Kconfig 39 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474
  1. # SPDX-License-Identifier: GPL-2.0
  2. #
  3. # Generic algorithms support
  4. #
  5. config XOR_BLOCKS
  6. tristate
  7. #
  8. # async_tx api: hardware offloaded memory transfer/transform support
  9. #
  10. source "crypto/async_tx/Kconfig"
  11. #
  12. # Cryptographic API Configuration
  13. #
  14. menuconfig CRYPTO
  15. tristate "Cryptographic API"
  16. select CRYPTO_LIB_UTILS
  17. help
  18. This option provides the core Cryptographic API.
  19. if CRYPTO
  20. menu "Crypto core or helper"
  21. config CRYPTO_FIPS
  22. bool "FIPS 200 compliance"
  23. depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
  24. depends on (MODULE_SIG || !MODULES)
  25. help
  26. This option enables the fips boot option which is
  27. required if you want the system to operate in a FIPS 200
  28. certification. You should say no unless you know what
  29. this is.
  30. config CRYPTO_FIPS_NAME
  31. string "FIPS Module Name"
  32. default "Linux Kernel Cryptographic API"
  33. depends on CRYPTO_FIPS
  34. help
  35. This option sets the FIPS Module name reported by the Crypto API via
  36. the /proc/sys/crypto/fips_name file.
  37. config CRYPTO_FIPS_CUSTOM_VERSION
  38. bool "Use Custom FIPS Module Version"
  39. depends on CRYPTO_FIPS
  40. default n
  41. config CRYPTO_FIPS_VERSION
  42. string "FIPS Module Version"
  43. default "(none)"
  44. depends on CRYPTO_FIPS_CUSTOM_VERSION
  45. help
  46. This option provides the ability to override the FIPS Module Version.
  47. By default the KERNELRELEASE value is used.
  48. config CRYPTO_FIPS140_MOD
  49. tristate "Enable FIPS 140 cryptographic module"
  50. depends on ARM64 && ARM64_MODULE_PLTS
  51. depends on m
  52. help
  53. This option enables building a loadable module fips140.ko, which
  54. contains various crypto algorithms that are also built into vmlinux.
  55. At load time, this module overrides the built-in implementations of
  56. these algorithms with its implementations. It also runs self-tests on
  57. these algorithms and verifies the integrity of its code and data. If
  58. either of these steps fails, the kernel will panic.
  59. This module is intended to be loaded at early boot time in order to
  60. meet FIPS 140 and NIAP FPT_TST_EXT.1 requirements. It shouldn't be
  61. used if you don't need to meet these requirements.
  62. config CRYPTO_FIPS140_MOD_EVAL_TESTING
  63. bool "Enable evaluation testing features in FIPS 140 module"
  64. depends on CRYPTO_FIPS140_MOD
  65. help
  66. This option adds some features to the FIPS 140 module which are needed
  67. for lab evaluation testing of the module, e.g. support for injecting
  68. errors and support for a userspace interface to some of the module's
  69. services. This option should not be enabled in production builds.
  70. config CRYPTO_FIPS140_MOD_DEBUG_INTEGRITY_CHECK
  71. bool "Debug the integrity check in FIPS 140 module"
  72. depends on CRYPTO_FIPS140_MOD
  73. help
  74. This option makes the FIPS 140 module provide debugfs files containing
  75. the text and rodata that were used for the integrity check, i.e. the
  76. runtime text and rodata with relocations and code patches unapplied.
  77. This option also makes the module load even if the integrity check
  78. fails so that these files can be used to debug the failure. (A
  79. possible failure mode is that the kernel has added a new type of code
  80. patching and the module needs to be updated to disable or unapply it.)
  81. This option must not be enabled in production builds.
  82. Example commands for debugging an integrity check failure:
  83. adb root
  84. adb shell mount debugfs -t debugfs /sys/kernel/debug
  85. adb shell cp /sys/kernel/debug/fips140/{text,rodata} /data/local/tmp/
  86. adb pull /data/local/tmp/text text.checked
  87. adb pull /data/local/tmp/rodata rodata.checked
  88. llvm-objcopy -O binary --only-section=.text fips140.ko text.orig
  89. llvm-objcopy -O binary --only-section=.rodata fips140.ko rodata.orig
  90. for f in {text,rodata}.{orig,checked}; do xxd -g1 $f > $f.xxd; done
  91. vimdiff text.{orig,checked}.xxd
  92. vimdiff rodata.{orig,checked}.xxd
  93. config CRYPTO_ALGAPI
  94. tristate
  95. select CRYPTO_ALGAPI2
  96. help
  97. This option provides the API for cryptographic algorithms.
  98. config CRYPTO_ALGAPI2
  99. tristate
  100. config CRYPTO_AEAD
  101. tristate
  102. select CRYPTO_AEAD2
  103. select CRYPTO_ALGAPI
  104. config CRYPTO_AEAD2
  105. tristate
  106. select CRYPTO_ALGAPI2
  107. select CRYPTO_NULL2
  108. select CRYPTO_RNG2
  109. config CRYPTO_SKCIPHER
  110. tristate
  111. select CRYPTO_SKCIPHER2
  112. select CRYPTO_ALGAPI
  113. config CRYPTO_SKCIPHER2
  114. tristate
  115. select CRYPTO_ALGAPI2
  116. select CRYPTO_RNG2
  117. config CRYPTO_HASH
  118. tristate
  119. select CRYPTO_HASH2
  120. select CRYPTO_ALGAPI
  121. config CRYPTO_HASH2
  122. tristate
  123. select CRYPTO_ALGAPI2
  124. config CRYPTO_RNG
  125. tristate
  126. select CRYPTO_RNG2
  127. select CRYPTO_ALGAPI
  128. config CRYPTO_RNG2
  129. tristate
  130. select CRYPTO_ALGAPI2
  131. config CRYPTO_RNG_DEFAULT
  132. tristate
  133. select CRYPTO_DRBG_MENU
  134. config CRYPTO_AKCIPHER2
  135. tristate
  136. select CRYPTO_ALGAPI2
  137. config CRYPTO_AKCIPHER
  138. tristate
  139. select CRYPTO_AKCIPHER2
  140. select CRYPTO_ALGAPI
  141. config CRYPTO_KPP2
  142. tristate
  143. select CRYPTO_ALGAPI2
  144. config CRYPTO_KPP
  145. tristate
  146. select CRYPTO_ALGAPI
  147. select CRYPTO_KPP2
  148. config CRYPTO_ACOMP2
  149. tristate
  150. select CRYPTO_ALGAPI2
  151. select SGL_ALLOC
  152. config CRYPTO_ACOMP
  153. tristate
  154. select CRYPTO_ALGAPI
  155. select CRYPTO_ACOMP2
  156. config CRYPTO_MANAGER
  157. tristate "Cryptographic algorithm manager"
  158. select CRYPTO_MANAGER2
  159. help
  160. Create default cryptographic template instantiations such as
  161. cbc(aes).
  162. config CRYPTO_MANAGER2
  163. def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
  164. select CRYPTO_AEAD2
  165. select CRYPTO_HASH2
  166. select CRYPTO_SKCIPHER2
  167. select CRYPTO_AKCIPHER2
  168. select CRYPTO_KPP2
  169. select CRYPTO_ACOMP2
  170. config CRYPTO_USER
  171. tristate "Userspace cryptographic algorithm configuration"
  172. depends on NET
  173. select CRYPTO_MANAGER
  174. help
  175. Userspace configuration for cryptographic instantiations such as
  176. cbc(aes).
  177. config CRYPTO_MANAGER_DISABLE_TESTS
  178. bool "Disable run-time self tests"
  179. default y
  180. help
  181. Disable run-time self tests that normally take place at
  182. algorithm registration.
  183. config CRYPTO_MANAGER_EXTRA_TESTS
  184. bool "Enable extra run-time crypto self tests"
  185. depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
  186. help
  187. Enable extra run-time self tests of registered crypto algorithms,
  188. including randomized fuzz tests.
  189. This is intended for developer use only, as these tests take much
  190. longer to run than the normal self tests.
  191. config CRYPTO_GF128MUL
  192. tristate
  193. config CRYPTO_NULL
  194. tristate "Null algorithms"
  195. select CRYPTO_NULL2
  196. help
  197. These are 'Null' algorithms, used by IPsec, which do nothing.
  198. config CRYPTO_NULL2
  199. tristate
  200. select CRYPTO_ALGAPI2
  201. select CRYPTO_SKCIPHER2
  202. select CRYPTO_HASH2
  203. config CRYPTO_PCRYPT
  204. tristate "Parallel crypto engine"
  205. depends on SMP
  206. select PADATA
  207. select CRYPTO_MANAGER
  208. select CRYPTO_AEAD
  209. help
  210. This converts an arbitrary crypto algorithm into a parallel
  211. algorithm that executes in kernel threads.
  212. config CRYPTO_CRYPTD
  213. tristate "Software async crypto daemon"
  214. select CRYPTO_SKCIPHER
  215. select CRYPTO_HASH
  216. select CRYPTO_MANAGER
  217. help
  218. This is a generic software asynchronous crypto daemon that
  219. converts an arbitrary synchronous software crypto algorithm
  220. into an asynchronous algorithm that executes in a kernel thread.
  221. config CRYPTO_AUTHENC
  222. tristate "Authenc support"
  223. select CRYPTO_AEAD
  224. select CRYPTO_SKCIPHER
  225. select CRYPTO_MANAGER
  226. select CRYPTO_HASH
  227. select CRYPTO_NULL
  228. help
  229. Authenc: Combined mode wrapper for IPsec.
  230. This is required for IPSec ESP (XFRM_ESP).
  231. config CRYPTO_TEST
  232. tristate "Testing module"
  233. depends on m || EXPERT
  234. select CRYPTO_MANAGER
  235. help
  236. Quick & dirty crypto test module.
  237. config CRYPTO_SIMD
  238. tristate
  239. select CRYPTO_CRYPTD
  240. config CRYPTO_ENGINE
  241. tristate
  242. endmenu
  243. menu "Public-key cryptography"
  244. config CRYPTO_RSA
  245. tristate "RSA (Rivest-Shamir-Adleman)"
  246. select CRYPTO_AKCIPHER
  247. select CRYPTO_MANAGER
  248. select MPILIB
  249. select ASN1
  250. help
  251. RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017)
  252. config CRYPTO_DH
  253. tristate "DH (Diffie-Hellman)"
  254. select CRYPTO_KPP
  255. select MPILIB
  256. help
  257. DH (Diffie-Hellman) key exchange algorithm
  258. config CRYPTO_DH_RFC7919_GROUPS
  259. bool "RFC 7919 FFDHE groups"
  260. depends on CRYPTO_DH
  261. select CRYPTO_RNG_DEFAULT
  262. help
  263. FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups
  264. defined in RFC7919.
  265. Support these finite-field groups in DH key exchanges:
  266. - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
  267. If unsure, say N.
  268. config CRYPTO_ECC
  269. tristate
  270. select CRYPTO_RNG_DEFAULT
  271. config CRYPTO_ECDH
  272. tristate "ECDH (Elliptic Curve Diffie-Hellman)"
  273. select CRYPTO_ECC
  274. select CRYPTO_KPP
  275. help
  276. ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm
  277. using curves P-192, P-256, and P-384 (FIPS 186)
  278. config CRYPTO_ECDSA
  279. tristate "ECDSA (Elliptic Curve Digital Signature Algorithm)"
  280. select CRYPTO_ECC
  281. select CRYPTO_AKCIPHER
  282. select ASN1
  283. help
  284. ECDSA (Elliptic Curve Digital Signature Algorithm) (FIPS 186,
  285. ISO/IEC 14888-3)
  286. using curves P-192, P-256, and P-384
  287. Only signature verification is implemented.
  288. config CRYPTO_ECRDSA
  289. tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)"
  290. select CRYPTO_ECC
  291. select CRYPTO_AKCIPHER
  292. select CRYPTO_STREEBOG
  293. select OID_REGISTRY
  294. select ASN1
  295. help
  296. Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
  297. RFC 7091, ISO/IEC 14888-3)
  298. One of the Russian cryptographic standard algorithms (called GOST
  299. algorithms). Only signature verification is implemented.
  300. config CRYPTO_SM2
  301. tristate "SM2 (ShangMi 2)"
  302. select CRYPTO_SM3
  303. select CRYPTO_AKCIPHER
  304. select CRYPTO_MANAGER
  305. select MPILIB
  306. select ASN1
  307. help
  308. SM2 (ShangMi 2) public key algorithm
  309. Published by State Encryption Management Bureau, China,
  310. as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
  311. References:
  312. https://datatracker.ietf.org/doc/draft-shen-sm2-ecdsa/
  313. http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
  314. http://www.gmbz.org.cn/main/bzlb.html
  315. config CRYPTO_CURVE25519
  316. tristate "Curve25519"
  317. select CRYPTO_KPP
  318. select CRYPTO_LIB_CURVE25519_GENERIC
  319. help
  320. Curve25519 elliptic curve (RFC7748)
  321. endmenu
  322. menu "Block ciphers"
  323. config CRYPTO_AES
  324. tristate "AES (Advanced Encryption Standard)"
  325. select CRYPTO_ALGAPI
  326. select CRYPTO_LIB_AES
  327. help
  328. AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
  329. Rijndael appears to be consistently a very good performer in
  330. both hardware and software across a wide range of computing
  331. environments regardless of its use in feedback or non-feedback
  332. modes. Its key setup time is excellent, and its key agility is
  333. good. Rijndael's very low memory requirements make it very well
  334. suited for restricted-space environments, in which it also
  335. demonstrates excellent performance. Rijndael's operations are
  336. among the easiest to defend against power and timing attacks.
  337. The AES specifies three key sizes: 128, 192 and 256 bits
  338. config CRYPTO_AES_TI
  339. tristate "AES (Advanced Encryption Standard) (fixed time)"
  340. select CRYPTO_ALGAPI
  341. select CRYPTO_LIB_AES
  342. help
  343. AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
  344. This is a generic implementation of AES that attempts to eliminate
  345. data dependent latencies as much as possible without affecting
  346. performance too much. It is intended for use by the generic CCM
  347. and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
  348. solely on encryption (although decryption is supported as well, but
  349. with a more dramatic performance hit)
  350. Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
  351. 8 for decryption), this implementation only uses just two S-boxes of
  352. 256 bytes each, and attempts to eliminate data dependent latencies by
  353. prefetching the entire table into the cache at the start of each
  354. block. Interrupts are also disabled to avoid races where cachelines
  355. are evicted when the CPU is interrupted to do something else.
  356. config CRYPTO_ANUBIS
  357. tristate "Anubis"
  358. depends on CRYPTO_USER_API_ENABLE_OBSOLETE
  359. select CRYPTO_ALGAPI
  360. help
  361. Anubis cipher algorithm
  362. Anubis is a variable key length cipher which can use keys from
  363. 128 bits to 320 bits in length. It was evaluated as a entrant
  364. in the NESSIE competition.
  365. See https://web.archive.org/web/20160606112246/http://www.larc.usp.br/~pbarreto/AnubisPage.html
  366. for further information.
  367. config CRYPTO_ARIA
  368. tristate "ARIA"
  369. select CRYPTO_ALGAPI
  370. help
  371. ARIA cipher algorithm (RFC5794)
  372. ARIA is a standard encryption algorithm of the Republic of Korea.
  373. The ARIA specifies three key sizes and rounds.
  374. 128-bit: 12 rounds.
  375. 192-bit: 14 rounds.
  376. 256-bit: 16 rounds.
  377. See:
  378. https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do
  379. config CRYPTO_BLOWFISH
  380. tristate "Blowfish"
  381. select CRYPTO_ALGAPI
  382. select CRYPTO_BLOWFISH_COMMON
  383. help
  384. Blowfish cipher algorithm, by Bruce Schneier
  385. This is a variable key length cipher which can use keys from 32
  386. bits to 448 bits in length. It's fast, simple and specifically
  387. designed for use on "large microprocessors".
  388. See https://www.schneier.com/blowfish.html for further information.
  389. config CRYPTO_BLOWFISH_COMMON
  390. tristate
  391. help
  392. Common parts of the Blowfish cipher algorithm shared by the
  393. generic c and the assembler implementations.
  394. config CRYPTO_CAMELLIA
  395. tristate "Camellia"
  396. select CRYPTO_ALGAPI
  397. help
  398. Camellia cipher algorithms (ISO/IEC 18033-3)
  399. Camellia is a symmetric key block cipher developed jointly
  400. at NTT and Mitsubishi Electric Corporation.
  401. The Camellia specifies three key sizes: 128, 192 and 256 bits.
  402. See https://info.isl.ntt.co.jp/crypt/eng/camellia/ for further information.
  403. config CRYPTO_CAST_COMMON
  404. tristate
  405. help
  406. Common parts of the CAST cipher algorithms shared by the
  407. generic c and the assembler implementations.
  408. config CRYPTO_CAST5
  409. tristate "CAST5 (CAST-128)"
  410. select CRYPTO_ALGAPI
  411. select CRYPTO_CAST_COMMON
  412. help
  413. CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3)
  414. config CRYPTO_CAST6
  415. tristate "CAST6 (CAST-256)"
  416. select CRYPTO_ALGAPI
  417. select CRYPTO_CAST_COMMON
  418. help
  419. CAST6 (CAST-256) encryption algorithm (RFC2612)
  420. config CRYPTO_DES
  421. tristate "DES and Triple DES EDE"
  422. select CRYPTO_ALGAPI
  423. select CRYPTO_LIB_DES
  424. help
  425. DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and
  426. Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3)
  427. cipher algorithms
  428. config CRYPTO_FCRYPT
  429. tristate "FCrypt"
  430. select CRYPTO_ALGAPI
  431. select CRYPTO_SKCIPHER
  432. help
  433. FCrypt algorithm used by RxRPC
  434. See https://ota.polyonymo.us/fcrypt-paper.txt
  435. config CRYPTO_KHAZAD
  436. tristate "Khazad"
  437. depends on CRYPTO_USER_API_ENABLE_OBSOLETE
  438. select CRYPTO_ALGAPI
  439. help
  440. Khazad cipher algorithm
  441. Khazad was a finalist in the initial NESSIE competition. It is
  442. an algorithm optimized for 64-bit processors with good performance
  443. on 32-bit processors. Khazad uses an 128 bit key size.
  444. See https://web.archive.org/web/20171011071731/http://www.larc.usp.br/~pbarreto/KhazadPage.html
  445. for further information.
  446. config CRYPTO_SEED
  447. tristate "SEED"
  448. depends on CRYPTO_USER_API_ENABLE_OBSOLETE
  449. select CRYPTO_ALGAPI
  450. help
  451. SEED cipher algorithm (RFC4269, ISO/IEC 18033-3)
  452. SEED is a 128-bit symmetric key block cipher that has been
  453. developed by KISA (Korea Information Security Agency) as a
  454. national standard encryption algorithm of the Republic of Korea.
  455. It is a 16 round block cipher with the key size of 128 bit.
  456. See https://seed.kisa.or.kr/kisa/algorithm/EgovSeedInfo.do
  457. for further information.
  458. config CRYPTO_SERPENT
  459. tristate "Serpent"
  460. select CRYPTO_ALGAPI
  461. help
  462. Serpent cipher algorithm, by Anderson, Biham & Knudsen
  463. Keys are allowed to be from 0 to 256 bits in length, in steps
  464. of 8 bits.
  465. See https://www.cl.cam.ac.uk/~rja14/serpent.html for further information.
  466. config CRYPTO_SM4
  467. tristate
  468. config CRYPTO_SM4_GENERIC
  469. tristate "SM4 (ShangMi 4)"
  470. select CRYPTO_ALGAPI
  471. select CRYPTO_SM4
  472. help
  473. SM4 cipher algorithms (OSCCA GB/T 32907-2016,
  474. ISO/IEC 18033-3:2010/Amd 1:2021)
  475. SM4 (GBT.32907-2016) is a cryptographic standard issued by the
  476. Organization of State Commercial Administration of China (OSCCA)
  477. as an authorized cryptographic algorithms for the use within China.
  478. SMS4 was originally created for use in protecting wireless
  479. networks, and is mandated in the Chinese National Standard for
  480. Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
  481. (GB.15629.11-2003).
  482. The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
  483. standardized through TC 260 of the Standardization Administration
  484. of the People's Republic of China (SAC).
  485. The input, output, and key of SMS4 are each 128 bits.
  486. See https://eprint.iacr.org/2008/329.pdf for further information.
  487. If unsure, say N.
  488. config CRYPTO_TEA
  489. tristate "TEA, XTEA and XETA"
  490. depends on CRYPTO_USER_API_ENABLE_OBSOLETE
  491. select CRYPTO_ALGAPI
  492. help
  493. TEA (Tiny Encryption Algorithm) cipher algorithms
  494. Tiny Encryption Algorithm is a simple cipher that uses
  495. many rounds for security. It is very fast and uses
  496. little memory.
  497. Xtendend Tiny Encryption Algorithm is a modification to
  498. the TEA algorithm to address a potential key weakness
  499. in the TEA algorithm.
  500. Xtendend Encryption Tiny Algorithm is a mis-implementation
  501. of the XTEA algorithm for compatibility purposes.
  502. config CRYPTO_TWOFISH
  503. tristate "Twofish"
  504. select CRYPTO_ALGAPI
  505. select CRYPTO_TWOFISH_COMMON
  506. help
  507. Twofish cipher algorithm
  508. Twofish was submitted as an AES (Advanced Encryption Standard)
  509. candidate cipher by researchers at CounterPane Systems. It is a
  510. 16 round block cipher supporting key sizes of 128, 192, and 256
  511. bits.
  512. See https://www.schneier.com/twofish.html for further information.
  513. config CRYPTO_TWOFISH_COMMON
  514. tristate
  515. help
  516. Common parts of the Twofish cipher algorithm shared by the
  517. generic c and the assembler implementations.
  518. endmenu
  519. menu "Length-preserving ciphers and modes"
  520. config CRYPTO_ADIANTUM
  521. tristate "Adiantum"
  522. select CRYPTO_CHACHA20
  523. select CRYPTO_LIB_POLY1305_GENERIC
  524. select CRYPTO_NHPOLY1305
  525. select CRYPTO_MANAGER
  526. help
  527. Adiantum tweakable, length-preserving encryption mode
  528. Designed for fast and secure disk encryption, especially on
  529. CPUs without dedicated crypto instructions. It encrypts
  530. each sector using the XChaCha12 stream cipher, two passes of
  531. an ε-almost-∆-universal hash function, and an invocation of
  532. the AES-256 block cipher on a single 16-byte block. On CPUs
  533. without AES instructions, Adiantum is much faster than
  534. AES-XTS.
  535. Adiantum's security is provably reducible to that of its
  536. underlying stream and block ciphers, subject to a security
  537. bound. Unlike XTS, Adiantum is a true wide-block encryption
  538. mode, so it actually provides an even stronger notion of
  539. security than XTS, subject to the security bound.
  540. If unsure, say N.
  541. config CRYPTO_ARC4
  542. tristate "ARC4 (Alleged Rivest Cipher 4)"
  543. depends on CRYPTO_USER_API_ENABLE_OBSOLETE
  544. select CRYPTO_SKCIPHER
  545. select CRYPTO_LIB_ARC4
  546. help
  547. ARC4 cipher algorithm
  548. ARC4 is a stream cipher using keys ranging from 8 bits to 2048
  549. bits in length. This algorithm is required for driver-based
  550. WEP, but it should not be for other purposes because of the
  551. weakness of the algorithm.
  552. config CRYPTO_CHACHA20
  553. tristate "ChaCha"
  554. select CRYPTO_LIB_CHACHA_GENERIC
  555. select CRYPTO_SKCIPHER
  556. help
  557. The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms
  558. ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
  559. Bernstein and further specified in RFC7539 for use in IETF protocols.
  560. This is the portable C implementation of ChaCha20. See
  561. https://cr.yp.to/chacha/chacha-20080128.pdf for further information.
  562. XChaCha20 is the application of the XSalsa20 construction to ChaCha20
  563. rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
  564. from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
  565. while provably retaining ChaCha20's security. See
  566. https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information.
  567. XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
  568. reduced security margin but increased performance. It can be needed
  569. in some performance-sensitive scenarios.
  570. config CRYPTO_CBC
  571. tristate "CBC (Cipher Block Chaining)"
  572. select CRYPTO_SKCIPHER
  573. select CRYPTO_MANAGER
  574. help
  575. CBC (Cipher Block Chaining) mode (NIST SP800-38A)
  576. This block cipher mode is required for IPSec ESP (XFRM_ESP).
  577. config CRYPTO_CFB
  578. tristate "CFB (Cipher Feedback)"
  579. select CRYPTO_SKCIPHER
  580. select CRYPTO_MANAGER
  581. help
  582. CFB (Cipher Feedback) mode (NIST SP800-38A)
  583. This block cipher mode is required for TPM2 Cryptography.
  584. config CRYPTO_CTR
  585. tristate "CTR (Counter)"
  586. select CRYPTO_SKCIPHER
  587. select CRYPTO_MANAGER
  588. help
  589. CTR (Counter) mode (NIST SP800-38A)
  590. config CRYPTO_CTS
  591. tristate "CTS (Cipher Text Stealing)"
  592. select CRYPTO_SKCIPHER
  593. select CRYPTO_MANAGER
  594. help
  595. CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST
  596. Addendum to SP800-38A (October 2010))
  597. This mode is required for Kerberos gss mechanism support
  598. for AES encryption.
  599. config CRYPTO_ECB
  600. tristate "ECB (Electronic Codebook)"
  601. select CRYPTO_SKCIPHER
  602. select CRYPTO_MANAGER
  603. help
  604. ECB (Electronic Codebook) mode (NIST SP800-38A)
  605. config CRYPTO_HCTR2
  606. tristate "HCTR2"
  607. select CRYPTO_XCTR
  608. select CRYPTO_POLYVAL
  609. select CRYPTO_MANAGER
  610. help
  611. HCTR2 length-preserving encryption mode
  612. A mode for storage encryption that is efficient on processors with
  613. instructions to accelerate AES and carryless multiplication, e.g.
  614. x86 processors with AES-NI and CLMUL, and ARM processors with the
  615. ARMv8 crypto extensions.
  616. See https://eprint.iacr.org/2021/1441
  617. config CRYPTO_KEYWRAP
  618. tristate "KW (AES Key Wrap)"
  619. select CRYPTO_SKCIPHER
  620. select CRYPTO_MANAGER
  621. help
  622. KW (AES Key Wrap) authenticated encryption mode (NIST SP800-38F
  623. and RFC3394) without padding.
  624. config CRYPTO_LRW
  625. tristate "LRW (Liskov Rivest Wagner)"
  626. select CRYPTO_SKCIPHER
  627. select CRYPTO_MANAGER
  628. select CRYPTO_GF128MUL
  629. select CRYPTO_ECB
  630. help
  631. LRW (Liskov Rivest Wagner) mode
  632. A tweakable, non malleable, non movable
  633. narrow block cipher mode for dm-crypt. Use it with cipher
  634. specification string aes-lrw-benbi, the key must be 256, 320 or 384.
  635. The first 128, 192 or 256 bits in the key are used for AES and the
  636. rest is used to tie each cipher block to its logical position.
  637. See https://people.csail.mit.edu/rivest/pubs/LRW02.pdf
  638. config CRYPTO_OFB
  639. tristate "OFB (Output Feedback)"
  640. select CRYPTO_SKCIPHER
  641. select CRYPTO_MANAGER
  642. help
  643. OFB (Output Feedback) mode (NIST SP800-38A)
  644. This mode makes a block cipher into a synchronous
  645. stream cipher. It generates keystream blocks, which are then XORed
  646. with the plaintext blocks to get the ciphertext. Flipping a bit in the
  647. ciphertext produces a flipped bit in the plaintext at the same
  648. location. This property allows many error correcting codes to function
  649. normally even when applied before encryption.
  650. config CRYPTO_PCBC
  651. tristate "PCBC (Propagating Cipher Block Chaining)"
  652. select CRYPTO_SKCIPHER
  653. select CRYPTO_MANAGER
  654. help
  655. PCBC (Propagating Cipher Block Chaining) mode
  656. This block cipher mode is required for RxRPC.
  657. config CRYPTO_XCTR
  658. tristate
  659. select CRYPTO_SKCIPHER
  660. select CRYPTO_MANAGER
  661. help
  662. XCTR (XOR Counter) mode for HCTR2
  663. This blockcipher mode is a variant of CTR mode using XORs and little-endian
  664. addition rather than big-endian arithmetic.
  665. XCTR mode is used to implement HCTR2.
  666. config CRYPTO_XTS
  667. tristate "XTS (XOR Encrypt XOR with ciphertext stealing)"
  668. select CRYPTO_SKCIPHER
  669. select CRYPTO_MANAGER
  670. select CRYPTO_ECB
  671. help
  672. XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
  673. and IEEE 1619)
  674. Use with aes-xts-plain, key size 256, 384 or 512 bits. This
  675. implementation currently can't handle a sectorsize which is not a
  676. multiple of 16 bytes.
  677. config CRYPTO_NHPOLY1305
  678. tristate
  679. select CRYPTO_HASH
  680. select CRYPTO_LIB_POLY1305_GENERIC
  681. endmenu
  682. menu "AEAD (authenticated encryption with associated data) ciphers"
  683. config CRYPTO_AEGIS128
  684. tristate "AEGIS-128"
  685. select CRYPTO_AEAD
  686. select CRYPTO_AES # for AES S-box tables
  687. help
  688. AEGIS-128 AEAD algorithm
  689. config CRYPTO_AEGIS128_SIMD
  690. bool "AEGIS-128 (arm NEON, arm64 NEON)"
  691. depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
  692. default y
  693. help
  694. AEGIS-128 AEAD algorithm
  695. Architecture: arm or arm64 using:
  696. - NEON (Advanced SIMD) extension
  697. config CRYPTO_CHACHA20POLY1305
  698. tristate "ChaCha20-Poly1305"
  699. select CRYPTO_CHACHA20
  700. select CRYPTO_POLY1305
  701. select CRYPTO_AEAD
  702. select CRYPTO_MANAGER
  703. help
  704. ChaCha20 stream cipher and Poly1305 authenticator combined
  705. mode (RFC8439)
  706. config CRYPTO_CCM
  707. tristate "CCM (Counter with Cipher Block Chaining-MAC)"
  708. select CRYPTO_CTR
  709. select CRYPTO_HASH
  710. select CRYPTO_AEAD
  711. select CRYPTO_MANAGER
  712. help
  713. CCM (Counter with Cipher Block Chaining-Message Authentication Code)
  714. authenticated encryption mode (NIST SP800-38C)
  715. config CRYPTO_GCM
  716. tristate "GCM (Galois/Counter Mode) and GMAC (GCM MAC)"
  717. select CRYPTO_CTR
  718. select CRYPTO_AEAD
  719. select CRYPTO_GHASH
  720. select CRYPTO_NULL
  721. select CRYPTO_MANAGER
  722. help
  723. GCM (Galois/Counter Mode) authenticated encryption mode and GMAC
  724. (GCM Message Authentication Code) (NIST SP800-38D)
  725. This is required for IPSec ESP (XFRM_ESP).
  726. config CRYPTO_SEQIV
  727. tristate "Sequence Number IV Generator"
  728. select CRYPTO_AEAD
  729. select CRYPTO_SKCIPHER
  730. select CRYPTO_NULL
  731. select CRYPTO_RNG_DEFAULT
  732. select CRYPTO_MANAGER
  733. help
  734. Sequence Number IV generator
  735. This IV generator generates an IV based on a sequence number by
  736. xoring it with a salt. This algorithm is mainly useful for CTR.
  737. This is required for IPsec ESP (XFRM_ESP).
  738. config CRYPTO_ECHAINIV
  739. tristate "Encrypted Chain IV Generator"
  740. select CRYPTO_AEAD
  741. select CRYPTO_NULL
  742. select CRYPTO_RNG_DEFAULT
  743. select CRYPTO_MANAGER
  744. help
  745. Encrypted Chain IV generator
  746. This IV generator generates an IV based on the encryption of
  747. a sequence number xored with a salt. This is the default
  748. algorithm for CBC.
  749. config CRYPTO_ESSIV
  750. tristate "Encrypted Salt-Sector IV Generator"
  751. select CRYPTO_AUTHENC
  752. help
  753. Encrypted Salt-Sector IV generator
  754. This IV generator is used in some cases by fscrypt and/or
  755. dm-crypt. It uses the hash of the block encryption key as the
  756. symmetric key for a block encryption pass applied to the input
  757. IV, making low entropy IV sources more suitable for block
  758. encryption.
  759. This driver implements a crypto API template that can be
  760. instantiated either as an skcipher or as an AEAD (depending on the
  761. type of the first template argument), and which defers encryption
  762. and decryption requests to the encapsulated cipher after applying
  763. ESSIV to the input IV. Note that in the AEAD case, it is assumed
  764. that the keys are presented in the same format used by the authenc
  765. template, and that the IV appears at the end of the authenticated
  766. associated data (AAD) region (which is how dm-crypt uses it.)
  767. Note that the use of ESSIV is not recommended for new deployments,
  768. and so this only needs to be enabled when interoperability with
  769. existing encrypted volumes of filesystems is required, or when
  770. building for a particular system that requires it (e.g., when
  771. the SoC in question has accelerated CBC but not XTS, making CBC
  772. combined with ESSIV the only feasible mode for h/w accelerated
  773. block encryption)
  774. endmenu
  775. menu "Hashes, digests, and MACs"
  776. config CRYPTO_BLAKE2B
  777. tristate "BLAKE2b"
  778. select CRYPTO_HASH
  779. help
  780. BLAKE2b cryptographic hash function (RFC 7693)
  781. BLAKE2b is optimized for 64-bit platforms and can produce digests
  782. of any size between 1 and 64 bytes. The keyed hash is also implemented.
  783. This module provides the following algorithms:
  784. - blake2b-160
  785. - blake2b-256
  786. - blake2b-384
  787. - blake2b-512
  788. Used by the btrfs filesystem.
  789. See https://blake2.net for further information.
  790. config CRYPTO_CMAC
  791. tristate "CMAC (Cipher-based MAC)"
  792. select CRYPTO_HASH
  793. select CRYPTO_MANAGER
  794. help
  795. CMAC (Cipher-based Message Authentication Code) authentication
  796. mode (NIST SP800-38B and IETF RFC4493)
  797. config CRYPTO_GHASH
  798. tristate "GHASH"
  799. select CRYPTO_GF128MUL
  800. select CRYPTO_HASH
  801. help
  802. GCM GHASH function (NIST SP800-38D)
  803. config CRYPTO_HMAC
  804. tristate "HMAC (Keyed-Hash MAC)"
  805. select CRYPTO_HASH
  806. select CRYPTO_MANAGER
  807. help
  808. HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and
  809. RFC2104)
  810. This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
  811. config CRYPTO_MD4
  812. tristate "MD4"
  813. select CRYPTO_HASH
  814. help
  815. MD4 message digest algorithm (RFC1320)
  816. config CRYPTO_MD5
  817. tristate "MD5"
  818. select CRYPTO_HASH
  819. help
  820. MD5 message digest algorithm (RFC1321)
  821. config CRYPTO_MICHAEL_MIC
  822. tristate "Michael MIC"
  823. select CRYPTO_HASH
  824. help
  825. Michael MIC (Message Integrity Code) (IEEE 802.11i)
  826. Defined by the IEEE 802.11i TKIP (Temporal Key Integrity Protocol),
  827. known as WPA (Wif-Fi Protected Access).
  828. This algorithm is required for TKIP, but it should not be used for
  829. other purposes because of the weakness of the algorithm.
  830. config CRYPTO_POLYVAL
  831. tristate
  832. select CRYPTO_GF128MUL
  833. select CRYPTO_HASH
  834. help
  835. POLYVAL hash function for HCTR2
  836. This is used in HCTR2. It is not a general-purpose
  837. cryptographic hash function.
  838. config CRYPTO_POLY1305
  839. tristate "Poly1305"
  840. select CRYPTO_HASH
  841. select CRYPTO_LIB_POLY1305_GENERIC
  842. help
  843. Poly1305 authenticator algorithm (RFC7539)
  844. Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
  845. It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
  846. in IETF protocols. This is the portable C implementation of Poly1305.
  847. config CRYPTO_RMD160
  848. tristate "RIPEMD-160"
  849. select CRYPTO_HASH
  850. help
  851. RIPEMD-160 hash function (ISO/IEC 10118-3)
  852. RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
  853. to be used as a secure replacement for the 128-bit hash functions
  854. MD4, MD5 and its predecessor RIPEMD
  855. (not to be confused with RIPEMD-128).
  856. Its speed is comparable to SHA-1 and there are no known attacks
  857. against RIPEMD-160.
  858. Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
  859. See https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
  860. for further information.
  861. config CRYPTO_SHA1
  862. tristate "SHA-1"
  863. select CRYPTO_HASH
  864. select CRYPTO_LIB_SHA1
  865. help
  866. SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3)
  867. config CRYPTO_SHA256
  868. tristate "SHA-224 and SHA-256"
  869. select CRYPTO_HASH
  870. select CRYPTO_LIB_SHA256
  871. help
  872. SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
  873. This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
  874. Used by the btrfs filesystem, Ceph, NFS, and SMB.
  875. config CRYPTO_SHA512
  876. tristate "SHA-384 and SHA-512"
  877. select CRYPTO_HASH
  878. help
  879. SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 10118-3)
  880. config CRYPTO_SHA3
  881. tristate "SHA-3"
  882. select CRYPTO_HASH
  883. help
  884. SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3)
  885. config CRYPTO_SM3
  886. tristate
  887. config CRYPTO_SM3_GENERIC
  888. tristate "SM3 (ShangMi 3)"
  889. select CRYPTO_HASH
  890. select CRYPTO_SM3
  891. help
  892. SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3)
  893. This is part of the Chinese Commercial Cryptography suite.
  894. References:
  895. http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
  896. https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
  897. config CRYPTO_STREEBOG
  898. tristate "Streebog"
  899. select CRYPTO_HASH
  900. help
  901. Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3)
  902. This is one of the Russian cryptographic standard algorithms (called
  903. GOST algorithms). This setting enables two hash algorithms with
  904. 256 and 512 bits output.
  905. References:
  906. https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
  907. https://tools.ietf.org/html/rfc6986
  908. config CRYPTO_VMAC
  909. tristate "VMAC"
  910. select CRYPTO_HASH
  911. select CRYPTO_MANAGER
  912. help
  913. VMAC is a message authentication algorithm designed for
  914. very high speed on 64-bit architectures.
  915. See https://fastcrypto.org/vmac for further information.
  916. config CRYPTO_WP512
  917. tristate "Whirlpool"
  918. select CRYPTO_HASH
  919. help
  920. Whirlpool hash function (ISO/IEC 10118-3)
  921. 512, 384 and 256-bit hashes.
  922. Whirlpool-512 is part of the NESSIE cryptographic primitives.
  923. See https://web.archive.org/web/20171129084214/http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
  924. for further information.
  925. config CRYPTO_XCBC
  926. tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)"
  927. select CRYPTO_HASH
  928. select CRYPTO_MANAGER
  929. help
  930. XCBC-MAC (Extended Cipher Block Chaining Message Authentication
  931. Code) (RFC3566)
  932. config CRYPTO_XXHASH
  933. tristate "xxHash"
  934. select CRYPTO_HASH
  935. select XXHASH
  936. help
  937. xxHash non-cryptographic hash algorithm
  938. Extremely fast, working at speeds close to RAM limits.
  939. Used by the btrfs filesystem.
  940. endmenu
  941. menu "CRCs (cyclic redundancy checks)"
  942. config CRYPTO_CRC32C
  943. tristate "CRC32c"
  944. select CRYPTO_HASH
  945. select CRC32
  946. help
  947. CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720)
  948. A 32-bit CRC (cyclic redundancy check) with a polynomial defined
  949. by G. Castagnoli, S. Braeuer and M. Herrman in "Optimization of Cyclic
  950. Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions
  951. on Communications, Vol. 41, No. 6, June 1993, selected for use with
  952. iSCSI.
  953. Used by btrfs, ext4, jbd2, NVMeoF/TCP, and iSCSI.
  954. config CRYPTO_CRC32
  955. tristate "CRC32"
  956. select CRYPTO_HASH
  957. select CRC32
  958. help
  959. CRC32 CRC algorithm (IEEE 802.3)
  960. Used by RoCEv2 and f2fs.
  961. config CRYPTO_CRCT10DIF
  962. tristate "CRCT10DIF"
  963. select CRYPTO_HASH
  964. help
  965. CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF)
  966. CRC algorithm used by the SCSI Block Commands standard.
  967. config CRYPTO_CRC64_ROCKSOFT
  968. tristate "CRC64 based on Rocksoft Model algorithm"
  969. depends on CRC64
  970. select CRYPTO_HASH
  971. help
  972. CRC64 CRC algorithm based on the Rocksoft Model CRC Algorithm
  973. Used by the NVMe implementation of T10 DIF (BLK_DEV_INTEGRITY)
  974. See https://zlib.net/crc_v3.txt
  975. endmenu
  976. menu "Compression"
  977. config CRYPTO_DEFLATE
  978. tristate "Deflate"
  979. select CRYPTO_ALGAPI
  980. select CRYPTO_ACOMP2
  981. select ZLIB_INFLATE
  982. select ZLIB_DEFLATE
  983. help
  984. Deflate compression algorithm (RFC1951)
  985. Used by IPSec with the IPCOMP protocol (RFC3173, RFC2394)
  986. config CRYPTO_LZO
  987. tristate "LZO"
  988. select CRYPTO_ALGAPI
  989. select CRYPTO_ACOMP2
  990. select LZO_COMPRESS
  991. select LZO_DECOMPRESS
  992. help
  993. LZO compression algorithm
  994. See https://www.oberhumer.com/opensource/lzo/ for further information.
  995. config CRYPTO_842
  996. tristate "842"
  997. select CRYPTO_ALGAPI
  998. select CRYPTO_ACOMP2
  999. select 842_COMPRESS
  1000. select 842_DECOMPRESS
  1001. help
  1002. 842 compression algorithm by IBM
  1003. See https://github.com/plauth/lib842 for further information.
  1004. config CRYPTO_LZ4
  1005. tristate "LZ4"
  1006. select CRYPTO_ALGAPI
  1007. select CRYPTO_ACOMP2
  1008. select LZ4_COMPRESS
  1009. select LZ4_DECOMPRESS
  1010. help
  1011. LZ4 compression algorithm
  1012. See https://github.com/lz4/lz4 for further information.
  1013. config CRYPTO_LZ4HC
  1014. tristate "LZ4HC"
  1015. select CRYPTO_ALGAPI
  1016. select CRYPTO_ACOMP2
  1017. select LZ4HC_COMPRESS
  1018. select LZ4_DECOMPRESS
  1019. help
  1020. LZ4 high compression mode algorithm
  1021. See https://github.com/lz4/lz4 for further information.
  1022. config CRYPTO_ZSTD
  1023. tristate "Zstd"
  1024. select CRYPTO_ALGAPI
  1025. select CRYPTO_ACOMP2
  1026. select ZSTD_COMPRESS
  1027. select ZSTD_DECOMPRESS
  1028. help
  1029. zstd compression algorithm
  1030. See https://github.com/facebook/zstd for further information.
  1031. endmenu
  1032. menu "Random number generation"
  1033. config CRYPTO_ANSI_CPRNG
  1034. tristate "ANSI PRNG (Pseudo Random Number Generator)"
  1035. select CRYPTO_AES
  1036. select CRYPTO_RNG
  1037. help
  1038. Pseudo RNG (random number generator) (ANSI X9.31 Appendix A.2.4)
  1039. This uses the AES cipher algorithm.
  1040. Note that this option must be enabled if CRYPTO_FIPS is selected
  1041. menuconfig CRYPTO_DRBG_MENU
  1042. tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)"
  1043. help
  1044. DRBG (Deterministic Random Bit Generator) (NIST SP800-90A)
  1045. In the following submenu, one or more of the DRBG types must be selected.
  1046. if CRYPTO_DRBG_MENU
  1047. config CRYPTO_DRBG_HMAC
  1048. bool
  1049. default y
  1050. select CRYPTO_HMAC
  1051. select CRYPTO_SHA512
  1052. config CRYPTO_DRBG_HASH
  1053. bool "Hash_DRBG"
  1054. select CRYPTO_SHA256
  1055. help
  1056. Hash_DRBG variant as defined in NIST SP800-90A.
  1057. This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms.
  1058. config CRYPTO_DRBG_CTR
  1059. bool "CTR_DRBG"
  1060. select CRYPTO_AES
  1061. select CRYPTO_CTR
  1062. help
  1063. CTR_DRBG variant as defined in NIST SP800-90A.
  1064. This uses the AES cipher algorithm with the counter block mode.
  1065. config CRYPTO_DRBG
  1066. tristate
  1067. default CRYPTO_DRBG_MENU
  1068. select CRYPTO_RNG
  1069. select CRYPTO_JITTERENTROPY
  1070. endif # if CRYPTO_DRBG_MENU
  1071. config CRYPTO_JITTERENTROPY
  1072. tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)"
  1073. select CRYPTO_RNG
  1074. help
  1075. CPU Jitter RNG (Random Number Generator) from the Jitterentropy library
  1076. A non-physical non-deterministic ("true") RNG (e.g., an entropy source
  1077. compliant with NIST SP800-90B) intended to provide a seed to a
  1078. deterministic RNG (e.g. per NIST SP800-90C).
  1079. This RNG does not perform any cryptographic whitening of the generated
  1080. See https://www.chronox.de/jent.html
  1081. config CRYPTO_KDF800108_CTR
  1082. tristate
  1083. select CRYPTO_HMAC
  1084. select CRYPTO_SHA256
  1085. endmenu
  1086. menu "Userspace interface"
  1087. config CRYPTO_USER_API
  1088. tristate
  1089. config CRYPTO_USER_API_HASH
  1090. tristate "Hash algorithms"
  1091. depends on NET
  1092. select CRYPTO_HASH
  1093. select CRYPTO_USER_API
  1094. help
  1095. Enable the userspace interface for hash algorithms.
  1096. See Documentation/crypto/userspace-if.rst and
  1097. https://www.chronox.de/libkcapi/html/index.html
  1098. config CRYPTO_USER_API_SKCIPHER
  1099. tristate "Symmetric key cipher algorithms"
  1100. depends on NET
  1101. select CRYPTO_SKCIPHER
  1102. select CRYPTO_USER_API
  1103. help
  1104. Enable the userspace interface for symmetric key cipher algorithms.
  1105. See Documentation/crypto/userspace-if.rst and
  1106. https://www.chronox.de/libkcapi/html/index.html
  1107. config CRYPTO_USER_API_RNG
  1108. tristate "RNG (random number generator) algorithms"
  1109. depends on NET
  1110. select CRYPTO_RNG
  1111. select CRYPTO_USER_API
  1112. help
  1113. Enable the userspace interface for RNG (random number generator)
  1114. algorithms.
  1115. See Documentation/crypto/userspace-if.rst and
  1116. https://www.chronox.de/libkcapi/html/index.html
  1117. config CRYPTO_USER_API_RNG_CAVP
  1118. bool "Enable CAVP testing of DRBG"
  1119. depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
  1120. help
  1121. Enable extra APIs in the userspace interface for NIST CAVP
  1122. (Cryptographic Algorithm Validation Program) testing:
  1123. - resetting DRBG entropy
  1124. - providing Additional Data
  1125. This should only be enabled for CAVP testing. You should say
  1126. no unless you know what this is.
  1127. config CRYPTO_USER_API_AEAD
  1128. tristate "AEAD cipher algorithms"
  1129. depends on NET
  1130. select CRYPTO_AEAD
  1131. select CRYPTO_SKCIPHER
  1132. select CRYPTO_NULL
  1133. select CRYPTO_USER_API
  1134. help
  1135. Enable the userspace interface for AEAD cipher algorithms.
  1136. See Documentation/crypto/userspace-if.rst and
  1137. https://www.chronox.de/libkcapi/html/index.html
  1138. config CRYPTO_USER_API_ENABLE_OBSOLETE
  1139. bool "Obsolete cryptographic algorithms"
  1140. depends on CRYPTO_USER_API
  1141. default y
  1142. help
  1143. Allow obsolete cryptographic algorithms to be selected that have
  1144. already been phased out from internal use by the kernel, and are
  1145. only useful for userspace clients that still rely on them.
  1146. config CRYPTO_STATS
  1147. bool "Crypto usage statistics"
  1148. depends on CRYPTO_USER
  1149. help
  1150. Enable the gathering of crypto stats.
  1151. This collects data sizes, numbers of requests, and numbers
  1152. of errors processed by:
  1153. - AEAD ciphers (encrypt, decrypt)
  1154. - asymmetric key ciphers (encrypt, decrypt, verify, sign)
  1155. - symmetric key ciphers (encrypt, decrypt)
  1156. - compression algorithms (compress, decompress)
  1157. - hash algorithms (hash)
  1158. - key-agreement protocol primitives (setsecret, generate
  1159. public key, compute shared secret)
  1160. - RNG (generate, seed)
  1161. endmenu
  1162. config CRYPTO_HASH_INFO
  1163. bool
  1164. if !KMSAN # avoid false positives from assembly
  1165. if ARM
  1166. source "arch/arm/crypto/Kconfig"
  1167. endif
  1168. if ARM64
  1169. source "arch/arm64/crypto/Kconfig"
  1170. endif
  1171. if MIPS
  1172. source "arch/mips/crypto/Kconfig"
  1173. endif
  1174. if PPC
  1175. source "arch/powerpc/crypto/Kconfig"
  1176. endif
  1177. if S390
  1178. source "arch/s390/crypto/Kconfig"
  1179. endif
  1180. if SPARC
  1181. source "arch/sparc/crypto/Kconfig"
  1182. endif
  1183. if X86
  1184. source "arch/x86/crypto/Kconfig"
  1185. endif
  1186. endif
  1187. source "drivers/crypto/Kconfig"
  1188. source "crypto/asymmetric_keys/Kconfig"
  1189. source "certs/Kconfig"
  1190. endif # if CRYPTO