Kconfig 37 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413
  1. # SPDX-License-Identifier: GPL-2.0
  2. #
  3. # Generic algorithms support
  4. #
  5. config XOR_BLOCKS
  6. tristate
  7. #
  8. # async_tx api: hardware offloaded memory transfer/transform support
  9. #
  10. source "crypto/async_tx/Kconfig"
  11. #
  12. # Cryptographic API Configuration
  13. #
  14. menuconfig CRYPTO
  15. tristate "Cryptographic API"
  16. select CRYPTO_LIB_UTILS
  17. help
  18. This option provides the core Cryptographic API.
  19. if CRYPTO
  20. menu "Crypto core or helper"
  21. config CRYPTO_FIPS
  22. bool "FIPS 200 compliance"
  23. depends on CRYPTO_DRBG && CRYPTO_SELFTESTS
  24. depends on (MODULE_SIG || !MODULES)
  25. help
  26. This option enables the fips boot option which is
  27. required if you want the system to operate in a FIPS 200
  28. certification. You should say no unless you know what
  29. this is.
  30. config CRYPTO_FIPS_NAME
  31. string "FIPS Module Name"
  32. default "Linux Kernel Cryptographic API"
  33. depends on CRYPTO_FIPS
  34. help
  35. This option sets the FIPS Module name reported by the Crypto API via
  36. the /proc/sys/crypto/fips_name file.
  37. config CRYPTO_FIPS_CUSTOM_VERSION
  38. bool "Use Custom FIPS Module Version"
  39. depends on CRYPTO_FIPS
  40. default n
  41. config CRYPTO_FIPS_VERSION
  42. string "FIPS Module Version"
  43. default "(none)"
  44. depends on CRYPTO_FIPS_CUSTOM_VERSION
  45. help
  46. This option provides the ability to override the FIPS Module Version.
  47. By default the KERNELRELEASE value is used.
  48. config CRYPTO_ALGAPI
  49. tristate
  50. select CRYPTO_ALGAPI2
  51. help
  52. This option provides the API for cryptographic algorithms.
  53. config CRYPTO_ALGAPI2
  54. tristate
  55. config CRYPTO_AEAD
  56. tristate
  57. select CRYPTO_AEAD2
  58. select CRYPTO_ALGAPI
  59. config CRYPTO_AEAD2
  60. tristate
  61. select CRYPTO_ALGAPI2
  62. config CRYPTO_SIG
  63. tristate
  64. select CRYPTO_SIG2
  65. select CRYPTO_ALGAPI
  66. config CRYPTO_SIG2
  67. tristate
  68. select CRYPTO_ALGAPI2
  69. config CRYPTO_SKCIPHER
  70. tristate
  71. select CRYPTO_SKCIPHER2
  72. select CRYPTO_ALGAPI
  73. select CRYPTO_ECB
  74. config CRYPTO_SKCIPHER2
  75. tristate
  76. select CRYPTO_ALGAPI2
  77. config CRYPTO_HASH
  78. tristate
  79. select CRYPTO_HASH2
  80. select CRYPTO_ALGAPI
  81. config CRYPTO_HASH2
  82. tristate
  83. select CRYPTO_ALGAPI2
  84. config CRYPTO_RNG
  85. tristate
  86. select CRYPTO_RNG2
  87. select CRYPTO_ALGAPI
  88. config CRYPTO_RNG2
  89. tristate
  90. select CRYPTO_ALGAPI2
  91. config CRYPTO_RNG_DEFAULT
  92. tristate
  93. select CRYPTO_DRBG_MENU
  94. config CRYPTO_AKCIPHER2
  95. tristate
  96. select CRYPTO_ALGAPI2
  97. config CRYPTO_AKCIPHER
  98. tristate
  99. select CRYPTO_AKCIPHER2
  100. select CRYPTO_ALGAPI
  101. config CRYPTO_KPP2
  102. tristate
  103. select CRYPTO_ALGAPI2
  104. config CRYPTO_KPP
  105. tristate
  106. select CRYPTO_ALGAPI
  107. select CRYPTO_KPP2
  108. config CRYPTO_ACOMP2
  109. tristate
  110. select CRYPTO_ALGAPI2
  111. select SGL_ALLOC
  112. config CRYPTO_ACOMP
  113. tristate
  114. select CRYPTO_ALGAPI
  115. select CRYPTO_ACOMP2
  116. config CRYPTO_HKDF
  117. tristate
  118. select CRYPTO_SHA256 if CRYPTO_SELFTESTS
  119. select CRYPTO_SHA512 if CRYPTO_SELFTESTS
  120. select CRYPTO_HASH2
  121. config CRYPTO_MANAGER
  122. tristate
  123. default CRYPTO_ALGAPI if CRYPTO_SELFTESTS
  124. select CRYPTO_MANAGER2
  125. help
  126. This provides the support for instantiating templates such as
  127. cbc(aes), and the support for the crypto self-tests.
  128. config CRYPTO_MANAGER2
  129. def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
  130. select CRYPTO_ACOMP2
  131. select CRYPTO_AEAD2
  132. select CRYPTO_AKCIPHER2
  133. select CRYPTO_SIG2
  134. select CRYPTO_HASH2
  135. select CRYPTO_KPP2
  136. select CRYPTO_RNG2
  137. select CRYPTO_SKCIPHER2
  138. config CRYPTO_USER
  139. tristate "Userspace cryptographic algorithm configuration"
  140. depends on NET
  141. select CRYPTO_MANAGER
  142. help
  143. Userspace configuration for cryptographic instantiations such as
  144. cbc(aes).
  145. config CRYPTO_SELFTESTS
  146. bool "Enable cryptographic self-tests"
  147. depends on EXPERT
  148. help
  149. Enable the cryptographic self-tests.
  150. The cryptographic self-tests run at boot time, or at algorithm
  151. registration time if algorithms are dynamically loaded later.
  152. There are two main use cases for these tests:
  153. - Development and pre-release testing. In this case, also enable
  154. CRYPTO_SELFTESTS_FULL to get the full set of tests. All crypto code
  155. in the kernel is expected to pass the full set of tests.
  156. - Production kernels, to help prevent buggy drivers from being used
  157. and/or meet FIPS 140-3 pre-operational testing requirements. In
  158. this case, enable CRYPTO_SELFTESTS but not CRYPTO_SELFTESTS_FULL.
  159. config CRYPTO_SELFTESTS_FULL
  160. bool "Enable the full set of cryptographic self-tests"
  161. depends on CRYPTO_SELFTESTS
  162. help
  163. Enable the full set of cryptographic self-tests for each algorithm.
  164. The full set of tests should be enabled for development and
  165. pre-release testing, but not in production kernels.
  166. All crypto code in the kernel is expected to pass the full tests.
  167. config CRYPTO_NULL
  168. tristate "Null algorithms"
  169. select CRYPTO_ALGAPI
  170. select CRYPTO_SKCIPHER
  171. select CRYPTO_HASH
  172. help
  173. These are 'Null' algorithms, used by IPsec, which do nothing.
  174. config CRYPTO_PCRYPT
  175. tristate "Parallel crypto engine"
  176. depends on SMP
  177. select PADATA
  178. select CRYPTO_MANAGER
  179. select CRYPTO_AEAD
  180. help
  181. This converts an arbitrary crypto algorithm into a parallel
  182. algorithm that executes in kernel threads.
  183. config CRYPTO_CRYPTD
  184. tristate "Software async crypto daemon"
  185. select CRYPTO_SKCIPHER
  186. select CRYPTO_HASH
  187. select CRYPTO_MANAGER
  188. help
  189. This is a generic software asynchronous crypto daemon that
  190. converts an arbitrary synchronous software crypto algorithm
  191. into an asynchronous algorithm that executes in a kernel thread.
  192. config CRYPTO_AUTHENC
  193. tristate "Authenc support"
  194. select CRYPTO_AEAD
  195. select CRYPTO_SKCIPHER
  196. select CRYPTO_MANAGER
  197. select CRYPTO_HASH
  198. help
  199. Authenc: Combined mode wrapper for IPsec.
  200. This is required for IPSec ESP (XFRM_ESP).
  201. config CRYPTO_KRB5ENC
  202. tristate "Kerberos 5 combined hash+cipher support"
  203. select CRYPTO_AEAD
  204. select CRYPTO_SKCIPHER
  205. select CRYPTO_MANAGER
  206. select CRYPTO_HASH
  207. help
  208. Combined hash and cipher support for Kerberos 5 RFC3961 simplified
  209. profile. This is required for Kerberos 5-style encryption, used by
  210. sunrpc/NFS and rxrpc/AFS.
  211. config CRYPTO_BENCHMARK
  212. tristate "Crypto benchmarking module"
  213. depends on m || EXPERT
  214. select CRYPTO_MANAGER
  215. help
  216. Quick & dirty crypto benchmarking module.
  217. This is mainly intended for use by people developing cryptographic
  218. algorithms in the kernel. It should not be enabled in production
  219. kernels.
  220. config CRYPTO_SIMD
  221. tristate
  222. select CRYPTO_CRYPTD
  223. config CRYPTO_ENGINE
  224. tristate
  225. endmenu
  226. menu "Public-key cryptography"
  227. config CRYPTO_RSA
  228. tristate "RSA (Rivest-Shamir-Adleman)"
  229. select CRYPTO_AKCIPHER
  230. select CRYPTO_MANAGER
  231. select CRYPTO_SIG
  232. select MPILIB
  233. select ASN1
  234. help
  235. RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017)
  236. config CRYPTO_DH
  237. tristate "DH (Diffie-Hellman)"
  238. select CRYPTO_KPP
  239. select MPILIB
  240. help
  241. DH (Diffie-Hellman) key exchange algorithm
  242. config CRYPTO_DH_RFC7919_GROUPS
  243. bool "RFC 7919 FFDHE groups"
  244. depends on CRYPTO_DH
  245. select CRYPTO_RNG_DEFAULT
  246. help
  247. FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups
  248. defined in RFC7919.
  249. Support these finite-field groups in DH key exchanges:
  250. - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
  251. If unsure, say N.
  252. config CRYPTO_ECC
  253. tristate
  254. select CRYPTO_RNG_DEFAULT
  255. config CRYPTO_ECDH
  256. tristate "ECDH (Elliptic Curve Diffie-Hellman)"
  257. select CRYPTO_ECC
  258. select CRYPTO_KPP
  259. help
  260. ECDH (Elliptic Curve Diffie-Hellman) key exchange algorithm
  261. using curves P-192, P-256, and P-384 (FIPS 186)
  262. config CRYPTO_ECDSA
  263. tristate "ECDSA (Elliptic Curve Digital Signature Algorithm)"
  264. select CRYPTO_ECC
  265. select CRYPTO_SIG
  266. select ASN1
  267. help
  268. ECDSA (Elliptic Curve Digital Signature Algorithm) (FIPS 186,
  269. ISO/IEC 14888-3)
  270. using curves P-192, P-256, P-384 and P-521
  271. Only signature verification is implemented.
  272. config CRYPTO_ECRDSA
  273. tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)"
  274. select CRYPTO_ECC
  275. select CRYPTO_SIG
  276. select CRYPTO_STREEBOG
  277. select OID_REGISTRY
  278. select ASN1
  279. help
  280. Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
  281. RFC 7091, ISO/IEC 14888-3)
  282. One of the Russian cryptographic standard algorithms (called GOST
  283. algorithms). Only signature verification is implemented.
  284. config CRYPTO_MLDSA
  285. tristate "ML-DSA (Module-Lattice-Based Digital Signature Algorithm)"
  286. select CRYPTO_SIG
  287. select CRYPTO_LIB_MLDSA
  288. help
  289. ML-DSA (Module-Lattice-Based Digital Signature Algorithm) (FIPS-204).
  290. Only signature verification is implemented.
  291. endmenu
  292. menu "Block ciphers"
  293. config CRYPTO_AES
  294. tristate "AES (Advanced Encryption Standard)"
  295. select CRYPTO_ALGAPI
  296. select CRYPTO_LIB_AES
  297. help
  298. AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3)
  299. Rijndael appears to be consistently a very good performer in
  300. both hardware and software across a wide range of computing
  301. environments regardless of its use in feedback or non-feedback
  302. modes. Its key setup time is excellent, and its key agility is
  303. good. Rijndael's very low memory requirements make it very well
  304. suited for restricted-space environments, in which it also
  305. demonstrates excellent performance. Rijndael's operations are
  306. among the easiest to defend against power and timing attacks.
  307. The AES specifies three key sizes: 128, 192 and 256 bits
  308. config CRYPTO_ANUBIS
  309. tristate "Anubis"
  310. depends on CRYPTO_USER_API_ENABLE_OBSOLETE
  311. select CRYPTO_ALGAPI
  312. help
  313. Anubis cipher algorithm
  314. Anubis is a variable key length cipher which can use keys from
  315. 128 bits to 320 bits in length. It was evaluated as a entrant
  316. in the NESSIE competition.
  317. See https://web.archive.org/web/20160606112246/http://www.larc.usp.br/~pbarreto/AnubisPage.html
  318. for further information.
  319. config CRYPTO_ARIA
  320. tristate "ARIA"
  321. select CRYPTO_ALGAPI
  322. help
  323. ARIA cipher algorithm (RFC5794)
  324. ARIA is a standard encryption algorithm of the Republic of Korea.
  325. The ARIA specifies three key sizes and rounds.
  326. 128-bit: 12 rounds.
  327. 192-bit: 14 rounds.
  328. 256-bit: 16 rounds.
  329. See:
  330. https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do
  331. config CRYPTO_BLOWFISH
  332. tristate "Blowfish"
  333. select CRYPTO_ALGAPI
  334. select CRYPTO_BLOWFISH_COMMON
  335. help
  336. Blowfish cipher algorithm, by Bruce Schneier
  337. This is a variable key length cipher which can use keys from 32
  338. bits to 448 bits in length. It's fast, simple and specifically
  339. designed for use on "large microprocessors".
  340. See https://www.schneier.com/blowfish.html for further information.
  341. config CRYPTO_BLOWFISH_COMMON
  342. tristate
  343. help
  344. Common parts of the Blowfish cipher algorithm shared by the
  345. generic c and the assembler implementations.
  346. config CRYPTO_CAMELLIA
  347. tristate "Camellia"
  348. select CRYPTO_ALGAPI
  349. help
  350. Camellia cipher algorithms (ISO/IEC 18033-3)
  351. Camellia is a symmetric key block cipher developed jointly
  352. at NTT and Mitsubishi Electric Corporation.
  353. The Camellia specifies three key sizes: 128, 192 and 256 bits.
  354. See https://info.isl.ntt.co.jp/crypt/eng/camellia/ for further information.
  355. config CRYPTO_CAST_COMMON
  356. tristate
  357. help
  358. Common parts of the CAST cipher algorithms shared by the
  359. generic c and the assembler implementations.
  360. config CRYPTO_CAST5
  361. tristate "CAST5 (CAST-128)"
  362. select CRYPTO_ALGAPI
  363. select CRYPTO_CAST_COMMON
  364. help
  365. CAST5 (CAST-128) cipher algorithm (RFC2144, ISO/IEC 18033-3)
  366. config CRYPTO_CAST6
  367. tristate "CAST6 (CAST-256)"
  368. select CRYPTO_ALGAPI
  369. select CRYPTO_CAST_COMMON
  370. help
  371. CAST6 (CAST-256) encryption algorithm (RFC2612)
  372. config CRYPTO_DES
  373. tristate "DES and Triple DES EDE"
  374. select CRYPTO_ALGAPI
  375. select CRYPTO_LIB_DES
  376. help
  377. DES (Data Encryption Standard)(FIPS 46-2, ISO/IEC 18033-3) and
  378. Triple DES EDE (Encrypt/Decrypt/Encrypt) (FIPS 46-3, ISO/IEC 18033-3)
  379. cipher algorithms
  380. config CRYPTO_FCRYPT
  381. tristate "FCrypt"
  382. select CRYPTO_ALGAPI
  383. select CRYPTO_SKCIPHER
  384. help
  385. FCrypt algorithm used by RxRPC
  386. See https://ota.polyonymo.us/fcrypt-paper.txt
  387. config CRYPTO_KHAZAD
  388. tristate "Khazad"
  389. depends on CRYPTO_USER_API_ENABLE_OBSOLETE
  390. select CRYPTO_ALGAPI
  391. help
  392. Khazad cipher algorithm
  393. Khazad was a finalist in the initial NESSIE competition. It is
  394. an algorithm optimized for 64-bit processors with good performance
  395. on 32-bit processors. Khazad uses an 128 bit key size.
  396. See https://web.archive.org/web/20171011071731/http://www.larc.usp.br/~pbarreto/KhazadPage.html
  397. for further information.
  398. config CRYPTO_SEED
  399. tristate "SEED"
  400. depends on CRYPTO_USER_API_ENABLE_OBSOLETE
  401. select CRYPTO_ALGAPI
  402. help
  403. SEED cipher algorithm (RFC4269, ISO/IEC 18033-3)
  404. SEED is a 128-bit symmetric key block cipher that has been
  405. developed by KISA (Korea Information Security Agency) as a
  406. national standard encryption algorithm of the Republic of Korea.
  407. It is a 16 round block cipher with the key size of 128 bit.
  408. See https://seed.kisa.or.kr/kisa/algorithm/EgovSeedInfo.do
  409. for further information.
  410. config CRYPTO_SERPENT
  411. tristate "Serpent"
  412. select CRYPTO_ALGAPI
  413. help
  414. Serpent cipher algorithm, by Anderson, Biham & Knudsen
  415. Keys are allowed to be from 0 to 256 bits in length, in steps
  416. of 8 bits.
  417. See https://www.cl.cam.ac.uk/~rja14/serpent.html for further information.
  418. config CRYPTO_SM4
  419. tristate
  420. config CRYPTO_SM4_GENERIC
  421. tristate "SM4 (ShangMi 4)"
  422. select CRYPTO_ALGAPI
  423. select CRYPTO_SM4
  424. help
  425. SM4 cipher algorithms (OSCCA GB/T 32907-2016,
  426. ISO/IEC 18033-3:2010/Amd 1:2021)
  427. SM4 (GBT.32907-2016) is a cryptographic standard issued by the
  428. Organization of State Commercial Administration of China (OSCCA)
  429. as an authorized cryptographic algorithms for the use within China.
  430. SMS4 was originally created for use in protecting wireless
  431. networks, and is mandated in the Chinese National Standard for
  432. Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
  433. (GB.15629.11-2003).
  434. The latest SM4 standard (GBT.32907-2016) was proposed by OSCCA and
  435. standardized through TC 260 of the Standardization Administration
  436. of the People's Republic of China (SAC).
  437. The input, output, and key of SMS4 are each 128 bits.
  438. See https://eprint.iacr.org/2008/329.pdf for further information.
  439. If unsure, say N.
  440. config CRYPTO_TEA
  441. tristate "TEA, XTEA and XETA"
  442. depends on CRYPTO_USER_API_ENABLE_OBSOLETE
  443. select CRYPTO_ALGAPI
  444. help
  445. TEA (Tiny Encryption Algorithm) cipher algorithms
  446. Tiny Encryption Algorithm is a simple cipher that uses
  447. many rounds for security. It is very fast and uses
  448. little memory.
  449. Xtendend Tiny Encryption Algorithm is a modification to
  450. the TEA algorithm to address a potential key weakness
  451. in the TEA algorithm.
  452. Xtendend Encryption Tiny Algorithm is a mis-implementation
  453. of the XTEA algorithm for compatibility purposes.
  454. config CRYPTO_TWOFISH
  455. tristate "Twofish"
  456. select CRYPTO_ALGAPI
  457. select CRYPTO_TWOFISH_COMMON
  458. help
  459. Twofish cipher algorithm
  460. Twofish was submitted as an AES (Advanced Encryption Standard)
  461. candidate cipher by researchers at CounterPane Systems. It is a
  462. 16 round block cipher supporting key sizes of 128, 192, and 256
  463. bits.
  464. See https://www.schneier.com/twofish.html for further information.
  465. config CRYPTO_TWOFISH_COMMON
  466. tristate
  467. help
  468. Common parts of the Twofish cipher algorithm shared by the
  469. generic c and the assembler implementations.
  470. endmenu
  471. menu "Length-preserving ciphers and modes"
  472. config CRYPTO_ADIANTUM
  473. tristate "Adiantum"
  474. select CRYPTO_CHACHA20
  475. select CRYPTO_LIB_NH
  476. select CRYPTO_LIB_POLY1305
  477. select CRYPTO_LIB_POLY1305_GENERIC
  478. select CRYPTO_MANAGER
  479. help
  480. Adiantum tweakable, length-preserving encryption mode
  481. Designed for fast and secure disk encryption, especially on
  482. CPUs without dedicated crypto instructions. It encrypts
  483. each sector using the XChaCha12 stream cipher, two passes of
  484. an ε-almost-∆-universal hash function, and an invocation of
  485. the AES-256 block cipher on a single 16-byte block. On CPUs
  486. without AES instructions, Adiantum is much faster than
  487. AES-XTS.
  488. Adiantum's security is provably reducible to that of its
  489. underlying stream and block ciphers, subject to a security
  490. bound. Unlike XTS, Adiantum is a true wide-block encryption
  491. mode, so it actually provides an even stronger notion of
  492. security than XTS, subject to the security bound.
  493. If unsure, say N.
  494. config CRYPTO_ARC4
  495. tristate "ARC4 (Alleged Rivest Cipher 4)"
  496. depends on CRYPTO_USER_API_ENABLE_OBSOLETE
  497. select CRYPTO_SKCIPHER
  498. select CRYPTO_LIB_ARC4
  499. help
  500. ARC4 cipher algorithm
  501. ARC4 is a stream cipher using keys ranging from 8 bits to 2048
  502. bits in length. This algorithm is required for driver-based
  503. WEP, but it should not be for other purposes because of the
  504. weakness of the algorithm.
  505. config CRYPTO_CHACHA20
  506. tristate "ChaCha"
  507. select CRYPTO_LIB_CHACHA
  508. select CRYPTO_SKCIPHER
  509. help
  510. The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms
  511. ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
  512. Bernstein and further specified in RFC7539 for use in IETF protocols.
  513. This is the portable C implementation of ChaCha20. See
  514. https://cr.yp.to/chacha/chacha-20080128.pdf for further information.
  515. XChaCha20 is the application of the XSalsa20 construction to ChaCha20
  516. rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
  517. from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
  518. while provably retaining ChaCha20's security. See
  519. https://cr.yp.to/snuffle/xsalsa-20081128.pdf for further information.
  520. XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
  521. reduced security margin but increased performance. It can be needed
  522. in some performance-sensitive scenarios.
  523. config CRYPTO_CBC
  524. tristate "CBC (Cipher Block Chaining)"
  525. select CRYPTO_SKCIPHER
  526. select CRYPTO_MANAGER
  527. help
  528. CBC (Cipher Block Chaining) mode (NIST SP800-38A)
  529. This block cipher mode is required for IPSec ESP (XFRM_ESP).
  530. config CRYPTO_CTR
  531. tristate "CTR (Counter)"
  532. select CRYPTO_SKCIPHER
  533. select CRYPTO_MANAGER
  534. help
  535. CTR (Counter) mode (NIST SP800-38A)
  536. config CRYPTO_CTS
  537. tristate "CTS (Cipher Text Stealing)"
  538. select CRYPTO_SKCIPHER
  539. select CRYPTO_MANAGER
  540. help
  541. CBC-CS3 variant of CTS (Cipher Text Stealing) (NIST
  542. Addendum to SP800-38A (October 2010))
  543. This mode is required for Kerberos gss mechanism support
  544. for AES encryption.
  545. config CRYPTO_ECB
  546. tristate "ECB (Electronic Codebook)"
  547. select CRYPTO_SKCIPHER2
  548. select CRYPTO_MANAGER
  549. help
  550. ECB (Electronic Codebook) mode (NIST SP800-38A)
  551. config CRYPTO_HCTR2
  552. tristate "HCTR2"
  553. select CRYPTO_XCTR
  554. select CRYPTO_LIB_POLYVAL
  555. select CRYPTO_MANAGER
  556. help
  557. HCTR2 length-preserving encryption mode
  558. A mode for storage encryption that is efficient on processors with
  559. instructions to accelerate AES and carryless multiplication, e.g.
  560. x86 processors with AES-NI and CLMUL, and ARM processors with the
  561. ARMv8 crypto extensions.
  562. See https://eprint.iacr.org/2021/1441
  563. config CRYPTO_LRW
  564. tristate "LRW (Liskov Rivest Wagner)"
  565. select CRYPTO_LIB_GF128MUL
  566. select CRYPTO_SKCIPHER
  567. select CRYPTO_MANAGER
  568. select CRYPTO_ECB
  569. help
  570. LRW (Liskov Rivest Wagner) mode
  571. A tweakable, non malleable, non movable
  572. narrow block cipher mode for dm-crypt. Use it with cipher
  573. specification string aes-lrw-benbi, the key must be 256, 320 or 384.
  574. The first 128, 192 or 256 bits in the key are used for AES and the
  575. rest is used to tie each cipher block to its logical position.
  576. See https://people.csail.mit.edu/rivest/pubs/LRW02.pdf
  577. config CRYPTO_PCBC
  578. tristate "PCBC (Propagating Cipher Block Chaining)"
  579. select CRYPTO_SKCIPHER
  580. select CRYPTO_MANAGER
  581. help
  582. PCBC (Propagating Cipher Block Chaining) mode
  583. This block cipher mode is required for RxRPC.
  584. config CRYPTO_XCTR
  585. tristate
  586. select CRYPTO_SKCIPHER
  587. select CRYPTO_MANAGER
  588. help
  589. XCTR (XOR Counter) mode for HCTR2
  590. This blockcipher mode is a variant of CTR mode using XORs and little-endian
  591. addition rather than big-endian arithmetic.
  592. XCTR mode is used to implement HCTR2.
  593. config CRYPTO_XTS
  594. tristate "XTS (XOR Encrypt XOR with ciphertext stealing)"
  595. select CRYPTO_SKCIPHER
  596. select CRYPTO_MANAGER
  597. select CRYPTO_ECB
  598. help
  599. XTS (XOR Encrypt XOR with ciphertext stealing) mode (NIST SP800-38E
  600. and IEEE 1619)
  601. Use with aes-xts-plain, key size 256, 384 or 512 bits. This
  602. implementation currently can't handle a sectorsize which is not a
  603. multiple of 16 bytes.
  604. endmenu
  605. menu "AEAD (authenticated encryption with associated data) ciphers"
  606. config CRYPTO_AEGIS128
  607. tristate "AEGIS-128"
  608. select CRYPTO_AEAD
  609. select CRYPTO_LIB_AES # for AES S-box tables
  610. help
  611. AEGIS-128 AEAD algorithm
  612. config CRYPTO_AEGIS128_SIMD
  613. bool "AEGIS-128 (arm NEON, arm64 NEON)"
  614. depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
  615. default y
  616. help
  617. AEGIS-128 AEAD algorithm
  618. Architecture: arm or arm64 using:
  619. - NEON (Advanced SIMD) extension
  620. config CRYPTO_CHACHA20POLY1305
  621. tristate "ChaCha20-Poly1305"
  622. select CRYPTO_CHACHA20
  623. select CRYPTO_AEAD
  624. select CRYPTO_LIB_POLY1305
  625. select CRYPTO_MANAGER
  626. help
  627. ChaCha20 stream cipher and Poly1305 authenticator combined
  628. mode (RFC8439)
  629. config CRYPTO_CCM
  630. tristate "CCM (Counter with Cipher Block Chaining-MAC)"
  631. select CRYPTO_CTR
  632. select CRYPTO_HASH
  633. select CRYPTO_AEAD
  634. select CRYPTO_MANAGER
  635. help
  636. CCM (Counter with Cipher Block Chaining-Message Authentication Code)
  637. authenticated encryption mode (NIST SP800-38C)
  638. config CRYPTO_GCM
  639. tristate "GCM (Galois/Counter Mode) and GMAC (GCM MAC)"
  640. select CRYPTO_CTR
  641. select CRYPTO_AEAD
  642. select CRYPTO_GHASH
  643. select CRYPTO_MANAGER
  644. help
  645. GCM (Galois/Counter Mode) authenticated encryption mode and GMAC
  646. (GCM Message Authentication Code) (NIST SP800-38D)
  647. This is required for IPSec ESP (XFRM_ESP).
  648. config CRYPTO_GENIV
  649. tristate
  650. select CRYPTO_AEAD
  651. select CRYPTO_MANAGER
  652. select CRYPTO_RNG_DEFAULT
  653. config CRYPTO_SEQIV
  654. tristate "Sequence Number IV Generator"
  655. select CRYPTO_GENIV
  656. help
  657. Sequence Number IV generator
  658. This IV generator generates an IV based on a sequence number by
  659. xoring it with a salt. This algorithm is mainly useful for CTR.
  660. This is required for IPsec ESP (XFRM_ESP).
  661. config CRYPTO_ECHAINIV
  662. tristate "Encrypted Chain IV Generator"
  663. select CRYPTO_GENIV
  664. help
  665. Encrypted Chain IV generator
  666. This IV generator generates an IV based on the encryption of
  667. a sequence number xored with a salt. This is the default
  668. algorithm for CBC.
  669. config CRYPTO_ESSIV
  670. tristate "Encrypted Salt-Sector IV Generator"
  671. select CRYPTO_AUTHENC
  672. help
  673. Encrypted Salt-Sector IV generator
  674. This IV generator is used in some cases by fscrypt and/or
  675. dm-crypt. It uses the hash of the block encryption key as the
  676. symmetric key for a block encryption pass applied to the input
  677. IV, making low entropy IV sources more suitable for block
  678. encryption.
  679. This driver implements a crypto API template that can be
  680. instantiated either as an skcipher or as an AEAD (depending on the
  681. type of the first template argument), and which defers encryption
  682. and decryption requests to the encapsulated cipher after applying
  683. ESSIV to the input IV. Note that in the AEAD case, it is assumed
  684. that the keys are presented in the same format used by the authenc
  685. template, and that the IV appears at the end of the authenticated
  686. associated data (AAD) region (which is how dm-crypt uses it.)
  687. Note that the use of ESSIV is not recommended for new deployments,
  688. and so this only needs to be enabled when interoperability with
  689. existing encrypted volumes of filesystems is required, or when
  690. building for a particular system that requires it (e.g., when
  691. the SoC in question has accelerated CBC but not XTS, making CBC
  692. combined with ESSIV the only feasible mode for h/w accelerated
  693. block encryption)
  694. endmenu
  695. menu "Hashes, digests, and MACs"
  696. config CRYPTO_BLAKE2B
  697. tristate "BLAKE2b"
  698. select CRYPTO_HASH
  699. select CRYPTO_LIB_BLAKE2B
  700. help
  701. BLAKE2b cryptographic hash function (RFC 7693)
  702. BLAKE2b is optimized for 64-bit platforms and can produce digests
  703. of any size between 1 and 64 bytes. The keyed hash is also implemented.
  704. This module provides the following algorithms:
  705. - blake2b-160
  706. - blake2b-256
  707. - blake2b-384
  708. - blake2b-512
  709. See https://blake2.net for further information.
  710. config CRYPTO_CMAC
  711. tristate "CMAC (Cipher-based MAC)"
  712. select CRYPTO_HASH
  713. select CRYPTO_MANAGER
  714. help
  715. CMAC (Cipher-based Message Authentication Code) authentication
  716. mode (NIST SP800-38B and IETF RFC4493)
  717. config CRYPTO_GHASH
  718. tristate "GHASH"
  719. select CRYPTO_HASH
  720. select CRYPTO_LIB_GF128MUL
  721. help
  722. GCM GHASH function (NIST SP800-38D)
  723. config CRYPTO_HMAC
  724. tristate "HMAC (Keyed-Hash MAC)"
  725. select CRYPTO_HASH
  726. select CRYPTO_MANAGER
  727. help
  728. HMAC (Keyed-Hash Message Authentication Code) (FIPS 198 and
  729. RFC2104)
  730. This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
  731. config CRYPTO_MD4
  732. tristate "MD4"
  733. select CRYPTO_HASH
  734. help
  735. MD4 message digest algorithm (RFC1320)
  736. config CRYPTO_MD5
  737. tristate "MD5"
  738. select CRYPTO_HASH
  739. select CRYPTO_LIB_MD5
  740. help
  741. MD5 message digest algorithm (RFC1321), including HMAC support.
  742. config CRYPTO_MICHAEL_MIC
  743. tristate "Michael MIC"
  744. select CRYPTO_HASH
  745. help
  746. Michael MIC (Message Integrity Code) (IEEE 802.11i)
  747. Defined by the IEEE 802.11i TKIP (Temporal Key Integrity Protocol),
  748. known as WPA (Wif-Fi Protected Access).
  749. This algorithm is required for TKIP, but it should not be used for
  750. other purposes because of the weakness of the algorithm.
  751. config CRYPTO_RMD160
  752. tristate "RIPEMD-160"
  753. select CRYPTO_HASH
  754. help
  755. RIPEMD-160 hash function (ISO/IEC 10118-3)
  756. RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
  757. to be used as a secure replacement for the 128-bit hash functions
  758. MD4, MD5 and its predecessor RIPEMD
  759. (not to be confused with RIPEMD-128).
  760. Its speed is comparable to SHA-1 and there are no known attacks
  761. against RIPEMD-160.
  762. Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
  763. See https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
  764. for further information.
  765. config CRYPTO_SHA1
  766. tristate "SHA-1"
  767. select CRYPTO_HASH
  768. select CRYPTO_LIB_SHA1
  769. help
  770. SHA-1 secure hash algorithm (FIPS 180, ISO/IEC 10118-3), including
  771. HMAC support.
  772. config CRYPTO_SHA256
  773. tristate "SHA-224 and SHA-256"
  774. select CRYPTO_HASH
  775. select CRYPTO_LIB_SHA256
  776. help
  777. SHA-224 and SHA-256 secure hash algorithms (FIPS 180, ISO/IEC
  778. 10118-3), including HMAC support.
  779. This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
  780. config CRYPTO_SHA512
  781. tristate "SHA-384 and SHA-512"
  782. select CRYPTO_HASH
  783. select CRYPTO_LIB_SHA512
  784. help
  785. SHA-384 and SHA-512 secure hash algorithms (FIPS 180, ISO/IEC
  786. 10118-3), including HMAC support.
  787. config CRYPTO_SHA3
  788. tristate "SHA-3"
  789. select CRYPTO_HASH
  790. select CRYPTO_LIB_SHA3
  791. help
  792. SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3)
  793. config CRYPTO_SM3_GENERIC
  794. tristate "SM3 (ShangMi 3)"
  795. select CRYPTO_HASH
  796. select CRYPTO_LIB_SM3
  797. help
  798. SM3 (ShangMi 3) secure hash function (OSCCA GM/T 0004-2012, ISO/IEC 10118-3)
  799. This is part of the Chinese Commercial Cryptography suite.
  800. References:
  801. http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
  802. https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
  803. config CRYPTO_STREEBOG
  804. tristate "Streebog"
  805. select CRYPTO_HASH
  806. help
  807. Streebog Hash Function (GOST R 34.11-2012, RFC 6986, ISO/IEC 10118-3)
  808. This is one of the Russian cryptographic standard algorithms (called
  809. GOST algorithms). This setting enables two hash algorithms with
  810. 256 and 512 bits output.
  811. References:
  812. https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
  813. https://tools.ietf.org/html/rfc6986
  814. config CRYPTO_WP512
  815. tristate "Whirlpool"
  816. select CRYPTO_HASH
  817. help
  818. Whirlpool hash function (ISO/IEC 10118-3)
  819. 512, 384 and 256-bit hashes.
  820. Whirlpool-512 is part of the NESSIE cryptographic primitives.
  821. See https://web.archive.org/web/20171129084214/http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
  822. for further information.
  823. config CRYPTO_XCBC
  824. tristate "XCBC-MAC (Extended Cipher Block Chaining MAC)"
  825. select CRYPTO_HASH
  826. select CRYPTO_MANAGER
  827. help
  828. XCBC-MAC (Extended Cipher Block Chaining Message Authentication
  829. Code) (RFC3566)
  830. config CRYPTO_XXHASH
  831. tristate "xxHash"
  832. select CRYPTO_HASH
  833. select XXHASH
  834. help
  835. xxHash non-cryptographic hash algorithm
  836. Extremely fast, working at speeds close to RAM limits.
  837. endmenu
  838. menu "CRCs (cyclic redundancy checks)"
  839. config CRYPTO_CRC32C
  840. tristate "CRC32c"
  841. select CRYPTO_HASH
  842. select CRC32
  843. help
  844. CRC32c CRC algorithm with the iSCSI polynomial (RFC 3385 and RFC 3720)
  845. A 32-bit CRC (cyclic redundancy check) with a polynomial defined
  846. by G. Castagnoli, S. Braeuer and M. Herrman in "Optimization of Cyclic
  847. Redundancy-Check Codes with 24 and 32 Parity Bits", IEEE Transactions
  848. on Communications, Vol. 41, No. 6, June 1993, selected for use with
  849. iSCSI.
  850. config CRYPTO_CRC32
  851. tristate "CRC32"
  852. select CRYPTO_HASH
  853. select CRC32
  854. help
  855. CRC32 CRC algorithm (IEEE 802.3)
  856. endmenu
  857. menu "Compression"
  858. config CRYPTO_DEFLATE
  859. tristate "Deflate"
  860. select CRYPTO_ALGAPI
  861. select CRYPTO_ACOMP2
  862. select ZLIB_INFLATE
  863. select ZLIB_DEFLATE
  864. help
  865. Deflate compression algorithm (RFC1951)
  866. Used by IPSec with the IPCOMP protocol (RFC3173, RFC2394)
  867. config CRYPTO_LZO
  868. tristate "LZO"
  869. select CRYPTO_ALGAPI
  870. select CRYPTO_ACOMP2
  871. select LZO_COMPRESS
  872. select LZO_DECOMPRESS
  873. help
  874. LZO compression algorithm
  875. See https://www.oberhumer.com/opensource/lzo/ for further information.
  876. config CRYPTO_842
  877. tristate "842"
  878. select CRYPTO_ALGAPI
  879. select CRYPTO_ACOMP2
  880. select 842_COMPRESS
  881. select 842_DECOMPRESS
  882. help
  883. 842 compression algorithm by IBM
  884. See https://github.com/plauth/lib842 for further information.
  885. config CRYPTO_LZ4
  886. tristate "LZ4"
  887. select CRYPTO_ALGAPI
  888. select CRYPTO_ACOMP2
  889. select LZ4_COMPRESS
  890. select LZ4_DECOMPRESS
  891. help
  892. LZ4 compression algorithm
  893. See https://github.com/lz4/lz4 for further information.
  894. config CRYPTO_LZ4HC
  895. tristate "LZ4HC"
  896. select CRYPTO_ALGAPI
  897. select CRYPTO_ACOMP2
  898. select LZ4HC_COMPRESS
  899. select LZ4_DECOMPRESS
  900. help
  901. LZ4 high compression mode algorithm
  902. See https://github.com/lz4/lz4 for further information.
  903. config CRYPTO_ZSTD
  904. tristate "Zstd"
  905. select CRYPTO_ALGAPI
  906. select CRYPTO_ACOMP2
  907. select ZSTD_COMPRESS
  908. select ZSTD_DECOMPRESS
  909. help
  910. zstd compression algorithm
  911. See https://github.com/facebook/zstd for further information.
  912. endmenu
  913. menu "Random number generation"
  914. menuconfig CRYPTO_DRBG_MENU
  915. tristate "NIST SP800-90A DRBG (Deterministic Random Bit Generator)"
  916. help
  917. DRBG (Deterministic Random Bit Generator) (NIST SP800-90A)
  918. In the following submenu, one or more of the DRBG types must be selected.
  919. if CRYPTO_DRBG_MENU
  920. config CRYPTO_DRBG_HMAC
  921. bool
  922. default y
  923. select CRYPTO_HMAC
  924. select CRYPTO_SHA512
  925. config CRYPTO_DRBG_HASH
  926. bool "Hash_DRBG"
  927. select CRYPTO_SHA256
  928. help
  929. Hash_DRBG variant as defined in NIST SP800-90A.
  930. This uses the SHA-1, SHA-256, SHA-384, or SHA-512 hash algorithms.
  931. config CRYPTO_DRBG_CTR
  932. bool "CTR_DRBG"
  933. select CRYPTO_DF80090A
  934. help
  935. CTR_DRBG variant as defined in NIST SP800-90A.
  936. This uses the AES cipher algorithm with the counter block mode.
  937. config CRYPTO_DRBG
  938. tristate
  939. default CRYPTO_DRBG_MENU
  940. select CRYPTO_RNG
  941. select CRYPTO_JITTERENTROPY
  942. endif # if CRYPTO_DRBG_MENU
  943. config CRYPTO_JITTERENTROPY
  944. tristate "CPU Jitter Non-Deterministic RNG (Random Number Generator)"
  945. select CRYPTO_RNG
  946. select CRYPTO_SHA3
  947. help
  948. CPU Jitter RNG (Random Number Generator) from the Jitterentropy library
  949. A non-physical non-deterministic ("true") RNG (e.g., an entropy source
  950. compliant with NIST SP800-90B) intended to provide a seed to a
  951. deterministic RNG (e.g., per NIST SP800-90C).
  952. This RNG does not perform any cryptographic whitening of the generated
  953. random numbers.
  954. See https://www.chronox.de/jent/
  955. if CRYPTO_JITTERENTROPY
  956. if CRYPTO_FIPS && EXPERT
  957. choice
  958. prompt "CPU Jitter RNG Memory Size"
  959. default CRYPTO_JITTERENTROPY_MEMSIZE_2
  960. help
  961. The Jitter RNG measures the execution time of memory accesses.
  962. Multiple consecutive memory accesses are performed. If the memory
  963. size fits into a cache (e.g. L1), only the memory access timing
  964. to that cache is measured. The closer the cache is to the CPU
  965. the less variations are measured and thus the less entropy is
  966. obtained. Thus, if the memory size fits into the L1 cache, the
  967. obtained entropy is less than if the memory size fits within
  968. L1 + L2, which in turn is less if the memory fits into
  969. L1 + L2 + L3. Thus, by selecting a different memory size,
  970. the entropy rate produced by the Jitter RNG can be modified.
  971. config CRYPTO_JITTERENTROPY_MEMSIZE_2
  972. bool "2048 Bytes (default)"
  973. config CRYPTO_JITTERENTROPY_MEMSIZE_128
  974. bool "128 kBytes"
  975. config CRYPTO_JITTERENTROPY_MEMSIZE_1024
  976. bool "1024 kBytes"
  977. config CRYPTO_JITTERENTROPY_MEMSIZE_8192
  978. bool "8192 kBytes"
  979. endchoice
  980. config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS
  981. int
  982. default 64 if CRYPTO_JITTERENTROPY_MEMSIZE_2
  983. default 512 if CRYPTO_JITTERENTROPY_MEMSIZE_128
  984. default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_1024
  985. default 4096 if CRYPTO_JITTERENTROPY_MEMSIZE_8192
  986. config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE
  987. int
  988. default 32 if CRYPTO_JITTERENTROPY_MEMSIZE_2
  989. default 256 if CRYPTO_JITTERENTROPY_MEMSIZE_128
  990. default 1024 if CRYPTO_JITTERENTROPY_MEMSIZE_1024
  991. default 2048 if CRYPTO_JITTERENTROPY_MEMSIZE_8192
  992. config CRYPTO_JITTERENTROPY_OSR
  993. int "CPU Jitter RNG Oversampling Rate"
  994. range 1 15
  995. default 3
  996. help
  997. The Jitter RNG allows the specification of an oversampling rate (OSR).
  998. The Jitter RNG operation requires a fixed amount of timing
  999. measurements to produce one output block of random numbers. The
  1000. OSR value is multiplied with the amount of timing measurements to
  1001. generate one output block. Thus, the timing measurement is oversampled
  1002. by the OSR factor. The oversampling allows the Jitter RNG to operate
  1003. on hardware whose timers deliver limited amount of entropy (e.g.
  1004. the timer is coarse) by setting the OSR to a higher value. The
  1005. trade-off, however, is that the Jitter RNG now requires more time
  1006. to generate random numbers.
  1007. config CRYPTO_JITTERENTROPY_TESTINTERFACE
  1008. bool "CPU Jitter RNG Test Interface"
  1009. help
  1010. The test interface allows a privileged process to capture
  1011. the raw unconditioned high resolution time stamp noise that
  1012. is collected by the Jitter RNG for statistical analysis. As
  1013. this data is used at the same time to generate random bits,
  1014. the Jitter RNG operates in an insecure mode as long as the
  1015. recording is enabled. This interface therefore is only
  1016. intended for testing purposes and is not suitable for
  1017. production systems.
  1018. The raw noise data can be obtained using the jent_raw_hires
  1019. debugfs file. Using the option
  1020. jitterentropy_testing.boot_raw_hires_test=1 the raw noise of
  1021. the first 1000 entropy events since boot can be sampled.
  1022. If unsure, select N.
  1023. endif # if CRYPTO_FIPS && EXPERT
  1024. if !(CRYPTO_FIPS && EXPERT)
  1025. config CRYPTO_JITTERENTROPY_MEMORY_BLOCKS
  1026. int
  1027. default 64
  1028. config CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE
  1029. int
  1030. default 32
  1031. config CRYPTO_JITTERENTROPY_OSR
  1032. int
  1033. default 1
  1034. config CRYPTO_JITTERENTROPY_TESTINTERFACE
  1035. bool
  1036. endif # if !(CRYPTO_FIPS && EXPERT)
  1037. endif # if CRYPTO_JITTERENTROPY
  1038. config CRYPTO_KDF800108_CTR
  1039. tristate
  1040. select CRYPTO_HMAC
  1041. select CRYPTO_SHA256
  1042. config CRYPTO_DF80090A
  1043. tristate
  1044. select CRYPTO_AES
  1045. select CRYPTO_CTR
  1046. endmenu
  1047. menu "Userspace interface"
  1048. config CRYPTO_USER_API
  1049. tristate
  1050. config CRYPTO_USER_API_HASH
  1051. tristate "Hash algorithms"
  1052. depends on NET
  1053. select CRYPTO_HASH
  1054. select CRYPTO_USER_API
  1055. help
  1056. Enable the userspace interface for hash algorithms.
  1057. See Documentation/crypto/userspace-if.rst and
  1058. https://www.chronox.de/libkcapi/html/index.html
  1059. config CRYPTO_USER_API_SKCIPHER
  1060. tristate "Symmetric key cipher algorithms"
  1061. depends on NET
  1062. select CRYPTO_SKCIPHER
  1063. select CRYPTO_USER_API
  1064. help
  1065. Enable the userspace interface for symmetric key cipher algorithms.
  1066. See Documentation/crypto/userspace-if.rst and
  1067. https://www.chronox.de/libkcapi/html/index.html
  1068. config CRYPTO_USER_API_RNG
  1069. tristate "RNG (random number generator) algorithms"
  1070. depends on NET
  1071. select CRYPTO_RNG
  1072. select CRYPTO_USER_API
  1073. help
  1074. Enable the userspace interface for RNG (random number generator)
  1075. algorithms.
  1076. See Documentation/crypto/userspace-if.rst and
  1077. https://www.chronox.de/libkcapi/html/index.html
  1078. config CRYPTO_USER_API_RNG_CAVP
  1079. bool "Enable CAVP testing of DRBG"
  1080. depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
  1081. help
  1082. Enable extra APIs in the userspace interface for NIST CAVP
  1083. (Cryptographic Algorithm Validation Program) testing:
  1084. - resetting DRBG entropy
  1085. - providing Additional Data
  1086. This should only be enabled for CAVP testing. You should say
  1087. no unless you know what this is.
  1088. config CRYPTO_USER_API_AEAD
  1089. tristate "AEAD cipher algorithms"
  1090. depends on NET
  1091. select CRYPTO_AEAD
  1092. select CRYPTO_SKCIPHER
  1093. select CRYPTO_USER_API
  1094. help
  1095. Enable the userspace interface for AEAD cipher algorithms.
  1096. See Documentation/crypto/userspace-if.rst and
  1097. https://www.chronox.de/libkcapi/html/index.html
  1098. config CRYPTO_USER_API_ENABLE_OBSOLETE
  1099. bool "Obsolete cryptographic algorithms"
  1100. depends on CRYPTO_USER_API
  1101. default y
  1102. help
  1103. Allow obsolete cryptographic algorithms to be selected that have
  1104. already been phased out from internal use by the kernel, and are
  1105. only useful for userspace clients that still rely on them.
  1106. endmenu
  1107. if !KMSAN # avoid false positives from assembly
  1108. if ARM
  1109. source "arch/arm/crypto/Kconfig"
  1110. endif
  1111. if ARM64
  1112. source "arch/arm64/crypto/Kconfig"
  1113. endif
  1114. if LOONGARCH
  1115. source "arch/loongarch/crypto/Kconfig"
  1116. endif
  1117. if MIPS
  1118. source "arch/mips/crypto/Kconfig"
  1119. endif
  1120. if PPC
  1121. source "arch/powerpc/crypto/Kconfig"
  1122. endif
  1123. if RISCV
  1124. source "arch/riscv/crypto/Kconfig"
  1125. endif
  1126. if S390
  1127. source "arch/s390/crypto/Kconfig"
  1128. endif
  1129. if SPARC
  1130. source "arch/sparc/crypto/Kconfig"
  1131. endif
  1132. if X86
  1133. source "arch/x86/crypto/Kconfig"
  1134. endif
  1135. endif
  1136. source "drivers/crypto/Kconfig"
  1137. source "crypto/asymmetric_keys/Kconfig"
  1138. source "certs/Kconfig"
  1139. source "crypto/krb5/Kconfig"
  1140. endif # if CRYPTO