1# SPDX-License-Identifier: GPL-2.0 2# 3# Generic algorithms support 4# 5config XOR_BLOCKS 6 tristate 7 8# 9# async_tx api: hardware offloaded memory transfer/transform support 10# 11source "crypto/async_tx/Kconfig" 12 13# 14# Cryptographic API Configuration 15# 16menuconfig CRYPTO 17 tristate "Cryptographic API" 18 help 19 This option provides the core Cryptographic API. 20 21if CRYPTO 22 23comment "Crypto core or helper" 24 25config CRYPTO_FIPS 26 bool "FIPS 200 compliance" 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 28 depends on (MODULE_SIG || !MODULES) 29 help 30 This option enables the fips boot option which is 31 required if you want the system to operate in a FIPS 200 32 certification. You should say no unless you know what 33 this is. 34 35config CRYPTO_ALGAPI 36 tristate 37 select CRYPTO_ALGAPI2 38 help 39 This option provides the API for cryptographic algorithms. 40 41config CRYPTO_ALGAPI2 42 tristate 43 44config CRYPTO_AEAD 45 tristate 46 select CRYPTO_AEAD2 47 select CRYPTO_ALGAPI 48 49config CRYPTO_AEAD2 50 tristate 51 select CRYPTO_ALGAPI2 52 select CRYPTO_NULL2 53 select CRYPTO_RNG2 54 55config CRYPTO_SKCIPHER 56 tristate 57 select CRYPTO_SKCIPHER2 58 select CRYPTO_ALGAPI 59 60config CRYPTO_SKCIPHER2 61 tristate 62 select CRYPTO_ALGAPI2 63 select CRYPTO_RNG2 64 65config CRYPTO_HASH 66 tristate 67 select CRYPTO_HASH2 68 select CRYPTO_ALGAPI 69 70config CRYPTO_HASH2 71 tristate 72 select CRYPTO_ALGAPI2 73 74config CRYPTO_RNG 75 tristate 76 select CRYPTO_RNG2 77 select CRYPTO_ALGAPI 78 79config CRYPTO_RNG2 80 tristate 81 select CRYPTO_ALGAPI2 82 83config CRYPTO_RNG_DEFAULT 84 tristate 85 select CRYPTO_DRBG_MENU 86 87config CRYPTO_AKCIPHER2 88 tristate 89 select CRYPTO_ALGAPI2 90 91config CRYPTO_AKCIPHER 92 tristate 93 select CRYPTO_AKCIPHER2 94 select CRYPTO_ALGAPI 95 96config CRYPTO_KPP2 97 tristate 98 select CRYPTO_ALGAPI2 99 100config CRYPTO_KPP 101 tristate 102 select CRYPTO_ALGAPI 103 select CRYPTO_KPP2 104 105config CRYPTO_ACOMP2 106 tristate 107 select CRYPTO_ALGAPI2 108 select SGL_ALLOC 109 110config CRYPTO_ACOMP 111 tristate 112 select CRYPTO_ALGAPI 113 select CRYPTO_ACOMP2 114 115config CRYPTO_MANAGER 116 tristate "Cryptographic algorithm manager" 117 select CRYPTO_MANAGER2 118 help 119 Create default cryptographic template instantiations such as 120 cbc(aes). 121 122config CRYPTO_MANAGER2 123 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 124 select CRYPTO_AEAD2 125 select CRYPTO_HASH2 126 select CRYPTO_SKCIPHER2 127 select CRYPTO_AKCIPHER2 128 select CRYPTO_KPP2 129 select CRYPTO_ACOMP2 130 131config CRYPTO_USER 132 tristate "Userspace cryptographic algorithm configuration" 133 depends on NET 134 select CRYPTO_MANAGER 135 help 136 Userspace configuration for cryptographic instantiations such as 137 cbc(aes). 138 139config CRYPTO_MANAGER_DISABLE_TESTS 140 bool "Disable run-time self tests" 141 default y 142 help 143 Disable run-time self tests that normally take place at 144 algorithm registration. 145 146config CRYPTO_MANAGER_EXTRA_TESTS 147 bool "Enable extra run-time crypto self tests" 148 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS 149 help 150 Enable extra run-time self tests of registered crypto algorithms, 151 including randomized fuzz tests. 152 153 This is intended for developer use only, as these tests take much 154 longer to run than the normal self tests. 155 156config CRYPTO_GF128MUL 157 tristate 158 159config CRYPTO_NULL 160 tristate "Null algorithms" 161 select CRYPTO_NULL2 162 help 163 These are 'Null' algorithms, used by IPsec, which do nothing. 164 165config CRYPTO_NULL2 166 tristate 167 select CRYPTO_ALGAPI2 168 select CRYPTO_SKCIPHER2 169 select CRYPTO_HASH2 170 171config CRYPTO_PCRYPT 172 tristate "Parallel crypto engine" 173 depends on SMP 174 select PADATA 175 select CRYPTO_MANAGER 176 select CRYPTO_AEAD 177 help 178 This converts an arbitrary crypto algorithm into a parallel 179 algorithm that executes in kernel threads. 180 181config CRYPTO_CRYPTD 182 tristate "Software async crypto daemon" 183 select CRYPTO_SKCIPHER 184 select CRYPTO_HASH 185 select CRYPTO_MANAGER 186 help 187 This is a generic software asynchronous crypto daemon that 188 converts an arbitrary synchronous software crypto algorithm 189 into an asynchronous algorithm that executes in a kernel thread. 190 191config CRYPTO_AUTHENC 192 tristate "Authenc support" 193 select CRYPTO_AEAD 194 select CRYPTO_SKCIPHER 195 select CRYPTO_MANAGER 196 select CRYPTO_HASH 197 select CRYPTO_NULL 198 help 199 Authenc: Combined mode wrapper for IPsec. 200 This is required for IPSec. 201 202config CRYPTO_TEST 203 tristate "Testing module" 204 depends on m 205 select CRYPTO_MANAGER 206 help 207 Quick & dirty crypto test module. 208 209config CRYPTO_SIMD 210 tristate 211 select CRYPTO_CRYPTD 212 213config CRYPTO_GLUE_HELPER_X86 214 tristate 215 depends on X86 216 select CRYPTO_SKCIPHER 217 218config CRYPTO_ENGINE 219 tristate 220 221comment "Public-key cryptography" 222 223config CRYPTO_RSA 224 tristate "RSA algorithm" 225 select CRYPTO_AKCIPHER 226 select CRYPTO_MANAGER 227 select MPILIB 228 select ASN1 229 help 230 Generic implementation of the RSA public key algorithm. 231 232config CRYPTO_DH 233 tristate "Diffie-Hellman algorithm" 234 select CRYPTO_KPP 235 select MPILIB 236 help 237 Generic implementation of the Diffie-Hellman algorithm. 238 239config CRYPTO_ECC 240 tristate 241 242config CRYPTO_ECDH 243 tristate "ECDH algorithm" 244 select CRYPTO_ECC 245 select CRYPTO_KPP 246 select CRYPTO_RNG_DEFAULT 247 help 248 Generic implementation of the ECDH algorithm 249 250config CRYPTO_ECRDSA 251 tristate "EC-RDSA (GOST 34.10) algorithm" 252 select CRYPTO_ECC 253 select CRYPTO_AKCIPHER 254 select CRYPTO_STREEBOG 255 select OID_REGISTRY 256 select ASN1 257 help 258 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 259 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic 260 standard algorithms (called GOST algorithms). Only signature verification 261 is implemented. 262 263config CRYPTO_CURVE25519 264 tristate "Curve25519 algorithm" 265 select CRYPTO_KPP 266 select CRYPTO_LIB_CURVE25519_GENERIC 267 268config CRYPTO_CURVE25519_X86 269 tristate "x86_64 accelerated Curve25519 scalar multiplication library" 270 depends on X86 && 64BIT 271 select CRYPTO_LIB_CURVE25519_GENERIC 272 select CRYPTO_ARCH_HAVE_LIB_CURVE25519 273 274comment "Authenticated Encryption with Associated Data" 275 276config CRYPTO_CCM 277 tristate "CCM support" 278 select CRYPTO_CTR 279 select CRYPTO_HASH 280 select CRYPTO_AEAD 281 select CRYPTO_MANAGER 282 help 283 Support for Counter with CBC MAC. Required for IPsec. 284 285config CRYPTO_GCM 286 tristate "GCM/GMAC support" 287 select CRYPTO_CTR 288 select CRYPTO_AEAD 289 select CRYPTO_GHASH 290 select CRYPTO_NULL 291 select CRYPTO_MANAGER 292 help 293 Support for Galois/Counter Mode (GCM) and Galois Message 294 Authentication Code (GMAC). Required for IPSec. 295 296config CRYPTO_CHACHA20POLY1305 297 tristate "ChaCha20-Poly1305 AEAD support" 298 select CRYPTO_CHACHA20 299 select CRYPTO_POLY1305 300 select CRYPTO_AEAD 301 select CRYPTO_MANAGER 302 help 303 ChaCha20-Poly1305 AEAD support, RFC7539. 304 305 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 306 with the Poly1305 authenticator. It is defined in RFC7539 for use in 307 IETF protocols. 308 309config CRYPTO_AEGIS128 310 tristate "AEGIS-128 AEAD algorithm" 311 select CRYPTO_AEAD 312 select CRYPTO_AES # for AES S-box tables 313 help 314 Support for the AEGIS-128 dedicated AEAD algorithm. 315 316config CRYPTO_AEGIS128_SIMD 317 bool "Support SIMD acceleration for AEGIS-128" 318 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) 319 default y 320 321config CRYPTO_AEGIS128_AESNI_SSE2 322 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 323 depends on X86 && 64BIT 324 select CRYPTO_AEAD 325 select CRYPTO_SIMD 326 help 327 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm. 328 329config CRYPTO_SEQIV 330 tristate "Sequence Number IV Generator" 331 select CRYPTO_AEAD 332 select CRYPTO_SKCIPHER 333 select CRYPTO_NULL 334 select CRYPTO_RNG_DEFAULT 335 select CRYPTO_MANAGER 336 help 337 This IV generator generates an IV based on a sequence number by 338 xoring it with a salt. This algorithm is mainly useful for CTR 339 340config CRYPTO_ECHAINIV 341 tristate "Encrypted Chain IV Generator" 342 select CRYPTO_AEAD 343 select CRYPTO_NULL 344 select CRYPTO_RNG_DEFAULT 345 select CRYPTO_MANAGER 346 help 347 This IV generator generates an IV based on the encryption of 348 a sequence number xored with a salt. This is the default 349 algorithm for CBC. 350 351comment "Block modes" 352 353config CRYPTO_CBC 354 tristate "CBC support" 355 select CRYPTO_SKCIPHER 356 select CRYPTO_MANAGER 357 help 358 CBC: Cipher Block Chaining mode 359 This block cipher algorithm is required for IPSec. 360 361config CRYPTO_CFB 362 tristate "CFB support" 363 select CRYPTO_SKCIPHER 364 select CRYPTO_MANAGER 365 help 366 CFB: Cipher FeedBack mode 367 This block cipher algorithm is required for TPM2 Cryptography. 368 369config CRYPTO_CTR 370 tristate "CTR support" 371 select CRYPTO_SKCIPHER 372 select CRYPTO_MANAGER 373 help 374 CTR: Counter mode 375 This block cipher algorithm is required for IPSec. 376 377config CRYPTO_CTS 378 tristate "CTS support" 379 select CRYPTO_SKCIPHER 380 select CRYPTO_MANAGER 381 help 382 CTS: Cipher Text Stealing 383 This is the Cipher Text Stealing mode as described by 384 Section 8 of rfc2040 and referenced by rfc3962 385 (rfc3962 includes errata information in its Appendix A) or 386 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. 387 This mode is required for Kerberos gss mechanism support 388 for AES encryption. 389 390 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final 391 392config CRYPTO_ECB 393 tristate "ECB support" 394 select CRYPTO_SKCIPHER 395 select CRYPTO_MANAGER 396 help 397 ECB: Electronic CodeBook mode 398 This is the simplest block cipher algorithm. It simply encrypts 399 the input block by block. 400 401config CRYPTO_LRW 402 tristate "LRW support" 403 select CRYPTO_SKCIPHER 404 select CRYPTO_MANAGER 405 select CRYPTO_GF128MUL 406 help 407 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 408 narrow block cipher mode for dm-crypt. Use it with cipher 409 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 410 The first 128, 192 or 256 bits in the key are used for AES and the 411 rest is used to tie each cipher block to its logical position. 412 413config CRYPTO_OFB 414 tristate "OFB support" 415 select CRYPTO_SKCIPHER 416 select CRYPTO_MANAGER 417 help 418 OFB: the Output Feedback mode makes a block cipher into a synchronous 419 stream cipher. It generates keystream blocks, which are then XORed 420 with the plaintext blocks to get the ciphertext. Flipping a bit in the 421 ciphertext produces a flipped bit in the plaintext at the same 422 location. This property allows many error correcting codes to function 423 normally even when applied before encryption. 424 425config CRYPTO_PCBC 426 tristate "PCBC support" 427 select CRYPTO_SKCIPHER 428 select CRYPTO_MANAGER 429 help 430 PCBC: Propagating Cipher Block Chaining mode 431 This block cipher algorithm is required for RxRPC. 432 433config CRYPTO_XTS 434 tristate "XTS support" 435 select CRYPTO_SKCIPHER 436 select CRYPTO_MANAGER 437 select CRYPTO_ECB 438 help 439 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 440 key size 256, 384 or 512 bits. This implementation currently 441 can't handle a sectorsize which is not a multiple of 16 bytes. 442 443config CRYPTO_KEYWRAP 444 tristate "Key wrapping support" 445 select CRYPTO_SKCIPHER 446 select CRYPTO_MANAGER 447 help 448 Support for key wrapping (NIST SP800-38F / RFC3394) without 449 padding. 450 451config CRYPTO_NHPOLY1305 452 tristate 453 select CRYPTO_HASH 454 select CRYPTO_LIB_POLY1305_GENERIC 455 456config CRYPTO_NHPOLY1305_SSE2 457 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)" 458 depends on X86 && 64BIT 459 select CRYPTO_NHPOLY1305 460 help 461 SSE2 optimized implementation of the hash function used by the 462 Adiantum encryption mode. 463 464config CRYPTO_NHPOLY1305_AVX2 465 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)" 466 depends on X86 && 64BIT 467 select CRYPTO_NHPOLY1305 468 help 469 AVX2 optimized implementation of the hash function used by the 470 Adiantum encryption mode. 471 472config CRYPTO_ADIANTUM 473 tristate "Adiantum support" 474 select CRYPTO_CHACHA20 475 select CRYPTO_LIB_POLY1305_GENERIC 476 select CRYPTO_NHPOLY1305 477 select CRYPTO_MANAGER 478 help 479 Adiantum is a tweakable, length-preserving encryption mode 480 designed for fast and secure disk encryption, especially on 481 CPUs without dedicated crypto instructions. It encrypts 482 each sector using the XChaCha12 stream cipher, two passes of 483 an ε-almost-∆-universal hash function, and an invocation of 484 the AES-256 block cipher on a single 16-byte block. On CPUs 485 without AES instructions, Adiantum is much faster than 486 AES-XTS. 487 488 Adiantum's security is provably reducible to that of its 489 underlying stream and block ciphers, subject to a security 490 bound. Unlike XTS, Adiantum is a true wide-block encryption 491 mode, so it actually provides an even stronger notion of 492 security than XTS, subject to the security bound. 493 494 If unsure, say N. 495 496config CRYPTO_ESSIV 497 tristate "ESSIV support for block encryption" 498 select CRYPTO_AUTHENC 499 help 500 Encrypted salt-sector initialization vector (ESSIV) is an IV 501 generation method that is used in some cases by fscrypt and/or 502 dm-crypt. It uses the hash of the block encryption key as the 503 symmetric key for a block encryption pass applied to the input 504 IV, making low entropy IV sources more suitable for block 505 encryption. 506 507 This driver implements a crypto API template that can be 508 instantiated either as an skcipher or as an AEAD (depending on the 509 type of the first template argument), and which defers encryption 510 and decryption requests to the encapsulated cipher after applying 511 ESSIV to the input IV. Note that in the AEAD case, it is assumed 512 that the keys are presented in the same format used by the authenc 513 template, and that the IV appears at the end of the authenticated 514 associated data (AAD) region (which is how dm-crypt uses it.) 515 516 Note that the use of ESSIV is not recommended for new deployments, 517 and so this only needs to be enabled when interoperability with 518 existing encrypted volumes of filesystems is required, or when 519 building for a particular system that requires it (e.g., when 520 the SoC in question has accelerated CBC but not XTS, making CBC 521 combined with ESSIV the only feasible mode for h/w accelerated 522 block encryption) 523 524comment "Hash modes" 525 526config CRYPTO_CMAC 527 tristate "CMAC support" 528 select CRYPTO_HASH 529 select CRYPTO_MANAGER 530 help 531 Cipher-based Message Authentication Code (CMAC) specified by 532 The National Institute of Standards and Technology (NIST). 533 534 https://tools.ietf.org/html/rfc4493 535 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 536 537config CRYPTO_HMAC 538 tristate "HMAC support" 539 select CRYPTO_HASH 540 select CRYPTO_MANAGER 541 help 542 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 543 This is required for IPSec. 544 545config CRYPTO_XCBC 546 tristate "XCBC support" 547 select CRYPTO_HASH 548 select CRYPTO_MANAGER 549 help 550 XCBC: Keyed-Hashing with encryption algorithm 551 https://www.ietf.org/rfc/rfc3566.txt 552 http://csrc.nist.gov/encryption/modes/proposedmodes/ 553 xcbc-mac/xcbc-mac-spec.pdf 554 555config CRYPTO_VMAC 556 tristate "VMAC support" 557 select CRYPTO_HASH 558 select CRYPTO_MANAGER 559 help 560 VMAC is a message authentication algorithm designed for 561 very high speed on 64-bit architectures. 562 563 See also: 564 <https://fastcrypto.org/vmac> 565 566comment "Digest" 567 568config CRYPTO_CRC32C 569 tristate "CRC32c CRC algorithm" 570 select CRYPTO_HASH 571 select CRC32 572 help 573 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 574 by iSCSI for header and data digests and by others. 575 See Castagnoli93. Module will be crc32c. 576 577config CRYPTO_CRC32C_INTEL 578 tristate "CRC32c INTEL hardware acceleration" 579 depends on X86 580 select CRYPTO_HASH 581 help 582 In Intel processor with SSE4.2 supported, the processor will 583 support CRC32C implementation using hardware accelerated CRC32 584 instruction. This option will create 'crc32c-intel' module, 585 which will enable any routine to use the CRC32 instruction to 586 gain performance compared with software implementation. 587 Module will be crc32c-intel. 588 589config CRYPTO_CRC32C_VPMSUM 590 tristate "CRC32c CRC algorithm (powerpc64)" 591 depends on PPC64 && ALTIVEC 592 select CRYPTO_HASH 593 select CRC32 594 help 595 CRC32c algorithm implemented using vector polynomial multiply-sum 596 (vpmsum) instructions, introduced in POWER8. Enable on POWER8 597 and newer processors for improved performance. 598 599 600config CRYPTO_CRC32C_SPARC64 601 tristate "CRC32c CRC algorithm (SPARC64)" 602 depends on SPARC64 603 select CRYPTO_HASH 604 select CRC32 605 help 606 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 607 when available. 608 609config CRYPTO_CRC32 610 tristate "CRC32 CRC algorithm" 611 select CRYPTO_HASH 612 select CRC32 613 help 614 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 615 Shash crypto api wrappers to crc32_le function. 616 617config CRYPTO_CRC32_PCLMUL 618 tristate "CRC32 PCLMULQDQ hardware acceleration" 619 depends on X86 620 select CRYPTO_HASH 621 select CRC32 622 help 623 From Intel Westmere and AMD Bulldozer processor with SSE4.2 624 and PCLMULQDQ supported, the processor will support 625 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 626 instruction. This option will create 'crc32-pclmul' module, 627 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 628 and gain better performance as compared with the table implementation. 629 630config CRYPTO_CRC32_MIPS 631 tristate "CRC32c and CRC32 CRC algorithm (MIPS)" 632 depends on MIPS_CRC_SUPPORT 633 select CRYPTO_HASH 634 help 635 CRC32c and CRC32 CRC algorithms implemented using mips crypto 636 instructions, when available. 637 638 639config CRYPTO_XXHASH 640 tristate "xxHash hash algorithm" 641 select CRYPTO_HASH 642 select XXHASH 643 help 644 xxHash non-cryptographic hash algorithm. Extremely fast, working at 645 speeds close to RAM limits. 646 647config CRYPTO_BLAKE2B 648 tristate "BLAKE2b digest algorithm" 649 select CRYPTO_HASH 650 help 651 Implementation of cryptographic hash function BLAKE2b (or just BLAKE2), 652 optimized for 64bit platforms and can produce digests of any size 653 between 1 to 64. The keyed hash is also implemented. 654 655 This module provides the following algorithms: 656 657 - blake2b-160 658 - blake2b-256 659 - blake2b-384 660 - blake2b-512 661 662 See https://blake2.net for further information. 663 664config CRYPTO_BLAKE2S 665 tristate "BLAKE2s digest algorithm" 666 select CRYPTO_LIB_BLAKE2S_GENERIC 667 select CRYPTO_HASH 668 help 669 Implementation of cryptographic hash function BLAKE2s 670 optimized for 8-32bit platforms and can produce digests of any size 671 between 1 to 32. The keyed hash is also implemented. 672 673 This module provides the following algorithms: 674 675 - blake2s-128 676 - blake2s-160 677 - blake2s-224 678 - blake2s-256 679 680 See https://blake2.net for further information. 681 682config CRYPTO_BLAKE2S_X86 683 tristate "BLAKE2s digest algorithm (x86 accelerated version)" 684 depends on X86 && 64BIT 685 select CRYPTO_LIB_BLAKE2S_GENERIC 686 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S 687 688config CRYPTO_CRCT10DIF 689 tristate "CRCT10DIF algorithm" 690 select CRYPTO_HASH 691 help 692 CRC T10 Data Integrity Field computation is being cast as 693 a crypto transform. This allows for faster crc t10 diff 694 transforms to be used if they are available. 695 696config CRYPTO_CRCT10DIF_PCLMUL 697 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 698 depends on X86 && 64BIT && CRC_T10DIF 699 select CRYPTO_HASH 700 help 701 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 702 CRC T10 DIF PCLMULQDQ computation can be hardware 703 accelerated PCLMULQDQ instruction. This option will create 704 'crct10dif-pclmul' module, which is faster when computing the 705 crct10dif checksum as compared with the generic table implementation. 706 707config CRYPTO_CRCT10DIF_VPMSUM 708 tristate "CRC32T10DIF powerpc64 hardware acceleration" 709 depends on PPC64 && ALTIVEC && CRC_T10DIF 710 select CRYPTO_HASH 711 help 712 CRC10T10DIF algorithm implemented using vector polynomial 713 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 714 POWER8 and newer processors for improved performance. 715 716config CRYPTO_VPMSUM_TESTER 717 tristate "Powerpc64 vpmsum hardware acceleration tester" 718 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 719 help 720 Stress test for CRC32c and CRC-T10DIF algorithms implemented with 721 POWER8 vpmsum instructions. 722 Unless you are testing these algorithms, you don't need this. 723 724config CRYPTO_GHASH 725 tristate "GHASH hash function" 726 select CRYPTO_GF128MUL 727 select CRYPTO_HASH 728 help 729 GHASH is the hash function used in GCM (Galois/Counter Mode). 730 It is not a general-purpose cryptographic hash function. 731 732config CRYPTO_POLY1305 733 tristate "Poly1305 authenticator algorithm" 734 select CRYPTO_HASH 735 select CRYPTO_LIB_POLY1305_GENERIC 736 help 737 Poly1305 authenticator algorithm, RFC7539. 738 739 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 740 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 741 in IETF protocols. This is the portable C implementation of Poly1305. 742 743config CRYPTO_POLY1305_X86_64 744 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 745 depends on X86 && 64BIT 746 select CRYPTO_LIB_POLY1305_GENERIC 747 select CRYPTO_ARCH_HAVE_LIB_POLY1305 748 help 749 Poly1305 authenticator algorithm, RFC7539. 750 751 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 752 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 753 in IETF protocols. This is the x86_64 assembler implementation using SIMD 754 instructions. 755 756config CRYPTO_POLY1305_MIPS 757 tristate "Poly1305 authenticator algorithm (MIPS optimized)" 758 depends on CPU_MIPS32 || (CPU_MIPS64 && 64BIT) 759 select CRYPTO_ARCH_HAVE_LIB_POLY1305 760 761config CRYPTO_MD4 762 tristate "MD4 digest algorithm" 763 select CRYPTO_HASH 764 help 765 MD4 message digest algorithm (RFC1320). 766 767config CRYPTO_MD5 768 tristate "MD5 digest algorithm" 769 select CRYPTO_HASH 770 help 771 MD5 message digest algorithm (RFC1321). 772 773config CRYPTO_MD5_OCTEON 774 tristate "MD5 digest algorithm (OCTEON)" 775 depends on CPU_CAVIUM_OCTEON 776 select CRYPTO_MD5 777 select CRYPTO_HASH 778 help 779 MD5 message digest algorithm (RFC1321) implemented 780 using OCTEON crypto instructions, when available. 781 782config CRYPTO_MD5_PPC 783 tristate "MD5 digest algorithm (PPC)" 784 depends on PPC 785 select CRYPTO_HASH 786 help 787 MD5 message digest algorithm (RFC1321) implemented 788 in PPC assembler. 789 790config CRYPTO_MD5_SPARC64 791 tristate "MD5 digest algorithm (SPARC64)" 792 depends on SPARC64 793 select CRYPTO_MD5 794 select CRYPTO_HASH 795 help 796 MD5 message digest algorithm (RFC1321) implemented 797 using sparc64 crypto instructions, when available. 798 799config CRYPTO_MICHAEL_MIC 800 tristate "Michael MIC keyed digest algorithm" 801 select CRYPTO_HASH 802 help 803 Michael MIC is used for message integrity protection in TKIP 804 (IEEE 802.11i). This algorithm is required for TKIP, but it 805 should not be used for other purposes because of the weakness 806 of the algorithm. 807 808config CRYPTO_RMD128 809 tristate "RIPEMD-128 digest algorithm" 810 select CRYPTO_HASH 811 help 812 RIPEMD-128 (ISO/IEC 10118-3:2004). 813 814 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 815 be used as a secure replacement for RIPEMD. For other use cases, 816 RIPEMD-160 should be used. 817 818 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 819 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 820 821config CRYPTO_RMD160 822 tristate "RIPEMD-160 digest algorithm" 823 select CRYPTO_HASH 824 help 825 RIPEMD-160 (ISO/IEC 10118-3:2004). 826 827 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 828 to be used as a secure replacement for the 128-bit hash functions 829 MD4, MD5 and it's predecessor RIPEMD 830 (not to be confused with RIPEMD-128). 831 832 It's speed is comparable to SHA1 and there are no known attacks 833 against RIPEMD-160. 834 835 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 836 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 837 838config CRYPTO_RMD256 839 tristate "RIPEMD-256 digest algorithm" 840 select CRYPTO_HASH 841 help 842 RIPEMD-256 is an optional extension of RIPEMD-128 with a 843 256 bit hash. It is intended for applications that require 844 longer hash-results, without needing a larger security level 845 (than RIPEMD-128). 846 847 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 848 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 849 850config CRYPTO_RMD320 851 tristate "RIPEMD-320 digest algorithm" 852 select CRYPTO_HASH 853 help 854 RIPEMD-320 is an optional extension of RIPEMD-160 with a 855 320 bit hash. It is intended for applications that require 856 longer hash-results, without needing a larger security level 857 (than RIPEMD-160). 858 859 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 860 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 861 862config CRYPTO_SHA1 863 tristate "SHA1 digest algorithm" 864 select CRYPTO_HASH 865 help 866 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 867 868config CRYPTO_SHA1_SSSE3 869 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 870 depends on X86 && 64BIT 871 select CRYPTO_SHA1 872 select CRYPTO_HASH 873 help 874 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 875 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 876 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 877 when available. 878 879config CRYPTO_SHA256_SSSE3 880 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 881 depends on X86 && 64BIT 882 select CRYPTO_SHA256 883 select CRYPTO_HASH 884 help 885 SHA-256 secure hash standard (DFIPS 180-2) implemented 886 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 887 Extensions version 1 (AVX1), or Advanced Vector Extensions 888 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 889 Instructions) when available. 890 891config CRYPTO_SHA512_SSSE3 892 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 893 depends on X86 && 64BIT 894 select CRYPTO_SHA512 895 select CRYPTO_HASH 896 help 897 SHA-512 secure hash standard (DFIPS 180-2) implemented 898 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 899 Extensions version 1 (AVX1), or Advanced Vector Extensions 900 version 2 (AVX2) instructions, when available. 901 902config CRYPTO_SHA1_OCTEON 903 tristate "SHA1 digest algorithm (OCTEON)" 904 depends on CPU_CAVIUM_OCTEON 905 select CRYPTO_SHA1 906 select CRYPTO_HASH 907 help 908 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 909 using OCTEON crypto instructions, when available. 910 911config CRYPTO_SHA1_SPARC64 912 tristate "SHA1 digest algorithm (SPARC64)" 913 depends on SPARC64 914 select CRYPTO_SHA1 915 select CRYPTO_HASH 916 help 917 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 918 using sparc64 crypto instructions, when available. 919 920config CRYPTO_SHA1_PPC 921 tristate "SHA1 digest algorithm (powerpc)" 922 depends on PPC 923 help 924 This is the powerpc hardware accelerated implementation of the 925 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 926 927config CRYPTO_SHA1_PPC_SPE 928 tristate "SHA1 digest algorithm (PPC SPE)" 929 depends on PPC && SPE 930 help 931 SHA-1 secure hash standard (DFIPS 180-4) implemented 932 using powerpc SPE SIMD instruction set. 933 934config CRYPTO_SHA256 935 tristate "SHA224 and SHA256 digest algorithm" 936 select CRYPTO_HASH 937 select CRYPTO_LIB_SHA256 938 help 939 SHA256 secure hash standard (DFIPS 180-2). 940 941 This version of SHA implements a 256 bit hash with 128 bits of 942 security against collision attacks. 943 944 This code also includes SHA-224, a 224 bit hash with 112 bits 945 of security against collision attacks. 946 947config CRYPTO_SHA256_PPC_SPE 948 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 949 depends on PPC && SPE 950 select CRYPTO_SHA256 951 select CRYPTO_HASH 952 help 953 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 954 implemented using powerpc SPE SIMD instruction set. 955 956config CRYPTO_SHA256_OCTEON 957 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 958 depends on CPU_CAVIUM_OCTEON 959 select CRYPTO_SHA256 960 select CRYPTO_HASH 961 help 962 SHA-256 secure hash standard (DFIPS 180-2) implemented 963 using OCTEON crypto instructions, when available. 964 965config CRYPTO_SHA256_SPARC64 966 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 967 depends on SPARC64 968 select CRYPTO_SHA256 969 select CRYPTO_HASH 970 help 971 SHA-256 secure hash standard (DFIPS 180-2) implemented 972 using sparc64 crypto instructions, when available. 973 974config CRYPTO_SHA512 975 tristate "SHA384 and SHA512 digest algorithms" 976 select CRYPTO_HASH 977 help 978 SHA512 secure hash standard (DFIPS 180-2). 979 980 This version of SHA implements a 512 bit hash with 256 bits of 981 security against collision attacks. 982 983 This code also includes SHA-384, a 384 bit hash with 192 bits 984 of security against collision attacks. 985 986config CRYPTO_SHA512_OCTEON 987 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 988 depends on CPU_CAVIUM_OCTEON 989 select CRYPTO_SHA512 990 select CRYPTO_HASH 991 help 992 SHA-512 secure hash standard (DFIPS 180-2) implemented 993 using OCTEON crypto instructions, when available. 994 995config CRYPTO_SHA512_SPARC64 996 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 997 depends on SPARC64 998 select CRYPTO_SHA512 999 select CRYPTO_HASH 1000 help 1001 SHA-512 secure hash standard (DFIPS 180-2) implemented 1002 using sparc64 crypto instructions, when available. 1003 1004config CRYPTO_SHA3 1005 tristate "SHA3 digest algorithm" 1006 select CRYPTO_HASH 1007 help 1008 SHA-3 secure hash standard (DFIPS 202). It's based on 1009 cryptographic sponge function family called Keccak. 1010 1011 References: 1012 http://keccak.noekeon.org/ 1013 1014config CRYPTO_SM3 1015 tristate "SM3 digest algorithm" 1016 select CRYPTO_HASH 1017 help 1018 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 1019 It is part of the Chinese Commercial Cryptography suite. 1020 1021 References: 1022 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 1023 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 1024 1025config CRYPTO_STREEBOG 1026 tristate "Streebog Hash Function" 1027 select CRYPTO_HASH 1028 help 1029 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian 1030 cryptographic standard algorithms (called GOST algorithms). 1031 This setting enables two hash algorithms with 256 and 512 bits output. 1032 1033 References: 1034 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 1035 https://tools.ietf.org/html/rfc6986 1036 1037config CRYPTO_TGR192 1038 tristate "Tiger digest algorithms" 1039 select CRYPTO_HASH 1040 help 1041 Tiger hash algorithm 192, 160 and 128-bit hashes 1042 1043 Tiger is a hash function optimized for 64-bit processors while 1044 still having decent performance on 32-bit processors. 1045 Tiger was developed by Ross Anderson and Eli Biham. 1046 1047 See also: 1048 <https://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 1049 1050config CRYPTO_WP512 1051 tristate "Whirlpool digest algorithms" 1052 select CRYPTO_HASH 1053 help 1054 Whirlpool hash algorithm 512, 384 and 256-bit hashes 1055 1056 Whirlpool-512 is part of the NESSIE cryptographic primitives. 1057 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 1058 1059 See also: 1060 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 1061 1062config CRYPTO_GHASH_CLMUL_NI_INTEL 1063 tristate "GHASH hash function (CLMUL-NI accelerated)" 1064 depends on X86 && 64BIT 1065 select CRYPTO_CRYPTD 1066 help 1067 This is the x86_64 CLMUL-NI accelerated implementation of 1068 GHASH, the hash function used in GCM (Galois/Counter mode). 1069 1070comment "Ciphers" 1071 1072config CRYPTO_AES 1073 tristate "AES cipher algorithms" 1074 select CRYPTO_ALGAPI 1075 select CRYPTO_LIB_AES 1076 help 1077 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1078 algorithm. 1079 1080 Rijndael appears to be consistently a very good performer in 1081 both hardware and software across a wide range of computing 1082 environments regardless of its use in feedback or non-feedback 1083 modes. Its key setup time is excellent, and its key agility is 1084 good. Rijndael's very low memory requirements make it very well 1085 suited for restricted-space environments, in which it also 1086 demonstrates excellent performance. Rijndael's operations are 1087 among the easiest to defend against power and timing attacks. 1088 1089 The AES specifies three key sizes: 128, 192 and 256 bits 1090 1091 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 1092 1093config CRYPTO_AES_TI 1094 tristate "Fixed time AES cipher" 1095 select CRYPTO_ALGAPI 1096 select CRYPTO_LIB_AES 1097 help 1098 This is a generic implementation of AES that attempts to eliminate 1099 data dependent latencies as much as possible without affecting 1100 performance too much. It is intended for use by the generic CCM 1101 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 1102 solely on encryption (although decryption is supported as well, but 1103 with a more dramatic performance hit) 1104 1105 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 1106 8 for decryption), this implementation only uses just two S-boxes of 1107 256 bytes each, and attempts to eliminate data dependent latencies by 1108 prefetching the entire table into the cache at the start of each 1109 block. Interrupts are also disabled to avoid races where cachelines 1110 are evicted when the CPU is interrupted to do something else. 1111 1112config CRYPTO_AES_NI_INTEL 1113 tristate "AES cipher algorithms (AES-NI)" 1114 depends on X86 1115 select CRYPTO_AEAD 1116 select CRYPTO_LIB_AES 1117 select CRYPTO_ALGAPI 1118 select CRYPTO_SKCIPHER 1119 select CRYPTO_GLUE_HELPER_X86 if 64BIT 1120 select CRYPTO_SIMD 1121 help 1122 Use Intel AES-NI instructions for AES algorithm. 1123 1124 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1125 algorithm. 1126 1127 Rijndael appears to be consistently a very good performer in 1128 both hardware and software across a wide range of computing 1129 environments regardless of its use in feedback or non-feedback 1130 modes. Its key setup time is excellent, and its key agility is 1131 good. Rijndael's very low memory requirements make it very well 1132 suited for restricted-space environments, in which it also 1133 demonstrates excellent performance. Rijndael's operations are 1134 among the easiest to defend against power and timing attacks. 1135 1136 The AES specifies three key sizes: 128, 192 and 256 bits 1137 1138 See <http://csrc.nist.gov/encryption/aes/> for more information. 1139 1140 In addition to AES cipher algorithm support, the acceleration 1141 for some popular block cipher mode is supported too, including 1142 ECB, CBC, LRW, XTS. The 64 bit version has additional 1143 acceleration for CTR. 1144 1145config CRYPTO_AES_SPARC64 1146 tristate "AES cipher algorithms (SPARC64)" 1147 depends on SPARC64 1148 select CRYPTO_SKCIPHER 1149 help 1150 Use SPARC64 crypto opcodes for AES algorithm. 1151 1152 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1153 algorithm. 1154 1155 Rijndael appears to be consistently a very good performer in 1156 both hardware and software across a wide range of computing 1157 environments regardless of its use in feedback or non-feedback 1158 modes. Its key setup time is excellent, and its key agility is 1159 good. Rijndael's very low memory requirements make it very well 1160 suited for restricted-space environments, in which it also 1161 demonstrates excellent performance. Rijndael's operations are 1162 among the easiest to defend against power and timing attacks. 1163 1164 The AES specifies three key sizes: 128, 192 and 256 bits 1165 1166 See <http://csrc.nist.gov/encryption/aes/> for more information. 1167 1168 In addition to AES cipher algorithm support, the acceleration 1169 for some popular block cipher mode is supported too, including 1170 ECB and CBC. 1171 1172config CRYPTO_AES_PPC_SPE 1173 tristate "AES cipher algorithms (PPC SPE)" 1174 depends on PPC && SPE 1175 select CRYPTO_SKCIPHER 1176 help 1177 AES cipher algorithms (FIPS-197). Additionally the acceleration 1178 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1179 This module should only be used for low power (router) devices 1180 without hardware AES acceleration (e.g. caam crypto). It reduces the 1181 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1182 timining attacks. Nevertheless it might be not as secure as other 1183 architecture specific assembler implementations that work on 1KB 1184 tables or 256 bytes S-boxes. 1185 1186config CRYPTO_ANUBIS 1187 tristate "Anubis cipher algorithm" 1188 select CRYPTO_ALGAPI 1189 help 1190 Anubis cipher algorithm. 1191 1192 Anubis is a variable key length cipher which can use keys from 1193 128 bits to 320 bits in length. It was evaluated as a entrant 1194 in the NESSIE competition. 1195 1196 See also: 1197 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 1198 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 1199 1200config CRYPTO_ARC4 1201 tristate "ARC4 cipher algorithm" 1202 select CRYPTO_SKCIPHER 1203 select CRYPTO_LIB_ARC4 1204 help 1205 ARC4 cipher algorithm. 1206 1207 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1208 bits in length. This algorithm is required for driver-based 1209 WEP, but it should not be for other purposes because of the 1210 weakness of the algorithm. 1211 1212config CRYPTO_BLOWFISH 1213 tristate "Blowfish cipher algorithm" 1214 select CRYPTO_ALGAPI 1215 select CRYPTO_BLOWFISH_COMMON 1216 help 1217 Blowfish cipher algorithm, by Bruce Schneier. 1218 1219 This is a variable key length cipher which can use keys from 32 1220 bits to 448 bits in length. It's fast, simple and specifically 1221 designed for use on "large microprocessors". 1222 1223 See also: 1224 <https://www.schneier.com/blowfish.html> 1225 1226config CRYPTO_BLOWFISH_COMMON 1227 tristate 1228 help 1229 Common parts of the Blowfish cipher algorithm shared by the 1230 generic c and the assembler implementations. 1231 1232 See also: 1233 <https://www.schneier.com/blowfish.html> 1234 1235config CRYPTO_BLOWFISH_X86_64 1236 tristate "Blowfish cipher algorithm (x86_64)" 1237 depends on X86 && 64BIT 1238 select CRYPTO_SKCIPHER 1239 select CRYPTO_BLOWFISH_COMMON 1240 help 1241 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 1242 1243 This is a variable key length cipher which can use keys from 32 1244 bits to 448 bits in length. It's fast, simple and specifically 1245 designed for use on "large microprocessors". 1246 1247 See also: 1248 <https://www.schneier.com/blowfish.html> 1249 1250config CRYPTO_CAMELLIA 1251 tristate "Camellia cipher algorithms" 1252 depends on CRYPTO 1253 select CRYPTO_ALGAPI 1254 help 1255 Camellia cipher algorithms module. 1256 1257 Camellia is a symmetric key block cipher developed jointly 1258 at NTT and Mitsubishi Electric Corporation. 1259 1260 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1261 1262 See also: 1263 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1264 1265config CRYPTO_CAMELLIA_X86_64 1266 tristate "Camellia cipher algorithm (x86_64)" 1267 depends on X86 && 64BIT 1268 depends on CRYPTO 1269 select CRYPTO_SKCIPHER 1270 select CRYPTO_GLUE_HELPER_X86 1271 help 1272 Camellia cipher algorithm module (x86_64). 1273 1274 Camellia is a symmetric key block cipher developed jointly 1275 at NTT and Mitsubishi Electric Corporation. 1276 1277 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1278 1279 See also: 1280 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1281 1282config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1283 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1284 depends on X86 && 64BIT 1285 depends on CRYPTO 1286 select CRYPTO_SKCIPHER 1287 select CRYPTO_CAMELLIA_X86_64 1288 select CRYPTO_GLUE_HELPER_X86 1289 select CRYPTO_SIMD 1290 select CRYPTO_XTS 1291 help 1292 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1293 1294 Camellia is a symmetric key block cipher developed jointly 1295 at NTT and Mitsubishi Electric Corporation. 1296 1297 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1298 1299 See also: 1300 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1301 1302config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1303 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1304 depends on X86 && 64BIT 1305 depends on CRYPTO 1306 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1307 help 1308 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1309 1310 Camellia is a symmetric key block cipher developed jointly 1311 at NTT and Mitsubishi Electric Corporation. 1312 1313 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1314 1315 See also: 1316 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1317 1318config CRYPTO_CAMELLIA_SPARC64 1319 tristate "Camellia cipher algorithm (SPARC64)" 1320 depends on SPARC64 1321 depends on CRYPTO 1322 select CRYPTO_ALGAPI 1323 select CRYPTO_SKCIPHER 1324 help 1325 Camellia cipher algorithm module (SPARC64). 1326 1327 Camellia is a symmetric key block cipher developed jointly 1328 at NTT and Mitsubishi Electric Corporation. 1329 1330 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1331 1332 See also: 1333 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1334 1335config CRYPTO_CAST_COMMON 1336 tristate 1337 help 1338 Common parts of the CAST cipher algorithms shared by the 1339 generic c and the assembler implementations. 1340 1341config CRYPTO_CAST5 1342 tristate "CAST5 (CAST-128) cipher algorithm" 1343 select CRYPTO_ALGAPI 1344 select CRYPTO_CAST_COMMON 1345 help 1346 The CAST5 encryption algorithm (synonymous with CAST-128) is 1347 described in RFC2144. 1348 1349config CRYPTO_CAST5_AVX_X86_64 1350 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1351 depends on X86 && 64BIT 1352 select CRYPTO_SKCIPHER 1353 select CRYPTO_CAST5 1354 select CRYPTO_CAST_COMMON 1355 select CRYPTO_SIMD 1356 help 1357 The CAST5 encryption algorithm (synonymous with CAST-128) is 1358 described in RFC2144. 1359 1360 This module provides the Cast5 cipher algorithm that processes 1361 sixteen blocks parallel using the AVX instruction set. 1362 1363config CRYPTO_CAST6 1364 tristate "CAST6 (CAST-256) cipher algorithm" 1365 select CRYPTO_ALGAPI 1366 select CRYPTO_CAST_COMMON 1367 help 1368 The CAST6 encryption algorithm (synonymous with CAST-256) is 1369 described in RFC2612. 1370 1371config CRYPTO_CAST6_AVX_X86_64 1372 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1373 depends on X86 && 64BIT 1374 select CRYPTO_SKCIPHER 1375 select CRYPTO_CAST6 1376 select CRYPTO_CAST_COMMON 1377 select CRYPTO_GLUE_HELPER_X86 1378 select CRYPTO_SIMD 1379 select CRYPTO_XTS 1380 help 1381 The CAST6 encryption algorithm (synonymous with CAST-256) is 1382 described in RFC2612. 1383 1384 This module provides the Cast6 cipher algorithm that processes 1385 eight blocks parallel using the AVX instruction set. 1386 1387config CRYPTO_DES 1388 tristate "DES and Triple DES EDE cipher algorithms" 1389 select CRYPTO_ALGAPI 1390 select CRYPTO_LIB_DES 1391 help 1392 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1393 1394config CRYPTO_DES_SPARC64 1395 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1396 depends on SPARC64 1397 select CRYPTO_ALGAPI 1398 select CRYPTO_LIB_DES 1399 select CRYPTO_SKCIPHER 1400 help 1401 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1402 optimized using SPARC64 crypto opcodes. 1403 1404config CRYPTO_DES3_EDE_X86_64 1405 tristate "Triple DES EDE cipher algorithm (x86-64)" 1406 depends on X86 && 64BIT 1407 select CRYPTO_SKCIPHER 1408 select CRYPTO_LIB_DES 1409 help 1410 Triple DES EDE (FIPS 46-3) algorithm. 1411 1412 This module provides implementation of the Triple DES EDE cipher 1413 algorithm that is optimized for x86-64 processors. Two versions of 1414 algorithm are provided; regular processing one input block and 1415 one that processes three blocks parallel. 1416 1417config CRYPTO_FCRYPT 1418 tristate "FCrypt cipher algorithm" 1419 select CRYPTO_ALGAPI 1420 select CRYPTO_SKCIPHER 1421 help 1422 FCrypt algorithm used by RxRPC. 1423 1424config CRYPTO_KHAZAD 1425 tristate "Khazad cipher algorithm" 1426 select CRYPTO_ALGAPI 1427 help 1428 Khazad cipher algorithm. 1429 1430 Khazad was a finalist in the initial NESSIE competition. It is 1431 an algorithm optimized for 64-bit processors with good performance 1432 on 32-bit processors. Khazad uses an 128 bit key size. 1433 1434 See also: 1435 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1436 1437config CRYPTO_SALSA20 1438 tristate "Salsa20 stream cipher algorithm" 1439 select CRYPTO_SKCIPHER 1440 help 1441 Salsa20 stream cipher algorithm. 1442 1443 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1444 Stream Cipher Project. See <https://www.ecrypt.eu.org/stream/> 1445 1446 The Salsa20 stream cipher algorithm is designed by Daniel J. 1447 Bernstein <djb@cr.yp.to>. See <https://cr.yp.to/snuffle.html> 1448 1449config CRYPTO_CHACHA20 1450 tristate "ChaCha stream cipher algorithms" 1451 select CRYPTO_LIB_CHACHA_GENERIC 1452 select CRYPTO_SKCIPHER 1453 help 1454 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms. 1455 1456 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1457 Bernstein and further specified in RFC7539 for use in IETF protocols. 1458 This is the portable C implementation of ChaCha20. See also: 1459 <https://cr.yp.to/chacha/chacha-20080128.pdf> 1460 1461 XChaCha20 is the application of the XSalsa20 construction to ChaCha20 1462 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 1463 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 1464 while provably retaining ChaCha20's security. See also: 1465 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf> 1466 1467 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 1468 reduced security margin but increased performance. It can be needed 1469 in some performance-sensitive scenarios. 1470 1471config CRYPTO_CHACHA20_X86_64 1472 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)" 1473 depends on X86 && 64BIT 1474 select CRYPTO_SKCIPHER 1475 select CRYPTO_LIB_CHACHA_GENERIC 1476 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1477 help 1478 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20, 1479 XChaCha20, and XChaCha12 stream ciphers. 1480 1481config CRYPTO_CHACHA_MIPS 1482 tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)" 1483 depends on CPU_MIPS32_R2 1484 select CRYPTO_SKCIPHER 1485 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1486 1487config CRYPTO_SEED 1488 tristate "SEED cipher algorithm" 1489 select CRYPTO_ALGAPI 1490 help 1491 SEED cipher algorithm (RFC4269). 1492 1493 SEED is a 128-bit symmetric key block cipher that has been 1494 developed by KISA (Korea Information Security Agency) as a 1495 national standard encryption algorithm of the Republic of Korea. 1496 It is a 16 round block cipher with the key size of 128 bit. 1497 1498 See also: 1499 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1500 1501config CRYPTO_SERPENT 1502 tristate "Serpent cipher algorithm" 1503 select CRYPTO_ALGAPI 1504 help 1505 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1506 1507 Keys are allowed to be from 0 to 256 bits in length, in steps 1508 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 1509 variant of Serpent for compatibility with old kerneli.org code. 1510 1511 See also: 1512 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1513 1514config CRYPTO_SERPENT_SSE2_X86_64 1515 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1516 depends on X86 && 64BIT 1517 select CRYPTO_SKCIPHER 1518 select CRYPTO_GLUE_HELPER_X86 1519 select CRYPTO_SERPENT 1520 select CRYPTO_SIMD 1521 help 1522 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1523 1524 Keys are allowed to be from 0 to 256 bits in length, in steps 1525 of 8 bits. 1526 1527 This module provides Serpent cipher algorithm that processes eight 1528 blocks parallel using SSE2 instruction set. 1529 1530 See also: 1531 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1532 1533config CRYPTO_SERPENT_SSE2_586 1534 tristate "Serpent cipher algorithm (i586/SSE2)" 1535 depends on X86 && !64BIT 1536 select CRYPTO_SKCIPHER 1537 select CRYPTO_GLUE_HELPER_X86 1538 select CRYPTO_SERPENT 1539 select CRYPTO_SIMD 1540 help 1541 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1542 1543 Keys are allowed to be from 0 to 256 bits in length, in steps 1544 of 8 bits. 1545 1546 This module provides Serpent cipher algorithm that processes four 1547 blocks parallel using SSE2 instruction set. 1548 1549 See also: 1550 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1551 1552config CRYPTO_SERPENT_AVX_X86_64 1553 tristate "Serpent cipher algorithm (x86_64/AVX)" 1554 depends on X86 && 64BIT 1555 select CRYPTO_SKCIPHER 1556 select CRYPTO_GLUE_HELPER_X86 1557 select CRYPTO_SERPENT 1558 select CRYPTO_SIMD 1559 select CRYPTO_XTS 1560 help 1561 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1562 1563 Keys are allowed to be from 0 to 256 bits in length, in steps 1564 of 8 bits. 1565 1566 This module provides the Serpent cipher algorithm that processes 1567 eight blocks parallel using the AVX instruction set. 1568 1569 See also: 1570 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1571 1572config CRYPTO_SERPENT_AVX2_X86_64 1573 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1574 depends on X86 && 64BIT 1575 select CRYPTO_SERPENT_AVX_X86_64 1576 help 1577 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1578 1579 Keys are allowed to be from 0 to 256 bits in length, in steps 1580 of 8 bits. 1581 1582 This module provides Serpent cipher algorithm that processes 16 1583 blocks parallel using AVX2 instruction set. 1584 1585 See also: 1586 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1587 1588config CRYPTO_SM4 1589 tristate "SM4 cipher algorithm" 1590 select CRYPTO_ALGAPI 1591 help 1592 SM4 cipher algorithms (OSCCA GB/T 32907-2016). 1593 1594 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1595 Organization of State Commercial Administration of China (OSCCA) 1596 as an authorized cryptographic algorithms for the use within China. 1597 1598 SMS4 was originally created for use in protecting wireless 1599 networks, and is mandated in the Chinese National Standard for 1600 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 1601 (GB.15629.11-2003). 1602 1603 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 1604 standardized through TC 260 of the Standardization Administration 1605 of the People's Republic of China (SAC). 1606 1607 The input, output, and key of SMS4 are each 128 bits. 1608 1609 See also: <https://eprint.iacr.org/2008/329.pdf> 1610 1611 If unsure, say N. 1612 1613config CRYPTO_TEA 1614 tristate "TEA, XTEA and XETA cipher algorithms" 1615 select CRYPTO_ALGAPI 1616 help 1617 TEA cipher algorithm. 1618 1619 Tiny Encryption Algorithm is a simple cipher that uses 1620 many rounds for security. It is very fast and uses 1621 little memory. 1622 1623 Xtendend Tiny Encryption Algorithm is a modification to 1624 the TEA algorithm to address a potential key weakness 1625 in the TEA algorithm. 1626 1627 Xtendend Encryption Tiny Algorithm is a mis-implementation 1628 of the XTEA algorithm for compatibility purposes. 1629 1630config CRYPTO_TWOFISH 1631 tristate "Twofish cipher algorithm" 1632 select CRYPTO_ALGAPI 1633 select CRYPTO_TWOFISH_COMMON 1634 help 1635 Twofish cipher algorithm. 1636 1637 Twofish was submitted as an AES (Advanced Encryption Standard) 1638 candidate cipher by researchers at CounterPane Systems. It is a 1639 16 round block cipher supporting key sizes of 128, 192, and 256 1640 bits. 1641 1642 See also: 1643 <https://www.schneier.com/twofish.html> 1644 1645config CRYPTO_TWOFISH_COMMON 1646 tristate 1647 help 1648 Common parts of the Twofish cipher algorithm shared by the 1649 generic c and the assembler implementations. 1650 1651config CRYPTO_TWOFISH_586 1652 tristate "Twofish cipher algorithms (i586)" 1653 depends on (X86 || UML_X86) && !64BIT 1654 select CRYPTO_ALGAPI 1655 select CRYPTO_TWOFISH_COMMON 1656 help 1657 Twofish cipher algorithm. 1658 1659 Twofish was submitted as an AES (Advanced Encryption Standard) 1660 candidate cipher by researchers at CounterPane Systems. It is a 1661 16 round block cipher supporting key sizes of 128, 192, and 256 1662 bits. 1663 1664 See also: 1665 <https://www.schneier.com/twofish.html> 1666 1667config CRYPTO_TWOFISH_X86_64 1668 tristate "Twofish cipher algorithm (x86_64)" 1669 depends on (X86 || UML_X86) && 64BIT 1670 select CRYPTO_ALGAPI 1671 select CRYPTO_TWOFISH_COMMON 1672 help 1673 Twofish cipher algorithm (x86_64). 1674 1675 Twofish was submitted as an AES (Advanced Encryption Standard) 1676 candidate cipher by researchers at CounterPane Systems. It is a 1677 16 round block cipher supporting key sizes of 128, 192, and 256 1678 bits. 1679 1680 See also: 1681 <https://www.schneier.com/twofish.html> 1682 1683config CRYPTO_TWOFISH_X86_64_3WAY 1684 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1685 depends on X86 && 64BIT 1686 select CRYPTO_SKCIPHER 1687 select CRYPTO_TWOFISH_COMMON 1688 select CRYPTO_TWOFISH_X86_64 1689 select CRYPTO_GLUE_HELPER_X86 1690 help 1691 Twofish cipher algorithm (x86_64, 3-way parallel). 1692 1693 Twofish was submitted as an AES (Advanced Encryption Standard) 1694 candidate cipher by researchers at CounterPane Systems. It is a 1695 16 round block cipher supporting key sizes of 128, 192, and 256 1696 bits. 1697 1698 This module provides Twofish cipher algorithm that processes three 1699 blocks parallel, utilizing resources of out-of-order CPUs better. 1700 1701 See also: 1702 <https://www.schneier.com/twofish.html> 1703 1704config CRYPTO_TWOFISH_AVX_X86_64 1705 tristate "Twofish cipher algorithm (x86_64/AVX)" 1706 depends on X86 && 64BIT 1707 select CRYPTO_SKCIPHER 1708 select CRYPTO_GLUE_HELPER_X86 1709 select CRYPTO_SIMD 1710 select CRYPTO_TWOFISH_COMMON 1711 select CRYPTO_TWOFISH_X86_64 1712 select CRYPTO_TWOFISH_X86_64_3WAY 1713 help 1714 Twofish cipher algorithm (x86_64/AVX). 1715 1716 Twofish was submitted as an AES (Advanced Encryption Standard) 1717 candidate cipher by researchers at CounterPane Systems. It is a 1718 16 round block cipher supporting key sizes of 128, 192, and 256 1719 bits. 1720 1721 This module provides the Twofish cipher algorithm that processes 1722 eight blocks parallel using the AVX Instruction Set. 1723 1724 See also: 1725 <https://www.schneier.com/twofish.html> 1726 1727comment "Compression" 1728 1729config CRYPTO_DEFLATE 1730 tristate "Deflate compression algorithm" 1731 select CRYPTO_ALGAPI 1732 select CRYPTO_ACOMP2 1733 select ZLIB_INFLATE 1734 select ZLIB_DEFLATE 1735 help 1736 This is the Deflate algorithm (RFC1951), specified for use in 1737 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1738 1739 You will most probably want this if using IPSec. 1740 1741config CRYPTO_LZO 1742 tristate "LZO compression algorithm" 1743 select CRYPTO_ALGAPI 1744 select CRYPTO_ACOMP2 1745 select LZO_COMPRESS 1746 select LZO_DECOMPRESS 1747 help 1748 This is the LZO algorithm. 1749 1750config CRYPTO_842 1751 tristate "842 compression algorithm" 1752 select CRYPTO_ALGAPI 1753 select CRYPTO_ACOMP2 1754 select 842_COMPRESS 1755 select 842_DECOMPRESS 1756 help 1757 This is the 842 algorithm. 1758 1759config CRYPTO_LZ4 1760 tristate "LZ4 compression algorithm" 1761 select CRYPTO_ALGAPI 1762 select CRYPTO_ACOMP2 1763 select LZ4_COMPRESS 1764 select LZ4_DECOMPRESS 1765 help 1766 This is the LZ4 algorithm. 1767 1768config CRYPTO_LZ4HC 1769 tristate "LZ4HC compression algorithm" 1770 select CRYPTO_ALGAPI 1771 select CRYPTO_ACOMP2 1772 select LZ4HC_COMPRESS 1773 select LZ4_DECOMPRESS 1774 help 1775 This is the LZ4 high compression mode algorithm. 1776 1777config CRYPTO_ZSTD 1778 tristate "Zstd compression algorithm" 1779 select CRYPTO_ALGAPI 1780 select CRYPTO_ACOMP2 1781 select ZSTD_COMPRESS 1782 select ZSTD_DECOMPRESS 1783 help 1784 This is the zstd algorithm. 1785 1786comment "Random Number Generation" 1787 1788config CRYPTO_ANSI_CPRNG 1789 tristate "Pseudo Random Number Generation for Cryptographic modules" 1790 select CRYPTO_AES 1791 select CRYPTO_RNG 1792 help 1793 This option enables the generic pseudo random number generator 1794 for cryptographic modules. Uses the Algorithm specified in 1795 ANSI X9.31 A.2.4. Note that this option must be enabled if 1796 CRYPTO_FIPS is selected 1797 1798menuconfig CRYPTO_DRBG_MENU 1799 tristate "NIST SP800-90A DRBG" 1800 help 1801 NIST SP800-90A compliant DRBG. In the following submenu, one or 1802 more of the DRBG types must be selected. 1803 1804if CRYPTO_DRBG_MENU 1805 1806config CRYPTO_DRBG_HMAC 1807 bool 1808 default y 1809 select CRYPTO_HMAC 1810 select CRYPTO_SHA256 1811 1812config CRYPTO_DRBG_HASH 1813 bool "Enable Hash DRBG" 1814 select CRYPTO_SHA256 1815 help 1816 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1817 1818config CRYPTO_DRBG_CTR 1819 bool "Enable CTR DRBG" 1820 select CRYPTO_AES 1821 select CRYPTO_CTR 1822 help 1823 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1824 1825config CRYPTO_DRBG 1826 tristate 1827 default CRYPTO_DRBG_MENU 1828 select CRYPTO_RNG 1829 select CRYPTO_JITTERENTROPY 1830 1831endif # if CRYPTO_DRBG_MENU 1832 1833config CRYPTO_JITTERENTROPY 1834 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1835 select CRYPTO_RNG 1836 help 1837 The Jitterentropy RNG is a noise that is intended 1838 to provide seed to another RNG. The RNG does not 1839 perform any cryptographic whitening of the generated 1840 random numbers. This Jitterentropy RNG registers with 1841 the kernel crypto API and can be used by any caller. 1842 1843config CRYPTO_USER_API 1844 tristate 1845 1846config CRYPTO_USER_API_HASH 1847 tristate "User-space interface for hash algorithms" 1848 depends on NET 1849 select CRYPTO_HASH 1850 select CRYPTO_USER_API 1851 help 1852 This option enables the user-spaces interface for hash 1853 algorithms. 1854 1855config CRYPTO_USER_API_SKCIPHER 1856 tristate "User-space interface for symmetric key cipher algorithms" 1857 depends on NET 1858 select CRYPTO_SKCIPHER 1859 select CRYPTO_USER_API 1860 help 1861 This option enables the user-spaces interface for symmetric 1862 key cipher algorithms. 1863 1864config CRYPTO_USER_API_RNG 1865 tristate "User-space interface for random number generator algorithms" 1866 depends on NET 1867 select CRYPTO_RNG 1868 select CRYPTO_USER_API 1869 help 1870 This option enables the user-spaces interface for random 1871 number generator algorithms. 1872 1873config CRYPTO_USER_API_AEAD 1874 tristate "User-space interface for AEAD cipher algorithms" 1875 depends on NET 1876 select CRYPTO_AEAD 1877 select CRYPTO_SKCIPHER 1878 select CRYPTO_NULL 1879 select CRYPTO_USER_API 1880 help 1881 This option enables the user-spaces interface for AEAD 1882 cipher algorithms. 1883 1884config CRYPTO_STATS 1885 bool "Crypto usage statistics for User-space" 1886 depends on CRYPTO_USER 1887 help 1888 This option enables the gathering of crypto stats. 1889 This will collect: 1890 - encrypt/decrypt size and numbers of symmeric operations 1891 - compress/decompress size and numbers of compress operations 1892 - size and numbers of hash operations 1893 - encrypt/decrypt/sign/verify numbers for asymmetric operations 1894 - generate/seed numbers for rng operations 1895 1896config CRYPTO_HASH_INFO 1897 bool 1898 1899source "lib/crypto/Kconfig" 1900source "drivers/crypto/Kconfig" 1901source "crypto/asymmetric_keys/Kconfig" 1902source "certs/Kconfig" 1903 1904endif # if CRYPTO 1905