0001 # SPDX-License-Identifier: GPL-2.0
0002 #
0003 # Generic algorithms support
0004 #
0005 config XOR_BLOCKS
0006 tristate
0007
0008 #
0009 # async_tx api: hardware offloaded memory transfer/transform support
0010 #
0011 source "crypto/async_tx/Kconfig"
0012
0013 #
0014 # Cryptographic API Configuration
0015 #
0016 menuconfig CRYPTO
0017 tristate "Cryptographic API"
0018 select LIB_MEMNEQ
0019 help
0020 This option provides the core Cryptographic API.
0021
0022 if CRYPTO
0023
0024 comment "Crypto core or helper"
0025
0026 config CRYPTO_FIPS
0027 bool "FIPS 200 compliance"
0028 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
0029 depends on (MODULE_SIG || !MODULES)
0030 help
0031 This option enables the fips boot option which is
0032 required if you want the system to operate in a FIPS 200
0033 certification. You should say no unless you know what
0034 this is.
0035
0036 config CRYPTO_FIPS_NAME
0037 string "FIPS Module Name"
0038 default "Linux Kernel Cryptographic API"
0039 depends on CRYPTO_FIPS
0040 help
0041 This option sets the FIPS Module name reported by the Crypto API via
0042 the /proc/sys/crypto/fips_name file.
0043
0044 config CRYPTO_FIPS_CUSTOM_VERSION
0045 bool "Use Custom FIPS Module Version"
0046 depends on CRYPTO_FIPS
0047 default n
0048
0049 config CRYPTO_FIPS_VERSION
0050 string "FIPS Module Version"
0051 default "(none)"
0052 depends on CRYPTO_FIPS_CUSTOM_VERSION
0053 help
0054 This option provides the ability to override the FIPS Module Version.
0055 By default the KERNELRELEASE value is used.
0056
0057 config CRYPTO_ALGAPI
0058 tristate
0059 select CRYPTO_ALGAPI2
0060 help
0061 This option provides the API for cryptographic algorithms.
0062
0063 config CRYPTO_ALGAPI2
0064 tristate
0065
0066 config CRYPTO_AEAD
0067 tristate
0068 select CRYPTO_AEAD2
0069 select CRYPTO_ALGAPI
0070
0071 config CRYPTO_AEAD2
0072 tristate
0073 select CRYPTO_ALGAPI2
0074 select CRYPTO_NULL2
0075 select CRYPTO_RNG2
0076
0077 config CRYPTO_SKCIPHER
0078 tristate
0079 select CRYPTO_SKCIPHER2
0080 select CRYPTO_ALGAPI
0081
0082 config CRYPTO_SKCIPHER2
0083 tristate
0084 select CRYPTO_ALGAPI2
0085 select CRYPTO_RNG2
0086
0087 config CRYPTO_HASH
0088 tristate
0089 select CRYPTO_HASH2
0090 select CRYPTO_ALGAPI
0091
0092 config CRYPTO_HASH2
0093 tristate
0094 select CRYPTO_ALGAPI2
0095
0096 config CRYPTO_RNG
0097 tristate
0098 select CRYPTO_RNG2
0099 select CRYPTO_ALGAPI
0100
0101 config CRYPTO_RNG2
0102 tristate
0103 select CRYPTO_ALGAPI2
0104
0105 config CRYPTO_RNG_DEFAULT
0106 tristate
0107 select CRYPTO_DRBG_MENU
0108
0109 config CRYPTO_AKCIPHER2
0110 tristate
0111 select CRYPTO_ALGAPI2
0112
0113 config CRYPTO_AKCIPHER
0114 tristate
0115 select CRYPTO_AKCIPHER2
0116 select CRYPTO_ALGAPI
0117
0118 config CRYPTO_KPP2
0119 tristate
0120 select CRYPTO_ALGAPI2
0121
0122 config CRYPTO_KPP
0123 tristate
0124 select CRYPTO_ALGAPI
0125 select CRYPTO_KPP2
0126
0127 config CRYPTO_ACOMP2
0128 tristate
0129 select CRYPTO_ALGAPI2
0130 select SGL_ALLOC
0131
0132 config CRYPTO_ACOMP
0133 tristate
0134 select CRYPTO_ALGAPI
0135 select CRYPTO_ACOMP2
0136
0137 config CRYPTO_MANAGER
0138 tristate "Cryptographic algorithm manager"
0139 select CRYPTO_MANAGER2
0140 help
0141 Create default cryptographic template instantiations such as
0142 cbc(aes).
0143
0144 config CRYPTO_MANAGER2
0145 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
0146 select CRYPTO_AEAD2
0147 select CRYPTO_HASH2
0148 select CRYPTO_SKCIPHER2
0149 select CRYPTO_AKCIPHER2
0150 select CRYPTO_KPP2
0151 select CRYPTO_ACOMP2
0152
0153 config CRYPTO_USER
0154 tristate "Userspace cryptographic algorithm configuration"
0155 depends on NET
0156 select CRYPTO_MANAGER
0157 help
0158 Userspace configuration for cryptographic instantiations such as
0159 cbc(aes).
0160
0161 config CRYPTO_MANAGER_DISABLE_TESTS
0162 bool "Disable run-time self tests"
0163 default y
0164 help
0165 Disable run-time self tests that normally take place at
0166 algorithm registration.
0167
0168 config CRYPTO_MANAGER_EXTRA_TESTS
0169 bool "Enable extra run-time crypto self tests"
0170 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
0171 help
0172 Enable extra run-time self tests of registered crypto algorithms,
0173 including randomized fuzz tests.
0174
0175 This is intended for developer use only, as these tests take much
0176 longer to run than the normal self tests.
0177
0178 config CRYPTO_GF128MUL
0179 tristate
0180
0181 config CRYPTO_NULL
0182 tristate "Null algorithms"
0183 select CRYPTO_NULL2
0184 help
0185 These are 'Null' algorithms, used by IPsec, which do nothing.
0186
0187 config CRYPTO_NULL2
0188 tristate
0189 select CRYPTO_ALGAPI2
0190 select CRYPTO_SKCIPHER2
0191 select CRYPTO_HASH2
0192
0193 config CRYPTO_PCRYPT
0194 tristate "Parallel crypto engine"
0195 depends on SMP
0196 select PADATA
0197 select CRYPTO_MANAGER
0198 select CRYPTO_AEAD
0199 help
0200 This converts an arbitrary crypto algorithm into a parallel
0201 algorithm that executes in kernel threads.
0202
0203 config CRYPTO_CRYPTD
0204 tristate "Software async crypto daemon"
0205 select CRYPTO_SKCIPHER
0206 select CRYPTO_HASH
0207 select CRYPTO_MANAGER
0208 help
0209 This is a generic software asynchronous crypto daemon that
0210 converts an arbitrary synchronous software crypto algorithm
0211 into an asynchronous algorithm that executes in a kernel thread.
0212
0213 config CRYPTO_AUTHENC
0214 tristate "Authenc support"
0215 select CRYPTO_AEAD
0216 select CRYPTO_SKCIPHER
0217 select CRYPTO_MANAGER
0218 select CRYPTO_HASH
0219 select CRYPTO_NULL
0220 help
0221 Authenc: Combined mode wrapper for IPsec.
0222 This is required for IPSec.
0223
0224 config CRYPTO_TEST
0225 tristate "Testing module"
0226 depends on m || EXPERT
0227 select CRYPTO_MANAGER
0228 help
0229 Quick & dirty crypto test module.
0230
0231 config CRYPTO_SIMD
0232 tristate
0233 select CRYPTO_CRYPTD
0234
0235 config CRYPTO_ENGINE
0236 tristate
0237
0238 comment "Public-key cryptography"
0239
0240 config CRYPTO_RSA
0241 tristate "RSA algorithm"
0242 select CRYPTO_AKCIPHER
0243 select CRYPTO_MANAGER
0244 select MPILIB
0245 select ASN1
0246 help
0247 Generic implementation of the RSA public key algorithm.
0248
0249 config CRYPTO_DH
0250 tristate "Diffie-Hellman algorithm"
0251 select CRYPTO_KPP
0252 select MPILIB
0253 help
0254 Generic implementation of the Diffie-Hellman algorithm.
0255
0256 config CRYPTO_DH_RFC7919_GROUPS
0257 bool "Support for RFC 7919 FFDHE group parameters"
0258 depends on CRYPTO_DH
0259 select CRYPTO_RNG_DEFAULT
0260 help
0261 Provide support for RFC 7919 FFDHE group parameters. If unsure, say N.
0262
0263 config CRYPTO_ECC
0264 tristate
0265 select CRYPTO_RNG_DEFAULT
0266
0267 config CRYPTO_ECDH
0268 tristate "ECDH algorithm"
0269 select CRYPTO_ECC
0270 select CRYPTO_KPP
0271 help
0272 Generic implementation of the ECDH algorithm
0273
0274 config CRYPTO_ECDSA
0275 tristate "ECDSA (NIST P192, P256 etc.) algorithm"
0276 select CRYPTO_ECC
0277 select CRYPTO_AKCIPHER
0278 select ASN1
0279 help
0280 Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
0281 is A NIST cryptographic standard algorithm. Only signature verification
0282 is implemented.
0283
0284 config CRYPTO_ECRDSA
0285 tristate "EC-RDSA (GOST 34.10) algorithm"
0286 select CRYPTO_ECC
0287 select CRYPTO_AKCIPHER
0288 select CRYPTO_STREEBOG
0289 select OID_REGISTRY
0290 select ASN1
0291 help
0292 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
0293 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
0294 standard algorithms (called GOST algorithms). Only signature verification
0295 is implemented.
0296
0297 config CRYPTO_SM2
0298 tristate "SM2 algorithm"
0299 select CRYPTO_SM3
0300 select CRYPTO_AKCIPHER
0301 select CRYPTO_MANAGER
0302 select MPILIB
0303 select ASN1
0304 help
0305 Generic implementation of the SM2 public key algorithm. It was
0306 published by State Encryption Management Bureau, China.
0307 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
0308
0309 References:
0310 https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
0311 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
0312 http://www.gmbz.org.cn/main/bzlb.html
0313
0314 config CRYPTO_CURVE25519
0315 tristate "Curve25519 algorithm"
0316 select CRYPTO_KPP
0317 select CRYPTO_LIB_CURVE25519_GENERIC
0318
0319 config CRYPTO_CURVE25519_X86
0320 tristate "x86_64 accelerated Curve25519 scalar multiplication library"
0321 depends on X86 && 64BIT
0322 select CRYPTO_LIB_CURVE25519_GENERIC
0323 select CRYPTO_ARCH_HAVE_LIB_CURVE25519
0324
0325 comment "Authenticated Encryption with Associated Data"
0326
0327 config CRYPTO_CCM
0328 tristate "CCM support"
0329 select CRYPTO_CTR
0330 select CRYPTO_HASH
0331 select CRYPTO_AEAD
0332 select CRYPTO_MANAGER
0333 help
0334 Support for Counter with CBC MAC. Required for IPsec.
0335
0336 config CRYPTO_GCM
0337 tristate "GCM/GMAC support"
0338 select CRYPTO_CTR
0339 select CRYPTO_AEAD
0340 select CRYPTO_GHASH
0341 select CRYPTO_NULL
0342 select CRYPTO_MANAGER
0343 help
0344 Support for Galois/Counter Mode (GCM) and Galois Message
0345 Authentication Code (GMAC). Required for IPSec.
0346
0347 config CRYPTO_CHACHA20POLY1305
0348 tristate "ChaCha20-Poly1305 AEAD support"
0349 select CRYPTO_CHACHA20
0350 select CRYPTO_POLY1305
0351 select CRYPTO_AEAD
0352 select CRYPTO_MANAGER
0353 help
0354 ChaCha20-Poly1305 AEAD support, RFC7539.
0355
0356 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
0357 with the Poly1305 authenticator. It is defined in RFC7539 for use in
0358 IETF protocols.
0359
0360 config CRYPTO_AEGIS128
0361 tristate "AEGIS-128 AEAD algorithm"
0362 select CRYPTO_AEAD
0363 select CRYPTO_AES # for AES S-box tables
0364 help
0365 Support for the AEGIS-128 dedicated AEAD algorithm.
0366
0367 config CRYPTO_AEGIS128_SIMD
0368 bool "Support SIMD acceleration for AEGIS-128"
0369 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
0370 default y
0371
0372 config CRYPTO_AEGIS128_AESNI_SSE2
0373 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
0374 depends on X86 && 64BIT
0375 select CRYPTO_AEAD
0376 select CRYPTO_SIMD
0377 help
0378 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
0379
0380 config CRYPTO_SEQIV
0381 tristate "Sequence Number IV Generator"
0382 select CRYPTO_AEAD
0383 select CRYPTO_SKCIPHER
0384 select CRYPTO_NULL
0385 select CRYPTO_RNG_DEFAULT
0386 select CRYPTO_MANAGER
0387 help
0388 This IV generator generates an IV based on a sequence number by
0389 xoring it with a salt. This algorithm is mainly useful for CTR
0390
0391 config CRYPTO_ECHAINIV
0392 tristate "Encrypted Chain IV Generator"
0393 select CRYPTO_AEAD
0394 select CRYPTO_NULL
0395 select CRYPTO_RNG_DEFAULT
0396 select CRYPTO_MANAGER
0397 help
0398 This IV generator generates an IV based on the encryption of
0399 a sequence number xored with a salt. This is the default
0400 algorithm for CBC.
0401
0402 comment "Block modes"
0403
0404 config CRYPTO_CBC
0405 tristate "CBC support"
0406 select CRYPTO_SKCIPHER
0407 select CRYPTO_MANAGER
0408 help
0409 CBC: Cipher Block Chaining mode
0410 This block cipher algorithm is required for IPSec.
0411
0412 config CRYPTO_CFB
0413 tristate "CFB support"
0414 select CRYPTO_SKCIPHER
0415 select CRYPTO_MANAGER
0416 help
0417 CFB: Cipher FeedBack mode
0418 This block cipher algorithm is required for TPM2 Cryptography.
0419
0420 config CRYPTO_CTR
0421 tristate "CTR support"
0422 select CRYPTO_SKCIPHER
0423 select CRYPTO_MANAGER
0424 help
0425 CTR: Counter mode
0426 This block cipher algorithm is required for IPSec.
0427
0428 config CRYPTO_CTS
0429 tristate "CTS support"
0430 select CRYPTO_SKCIPHER
0431 select CRYPTO_MANAGER
0432 help
0433 CTS: Cipher Text Stealing
0434 This is the Cipher Text Stealing mode as described by
0435 Section 8 of rfc2040 and referenced by rfc3962
0436 (rfc3962 includes errata information in its Appendix A) or
0437 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
0438 This mode is required for Kerberos gss mechanism support
0439 for AES encryption.
0440
0441 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
0442
0443 config CRYPTO_ECB
0444 tristate "ECB support"
0445 select CRYPTO_SKCIPHER
0446 select CRYPTO_MANAGER
0447 help
0448 ECB: Electronic CodeBook mode
0449 This is the simplest block cipher algorithm. It simply encrypts
0450 the input block by block.
0451
0452 config CRYPTO_LRW
0453 tristate "LRW support"
0454 select CRYPTO_SKCIPHER
0455 select CRYPTO_MANAGER
0456 select CRYPTO_GF128MUL
0457 select CRYPTO_ECB
0458 help
0459 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
0460 narrow block cipher mode for dm-crypt. Use it with cipher
0461 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
0462 The first 128, 192 or 256 bits in the key are used for AES and the
0463 rest is used to tie each cipher block to its logical position.
0464
0465 config CRYPTO_OFB
0466 tristate "OFB support"
0467 select CRYPTO_SKCIPHER
0468 select CRYPTO_MANAGER
0469 help
0470 OFB: the Output Feedback mode makes a block cipher into a synchronous
0471 stream cipher. It generates keystream blocks, which are then XORed
0472 with the plaintext blocks to get the ciphertext. Flipping a bit in the
0473 ciphertext produces a flipped bit in the plaintext at the same
0474 location. This property allows many error correcting codes to function
0475 normally even when applied before encryption.
0476
0477 config CRYPTO_PCBC
0478 tristate "PCBC support"
0479 select CRYPTO_SKCIPHER
0480 select CRYPTO_MANAGER
0481 help
0482 PCBC: Propagating Cipher Block Chaining mode
0483 This block cipher algorithm is required for RxRPC.
0484
0485 config CRYPTO_XCTR
0486 tristate
0487 select CRYPTO_SKCIPHER
0488 select CRYPTO_MANAGER
0489 help
0490 XCTR: XOR Counter mode. This blockcipher mode is a variant of CTR mode
0491 using XORs and little-endian addition rather than big-endian arithmetic.
0492 XCTR mode is used to implement HCTR2.
0493
0494 config CRYPTO_XTS
0495 tristate "XTS support"
0496 select CRYPTO_SKCIPHER
0497 select CRYPTO_MANAGER
0498 select CRYPTO_ECB
0499 help
0500 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
0501 key size 256, 384 or 512 bits. This implementation currently
0502 can't handle a sectorsize which is not a multiple of 16 bytes.
0503
0504 config CRYPTO_KEYWRAP
0505 tristate "Key wrapping support"
0506 select CRYPTO_SKCIPHER
0507 select CRYPTO_MANAGER
0508 help
0509 Support for key wrapping (NIST SP800-38F / RFC3394) without
0510 padding.
0511
0512 config CRYPTO_NHPOLY1305
0513 tristate
0514 select CRYPTO_HASH
0515 select CRYPTO_LIB_POLY1305_GENERIC
0516
0517 config CRYPTO_NHPOLY1305_SSE2
0518 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
0519 depends on X86 && 64BIT
0520 select CRYPTO_NHPOLY1305
0521 help
0522 SSE2 optimized implementation of the hash function used by the
0523 Adiantum encryption mode.
0524
0525 config CRYPTO_NHPOLY1305_AVX2
0526 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
0527 depends on X86 && 64BIT
0528 select CRYPTO_NHPOLY1305
0529 help
0530 AVX2 optimized implementation of the hash function used by the
0531 Adiantum encryption mode.
0532
0533 config CRYPTO_ADIANTUM
0534 tristate "Adiantum support"
0535 select CRYPTO_CHACHA20
0536 select CRYPTO_LIB_POLY1305_GENERIC
0537 select CRYPTO_NHPOLY1305
0538 select CRYPTO_MANAGER
0539 help
0540 Adiantum is a tweakable, length-preserving encryption mode
0541 designed for fast and secure disk encryption, especially on
0542 CPUs without dedicated crypto instructions. It encrypts
0543 each sector using the XChaCha12 stream cipher, two passes of
0544 an ε-almost-∆-universal hash function, and an invocation of
0545 the AES-256 block cipher on a single 16-byte block. On CPUs
0546 without AES instructions, Adiantum is much faster than
0547 AES-XTS.
0548
0549 Adiantum's security is provably reducible to that of its
0550 underlying stream and block ciphers, subject to a security
0551 bound. Unlike XTS, Adiantum is a true wide-block encryption
0552 mode, so it actually provides an even stronger notion of
0553 security than XTS, subject to the security bound.
0554
0555 If unsure, say N.
0556
0557 config CRYPTO_HCTR2
0558 tristate "HCTR2 support"
0559 select CRYPTO_XCTR
0560 select CRYPTO_POLYVAL
0561 select CRYPTO_MANAGER
0562 help
0563 HCTR2 is a length-preserving encryption mode for storage encryption that
0564 is efficient on processors with instructions to accelerate AES and
0565 carryless multiplication, e.g. x86 processors with AES-NI and CLMUL, and
0566 ARM processors with the ARMv8 crypto extensions.
0567
0568 config CRYPTO_ESSIV
0569 tristate "ESSIV support for block encryption"
0570 select CRYPTO_AUTHENC
0571 help
0572 Encrypted salt-sector initialization vector (ESSIV) is an IV
0573 generation method that is used in some cases by fscrypt and/or
0574 dm-crypt. It uses the hash of the block encryption key as the
0575 symmetric key for a block encryption pass applied to the input
0576 IV, making low entropy IV sources more suitable for block
0577 encryption.
0578
0579 This driver implements a crypto API template that can be
0580 instantiated either as an skcipher or as an AEAD (depending on the
0581 type of the first template argument), and which defers encryption
0582 and decryption requests to the encapsulated cipher after applying
0583 ESSIV to the input IV. Note that in the AEAD case, it is assumed
0584 that the keys are presented in the same format used by the authenc
0585 template, and that the IV appears at the end of the authenticated
0586 associated data (AAD) region (which is how dm-crypt uses it.)
0587
0588 Note that the use of ESSIV is not recommended for new deployments,
0589 and so this only needs to be enabled when interoperability with
0590 existing encrypted volumes of filesystems is required, or when
0591 building for a particular system that requires it (e.g., when
0592 the SoC in question has accelerated CBC but not XTS, making CBC
0593 combined with ESSIV the only feasible mode for h/w accelerated
0594 block encryption)
0595
0596 comment "Hash modes"
0597
0598 config CRYPTO_CMAC
0599 tristate "CMAC support"
0600 select CRYPTO_HASH
0601 select CRYPTO_MANAGER
0602 help
0603 Cipher-based Message Authentication Code (CMAC) specified by
0604 The National Institute of Standards and Technology (NIST).
0605
0606 https://tools.ietf.org/html/rfc4493
0607 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
0608
0609 config CRYPTO_HMAC
0610 tristate "HMAC support"
0611 select CRYPTO_HASH
0612 select CRYPTO_MANAGER
0613 help
0614 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
0615 This is required for IPSec.
0616
0617 config CRYPTO_XCBC
0618 tristate "XCBC support"
0619 select CRYPTO_HASH
0620 select CRYPTO_MANAGER
0621 help
0622 XCBC: Keyed-Hashing with encryption algorithm
0623 https://www.ietf.org/rfc/rfc3566.txt
0624 http://csrc.nist.gov/encryption/modes/proposedmodes/
0625 xcbc-mac/xcbc-mac-spec.pdf
0626
0627 config CRYPTO_VMAC
0628 tristate "VMAC support"
0629 select CRYPTO_HASH
0630 select CRYPTO_MANAGER
0631 help
0632 VMAC is a message authentication algorithm designed for
0633 very high speed on 64-bit architectures.
0634
0635 See also:
0636 <https://fastcrypto.org/vmac>
0637
0638 comment "Digest"
0639
0640 config CRYPTO_CRC32C
0641 tristate "CRC32c CRC algorithm"
0642 select CRYPTO_HASH
0643 select CRC32
0644 help
0645 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
0646 by iSCSI for header and data digests and by others.
0647 See Castagnoli93. Module will be crc32c.
0648
0649 config CRYPTO_CRC32C_INTEL
0650 tristate "CRC32c INTEL hardware acceleration"
0651 depends on X86
0652 select CRYPTO_HASH
0653 help
0654 In Intel processor with SSE4.2 supported, the processor will
0655 support CRC32C implementation using hardware accelerated CRC32
0656 instruction. This option will create 'crc32c-intel' module,
0657 which will enable any routine to use the CRC32 instruction to
0658 gain performance compared with software implementation.
0659 Module will be crc32c-intel.
0660
0661 config CRYPTO_CRC32C_VPMSUM
0662 tristate "CRC32c CRC algorithm (powerpc64)"
0663 depends on PPC64 && ALTIVEC
0664 select CRYPTO_HASH
0665 select CRC32
0666 help
0667 CRC32c algorithm implemented using vector polynomial multiply-sum
0668 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
0669 and newer processors for improved performance.
0670
0671
0672 config CRYPTO_CRC32C_SPARC64
0673 tristate "CRC32c CRC algorithm (SPARC64)"
0674 depends on SPARC64
0675 select CRYPTO_HASH
0676 select CRC32
0677 help
0678 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
0679 when available.
0680
0681 config CRYPTO_CRC32
0682 tristate "CRC32 CRC algorithm"
0683 select CRYPTO_HASH
0684 select CRC32
0685 help
0686 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
0687 Shash crypto api wrappers to crc32_le function.
0688
0689 config CRYPTO_CRC32_PCLMUL
0690 tristate "CRC32 PCLMULQDQ hardware acceleration"
0691 depends on X86
0692 select CRYPTO_HASH
0693 select CRC32
0694 help
0695 From Intel Westmere and AMD Bulldozer processor with SSE4.2
0696 and PCLMULQDQ supported, the processor will support
0697 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
0698 instruction. This option will create 'crc32-pclmul' module,
0699 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
0700 and gain better performance as compared with the table implementation.
0701
0702 config CRYPTO_CRC32_MIPS
0703 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
0704 depends on MIPS_CRC_SUPPORT
0705 select CRYPTO_HASH
0706 help
0707 CRC32c and CRC32 CRC algorithms implemented using mips crypto
0708 instructions, when available.
0709
0710 config CRYPTO_CRC32_S390
0711 tristate "CRC-32 algorithms"
0712 depends on S390
0713 select CRYPTO_HASH
0714 select CRC32
0715 help
0716 Select this option if you want to use hardware accelerated
0717 implementations of CRC algorithms. With this option, you
0718 can optimize the computation of CRC-32 (IEEE 802.3 Ethernet)
0719 and CRC-32C (Castagnoli).
0720
0721 It is available with IBM z13 or later.
0722
0723 config CRYPTO_XXHASH
0724 tristate "xxHash hash algorithm"
0725 select CRYPTO_HASH
0726 select XXHASH
0727 help
0728 xxHash non-cryptographic hash algorithm. Extremely fast, working at
0729 speeds close to RAM limits.
0730
0731 config CRYPTO_BLAKE2B
0732 tristate "BLAKE2b digest algorithm"
0733 select CRYPTO_HASH
0734 help
0735 Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
0736 optimized for 64bit platforms and can produce digests of any size
0737 between 1 to 64. The keyed hash is also implemented.
0738
0739 This module provides the following algorithms:
0740
0741 - blake2b-160
0742 - blake2b-256
0743 - blake2b-384
0744 - blake2b-512
0745
0746 See https://blake2.net for further information.
0747
0748 config CRYPTO_BLAKE2S_X86
0749 bool "BLAKE2s digest algorithm (x86 accelerated version)"
0750 depends on X86 && 64BIT
0751 select CRYPTO_LIB_BLAKE2S_GENERIC
0752 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
0753
0754 config CRYPTO_CRCT10DIF
0755 tristate "CRCT10DIF algorithm"
0756 select CRYPTO_HASH
0757 help
0758 CRC T10 Data Integrity Field computation is being cast as
0759 a crypto transform. This allows for faster crc t10 diff
0760 transforms to be used if they are available.
0761
0762 config CRYPTO_CRCT10DIF_PCLMUL
0763 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
0764 depends on X86 && 64BIT && CRC_T10DIF
0765 select CRYPTO_HASH
0766 help
0767 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
0768 CRC T10 DIF PCLMULQDQ computation can be hardware
0769 accelerated PCLMULQDQ instruction. This option will create
0770 'crct10dif-pclmul' module, which is faster when computing the
0771 crct10dif checksum as compared with the generic table implementation.
0772
0773 config CRYPTO_CRCT10DIF_VPMSUM
0774 tristate "CRC32T10DIF powerpc64 hardware acceleration"
0775 depends on PPC64 && ALTIVEC && CRC_T10DIF
0776 select CRYPTO_HASH
0777 help
0778 CRC10T10DIF algorithm implemented using vector polynomial
0779 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
0780 POWER8 and newer processors for improved performance.
0781
0782 config CRYPTO_CRC64_ROCKSOFT
0783 tristate "Rocksoft Model CRC64 algorithm"
0784 depends on CRC64
0785 select CRYPTO_HASH
0786
0787 config CRYPTO_VPMSUM_TESTER
0788 tristate "Powerpc64 vpmsum hardware acceleration tester"
0789 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
0790 help
0791 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
0792 POWER8 vpmsum instructions.
0793 Unless you are testing these algorithms, you don't need this.
0794
0795 config CRYPTO_GHASH
0796 tristate "GHASH hash function"
0797 select CRYPTO_GF128MUL
0798 select CRYPTO_HASH
0799 help
0800 GHASH is the hash function used in GCM (Galois/Counter Mode).
0801 It is not a general-purpose cryptographic hash function.
0802
0803 config CRYPTO_POLYVAL
0804 tristate
0805 select CRYPTO_GF128MUL
0806 select CRYPTO_HASH
0807 help
0808 POLYVAL is the hash function used in HCTR2. It is not a general-purpose
0809 cryptographic hash function.
0810
0811 config CRYPTO_POLYVAL_CLMUL_NI
0812 tristate "POLYVAL hash function (CLMUL-NI accelerated)"
0813 depends on X86 && 64BIT
0814 select CRYPTO_POLYVAL
0815 help
0816 This is the x86_64 CLMUL-NI accelerated implementation of POLYVAL. It is
0817 used to efficiently implement HCTR2 on x86-64 processors that support
0818 carry-less multiplication instructions.
0819
0820 config CRYPTO_POLY1305
0821 tristate "Poly1305 authenticator algorithm"
0822 select CRYPTO_HASH
0823 select CRYPTO_LIB_POLY1305_GENERIC
0824 help
0825 Poly1305 authenticator algorithm, RFC7539.
0826
0827 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
0828 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
0829 in IETF protocols. This is the portable C implementation of Poly1305.
0830
0831 config CRYPTO_POLY1305_X86_64
0832 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
0833 depends on X86 && 64BIT
0834 select CRYPTO_LIB_POLY1305_GENERIC
0835 select CRYPTO_ARCH_HAVE_LIB_POLY1305
0836 help
0837 Poly1305 authenticator algorithm, RFC7539.
0838
0839 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
0840 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
0841 in IETF protocols. This is the x86_64 assembler implementation using SIMD
0842 instructions.
0843
0844 config CRYPTO_POLY1305_MIPS
0845 tristate "Poly1305 authenticator algorithm (MIPS optimized)"
0846 depends on MIPS
0847 select CRYPTO_ARCH_HAVE_LIB_POLY1305
0848
0849 config CRYPTO_MD4
0850 tristate "MD4 digest algorithm"
0851 select CRYPTO_HASH
0852 help
0853 MD4 message digest algorithm (RFC1320).
0854
0855 config CRYPTO_MD5
0856 tristate "MD5 digest algorithm"
0857 select CRYPTO_HASH
0858 help
0859 MD5 message digest algorithm (RFC1321).
0860
0861 config CRYPTO_MD5_OCTEON
0862 tristate "MD5 digest algorithm (OCTEON)"
0863 depends on CPU_CAVIUM_OCTEON
0864 select CRYPTO_MD5
0865 select CRYPTO_HASH
0866 help
0867 MD5 message digest algorithm (RFC1321) implemented
0868 using OCTEON crypto instructions, when available.
0869
0870 config CRYPTO_MD5_PPC
0871 tristate "MD5 digest algorithm (PPC)"
0872 depends on PPC
0873 select CRYPTO_HASH
0874 help
0875 MD5 message digest algorithm (RFC1321) implemented
0876 in PPC assembler.
0877
0878 config CRYPTO_MD5_SPARC64
0879 tristate "MD5 digest algorithm (SPARC64)"
0880 depends on SPARC64
0881 select CRYPTO_MD5
0882 select CRYPTO_HASH
0883 help
0884 MD5 message digest algorithm (RFC1321) implemented
0885 using sparc64 crypto instructions, when available.
0886
0887 config CRYPTO_MICHAEL_MIC
0888 tristate "Michael MIC keyed digest algorithm"
0889 select CRYPTO_HASH
0890 help
0891 Michael MIC is used for message integrity protection in TKIP
0892 (IEEE 802.11i). This algorithm is required for TKIP, but it
0893 should not be used for other purposes because of the weakness
0894 of the algorithm.
0895
0896 config CRYPTO_RMD160
0897 tristate "RIPEMD-160 digest algorithm"
0898 select CRYPTO_HASH
0899 help
0900 RIPEMD-160 (ISO/IEC 10118-3:2004).
0901
0902 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
0903 to be used as a secure replacement for the 128-bit hash functions
0904 MD4, MD5 and its predecessor RIPEMD
0905 (not to be confused with RIPEMD-128).
0906
0907 It's speed is comparable to SHA1 and there are no known attacks
0908 against RIPEMD-160.
0909
0910 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
0911 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
0912
0913 config CRYPTO_SHA1
0914 tristate "SHA1 digest algorithm"
0915 select CRYPTO_HASH
0916 select CRYPTO_LIB_SHA1
0917 help
0918 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
0919
0920 config CRYPTO_SHA1_SSSE3
0921 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
0922 depends on X86 && 64BIT
0923 select CRYPTO_SHA1
0924 select CRYPTO_HASH
0925 help
0926 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
0927 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
0928 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
0929 when available.
0930
0931 config CRYPTO_SHA256_SSSE3
0932 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
0933 depends on X86 && 64BIT
0934 select CRYPTO_SHA256
0935 select CRYPTO_HASH
0936 help
0937 SHA-256 secure hash standard (DFIPS 180-2) implemented
0938 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
0939 Extensions version 1 (AVX1), or Advanced Vector Extensions
0940 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
0941 Instructions) when available.
0942
0943 config CRYPTO_SHA512_SSSE3
0944 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
0945 depends on X86 && 64BIT
0946 select CRYPTO_SHA512
0947 select CRYPTO_HASH
0948 help
0949 SHA-512 secure hash standard (DFIPS 180-2) implemented
0950 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
0951 Extensions version 1 (AVX1), or Advanced Vector Extensions
0952 version 2 (AVX2) instructions, when available.
0953
0954 config CRYPTO_SHA512_S390
0955 tristate "SHA384 and SHA512 digest algorithm"
0956 depends on S390
0957 select CRYPTO_HASH
0958 help
0959 This is the s390 hardware accelerated implementation of the
0960 SHA512 secure hash standard.
0961
0962 It is available as of z10.
0963
0964 config CRYPTO_SHA1_OCTEON
0965 tristate "SHA1 digest algorithm (OCTEON)"
0966 depends on CPU_CAVIUM_OCTEON
0967 select CRYPTO_SHA1
0968 select CRYPTO_HASH
0969 help
0970 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
0971 using OCTEON crypto instructions, when available.
0972
0973 config CRYPTO_SHA1_SPARC64
0974 tristate "SHA1 digest algorithm (SPARC64)"
0975 depends on SPARC64
0976 select CRYPTO_SHA1
0977 select CRYPTO_HASH
0978 help
0979 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
0980 using sparc64 crypto instructions, when available.
0981
0982 config CRYPTO_SHA1_PPC
0983 tristate "SHA1 digest algorithm (powerpc)"
0984 depends on PPC
0985 help
0986 This is the powerpc hardware accelerated implementation of the
0987 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
0988
0989 config CRYPTO_SHA1_PPC_SPE
0990 tristate "SHA1 digest algorithm (PPC SPE)"
0991 depends on PPC && SPE
0992 help
0993 SHA-1 secure hash standard (DFIPS 180-4) implemented
0994 using powerpc SPE SIMD instruction set.
0995
0996 config CRYPTO_SHA1_S390
0997 tristate "SHA1 digest algorithm"
0998 depends on S390
0999 select CRYPTO_HASH
1000 help
1001 This is the s390 hardware accelerated implementation of the
1002 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
1003
1004 It is available as of z990.
1005
1006 config CRYPTO_SHA256
1007 tristate "SHA224 and SHA256 digest algorithm"
1008 select CRYPTO_HASH
1009 select CRYPTO_LIB_SHA256
1010 help
1011 SHA256 secure hash standard (DFIPS 180-2).
1012
1013 This version of SHA implements a 256 bit hash with 128 bits of
1014 security against collision attacks.
1015
1016 This code also includes SHA-224, a 224 bit hash with 112 bits
1017 of security against collision attacks.
1018
1019 config CRYPTO_SHA256_PPC_SPE
1020 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
1021 depends on PPC && SPE
1022 select CRYPTO_SHA256
1023 select CRYPTO_HASH
1024 help
1025 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
1026 implemented using powerpc SPE SIMD instruction set.
1027
1028 config CRYPTO_SHA256_OCTEON
1029 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
1030 depends on CPU_CAVIUM_OCTEON
1031 select CRYPTO_SHA256
1032 select CRYPTO_HASH
1033 help
1034 SHA-256 secure hash standard (DFIPS 180-2) implemented
1035 using OCTEON crypto instructions, when available.
1036
1037 config CRYPTO_SHA256_SPARC64
1038 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
1039 depends on SPARC64
1040 select CRYPTO_SHA256
1041 select CRYPTO_HASH
1042 help
1043 SHA-256 secure hash standard (DFIPS 180-2) implemented
1044 using sparc64 crypto instructions, when available.
1045
1046 config CRYPTO_SHA256_S390
1047 tristate "SHA256 digest algorithm"
1048 depends on S390
1049 select CRYPTO_HASH
1050 help
1051 This is the s390 hardware accelerated implementation of the
1052 SHA256 secure hash standard (DFIPS 180-2).
1053
1054 It is available as of z9.
1055
1056 config CRYPTO_SHA512
1057 tristate "SHA384 and SHA512 digest algorithms"
1058 select CRYPTO_HASH
1059 help
1060 SHA512 secure hash standard (DFIPS 180-2).
1061
1062 This version of SHA implements a 512 bit hash with 256 bits of
1063 security against collision attacks.
1064
1065 This code also includes SHA-384, a 384 bit hash with 192 bits
1066 of security against collision attacks.
1067
1068 config CRYPTO_SHA512_OCTEON
1069 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
1070 depends on CPU_CAVIUM_OCTEON
1071 select CRYPTO_SHA512
1072 select CRYPTO_HASH
1073 help
1074 SHA-512 secure hash standard (DFIPS 180-2) implemented
1075 using OCTEON crypto instructions, when available.
1076
1077 config CRYPTO_SHA512_SPARC64
1078 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
1079 depends on SPARC64
1080 select CRYPTO_SHA512
1081 select CRYPTO_HASH
1082 help
1083 SHA-512 secure hash standard (DFIPS 180-2) implemented
1084 using sparc64 crypto instructions, when available.
1085
1086 config CRYPTO_SHA3
1087 tristate "SHA3 digest algorithm"
1088 select CRYPTO_HASH
1089 help
1090 SHA-3 secure hash standard (DFIPS 202). It's based on
1091 cryptographic sponge function family called Keccak.
1092
1093 References:
1094 http://keccak.noekeon.org/
1095
1096 config CRYPTO_SHA3_256_S390
1097 tristate "SHA3_224 and SHA3_256 digest algorithm"
1098 depends on S390
1099 select CRYPTO_HASH
1100 help
1101 This is the s390 hardware accelerated implementation of the
1102 SHA3_256 secure hash standard.
1103
1104 It is available as of z14.
1105
1106 config CRYPTO_SHA3_512_S390
1107 tristate "SHA3_384 and SHA3_512 digest algorithm"
1108 depends on S390
1109 select CRYPTO_HASH
1110 help
1111 This is the s390 hardware accelerated implementation of the
1112 SHA3_512 secure hash standard.
1113
1114 It is available as of z14.
1115
1116 config CRYPTO_SM3
1117 tristate
1118
1119 config CRYPTO_SM3_GENERIC
1120 tristate "SM3 digest algorithm"
1121 select CRYPTO_HASH
1122 select CRYPTO_SM3
1123 help
1124 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1125 It is part of the Chinese Commercial Cryptography suite.
1126
1127 References:
1128 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1129 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1130
1131 config CRYPTO_SM3_AVX_X86_64
1132 tristate "SM3 digest algorithm (x86_64/AVX)"
1133 depends on X86 && 64BIT
1134 select CRYPTO_HASH
1135 select CRYPTO_SM3
1136 help
1137 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1138 It is part of the Chinese Commercial Cryptography suite. This is
1139 SM3 optimized implementation using Advanced Vector Extensions (AVX)
1140 when available.
1141
1142 If unsure, say N.
1143
1144 config CRYPTO_STREEBOG
1145 tristate "Streebog Hash Function"
1146 select CRYPTO_HASH
1147 help
1148 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1149 cryptographic standard algorithms (called GOST algorithms).
1150 This setting enables two hash algorithms with 256 and 512 bits output.
1151
1152 References:
1153 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1154 https://tools.ietf.org/html/rfc6986
1155
1156 config CRYPTO_WP512
1157 tristate "Whirlpool digest algorithms"
1158 select CRYPTO_HASH
1159 help
1160 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1161
1162 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1163 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1164
1165 See also:
1166 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1167
1168 config CRYPTO_GHASH_CLMUL_NI_INTEL
1169 tristate "GHASH hash function (CLMUL-NI accelerated)"
1170 depends on X86 && 64BIT
1171 select CRYPTO_CRYPTD
1172 help
1173 This is the x86_64 CLMUL-NI accelerated implementation of
1174 GHASH, the hash function used in GCM (Galois/Counter mode).
1175
1176 config CRYPTO_GHASH_S390
1177 tristate "GHASH hash function"
1178 depends on S390
1179 select CRYPTO_HASH
1180 help
1181 This is the s390 hardware accelerated implementation of GHASH,
1182 the hash function used in GCM (Galois/Counter mode).
1183
1184 It is available as of z196.
1185
1186 comment "Ciphers"
1187
1188 config CRYPTO_AES
1189 tristate "AES cipher algorithms"
1190 select CRYPTO_ALGAPI
1191 select CRYPTO_LIB_AES
1192 help
1193 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1194 algorithm.
1195
1196 Rijndael appears to be consistently a very good performer in
1197 both hardware and software across a wide range of computing
1198 environments regardless of its use in feedback or non-feedback
1199 modes. Its key setup time is excellent, and its key agility is
1200 good. Rijndael's very low memory requirements make it very well
1201 suited for restricted-space environments, in which it also
1202 demonstrates excellent performance. Rijndael's operations are
1203 among the easiest to defend against power and timing attacks.
1204
1205 The AES specifies three key sizes: 128, 192 and 256 bits
1206
1207 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1208
1209 config CRYPTO_AES_TI
1210 tristate "Fixed time AES cipher"
1211 select CRYPTO_ALGAPI
1212 select CRYPTO_LIB_AES
1213 help
1214 This is a generic implementation of AES that attempts to eliminate
1215 data dependent latencies as much as possible without affecting
1216 performance too much. It is intended for use by the generic CCM
1217 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1218 solely on encryption (although decryption is supported as well, but
1219 with a more dramatic performance hit)
1220
1221 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1222 8 for decryption), this implementation only uses just two S-boxes of
1223 256 bytes each, and attempts to eliminate data dependent latencies by
1224 prefetching the entire table into the cache at the start of each
1225 block. Interrupts are also disabled to avoid races where cachelines
1226 are evicted when the CPU is interrupted to do something else.
1227
1228 config CRYPTO_AES_NI_INTEL
1229 tristate "AES cipher algorithms (AES-NI)"
1230 depends on X86
1231 select CRYPTO_AEAD
1232 select CRYPTO_LIB_AES
1233 select CRYPTO_ALGAPI
1234 select CRYPTO_SKCIPHER
1235 select CRYPTO_SIMD
1236 help
1237 Use Intel AES-NI instructions for AES algorithm.
1238
1239 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1240 algorithm.
1241
1242 Rijndael appears to be consistently a very good performer in
1243 both hardware and software across a wide range of computing
1244 environments regardless of its use in feedback or non-feedback
1245 modes. Its key setup time is excellent, and its key agility is
1246 good. Rijndael's very low memory requirements make it very well
1247 suited for restricted-space environments, in which it also
1248 demonstrates excellent performance. Rijndael's operations are
1249 among the easiest to defend against power and timing attacks.
1250
1251 The AES specifies three key sizes: 128, 192 and 256 bits
1252
1253 See <http://csrc.nist.gov/encryption/aes/> for more information.
1254
1255 In addition to AES cipher algorithm support, the acceleration
1256 for some popular block cipher mode is supported too, including
1257 ECB, CBC, LRW, XTS. The 64 bit version has additional
1258 acceleration for CTR and XCTR.
1259
1260 config CRYPTO_AES_SPARC64
1261 tristate "AES cipher algorithms (SPARC64)"
1262 depends on SPARC64
1263 select CRYPTO_SKCIPHER
1264 help
1265 Use SPARC64 crypto opcodes for AES algorithm.
1266
1267 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1268 algorithm.
1269
1270 Rijndael appears to be consistently a very good performer in
1271 both hardware and software across a wide range of computing
1272 environments regardless of its use in feedback or non-feedback
1273 modes. Its key setup time is excellent, and its key agility is
1274 good. Rijndael's very low memory requirements make it very well
1275 suited for restricted-space environments, in which it also
1276 demonstrates excellent performance. Rijndael's operations are
1277 among the easiest to defend against power and timing attacks.
1278
1279 The AES specifies three key sizes: 128, 192 and 256 bits
1280
1281 See <http://csrc.nist.gov/encryption/aes/> for more information.
1282
1283 In addition to AES cipher algorithm support, the acceleration
1284 for some popular block cipher mode is supported too, including
1285 ECB and CBC.
1286
1287 config CRYPTO_AES_PPC_SPE
1288 tristate "AES cipher algorithms (PPC SPE)"
1289 depends on PPC && SPE
1290 select CRYPTO_SKCIPHER
1291 help
1292 AES cipher algorithms (FIPS-197). Additionally the acceleration
1293 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1294 This module should only be used for low power (router) devices
1295 without hardware AES acceleration (e.g. caam crypto). It reduces the
1296 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1297 timining attacks. Nevertheless it might be not as secure as other
1298 architecture specific assembler implementations that work on 1KB
1299 tables or 256 bytes S-boxes.
1300
1301 config CRYPTO_AES_S390
1302 tristate "AES cipher algorithms"
1303 depends on S390
1304 select CRYPTO_ALGAPI
1305 select CRYPTO_SKCIPHER
1306 help
1307 This is the s390 hardware accelerated implementation of the
1308 AES cipher algorithms (FIPS-197).
1309
1310 As of z9 the ECB and CBC modes are hardware accelerated
1311 for 128 bit keys.
1312 As of z10 the ECB and CBC modes are hardware accelerated
1313 for all AES key sizes.
1314 As of z196 the CTR mode is hardware accelerated for all AES
1315 key sizes and XTS mode is hardware accelerated for 256 and
1316 512 bit keys.
1317
1318 config CRYPTO_ANUBIS
1319 tristate "Anubis cipher algorithm"
1320 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1321 select CRYPTO_ALGAPI
1322 help
1323 Anubis cipher algorithm.
1324
1325 Anubis is a variable key length cipher which can use keys from
1326 128 bits to 320 bits in length. It was evaluated as a entrant
1327 in the NESSIE competition.
1328
1329 See also:
1330 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1331 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1332
1333 config CRYPTO_ARC4
1334 tristate "ARC4 cipher algorithm"
1335 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1336 select CRYPTO_SKCIPHER
1337 select CRYPTO_LIB_ARC4
1338 help
1339 ARC4 cipher algorithm.
1340
1341 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1342 bits in length. This algorithm is required for driver-based
1343 WEP, but it should not be for other purposes because of the
1344 weakness of the algorithm.
1345
1346 config CRYPTO_BLOWFISH
1347 tristate "Blowfish cipher algorithm"
1348 select CRYPTO_ALGAPI
1349 select CRYPTO_BLOWFISH_COMMON
1350 help
1351 Blowfish cipher algorithm, by Bruce Schneier.
1352
1353 This is a variable key length cipher which can use keys from 32
1354 bits to 448 bits in length. It's fast, simple and specifically
1355 designed for use on "large microprocessors".
1356
1357 See also:
1358 <https://www.schneier.com/blowfish.html>
1359
1360 config CRYPTO_BLOWFISH_COMMON
1361 tristate
1362 help
1363 Common parts of the Blowfish cipher algorithm shared by the
1364 generic c and the assembler implementations.
1365
1366 See also:
1367 <https://www.schneier.com/blowfish.html>
1368
1369 config CRYPTO_BLOWFISH_X86_64
1370 tristate "Blowfish cipher algorithm (x86_64)"
1371 depends on X86 && 64BIT
1372 select CRYPTO_SKCIPHER
1373 select CRYPTO_BLOWFISH_COMMON
1374 imply CRYPTO_CTR
1375 help
1376 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1377
1378 This is a variable key length cipher which can use keys from 32
1379 bits to 448 bits in length. It's fast, simple and specifically
1380 designed for use on "large microprocessors".
1381
1382 See also:
1383 <https://www.schneier.com/blowfish.html>
1384
1385 config CRYPTO_CAMELLIA
1386 tristate "Camellia cipher algorithms"
1387 select CRYPTO_ALGAPI
1388 help
1389 Camellia cipher algorithms module.
1390
1391 Camellia is a symmetric key block cipher developed jointly
1392 at NTT and Mitsubishi Electric Corporation.
1393
1394 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1395
1396 See also:
1397 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1398
1399 config CRYPTO_CAMELLIA_X86_64
1400 tristate "Camellia cipher algorithm (x86_64)"
1401 depends on X86 && 64BIT
1402 select CRYPTO_SKCIPHER
1403 imply CRYPTO_CTR
1404 help
1405 Camellia cipher algorithm module (x86_64).
1406
1407 Camellia is a symmetric key block cipher developed jointly
1408 at NTT and Mitsubishi Electric Corporation.
1409
1410 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1411
1412 See also:
1413 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1414
1415 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1416 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1417 depends on X86 && 64BIT
1418 select CRYPTO_SKCIPHER
1419 select CRYPTO_CAMELLIA_X86_64
1420 select CRYPTO_SIMD
1421 imply CRYPTO_XTS
1422 help
1423 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1424
1425 Camellia is a symmetric key block cipher developed jointly
1426 at NTT and Mitsubishi Electric Corporation.
1427
1428 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1429
1430 See also:
1431 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1432
1433 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1434 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1435 depends on X86 && 64BIT
1436 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1437 help
1438 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1439
1440 Camellia is a symmetric key block cipher developed jointly
1441 at NTT and Mitsubishi Electric Corporation.
1442
1443 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1444
1445 See also:
1446 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1447
1448 config CRYPTO_CAMELLIA_SPARC64
1449 tristate "Camellia cipher algorithm (SPARC64)"
1450 depends on SPARC64
1451 select CRYPTO_ALGAPI
1452 select CRYPTO_SKCIPHER
1453 help
1454 Camellia cipher algorithm module (SPARC64).
1455
1456 Camellia is a symmetric key block cipher developed jointly
1457 at NTT and Mitsubishi Electric Corporation.
1458
1459 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1460
1461 See also:
1462 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1463
1464 config CRYPTO_CAST_COMMON
1465 tristate
1466 help
1467 Common parts of the CAST cipher algorithms shared by the
1468 generic c and the assembler implementations.
1469
1470 config CRYPTO_CAST5
1471 tristate "CAST5 (CAST-128) cipher algorithm"
1472 select CRYPTO_ALGAPI
1473 select CRYPTO_CAST_COMMON
1474 help
1475 The CAST5 encryption algorithm (synonymous with CAST-128) is
1476 described in RFC2144.
1477
1478 config CRYPTO_CAST5_AVX_X86_64
1479 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1480 depends on X86 && 64BIT
1481 select CRYPTO_SKCIPHER
1482 select CRYPTO_CAST5
1483 select CRYPTO_CAST_COMMON
1484 select CRYPTO_SIMD
1485 imply CRYPTO_CTR
1486 help
1487 The CAST5 encryption algorithm (synonymous with CAST-128) is
1488 described in RFC2144.
1489
1490 This module provides the Cast5 cipher algorithm that processes
1491 sixteen blocks parallel using the AVX instruction set.
1492
1493 config CRYPTO_CAST6
1494 tristate "CAST6 (CAST-256) cipher algorithm"
1495 select CRYPTO_ALGAPI
1496 select CRYPTO_CAST_COMMON
1497 help
1498 The CAST6 encryption algorithm (synonymous with CAST-256) is
1499 described in RFC2612.
1500
1501 config CRYPTO_CAST6_AVX_X86_64
1502 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1503 depends on X86 && 64BIT
1504 select CRYPTO_SKCIPHER
1505 select CRYPTO_CAST6
1506 select CRYPTO_CAST_COMMON
1507 select CRYPTO_SIMD
1508 imply CRYPTO_XTS
1509 imply CRYPTO_CTR
1510 help
1511 The CAST6 encryption algorithm (synonymous with CAST-256) is
1512 described in RFC2612.
1513
1514 This module provides the Cast6 cipher algorithm that processes
1515 eight blocks parallel using the AVX instruction set.
1516
1517 config CRYPTO_DES
1518 tristate "DES and Triple DES EDE cipher algorithms"
1519 select CRYPTO_ALGAPI
1520 select CRYPTO_LIB_DES
1521 help
1522 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1523
1524 config CRYPTO_DES_SPARC64
1525 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1526 depends on SPARC64
1527 select CRYPTO_ALGAPI
1528 select CRYPTO_LIB_DES
1529 select CRYPTO_SKCIPHER
1530 help
1531 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1532 optimized using SPARC64 crypto opcodes.
1533
1534 config CRYPTO_DES3_EDE_X86_64
1535 tristate "Triple DES EDE cipher algorithm (x86-64)"
1536 depends on X86 && 64BIT
1537 select CRYPTO_SKCIPHER
1538 select CRYPTO_LIB_DES
1539 imply CRYPTO_CTR
1540 help
1541 Triple DES EDE (FIPS 46-3) algorithm.
1542
1543 This module provides implementation of the Triple DES EDE cipher
1544 algorithm that is optimized for x86-64 processors. Two versions of
1545 algorithm are provided; regular processing one input block and
1546 one that processes three blocks parallel.
1547
1548 config CRYPTO_DES_S390
1549 tristate "DES and Triple DES cipher algorithms"
1550 depends on S390
1551 select CRYPTO_ALGAPI
1552 select CRYPTO_SKCIPHER
1553 select CRYPTO_LIB_DES
1554 help
1555 This is the s390 hardware accelerated implementation of the
1556 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1557
1558 As of z990 the ECB and CBC mode are hardware accelerated.
1559 As of z196 the CTR mode is hardware accelerated.
1560
1561 config CRYPTO_FCRYPT
1562 tristate "FCrypt cipher algorithm"
1563 select CRYPTO_ALGAPI
1564 select CRYPTO_SKCIPHER
1565 help
1566 FCrypt algorithm used by RxRPC.
1567
1568 config CRYPTO_KHAZAD
1569 tristate "Khazad cipher algorithm"
1570 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1571 select CRYPTO_ALGAPI
1572 help
1573 Khazad cipher algorithm.
1574
1575 Khazad was a finalist in the initial NESSIE competition. It is
1576 an algorithm optimized for 64-bit processors with good performance
1577 on 32-bit processors. Khazad uses an 128 bit key size.
1578
1579 See also:
1580 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1581
1582 config CRYPTO_CHACHA20
1583 tristate "ChaCha stream cipher algorithms"
1584 select CRYPTO_LIB_CHACHA_GENERIC
1585 select CRYPTO_SKCIPHER
1586 help
1587 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
1588
1589 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1590 Bernstein and further specified in RFC7539 for use in IETF protocols.
1591 This is the portable C implementation of ChaCha20. See also:
1592 <https://cr.yp.to/chacha/chacha-20080128.pdf>
1593
1594 XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1595 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
1596 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1597 while provably retaining ChaCha20's security. See also:
1598 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1599
1600 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1601 reduced security margin but increased performance. It can be needed
1602 in some performance-sensitive scenarios.
1603
1604 config CRYPTO_CHACHA20_X86_64
1605 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
1606 depends on X86 && 64BIT
1607 select CRYPTO_SKCIPHER
1608 select CRYPTO_LIB_CHACHA_GENERIC
1609 select CRYPTO_ARCH_HAVE_LIB_CHACHA
1610 help
1611 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1612 XChaCha20, and XChaCha12 stream ciphers.
1613
1614 config CRYPTO_CHACHA_MIPS
1615 tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)"
1616 depends on CPU_MIPS32_R2
1617 select CRYPTO_SKCIPHER
1618 select CRYPTO_ARCH_HAVE_LIB_CHACHA
1619
1620 config CRYPTO_CHACHA_S390
1621 tristate "ChaCha20 stream cipher"
1622 depends on S390
1623 select CRYPTO_SKCIPHER
1624 select CRYPTO_LIB_CHACHA_GENERIC
1625 select CRYPTO_ARCH_HAVE_LIB_CHACHA
1626 help
1627 This is the s390 SIMD implementation of the ChaCha20 stream
1628 cipher (RFC 7539).
1629
1630 It is available as of z13.
1631
1632 config CRYPTO_SEED
1633 tristate "SEED cipher algorithm"
1634 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1635 select CRYPTO_ALGAPI
1636 help
1637 SEED cipher algorithm (RFC4269).
1638
1639 SEED is a 128-bit symmetric key block cipher that has been
1640 developed by KISA (Korea Information Security Agency) as a
1641 national standard encryption algorithm of the Republic of Korea.
1642 It is a 16 round block cipher with the key size of 128 bit.
1643
1644 See also:
1645 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1646
1647 config CRYPTO_ARIA
1648 tristate "ARIA cipher algorithm"
1649 select CRYPTO_ALGAPI
1650 help
1651 ARIA cipher algorithm (RFC5794).
1652
1653 ARIA is a standard encryption algorithm of the Republic of Korea.
1654 The ARIA specifies three key sizes and rounds.
1655 128-bit: 12 rounds.
1656 192-bit: 14 rounds.
1657 256-bit: 16 rounds.
1658
1659 See also:
1660 <https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do>
1661
1662 config CRYPTO_SERPENT
1663 tristate "Serpent cipher algorithm"
1664 select CRYPTO_ALGAPI
1665 help
1666 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1667
1668 Keys are allowed to be from 0 to 256 bits in length, in steps
1669 of 8 bits.
1670
1671 See also:
1672 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1673
1674 config CRYPTO_SERPENT_SSE2_X86_64
1675 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1676 depends on X86 && 64BIT
1677 select CRYPTO_SKCIPHER
1678 select CRYPTO_SERPENT
1679 select CRYPTO_SIMD
1680 imply CRYPTO_CTR
1681 help
1682 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1683
1684 Keys are allowed to be from 0 to 256 bits in length, in steps
1685 of 8 bits.
1686
1687 This module provides Serpent cipher algorithm that processes eight
1688 blocks parallel using SSE2 instruction set.
1689
1690 See also:
1691 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1692
1693 config CRYPTO_SERPENT_SSE2_586
1694 tristate "Serpent cipher algorithm (i586/SSE2)"
1695 depends on X86 && !64BIT
1696 select CRYPTO_SKCIPHER
1697 select CRYPTO_SERPENT
1698 select CRYPTO_SIMD
1699 imply CRYPTO_CTR
1700 help
1701 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1702
1703 Keys are allowed to be from 0 to 256 bits in length, in steps
1704 of 8 bits.
1705
1706 This module provides Serpent cipher algorithm that processes four
1707 blocks parallel using SSE2 instruction set.
1708
1709 See also:
1710 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1711
1712 config CRYPTO_SERPENT_AVX_X86_64
1713 tristate "Serpent cipher algorithm (x86_64/AVX)"
1714 depends on X86 && 64BIT
1715 select CRYPTO_SKCIPHER
1716 select CRYPTO_SERPENT
1717 select CRYPTO_SIMD
1718 imply CRYPTO_XTS
1719 imply CRYPTO_CTR
1720 help
1721 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1722
1723 Keys are allowed to be from 0 to 256 bits in length, in steps
1724 of 8 bits.
1725
1726 This module provides the Serpent cipher algorithm that processes
1727 eight blocks parallel using the AVX instruction set.
1728
1729 See also:
1730 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1731
1732 config CRYPTO_SERPENT_AVX2_X86_64
1733 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1734 depends on X86 && 64BIT
1735 select CRYPTO_SERPENT_AVX_X86_64
1736 help
1737 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1738
1739 Keys are allowed to be from 0 to 256 bits in length, in steps
1740 of 8 bits.
1741
1742 This module provides Serpent cipher algorithm that processes 16
1743 blocks parallel using AVX2 instruction set.
1744
1745 See also:
1746 <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1747
1748 config CRYPTO_SM4
1749 tristate
1750
1751 config CRYPTO_SM4_GENERIC
1752 tristate "SM4 cipher algorithm"
1753 select CRYPTO_ALGAPI
1754 select CRYPTO_SM4
1755 help
1756 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1757
1758 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1759 Organization of State Commercial Administration of China (OSCCA)
1760 as an authorized cryptographic algorithms for the use within China.
1761
1762 SMS4 was originally created for use in protecting wireless
1763 networks, and is mandated in the Chinese National Standard for
1764 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1765 (GB.15629.11-2003).
1766
1767 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1768 standardized through TC 260 of the Standardization Administration
1769 of the People's Republic of China (SAC).
1770
1771 The input, output, and key of SMS4 are each 128 bits.
1772
1773 See also: <https://eprint.iacr.org/2008/329.pdf>
1774
1775 If unsure, say N.
1776
1777 config CRYPTO_SM4_AESNI_AVX_X86_64
1778 tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX)"
1779 depends on X86 && 64BIT
1780 select CRYPTO_SKCIPHER
1781 select CRYPTO_SIMD
1782 select CRYPTO_ALGAPI
1783 select CRYPTO_SM4
1784 help
1785 SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX).
1786
1787 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1788 Organization of State Commercial Administration of China (OSCCA)
1789 as an authorized cryptographic algorithms for the use within China.
1790
1791 This is SM4 optimized implementation using AES-NI/AVX/x86_64
1792 instruction set for block cipher. Through two affine transforms,
1793 we can use the AES S-Box to simulate the SM4 S-Box to achieve the
1794 effect of instruction acceleration.
1795
1796 If unsure, say N.
1797
1798 config CRYPTO_SM4_AESNI_AVX2_X86_64
1799 tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX2)"
1800 depends on X86 && 64BIT
1801 select CRYPTO_SKCIPHER
1802 select CRYPTO_SIMD
1803 select CRYPTO_ALGAPI
1804 select CRYPTO_SM4
1805 select CRYPTO_SM4_AESNI_AVX_X86_64
1806 help
1807 SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX2).
1808
1809 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1810 Organization of State Commercial Administration of China (OSCCA)
1811 as an authorized cryptographic algorithms for the use within China.
1812
1813 This is SM4 optimized implementation using AES-NI/AVX2/x86_64
1814 instruction set for block cipher. Through two affine transforms,
1815 we can use the AES S-Box to simulate the SM4 S-Box to achieve the
1816 effect of instruction acceleration.
1817
1818 If unsure, say N.
1819
1820 config CRYPTO_TEA
1821 tristate "TEA, XTEA and XETA cipher algorithms"
1822 depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1823 select CRYPTO_ALGAPI
1824 help
1825 TEA cipher algorithm.
1826
1827 Tiny Encryption Algorithm is a simple cipher that uses
1828 many rounds for security. It is very fast and uses
1829 little memory.
1830
1831 Xtendend Tiny Encryption Algorithm is a modification to
1832 the TEA algorithm to address a potential key weakness
1833 in the TEA algorithm.
1834
1835 Xtendend Encryption Tiny Algorithm is a mis-implementation
1836 of the XTEA algorithm for compatibility purposes.
1837
1838 config CRYPTO_TWOFISH
1839 tristate "Twofish cipher algorithm"
1840 select CRYPTO_ALGAPI
1841 select CRYPTO_TWOFISH_COMMON
1842 help
1843 Twofish cipher algorithm.
1844
1845 Twofish was submitted as an AES (Advanced Encryption Standard)
1846 candidate cipher by researchers at CounterPane Systems. It is a
1847 16 round block cipher supporting key sizes of 128, 192, and 256
1848 bits.
1849
1850 See also:
1851 <https://www.schneier.com/twofish.html>
1852
1853 config CRYPTO_TWOFISH_COMMON
1854 tristate
1855 help
1856 Common parts of the Twofish cipher algorithm shared by the
1857 generic c and the assembler implementations.
1858
1859 config CRYPTO_TWOFISH_586
1860 tristate "Twofish cipher algorithms (i586)"
1861 depends on (X86 || UML_X86) && !64BIT
1862 select CRYPTO_ALGAPI
1863 select CRYPTO_TWOFISH_COMMON
1864 imply CRYPTO_CTR
1865 help
1866 Twofish cipher algorithm.
1867
1868 Twofish was submitted as an AES (Advanced Encryption Standard)
1869 candidate cipher by researchers at CounterPane Systems. It is a
1870 16 round block cipher supporting key sizes of 128, 192, and 256
1871 bits.
1872
1873 See also:
1874 <https://www.schneier.com/twofish.html>
1875
1876 config CRYPTO_TWOFISH_X86_64
1877 tristate "Twofish cipher algorithm (x86_64)"
1878 depends on (X86 || UML_X86) && 64BIT
1879 select CRYPTO_ALGAPI
1880 select CRYPTO_TWOFISH_COMMON
1881 imply CRYPTO_CTR
1882 help
1883 Twofish cipher algorithm (x86_64).
1884
1885 Twofish was submitted as an AES (Advanced Encryption Standard)
1886 candidate cipher by researchers at CounterPane Systems. It is a
1887 16 round block cipher supporting key sizes of 128, 192, and 256
1888 bits.
1889
1890 See also:
1891 <https://www.schneier.com/twofish.html>
1892
1893 config CRYPTO_TWOFISH_X86_64_3WAY
1894 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1895 depends on X86 && 64BIT
1896 select CRYPTO_SKCIPHER
1897 select CRYPTO_TWOFISH_COMMON
1898 select CRYPTO_TWOFISH_X86_64
1899 help
1900 Twofish cipher algorithm (x86_64, 3-way parallel).
1901
1902 Twofish was submitted as an AES (Advanced Encryption Standard)
1903 candidate cipher by researchers at CounterPane Systems. It is a
1904 16 round block cipher supporting key sizes of 128, 192, and 256
1905 bits.
1906
1907 This module provides Twofish cipher algorithm that processes three
1908 blocks parallel, utilizing resources of out-of-order CPUs better.
1909
1910 See also:
1911 <https://www.schneier.com/twofish.html>
1912
1913 config CRYPTO_TWOFISH_AVX_X86_64
1914 tristate "Twofish cipher algorithm (x86_64/AVX)"
1915 depends on X86 && 64BIT
1916 select CRYPTO_SKCIPHER
1917 select CRYPTO_SIMD
1918 select CRYPTO_TWOFISH_COMMON
1919 select CRYPTO_TWOFISH_X86_64
1920 select CRYPTO_TWOFISH_X86_64_3WAY
1921 imply CRYPTO_XTS
1922 help
1923 Twofish cipher algorithm (x86_64/AVX).
1924
1925 Twofish was submitted as an AES (Advanced Encryption Standard)
1926 candidate cipher by researchers at CounterPane Systems. It is a
1927 16 round block cipher supporting key sizes of 128, 192, and 256
1928 bits.
1929
1930 This module provides the Twofish cipher algorithm that processes
1931 eight blocks parallel using the AVX Instruction Set.
1932
1933 See also:
1934 <https://www.schneier.com/twofish.html>
1935
1936 comment "Compression"
1937
1938 config CRYPTO_DEFLATE
1939 tristate "Deflate compression algorithm"
1940 select CRYPTO_ALGAPI
1941 select CRYPTO_ACOMP2
1942 select ZLIB_INFLATE
1943 select ZLIB_DEFLATE
1944 help
1945 This is the Deflate algorithm (RFC1951), specified for use in
1946 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1947
1948 You will most probably want this if using IPSec.
1949
1950 config CRYPTO_LZO
1951 tristate "LZO compression algorithm"
1952 select CRYPTO_ALGAPI
1953 select CRYPTO_ACOMP2
1954 select LZO_COMPRESS
1955 select LZO_DECOMPRESS
1956 help
1957 This is the LZO algorithm.
1958
1959 config CRYPTO_842
1960 tristate "842 compression algorithm"
1961 select CRYPTO_ALGAPI
1962 select CRYPTO_ACOMP2
1963 select 842_COMPRESS
1964 select 842_DECOMPRESS
1965 help
1966 This is the 842 algorithm.
1967
1968 config CRYPTO_LZ4
1969 tristate "LZ4 compression algorithm"
1970 select CRYPTO_ALGAPI
1971 select CRYPTO_ACOMP2
1972 select LZ4_COMPRESS
1973 select LZ4_DECOMPRESS
1974 help
1975 This is the LZ4 algorithm.
1976
1977 config CRYPTO_LZ4HC
1978 tristate "LZ4HC compression algorithm"
1979 select CRYPTO_ALGAPI
1980 select CRYPTO_ACOMP2
1981 select LZ4HC_COMPRESS
1982 select LZ4_DECOMPRESS
1983 help
1984 This is the LZ4 high compression mode algorithm.
1985
1986 config CRYPTO_ZSTD
1987 tristate "Zstd compression algorithm"
1988 select CRYPTO_ALGAPI
1989 select CRYPTO_ACOMP2
1990 select ZSTD_COMPRESS
1991 select ZSTD_DECOMPRESS
1992 help
1993 This is the zstd algorithm.
1994
1995 comment "Random Number Generation"
1996
1997 config CRYPTO_ANSI_CPRNG
1998 tristate "Pseudo Random Number Generation for Cryptographic modules"
1999 select CRYPTO_AES
2000 select CRYPTO_RNG
2001 help
2002 This option enables the generic pseudo random number generator
2003 for cryptographic modules. Uses the Algorithm specified in
2004 ANSI X9.31 A.2.4. Note that this option must be enabled if
2005 CRYPTO_FIPS is selected
2006
2007 menuconfig CRYPTO_DRBG_MENU
2008 tristate "NIST SP800-90A DRBG"
2009 help
2010 NIST SP800-90A compliant DRBG. In the following submenu, one or
2011 more of the DRBG types must be selected.
2012
2013 if CRYPTO_DRBG_MENU
2014
2015 config CRYPTO_DRBG_HMAC
2016 bool
2017 default y
2018 select CRYPTO_HMAC
2019 select CRYPTO_SHA512
2020
2021 config CRYPTO_DRBG_HASH
2022 bool "Enable Hash DRBG"
2023 select CRYPTO_SHA256
2024 help
2025 Enable the Hash DRBG variant as defined in NIST SP800-90A.
2026
2027 config CRYPTO_DRBG_CTR
2028 bool "Enable CTR DRBG"
2029 select CRYPTO_AES
2030 select CRYPTO_CTR
2031 help
2032 Enable the CTR DRBG variant as defined in NIST SP800-90A.
2033
2034 config CRYPTO_DRBG
2035 tristate
2036 default CRYPTO_DRBG_MENU
2037 select CRYPTO_RNG
2038 select CRYPTO_JITTERENTROPY
2039
2040 endif # if CRYPTO_DRBG_MENU
2041
2042 config CRYPTO_JITTERENTROPY
2043 tristate "Jitterentropy Non-Deterministic Random Number Generator"
2044 select CRYPTO_RNG
2045 help
2046 The Jitterentropy RNG is a noise that is intended
2047 to provide seed to another RNG. The RNG does not
2048 perform any cryptographic whitening of the generated
2049 random numbers. This Jitterentropy RNG registers with
2050 the kernel crypto API and can be used by any caller.
2051
2052 config CRYPTO_KDF800108_CTR
2053 tristate
2054 select CRYPTO_HMAC
2055 select CRYPTO_SHA256
2056
2057 config CRYPTO_USER_API
2058 tristate
2059
2060 config CRYPTO_USER_API_HASH
2061 tristate "User-space interface for hash algorithms"
2062 depends on NET
2063 select CRYPTO_HASH
2064 select CRYPTO_USER_API
2065 help
2066 This option enables the user-spaces interface for hash
2067 algorithms.
2068
2069 config CRYPTO_USER_API_SKCIPHER
2070 tristate "User-space interface for symmetric key cipher algorithms"
2071 depends on NET
2072 select CRYPTO_SKCIPHER
2073 select CRYPTO_USER_API
2074 help
2075 This option enables the user-spaces interface for symmetric
2076 key cipher algorithms.
2077
2078 config CRYPTO_USER_API_RNG
2079 tristate "User-space interface for random number generator algorithms"
2080 depends on NET
2081 select CRYPTO_RNG
2082 select CRYPTO_USER_API
2083 help
2084 This option enables the user-spaces interface for random
2085 number generator algorithms.
2086
2087 config CRYPTO_USER_API_RNG_CAVP
2088 bool "Enable CAVP testing of DRBG"
2089 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
2090 help
2091 This option enables extra API for CAVP testing via the user-space
2092 interface: resetting of DRBG entropy, and providing Additional Data.
2093 This should only be enabled for CAVP testing. You should say
2094 no unless you know what this is.
2095
2096 config CRYPTO_USER_API_AEAD
2097 tristate "User-space interface for AEAD cipher algorithms"
2098 depends on NET
2099 select CRYPTO_AEAD
2100 select CRYPTO_SKCIPHER
2101 select CRYPTO_NULL
2102 select CRYPTO_USER_API
2103 help
2104 This option enables the user-spaces interface for AEAD
2105 cipher algorithms.
2106
2107 config CRYPTO_USER_API_ENABLE_OBSOLETE
2108 bool "Enable obsolete cryptographic algorithms for userspace"
2109 depends on CRYPTO_USER_API
2110 default y
2111 help
2112 Allow obsolete cryptographic algorithms to be selected that have
2113 already been phased out from internal use by the kernel, and are
2114 only useful for userspace clients that still rely on them.
2115
2116 config CRYPTO_STATS
2117 bool "Crypto usage statistics for User-space"
2118 depends on CRYPTO_USER
2119 help
2120 This option enables the gathering of crypto stats.
2121 This will collect:
2122 - encrypt/decrypt size and numbers of symmeric operations
2123 - compress/decompress size and numbers of compress operations
2124 - size and numbers of hash operations
2125 - encrypt/decrypt/sign/verify numbers for asymmetric operations
2126 - generate/seed numbers for rng operations
2127
2128 config CRYPTO_HASH_INFO
2129 bool
2130
2131 source "drivers/crypto/Kconfig"
2132 source "crypto/asymmetric_keys/Kconfig"
2133 source "certs/Kconfig"
2134
2135 endif # if CRYPTO
