1# SPDX-License-Identifier: GPL-2.0 2# 3# Generic algorithms support 4# 5config XOR_BLOCKS 6 tristate 7 8# 9# async_tx api: hardware offloaded memory transfer/transform support 10# 11source "crypto/async_tx/Kconfig" 12 13# 14# Cryptographic API Configuration 15# 16menuconfig CRYPTO 17 tristate "Cryptographic API" 18 help 19 This option provides the core Cryptographic API. 20 21if CRYPTO 22 23comment "Crypto core or helper" 24 25config CRYPTO_FIPS 26 bool "FIPS 200 compliance" 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 28 depends on (MODULE_SIG || !MODULES) 29 help 30 This option enables the fips boot option which is 31 required if you want the system to operate in a FIPS 200 32 certification. You should say no unless you know what 33 this is. 34 35config CRYPTO_ALGAPI 36 tristate 37 select CRYPTO_ALGAPI2 38 help 39 This option provides the API for cryptographic algorithms. 40 41config CRYPTO_ALGAPI2 42 tristate 43 44config CRYPTO_AEAD 45 tristate 46 select CRYPTO_AEAD2 47 select CRYPTO_ALGAPI 48 49config CRYPTO_AEAD2 50 tristate 51 select CRYPTO_ALGAPI2 52 select CRYPTO_NULL2 53 select CRYPTO_RNG2 54 55config CRYPTO_BLKCIPHER 56 tristate 57 select CRYPTO_BLKCIPHER2 58 select CRYPTO_ALGAPI 59 60config CRYPTO_BLKCIPHER2 61 tristate 62 select CRYPTO_ALGAPI2 63 select CRYPTO_RNG2 64 65config CRYPTO_HASH 66 tristate 67 select CRYPTO_HASH2 68 select CRYPTO_ALGAPI 69 70config CRYPTO_HASH2 71 tristate 72 select CRYPTO_ALGAPI2 73 74config CRYPTO_RNG 75 tristate 76 select CRYPTO_RNG2 77 select CRYPTO_ALGAPI 78 79config CRYPTO_RNG2 80 tristate 81 select CRYPTO_ALGAPI2 82 83config CRYPTO_RNG_DEFAULT 84 tristate 85 select CRYPTO_DRBG_MENU 86 87config CRYPTO_AKCIPHER2 88 tristate 89 select CRYPTO_ALGAPI2 90 91config CRYPTO_AKCIPHER 92 tristate 93 select CRYPTO_AKCIPHER2 94 select CRYPTO_ALGAPI 95 96config CRYPTO_KPP2 97 tristate 98 select CRYPTO_ALGAPI2 99 100config CRYPTO_KPP 101 tristate 102 select CRYPTO_ALGAPI 103 select CRYPTO_KPP2 104 105config CRYPTO_ACOMP2 106 tristate 107 select CRYPTO_ALGAPI2 108 select SGL_ALLOC 109 110config CRYPTO_ACOMP 111 tristate 112 select CRYPTO_ALGAPI 113 select CRYPTO_ACOMP2 114 115config CRYPTO_MANAGER 116 tristate "Cryptographic algorithm manager" 117 select CRYPTO_MANAGER2 118 help 119 Create default cryptographic template instantiations such as 120 cbc(aes). 121 122config CRYPTO_MANAGER2 123 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 124 select CRYPTO_AEAD2 125 select CRYPTO_HASH2 126 select CRYPTO_BLKCIPHER2 127 select CRYPTO_AKCIPHER2 128 select CRYPTO_KPP2 129 select CRYPTO_ACOMP2 130 131config CRYPTO_USER 132 tristate "Userspace cryptographic algorithm configuration" 133 depends on NET 134 select CRYPTO_MANAGER 135 help 136 Userspace configuration for cryptographic instantiations such as 137 cbc(aes). 138 139if CRYPTO_MANAGER2 140 141config CRYPTO_MANAGER_DISABLE_TESTS 142 bool "Disable run-time self tests" 143 default y 144 help 145 Disable run-time self tests that normally take place at 146 algorithm registration. 147 148config CRYPTO_MANAGER_EXTRA_TESTS 149 bool "Enable extra run-time crypto self tests" 150 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS 151 help 152 Enable extra run-time self tests of registered crypto algorithms, 153 including randomized fuzz tests. 154 155 This is intended for developer use only, as these tests take much 156 longer to run than the normal self tests. 157 158endif # if CRYPTO_MANAGER2 159 160config CRYPTO_GF128MUL 161 tristate 162 163config CRYPTO_NULL 164 tristate "Null algorithms" 165 select CRYPTO_NULL2 166 help 167 These are 'Null' algorithms, used by IPsec, which do nothing. 168 169config CRYPTO_NULL2 170 tristate 171 select CRYPTO_ALGAPI2 172 select CRYPTO_BLKCIPHER2 173 select CRYPTO_HASH2 174 175config CRYPTO_PCRYPT 176 tristate "Parallel crypto engine" 177 depends on SMP 178 select PADATA 179 select CRYPTO_MANAGER 180 select CRYPTO_AEAD 181 help 182 This converts an arbitrary crypto algorithm into a parallel 183 algorithm that executes in kernel threads. 184 185config CRYPTO_CRYPTD 186 tristate "Software async crypto daemon" 187 select CRYPTO_BLKCIPHER 188 select CRYPTO_HASH 189 select CRYPTO_MANAGER 190 help 191 This is a generic software asynchronous crypto daemon that 192 converts an arbitrary synchronous software crypto algorithm 193 into an asynchronous algorithm that executes in a kernel thread. 194 195config CRYPTO_AUTHENC 196 tristate "Authenc support" 197 select CRYPTO_AEAD 198 select CRYPTO_BLKCIPHER 199 select CRYPTO_MANAGER 200 select CRYPTO_HASH 201 select CRYPTO_NULL 202 help 203 Authenc: Combined mode wrapper for IPsec. 204 This is required for IPSec. 205 206config CRYPTO_TEST 207 tristate "Testing module" 208 depends on m 209 select CRYPTO_MANAGER 210 help 211 Quick & dirty crypto test module. 212 213config CRYPTO_SIMD 214 tristate 215 select CRYPTO_CRYPTD 216 217config CRYPTO_GLUE_HELPER_X86 218 tristate 219 depends on X86 220 select CRYPTO_BLKCIPHER 221 222config CRYPTO_ENGINE 223 tristate 224 225comment "Public-key cryptography" 226 227config CRYPTO_RSA 228 tristate "RSA algorithm" 229 select CRYPTO_AKCIPHER 230 select CRYPTO_MANAGER 231 select MPILIB 232 select ASN1 233 help 234 Generic implementation of the RSA public key algorithm. 235 236config CRYPTO_DH 237 tristate "Diffie-Hellman algorithm" 238 select CRYPTO_KPP 239 select MPILIB 240 help 241 Generic implementation of the Diffie-Hellman algorithm. 242 243config CRYPTO_ECC 244 tristate 245 246config CRYPTO_ECDH 247 tristate "ECDH algorithm" 248 select CRYPTO_ECC 249 select CRYPTO_KPP 250 select CRYPTO_RNG_DEFAULT 251 help 252 Generic implementation of the ECDH algorithm 253 254config CRYPTO_ECRDSA 255 tristate "EC-RDSA (GOST 34.10) algorithm" 256 select CRYPTO_ECC 257 select CRYPTO_AKCIPHER 258 select CRYPTO_STREEBOG 259 select OID_REGISTRY 260 select ASN1 261 help 262 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 263 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic 264 standard algorithms (called GOST algorithms). Only signature verification 265 is implemented. 266 267comment "Authenticated Encryption with Associated Data" 268 269config CRYPTO_CCM 270 tristate "CCM support" 271 select CRYPTO_CTR 272 select CRYPTO_HASH 273 select CRYPTO_AEAD 274 select CRYPTO_MANAGER 275 help 276 Support for Counter with CBC MAC. Required for IPsec. 277 278config CRYPTO_GCM 279 tristate "GCM/GMAC support" 280 select CRYPTO_CTR 281 select CRYPTO_AEAD 282 select CRYPTO_GHASH 283 select CRYPTO_NULL 284 select CRYPTO_MANAGER 285 help 286 Support for Galois/Counter Mode (GCM) and Galois Message 287 Authentication Code (GMAC). Required for IPSec. 288 289config CRYPTO_CHACHA20POLY1305 290 tristate "ChaCha20-Poly1305 AEAD support" 291 select CRYPTO_CHACHA20 292 select CRYPTO_POLY1305 293 select CRYPTO_AEAD 294 select CRYPTO_MANAGER 295 help 296 ChaCha20-Poly1305 AEAD support, RFC7539. 297 298 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 299 with the Poly1305 authenticator. It is defined in RFC7539 for use in 300 IETF protocols. 301 302config CRYPTO_AEGIS128 303 tristate "AEGIS-128 AEAD algorithm" 304 select CRYPTO_AEAD 305 select CRYPTO_AES # for AES S-box tables 306 help 307 Support for the AEGIS-128 dedicated AEAD algorithm. 308 309config CRYPTO_AEGIS128_SIMD 310 bool "Support SIMD acceleration for AEGIS-128" 311 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) 312 default y 313 314config CRYPTO_AEGIS128_AESNI_SSE2 315 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 316 depends on X86 && 64BIT 317 select CRYPTO_AEAD 318 select CRYPTO_SIMD 319 help 320 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm. 321 322config CRYPTO_SEQIV 323 tristate "Sequence Number IV Generator" 324 select CRYPTO_AEAD 325 select CRYPTO_BLKCIPHER 326 select CRYPTO_NULL 327 select CRYPTO_RNG_DEFAULT 328 select CRYPTO_MANAGER 329 help 330 This IV generator generates an IV based on a sequence number by 331 xoring it with a salt. This algorithm is mainly useful for CTR 332 333config CRYPTO_ECHAINIV 334 tristate "Encrypted Chain IV Generator" 335 select CRYPTO_AEAD 336 select CRYPTO_NULL 337 select CRYPTO_RNG_DEFAULT 338 select CRYPTO_MANAGER 339 help 340 This IV generator generates an IV based on the encryption of 341 a sequence number xored with a salt. This is the default 342 algorithm for CBC. 343 344comment "Block modes" 345 346config CRYPTO_CBC 347 tristate "CBC support" 348 select CRYPTO_BLKCIPHER 349 select CRYPTO_MANAGER 350 help 351 CBC: Cipher Block Chaining mode 352 This block cipher algorithm is required for IPSec. 353 354config CRYPTO_CFB 355 tristate "CFB support" 356 select CRYPTO_BLKCIPHER 357 select CRYPTO_MANAGER 358 help 359 CFB: Cipher FeedBack mode 360 This block cipher algorithm is required for TPM2 Cryptography. 361 362config CRYPTO_CTR 363 tristate "CTR support" 364 select CRYPTO_BLKCIPHER 365 select CRYPTO_SEQIV 366 select CRYPTO_MANAGER 367 help 368 CTR: Counter mode 369 This block cipher algorithm is required for IPSec. 370 371config CRYPTO_CTS 372 tristate "CTS support" 373 select CRYPTO_BLKCIPHER 374 select CRYPTO_MANAGER 375 help 376 CTS: Cipher Text Stealing 377 This is the Cipher Text Stealing mode as described by 378 Section 8 of rfc2040 and referenced by rfc3962 379 (rfc3962 includes errata information in its Appendix A) or 380 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. 381 This mode is required for Kerberos gss mechanism support 382 for AES encryption. 383 384 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final 385 386config CRYPTO_ECB 387 tristate "ECB support" 388 select CRYPTO_BLKCIPHER 389 select CRYPTO_MANAGER 390 help 391 ECB: Electronic CodeBook mode 392 This is the simplest block cipher algorithm. It simply encrypts 393 the input block by block. 394 395config CRYPTO_LRW 396 tristate "LRW support" 397 select CRYPTO_BLKCIPHER 398 select CRYPTO_MANAGER 399 select CRYPTO_GF128MUL 400 help 401 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 402 narrow block cipher mode for dm-crypt. Use it with cipher 403 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 404 The first 128, 192 or 256 bits in the key are used for AES and the 405 rest is used to tie each cipher block to its logical position. 406 407config CRYPTO_OFB 408 tristate "OFB support" 409 select CRYPTO_BLKCIPHER 410 select CRYPTO_MANAGER 411 help 412 OFB: the Output Feedback mode makes a block cipher into a synchronous 413 stream cipher. It generates keystream blocks, which are then XORed 414 with the plaintext blocks to get the ciphertext. Flipping a bit in the 415 ciphertext produces a flipped bit in the plaintext at the same 416 location. This property allows many error correcting codes to function 417 normally even when applied before encryption. 418 419config CRYPTO_PCBC 420 tristate "PCBC support" 421 select CRYPTO_BLKCIPHER 422 select CRYPTO_MANAGER 423 help 424 PCBC: Propagating Cipher Block Chaining mode 425 This block cipher algorithm is required for RxRPC. 426 427config CRYPTO_XTS 428 tristate "XTS support" 429 select CRYPTO_BLKCIPHER 430 select CRYPTO_MANAGER 431 select CRYPTO_ECB 432 help 433 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 434 key size 256, 384 or 512 bits. This implementation currently 435 can't handle a sectorsize which is not a multiple of 16 bytes. 436 437config CRYPTO_KEYWRAP 438 tristate "Key wrapping support" 439 select CRYPTO_BLKCIPHER 440 select CRYPTO_MANAGER 441 help 442 Support for key wrapping (NIST SP800-38F / RFC3394) without 443 padding. 444 445config CRYPTO_NHPOLY1305 446 tristate 447 select CRYPTO_HASH 448 select CRYPTO_POLY1305 449 450config CRYPTO_NHPOLY1305_SSE2 451 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)" 452 depends on X86 && 64BIT 453 select CRYPTO_NHPOLY1305 454 help 455 SSE2 optimized implementation of the hash function used by the 456 Adiantum encryption mode. 457 458config CRYPTO_NHPOLY1305_AVX2 459 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)" 460 depends on X86 && 64BIT 461 select CRYPTO_NHPOLY1305 462 help 463 AVX2 optimized implementation of the hash function used by the 464 Adiantum encryption mode. 465 466config CRYPTO_ADIANTUM 467 tristate "Adiantum support" 468 select CRYPTO_CHACHA20 469 select CRYPTO_POLY1305 470 select CRYPTO_NHPOLY1305 471 select CRYPTO_MANAGER 472 help 473 Adiantum is a tweakable, length-preserving encryption mode 474 designed for fast and secure disk encryption, especially on 475 CPUs without dedicated crypto instructions. It encrypts 476 each sector using the XChaCha12 stream cipher, two passes of 477 an ε-almost-∆-universal hash function, and an invocation of 478 the AES-256 block cipher on a single 16-byte block. On CPUs 479 without AES instructions, Adiantum is much faster than 480 AES-XTS. 481 482 Adiantum's security is provably reducible to that of its 483 underlying stream and block ciphers, subject to a security 484 bound. Unlike XTS, Adiantum is a true wide-block encryption 485 mode, so it actually provides an even stronger notion of 486 security than XTS, subject to the security bound. 487 488 If unsure, say N. 489 490comment "Hash modes" 491 492config CRYPTO_CMAC 493 tristate "CMAC support" 494 select CRYPTO_HASH 495 select CRYPTO_MANAGER 496 help 497 Cipher-based Message Authentication Code (CMAC) specified by 498 The National Institute of Standards and Technology (NIST). 499 500 https://tools.ietf.org/html/rfc4493 501 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 502 503config CRYPTO_HMAC 504 tristate "HMAC support" 505 select CRYPTO_HASH 506 select CRYPTO_MANAGER 507 help 508 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 509 This is required for IPSec. 510 511config CRYPTO_XCBC 512 tristate "XCBC support" 513 select CRYPTO_HASH 514 select CRYPTO_MANAGER 515 help 516 XCBC: Keyed-Hashing with encryption algorithm 517 http://www.ietf.org/rfc/rfc3566.txt 518 http://csrc.nist.gov/encryption/modes/proposedmodes/ 519 xcbc-mac/xcbc-mac-spec.pdf 520 521config CRYPTO_VMAC 522 tristate "VMAC support" 523 select CRYPTO_HASH 524 select CRYPTO_MANAGER 525 help 526 VMAC is a message authentication algorithm designed for 527 very high speed on 64-bit architectures. 528 529 See also: 530 <http://fastcrypto.org/vmac> 531 532comment "Digest" 533 534config CRYPTO_CRC32C 535 tristate "CRC32c CRC algorithm" 536 select CRYPTO_HASH 537 select CRC32 538 help 539 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 540 by iSCSI for header and data digests and by others. 541 See Castagnoli93. Module will be crc32c. 542 543config CRYPTO_CRC32C_INTEL 544 tristate "CRC32c INTEL hardware acceleration" 545 depends on X86 546 select CRYPTO_HASH 547 help 548 In Intel processor with SSE4.2 supported, the processor will 549 support CRC32C implementation using hardware accelerated CRC32 550 instruction. This option will create 'crc32c-intel' module, 551 which will enable any routine to use the CRC32 instruction to 552 gain performance compared with software implementation. 553 Module will be crc32c-intel. 554 555config CRYPTO_CRC32C_VPMSUM 556 tristate "CRC32c CRC algorithm (powerpc64)" 557 depends on PPC64 && ALTIVEC 558 select CRYPTO_HASH 559 select CRC32 560 help 561 CRC32c algorithm implemented using vector polynomial multiply-sum 562 (vpmsum) instructions, introduced in POWER8. Enable on POWER8 563 and newer processors for improved performance. 564 565 566config CRYPTO_CRC32C_SPARC64 567 tristate "CRC32c CRC algorithm (SPARC64)" 568 depends on SPARC64 569 select CRYPTO_HASH 570 select CRC32 571 help 572 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 573 when available. 574 575config CRYPTO_CRC32 576 tristate "CRC32 CRC algorithm" 577 select CRYPTO_HASH 578 select CRC32 579 help 580 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 581 Shash crypto api wrappers to crc32_le function. 582 583config CRYPTO_CRC32_PCLMUL 584 tristate "CRC32 PCLMULQDQ hardware acceleration" 585 depends on X86 586 select CRYPTO_HASH 587 select CRC32 588 help 589 From Intel Westmere and AMD Bulldozer processor with SSE4.2 590 and PCLMULQDQ supported, the processor will support 591 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 592 instruction. This option will create 'crc32-pclmul' module, 593 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 594 and gain better performance as compared with the table implementation. 595 596config CRYPTO_CRC32_MIPS 597 tristate "CRC32c and CRC32 CRC algorithm (MIPS)" 598 depends on MIPS_CRC_SUPPORT 599 select CRYPTO_HASH 600 help 601 CRC32c and CRC32 CRC algorithms implemented using mips crypto 602 instructions, when available. 603 604 605config CRYPTO_XXHASH 606 tristate "xxHash hash algorithm" 607 select CRYPTO_HASH 608 select XXHASH 609 help 610 xxHash non-cryptographic hash algorithm. Extremely fast, working at 611 speeds close to RAM limits. 612 613config CRYPTO_CRCT10DIF 614 tristate "CRCT10DIF algorithm" 615 select CRYPTO_HASH 616 help 617 CRC T10 Data Integrity Field computation is being cast as 618 a crypto transform. This allows for faster crc t10 diff 619 transforms to be used if they are available. 620 621config CRYPTO_CRCT10DIF_PCLMUL 622 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 623 depends on X86 && 64BIT && CRC_T10DIF 624 select CRYPTO_HASH 625 help 626 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 627 CRC T10 DIF PCLMULQDQ computation can be hardware 628 accelerated PCLMULQDQ instruction. This option will create 629 'crct10dif-pclmul' module, which is faster when computing the 630 crct10dif checksum as compared with the generic table implementation. 631 632config CRYPTO_CRCT10DIF_VPMSUM 633 tristate "CRC32T10DIF powerpc64 hardware acceleration" 634 depends on PPC64 && ALTIVEC && CRC_T10DIF 635 select CRYPTO_HASH 636 help 637 CRC10T10DIF algorithm implemented using vector polynomial 638 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 639 POWER8 and newer processors for improved performance. 640 641config CRYPTO_VPMSUM_TESTER 642 tristate "Powerpc64 vpmsum hardware acceleration tester" 643 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 644 help 645 Stress test for CRC32c and CRC-T10DIF algorithms implemented with 646 POWER8 vpmsum instructions. 647 Unless you are testing these algorithms, you don't need this. 648 649config CRYPTO_GHASH 650 tristate "GHASH digest algorithm" 651 select CRYPTO_GF128MUL 652 select CRYPTO_HASH 653 help 654 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 655 656config CRYPTO_POLY1305 657 tristate "Poly1305 authenticator algorithm" 658 select CRYPTO_HASH 659 help 660 Poly1305 authenticator algorithm, RFC7539. 661 662 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 663 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 664 in IETF protocols. This is the portable C implementation of Poly1305. 665 666config CRYPTO_POLY1305_X86_64 667 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 668 depends on X86 && 64BIT 669 select CRYPTO_POLY1305 670 help 671 Poly1305 authenticator algorithm, RFC7539. 672 673 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 674 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 675 in IETF protocols. This is the x86_64 assembler implementation using SIMD 676 instructions. 677 678config CRYPTO_MD4 679 tristate "MD4 digest algorithm" 680 select CRYPTO_HASH 681 help 682 MD4 message digest algorithm (RFC1320). 683 684config CRYPTO_MD5 685 tristate "MD5 digest algorithm" 686 select CRYPTO_HASH 687 help 688 MD5 message digest algorithm (RFC1321). 689 690config CRYPTO_MD5_OCTEON 691 tristate "MD5 digest algorithm (OCTEON)" 692 depends on CPU_CAVIUM_OCTEON 693 select CRYPTO_MD5 694 select CRYPTO_HASH 695 help 696 MD5 message digest algorithm (RFC1321) implemented 697 using OCTEON crypto instructions, when available. 698 699config CRYPTO_MD5_PPC 700 tristate "MD5 digest algorithm (PPC)" 701 depends on PPC 702 select CRYPTO_HASH 703 help 704 MD5 message digest algorithm (RFC1321) implemented 705 in PPC assembler. 706 707config CRYPTO_MD5_SPARC64 708 tristate "MD5 digest algorithm (SPARC64)" 709 depends on SPARC64 710 select CRYPTO_MD5 711 select CRYPTO_HASH 712 help 713 MD5 message digest algorithm (RFC1321) implemented 714 using sparc64 crypto instructions, when available. 715 716config CRYPTO_MICHAEL_MIC 717 tristate "Michael MIC keyed digest algorithm" 718 select CRYPTO_HASH 719 help 720 Michael MIC is used for message integrity protection in TKIP 721 (IEEE 802.11i). This algorithm is required for TKIP, but it 722 should not be used for other purposes because of the weakness 723 of the algorithm. 724 725config CRYPTO_RMD128 726 tristate "RIPEMD-128 digest algorithm" 727 select CRYPTO_HASH 728 help 729 RIPEMD-128 (ISO/IEC 10118-3:2004). 730 731 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 732 be used as a secure replacement for RIPEMD. For other use cases, 733 RIPEMD-160 should be used. 734 735 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 736 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 737 738config CRYPTO_RMD160 739 tristate "RIPEMD-160 digest algorithm" 740 select CRYPTO_HASH 741 help 742 RIPEMD-160 (ISO/IEC 10118-3:2004). 743 744 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 745 to be used as a secure replacement for the 128-bit hash functions 746 MD4, MD5 and it's predecessor RIPEMD 747 (not to be confused with RIPEMD-128). 748 749 It's speed is comparable to SHA1 and there are no known attacks 750 against RIPEMD-160. 751 752 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 753 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 754 755config CRYPTO_RMD256 756 tristate "RIPEMD-256 digest algorithm" 757 select CRYPTO_HASH 758 help 759 RIPEMD-256 is an optional extension of RIPEMD-128 with a 760 256 bit hash. It is intended for applications that require 761 longer hash-results, without needing a larger security level 762 (than RIPEMD-128). 763 764 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 765 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 766 767config CRYPTO_RMD320 768 tristate "RIPEMD-320 digest algorithm" 769 select CRYPTO_HASH 770 help 771 RIPEMD-320 is an optional extension of RIPEMD-160 with a 772 320 bit hash. It is intended for applications that require 773 longer hash-results, without needing a larger security level 774 (than RIPEMD-160). 775 776 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 777 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 778 779config CRYPTO_SHA1 780 tristate "SHA1 digest algorithm" 781 select CRYPTO_HASH 782 help 783 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 784 785config CRYPTO_SHA1_SSSE3 786 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 787 depends on X86 && 64BIT 788 select CRYPTO_SHA1 789 select CRYPTO_HASH 790 help 791 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 792 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 793 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 794 when available. 795 796config CRYPTO_SHA256_SSSE3 797 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 798 depends on X86 && 64BIT 799 select CRYPTO_SHA256 800 select CRYPTO_HASH 801 help 802 SHA-256 secure hash standard (DFIPS 180-2) implemented 803 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 804 Extensions version 1 (AVX1), or Advanced Vector Extensions 805 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 806 Instructions) when available. 807 808config CRYPTO_SHA512_SSSE3 809 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 810 depends on X86 && 64BIT 811 select CRYPTO_SHA512 812 select CRYPTO_HASH 813 help 814 SHA-512 secure hash standard (DFIPS 180-2) implemented 815 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 816 Extensions version 1 (AVX1), or Advanced Vector Extensions 817 version 2 (AVX2) instructions, when available. 818 819config CRYPTO_SHA1_OCTEON 820 tristate "SHA1 digest algorithm (OCTEON)" 821 depends on CPU_CAVIUM_OCTEON 822 select CRYPTO_SHA1 823 select CRYPTO_HASH 824 help 825 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 826 using OCTEON crypto instructions, when available. 827 828config CRYPTO_SHA1_SPARC64 829 tristate "SHA1 digest algorithm (SPARC64)" 830 depends on SPARC64 831 select CRYPTO_SHA1 832 select CRYPTO_HASH 833 help 834 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 835 using sparc64 crypto instructions, when available. 836 837config CRYPTO_SHA1_PPC 838 tristate "SHA1 digest algorithm (powerpc)" 839 depends on PPC 840 help 841 This is the powerpc hardware accelerated implementation of the 842 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 843 844config CRYPTO_SHA1_PPC_SPE 845 tristate "SHA1 digest algorithm (PPC SPE)" 846 depends on PPC && SPE 847 help 848 SHA-1 secure hash standard (DFIPS 180-4) implemented 849 using powerpc SPE SIMD instruction set. 850 851config CRYPTO_SHA256 852 tristate "SHA224 and SHA256 digest algorithm" 853 select CRYPTO_HASH 854 help 855 SHA256 secure hash standard (DFIPS 180-2). 856 857 This version of SHA implements a 256 bit hash with 128 bits of 858 security against collision attacks. 859 860 This code also includes SHA-224, a 224 bit hash with 112 bits 861 of security against collision attacks. 862 863config CRYPTO_SHA256_PPC_SPE 864 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 865 depends on PPC && SPE 866 select CRYPTO_SHA256 867 select CRYPTO_HASH 868 help 869 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 870 implemented using powerpc SPE SIMD instruction set. 871 872config CRYPTO_SHA256_OCTEON 873 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 874 depends on CPU_CAVIUM_OCTEON 875 select CRYPTO_SHA256 876 select CRYPTO_HASH 877 help 878 SHA-256 secure hash standard (DFIPS 180-2) implemented 879 using OCTEON crypto instructions, when available. 880 881config CRYPTO_SHA256_SPARC64 882 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 883 depends on SPARC64 884 select CRYPTO_SHA256 885 select CRYPTO_HASH 886 help 887 SHA-256 secure hash standard (DFIPS 180-2) implemented 888 using sparc64 crypto instructions, when available. 889 890config CRYPTO_SHA512 891 tristate "SHA384 and SHA512 digest algorithms" 892 select CRYPTO_HASH 893 help 894 SHA512 secure hash standard (DFIPS 180-2). 895 896 This version of SHA implements a 512 bit hash with 256 bits of 897 security against collision attacks. 898 899 This code also includes SHA-384, a 384 bit hash with 192 bits 900 of security against collision attacks. 901 902config CRYPTO_SHA512_OCTEON 903 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 904 depends on CPU_CAVIUM_OCTEON 905 select CRYPTO_SHA512 906 select CRYPTO_HASH 907 help 908 SHA-512 secure hash standard (DFIPS 180-2) implemented 909 using OCTEON crypto instructions, when available. 910 911config CRYPTO_SHA512_SPARC64 912 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 913 depends on SPARC64 914 select CRYPTO_SHA512 915 select CRYPTO_HASH 916 help 917 SHA-512 secure hash standard (DFIPS 180-2) implemented 918 using sparc64 crypto instructions, when available. 919 920config CRYPTO_SHA3 921 tristate "SHA3 digest algorithm" 922 select CRYPTO_HASH 923 help 924 SHA-3 secure hash standard (DFIPS 202). It's based on 925 cryptographic sponge function family called Keccak. 926 927 References: 928 http://keccak.noekeon.org/ 929 930config CRYPTO_SM3 931 tristate "SM3 digest algorithm" 932 select CRYPTO_HASH 933 help 934 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 935 It is part of the Chinese Commercial Cryptography suite. 936 937 References: 938 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 939 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 940 941config CRYPTO_STREEBOG 942 tristate "Streebog Hash Function" 943 select CRYPTO_HASH 944 help 945 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian 946 cryptographic standard algorithms (called GOST algorithms). 947 This setting enables two hash algorithms with 256 and 512 bits output. 948 949 References: 950 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 951 https://tools.ietf.org/html/rfc6986 952 953config CRYPTO_TGR192 954 tristate "Tiger digest algorithms" 955 select CRYPTO_HASH 956 help 957 Tiger hash algorithm 192, 160 and 128-bit hashes 958 959 Tiger is a hash function optimized for 64-bit processors while 960 still having decent performance on 32-bit processors. 961 Tiger was developed by Ross Anderson and Eli Biham. 962 963 See also: 964 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 965 966config CRYPTO_WP512 967 tristate "Whirlpool digest algorithms" 968 select CRYPTO_HASH 969 help 970 Whirlpool hash algorithm 512, 384 and 256-bit hashes 971 972 Whirlpool-512 is part of the NESSIE cryptographic primitives. 973 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 974 975 See also: 976 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 977 978config CRYPTO_GHASH_CLMUL_NI_INTEL 979 tristate "GHASH digest algorithm (CLMUL-NI accelerated)" 980 depends on X86 && 64BIT 981 select CRYPTO_CRYPTD 982 help 983 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 984 The implementation is accelerated by CLMUL-NI of Intel. 985 986comment "Ciphers" 987 988config CRYPTO_LIB_AES 989 tristate 990 991config CRYPTO_AES 992 tristate "AES cipher algorithms" 993 select CRYPTO_ALGAPI 994 select CRYPTO_LIB_AES 995 help 996 AES cipher algorithms (FIPS-197). AES uses the Rijndael 997 algorithm. 998 999 Rijndael appears to be consistently a very good performer in 1000 both hardware and software across a wide range of computing 1001 environments regardless of its use in feedback or non-feedback 1002 modes. Its key setup time is excellent, and its key agility is 1003 good. Rijndael's very low memory requirements make it very well 1004 suited for restricted-space environments, in which it also 1005 demonstrates excellent performance. Rijndael's operations are 1006 among the easiest to defend against power and timing attacks. 1007 1008 The AES specifies three key sizes: 128, 192 and 256 bits 1009 1010 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 1011 1012config CRYPTO_AES_TI 1013 tristate "Fixed time AES cipher" 1014 select CRYPTO_ALGAPI 1015 select CRYPTO_LIB_AES 1016 help 1017 This is a generic implementation of AES that attempts to eliminate 1018 data dependent latencies as much as possible without affecting 1019 performance too much. It is intended for use by the generic CCM 1020 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 1021 solely on encryption (although decryption is supported as well, but 1022 with a more dramatic performance hit) 1023 1024 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 1025 8 for decryption), this implementation only uses just two S-boxes of 1026 256 bytes each, and attempts to eliminate data dependent latencies by 1027 prefetching the entire table into the cache at the start of each 1028 block. Interrupts are also disabled to avoid races where cachelines 1029 are evicted when the CPU is interrupted to do something else. 1030 1031config CRYPTO_AES_NI_INTEL 1032 tristate "AES cipher algorithms (AES-NI)" 1033 depends on X86 1034 select CRYPTO_AEAD 1035 select CRYPTO_LIB_AES 1036 select CRYPTO_ALGAPI 1037 select CRYPTO_BLKCIPHER 1038 select CRYPTO_GLUE_HELPER_X86 if 64BIT 1039 select CRYPTO_SIMD 1040 help 1041 Use Intel AES-NI instructions for AES algorithm. 1042 1043 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1044 algorithm. 1045 1046 Rijndael appears to be consistently a very good performer in 1047 both hardware and software across a wide range of computing 1048 environments regardless of its use in feedback or non-feedback 1049 modes. Its key setup time is excellent, and its key agility is 1050 good. Rijndael's very low memory requirements make it very well 1051 suited for restricted-space environments, in which it also 1052 demonstrates excellent performance. Rijndael's operations are 1053 among the easiest to defend against power and timing attacks. 1054 1055 The AES specifies three key sizes: 128, 192 and 256 bits 1056 1057 See <http://csrc.nist.gov/encryption/aes/> for more information. 1058 1059 In addition to AES cipher algorithm support, the acceleration 1060 for some popular block cipher mode is supported too, including 1061 ECB, CBC, LRW, XTS. The 64 bit version has additional 1062 acceleration for CTR. 1063 1064config CRYPTO_AES_SPARC64 1065 tristate "AES cipher algorithms (SPARC64)" 1066 depends on SPARC64 1067 select CRYPTO_CRYPTD 1068 select CRYPTO_ALGAPI 1069 help 1070 Use SPARC64 crypto opcodes for AES algorithm. 1071 1072 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1073 algorithm. 1074 1075 Rijndael appears to be consistently a very good performer in 1076 both hardware and software across a wide range of computing 1077 environments regardless of its use in feedback or non-feedback 1078 modes. Its key setup time is excellent, and its key agility is 1079 good. Rijndael's very low memory requirements make it very well 1080 suited for restricted-space environments, in which it also 1081 demonstrates excellent performance. Rijndael's operations are 1082 among the easiest to defend against power and timing attacks. 1083 1084 The AES specifies three key sizes: 128, 192 and 256 bits 1085 1086 See <http://csrc.nist.gov/encryption/aes/> for more information. 1087 1088 In addition to AES cipher algorithm support, the acceleration 1089 for some popular block cipher mode is supported too, including 1090 ECB and CBC. 1091 1092config CRYPTO_AES_PPC_SPE 1093 tristate "AES cipher algorithms (PPC SPE)" 1094 depends on PPC && SPE 1095 help 1096 AES cipher algorithms (FIPS-197). Additionally the acceleration 1097 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1098 This module should only be used for low power (router) devices 1099 without hardware AES acceleration (e.g. caam crypto). It reduces the 1100 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1101 timining attacks. Nevertheless it might be not as secure as other 1102 architecture specific assembler implementations that work on 1KB 1103 tables or 256 bytes S-boxes. 1104 1105config CRYPTO_ANUBIS 1106 tristate "Anubis cipher algorithm" 1107 select CRYPTO_ALGAPI 1108 help 1109 Anubis cipher algorithm. 1110 1111 Anubis is a variable key length cipher which can use keys from 1112 128 bits to 320 bits in length. It was evaluated as a entrant 1113 in the NESSIE competition. 1114 1115 See also: 1116 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 1117 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 1118 1119config CRYPTO_LIB_ARC4 1120 tristate 1121 1122config CRYPTO_ARC4 1123 tristate "ARC4 cipher algorithm" 1124 select CRYPTO_BLKCIPHER 1125 select CRYPTO_LIB_ARC4 1126 help 1127 ARC4 cipher algorithm. 1128 1129 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1130 bits in length. This algorithm is required for driver-based 1131 WEP, but it should not be for other purposes because of the 1132 weakness of the algorithm. 1133 1134config CRYPTO_BLOWFISH 1135 tristate "Blowfish cipher algorithm" 1136 select CRYPTO_ALGAPI 1137 select CRYPTO_BLOWFISH_COMMON 1138 help 1139 Blowfish cipher algorithm, by Bruce Schneier. 1140 1141 This is a variable key length cipher which can use keys from 32 1142 bits to 448 bits in length. It's fast, simple and specifically 1143 designed for use on "large microprocessors". 1144 1145 See also: 1146 <http://www.schneier.com/blowfish.html> 1147 1148config CRYPTO_BLOWFISH_COMMON 1149 tristate 1150 help 1151 Common parts of the Blowfish cipher algorithm shared by the 1152 generic c and the assembler implementations. 1153 1154 See also: 1155 <http://www.schneier.com/blowfish.html> 1156 1157config CRYPTO_BLOWFISH_X86_64 1158 tristate "Blowfish cipher algorithm (x86_64)" 1159 depends on X86 && 64BIT 1160 select CRYPTO_BLKCIPHER 1161 select CRYPTO_BLOWFISH_COMMON 1162 help 1163 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 1164 1165 This is a variable key length cipher which can use keys from 32 1166 bits to 448 bits in length. It's fast, simple and specifically 1167 designed for use on "large microprocessors". 1168 1169 See also: 1170 <http://www.schneier.com/blowfish.html> 1171 1172config CRYPTO_CAMELLIA 1173 tristate "Camellia cipher algorithms" 1174 depends on CRYPTO 1175 select CRYPTO_ALGAPI 1176 help 1177 Camellia cipher algorithms module. 1178 1179 Camellia is a symmetric key block cipher developed jointly 1180 at NTT and Mitsubishi Electric Corporation. 1181 1182 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1183 1184 See also: 1185 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1186 1187config CRYPTO_CAMELLIA_X86_64 1188 tristate "Camellia cipher algorithm (x86_64)" 1189 depends on X86 && 64BIT 1190 depends on CRYPTO 1191 select CRYPTO_BLKCIPHER 1192 select CRYPTO_GLUE_HELPER_X86 1193 help 1194 Camellia cipher algorithm module (x86_64). 1195 1196 Camellia is a symmetric key block cipher developed jointly 1197 at NTT and Mitsubishi Electric Corporation. 1198 1199 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1200 1201 See also: 1202 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1203 1204config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1205 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1206 depends on X86 && 64BIT 1207 depends on CRYPTO 1208 select CRYPTO_BLKCIPHER 1209 select CRYPTO_CAMELLIA_X86_64 1210 select CRYPTO_GLUE_HELPER_X86 1211 select CRYPTO_SIMD 1212 select CRYPTO_XTS 1213 help 1214 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1215 1216 Camellia is a symmetric key block cipher developed jointly 1217 at NTT and Mitsubishi Electric Corporation. 1218 1219 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1220 1221 See also: 1222 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1223 1224config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1225 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1226 depends on X86 && 64BIT 1227 depends on CRYPTO 1228 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1229 help 1230 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1231 1232 Camellia is a symmetric key block cipher developed jointly 1233 at NTT and Mitsubishi Electric Corporation. 1234 1235 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1236 1237 See also: 1238 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1239 1240config CRYPTO_CAMELLIA_SPARC64 1241 tristate "Camellia cipher algorithm (SPARC64)" 1242 depends on SPARC64 1243 depends on CRYPTO 1244 select CRYPTO_ALGAPI 1245 help 1246 Camellia cipher algorithm module (SPARC64). 1247 1248 Camellia is a symmetric key block cipher developed jointly 1249 at NTT and Mitsubishi Electric Corporation. 1250 1251 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1252 1253 See also: 1254 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1255 1256config CRYPTO_CAST_COMMON 1257 tristate 1258 help 1259 Common parts of the CAST cipher algorithms shared by the 1260 generic c and the assembler implementations. 1261 1262config CRYPTO_CAST5 1263 tristate "CAST5 (CAST-128) cipher algorithm" 1264 select CRYPTO_ALGAPI 1265 select CRYPTO_CAST_COMMON 1266 help 1267 The CAST5 encryption algorithm (synonymous with CAST-128) is 1268 described in RFC2144. 1269 1270config CRYPTO_CAST5_AVX_X86_64 1271 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1272 depends on X86 && 64BIT 1273 select CRYPTO_BLKCIPHER 1274 select CRYPTO_CAST5 1275 select CRYPTO_CAST_COMMON 1276 select CRYPTO_SIMD 1277 help 1278 The CAST5 encryption algorithm (synonymous with CAST-128) is 1279 described in RFC2144. 1280 1281 This module provides the Cast5 cipher algorithm that processes 1282 sixteen blocks parallel using the AVX instruction set. 1283 1284config CRYPTO_CAST6 1285 tristate "CAST6 (CAST-256) cipher algorithm" 1286 select CRYPTO_ALGAPI 1287 select CRYPTO_CAST_COMMON 1288 help 1289 The CAST6 encryption algorithm (synonymous with CAST-256) is 1290 described in RFC2612. 1291 1292config CRYPTO_CAST6_AVX_X86_64 1293 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1294 depends on X86 && 64BIT 1295 select CRYPTO_BLKCIPHER 1296 select CRYPTO_CAST6 1297 select CRYPTO_CAST_COMMON 1298 select CRYPTO_GLUE_HELPER_X86 1299 select CRYPTO_SIMD 1300 select CRYPTO_XTS 1301 help 1302 The CAST6 encryption algorithm (synonymous with CAST-256) is 1303 described in RFC2612. 1304 1305 This module provides the Cast6 cipher algorithm that processes 1306 eight blocks parallel using the AVX instruction set. 1307 1308config CRYPTO_DES 1309 tristate "DES and Triple DES EDE cipher algorithms" 1310 select CRYPTO_ALGAPI 1311 help 1312 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1313 1314config CRYPTO_DES_SPARC64 1315 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1316 depends on SPARC64 1317 select CRYPTO_ALGAPI 1318 select CRYPTO_DES 1319 help 1320 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1321 optimized using SPARC64 crypto opcodes. 1322 1323config CRYPTO_DES3_EDE_X86_64 1324 tristate "Triple DES EDE cipher algorithm (x86-64)" 1325 depends on X86 && 64BIT 1326 select CRYPTO_BLKCIPHER 1327 select CRYPTO_DES 1328 help 1329 Triple DES EDE (FIPS 46-3) algorithm. 1330 1331 This module provides implementation of the Triple DES EDE cipher 1332 algorithm that is optimized for x86-64 processors. Two versions of 1333 algorithm are provided; regular processing one input block and 1334 one that processes three blocks parallel. 1335 1336config CRYPTO_FCRYPT 1337 tristate "FCrypt cipher algorithm" 1338 select CRYPTO_ALGAPI 1339 select CRYPTO_BLKCIPHER 1340 help 1341 FCrypt algorithm used by RxRPC. 1342 1343config CRYPTO_KHAZAD 1344 tristate "Khazad cipher algorithm" 1345 select CRYPTO_ALGAPI 1346 help 1347 Khazad cipher algorithm. 1348 1349 Khazad was a finalist in the initial NESSIE competition. It is 1350 an algorithm optimized for 64-bit processors with good performance 1351 on 32-bit processors. Khazad uses an 128 bit key size. 1352 1353 See also: 1354 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1355 1356config CRYPTO_SALSA20 1357 tristate "Salsa20 stream cipher algorithm" 1358 select CRYPTO_BLKCIPHER 1359 help 1360 Salsa20 stream cipher algorithm. 1361 1362 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1363 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1364 1365 The Salsa20 stream cipher algorithm is designed by Daniel J. 1366 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1367 1368config CRYPTO_CHACHA20 1369 tristate "ChaCha stream cipher algorithms" 1370 select CRYPTO_BLKCIPHER 1371 help 1372 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms. 1373 1374 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1375 Bernstein and further specified in RFC7539 for use in IETF protocols. 1376 This is the portable C implementation of ChaCha20. See also: 1377 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1378 1379 XChaCha20 is the application of the XSalsa20 construction to ChaCha20 1380 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 1381 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 1382 while provably retaining ChaCha20's security. See also: 1383 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf> 1384 1385 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 1386 reduced security margin but increased performance. It can be needed 1387 in some performance-sensitive scenarios. 1388 1389config CRYPTO_CHACHA20_X86_64 1390 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)" 1391 depends on X86 && 64BIT 1392 select CRYPTO_BLKCIPHER 1393 select CRYPTO_CHACHA20 1394 help 1395 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20, 1396 XChaCha20, and XChaCha12 stream ciphers. 1397 1398config CRYPTO_SEED 1399 tristate "SEED cipher algorithm" 1400 select CRYPTO_ALGAPI 1401 help 1402 SEED cipher algorithm (RFC4269). 1403 1404 SEED is a 128-bit symmetric key block cipher that has been 1405 developed by KISA (Korea Information Security Agency) as a 1406 national standard encryption algorithm of the Republic of Korea. 1407 It is a 16 round block cipher with the key size of 128 bit. 1408 1409 See also: 1410 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1411 1412config CRYPTO_SERPENT 1413 tristate "Serpent cipher algorithm" 1414 select CRYPTO_ALGAPI 1415 help 1416 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1417 1418 Keys are allowed to be from 0 to 256 bits in length, in steps 1419 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 1420 variant of Serpent for compatibility with old kerneli.org code. 1421 1422 See also: 1423 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1424 1425config CRYPTO_SERPENT_SSE2_X86_64 1426 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1427 depends on X86 && 64BIT 1428 select CRYPTO_BLKCIPHER 1429 select CRYPTO_GLUE_HELPER_X86 1430 select CRYPTO_SERPENT 1431 select CRYPTO_SIMD 1432 help 1433 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1434 1435 Keys are allowed to be from 0 to 256 bits in length, in steps 1436 of 8 bits. 1437 1438 This module provides Serpent cipher algorithm that processes eight 1439 blocks parallel using SSE2 instruction set. 1440 1441 See also: 1442 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1443 1444config CRYPTO_SERPENT_SSE2_586 1445 tristate "Serpent cipher algorithm (i586/SSE2)" 1446 depends on X86 && !64BIT 1447 select CRYPTO_BLKCIPHER 1448 select CRYPTO_GLUE_HELPER_X86 1449 select CRYPTO_SERPENT 1450 select CRYPTO_SIMD 1451 help 1452 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1453 1454 Keys are allowed to be from 0 to 256 bits in length, in steps 1455 of 8 bits. 1456 1457 This module provides Serpent cipher algorithm that processes four 1458 blocks parallel using SSE2 instruction set. 1459 1460 See also: 1461 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1462 1463config CRYPTO_SERPENT_AVX_X86_64 1464 tristate "Serpent cipher algorithm (x86_64/AVX)" 1465 depends on X86 && 64BIT 1466 select CRYPTO_BLKCIPHER 1467 select CRYPTO_GLUE_HELPER_X86 1468 select CRYPTO_SERPENT 1469 select CRYPTO_SIMD 1470 select CRYPTO_XTS 1471 help 1472 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1473 1474 Keys are allowed to be from 0 to 256 bits in length, in steps 1475 of 8 bits. 1476 1477 This module provides the Serpent cipher algorithm that processes 1478 eight blocks parallel using the AVX instruction set. 1479 1480 See also: 1481 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1482 1483config CRYPTO_SERPENT_AVX2_X86_64 1484 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1485 depends on X86 && 64BIT 1486 select CRYPTO_SERPENT_AVX_X86_64 1487 help 1488 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1489 1490 Keys are allowed to be from 0 to 256 bits in length, in steps 1491 of 8 bits. 1492 1493 This module provides Serpent cipher algorithm that processes 16 1494 blocks parallel using AVX2 instruction set. 1495 1496 See also: 1497 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1498 1499config CRYPTO_SM4 1500 tristate "SM4 cipher algorithm" 1501 select CRYPTO_ALGAPI 1502 help 1503 SM4 cipher algorithms (OSCCA GB/T 32907-2016). 1504 1505 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1506 Organization of State Commercial Administration of China (OSCCA) 1507 as an authorized cryptographic algorithms for the use within China. 1508 1509 SMS4 was originally created for use in protecting wireless 1510 networks, and is mandated in the Chinese National Standard for 1511 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 1512 (GB.15629.11-2003). 1513 1514 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 1515 standardized through TC 260 of the Standardization Administration 1516 of the People's Republic of China (SAC). 1517 1518 The input, output, and key of SMS4 are each 128 bits. 1519 1520 See also: <https://eprint.iacr.org/2008/329.pdf> 1521 1522 If unsure, say N. 1523 1524config CRYPTO_TEA 1525 tristate "TEA, XTEA and XETA cipher algorithms" 1526 select CRYPTO_ALGAPI 1527 help 1528 TEA cipher algorithm. 1529 1530 Tiny Encryption Algorithm is a simple cipher that uses 1531 many rounds for security. It is very fast and uses 1532 little memory. 1533 1534 Xtendend Tiny Encryption Algorithm is a modification to 1535 the TEA algorithm to address a potential key weakness 1536 in the TEA algorithm. 1537 1538 Xtendend Encryption Tiny Algorithm is a mis-implementation 1539 of the XTEA algorithm for compatibility purposes. 1540 1541config CRYPTO_TWOFISH 1542 tristate "Twofish cipher algorithm" 1543 select CRYPTO_ALGAPI 1544 select CRYPTO_TWOFISH_COMMON 1545 help 1546 Twofish cipher algorithm. 1547 1548 Twofish was submitted as an AES (Advanced Encryption Standard) 1549 candidate cipher by researchers at CounterPane Systems. It is a 1550 16 round block cipher supporting key sizes of 128, 192, and 256 1551 bits. 1552 1553 See also: 1554 <http://www.schneier.com/twofish.html> 1555 1556config CRYPTO_TWOFISH_COMMON 1557 tristate 1558 help 1559 Common parts of the Twofish cipher algorithm shared by the 1560 generic c and the assembler implementations. 1561 1562config CRYPTO_TWOFISH_586 1563 tristate "Twofish cipher algorithms (i586)" 1564 depends on (X86 || UML_X86) && !64BIT 1565 select CRYPTO_ALGAPI 1566 select CRYPTO_TWOFISH_COMMON 1567 help 1568 Twofish cipher algorithm. 1569 1570 Twofish was submitted as an AES (Advanced Encryption Standard) 1571 candidate cipher by researchers at CounterPane Systems. It is a 1572 16 round block cipher supporting key sizes of 128, 192, and 256 1573 bits. 1574 1575 See also: 1576 <http://www.schneier.com/twofish.html> 1577 1578config CRYPTO_TWOFISH_X86_64 1579 tristate "Twofish cipher algorithm (x86_64)" 1580 depends on (X86 || UML_X86) && 64BIT 1581 select CRYPTO_ALGAPI 1582 select CRYPTO_TWOFISH_COMMON 1583 help 1584 Twofish cipher algorithm (x86_64). 1585 1586 Twofish was submitted as an AES (Advanced Encryption Standard) 1587 candidate cipher by researchers at CounterPane Systems. It is a 1588 16 round block cipher supporting key sizes of 128, 192, and 256 1589 bits. 1590 1591 See also: 1592 <http://www.schneier.com/twofish.html> 1593 1594config CRYPTO_TWOFISH_X86_64_3WAY 1595 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1596 depends on X86 && 64BIT 1597 select CRYPTO_BLKCIPHER 1598 select CRYPTO_TWOFISH_COMMON 1599 select CRYPTO_TWOFISH_X86_64 1600 select CRYPTO_GLUE_HELPER_X86 1601 help 1602 Twofish cipher algorithm (x86_64, 3-way parallel). 1603 1604 Twofish was submitted as an AES (Advanced Encryption Standard) 1605 candidate cipher by researchers at CounterPane Systems. It is a 1606 16 round block cipher supporting key sizes of 128, 192, and 256 1607 bits. 1608 1609 This module provides Twofish cipher algorithm that processes three 1610 blocks parallel, utilizing resources of out-of-order CPUs better. 1611 1612 See also: 1613 <http://www.schneier.com/twofish.html> 1614 1615config CRYPTO_TWOFISH_AVX_X86_64 1616 tristate "Twofish cipher algorithm (x86_64/AVX)" 1617 depends on X86 && 64BIT 1618 select CRYPTO_BLKCIPHER 1619 select CRYPTO_GLUE_HELPER_X86 1620 select CRYPTO_SIMD 1621 select CRYPTO_TWOFISH_COMMON 1622 select CRYPTO_TWOFISH_X86_64 1623 select CRYPTO_TWOFISH_X86_64_3WAY 1624 help 1625 Twofish cipher algorithm (x86_64/AVX). 1626 1627 Twofish was submitted as an AES (Advanced Encryption Standard) 1628 candidate cipher by researchers at CounterPane Systems. It is a 1629 16 round block cipher supporting key sizes of 128, 192, and 256 1630 bits. 1631 1632 This module provides the Twofish cipher algorithm that processes 1633 eight blocks parallel using the AVX Instruction Set. 1634 1635 See also: 1636 <http://www.schneier.com/twofish.html> 1637 1638comment "Compression" 1639 1640config CRYPTO_DEFLATE 1641 tristate "Deflate compression algorithm" 1642 select CRYPTO_ALGAPI 1643 select CRYPTO_ACOMP2 1644 select ZLIB_INFLATE 1645 select ZLIB_DEFLATE 1646 help 1647 This is the Deflate algorithm (RFC1951), specified for use in 1648 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1649 1650 You will most probably want this if using IPSec. 1651 1652config CRYPTO_LZO 1653 tristate "LZO compression algorithm" 1654 select CRYPTO_ALGAPI 1655 select CRYPTO_ACOMP2 1656 select LZO_COMPRESS 1657 select LZO_DECOMPRESS 1658 help 1659 This is the LZO algorithm. 1660 1661config CRYPTO_842 1662 tristate "842 compression algorithm" 1663 select CRYPTO_ALGAPI 1664 select CRYPTO_ACOMP2 1665 select 842_COMPRESS 1666 select 842_DECOMPRESS 1667 help 1668 This is the 842 algorithm. 1669 1670config CRYPTO_LZ4 1671 tristate "LZ4 compression algorithm" 1672 select CRYPTO_ALGAPI 1673 select CRYPTO_ACOMP2 1674 select LZ4_COMPRESS 1675 select LZ4_DECOMPRESS 1676 help 1677 This is the LZ4 algorithm. 1678 1679config CRYPTO_LZ4HC 1680 tristate "LZ4HC compression algorithm" 1681 select CRYPTO_ALGAPI 1682 select CRYPTO_ACOMP2 1683 select LZ4HC_COMPRESS 1684 select LZ4_DECOMPRESS 1685 help 1686 This is the LZ4 high compression mode algorithm. 1687 1688config CRYPTO_ZSTD 1689 tristate "Zstd compression algorithm" 1690 select CRYPTO_ALGAPI 1691 select CRYPTO_ACOMP2 1692 select ZSTD_COMPRESS 1693 select ZSTD_DECOMPRESS 1694 help 1695 This is the zstd algorithm. 1696 1697comment "Random Number Generation" 1698 1699config CRYPTO_ANSI_CPRNG 1700 tristate "Pseudo Random Number Generation for Cryptographic modules" 1701 select CRYPTO_AES 1702 select CRYPTO_RNG 1703 help 1704 This option enables the generic pseudo random number generator 1705 for cryptographic modules. Uses the Algorithm specified in 1706 ANSI X9.31 A.2.4. Note that this option must be enabled if 1707 CRYPTO_FIPS is selected 1708 1709menuconfig CRYPTO_DRBG_MENU 1710 tristate "NIST SP800-90A DRBG" 1711 help 1712 NIST SP800-90A compliant DRBG. In the following submenu, one or 1713 more of the DRBG types must be selected. 1714 1715if CRYPTO_DRBG_MENU 1716 1717config CRYPTO_DRBG_HMAC 1718 bool 1719 default y 1720 select CRYPTO_HMAC 1721 select CRYPTO_SHA256 1722 1723config CRYPTO_DRBG_HASH 1724 bool "Enable Hash DRBG" 1725 select CRYPTO_SHA256 1726 help 1727 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1728 1729config CRYPTO_DRBG_CTR 1730 bool "Enable CTR DRBG" 1731 select CRYPTO_AES 1732 depends on CRYPTO_CTR 1733 help 1734 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1735 1736config CRYPTO_DRBG 1737 tristate 1738 default CRYPTO_DRBG_MENU 1739 select CRYPTO_RNG 1740 select CRYPTO_JITTERENTROPY 1741 1742endif # if CRYPTO_DRBG_MENU 1743 1744config CRYPTO_JITTERENTROPY 1745 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1746 select CRYPTO_RNG 1747 help 1748 The Jitterentropy RNG is a noise that is intended 1749 to provide seed to another RNG. The RNG does not 1750 perform any cryptographic whitening of the generated 1751 random numbers. This Jitterentropy RNG registers with 1752 the kernel crypto API and can be used by any caller. 1753 1754config CRYPTO_USER_API 1755 tristate 1756 1757config CRYPTO_USER_API_HASH 1758 tristate "User-space interface for hash algorithms" 1759 depends on NET 1760 select CRYPTO_HASH 1761 select CRYPTO_USER_API 1762 help 1763 This option enables the user-spaces interface for hash 1764 algorithms. 1765 1766config CRYPTO_USER_API_SKCIPHER 1767 tristate "User-space interface for symmetric key cipher algorithms" 1768 depends on NET 1769 select CRYPTO_BLKCIPHER 1770 select CRYPTO_USER_API 1771 help 1772 This option enables the user-spaces interface for symmetric 1773 key cipher algorithms. 1774 1775config CRYPTO_USER_API_RNG 1776 tristate "User-space interface for random number generator algorithms" 1777 depends on NET 1778 select CRYPTO_RNG 1779 select CRYPTO_USER_API 1780 help 1781 This option enables the user-spaces interface for random 1782 number generator algorithms. 1783 1784config CRYPTO_USER_API_AEAD 1785 tristate "User-space interface for AEAD cipher algorithms" 1786 depends on NET 1787 select CRYPTO_AEAD 1788 select CRYPTO_BLKCIPHER 1789 select CRYPTO_NULL 1790 select CRYPTO_USER_API 1791 help 1792 This option enables the user-spaces interface for AEAD 1793 cipher algorithms. 1794 1795config CRYPTO_STATS 1796 bool "Crypto usage statistics for User-space" 1797 depends on CRYPTO_USER 1798 help 1799 This option enables the gathering of crypto stats. 1800 This will collect: 1801 - encrypt/decrypt size and numbers of symmeric operations 1802 - compress/decompress size and numbers of compress operations 1803 - size and numbers of hash operations 1804 - encrypt/decrypt/sign/verify numbers for asymmetric operations 1805 - generate/seed numbers for rng operations 1806 1807config CRYPTO_HASH_INFO 1808 bool 1809 1810source "drivers/crypto/Kconfig" 1811source "crypto/asymmetric_keys/Kconfig" 1812source "certs/Kconfig" 1813 1814endif # if CRYPTO 1815