1 # SPDX-License-Identifier: GPL-2.0
3 # Generic algorithms support
9 # async_tx api: hardware offloaded memory transfer/transform support
11 source "crypto/async_tx/Kconfig"
14 # Cryptographic API Configuration
17 tristate "Cryptographic API"
19 This option provides the core Cryptographic API.
23 comment "Crypto core or helper"
26 bool "FIPS 200 compliance"
27 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
28 depends on (MODULE_SIG || !MODULES)
30 This option enables the fips boot option which is
31 required if you want the system to operate in a FIPS 200
32 certification. You should say no unless you know what
39 This option provides the API for cryptographic algorithms.
55 config CRYPTO_BLKCIPHER
57 select CRYPTO_BLKCIPHER2
60 config CRYPTO_BLKCIPHER2
83 config CRYPTO_RNG_DEFAULT
85 select CRYPTO_DRBG_MENU
87 config CRYPTO_AKCIPHER2
91 config CRYPTO_AKCIPHER
93 select CRYPTO_AKCIPHER2
107 select CRYPTO_ALGAPI2
115 config CRYPTO_MANAGER
116 tristate "Cryptographic algorithm manager"
117 select CRYPTO_MANAGER2
119 Create default cryptographic template instantiations such as
122 config CRYPTO_MANAGER2
123 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
126 select CRYPTO_BLKCIPHER2
127 select CRYPTO_AKCIPHER2
132 tristate "Userspace cryptographic algorithm configuration"
134 select CRYPTO_MANAGER
136 Userspace configuration for cryptographic instantiations such as
141 config CRYPTO_MANAGER_DISABLE_TESTS
142 bool "Disable run-time self tests"
145 Disable run-time self tests that normally take place at
146 algorithm registration.
148 config CRYPTO_MANAGER_EXTRA_TESTS
149 bool "Enable extra run-time crypto self tests"
150 depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS
152 Enable extra run-time self tests of registered crypto algorithms,
153 including randomized fuzz tests.
155 This is intended for developer use only, as these tests take much
156 longer to run than the normal self tests.
158 endif # if CRYPTO_MANAGER2
160 config CRYPTO_GF128MUL
164 tristate "Null algorithms"
167 These are 'Null' algorithms, used by IPsec, which do nothing.
171 select CRYPTO_ALGAPI2
172 select CRYPTO_BLKCIPHER2
176 tristate "Parallel crypto engine"
179 select CRYPTO_MANAGER
182 This converts an arbitrary crypto algorithm into a parallel
183 algorithm that executes in kernel threads.
186 tristate "Software async crypto daemon"
187 select CRYPTO_BLKCIPHER
189 select CRYPTO_MANAGER
191 This is a generic software asynchronous crypto daemon that
192 converts an arbitrary synchronous software crypto algorithm
193 into an asynchronous algorithm that executes in a kernel thread.
195 config CRYPTO_AUTHENC
196 tristate "Authenc support"
198 select CRYPTO_BLKCIPHER
199 select CRYPTO_MANAGER
203 Authenc: Combined mode wrapper for IPsec.
204 This is required for IPSec.
207 tristate "Testing module"
209 select CRYPTO_MANAGER
211 Quick & dirty crypto test module.
217 config CRYPTO_GLUE_HELPER_X86
220 select CRYPTO_BLKCIPHER
225 comment "Public-key cryptography"
228 tristate "RSA algorithm"
229 select CRYPTO_AKCIPHER
230 select CRYPTO_MANAGER
234 Generic implementation of the RSA public key algorithm.
237 tristate "Diffie-Hellman algorithm"
241 Generic implementation of the Diffie-Hellman algorithm.
247 tristate "ECDH algorithm"
250 select CRYPTO_RNG_DEFAULT
252 Generic implementation of the ECDH algorithm
255 tristate "EC-RDSA (GOST 34.10) algorithm"
257 select CRYPTO_AKCIPHER
258 select CRYPTO_STREEBOG
262 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
263 RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
264 standard algorithms (called GOST algorithms). Only signature verification
267 comment "Authenticated Encryption with Associated Data"
270 tristate "CCM support"
274 select CRYPTO_MANAGER
276 Support for Counter with CBC MAC. Required for IPsec.
279 tristate "GCM/GMAC support"
284 select CRYPTO_MANAGER
286 Support for Galois/Counter Mode (GCM) and Galois Message
287 Authentication Code (GMAC). Required for IPSec.
289 config CRYPTO_CHACHA20POLY1305
290 tristate "ChaCha20-Poly1305 AEAD support"
291 select CRYPTO_CHACHA20
292 select CRYPTO_POLY1305
294 select CRYPTO_MANAGER
296 ChaCha20-Poly1305 AEAD support, RFC7539.
298 Support for the AEAD wrapper using the ChaCha20 stream cipher combined
299 with the Poly1305 authenticator. It is defined in RFC7539 for use in
302 config CRYPTO_AEGIS128
303 tristate "AEGIS-128 AEAD algorithm"
305 select CRYPTO_AES # for AES S-box tables
307 Support for the AEGIS-128 dedicated AEAD algorithm.
309 config CRYPTO_AEGIS128_SIMD
310 bool "Support SIMD acceleration for AEGIS-128"
311 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
314 config CRYPTO_AEGIS128_AESNI_SSE2
315 tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
316 depends on X86 && 64BIT
320 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
323 tristate "Sequence Number IV Generator"
325 select CRYPTO_BLKCIPHER
327 select CRYPTO_RNG_DEFAULT
328 select CRYPTO_MANAGER
330 This IV generator generates an IV based on a sequence number by
331 xoring it with a salt. This algorithm is mainly useful for CTR
333 config CRYPTO_ECHAINIV
334 tristate "Encrypted Chain IV Generator"
337 select CRYPTO_RNG_DEFAULT
338 select CRYPTO_MANAGER
340 This IV generator generates an IV based on the encryption of
341 a sequence number xored with a salt. This is the default
344 comment "Block modes"
347 tristate "CBC support"
348 select CRYPTO_BLKCIPHER
349 select CRYPTO_MANAGER
351 CBC: Cipher Block Chaining mode
352 This block cipher algorithm is required for IPSec.
355 tristate "CFB support"
356 select CRYPTO_BLKCIPHER
357 select CRYPTO_MANAGER
359 CFB: Cipher FeedBack mode
360 This block cipher algorithm is required for TPM2 Cryptography.
363 tristate "CTR support"
364 select CRYPTO_BLKCIPHER
366 select CRYPTO_MANAGER
369 This block cipher algorithm is required for IPSec.
372 tristate "CTS support"
373 select CRYPTO_BLKCIPHER
374 select CRYPTO_MANAGER
376 CTS: Cipher Text Stealing
377 This is the Cipher Text Stealing mode as described by
378 Section 8 of rfc2040 and referenced by rfc3962
379 (rfc3962 includes errata information in its Appendix A) or
380 CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
381 This mode is required for Kerberos gss mechanism support
384 See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
387 tristate "ECB support"
388 select CRYPTO_BLKCIPHER
389 select CRYPTO_MANAGER
391 ECB: Electronic CodeBook mode
392 This is the simplest block cipher algorithm. It simply encrypts
393 the input block by block.
396 tristate "LRW support"
397 select CRYPTO_BLKCIPHER
398 select CRYPTO_MANAGER
399 select CRYPTO_GF128MUL
401 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
402 narrow block cipher mode for dm-crypt. Use it with cipher
403 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
404 The first 128, 192 or 256 bits in the key are used for AES and the
405 rest is used to tie each cipher block to its logical position.
408 tristate "OFB support"
409 select CRYPTO_BLKCIPHER
410 select CRYPTO_MANAGER
412 OFB: the Output Feedback mode makes a block cipher into a synchronous
413 stream cipher. It generates keystream blocks, which are then XORed
414 with the plaintext blocks to get the ciphertext. Flipping a bit in the
415 ciphertext produces a flipped bit in the plaintext at the same
416 location. This property allows many error correcting codes to function
417 normally even when applied before encryption.
420 tristate "PCBC support"
421 select CRYPTO_BLKCIPHER
422 select CRYPTO_MANAGER
424 PCBC: Propagating Cipher Block Chaining mode
425 This block cipher algorithm is required for RxRPC.
428 tristate "XTS support"
429 select CRYPTO_BLKCIPHER
430 select CRYPTO_MANAGER
433 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
434 key size 256, 384 or 512 bits. This implementation currently
435 can't handle a sectorsize which is not a multiple of 16 bytes.
437 config CRYPTO_KEYWRAP
438 tristate "Key wrapping support"
439 select CRYPTO_BLKCIPHER
440 select CRYPTO_MANAGER
442 Support for key wrapping (NIST SP800-38F / RFC3394) without
445 config CRYPTO_NHPOLY1305
448 select CRYPTO_POLY1305
450 config CRYPTO_NHPOLY1305_SSE2
451 tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
452 depends on X86 && 64BIT
453 select CRYPTO_NHPOLY1305
455 SSE2 optimized implementation of the hash function used by the
456 Adiantum encryption mode.
458 config CRYPTO_NHPOLY1305_AVX2
459 tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
460 depends on X86 && 64BIT
461 select CRYPTO_NHPOLY1305
463 AVX2 optimized implementation of the hash function used by the
464 Adiantum encryption mode.
466 config CRYPTO_ADIANTUM
467 tristate "Adiantum support"
468 select CRYPTO_CHACHA20
469 select CRYPTO_POLY1305
470 select CRYPTO_NHPOLY1305
471 select CRYPTO_MANAGER
473 Adiantum is a tweakable, length-preserving encryption mode
474 designed for fast and secure disk encryption, especially on
475 CPUs without dedicated crypto instructions. It encrypts
476 each sector using the XChaCha12 stream cipher, two passes of
477 an ε-almost-∆-universal hash function, and an invocation of
478 the AES-256 block cipher on a single 16-byte block. On CPUs
479 without AES instructions, Adiantum is much faster than
482 Adiantum's security is provably reducible to that of its
483 underlying stream and block ciphers, subject to a security
484 bound. Unlike XTS, Adiantum is a true wide-block encryption
485 mode, so it actually provides an even stronger notion of
486 security than XTS, subject to the security bound.
493 tristate "CMAC support"
495 select CRYPTO_MANAGER
497 Cipher-based Message Authentication Code (CMAC) specified by
498 The National Institute of Standards and Technology (NIST).
500 https://tools.ietf.org/html/rfc4493
501 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
504 tristate "HMAC support"
506 select CRYPTO_MANAGER
508 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
509 This is required for IPSec.
512 tristate "XCBC support"
514 select CRYPTO_MANAGER
516 XCBC: Keyed-Hashing with encryption algorithm
517 http://www.ietf.org/rfc/rfc3566.txt
518 http://csrc.nist.gov/encryption/modes/proposedmodes/
519 xcbc-mac/xcbc-mac-spec.pdf
522 tristate "VMAC support"
524 select CRYPTO_MANAGER
526 VMAC is a message authentication algorithm designed for
527 very high speed on 64-bit architectures.
530 <http://fastcrypto.org/vmac>
535 tristate "CRC32c CRC algorithm"
539 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
540 by iSCSI for header and data digests and by others.
541 See Castagnoli93. Module will be crc32c.
543 config CRYPTO_CRC32C_INTEL
544 tristate "CRC32c INTEL hardware acceleration"
548 In Intel processor with SSE4.2 supported, the processor will
549 support CRC32C implementation using hardware accelerated CRC32
550 instruction. This option will create 'crc32c-intel' module,
551 which will enable any routine to use the CRC32 instruction to
552 gain performance compared with software implementation.
553 Module will be crc32c-intel.
555 config CRYPTO_CRC32C_VPMSUM
556 tristate "CRC32c CRC algorithm (powerpc64)"
557 depends on PPC64 && ALTIVEC
561 CRC32c algorithm implemented using vector polynomial multiply-sum
562 (vpmsum) instructions, introduced in POWER8. Enable on POWER8
563 and newer processors for improved performance.
566 config CRYPTO_CRC32C_SPARC64
567 tristate "CRC32c CRC algorithm (SPARC64)"
572 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
576 tristate "CRC32 CRC algorithm"
580 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
581 Shash crypto api wrappers to crc32_le function.
583 config CRYPTO_CRC32_PCLMUL
584 tristate "CRC32 PCLMULQDQ hardware acceleration"
589 From Intel Westmere and AMD Bulldozer processor with SSE4.2
590 and PCLMULQDQ supported, the processor will support
591 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
592 instruction. This option will create 'crc32-pclmul' module,
593 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
594 and gain better performance as compared with the table implementation.
596 config CRYPTO_CRC32_MIPS
597 tristate "CRC32c and CRC32 CRC algorithm (MIPS)"
598 depends on MIPS_CRC_SUPPORT
601 CRC32c and CRC32 CRC algorithms implemented using mips crypto
602 instructions, when available.
606 tristate "xxHash hash algorithm"
610 xxHash non-cryptographic hash algorithm. Extremely fast, working at
611 speeds close to RAM limits.
613 config CRYPTO_CRCT10DIF
614 tristate "CRCT10DIF algorithm"
617 CRC T10 Data Integrity Field computation is being cast as
618 a crypto transform. This allows for faster crc t10 diff
619 transforms to be used if they are available.
621 config CRYPTO_CRCT10DIF_PCLMUL
622 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
623 depends on X86 && 64BIT && CRC_T10DIF
626 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
627 CRC T10 DIF PCLMULQDQ computation can be hardware
628 accelerated PCLMULQDQ instruction. This option will create
629 'crct10dif-pclmul' module, which is faster when computing the
630 crct10dif checksum as compared with the generic table implementation.
632 config CRYPTO_CRCT10DIF_VPMSUM
633 tristate "CRC32T10DIF powerpc64 hardware acceleration"
634 depends on PPC64 && ALTIVEC && CRC_T10DIF
637 CRC10T10DIF algorithm implemented using vector polynomial
638 multiply-sum (vpmsum) instructions, introduced in POWER8. Enable on
639 POWER8 and newer processors for improved performance.
641 config CRYPTO_VPMSUM_TESTER
642 tristate "Powerpc64 vpmsum hardware acceleration tester"
643 depends on CRYPTO_CRCT10DIF_VPMSUM && CRYPTO_CRC32C_VPMSUM
645 Stress test for CRC32c and CRC-T10DIF algorithms implemented with
646 POWER8 vpmsum instructions.
647 Unless you are testing these algorithms, you don't need this.
650 tristate "GHASH hash function"
651 select CRYPTO_GF128MUL
654 GHASH is the hash function used in GCM (Galois/Counter Mode).
655 It is not a general-purpose cryptographic hash function.
657 config CRYPTO_POLY1305
658 tristate "Poly1305 authenticator algorithm"
661 Poly1305 authenticator algorithm, RFC7539.
663 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
664 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
665 in IETF protocols. This is the portable C implementation of Poly1305.
667 config CRYPTO_POLY1305_X86_64
668 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
669 depends on X86 && 64BIT
670 select CRYPTO_POLY1305
672 Poly1305 authenticator algorithm, RFC7539.
674 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
675 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
676 in IETF protocols. This is the x86_64 assembler implementation using SIMD
680 tristate "MD4 digest algorithm"
683 MD4 message digest algorithm (RFC1320).
686 tristate "MD5 digest algorithm"
689 MD5 message digest algorithm (RFC1321).
691 config CRYPTO_MD5_OCTEON
692 tristate "MD5 digest algorithm (OCTEON)"
693 depends on CPU_CAVIUM_OCTEON
697 MD5 message digest algorithm (RFC1321) implemented
698 using OCTEON crypto instructions, when available.
700 config CRYPTO_MD5_PPC
701 tristate "MD5 digest algorithm (PPC)"
705 MD5 message digest algorithm (RFC1321) implemented
708 config CRYPTO_MD5_SPARC64
709 tristate "MD5 digest algorithm (SPARC64)"
714 MD5 message digest algorithm (RFC1321) implemented
715 using sparc64 crypto instructions, when available.
717 config CRYPTO_MICHAEL_MIC
718 tristate "Michael MIC keyed digest algorithm"
721 Michael MIC is used for message integrity protection in TKIP
722 (IEEE 802.11i). This algorithm is required for TKIP, but it
723 should not be used for other purposes because of the weakness
727 tristate "RIPEMD-128 digest algorithm"
730 RIPEMD-128 (ISO/IEC 10118-3:2004).
732 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
733 be used as a secure replacement for RIPEMD. For other use cases,
734 RIPEMD-160 should be used.
736 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
737 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
740 tristate "RIPEMD-160 digest algorithm"
743 RIPEMD-160 (ISO/IEC 10118-3:2004).
745 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
746 to be used as a secure replacement for the 128-bit hash functions
747 MD4, MD5 and it's predecessor RIPEMD
748 (not to be confused with RIPEMD-128).
750 It's speed is comparable to SHA1 and there are no known attacks
753 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
754 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
757 tristate "RIPEMD-256 digest algorithm"
760 RIPEMD-256 is an optional extension of RIPEMD-128 with a
761 256 bit hash. It is intended for applications that require
762 longer hash-results, without needing a larger security level
765 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
766 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
769 tristate "RIPEMD-320 digest algorithm"
772 RIPEMD-320 is an optional extension of RIPEMD-160 with a
773 320 bit hash. It is intended for applications that require
774 longer hash-results, without needing a larger security level
777 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
778 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
781 tristate "SHA1 digest algorithm"
784 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
786 config CRYPTO_SHA1_SSSE3
787 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
788 depends on X86 && 64BIT
792 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
793 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
794 Extensions (AVX/AVX2) or SHA-NI(SHA Extensions New Instructions),
797 config CRYPTO_SHA256_SSSE3
798 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2/SHA-NI)"
799 depends on X86 && 64BIT
803 SHA-256 secure hash standard (DFIPS 180-2) implemented
804 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
805 Extensions version 1 (AVX1), or Advanced Vector Extensions
806 version 2 (AVX2) instructions, or SHA-NI (SHA Extensions New
807 Instructions) when available.
809 config CRYPTO_SHA512_SSSE3
810 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
811 depends on X86 && 64BIT
815 SHA-512 secure hash standard (DFIPS 180-2) implemented
816 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
817 Extensions version 1 (AVX1), or Advanced Vector Extensions
818 version 2 (AVX2) instructions, when available.
820 config CRYPTO_SHA1_OCTEON
821 tristate "SHA1 digest algorithm (OCTEON)"
822 depends on CPU_CAVIUM_OCTEON
826 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
827 using OCTEON crypto instructions, when available.
829 config CRYPTO_SHA1_SPARC64
830 tristate "SHA1 digest algorithm (SPARC64)"
835 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
836 using sparc64 crypto instructions, when available.
838 config CRYPTO_SHA1_PPC
839 tristate "SHA1 digest algorithm (powerpc)"
842 This is the powerpc hardware accelerated implementation of the
843 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
845 config CRYPTO_SHA1_PPC_SPE
846 tristate "SHA1 digest algorithm (PPC SPE)"
847 depends on PPC && SPE
849 SHA-1 secure hash standard (DFIPS 180-4) implemented
850 using powerpc SPE SIMD instruction set.
852 config CRYPTO_LIB_SHA256
856 tristate "SHA224 and SHA256 digest algorithm"
859 SHA256 secure hash standard (DFIPS 180-2).
861 This version of SHA implements a 256 bit hash with 128 bits of
862 security against collision attacks.
864 This code also includes SHA-224, a 224 bit hash with 112 bits
865 of security against collision attacks.
867 config CRYPTO_SHA256_PPC_SPE
868 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
869 depends on PPC && SPE
873 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
874 implemented using powerpc SPE SIMD instruction set.
876 config CRYPTO_SHA256_OCTEON
877 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
878 depends on CPU_CAVIUM_OCTEON
882 SHA-256 secure hash standard (DFIPS 180-2) implemented
883 using OCTEON crypto instructions, when available.
885 config CRYPTO_SHA256_SPARC64
886 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
891 SHA-256 secure hash standard (DFIPS 180-2) implemented
892 using sparc64 crypto instructions, when available.
895 tristate "SHA384 and SHA512 digest algorithms"
898 SHA512 secure hash standard (DFIPS 180-2).
900 This version of SHA implements a 512 bit hash with 256 bits of
901 security against collision attacks.
903 This code also includes SHA-384, a 384 bit hash with 192 bits
904 of security against collision attacks.
906 config CRYPTO_SHA512_OCTEON
907 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
908 depends on CPU_CAVIUM_OCTEON
912 SHA-512 secure hash standard (DFIPS 180-2) implemented
913 using OCTEON crypto instructions, when available.
915 config CRYPTO_SHA512_SPARC64
916 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
921 SHA-512 secure hash standard (DFIPS 180-2) implemented
922 using sparc64 crypto instructions, when available.
925 tristate "SHA3 digest algorithm"
928 SHA-3 secure hash standard (DFIPS 202). It's based on
929 cryptographic sponge function family called Keccak.
932 http://keccak.noekeon.org/
935 tristate "SM3 digest algorithm"
938 SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
939 It is part of the Chinese Commercial Cryptography suite.
942 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
943 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
945 config CRYPTO_STREEBOG
946 tristate "Streebog Hash Function"
949 Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
950 cryptographic standard algorithms (called GOST algorithms).
951 This setting enables two hash algorithms with 256 and 512 bits output.
954 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
955 https://tools.ietf.org/html/rfc6986
958 tristate "Tiger digest algorithms"
961 Tiger hash algorithm 192, 160 and 128-bit hashes
963 Tiger is a hash function optimized for 64-bit processors while
964 still having decent performance on 32-bit processors.
965 Tiger was developed by Ross Anderson and Eli Biham.
968 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
971 tristate "Whirlpool digest algorithms"
974 Whirlpool hash algorithm 512, 384 and 256-bit hashes
976 Whirlpool-512 is part of the NESSIE cryptographic primitives.
977 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
980 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
982 config CRYPTO_GHASH_CLMUL_NI_INTEL
983 tristate "GHASH hash function (CLMUL-NI accelerated)"
984 depends on X86 && 64BIT
987 This is the x86_64 CLMUL-NI accelerated implementation of
988 GHASH, the hash function used in GCM (Galois/Counter mode).
992 config CRYPTO_LIB_AES
996 tristate "AES cipher algorithms"
998 select CRYPTO_LIB_AES
1000 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1003 Rijndael appears to be consistently a very good performer in
1004 both hardware and software across a wide range of computing
1005 environments regardless of its use in feedback or non-feedback
1006 modes. Its key setup time is excellent, and its key agility is
1007 good. Rijndael's very low memory requirements make it very well
1008 suited for restricted-space environments, in which it also
1009 demonstrates excellent performance. Rijndael's operations are
1010 among the easiest to defend against power and timing attacks.
1012 The AES specifies three key sizes: 128, 192 and 256 bits
1014 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
1016 config CRYPTO_AES_TI
1017 tristate "Fixed time AES cipher"
1018 select CRYPTO_ALGAPI
1019 select CRYPTO_LIB_AES
1021 This is a generic implementation of AES that attempts to eliminate
1022 data dependent latencies as much as possible without affecting
1023 performance too much. It is intended for use by the generic CCM
1024 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
1025 solely on encryption (although decryption is supported as well, but
1026 with a more dramatic performance hit)
1028 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
1029 8 for decryption), this implementation only uses just two S-boxes of
1030 256 bytes each, and attempts to eliminate data dependent latencies by
1031 prefetching the entire table into the cache at the start of each
1032 block. Interrupts are also disabled to avoid races where cachelines
1033 are evicted when the CPU is interrupted to do something else.
1035 config CRYPTO_AES_NI_INTEL
1036 tristate "AES cipher algorithms (AES-NI)"
1039 select CRYPTO_LIB_AES
1040 select CRYPTO_ALGAPI
1041 select CRYPTO_BLKCIPHER
1042 select CRYPTO_GLUE_HELPER_X86 if 64BIT
1045 Use Intel AES-NI instructions for AES algorithm.
1047 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1050 Rijndael appears to be consistently a very good performer in
1051 both hardware and software across a wide range of computing
1052 environments regardless of its use in feedback or non-feedback
1053 modes. Its key setup time is excellent, and its key agility is
1054 good. Rijndael's very low memory requirements make it very well
1055 suited for restricted-space environments, in which it also
1056 demonstrates excellent performance. Rijndael's operations are
1057 among the easiest to defend against power and timing attacks.
1059 The AES specifies three key sizes: 128, 192 and 256 bits
1061 See <http://csrc.nist.gov/encryption/aes/> for more information.
1063 In addition to AES cipher algorithm support, the acceleration
1064 for some popular block cipher mode is supported too, including
1065 ECB, CBC, LRW, XTS. The 64 bit version has additional
1066 acceleration for CTR.
1068 config CRYPTO_AES_SPARC64
1069 tristate "AES cipher algorithms (SPARC64)"
1071 select CRYPTO_CRYPTD
1072 select CRYPTO_ALGAPI
1074 Use SPARC64 crypto opcodes for AES algorithm.
1076 AES cipher algorithms (FIPS-197). AES uses the Rijndael
1079 Rijndael appears to be consistently a very good performer in
1080 both hardware and software across a wide range of computing
1081 environments regardless of its use in feedback or non-feedback
1082 modes. Its key setup time is excellent, and its key agility is
1083 good. Rijndael's very low memory requirements make it very well
1084 suited for restricted-space environments, in which it also
1085 demonstrates excellent performance. Rijndael's operations are
1086 among the easiest to defend against power and timing attacks.
1088 The AES specifies three key sizes: 128, 192 and 256 bits
1090 See <http://csrc.nist.gov/encryption/aes/> for more information.
1092 In addition to AES cipher algorithm support, the acceleration
1093 for some popular block cipher mode is supported too, including
1096 config CRYPTO_AES_PPC_SPE
1097 tristate "AES cipher algorithms (PPC SPE)"
1098 depends on PPC && SPE
1100 AES cipher algorithms (FIPS-197). Additionally the acceleration
1101 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
1102 This module should only be used for low power (router) devices
1103 without hardware AES acceleration (e.g. caam crypto). It reduces the
1104 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
1105 timining attacks. Nevertheless it might be not as secure as other
1106 architecture specific assembler implementations that work on 1KB
1107 tables or 256 bytes S-boxes.
1109 config CRYPTO_ANUBIS
1110 tristate "Anubis cipher algorithm"
1111 select CRYPTO_ALGAPI
1113 Anubis cipher algorithm.
1115 Anubis is a variable key length cipher which can use keys from
1116 128 bits to 320 bits in length. It was evaluated as a entrant
1117 in the NESSIE competition.
1120 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
1121 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
1123 config CRYPTO_LIB_ARC4
1127 tristate "ARC4 cipher algorithm"
1128 select CRYPTO_BLKCIPHER
1129 select CRYPTO_LIB_ARC4
1131 ARC4 cipher algorithm.
1133 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
1134 bits in length. This algorithm is required for driver-based
1135 WEP, but it should not be for other purposes because of the
1136 weakness of the algorithm.
1138 config CRYPTO_BLOWFISH
1139 tristate "Blowfish cipher algorithm"
1140 select CRYPTO_ALGAPI
1141 select CRYPTO_BLOWFISH_COMMON
1143 Blowfish cipher algorithm, by Bruce Schneier.
1145 This is a variable key length cipher which can use keys from 32
1146 bits to 448 bits in length. It's fast, simple and specifically
1147 designed for use on "large microprocessors".
1150 <http://www.schneier.com/blowfish.html>
1152 config CRYPTO_BLOWFISH_COMMON
1155 Common parts of the Blowfish cipher algorithm shared by the
1156 generic c and the assembler implementations.
1159 <http://www.schneier.com/blowfish.html>
1161 config CRYPTO_BLOWFISH_X86_64
1162 tristate "Blowfish cipher algorithm (x86_64)"
1163 depends on X86 && 64BIT
1164 select CRYPTO_BLKCIPHER
1165 select CRYPTO_BLOWFISH_COMMON
1167 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
1169 This is a variable key length cipher which can use keys from 32
1170 bits to 448 bits in length. It's fast, simple and specifically
1171 designed for use on "large microprocessors".
1174 <http://www.schneier.com/blowfish.html>
1176 config CRYPTO_CAMELLIA
1177 tristate "Camellia cipher algorithms"
1179 select CRYPTO_ALGAPI
1181 Camellia cipher algorithms module.
1183 Camellia is a symmetric key block cipher developed jointly
1184 at NTT and Mitsubishi Electric Corporation.
1186 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1189 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1191 config CRYPTO_CAMELLIA_X86_64
1192 tristate "Camellia cipher algorithm (x86_64)"
1193 depends on X86 && 64BIT
1195 select CRYPTO_BLKCIPHER
1196 select CRYPTO_GLUE_HELPER_X86
1198 Camellia cipher algorithm module (x86_64).
1200 Camellia is a symmetric key block cipher developed jointly
1201 at NTT and Mitsubishi Electric Corporation.
1203 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1206 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1208 config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1209 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1210 depends on X86 && 64BIT
1212 select CRYPTO_BLKCIPHER
1213 select CRYPTO_CAMELLIA_X86_64
1214 select CRYPTO_GLUE_HELPER_X86
1218 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
1220 Camellia is a symmetric key block cipher developed jointly
1221 at NTT and Mitsubishi Electric Corporation.
1223 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1226 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1228 config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
1229 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
1230 depends on X86 && 64BIT
1232 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
1234 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1236 Camellia is a symmetric key block cipher developed jointly
1237 at NTT and Mitsubishi Electric Corporation.
1239 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1242 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1244 config CRYPTO_CAMELLIA_SPARC64
1245 tristate "Camellia cipher algorithm (SPARC64)"
1248 select CRYPTO_ALGAPI
1250 Camellia cipher algorithm module (SPARC64).
1252 Camellia is a symmetric key block cipher developed jointly
1253 at NTT and Mitsubishi Electric Corporation.
1255 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1258 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1260 config CRYPTO_CAST_COMMON
1263 Common parts of the CAST cipher algorithms shared by the
1264 generic c and the assembler implementations.
1267 tristate "CAST5 (CAST-128) cipher algorithm"
1268 select CRYPTO_ALGAPI
1269 select CRYPTO_CAST_COMMON
1271 The CAST5 encryption algorithm (synonymous with CAST-128) is
1272 described in RFC2144.
1274 config CRYPTO_CAST5_AVX_X86_64
1275 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1276 depends on X86 && 64BIT
1277 select CRYPTO_BLKCIPHER
1279 select CRYPTO_CAST_COMMON
1282 The CAST5 encryption algorithm (synonymous with CAST-128) is
1283 described in RFC2144.
1285 This module provides the Cast5 cipher algorithm that processes
1286 sixteen blocks parallel using the AVX instruction set.
1289 tristate "CAST6 (CAST-256) cipher algorithm"
1290 select CRYPTO_ALGAPI
1291 select CRYPTO_CAST_COMMON
1293 The CAST6 encryption algorithm (synonymous with CAST-256) is
1294 described in RFC2612.
1296 config CRYPTO_CAST6_AVX_X86_64
1297 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1298 depends on X86 && 64BIT
1299 select CRYPTO_BLKCIPHER
1301 select CRYPTO_CAST_COMMON
1302 select CRYPTO_GLUE_HELPER_X86
1306 The CAST6 encryption algorithm (synonymous with CAST-256) is
1307 described in RFC2612.
1309 This module provides the Cast6 cipher algorithm that processes
1310 eight blocks parallel using the AVX instruction set.
1312 config CRYPTO_LIB_DES
1316 tristate "DES and Triple DES EDE cipher algorithms"
1317 select CRYPTO_ALGAPI
1318 select CRYPTO_LIB_DES
1320 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1322 config CRYPTO_DES_SPARC64
1323 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1325 select CRYPTO_ALGAPI
1326 select CRYPTO_LIB_DES
1328 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1329 optimized using SPARC64 crypto opcodes.
1331 config CRYPTO_DES3_EDE_X86_64
1332 tristate "Triple DES EDE cipher algorithm (x86-64)"
1333 depends on X86 && 64BIT
1334 select CRYPTO_BLKCIPHER
1335 select CRYPTO_LIB_DES
1337 Triple DES EDE (FIPS 46-3) algorithm.
1339 This module provides implementation of the Triple DES EDE cipher
1340 algorithm that is optimized for x86-64 processors. Two versions of
1341 algorithm are provided; regular processing one input block and
1342 one that processes three blocks parallel.
1344 config CRYPTO_FCRYPT
1345 tristate "FCrypt cipher algorithm"
1346 select CRYPTO_ALGAPI
1347 select CRYPTO_BLKCIPHER
1349 FCrypt algorithm used by RxRPC.
1351 config CRYPTO_KHAZAD
1352 tristate "Khazad cipher algorithm"
1353 select CRYPTO_ALGAPI
1355 Khazad cipher algorithm.
1357 Khazad was a finalist in the initial NESSIE competition. It is
1358 an algorithm optimized for 64-bit processors with good performance
1359 on 32-bit processors. Khazad uses an 128 bit key size.
1362 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
1364 config CRYPTO_SALSA20
1365 tristate "Salsa20 stream cipher algorithm"
1366 select CRYPTO_BLKCIPHER
1368 Salsa20 stream cipher algorithm.
1370 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1371 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1373 The Salsa20 stream cipher algorithm is designed by Daniel J.
1374 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1376 config CRYPTO_CHACHA20
1377 tristate "ChaCha stream cipher algorithms"
1378 select CRYPTO_BLKCIPHER
1380 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
1382 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1383 Bernstein and further specified in RFC7539 for use in IETF protocols.
1384 This is the portable C implementation of ChaCha20. See also:
1385 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1387 XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1388 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
1389 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
1390 while provably retaining ChaCha20's security. See also:
1391 <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
1393 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
1394 reduced security margin but increased performance. It can be needed
1395 in some performance-sensitive scenarios.
1397 config CRYPTO_CHACHA20_X86_64
1398 tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
1399 depends on X86 && 64BIT
1400 select CRYPTO_BLKCIPHER
1401 select CRYPTO_CHACHA20
1403 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
1404 XChaCha20, and XChaCha12 stream ciphers.
1407 tristate "SEED cipher algorithm"
1408 select CRYPTO_ALGAPI
1410 SEED cipher algorithm (RFC4269).
1412 SEED is a 128-bit symmetric key block cipher that has been
1413 developed by KISA (Korea Information Security Agency) as a
1414 national standard encryption algorithm of the Republic of Korea.
1415 It is a 16 round block cipher with the key size of 128 bit.
1418 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1420 config CRYPTO_SERPENT
1421 tristate "Serpent cipher algorithm"
1422 select CRYPTO_ALGAPI
1424 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1426 Keys are allowed to be from 0 to 256 bits in length, in steps
1427 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
1428 variant of Serpent for compatibility with old kerneli.org code.
1431 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1433 config CRYPTO_SERPENT_SSE2_X86_64
1434 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1435 depends on X86 && 64BIT
1436 select CRYPTO_BLKCIPHER
1437 select CRYPTO_GLUE_HELPER_X86
1438 select CRYPTO_SERPENT
1441 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1443 Keys are allowed to be from 0 to 256 bits in length, in steps
1446 This module provides Serpent cipher algorithm that processes eight
1447 blocks parallel using SSE2 instruction set.
1450 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1452 config CRYPTO_SERPENT_SSE2_586
1453 tristate "Serpent cipher algorithm (i586/SSE2)"
1454 depends on X86 && !64BIT
1455 select CRYPTO_BLKCIPHER
1456 select CRYPTO_GLUE_HELPER_X86
1457 select CRYPTO_SERPENT
1460 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1462 Keys are allowed to be from 0 to 256 bits in length, in steps
1465 This module provides Serpent cipher algorithm that processes four
1466 blocks parallel using SSE2 instruction set.
1469 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1471 config CRYPTO_SERPENT_AVX_X86_64
1472 tristate "Serpent cipher algorithm (x86_64/AVX)"
1473 depends on X86 && 64BIT
1474 select CRYPTO_BLKCIPHER
1475 select CRYPTO_GLUE_HELPER_X86
1476 select CRYPTO_SERPENT
1480 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1482 Keys are allowed to be from 0 to 256 bits in length, in steps
1485 This module provides the Serpent cipher algorithm that processes
1486 eight blocks parallel using the AVX instruction set.
1489 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1491 config CRYPTO_SERPENT_AVX2_X86_64
1492 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1493 depends on X86 && 64BIT
1494 select CRYPTO_SERPENT_AVX_X86_64
1496 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1498 Keys are allowed to be from 0 to 256 bits in length, in steps
1501 This module provides Serpent cipher algorithm that processes 16
1502 blocks parallel using AVX2 instruction set.
1505 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1508 tristate "SM4 cipher algorithm"
1509 select CRYPTO_ALGAPI
1511 SM4 cipher algorithms (OSCCA GB/T 32907-2016).
1513 SM4 (GBT.32907-2016) is a cryptographic standard issued by the
1514 Organization of State Commercial Administration of China (OSCCA)
1515 as an authorized cryptographic algorithms for the use within China.
1517 SMS4 was originally created for use in protecting wireless
1518 networks, and is mandated in the Chinese National Standard for
1519 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
1522 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
1523 standardized through TC 260 of the Standardization Administration
1524 of the People's Republic of China (SAC).
1526 The input, output, and key of SMS4 are each 128 bits.
1528 See also: <https://eprint.iacr.org/2008/329.pdf>
1533 tristate "TEA, XTEA and XETA cipher algorithms"
1534 select CRYPTO_ALGAPI
1536 TEA cipher algorithm.
1538 Tiny Encryption Algorithm is a simple cipher that uses
1539 many rounds for security. It is very fast and uses
1542 Xtendend Tiny Encryption Algorithm is a modification to
1543 the TEA algorithm to address a potential key weakness
1544 in the TEA algorithm.
1546 Xtendend Encryption Tiny Algorithm is a mis-implementation
1547 of the XTEA algorithm for compatibility purposes.
1549 config CRYPTO_TWOFISH
1550 tristate "Twofish cipher algorithm"
1551 select CRYPTO_ALGAPI
1552 select CRYPTO_TWOFISH_COMMON
1554 Twofish cipher algorithm.
1556 Twofish was submitted as an AES (Advanced Encryption Standard)
1557 candidate cipher by researchers at CounterPane Systems. It is a
1558 16 round block cipher supporting key sizes of 128, 192, and 256
1562 <http://www.schneier.com/twofish.html>
1564 config CRYPTO_TWOFISH_COMMON
1567 Common parts of the Twofish cipher algorithm shared by the
1568 generic c and the assembler implementations.
1570 config CRYPTO_TWOFISH_586
1571 tristate "Twofish cipher algorithms (i586)"
1572 depends on (X86 || UML_X86) && !64BIT
1573 select CRYPTO_ALGAPI
1574 select CRYPTO_TWOFISH_COMMON
1576 Twofish cipher algorithm.
1578 Twofish was submitted as an AES (Advanced Encryption Standard)
1579 candidate cipher by researchers at CounterPane Systems. It is a
1580 16 round block cipher supporting key sizes of 128, 192, and 256
1584 <http://www.schneier.com/twofish.html>
1586 config CRYPTO_TWOFISH_X86_64
1587 tristate "Twofish cipher algorithm (x86_64)"
1588 depends on (X86 || UML_X86) && 64BIT
1589 select CRYPTO_ALGAPI
1590 select CRYPTO_TWOFISH_COMMON
1592 Twofish cipher algorithm (x86_64).
1594 Twofish was submitted as an AES (Advanced Encryption Standard)
1595 candidate cipher by researchers at CounterPane Systems. It is a
1596 16 round block cipher supporting key sizes of 128, 192, and 256
1600 <http://www.schneier.com/twofish.html>
1602 config CRYPTO_TWOFISH_X86_64_3WAY
1603 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1604 depends on X86 && 64BIT
1605 select CRYPTO_BLKCIPHER
1606 select CRYPTO_TWOFISH_COMMON
1607 select CRYPTO_TWOFISH_X86_64
1608 select CRYPTO_GLUE_HELPER_X86
1610 Twofish cipher algorithm (x86_64, 3-way parallel).
1612 Twofish was submitted as an AES (Advanced Encryption Standard)
1613 candidate cipher by researchers at CounterPane Systems. It is a
1614 16 round block cipher supporting key sizes of 128, 192, and 256
1617 This module provides Twofish cipher algorithm that processes three
1618 blocks parallel, utilizing resources of out-of-order CPUs better.
1621 <http://www.schneier.com/twofish.html>
1623 config CRYPTO_TWOFISH_AVX_X86_64
1624 tristate "Twofish cipher algorithm (x86_64/AVX)"
1625 depends on X86 && 64BIT
1626 select CRYPTO_BLKCIPHER
1627 select CRYPTO_GLUE_HELPER_X86
1629 select CRYPTO_TWOFISH_COMMON
1630 select CRYPTO_TWOFISH_X86_64
1631 select CRYPTO_TWOFISH_X86_64_3WAY
1633 Twofish cipher algorithm (x86_64/AVX).
1635 Twofish was submitted as an AES (Advanced Encryption Standard)
1636 candidate cipher by researchers at CounterPane Systems. It is a
1637 16 round block cipher supporting key sizes of 128, 192, and 256
1640 This module provides the Twofish cipher algorithm that processes
1641 eight blocks parallel using the AVX Instruction Set.
1644 <http://www.schneier.com/twofish.html>
1646 comment "Compression"
1648 config CRYPTO_DEFLATE
1649 tristate "Deflate compression algorithm"
1650 select CRYPTO_ALGAPI
1651 select CRYPTO_ACOMP2
1655 This is the Deflate algorithm (RFC1951), specified for use in
1656 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
1658 You will most probably want this if using IPSec.
1661 tristate "LZO compression algorithm"
1662 select CRYPTO_ALGAPI
1663 select CRYPTO_ACOMP2
1665 select LZO_DECOMPRESS
1667 This is the LZO algorithm.
1670 tristate "842 compression algorithm"
1671 select CRYPTO_ALGAPI
1672 select CRYPTO_ACOMP2
1674 select 842_DECOMPRESS
1676 This is the 842 algorithm.
1679 tristate "LZ4 compression algorithm"
1680 select CRYPTO_ALGAPI
1681 select CRYPTO_ACOMP2
1683 select LZ4_DECOMPRESS
1685 This is the LZ4 algorithm.
1688 tristate "LZ4HC compression algorithm"
1689 select CRYPTO_ALGAPI
1690 select CRYPTO_ACOMP2
1691 select LZ4HC_COMPRESS
1692 select LZ4_DECOMPRESS
1694 This is the LZ4 high compression mode algorithm.
1697 tristate "Zstd compression algorithm"
1698 select CRYPTO_ALGAPI
1699 select CRYPTO_ACOMP2
1700 select ZSTD_COMPRESS
1701 select ZSTD_DECOMPRESS
1703 This is the zstd algorithm.
1705 comment "Random Number Generation"
1707 config CRYPTO_ANSI_CPRNG
1708 tristate "Pseudo Random Number Generation for Cryptographic modules"
1712 This option enables the generic pseudo random number generator
1713 for cryptographic modules. Uses the Algorithm specified in
1714 ANSI X9.31 A.2.4. Note that this option must be enabled if
1715 CRYPTO_FIPS is selected
1717 menuconfig CRYPTO_DRBG_MENU
1718 tristate "NIST SP800-90A DRBG"
1720 NIST SP800-90A compliant DRBG. In the following submenu, one or
1721 more of the DRBG types must be selected.
1725 config CRYPTO_DRBG_HMAC
1729 select CRYPTO_SHA256
1731 config CRYPTO_DRBG_HASH
1732 bool "Enable Hash DRBG"
1733 select CRYPTO_SHA256
1735 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1737 config CRYPTO_DRBG_CTR
1738 bool "Enable CTR DRBG"
1740 depends on CRYPTO_CTR
1742 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1746 default CRYPTO_DRBG_MENU
1748 select CRYPTO_JITTERENTROPY
1750 endif # if CRYPTO_DRBG_MENU
1752 config CRYPTO_JITTERENTROPY
1753 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1756 The Jitterentropy RNG is a noise that is intended
1757 to provide seed to another RNG. The RNG does not
1758 perform any cryptographic whitening of the generated
1759 random numbers. This Jitterentropy RNG registers with
1760 the kernel crypto API and can be used by any caller.
1762 config CRYPTO_USER_API
1765 config CRYPTO_USER_API_HASH
1766 tristate "User-space interface for hash algorithms"
1769 select CRYPTO_USER_API
1771 This option enables the user-spaces interface for hash
1774 config CRYPTO_USER_API_SKCIPHER
1775 tristate "User-space interface for symmetric key cipher algorithms"
1777 select CRYPTO_BLKCIPHER
1778 select CRYPTO_USER_API
1780 This option enables the user-spaces interface for symmetric
1781 key cipher algorithms.
1783 config CRYPTO_USER_API_RNG
1784 tristate "User-space interface for random number generator algorithms"
1787 select CRYPTO_USER_API
1789 This option enables the user-spaces interface for random
1790 number generator algorithms.
1792 config CRYPTO_USER_API_AEAD
1793 tristate "User-space interface for AEAD cipher algorithms"
1796 select CRYPTO_BLKCIPHER
1798 select CRYPTO_USER_API
1800 This option enables the user-spaces interface for AEAD
1804 bool "Crypto usage statistics for User-space"
1805 depends on CRYPTO_USER
1807 This option enables the gathering of crypto stats.
1809 - encrypt/decrypt size and numbers of symmeric operations
1810 - compress/decompress size and numbers of compress operations
1811 - size and numbers of hash operations
1812 - encrypt/decrypt/sign/verify numbers for asymmetric operations
1813 - generate/seed numbers for rng operations
1815 config CRYPTO_HASH_INFO
1818 source "drivers/crypto/Kconfig"
1819 source "crypto/asymmetric_keys/Kconfig"
1820 source "certs/Kconfig"