1# SPDX-License-Identifier: GPL-2.0 2# 3# Generic algorithms support 4# 5config XOR_BLOCKS 6 tristate 7 8# 9# async_tx api: hardware offloaded memory transfer/transform support 10# 11source "crypto/async_tx/Kconfig" 12 13# 14# Cryptographic API Configuration 15# 16menuconfig CRYPTO 17 tristate "Cryptographic API" 18 select LIB_MEMNEQ 19 help 20 This option provides the core Cryptographic API. 21 22if CRYPTO 23 24comment "Crypto core or helper" 25 26config CRYPTO_FIPS 27 bool "FIPS 200 compliance" 28 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS 29 depends on (MODULE_SIG || !MODULES) 30 help 31 This option enables the fips boot option which is 32 required if you want the system to operate in a FIPS 200 33 certification. You should say no unless you know what 34 this is. 35 36config CRYPTO_ALGAPI 37 tristate 38 select CRYPTO_ALGAPI2 39 help 40 This option provides the API for cryptographic algorithms. 41 42config CRYPTO_ALGAPI2 43 tristate 44 45config CRYPTO_AEAD 46 tristate 47 select CRYPTO_AEAD2 48 select CRYPTO_ALGAPI 49 50config CRYPTO_AEAD2 51 tristate 52 select CRYPTO_ALGAPI2 53 select CRYPTO_NULL2 54 select CRYPTO_RNG2 55 56config CRYPTO_SKCIPHER 57 tristate 58 select CRYPTO_SKCIPHER2 59 select CRYPTO_ALGAPI 60 61config CRYPTO_SKCIPHER2 62 tristate 63 select CRYPTO_ALGAPI2 64 select CRYPTO_RNG2 65 66config CRYPTO_HASH 67 tristate 68 select CRYPTO_HASH2 69 select CRYPTO_ALGAPI 70 71config CRYPTO_HASH2 72 tristate 73 select CRYPTO_ALGAPI2 74 75config CRYPTO_RNG 76 tristate 77 select CRYPTO_RNG2 78 select CRYPTO_ALGAPI 79 80config CRYPTO_RNG2 81 tristate 82 select CRYPTO_ALGAPI2 83 84config CRYPTO_RNG_DEFAULT 85 tristate 86 select CRYPTO_DRBG_MENU 87 88config CRYPTO_AKCIPHER2 89 tristate 90 select CRYPTO_ALGAPI2 91 92config CRYPTO_AKCIPHER 93 tristate 94 select CRYPTO_AKCIPHER2 95 select CRYPTO_ALGAPI 96 97config CRYPTO_KPP2 98 tristate 99 select CRYPTO_ALGAPI2 100 101config CRYPTO_KPP 102 tristate 103 select CRYPTO_ALGAPI 104 select CRYPTO_KPP2 105 106config CRYPTO_ACOMP2 107 tristate 108 select CRYPTO_ALGAPI2 109 select SGL_ALLOC 110 111config CRYPTO_ACOMP 112 tristate 113 select CRYPTO_ALGAPI 114 select CRYPTO_ACOMP2 115 116config CRYPTO_MANAGER 117 tristate "Cryptographic algorithm manager" 118 select CRYPTO_MANAGER2 119 help 120 Create default cryptographic template instantiations such as 121 cbc(aes). 122 123config CRYPTO_MANAGER2 124 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 125 select CRYPTO_AEAD2 126 select CRYPTO_HASH2 127 select CRYPTO_SKCIPHER2 128 select CRYPTO_AKCIPHER2 129 select CRYPTO_KPP2 130 select CRYPTO_ACOMP2 131 132config CRYPTO_USER 133 tristate "Userspace cryptographic algorithm configuration" 134 depends on NET 135 select CRYPTO_MANAGER 136 help 137 Userspace configuration for cryptographic instantiations such as 138 cbc(aes). 139 140config CRYPTO_MANAGER_DISABLE_TESTS 141 bool "Disable run-time self tests" 142 default y 143 help 144 Disable run-time self tests that normally take place at 145 algorithm registration. 146 147config CRYPTO_MANAGER_EXTRA_TESTS 148 bool "Enable extra run-time crypto self tests" 149 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER 150 help 151 Enable extra run-time self tests of registered crypto algorithms, 152 including randomized fuzz tests. 153 154 This is intended for developer use only, as these tests take much 155 longer to run than the normal self tests. 156 157config CRYPTO_GF128MUL 158 tristate 159 160config CRYPTO_NULL 161 tristate "Null algorithms" 162 select CRYPTO_NULL2 163 help 164 These are 'Null' algorithms, used by IPsec, which do nothing. 165 166config CRYPTO_NULL2 167 tristate 168 select CRYPTO_ALGAPI2 169 select CRYPTO_SKCIPHER2 170 select CRYPTO_HASH2 171 172config CRYPTO_PCRYPT 173 tristate "Parallel crypto engine" 174 depends on SMP 175 select PADATA 176 select CRYPTO_MANAGER 177 select CRYPTO_AEAD 178 help 179 This converts an arbitrary crypto algorithm into a parallel 180 algorithm that executes in kernel threads. 181 182config CRYPTO_CRYPTD 183 tristate "Software async crypto daemon" 184 select CRYPTO_SKCIPHER 185 select CRYPTO_HASH 186 select CRYPTO_MANAGER 187 help 188 This is a generic software asynchronous crypto daemon that 189 converts an arbitrary synchronous software crypto algorithm 190 into an asynchronous algorithm that executes in a kernel thread. 191 192config CRYPTO_AUTHENC 193 tristate "Authenc support" 194 select CRYPTO_AEAD 195 select CRYPTO_SKCIPHER 196 select CRYPTO_MANAGER 197 select CRYPTO_HASH 198 select CRYPTO_NULL 199 help 200 Authenc: Combined mode wrapper for IPsec. 201 This is required for IPSec. 202 203config CRYPTO_TEST 204 tristate "Testing module" 205 depends on m || EXPERT 206 select CRYPTO_MANAGER 207 help 208 Quick & dirty crypto test module. 209 210config CRYPTO_SIMD 211 tristate 212 select CRYPTO_CRYPTD 213 214config CRYPTO_ENGINE 215 tristate 216 217comment "Public-key cryptography" 218 219config CRYPTO_RSA 220 tristate "RSA algorithm" 221 select CRYPTO_AKCIPHER 222 select CRYPTO_MANAGER 223 select MPILIB 224 select ASN1 225 help 226 Generic implementation of the RSA public key algorithm. 227 228config CRYPTO_DH 229 tristate "Diffie-Hellman algorithm" 230 select CRYPTO_KPP 231 select MPILIB 232 help 233 Generic implementation of the Diffie-Hellman algorithm. 234 235config CRYPTO_DH_RFC7919_GROUPS 236 bool "Support for RFC 7919 FFDHE group parameters" 237 depends on CRYPTO_DH 238 select CRYPTO_RNG_DEFAULT 239 help 240 Provide support for RFC 7919 FFDHE group parameters. If unsure, say N. 241 242config CRYPTO_ECC 243 tristate 244 select CRYPTO_RNG_DEFAULT 245 246config CRYPTO_ECDH 247 tristate "ECDH algorithm" 248 select CRYPTO_ECC 249 select CRYPTO_KPP 250 help 251 Generic implementation of the ECDH algorithm 252 253config CRYPTO_ECDSA 254 tristate "ECDSA (NIST P192, P256 etc.) algorithm" 255 select CRYPTO_ECC 256 select CRYPTO_AKCIPHER 257 select ASN1 258 help 259 Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.) 260 is A NIST cryptographic standard algorithm. Only signature verification 261 is implemented. 262 263config CRYPTO_ECRDSA 264 tristate "EC-RDSA (GOST 34.10) algorithm" 265 select CRYPTO_ECC 266 select CRYPTO_AKCIPHER 267 select CRYPTO_STREEBOG 268 select OID_REGISTRY 269 select ASN1 270 help 271 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 272 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic 273 standard algorithms (called GOST algorithms). Only signature verification 274 is implemented. 275 276config CRYPTO_SM2 277 tristate "SM2 algorithm" 278 select CRYPTO_SM3 279 select CRYPTO_AKCIPHER 280 select CRYPTO_MANAGER 281 select MPILIB 282 select ASN1 283 help 284 Generic implementation of the SM2 public key algorithm. It was 285 published by State Encryption Management Bureau, China. 286 as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012. 287 288 References: 289 https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 290 http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml 291 http://www.gmbz.org.cn/main/bzlb.html 292 293config CRYPTO_CURVE25519 294 tristate "Curve25519 algorithm" 295 select CRYPTO_KPP 296 select CRYPTO_LIB_CURVE25519_GENERIC 297 298config CRYPTO_CURVE25519_X86 299 tristate "x86_64 accelerated Curve25519 scalar multiplication library" 300 depends on X86 && 64BIT 301 select CRYPTO_LIB_CURVE25519_GENERIC 302 select CRYPTO_ARCH_HAVE_LIB_CURVE25519 303 304comment "Authenticated Encryption with Associated Data" 305 306config CRYPTO_CCM 307 tristate "CCM support" 308 select CRYPTO_CTR 309 select CRYPTO_HASH 310 select CRYPTO_AEAD 311 select CRYPTO_MANAGER 312 help 313 Support for Counter with CBC MAC. Required for IPsec. 314 315config CRYPTO_GCM 316 tristate "GCM/GMAC support" 317 select CRYPTO_CTR 318 select CRYPTO_AEAD 319 select CRYPTO_GHASH 320 select CRYPTO_NULL 321 select CRYPTO_MANAGER 322 help 323 Support for Galois/Counter Mode (GCM) and Galois Message 324 Authentication Code (GMAC). Required for IPSec. 325 326config CRYPTO_CHACHA20POLY1305 327 tristate "ChaCha20-Poly1305 AEAD support" 328 select CRYPTO_CHACHA20 329 select CRYPTO_POLY1305 330 select CRYPTO_AEAD 331 select CRYPTO_MANAGER 332 help 333 ChaCha20-Poly1305 AEAD support, RFC7539. 334 335 Support for the AEAD wrapper using the ChaCha20 stream cipher combined 336 with the Poly1305 authenticator. It is defined in RFC7539 for use in 337 IETF protocols. 338 339config CRYPTO_AEGIS128 340 tristate "AEGIS-128 AEAD algorithm" 341 select CRYPTO_AEAD 342 select CRYPTO_AES # for AES S-box tables 343 help 344 Support for the AEGIS-128 dedicated AEAD algorithm. 345 346config CRYPTO_AEGIS128_SIMD 347 bool "Support SIMD acceleration for AEGIS-128" 348 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) 349 default y 350 351config CRYPTO_AEGIS128_AESNI_SSE2 352 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)" 353 depends on X86 && 64BIT 354 select CRYPTO_AEAD 355 select CRYPTO_SIMD 356 help 357 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm. 358 359config CRYPTO_SEQIV 360 tristate "Sequence Number IV Generator" 361 select CRYPTO_AEAD 362 select CRYPTO_SKCIPHER 363 select CRYPTO_NULL 364 select CRYPTO_RNG_DEFAULT 365 select CRYPTO_MANAGER 366 help 367 This IV generator generates an IV based on a sequence number by 368 xoring it with a salt. This algorithm is mainly useful for CTR 369 370config CRYPTO_ECHAINIV 371 tristate "Encrypted Chain IV Generator" 372 select CRYPTO_AEAD 373 select CRYPTO_NULL 374 select CRYPTO_RNG_DEFAULT 375 select CRYPTO_MANAGER 376 help 377 This IV generator generates an IV based on the encryption of 378 a sequence number xored with a salt. This is the default 379 algorithm for CBC. 380 381comment "Block modes" 382 383config CRYPTO_CBC 384 tristate "CBC support" 385 select CRYPTO_SKCIPHER 386 select CRYPTO_MANAGER 387 help 388 CBC: Cipher Block Chaining mode 389 This block cipher algorithm is required for IPSec. 390 391config CRYPTO_CFB 392 tristate "CFB support" 393 select CRYPTO_SKCIPHER 394 select CRYPTO_MANAGER 395 help 396 CFB: Cipher FeedBack mode 397 This block cipher algorithm is required for TPM2 Cryptography. 398 399config CRYPTO_CTR 400 tristate "CTR support" 401 select CRYPTO_SKCIPHER 402 select CRYPTO_MANAGER 403 help 404 CTR: Counter mode 405 This block cipher algorithm is required for IPSec. 406 407config CRYPTO_CTS 408 tristate "CTS support" 409 select CRYPTO_SKCIPHER 410 select CRYPTO_MANAGER 411 help 412 CTS: Cipher Text Stealing 413 This is the Cipher Text Stealing mode as described by 414 Section 8 of rfc2040 and referenced by rfc3962 415 (rfc3962 includes errata information in its Appendix A) or 416 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010. 417 This mode is required for Kerberos gss mechanism support 418 for AES encryption. 419 420 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final 421 422config CRYPTO_ECB 423 tristate "ECB support" 424 select CRYPTO_SKCIPHER 425 select CRYPTO_MANAGER 426 help 427 ECB: Electronic CodeBook mode 428 This is the simplest block cipher algorithm. It simply encrypts 429 the input block by block. 430 431config CRYPTO_LRW 432 tristate "LRW support" 433 select CRYPTO_SKCIPHER 434 select CRYPTO_MANAGER 435 select CRYPTO_GF128MUL 436 select CRYPTO_ECB 437 help 438 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable 439 narrow block cipher mode for dm-crypt. Use it with cipher 440 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 441 The first 128, 192 or 256 bits in the key are used for AES and the 442 rest is used to tie each cipher block to its logical position. 443 444config CRYPTO_OFB 445 tristate "OFB support" 446 select CRYPTO_SKCIPHER 447 select CRYPTO_MANAGER 448 help 449 OFB: the Output Feedback mode makes a block cipher into a synchronous 450 stream cipher. It generates keystream blocks, which are then XORed 451 with the plaintext blocks to get the ciphertext. Flipping a bit in the 452 ciphertext produces a flipped bit in the plaintext at the same 453 location. This property allows many error correcting codes to function 454 normally even when applied before encryption. 455 456config CRYPTO_PCBC 457 tristate "PCBC support" 458 select CRYPTO_SKCIPHER 459 select CRYPTO_MANAGER 460 help 461 PCBC: Propagating Cipher Block Chaining mode 462 This block cipher algorithm is required for RxRPC. 463 464config CRYPTO_XTS 465 tristate "XTS support" 466 select CRYPTO_SKCIPHER 467 select CRYPTO_MANAGER 468 select CRYPTO_ECB 469 help 470 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain, 471 key size 256, 384 or 512 bits. This implementation currently 472 can't handle a sectorsize which is not a multiple of 16 bytes. 473 474config CRYPTO_KEYWRAP 475 tristate "Key wrapping support" 476 select CRYPTO_SKCIPHER 477 select CRYPTO_MANAGER 478 help 479 Support for key wrapping (NIST SP800-38F / RFC3394) without 480 padding. 481 482config CRYPTO_NHPOLY1305 483 tristate 484 select CRYPTO_HASH 485 select CRYPTO_LIB_POLY1305_GENERIC 486 487config CRYPTO_NHPOLY1305_SSE2 488 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)" 489 depends on X86 && 64BIT 490 select CRYPTO_NHPOLY1305 491 help 492 SSE2 optimized implementation of the hash function used by the 493 Adiantum encryption mode. 494 495config CRYPTO_NHPOLY1305_AVX2 496 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)" 497 depends on X86 && 64BIT 498 select CRYPTO_NHPOLY1305 499 help 500 AVX2 optimized implementation of the hash function used by the 501 Adiantum encryption mode. 502 503config CRYPTO_ADIANTUM 504 tristate "Adiantum support" 505 select CRYPTO_CHACHA20 506 select CRYPTO_LIB_POLY1305_GENERIC 507 select CRYPTO_NHPOLY1305 508 select CRYPTO_MANAGER 509 help 510 Adiantum is a tweakable, length-preserving encryption mode 511 designed for fast and secure disk encryption, especially on 512 CPUs without dedicated crypto instructions. It encrypts 513 each sector using the XChaCha12 stream cipher, two passes of 514 an ε-almost-∆-universal hash function, and an invocation of 515 the AES-256 block cipher on a single 16-byte block. On CPUs 516 without AES instructions, Adiantum is much faster than 517 AES-XTS. 518 519 Adiantum's security is provably reducible to that of its 520 underlying stream and block ciphers, subject to a security 521 bound. Unlike XTS, Adiantum is a true wide-block encryption 522 mode, so it actually provides an even stronger notion of 523 security than XTS, subject to the security bound. 524 525 If unsure, say N. 526 527config CRYPTO_ESSIV 528 tristate "ESSIV support for block encryption" 529 select CRYPTO_AUTHENC 530 help 531 Encrypted salt-sector initialization vector (ESSIV) is an IV 532 generation method that is used in some cases by fscrypt and/or 533 dm-crypt. It uses the hash of the block encryption key as the 534 symmetric key for a block encryption pass applied to the input 535 IV, making low entropy IV sources more suitable for block 536 encryption. 537 538 This driver implements a crypto API template that can be 539 instantiated either as an skcipher or as an AEAD (depending on the 540 type of the first template argument), and which defers encryption 541 and decryption requests to the encapsulated cipher after applying 542 ESSIV to the input IV. Note that in the AEAD case, it is assumed 543 that the keys are presented in the same format used by the authenc 544 template, and that the IV appears at the end of the authenticated 545 associated data (AAD) region (which is how dm-crypt uses it.) 546 547 Note that the use of ESSIV is not recommended for new deployments, 548 and so this only needs to be enabled when interoperability with 549 existing encrypted volumes of filesystems is required, or when 550 building for a particular system that requires it (e.g., when 551 the SoC in question has accelerated CBC but not XTS, making CBC 552 combined with ESSIV the only feasible mode for h/w accelerated 553 block encryption) 554 555comment "Hash modes" 556 557config CRYPTO_CMAC 558 tristate "CMAC support" 559 select CRYPTO_HASH 560 select CRYPTO_MANAGER 561 help 562 Cipher-based Message Authentication Code (CMAC) specified by 563 The National Institute of Standards and Technology (NIST). 564 565 https://tools.ietf.org/html/rfc4493 566 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf 567 568config CRYPTO_HMAC 569 tristate "HMAC support" 570 select CRYPTO_HASH 571 select CRYPTO_MANAGER 572 help 573 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 574 This is required for IPSec. 575 576config CRYPTO_XCBC 577 tristate "XCBC support" 578 select CRYPTO_HASH 579 select CRYPTO_MANAGER 580 help 581 XCBC: Keyed-Hashing with encryption algorithm 582 https://www.ietf.org/rfc/rfc3566.txt 583 http://csrc.nist.gov/encryption/modes/proposedmodes/ 584 xcbc-mac/xcbc-mac-spec.pdf 585 586config CRYPTO_VMAC 587 tristate "VMAC support" 588 select CRYPTO_HASH 589 select CRYPTO_MANAGER 590 help 591 VMAC is a message authentication algorithm designed for 592 very high speed on 64-bit architectures. 593 594 See also: 595 <https://fastcrypto.org/vmac> 596 597comment "Digest" 598 599config CRYPTO_CRC32C 600 tristate "CRC32c CRC algorithm" 601 select CRYPTO_HASH 602 select CRC32 603 help 604 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used 605 by iSCSI for header and data digests and by others. 606 See Castagnoli93. Module will be crc32c. 607 608config CRYPTO_CRC32C_INTEL 609 tristate "CRC32c INTEL hardware acceleration" 610 depends on X86 611 select CRYPTO_HASH 612 help 613 In Intel processor with SSE4.2 supported, the processor will 614 support CRC32C implementation using hardware accelerated CRC32 615 instruction. This option will create 'crc32c-intel' module, 616 which will enable any routine to use the CRC32 instruction to 617 gain performance compared with software implementation. 618 Module will be crc32c-intel. 619 620config CRYPTO_CRC32C_VPMSUM 621 tristate "CRC32c CRC algorithm (powerpc64)" 622 depends on PPC64 && ALTIVEC 623 select CRYPTO_HASH 624 select CRC32 625 help 626 CRC32c algorithm implemented using vector polynomial multiply-sum 627 (vpmsum) instructions, introduced in POWER8. Enable on POWER8 628 and newer processors for improved performance. 629 630 631config CRYPTO_CRC32C_SPARC64 632 tristate "CRC32c CRC algorithm (SPARC64)" 633 depends on SPARC64 634 select CRYPTO_HASH 635 select CRC32 636 help 637 CRC32c CRC algorithm implemented using sparc64 crypto instructions, 638 when available. 639 640config CRYPTO_CRC32 641 tristate "CRC32 CRC algorithm" 642 select CRYPTO_HASH 643 select CRC32 644 help 645 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm. 646 Shash crypto api wrappers to crc32_le function. 647 648config CRYPTO_CRC32_PCLMUL 649 tristate "CRC32 PCLMULQDQ hardware acceleration" 650 depends on X86 651 select CRYPTO_HASH 652 select CRC32 653 help 654 From Intel Westmere and AMD Bulldozer processor with SSE4.2 655 and PCLMULQDQ supported, the processor will support 656 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ 657 instruction. This option will create 'crc32-pclmul' module, 658 which will enable any routine to use the CRC-32-IEEE 802.3 checksum 659 and gain better performance as compared with the table implementation. 660 661config CRYPTO_CRC32_MIPS 662 tristate "CRC32c and CRC32 CRC algorithm (MIPS)" 663 depends on MIPS_CRC_SUPPORT 664 select CRYPTO_HASH 665 help 666 CRC32c and CRC32 CRC algorithms implemented using mips crypto 667 instructions, when available. 668 669config CRYPTO_CRC32_S390 670 tristate "CRC-32 algorithms" 671 depends on S390 672 select CRYPTO_HASH 673 select CRC32 674 help 675 Select this option if you want to use hardware accelerated 676 implementations of CRC algorithms. With this option, you 677 can optimize the computation of CRC-32 (IEEE 802.3 Ethernet) 678 and CRC-32C (Castagnoli). 679 680 It is available with IBM z13 or later. 681 682config CRYPTO_XXHASH 683 tristate "xxHash hash algorithm" 684 select CRYPTO_HASH 685 select XXHASH 686 help 687 xxHash non-cryptographic hash algorithm. Extremely fast, working at 688 speeds close to RAM limits. 689 690config CRYPTO_BLAKE2B 691 tristate "BLAKE2b digest algorithm" 692 select CRYPTO_HASH 693 help 694 Implementation of cryptographic hash function BLAKE2b (or just BLAKE2), 695 optimized for 64bit platforms and can produce digests of any size 696 between 1 to 64. The keyed hash is also implemented. 697 698 This module provides the following algorithms: 699 700 - blake2b-160 701 - blake2b-256 702 - blake2b-384 703 - blake2b-512 704 705 See https://blake2.net for further information. 706 707config CRYPTO_BLAKE2S_X86 708 bool "BLAKE2s digest algorithm (x86 accelerated version)" 709 depends on X86 && 64BIT 710 select CRYPTO_LIB_BLAKE2S_GENERIC 711 select CRYPTO_ARCH_HAVE_LIB_BLAKE2S 712 713config CRYPTO_CRCT10DIF 714 tristate "CRCT10DIF algorithm" 715 select CRYPTO_HASH 716 help 717 CRC T10 Data Integrity Field computation is being cast as 718 a crypto transform. This allows for faster crc t10 diff 719 transforms to be used if they are available. 720 721config CRYPTO_CRCT10DIF_PCLMUL 722 tristate "CRCT10DIF PCLMULQDQ hardware acceleration" 723 depends on X86 && 64BIT && CRC_T10DIF 724 select CRYPTO_HASH 725 help 726 For x86_64 processors with SSE4.2 and PCLMULQDQ supported, 727 CRC T10 DIF PCLMULQDQ computation can be hardware 728 accelerated PCLMULQDQ instruction. This option will create 729 'crct10dif-pclmul' module, which is faster when computing the 730 crct10dif checksum as compared with the generic table implementation. 731 732config CRYPTO_CRCT10DIF_VPMSUM 733 tristate "CRC32T10DIF powerpc64 hardware acceleration" 734 depends on PPC64 && ALTIVEC && CRC_T10DIF 735 select CRYPTO_HASH 736 help 737 CRC10T10DIF algorithm implemented using vector polynomial 738 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on 739 POWER8 and newer processors for improved performance. 740 741config CRYPTO_CRC64_ROCKSOFT 742 tristate "Rocksoft Model CRC64 algorithm" 743 depends on CRC64 744 select CRYPTO_HASH 745 746config CRYPTO_VPMSUM_TESTER 747 tristate "Powerpc64 vpmsum hardware acceleration tester" 748 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM 749 help 750 Stress test for CRC32c and CRC-T10DIF algorithms implemented with 751 POWER8 vpmsum instructions. 752 Unless you are testing these algorithms, you don't need this. 753 754config CRYPTO_GHASH 755 tristate "GHASH hash function" 756 select CRYPTO_GF128MUL 757 select CRYPTO_HASH 758 help 759 GHASH is the hash function used in GCM (Galois/Counter Mode). 760 It is not a general-purpose cryptographic hash function. 761 762config CRYPTO_POLY1305 763 tristate "Poly1305 authenticator algorithm" 764 select CRYPTO_HASH 765 select CRYPTO_LIB_POLY1305_GENERIC 766 help 767 Poly1305 authenticator algorithm, RFC7539. 768 769 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 770 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 771 in IETF protocols. This is the portable C implementation of Poly1305. 772 773config CRYPTO_POLY1305_X86_64 774 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" 775 depends on X86 && 64BIT 776 select CRYPTO_LIB_POLY1305_GENERIC 777 select CRYPTO_ARCH_HAVE_LIB_POLY1305 778 help 779 Poly1305 authenticator algorithm, RFC7539. 780 781 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. 782 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use 783 in IETF protocols. This is the x86_64 assembler implementation using SIMD 784 instructions. 785 786config CRYPTO_POLY1305_MIPS 787 tristate "Poly1305 authenticator algorithm (MIPS optimized)" 788 depends on MIPS 789 select CRYPTO_ARCH_HAVE_LIB_POLY1305 790 791config CRYPTO_MD4 792 tristate "MD4 digest algorithm" 793 select CRYPTO_HASH 794 help 795 MD4 message digest algorithm (RFC1320). 796 797config CRYPTO_MD5 798 tristate "MD5 digest algorithm" 799 select CRYPTO_HASH 800 help 801 MD5 message digest algorithm (RFC1321). 802 803config CRYPTO_MD5_OCTEON 804 tristate "MD5 digest algorithm (OCTEON)" 805 depends on CPU_CAVIUM_OCTEON 806 select CRYPTO_MD5 807 select CRYPTO_HASH 808 help 809 MD5 message digest algorithm (RFC1321) implemented 810 using OCTEON crypto instructions, when available. 811 812config CRYPTO_MD5_PPC 813 tristate "MD5 digest algorithm (PPC)" 814 depends on PPC 815 select CRYPTO_HASH 816 help 817 MD5 message digest algorithm (RFC1321) implemented 818 in PPC assembler. 819 820config CRYPTO_MD5_SPARC64 821 tristate "MD5 digest algorithm (SPARC64)" 822 depends on SPARC64 823 select CRYPTO_MD5 824 select CRYPTO_HASH 825 help 826 MD5 message digest algorithm (RFC1321) implemented 827 using sparc64 crypto instructions, when available. 828 829config CRYPTO_MICHAEL_MIC 830 tristate "Michael MIC keyed digest algorithm" 831 select CRYPTO_HASH 832 help 833 Michael MIC is used for message integrity protection in TKIP 834 (IEEE 802.11i). This algorithm is required for TKIP, but it 835 should not be used for other purposes because of the weakness 836 of the algorithm. 837 838config CRYPTO_RMD160 839 tristate "RIPEMD-160 digest algorithm" 840 select CRYPTO_HASH 841 help 842 RIPEMD-160 (ISO/IEC 10118-3:2004). 843 844 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 845 to be used as a secure replacement for the 128-bit hash functions 846 MD4, MD5 and it's predecessor RIPEMD 847 (not to be confused with RIPEMD-128). 848 849 It's speed is comparable to SHA1 and there are no known attacks 850 against RIPEMD-160. 851 852 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 853 See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html> 854 855config CRYPTO_SHA1 856 tristate "SHA1 digest algorithm" 857 select CRYPTO_HASH 858 help 859 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 860 861config CRYPTO_SHA1_SSSE3 862 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 863 depends on X86 && 64BIT 864 select CRYPTO_SHA1 865 select CRYPTO_HASH 866 help 867 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 868 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector 869 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions), 870 when available. 871 872config CRYPTO_SHA256_SSSE3 873 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)" 874 depends on X86 && 64BIT 875 select CRYPTO_SHA256 876 select CRYPTO_HASH 877 help 878 SHA-256 secure hash standard (DFIPS 180-2) implemented 879 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 880 Extensions version 1 (AVX1), or Advanced Vector Extensions 881 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New 882 Instructions) when available. 883 884config CRYPTO_SHA512_SSSE3 885 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" 886 depends on X86 && 64BIT 887 select CRYPTO_SHA512 888 select CRYPTO_HASH 889 help 890 SHA-512 secure hash standard (DFIPS 180-2) implemented 891 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector 892 Extensions version 1 (AVX1), or Advanced Vector Extensions 893 version 2 (AVX2) instructions, when available. 894 895config CRYPTO_SHA512_S390 896 tristate "SHA384 and SHA512 digest algorithm" 897 depends on S390 898 select CRYPTO_HASH 899 help 900 This is the s390 hardware accelerated implementation of the 901 SHA512 secure hash standard. 902 903 It is available as of z10. 904 905config CRYPTO_SHA1_OCTEON 906 tristate "SHA1 digest algorithm (OCTEON)" 907 depends on CPU_CAVIUM_OCTEON 908 select CRYPTO_SHA1 909 select CRYPTO_HASH 910 help 911 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 912 using OCTEON crypto instructions, when available. 913 914config CRYPTO_SHA1_SPARC64 915 tristate "SHA1 digest algorithm (SPARC64)" 916 depends on SPARC64 917 select CRYPTO_SHA1 918 select CRYPTO_HASH 919 help 920 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented 921 using sparc64 crypto instructions, when available. 922 923config CRYPTO_SHA1_PPC 924 tristate "SHA1 digest algorithm (powerpc)" 925 depends on PPC 926 help 927 This is the powerpc hardware accelerated implementation of the 928 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 929 930config CRYPTO_SHA1_PPC_SPE 931 tristate "SHA1 digest algorithm (PPC SPE)" 932 depends on PPC && SPE 933 help 934 SHA-1 secure hash standard (DFIPS 180-4) implemented 935 using powerpc SPE SIMD instruction set. 936 937config CRYPTO_SHA1_S390 938 tristate "SHA1 digest algorithm" 939 depends on S390 940 select CRYPTO_HASH 941 help 942 This is the s390 hardware accelerated implementation of the 943 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). 944 945 It is available as of z990. 946 947config CRYPTO_SHA256 948 tristate "SHA224 and SHA256 digest algorithm" 949 select CRYPTO_HASH 950 select CRYPTO_LIB_SHA256 951 help 952 SHA256 secure hash standard (DFIPS 180-2). 953 954 This version of SHA implements a 256 bit hash with 128 bits of 955 security against collision attacks. 956 957 This code also includes SHA-224, a 224 bit hash with 112 bits 958 of security against collision attacks. 959 960config CRYPTO_SHA256_PPC_SPE 961 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)" 962 depends on PPC && SPE 963 select CRYPTO_SHA256 964 select CRYPTO_HASH 965 help 966 SHA224 and SHA256 secure hash standard (DFIPS 180-2) 967 implemented using powerpc SPE SIMD instruction set. 968 969config CRYPTO_SHA256_OCTEON 970 tristate "SHA224 and SHA256 digest algorithm (OCTEON)" 971 depends on CPU_CAVIUM_OCTEON 972 select CRYPTO_SHA256 973 select CRYPTO_HASH 974 help 975 SHA-256 secure hash standard (DFIPS 180-2) implemented 976 using OCTEON crypto instructions, when available. 977 978config CRYPTO_SHA256_SPARC64 979 tristate "SHA224 and SHA256 digest algorithm (SPARC64)" 980 depends on SPARC64 981 select CRYPTO_SHA256 982 select CRYPTO_HASH 983 help 984 SHA-256 secure hash standard (DFIPS 180-2) implemented 985 using sparc64 crypto instructions, when available. 986 987config CRYPTO_SHA256_S390 988 tristate "SHA256 digest algorithm" 989 depends on S390 990 select CRYPTO_HASH 991 help 992 This is the s390 hardware accelerated implementation of the 993 SHA256 secure hash standard (DFIPS 180-2). 994 995 It is available as of z9. 996 997config CRYPTO_SHA512 998 tristate "SHA384 and SHA512 digest algorithms" 999 select CRYPTO_HASH 1000 help 1001 SHA512 secure hash standard (DFIPS 180-2). 1002 1003 This version of SHA implements a 512 bit hash with 256 bits of 1004 security against collision attacks. 1005 1006 This code also includes SHA-384, a 384 bit hash with 192 bits 1007 of security against collision attacks. 1008 1009config CRYPTO_SHA512_OCTEON 1010 tristate "SHA384 and SHA512 digest algorithms (OCTEON)" 1011 depends on CPU_CAVIUM_OCTEON 1012 select CRYPTO_SHA512 1013 select CRYPTO_HASH 1014 help 1015 SHA-512 secure hash standard (DFIPS 180-2) implemented 1016 using OCTEON crypto instructions, when available. 1017 1018config CRYPTO_SHA512_SPARC64 1019 tristate "SHA384 and SHA512 digest algorithm (SPARC64)" 1020 depends on SPARC64 1021 select CRYPTO_SHA512 1022 select CRYPTO_HASH 1023 help 1024 SHA-512 secure hash standard (DFIPS 180-2) implemented 1025 using sparc64 crypto instructions, when available. 1026 1027config CRYPTO_SHA3 1028 tristate "SHA3 digest algorithm" 1029 select CRYPTO_HASH 1030 help 1031 SHA-3 secure hash standard (DFIPS 202). It's based on 1032 cryptographic sponge function family called Keccak. 1033 1034 References: 1035 http://keccak.noekeon.org/ 1036 1037config CRYPTO_SHA3_256_S390 1038 tristate "SHA3_224 and SHA3_256 digest algorithm" 1039 depends on S390 1040 select CRYPTO_HASH 1041 help 1042 This is the s390 hardware accelerated implementation of the 1043 SHA3_256 secure hash standard. 1044 1045 It is available as of z14. 1046 1047config CRYPTO_SHA3_512_S390 1048 tristate "SHA3_384 and SHA3_512 digest algorithm" 1049 depends on S390 1050 select CRYPTO_HASH 1051 help 1052 This is the s390 hardware accelerated implementation of the 1053 SHA3_512 secure hash standard. 1054 1055 It is available as of z14. 1056 1057config CRYPTO_SM3 1058 tristate 1059 1060config CRYPTO_SM3_GENERIC 1061 tristate "SM3 digest algorithm" 1062 select CRYPTO_HASH 1063 select CRYPTO_SM3 1064 help 1065 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 1066 It is part of the Chinese Commercial Cryptography suite. 1067 1068 References: 1069 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 1070 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 1071 1072config CRYPTO_SM3_AVX_X86_64 1073 tristate "SM3 digest algorithm (x86_64/AVX)" 1074 depends on X86 && 64BIT 1075 select CRYPTO_HASH 1076 select CRYPTO_SM3 1077 help 1078 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3). 1079 It is part of the Chinese Commercial Cryptography suite. This is 1080 SM3 optimized implementation using Advanced Vector Extensions (AVX) 1081 when available. 1082 1083 If unsure, say N. 1084 1085config CRYPTO_STREEBOG 1086 tristate "Streebog Hash Function" 1087 select CRYPTO_HASH 1088 help 1089 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian 1090 cryptographic standard algorithms (called GOST algorithms). 1091 This setting enables two hash algorithms with 256 and 512 bits output. 1092 1093 References: 1094 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 1095 https://tools.ietf.org/html/rfc6986 1096 1097config CRYPTO_WP512 1098 tristate "Whirlpool digest algorithms" 1099 select CRYPTO_HASH 1100 help 1101 Whirlpool hash algorithm 512, 384 and 256-bit hashes 1102 1103 Whirlpool-512 is part of the NESSIE cryptographic primitives. 1104 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard 1105 1106 See also: 1107 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html> 1108 1109config CRYPTO_GHASH_CLMUL_NI_INTEL 1110 tristate "GHASH hash function (CLMUL-NI accelerated)" 1111 depends on X86 && 64BIT 1112 select CRYPTO_CRYPTD 1113 help 1114 This is the x86_64 CLMUL-NI accelerated implementation of 1115 GHASH, the hash function used in GCM (Galois/Counter mode). 1116 1117config CRYPTO_GHASH_S390 1118 tristate "GHASH hash function" 1119 depends on S390 1120 select CRYPTO_HASH 1121 help 1122 This is the s390 hardware accelerated implementation of GHASH, 1123 the hash function used in GCM (Galois/Counter mode). 1124 1125 It is available as of z196. 1126 1127comment "Ciphers" 1128 1129config CRYPTO_AES 1130 tristate "AES cipher algorithms" 1131 select CRYPTO_ALGAPI 1132 select CRYPTO_LIB_AES 1133 help 1134 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1135 algorithm. 1136 1137 Rijndael appears to be consistently a very good performer in 1138 both hardware and software across a wide range of computing 1139 environments regardless of its use in feedback or non-feedback 1140 modes. Its key setup time is excellent, and its key agility is 1141 good. Rijndael's very low memory requirements make it very well 1142 suited for restricted-space environments, in which it also 1143 demonstrates excellent performance. Rijndael's operations are 1144 among the easiest to defend against power and timing attacks. 1145 1146 The AES specifies three key sizes: 128, 192 and 256 bits 1147 1148 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information. 1149 1150config CRYPTO_AES_TI 1151 tristate "Fixed time AES cipher" 1152 select CRYPTO_ALGAPI 1153 select CRYPTO_LIB_AES 1154 help 1155 This is a generic implementation of AES that attempts to eliminate 1156 data dependent latencies as much as possible without affecting 1157 performance too much. It is intended for use by the generic CCM 1158 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 1159 solely on encryption (although decryption is supported as well, but 1160 with a more dramatic performance hit) 1161 1162 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 1163 8 for decryption), this implementation only uses just two S-boxes of 1164 256 bytes each, and attempts to eliminate data dependent latencies by 1165 prefetching the entire table into the cache at the start of each 1166 block. Interrupts are also disabled to avoid races where cachelines 1167 are evicted when the CPU is interrupted to do something else. 1168 1169config CRYPTO_AES_NI_INTEL 1170 tristate "AES cipher algorithms (AES-NI)" 1171 depends on X86 1172 select CRYPTO_AEAD 1173 select CRYPTO_LIB_AES 1174 select CRYPTO_ALGAPI 1175 select CRYPTO_SKCIPHER 1176 select CRYPTO_SIMD 1177 help 1178 Use Intel AES-NI instructions for AES algorithm. 1179 1180 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1181 algorithm. 1182 1183 Rijndael appears to be consistently a very good performer in 1184 both hardware and software across a wide range of computing 1185 environments regardless of its use in feedback or non-feedback 1186 modes. Its key setup time is excellent, and its key agility is 1187 good. Rijndael's very low memory requirements make it very well 1188 suited for restricted-space environments, in which it also 1189 demonstrates excellent performance. Rijndael's operations are 1190 among the easiest to defend against power and timing attacks. 1191 1192 The AES specifies three key sizes: 128, 192 and 256 bits 1193 1194 See <http://csrc.nist.gov/encryption/aes/> for more information. 1195 1196 In addition to AES cipher algorithm support, the acceleration 1197 for some popular block cipher mode is supported too, including 1198 ECB, CBC, LRW, XTS. The 64 bit version has additional 1199 acceleration for CTR. 1200 1201config CRYPTO_AES_SPARC64 1202 tristate "AES cipher algorithms (SPARC64)" 1203 depends on SPARC64 1204 select CRYPTO_SKCIPHER 1205 help 1206 Use SPARC64 crypto opcodes for AES algorithm. 1207 1208 AES cipher algorithms (FIPS-197). AES uses the Rijndael 1209 algorithm. 1210 1211 Rijndael appears to be consistently a very good performer in 1212 both hardware and software across a wide range of computing 1213 environments regardless of its use in feedback or non-feedback 1214 modes. Its key setup time is excellent, and its key agility is 1215 good. Rijndael's very low memory requirements make it very well 1216 suited for restricted-space environments, in which it also 1217 demonstrates excellent performance. Rijndael's operations are 1218 among the easiest to defend against power and timing attacks. 1219 1220 The AES specifies three key sizes: 128, 192 and 256 bits 1221 1222 See <http://csrc.nist.gov/encryption/aes/> for more information. 1223 1224 In addition to AES cipher algorithm support, the acceleration 1225 for some popular block cipher mode is supported too, including 1226 ECB and CBC. 1227 1228config CRYPTO_AES_PPC_SPE 1229 tristate "AES cipher algorithms (PPC SPE)" 1230 depends on PPC && SPE 1231 select CRYPTO_SKCIPHER 1232 help 1233 AES cipher algorithms (FIPS-197). Additionally the acceleration 1234 for popular block cipher modes ECB, CBC, CTR and XTS is supported. 1235 This module should only be used for low power (router) devices 1236 without hardware AES acceleration (e.g. caam crypto). It reduces the 1237 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates 1238 timining attacks. Nevertheless it might be not as secure as other 1239 architecture specific assembler implementations that work on 1KB 1240 tables or 256 bytes S-boxes. 1241 1242config CRYPTO_AES_S390 1243 tristate "AES cipher algorithms" 1244 depends on S390 1245 select CRYPTO_ALGAPI 1246 select CRYPTO_SKCIPHER 1247 help 1248 This is the s390 hardware accelerated implementation of the 1249 AES cipher algorithms (FIPS-197). 1250 1251 As of z9 the ECB and CBC modes are hardware accelerated 1252 for 128 bit keys. 1253 As of z10 the ECB and CBC modes are hardware accelerated 1254 for all AES key sizes. 1255 As of z196 the CTR mode is hardware accelerated for all AES 1256 key sizes and XTS mode is hardware accelerated for 256 and 1257 512 bit keys. 1258 1259config CRYPTO_ANUBIS 1260 tristate "Anubis cipher algorithm" 1261 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1262 select CRYPTO_ALGAPI 1263 help 1264 Anubis cipher algorithm. 1265 1266 Anubis is a variable key length cipher which can use keys from 1267 128 bits to 320 bits in length. It was evaluated as a entrant 1268 in the NESSIE competition. 1269 1270 See also: 1271 <https://www.cosic.esat.kuleuven.be/nessie/reports/> 1272 <http://www.larc.usp.br/~pbarreto/AnubisPage.html> 1273 1274config CRYPTO_ARC4 1275 tristate "ARC4 cipher algorithm" 1276 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1277 select CRYPTO_SKCIPHER 1278 select CRYPTO_LIB_ARC4 1279 help 1280 ARC4 cipher algorithm. 1281 1282 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 1283 bits in length. This algorithm is required for driver-based 1284 WEP, but it should not be for other purposes because of the 1285 weakness of the algorithm. 1286 1287config CRYPTO_BLOWFISH 1288 tristate "Blowfish cipher algorithm" 1289 select CRYPTO_ALGAPI 1290 select CRYPTO_BLOWFISH_COMMON 1291 help 1292 Blowfish cipher algorithm, by Bruce Schneier. 1293 1294 This is a variable key length cipher which can use keys from 32 1295 bits to 448 bits in length. It's fast, simple and specifically 1296 designed for use on "large microprocessors". 1297 1298 See also: 1299 <https://www.schneier.com/blowfish.html> 1300 1301config CRYPTO_BLOWFISH_COMMON 1302 tristate 1303 help 1304 Common parts of the Blowfish cipher algorithm shared by the 1305 generic c and the assembler implementations. 1306 1307 See also: 1308 <https://www.schneier.com/blowfish.html> 1309 1310config CRYPTO_BLOWFISH_X86_64 1311 tristate "Blowfish cipher algorithm (x86_64)" 1312 depends on X86 && 64BIT 1313 select CRYPTO_SKCIPHER 1314 select CRYPTO_BLOWFISH_COMMON 1315 imply CRYPTO_CTR 1316 help 1317 Blowfish cipher algorithm (x86_64), by Bruce Schneier. 1318 1319 This is a variable key length cipher which can use keys from 32 1320 bits to 448 bits in length. It's fast, simple and specifically 1321 designed for use on "large microprocessors". 1322 1323 See also: 1324 <https://www.schneier.com/blowfish.html> 1325 1326config CRYPTO_CAMELLIA 1327 tristate "Camellia cipher algorithms" 1328 select CRYPTO_ALGAPI 1329 help 1330 Camellia cipher algorithms module. 1331 1332 Camellia is a symmetric key block cipher developed jointly 1333 at NTT and Mitsubishi Electric Corporation. 1334 1335 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1336 1337 See also: 1338 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1339 1340config CRYPTO_CAMELLIA_X86_64 1341 tristate "Camellia cipher algorithm (x86_64)" 1342 depends on X86 && 64BIT 1343 select CRYPTO_SKCIPHER 1344 imply CRYPTO_CTR 1345 help 1346 Camellia cipher algorithm module (x86_64). 1347 1348 Camellia is a symmetric key block cipher developed jointly 1349 at NTT and Mitsubishi Electric Corporation. 1350 1351 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1352 1353 See also: 1354 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1355 1356config CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1357 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)" 1358 depends on X86 && 64BIT 1359 select CRYPTO_SKCIPHER 1360 select CRYPTO_CAMELLIA_X86_64 1361 select CRYPTO_SIMD 1362 imply CRYPTO_XTS 1363 help 1364 Camellia cipher algorithm module (x86_64/AES-NI/AVX). 1365 1366 Camellia is a symmetric key block cipher developed jointly 1367 at NTT and Mitsubishi Electric Corporation. 1368 1369 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1370 1371 See also: 1372 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1373 1374config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 1375 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)" 1376 depends on X86 && 64BIT 1377 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64 1378 help 1379 Camellia cipher algorithm module (x86_64/AES-NI/AVX2). 1380 1381 Camellia is a symmetric key block cipher developed jointly 1382 at NTT and Mitsubishi Electric Corporation. 1383 1384 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1385 1386 See also: 1387 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1388 1389config CRYPTO_CAMELLIA_SPARC64 1390 tristate "Camellia cipher algorithm (SPARC64)" 1391 depends on SPARC64 1392 select CRYPTO_ALGAPI 1393 select CRYPTO_SKCIPHER 1394 help 1395 Camellia cipher algorithm module (SPARC64). 1396 1397 Camellia is a symmetric key block cipher developed jointly 1398 at NTT and Mitsubishi Electric Corporation. 1399 1400 The Camellia specifies three key sizes: 128, 192 and 256 bits. 1401 1402 See also: 1403 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html> 1404 1405config CRYPTO_CAST_COMMON 1406 tristate 1407 help 1408 Common parts of the CAST cipher algorithms shared by the 1409 generic c and the assembler implementations. 1410 1411config CRYPTO_CAST5 1412 tristate "CAST5 (CAST-128) cipher algorithm" 1413 select CRYPTO_ALGAPI 1414 select CRYPTO_CAST_COMMON 1415 help 1416 The CAST5 encryption algorithm (synonymous with CAST-128) is 1417 described in RFC2144. 1418 1419config CRYPTO_CAST5_AVX_X86_64 1420 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)" 1421 depends on X86 && 64BIT 1422 select CRYPTO_SKCIPHER 1423 select CRYPTO_CAST5 1424 select CRYPTO_CAST_COMMON 1425 select CRYPTO_SIMD 1426 imply CRYPTO_CTR 1427 help 1428 The CAST5 encryption algorithm (synonymous with CAST-128) is 1429 described in RFC2144. 1430 1431 This module provides the Cast5 cipher algorithm that processes 1432 sixteen blocks parallel using the AVX instruction set. 1433 1434config CRYPTO_CAST6 1435 tristate "CAST6 (CAST-256) cipher algorithm" 1436 select CRYPTO_ALGAPI 1437 select CRYPTO_CAST_COMMON 1438 help 1439 The CAST6 encryption algorithm (synonymous with CAST-256) is 1440 described in RFC2612. 1441 1442config CRYPTO_CAST6_AVX_X86_64 1443 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)" 1444 depends on X86 && 64BIT 1445 select CRYPTO_SKCIPHER 1446 select CRYPTO_CAST6 1447 select CRYPTO_CAST_COMMON 1448 select CRYPTO_SIMD 1449 imply CRYPTO_XTS 1450 imply CRYPTO_CTR 1451 help 1452 The CAST6 encryption algorithm (synonymous with CAST-256) is 1453 described in RFC2612. 1454 1455 This module provides the Cast6 cipher algorithm that processes 1456 eight blocks parallel using the AVX instruction set. 1457 1458config CRYPTO_DES 1459 tristate "DES and Triple DES EDE cipher algorithms" 1460 select CRYPTO_ALGAPI 1461 select CRYPTO_LIB_DES 1462 help 1463 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1464 1465config CRYPTO_DES_SPARC64 1466 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)" 1467 depends on SPARC64 1468 select CRYPTO_ALGAPI 1469 select CRYPTO_LIB_DES 1470 select CRYPTO_SKCIPHER 1471 help 1472 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3), 1473 optimized using SPARC64 crypto opcodes. 1474 1475config CRYPTO_DES3_EDE_X86_64 1476 tristate "Triple DES EDE cipher algorithm (x86-64)" 1477 depends on X86 && 64BIT 1478 select CRYPTO_SKCIPHER 1479 select CRYPTO_LIB_DES 1480 imply CRYPTO_CTR 1481 help 1482 Triple DES EDE (FIPS 46-3) algorithm. 1483 1484 This module provides implementation of the Triple DES EDE cipher 1485 algorithm that is optimized for x86-64 processors. Two versions of 1486 algorithm are provided; regular processing one input block and 1487 one that processes three blocks parallel. 1488 1489config CRYPTO_DES_S390 1490 tristate "DES and Triple DES cipher algorithms" 1491 depends on S390 1492 select CRYPTO_ALGAPI 1493 select CRYPTO_SKCIPHER 1494 select CRYPTO_LIB_DES 1495 help 1496 This is the s390 hardware accelerated implementation of the 1497 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3). 1498 1499 As of z990 the ECB and CBC mode are hardware accelerated. 1500 As of z196 the CTR mode is hardware accelerated. 1501 1502config CRYPTO_FCRYPT 1503 tristate "FCrypt cipher algorithm" 1504 select CRYPTO_ALGAPI 1505 select CRYPTO_SKCIPHER 1506 help 1507 FCrypt algorithm used by RxRPC. 1508 1509config CRYPTO_KHAZAD 1510 tristate "Khazad cipher algorithm" 1511 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1512 select CRYPTO_ALGAPI 1513 help 1514 Khazad cipher algorithm. 1515 1516 Khazad was a finalist in the initial NESSIE competition. It is 1517 an algorithm optimized for 64-bit processors with good performance 1518 on 32-bit processors. Khazad uses an 128 bit key size. 1519 1520 See also: 1521 <http://www.larc.usp.br/~pbarreto/KhazadPage.html> 1522 1523config CRYPTO_CHACHA20 1524 tristate "ChaCha stream cipher algorithms" 1525 select CRYPTO_LIB_CHACHA_GENERIC 1526 select CRYPTO_SKCIPHER 1527 help 1528 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms. 1529 1530 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 1531 Bernstein and further specified in RFC7539 for use in IETF protocols. 1532 This is the portable C implementation of ChaCha20. See also: 1533 <https://cr.yp.to/chacha/chacha-20080128.pdf> 1534 1535 XChaCha20 is the application of the XSalsa20 construction to ChaCha20 1536 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 1537 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 1538 while provably retaining ChaCha20's security. See also: 1539 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf> 1540 1541 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 1542 reduced security margin but increased performance. It can be needed 1543 in some performance-sensitive scenarios. 1544 1545config CRYPTO_CHACHA20_X86_64 1546 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)" 1547 depends on X86 && 64BIT 1548 select CRYPTO_SKCIPHER 1549 select CRYPTO_LIB_CHACHA_GENERIC 1550 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1551 help 1552 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20, 1553 XChaCha20, and XChaCha12 stream ciphers. 1554 1555config CRYPTO_CHACHA_MIPS 1556 tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)" 1557 depends on CPU_MIPS32_R2 1558 select CRYPTO_SKCIPHER 1559 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1560 1561config CRYPTO_CHACHA_S390 1562 tristate "ChaCha20 stream cipher" 1563 depends on S390 1564 select CRYPTO_SKCIPHER 1565 select CRYPTO_LIB_CHACHA_GENERIC 1566 select CRYPTO_ARCH_HAVE_LIB_CHACHA 1567 help 1568 This is the s390 SIMD implementation of the ChaCha20 stream 1569 cipher (RFC 7539). 1570 1571 It is available as of z13. 1572 1573config CRYPTO_SEED 1574 tristate "SEED cipher algorithm" 1575 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1576 select CRYPTO_ALGAPI 1577 help 1578 SEED cipher algorithm (RFC4269). 1579 1580 SEED is a 128-bit symmetric key block cipher that has been 1581 developed by KISA (Korea Information Security Agency) as a 1582 national standard encryption algorithm of the Republic of Korea. 1583 It is a 16 round block cipher with the key size of 128 bit. 1584 1585 See also: 1586 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp> 1587 1588config CRYPTO_SERPENT 1589 tristate "Serpent cipher algorithm" 1590 select CRYPTO_ALGAPI 1591 help 1592 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1593 1594 Keys are allowed to be from 0 to 256 bits in length, in steps 1595 of 8 bits. 1596 1597 See also: 1598 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1599 1600config CRYPTO_SERPENT_SSE2_X86_64 1601 tristate "Serpent cipher algorithm (x86_64/SSE2)" 1602 depends on X86 && 64BIT 1603 select CRYPTO_SKCIPHER 1604 select CRYPTO_SERPENT 1605 select CRYPTO_SIMD 1606 imply CRYPTO_CTR 1607 help 1608 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1609 1610 Keys are allowed to be from 0 to 256 bits in length, in steps 1611 of 8 bits. 1612 1613 This module provides Serpent cipher algorithm that processes eight 1614 blocks parallel using SSE2 instruction set. 1615 1616 See also: 1617 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1618 1619config CRYPTO_SERPENT_SSE2_586 1620 tristate "Serpent cipher algorithm (i586/SSE2)" 1621 depends on X86 && !64BIT 1622 select CRYPTO_SKCIPHER 1623 select CRYPTO_SERPENT 1624 select CRYPTO_SIMD 1625 imply CRYPTO_CTR 1626 help 1627 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1628 1629 Keys are allowed to be from 0 to 256 bits in length, in steps 1630 of 8 bits. 1631 1632 This module provides Serpent cipher algorithm that processes four 1633 blocks parallel using SSE2 instruction set. 1634 1635 See also: 1636 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1637 1638config CRYPTO_SERPENT_AVX_X86_64 1639 tristate "Serpent cipher algorithm (x86_64/AVX)" 1640 depends on X86 && 64BIT 1641 select CRYPTO_SKCIPHER 1642 select CRYPTO_SERPENT 1643 select CRYPTO_SIMD 1644 imply CRYPTO_XTS 1645 imply CRYPTO_CTR 1646 help 1647 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1648 1649 Keys are allowed to be from 0 to 256 bits in length, in steps 1650 of 8 bits. 1651 1652 This module provides the Serpent cipher algorithm that processes 1653 eight blocks parallel using the AVX instruction set. 1654 1655 See also: 1656 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1657 1658config CRYPTO_SERPENT_AVX2_X86_64 1659 tristate "Serpent cipher algorithm (x86_64/AVX2)" 1660 depends on X86 && 64BIT 1661 select CRYPTO_SERPENT_AVX_X86_64 1662 help 1663 Serpent cipher algorithm, by Anderson, Biham & Knudsen. 1664 1665 Keys are allowed to be from 0 to 256 bits in length, in steps 1666 of 8 bits. 1667 1668 This module provides Serpent cipher algorithm that processes 16 1669 blocks parallel using AVX2 instruction set. 1670 1671 See also: 1672 <https://www.cl.cam.ac.uk/~rja14/serpent.html> 1673 1674config CRYPTO_SM4 1675 tristate 1676 1677config CRYPTO_SM4_GENERIC 1678 tristate "SM4 cipher algorithm" 1679 select CRYPTO_ALGAPI 1680 select CRYPTO_SM4 1681 help 1682 SM4 cipher algorithms (OSCCA GB/T 32907-2016). 1683 1684 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1685 Organization of State Commercial Administration of China (OSCCA) 1686 as an authorized cryptographic algorithms for the use within China. 1687 1688 SMS4 was originally created for use in protecting wireless 1689 networks, and is mandated in the Chinese National Standard for 1690 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 1691 (GB.15629.11-2003). 1692 1693 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 1694 standardized through TC 260 of the Standardization Administration 1695 of the People's Republic of China (SAC). 1696 1697 The input, output, and key of SMS4 are each 128 bits. 1698 1699 See also: <https://eprint.iacr.org/2008/329.pdf> 1700 1701 If unsure, say N. 1702 1703config CRYPTO_SM4_AESNI_AVX_X86_64 1704 tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX)" 1705 depends on X86 && 64BIT 1706 select CRYPTO_SKCIPHER 1707 select CRYPTO_SIMD 1708 select CRYPTO_ALGAPI 1709 select CRYPTO_SM4 1710 help 1711 SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX). 1712 1713 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1714 Organization of State Commercial Administration of China (OSCCA) 1715 as an authorized cryptographic algorithms for the use within China. 1716 1717 This is SM4 optimized implementation using AES-NI/AVX/x86_64 1718 instruction set for block cipher. Through two affine transforms, 1719 we can use the AES S-Box to simulate the SM4 S-Box to achieve the 1720 effect of instruction acceleration. 1721 1722 If unsure, say N. 1723 1724config CRYPTO_SM4_AESNI_AVX2_X86_64 1725 tristate "SM4 cipher algorithm (x86_64/AES-NI/AVX2)" 1726 depends on X86 && 64BIT 1727 select CRYPTO_SKCIPHER 1728 select CRYPTO_SIMD 1729 select CRYPTO_ALGAPI 1730 select CRYPTO_SM4 1731 select CRYPTO_SM4_AESNI_AVX_X86_64 1732 help 1733 SM4 cipher algorithms (OSCCA GB/T 32907-2016) (x86_64/AES-NI/AVX2). 1734 1735 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 1736 Organization of State Commercial Administration of China (OSCCA) 1737 as an authorized cryptographic algorithms for the use within China. 1738 1739 This is SM4 optimized implementation using AES-NI/AVX2/x86_64 1740 instruction set for block cipher. Through two affine transforms, 1741 we can use the AES S-Box to simulate the SM4 S-Box to achieve the 1742 effect of instruction acceleration. 1743 1744 If unsure, say N. 1745 1746config CRYPTO_TEA 1747 tristate "TEA, XTEA and XETA cipher algorithms" 1748 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 1749 select CRYPTO_ALGAPI 1750 help 1751 TEA cipher algorithm. 1752 1753 Tiny Encryption Algorithm is a simple cipher that uses 1754 many rounds for security. It is very fast and uses 1755 little memory. 1756 1757 Xtendend Tiny Encryption Algorithm is a modification to 1758 the TEA algorithm to address a potential key weakness 1759 in the TEA algorithm. 1760 1761 Xtendend Encryption Tiny Algorithm is a mis-implementation 1762 of the XTEA algorithm for compatibility purposes. 1763 1764config CRYPTO_TWOFISH 1765 tristate "Twofish cipher algorithm" 1766 select CRYPTO_ALGAPI 1767 select CRYPTO_TWOFISH_COMMON 1768 help 1769 Twofish cipher algorithm. 1770 1771 Twofish was submitted as an AES (Advanced Encryption Standard) 1772 candidate cipher by researchers at CounterPane Systems. It is a 1773 16 round block cipher supporting key sizes of 128, 192, and 256 1774 bits. 1775 1776 See also: 1777 <https://www.schneier.com/twofish.html> 1778 1779config CRYPTO_TWOFISH_COMMON 1780 tristate 1781 help 1782 Common parts of the Twofish cipher algorithm shared by the 1783 generic c and the assembler implementations. 1784 1785config CRYPTO_TWOFISH_586 1786 tristate "Twofish cipher algorithms (i586)" 1787 depends on (X86 || UML_X86) && !64BIT 1788 select CRYPTO_ALGAPI 1789 select CRYPTO_TWOFISH_COMMON 1790 imply CRYPTO_CTR 1791 help 1792 Twofish cipher algorithm. 1793 1794 Twofish was submitted as an AES (Advanced Encryption Standard) 1795 candidate cipher by researchers at CounterPane Systems. It is a 1796 16 round block cipher supporting key sizes of 128, 192, and 256 1797 bits. 1798 1799 See also: 1800 <https://www.schneier.com/twofish.html> 1801 1802config CRYPTO_TWOFISH_X86_64 1803 tristate "Twofish cipher algorithm (x86_64)" 1804 depends on (X86 || UML_X86) && 64BIT 1805 select CRYPTO_ALGAPI 1806 select CRYPTO_TWOFISH_COMMON 1807 imply CRYPTO_CTR 1808 help 1809 Twofish cipher algorithm (x86_64). 1810 1811 Twofish was submitted as an AES (Advanced Encryption Standard) 1812 candidate cipher by researchers at CounterPane Systems. It is a 1813 16 round block cipher supporting key sizes of 128, 192, and 256 1814 bits. 1815 1816 See also: 1817 <https://www.schneier.com/twofish.html> 1818 1819config CRYPTO_TWOFISH_X86_64_3WAY 1820 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)" 1821 depends on X86 && 64BIT 1822 select CRYPTO_SKCIPHER 1823 select CRYPTO_TWOFISH_COMMON 1824 select CRYPTO_TWOFISH_X86_64 1825 help 1826 Twofish cipher algorithm (x86_64, 3-way parallel). 1827 1828 Twofish was submitted as an AES (Advanced Encryption Standard) 1829 candidate cipher by researchers at CounterPane Systems. It is a 1830 16 round block cipher supporting key sizes of 128, 192, and 256 1831 bits. 1832 1833 This module provides Twofish cipher algorithm that processes three 1834 blocks parallel, utilizing resources of out-of-order CPUs better. 1835 1836 See also: 1837 <https://www.schneier.com/twofish.html> 1838 1839config CRYPTO_TWOFISH_AVX_X86_64 1840 tristate "Twofish cipher algorithm (x86_64/AVX)" 1841 depends on X86 && 64BIT 1842 select CRYPTO_SKCIPHER 1843 select CRYPTO_SIMD 1844 select CRYPTO_TWOFISH_COMMON 1845 select CRYPTO_TWOFISH_X86_64 1846 select CRYPTO_TWOFISH_X86_64_3WAY 1847 imply CRYPTO_XTS 1848 help 1849 Twofish cipher algorithm (x86_64/AVX). 1850 1851 Twofish was submitted as an AES (Advanced Encryption Standard) 1852 candidate cipher by researchers at CounterPane Systems. It is a 1853 16 round block cipher supporting key sizes of 128, 192, and 256 1854 bits. 1855 1856 This module provides the Twofish cipher algorithm that processes 1857 eight blocks parallel using the AVX Instruction Set. 1858 1859 See also: 1860 <https://www.schneier.com/twofish.html> 1861 1862comment "Compression" 1863 1864config CRYPTO_DEFLATE 1865 tristate "Deflate compression algorithm" 1866 select CRYPTO_ALGAPI 1867 select CRYPTO_ACOMP2 1868 select ZLIB_INFLATE 1869 select ZLIB_DEFLATE 1870 help 1871 This is the Deflate algorithm (RFC1951), specified for use in 1872 IPSec with the IPCOMP protocol (RFC3173, RFC2394). 1873 1874 You will most probably want this if using IPSec. 1875 1876config CRYPTO_LZO 1877 tristate "LZO compression algorithm" 1878 select CRYPTO_ALGAPI 1879 select CRYPTO_ACOMP2 1880 select LZO_COMPRESS 1881 select LZO_DECOMPRESS 1882 help 1883 This is the LZO algorithm. 1884 1885config CRYPTO_842 1886 tristate "842 compression algorithm" 1887 select CRYPTO_ALGAPI 1888 select CRYPTO_ACOMP2 1889 select 842_COMPRESS 1890 select 842_DECOMPRESS 1891 help 1892 This is the 842 algorithm. 1893 1894config CRYPTO_LZ4 1895 tristate "LZ4 compression algorithm" 1896 select CRYPTO_ALGAPI 1897 select CRYPTO_ACOMP2 1898 select LZ4_COMPRESS 1899 select LZ4_DECOMPRESS 1900 help 1901 This is the LZ4 algorithm. 1902 1903config CRYPTO_LZ4HC 1904 tristate "LZ4HC compression algorithm" 1905 select CRYPTO_ALGAPI 1906 select CRYPTO_ACOMP2 1907 select LZ4HC_COMPRESS 1908 select LZ4_DECOMPRESS 1909 help 1910 This is the LZ4 high compression mode algorithm. 1911 1912config CRYPTO_ZSTD 1913 tristate "Zstd compression algorithm" 1914 select CRYPTO_ALGAPI 1915 select CRYPTO_ACOMP2 1916 select ZSTD_COMPRESS 1917 select ZSTD_DECOMPRESS 1918 help 1919 This is the zstd algorithm. 1920 1921comment "Random Number Generation" 1922 1923config CRYPTO_ANSI_CPRNG 1924 tristate "Pseudo Random Number Generation for Cryptographic modules" 1925 select CRYPTO_AES 1926 select CRYPTO_RNG 1927 help 1928 This option enables the generic pseudo random number generator 1929 for cryptographic modules. Uses the Algorithm specified in 1930 ANSI X9.31 A.2.4. Note that this option must be enabled if 1931 CRYPTO_FIPS is selected 1932 1933menuconfig CRYPTO_DRBG_MENU 1934 tristate "NIST SP800-90A DRBG" 1935 help 1936 NIST SP800-90A compliant DRBG. In the following submenu, one or 1937 more of the DRBG types must be selected. 1938 1939if CRYPTO_DRBG_MENU 1940 1941config CRYPTO_DRBG_HMAC 1942 bool 1943 default y 1944 select CRYPTO_HMAC 1945 select CRYPTO_SHA512 1946 1947config CRYPTO_DRBG_HASH 1948 bool "Enable Hash DRBG" 1949 select CRYPTO_SHA256 1950 help 1951 Enable the Hash DRBG variant as defined in NIST SP800-90A. 1952 1953config CRYPTO_DRBG_CTR 1954 bool "Enable CTR DRBG" 1955 select CRYPTO_AES 1956 select CRYPTO_CTR 1957 help 1958 Enable the CTR DRBG variant as defined in NIST SP800-90A. 1959 1960config CRYPTO_DRBG 1961 tristate 1962 default CRYPTO_DRBG_MENU 1963 select CRYPTO_RNG 1964 select CRYPTO_JITTERENTROPY 1965 1966endif # if CRYPTO_DRBG_MENU 1967 1968config CRYPTO_JITTERENTROPY 1969 tristate "Jitterentropy Non-Deterministic Random Number Generator" 1970 select CRYPTO_RNG 1971 help 1972 The Jitterentropy RNG is a noise that is intended 1973 to provide seed to another RNG. The RNG does not 1974 perform any cryptographic whitening of the generated 1975 random numbers. This Jitterentropy RNG registers with 1976 the kernel crypto API and can be used by any caller. 1977 1978config CRYPTO_KDF800108_CTR 1979 tristate 1980 select CRYPTO_HMAC 1981 select CRYPTO_SHA256 1982 1983config CRYPTO_USER_API 1984 tristate 1985 1986config CRYPTO_USER_API_HASH 1987 tristate "User-space interface for hash algorithms" 1988 depends on NET 1989 select CRYPTO_HASH 1990 select CRYPTO_USER_API 1991 help 1992 This option enables the user-spaces interface for hash 1993 algorithms. 1994 1995config CRYPTO_USER_API_SKCIPHER 1996 tristate "User-space interface for symmetric key cipher algorithms" 1997 depends on NET 1998 select CRYPTO_SKCIPHER 1999 select CRYPTO_USER_API 2000 help 2001 This option enables the user-spaces interface for symmetric 2002 key cipher algorithms. 2003 2004config CRYPTO_USER_API_RNG 2005 tristate "User-space interface for random number generator algorithms" 2006 depends on NET 2007 select CRYPTO_RNG 2008 select CRYPTO_USER_API 2009 help 2010 This option enables the user-spaces interface for random 2011 number generator algorithms. 2012 2013config CRYPTO_USER_API_RNG_CAVP 2014 bool "Enable CAVP testing of DRBG" 2015 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG 2016 help 2017 This option enables extra API for CAVP testing via the user-space 2018 interface: resetting of DRBG entropy, and providing Additional Data. 2019 This should only be enabled for CAVP testing. You should say 2020 no unless you know what this is. 2021 2022config CRYPTO_USER_API_AEAD 2023 tristate "User-space interface for AEAD cipher algorithms" 2024 depends on NET 2025 select CRYPTO_AEAD 2026 select CRYPTO_SKCIPHER 2027 select CRYPTO_NULL 2028 select CRYPTO_USER_API 2029 help 2030 This option enables the user-spaces interface for AEAD 2031 cipher algorithms. 2032 2033config CRYPTO_USER_API_ENABLE_OBSOLETE 2034 bool "Enable obsolete cryptographic algorithms for userspace" 2035 depends on CRYPTO_USER_API 2036 default y 2037 help 2038 Allow obsolete cryptographic algorithms to be selected that have 2039 already been phased out from internal use by the kernel, and are 2040 only useful for userspace clients that still rely on them. 2041 2042config CRYPTO_STATS 2043 bool "Crypto usage statistics for User-space" 2044 depends on CRYPTO_USER 2045 help 2046 This option enables the gathering of crypto stats. 2047 This will collect: 2048 - encrypt/decrypt size and numbers of symmeric operations 2049 - compress/decompress size and numbers of compress operations 2050 - size and numbers of hash operations 2051 - encrypt/decrypt/sign/verify numbers for asymmetric operations 2052 - generate/seed numbers for rng operations 2053 2054config CRYPTO_HASH_INFO 2055 bool 2056 2057source "drivers/crypto/Kconfig" 2058source "crypto/asymmetric_keys/Kconfig" 2059source "certs/Kconfig" 2060 2061endif # if CRYPTO 2062