1# SPDX-License-Identifier: GPL-2.0 2# 3# Generic algorithms support 4# 5config XOR_BLOCKS 6 tristate 7 8# 9# async_tx api: hardware offloaded memory transfer/transform support 10# 11source "crypto/async_tx/Kconfig" 12 13# 14# Cryptographic API Configuration 15# 16menuconfig CRYPTO 17 tristate "Cryptographic API" 18 help 19 This option provides the core Cryptographic API. 20 21if CRYPTO 22 23comment "Crypto core or helper" 24 25config CRYPTO_FIPS 26 bool "FIPS 200 compliance" 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 28 depends on (MODULE_SIG || !MODULES) 29 help 30 This option enables the fips boot option which is 31 required if you want the system to operate in a FIPS 200 32 certification. You should say no unless you know what 33 this is. 34 35config CRYPTO_ALGAPI 36 tristate 37 select CRYPTO_ALGAPI2 38 help 39 This option provides the API for cryptographic algorithms. 40 41config CRYPTO_ALGAPI2 42 tristate 43 44config CRYPTO_AEAD 45 tristate 46 select CRYPTO_AEAD2 47 select CRYPTO_ALGAPI 48 49config CRYPTO_AEAD2 50 tristate 51 select CRYPTO_ALGAPI2 52 select CRYPTO_NULL2 53 select CRYPTO_RNG2 54 55config CRYPTO_BLKCIPHER 56 tristate 57 select CRYPTO_BLKCIPHER2 58 select CRYPTO_ALGAPI 59 60config CRYPTO_BLKCIPHER2 61 tristate 62 select CRYPTO_ALGAPI2 63 select CRYPTO_RNG2 64 65config CRYPTO_HASH 66 tristate 67 select CRYPTO_HASH2 68 select CRYPTO_ALGAPI 69 70config CRYPTO_HASH2 71 tristate 72 select CRYPTO_ALGAPI2 73 74config CRYPTO_RNG 75 tristate 76 select CRYPTO_RNG2 77 select CRYPTO_ALGAPI 78 79config CRYPTO_RNG2 80 tristate 81 select CRYPTO_ALGAPI2 82 83config CRYPTO_RNG_DEFAULT 84 tristate 85 select CRYPTO_DRBG_MENU 86 87config CRYPTO_AKCIPHER2 88 tristate 89 select CRYPTO_ALGAPI2 90 91config CRYPTO_AKCIPHER 92 tristate 93 select CRYPTO_AKCIPHER2 94 select CRYPTO_ALGAPI 95 96config CRYPTO_KPP2 97 tristate 98 select CRYPTO_ALGAPI2 99 100config CRYPTO_KPP 101 tristate 102 select CRYPTO_ALGAPI 103 select CRYPTO_KPP2 104 105config CRYPTO_ACOMP2 106 tristate 107 select CRYPTO_ALGAPI2 108 select SGL_ALLOC 109 110config CRYPTO_ACOMP 111 tristate 112 select CRYPTO_ALGAPI 113 select CRYPTO_ACOMP2 114 115config CRYPTO_MANAGER 116 tristate "Cryptographic algorithm manager" 117 select CRYPTO_MANAGER2 118 help 119 Create default cryptographic template instantiations such as 120 cbc(aes). 121 122config CRYPTO_MANAGER2 123 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 124 select CRYPTO_AEAD2 125 select CRYPTO_HASH2 126 select CRYPTO_BLKCIPHER2 127 select CRYPTO_AKCIPHER2 128 select CRYPTO_KPP2 129 select CRYPTO_ACOMP2 130 131config CRYPTO_USER 132 tristate "Userspace cryptographic algorithm configuration" 133 depends on NET 134 select CRYPTO_MANAGER 135 help 136 Userspace configuration for cryptographic instantiations such as 137 cbc(aes). 138 139if CRYPTO_MANAGER2 140 141config CRYPTO_MANAGER_DISABLE_TESTS 142 bool "Disable run-time self tests" 143 default y 144 help 145 Disable run-time self tests that normally take place at 146 algorithm registration. 147 148config CRYPTO_MANAGER_EXTRA_TESTS 149 bool "Enable extra run-time crypto self tests" 150 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS 151 help 152 Enable extra run-time self tests of registered crypto algorithms, 153 including randomized fuzz tests. 154 155 This is intended for developer use only, as these tests take much 156 longer to run than the normal self tests. 157 158endif # if CRYPTO_MANAGER2 159 160config CRYPTO_GF128MUL 161 tristate 162 163config CRYPTO_NULL 164 tristate "Null algorithms" 165 select CRYPTO_NULL2 166 help 167 These are 'Null' algorithms, used by IPsec, which do nothing. 168 169config CRYPTO_NULL2 170 tristate 171 select CRYPTO_ALGAPI2 172 select CRYPTO_BLKCIPHER2 173 select CRYPTO_HASH2 174 175config CRYPTO_PCRYPT 176 tristate "Parallel crypto engine" 177 depends on SMP 178 select PADATA 179 select CRYPTO_MANAGER 180 select CRYPTO_AEAD 181 help 182 This converts an arbitrary crypto algorithm into a parallel 183 algorithm that executes in kernel threads. 184 185config CRYPTO_CRYPTD 186 tristate "Software async crypto daemon" 187 select CRYPTO_BLKCIPHER 188 select CRYPTO_HASH 189 select CRYPTO_MANAGER 190 help 191 This is a generic software asynchronous crypto daemon that 192 converts an arbitrary synchronous software crypto algorithm 193 into an asynchronous algorithm that executes in a kernel thread. 194 195config CRYPTO_AUTHENC 196 tristate "Authenc support" 197 select CRYPTO_AEAD 198 select CRYPTO_BLKCIPHER 199 select CRYPTO_MANAGER 200 select CRYPTO_HASH 201 select CRYPTO_NULL 202 help 203 Authenc: Combined mode wrapper for IPsec. 204 This is required for IPSec. 205 206config CRYPTO_TEST 207 tristate "Testing module" 208 depends on m 209 select CRYPTO_MANAGER 210 help 211 Quick & dirty crypto test module. 212 213config CRYPTO_SIMD 214 tristate 215 select CRYPTO_CRYPTD 216 217config CRYPTO_GLUE_HELPER_X86 218 tristate 219 depends on X86 220 select CRYPTO_BLKCIPHER 221 222config CRYPTO_ENGINE 223 tristate 224 225comment "Public-key cryptography" 226 227config CRYPTO_RSA 228 tristate "RSA algorithm" 229 select CRYPTO_AKCIPHER 230 select CRYPTO_MANAGER 231 select MPILIB 232 select ASN1 233 help 234 Generic implementation of the RSA public key algorithm. 235 236config CRYPTO_DH 237 tristate "Diffie-Hellman algorithm" 238 select CRYPTO_KPP 239 select MPILIB 240 help 241 Generic implementation of the Diffie-Hellman algorithm. 242 243config CRYPTO_ECC 244 tristate 245 246config CRYPTO_ECDH 247 tristate "ECDH algorithm" 248 select CRYPTO_ECC 249 select CRYPTO_KPP 250 select CRYPTO_RNG_DEFAULT 251 help 252 Generic implementation of the ECDH algorithm 253 254config CRYPTO_ECRDSA 255 tristate "EC-RDSA (GOST 34.10) algorithm" 256 select CRYPTO_ECC 257 select CRYPTO_AKCIPHER 258 select CRYPTO_STREEBOG 259 select OID_REGISTRY 260 select ASN1 261 help 262 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 263 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic 264 standard algorithms (called GOST algorithms). Only signature verification 265 is implemented. 266 267comment "Authenticated Encryption with Associated Data" 268 269config CRYPTO_CCM 270 tristate "CCM support" 271 select CRYPTO_CTR 272 select CRYPTO_HASH 273 select CRYPTO_AEAD 274 select CRYPTO_MANAGER 275 help 276 Support for Counter with CBC MAC. Required for IPsec. 277 278config CRYPTO_GCM 279 tristate "GCM/GMAC support" 280 select CRYPTO_CTR 281 select CRYPTO_AEAD 282 select CRYPTO_GHASH 283 select CRYPTO_NULL 284 select CRYPTO_MANAGER 285 help 286 Support for Galois/Counter Mode (GCM) and Galois Message 287 Authentication Code (GMAC). Required for IPSec. 288 289config CRYPTO_CHACHA20POLY1305 290 tristate "ChaCha20-Poly1305 AEAD support" 291 select CRYPTO_CHACHA20 292 select CRYPTO_POLY1305 293 select CRYPTO_AEAD 294 select CRYPTO_MANAGER 295 help 296 ChaCha20-Poly1305 AEAD support, RFC7539. 297 298 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 299 with the Poly1305 authenticator. It is defined in RFC7539 for use in 300 IETF protocols. 301 302config CRYPTO_AEGIS128 303 tristate "AEGIS-128 AEAD algorithm" 304 select CRYPTO_AEAD 305 select CRYPTO_AES # for AES S-box tables 306 help 307 Support for the AEGIS-128 dedicated AEAD algorithm. 308 309config CRYPTO_AEGIS128_AESNI_SSE2 310 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 311 depends on X86 && 64BIT 312 select CRYPTO_AEAD 313 select CRYPTO_SIMD 314 help 315 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm. 316 317config CRYPTO_SEQIV 318 tristate "Sequence Number IV Generator" 319 select CRYPTO_AEAD 320 select CRYPTO_BLKCIPHER 321 select CRYPTO_NULL 322 select CRYPTO_RNG_DEFAULT 323 select CRYPTO_MANAGER 324 help 325 This IV generator generates an IV based on a sequence number by 326 xoring it with a salt. This algorithm is mainly useful for CTR 327 328config CRYPTO_ECHAINIV 329 tristate "Encrypted Chain IV Generator" 330 select CRYPTO_AEAD 331 select CRYPTO_NULL 332 select CRYPTO_RNG_DEFAULT 333 select CRYPTO_MANAGER 334 help 335 This IV generator generates an IV based on the encryption of 336 a sequence number xored with a salt. This is the default 337 algorithm for CBC. 338 339comment "Block modes" 340 341config CRYPTO_CBC 342 tristate "CBC support" 343 select CRYPTO_BLKCIPHER 344 select CRYPTO_MANAGER 345 help 346 CBC: Cipher Block Chaining mode 347 This block cipher algorithm is required for IPSec. 348 349config CRYPTO_CFB 350 tristate "CFB support" 351 select CRYPTO_BLKCIPHER 352 select CRYPTO_MANAGER 353 help 354 CFB: Cipher FeedBack mode 355 This block cipher algorithm is required for TPM2 Cryptography. 356 357config CRYPTO_CTR 358 tristate "CTR support" 359 select CRYPTO_BLKCIPHER 360 select CRYPTO_SEQIV 361 select CRYPTO_MANAGER 362 help 363 CTR: Counter mode 364 This block cipher algorithm is required for IPSec. 365 366config CRYPTO_CTS 367 tristate "CTS support" 368 select CRYPTO_BLKCIPHER 369 select CRYPTO_MANAGER 370 help 371 CTS: Cipher Text Stealing 372 This is the Cipher Text Stealing mode as described by 373 Section 8 of rfc2040 and referenced by rfc3962 374 (rfc3962 includes errata information in its Appendix A) or 375 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. 376 This mode is required for Kerberos gss mechanism support 377 for AES encryption. 378 379 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final 380 381config CRYPTO_ECB 382 tristate "ECB support" 383 select CRYPTO_BLKCIPHER 384 select CRYPTO_MANAGER 385 help 386 ECB: Electronic CodeBook mode 387 This is the simplest block cipher algorithm. It simply encrypts 388 the input block by block. 389 390config CRYPTO_LRW 391 tristate "LRW support" 392 select CRYPTO_BLKCIPHER 393 select CRYPTO_MANAGER 394 select CRYPTO_GF128MUL 395 help 396 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 397 narrow block cipher mode for dm-crypt. Use it with cipher 398 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 399 The first 128, 192 or 256 bits in the key are used for AES and the 400 rest is used to tie each cipher block to its logical position. 401 402config CRYPTO_OFB 403 tristate "OFB support" 404 select CRYPTO_BLKCIPHER 405 select CRYPTO_MANAGER 406 help 407 OFB: the Output Feedback mode makes a block cipher into a synchronous 408 stream cipher. It generates keystream blocks, which are then XORed 409 with the plaintext blocks to get the ciphertext. Flipping a bit in the 410 ciphertext produces a flipped bit in the plaintext at the same 411 location. This property allows many error correcting codes to function 412 normally even when applied before encryption. 413 414config CRYPTO_PCBC 415 tristate "PCBC support" 416 select CRYPTO_BLKCIPHER 417 select CRYPTO_MANAGER 418 help 419 PCBC: Propagating Cipher Block Chaining mode 420 This block cipher algorithm is required for RxRPC. 421 422config CRYPTO_XTS 423 tristate "XTS support" 424 select CRYPTO_BLKCIPHER 425 select CRYPTO_MANAGER 426 select CRYPTO_ECB 427 help 428 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 429 key size 256, 384 or 512 bits. This implementation currently 430 can't handle a sectorsize which is not a multiple of 16 bytes. 431 432config CRYPTO_KEYWRAP 433 tristate "Key wrapping support" 434 select CRYPTO_BLKCIPHER 435 select CRYPTO_MANAGER 436 help 437 Support for key wrapping (NIST SP800-38F / RFC3394) without 438 padding. 439 440config CRYPTO_NHPOLY1305 441 tristate 442 select CRYPTO_HASH 443 select CRYPTO_POLY1305 444 445config CRYPTO_NHPOLY1305_SSE2 446 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)" 447 depends on X86 && 64BIT 448 select CRYPTO_NHPOLY1305 449 help 450 SSE2 optimized implementation of the hash function used by the 451 Adiantum encryption mode. 452 453config CRYPTO_NHPOLY1305_AVX2 454 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)" 455 depends on X86 && 64BIT 456 select CRYPTO_NHPOLY1305 457 help 458 AVX2 optimized implementation of the hash function used by the 459 Adiantum encryption mode. 460 461config CRYPTO_ADIANTUM 462 tristate "Adiantum support" 463 select CRYPTO_CHACHA20 464 select CRYPTO_POLY1305 465 select CRYPTO_NHPOLY1305 466 select CRYPTO_MANAGER 467 help 468 Adiantum is a tweakable, length-preserving encryption mode 469 designed for fast and secure disk encryption, especially on 470 CPUs without dedicated crypto instructions. It encrypts 471 each sector using the XChaCha12 stream cipher, two passes of 472 an ε-almost-∆-universal hash function, and an invocation of 473 the AES-256 block cipher on a single 16-byte block. On CPUs 474 without AES instructions, Adiantum is much faster than 475 AES-XTS. 476 477 Adiantum's security is provably reducible to that of its 478 underlying stream and block ciphers, subject to a security 479 bound. Unlike XTS, Adiantum is a true wide-block encryption 480 mode, so it actually provides an even stronger notion of 481 security than XTS, subject to the security bound. 482 483 If unsure, say N. 484 485comment "Hash modes" 486 487config CRYPTO_CMAC 488 tristate "CMAC support" 489 select CRYPTO_HASH 490 select CRYPTO_MANAGER 491 help 492 Cipher-based Message Authentication Code (CMAC) specified by 493 The National Institute of Standards and Technology (NIST). 494 495 https://tools.ietf.org/html/rfc4493 496 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 497 498config CRYPTO_HMAC 499 tristate "HMAC support" 500 select CRYPTO_HASH 501 select CRYPTO_MANAGER 502 help 503 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 504 This is required for IPSec. 505 506config CRYPTO_XCBC 507 tristate "XCBC support" 508 select CRYPTO_HASH 509 select CRYPTO_MANAGER 510 help 511 XCBC: Keyed-Hashing with encryption algorithm 512 http://www.ietf.org/rfc/rfc3566.txt 513 http://csrc.nist.gov/encryption/modes/proposedmodes/ 514 xcbc-mac/xcbc-mac-spec.pdf 515 516config CRYPTO_VMAC 517 tristate "VMAC support" 518 select CRYPTO_HASH 519 select CRYPTO_MANAGER 520 help 521 VMAC is a message authentication algorithm designed for 522 very high speed on 64-bit architectures. 523 524 See also: 525 <http://fastcrypto.org/vmac> 526 527comment "Digest" 528 529config CRYPTO_CRC32C 530 tristate "CRC32c CRC algorithm" 531 select CRYPTO_HASH 532 select CRC32 533 help 534 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 535 by iSCSI for header and data digests and by others. 536 See Castagnoli93. Module will be crc32c. 537 538config CRYPTO_CRC32C_INTEL 539 tristate "CRC32c INTEL hardware acceleration" 540 depends on X86 541 select CRYPTO_HASH 542 help 543 In Intel processor with SSE4.2 supported, the processor will 544 support CRC32C implementation using hardware accelerated CRC32 545 instruction. This option will create 'crc32c-intel' module, 546 which will enable any routine to use the CRC32 instruction to 547 gain performance compared with software implementation. 548 Module will be crc32c-intel. 549 550config CRYPTO_CRC32C_VPMSUM 551 tristate "CRC32c CRC algorithm (powerpc64)" 552 depends on PPC64 && ALTIVEC 553 select CRYPTO_HASH 554 select CRC32 555 help 556 CRC32c algorithm implemented using vector polynomial multiply-sum 557 (vpmsum) instructions, introduced in POWER8. Enable on POWER8 558 and newer processors for improved performance. 559 560 561config CRYPTO_CRC32C_SPARC64 562 tristate "CRC32c CRC algorithm (SPARC64)" 563 depends on SPARC64 564 select CRYPTO_HASH 565 select CRC32 566 help 567 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 568 when available. 569 570config CRYPTO_CRC32 571 tristate "CRC32 CRC algorithm" 572 select CRYPTO_HASH 573 select CRC32 574 help 575 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 576 Shash crypto api wrappers to crc32_le function. 577 578config CRYPTO_CRC32_PCLMUL 579 tristate "CRC32 PCLMULQDQ hardware acceleration" 580 depends on X86 581 select CRYPTO_HASH 582 select CRC32 583 help 584 From Intel Westmere and AMD Bulldozer processor with SSE4.2 585 and PCLMULQDQ supported, the processor will support 586 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 587 instruction. This option will create 'crc32-pclmul' module, 588 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 589 and gain better performance as compared with the table implementation. 590 591config CRYPTO_CRC32_MIPS 592 tristate "CRC32c and CRC32 CRC algorithm (MIPS)" 593 depends on MIPS_CRC_SUPPORT 594 select CRYPTO_HASH 595 help 596 CRC32c and CRC32 CRC algorithms implemented using mips crypto 597 instructions, when available. 598 599 600config CRYPTO_XXHASH 601 tristate "xxHash hash algorithm" 602 select CRYPTO_HASH 603 select XXHASH 604 help 605 xxHash non-cryptographic hash algorithm. Extremely fast, working at 606 speeds close to RAM limits. 607 608config CRYPTO_CRCT10DIF 609 tristate "CRCT10DIF algorithm" 610 select CRYPTO_HASH 611 help 612 CRC T10 Data Integrity Field computation is being cast as 613 a crypto transform. This allows for faster crc t10 diff 614 transforms to be used if they are available. 615 616config CRYPTO_CRCT10DIF_PCLMUL 617 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 618 depends on X86 && 64BIT && CRC_T10DIF 619 select CRYPTO_HASH 620 help 621 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 622 CRC T10 DIF PCLMULQDQ computation can be hardware 623 accelerated PCLMULQDQ instruction. This option will create 624 'crct10dif-pclmul' module, which is faster when computing the 625 crct10dif checksum as compared with the generic table implementation. 626 627config CRYPTO_CRCT10DIF_VPMSUM 628 tristate "CRC32T10DIF powerpc64 hardware acceleration" 629 depends on PPC64 && ALTIVEC && CRC_T10DIF 630 select CRYPTO_HASH 631 help 632 CRC10T10DIF algorithm implemented using vector polynomial 633 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 634 POWER8 and newer processors for improved performance. 635 636config CRYPTO_VPMSUM_TESTER 637 tristate "Powerpc64 vpmsum hardware acceleration tester" 638 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 639 help 640 Stress test for CRC32c and CRC-T10DIF algorithms implemented with 641 POWER8 vpmsum instructions. 642 Unless you are testing these algorithms, you don't need this. 643 644config CRYPTO_GHASH 645 tristate "GHASH hash function" 646 select CRYPTO_GF128MUL 647 select CRYPTO_HASH 648 help 649 GHASH is the hash function used in GCM (Galois/Counter Mode). 650 It is not a general-purpose cryptographic hash function. 651 652config CRYPTO_POLY1305 653 tristate "Poly1305 authenticator algorithm" 654 select CRYPTO_HASH 655 help 656 Poly1305 authenticator algorithm, RFC7539. 657 658 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 659 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 660 in IETF protocols. This is the portable C implementation of Poly1305. 661 662config CRYPTO_POLY1305_X86_64 663 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 664 depends on X86 && 64BIT 665 select CRYPTO_POLY1305 666 help 667 Poly1305 authenticator algorithm, RFC7539. 668 669 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 670 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 671 in IETF protocols. This is the x86_64 assembler implementation using SIMD 672 instructions. 673 674config CRYPTO_MD4 675 tristate "MD4 digest algorithm" 676 select CRYPTO_HASH 677 help 678 MD4 message digest algorithm (RFC1320). 679 680config CRYPTO_MD5 681 tristate "MD5 digest algorithm" 682 select CRYPTO_HASH 683 help 684 MD5 message digest algorithm (RFC1321). 685 686config CRYPTO_MD5_OCTEON 687 tristate "MD5 digest algorithm (OCTEON)" 688 depends on CPU_CAVIUM_OCTEON 689 select CRYPTO_MD5 690 select CRYPTO_HASH 691 help 692 MD5 message digest algorithm (RFC1321) implemented 693 using OCTEON crypto instructions, when available. 694 695config CRYPTO_MD5_PPC 696 tristate "MD5 digest algorithm (PPC)" 697 depends on PPC 698 select CRYPTO_HASH 699 help 700 MD5 message digest algorithm (RFC1321) implemented 701 in PPC assembler. 702 703config CRYPTO_MD5_SPARC64 704 tristate "MD5 digest algorithm (SPARC64)" 705 depends on SPARC64 706 select CRYPTO_MD5 707 select CRYPTO_HASH 708 help 709 MD5 message digest algorithm (RFC1321) implemented 710 using sparc64 crypto instructions, when available. 711 712config CRYPTO_MICHAEL_MIC 713 tristate "Michael MIC keyed digest algorithm" 714 select CRYPTO_HASH 715 help 716 Michael MIC is used for message integrity protection in TKIP 717 (IEEE 802.11i). This algorithm is required for TKIP, but it 718 should not be used for other purposes because of the weakness 719 of the algorithm. 720 721config CRYPTO_RMD128 722 tristate "RIPEMD-128 digest algorithm" 723 select CRYPTO_HASH 724 help 725 RIPEMD-128 (ISO/IEC 10118-3:2004). 726 727 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 728 be used as a secure replacement for RIPEMD. For other use cases, 729 RIPEMD-160 should be used. 730 731 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 732 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 733 734config CRYPTO_RMD160 735 tristate "RIPEMD-160 digest algorithm" 736 select CRYPTO_HASH 737 help 738 RIPEMD-160 (ISO/IEC 10118-3:2004). 739 740 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 741 to be used as a secure replacement for the 128-bit hash functions 742 MD4, MD5 and it's predecessor RIPEMD 743 (not to be confused with RIPEMD-128). 744 745 It's speed is comparable to SHA1 and there are no known attacks 746 against RIPEMD-160. 747 748 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 749 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 750 751config CRYPTO_RMD256 752 tristate "RIPEMD-256 digest algorithm" 753 select CRYPTO_HASH 754 help 755 RIPEMD-256 is an optional extension of RIPEMD-128 with a 756 256 bit hash. It is intended for applications that require 757 longer hash-results, without needing a larger security level 758 (than RIPEMD-128). 759 760 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 761 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 762 763config CRYPTO_RMD320 764 tristate "RIPEMD-320 digest algorithm" 765 select CRYPTO_HASH 766 help 767 RIPEMD-320 is an optional extension of RIPEMD-160 with a 768 320 bit hash. It is intended for applications that require 769 longer hash-results, without needing a larger security level 770 (than RIPEMD-160). 771 772 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 773 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 774 775config CRYPTO_SHA1 776 tristate "SHA1 digest algorithm" 777 select CRYPTO_HASH 778 help 779 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 780 781config CRYPTO_SHA1_SSSE3 782 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 783 depends on X86 && 64BIT 784 select CRYPTO_SHA1 785 select CRYPTO_HASH 786 help 787 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 788 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 789 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 790 when available. 791 792config CRYPTO_SHA256_SSSE3 793 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 794 depends on X86 && 64BIT 795 select CRYPTO_SHA256 796 select CRYPTO_HASH 797 help 798 SHA-256 secure hash standard (DFIPS 180-2) implemented 799 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 800 Extensions version 1 (AVX1), or Advanced Vector Extensions 801 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 802 Instructions) when available. 803 804config CRYPTO_SHA512_SSSE3 805 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 806 depends on X86 && 64BIT 807 select CRYPTO_SHA512 808 select CRYPTO_HASH 809 help 810 SHA-512 secure hash standard (DFIPS 180-2) implemented 811 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 812 Extensions version 1 (AVX1), or Advanced Vector Extensions 813 version 2 (AVX2) instructions, when available. 814 815config CRYPTO_SHA1_OCTEON 816 tristate "SHA1 digest algorithm (OCTEON)" 817 depends on CPU_CAVIUM_OCTEON 818 select CRYPTO_SHA1 819 select CRYPTO_HASH 820 help 821 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 822 using OCTEON crypto instructions, when available. 823 824config CRYPTO_SHA1_SPARC64 825 tristate "SHA1 digest algorithm (SPARC64)" 826 depends on SPARC64 827 select CRYPTO_SHA1 828 select CRYPTO_HASH 829 help 830 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 831 using sparc64 crypto instructions, when available. 832 833config CRYPTO_SHA1_PPC 834 tristate "SHA1 digest algorithm (powerpc)" 835 depends on PPC 836 help 837 This is the powerpc hardware accelerated implementation of the 838 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 839 840config CRYPTO_SHA1_PPC_SPE 841 tristate "SHA1 digest algorithm (PPC SPE)" 842 depends on PPC && SPE 843 help 844 SHA-1 secure hash standard (DFIPS 180-4) implemented 845 using powerpc SPE SIMD instruction set. 846 847config CRYPTO_SHA256 848 tristate "SHA224 and SHA256 digest algorithm" 849 select CRYPTO_HASH 850 help 851 SHA256 secure hash standard (DFIPS 180-2). 852 853 This version of SHA implements a 256 bit hash with 128 bits of 854 security against collision attacks. 855 856 This code also includes SHA-224, a 224 bit hash with 112 bits 857 of security against collision attacks. 858 859config CRYPTO_SHA256_PPC_SPE 860 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 861 depends on PPC && SPE 862 select CRYPTO_SHA256 863 select CRYPTO_HASH 864 help 865 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 866 implemented using powerpc SPE SIMD instruction set. 867 868config CRYPTO_SHA256_OCTEON 869 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 870 depends on CPU_CAVIUM_OCTEON 871 select CRYPTO_SHA256 872 select CRYPTO_HASH 873 help 874 SHA-256 secure hash standard (DFIPS 180-2) implemented 875 using OCTEON crypto instructions, when available. 876 877config CRYPTO_SHA256_SPARC64 878 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 879 depends on SPARC64 880 select CRYPTO_SHA256 881 select CRYPTO_HASH 882 help 883 SHA-256 secure hash standard (DFIPS 180-2) implemented 884 using sparc64 crypto instructions, when available. 885 886config CRYPTO_SHA512 887 tristate "SHA384 and SHA512 digest algorithms" 888 select CRYPTO_HASH 889 help 890 SHA512 secure hash standard (DFIPS 180-2). 891 892 This version of SHA implements a 512 bit hash with 256 bits of 893 security against collision attacks. 894 895 This code also includes SHA-384, a 384 bit hash with 192 bits 896 of security against collision attacks. 897 898config CRYPTO_SHA512_OCTEON 899 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 900 depends on CPU_CAVIUM_OCTEON 901 select CRYPTO_SHA512 902 select CRYPTO_HASH 903 help 904 SHA-512 secure hash standard (DFIPS 180-2) implemented 905 using OCTEON crypto instructions, when available. 906 907config CRYPTO_SHA512_SPARC64 908 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 909 depends on SPARC64 910 select CRYPTO_SHA512 911 select CRYPTO_HASH 912 help 913 SHA-512 secure hash standard (DFIPS 180-2) implemented 914 using sparc64 crypto instructions, when available. 915 916config CRYPTO_SHA3 917 tristate "SHA3 digest algorithm" 918 select CRYPTO_HASH 919 help 920 SHA-3 secure hash standard (DFIPS 202). It's based on 921 cryptographic sponge function family called Keccak. 922 923 References: 924 http://keccak.noekeon.org/ 925 926config CRYPTO_SM3 927 tristate "SM3 digest algorithm" 928 select CRYPTO_HASH 929 help 930 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 931 It is part of the Chinese Commercial Cryptography suite. 932 933 References: 934 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 935 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 936 937config CRYPTO_STREEBOG 938 tristate "Streebog Hash Function" 939 select CRYPTO_HASH 940 help 941 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian 942 cryptographic standard algorithms (called GOST algorithms). 943 This setting enables two hash algorithms with 256 and 512 bits output. 944 945 References: 946 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 947 https://tools.ietf.org/html/rfc6986 948 949config CRYPTO_TGR192 950 tristate "Tiger digest algorithms" 951 select CRYPTO_HASH 952 help 953 Tiger hash algorithm 192, 160 and 128-bit hashes 954 955 Tiger is a hash function optimized for 64-bit processors while 956 still having decent performance on 32-bit processors. 957 Tiger was developed by Ross Anderson and Eli Biham. 958 959 See also: 960 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 961 962config CRYPTO_WP512 963 tristate "Whirlpool digest algorithms" 964 select CRYPTO_HASH 965 help 966 Whirlpool hash algorithm 512, 384 and 256-bit hashes 967 968 Whirlpool-512 is part of the NESSIE cryptographic primitives. 969 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 970 971 See also: 972 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 973 974config CRYPTO_GHASH_CLMUL_NI_INTEL 975 tristate "GHASH hash function (CLMUL-NI accelerated)" 976 depends on X86 && 64BIT 977 select CRYPTO_CRYPTD 978 help 979 This is the x86_64 CLMUL-NI accelerated implementation of 980 GHASH, the hash function used in GCM (Galois/Counter mode). 981 982comment "Ciphers" 983 984config CRYPTO_LIB_AES 985 tristate 986 987config CRYPTO_AES 988 tristate "AES cipher algorithms" 989 select CRYPTO_ALGAPI 990 select CRYPTO_LIB_AES 991 help 992 AES cipher algorithms (FIPS-197). AES uses the Rijndael 993 algorithm. 994 995 Rijndael appears to be consistently a very good performer in 996 both hardware and software across a wide range of computing 997 environments regardless of its use in feedback or non-feedback 998 modes. Its key setup time is excellent, and its key agility is 999 good. Rijndael's very low memory requirements make it very well 1000 suited for restricted-space environments, in which it also 1001 demonstrates excellent performance. Rijndael's operations are 1002 among the easiest to defend against power and timing attacks. 1003 1004 The AES specifies three key sizes: 128, 192 and 256 bits 1005 1006 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 1007 1008config CRYPTO_AES_TI 1009 tristate "Fixed time AES cipher" 1010 select CRYPTO_ALGAPI 1011 select CRYPTO_LIB_AES 1012 help 1013 This is a generic implementation of AES that attempts to eliminate 1014 data dependent latencies as much as possible without affecting 1015 performance too much. It is intended for use by the generic CCM 1016 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 1017 solely on encryption (although decryption is supported as well, but 1018 with a more dramatic performance hit) 1019 1020 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 1021 8 for decryption), this implementation only uses just two S-boxes of 1022 256 bytes each, and attempts to eliminate data dependent latencies by 1023 prefetching the entire table into the cache at the start of each 1024 block. Interrupts are also disabled to avoid races where cachelines 1025 are evicted when the CPU is interrupted to do something else. 1026 1027config CRYPTO_AES_NI_INTEL 1028 tristate "AES cipher algorithms (AES-NI)" 1029 depends on X86 1030 select CRYPTO_AEAD 1031 select CRYPTO_LIB_AES 1032 select CRYPTO_ALGAPI 1033 select CRYPTO_BLKCIPHER 1034 select CRYPTO_GLUE_HELPER_X86 if 64BIT 1035 select CRYPTO_SIMD 1036 help 1037 Use Intel AES-NI instructions for AES algorithm. 1038 1039 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1040 algorithm. 1041 1042 Rijndael appears to be consistently a very good performer in 1043 both hardware and software across a wide range of computing 1044 environments regardless of its use in feedback or non-feedback 1045 modes. Its key setup time is excellent, and its key agility is 1046 good. Rijndael's very low memory requirements make it very well 1047 suited for restricted-space environments, in which it also 1048 demonstrates excellent performance. Rijndael's operations are 1049 among the easiest to defend against power and timing attacks. 1050 1051 The AES specifies three key sizes: 128, 192 and 256 bits 1052 1053 See <http://csrc.nist.gov/encryption/aes/> for more information. 1054 1055 In addition to AES cipher algorithm support, the acceleration 1056 for some popular block cipher mode is supported too, including 1057 ECB, CBC, LRW, XTS. The 64 bit version has additional 1058 acceleration for CTR. 1059 1060config CRYPTO_AES_SPARC64 1061 tristate "AES cipher algorithms (SPARC64)" 1062 depends on SPARC64 1063 select CRYPTO_CRYPTD 1064 select CRYPTO_ALGAPI 1065 help 1066 Use SPARC64 crypto opcodes for AES algorithm. 1067 1068 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1069 algorithm. 1070 1071 Rijndael appears to be consistently a very good performer in 1072 both hardware and software across a wide range of computing 1073 environments regardless of its use in feedback or non-feedback 1074 modes. Its key setup time is excellent, and its key agility is 1075 good. Rijndael's very low memory requirements make it very well 1076 suited for restricted-space environments, in which it also 1077 demonstrates excellent performance. Rijndael's operations are 1078 among the easiest to defend against power and timing attacks. 1079 1080 The AES specifies three key sizes: 128, 192 and 256 bits 1081 1082 See <http://csrc.nist.gov/encryption/aes/> for more information. 1083 1084 In addition to AES cipher algorithm support, the acceleration 1085 for some popular block cipher mode is supported too, including 1086 ECB and CBC. 1087 1088config CRYPTO_AES_PPC_SPE 1089 tristate "AES cipher algorithms (PPC SPE)" 1090 depends on PPC && SPE 1091 help 1092 AES cipher algorithms (FIPS-197). Additionally the acceleration 1093 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1094 This module should only be used for low power (router) devices 1095 without hardware AES acceleration (e.g. caam crypto). It reduces the 1096 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1097 timining attacks. Nevertheless it might be not as secure as other 1098 architecture specific assembler implementations that work on 1KB 1099 tables or 256 bytes S-boxes. 1100 1101config CRYPTO_ANUBIS 1102 tristate "Anubis cipher algorithm" 1103 select CRYPTO_ALGAPI 1104 help 1105 Anubis cipher algorithm. 1106 1107 Anubis is a variable key length cipher which can use keys from 1108 128 bits to 320 bits in length. It was evaluated as a entrant 1109 in the NESSIE competition. 1110 1111 See also: 1112 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 1113 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 1114 1115config CRYPTO_LIB_ARC4 1116 tristate 1117 1118config CRYPTO_ARC4 1119 tristate "ARC4 cipher algorithm" 1120 select CRYPTO_BLKCIPHER 1121 select CRYPTO_LIB_ARC4 1122 help 1123 ARC4 cipher algorithm. 1124 1125 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1126 bits in length. This algorithm is required for driver-based 1127 WEP, but it should not be for other purposes because of the 1128 weakness of the algorithm. 1129 1130config CRYPTO_BLOWFISH 1131 tristate "Blowfish cipher algorithm" 1132 select CRYPTO_ALGAPI 1133 select CRYPTO_BLOWFISH_COMMON 1134 help 1135 Blowfish cipher algorithm, by Bruce Schneier. 1136 1137 This is a variable key length cipher which can use keys from 32 1138 bits to 448 bits in length. It's fast, simple and specifically 1139 designed for use on "large microprocessors". 1140 1141 See also: 1142 <http://www.schneier.com/blowfish.html> 1143 1144config CRYPTO_BLOWFISH_COMMON 1145 tristate 1146 help 1147 Common parts of the Blowfish cipher algorithm shared by the 1148 generic c and the assembler implementations. 1149 1150 See also: 1151 <http://www.schneier.com/blowfish.html> 1152 1153config CRYPTO_BLOWFISH_X86_64 1154 tristate "Blowfish cipher algorithm (x86_64)" 1155 depends on X86 && 64BIT 1156 select CRYPTO_BLKCIPHER 1157 select CRYPTO_BLOWFISH_COMMON 1158 help 1159 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 1160 1161 This is a variable key length cipher which can use keys from 32 1162 bits to 448 bits in length. It's fast, simple and specifically 1163 designed for use on "large microprocessors". 1164 1165 See also: 1166 <http://www.schneier.com/blowfish.html> 1167 1168config CRYPTO_CAMELLIA 1169 tristate "Camellia cipher algorithms" 1170 depends on CRYPTO 1171 select CRYPTO_ALGAPI 1172 help 1173 Camellia cipher algorithms module. 1174 1175 Camellia is a symmetric key block cipher developed jointly 1176 at NTT and Mitsubishi Electric Corporation. 1177 1178 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1179 1180 See also: 1181 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1182 1183config CRYPTO_CAMELLIA_X86_64 1184 tristate "Camellia cipher algorithm (x86_64)" 1185 depends on X86 && 64BIT 1186 depends on CRYPTO 1187 select CRYPTO_BLKCIPHER 1188 select CRYPTO_GLUE_HELPER_X86 1189 help 1190 Camellia cipher algorithm module (x86_64). 1191 1192 Camellia is a symmetric key block cipher developed jointly 1193 at NTT and Mitsubishi Electric Corporation. 1194 1195 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1196 1197 See also: 1198 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1199 1200config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1201 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1202 depends on X86 && 64BIT 1203 depends on CRYPTO 1204 select CRYPTO_BLKCIPHER 1205 select CRYPTO_CAMELLIA_X86_64 1206 select CRYPTO_GLUE_HELPER_X86 1207 select CRYPTO_SIMD 1208 select CRYPTO_XTS 1209 help 1210 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1211 1212 Camellia is a symmetric key block cipher developed jointly 1213 at NTT and Mitsubishi Electric Corporation. 1214 1215 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1216 1217 See also: 1218 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1219 1220config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1221 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1222 depends on X86 && 64BIT 1223 depends on CRYPTO 1224 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1225 help 1226 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1227 1228 Camellia is a symmetric key block cipher developed jointly 1229 at NTT and Mitsubishi Electric Corporation. 1230 1231 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1232 1233 See also: 1234 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1235 1236config CRYPTO_CAMELLIA_SPARC64 1237 tristate "Camellia cipher algorithm (SPARC64)" 1238 depends on SPARC64 1239 depends on CRYPTO 1240 select CRYPTO_ALGAPI 1241 help 1242 Camellia cipher algorithm module (SPARC64). 1243 1244 Camellia is a symmetric key block cipher developed jointly 1245 at NTT and Mitsubishi Electric Corporation. 1246 1247 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1248 1249 See also: 1250 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1251 1252config CRYPTO_CAST_COMMON 1253 tristate 1254 help 1255 Common parts of the CAST cipher algorithms shared by the 1256 generic c and the assembler implementations. 1257 1258config CRYPTO_CAST5 1259 tristate "CAST5 (CAST-128) cipher algorithm" 1260 select CRYPTO_ALGAPI 1261 select CRYPTO_CAST_COMMON 1262 help 1263 The CAST5 encryption algorithm (synonymous with CAST-128) is 1264 described in RFC2144. 1265 1266config CRYPTO_CAST5_AVX_X86_64 1267 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1268 depends on X86 && 64BIT 1269 select CRYPTO_BLKCIPHER 1270 select CRYPTO_CAST5 1271 select CRYPTO_CAST_COMMON 1272 select CRYPTO_SIMD 1273 help 1274 The CAST5 encryption algorithm (synonymous with CAST-128) is 1275 described in RFC2144. 1276 1277 This module provides the Cast5 cipher algorithm that processes 1278 sixteen blocks parallel using the AVX instruction set. 1279 1280config CRYPTO_CAST6 1281 tristate "CAST6 (CAST-256) cipher algorithm" 1282 select CRYPTO_ALGAPI 1283 select CRYPTO_CAST_COMMON 1284 help 1285 The CAST6 encryption algorithm (synonymous with CAST-256) is 1286 described in RFC2612. 1287 1288config CRYPTO_CAST6_AVX_X86_64 1289 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1290 depends on X86 && 64BIT 1291 select CRYPTO_BLKCIPHER 1292 select CRYPTO_CAST6 1293 select CRYPTO_CAST_COMMON 1294 select CRYPTO_GLUE_HELPER_X86 1295 select CRYPTO_SIMD 1296 select CRYPTO_XTS 1297 help 1298 The CAST6 encryption algorithm (synonymous with CAST-256) is 1299 described in RFC2612. 1300 1301 This module provides the Cast6 cipher algorithm that processes 1302 eight blocks parallel using the AVX instruction set. 1303 1304config CRYPTO_DES 1305 tristate "DES and Triple DES EDE cipher algorithms" 1306 select CRYPTO_ALGAPI 1307 help 1308 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1309 1310config CRYPTO_DES_SPARC64 1311 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1312 depends on SPARC64 1313 select CRYPTO_ALGAPI 1314 select CRYPTO_DES 1315 help 1316 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1317 optimized using SPARC64 crypto opcodes. 1318 1319config CRYPTO_DES3_EDE_X86_64 1320 tristate "Triple DES EDE cipher algorithm (x86-64)" 1321 depends on X86 && 64BIT 1322 select CRYPTO_BLKCIPHER 1323 select CRYPTO_DES 1324 help 1325 Triple DES EDE (FIPS 46-3) algorithm. 1326 1327 This module provides implementation of the Triple DES EDE cipher 1328 algorithm that is optimized for x86-64 processors. Two versions of 1329 algorithm are provided; regular processing one input block and 1330 one that processes three blocks parallel. 1331 1332config CRYPTO_FCRYPT 1333 tristate "FCrypt cipher algorithm" 1334 select CRYPTO_ALGAPI 1335 select CRYPTO_BLKCIPHER 1336 help 1337 FCrypt algorithm used by RxRPC. 1338 1339config CRYPTO_KHAZAD 1340 tristate "Khazad cipher algorithm" 1341 select CRYPTO_ALGAPI 1342 help 1343 Khazad cipher algorithm. 1344 1345 Khazad was a finalist in the initial NESSIE competition. It is 1346 an algorithm optimized for 64-bit processors with good performance 1347 on 32-bit processors. Khazad uses an 128 bit key size. 1348 1349 See also: 1350 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1351 1352config CRYPTO_SALSA20 1353 tristate "Salsa20 stream cipher algorithm" 1354 select CRYPTO_BLKCIPHER 1355 help 1356 Salsa20 stream cipher algorithm. 1357 1358 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1359 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1360 1361 The Salsa20 stream cipher algorithm is designed by Daniel J. 1362 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1363 1364config CRYPTO_CHACHA20 1365 tristate "ChaCha stream cipher algorithms" 1366 select CRYPTO_BLKCIPHER 1367 help 1368 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms. 1369 1370 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1371 Bernstein and further specified in RFC7539 for use in IETF protocols. 1372 This is the portable C implementation of ChaCha20. See also: 1373 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1374 1375 XChaCha20 is the application of the XSalsa20 construction to ChaCha20 1376 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 1377 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 1378 while provably retaining ChaCha20's security. See also: 1379 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf> 1380 1381 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 1382 reduced security margin but increased performance. It can be needed 1383 in some performance-sensitive scenarios. 1384 1385config CRYPTO_CHACHA20_X86_64 1386 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)" 1387 depends on X86 && 64BIT 1388 select CRYPTO_BLKCIPHER 1389 select CRYPTO_CHACHA20 1390 help 1391 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20, 1392 XChaCha20, and XChaCha12 stream ciphers. 1393 1394config CRYPTO_SEED 1395 tristate "SEED cipher algorithm" 1396 select CRYPTO_ALGAPI 1397 help 1398 SEED cipher algorithm (RFC4269). 1399 1400 SEED is a 128-bit symmetric key block cipher that has been 1401 developed by KISA (Korea Information Security Agency) as a 1402 national standard encryption algorithm of the Republic of Korea. 1403 It is a 16 round block cipher with the key size of 128 bit. 1404 1405 See also: 1406 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1407 1408config CRYPTO_SERPENT 1409 tristate "Serpent cipher algorithm" 1410 select CRYPTO_ALGAPI 1411 help 1412 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1413 1414 Keys are allowed to be from 0 to 256 bits in length, in steps 1415 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 1416 variant of Serpent for compatibility with old kerneli.org code. 1417 1418 See also: 1419 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1420 1421config CRYPTO_SERPENT_SSE2_X86_64 1422 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1423 depends on X86 && 64BIT 1424 select CRYPTO_BLKCIPHER 1425 select CRYPTO_GLUE_HELPER_X86 1426 select CRYPTO_SERPENT 1427 select CRYPTO_SIMD 1428 help 1429 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1430 1431 Keys are allowed to be from 0 to 256 bits in length, in steps 1432 of 8 bits. 1433 1434 This module provides Serpent cipher algorithm that processes eight 1435 blocks parallel using SSE2 instruction set. 1436 1437 See also: 1438 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1439 1440config CRYPTO_SERPENT_SSE2_586 1441 tristate "Serpent cipher algorithm (i586/SSE2)" 1442 depends on X86 && !64BIT 1443 select CRYPTO_BLKCIPHER 1444 select CRYPTO_GLUE_HELPER_X86 1445 select CRYPTO_SERPENT 1446 select CRYPTO_SIMD 1447 help 1448 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1449 1450 Keys are allowed to be from 0 to 256 bits in length, in steps 1451 of 8 bits. 1452 1453 This module provides Serpent cipher algorithm that processes four 1454 blocks parallel using SSE2 instruction set. 1455 1456 See also: 1457 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1458 1459config CRYPTO_SERPENT_AVX_X86_64 1460 tristate "Serpent cipher algorithm (x86_64/AVX)" 1461 depends on X86 && 64BIT 1462 select CRYPTO_BLKCIPHER 1463 select CRYPTO_GLUE_HELPER_X86 1464 select CRYPTO_SERPENT 1465 select CRYPTO_SIMD 1466 select CRYPTO_XTS 1467 help 1468 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1469 1470 Keys are allowed to be from 0 to 256 bits in length, in steps 1471 of 8 bits. 1472 1473 This module provides the Serpent cipher algorithm that processes 1474 eight blocks parallel using the AVX instruction set. 1475 1476 See also: 1477 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1478 1479config CRYPTO_SERPENT_AVX2_X86_64 1480 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1481 depends on X86 && 64BIT 1482 select CRYPTO_SERPENT_AVX_X86_64 1483 help 1484 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1485 1486 Keys are allowed to be from 0 to 256 bits in length, in steps 1487 of 8 bits. 1488 1489 This module provides Serpent cipher algorithm that processes 16 1490 blocks parallel using AVX2 instruction set. 1491 1492 See also: 1493 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1494 1495config CRYPTO_SM4 1496 tristate "SM4 cipher algorithm" 1497 select CRYPTO_ALGAPI 1498 help 1499 SM4 cipher algorithms (OSCCA GB/T 32907-2016). 1500 1501 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1502 Organization of State Commercial Administration of China (OSCCA) 1503 as an authorized cryptographic algorithms for the use within China. 1504 1505 SMS4 was originally created for use in protecting wireless 1506 networks, and is mandated in the Chinese National Standard for 1507 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 1508 (GB.15629.11-2003). 1509 1510 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 1511 standardized through TC 260 of the Standardization Administration 1512 of the People's Republic of China (SAC). 1513 1514 The input, output, and key of SMS4 are each 128 bits. 1515 1516 See also: <https://eprint.iacr.org/2008/329.pdf> 1517 1518 If unsure, say N. 1519 1520config CRYPTO_TEA 1521 tristate "TEA, XTEA and XETA cipher algorithms" 1522 select CRYPTO_ALGAPI 1523 help 1524 TEA cipher algorithm. 1525 1526 Tiny Encryption Algorithm is a simple cipher that uses 1527 many rounds for security. It is very fast and uses 1528 little memory. 1529 1530 Xtendend Tiny Encryption Algorithm is a modification to 1531 the TEA algorithm to address a potential key weakness 1532 in the TEA algorithm. 1533 1534 Xtendend Encryption Tiny Algorithm is a mis-implementation 1535 of the XTEA algorithm for compatibility purposes. 1536 1537config CRYPTO_TWOFISH 1538 tristate "Twofish cipher algorithm" 1539 select CRYPTO_ALGAPI 1540 select CRYPTO_TWOFISH_COMMON 1541 help 1542 Twofish cipher algorithm. 1543 1544 Twofish was submitted as an AES (Advanced Encryption Standard) 1545 candidate cipher by researchers at CounterPane Systems. It is a 1546 16 round block cipher supporting key sizes of 128, 192, and 256 1547 bits. 1548 1549 See also: 1550 <http://www.schneier.com/twofish.html> 1551 1552config CRYPTO_TWOFISH_COMMON 1553 tristate 1554 help 1555 Common parts of the Twofish cipher algorithm shared by the 1556 generic c and the assembler implementations. 1557 1558config CRYPTO_TWOFISH_586 1559 tristate "Twofish cipher algorithms (i586)" 1560 depends on (X86 || UML_X86) && !64BIT 1561 select CRYPTO_ALGAPI 1562 select CRYPTO_TWOFISH_COMMON 1563 help 1564 Twofish cipher algorithm. 1565 1566 Twofish was submitted as an AES (Advanced Encryption Standard) 1567 candidate cipher by researchers at CounterPane Systems. It is a 1568 16 round block cipher supporting key sizes of 128, 192, and 256 1569 bits. 1570 1571 See also: 1572 <http://www.schneier.com/twofish.html> 1573 1574config CRYPTO_TWOFISH_X86_64 1575 tristate "Twofish cipher algorithm (x86_64)" 1576 depends on (X86 || UML_X86) && 64BIT 1577 select CRYPTO_ALGAPI 1578 select CRYPTO_TWOFISH_COMMON 1579 help 1580 Twofish cipher algorithm (x86_64). 1581 1582 Twofish was submitted as an AES (Advanced Encryption Standard) 1583 candidate cipher by researchers at CounterPane Systems. It is a 1584 16 round block cipher supporting key sizes of 128, 192, and 256 1585 bits. 1586 1587 See also: 1588 <http://www.schneier.com/twofish.html> 1589 1590config CRYPTO_TWOFISH_X86_64_3WAY 1591 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1592 depends on X86 && 64BIT 1593 select CRYPTO_BLKCIPHER 1594 select CRYPTO_TWOFISH_COMMON 1595 select CRYPTO_TWOFISH_X86_64 1596 select CRYPTO_GLUE_HELPER_X86 1597 help 1598 Twofish cipher algorithm (x86_64, 3-way parallel). 1599 1600 Twofish was submitted as an AES (Advanced Encryption Standard) 1601 candidate cipher by researchers at CounterPane Systems. It is a 1602 16 round block cipher supporting key sizes of 128, 192, and 256 1603 bits. 1604 1605 This module provides Twofish cipher algorithm that processes three 1606 blocks parallel, utilizing resources of out-of-order CPUs better. 1607 1608 See also: 1609 <http://www.schneier.com/twofish.html> 1610 1611config CRYPTO_TWOFISH_AVX_X86_64 1612 tristate "Twofish cipher algorithm (x86_64/AVX)" 1613 depends on X86 && 64BIT 1614 select CRYPTO_BLKCIPHER 1615 select CRYPTO_GLUE_HELPER_X86 1616 select CRYPTO_SIMD 1617 select CRYPTO_TWOFISH_COMMON 1618 select CRYPTO_TWOFISH_X86_64 1619 select CRYPTO_TWOFISH_X86_64_3WAY 1620 help 1621 Twofish cipher algorithm (x86_64/AVX). 1622 1623 Twofish was submitted as an AES (Advanced Encryption Standard) 1624 candidate cipher by researchers at CounterPane Systems. It is a 1625 16 round block cipher supporting key sizes of 128, 192, and 256 1626 bits. 1627 1628 This module provides the Twofish cipher algorithm that processes 1629 eight blocks parallel using the AVX Instruction Set. 1630 1631 See also: 1632 <http://www.schneier.com/twofish.html> 1633 1634comment "Compression" 1635 1636config CRYPTO_DEFLATE 1637 tristate "Deflate compression algorithm" 1638 select CRYPTO_ALGAPI 1639 select CRYPTO_ACOMP2 1640 select ZLIB_INFLATE 1641 select ZLIB_DEFLATE 1642 help 1643 This is the Deflate algorithm (RFC1951), specified for use in 1644 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1645 1646 You will most probably want this if using IPSec. 1647 1648config CRYPTO_LZO 1649 tristate "LZO compression algorithm" 1650 select CRYPTO_ALGAPI 1651 select CRYPTO_ACOMP2 1652 select LZO_COMPRESS 1653 select LZO_DECOMPRESS 1654 help 1655 This is the LZO algorithm. 1656 1657config CRYPTO_842 1658 tristate "842 compression algorithm" 1659 select CRYPTO_ALGAPI 1660 select CRYPTO_ACOMP2 1661 select 842_COMPRESS 1662 select 842_DECOMPRESS 1663 help 1664 This is the 842 algorithm. 1665 1666config CRYPTO_LZ4 1667 tristate "LZ4 compression algorithm" 1668 select CRYPTO_ALGAPI 1669 select CRYPTO_ACOMP2 1670 select LZ4_COMPRESS 1671 select LZ4_DECOMPRESS 1672 help 1673 This is the LZ4 algorithm. 1674 1675config CRYPTO_LZ4HC 1676 tristate "LZ4HC compression algorithm" 1677 select CRYPTO_ALGAPI 1678 select CRYPTO_ACOMP2 1679 select LZ4HC_COMPRESS 1680 select LZ4_DECOMPRESS 1681 help 1682 This is the LZ4 high compression mode algorithm. 1683 1684config CRYPTO_ZSTD 1685 tristate "Zstd compression algorithm" 1686 select CRYPTO_ALGAPI 1687 select CRYPTO_ACOMP2 1688 select ZSTD_COMPRESS 1689 select ZSTD_DECOMPRESS 1690 help 1691 This is the zstd algorithm. 1692 1693comment "Random Number Generation" 1694 1695config CRYPTO_ANSI_CPRNG 1696 tristate "Pseudo Random Number Generation for Cryptographic modules" 1697 select CRYPTO_AES 1698 select CRYPTO_RNG 1699 help 1700 This option enables the generic pseudo random number generator 1701 for cryptographic modules. Uses the Algorithm specified in 1702 ANSI X9.31 A.2.4. Note that this option must be enabled if 1703 CRYPTO_FIPS is selected 1704 1705menuconfig CRYPTO_DRBG_MENU 1706 tristate "NIST SP800-90A DRBG" 1707 help 1708 NIST SP800-90A compliant DRBG. In the following submenu, one or 1709 more of the DRBG types must be selected. 1710 1711if CRYPTO_DRBG_MENU 1712 1713config CRYPTO_DRBG_HMAC 1714 bool 1715 default y 1716 select CRYPTO_HMAC 1717 select CRYPTO_SHA256 1718 1719config CRYPTO_DRBG_HASH 1720 bool "Enable Hash DRBG" 1721 select CRYPTO_SHA256 1722 help 1723 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1724 1725config CRYPTO_DRBG_CTR 1726 bool "Enable CTR DRBG" 1727 select CRYPTO_AES 1728 depends on CRYPTO_CTR 1729 help 1730 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1731 1732config CRYPTO_DRBG 1733 tristate 1734 default CRYPTO_DRBG_MENU 1735 select CRYPTO_RNG 1736 select CRYPTO_JITTERENTROPY 1737 1738endif # if CRYPTO_DRBG_MENU 1739 1740config CRYPTO_JITTERENTROPY 1741 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1742 select CRYPTO_RNG 1743 help 1744 The Jitterentropy RNG is a noise that is intended 1745 to provide seed to another RNG. The RNG does not 1746 perform any cryptographic whitening of the generated 1747 random numbers. This Jitterentropy RNG registers with 1748 the kernel crypto API and can be used by any caller. 1749 1750config CRYPTO_USER_API 1751 tristate 1752 1753config CRYPTO_USER_API_HASH 1754 tristate "User-space interface for hash algorithms" 1755 depends on NET 1756 select CRYPTO_HASH 1757 select CRYPTO_USER_API 1758 help 1759 This option enables the user-spaces interface for hash 1760 algorithms. 1761 1762config CRYPTO_USER_API_SKCIPHER 1763 tristate "User-space interface for symmetric key cipher algorithms" 1764 depends on NET 1765 select CRYPTO_BLKCIPHER 1766 select CRYPTO_USER_API 1767 help 1768 This option enables the user-spaces interface for symmetric 1769 key cipher algorithms. 1770 1771config CRYPTO_USER_API_RNG 1772 tristate "User-space interface for random number generator algorithms" 1773 depends on NET 1774 select CRYPTO_RNG 1775 select CRYPTO_USER_API 1776 help 1777 This option enables the user-spaces interface for random 1778 number generator algorithms. 1779 1780config CRYPTO_USER_API_AEAD 1781 tristate "User-space interface for AEAD cipher algorithms" 1782 depends on NET 1783 select CRYPTO_AEAD 1784 select CRYPTO_BLKCIPHER 1785 select CRYPTO_NULL 1786 select CRYPTO_USER_API 1787 help 1788 This option enables the user-spaces interface for AEAD 1789 cipher algorithms. 1790 1791config CRYPTO_STATS 1792 bool "Crypto usage statistics for User-space" 1793 depends on CRYPTO_USER 1794 help 1795 This option enables the gathering of crypto stats. 1796 This will collect: 1797 - encrypt/decrypt size and numbers of symmeric operations 1798 - compress/decompress size and numbers of compress operations 1799 - size and numbers of hash operations 1800 - encrypt/decrypt/sign/verify numbers for asymmetric operations 1801 - generate/seed numbers for rng operations 1802 1803config CRYPTO_HASH_INFO 1804 bool 1805 1806source "drivers/crypto/Kconfig" 1807source "crypto/asymmetric_keys/Kconfig" 1808source "certs/Kconfig" 1809 1810endif # if CRYPTO 1811