1b2441318SGreg Kroah-Hartman# SPDX-License-Identifier: GPL-2.0 21da177e4SLinus Torvalds# 3685784aaSDan Williams# Generic algorithms support 4685784aaSDan Williams# 5685784aaSDan Williamsconfig XOR_BLOCKS 6685784aaSDan Williams tristate 7685784aaSDan Williams 8685784aaSDan Williams# 99bc89cd8SDan Williams# async_tx api: hardware offloaded memory transfer/transform support 109bc89cd8SDan Williams# 119bc89cd8SDan Williamssource "crypto/async_tx/Kconfig" 129bc89cd8SDan Williams 139bc89cd8SDan Williams# 141da177e4SLinus Torvalds# Cryptographic API Configuration 151da177e4SLinus Torvalds# 162e290f43SJan Engelhardtmenuconfig CRYPTO 17c3715cb9SSebastian Siewior tristate "Cryptographic API" 187033b937SEric Biggers select CRYPTO_LIB_UTILS 191da177e4SLinus Torvalds help 201da177e4SLinus Torvalds This option provides the core Cryptographic API. 211da177e4SLinus Torvalds 22cce9e06dSHerbert Xuif CRYPTO 23cce9e06dSHerbert Xu 24584fffc8SSebastian Siewiorcomment "Crypto core or helper" 25584fffc8SSebastian Siewior 26ccb778e1SNeil Hormanconfig CRYPTO_FIPS 27ccb778e1SNeil Horman bool "FIPS 200 compliance" 28f2c89a10SHerbert Xu depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 291f696097SAlec Ari depends on (MODULE_SIG || !MODULES) 30ccb778e1SNeil Horman help 31d99324c2SGeert Uytterhoeven This option enables the fips boot option which is 32d99324c2SGeert Uytterhoeven required if you want the system to operate in a FIPS 200 33ccb778e1SNeil Horman certification. You should say no unless you know what 34e84c5480SChuck Ebbert this is. 35ccb778e1SNeil Horman 365a44749fSVladis Dronovconfig CRYPTO_FIPS_NAME 375a44749fSVladis Dronov string "FIPS Module Name" 385a44749fSVladis Dronov default "Linux Kernel Cryptographic API" 395a44749fSVladis Dronov depends on CRYPTO_FIPS 405a44749fSVladis Dronov help 415a44749fSVladis Dronov This option sets the FIPS Module name reported by the Crypto API via 425a44749fSVladis Dronov the /proc/sys/crypto/fips_name file. 435a44749fSVladis Dronov 445a44749fSVladis Dronovconfig CRYPTO_FIPS_CUSTOM_VERSION 455a44749fSVladis Dronov bool "Use Custom FIPS Module Version" 465a44749fSVladis Dronov depends on CRYPTO_FIPS 475a44749fSVladis Dronov default n 485a44749fSVladis Dronov 495a44749fSVladis Dronovconfig CRYPTO_FIPS_VERSION 505a44749fSVladis Dronov string "FIPS Module Version" 515a44749fSVladis Dronov default "(none)" 525a44749fSVladis Dronov depends on CRYPTO_FIPS_CUSTOM_VERSION 535a44749fSVladis Dronov help 545a44749fSVladis Dronov This option provides the ability to override the FIPS Module Version. 555a44749fSVladis Dronov By default the KERNELRELEASE value is used. 565a44749fSVladis Dronov 57cce9e06dSHerbert Xuconfig CRYPTO_ALGAPI 58cce9e06dSHerbert Xu tristate 596a0fcbb4SHerbert Xu select CRYPTO_ALGAPI2 60cce9e06dSHerbert Xu help 61cce9e06dSHerbert Xu This option provides the API for cryptographic algorithms. 62cce9e06dSHerbert Xu 636a0fcbb4SHerbert Xuconfig CRYPTO_ALGAPI2 646a0fcbb4SHerbert Xu tristate 656a0fcbb4SHerbert Xu 661ae97820SHerbert Xuconfig CRYPTO_AEAD 671ae97820SHerbert Xu tristate 686a0fcbb4SHerbert Xu select CRYPTO_AEAD2 691ae97820SHerbert Xu select CRYPTO_ALGAPI 701ae97820SHerbert Xu 716a0fcbb4SHerbert Xuconfig CRYPTO_AEAD2 726a0fcbb4SHerbert Xu tristate 736a0fcbb4SHerbert Xu select CRYPTO_ALGAPI2 74149a3971SHerbert Xu select CRYPTO_NULL2 75149a3971SHerbert Xu select CRYPTO_RNG2 766a0fcbb4SHerbert Xu 77b95bba5dSEric Biggersconfig CRYPTO_SKCIPHER 785cde0af2SHerbert Xu tristate 79b95bba5dSEric Biggers select CRYPTO_SKCIPHER2 805cde0af2SHerbert Xu select CRYPTO_ALGAPI 816a0fcbb4SHerbert Xu 82b95bba5dSEric Biggersconfig CRYPTO_SKCIPHER2 836a0fcbb4SHerbert Xu tristate 846a0fcbb4SHerbert Xu select CRYPTO_ALGAPI2 856a0fcbb4SHerbert Xu select CRYPTO_RNG2 865cde0af2SHerbert Xu 87055bcee3SHerbert Xuconfig CRYPTO_HASH 88055bcee3SHerbert Xu tristate 896a0fcbb4SHerbert Xu select CRYPTO_HASH2 90055bcee3SHerbert Xu select CRYPTO_ALGAPI 91055bcee3SHerbert Xu 926a0fcbb4SHerbert Xuconfig CRYPTO_HASH2 936a0fcbb4SHerbert Xu tristate 946a0fcbb4SHerbert Xu select CRYPTO_ALGAPI2 956a0fcbb4SHerbert Xu 9617f0f4a4SNeil Hormanconfig CRYPTO_RNG 9717f0f4a4SNeil Horman tristate 986a0fcbb4SHerbert Xu select CRYPTO_RNG2 9917f0f4a4SNeil Horman select CRYPTO_ALGAPI 10017f0f4a4SNeil Horman 1016a0fcbb4SHerbert Xuconfig CRYPTO_RNG2 1026a0fcbb4SHerbert Xu tristate 1036a0fcbb4SHerbert Xu select CRYPTO_ALGAPI2 1046a0fcbb4SHerbert Xu 105401e4238SHerbert Xuconfig CRYPTO_RNG_DEFAULT 106401e4238SHerbert Xu tristate 107401e4238SHerbert Xu select CRYPTO_DRBG_MENU 108401e4238SHerbert Xu 1093c339ab8STadeusz Strukconfig CRYPTO_AKCIPHER2 1103c339ab8STadeusz Struk tristate 1113c339ab8STadeusz Struk select CRYPTO_ALGAPI2 1123c339ab8STadeusz Struk 1133c339ab8STadeusz Strukconfig CRYPTO_AKCIPHER 1143c339ab8STadeusz Struk tristate 1153c339ab8STadeusz Struk select CRYPTO_AKCIPHER2 1163c339ab8STadeusz Struk select CRYPTO_ALGAPI 1173c339ab8STadeusz Struk 1184e5f2c40SSalvatore Benedettoconfig CRYPTO_KPP2 1194e5f2c40SSalvatore Benedetto tristate 1204e5f2c40SSalvatore Benedetto select CRYPTO_ALGAPI2 1214e5f2c40SSalvatore Benedetto 1224e5f2c40SSalvatore Benedettoconfig CRYPTO_KPP 1234e5f2c40SSalvatore Benedetto tristate 1244e5f2c40SSalvatore Benedetto select CRYPTO_ALGAPI 1254e5f2c40SSalvatore Benedetto select CRYPTO_KPP2 1264e5f2c40SSalvatore Benedetto 1272ebda74fSGiovanni Cabidduconfig CRYPTO_ACOMP2 1282ebda74fSGiovanni Cabiddu tristate 1292ebda74fSGiovanni Cabiddu select CRYPTO_ALGAPI2 1308cd579d2SBart Van Assche select SGL_ALLOC 1312ebda74fSGiovanni Cabiddu 1322ebda74fSGiovanni Cabidduconfig CRYPTO_ACOMP 1332ebda74fSGiovanni Cabiddu tristate 1342ebda74fSGiovanni Cabiddu select CRYPTO_ALGAPI 1352ebda74fSGiovanni Cabiddu select CRYPTO_ACOMP2 1362ebda74fSGiovanni Cabiddu 1372b8c19dbSHerbert Xuconfig CRYPTO_MANAGER 1382b8c19dbSHerbert Xu tristate "Cryptographic algorithm manager" 1396a0fcbb4SHerbert Xu select CRYPTO_MANAGER2 1402b8c19dbSHerbert Xu help 1412b8c19dbSHerbert Xu Create default cryptographic template instantiations such as 1422b8c19dbSHerbert Xu cbc(aes). 1432b8c19dbSHerbert Xu 1446a0fcbb4SHerbert Xuconfig CRYPTO_MANAGER2 1456a0fcbb4SHerbert Xu def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 1466a0fcbb4SHerbert Xu select CRYPTO_AEAD2 1476a0fcbb4SHerbert Xu select CRYPTO_HASH2 148b95bba5dSEric Biggers select CRYPTO_SKCIPHER2 149946cc463STadeusz Struk select CRYPTO_AKCIPHER2 1504e5f2c40SSalvatore Benedetto select CRYPTO_KPP2 1512ebda74fSGiovanni Cabiddu select CRYPTO_ACOMP2 1526a0fcbb4SHerbert Xu 153a38f7907SSteffen Klassertconfig CRYPTO_USER 154a38f7907SSteffen Klassert tristate "Userspace cryptographic algorithm configuration" 1555db017aaSHerbert Xu depends on NET 156a38f7907SSteffen Klassert select CRYPTO_MANAGER 157a38f7907SSteffen Klassert help 158d19978f5SValdis.Kletnieks@vt.edu Userspace configuration for cryptographic instantiations such as 159a38f7907SSteffen Klassert cbc(aes). 160a38f7907SSteffen Klassert 161326a6346SHerbert Xuconfig CRYPTO_MANAGER_DISABLE_TESTS 162326a6346SHerbert Xu bool "Disable run-time self tests" 16300ca28a5SHerbert Xu default y 1640b767f96SAlexander Shishkin help 165326a6346SHerbert Xu Disable run-time self tests that normally take place at 166326a6346SHerbert Xu algorithm registration. 1670b767f96SAlexander Shishkin 1685b2706a4SEric Biggersconfig CRYPTO_MANAGER_EXTRA_TESTS 1695b2706a4SEric Biggers bool "Enable extra run-time crypto self tests" 1706569e309SJason A. Donenfeld depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER 1715b2706a4SEric Biggers help 1725b2706a4SEric Biggers Enable extra run-time self tests of registered crypto algorithms, 1735b2706a4SEric Biggers including randomized fuzz tests. 1745b2706a4SEric Biggers 1755b2706a4SEric Biggers This is intended for developer use only, as these tests take much 1765b2706a4SEric Biggers longer to run than the normal self tests. 1775b2706a4SEric Biggers 178584fffc8SSebastian Siewiorconfig CRYPTO_GF128MUL 179e590e132SEric Biggers tristate 180584fffc8SSebastian Siewior 181584fffc8SSebastian Siewiorconfig CRYPTO_NULL 182584fffc8SSebastian Siewior tristate "Null algorithms" 183149a3971SHerbert Xu select CRYPTO_NULL2 184584fffc8SSebastian Siewior help 185584fffc8SSebastian Siewior These are 'Null' algorithms, used by IPsec, which do nothing. 186584fffc8SSebastian Siewior 187149a3971SHerbert Xuconfig CRYPTO_NULL2 188dd43c4e9SHerbert Xu tristate 189149a3971SHerbert Xu select CRYPTO_ALGAPI2 190b95bba5dSEric Biggers select CRYPTO_SKCIPHER2 191149a3971SHerbert Xu select CRYPTO_HASH2 192149a3971SHerbert Xu 1935068c7a8SSteffen Klassertconfig CRYPTO_PCRYPT 1943b4afaf2SKees Cook tristate "Parallel crypto engine" 1953b4afaf2SKees Cook depends on SMP 1965068c7a8SSteffen Klassert select PADATA 1975068c7a8SSteffen Klassert select CRYPTO_MANAGER 1985068c7a8SSteffen Klassert select CRYPTO_AEAD 1995068c7a8SSteffen Klassert help 2005068c7a8SSteffen Klassert This converts an arbitrary crypto algorithm into a parallel 2015068c7a8SSteffen Klassert algorithm that executes in kernel threads. 2025068c7a8SSteffen Klassert 203584fffc8SSebastian Siewiorconfig CRYPTO_CRYPTD 204584fffc8SSebastian Siewior tristate "Software async crypto daemon" 205b95bba5dSEric Biggers select CRYPTO_SKCIPHER 206b8a28251SLoc Ho select CRYPTO_HASH 207584fffc8SSebastian Siewior select CRYPTO_MANAGER 208584fffc8SSebastian Siewior help 209584fffc8SSebastian Siewior This is a generic software asynchronous crypto daemon that 210584fffc8SSebastian Siewior converts an arbitrary synchronous software crypto algorithm 211584fffc8SSebastian Siewior into an asynchronous algorithm that executes in a kernel thread. 212584fffc8SSebastian Siewior 213584fffc8SSebastian Siewiorconfig CRYPTO_AUTHENC 214584fffc8SSebastian Siewior tristate "Authenc support" 215584fffc8SSebastian Siewior select CRYPTO_AEAD 216b95bba5dSEric Biggers select CRYPTO_SKCIPHER 217584fffc8SSebastian Siewior select CRYPTO_MANAGER 218584fffc8SSebastian Siewior select CRYPTO_HASH 219e94c6a7aSHerbert Xu select CRYPTO_NULL 220584fffc8SSebastian Siewior help 221584fffc8SSebastian Siewior Authenc: Combined mode wrapper for IPsec. 222584fffc8SSebastian Siewior This is required for IPSec. 223584fffc8SSebastian Siewior 224584fffc8SSebastian Siewiorconfig CRYPTO_TEST 225584fffc8SSebastian Siewior tristate "Testing module" 22600ea27f1SArd Biesheuvel depends on m || EXPERT 227da7f033dSHerbert Xu select CRYPTO_MANAGER 228584fffc8SSebastian Siewior help 229584fffc8SSebastian Siewior Quick & dirty crypto test module. 230584fffc8SSebastian Siewior 231266d0516SHerbert Xuconfig CRYPTO_SIMD 232266d0516SHerbert Xu tristate 233266d0516SHerbert Xu select CRYPTO_CRYPTD 234266d0516SHerbert Xu 235735d37b5SBaolin Wangconfig CRYPTO_ENGINE 236735d37b5SBaolin Wang tristate 237735d37b5SBaolin Wang 2383d6228a5SVitaly Chikunovcomment "Public-key cryptography" 2393d6228a5SVitaly Chikunov 2403d6228a5SVitaly Chikunovconfig CRYPTO_RSA 2413d6228a5SVitaly Chikunov tristate "RSA algorithm" 2423d6228a5SVitaly Chikunov select CRYPTO_AKCIPHER 2433d6228a5SVitaly Chikunov select CRYPTO_MANAGER 2443d6228a5SVitaly Chikunov select MPILIB 2453d6228a5SVitaly Chikunov select ASN1 2463d6228a5SVitaly Chikunov help 2473d6228a5SVitaly Chikunov Generic implementation of the RSA public key algorithm. 2483d6228a5SVitaly Chikunov 2493d6228a5SVitaly Chikunovconfig CRYPTO_DH 2503d6228a5SVitaly Chikunov tristate "Diffie-Hellman algorithm" 2513d6228a5SVitaly Chikunov select CRYPTO_KPP 2523d6228a5SVitaly Chikunov select MPILIB 2533d6228a5SVitaly Chikunov help 2543d6228a5SVitaly Chikunov Generic implementation of the Diffie-Hellman algorithm. 2553d6228a5SVitaly Chikunov 2567dce5981SNicolai Stangeconfig CRYPTO_DH_RFC7919_GROUPS 2577dce5981SNicolai Stange bool "Support for RFC 7919 FFDHE group parameters" 2587dce5981SNicolai Stange depends on CRYPTO_DH 2591e207964SNicolai Stange select CRYPTO_RNG_DEFAULT 2607dce5981SNicolai Stange help 2617dce5981SNicolai Stange Provide support for RFC 7919 FFDHE group parameters. If unsure, say N. 2627dce5981SNicolai Stange 2634a2289daSVitaly Chikunovconfig CRYPTO_ECC 2644a2289daSVitaly Chikunov tristate 26538aa192aSArnd Bergmann select CRYPTO_RNG_DEFAULT 2664a2289daSVitaly Chikunov 2673d6228a5SVitaly Chikunovconfig CRYPTO_ECDH 2683d6228a5SVitaly Chikunov tristate "ECDH algorithm" 2694a2289daSVitaly Chikunov select CRYPTO_ECC 2703d6228a5SVitaly Chikunov select CRYPTO_KPP 2713d6228a5SVitaly Chikunov help 2723d6228a5SVitaly Chikunov Generic implementation of the ECDH algorithm 2733d6228a5SVitaly Chikunov 2744e660291SStefan Bergerconfig CRYPTO_ECDSA 2754e660291SStefan Berger tristate "ECDSA (NIST P192, P256 etc.) algorithm" 2764e660291SStefan Berger select CRYPTO_ECC 2774e660291SStefan Berger select CRYPTO_AKCIPHER 2784e660291SStefan Berger select ASN1 2794e660291SStefan Berger help 2804e660291SStefan Berger Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.) 2814e660291SStefan Berger is A NIST cryptographic standard algorithm. Only signature verification 2824e660291SStefan Berger is implemented. 2834e660291SStefan Berger 2840d7a7864SVitaly Chikunovconfig CRYPTO_ECRDSA 2850d7a7864SVitaly Chikunov tristate "EC-RDSA (GOST 34.10) algorithm" 2860d7a7864SVitaly Chikunov select CRYPTO_ECC 2870d7a7864SVitaly Chikunov select CRYPTO_AKCIPHER 2880d7a7864SVitaly Chikunov select CRYPTO_STREEBOG 2891036633eSVitaly Chikunov select OID_REGISTRY 2901036633eSVitaly Chikunov select ASN1 2910d7a7864SVitaly Chikunov help 2920d7a7864SVitaly Chikunov Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 2930d7a7864SVitaly Chikunov RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic 2940d7a7864SVitaly Chikunov standard algorithms (called GOST algorithms). Only signature verification 2950d7a7864SVitaly Chikunov is implemented. 2960d7a7864SVitaly Chikunov 297ea7ecb66STianjia Zhangconfig CRYPTO_SM2 298ea7ecb66STianjia Zhang tristate "SM2 algorithm" 299d2825fa9SJason A. Donenfeld select CRYPTO_SM3 300ea7ecb66STianjia Zhang select CRYPTO_AKCIPHER 301ea7ecb66STianjia Zhang select CRYPTO_MANAGER 302ea7ecb66STianjia Zhang select MPILIB 303ea7ecb66STianjia Zhang select ASN1 304ea7ecb66STianjia Zhang help 305ea7ecb66STianjia Zhang Generic implementation of the SM2 public key algorithm. It was 306ea7ecb66STianjia Zhang published by State Encryption Management Bureau, China. 307ea7ecb66STianjia Zhang as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012. 308ea7ecb66STianjia Zhang 309ea7ecb66STianjia Zhang References: 310ea7ecb66STianjia Zhang https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 311ea7ecb66STianjia Zhang http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml 312ea7ecb66STianjia Zhang http://www.gmbz.org.cn/main/bzlb.html 313ea7ecb66STianjia Zhang 314ee772cb6SArd Biesheuvelconfig CRYPTO_CURVE25519 315ee772cb6SArd Biesheuvel tristate "Curve25519 algorithm" 316ee772cb6SArd Biesheuvel select CRYPTO_KPP 317ee772cb6SArd Biesheuvel select CRYPTO_LIB_CURVE25519_GENERIC 318ee772cb6SArd Biesheuvel 319bb611bdfSJason A. Donenfeldconfig CRYPTO_CURVE25519_X86 320bb611bdfSJason A. Donenfeld tristate "x86_64 accelerated Curve25519 scalar multiplication library" 321bb611bdfSJason A. Donenfeld depends on X86 && 64BIT 322bb611bdfSJason A. Donenfeld select CRYPTO_LIB_CURVE25519_GENERIC 323bb611bdfSJason A. Donenfeld select CRYPTO_ARCH_HAVE_LIB_CURVE25519 324bb611bdfSJason A. Donenfeld 325584fffc8SSebastian Siewiorcomment "Authenticated Encryption with Associated Data" 326584fffc8SSebastian Siewior 327584fffc8SSebastian Siewiorconfig CRYPTO_CCM 328584fffc8SSebastian Siewior tristate "CCM support" 329584fffc8SSebastian Siewior select CRYPTO_CTR 330f15f05b0SArd Biesheuvel select CRYPTO_HASH 331584fffc8SSebastian Siewior select CRYPTO_AEAD 332c8a3315aSEric Biggers select CRYPTO_MANAGER 333584fffc8SSebastian Siewior help 334584fffc8SSebastian Siewior Support for Counter with CBC MAC. Required for IPsec. 335584fffc8SSebastian Siewior 336584fffc8SSebastian Siewiorconfig CRYPTO_GCM 337584fffc8SSebastian Siewior tristate "GCM/GMAC support" 338584fffc8SSebastian Siewior select CRYPTO_CTR 339584fffc8SSebastian Siewior select CRYPTO_AEAD 3409382d97aSHuang Ying select CRYPTO_GHASH 3419489667dSJussi Kivilinna select CRYPTO_NULL 342c8a3315aSEric Biggers select CRYPTO_MANAGER 343584fffc8SSebastian Siewior help 344584fffc8SSebastian Siewior Support for Galois/Counter Mode (GCM) and Galois Message 345584fffc8SSebastian Siewior Authentication Code (GMAC). Required for IPSec. 346584fffc8SSebastian Siewior 34771ebc4d1SMartin Williconfig CRYPTO_CHACHA20POLY1305 34871ebc4d1SMartin Willi tristate "ChaCha20-Poly1305 AEAD support" 34971ebc4d1SMartin Willi select CRYPTO_CHACHA20 35071ebc4d1SMartin Willi select CRYPTO_POLY1305 35171ebc4d1SMartin Willi select CRYPTO_AEAD 352c8a3315aSEric Biggers select CRYPTO_MANAGER 35371ebc4d1SMartin Willi help 35471ebc4d1SMartin Willi ChaCha20-Poly1305 AEAD support, RFC7539. 35571ebc4d1SMartin Willi 35671ebc4d1SMartin Willi Support for the AEAD wrapper using the ChaCha20 stream cipher combined 35771ebc4d1SMartin Willi with the Poly1305 authenticator. It is defined in RFC7539 for use in 35871ebc4d1SMartin Willi IETF protocols. 35971ebc4d1SMartin Willi 360f606a88eSOndrej Mosnacekconfig CRYPTO_AEGIS128 361f606a88eSOndrej Mosnacek tristate "AEGIS-128 AEAD algorithm" 362f606a88eSOndrej Mosnacek select CRYPTO_AEAD 363f606a88eSOndrej Mosnacek select CRYPTO_AES # for AES S-box tables 364f606a88eSOndrej Mosnacek help 365f606a88eSOndrej Mosnacek Support for the AEGIS-128 dedicated AEAD algorithm. 366f606a88eSOndrej Mosnacek 367a4397635SArd Biesheuvelconfig CRYPTO_AEGIS128_SIMD 368a4397635SArd Biesheuvel bool "Support SIMD acceleration for AEGIS-128" 369a4397635SArd Biesheuvel depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) 370a4397635SArd Biesheuvel default y 371a4397635SArd Biesheuvel 3721d373d4eSOndrej Mosnacekconfig CRYPTO_AEGIS128_AESNI_SSE2 3731d373d4eSOndrej Mosnacek tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 3741d373d4eSOndrej Mosnacek depends on X86 && 64BIT 3751d373d4eSOndrej Mosnacek select CRYPTO_AEAD 376de272ca7SEric Biggers select CRYPTO_SIMD 3771d373d4eSOndrej Mosnacek help 3784e5180ebSOndrej Mosnacek AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm. 3791d373d4eSOndrej Mosnacek 380584fffc8SSebastian Siewiorconfig CRYPTO_SEQIV 381584fffc8SSebastian Siewior tristate "Sequence Number IV Generator" 382584fffc8SSebastian Siewior select CRYPTO_AEAD 383b95bba5dSEric Biggers select CRYPTO_SKCIPHER 384856e3f40SHerbert Xu select CRYPTO_NULL 385401e4238SHerbert Xu select CRYPTO_RNG_DEFAULT 386c8a3315aSEric Biggers select CRYPTO_MANAGER 387584fffc8SSebastian Siewior help 388584fffc8SSebastian Siewior This IV generator generates an IV based on a sequence number by 389584fffc8SSebastian Siewior xoring it with a salt. This algorithm is mainly useful for CTR 390584fffc8SSebastian Siewior 391a10f554fSHerbert Xuconfig CRYPTO_ECHAINIV 392a10f554fSHerbert Xu tristate "Encrypted Chain IV Generator" 393a10f554fSHerbert Xu select CRYPTO_AEAD 394a10f554fSHerbert Xu select CRYPTO_NULL 395401e4238SHerbert Xu select CRYPTO_RNG_DEFAULT 396c8a3315aSEric Biggers select CRYPTO_MANAGER 397a10f554fSHerbert Xu help 398a10f554fSHerbert Xu This IV generator generates an IV based on the encryption of 399a10f554fSHerbert Xu a sequence number xored with a salt. This is the default 400a10f554fSHerbert Xu algorithm for CBC. 401a10f554fSHerbert Xu 402584fffc8SSebastian Siewiorcomment "Block modes" 403584fffc8SSebastian Siewior 404584fffc8SSebastian Siewiorconfig CRYPTO_CBC 405584fffc8SSebastian Siewior tristate "CBC support" 406b95bba5dSEric Biggers select CRYPTO_SKCIPHER 407584fffc8SSebastian Siewior select CRYPTO_MANAGER 408584fffc8SSebastian Siewior help 409584fffc8SSebastian Siewior CBC: Cipher Block Chaining mode 410584fffc8SSebastian Siewior This block cipher algorithm is required for IPSec. 411584fffc8SSebastian Siewior 412a7d85e06SJames Bottomleyconfig CRYPTO_CFB 413a7d85e06SJames Bottomley tristate "CFB support" 414b95bba5dSEric Biggers select CRYPTO_SKCIPHER 415a7d85e06SJames Bottomley select CRYPTO_MANAGER 416a7d85e06SJames Bottomley help 417a7d85e06SJames Bottomley CFB: Cipher FeedBack mode 418a7d85e06SJames Bottomley This block cipher algorithm is required for TPM2 Cryptography. 419a7d85e06SJames Bottomley 420584fffc8SSebastian Siewiorconfig CRYPTO_CTR 421584fffc8SSebastian Siewior tristate "CTR support" 422b95bba5dSEric Biggers select CRYPTO_SKCIPHER 423584fffc8SSebastian Siewior select CRYPTO_MANAGER 424584fffc8SSebastian Siewior help 425584fffc8SSebastian Siewior CTR: Counter mode 426584fffc8SSebastian Siewior This block cipher algorithm is required for IPSec. 427584fffc8SSebastian Siewior 428584fffc8SSebastian Siewiorconfig CRYPTO_CTS 429584fffc8SSebastian Siewior tristate "CTS support" 430b95bba5dSEric Biggers select CRYPTO_SKCIPHER 431c8a3315aSEric Biggers select CRYPTO_MANAGER 432584fffc8SSebastian Siewior help 433584fffc8SSebastian Siewior CTS: Cipher Text Stealing 434584fffc8SSebastian Siewior This is the Cipher Text Stealing mode as described by 435ecd6d5c9SGilad Ben-Yossef Section 8 of rfc2040 and referenced by rfc3962 436ecd6d5c9SGilad Ben-Yossef (rfc3962 includes errata information in its Appendix A) or 437ecd6d5c9SGilad Ben-Yossef CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. 438584fffc8SSebastian Siewior This mode is required for Kerberos gss mechanism support 439584fffc8SSebastian Siewior for AES encryption. 440584fffc8SSebastian Siewior 441ecd6d5c9SGilad Ben-Yossef See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final 442ecd6d5c9SGilad Ben-Yossef 443584fffc8SSebastian Siewiorconfig CRYPTO_ECB 444584fffc8SSebastian Siewior tristate "ECB support" 445b95bba5dSEric Biggers select CRYPTO_SKCIPHER 446584fffc8SSebastian Siewior select CRYPTO_MANAGER 447584fffc8SSebastian Siewior help 448584fffc8SSebastian Siewior ECB: Electronic CodeBook mode 449584fffc8SSebastian Siewior This is the simplest block cipher algorithm. It simply encrypts 450584fffc8SSebastian Siewior the input block by block. 451584fffc8SSebastian Siewior 452584fffc8SSebastian Siewiorconfig CRYPTO_LRW 4532470a2b2SJussi Kivilinna tristate "LRW support" 454b95bba5dSEric Biggers select CRYPTO_SKCIPHER 455584fffc8SSebastian Siewior select CRYPTO_MANAGER 456584fffc8SSebastian Siewior select CRYPTO_GF128MUL 457f60bbbbeSHerbert Xu select CRYPTO_ECB 458584fffc8SSebastian Siewior help 459584fffc8SSebastian Siewior LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 460584fffc8SSebastian Siewior narrow block cipher mode for dm-crypt. Use it with cipher 461584fffc8SSebastian Siewior specification string aes-lrw-benbi, the key must be 256, 320 or 384. 462584fffc8SSebastian Siewior The first 128, 192 or 256 bits in the key are used for AES and the 463584fffc8SSebastian Siewior rest is used to tie each cipher block to its logical position. 464584fffc8SSebastian Siewior 465e497c518SGilad Ben-Yossefconfig CRYPTO_OFB 466e497c518SGilad Ben-Yossef tristate "OFB support" 467b95bba5dSEric Biggers select CRYPTO_SKCIPHER 468e497c518SGilad Ben-Yossef select CRYPTO_MANAGER 469e497c518SGilad Ben-Yossef help 470e497c518SGilad Ben-Yossef OFB: the Output Feedback mode makes a block cipher into a synchronous 471e497c518SGilad Ben-Yossef stream cipher. It generates keystream blocks, which are then XORed 472e497c518SGilad Ben-Yossef with the plaintext blocks to get the ciphertext. Flipping a bit in the 473e497c518SGilad Ben-Yossef ciphertext produces a flipped bit in the plaintext at the same 474e497c518SGilad Ben-Yossef location. This property allows many error correcting codes to function 475e497c518SGilad Ben-Yossef normally even when applied before encryption. 476e497c518SGilad Ben-Yossef 477584fffc8SSebastian Siewiorconfig CRYPTO_PCBC 478584fffc8SSebastian Siewior tristate "PCBC support" 479b95bba5dSEric Biggers select CRYPTO_SKCIPHER 480584fffc8SSebastian Siewior select CRYPTO_MANAGER 481584fffc8SSebastian Siewior help 482584fffc8SSebastian Siewior PCBC: Propagating Cipher Block Chaining mode 483584fffc8SSebastian Siewior This block cipher algorithm is required for RxRPC. 484584fffc8SSebastian Siewior 48517fee07aSNathan Huckleberryconfig CRYPTO_XCTR 48617fee07aSNathan Huckleberry tristate 48717fee07aSNathan Huckleberry select CRYPTO_SKCIPHER 48817fee07aSNathan Huckleberry select CRYPTO_MANAGER 48917fee07aSNathan Huckleberry help 49017fee07aSNathan Huckleberry XCTR: XOR Counter mode. This blockcipher mode is a variant of CTR mode 49117fee07aSNathan Huckleberry using XORs and little-endian addition rather than big-endian arithmetic. 49217fee07aSNathan Huckleberry XCTR mode is used to implement HCTR2. 49317fee07aSNathan Huckleberry 494584fffc8SSebastian Siewiorconfig CRYPTO_XTS 4955bcf8e6dSJussi Kivilinna tristate "XTS support" 496b95bba5dSEric Biggers select CRYPTO_SKCIPHER 497584fffc8SSebastian Siewior select CRYPTO_MANAGER 49812cb3a1cSMilan Broz select CRYPTO_ECB 499584fffc8SSebastian Siewior help 500584fffc8SSebastian Siewior XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 501584fffc8SSebastian Siewior key size 256, 384 or 512 bits. This implementation currently 502584fffc8SSebastian Siewior can't handle a sectorsize which is not a multiple of 16 bytes. 503584fffc8SSebastian Siewior 5041c49678eSStephan Muellerconfig CRYPTO_KEYWRAP 5051c49678eSStephan Mueller tristate "Key wrapping support" 506b95bba5dSEric Biggers select CRYPTO_SKCIPHER 507c8a3315aSEric Biggers select CRYPTO_MANAGER 5081c49678eSStephan Mueller help 5091c49678eSStephan Mueller Support for key wrapping (NIST SP800-38F / RFC3394) without 5101c49678eSStephan Mueller padding. 5111c49678eSStephan Mueller 51226609a21SEric Biggersconfig CRYPTO_NHPOLY1305 51326609a21SEric Biggers tristate 51426609a21SEric Biggers select CRYPTO_HASH 51548ea8c6eSArd Biesheuvel select CRYPTO_LIB_POLY1305_GENERIC 51626609a21SEric Biggers 517012c8238SEric Biggersconfig CRYPTO_NHPOLY1305_SSE2 518012c8238SEric Biggers tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)" 519012c8238SEric Biggers depends on X86 && 64BIT 520012c8238SEric Biggers select CRYPTO_NHPOLY1305 521012c8238SEric Biggers help 522012c8238SEric Biggers SSE2 optimized implementation of the hash function used by the 523012c8238SEric Biggers Adiantum encryption mode. 524012c8238SEric Biggers 5250f961f9fSEric Biggersconfig CRYPTO_NHPOLY1305_AVX2 5260f961f9fSEric Biggers tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)" 5270f961f9fSEric Biggers depends on X86 && 64BIT 5280f961f9fSEric Biggers select CRYPTO_NHPOLY1305 5290f961f9fSEric Biggers help 5300f961f9fSEric Biggers AVX2 optimized implementation of the hash function used by the 5310f961f9fSEric Biggers Adiantum encryption mode. 5320f961f9fSEric Biggers 533059c2a4dSEric Biggersconfig CRYPTO_ADIANTUM 534059c2a4dSEric Biggers tristate "Adiantum support" 535059c2a4dSEric Biggers select CRYPTO_CHACHA20 53648ea8c6eSArd Biesheuvel select CRYPTO_LIB_POLY1305_GENERIC 537059c2a4dSEric Biggers select CRYPTO_NHPOLY1305 538c8a3315aSEric Biggers select CRYPTO_MANAGER 539059c2a4dSEric Biggers help 540059c2a4dSEric Biggers Adiantum is a tweakable, length-preserving encryption mode 541059c2a4dSEric Biggers designed for fast and secure disk encryption, especially on 542059c2a4dSEric Biggers CPUs without dedicated crypto instructions. It encrypts 543059c2a4dSEric Biggers each sector using the XChaCha12 stream cipher, two passes of 544059c2a4dSEric Biggers an ε-almost-∆-universal hash function, and an invocation of 545059c2a4dSEric Biggers the AES-256 block cipher on a single 16-byte block. On CPUs 546059c2a4dSEric Biggers without AES instructions, Adiantum is much faster than 547059c2a4dSEric Biggers AES-XTS. 548059c2a4dSEric Biggers 549059c2a4dSEric Biggers Adiantum's security is provably reducible to that of its 550059c2a4dSEric Biggers underlying stream and block ciphers, subject to a security 551059c2a4dSEric Biggers bound. Unlike XTS, Adiantum is a true wide-block encryption 552059c2a4dSEric Biggers mode, so it actually provides an even stronger notion of 553059c2a4dSEric Biggers security than XTS, subject to the security bound. 554059c2a4dSEric Biggers 555059c2a4dSEric Biggers If unsure, say N. 556059c2a4dSEric Biggers 5577ff554ceSNathan Huckleberryconfig CRYPTO_HCTR2 5587ff554ceSNathan Huckleberry tristate "HCTR2 support" 5597ff554ceSNathan Huckleberry select CRYPTO_XCTR 5607ff554ceSNathan Huckleberry select CRYPTO_POLYVAL 5617ff554ceSNathan Huckleberry select CRYPTO_MANAGER 5627ff554ceSNathan Huckleberry help 5637ff554ceSNathan Huckleberry HCTR2 is a length-preserving encryption mode for storage encryption that 5647ff554ceSNathan Huckleberry is efficient on processors with instructions to accelerate AES and 5657ff554ceSNathan Huckleberry carryless multiplication, e.g. x86 processors with AES-NI and CLMUL, and 5667ff554ceSNathan Huckleberry ARM processors with the ARMv8 crypto extensions. 5677ff554ceSNathan Huckleberry 568be1eb7f7SArd Biesheuvelconfig CRYPTO_ESSIV 569be1eb7f7SArd Biesheuvel tristate "ESSIV support for block encryption" 570be1eb7f7SArd Biesheuvel select CRYPTO_AUTHENC 571be1eb7f7SArd Biesheuvel help 572be1eb7f7SArd Biesheuvel Encrypted salt-sector initialization vector (ESSIV) is an IV 573be1eb7f7SArd Biesheuvel generation method that is used in some cases by fscrypt and/or 574be1eb7f7SArd Biesheuvel dm-crypt. It uses the hash of the block encryption key as the 575be1eb7f7SArd Biesheuvel symmetric key for a block encryption pass applied to the input 576be1eb7f7SArd Biesheuvel IV, making low entropy IV sources more suitable for block 577be1eb7f7SArd Biesheuvel encryption. 578be1eb7f7SArd Biesheuvel 579be1eb7f7SArd Biesheuvel This driver implements a crypto API template that can be 580ab3d436bSGeert Uytterhoeven instantiated either as an skcipher or as an AEAD (depending on the 581be1eb7f7SArd Biesheuvel type of the first template argument), and which defers encryption 582be1eb7f7SArd Biesheuvel and decryption requests to the encapsulated cipher after applying 583ab3d436bSGeert Uytterhoeven ESSIV to the input IV. Note that in the AEAD case, it is assumed 584be1eb7f7SArd Biesheuvel that the keys are presented in the same format used by the authenc 585be1eb7f7SArd Biesheuvel template, and that the IV appears at the end of the authenticated 586be1eb7f7SArd Biesheuvel associated data (AAD) region (which is how dm-crypt uses it.) 587be1eb7f7SArd Biesheuvel 588be1eb7f7SArd Biesheuvel Note that the use of ESSIV is not recommended for new deployments, 589be1eb7f7SArd Biesheuvel and so this only needs to be enabled when interoperability with 590be1eb7f7SArd Biesheuvel existing encrypted volumes of filesystems is required, or when 591be1eb7f7SArd Biesheuvel building for a particular system that requires it (e.g., when 592be1eb7f7SArd Biesheuvel the SoC in question has accelerated CBC but not XTS, making CBC 593be1eb7f7SArd Biesheuvel combined with ESSIV the only feasible mode for h/w accelerated 594be1eb7f7SArd Biesheuvel block encryption) 595be1eb7f7SArd Biesheuvel 596584fffc8SSebastian Siewiorcomment "Hash modes" 597584fffc8SSebastian Siewior 59893b5e86aSJussi Kivilinnaconfig CRYPTO_CMAC 59993b5e86aSJussi Kivilinna tristate "CMAC support" 60093b5e86aSJussi Kivilinna select CRYPTO_HASH 60193b5e86aSJussi Kivilinna select CRYPTO_MANAGER 60293b5e86aSJussi Kivilinna help 60393b5e86aSJussi Kivilinna Cipher-based Message Authentication Code (CMAC) specified by 60493b5e86aSJussi Kivilinna The National Institute of Standards and Technology (NIST). 60593b5e86aSJussi Kivilinna 60693b5e86aSJussi Kivilinna https://tools.ietf.org/html/rfc4493 60793b5e86aSJussi Kivilinna http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 60893b5e86aSJussi Kivilinna 6091da177e4SLinus Torvaldsconfig CRYPTO_HMAC 6108425165dSHerbert Xu tristate "HMAC support" 6110796ae06SHerbert Xu select CRYPTO_HASH 61243518407SHerbert Xu select CRYPTO_MANAGER 6131da177e4SLinus Torvalds help 6141da177e4SLinus Torvalds HMAC: Keyed-Hashing for Message Authentication (RFC2104). 6151da177e4SLinus Torvalds This is required for IPSec. 6161da177e4SLinus Torvalds 617333b0d7eSKazunori MIYAZAWAconfig CRYPTO_XCBC 618333b0d7eSKazunori MIYAZAWA tristate "XCBC support" 619333b0d7eSKazunori MIYAZAWA select CRYPTO_HASH 620333b0d7eSKazunori MIYAZAWA select CRYPTO_MANAGER 621333b0d7eSKazunori MIYAZAWA help 622333b0d7eSKazunori MIYAZAWA XCBC: Keyed-Hashing with encryption algorithm 6239332a9e7SAlexander A. Klimov https://www.ietf.org/rfc/rfc3566.txt 624333b0d7eSKazunori MIYAZAWA http://csrc.nist.gov/encryption/modes/proposedmodes/ 625333b0d7eSKazunori MIYAZAWA xcbc-mac/xcbc-mac-spec.pdf 626333b0d7eSKazunori MIYAZAWA 627f1939f7cSShane Wangconfig CRYPTO_VMAC 628f1939f7cSShane Wang tristate "VMAC support" 629f1939f7cSShane Wang select CRYPTO_HASH 630f1939f7cSShane Wang select CRYPTO_MANAGER 631f1939f7cSShane Wang help 632f1939f7cSShane Wang VMAC is a message authentication algorithm designed for 633f1939f7cSShane Wang very high speed on 64-bit architectures. 634f1939f7cSShane Wang 635f1939f7cSShane Wang See also: 6369332a9e7SAlexander A. Klimov <https://fastcrypto.org/vmac> 637f1939f7cSShane Wang 638584fffc8SSebastian Siewiorcomment "Digest" 639584fffc8SSebastian Siewior 640584fffc8SSebastian Siewiorconfig CRYPTO_CRC32C 641584fffc8SSebastian Siewior tristate "CRC32c CRC algorithm" 6425773a3e6SHerbert Xu select CRYPTO_HASH 6436a0962b2SDarrick J. Wong select CRC32 6441da177e4SLinus Torvalds help 645584fffc8SSebastian Siewior Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 646584fffc8SSebastian Siewior by iSCSI for header and data digests and by others. 64769c35efcSHerbert Xu See Castagnoli93. Module will be crc32c. 6481da177e4SLinus Torvalds 6498cb51ba8SAustin Zhangconfig CRYPTO_CRC32C_INTEL 6508cb51ba8SAustin Zhang tristate "CRC32c INTEL hardware acceleration" 6518cb51ba8SAustin Zhang depends on X86 6528cb51ba8SAustin Zhang select CRYPTO_HASH 6538cb51ba8SAustin Zhang help 6548cb51ba8SAustin Zhang In Intel processor with SSE4.2 supported, the processor will 6558cb51ba8SAustin Zhang support CRC32C implementation using hardware accelerated CRC32 6568cb51ba8SAustin Zhang instruction. This option will create 'crc32c-intel' module, 6578cb51ba8SAustin Zhang which will enable any routine to use the CRC32 instruction to 6588cb51ba8SAustin Zhang gain performance compared with software implementation. 6598cb51ba8SAustin Zhang Module will be crc32c-intel. 6608cb51ba8SAustin Zhang 6617cf31864SJean Delvareconfig CRYPTO_CRC32C_VPMSUM 6626dd7a82cSAnton Blanchard tristate "CRC32c CRC algorithm (powerpc64)" 663c12abf34SMichael Ellerman depends on PPC64 && ALTIVEC 6646dd7a82cSAnton Blanchard select CRYPTO_HASH 6656dd7a82cSAnton Blanchard select CRC32 6666dd7a82cSAnton Blanchard help 6676dd7a82cSAnton Blanchard CRC32c algorithm implemented using vector polynomial multiply-sum 6686dd7a82cSAnton Blanchard (vpmsum) instructions, introduced in POWER8. Enable on POWER8 6696dd7a82cSAnton Blanchard and newer processors for improved performance. 6706dd7a82cSAnton Blanchard 6716dd7a82cSAnton Blanchard 672442a7c40SDavid S. Millerconfig CRYPTO_CRC32C_SPARC64 673442a7c40SDavid S. Miller tristate "CRC32c CRC algorithm (SPARC64)" 674442a7c40SDavid S. Miller depends on SPARC64 675442a7c40SDavid S. Miller select CRYPTO_HASH 676442a7c40SDavid S. Miller select CRC32 677442a7c40SDavid S. Miller help 678442a7c40SDavid S. Miller CRC32c CRC algorithm implemented using sparc64 crypto instructions, 679442a7c40SDavid S. Miller when available. 680442a7c40SDavid S. Miller 68178c37d19SAlexander Boykoconfig CRYPTO_CRC32 68278c37d19SAlexander Boyko tristate "CRC32 CRC algorithm" 68378c37d19SAlexander Boyko select CRYPTO_HASH 68478c37d19SAlexander Boyko select CRC32 68578c37d19SAlexander Boyko help 68678c37d19SAlexander Boyko CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 68778c37d19SAlexander Boyko Shash crypto api wrappers to crc32_le function. 68878c37d19SAlexander Boyko 68978c37d19SAlexander Boykoconfig CRYPTO_CRC32_PCLMUL 69078c37d19SAlexander Boyko tristate "CRC32 PCLMULQDQ hardware acceleration" 69178c37d19SAlexander Boyko depends on X86 69278c37d19SAlexander Boyko select CRYPTO_HASH 69378c37d19SAlexander Boyko select CRC32 69478c37d19SAlexander Boyko help 69578c37d19SAlexander Boyko From Intel Westmere and AMD Bulldozer processor with SSE4.2 69678c37d19SAlexander Boyko and PCLMULQDQ supported, the processor will support 69778c37d19SAlexander Boyko CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 698af8cb01fShaco instruction. This option will create 'crc32-pclmul' module, 69978c37d19SAlexander Boyko which will enable any routine to use the CRC-32-IEEE 802.3 checksum 70078c37d19SAlexander Boyko and gain better performance as compared with the table implementation. 70178c37d19SAlexander Boyko 702b7133757SJason A. Donenfeldconfig CRYPTO_CRC32_S390 703b7133757SJason A. Donenfeld tristate "CRC-32 algorithms" 704b7133757SJason A. Donenfeld depends on S390 705b7133757SJason A. Donenfeld select CRYPTO_HASH 706b7133757SJason A. Donenfeld select CRC32 707b7133757SJason A. Donenfeld help 708b7133757SJason A. Donenfeld Select this option if you want to use hardware accelerated 709b7133757SJason A. Donenfeld implementations of CRC algorithms. With this option, you 710b7133757SJason A. Donenfeld can optimize the computation of CRC-32 (IEEE 802.3 Ethernet) 711b7133757SJason A. Donenfeld and CRC-32C (Castagnoli). 712b7133757SJason A. Donenfeld 713b7133757SJason A. Donenfeld It is available with IBM z13 or later. 7144a5dc51eSMarcin Nowakowski 71567882e76SNikolay Borisovconfig CRYPTO_XXHASH 71667882e76SNikolay Borisov tristate "xxHash hash algorithm" 71767882e76SNikolay Borisov select CRYPTO_HASH 71867882e76SNikolay Borisov select XXHASH 71967882e76SNikolay Borisov help 72067882e76SNikolay Borisov xxHash non-cryptographic hash algorithm. Extremely fast, working at 72167882e76SNikolay Borisov speeds close to RAM limits. 72267882e76SNikolay Borisov 72391d68933SDavid Sterbaconfig CRYPTO_BLAKE2B 72491d68933SDavid Sterba tristate "BLAKE2b digest algorithm" 72591d68933SDavid Sterba select CRYPTO_HASH 72691d68933SDavid Sterba help 72791d68933SDavid Sterba Implementation of cryptographic hash function BLAKE2b (or just BLAKE2), 72891d68933SDavid Sterba optimized for 64bit platforms and can produce digests of any size 72991d68933SDavid Sterba between 1 to 64. The keyed hash is also implemented. 73091d68933SDavid Sterba 73191d68933SDavid Sterba This module provides the following algorithms: 73291d68933SDavid Sterba 73391d68933SDavid Sterba - blake2b-160 73491d68933SDavid Sterba - blake2b-256 73591d68933SDavid Sterba - blake2b-384 73691d68933SDavid Sterba - blake2b-512 73791d68933SDavid Sterba 73891d68933SDavid Sterba See https://blake2.net for further information. 73991d68933SDavid Sterba 740ed0356edSJason A. Donenfeldconfig CRYPTO_BLAKE2S_X86 7412d16803cSJason A. Donenfeld bool "BLAKE2s digest algorithm (x86 accelerated version)" 742ed0356edSJason A. Donenfeld depends on X86 && 64BIT 743ed0356edSJason A. Donenfeld select CRYPTO_LIB_BLAKE2S_GENERIC 744ed0356edSJason A. Donenfeld select CRYPTO_ARCH_HAVE_LIB_BLAKE2S 745ed0356edSJason A. Donenfeld 74668411521SHerbert Xuconfig CRYPTO_CRCT10DIF 74768411521SHerbert Xu tristate "CRCT10DIF algorithm" 74868411521SHerbert Xu select CRYPTO_HASH 74968411521SHerbert Xu help 75068411521SHerbert Xu CRC T10 Data Integrity Field computation is being cast as 75168411521SHerbert Xu a crypto transform. This allows for faster crc t10 diff 75268411521SHerbert Xu transforms to be used if they are available. 75368411521SHerbert Xu 75468411521SHerbert Xuconfig CRYPTO_CRCT10DIF_PCLMUL 75568411521SHerbert Xu tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 75668411521SHerbert Xu depends on X86 && 64BIT && CRC_T10DIF 75768411521SHerbert Xu select CRYPTO_HASH 75868411521SHerbert Xu help 75968411521SHerbert Xu For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 76068411521SHerbert Xu CRC T10 DIF PCLMULQDQ computation can be hardware 76168411521SHerbert Xu accelerated PCLMULQDQ instruction. This option will create 762af8cb01fShaco 'crct10dif-pclmul' module, which is faster when computing the 76368411521SHerbert Xu crct10dif checksum as compared with the generic table implementation. 76468411521SHerbert Xu 765b01df1c1SDaniel Axtensconfig CRYPTO_CRCT10DIF_VPMSUM 766b01df1c1SDaniel Axtens tristate "CRC32T10DIF powerpc64 hardware acceleration" 767b01df1c1SDaniel Axtens depends on PPC64 && ALTIVEC && CRC_T10DIF 768b01df1c1SDaniel Axtens select CRYPTO_HASH 769b01df1c1SDaniel Axtens help 770b01df1c1SDaniel Axtens CRC10T10DIF algorithm implemented using vector polynomial 771b01df1c1SDaniel Axtens multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 772b01df1c1SDaniel Axtens POWER8 and newer processors for improved performance. 773b01df1c1SDaniel Axtens 774f3813f4bSKeith Buschconfig CRYPTO_CRC64_ROCKSOFT 775f3813f4bSKeith Busch tristate "Rocksoft Model CRC64 algorithm" 776f3813f4bSKeith Busch depends on CRC64 777f3813f4bSKeith Busch select CRYPTO_HASH 778f3813f4bSKeith Busch 779146c8688SDaniel Axtensconfig CRYPTO_VPMSUM_TESTER 780146c8688SDaniel Axtens tristate "Powerpc64 vpmsum hardware acceleration tester" 781146c8688SDaniel Axtens depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 782146c8688SDaniel Axtens help 783146c8688SDaniel Axtens Stress test for CRC32c and CRC-T10DIF algorithms implemented with 784146c8688SDaniel Axtens POWER8 vpmsum instructions. 785146c8688SDaniel Axtens Unless you are testing these algorithms, you don't need this. 786146c8688SDaniel Axtens 7872cdc6899SHuang Yingconfig CRYPTO_GHASH 7888dfa20fcSEric Biggers tristate "GHASH hash function" 7892cdc6899SHuang Ying select CRYPTO_GF128MUL 790578c60fbSArnd Bergmann select CRYPTO_HASH 7912cdc6899SHuang Ying help 7928dfa20fcSEric Biggers GHASH is the hash function used in GCM (Galois/Counter Mode). 7938dfa20fcSEric Biggers It is not a general-purpose cryptographic hash function. 7942cdc6899SHuang Ying 795f3c923a0SNathan Huckleberryconfig CRYPTO_POLYVAL 796f3c923a0SNathan Huckleberry tristate 797f3c923a0SNathan Huckleberry select CRYPTO_GF128MUL 798f3c923a0SNathan Huckleberry select CRYPTO_HASH 799f3c923a0SNathan Huckleberry help 800f3c923a0SNathan Huckleberry POLYVAL is the hash function used in HCTR2. It is not a general-purpose 801f3c923a0SNathan Huckleberry cryptographic hash function. 802f3c923a0SNathan Huckleberry 80334f7f6c3SNathan Huckleberryconfig CRYPTO_POLYVAL_CLMUL_NI 80434f7f6c3SNathan Huckleberry tristate "POLYVAL hash function (CLMUL-NI accelerated)" 80534f7f6c3SNathan Huckleberry depends on X86 && 64BIT 80634f7f6c3SNathan Huckleberry select CRYPTO_POLYVAL 80734f7f6c3SNathan Huckleberry help 80834f7f6c3SNathan Huckleberry This is the x86_64 CLMUL-NI accelerated implementation of POLYVAL. It is 80934f7f6c3SNathan Huckleberry used to efficiently implement HCTR2 on x86-64 processors that support 81034f7f6c3SNathan Huckleberry carry-less multiplication instructions. 81134f7f6c3SNathan Huckleberry 812f979e014SMartin Williconfig CRYPTO_POLY1305 813f979e014SMartin Willi tristate "Poly1305 authenticator algorithm" 814578c60fbSArnd Bergmann select CRYPTO_HASH 81548ea8c6eSArd Biesheuvel select CRYPTO_LIB_POLY1305_GENERIC 816f979e014SMartin Willi help 817f979e014SMartin Willi Poly1305 authenticator algorithm, RFC7539. 818f979e014SMartin Willi 819f979e014SMartin Willi Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 820f979e014SMartin Willi It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 821f979e014SMartin Willi in IETF protocols. This is the portable C implementation of Poly1305. 822f979e014SMartin Willi 823c70f4abeSMartin Williconfig CRYPTO_POLY1305_X86_64 824b1ccc8f4SMartin Willi tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 825c70f4abeSMartin Willi depends on X86 && 64BIT 8261b2c6a51SArd Biesheuvel select CRYPTO_LIB_POLY1305_GENERIC 827f0e89bcfSArd Biesheuvel select CRYPTO_ARCH_HAVE_LIB_POLY1305 828c70f4abeSMartin Willi help 829c70f4abeSMartin Willi Poly1305 authenticator algorithm, RFC7539. 830c70f4abeSMartin Willi 831c70f4abeSMartin Willi Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 832c70f4abeSMartin Willi It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 833c70f4abeSMartin Willi in IETF protocols. This is the x86_64 assembler implementation using SIMD 834c70f4abeSMartin Willi instructions. 835c70f4abeSMartin Willi 8361da177e4SLinus Torvaldsconfig CRYPTO_MD4 8371da177e4SLinus Torvalds tristate "MD4 digest algorithm" 838808a1763SAdrian-Ken Rueegsegger select CRYPTO_HASH 8391da177e4SLinus Torvalds help 8401da177e4SLinus Torvalds MD4 message digest algorithm (RFC1320). 8411da177e4SLinus Torvalds 8421da177e4SLinus Torvaldsconfig CRYPTO_MD5 8431da177e4SLinus Torvalds tristate "MD5 digest algorithm" 84414b75ba7SAdrian-Ken Rueegsegger select CRYPTO_HASH 8451da177e4SLinus Torvalds help 8461da177e4SLinus Torvalds MD5 message digest algorithm (RFC1321). 8471da177e4SLinus Torvalds 848e8e59953SMarkus Stockhausenconfig CRYPTO_MD5_PPC 849e8e59953SMarkus Stockhausen tristate "MD5 digest algorithm (PPC)" 850e8e59953SMarkus Stockhausen depends on PPC 851e8e59953SMarkus Stockhausen select CRYPTO_HASH 852e8e59953SMarkus Stockhausen help 853e8e59953SMarkus Stockhausen MD5 message digest algorithm (RFC1321) implemented 854e8e59953SMarkus Stockhausen in PPC assembler. 855e8e59953SMarkus Stockhausen 856fa4dfedcSDavid S. Millerconfig CRYPTO_MD5_SPARC64 857fa4dfedcSDavid S. Miller tristate "MD5 digest algorithm (SPARC64)" 858fa4dfedcSDavid S. Miller depends on SPARC64 859fa4dfedcSDavid S. Miller select CRYPTO_MD5 860fa4dfedcSDavid S. Miller select CRYPTO_HASH 861fa4dfedcSDavid S. Miller help 862fa4dfedcSDavid S. Miller MD5 message digest algorithm (RFC1321) implemented 863fa4dfedcSDavid S. Miller using sparc64 crypto instructions, when available. 864fa4dfedcSDavid S. Miller 865584fffc8SSebastian Siewiorconfig CRYPTO_MICHAEL_MIC 866584fffc8SSebastian Siewior tristate "Michael MIC keyed digest algorithm" 86719e2bf14SAdrian-Ken Rueegsegger select CRYPTO_HASH 868584fffc8SSebastian Siewior help 869584fffc8SSebastian Siewior Michael MIC is used for message integrity protection in TKIP 870584fffc8SSebastian Siewior (IEEE 802.11i). This algorithm is required for TKIP, but it 871584fffc8SSebastian Siewior should not be used for other purposes because of the weakness 872584fffc8SSebastian Siewior of the algorithm. 873584fffc8SSebastian Siewior 87482798f90SAdrian-Ken Rueegseggerconfig CRYPTO_RMD160 87582798f90SAdrian-Ken Rueegsegger tristate "RIPEMD-160 digest algorithm" 876e5835fbaSHerbert Xu select CRYPTO_HASH 87782798f90SAdrian-Ken Rueegsegger help 87882798f90SAdrian-Ken Rueegsegger RIPEMD-160 (ISO/IEC 10118-3:2004). 87982798f90SAdrian-Ken Rueegsegger 88082798f90SAdrian-Ken Rueegsegger RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 88182798f90SAdrian-Ken Rueegsegger to be used as a secure replacement for the 128-bit hash functions 8824cbdecd0SRandy Dunlap MD4, MD5 and its predecessor RIPEMD 883b6d44341SAdrian Bunk (not to be confused with RIPEMD-128). 88482798f90SAdrian-Ken Rueegsegger 885b6d44341SAdrian Bunk It's speed is comparable to SHA1 and there are no known attacks 886b6d44341SAdrian Bunk against RIPEMD-160. 887534fe2c1SAdrian-Ken Rueegsegger 888534fe2c1SAdrian-Ken Rueegsegger Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 8899332a9e7SAlexander A. Klimov See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 890534fe2c1SAdrian-Ken Rueegsegger 8911da177e4SLinus Torvaldsconfig CRYPTO_SHA1 8921da177e4SLinus Torvalds tristate "SHA1 digest algorithm" 89354ccb367SAdrian-Ken Rueegsegger select CRYPTO_HASH 894ec8f7f48SEric Biggers select CRYPTO_LIB_SHA1 8951da177e4SLinus Torvalds help 8961da177e4SLinus Torvalds SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 8971da177e4SLinus Torvalds 89866be8951SMathias Krauseconfig CRYPTO_SHA1_SSSE3 899e38b6b7fStim tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 90066be8951SMathias Krause depends on X86 && 64BIT 90166be8951SMathias Krause select CRYPTO_SHA1 90266be8951SMathias Krause select CRYPTO_HASH 90366be8951SMathias Krause help 90466be8951SMathias Krause SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 90566be8951SMathias Krause using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 906e38b6b7fStim Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 907e38b6b7fStim when available. 90866be8951SMathias Krause 9098275d1aaSTim Chenconfig CRYPTO_SHA256_SSSE3 910e38b6b7fStim tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 9118275d1aaSTim Chen depends on X86 && 64BIT 9128275d1aaSTim Chen select CRYPTO_SHA256 9138275d1aaSTim Chen select CRYPTO_HASH 9148275d1aaSTim Chen help 9158275d1aaSTim Chen SHA-256 secure hash standard (DFIPS 180-2) implemented 9168275d1aaSTim Chen using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 9178275d1aaSTim Chen Extensions version 1 (AVX1), or Advanced Vector Extensions 918e38b6b7fStim version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 919e38b6b7fStim Instructions) when available. 9208275d1aaSTim Chen 92187de4579STim Chenconfig CRYPTO_SHA512_SSSE3 92287de4579STim Chen tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 92387de4579STim Chen depends on X86 && 64BIT 92487de4579STim Chen select CRYPTO_SHA512 92587de4579STim Chen select CRYPTO_HASH 92687de4579STim Chen help 92787de4579STim Chen SHA-512 secure hash standard (DFIPS 180-2) implemented 92887de4579STim Chen using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 92987de4579STim Chen Extensions version 1 (AVX1), or Advanced Vector Extensions 93087de4579STim Chen version 2 (AVX2) instructions, when available. 93187de4579STim Chen 932b7133757SJason A. Donenfeldconfig CRYPTO_SHA512_S390 933b7133757SJason A. Donenfeld tristate "SHA384 and SHA512 digest algorithm" 934b7133757SJason A. Donenfeld depends on S390 935b7133757SJason A. Donenfeld select CRYPTO_HASH 936b7133757SJason A. Donenfeld help 937b7133757SJason A. Donenfeld This is the s390 hardware accelerated implementation of the 938b7133757SJason A. Donenfeld SHA512 secure hash standard. 939b7133757SJason A. Donenfeld 940b7133757SJason A. Donenfeld It is available as of z10. 941b7133757SJason A. Donenfeld 9424ff28d4cSDavid S. Millerconfig CRYPTO_SHA1_SPARC64 9434ff28d4cSDavid S. Miller tristate "SHA1 digest algorithm (SPARC64)" 9444ff28d4cSDavid S. Miller depends on SPARC64 9454ff28d4cSDavid S. Miller select CRYPTO_SHA1 9464ff28d4cSDavid S. Miller select CRYPTO_HASH 9474ff28d4cSDavid S. Miller help 9484ff28d4cSDavid S. Miller SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 9494ff28d4cSDavid S. Miller using sparc64 crypto instructions, when available. 9504ff28d4cSDavid S. Miller 951323a6bf1SMichael Ellermanconfig CRYPTO_SHA1_PPC 952323a6bf1SMichael Ellerman tristate "SHA1 digest algorithm (powerpc)" 953323a6bf1SMichael Ellerman depends on PPC 954323a6bf1SMichael Ellerman help 955323a6bf1SMichael Ellerman This is the powerpc hardware accelerated implementation of the 956323a6bf1SMichael Ellerman SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 957323a6bf1SMichael Ellerman 958d9850fc5SMarkus Stockhausenconfig CRYPTO_SHA1_PPC_SPE 959d9850fc5SMarkus Stockhausen tristate "SHA1 digest algorithm (PPC SPE)" 960d9850fc5SMarkus Stockhausen depends on PPC && SPE 961d9850fc5SMarkus Stockhausen help 962d9850fc5SMarkus Stockhausen SHA-1 secure hash standard (DFIPS 180-4) implemented 963d9850fc5SMarkus Stockhausen using powerpc SPE SIMD instruction set. 964d9850fc5SMarkus Stockhausen 965b7133757SJason A. Donenfeldconfig CRYPTO_SHA1_S390 966b7133757SJason A. Donenfeld tristate "SHA1 digest algorithm" 967b7133757SJason A. Donenfeld depends on S390 968b7133757SJason A. Donenfeld select CRYPTO_HASH 969b7133757SJason A. Donenfeld help 970b7133757SJason A. Donenfeld This is the s390 hardware accelerated implementation of the 971b7133757SJason A. Donenfeld SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 972b7133757SJason A. Donenfeld 973b7133757SJason A. Donenfeld It is available as of z990. 974b7133757SJason A. Donenfeld 9751da177e4SLinus Torvaldsconfig CRYPTO_SHA256 976cd12fb90SJonathan Lynch tristate "SHA224 and SHA256 digest algorithm" 97750e109b5SAdrian-Ken Rueegsegger select CRYPTO_HASH 97808c327f6SHans de Goede select CRYPTO_LIB_SHA256 9791da177e4SLinus Torvalds help 9801da177e4SLinus Torvalds SHA256 secure hash standard (DFIPS 180-2). 9811da177e4SLinus Torvalds 9821da177e4SLinus Torvalds This version of SHA implements a 256 bit hash with 128 bits of 9831da177e4SLinus Torvalds security against collision attacks. 9841da177e4SLinus Torvalds 985cd12fb90SJonathan Lynch This code also includes SHA-224, a 224 bit hash with 112 bits 986cd12fb90SJonathan Lynch of security against collision attacks. 987cd12fb90SJonathan Lynch 9882ecc1e95SMarkus Stockhausenconfig CRYPTO_SHA256_PPC_SPE 9892ecc1e95SMarkus Stockhausen tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 9902ecc1e95SMarkus Stockhausen depends on PPC && SPE 9912ecc1e95SMarkus Stockhausen select CRYPTO_SHA256 9922ecc1e95SMarkus Stockhausen select CRYPTO_HASH 9932ecc1e95SMarkus Stockhausen help 9942ecc1e95SMarkus Stockhausen SHA224 and SHA256 secure hash standard (DFIPS 180-2) 9952ecc1e95SMarkus Stockhausen implemented using powerpc SPE SIMD instruction set. 9962ecc1e95SMarkus Stockhausen 99786c93b24SDavid S. Millerconfig CRYPTO_SHA256_SPARC64 99886c93b24SDavid S. Miller tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 99986c93b24SDavid S. Miller depends on SPARC64 100086c93b24SDavid S. Miller select CRYPTO_SHA256 100186c93b24SDavid S. Miller select CRYPTO_HASH 100286c93b24SDavid S. Miller help 100386c93b24SDavid S. Miller SHA-256 secure hash standard (DFIPS 180-2) implemented 100486c93b24SDavid S. Miller using sparc64 crypto instructions, when available. 100586c93b24SDavid S. Miller 1006b7133757SJason A. Donenfeldconfig CRYPTO_SHA256_S390 1007b7133757SJason A. Donenfeld tristate "SHA256 digest algorithm" 1008b7133757SJason A. Donenfeld depends on S390 1009b7133757SJason A. Donenfeld select CRYPTO_HASH 1010b7133757SJason A. Donenfeld help 1011b7133757SJason A. Donenfeld This is the s390 hardware accelerated implementation of the 1012b7133757SJason A. Donenfeld SHA256 secure hash standard (DFIPS 180-2). 1013b7133757SJason A. Donenfeld 1014b7133757SJason A. Donenfeld It is available as of z9. 1015b7133757SJason A. Donenfeld 10161da177e4SLinus Torvaldsconfig CRYPTO_SHA512 10171da177e4SLinus Torvalds tristate "SHA384 and SHA512 digest algorithms" 1018bd9d20dbSAdrian-Ken Rueegsegger select CRYPTO_HASH 10191da177e4SLinus Torvalds help 10201da177e4SLinus Torvalds SHA512 secure hash standard (DFIPS 180-2). 10211da177e4SLinus Torvalds 10221da177e4SLinus Torvalds This version of SHA implements a 512 bit hash with 256 bits of 10231da177e4SLinus Torvalds security against collision attacks. 10241da177e4SLinus Torvalds 10251da177e4SLinus Torvalds This code also includes SHA-384, a 384 bit hash with 192 bits 10261da177e4SLinus Torvalds of security against collision attacks. 10271da177e4SLinus Torvalds 1028775e0c69SDavid S. Millerconfig CRYPTO_SHA512_SPARC64 1029775e0c69SDavid S. Miller tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 1030775e0c69SDavid S. Miller depends on SPARC64 1031775e0c69SDavid S. Miller select CRYPTO_SHA512 1032775e0c69SDavid S. Miller select CRYPTO_HASH 1033775e0c69SDavid S. Miller help 1034775e0c69SDavid S. Miller SHA-512 secure hash standard (DFIPS 180-2) implemented 1035775e0c69SDavid S. Miller using sparc64 crypto instructions, when available. 1036775e0c69SDavid S. Miller 103753964b9eSJeff Garzikconfig CRYPTO_SHA3 103853964b9eSJeff Garzik tristate "SHA3 digest algorithm" 103953964b9eSJeff Garzik select CRYPTO_HASH 104053964b9eSJeff Garzik help 104153964b9eSJeff Garzik SHA-3 secure hash standard (DFIPS 202). It's based on 104253964b9eSJeff Garzik cryptographic sponge function family called Keccak. 104353964b9eSJeff Garzik 104453964b9eSJeff Garzik References: 104553964b9eSJeff Garzik http://keccak.noekeon.org/ 104653964b9eSJeff Garzik 1047b7133757SJason A. Donenfeldconfig CRYPTO_SHA3_256_S390 1048b7133757SJason A. Donenfeld tristate "SHA3_224 and SHA3_256 digest algorithm" 1049b7133757SJason A. Donenfeld depends on S390 1050b7133757SJason A. Donenfeld select CRYPTO_HASH 1051b7133757SJason A. Donenfeld help 1052b7133757SJason A. Donenfeld This is the s390 hardware accelerated implementation of the 1053b7133757SJason A. Donenfeld SHA3_256 secure hash standard. 1054b7133757SJason A. Donenfeld 1055b7133757SJason A. Donenfeld It is available as of z14. 1056b7133757SJason A. Donenfeld 1057b7133757SJason A. Donenfeldconfig CRYPTO_SHA3_512_S390 1058b7133757SJason A. Donenfeld tristate "SHA3_384 and SHA3_512 digest algorithm" 1059b7133757SJason A. Donenfeld depends on S390 1060b7133757SJason A. Donenfeld select CRYPTO_HASH 1061b7133757SJason A. Donenfeld help 1062b7133757SJason A. Donenfeld This is the s390 hardware accelerated implementation of the 1063b7133757SJason A. Donenfeld SHA3_512 secure hash standard. 1064b7133757SJason A. Donenfeld 1065b7133757SJason A. Donenfeld It is available as of z14. 1066b7133757SJason A. Donenfeld 10674f0fc160SGilad Ben-Yossefconfig CRYPTO_SM3 1068d2825fa9SJason A. Donenfeld tristate 1069d2825fa9SJason A. Donenfeld 1070d2825fa9SJason A. Donenfeldconfig CRYPTO_SM3_GENERIC 10714f0fc160SGilad Ben-Yossef tristate "SM3 digest algorithm" 10724f0fc160SGilad Ben-Yossef select CRYPTO_HASH 1073d2825fa9SJason A. Donenfeld select CRYPTO_SM3 10744f0fc160SGilad Ben-Yossef help 10754f0fc160SGilad Ben-Yossef SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 10764f0fc160SGilad Ben-Yossef It is part of the Chinese Commercial Cryptography suite. 10774f0fc160SGilad Ben-Yossef 10784f0fc160SGilad Ben-Yossef References: 10794f0fc160SGilad Ben-Yossef http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 10804f0fc160SGilad Ben-Yossef https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 10814f0fc160SGilad Ben-Yossef 1082930ab34dSTianjia Zhangconfig CRYPTO_SM3_AVX_X86_64 1083930ab34dSTianjia Zhang tristate "SM3 digest algorithm (x86_64/AVX)" 1084930ab34dSTianjia Zhang depends on X86 && 64BIT 1085930ab34dSTianjia Zhang select CRYPTO_HASH 1086d2825fa9SJason A. Donenfeld select CRYPTO_SM3 1087930ab34dSTianjia Zhang help 1088930ab34dSTianjia Zhang SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 1089930ab34dSTianjia Zhang It is part of the Chinese Commercial Cryptography suite. This is 1090930ab34dSTianjia Zhang SM3 optimized implementation using Advanced Vector Extensions (AVX) 1091930ab34dSTianjia Zhang when available. 1092930ab34dSTianjia Zhang 1093930ab34dSTianjia Zhang If unsure, say N. 1094930ab34dSTianjia Zhang 1095fe18957eSVitaly Chikunovconfig CRYPTO_STREEBOG 1096fe18957eSVitaly Chikunov tristate "Streebog Hash Function" 1097fe18957eSVitaly Chikunov select CRYPTO_HASH 1098fe18957eSVitaly Chikunov help 1099fe18957eSVitaly Chikunov Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian 1100fe18957eSVitaly Chikunov cryptographic standard algorithms (called GOST algorithms). 1101fe18957eSVitaly Chikunov This setting enables two hash algorithms with 256 and 512 bits output. 1102fe18957eSVitaly Chikunov 1103fe18957eSVitaly Chikunov References: 1104fe18957eSVitaly Chikunov https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 1105fe18957eSVitaly Chikunov https://tools.ietf.org/html/rfc6986 1106fe18957eSVitaly Chikunov 1107584fffc8SSebastian Siewiorconfig CRYPTO_WP512 1108584fffc8SSebastian Siewior tristate "Whirlpool digest algorithms" 11094946510bSAdrian-Ken Rueegsegger select CRYPTO_HASH 11101da177e4SLinus Torvalds help 1111584fffc8SSebastian Siewior Whirlpool hash algorithm 512, 384 and 256-bit hashes 11121da177e4SLinus Torvalds 1113584fffc8SSebastian Siewior Whirlpool-512 is part of the NESSIE cryptographic primitives. 1114584fffc8SSebastian Siewior Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 11151da177e4SLinus Torvalds 11161da177e4SLinus Torvalds See also: 11176d8de74cSJustin P. Mattock <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 11181da177e4SLinus Torvalds 11190e1227d3SHuang Yingconfig CRYPTO_GHASH_CLMUL_NI_INTEL 11208dfa20fcSEric Biggers tristate "GHASH hash function (CLMUL-NI accelerated)" 11218af00860SRichard Weinberger depends on X86 && 64BIT 11220e1227d3SHuang Ying select CRYPTO_CRYPTD 11230e1227d3SHuang Ying help 11248dfa20fcSEric Biggers This is the x86_64 CLMUL-NI accelerated implementation of 11258dfa20fcSEric Biggers GHASH, the hash function used in GCM (Galois/Counter mode). 11260e1227d3SHuang Ying 1127b7133757SJason A. Donenfeldconfig CRYPTO_GHASH_S390 1128b7133757SJason A. Donenfeld tristate "GHASH hash function" 1129b7133757SJason A. Donenfeld depends on S390 1130b7133757SJason A. Donenfeld select CRYPTO_HASH 1131b7133757SJason A. Donenfeld help 1132b7133757SJason A. Donenfeld This is the s390 hardware accelerated implementation of GHASH, 1133b7133757SJason A. Donenfeld the hash function used in GCM (Galois/Counter mode). 1134b7133757SJason A. Donenfeld 1135b7133757SJason A. Donenfeld It is available as of z196. 1136b7133757SJason A. Donenfeld 1137584fffc8SSebastian Siewiorcomment "Ciphers" 11381da177e4SLinus Torvalds 11391da177e4SLinus Torvaldsconfig CRYPTO_AES 11401da177e4SLinus Torvalds tristate "AES cipher algorithms" 1141cce9e06dSHerbert Xu select CRYPTO_ALGAPI 11425bb12d78SArd Biesheuvel select CRYPTO_LIB_AES 11431da177e4SLinus Torvalds help 11441da177e4SLinus Torvalds AES cipher algorithms (FIPS-197). AES uses the Rijndael 11451da177e4SLinus Torvalds algorithm. 11461da177e4SLinus Torvalds 11471da177e4SLinus Torvalds Rijndael appears to be consistently a very good performer in 11481da177e4SLinus Torvalds both hardware and software across a wide range of computing 11491da177e4SLinus Torvalds environments regardless of its use in feedback or non-feedback 11501da177e4SLinus Torvalds modes. Its key setup time is excellent, and its key agility is 11511da177e4SLinus Torvalds good. Rijndael's very low memory requirements make it very well 11521da177e4SLinus Torvalds suited for restricted-space environments, in which it also 11531da177e4SLinus Torvalds demonstrates excellent performance. Rijndael's operations are 11541da177e4SLinus Torvalds among the easiest to defend against power and timing attacks. 11551da177e4SLinus Torvalds 11561da177e4SLinus Torvalds The AES specifies three key sizes: 128, 192 and 256 bits 11571da177e4SLinus Torvalds 11581da177e4SLinus Torvalds See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 11591da177e4SLinus Torvalds 1160b5e0b032SArd Biesheuvelconfig CRYPTO_AES_TI 1161b5e0b032SArd Biesheuvel tristate "Fixed time AES cipher" 1162b5e0b032SArd Biesheuvel select CRYPTO_ALGAPI 1163e59c1c98SArd Biesheuvel select CRYPTO_LIB_AES 1164b5e0b032SArd Biesheuvel help 1165b5e0b032SArd Biesheuvel This is a generic implementation of AES that attempts to eliminate 1166b5e0b032SArd Biesheuvel data dependent latencies as much as possible without affecting 1167b5e0b032SArd Biesheuvel performance too much. It is intended for use by the generic CCM 1168b5e0b032SArd Biesheuvel and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 1169b5e0b032SArd Biesheuvel solely on encryption (although decryption is supported as well, but 1170b5e0b032SArd Biesheuvel with a more dramatic performance hit) 1171b5e0b032SArd Biesheuvel 1172b5e0b032SArd Biesheuvel Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 1173b5e0b032SArd Biesheuvel 8 for decryption), this implementation only uses just two S-boxes of 1174b5e0b032SArd Biesheuvel 256 bytes each, and attempts to eliminate data dependent latencies by 1175b5e0b032SArd Biesheuvel prefetching the entire table into the cache at the start of each 11760a6a40c2SEric Biggers block. Interrupts are also disabled to avoid races where cachelines 11770a6a40c2SEric Biggers are evicted when the CPU is interrupted to do something else. 1178b5e0b032SArd Biesheuvel 117954b6a1bdSHuang Yingconfig CRYPTO_AES_NI_INTEL 118054b6a1bdSHuang Ying tristate "AES cipher algorithms (AES-NI)" 11818af00860SRichard Weinberger depends on X86 118285671860SHerbert Xu select CRYPTO_AEAD 11832c53fd11SArd Biesheuvel select CRYPTO_LIB_AES 118454b6a1bdSHuang Ying select CRYPTO_ALGAPI 1185b95bba5dSEric Biggers select CRYPTO_SKCIPHER 118685671860SHerbert Xu select CRYPTO_SIMD 118754b6a1bdSHuang Ying help 118854b6a1bdSHuang Ying Use Intel AES-NI instructions for AES algorithm. 118954b6a1bdSHuang Ying 119054b6a1bdSHuang Ying AES cipher algorithms (FIPS-197). AES uses the Rijndael 119154b6a1bdSHuang Ying algorithm. 119254b6a1bdSHuang Ying 119354b6a1bdSHuang Ying Rijndael appears to be consistently a very good performer in 119454b6a1bdSHuang Ying both hardware and software across a wide range of computing 119554b6a1bdSHuang Ying environments regardless of its use in feedback or non-feedback 119654b6a1bdSHuang Ying modes. Its key setup time is excellent, and its key agility is 119754b6a1bdSHuang Ying good. Rijndael's very low memory requirements make it very well 119854b6a1bdSHuang Ying suited for restricted-space environments, in which it also 119954b6a1bdSHuang Ying demonstrates excellent performance. Rijndael's operations are 120054b6a1bdSHuang Ying among the easiest to defend against power and timing attacks. 120154b6a1bdSHuang Ying 120254b6a1bdSHuang Ying The AES specifies three key sizes: 128, 192 and 256 bits 120354b6a1bdSHuang Ying 120454b6a1bdSHuang Ying See <http://csrc.nist.gov/encryption/aes/> for more information. 120554b6a1bdSHuang Ying 12060d258efbSMathias Krause In addition to AES cipher algorithm support, the acceleration 12070d258efbSMathias Krause for some popular block cipher mode is supported too, including 1208944585a6SArd Biesheuvel ECB, CBC, LRW, XTS. The 64 bit version has additional 1209fd94fcf0SNathan Huckleberry acceleration for CTR and XCTR. 12102cf4ac8bSHuang Ying 12119bf4852dSDavid S. Millerconfig CRYPTO_AES_SPARC64 12129bf4852dSDavid S. Miller tristate "AES cipher algorithms (SPARC64)" 12139bf4852dSDavid S. Miller depends on SPARC64 1214b95bba5dSEric Biggers select CRYPTO_SKCIPHER 12159bf4852dSDavid S. Miller help 12169bf4852dSDavid S. Miller Use SPARC64 crypto opcodes for AES algorithm. 12179bf4852dSDavid S. Miller 12189bf4852dSDavid S. Miller AES cipher algorithms (FIPS-197). AES uses the Rijndael 12199bf4852dSDavid S. Miller algorithm. 12209bf4852dSDavid S. Miller 12219bf4852dSDavid S. Miller Rijndael appears to be consistently a very good performer in 12229bf4852dSDavid S. Miller both hardware and software across a wide range of computing 12239bf4852dSDavid S. Miller environments regardless of its use in feedback or non-feedback 12249bf4852dSDavid S. Miller modes. Its key setup time is excellent, and its key agility is 12259bf4852dSDavid S. Miller good. Rijndael's very low memory requirements make it very well 12269bf4852dSDavid S. Miller suited for restricted-space environments, in which it also 12279bf4852dSDavid S. Miller demonstrates excellent performance. Rijndael's operations are 12289bf4852dSDavid S. Miller among the easiest to defend against power and timing attacks. 12299bf4852dSDavid S. Miller 12309bf4852dSDavid S. Miller The AES specifies three key sizes: 128, 192 and 256 bits 12319bf4852dSDavid S. Miller 12329bf4852dSDavid S. Miller See <http://csrc.nist.gov/encryption/aes/> for more information. 12339bf4852dSDavid S. Miller 12349bf4852dSDavid S. Miller In addition to AES cipher algorithm support, the acceleration 12359bf4852dSDavid S. Miller for some popular block cipher mode is supported too, including 12369bf4852dSDavid S. Miller ECB and CBC. 12379bf4852dSDavid S. Miller 1238504c6143SMarkus Stockhausenconfig CRYPTO_AES_PPC_SPE 1239504c6143SMarkus Stockhausen tristate "AES cipher algorithms (PPC SPE)" 1240504c6143SMarkus Stockhausen depends on PPC && SPE 1241b95bba5dSEric Biggers select CRYPTO_SKCIPHER 1242504c6143SMarkus Stockhausen help 1243504c6143SMarkus Stockhausen AES cipher algorithms (FIPS-197). Additionally the acceleration 1244504c6143SMarkus Stockhausen for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1245504c6143SMarkus Stockhausen This module should only be used for low power (router) devices 1246504c6143SMarkus Stockhausen without hardware AES acceleration (e.g. caam crypto). It reduces the 1247504c6143SMarkus Stockhausen size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1248504c6143SMarkus Stockhausen timining attacks. Nevertheless it might be not as secure as other 1249504c6143SMarkus Stockhausen architecture specific assembler implementations that work on 1KB 1250504c6143SMarkus Stockhausen tables or 256 bytes S-boxes. 1251504c6143SMarkus Stockhausen 1252b7133757SJason A. Donenfeldconfig CRYPTO_AES_S390 1253b7133757SJason A. Donenfeld tristate "AES cipher algorithms" 1254b7133757SJason A. Donenfeld depends on S390 1255b7133757SJason A. Donenfeld select CRYPTO_ALGAPI 1256b7133757SJason A. Donenfeld select CRYPTO_SKCIPHER 1257b7133757SJason A. Donenfeld help 1258b7133757SJason A. Donenfeld This is the s390 hardware accelerated implementation of the 1259b7133757SJason A. Donenfeld AES cipher algorithms (FIPS-197). 1260b7133757SJason A. Donenfeld 1261b7133757SJason A. Donenfeld As of z9 the ECB and CBC modes are hardware accelerated 1262b7133757SJason A. Donenfeld for 128 bit keys. 1263b7133757SJason A. Donenfeld As of z10 the ECB and CBC modes are hardware accelerated 1264b7133757SJason A. Donenfeld for all AES key sizes. 1265b7133757SJason A. Donenfeld As of z196 the CTR mode is hardware accelerated for all AES 1266b7133757SJason A. Donenfeld key sizes and XTS mode is hardware accelerated for 256 and 1267b7133757SJason A. Donenfeld 512 bit keys. 1268b7133757SJason A. Donenfeld 12691da177e4SLinus Torvaldsconfig CRYPTO_ANUBIS 12701da177e4SLinus Torvalds tristate "Anubis cipher algorithm" 12711674aea5SArd Biesheuvel depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1272cce9e06dSHerbert Xu select CRYPTO_ALGAPI 12731da177e4SLinus Torvalds help 12741da177e4SLinus Torvalds Anubis cipher algorithm. 12751da177e4SLinus Torvalds 12761da177e4SLinus Torvalds Anubis is a variable key length cipher which can use keys from 12771da177e4SLinus Torvalds 128 bits to 320 bits in length. It was evaluated as a entrant 12781da177e4SLinus Torvalds in the NESSIE competition. 12791da177e4SLinus Torvalds 12801da177e4SLinus Torvalds See also: 12816d8de74cSJustin P. Mattock <https://www.cosic.esat.kuleuven.be/nessie/reports/> 12826d8de74cSJustin P. Mattock <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 12831da177e4SLinus Torvalds 1284584fffc8SSebastian Siewiorconfig CRYPTO_ARC4 1285584fffc8SSebastian Siewior tristate "ARC4 cipher algorithm" 12869ace6771SArd Biesheuvel depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1287b95bba5dSEric Biggers select CRYPTO_SKCIPHER 1288dc51f257SArd Biesheuvel select CRYPTO_LIB_ARC4 1289e2ee95b8SHye-Shik Chang help 1290584fffc8SSebastian Siewior ARC4 cipher algorithm. 1291e2ee95b8SHye-Shik Chang 1292584fffc8SSebastian Siewior ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1293584fffc8SSebastian Siewior bits in length. This algorithm is required for driver-based 1294584fffc8SSebastian Siewior WEP, but it should not be for other purposes because of the 1295584fffc8SSebastian Siewior weakness of the algorithm. 1296584fffc8SSebastian Siewior 1297584fffc8SSebastian Siewiorconfig CRYPTO_BLOWFISH 1298584fffc8SSebastian Siewior tristate "Blowfish cipher algorithm" 1299584fffc8SSebastian Siewior select CRYPTO_ALGAPI 130052ba867cSJussi Kivilinna select CRYPTO_BLOWFISH_COMMON 1301584fffc8SSebastian Siewior help 1302584fffc8SSebastian Siewior Blowfish cipher algorithm, by Bruce Schneier. 1303584fffc8SSebastian Siewior 1304584fffc8SSebastian Siewior This is a variable key length cipher which can use keys from 32 1305584fffc8SSebastian Siewior bits to 448 bits in length. It's fast, simple and specifically 1306584fffc8SSebastian Siewior designed for use on "large microprocessors". 1307e2ee95b8SHye-Shik Chang 1308e2ee95b8SHye-Shik Chang See also: 13099332a9e7SAlexander A. Klimov <https://www.schneier.com/blowfish.html> 1310584fffc8SSebastian Siewior 131152ba867cSJussi Kivilinnaconfig CRYPTO_BLOWFISH_COMMON 131252ba867cSJussi Kivilinna tristate 131352ba867cSJussi Kivilinna help 131452ba867cSJussi Kivilinna Common parts of the Blowfish cipher algorithm shared by the 131552ba867cSJussi Kivilinna generic c and the assembler implementations. 131652ba867cSJussi Kivilinna 131752ba867cSJussi Kivilinna See also: 13189332a9e7SAlexander A. Klimov <https://www.schneier.com/blowfish.html> 131952ba867cSJussi Kivilinna 132064b94ceaSJussi Kivilinnaconfig CRYPTO_BLOWFISH_X86_64 132164b94ceaSJussi Kivilinna tristate "Blowfish cipher algorithm (x86_64)" 1322f21a7c19SAl Viro depends on X86 && 64BIT 1323b95bba5dSEric Biggers select CRYPTO_SKCIPHER 132464b94ceaSJussi Kivilinna select CRYPTO_BLOWFISH_COMMON 1325c0a64926SArd Biesheuvel imply CRYPTO_CTR 132664b94ceaSJussi Kivilinna help 132764b94ceaSJussi Kivilinna Blowfish cipher algorithm (x86_64), by Bruce Schneier. 132864b94ceaSJussi Kivilinna 132964b94ceaSJussi Kivilinna This is a variable key length cipher which can use keys from 32 133064b94ceaSJussi Kivilinna bits to 448 bits in length. It's fast, simple and specifically 133164b94ceaSJussi Kivilinna designed for use on "large microprocessors". 133264b94ceaSJussi Kivilinna 133364b94ceaSJussi Kivilinna See also: 13349332a9e7SAlexander A. Klimov <https://www.schneier.com/blowfish.html> 133564b94ceaSJussi Kivilinna 1336584fffc8SSebastian Siewiorconfig CRYPTO_CAMELLIA 1337584fffc8SSebastian Siewior tristate "Camellia cipher algorithms" 1338584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1339584fffc8SSebastian Siewior help 1340584fffc8SSebastian Siewior Camellia cipher algorithms module. 1341584fffc8SSebastian Siewior 1342584fffc8SSebastian Siewior Camellia is a symmetric key block cipher developed jointly 1343584fffc8SSebastian Siewior at NTT and Mitsubishi Electric Corporation. 1344584fffc8SSebastian Siewior 1345584fffc8SSebastian Siewior The Camellia specifies three key sizes: 128, 192 and 256 bits. 1346584fffc8SSebastian Siewior 1347584fffc8SSebastian Siewior See also: 1348584fffc8SSebastian Siewior <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1349584fffc8SSebastian Siewior 13500b95ec56SJussi Kivilinnaconfig CRYPTO_CAMELLIA_X86_64 13510b95ec56SJussi Kivilinna tristate "Camellia cipher algorithm (x86_64)" 1352f21a7c19SAl Viro depends on X86 && 64BIT 1353b95bba5dSEric Biggers select CRYPTO_SKCIPHER 1354a1f91ecfSArd Biesheuvel imply CRYPTO_CTR 13550b95ec56SJussi Kivilinna help 13560b95ec56SJussi Kivilinna Camellia cipher algorithm module (x86_64). 13570b95ec56SJussi Kivilinna 13580b95ec56SJussi Kivilinna Camellia is a symmetric key block cipher developed jointly 13590b95ec56SJussi Kivilinna at NTT and Mitsubishi Electric Corporation. 13600b95ec56SJussi Kivilinna 13610b95ec56SJussi Kivilinna The Camellia specifies three key sizes: 128, 192 and 256 bits. 13620b95ec56SJussi Kivilinna 13630b95ec56SJussi Kivilinna See also: 13640b95ec56SJussi Kivilinna <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 13650b95ec56SJussi Kivilinna 1366d9b1d2e7SJussi Kivilinnaconfig CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1367d9b1d2e7SJussi Kivilinna tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1368d9b1d2e7SJussi Kivilinna depends on X86 && 64BIT 1369b95bba5dSEric Biggers select CRYPTO_SKCIPHER 1370d9b1d2e7SJussi Kivilinna select CRYPTO_CAMELLIA_X86_64 137144893bc2SEric Biggers select CRYPTO_SIMD 137255a7e88fSArd Biesheuvel imply CRYPTO_XTS 1373d9b1d2e7SJussi Kivilinna help 1374d9b1d2e7SJussi Kivilinna Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1375d9b1d2e7SJussi Kivilinna 1376d9b1d2e7SJussi Kivilinna Camellia is a symmetric key block cipher developed jointly 1377d9b1d2e7SJussi Kivilinna at NTT and Mitsubishi Electric Corporation. 1378d9b1d2e7SJussi Kivilinna 1379d9b1d2e7SJussi Kivilinna The Camellia specifies three key sizes: 128, 192 and 256 bits. 1380d9b1d2e7SJussi Kivilinna 1381d9b1d2e7SJussi Kivilinna See also: 1382d9b1d2e7SJussi Kivilinna <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1383d9b1d2e7SJussi Kivilinna 1384f3f935a7SJussi Kivilinnaconfig CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1385f3f935a7SJussi Kivilinna tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1386f3f935a7SJussi Kivilinna depends on X86 && 64BIT 1387f3f935a7SJussi Kivilinna select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1388f3f935a7SJussi Kivilinna help 1389f3f935a7SJussi Kivilinna Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1390f3f935a7SJussi Kivilinna 1391f3f935a7SJussi Kivilinna Camellia is a symmetric key block cipher developed jointly 1392f3f935a7SJussi Kivilinna at NTT and Mitsubishi Electric Corporation. 1393f3f935a7SJussi Kivilinna 1394f3f935a7SJussi Kivilinna The Camellia specifies three key sizes: 128, 192 and 256 bits. 1395f3f935a7SJussi Kivilinna 1396f3f935a7SJussi Kivilinna See also: 1397f3f935a7SJussi Kivilinna <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1398f3f935a7SJussi Kivilinna 139981658ad0SDavid S. Millerconfig CRYPTO_CAMELLIA_SPARC64 140081658ad0SDavid S. Miller tristate "Camellia cipher algorithm (SPARC64)" 140181658ad0SDavid S. Miller depends on SPARC64 140281658ad0SDavid S. Miller select CRYPTO_ALGAPI 1403b95bba5dSEric Biggers select CRYPTO_SKCIPHER 140481658ad0SDavid S. Miller help 140581658ad0SDavid S. Miller Camellia cipher algorithm module (SPARC64). 140681658ad0SDavid S. Miller 140781658ad0SDavid S. Miller Camellia is a symmetric key block cipher developed jointly 140881658ad0SDavid S. Miller at NTT and Mitsubishi Electric Corporation. 140981658ad0SDavid S. Miller 141081658ad0SDavid S. Miller The Camellia specifies three key sizes: 128, 192 and 256 bits. 141181658ad0SDavid S. Miller 141281658ad0SDavid S. Miller See also: 141381658ad0SDavid S. Miller <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 141481658ad0SDavid S. Miller 1415044ab525SJussi Kivilinnaconfig CRYPTO_CAST_COMMON 1416044ab525SJussi Kivilinna tristate 1417044ab525SJussi Kivilinna help 1418044ab525SJussi Kivilinna Common parts of the CAST cipher algorithms shared by the 1419044ab525SJussi Kivilinna generic c and the assembler implementations. 1420044ab525SJussi Kivilinna 1421584fffc8SSebastian Siewiorconfig CRYPTO_CAST5 1422584fffc8SSebastian Siewior tristate "CAST5 (CAST-128) cipher algorithm" 1423584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1424044ab525SJussi Kivilinna select CRYPTO_CAST_COMMON 1425584fffc8SSebastian Siewior help 1426584fffc8SSebastian Siewior The CAST5 encryption algorithm (synonymous with CAST-128) is 1427584fffc8SSebastian Siewior described in RFC2144. 1428584fffc8SSebastian Siewior 14294d6d6a2cSJohannes Goetzfriedconfig CRYPTO_CAST5_AVX_X86_64 14304d6d6a2cSJohannes Goetzfried tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 14314d6d6a2cSJohannes Goetzfried depends on X86 && 64BIT 1432b95bba5dSEric Biggers select CRYPTO_SKCIPHER 14334d6d6a2cSJohannes Goetzfried select CRYPTO_CAST5 14341e63183aSEric Biggers select CRYPTO_CAST_COMMON 14351e63183aSEric Biggers select CRYPTO_SIMD 1436e2d60e2fSArd Biesheuvel imply CRYPTO_CTR 14374d6d6a2cSJohannes Goetzfried help 14384d6d6a2cSJohannes Goetzfried The CAST5 encryption algorithm (synonymous with CAST-128) is 14394d6d6a2cSJohannes Goetzfried described in RFC2144. 14404d6d6a2cSJohannes Goetzfried 14414d6d6a2cSJohannes Goetzfried This module provides the Cast5 cipher algorithm that processes 14424d6d6a2cSJohannes Goetzfried sixteen blocks parallel using the AVX instruction set. 14434d6d6a2cSJohannes Goetzfried 1444584fffc8SSebastian Siewiorconfig CRYPTO_CAST6 1445584fffc8SSebastian Siewior tristate "CAST6 (CAST-256) cipher algorithm" 1446584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1447044ab525SJussi Kivilinna select CRYPTO_CAST_COMMON 1448584fffc8SSebastian Siewior help 1449584fffc8SSebastian Siewior The CAST6 encryption algorithm (synonymous with CAST-256) is 1450584fffc8SSebastian Siewior described in RFC2612. 1451584fffc8SSebastian Siewior 14524ea1277dSJohannes Goetzfriedconfig CRYPTO_CAST6_AVX_X86_64 14534ea1277dSJohannes Goetzfried tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 14544ea1277dSJohannes Goetzfried depends on X86 && 64BIT 1455b95bba5dSEric Biggers select CRYPTO_SKCIPHER 14564ea1277dSJohannes Goetzfried select CRYPTO_CAST6 14574bd96924SEric Biggers select CRYPTO_CAST_COMMON 14584bd96924SEric Biggers select CRYPTO_SIMD 14592cc0fedbSArd Biesheuvel imply CRYPTO_XTS 14607a6623ccSArd Biesheuvel imply CRYPTO_CTR 14614ea1277dSJohannes Goetzfried help 14624ea1277dSJohannes Goetzfried The CAST6 encryption algorithm (synonymous with CAST-256) is 14634ea1277dSJohannes Goetzfried described in RFC2612. 14644ea1277dSJohannes Goetzfried 14654ea1277dSJohannes Goetzfried This module provides the Cast6 cipher algorithm that processes 14664ea1277dSJohannes Goetzfried eight blocks parallel using the AVX instruction set. 14674ea1277dSJohannes Goetzfried 1468584fffc8SSebastian Siewiorconfig CRYPTO_DES 1469584fffc8SSebastian Siewior tristate "DES and Triple DES EDE cipher algorithms" 1470584fffc8SSebastian Siewior select CRYPTO_ALGAPI 147104007b0eSArd Biesheuvel select CRYPTO_LIB_DES 1472584fffc8SSebastian Siewior help 1473584fffc8SSebastian Siewior DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1474584fffc8SSebastian Siewior 1475c5aac2dfSDavid S. Millerconfig CRYPTO_DES_SPARC64 1476c5aac2dfSDavid S. Miller tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 147797da37b3SDave Jones depends on SPARC64 1478c5aac2dfSDavid S. Miller select CRYPTO_ALGAPI 147904007b0eSArd Biesheuvel select CRYPTO_LIB_DES 1480b95bba5dSEric Biggers select CRYPTO_SKCIPHER 1481c5aac2dfSDavid S. Miller help 1482c5aac2dfSDavid S. Miller DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1483c5aac2dfSDavid S. Miller optimized using SPARC64 crypto opcodes. 1484c5aac2dfSDavid S. Miller 14856574e6c6SJussi Kivilinnaconfig CRYPTO_DES3_EDE_X86_64 14866574e6c6SJussi Kivilinna tristate "Triple DES EDE cipher algorithm (x86-64)" 14876574e6c6SJussi Kivilinna depends on X86 && 64BIT 1488b95bba5dSEric Biggers select CRYPTO_SKCIPHER 148904007b0eSArd Biesheuvel select CRYPTO_LIB_DES 1490768db5feSArd Biesheuvel imply CRYPTO_CTR 14916574e6c6SJussi Kivilinna help 14926574e6c6SJussi Kivilinna Triple DES EDE (FIPS 46-3) algorithm. 14936574e6c6SJussi Kivilinna 14946574e6c6SJussi Kivilinna This module provides implementation of the Triple DES EDE cipher 14956574e6c6SJussi Kivilinna algorithm that is optimized for x86-64 processors. Two versions of 14966574e6c6SJussi Kivilinna algorithm are provided; regular processing one input block and 14976574e6c6SJussi Kivilinna one that processes three blocks parallel. 14986574e6c6SJussi Kivilinna 1499b7133757SJason A. Donenfeldconfig CRYPTO_DES_S390 1500b7133757SJason A. Donenfeld tristate "DES and Triple DES cipher algorithms" 1501b7133757SJason A. Donenfeld depends on S390 1502b7133757SJason A. Donenfeld select CRYPTO_ALGAPI 1503b7133757SJason A. Donenfeld select CRYPTO_SKCIPHER 1504b7133757SJason A. Donenfeld select CRYPTO_LIB_DES 1505b7133757SJason A. Donenfeld help 1506b7133757SJason A. Donenfeld This is the s390 hardware accelerated implementation of the 1507b7133757SJason A. Donenfeld DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1508b7133757SJason A. Donenfeld 1509b7133757SJason A. Donenfeld As of z990 the ECB and CBC mode are hardware accelerated. 1510b7133757SJason A. Donenfeld As of z196 the CTR mode is hardware accelerated. 1511b7133757SJason A. Donenfeld 1512584fffc8SSebastian Siewiorconfig CRYPTO_FCRYPT 1513584fffc8SSebastian Siewior tristate "FCrypt cipher algorithm" 1514584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1515b95bba5dSEric Biggers select CRYPTO_SKCIPHER 1516584fffc8SSebastian Siewior help 1517584fffc8SSebastian Siewior FCrypt algorithm used by RxRPC. 1518584fffc8SSebastian Siewior 1519584fffc8SSebastian Siewiorconfig CRYPTO_KHAZAD 1520584fffc8SSebastian Siewior tristate "Khazad cipher algorithm" 15211674aea5SArd Biesheuvel depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1522584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1523584fffc8SSebastian Siewior help 1524584fffc8SSebastian Siewior Khazad cipher algorithm. 1525584fffc8SSebastian Siewior 1526584fffc8SSebastian Siewior Khazad was a finalist in the initial NESSIE competition. It is 1527584fffc8SSebastian Siewior an algorithm optimized for 64-bit processors with good performance 1528584fffc8SSebastian Siewior on 32-bit processors. Khazad uses an 128 bit key size. 1529584fffc8SSebastian Siewior 1530584fffc8SSebastian Siewior See also: 15316d8de74cSJustin P. Mattock <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1532e2ee95b8SHye-Shik Chang 1533c08d0e64SMartin Williconfig CRYPTO_CHACHA20 1534aa762409SEric Biggers tristate "ChaCha stream cipher algorithms" 15355fb8ef25SArd Biesheuvel select CRYPTO_LIB_CHACHA_GENERIC 1536b95bba5dSEric Biggers select CRYPTO_SKCIPHER 1537c08d0e64SMartin Willi help 1538aa762409SEric Biggers The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms. 1539c08d0e64SMartin Willi 1540c08d0e64SMartin Willi ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1541c08d0e64SMartin Willi Bernstein and further specified in RFC7539 for use in IETF protocols. 1542de61d7aeSEric Biggers This is the portable C implementation of ChaCha20. See also: 15439332a9e7SAlexander A. Klimov <https://cr.yp.to/chacha/chacha-20080128.pdf> 1544c08d0e64SMartin Willi 1545de61d7aeSEric Biggers XChaCha20 is the application of the XSalsa20 construction to ChaCha20 1546de61d7aeSEric Biggers rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 1547de61d7aeSEric Biggers from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 1548de61d7aeSEric Biggers while provably retaining ChaCha20's security. See also: 1549de61d7aeSEric Biggers <https://cr.yp.to/snuffle/xsalsa-20081128.pdf> 1550de61d7aeSEric Biggers 1551aa762409SEric Biggers XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 1552aa762409SEric Biggers reduced security margin but increased performance. It can be needed 1553aa762409SEric Biggers in some performance-sensitive scenarios. 1554aa762409SEric Biggers 1555c9320b6dSMartin Williconfig CRYPTO_CHACHA20_X86_64 15564af78261SEric Biggers tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)" 1557c9320b6dSMartin Willi depends on X86 && 64BIT 1558b95bba5dSEric Biggers select CRYPTO_SKCIPHER 155928e8d89bSArd Biesheuvel select CRYPTO_LIB_CHACHA_GENERIC 156084e03fa3SArd Biesheuvel select CRYPTO_ARCH_HAVE_LIB_CHACHA 1561c9320b6dSMartin Willi help 15627a507d62SEric Biggers SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20, 15637a507d62SEric Biggers XChaCha20, and XChaCha12 stream ciphers. 1564c9320b6dSMartin Willi 1565b7133757SJason A. Donenfeldconfig CRYPTO_CHACHA_S390 1566b7133757SJason A. Donenfeld tristate "ChaCha20 stream cipher" 1567b7133757SJason A. Donenfeld depends on S390 1568b7133757SJason A. Donenfeld select CRYPTO_SKCIPHER 1569b7133757SJason A. Donenfeld select CRYPTO_LIB_CHACHA_GENERIC 1570b7133757SJason A. Donenfeld select CRYPTO_ARCH_HAVE_LIB_CHACHA 1571b7133757SJason A. Donenfeld help 1572b7133757SJason A. Donenfeld This is the s390 SIMD implementation of the ChaCha20 stream 1573b7133757SJason A. Donenfeld cipher (RFC 7539). 1574b7133757SJason A. Donenfeld 1575b7133757SJason A. Donenfeld It is available as of z13. 1576b7133757SJason A. Donenfeld 1577584fffc8SSebastian Siewiorconfig CRYPTO_SEED 1578584fffc8SSebastian Siewior tristate "SEED cipher algorithm" 15791674aea5SArd Biesheuvel depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1580584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1581584fffc8SSebastian Siewior help 1582584fffc8SSebastian Siewior SEED cipher algorithm (RFC4269). 1583584fffc8SSebastian Siewior 1584584fffc8SSebastian Siewior SEED is a 128-bit symmetric key block cipher that has been 1585584fffc8SSebastian Siewior developed by KISA (Korea Information Security Agency) as a 1586584fffc8SSebastian Siewior national standard encryption algorithm of the Republic of Korea. 1587584fffc8SSebastian Siewior It is a 16 round block cipher with the key size of 128 bit. 1588584fffc8SSebastian Siewior 1589584fffc8SSebastian Siewior See also: 1590584fffc8SSebastian Siewior <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1591584fffc8SSebastian Siewior 1592e4e712bbSTaehee Yooconfig CRYPTO_ARIA 1593e4e712bbSTaehee Yoo tristate "ARIA cipher algorithm" 1594e4e712bbSTaehee Yoo select CRYPTO_ALGAPI 1595e4e712bbSTaehee Yoo help 1596e4e712bbSTaehee Yoo ARIA cipher algorithm (RFC5794). 1597e4e712bbSTaehee Yoo 1598e4e712bbSTaehee Yoo ARIA is a standard encryption algorithm of the Republic of Korea. 1599e4e712bbSTaehee Yoo The ARIA specifies three key sizes and rounds. 1600e4e712bbSTaehee Yoo 128-bit: 12 rounds. 1601e4e712bbSTaehee Yoo 192-bit: 14 rounds. 1602e4e712bbSTaehee Yoo 256-bit: 16 rounds. 1603e4e712bbSTaehee Yoo 1604e4e712bbSTaehee Yoo See also: 1605e4e712bbSTaehee Yoo <https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do> 1606e4e712bbSTaehee Yoo 1607584fffc8SSebastian Siewiorconfig CRYPTO_SERPENT 1608584fffc8SSebastian Siewior tristate "Serpent cipher algorithm" 1609584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1610584fffc8SSebastian Siewior help 1611584fffc8SSebastian Siewior Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1612584fffc8SSebastian Siewior 1613584fffc8SSebastian Siewior Keys are allowed to be from 0 to 256 bits in length, in steps 1614784506a1SArd Biesheuvel of 8 bits. 1615584fffc8SSebastian Siewior 1616584fffc8SSebastian Siewior See also: 16179332a9e7SAlexander A. Klimov <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1618584fffc8SSebastian Siewior 1619937c30d7SJussi Kivilinnaconfig CRYPTO_SERPENT_SSE2_X86_64 1620937c30d7SJussi Kivilinna tristate "Serpent cipher algorithm (x86_64/SSE2)" 1621937c30d7SJussi Kivilinna depends on X86 && 64BIT 1622b95bba5dSEric Biggers select CRYPTO_SKCIPHER 1623937c30d7SJussi Kivilinna select CRYPTO_SERPENT 1624e0f409dcSEric Biggers select CRYPTO_SIMD 16252e9440aeSArd Biesheuvel imply CRYPTO_CTR 1626937c30d7SJussi Kivilinna help 1627937c30d7SJussi Kivilinna Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1628937c30d7SJussi Kivilinna 1629937c30d7SJussi Kivilinna Keys are allowed to be from 0 to 256 bits in length, in steps 1630937c30d7SJussi Kivilinna of 8 bits. 1631937c30d7SJussi Kivilinna 16321e6232f8SMasanari Iida This module provides Serpent cipher algorithm that processes eight 1633937c30d7SJussi Kivilinna blocks parallel using SSE2 instruction set. 1634937c30d7SJussi Kivilinna 1635937c30d7SJussi Kivilinna See also: 16369332a9e7SAlexander A. Klimov <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1637937c30d7SJussi Kivilinna 1638251496dbSJussi Kivilinnaconfig CRYPTO_SERPENT_SSE2_586 1639251496dbSJussi Kivilinna tristate "Serpent cipher algorithm (i586/SSE2)" 1640251496dbSJussi Kivilinna depends on X86 && !64BIT 1641b95bba5dSEric Biggers select CRYPTO_SKCIPHER 1642251496dbSJussi Kivilinna select CRYPTO_SERPENT 1643e0f409dcSEric Biggers select CRYPTO_SIMD 16442e9440aeSArd Biesheuvel imply CRYPTO_CTR 1645251496dbSJussi Kivilinna help 1646251496dbSJussi Kivilinna Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1647251496dbSJussi Kivilinna 1648251496dbSJussi Kivilinna Keys are allowed to be from 0 to 256 bits in length, in steps 1649251496dbSJussi Kivilinna of 8 bits. 1650251496dbSJussi Kivilinna 1651251496dbSJussi Kivilinna This module provides Serpent cipher algorithm that processes four 1652251496dbSJussi Kivilinna blocks parallel using SSE2 instruction set. 1653251496dbSJussi Kivilinna 1654251496dbSJussi Kivilinna See also: 16559332a9e7SAlexander A. Klimov <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1656251496dbSJussi Kivilinna 16577efe4076SJohannes Goetzfriedconfig CRYPTO_SERPENT_AVX_X86_64 16587efe4076SJohannes Goetzfried tristate "Serpent cipher algorithm (x86_64/AVX)" 16597efe4076SJohannes Goetzfried depends on X86 && 64BIT 1660b95bba5dSEric Biggers select CRYPTO_SKCIPHER 16617efe4076SJohannes Goetzfried select CRYPTO_SERPENT 1662e16bf974SEric Biggers select CRYPTO_SIMD 16639ec0af8aSArd Biesheuvel imply CRYPTO_XTS 16642e9440aeSArd Biesheuvel imply CRYPTO_CTR 16657efe4076SJohannes Goetzfried help 16667efe4076SJohannes Goetzfried Serpent cipher algorithm, by Anderson, Biham & Knudsen. 16677efe4076SJohannes Goetzfried 16687efe4076SJohannes Goetzfried Keys are allowed to be from 0 to 256 bits in length, in steps 16697efe4076SJohannes Goetzfried of 8 bits. 16707efe4076SJohannes Goetzfried 16717efe4076SJohannes Goetzfried This module provides the Serpent cipher algorithm that processes 16727efe4076SJohannes Goetzfried eight blocks parallel using the AVX instruction set. 16737efe4076SJohannes Goetzfried 16747efe4076SJohannes Goetzfried See also: 16759332a9e7SAlexander A. Klimov <https://www.cl.cam.ac.uk/~rja14/serpent.html> 16767efe4076SJohannes Goetzfried 167756d76c96SJussi Kivilinnaconfig CRYPTO_SERPENT_AVX2_X86_64 167856d76c96SJussi Kivilinna tristate "Serpent cipher algorithm (x86_64/AVX2)" 167956d76c96SJussi Kivilinna depends on X86 && 64BIT 168056d76c96SJussi Kivilinna select CRYPTO_SERPENT_AVX_X86_64 168156d76c96SJussi Kivilinna help 168256d76c96SJussi Kivilinna Serpent cipher algorithm, by Anderson, Biham & Knudsen. 168356d76c96SJussi Kivilinna 168456d76c96SJussi Kivilinna Keys are allowed to be from 0 to 256 bits in length, in steps 168556d76c96SJussi Kivilinna of 8 bits. 168656d76c96SJussi Kivilinna 168756d76c96SJussi Kivilinna This module provides Serpent cipher algorithm that processes 16 168856d76c96SJussi Kivilinna blocks parallel using AVX2 instruction set. 168956d76c96SJussi Kivilinna 169056d76c96SJussi Kivilinna See also: 16919332a9e7SAlexander A. Klimov <https://www.cl.cam.ac.uk/~rja14/serpent.html> 169256d76c96SJussi Kivilinna 1693747c8ce4SGilad Ben-Yossefconfig CRYPTO_SM4 1694d2825fa9SJason A. Donenfeld tristate 1695d2825fa9SJason A. Donenfeld 1696d2825fa9SJason A. Donenfeldconfig CRYPTO_SM4_GENERIC 1697747c8ce4SGilad Ben-Yossef tristate "SM4 cipher algorithm" 1698747c8ce4SGilad Ben-Yossef select CRYPTO_ALGAPI 1699d2825fa9SJason A. Donenfeld select CRYPTO_SM4 1700747c8ce4SGilad Ben-Yossef help 1701747c8ce4SGilad Ben-Yossef SM4 cipher algorithms (OSCCA GB/T 32907-2016). 1702747c8ce4SGilad Ben-Yossef 1703747c8ce4SGilad Ben-Yossef SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1704747c8ce4SGilad Ben-Yossef Organization of State Commercial Administration of China (OSCCA) 1705747c8ce4SGilad Ben-Yossef as an authorized cryptographic algorithms for the use within China. 1706747c8ce4SGilad Ben-Yossef 1707747c8ce4SGilad Ben-Yossef SMS4 was originally created for use in protecting wireless 1708747c8ce4SGilad Ben-Yossef networks, and is mandated in the Chinese National Standard for 1709747c8ce4SGilad Ben-Yossef Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 1710747c8ce4SGilad Ben-Yossef (GB.15629.11-2003). 1711747c8ce4SGilad Ben-Yossef 1712747c8ce4SGilad Ben-Yossef The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 1713747c8ce4SGilad Ben-Yossef standardized through TC 260 of the Standardization Administration 1714747c8ce4SGilad Ben-Yossef of the People's Republic of China (SAC). 1715747c8ce4SGilad Ben-Yossef 1716747c8ce4SGilad Ben-Yossef The input, output, and key of SMS4 are each 128 bits. 1717747c8ce4SGilad Ben-Yossef 1718747c8ce4SGilad Ben-Yossef See also: <https://eprint.iacr.org/2008/329.pdf> 1719747c8ce4SGilad Ben-Yossef 1720747c8ce4SGilad Ben-Yossef If unsure, say N. 1721747c8ce4SGilad Ben-Yossef 1722a7ee22eeSTianjia Zhangconfig CRYPTO_SM4_AESNI_AVX_X86_64 1723a7ee22eeSTianjia Zhang tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX)" 1724a7ee22eeSTianjia Zhang depends on X86 && 64BIT 1725a7ee22eeSTianjia Zhang select CRYPTO_SKCIPHER 1726a7ee22eeSTianjia Zhang select CRYPTO_SIMD 1727a7ee22eeSTianjia Zhang select CRYPTO_ALGAPI 1728d2825fa9SJason A. Donenfeld select CRYPTO_SM4 1729a7ee22eeSTianjia Zhang help 1730a7ee22eeSTianjia Zhang SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX). 1731a7ee22eeSTianjia Zhang 1732a7ee22eeSTianjia Zhang SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1733a7ee22eeSTianjia Zhang Organization of State Commercial Administration of China (OSCCA) 1734a7ee22eeSTianjia Zhang as an authorized cryptographic algorithms for the use within China. 1735a7ee22eeSTianjia Zhang 1736a7ee22eeSTianjia Zhang This is SM4 optimized implementation using AES-NI/AVX/x86_64 1737a7ee22eeSTianjia Zhang instruction set for block cipher. Through two affine transforms, 1738a7ee22eeSTianjia Zhang we can use the AES S-Box to simulate the SM4 S-Box to achieve the 1739a7ee22eeSTianjia Zhang effect of instruction acceleration. 1740a7ee22eeSTianjia Zhang 1741a7ee22eeSTianjia Zhang If unsure, say N. 1742a7ee22eeSTianjia Zhang 17435b2efa2bSTianjia Zhangconfig CRYPTO_SM4_AESNI_AVX2_X86_64 17445b2efa2bSTianjia Zhang tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX2)" 17455b2efa2bSTianjia Zhang depends on X86 && 64BIT 17465b2efa2bSTianjia Zhang select CRYPTO_SKCIPHER 17475b2efa2bSTianjia Zhang select CRYPTO_SIMD 17485b2efa2bSTianjia Zhang select CRYPTO_ALGAPI 1749d2825fa9SJason A. Donenfeld select CRYPTO_SM4 17505b2efa2bSTianjia Zhang select CRYPTO_SM4_AESNI_AVX_X86_64 17515b2efa2bSTianjia Zhang help 17525b2efa2bSTianjia Zhang SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX2). 17535b2efa2bSTianjia Zhang 17545b2efa2bSTianjia Zhang SM4 (GBT.32907-2016) is a cryptographic standard issued by the 17555b2efa2bSTianjia Zhang Organization of State Commercial Administration of China (OSCCA) 17565b2efa2bSTianjia Zhang as an authorized cryptographic algorithms for the use within China. 17575b2efa2bSTianjia Zhang 17585b2efa2bSTianjia Zhang This is SM4 optimized implementation using AES-NI/AVX2/x86_64 17595b2efa2bSTianjia Zhang instruction set for block cipher. Through two affine transforms, 17605b2efa2bSTianjia Zhang we can use the AES S-Box to simulate the SM4 S-Box to achieve the 17615b2efa2bSTianjia Zhang effect of instruction acceleration. 17625b2efa2bSTianjia Zhang 17635b2efa2bSTianjia Zhang If unsure, say N. 17645b2efa2bSTianjia Zhang 1765584fffc8SSebastian Siewiorconfig CRYPTO_TEA 1766584fffc8SSebastian Siewior tristate "TEA, XTEA and XETA cipher algorithms" 17671674aea5SArd Biesheuvel depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1768584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1769584fffc8SSebastian Siewior help 1770584fffc8SSebastian Siewior TEA cipher algorithm. 1771584fffc8SSebastian Siewior 1772584fffc8SSebastian Siewior Tiny Encryption Algorithm is a simple cipher that uses 1773584fffc8SSebastian Siewior many rounds for security. It is very fast and uses 1774584fffc8SSebastian Siewior little memory. 1775584fffc8SSebastian Siewior 1776584fffc8SSebastian Siewior Xtendend Tiny Encryption Algorithm is a modification to 1777584fffc8SSebastian Siewior the TEA algorithm to address a potential key weakness 1778584fffc8SSebastian Siewior in the TEA algorithm. 1779584fffc8SSebastian Siewior 1780584fffc8SSebastian Siewior Xtendend Encryption Tiny Algorithm is a mis-implementation 1781584fffc8SSebastian Siewior of the XTEA algorithm for compatibility purposes. 1782584fffc8SSebastian Siewior 1783584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH 1784584fffc8SSebastian Siewior tristate "Twofish cipher algorithm" 1785584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1786584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 1787584fffc8SSebastian Siewior help 1788584fffc8SSebastian Siewior Twofish cipher algorithm. 1789584fffc8SSebastian Siewior 1790584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 1791584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 1792584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 1793584fffc8SSebastian Siewior bits. 1794584fffc8SSebastian Siewior 1795584fffc8SSebastian Siewior See also: 17969332a9e7SAlexander A. Klimov <https://www.schneier.com/twofish.html> 1797584fffc8SSebastian Siewior 1798584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_COMMON 1799584fffc8SSebastian Siewior tristate 1800584fffc8SSebastian Siewior help 1801584fffc8SSebastian Siewior Common parts of the Twofish cipher algorithm shared by the 1802584fffc8SSebastian Siewior generic c and the assembler implementations. 1803584fffc8SSebastian Siewior 1804584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_586 1805584fffc8SSebastian Siewior tristate "Twofish cipher algorithms (i586)" 1806584fffc8SSebastian Siewior depends on (X86 || UML_X86) && !64BIT 1807584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1808584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 1809f43dcaf2SArd Biesheuvel imply CRYPTO_CTR 1810584fffc8SSebastian Siewior help 1811584fffc8SSebastian Siewior Twofish cipher algorithm. 1812584fffc8SSebastian Siewior 1813584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 1814584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 1815584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 1816584fffc8SSebastian Siewior bits. 1817584fffc8SSebastian Siewior 1818584fffc8SSebastian Siewior See also: 18199332a9e7SAlexander A. Klimov <https://www.schneier.com/twofish.html> 1820584fffc8SSebastian Siewior 1821584fffc8SSebastian Siewiorconfig CRYPTO_TWOFISH_X86_64 1822584fffc8SSebastian Siewior tristate "Twofish cipher algorithm (x86_64)" 1823584fffc8SSebastian Siewior depends on (X86 || UML_X86) && 64BIT 1824584fffc8SSebastian Siewior select CRYPTO_ALGAPI 1825584fffc8SSebastian Siewior select CRYPTO_TWOFISH_COMMON 1826f43dcaf2SArd Biesheuvel imply CRYPTO_CTR 1827584fffc8SSebastian Siewior help 1828584fffc8SSebastian Siewior Twofish cipher algorithm (x86_64). 1829584fffc8SSebastian Siewior 1830584fffc8SSebastian Siewior Twofish was submitted as an AES (Advanced Encryption Standard) 1831584fffc8SSebastian Siewior candidate cipher by researchers at CounterPane Systems. It is a 1832584fffc8SSebastian Siewior 16 round block cipher supporting key sizes of 128, 192, and 256 1833584fffc8SSebastian Siewior bits. 1834584fffc8SSebastian Siewior 1835584fffc8SSebastian Siewior See also: 18369332a9e7SAlexander A. Klimov <https://www.schneier.com/twofish.html> 1837584fffc8SSebastian Siewior 18388280daadSJussi Kivilinnaconfig CRYPTO_TWOFISH_X86_64_3WAY 18398280daadSJussi Kivilinna tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1840f21a7c19SAl Viro depends on X86 && 64BIT 1841b95bba5dSEric Biggers select CRYPTO_SKCIPHER 18428280daadSJussi Kivilinna select CRYPTO_TWOFISH_COMMON 18438280daadSJussi Kivilinna select CRYPTO_TWOFISH_X86_64 18448280daadSJussi Kivilinna help 18458280daadSJussi Kivilinna Twofish cipher algorithm (x86_64, 3-way parallel). 18468280daadSJussi Kivilinna 18478280daadSJussi Kivilinna Twofish was submitted as an AES (Advanced Encryption Standard) 18488280daadSJussi Kivilinna candidate cipher by researchers at CounterPane Systems. It is a 18498280daadSJussi Kivilinna 16 round block cipher supporting key sizes of 128, 192, and 256 18508280daadSJussi Kivilinna bits. 18518280daadSJussi Kivilinna 18528280daadSJussi Kivilinna This module provides Twofish cipher algorithm that processes three 18538280daadSJussi Kivilinna blocks parallel, utilizing resources of out-of-order CPUs better. 18548280daadSJussi Kivilinna 18558280daadSJussi Kivilinna See also: 18569332a9e7SAlexander A. Klimov <https://www.schneier.com/twofish.html> 18578280daadSJussi Kivilinna 1858107778b5SJohannes Goetzfriedconfig CRYPTO_TWOFISH_AVX_X86_64 1859107778b5SJohannes Goetzfried tristate "Twofish cipher algorithm (x86_64/AVX)" 1860107778b5SJohannes Goetzfried depends on X86 && 64BIT 1861b95bba5dSEric Biggers select CRYPTO_SKCIPHER 18620e6ab46dSEric Biggers select CRYPTO_SIMD 1863107778b5SJohannes Goetzfried select CRYPTO_TWOFISH_COMMON 1864107778b5SJohannes Goetzfried select CRYPTO_TWOFISH_X86_64 1865107778b5SJohannes Goetzfried select CRYPTO_TWOFISH_X86_64_3WAY 1866da4df93aSArd Biesheuvel imply CRYPTO_XTS 1867107778b5SJohannes Goetzfried help 1868107778b5SJohannes Goetzfried Twofish cipher algorithm (x86_64/AVX). 1869107778b5SJohannes Goetzfried 1870107778b5SJohannes Goetzfried Twofish was submitted as an AES (Advanced Encryption Standard) 1871107778b5SJohannes Goetzfried candidate cipher by researchers at CounterPane Systems. It is a 1872107778b5SJohannes Goetzfried 16 round block cipher supporting key sizes of 128, 192, and 256 1873107778b5SJohannes Goetzfried bits. 1874107778b5SJohannes Goetzfried 1875107778b5SJohannes Goetzfried This module provides the Twofish cipher algorithm that processes 1876107778b5SJohannes Goetzfried eight blocks parallel using the AVX Instruction Set. 1877107778b5SJohannes Goetzfried 1878107778b5SJohannes Goetzfried See also: 18799332a9e7SAlexander A. Klimov <https://www.schneier.com/twofish.html> 1880107778b5SJohannes Goetzfried 1881584fffc8SSebastian Siewiorcomment "Compression" 1882584fffc8SSebastian Siewior 18831da177e4SLinus Torvaldsconfig CRYPTO_DEFLATE 18841da177e4SLinus Torvalds tristate "Deflate compression algorithm" 1885cce9e06dSHerbert Xu select CRYPTO_ALGAPI 1886f6ded09dSGiovanni Cabiddu select CRYPTO_ACOMP2 18871da177e4SLinus Torvalds select ZLIB_INFLATE 18881da177e4SLinus Torvalds select ZLIB_DEFLATE 18891da177e4SLinus Torvalds help 18901da177e4SLinus Torvalds This is the Deflate algorithm (RFC1951), specified for use in 18911da177e4SLinus Torvalds IPSec with the IPCOMP protocol (RFC3173, RFC2394). 18921da177e4SLinus Torvalds 18931da177e4SLinus Torvalds You will most probably want this if using IPSec. 18941da177e4SLinus Torvalds 18950b77abb3SZoltan Sogorconfig CRYPTO_LZO 18960b77abb3SZoltan Sogor tristate "LZO compression algorithm" 18970b77abb3SZoltan Sogor select CRYPTO_ALGAPI 1898ac9d2c4bSGiovanni Cabiddu select CRYPTO_ACOMP2 18990b77abb3SZoltan Sogor select LZO_COMPRESS 19000b77abb3SZoltan Sogor select LZO_DECOMPRESS 19010b77abb3SZoltan Sogor help 19020b77abb3SZoltan Sogor This is the LZO algorithm. 19030b77abb3SZoltan Sogor 190435a1fc18SSeth Jenningsconfig CRYPTO_842 190535a1fc18SSeth Jennings tristate "842 compression algorithm" 19062062c5b6SDan Streetman select CRYPTO_ALGAPI 19076a8de3aeSGiovanni Cabiddu select CRYPTO_ACOMP2 19082062c5b6SDan Streetman select 842_COMPRESS 19092062c5b6SDan Streetman select 842_DECOMPRESS 191035a1fc18SSeth Jennings help 191135a1fc18SSeth Jennings This is the 842 algorithm. 191235a1fc18SSeth Jennings 19130ea8530dSChanho Minconfig CRYPTO_LZ4 19140ea8530dSChanho Min tristate "LZ4 compression algorithm" 19150ea8530dSChanho Min select CRYPTO_ALGAPI 19168cd9330eSGiovanni Cabiddu select CRYPTO_ACOMP2 19170ea8530dSChanho Min select LZ4_COMPRESS 19180ea8530dSChanho Min select LZ4_DECOMPRESS 19190ea8530dSChanho Min help 19200ea8530dSChanho Min This is the LZ4 algorithm. 19210ea8530dSChanho Min 19220ea8530dSChanho Minconfig CRYPTO_LZ4HC 19230ea8530dSChanho Min tristate "LZ4HC compression algorithm" 19240ea8530dSChanho Min select CRYPTO_ALGAPI 192591d53d96SGiovanni Cabiddu select CRYPTO_ACOMP2 19260ea8530dSChanho Min select LZ4HC_COMPRESS 19270ea8530dSChanho Min select LZ4_DECOMPRESS 19280ea8530dSChanho Min help 19290ea8530dSChanho Min This is the LZ4 high compression mode algorithm. 19300ea8530dSChanho Min 1931d28fc3dbSNick Terrellconfig CRYPTO_ZSTD 1932d28fc3dbSNick Terrell tristate "Zstd compression algorithm" 1933d28fc3dbSNick Terrell select CRYPTO_ALGAPI 1934d28fc3dbSNick Terrell select CRYPTO_ACOMP2 1935d28fc3dbSNick Terrell select ZSTD_COMPRESS 1936d28fc3dbSNick Terrell select ZSTD_DECOMPRESS 1937d28fc3dbSNick Terrell help 1938d28fc3dbSNick Terrell This is the zstd algorithm. 1939d28fc3dbSNick Terrell 194017f0f4a4SNeil Hormancomment "Random Number Generation" 194117f0f4a4SNeil Horman 194217f0f4a4SNeil Hormanconfig CRYPTO_ANSI_CPRNG 194317f0f4a4SNeil Horman tristate "Pseudo Random Number Generation for Cryptographic modules" 194417f0f4a4SNeil Horman select CRYPTO_AES 194517f0f4a4SNeil Horman select CRYPTO_RNG 194617f0f4a4SNeil Horman help 194717f0f4a4SNeil Horman This option enables the generic pseudo random number generator 194817f0f4a4SNeil Horman for cryptographic modules. Uses the Algorithm specified in 19497dd607e8SJiri Kosina ANSI X9.31 A.2.4. Note that this option must be enabled if 19507dd607e8SJiri Kosina CRYPTO_FIPS is selected 195117f0f4a4SNeil Horman 1952f2c89a10SHerbert Xumenuconfig CRYPTO_DRBG_MENU 1953419090c6SStephan Mueller tristate "NIST SP800-90A DRBG" 1954419090c6SStephan Mueller help 1955419090c6SStephan Mueller NIST SP800-90A compliant DRBG. In the following submenu, one or 1956419090c6SStephan Mueller more of the DRBG types must be selected. 1957419090c6SStephan Mueller 1958f2c89a10SHerbert Xuif CRYPTO_DRBG_MENU 1959419090c6SStephan Mueller 1960419090c6SStephan Muellerconfig CRYPTO_DRBG_HMAC 1961401e4238SHerbert Xu bool 1962419090c6SStephan Mueller default y 1963419090c6SStephan Mueller select CRYPTO_HMAC 19645261cdf4SStephan Mueller select CRYPTO_SHA512 1965419090c6SStephan Mueller 1966419090c6SStephan Muellerconfig CRYPTO_DRBG_HASH 1967419090c6SStephan Mueller bool "Enable Hash DRBG" 1968826775bbSHerbert Xu select CRYPTO_SHA256 1969419090c6SStephan Mueller help 1970419090c6SStephan Mueller Enable the Hash DRBG variant as defined in NIST SP800-90A. 1971419090c6SStephan Mueller 1972419090c6SStephan Muellerconfig CRYPTO_DRBG_CTR 1973419090c6SStephan Mueller bool "Enable CTR DRBG" 1974419090c6SStephan Mueller select CRYPTO_AES 1975d6fc1a45SCorentin Labbe select CRYPTO_CTR 1976419090c6SStephan Mueller help 1977419090c6SStephan Mueller Enable the CTR DRBG variant as defined in NIST SP800-90A. 1978419090c6SStephan Mueller 1979f2c89a10SHerbert Xuconfig CRYPTO_DRBG 1980f2c89a10SHerbert Xu tristate 1981401e4238SHerbert Xu default CRYPTO_DRBG_MENU 1982f2c89a10SHerbert Xu select CRYPTO_RNG 1983bb5530e4SStephan Mueller select CRYPTO_JITTERENTROPY 1984f2c89a10SHerbert Xu 1985f2c89a10SHerbert Xuendif # if CRYPTO_DRBG_MENU 1986419090c6SStephan Mueller 1987bb5530e4SStephan Muellerconfig CRYPTO_JITTERENTROPY 1988bb5530e4SStephan Mueller tristate "Jitterentropy Non-Deterministic Random Number Generator" 19892f313e02SArnd Bergmann select CRYPTO_RNG 1990bb5530e4SStephan Mueller help 1991bb5530e4SStephan Mueller The Jitterentropy RNG is a noise that is intended 1992bb5530e4SStephan Mueller to provide seed to another RNG. The RNG does not 1993bb5530e4SStephan Mueller perform any cryptographic whitening of the generated 1994bb5530e4SStephan Mueller random numbers. This Jitterentropy RNG registers with 1995bb5530e4SStephan Mueller the kernel crypto API and can be used by any caller. 1996bb5530e4SStephan Mueller 1997026a733eSStephan Müllerconfig CRYPTO_KDF800108_CTR 1998026a733eSStephan Müller tristate 1999a88592ccSHerbert Xu select CRYPTO_HMAC 2000304b4aceSStephan Müller select CRYPTO_SHA256 2001026a733eSStephan Müller 200203c8efc1SHerbert Xuconfig CRYPTO_USER_API 200303c8efc1SHerbert Xu tristate 200403c8efc1SHerbert Xu 2005fe869cdbSHerbert Xuconfig CRYPTO_USER_API_HASH 2006fe869cdbSHerbert Xu tristate "User-space interface for hash algorithms" 20077451708fSHerbert Xu depends on NET 2008fe869cdbSHerbert Xu select CRYPTO_HASH 2009fe869cdbSHerbert Xu select CRYPTO_USER_API 2010fe869cdbSHerbert Xu help 2011fe869cdbSHerbert Xu This option enables the user-spaces interface for hash 2012fe869cdbSHerbert Xu algorithms. 2013fe869cdbSHerbert Xu 20148ff59090SHerbert Xuconfig CRYPTO_USER_API_SKCIPHER 20158ff59090SHerbert Xu tristate "User-space interface for symmetric key cipher algorithms" 20167451708fSHerbert Xu depends on NET 2017b95bba5dSEric Biggers select CRYPTO_SKCIPHER 20188ff59090SHerbert Xu select CRYPTO_USER_API 20198ff59090SHerbert Xu help 20208ff59090SHerbert Xu This option enables the user-spaces interface for symmetric 20218ff59090SHerbert Xu key cipher algorithms. 20228ff59090SHerbert Xu 20232f375538SStephan Muellerconfig CRYPTO_USER_API_RNG 20242f375538SStephan Mueller tristate "User-space interface for random number generator algorithms" 20252f375538SStephan Mueller depends on NET 20262f375538SStephan Mueller select CRYPTO_RNG 20272f375538SStephan Mueller select CRYPTO_USER_API 20282f375538SStephan Mueller help 20292f375538SStephan Mueller This option enables the user-spaces interface for random 20302f375538SStephan Mueller number generator algorithms. 20312f375538SStephan Mueller 203277ebdabeSElena Petrovaconfig CRYPTO_USER_API_RNG_CAVP 203377ebdabeSElena Petrova bool "Enable CAVP testing of DRBG" 203477ebdabeSElena Petrova depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG 203577ebdabeSElena Petrova help 203677ebdabeSElena Petrova This option enables extra API for CAVP testing via the user-space 203777ebdabeSElena Petrova interface: resetting of DRBG entropy, and providing Additional Data. 203877ebdabeSElena Petrova This should only be enabled for CAVP testing. You should say 203977ebdabeSElena Petrova no unless you know what this is. 204077ebdabeSElena Petrova 2041b64a2d95SHerbert Xuconfig CRYPTO_USER_API_AEAD 2042b64a2d95SHerbert Xu tristate "User-space interface for AEAD cipher algorithms" 2043b64a2d95SHerbert Xu depends on NET 2044b64a2d95SHerbert Xu select CRYPTO_AEAD 2045b95bba5dSEric Biggers select CRYPTO_SKCIPHER 204672548b09SStephan Mueller select CRYPTO_NULL 2047b64a2d95SHerbert Xu select CRYPTO_USER_API 2048b64a2d95SHerbert Xu help 2049b64a2d95SHerbert Xu This option enables the user-spaces interface for AEAD 2050b64a2d95SHerbert Xu cipher algorithms. 2051b64a2d95SHerbert Xu 20529ace6771SArd Biesheuvelconfig CRYPTO_USER_API_ENABLE_OBSOLETE 20539ace6771SArd Biesheuvel bool "Enable obsolete cryptographic algorithms for userspace" 20549ace6771SArd Biesheuvel depends on CRYPTO_USER_API 20559ace6771SArd Biesheuvel default y 20569ace6771SArd Biesheuvel help 20579ace6771SArd Biesheuvel Allow obsolete cryptographic algorithms to be selected that have 20589ace6771SArd Biesheuvel already been phased out from internal use by the kernel, and are 20599ace6771SArd Biesheuvel only useful for userspace clients that still rely on them. 20609ace6771SArd Biesheuvel 2061cac5818cSCorentin Labbeconfig CRYPTO_STATS 2062cac5818cSCorentin Labbe bool "Crypto usage statistics for User-space" 2063a6a31385SCorentin Labbe depends on CRYPTO_USER 2064cac5818cSCorentin Labbe help 2065cac5818cSCorentin Labbe This option enables the gathering of crypto stats. 2066cac5818cSCorentin Labbe This will collect: 2067cac5818cSCorentin Labbe - encrypt/decrypt size and numbers of symmeric operations 2068cac5818cSCorentin Labbe - compress/decompress size and numbers of compress operations 2069cac5818cSCorentin Labbe - size and numbers of hash operations 2070cac5818cSCorentin Labbe - encrypt/decrypt/sign/verify numbers for asymmetric operations 2071cac5818cSCorentin Labbe - generate/seed numbers for rng operations 2072cac5818cSCorentin Labbe 2073ee08997fSDmitry Kasatkinconfig CRYPTO_HASH_INFO 2074ee08997fSDmitry Kasatkin bool 2075ee08997fSDmitry Kasatkin 2076*e45f710bSRobert Elliottif MIPS 2077*e45f710bSRobert Elliottsource "arch/mips/crypto/Kconfig" 2078*e45f710bSRobert Elliottendif 2079*e45f710bSRobert Elliott 20801da177e4SLinus Torvaldssource "drivers/crypto/Kconfig" 20818636a1f9SMasahiro Yamadasource "crypto/asymmetric_keys/Kconfig" 20828636a1f9SMasahiro Yamadasource "certs/Kconfig" 20831da177e4SLinus Torvalds 2084cce9e06dSHerbert Xuendif # if CRYPTO 2085