blob: 9c00454ed0248590880dd3780240ae626a4929ce [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -07001#
Dan Williams685784a2007-07-09 11:56:42 -07002# Generic algorithms support
3#
4config XOR_BLOCKS
5 tristate
6
7#
Dan Williams9bc89cd2007-01-02 11:10:44 -07008# async_tx api: hardware offloaded memory transfer/transform support
9#
10source "crypto/async_tx/Kconfig"
11
12#
Linus Torvalds1da177e2005-04-16 15:20:36 -070013# Cryptographic API Configuration
14#
Jan Engelhardt2e290f42007-05-18 15:11:01 +100015menuconfig CRYPTO
Sebastian Siewiorc3715cb92008-03-30 16:36:09 +080016 tristate "Cryptographic API"
Linus Torvalds1da177e2005-04-16 15:20:36 -070017 help
18 This option provides the core Cryptographic API.
19
Herbert Xucce9e062006-08-21 21:08:13 +100020if CRYPTO
21
Sebastian Siewior584fffc2008-04-05 21:04:48 +080022comment "Crypto core or helper"
23
Neil Hormanccb778e2008-08-05 14:13:08 +080024config CRYPTO_FIPS
25 bool "FIPS 200 compliance"
Herbert Xuf2c89a12014-07-04 22:15:08 +080026 depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
Jarod Wilson002c77a2014-07-02 15:37:30 -040027 depends on MODULE_SIG
Neil Hormanccb778e2008-08-05 14:13:08 +080028 help
29 This options enables the fips boot option which is
30 required if you want to system to operate in a FIPS 200
31 certification. You should say no unless you know what
Chuck Ebberte84c5482010-09-03 19:17:49 +080032 this is.
Neil Hormanccb778e2008-08-05 14:13:08 +080033
Herbert Xucce9e062006-08-21 21:08:13 +100034config CRYPTO_ALGAPI
35 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110036 select CRYPTO_ALGAPI2
Herbert Xucce9e062006-08-21 21:08:13 +100037 help
38 This option provides the API for cryptographic algorithms.
39
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110040config CRYPTO_ALGAPI2
41 tristate
42
Herbert Xu1ae97822007-08-30 15:36:14 +080043config CRYPTO_AEAD
44 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110045 select CRYPTO_AEAD2
Herbert Xu1ae97822007-08-30 15:36:14 +080046 select CRYPTO_ALGAPI
47
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110048config CRYPTO_AEAD2
49 tristate
50 select CRYPTO_ALGAPI2
51
Herbert Xu5cde0af2006-08-22 00:07:53 +100052config CRYPTO_BLKCIPHER
53 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110054 select CRYPTO_BLKCIPHER2
Herbert Xu5cde0af2006-08-22 00:07:53 +100055 select CRYPTO_ALGAPI
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110056
57config CRYPTO_BLKCIPHER2
58 tristate
59 select CRYPTO_ALGAPI2
60 select CRYPTO_RNG2
Huang Ying0a2e8212009-02-19 14:44:02 +080061 select CRYPTO_WORKQUEUE
Herbert Xu5cde0af2006-08-22 00:07:53 +100062
Herbert Xu055bcee2006-08-19 22:24:23 +100063config CRYPTO_HASH
64 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110065 select CRYPTO_HASH2
Herbert Xu055bcee2006-08-19 22:24:23 +100066 select CRYPTO_ALGAPI
67
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110068config CRYPTO_HASH2
69 tristate
70 select CRYPTO_ALGAPI2
71
Neil Horman17f0f4a2008-08-14 22:15:52 +100072config CRYPTO_RNG
73 tristate
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110074 select CRYPTO_RNG2
Neil Horman17f0f4a2008-08-14 22:15:52 +100075 select CRYPTO_ALGAPI
76
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110077config CRYPTO_RNG2
78 tristate
79 select CRYPTO_ALGAPI2
80
Geert Uytterhoevena1d2f092009-03-04 15:05:33 +080081config CRYPTO_PCOMP
82 tristate
Herbert Xubc94e592010-06-03 20:33:06 +100083 select CRYPTO_PCOMP2
84 select CRYPTO_ALGAPI
85
86config CRYPTO_PCOMP2
87 tristate
Geert Uytterhoevena1d2f092009-03-04 15:05:33 +080088 select CRYPTO_ALGAPI2
89
Herbert Xu2b8c19d2006-09-21 11:31:44 +100090config CRYPTO_MANAGER
91 tristate "Cryptographic algorithm manager"
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110092 select CRYPTO_MANAGER2
Herbert Xu2b8c19d2006-09-21 11:31:44 +100093 help
94 Create default cryptographic template instantiations such as
95 cbc(aes).
96
Herbert Xu6a0fcbb2008-12-10 23:29:44 +110097config CRYPTO_MANAGER2
98 def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
99 select CRYPTO_AEAD2
100 select CRYPTO_HASH2
101 select CRYPTO_BLKCIPHER2
Herbert Xubc94e592010-06-03 20:33:06 +1000102 select CRYPTO_PCOMP2
Herbert Xu6a0fcbb2008-12-10 23:29:44 +1100103
Steffen Klasserta38f7902011-09-27 07:23:50 +0200104config CRYPTO_USER
105 tristate "Userspace cryptographic algorithm configuration"
Herbert Xu5db017a2011-11-01 12:12:43 +1100106 depends on NET
Steffen Klasserta38f7902011-09-27 07:23:50 +0200107 select CRYPTO_MANAGER
108 help
Valdis.Kletnieks@vt.edud19978f2011-11-09 01:29:20 -0500109 Userspace configuration for cryptographic instantiations such as
Steffen Klasserta38f7902011-09-27 07:23:50 +0200110 cbc(aes).
111
Herbert Xu326a6342010-08-06 09:40:28 +0800112config CRYPTO_MANAGER_DISABLE_TESTS
113 bool "Disable run-time self tests"
Herbert Xu00ca28a2010-08-06 10:34:00 +0800114 default y
115 depends on CRYPTO_MANAGER2
Alexander Shishkin0b767f92010-06-03 20:53:43 +1000116 help
Herbert Xu326a6342010-08-06 09:40:28 +0800117 Disable run-time self tests that normally take place at
118 algorithm registration.
Alexander Shishkin0b767f92010-06-03 20:53:43 +1000119
Rik Snelc494e072006-11-29 18:59:44 +1100120config CRYPTO_GF128MUL
Jussi Kivilinna08c70fc2011-12-13 12:53:22 +0200121 tristate "GF(2^128) multiplication functions"
Rik Snelc494e072006-11-29 18:59:44 +1100122 help
123 Efficient table driven implementation of multiplications in the
124 field GF(2^128). This is needed by some cypher modes. This
125 option will be selected automatically if you select such a
126 cipher mode. Only select this option by hand if you expect to load
127 an external module that requires these functions.
128
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800129config CRYPTO_NULL
130 tristate "Null algorithms"
131 select CRYPTO_ALGAPI
132 select CRYPTO_BLKCIPHER
Herbert Xud35d2452008-11-08 08:09:56 +0800133 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800134 help
135 These are 'Null' algorithms, used by IPsec, which do nothing.
136
Steffen Klassert5068c7a2010-01-07 15:57:19 +1100137config CRYPTO_PCRYPT
Kees Cook3b4afaf2012-10-02 11:16:49 -0700138 tristate "Parallel crypto engine"
139 depends on SMP
Steffen Klassert5068c7a2010-01-07 15:57:19 +1100140 select PADATA
141 select CRYPTO_MANAGER
142 select CRYPTO_AEAD
143 help
144 This converts an arbitrary crypto algorithm into a parallel
145 algorithm that executes in kernel threads.
146
Huang Ying25c38d32009-02-19 14:33:40 +0800147config CRYPTO_WORKQUEUE
148 tristate
149
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800150config CRYPTO_CRYPTD
151 tristate "Software async crypto daemon"
Herbert Xudb131ef2006-09-21 11:44:08 +1000152 select CRYPTO_BLKCIPHER
Loc Hob8a28252008-05-14 21:23:00 +0800153 select CRYPTO_HASH
Herbert Xu43518402006-10-16 21:28:58 +1000154 select CRYPTO_MANAGER
Huang Ying254eff72009-02-19 14:42:19 +0800155 select CRYPTO_WORKQUEUE
Herbert Xudb131ef2006-09-21 11:44:08 +1000156 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800157 This is a generic software asynchronous crypto daemon that
158 converts an arbitrary synchronous software crypto algorithm
159 into an asynchronous algorithm that executes in a kernel thread.
160
Tim Chen1e65b812014-07-31 10:29:51 -0700161config CRYPTO_MCRYPTD
162 tristate "Software async multi-buffer crypto daemon"
163 select CRYPTO_BLKCIPHER
164 select CRYPTO_HASH
165 select CRYPTO_MANAGER
166 select CRYPTO_WORKQUEUE
167 help
168 This is a generic software asynchronous crypto daemon that
169 provides the kernel thread to assist multi-buffer crypto
170 algorithms for submitting jobs and flushing jobs in multi-buffer
171 crypto algorithms. Multi-buffer crypto algorithms are executed
172 in the context of this kernel thread and drivers can post
Ted Percival0e566732014-09-04 15:18:21 +0800173 their crypto request asynchronously to be processed by this daemon.
Tim Chen1e65b812014-07-31 10:29:51 -0700174
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800175config CRYPTO_AUTHENC
176 tristate "Authenc support"
177 select CRYPTO_AEAD
178 select CRYPTO_BLKCIPHER
179 select CRYPTO_MANAGER
180 select CRYPTO_HASH
181 help
182 Authenc: Combined mode wrapper for IPsec.
183 This is required for IPSec.
184
185config CRYPTO_TEST
186 tristate "Testing module"
187 depends on m
Herbert Xuda7f0332008-07-31 17:08:25 +0800188 select CRYPTO_MANAGER
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800189 help
190 Quick & dirty crypto test module.
191
Ard Biesheuvela62b01c2013-09-20 09:55:40 +0200192config CRYPTO_ABLK_HELPER
Jussi Kivilinnaffaf9152012-06-18 14:06:58 +0300193 tristate
Jussi Kivilinnaffaf9152012-06-18 14:06:58 +0300194 select CRYPTO_CRYPTD
195
Jussi Kivilinna596d8752012-06-18 14:07:19 +0300196config CRYPTO_GLUE_HELPER_X86
197 tristate
198 depends on X86
199 select CRYPTO_ALGAPI
200
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800201comment "Authenticated Encryption with Associated Data"
202
203config CRYPTO_CCM
204 tristate "CCM support"
205 select CRYPTO_CTR
206 select CRYPTO_AEAD
207 help
208 Support for Counter with CBC MAC. Required for IPsec.
209
210config CRYPTO_GCM
211 tristate "GCM/GMAC support"
212 select CRYPTO_CTR
213 select CRYPTO_AEAD
Huang Ying9382d972009-08-06 15:34:26 +1000214 select CRYPTO_GHASH
Jussi Kivilinna9489667d2013-04-07 16:43:41 +0300215 select CRYPTO_NULL
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800216 help
217 Support for Galois/Counter Mode (GCM) and Galois Message
218 Authentication Code (GMAC). Required for IPSec.
219
220config CRYPTO_SEQIV
221 tristate "Sequence Number IV Generator"
222 select CRYPTO_AEAD
223 select CRYPTO_BLKCIPHER
Herbert Xu856e3f402015-05-21 15:11:13 +0800224 select CRYPTO_NULL
Herbert Xua0f000e2008-08-14 22:21:31 +1000225 select CRYPTO_RNG
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800226 help
227 This IV generator generates an IV based on a sequence number by
228 xoring it with a salt. This algorithm is mainly useful for CTR
229
Herbert Xua10f5542015-05-21 15:11:15 +0800230config CRYPTO_ECHAINIV
231 tristate "Encrypted Chain IV Generator"
232 select CRYPTO_AEAD
233 select CRYPTO_NULL
234 select CRYPTO_RNG
235 help
236 This IV generator generates an IV based on the encryption of
237 a sequence number xored with a salt. This is the default
238 algorithm for CBC.
239
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800240comment "Block modes"
Herbert Xudb131ef2006-09-21 11:44:08 +1000241
242config CRYPTO_CBC
243 tristate "CBC support"
244 select CRYPTO_BLKCIPHER
Herbert Xu43518402006-10-16 21:28:58 +1000245 select CRYPTO_MANAGER
Herbert Xudb131ef2006-09-21 11:44:08 +1000246 help
247 CBC: Cipher Block Chaining mode
248 This block cipher algorithm is required for IPSec.
249
Joy Latten23e353c2007-10-23 08:50:32 +0800250config CRYPTO_CTR
251 tristate "CTR support"
252 select CRYPTO_BLKCIPHER
Herbert Xu0a270322007-11-30 21:38:37 +1100253 select CRYPTO_SEQIV
Joy Latten23e353c2007-10-23 08:50:32 +0800254 select CRYPTO_MANAGER
Joy Latten23e353c2007-10-23 08:50:32 +0800255 help
256 CTR: Counter mode
257 This block cipher algorithm is required for IPSec.
258
Kevin Coffman76cb9522008-03-24 21:26:16 +0800259config CRYPTO_CTS
260 tristate "CTS support"
261 select CRYPTO_BLKCIPHER
262 help
263 CTS: Cipher Text Stealing
264 This is the Cipher Text Stealing mode as described by
265 Section 8 of rfc2040 and referenced by rfc3962.
266 (rfc3962 includes errata information in its Appendix A)
267 This mode is required for Kerberos gss mechanism support
268 for AES encryption.
269
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800270config CRYPTO_ECB
271 tristate "ECB support"
Herbert Xu653ebd92007-11-27 19:48:27 +0800272 select CRYPTO_BLKCIPHER
Herbert Xu124b53d2007-04-16 20:49:20 +1000273 select CRYPTO_MANAGER
274 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800275 ECB: Electronic CodeBook mode
276 This is the simplest block cipher algorithm. It simply encrypts
277 the input block by block.
Herbert Xu124b53d2007-04-16 20:49:20 +1000278
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800279config CRYPTO_LRW
Jussi Kivilinna2470a2b2011-12-13 12:52:51 +0200280 tristate "LRW support"
David Howells90831632006-12-16 12:13:14 +1100281 select CRYPTO_BLKCIPHER
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800282 select CRYPTO_MANAGER
283 select CRYPTO_GF128MUL
David Howells90831632006-12-16 12:13:14 +1100284 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800285 LRW: Liskov Rivest Wagner, a tweakable, non malleable, non movable
286 narrow block cipher mode for dm-crypt. Use it with cipher
287 specification string aes-lrw-benbi, the key must be 256, 320 or 384.
288 The first 128, 192 or 256 bits in the key are used for AES and the
289 rest is used to tie each cipher block to its logical position.
David Howells90831632006-12-16 12:13:14 +1100290
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800291config CRYPTO_PCBC
292 tristate "PCBC support"
293 select CRYPTO_BLKCIPHER
294 select CRYPTO_MANAGER
295 help
296 PCBC: Propagating Cipher Block Chaining mode
297 This block cipher algorithm is required for RxRPC.
298
299config CRYPTO_XTS
Jussi Kivilinna5bcf8e62011-12-13 12:52:56 +0200300 tristate "XTS support"
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800301 select CRYPTO_BLKCIPHER
302 select CRYPTO_MANAGER
303 select CRYPTO_GF128MUL
304 help
305 XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,
306 key size 256, 384 or 512 bits. This implementation currently
307 can't handle a sectorsize which is not a multiple of 16 bytes.
308
309comment "Hash modes"
310
Jussi Kivilinna93b5e862013-04-08 10:48:44 +0300311config CRYPTO_CMAC
312 tristate "CMAC support"
313 select CRYPTO_HASH
314 select CRYPTO_MANAGER
315 help
316 Cipher-based Message Authentication Code (CMAC) specified by
317 The National Institute of Standards and Technology (NIST).
318
319 https://tools.ietf.org/html/rfc4493
320 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
321
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800322config CRYPTO_HMAC
323 tristate "HMAC support"
324 select CRYPTO_HASH
325 select CRYPTO_MANAGER
326 help
327 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
328 This is required for IPSec.
329
330config CRYPTO_XCBC
331 tristate "XCBC support"
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800332 select CRYPTO_HASH
333 select CRYPTO_MANAGER
334 help
335 XCBC: Keyed-Hashing with encryption algorithm
336 http://www.ietf.org/rfc/rfc3566.txt
337 http://csrc.nist.gov/encryption/modes/proposedmodes/
338 xcbc-mac/xcbc-mac-spec.pdf
339
Shane Wangf1939f72009-09-02 20:05:22 +1000340config CRYPTO_VMAC
341 tristate "VMAC support"
Shane Wangf1939f72009-09-02 20:05:22 +1000342 select CRYPTO_HASH
343 select CRYPTO_MANAGER
344 help
345 VMAC is a message authentication algorithm designed for
346 very high speed on 64-bit architectures.
347
348 See also:
349 <http://fastcrypto.org/vmac>
350
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800351comment "Digest"
352
353config CRYPTO_CRC32C
354 tristate "CRC32c CRC algorithm"
Herbert Xu5773a3e2008-07-08 20:54:28 +0800355 select CRYPTO_HASH
Darrick J. Wong6a0962b2012-03-23 15:02:25 -0700356 select CRC32
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800357 help
358 Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used
359 by iSCSI for header and data digests and by others.
Herbert Xu69c35ef2008-11-07 15:11:47 +0800360 See Castagnoli93. Module will be crc32c.
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800361
Austin Zhang8cb51ba2008-08-07 09:57:03 +0800362config CRYPTO_CRC32C_INTEL
363 tristate "CRC32c INTEL hardware acceleration"
364 depends on X86
365 select CRYPTO_HASH
366 help
367 In Intel processor with SSE4.2 supported, the processor will
368 support CRC32C implementation using hardware accelerated CRC32
369 instruction. This option will create 'crc32c-intel' module,
370 which will enable any routine to use the CRC32 instruction to
371 gain performance compared with software implementation.
372 Module will be crc32c-intel.
373
David S. Miller442a7c42012-08-22 20:47:36 -0700374config CRYPTO_CRC32C_SPARC64
375 tristate "CRC32c CRC algorithm (SPARC64)"
376 depends on SPARC64
377 select CRYPTO_HASH
378 select CRC32
379 help
380 CRC32c CRC algorithm implemented using sparc64 crypto instructions,
381 when available.
382
Alexander Boyko78c37d12013-01-10 18:54:59 +0400383config CRYPTO_CRC32
384 tristate "CRC32 CRC algorithm"
385 select CRYPTO_HASH
386 select CRC32
387 help
388 CRC-32-IEEE 802.3 cyclic redundancy-check algorithm.
389 Shash crypto api wrappers to crc32_le function.
390
391config CRYPTO_CRC32_PCLMUL
392 tristate "CRC32 PCLMULQDQ hardware acceleration"
393 depends on X86
394 select CRYPTO_HASH
395 select CRC32
396 help
397 From Intel Westmere and AMD Bulldozer processor with SSE4.2
398 and PCLMULQDQ supported, the processor will support
399 CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
400 instruction. This option will create 'crc32-plcmul' module,
401 which will enable any routine to use the CRC-32-IEEE 802.3 checksum
402 and gain better performance as compared with the table implementation.
403
Herbert Xu684115212013-09-07 12:56:26 +1000404config CRYPTO_CRCT10DIF
405 tristate "CRCT10DIF algorithm"
406 select CRYPTO_HASH
407 help
408 CRC T10 Data Integrity Field computation is being cast as
409 a crypto transform. This allows for faster crc t10 diff
410 transforms to be used if they are available.
411
412config CRYPTO_CRCT10DIF_PCLMUL
413 tristate "CRCT10DIF PCLMULQDQ hardware acceleration"
414 depends on X86 && 64BIT && CRC_T10DIF
415 select CRYPTO_HASH
416 help
417 For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
418 CRC T10 DIF PCLMULQDQ computation can be hardware
419 accelerated PCLMULQDQ instruction. This option will create
420 'crct10dif-plcmul' module, which is faster when computing the
421 crct10dif checksum as compared with the generic table implementation.
422
Huang Ying2cdc6892009-08-06 15:32:38 +1000423config CRYPTO_GHASH
424 tristate "GHASH digest algorithm"
Huang Ying2cdc6892009-08-06 15:32:38 +1000425 select CRYPTO_GF128MUL
426 help
427 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
428
Martin Willif979e012015-06-01 13:43:58 +0200429config CRYPTO_POLY1305
430 tristate "Poly1305 authenticator algorithm"
431 help
432 Poly1305 authenticator algorithm, RFC7539.
433
434 Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein.
435 It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use
436 in IETF protocols. This is the portable C implementation of Poly1305.
437
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800438config CRYPTO_MD4
439 tristate "MD4 digest algorithm"
Adrian-Ken Rueegsegger808a1762008-12-03 19:55:27 +0800440 select CRYPTO_HASH
Linus Torvalds1da177e2005-04-16 15:20:36 -0700441 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800442 MD4 message digest algorithm (RFC1320).
Linus Torvalds1da177e2005-04-16 15:20:36 -0700443
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800444config CRYPTO_MD5
445 tristate "MD5 digest algorithm"
Adrian-Ken Rueegsegger14b75ba2008-12-03 19:57:12 +0800446 select CRYPTO_HASH
Linus Torvalds1da177e2005-04-16 15:20:36 -0700447 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800448 MD5 message digest algorithm (RFC1321).
Linus Torvalds1da177e2005-04-16 15:20:36 -0700449
Aaro Koskinend69e75d2014-12-21 22:54:02 +0200450config CRYPTO_MD5_OCTEON
451 tristate "MD5 digest algorithm (OCTEON)"
452 depends on CPU_CAVIUM_OCTEON
453 select CRYPTO_MD5
454 select CRYPTO_HASH
455 help
456 MD5 message digest algorithm (RFC1321) implemented
457 using OCTEON crypto instructions, when available.
458
Markus Stockhausene8e59952015-03-01 19:30:46 +0100459config CRYPTO_MD5_PPC
460 tristate "MD5 digest algorithm (PPC)"
461 depends on PPC
462 select CRYPTO_HASH
463 help
464 MD5 message digest algorithm (RFC1321) implemented
465 in PPC assembler.
466
David S. Millerfa4dfed2012-08-19 21:51:26 -0700467config CRYPTO_MD5_SPARC64
468 tristate "MD5 digest algorithm (SPARC64)"
469 depends on SPARC64
470 select CRYPTO_MD5
471 select CRYPTO_HASH
472 help
473 MD5 message digest algorithm (RFC1321) implemented
474 using sparc64 crypto instructions, when available.
475
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800476config CRYPTO_MICHAEL_MIC
477 tristate "Michael MIC keyed digest algorithm"
Adrian-Ken Rueegsegger19e2bf12008-12-07 19:35:38 +0800478 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800479 help
480 Michael MIC is used for message integrity protection in TKIP
481 (IEEE 802.11i). This algorithm is required for TKIP, but it
482 should not be used for other purposes because of the weakness
483 of the algorithm.
484
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800485config CRYPTO_RMD128
Adrian Bunkb6d44342008-07-16 19:28:00 +0800486 tristate "RIPEMD-128 digest algorithm"
Herbert Xu7c4468b2008-11-08 09:10:40 +0800487 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800488 help
489 RIPEMD-128 (ISO/IEC 10118-3:2004).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800490
Adrian Bunkb6d44342008-07-16 19:28:00 +0800491 RIPEMD-128 is a 128-bit cryptographic hash function. It should only
Michael Witten35ed4b32011-07-09 04:02:31 +0000492 be used as a secure replacement for RIPEMD. For other use cases,
Adrian Bunkb6d44342008-07-16 19:28:00 +0800493 RIPEMD-160 should be used.
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800494
Adrian Bunkb6d44342008-07-16 19:28:00 +0800495 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800496 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800497
498config CRYPTO_RMD160
Adrian Bunkb6d44342008-07-16 19:28:00 +0800499 tristate "RIPEMD-160 digest algorithm"
Herbert Xue5835fb2008-11-08 09:18:51 +0800500 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800501 help
502 RIPEMD-160 (ISO/IEC 10118-3:2004).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800503
Adrian Bunkb6d44342008-07-16 19:28:00 +0800504 RIPEMD-160 is a 160-bit cryptographic hash function. It is intended
505 to be used as a secure replacement for the 128-bit hash functions
506 MD4, MD5 and it's predecessor RIPEMD
507 (not to be confused with RIPEMD-128).
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800508
Adrian Bunkb6d44342008-07-16 19:28:00 +0800509 It's speed is comparable to SHA1 and there are no known attacks
510 against RIPEMD-160.
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800511
Adrian Bunkb6d44342008-07-16 19:28:00 +0800512 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800513 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800514
515config CRYPTO_RMD256
Adrian Bunkb6d44342008-07-16 19:28:00 +0800516 tristate "RIPEMD-256 digest algorithm"
Herbert Xud8a5e2e2008-11-08 09:58:10 +0800517 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800518 help
519 RIPEMD-256 is an optional extension of RIPEMD-128 with a
520 256 bit hash. It is intended for applications that require
521 longer hash-results, without needing a larger security level
522 (than RIPEMD-128).
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800523
Adrian Bunkb6d44342008-07-16 19:28:00 +0800524 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800525 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800526
527config CRYPTO_RMD320
Adrian Bunkb6d44342008-07-16 19:28:00 +0800528 tristate "RIPEMD-320 digest algorithm"
Herbert Xu3b8efb42008-11-08 10:11:09 +0800529 select CRYPTO_HASH
Adrian Bunkb6d44342008-07-16 19:28:00 +0800530 help
531 RIPEMD-320 is an optional extension of RIPEMD-160 with a
532 320 bit hash. It is intended for applications that require
533 longer hash-results, without needing a larger security level
534 (than RIPEMD-160).
Adrian-Ken Rueegsegger534fe2c2008-05-09 21:30:27 +0800535
Adrian Bunkb6d44342008-07-16 19:28:00 +0800536 Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800537 See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
Adrian-Ken Rueegsegger82798f92008-05-07 22:17:37 +0800538
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800539config CRYPTO_SHA1
540 tristate "SHA1 digest algorithm"
Adrian-Ken Rueegsegger54ccb362008-12-02 21:08:20 +0800541 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800542 help
543 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
544
Mathias Krause66be8952011-08-04 20:19:25 +0200545config CRYPTO_SHA1_SSSE3
chandramouli narayanan7c1da8d2014-03-20 15:14:00 -0700546 tristate "SHA1 digest algorithm (SSSE3/AVX/AVX2)"
Mathias Krause66be8952011-08-04 20:19:25 +0200547 depends on X86 && 64BIT
548 select CRYPTO_SHA1
549 select CRYPTO_HASH
550 help
551 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
552 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector
chandramouli narayanan7c1da8d2014-03-20 15:14:00 -0700553 Extensions (AVX/AVX2), when available.
Mathias Krause66be8952011-08-04 20:19:25 +0200554
Tim Chen8275d1a2013-03-26 13:59:17 -0700555config CRYPTO_SHA256_SSSE3
556 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2)"
557 depends on X86 && 64BIT
558 select CRYPTO_SHA256
559 select CRYPTO_HASH
560 help
561 SHA-256 secure hash standard (DFIPS 180-2) implemented
562 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
563 Extensions version 1 (AVX1), or Advanced Vector Extensions
564 version 2 (AVX2) instructions, when available.
565
Tim Chen87de4572013-03-26 14:00:02 -0700566config CRYPTO_SHA512_SSSE3
567 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)"
568 depends on X86 && 64BIT
569 select CRYPTO_SHA512
570 select CRYPTO_HASH
571 help
572 SHA-512 secure hash standard (DFIPS 180-2) implemented
573 using Supplemental SSE3 (SSSE3) instructions, or Advanced Vector
574 Extensions version 1 (AVX1), or Advanced Vector Extensions
575 version 2 (AVX2) instructions, when available.
576
Aaro Koskinenefdb6f62015-03-08 22:07:47 +0200577config CRYPTO_SHA1_OCTEON
578 tristate "SHA1 digest algorithm (OCTEON)"
579 depends on CPU_CAVIUM_OCTEON
580 select CRYPTO_SHA1
581 select CRYPTO_HASH
582 help
583 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
584 using OCTEON crypto instructions, when available.
585
David S. Miller4ff28d42012-08-19 15:41:53 -0700586config CRYPTO_SHA1_SPARC64
587 tristate "SHA1 digest algorithm (SPARC64)"
588 depends on SPARC64
589 select CRYPTO_SHA1
590 select CRYPTO_HASH
591 help
592 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
593 using sparc64 crypto instructions, when available.
594
Michael Ellerman323a6bf2012-09-13 23:00:49 +0000595config CRYPTO_SHA1_PPC
596 tristate "SHA1 digest algorithm (powerpc)"
597 depends on PPC
598 help
599 This is the powerpc hardware accelerated implementation of the
600 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
601
Markus Stockhausend9850fc2015-02-24 20:36:50 +0100602config CRYPTO_SHA1_PPC_SPE
603 tristate "SHA1 digest algorithm (PPC SPE)"
604 depends on PPC && SPE
605 help
606 SHA-1 secure hash standard (DFIPS 180-4) implemented
607 using powerpc SPE SIMD instruction set.
608
Tim Chen1e65b812014-07-31 10:29:51 -0700609config CRYPTO_SHA1_MB
610 tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
611 depends on X86 && 64BIT
612 select CRYPTO_SHA1
613 select CRYPTO_HASH
614 select CRYPTO_MCRYPTD
615 help
616 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
617 using multi-buffer technique. This algorithm computes on
618 multiple data lanes concurrently with SIMD instructions for
619 better throughput. It should not be enabled by default but
620 used when there is significant amount of work to keep the keep
621 the data lanes filled to get performance benefit. If the data
622 lanes remain unfilled, a flush operation will be initiated to
623 process the crypto jobs, adding a slight latency.
624
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800625config CRYPTO_SHA256
626 tristate "SHA224 and SHA256 digest algorithm"
Adrian-Ken Rueegsegger50e109b52008-12-03 19:57:49 +0800627 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800628 help
629 SHA256 secure hash standard (DFIPS 180-2).
630
631 This version of SHA implements a 256 bit hash with 128 bits of
632 security against collision attacks.
633
Adrian Bunkb6d44342008-07-16 19:28:00 +0800634 This code also includes SHA-224, a 224 bit hash with 112 bits
635 of security against collision attacks.
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800636
Markus Stockhausen2ecc1e92015-01-30 15:39:34 +0100637config CRYPTO_SHA256_PPC_SPE
638 tristate "SHA224 and SHA256 digest algorithm (PPC SPE)"
639 depends on PPC && SPE
640 select CRYPTO_SHA256
641 select CRYPTO_HASH
642 help
643 SHA224 and SHA256 secure hash standard (DFIPS 180-2)
644 implemented using powerpc SPE SIMD instruction set.
645
Aaro Koskinenefdb6f62015-03-08 22:07:47 +0200646config CRYPTO_SHA256_OCTEON
647 tristate "SHA224 and SHA256 digest algorithm (OCTEON)"
648 depends on CPU_CAVIUM_OCTEON
649 select CRYPTO_SHA256
650 select CRYPTO_HASH
651 help
652 SHA-256 secure hash standard (DFIPS 180-2) implemented
653 using OCTEON crypto instructions, when available.
654
David S. Miller86c93b22012-08-19 17:11:37 -0700655config CRYPTO_SHA256_SPARC64
656 tristate "SHA224 and SHA256 digest algorithm (SPARC64)"
657 depends on SPARC64
658 select CRYPTO_SHA256
659 select CRYPTO_HASH
660 help
661 SHA-256 secure hash standard (DFIPS 180-2) implemented
662 using sparc64 crypto instructions, when available.
663
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800664config CRYPTO_SHA512
665 tristate "SHA384 and SHA512 digest algorithms"
Adrian-Ken Rueegseggerbd9d20d2008-12-17 16:49:02 +1100666 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800667 help
668 SHA512 secure hash standard (DFIPS 180-2).
669
670 This version of SHA implements a 512 bit hash with 256 bits of
671 security against collision attacks.
672
673 This code also includes SHA-384, a 384 bit hash with 192 bits
674 of security against collision attacks.
675
Aaro Koskinenefdb6f62015-03-08 22:07:47 +0200676config CRYPTO_SHA512_OCTEON
677 tristate "SHA384 and SHA512 digest algorithms (OCTEON)"
678 depends on CPU_CAVIUM_OCTEON
679 select CRYPTO_SHA512
680 select CRYPTO_HASH
681 help
682 SHA-512 secure hash standard (DFIPS 180-2) implemented
683 using OCTEON crypto instructions, when available.
684
David S. Miller775e0c62012-08-19 17:37:56 -0700685config CRYPTO_SHA512_SPARC64
686 tristate "SHA384 and SHA512 digest algorithm (SPARC64)"
687 depends on SPARC64
688 select CRYPTO_SHA512
689 select CRYPTO_HASH
690 help
691 SHA-512 secure hash standard (DFIPS 180-2) implemented
692 using sparc64 crypto instructions, when available.
693
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800694config CRYPTO_TGR192
695 tristate "Tiger digest algorithms"
Adrian-Ken Rueegseggerf63fbd32008-12-03 19:58:32 +0800696 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800697 help
698 Tiger hash algorithm 192, 160 and 128-bit hashes
699
700 Tiger is a hash function optimized for 64-bit processors while
701 still having decent performance on 32-bit processors.
702 Tiger was developed by Ross Anderson and Eli Biham.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700703
704 See also:
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800705 <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
706
707config CRYPTO_WP512
708 tristate "Whirlpool digest algorithms"
Adrian-Ken Rueegsegger49465102008-12-07 19:34:37 +0800709 select CRYPTO_HASH
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800710 help
711 Whirlpool hash algorithm 512, 384 and 256-bit hashes
712
713 Whirlpool-512 is part of the NESSIE cryptographic primitives.
714 Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
715
716 See also:
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800717 <http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800718
Huang Ying0e1227d2009-10-19 11:53:06 +0900719config CRYPTO_GHASH_CLMUL_NI_INTEL
720 tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
Richard Weinberger8af00862011-06-08 20:56:29 +0800721 depends on X86 && 64BIT
Huang Ying0e1227d2009-10-19 11:53:06 +0900722 select CRYPTO_CRYPTD
723 help
724 GHASH is message digest algorithm for GCM (Galois/Counter Mode).
725 The implementation is accelerated by CLMUL-NI of Intel.
726
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800727comment "Ciphers"
Linus Torvalds1da177e2005-04-16 15:20:36 -0700728
729config CRYPTO_AES
730 tristate "AES cipher algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +1000731 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -0700732 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800733 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Linus Torvalds1da177e2005-04-16 15:20:36 -0700734 algorithm.
735
736 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800737 both hardware and software across a wide range of computing
738 environments regardless of its use in feedback or non-feedback
739 modes. Its key setup time is excellent, and its key agility is
740 good. Rijndael's very low memory requirements make it very well
741 suited for restricted-space environments, in which it also
742 demonstrates excellent performance. Rijndael's operations are
743 among the easiest to defend against power and timing attacks.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700744
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800745 The AES specifies three key sizes: 128, 192 and 256 bits
Linus Torvalds1da177e2005-04-16 15:20:36 -0700746
747 See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
748
749config CRYPTO_AES_586
750 tristate "AES cipher algorithms (i586)"
Herbert Xucce9e062006-08-21 21:08:13 +1000751 depends on (X86 || UML_X86) && !64BIT
752 select CRYPTO_ALGAPI
Sebastian Siewior5157dea2007-11-10 19:07:16 +0800753 select CRYPTO_AES
Linus Torvalds1da177e2005-04-16 15:20:36 -0700754 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800755 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Linus Torvalds1da177e2005-04-16 15:20:36 -0700756 algorithm.
757
758 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800759 both hardware and software across a wide range of computing
760 environments regardless of its use in feedback or non-feedback
761 modes. Its key setup time is excellent, and its key agility is
762 good. Rijndael's very low memory requirements make it very well
763 suited for restricted-space environments, in which it also
764 demonstrates excellent performance. Rijndael's operations are
765 among the easiest to defend against power and timing attacks.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700766
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800767 The AES specifies three key sizes: 128, 192 and 256 bits
Linus Torvalds1da177e2005-04-16 15:20:36 -0700768
769 See <http://csrc.nist.gov/encryption/aes/> for more information.
770
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700771config CRYPTO_AES_X86_64
772 tristate "AES cipher algorithms (x86_64)"
Herbert Xucce9e062006-08-21 21:08:13 +1000773 depends on (X86 || UML_X86) && 64BIT
774 select CRYPTO_ALGAPI
Sebastian Siewior81190b32007-11-08 21:25:04 +0800775 select CRYPTO_AES
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700776 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800777 AES cipher algorithms (FIPS-197). AES uses the Rijndael
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700778 algorithm.
779
780 Rijndael appears to be consistently a very good performer in
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800781 both hardware and software across a wide range of computing
782 environments regardless of its use in feedback or non-feedback
783 modes. Its key setup time is excellent, and its key agility is
784 good. Rijndael's very low memory requirements make it very well
785 suited for restricted-space environments, in which it also
786 demonstrates excellent performance. Rijndael's operations are
787 among the easiest to defend against power and timing attacks.
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700788
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800789 The AES specifies three key sizes: 128, 192 and 256 bits
Andreas Steinmetza2a892a2005-07-06 13:55:00 -0700790
791 See <http://csrc.nist.gov/encryption/aes/> for more information.
792
Huang Ying54b6a1b2009-01-18 16:28:34 +1100793config CRYPTO_AES_NI_INTEL
794 tristate "AES cipher algorithms (AES-NI)"
Richard Weinberger8af00862011-06-08 20:56:29 +0800795 depends on X86
Mathias Krause0d258ef2010-11-27 16:34:46 +0800796 select CRYPTO_AES_X86_64 if 64BIT
797 select CRYPTO_AES_586 if !64BIT
Huang Ying54b6a1b2009-01-18 16:28:34 +1100798 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +0200799 select CRYPTO_ABLK_HELPER
Huang Ying54b6a1b2009-01-18 16:28:34 +1100800 select CRYPTO_ALGAPI
Jussi Kivilinna7643a112013-04-10 18:39:20 +0300801 select CRYPTO_GLUE_HELPER_X86 if 64BIT
Jussi Kivilinna023af602012-07-22 18:18:37 +0300802 select CRYPTO_LRW
803 select CRYPTO_XTS
Huang Ying54b6a1b2009-01-18 16:28:34 +1100804 help
805 Use Intel AES-NI instructions for AES algorithm.
806
807 AES cipher algorithms (FIPS-197). AES uses the Rijndael
808 algorithm.
809
810 Rijndael appears to be consistently a very good performer in
811 both hardware and software across a wide range of computing
812 environments regardless of its use in feedback or non-feedback
813 modes. Its key setup time is excellent, and its key agility is
814 good. Rijndael's very low memory requirements make it very well
815 suited for restricted-space environments, in which it also
816 demonstrates excellent performance. Rijndael's operations are
817 among the easiest to defend against power and timing attacks.
818
819 The AES specifies three key sizes: 128, 192 and 256 bits
820
821 See <http://csrc.nist.gov/encryption/aes/> for more information.
822
Mathias Krause0d258ef2010-11-27 16:34:46 +0800823 In addition to AES cipher algorithm support, the acceleration
824 for some popular block cipher mode is supported too, including
825 ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
826 acceleration for CTR.
Huang Ying2cf4ac82009-03-29 15:41:20 +0800827
David S. Miller9bf4852d2012-08-21 03:58:13 -0700828config CRYPTO_AES_SPARC64
829 tristate "AES cipher algorithms (SPARC64)"
830 depends on SPARC64
831 select CRYPTO_CRYPTD
832 select CRYPTO_ALGAPI
833 help
834 Use SPARC64 crypto opcodes for AES algorithm.
835
836 AES cipher algorithms (FIPS-197). AES uses the Rijndael
837 algorithm.
838
839 Rijndael appears to be consistently a very good performer in
840 both hardware and software across a wide range of computing
841 environments regardless of its use in feedback or non-feedback
842 modes. Its key setup time is excellent, and its key agility is
843 good. Rijndael's very low memory requirements make it very well
844 suited for restricted-space environments, in which it also
845 demonstrates excellent performance. Rijndael's operations are
846 among the easiest to defend against power and timing attacks.
847
848 The AES specifies three key sizes: 128, 192 and 256 bits
849
850 See <http://csrc.nist.gov/encryption/aes/> for more information.
851
852 In addition to AES cipher algorithm support, the acceleration
853 for some popular block cipher mode is supported too, including
854 ECB and CBC.
855
Markus Stockhausen504c6142015-02-22 10:00:10 +0100856config CRYPTO_AES_PPC_SPE
857 tristate "AES cipher algorithms (PPC SPE)"
858 depends on PPC && SPE
859 help
860 AES cipher algorithms (FIPS-197). Additionally the acceleration
861 for popular block cipher modes ECB, CBC, CTR and XTS is supported.
862 This module should only be used for low power (router) devices
863 without hardware AES acceleration (e.g. caam crypto). It reduces the
864 size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
865 timining attacks. Nevertheless it might be not as secure as other
866 architecture specific assembler implementations that work on 1KB
867 tables or 256 bytes S-boxes.
868
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800869config CRYPTO_ANUBIS
870 tristate "Anubis cipher algorithm"
871 select CRYPTO_ALGAPI
872 help
873 Anubis cipher algorithm.
874
875 Anubis is a variable key length cipher which can use keys from
876 128 bits to 320 bits in length. It was evaluated as a entrant
877 in the NESSIE competition.
878
879 See also:
Justin P. Mattock6d8de742010-09-12 10:42:47 +0800880 <https://www.cosic.esat.kuleuven.be/nessie/reports/>
881 <http://www.larc.usp.br/~pbarreto/AnubisPage.html>
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800882
883config CRYPTO_ARC4
884 tristate "ARC4 cipher algorithm"
Sebastian Andrzej Siewiorb9b0f082012-06-26 18:13:46 +0200885 select CRYPTO_BLKCIPHER
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800886 help
887 ARC4 cipher algorithm.
888
889 ARC4 is a stream cipher using keys ranging from 8 bits to 2048
890 bits in length. This algorithm is required for driver-based
891 WEP, but it should not be for other purposes because of the
892 weakness of the algorithm.
893
894config CRYPTO_BLOWFISH
895 tristate "Blowfish cipher algorithm"
896 select CRYPTO_ALGAPI
Jussi Kivilinna52ba8672011-09-02 01:45:07 +0300897 select CRYPTO_BLOWFISH_COMMON
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800898 help
899 Blowfish cipher algorithm, by Bruce Schneier.
900
901 This is a variable key length cipher which can use keys from 32
902 bits to 448 bits in length. It's fast, simple and specifically
903 designed for use on "large microprocessors".
904
905 See also:
906 <http://www.schneier.com/blowfish.html>
907
Jussi Kivilinna52ba8672011-09-02 01:45:07 +0300908config CRYPTO_BLOWFISH_COMMON
909 tristate
910 help
911 Common parts of the Blowfish cipher algorithm shared by the
912 generic c and the assembler implementations.
913
914 See also:
915 <http://www.schneier.com/blowfish.html>
916
Jussi Kivilinna64b94ce2011-09-02 01:45:22 +0300917config CRYPTO_BLOWFISH_X86_64
918 tristate "Blowfish cipher algorithm (x86_64)"
Al Virof21a7c12012-04-08 20:31:22 -0400919 depends on X86 && 64BIT
Jussi Kivilinna64b94ce2011-09-02 01:45:22 +0300920 select CRYPTO_ALGAPI
921 select CRYPTO_BLOWFISH_COMMON
922 help
923 Blowfish cipher algorithm (x86_64), by Bruce Schneier.
924
925 This is a variable key length cipher which can use keys from 32
926 bits to 448 bits in length. It's fast, simple and specifically
927 designed for use on "large microprocessors".
928
929 See also:
930 <http://www.schneier.com/blowfish.html>
931
Sebastian Siewior584fffc2008-04-05 21:04:48 +0800932config CRYPTO_CAMELLIA
933 tristate "Camellia cipher algorithms"
934 depends on CRYPTO
935 select CRYPTO_ALGAPI
936 help
937 Camellia cipher algorithms module.
938
939 Camellia is a symmetric key block cipher developed jointly
940 at NTT and Mitsubishi Electric Corporation.
941
942 The Camellia specifies three key sizes: 128, 192 and 256 bits.
943
944 See also:
945 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
946
Jussi Kivilinna0b95ec52012-03-05 20:26:47 +0200947config CRYPTO_CAMELLIA_X86_64
948 tristate "Camellia cipher algorithm (x86_64)"
Al Virof21a7c12012-04-08 20:31:22 -0400949 depends on X86 && 64BIT
Jussi Kivilinna0b95ec52012-03-05 20:26:47 +0200950 depends on CRYPTO
951 select CRYPTO_ALGAPI
Jussi Kivilinna964263a2012-06-18 14:07:29 +0300952 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinna0b95ec52012-03-05 20:26:47 +0200953 select CRYPTO_LRW
954 select CRYPTO_XTS
955 help
956 Camellia cipher algorithm module (x86_64).
957
958 Camellia is a symmetric key block cipher developed jointly
959 at NTT and Mitsubishi Electric Corporation.
960
961 The Camellia specifies three key sizes: 128, 192 and 256 bits.
962
963 See also:
964 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
965
Jussi Kivilinnad9b1d2e2012-10-26 14:49:01 +0300966config CRYPTO_CAMELLIA_AESNI_AVX_X86_64
967 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX)"
968 depends on X86 && 64BIT
969 depends on CRYPTO
970 select CRYPTO_ALGAPI
971 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +0200972 select CRYPTO_ABLK_HELPER
Jussi Kivilinnad9b1d2e2012-10-26 14:49:01 +0300973 select CRYPTO_GLUE_HELPER_X86
974 select CRYPTO_CAMELLIA_X86_64
975 select CRYPTO_LRW
976 select CRYPTO_XTS
977 help
978 Camellia cipher algorithm module (x86_64/AES-NI/AVX).
979
980 Camellia is a symmetric key block cipher developed jointly
981 at NTT and Mitsubishi Electric Corporation.
982
983 The Camellia specifies three key sizes: 128, 192 and 256 bits.
984
985 See also:
986 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
987
Jussi Kivilinnaf3f935a2013-04-13 13:47:00 +0300988config CRYPTO_CAMELLIA_AESNI_AVX2_X86_64
989 tristate "Camellia cipher algorithm (x86_64/AES-NI/AVX2)"
990 depends on X86 && 64BIT
991 depends on CRYPTO
992 select CRYPTO_ALGAPI
993 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +0200994 select CRYPTO_ABLK_HELPER
Jussi Kivilinnaf3f935a2013-04-13 13:47:00 +0300995 select CRYPTO_GLUE_HELPER_X86
996 select CRYPTO_CAMELLIA_X86_64
997 select CRYPTO_CAMELLIA_AESNI_AVX_X86_64
998 select CRYPTO_LRW
999 select CRYPTO_XTS
1000 help
1001 Camellia cipher algorithm module (x86_64/AES-NI/AVX2).
1002
1003 Camellia is a symmetric key block cipher developed jointly
1004 at NTT and Mitsubishi Electric Corporation.
1005
1006 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1007
1008 See also:
1009 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1010
David S. Miller81658ad2012-08-28 12:05:54 -07001011config CRYPTO_CAMELLIA_SPARC64
1012 tristate "Camellia cipher algorithm (SPARC64)"
1013 depends on SPARC64
1014 depends on CRYPTO
1015 select CRYPTO_ALGAPI
1016 help
1017 Camellia cipher algorithm module (SPARC64).
1018
1019 Camellia is a symmetric key block cipher developed jointly
1020 at NTT and Mitsubishi Electric Corporation.
1021
1022 The Camellia specifies three key sizes: 128, 192 and 256 bits.
1023
1024 See also:
1025 <https://info.isl.ntt.co.jp/crypt/eng/camellia/index_s.html>
1026
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001027config CRYPTO_CAST_COMMON
1028 tristate
1029 help
1030 Common parts of the CAST cipher algorithms shared by the
1031 generic c and the assembler implementations.
1032
Linus Torvalds1da177e2005-04-16 15:20:36 -07001033config CRYPTO_CAST5
1034 tristate "CAST5 (CAST-128) cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001035 select CRYPTO_ALGAPI
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001036 select CRYPTO_CAST_COMMON
Linus Torvalds1da177e2005-04-16 15:20:36 -07001037 help
1038 The CAST5 encryption algorithm (synonymous with CAST-128) is
1039 described in RFC2144.
1040
Johannes Goetzfried4d6d6a22012-07-11 19:37:37 +02001041config CRYPTO_CAST5_AVX_X86_64
1042 tristate "CAST5 (CAST-128) cipher algorithm (x86_64/AVX)"
1043 depends on X86 && 64BIT
1044 select CRYPTO_ALGAPI
1045 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001046 select CRYPTO_ABLK_HELPER
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001047 select CRYPTO_CAST_COMMON
Johannes Goetzfried4d6d6a22012-07-11 19:37:37 +02001048 select CRYPTO_CAST5
1049 help
1050 The CAST5 encryption algorithm (synonymous with CAST-128) is
1051 described in RFC2144.
1052
1053 This module provides the Cast5 cipher algorithm that processes
1054 sixteen blocks parallel using the AVX instruction set.
1055
Linus Torvalds1da177e2005-04-16 15:20:36 -07001056config CRYPTO_CAST6
1057 tristate "CAST6 (CAST-256) cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001058 select CRYPTO_ALGAPI
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001059 select CRYPTO_CAST_COMMON
Linus Torvalds1da177e2005-04-16 15:20:36 -07001060 help
1061 The CAST6 encryption algorithm (synonymous with CAST-256) is
1062 described in RFC2612.
1063
Johannes Goetzfried4ea12772012-07-11 19:38:57 +02001064config CRYPTO_CAST6_AVX_X86_64
1065 tristate "CAST6 (CAST-256) cipher algorithm (x86_64/AVX)"
1066 depends on X86 && 64BIT
1067 select CRYPTO_ALGAPI
1068 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001069 select CRYPTO_ABLK_HELPER
Johannes Goetzfried4ea12772012-07-11 19:38:57 +02001070 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinna044ab522012-11-13 11:43:14 +02001071 select CRYPTO_CAST_COMMON
Johannes Goetzfried4ea12772012-07-11 19:38:57 +02001072 select CRYPTO_CAST6
1073 select CRYPTO_LRW
1074 select CRYPTO_XTS
1075 help
1076 The CAST6 encryption algorithm (synonymous with CAST-256) is
1077 described in RFC2612.
1078
1079 This module provides the Cast6 cipher algorithm that processes
1080 eight blocks parallel using the AVX instruction set.
1081
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001082config CRYPTO_DES
1083 tristate "DES and Triple DES EDE cipher algorithms"
Herbert Xucce9e062006-08-21 21:08:13 +10001084 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -07001085 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001086 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
Linus Torvalds1da177e2005-04-16 15:20:36 -07001087
David S. Millerc5aac2d2012-08-25 22:37:23 -07001088config CRYPTO_DES_SPARC64
1089 tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
Dave Jones97da37b2012-10-02 17:13:20 -04001090 depends on SPARC64
David S. Millerc5aac2d2012-08-25 22:37:23 -07001091 select CRYPTO_ALGAPI
1092 select CRYPTO_DES
1093 help
1094 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
1095 optimized using SPARC64 crypto opcodes.
1096
Jussi Kivilinna6574e6c2014-06-09 20:59:54 +03001097config CRYPTO_DES3_EDE_X86_64
1098 tristate "Triple DES EDE cipher algorithm (x86-64)"
1099 depends on X86 && 64BIT
1100 select CRYPTO_ALGAPI
1101 select CRYPTO_DES
1102 help
1103 Triple DES EDE (FIPS 46-3) algorithm.
1104
1105 This module provides implementation of the Triple DES EDE cipher
1106 algorithm that is optimized for x86-64 processors. Two versions of
1107 algorithm are provided; regular processing one input block and
1108 one that processes three blocks parallel.
1109
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001110config CRYPTO_FCRYPT
1111 tristate "FCrypt cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001112 select CRYPTO_ALGAPI
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001113 select CRYPTO_BLKCIPHER
Linus Torvalds1da177e2005-04-16 15:20:36 -07001114 help
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001115 FCrypt algorithm used by RxRPC.
Linus Torvalds1da177e2005-04-16 15:20:36 -07001116
1117config CRYPTO_KHAZAD
1118 tristate "Khazad cipher algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001119 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -07001120 help
1121 Khazad cipher algorithm.
1122
1123 Khazad was a finalist in the initial NESSIE competition. It is
1124 an algorithm optimized for 64-bit processors with good performance
1125 on 32-bit processors. Khazad uses an 128 bit key size.
1126
1127 See also:
Justin P. Mattock6d8de742010-09-12 10:42:47 +08001128 <http://www.larc.usp.br/~pbarreto/KhazadPage.html>
Linus Torvalds1da177e2005-04-16 15:20:36 -07001129
Tan Swee Heng2407d602007-11-23 19:45:00 +08001130config CRYPTO_SALSA20
Kees Cook3b4afaf2012-10-02 11:16:49 -07001131 tristate "Salsa20 stream cipher algorithm"
Tan Swee Heng2407d602007-11-23 19:45:00 +08001132 select CRYPTO_BLKCIPHER
1133 help
1134 Salsa20 stream cipher algorithm.
1135
1136 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1137 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1138
1139 The Salsa20 stream cipher algorithm is designed by Daniel J.
1140 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
Linus Torvalds1da177e2005-04-16 15:20:36 -07001141
Tan Swee Heng974e4b72007-12-10 15:52:56 +08001142config CRYPTO_SALSA20_586
Kees Cook3b4afaf2012-10-02 11:16:49 -07001143 tristate "Salsa20 stream cipher algorithm (i586)"
Tan Swee Heng974e4b72007-12-10 15:52:56 +08001144 depends on (X86 || UML_X86) && !64BIT
Tan Swee Heng974e4b72007-12-10 15:52:56 +08001145 select CRYPTO_BLKCIPHER
Tan Swee Heng974e4b72007-12-10 15:52:56 +08001146 help
1147 Salsa20 stream cipher algorithm.
1148
1149 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1150 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1151
1152 The Salsa20 stream cipher algorithm is designed by Daniel J.
1153 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1154
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +08001155config CRYPTO_SALSA20_X86_64
Kees Cook3b4afaf2012-10-02 11:16:49 -07001156 tristate "Salsa20 stream cipher algorithm (x86_64)"
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +08001157 depends on (X86 || UML_X86) && 64BIT
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +08001158 select CRYPTO_BLKCIPHER
Tan Swee Heng9a7dafb2007-12-18 00:04:40 +08001159 help
1160 Salsa20 stream cipher algorithm.
1161
1162 Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT
1163 Stream Cipher Project. See <http://www.ecrypt.eu.org/stream/>
1164
1165 The Salsa20 stream cipher algorithm is designed by Daniel J.
1166 Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
1167
Martin Willic08d0e62015-06-01 13:43:56 +02001168config CRYPTO_CHACHA20
1169 tristate "ChaCha20 cipher algorithm"
1170 select CRYPTO_BLKCIPHER
1171 help
1172 ChaCha20 cipher algorithm, RFC7539.
1173
1174 ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
1175 Bernstein and further specified in RFC7539 for use in IETF protocols.
1176 This is the portable C implementation of ChaCha20.
1177
1178 See also:
1179 <http://cr.yp.to/chacha/chacha-20080128.pdf>
1180
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001181config CRYPTO_SEED
1182 tristate "SEED cipher algorithm"
1183 select CRYPTO_ALGAPI
1184 help
1185 SEED cipher algorithm (RFC4269).
1186
1187 SEED is a 128-bit symmetric key block cipher that has been
1188 developed by KISA (Korea Information Security Agency) as a
1189 national standard encryption algorithm of the Republic of Korea.
1190 It is a 16 round block cipher with the key size of 128 bit.
1191
1192 See also:
1193 <http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp>
1194
1195config CRYPTO_SERPENT
1196 tristate "Serpent cipher algorithm"
1197 select CRYPTO_ALGAPI
1198 help
1199 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1200
1201 Keys are allowed to be from 0 to 256 bits in length, in steps
1202 of 8 bits. Also includes the 'Tnepres' algorithm, a reversed
1203 variant of Serpent for compatibility with old kerneli.org code.
1204
1205 See also:
1206 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1207
Jussi Kivilinna937c30d2011-11-09 16:26:25 +02001208config CRYPTO_SERPENT_SSE2_X86_64
1209 tristate "Serpent cipher algorithm (x86_64/SSE2)"
1210 depends on X86 && 64BIT
1211 select CRYPTO_ALGAPI
Jussi Kivilinna341975b2011-11-24 08:37:41 +02001212 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001213 select CRYPTO_ABLK_HELPER
Jussi Kivilinna596d8752012-06-18 14:07:19 +03001214 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinna937c30d2011-11-09 16:26:25 +02001215 select CRYPTO_SERPENT
Jussi Kivilinnafeaf0cf2011-12-13 12:53:12 +02001216 select CRYPTO_LRW
1217 select CRYPTO_XTS
Jussi Kivilinna937c30d2011-11-09 16:26:25 +02001218 help
1219 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1220
1221 Keys are allowed to be from 0 to 256 bits in length, in steps
1222 of 8 bits.
1223
Masanari Iida1e6232f2015-04-04 00:20:30 +09001224 This module provides Serpent cipher algorithm that processes eight
Jussi Kivilinna937c30d2011-11-09 16:26:25 +02001225 blocks parallel using SSE2 instruction set.
1226
1227 See also:
1228 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1229
Jussi Kivilinna251496d2011-11-09 16:26:31 +02001230config CRYPTO_SERPENT_SSE2_586
1231 tristate "Serpent cipher algorithm (i586/SSE2)"
1232 depends on X86 && !64BIT
1233 select CRYPTO_ALGAPI
Jussi Kivilinna341975b2011-11-24 08:37:41 +02001234 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001235 select CRYPTO_ABLK_HELPER
Jussi Kivilinna596d8752012-06-18 14:07:19 +03001236 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinna251496d2011-11-09 16:26:31 +02001237 select CRYPTO_SERPENT
Jussi Kivilinnafeaf0cf2011-12-13 12:53:12 +02001238 select CRYPTO_LRW
1239 select CRYPTO_XTS
Jussi Kivilinna251496d2011-11-09 16:26:31 +02001240 help
1241 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1242
1243 Keys are allowed to be from 0 to 256 bits in length, in steps
1244 of 8 bits.
1245
1246 This module provides Serpent cipher algorithm that processes four
1247 blocks parallel using SSE2 instruction set.
1248
1249 See also:
1250 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1251
Johannes Goetzfried7efe4072012-06-12 16:47:43 +08001252config CRYPTO_SERPENT_AVX_X86_64
1253 tristate "Serpent cipher algorithm (x86_64/AVX)"
1254 depends on X86 && 64BIT
1255 select CRYPTO_ALGAPI
1256 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001257 select CRYPTO_ABLK_HELPER
Jussi Kivilinna1d0debb2012-06-18 14:07:24 +03001258 select CRYPTO_GLUE_HELPER_X86
Johannes Goetzfried7efe4072012-06-12 16:47:43 +08001259 select CRYPTO_SERPENT
1260 select CRYPTO_LRW
1261 select CRYPTO_XTS
1262 help
1263 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1264
1265 Keys are allowed to be from 0 to 256 bits in length, in steps
1266 of 8 bits.
1267
1268 This module provides the Serpent cipher algorithm that processes
1269 eight blocks parallel using the AVX instruction set.
1270
1271 See also:
1272 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1273
Jussi Kivilinna56d76c92013-04-13 13:46:55 +03001274config CRYPTO_SERPENT_AVX2_X86_64
1275 tristate "Serpent cipher algorithm (x86_64/AVX2)"
1276 depends on X86 && 64BIT
1277 select CRYPTO_ALGAPI
1278 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001279 select CRYPTO_ABLK_HELPER
Jussi Kivilinna56d76c92013-04-13 13:46:55 +03001280 select CRYPTO_GLUE_HELPER_X86
1281 select CRYPTO_SERPENT
1282 select CRYPTO_SERPENT_AVX_X86_64
1283 select CRYPTO_LRW
1284 select CRYPTO_XTS
1285 help
1286 Serpent cipher algorithm, by Anderson, Biham & Knudsen.
1287
1288 Keys are allowed to be from 0 to 256 bits in length, in steps
1289 of 8 bits.
1290
1291 This module provides Serpent cipher algorithm that processes 16
1292 blocks parallel using AVX2 instruction set.
1293
1294 See also:
1295 <http://www.cl.cam.ac.uk/~rja14/serpent.html>
1296
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001297config CRYPTO_TEA
1298 tristate "TEA, XTEA and XETA cipher algorithms"
1299 select CRYPTO_ALGAPI
1300 help
1301 TEA cipher algorithm.
1302
1303 Tiny Encryption Algorithm is a simple cipher that uses
1304 many rounds for security. It is very fast and uses
1305 little memory.
1306
1307 Xtendend Tiny Encryption Algorithm is a modification to
1308 the TEA algorithm to address a potential key weakness
1309 in the TEA algorithm.
1310
1311 Xtendend Encryption Tiny Algorithm is a mis-implementation
1312 of the XTEA algorithm for compatibility purposes.
1313
1314config CRYPTO_TWOFISH
1315 tristate "Twofish cipher algorithm"
1316 select CRYPTO_ALGAPI
1317 select CRYPTO_TWOFISH_COMMON
1318 help
1319 Twofish cipher algorithm.
1320
1321 Twofish was submitted as an AES (Advanced Encryption Standard)
1322 candidate cipher by researchers at CounterPane Systems. It is a
1323 16 round block cipher supporting key sizes of 128, 192, and 256
1324 bits.
1325
1326 See also:
1327 <http://www.schneier.com/twofish.html>
1328
1329config CRYPTO_TWOFISH_COMMON
1330 tristate
1331 help
1332 Common parts of the Twofish cipher algorithm shared by the
1333 generic c and the assembler implementations.
1334
1335config CRYPTO_TWOFISH_586
1336 tristate "Twofish cipher algorithms (i586)"
1337 depends on (X86 || UML_X86) && !64BIT
1338 select CRYPTO_ALGAPI
1339 select CRYPTO_TWOFISH_COMMON
1340 help
1341 Twofish cipher algorithm.
1342
1343 Twofish was submitted as an AES (Advanced Encryption Standard)
1344 candidate cipher by researchers at CounterPane Systems. It is a
1345 16 round block cipher supporting key sizes of 128, 192, and 256
1346 bits.
1347
1348 See also:
1349 <http://www.schneier.com/twofish.html>
1350
1351config CRYPTO_TWOFISH_X86_64
1352 tristate "Twofish cipher algorithm (x86_64)"
1353 depends on (X86 || UML_X86) && 64BIT
1354 select CRYPTO_ALGAPI
1355 select CRYPTO_TWOFISH_COMMON
1356 help
1357 Twofish cipher algorithm (x86_64).
1358
1359 Twofish was submitted as an AES (Advanced Encryption Standard)
1360 candidate cipher by researchers at CounterPane Systems. It is a
1361 16 round block cipher supporting key sizes of 128, 192, and 256
1362 bits.
1363
1364 See also:
1365 <http://www.schneier.com/twofish.html>
1366
Jussi Kivilinna8280daa2011-09-26 16:47:25 +03001367config CRYPTO_TWOFISH_X86_64_3WAY
1368 tristate "Twofish cipher algorithm (x86_64, 3-way parallel)"
Al Virof21a7c12012-04-08 20:31:22 -04001369 depends on X86 && 64BIT
Jussi Kivilinna8280daa2011-09-26 16:47:25 +03001370 select CRYPTO_ALGAPI
1371 select CRYPTO_TWOFISH_COMMON
1372 select CRYPTO_TWOFISH_X86_64
Jussi Kivilinna414cb5e2012-06-18 14:07:34 +03001373 select CRYPTO_GLUE_HELPER_X86
Jussi Kivilinnae7cda5d2011-12-13 12:53:01 +02001374 select CRYPTO_LRW
1375 select CRYPTO_XTS
Jussi Kivilinna8280daa2011-09-26 16:47:25 +03001376 help
1377 Twofish cipher algorithm (x86_64, 3-way parallel).
1378
1379 Twofish was submitted as an AES (Advanced Encryption Standard)
1380 candidate cipher by researchers at CounterPane Systems. It is a
1381 16 round block cipher supporting key sizes of 128, 192, and 256
1382 bits.
1383
1384 This module provides Twofish cipher algorithm that processes three
1385 blocks parallel, utilizing resources of out-of-order CPUs better.
1386
1387 See also:
1388 <http://www.schneier.com/twofish.html>
1389
Johannes Goetzfried107778b2012-05-28 15:54:24 +02001390config CRYPTO_TWOFISH_AVX_X86_64
1391 tristate "Twofish cipher algorithm (x86_64/AVX)"
1392 depends on X86 && 64BIT
1393 select CRYPTO_ALGAPI
1394 select CRYPTO_CRYPTD
Ard Biesheuvel801201a2013-09-20 09:55:41 +02001395 select CRYPTO_ABLK_HELPER
Jussi Kivilinnaa7378d42012-06-18 14:07:39 +03001396 select CRYPTO_GLUE_HELPER_X86
Johannes Goetzfried107778b2012-05-28 15:54:24 +02001397 select CRYPTO_TWOFISH_COMMON
1398 select CRYPTO_TWOFISH_X86_64
1399 select CRYPTO_TWOFISH_X86_64_3WAY
1400 select CRYPTO_LRW
1401 select CRYPTO_XTS
1402 help
1403 Twofish cipher algorithm (x86_64/AVX).
1404
1405 Twofish was submitted as an AES (Advanced Encryption Standard)
1406 candidate cipher by researchers at CounterPane Systems. It is a
1407 16 round block cipher supporting key sizes of 128, 192, and 256
1408 bits.
1409
1410 This module provides the Twofish cipher algorithm that processes
1411 eight blocks parallel using the AVX Instruction Set.
1412
1413 See also:
1414 <http://www.schneier.com/twofish.html>
1415
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001416comment "Compression"
1417
Linus Torvalds1da177e2005-04-16 15:20:36 -07001418config CRYPTO_DEFLATE
1419 tristate "Deflate compression algorithm"
Herbert Xucce9e062006-08-21 21:08:13 +10001420 select CRYPTO_ALGAPI
Linus Torvalds1da177e2005-04-16 15:20:36 -07001421 select ZLIB_INFLATE
1422 select ZLIB_DEFLATE
1423 help
1424 This is the Deflate algorithm (RFC1951), specified for use in
1425 IPSec with the IPCOMP protocol (RFC3173, RFC2394).
Sebastian Siewior584fffc2008-04-05 21:04:48 +08001426
Linus Torvalds1da177e2005-04-16 15:20:36 -07001427 You will most probably want this if using IPSec.
1428
Geert Uytterhoevenbf68e652009-03-04 15:15:49 +08001429config CRYPTO_ZLIB
1430 tristate "Zlib compression algorithm"
1431 select CRYPTO_PCOMP
1432 select ZLIB_INFLATE
1433 select ZLIB_DEFLATE
1434 select NLATTR
1435 help
1436 This is the zlib algorithm.
1437
Zoltan Sogor0b77abb2007-12-07 16:53:23 +08001438config CRYPTO_LZO
1439 tristate "LZO compression algorithm"
1440 select CRYPTO_ALGAPI
1441 select LZO_COMPRESS
1442 select LZO_DECOMPRESS
1443 help
1444 This is the LZO algorithm.
1445
Seth Jennings35a1fc12012-07-19 09:42:41 -05001446config CRYPTO_842
1447 tristate "842 compression algorithm"
Dan Streetman2062c5b2015-05-07 13:49:15 -04001448 select CRYPTO_ALGAPI
1449 select 842_COMPRESS
1450 select 842_DECOMPRESS
Seth Jennings35a1fc12012-07-19 09:42:41 -05001451 help
1452 This is the 842 algorithm.
1453
Chanho Min0ea85302013-07-08 16:01:51 -07001454config CRYPTO_LZ4
1455 tristate "LZ4 compression algorithm"
1456 select CRYPTO_ALGAPI
1457 select LZ4_COMPRESS
1458 select LZ4_DECOMPRESS
1459 help
1460 This is the LZ4 algorithm.
1461
1462config CRYPTO_LZ4HC
1463 tristate "LZ4HC compression algorithm"
1464 select CRYPTO_ALGAPI
1465 select LZ4HC_COMPRESS
1466 select LZ4_DECOMPRESS
1467 help
1468 This is the LZ4 high compression mode algorithm.
1469
Neil Horman17f0f4a2008-08-14 22:15:52 +10001470comment "Random Number Generation"
1471
1472config CRYPTO_ANSI_CPRNG
1473 tristate "Pseudo Random Number Generation for Cryptographic modules"
Neil Horman4e4ed832009-08-20 17:54:16 +10001474 default m
Neil Horman17f0f4a2008-08-14 22:15:52 +10001475 select CRYPTO_AES
1476 select CRYPTO_RNG
Neil Horman17f0f4a2008-08-14 22:15:52 +10001477 help
1478 This option enables the generic pseudo random number generator
1479 for cryptographic modules. Uses the Algorithm specified in
Jiri Kosina7dd607e2010-01-27 01:00:10 +01001480 ANSI X9.31 A.2.4. Note that this option must be enabled if
1481 CRYPTO_FIPS is selected
Neil Horman17f0f4a2008-08-14 22:15:52 +10001482
Herbert Xuf2c89a12014-07-04 22:15:08 +08001483menuconfig CRYPTO_DRBG_MENU
Stephan Mueller419090c2014-05-31 17:22:31 +02001484 tristate "NIST SP800-90A DRBG"
Stephan Mueller419090c2014-05-31 17:22:31 +02001485 help
1486 NIST SP800-90A compliant DRBG. In the following submenu, one or
1487 more of the DRBG types must be selected.
1488
Herbert Xuf2c89a12014-07-04 22:15:08 +08001489if CRYPTO_DRBG_MENU
Stephan Mueller419090c2014-05-31 17:22:31 +02001490
1491config CRYPTO_DRBG_HMAC
1492 bool "Enable HMAC DRBG"
1493 default y
Stephan Mueller419090c2014-05-31 17:22:31 +02001494 select CRYPTO_HMAC
1495 help
1496 Enable the HMAC DRBG variant as defined in NIST SP800-90A.
1497
1498config CRYPTO_DRBG_HASH
1499 bool "Enable Hash DRBG"
Stephan Mueller419090c2014-05-31 17:22:31 +02001500 select CRYPTO_HASH
1501 help
1502 Enable the Hash DRBG variant as defined in NIST SP800-90A.
1503
1504config CRYPTO_DRBG_CTR
1505 bool "Enable CTR DRBG"
Stephan Mueller419090c2014-05-31 17:22:31 +02001506 select CRYPTO_AES
1507 help
1508 Enable the CTR DRBG variant as defined in NIST SP800-90A.
1509
Herbert Xuf2c89a12014-07-04 22:15:08 +08001510config CRYPTO_DRBG
1511 tristate
1512 default CRYPTO_DRBG_MENU if (CRYPTO_DRBG_HMAC || CRYPTO_DRBG_HASH || CRYPTO_DRBG_CTR)
1513 select CRYPTO_RNG
Stephan Muellerbb5530e2015-05-25 15:10:20 +02001514 select CRYPTO_JITTERENTROPY
Herbert Xuf2c89a12014-07-04 22:15:08 +08001515
1516endif # if CRYPTO_DRBG_MENU
Stephan Mueller419090c2014-05-31 17:22:31 +02001517
Stephan Muellerbb5530e2015-05-25 15:10:20 +02001518config CRYPTO_JITTERENTROPY
1519 tristate "Jitterentropy Non-Deterministic Random Number Generator"
1520 help
1521 The Jitterentropy RNG is a noise that is intended
1522 to provide seed to another RNG. The RNG does not
1523 perform any cryptographic whitening of the generated
1524 random numbers. This Jitterentropy RNG registers with
1525 the kernel crypto API and can be used by any caller.
1526
Herbert Xu03c8efc2010-10-19 21:12:39 +08001527config CRYPTO_USER_API
1528 tristate
1529
Herbert Xufe869cd2010-10-19 21:23:00 +08001530config CRYPTO_USER_API_HASH
1531 tristate "User-space interface for hash algorithms"
Herbert Xu74517082010-11-29 22:56:03 +08001532 depends on NET
Herbert Xufe869cd2010-10-19 21:23:00 +08001533 select CRYPTO_HASH
1534 select CRYPTO_USER_API
1535 help
1536 This option enables the user-spaces interface for hash
1537 algorithms.
1538
Herbert Xu8ff59092010-10-19 21:31:55 +08001539config CRYPTO_USER_API_SKCIPHER
1540 tristate "User-space interface for symmetric key cipher algorithms"
Herbert Xu74517082010-11-29 22:56:03 +08001541 depends on NET
Herbert Xu8ff59092010-10-19 21:31:55 +08001542 select CRYPTO_BLKCIPHER
1543 select CRYPTO_USER_API
1544 help
1545 This option enables the user-spaces interface for symmetric
1546 key cipher algorithms.
1547
Stephan Mueller2f3755382014-12-25 23:00:39 +01001548config CRYPTO_USER_API_RNG
1549 tristate "User-space interface for random number generator algorithms"
1550 depends on NET
1551 select CRYPTO_RNG
1552 select CRYPTO_USER_API
1553 help
1554 This option enables the user-spaces interface for random
1555 number generator algorithms.
1556
Herbert Xub64a2d92015-05-28 11:30:35 +08001557config CRYPTO_USER_API_AEAD
1558 tristate "User-space interface for AEAD cipher algorithms"
1559 depends on NET
1560 select CRYPTO_AEAD
1561 select CRYPTO_USER_API
1562 help
1563 This option enables the user-spaces interface for AEAD
1564 cipher algorithms.
1565
Dmitry Kasatkinee089972013-05-06 15:40:01 +03001566config CRYPTO_HASH_INFO
1567 bool
1568
Linus Torvalds1da177e2005-04-16 15:20:36 -07001569source "drivers/crypto/Kconfig"
David Howells964f3b32012-09-13 15:17:21 +01001570source crypto/asymmetric_keys/Kconfig
Linus Torvalds1da177e2005-04-16 15:20:36 -07001571
Herbert Xucce9e062006-08-21 21:08:13 +10001572endif # if CRYPTO