1# SPDX-License-Identifier: GPL-2.0 2# 3# Generic algorithms support 4# 5config XOR_BLOCKS 6 tristate 7 8# 9# async_tx api: hardware offloaded memory transfer/transform support 10# 11source "crypto/async_tx/Kconfig" 12 13# 14# Cryptographic API Configuration 15# 16menuconfig CRYPTO 17 tristate "Cryptographic API" 18 help 19 This option provides the core Cryptographic API. 20 21if CRYPTO 22 23comment "Crypto core or helper" 24 25config CRYPTO_FIPS 26 bool "FIPS 200 compliance" 27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 28 depends on (MODULE_SIG || !MODULES) 29 help 30 This options enables the fips boot option which is 31 required if you want to system to operate in a FIPS 200 32 certification. You should say no unless you know what 33 this is. 34 35config CRYPTO_ALGAPI 36 tristate 37 select CRYPTO_ALGAPI2 38 help 39 This option provides the API for cryptographic algorithms. 40 41config CRYPTO_ALGAPI2 42 tristate 43 44config CRYPTO_AEAD 45 tristate 46 select CRYPTO_AEAD2 47 select CRYPTO_ALGAPI 48 49config CRYPTO_AEAD2 50 tristate 51 select CRYPTO_ALGAPI2 52 select CRYPTO_NULL2 53 select CRYPTO_RNG2 54 55config CRYPTO_BLKCIPHER 56 tristate 57 select CRYPTO_BLKCIPHER2 58 select CRYPTO_ALGAPI 59 60config CRYPTO_BLKCIPHER2 61 tristate 62 select CRYPTO_ALGAPI2 63 select CRYPTO_RNG2 64 select CRYPTO_WORKQUEUE 65 66config CRYPTO_HASH 67 tristate 68 select CRYPTO_HASH2 69 select CRYPTO_ALGAPI 70 71config CRYPTO_HASH2 72 tristate 73 select CRYPTO_ALGAPI2 74 75config CRYPTO_RNG 76 tristate 77 select CRYPTO_RNG2 78 select CRYPTO_ALGAPI 79 80config CRYPTO_RNG2 81 tristate 82 select CRYPTO_ALGAPI2 83 84config CRYPTO_RNG_DEFAULT 85 tristate 86 select CRYPTO_DRBG_MENU 87 88config CRYPTO_AKCIPHER2 89 tristate 90 select CRYPTO_ALGAPI2 91 92config CRYPTO_AKCIPHER 93 tristate 94 select CRYPTO_AKCIPHER2 95 select CRYPTO_ALGAPI 96 97config CRYPTO_KPP2 98 tristate 99 select CRYPTO_ALGAPI2 100 101config CRYPTO_KPP 102 tristate 103 select CRYPTO_ALGAPI 104 select CRYPTO_KPP2 105 106config CRYPTO_ACOMP2 107 tristate 108 select CRYPTO_ALGAPI2 109 select SGL_ALLOC 110 111config CRYPTO_ACOMP 112 tristate 113 select CRYPTO_ALGAPI 114 select CRYPTO_ACOMP2 115 116config CRYPTO_RSA 117 tristate "RSA algorithm" 118 select CRYPTO_AKCIPHER 119 select CRYPTO_MANAGER 120 select MPILIB 121 select ASN1 122 help 123 Generic implementation of the RSA public key algorithm. 124 125config CRYPTO_DH 126 tristate "Diffie-Hellman algorithm" 127 select CRYPTO_KPP 128 select MPILIB 129 help 130 Generic implementation of the Diffie-Hellman algorithm. 131 132config CRYPTO_ECDH 133 tristate "ECDH algorithm" 134 select CRYPTO_KPP 135 select CRYPTO_RNG_DEFAULT 136 help 137 Generic implementation of the ECDH algorithm 138 139config CRYPTO_MANAGER 140 tristate "Cryptographic algorithm manager" 141 select CRYPTO_MANAGER2 142 help 143 Create default cryptographic template instantiations such as 144 cbc(aes). 145 146config CRYPTO_MANAGER2 147 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 148 select CRYPTO_AEAD2 149 select CRYPTO_HASH2 150 select CRYPTO_BLKCIPHER2 151 select CRYPTO_AKCIPHER2 152 select CRYPTO_KPP2 153 select CRYPTO_ACOMP2 154 155config CRYPTO_USER 156 tristate "Userspace cryptographic algorithm configuration" 157 depends on NET 158 select CRYPTO_MANAGER 159 help 160 Userspace configuration for cryptographic instantiations such as 161 cbc(aes). 162 163config CRYPTO_MANAGER_DISABLE_TESTS 164 bool "Disable run-time self tests" 165 default y 166 depends on CRYPTO_MANAGER2 167 help 168 Disable run-time self tests that normally take place at 169 algorithm registration. 170 171config CRYPTO_MANAGER_EXTRA_TESTS 172 bool "Enable extra run-time crypto self tests" 173 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS 174 help 175 Enable extra run-time self tests of registered crypto algorithms, 176 including randomized fuzz tests. 177 178 This is intended for developer use only, as these tests take much 179 longer to run than the normal self tests. 180 181config CRYPTO_GF128MUL 182 tristate "GF(2^128) multiplication functions" 183 help 184 Efficient table driven implementation of multiplications in the 185 field GF(2^128). This is needed by some cypher modes. This 186 option will be selected automatically if you select such a 187 cipher mode. Only select this option by hand if you expect to load 188 an external module that requires these functions. 189 190config CRYPTO_NULL 191 tristate "Null algorithms" 192 select CRYPTO_NULL2 193 help 194 These are 'Null' algorithms, used by IPsec, which do nothing. 195 196config CRYPTO_NULL2 197 tristate 198 select CRYPTO_ALGAPI2 199 select CRYPTO_BLKCIPHER2 200 select CRYPTO_HASH2 201 202config CRYPTO_PCRYPT 203 tristate "Parallel crypto engine" 204 depends on SMP 205 select PADATA 206 select CRYPTO_MANAGER 207 select CRYPTO_AEAD 208 help 209 This converts an arbitrary crypto algorithm into a parallel 210 algorithm that executes in kernel threads. 211 212config CRYPTO_WORKQUEUE 213 tristate 214 215config CRYPTO_CRYPTD 216 tristate "Software async crypto daemon" 217 select CRYPTO_BLKCIPHER 218 select CRYPTO_HASH 219 select CRYPTO_MANAGER 220 select CRYPTO_WORKQUEUE 221 help 222 This is a generic software asynchronous crypto daemon that 223 converts an arbitrary synchronous software crypto algorithm 224 into an asynchronous algorithm that executes in a kernel thread. 225 226config CRYPTO_AUTHENC 227 tristate "Authenc support" 228 select CRYPTO_AEAD 229 select CRYPTO_BLKCIPHER 230 select CRYPTO_MANAGER 231 select CRYPTO_HASH 232 select CRYPTO_NULL 233 help 234 Authenc: Combined mode wrapper for IPsec. 235 This is required for IPSec. 236 237config CRYPTO_TEST 238 tristate "Testing module" 239 depends on m 240 select CRYPTO_MANAGER 241 help 242 Quick & dirty crypto test module. 243 244config CRYPTO_SIMD 245 tristate 246 select CRYPTO_CRYPTD 247 248config CRYPTO_GLUE_HELPER_X86 249 tristate 250 depends on X86 251 select CRYPTO_BLKCIPHER 252 253config CRYPTO_ENGINE 254 tristate 255 256comment "Authenticated Encryption with Associated Data" 257 258config CRYPTO_CCM 259 tristate "CCM support" 260 select CRYPTO_CTR 261 select CRYPTO_HASH 262 select CRYPTO_AEAD 263 help 264 Support for Counter with CBC MAC. Required for IPsec. 265 266config CRYPTO_GCM 267 tristate "GCM/GMAC support" 268 select CRYPTO_CTR 269 select CRYPTO_AEAD 270 select CRYPTO_GHASH 271 select CRYPTO_NULL 272 help 273 Support for Galois/Counter Mode (GCM) and Galois Message 274 Authentication Code (GMAC). Required for IPSec. 275 276config CRYPTO_CHACHA20POLY1305 277 tristate "ChaCha20-Poly1305 AEAD support" 278 select CRYPTO_CHACHA20 279 select CRYPTO_POLY1305 280 select CRYPTO_AEAD 281 help 282 ChaCha20-Poly1305 AEAD support, RFC7539. 283 284 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 285 with the Poly1305 authenticator. It is defined in RFC7539 for use in 286 IETF protocols. 287 288config CRYPTO_AEGIS128 289 tristate "AEGIS-128 AEAD algorithm" 290 select CRYPTO_AEAD 291 select CRYPTO_AES # for AES S-box tables 292 help 293 Support for the AEGIS-128 dedicated AEAD algorithm. 294 295config CRYPTO_AEGIS128L 296 tristate "AEGIS-128L AEAD algorithm" 297 select CRYPTO_AEAD 298 select CRYPTO_AES # for AES S-box tables 299 help 300 Support for the AEGIS-128L dedicated AEAD algorithm. 301 302config CRYPTO_AEGIS256 303 tristate "AEGIS-256 AEAD algorithm" 304 select CRYPTO_AEAD 305 select CRYPTO_AES # for AES S-box tables 306 help 307 Support for the AEGIS-256 dedicated AEAD algorithm. 308 309config CRYPTO_AEGIS128_AESNI_SSE2 310 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 311 depends on X86 && 64BIT 312 select CRYPTO_AEAD 313 select CRYPTO_CRYPTD 314 help 315 AESNI+SSE2 implementation of the AEGSI-128 dedicated AEAD algorithm. 316 317config CRYPTO_AEGIS128L_AESNI_SSE2 318 tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 319 depends on X86 && 64BIT 320 select CRYPTO_AEAD 321 select CRYPTO_CRYPTD 322 help 323 AESNI+SSE2 implementation of the AEGSI-128L dedicated AEAD algorithm. 324 325config CRYPTO_AEGIS256_AESNI_SSE2 326 tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 327 depends on X86 && 64BIT 328 select CRYPTO_AEAD 329 select CRYPTO_CRYPTD 330 help 331 AESNI+SSE2 implementation of the AEGSI-256 dedicated AEAD algorithm. 332 333config CRYPTO_MORUS640 334 tristate "MORUS-640 AEAD algorithm" 335 select CRYPTO_AEAD 336 help 337 Support for the MORUS-640 dedicated AEAD algorithm. 338 339config CRYPTO_MORUS640_GLUE 340 tristate 341 depends on X86 342 select CRYPTO_AEAD 343 select CRYPTO_CRYPTD 344 help 345 Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD 346 algorithm. 347 348config CRYPTO_MORUS640_SSE2 349 tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)" 350 depends on X86 && 64BIT 351 select CRYPTO_AEAD 352 select CRYPTO_MORUS640_GLUE 353 help 354 SSE2 implementation of the MORUS-640 dedicated AEAD algorithm. 355 356config CRYPTO_MORUS1280 357 tristate "MORUS-1280 AEAD algorithm" 358 select CRYPTO_AEAD 359 help 360 Support for the MORUS-1280 dedicated AEAD algorithm. 361 362config CRYPTO_MORUS1280_GLUE 363 tristate 364 depends on X86 365 select CRYPTO_AEAD 366 select CRYPTO_CRYPTD 367 help 368 Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD 369 algorithm. 370 371config CRYPTO_MORUS1280_SSE2 372 tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)" 373 depends on X86 && 64BIT 374 select CRYPTO_AEAD 375 select CRYPTO_MORUS1280_GLUE 376 help 377 SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD 378 algorithm. 379 380config CRYPTO_MORUS1280_AVX2 381 tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)" 382 depends on X86 && 64BIT 383 select CRYPTO_AEAD 384 select CRYPTO_MORUS1280_GLUE 385 help 386 AVX2 optimized implementation of the MORUS-1280 dedicated AEAD 387 algorithm. 388 389config CRYPTO_SEQIV 390 tristate "Sequence Number IV Generator" 391 select CRYPTO_AEAD 392 select CRYPTO_BLKCIPHER 393 select CRYPTO_NULL 394 select CRYPTO_RNG_DEFAULT 395 help 396 This IV generator generates an IV based on a sequence number by 397 xoring it with a salt. This algorithm is mainly useful for CTR 398 399config CRYPTO_ECHAINIV 400 tristate "Encrypted Chain IV Generator" 401 select CRYPTO_AEAD 402 select CRYPTO_NULL 403 select CRYPTO_RNG_DEFAULT 404 default m 405 help 406 This IV generator generates an IV based on the encryption of 407 a sequence number xored with a salt. This is the default 408 algorithm for CBC. 409 410comment "Block modes" 411 412config CRYPTO_CBC 413 tristate "CBC support" 414 select CRYPTO_BLKCIPHER 415 select CRYPTO_MANAGER 416 help 417 CBC: Cipher Block Chaining mode 418 This block cipher algorithm is required for IPSec. 419 420config CRYPTO_CFB 421 tristate "CFB support" 422 select CRYPTO_BLKCIPHER 423 select CRYPTO_MANAGER 424 help 425 CFB: Cipher FeedBack mode 426 This block cipher algorithm is required for TPM2 Cryptography. 427 428config CRYPTO_CTR 429 tristate "CTR support" 430 select CRYPTO_BLKCIPHER 431 select CRYPTO_SEQIV 432 select CRYPTO_MANAGER 433 help 434 CTR: Counter mode 435 This block cipher algorithm is required for IPSec. 436 437config CRYPTO_CTS 438 tristate "CTS support" 439 select CRYPTO_BLKCIPHER 440 help 441 CTS: Cipher Text Stealing 442 This is the Cipher Text Stealing mode as described by 443 Section 8 of rfc2040 and referenced by rfc3962 444 (rfc3962 includes errata information in its Appendix A) or 445 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. 446 This mode is required for Kerberos gss mechanism support 447 for AES encryption. 448 449 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final 450 451config CRYPTO_ECB 452 tristate "ECB support" 453 select CRYPTO_BLKCIPHER 454 select CRYPTO_MANAGER 455 help 456 ECB: Electronic CodeBook mode 457 This is the simplest block cipher algorithm. It simply encrypts 458 the input block by block. 459 460config CRYPTO_LRW 461 tristate "LRW support" 462 select CRYPTO_BLKCIPHER 463 select CRYPTO_MANAGER 464 select CRYPTO_GF128MUL 465 help 466 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 467 narrow block cipher mode for dm-crypt. Use it with cipher 468 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 469 The first 128, 192 or 256 bits in the key are used for AES and the 470 rest is used to tie each cipher block to its logical position. 471 472config CRYPTO_OFB 473 tristate "OFB support" 474 select CRYPTO_BLKCIPHER 475 select CRYPTO_MANAGER 476 help 477 OFB: the Output Feedback mode makes a block cipher into a synchronous 478 stream cipher. It generates keystream blocks, which are then XORed 479 with the plaintext blocks to get the ciphertext. Flipping a bit in the 480 ciphertext produces a flipped bit in the plaintext at the same 481 location. This property allows many error correcting codes to function 482 normally even when applied before encryption. 483 484config CRYPTO_PCBC 485 tristate "PCBC support" 486 select CRYPTO_BLKCIPHER 487 select CRYPTO_MANAGER 488 help 489 PCBC: Propagating Cipher Block Chaining mode 490 This block cipher algorithm is required for RxRPC. 491 492config CRYPTO_XTS 493 tristate "XTS support" 494 select CRYPTO_BLKCIPHER 495 select CRYPTO_MANAGER 496 select CRYPTO_ECB 497 help 498 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 499 key size 256, 384 or 512 bits. This implementation currently 500 can't handle a sectorsize which is not a multiple of 16 bytes. 501 502config CRYPTO_KEYWRAP 503 tristate "Key wrapping support" 504 select CRYPTO_BLKCIPHER 505 help 506 Support for key wrapping (NIST SP800-38F / RFC3394) without 507 padding. 508 509config CRYPTO_NHPOLY1305 510 tristate 511 select CRYPTO_HASH 512 select CRYPTO_POLY1305 513 514config CRYPTO_NHPOLY1305_SSE2 515 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)" 516 depends on X86 && 64BIT 517 select CRYPTO_NHPOLY1305 518 help 519 SSE2 optimized implementation of the hash function used by the 520 Adiantum encryption mode. 521 522config CRYPTO_NHPOLY1305_AVX2 523 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)" 524 depends on X86 && 64BIT 525 select CRYPTO_NHPOLY1305 526 help 527 AVX2 optimized implementation of the hash function used by the 528 Adiantum encryption mode. 529 530config CRYPTO_ADIANTUM 531 tristate "Adiantum support" 532 select CRYPTO_CHACHA20 533 select CRYPTO_POLY1305 534 select CRYPTO_NHPOLY1305 535 help 536 Adiantum is a tweakable, length-preserving encryption mode 537 designed for fast and secure disk encryption, especially on 538 CPUs without dedicated crypto instructions. It encrypts 539 each sector using the XChaCha12 stream cipher, two passes of 540 an ε-almost-∆-universal hash function, and an invocation of 541 the AES-256 block cipher on a single 16-byte block. On CPUs 542 without AES instructions, Adiantum is much faster than 543 AES-XTS. 544 545 Adiantum's security is provably reducible to that of its 546 underlying stream and block ciphers, subject to a security 547 bound. Unlike XTS, Adiantum is a true wide-block encryption 548 mode, so it actually provides an even stronger notion of 549 security than XTS, subject to the security bound. 550 551 If unsure, say N. 552 553comment "Hash modes" 554 555config CRYPTO_CMAC 556 tristate "CMAC support" 557 select CRYPTO_HASH 558 select CRYPTO_MANAGER 559 help 560 Cipher-based Message Authentication Code (CMAC) specified by 561 The National Institute of Standards and Technology (NIST). 562 563 https://tools.ietf.org/html/rfc4493 564 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 565 566config CRYPTO_HMAC 567 tristate "HMAC support" 568 select CRYPTO_HASH 569 select CRYPTO_MANAGER 570 help 571 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 572 This is required for IPSec. 573 574config CRYPTO_XCBC 575 tristate "XCBC support" 576 select CRYPTO_HASH 577 select CRYPTO_MANAGER 578 help 579 XCBC: Keyed-Hashing with encryption algorithm 580 http://www.ietf.org/rfc/rfc3566.txt 581 http://csrc.nist.gov/encryption/modes/proposedmodes/ 582 xcbc-mac/xcbc-mac-spec.pdf 583 584config CRYPTO_VMAC 585 tristate "VMAC support" 586 select CRYPTO_HASH 587 select CRYPTO_MANAGER 588 help 589 VMAC is a message authentication algorithm designed for 590 very high speed on 64-bit architectures. 591 592 See also: 593 <http://fastcrypto.org/vmac> 594 595comment "Digest" 596 597config CRYPTO_CRC32C 598 tristate "CRC32c CRC algorithm" 599 select CRYPTO_HASH 600 select CRC32 601 help 602 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 603 by iSCSI for header and data digests and by others. 604 See Castagnoli93. Module will be crc32c. 605 606config CRYPTO_CRC32C_INTEL 607 tristate "CRC32c INTEL hardware acceleration" 608 depends on X86 609 select CRYPTO_HASH 610 help 611 In Intel processor with SSE4.2 supported, the processor will 612 support CRC32C implementation using hardware accelerated CRC32 613 instruction. This option will create 'crc32c-intel' module, 614 which will enable any routine to use the CRC32 instruction to 615 gain performance compared with software implementation. 616 Module will be crc32c-intel. 617 618config CRYPTO_CRC32C_VPMSUM 619 tristate "CRC32c CRC algorithm (powerpc64)" 620 depends on PPC64 && ALTIVEC 621 select CRYPTO_HASH 622 select CRC32 623 help 624 CRC32c algorithm implemented using vector polynomial multiply-sum 625 (vpmsum) instructions, introduced in POWER8. Enable on POWER8 626 and newer processors for improved performance. 627 628 629config CRYPTO_CRC32C_SPARC64 630 tristate "CRC32c CRC algorithm (SPARC64)" 631 depends on SPARC64 632 select CRYPTO_HASH 633 select CRC32 634 help 635 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 636 when available. 637 638config CRYPTO_CRC32 639 tristate "CRC32 CRC algorithm" 640 select CRYPTO_HASH 641 select CRC32 642 help 643 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 644 Shash crypto api wrappers to crc32_le function. 645 646config CRYPTO_CRC32_PCLMUL 647 tristate "CRC32 PCLMULQDQ hardware acceleration" 648 depends on X86 649 select CRYPTO_HASH 650 select CRC32 651 help 652 From Intel Westmere and AMD Bulldozer processor with SSE4.2 653 and PCLMULQDQ supported, the processor will support 654 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 655 instruction. This option will create 'crc32-pclmul' module, 656 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 657 and gain better performance as compared with the table implementation. 658 659config CRYPTO_CRC32_MIPS 660 tristate "CRC32c and CRC32 CRC algorithm (MIPS)" 661 depends on MIPS_CRC_SUPPORT 662 select CRYPTO_HASH 663 help 664 CRC32c and CRC32 CRC algorithms implemented using mips crypto 665 instructions, when available. 666 667 668config CRYPTO_CRCT10DIF 669 tristate "CRCT10DIF algorithm" 670 select CRYPTO_HASH 671 help 672 CRC T10 Data Integrity Field computation is being cast as 673 a crypto transform. This allows for faster crc t10 diff 674 transforms to be used if they are available. 675 676config CRYPTO_CRCT10DIF_PCLMUL 677 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 678 depends on X86 && 64BIT && CRC_T10DIF 679 select CRYPTO_HASH 680 help 681 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 682 CRC T10 DIF PCLMULQDQ computation can be hardware 683 accelerated PCLMULQDQ instruction. This option will create 684 'crct10dif-pclmul' module, which is faster when computing the 685 crct10dif checksum as compared with the generic table implementation. 686 687config CRYPTO_CRCT10DIF_VPMSUM 688 tristate "CRC32T10DIF powerpc64 hardware acceleration" 689 depends on PPC64 && ALTIVEC && CRC_T10DIF 690 select CRYPTO_HASH 691 help 692 CRC10T10DIF algorithm implemented using vector polynomial 693 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 694 POWER8 and newer processors for improved performance. 695 696config CRYPTO_VPMSUM_TESTER 697 tristate "Powerpc64 vpmsum hardware acceleration tester" 698 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 699 help 700 Stress test for CRC32c and CRC-T10DIF algorithms implemented with 701 POWER8 vpmsum instructions. 702 Unless you are testing these algorithms, you don't need this. 703 704config CRYPTO_GHASH 705 tristate "GHASH digest algorithm" 706 select CRYPTO_GF128MUL 707 select CRYPTO_HASH 708 help 709 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 710 711config CRYPTO_POLY1305 712 tristate "Poly1305 authenticator algorithm" 713 select CRYPTO_HASH 714 help 715 Poly1305 authenticator algorithm, RFC7539. 716 717 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 718 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 719 in IETF protocols. This is the portable C implementation of Poly1305. 720 721config CRYPTO_POLY1305_X86_64 722 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 723 depends on X86 && 64BIT 724 select CRYPTO_POLY1305 725 help 726 Poly1305 authenticator algorithm, RFC7539. 727 728 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 729 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 730 in IETF protocols. This is the x86_64 assembler implementation using SIMD 731 instructions. 732 733config CRYPTO_MD4 734 tristate "MD4 digest algorithm" 735 select CRYPTO_HASH 736 help 737 MD4 message digest algorithm (RFC1320). 738 739config CRYPTO_MD5 740 tristate "MD5 digest algorithm" 741 select CRYPTO_HASH 742 help 743 MD5 message digest algorithm (RFC1321). 744 745config CRYPTO_MD5_OCTEON 746 tristate "MD5 digest algorithm (OCTEON)" 747 depends on CPU_CAVIUM_OCTEON 748 select CRYPTO_MD5 749 select CRYPTO_HASH 750 help 751 MD5 message digest algorithm (RFC1321) implemented 752 using OCTEON crypto instructions, when available. 753 754config CRYPTO_MD5_PPC 755 tristate "MD5 digest algorithm (PPC)" 756 depends on PPC 757 select CRYPTO_HASH 758 help 759 MD5 message digest algorithm (RFC1321) implemented 760 in PPC assembler. 761 762config CRYPTO_MD5_SPARC64 763 tristate "MD5 digest algorithm (SPARC64)" 764 depends on SPARC64 765 select CRYPTO_MD5 766 select CRYPTO_HASH 767 help 768 MD5 message digest algorithm (RFC1321) implemented 769 using sparc64 crypto instructions, when available. 770 771config CRYPTO_MICHAEL_MIC 772 tristate "Michael MIC keyed digest algorithm" 773 select CRYPTO_HASH 774 help 775 Michael MIC is used for message integrity protection in TKIP 776 (IEEE 802.11i). This algorithm is required for TKIP, but it 777 should not be used for other purposes because of the weakness 778 of the algorithm. 779 780config CRYPTO_RMD128 781 tristate "RIPEMD-128 digest algorithm" 782 select CRYPTO_HASH 783 help 784 RIPEMD-128 (ISO/IEC 10118-3:2004). 785 786 RIPEMD-128 is a 128-bit cryptographic hash function. It should only 787 be used as a secure replacement for RIPEMD. For other use cases, 788 RIPEMD-160 should be used. 789 790 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 791 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 792 793config CRYPTO_RMD160 794 tristate "RIPEMD-160 digest algorithm" 795 select CRYPTO_HASH 796 help 797 RIPEMD-160 (ISO/IEC 10118-3:2004). 798 799 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 800 to be used as a secure replacement for the 128-bit hash functions 801 MD4, MD5 and it's predecessor RIPEMD 802 (not to be confused with RIPEMD-128). 803 804 It's speed is comparable to SHA1 and there are no known attacks 805 against RIPEMD-160. 806 807 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 808 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 809 810config CRYPTO_RMD256 811 tristate "RIPEMD-256 digest algorithm" 812 select CRYPTO_HASH 813 help 814 RIPEMD-256 is an optional extension of RIPEMD-128 with a 815 256 bit hash. It is intended for applications that require 816 longer hash-results, without needing a larger security level 817 (than RIPEMD-128). 818 819 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 820 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 821 822config CRYPTO_RMD320 823 tristate "RIPEMD-320 digest algorithm" 824 select CRYPTO_HASH 825 help 826 RIPEMD-320 is an optional extension of RIPEMD-160 with a 827 320 bit hash. It is intended for applications that require 828 longer hash-results, without needing a larger security level 829 (than RIPEMD-160). 830 831 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 832 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 833 834config CRYPTO_SHA1 835 tristate "SHA1 digest algorithm" 836 select CRYPTO_HASH 837 help 838 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 839 840config CRYPTO_SHA1_SSSE3 841 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 842 depends on X86 && 64BIT 843 select CRYPTO_SHA1 844 select CRYPTO_HASH 845 help 846 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 847 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 848 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 849 when available. 850 851config CRYPTO_SHA256_SSSE3 852 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 853 depends on X86 && 64BIT 854 select CRYPTO_SHA256 855 select CRYPTO_HASH 856 help 857 SHA-256 secure hash standard (DFIPS 180-2) implemented 858 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 859 Extensions version 1 (AVX1), or Advanced Vector Extensions 860 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 861 Instructions) when available. 862 863config CRYPTO_SHA512_SSSE3 864 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 865 depends on X86 && 64BIT 866 select CRYPTO_SHA512 867 select CRYPTO_HASH 868 help 869 SHA-512 secure hash standard (DFIPS 180-2) implemented 870 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 871 Extensions version 1 (AVX1), or Advanced Vector Extensions 872 version 2 (AVX2) instructions, when available. 873 874config CRYPTO_SHA1_OCTEON 875 tristate "SHA1 digest algorithm (OCTEON)" 876 depends on CPU_CAVIUM_OCTEON 877 select CRYPTO_SHA1 878 select CRYPTO_HASH 879 help 880 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 881 using OCTEON crypto instructions, when available. 882 883config CRYPTO_SHA1_SPARC64 884 tristate "SHA1 digest algorithm (SPARC64)" 885 depends on SPARC64 886 select CRYPTO_SHA1 887 select CRYPTO_HASH 888 help 889 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 890 using sparc64 crypto instructions, when available. 891 892config CRYPTO_SHA1_PPC 893 tristate "SHA1 digest algorithm (powerpc)" 894 depends on PPC 895 help 896 This is the powerpc hardware accelerated implementation of the 897 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 898 899config CRYPTO_SHA1_PPC_SPE 900 tristate "SHA1 digest algorithm (PPC SPE)" 901 depends on PPC && SPE 902 help 903 SHA-1 secure hash standard (DFIPS 180-4) implemented 904 using powerpc SPE SIMD instruction set. 905 906config CRYPTO_SHA256 907 tristate "SHA224 and SHA256 digest algorithm" 908 select CRYPTO_HASH 909 help 910 SHA256 secure hash standard (DFIPS 180-2). 911 912 This version of SHA implements a 256 bit hash with 128 bits of 913 security against collision attacks. 914 915 This code also includes SHA-224, a 224 bit hash with 112 bits 916 of security against collision attacks. 917 918config CRYPTO_SHA256_PPC_SPE 919 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 920 depends on PPC && SPE 921 select CRYPTO_SHA256 922 select CRYPTO_HASH 923 help 924 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 925 implemented using powerpc SPE SIMD instruction set. 926 927config CRYPTO_SHA256_OCTEON 928 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 929 depends on CPU_CAVIUM_OCTEON 930 select CRYPTO_SHA256 931 select CRYPTO_HASH 932 help 933 SHA-256 secure hash standard (DFIPS 180-2) implemented 934 using OCTEON crypto instructions, when available. 935 936config CRYPTO_SHA256_SPARC64 937 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 938 depends on SPARC64 939 select CRYPTO_SHA256 940 select CRYPTO_HASH 941 help 942 SHA-256 secure hash standard (DFIPS 180-2) implemented 943 using sparc64 crypto instructions, when available. 944 945config CRYPTO_SHA512 946 tristate "SHA384 and SHA512 digest algorithms" 947 select CRYPTO_HASH 948 help 949 SHA512 secure hash standard (DFIPS 180-2). 950 951 This version of SHA implements a 512 bit hash with 256 bits of 952 security against collision attacks. 953 954 This code also includes SHA-384, a 384 bit hash with 192 bits 955 of security against collision attacks. 956 957config CRYPTO_SHA512_OCTEON 958 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 959 depends on CPU_CAVIUM_OCTEON 960 select CRYPTO_SHA512 961 select CRYPTO_HASH 962 help 963 SHA-512 secure hash standard (DFIPS 180-2) implemented 964 using OCTEON crypto instructions, when available. 965 966config CRYPTO_SHA512_SPARC64 967 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 968 depends on SPARC64 969 select CRYPTO_SHA512 970 select CRYPTO_HASH 971 help 972 SHA-512 secure hash standard (DFIPS 180-2) implemented 973 using sparc64 crypto instructions, when available. 974 975config CRYPTO_SHA3 976 tristate "SHA3 digest algorithm" 977 select CRYPTO_HASH 978 help 979 SHA-3 secure hash standard (DFIPS 202). It's based on 980 cryptographic sponge function family called Keccak. 981 982 References: 983 http://keccak.noekeon.org/ 984 985config CRYPTO_SM3 986 tristate "SM3 digest algorithm" 987 select CRYPTO_HASH 988 help 989 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 990 It is part of the Chinese Commercial Cryptography suite. 991 992 References: 993 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 994 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 995 996config CRYPTO_STREEBOG 997 tristate "Streebog Hash Function" 998 select CRYPTO_HASH 999 help 1000 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian 1001 cryptographic standard algorithms (called GOST algorithms). 1002 This setting enables two hash algorithms with 256 and 512 bits output. 1003 1004 References: 1005 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 1006 https://tools.ietf.org/html/rfc6986 1007 1008config CRYPTO_TGR192 1009 tristate "Tiger digest algorithms" 1010 select CRYPTO_HASH 1011 help 1012 Tiger hash algorithm 192, 160 and 128-bit hashes 1013 1014 Tiger is a hash function optimized for 64-bit processors while 1015 still having decent performance on 32-bit processors. 1016 Tiger was developed by Ross Anderson and Eli Biham. 1017 1018 See also: 1019 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. 1020 1021config CRYPTO_WP512 1022 tristate "Whirlpool digest algorithms" 1023 select CRYPTO_HASH 1024 help 1025 Whirlpool hash algorithm 512, 384 and 256-bit hashes 1026 1027 Whirlpool-512 is part of the NESSIE cryptographic primitives. 1028 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 1029 1030 See also: 1031 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 1032 1033config CRYPTO_GHASH_CLMUL_NI_INTEL 1034 tristate "GHASH digest algorithm (CLMUL-NI accelerated)" 1035 depends on X86 && 64BIT 1036 select CRYPTO_CRYPTD 1037 help 1038 GHASH is message digest algorithm for GCM (Galois/Counter Mode). 1039 The implementation is accelerated by CLMUL-NI of Intel. 1040 1041comment "Ciphers" 1042 1043config CRYPTO_AES 1044 tristate "AES cipher algorithms" 1045 select CRYPTO_ALGAPI 1046 help 1047 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1048 algorithm. 1049 1050 Rijndael appears to be consistently a very good performer in 1051 both hardware and software across a wide range of computing 1052 environments regardless of its use in feedback or non-feedback 1053 modes. Its key setup time is excellent, and its key agility is 1054 good. Rijndael's very low memory requirements make it very well 1055 suited for restricted-space environments, in which it also 1056 demonstrates excellent performance. Rijndael's operations are 1057 among the easiest to defend against power and timing attacks. 1058 1059 The AES specifies three key sizes: 128, 192 and 256 bits 1060 1061 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 1062 1063config CRYPTO_AES_TI 1064 tristate "Fixed time AES cipher" 1065 select CRYPTO_ALGAPI 1066 help 1067 This is a generic implementation of AES that attempts to eliminate 1068 data dependent latencies as much as possible without affecting 1069 performance too much. It is intended for use by the generic CCM 1070 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 1071 solely on encryption (although decryption is supported as well, but 1072 with a more dramatic performance hit) 1073 1074 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 1075 8 for decryption), this implementation only uses just two S-boxes of 1076 256 bytes each, and attempts to eliminate data dependent latencies by 1077 prefetching the entire table into the cache at the start of each 1078 block. Interrupts are also disabled to avoid races where cachelines 1079 are evicted when the CPU is interrupted to do something else. 1080 1081config CRYPTO_AES_586 1082 tristate "AES cipher algorithms (i586)" 1083 depends on (X86 || UML_X86) && !64BIT 1084 select CRYPTO_ALGAPI 1085 select CRYPTO_AES 1086 help 1087 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1088 algorithm. 1089 1090 Rijndael appears to be consistently a very good performer in 1091 both hardware and software across a wide range of computing 1092 environments regardless of its use in feedback or non-feedback 1093 modes. Its key setup time is excellent, and its key agility is 1094 good. Rijndael's very low memory requirements make it very well 1095 suited for restricted-space environments, in which it also 1096 demonstrates excellent performance. Rijndael's operations are 1097 among the easiest to defend against power and timing attacks. 1098 1099 The AES specifies three key sizes: 128, 192 and 256 bits 1100 1101 See <http://csrc.nist.gov/encryption/aes/> for more information. 1102 1103config CRYPTO_AES_X86_64 1104 tristate "AES cipher algorithms (x86_64)" 1105 depends on (X86 || UML_X86) && 64BIT 1106 select CRYPTO_ALGAPI 1107 select CRYPTO_AES 1108 help 1109 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1110 algorithm. 1111 1112 Rijndael appears to be consistently a very good performer in 1113 both hardware and software across a wide range of computing 1114 environments regardless of its use in feedback or non-feedback 1115 modes. Its key setup time is excellent, and its key agility is 1116 good. Rijndael's very low memory requirements make it very well 1117 suited for restricted-space environments, in which it also 1118 demonstrates excellent performance. Rijndael's operations are 1119 among the easiest to defend against power and timing attacks. 1120 1121 The AES specifies three key sizes: 128, 192 and 256 bits 1122 1123 See <http://csrc.nist.gov/encryption/aes/> for more information. 1124 1125config CRYPTO_AES_NI_INTEL 1126 tristate "AES cipher algorithms (AES-NI)" 1127 depends on X86 1128 select CRYPTO_AEAD 1129 select CRYPTO_AES_X86_64 if 64BIT 1130 select CRYPTO_AES_586 if !64BIT 1131 select CRYPTO_ALGAPI 1132 select CRYPTO_BLKCIPHER 1133 select CRYPTO_GLUE_HELPER_X86 if 64BIT 1134 select CRYPTO_SIMD 1135 help 1136 Use Intel AES-NI instructions for AES algorithm. 1137 1138 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1139 algorithm. 1140 1141 Rijndael appears to be consistently a very good performer in 1142 both hardware and software across a wide range of computing 1143 environments regardless of its use in feedback or non-feedback 1144 modes. Its key setup time is excellent, and its key agility is 1145 good. Rijndael's very low memory requirements make it very well 1146 suited for restricted-space environments, in which it also 1147 demonstrates excellent performance. Rijndael's operations are 1148 among the easiest to defend against power and timing attacks. 1149 1150 The AES specifies three key sizes: 128, 192 and 256 bits 1151 1152 See <http://csrc.nist.gov/encryption/aes/> for more information. 1153 1154 In addition to AES cipher algorithm support, the acceleration 1155 for some popular block cipher mode is supported too, including 1156 ECB, CBC, LRW, XTS. The 64 bit version has additional 1157 acceleration for CTR. 1158 1159config CRYPTO_AES_SPARC64 1160 tristate "AES cipher algorithms (SPARC64)" 1161 depends on SPARC64 1162 select CRYPTO_CRYPTD 1163 select CRYPTO_ALGAPI 1164 help 1165 Use SPARC64 crypto opcodes for AES algorithm. 1166 1167 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1168 algorithm. 1169 1170 Rijndael appears to be consistently a very good performer in 1171 both hardware and software across a wide range of computing 1172 environments regardless of its use in feedback or non-feedback 1173 modes. Its key setup time is excellent, and its key agility is 1174 good. Rijndael's very low memory requirements make it very well 1175 suited for restricted-space environments, in which it also 1176 demonstrates excellent performance. Rijndael's operations are 1177 among the easiest to defend against power and timing attacks. 1178 1179 The AES specifies three key sizes: 128, 192 and 256 bits 1180 1181 See <http://csrc.nist.gov/encryption/aes/> for more information. 1182 1183 In addition to AES cipher algorithm support, the acceleration 1184 for some popular block cipher mode is supported too, including 1185 ECB and CBC. 1186 1187config CRYPTO_AES_PPC_SPE 1188 tristate "AES cipher algorithms (PPC SPE)" 1189 depends on PPC && SPE 1190 help 1191 AES cipher algorithms (FIPS-197). Additionally the acceleration 1192 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1193 This module should only be used for low power (router) devices 1194 without hardware AES acceleration (e.g. caam crypto). It reduces the 1195 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1196 timining attacks. Nevertheless it might be not as secure as other 1197 architecture specific assembler implementations that work on 1KB 1198 tables or 256 bytes S-boxes. 1199 1200config CRYPTO_ANUBIS 1201 tristate "Anubis cipher algorithm" 1202 select CRYPTO_ALGAPI 1203 help 1204 Anubis cipher algorithm. 1205 1206 Anubis is a variable key length cipher which can use keys from 1207 128 bits to 320 bits in length. It was evaluated as a entrant 1208 in the NESSIE competition. 1209 1210 See also: 1211 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 1212 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 1213 1214config CRYPTO_ARC4 1215 tristate "ARC4 cipher algorithm" 1216 select CRYPTO_BLKCIPHER 1217 help 1218 ARC4 cipher algorithm. 1219 1220 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1221 bits in length. This algorithm is required for driver-based 1222 WEP, but it should not be for other purposes because of the 1223 weakness of the algorithm. 1224 1225config CRYPTO_BLOWFISH 1226 tristate "Blowfish cipher algorithm" 1227 select CRYPTO_ALGAPI 1228 select CRYPTO_BLOWFISH_COMMON 1229 help 1230 Blowfish cipher algorithm, by Bruce Schneier. 1231 1232 This is a variable key length cipher which can use keys from 32 1233 bits to 448 bits in length. It's fast, simple and specifically 1234 designed for use on "large microprocessors". 1235 1236 See also: 1237 <http://www.schneier.com/blowfish.html> 1238 1239config CRYPTO_BLOWFISH_COMMON 1240 tristate 1241 help 1242 Common parts of the Blowfish cipher algorithm shared by the 1243 generic c and the assembler implementations. 1244 1245 See also: 1246 <http://www.schneier.com/blowfish.html> 1247 1248config CRYPTO_BLOWFISH_X86_64 1249 tristate "Blowfish cipher algorithm (x86_64)" 1250 depends on X86 && 64BIT 1251 select CRYPTO_BLKCIPHER 1252 select CRYPTO_BLOWFISH_COMMON 1253 help 1254 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 1255 1256 This is a variable key length cipher which can use keys from 32 1257 bits to 448 bits in length. It's fast, simple and specifically 1258 designed for use on "large microprocessors". 1259 1260 See also: 1261 <http://www.schneier.com/blowfish.html> 1262 1263config CRYPTO_CAMELLIA 1264 tristate "Camellia cipher algorithms" 1265 depends on CRYPTO 1266 select CRYPTO_ALGAPI 1267 help 1268 Camellia cipher algorithms module. 1269 1270 Camellia is a symmetric key block cipher developed jointly 1271 at NTT and Mitsubishi Electric Corporation. 1272 1273 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1274 1275 See also: 1276 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1277 1278config CRYPTO_CAMELLIA_X86_64 1279 tristate "Camellia cipher algorithm (x86_64)" 1280 depends on X86 && 64BIT 1281 depends on CRYPTO 1282 select CRYPTO_BLKCIPHER 1283 select CRYPTO_GLUE_HELPER_X86 1284 help 1285 Camellia cipher algorithm module (x86_64). 1286 1287 Camellia is a symmetric key block cipher developed jointly 1288 at NTT and Mitsubishi Electric Corporation. 1289 1290 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1291 1292 See also: 1293 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1294 1295config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1296 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1297 depends on X86 && 64BIT 1298 depends on CRYPTO 1299 select CRYPTO_BLKCIPHER 1300 select CRYPTO_CAMELLIA_X86_64 1301 select CRYPTO_GLUE_HELPER_X86 1302 select CRYPTO_SIMD 1303 select CRYPTO_XTS 1304 help 1305 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1306 1307 Camellia is a symmetric key block cipher developed jointly 1308 at NTT and Mitsubishi Electric Corporation. 1309 1310 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1311 1312 See also: 1313 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1314 1315config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1316 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1317 depends on X86 && 64BIT 1318 depends on CRYPTO 1319 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1320 help 1321 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1322 1323 Camellia is a symmetric key block cipher developed jointly 1324 at NTT and Mitsubishi Electric Corporation. 1325 1326 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1327 1328 See also: 1329 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1330 1331config CRYPTO_CAMELLIA_SPARC64 1332 tristate "Camellia cipher algorithm (SPARC64)" 1333 depends on SPARC64 1334 depends on CRYPTO 1335 select CRYPTO_ALGAPI 1336 help 1337 Camellia cipher algorithm module (SPARC64). 1338 1339 Camellia is a symmetric key block cipher developed jointly 1340 at NTT and Mitsubishi Electric Corporation. 1341 1342 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1343 1344 See also: 1345 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1346 1347config CRYPTO_CAST_COMMON 1348 tristate 1349 help 1350 Common parts of the CAST cipher algorithms shared by the 1351 generic c and the assembler implementations. 1352 1353config CRYPTO_CAST5 1354 tristate "CAST5 (CAST-128) cipher algorithm" 1355 select CRYPTO_ALGAPI 1356 select CRYPTO_CAST_COMMON 1357 help 1358 The CAST5 encryption algorithm (synonymous with CAST-128) is 1359 described in RFC2144. 1360 1361config CRYPTO_CAST5_AVX_X86_64 1362 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1363 depends on X86 && 64BIT 1364 select CRYPTO_BLKCIPHER 1365 select CRYPTO_CAST5 1366 select CRYPTO_CAST_COMMON 1367 select CRYPTO_SIMD 1368 help 1369 The CAST5 encryption algorithm (synonymous with CAST-128) is 1370 described in RFC2144. 1371 1372 This module provides the Cast5 cipher algorithm that processes 1373 sixteen blocks parallel using the AVX instruction set. 1374 1375config CRYPTO_CAST6 1376 tristate "CAST6 (CAST-256) cipher algorithm" 1377 select CRYPTO_ALGAPI 1378 select CRYPTO_CAST_COMMON 1379 help 1380 The CAST6 encryption algorithm (synonymous with CAST-256) is 1381 described in RFC2612. 1382 1383config CRYPTO_CAST6_AVX_X86_64 1384 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1385 depends on X86 && 64BIT 1386 select CRYPTO_BLKCIPHER 1387 select CRYPTO_CAST6 1388 select CRYPTO_CAST_COMMON 1389 select CRYPTO_GLUE_HELPER_X86 1390 select CRYPTO_SIMD 1391 select CRYPTO_XTS 1392 help 1393 The CAST6 encryption algorithm (synonymous with CAST-256) is 1394 described in RFC2612. 1395 1396 This module provides the Cast6 cipher algorithm that processes 1397 eight blocks parallel using the AVX instruction set. 1398 1399config CRYPTO_DES 1400 tristate "DES and Triple DES EDE cipher algorithms" 1401 select CRYPTO_ALGAPI 1402 help 1403 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1404 1405config CRYPTO_DES_SPARC64 1406 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1407 depends on SPARC64 1408 select CRYPTO_ALGAPI 1409 select CRYPTO_DES 1410 help 1411 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1412 optimized using SPARC64 crypto opcodes. 1413 1414config CRYPTO_DES3_EDE_X86_64 1415 tristate "Triple DES EDE cipher algorithm (x86-64)" 1416 depends on X86 && 64BIT 1417 select CRYPTO_BLKCIPHER 1418 select CRYPTO_DES 1419 help 1420 Triple DES EDE (FIPS 46-3) algorithm. 1421 1422 This module provides implementation of the Triple DES EDE cipher 1423 algorithm that is optimized for x86-64 processors. Two versions of 1424 algorithm are provided; regular processing one input block and 1425 one that processes three blocks parallel. 1426 1427config CRYPTO_FCRYPT 1428 tristate "FCrypt cipher algorithm" 1429 select CRYPTO_ALGAPI 1430 select CRYPTO_BLKCIPHER 1431 help 1432 FCrypt algorithm used by RxRPC. 1433 1434config CRYPTO_KHAZAD 1435 tristate "Khazad cipher algorithm" 1436 select CRYPTO_ALGAPI 1437 help 1438 Khazad cipher algorithm. 1439 1440 Khazad was a finalist in the initial NESSIE competition. It is 1441 an algorithm optimized for 64-bit processors with good performance 1442 on 32-bit processors. Khazad uses an 128 bit key size. 1443 1444 See also: 1445 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1446 1447config CRYPTO_SALSA20 1448 tristate "Salsa20 stream cipher algorithm" 1449 select CRYPTO_BLKCIPHER 1450 help 1451 Salsa20 stream cipher algorithm. 1452 1453 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT 1454 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/> 1455 1456 The Salsa20 stream cipher algorithm is designed by Daniel J. 1457 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html> 1458 1459config CRYPTO_CHACHA20 1460 tristate "ChaCha stream cipher algorithms" 1461 select CRYPTO_BLKCIPHER 1462 help 1463 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms. 1464 1465 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1466 Bernstein and further specified in RFC7539 for use in IETF protocols. 1467 This is the portable C implementation of ChaCha20. See also: 1468 <http://cr.yp.to/chacha/chacha-20080128.pdf> 1469 1470 XChaCha20 is the application of the XSalsa20 construction to ChaCha20 1471 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 1472 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 1473 while provably retaining ChaCha20's security. See also: 1474 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf> 1475 1476 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 1477 reduced security margin but increased performance. It can be needed 1478 in some performance-sensitive scenarios. 1479 1480config CRYPTO_CHACHA20_X86_64 1481 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)" 1482 depends on X86 && 64BIT 1483 select CRYPTO_BLKCIPHER 1484 select CRYPTO_CHACHA20 1485 help 1486 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20, 1487 XChaCha20, and XChaCha12 stream ciphers. 1488 1489config CRYPTO_SEED 1490 tristate "SEED cipher algorithm" 1491 select CRYPTO_ALGAPI 1492 help 1493 SEED cipher algorithm (RFC4269). 1494 1495 SEED is a 128-bit symmetric key block cipher that has been 1496 developed by KISA (Korea Information Security Agency) as a 1497 national standard encryption algorithm of the Republic of Korea. 1498 It is a 16 round block cipher with the key size of 128 bit. 1499 1500 See also: 1501 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1502 1503config CRYPTO_SERPENT 1504 tristate "Serpent cipher algorithm" 1505 select CRYPTO_ALGAPI 1506 help 1507 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1508 1509 Keys are allowed to be from 0 to 256 bits in length, in steps 1510 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed 1511 variant of Serpent for compatibility with old kerneli.org code. 1512 1513 See also: 1514 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1515 1516config CRYPTO_SERPENT_SSE2_X86_64 1517 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1518 depends on X86 && 64BIT 1519 select CRYPTO_BLKCIPHER 1520 select CRYPTO_GLUE_HELPER_X86 1521 select CRYPTO_SERPENT 1522 select CRYPTO_SIMD 1523 help 1524 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1525 1526 Keys are allowed to be from 0 to 256 bits in length, in steps 1527 of 8 bits. 1528 1529 This module provides Serpent cipher algorithm that processes eight 1530 blocks parallel using SSE2 instruction set. 1531 1532 See also: 1533 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1534 1535config CRYPTO_SERPENT_SSE2_586 1536 tristate "Serpent cipher algorithm (i586/SSE2)" 1537 depends on X86 && !64BIT 1538 select CRYPTO_BLKCIPHER 1539 select CRYPTO_GLUE_HELPER_X86 1540 select CRYPTO_SERPENT 1541 select CRYPTO_SIMD 1542 help 1543 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1544 1545 Keys are allowed to be from 0 to 256 bits in length, in steps 1546 of 8 bits. 1547 1548 This module provides Serpent cipher algorithm that processes four 1549 blocks parallel using SSE2 instruction set. 1550 1551 See also: 1552 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1553 1554config CRYPTO_SERPENT_AVX_X86_64 1555 tristate "Serpent cipher algorithm (x86_64/AVX)" 1556 depends on X86 && 64BIT 1557 select CRYPTO_BLKCIPHER 1558 select CRYPTO_GLUE_HELPER_X86 1559 select CRYPTO_SERPENT 1560 select CRYPTO_SIMD 1561 select CRYPTO_XTS 1562 help 1563 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1564 1565 Keys are allowed to be from 0 to 256 bits in length, in steps 1566 of 8 bits. 1567 1568 This module provides the Serpent cipher algorithm that processes 1569 eight blocks parallel using the AVX instruction set. 1570 1571 See also: 1572 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1573 1574config CRYPTO_SERPENT_AVX2_X86_64 1575 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1576 depends on X86 && 64BIT 1577 select CRYPTO_SERPENT_AVX_X86_64 1578 help 1579 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1580 1581 Keys are allowed to be from 0 to 256 bits in length, in steps 1582 of 8 bits. 1583 1584 This module provides Serpent cipher algorithm that processes 16 1585 blocks parallel using AVX2 instruction set. 1586 1587 See also: 1588 <http://www.cl.cam.ac.uk/~rja14/serpent.html> 1589 1590config CRYPTO_SM4 1591 tristate "SM4 cipher algorithm" 1592 select CRYPTO_ALGAPI 1593 help 1594 SM4 cipher algorithms (OSCCA GB/T 32907-2016). 1595 1596 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1597 Organization of State Commercial Administration of China (OSCCA) 1598 as an authorized cryptographic algorithms for the use within China. 1599 1600 SMS4 was originally created for use in protecting wireless 1601 networks, and is mandated in the Chinese National Standard for 1602 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 1603 (GB.15629.11-2003). 1604 1605 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 1606 standardized through TC 260 of the Standardization Administration 1607 of the People's Republic of China (SAC). 1608 1609 The input, output, and key of SMS4 are each 128 bits. 1610 1611 See also: <https://eprint.iacr.org/2008/329.pdf> 1612 1613 If unsure, say N. 1614 1615config CRYPTO_TEA 1616 tristate "TEA, XTEA and XETA cipher algorithms" 1617 select CRYPTO_ALGAPI 1618 help 1619 TEA cipher algorithm. 1620 1621 Tiny Encryption Algorithm is a simple cipher that uses 1622 many rounds for security. It is very fast and uses 1623 little memory. 1624 1625 Xtendend Tiny Encryption Algorithm is a modification to 1626 the TEA algorithm to address a potential key weakness 1627 in the TEA algorithm. 1628 1629 Xtendend Encryption Tiny Algorithm is a mis-implementation 1630 of the XTEA algorithm for compatibility purposes. 1631 1632config CRYPTO_TWOFISH 1633 tristate "Twofish cipher algorithm" 1634 select CRYPTO_ALGAPI 1635 select CRYPTO_TWOFISH_COMMON 1636 help 1637 Twofish cipher algorithm. 1638 1639 Twofish was submitted as an AES (Advanced Encryption Standard) 1640 candidate cipher by researchers at CounterPane Systems. It is a 1641 16 round block cipher supporting key sizes of 128, 192, and 256 1642 bits. 1643 1644 See also: 1645 <http://www.schneier.com/twofish.html> 1646 1647config CRYPTO_TWOFISH_COMMON 1648 tristate 1649 help 1650 Common parts of the Twofish cipher algorithm shared by the 1651 generic c and the assembler implementations. 1652 1653config CRYPTO_TWOFISH_586 1654 tristate "Twofish cipher algorithms (i586)" 1655 depends on (X86 || UML_X86) && !64BIT 1656 select CRYPTO_ALGAPI 1657 select CRYPTO_TWOFISH_COMMON 1658 help 1659 Twofish cipher algorithm. 1660 1661 Twofish was submitted as an AES (Advanced Encryption Standard) 1662 candidate cipher by researchers at CounterPane Systems. It is a 1663 16 round block cipher supporting key sizes of 128, 192, and 256 1664 bits. 1665 1666 See also: 1667 <http://www.schneier.com/twofish.html> 1668 1669config CRYPTO_TWOFISH_X86_64 1670 tristate "Twofish cipher algorithm (x86_64)" 1671 depends on (X86 || UML_X86) && 64BIT 1672 select CRYPTO_ALGAPI 1673 select CRYPTO_TWOFISH_COMMON 1674 help 1675 Twofish cipher algorithm (x86_64). 1676 1677 Twofish was submitted as an AES (Advanced Encryption Standard) 1678 candidate cipher by researchers at CounterPane Systems. It is a 1679 16 round block cipher supporting key sizes of 128, 192, and 256 1680 bits. 1681 1682 See also: 1683 <http://www.schneier.com/twofish.html> 1684 1685config CRYPTO_TWOFISH_X86_64_3WAY 1686 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1687 depends on X86 && 64BIT 1688 select CRYPTO_BLKCIPHER 1689 select CRYPTO_TWOFISH_COMMON 1690 select CRYPTO_TWOFISH_X86_64 1691 select CRYPTO_GLUE_HELPER_X86 1692 help 1693 Twofish cipher algorithm (x86_64, 3-way parallel). 1694 1695 Twofish was submitted as an AES (Advanced Encryption Standard) 1696 candidate cipher by researchers at CounterPane Systems. It is a 1697 16 round block cipher supporting key sizes of 128, 192, and 256 1698 bits. 1699 1700 This module provides Twofish cipher algorithm that processes three 1701 blocks parallel, utilizing resources of out-of-order CPUs better. 1702 1703 See also: 1704 <http://www.schneier.com/twofish.html> 1705 1706config CRYPTO_TWOFISH_AVX_X86_64 1707 tristate "Twofish cipher algorithm (x86_64/AVX)" 1708 depends on X86 && 64BIT 1709 select CRYPTO_BLKCIPHER 1710 select CRYPTO_GLUE_HELPER_X86 1711 select CRYPTO_SIMD 1712 select CRYPTO_TWOFISH_COMMON 1713 select CRYPTO_TWOFISH_X86_64 1714 select CRYPTO_TWOFISH_X86_64_3WAY 1715 help 1716 Twofish cipher algorithm (x86_64/AVX). 1717 1718 Twofish was submitted as an AES (Advanced Encryption Standard) 1719 candidate cipher by researchers at CounterPane Systems. It is a 1720 16 round block cipher supporting key sizes of 128, 192, and 256 1721 bits. 1722 1723 This module provides the Twofish cipher algorithm that processes 1724 eight blocks parallel using the AVX Instruction Set. 1725 1726 See also: 1727 <http://www.schneier.com/twofish.html> 1728 1729comment "Compression" 1730 1731config CRYPTO_DEFLATE 1732 tristate "Deflate compression algorithm" 1733 select CRYPTO_ALGAPI 1734 select CRYPTO_ACOMP2 1735 select ZLIB_INFLATE 1736 select ZLIB_DEFLATE 1737 help 1738 This is the Deflate algorithm (RFC1951), specified for use in 1739 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1740 1741 You will most probably want this if using IPSec. 1742 1743config CRYPTO_LZO 1744 tristate "LZO compression algorithm" 1745 select CRYPTO_ALGAPI 1746 select CRYPTO_ACOMP2 1747 select LZO_COMPRESS 1748 select LZO_DECOMPRESS 1749 help 1750 This is the LZO algorithm. 1751 1752config CRYPTO_842 1753 tristate "842 compression algorithm" 1754 select CRYPTO_ALGAPI 1755 select CRYPTO_ACOMP2 1756 select 842_COMPRESS 1757 select 842_DECOMPRESS 1758 help 1759 This is the 842 algorithm. 1760 1761config CRYPTO_LZ4 1762 tristate "LZ4 compression algorithm" 1763 select CRYPTO_ALGAPI 1764 select CRYPTO_ACOMP2 1765 select LZ4_COMPRESS 1766 select LZ4_DECOMPRESS 1767 help 1768 This is the LZ4 algorithm. 1769 1770config CRYPTO_LZ4HC 1771 tristate "LZ4HC compression algorithm" 1772 select CRYPTO_ALGAPI 1773 select CRYPTO_ACOMP2 1774 select LZ4HC_COMPRESS 1775 select LZ4_DECOMPRESS 1776 help 1777 This is the LZ4 high compression mode algorithm. 1778 1779config CRYPTO_ZSTD 1780 tristate "Zstd compression algorithm" 1781 select CRYPTO_ALGAPI 1782 select CRYPTO_ACOMP2 1783 select ZSTD_COMPRESS 1784 select ZSTD_DECOMPRESS 1785 help 1786 This is the zstd algorithm. 1787 1788comment "Random Number Generation" 1789 1790config CRYPTO_ANSI_CPRNG 1791 tristate "Pseudo Random Number Generation for Cryptographic modules" 1792 select CRYPTO_AES 1793 select CRYPTO_RNG 1794 help 1795 This option enables the generic pseudo random number generator 1796 for cryptographic modules. Uses the Algorithm specified in 1797 ANSI X9.31 A.2.4. Note that this option must be enabled if 1798 CRYPTO_FIPS is selected 1799 1800menuconfig CRYPTO_DRBG_MENU 1801 tristate "NIST SP800-90A DRBG" 1802 help 1803 NIST SP800-90A compliant DRBG. In the following submenu, one or 1804 more of the DRBG types must be selected. 1805 1806if CRYPTO_DRBG_MENU 1807 1808config CRYPTO_DRBG_HMAC 1809 bool 1810 default y 1811 select CRYPTO_HMAC 1812 select CRYPTO_SHA256 1813 1814config CRYPTO_DRBG_HASH 1815 bool "Enable Hash DRBG" 1816 select CRYPTO_SHA256 1817 help 1818 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1819 1820config CRYPTO_DRBG_CTR 1821 bool "Enable CTR DRBG" 1822 select CRYPTO_AES 1823 depends on CRYPTO_CTR 1824 help 1825 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1826 1827config CRYPTO_DRBG 1828 tristate 1829 default CRYPTO_DRBG_MENU 1830 select CRYPTO_RNG 1831 select CRYPTO_JITTERENTROPY 1832 1833endif # if CRYPTO_DRBG_MENU 1834 1835config CRYPTO_JITTERENTROPY 1836 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1837 select CRYPTO_RNG 1838 help 1839 The Jitterentropy RNG is a noise that is intended 1840 to provide seed to another RNG. The RNG does not 1841 perform any cryptographic whitening of the generated 1842 random numbers. This Jitterentropy RNG registers with 1843 the kernel crypto API and can be used by any caller. 1844 1845config CRYPTO_USER_API 1846 tristate 1847 1848config CRYPTO_USER_API_HASH 1849 tristate "User-space interface for hash algorithms" 1850 depends on NET 1851 select CRYPTO_HASH 1852 select CRYPTO_USER_API 1853 help 1854 This option enables the user-spaces interface for hash 1855 algorithms. 1856 1857config CRYPTO_USER_API_SKCIPHER 1858 tristate "User-space interface for symmetric key cipher algorithms" 1859 depends on NET 1860 select CRYPTO_BLKCIPHER 1861 select CRYPTO_USER_API 1862 help 1863 This option enables the user-spaces interface for symmetric 1864 key cipher algorithms. 1865 1866config CRYPTO_USER_API_RNG 1867 tristate "User-space interface for random number generator algorithms" 1868 depends on NET 1869 select CRYPTO_RNG 1870 select CRYPTO_USER_API 1871 help 1872 This option enables the user-spaces interface for random 1873 number generator algorithms. 1874 1875config CRYPTO_USER_API_AEAD 1876 tristate "User-space interface for AEAD cipher algorithms" 1877 depends on NET 1878 select CRYPTO_AEAD 1879 select CRYPTO_BLKCIPHER 1880 select CRYPTO_NULL 1881 select CRYPTO_USER_API 1882 help 1883 This option enables the user-spaces interface for AEAD 1884 cipher algorithms. 1885 1886config CRYPTO_STATS 1887 bool "Crypto usage statistics for User-space" 1888 depends on CRYPTO_USER 1889 help 1890 This option enables the gathering of crypto stats. 1891 This will collect: 1892 - encrypt/decrypt size and numbers of symmeric operations 1893 - compress/decompress size and numbers of compress operations 1894 - size and numbers of hash operations 1895 - encrypt/decrypt/sign/verify numbers for asymmetric operations 1896 - generate/seed numbers for rng operations 1897 1898config CRYPTO_HASH_INFO 1899 bool 1900 1901source "drivers/crypto/Kconfig" 1902source "crypto/asymmetric_keys/Kconfig" 1903source "certs/Kconfig" 1904 1905endif # if CRYPTO 1906