mirror of
https://github.com/torvalds/linux.git
synced 2024-11-21 19:41:42 +00:00
e3d2eadd06
Shorten menu titles and make them consistent: - acronym - name - architecture features in parenthesis - no suffixes like "<something> algorithm", "support", or "hardware acceleration", or "optimized" Simplify help text descriptions, update references, and ensure that https references are still valid. Signed-off-by: Robert Elliott <elliott@hpe.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
1381 lines
37 KiB
Plaintext
1381 lines
37 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# Generic algorithms support
|
|
#
|
|
config XOR_BLOCKS
|
|
tristate
|
|
|
|
#
|
|
# async_tx api: hardware offloaded memory transfer/transform support
|
|
#
|
|
source "crypto/async_tx/Kconfig"
|
|
|
|
#
|
|
# Cryptographic API Configuration
|
|
#
|
|
menuconfig CRYPTO
|
|
tristate "Cryptographic API"
|
|
select CRYPTO_LIB_UTILS
|
|
help
|
|
This option provides the core Cryptographic API.
|
|
|
|
if CRYPTO
|
|
|
|
menu "Crypto core or helper"
|
|
|
|
config CRYPTO_FIPS
|
|
bool "FIPS 200 compliance"
|
|
depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
|
|
depends on (MODULE_SIG || !MODULES)
|
|
help
|
|
This option enables the fips boot option which is
|
|
required if you want the system to operate in a FIPS 200
|
|
certification. You should say no unless you know what
|
|
this is.
|
|
|
|
config CRYPTO_FIPS_NAME
|
|
string "FIPS Module Name"
|
|
default "Linux Kernel Cryptographic API"
|
|
depends on CRYPTO_FIPS
|
|
help
|
|
This option sets the FIPS Module name reported by the Crypto API via
|
|
the /proc/sys/crypto/fips_name file.
|
|
|
|
config CRYPTO_FIPS_CUSTOM_VERSION
|
|
bool "Use Custom FIPS Module Version"
|
|
depends on CRYPTO_FIPS
|
|
default n
|
|
|
|
config CRYPTO_FIPS_VERSION
|
|
string "FIPS Module Version"
|
|
default "(none)"
|
|
depends on CRYPTO_FIPS_CUSTOM_VERSION
|
|
help
|
|
This option provides the ability to override the FIPS Module Version.
|
|
By default the KERNELRELEASE value is used.
|
|
|
|
config CRYPTO_ALGAPI
|
|
tristate
|
|
select CRYPTO_ALGAPI2
|
|
help
|
|
This option provides the API for cryptographic algorithms.
|
|
|
|
config CRYPTO_ALGAPI2
|
|
tristate
|
|
|
|
config CRYPTO_AEAD
|
|
tristate
|
|
select CRYPTO_AEAD2
|
|
select CRYPTO_ALGAPI
|
|
|
|
config CRYPTO_AEAD2
|
|
tristate
|
|
select CRYPTO_ALGAPI2
|
|
select CRYPTO_NULL2
|
|
select CRYPTO_RNG2
|
|
|
|
config CRYPTO_SKCIPHER
|
|
tristate
|
|
select CRYPTO_SKCIPHER2
|
|
select CRYPTO_ALGAPI
|
|
|
|
config CRYPTO_SKCIPHER2
|
|
tristate
|
|
select CRYPTO_ALGAPI2
|
|
select CRYPTO_RNG2
|
|
|
|
config CRYPTO_HASH
|
|
tristate
|
|
select CRYPTO_HASH2
|
|
select CRYPTO_ALGAPI
|
|
|
|
config CRYPTO_HASH2
|
|
tristate
|
|
select CRYPTO_ALGAPI2
|
|
|
|
config CRYPTO_RNG
|
|
tristate
|
|
select CRYPTO_RNG2
|
|
select CRYPTO_ALGAPI
|
|
|
|
config CRYPTO_RNG2
|
|
tristate
|
|
select CRYPTO_ALGAPI2
|
|
|
|
config CRYPTO_RNG_DEFAULT
|
|
tristate
|
|
select CRYPTO_DRBG_MENU
|
|
|
|
config CRYPTO_AKCIPHER2
|
|
tristate
|
|
select CRYPTO_ALGAPI2
|
|
|
|
config CRYPTO_AKCIPHER
|
|
tristate
|
|
select CRYPTO_AKCIPHER2
|
|
select CRYPTO_ALGAPI
|
|
|
|
config CRYPTO_KPP2
|
|
tristate
|
|
select CRYPTO_ALGAPI2
|
|
|
|
config CRYPTO_KPP
|
|
tristate
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_KPP2
|
|
|
|
config CRYPTO_ACOMP2
|
|
tristate
|
|
select CRYPTO_ALGAPI2
|
|
select SGL_ALLOC
|
|
|
|
config CRYPTO_ACOMP
|
|
tristate
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_ACOMP2
|
|
|
|
config CRYPTO_MANAGER
|
|
tristate "Cryptographic algorithm manager"
|
|
select CRYPTO_MANAGER2
|
|
help
|
|
Create default cryptographic template instantiations such as
|
|
cbc(aes).
|
|
|
|
config CRYPTO_MANAGER2
|
|
def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
|
|
select CRYPTO_AEAD2
|
|
select CRYPTO_HASH2
|
|
select CRYPTO_SKCIPHER2
|
|
select CRYPTO_AKCIPHER2
|
|
select CRYPTO_KPP2
|
|
select CRYPTO_ACOMP2
|
|
|
|
config CRYPTO_USER
|
|
tristate "Userspace cryptographic algorithm configuration"
|
|
depends on NET
|
|
select CRYPTO_MANAGER
|
|
help
|
|
Userspace configuration for cryptographic instantiations such as
|
|
cbc(aes).
|
|
|
|
config CRYPTO_MANAGER_DISABLE_TESTS
|
|
bool "Disable run-time self tests"
|
|
default y
|
|
help
|
|
Disable run-time self tests that normally take place at
|
|
algorithm registration.
|
|
|
|
config CRYPTO_MANAGER_EXTRA_TESTS
|
|
bool "Enable extra run-time crypto self tests"
|
|
depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
|
|
help
|
|
Enable extra run-time self tests of registered crypto algorithms,
|
|
including randomized fuzz tests.
|
|
|
|
This is intended for developer use only, as these tests take much
|
|
longer to run than the normal self tests.
|
|
|
|
config CRYPTO_GF128MUL
|
|
tristate
|
|
|
|
config CRYPTO_NULL
|
|
tristate "Null algorithms"
|
|
select CRYPTO_NULL2
|
|
help
|
|
These are 'Null' algorithms, used by IPsec, which do nothing.
|
|
|
|
config CRYPTO_NULL2
|
|
tristate
|
|
select CRYPTO_ALGAPI2
|
|
select CRYPTO_SKCIPHER2
|
|
select CRYPTO_HASH2
|
|
|
|
config CRYPTO_PCRYPT
|
|
tristate "Parallel crypto engine"
|
|
depends on SMP
|
|
select PADATA
|
|
select CRYPTO_MANAGER
|
|
select CRYPTO_AEAD
|
|
help
|
|
This converts an arbitrary crypto algorithm into a parallel
|
|
algorithm that executes in kernel threads.
|
|
|
|
config CRYPTO_CRYPTD
|
|
tristate "Software async crypto daemon"
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_HASH
|
|
select CRYPTO_MANAGER
|
|
help
|
|
This is a generic software asynchronous crypto daemon that
|
|
converts an arbitrary synchronous software crypto algorithm
|
|
into an asynchronous algorithm that executes in a kernel thread.
|
|
|
|
config CRYPTO_AUTHENC
|
|
tristate "Authenc support"
|
|
select CRYPTO_AEAD
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_MANAGER
|
|
select CRYPTO_HASH
|
|
select CRYPTO_NULL
|
|
help
|
|
Authenc: Combined mode wrapper for IPsec.
|
|
This is required for IPSec.
|
|
|
|
config CRYPTO_TEST
|
|
tristate "Testing module"
|
|
depends on m || EXPERT
|
|
select CRYPTO_MANAGER
|
|
help
|
|
Quick & dirty crypto test module.
|
|
|
|
config CRYPTO_SIMD
|
|
tristate
|
|
select CRYPTO_CRYPTD
|
|
|
|
config CRYPTO_ENGINE
|
|
tristate
|
|
|
|
endmenu
|
|
|
|
menu "Public-key cryptography"
|
|
|
|
config CRYPTO_RSA
|
|
tristate "RSA (Rivest-Shamir-Adleman)"
|
|
select CRYPTO_AKCIPHER
|
|
select CRYPTO_MANAGER
|
|
select MPILIB
|
|
select ASN1
|
|
help
|
|
RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017)
|
|
|
|
config CRYPTO_DH
|
|
tristate "DH (Diffie-Hellman)"
|
|
select CRYPTO_KPP
|
|
select MPILIB
|
|
help
|
|
DH (Diffie-Hellman) key exchange algorithm
|
|
|
|
config CRYPTO_DH_RFC7919_GROUPS
|
|
bool "RFC 7919 FFDHE groups"
|
|
depends on CRYPTO_DH
|
|
select CRYPTO_RNG_DEFAULT
|
|
help
|
|
FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups
|
|
defined in RFC7919.
|
|
|
|
Support these finite-field groups in DH key exchanges:
|
|
- ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
|
|
|
|
If unsure, say N.
|
|
|
|
config CRYPTO_ECC
|
|
tristate
|
|
select CRYPTO_RNG_DEFAULT
|
|
|
|
config CRYPTO_ECDH
|
|
tristate "ECDH (Elliptic Curve Diffie-Hellman)"
|
|
select CRYPTO_ECC
|
|
select CRYPTO_KPP
|
|
help
|
|
ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm
|
|
using curves P-192, P-256, and P-384 (FIPS 186)
|
|
|
|
config CRYPTO_ECDSA
|
|
tristate "ECDSA (Elliptic Curve Digital Signature Algorithm)"
|
|
select CRYPTO_ECC
|
|
select CRYPTO_AKCIPHER
|
|
select ASN1
|
|
help
|
|
ECDSA (Elliptic Curve Digital Signature Algorithm) (FIPS 186,
|
|
ISO/IEC 14888-3)
|
|
using curves P-192, P-256, and P-384
|
|
|
|
Only signature verification is implemented.
|
|
|
|
config CRYPTO_ECRDSA
|
|
tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)"
|
|
select CRYPTO_ECC
|
|
select CRYPTO_AKCIPHER
|
|
select CRYPTO_STREEBOG
|
|
select OID_REGISTRY
|
|
select ASN1
|
|
help
|
|
Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
|
|
RFC 7091, ISO/IEC 14888-3)
|
|
|
|
One of the Russian cryptographic standard algorithms (called GOST
|
|
algorithms). Only signature verification is implemented.
|
|
|
|
config CRYPTO_SM2
|
|
tristate "SM2 (ShangMi 2)"
|
|
select CRYPTO_SM3
|
|
select CRYPTO_AKCIPHER
|
|
select CRYPTO_MANAGER
|
|
select MPILIB
|
|
select ASN1
|
|
help
|
|
SM2 (ShangMi 2) public key algorithm
|
|
|
|
Published by State Encryption Management Bureau, China,
|
|
as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
|
|
|
|
References:
|
|
https://datatracker.ietf.org/doc/draft-shen-sm2-ecdsa/
|
|
http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
|
|
http://www.gmbz.org.cn/main/bzlb.html
|
|
|
|
config CRYPTO_CURVE25519
|
|
tristate "Curve25519"
|
|
select CRYPTO_KPP
|
|
select CRYPTO_LIB_CURVE25519_GENERIC
|
|
help
|
|
Curve25519 elliptic curve (RFC7748)
|
|
|
|
endmenu
|
|
|
|
menu "Block ciphers"
|
|
|
|
config CRYPTO_AES
|
|
tristate "AES cipher algorithms"
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_LIB_AES
|
|
help
|
|
AES cipher algorithms (FIPS-197). AES uses the Rijndael
|
|
algorithm.
|
|
|
|
Rijndael appears to be consistently a very good performer in
|
|
both hardware and software across a wide range of computing
|
|
environments regardless of its use in feedback or non-feedback
|
|
modes. Its key setup time is excellent, and its key agility is
|
|
good. Rijndael's very low memory requirements make it very well
|
|
suited for restricted-space environments, in which it also
|
|
demonstrates excellent performance. Rijndael's operations are
|
|
among the easiest to defend against power and timing attacks.
|
|
|
|
The AES specifies three key sizes: 128, 192 and 256 bits
|
|
|
|
See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
|
|
|
|
config CRYPTO_AES_TI
|
|
tristate "Fixed time AES cipher"
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_LIB_AES
|
|
help
|
|
This is a generic implementation of AES that attempts to eliminate
|
|
data dependent latencies as much as possible without affecting
|
|
performance too much. It is intended for use by the generic CCM
|
|
and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
|
|
solely on encryption (although decryption is supported as well, but
|
|
with a more dramatic performance hit)
|
|
|
|
Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
|
|
8 for decryption), this implementation only uses just two S-boxes of
|
|
256 bytes each, and attempts to eliminate data dependent latencies by
|
|
prefetching the entire table into the cache at the start of each
|
|
block. Interrupts are also disabled to avoid races where cachelines
|
|
are evicted when the CPU is interrupted to do something else.
|
|
|
|
config CRYPTO_ANUBIS
|
|
tristate "Anubis cipher algorithm"
|
|
depends on CRYPTO_USER_API_ENABLE_OBSOLETE
|
|
select CRYPTO_ALGAPI
|
|
help
|
|
Anubis cipher algorithm.
|
|
|
|
Anubis is a variable key length cipher which can use keys from
|
|
128 bits to 320 bits in length. It was evaluated as a entrant
|
|
in the NESSIE competition.
|
|
|
|
See also:
|
|
<https://www.cosic.esat.kuleuven.be/nessie/reports/>
|
|
<http://www.larc.usp.br/~pbarreto/AnubisPage.html>
|
|
|
|
config CRYPTO_ARIA
|
|
tristate "ARIA cipher algorithm"
|
|
select CRYPTO_ALGAPI
|
|
help
|
|
ARIA cipher algorithm (RFC5794).
|
|
|
|
ARIA is a standard encryption algorithm of the Republic of Korea.
|
|
The ARIA specifies three key sizes and rounds.
|
|
128-bit: 12 rounds.
|
|
192-bit: 14 rounds.
|
|
256-bit: 16 rounds.
|
|
|
|
See also:
|
|
<https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do>
|
|
|
|
config CRYPTO_BLOWFISH
|
|
tristate "Blowfish cipher algorithm"
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_BLOWFISH_COMMON
|
|
help
|
|
Blowfish cipher algorithm, by Bruce Schneier.
|
|
|
|
This is a variable key length cipher which can use keys from 32
|
|
bits to 448 bits in length. It's fast, simple and specifically
|
|
designed for use on "large microprocessors".
|
|
|
|
See also:
|
|
<https://www.schneier.com/blowfish.html>
|
|
|
|
config CRYPTO_BLOWFISH_COMMON
|
|
tristate
|
|
help
|
|
Common parts of the Blowfish cipher algorithm shared by the
|
|
generic c and the assembler implementations.
|
|
|
|
See also:
|
|
<https://www.schneier.com/blowfish.html>
|
|
|
|
config CRYPTO_CAMELLIA
|
|
tristate "Camellia cipher algorithms"
|
|
select CRYPTO_ALGAPI
|
|
help
|
|
Camellia cipher algorithms module.
|
|
|
|
Camellia is a symmetric key block cipher developed jointly
|
|
at NTT and Mitsubishi Electric Corporation.
|
|
|
|
The Camellia specifies three key sizes: 128, 192 and 256 bits.
|
|
|
|
See also:
|
|
<https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
|
|
|
|
config CRYPTO_CAST_COMMON
|
|
tristate
|
|
help
|
|
Common parts of the CAST cipher algorithms shared by the
|
|
generic c and the assembler implementations.
|
|
|
|
config CRYPTO_CAST5
|
|
tristate "CAST5 (CAST-128) cipher algorithm"
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_CAST_COMMON
|
|
help
|
|
The CAST5 encryption algorithm (synonymous with CAST-128) is
|
|
described in RFC2144.
|
|
|
|
config CRYPTO_CAST6
|
|
tristate "CAST6 (CAST-256) cipher algorithm"
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_CAST_COMMON
|
|
help
|
|
The CAST6 encryption algorithm (synonymous with CAST-256) is
|
|
described in RFC2612.
|
|
|
|
config CRYPTO_DES
|
|
tristate "DES and Triple DES EDE cipher algorithms"
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_LIB_DES
|
|
help
|
|
DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
|
|
|
|
config CRYPTO_FCRYPT
|
|
tristate "FCrypt cipher algorithm"
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_SKCIPHER
|
|
help
|
|
FCrypt algorithm used by RxRPC.
|
|
|
|
config CRYPTO_KHAZAD
|
|
tristate "Khazad cipher algorithm"
|
|
depends on CRYPTO_USER_API_ENABLE_OBSOLETE
|
|
select CRYPTO_ALGAPI
|
|
help
|
|
Khazad cipher algorithm.
|
|
|
|
Khazad was a finalist in the initial NESSIE competition. It is
|
|
an algorithm optimized for 64-bit processors with good performance
|
|
on 32-bit processors. Khazad uses an 128 bit key size.
|
|
|
|
See also:
|
|
<http://www.larc.usp.br/~pbarreto/KhazadPage.html>
|
|
|
|
config CRYPTO_SEED
|
|
tristate "SEED cipher algorithm"
|
|
depends on CRYPTO_USER_API_ENABLE_OBSOLETE
|
|
select CRYPTO_ALGAPI
|
|
help
|
|
SEED cipher algorithm (RFC4269).
|
|
|
|
SEED is a 128-bit symmetric key block cipher that has been
|
|
developed by KISA (Korea Information Security Agency) as a
|
|
national standard encryption algorithm of the Republic of Korea.
|
|
It is a 16 round block cipher with the key size of 128 bit.
|
|
|
|
See also:
|
|
<http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
|
|
|
|
config CRYPTO_SERPENT
|
|
tristate "Serpent cipher algorithm"
|
|
select CRYPTO_ALGAPI
|
|
help
|
|
Serpent cipher algorithm, by Anderson, Biham & Knudsen.
|
|
|
|
Keys are allowed to be from 0 to 256 bits in length, in steps
|
|
of 8 bits.
|
|
|
|
See also:
|
|
<https://www.cl.cam.ac.uk/~rja14/serpent.html>
|
|
|
|
config CRYPTO_SM4
|
|
tristate
|
|
|
|
config CRYPTO_SM4_GENERIC
|
|
tristate "SM4 cipher algorithm"
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_SM4
|
|
help
|
|
SM4 cipher algorithms (OSCCA GB/T 32907-2016).
|
|
|
|
SM4 (GBT.32907-2016) is a cryptographic standard issued by the
|
|
Organization of State Commercial Administration of China (OSCCA)
|
|
as an authorized cryptographic algorithms for the use within China.
|
|
|
|
SMS4 was originally created for use in protecting wireless
|
|
networks, and is mandated in the Chinese National Standard for
|
|
Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
|
|
(GB.15629.11-2003).
|
|
|
|
The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
|
|
standardized through TC 260 of the Standardization Administration
|
|
of the People's Republic of China (SAC).
|
|
|
|
The input, output, and key of SMS4 are each 128 bits.
|
|
|
|
See also: <https://eprint.iacr.org/2008/329.pdf>
|
|
|
|
If unsure, say N.
|
|
|
|
config CRYPTO_TEA
|
|
tristate "TEA, XTEA and XETA cipher algorithms"
|
|
depends on CRYPTO_USER_API_ENABLE_OBSOLETE
|
|
select CRYPTO_ALGAPI
|
|
help
|
|
TEA cipher algorithm.
|
|
|
|
Tiny Encryption Algorithm is a simple cipher that uses
|
|
many rounds for security. It is very fast and uses
|
|
little memory.
|
|
|
|
Xtendend Tiny Encryption Algorithm is a modification to
|
|
the TEA algorithm to address a potential key weakness
|
|
in the TEA algorithm.
|
|
|
|
Xtendend Encryption Tiny Algorithm is a mis-implementation
|
|
of the XTEA algorithm for compatibility purposes.
|
|
|
|
config CRYPTO_TWOFISH
|
|
tristate "Twofish cipher algorithm"
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_TWOFISH_COMMON
|
|
help
|
|
Twofish cipher algorithm.
|
|
|
|
Twofish was submitted as an AES (Advanced Encryption Standard)
|
|
candidate cipher by researchers at CounterPane Systems. It is a
|
|
16 round block cipher supporting key sizes of 128, 192, and 256
|
|
bits.
|
|
|
|
See also:
|
|
<https://www.schneier.com/twofish.html>
|
|
|
|
config CRYPTO_TWOFISH_COMMON
|
|
tristate
|
|
help
|
|
Common parts of the Twofish cipher algorithm shared by the
|
|
generic c and the assembler implementations.
|
|
|
|
endmenu
|
|
|
|
menu "Length-preserving ciphers and modes"
|
|
|
|
config CRYPTO_ADIANTUM
|
|
tristate "Adiantum support"
|
|
select CRYPTO_CHACHA20
|
|
select CRYPTO_LIB_POLY1305_GENERIC
|
|
select CRYPTO_NHPOLY1305
|
|
select CRYPTO_MANAGER
|
|
help
|
|
Adiantum is a tweakable, length-preserving encryption mode
|
|
designed for fast and secure disk encryption, especially on
|
|
CPUs without dedicated crypto instructions. It encrypts
|
|
each sector using the XChaCha12 stream cipher, two passes of
|
|
an ε-almost-∆-universal hash function, and an invocation of
|
|
the AES-256 block cipher on a single 16-byte block. On CPUs
|
|
without AES instructions, Adiantum is much faster than
|
|
AES-XTS.
|
|
|
|
Adiantum's security is provably reducible to that of its
|
|
underlying stream and block ciphers, subject to a security
|
|
bound. Unlike XTS, Adiantum is a true wide-block encryption
|
|
mode, so it actually provides an even stronger notion of
|
|
security than XTS, subject to the security bound.
|
|
|
|
If unsure, say N.
|
|
|
|
config CRYPTO_ARC4
|
|
tristate "ARC4 cipher algorithm"
|
|
depends on CRYPTO_USER_API_ENABLE_OBSOLETE
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_LIB_ARC4
|
|
help
|
|
ARC4 cipher algorithm.
|
|
|
|
ARC4 is a stream cipher using keys ranging from 8 bits to 2048
|
|
bits in length. This algorithm is required for driver-based
|
|
WEP, but it should not be for other purposes because of the
|
|
weakness of the algorithm.
|
|
|
|
config CRYPTO_CHACHA20
|
|
tristate "ChaCha stream cipher algorithms"
|
|
select CRYPTO_LIB_CHACHA_GENERIC
|
|
select CRYPTO_SKCIPHER
|
|
help
|
|
The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
|
|
|
|
ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
|
|
Bernstein and further specified in RFC7539 for use in IETF protocols.
|
|
This is the portable C implementation of ChaCha20. See also:
|
|
<https://cr.yp.to/chacha/chacha-20080128.pdf>
|
|
|
|
XChaCha20 is the application of the XSalsa20 construction to ChaCha20
|
|
rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
|
|
from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
|
|
while provably retaining ChaCha20's security. See also:
|
|
<https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
|
|
|
|
XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
|
|
reduced security margin but increased performance. It can be needed
|
|
in some performance-sensitive scenarios.
|
|
|
|
config CRYPTO_CBC
|
|
tristate "CBC support"
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_MANAGER
|
|
help
|
|
CBC: Cipher Block Chaining mode
|
|
This block cipher algorithm is required for IPSec.
|
|
|
|
config CRYPTO_CFB
|
|
tristate "CFB support"
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_MANAGER
|
|
help
|
|
CFB: Cipher FeedBack mode
|
|
This block cipher algorithm is required for TPM2 Cryptography.
|
|
|
|
config CRYPTO_CTR
|
|
tristate "CTR support"
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_MANAGER
|
|
help
|
|
CTR: Counter mode
|
|
This block cipher algorithm is required for IPSec.
|
|
|
|
config CRYPTO_CTS
|
|
tristate "CTS support"
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_MANAGER
|
|
help
|
|
CTS: Cipher Text Stealing
|
|
This is the Cipher Text Stealing mode as described by
|
|
Section 8 of rfc2040 and referenced by rfc3962
|
|
(rfc3962 includes errata information in its Appendix A) or
|
|
CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
|
|
This mode is required for Kerberos gss mechanism support
|
|
for AES encryption.
|
|
|
|
See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
|
|
|
|
config CRYPTO_ECB
|
|
tristate "ECB support"
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_MANAGER
|
|
help
|
|
ECB: Electronic CodeBook mode
|
|
This is the simplest block cipher algorithm. It simply encrypts
|
|
the input block by block.
|
|
|
|
config CRYPTO_HCTR2
|
|
tristate "HCTR2 support"
|
|
select CRYPTO_XCTR
|
|
select CRYPTO_POLYVAL
|
|
select CRYPTO_MANAGER
|
|
help
|
|
HCTR2 is a length-preserving encryption mode for storage encryption that
|
|
is efficient on processors with instructions to accelerate AES and
|
|
carryless multiplication, e.g. x86 processors with AES-NI and CLMUL, and
|
|
ARM processors with the ARMv8 crypto extensions.
|
|
|
|
config CRYPTO_KEYWRAP
|
|
tristate "Key wrapping support"
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_MANAGER
|
|
help
|
|
Support for key wrapping (NIST SP800-38F / RFC3394) without
|
|
padding.
|
|
|
|
config CRYPTO_LRW
|
|
tristate "LRW support"
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_MANAGER
|
|
select CRYPTO_GF128MUL
|
|
select CRYPTO_ECB
|
|
help
|
|
LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
|
|
narrow block cipher mode for dm-crypt. Use it with cipher
|
|
specification string aes-lrw-benbi, the key must be 256, 320 or 384.
|
|
The first 128, 192 or 256 bits in the key are used for AES and the
|
|
rest is used to tie each cipher block to its logical position.
|
|
|
|
config CRYPTO_OFB
|
|
tristate "OFB support"
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_MANAGER
|
|
help
|
|
OFB: the Output Feedback mode makes a block cipher into a synchronous
|
|
stream cipher. It generates keystream blocks, which are then XORed
|
|
with the plaintext blocks to get the ciphertext. Flipping a bit in the
|
|
ciphertext produces a flipped bit in the plaintext at the same
|
|
location. This property allows many error correcting codes to function
|
|
normally even when applied before encryption.
|
|
|
|
config CRYPTO_PCBC
|
|
tristate "PCBC support"
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_MANAGER
|
|
help
|
|
PCBC: Propagating Cipher Block Chaining mode
|
|
This block cipher algorithm is required for RxRPC.
|
|
|
|
config CRYPTO_XCTR
|
|
tristate
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_MANAGER
|
|
help
|
|
XCTR: XOR Counter mode. This blockcipher mode is a variant of CTR mode
|
|
using XORs and little-endian addition rather than big-endian arithmetic.
|
|
XCTR mode is used to implement HCTR2.
|
|
|
|
config CRYPTO_XTS
|
|
tristate "XTS support"
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_MANAGER
|
|
select CRYPTO_ECB
|
|
help
|
|
XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
|
|
key size 256, 384 or 512 bits. This implementation currently
|
|
can't handle a sectorsize which is not a multiple of 16 bytes.
|
|
|
|
config CRYPTO_NHPOLY1305
|
|
tristate
|
|
select CRYPTO_HASH
|
|
select CRYPTO_LIB_POLY1305_GENERIC
|
|
|
|
endmenu
|
|
|
|
menu "AEAD (authenticated encryption with associated data) ciphers"
|
|
|
|
config CRYPTO_AEGIS128
|
|
tristate "AEGIS-128"
|
|
select CRYPTO_AEAD
|
|
select CRYPTO_AES # for AES S-box tables
|
|
help
|
|
AEGIS-128 AEAD algorithm
|
|
|
|
config CRYPTO_AEGIS128_SIMD
|
|
bool "AEGIS-128 (arm NEON, arm64 NEON)"
|
|
depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
|
|
default y
|
|
help
|
|
AEGIS-128 AEAD algorithm
|
|
|
|
Architecture: arm or arm64 using:
|
|
- NEON (Advanced SIMD) extension
|
|
|
|
config CRYPTO_CHACHA20POLY1305
|
|
tristate "ChaCha20-Poly1305"
|
|
select CRYPTO_CHACHA20
|
|
select CRYPTO_POLY1305
|
|
select CRYPTO_AEAD
|
|
select CRYPTO_MANAGER
|
|
help
|
|
ChaCha20 stream cipher and Poly1305 authenticator combined
|
|
mode (RFC8439)
|
|
|
|
config CRYPTO_CCM
|
|
tristate "CCM (Counter with Cipher Block Chaining-Message Authentication Code)"
|
|
select CRYPTO_CTR
|
|
select CRYPTO_HASH
|
|
select CRYPTO_AEAD
|
|
select CRYPTO_MANAGER
|
|
help
|
|
CCM (Counter with Cipher Block Chaining-Message Authentication Code)
|
|
authenticated encryption mode (NIST SP800-38C)
|
|
|
|
config CRYPTO_GCM
|
|
tristate "GCM (Galois/Counter Mode) and GMAC (GCM Message Authentication Code)"
|
|
select CRYPTO_CTR
|
|
select CRYPTO_AEAD
|
|
select CRYPTO_GHASH
|
|
select CRYPTO_NULL
|
|
select CRYPTO_MANAGER
|
|
help
|
|
GCM (Galois/Counter Mode) authenticated encryption mode and GMAC
|
|
(GCM Message Authentication Code) (NIST SP800-38D)
|
|
|
|
This is required for IPSec ESP (XFRM_ESP).
|
|
|
|
config CRYPTO_SEQIV
|
|
tristate "Sequence Number IV Generator"
|
|
select CRYPTO_AEAD
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_NULL
|
|
select CRYPTO_RNG_DEFAULT
|
|
select CRYPTO_MANAGER
|
|
help
|
|
Sequence Number IV generator
|
|
|
|
This IV generator generates an IV based on a sequence number by
|
|
xoring it with a salt. This algorithm is mainly useful for CTR.
|
|
|
|
This is required for IPsec ESP (XFRM_ESP).
|
|
|
|
config CRYPTO_ECHAINIV
|
|
tristate "Encrypted Chain IV Generator"
|
|
select CRYPTO_AEAD
|
|
select CRYPTO_NULL
|
|
select CRYPTO_RNG_DEFAULT
|
|
select CRYPTO_MANAGER
|
|
help
|
|
Encrypted Chain IV generator
|
|
|
|
This IV generator generates an IV based on the encryption of
|
|
a sequence number xored with a salt. This is the default
|
|
algorithm for CBC.
|
|
|
|
config CRYPTO_ESSIV
|
|
tristate "Encrypted Salt-Sector IV Generator"
|
|
select CRYPTO_AUTHENC
|
|
help
|
|
Encrypted Salt-Sector IV generator
|
|
|
|
This IV generator is used in some cases by fscrypt and/or
|
|
dm-crypt. It uses the hash of the block encryption key as the
|
|
symmetric key for a block encryption pass applied to the input
|
|
IV, making low entropy IV sources more suitable for block
|
|
encryption.
|
|
|
|
This driver implements a crypto API template that can be
|
|
instantiated either as an skcipher or as an AEAD (depending on the
|
|
type of the first template argument), and which defers encryption
|
|
and decryption requests to the encapsulated cipher after applying
|
|
ESSIV to the input IV. Note that in the AEAD case, it is assumed
|
|
that the keys are presented in the same format used by the authenc
|
|
template, and that the IV appears at the end of the authenticated
|
|
associated data (AAD) region (which is how dm-crypt uses it.)
|
|
|
|
Note that the use of ESSIV is not recommended for new deployments,
|
|
and so this only needs to be enabled when interoperability with
|
|
existing encrypted volumes of filesystems is required, or when
|
|
building for a particular system that requires it (e.g., when
|
|
the SoC in question has accelerated CBC but not XTS, making CBC
|
|
combined with ESSIV the only feasible mode for h/w accelerated
|
|
block encryption)
|
|
|
|
endmenu
|
|
|
|
menu "Hashes, digests, and MACs"
|
|
|
|
config CRYPTO_BLAKE2B
|
|
tristate "BLAKE2b digest algorithm"
|
|
select CRYPTO_HASH
|
|
help
|
|
Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
|
|
optimized for 64bit platforms and can produce digests of any size
|
|
between 1 to 64. The keyed hash is also implemented.
|
|
|
|
This module provides the following algorithms:
|
|
|
|
- blake2b-160
|
|
- blake2b-256
|
|
- blake2b-384
|
|
- blake2b-512
|
|
|
|
See https://blake2.net for further information.
|
|
|
|
config CRYPTO_CMAC
|
|
tristate "CMAC support"
|
|
select CRYPTO_HASH
|
|
select CRYPTO_MANAGER
|
|
help
|
|
Cipher-based Message Authentication Code (CMAC) specified by
|
|
The National Institute of Standards and Technology (NIST).
|
|
|
|
https://tools.ietf.org/html/rfc4493
|
|
http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
|
|
|
|
config CRYPTO_GHASH
|
|
tristate "GHASH hash function"
|
|
select CRYPTO_GF128MUL
|
|
select CRYPTO_HASH
|
|
help
|
|
GHASH is the hash function used in GCM (Galois/Counter Mode).
|
|
It is not a general-purpose cryptographic hash function.
|
|
|
|
config CRYPTO_HMAC
|
|
tristate "HMAC support"
|
|
select CRYPTO_HASH
|
|
select CRYPTO_MANAGER
|
|
help
|
|
HMAC: Keyed-Hashing for Message Authentication (RFC2104).
|
|
This is required for IPSec.
|
|
|
|
config CRYPTO_MD4
|
|
tristate "MD4 digest algorithm"
|
|
select CRYPTO_HASH
|
|
help
|
|
MD4 message digest algorithm (RFC1320).
|
|
|
|
config CRYPTO_MD5
|
|
tristate "MD5 digest algorithm"
|
|
select CRYPTO_HASH
|
|
help
|
|
MD5 message digest algorithm (RFC1321).
|
|
|
|
config CRYPTO_MICHAEL_MIC
|
|
tristate "Michael MIC keyed digest algorithm"
|
|
select CRYPTO_HASH
|
|
help
|
|
Michael MIC is used for message integrity protection in TKIP
|
|
(IEEE 802.11i). This algorithm is required for TKIP, but it
|
|
should not be used for other purposes because of the weakness
|
|
of the algorithm.
|
|
|
|
config CRYPTO_POLYVAL
|
|
tristate
|
|
select CRYPTO_GF128MUL
|
|
select CRYPTO_HASH
|
|
help
|
|
POLYVAL is the hash function used in HCTR2. It is not a general-purpose
|
|
cryptographic hash function.
|
|
|
|
config CRYPTO_POLY1305
|
|
tristate "Poly1305 authenticator algorithm"
|
|
select CRYPTO_HASH
|
|
select CRYPTO_LIB_POLY1305_GENERIC
|
|
help
|
|
Poly1305 authenticator algorithm, RFC7539.
|
|
|
|
Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
|
|
It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
|
|
in IETF protocols. This is the portable C implementation of Poly1305.
|
|
|
|
config CRYPTO_RMD160
|
|
tristate "RIPEMD-160 digest algorithm"
|
|
select CRYPTO_HASH
|
|
help
|
|
RIPEMD-160 (ISO/IEC 10118-3:2004).
|
|
|
|
RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
|
|
to be used as a secure replacement for the 128-bit hash functions
|
|
MD4, MD5 and its predecessor RIPEMD
|
|
(not to be confused with RIPEMD-128).
|
|
|
|
It's speed is comparable to SHA1 and there are no known attacks
|
|
against RIPEMD-160.
|
|
|
|
Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
|
|
See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
|
|
|
|
config CRYPTO_SHA1
|
|
tristate "SHA1 digest algorithm"
|
|
select CRYPTO_HASH
|
|
select CRYPTO_LIB_SHA1
|
|
help
|
|
SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
|
|
|
|
config CRYPTO_SHA256
|
|
tristate "SHA224 and SHA256 digest algorithm"
|
|
select CRYPTO_HASH
|
|
select CRYPTO_LIB_SHA256
|
|
help
|
|
SHA256 secure hash standard (DFIPS 180-2).
|
|
|
|
This version of SHA implements a 256 bit hash with 128 bits of
|
|
security against collision attacks.
|
|
|
|
This code also includes SHA-224, a 224 bit hash with 112 bits
|
|
of security against collision attacks.
|
|
|
|
config CRYPTO_SHA512
|
|
tristate "SHA384 and SHA512 digest algorithms"
|
|
select CRYPTO_HASH
|
|
help
|
|
SHA512 secure hash standard (DFIPS 180-2).
|
|
|
|
This version of SHA implements a 512 bit hash with 256 bits of
|
|
security against collision attacks.
|
|
|
|
This code also includes SHA-384, a 384 bit hash with 192 bits
|
|
of security against collision attacks.
|
|
|
|
config CRYPTO_SHA3
|
|
tristate "SHA3 digest algorithm"
|
|
select CRYPTO_HASH
|
|
help
|
|
SHA-3 secure hash standard (DFIPS 202). It's based on
|
|
cryptographic sponge function family called Keccak.
|
|
|
|
References:
|
|
http://keccak.noekeon.org/
|
|
|
|
config CRYPTO_SM3
|
|
tristate
|
|
|
|
config CRYPTO_SM3_GENERIC
|
|
tristate "SM3 digest algorithm"
|
|
select CRYPTO_HASH
|
|
select CRYPTO_SM3
|
|
help
|
|
SM3 secure hash function as defined by OSCCA GM/T 0004-2012 SM3).
|
|
It is part of the Chinese Commercial Cryptography suite.
|
|
|
|
References:
|
|
http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
|
|
https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
|
|
|
|
config CRYPTO_STREEBOG
|
|
tristate "Streebog Hash Function"
|
|
select CRYPTO_HASH
|
|
help
|
|
Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
|
|
cryptographic standard algorithms (called GOST algorithms).
|
|
This setting enables two hash algorithms with 256 and 512 bits output.
|
|
|
|
References:
|
|
https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
|
|
https://tools.ietf.org/html/rfc6986
|
|
|
|
config CRYPTO_VMAC
|
|
tristate "VMAC support"
|
|
select CRYPTO_HASH
|
|
select CRYPTO_MANAGER
|
|
help
|
|
VMAC is a message authentication algorithm designed for
|
|
very high speed on 64-bit architectures.
|
|
|
|
See also:
|
|
<https://fastcrypto.org/vmac>
|
|
|
|
config CRYPTO_WP512
|
|
tristate "Whirlpool digest algorithms"
|
|
select CRYPTO_HASH
|
|
help
|
|
Whirlpool hash algorithm 512, 384 and 256-bit hashes
|
|
|
|
Whirlpool-512 is part of the NESSIE cryptographic primitives.
|
|
Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
|
|
|
|
See also:
|
|
<http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
|
|
|
|
config CRYPTO_XCBC
|
|
tristate "XCBC support"
|
|
select CRYPTO_HASH
|
|
select CRYPTO_MANAGER
|
|
help
|
|
XCBC: Keyed-Hashing with encryption algorithm
|
|
https://www.ietf.org/rfc/rfc3566.txt
|
|
http://csrc.nist.gov/encryption/modes/proposedmodes/
|
|
xcbc-mac/xcbc-mac-spec.pdf
|
|
|
|
config CRYPTO_XXHASH
|
|
tristate "xxHash hash algorithm"
|
|
select CRYPTO_HASH
|
|
select XXHASH
|
|
help
|
|
xxHash non-cryptographic hash algorithm. Extremely fast, working at
|
|
speeds close to RAM limits.
|
|
|
|
endmenu
|
|
|
|
menu "CRCs (cyclic redundancy checks)"
|
|
|
|
config CRYPTO_CRC32C
|
|
tristate "CRC32c"
|
|
select CRYPTO_HASH
|
|
select CRC32
|
|
help
|
|
CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720)
|
|
|
|
A 32-bit CRC (cyclic redundancy check) with a polynomial defined
|
|
by G. Castagnoli, S. Braeuer and M. Herrman in "Optimization of Cyclic
|
|
Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions
|
|
on Communications, Vol. 41, No. 6, June 1993, selected for use with
|
|
iSCSI.
|
|
|
|
Used by btrfs, ext4, jbd2, NVMeoF/TCP, and iSCSI.
|
|
|
|
config CRYPTO_CRC32
|
|
tristate "CRC32"
|
|
select CRYPTO_HASH
|
|
select CRC32
|
|
help
|
|
CRC32 CRC algorithm (IEEE 802.3)
|
|
|
|
Used by RoCEv2 and f2fs.
|
|
|
|
config CRYPTO_CRCT10DIF
|
|
tristate "CRCT10DIF"
|
|
select CRYPTO_HASH
|
|
help
|
|
CRC16 CRC algorithm used for the T10 (SCSI) Data Integrity Field (DIF)
|
|
|
|
CRC algorithm used by the SCSI Block Commands standard.
|
|
|
|
config CRYPTO_CRC64_ROCKSOFT
|
|
tristate "CRC64 based on Rocksoft Model algorithm"
|
|
depends on CRC64
|
|
select CRYPTO_HASH
|
|
help
|
|
CRC64 CRC algorithm based on the Rocksoft Model CRC Algorithm
|
|
|
|
Used by the NVMe implementation of T10 DIF (BLK_DEV_INTEGRITY)
|
|
|
|
See https://zlib.net/crc_v3.txt
|
|
|
|
endmenu
|
|
|
|
menu "Compression"
|
|
|
|
config CRYPTO_DEFLATE
|
|
tristate "Deflate compression algorithm"
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_ACOMP2
|
|
select ZLIB_INFLATE
|
|
select ZLIB_DEFLATE
|
|
help
|
|
This is the Deflate algorithm (RFC1951), specified for use in
|
|
IPSec with the IPCOMP protocol (RFC3173, RFC2394).
|
|
|
|
You will most probably want this if using IPSec.
|
|
|
|
config CRYPTO_LZO
|
|
tristate "LZO compression algorithm"
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_ACOMP2
|
|
select LZO_COMPRESS
|
|
select LZO_DECOMPRESS
|
|
help
|
|
This is the LZO algorithm.
|
|
|
|
config CRYPTO_842
|
|
tristate "842 compression algorithm"
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_ACOMP2
|
|
select 842_COMPRESS
|
|
select 842_DECOMPRESS
|
|
help
|
|
This is the 842 algorithm.
|
|
|
|
config CRYPTO_LZ4
|
|
tristate "LZ4 compression algorithm"
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_ACOMP2
|
|
select LZ4_COMPRESS
|
|
select LZ4_DECOMPRESS
|
|
help
|
|
This is the LZ4 algorithm.
|
|
|
|
config CRYPTO_LZ4HC
|
|
tristate "LZ4HC compression algorithm"
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_ACOMP2
|
|
select LZ4HC_COMPRESS
|
|
select LZ4_DECOMPRESS
|
|
help
|
|
This is the LZ4 high compression mode algorithm.
|
|
|
|
config CRYPTO_ZSTD
|
|
tristate "Zstd compression algorithm"
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_ACOMP2
|
|
select ZSTD_COMPRESS
|
|
select ZSTD_DECOMPRESS
|
|
help
|
|
This is the zstd algorithm.
|
|
|
|
endmenu
|
|
|
|
menu "Random number generation"
|
|
|
|
config CRYPTO_ANSI_CPRNG
|
|
tristate "Pseudo Random Number Generation for Cryptographic modules"
|
|
select CRYPTO_AES
|
|
select CRYPTO_RNG
|
|
help
|
|
This option enables the generic pseudo random number generator
|
|
for cryptographic modules. Uses the Algorithm specified in
|
|
ANSI X9.31 A.2.4. Note that this option must be enabled if
|
|
CRYPTO_FIPS is selected
|
|
|
|
menuconfig CRYPTO_DRBG_MENU
|
|
tristate "NIST SP800-90A DRBG"
|
|
help
|
|
NIST SP800-90A compliant DRBG. In the following submenu, one or
|
|
more of the DRBG types must be selected.
|
|
|
|
if CRYPTO_DRBG_MENU
|
|
|
|
config CRYPTO_DRBG_HMAC
|
|
bool
|
|
default y
|
|
select CRYPTO_HMAC
|
|
select CRYPTO_SHA512
|
|
|
|
config CRYPTO_DRBG_HASH
|
|
bool "Enable Hash DRBG"
|
|
select CRYPTO_SHA256
|
|
help
|
|
Enable the Hash DRBG variant as defined in NIST SP800-90A.
|
|
|
|
config CRYPTO_DRBG_CTR
|
|
bool "Enable CTR DRBG"
|
|
select CRYPTO_AES
|
|
select CRYPTO_CTR
|
|
help
|
|
Enable the CTR DRBG variant as defined in NIST SP800-90A.
|
|
|
|
config CRYPTO_DRBG
|
|
tristate
|
|
default CRYPTO_DRBG_MENU
|
|
select CRYPTO_RNG
|
|
select CRYPTO_JITTERENTROPY
|
|
|
|
endif # if CRYPTO_DRBG_MENU
|
|
|
|
config CRYPTO_JITTERENTROPY
|
|
tristate "Jitterentropy Non-Deterministic Random Number Generator"
|
|
select CRYPTO_RNG
|
|
help
|
|
The Jitterentropy RNG is a noise that is intended
|
|
to provide seed to another RNG. The RNG does not
|
|
perform any cryptographic whitening of the generated
|
|
random numbers. This Jitterentropy RNG registers with
|
|
the kernel crypto API and can be used by any caller.
|
|
|
|
config CRYPTO_KDF800108_CTR
|
|
tristate
|
|
select CRYPTO_HMAC
|
|
select CRYPTO_SHA256
|
|
|
|
endmenu
|
|
menu "User-space interface"
|
|
|
|
config CRYPTO_USER_API
|
|
tristate
|
|
|
|
config CRYPTO_USER_API_HASH
|
|
tristate "User-space interface for hash algorithms"
|
|
depends on NET
|
|
select CRYPTO_HASH
|
|
select CRYPTO_USER_API
|
|
help
|
|
This option enables the user-spaces interface for hash
|
|
algorithms.
|
|
|
|
config CRYPTO_USER_API_SKCIPHER
|
|
tristate "User-space interface for symmetric key cipher algorithms"
|
|
depends on NET
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_USER_API
|
|
help
|
|
This option enables the user-spaces interface for symmetric
|
|
key cipher algorithms.
|
|
|
|
config CRYPTO_USER_API_RNG
|
|
tristate "User-space interface for random number generator algorithms"
|
|
depends on NET
|
|
select CRYPTO_RNG
|
|
select CRYPTO_USER_API
|
|
help
|
|
This option enables the user-spaces interface for random
|
|
number generator algorithms.
|
|
|
|
config CRYPTO_USER_API_RNG_CAVP
|
|
bool "Enable CAVP testing of DRBG"
|
|
depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
|
|
help
|
|
This option enables extra API for CAVP testing via the user-space
|
|
interface: resetting of DRBG entropy, and providing Additional Data.
|
|
This should only be enabled for CAVP testing. You should say
|
|
no unless you know what this is.
|
|
|
|
config CRYPTO_USER_API_AEAD
|
|
tristate "User-space interface for AEAD cipher algorithms"
|
|
depends on NET
|
|
select CRYPTO_AEAD
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_NULL
|
|
select CRYPTO_USER_API
|
|
help
|
|
This option enables the user-spaces interface for AEAD
|
|
cipher algorithms.
|
|
|
|
config CRYPTO_USER_API_ENABLE_OBSOLETE
|
|
bool "Enable obsolete cryptographic algorithms for userspace"
|
|
depends on CRYPTO_USER_API
|
|
default y
|
|
help
|
|
Allow obsolete cryptographic algorithms to be selected that have
|
|
already been phased out from internal use by the kernel, and are
|
|
only useful for userspace clients that still rely on them.
|
|
|
|
config CRYPTO_STATS
|
|
bool "Crypto usage statistics for User-space"
|
|
depends on CRYPTO_USER
|
|
help
|
|
This option enables the gathering of crypto stats.
|
|
This will collect:
|
|
- encrypt/decrypt size and numbers of symmeric operations
|
|
- compress/decompress size and numbers of compress operations
|
|
- size and numbers of hash operations
|
|
- encrypt/decrypt/sign/verify numbers for asymmetric operations
|
|
- generate/seed numbers for rng operations
|
|
|
|
endmenu
|
|
|
|
config CRYPTO_HASH_INFO
|
|
bool
|
|
|
|
if ARM
|
|
source "arch/arm/crypto/Kconfig"
|
|
endif
|
|
if ARM64
|
|
source "arch/arm64/crypto/Kconfig"
|
|
endif
|
|
if MIPS
|
|
source "arch/mips/crypto/Kconfig"
|
|
endif
|
|
if PPC
|
|
source "arch/powerpc/crypto/Kconfig"
|
|
endif
|
|
if S390
|
|
source "arch/s390/crypto/Kconfig"
|
|
endif
|
|
if SPARC
|
|
source "arch/sparc/crypto/Kconfig"
|
|
endif
|
|
if X86
|
|
source "arch/x86/crypto/Kconfig"
|
|
endif
|
|
|
|
source "drivers/crypto/Kconfig"
|
|
source "crypto/asymmetric_keys/Kconfig"
|
|
source "certs/Kconfig"
|
|
|
|
endif # if CRYPTO
|