add new system file

hc

2024-02-20 102a0743326a03cd1a1202ceda21e175b7d3575c

 kernel/crypto/Kconfig
..
..
@@ -15,6 +15,7 @@
15
15
 #
16
16
 menuconfig CRYPTO
17
17
 	tristate "Cryptographic API"
18
+	select LIB_MEMNEQ
18
19
 	help
19
20
 	  This option provides the core Cryptographic API.
20
21
 
..
..
@@ -27,10 +28,40 @@
27
28
 	depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
28
29
 	depends on (MODULE_SIG || !MODULES)
29
30
 	help
30
-	  This options enables the fips boot option which is
31
-	  required if you want to system to operate in a FIPS 200
31
+	  This option enables the fips boot option which is
32
+	  required if you want the system to operate in a FIPS 200
32
33
 	  certification.  You should say no unless you know what
33
34
 	  this is.
35
+
36
+# CRYPTO_FIPS140 just enables the support in the kernel for loading fips140.ko.
37
+# The module still needs to be built and loaded if you need FIPS 140 compliance.
38
+config CRYPTO_FIPS140
39
+	def_bool y
40
+	depends on MODULES && ARM64 && ARM64_MODULE_PLTS
41
+
42
+config CRYPTO_FIPS140_MOD
43
+	bool "Enable FIPS 140 cryptographic module"
44
+	depends on LTO_CLANG && CRYPTO_FIPS140
45
+	help
46
+	  This option enables building a loadable module fips140.ko, which
47
+	  contains various crypto algorithms that are also built into vmlinux.
48
+	  At load time, this module overrides the built-in implementations of
49
+	  these algorithms with its implementations.  It also runs self-tests on
50
+	  these algorithms and verifies the integrity of its code and data.  If
51
+	  either of these steps fails, the kernel will panic.
52
+
53
+	  This module is intended to be loaded at early boot time in order to
54
+	  meet FIPS 140 and NIAP FPT_TST_EXT.1 requirements.  It shouldn't be
55
+	  used if you don't need to meet these requirements.
56
+
57
+config CRYPTO_FIPS140_MOD_EVAL_TESTING
58
+	bool "Enable evaluation testing features in FIPS 140 module"
59
+	depends on CRYPTO_FIPS140_MOD
60
+	help
61
+	  This option adds some features to the FIPS 140 module which are needed
62
+	  for lab evaluation testing of the module, e.g. support for injecting
63
+	  errors and support for a userspace interface to some of the module's
64
+	  services.  This option should not be enabled in production builds.
34
65
 
35
66
 config CRYPTO_ALGAPI
36
67
 	tristate
..
..
@@ -52,16 +83,15 @@
52
83
 	select CRYPTO_NULL2
53
84
 	select CRYPTO_RNG2
54
85
 
55
-config CRYPTO_BLKCIPHER
86
+config CRYPTO_SKCIPHER
56
87
 	tristate
57
-	select CRYPTO_BLKCIPHER2
88
+	select CRYPTO_SKCIPHER2
58
89
 	select CRYPTO_ALGAPI
59
90
 
60
-config CRYPTO_BLKCIPHER2
91
+config CRYPTO_SKCIPHER2
61
92
 	tristate
62
93
 	select CRYPTO_ALGAPI2
63
94
 	select CRYPTO_RNG2
64
-	select CRYPTO_WORKQUEUE
65
95
 
66
96
 config CRYPTO_HASH
67
97
 	tristate
..
..
@@ -113,29 +143,6 @@
113
143
 	select CRYPTO_ALGAPI
114
144
 	select CRYPTO_ACOMP2
115
145
 
116
-config CRYPTO_RSA
117
-	tristate "RSA algorithm"
118
-	select CRYPTO_AKCIPHER
119
-	select CRYPTO_MANAGER
120
-	select MPILIB
121
-	select ASN1
122
-	help
123
-	  Generic implementation of the RSA public key algorithm.
124
-
125
-config CRYPTO_DH
126
-	tristate "Diffie-Hellman algorithm"
127
-	select CRYPTO_KPP
128
-	select MPILIB
129
-	help
130
-	  Generic implementation of the Diffie-Hellman algorithm.
131
-
132
-config CRYPTO_ECDH
133
-	tristate "ECDH algorithm"
134
-	select CRYPTO_KPP
135
-	select CRYPTO_RNG_DEFAULT
136
-	help
137
-	  Generic implementation of the ECDH algorithm
138
-
139
146
 config CRYPTO_MANAGER
140
147
 	tristate "Cryptographic algorithm manager"
141
148
 	select CRYPTO_MANAGER2
..
..
@@ -147,7 +154,7 @@
147
154
 	def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
148
155
 	select CRYPTO_AEAD2
149
156
 	select CRYPTO_HASH2
150
-	select CRYPTO_BLKCIPHER2
157
+	select CRYPTO_SKCIPHER2
151
158
 	select CRYPTO_AKCIPHER2
152
159
 	select CRYPTO_KPP2
153
160
 	select CRYPTO_ACOMP2
..
..
@@ -167,14 +174,18 @@
167
174
 	  Disable run-time self tests that normally take place at
168
175
 	  algorithm registration.
169
176
 
170
-config CRYPTO_GF128MUL
171
-	tristate "GF(2^128) multiplication functions"
177
+config CRYPTO_MANAGER_EXTRA_TESTS
178
+	bool "Enable extra run-time crypto self tests"
179
+	depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS && CRYPTO_MANAGER
172
180
 	help
173
-	  Efficient table driven implementation of multiplications in the
174
-	  field GF(2^128).  This is needed by some cypher modes. This
175
-	  option will be selected automatically if you select such a
176
-	  cipher mode.  Only select this option by hand if you expect to load
177
-	  an external module that requires these functions.
181
+	  Enable extra run-time self tests of registered crypto algorithms,
182
+	  including randomized fuzz tests.
183
+
184
+	  This is intended for developer use only, as these tests take much
185
+	  longer to run than the normal self tests.
186
+
187
+config CRYPTO_GF128MUL
188
+	tristate
178
189
 
179
190
 config CRYPTO_NULL
180
191
 	tristate "Null algorithms"
..
..
@@ -185,7 +196,7 @@
185
196
 config CRYPTO_NULL2
186
197
 	tristate
187
198
 	select CRYPTO_ALGAPI2
188
-	select CRYPTO_BLKCIPHER2
199
+	select CRYPTO_SKCIPHER2
189
200
 	select CRYPTO_HASH2
190
201
 
191
202
 config CRYPTO_PCRYPT
..
..
@@ -198,38 +209,20 @@
198
209
 	  This converts an arbitrary crypto algorithm into a parallel
199
210
 	  algorithm that executes in kernel threads.
200
211
 
201
-config CRYPTO_WORKQUEUE
202
-       tristate
203
-
204
212
 config CRYPTO_CRYPTD
205
213
 	tristate "Software async crypto daemon"
206
-	select CRYPTO_BLKCIPHER
214
+	select CRYPTO_SKCIPHER
207
215
 	select CRYPTO_HASH
208
216
 	select CRYPTO_MANAGER
209
-	select CRYPTO_WORKQUEUE
210
217
 	help
211
218
 	  This is a generic software asynchronous crypto daemon that
212
219
 	  converts an arbitrary synchronous software crypto algorithm
213
220
 	  into an asynchronous algorithm that executes in a kernel thread.
214
221
 
215
-config CRYPTO_MCRYPTD
216
-	tristate "Software async multi-buffer crypto daemon"
217
-	select CRYPTO_BLKCIPHER
218
-	select CRYPTO_HASH
219
-	select CRYPTO_MANAGER
220
-	select CRYPTO_WORKQUEUE
221
-	help
222
-	  This is a generic software asynchronous crypto daemon that
223
-	  provides the kernel thread to assist multi-buffer crypto
224
-	  algorithms for submitting jobs and flushing jobs in multi-buffer
225
-	  crypto algorithms.  Multi-buffer crypto algorithms are executed
226
-	  in the context of this kernel thread and drivers can post
227
-	  their crypto request asynchronously to be processed by this daemon.
228
-
229
222
 config CRYPTO_AUTHENC
230
223
 	tristate "Authenc support"
231
224
 	select CRYPTO_AEAD
232
-	select CRYPTO_BLKCIPHER
225
+	select CRYPTO_SKCIPHER
233
226
 	select CRYPTO_MANAGER
234
227
 	select CRYPTO_HASH
235
228
 	select CRYPTO_NULL
..
..
@@ -251,10 +244,69 @@
251
244
 config CRYPTO_GLUE_HELPER_X86
252
245
 	tristate
253
246
 	depends on X86
254
-	select CRYPTO_BLKCIPHER
247
+	select CRYPTO_SKCIPHER
255
248
 
256
249
 config CRYPTO_ENGINE
257
250
 	tristate
251
+
252
+comment "Public-key cryptography"
253
+
254
+config CRYPTO_RSA
255
+	tristate "RSA algorithm"
256
+	select CRYPTO_AKCIPHER
257
+	select CRYPTO_MANAGER
258
+	select MPILIB
259
+	select ASN1
260
+	help
261
+	  Generic implementation of the RSA public key algorithm.
262
+
263
+config CRYPTO_DH
264
+	tristate "Diffie-Hellman algorithm"
265
+	select CRYPTO_KPP
266
+	select MPILIB
267
+	help
268
+	  Generic implementation of the Diffie-Hellman algorithm.
269
+
270
+config CRYPTO_ECC
271
+	tristate
272
+	select CRYPTO_RNG_DEFAULT
273
+
274
+config CRYPTO_ECDH
275
+	tristate "ECDH algorithm"
276
+	select CRYPTO_ECC
277
+	select CRYPTO_KPP
278
+	help
279
+	  Generic implementation of the ECDH algorithm
280
+
281
+config CRYPTO_ECRDSA
282
+	tristate "EC-RDSA (GOST 34.10) algorithm"
283
+	select CRYPTO_ECC
284
+	select CRYPTO_AKCIPHER
285
+	select CRYPTO_STREEBOG
286
+	select OID_REGISTRY
287
+	select ASN1
288
+	help
289
+	  Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
290
+	  RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
291
+	  standard algorithms (called GOST algorithms). Only signature verification
292
+	  is implemented.
293
+
294
+config CRYPTO_SM2
295
+	tristate "SM2 algorithm"
296
+	select CRYPTO_SM3
297
+	select CRYPTO_AKCIPHER
298
+	select CRYPTO_MANAGER
299
+	select MPILIB
300
+	select ASN1
301
+	help
302
+	  Generic implementation of the SM2 public key algorithm. It was
303
+	  published by State Encryption Management Bureau, China.
304
+	  as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012.
305
+
306
+	  References:
307
+	  https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
308
+	  http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
309
+	  http://www.gmbz.org.cn/main/bzlb.html
258
310
 
259
311
 config CRYPTO_CURVE25519
260
312
 	tristate "Curve25519 algorithm"
..
..
@@ -274,6 +326,7 @@
274
326
 	select CRYPTO_CTR
275
327
 	select CRYPTO_HASH
276
328
 	select CRYPTO_AEAD
329
+	select CRYPTO_MANAGER
277
330
 	help
278
331
 	  Support for Counter with CBC MAC. Required for IPsec.
279
332
 
..
..
@@ -283,6 +336,7 @@
283
336
 	select CRYPTO_AEAD
284
337
 	select CRYPTO_GHASH
285
338
 	select CRYPTO_NULL
339
+	select CRYPTO_MANAGER
286
340
 	help
287
341
 	  Support for Galois/Counter Mode (GCM) and Galois Message
288
342
 	  Authentication Code (GMAC). Required for IPSec.
..
..
@@ -292,6 +346,7 @@
292
346
 	select CRYPTO_CHACHA20
293
347
 	select CRYPTO_POLY1305
294
348
 	select CRYPTO_AEAD
349
+	select CRYPTO_MANAGER
295
350
 	help
296
351
 	  ChaCha20-Poly1305 AEAD support, RFC7539.
297
352
 
..
..
@@ -306,106 +361,26 @@
306
361
 	help
307
362
 	 Support for the AEGIS-128 dedicated AEAD algorithm.
308
363
 
309
-config CRYPTO_AEGIS128L
310
-	tristate "AEGIS-128L AEAD algorithm"
311
-	select CRYPTO_AEAD
312
-	select CRYPTO_AES  # for AES S-box tables
313
-	help
314
-	 Support for the AEGIS-128L dedicated AEAD algorithm.
315
-
316
-config CRYPTO_AEGIS256
317
-	tristate "AEGIS-256 AEAD algorithm"
318
-	select CRYPTO_AEAD
319
-	select CRYPTO_AES  # for AES S-box tables
320
-	help
321
-	 Support for the AEGIS-256 dedicated AEAD algorithm.
364
+config CRYPTO_AEGIS128_SIMD
365
+	bool "Support SIMD acceleration for AEGIS-128"
366
+	depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
367
+	default y
322
368
 
323
369
 config CRYPTO_AEGIS128_AESNI_SSE2
324
370
 	tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
325
371
 	depends on X86 && 64BIT
326
372
 	select CRYPTO_AEAD
327
-	select CRYPTO_CRYPTD
373
+	select CRYPTO_SIMD
328
374
 	help
329
-	 AESNI+SSE2 implementation of the AEGSI-128 dedicated AEAD algorithm.
330
-
331
-config CRYPTO_AEGIS128L_AESNI_SSE2
332
-	tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
333
-	depends on X86 && 64BIT
334
-	select CRYPTO_AEAD
335
-	select CRYPTO_CRYPTD
336
-	help
337
-	 AESNI+SSE2 implementation of the AEGSI-128L dedicated AEAD algorithm.
338
-
339
-config CRYPTO_AEGIS256_AESNI_SSE2
340
-	tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
341
-	depends on X86 && 64BIT
342
-	select CRYPTO_AEAD
343
-	select CRYPTO_CRYPTD
344
-	help
345
-	 AESNI+SSE2 implementation of the AEGSI-256 dedicated AEAD algorithm.
346
-
347
-config CRYPTO_MORUS640
348
-	tristate "MORUS-640 AEAD algorithm"
349
-	select CRYPTO_AEAD
350
-	help
351
-	  Support for the MORUS-640 dedicated AEAD algorithm.
352
-
353
-config CRYPTO_MORUS640_GLUE
354
-	tristate
355
-	depends on X86
356
-	select CRYPTO_AEAD
357
-	select CRYPTO_CRYPTD
358
-	help
359
-	  Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
360
-	  algorithm.
361
-
362
-config CRYPTO_MORUS640_SSE2
363
-	tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
364
-	depends on X86 && 64BIT
365
-	select CRYPTO_AEAD
366
-	select CRYPTO_MORUS640_GLUE
367
-	help
368
-	  SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
369
-
370
-config CRYPTO_MORUS1280
371
-	tristate "MORUS-1280 AEAD algorithm"
372
-	select CRYPTO_AEAD
373
-	help
374
-	  Support for the MORUS-1280 dedicated AEAD algorithm.
375
-
376
-config CRYPTO_MORUS1280_GLUE
377
-	tristate
378
-	depends on X86
379
-	select CRYPTO_AEAD
380
-	select CRYPTO_CRYPTD
381
-	help
382
-	  Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
383
-	  algorithm.
384
-
385
-config CRYPTO_MORUS1280_SSE2
386
-	tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
387
-	depends on X86 && 64BIT
388
-	select CRYPTO_AEAD
389
-	select CRYPTO_MORUS1280_GLUE
390
-	help
391
-	  SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
392
-	  algorithm.
393
-
394
-config CRYPTO_MORUS1280_AVX2
395
-	tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
396
-	depends on X86 && 64BIT
397
-	select CRYPTO_AEAD
398
-	select CRYPTO_MORUS1280_GLUE
399
-	help
400
-	  AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
401
-	  algorithm.
375
+	 AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
402
376
 
403
377
 config CRYPTO_SEQIV
404
378
 	tristate "Sequence Number IV Generator"
405
379
 	select CRYPTO_AEAD
406
-	select CRYPTO_BLKCIPHER
380
+	select CRYPTO_SKCIPHER
407
381
 	select CRYPTO_NULL
408
382
 	select CRYPTO_RNG_DEFAULT
383
+	select CRYPTO_MANAGER
409
384
 	help
410
385
 	  This IV generator generates an IV based on a sequence number by
411
386
 	  xoring it with a salt.  This algorithm is mainly useful for CTR
..
..
@@ -415,7 +390,7 @@
415
390
 	select CRYPTO_AEAD
416
391
 	select CRYPTO_NULL
417
392
 	select CRYPTO_RNG_DEFAULT
418
-	default m
393
+	select CRYPTO_MANAGER
419
394
 	help
420
395
 	  This IV generator generates an IV based on the encryption of
421
396
 	  a sequence number xored with a salt.  This is the default
..
..
@@ -425,7 +400,7 @@
425
400
 
426
401
 config CRYPTO_CBC
427
402
 	tristate "CBC support"
428
-	select CRYPTO_BLKCIPHER
403
+	select CRYPTO_SKCIPHER
429
404
 	select CRYPTO_MANAGER
430
405
 	help
431
406
 	  CBC: Cipher Block Chaining mode
..
..
@@ -433,7 +408,7 @@
433
408
 
434
409
 config CRYPTO_CFB
435
410
 	tristate "CFB support"
436
-	select CRYPTO_BLKCIPHER
411
+	select CRYPTO_SKCIPHER
437
412
 	select CRYPTO_MANAGER
438
413
 	help
439
414
 	  CFB: Cipher FeedBack mode
..
..
@@ -441,8 +416,7 @@
441
416
 
442
417
 config CRYPTO_CTR
443
418
 	tristate "CTR support"
444
-	select CRYPTO_BLKCIPHER
445
-	select CRYPTO_SEQIV
419
+	select CRYPTO_SKCIPHER
446
420
 	select CRYPTO_MANAGER
447
421
 	help
448
422
 	  CTR: Counter mode
..
..
@@ -450,18 +424,22 @@
450
424
 
451
425
 config CRYPTO_CTS
452
426
 	tristate "CTS support"
453
-	select CRYPTO_BLKCIPHER
427
+	select CRYPTO_SKCIPHER
428
+	select CRYPTO_MANAGER
454
429
 	help
455
430
 	  CTS: Cipher Text Stealing
456
431
 	  This is the Cipher Text Stealing mode as described by
457
-	  Section 8 of rfc2040 and referenced by rfc3962.
458
-	  (rfc3962 includes errata information in its Appendix A)
432
+	  Section 8 of rfc2040 and referenced by rfc3962
433
+	  (rfc3962 includes errata information in its Appendix A) or
434
+	  CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
459
435
 	  This mode is required for Kerberos gss mechanism support
460
436
 	  for AES encryption.
461
437
 
438
+	  See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
439
+
462
440
 config CRYPTO_ECB
463
441
 	tristate "ECB support"
464
-	select CRYPTO_BLKCIPHER
442
+	select CRYPTO_SKCIPHER
465
443
 	select CRYPTO_MANAGER
466
444
 	help
467
445
 	  ECB: Electronic CodeBook mode
..
..
@@ -470,7 +448,7 @@
470
448
 
471
449
 config CRYPTO_LRW
472
450
 	tristate "LRW support"
473
-	select CRYPTO_BLKCIPHER
451
+	select CRYPTO_SKCIPHER
474
452
 	select CRYPTO_MANAGER
475
453
 	select CRYPTO_GF128MUL
476
454
 	help
..
..
@@ -482,7 +460,7 @@
482
460
 
483
461
 config CRYPTO_OFB
484
462
 	tristate "OFB support"
485
-	select CRYPTO_BLKCIPHER
463
+	select CRYPTO_SKCIPHER
486
464
 	select CRYPTO_MANAGER
487
465
 	help
488
466
 	  OFB: the Output Feedback mode makes a block cipher into a synchronous
..
..
@@ -494,7 +472,7 @@
494
472
 
495
473
 config CRYPTO_PCBC
496
474
 	tristate "PCBC support"
497
-	select CRYPTO_BLKCIPHER
475
+	select CRYPTO_SKCIPHER
498
476
 	select CRYPTO_MANAGER
499
477
 	help
500
478
 	  PCBC: Propagating Cipher Block Chaining mode
..
..
@@ -502,7 +480,7 @@
502
480
 
503
481
 config CRYPTO_XTS
504
482
 	tristate "XTS support"
505
-	select CRYPTO_BLKCIPHER
483
+	select CRYPTO_SKCIPHER
506
484
 	select CRYPTO_MANAGER
507
485
 	select CRYPTO_ECB
508
486
 	help
..
..
@@ -512,7 +490,8 @@
512
490
 
513
491
 config CRYPTO_KEYWRAP
514
492
 	tristate "Key wrapping support"
515
-	select CRYPTO_BLKCIPHER
493
+	select CRYPTO_SKCIPHER
494
+	select CRYPTO_MANAGER
516
495
 	help
517
496
 	  Support for key wrapping (NIST SP800-38F / RFC3394) without
518
497
 	  padding.
..
..
@@ -522,11 +501,28 @@
522
501
 	select CRYPTO_HASH
523
502
 	select CRYPTO_LIB_POLY1305_GENERIC
524
503
 
504
+config CRYPTO_NHPOLY1305_SSE2
505
+	tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
506
+	depends on X86 && 64BIT
507
+	select CRYPTO_NHPOLY1305
508
+	help
509
+	  SSE2 optimized implementation of the hash function used by the
510
+	  Adiantum encryption mode.
511
+
512
+config CRYPTO_NHPOLY1305_AVX2
513
+	tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
514
+	depends on X86 && 64BIT
515
+	select CRYPTO_NHPOLY1305
516
+	help
517
+	  AVX2 optimized implementation of the hash function used by the
518
+	  Adiantum encryption mode.
519
+
525
520
 config CRYPTO_ADIANTUM
526
521
 	tristate "Adiantum support"
527
522
 	select CRYPTO_CHACHA20
528
523
 	select CRYPTO_LIB_POLY1305_GENERIC
529
524
 	select CRYPTO_NHPOLY1305
525
+	select CRYPTO_MANAGER
530
526
 	help
531
527
 	  Adiantum is a tweakable, length-preserving encryption mode
532
528
 	  designed for fast and secure disk encryption, especially on
..
..
@@ -544,6 +540,34 @@
544
540
 	  security than XTS, subject to the security bound.
545
541
 
546
542
 	  If unsure, say N.
543
+
544
+config CRYPTO_ESSIV
545
+	tristate "ESSIV support for block encryption"
546
+	select CRYPTO_AUTHENC
547
+	help
548
+	  Encrypted salt-sector initialization vector (ESSIV) is an IV
549
+	  generation method that is used in some cases by fscrypt and/or
550
+	  dm-crypt. It uses the hash of the block encryption key as the
551
+	  symmetric key for a block encryption pass applied to the input
552
+	  IV, making low entropy IV sources more suitable for block
553
+	  encryption.
554
+
555
+	  This driver implements a crypto API template that can be
556
+	  instantiated either as an skcipher or as an AEAD (depending on the
557
+	  type of the first template argument), and which defers encryption
558
+	  and decryption requests to the encapsulated cipher after applying
559
+	  ESSIV to the input IV. Note that in the AEAD case, it is assumed
560
+	  that the keys are presented in the same format used by the authenc
561
+	  template, and that the IV appears at the end of the authenticated
562
+	  associated data (AAD) region (which is how dm-crypt uses it.)
563
+
564
+	  Note that the use of ESSIV is not recommended for new deployments,
565
+	  and so this only needs to be enabled when interoperability with
566
+	  existing encrypted volumes of filesystems is required, or when
567
+	  building for a particular system that requires it (e.g., when
568
+	  the SoC in question has accelerated CBC but not XTS, making CBC
569
+	  combined with ESSIV the only feasible mode for h/w accelerated
570
+	  block encryption)
547
571
 
548
572
 comment "Hash modes"
549
573
 
..
..
@@ -572,7 +596,7 @@
572
596
 	select CRYPTO_MANAGER
573
597
 	help
574
598
 	  XCBC: Keyed-Hashing with encryption algorithm
575
-		http://www.ietf.org/rfc/rfc3566.txt
599
+		https://www.ietf.org/rfc/rfc3566.txt
576
600
 		http://csrc.nist.gov/encryption/modes/proposedmodes/
577
601
 		 xcbc-mac/xcbc-mac-spec.pdf
578
602
 
..
..
@@ -585,7 +609,7 @@
585
609
 	  very high speed on 64-bit architectures.
586
610
 
587
611
 	  See also:
588
-	  <http://fastcrypto.org/vmac>
612
+	  <https://fastcrypto.org/vmac>
589
613
 
590
614
 comment "Digest"
591
615
 
..
..
@@ -647,7 +671,7 @@
647
671
 	  From Intel Westmere and AMD Bulldozer processor with SSE4.2
648
672
 	  and PCLMULQDQ supported, the processor will support
649
673
 	  CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
650
-	  instruction. This option will create 'crc32-plcmul' module,
674
+	  instruction. This option will create 'crc32-pclmul' module,
651
675
 	  which will enable any routine to use the CRC-32-IEEE 802.3 checksum
652
676
 	  and gain better performance as compared with the table implementation.
653
677
 
..
..
@@ -659,6 +683,31 @@
659
683
 	  CRC32c and CRC32 CRC algorithms implemented using mips crypto
660
684
 	  instructions, when available.
661
685
 
686
+
687
+config CRYPTO_XXHASH
688
+	tristate "xxHash hash algorithm"
689
+	select CRYPTO_HASH
690
+	select XXHASH
691
+	help
692
+	  xxHash non-cryptographic hash algorithm. Extremely fast, working at
693
+	  speeds close to RAM limits.
694
+
695
+config CRYPTO_BLAKE2B
696
+	tristate "BLAKE2b digest algorithm"
697
+	select CRYPTO_HASH
698
+	help
699
+	  Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
700
+	  optimized for 64bit platforms and can produce digests of any size
701
+	  between 1 to 64.  The keyed hash is also implemented.
702
+
703
+	  This module provides the following algorithms:
704
+
705
+	  - blake2b-160
706
+	  - blake2b-256
707
+	  - blake2b-384
708
+	  - blake2b-512
709
+
710
+	  See https://blake2.net for further information.
662
711
 
663
712
 config CRYPTO_BLAKE2S
664
713
 	tristate "BLAKE2s digest algorithm"
..
..
@@ -684,23 +733,6 @@
684
733
 	select CRYPTO_LIB_BLAKE2S_GENERIC
685
734
 	select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
686
735
 
687
-config CRYPTO_BLAKE2B
688
-	tristate "BLAKE2b digest algorithm"
689
-	select CRYPTO_HASH
690
-	help
691
-	  Implementation of cryptographic hash function BLAKE2b (or just BLAKE2),
692
-	  optimized for 64bit platforms and can produce digests of any size
693
-	  between 1 to 64.  The keyed hash is also implemented.
694
-
695
-	  This module provides the following algorithms:
696
-
697
-	  - blake2b-160
698
-	  - blake2b-256
699
-	  - blake2b-384
700
-	  - blake2b-512
701
-
702
-	  See https://blake2.net for further information.
703
-
704
736
 config CRYPTO_CRCT10DIF
705
737
 	tristate "CRCT10DIF algorithm"
706
738
 	select CRYPTO_HASH
..
..
@@ -717,7 +749,7 @@
717
749
 	  For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
718
750
 	  CRC T10 DIF PCLMULQDQ computation can be hardware
719
751
 	  accelerated PCLMULQDQ instruction. This option will create
720
-	  'crct10dif-plcmul' module, which is faster when computing the
752
+	  'crct10dif-pclmul' module, which is faster when computing the
721
753
 	  crct10dif checksum as compared with the generic table implementation.
722
754
 
723
755
 config CRYPTO_CRCT10DIF_VPMSUM
..
..
@@ -738,11 +770,12 @@
738
770
 	  Unless you are testing these algorithms, you don't need this.
739
771
 
740
772
 config CRYPTO_GHASH
741
-	tristate "GHASH digest algorithm"
773
+	tristate "GHASH hash function"
742
774
 	select CRYPTO_GF128MUL
743
775
 	select CRYPTO_HASH
744
776
 	help
745
-	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
777
+	  GHASH is the hash function used in GCM (Galois/Counter Mode).
778
+	  It is not a general-purpose cryptographic hash function.
746
779
 
747
780
 config CRYPTO_POLY1305
748
781
 	tristate "Poly1305 authenticator algorithm"
..
..
@@ -770,7 +803,7 @@
770
803
 
771
804
 config CRYPTO_POLY1305_MIPS
772
805
 	tristate "Poly1305 authenticator algorithm (MIPS optimized)"
773
-	depends on CPU_MIPS32 || (CPU_MIPS64 && 64BIT)
806
+	depends on MIPS
774
807
 	select CRYPTO_ARCH_HAVE_LIB_POLY1305
775
808
 
776
809
 config CRYPTO_MD4
..
..
@@ -831,7 +864,7 @@
831
864
 	  RIPEMD-160 should be used.
832
865
 
833
866
 	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
834
-	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
867
+	  See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
835
868
 
836
869
 config CRYPTO_RMD160
837
870
 	tristate "RIPEMD-160 digest algorithm"
..
..
@@ -848,7 +881,7 @@
848
881
 	  against RIPEMD-160.
849
882
 
850
883
 	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
851
-	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
884
+	  See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
852
885
 
853
886
 config CRYPTO_RMD256
854
887
 	tristate "RIPEMD-256 digest algorithm"
..
..
@@ -860,7 +893,7 @@
860
893
 	  (than RIPEMD-128).
861
894
 
862
895
 	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
863
-	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
896
+	  See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
864
897
 
865
898
 config CRYPTO_RMD320
866
899
 	tristate "RIPEMD-320 digest algorithm"
..
..
@@ -872,7 +905,7 @@
872
905
 	  (than RIPEMD-160).
873
906
 
874
907
 	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
875
-	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
908
+	  See <https://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
876
909
 
877
910
 config CRYPTO_SHA1
878
911
 	tristate "SHA1 digest algorithm"
..
..
@@ -946,57 +979,10 @@
946
979
 	  SHA-1 secure hash standard (DFIPS 180-4) implemented
947
980
 	  using powerpc SPE SIMD instruction set.
948
981
 
949
-config CRYPTO_SHA1_MB
950
-	tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
951
-	depends on X86 && 64BIT
952
-	select CRYPTO_SHA1
953
-	select CRYPTO_HASH
954
-	select CRYPTO_MCRYPTD
955
-	help
956
-	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
957
-	  using multi-buffer technique.  This algorithm computes on
958
-	  multiple data lanes concurrently with SIMD instructions for
959
-	  better throughput.  It should not be enabled by default but
960
-	  used when there is significant amount of work to keep the keep
961
-	  the data lanes filled to get performance benefit.  If the data
962
-	  lanes remain unfilled, a flush operation will be initiated to
963
-	  process the crypto jobs, adding a slight latency.
964
-
965
-config CRYPTO_SHA256_MB
966
-	tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)"
967
-	depends on X86 && 64BIT
968
-	select CRYPTO_SHA256
969
-	select CRYPTO_HASH
970
-	select CRYPTO_MCRYPTD
971
-	help
972
-	  SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
973
-	  using multi-buffer technique.  This algorithm computes on
974
-	  multiple data lanes concurrently with SIMD instructions for
975
-	  better throughput.  It should not be enabled by default but
976
-	  used when there is significant amount of work to keep the keep
977
-	  the data lanes filled to get performance benefit.  If the data
978
-	  lanes remain unfilled, a flush operation will be initiated to
979
-	  process the crypto jobs, adding a slight latency.
980
-
981
-config CRYPTO_SHA512_MB
982
-        tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)"
983
-        depends on X86 && 64BIT
984
-        select CRYPTO_SHA512
985
-        select CRYPTO_HASH
986
-        select CRYPTO_MCRYPTD
987
-        help
988
-          SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
989
-          using multi-buffer technique.  This algorithm computes on
990
-          multiple data lanes concurrently with SIMD instructions for
991
-          better throughput.  It should not be enabled by default but
992
-          used when there is significant amount of work to keep the keep
993
-          the data lanes filled to get performance benefit.  If the data
994
-          lanes remain unfilled, a flush operation will be initiated to
995
-          process the crypto jobs, adding a slight latency.
996
-
997
982
 config CRYPTO_SHA256
998
983
 	tristate "SHA224 and SHA256 digest algorithm"
999
984
 	select CRYPTO_HASH
985
+	select CRYPTO_LIB_SHA256
1000
986
 	help
1001
987
 	  SHA256 secure hash standard (DFIPS 180-2).
1002
988
 
..
..
@@ -1084,6 +1070,18 @@
1084
1070
 	  http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
1085
1071
 	  https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
1086
1072
 
1073
+config CRYPTO_STREEBOG
1074
+	tristate "Streebog Hash Function"
1075
+	select CRYPTO_HASH
1076
+	help
1077
+	  Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
1078
+	  cryptographic standard algorithms (called GOST algorithms).
1079
+	  This setting enables two hash algorithms with 256 and 512 bits output.
1080
+
1081
+	  References:
1082
+	  https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
1083
+	  https://tools.ietf.org/html/rfc6986
1084
+
1087
1085
 config CRYPTO_TGR192
1088
1086
 	tristate "Tiger digest algorithms"
1089
1087
 	select CRYPTO_HASH
..
..
@@ -1095,7 +1093,7 @@
1095
1093
 	  Tiger was developed by Ross Anderson and Eli Biham.
1096
1094
 
1097
1095
 	  See also:
1098
-	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
1096
+	  <https://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
1099
1097
 
1100
1098
 config CRYPTO_WP512
1101
1099
 	tristate "Whirlpool digest algorithms"
..
..
@@ -1110,18 +1108,19 @@
1110
1108
 	  <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
1111
1109
 
1112
1110
 config CRYPTO_GHASH_CLMUL_NI_INTEL
1113
-	tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
1111
+	tristate "GHASH hash function (CLMUL-NI accelerated)"
1114
1112
 	depends on X86 && 64BIT
1115
1113
 	select CRYPTO_CRYPTD
1116
1114
 	help
1117
-	  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
1118
-	  The implementation is accelerated by CLMUL-NI of Intel.
1115
+	  This is the x86_64 CLMUL-NI accelerated implementation of
1116
+	  GHASH, the hash function used in GCM (Galois/Counter mode).
1119
1117
 
1120
1118
 comment "Ciphers"
1121
1119
 
1122
1120
 config CRYPTO_AES
1123
1121
 	tristate "AES cipher algorithms"
1124
1122
 	select CRYPTO_ALGAPI
1123
+	select CRYPTO_LIB_AES
1125
1124
 	help
1126
1125
 	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1127
1126
 	  algorithm.
..
..
@@ -1142,6 +1141,7 @@
1142
1141
 config CRYPTO_AES_TI
1143
1142
 	tristate "Fixed time AES cipher"
1144
1143
 	select CRYPTO_ALGAPI
1144
+	select CRYPTO_LIB_AES
1145
1145
 	help
1146
1146
 	  This is a generic implementation of AES that attempts to eliminate
1147
1147
 	  data dependent latencies as much as possible without affecting
..
..
@@ -1157,58 +1157,13 @@
1157
1157
 	  block. Interrupts are also disabled to avoid races where cachelines
1158
1158
 	  are evicted when the CPU is interrupted to do something else.
1159
1159
 
1160
-config CRYPTO_AES_586
1161
-	tristate "AES cipher algorithms (i586)"
1162
-	depends on (X86 || UML_X86) && !64BIT
1163
-	select CRYPTO_ALGAPI
1164
-	select CRYPTO_AES
1165
-	help
1166
-	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1167
-	  algorithm.
1168
-
1169
-	  Rijndael appears to be consistently a very good performer in
1170
-	  both hardware and software across a wide range of computing
1171
-	  environments regardless of its use in feedback or non-feedback
1172
-	  modes. Its key setup time is excellent, and its key agility is
1173
-	  good. Rijndael's very low memory requirements make it very well
1174
-	  suited for restricted-space environments, in which it also
1175
-	  demonstrates excellent performance. Rijndael's operations are
1176
-	  among the easiest to defend against power and timing attacks.
1177
-
1178
-	  The AES specifies three key sizes: 128, 192 and 256 bits
1179
-
1180
-	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1181
-
1182
-config CRYPTO_AES_X86_64
1183
-	tristate "AES cipher algorithms (x86_64)"
1184
-	depends on (X86 || UML_X86) && 64BIT
1185
-	select CRYPTO_ALGAPI
1186
-	select CRYPTO_AES
1187
-	help
1188
-	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
1189
-	  algorithm.
1190
-
1191
-	  Rijndael appears to be consistently a very good performer in
1192
-	  both hardware and software across a wide range of computing
1193
-	  environments regardless of its use in feedback or non-feedback
1194
-	  modes. Its key setup time is excellent, and its key agility is
1195
-	  good. Rijndael's very low memory requirements make it very well
1196
-	  suited for restricted-space environments, in which it also
1197
-	  demonstrates excellent performance. Rijndael's operations are
1198
-	  among the easiest to defend against power and timing attacks.
1199
-
1200
-	  The AES specifies three key sizes: 128, 192 and 256 bits
1201
-
1202
-	  See <http://csrc.nist.gov/encryption/aes/> for more information.
1203
-
1204
1160
 config CRYPTO_AES_NI_INTEL
1205
1161
 	tristate "AES cipher algorithms (AES-NI)"
1206
1162
 	depends on X86
1207
1163
 	select CRYPTO_AEAD
1208
-	select CRYPTO_AES_X86_64 if 64BIT
1209
-	select CRYPTO_AES_586 if !64BIT
1164
+	select CRYPTO_LIB_AES
1210
1165
 	select CRYPTO_ALGAPI
1211
-	select CRYPTO_BLKCIPHER
1166
+	select CRYPTO_SKCIPHER
1212
1167
 	select CRYPTO_GLUE_HELPER_X86 if 64BIT
1213
1168
 	select CRYPTO_SIMD
1214
1169
 	help
..
..
@@ -1232,14 +1187,13 @@
1232
1187
 
1233
1188
 	  In addition to AES cipher algorithm support, the acceleration
1234
1189
 	  for some popular block cipher mode is supported too, including
1235
-	  ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
1190
+	  ECB, CBC, LRW, XTS. The 64 bit version has additional
1236
1191
 	  acceleration for CTR.
1237
1192
 
1238
1193
 config CRYPTO_AES_SPARC64
1239
1194
 	tristate "AES cipher algorithms (SPARC64)"
1240
1195
 	depends on SPARC64
1241
-	select CRYPTO_CRYPTD
1242
-	select CRYPTO_ALGAPI
1196
+	select CRYPTO_SKCIPHER
1243
1197
 	help
1244
1198
 	  Use SPARC64 crypto opcodes for AES algorithm.
1245
1199
 
..
..
@@ -1266,6 +1220,7 @@
1266
1220
 config CRYPTO_AES_PPC_SPE
1267
1221
 	tristate "AES cipher algorithms (PPC SPE)"
1268
1222
 	depends on PPC && SPE
1223
+	select CRYPTO_SKCIPHER
1269
1224
 	help
1270
1225
 	  AES cipher algorithms (FIPS-197). Additionally the acceleration
1271
1226
 	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
..
..
@@ -1278,6 +1233,7 @@
1278
1233
 
1279
1234
 config CRYPTO_ANUBIS
1280
1235
 	tristate "Anubis cipher algorithm"
1236
+	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1281
1237
 	select CRYPTO_ALGAPI
1282
1238
 	help
1283
1239
 	  Anubis cipher algorithm.
..
..
@@ -1292,7 +1248,9 @@
1292
1248
 
1293
1249
 config CRYPTO_ARC4
1294
1250
 	tristate "ARC4 cipher algorithm"
1295
-	select CRYPTO_BLKCIPHER
1251
+	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1252
+	select CRYPTO_SKCIPHER
1253
+	select CRYPTO_LIB_ARC4
1296
1254
 	help
1297
1255
 	  ARC4 cipher algorithm.
1298
1256
 
..
..
@@ -1313,7 +1271,7 @@
1313
1271
 	  designed for use on "large microprocessors".
1314
1272
 
1315
1273
 	  See also:
1316
-	  <http://www.schneier.com/blowfish.html>
1274
+	  <https://www.schneier.com/blowfish.html>
1317
1275
 
1318
1276
 config CRYPTO_BLOWFISH_COMMON
1319
1277
 	tristate
..
..
@@ -1322,12 +1280,12 @@
1322
1280
 	  generic c and the assembler implementations.
1323
1281
 
1324
1282
 	  See also:
1325
-	  <http://www.schneier.com/blowfish.html>
1283
+	  <https://www.schneier.com/blowfish.html>
1326
1284
 
1327
1285
 config CRYPTO_BLOWFISH_X86_64
1328
1286
 	tristate "Blowfish cipher algorithm (x86_64)"
1329
1287
 	depends on X86 && 64BIT
1330
-	select CRYPTO_BLKCIPHER
1288
+	select CRYPTO_SKCIPHER
1331
1289
 	select CRYPTO_BLOWFISH_COMMON
1332
1290
 	help
1333
1291
 	  Blowfish cipher algorithm (x86_64), by Bruce Schneier.
..
..
@@ -1337,7 +1295,7 @@
1337
1295
 	  designed for use on "large microprocessors".
1338
1296
 
1339
1297
 	  See also:
1340
-	  <http://www.schneier.com/blowfish.html>
1298
+	  <https://www.schneier.com/blowfish.html>
1341
1299
 
1342
1300
 config CRYPTO_CAMELLIA
1343
1301
 	tristate "Camellia cipher algorithms"
..
..
@@ -1358,7 +1316,7 @@
1358
1316
 	tristate "Camellia cipher algorithm (x86_64)"
1359
1317
 	depends on X86 && 64BIT
1360
1318
 	depends on CRYPTO
1361
-	select CRYPTO_BLKCIPHER
1319
+	select CRYPTO_SKCIPHER
1362
1320
 	select CRYPTO_GLUE_HELPER_X86
1363
1321
 	help
1364
1322
 	  Camellia cipher algorithm module (x86_64).
..
..
@@ -1375,7 +1333,7 @@
1375
1333
 	tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
1376
1334
 	depends on X86 && 64BIT
1377
1335
 	depends on CRYPTO
1378
-	select CRYPTO_BLKCIPHER
1336
+	select CRYPTO_SKCIPHER
1379
1337
 	select CRYPTO_CAMELLIA_X86_64
1380
1338
 	select CRYPTO_GLUE_HELPER_X86
1381
1339
 	select CRYPTO_SIMD
..
..
@@ -1412,6 +1370,7 @@
1412
1370
 	depends on SPARC64
1413
1371
 	depends on CRYPTO
1414
1372
 	select CRYPTO_ALGAPI
1373
+	select CRYPTO_SKCIPHER
1415
1374
 	help
1416
1375
 	  Camellia cipher algorithm module (SPARC64).
1417
1376
 
..
..
@@ -1440,7 +1399,7 @@
1440
1399
 config CRYPTO_CAST5_AVX_X86_64
1441
1400
 	tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1442
1401
 	depends on X86 && 64BIT
1443
-	select CRYPTO_BLKCIPHER
1402
+	select CRYPTO_SKCIPHER
1444
1403
 	select CRYPTO_CAST5
1445
1404
 	select CRYPTO_CAST_COMMON
1446
1405
 	select CRYPTO_SIMD
..
..
@@ -1462,7 +1421,7 @@
1462
1421
 config CRYPTO_CAST6_AVX_X86_64
1463
1422
 	tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1464
1423
 	depends on X86 && 64BIT
1465
-	select CRYPTO_BLKCIPHER
1424
+	select CRYPTO_SKCIPHER
1466
1425
 	select CRYPTO_CAST6
1467
1426
 	select CRYPTO_CAST_COMMON
1468
1427
 	select CRYPTO_GLUE_HELPER_X86
..
..
@@ -1478,6 +1437,7 @@
1478
1437
 config CRYPTO_DES
1479
1438
 	tristate "DES and Triple DES EDE cipher algorithms"
1480
1439
 	select CRYPTO_ALGAPI
1440
+	select CRYPTO_LIB_DES
1481
1441
 	help
1482
1442
 	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
1483
1443
 
..
..
@@ -1485,7 +1445,8 @@
1485
1445
 	tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
1486
1446
 	depends on SPARC64
1487
1447
 	select CRYPTO_ALGAPI
1488
-	select CRYPTO_DES
1448
+	select CRYPTO_LIB_DES
1449
+	select CRYPTO_SKCIPHER
1489
1450
 	help
1490
1451
 	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1491
1452
 	  optimized using SPARC64 crypto opcodes.
..
..
@@ -1493,8 +1454,8 @@
1493
1454
 config CRYPTO_DES3_EDE_X86_64
1494
1455
 	tristate "Triple DES EDE cipher algorithm (x86-64)"
1495
1456
 	depends on X86 && 64BIT
1496
-	select CRYPTO_BLKCIPHER
1497
-	select CRYPTO_DES
1457
+	select CRYPTO_SKCIPHER
1458
+	select CRYPTO_LIB_DES
1498
1459
 	help
1499
1460
 	  Triple DES EDE (FIPS 46-3) algorithm.
1500
1461
 
..
..
@@ -1506,12 +1467,13 @@
1506
1467
 config CRYPTO_FCRYPT
1507
1468
 	tristate "FCrypt cipher algorithm"
1508
1469
 	select CRYPTO_ALGAPI
1509
-	select CRYPTO_BLKCIPHER
1470
+	select CRYPTO_SKCIPHER
1510
1471
 	help
1511
1472
 	  FCrypt algorithm used by RxRPC.
1512
1473
 
1513
1474
 config CRYPTO_KHAZAD
1514
1475
 	tristate "Khazad cipher algorithm"
1476
+	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1515
1477
 	select CRYPTO_ALGAPI
1516
1478
 	help
1517
1479
 	  Khazad cipher algorithm.
..
..
@@ -1525,27 +1487,27 @@
1525
1487
 
1526
1488
 config CRYPTO_SALSA20
1527
1489
 	tristate "Salsa20 stream cipher algorithm"
1528
-	select CRYPTO_BLKCIPHER
1490
+	select CRYPTO_SKCIPHER
1529
1491
 	help
1530
1492
 	  Salsa20 stream cipher algorithm.
1531
1493
 
1532
1494
 	  Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1533
-	  Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1495
+	  Stream Cipher Project. See <https://www.ecrypt.eu.org/stream/>
1534
1496
 
1535
1497
 	  The Salsa20 stream cipher algorithm is designed by Daniel J.
1536
-	  Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1498
+	  Bernstein <djb@cr.yp.to>. See <https://cr.yp.to/snuffle.html>
1537
1499
 
1538
1500
 config CRYPTO_CHACHA20
1539
1501
 	tristate "ChaCha stream cipher algorithms"
1540
1502
 	select CRYPTO_LIB_CHACHA_GENERIC
1541
-	select CRYPTO_BLKCIPHER
1503
+	select CRYPTO_SKCIPHER
1542
1504
 	help
1543
1505
 	  The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
1544
1506
 
1545
1507
 	  ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1546
1508
 	  Bernstein and further specified in RFC7539 for use in IETF protocols.
1547
1509
 	  This is the portable C implementation of ChaCha20.  See also:
1548
-	  <http://cr.yp.to/chacha/chacha-20080128.pdf>
1510
+	  <https://cr.yp.to/chacha/chacha-20080128.pdf>
1549
1511
 
1550
1512
 	  XChaCha20 is the application of the XSalsa20 construction to ChaCha20
1551
1513
 	  rather than to Salsa20.  XChaCha20 extends ChaCha20's nonce length
..
..
@@ -1560,7 +1522,7 @@
1560
1522
 config CRYPTO_CHACHA20_X86_64
1561
1523
 	tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
1562
1524
 	depends on X86 && 64BIT
1563
-	select CRYPTO_BLKCIPHER
1525
+	select CRYPTO_SKCIPHER
1564
1526
 	select CRYPTO_LIB_CHACHA_GENERIC
1565
1527
 	select CRYPTO_ARCH_HAVE_LIB_CHACHA
1566
1528
 	help
..
..
@@ -1570,11 +1532,12 @@
1570
1532
 config CRYPTO_CHACHA_MIPS
1571
1533
 	tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)"
1572
1534
 	depends on CPU_MIPS32_R2
1573
-	select CRYPTO_BLKCIPHER
1535
+	select CRYPTO_SKCIPHER
1574
1536
 	select CRYPTO_ARCH_HAVE_LIB_CHACHA
1575
1537
 
1576
1538
 config CRYPTO_SEED
1577
1539
 	tristate "SEED cipher algorithm"
1540
+	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1578
1541
 	select CRYPTO_ALGAPI
1579
1542
 	help
1580
1543
 	  SEED cipher algorithm (RFC4269).
..
..
@@ -1598,12 +1561,12 @@
1598
1561
 	  variant of Serpent for compatibility with old kerneli.org code.
1599
1562
 
1600
1563
 	  See also:
1601
-	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1564
+	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1602
1565
 
1603
1566
 config CRYPTO_SERPENT_SSE2_X86_64
1604
1567
 	tristate "Serpent cipher algorithm (x86_64/SSE2)"
1605
1568
 	depends on X86 && 64BIT
1606
-	select CRYPTO_BLKCIPHER
1569
+	select CRYPTO_SKCIPHER
1607
1570
 	select CRYPTO_GLUE_HELPER_X86
1608
1571
 	select CRYPTO_SERPENT
1609
1572
 	select CRYPTO_SIMD
..
..
@@ -1617,12 +1580,12 @@
1617
1580
 	  blocks parallel using SSE2 instruction set.
1618
1581
 
1619
1582
 	  See also:
1620
-	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1583
+	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1621
1584
 
1622
1585
 config CRYPTO_SERPENT_SSE2_586
1623
1586
 	tristate "Serpent cipher algorithm (i586/SSE2)"
1624
1587
 	depends on X86 && !64BIT
1625
-	select CRYPTO_BLKCIPHER
1588
+	select CRYPTO_SKCIPHER
1626
1589
 	select CRYPTO_GLUE_HELPER_X86
1627
1590
 	select CRYPTO_SERPENT
1628
1591
 	select CRYPTO_SIMD
..
..
@@ -1636,12 +1599,12 @@
1636
1599
 	  blocks parallel using SSE2 instruction set.
1637
1600
 
1638
1601
 	  See also:
1639
-	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1602
+	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1640
1603
 
1641
1604
 config CRYPTO_SERPENT_AVX_X86_64
1642
1605
 	tristate "Serpent cipher algorithm (x86_64/AVX)"
1643
1606
 	depends on X86 && 64BIT
1644
-	select CRYPTO_BLKCIPHER
1607
+	select CRYPTO_SKCIPHER
1645
1608
 	select CRYPTO_GLUE_HELPER_X86
1646
1609
 	select CRYPTO_SERPENT
1647
1610
 	select CRYPTO_SIMD
..
..
@@ -1656,7 +1619,7 @@
1656
1619
 	  eight blocks parallel using the AVX instruction set.
1657
1620
 
1658
1621
 	  See also:
1659
-	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1622
+	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1660
1623
 
1661
1624
 config CRYPTO_SERPENT_AVX2_X86_64
1662
1625
 	tristate "Serpent cipher algorithm (x86_64/AVX2)"
..
..
@@ -1672,7 +1635,7 @@
1672
1635
 	  blocks parallel using AVX2 instruction set.
1673
1636
 
1674
1637
 	  See also:
1675
-	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1638
+	  <https://www.cl.cam.ac.uk/~rja14/serpent.html>
1676
1639
 
1677
1640
 config CRYPTO_SM4
1678
1641
 	tristate "SM4 cipher algorithm"
..
..
@@ -1701,6 +1664,7 @@
1701
1664
 
1702
1665
 config CRYPTO_TEA
1703
1666
 	tristate "TEA, XTEA and XETA cipher algorithms"
1667
+	depends on CRYPTO_USER_API_ENABLE_OBSOLETE
1704
1668
 	select CRYPTO_ALGAPI
1705
1669
 	help
1706
1670
 	  TEA cipher algorithm.
..
..
@@ -1729,7 +1693,7 @@
1729
1693
 	  bits.
1730
1694
 
1731
1695
 	  See also:
1732
-	  <http://www.schneier.com/twofish.html>
1696
+	  <https://www.schneier.com/twofish.html>
1733
1697
 
1734
1698
 config CRYPTO_TWOFISH_COMMON
1735
1699
 	tristate
..
..
@@ -1751,7 +1715,7 @@
1751
1715
 	  bits.
1752
1716
 
1753
1717
 	  See also:
1754
-	  <http://www.schneier.com/twofish.html>
1718
+	  <https://www.schneier.com/twofish.html>
1755
1719
 
1756
1720
 config CRYPTO_TWOFISH_X86_64
1757
1721
 	tristate "Twofish cipher algorithm (x86_64)"
..
..
@@ -1767,12 +1731,12 @@
1767
1731
 	  bits.
1768
1732
 
1769
1733
 	  See also:
1770
-	  <http://www.schneier.com/twofish.html>
1734
+	  <https://www.schneier.com/twofish.html>
1771
1735
 
1772
1736
 config CRYPTO_TWOFISH_X86_64_3WAY
1773
1737
 	tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
1774
1738
 	depends on X86 && 64BIT
1775
-	select CRYPTO_BLKCIPHER
1739
+	select CRYPTO_SKCIPHER
1776
1740
 	select CRYPTO_TWOFISH_COMMON
1777
1741
 	select CRYPTO_TWOFISH_X86_64
1778
1742
 	select CRYPTO_GLUE_HELPER_X86
..
..
@@ -1788,12 +1752,12 @@
1788
1752
 	  blocks parallel, utilizing resources of out-of-order CPUs better.
1789
1753
 
1790
1754
 	  See also:
1791
-	  <http://www.schneier.com/twofish.html>
1755
+	  <https://www.schneier.com/twofish.html>
1792
1756
 
1793
1757
 config CRYPTO_TWOFISH_AVX_X86_64
1794
1758
 	tristate "Twofish cipher algorithm (x86_64/AVX)"
1795
1759
 	depends on X86 && 64BIT
1796
-	select CRYPTO_BLKCIPHER
1760
+	select CRYPTO_SKCIPHER
1797
1761
 	select CRYPTO_GLUE_HELPER_X86
1798
1762
 	select CRYPTO_SIMD
1799
1763
 	select CRYPTO_TWOFISH_COMMON
..
..
@@ -1811,7 +1775,7 @@
1811
1775
 	  eight blocks parallel using the AVX Instruction Set.
1812
1776
 
1813
1777
 	  See also:
1814
-	  <http://www.schneier.com/twofish.html>
1778
+	  <https://www.schneier.com/twofish.html>
1815
1779
 
1816
1780
 comment "Compression"
1817
1781
 
..
..
@@ -1907,7 +1871,7 @@
1907
1871
 config CRYPTO_DRBG_CTR
1908
1872
 	bool "Enable CTR DRBG"
1909
1873
 	select CRYPTO_AES
1910
-	depends on CRYPTO_CTR
1874
+	select CRYPTO_CTR
1911
1875
 	help
1912
1876
 	  Enable the CTR DRBG variant as defined in NIST SP800-90A.
1913
1877
 
..
..
@@ -1944,7 +1908,7 @@
1944
1908
 config CRYPTO_USER_API_SKCIPHER
1945
1909
 	tristate "User-space interface for symmetric key cipher algorithms"
1946
1910
 	depends on NET
1947
-	select CRYPTO_BLKCIPHER
1911
+	select CRYPTO_SKCIPHER
1948
1912
 	select CRYPTO_USER_API
1949
1913
 	help
1950
1914
 	  This option enables the user-spaces interface for symmetric
..
..
@@ -1959,23 +1923,52 @@
1959
1923
 	  This option enables the user-spaces interface for random
1960
1924
 	  number generator algorithms.
1961
1925
 
1926
+config CRYPTO_USER_API_RNG_CAVP
1927
+	bool "Enable CAVP testing of DRBG"
1928
+	depends on CRYPTO_USER_API_RNG && CRYPTO_DRBG
1929
+	help
1930
+	  This option enables extra API for CAVP testing via the user-space
1931
+	  interface: resetting of DRBG entropy, and providing Additional Data.
1932
+	  This should only be enabled for CAVP testing. You should say
1933
+	  no unless you know what this is.
1934
+
1962
1935
 config CRYPTO_USER_API_AEAD
1963
1936
 	tristate "User-space interface for AEAD cipher algorithms"
1964
1937
 	depends on NET
1965
1938
 	select CRYPTO_AEAD
1966
-	select CRYPTO_BLKCIPHER
1939
+	select CRYPTO_SKCIPHER
1967
1940
 	select CRYPTO_NULL
1968
1941
 	select CRYPTO_USER_API
1969
1942
 	help
1970
1943
 	  This option enables the user-spaces interface for AEAD
1971
1944
 	  cipher algorithms.
1972
1945
 
1946
+config CRYPTO_USER_API_ENABLE_OBSOLETE
1947
+	bool "Enable obsolete cryptographic algorithms for userspace"
1948
+	depends on CRYPTO_USER_API
1949
+	default y
1950
+	help
1951
+	  Allow obsolete cryptographic algorithms to be selected that have
1952
+	  already been phased out from internal use by the kernel, and are
1953
+	  only useful for userspace clients that still rely on them.
1954
+
1955
+config CRYPTO_STATS
1956
+	bool "Crypto usage statistics for User-space"
1957
+	depends on CRYPTO_USER
1958
+	help
1959
+	  This option enables the gathering of crypto stats.
1960
+	  This will collect:
1961
+	  - encrypt/decrypt size and numbers of symmeric operations
1962
+	  - compress/decompress size and numbers of compress operations
1963
+	  - size and numbers of hash operations
1964
+	  - encrypt/decrypt/sign/verify numbers for asymmetric operations
1965
+	  - generate/seed numbers for rng operations
1966
+
1973
1967
 config CRYPTO_HASH_INFO
1974
1968
 	bool
1975
1969
 
1976
-source "lib/crypto/Kconfig"
1977
1970
 source "drivers/crypto/Kconfig"
1978
-source crypto/asymmetric_keys/Kconfig
1979
-source certs/Kconfig
1971
+source "crypto/asymmetric_keys/Kconfig"
1972
+source "certs/Kconfig"
1980
1973
 
1981
1974
 endif	# if CRYPTO