d6d6a2cSJohannes Goetzfried select CRYPTO_CAST5 13941e63183aSEric Biggers select CRYPTO_CAST_COMMON 13951e63183aSEric Biggers select CRYPTO_SIMD 1396e2d60e2fSArd Biesheuvel imply CRYPTO_CTR 13974d6d6a2cSJohannes Goetzfried help 13984d6d6a2cSJohannes Goetzfried The CAST5 encryption algorithm (synonymous with CAST-128) is 13994d6d6a2cSJohannes Goetzfried described in RFC2144. 14004d6d6a2cSJohannes Goetzfried 14014d6d6a2cSJohannes Goetzfried This module provides the Cast5 cipher algorithm that processes 14024d6d6a2cSJohannes Goetzfried sixteen blocks parallel using the AVX instruction set. 14034d6d6a2cSJohannes Goetzfried 1404584fffc8SSebastian Siewiorconfig CRYPTO_CAST6 1405584fffc8SSebastian Siewior tristate "CAST6 (CAST-256) cipher algorithm" 1406584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1407044ab525SJussi Kivilinna select CRYPTO_CAST_COMMON 1408584fffc8SSebastian Siewior help 1409584fffc8SSebastian Siewior The CAST6 encryption algorithm (synonymous with CAST-256) is 1410584fffc8SSebastian Siewior described in RFC2612. 1411584fffc8SSebastian Siewior 14124ea1277dSJohannes Goetzfriedconfig CRYPTO_CAST6_AVX_X86_64 14134ea1277dSJohannes Goetzfried tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 14144ea1277dSJohannes Goetzfried depends on X86 && 64BIT 1415b95bba5dSEric Biggers select CRYPTO_SKCIPHER 14164ea1277dSJohannes Goetzfried select CRYPTO_CAST6 14174bd96924SEric Biggers select CRYPTO_CAST_COMMON 14184bd96924SEric Biggers select CRYPTO_SIMD 14192cc0fedbSArd Biesheuvel imply CRYPTO_XTS 14207a6623ccSArd Biesheuvel imply CRYPTO_CTR 14214ea1277dSJohannes Goetzfried help 14224ea1277dSJohannes Goetzfried The CAST6 encryption algorithm (synonymous with CAST-256) is 14234ea1277dSJohannes Goetzfried described in RFC2612. 14244ea1277dSJohannes Goetzfried 14254ea1277dSJohannes Goetzfried This module provides the Cast6 cipher algorithm that processes 14264ea1277dSJohannes Goetzfried eight blocks parallel using the AVX instruction set. 14274ea1277dSJohannes Goetzfried 1428584fffc8SSebastian Siewiorconfig CRYPTO_DES 1429584fffc8SSebastian Siewior tristate "DES and Triple DES EDE cipher algorithms" 1430584fffc8SSebastian Siewior select CRYPTO_ALGAPI 143104007b0eSArd Biesheuvel select CRYPTO_LIB_DES 1432584fffc8SSebastian Siewior help 1433584fffc8SSebastian Siewior DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1434584fffc8SSebastian Siewior 1435c5aac2dfSDavid S. Millerconfig CRYPTO_DES_SPARC64 1436c5aac2dfSDavid S. Miller tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 143797da37b3SDave Jones depends on SPARC64 1438c5aac2dfSDavid S. Miller select CRYPTO_ALGAPI 143904007b0eSArd Biesheuvel select CRYPTO_LIB_DES 1440b95bba5dSEric Biggers select CRYPTO_SKCIPHER 1441c5aac2dfSDavid S. Miller help 1442c5aac2dfSDavid S. Miller DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1443c5aac2dfSDavid S. Miller optimized using SPARC64 crypto opcodes. 1444c5aac2dfSDavid S. Miller 14456574e6c6SJussi Kivilinnaconfig CRYPTO_DES3_EDE_X86_64 14466574e6c6SJussi Kivilinna tristate "Triple DES EDE cipher algorithm (x86-64)" 14476574e6c6SJussi Kivilinna depends on X86 && 64BIT 1448b95bba5dSEric Biggers select CRYPTO_SKCIPHER 144904007b0eSArd Biesheuvel select CRYPTO_LIB_DES 1450768db5feSArd Biesheuvel imply CRYPTO_CTR 14516574e6c6SJussi Kivilinna help 14526574e6c6SJussi Kivilinna Triple DES EDE (FIPS 46-3) algorithm. 14536574e6c6SJussi Kivilinna 14546574e6c6SJussi Kivilinna This module provides implementation of the Triple DES EDE cipher 14556574e6c6SJussi Kivilinna algorithm that is optimized for x86-64 processors. Two versions of 14566574e6c6SJussi Kivilinna algorithm are provided; regular processing one input block and 14576574e6c6SJussi Kivilinna one that processes three blocks parallel. 14586574e6c6SJussi Kivilinna 1459584fffc8SSebastian Siewiorconfig CRYPTO_FCRYPT 1460584fffc8SSebastian Siewior tristate "FCrypt cipher algorithm" 1461584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1462b95bba5dSEric Biggers select CRYPTO_SKCIPHER 1463584fffc8SSebastian Siewior help 1464584fffc8SSebastian Siewior FCrypt algorithm used by RxRPC. 1465584fffc8SSebastian Siewior 1466584fffc8SSebastian Siewiorconfig CRYPTO_KHAZAD 1467584fffc8SSebastian Siewior tristate "Khazad cipher algorithm" 14681674aea5SArd Biesheuvel depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1469584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1470584fffc8SSebastian Siewior help 1471584fffc8SSebastian Siewior Khazad cipher algorithm. 1472584fffc8SSebastian Siewior 1473584fffc8SSebastian Siewior Khazad was a finalist in the initial NESSIE competition. It is 1474584fffc8SSebastian Siewior an algorithm optimized for 64-bit processors with good performance 1475584fffc8SSebastian Siewior on 32-bit processors. Khazad uses an 128 bit key size. 1476584fffc8SSebastian Siewior 1477584fffc8SSebastian Siewior See also: 14786d8de74cSJustin P. Mattock <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1479e2ee95b8SHye-Shik Chang 1480c08d0e64SMartin Williconfig CRYPTO_CHACHA20 1481aa762409SEric Biggers tristate "ChaCha stream cipher algorithms" 14825fb8ef25SArd Biesheuvel select CRYPTO_LIB_CHACHA_GENERIC 1483b95bba5dSEric Biggers select CRYPTO_SKCIPHER 1484c08d0e64SMartin Willi help 1485aa762409SEric Biggers The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms. 1486c08d0e64SMartin Willi 1487c08d0e64SMartin Willi ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1488c08d0e64SMartin Willi Bernstein and further specified in RFC7539 for use in IETF protocols. 1489de61d7aeSEric Biggers This is the portable C implementation of ChaCha20. See also: 14909332a9e7SAlexander A. Klimov <https://cr.yp.to/chacha/chacha-20080128.pdf> 1491c08d0e64SMartin Willi 1492de61d7aeSEric Biggers XChaCha20 is the application of the XSalsa20 construction to ChaCha20 1493de61d7aeSEric Biggers rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 1494de61d7aeSEric Biggers from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 1495de61d7aeSEric Biggers while provably retaining ChaCha20's security. See also: 1496de61d7aeSEric Biggers <https://cr.yp.to/snuffle/xsalsa-20081128.pdf> 1497de61d7aeSEric Biggers 1498aa762409SEric Biggers XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 1499aa762409SEric Biggers reduced security margin but increased performance. It can be needed 1500aa762409SEric Biggers in some performance-sensitive scenarios. 1501aa762409SEric Biggers 1502c9320b6dSMartin Williconfig CRYPTO_CHACHA20_X86_64 15034af78261SEric Biggers tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)" 1504c9320b6dSMartin Willi depends on X86 && 64BIT 1505b95bba5dSEric Biggers select CRYPTO_SKCIPHER 150628e8d89bSArd Biesheuvel select CRYPTO_LIB_CHACHA_GENERIC 150784e03fa3SArd Biesheuvel select CRYPTO_ARCH_HAVE_LIB_CHACHA 1508c9320b6dSMartin Willi help 15097a507d62SEric Biggers SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20, 15107a507d62SEric Biggers XChaCha20, and XChaCha12 stream ciphers. 1511c9320b6dSMartin Willi 15123a2f58f3SArd Biesheuvelconfig CRYPTO_CHACHA_MIPS 15133a2f58f3SArd Biesheuvel tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)" 15143a2f58f3SArd Biesheuvel depends on CPU_MIPS32_R2 1515660eda8dSEric Biggers select CRYPTO_SKCIPHER 15163a2f58f3SArd Biesheuvel select CRYPTO_ARCH_HAVE_LIB_CHACHA 15173a2f58f3SArd Biesheuvel 1518584fffc8SSebastian Siewiorconfig CRYPTO_SEED 1519584fffc8SSebastian Siewior tristate "SEED cipher algorithm" 15201674aea5SArd Biesheuvel depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1521584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1522584fffc8SSebastian Siewior help 1523584fffc8SSebastian Siewior SEED cipher algorithm (RFC4269). 1524584fffc8SSebastian Siewior 1525584fffc8SSebastian Siewior SEED is a 128-bit symmetric key block cipher that has been 1526584fffc8SSebastian Siewior developed by KISA (Korea Information Security Agency) as a 1527584fffc8SSebastian Siewior national standard encryption algorithm of the Republic of Korea. 1528584fffc8SSebastian Siewior It is a 16 round block cipher with the key size of 128 bit. 1529584fffc8SSebastian Siewior 1530584fffc8SSebastian Siewior See also: 1531584fffc8SSebastian Siewior <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1532584fffc8SSebastian Siewior 1533e4e712bbSTaehee Yooconfig CRYPTO_ARIA 1534e4e712bbSTaehee Yoo tristate "ARIA cipher algorithm" 1535e4e712bbSTaehee Yoo select CRYPTO_ALGAPI 1536e4e712bbSTaehee Yoo help 1537e4e712bbSTaehee Yoo ARIA cipher algorithm (RFC5794). 1538e4e712bbSTaehee Yoo 1539e4e712bbSTaehee Yoo ARIA is a standard encryption algorithm of the Republic of Korea. 1540e4e712bbSTaehee Yoo The ARIA specifies three key sizes and rounds. 1541e4e712bbSTaehee Yoo 128-bit: 12 rounds. 1542e4e712bbSTaehee Yoo 192-bit: 14 rounds. 1543e4e712bbSTaehee Yoo 256-bit: 16 rounds. 1544e4e712bbSTaehee Yoo 1545e4e712bbSTaehee Yoo See also: 1546e4e712bbSTaehee Yoo <https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do> 1547e4e712bbSTaehee Yoo 1548584fffc8SSebastian Siewiorconfig CRYPTO_SERPENT 1549584fffc8SSebastian Siewior tristate "Serpent cipher algorithm" 1550584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1551584fffc8SSebastian Siewior help 1552584fffc8SSebastian Siewior Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1553584fffc8SSebastian Siewior 1554584fffc8SSebastian Siewior Keys are allowed to be from 0 to 256 bits in length, in steps 1555784506a1SArd Biesheuvel of 8 bits. 1556584fffc8SSebastian Siewior 1557584fffc8SSebastian Siewior See also: 15589332a9e7SAlexander A. Klimov <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1559584fffc8SSebastian Siewior 1560937c30d7SJussi Kivilinnaconfig CRYPTO_SERPENT_SSE2_X86_64 1561937c30d7SJussi Kivilinna tristate "Serpent cipher algorithm (x86_64/SSE2)" 1562937c30d7SJussi Kivilinna depends on X86 && 64BIT 1563b95bba5dSEric Biggers select CRYPTO_SKCIPHER 1564937c30d7SJussi Kivilinna select CRYPTO_SERPENT 1565e0f409dcSEric Biggers select CRYPTO_SIMD 15662e9440aeSArd Biesheuvel imply CRYPTO_CTR 1567937c30d7SJussi Kivilinna help 1568937c30d7SJussi Kivilinna Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1569937c30d7SJussi Kivilinna 1570937c30d7SJussi Kivilinna Keys are allowed to be from 0 to 256 bits in length, in steps 1571937c30d7SJussi Kivilinna of 8 bits. 1572937c30d7SJussi Kivilinna 15731e6232f8SMasanari Iida This module provides Serpent cipher algorithm that processes eight 1574937c30d7SJussi Kivilinna blocks parallel using SSE2 instruction set. 1575937c30d7SJussi Kivilinna 1576937c30d7SJussi Kivilinna See also: 15779332a9e7SAlexander A. Klimov <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1578937c30d7SJussi Kivilinna 1579251496dbSJussi Kivilinnaconfig CRYPTO_SERPENT_SSE2_586 1580251496dbSJussi Kivilinna tristate "Serpent cipher algorithm (i586/SSE2)" 1581251496dbSJussi Kivilinna depends on X86 && !64BIT 1582b95bba5dSEric Biggers select CRYPTO_SKCIPHER 1583251496dbSJussi Kivilinna select CRYPTO_SERPENT 1584e0f409dcSEric Biggers select CRYPTO_SIMD 15852e9440aeSArd Biesheuvel imply CRYPTO_CTR 1586251496dbSJussi Kivilinna help 1587251496dbSJussi Kivilinna Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1588251496dbSJussi Kivilinna 1589251496dbSJussi Kivilinna Keys are allowed to be from 0 to 256 bits in length, in steps 1590251496dbSJussi Kivilinna of 8 bits. 1591251496dbSJussi Kivilinna 1592251496dbSJussi Kivilinna This module provides Serpent cipher algorithm that processes four 1593251496dbSJussi Kivilinna blocks parallel using SSE2 instruction set. 1594251496dbSJussi Kivilinna 1595251496dbSJussi Kivilinna See also: 15969332a9e7SAlexander A. Klimov <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1597251496dbSJussi Kivilinna 15987efe4076SJohannes Goetzfriedconfig CRYPTO_SERPENT_AVX_X86_64 15997efe4076SJohannes Goetzfried tristate "Serpent cipher algorithm (x86_64/AVX)" 16007efe4076SJohannes Goetzfried depends on X86 && 64BIT 1601b95bba5dSEric Biggers select CRYPTO_SKCIPHER 16027efe4076SJohannes Goetzfried select CRYPTO_SERPENT 1603e16bf974SEric Biggers select CRYPTO_SIMD 16049ec0af8aSArd Biesheuvel imply CRYPTO_XTS 16052e9440aeSArd Biesheuvel imply CRYPTO_CTR 16067efe4076SJohannes Goetzfried help 16077efe4076SJohannes Goetzfried Serpent cipher algorithm, by Anderson, Biham & Knudsen. 16087efe4076SJohannes Goetzfried 16097efe4076SJohannes Goetzfried Keys are allowed to be from 0 to 256 bits in length, in steps 16107efe4076SJohannes Goetzfried of 8 bits. 16117efe4076SJohannes Goetzfried 16127efe4076SJohannes Goetzfried This module provides the Serpent cipher algorithm that processes 16137efe4076SJohannes Goetzfried eight blocks parallel using the AVX instruction set. 16147efe4076SJohannes Goetzfried 16157efe4076SJohannes Goetzfried See also: 16169332a9e7SAlexander A. Klimov <https://www.cl.cam.ac.uk/~rja14/serpent.html> 16177efe4076SJohannes Goetzfried 161856d76c96SJussi Kivilinnaconfig CRYPTO_SERPENT_AVX2_X86_64 161956d76c96SJussi Kivilinna tristate "Serpent cipher algorithm (x86_64/AVX2)" 162056d76c96SJussi Kivilinna depends on X86 && 64BIT 162156d76c96SJussi Kivilinna select CRYPTO_SERPENT_AVX_X86_64 162256d76c96SJussi Kivilinna help 162356d76c96SJussi Kivilinna Serpent cipher algorithm, by Anderson, Biham & Knudsen. 162456d76c96SJussi Kivilinna 162556d76c96SJussi Kivilinna Keys are allowed to be from 0 to 256 bits in length, in steps 162656d76c96SJussi Kivilinna of 8 bits. 162756d76c96SJussi Kivilinna 162856d76c96SJussi Kivilinna This module provides Serpent cipher algorithm that processes 16 162956d76c96SJussi Kivilinna blocks parallel using AVX2 instruction set. 163056d76c96SJussi Kivilinna 163156d76c96SJussi Kivilinna See also: 16329332a9e7SAlexander A. Klimov <https://www.cl.cam.ac.uk/~rja14/serpent.html> 163356d76c96SJussi Kivilinna 1634747c8ce4SGilad Ben-Yossefconfig CRYPTO_SM4 1635d2825fa9SJason A. Donenfeld tristate 1636d2825fa9SJason A. Donenfeld 1637d2825fa9SJason A. Donenfeldconfig CRYPTO_SM4_GENERIC 1638747c8ce4SGilad Ben-Yossef tristate "SM4 cipher algorithm" 1639747c8ce4SGilad Ben-Yossef select CRYPTO_ALGAPI 1640d2825fa9SJason A. Donenfeld select CRYPTO_SM4 1641747c8ce4SGilad Ben-Yossef help 1642747c8ce4SGilad Ben-Yossef SM4 cipher algorithms (OSCCA GB/T 32907-2016). 1643747c8ce4SGilad Ben-Yossef 1644747c8ce4SGilad Ben-Yossef SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1645747c8ce4SGilad Ben-Yossef Organization of State Commercial Administration of China (OSCCA) 1646747c8ce4SGilad Ben-Yossef as an authorized cryptographic algorithms for the use within China. 1647747c8ce4SGilad Ben-Yossef 1648747c8ce4SGilad Ben-Yossef SMS4 was originally created for use in protecting wireless 1649747c8ce4SGilad Ben-Yossef networks, and is mandated in the Chinese National Standard for 1650747c8ce4SGilad Ben-Yossef Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 1651747c8ce4SGilad Ben-Yossef (GB.15629.11-2003). 1652747c8ce4SGilad Ben-Yossef 1653747c8ce4SGilad Ben-Yossef The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 1654747c8ce4SGilad Ben-Yossef standardized through TC 260 of the Standardization Administration 1655747c8ce4SGilad Ben-Yossef of the People's Republic of China (SAC). 1656747c8ce4SGilad Ben-Yossef 1657747c8ce4SGilad Ben-Yossef The input, output, and key of SMS4 are each 128 bits. 1658747c8ce4SGilad Ben-Yossef 1659747c8ce4SGilad Ben-Yossef See also: <https://eprint.iacr.org/2008/329.pdf> 1660747c8ce4SGilad Ben-Yossef 1661747c8ce4SGilad Ben-Yossef If unsure, say N. 1662747c8ce4SGilad Ben-Yossef 1663a7ee22eeSTianjia Zhangconfig CRYPTO_SM4_AESNI_AVX_X86_64 1664a7ee22eeSTianjia Zhang tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX)" 1665a7ee22eeSTianjia Zhang depends on X86 && 64BIT 1666a7ee22eeSTianjia Zhang select CRYPTO_SKCIPHER 1667a7ee22eeSTianjia Zhang select CRYPTO_SIMD 1668a7ee22eeSTianjia Zhang select CRYPTO_ALGAPI 1669d2825fa9SJason A. Donenfeld select CRYPTO_SM4 1670a7ee22eeSTianjia Zhang help 1671a7ee22eeSTianjia Zhang SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX). 1672a7ee22eeSTianjia Zhang 1673a7ee22eeSTianjia Zhang SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1674a7ee22eeSTianjia Zhang Organization of State Commercial Administration of China (OSCCA) 1675a7ee22eeSTianjia Zhang as an authorized cryptographic algorithms for the use within China. 1676a7ee22eeSTianjia Zhang 1677a7ee22eeSTianjia Zhang This is SM4 optimized implementation using AES-NI/AVX/x86_64 1678a7ee22eeSTianjia Zhang instruction set for block cipher. Through two affine transforms, 1679a7ee22eeSTianjia Zhang we can use the AES S-Box to simulate the SM4 S-Box to achieve the 1680a7ee22eeSTianjia Zhang effect of instruction acceleration. 1681a7ee22eeSTianjia Zhang 1682a7ee22eeSTianjia Zhang If unsure, say N. 1683a7ee22eeSTianjia Zhang 16845b2efa2bSTianjia Zhangconfig CRYPTO_SM4_AESNI_AVX2_X86_64 16855b2efa2bSTianjia Zhang tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX2)" 16865b2efa2bSTianjia Zhang depends on X86 && 64BIT 16875b2efa2bSTianjia Zhang select CRYPTO_SKCIPHER 16885b2efa2bSTianjia Zhang select CRYPTO_SIMD 16895b2efa2bSTianjia Zhang select CRYPTO_ALGAPI 1690d2825fa9SJason A. Donenfeld select CRYPTO_SM4 16915b2efa2bSTianjia Zhang select CRYPTO_SM4_AESNI_AVX_X86_64 16925b2efa2bSTianjia Zhang help 16935b2efa2bSTianjia Zhang SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX2). 16945b2efa2bSTianjia Zhang 16955b2efa2bSTianjia Zhang SM4 (GBT.32907-2016) is a cryptographic standard issued by the 16965b2efa2bSTianjia Zhang Organization of State Commercial Administration of China (OSCCA) 16975b2efa2bSTianjia Zhang as an authorized cryptographic algorithms for the use within China. 16985b2efa2bSTianjia Zhang 16995b2efa2bSTianjia Zhang This is SM4 optimized implementation using AES-NI/AVX2/x86_64 17005b2efa2bSTianjia Zhang instruction set for block cipher. Through two affine transforms, 17015b2efa2bSTianjia Zhang we can use the AES S-Box to simulate the SM4 S-Box to achieve the 17025b2efa2bSTianjia Zhang effect of instruction acceleration. 17035b2efa2bSTianjia Zhang 17045b2efa2bSTianjia Zhang If unsure, say N. 17055b2efa2bSTianjia Zhang 1706584fffc8SSebastian Siewiorconfig CRYPTO_TEA 1707584fffc8SSebastian Siewior tristate "TEA, XTEA and XETA cipher algorithms" 17081674aea5SArd Biesheuvel depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1709584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1710584fffc8SSebastian Siewior help 1711584fffc8SSebastian Siewior TEA cipher algorithm. 1712584fffc8SSebastian Siewior 1713584fffc8SSebastian Siewior Tiny Encryption Algorithm is a simple cipher that uses 1714584fffc8SSebastian Siewior many rounds for security. It is very fast and uses 1715584fffc8SSebastian Siewior little memory. 1716584fffc8SSebastian Siewior 1717584fffc8SSebastian Siewior Xtendend Tiny Encryption Algorithm is a modification to 1718584fffc8SSebastian Siewior the TEA algorithm to address a potential key weakness 1719584fffc8SSebastian Siewior in the TEA algorithm. 1720584fffc8SSebastian Siewior 1721584fffc8SSebastian Siewior Xtendend Encryption Tiny Algorithm is a mis-implementation 1722584fffc8SSebastian Siewior of the XTEA algorithm for compatibility purposes. 1723584fffc8SSebastian Siewior 1724584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH 1725584fffc8SSebastian Siewior tristate "Twofish cipher algorithm" 1726584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1727584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 1728584fffc8SSebastian Siewior help 1729584fffc8SSebastian Siewior Twofish cipher algorithm. 1730584fffc8SSebastian Siewior 1731584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 1732584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 1733584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 1734584fffc8SSebastian Siewior bits. 1735584fffc8SSebastian Siewior 1736584fffc8SSebastian Siewior See also: 17379332a9e7SAlexander A. Klimov <https://www.schneier.com/twofish.html> 1738584fffc8SSebastian Siewior 1739584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_COMMON 1740584fffc8SSebastian Siewior tristate 1741584fffc8SSebastian Siewior help 1742584fffc8SSebastian Siewior Common parts of the Twofish cipher algorithm shared by the 1743584fffc8SSebastian Siewior generic c and the assembler implementations. 1744584fffc8SSebastian Siewior 1745584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_586 1746584fffc8SSebastian Siewior tristate "Twofish cipher algorithms (i586)" 1747584fffc8SSebastian Siewior depends on (X86 || UML_X86) && !64BIT 1748584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1749584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 1750f43dcaf2SArd Biesheuvel imply CRYPTO_CTR 1751584fffc8SSebastian Siewior help 1752584fffc8SSebastian Siewior Twofish cipher algorithm. 1753584fffc8SSebastian Siewior 1754584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 1755584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 1756584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 1757584fffc8SSebastian Siewior bits. 1758584fffc8SSebastian Siewior 1759584fffc8SSebastian Siewior See also: 17609332a9e7SAlexander A. Klimov <https://www.schneier.com/twofish.html> 1761584fffc8SSebastian Siewior 1762584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_X86_64 1763584fffc8SSebastian Siewior tristate "Twofish cipher algorithm (x86_64)" 1764584fffc8SSebastian Siewior depends on (X86 || UML_X86) && 64BIT 1765584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1766584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 1767f43dcaf2SArd Biesheuvel imply CRYPTO_CTR 1768584fffc8SSebastian Siewior help 1769584fffc8SSebastian Siewior Twofish cipher algorithm (x86_64). 1770584fffc8SSebastian Siewior 1771584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 1772584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 1773584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 1774584fffc8SSebastian Siewior bits. 1775584fffc8SSebastian Siewior 1776584fffc8SSebastian Siewior See also: 17779332a9e7SAlexander A. Klimov <https://www.schneier.com/twofish.html> 1778584fffc8SSebastian Siewior 17798280daadSJussi Kivilinnaconfig CRYPTO_TWOFISH_X86_64_3WAY 17808280daadSJussi Kivilinna tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1781f21a7c19SAl Viro depends on X86 && 64BIT 1782b95bba5dSEric Biggers select CRYPTO_SKCIPHER 17838280daadSJussi Kivilinna select CRYPTO_TWOFISH_COMMON 17848280daadSJussi Kivilinna select CRYPTO_TWOFISH_X86_64 17858280daadSJussi Kivilinna help 17868280daadSJussi Kivilinna Twofish cipher algorithm (x86_64, 3-way parallel). 17878280daadSJussi Kivilinna 17888280daadSJussi Kivilinna Twofish was submitted as an AES (Advanced Encryption Standard) 17898280daadSJussi Kivilinna candidate cipher by researchers at CounterPane Systems. It is a 17908280daadSJussi Kivilinna 16 round block cipher supporting key sizes of 128, 192, and 256 17918280daadSJussi Kivilinna bits. 17928280daadSJussi Kivilinna 17938280daadSJussi Kivilinna This module provides Twofish cipher algorithm that processes three 17948280daadSJussi Kivilinna blocks parallel, utilizing resources of out-of-order CPUs better. 17958280daadSJussi Kivilinna 17968280daadSJussi Kivilinna See also: 17979332a9e7SAlexander A. Klimov <https://www.schneier.com/twofish.html> 17988280daadSJussi Kivilinna 1799107778b5SJohannes Goetzfriedconfig CRYPTO_TWOFISH_AVX_X86_64 1800107778b5SJohannes Goetzfried tristate "Twofish cipher algorithm (x86_64/AVX)" 1801107778b5SJohannes Goetzfried depends on X86 && 64BIT 1802b95bba5dSEric Biggers select CRYPTO_SKCIPHER 18030e6ab46dSEric Biggers select CRYPTO_SIMD 1804107778b5SJohannes Goetzfried select CRYPTO_TWOFISH_COMMON 1805107778b5SJohannes Goetzfried select CRYPTO_TWOFISH_X86_64 1806107778b5SJohannes Goetzfried select CRYPTO_TWOFISH_X86_64_3WAY 1807da4df93aSArd Biesheuvel imply CRYPTO_XTS 1808107778b5SJohannes Goetzfried help 1809107778b5SJohannes Goetzfried Twofish cipher algorithm (x86_64/AVX). 1810107778b5SJohannes Goetzfried 1811107778b5SJohannes Goetzfried Twofish was submitted as an AES (Advanced Encryption Standard) 1812107778b5SJohannes Goetzfried candidate cipher by researchers at CounterPane Systems. It is a 1813107778b5SJohannes Goetzfried 16 round block cipher supporting key sizes of 128, 192, and 256 1814107778b5SJohannes Goetzfried bits. 1815107778b5SJohannes Goetzfried 1816107778b5SJohannes Goetzfried This module provides the Twofish cipher algorithm that processes 1817107778b5SJohannes Goetzfried eight blocks parallel using the AVX Instruction Set. 1818107778b5SJohannes Goetzfried 1819107778b5SJohannes Goetzfried See also: 18209332a9e7SAlexander A. Klimov <https://www.schneier.com/twofish.html> 1821107778b5SJohannes Goetzfried 1822584fffc8SSebastian Siewiorcomment "Compression" 1823584fffc8SSebastian Siewior 18241da177e4SLinus Torvaldsconfig CRYPTO_DEFLATE 18251da177e4SLinus Torvalds tristate "Deflate compression algorithm" 1826cce9e06dSHerbert Xu select CRYPTO_ALGAPI 1827f6ded09dSGiovanni Cabiddu select CRYPTO_ACOMP2 18281da177e4SLinus Torvalds select ZLIB_INFLATE 18291da177e4SLinus Torvalds select ZLIB_DEFLATE 18301da177e4SLinus Torvalds help 18311da177e4SLinus Torvalds This is the Deflate algorithm (RFC1951), specified for use in 18321da177e4SLinus Torvalds IPSec with the IPCOMP protocol (RFC3173, RFC2394). 18331da177e4SLinus Torvalds 18341da177e4SLinus Torvalds You will most probably want this if using IPSec. 18351da177e4SLinus Torvalds 18360b77abb3SZoltan Sogorconfig CRYPTO_LZO 18370b77abb3SZoltan Sogor tristate "LZO compression algorithm" 18380b77abb3SZoltan Sogor select CRYPTO_ALGAPI 1839ac9d2c4bSGiovanni Cabiddu select CRYPTO_ACOMP2 18400b77abb3SZoltan Sogor select LZO_COMPRESS 18410b77abb3SZoltan Sogor select LZO_DECOMPRESS 18420b77abb3SZoltan Sogor help 18430b77abb3SZoltan Sogor This is the LZO algorithm. 18440b77abb3SZoltan Sogor 184535a1fc18SSeth Jenningsconfig CRYPTO_842 184635a1fc18SSeth Jennings tristate "842 compression algorithm" 18472062c5b6SDan Streetman select CRYPTO_ALGAPI 18486a8de3aeSGiovanni Cabiddu select CRYPTO_ACOMP2 18492062c5b6SDan Streetman select 842_COMPRESS 18502062c5b6SDan Streetman select 842_DECOMPRESS 185135a1fc18SSeth Jennings help 185235a1fc18SSeth Jennings This is the 842 algorithm. 185335a1fc18SSeth Jennings 18540ea8530dSChanho Minconfig CRYPTO_LZ4 18550ea8530dSChanho Min tristate "LZ4 compression algorithm" 18560ea8530dSChanho Min select CRYPTO_ALGAPI 18578cd9330eSGiovanni Cabiddu select CRYPTO_ACOMP2 18580ea8530dSChanho Min select LZ4_COMPRESS 18590ea8530dSChanho Min select LZ4_DECOMPRESS 18600ea8530dSChanho Min help 18610ea8530dSChanho Min This is the LZ4 algorithm. 18620ea8530dSChanho Min 18630ea8530dSChanho Minconfig CRYPTO_LZ4HC 18640ea8530dSChanho Min tristate "LZ4HC compression algorithm" 18650ea8530dSChanho Min select CRYPTO_ALGAPI 186691d53d96SGiovanni Cabiddu select CRYPTO_ACOMP2 18670ea8530dSChanho Min select LZ4HC_COMPRESS 18680ea8530dSChanho Min select LZ4_DECOMPRESS 18690ea8530dSChanho Min help 18700ea8530dSChanho Min This is the LZ4 high compression mode algorithm. 18710ea8530dSChanho Min 1872d28fc3dbSNick Terrellconfig CRYPTO_ZSTD 1873d28fc3dbSNick Terrell tristate "Zstd compression algorithm" 1874d28fc3dbSNick Terrell select CRYPTO_ALGAPI 1875d28fc3dbSNick Terrell select CRYPTO_ACOMP2 1876d28fc3dbSNick Terrell select ZSTD_COMPRESS 1877d28fc3dbSNick Terrell select ZSTD_DECOMPRESS 1878d28fc3dbSNick Terrell help 1879d28fc3dbSNick Terrell This is the zstd algorithm. 1880d28fc3dbSNick Terrell 188117f0f4a4SNeil Hormancomment "Random Number Generation" 188217f0f4a4SNeil Horman 188317f0f4a4SNeil Hormanconfig CRYPTO_ANSI_CPRNG 188417f0f4a4SNeil Horman tristate "Pseudo Random Number Generation for Cryptographic modules" 188517f0f4a4SNeil Horman select CRYPTO_AES 188617f0f4a4SNeil Horman select CRYPTO_RNG 188717f0f4a4SNeil Horman help 188817f0f4a4SNeil Horman This option enables the generic pseudo random number generator 188917f0f4a4SNeil Horman for cryptographic modules. Uses the Algorithm specified in 18907dd607e8SJiri Kosina ANSI X9.31 A.2.4. Note that this option must be enabled if 18917dd607e8SJiri Kosina CRYPTO_FIPS is selected 189217f0f4a4SNeil Horman 1893f2c89a10SHerbert Xumenuconfig CRYPTO_DRBG_MENU 1894419090c6SStephan Mueller tristate "NIST SP800-90A DRBG" 1895419090c6SStephan Mueller help 1896419090c6SStephan Mueller NIST SP800-90A compliant DRBG. In the following submenu, one or 1897419090c6SStephan Mueller more of the DRBG types must be selected. 1898419090c6SStephan Mueller 1899f2c89a10SHerbert Xuif CRYPTO_DRBG_MENU 1900419090c6SStephan Mueller 1901419090c6SStephan Muellerconfig CRYPTO_DRBG_HMAC 1902401e4238SHerbert Xu bool 1903419090c6SStephan Mueller default y 1904419090c6SStephan Mueller select CRYPTO_HMAC 19055261cdf4SStephan Mueller select CRYPTO_SHA512 1906419090c6SStephan Mueller 1907419090c6SStephan Muellerconfig CRYPTO_DRBG_HASH 1908419090c6SStephan Mueller bool "Enable Hash DRBG" 1909826775bbSHerbert Xu select CRYPTO_SHA256 1910419090c6SStephan Mueller help 1911419090c6SStephan Mueller Enable the Hash DRBG variant as defined in NIST SP800-90A. 1912419090c6SStephan Mueller 1913419090c6SStephan Muellerconfig CRYPTO_DRBG_CTR 1914419090c6SStephan Mueller bool "Enable CTR DRBG" 1915419090c6SStephan Mueller select CRYPTO_AES 1916d6fc1a45SCorentin Labbe select CRYPTO_CTR 1917419090c6SStephan Mueller help 1918419090c6SStephan Mueller Enable the CTR DRBG variant as defined in NIST SP800-90A. 1919419090c6SStephan Mueller 1920f2c89a10SHerbert Xuconfig CRYPTO_DRBG 1921f2c89a10SHerbert Xu tristate 1922401e4238SHerbert Xu default CRYPTO_DRBG_MENU 1923f2c89a10SHerbert Xu select CRYPTO_RNG 1924bb5530e4SStephan Mueller select CRYPTO_JITTERENTROPY 1925f2c89a10SHerbert Xu 1926f2c89a10SHerbert Xuendif # if CRYPTO_DRBG_MENU 1927419090c6SStephan Mueller 1928bb5530e4SStephan Muellerconfig CRYPTO_JITTERENTROPY 1929bb5530e4SStephan Mueller tristate "Jitterentropy Non-Deterministic Random Number Generator" 19302f313e02SArnd Bergmann select CRYPTO_RNG 1931bb5530e4SStephan Mueller help 1932bb5530e4SStephan Mueller The Jitterentropy RNG is a noise that is intended 1933bb5530e4SStephan Mueller to provide seed to another RNG. The RNG does not 1934bb5530e4SStephan Mueller perform any cryptographic whitening of the generated 1935bb5530e4SStephan Mueller random numbers. This Jitterentropy RNG registers with 1936bb5530e4SStephan Mueller the kernel crypto API and can be used by any caller. 1937bb5530e4SStephan Mueller 1938026a733eSStephan Müllerconfig CRYPTO_KDF800108_CTR 1939026a733eSStephan Müller tristate 1940a88592ccSHerbert Xu select CRYPTO_HMAC 1941304b4aceSStephan Müller select CRYPTO_SHA256 1942026a733eSStephan Müller 194303c8efc1SHerbert Xuconfig CRYPTO_USER_API 194403c8efc1SHerbert Xu tristate 194503c8efc1SHerbert Xu 1946fe869cdbSHerbert Xuconfig CRYPTO_USER_API_HASH 1947fe869cdbSHerbert Xu tristate "User-space interface for hash algorithms" 19487451708fSHerbert Xu depends on NET 1949fe869cdbSHerbert Xu select CRYPTO_HASH 1950fe869cdbSHerbert Xu select CRYPTO_USER_API 1951fe869cdbSHerbert Xu help 1952fe869cdbSHerbert Xu This option enables the user-spaces interface for hash 1953fe869cdbSHerbert Xu algorithms. 1954fe869cdbSHerbert Xu 19558ff59090SHerbert Xuconfig CRYPTO_USER_API_SKCIPHER 19568ff59090SHerbert Xu tristate "User-space interface for symmetric key cipher algorithms" 19577451708fSHerbert Xu depends on NET 1958b95bba5dSEric Biggers select CRYPTO_SKCIPHER 19598ff59090SHerbert Xu select CRYPTO_USER_API 19608ff59090SHerbert Xu help 19618ff59090SHerbert Xu This option enables the user-spaces interface for symmetric 19628ff59090SHerbert Xu key cipher algorithms. 19638ff59090SHerbert Xu 19642f375538SStephan Muellerconfig CRYPTO_USER_API_RNG 19652f375538SStephan Mueller tristate "User-space interface for random number generator algorithms" 19662f375538SStephan Mueller depends on NET 19672f375538SStephan Mueller select CRYPTO_RNG 19682f375538SStephan Mueller select CRYPTO_USER_API 19692f375538SStephan Mueller help 19702f375538SStephan Mueller This option enables the user-spaces interface for random 19712f375538SStephan Mueller number generator algorithms. 19722f375538SStephan Mueller 197377ebdabeSElena Petrovaconfig CRYPTO_USER_API_RNG_CAVP 197477ebdabeSElena Petrova bool "Enable CAVP testing of DRBG" 197577ebdabeSElena Petrova depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG 197677ebdabeSElena Petrova help 197777ebdabeSElena Petrova This option enables extra API for CAVP testing via the user-space 197877ebdabeSElena Petrova interface: resetting of DRBG entropy, and providing Additional Data. 197977ebdabeSElena Petrova This should only be enabled for CAVP testing. You should say 198077ebdabeSElena Petrova no unless you know what this is. 198177ebdabeSElena Petrova 1982b64a2d95SHerbert Xuconfig CRYPTO_USER_API_AEAD 1983b64a2d95SHerbert Xu tristate "User-space interface for AEAD cipher algorithms" 1984b64a2d95SHerbert Xu depends on NET 1985b64a2d95SHerbert Xu select CRYPTO_AEAD 1986b95bba5dSEric Biggers select CRYPTO_SKCIPHER 198772548b09SStephan Mueller select CRYPTO_NULL 1988b64a2d95SHerbert Xu select CRYPTO_USER_API 1989b64a2d95SHerbert Xu help 1990b64a2d95SHerbert Xu This option enables the user-spaces interface for AEAD 1991b64a2d95SHerbert Xu cipher algorithms. 1992b64a2d95SHerbert Xu 19939ace6771SArd Biesheuvelconfig CRYPTO_USER_API_ENABLE_OBSOLETE 19949ace6771SArd Biesheuvel bool "Enable obsolete cryptographic algorithms for userspace" 19959ace6771SArd Biesheuvel depends on CRYPTO_USER_API 19969ace6771SArd Biesheuvel default y 19979ace6771SArd Biesheuvel help 19989ace6771SArd Biesheuvel Allow obsolete cryptographic algorithms to be selected that have 19999ace6771SArd Biesheuvel already been phased out from internal use by the kernel, and are 20009ace6771SArd Biesheuvel only useful for userspace clients that still rely on them. 20019ace6771SArd Biesheuvel 2002cac5818cSCorentin Labbeconfig CRYPTO_STATS 2003cac5818cSCorentin Labbe bool "Crypto usage statistics for User-space" 2004a6a31385SCorentin Labbe depends on CRYPTO_USER 2005cac5818cSCorentin Labbe help 2006cac5818cSCorentin Labbe This option enables the gathering of crypto stats. 2007cac5818cSCorentin Labbe This will collect: 2008cac5818cSCorentin Labbe - encrypt/decrypt size and numbers of symmeric operations 2009cac5818cSCorentin Labbe - compress/decompress size and numbers of compress operations 2010cac5818cSCorentin Labbe - size and numbers of hash operations 2011cac5818cSCorentin Labbe - encrypt/decrypt/sign/verify numbers for asymmetric operations 2012cac5818cSCorentin Labbe - generate/seed numbers for rng operations 2013cac5818cSCorentin Labbe 2014ee08997fSDmitry Kasatkinconfig CRYPTO_HASH_INFO 2015ee08997fSDmitry Kasatkin bool 2016ee08997fSDmitry Kasatkin 20171da177e4SLinus Torvaldssource "drivers/crypto/Kconfig" 20188636a1f9SMasahiro Yamadasource "crypto/asymmetric_keys/Kconfig" 20198636a1f9SMasahiro Yamadasource "certs/Kconfig" 20201da177e4SLinus Torvalds 2021cce9e06dSHerbert Xuendif # if CRYPTO 2022