1 # SPDX-License-Identifier: GPL-2.0
3 # Generic algorithms support
9 # async_tx api: hardware offloaded memory transfer/transform support
11 source "crypto/async_tx/Kconfig"
14 # Cryptographic API Configuration
17 tristate "Cryptographic API"
19 This option provides the core Cryptographic API.
23 comment "Crypto core or helper"
26 bool "FIPS 200 compliance"
27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
28 depends on (MODULE_SIG || !MODULES)
30 This option enables the fips boot option which is
31 required if you want the system to operate in a FIPS 200
32 certification. You should say no unless you know what
39 This option provides the API for cryptographic algorithms.
55 config CRYPTO_BLKCIPHER
57 select CRYPTO_BLKCIPHER2
60 config CRYPTO_BLKCIPHER2
83 config CRYPTO_RNG_DEFAULT
85 select CRYPTO_DRBG_MENU
87 config CRYPTO_AKCIPHER2
91 config CRYPTO_AKCIPHER
93 select CRYPTO_AKCIPHER2
107 select CRYPTO_ALGAPI2
115 config CRYPTO_MANAGER
116 tristate "Cryptographic algorithm manager"
117 select CRYPTO_MANAGER2
119 Create default cryptographic template instantiations such as
122 config CRYPTO_MANAGER2
123 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
126 select CRYPTO_BLKCIPHER2
127 select CRYPTO_AKCIPHER2
132 tristate "Userspace cryptographic algorithm configuration"
134 select CRYPTO_MANAGER
136 Userspace configuration for cryptographic instantiations such as
141 config CRYPTO_MANAGER_DISABLE_TESTS
142 bool "Disable run-time self tests"
145 Disable run-time self tests that normally take place at
146 algorithm registration.
148 config CRYPTO_MANAGER_EXTRA_TESTS
149 bool "Enable extra run-time crypto self tests"
150 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS
152 Enable extra run-time self tests of registered crypto algorithms,
153 including randomized fuzz tests.
155 This is intended for developer use only, as these tests take much
156 longer to run than the normal self tests.
158 endif # if CRYPTO_MANAGER2
160 config CRYPTO_GF128MUL
164 tristate "Null algorithms"
167 These are 'Null' algorithms, used by IPsec, which do nothing.
171 select CRYPTO_ALGAPI2
172 select CRYPTO_BLKCIPHER2
176 tristate "Parallel crypto engine"
179 select CRYPTO_MANAGER
182 This converts an arbitrary crypto algorithm into a parallel
183 algorithm that executes in kernel threads.
186 tristate "Software async crypto daemon"
187 select CRYPTO_BLKCIPHER
189 select CRYPTO_MANAGER
191 This is a generic software asynchronous crypto daemon that
192 converts an arbitrary synchronous software crypto algorithm
193 into an asynchronous algorithm that executes in a kernel thread.
195 config CRYPTO_AUTHENC
196 tristate "Authenc support"
198 select CRYPTO_BLKCIPHER
199 select CRYPTO_MANAGER
203 Authenc: Combined mode wrapper for IPsec.
204 This is required for IPSec.
207 tristate "Testing module"
209 select CRYPTO_MANAGER
211 Quick & dirty crypto test module.
217 config CRYPTO_GLUE_HELPER_X86
220 select CRYPTO_BLKCIPHER
225 comment "Public-key cryptography"
228 tristate "RSA algorithm"
229 select CRYPTO_AKCIPHER
230 select CRYPTO_MANAGER
234 Generic implementation of the RSA public key algorithm.
237 tristate "Diffie-Hellman algorithm"
241 Generic implementation of the Diffie-Hellman algorithm.
247 tristate "ECDH algorithm"
250 select CRYPTO_RNG_DEFAULT
252 Generic implementation of the ECDH algorithm
255 tristate "EC-RDSA (GOST 34.10) algorithm"
257 select CRYPTO_AKCIPHER
258 select CRYPTO_STREEBOG
262 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
263 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
264 standard algorithms (called GOST algorithms). Only signature verification
267 comment "Authenticated Encryption with Associated Data"
270 tristate "CCM support"
274 select CRYPTO_MANAGER
276 Support for Counter with CBC MAC. Required for IPsec.
279 tristate "GCM/GMAC support"
284 select CRYPTO_MANAGER
286 Support for Galois/Counter Mode (GCM) and Galois Message
287 Authentication Code (GMAC). Required for IPSec.
289 config CRYPTO_CHACHA20POLY1305
290 tristate "ChaCha20-Poly1305 AEAD support"
291 select CRYPTO_CHACHA20
292 select CRYPTO_POLY1305
294 select CRYPTO_MANAGER
296 ChaCha20-Poly1305 AEAD support, RFC7539.
298 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
299 with the Poly1305 authenticator. It is defined in RFC7539 for use in
302 config CRYPTO_AEGIS128
303 tristate "AEGIS-128 AEAD algorithm"
305 select CRYPTO_AES # for AES S-box tables
307 Support for the AEGIS-128 dedicated AEAD algorithm.
309 config CRYPTO_AEGIS128L
310 tristate "AEGIS-128L AEAD algorithm"
312 select CRYPTO_AES # for AES S-box tables
314 Support for the AEGIS-128L dedicated AEAD algorithm.
316 config CRYPTO_AEGIS256
317 tristate "AEGIS-256 AEAD algorithm"
319 select CRYPTO_AES # for AES S-box tables
321 Support for the AEGIS-256 dedicated AEAD algorithm.
323 config CRYPTO_AEGIS128_AESNI_SSE2
324 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
325 depends on X86 && 64BIT
329 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
331 config CRYPTO_AEGIS128L_AESNI_SSE2
332 tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
333 depends on X86 && 64BIT
337 AESNI+SSE2 implementation of the AEGIS-128L dedicated AEAD algorithm.
339 config CRYPTO_AEGIS256_AESNI_SSE2
340 tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
341 depends on X86 && 64BIT
345 AESNI+SSE2 implementation of the AEGIS-256 dedicated AEAD algorithm.
347 config CRYPTO_MORUS640
348 tristate "MORUS-640 AEAD algorithm"
351 Support for the MORUS-640 dedicated AEAD algorithm.
353 config CRYPTO_MORUS640_GLUE
359 Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
362 config CRYPTO_MORUS640_SSE2
363 tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
364 depends on X86 && 64BIT
366 select CRYPTO_MORUS640_GLUE
368 SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
370 config CRYPTO_MORUS1280
371 tristate "MORUS-1280 AEAD algorithm"
374 Support for the MORUS-1280 dedicated AEAD algorithm.
376 config CRYPTO_MORUS1280_GLUE
382 Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
385 config CRYPTO_MORUS1280_SSE2
386 tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
387 depends on X86 && 64BIT
389 select CRYPTO_MORUS1280_GLUE
391 SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
394 config CRYPTO_MORUS1280_AVX2
395 tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
396 depends on X86 && 64BIT
398 select CRYPTO_MORUS1280_GLUE
400 AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
404 tristate "Sequence Number IV Generator"
406 select CRYPTO_BLKCIPHER
408 select CRYPTO_RNG_DEFAULT
409 select CRYPTO_MANAGER
411 This IV generator generates an IV based on a sequence number by
412 xoring it with a salt. This algorithm is mainly useful for CTR
414 config CRYPTO_ECHAINIV
415 tristate "Encrypted Chain IV Generator"
418 select CRYPTO_RNG_DEFAULT
419 select CRYPTO_MANAGER
421 This IV generator generates an IV based on the encryption of
422 a sequence number xored with a salt. This is the default
425 comment "Block modes"
428 tristate "CBC support"
429 select CRYPTO_BLKCIPHER
430 select CRYPTO_MANAGER
432 CBC: Cipher Block Chaining mode
433 This block cipher algorithm is required for IPSec.
436 tristate "CFB support"
437 select CRYPTO_BLKCIPHER
438 select CRYPTO_MANAGER
440 CFB: Cipher FeedBack mode
441 This block cipher algorithm is required for TPM2 Cryptography.
444 tristate "CTR support"
445 select CRYPTO_BLKCIPHER
447 select CRYPTO_MANAGER
450 This block cipher algorithm is required for IPSec.
453 tristate "CTS support"
454 select CRYPTO_BLKCIPHER
455 select CRYPTO_MANAGER
457 CTS: Cipher Text Stealing
458 This is the Cipher Text Stealing mode as described by
459 Section 8 of rfc2040 and referenced by rfc3962
460 (rfc3962 includes errata information in its Appendix A) or
461 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
462 This mode is required for Kerberos gss mechanism support
465 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
468 tristate "ECB support"
469 select CRYPTO_BLKCIPHER
470 select CRYPTO_MANAGER
472 ECB: Electronic CodeBook mode
473 This is the simplest block cipher algorithm. It simply encrypts
474 the input block by block.
477 tristate "LRW support"
478 select CRYPTO_BLKCIPHER
479 select CRYPTO_MANAGER
480 select CRYPTO_GF128MUL
482 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
483 narrow block cipher mode for dm-crypt. Use it with cipher
484 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
485 The first 128, 192 or 256 bits in the key are used for AES and the
486 rest is used to tie each cipher block to its logical position.
489 tristate "OFB support"
490 select CRYPTO_BLKCIPHER
491 select CRYPTO_MANAGER
493 OFB: the Output Feedback mode makes a block cipher into a synchronous
494 stream cipher. It generates keystream blocks, which are then XORed
495 with the plaintext blocks to get the ciphertext. Flipping a bit in the
496 ciphertext produces a flipped bit in the plaintext at the same
497 location. This property allows many error correcting codes to function
498 normally even when applied before encryption.
501 tristate "PCBC support"
502 select CRYPTO_BLKCIPHER
503 select CRYPTO_MANAGER
505 PCBC: Propagating Cipher Block Chaining mode
506 This block cipher algorithm is required for RxRPC.
509 tristate "XTS support"
510 select CRYPTO_BLKCIPHER
511 select CRYPTO_MANAGER
514 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
515 key size 256, 384 or 512 bits. This implementation currently
516 can't handle a sectorsize which is not a multiple of 16 bytes.
518 config CRYPTO_KEYWRAP
519 tristate "Key wrapping support"
520 select CRYPTO_BLKCIPHER
521 select CRYPTO_MANAGER
523 Support for key wrapping (NIST SP800-38F / RFC3394) without
526 config CRYPTO_NHPOLY1305
529 select CRYPTO_POLY1305
531 config CRYPTO_NHPOLY1305_SSE2
532 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
533 depends on X86 && 64BIT
534 select CRYPTO_NHPOLY1305
536 SSE2 optimized implementation of the hash function used by the
537 Adiantum encryption mode.
539 config CRYPTO_NHPOLY1305_AVX2
540 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
541 depends on X86 && 64BIT
542 select CRYPTO_NHPOLY1305
544 AVX2 optimized implementation of the hash function used by the
545 Adiantum encryption mode.
547 config CRYPTO_ADIANTUM
548 tristate "Adiantum support"
549 select CRYPTO_CHACHA20
550 select CRYPTO_POLY1305
551 select CRYPTO_NHPOLY1305
552 select CRYPTO_MANAGER
554 Adiantum is a tweakable, length-preserving encryption mode
555 designed for fast and secure disk encryption, especially on
556 CPUs without dedicated crypto instructions. It encrypts
557 each sector using the XChaCha12 stream cipher, two passes of
558 an ε-almost-∆-universal hash function, and an invocation of
559 the AES-256 block cipher on a single 16-byte block. On CPUs
560 without AES instructions, Adiantum is much faster than
563 Adiantum's security is provably reducible to that of its
564 underlying stream and block ciphers, subject to a security
565 bound. Unlike XTS, Adiantum is a true wide-block encryption
566 mode, so it actually provides an even stronger notion of
567 security than XTS, subject to the security bound.
574 tristate "CMAC support"
576 select CRYPTO_MANAGER
578 Cipher-based Message Authentication Code (CMAC) specified by
579 The National Institute of Standards and Technology (NIST).
581 https://tools.ietf.org/html/rfc4493
582 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
585 tristate "HMAC support"
587 select CRYPTO_MANAGER
589 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
590 This is required for IPSec.
593 tristate "XCBC support"
595 select CRYPTO_MANAGER
597 XCBC: Keyed-Hashing with encryption algorithm
598 http://www.ietf.org/rfc/rfc3566.txt
599 http://csrc.nist.gov/encryption/modes/proposedmodes/
600 xcbc-mac/xcbc-mac-spec.pdf
603 tristate "VMAC support"
605 select CRYPTO_MANAGER
607 VMAC is a message authentication algorithm designed for
608 very high speed on 64-bit architectures.
611 <http://fastcrypto.org/vmac>
616 tristate "CRC32c CRC algorithm"
620 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
621 by iSCSI for header and data digests and by others.
622 See Castagnoli93. Module will be crc32c.
624 config CRYPTO_CRC32C_INTEL
625 tristate "CRC32c INTEL hardware acceleration"
629 In Intel processor with SSE4.2 supported, the processor will
630 support CRC32C implementation using hardware accelerated CRC32
631 instruction. This option will create 'crc32c-intel' module,
632 which will enable any routine to use the CRC32 instruction to
633 gain performance compared with software implementation.
634 Module will be crc32c-intel.
636 config CRYPTO_CRC32C_VPMSUM
637 tristate "CRC32c CRC algorithm (powerpc64)"
638 depends on PPC64 && ALTIVEC
642 CRC32c algorithm implemented using vector polynomial multiply-sum
643 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
644 and newer processors for improved performance.
647 config CRYPTO_CRC32C_SPARC64
648 tristate "CRC32c CRC algorithm (SPARC64)"
653 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
657 tristate "CRC32 CRC algorithm"
661 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
662 Shash crypto api wrappers to crc32_le function.
664 config CRYPTO_CRC32_PCLMUL
665 tristate "CRC32 PCLMULQDQ hardware acceleration"
670 From Intel Westmere and AMD Bulldozer processor with SSE4.2
671 and PCLMULQDQ supported, the processor will support
672 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
673 instruction. This option will create 'crc32-pclmul' module,
674 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
675 and gain better performance as compared with the table implementation.
677 config CRYPTO_CRC32_MIPS
678 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
679 depends on MIPS_CRC_SUPPORT
682 CRC32c and CRC32 CRC algorithms implemented using mips crypto
683 instructions, when available.
686 config CRYPTO_CRCT10DIF
687 tristate "CRCT10DIF algorithm"
690 CRC T10 Data Integrity Field computation is being cast as
691 a crypto transform. This allows for faster crc t10 diff
692 transforms to be used if they are available.
694 config CRYPTO_CRCT10DIF_PCLMUL
695 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
696 depends on X86 && 64BIT && CRC_T10DIF
699 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
700 CRC T10 DIF PCLMULQDQ computation can be hardware
701 accelerated PCLMULQDQ instruction. This option will create
702 'crct10dif-pclmul' module, which is faster when computing the
703 crct10dif checksum as compared with the generic table implementation.
705 config CRYPTO_CRCT10DIF_VPMSUM
706 tristate "CRC32T10DIF powerpc64 hardware acceleration"
707 depends on PPC64 && ALTIVEC && CRC_T10DIF
710 CRC10T10DIF algorithm implemented using vector polynomial
711 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
712 POWER8 and newer processors for improved performance.
714 config CRYPTO_VPMSUM_TESTER
715 tristate "Powerpc64 vpmsum hardware acceleration tester"
716 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
718 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
719 POWER8 vpmsum instructions.
720 Unless you are testing these algorithms, you don't need this.
723 tristate "GHASH digest algorithm"
724 select CRYPTO_GF128MUL
727 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
729 config CRYPTO_POLY1305
730 tristate "Poly1305 authenticator algorithm"
733 Poly1305 authenticator algorithm, RFC7539.
735 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
736 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
737 in IETF protocols. This is the portable C implementation of Poly1305.
739 config CRYPTO_POLY1305_X86_64
740 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
741 depends on X86 && 64BIT
742 select CRYPTO_POLY1305
744 Poly1305 authenticator algorithm, RFC7539.
746 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
747 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
748 in IETF protocols. This is the x86_64 assembler implementation using SIMD
752 tristate "MD4 digest algorithm"
755 MD4 message digest algorithm (RFC1320).
758 tristate "MD5 digest algorithm"
761 MD5 message digest algorithm (RFC1321).
763 config CRYPTO_MD5_OCTEON
764 tristate "MD5 digest algorithm (OCTEON)"
765 depends on CPU_CAVIUM_OCTEON
769 MD5 message digest algorithm (RFC1321) implemented
770 using OCTEON crypto instructions, when available.
772 config CRYPTO_MD5_PPC
773 tristate "MD5 digest algorithm (PPC)"
777 MD5 message digest algorithm (RFC1321) implemented
780 config CRYPTO_MD5_SPARC64
781 tristate "MD5 digest algorithm (SPARC64)"
786 MD5 message digest algorithm (RFC1321) implemented
787 using sparc64 crypto instructions, when available.
789 config CRYPTO_MICHAEL_MIC
790 tristate "Michael MIC keyed digest algorithm"
793 Michael MIC is used for message integrity protection in TKIP
794 (IEEE 802.11i). This algorithm is required for TKIP, but it
795 should not be used for other purposes because of the weakness
799 tristate "RIPEMD-128 digest algorithm"
802 RIPEMD-128 (ISO/IEC 10118-3:2004).
804 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
805 be used as a secure replacement for RIPEMD. For other use cases,
806 RIPEMD-160 should be used.
808 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
809 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
812 tristate "RIPEMD-160 digest algorithm"
815 RIPEMD-160 (ISO/IEC 10118-3:2004).
817 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
818 to be used as a secure replacement for the 128-bit hash functions
819 MD4, MD5 and it's predecessor RIPEMD
820 (not to be confused with RIPEMD-128).
822 It's speed is comparable to SHA1 and there are no known attacks
825 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
826 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
829 tristate "RIPEMD-256 digest algorithm"
832 RIPEMD-256 is an optional extension of RIPEMD-128 with a
833 256 bit hash. It is intended for applications that require
834 longer hash-results, without needing a larger security level
837 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
838 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
841 tristate "RIPEMD-320 digest algorithm"
844 RIPEMD-320 is an optional extension of RIPEMD-160 with a
845 320 bit hash. It is intended for applications that require
846 longer hash-results, without needing a larger security level
849 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
850 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
853 tristate "SHA1 digest algorithm"
856 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
858 config CRYPTO_SHA1_SSSE3
859 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
860 depends on X86 && 64BIT
864 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
865 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
866 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
869 config CRYPTO_SHA256_SSSE3
870 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
871 depends on X86 && 64BIT
875 SHA-256 secure hash standard (DFIPS 180-2) implemented
876 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
877 Extensions version 1 (AVX1), or Advanced Vector Extensions
878 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
879 Instructions) when available.
881 config CRYPTO_SHA512_SSSE3
882 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
883 depends on X86 && 64BIT
887 SHA-512 secure hash standard (DFIPS 180-2) implemented
888 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
889 Extensions version 1 (AVX1), or Advanced Vector Extensions
890 version 2 (AVX2) instructions, when available.
892 config CRYPTO_SHA1_OCTEON
893 tristate "SHA1 digest algorithm (OCTEON)"
894 depends on CPU_CAVIUM_OCTEON
898 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
899 using OCTEON crypto instructions, when available.
901 config CRYPTO_SHA1_SPARC64
902 tristate "SHA1 digest algorithm (SPARC64)"
907 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
908 using sparc64 crypto instructions, when available.
910 config CRYPTO_SHA1_PPC
911 tristate "SHA1 digest algorithm (powerpc)"
914 This is the powerpc hardware accelerated implementation of the
915 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
917 config CRYPTO_SHA1_PPC_SPE
918 tristate "SHA1 digest algorithm (PPC SPE)"
919 depends on PPC && SPE
921 SHA-1 secure hash standard (DFIPS 180-4) implemented
922 using powerpc SPE SIMD instruction set.
925 tristate "SHA224 and SHA256 digest algorithm"
928 SHA256 secure hash standard (DFIPS 180-2).
930 This version of SHA implements a 256 bit hash with 128 bits of
931 security against collision attacks.
933 This code also includes SHA-224, a 224 bit hash with 112 bits
934 of security against collision attacks.
936 config CRYPTO_SHA256_PPC_SPE
937 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
938 depends on PPC && SPE
942 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
943 implemented using powerpc SPE SIMD instruction set.
945 config CRYPTO_SHA256_OCTEON
946 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
947 depends on CPU_CAVIUM_OCTEON
951 SHA-256 secure hash standard (DFIPS 180-2) implemented
952 using OCTEON crypto instructions, when available.
954 config CRYPTO_SHA256_SPARC64
955 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
960 SHA-256 secure hash standard (DFIPS 180-2) implemented
961 using sparc64 crypto instructions, when available.
964 tristate "SHA384 and SHA512 digest algorithms"
967 SHA512 secure hash standard (DFIPS 180-2).
969 This version of SHA implements a 512 bit hash with 256 bits of
970 security against collision attacks.
972 This code also includes SHA-384, a 384 bit hash with 192 bits
973 of security against collision attacks.
975 config CRYPTO_SHA512_OCTEON
976 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
977 depends on CPU_CAVIUM_OCTEON
981 SHA-512 secure hash standard (DFIPS 180-2) implemented
982 using OCTEON crypto instructions, when available.
984 config CRYPTO_SHA512_SPARC64
985 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
990 SHA-512 secure hash standard (DFIPS 180-2) implemented
991 using sparc64 crypto instructions, when available.
994 tristate "SHA3 digest algorithm"
997 SHA-3 secure hash standard (DFIPS 202). It's based on
998 cryptographic sponge function family called Keccak.
1001 http://keccak.noekeon.org/
1004 tristate "SM3 digest algorithm"
1007 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
1008 It is part of the Chinese Commercial Cryptography suite.
1011 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1012 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1014 config CRYPTO_STREEBOG
1015 tristate "Streebog Hash Function"
1018 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1019 cryptographic standard algorithms (called GOST algorithms).
1020 This setting enables two hash algorithms with 256 and 512 bits output.
1023 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1024 https://tools.ietf.org/html/rfc6986
1026 config CRYPTO_TGR192
1027 tristate "Tiger digest algorithms"
1030 Tiger hash algorithm 192, 160 and 128-bit hashes
1032 Tiger is a hash function optimized for 64-bit processors while
1033 still having decent performance on 32-bit processors.
1034 Tiger was developed by Ross Anderson and Eli Biham.
1037 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
1040 tristate "Whirlpool digest algorithms"
1043 Whirlpool hash algorithm 512, 384 and 256-bit hashes
1045 Whirlpool-512 is part of the NESSIE cryptographic primitives.
1046 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
1049 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1051 config CRYPTO_GHASH_CLMUL_NI_INTEL
1052 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
1053 depends on X86 && 64BIT
1054 select CRYPTO_CRYPTD
1056 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
1057 The implementation is accelerated by CLMUL-NI of Intel.
1062 tristate "AES cipher algorithms"
1063 select CRYPTO_ALGAPI
1065 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1068 Rijndael appears to be consistently a very good performer in
1069 both hardware and software across a wide range of computing
1070 environments regardless of its use in feedback or non-feedback
1071 modes. Its key setup time is excellent, and its key agility is
1072 good. Rijndael's very low memory requirements make it very well
1073 suited for restricted-space environments, in which it also
1074 demonstrates excellent performance. Rijndael's operations are
1075 among the easiest to defend against power and timing attacks.
1077 The AES specifies three key sizes: 128, 192 and 256 bits
1079 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1081 config CRYPTO_AES_TI
1082 tristate "Fixed time AES cipher"
1083 select CRYPTO_ALGAPI
1085 This is a generic implementation of AES that attempts to eliminate
1086 data dependent latencies as much as possible without affecting
1087 performance too much. It is intended for use by the generic CCM
1088 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1089 solely on encryption (although decryption is supported as well, but
1090 with a more dramatic performance hit)
1092 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1093 8 for decryption), this implementation only uses just two S-boxes of
1094 256 bytes each, and attempts to eliminate data dependent latencies by
1095 prefetching the entire table into the cache at the start of each
1096 block. Interrupts are also disabled to avoid races where cachelines
1097 are evicted when the CPU is interrupted to do something else.
1099 config CRYPTO_AES_586
1100 tristate "AES cipher algorithms (i586)"
1101 depends on (X86 || UML_X86) && !64BIT
1102 select CRYPTO_ALGAPI
1105 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1108 Rijndael appears to be consistently a very good performer in
1109 both hardware and software across a wide range of computing
1110 environments regardless of its use in feedback or non-feedback
1111 modes. Its key setup time is excellent, and its key agility is
1112 good. Rijndael's very low memory requirements make it very well
1113 suited for restricted-space environments, in which it also
1114 demonstrates excellent performance. Rijndael's operations are
1115 among the easiest to defend against power and timing attacks.
1117 The AES specifies three key sizes: 128, 192 and 256 bits
1119 See <http://csrc.nist.gov/encryption/aes/> for more information.
1121 config CRYPTO_AES_X86_64
1122 tristate "AES cipher algorithms (x86_64)"
1123 depends on (X86 || UML_X86) && 64BIT
1124 select CRYPTO_ALGAPI
1127 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1130 Rijndael appears to be consistently a very good performer in
1131 both hardware and software across a wide range of computing
1132 environments regardless of its use in feedback or non-feedback
1133 modes. Its key setup time is excellent, and its key agility is
1134 good. Rijndael's very low memory requirements make it very well
1135 suited for restricted-space environments, in which it also
1136 demonstrates excellent performance. Rijndael's operations are
1137 among the easiest to defend against power and timing attacks.
1139 The AES specifies three key sizes: 128, 192 and 256 bits
1141 See <http://csrc.nist.gov/encryption/aes/> for more information.
1143 config CRYPTO_AES_NI_INTEL
1144 tristate "AES cipher algorithms (AES-NI)"
1147 select CRYPTO_AES_X86_64 if 64BIT
1148 select CRYPTO_AES_586 if !64BIT
1149 select CRYPTO_ALGAPI
1150 select CRYPTO_BLKCIPHER
1151 select CRYPTO_GLUE_HELPER_X86 if 64BIT
1154 Use Intel AES-NI instructions for AES algorithm.
1156 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1159 Rijndael appears to be consistently a very good performer in
1160 both hardware and software across a wide range of computing
1161 environments regardless of its use in feedback or non-feedback
1162 modes. Its key setup time is excellent, and its key agility is
1163 good. Rijndael's very low memory requirements make it very well
1164 suited for restricted-space environments, in which it also
1165 demonstrates excellent performance. Rijndael's operations are
1166 among the easiest to defend against power and timing attacks.
1168 The AES specifies three key sizes: 128, 192 and 256 bits
1170 See <http://csrc.nist.gov/encryption/aes/> for more information.
1172 In addition to AES cipher algorithm support, the acceleration
1173 for some popular block cipher mode is supported too, including
1174 ECB, CBC, LRW, XTS. The 64 bit version has additional
1175 acceleration for CTR.
1177 config CRYPTO_AES_SPARC64
1178 tristate "AES cipher algorithms (SPARC64)"
1180 select CRYPTO_CRYPTD
1181 select CRYPTO_ALGAPI
1183 Use SPARC64 crypto opcodes for AES algorithm.
1185 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1188 Rijndael appears to be consistently a very good performer in
1189 both hardware and software across a wide range of computing
1190 environments regardless of its use in feedback or non-feedback
1191 modes. Its key setup time is excellent, and its key agility is
1192 good. Rijndael's very low memory requirements make it very well
1193 suited for restricted-space environments, in which it also
1194 demonstrates excellent performance. Rijndael's operations are
1195 among the easiest to defend against power and timing attacks.
1197 The AES specifies three key sizes: 128, 192 and 256 bits
1199 See <http://csrc.nist.gov/encryption/aes/> for more information.
1201 In addition to AES cipher algorithm support, the acceleration
1202 for some popular block cipher mode is supported too, including
1205 config CRYPTO_AES_PPC_SPE
1206 tristate "AES cipher algorithms (PPC SPE)"
1207 depends on PPC && SPE
1209 AES cipher algorithms (FIPS-197). Additionally the acceleration
1210 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1211 This module should only be used for low power (router) devices
1212 without hardware AES acceleration (e.g. caam crypto). It reduces the
1213 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1214 timining attacks. Nevertheless it might be not as secure as other
1215 architecture specific assembler implementations that work on 1KB
1216 tables or 256 bytes S-boxes.
1218 config CRYPTO_ANUBIS
1219 tristate "Anubis cipher algorithm"
1220 select CRYPTO_ALGAPI
1222 Anubis cipher algorithm.
1224 Anubis is a variable key length cipher which can use keys from
1225 128 bits to 320 bits in length. It was evaluated as a entrant
1226 in the NESSIE competition.
1229 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1230 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1233 tristate "ARC4 cipher algorithm"
1234 select CRYPTO_BLKCIPHER
1236 ARC4 cipher algorithm.
1238 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1239 bits in length. This algorithm is required for driver-based
1240 WEP, but it should not be for other purposes because of the
1241 weakness of the algorithm.
1243 config CRYPTO_BLOWFISH
1244 tristate "Blowfish cipher algorithm"
1245 select CRYPTO_ALGAPI
1246 select CRYPTO_BLOWFISH_COMMON
1248 Blowfish cipher algorithm, by Bruce Schneier.
1250 This is a variable key length cipher which can use keys from 32
1251 bits to 448 bits in length. It's fast, simple and specifically
1252 designed for use on "large microprocessors".
1255 <http://www.schneier.com/blowfish.html>
1257 config CRYPTO_BLOWFISH_COMMON
1260 Common parts of the Blowfish cipher algorithm shared by the
1261 generic c and the assembler implementations.
1264 <http://www.schneier.com/blowfish.html>
1266 config CRYPTO_BLOWFISH_X86_64
1267 tristate "Blowfish cipher algorithm (x86_64)"
1268 depends on X86 && 64BIT
1269 select CRYPTO_BLKCIPHER
1270 select CRYPTO_BLOWFISH_COMMON
1272 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1274 This is a variable key length cipher which can use keys from 32
1275 bits to 448 bits in length. It's fast, simple and specifically
1276 designed for use on "large microprocessors".
1279 <http://www.schneier.com/blowfish.html>
1281 config CRYPTO_CAMELLIA
1282 tristate "Camellia cipher algorithms"
1284 select CRYPTO_ALGAPI
1286 Camellia cipher algorithms module.
1288 Camellia is a symmetric key block cipher developed jointly
1289 at NTT and Mitsubishi Electric Corporation.
1291 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1294 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1296 config CRYPTO_CAMELLIA_X86_64
1297 tristate "Camellia cipher algorithm (x86_64)"
1298 depends on X86 && 64BIT
1300 select CRYPTO_BLKCIPHER
1301 select CRYPTO_GLUE_HELPER_X86
1303 Camellia cipher algorithm module (x86_64).
1305 Camellia is a symmetric key block cipher developed jointly
1306 at NTT and Mitsubishi Electric Corporation.
1308 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1311 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1313 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1314 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1315 depends on X86 && 64BIT
1317 select CRYPTO_BLKCIPHER
1318 select CRYPTO_CAMELLIA_X86_64
1319 select CRYPTO_GLUE_HELPER_X86
1323 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1325 Camellia is a symmetric key block cipher developed jointly
1326 at NTT and Mitsubishi Electric Corporation.
1328 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1331 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1333 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1334 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1335 depends on X86 && 64BIT
1337 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1339 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1341 Camellia is a symmetric key block cipher developed jointly
1342 at NTT and Mitsubishi Electric Corporation.
1344 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1347 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1349 config CRYPTO_CAMELLIA_SPARC64
1350 tristate "Camellia cipher algorithm (SPARC64)"
1353 select CRYPTO_ALGAPI
1355 Camellia cipher algorithm module (SPARC64).
1357 Camellia is a symmetric key block cipher developed jointly
1358 at NTT and Mitsubishi Electric Corporation.
1360 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1363 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1365 config CRYPTO_CAST_COMMON
1368 Common parts of the CAST cipher algorithms shared by the
1369 generic c and the assembler implementations.
1372 tristate "CAST5 (CAST-128) cipher algorithm"
1373 select CRYPTO_ALGAPI
1374 select CRYPTO_CAST_COMMON
1376 The CAST5 encryption algorithm (synonymous with CAST-128) is
1377 described in RFC2144.
1379 config CRYPTO_CAST5_AVX_X86_64
1380 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1381 depends on X86 && 64BIT
1382 select CRYPTO_BLKCIPHER
1384 select CRYPTO_CAST_COMMON
1387 The CAST5 encryption algorithm (synonymous with CAST-128) is
1388 described in RFC2144.
1390 This module provides the Cast5 cipher algorithm that processes
1391 sixteen blocks parallel using the AVX instruction set.
1394 tristate "CAST6 (CAST-256) cipher algorithm"
1395 select CRYPTO_ALGAPI
1396 select CRYPTO_CAST_COMMON
1398 The CAST6 encryption algorithm (synonymous with CAST-256) is
1399 described in RFC2612.
1401 config CRYPTO_CAST6_AVX_X86_64
1402 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1403 depends on X86 && 64BIT
1404 select CRYPTO_BLKCIPHER
1406 select CRYPTO_CAST_COMMON
1407 select CRYPTO_GLUE_HELPER_X86
1411 The CAST6 encryption algorithm (synonymous with CAST-256) is
1412 described in RFC2612.
1414 This module provides the Cast6 cipher algorithm that processes
1415 eight blocks parallel using the AVX instruction set.
1418 tristate "DES and Triple DES EDE cipher algorithms"
1419 select CRYPTO_ALGAPI
1421 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1423 config CRYPTO_DES_SPARC64
1424 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1426 select CRYPTO_ALGAPI
1429 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1430 optimized using SPARC64 crypto opcodes.
1432 config CRYPTO_DES3_EDE_X86_64
1433 tristate "Triple DES EDE cipher algorithm (x86-64)"
1434 depends on X86 && 64BIT
1435 select CRYPTO_BLKCIPHER
1438 Triple DES EDE (FIPS 46-3) algorithm.
1440 This module provides implementation of the Triple DES EDE cipher
1441 algorithm that is optimized for x86-64 processors. Two versions of
1442 algorithm are provided; regular processing one input block and
1443 one that processes three blocks parallel.
1445 config CRYPTO_FCRYPT
1446 tristate "FCrypt cipher algorithm"
1447 select CRYPTO_ALGAPI
1448 select CRYPTO_BLKCIPHER
1450 FCrypt algorithm used by RxRPC.
1452 config CRYPTO_KHAZAD
1453 tristate "Khazad cipher algorithm"
1454 select CRYPTO_ALGAPI
1456 Khazad cipher algorithm.
1458 Khazad was a finalist in the initial NESSIE competition. It is
1459 an algorithm optimized for 64-bit processors with good performance
1460 on 32-bit processors. Khazad uses an 128 bit key size.
1463 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1465 config CRYPTO_SALSA20
1466 tristate "Salsa20 stream cipher algorithm"
1467 select CRYPTO_BLKCIPHER
1469 Salsa20 stream cipher algorithm.
1471 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1472 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1474 The Salsa20 stream cipher algorithm is designed by Daniel J.
1475 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1477 config CRYPTO_CHACHA20
1478 tristate "ChaCha stream cipher algorithms"
1479 select CRYPTO_BLKCIPHER
1481 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
1483 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1484 Bernstein and further specified in RFC7539 for use in IETF protocols.
1485 This is the portable C implementation of ChaCha20. See also:
1486 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1488 XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1489 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
1490 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1491 while provably retaining ChaCha20's security. See also:
1492 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1494 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1495 reduced security margin but increased performance. It can be needed
1496 in some performance-sensitive scenarios.
1498 config CRYPTO_CHACHA20_X86_64
1499 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
1500 depends on X86 && 64BIT
1501 select CRYPTO_BLKCIPHER
1502 select CRYPTO_CHACHA20
1504 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1505 XChaCha20, and XChaCha12 stream ciphers.
1508 tristate "SEED cipher algorithm"
1509 select CRYPTO_ALGAPI
1511 SEED cipher algorithm (RFC4269).
1513 SEED is a 128-bit symmetric key block cipher that has been
1514 developed by KISA (Korea Information Security Agency) as a
1515 national standard encryption algorithm of the Republic of Korea.
1516 It is a 16 round block cipher with the key size of 128 bit.
1519 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1521 config CRYPTO_SERPENT
1522 tristate "Serpent cipher algorithm"
1523 select CRYPTO_ALGAPI
1525 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1527 Keys are allowed to be from 0 to 256 bits in length, in steps
1528 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
1529 variant of Serpent for compatibility with old kerneli.org code.
1532 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1534 config CRYPTO_SERPENT_SSE2_X86_64
1535 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1536 depends on X86 && 64BIT
1537 select CRYPTO_BLKCIPHER
1538 select CRYPTO_GLUE_HELPER_X86
1539 select CRYPTO_SERPENT
1542 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1544 Keys are allowed to be from 0 to 256 bits in length, in steps
1547 This module provides Serpent cipher algorithm that processes eight
1548 blocks parallel using SSE2 instruction set.
1551 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1553 config CRYPTO_SERPENT_SSE2_586
1554 tristate "Serpent cipher algorithm (i586/SSE2)"
1555 depends on X86 && !64BIT
1556 select CRYPTO_BLKCIPHER
1557 select CRYPTO_GLUE_HELPER_X86
1558 select CRYPTO_SERPENT
1561 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1563 Keys are allowed to be from 0 to 256 bits in length, in steps
1566 This module provides Serpent cipher algorithm that processes four
1567 blocks parallel using SSE2 instruction set.
1570 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1572 config CRYPTO_SERPENT_AVX_X86_64
1573 tristate "Serpent cipher algorithm (x86_64/AVX)"
1574 depends on X86 && 64BIT
1575 select CRYPTO_BLKCIPHER
1576 select CRYPTO_GLUE_HELPER_X86
1577 select CRYPTO_SERPENT
1581 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1583 Keys are allowed to be from 0 to 256 bits in length, in steps
1586 This module provides the Serpent cipher algorithm that processes
1587 eight blocks parallel using the AVX instruction set.
1590 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1592 config CRYPTO_SERPENT_AVX2_X86_64
1593 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1594 depends on X86 && 64BIT
1595 select CRYPTO_SERPENT_AVX_X86_64
1597 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1599 Keys are allowed to be from 0 to 256 bits in length, in steps
1602 This module provides Serpent cipher algorithm that processes 16
1603 blocks parallel using AVX2 instruction set.
1606 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1609 tristate "SM4 cipher algorithm"
1610 select CRYPTO_ALGAPI
1612 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1614 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1615 Organization of State Commercial Administration of China (OSCCA)
1616 as an authorized cryptographic algorithms for the use within China.
1618 SMS4 was originally created for use in protecting wireless
1619 networks, and is mandated in the Chinese National Standard for
1620 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1623 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1624 standardized through TC 260 of the Standardization Administration
1625 of the People's Republic of China (SAC).
1627 The input, output, and key of SMS4 are each 128 bits.
1629 See also: <https://eprint.iacr.org/2008/329.pdf>
1634 tristate "TEA, XTEA and XETA cipher algorithms"
1635 select CRYPTO_ALGAPI
1637 TEA cipher algorithm.
1639 Tiny Encryption Algorithm is a simple cipher that uses
1640 many rounds for security. It is very fast and uses
1643 Xtendend Tiny Encryption Algorithm is a modification to
1644 the TEA algorithm to address a potential key weakness
1645 in the TEA algorithm.
1647 Xtendend Encryption Tiny Algorithm is a mis-implementation
1648 of the XTEA algorithm for compatibility purposes.
1650 config CRYPTO_TWOFISH
1651 tristate "Twofish cipher algorithm"
1652 select CRYPTO_ALGAPI
1653 select CRYPTO_TWOFISH_COMMON
1655 Twofish cipher algorithm.
1657 Twofish was submitted as an AES (Advanced Encryption Standard)
1658 candidate cipher by researchers at CounterPane Systems. It is a
1659 16 round block cipher supporting key sizes of 128, 192, and 256
1663 <http://www.schneier.com/twofish.html>
1665 config CRYPTO_TWOFISH_COMMON
1668 Common parts of the Twofish cipher algorithm shared by the
1669 generic c and the assembler implementations.
1671 config CRYPTO_TWOFISH_586
1672 tristate "Twofish cipher algorithms (i586)"
1673 depends on (X86 || UML_X86) && !64BIT
1674 select CRYPTO_ALGAPI
1675 select CRYPTO_TWOFISH_COMMON
1677 Twofish cipher algorithm.
1679 Twofish was submitted as an AES (Advanced Encryption Standard)
1680 candidate cipher by researchers at CounterPane Systems. It is a
1681 16 round block cipher supporting key sizes of 128, 192, and 256
1685 <http://www.schneier.com/twofish.html>
1687 config CRYPTO_TWOFISH_X86_64
1688 tristate "Twofish cipher algorithm (x86_64)"
1689 depends on (X86 || UML_X86) && 64BIT
1690 select CRYPTO_ALGAPI
1691 select CRYPTO_TWOFISH_COMMON
1693 Twofish cipher algorithm (x86_64).
1695 Twofish was submitted as an AES (Advanced Encryption Standard)
1696 candidate cipher by researchers at CounterPane Systems. It is a
1697 16 round block cipher supporting key sizes of 128, 192, and 256
1701 <http://www.schneier.com/twofish.html>
1703 config CRYPTO_TWOFISH_X86_64_3WAY
1704 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1705 depends on X86 && 64BIT
1706 select CRYPTO_BLKCIPHER
1707 select CRYPTO_TWOFISH_COMMON
1708 select CRYPTO_TWOFISH_X86_64
1709 select CRYPTO_GLUE_HELPER_X86
1711 Twofish cipher algorithm (x86_64, 3-way parallel).
1713 Twofish was submitted as an AES (Advanced Encryption Standard)
1714 candidate cipher by researchers at CounterPane Systems. It is a
1715 16 round block cipher supporting key sizes of 128, 192, and 256
1718 This module provides Twofish cipher algorithm that processes three
1719 blocks parallel, utilizing resources of out-of-order CPUs better.
1722 <http://www.schneier.com/twofish.html>
1724 config CRYPTO_TWOFISH_AVX_X86_64
1725 tristate "Twofish cipher algorithm (x86_64/AVX)"
1726 depends on X86 && 64BIT
1727 select CRYPTO_BLKCIPHER
1728 select CRYPTO_GLUE_HELPER_X86
1730 select CRYPTO_TWOFISH_COMMON
1731 select CRYPTO_TWOFISH_X86_64
1732 select CRYPTO_TWOFISH_X86_64_3WAY
1734 Twofish cipher algorithm (x86_64/AVX).
1736 Twofish was submitted as an AES (Advanced Encryption Standard)
1737 candidate cipher by researchers at CounterPane Systems. It is a
1738 16 round block cipher supporting key sizes of 128, 192, and 256
1741 This module provides the Twofish cipher algorithm that processes
1742 eight blocks parallel using the AVX Instruction Set.
1745 <http://www.schneier.com/twofish.html>
1747 comment "Compression"
1749 config CRYPTO_DEFLATE
1750 tristate "Deflate compression algorithm"
1751 select CRYPTO_ALGAPI
1752 select CRYPTO_ACOMP2
1756 This is the Deflate algorithm (RFC1951), specified for use in
1757 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1759 You will most probably want this if using IPSec.
1762 tristate "LZO compression algorithm"
1763 select CRYPTO_ALGAPI
1764 select CRYPTO_ACOMP2
1766 select LZO_DECOMPRESS
1768 This is the LZO algorithm.
1771 tristate "842 compression algorithm"
1772 select CRYPTO_ALGAPI
1773 select CRYPTO_ACOMP2
1775 select 842_DECOMPRESS
1777 This is the 842 algorithm.
1780 tristate "LZ4 compression algorithm"
1781 select CRYPTO_ALGAPI
1782 select CRYPTO_ACOMP2
1784 select LZ4_DECOMPRESS
1786 This is the LZ4 algorithm.
1789 tristate "LZ4HC compression algorithm"
1790 select CRYPTO_ALGAPI
1791 select CRYPTO_ACOMP2
1792 select LZ4HC_COMPRESS
1793 select LZ4_DECOMPRESS
1795 This is the LZ4 high compression mode algorithm.
1798 tristate "Zstd compression algorithm"
1799 select CRYPTO_ALGAPI
1800 select CRYPTO_ACOMP2
1801 select ZSTD_COMPRESS
1802 select ZSTD_DECOMPRESS
1804 This is the zstd algorithm.
1806 comment "Random Number Generation"
1808 config CRYPTO_ANSI_CPRNG
1809 tristate "Pseudo Random Number Generation for Cryptographic modules"
1813 This option enables the generic pseudo random number generator
1814 for cryptographic modules. Uses the Algorithm specified in
1815 ANSI X9.31 A.2.4. Note that this option must be enabled if
1816 CRYPTO_FIPS is selected
1818 menuconfig CRYPTO_DRBG_MENU
1819 tristate "NIST SP800-90A DRBG"
1821 NIST SP800-90A compliant DRBG. In the following submenu, one or
1822 more of the DRBG types must be selected.
1826 config CRYPTO_DRBG_HMAC
1830 select CRYPTO_SHA256
1832 config CRYPTO_DRBG_HASH
1833 bool "Enable Hash DRBG"
1834 select CRYPTO_SHA256
1836 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1838 config CRYPTO_DRBG_CTR
1839 bool "Enable CTR DRBG"
1841 depends on CRYPTO_CTR
1843 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1847 default CRYPTO_DRBG_MENU
1849 select CRYPTO_JITTERENTROPY
1851 endif # if CRYPTO_DRBG_MENU
1853 config CRYPTO_JITTERENTROPY
1854 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1857 The Jitterentropy RNG is a noise that is intended
1858 to provide seed to another RNG. The RNG does not
1859 perform any cryptographic whitening of the generated
1860 random numbers. This Jitterentropy RNG registers with
1861 the kernel crypto API and can be used by any caller.
1863 config CRYPTO_USER_API
1866 config CRYPTO_USER_API_HASH
1867 tristate "User-space interface for hash algorithms"
1870 select CRYPTO_USER_API
1872 This option enables the user-spaces interface for hash
1875 config CRYPTO_USER_API_SKCIPHER
1876 tristate "User-space interface for symmetric key cipher algorithms"
1878 select CRYPTO_BLKCIPHER
1879 select CRYPTO_USER_API
1881 This option enables the user-spaces interface for symmetric
1882 key cipher algorithms.
1884 config CRYPTO_USER_API_RNG
1885 tristate "User-space interface for random number generator algorithms"
1888 select CRYPTO_USER_API
1890 This option enables the user-spaces interface for random
1891 number generator algorithms.
1893 config CRYPTO_USER_API_AEAD
1894 tristate "User-space interface for AEAD cipher algorithms"
1897 select CRYPTO_BLKCIPHER
1899 select CRYPTO_USER_API
1901 This option enables the user-spaces interface for AEAD
1905 bool "Crypto usage statistics for User-space"
1906 depends on CRYPTO_USER
1908 This option enables the gathering of crypto stats.
1910 - encrypt/decrypt size and numbers of symmeric operations
1911 - compress/decompress size and numbers of compress operations
1912 - size and numbers of hash operations
1913 - encrypt/decrypt/sign/verify numbers for asymmetric operations
1914 - generate/seed numbers for rng operations
1916 config CRYPTO_HASH_INFO
1919 source "drivers/crypto/Kconfig"
1920 source "crypto/asymmetric_keys/Kconfig"
1921 source "certs/Kconfig"