1# SPDX-License-Identifier: GPL-2.0 2# 3# Generic algorithms support 4# 5config XOR_BLOCKS 6 tristate 7 8# 9# async_tx api: hardware offloaded memory transfer/transform support 10# 11source "crypto/async_tx/Kconfig" 12 13# 14# Cryptographic API Configuration 15# 16menuconfig CRYPTO 17 tristate "Cryptographic API" 18 select CRYPTO_LIB_UTILS 19 help 20 This option provides the core Cryptographic API. 21 22if CRYPTO 23 24menu "Crypto core or helper" 25 26config CRYPTO_FIPS 27 bool "FIPS 200 compliance" 28 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && CRYPTO_SELFTESTS 29 depends on (MODULE_SIG || !MODULES) 30 help 31 This option enables the fips boot option which is 32 required if you want the system to operate in a FIPS 200 33 certification. You should say no unless you know what 34 this is. 35 36config CRYPTO_FIPS_NAME 37 string "FIPS Module Name" 38 default "Linux Kernel Cryptographic API" 39 depends on CRYPTO_FIPS 40 help 41 This option sets the FIPS Module name reported by the Crypto API via 42 the /proc/sys/crypto/fips_name file. 43 44config CRYPTO_FIPS_CUSTOM_VERSION 45 bool "Use Custom FIPS Module Version" 46 depends on CRYPTO_FIPS 47 default n 48 49config CRYPTO_FIPS_VERSION 50 string "FIPS Module Version" 51 default "(none)" 52 depends on CRYPTO_FIPS_CUSTOM_VERSION 53 help 54 This option provides the ability to override the FIPS Module Version. 55 By default the KERNELRELEASE value is used. 56 57config CRYPTO_ALGAPI 58 tristate 59 select CRYPTO_ALGAPI2 60 help 61 This option provides the API for cryptographic algorithms. 62 63config CRYPTO_ALGAPI2 64 tristate 65 66config CRYPTO_AEAD 67 tristate 68 select CRYPTO_AEAD2 69 select CRYPTO_ALGAPI 70 71config CRYPTO_AEAD2 72 tristate 73 select CRYPTO_ALGAPI2 74 75config CRYPTO_SIG 76 tristate 77 select CRYPTO_SIG2 78 select CRYPTO_ALGAPI 79 80config CRYPTO_SIG2 81 tristate 82 select CRYPTO_ALGAPI2 83 84config CRYPTO_SKCIPHER 85 tristate 86 select CRYPTO_SKCIPHER2 87 select CRYPTO_ALGAPI 88 select CRYPTO_ECB 89 90config CRYPTO_SKCIPHER2 91 tristate 92 select CRYPTO_ALGAPI2 93 94config CRYPTO_HASH 95 tristate 96 select CRYPTO_HASH2 97 select CRYPTO_ALGAPI 98 99config CRYPTO_HASH2 100 tristate 101 select CRYPTO_ALGAPI2 102 103config CRYPTO_RNG 104 tristate 105 select CRYPTO_RNG2 106 select CRYPTO_ALGAPI 107 108config CRYPTO_RNG2 109 tristate 110 select CRYPTO_ALGAPI2 111 112config CRYPTO_RNG_DEFAULT 113 tristate 114 select CRYPTO_DRBG_MENU 115 116config CRYPTO_AKCIPHER2 117 tristate 118 select CRYPTO_ALGAPI2 119 120config CRYPTO_AKCIPHER 121 tristate 122 select CRYPTO_AKCIPHER2 123 select CRYPTO_ALGAPI 124 125config CRYPTO_KPP2 126 tristate 127 select CRYPTO_ALGAPI2 128 129config CRYPTO_KPP 130 tristate 131 select CRYPTO_ALGAPI 132 select CRYPTO_KPP2 133 134config CRYPTO_ACOMP2 135 tristate 136 select CRYPTO_ALGAPI2 137 select SGL_ALLOC 138 139config CRYPTO_ACOMP 140 tristate 141 select CRYPTO_ALGAPI 142 select CRYPTO_ACOMP2 143 144config CRYPTO_HKDF 145 tristate 146 select CRYPTO_SHA256 if CRYPTO_SELFTESTS 147 select CRYPTO_SHA512 if CRYPTO_SELFTESTS 148 select CRYPTO_HASH2 149 150config CRYPTO_MANAGER 151 tristate 152 default CRYPTO_ALGAPI if CRYPTO_SELFTESTS 153 select CRYPTO_MANAGER2 154 help 155 This provides the support for instantiating templates such as 156 cbc(aes), and the support for the crypto self-tests. 157 158config CRYPTO_MANAGER2 159 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 160 select CRYPTO_ACOMP2 161 select CRYPTO_AEAD2 162 select CRYPTO_AKCIPHER2 163 select CRYPTO_SIG2 164 select CRYPTO_HASH2 165 select CRYPTO_KPP2 166 select CRYPTO_RNG2 167 select CRYPTO_SKCIPHER2 168 169config CRYPTO_USER 170 tristate "Userspace cryptographic algorithm configuration" 171 depends on NET 172 select CRYPTO_MANAGER 173 help 174 Userspace configuration for cryptographic instantiations such as 175 cbc(aes). 176 177config CRYPTO_SELFTESTS 178 bool "Enable cryptographic self-tests" 179 depends on DEBUG_KERNEL 180 help 181 Enable the cryptographic self-tests. 182 183 The cryptographic self-tests run at boot time, or at algorithm 184 registration time if algorithms are dynamically loaded later. 185 186 This is primarily intended for developer use. It should not be 187 enabled in production kernels, unless you are trying to use these 188 tests to fulfill a FIPS testing requirement. 189 190config CRYPTO_NULL 191 tristate "Null algorithms" 192 select CRYPTO_ALGAPI 193 select CRYPTO_SKCIPHER 194 select CRYPTO_HASH 195 help 196 These are 'Null' algorithms, used by IPsec, which do nothing. 197 198config CRYPTO_PCRYPT 199 tristate "Parallel crypto engine" 200 depends on SMP 201 select PADATA 202 select CRYPTO_MANAGER 203 select CRYPTO_AEAD 204 help 205 This converts an arbitrary crypto algorithm into a parallel 206 algorithm that executes in kernel threads. 207 208config CRYPTO_CRYPTD 209 tristate "Software async crypto daemon" 210 select CRYPTO_SKCIPHER 211 select CRYPTO_HASH 212 select CRYPTO_MANAGER 213 help 214 This is a generic software asynchronous crypto daemon that 215 converts an arbitrary synchronous software crypto algorithm 216 into an asynchronous algorithm that executes in a kernel thread. 217 218config CRYPTO_AUTHENC 219 tristate "Authenc support" 220 select CRYPTO_AEAD 221 select CRYPTO_SKCIPHER 222 select CRYPTO_MANAGER 223 select CRYPTO_HASH 224 help 225 Authenc: Combined mode wrapper for IPsec. 226 227 This is required for IPSec ESP (XFRM_ESP). 228 229config CRYPTO_KRB5ENC 230 tristate "Kerberos 5 combined hash+cipher support" 231 select CRYPTO_AEAD 232 select CRYPTO_SKCIPHER 233 select CRYPTO_MANAGER 234 select CRYPTO_HASH 235 help 236 Combined hash and cipher support for Kerberos 5 RFC3961 simplified 237 profile. This is required for Kerberos 5-style encryption, used by 238 sunrpc/NFS and rxrpc/AFS. 239 240config CRYPTO_BENCHMARK 241 tristate "Crypto benchmarking module" 242 depends on m || EXPERT 243 select CRYPTO_MANAGER 244 help 245 Quick & dirty crypto benchmarking module. 246 247 This is mainly intended for use by people developing cryptographic 248 algorithms in the kernel. It should not be enabled in production 249 kernels. 250 251config CRYPTO_SIMD 252 tristate 253 select CRYPTO_CRYPTD 254 255config CRYPTO_ENGINE 256 tristate 257 258endmenu 259 260menu "Public-key cryptography" 261 262config CRYPTO_RSA 263 tristate "RSA (Rivest-Shamir-Adleman)" 264 select CRYPTO_AKCIPHER 265 select CRYPTO_MANAGER 266 select CRYPTO_SIG 267 select MPILIB 268 select ASN1 269 help 270 RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017) 271 272config CRYPTO_DH 273 tristate "DH (Diffie-Hellman)" 274 select CRYPTO_KPP 275 select MPILIB 276 help 277 DH (Diffie-Hellman) key exchange algorithm 278 279config CRYPTO_DH_RFC7919_GROUPS 280 bool "RFC 7919 FFDHE groups" 281 depends on CRYPTO_DH 282 select CRYPTO_RNG_DEFAULT 283 help 284 FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups 285 defined in RFC7919. 286 287 Support these finite-field groups in DH key exchanges: 288 - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 289 290 If unsure, say N. 291 292config CRYPTO_ECC 293 tristate 294 select CRYPTO_RNG_DEFAULT 295 296config CRYPTO_ECDH 297 tristate "ECDH (Elliptic Curve Diffie-Hellman)" 298 select CRYPTO_ECC 299 select CRYPTO_KPP 300 help 301 ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm 302 using curves P-192, P-256, and P-384 (FIPS 186) 303 304config CRYPTO_ECDSA 305 tristate "ECDSA (Elliptic Curve Digital Signature Algorithm)" 306 select CRYPTO_ECC 307 select CRYPTO_SIG 308 select ASN1 309 help 310 ECDSA (Elliptic Curve Digital Signature Algorithm) (FIPS 186, 311 ISO/IEC 14888-3) 312 using curves P-192, P-256, P-384 and P-521 313 314 Only signature verification is implemented. 315 316config CRYPTO_ECRDSA 317 tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)" 318 select CRYPTO_ECC 319 select CRYPTO_SIG 320 select CRYPTO_STREEBOG 321 select OID_REGISTRY 322 select ASN1 323 help 324 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 325 RFC 7091, ISO/IEC 14888-3) 326 327 One of the Russian cryptographic standard algorithms (called GOST 328 algorithms). Only signature verification is implemented. 329 330config CRYPTO_CURVE25519 331 tristate "Curve25519" 332 select CRYPTO_KPP 333 select CRYPTO_LIB_CURVE25519_GENERIC 334 select CRYPTO_LIB_CURVE25519_INTERNAL 335 help 336 Curve25519 elliptic curve (RFC7748) 337 338endmenu 339 340menu "Block ciphers" 341 342config CRYPTO_AES 343 tristate "AES (Advanced Encryption Standard)" 344 select CRYPTO_ALGAPI 345 select CRYPTO_LIB_AES 346 help 347 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3) 348 349 Rijndael appears to be consistently a very good performer in 350 both hardware and software across a wide range of computing 351 environments regardless of its use in feedback or non-feedback 352 modes. Its key setup time is excellent, and its key agility is 353 good. Rijndael's very low memory requirements make it very well 354 suited for restricted-space environments, in which it also 355 demonstrates excellent performance. Rijndael's operations are 356 among the easiest to defend against power and timing attacks. 357 358 The AES specifies three key sizes: 128, 192 and 256 bits 359 360config CRYPTO_AES_TI 361 tristate "AES (Advanced Encryption Standard) (fixed time)" 362 select CRYPTO_ALGAPI 363 select CRYPTO_LIB_AES 364 help 365 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3) 366 367 This is a generic implementation of AES that attempts to eliminate 368 data dependent latencies as much as possible without affecting 369 performance too much. It is intended for use by the generic CCM 370 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 371 solely on encryption (although decryption is supported as well, but 372 with a more dramatic performance hit) 373 374 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 375 8 for decryption), this implementation only uses just two S-boxes of 376 256 bytes each, and attempts to eliminate data dependent latencies by 377 prefetching the entire table into the cache at the start of each 378 block. Interrupts are also disabled to avoid races where cachelines 379 are evicted when the CPU is interrupted to do something else. 380 381config CRYPTO_ANUBIS 382 tristate "Anubis" 383 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 384 select CRYPTO_ALGAPI 385 help 386 Anubis cipher algorithm 387 388 Anubis is a variable key length cipher which can use keys from 389 128 bits to 320 bits in length. It was evaluated as a entrant 390 in the NESSIE competition. 391 392 See https://web.archive.org/web/20160606112246/http://www.larc.usp.br/~pbarreto/AnubisPage.html 393 for further information. 394 395config CRYPTO_ARIA 396 tristate "ARIA" 397 select CRYPTO_ALGAPI 398 help 399 ARIA cipher algorithm (RFC5794) 400 401 ARIA is a standard encryption algorithm of the Republic of Korea. 402 The ARIA specifies three key sizes and rounds. 403 128-bit: 12 rounds. 404 192-bit: 14 rounds. 405 256-bit: 16 rounds. 406 407 See: 408 https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do 409 410config CRYPTO_BLOWFISH 411 tristate "Blowfish" 412 select CRYPTO_ALGAPI 413 select CRYPTO_BLOWFISH_COMMON 414 help 415 Blowfish cipher algorithm, by Bruce Schneier 416 417 This is a variable key length cipher which can use keys from 32 418 bits to 448 bits in length. It's fast, simple and specifically 419 designed for use on "large microprocessors". 420 421 See https://www.schneier.com/blowfish.html for further information. 422 423config CRYPTO_BLOWFISH_COMMON 424 tristate 425 help 426 Common parts of the Blowfish cipher algorithm shared by the 427 generic c and the assembler implementations. 428 429config CRYPTO_CAMELLIA 430 tristate "Camellia" 431 select CRYPTO_ALGAPI 432 help 433 Camellia cipher algorithms (ISO/IEC 18033-3) 434 435 Camellia is a symmetric key block cipher developed jointly 436 at NTT and Mitsubishi Electric Corporation. 437 438 The Camellia specifies three key sizes: 128, 192 and 256 bits. 439 440 See https://info.isl.ntt.co.jp/crypt/eng/camellia/ for further information. 441 442config CRYPTO_CAST_COMMON 443 tristate 444 help 445 Common parts of the CAST cipher algorithms shared by the 446 generic c and the assembler implementations. 447 448config CRYPTO_CAST5 449 tristate "CAST5 (CAST-128)" 450 select CRYPTO_ALGAPI 451 select CRYPTO_CAST_COMMON 452 help 453 CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3) 454 455config CRYPTO_CAST6 456 tristate "CAST6 (CAST-256)" 457 select CRYPTO_ALGAPI 458 select CRYPTO_CAST_COMMON 459 help 460 CAST6 (CAST-256) encryption algorithm (RFC2612) 461 462config CRYPTO_DES 463 tristate "DES and Triple DES EDE" 464 select CRYPTO_ALGAPI 465 select CRYPTO_LIB_DES 466 help 467 DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and 468 Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3) 469 cipher algorithms 470 471config CRYPTO_FCRYPT 472 tristate "FCrypt" 473 select CRYPTO_ALGAPI 474 select CRYPTO_SKCIPHER 475 help 476 FCrypt algorithm used by RxRPC 477 478 See https://ota.polyonymo.us/fcrypt-paper.txt 479 480config CRYPTO_KHAZAD 481 tristate "Khazad" 482 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 483 select CRYPTO_ALGAPI 484 help 485 Khazad cipher algorithm 486 487 Khazad was a finalist in the initial NESSIE competition. It is 488 an algorithm optimized for 64-bit processors with good performance 489 on 32-bit processors. Khazad uses an 128 bit key size. 490 491 See https://web.archive.org/web/20171011071731/http://www.larc.usp.br/~pbarreto/KhazadPage.html 492 for further information. 493 494config CRYPTO_SEED 495 tristate "SEED" 496 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 497 select CRYPTO_ALGAPI 498 help 499 SEED cipher algorithm (RFC4269, ISO/IEC 18033-3) 500 501 SEED is a 128-bit symmetric key block cipher that has been 502 developed by KISA (Korea Information Security Agency) as a 503 national standard encryption algorithm of the Republic of Korea. 504 It is a 16 round block cipher with the key size of 128 bit. 505 506 See https://seed.kisa.or.kr/kisa/algorithm/EgovSeedInfo.do 507 for further information. 508 509config CRYPTO_SERPENT 510 tristate "Serpent" 511 select CRYPTO_ALGAPI 512 help 513 Serpent cipher algorithm, by Anderson, Biham & Knudsen 514 515 Keys are allowed to be from 0 to 256 bits in length, in steps 516 of 8 bits. 517 518 See https://www.cl.cam.ac.uk/~rja14/serpent.html for further information. 519 520config CRYPTO_SM4 521 tristate 522 523config CRYPTO_SM4_GENERIC 524 tristate "SM4 (ShangMi 4)" 525 select CRYPTO_ALGAPI 526 select CRYPTO_SM4 527 help 528 SM4 cipher algorithms (OSCCA GB/T 32907-2016, 529 ISO/IEC 18033-3:2010/Amd 1:2021) 530 531 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 532 Organization of State Commercial Administration of China (OSCCA) 533 as an authorized cryptographic algorithms for the use within China. 534 535 SMS4 was originally created for use in protecting wireless 536 networks, and is mandated in the Chinese National Standard for 537 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 538 (GB.15629.11-2003). 539 540 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 541 standardized through TC 260 of the Standardization Administration 542 of the People's Republic of China (SAC). 543 544 The input, output, and key of SMS4 are each 128 bits. 545 546 See https://eprint.iacr.org/2008/329.pdf for further information. 547 548 If unsure, say N. 549 550config CRYPTO_TEA 551 tristate "TEA, XTEA and XETA" 552 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 553 select CRYPTO_ALGAPI 554 help 555 TEA (Tiny Encryption Algorithm) cipher algorithms 556 557 Tiny Encryption Algorithm is a simple cipher that uses 558 many rounds for security. It is very fast and uses 559 little memory. 560 561 Xtendend Tiny Encryption Algorithm is a modification to 562 the TEA algorithm to address a potential key weakness 563 in the TEA algorithm. 564 565 Xtendend Encryption Tiny Algorithm is a mis-implementation 566 of the XTEA algorithm for compatibility purposes. 567 568config CRYPTO_TWOFISH 569 tristate "Twofish" 570 select CRYPTO_ALGAPI 571 select CRYPTO_TWOFISH_COMMON 572 help 573 Twofish cipher algorithm 574 575 Twofish was submitted as an AES (Advanced Encryption Standard) 576 candidate cipher by researchers at CounterPane Systems. It is a 577 16 round block cipher supporting key sizes of 128, 192, and 256 578 bits. 579 580 See https://www.schneier.com/twofish.html for further information. 581 582config CRYPTO_TWOFISH_COMMON 583 tristate 584 help 585 Common parts of the Twofish cipher algorithm shared by the 586 generic c and the assembler implementations. 587 588endmenu 589 590menu "Length-preserving ciphers and modes" 591 592config CRYPTO_ADIANTUM 593 tristate "Adiantum" 594 select CRYPTO_CHACHA20 595 select CRYPTO_LIB_POLY1305_GENERIC 596 select CRYPTO_NHPOLY1305 597 select CRYPTO_MANAGER 598 help 599 Adiantum tweakable, length-preserving encryption mode 600 601 Designed for fast and secure disk encryption, especially on 602 CPUs without dedicated crypto instructions. It encrypts 603 each sector using the XChaCha12 stream cipher, two passes of 604 an ε-almost-∆-universal hash function, and an invocation of 605 the AES-256 block cipher on a single 16-byte block. On CPUs 606 without AES instructions, Adiantum is much faster than 607 AES-XTS. 608 609 Adiantum's security is provably reducible to that of its 610 underlying stream and block ciphers, subject to a security 611 bound. Unlike XTS, Adiantum is a true wide-block encryption 612 mode, so it actually provides an even stronger notion of 613 security than XTS, subject to the security bound. 614 615 If unsure, say N. 616 617config CRYPTO_ARC4 618 tristate "ARC4 (Alleged Rivest Cipher 4)" 619 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 620 select CRYPTO_SKCIPHER 621 select CRYPTO_LIB_ARC4 622 help 623 ARC4 cipher algorithm 624 625 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 626 bits in length. This algorithm is required for driver-based 627 WEP, but it should not be for other purposes because of the 628 weakness of the algorithm. 629 630config CRYPTO_CHACHA20 631 tristate "ChaCha" 632 select CRYPTO_LIB_CHACHA 633 select CRYPTO_LIB_CHACHA_GENERIC 634 select CRYPTO_SKCIPHER 635 help 636 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms 637 638 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 639 Bernstein and further specified in RFC7539 for use in IETF protocols. 640 This is the portable C implementation of ChaCha20. See 641 https://cr.yp.to/chacha/chacha-20080128.pdf for further information. 642 643 XChaCha20 is the application of the XSalsa20 construction to ChaCha20 644 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 645 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 646 while provably retaining ChaCha20's security. See 647 https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information. 648 649 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 650 reduced security margin but increased performance. It can be needed 651 in some performance-sensitive scenarios. 652 653config CRYPTO_CBC 654 tristate "CBC (Cipher Block Chaining)" 655 select CRYPTO_SKCIPHER 656 select CRYPTO_MANAGER 657 help 658 CBC (Cipher Block Chaining) mode (NIST SP800-38A) 659 660 This block cipher mode is required for IPSec ESP (XFRM_ESP). 661 662config CRYPTO_CTR 663 tristate "CTR (Counter)" 664 select CRYPTO_SKCIPHER 665 select CRYPTO_MANAGER 666 help 667 CTR (Counter) mode (NIST SP800-38A) 668 669config CRYPTO_CTS 670 tristate "CTS (Cipher Text Stealing)" 671 select CRYPTO_SKCIPHER 672 select CRYPTO_MANAGER 673 help 674 CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST 675 Addendum to SP800-38A (October 2010)) 676 677 This mode is required for Kerberos gss mechanism support 678 for AES encryption. 679 680config CRYPTO_ECB 681 tristate "ECB (Electronic Codebook)" 682 select CRYPTO_SKCIPHER2 683 select CRYPTO_MANAGER 684 help 685 ECB (Electronic Codebook) mode (NIST SP800-38A) 686 687config CRYPTO_HCTR2 688 tristate "HCTR2" 689 select CRYPTO_XCTR 690 select CRYPTO_POLYVAL 691 select CRYPTO_MANAGER 692 help 693 HCTR2 length-preserving encryption mode 694 695 A mode for storage encryption that is efficient on processors with 696 instructions to accelerate AES and carryless multiplication, e.g. 697 x86 processors with AES-NI and CLMUL, and ARM processors with the 698 ARMv8 crypto extensions. 699 700 See https://eprint.iacr.org/2021/1441 701 702config CRYPTO_LRW 703 tristate "LRW (Liskov Rivest Wagner)" 704 select CRYPTO_LIB_GF128MUL 705 select CRYPTO_SKCIPHER 706 select CRYPTO_MANAGER 707 select CRYPTO_ECB 708 help 709 LRW (Liskov Rivest Wagner) mode 710 711 A tweakable, non malleable, non movable 712 narrow block cipher mode for dm-crypt. Use it with cipher 713 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 714 The first 128, 192 or 256 bits in the key are used for AES and the 715 rest is used to tie each cipher block to its logical position. 716 717 See https://people.csail.mit.edu/rivest/pubs/LRW02.pdf 718 719config CRYPTO_PCBC 720 tristate "PCBC (Propagating Cipher Block Chaining)" 721 select CRYPTO_SKCIPHER 722 select CRYPTO_MANAGER 723 help 724 PCBC (Propagating Cipher Block Chaining) mode 725 726 This block cipher mode is required for RxRPC. 727 728config CRYPTO_XCTR 729 tristate 730 select CRYPTO_SKCIPHER 731 select CRYPTO_MANAGER 732 help 733 XCTR (XOR Counter) mode for HCTR2 734 735 This blockcipher mode is a variant of CTR mode using XORs and little-endian 736 addition rather than big-endian arithmetic. 737 738 XCTR mode is used to implement HCTR2. 739 740config CRYPTO_XTS 741 tristate "XTS (XOR Encrypt XOR with ciphertext stealing)" 742 select CRYPTO_SKCIPHER 743 select CRYPTO_MANAGER 744 select CRYPTO_ECB 745 help 746 XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E 747 and IEEE 1619) 748 749 Use with aes-xts-plain, key size 256, 384 or 512 bits. This 750 implementation currently can't handle a sectorsize which is not a 751 multiple of 16 bytes. 752 753config CRYPTO_NHPOLY1305 754 tristate 755 select CRYPTO_HASH 756 select CRYPTO_LIB_POLY1305_GENERIC 757 758endmenu 759 760menu "AEAD (authenticated encryption with associated data) ciphers" 761 762config CRYPTO_AEGIS128 763 tristate "AEGIS-128" 764 select CRYPTO_AEAD 765 select CRYPTO_AES # for AES S-box tables 766 help 767 AEGIS-128 AEAD algorithm 768 769config CRYPTO_AEGIS128_SIMD 770 bool "AEGIS-128 (arm NEON, arm64 NEON)" 771 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) 772 default y 773 help 774 AEGIS-128 AEAD algorithm 775 776 Architecture: arm or arm64 using: 777 - NEON (Advanced SIMD) extension 778 779config CRYPTO_CHACHA20POLY1305 780 tristate "ChaCha20-Poly1305" 781 select CRYPTO_CHACHA20 782 select CRYPTO_AEAD 783 select CRYPTO_LIB_POLY1305 784 select CRYPTO_MANAGER 785 help 786 ChaCha20 stream cipher and Poly1305 authenticator combined 787 mode (RFC8439) 788 789config CRYPTO_CCM 790 tristate "CCM (Counter with Cipher Block Chaining-MAC)" 791 select CRYPTO_CTR 792 select CRYPTO_HASH 793 select CRYPTO_AEAD 794 select CRYPTO_MANAGER 795 help 796 CCM (Counter with Cipher Block Chaining-Message Authentication Code) 797 authenticated encryption mode (NIST SP800-38C) 798 799config CRYPTO_GCM 800 tristate "GCM (Galois/Counter Mode) and GMAC (GCM MAC)" 801 select CRYPTO_CTR 802 select CRYPTO_AEAD 803 select CRYPTO_GHASH 804 select CRYPTO_MANAGER 805 help 806 GCM (Galois/Counter Mode) authenticated encryption mode and GMAC 807 (GCM Message Authentication Code) (NIST SP800-38D) 808 809 This is required for IPSec ESP (XFRM_ESP). 810 811config CRYPTO_GENIV 812 tristate 813 select CRYPTO_AEAD 814 select CRYPTO_MANAGER 815 select CRYPTO_RNG_DEFAULT 816 817config CRYPTO_SEQIV 818 tristate "Sequence Number IV Generator" 819 select CRYPTO_GENIV 820 help 821 Sequence Number IV generator 822 823 This IV generator generates an IV based on a sequence number by 824 xoring it with a salt. This algorithm is mainly useful for CTR. 825 826 This is required for IPsec ESP (XFRM_ESP). 827 828config CRYPTO_ECHAINIV 829 tristate "Encrypted Chain IV Generator" 830 select CRYPTO_GENIV 831 help 832 Encrypted Chain IV generator 833 834 This IV generator generates an IV based on the encryption of 835 a sequence number xored with a salt. This is the default 836 algorithm for CBC. 837 838config CRYPTO_ESSIV 839 tristate "Encrypted Salt-Sector IV Generator" 840 select CRYPTO_AUTHENC 841 help 842 Encrypted Salt-Sector IV generator 843 844 This IV generator is used in some cases by fscrypt and/or 845 dm-crypt. It uses the hash of the block encryption key as the 846 symmetric key for a block encryption pass applied to the input 847 IV, making low entropy IV sources more suitable for block 848 encryption. 849 850 This driver implements a crypto API template that can be 851 instantiated either as an skcipher or as an AEAD (depending on the 852 type of the first template argument), and which defers encryption 853 and decryption requests to the encapsulated cipher after applying 854 ESSIV to the input IV. Note that in the AEAD case, it is assumed 855 that the keys are presented in the same format used by the authenc 856 template, and that the IV appears at the end of the authenticated 857 associated data (AAD) region (which is how dm-crypt uses it.) 858 859 Note that the use of ESSIV is not recommended for new deployments, 860 and so this only needs to be enabled when interoperability with 861 existing encrypted volumes of filesystems is required, or when 862 building for a particular system that requires it (e.g., when 863 the SoC in question has accelerated CBC but not XTS, making CBC 864 combined with ESSIV the only feasible mode for h/w accelerated 865 block encryption) 866 867endmenu 868 869menu "Hashes, digests, and MACs" 870 871config CRYPTO_BLAKE2B 872 tristate "BLAKE2b" 873 select CRYPTO_HASH 874 help 875 BLAKE2b cryptographic hash function (RFC 7693) 876 877 BLAKE2b is optimized for 64-bit platforms and can produce digests 878 of any size between 1 and 64 bytes. The keyed hash is also implemented. 879 880 This module provides the following algorithms: 881 - blake2b-160 882 - blake2b-256 883 - blake2b-384 884 - blake2b-512 885 886 Used by the btrfs filesystem. 887 888 See https://blake2.net for further information. 889 890config CRYPTO_CMAC 891 tristate "CMAC (Cipher-based MAC)" 892 select CRYPTO_HASH 893 select CRYPTO_MANAGER 894 help 895 CMAC (Cipher-based Message Authentication Code) authentication 896 mode (NIST SP800-38B and IETF RFC4493) 897 898config CRYPTO_GHASH 899 tristate "GHASH" 900 select CRYPTO_HASH 901 select CRYPTO_LIB_GF128MUL 902 help 903 GCM GHASH function (NIST SP800-38D) 904 905config CRYPTO_HMAC 906 tristate "HMAC (Keyed-Hash MAC)" 907 select CRYPTO_HASH 908 select CRYPTO_MANAGER 909 help 910 HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and 911 RFC2104) 912 913 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP). 914 915config CRYPTO_MD4 916 tristate "MD4" 917 select CRYPTO_HASH 918 help 919 MD4 message digest algorithm (RFC1320) 920 921config CRYPTO_MD5 922 tristate "MD5" 923 select CRYPTO_HASH 924 help 925 MD5 message digest algorithm (RFC1321) 926 927config CRYPTO_MICHAEL_MIC 928 tristate "Michael MIC" 929 select CRYPTO_HASH 930 help 931 Michael MIC (Message Integrity Code) (IEEE 802.11i) 932 933 Defined by the IEEE 802.11i TKIP (Temporal Key Integrity Protocol), 934 known as WPA (Wif-Fi Protected Access). 935 936 This algorithm is required for TKIP, but it should not be used for 937 other purposes because of the weakness of the algorithm. 938 939config CRYPTO_POLYVAL 940 tristate 941 select CRYPTO_HASH 942 select CRYPTO_LIB_GF128MUL 943 help 944 POLYVAL hash function for HCTR2 945 946 This is used in HCTR2. It is not a general-purpose 947 cryptographic hash function. 948 949config CRYPTO_RMD160 950 tristate "RIPEMD-160" 951 select CRYPTO_HASH 952 help 953 RIPEMD-160 hash function (ISO/IEC 10118-3) 954 955 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 956 to be used as a secure replacement for the 128-bit hash functions 957 MD4, MD5 and its predecessor RIPEMD 958 (not to be confused with RIPEMD-128). 959 960 Its speed is comparable to SHA-1 and there are no known attacks 961 against RIPEMD-160. 962 963 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 964 See https://homes.esat.kuleuven.be/~bosselae/ripemd160.html 965 for further information. 966 967config CRYPTO_SHA1 968 tristate "SHA-1" 969 select CRYPTO_HASH 970 select CRYPTO_LIB_SHA1 971 help 972 SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3) 973 974config CRYPTO_SHA256 975 tristate "SHA-224 and SHA-256" 976 select CRYPTO_HASH 977 select CRYPTO_LIB_SHA256 978 select CRYPTO_LIB_SHA256_GENERIC 979 help 980 SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 10118-3) 981 982 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP). 983 Used by the btrfs filesystem, Ceph, NFS, and SMB. 984 985config CRYPTO_SHA512 986 tristate "SHA-384 and SHA-512" 987 select CRYPTO_HASH 988 help 989 SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 10118-3) 990 991config CRYPTO_SHA3 992 tristate "SHA-3" 993 select CRYPTO_HASH 994 help 995 SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3) 996 997config CRYPTO_SM3_GENERIC 998 tristate "SM3 (ShangMi 3)" 999 select CRYPTO_HASH 1000 select CRYPTO_LIB_SM3 1001 help 1002 SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3) 1003 1004 This is part of the Chinese Commercial Cryptography suite. 1005 1006 References: 1007 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 1008 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 1009 1010config CRYPTO_STREEBOG 1011 tristate "Streebog" 1012 select CRYPTO_HASH 1013 help 1014 Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3) 1015 1016 This is one of the Russian cryptographic standard algorithms (called 1017 GOST algorithms). This setting enables two hash algorithms with 1018 256 and 512 bits output. 1019 1020 References: 1021 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 1022 https://tools.ietf.org/html/rfc6986 1023 1024config CRYPTO_WP512 1025 tristate "Whirlpool" 1026 select CRYPTO_HASH 1027 help 1028 Whirlpool hash function (ISO/IEC 10118-3) 1029 1030 512, 384 and 256-bit hashes. 1031 1032 Whirlpool-512 is part of the NESSIE cryptographic primitives. 1033 1034 See https://web.archive.org/web/20171129084214/http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html 1035 for further information. 1036 1037config CRYPTO_XCBC 1038 tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)" 1039 select CRYPTO_HASH 1040 select CRYPTO_MANAGER 1041 help 1042 XCBC-MAC (Extended Cipher Block Chaining Message Authentication 1043 Code) (RFC3566) 1044 1045config CRYPTO_XXHASH 1046 tristate "xxHash" 1047 select CRYPTO_HASH 1048 select XXHASH 1049 help 1050 xxHash non-cryptographic hash algorithm 1051 1052 Extremely fast, working at speeds close to RAM limits. 1053 1054 Used by the btrfs filesystem. 1055 1056endmenu 1057 1058menu "CRCs (cyclic redundancy checks)" 1059 1060config CRYPTO_CRC32C 1061 tristate "CRC32c" 1062 select CRYPTO_HASH 1063 select CRC32 1064 help 1065 CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720) 1066 1067 A 32-bit CRC (cyclic redundancy check) with a polynomial defined 1068 by G. Castagnoli, S. Braeuer and M. Herrman in "Optimization of Cyclic 1069 Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions 1070 on Communications, Vol. 41, No. 6, June 1993, selected for use with 1071 iSCSI. 1072 1073 Used by btrfs, ext4, jbd2, NVMeoF/TCP, and iSCSI. 1074 1075config CRYPTO_CRC32 1076 tristate "CRC32" 1077 select CRYPTO_HASH 1078 select CRC32 1079 help 1080 CRC32 CRC algorithm (IEEE 802.3) 1081 1082 Used by RoCEv2 and f2fs. 1083 1084endmenu 1085 1086menu "Compression" 1087 1088config CRYPTO_DEFLATE 1089 tristate "Deflate" 1090 select CRYPTO_ALGAPI 1091 select CRYPTO_ACOMP2 1092 select ZLIB_INFLATE 1093 select ZLIB_DEFLATE 1094 help 1095 Deflate compression algorithm (RFC1951) 1096 1097 Used by IPSec with the IPCOMP protocol (RFC3173, RFC2394) 1098 1099config CRYPTO_LZO 1100 tristate "LZO" 1101 select CRYPTO_ALGAPI 1102 select CRYPTO_ACOMP2 1103 select LZO_COMPRESS 1104 select LZO_DECOMPRESS 1105 help 1106 LZO compression algorithm 1107 1108 See https://www.oberhumer.com/opensource/lzo/ for further information. 1109 1110config CRYPTO_842 1111 tristate "842" 1112 select CRYPTO_ALGAPI 1113 select CRYPTO_ACOMP2 1114 select 842_COMPRESS 1115 select 842_DECOMPRESS 1116 help 1117 842 compression algorithm by IBM 1118 1119 See https://github.com/plauth/lib842 for further information. 1120 1121config CRYPTO_LZ4 1122 tristate "LZ4" 1123 select CRYPTO_ALGAPI 1124 select CRYPTO_ACOMP2 1125 select LZ4_COMPRESS 1126 select LZ4_DECOMPRESS 1127 help 1128 LZ4 compression algorithm 1129 1130 See https://github.com/lz4/lz4 for further information. 1131 1132config CRYPTO_LZ4HC 1133 tristate "LZ4HC" 1134 select CRYPTO_ALGAPI 1135 select CRYPTO_ACOMP2 1136 select LZ4HC_COMPRESS 1137 select LZ4_DECOMPRESS 1138 help 1139 LZ4 high compression mode algorithm 1140 1141 See https://github.com/lz4/lz4 for further information. 1142 1143config CRYPTO_ZSTD 1144 tristate "Zstd" 1145 select CRYPTO_ALGAPI 1146 select CRYPTO_ACOMP2 1147 select ZSTD_COMPRESS 1148 select ZSTD_DECOMPRESS 1149 help 1150 zstd compression algorithm 1151 1152 See https://github.com/facebook/zstd for further information. 1153 1154endmenu 1155 1156menu "Random number generation" 1157 1158config CRYPTO_ANSI_CPRNG 1159 tristate "ANSI PRNG (Pseudo Random Number Generator)" 1160 select CRYPTO_AES 1161 select CRYPTO_RNG 1162 help 1163 Pseudo RNG (random number generator) (ANSI X9.31 Appendix A.2.4) 1164 1165 This uses the AES cipher algorithm. 1166 1167 Note that this option must be enabled if CRYPTO_FIPS is selected 1168 1169menuconfig CRYPTO_DRBG_MENU 1170 tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)" 1171 help 1172 DRBG (Deterministic Random Bit Generator) (NIST SP800-90A) 1173 1174 In the following submenu, one or more of the DRBG types must be selected. 1175 1176if CRYPTO_DRBG_MENU 1177 1178config CRYPTO_DRBG_HMAC 1179 bool 1180 default y 1181 select CRYPTO_HMAC 1182 select CRYPTO_SHA512 1183 1184config CRYPTO_DRBG_HASH 1185 bool "Hash_DRBG" 1186 select CRYPTO_SHA256 1187 help 1188 Hash_DRBG variant as defined in NIST SP800-90A. 1189 1190 This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms. 1191 1192config CRYPTO_DRBG_CTR 1193 bool "CTR_DRBG" 1194 select CRYPTO_AES 1195 select CRYPTO_CTR 1196 help 1197 CTR_DRBG variant as defined in NIST SP800-90A. 1198 1199 This uses the AES cipher algorithm with the counter block mode. 1200 1201config CRYPTO_DRBG 1202 tristate 1203 default CRYPTO_DRBG_MENU 1204 select CRYPTO_RNG 1205 select CRYPTO_JITTERENTROPY 1206 1207endif # if CRYPTO_DRBG_MENU 1208 1209config CRYPTO_JITTERENTROPY 1210 tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)" 1211 select CRYPTO_RNG 1212 select CRYPTO_SHA3 1213 help 1214 CPU Jitter RNG (Random Number Generator) from the Jitterentropy library 1215 1216 A non-physical non-deterministic ("true") RNG (e.g., an entropy source 1217 compliant with NIST SP800-90B) intended to provide a seed to a 1218 deterministic RNG (e.g., per NIST SP800-90C). 1219 This RNG does not perform any cryptographic whitening of the generated 1220 random numbers. 1221 1222 See https://www.chronox.de/jent/ 1223 1224if CRYPTO_JITTERENTROPY 1225if CRYPTO_FIPS && EXPERT 1226 1227choice 1228 prompt "CPU Jitter RNG Memory Size" 1229 default CRYPTO_JITTERENTROPY_MEMSIZE_2 1230 help 1231 The Jitter RNG measures the execution time of memory accesses. 1232 Multiple consecutive memory accesses are performed. If the memory 1233 size fits into a cache (e.g. L1), only the memory access timing 1234 to that cache is measured. The closer the cache is to the CPU 1235 the less variations are measured and thus the less entropy is 1236 obtained. Thus, if the memory size fits into the L1 cache, the 1237 obtained entropy is less than if the memory size fits within 1238 L1 + L2, which in turn is less if the memory fits into 1239 L1 + L2 + L3. Thus, by selecting a different memory size, 1240 the entropy rate produced by the Jitter RNG can be modified. 1241 1242 config CRYPTO_JITTERENTROPY_MEMSIZE_2 1243 bool "2048 Bytes (default)" 1244 1245 config CRYPTO_JITTERENTROPY_MEMSIZE_128 1246 bool "128 kBytes" 1247 1248 config CRYPTO_JITTERENTROPY_MEMSIZE_1024 1249 bool "1024 kBytes" 1250 1251 config CRYPTO_JITTERENTROPY_MEMSIZE_8192 1252 bool "8192 kBytes" 1253endchoice 1254 1255config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS 1256 int 1257 default 64 if CRYPTO_JITTERENTROPY_MEMSIZE_2 1258 default 512 if CRYPTO_JITTERENTROPY_MEMSIZE_128 1259 default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_1024 1260 default 4096 if CRYPTO_JITTERENTROPY_MEMSIZE_8192 1261 1262config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE 1263 int 1264 default 32 if CRYPTO_JITTERENTROPY_MEMSIZE_2 1265 default 256 if CRYPTO_JITTERENTROPY_MEMSIZE_128 1266 default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_1024 1267 default 2048 if CRYPTO_JITTERENTROPY_MEMSIZE_8192 1268 1269config CRYPTO_JITTERENTROPY_OSR 1270 int "CPU Jitter RNG Oversampling Rate" 1271 range 1 15 1272 default 3 1273 help 1274 The Jitter RNG allows the specification of an oversampling rate (OSR). 1275 The Jitter RNG operation requires a fixed amount of timing 1276 measurements to produce one output block of random numbers. The 1277 OSR value is multiplied with the amount of timing measurements to 1278 generate one output block. Thus, the timing measurement is oversampled 1279 by the OSR factor. The oversampling allows the Jitter RNG to operate 1280 on hardware whose timers deliver limited amount of entropy (e.g. 1281 the timer is coarse) by setting the OSR to a higher value. The 1282 trade-off, however, is that the Jitter RNG now requires more time 1283 to generate random numbers. 1284 1285config CRYPTO_JITTERENTROPY_TESTINTERFACE 1286 bool "CPU Jitter RNG Test Interface" 1287 help 1288 The test interface allows a privileged process to capture 1289 the raw unconditioned high resolution time stamp noise that 1290 is collected by the Jitter RNG for statistical analysis. As 1291 this data is used at the same time to generate random bits, 1292 the Jitter RNG operates in an insecure mode as long as the 1293 recording is enabled. This interface therefore is only 1294 intended for testing purposes and is not suitable for 1295 production systems. 1296 1297 The raw noise data can be obtained using the jent_raw_hires 1298 debugfs file. Using the option 1299 jitterentropy_testing.boot_raw_hires_test=1 the raw noise of 1300 the first 1000 entropy events since boot can be sampled. 1301 1302 If unsure, select N. 1303 1304endif # if CRYPTO_FIPS && EXPERT 1305 1306if !(CRYPTO_FIPS && EXPERT) 1307 1308config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS 1309 int 1310 default 64 1311 1312config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE 1313 int 1314 default 32 1315 1316config CRYPTO_JITTERENTROPY_OSR 1317 int 1318 default 1 1319 1320config CRYPTO_JITTERENTROPY_TESTINTERFACE 1321 bool 1322 1323endif # if !(CRYPTO_FIPS && EXPERT) 1324endif # if CRYPTO_JITTERENTROPY 1325 1326config CRYPTO_KDF800108_CTR 1327 tristate 1328 select CRYPTO_HMAC 1329 select CRYPTO_SHA256 1330 1331endmenu 1332menu "Userspace interface" 1333 1334config CRYPTO_USER_API 1335 tristate 1336 1337config CRYPTO_USER_API_HASH 1338 tristate "Hash algorithms" 1339 depends on NET 1340 select CRYPTO_HASH 1341 select CRYPTO_USER_API 1342 help 1343 Enable the userspace interface for hash algorithms. 1344 1345 See Documentation/crypto/userspace-if.rst and 1346 https://www.chronox.de/libkcapi/html/index.html 1347 1348config CRYPTO_USER_API_SKCIPHER 1349 tristate "Symmetric key cipher algorithms" 1350 depends on NET 1351 select CRYPTO_SKCIPHER 1352 select CRYPTO_USER_API 1353 help 1354 Enable the userspace interface for symmetric key cipher algorithms. 1355 1356 See Documentation/crypto/userspace-if.rst and 1357 https://www.chronox.de/libkcapi/html/index.html 1358 1359config CRYPTO_USER_API_RNG 1360 tristate "RNG (random number generator) algorithms" 1361 depends on NET 1362 select CRYPTO_RNG 1363 select CRYPTO_USER_API 1364 help 1365 Enable the userspace interface for RNG (random number generator) 1366 algorithms. 1367 1368 See Documentation/crypto/userspace-if.rst and 1369 https://www.chronox.de/libkcapi/html/index.html 1370 1371config CRYPTO_USER_API_RNG_CAVP 1372 bool "Enable CAVP testing of DRBG" 1373 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG 1374 help 1375 Enable extra APIs in the userspace interface for NIST CAVP 1376 (Cryptographic Algorithm Validation Program) testing: 1377 - resetting DRBG entropy 1378 - providing Additional Data 1379 1380 This should only be enabled for CAVP testing. You should say 1381 no unless you know what this is. 1382 1383config CRYPTO_USER_API_AEAD 1384 tristate "AEAD cipher algorithms" 1385 depends on NET 1386 select CRYPTO_AEAD 1387 select CRYPTO_SKCIPHER 1388 select CRYPTO_USER_API 1389 help 1390 Enable the userspace interface for AEAD cipher algorithms. 1391 1392 See Documentation/crypto/userspace-if.rst and 1393 https://www.chronox.de/libkcapi/html/index.html 1394 1395config CRYPTO_USER_API_ENABLE_OBSOLETE 1396 bool "Obsolete cryptographic algorithms" 1397 depends on CRYPTO_USER_API 1398 default y 1399 help 1400 Allow obsolete cryptographic algorithms to be selected that have 1401 already been phased out from internal use by the kernel, and are 1402 only useful for userspace clients that still rely on them. 1403 1404endmenu 1405 1406config CRYPTO_HASH_INFO 1407 bool 1408 1409if !KMSAN # avoid false positives from assembly 1410if ARM 1411source "arch/arm/crypto/Kconfig" 1412endif 1413if ARM64 1414source "arch/arm64/crypto/Kconfig" 1415endif 1416if LOONGARCH 1417source "arch/loongarch/crypto/Kconfig" 1418endif 1419if MIPS 1420source "arch/mips/crypto/Kconfig" 1421endif 1422if PPC 1423source "arch/powerpc/crypto/Kconfig" 1424endif 1425if RISCV 1426source "arch/riscv/crypto/Kconfig" 1427endif 1428if S390 1429source "arch/s390/crypto/Kconfig" 1430endif 1431if SPARC 1432source "arch/sparc/crypto/Kconfig" 1433endif 1434if X86 1435source "arch/x86/crypto/Kconfig" 1436endif 1437endif 1438 1439source "drivers/crypto/Kconfig" 1440source "crypto/asymmetric_keys/Kconfig" 1441source "certs/Kconfig" 1442source "crypto/krb5/Kconfig" 1443 1444endif # if CRYPTO 1445