tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / crypto / Kconfig
at master 39 kB view raw
1# SPDX-License-Identifier: GPL-2.0 2# 3# Generic algorithms support 4# 5config XOR_BLOCKS 6 tristate 7 8# 9# async_tx api: hardware offloaded memory transfer/transform support 10# 11source "crypto/async_tx/Kconfig" 12 13# 14# Cryptographic API Configuration 15# 16menuconfig CRYPTO 17 tristate "Cryptographic API" 18 select CRYPTO_LIB_UTILS 19 help 20 This option provides the core Cryptographic API. 21 22if CRYPTO 23 24menu "Crypto core or helper" 25 26config CRYPTO_FIPS 27 bool "FIPS 200 compliance" 28 depends on CRYPTO_DRBG && CRYPTO_SELFTESTS 29 depends on (MODULE_SIG || !MODULES) 30 help 31 This option enables the fips boot option which is 32 required if you want the system to operate in a FIPS 200 33 certification. You should say no unless you know what 34 this is. 35 36config CRYPTO_FIPS_NAME 37 string "FIPS Module Name" 38 default "Linux Kernel Cryptographic API" 39 depends on CRYPTO_FIPS 40 help 41 This option sets the FIPS Module name reported by the Crypto API via 42 the /proc/sys/crypto/fips_name file. 43 44config CRYPTO_FIPS_CUSTOM_VERSION 45 bool "Use Custom FIPS Module Version" 46 depends on CRYPTO_FIPS 47 default n 48 49config CRYPTO_FIPS_VERSION 50 string "FIPS Module Version" 51 default "(none)" 52 depends on CRYPTO_FIPS_CUSTOM_VERSION 53 help 54 This option provides the ability to override the FIPS Module Version. 55 By default the KERNELRELEASE value is used. 56 57config CRYPTO_ALGAPI 58 tristate 59 select CRYPTO_ALGAPI2 60 help 61 This option provides the API for cryptographic algorithms. 62 63config CRYPTO_ALGAPI2 64 tristate 65 66config CRYPTO_AEAD 67 tristate 68 select CRYPTO_AEAD2 69 select CRYPTO_ALGAPI 70 71config CRYPTO_AEAD2 72 tristate 73 select CRYPTO_ALGAPI2 74 75config CRYPTO_SIG 76 tristate 77 select CRYPTO_SIG2 78 select CRYPTO_ALGAPI 79 80config CRYPTO_SIG2 81 tristate 82 select CRYPTO_ALGAPI2 83 84config CRYPTO_SKCIPHER 85 tristate 86 select CRYPTO_SKCIPHER2 87 select CRYPTO_ALGAPI 88 select CRYPTO_ECB 89 90config CRYPTO_SKCIPHER2 91 tristate 92 select CRYPTO_ALGAPI2 93 94config CRYPTO_HASH 95 tristate 96 select CRYPTO_HASH2 97 select CRYPTO_ALGAPI 98 99config CRYPTO_HASH2 100 tristate 101 select CRYPTO_ALGAPI2 102 103config CRYPTO_RNG 104 tristate 105 select CRYPTO_RNG2 106 select CRYPTO_ALGAPI 107 108config CRYPTO_RNG2 109 tristate 110 select CRYPTO_ALGAPI2 111 112config CRYPTO_RNG_DEFAULT 113 tristate 114 select CRYPTO_DRBG_MENU 115 116config CRYPTO_AKCIPHER2 117 tristate 118 select CRYPTO_ALGAPI2 119 120config CRYPTO_AKCIPHER 121 tristate 122 select CRYPTO_AKCIPHER2 123 select CRYPTO_ALGAPI 124 125config CRYPTO_KPP2 126 tristate 127 select CRYPTO_ALGAPI2 128 129config CRYPTO_KPP 130 tristate 131 select CRYPTO_ALGAPI 132 select CRYPTO_KPP2 133 134config CRYPTO_ACOMP2 135 tristate 136 select CRYPTO_ALGAPI2 137 select SGL_ALLOC 138 139config CRYPTO_ACOMP 140 tristate 141 select CRYPTO_ALGAPI 142 select CRYPTO_ACOMP2 143 144config CRYPTO_HKDF 145 tristate 146 select CRYPTO_SHA256 if CRYPTO_SELFTESTS 147 select CRYPTO_SHA512 if CRYPTO_SELFTESTS 148 select CRYPTO_HASH2 149 150config CRYPTO_MANAGER 151 tristate 152 default CRYPTO_ALGAPI if CRYPTO_SELFTESTS 153 select CRYPTO_MANAGER2 154 help 155 This provides the support for instantiating templates such as 156 cbc(aes), and the support for the crypto self-tests. 157 158config CRYPTO_MANAGER2 159 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y) 160 select CRYPTO_ACOMP2 161 select CRYPTO_AEAD2 162 select CRYPTO_AKCIPHER2 163 select CRYPTO_SIG2 164 select CRYPTO_HASH2 165 select CRYPTO_KPP2 166 select CRYPTO_RNG2 167 select CRYPTO_SKCIPHER2 168 169config CRYPTO_USER 170 tristate "Userspace cryptographic algorithm configuration" 171 depends on NET 172 select CRYPTO_MANAGER 173 help 174 Userspace configuration for cryptographic instantiations such as 175 cbc(aes). 176 177config CRYPTO_SELFTESTS 178 bool "Enable cryptographic self-tests" 179 depends on EXPERT 180 help 181 Enable the cryptographic self-tests. 182 183 The cryptographic self-tests run at boot time, or at algorithm 184 registration time if algorithms are dynamically loaded later. 185 186 There are two main use cases for these tests: 187 188 - Development and pre-release testing. In this case, also enable 189 CRYPTO_SELFTESTS_FULL to get the full set of tests. All crypto code 190 in the kernel is expected to pass the full set of tests. 191 192 - Production kernels, to help prevent buggy drivers from being used 193 and/or meet FIPS 140-3 pre-operational testing requirements. In 194 this case, enable CRYPTO_SELFTESTS but not CRYPTO_SELFTESTS_FULL. 195 196config CRYPTO_SELFTESTS_FULL 197 bool "Enable the full set of cryptographic self-tests" 198 depends on CRYPTO_SELFTESTS 199 help 200 Enable the full set of cryptographic self-tests for each algorithm. 201 202 The full set of tests should be enabled for development and 203 pre-release testing, but not in production kernels. 204 205 All crypto code in the kernel is expected to pass the full tests. 206 207config CRYPTO_NULL 208 tristate "Null algorithms" 209 select CRYPTO_ALGAPI 210 select CRYPTO_SKCIPHER 211 select CRYPTO_HASH 212 help 213 These are 'Null' algorithms, used by IPsec, which do nothing. 214 215config CRYPTO_PCRYPT 216 tristate "Parallel crypto engine" 217 depends on SMP 218 select PADATA 219 select CRYPTO_MANAGER 220 select CRYPTO_AEAD 221 help 222 This converts an arbitrary crypto algorithm into a parallel 223 algorithm that executes in kernel threads. 224 225config CRYPTO_CRYPTD 226 tristate "Software async crypto daemon" 227 select CRYPTO_SKCIPHER 228 select CRYPTO_HASH 229 select CRYPTO_MANAGER 230 help 231 This is a generic software asynchronous crypto daemon that 232 converts an arbitrary synchronous software crypto algorithm 233 into an asynchronous algorithm that executes in a kernel thread. 234 235config CRYPTO_AUTHENC 236 tristate "Authenc support" 237 select CRYPTO_AEAD 238 select CRYPTO_SKCIPHER 239 select CRYPTO_MANAGER 240 select CRYPTO_HASH 241 help 242 Authenc: Combined mode wrapper for IPsec. 243 244 This is required for IPSec ESP (XFRM_ESP). 245 246config CRYPTO_KRB5ENC 247 tristate "Kerberos 5 combined hash+cipher support" 248 select CRYPTO_AEAD 249 select CRYPTO_SKCIPHER 250 select CRYPTO_MANAGER 251 select CRYPTO_HASH 252 help 253 Combined hash and cipher support for Kerberos 5 RFC3961 simplified 254 profile. This is required for Kerberos 5-style encryption, used by 255 sunrpc/NFS and rxrpc/AFS. 256 257config CRYPTO_BENCHMARK 258 tristate "Crypto benchmarking module" 259 depends on m || EXPERT 260 select CRYPTO_MANAGER 261 help 262 Quick & dirty crypto benchmarking module. 263 264 This is mainly intended for use by people developing cryptographic 265 algorithms in the kernel. It should not be enabled in production 266 kernels. 267 268config CRYPTO_SIMD 269 tristate 270 select CRYPTO_CRYPTD 271 272config CRYPTO_ENGINE 273 tristate 274 275endmenu 276 277menu "Public-key cryptography" 278 279config CRYPTO_RSA 280 tristate "RSA (Rivest-Shamir-Adleman)" 281 select CRYPTO_AKCIPHER 282 select CRYPTO_MANAGER 283 select CRYPTO_SIG 284 select MPILIB 285 select ASN1 286 help 287 RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017) 288 289config CRYPTO_DH 290 tristate "DH (Diffie-Hellman)" 291 select CRYPTO_KPP 292 select MPILIB 293 help 294 DH (Diffie-Hellman) key exchange algorithm 295 296config CRYPTO_DH_RFC7919_GROUPS 297 bool "RFC 7919 FFDHE groups" 298 depends on CRYPTO_DH 299 select CRYPTO_RNG_DEFAULT 300 help 301 FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups 302 defined in RFC7919. 303 304 Support these finite-field groups in DH key exchanges: 305 - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 306 307 If unsure, say N. 308 309config CRYPTO_ECC 310 tristate 311 select CRYPTO_RNG_DEFAULT 312 313config CRYPTO_ECDH 314 tristate "ECDH (Elliptic Curve Diffie-Hellman)" 315 select CRYPTO_ECC 316 select CRYPTO_KPP 317 help 318 ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm 319 using curves P-192, P-256, and P-384 (FIPS 186) 320 321config CRYPTO_ECDSA 322 tristate "ECDSA (Elliptic Curve Digital Signature Algorithm)" 323 select CRYPTO_ECC 324 select CRYPTO_SIG 325 select ASN1 326 help 327 ECDSA (Elliptic Curve Digital Signature Algorithm) (FIPS 186, 328 ISO/IEC 14888-3) 329 using curves P-192, P-256, P-384 and P-521 330 331 Only signature verification is implemented. 332 333config CRYPTO_ECRDSA 334 tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)" 335 select CRYPTO_ECC 336 select CRYPTO_SIG 337 select CRYPTO_STREEBOG 338 select OID_REGISTRY 339 select ASN1 340 help 341 Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012, 342 RFC 7091, ISO/IEC 14888-3) 343 344 One of the Russian cryptographic standard algorithms (called GOST 345 algorithms). Only signature verification is implemented. 346 347endmenu 348 349menu "Block ciphers" 350 351config CRYPTO_AES 352 tristate "AES (Advanced Encryption Standard)" 353 select CRYPTO_ALGAPI 354 select CRYPTO_LIB_AES 355 help 356 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3) 357 358 Rijndael appears to be consistently a very good performer in 359 both hardware and software across a wide range of computing 360 environments regardless of its use in feedback or non-feedback 361 modes. Its key setup time is excellent, and its key agility is 362 good. Rijndael's very low memory requirements make it very well 363 suited for restricted-space environments, in which it also 364 demonstrates excellent performance. Rijndael's operations are 365 among the easiest to defend against power and timing attacks. 366 367 The AES specifies three key sizes: 128, 192 and 256 bits 368 369config CRYPTO_AES_TI 370 tristate "AES (Advanced Encryption Standard) (fixed time)" 371 select CRYPTO_ALGAPI 372 select CRYPTO_LIB_AES 373 help 374 AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3) 375 376 This is a generic implementation of AES that attempts to eliminate 377 data dependent latencies as much as possible without affecting 378 performance too much. It is intended for use by the generic CCM 379 and GCM drivers, and other CTR or CMAC/XCBC based modes that rely 380 solely on encryption (although decryption is supported as well, but 381 with a more dramatic performance hit) 382 383 Instead of using 16 lookup tables of 1 KB each, (8 for encryption and 384 8 for decryption), this implementation only uses just two S-boxes of 385 256 bytes each, and attempts to eliminate data dependent latencies by 386 prefetching the entire table into the cache at the start of each 387 block. Interrupts are also disabled to avoid races where cachelines 388 are evicted when the CPU is interrupted to do something else. 389 390config CRYPTO_ANUBIS 391 tristate "Anubis" 392 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 393 select CRYPTO_ALGAPI 394 help 395 Anubis cipher algorithm 396 397 Anubis is a variable key length cipher which can use keys from 398 128 bits to 320 bits in length. It was evaluated as a entrant 399 in the NESSIE competition. 400 401 See https://web.archive.org/web/20160606112246/http://www.larc.usp.br/~pbarreto/AnubisPage.html 402 for further information. 403 404config CRYPTO_ARIA 405 tristate "ARIA" 406 select CRYPTO_ALGAPI 407 help 408 ARIA cipher algorithm (RFC5794) 409 410 ARIA is a standard encryption algorithm of the Republic of Korea. 411 The ARIA specifies three key sizes and rounds. 412 128-bit: 12 rounds. 413 192-bit: 14 rounds. 414 256-bit: 16 rounds. 415 416 See: 417 https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do 418 419config CRYPTO_BLOWFISH 420 tristate "Blowfish" 421 select CRYPTO_ALGAPI 422 select CRYPTO_BLOWFISH_COMMON 423 help 424 Blowfish cipher algorithm, by Bruce Schneier 425 426 This is a variable key length cipher which can use keys from 32 427 bits to 448 bits in length. It's fast, simple and specifically 428 designed for use on "large microprocessors". 429 430 See https://www.schneier.com/blowfish.html for further information. 431 432config CRYPTO_BLOWFISH_COMMON 433 tristate 434 help 435 Common parts of the Blowfish cipher algorithm shared by the 436 generic c and the assembler implementations. 437 438config CRYPTO_CAMELLIA 439 tristate "Camellia" 440 select CRYPTO_ALGAPI 441 help 442 Camellia cipher algorithms (ISO/IEC 18033-3) 443 444 Camellia is a symmetric key block cipher developed jointly 445 at NTT and Mitsubishi Electric Corporation. 446 447 The Camellia specifies three key sizes: 128, 192 and 256 bits. 448 449 See https://info.isl.ntt.co.jp/crypt/eng/camellia/ for further information. 450 451config CRYPTO_CAST_COMMON 452 tristate 453 help 454 Common parts of the CAST cipher algorithms shared by the 455 generic c and the assembler implementations. 456 457config CRYPTO_CAST5 458 tristate "CAST5 (CAST-128)" 459 select CRYPTO_ALGAPI 460 select CRYPTO_CAST_COMMON 461 help 462 CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3) 463 464config CRYPTO_CAST6 465 tristate "CAST6 (CAST-256)" 466 select CRYPTO_ALGAPI 467 select CRYPTO_CAST_COMMON 468 help 469 CAST6 (CAST-256) encryption algorithm (RFC2612) 470 471config CRYPTO_DES 472 tristate "DES and Triple DES EDE" 473 select CRYPTO_ALGAPI 474 select CRYPTO_LIB_DES 475 help 476 DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and 477 Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3) 478 cipher algorithms 479 480config CRYPTO_FCRYPT 481 tristate "FCrypt" 482 select CRYPTO_ALGAPI 483 select CRYPTO_SKCIPHER 484 help 485 FCrypt algorithm used by RxRPC 486 487 See https://ota.polyonymo.us/fcrypt-paper.txt 488 489config CRYPTO_KHAZAD 490 tristate "Khazad" 491 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 492 select CRYPTO_ALGAPI 493 help 494 Khazad cipher algorithm 495 496 Khazad was a finalist in the initial NESSIE competition. It is 497 an algorithm optimized for 64-bit processors with good performance 498 on 32-bit processors. Khazad uses an 128 bit key size. 499 500 See https://web.archive.org/web/20171011071731/http://www.larc.usp.br/~pbarreto/KhazadPage.html 501 for further information. 502 503config CRYPTO_SEED 504 tristate "SEED" 505 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 506 select CRYPTO_ALGAPI 507 help 508 SEED cipher algorithm (RFC4269, ISO/IEC 18033-3) 509 510 SEED is a 128-bit symmetric key block cipher that has been 511 developed by KISA (Korea Information Security Agency) as a 512 national standard encryption algorithm of the Republic of Korea. 513 It is a 16 round block cipher with the key size of 128 bit. 514 515 See https://seed.kisa.or.kr/kisa/algorithm/EgovSeedInfo.do 516 for further information. 517 518config CRYPTO_SERPENT 519 tristate "Serpent" 520 select CRYPTO_ALGAPI 521 help 522 Serpent cipher algorithm, by Anderson, Biham & Knudsen 523 524 Keys are allowed to be from 0 to 256 bits in length, in steps 525 of 8 bits. 526 527 See https://www.cl.cam.ac.uk/~rja14/serpent.html for further information. 528 529config CRYPTO_SM4 530 tristate 531 532config CRYPTO_SM4_GENERIC 533 tristate "SM4 (ShangMi 4)" 534 select CRYPTO_ALGAPI 535 select CRYPTO_SM4 536 help 537 SM4 cipher algorithms (OSCCA GB/T 32907-2016, 538 ISO/IEC 18033-3:2010/Amd 1:2021) 539 540 SM4 (GBT.32907-2016) is a cryptographic standard issued by the 541 Organization of State Commercial Administration of China (OSCCA) 542 as an authorized cryptographic algorithms for the use within China. 543 544 SMS4 was originally created for use in protecting wireless 545 networks, and is mandated in the Chinese National Standard for 546 Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) 547 (GB.15629.11-2003). 548 549 The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and 550 standardized through TC 260 of the Standardization Administration 551 of the People's Republic of China (SAC). 552 553 The input, output, and key of SMS4 are each 128 bits. 554 555 See https://eprint.iacr.org/2008/329.pdf for further information. 556 557 If unsure, say N. 558 559config CRYPTO_TEA 560 tristate "TEA, XTEA and XETA" 561 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 562 select CRYPTO_ALGAPI 563 help 564 TEA (Tiny Encryption Algorithm) cipher algorithms 565 566 Tiny Encryption Algorithm is a simple cipher that uses 567 many rounds for security. It is very fast and uses 568 little memory. 569 570 Xtendend Tiny Encryption Algorithm is a modification to 571 the TEA algorithm to address a potential key weakness 572 in the TEA algorithm. 573 574 Xtendend Encryption Tiny Algorithm is a mis-implementation 575 of the XTEA algorithm for compatibility purposes. 576 577config CRYPTO_TWOFISH 578 tristate "Twofish" 579 select CRYPTO_ALGAPI 580 select CRYPTO_TWOFISH_COMMON 581 help 582 Twofish cipher algorithm 583 584 Twofish was submitted as an AES (Advanced Encryption Standard) 585 candidate cipher by researchers at CounterPane Systems. It is a 586 16 round block cipher supporting key sizes of 128, 192, and 256 587 bits. 588 589 See https://www.schneier.com/twofish.html for further information. 590 591config CRYPTO_TWOFISH_COMMON 592 tristate 593 help 594 Common parts of the Twofish cipher algorithm shared by the 595 generic c and the assembler implementations. 596 597endmenu 598 599menu "Length-preserving ciphers and modes" 600 601config CRYPTO_ADIANTUM 602 tristate "Adiantum" 603 select CRYPTO_CHACHA20 604 select CRYPTO_LIB_POLY1305 605 select CRYPTO_LIB_POLY1305_GENERIC 606 select CRYPTO_NHPOLY1305 607 select CRYPTO_MANAGER 608 help 609 Adiantum tweakable, length-preserving encryption mode 610 611 Designed for fast and secure disk encryption, especially on 612 CPUs without dedicated crypto instructions. It encrypts 613 each sector using the XChaCha12 stream cipher, two passes of 614 an ε-almost-∆-universal hash function, and an invocation of 615 the AES-256 block cipher on a single 16-byte block. On CPUs 616 without AES instructions, Adiantum is much faster than 617 AES-XTS. 618 619 Adiantum's security is provably reducible to that of its 620 underlying stream and block ciphers, subject to a security 621 bound. Unlike XTS, Adiantum is a true wide-block encryption 622 mode, so it actually provides an even stronger notion of 623 security than XTS, subject to the security bound. 624 625 If unsure, say N. 626 627config CRYPTO_ARC4 628 tristate "ARC4 (Alleged Rivest Cipher 4)" 629 depends on CRYPTO_USER_API_ENABLE_OBSOLETE 630 select CRYPTO_SKCIPHER 631 select CRYPTO_LIB_ARC4 632 help 633 ARC4 cipher algorithm 634 635 ARC4 is a stream cipher using keys ranging from 8 bits to 2048 636 bits in length. This algorithm is required for driver-based 637 WEP, but it should not be for other purposes because of the 638 weakness of the algorithm. 639 640config CRYPTO_CHACHA20 641 tristate "ChaCha" 642 select CRYPTO_LIB_CHACHA 643 select CRYPTO_SKCIPHER 644 help 645 The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms 646 647 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. 648 Bernstein and further specified in RFC7539 for use in IETF protocols. 649 This is the portable C implementation of ChaCha20. See 650 https://cr.yp.to/chacha/chacha-20080128.pdf for further information. 651 652 XChaCha20 is the application of the XSalsa20 construction to ChaCha20 653 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length 654 from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits, 655 while provably retaining ChaCha20's security. See 656 https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information. 657 658 XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly 659 reduced security margin but increased performance. It can be needed 660 in some performance-sensitive scenarios. 661 662config CRYPTO_CBC 663 tristate "CBC (Cipher Block Chaining)" 664 select CRYPTO_SKCIPHER 665 select CRYPTO_MANAGER 666 help 667 CBC (Cipher Block Chaining) mode (NIST SP800-38A) 668 669 This block cipher mode is required for IPSec ESP (XFRM_ESP). 670 671config CRYPTO_CTR 672 tristate "CTR (Counter)" 673 select CRYPTO_SKCIPHER 674 select CRYPTO_MANAGER 675 help 676 CTR (Counter) mode (NIST SP800-38A) 677 678config CRYPTO_CTS 679 tristate "CTS (Cipher Text Stealing)" 680 select CRYPTO_SKCIPHER 681 select CRYPTO_MANAGER 682 help 683 CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST 684 Addendum to SP800-38A (October 2010)) 685 686 This mode is required for Kerberos gss mechanism support 687 for AES encryption. 688 689config CRYPTO_ECB 690 tristate "ECB (Electronic Codebook)" 691 select CRYPTO_SKCIPHER2 692 select CRYPTO_MANAGER 693 help 694 ECB (Electronic Codebook) mode (NIST SP800-38A) 695 696config CRYPTO_HCTR2 697 tristate "HCTR2" 698 select CRYPTO_XCTR 699 select CRYPTO_LIB_POLYVAL 700 select CRYPTO_MANAGER 701 help 702 HCTR2 length-preserving encryption mode 703 704 A mode for storage encryption that is efficient on processors with 705 instructions to accelerate AES and carryless multiplication, e.g. 706 x86 processors with AES-NI and CLMUL, and ARM processors with the 707 ARMv8 crypto extensions. 708 709 See https://eprint.iacr.org/2021/1441 710 711config CRYPTO_LRW 712 tristate "LRW (Liskov Rivest Wagner)" 713 select CRYPTO_LIB_GF128MUL 714 select CRYPTO_SKCIPHER 715 select CRYPTO_MANAGER 716 select CRYPTO_ECB 717 help 718 LRW (Liskov Rivest Wagner) mode 719 720 A tweakable, non malleable, non movable 721 narrow block cipher mode for dm-crypt. Use it with cipher 722 specification string aes-lrw-benbi, the key must be 256, 320 or 384. 723 The first 128, 192 or 256 bits in the key are used for AES and the 724 rest is used to tie each cipher block to its logical position. 725 726 See https://people.csail.mit.edu/rivest/pubs/LRW02.pdf 727 728config CRYPTO_PCBC 729 tristate "PCBC (Propagating Cipher Block Chaining)" 730 select CRYPTO_SKCIPHER 731 select CRYPTO_MANAGER 732 help 733 PCBC (Propagating Cipher Block Chaining) mode 734 735 This block cipher mode is required for RxRPC. 736 737config CRYPTO_XCTR 738 tristate 739 select CRYPTO_SKCIPHER 740 select CRYPTO_MANAGER 741 help 742 XCTR (XOR Counter) mode for HCTR2 743 744 This blockcipher mode is a variant of CTR mode using XORs and little-endian 745 addition rather than big-endian arithmetic. 746 747 XCTR mode is used to implement HCTR2. 748 749config CRYPTO_XTS 750 tristate "XTS (XOR Encrypt XOR with ciphertext stealing)" 751 select CRYPTO_SKCIPHER 752 select CRYPTO_MANAGER 753 select CRYPTO_ECB 754 help 755 XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E 756 and IEEE 1619) 757 758 Use with aes-xts-plain, key size 256, 384 or 512 bits. This 759 implementation currently can't handle a sectorsize which is not a 760 multiple of 16 bytes. 761 762config CRYPTO_NHPOLY1305 763 tristate 764 select CRYPTO_HASH 765 select CRYPTO_LIB_POLY1305 766 select CRYPTO_LIB_POLY1305_GENERIC 767 768endmenu 769 770menu "AEAD (authenticated encryption with associated data) ciphers" 771 772config CRYPTO_AEGIS128 773 tristate "AEGIS-128" 774 select CRYPTO_AEAD 775 select CRYPTO_AES # for AES S-box tables 776 help 777 AEGIS-128 AEAD algorithm 778 779config CRYPTO_AEGIS128_SIMD 780 bool "AEGIS-128 (arm NEON, arm64 NEON)" 781 depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON) 782 default y 783 help 784 AEGIS-128 AEAD algorithm 785 786 Architecture: arm or arm64 using: 787 - NEON (Advanced SIMD) extension 788 789config CRYPTO_CHACHA20POLY1305 790 tristate "ChaCha20-Poly1305" 791 select CRYPTO_CHACHA20 792 select CRYPTO_AEAD 793 select CRYPTO_LIB_POLY1305 794 select CRYPTO_MANAGER 795 help 796 ChaCha20 stream cipher and Poly1305 authenticator combined 797 mode (RFC8439) 798 799config CRYPTO_CCM 800 tristate "CCM (Counter with Cipher Block Chaining-MAC)" 801 select CRYPTO_CTR 802 select CRYPTO_HASH 803 select CRYPTO_AEAD 804 select CRYPTO_MANAGER 805 help 806 CCM (Counter with Cipher Block Chaining-Message Authentication Code) 807 authenticated encryption mode (NIST SP800-38C) 808 809config CRYPTO_GCM 810 tristate "GCM (Galois/Counter Mode) and GMAC (GCM MAC)" 811 select CRYPTO_CTR 812 select CRYPTO_AEAD 813 select CRYPTO_GHASH 814 select CRYPTO_MANAGER 815 help 816 GCM (Galois/Counter Mode) authenticated encryption mode and GMAC 817 (GCM Message Authentication Code) (NIST SP800-38D) 818 819 This is required for IPSec ESP (XFRM_ESP). 820 821config CRYPTO_GENIV 822 tristate 823 select CRYPTO_AEAD 824 select CRYPTO_MANAGER 825 select CRYPTO_RNG_DEFAULT 826 827config CRYPTO_SEQIV 828 tristate "Sequence Number IV Generator" 829 select CRYPTO_GENIV 830 help 831 Sequence Number IV generator 832 833 This IV generator generates an IV based on a sequence number by 834 xoring it with a salt. This algorithm is mainly useful for CTR. 835 836 This is required for IPsec ESP (XFRM_ESP). 837 838config CRYPTO_ECHAINIV 839 tristate "Encrypted Chain IV Generator" 840 select CRYPTO_GENIV 841 help 842 Encrypted Chain IV generator 843 844 This IV generator generates an IV based on the encryption of 845 a sequence number xored with a salt. This is the default 846 algorithm for CBC. 847 848config CRYPTO_ESSIV 849 tristate "Encrypted Salt-Sector IV Generator" 850 select CRYPTO_AUTHENC 851 help 852 Encrypted Salt-Sector IV generator 853 854 This IV generator is used in some cases by fscrypt and/or 855 dm-crypt. It uses the hash of the block encryption key as the 856 symmetric key for a block encryption pass applied to the input 857 IV, making low entropy IV sources more suitable for block 858 encryption. 859 860 This driver implements a crypto API template that can be 861 instantiated either as an skcipher or as an AEAD (depending on the 862 type of the first template argument), and which defers encryption 863 and decryption requests to the encapsulated cipher after applying 864 ESSIV to the input IV. Note that in the AEAD case, it is assumed 865 that the keys are presented in the same format used by the authenc 866 template, and that the IV appears at the end of the authenticated 867 associated data (AAD) region (which is how dm-crypt uses it.) 868 869 Note that the use of ESSIV is not recommended for new deployments, 870 and so this only needs to be enabled when interoperability with 871 existing encrypted volumes of filesystems is required, or when 872 building for a particular system that requires it (e.g., when 873 the SoC in question has accelerated CBC but not XTS, making CBC 874 combined with ESSIV the only feasible mode for h/w accelerated 875 block encryption) 876 877endmenu 878 879menu "Hashes, digests, and MACs" 880 881config CRYPTO_BLAKE2B 882 tristate "BLAKE2b" 883 select CRYPTO_HASH 884 select CRYPTO_LIB_BLAKE2B 885 help 886 BLAKE2b cryptographic hash function (RFC 7693) 887 888 BLAKE2b is optimized for 64-bit platforms and can produce digests 889 of any size between 1 and 64 bytes. The keyed hash is also implemented. 890 891 This module provides the following algorithms: 892 - blake2b-160 893 - blake2b-256 894 - blake2b-384 895 - blake2b-512 896 897 Used by the btrfs filesystem. 898 899 See https://blake2.net for further information. 900 901config CRYPTO_CMAC 902 tristate "CMAC (Cipher-based MAC)" 903 select CRYPTO_HASH 904 select CRYPTO_MANAGER 905 help 906 CMAC (Cipher-based Message Authentication Code) authentication 907 mode (NIST SP800-38B and IETF RFC4493) 908 909config CRYPTO_GHASH 910 tristate "GHASH" 911 select CRYPTO_HASH 912 select CRYPTO_LIB_GF128MUL 913 help 914 GCM GHASH function (NIST SP800-38D) 915 916config CRYPTO_HMAC 917 tristate "HMAC (Keyed-Hash MAC)" 918 select CRYPTO_HASH 919 select CRYPTO_MANAGER 920 help 921 HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and 922 RFC2104) 923 924 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP). 925 926config CRYPTO_MD4 927 tristate "MD4" 928 select CRYPTO_HASH 929 help 930 MD4 message digest algorithm (RFC1320) 931 932config CRYPTO_MD5 933 tristate "MD5" 934 select CRYPTO_HASH 935 select CRYPTO_LIB_MD5 936 help 937 MD5 message digest algorithm (RFC1321), including HMAC support. 938 939config CRYPTO_MICHAEL_MIC 940 tristate "Michael MIC" 941 select CRYPTO_HASH 942 help 943 Michael MIC (Message Integrity Code) (IEEE 802.11i) 944 945 Defined by the IEEE 802.11i TKIP (Temporal Key Integrity Protocol), 946 known as WPA (Wif-Fi Protected Access). 947 948 This algorithm is required for TKIP, but it should not be used for 949 other purposes because of the weakness of the algorithm. 950 951config CRYPTO_RMD160 952 tristate "RIPEMD-160" 953 select CRYPTO_HASH 954 help 955 RIPEMD-160 hash function (ISO/IEC 10118-3) 956 957 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended 958 to be used as a secure replacement for the 128-bit hash functions 959 MD4, MD5 and its predecessor RIPEMD 960 (not to be confused with RIPEMD-128). 961 962 Its speed is comparable to SHA-1 and there are no known attacks 963 against RIPEMD-160. 964 965 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 966 See https://homes.esat.kuleuven.be/~bosselae/ripemd160.html 967 for further information. 968 969config CRYPTO_SHA1 970 tristate "SHA-1" 971 select CRYPTO_HASH 972 select CRYPTO_LIB_SHA1 973 help 974 SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3), including 975 HMAC support. 976 977config CRYPTO_SHA256 978 tristate "SHA-224 and SHA-256" 979 select CRYPTO_HASH 980 select CRYPTO_LIB_SHA256 981 help 982 SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC 983 10118-3), including HMAC support. 984 985 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP). 986 Used by the btrfs filesystem, Ceph, NFS, and SMB. 987 988config CRYPTO_SHA512 989 tristate "SHA-384 and SHA-512" 990 select CRYPTO_HASH 991 select CRYPTO_LIB_SHA512 992 help 993 SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC 994 10118-3), including HMAC support. 995 996config CRYPTO_SHA3 997 tristate "SHA-3" 998 select CRYPTO_HASH 999 select CRYPTO_LIB_SHA3 1000 help 1001 SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3) 1002 1003config CRYPTO_SM3_GENERIC 1004 tristate "SM3 (ShangMi 3)" 1005 select CRYPTO_HASH 1006 select CRYPTO_LIB_SM3 1007 help 1008 SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3) 1009 1010 This is part of the Chinese Commercial Cryptography suite. 1011 1012 References: 1013 http://www.oscca.gov.cn/UpFile/20101222141857786.pdf 1014 https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash 1015 1016config CRYPTO_STREEBOG 1017 tristate "Streebog" 1018 select CRYPTO_HASH 1019 help 1020 Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3) 1021 1022 This is one of the Russian cryptographic standard algorithms (called 1023 GOST algorithms). This setting enables two hash algorithms with 1024 256 and 512 bits output. 1025 1026 References: 1027 https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf 1028 https://tools.ietf.org/html/rfc6986 1029 1030config CRYPTO_WP512 1031 tristate "Whirlpool" 1032 select CRYPTO_HASH 1033 help 1034 Whirlpool hash function (ISO/IEC 10118-3) 1035 1036 512, 384 and 256-bit hashes. 1037 1038 Whirlpool-512 is part of the NESSIE cryptographic primitives. 1039 1040 See https://web.archive.org/web/20171129084214/http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html 1041 for further information. 1042 1043config CRYPTO_XCBC 1044 tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)" 1045 select CRYPTO_HASH 1046 select CRYPTO_MANAGER 1047 help 1048 XCBC-MAC (Extended Cipher Block Chaining Message Authentication 1049 Code) (RFC3566) 1050 1051config CRYPTO_XXHASH 1052 tristate "xxHash" 1053 select CRYPTO_HASH 1054 select XXHASH 1055 help 1056 xxHash non-cryptographic hash algorithm 1057 1058 Extremely fast, working at speeds close to RAM limits. 1059 1060 Used by the btrfs filesystem. 1061 1062endmenu 1063 1064menu "CRCs (cyclic redundancy checks)" 1065 1066config CRYPTO_CRC32C 1067 tristate "CRC32c" 1068 select CRYPTO_HASH 1069 select CRC32 1070 help 1071 CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720) 1072 1073 A 32-bit CRC (cyclic redundancy check) with a polynomial defined 1074 by G. Castagnoli, S. Braeuer and M. Herrman in "Optimization of Cyclic 1075 Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions 1076 on Communications, Vol. 41, No. 6, June 1993, selected for use with 1077 iSCSI. 1078 1079 Used by btrfs, ext4, jbd2, NVMeoF/TCP, and iSCSI. 1080 1081config CRYPTO_CRC32 1082 tristate "CRC32" 1083 select CRYPTO_HASH 1084 select CRC32 1085 help 1086 CRC32 CRC algorithm (IEEE 802.3) 1087 1088 Used by RoCEv2 and f2fs. 1089 1090endmenu 1091 1092menu "Compression" 1093 1094config CRYPTO_DEFLATE 1095 tristate "Deflate" 1096 select CRYPTO_ALGAPI 1097 select CRYPTO_ACOMP2 1098 select ZLIB_INFLATE 1099 select ZLIB_DEFLATE 1100 help 1101 Deflate compression algorithm (RFC1951) 1102 1103 Used by IPSec with the IPCOMP protocol (RFC3173, RFC2394) 1104 1105config CRYPTO_LZO 1106 tristate "LZO" 1107 select CRYPTO_ALGAPI 1108 select CRYPTO_ACOMP2 1109 select LZO_COMPRESS 1110 select LZO_DECOMPRESS 1111 help 1112 LZO compression algorithm 1113 1114 See https://www.oberhumer.com/opensource/lzo/ for further information. 1115 1116config CRYPTO_842 1117 tristate "842" 1118 select CRYPTO_ALGAPI 1119 select CRYPTO_ACOMP2 1120 select 842_COMPRESS 1121 select 842_DECOMPRESS 1122 help 1123 842 compression algorithm by IBM 1124 1125 See https://github.com/plauth/lib842 for further information. 1126 1127config CRYPTO_LZ4 1128 tristate "LZ4" 1129 select CRYPTO_ALGAPI 1130 select CRYPTO_ACOMP2 1131 select LZ4_COMPRESS 1132 select LZ4_DECOMPRESS 1133 help 1134 LZ4 compression algorithm 1135 1136 See https://github.com/lz4/lz4 for further information. 1137 1138config CRYPTO_LZ4HC 1139 tristate "LZ4HC" 1140 select CRYPTO_ALGAPI 1141 select CRYPTO_ACOMP2 1142 select LZ4HC_COMPRESS 1143 select LZ4_DECOMPRESS 1144 help 1145 LZ4 high compression mode algorithm 1146 1147 See https://github.com/lz4/lz4 for further information. 1148 1149config CRYPTO_ZSTD 1150 tristate "Zstd" 1151 select CRYPTO_ALGAPI 1152 select CRYPTO_ACOMP2 1153 select ZSTD_COMPRESS 1154 select ZSTD_DECOMPRESS 1155 help 1156 zstd compression algorithm 1157 1158 See https://github.com/facebook/zstd for further information. 1159 1160endmenu 1161 1162menu "Random number generation" 1163 1164menuconfig CRYPTO_DRBG_MENU 1165 tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)" 1166 help 1167 DRBG (Deterministic Random Bit Generator) (NIST SP800-90A) 1168 1169 In the following submenu, one or more of the DRBG types must be selected. 1170 1171if CRYPTO_DRBG_MENU 1172 1173config CRYPTO_DRBG_HMAC 1174 bool 1175 default y 1176 select CRYPTO_HMAC 1177 select CRYPTO_SHA512 1178 1179config CRYPTO_DRBG_HASH 1180 bool "Hash_DRBG" 1181 select CRYPTO_SHA256 1182 help 1183 Hash_DRBG variant as defined in NIST SP800-90A. 1184 1185 This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms. 1186 1187config CRYPTO_DRBG_CTR 1188 bool "CTR_DRBG" 1189 select CRYPTO_DF80090A 1190 help 1191 CTR_DRBG variant as defined in NIST SP800-90A. 1192 1193 This uses the AES cipher algorithm with the counter block mode. 1194 1195config CRYPTO_DRBG 1196 tristate 1197 default CRYPTO_DRBG_MENU 1198 select CRYPTO_RNG 1199 select CRYPTO_JITTERENTROPY 1200 1201endif # if CRYPTO_DRBG_MENU 1202 1203config CRYPTO_JITTERENTROPY 1204 tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)" 1205 select CRYPTO_RNG 1206 select CRYPTO_SHA3 1207 help 1208 CPU Jitter RNG (Random Number Generator) from the Jitterentropy library 1209 1210 A non-physical non-deterministic ("true") RNG (e.g., an entropy source 1211 compliant with NIST SP800-90B) intended to provide a seed to a 1212 deterministic RNG (e.g., per NIST SP800-90C). 1213 This RNG does not perform any cryptographic whitening of the generated 1214 random numbers. 1215 1216 See https://www.chronox.de/jent/ 1217 1218if CRYPTO_JITTERENTROPY 1219if CRYPTO_FIPS && EXPERT 1220 1221choice 1222 prompt "CPU Jitter RNG Memory Size" 1223 default CRYPTO_JITTERENTROPY_MEMSIZE_2 1224 help 1225 The Jitter RNG measures the execution time of memory accesses. 1226 Multiple consecutive memory accesses are performed. If the memory 1227 size fits into a cache (e.g. L1), only the memory access timing 1228 to that cache is measured. The closer the cache is to the CPU 1229 the less variations are measured and thus the less entropy is 1230 obtained. Thus, if the memory size fits into the L1 cache, the 1231 obtained entropy is less than if the memory size fits within 1232 L1 + L2, which in turn is less if the memory fits into 1233 L1 + L2 + L3. Thus, by selecting a different memory size, 1234 the entropy rate produced by the Jitter RNG can be modified. 1235 1236 config CRYPTO_JITTERENTROPY_MEMSIZE_2 1237 bool "2048 Bytes (default)" 1238 1239 config CRYPTO_JITTERENTROPY_MEMSIZE_128 1240 bool "128 kBytes" 1241 1242 config CRYPTO_JITTERENTROPY_MEMSIZE_1024 1243 bool "1024 kBytes" 1244 1245 config CRYPTO_JITTERENTROPY_MEMSIZE_8192 1246 bool "8192 kBytes" 1247endchoice 1248 1249config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS 1250 int 1251 default 64 if CRYPTO_JITTERENTROPY_MEMSIZE_2 1252 default 512 if CRYPTO_JITTERENTROPY_MEMSIZE_128 1253 default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_1024 1254 default 4096 if CRYPTO_JITTERENTROPY_MEMSIZE_8192 1255 1256config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE 1257 int 1258 default 32 if CRYPTO_JITTERENTROPY_MEMSIZE_2 1259 default 256 if CRYPTO_JITTERENTROPY_MEMSIZE_128 1260 default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_1024 1261 default 2048 if CRYPTO_JITTERENTROPY_MEMSIZE_8192 1262 1263config CRYPTO_JITTERENTROPY_OSR 1264 int "CPU Jitter RNG Oversampling Rate" 1265 range 1 15 1266 default 3 1267 help 1268 The Jitter RNG allows the specification of an oversampling rate (OSR). 1269 The Jitter RNG operation requires a fixed amount of timing 1270 measurements to produce one output block of random numbers. The 1271 OSR value is multiplied with the amount of timing measurements to 1272 generate one output block. Thus, the timing measurement is oversampled 1273 by the OSR factor. The oversampling allows the Jitter RNG to operate 1274 on hardware whose timers deliver limited amount of entropy (e.g. 1275 the timer is coarse) by setting the OSR to a higher value. The 1276 trade-off, however, is that the Jitter RNG now requires more time 1277 to generate random numbers. 1278 1279config CRYPTO_JITTERENTROPY_TESTINTERFACE 1280 bool "CPU Jitter RNG Test Interface" 1281 help 1282 The test interface allows a privileged process to capture 1283 the raw unconditioned high resolution time stamp noise that 1284 is collected by the Jitter RNG for statistical analysis. As 1285 this data is used at the same time to generate random bits, 1286 the Jitter RNG operates in an insecure mode as long as the 1287 recording is enabled. This interface therefore is only 1288 intended for testing purposes and is not suitable for 1289 production systems. 1290 1291 The raw noise data can be obtained using the jent_raw_hires 1292 debugfs file. Using the option 1293 jitterentropy_testing.boot_raw_hires_test=1 the raw noise of 1294 the first 1000 entropy events since boot can be sampled. 1295 1296 If unsure, select N. 1297 1298endif # if CRYPTO_FIPS && EXPERT 1299 1300if !(CRYPTO_FIPS && EXPERT) 1301 1302config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS 1303 int 1304 default 64 1305 1306config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE 1307 int 1308 default 32 1309 1310config CRYPTO_JITTERENTROPY_OSR 1311 int 1312 default 1 1313 1314config CRYPTO_JITTERENTROPY_TESTINTERFACE 1315 bool 1316 1317endif # if !(CRYPTO_FIPS && EXPERT) 1318endif # if CRYPTO_JITTERENTROPY 1319 1320config CRYPTO_KDF800108_CTR 1321 tristate 1322 select CRYPTO_HMAC 1323 select CRYPTO_SHA256 1324 1325config CRYPTO_DF80090A 1326 tristate 1327 select CRYPTO_AES 1328 select CRYPTO_CTR 1329 1330endmenu 1331menu "Userspace interface" 1332 1333config CRYPTO_USER_API 1334 tristate 1335 1336config CRYPTO_USER_API_HASH 1337 tristate "Hash algorithms" 1338 depends on NET 1339 select CRYPTO_HASH 1340 select CRYPTO_USER_API 1341 help 1342 Enable the userspace interface for hash algorithms. 1343 1344 See Documentation/crypto/userspace-if.rst and 1345 https://www.chronox.de/libkcapi/html/index.html 1346 1347config CRYPTO_USER_API_SKCIPHER 1348 tristate "Symmetric key cipher algorithms" 1349 depends on NET 1350 select CRYPTO_SKCIPHER 1351 select CRYPTO_USER_API 1352 help 1353 Enable the userspace interface for symmetric key cipher algorithms. 1354 1355 See Documentation/crypto/userspace-if.rst and 1356 https://www.chronox.de/libkcapi/html/index.html 1357 1358config CRYPTO_USER_API_RNG 1359 tristate "RNG (random number generator) algorithms" 1360 depends on NET 1361 select CRYPTO_RNG 1362 select CRYPTO_USER_API 1363 help 1364 Enable the userspace interface for RNG (random number generator) 1365 algorithms. 1366 1367 See Documentation/crypto/userspace-if.rst and 1368 https://www.chronox.de/libkcapi/html/index.html 1369 1370config CRYPTO_USER_API_RNG_CAVP 1371 bool "Enable CAVP testing of DRBG" 1372 depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG 1373 help 1374 Enable extra APIs in the userspace interface for NIST CAVP 1375 (Cryptographic Algorithm Validation Program) testing: 1376 - resetting DRBG entropy 1377 - providing Additional Data 1378 1379 This should only be enabled for CAVP testing. You should say 1380 no unless you know what this is. 1381 1382config CRYPTO_USER_API_AEAD 1383 tristate "AEAD cipher algorithms" 1384 depends on NET 1385 select CRYPTO_AEAD 1386 select CRYPTO_SKCIPHER 1387 select CRYPTO_USER_API 1388 help 1389 Enable the userspace interface for AEAD cipher algorithms. 1390 1391 See Documentation/crypto/userspace-if.rst and 1392 https://www.chronox.de/libkcapi/html/index.html 1393 1394config CRYPTO_USER_API_ENABLE_OBSOLETE 1395 bool "Obsolete cryptographic algorithms" 1396 depends on CRYPTO_USER_API 1397 default y 1398 help 1399 Allow obsolete cryptographic algorithms to be selected that have 1400 already been phased out from internal use by the kernel, and are 1401 only useful for userspace clients that still rely on them. 1402 1403endmenu 1404 1405if !KMSAN # avoid false positives from assembly 1406if ARM 1407source "arch/arm/crypto/Kconfig" 1408endif 1409if ARM64 1410source "arch/arm64/crypto/Kconfig" 1411endif 1412if LOONGARCH 1413source "arch/loongarch/crypto/Kconfig" 1414endif 1415if MIPS 1416source "arch/mips/crypto/Kconfig" 1417endif 1418if PPC 1419source "arch/powerpc/crypto/Kconfig" 1420endif 1421if RISCV 1422source "arch/riscv/crypto/Kconfig" 1423endif 1424if S390 1425source "arch/s390/crypto/Kconfig" 1426endif 1427if SPARC 1428source "arch/sparc/crypto/Kconfig" 1429endif 1430if X86 1431source "arch/x86/crypto/Kconfig" 1432endif 1433endif 1434 1435source "drivers/crypto/Kconfig" 1436source "crypto/asymmetric_keys/Kconfig" 1437source "certs/Kconfig" 1438source "crypto/krb5/Kconfig" 1439 1440endif # if CRYPTO